summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTiago Gomes <tiago.gomes@codethink.co.uk>2015-05-19 14:13:07 +0000
committerPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-06-04 13:49:08 +0000
commitde61ed40892c98a9a38bca23bc83257a78da3622 (patch)
treeed5b2ba1d8b4505415bc21a66ceb6efa6a34de84
parentcb1d7e655854c858f5ce1a7c99d105c2a8fee0fa (diff)
downloaddefinitions-de61ed40892c98a9a38bca23bc83257a78da3622.tar.gz
Neutron: update configuration files to Kilo
This commit updates the Neutron's configuration files to be the factory versions for the Kilo release. Our custom configuration will be re-added in a following commit. Also install configuration files which will are not going to be modified in the following commit, in the post-install-commands for the chunk; as opposite to having them laying around in the repo and installing them with the install-files configuration extension.
-rw-r--r--install-files/openstack/manifest61
-rw-r--r--install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini30
-rw-r--r--install-files/openstack/usr/share/openstack/neutron/l3_agent.ini44
-rw-r--r--install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini26
-rw-r--r--install-files/openstack/usr/share/openstack/neutron/neutron.conf589
-rw-r--r--install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini53
-rw-r--r--strata/openstack-services/neutron.morph24
7 files changed, 596 insertions, 231 deletions
diff --git a/install-files/openstack/manifest b/install-files/openstack/manifest
index 8193309c..1ecaa5ec 100644
--- a/install-files/openstack/manifest
+++ b/install-files/openstack/manifest
@@ -43,70 +43,13 @@ template 0100644 0 0 /etc/tempest/tempest.conf
0040755 0 0 /usr/share/openstack/neutron
0100644 0 0 /usr/share/openstack/neutron-config.yml
0100644 0 0 /usr/share/openstack/neutron-db.yml
-0100644 0 0 /usr/share/openstack/neutron/neutron.conf
-0100644 0 0 /usr/share/openstack/neutron/api-paste.ini
-0100644 0 0 /usr/share/openstack/neutron/policy.json
-0100644 0 0 /usr/share/openstack/neutron/l3_agent.ini
0100644 0 0 /usr/share/openstack/neutron/dhcp_agent.ini
-0100644 0 0 /usr/share/openstack/neutron/lbaas_agent.ini
+0100644 0 0 /usr/share/openstack/neutron/l3_agent.ini
+0100644 0 0 /usr/share/openstack/neutron/neutron.conf
0100644 0 0 /usr/share/openstack/neutron/metadata_agent.ini
-0100644 0 0 /usr/share/openstack/neutron/fwaas_driver.ini
-0100644 0 0 /usr/share/openstack/neutron/metering_agent.ini
-0100644 0 0 /usr/share/openstack/neutron/vpn_agent.ini
0040755 0 0 /usr/share/openstack/neutron/plugins/
-0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch
-0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl
-0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs
-0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs
-0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README
-0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README
-0040755 0 0 /usr/share/openstack/neutron/plugins/brocade
-0100644 0 0 /usr/share/openstack/neutron/plugins/brocade/brocade.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/cisco
-0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini
-0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini
-0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini
-0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/embrane
-0100644 0 0 /usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/hyperv
-0100644 0 0 /usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/ibm
-0100644 0 0 /usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/linuxbridge
-0100644 0 0 /usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/metaplugin
-0100644 0 0 /usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/midonet
-0100644 0 0 /usr/share/openstack/neutron/plugins/midonet/midonet.ini
0040755 0 0 /usr/share/openstack/neutron/plugins/ml2
0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
-0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini
-0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini
-0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini
-0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini
-0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini
-0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini
-0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini
-0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini
-0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/mlnx
-0100644 0 0 /usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/nec
-0100644 0 0 /usr/share/openstack/neutron/plugins/nec/nec.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/nuage
-0100644 0 0 /usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/oneconvergence
-0100644 0 0 /usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/opencontrail
-0100644 0 0 /usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/openvswitch
-0100644 0 0 /usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/plumgrid
-0100644 0 0 /usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini
-0040755 0 0 /usr/share/openstack/neutron/plugins/vmware
-0100644 0 0 /usr/share/openstack/neutron/plugins/vmware/nsx.ini
0040755 0 0 /usr/share/openstack/nova
0100644 0 0 /usr/share/openstack/nova-config.yml
0100644 0 0 /usr/share/openstack/nova-db.yml
diff --git a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini
index c6c2b9a7..a0adccaa 100644
--- a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini
+++ b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini
@@ -1,7 +1,6 @@
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
# debug = False
-use_syslog = True
# The DHCP agent will resync its state with Neutron to recover from any
# transient notification or rpc errors. The interval is number of
@@ -14,7 +13,7 @@ use_syslog = True
# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP,
# BigSwitch/Floodlight)
-interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# Name of Open vSwitch bridge to use
# ovs_integration_bridge = br-int
@@ -29,18 +28,20 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires
# no additional setup of the DHCP server.
-dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
-# iproute2 package that supports namespaces).
-use_namespaces = True
+# iproute2 package that supports namespaces). This option is deprecated and
+# will be removed in a future release, at which point the old behavior of
+# use_namespaces = True will be enforced.
+# use_namespaces = True
# The DHCP server can assist with providing metadata support on isolated
# networks. Setting this value to True will cause the DHCP server to append
# specific host routes to the DHCP request. The metadata service will only
# be activated when the subnet does not contain any router port. The guest
# instance must be configured to request host routes via DHCP (Option 121).
-enable_isolated_metadata = True
+# enable_isolated_metadata = False
# Allows for serving metadata requests coming from a dedicated metadata
# access network whose cidr is 169.254.169.254/16 (or larger prefix), and
@@ -73,16 +74,15 @@ enable_isolated_metadata = True
# Location to DHCP lease relay UNIX domain socket
# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay
-# Location of Metadata Proxy UNIX domain socket
-# metadata_proxy_socket = $state_path/metadata_proxy
+# Use broadcast in DHCP replies
+# dhcp_broadcast_reply = False
-# dhcp_delete_namespaces, which is false by default, can be set to True if
-# namespaces can be deleted cleanly on the host running the dhcp agent.
