blob: d3a64ae9624c6354467b501f87cc95d5adbb2580 [file] [log] [blame]
Aleš Komárek41e82312017-04-11 13:37:44 +02001===============
2Neutron Formula
3===============
Filip Pytlouncd028e42015-10-06 16:28:32 +02004
Jakub Pavlik9ecf0262016-05-20 11:20:58 +02005Neutron is an OpenStack project to provide "networking as a service" between
6interface devices (e.g., vNICs) managed by other Openstack services (e.g.,
7nova).
Filip Pytlouncd028e42015-10-06 16:28:32 +02008
Jakub Pavlik9ecf0262016-05-20 11:20:58 +02009Starting in the Folsom release, Neutron is a core and supported part of the
10OpenStack platform (for Essex, we were an "incubated" project, which means use
11is suggested only for those who really know what they're doing with Neutron).
Filip Pytlouncd028e42015-10-06 16:28:32 +020012
Aleš Komárek41e82312017-04-11 13:37:44 +020013Sample Pillars
Filip Pytlouncd028e42015-10-06 16:28:32 +020014==============
15
16Neutron Server on the controller node
17
18.. code-block:: yaml
19
20 neutron:
21 server:
22 enabled: true
Jiri Broulik74f61112016-11-21 20:23:47 +010023 version: mitaka
Swann Croiset9407daf2017-02-02 15:27:56 +010024 allow_pagination: true
25 pagination_max_limit: 100
Filip Pytlouncd028e42015-10-06 16:28:32 +020026 bind:
27 address: 172.20.0.1
28 port: 9696
Filip Pytlouncd028e42015-10-06 16:28:32 +020029 database:
30 engine: mysql
31 host: 127.0.0.1
32 port: 3306
33 name: neutron
34 user: neutron
35 password: pwd
36 identity:
37 engine: keystone
38 host: 127.0.0.1
39 port: 35357
40 user: neutron
41 password: pwd
42 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +020043 endpoint_type: internal
Filip Pytlouncd028e42015-10-06 16:28:32 +020044 message_queue:
45 engine: rabbitmq
46 host: 127.0.0.1
47 port: 5672
48 user: openstack
49 password: pwd
50 virtual_host: '/openstack'
51 metadata:
52 host: 127.0.0.1
53 port: 8775
54 password: pass
Petr Michalec61f7ab22016-11-29 16:29:09 +010055 audit:
56 enabled: false
Filip Pytlouncd028e42015-10-06 16:28:32 +020057
Swann Croiset9407daf2017-02-02 15:27:56 +010058Note: The pagination is useful to retrieve a large bunch of resources,
59because a single request may fail (timeout). This is enabled with both
60parameters *allow_pagination* and *pagination_max_limit* as shown above.
61
Dmitry Ukov596ddcf2017-05-04 18:16:16 +040062
63Configuration of policy.json file
64
65.. code-block:: yaml
66
67 neutron:
68 server:
69 ....
70 policy:
71 create_subnet: 'rule:admin_or_network_owner'
72 'get_network:queue_id': 'rule:admin_only'
73 # Add key without value to remove line from policy.json
74 'create_network:shared':
75
Ondrej Smola314eee22017-03-08 21:21:16 +010076Neutron lbaas provides on the controller node
77
78.. code-block:: yaml
79
80 neutron:
81 server:
82 lbaas:
83 enabled: true
84 providers:
85 avi_adc:
86 enabled: true
87 engine: avinetworks
88 controller_address: 10.182.129.239
89 controller_user: admin
90 controller_password: Cloudlab2016
91 controller_cloud_name: Default-Cloud
92 avi_adc2:
93 engine: avinetworks
94 ...
95
Aleš Komárek41e82312017-04-11 13:37:44 +020096Note: If you want contrail lbaas then backend is only required. Lbaas in
97pillar should be define only if it should be disabled.
