Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / neutron / 5c2c153ff83845ca1b2d3423427a36cfabba99dc / . / README.rst
blob: 66b22992f80acf3868ac5fb9c3372c2662ae8685 [file] [log] [blame]
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]1===============
2Neutron Formula
3===============
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]4
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]5Neutron is an OpenStack project to provide "networking as a service" between
6interface devices (e.g., vNICs) managed by other Openstack services (e.g.,
7nova).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]8
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]9Starting in the Folsom release, Neutron is a core and supported part of the
10OpenStack platform (for Essex, we were an "incubated" project, which means use
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]11is suggested only for those who really know what they're doing with Neutron).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]12
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]13Sample Pillars
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]14==============
15
16Neutron Server on the controller node
17
18.. code-block:: yaml
19
20 neutron:
21 server:
22 enabled: true
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]23 version: mitaka
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]24 allow_pagination: true
25 pagination_max_limit: 100
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]26 bind:
27 address: 172.20.0.1
28 port: 9696
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]29 database:
30 engine: mysql
31 host: 127.0.0.1
32 port: 3306
33 name: neutron
34 user: neutron
35 password: pwd
36 identity:
37 engine: keystone
38 host: 127.0.0.1
39 port: 35357
40 user: neutron
41 password: pwd
42 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]43 endpoint_type: internal
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]44 message_queue:
45 engine: rabbitmq
46 host: 127.0.0.1
47 port: 5672
48 user: openstack
49 password: pwd
50 virtual_host: '/openstack'
51 metadata:
52 host: 127.0.0.1
53 port: 8775
54 password: pass
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]55 audit:
56 enabled: false
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]57
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]58Note: The pagination is useful to retrieve a large bunch of resources,
59because a single request may fail (timeout). This is enabled with both
60parameters *allow_pagination* and *pagination_max_limit* as shown above.
61
Dmitry Ukov596ddcf2017-05-04 18:16:16 +0400[diff] [blame]62
63Configuration of policy.json file
64
65.. code-block:: yaml
66
67 neutron:
68 server:
69 ....
70 policy:
71 create_subnet: 'rule:admin_or_network_owner'
72 'get_network:queue_id': 'rule:admin_only'
73 # Add key without value to remove line from policy.json
74 'create_network:shared':
75
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]76Neutron LBaaSv2 enablement
77--------------------------
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]78
79.. code-block:: yaml
80
81 neutron:
82 server:
83 lbaas:
84 enabled: true
85 providers:
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]86 octavia:
87 engine: octavia
88 driver_path: 'neutron_lbaas.drivers.octavia.driver.OctaviaDriver'
89 base_url: 'http://127.0.0.1:9876'
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]90 avi_adc:
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]91 engine: avinetworks
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]92 driver_path: 'avi_lbaasv2.avi_driver.AviDriver'
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]93 controller_address: 10.182.129.239
94 controller_user: admin
95 controller_password: Cloudlab2016
96 controller_cloud_name: Default-Cloud
97 avi_adc2:
98 engine: avinetworks
99 ...
100
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]101Note: If the Contrail backend is set, Opencontrail loadbalancer would be enabled
102automatically. In this case lbaas should disabled in pillar:
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]103
104.. code-block:: yaml
105
106 neutron:
107 server:
108 lbaas:
Elena Ezhovacd67cfe2017-06-16 23:35:07 +0400[diff] [blame]109 enabled: false
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]110
Ondrej Smola12ff8192017-04-28 12:39:11 +0200[diff] [blame]111Enable CORS parameters
112
113.. code-block:: yaml
114
115 neutron:
116 server:
117 cors:
118 allowed_origin: https:localhost.local,http:localhost.local
119 expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
120 allow_methods: GET,PUT,POST,DELETE,PATCH
121 allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
122 allow_credentials: True
123 max_age: 86400
124
125
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]126Neutron VXLAN tenant networks with Network nodes
127------------------------------------------------
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]128
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]129With DVR for East-West and Network node for North-South.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]130
131This use case describes a model utilising VxLAN overlay with DVR. The DVR
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]132routers will only be utilized for traffic that is router within the cloud
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]133infrastructure and that remains encapsulated. External traffic will be
134routed to via the network nodes.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]135
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]136The intention is that each tenant will require at least two (2) vrouters
137one to be utilised
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]138
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]139Neutron Server
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]140
141.. code-block:: yaml
142
143 neutron:
144 server:
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]145 version: mitaka
