Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / neutron / 9a3f1c572d23843368279990a526db2830d7df1f / . / README.rst
blob: b1a30476ed4d6d0fbfd38ab8e1770760b3335793 [file] [log] [blame]
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]1=======================
2Neutron Network Service
3=======================
4
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]5Neutron is an OpenStack project to provide "networking as a service" between
6interface devices (e.g., vNICs) managed by other Openstack services (e.g.,
7nova).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]8
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]9Starting in the Folsom release, Neutron is a core and supported part of the
10OpenStack platform (for Essex, we were an "incubated" project, which means use
11is suggested only for those who really know what they're doing with Neutron).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]12
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]13Sample pillars
14==============
15
16Neutron Server on the controller node
17
18.. code-block:: yaml
19
20 neutron:
21 server:
22 enabled: true
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]23 version: mitaka
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]24 allow_pagination: true
25 pagination_max_limit: 100
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]26 bind:
27 address: 172.20.0.1
28 port: 9696
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]29 database:
30 engine: mysql
31 host: 127.0.0.1
32 port: 3306
33 name: neutron
34 user: neutron
35 password: pwd
36 identity:
37 engine: keystone
38 host: 127.0.0.1
39 port: 35357
40 user: neutron
41 password: pwd
42 tenant: service
43 message_queue:
44 engine: rabbitmq
45 host: 127.0.0.1
46 port: 5672
47 user: openstack
48 password: pwd
49 virtual_host: '/openstack'
50 metadata:
51 host: 127.0.0.1
52 port: 8775
53 password: pass
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]54 audit:
55 enabled: false
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]56
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]57Note: The pagination is useful to retrieve a large bunch of resources,
58because a single request may fail (timeout). This is enabled with both
59parameters *allow_pagination* and *pagination_max_limit* as shown above.
60
61
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]62Neutron VXLAN tenant networks with Network Nodes (with DVR for East-West
63 and Network node for North-South)
64=========================================================================
65===================================
66
67This use case describes a model utilising VxLAN overlay with DVR. The DVR
68 routers will only be utilized for traffic that is router within the cloud
69 infrastructure and that remains encapsulated. External traffic will be
70 routed to via the network nodes.
71
72The intention is that each tenant will require at least two (2) vrouters
73one to be utilised
74
75Neutron Server only
76-------------------
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]77
78.. code-block:: yaml
79
80 neutron:
81 server:
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]82 version: mitaka
83 plugin: ml2
84 bind:
85 address: 172.20.0.1
86 port: 9696
87 database:
88 engine: mysql
89 host: 127.0.0.1
90 port: 3306
91 name: neutron
92 user: neutron
93 password: pwd
94 identity:
95 engine: keystone
96 host: 127.0.0.1
97 port: 35357
98 user: neutron
99 password: pwd
100 tenant: service
101 message_queue:
102 engine: rabbitmq
103 host: 127.0.0.1
104 port: 5672
105 user: openstack
106 password: pwd
107 virtual_host: '/openstack'
108 global_physnet_mtu: 9000
109 l3_ha: False # Which type of router will be created by default
110 dvr: True # disabled for non DVR use case
111 backend:
112 engine: ml2
113 tenant_network_types: "flat,vxlan"
114 external_mtu: 9000
115 mechanism:
116 ovs:
117 driver: openvswitch
118
119Network Node only
120-----------------
121
122.. code-block:: yaml
123
124 neutron:
125 gateway:
126 enabled: True
127 version: mitaka
128 message_queue:
129 engine: rabbitmq
130 host: 127.0.0.1
131 port: 5672
132 user: openstack
133 password: pwd
134 virtual_host: '/openstack'
135 local_ip: 192.168.20.20 # br-mesh ip address
136 dvr: True # disabled for non DVR use case
137 agent_mode: dvr_snat
138 metadata:
139 host: 127.0.0.1
140 password: pass
141 backend:
142 engine: ml2
143 tenant_network_types: "flat,vxlan"
144 mechanism:
145 ovs:
146 driver: openvswitch
147
148Compute Node
149-------------
150
151.. code-block:: yaml
152
153 neutron:
154 compute:
155 enabled: True
156 version: mitaka
157 message_queue:
158 engine: rabbitmq
159 host: 127.0.0.1
160 port: 5672
161 user: openstack
162 password: pwd
163 virtual_host: '/openstack'
164 local_ip: 192.168.20.20 # br-mesh ip address
165 dvr: True # disabled for non DVR use case
166 agent_mode: dvr
167 external_access: false # Compute node with DVR for east-west only, Network Node has True as default
168 metadata:
169 host: 127.0.0.1
170 password: pass
171 backend:
172 engine: ml2
173 tenant_network_types: "flat,vxlan"
174 mechanism:
175 ovs:
176 driver: openvswitch
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]177 audit:
178 enabled: false
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]179
180Neutron VXLAN tenant networks with Network Nodes (non DVR)
181==========================================================
182
183This section describes a network solution that utilises VxLAN overlay
184 networks without DVR with all routers being managed on the network nodes.
