Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / neutron / 70555cb62b231ba41e108bf7441a31bc7a0b258f / . / README.rst
blob: 3b9eda600399c35aac707b56a4c0cf467a907871 [file] [log] [blame]
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]1=======================
2Neutron Network Service
3=======================
4
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]5Neutron is an OpenStack project to provide "networking as a service" between
6interface devices (e.g., vNICs) managed by other Openstack services (e.g.,
7nova).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]8
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]9Starting in the Folsom release, Neutron is a core and supported part of the
10OpenStack platform (for Essex, we were an "incubated" project, which means use
11is suggested only for those who really know what they're doing with Neutron).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]12
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]13Sample pillars
14==============
15
16Neutron Server on the controller node
17
18.. code-block:: yaml
19
20 neutron:
21 server:
22 enabled: true
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]23 version: mitaka
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]24 allow_pagination: true
25 pagination_max_limit: 100
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]26 bind:
27 address: 172.20.0.1
28 port: 9696
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]29 database:
30 engine: mysql
31 host: 127.0.0.1
32 port: 3306
33 name: neutron
34 user: neutron
35 password: pwd
36 identity:
37 engine: keystone
38 host: 127.0.0.1
39 port: 35357
40 user: neutron
41 password: pwd
42 tenant: service
43 message_queue:
44 engine: rabbitmq
45 host: 127.0.0.1
46 port: 5672
47 user: openstack
48 password: pwd
49 virtual_host: '/openstack'
50 metadata:
51 host: 127.0.0.1
52 port: 8775
53 password: pass
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]54 audit:
55 enabled: false
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]56
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]57Note: The pagination is useful to retrieve a large bunch of resources,
58because a single request may fail (timeout). This is enabled with both
59parameters *allow_pagination* and *pagination_max_limit* as shown above.
60
61
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]62Neutron VXLAN tenant networks with Network Nodes (with DVR for East-West
63 and Network node for North-South)
64=========================================================================
65===================================
66
67This use case describes a model utilising VxLAN overlay with DVR. The DVR
68 routers will only be utilized for traffic that is router within the cloud
69 infrastructure and that remains encapsulated. External traffic will be
70 routed to via the network nodes.
71
72The intention is that each tenant will require at least two (2) vrouters
73one to be utilised
74
75Neutron Server only
76-------------------
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]77
78.. code-block:: yaml
79
80 neutron:
81 server:
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]82 version: mitaka
83 plugin: ml2
84 bind:
85 address: 172.20.0.1
86 port: 9696
87 database:
88 engine: mysql
89 host: 127.0.0.1
90 port: 3306
91 name: neutron
92 user: neutron
93 password: pwd
94 identity:
95 engine: keystone
96 host: 127.0.0.1
97 port: 35357
98 user: neutron
99 password: pwd
100 tenant: service
101 message_queue:
102 engine: rabbitmq
103 host: 127.0.0.1
104 port: 5672
105 user: openstack
106 password: pwd
107 virtual_host: '/openstack'
108 global_physnet_mtu: 9000
109 l3_ha: False # Which type of router will be created by default
110 dvr: True # disabled for non DVR use case
111 backend:
112 engine: ml2
113 tenant_network_types: "flat,vxlan"
114 external_mtu: 9000
115 mechanism:
116 ovs:
117 driver: openvswitch
118
119Network Node only
120-----------------
121
122.. code-block:: yaml
123
124 neutron:
125 gateway:
126 enabled: True
127 version: mitaka
128 message_queue:
129 engine: rabbitmq
130 host: 127.0.0.1
131 port: 5672
132 user: openstack
133 password: pwd
134 virtual_host: '/openstack'
135 local_ip: 192.168.20.20 # br-mesh ip address
136 dvr: True # disabled for non DVR use case
137 agent_mode: dvr_snat
138 metadata:
139 host: 127.0.0.1
140 password: pass
141 backend:
142 engine: ml2
143 tenant_network_types: "flat,vxlan"
144 mechanism:
145 ovs:
146 driver: openvswitch
147
148Compute Node
149-------------
150
151.. code-block:: yaml
152
153 neutron:
154 compute:
155 enabled: True
156 version: mitaka
157 message_queue:
158 engine: rabbitmq
159 host: 127.0.0.1
160 port: 5672
161 user: openstack
162 password: pwd
163 virtual_host: '/openstack'
164 local_ip: 192.168.20.20 # br-mesh ip address
165 dvr: True # disabled for non DVR use case
166 agent_mode: dvr
167 external_access: false # Compute node with DVR for east-west only, Network Node has True as default
168 metadata:
169 host: 127.0.0.1
170 password: pass
171 backend:
172 engine: ml2
173 tenant_network_types: "flat,vxlan"
174 mechanism:
175 ovs:
176 driver: openvswitch
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]177 audit:
178 enabled: false
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]179
180Neutron VXLAN tenant networks with Network Nodes (non DVR)
181==========================================================
182
183This section describes a network solution that utilises VxLAN overlay
184 networks without DVR with all routers being managed on the network nodes.
