Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / neutron / 3c1be3e707030a7c951507176ca240ad0dba88cf / . / README.rst
blob: 502d5c5865abcc82e51ae29948a55a3e9c348056 [file] [log] [blame]
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]1===============
2Neutron Formula
3===============
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]4
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]5Neutron is an OpenStack project to provide "networking as a service" between
6interface devices (e.g., vNICs) managed by other Openstack services (e.g.,
7nova).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]8
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]9Starting in the Folsom release, Neutron is a core and supported part of the
10OpenStack platform (for Essex, we were an "incubated" project, which means use
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]11is suggested only for those who really know what they're doing with Neutron).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]12
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]13Sample Pillars
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]14==============
15
16Neutron Server on the controller node
17
18.. code-block:: yaml
19
20 neutron:
21 server:
22 enabled: true
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]23 version: mitaka
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]24 allow_pagination: true
25 pagination_max_limit: 100
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]26 bind:
27 address: 172.20.0.1
28 port: 9696
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]29 database:
30 engine: mysql
31 host: 127.0.0.1
32 port: 3306
33 name: neutron
34 user: neutron
35 password: pwd
36 identity:
37 engine: keystone
38 host: 127.0.0.1
39 port: 35357
40 user: neutron
41 password: pwd
42 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]43 endpoint_type: internal
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]44 message_queue:
45 engine: rabbitmq
46 host: 127.0.0.1
47 port: 5672
48 user: openstack
49 password: pwd
50 virtual_host: '/openstack'
51 metadata:
52 host: 127.0.0.1
53 port: 8775
54 password: pass
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]55 audit:
56 enabled: false
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]57
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]58Note: The pagination is useful to retrieve a large bunch of resources,
59because a single request may fail (timeout). This is enabled with both
60parameters *allow_pagination* and *pagination_max_limit* as shown above.
61
Dmitry Ukov596ddcf2017-05-04 18:16:16 +0400[diff] [blame]62
63Configuration of policy.json file
64
65.. code-block:: yaml
66
67 neutron:
68 server:
69 ....
70 policy:
71 create_subnet: 'rule:admin_or_network_owner'
72 'get_network:queue_id': 'rule:admin_only'
73 # Add key without value to remove line from policy.json
74 'create_network:shared':
75
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]76Neutron LBaaSv2 enablement
77--------------------------
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]78
79.. code-block:: yaml
80
81 neutron:
82 server:
83 lbaas:
84 enabled: true
85 providers:
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]86 octavia:
87 engine: octavia
88 driver_path: 'neutron_lbaas.drivers.octavia.driver.OctaviaDriver'
89 base_url: 'http://127.0.0.1:9876'
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]90 avi_adc:
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]91 engine: avinetworks
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]92 driver_path: 'avi_lbaasv2.avi_driver.AviDriver'
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]93 controller_address: 10.182.129.239
94 controller_user: admin
95 controller_password: Cloudlab2016
96 controller_cloud_name: Default-Cloud
97 avi_adc2:
98 engine: avinetworks
99 ...
