Blame - README.rst - salt-formulas/neutron

blob: 210b7ef511e0f6d2546291b5afe74aa4aaea7945 [file] [log] [blame]

OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1	=====
				2	Usage
				3	=====
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	4
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	5	Neutron is an OpenStack project to provide networking as a service between
Jakub Pavlik	9ecf026	2016-05-20 11:20:58 +0200	[diff] [blame]	6	interface devices (e.g., vNICs) managed by other Openstack services (e.g.,
				7	nova).
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	8
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	9	Starting with the Folsom release, Neutron is a core and supported part of the
				10	OpenStack platform (for Essex, we were an incubated project, which means use
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	11	is suggested only for those who really know what they're doing with Neutron).
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	12
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	13	Sample Pillars
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	14	==============
				15
				16	Neutron Server on the controller node
				17
				18	.. code-block:: yaml
				19
				20	neutron:
				21	server:
				22	enabled: true
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	23	version: mitaka
Swann Croiset	9407daf	2017-02-02 15:27:56 +0100	[diff] [blame]	24	allow_pagination: true
				25	pagination_max_limit: 100
Mykyta Karpin	253406d	2017-12-08 17:01:37 +0200	[diff] [blame]	26	api_workers: 2
				27	rpc_workers: 2
				28	rpc_state_report_workers: 2
Michael Polenchuk	1ff8865	2018-03-06 16:15:57 +0400	[diff] [blame]	29	root_helper_daemon: false
Michael Polenchuk	2151b27	2018-06-19 18:32:31 +0400	[diff] [blame]	30	dhcp_lease_duration: 600
Michael Polenchuk	cece76d	2018-06-21 14:56:17 +0400	[diff] [blame]	31	firewall_driver: iptables_hybrid
Oleg Bondarev	bc2dfee	2018-10-17 18:41:51 +0400	[diff] [blame]	32	agent_boot_time: 180
William Konitzer	81a8998	2019-01-07 12:49:15 -0600	[diff] [blame]	33	agent_down_time: 30
				34	dhcp_agents_per_network: 2
				35	allow_automatic_dhcp_failover: true
Dzmitry Stremkouski	b6dd371	2019-10-21 20:56:55 +0200	[diff] [blame]	36	host: myhostname.example.com
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	37	bind:
				38	address: 172.20.0.1
				39	port: 9696
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	40	database:
				41	engine: mysql
				42	host: 127.0.0.1
				43	port: 3306
				44	name: neutron
				45	user: neutron
				46	password: pwd
				47	identity:
				48	engine: keystone
				49	host: 127.0.0.1
				50	port: 35357
				51	user: neutron
				52	password: pwd
				53	tenant: service
Dennis Dmitriev	3711472	2017-03-06 16:52:26 +0200	[diff] [blame]	54	endpoint_type: internal
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	55	message_queue:
				56	engine: rabbitmq
				57	host: 127.0.0.1
				58	port: 5672
				59	user: openstack
				60	password: pwd
				61	virtual_host: '/openstack'
William Konitzer	81a8998	2019-01-07 12:49:15 -0600	[diff] [blame]	62	rpc_conn_pool_size: 30
				63	rpc_thread_pool_size: 100
				64	rpc_response_timeout: 120
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	65	metadata:
				66	host: 127.0.0.1
				67	port: 8775
Dzmitry Stremkouski	ea47018	2018-10-24 15:33:35 +0200	[diff] [blame]	68	insecure: true
				69	proto: https
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	70	password: pass
Mykyta Karpin	253406d	2017-12-08 17:01:37 +0200	[diff] [blame]	71	workers: 2
Petr Michalec	61f7ab2	2016-11-29 16:29:09 +0100	[diff] [blame]	72	audit:
				73	enabled: false
Filip Pytloun	cd028e4	2015-10-06 16:28:32 +0200	[diff] [blame]	74
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	75	.. note:: The pagination is useful to retrieve a large bunch of resources,
				76	because a single request may fail (timeout). This is enabled with both
				77	parameters allow_pagination and pagination_max_limit as shown above.
Swann Croiset	9407daf	2017-02-02 15:27:56 +0100	[diff] [blame]	78
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	79	Configuration of policy.json file:
Dmitry Ukov	596ddcf	2017-05-04 18:16:16 +0400	[diff] [blame]	80
				81	.. code-block:: yaml
				82
				83	neutron:
				84	server:
				85	....
				86	policy:
				87	create_subnet: 'rule:admin_or_network_owner'
				88	'get_network:queue_id': 'rule:admin_only'
				89	# Add key without value to remove line from policy.json
				90	'create_network:shared':
				91
Elena Ezhova	cd67cfe	2017-06-16 23:35:07 +0400	[diff] [blame]	92	Neutron LBaaSv2 enablement
				93	--------------------------
Ondrej Smola	314eee2	2017-03-08 21:21:16 +0100	[diff] [blame]	94
				95	.. code-block:: yaml
				96
				97	neutron:
				98	server:
				99	lbaas:
				100	enabled: true
				101	providers:
Elena Ezhova	cd67cfe	2017-06-16 23:35:07 +0400	[diff] [blame]	102	octavia:
				103	engine: octavia
				104	driver_path: 'neutron_lbaas.drivers.octavia.driver.OctaviaDriver'
				105	base_url: 'http://127.0.0.1:9876'
Ondrej Smola	314eee2	2017-03-08 21:21:16 +0100	[diff] [blame]	106	avi_adc:
Ondrej Smola	314eee2	2017-03-08 21:21:16 +0100	[diff] [blame]	107	engine: avinetworks
Elena Ezhova	cd67cfe	2017-06-16 23:35:07 +0400	[diff] [blame]	108	driver_path: 'avi_lbaasv2.avi_driver.AviDriver'
Ondrej Smola	314eee2	2017-03-08 21:21:16 +0100	[diff] [blame]	109	controller_address: 10.182.129.239
				110	controller_user: admin
				111	controller_password: Cloudlab2016
				112	controller_cloud_name: Default-Cloud
				113	avi_adc2:
				114	engine: avinetworks
				115	...
				116
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	117	.. note:: If the Contrail backend is set, Opencontrail loadbalancer
				118	would be enabled automatically. In this case lbaas should disabled
				119	in pillar:
Ondrej Smola	314eee2	2017-03-08 21:21:16 +0100	[diff] [blame]	120
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	121	.. code-block:: yaml
Ondrej Smola	314eee2	2017-03-08 21:21:16 +0100	[diff] [blame]	122
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	123	neutron:
				124	server:
				125	lbaas:
				126	enabled: false
Elena Ezhova	166d401	2017-08-17 12:53:52 +0400	[diff] [blame]	127
				128	Neutron FWaaSv1 enablement
				129	--------------------------
				130
				131	.. code-block:: yaml
				132
				133	neutron:
				134	fwaas:
				135	enabled: true
				136	version: ocata
				137	api_version: v1
				138
				139
Ondrej Smola	12ff819	2017-04-28 12:39:11 +0200	[diff] [blame]	140	Enable CORS parameters
Elena Ezhova	166d401	2017-08-17 12:53:52 +0400	[diff] [blame]	141	----------------------
Ondrej Smola	12ff819	2017-04-28 12:39:11 +0200	[diff] [blame]	142
				143	.. code-block:: yaml
				144
				145	neutron:
				146	server:
				147	cors:
				148	allowed_origin: https:localhost.local,http:localhost.local
				149	expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
				150	allow_methods: GET,PUT,POST,DELETE,PATCH
				151	allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
				152	allow_credentials: True
				153	max_age: 86400
				154
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	155	Neutron VXLAN tenant networks with Network nodes
				156	------------------------------------------------
Swann Croiset	9407daf	2017-02-02 15:27:56 +0100	[diff] [blame]	157
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	158	With DVR for East-West and Network node for North-South.
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	159
				160	This use case describes a model utilising VxLAN overlay with DVR. The DVR
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	161	routers will only be utilized for traffic that is router within the cloud
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	162	infrastructure and that remains encapsulated. External traffic will be
				163	routed to via the network nodes.