146 plugin: ml2
147 bind:
148 address: 172.20.0.1
149 port: 9696
150 database:
151 engine: mysql
152 host: 127.0.0.1
153 port: 3306
154 name: neutron
155 user: neutron
156 password: pwd
157 identity:
158 engine: keystone
159 host: 127.0.0.1
160 port: 35357
161 user: neutron
162 password: pwd
163 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]164 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]165 message_queue:
166 engine: rabbitmq
167 host: 127.0.0.1
168 port: 5672
169 user: openstack
170 password: pwd
171 virtual_host: '/openstack'
172 global_physnet_mtu: 9000
173 l3_ha: False # Which type of router will be created by default
174 dvr: True # disabled for non DVR use case
175 backend:
176 engine: ml2
177 tenant_network_types: "flat,vxlan"
178 external_mtu: 9000
179 mechanism:
180 ovs:
181 driver: openvswitch
182
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]183Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]184
185.. code-block:: yaml
186
187 neutron:
188 gateway:
189 enabled: True
190 version: mitaka
191 message_queue:
192 engine: rabbitmq
193 host: 127.0.0.1
194 port: 5672
195 user: openstack
196 password: pwd
197 virtual_host: '/openstack'
198 local_ip: 192.168.20.20 # br-mesh ip address
199 dvr: True # disabled for non DVR use case
200 agent_mode: dvr_snat
201 metadata:
202 host: 127.0.0.1
203 password: pass
204 backend:
205 engine: ml2
206 tenant_network_types: "flat,vxlan"
207 mechanism:
208 ovs:
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]209 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]210
211Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]212
213.. code-block:: yaml
214
215 neutron:
216 compute:
217 enabled: True
218 version: mitaka
219 message_queue:
220 engine: rabbitmq
221 host: 127.0.0.1
222 port: 5672
223 user: openstack
224 password: pwd
225 virtual_host: '/openstack'
226 local_ip: 192.168.20.20 # br-mesh ip address
227 dvr: True # disabled for non DVR use case
228 agent_mode: dvr
229 external_access: false # Compute node with DVR for east-west only, Network Node has True as default
230 metadata:
231 host: 127.0.0.1
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]232 password: pass
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]233 backend:
234 engine: ml2
235 tenant_network_types: "flat,vxlan"
236 mechanism:
237 ovs:
238 driver: openvswitch
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]239 audit:
240 enabled: false
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]241
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]242
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]243Neutron VXLAN tenant networks with Network Nodes (non DVR)
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]244----------------------------------------------------------
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]245
246This section describes a network solution that utilises VxLAN overlay
247 networks without DVR with all routers being managed on the network nodes.
248
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]249Neutron Server
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]250
251.. code-block:: yaml
252
253 neutron:
254 server:
255 version: mitaka
256 plugin: ml2
257 bind:
258 address: 172.20.0.1
259 port: 9696
260 database:
261 engine: mysql
262 host: 127.0.0.1
263 port: 3306
264 name: neutron
265 user: neutron
266 password: pwd
267 identity:
268 engine: keystone
269 host: 127.0.0.1
270 port: 35357
271 user: neutron
272 password: pwd
273 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]274 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]275 message_queue:
276 engine: rabbitmq
277 host: 127.0.0.1
278 port: 5672
279 user: openstack
280 password: pwd
281 virtual_host: '/openstack'
282 global_physnet_mtu: 9000
283 l3_ha: True
284 dvr: False
285 backend:
286 engine: ml2
287 tenant_network_types= "flat,vxlan"
288 external_mtu: 9000
289 mechanism:
290 ovs:
291 driver: openvswitch
292
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]293Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]294
295.. code-block:: yaml
296
297 neutron:
298 gateway:
299 enabled: True
300 version: mitaka
301 message_queue:
302 engine: rabbitmq
303 host: 127.0.0.1
304 port: 5672
305 user: openstack
306 password: pwd
307 virtual_host: '/openstack'
308 local_ip: 192.168.20.20 # br-mesh ip address
309 dvr: False
310 agent_mode: legacy
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]311 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]312 metadata:
313 host: 127.0.0.1
314 password: pass
315 backend:
316 engine: ml2
317 tenant_network_types: "flat,vxlan"
318 mechanism:
319 ovs:
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]320 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]321
322Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]323
324.. code-block:: yaml
325
326 neutron:
327 compute:
328 enabled: True
329 version: mitaka
330 message_queue:
331 engine: rabbitmq
332 host: 127.0.0.1
333 port: 5672
334 user: openstack
335 password: pwd
336 virtual_host: '/openstack'
337 local_ip: 192.168.20.20 # br-mesh ip address
338 external_access: False
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]339 dvr: False
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]340 backend:
341 engine: ml2
342 tenant_network_types: "flat,vxlan"
343 mechanism:
344 ovs:
345 driver: openvswitch
346
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]347Neutron VXLAN tenant networks with Network Nodes with DVR
348---------------------------------------------------------
349
350With DVR for East-West and North-South, DVR everywhere, Network node for SNAT.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]351
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]352This section describes a network solution that utilises VxLAN
353overlay networks with DVR with North-South and East-West. Network
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]354Node is used only for SNAT.
