summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-04-14 12:01:49 (GMT)
committerFrancisco Redondo Marchena <francisco.marchena@codethink.co.uk>2015-04-15 09:49:13 (GMT)
commitdd923b6e4c1eed5c433a523bca629a51637e91d7 (patch)
treeb18170732ed6c62aa603bc8fedc136b2b68f1aae
parent4570cf8fcbf39a6bca315afb05d49d6aa4dddd51 (diff)
downloaddefinitions-dd923b6e4c1eed5c433a523bca629a51637e91d7.tar.gz
Openstack: Make Neutron configurable
Change-Id: I517142d6879f4cfce821a21a5fe2b661e184ce53 Signed-off-by: Pedro Alvarez <pedro.alvarez@codethink.co.uk> Signed-off-by: Francisco Redondo Marchena <francisco.marchena@codethink.co.uk> Signed-off-by: Richard Maw <richard.maw@codethink.co.uk>
-rw-r--r--openstack-neutron.configure104
-rw-r--r--openstack/etc/sysctl.conf3
-rw-r--r--openstack/manifest74
-rw-r--r--openstack/usr/lib/systemd/system/openstack-neutron-dhcp-agent.service15
-rw-r--r--openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service16
-rw-r--r--openstack/usr/lib/systemd/system/openstack-neutron-metadata-agent.service15
-rw-r--r--openstack/usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service17
-rw-r--r--openstack/usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service15
-rw-r--r--openstack/usr/lib/systemd/system/openstack-neutron-server.service15
-rw-r--r--openstack/usr/lib/systemd/system/openstack-neutron-setup.service10
-rw-r--r--openstack/usr/share/openstack/neutron.yml109
-rw-r--r--openstack/usr/share/openstack/neutron/dhcp_agent.ini9
-rw-r--r--openstack/usr/share/openstack/neutron/l3_agent.ini7
-rw-r--r--openstack/usr/share/openstack/neutron/metadata_agent.ini15
-rw-r--r--openstack/usr/share/openstack/neutron/neutron.conf57
-rw-r--r--openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini21
-rw-r--r--systems/openstack-server.morph1
17 files changed, 459 insertions, 44 deletions
diff --git a/openstack-neutron.configure b/openstack-neutron.configure
new file mode 100644
index 0000000..50a6d1e
--- /dev/null
+++ b/openstack-neutron.configure
@@ -0,0 +1,104 @@
+#!/bin/sh
+
+# Copyright (C) 2014-2015 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+ROOT="$1"
+
+##########################################################################
+
+ln -sf "/usr/lib/systemd/system/openstack-neutron-setup.service" \
+ "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-neutron-setup.service"
+
+#############################################
+# Ensure /var/run is an appropriate symlink #
+#############################################
+
+if ! link="$(readlink "$ROOT/var/run")" || [ "$link" != ../run ]; then
+ rm -rf "$ROOT/var/run"
+ ln -s ../run "$ROOT/var/run"
+fi
+
+##########################################################################
+# Check variables
+##########################################################################
+
+
+if [ -z "$NEUTRON_SERVICE_USER" -a \
+ -z "$NEUTRON_SERVICE_PASSWORD" -a \
+ -z "$NEUTRON_DB_USER" -a \
+ -z "$NEUTRON_DB_PASSWORD" -a \
+ -z "$METADATA_PROXY_SHARED_SECRET" -a \
+ -z "$NOVA_SERVICE_USER" -a \
+ -z "$NOVA_SERVICE_PASSWORD" -a \
+ -z "$RABBITMQ_HOST" -a \
+ -z "$RABBITMQ_USER" -a \
+ -z "$RABBITMQ_PASSWORD" -a \
+ -z "$RABBITMQ_PORT" -a \
+ -z "$CONTROLLER_HOST_ADDRESS" -a \
+ -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -a \
+ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then
+ # No NOVA options defined, do nothing.