185
186Neutron Server only
187-------------------
188
189.. code-block:: yaml
190
191 neutron:
192 server:
193 version: mitaka
194 plugin: ml2
195 bind:
196 address: 172.20.0.1
197 port: 9696
198 database:
199 engine: mysql
200 host: 127.0.0.1
201 port: 3306
202 name: neutron
203 user: neutron
204 password: pwd
205 identity:
206 engine: keystone
207 host: 127.0.0.1
208 port: 35357
209 user: neutron
210 password: pwd
211 tenant: service
212 message_queue:
213 engine: rabbitmq
214 host: 127.0.0.1
215 port: 5672
216 user: openstack
217 password: pwd
218 virtual_host: '/openstack'
219 global_physnet_mtu: 9000
220 l3_ha: True
221 dvr: False
222 backend:
223 engine: ml2
224 tenant_network_types= "flat,vxlan"
225 external_mtu: 9000
226 mechanism:
227 ovs:
228 driver: openvswitch
229
230Network Node only
231-----------------
232
233.. code-block:: yaml
234
235 neutron:
236 gateway:
237 enabled: True
238 version: mitaka
239 message_queue:
240 engine: rabbitmq
241 host: 127.0.0.1
242 port: 5672
243 user: openstack
244 password: pwd
245 virtual_host: '/openstack'
246 local_ip: 192.168.20.20 # br-mesh ip address
247 dvr: False
248 agent_mode: legacy
249 metadata:
250 host: 127.0.0.1
251 password: pass
252 backend:
253 engine: ml2
254 tenant_network_types: "flat,vxlan"
255 mechanism:
256 ovs:
257 driver: openvswitch
258
259Compute Node
260-------------
261
262.. code-block:: yaml
263
264 neutron:
265 compute:
266 enabled: True
267 version: mitaka
268 message_queue:
269 engine: rabbitmq
270 host: 127.0.0.1
271 port: 5672
272 user: openstack
273 password: pwd
274 virtual_host: '/openstack'
275 local_ip: 192.168.20.20 # br-mesh ip address
276 external_access: False
277 dvr: False
278 backend:
279 engine: ml2
280 tenant_network_types: "flat,vxlan"
281 mechanism:
282 ovs:
283 driver: openvswitch
284
285Neutron VXLAN tenant networks with Network Nodes (with DVR for
286East-West and North-South, DVR everywhere, Network node for SNAT)
287==============================================================
288========================================================
289
290This section describes a network solution that utilises VxLAN
291overlay networks with DVR with North-South and East-West. Network
292Node is used only for SNAT.