Ondrej Smola314eee22017-03-08 21:21:16 +010098
99.. code-block:: yaml
100
101 neutron:
102 server:
103 lbaas:
104 enabled: disabled
105
Ondrej Smola12ff8192017-04-28 12:39:11 +0200106Enable CORS parameters
107
108.. code-block:: yaml
109
110 neutron:
111 server:
112 cors:
113 allowed_origin: https:localhost.local,http:localhost.local
114 expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
115 allow_methods: GET,PUT,POST,DELETE,PATCH
116 allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
117 allow_credentials: True
118 max_age: 86400
119
120
Aleš Komárek41e82312017-04-11 13:37:44 +0200121Neutron VXLAN tenant networks with Network nodes
122------------------------------------------------
Swann Croiset9407daf2017-02-02 15:27:56 +0100123
Aleš Komárek41e82312017-04-11 13:37:44 +0200124With DVR for East-West and Network node for North-South.
Jiri Broulik74f61112016-11-21 20:23:47 +0100125
126This use case describes a model utilising VxLAN overlay with DVR. The DVR
Aleš Komárek41e82312017-04-11 13:37:44 +0200127routers will only be utilized for traffic that is router within the cloud
128infrastructure and that remains encapsulated. External traffic will be
129routed to via the network nodes.
Jiri Broulik74f61112016-11-21 20:23:47 +0100130
131The intention is that each tenant will require at least two (2) vrouters
132one to be utilised
133
Aleš Komárek41e82312017-04-11 13:37:44 +0200134Neutron Server
marcoa4428a32016-06-10 11:50:16 +0200135
136.. code-block:: yaml
137
138 neutron:
139 server:
Jiri Broulik74f61112016-11-21 20:23:47 +0100140 version: mitaka
141 plugin: ml2
142 bind:
143 address: 172.20.0.1
144 port: 9696
145 database:
146 engine: mysql
147 host: 127.0.0.1
148 port: 3306
149 name: neutron
150 user: neutron
151 password: pwd
152 identity:
153 engine: keystone
154 host: 127.0.0.1
155 port: 35357
156 user: neutron
157 password: pwd
158 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200159 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100160 message_queue:
161 engine: rabbitmq
162 host: 127.0.0.1
163 port: 5672
164 user: openstack
165 password: pwd
166 virtual_host: '/openstack'
167 global_physnet_mtu: 9000
168 l3_ha: False # Which type of router will be created by default
169 dvr: True # disabled for non DVR use case
170 backend:
171 engine: ml2
172 tenant_network_types: "flat,vxlan"
173 external_mtu: 9000
174 mechanism:
175 ovs:
176 driver: openvswitch
177
Aleš Komárek41e82312017-04-11 13:37:44 +0200178Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100179
180.. code-block:: yaml
181
182 neutron:
183 gateway:
184 enabled: True
185 version: mitaka
186 message_queue:
187 engine: rabbitmq
188 host: 127.0.0.1
189 port: 5672
190 user: openstack
191 password: pwd
192 virtual_host: '/openstack'
193 local_ip: 192.168.20.20 # br-mesh ip address
194 dvr: True # disabled for non DVR use case
195 agent_mode: dvr_snat
196 metadata:
197 host: 127.0.0.1
198 password: pass
199 backend:
200 engine: ml2
201 tenant_network_types: "flat,vxlan"
202 mechanism:
203 ovs:
204 driver: openvswitch
205
206Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100207
208.. code-block:: yaml
209
210 neutron:
211 compute:
212 enabled: True
213 version: mitaka
214 message_queue:
215 engine: rabbitmq
216 host: 127.0.0.1
217 port: 5672
218 user: openstack
219 password: pwd
220 virtual_host: '/openstack'
221 local_ip: 192.168.20.20 # br-mesh ip address
222 dvr: True # disabled for non DVR use case
223 agent_mode: dvr
224 external_access: false # Compute node with DVR for east-west only, Network Node has True as default
225 metadata:
226 host: 127.0.0.1
227 password: pass
228 backend:
229 engine: ml2
230 tenant_network_types: "flat,vxlan"
231 mechanism:
232 ovs:
233 driver: openvswitch
Petr Michalec61f7ab22016-11-29 16:29:09 +0100234 audit:
235 enabled: false
Jiri Broulik74f61112016-11-21 20:23:47 +0100236
Aleš Komárek41e82312017-04-11 13:37:44 +0200237
Jiri Broulik74f61112016-11-21 20:23:47 +0100238Neutron VXLAN tenant networks with Network Nodes (non DVR)
Aleš Komárek41e82312017-04-11 13:37:44 +0200239----------------------------------------------------------
Jiri Broulik74f61112016-11-21 20:23:47 +0100240
241This section describes a network solution that utilises VxLAN overlay
242 networks without DVR with all routers being managed on the network nodes.