100
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]101Note: If the Contrail backend is set, Opencontrail loadbalancer would be enabled
102automatically. In this case lbaas should disabled in pillar:
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]103
104.. code-block:: yaml
105
106 neutron:
107 server:
108 lbaas:
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]109 enabled: false
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]110
Elena Ezhova166d4012017-08-17 12:53:52 +0400[diff] [blame]111
112Neutron FWaaSv1 enablement
113--------------------------
114
115.. code-block:: yaml
116
117 neutron:
118 fwaas:
119 enabled: true
120 version: ocata
121 api_version: v1
122
123
Ondrej Smola12ff8192017-04-28 12:39:11 +0200[diff] [blame]124Enable CORS parameters
Elena Ezhova166d4012017-08-17 12:53:52 +0400[diff] [blame]125----------------------
Ondrej Smola12ff8192017-04-28 12:39:11 +0200[diff] [blame]126
127.. code-block:: yaml
128
129 neutron:
130 server:
131 cors:
132 allowed_origin: https:localhost.local,http:localhost.local
133 expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
134 allow_methods: GET,PUT,POST,DELETE,PATCH
135 allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
136 allow_credentials: True
137 max_age: 86400
138
139
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]140Neutron VXLAN tenant networks with Network nodes
141------------------------------------------------
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]142
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]143With DVR for East-West and Network node for North-South.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]144
145This use case describes a model utilising VxLAN overlay with DVR. The DVR
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]146routers will only be utilized for traffic that is router within the cloud
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]147infrastructure and that remains encapsulated. External traffic will be
148routed to via the network nodes.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]149
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]150The intention is that each tenant will require at least two (2) vrouters
151one to be utilised
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]152
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]153Neutron Server
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]154
155.. code-block:: yaml
156
157 neutron:
158 server:
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]159 version: mitaka
Dmitry Stremkouski3c1be3e2017-11-18 11:04:20 +0300[diff] [blame^]160 path_mtu: 1500
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]161 bind:
162 address: 172.20.0.1
163 port: 9696
164 database:
165 engine: mysql
166 host: 127.0.0.1
167 port: 3306
168 name: neutron
169 user: neutron
170 password: pwd
171 identity:
172 engine: keystone
173 host: 127.0.0.1
174 port: 35357
175 user: neutron
176 password: pwd
177 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]178 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]179 message_queue:
180 engine: rabbitmq
181 host: 127.0.0.1
182 port: 5672
183 user: openstack
184 password: pwd
185 virtual_host: '/openstack'
186 global_physnet_mtu: 9000
187 l3_ha: False # Which type of router will be created by default
188 dvr: True # disabled for non DVR use case
189 backend:
190 engine: ml2
191 tenant_network_types: "flat,vxlan"
192 external_mtu: 9000
193 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]194 ovs:
195 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]196
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]197Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]198
199.. code-block:: yaml
200
201 neutron:
202 gateway:
203 enabled: True
204 version: mitaka
205 message_queue:
206 engine: rabbitmq
207 host: 127.0.0.1
208 port: 5672
209 user: openstack
210 password: pwd
211 virtual_host: '/openstack'
212 local_ip: 192.168.20.20 # br-mesh ip address
213 dvr: True # disabled for non DVR use case
214 agent_mode: dvr_snat
215 metadata:
216 host: 127.0.0.1
217 password: pass
218 backend:
219 engine: ml2
220 tenant_network_types: "flat,vxlan"
221 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]222 ovs:
223 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]224
225Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]226
227.. code-block:: yaml
228
229 neutron:
230 compute:
231 enabled: True
232 version: mitaka
233 message_queue:
234 engine: rabbitmq
235 host: 127.0.0.1
236 port: 5672
237 user: openstack
238 password: pwd
239 virtual_host: '/openstack'
240 local_ip: 192.168.20.20 # br-mesh ip address
241 dvr: True # disabled for non DVR use case
242 agent_mode: dvr
243 external_access: false # Compute node with DVR for east-west only, Network Node has True as default
244 metadata:
245 host: 127.0.0.1
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]246 password: pass
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]247 backend:
248 engine: ml2
249 tenant_network_types: "flat,vxlan"
250 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]251 ovs:
252 driver: openvswitch
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]253 audit:
254 enabled: false
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]255
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]256
Dmitry Stremkouskia3a4ab42017-10-23 17:37:12 +0300[diff] [blame]257Disable physnet1 bridge
258-----------------------
259
260By default we have external access turned on, so among any physnets in
261your reclass there would be additional one: physnet1, which is mapped to
262br-floating
263
264If you need internal nets only without this bridge, remove br-floating
265and configurations mappings. Disable mappings for this bridge on
266neutron-servers:
267
268.. code-block:: yaml
269
270 neutron:
271 server:
272 external_access: false
273
274gateways:
275
276.. code-block:: yaml
277
278 neutron:
279 gateway:
280 external_access: false
281
282compute nodes:
283
284.. code-block:: yaml
285
286 neutron:
287 compute:
288 external_access: false
289
290
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]291Neutron VXLAN tenant networks with Network Nodes (non DVR)
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]292----------------------------------------------------------
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]293
294This section describes a network solution that utilises VxLAN overlay
295 networks without DVR with all routers being managed on the network nodes.