-# Do not enable this until you understand the problem with the Linux iproute
-# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and
-# you are sure that your version of iproute does not suffer from the problem.
-# If True, namespaces will be deleted when a dhcp server is disabled.
-# dhcp_delete_namespaces = False
+# dhcp_delete_namespaces, which is True by default, can be set to False if
+# namespaces can't be deleted cleanly on the host running the DHCP agent.
+# Disable this if you hit the issue in
+# https://bugs.launchpad.net/neutron/+bug/1052535 or if
+# you are sure that your version of iproute suffers from the problem.
+# dhcp_delete_namespaces = True
# Timeout for ovs-vsctl commands.
# If the timeout expires, ovs commands will fail with ALARMCLOCK error.
diff --git a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini
index 000cd997..0d56436b 100644
--- a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini
+++ b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini
@@ -1,7 +1,6 @@
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
# debug = False
-use_syslog = True
# L3 requires that an interface driver be set. Choose the one that best
# matches your plugin.
@@ -9,7 +8,7 @@ use_syslog = True
# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC)
# that supports L3 agent
-interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# Use veth for an OVS interface or not.
# Support kernels with limited namespace support
@@ -20,8 +19,10 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
-# iproute2 package that supports namespaces).
-use_namespaces = True
+# iproute2 package that supports namespaces). This option is deprecated and
+# will be removed in a future release, at which point the old behavior of
+# use_namespaces = True will be enforced.
+# use_namespaces = True
# If use_namespaces is set as False then the agent can only configure one router.
@@ -35,6 +36,20 @@ use_namespaces = True
# must be left empty.
# gateway_external_network_id =
+# With IPv6, the network used for the external gateway does not need
+# to have an associated subnet, since the automatically assigned
+# link-local address (LLA) can be used. However, an IPv6 gateway address
+# is needed for use as the next-hop for the default route. If no IPv6
+# gateway address is configured here, (and only then) the neutron router
+# will be configured to get its default route from router advertisements (RAs)
+# from the upstream router; in which case the upstream router must also be
+# configured to send these RAs.
+# The ipv6_gateway, when configured, should be the LLA of the interface
+# on the upstream router. If a next-hop using a global unique address (GUA)
+# is desired, it needs to be done via a subnet allocated to the network
+# and not through this parameter.
+# ipv6_gateway =
+
# Indicates that this L3 agent should also handle routers that do not have
# an external network gateway configured. This option should be True only
# for a single agent in a Neutron deployment, and may be False for all agents
@@ -44,7 +59,7 @@ use_namespaces = True
# Name of bridge used for external network traffic. This should be set to
# empty value for the linux bridge. when this parameter is set, each L3 agent
# can be associated with no more than one external network.
-external_network_bridge = br-ex
+# external_network_bridge = br-ex
# TCP Port used by Neutron metadata server
# metadata_port = 9697
@@ -64,16 +79,19 @@ external_network_bridge = br-ex
# if the Nova metadata server is not available
# enable_metadata_proxy = True
-# Location of Metadata Proxy UNIX domain socket
-# metadata_proxy_socket = $state_path/metadata_proxy
+# Iptables mangle mark used to mark metadata valid requests
+# metadata_access_mark = 0x1
+
+# Iptables mangle mark used to mark ingress from external network
+# external_ingress_mark = 0x2
-# router_delete_namespaces, which is false by default, can be set to True if
-# namespaces can be deleted cleanly on the host running the L3 agent.
-# Do not enable this until you understand the problem with the Linux iproute
-# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and
-# you are sure that your version of iproute does not suffer from the problem.
+# router_delete_namespaces, which is True by default, can be set to False if
+# namespaces can't be deleted cleanly on the host running the L3 agent.
+# Disable this if you hit the issue in
+# https://bugs.launchpad.net/neutron/+bug/1052535 or if
+# you are sure that your version of iproute suffers from the problem.
# If True, namespaces will be deleted when a router is destroyed.
-# router_delete_namespaces = False
+# router_delete_namespaces = True
# Timeout for ovs-vsctl commands.
# If the timeout expires, ovs commands will fail with ALARMCLOCK error.
diff --git a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini
index ed238770..4a0331ee 100644
--- a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini
+++ b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini
@@ -1,24 +1,23 @@
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
# debug = True
-use_syslog = True
# The Neutron user information for accessing the Neutron API.
-auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
-auth_region = regionOne
+auth_url = http://localhost:5000/v2.0
+auth_region = RegionOne
# Turn off verification of the certificate for ssl
# auth_insecure = False
# Certificate Authority public key (CA cert) file for ssl
# auth_ca_cert =
-admin_tenant_name = service
-admin_user = {{ NEUTRON_SERVICE_USER }}
-admin_password = {{ NEUTRON_SERVICE_PASSWORD }}
+admin_tenant_name = %SERVICE_TENANT_NAME%
+admin_user = %SERVICE_USER%
+admin_password = %SERVICE_PASSWORD%
# Network service endpoint type to pull from the keystone catalog
# endpoint_type = adminURL
# IP address used by Nova metadata server
-nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }}
+# nova_metadata_ip = 127.0.0.1
# TCP Port used by Nova metadata server
# nova_metadata_port = 8775
@@ -40,12 +39,21 @@ nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }}
# When proxying metadata requests, Neutron signs the Instance-ID header with a
# shared secret to prevent spoofing. You may select any string for a secret,
# but it must match here and in the configuration used by the Nova Metadata
-# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret
-metadata_proxy_shared_secret = {{ METADATA_PROXY_SHARED_SECRET }}
+# Server. NOTE: Nova uses the same config key, but in [neutron] section.