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	164
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	165	The intention is that each tenant will require at least two (2) vrouters
				166	one to be utilised
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	167
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	168	Neutron Server:
marco	a4428a3	2016-06-10 11:50:16 +0200	[diff] [blame]	169
				170	.. code-block:: yaml
				171
				172	neutron:
				173	server:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	174	version: mitaka
Dmitry Stremkouski	3c1be3e	2017-11-18 11:04:20 +0300	[diff] [blame]	175	path_mtu: 1500
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	176	bind:
				177	address: 172.20.0.1
				178	port: 9696
				179	database:
				180	engine: mysql
				181	host: 127.0.0.1
				182	port: 3306
				183	name: neutron
				184	user: neutron
				185	password: pwd
				186	identity:
				187	engine: keystone
				188	host: 127.0.0.1
				189	port: 35357
				190	user: neutron
				191	password: pwd
				192	tenant: service
Dennis Dmitriev	3711472	2017-03-06 16:52:26 +0200	[diff] [blame]	193	endpoint_type: internal
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	194	message_queue:
				195	engine: rabbitmq
				196	host: 127.0.0.1
				197	port: 5672
				198	user: openstack
				199	password: pwd
				200	virtual_host: '/openstack'
				201	global_physnet_mtu: 9000
				202	l3_ha: False # Which type of router will be created by default
				203	dvr: True # disabled for non DVR use case
				204	backend:
				205	engine: ml2
				206	tenant_network_types: "flat,vxlan"
				207	external_mtu: 9000
				208	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	209	ovs:
				210	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	211
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	212	Network Node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	213
				214	.. code-block:: yaml
				215
				216	neutron:
				217	gateway:
				218	enabled: True
				219	version: mitaka
William Konitzer	81a8998	2019-01-07 12:49:15 -0600	[diff] [blame]	220	report_interval: 10
Michael Polenchuk	2151b27	2018-06-19 18:32:31 +0400	[diff] [blame]	221	dhcp_lease_duration: 600
Michael Polenchuk	cece76d	2018-06-21 14:56:17 +0400	[diff] [blame]	222	firewall_driver: iptables_hybrid
Dzmitry Stremkouski	b6dd371	2019-10-21 20:56:55 +0200	[diff] [blame]	223	host: gtw01.example.com
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	224	message_queue:
				225	engine: rabbitmq
				226	host: 127.0.0.1
				227	port: 5672
				228	user: openstack
				229	password: pwd
				230	virtual_host: '/openstack'
William Konitzer	81a8998	2019-01-07 12:49:15 -0600	[diff] [blame]	231	rpc_conn_pool_size: 300
				232	rpc_thread_pool_size: 2048
				233	rpc_response_timeout: 3600
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	234	local_ip: 192.168.20.20 # br-mesh ip address
				235	dvr: True # disabled for non DVR use case
				236	agent_mode: dvr_snat
				237	metadata:
				238	host: 127.0.0.1
				239	password: pass
				240	backend:
				241	engine: ml2
				242	tenant_network_types: "flat,vxlan"
				243	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	244	ovs:
				245	driver: openvswitch
Vasyl Saienko	4bd2d92	2018-07-27 09:56:38 +0000	[diff] [blame]	246	agents:
				247	dhcp:
				248	ovs_use_veth: False
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	249
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	250	Compute Node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	251
				252	.. code-block:: yaml
				253
				254	neutron:
				255	compute:
				256	enabled: True
				257	version: mitaka
Dzmitry Stremkouski	b6dd371	2019-10-21 20:56:55 +0200	[diff] [blame]	258	host: cmp001.example.com
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	259	message_queue:
				260	engine: rabbitmq
				261	host: 127.0.0.1
				262	port: 5672
				263	user: openstack
				264	password: pwd
				265	virtual_host: '/openstack'
William Konitzer	81a8998	2019-01-07 12:49:15 -0600	[diff] [blame]	266	rpc_conn_pool_size: 300
				267	rpc_thread_pool_size: 2048
				268	rpc_response_timeout: 3600
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	269	local_ip: 192.168.20.20 # br-mesh ip address
				270	dvr: True # disabled for non DVR use case
				271	agent_mode: dvr
William Konitzer	81a8998	2019-01-07 12:49:15 -0600	[diff] [blame]	272	report_interval: 10
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	273	external_access: false # Compute node with DVR for east-west only, Network Node has True as default
				274	metadata:
				275	host: 127.0.0.1
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	276	password: pass
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	277	backend:
				278	engine: ml2
				279	tenant_network_types: "flat,vxlan"
				280	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	281	ovs:
				282	driver: openvswitch
Petr Michalec	61f7ab2	2016-11-29 16:29:09 +0100	[diff] [blame]	283	audit:
				284	enabled: false
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	285
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	286
Dzmitry Stremkouski	d5e89e5	2018-09-25 10:01:54 +0200	[diff] [blame]	287	Setting mac base address
				288	------------------------
				289
				290	By default neutron uses fa:16:3f:00:00:00 basement for mac generator.
				291	One can set it's own mac base both for dvr and nondvr cases.
				292
				293	NOTE: dvr_base_mac and base_mac SHOULD differ.
				294
				295	.. code-block:: yaml
				296
				297	neutron:
				298	server:
				299	base_mac: fa:16:3f:00:00:00
				300	dvr_base_mac: fa:16:3f:a0:00:00
				301
				302	gateways:
				303
				304	.. code-block:: yaml
				305
				306	neutron:
				307	gateway:
				308	base_mac: fa:16:3f:00:00:00
				309	dvr_base_mac: fa:16:3f:a0:00:00
				310
				311	compute nodes:
				312
				313	.. code-block:: yaml
				314
				315	neutron:
				316	compute:
				317	base_mac: fa:16:3f:00:00:00
				318	dvr_base_mac: fa:16:3f:a0:00:00
				319
				320
Dmitry Stremkouski	a3a4ab4	2017-10-23 17:37:12 +0300	[diff] [blame]	321	Disable physnet1 bridge
				322	-----------------------
				323
				324	By default we have external access turned on, so among any physnets in
				325	your reclass there would be additional one: physnet1, which is mapped to
				326	br-floating
				327
				328	If you need internal nets only without this bridge, remove br-floating
				329	and configurations mappings. Disable mappings for this bridge on
				330	neutron-servers:
				331
				332	.. code-block:: yaml
				333
				334	neutron:
				335	server:
				336	external_access: false
				337
				338	gateways:
				339
				340	.. code-block:: yaml
				341
				342	neutron:
				343	gateway:
				344	external_access: false
				345
				346	compute nodes:
				347
				348	.. code-block:: yaml
				349
				350	neutron:
				351	compute:
				352	external_access: false
				353
				354
Marcin Iwinski	c50137a	2018-01-22 14:18:24 +0100	[diff] [blame]	355	Add additional bridge mappings for OVS bridges
				356	----------------------------------------------
				357
				358	By default we have external access turned on, so among any physnets in
				359	your reclass there would be additional one: physnet1, which is mapped to
				360	br-floating
				361
				362	If you need to add extra non-default bridge mappings they can be defined
				363	separately for both gateways and compute nodes:
				364
				365	gateways:
				366
				367	.. code-block:: yaml
				368
				369	neutron:
				370	gateway:
				371	bridge_mappings:
				372	physnet4: br-floating-internet
				373
				374	compute nodes:
				375
				376	.. code-block:: yaml
				377
				378	neutron:
				379	compute:
				380	bridge_mappings:
				381	physnet4: br-floating-internet
				382
				383
Dmitry Stremkouski	4b41022	2017-11-18 11:29:55 +0300	[diff] [blame]	384	Specify different mtu values for different physnets
				385	---------------------------------------------------
				386
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	387	Neutron Server:
Dmitry Stremkouski	4b41022	2017-11-18 11:29:55 +0300	[diff] [blame]	388
				389	.. code-block:: yaml
				390
				391	neutron:
				392	server:
				393	version: mitaka
				394	backend:
				395	external_mtu: 1500
				396	tenant_net_mtu: 9000
				397	ironic_net_mtu: 9000
				398
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	399	Neutron VXLAN tenant networks with Network Nodes (non DVR)
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	400	----------------------------------------------------------
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	401
				402	This section describes a network solution that utilises VxLAN overlay
				403	networks without DVR with all routers being managed on the network nodes.