185
186Neutron Server only
187-------------------
188
189.. code-block:: yaml
190
191 neutron:
192 server:
193 version: mitaka
194 plugin: ml2
195 bind:
196 address: 172.20.0.1
197 port: 9696
198 database:
199 engine: mysql
200 host: 127.0.0.1
201 port: 3306
202 name: neutron
203 user: neutron
204 password: pwd
205 identity:
206 engine: keystone
207 host: 127.0.0.1
208 port: 35357
209 user: neutron
210 password: pwd
211 tenant: service
212 message_queue:
213 engine: rabbitmq
214 host: 127.0.0.1
215 port: 5672
216 user: openstack
217 password: pwd
218 virtual_host: '/openstack'
219 global_physnet_mtu: 9000
220 l3_ha: True
221 dvr: False
222 backend:
223 engine: ml2
224 tenant_network_types= "flat,vxlan"
225 external_mtu: 9000
226 mechanism:
227 ovs:
228 driver: openvswitch
229
230Network Node only
231-----------------
232
233.. code-block:: yaml
234
235 neutron:
236 gateway:
237 enabled: True
238 version: mitaka
239 message_queue:
240 engine: rabbitmq
241 host: 127.0.0.1
242 port: 5672
243 user: openstack
244 password: pwd
245 virtual_host: '/openstack'
246 local_ip: 192.168.20.20 # br-mesh ip address
247 dvr: False
248 agent_mode: legacy
249 metadata:
250 host: 127.0.0.1
251 password: pass
252 backend:
253 engine: ml2
254 tenant_network_types: "flat,vxlan"
255 mechanism:
256 ovs:
257 driver: openvswitch
258
259Compute Node
260-------------
261
262.. code-block:: yaml
263
264 neutron:
265 compute:
266 enabled: True
267 version: mitaka
268 message_queue:
269 engine: rabbitmq
270 host: 127.0.0.1
271 port: 5672
272 user: openstack
273 password: pwd
274 virtual_host: '/openstack'
275 local_ip: 192.168.20.20 # br-mesh ip address
276 external_access: False
277 dvr: False
278 backend:
279 engine: ml2
280 tenant_network_types: "flat,vxlan"
281 mechanism:
282 ovs:
283 driver: openvswitch
284
285Neutron VXLAN tenant networks with Network Nodes (with DVR for
286East-West and North-South, DVR everywhere, Network node for SNAT)
287==============================================================
288========================================================
289
290This section describes a network solution that utilises VxLAN
291overlay networks with DVR with North-South and East-West. Network
292Node is used only for SNAT.
293
294Neutron Server only
295-------------------
296
297.. code-block:: yaml
298
299 neutron:
300 server:
301 version: mitaka
302 plugin: ml2
303 bind:
304 address: 172.20.0.1
305 port: 9696
306 database:
307 engine: mysql
308 host: 127.0.0.1
309 port: 3306
310 name: neutron
311 user: neutron
312 password: pwd
313 identity:
314 engine: keystone
315 host: 127.0.0.1
316 port: 35357
317 user: neutron
318 password: pwd
319 tenant: service
320 message_queue:
321 engine: rabbitmq
322 host: 127.0.0.1
323 port: 5672
324 user: openstack
325 password: pwd
326 virtual_host: '/openstack'
327 global_physnet_mtu: 9000
328 l3_ha: False
329 dvr: True
330 backend:
331 engine: ml2
332 tenant_network_types= "flat,vxlan"
333 external_mtu: 9000
334 mechanism:
335 ovs:
336 driver: openvswitch
337
338Network Node only
339-----------------
340
341.. code-block:: yaml
342
343 neutron:
344 gateway:
345 enabled: True
346 version: mitaka
347 message_queue:
348 engine: rabbitmq
349 host: 127.0.0.1
350 port: 5672
351 user: openstack
352 password: pwd
353 virtual_host: '/openstack'
354 local_ip: 192.168.20.20 # br-mesh ip address
355 dvr: True
356 agent_mode: dvr_snat
357 metadata:
358 host: 127.0.0.1
359 password: pass
360 backend:
361 engine: ml2
362 tenant_network_types: "flat,vxlan"
363 mechanism:
364 ovs:
365 driver: openvswitch
366
367Compute Node
368-------------
369
370.. code-block:: yaml
371
372 neutron:
373 compute:
374 enabled: True
375 version: mitaka
376 message_queue:
377 engine: rabbitmq
378 host: 127.0.0.1
379 port: 5672
380 user: openstack
381 password: pwd
382 virtual_host: '/openstack'
383 local_ip: 192.168.20.20 # br-mesh ip address
384 dvr: True
385 external_access: True