+# metadata_proxy_shared_secret =
# Location of Metadata Proxy UNIX domain socket
# metadata_proxy_socket = $state_path/metadata_proxy
+# Metadata Proxy UNIX domain socket mode, 3 values allowed:
+# 'deduce': deduce mode from metadata_proxy_user/group values,
+# 'user': set metadata proxy socket mode to 0o644, to use when
+# metadata_proxy_user is agent effective user or root,
+# 'group': set metadata proxy socket mode to 0o664, to use when
+# metadata_proxy_group is agent effective group,
+# 'all': set metadata proxy socket mode to 0o666, to use otherwise.
+# metadata_proxy_socket_mode = deduce
+
# Number of separate worker processes for metadata server. Defaults to
# half the number of CPU cores
# metadata_workers =
diff --git a/install-files/openstack/usr/share/openstack/neutron/neutron.conf b/install-files/openstack/usr/share/openstack/neutron/neutron.conf
index 51de7464..ee42954b 100644
--- a/install-files/openstack/usr/share/openstack/neutron/neutron.conf
+++ b/install-files/openstack/usr/share/openstack/neutron/neutron.conf
@@ -17,10 +17,7 @@
# Where to store Neutron state files. This directory must be writable by the
# user executing the agent.
-state_path = /var/lib/neutron
-
-# Where to store lock files
-lock_path = $state_path/lock
+# state_path = /var/lib/neutron
# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
# log_date_format = %Y-%m-%d %H:%M:%S
@@ -32,8 +29,7 @@ lock_path = $state_path/lock
# (not user_stderr) and (not log_file) -> stdout
# publish_errors -> notification system
-use_syslog = True
-
+# use_syslog = False
# syslog_log_facility = LOG_USER
# use_stderr = True
@@ -61,7 +57,7 @@ use_syslog = True
# previous versions, the class name of a plugin can be specified instead of its
# entrypoint name.
#
-core_plugin = ml2
+# core_plugin =
# Example: core_plugin = ml2
# (ListOpt) List of service plugin entrypoints to be loaded from the
@@ -70,15 +66,22 @@ core_plugin = ml2
# with previous versions, the class name of a plugin can be specified instead
# of its entrypoint name.
#
-service_plugins = router
+# service_plugins =
# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
# Paste configuration file
-api_paste_config = api-paste.ini
+# api_paste_config = api-paste.ini
+
+# (StrOpt) Hostname to be used by the neutron server, agents and services
+# running on this machine. All the agents and services running on this machine
+# must use the same host value.
+# The default value is hostname of the machine.
+#
+# host =
# The strategy to be used for auth.
# Supported values are 'keystone'(default), 'noauth'.
-auth_strategy = keystone
+# auth_strategy = keystone
# Base MAC address. The first 3 octets will remain unchanged. If the
# 4h octet is not 00, it will also be used. The others will be
@@ -115,7 +118,7 @@ auth_strategy = keystone
# Enable or disable overlapping IPs for subnets
# Attention: the following parameter MUST be set to False if Neutron is
# being used in conjunction with nova security groups
-allow_overlapping_ips = True
+# allow_overlapping_ips = False
# Ensure that configured gateway is on subnet. For IPv6, validate only if
# gateway is not a link local address. Deprecated, to be removed during the
# K release, at which point the check will be mandatory.
@@ -140,6 +143,29 @@ allow_overlapping_ips = True
# Maximum number of routes per router
# max_routes = 30
+# Default Subnet Pool to be used for IPv4 subnet-allocation.
+# Specifies by UUID the pool to be used in case of subnet-create being called
+# without a subnet-pool ID. The default of None means that no pool will be
+# used unless passed explicitly to subnet create. If no pool is used, then a
+# CIDR must be passed to create a subnet and that subnet will not be allocated
+# from any pool; it will be considered part of the tenant's private address
+# space.
+# default_ipv4_subnet_pool =
+
+# Default Subnet Pool to be used for IPv6 subnet-allocation.
+# Specifies by UUID the pool to be used in case of subnet-create being
+# called without a subnet-pool ID. Set to "prefix_delegation"
+# to enable IPv6 Prefix Delegation in a PD-capable environment.
+# See the description for default_ipv4_subnet_pool for more information.
+# default_ipv6_subnet_pool =
+
+# =========== items for MTU selection and advertisement =============
+# Advertise MTU. If True, effort is made to advertise MTU
+# settings to VMs via network methods (ie. DHCP and RA MTU options)
+# when the network's preferred MTU is known.
+# advertise_mtu = False
+# ======== end of items for MTU selection and advertisement =========
+
# =========== items for agent management extension =============
# Seconds to regard the agent as down; should be at least twice
# report_interval, to be sure the agent is down for good
@@ -154,6 +180,23 @@ allow_overlapping_ips = True
# Driver to use for scheduling a loadbalancer pool to an lbaas agent
# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
+# (StrOpt) Representing the resource type whose load is being reported by
+# the agent.
+# This can be 'networks','subnets' or 'ports'. When specified (Default is networks),
+# the server will extract particular load sent as part of its agent configuration object
+# from the agent report state, which is the number of resources being consumed, at
+# every report_interval.
+# dhcp_load_type can be used in combination with network_scheduler_driver =
+# neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
+# When the network_scheduler_driver is WeightScheduler, dhcp_load_type can
+# be configured to represent the choice for the resource being balanced.
+# Example: dhcp_load_type = networks
+# Values:
+# networks - number of networks hosted on the agent
+# subnets - number of subnets associated with the networks hosted on the agent
+# ports - number of ports associated with the networks hosted on the agent
+# dhcp_load_type = networks
+
# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
# networks to first DHCP agent which sends get_active_networks message to
# neutron server
@@ -167,10 +210,25 @@ allow_overlapping_ips = True
# admin_state_up set to True to alive agents.
# allow_automatic_l3agent_failover = False
-# Number of DHCP agents scheduled to host a network. This enables redundant
-# DHCP agents for configured networks.
+# Allow automatic removal of networks from dead DHCP agents with
+# admin_state_up set to True.