				404
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	405	Neutron Server:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	406
				407	.. code-block:: yaml
				408
				409	neutron:
				410	server:
				411	version: mitaka
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	412	bind:
				413	address: 172.20.0.1
				414	port: 9696
				415	database:
				416	engine: mysql
				417	host: 127.0.0.1
				418	port: 3306
				419	name: neutron
				420	user: neutron
				421	password: pwd
				422	identity:
				423	engine: keystone
				424	host: 127.0.0.1
				425	port: 35357
				426	user: neutron
				427	password: pwd
				428	tenant: service
Dennis Dmitriev	3711472	2017-03-06 16:52:26 +0200	[diff] [blame]	429	endpoint_type: internal
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	430	message_queue:
				431	engine: rabbitmq
				432	host: 127.0.0.1
				433	port: 5672
				434	user: openstack
				435	password: pwd
				436	virtual_host: '/openstack'
				437	global_physnet_mtu: 9000
				438	l3_ha: True
				439	dvr: False
				440	backend:
				441	engine: ml2
				442	tenant_network_types= "flat,vxlan"
				443	external_mtu: 9000
				444	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	445	ovs:
				446	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	447
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	448	Network Node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	449
				450	.. code-block:: yaml
				451
				452	neutron:
				453	gateway:
				454	enabled: True
				455	version: mitaka
				456	message_queue:
				457	engine: rabbitmq
				458	host: 127.0.0.1
				459	port: 5672
				460	user: openstack
				461	password: pwd
				462	virtual_host: '/openstack'
				463	local_ip: 192.168.20.20 # br-mesh ip address
				464	dvr: False
				465	agent_mode: legacy
Simon Pasquier	c03af11	2017-04-10 10:35:14 +0200	[diff] [blame]	466	availability_zone: az1
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	467	metadata:
				468	host: 127.0.0.1
				469	password: pass
				470	backend:
				471	engine: ml2
				472	tenant_network_types: "flat,vxlan"
				473	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	474	ovs:
				475	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	476
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	477	Compute Node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	478
				479	.. code-block:: yaml
				480
				481	neutron:
				482	compute:
				483	enabled: True
				484	version: mitaka
				485	message_queue:
				486	engine: rabbitmq
				487	host: 127.0.0.1
				488	port: 5672
				489	user: openstack
				490	password: pwd
				491	virtual_host: '/openstack'
				492	local_ip: 192.168.20.20 # br-mesh ip address
				493	external_access: False
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	494	dvr: False
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	495	backend:
				496	engine: ml2
				497	tenant_network_types: "flat,vxlan"
				498	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	499	ovs:
				500	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	501
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	502	Neutron VXLAN tenant networks with Network Nodes with DVR
				503	---------------------------------------------------------
				504
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	505	With DVR for East-West and North-South, DVR everywhere, Network
				506	node for SNAT.
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	507
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	508	This section describes a network solution that utilises VxLAN
				509	overlay networks with DVR with North-South and East-West. Network
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	510	Node is used only for SNAT.
				511
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	512	Neutron Server:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	513
				514	.. code-block:: yaml
				515
				516	neutron:
				517	server:
				518	version: mitaka
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	519	bind:
				520	address: 172.20.0.1
				521	port: 9696
				522	database:
				523	engine: mysql
				524	host: 127.0.0.1
				525	port: 3306
				526	name: neutron
				527	user: neutron
				528	password: pwd
				529	identity:
				530	engine: keystone
				531	host: 127.0.0.1
				532	port: 35357
				533	user: neutron
				534	password: pwd
				535	tenant: service
Dennis Dmitriev	3711472	2017-03-06 16:52:26 +0200	[diff] [blame]	536	endpoint_type: internal
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	537	message_queue:
				538	engine: rabbitmq
				539	host: 127.0.0.1
				540	port: 5672
				541	user: openstack
				542	password: pwd
				543	virtual_host: '/openstack'
				544	global_physnet_mtu: 9000
				545	l3_ha: False
				546	dvr: True
				547	backend:
				548	engine: ml2
				549	tenant_network_types= "flat,vxlan"
				550	external_mtu: 9000
				551	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	552	ovs:
				553	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	554
Vasyl Saienko	0b2451b	2018-12-16 19:38:38 +0000	[diff] [blame]	555	Configuring networking-generic-switch ml2 plugin used for
				556	baremetal integration:
				557
				558	.. code-block:: yaml
				559
				560	neutron:
				561	server:
				562	backend:
				563	mechanism:
				564	ngs:
				565	driver: genericswitch
				566	n_g_s:
				567	enabled: true
				568	coordination:
				569	enabled: true
				570	backend_url: "etcd3+http://1.2.3.4:2379"
				571	devices:
				572	s1brbm:
				573	options:
				574	device_type:
				575	value: netmiko_ovs_linux
				576	ip:
				577	value: 1.2.3.4
				578	username:
				579	value: ngs_ovs_manager
				580	password:
				581	value: password
				582
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	583	Network Node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	584
				585	.. code-block:: yaml
				586
				587	neutron:
				588	gateway:
				589	enabled: True
				590	version: mitaka
				591	message_queue:
				592	engine: rabbitmq
				593	host: 127.0.0.1
				594	port: 5672
				595	user: openstack
				596	password: pwd
				597	virtual_host: '/openstack'
				598	local_ip: 192.168.20.20 # br-mesh ip address
				599	dvr: True
				600	agent_mode: dvr_snat
Simon Pasquier	c03af11	2017-04-10 10:35:14 +0200	[diff] [blame]	601	availability_zone: az1
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	602	metadata:
				603	host: 127.0.0.1
				604	password: pass
				605	backend:
				606	engine: ml2
				607	tenant_network_types: "flat,vxlan"
				608	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	609	ovs:
				610	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	611
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	612	Compute Node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	613
				614	.. code-block:: yaml
				615
				616	neutron:
				617	compute:
				618	enabled: True
				619	version: mitaka
				620	message_queue:
				621	engine: rabbitmq
				622	host: 127.0.0.1
				623	port: 5672
				624	user: openstack
				625	password: pwd
				626	virtual_host: '/openstack'
				627	local_ip: 192.168.20.20 # br-mesh ip address
				628	dvr: True
Vasyl Saienko	2fffc84	2017-06-14 10:35:26 +0300	[diff] [blame]	629	external_access: True
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	630	agent_mode: dvr
Simon Pasquier	c03af11	2017-04-10 10:35:14 +0200	[diff] [blame]	631	availability_zone: az1
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	632	metadata:
				633	host: 127.0.0.1
				634	password: pass
				635	backend:
				636	engine: ml2
				637	tenant_network_types: "flat,vxlan"
				638	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	639	ovs:
				640	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	641
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	642	Sample Linux network configuration for DVR:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	643
				644	.. code-block:: yaml
				645
				646	linux:
				647	network:
				648	bridge: openvswitch
				649	interface:
				650	eth1:
				651	enabled: true
				652	type: eth
				653	mtu: 9000
				654	proto: manual
				655	eth2:
				656	enabled: true
				657	type: eth
				658	mtu: 9000
				659	proto: manual
				660	eth3:
				661	enabled: true
				662	type: eth
				663	mtu: 9000
				664	proto: manual
				665	br-int:
				666	enabled: true
				667	mtu: 9000
				668	type: ovs_bridge
				669	br-floating:
				670	enabled: true
				671	mtu: 9000
				672	type: ovs_bridge
				673	float-to-ex:
				674	enabled: true
				675	type: ovs_port
				676	mtu: 65000
				677	bridge: br-floating
				678	br-mgmt:
				679	enabled: true
				680	type: bridge
				681	mtu: 9000
				682	address: ${_param:single_address}
				683	netmask: 255.255.255.0
				684	use_interfaces:
				685	- eth1
				686	br-mesh:
				687	enabled: true
				688	type: bridge
				689	mtu: 9000
				690	address: ${_param:tenant_address}
				691	netmask: 255.255.255.0
				692	use_interfaces:
				693	- eth2
				694	br-ex:
				695	enabled: true
				696	type: bridge
				697	mtu: 9000
				698	address: ${_param:external_address}
				699	netmask: 255.255.255.0
				700	use_interfaces:
				701	- eth3
				702	use_ovs_ports:
				703	- float-to-ex
				704
Thom Gerdes	3282d07	2017-05-30 22:06:04 +0000	[diff] [blame]	705	Additonal VXLAN tenant network settings
				706	---------------------------------------
				707
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	708	The default multicast group of ``224.0.0.1`` only multicasts
				709	to a single subnet. Allow overriding it to allow larger underlay
				710	network topologies.
Thom Gerdes	3282d07	2017-05-30 22:06:04 +0000	[diff] [blame]	711
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	712	Neutron Server:
Thom Gerdes	3282d07	2017-05-30 22:06:04 +0000	[diff] [blame]	713
				714	.. code-block:: yaml
				715
				716	neutron:
				717	server:
				718	vxlan:
				719	group: 239.0.0.0/8
				720	vni_ranges: "2:65535"
				721
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	722	Neutron VLAN tenant networks with Network Nodes
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	723	-----------------------------------------------
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	724
				725	VLAN tenant provider
				726
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	727	Neutron Server only:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	728
				729	.. code-block:: yaml
				730
				731	neutron:
				732	server:
				733	version: mitaka
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	734	...
				735	global_physnet_mtu: 9000
				736	l3_ha: False
				737	dvr: True
				738	backend:
				739	engine: ml2
				740	tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
				741	tenant_vlan_range: "1000:2000"
				742	external_vlan_range: "100:200" # Does not have to be defined.
				743	external_mtu: 9000
				744	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	745	ovs:
				746	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	747
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	748	Compute node:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	749
				750	.. code-block:: yaml
				751
				752	neutron:
				753	compute:
				754	version: mitaka
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	755	...
