Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / neutron / 2fffc845e276054c6d1c1b5a3d87d15f41e5afb0 / . / README.rst
blob: c01b8222887bb2d27b614a560e21005538ae9867 [file] [log] [blame]
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]1===============
2Neutron Formula
3===============
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]4
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]5Neutron is an OpenStack project to provide "networking as a service" between
6interface devices (e.g., vNICs) managed by other Openstack services (e.g.,
7nova).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]8
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]9Starting in the Folsom release, Neutron is a core and supported part of the
10OpenStack platform (for Essex, we were an "incubated" project, which means use
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame^]11is suggested only for those who really know what they're doing with Neutron).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]12
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]13Sample Pillars
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]14==============
15
16Neutron Server on the controller node
17
18.. code-block:: yaml
19
20 neutron:
21 server:
22 enabled: true
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]23 version: mitaka
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]24 allow_pagination: true
25 pagination_max_limit: 100
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]26 bind:
27 address: 172.20.0.1
28 port: 9696
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]29 database:
30 engine: mysql
31 host: 127.0.0.1
32 port: 3306
33 name: neutron
34 user: neutron
35 password: pwd
36 identity:
37 engine: keystone
38 host: 127.0.0.1
39 port: 35357
40 user: neutron
41 password: pwd
42 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]43 endpoint_type: internal
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]44 message_queue:
45 engine: rabbitmq
46 host: 127.0.0.1
47 port: 5672
48 user: openstack
49 password: pwd
50 virtual_host: '/openstack'
51 metadata:
52 host: 127.0.0.1
53 port: 8775
54 password: pass
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]55 audit:
56 enabled: false
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]57
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]58Note: The pagination is useful to retrieve a large bunch of resources,
59because a single request may fail (timeout). This is enabled with both
60parameters *allow_pagination* and *pagination_max_limit* as shown above.
61
Dmitry Ukov596ddcf2017-05-04 18:16:16 +0400[diff] [blame]62
63Configuration of policy.json file
64
65.. code-block:: yaml
66
67 neutron:
68 server:
69 ....
70 policy:
71 create_subnet: 'rule:admin_or_network_owner'
72 'get_network:queue_id': 'rule:admin_only'
73 # Add key without value to remove line from policy.json
74 'create_network:shared':
75
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]76Neutron lbaas provides on the controller node
77
78.. code-block:: yaml
79
80 neutron:
81 server:
82 lbaas:
83 enabled: true
84 providers:
85 avi_adc:
86 enabled: true
87 engine: avinetworks
88 controller_address: 10.182.129.239
89 controller_user: admin
90 controller_password: Cloudlab2016
91 controller_cloud_name: Default-Cloud
92 avi_adc2:
93 engine: avinetworks
94 ...
95
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]96Note: If you want contrail lbaas then backend is only required. Lbaas in
97pillar should be define only if it should be disabled.
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]98
99.. code-block:: yaml
100
101 neutron:
102 server:
103 lbaas:
104 enabled: disabled
105
Ondrej Smola12ff8192017-04-28 12:39:11 +0200[diff] [blame]106Enable CORS parameters
107
108.. code-block:: yaml
109
110 neutron:
111 server:
112 cors:
113 allowed_origin: https:localhost.local,http:localhost.local
114 expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
115 allow_methods: GET,PUT,POST,DELETE,PATCH
116 allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
117 allow_credentials: True
118 max_age: 86400
119
120
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]121Neutron VXLAN tenant networks with Network nodes
122------------------------------------------------
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]123
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]124With DVR for East-West and Network node for North-South.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]125
126This use case describes a model utilising VxLAN overlay with DVR. The DVR
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]127routers will only be utilized for traffic that is router within the cloud
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame^]128infrastructure and that remains encapsulated. External traffic will be
129routed to via the network nodes.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]130
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame^]131The intention is that each tenant will require at least two (2) vrouters
132one to be utilised
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]133
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]134Neutron Server
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]135
136.. code-block:: yaml
137
138 neutron:
139 server:
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]140 version: mitaka
141 plugin: ml2
142 bind:
143 address: 172.20.0.1
144 port: 9696
145 database:
146 engine: mysql
147 host: 127.0.0.1
148 port: 3306
149 name: neutron
150 user: neutron
151 password: pwd
152 identity:
153 engine: keystone
154 host: 127.0.0.1
155 port: 35357
156 user: neutron
157 password: pwd