+# Networks could then be rescheduled if network_auto_schedule is True
+# allow_automatic_dhcp_failover = True
+
+# Number of DHCP agents scheduled to host a tenant network.
+# If this number is greater than 1, the scheduler automatically
+# assigns multiple DHCP agents for a given tenant network,
+# providing high availability for DHCP service.
# dhcp_agents_per_network = 1
+# Enable services on agents with admin_state_up False.
+# If this option is False, when admin_state_up of an agent is turned to
+# False, services on it will be disabled. If this option is True, services
+# on agents with admin_state_up False keep available and manual scheduling
+# to such agents is available. Agents with admin_state_up False are not
+# selected for automatic scheduling regardless of this option.
+# enable_services_on_agents_with_admin_state_down = False
+
# =========== end of items for agent scheduler extension =====
# =========== items for l3 extension ==============
@@ -187,8 +245,39 @@ allow_overlapping_ips = True
#
# CIDR of the administrative network if HA mode is enabled
# l3_ha_net_cidr = 169.254.192.0/18
+#
+# Enable snat by default on external gateway when available
+# enable_snat_by_default = True
# =========== end of items for l3 extension =======
+# =========== items for metadata proxy configuration ==============
+# User (uid or name) running metadata proxy after its initialization
+# (if empty: agent effective user)
+# metadata_proxy_user =
+
+# Group (gid or name) running metadata proxy after its initialization
+# (if empty: agent effective group)
+# metadata_proxy_group =
+
+# Enable/Disable log watch by metadata proxy, it should be disabled when
+# metadata_proxy_user/group is not allowed to read/write its log file and
+# 'copytruncate' logrotate option must be used if logrotate is enabled on
+# metadata proxy log files. Option default value is deduced from
+# metadata_proxy_user: watch log is enabled if metadata_proxy_user is agent
+# effective user id/name.
+# metadata_proxy_watch_log =
+
+# Location of Metadata Proxy UNIX domain socket
+# metadata_proxy_socket = $state_path/metadata_proxy
+# =========== end of items for metadata proxy configuration ==============
+
+# ========== items for VLAN trunking networks ==========
+# Setting this flag to True will allow plugins that support it to
+# create VLAN transparent networks. This flag has no effect for
+# plugins that do not support VLAN transparent networks.
+# vlan_transparent = False
+# ========== end of items for VLAN trunking networks ==========
+
# =========== WSGI parameters related to the API server ==============
# Number of separate worker processes to spawn. The default, 0, runs the
# worker thread in the current process. Greater than 0 launches that number of
@@ -202,6 +291,18 @@ allow_overlapping_ips = True
# enabled for various plugins for compatibility.
# rpc_workers = 0
+# Timeout for client connections socket operations. If an
+# incoming connection is idle for this number of seconds it
+# will be closed. A value of '0' means wait forever. (integer
+# value)
+# client_socket_timeout = 900
+
+# wsgi keepalive option. Determines if connections are allowed to be held open
+# by clients after a request is fulfilled. A value of False will ensure that
+# the socket connection will be explicitly closed once a response has been
+# sent to the client.
+# wsgi_keep_alive = True
+
# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
# starting API server. Not supported on OS X.
# tcp_keepidle = 600
@@ -231,32 +332,36 @@ allow_overlapping_ips = True
# ssl_ca_file = /path/to/cafile
# ======== end of WSGI parameters related to the API server ==========
-
# ======== neutron nova interactions ==========
# Send notification to nova when port status is active.
-notify_nova_on_port_status_changes = True
+# notify_nova_on_port_status_changes = True
# Send notifications to nova when port data (fixed_ips/floatingips) change
# so nova can update it's cache.
-notify_nova_on_port_data_changes = True
+# notify_nova_on_port_data_changes = True
# URL for connection to nova (Only supports one nova region currently).
-nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2
+# nova_url = http://127.0.0.1:8774/v2
# Name of nova region to use. Useful if keystone manages more than one region
-nova_region_name = regionOne
+# nova_region_name =
# Username for connection to nova in admin context
-nova_admin_username = {{ NOVA_SERVICE_USER }}
+# nova_admin_username =
# The uuid of the admin nova tenant
-nova_admin_tenant_id = {{ SERVICE_TENANT_ID }}
+# nova_admin_tenant_id =
+
+# The name of the admin nova tenant. If the uuid of the admin nova tenant
+# is set, this is optional. Useful for cases where the uuid of the admin
+# nova tenant is not available when configuration is being done.