				756	dvr: True
				757	agent_mode: dvr
				758	external_access: False
				759	backend:
				760	engine: ml2
				761	tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
				762	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	763	ovs:
				764	driver: openvswitch
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	765
Oleg Bondarev	ddb9af1	2018-07-02 19:07:57 +0400	[diff] [blame]	766	Neutron with explicit physical networks
				767	---------------------------------------
Oleg Bondarev	ada324f	2018-06-04 14:55:38 +0400	[diff] [blame]	768
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	769	Neutron Server only:
Oleg Bondarev	ada324f	2018-06-04 14:55:38 +0400	[diff] [blame]	770
				771	.. code-block:: yaml
				772
				773	neutron:
				774	server:
				775	version: ocata
				776	...
				777	backend:
				778	engine: ml2
				779	tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
				780	...
Oleg Bondarev	ddb9af1	2018-07-02 19:07:57 +0400	[diff] [blame]	781	# also need to configure corresponding bridge_mappings on
Oleg Bondarev	ada324f	2018-06-04 14:55:38 +0400	[diff] [blame]	782	# compute and gateway nodes
Oleg Bondarev	47d9e2d	2018-07-03 13:22:26 +0400	[diff] [blame]	783	flat_networks_default: '' # '' to allow arbitrary names or '' to disable
Oleg Bondarev	ddb9af1	2018-07-02 19:07:57 +0400	[diff] [blame]	784	physnets: # only listed physnets will be configured (overrides physnet1/2/3)
				785	external:
				786	mtu: 1500
Oleg Bondarev	47d9e2d	2018-07-03 13:22:26 +0400	[diff] [blame]	787	types:
				788	- flat # possible values - 'flat' or 'vlan'
Oleg Bondarev	ada324f	2018-06-04 14:55:38 +0400	[diff] [blame]	789	sriov_net:
				790	mtu: 9000 # Optional, defaults to 1500
Oleg Bondarev	ab32411	2018-11-19 17:56:57 +0400	[diff] [blame]	791	vlan_range: '100:200,300:400' # Optional
Oleg Bondarev	47d9e2d	2018-07-03 13:22:26 +0400	[diff] [blame]	792	types:
				793	- vlan
Oleg Bondarev	ada324f	2018-06-04 14:55:38 +0400	[diff] [blame]	794	ext_net2:
				795	mtu: 1500
Oleg Bondarev	47d9e2d	2018-07-03 13:22:26 +0400	[diff] [blame]	796	types:
				797	- flat
				798	- vlan
Oleg Bondarev	ada324f	2018-06-04 14:55:38 +0400	[diff] [blame]	799	mechanism:
				800	ovs:
				801	driver: openvswitch
				802
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	803	Advanced Neutron Features (DPDK, SR-IOV)
Oleg Bondarev	0575ae4	2017-07-28 16:36:25 +0400	[diff] [blame]	804	----------------------------------------
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	805
Jakub Pavlik	8f83ccc	2017-02-27 11:15:39 +0100	[diff] [blame]	806	Neutron OVS DPDK
Jakub Pavlik	8f83ccc	2017-02-27 11:15:39 +0100	[diff] [blame]	807
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	808	Enable datapath netdev for neutron openvswitch agent:
Jakub Pavlik	8f83ccc	2017-02-27 11:15:39 +0100	[diff] [blame]	809
				810	.. code-block:: yaml
				811
				812	neutron:
				813	server:
				814	version: mitaka
				815	...
				816	dpdk: True
				817	...
				818
				819	neutron:
				820	compute:
				821	version: mitaka
Jakub Pavlik	8f83ccc	2017-02-27 11:15:39 +0100	[diff] [blame]	822	dpdk: True
Michael Polenchuk	5291165	2018-04-12 22:09:49 +0400	[diff] [blame]	823	vhost_mode: client # options: client\|server (default)
Oleg Bondarev	ee7e830	2017-10-16 17:20:38 +0400	[diff] [blame]	824	vhost_socket_dir: /var/run/openvswitch
Jakub Pavlik	8f83ccc	2017-02-27 11:15:39 +0100	[diff] [blame]	825	backend:
				826	engine: ml2
				827	...
				828	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	829	ovs:
				830	driver: openvswitch
Jakub Pavlik	8f83ccc	2017-02-27 11:15:39 +0100	[diff] [blame]	831
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	832	Neutron OVS SR-IOV:
Jakub Pavlik	70555cb	2017-02-26 18:48:02 +0100	[diff] [blame]	833
				834	.. code-block:: yaml
				835
				836	neutron:
				837	server:
				838	version: mitaka
Jakub Pavlik	70555cb	2017-02-26 18:48:02 +0100	[diff] [blame]	839	backend:
				840	engine: ml2
				841	...
				842	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	843	ovs:
				844	driver: openvswitch
				845	sriov:
				846	driver: sriovnicswitch
Michael Polenchuk	0bf59a7	2018-06-19 18:06:56 +0400	[diff] [blame]	847	# Driver w/ highest number will be placed ahead in the list (default is 0).
				848	# It's recommended for SR-IOV driver to set an order >0 to get it
				849	# before (for example) the opendaylight one.
				850	order: 9
Jakub Pavlik	70555cb	2017-02-26 18:48:02 +0100	[diff] [blame]	851
				852	neutron:
				853	compute:
				854	version: mitaka
Jakub Pavlik	70555cb	2017-02-26 18:48:02 +0100	[diff] [blame]	855	...
				856	backend:
				857	engine: ml2
				858	tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
				859	sriov:
				860	nic_one:
				861	devname: eth1
				862	physical_network: physnet3
				863	mechanism:
Elena Ezhova	d6a080c	2017-10-09 15:25:16 +0400	[diff] [blame]	864	ovs:
				865	driver: openvswitch
Jakub Pavlik	70555cb	2017-02-26 18:48:02 +0100	[diff] [blame]	866
cdodda	c35c9eb	2018-11-07 23:18:10 -0600	[diff] [blame]	867	Neutron with LinuxBridge Agents
				868	-------------------------------
				869
				870	.. code-block:: yaml
				871
				872	neutron:
				873	server:
				874	firewall_driver: iptables
				875	backend:
				876	mechanism:
				877	lb:
				878	driver: linuxbridge
				879	....
				880	compute:
				881	backend:
				882	mechanism:
				883	lb:
				884	driver: linuxbridge
				885	....
				886	gateway:
				887	backend:
				888	mechanism:
				889	lb:
				890	driver: linuxbridge
				891	agents:
				892	dhcp:
				893	interface_driver: linuxbridge
				894	l3:
				895	interface_driver: linuxbridge
				896
				897
Ilya Chukhnakov	f4c2bb3	2017-06-08 02:03:15 +0300	[diff] [blame]	898	Neutron with VLAN-aware-VMs
Oleg Bondarev	0575ae4	2017-07-28 16:36:25 +0400	[diff] [blame]	899	---------------------------
Ilya Chukhnakov	f4c2bb3	2017-06-08 02:03:15 +0300	[diff] [blame]	900
				901	.. code-block:: yaml
				902
				903	neutron:
				904	server:
				905	vlan_aware_vms: true
				906	....
				907	compute:
				908	vlan_aware_vms: true
				909	....
				910	gateway:
				911	vlan_aware_vms: true
				912
Oleg Bondarev	acb2e53	2018-03-06 10:43:59 +0400	[diff] [blame]	913	Neutron with BGP VPN (BaGPipe driver)
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	914	-------------------------------------
Oleg Bondarev	b63d27f	2018-02-14 19:21:06 +0400	[diff] [blame]	915
				916	.. code-block:: yaml
				917
				918	neutron:
				919	server:
				920	version: pike
				921	bgp_vpn:
Oleg Bondarev	acb2e53	2018-03-06 10:43:59 +0400	[diff] [blame]	922	enabled: true
Michael Polenchuk	0b3c5dd	2018-06-27 12:04:32 +0400	[diff] [blame]	923	driver: bagpipe # Options: bagpipe/opencontrail/opendaylight[_v2]
Oleg Bondarev	b63d27f	2018-02-14 19:21:06 +0400	[diff] [blame]	924	....