158 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]159 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]160 message_queue:
161 engine: rabbitmq
162 host: 127.0.0.1
163 port: 5672
164 user: openstack
165 password: pwd
166 virtual_host: '/openstack'
167 global_physnet_mtu: 9000
168 l3_ha: False # Which type of router will be created by default
169 dvr: True # disabled for non DVR use case
170 backend:
171 engine: ml2
172 tenant_network_types: "flat,vxlan"
173 external_mtu: 9000
174 mechanism:
175 ovs:
176 driver: openvswitch
177
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]178Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]179
180.. code-block:: yaml
181
182 neutron:
183 gateway:
184 enabled: True
185 version: mitaka
186 message_queue:
187 engine: rabbitmq
188 host: 127.0.0.1
189 port: 5672
190 user: openstack
191 password: pwd
192 virtual_host: '/openstack'
193 local_ip: 192.168.20.20 # br-mesh ip address
194 dvr: True # disabled for non DVR use case
195 agent_mode: dvr_snat
196 metadata:
197 host: 127.0.0.1
198 password: pass
199 backend:
200 engine: ml2
201 tenant_network_types: "flat,vxlan"
202 mechanism:
203 ovs:
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame^]204 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]205
206Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]207
208.. code-block:: yaml
209
210 neutron:
211 compute:
212 enabled: True
213 version: mitaka
214 message_queue:
215 engine: rabbitmq
216 host: 127.0.0.1
217 port: 5672
218 user: openstack
219 password: pwd
220 virtual_host: '/openstack'
221 local_ip: 192.168.20.20 # br-mesh ip address
222 dvr: True # disabled for non DVR use case
223 agent_mode: dvr
224 external_access: false # Compute node with DVR for east-west only, Network Node has True as default
225 metadata:
226 host: 127.0.0.1
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame^]227 password: pass
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]228 backend:
229 engine: ml2
230 tenant_network_types: "flat,vxlan"
231 mechanism:
232 ovs:
233 driver: openvswitch
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]234 audit:
235 enabled: false
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]236
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]237
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]238Neutron VXLAN tenant networks with Network Nodes (non DVR)
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]239----------------------------------------------------------
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]240
241This section describes a network solution that utilises VxLAN overlay
242 networks without DVR with all routers being managed on the network nodes.
243
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]244Neutron Server
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]245
246.. code-block:: yaml
247
248 neutron:
249 server:
250 version: mitaka
251 plugin: ml2
252 bind:
253 address: 172.20.0.1
254 port: 9696
255 database:
256 engine: mysql
257 host: 127.0.0.1
258 port: 3306
259 name: neutron
260 user: neutron
261 password: pwd
262 identity:
263 engine: keystone
264 host: 127.0.0.1
265 port: 35357
266 user: neutron
267 password: pwd
268 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]269 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]270 message_queue:
271 engine: rabbitmq
272 host: 127.0.0.1
273 port: 5672
274 user: openstack
275 password: pwd
276 virtual_host: '/openstack'
277 global_physnet_mtu: 9000
278 l3_ha: True
279 dvr: False
280 backend:
281 engine: ml2
282 tenant_network_types= "flat,vxlan"
283 external_mtu: 9000
284 mechanism:
285 ovs:
286 driver: openvswitch
287
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]288Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]289
290.. code-block:: yaml
291
292 neutron:
293 gateway:
294 enabled: True
295 version: mitaka
296 message_queue:
297 engine: rabbitmq
298 host: 127.0.0.1
299 port: 5672
300 user: openstack
301 password: pwd
302 virtual_host: '/openstack'
303 local_ip: 192.168.20.20 # br-mesh ip address
304 dvr: False
305 agent_mode: legacy
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]306 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]307 metadata:
308 host: 127.0.0.1
309 password: pass
310 backend:
311 engine: ml2
312 tenant_network_types: "flat,vxlan"
313 mechanism:
314 ovs:
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame^]315 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]316
317Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]318
319.. code-block:: yaml
320
321 neutron:
322 compute:
323 enabled: True
324 version: mitaka
325 message_queue:
326 engine: rabbitmq
327 host: 127.0.0.1
328 port: 5672
329 user: openstack
330 password: pwd
331 virtual_host: '/openstack'
332 local_ip: 192.168.20.20 # br-mesh ip address
333 external_access: False
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame^]334 dvr: False
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]335 backend:
336 engine: ml2
337 tenant_network_types: "flat,vxlan"
338 mechanism:
339 ovs:
340 driver: openvswitch
341
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]342Neutron VXLAN tenant networks with Network Nodes with DVR
343---------------------------------------------------------
344
345With DVR for East-West and North-South, DVR everywhere, Network node for SNAT.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]346
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame^]347This section describes a network solution that utilises VxLAN
348overlay networks with DVR with North-South and East-West. Network
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]349Node is used only for SNAT.
