Blame - README.rst - salt-formulas/neutron

blob: 2c126781098591b570d4d2a560f2145ed7bebd4b [file] [log] [blame]

OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1	=====
				2	Usage
				3	=====
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	4
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	5	Neutron is an OpenStack project to provide networking as a service between
Jakub Pavlik	9ecf026	2016-05-20 11:20:58 +0200	[diff] [blame]	6	interface devices (e.g., vNICs) managed by other Openstack services (e.g.,
				7	nova).
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	8
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	9	Starting with the Folsom release, Neutron is a core and supported part of the
				10	OpenStack platform (for Essex, we were an incubated project, which means use
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	11	is suggested only for those who really know what they're doing with Neutron).
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	12
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	13	Sample Pillars
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	14	==============
				15
				16	Neutron Server on the controller node
				17
				18	.. code-block:: yaml
				19
				20	neutron:
				21	server:
				22	enabled: true
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	23	version: mitaka
Swann Croiset	9407daf	2017-02-02 15:27:56 +0100	[diff] [blame]	24	allow_pagination: true
				25	pagination_max_limit: 100
Mykyta Karpin	253406d	2017-12-08 17:01:37 +0200	[diff] [blame]	26	api_workers: 2
				27	rpc_workers: 2
				28	rpc_state_report_workers: 2
Michael Polenchuk	1ff8865	2018-03-06 16:15:57 +0400	[diff] [blame]	29	root_helper_daemon: false
Michael Polenchuk	2151b27	2018-06-19 18:32:31 +0400	[diff] [blame]	30	dhcp_lease_duration: 600
Michael Polenchuk	cece76d	2018-06-21 14:56:17 +0400	[diff] [blame]	31	firewall_driver: iptables_hybrid
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	32	bind:
				33	address: 172.20.0.1
				34	port: 9696
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	35	database:
				36	engine: mysql
				37	host: 127.0.0.1
				38	port: 3306
				39	name: neutron
				40	user: neutron
				41	password: pwd
				42	identity:
				43	engine: keystone
				44	host: 127.0.0.1
				45	port: 35357
				46	user: neutron
				47	password: pwd
				48	tenant: service
Dennis Dmitriev	3711472	2017-03-06 16:52:26 +0200	[diff] [blame]	49	endpoint_type: internal
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	50	message_queue:
				51	engine: rabbitmq
				52	host: 127.0.0.1
				53	port: 5672
				54	user: openstack
				55	password: pwd
				56	virtual_host: '/openstack'
				57	metadata:
				58	host: 127.0.0.1
				59	port: 8775
				60	password: pass
Mykyta Karpin	253406d	2017-12-08 17:01:37 +0200	[diff] [blame]	61	workers: 2
Petr Michalec	61f7ab2	2016-11-29 16:29:09 +0100	[diff] [blame]	62	audit:
				63	enabled: false
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	64
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	65	.. note:: The pagination is useful to retrieve a large bunch of resources,
				66	because a single request may fail (timeout). This is enabled with both
				67	parameters allow_pagination and pagination_max_limit as shown above.
Swann Croiset	9407daf	2017-02-02 15:27:56 +0100	[diff] [blame]	68
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	69	Configuration of policy.json file:
Dmitry Ukov	596ddcf	2017-05-04 18:16:16 +0400	[diff] [blame]	70
				71	.. code-block:: yaml
				72
				73	neutron:
				74	server:
				75	....
				76	policy:
				77	create_subnet: 'rule:admin_or_network_owner'
				78	'get_network:queue_id': 'rule:admin_only'
				79	# Add key without value to remove line from policy.json
				80	'create_network:shared':
				81
Elena Ezhova	cd67cfe	2017-06-16 23:35:07 +0400	[diff] [blame]	82	Neutron LBaaSv2 enablement
				83	--------------------------
Ondrej Smola	314eee2	2017-03-08 21:21:16 +0100	[diff] [blame]	84
				85	.. code-block:: yaml
				86
				87	neutron:
				88	server:
				89	lbaas:
				90	enabled: true
				91	providers:
Elena Ezhova	cd67cfe	2017-06-16 23:35:07 +0400	[diff] [blame]	92	octavia:
				93	engine: octavia
				94	driver_path: 'neutron_lbaas.drivers.octavia.driver.OctaviaDriver'
				95	base_url: 'http://127.0.0.1:9876'
Ondrej Smola	314eee2	2017-03-08 21:21:16 +0100	[diff] [blame]	96	avi_adc:
Ondrej Smola	314eee2	2017-03-08 21:21:16 +0100	[diff] [blame]	97	engine: avinetworks
Elena Ezhova	cd67cfe	2017-06-16 23:35:07 +0400	[diff] [blame]	98	driver_path: 'avi_lbaasv2.avi_driver.AviDriver'
Ondrej Smola	314eee2	2017-03-08 21:21:16 +0100	[diff] [blame]	99	controller_address: 10.182.129.239
				100	controller_user: admin
				101	controller_password: Cloudlab2016
				102	controller_cloud_name: Default-Cloud
				103	avi_adc2:
				104	engine: avinetworks
				105	...
				106
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	107	.. note:: If the Contrail backend is set, Opencontrail loadbalancer
				108	would be enabled automatically. In this case lbaas should disabled
				109	in pillar:
Ondrej Smola	314eee2	2017-03-08 21:21:16 +0100	[diff] [blame]	110
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	111	.. code-block:: yaml
Ondrej Smola	314eee2	2017-03-08 21:21:16 +0100	[diff] [blame]	112
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	113	neutron:
				114	server:
				115	lbaas:
				116	enabled: false
Elena Ezhova	166d401	2017-08-17 12:53:52 +0400	[diff] [blame]	117
				118	Neutron FWaaSv1 enablement
				119	--------------------------
				120
				121	.. code-block:: yaml
				122
				123	neutron:
				124	fwaas:
				125	enabled: true
				126	version: ocata
				127	api_version: v1
				128
				129
Ondrej Smola	12ff819	2017-04-28 12:39:11 +0200	[diff] [blame]	130	Enable CORS parameters
Elena Ezhova	166d401	2017-08-17 12:53:52 +0400	[diff] [blame]	131	----------------------
Ondrej Smola	12ff819	2017-04-28 12:39:11 +0200	[diff] [blame]	132
				133	.. code-block:: yaml
				134
				135	neutron:
				136	server:
				137	cors:
				138	allowed_origin: https:localhost.local,http:localhost.local
				139	expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
				140	allow_methods: GET,PUT,POST,DELETE,PATCH
				141	allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
				142	allow_credentials: True
				143	max_age: 86400
				144
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	145	Neutron VXLAN tenant networks with Network nodes
				146	------------------------------------------------
Swann Croiset	9407daf	2017-02-02 15:27:56 +0100	[diff] [blame]	147
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	148	With DVR for East-West and Network node for North-South.
