Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / neutron / refs/heads/debian/trusty-bkp / . / README.rst
blob: 084c423c1707b8e9a0ff88ca624f9314009a1633 [file] [log] [blame]
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]1=======================
2Neutron Network Service
3=======================
4
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]5Neutron is an OpenStack project to provide "networking as a service" between
6interface devices (e.g., vNICs) managed by other Openstack services (e.g.,
7nova).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]8
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]9Starting in the Folsom release, Neutron is a core and supported part of the
10OpenStack platform (for Essex, we were an "incubated" project, which means use
11is suggested only for those who really know what they're doing with Neutron).
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]12
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]13Sample pillars
14==============
15
16Neutron Server on the controller node
17
18.. code-block:: yaml
19
20 neutron:
21 server:
22 enabled: true
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]23 version: mitaka
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]24 bind:
25 address: 172.20.0.1
26 port: 9696
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]27 database:
28 engine: mysql
29 host: 127.0.0.1
30 port: 3306
31 name: neutron
32 user: neutron
33 password: pwd
34 identity:
35 engine: keystone
36 host: 127.0.0.1
37 port: 35357
38 user: neutron
39 password: pwd
40 tenant: service
41 message_queue:
42 engine: rabbitmq
43 host: 127.0.0.1
44 port: 5672
45 user: openstack
46 password: pwd
47 virtual_host: '/openstack'
48 metadata:
49 host: 127.0.0.1
50 port: 8775
51 password: pass
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]52 audit:
53 enabled: false
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]54
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]55Neutron VXLAN tenant networks with Network Nodes (with DVR for East-West
56 and Network node for North-South)
57=========================================================================
58===================================
59
60This use case describes a model utilising VxLAN overlay with DVR. The DVR
61 routers will only be utilized for traffic that is router within the cloud
62 infrastructure and that remains encapsulated. External traffic will be
63 routed to via the network nodes.
64
65The intention is that each tenant will require at least two (2) vrouters
66one to be utilised
67
68Neutron Server only
69-------------------
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]70
71.. code-block:: yaml
72
73 neutron:
74 server:
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]75 version: mitaka
76 plugin: ml2
77 bind:
78 address: 172.20.0.1
79 port: 9696
80 database:
81 engine: mysql
82 host: 127.0.0.1
83 port: 3306
84 name: neutron
85 user: neutron
86 password: pwd
87 identity:
88 engine: keystone
89 host: 127.0.0.1
90 port: 35357
91 user: neutron
92 password: pwd
93 tenant: service
94 message_queue:
95 engine: rabbitmq
96 host: 127.0.0.1
97 port: 5672
98 user: openstack
99 password: pwd
100 virtual_host: '/openstack'
101 global_physnet_mtu: 9000
102 l3_ha: False # Which type of router will be created by default
103 dvr: True # disabled for non DVR use case
104 backend:
105 engine: ml2
106 tenant_network_types: "flat,vxlan"
107 external_mtu: 9000
108 mechanism:
109 ovs:
110 driver: openvswitch
111
112Network Node only
113-----------------
114
115.. code-block:: yaml
116
117 neutron:
118 gateway:
119 enabled: True
120 version: mitaka
121 message_queue:
122 engine: rabbitmq
123 host: 127.0.0.1
124 port: 5672
125 user: openstack
126 password: pwd
127 virtual_host: '/openstack'
128 local_ip: 192.168.20.20 # br-mesh ip address
129 dvr: True # disabled for non DVR use case
130 agent_mode: dvr_snat
131 metadata:
132 host: 127.0.0.1
133 password: pass
134 backend:
135 engine: ml2
136 tenant_network_types: "flat,vxlan"
137 mechanism:
138 ovs:
139 driver: openvswitch
140
141Compute Node
142-------------
143
144.. code-block:: yaml
145
146 neutron:
147 compute:
148 enabled: True
149 version: mitaka
150 message_queue:
151 engine: rabbitmq
152 host: 127.0.0.1
153 port: 5672
154 user: openstack
155 password: pwd
156 virtual_host: '/openstack'
157 local_ip: 192.168.20.20 # br-mesh ip address
158 dvr: True # disabled for non DVR use case
159 agent_mode: dvr
160 external_access: false # Compute node with DVR for east-west only, Network Node has True as default
161 metadata:
162 host: 127.0.0.1
163 password: pass
164 backend:
165 engine: ml2
166 tenant_network_types: "flat,vxlan"
167 mechanism:
168 ovs:
169 driver: openvswitch
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]170 audit:
171 enabled: false
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]172
173Neutron VXLAN tenant networks with Network Nodes (non DVR)
174==========================================================
175
176This section describes a network solution that utilises VxLAN overlay
177 networks without DVR with all routers being managed on the network nodes.