296
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]297Neutron Server
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]298
299.. code-block:: yaml
300
301 neutron:
302 server:
303 version: mitaka
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]304 bind:
305 address: 172.20.0.1
306 port: 9696
307 database:
308 engine: mysql
309 host: 127.0.0.1
310 port: 3306
311 name: neutron
312 user: neutron
313 password: pwd
314 identity:
315 engine: keystone
316 host: 127.0.0.1
317 port: 35357
318 user: neutron
319 password: pwd
320 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]321 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]322 message_queue:
323 engine: rabbitmq
324 host: 127.0.0.1
325 port: 5672
326 user: openstack
327 password: pwd
328 virtual_host: '/openstack'
329 global_physnet_mtu: 9000
330 l3_ha: True
331 dvr: False
332 backend:
333 engine: ml2
334 tenant_network_types= "flat,vxlan"
335 external_mtu: 9000
336 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]337 ovs:
338 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]339
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]340Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]341
342.. code-block:: yaml
343
344 neutron:
345 gateway:
346 enabled: True
347 version: mitaka
348 message_queue:
349 engine: rabbitmq
350 host: 127.0.0.1
351 port: 5672
352 user: openstack
353 password: pwd
354 virtual_host: '/openstack'
355 local_ip: 192.168.20.20 # br-mesh ip address
356 dvr: False
357 agent_mode: legacy
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]358 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]359 metadata:
360 host: 127.0.0.1
361 password: pass
362 backend:
363 engine: ml2
364 tenant_network_types: "flat,vxlan"
365 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]366 ovs:
367 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]368
369Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]370
371.. code-block:: yaml
372
373 neutron:
374 compute:
375 enabled: True
376 version: mitaka
377 message_queue:
378 engine: rabbitmq
379 host: 127.0.0.1
380 port: 5672
381 user: openstack
382 password: pwd
383 virtual_host: '/openstack'
384 local_ip: 192.168.20.20 # br-mesh ip address
385 external_access: False
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]386 dvr: False
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]387 backend:
388 engine: ml2
389 tenant_network_types: "flat,vxlan"
390 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]391 ovs:
392 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]393
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]394Neutron VXLAN tenant networks with Network Nodes with DVR
395---------------------------------------------------------
396
397With DVR for East-West and North-South, DVR everywhere, Network node for SNAT.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]398
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]399This section describes a network solution that utilises VxLAN
400overlay networks with DVR with North-South and East-West. Network
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]401Node is used only for SNAT.