				925	compute:
				926	version: pike
				927	bgp_vpn:
Oleg Bondarev	acb2e53	2018-03-06 10:43:59 +0400	[diff] [blame]	928	enabled: true
Michael Polenchuk	0b3c5dd	2018-06-27 12:04:32 +0400	[diff] [blame]	929	driver: bagpipe # Options: bagpipe/opencontrail/opendaylight[_v2]
Oleg Bondarev	acb2e53	2018-03-06 10:43:59 +0400	[diff] [blame]	930	bagpipe:
				931	local_address: 192.168.20.20 # IP address for mpls/gre tunnels
				932	peers: 192.168.20.30 # IP addresses of BGP peers
				933	autonomous_system: 64512 # Autonomous System number
				934	enable_rtc: True # Enable RT Constraint (RFC4684)
Oleg Bondarev	b63d27f	2018-02-14 19:21:06 +0400	[diff] [blame]	935	backend:
Oleg Bondarev	878ac46	2018-04-23 17:48:15 +0400	[diff] [blame]	936	ovs_extension: # for OVS agent only, not supported in SRIOV agent
Oleg Bondarev	b63d27f	2018-02-14 19:21:06 +0400	[diff] [blame]	937	bagpipe_bgpvpn:
				938	enabled: True
				939
Oleksii Chupryn	16cb4e0	2018-02-26 14:20:39 +0200	[diff] [blame]	940	Neutron with DHCP agent on compute node
				941	---------------------------------------
				942
				943	.. code-block:: yaml
				944
				945	neutron:
				946	....
				947	compute:
				948	dhcp_agent_enabled: true
				949	....
				950
Machi Hoshino	0ba8805	2019-05-08 11:44:04 +0900	[diff] [blame]	951	Neutron with DHCP agent disabled on gateway node
				952	------------------------------------------------
				953
				954	.. code-block:: yaml
				955
				956	neutron:
				957	....
				958	gateway:
				959	dhcp_agent_enabled: false
				960	....
				961
Dzmitry Stremkouski	48df2a7	2018-10-12 16:38:11 +0200	[diff] [blame]	962	Neutron with metadata agent on compute node
				963	-------------------------------------------
				964
				965	.. code-block:: yaml
				966
				967	neutron:
				968	....
				969	compute:
				970	metadata_agent_enabled: true
				971	....
				972
Oleg Bondarev	0575ae4	2017-07-28 16:36:25 +0400	[diff] [blame]	973	Neutron with OVN
				974	----------------
				975
				976	Control node:
				977
				978	.. code-block:: yaml
				979
				980	neutron:
				981	server:
				982	backend:
				983	engine: ovn
				984	mechanism:
				985	ovn:
				986	driver: ovn
				987	tenant_network_types: "geneve,flat"
Michael Polenchuk	f59229b	2018-06-19 16:24:49 +0400	[diff] [blame]	988	ovn:
				989	ovn_l3_scheduler: leastloaded # valid options: chance, leastloaded
				990	neutron_sync_mode: repair # valid options: log, off, repair
Michael Polenchuk	58161ef	2018-05-15 18:04:09 +0400	[diff] [blame]	991	metadata_enabled: True
Michael Polenchuk	a3d492b	2017-12-27 15:49:43 +0400	[diff] [blame]	992	ovn_ctl_opts:
				993	db-nb-create-insecure-remote: 'yes'
				994	db-sb-create-insecure-remote: 'yes'
Oleg Bondarev	0575ae4	2017-07-28 16:36:25 +0400	[diff] [blame]	995
				996	Compute node:
				997
				998	.. code-block:: yaml
				999
				1000	neutron:
				1001	compute:
				1002	local_ip: 10.2.0.105
				1003	controller_vip: 10.1.0.101
				1004	external_access: false
				1005	backend:
				1006	engine: ovn
Michael Polenchuk	58161ef	2018-05-15 18:04:09 +0400	[diff] [blame]	1007	ovsdb_connection: tcp:127.0.0.1:6640
Michael Polenchuk	be3cb9a	2019-02-08 17:56:49 +0400	[diff] [blame]	1008	mac_table_size: 16384
Michael Polenchuk	58161ef	2018-05-15 18:04:09 +0400	[diff] [blame]	1009	metadata:
				1010	enabled: true
				1011	ovsdb_server_iface: ptcp:6640:127.0.0.1
				1012	host: 10.1.0.101
				1013	password: unsegreto
				1014
Oleg Bondarev	0575ae4	2017-07-28 16:36:25 +0400	[diff] [blame]	1015
Michael Polenchuk	cccd1a5	2018-02-02 17:41:16 +0400	[diff] [blame]	1016	Neutron L2 Gateway
				1017	----------------
				1018
				1019	Control node:
				1020
				1021	.. code-block:: yaml
				1022
				1023	neutron:
				1024	server:
				1025	version: pike
				1026	l2gw:
				1027	enabled: true
				1028	periodic_monitoring_interval: 5
				1029	quota_l2_gateway: 20
				1030	# service_provider=<service_type>:<name>:<driver>[:default]
				1031	service_provider: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default
				1032	backend:
				1033	engine: ml2
				1034
				1035	Network/Gateway node:
				1036
				1037	.. code-block:: yaml
				1038
				1039	neutron:
				1040	gateway:
				1041	version: pike
				1042	l2gw:
				1043	enabled: true
				1044	debug: true
				1045	socket_timeout: 20
				1046	ovsdb_hosts:
				1047	# <ovsdb_name>: <ip address>:<port>
				1048	# - ovsdb_name: a user defined symbolic identifier of physical switch
				1049	# - ip address: the address or dns name for the OVSDB server (i.e. pointer to the switch)
				1050	ovsdb1: 10.164.5.33:6632
				1051	ovsdb2: 10.164.4.33:6632
				1052
				1053
Michael Polenchuk	87d2b74	2017-06-29 12:05:25 +0400	[diff] [blame]	1054	OpenDaylight integration
				1055	------------------------
				1056
				1057	Control node:
				1058
				1059	.. code-block:: yaml
				1060
				1061	neutron:
				1062	server:
				1063	backend:
				1064	opendaylight: true
				1065	router: odl-router_v2
				1066	host: 10.20.0.77
				1067	rest_api_port: 8282
				1068	user: admin
				1069	password: admin
				1070	ovsdb_connection: tcp:127.0.0.1:6639
Oleksii Chupryn	fed7957	2018-07-20 14:11:35 +0300	[diff] [blame]	1071	ovsdb_interface: native
Michael Polenchuk	87d2b74	2017-06-29 12:05:25 +0400	[diff] [blame]	1072	enable_websocket: true
				1073	enable_dhcp_service: false
				1074	mechanism:
				1075	ovs:
				1076	driver: opendaylight_v2
Michael Polenchuk	0bf59a7	2018-06-19 18:06:56 +0400	[diff] [blame]	1077	order: 1
Michael Polenchuk	87d2b74	2017-06-29 12:05:25 +0400	[diff] [blame]	1078
				1079	Network/Gateway node:
				1080
				1081	.. code-block:: yaml
				1082
				1083	neutron:
				1084	gateway:
				1085	backend:
				1086	router: odl-router_v2
				1087	ovsdb_connection: tcp:127.0.0.1:6639
Oleksii Chupryn	fed7957	2018-07-20 14:11:35 +0300	[diff] [blame]	1088	ovsdb_interface: native
Michael Polenchuk	87d2b74	2017-06-29 12:05:25 +0400	[diff] [blame]	1089	opendaylight:
				1090	ovsdb_server_iface: ptcp:6639:127.0.0.1
				1091	ovsdb_odl_iface: tcp:10.20.0.77:6640
				1092	tunnel_ip: 10.1.0.110
				1093	provider_mappings: physnet1:br-floating
				1094
				1095	Compute node:
				1096
				1097	.. code-block:: yaml
				1098
				1099	neutron:
				1100	compute:
				1101	opendaylight:
				1102	ovsdb_server_iface: ptcp:6639:127.0.0.1
				1103	ovsdb_odl_iface: tcp:10.20.0.77:6640
				1104	tunnel_ip: 10.1.0.105
				1105	provider_mappings: physnet1:br-floating
				1106
				1107
Michael Polenchuk	9cccecc	2018-09-14 14:54:18 +0400	[diff] [blame]	1108	Service Function Chaining Extension (SFC)
				1109	----------------
				1110
				1111	.. code-block:: yaml
				1112
				1113	neutron:
				1114	server:
				1115	sfc:
				1116	enabled: true
				1117	sfc_drivers:
				1118	- ovs # valid options: ovs, odl, ovn (not implemented yet)
				1119	flow_classifier_drivers:
				1120	- ovs # valid options: see above
				1121	....