178
179Neutron Server only
180-------------------
181
182.. code-block:: yaml
183
184 neutron:
185 server:
186 version: mitaka
187 plugin: ml2
188 bind:
189 address: 172.20.0.1
190 port: 9696
191 database:
192 engine: mysql
193 host: 127.0.0.1
194 port: 3306
195 name: neutron
196 user: neutron
197 password: pwd
198 identity:
199 engine: keystone
200 host: 127.0.0.1
201 port: 35357
202 user: neutron
203 password: pwd
204 tenant: service
205 message_queue:
206 engine: rabbitmq
207 host: 127.0.0.1
208 port: 5672
209 user: openstack
210 password: pwd
211 virtual_host: '/openstack'
212 global_physnet_mtu: 9000
213 l3_ha: True
214 dvr: False
215 backend:
216 engine: ml2
217 tenant_network_types= "flat,vxlan"
218 external_mtu: 9000
219 mechanism:
220 ovs:
221 driver: openvswitch
222
223Network Node only
224-----------------
225
226.. code-block:: yaml
227
228 neutron:
229 gateway:
230 enabled: True
231 version: mitaka
232 message_queue:
233 engine: rabbitmq
234 host: 127.0.0.1
235 port: 5672
236 user: openstack
237 password: pwd
238 virtual_host: '/openstack'
239 local_ip: 192.168.20.20 # br-mesh ip address
240 dvr: False
241 agent_mode: legacy
242 metadata:
243 host: 127.0.0.1
244 password: pass
245 backend:
246 engine: ml2
247 tenant_network_types: "flat,vxlan"
248 mechanism:
249 ovs:
250 driver: openvswitch
251
252Compute Node
253-------------
254
255.. code-block:: yaml
256
257 neutron:
258 compute:
259 enabled: True
260 version: mitaka
261 message_queue:
262 engine: rabbitmq
263 host: 127.0.0.1
264 port: 5672
265 user: openstack
266 password: pwd
267 virtual_host: '/openstack'
268 local_ip: 192.168.20.20 # br-mesh ip address
269 external_access: False
270 dvr: False
271 backend:
272 engine: ml2
273 tenant_network_types: "flat,vxlan"
274 mechanism:
275 ovs:
276 driver: openvswitch
277
278Neutron VXLAN tenant networks with Network Nodes (with DVR for
279East-West and North-South, DVR everywhere, Network node for SNAT)
280==============================================================
281========================================================
282
283This section describes a network solution that utilises VxLAN
284overlay networks with DVR with North-South and East-West. Network
285Node is used only for SNAT.
