Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / neutron / dfeddda647fc98774c01eec1f10f6e8d27569deb / . / README.rst
blob: 56f1b5194e3fcbc315c73946ea1e16e639968669 [file] [log] [blame]
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]1===============
2Neutron Formula
3===============
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]4
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]5Neutron is an OpenStack project to provide "networking as a service" between
6interface devices (e.g., vNICs) managed by other Openstack services (e.g.,
7nova).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]8
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]9Starting in the Folsom release, Neutron is a core and supported part of the
10OpenStack platform (for Essex, we were an "incubated" project, which means use
11is suggested only for those who really know what they're doing with Neutron).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]12
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]13Sample Pillars
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]14==============
15
16Neutron Server on the controller node
17
18.. code-block:: yaml
19
20 neutron:
21 server:
22 enabled: true
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]23 version: mitaka
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]24 allow_pagination: true
25 pagination_max_limit: 100
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]26 bind:
27 address: 172.20.0.1
28 port: 9696
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]29 database:
30 engine: mysql
31 host: 127.0.0.1
32 port: 3306
33 name: neutron
34 user: neutron
35 password: pwd
36 identity:
37 engine: keystone
38 host: 127.0.0.1
39 port: 35357
40 user: neutron
41 password: pwd
42 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]43 endpoint_type: internal
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]44 message_queue:
45 engine: rabbitmq
46 host: 127.0.0.1
47 port: 5672
48 user: openstack
49 password: pwd
50 virtual_host: '/openstack'
51 metadata:
52 host: 127.0.0.1
53 port: 8775
54 password: pass
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]55 audit:
56 enabled: false
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]57
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]58Note: The pagination is useful to retrieve a large bunch of resources,
59because a single request may fail (timeout). This is enabled with both
60parameters *allow_pagination* and *pagination_max_limit* as shown above.
61
Dmitry Ukov596ddcf2017-05-04 18:16:16 +0400[diff] [blame]62
63Configuration of policy.json file
64
65.. code-block:: yaml
66
67 neutron:
68 server:
69 ....
70 policy:
71 create_subnet: 'rule:admin_or_network_owner'
72 'get_network:queue_id': 'rule:admin_only'
73 # Add key without value to remove line from policy.json
74 'create_network:shared':
75
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]76Neutron lbaas provides on the controller node
77
78.. code-block:: yaml
79
80 neutron:
81 server:
82 lbaas:
83 enabled: true
84 providers:
85 avi_adc:
86 enabled: true
87 engine: avinetworks
88 controller_address: 10.182.129.239
89 controller_user: admin
90 controller_password: Cloudlab2016
91 controller_cloud_name: Default-Cloud
92 avi_adc2:
93 engine: avinetworks
94 ...
95
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]96Note: If you want contrail lbaas then backend is only required. Lbaas in
97pillar should be define only if it should be disabled.
Ondrej Smola314eee22017-03-08 21:21:16 +0100[diff] [blame]98
99.. code-block:: yaml
100
101 neutron:
102 server:
103 lbaas:
104 enabled: disabled
105
Ondrej Smola12ff8192017-04-28 12:39:11 +0200[diff] [blame]106Enable CORS parameters
107
108.. code-block:: yaml
109
110 neutron:
111 server:
112 cors:
113 allowed_origin: https:localhost.local,http:localhost.local
114 expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
115 allow_methods: GET,PUT,POST,DELETE,PATCH
116 allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
117 allow_credentials: True
118 max_age: 86400
119
120
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]121Neutron VXLAN tenant networks with Network nodes
122------------------------------------------------
Swann Croiset9407daf2017-02-02 15:27:56 +0100[diff] [blame]123
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]124With DVR for East-West and Network node for North-South.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]125
126This use case describes a model utilising VxLAN overlay with DVR. The DVR
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]127routers will only be utilized for traffic that is router within the cloud
128infrastructure and that remains encapsulated. External traffic will be
129routed to via the network nodes.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]130
131The intention is that each tenant will require at least two (2) vrouters
132one to be utilised
133
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]134Neutron Server
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]135
136.. code-block:: yaml
137
138 neutron:
139 server:
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]140 version: mitaka
141 plugin: ml2
142 bind:
143 address: 172.20.0.1
144 port: 9696
145 database:
146 engine: mysql
147 host: 127.0.0.1
148 port: 3306
149 name: neutron
150 user: neutron
151 password: pwd
152 identity:
153 engine: keystone
154 host: 127.0.0.1
155 port: 35357
156 user: neutron
157 password: pwd
158 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]159 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]160 message_queue:
161 engine: rabbitmq
162 host: 127.0.0.1
163 port: 5672
164 user: openstack
165 password: pwd
166 virtual_host: '/openstack'
167 global_physnet_mtu: 9000
168 l3_ha: False # Which type of router will be created by default
169 dvr: True # disabled for non DVR use case
170 backend:
171 engine: ml2
172 tenant_network_types: "flat,vxlan"
173 external_mtu: 9000
174 mechanism:
175 ovs:
176 driver: openvswitch
177
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]178Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]179
180.. code-block:: yaml
181
182 neutron:
183 gateway:
184 enabled: True
185 version: mitaka
186 message_queue:
187 engine: rabbitmq
188 host: 127.0.0.1
189 port: 5672
190 user: openstack
191 password: pwd
192 virtual_host: '/openstack'
193 local_ip: 192.168.20.20 # br-mesh ip address
194 dvr: True # disabled for non DVR use case
195 agent_mode: dvr_snat
196 metadata:
197 host: 127.0.0.1
198 password: pass
199 backend:
200 engine: ml2
201 tenant_network_types: "flat,vxlan"
202 mechanism:
203 ovs:
204 driver: openvswitch
205
206Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]207
208.. code-block:: yaml
209
210 neutron:
211 compute:
212 enabled: True
213 version: mitaka
214 message_queue:
215 engine: rabbitmq
216 host: 127.0.0.1
217 port: 5672
218 user: openstack
219 password: pwd
220 virtual_host: '/openstack'
221 local_ip: 192.168.20.20 # br-mesh ip address
222 dvr: True # disabled for non DVR use case
223 agent_mode: dvr
224 external_access: false # Compute node with DVR for east-west only, Network Node has True as default
225 metadata:
226 host: 127.0.0.1
227 password: pass
228 backend:
229 engine: ml2
230 tenant_network_types: "flat,vxlan"
231 mechanism:
232 ovs:
233 driver: openvswitch
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]234 audit:
235 enabled: false
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]236
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]237
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]238Neutron VXLAN tenant networks with Network Nodes (non DVR)
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]239----------------------------------------------------------
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]240
241This section describes a network solution that utilises VxLAN overlay
242 networks without DVR with all routers being managed on the network nodes.
243
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]244Neutron Server
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]245
246.. code-block:: yaml
247
248 neutron:
249 server:
250 version: mitaka
251 plugin: ml2
252 bind:
253 address: 172.20.0.1
254 port: 9696
255 database:
256 engine: mysql
257 host: 127.0.0.1
258 port: 3306
259 name: neutron
260 user: neutron
261 password: pwd
262 identity:
263 engine: keystone
264 host: 127.0.0.1
265 port: 35357
266 user: neutron
267 password: pwd
268 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]269 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]270 message_queue:
271 engine: rabbitmq
272 host: 127.0.0.1
273 port: 5672
274 user: openstack
275 password: pwd
276 virtual_host: '/openstack'
277 global_physnet_mtu: 9000
278 l3_ha: True
279 dvr: False
280 backend:
281 engine: ml2
282 tenant_network_types= "flat,vxlan"
283 external_mtu: 9000
284 mechanism:
285 ovs:
286 driver: openvswitch
287
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]288Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]289
290.. code-block:: yaml
291
292 neutron:
293 gateway:
294 enabled: True
295 version: mitaka
296 message_queue:
297 engine: rabbitmq
298 host: 127.0.0.1
299 port: 5672
300 user: openstack
301 password: pwd
302 virtual_host: '/openstack'
303 local_ip: 192.168.20.20 # br-mesh ip address
304 dvr: False
305 agent_mode: legacy
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]306 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]307 metadata:
308 host: 127.0.0.1
309 password: pass
310 backend:
311 engine: ml2
312 tenant_network_types: "flat,vxlan"
313 mechanism:
314 ovs:
315 driver: openvswitch
316
317Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]318
319.. code-block:: yaml
320
321 neutron:
322 compute:
323 enabled: True
324 version: mitaka
325 message_queue:
326 engine: rabbitmq
327 host: 127.0.0.1
328 port: 5672
329 user: openstack
330 password: pwd
331 virtual_host: '/openstack'
332 local_ip: 192.168.20.20 # br-mesh ip address
333 external_access: False
334 dvr: False
335 backend:
336 engine: ml2
337 tenant_network_types: "flat,vxlan"
338 mechanism:
339 ovs:
340 driver: openvswitch
341
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]342Neutron VXLAN tenant networks with Network Nodes with DVR
343---------------------------------------------------------
344
345With DVR for East-West and North-South, DVR everywhere, Network node for SNAT.