355
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]356Neutron Server
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]357
358.. code-block:: yaml
359
360 neutron:
361 server:
362 version: mitaka
363 plugin: ml2
364 bind:
365 address: 172.20.0.1
366 port: 9696
367 database:
368 engine: mysql
369 host: 127.0.0.1
370 port: 3306
371 name: neutron
372 user: neutron
373 password: pwd
374 identity:
375 engine: keystone
376 host: 127.0.0.1
377 port: 35357
378 user: neutron
379 password: pwd
380 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]381 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]382 message_queue:
383 engine: rabbitmq
384 host: 127.0.0.1
385 port: 5672
386 user: openstack
387 password: pwd
388 virtual_host: '/openstack'
389 global_physnet_mtu: 9000
390 l3_ha: False
391 dvr: True
392 backend:
393 engine: ml2
394 tenant_network_types= "flat,vxlan"
395 external_mtu: 9000
396 mechanism:
397 ovs:
398 driver: openvswitch
399
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]400Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]401
402.. code-block:: yaml
403
404 neutron:
405 gateway:
406 enabled: True
407 version: mitaka
408 message_queue:
409 engine: rabbitmq
410 host: 127.0.0.1
411 port: 5672
412 user: openstack
413 password: pwd
414 virtual_host: '/openstack'
415 local_ip: 192.168.20.20 # br-mesh ip address
416 dvr: True
417 agent_mode: dvr_snat
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]418 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]419 metadata:
420 host: 127.0.0.1
421 password: pass
422 backend:
423 engine: ml2
424 tenant_network_types: "flat,vxlan"
425 mechanism:
426 ovs:
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]427 driver: openvswitch
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]428
429Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]430
431.. code-block:: yaml
432
433 neutron:
434 compute:
435 enabled: True
436 version: mitaka
437 message_queue:
438 engine: rabbitmq
439 host: 127.0.0.1
440 port: 5672
441 user: openstack
442 password: pwd
443 virtual_host: '/openstack'
444 local_ip: 192.168.20.20 # br-mesh ip address
445 dvr: True
Vasyl Saienko2fffc842017-06-14 10:35:26 +0300[diff] [blame]446 external_access: True
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]447 agent_mode: dvr
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]448 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]449 metadata:
450 host: 127.0.0.1
451 password: pass
452 backend:
453 engine: ml2
454 tenant_network_types: "flat,vxlan"
455 mechanism:
456 ovs:
457 driver: openvswitch
458
459Sample Linux network configuration for DVR
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]460
461.. code-block:: yaml
462
463 linux:
464 network:
465 bridge: openvswitch
466 interface:
467 eth1:
468 enabled: true
469 type: eth
470 mtu: 9000
471 proto: manual
472 eth2:
473 enabled: true
474 type: eth
475 mtu: 9000
476 proto: manual
477 eth3:
478 enabled: true
479 type: eth
480 mtu: 9000
481 proto: manual
482 br-int:
483 enabled: true
484 mtu: 9000
485 type: ovs_bridge
486 br-floating:
487 enabled: true
488 mtu: 9000
489 type: ovs_bridge
490 float-to-ex:
491 enabled: true
492 type: ovs_port
493 mtu: 65000
494 bridge: br-floating
495 br-mgmt:
496 enabled: true
497 type: bridge
498 mtu: 9000
499 address: ${_param:single_address}
500 netmask: 255.255.255.0
501 use_interfaces:
502 - eth1
503 br-mesh:
504 enabled: true
505 type: bridge
506 mtu: 9000
507 address: ${_param:tenant_address}
508 netmask: 255.255.255.0
509 use_interfaces:
510 - eth2
511 br-ex:
512 enabled: true
513 type: bridge
514 mtu: 9000
515 address: ${_param:external_address}
516 netmask: 255.255.255.0
517 use_interfaces:
518 - eth3
519 use_ovs_ports:
520 - float-to-ex
521
Thom Gerdes3282d072017-05-30 22:06:04 +0000[diff] [blame]522Additonal VXLAN tenant network settings
523---------------------------------------
524
525The default multicast group of 224.0.0.1 only multicasts to a single subnet.