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	149
				150	This use case describes a model utilising VxLAN overlay with DVR. The DVR
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	151	routers will only be utilized for traffic that is router within the cloud
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	152	infrastructure and that remains encapsulated. External traffic will be
				153	routed to via the network nodes.
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	154
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	155	The intention is that each tenant will require at least two (2) vrouters
				156	one to be utilised
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	157
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	158	Neutron Server:
marco	a4428a3	2016-06-10 11:50:16 +0200	[diff] [blame]	159
				160	.. code-block:: yaml
				161
				162	neutron:
				163	server:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	164	version: mitaka
Dmitry Stremkouski	3c1be3e	2017-11-18 11:04:20 +0300	[diff] [blame]	165	path_mtu: 1500
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	166	bind:
				167	address: 172.20.0.1
				168	port: 9696
				169	database:
				170	engine: mysql
				171	host: 127.0.0.1
				172	port: 3306
				173	name: neutron
				174	user: neutron
				175	password: pwd
				176	identity:
				177	engine: keystone
				178	host: 127.0.0.1
				179	port: 35357
				180	user: neutron
				181	password: pwd
				182	tenant: service
Dennis Dmitriev	3711472	2017-03-06 16:52:26 +0200	[diff] [blame]	183	endpoint_type: internal
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	184	message_queue:
				185	engine: rabbitmq
				186	host: 127.0.0.1
				187	port: 5672
				188	user: openstack
				189	password: pwd
				190	virtual_host: '/openstack'
				191	global_physnet_mtu: 9000
				192	l3_ha: False # Which type of router will be created by default
				193	dvr: True # disabled for non DVR use case
				194	backend:
				195	engine: ml2
				196	tenant_network_types: "flat,vxlan"
				197	external_mtu: 9000
				198	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	199	ovs:
				200	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	201
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	202	Network Node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	203
				204	.. code-block:: yaml
				205
				206	neutron:
				207	gateway:
				208	enabled: True
				209	version: mitaka
Michael Polenchuk	2151b27	2018-06-19 18:32:31 +0400	[diff] [blame]	210	dhcp_lease_duration: 600
Michael Polenchuk	cece76d	2018-06-21 14:56:17 +0400	[diff] [blame]	211	firewall_driver: iptables_hybrid
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	212	message_queue:
				213	engine: rabbitmq
				214	host: 127.0.0.1
				215	port: 5672
				216	user: openstack
				217	password: pwd
				218	virtual_host: '/openstack'
				219	local_ip: 192.168.20.20 # br-mesh ip address
				220	dvr: True # disabled for non DVR use case
				221	agent_mode: dvr_snat
				222	metadata:
				223	host: 127.0.0.1
				224	password: pass
				225	backend:
				226	engine: ml2
				227	tenant_network_types: "flat,vxlan"
				228	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	229	ovs:
				230	driver: openvswitch
Vasyl Saienko	4bd2d92	2018-07-27 09:56:38 +0000	[diff] [blame]	231	agents:
				232	dhcp:
				233	ovs_use_veth: False
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	234
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	235	Compute Node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	236
				237	.. code-block:: yaml
				238
				239	neutron:
				240	compute:
				241	enabled: True
				242	version: mitaka
				243	message_queue:
				244	engine: rabbitmq
				245	host: 127.0.0.1
				246	port: 5672
				247	user: openstack
				248	password: pwd
				249	virtual_host: '/openstack'
				250	local_ip: 192.168.20.20 # br-mesh ip address
				251	dvr: True # disabled for non DVR use case
				252	agent_mode: dvr
				253	external_access: false # Compute node with DVR for east-west only, Network Node has True as default
				254	metadata:
				255	host: 127.0.0.1
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	256	password: pass
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	257	backend:
				258	engine: ml2
				259	tenant_network_types: "flat,vxlan"
				260	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	261	ovs:
				262	driver: openvswitch
Petr Michalec	61f7ab2	2016-11-29 16:29:09 +0100	[diff] [blame]	263	audit:
				264	enabled: false
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	265
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	266
Dmitry Stremkouski	a3a4ab4	2017-10-23 17:37:12 +0300	[diff] [blame]	267	Disable physnet1 bridge
				268	-----------------------
				269
				270	By default we have external access turned on, so among any physnets in
				271	your reclass there would be additional one: physnet1, which is mapped to
				272	br-floating
				273
				274	If you need internal nets only without this bridge, remove br-floating
				275	and configurations mappings. Disable mappings for this bridge on
				276	neutron-servers:
				277
				278	.. code-block:: yaml
				279
				280	neutron:
				281	server:
				282	external_access: false
				283
				284	gateways:
				285
				286	.. code-block:: yaml
				287
				288	neutron:
				289	gateway:
				290	external_access: false
				291
				292	compute nodes:
				293
				294	.. code-block:: yaml
				295
				296	neutron:
				297	compute:
				298	external_access: false
				299
				300
Marcin Iwinski	c50137a	2018-01-22 14:18:24 +0100	[diff] [blame]	301	Add additional bridge mappings for OVS bridges
				302	----------------------------------------------
				303
				304	By default we have external access turned on, so among any physnets in
				305	your reclass there would be additional one: physnet1, which is mapped to
				306	br-floating
				307
				308	If you need to add extra non-default bridge mappings they can be defined
				309	separately for both gateways and compute nodes:
				310
				311	gateways:
				312
				313	.. code-block:: yaml
				314
				315	neutron:
				316	gateway:
				317	bridge_mappings:
				318	physnet4: br-floating-internet
				319
				320	compute nodes:
				321
				322	.. code-block:: yaml
				323
				324	neutron:
				325	compute:
				326	bridge_mappings:
				327	physnet4: br-floating-internet
				328
				329
Dmitry Stremkouski	4b41022	2017-11-18 11:29:55 +0300	[diff] [blame]	330	Specify different mtu values for different physnets
				331	---------------------------------------------------
				332
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	333	Neutron Server:
Dmitry Stremkouski	4b41022	2017-11-18 11:29:55 +0300	[diff] [blame]	334
				335	.. code-block:: yaml
				336
				337	neutron:
				338	server:
				339	version: mitaka
				340	backend:
				341	external_mtu: 1500
				342	tenant_net_mtu: 9000
				343	ironic_net_mtu: 9000
				344
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	345	Neutron VXLAN tenant networks with Network Nodes (non DVR)
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	346	----------------------------------------------------------
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	347
				348	This section describes a network solution that utilises VxLAN overlay
				349	networks without DVR with all routers being managed on the network nodes.