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]346
347This section describes a network solution that utilises VxLAN
348overlay networks with DVR with North-South and East-West. Network
349Node is used only for SNAT.
350
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]351Neutron Server
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]352
353.. code-block:: yaml
354
355 neutron:
356 server:
357 version: mitaka
358 plugin: ml2
359 bind:
360 address: 172.20.0.1
361 port: 9696
362 database:
363 engine: mysql
364 host: 127.0.0.1
365 port: 3306
366 name: neutron
367 user: neutron
368 password: pwd
369 identity:
370 engine: keystone
371 host: 127.0.0.1
372 port: 35357
373 user: neutron
374 password: pwd
375 tenant: service
Dennis Dmitriev37114722017-03-06 16:52:26 +0200[diff] [blame]376 endpoint_type: internal
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]377 message_queue:
378 engine: rabbitmq
379 host: 127.0.0.1
380 port: 5672
381 user: openstack
382 password: pwd
383 virtual_host: '/openstack'
384 global_physnet_mtu: 9000
385 l3_ha: False
386 dvr: True
387 backend:
388 engine: ml2
389 tenant_network_types= "flat,vxlan"
390 external_mtu: 9000
391 mechanism:
392 ovs:
393 driver: openvswitch
394
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]395Network Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]396
397.. code-block:: yaml
398
399 neutron:
400 gateway:
401 enabled: True
402 version: mitaka
403 message_queue:
404 engine: rabbitmq
405 host: 127.0.0.1
406 port: 5672
407 user: openstack
408 password: pwd
409 virtual_host: '/openstack'
410 local_ip: 192.168.20.20 # br-mesh ip address
411 dvr: True
412 agent_mode: dvr_snat
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]413 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]414 metadata:
415 host: 127.0.0.1
416 password: pass
417 backend:
418 engine: ml2
419 tenant_network_types: "flat,vxlan"
420 mechanism:
421 ovs:
422 driver: openvswitch
423
424Compute Node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]425
426.. code-block:: yaml
427
428 neutron:
429 compute:
430 enabled: True
431 version: mitaka
432 message_queue:
433 engine: rabbitmq
434 host: 127.0.0.1
435 port: 5672
436 user: openstack
437 password: pwd
438 virtual_host: '/openstack'
439 local_ip: 192.168.20.20 # br-mesh ip address
440 dvr: True
441 external_access: True
442 agent_mode: dvr
Simon Pasquierc03af112017-04-10 10:35:14 +0200[diff] [blame]443 availability_zone: az1
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]444 metadata:
445 host: 127.0.0.1
446 password: pass
447 backend:
448 engine: ml2
449 tenant_network_types: "flat,vxlan"
450 mechanism:
451 ovs:
452 driver: openvswitch
453
454Sample Linux network configuration for DVR
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]455
456.. code-block:: yaml
457
458 linux:
459 network:
460 bridge: openvswitch
461 interface:
462 eth1:
463 enabled: true
464 type: eth
465 mtu: 9000
466 proto: manual
467 eth2:
468 enabled: true
469 type: eth
470 mtu: 9000
471 proto: manual
472 eth3:
473 enabled: true
474 type: eth
475 mtu: 9000
476 proto: manual
477 br-int:
478 enabled: true
479 mtu: 9000
480 type: ovs_bridge
481 br-floating:
482 enabled: true
483 mtu: 9000
484 type: ovs_bridge
485 float-to-ex:
486 enabled: true
487 type: ovs_port
488 mtu: 65000
489 bridge: br-floating
490 br-mgmt:
491 enabled: true
492 type: bridge
493 mtu: 9000
494 address: ${_param:single_address}
495 netmask: 255.255.255.0
496 use_interfaces:
497 - eth1
498 br-mesh:
499 enabled: true
500 type: bridge
501 mtu: 9000
502 address: ${_param:tenant_address}
503 netmask: 255.255.255.0
504 use_interfaces:
505 - eth2
506 br-ex:
507 enabled: true
508 type: bridge
509 mtu: 9000
510 address: ${_param:external_address}
511 netmask: 255.255.255.0
512 use_interfaces:
513 - eth3
514 use_ovs_ports:
515 - float-to-ex
516
Thom Gerdes3282d072017-05-30 22:06:04 +0000[diff] [blame]517Additonal VXLAN tenant network settings
518---------------------------------------
519
520The default multicast group of 224.0.0.1 only multicasts to a single subnet.