+# nova_admin_tenant_name =
# Password for connection to nova in admin context.
-nova_admin_password = {{ NOVA_SERVICE_PASSWORD }}
+# nova_admin_password =
# Authorization URL for connection to nova in admin context.
-nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0
+# nova_admin_auth_url =
# CA file for novaclient to verify server certificates
# nova_ca_certificates_file =
@@ -275,42 +380,42 @@ nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0
# Use durable queues in amqp. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues=false
+# amqp_durable_queues=false
# Auto-delete queues in amqp. (boolean value)
-#amqp_auto_delete=false
+# amqp_auto_delete=false
# Size of RPC connection pool. (integer value)
-#rpc_conn_pool_size=30
+# rpc_conn_pool_size=30
# Qpid broker hostname. (string value)
-#qpid_hostname=localhost
+# qpid_hostname=localhost
# Qpid broker port. (integer value)
-#qpid_port=5672
+# qpid_port=5672
# Qpid HA cluster host:port pairs. (list value)
-#qpid_hosts=$qpid_hostname:$qpid_port
+# qpid_hosts=$qpid_hostname:$qpid_port
# Username for Qpid connection. (string value)
-#qpid_username=
+# qpid_username=
# Password for Qpid connection. (string value)
-#qpid_password=
+# qpid_password=
# Space separated list of SASL mechanisms to use for auth.
# (string value)
-#qpid_sasl_mechanisms=
+# qpid_sasl_mechanisms=
# Seconds between connection keepalive heartbeats. (integer
# value)
-#qpid_heartbeat=60
+# qpid_heartbeat=60
# Transport to use, either 'tcp' or 'ssl'. (string value)
-#qpid_protocol=tcp
+# qpid_protocol=tcp
# Whether to disable the Nagle algorithm. (boolean value)
-#qpid_tcp_nodelay=true
+# qpid_tcp_nodelay=true
# The qpid topology version to use. Version 1 is what was
# originally used by impl_qpid. Version 2 includes some
@@ -318,136 +423,136 @@ nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0
# to work. Users should update to version 2 when they are
# able to take everything down, as it requires a clean break.
# (integer value)
-#qpid_topology_version=1
+# qpid_topology_version=1
# SSL version to use (valid only if SSL enabled). valid values
# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some
# distributions. (string value)
-#kombu_ssl_version=
+# kombu_ssl_version=
# SSL key file (valid only if SSL enabled). (string value)
-#kombu_ssl_keyfile=
+# kombu_ssl_keyfile=
# SSL cert file (valid only if SSL enabled). (string value)
-#kombu_ssl_certfile=
+# kombu_ssl_certfile=
# SSL certification authority file (valid only if SSL
# enabled). (string value)
-#kombu_ssl_ca_certs=
+# kombu_ssl_ca_certs=
# How long to wait before reconnecting in response to an AMQP
# consumer cancel notification. (floating point value)
-#kombu_reconnect_delay=1.0
+# kombu_reconnect_delay=1.0
# The RabbitMQ broker address where a single node is used.
# (string value)
-rabbit_host={{ RABBITMQ_HOST }}
+# rabbit_host=localhost
# The RabbitMQ broker port where a single node is used.
# (integer value)
-rabbit_port={{ RABBITMQ_PORT }}
+# rabbit_port=5672
# RabbitMQ HA cluster host:port pairs. (list value)
-#rabbit_hosts=$rabbit_host:$rabbit_port
+# rabbit_hosts=$rabbit_host:$rabbit_port
# Connect over SSL for RabbitMQ. (boolean value)
-#rabbit_use_ssl=false
+# rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
-rabbit_userid={{ RABBITMQ_USER }}
+# rabbit_userid=guest
# The RabbitMQ password. (string value)
-rabbit_password={{ RABBITMQ_PASSWORD }}
+# rabbit_password=guest
# the RabbitMQ login method (string value)
-#rabbit_login_method=AMQPLAIN
+# rabbit_login_method=AMQPLAIN
# The RabbitMQ virtual host. (string value)
-#rabbit_virtual_host=/
+# rabbit_virtual_host=/
# How frequently to retry connecting with RabbitMQ. (integer
# value)
-#rabbit_retry_interval=1
+# rabbit_retry_interval=1
# How long to backoff for between retries when connecting to
# RabbitMQ. (integer value)
-#rabbit_retry_backoff=2
+# rabbit_retry_backoff=2
# Maximum number of RabbitMQ connection retries. Default is 0
# (infinite retry count). (integer value)
-#rabbit_max_retries=0
+# rabbit_max_retries=0
# Use HA queues in RabbitMQ (x-ha-policy: all). If you change
# this option, you must wipe the RabbitMQ database. (boolean
# value)
-#rabbit_ha_queues=false
+# rabbit_ha_queues=false
# If passed, use a fake RabbitMQ provider. (boolean value)
-#fake_rabbit=false
+# fake_rabbit=false
# ZeroMQ bind address. Should be a wildcard (*), an ethernet
# interface, or IP. The "host" option should point or resolve
# to this address. (string value)
-#rpc_zmq_bind_address=*
+# rpc_zmq_bind_address=*
# MatchMaker driver. (string value)
-#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost
+# rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost
# ZeroMQ receiver listening port. (integer value)
-#rpc_zmq_port=9501
+# rpc_zmq_port=9501
# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts=1
+# rpc_zmq_contexts=1
# Maximum number of ingress messages to locally buffer per
# topic. Default is unlimited. (integer value)
-#rpc_zmq_topic_backlog=<None>
+# rpc_zmq_topic_backlog=
# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir=/var/run/openstack
+# rpc_zmq_ipc_dir=/var/run/openstack
# Name of this node. Must be a valid hostname, FQDN, or IP
# address. Must match "host" option, if running Nova. (string
# value)
-#rpc_zmq_host=oslo
+# rpc_zmq_host=oslo
# Seconds to wait before a cast expires (TTL). Only supported
# by impl_zmq. (integer value)
-#rpc_cast_timeout=30
+# rpc_cast_timeout=30
# Heartbeat frequency. (integer value)
-#matchmaker_heartbeat_freq=300
+# matchmaker_heartbeat_freq=300
# Heartbeat time-to-live. (integer value)
-#matchmaker_heartbeat_ttl=600
+# matchmaker_heartbeat_ttl=600
# Size of RPC greenthread pool. (integer value)
-#rpc_thread_pool_size=64
+# rpc_thread_pool_size=64
# Driver or drivers to handle sending notifications. (multi
# valued)
-notification_driver=neutron.openstack.common.notifier.rpc_notifier
+# notification_driver=
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
-#notification_topics=notifications
+# notification_topics=notifications
# Seconds to wait for a response from a call. (integer value)
-#rpc_response_timeout=60
+# rpc_response_timeout=60
# A URL representing the messaging driver to use and its full
# configuration. If not set, we fall back to the rpc_backend
# option and driver specific configuration. (string value)
-#transport_url=<None>
+# transport_url=
# The messaging driver to use, defaults to rabbit. Other
# drivers include qpid and zmq. (string value)
-rpc_backend=rabbit
+# rpc_backend=rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the
# transport_url option. (string value)
-#control_exchange=openstack
+# control_exchange=openstack
[matchmaker_redis]
@@ -457,13 +562,13 @@ rpc_backend=rabbit
#
# Host to locate redis. (string value)
-#host=127.0.0.1
+# host=127.0.0.1
# Use this port to connect to redis host. (integer value)
-#port=6379
+# port=6379
# Password for Redis server (optional). (string value)
-#password=<None>
+# password=
[matchmaker_ring]
@@ -474,13 +579,14 @@ rpc_backend=rabbit
# Matchmaker ring file (JSON). (string value)
# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
-#ringfile=/etc/oslo/matchmaker_ring.json
+# ringfile=/etc/oslo/matchmaker_ring.json
[quotas]
# Default driver to use for quota checks
# quota_driver = neutron.db.quota_db.DbQuotaDriver
# Resource name(s) that are supported in quota features
+# This option is deprecated for removal in the M release, please refrain from using it
