Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / neutron / b9cb4fbceaa3a1a0ad6e1d7f4369b7d6981dbc27 / . / README.rst
blob: 34dc657ebdee444ee85b41d1778176774c3ac0e3 [file] [log] [blame]
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]1=======================
2Neutron Network Service
3=======================
4
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]5Neutron is an OpenStack project to provide "networking as a service" between
6interface devices (e.g., vNICs) managed by other Openstack services (e.g.,
7nova).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]8
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]9Starting in the Folsom release, Neutron is a core and supported part of the
10OpenStack platform (for Essex, we were an "incubated" project, which means use
11is suggested only for those who really know what they're doing with Neutron).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]12
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]13Sample pillars
14==============
15
16Neutron Server on the controller node
17
18.. code-block:: yaml
19
20 neutron:
21 server:
22 enabled: true
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]23 version: mitaka
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]24 allow_pagination: true
25 pagination_max_limit: 100
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]26 bind:
27 address: 172.20.0.1
28 port: 9696
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]29 database:
30 engine: mysql
31 host: 127.0.0.1
32 port: 3306
33 name: neutron
34 user: neutron
35 password: pwd
36 identity:
37 engine: keystone
38 host: 127.0.0.1
39 port: 35357
40 user: neutron
41 password: pwd
42 tenant: service
43 message_queue:
44 engine: rabbitmq
45 host: 127.0.0.1
46 port: 5672
47 user: openstack
48 password: pwd
49 virtual_host: '/openstack'
50 metadata:
51 host: 127.0.0.1
52 port: 8775
53 password: pass
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]54 audit:
55 enabled: false
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]56
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]57Note: The pagination is useful to retrieve a large bunch of resources,
58because a single request may fail (timeout). This is enabled with both
59parameters *allow_pagination* and *pagination_max_limit* as shown above.
60
61
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]62Neutron VXLAN tenant networks with Network Nodes (with DVR for East-West
63 and Network node for North-South)
64=========================================================================
65===================================
66
67This use case describes a model utilising VxLAN overlay with DVR. The DVR
68 routers will only be utilized for traffic that is router within the cloud
69 infrastructure and that remains encapsulated. External traffic will be
70 routed to via the network nodes.
71
72The intention is that each tenant will require at least two (2) vrouters
73one to be utilised
74
75Neutron Server only
76-------------------
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]77
78.. code-block:: yaml
79
80 neutron:
81 server:
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]82 version: mitaka
83 plugin: ml2
84 bind:
85 address: 172.20.0.1
86 port: 9696
87 database:
88 engine: mysql
89 host: 127.0.0.1
90 port: 3306
91 name: neutron
92 user: neutron
93 password: pwd
94 identity:
95 engine: keystone
96 host: 127.0.0.1
97 port: 35357
98 user: neutron
99 password: pwd
100 tenant: service
101 message_queue:
102 engine: rabbitmq
103 host: 127.0.0.1
104 port: 5672
105 user: openstack
106 password: pwd
107 virtual_host: '/openstack'
108 global_physnet_mtu: 9000
109 l3_ha: False # Which type of router will be created by default
110 dvr: True # disabled for non DVR use case
111 backend:
112 engine: ml2
113 tenant_network_types: "flat,vxlan"
114 external_mtu: 9000
115 mechanism:
116 ovs:
117 driver: openvswitch
118
119Network Node only
120-----------------
121
122.. code-block:: yaml
123
124 neutron:
125 gateway:
126 enabled: True
127 version: mitaka
128 message_queue:
129 engine: rabbitmq
130 host: 127.0.0.1
131 port: 5672
132 user: openstack
133 password: pwd
134 virtual_host: '/openstack'
135 local_ip: 192.168.20.20 # br-mesh ip address
136 dvr: True # disabled for non DVR use case
137 agent_mode: dvr_snat
138 metadata:
139 host: 127.0.0.1
140 password: pass
141 backend:
142 engine: ml2
143 tenant_network_types: "flat,vxlan"
144 mechanism:
145 ovs:
146 driver: openvswitch
147
148Compute Node
149-------------
150
151.. code-block:: yaml
152
153 neutron:
154 compute:
155 enabled: True
156 version: mitaka
157 message_queue:
158 engine: rabbitmq
159 host: 127.0.0.1
160 port: 5672
161 user: openstack
162 password: pwd
163 virtual_host: '/openstack'
164 local_ip: 192.168.20.20 # br-mesh ip address
165 dvr: True # disabled for non DVR use case
166 agent_mode: dvr
167 external_access: false # Compute node with DVR for east-west only, Network Node has True as default
168 metadata:
169 host: 127.0.0.1
170 password: pass
171 backend:
172 engine: ml2
173 tenant_network_types: "flat,vxlan"
174 mechanism:
175 ovs:
176 driver: openvswitch
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]177 audit:
178 enabled: false
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]179
180Neutron VXLAN tenant networks with Network Nodes (non DVR)
181==========================================================
182
183This section describes a network solution that utilises VxLAN overlay
184 networks without DVR with all routers being managed on the network nodes.