				350
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	351	Neutron Server:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	352
				353	.. code-block:: yaml
				354
				355	neutron:
				356	server:
				357	version: mitaka
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	358	bind:
				359	address: 172.20.0.1
				360	port: 9696
				361	database:
				362	engine: mysql
				363	host: 127.0.0.1
				364	port: 3306
				365	name: neutron
				366	user: neutron
				367	password: pwd
				368	identity:
				369	engine: keystone
				370	host: 127.0.0.1
				371	port: 35357
				372	user: neutron
				373	password: pwd
				374	tenant: service
Dennis Dmitriev	3711472	2017-03-06 16:52:26 +0200	[diff] [blame]	375	endpoint_type: internal
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	376	message_queue:
				377	engine: rabbitmq
				378	host: 127.0.0.1
				379	port: 5672
				380	user: openstack
				381	password: pwd
				382	virtual_host: '/openstack'
				383	global_physnet_mtu: 9000
				384	l3_ha: True
				385	dvr: False
				386	backend:
				387	engine: ml2
				388	tenant_network_types= "flat,vxlan"
				389	external_mtu: 9000
				390	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	391	ovs:
				392	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	393
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	394	Network Node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	395
				396	.. code-block:: yaml
				397
				398	neutron:
				399	gateway:
				400	enabled: True
				401	version: mitaka
				402	message_queue:
				403	engine: rabbitmq
				404	host: 127.0.0.1
				405	port: 5672
				406	user: openstack
				407	password: pwd
				408	virtual_host: '/openstack'
				409	local_ip: 192.168.20.20 # br-mesh ip address
				410	dvr: False
				411	agent_mode: legacy
Simon Pasquier	c03af11	2017-04-10 10:35:14 +0200	[diff] [blame]	412	availability_zone: az1
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	413	metadata:
				414	host: 127.0.0.1
				415	password: pass
				416	backend:
				417	engine: ml2
				418	tenant_network_types: "flat,vxlan"
				419	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	420	ovs:
				421	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	422
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	423	Compute Node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	424
				425	.. code-block:: yaml
				426
				427	neutron:
				428	compute:
				429	enabled: True
				430	version: mitaka
				431	message_queue:
				432	engine: rabbitmq
				433	host: 127.0.0.1
				434	port: 5672
				435	user: openstack
				436	password: pwd
				437	virtual_host: '/openstack'
				438	local_ip: 192.168.20.20 # br-mesh ip address
				439	external_access: False
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	440	dvr: False
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	441	backend:
				442	engine: ml2
				443	tenant_network_types: "flat,vxlan"
				444	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	445	ovs:
				446	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	447
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	448	Neutron VXLAN tenant networks with Network Nodes with DVR
				449	---------------------------------------------------------
				450
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	451	With DVR for East-West and North-South, DVR everywhere, Network
				452	node for SNAT.
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	453
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	454	This section describes a network solution that utilises VxLAN
				455	overlay networks with DVR with North-South and East-West. Network
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	456	Node is used only for SNAT.
				457
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	458	Neutron Server:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	459
				460	.. code-block:: yaml
				461
				462	neutron:
				463	server:
				464	version: mitaka
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	465	bind:
				466	address: 172.20.0.1
				467	port: 9696
				468	database:
				469	engine: mysql
				470	host: 127.0.0.1
				471	port: 3306
				472	name: neutron
				473	user: neutron
				474	password: pwd
				475	identity:
				476	engine: keystone
				477	host: 127.0.0.1
				478	port: 35357
				479	user: neutron
				480	password: pwd
				481	tenant: service
Dennis Dmitriev	3711472	2017-03-06 16:52:26 +0200	[diff] [blame]	482	endpoint_type: internal
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	483	message_queue:
				484	engine: rabbitmq
				485	host: 127.0.0.1
				486	port: 5672
				487	user: openstack
				488	password: pwd
				489	virtual_host: '/openstack'
				490	global_physnet_mtu: 9000
				491	l3_ha: False
				492	dvr: True
				493	backend:
				494	engine: ml2
				495	tenant_network_types= "flat,vxlan"
				496	external_mtu: 9000
				497	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	498	ovs:
				499	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	500
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	501	Network Node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	502
				503	.. code-block:: yaml
				504
				505	neutron:
				506	gateway:
				507	enabled: True
				508	version: mitaka
				509	message_queue:
				510	engine: rabbitmq
				511	host: 127.0.0.1
				512	port: 5672
				513	user: openstack
				514	password: pwd
				515	virtual_host: '/openstack'
				516	local_ip: 192.168.20.20 # br-mesh ip address
				517	dvr: True
				518	agent_mode: dvr_snat
Simon Pasquier	c03af11	2017-04-10 10:35:14 +0200	[diff] [blame]	519	availability_zone: az1
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	520	metadata:
				521	host: 127.0.0.1
				522	password: pass
				523	backend:
				524	engine: ml2
				525	tenant_network_types: "flat,vxlan"
				526	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	527	ovs:
				528	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	529
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	530	Compute Node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	531
				532	.. code-block:: yaml
				533
				534	neutron:
				535	compute:
				536	enabled: True
				537	version: mitaka
				538	message_queue:
				539	engine: rabbitmq
				540	host: 127.0.0.1
				541	port: 5672
				542	user: openstack
				543	password: pwd
				544	virtual_host: '/openstack'
				545	local_ip: 192.168.20.20 # br-mesh ip address
				546	dvr: True
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	547	external_access: True
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	548	agent_mode: dvr
Simon Pasquier	c03af11	2017-04-10 10:35:14 +0200	[diff] [blame]	549	availability_zone: az1
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	550	metadata:
				551	host: 127.0.0.1
				552	password: pass
				553	backend:
				554	engine: ml2
				555	tenant_network_types: "flat,vxlan"
				556	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	557	ovs:
				558	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	559
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	560	Sample Linux network configuration for DVR:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	561
				562	.. code-block:: yaml
				563
				564	linux:
				565	network:
				566	bridge: openvswitch
				567	interface:
				568	eth1:
				569	enabled: true
				570	type: eth
				571	mtu: 9000
				572	proto: manual
				573	eth2:
				574	enabled: true
				575	type: eth
				576	mtu: 9000
				577	proto: manual
				578	eth3:
				579	enabled: true
				580	type: eth
				581	mtu: 9000
				582	proto: manual
				583	br-int:
				584	enabled: true
				585	mtu: 9000
				586	type: ovs_bridge
				587	br-floating:
				588	enabled: true
				589	mtu: 9000
				590	type: ovs_bridge
				591	float-to-ex:
				592	enabled: true
				593	type: ovs_port
				594	mtu: 65000
				595	bridge: br-floating
				596	br-mgmt:
				597	enabled: true
				598	type: bridge
				599	mtu: 9000
				600	address: ${_param:single_address}
				601	netmask: 255.255.255.0
				602	use_interfaces:
				603	- eth1
				604	br-mesh:
				605	enabled: true
				606	type: bridge
				607	mtu: 9000
				608	address: ${_param:tenant_address}
				609	netmask: 255.255.255.0
				610	use_interfaces:
				611	- eth2
				612	br-ex:
				613	enabled: true
				614	type: bridge
				615	mtu: 9000
				616	address: ${_param:external_address}
				617	netmask: 255.255.255.0
				618	use_interfaces:
				619	- eth3
				620	use_ovs_ports:
				621	- float-to-ex
				622
Thom Gerdes	3282d07	2017-05-30 22:06:04 +0000	[diff] [blame]	623	Additonal VXLAN tenant network settings
				624	---------------------------------------
				625
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	626	The default multicast group of ``224.0.0.1`` only multicasts
				627	to a single subnet. Allow overriding it to allow larger underlay
				628	network topologies.