386 agent_mode: dvr
387 metadata:
388 host: 127.0.0.1
389 password: pass
390 backend:
391 engine: ml2
392 tenant_network_types: "flat,vxlan"
393 mechanism:
394 ovs:
395 driver: openvswitch
396
397Sample Linux network configuration for DVR
398--------------------------------------------
399
400.. code-block:: yaml
401
402 linux:
403 network:
404 bridge: openvswitch
405 interface:
406 eth1:
407 enabled: true
408 type: eth
409 mtu: 9000
410 proto: manual
411 eth2:
412 enabled: true
413 type: eth
414 mtu: 9000
415 proto: manual
416 eth3:
417 enabled: true
418 type: eth
419 mtu: 9000
420 proto: manual
421 br-int:
422 enabled: true
423 mtu: 9000
424 type: ovs_bridge
425 br-floating:
426 enabled: true
427 mtu: 9000
428 type: ovs_bridge
429 float-to-ex:
430 enabled: true
431 type: ovs_port
432 mtu: 65000
433 bridge: br-floating
434 br-mgmt:
435 enabled: true
436 type: bridge
437 mtu: 9000
438 address: ${_param:single_address}
439 netmask: 255.255.255.0
440 use_interfaces:
441 - eth1
442 br-mesh:
443 enabled: true
444 type: bridge
445 mtu: 9000
446 address: ${_param:tenant_address}
447 netmask: 255.255.255.0
448 use_interfaces:
449 - eth2
450 br-ex:
451 enabled: true
452 type: bridge
453 mtu: 9000
454 address: ${_param:external_address}
455 netmask: 255.255.255.0
456 use_interfaces:
457 - eth3
458 use_ovs_ports:
459 - float-to-ex
460
461Neutron VLAN tenant networks with Network Nodes
462===============================================
463
464VLAN tenant provider
465
466Neutron Server only
467-------------------
468
469.. code-block:: yaml
470
471 neutron:
472 server:
473 version: mitaka
474 plugin: ml2
475 ...
476 global_physnet_mtu: 9000
477 l3_ha: False
478 dvr: True
479 backend:
480 engine: ml2
481 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
482 tenant_vlan_range: "1000:2000"
483 external_vlan_range: "100:200" # Does not have to be defined.
484 external_mtu: 9000
485 mechanism:
486 ovs:
487 driver: openvswitch
488
489Compute node
490-------------------
491
492.. code-block:: yaml
493
494 neutron:
495 compute:
496 version: mitaka
497 plugin: ml2
498 ...
499 dvr: True
500 agent_mode: dvr
501 external_access: False
502 backend:
503 engine: ml2
504 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
505 mechanism:
506 ovs:
507 driver: openvswitch
508
509Neutron Server with OpenContrail
510==================================
511
512.. code-block:: yaml
513
514 neutron:
515 server:
516 plugin: contrail
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]517 backend:
518 engine: contrail
519 host: contrail_discovery_host
520 port: 8082
521 user: admin
522 password: password
523 tenant: admin
524 token: token
525
526Neutron Server with Midonet
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]527===========================
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]528
529.. code-block:: yaml
530
531 neutron:
532 server:
533 backend:
534 engine: midonet
535 host: midonet_api_host
536 port: 8181
537 user: admin
538 password: password
539
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]540Other
541=====
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]542
Jakub Pavlik6dd5c0a2016-03-09 14:18:15 +0100[diff] [blame]543Neutron Keystone region
544
545.. code-block:: yaml
546
547 neutron:
548 server:
549 enabled: true
550 version: kilo
551 ...
552 identity:
553 region: RegionTwo
554 ...
555 compute:
556 region: RegionTwo
557 ...
558
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]559
560Client-side RabbitMQ HA setup
561
562.. code-block:: yaml
563
564 neutron:
565 server:
566 ....
567 message_queue:
568 engine: rabbitmq
569 members:
570 - host: 10.0.16.1
571 - host: 10.0.16.2
572 - host: 10.0.16.3
573 user: openstack
574 password: pwd
575 virtual_host: '/openstack'
576 ....
577
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]578Enable auditing filter, ie: CADF
579
580.. code-block:: yaml
581
582 neutron:
583 server:
584 audit:
585 enabled: true
586 ....