402
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]403Neutron Server
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]404
405.. code-block:: yaml
406
407 neutron:
408 server:
409 version: mitaka
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]410 bind:
411 address: 172.20.0.1
412 port: 9696
413 database:
414 engine: mysql
415 host: 127.0.0.1
416 port: 3306
417 name: neutron
418 user: neutron
419 password: pwd
420 identity:
421 engine: keystone
422 host: 127.0.0.1
423 port: 35357
424 user: neutron
425 password: pwd
426 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]427 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]428 message_queue:
429 engine: rabbitmq
430 host: 127.0.0.1
431 port: 5672
432 user: openstack
433 password: pwd
434 virtual_host: '/openstack'
435 global_physnet_mtu: 9000
436 l3_ha: False
437 dvr: True
438 backend:
439 engine: ml2
440 tenant_network_types= "flat,vxlan"
441 external_mtu: 9000
442 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]443 ovs:
444 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]445
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]446Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]447
448.. code-block:: yaml
449
450 neutron:
451 gateway:
452 enabled: True
453 version: mitaka
454 message_queue:
455 engine: rabbitmq
456 host: 127.0.0.1
457 port: 5672
458 user: openstack
459 password: pwd
460 virtual_host: '/openstack'
461 local_ip: 192.168.20.20 # br-mesh ip address
462 dvr: True
463 agent_mode: dvr_snat
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]464 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]465 metadata:
466 host: 127.0.0.1
467 password: pass
468 backend:
469 engine: ml2
470 tenant_network_types: "flat,vxlan"
471 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]472 ovs:
473 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]474
475Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]476
477.. code-block:: yaml
478
479 neutron:
480 compute:
481 enabled: True
482 version: mitaka
483 message_queue:
484 engine: rabbitmq
485 host: 127.0.0.1
486 port: 5672
487 user: openstack
488 password: pwd
489 virtual_host: '/openstack'
490 local_ip: 192.168.20.20 # br-mesh ip address
491 dvr: True
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]492 external_access: True
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]493 agent_mode: dvr
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]494 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]495 metadata:
496 host: 127.0.0.1
497 password: pass
498 backend:
499 engine: ml2
500 tenant_network_types: "flat,vxlan"
501 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]502 ovs:
503 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]504
505Sample Linux network configuration for DVR
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]506
507.. code-block:: yaml
508
509 linux:
510 network:
511 bridge: openvswitch
512 interface:
513 eth1:
514 enabled: true
515 type: eth
516 mtu: 9000
517 proto: manual
518 eth2:
519 enabled: true
520 type: eth
521 mtu: 9000
522 proto: manual
523 eth3:
524 enabled: true
525 type: eth
526 mtu: 9000
527 proto: manual
528 br-int:
529 enabled: true
530 mtu: 9000
531 type: ovs_bridge
532 br-floating:
533 enabled: true
534 mtu: 9000
535 type: ovs_bridge
536 float-to-ex:
537 enabled: true
538 type: ovs_port
539 mtu: 65000
540 bridge: br-floating
541 br-mgmt:
542 enabled: true
543 type: bridge
544 mtu: 9000
545 address: ${_param:single_address}
546 netmask: 255.255.255.0
547 use_interfaces:
548 - eth1
549 br-mesh:
550 enabled: true
551 type: bridge
552 mtu: 9000
553 address: ${_param:tenant_address}
554 netmask: 255.255.255.0
555 use_interfaces:
556 - eth2
557 br-ex:
558 enabled: true
559 type: bridge
560 mtu: 9000
561 address: ${_param:external_address}
562 netmask: 255.255.255.0
563 use_interfaces:
564 - eth3
565 use_ovs_ports:
566 - float-to-ex
567
Thom Gerdes3282d072017-05-30 22:06:04 +0000[diff] [blame]568Additonal VXLAN tenant network settings
569---------------------------------------
570
571The default multicast group of 224.0.0.1 only multicasts to a single subnet.
572Allow overriding it to allow larger underlay network topologies.
573
574Neutron Server
575
576.. code-block:: yaml
577
578 neutron:
579 server:
580 vxlan:
581 group: 239.0.0.0/8
582 vni_ranges: "2:65535"
583
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]584Neutron VLAN tenant networks with Network Nodes
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]585-----------------------------------------------
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]586
587VLAN tenant provider
588
589Neutron Server only
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]590
591.. code-block:: yaml
592
593 neutron:
594 server:
595 version: mitaka
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]596 ...
597 global_physnet_mtu: 9000
598 l3_ha: False
599 dvr: True
600 backend:
601 engine: ml2
602 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
603 tenant_vlan_range: "1000:2000"
604 external_vlan_range: "100:200" # Does not have to be defined.
605 external_mtu: 9000
606 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]607 ovs:
608 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]609
610Compute node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]611
612.. code-block:: yaml
613
614 neutron:
615 compute:
616 version: mitaka
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]617 ...