				1122	compute:
				1123	backend:
				1124	ovs_extension:
				1125	sfc:
				1126	enabled: True
				1127
				1128
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	1129	Neutron Server
				1130	--------------
				1131
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1132	Neutron Server with OpenContrail:
Jiri Broulik	74f6111	2016-11-21 20:23:47 +0100	[diff] [blame]	1133
				1134	.. code-block:: yaml
				1135
				1136	neutron:
				1137	server:
marco	a4428a3	2016-06-10 11:50:16 +0200	[diff] [blame]	1138	backend:
				1139	engine: contrail
				1140	host: contrail_discovery_host
				1141	port: 8082
				1142	user: admin
				1143	password: password
				1144	tenant: admin
				1145	token: token
				1146
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1147	Neutron Server with Midonet:
marco	a4428a3	2016-06-10 11:50:16 +0200	[diff] [blame]	1148
				1149	.. code-block:: yaml
				1150
				1151	neutron:
				1152	server:
				1153	backend:
				1154	engine: midonet
				1155	host: midonet_api_host
				1156	port: 8181
				1157	user: admin
				1158	password: password
				1159
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1160	Neutron Server with NSX:
Vasyl Saienko	4549efe	2018-07-26 16:06:04 +0000	[diff] [blame]	1161
				1162	.. code-block:: yaml
				1163
				1164	neutron:
				1165	server:
				1166	backend:
				1167	engine: vmware
				1168	core_plugin: vmware_nsxv3
				1169	vmware:
				1170	nsx:
				1171	extension_drivers:
				1172	- vmware_nsxv3_dns
				1173	v3:
				1174	api_password: nsx_password
				1175	api_user: nsx_username
				1176	api_managers:
				1177	01:
				1178	scheme: https
				1179	host: 192.168.10.120
				1180	port: '443'
				1181	insecure: true
				1182
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1183	Neutron Keystone region:
Jakub Pavlik	6dd5c0a	2016-03-09 14:18:15 +0100	[diff] [blame]	1184
				1185	.. code-block:: yaml
				1186
				1187	neutron:
				1188	server:
				1189	enabled: true
				1190	version: kilo
				1191	...
				1192	identity:
				1193	region: RegionTwo
				1194	...
				1195	compute:
				1196	region: RegionTwo
				1197	...
				1198
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1199	Client-side RabbitMQ HA setup:
Jiri Konecny	93b1999	2016-04-12 11:15:39 +0200	[diff] [blame]	1200
				1201	.. code-block:: yaml
				1202
				1203	neutron:
				1204	server:
				1205	....
				1206	message_queue:
				1207	engine: rabbitmq
				1208	members:
				1209	- host: 10.0.16.1
				1210	- host: 10.0.16.2
				1211	- host: 10.0.16.3
				1212	user: openstack
				1213	password: pwd
				1214	virtual_host: '/openstack'
				1215	....
				1216
Kirill Bespalov	dd748b6	2017-11-21 10:42:57 +0300	[diff] [blame]	1217	Configuring TLS communications
				1218	------------------------------
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1219
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1220	.. note:: By default, system-wide installed CA certs are used,
				1221	so ``cacert_file`` param is optional, as well as ``cacert``.
Kirill Bespalov	dd748b6	2017-11-21 10:42:57 +0300	[diff] [blame]	1222
				1223	- RabbitMQ TLS
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1224
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1225	.. code-block:: yaml
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1226
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1227	neutron:
				1228	server, gateway, compute:
				1229	message_queue:
				1230	port: 5671
				1231	ssl:
				1232	enabled: True
				1233	(optional) cacert: cert body if the cacert_file does not exists
				1234	(optional) cacert_file: /etc/openstack/rabbitmq-ca.pem
				1235	(optional) version: TLSv1_2
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1236
Kirill Bespalov	dd748b6	2017-11-21 10:42:57 +0300	[diff] [blame]	1237	- MySQL TLS
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1238
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1239	.. code-block:: yaml
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1240
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1241	neutron:
				1242	server:
				1243	database:
				1244	ssl:
				1245	enabled: True
				1246	(optional) cacert: cert body if the cacert_file does not exists
				1247	(optional) cacert_file: /etc/openstack/mysql-ca.pem
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1248
Kirill Bespalov	dd748b6	2017-11-21 10:42:57 +0300	[diff] [blame]	1249	- Openstack HTTPS API
				1250
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1251	.. code-block:: yaml
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1252
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1253	neutron:
				1254	server:
				1255	identity:
				1256	protocol: https
				1257	(optional) cacert_file: /etc/openstack/proxy.pem
Kirill Bespalov	8fffe02	2017-08-03 17:55:02 +0300	[diff] [blame]	1258
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1259	Enable auditing filter, ie: CADF:
Petr Michalec	61f7ab2	2016-11-29 16:29:09 +0100	[diff] [blame]	1260
				1261	.. code-block:: yaml
				1262
				1263	neutron:
				1264	server:
				1265	audit:
				1266	enabled: true
				1267	....
				1268	filter_factory: 'keystonemiddleware.audit:filter_factory'
				1269	map_file: '/etc/pycadf/neutron_api_audit_map.conf'
				1270	....
				1271	compute:
				1272	audit:
				1273	enabled: true
				1274	....
				1275	filter_factory: 'keystonemiddleware.audit:filter_factory'
				1276	map_file: '/etc/pycadf/neutron_api_audit_map.conf'
				1277	....
Jiri Konecny	93b1999	2016-04-12 11:15:39 +0200	[diff] [blame]	1278
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1279	Neutron with security groups disabled:
Oleg Bondarev	98870a3	2017-05-29 16:53:19 +0400	[diff] [blame]	1280
				1281	.. code-block:: yaml
				1282
				1283	neutron:
				1284	server:
				1285	security_groups_enabled: False
				1286	....
				1287	compute:
				1288	security_groups_enabled: False
				1289	....
				1290	gateway:
				1291	security_groups_enabled: False
				1292
Jiri Konecny	93b1999	2016-04-12 11:15:39 +0200	[diff] [blame]	1293
Aleš Komárek	41e8231	2017-04-11 13:37:44 +0200	[diff] [blame]	1294	Neutron Client
				1295	--------------
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1296
Vyacheslav Struk	3f529d4	2019-06-13 13:37:25 +0300	[diff] [blame]	1297	Neutron networks and RBAC:
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1298
				1299	.. code-block:: yaml
				1300
				1301	neutron:
				1302	client:
				1303	enabled: true
				1304	server:
				1305	identity:
Vyacheslav Struk	3f529d4	2019-06-13 13:37:25 +0300	[diff] [blame]	1306	rbac:
				1307	network:
				1308	rule1:
				1309	absent: True
				1310	target_tenant: admin
				1311	action: access_as_shared
				1312	network: public
				1313	rule2:
				1314	absent: False
				1315	target_tenant: service
				1316	action: access_as_external
				1317	network: public
Richard Felkl	aac256a	2017-03-23 15:43:49 +0100	[diff] [blame]	1318	endpoint_type: internalURL
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1319	network:
				1320	inet1:
				1321	tenant: demo
				1322	shared: False
				1323	admin_state_up: True
				1324	router_external: True
				1325	provider_physical_network: inet
				1326	provider_network_type: flat
				1327	provider_segmentation_id: 2
				1328	subnet:
				1329	inet1-subnet1:
				1330	cidr: 192.168.90.0/24
				1331	enable_dhcp: False
				1332	inet2:
				1333	tenant: admin
				1334	shared: False
				1335	router_external: True
				1336	provider_network_type: "vlan"
				1337	subnet:
				1338	inet2-subnet1:
				1339	cidr: 192.168.92.0/24
				1340	enable_dhcp: False
				1341	inet2-subnet2:
				1342	cidr: 192.168.94.0/24
				1343	enable_dhcp: True
				1344	identity1:
				1345	network:
				1346	...
				1347
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1348	Neutron routers:
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1349
				1350	.. code-block:: yaml
				1351
				1352	neutron:
				1353	client:
				1354	enabled: true
				1355	server:
				1356	identity:
Richard Felkl	aac256a	2017-03-23 15:43:49 +0100	[diff] [blame]	1357	endpoint_type: internalURL
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1358	router:
				1359	inet1-router:
				1360	tenant: demo
				1361	admin_state_up: True
				1362	gateway_network: inet
				1363	interfaces:
				1364	- inet1-subnet1
				1365	- inet1-subnet2
				1366	identity1:
				1367	router:
				1368	...
				1369
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1370	.. TODO implement adding new interfaces to a router while updating it
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1371
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1372	Neutron security groups:
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1373
				1374	.. code-block:: yaml
				1375
				1376	neutron:
				1377	client:
				1378	enabled: true
				1379	server:
				1380	identity:
Richard Felkl	aac256a	2017-03-23 15:43:49 +0100	[diff] [blame]	1381	endpoint_type: internalURL
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1382	security_group:
				1383	security_group1:
				1384	tenant: demo
				1385	description: security group 1
				1386	rules:
				1387	- direction: ingress
				1388	ethertype: IPv4
				1389	protocol: TCP
				1390	port_range_min: 1
				1391	port_range_max: 65535
				1392	remote_ip_prefix: 0.0.0.0/0
				1393	- direction: ingress
				1394	ethertype: IPv4
				1395	protocol: UDP
				1396	port_range_min: 1
				1397	port_range_max: 65535
				1398	remote_ip_prefix: 0.0.0.0/0
				1399	- direction: ingress
				1400	protocol: ICMP
				1401	remote_ip_prefix: 0.0.0.0/0
				1402	identity1:
				1403	security_group:
				1404	...