526Allow overriding it to allow larger underlay network topologies.
527
528Neutron Server
529
530.. code-block:: yaml
531
532 neutron:
533 server:
534 vxlan:
535 group: 239.0.0.0/8
536 vni_ranges: "2:65535"
537
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]538Neutron VLAN tenant networks with Network Nodes
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]539-----------------------------------------------
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]540
541VLAN tenant provider
542
543Neutron Server only
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]544
545.. code-block:: yaml
546
547 neutron:
548 server:
549 version: mitaka
550 plugin: ml2
551 ...
552 global_physnet_mtu: 9000
553 l3_ha: False
554 dvr: True
555 backend:
556 engine: ml2
557 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
558 tenant_vlan_range: "1000:2000"
559 external_vlan_range: "100:200" # Does not have to be defined.
560 external_mtu: 9000
561 mechanism:
562 ovs:
563 driver: openvswitch
564
565Compute node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]566
567.. code-block:: yaml
568
569 neutron:
570 compute:
571 version: mitaka
572 plugin: ml2
573 ...
574 dvr: True
575 agent_mode: dvr
576 external_access: False
577 backend:
578 engine: ml2
579 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
580 mechanism:
581 ovs:
582 driver: openvswitch
583
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]584Advanced Neutron Features (DPDK, SR-IOV)
585
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]586Neutron OVS DPDK
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]587
588Enable datapath netdev for neutron openvswitch agent
589
590.. code-block:: yaml
591
592 neutron:
593 server:
594 version: mitaka
595 ...
596 dpdk: True
597 ...
598
599 neutron:
600 compute:
601 version: mitaka
602 plugin: ml2
603 dpdk: True
604 backend:
605 engine: ml2
606 ...
607 mechanism:
608 ovs:
609 driver: openvswitch
610
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]611Neutron OVS SR-IOV
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]612
613.. code-block:: yaml
614
615 neutron:
616 server:
617 version: mitaka
618 plugin: ml2
619 backend:
620 engine: ml2
621 ...
622 mechanism:
623 ovs:
624 driver: openvswitch
625 sriov:
626 driver: sriovnicswitch
627
628 neutron:
629 compute:
630 version: mitaka
631 plugin: ml2
632 ...
633 backend:
634 engine: ml2
635 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
636 sriov:
637 nic_one:
638 devname: eth1
639 physical_network: physnet3
640 mechanism:
641 ovs:
642 driver: openvswitch
643
Ilya Chukhnakovf4c2bb32017-06-08 02:03:15 +0300[diff] [blame]644Neutron with VLAN-aware-VMs
645
646.. code-block:: yaml
647
648 neutron:
649 server:
650 vlan_aware_vms: true
651 ....
652 compute:
653 vlan_aware_vms: true
654 ....
655 gateway:
656 vlan_aware_vms: true
657
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]658Neutron Server
659--------------
660
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]661Neutron Server with OpenContrail
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]662
663.. code-block:: yaml
664
665 neutron:
666 server:
667 plugin: contrail
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]668 backend:
669 engine: contrail
670 host: contrail_discovery_host
671 port: 8082
672 user: admin
673 password: password
674 tenant: admin
675 token: token
676
677Neutron Server with Midonet
678
679.. code-block:: yaml
680
681 neutron:
682 server:
683 backend:
684 engine: midonet
685 host: midonet_api_host
686 port: 8181
687 user: admin
688 password: password
689
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]690
Jakub Pavlik6dd5c0a2016-03-09 14:18:15 +0100[diff] [blame]691Neutron Keystone region
692
693.. code-block:: yaml
694
695 neutron:
696 server:
697 enabled: true
698 version: kilo
699 ...
700 identity:
701 region: RegionTwo
702 ...
703 compute:
704 region: RegionTwo
705 ...
706
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]707Client-side RabbitMQ HA setup
708
709.. code-block:: yaml
710
711 neutron:
712 server:
713 ....
714 message_queue:
715 engine: rabbitmq
716 members:
717 - host: 10.0.16.1
718 - host: 10.0.16.2
719 - host: 10.0.16.3
720 user: openstack
721 password: pwd
722 virtual_host: '/openstack'
723 ....
724
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]725Enable auditing filter, ie: CADF
726
727.. code-block:: yaml
728
729 neutron:
730 server:
731 audit:
732 enabled: true
733 ....
734 filter_factory: 'keystonemiddleware.audit:filter_factory'
735 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
736 ....
737 compute:
738 audit:
739 enabled: true
740 ....