185
186Neutron Server only
187-------------------
188
189.. code-block:: yaml
190
191 neutron:
192 server:
193 version: mitaka
194 plugin: ml2
195 bind:
196 address: 172.20.0.1
197 port: 9696
198 database:
199 engine: mysql
200 host: 127.0.0.1
201 port: 3306
202 name: neutron
203 user: neutron
204 password: pwd
205 identity:
206 engine: keystone
207 host: 127.0.0.1
208 port: 35357
209 user: neutron
210 password: pwd
211 tenant: service
212 message_queue:
213 engine: rabbitmq
214 host: 127.0.0.1
215 port: 5672
216 user: openstack
217 password: pwd
218 virtual_host: '/openstack'
219 global_physnet_mtu: 9000
220 l3_ha: True
221 dvr: False
222 backend:
223 engine: ml2
224 tenant_network_types= "flat,vxlan"
225 external_mtu: 9000
226 mechanism:
227 ovs:
228 driver: openvswitch
229
230Network Node only
231-----------------
232
233.. code-block:: yaml
234
235 neutron:
236 gateway:
237 enabled: True
238 version: mitaka
239 message_queue:
240 engine: rabbitmq
241 host: 127.0.0.1
242 port: 5672
243 user: openstack
244 password: pwd
245 virtual_host: '/openstack'
246 local_ip: 192.168.20.20 # br-mesh ip address
247 dvr: False
248 agent_mode: legacy
249 metadata:
250 host: 127.0.0.1
251 password: pass
252 backend:
253 engine: ml2
254 tenant_network_types: "flat,vxlan"
255 mechanism:
256 ovs:
257 driver: openvswitch
258
259Compute Node
260-------------
261
262.. code-block:: yaml
263
264 neutron:
265 compute:
266 enabled: True
267 version: mitaka
268 message_queue:
269 engine: rabbitmq
270 host: 127.0.0.1
271 port: 5672
272 user: openstack
273 password: pwd
274 virtual_host: '/openstack'
275 local_ip: 192.168.20.20 # br-mesh ip address
276 external_access: False
277 dvr: False
278 backend:
279 engine: ml2
280 tenant_network_types: "flat,vxlan"
281 mechanism:
282 ovs:
283 driver: openvswitch
284
285Neutron VXLAN tenant networks with Network Nodes (with DVR for
286East-West and North-South, DVR everywhere, Network node for SNAT)
287==============================================================
288========================================================
289
290This section describes a network solution that utilises VxLAN
291overlay networks with DVR with North-South and East-West. Network
292Node is used only for SNAT.