# quota_items = network,subnet,port
# Default number of resource allowed per tenant. A negative value means
@@ -523,6 +629,16 @@ rpc_backend=rabbit
# and that is the reason why quota is possible.
# quota_health_monitor = -1
+# Number of loadbalancers allowed per tenant. A negative value means unlimited.
+# quota_loadbalancer = 10
+
+# Number of listeners allowed per tenant. A negative value means unlimited.
+# quota_listener = -1
+
+# Number of v2 health monitors allowed per tenant. A negative value means
+# unlimited. These health monitors exist under the lbaas v2 API
+# quota_healthmonitor = -1
+
# Number of routers allowed per tenant. A negative value means unlimited.
# quota_router = 10
@@ -543,9 +659,29 @@ rpc_backend=rabbit
[agent]
# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
# root filter facility.
-# Change to "sudo" to skip the filtering and just run the comand directly
+# Change to "sudo" to skip the filtering and just run the command directly
# root_helper = sudo
-root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
+
+# Set to true to add comments to generated iptables rules that describe
+# each rule's purpose. (System must support the iptables comments module.)
+# comment_iptables_rules = True
+
+# Root helper daemon application to use when possible.
+# root_helper_daemon =
+
+# Use the root helper when listing the namespaces on a system. This may not
+# be required depending on the security configuration. If the root helper is
+# not required, set this to False for a performance improvement.
+# use_helper_for_ns_read = True
+
+# The interval to check external processes for failure in seconds (0=disabled)
+# check_child_processes_interval = 60
+
+# Action to take when an external process spawned by an agent dies
+# Values:
+# respawn - Respawns the external process
+# exit - Exits the agent
+# check_child_processes_action = respawn
# =========== items for agent management extension =============
# seconds between nodes reporting state to server; should be less than
@@ -555,11 +691,11 @@ root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
# =========== end of items for agent management extension =====
[keystone_authtoken]
-auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
-identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
-admin_tenant_name = service
-admin_user = {{ NEUTRON_SERVICE_USER }}
-admin_password = {{ NEUTRON_SERVICE_PASSWORD }}
+auth_uri = http://127.0.0.1:35357/v2.0/
+identity_uri = http://127.0.0.1:5000
+admin_tenant_name = %SERVICE_TENANT_NAME%
+admin_user = %SERVICE_USER%
+admin_password = %SERVICE_PASSWORD%
[database]
# This line MUST be changed to actually run the plugin.
@@ -572,8 +708,6 @@ admin_password = {{ NEUTRON_SERVICE_PASSWORD }}
# be set in the corresponding core plugin '.ini' file. However, it is suggested
# to put the [database] section and its connection attribute in this
# configuration file.
-#connection=sqlite:////var/lib/neutron/neutron.sqlite
-connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron
# Database engine for which script will be generated when using offline
# migration
@@ -611,30 +745,265 @@ connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTR
# If set, use this value for pool_timeout with sqlalchemy
# pool_timeout = 10
-[service_providers]
-# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
-# Must be in form:
-# service_provider=<service_type>:<name>:<driver>[:default]
-# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
-# Combination of <service type> and <name> must be unique; <driver> must also be unique
-# This is multiline option, example for default provider:
-# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
-# example of non-default provider:
-# service_provider=FIREWALL:name2:firewall_driver_path
-# --- Reference implementations ---
-service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
-# In order to activate Radware's lbaas driver you need to uncomment the next line.
-# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
-# Otherwise comment the HA Proxy line
-# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
-# uncomment the following line to make the 'netscaler' LBaaS provider available.
-# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
-# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver.
-# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
-# Uncomment the line below to use Embrane heleos as Load Balancer service provider.
-# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
-# Uncomment the line below to use the A10 Networks LBaaS driver. Requires 'pip install a10-neutron-lbaas'.
-#service_provider = LOADBALANCER:A10Networks:neutron.services.loadbalancer.drivers.a10networks.driver_v1.ThunderDriver:default
-# Uncomment the following line to test the LBaaS v2 API _WITHOUT_ a real backend
-# service_provider = LOADBALANCER:LoggingNoop:neutron.services.loadbalancer.drivers.logging_noop.driver.LoggingNoopLoadBalancerDriver:default
+[nova]
+# Name of the plugin to load
+# auth_plugin =
+
+# Config Section from which to load plugin specific options
+# auth_section =
+
+# PEM encoded Certificate Authority to use when verifying HTTPs connections.
+# cafile =
+
+# PEM encoded client certificate cert file
+# certfile =
+
+# Verify HTTPS connections.
+# insecure = False
+
+# PEM encoded client certificate key file
+# keyfile =
+
+# Name of nova region to use. Useful if keystone manages more than one region.
+# region_name =
+
+# Timeout value for http requests
+# timeout =
+
+[oslo_concurrency]
+
+# Directory to use for lock files. For security, the specified directory should
+# only be writable by the user running the processes that need locking.
+# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used,
+# a lock path must be set.
+lock_path = $state_path/lock
+
+# Enables or disables inter-process locks.
+# disable_process_locking = False
+
+[oslo_policy]
+
+# The JSON file that defines policies.
+# policy_file = policy.json
+
+# Default rule. Enforced when a requested rule is not found.
+# policy_default_rule = default
+
+# Directories where policy configuration files are stored.