Thom Gerdes	3282d07	2017-05-30 22:06:04 +0000	[diff] [blame]	629
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	630	Neutron Server:
Thom Gerdes	3282d07	2017-05-30 22:06:04 +0000	[diff] [blame]	631
				632	.. code-block:: yaml
				633
				634	neutron:
				635	server:
				636	vxlan:
				637	group: 239.0.0.0/8
				638	vni_ranges: "2:65535"
				639
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	640	Neutron VLAN tenant networks with Network Nodes
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	641	-----------------------------------------------
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	642
				643	VLAN tenant provider
				644
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	645	Neutron Server only:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	646
				647	.. code-block:: yaml
				648
				649	neutron:
				650	server:
				651	version: mitaka
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	652	...
				653	global_physnet_mtu: 9000
				654	l3_ha: False
				655	dvr: True
				656	backend:
				657	engine: ml2
				658	tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
				659	tenant_vlan_range: "1000:2000"
				660	external_vlan_range: "100:200" # Does not have to be defined.
				661	external_mtu: 9000
				662	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	663	ovs:
				664	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	665
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	666	Compute node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	667
				668	.. code-block:: yaml
				669
				670	neutron:
				671	compute:
				672	version: mitaka
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	673	...
				674	dvr: True
				675	agent_mode: dvr
				676	external_access: False
				677	backend:
				678	engine: ml2
				679	tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
				680	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	681	ovs:
				682	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	683
Oleg Bondarev	ddb9af1	2018-07-02 19:07:57 +0400	[diff] [blame]	684	Neutron with explicit physical networks
				685	---------------------------------------
Oleg Bondarev	ada324f	2018-06-04 14:55:38 +0400	[diff] [blame]	686
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	687	Neutron Server only:
Oleg Bondarev	ada324f	2018-06-04 14:55:38 +0400	[diff] [blame]	688
				689	.. code-block:: yaml
				690
				691	neutron:
				692	server:
				693	version: ocata
				694	...
				695	backend:
				696	engine: ml2
				697	tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
				698	...
Oleg Bondarev	ddb9af1	2018-07-02 19:07:57 +0400	[diff] [blame]	699	# also need to configure corresponding bridge_mappings on
Oleg Bondarev	ada324f	2018-06-04 14:55:38 +0400	[diff] [blame]	700	# compute and gateway nodes
Oleg Bondarev	47d9e2d	2018-07-03 13:22:26 +0400	[diff] [blame]	701	flat_networks_default: '' # '' to allow arbitrary names or '' to disable
Oleg Bondarev	ddb9af1	2018-07-02 19:07:57 +0400	[diff] [blame]	702	physnets: # only listed physnets will be configured (overrides physnet1/2/3)
				703	external:
				704	mtu: 1500
Oleg Bondarev	47d9e2d	2018-07-03 13:22:26 +0400	[diff] [blame]	705	types:
				706	- flat # possible values - 'flat' or 'vlan'
Oleg Bondarev	ada324f	2018-06-04 14:55:38 +0400	[diff] [blame]	707	sriov_net:
				708	mtu: 9000 # Optional, defaults to 1500
				709	vlan_range: '100:200' # Optional
Oleg Bondarev	47d9e2d	2018-07-03 13:22:26 +0400	[diff] [blame]	710	types:
				711	- vlan
Oleg Bondarev	ada324f	2018-06-04 14:55:38 +0400	[diff] [blame]	712	ext_net2:
				713	mtu: 1500
Oleg Bondarev	47d9e2d	2018-07-03 13:22:26 +0400	[diff] [blame]	714	types:
				715	- flat
				716	- vlan
Oleg Bondarev	ada324f	2018-06-04 14:55:38 +0400	[diff] [blame]	717	mechanism:
				718	ovs:
				719	driver: openvswitch
				720
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	721	Advanced Neutron Features (DPDK, SR-IOV)
Oleg Bondarev	0575ae4	2017-07-28 16:36:25 +0400	[diff] [blame]	722	----------------------------------------
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	723
Jakub Pavlik	8f83ccc	2017-02-27 11:15:39 +0100	[diff] [blame]	724	Neutron OVS DPDK
Jakub Pavlik	8f83ccc	2017-02-27 11:15:39 +0100	[diff] [blame]	725
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	726	Enable datapath netdev for neutron openvswitch agent:
Jakub Pavlik	8f83ccc	2017-02-27 11:15:39 +0100	[diff] [blame]	727
				728	.. code-block:: yaml
				729
				730	neutron:
				731	server:
				732	version: mitaka
				733	...
				734	dpdk: True
				735	...
				736
				737	neutron:
				738	compute:
				739	version: mitaka
Jakub Pavlik	8f83ccc	2017-02-27 11:15:39 +0100	[diff] [blame]	740	dpdk: True
Michael Polenchuk	5291165	2018-04-12 22:09:49 +0400	[diff] [blame]	741	vhost_mode: client # options: client\|server (default)
Oleg Bondarev	ee7e830	2017-10-16 17:20:38 +0400	[diff] [blame]	742	vhost_socket_dir: /var/run/openvswitch
Jakub Pavlik	8f83ccc	2017-02-27 11:15:39 +0100	[diff] [blame]	743	backend:
				744	engine: ml2
				745	...
				746	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	747	ovs:
				748	driver: openvswitch
Jakub Pavlik	8f83ccc	2017-02-27 11:15:39 +0100	[diff] [blame]	749
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	750	Neutron OVS SR-IOV:
Jakub Pavlik	70555cb	2017-02-26 18:48:02 +0100	[diff] [blame]	751
				752	.. code-block:: yaml
				753
				754	neutron:
				755	server:
				756	version: mitaka
Jakub Pavlik	70555cb	2017-02-26 18:48:02 +0100	[diff] [blame]	757	backend:
				758	engine: ml2
				759	...