293
294Neutron Server only
295-------------------
296
297.. code-block:: yaml
298
299 neutron:
300 server:
301 version: mitaka
302 plugin: ml2
303 bind:
304 address: 172.20.0.1
305 port: 9696
306 database:
307 engine: mysql
308 host: 127.0.0.1
309 port: 3306
310 name: neutron
311 user: neutron
312 password: pwd
313 identity:
314 engine: keystone
315 host: 127.0.0.1
316 port: 35357
317 user: neutron
318 password: pwd
319 tenant: service
320 message_queue:
321 engine: rabbitmq
322 host: 127.0.0.1
323 port: 5672
324 user: openstack
325 password: pwd
326 virtual_host: '/openstack'
327 global_physnet_mtu: 9000
328 l3_ha: False
329 dvr: True
330 backend:
331 engine: ml2
332 tenant_network_types= "flat,vxlan"
333 external_mtu: 9000
334 mechanism:
335 ovs:
336 driver: openvswitch
337
338Network Node only
339-----------------
340
341.. code-block:: yaml
342
343 neutron:
344 gateway:
345 enabled: True
346 version: mitaka
347 message_queue:
348 engine: rabbitmq
349 host: 127.0.0.1
350 port: 5672
351 user: openstack
352 password: pwd
353 virtual_host: '/openstack'
354 local_ip: 192.168.20.20 # br-mesh ip address
355 dvr: True
356 agent_mode: dvr_snat
357 metadata:
358 host: 127.0.0.1
359 password: pass
360 backend:
361 engine: ml2
362 tenant_network_types: "flat,vxlan"
363 mechanism:
364 ovs:
365 driver: openvswitch
366
367Compute Node
368-------------
369
370.. code-block:: yaml
371
372 neutron:
373 compute:
374 enabled: True
375 version: mitaka
376 message_queue:
377 engine: rabbitmq
378 host: 127.0.0.1
379 port: 5672
380 user: openstack
381 password: pwd
382 virtual_host: '/openstack'
383 local_ip: 192.168.20.20 # br-mesh ip address
384 dvr: True
385 external_access: True
386 agent_mode: dvr
387 metadata:
388 host: 127.0.0.1
389 password: pass
390 backend:
391 engine: ml2
392 tenant_network_types: "flat,vxlan"
393 mechanism:
394 ovs:
395 driver: openvswitch
396
397Sample Linux network configuration for DVR
398--------------------------------------------
399
400.. code-block:: yaml
401
402 linux:
403 network:
404 bridge: openvswitch
405 interface:
406 eth1:
407 enabled: true
408 type: eth
409 mtu: 9000
410 proto: manual
411 eth2:
412 enabled: true
413 type: eth
414 mtu: 9000
415 proto: manual
416 eth3:
417 enabled: true
418 type: eth
419 mtu: 9000
420 proto: manual
421 br-int:
422 enabled: true
423 mtu: 9000
424 type: ovs_bridge
425 br-floating:
426 enabled: true
427 mtu: 9000
428 type: ovs_bridge
429 float-to-ex:
430 enabled: true
431 type: ovs_port
432 mtu: 65000
433 bridge: br-floating
434 br-mgmt:
435 enabled: true
436 type: bridge
437 mtu: 9000
438 address: ${_param:single_address}
439 netmask: 255.255.255.0
440 use_interfaces:
441 - eth1
442 br-mesh:
443 enabled: true
444 type: bridge
445 mtu: 9000
446 address: ${_param:tenant_address}
447 netmask: 255.255.255.0
448 use_interfaces:
449 - eth2
450 br-ex:
451 enabled: true
452 type: bridge
453 mtu: 9000
454 address: ${_param:external_address}
455 netmask: 255.255.255.0
456 use_interfaces:
457 - eth3
458 use_ovs_ports:
459 - float-to-ex
460
461Neutron VLAN tenant networks with Network Nodes
462===============================================
463
464VLAN tenant provider
465
466Neutron Server only
467-------------------
468
469.. code-block:: yaml
470
471 neutron:
472 server:
473 version: mitaka
474 plugin: ml2
475 ...
476 global_physnet_mtu: 9000
477 l3_ha: False
478 dvr: True
479 backend:
480 engine: ml2
481 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
482 tenant_vlan_range: "1000:2000"
483 external_vlan_range: "100:200" # Does not have to be defined.
484 external_mtu: 9000
485 mechanism:
486 ovs:
487 driver: openvswitch
488
489Compute node
490-------------------
491
492.. code-block:: yaml
493
494 neutron:
495 compute:
496 version: mitaka
497 plugin: ml2
498 ...