+# They can be relative to any directory in the search path defined by the
+# config_dir option, or absolute paths. The file defined by policy_file
+# must exist for these directories to be searched. Missing or empty
+# directories are ignored.
+# policy_dirs = policy.d
+
+[oslo_messaging_amqp]
+
+#
+# From oslo.messaging
+#
+
+# Address prefix used when sending to a specific server (string value)
+# Deprecated group/name - [amqp1]/server_request_prefix
+# server_request_prefix = exclusive
+
+# Address prefix used when broadcasting to all servers (string value)
+# Deprecated group/name - [amqp1]/broadcast_prefix
+# broadcast_prefix = broadcast
+
+# Address prefix when sending to any server in group (string value)
+# Deprecated group/name - [amqp1]/group_request_prefix
+# group_request_prefix = unicast
+
+# Name for the AMQP container (string value)
+# Deprecated group/name - [amqp1]/container_name
+# container_name =
+
+# Timeout for inactive connections (in seconds) (integer value)
+# Deprecated group/name - [amqp1]/idle_timeout
+# idle_timeout = 0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+# Deprecated group/name - [amqp1]/trace
+# trace = false
+
+# CA certificate PEM file for verifing server certificate (string value)
+# Deprecated group/name - [amqp1]/ssl_ca_file
+# ssl_ca_file =
+
+# Identifying certificate PEM file to present to clients (string value)
+# Deprecated group/name - [amqp1]/ssl_cert_file
+# ssl_cert_file =
+
+# Private key PEM file used to sign cert_file certificate (string value)
+# Deprecated group/name - [amqp1]/ssl_key_file
+# ssl_key_file =
+
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+# Deprecated group/name - [amqp1]/ssl_key_password
+# ssl_key_password =
+
+# Accept clients using either SSL or plain TCP (boolean value)
+# Deprecated group/name - [amqp1]/allow_insecure_clients
+# allow_insecure_clients = false
+
+
+[oslo_messaging_qpid]
+
+#
+# From oslo.messaging
+#
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+# amqp_durable_queues = false
+
+# Auto-delete queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_auto_delete
+# amqp_auto_delete = false
+
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+# rpc_conn_pool_size = 30
+
+# Qpid broker hostname. (string value)
+# Deprecated group/name - [DEFAULT]/qpid_hostname
+# qpid_hostname = localhost
+
+# Qpid broker port. (integer value)
+# Deprecated group/name - [DEFAULT]/qpid_port
+# qpid_port = 5672
+
+# Qpid HA cluster host:port pairs. (list value)
+# Deprecated group/name - [DEFAULT]/qpid_hosts
+# qpid_hosts = $qpid_hostname:$qpid_port
+
+# Username for Qpid connection. (string value)
+# Deprecated group/name - [DEFAULT]/qpid_username
+# qpid_username =
+
+# Password for Qpid connection. (string value)
+# Deprecated group/name - [DEFAULT]/qpid_password
+# qpid_password =
+
+# Space separated list of SASL mechanisms to use for auth. (string value)
+# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms
+# qpid_sasl_mechanisms =
+
+# Seconds between connection keepalive heartbeats. (integer value)
+# Deprecated group/name - [DEFAULT]/qpid_heartbeat
+# qpid_heartbeat = 60
+
+# Transport to use, either 'tcp' or 'ssl'. (string value)
+# Deprecated group/name - [DEFAULT]/qpid_protocol
+# qpid_protocol = tcp
+
+# Whether to disable the Nagle algorithm. (boolean value)
+# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay
+# qpid_tcp_nodelay = true
+
+# The number of prefetched messages held by receiver. (integer value)
+# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity
+# qpid_receiver_capacity = 1
+
+# The qpid topology version to use. Version 1 is what was originally used by
+# impl_qpid. Version 2 includes some backwards-incompatible changes that allow
+# broker federation to work. Users should update to version 2 when they are
+# able to take everything down, as it requires a clean break. (integer value)
+# Deprecated group/name - [DEFAULT]/qpid_topology_version
+# qpid_topology_version = 1
+
+
+[oslo_messaging_rabbit]
+
+#
+# From oslo.messaging
+#
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+# amqp_durable_queues = false
+
+# Auto-delete queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_auto_delete
+# amqp_auto_delete = false
+
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+# rpc_conn_pool_size = 30
+
+# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
+# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
+# distributions. (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_version
+# kombu_ssl_version =
+
+# SSL key file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
+# kombu_ssl_keyfile =
+
+# SSL cert file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
+# kombu_ssl_certfile =
+
+# SSL certification authority file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
+# kombu_ssl_ca_certs =
+
+# How long to wait before reconnecting in response to an AMQP consumer cancel
+# notification. (floating point value)
+# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
+# kombu_reconnect_delay = 1.0
+
+# The RabbitMQ broker address where a single node is used. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_host
+# rabbit_host = localhost
+
+# The RabbitMQ broker port where a single node is used. (integer value)
+# Deprecated group/name - [DEFAULT]/rabbit_port
+# rabbit_port = 5672
+
+# RabbitMQ HA cluster host:port pairs. (list value)
+# Deprecated group/name - [DEFAULT]/rabbit_hosts
+# rabbit_hosts = $rabbit_host:$rabbit_port
+
+# Connect over SSL for RabbitMQ. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
+# rabbit_use_ssl = false
+
+# The RabbitMQ userid. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_userid
+# rabbit_userid = guest
+
+# The RabbitMQ password. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_password
+# rabbit_password = guest
+
+# The RabbitMQ login method. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_login_method
+# rabbit_login_method = AMQPLAIN
+
+# The RabbitMQ virtual host. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
+# rabbit_virtual_host = /
+
+# How frequently to retry connecting with RabbitMQ. (integer value)
+# rabbit_retry_interval = 1
+
+# How long to backoff for between retries when connecting to RabbitMQ. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
+# rabbit_retry_backoff = 2
+
+# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry
+# count). (integer value)
+# Deprecated group/name - [DEFAULT]/rabbit_max_retries
+# rabbit_max_retries = 0
+
+# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you
+# must wipe the RabbitMQ database. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