286
287Neutron Server only
288-------------------
289
290.. code-block:: yaml
291
292 neutron:
293 server:
294 version: mitaka
295 plugin: ml2
296 bind:
297 address: 172.20.0.1
298 port: 9696
299 database:
300 engine: mysql
301 host: 127.0.0.1
302 port: 3306
303 name: neutron
304 user: neutron
305 password: pwd
306 identity:
307 engine: keystone
308 host: 127.0.0.1
309 port: 35357
310 user: neutron
311 password: pwd
312 tenant: service
313 message_queue:
314 engine: rabbitmq
315 host: 127.0.0.1
316 port: 5672
317 user: openstack
318 password: pwd
319 virtual_host: '/openstack'
320 global_physnet_mtu: 9000
321 l3_ha: False
322 dvr: True
323 backend:
324 engine: ml2
325 tenant_network_types= "flat,vxlan"
326 external_mtu: 9000
327 mechanism:
328 ovs:
329 driver: openvswitch
330
331Network Node only
332-----------------
333
334.. code-block:: yaml
335
336 neutron:
337 gateway:
338 enabled: True
339 version: mitaka
340 message_queue:
341 engine: rabbitmq
342 host: 127.0.0.1
343 port: 5672
344 user: openstack
345 password: pwd
346 virtual_host: '/openstack'
347 local_ip: 192.168.20.20 # br-mesh ip address
348 dvr: True
349 agent_mode: dvr_snat
350 metadata:
351 host: 127.0.0.1
352 password: pass
353 backend:
354 engine: ml2
355 tenant_network_types: "flat,vxlan"
356 mechanism:
357 ovs:
358 driver: openvswitch
359
360Compute Node
361-------------
362
363.. code-block:: yaml
364
365 neutron:
366 compute:
367 enabled: True
368 version: mitaka
369 message_queue:
370 engine: rabbitmq
371 host: 127.0.0.1
372 port: 5672
373 user: openstack
374 password: pwd
375 virtual_host: '/openstack'
376 local_ip: 192.168.20.20 # br-mesh ip address
377 dvr: True
378 external_access: True
379 agent_mode: dvr
380 metadata:
381 host: 127.0.0.1
382 password: pass
383 backend:
384 engine: ml2
385 tenant_network_types: "flat,vxlan"
386 mechanism:
387 ovs:
388 driver: openvswitch
389
390Sample Linux network configuration for DVR
391--------------------------------------------
392
393.. code-block:: yaml
394
395 linux:
396 network:
397 bridge: openvswitch
398 interface:
399 eth1:
400 enabled: true
401 type: eth
402 mtu: 9000
403 proto: manual
404 eth2:
405 enabled: true
406 type: eth
407 mtu: 9000
408 proto: manual
409 eth3:
410 enabled: true
411 type: eth
412 mtu: 9000
413 proto: manual
414 br-int:
415 enabled: true
416 mtu: 9000
417 type: ovs_bridge
418 br-floating:
419 enabled: true
420 mtu: 9000
421 type: ovs_bridge
422 float-to-ex:
423 enabled: true
424 type: ovs_port
425 mtu: 65000
426 bridge: br-floating
427 br-mgmt:
428 enabled: true
429 type: bridge
430 mtu: 9000
431 address: ${_param:single_address}
432 netmask: 255.255.255.0
433 use_interfaces:
434 - eth1
435 br-mesh:
436 enabled: true
437 type: bridge
438 mtu: 9000
439 address: ${_param:tenant_address}
440 netmask: 255.255.255.0
441 use_interfaces:
442 - eth2
443 br-ex:
444 enabled: true
445 type: bridge
446 mtu: 9000
447 address: ${_param:external_address}
448 netmask: 255.255.255.0
449 use_interfaces:
450 - eth3
451 use_ovs_ports:
452 - float-to-ex
453
454Neutron VLAN tenant networks with Network Nodes
455===============================================
456
457VLAN tenant provider
458
459Neutron Server only
460-------------------
461
462.. code-block:: yaml
463
464 neutron:
465 server:
466 version: mitaka
467 plugin: ml2
468 ...
469 global_physnet_mtu: 9000
470 l3_ha: False
471 dvr: True
472 backend:
473 engine: ml2
474 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
475 tenant_vlan_range: "1000:2000"
476 external_vlan_range: "100:200" # Does not have to be defined.