521Allow overriding it to allow larger underlay network topologies.
522
523Neutron Server
524
525.. code-block:: yaml
526
527 neutron:
528 server:
529 vxlan:
530 group: 239.0.0.0/8
531 vni_ranges: "2:65535"
532
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]533Neutron VLAN tenant networks with Network Nodes
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]534-----------------------------------------------
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]535
536VLAN tenant provider
537
538Neutron Server only
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]539
540.. code-block:: yaml
541
542 neutron:
543 server:
544 version: mitaka
545 plugin: ml2
546 ...
547 global_physnet_mtu: 9000
548 l3_ha: False
549 dvr: True
550 backend:
551 engine: ml2
552 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
553 tenant_vlan_range: "1000:2000"
554 external_vlan_range: "100:200" # Does not have to be defined.
555 external_mtu: 9000
556 mechanism:
557 ovs:
558 driver: openvswitch
559
560Compute node
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]561
562.. code-block:: yaml
563
564 neutron:
565 compute:
566 version: mitaka
567 plugin: ml2
568 ...
569 dvr: True
570 agent_mode: dvr
571 external_access: False
572 backend:
573 engine: ml2
574 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
575 mechanism:
576 ovs:
577 driver: openvswitch
578
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]579Advanced Neutron Features (DPDK, SR-IOV)
580
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]581Neutron OVS DPDK
Jakub Pavlik8f83ccc2017-02-27 11:15:39 +0100[diff] [blame]582
583Enable datapath netdev for neutron openvswitch agent
584
585.. code-block:: yaml
586
587 neutron:
588 server:
589 version: mitaka
590 ...
591 dpdk: True
592 ...
593
594 neutron:
595 compute:
596 version: mitaka
597 plugin: ml2
598 dpdk: True
599 backend:
600 engine: ml2
601 ...
602 mechanism:
603 ovs:
604 driver: openvswitch
605
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]606Neutron OVS SR-IOV
Jakub Pavlik70555cb2017-02-26 18:48:02 +0100[diff] [blame]607
608.. code-block:: yaml
609
610 neutron:
611 server:
612 version: mitaka
613 plugin: ml2
614 backend:
615 engine: ml2
616 ...
617 mechanism:
618 ovs:
619 driver: openvswitch
620 sriov:
621 driver: sriovnicswitch
622
623 neutron:
624 compute:
625 version: mitaka
626 plugin: ml2
627 ...
628 backend:
629 engine: ml2
630 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
631 sriov:
632 nic_one:
633 devname: eth1
634 physical_network: physnet3
635 mechanism:
636 ovs:
637 driver: openvswitch
638
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]639Neutron Server
640--------------
641
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]642Neutron Server with OpenContrail
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]643
644.. code-block:: yaml
645
646 neutron:
647 server:
648 plugin: contrail
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]649 backend:
650 engine: contrail
651 host: contrail_discovery_host
652 port: 8082
653 user: admin
654 password: password
655 tenant: admin
656 token: token
657
658Neutron Server with Midonet
659
660.. code-block:: yaml
661
662 neutron:
663 server:
664 backend:
665 engine: midonet
666 host: midonet_api_host
667 port: 8181
668 user: admin
669 password: password
670
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]671
Jakub Pavlik6dd5c0a2016-03-09 14:18:15 +0100[diff] [blame]672Neutron Keystone region
673
674.. code-block:: yaml
675
676 neutron:
677 server:
678 enabled: true
679 version: kilo
680 ...
681 identity:
682 region: RegionTwo
683 ...
684 compute:
685 region: RegionTwo
686 ...
687
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]688Client-side RabbitMQ HA setup
689
690.. code-block:: yaml
691
692 neutron:
693 server:
694 ....
695 message_queue:
696 engine: rabbitmq
697 members:
698 - host: 10.0.16.1
699 - host: 10.0.16.2
700 - host: 10.0.16.3
701 user: openstack
702 password: pwd
703 virtual_host: '/openstack'
704 ....
705
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]706Enable auditing filter, ie: CADF
707
708.. code-block:: yaml
709
710 neutron:
711 server:
712 audit:
713 enabled: true
714 ....
715 filter_factory: 'keystonemiddleware.audit:filter_factory'
716 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
717 ....
718 compute:
719 audit:
720 enabled: true
721 ....