+# rabbit_ha_queues = false
+
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
+# Deprecated group/name - [DEFAULT]/fake_rabbit
+# fake_rabbit = false
diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
index b8097ce2..ac9a3d0d 100644
--- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
+++ b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
@@ -4,7 +4,6 @@
#
# type_drivers = local,flat,vlan,gre,vxlan
# Example: type_drivers = flat,vlan,gre,vxlan
-type_drivers = flat,gre
# (ListOpt) Ordered list of network_types to allocate as tenant
# networks. The default value 'local' is useful for single-box testing
@@ -12,7 +11,6 @@ type_drivers = flat,gre
#
# tenant_network_types = local
# Example: tenant_network_types = vlan,gre,vxlan
-tenant_network_types = gre
# (ListOpt) Ordered list of networking mechanism driver entrypoints
# to be loaded from the neutron.ml2.mechanism_drivers namespace.
@@ -22,13 +20,44 @@ tenant_network_types = gre
# Example: mechanism_drivers = cisco,logger
# Example: mechanism_drivers = openvswitch,brocade
# Example: mechanism_drivers = linuxbridge,brocade
-mechanism_drivers = openvswitch
# (ListOpt) Ordered list of extension driver entrypoints
# to be loaded from the neutron.ml2.extension_drivers namespace.
# extension_drivers =
# Example: extension_drivers = anewextensiondriver
+# =========== items for MTU selection and advertisement =============
+# (IntOpt) Path MTU. The maximum permissible size of an unfragmented
+# packet travelling from and to addresses where encapsulated Neutron
+# traffic is sent. Drivers calculate maximum viable MTU for
+# validating tenant requests based on this value (typically,
+# path_mtu - max encap header size). If <=0, the path MTU is
+# indeterminate and no calculation takes place.
+# path_mtu = 0
+
+# (IntOpt) Segment MTU. The maximum permissible size of an
+# unfragmented packet travelling a L2 network segment. If <=0,
+# the segment MTU is indeterminate and no calculation takes place.
+# segment_mtu = 0
+
+# (ListOpt) Physical network MTUs. List of mappings of physical
+# network to MTU value. The format of the mapping is
+# <physnet>:<mtu val>. This mapping allows specifying a
+# physical network MTU value that differs from the default
+# segment_mtu value.
+# physical_network_mtus =
+# Example: physical_network_mtus = physnet1:1550, physnet2:1500
+# ======== end of items for MTU selection and advertisement =========
+
+# (StrOpt) Default network type for external networks when no provider
+# attributes are specified. By default it is None, which means that if
+# provider attributes are not specified while creating external networks
+# then they will have the same type as tenant networks.
+# Allowed values for external_network_type config option depend on the
+# network type values configured in type_drivers config option.
+# external_network_type =
+# Example: external_network_type = local
+
[ml2_type_flat]
# (ListOpt) List of physical_network names with which flat networks
# can be created. Use * to allow flat networks with arbitrary
@@ -37,7 +66,6 @@ mechanism_drivers = openvswitch
# flat_networks =
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *
-flat_networks = External
[ml2_type_vlan]
# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples
@@ -47,11 +75,10 @@ flat_networks = External
#
# network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999,physnet2
-#network_vlan_ranges = Physnet1:100:200
[ml2_type_gre]
# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
-tunnel_id_ranges = 1:1000
+# tunnel_id_ranges =
[ml2_type_vxlan]
# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating
@@ -69,18 +96,8 @@ tunnel_id_ranges = 1:1000
[securitygroup]
# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
-enable_security_group = True
+# enable_security_group = True
# Use ipset to speed-up the iptables security groups. Enabling ipset support
# requires that ipset is installed on L2 agent node.
-enable_ipset = True
-
-firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
-
-[ovs]
-local_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
-enable_tunneling = True
-bridge_mappings=External:br-ex
-
-[agent]
-tunnel_types = gre
+# enable_ipset = True
diff --git a/strata/openstack-services/neutron.morph b/strata/openstack-services/neutron.morph
index b79a089b..6e203922 100644
--- a/strata/openstack-services/neutron.morph
+++ b/strata/openstack-services/neutron.morph
@@ -2,14 +2,24 @@ name: neutron
kind: chunk
build-system: python-distutils
post-install-commands:
-# Move rootwrap files to a proper location
-- mkdir -p "$DESTDIR"/etc/neutron
-- mv "$DESTDIR$PREFIX"/etc/neutron/rootwrap.d "$DESTDIR"/etc/neutron/
-- mv "$DESTDIR$PREFIX"/etc/neutron/rootwrap.conf "$DESTDIR"/etc/neutron/
-# Add neutron to sudoers controlling which commands is running as a root
-# using the openstack rootwrap.
-- mkdir -p "$DESTDIR"/etc/sudoers.d
- |
+ # Move the configuration files to a proper location
+ mkdir "$DESTDIR"/etc
+ mv "$DESTDIR/$PREFIX"/etc/neutron "$DESTDIR"/etc
+
+ # Remove unused start/stop script
+ rm "$DESTDIR/$PREFIX"/etc/init.d/neutron-server
+
+ # Remove configuration files which will be added by Ansible
+ rm "$DESTDIR"/etc/neutron/neutron.conf
+ rm "$DESTDIR"/etc/neutron/metadata_agent.ini
+ rm "$DESTDIR"/etc/neutron/plugins/ml2/ml2_conf.ini
+ rm "$DESTDIR"/etc/neutron/dhcp_agent.ini
+ rm "$DESTDIR"/etc/neutron/l3_agent.ini
+
+ # Add neutron to sudoers controlling which commands is running as a
+ # root using the openstack rootwrap.
+ mkdir -p "$DESTDIR"/etc/sudoers.d
install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/neutron-rootwrap
Defaults:neutron !requiretty