499 dvr: True
500 agent_mode: dvr
501 external_access: False
502 backend:
503 engine: ml2
504 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
505 mechanism:
506 ovs:
507 driver: openvswitch
508
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]509Neutron OVS DPDK
510==================
511
512Enable datapath netdev for neutron openvswitch agent
513
514.. code-block:: yaml
515
516 neutron:
517 server:
518 version: mitaka
519 ...
520 dpdk: True
521 ...
522
523 neutron:
524 compute:
525 version: mitaka
526 plugin: ml2
527 dpdk: True
528 backend:
529 engine: ml2
530 ...
531 mechanism:
532 ovs:
533 driver: openvswitch
534
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]535Neutron OVS SR-IOV
536==================
537
538.. code-block:: yaml
539
540 neutron:
541 server:
542 version: mitaka
543 plugin: ml2
544 backend:
545 engine: ml2
546 ...
547 mechanism:
548 ovs:
549 driver: openvswitch
550 sriov:
551 driver: sriovnicswitch
552
553 neutron:
554 compute:
555 version: mitaka
556 plugin: ml2
557 ...
558 backend:
559 engine: ml2
560 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
561 sriov:
562 nic_one:
563 devname: eth1
564 physical_network: physnet3
565 mechanism:
566 ovs:
567 driver: openvswitch
568
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]569Neutron Server with OpenContrail
570==================================
571
572.. code-block:: yaml
573
574 neutron:
575 server:
576 plugin: contrail
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]577 backend:
578 engine: contrail
579 host: contrail_discovery_host
580 port: 8082
581 user: admin
582 password: password
583 tenant: admin
584 token: token
585
586Neutron Server with Midonet
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]587===========================
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]588
589.. code-block:: yaml
590
591 neutron:
592 server:
593 backend:
594 engine: midonet
595 host: midonet_api_host
596 port: 8181
597 user: admin
598 password: password
599
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]600Other
601=====
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]602
Jakub Pavlik6dd5c0a2016-03-09 14:18:15 +0100[diff] [blame]603Neutron Keystone region
604
605.. code-block:: yaml
606
607 neutron:
608 server:
609 enabled: true
610 version: kilo
611 ...
612 identity:
613 region: RegionTwo
614 ...
615 compute:
616 region: RegionTwo
617 ...
618
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]619
620Client-side RabbitMQ HA setup
621
622.. code-block:: yaml
623
624 neutron:
625 server:
626 ....
627 message_queue:
628 engine: rabbitmq
629 members:
630 - host: 10.0.16.1
631 - host: 10.0.16.2
632 - host: 10.0.16.3
633 user: openstack
634 password: pwd
635 virtual_host: '/openstack'
636 ....
637
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]638Enable auditing filter, ie: CADF
639
640.. code-block:: yaml
641
642 neutron:
643 server:
644 audit:
645 enabled: true
646 ....
647 filter_factory: 'keystonemiddleware.audit:filter_factory'
648 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
649 ....
650 compute:
651 audit:
652 enabled: true
653 ....
654 filter_factory: 'keystonemiddleware.audit:filter_factory'
655 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
656 ....
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]657
658
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]659Client role
660-----------
661
662Neutron networks
663
664.. code-block:: yaml
665
666 neutron:
667 client:
668 enabled: true
669 server:
670 identity:
671 network:
672 inet1:
673 tenant: demo
674 shared: False
675 admin_state_up: True
676 router_external: True
677 provider_physical_network: inet
678 provider_network_type: flat
679 provider_segmentation_id: 2
680 subnet:
681 inet1-subnet1:
682 cidr: 192.168.90.0/24
683 enable_dhcp: False
684 inet2:
685 tenant: admin
686 shared: False
687 router_external: True
688 provider_network_type: "vlan"
689 subnet:
690 inet2-subnet1:
691 cidr: 192.168.92.0/24
692 enable_dhcp: False
693 inet2-subnet2:
694 cidr: 192.168.94.0/24
695 enable_dhcp: True
696 identity1:
697 network:
698 ...