587 filter_factory: 'keystonemiddleware.audit:filter_factory'
588 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
589 ....
590 compute:
591 audit:
592 enabled: true
593 ....
594 filter_factory: 'keystonemiddleware.audit:filter_factory'
595 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
596 ....
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]597
598
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]599Client role
600-----------
601
602Neutron networks
603
604.. code-block:: yaml
605
606 neutron:
607 client:
608 enabled: true
609 server:
610 identity:
611 network:
612 inet1:
613 tenant: demo
614 shared: False
615 admin_state_up: True
616 router_external: True
617 provider_physical_network: inet
618 provider_network_type: flat
619 provider_segmentation_id: 2
620 subnet:
621 inet1-subnet1:
622 cidr: 192.168.90.0/24
623 enable_dhcp: False
624 inet2:
625 tenant: admin
626 shared: False
627 router_external: True
628 provider_network_type: "vlan"
629 subnet:
630 inet2-subnet1:
631 cidr: 192.168.92.0/24
632 enable_dhcp: False
633 inet2-subnet2:
634 cidr: 192.168.94.0/24
635 enable_dhcp: True
636 identity1:
637 network:
638 ...
639
640
641Neutron routers
642
643.. code-block:: yaml
644
645 neutron:
646 client:
647 enabled: true
648 server:
649 identity:
650 router:
651 inet1-router:
652 tenant: demo
653 admin_state_up: True
654 gateway_network: inet
655 interfaces:
656 - inet1-subnet1
657 - inet1-subnet2
658 identity1:
659 router:
660 ...
661
662 TODO: implement adding new interfaces to a router while updating it
663
664
665Neutron security groups
666
667.. code-block:: yaml
668
669 neutron:
670 client:
671 enabled: true
672 server:
673 identity:
674 security_group:
675 security_group1:
676 tenant: demo
677 description: security group 1
678 rules:
679 - direction: ingress
680 ethertype: IPv4
681 protocol: TCP
682 port_range_min: 1
683 port_range_max: 65535
684 remote_ip_prefix: 0.0.0.0/0
685 - direction: ingress
686 ethertype: IPv4
687 protocol: UDP
688 port_range_min: 1
689 port_range_max: 65535
690 remote_ip_prefix: 0.0.0.0/0
691 - direction: ingress
692 protocol: ICMP
693 remote_ip_prefix: 0.0.0.0/0
694 identity1:
695 security_group:
696 ...
697
698 TODO: implement updating existing security rules (now it adds new rule if trying to update existing one)
699
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]700Usage
701=====
702
703Fix RDO Neutron installation
704
705.. code-block:: yaml
706
707 neutron-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini stamp havana
708
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]709Documentation and Bugs
710============================
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]711
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]712To learn how to deploy OpenStack Salt, consult the documentation available
713online at:
714
715 https://wiki.openstack.org/wiki/OpenStackSalt
716
717In the unfortunate event that bugs are discovered, they should be reported to
718the appropriate bug tracker. If you obtained the software from a 3rd party
719operating system vendor, it is often wise to use their own bug tracker for
720reporting problems. In all other cases use the master OpenStack bug tracker,
721available at:
722
723 http://bugs.launchpad.net/openstack-salt
724
725Developers wishing to work on the OpenStack Salt project should always base
726their work on the latest formulas code, available from the master GIT
727repository at:
728
729 https://git.openstack.org/cgit/openstack/salt-formula-neutron
730
731Developers should also join the discussion on the IRC list, at:
732
733 https://wiki.openstack.org/wiki/Meetings/openstack-salt
Filip Pytloun20c0a442017-02-02 13:05:13 +0100[diff] [blame]734
735Documentation and Bugs
736======================
737
738To learn how to install and update salt-formulas, consult the documentation
739available online at:
740
741 http://salt-formulas.readthedocs.io/
742
743In the unfortunate event that bugs are discovered, they should be reported to
744the appropriate issue tracker. Use Github issue tracker for specific salt
745formula:
746
747 https://github.com/salt-formulas/salt-formula-neutron/issues
748
749For feature requests, bug reports or blueprints affecting entire ecosystem,
750use Launchpad salt-formulas project:
751
752 https://launchpad.net/salt-formulas
753
754You can also join salt-formulas-users team and subscribe to mailing list:
755
756 https://launchpad.net/~salt-formulas-users
757
758Developers wishing to work on the salt-formulas projects should always base
759their work on master branch and submit pull request against specific formula.
760
761 https://github.com/salt-formulas/salt-formula-neutron
762
763Any questions or feedback is always welcome so feel free to join our IRC
764channel:
765
766 #salt-formulas @ irc.freenode.net