618 dvr: True
619 agent_mode: dvr
620 external_access: False
621 backend:
622 engine: ml2
623 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
624 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]625 ovs:
626 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]627
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]628Advanced Neutron Features (DPDK, SR-IOV)
Oleg Bondarev0575ae42017-07-28 16:36:25 +0400[diff] [blame]629----------------------------------------
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]630
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]631Neutron OVS DPDK
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]632
633Enable datapath netdev for neutron openvswitch agent
634
635.. code-block:: yaml
636
637 neutron:
638 server:
639 version: mitaka
640 ...
641 dpdk: True
642 ...
643
644 neutron:
645 compute:
646 version: mitaka
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]647 dpdk: True
648 backend:
649 engine: ml2
650 ...
651 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]652 ovs:
653 driver: openvswitch
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]654
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]655Neutron OVS SR-IOV
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]656
657.. code-block:: yaml
658
659 neutron:
660 server:
661 version: mitaka
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]662 backend:
663 engine: ml2
664 ...
665 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]666 ovs:
667 driver: openvswitch
668 sriov:
669 driver: sriovnicswitch
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]670
671 neutron:
672 compute:
673 version: mitaka
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]674 ...
675 backend:
676 engine: ml2
677 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
678 sriov:
679 nic_one:
680 devname: eth1
681 physical_network: physnet3
682 mechanism:
Elena Ezhovad6a080c2017-10-09 15:25:16 +0400[diff] [blame]683 ovs:
684 driver: openvswitch
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]685
Ilya Chukhnakovf4c2bb32017-06-08 02:03:15 +0300[diff] [blame]686Neutron with VLAN-aware-VMs
Oleg Bondarev0575ae42017-07-28 16:36:25 +0400[diff] [blame]687---------------------------
Ilya Chukhnakovf4c2bb32017-06-08 02:03:15 +0300[diff] [blame]688
689.. code-block:: yaml
690
691 neutron:
692 server:
693 vlan_aware_vms: true
694 ....
695 compute:
696 vlan_aware_vms: true
697 ....
698 gateway:
699 vlan_aware_vms: true
700
Oleg Bondarev0575ae42017-07-28 16:36:25 +0400[diff] [blame]701Neutron with OVN
702----------------
703
704Control node:
705
706.. code-block:: yaml
707
708 neutron:
709 server:
710 backend:
711 engine: ovn
712 mechanism:
713 ovn:
714 driver: ovn
715 tenant_network_types: "geneve,flat"
716
717Compute node:
718
719.. code-block:: yaml
720
721 neutron:
722 compute:
723 local_ip: 10.2.0.105
724 controller_vip: 10.1.0.101
725 external_access: false
726 backend:
727 engine: ovn
728
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]729Neutron Server
730--------------
731
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]732Neutron Server with OpenContrail
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]733
734.. code-block:: yaml
735
736 neutron:
737 server:
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]738 backend:
739 engine: contrail
740 host: contrail_discovery_host
741 port: 8082
742 user: admin
743 password: password
744 tenant: admin
745 token: token
746
747Neutron Server with Midonet
748
749.. code-block:: yaml
750
751 neutron:
752 server:
753 backend:
754 engine: midonet
755 host: midonet_api_host
756 port: 8181
757 user: admin
758 password: password
759
Jakub Pavlik6dd5c0a2016-03-09 14:18:15 +0100[diff] [blame]760Neutron Keystone region
761
762.. code-block:: yaml
763
764 neutron:
765 server:
766 enabled: true
767 version: kilo
768 ...
769 identity:
770 region: RegionTwo
771 ...
772 compute:
773 region: RegionTwo
774 ...
775
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]776Client-side RabbitMQ HA setup
777
778.. code-block:: yaml
779
780 neutron:
781 server:
782 ....