722 filter_factory: 'keystonemiddleware.audit:filter_factory'
723 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
724 ....
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]725
726
Aleš Komárek41e82312017-04-11 13:37:44 +0200[diff] [blame]727Neutron Client
728--------------
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]729
730Neutron networks
731
732.. code-block:: yaml
733
734 neutron:
735 client:
736 enabled: true
737 server:
738 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]739 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]740 network:
741 inet1:
742 tenant: demo
743 shared: False
744 admin_state_up: True
745 router_external: True
746 provider_physical_network: inet
747 provider_network_type: flat
748 provider_segmentation_id: 2
749 subnet:
750 inet1-subnet1:
751 cidr: 192.168.90.0/24
752 enable_dhcp: False
753 inet2:
754 tenant: admin
755 shared: False
756 router_external: True
757 provider_network_type: "vlan"
758 subnet:
759 inet2-subnet1:
760 cidr: 192.168.92.0/24
761 enable_dhcp: False
762 inet2-subnet2:
763 cidr: 192.168.94.0/24
764 enable_dhcp: True
765 identity1:
766 network:
767 ...
768
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]769Neutron routers
770
771.. code-block:: yaml
772
773 neutron:
774 client:
775 enabled: true
776 server:
777 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]778 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]779 router:
780 inet1-router:
781 tenant: demo
782 admin_state_up: True
783 gateway_network: inet
784 interfaces:
785 - inet1-subnet1
786 - inet1-subnet2
787 identity1:
788 router:
789 ...
790
791 TODO: implement adding new interfaces to a router while updating it
792
793
794Neutron security groups
795
796.. code-block:: yaml
797
798 neutron:
799 client:
800 enabled: true
801 server:
802 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]803 endpoint_type: internalURL
Jiri Broulik5368cc52017-02-08 18:53:59 +0100[diff] [blame]804 security_group:
805 security_group1:
806 tenant: demo
807 description: security group 1
808 rules:
809 - direction: ingress
810 ethertype: IPv4
811 protocol: TCP
812 port_range_min: 1
813 port_range_max: 65535
814 remote_ip_prefix: 0.0.0.0/0
815 - direction: ingress
816 ethertype: IPv4
817 protocol: UDP
818 port_range_min: 1
819 port_range_max: 65535
820 remote_ip_prefix: 0.0.0.0/0
821 - direction: ingress
822 protocol: ICMP
823 remote_ip_prefix: 0.0.0.0/0
824 identity1:
825 security_group:
826 ...
827
828 TODO: implement updating existing security rules (now it adds new rule if trying to update existing one)
829
Jiri Broulikde2e2902017-02-13 15:03:47 +0100[diff] [blame]830
831Floating IP addresses
832
833.. code-block:: yaml
834
835 neutron:
836 client:
837 enabled: true
838 server:
839 identity:
Richard Felklaac256a2017-03-23 15:43:49 +0100[diff] [blame]840 endpoint_type: internalURL
Jiri Broulikde2e2902017-02-13 15:03:47 +0100[diff] [blame]841 floating_ip:
842 prx01-instance:
843 server: prx01.mk22-lab-basic.local
844 subnet: private-subnet1
845 network: public-net1
846 tenant: demo
847 gtw01-instance:
848 ...
849
850.. note:: The network must have flag router:external set to True.
851 Instance port in the stated subnet will be associated with the dynamically generated floating IP.
852
853
Filip Pytloun20c0a442017-02-02 13:05:13 +0100[diff] [blame]854Documentation and Bugs
855======================
856
857To learn how to install and update salt-formulas, consult the documentation
858available online at:
859
860 http://salt-formulas.readthedocs.io/
861
862In the unfortunate event that bugs are discovered, they should be reported to
863the appropriate issue tracker. Use Github issue tracker for specific salt
864formula:
865
866 https://github.com/salt-formulas/salt-formula-neutron/issues
867
868For feature requests, bug reports or blueprints affecting entire ecosystem,
869use Launchpad salt-formulas project:
870
871 https://launchpad.net/salt-formulas
872
873You can also join salt-formulas-users team and subscribe to mailing list:
874
875 https://launchpad.net/~salt-formulas-users
876
877Developers wishing to work on the salt-formulas projects should always base
878their work on master branch and submit pull request against specific formula.
879
880 https://github.com/salt-formulas/salt-formula-neutron
881
882Any questions or feedback is always welcome so feel free to join our IRC
883channel:
884
885 #salt-formulas @ irc.freenode.net