				760	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	761	ovs:
				762	driver: openvswitch
				763	sriov:
				764	driver: sriovnicswitch
Michael Polenchuk	0bf59a7	2018-06-19 18:06:56 +0400	[diff] [blame]	765	# Driver w/ highest number will be placed ahead in the list (default is 0).
				766	# It's recommended for SR-IOV driver to set an order >0 to get it
				767	# before (for example) the opendaylight one.
				768	order: 9
Jakub Pavlik	70555cb	2017-02-26 18:48:02 +0100	[diff] [blame]	769
				770	neutron:
				771	compute:
				772	version: mitaka
Jakub Pavlik	70555cb	2017-02-26 18:48:02 +0100	[diff] [blame]	773	...
				774	backend:
				775	engine: ml2
				776	tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
				777	sriov:
				778	nic_one:
				779	devname: eth1
				780	physical_network: physnet3
				781	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	782	ovs:
				783	driver: openvswitch
Jakub Pavlik	70555cb	2017-02-26 18:48:02 +0100	[diff] [blame]	784
Ilya Chukhnakov	f4c2bb3	2017-06-08 02:03:15 +0300	[diff] [blame]	785	Neutron with VLAN-aware-VMs
Oleg Bondarev	0575ae4	2017-07-28 16:36:25 +0400	[diff] [blame]	786	---------------------------
Ilya Chukhnakov	f4c2bb3	2017-06-08 02:03:15 +0300	[diff] [blame]	787
				788	.. code-block:: yaml
				789
				790	neutron:
				791	server:
				792	vlan_aware_vms: true
				793	....
				794	compute:
				795	vlan_aware_vms: true
				796	....
				797	gateway:
				798	vlan_aware_vms: true
				799
Oleg Bondarev	acb2e53	2018-03-06 10:43:59 +0400	[diff] [blame]	800	Neutron with BGP VPN (BaGPipe driver)
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	801	-------------------------------------
Oleg Bondarev	b63d27f	2018-02-14 19:21:06 +0400	[diff] [blame]	802
				803	.. code-block:: yaml
				804
				805	neutron:
				806	server:
				807	version: pike
				808	bgp_vpn:
Oleg Bondarev	acb2e53	2018-03-06 10:43:59 +0400	[diff] [blame]	809	enabled: true
Michael Polenchuk	0b3c5dd	2018-06-27 12:04:32 +0400	[diff] [blame]	810	driver: bagpipe # Options: bagpipe/opencontrail/opendaylight[_v2]
Oleg Bondarev	b63d27f	2018-02-14 19:21:06 +0400	[diff] [blame]	811	....
				812	compute:
				813	version: pike
				814	bgp_vpn:
Oleg Bondarev	acb2e53	2018-03-06 10:43:59 +0400	[diff] [blame]	815	enabled: true
Michael Polenchuk	0b3c5dd	2018-06-27 12:04:32 +0400	[diff] [blame]	816	driver: bagpipe # Options: bagpipe/opencontrail/opendaylight[_v2]
Oleg Bondarev	acb2e53	2018-03-06 10:43:59 +0400	[diff] [blame]	817	bagpipe:
				818	local_address: 192.168.20.20 # IP address for mpls/gre tunnels
				819	peers: 192.168.20.30 # IP addresses of BGP peers
				820	autonomous_system: 64512 # Autonomous System number
				821	enable_rtc: True # Enable RT Constraint (RFC4684)
Oleg Bondarev	b63d27f	2018-02-14 19:21:06 +0400	[diff] [blame]	822	backend:
Oleg Bondarev	878ac46	2018-04-23 17:48:15 +0400	[diff] [blame]	823	ovs_extension: # for OVS agent only, not supported in SRIOV agent
Oleg Bondarev	b63d27f	2018-02-14 19:21:06 +0400	[diff] [blame]	824	bagpipe_bgpvpn:
				825	enabled: True
				826
Oleksii Chupryn	16cb4e0	2018-02-26 14:20:39 +0200	[diff] [blame]	827	Neutron with DHCP agent on compute node
				828	---------------------------------------
				829
				830	.. code-block:: yaml
				831
				832	neutron:
				833	....
				834	compute:
				835	dhcp_agent_enabled: true
				836	....
				837
Oleg Bondarev	0575ae4	2017-07-28 16:36:25 +0400	[diff] [blame]	838	Neutron with OVN
				839	----------------
				840
				841	Control node:
				842
				843	.. code-block:: yaml
				844
				845	neutron:
				846	server:
				847	backend:
				848	engine: ovn
				849	mechanism:
				850	ovn:
				851	driver: ovn
				852	tenant_network_types: "geneve,flat"
Michael Polenchuk	f59229b	2018-06-19 16:24:49 +0400	[diff] [blame]	853	ovn:
				854	ovn_l3_scheduler: leastloaded # valid options: chance, leastloaded
				855	neutron_sync_mode: repair # valid options: log, off, repair
Michael Polenchuk	a3d492b	2017-12-27 15:49:43 +0400	[diff] [blame]	856	ovn_ctl_opts:
				857	db-nb-create-insecure-remote: 'yes'
				858	db-sb-create-insecure-remote: 'yes'
Oleg Bondarev	0575ae4	2017-07-28 16:36:25 +0400	[diff] [blame]	859
				860	Compute node:
				861
				862	.. code-block:: yaml
				863
				864	neutron:
				865	compute:
				866	local_ip: 10.2.0.105
				867	controller_vip: 10.1.0.101
				868	external_access: false
				869	backend:
				870	engine: ovn
				871
Michael Polenchuk	cccd1a5	2018-02-02 17:41:16 +0400	[diff] [blame]	872	Neutron L2 Gateway
				873	----------------
				874
				875	Control node:
				876
				877	.. code-block:: yaml
				878
				879	neutron:
				880	server:
				881	version: pike
				882	l2gw:
				883	enabled: true
				884	periodic_monitoring_interval: 5
				885	quota_l2_gateway: 20
				886	# service_provider=<service_type>:<name>:<driver>[:default]
				887	service_provider: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default
				888	backend:
				889	engine: ml2
				890
				891	Network/Gateway node:
				892
				893	.. code-block:: yaml
				894
				895	neutron:
				896	gateway:
				897	version: pike
				898	l2gw:
				899	enabled: true
				900	debug: true
				901	socket_timeout: 20
				902	ovsdb_hosts:
				903	# <ovsdb_name>: <ip address>:<port>
				904	# - ovsdb_name: a user defined symbolic identifier of physical switch
				905	# - ip address: the address or dns name for the OVSDB server (i.e. pointer to the switch)
				906	ovsdb1: 10.164.5.33:6632
				907	ovsdb2: 10.164.4.33:6632
				908
				909
Michael Polenchuk	87d2b74	2017-06-29 12:05:25 +0400	[diff] [blame]	910	OpenDaylight integration
				911	------------------------
				912
				913	Control node:
				914
				915	.. code-block:: yaml
				916
				917	neutron:
				918	server:
				919	backend:
				920	opendaylight: true
				921	router: odl-router_v2
				922	host: 10.20.0.77
				923	rest_api_port: 8282
				924	user: admin
				925	password: admin
				926	ovsdb_connection: tcp:127.0.0.1:6639
Oleksii Chupryn	fed7957	2018-07-20 14:11:35 +0300	[diff] [blame]	927	ovsdb_interface: native
Michael Polenchuk	87d2b74	2017-06-29 12:05:25 +0400	[diff] [blame]	928	enable_websocket: true