783 message_queue:
784 engine: rabbitmq
785 members:
786 - host: 10.0.16.1
787 - host: 10.0.16.2
788 - host: 10.0.16.3
789 user: openstack
790 password: pwd
791 virtual_host: '/openstack'
792 ....
793
Kirill Bespalov8fffe022017-08-03 17:55:02 +0300[diff] [blame]794Client-side RabbitMQ TLS configuration:
795
796|
797
798To enable TLS for oslo.messaging you need to provide the CA certificate.
799
800By default system-wide CA certs are used. Nothing should be specified except `ssl.enabled`.
801
802.. code-block:: yaml
803
804 neutron:
805 server, gateway, compute:
806 ....
807 message_queue:
808 ssl:
809 enabled: True
810
811
812
813Use `cacert_file` option to specify the CA-cert file path explicitly:
814
815.. code-block:: yaml
816
817 neutron:
818 server, gateway, compute:
819 ....
820 message_queue:
821 ssl:
822 enabled: True
823 cacert_file: /etc/ssl/rabbitmq-ca.pem
824
825To manage content of the `cacert_file` use the `cacert` option:
826
827.. code-block:: yaml
828
829 neutron:
830 server, gateway, compute:
831 ....
832 message_queue:
833 ssl:
834 enabled: True
835 cacert: |
836
837 -----BEGIN CERTIFICATE-----
838 ...
839 -----END CERTIFICATE-------
840
841 cacert_file: /etc/openstack/rabbitmq-ca.pem
842
843
844Notice:
845 * The `message_queue.port` is set to **5671** (AMQPS) by default if `ssl.enabled=True`.
846 * Use `message_queue.ssl.version` if you need to specify protocol version. By default is TLSv1 for python < 2.7.9 and TLSv1_2 for version above.
847
848
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]849Enable auditing filter, ie: CADF
850
851.. code-block:: yaml
852
853 neutron:
854 server:
855 audit:
856 enabled: true
857 ....
858 filter_factory: 'keystonemiddleware.audit:filter_factory'
859 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
860 ....
861 compute:
862 audit:
863 enabled: true
864 ....
865 filter_factory: 'keystonemiddleware.audit:filter_factory'
866 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
867 ....
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]868
Oleg Bondarev98870a32017-05-29 16:53:19 +0400[diff] [blame]869Neutron with security groups disabled
870
871.. code-block:: yaml
872
873 neutron:
874 server:
875 security_groups_enabled: False
876 ....
877 compute:
878 security_groups_enabled: False
879 ....
880 gateway:
881 security_groups_enabled: False
882
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]883
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]884Neutron Client
885--------------
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]886
887Neutron networks
888
889.. code-block:: yaml
890
891 neutron:
892 client:
893 enabled: true
894 server:
895 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]896 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]897 network:
898 inet1:
899 tenant: demo
900 shared: False
901 admin_state_up: True
902 router_external: True
903 provider_physical_network: inet
904 provider_network_type: flat
905 provider_segmentation_id: 2
906 subnet:
907 inet1-subnet1:
908 cidr: 192.168.90.0/24
909 enable_dhcp: False
910 inet2:
911 tenant: admin
912 shared: False
913 router_external: True
914 provider_network_type: "vlan"
915 subnet:
916 inet2-subnet1:
917 cidr: 192.168.92.0/24
918 enable_dhcp: False
919 inet2-subnet2:
920 cidr: 192.168.94.0/24
921 enable_dhcp: True
922 identity1:
923 network:
924 ...
925
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]926Neutron routers
927
928.. code-block:: yaml
929
930 neutron:
931 client:
932 enabled: true
933 server:
934 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]935 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]936 router:
937 inet1-router:
938 tenant: demo
939 admin_state_up: True
940 gateway_network: inet
941 interfaces:
942 - inet1-subnet1
943 - inet1-subnet2
944 identity1:
945 router:
946 ...