699
700
701Neutron routers
702
703.. code-block:: yaml
704
705 neutron:
706 client:
707 enabled: true
708 server:
709 identity:
710 router:
711 inet1-router:
712 tenant: demo
713 admin_state_up: True
714 gateway_network: inet
715 interfaces:
716 - inet1-subnet1
717 - inet1-subnet2
718 identity1:
719 router:
720 ...
721
722 TODO: implement adding new interfaces to a router while updating it
723
724
725Neutron security groups
726
727.. code-block:: yaml
728
729 neutron:
730 client:
731 enabled: true
732 server:
733 identity:
734 security_group:
735 security_group1:
736 tenant: demo
737 description: security group 1
738 rules:
739 - direction: ingress
740 ethertype: IPv4
741 protocol: TCP
742 port_range_min: 1
743 port_range_max: 65535
744 remote_ip_prefix: 0.0.0.0/0
745 - direction: ingress
746 ethertype: IPv4
747 protocol: UDP
748 port_range_min: 1
749 port_range_max: 65535
750 remote_ip_prefix: 0.0.0.0/0
751 - direction: ingress
752 protocol: ICMP
753 remote_ip_prefix: 0.0.0.0/0
754 identity1:
755 security_group:
756 ...
757
758 TODO: implement updating existing security rules (now it adds new rule if trying to update existing one)
759
Jiri Broulikde2e2902017-02-13 15:03:47 +0100[diff] [blame]760
761Floating IP addresses
762
763.. code-block:: yaml
764
765 neutron:
766 client:
767 enabled: true
768 server:
769 identity:
770 floating_ip:
771 prx01-instance:
772 server: prx01.mk22-lab-basic.local
773 subnet: private-subnet1
774 network: public-net1
775 tenant: demo
776 gtw01-instance:
777 ...
778
779.. note:: The network must have flag router:external set to True.
780 Instance port in the stated subnet will be associated with the dynamically generated floating IP.
781
782
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]783Usage
784=====
785
786Fix RDO Neutron installation
787
788.. code-block:: yaml
789
790 neutron-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini stamp havana
791
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]792Documentation and Bugs
793============================
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]794
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]795To learn how to deploy OpenStack Salt, consult the documentation available
796online at:
797
798 https://wiki.openstack.org/wiki/OpenStackSalt
799
800In the unfortunate event that bugs are discovered, they should be reported to
801the appropriate bug tracker. If you obtained the software from a 3rd party
802operating system vendor, it is often wise to use their own bug tracker for
803reporting problems. In all other cases use the master OpenStack bug tracker,
804available at:
805
806 http://bugs.launchpad.net/openstack-salt
807
808Developers wishing to work on the OpenStack Salt project should always base
809their work on the latest formulas code, available from the master GIT
810repository at:
811
812 https://git.openstack.org/cgit/openstack/salt-formula-neutron
813
814Developers should also join the discussion on the IRC list, at:
815
816 https://wiki.openstack.org/wiki/Meetings/openstack-salt
Filip Pytloun20c0a442017-02-02 13:05:13 +0100[diff] [blame]817
818Documentation and Bugs
819======================
820
821To learn how to install and update salt-formulas, consult the documentation
822available online at:
823
824 http://salt-formulas.readthedocs.io/
825
826In the unfortunate event that bugs are discovered, they should be reported to
827the appropriate issue tracker. Use Github issue tracker for specific salt
828formula:
829
830 https://github.com/salt-formulas/salt-formula-neutron/issues
831
832For feature requests, bug reports or blueprints affecting entire ecosystem,
833use Launchpad salt-formulas project:
834
835 https://launchpad.net/salt-formulas
836
837You can also join salt-formulas-users team and subscribe to mailing list:
838
839 https://launchpad.net/~salt-formulas-users
840
841Developers wishing to work on the salt-formulas projects should always base
842their work on master branch and submit pull request against specific formula.
843
844 https://github.com/salt-formulas/salt-formula-neutron
845
846Any questions or feedback is always welcome so feel free to join our IRC
847channel:
848
849 #salt-formulas @ irc.freenode.net