741 filter_factory: 'keystonemiddleware.audit:filter_factory'
742 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
743 ....
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]744
Oleg Bondarev98870a32017-05-29 16:53:19 +0400[diff] [blame]745Neutron with security groups disabled
746
747.. code-block:: yaml
748
749 neutron:
750 server:
751 security_groups_enabled: False
752 ....
753 compute:
754 security_groups_enabled: False
755 ....
756 gateway:
757 security_groups_enabled: False
758
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]759
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]760Neutron Client
761--------------
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]762
763Neutron networks
764
765.. code-block:: yaml
766
767 neutron:
768 client:
769 enabled: true
770 server:
771 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]772 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]773 network:
774 inet1:
775 tenant: demo
776 shared: False
777 admin_state_up: True
778 router_external: True
779 provider_physical_network: inet
780 provider_network_type: flat
781 provider_segmentation_id: 2
782 subnet:
783 inet1-subnet1:
784 cidr: 192.168.90.0/24
785 enable_dhcp: False
786 inet2:
787 tenant: admin
788 shared: False
789 router_external: True
790 provider_network_type: "vlan"
791 subnet:
792 inet2-subnet1:
793 cidr: 192.168.92.0/24
794 enable_dhcp: False
795 inet2-subnet2:
796 cidr: 192.168.94.0/24
797 enable_dhcp: True
798 identity1:
799 network:
800 ...
801
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]802Neutron routers
803
804.. code-block:: yaml
805
806 neutron:
807 client:
808 enabled: true
809 server:
810 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]811 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]812 router:
813 inet1-router:
814 tenant: demo
815 admin_state_up: True
816 gateway_network: inet
817 interfaces:
818 - inet1-subnet1
819 - inet1-subnet2
820 identity1:
821 router:
822 ...
823
824 TODO: implement adding new interfaces to a router while updating it
825
826
827Neutron security groups
828
829.. code-block:: yaml
830
831 neutron:
832 client:
833 enabled: true
834 server:
835 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]836 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]837 security_group:
838 security_group1:
839 tenant: demo
840 description: security group 1
841 rules:
842 - direction: ingress
843 ethertype: IPv4
844 protocol: TCP
845 port_range_min: 1
846 port_range_max: 65535
847 remote_ip_prefix: 0.0.0.0/0
848 - direction: ingress
849 ethertype: IPv4
850 protocol: UDP
851 port_range_min: 1
852 port_range_max: 65535
853 remote_ip_prefix: 0.0.0.0/0
854 - direction: ingress
855 protocol: ICMP
856 remote_ip_prefix: 0.0.0.0/0
857 identity1:
858 security_group:
859 ...
860
861 TODO: implement updating existing security rules (now it adds new rule if trying to update existing one)
862
Jiri Broulikde2e2902017-02-13 15:03:47 +0100[diff] [blame]863
864Floating IP addresses
865
866.. code-block:: yaml
867
868 neutron:
869 client:
870 enabled: true
871 server:
872 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]873 endpoint_type: internalURL
Jiri Broulikde2e2902017-02-13 15:03:47 +0100[diff] [blame]874 floating_ip:
875 prx01-instance:
876 server: prx01.mk22-lab-basic.local
877 subnet: private-subnet1
878 network: public-net1
879 tenant: demo
880 gtw01-instance:
881 ...
882
883.. note:: The network must have flag router:external set to True.
884 Instance port in the stated subnet will be associated with the dynamically generated floating IP.
885
886
Filip Pytloun20c0a442017-02-02 13:05:13 +0100[diff] [blame]887Documentation and Bugs
888======================
889
890To learn how to install and update salt-formulas, consult the documentation
891available online at:
892
893 http://salt-formulas.readthedocs.io/
894
895In the unfortunate event that bugs are discovered, they should be reported to
896the appropriate issue tracker. Use Github issue tracker for specific salt
897formula:
898
899 https://github.com/salt-formulas/salt-formula-neutron/issues
900
901For feature requests, bug reports or blueprints affecting entire ecosystem,
902use Launchpad salt-formulas project:
903
904 https://launchpad.net/salt-formulas
905
906You can also join salt-formulas-users team and subscribe to mailing list:
907
908 https://launchpad.net/~salt-formulas-users
909
910Developers wishing to work on the salt-formulas projects should always base
911their work on master branch and submit pull request against specific formula.
912
913 https://github.com/salt-formulas/salt-formula-neutron
914
915Any questions or feedback is always welcome so feel free to join our IRC
916channel:
917
918 #salt-formulas @ irc.freenode.net