243
Aleš Komárek41e82312017-04-11 13:37:44 +0200244Neutron Server
Jiri Broulik74f61112016-11-21 20:23:47 +0100245
246.. code-block:: yaml
247
248 neutron:
249 server:
250 version: mitaka
251 plugin: ml2
252 bind:
253 address: 172.20.0.1
254 port: 9696
255 database:
256 engine: mysql
257 host: 127.0.0.1
258 port: 3306
259 name: neutron
260 user: neutron
261 password: pwd
262 identity:
263 engine: keystone
264 host: 127.0.0.1
265 port: 35357
266 user: neutron
267 password: pwd
268 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200269 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100270 message_queue:
271 engine: rabbitmq
272 host: 127.0.0.1
273 port: 5672
274 user: openstack
275 password: pwd
276 virtual_host: '/openstack'
277 global_physnet_mtu: 9000
278 l3_ha: True
279 dvr: False
280 backend:
281 engine: ml2
282 tenant_network_types= "flat,vxlan"
283 external_mtu: 9000
284 mechanism:
285 ovs:
286 driver: openvswitch
287
Aleš Komárek41e82312017-04-11 13:37:44 +0200288Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100289
290.. code-block:: yaml
291
292 neutron:
293 gateway:
294 enabled: True
295 version: mitaka
296 message_queue:
297 engine: rabbitmq
298 host: 127.0.0.1
299 port: 5672
300 user: openstack
301 password: pwd
302 virtual_host: '/openstack'
303 local_ip: 192.168.20.20 # br-mesh ip address
304 dvr: False
305 agent_mode: legacy
Simon Pasquierc03af112017-04-10 10:35:14 +0200306 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100307 metadata:
308 host: 127.0.0.1
309 password: pass
310 backend:
311 engine: ml2
312 tenant_network_types: "flat,vxlan"
313 mechanism:
314 ovs:
315 driver: openvswitch
316
317Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100318
319.. code-block:: yaml
320
321 neutron:
322 compute:
323 enabled: True
324 version: mitaka
325 message_queue:
326 engine: rabbitmq
327 host: 127.0.0.1
328 port: 5672
329 user: openstack
330 password: pwd
331 virtual_host: '/openstack'
332 local_ip: 192.168.20.20 # br-mesh ip address
333 external_access: False
334 dvr: False
335 backend:
336 engine: ml2
337 tenant_network_types: "flat,vxlan"
338 mechanism:
339 ovs:
340 driver: openvswitch
341
Aleš Komárek41e82312017-04-11 13:37:44 +0200342Neutron VXLAN tenant networks with Network Nodes with DVR
343---------------------------------------------------------
344
345With DVR for East-West and North-South, DVR everywhere, Network node for SNAT.
Jiri Broulik74f61112016-11-21 20:23:47 +0100346
347This section describes a network solution that utilises VxLAN
348overlay networks with DVR with North-South and East-West. Network
349Node is used only for SNAT.