350
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]351Neutron Server
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]352
353.. code-block:: yaml
354
355 neutron:
356 server:
357 version: mitaka
358 plugin: ml2
359 bind:
360 address: 172.20.0.1
361 port: 9696
362 database:
363 engine: mysql
364 host: 127.0.0.1
365 port: 3306
366 name: neutron
367 user: neutron
368 password: pwd
369 identity:
370 engine: keystone
371 host: 127.0.0.1
372 port: 35357
373 user: neutron
374 password: pwd
375 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]376 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]377 message_queue:
378 engine: rabbitmq
379 host: 127.0.0.1
380 port: 5672
381 user: openstack
382 password: pwd
383 virtual_host: '/openstack'
384 global_physnet_mtu: 9000
385 l3_ha: False
386 dvr: True
387 backend:
388 engine: ml2
389 tenant_network_types= "flat,vxlan"
390 external_mtu: 9000
391 mechanism:
392 ovs:
393 driver: openvswitch
394
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]395Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]396
397.. code-block:: yaml
398
399 neutron:
400 gateway:
401 enabled: True
402 version: mitaka
403 message_queue:
404 engine: rabbitmq
405 host: 127.0.0.1
406 port: 5672
407 user: openstack
408 password: pwd
409 virtual_host: '/openstack'
410 local_ip: 192.168.20.20 # br-mesh ip address
411 dvr: True
412 agent_mode: dvr_snat
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]413 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]414 metadata:
415 host: 127.0.0.1
416 password: pass
417 backend:
418 engine: ml2
419 tenant_network_types: "flat,vxlan"
420 mechanism:
421 ovs:
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame^]422 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]423
424Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]425
426.. code-block:: yaml
427
428 neutron:
429 compute:
430 enabled: True
431 version: mitaka
432 message_queue:
433 engine: rabbitmq
434 host: 127.0.0.1
435 port: 5672
436 user: openstack
437 password: pwd
438 virtual_host: '/openstack'
439 local_ip: 192.168.20.20 # br-mesh ip address
440 dvr: True
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame^]441 external_access: True
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]442 agent_mode: dvr
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]443 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]444 metadata:
445 host: 127.0.0.1
446 password: pass
447 backend:
448 engine: ml2
449 tenant_network_types: "flat,vxlan"
450 mechanism:
451 ovs:
452 driver: openvswitch
453
454Sample Linux network configuration for DVR
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]455
456.. code-block:: yaml
457
458 linux:
459 network:
460 bridge: openvswitch
461 interface:
462 eth1:
463 enabled: true
464 type: eth
465 mtu: 9000
466 proto: manual
467 eth2:
468 enabled: true
469 type: eth
470 mtu: 9000
471 proto: manual
472 eth3:
473 enabled: true
474 type: eth
475 mtu: 9000
476 proto: manual
477 br-int:
478 enabled: true
479 mtu: 9000
480 type: ovs_bridge
481 br-floating:
482 enabled: true
483 mtu: 9000
484 type: ovs_bridge
485 float-to-ex:
486 enabled: true
487 type: ovs_port
488 mtu: 65000
489 bridge: br-floating
490 br-mgmt:
491 enabled: true
492 type: bridge
493 mtu: 9000
494 address: ${_param:single_address}
495 netmask: 255.255.255.0
496 use_interfaces:
497 - eth1
498 br-mesh:
499 enabled: true
500 type: bridge
501 mtu: 9000
502 address: ${_param:tenant_address}
503 netmask: 255.255.255.0
504 use_interfaces:
505 - eth2
506 br-ex:
507 enabled: true
508 type: bridge
509 mtu: 9000
510 address: ${_param:external_address}
511 netmask: 255.255.255.0
512 use_interfaces:
513 - eth3
514 use_ovs_ports:
515 - float-to-ex
516
517Neutron VLAN tenant networks with Network Nodes
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]518-----------------------------------------------
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]519
520VLAN tenant provider
521
522Neutron Server only
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]523
524.. code-block:: yaml
525
526 neutron:
527 server:
528 version: mitaka
529 plugin: ml2
530 ...