947
948 TODO: implement adding new interfaces to a router while updating it
949
950
951Neutron security groups
952
953.. code-block:: yaml
954
955 neutron:
956 client:
957 enabled: true
958 server:
959 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]960 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]961 security_group:
962 security_group1:
963 tenant: demo
964 description: security group 1
965 rules:
966 - direction: ingress
967 ethertype: IPv4
968 protocol: TCP
969 port_range_min: 1
970 port_range_max: 65535
971 remote_ip_prefix: 0.0.0.0/0
972 - direction: ingress
973 ethertype: IPv4
974 protocol: UDP
975 port_range_min: 1
976 port_range_max: 65535
977 remote_ip_prefix: 0.0.0.0/0
978 - direction: ingress
979 protocol: ICMP
980 remote_ip_prefix: 0.0.0.0/0
981 identity1:
982 security_group:
983 ...
984
985 TODO: implement updating existing security rules (now it adds new rule if trying to update existing one)
986
Jiri Broulikde2e2902017-02-13 15:03:47 +0100[diff] [blame]987
988Floating IP addresses
989
990.. code-block:: yaml
991
992 neutron:
993 client:
994 enabled: true
995 server:
996 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]997 endpoint_type: internalURL
Jiri Broulikde2e2902017-02-13 15:03:47 +0100[diff] [blame]998 floating_ip:
999 prx01-instance:
1000 server: prx01.mk22-lab-basic.local
1001 subnet: private-subnet1
1002 network: public-net1
1003 tenant: demo
1004 gtw01-instance:
1005 ...
1006
1007.. note:: The network must have flag router:external set to True.
1008 Instance port in the stated subnet will be associated with the dynamically generated floating IP.
1009
1010
Oleg Iurchenkode71cc22017-09-18 17:58:56 +0300[diff] [blame]1011
1012Enable Neutron extensions (QoS, DNS, etc.)
1013------------------------------------------
1014.. code-block:: yaml
1015
1016 neutron:
1017 server:
1018 backend:
1019 extension:
Oleg Iurchenkoac17f4f2017-10-06 11:24:27 +0300[diff] [blame]1020 dns:
1021 enabled: True
1022 host: 127.0.0.1
1023 port: 9001
1024 protocol: http
1025 ....
1026 qos
1027 enabled: True
Oleg Iurchenkode71cc22017-09-18 17:58:56 +0300[diff] [blame]1028
1029
Oleg Iurchenko8cf6cf52017-09-18 15:44:03 +0300[diff] [blame]1030
1031Neutron with Designate
1032-----------------------------------------
1033.. code-block:: yaml
1034
1035 neutron:
1036 server:
1037 backend:
1038 extension:
1039 dns:
1040 enabled: True
1041 host: 127.0.0.1
1042 port: 9001
1043 protocol: http
1044
1045
1046
Filip Pytloun20c0a442017-02-02 13:05:13 +0100[diff] [blame]1047Documentation and Bugs
1048======================
1049
1050To learn how to install and update salt-formulas, consult the documentation
1051available online at:
1052
1053 http://salt-formulas.readthedocs.io/
1054
1055In the unfortunate event that bugs are discovered, they should be reported to
1056the appropriate issue tracker. Use Github issue tracker for specific salt
1057formula:
1058
1059 https://github.com/salt-formulas/salt-formula-neutron/issues
1060
1061For feature requests, bug reports or blueprints affecting entire ecosystem,
1062use Launchpad salt-formulas project:
1063
1064 https://launchpad.net/salt-formulas
1065
1066You can also join salt-formulas-users team and subscribe to mailing list:
1067
1068 https://launchpad.net/~salt-formulas-users
1069
1070Developers wishing to work on the salt-formulas projects should always base
1071their work on master branch and submit pull request against specific formula.
1072
1073 https://github.com/salt-formulas/salt-formula-neutron
1074
1075Any questions or feedback is always welcome so feel free to join our IRC
1076channel:
1077
1078 #salt-formulas @ irc.freenode.net