350
Aleš Komárek41e82312017-04-11 13:37:44 +0200351Neutron Server
Jiri Broulik74f61112016-11-21 20:23:47 +0100352
353.. code-block:: yaml
354
355 neutron:
356 server:
357 version: mitaka
358 plugin: ml2
359 bind:
360 address: 172.20.0.1
361 port: 9696
362 database:
363 engine: mysql
364 host: 127.0.0.1
365 port: 3306
366 name: neutron
367 user: neutron
368 password: pwd
369 identity:
370 engine: keystone
371 host: 127.0.0.1
372 port: 35357
373 user: neutron
374 password: pwd
375 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200376 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100377 message_queue:
378 engine: rabbitmq
379 host: 127.0.0.1
380 port: 5672
381 user: openstack
382 password: pwd
383 virtual_host: '/openstack'
384 global_physnet_mtu: 9000
385 l3_ha: False
386 dvr: True
387 backend:
388 engine: ml2
389 tenant_network_types= "flat,vxlan"
390 external_mtu: 9000
391 mechanism:
392 ovs:
393 driver: openvswitch
394
Aleš Komárek41e82312017-04-11 13:37:44 +0200395Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100396
397.. code-block:: yaml
398
399 neutron:
400 gateway:
401 enabled: True
402 version: mitaka
403 message_queue:
404 engine: rabbitmq
405 host: 127.0.0.1
406 port: 5672
407 user: openstack
408 password: pwd
409 virtual_host: '/openstack'
410 local_ip: 192.168.20.20 # br-mesh ip address
411 dvr: True
412 agent_mode: dvr_snat
Simon Pasquierc03af112017-04-10 10:35:14 +0200413 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100414 metadata:
415 host: 127.0.0.1
416 password: pass
417 backend:
418 engine: ml2
419 tenant_network_types: "flat,vxlan"
420 mechanism:
421 ovs:
422 driver: openvswitch
423
424Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100425
426.. code-block:: yaml
427
428 neutron:
429 compute:
430 enabled: True
431 version: mitaka
432 message_queue:
433 engine: rabbitmq
434 host: 127.0.0.1
435 port: 5672
436 user: openstack
437 password: pwd
438 virtual_host: '/openstack'
439 local_ip: 192.168.20.20 # br-mesh ip address
440 dvr: True
441 external_access: True
442 agent_mode: dvr
Simon Pasquierc03af112017-04-10 10:35:14 +0200443 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100444 metadata:
445 host: 127.0.0.1
446 password: pass
447 backend:
448 engine: ml2
449 tenant_network_types: "flat,vxlan"
450 mechanism:
451 ovs:
452 driver: openvswitch
453
454Sample Linux network configuration for DVR
Jiri Broulik74f61112016-11-21 20:23:47 +0100455
456.. code-block:: yaml
457
458 linux:
459 network:
460 bridge: openvswitch
461 interface:
462 eth1:
463 enabled: true
464 type: eth
465 mtu: 9000
466 proto: manual
467 eth2:
468 enabled: true
469 type: eth
470 mtu: 9000
471 proto: manual
472 eth3:
473 enabled: true
474 type: eth
475 mtu: 9000
476 proto: manual
477 br-int:
478 enabled: true
479 mtu: 9000
480 type: ovs_bridge
481 br-floating:
482 enabled: true
483 mtu: 9000
484 type: ovs_bridge
485 float-to-ex:
486 enabled: true
487 type: ovs_port
488 mtu: 65000
489 bridge: br-floating
490 br-mgmt:
491 enabled: true
492 type: bridge
493 mtu: 9000
494 address: ${_param:single_address}
495 netmask: 255.255.255.0
496 use_interfaces:
497 - eth1
498 br-mesh:
499 enabled: true
500 type: bridge
501 mtu: 9000
502 address: ${_param:tenant_address}
503 netmask: 255.255.255.0
504 use_interfaces:
505 - eth2
506 br-ex:
507 enabled: true
508 type: bridge
509 mtu: 9000
510 address: ${_param:external_address}
511 netmask: 255.255.255.0
512 use_interfaces:
513 - eth3
514 use_ovs_ports:
515 - float-to-ex
516
517Neutron VLAN tenant networks with Network Nodes
Aleš Komárek41e82312017-04-11 13:37:44 +0200518-----------------------------------------------
Jiri Broulik74f61112016-11-21 20:23:47 +0100519
520VLAN tenant provider
521
522Neutron Server only
Jiri Broulik74f61112016-11-21 20:23:47 +0100523
524.. code-block:: yaml
525
526 neutron:
527 server:
528 version: mitaka
529 plugin: ml2
530 ...
531 global_physnet_mtu: 9000
532 l3_ha: False
533 dvr: True
534 backend:
535 engine: ml2
536 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
537 tenant_vlan_range: "1000:2000"
538 external_vlan_range: "100:200" # Does not have to be defined.
539 external_mtu: 9000
540 mechanism:
541 ovs:
542 driver: openvswitch
543
544Compute node
Jiri Broulik74f61112016-11-21 20:23:47 +0100545
546.. code-block:: yaml
547
548 neutron:
549 compute:
550 version: mitaka
551 plugin: ml2
552 ...