531 global_physnet_mtu: 9000
532 l3_ha: False
533 dvr: True
534 backend:
535 engine: ml2
536 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
537 tenant_vlan_range: "1000:2000"
538 external_vlan_range: "100:200" # Does not have to be defined.
539 external_mtu: 9000
540 mechanism:
541 ovs:
542 driver: openvswitch
543
544Compute node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]545
546.. code-block:: yaml
547
548 neutron:
549 compute:
550 version: mitaka
551 plugin: ml2
552 ...
553 dvr: True
554 agent_mode: dvr
555 external_access: False
556 backend:
557 engine: ml2
558 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
559 mechanism:
560 ovs:
561 driver: openvswitch
562
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]563Advanced Neutron Features (DPDK, SR-IOV)
564
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]565Neutron OVS DPDK
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]566
567Enable datapath netdev for neutron openvswitch agent
568
569.. code-block:: yaml
570
571 neutron:
572 server:
573 version: mitaka
574 ...
575 dpdk: True
576 ...
577
578 neutron:
579 compute:
580 version: mitaka
581 plugin: ml2
582 dpdk: True
583 backend:
584 engine: ml2
585 ...
586 mechanism:
587 ovs:
588 driver: openvswitch
589
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]590Neutron OVS SR-IOV
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]591
592.. code-block:: yaml
593
594 neutron:
595 server:
596 version: mitaka
597 plugin: ml2
598 backend:
599 engine: ml2
600 ...
601 mechanism:
602 ovs:
603 driver: openvswitch
604 sriov:
605 driver: sriovnicswitch
606
607 neutron:
608 compute:
609 version: mitaka
610 plugin: ml2
611 ...
612 backend:
613 engine: ml2
614 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
615 sriov:
616 nic_one:
617 devname: eth1
618 physical_network: physnet3
619 mechanism:
620 ovs:
621 driver: openvswitch
622
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]623Neutron Server
624--------------
625
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]626Neutron Server with OpenContrail
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]627
628.. code-block:: yaml
629
630 neutron:
631 server:
632 plugin: contrail
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]633 backend:
634 engine: contrail
635 host: contrail_discovery_host
636 port: 8082
637 user: admin
638 password: password
639 tenant: admin
640 token: token
641
642Neutron Server with Midonet
643
644.. code-block:: yaml
645
646 neutron:
647 server:
648 backend:
649 engine: midonet
650 host: midonet_api_host
651 port: 8181
652 user: admin
653 password: password
654
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]655
Jakub Pavlik6dd5c0a2016-03-09 14:18:15 +0100[diff] [blame]656Neutron Keystone region
657
658.. code-block:: yaml
659
660 neutron:
661 server:
662 enabled: true
663 version: kilo
664 ...
665 identity:
666 region: RegionTwo
667 ...
668 compute:
669 region: RegionTwo
670 ...
671
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]672Client-side RabbitMQ HA setup
673
674.. code-block:: yaml
675
676 neutron:
677 server:
678 ....
679 message_queue:
680 engine: rabbitmq
681 members:
682 - host: 10.0.16.1
683 - host: 10.0.16.2
684 - host: 10.0.16.3
685 user: openstack
686 password: pwd
687 virtual_host: '/openstack'
688 ....
689
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]690Enable auditing filter, ie: CADF
691
692.. code-block:: yaml
693
694 neutron:
695 server:
696 audit:
697 enabled: true
698 ....
699 filter_factory: 'keystonemiddleware.audit:filter_factory'
700 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
701 ....
702 compute:
703 audit:
704 enabled: true
705 ....
706 filter_factory: 'keystonemiddleware.audit:filter_factory'
707 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
708 ....
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]709
Oleg Bondarev98870a32017-05-29 16:53:19 +0400[diff] [blame]710Neutron with security groups disabled
711
712.. code-block:: yaml
713
714 neutron:
715 server:
716 security_groups_enabled: False
717 ....