				929	enable_dhcp_service: false
				930	mechanism:
				931	ovs:
				932	driver: opendaylight_v2
Michael Polenchuk	0bf59a7	2018-06-19 18:06:56 +0400	[diff] [blame]	933	order: 1
Michael Polenchuk	87d2b74	2017-06-29 12:05:25 +0400	[diff] [blame]	934
				935	Network/Gateway node:
				936
				937	.. code-block:: yaml
				938
				939	neutron:
				940	gateway:
				941	backend:
				942	router: odl-router_v2
				943	ovsdb_connection: tcp:127.0.0.1:6639
Oleksii Chupryn	fed7957	2018-07-20 14:11:35 +0300	[diff] [blame]	944	ovsdb_interface: native
Michael Polenchuk	87d2b74	2017-06-29 12:05:25 +0400	[diff] [blame]	945	opendaylight:
				946	ovsdb_server_iface: ptcp:6639:127.0.0.1
				947	ovsdb_odl_iface: tcp:10.20.0.77:6640
				948	tunnel_ip: 10.1.0.110
				949	provider_mappings: physnet1:br-floating
				950
				951	Compute node:
				952
				953	.. code-block:: yaml
				954
				955	neutron:
				956	compute:
				957	opendaylight:
				958	ovsdb_server_iface: ptcp:6639:127.0.0.1
				959	ovsdb_odl_iface: tcp:10.20.0.77:6640
				960	tunnel_ip: 10.1.0.105
				961	provider_mappings: physnet1:br-floating
				962
				963
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	964	Neutron Server
				965	--------------
				966
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	967	Neutron Server with OpenContrail:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	968
				969	.. code-block:: yaml
				970
				971	neutron:
				972	server:
marco	a4428a3	2016-06-10 11:50:16 +0200	[diff] [blame]	973	backend:
				974	engine: contrail
				975	host: contrail_discovery_host
				976	port: 8082
				977	user: admin
				978	password: password
				979	tenant: admin
				980	token: token
				981
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	982	Neutron Server with Midonet:
marco	a4428a3	2016-06-10 11:50:16 +0200	[diff] [blame]	983
				984	.. code-block:: yaml
				985
				986	neutron:
				987	server:
				988	backend:
				989	engine: midonet
				990	host: midonet_api_host
				991	port: 8181
				992	user: admin
				993	password: password
				994
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	995	Neutron Server with NSX:
Vasyl Saienko	4549efe	2018-07-26 16:06:04 +0000	[diff] [blame]	996
				997	.. code-block:: yaml
				998
				999	neutron:
				1000	server:
				1001	backend:
				1002	engine: vmware
				1003	core_plugin: vmware_nsxv3
				1004	vmware:
				1005	nsx:
				1006	extension_drivers:
				1007	- vmware_nsxv3_dns
				1008	v3:
				1009	api_password: nsx_password
				1010	api_user: nsx_username
				1011	api_managers:
				1012	01:
				1013	scheme: https
				1014	host: 192.168.10.120
				1015	port: '443'
				1016	insecure: true
				1017
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1018	Neutron Keystone region:
Jakub Pavlik	6dd5c0a	2016-03-09 14:18:15 +0100	[diff] [blame]	1019
				1020	.. code-block:: yaml
				1021
				1022	neutron:
				1023	server:
				1024	enabled: true
				1025	version: kilo
				1026	...
				1027	identity:
				1028	region: RegionTwo
				1029	...
				1030	compute:
				1031	region: RegionTwo
				1032	...
				1033
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1034	Client-side RabbitMQ HA setup:
Jiri Konecny	93b1999	2016-04-12 11:15:39 +0200	[diff] [blame]	1035
				1036	.. code-block:: yaml
				1037
				1038	neutron:
				1039	server:
				1040	....
				1041	message_queue:
				1042	engine: rabbitmq
				1043	members:
				1044	- host: 10.0.16.1
				1045	- host: 10.0.16.2
				1046	- host: 10.0.16.3
				1047	user: openstack
				1048	password: pwd
				1049	virtual_host: '/openstack'
				1050	....
				1051
Kirill Bespalov	dd748b6	2017-11-21 10:42:57 +0300	[diff] [blame]	1052	Configuring TLS communications
				1053	------------------------------
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1054
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1055	.. note:: By default, system-wide installed CA certs are used,
				1056	so ``cacert_file`` param is optional, as well as ``cacert``.
Kirill Bespalov	dd748b6	2017-11-21 10:42:57 +0300	[diff] [blame]	1057
				1058	- RabbitMQ TLS
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1059
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1060	.. code-block:: yaml
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1061
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1062	neutron:
				1063	server, gateway, compute:
				1064	message_queue:
				1065	port: 5671
				1066	ssl:
				1067	enabled: True
				1068	(optional) cacert: cert body if the cacert_file does not exists
				1069	(optional) cacert_file: /etc/openstack/rabbitmq-ca.pem
				1070	(optional) version: TLSv1_2
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1071
Kirill Bespalov	dd748b6	2017-11-21 10:42:57 +0300	[diff] [blame]	1072	- MySQL TLS
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1073
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1074	.. code-block:: yaml
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1075
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1076	neutron:
				1077	server:
				1078	database:
				1079	ssl:
				1080	enabled: True
				1081	(optional) cacert: cert body if the cacert_file does not exists
				1082	(optional) cacert_file: /etc/openstack/mysql-ca.pem
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1083
Kirill Bespalov	dd748b6	2017-11-21 10:42:57 +0300	[diff] [blame]	1084	- Openstack HTTPS API
				1085
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1086	.. code-block:: yaml
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1087
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1088	neutron:
				1089	server:
				1090	identity:
				1091	protocol: https
				1092	(optional) cacert_file: /etc/openstack/proxy.pem
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1093
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1094	Enable auditing filter, ie: CADF:
Petr Michalec	61f7ab2	2016-11-29 16:29:09 +0100	[diff] [blame]	1095
				1096	.. code-block:: yaml
				1097
				1098	neutron:
				1099	server:
				1100	audit:
				1101	enabled: true
				1102	....