293
294Neutron Server only
295-------------------
296
297.. code-block:: yaml
298
299 neutron:
300 server:
301 version: mitaka
302 plugin: ml2
303 bind:
304 address: 172.20.0.1
305 port: 9696
306 database:
307 engine: mysql
308 host: 127.0.0.1
309 port: 3306
310 name: neutron
311 user: neutron
312 password: pwd
313 identity:
314 engine: keystone
315 host: 127.0.0.1
316 port: 35357
317 user: neutron
318 password: pwd
319 tenant: service
320 message_queue:
321 engine: rabbitmq
322 host: 127.0.0.1
323 port: 5672
324 user: openstack
325 password: pwd
326 virtual_host: '/openstack'
327 global_physnet_mtu: 9000
328 l3_ha: False
329 dvr: True
330 backend:
331 engine: ml2
332 tenant_network_types= "flat,vxlan"
333 external_mtu: 9000
334 mechanism:
335 ovs:
336 driver: openvswitch
337
338Network Node only
339-----------------
340
341.. code-block:: yaml
342
343 neutron:
344 gateway:
345 enabled: True
346 version: mitaka
347 message_queue:
348 engine: rabbitmq
349 host: 127.0.0.1
350 port: 5672
351 user: openstack
352 password: pwd
353 virtual_host: '/openstack'
354 local_ip: 192.168.20.20 # br-mesh ip address
355 dvr: True
356 agent_mode: dvr_snat
357 metadata:
358 host: 127.0.0.1
359 password: pass
360 backend:
361 engine: ml2
362 tenant_network_types: "flat,vxlan"
363 mechanism:
364 ovs:
365 driver: openvswitch
366
367Compute Node
368-------------
369
370.. code-block:: yaml
371
372 neutron:
373 compute:
374 enabled: True
375 version: mitaka
376 message_queue:
377 engine: rabbitmq
378 host: 127.0.0.1
379 port: 5672
380 user: openstack
381 password: pwd
382 virtual_host: '/openstack'
383 local_ip: 192.168.20.20 # br-mesh ip address
384 dvr: True
385 external_access: True
386 agent_mode: dvr
387 metadata:
388 host: 127.0.0.1
389 password: pass
390 backend:
391 engine: ml2
392 tenant_network_types: "flat,vxlan"
393 mechanism:
394 ovs:
395 driver: openvswitch
396
397Sample Linux network configuration for DVR
398--------------------------------------------
399
400.. code-block:: yaml
401
402 linux:
403 network:
404 bridge: openvswitch
405 interface:
406 eth1:
407 enabled: true
408 type: eth
409 mtu: 9000
410 proto: manual
411 eth2:
412 enabled: true
413 type: eth
414 mtu: 9000
415 proto: manual
416 eth3:
417 enabled: true
418 type: eth
419 mtu: 9000
420 proto: manual
421 br-int:
422 enabled: true
423 mtu: 9000
424 type: ovs_bridge
425 br-floating:
426 enabled: true
427 mtu: 9000
428 type: ovs_bridge
429 float-to-ex:
430 enabled: true
431 type: ovs_port
432 mtu: 65000
433 bridge: br-floating
434 br-mgmt:
435 enabled: true
436 type: bridge
437 mtu: 9000
438 address: ${_param:single_address}
439 netmask: 255.255.255.0
440 use_interfaces:
441 - eth1
442 br-mesh:
443 enabled: true
444 type: bridge
445 mtu: 9000
446 address: ${_param:tenant_address}
447 netmask: 255.255.255.0
448 use_interfaces:
449 - eth2
450 br-ex:
451 enabled: true
452 type: bridge
453 mtu: 9000
454 address: ${_param:external_address}
455 netmask: 255.255.255.0
456 use_interfaces:
457 - eth3
458 use_ovs_ports:
459 - float-to-ex
460
461Neutron VLAN tenant networks with Network Nodes
462===============================================
463
464VLAN tenant provider
465
466Neutron Server only
467-------------------
468
469.. code-block:: yaml
470
471 neutron:
472 server:
473 version: mitaka
474 plugin: ml2
475 ...
476 global_physnet_mtu: 9000
477 l3_ha: False
478 dvr: True
479 backend:
480 engine: ml2
481 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
482 tenant_vlan_range: "1000:2000"
483 external_vlan_range: "100:200" # Does not have to be defined.