553 dvr: True
554 agent_mode: dvr
555 external_access: False
556 backend:
557 engine: ml2
558 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
559 mechanism:
560 ovs:
561 driver: openvswitch
562
Aleš Komárek41e82312017-04-11 13:37:44 +0200563Advanced Neutron Features (DPDK, SR-IOV)
564
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100565Neutron OVS DPDK
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100566
567Enable datapath netdev for neutron openvswitch agent
568
569.. code-block:: yaml
570
571 neutron:
572 server:
573 version: mitaka
574 ...
575 dpdk: True
576 ...
577
578 neutron:
579 compute:
580 version: mitaka
581 plugin: ml2
582 dpdk: True
583 backend:
584 engine: ml2
585 ...
586 mechanism:
587 ovs:
588 driver: openvswitch
589
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100590Neutron OVS SR-IOV
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100591
592.. code-block:: yaml
593
594 neutron:
595 server:
596 version: mitaka
597 plugin: ml2
598 backend:
599 engine: ml2
600 ...
601 mechanism:
602 ovs:
603 driver: openvswitch
604 sriov:
605 driver: sriovnicswitch
606
607 neutron:
608 compute:
609 version: mitaka
610 plugin: ml2
611 ...
612 backend:
613 engine: ml2
614 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
615 sriov:
616 nic_one:
617 devname: eth1
618 physical_network: physnet3
619 mechanism:
620 ovs:
621 driver: openvswitch
622
Aleš Komárek41e82312017-04-11 13:37:44 +0200623Neutron Server
624--------------
625
Jiri Broulik74f61112016-11-21 20:23:47 +0100626Neutron Server with OpenContrail
Jiri Broulik74f61112016-11-21 20:23:47 +0100627
628.. code-block:: yaml
629
630 neutron:
631 server:
632 plugin: contrail
marcoa4428a32016-06-10 11:50:16 +0200633 backend:
634 engine: contrail
635 host: contrail_discovery_host
636 port: 8082
637 user: admin
638 password: password
639 tenant: admin
640 token: token
641
642Neutron Server with Midonet
643
644.. code-block:: yaml
645
646 neutron:
647 server:
648 backend:
649 engine: midonet
650 host: midonet_api_host
651 port: 8181
652 user: admin
653 password: password
654
Filip Pytlouncd028e42015-10-06 16:28:32 +0200655
Jakub Pavlik6dd5c0a2016-03-09 14:18:15 +0100656Neutron Keystone region
657
658.. code-block:: yaml
659
660 neutron:
661 server:
662 enabled: true
663 version: kilo
664 ...
665 identity:
666 region: RegionTwo
667 ...
668 compute:
669 region: RegionTwo
670 ...
671
Jiri Konecny93b19992016-04-12 11:15:39 +0200672Client-side RabbitMQ HA setup
673
674.. code-block:: yaml
675
676 neutron:
677 server:
678 ....
679 message_queue:
680 engine: rabbitmq
681 members:
682 - host: 10.0.16.1
683 - host: 10.0.16.2
684 - host: 10.0.16.3
685 user: openstack
686 password: pwd
687 virtual_host: '/openstack'
688 ....
689
Petr Michalec61f7ab22016-11-29 16:29:09 +0100690Enable auditing filter, ie: CADF
691
692.. code-block:: yaml
693
694 neutron:
695 server:
696 audit:
697 enabled: true
698 ....
699 filter_factory: 'keystonemiddleware.audit:filter_factory'
700 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
701 ....
702 compute:
703 audit:
704 enabled: true
705 ....
706 filter_factory: 'keystonemiddleware.audit:filter_factory'
707 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
708 ....
Jiri Konecny93b19992016-04-12 11:15:39 +0200709
Oleg Bondarev98870a32017-05-29 16:53:19 +0400710Neutron with security groups disabled
711
712.. code-block:: yaml
713
714 neutron:
715 server:
716 security_groups_enabled: False
717 ....
718 compute:
719 security_groups_enabled: False
720 ....