718 compute:
719 security_groups_enabled: False
720 ....
721 gateway:
722 security_groups_enabled: False
723
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]724
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]725Neutron Client
726--------------
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]727
728Neutron networks
729
730.. code-block:: yaml
731
732 neutron:
733 client:
734 enabled: true
735 server:
736 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]737 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]738 network:
739 inet1:
740 tenant: demo
741 shared: False
742 admin_state_up: True
743 router_external: True
744 provider_physical_network: inet
745 provider_network_type: flat
746 provider_segmentation_id: 2
747 subnet:
748 inet1-subnet1:
749 cidr: 192.168.90.0/24
750 enable_dhcp: False
751 inet2:
752 tenant: admin
753 shared: False
754 router_external: True
755 provider_network_type: "vlan"
756 subnet:
757 inet2-subnet1:
758 cidr: 192.168.92.0/24
759 enable_dhcp: False
760 inet2-subnet2:
761 cidr: 192.168.94.0/24
762 enable_dhcp: True
763 identity1:
764 network:
765 ...
766
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]767Neutron routers
768
769.. code-block:: yaml
770
771 neutron:
772 client:
773 enabled: true
774 server:
775 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]776 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]777 router:
778 inet1-router:
779 tenant: demo
780 admin_state_up: True
781 gateway_network: inet
782 interfaces:
783 - inet1-subnet1
784 - inet1-subnet2
785 identity1:
786 router:
787 ...
788
789 TODO: implement adding new interfaces to a router while updating it
790
791
792Neutron security groups
793
794.. code-block:: yaml
795
796 neutron:
797 client:
798 enabled: true
799 server:
800 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]801 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]802 security_group:
803 security_group1:
804 tenant: demo
805 description: security group 1
806 rules:
807 - direction: ingress
808 ethertype: IPv4
809 protocol: TCP
810 port_range_min: 1
811 port_range_max: 65535
812 remote_ip_prefix: 0.0.0.0/0
813 - direction: ingress
814 ethertype: IPv4
815 protocol: UDP
816 port_range_min: 1
817 port_range_max: 65535
818 remote_ip_prefix: 0.0.0.0/0
819 - direction: ingress
820 protocol: ICMP
821 remote_ip_prefix: 0.0.0.0/0
822 identity1:
823 security_group:
824 ...
825
826 TODO: implement updating existing security rules (now it adds new rule if trying to update existing one)
827
Jiri Broulikde2e2902017-02-13 15:03:47 +0100[diff] [blame]828
829Floating IP addresses
830
831.. code-block:: yaml
832
833 neutron:
834 client:
835 enabled: true
836 server:
837 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]838 endpoint_type: internalURL
Jiri Broulikde2e2902017-02-13 15:03:47 +0100[diff] [blame]839 floating_ip:
840 prx01-instance:
841 server: prx01.mk22-lab-basic.local
842 subnet: private-subnet1
843 network: public-net1
844 tenant: demo
845 gtw01-instance:
846 ...
847
848.. note:: The network must have flag router:external set to True.
849 Instance port in the stated subnet will be associated with the dynamically generated floating IP.
850
851
Filip Pytloun20c0a442017-02-02 13:05:13 +0100[diff] [blame]852Documentation and Bugs
853======================
854
855To learn how to install and update salt-formulas, consult the documentation
856available online at:
857
858 http://salt-formulas.readthedocs.io/
859
860In the unfortunate event that bugs are discovered, they should be reported to
861the appropriate issue tracker. Use Github issue tracker for specific salt
862formula:
863
864 https://github.com/salt-formulas/salt-formula-neutron/issues
865
866For feature requests, bug reports or blueprints affecting entire ecosystem,
867use Launchpad salt-formulas project:
868
869 https://launchpad.net/salt-formulas
870
871You can also join salt-formulas-users team and subscribe to mailing list:
872
873 https://launchpad.net/~salt-formulas-users
874
875Developers wishing to work on the salt-formulas projects should always base
876their work on master branch and submit pull request against specific formula.
877
878 https://github.com/salt-formulas/salt-formula-neutron
879
880Any questions or feedback is always welcome so feel free to join our IRC
881channel:
882
883 #salt-formulas @ irc.freenode.net