484 external_mtu: 9000
485 mechanism:
486 ovs:
487 driver: openvswitch
488
489Compute node
490-------------------
491
492.. code-block:: yaml
493
494 neutron:
495 compute:
496 version: mitaka
497 plugin: ml2
498 ...
499 dvr: True
500 agent_mode: dvr
501 external_access: False
502 backend:
503 engine: ml2
504 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
505 mechanism:
506 ovs:
507 driver: openvswitch
508
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame^]509Neutron OVS SR-IOV
510==================
511
512.. code-block:: yaml
513
514 neutron:
515 server:
516 version: mitaka
517 plugin: ml2
518 backend:
519 engine: ml2
520 ...
521 mechanism:
522 ovs:
523 driver: openvswitch
524 sriov:
525 driver: sriovnicswitch
526
527 neutron:
528 compute:
529 version: mitaka
530 plugin: ml2
531 ...
532 backend:
533 engine: ml2
534 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
535 sriov:
536 nic_one:
537 devname: eth1
538 physical_network: physnet3
539 mechanism:
540 ovs:
541 driver: openvswitch
542
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]543Neutron Server with OpenContrail
544==================================
545
546.. code-block:: yaml
547
548 neutron:
549 server:
550 plugin: contrail
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]551 backend:
552 engine: contrail
553 host: contrail_discovery_host
554 port: 8082
555 user: admin
556 password: password
557 tenant: admin
558 token: token
559
560Neutron Server with Midonet
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]561===========================
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]562
563.. code-block:: yaml
564
565 neutron:
566 server:
567 backend:
568 engine: midonet
569 host: midonet_api_host
570 port: 8181
571 user: admin
572 password: password
573
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]574Other
575=====
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]576
Jakub Pavlik6dd5c0a2016-03-09 14:18:15 +0100[diff] [blame]577Neutron Keystone region
578
579.. code-block:: yaml
580
581 neutron:
582 server:
583 enabled: true
584 version: kilo
585 ...
586 identity:
587 region: RegionTwo
588 ...
589 compute:
590 region: RegionTwo
591 ...
592
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]593
594Client-side RabbitMQ HA setup
595
596.. code-block:: yaml
597
598 neutron:
599 server:
600 ....
601 message_queue:
602 engine: rabbitmq
603 members:
604 - host: 10.0.16.1
605 - host: 10.0.16.2
606 - host: 10.0.16.3
607 user: openstack
608 password: pwd
609 virtual_host: '/openstack'
610 ....
611
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]612Enable auditing filter, ie: CADF
613
614.. code-block:: yaml
615
616 neutron:
617 server:
618 audit:
619 enabled: true
620 ....
621 filter_factory: 'keystonemiddleware.audit:filter_factory'
622 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
623 ....
624 compute:
625 audit:
626 enabled: true
627 ....
628 filter_factory: 'keystonemiddleware.audit:filter_factory'
629 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
630 ....
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]631
632
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]633Client role
634-----------
635
636Neutron networks
637
638.. code-block:: yaml
639
640 neutron:
641 client:
642 enabled: true
643 server:
644 identity:
645 network:
646 inet1:
647 tenant: demo
648 shared: False
649 admin_state_up: True
650 router_external: True
651 provider_physical_network: inet
652 provider_network_type: flat
653 provider_segmentation_id: 2
654 subnet:
655 inet1-subnet1:
656 cidr: 192.168.90.0/24
657 enable_dhcp: False
658 inet2:
659 tenant: admin
660 shared: False
661 router_external: True
662 provider_network_type: "vlan"
663 subnet:
664 inet2-subnet1:
665 cidr: 192.168.92.0/24
666 enable_dhcp: False
667 inet2-subnet2:
668 cidr: 192.168.94.0/24
669 enable_dhcp: True
670 identity1:
671 network:
672 ...