				1405
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1406	.. TODO: implement updating existing security rules (now it adds new rule if
				1407	trying to update existing one)
Jiri Broulik	5368cc5	2017-02-08 18:53:59 +0100	[diff] [blame]	1408
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1409	Floating IP addresses:
Jiri Broulik	de2e290	2017-02-13 15:03:47 +0100	[diff] [blame]	1410
				1411	.. code-block:: yaml
				1412
				1413	neutron:
				1414	client:
				1415	enabled: true
				1416	server:
				1417	identity:
Richard Felkl	aac256a	2017-03-23 15:43:49 +0100	[diff] [blame]	1418	endpoint_type: internalURL
Jiri Broulik	de2e290	2017-02-13 15:03:47 +0100	[diff] [blame]	1419	floating_ip:
				1420	prx01-instance:
				1421	server: prx01.mk22-lab-basic.local
				1422	subnet: private-subnet1
				1423	network: public-net1
				1424	tenant: demo
				1425	gtw01-instance:
				1426	...
				1427
				1428	.. note:: The network must have flag router:external set to True.
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1429	Instance port in the stated subnet will be associated
				1430	with the dynamically generated floating IP.
Oleg Iurchenko	de71cc2	2017-09-18 17:58:56 +0300	[diff] [blame]	1431
				1432	Enable Neutron extensions (QoS, DNS, etc.)
				1433	------------------------------------------
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1434
Oleg Iurchenko	de71cc2	2017-09-18 17:58:56 +0300	[diff] [blame]	1435	.. code-block:: yaml
				1436
				1437	neutron:
				1438	server:
				1439	backend:
				1440	extension:
Oleg Iurchenko	ac17f4f	2017-10-06 11:24:27 +0300	[diff] [blame]	1441	dns:
				1442	enabled: True
				1443	host: 127.0.0.1
				1444	port: 9001
				1445	protocol: http
				1446	....
				1447	qos
				1448	enabled: True
Oleg Iurchenko	de71cc2	2017-09-18 17:58:56 +0300	[diff] [blame]	1449
Oleg Bondarev	878ac46	2018-04-23 17:48:15 +0400	[diff] [blame]	1450	Different Neutron extensions for different agents
				1451	-------------------------------------------------
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1452
Oleg Bondarev	878ac46	2018-04-23 17:48:15 +0400	[diff] [blame]	1453	.. code-block:: yaml
				1454
				1455	neutron:
				1456	server:
				1457	backend:
				1458	extension: # common extensions for OVS and SRIOV agents
				1459	dns:
				1460	enabled: True
				1461	...
				1462	qos
				1463	enabled: True
				1464	ovs_extension: # OVS specific extensions
				1465	bagpipe_bgpvpn:
				1466	enabled: True
				1467	sriov_extension: # SRIOV specific extensions
				1468	dummy:
				1469	enabled: True
Oleg Iurchenko	de71cc2	2017-09-18 17:58:56 +0300	[diff] [blame]	1470
Oleg Iurchenko	8cf6cf5	2017-09-18 15:44:03 +0300	[diff] [blame]	1471	Neutron with Designate
				1472	-----------------------------------------
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1473
Oleg Iurchenko	8cf6cf5	2017-09-18 15:44:03 +0300	[diff] [blame]	1474	.. code-block:: yaml
				1475
				1476	neutron:
				1477	server:
				1478	backend:
				1479	extension:
				1480	dns:
				1481	enabled: True
				1482	host: 127.0.0.1
				1483	port: 9001
				1484	protocol: http
				1485
Marek Celoud	67ce206	2018-01-31 13:44:55 +0100	[diff] [blame]	1486	Enable RBAC for OpenContrail engine
				1487	-----------------------------------
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1488
Marek Celoud	67ce206	2018-01-31 13:44:55 +0100	[diff] [blame]	1489	.. code-block:: yaml
				1490
				1491	neutron:
				1492	server:
				1493	backend:
				1494	engine: contrail
				1495	rbac:
				1496	enabled: True
Oleg Iurchenko	8cf6cf5	2017-09-18 15:44:03 +0300	[diff] [blame]	1497
Kostiantyn Kalynovskyi	7cc5904	2019-03-14 16:30:14 +0300	[diff] [blame]	1498	Increase maximum number of allowed address pairs per instance
				1499	-----------------------------------
				1500
				1501	Neutron Server:
				1502
				1503	.. code-block:: yaml
				1504
				1505	neutron:
				1506	server:
				1507	max_allowed_address_pair: 20
				1508
				1509	Neutron generic node (compute or gateway):
				1510
				1511	.. code-block:: yaml
				1512
				1513	neutron:
				1514	max_allowed_address_pair: 20
				1515
Oleg Bondarev	a0940cc	2019-03-27 16:24:00 +0400	[diff] [blame]	1516	Increase OVS timeouts for loaded nodes
				1517	--------------------------------------
				1518
				1519	Network node:
				1520
				1521	.. code-block:: yaml
				1522
				1523	neutron:
				1524	gateway:
				1525	of_connect_timeout: 60
				1526	of_request_timeout: 30
Oleg Bondarev	13a8730	2019-06-11 18:20:29 +0400	[diff] [blame]	1527	of_inactivity_probe: 30
Oleg Bondarev	a0940cc	2019-03-27 16:24:00 +0400	[diff] [blame]	1528	ovs_vsctl_timeout: 30 # Pike
				1529	ovsdb_timeout: 30 # Queens and beyond
				1530	bridge_mac_table_size: 100000
				1531
Oleg Bondarev	e26a239	2019-04-11 18:27:27 +0400	[diff] [blame]	1532	Change default resource quotas
				1533	------------------------------
				1534
				1535	.. code-block:: yaml
				1536
				1537	neutron:
				1538	server:
				1539	quotas:
				1540	default_quota: 100
				1541	quota_network: 150
				1542	quota_subnet: 150
				1543	quota_port: 200
				1544	quota_router: 50
				1545	quota_floatingip: 30
				1546	quota_security_group: 20
				1547	quota_security_group_rule: 50
				1548
				1549
Oleg Bondarev	a0940cc	2019-03-27 16:24:00 +0400	[diff] [blame]	1550
Dmitry Kalashnik	35dd0e0	2017-12-07 14:16:25 +0400	[diff] [blame]	1551	Enhanced logging with logging.conf
				1552	----------------------------------
				1553
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1554	By default ``logging.conf`` is disabled.
Dmitry Kalashnik	35dd0e0	2017-12-07 14:16:25 +0400	[diff] [blame]	1555
				1556	That is possible to enable per-binary logging.conf with new variables:
Dmitry Kalashnik	35dd0e0	2017-12-07 14:16:25 +0400	[diff] [blame]	1557
OlgaGusarenko	838c9fd	2018-07-31 00:22:44 +0300	[diff] [blame]	1558	* ``openstack_log_appender``
				1559	Set to true to enable ``log_config_append`` for all OpenStack services
				1560
				1561	* ``openstack_fluentd_handler_enabled``
				1562	Set to true to enable FluentHandler for all Openstack services
				1563
				1564	* ``openstack_ossyslog_handler_enabled``
				1565	Set to true to enable OSSysLogHandler for all Openstack services.
				1566
				1567	Only ``WatchedFileHandler``, ``OSSysLogHandler``, and ``FluentHandler``
				1568	are available.
Dmitry Kalashnik	35dd0e0	2017-12-07 14:16:25 +0400	[diff] [blame]	1569
				1570	Also it is possible to configure this with pillar:
				1571
				1572	.. code-block:: yaml
				1573
				1574	neutron:
				1575	server:
				1576	logging:
				1577	log_appender: true
				1578	log_handlers:
				1579	watchedfile:
				1580	enabled: true
				1581	fluentd:
				1582	enabled: true
Oleksii Chupryn	156c5f4	2018-02-07 10:06:50 +0200	[diff] [blame]	1583	ossyslog:
				1584	enabled: true
Dmitry Kalashnik	35dd0e0	2017-12-07 14:16:25 +0400	[diff] [blame]	1585	....
				1586	compute:
				1587	logging:
				1588	log_appender: true
				1589	log_handlers:
				1590	watchedfile:
				1591	enabled: true
				1592	fluentd:
				1593	enabled: true
Oleksii Chupryn	156c5f4	2018-02-07 10:06:50 +0200	[diff] [blame]	1594	ossyslog:
				1595	enabled: true
Dmitry Kalashnik	35dd0e0	2017-12-07 14:16:25 +0400	[diff] [blame]	1596	....