477 external_mtu: 9000
478 mechanism:
479 ovs:
480 driver: openvswitch
481
482Compute node
483-------------------
484
485.. code-block:: yaml
486
487 neutron:
488 compute:
489 version: mitaka
490 plugin: ml2
491 ...
492 dvr: True
493 agent_mode: dvr
494 external_access: False
495 backend:
496 engine: ml2
497 tenant_network_types: "flat,vlan" # Can be mixed flat,vlan,vxlan
498 mechanism:
499 ovs:
500 driver: openvswitch
501
502Neutron Server with OpenContrail
503==================================
504
505.. code-block:: yaml
506
507 neutron:
508 server:
509 plugin: contrail
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]510 backend:
511 engine: contrail
512 host: contrail_discovery_host
513 port: 8082
514 user: admin
515 password: password
516 tenant: admin
517 token: token
518
519Neutron Server with Midonet
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]520===========================
marcoa4428a32016-06-10 11:50:16 +0200[diff] [blame]521
522.. code-block:: yaml
523
524 neutron:
525 server:
526 backend:
527 engine: midonet
528 host: midonet_api_host
529 port: 8181
530 user: admin
531 password: password
532
Jiri Broulik74f61112016-11-21 20:23:47 +0100[diff] [blame]533Other
534=====
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]535
Jakub Pavlik6dd5c0a2016-03-09 14:18:15 +0100[diff] [blame]536Neutron Keystone region
537
538.. code-block:: yaml
539
540 neutron:
541 server:
542 enabled: true
543 version: kilo
544 ...
545 identity:
546 region: RegionTwo
547 ...
548 compute:
549 region: RegionTwo
550 ...
551
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]552
553Client-side RabbitMQ HA setup
554
555.. code-block:: yaml
556
557 neutron:
558 server:
559 ....
560 message_queue:
561 engine: rabbitmq
562 members:
563 - host: 10.0.16.1
564 - host: 10.0.16.2
565 - host: 10.0.16.3
566 user: openstack
567 password: pwd
568 virtual_host: '/openstack'
569 ....
570
Petr Michalec61f7ab22016-11-29 16:29:09 +0100[diff] [blame]571Enable auditing filter, ie: CADF
572
573.. code-block:: yaml
574
575 neutron:
576 server:
577 audit:
578 enabled: true
579 ....
580 filter_factory: 'keystonemiddleware.audit:filter_factory'
581 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
582 ....
583 compute:
584 audit:
585 enabled: true
586 ....
587 filter_factory: 'keystonemiddleware.audit:filter_factory'
588 map_file: '/etc/pycadf/neutron_api_audit_map.conf'
589 ....
Jiri Konecny93b19992016-04-12 11:15:39 +0200[diff] [blame]590
591
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]592Usage
593=====
594
595Fix RDO Neutron installation
596
597.. code-block:: yaml
598
599 neutron-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini stamp havana
600
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]601Documentation and Bugs
602============================
Filip Pytlouncd028e42015-10-06 16:28:32 +0200[diff] [blame]603
Jakub Pavlik9ecf0262016-05-20 11:20:58 +0200[diff] [blame]604To learn how to deploy OpenStack Salt, consult the documentation available
605online at:
606
607 https://wiki.openstack.org/wiki/OpenStackSalt
608
609In the unfortunate event that bugs are discovered, they should be reported to
610the appropriate bug tracker. If you obtained the software from a 3rd party
611operating system vendor, it is often wise to use their own bug tracker for
612reporting problems. In all other cases use the master OpenStack bug tracker,
613available at:
614
615 http://bugs.launchpad.net/openstack-salt
616
617Developers wishing to work on the OpenStack Salt project should always base
618their work on the latest formulas code, available from the master GIT
619repository at:
620
621 https://git.openstack.org/cgit/openstack/salt-formula-neutron
622
623Developers should also join the discussion on the IRC list, at:
624
625 https://wiki.openstack.org/wiki/Meetings/openstack-salt