673
674
675Neutron routers
676
677.. code-block:: yaml
678
679 neutron:
680 client:
681 enabled: true
682 server:
683 identity:
684 router:
685 inet1-router:
686 tenant: demo
687 admin_state_up: True
688 gateway_network: inet
689 interfaces:
690 - inet1-subnet1
691 - inet1-subnet2
692 identity1:
693 router:
694 ...
695
696 TODO: implement adding new interfaces to a router while updating it
697
698
699Neutron security groups
700
701.. code-block:: yaml
702
703 neutron:
704 client:
705 enabled: true
706 server:
707 identity:
708 security_group:
709 security_group1:
710 tenant: demo
711 description: security group 1
712 rules:
713 - direction: ingress
714 ethertype: IPv4
715 protocol: TCP
716 port_range_min: 1
717 port_range_max: 65535
718 remote_ip_prefix: 0.0.0.0/0
719 - direction: ingress
720 ethertype: IPv4
721 protocol: UDP
722 port_range_min: 1
723 port_range_max: 65535
724 remote_ip_prefix: 0.0.0.0/0
725 - direction: ingress
726 protocol: ICMP
727 remote_ip_prefix: 0.0.0.0/0
728 identity1:
729 security_group:
730 ...
731
732 TODO: implement updating existing security rules (now it adds new rule if trying to update existing one)
733
Jiri Broulikde2e2902017-02-13 15:03:47 +0100[diff] [blame]734
735Floating IP addresses
736
737.. code-block:: yaml
738
739 neutron:
740 client:
741 enabled: true
742 server:
743 identity:
744 floating_ip:
745 prx01-instance:
746 server: prx01.mk22-lab-basic.local
747 subnet: private-subnet1
748 network: public-net1
749 tenant: demo
750 gtw01-instance:
751 ...
752
753.. note:: The network must have flag router:external set to True.
754 Instance port in the stated subnet will be associated with the dynamically generated floating IP.
755
756
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]757Usage
758=====
759
760Fix RDO Neutron installation
761
762.. code-block:: yaml
763
764 neutron-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini stamp havana
765
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]766Documentation and Bugs
767============================
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]768
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]769To learn how to deploy OpenStack Salt, consult the documentation available
770online at:
771
772 https://wiki.openstack.org/wiki/OpenStackSalt
773
774In the unfortunate event that bugs are discovered, they should be reported to
775the appropriate bug tracker. If you obtained the software from a 3rd party
776operating system vendor, it is often wise to use their own bug tracker for
777reporting problems. In all other cases use the master OpenStack bug tracker,
778available at:
779
780 http://bugs.launchpad.net/openstack-salt
781
782Developers wishing to work on the OpenStack Salt project should always base
783their work on the latest formulas code, available from the master GIT
784repository at:
785
786 https://git.openstack.org/cgit/openstack/salt-formula-neutron
787
788Developers should also join the discussion on the IRC list, at:
789
790 https://wiki.openstack.org/wiki/Meetings/openstack-salt
Filip Pytloun20c0a442017-02-02 13:05:13 +0100[diff] [blame]791
792Documentation and Bugs
793======================
794
795To learn how to install and update salt-formulas, consult the documentation
796available online at:
797
798 http://salt-formulas.readthedocs.io/
799
800In the unfortunate event that bugs are discovered, they should be reported to
801the appropriate issue tracker. Use Github issue tracker for specific salt
802formula:
803
804 https://github.com/salt-formulas/salt-formula-neutron/issues
805
806For feature requests, bug reports or blueprints affecting entire ecosystem,
807use Launchpad salt-formulas project:
808
809 https://launchpad.net/salt-formulas
810
811You can also join salt-formulas-users team and subscribe to mailing list:
812
813 https://launchpad.net/~salt-formulas-users
814
815Developers wishing to work on the salt-formulas projects should always base
816their work on master branch and submit pull request against specific formula.
817
818 https://github.com/salt-formulas/salt-formula-neutron
819
820Any questions or feedback is always welcome so feel free to join our IRC
821channel:
822
823 #salt-formulas @ irc.freenode.net