721 gateway:
722 security_groups_enabled: False
723
Jiri Konecny93b19992016-04-12 11:15:39 +0200724
Aleš Komárek41e82312017-04-11 13:37:44 +0200725Neutron Client
726--------------
Jiri Broulik5368cc52017-02-08 18:53:59 +0100727
728Neutron networks
729
730.. code-block:: yaml
731
732 neutron:
733 client:
734 enabled: true
735 server:
736 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100737 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100738 network:
739 inet1:
740 tenant: demo
741 shared: False
742 admin_state_up: True
743 router_external: True
744 provider_physical_network: inet
745 provider_network_type: flat
746 provider_segmentation_id: 2
747 subnet:
748 inet1-subnet1:
749 cidr: 192.168.90.0/24
750 enable_dhcp: False
751 inet2:
752 tenant: admin
753 shared: False
754 router_external: True
755 provider_network_type: "vlan"
756 subnet:
757 inet2-subnet1:
758 cidr: 192.168.92.0/24
759 enable_dhcp: False
760 inet2-subnet2:
761 cidr: 192.168.94.0/24
762 enable_dhcp: True
763 identity1:
764 network:
765 ...
766
Jiri Broulik5368cc52017-02-08 18:53:59 +0100767Neutron routers
768
769.. code-block:: yaml
770
771 neutron:
772 client:
773 enabled: true
774 server:
775 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100776 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100777 router:
778 inet1-router:
779 tenant: demo
780 admin_state_up: True
781 gateway_network: inet
782 interfaces:
783 - inet1-subnet1
784 - inet1-subnet2
785 identity1:
786 router:
787 ...
788
789 TODO: implement adding new interfaces to a router while updating it
790
791
792Neutron security groups
793
794.. code-block:: yaml
795
796 neutron:
797 client:
798 enabled: true
799 server:
800 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100801 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100802 security_group:
803 security_group1:
804 tenant: demo
805 description: security group 1
806 rules:
807 - direction: ingress
808 ethertype: IPv4
809 protocol: TCP
810 port_range_min: 1
811 port_range_max: 65535
812 remote_ip_prefix: 0.0.0.0/0
813 - direction: ingress
814 ethertype: IPv4
815 protocol: UDP
816 port_range_min: 1
817 port_range_max: 65535
818 remote_ip_prefix: 0.0.0.0/0
819 - direction: ingress
820 protocol: ICMP
821 remote_ip_prefix: 0.0.0.0/0
822 identity1:
823 security_group:
824 ...
825
826 TODO: implement updating existing security rules (now it adds new rule if trying to update existing one)
827
Jiri Broulikde2e2902017-02-13 15:03:47 +0100828
829Floating IP addresses
830
831.. code-block:: yaml
832
833 neutron:
834 client:
835 enabled: true
836 server:
837 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100838 endpoint_type: internalURL
Jiri Broulikde2e2902017-02-13 15:03:47 +0100839 floating_ip:
840 prx01-instance:
841 server: prx01.mk22-lab-basic.local
842 subnet: private-subnet1
843 network: public-net1
844 tenant: demo
845 gtw01-instance:
846 ...
847
848.. note:: The network must have flag router:external set to True.
849 Instance port in the stated subnet will be associated with the dynamically generated floating IP.
850
851
Filip Pytloun20c0a442017-02-02 13:05:13 +0100852Documentation and Bugs
853======================
854
855To learn how to install and update salt-formulas, consult the documentation
856available online at:
857
858 http://salt-formulas.readthedocs.io/
859
860In the unfortunate event that bugs are discovered, they should be reported to
861the appropriate issue tracker. Use Github issue tracker for specific salt
862formula:
863
864 https://github.com/salt-formulas/salt-formula-neutron/issues
865
866For feature requests, bug reports or blueprints affecting entire ecosystem,
867use Launchpad salt-formulas project:
868
869 https://launchpad.net/salt-formulas
870
871You can also join salt-formulas-users team and subscribe to mailing list:
872
873 https://launchpad.net/~salt-formulas-users
874
875Developers wishing to work on the salt-formulas projects should always base
876their work on master branch and submit pull request against specific formula.
877
878 https://github.com/salt-formulas/salt-formula-neutron
879
880Any questions or feedback is always welcome so feel free to join our IRC
881channel:
882
883 #salt-formulas @ irc.freenode.net