				1597	gateway:
				1598	logging:
				1599	log_appender: true
				1600	log_handlers:
				1601	watchedfile:
				1602	enabled: true
				1603	fluentd:
				1604	enabled: true
Oleksii Chupryn	156c5f4	2018-02-07 10:06:50 +0200	[diff] [blame]	1605	ossyslog:
				1606	enabled: true
Oleg Iurchenko	8cf6cf5	2017-09-18 15:44:03 +0300	[diff] [blame]	1607
Oleksii Grudev	fe73ee5	2018-05-14 14:08:11 +0300	[diff] [blame]	1608	Logging levels pillar example:
				1609
				1610	.. code-block:: yaml
				1611
				1612	neutron:
				1613	server:
				1614	logging:
				1615	log_appender: true
				1616	loggers:
				1617	root:
				1618	level: 'DEBUG'
				1619	neutron:
				1620	level: 'DEBUG'
				1621	amqplib:
				1622	level: 'DEBUG'
				1623	sqlalchemy:
				1624	level: 'DEBUG'
				1625	boto:
				1626	level: 'DEBUG'
				1627	suds:
				1628	level: 'DEBUG'
				1629	eventletwsgi:
				1630	level: 'DEBUG'
				1631	......
Michael Polenchuk	5fb5c57	2019-03-13 11:54:26 +0400	[diff] [blame]	1632
				1633	Neutron server with memcached caching and security strategy
				1634	-----------------------------------------------------------
Oleksandr Bryndzii	3b0ac2c	2018-10-04 11:06:24 +0300	[diff] [blame]	1635
				1636	.. code-block:: yaml
				1637
				1638	neutron:
				1639	server:
				1640	enabled: true
				1641	...
				1642	cache:
				1643	engine: memcached
				1644	members:
				1645	- host: 127.0.0.1
				1646	port: 11211
				1647	- host: 127.0.0.1
				1648	port: 11211
				1649	security:
				1650	enabled: true
				1651	strategy: ENCRYPT
				1652	secret_key: secret
Oleksii Grudev	fe73ee5	2018-05-14 14:08:11 +0300	[diff] [blame]	1653
Michael Polenchuk	5fb5c57	2019-03-13 11:54:26 +0400	[diff] [blame]	1654
				1655	Neutron API behind uWSGI (experimental)
				1656	---------------------------------------
				1657
				1658	.. code-block:: yaml
				1659
				1660	neutron:
				1661	server:
				1662	wsgi:
				1663	enabled: true
				1664	threads: 32
				1665	workers: 64
				1666	logto: /var/log/neutron/neutron-server.log
				1667
Oleksandr Bryndzii	b9d02af	2019-05-10 16:59:14 +0300	[diff] [blame]	1668	Setup hardcoded configuration values
				1669	------------------------------------
				1670
				1671	.. code-block:: yaml
				1672
				1673	neutron:
				1674	server:
				1675	configmap:
				1676	neutron_server:
				1677	DEFAULT:
				1678	max_subnet_host_routes: 30
				1679	max_routes: 60
				1680	debug_iptables_rules: True
				1681	quotas:
				1682	quota_network: 20
				1683	quota_subnet: 10
				1684	quota_port: 100
				1685	matchmaker_redis:
				1686	host: 127.0.0.1
				1687	port: 6379
				1688	password: pswd
				1689	gateway:
				1690	configmap:
				1691	metadata_agent:
				1692	DEFAULT:
				1693	metadata_workers: 10
				1694	debug: True
				1695	agent:
				1696	report_interval: 30
				1697	l3_agent:
				1698	DEFAULT:
				1699	agent_mode : dvr
				1700	agent:
				1701	report_interval: 40
				1702	dhcp_agent:
				1703	DEFAULT:
				1704	ovs_vsctl_timeout: 12
				1705	resync_interval: 60
				1706	agent:
				1707	report_interval: 60
Michael Polenchuk	5fb5c57	2019-03-13 11:54:26 +0400	[diff] [blame]	1708
Vasyl Saienko	ba42073	2018-09-07 10:19:32 +0000	[diff] [blame]	1709	Upgrades
				1710	========
				1711
				1712	Each openstack formula provide set of phases (logical bloks) that will help to
				1713	build flexible upgrade orchestration logic for particular components. The list
				1714	of phases might and theirs descriptions are listed in table below:
				1715
				1716	+-------------------------------+------------------------------------------------------+
				1717	\| State \| Description \|
				1718	+===============================+======================================================+
				1719	\| <app>.upgrade.service_running \| Ensure that all services for particular application \|
				1720	\| \| are enabled for autostart and running \|
				1721	+-------------------------------+------------------------------------------------------+
				1722	\| <app>.upgrade.service_stopped \| Ensure that all services for particular application \|
				1723	\| \| disabled for autostart and dead \|
				1724	+-------------------------------+------------------------------------------------------+
				1725	\| <app>.upgrade.pkg_latest \| Ensure that packages used by particular application \|
				1726	\| \| are installed to latest available version. \|
				1727	\| \| This will not upgrade data plane packages like qemu \|
				1728	\| \| and openvswitch as usually minimal required version \|
				1729	\| \| in openstack services is really old. The data plane \|
				1730	\| \| packages should be upgraded separately by `apt-get \|
				1731	\| \| upgrade` or `apt-get dist-upgrade` \|
				1732	\| \| Applying this state will not autostart service. \|
				1733	+-------------------------------+------------------------------------------------------+
				1734	\| <app>.upgrade.render_config \| Ensure configuration is rendered actual version. +
				1735	+-------------------------------+------------------------------------------------------+
				1736	\| <app>.upgrade.pre \| We assume this state is applied on all nodes in the \|
				1737	\| \| cloud before running upgrade. \|
				1738	\| \| Only non destructive actions will be applied during \|
				1739	\| \| this phase. Perform service built in service check \|
				1740	\| \| like (keystone-manage doctor and nova-status upgrade)\|
				1741	+-------------------------------+------------------------------------------------------+
				1742	\| <app>.upgrade.upgrade.pre \| Mostly applicable for data plane nodes. During this \|
				1743	\| \| phase resources will be gracefully removed from \|
				1744	\| \| current node if it is allowed. Services for upgraded \|
				1745	\| \| application will be set to admin disabled state to \|
				1746	\| \| make sure node will not participate in resources \|
				1747	\| \| scheduling. For example on gtw nodes this will set \|
				1748	\| \| all agents to admin disable state and will move all \|
				1749	\| \| routers to other agents. \|
				1750	+-------------------------------+------------------------------------------------------+
				1751	\| <app>.upgrade.upgrade \| This state will basically upgrade application on \|
				1752	\| \| particular target. Stop services, render \|
				1753	\| \| configuration, install new packages, run offline \|
				1754	\| \| dbsync (for ctl), start services. Data plane should \|
				1755	\| \| not be affected, only OpenStack python services. \|
				1756	+-------------------------------+------------------------------------------------------+
				1757	\| <app>.upgrade.upgrade.post \| Add services back to scheduling. \|
				1758	+-------------------------------+------------------------------------------------------+
				1759	\| <app>.upgrade.post \| This phase should be launched only when upgrade of \|
				1760	\| \| the cloud is completed. \|
				1761	+-------------------------------+------------------------------------------------------+
				1762	\| <app>.upgrade.verify \| Here we will do basic health checks (API CRUD \|
				1763	\| \| operations, verify do not have dead network \|
				1764	\| \| agents/compute services) \|
				1765	+-------------------------------+------------------------------------------------------+
				1766
				1767
Oleksandr Pidrepnyi	f3f62a8	2019-06-10 12:17:50 +0300	[diff] [blame]	1768	Don't manage services scheduling while upgrade
				1769	----------------------------------------------
				1770	For some special cases, don't manage services scheduling both enable and disable
				1771	before and after upgrade procedure.
				1772
				1773	If 'manage_service_maintenance: true' or not present - default behavior, disable services
				1774	before upgrade and enable it after upgrade.
				1775	If 'manage_service_maintenance: false' - don't disable and don't enable upgraded services
				1776	scheduling before and after upgrade.
				1777
				1778	.. code-block:: yaml
				1779
				1780	neutron:
				1781	upgrade:
				1782	manage_service_maintenance: false
				1783
				1784
Oleksandr Shyshko	f51b94c	2018-08-31 16:05:27 +0300	[diff] [blame]	1785	Enable x509 and ssl communication between Neutron and Galera cluster.
				1786	---------------------
				1787	By default communication between Neutron and Galera is unsecure.
				1788
				1789	neutron:
				1790	server:
				1791	database:
				1792	x509:
				1793	enabled: True
				1794
				1795	You able to set custom certificates in pillar:
				1796
				1797	neutron:
				1798	server:
				1799	database:
				1800	x509:
				1801	cacert: (certificate content)
				1802	cert: (certificate content)
				1803	key: (certificate content)
				1804
				1805	You can read more about it here:
				1806	https://docs.openstack.org/security-guide/databases/database-access-control.html