				1103	filter_factory: 'keystonemiddleware.audit:filter_factory'
				1104	map_file: '/etc/pycadf/neutron_api_audit_map.conf'
				1105	....
				1106	compute:
				1107	audit:
				1108	enabled: true
				1109	....
				1110	filter_factory: 'keystonemiddleware.audit:filter_factory'
				1111	map_file: '/etc/pycadf/neutron_api_audit_map.conf'
				1112	....
Jiri Konecny	93b1999	2016-04-12 11:15:39 +0200	[diff] [blame]	1113
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1114	Neutron with security groups disabled:
Oleg Bondarev	98870a3	2017-05-29 16:53:19 +0400	[diff] [blame]	1115
				1116	.. code-block:: yaml
				1117
				1118	neutron:
				1119	server:
				1120	security_groups_enabled: False
				1121	....
				1122	compute:
				1123	security_groups_enabled: False
				1124	....
				1125	gateway:
				1126	security_groups_enabled: False
				1127
Jiri Konecny	93b1999	2016-04-12 11:15:39 +0200	[diff] [blame]	1128
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	1129	Neutron Client
				1130	--------------
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1131
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1132	Neutron networks:
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1133
				1134	.. code-block:: yaml
				1135
				1136	neutron:
				1137	client:
				1138	enabled: true
				1139	server:
				1140	identity:
Richard Felkl	aac256a	2017-03-23 15:43:49 +0100	[diff] [blame]	1141	endpoint_type: internalURL
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1142	network:
				1143	inet1:
				1144	tenant: demo
				1145	shared: False
				1146	admin_state_up: True
				1147	router_external: True
				1148	provider_physical_network: inet
				1149	provider_network_type: flat
				1150	provider_segmentation_id: 2
				1151	subnet:
				1152	inet1-subnet1:
				1153	cidr: 192.168.90.0/24
				1154	enable_dhcp: False
				1155	inet2:
				1156	tenant: admin
				1157	shared: False
				1158	router_external: True
				1159	provider_network_type: "vlan"
				1160	subnet:
				1161	inet2-subnet1:
				1162	cidr: 192.168.92.0/24
				1163	enable_dhcp: False
				1164	inet2-subnet2:
				1165	cidr: 192.168.94.0/24
				1166	enable_dhcp: True
				1167	identity1:
				1168	network:
				1169	...
				1170
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1171	Neutron routers:
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1172
				1173	.. code-block:: yaml
				1174
				1175	neutron:
				1176	client:
				1177	enabled: true
				1178	server:
				1179	identity:
Richard Felkl	aac256a	2017-03-23 15:43:49 +0100	[diff] [blame]	1180	endpoint_type: internalURL
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1181	router:
				1182	inet1-router:
				1183	tenant: demo
				1184	admin_state_up: True
				1185	gateway_network: inet
				1186	interfaces:
				1187	- inet1-subnet1
				1188	- inet1-subnet2
				1189	identity1:
				1190	router:
				1191	...
				1192
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1193	.. TODO implement adding new interfaces to a router while updating it
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1194
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1195	Neutron security groups:
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1196
				1197	.. code-block:: yaml
				1198
				1199	neutron:
				1200	client:
				1201	enabled: true
				1202	server:
				1203	identity:
Richard Felkl	aac256a	2017-03-23 15:43:49 +0100	[diff] [blame]	1204	endpoint_type: internalURL
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1205	security_group:
				1206	security_group1:
				1207	tenant: demo
				1208	description: security group 1
				1209	rules:
				1210	- direction: ingress
				1211	ethertype: IPv4
				1212	protocol: TCP
				1213	port_range_min: 1
				1214	port_range_max: 65535
				1215	remote_ip_prefix: 0.0.0.0/0
				1216	- direction: ingress
				1217	ethertype: IPv4
				1218	protocol: UDP
				1219	port_range_min: 1
				1220	port_range_max: 65535
				1221	remote_ip_prefix: 0.0.0.0/0
				1222	- direction: ingress
				1223	protocol: ICMP
				1224	remote_ip_prefix: 0.0.0.0/0
				1225	identity1:
				1226	security_group:
				1227	...
				1228
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1229	.. TODO: implement updating existing security rules (now it adds new rule if
				1230	trying to update existing one)
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1231
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1232	Floating IP addresses:
Jiri Broulik	de2e290	2017-02-13 15:03:47 +0100	[diff] [blame]	1233
				1234	.. code-block:: yaml
				1235
				1236	neutron:
				1237	client:
				1238	enabled: true
				1239	server:
				1240	identity:
Richard Felkl	aac256a	2017-03-23 15:43:49 +0100	[diff] [blame]	1241	endpoint_type: internalURL
Jiri Broulik	de2e290	2017-02-13 15:03:47 +0100	[diff] [blame]	1242	floating_ip:
				1243	prx01-instance:
				1244	server: prx01.mk22-lab-basic.local
				1245	subnet: private-subnet1
				1246	network: public-net1
				1247	tenant: demo
				1248	gtw01-instance:
				1249	...
				1250
				1251	.. note:: The network must have flag router:external set to True.
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1252	Instance port in the stated subnet will be associated
				1253	with the dynamically generated floating IP.
Oleg Iurchenko	de71cc2	2017-09-18 17:58:56 +0300	[diff] [blame]	1254
				1255	Enable Neutron extensions (QoS, DNS, etc.)
				1256	------------------------------------------
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1257
Oleg Iurchenko	de71cc2	2017-09-18 17:58:56 +0300	[diff] [blame]	1258	.. code-block:: yaml
				1259
				1260	neutron:
				1261	server:
				1262	backend:
				1263	extension:
Oleg Iurchenko	ac17f4f	2017-10-06 11:24:27 +0300	[diff] [blame]	1264	dns:
				1265	enabled: True
				1266	host: 127.0.0.1
				1267	port: 9001
				1268	protocol: http
				1269	....
				1270	qos
				1271	enabled: True
Oleg Iurchenko	de71cc2	2017-09-18 17:58:56 +0300	[diff] [blame]	1272
Oleg Bondarev	878ac46	2018-04-23 17:48:15 +0400	[diff] [blame]	1273	Different Neutron extensions for different agents
				1274	-------------------------------------------------
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1275
Oleg Bondarev	878ac46	2018-04-23 17:48:15 +0400	[diff] [blame]	1276	.. code-block:: yaml
				1277
				1278	neutron:
				1279	server:
				1280	backend:
				1281	extension: # common extensions for OVS and SRIOV agents
				1282	dns:
				1283	enabled: True
				1284	...
				1285	qos
				1286	enabled: True
				1287	ovs_extension: # OVS specific extensions
				1288	bagpipe_bgpvpn:
				1289	enabled: True
				1290	sriov_extension: # SRIOV specific extensions
				1291	dummy:
				1292	enabled: True
Oleg Iurchenko	de71cc2	2017-09-18 17:58:56 +0300	[diff] [blame]	1293
Oleg Iurchenko	8cf6cf5	2017-09-18 15:44:03 +0300	[diff] [blame]	1294	Neutron with Designate
				1295	-----------------------------------------
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1296
Oleg Iurchenko	8cf6cf5	2017-09-18 15:44:03 +0300	[diff] [blame]	1297	.. code-block:: yaml
				1298
				1299	neutron:
				1300	server:
				1301	backend:
				1302	extension:
				1303	dns:
				1304	enabled: True
				1305	host: 127.0.0.1
				1306	port: 9001
				1307	protocol: http
				1308
Marek Celoud	67ce206	2018-01-31 13:44:55 +0100	[diff] [blame]	1309	Enable RBAC for OpenContrail engine
				1310	-----------------------------------
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1311
Marek Celoud	67ce206	2018-01-31 13:44:55 +0100	[diff] [blame]	1312	.. code-block:: yaml
				1313
				1314	neutron:
				1315	server:
				1316	backend:
				1317	engine: contrail
				1318	rbac:
				1319	enabled: True
Oleg Iurchenko	8cf6cf5	2017-09-18 15:44:03 +0300	[diff] [blame]	1320
Dmitry Kalashnik	35dd0e0	2017-12-07 14:16:25 +0400	[diff] [blame]	1321	Enhanced logging with logging.conf
				1322	----------------------------------
				1323
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1324	By default ``logging.conf`` is disabled.
Dmitry Kalashnik	35dd0e0	2017-12-07 14:16:25 +0400	[diff] [blame]	1325
				1326	That is possible to enable per-binary logging.conf with new variables:
Dmitry Kalashnik	35dd0e0	2017-12-07 14:16:25 +0400	[diff] [blame]	1327
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1328	* ``openstack_log_appender``
				1329	Set to true to enable ``log_config_append`` for all OpenStack services
				1330
				1331	* ``openstack_fluentd_handler_enabled``
				1332	Set to true to enable FluentHandler for all Openstack services
				1333
				1334	* ``openstack_ossyslog_handler_enabled``
				1335	Set to true to enable OSSysLogHandler for all Openstack services.
				1336
				1337	Only ``WatchedFileHandler``, ``OSSysLogHandler``, and ``FluentHandler``
				1338	are available.
Dmitry Kalashnik	35dd0e0	2017-12-07 14:16:25 +0400	[diff] [blame]	1339
				1340	Also it is possible to configure this with pillar:
				1341
				1342	.. code-block:: yaml
				1343
				1344	neutron:
				1345	server:
				1346	logging:
				1347	log_appender: true
				1348	log_handlers:
				1349	watchedfile:
				1350	enabled: true
				1351	fluentd:
				1352	enabled: true
Oleksii Chupryn	156c5f4	2018-02-07 10:06:50 +0200	[diff] [blame]	1353	ossyslog:
				1354	enabled: true
Dmitry Kalashnik	35dd0e0	2017-12-07 14:16:25 +0400	[diff] [blame]	1355	....
				1356	compute:
				1357	logging:
				1358	log_appender: true
				1359	log_handlers:
				1360	watchedfile:
				1361	enabled: true
				1362	fluentd:
				1363	enabled: true
Oleksii Chupryn	156c5f4	2018-02-07 10:06:50 +0200	[diff] [blame]	1364	ossyslog:
				1365	enabled: true
Dmitry Kalashnik	35dd0e0	2017-12-07 14:16:25 +0400	[diff] [blame]	1366	....
				1367	gateway:
				1368	logging:
				1369	log_appender: true
				1370	log_handlers:
				1371	watchedfile:
				1372	enabled: true
				1373	fluentd:
				1374	enabled: true
Oleksii Chupryn	156c5f4	2018-02-07 10:06:50 +0200	[diff] [blame]	1375	ossyslog:
				1376	enabled: true
Oleg Iurchenko	8cf6cf5	2017-09-18 15:44:03 +0300	[diff] [blame]	1377
Oleksii Grudev	fe73ee5	2018-05-14 14:08:11 +0300	[diff] [blame]	1378	Logging levels pillar example:
				1379
				1380	.. code-block:: yaml
				1381
				1382	neutron:
				1383	server:
				1384	logging:
				1385	log_appender: true
				1386	loggers:
				1387	root:
				1388	level: 'DEBUG'
				1389	neutron:
				1390	level: 'DEBUG'
				1391	amqplib:
				1392	level: 'DEBUG'
				1393	sqlalchemy:
				1394	level: 'DEBUG'
				1395	boto:
				1396	level: 'DEBUG'
				1397	suds:
				1398	level: 'DEBUG'
				1399	eventletwsgi:
				1400	level: 'DEBUG'
				1401	......
				1402
Filip Pytloun	20c0a44	2017-02-02 13:05:13 +0100	[diff] [blame]	1403	Documentation and Bugs
				1404	======================
				1405
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1406	* http://salt-formulas.readthedocs.io/
				1407	Learn how to install and update salt-formulas
Filip Pytloun	20c0a44	2017-02-02 13:05:13 +0100	[diff] [blame]	1408
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1409	* https://github.com/salt-formulas/salt-formula-neutron/issues
				1410	In the unfortunate event that bugs are discovered, report the issue to the
				1411	appropriate issue tracker. Use the Github issue tracker for a specific salt
				1412	formula
Filip Pytloun	20c0a44	2017-02-02 13:05:13 +0100	[diff] [blame]	1413
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1414	* https://launchpad.net/salt-formulas
				1415	For feature requests, bug reports, or blueprints affecting the entire
				1416	ecosystem, use the Launchpad salt-formulas project
Filip Pytloun	20c0a44	2017-02-02 13:05:13 +0100	[diff] [blame]	1417
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1418	* https://launchpad.net/~salt-formulas-users
				1419	Join the salt-formulas-users team and subscribe to mailing list if required
Filip Pytloun	20c0a44	2017-02-02 13:05:13 +0100	[diff] [blame]	1420
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1421	* https://github.com/salt-formulas/salt-formula-neutron
				1422	Develop the salt-formulas projects in the master branch and then submit pull
				1423	requests against a specific formula
Filip Pytloun	20c0a44	2017-02-02 13:05:13 +0100	[diff] [blame]	1424
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1425	* #salt-formulas @ irc.freenode.net
				1426	Use this IRC channel in case of any questions or feedback which is always
				1427	welcome
Filip Pytloun	20c0a44	2017-02-02 13:05:13 +0100	[diff] [blame]	1428