+ exit 0
+fi
+
+if [ -z "$NEUTRON_SERVICE_USER" -o \
+ -z "$NEUTRON_SERVICE_PASSWORD" -o \
+ -z "$NEUTRON_DB_USER" -o \
+ -z "$NEUTRON_DB_PASSWORD" -o \
+ -z "$METADATA_PROXY_SHARED_SECRET" -o \
+ -z "$NOVA_SERVICE_USER" -o \
+ -z "$NOVA_SERVICE_PASSWORD" -o \
+ -z "$RABBITMQ_HOST" -o \
+ -z "$RABBITMQ_USER" -o \
+ -z "$RABBITMQ_PASSWORD" -o \
+ -z "$RABBITMQ_PORT" -o \
+ -z "$CONTROLLER_HOST_ADDRESS" -o \
+ -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \
+ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then
+ echo Some options required for Nova were defined, but not all.
+ exit 1
+fi
+
+##########################################################################
+# Generate config variable shell snippet
+##########################################################################
+
+OPENSTACK_DATA="$ROOT/etc/openstack"
+mkdir -p "$OPENSTACK_DATA"
+
+python <<'EOF' >"$OPENSTACK_DATA/neutron.conf"
+import os, sys, yaml
+
+nova_configuration={
+ 'NEUTRON_SERVICE_USER': os.environ['NEUTRON_SERVICE_USER'],
+ 'NEUTRON_SERVICE_PASSWORD': os.environ['NEUTRON_SERVICE_PASSWORD'],
+ 'NEUTRON_DB_USER': os.environ['NEUTRON_DB_USER'],
+ 'NEUTRON_DB_PASSWORD': os.environ['NEUTRON_DB_PASSWORD'],
+ 'METADATA_PROXY_SHARED_SECRET': os.environ['METADATA_PROXY_SHARED_SECRET'],
+ 'NOVA_SERVICE_USER': os.environ['NOVA_SERVICE_USER'],
+ 'NOVA_SERVICE_PASSWORD': os.environ['NOVA_SERVICE_PASSWORD'],
+ 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'],
+ 'RABBITMQ_USER': os.environ['RABBITMQ_USER'],
+ 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'],
+ 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'],
+ 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'],
+ 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'],
+ 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'],
+}
+
+yaml.dump(nova_configuration, sys.stdout, default_flow_style=False)
+EOF
diff --git a/openstack/etc/sysctl.conf b/openstack/etc/sysctl.conf
new file mode 100644
index 0000000..a4417ac
--- /dev/null
+++ b/openstack/etc/sysctl.conf
@@ -0,0 +1,3 @@
+net.ipv4.ip_forward=1
+net.ipv4.conf.all.rp_filter=0
+net.ipv4.conf.default.rp_filter=0
diff --git a/openstack/manifest b/openstack/manifest
index 8cec232..777c9e6 100644
--- a/openstack/manifest
+++ b/openstack/manifest
@@ -1,3 +1,4 @@
+0100644 0 0 /etc/sysctl.conf
0040755 0 0 /usr/share/openstack
0100644 0 0 /usr/share/openstack/hosts
0040755 0 0 /usr/share/openstack/cinder
@@ -26,6 +27,72 @@
0100644 0 0 /usr/share/openstack/keystone/policy.json
0100644 0 0 /usr/share/openstack/keystone/keystone-paste.ini
0100644 0 0 /usr/share/openstack/network.yml
+0040755 0 0 /usr/share/openstack/neutron
+0100644 0 0 /usr/share/openstack/neutron.yml
+0100644 0 0 /usr/share/openstack/neutron/neutron.conf
+0100644 0 0 /usr/share/openstack/neutron/api-paste.ini
+0100644 0 0 /usr/share/openstack/neutron/policy.json
+0100644 0 0 /usr/share/openstack/neutron/l3_agent.ini
+0100644 0 0 /usr/share/openstack/neutron/dhcp_agent.ini
+0100644 0 0 /usr/share/openstack/neutron/lbaas_agent.ini
+0100644 0 0 /usr/share/openstack/neutron/metadata_agent.ini
+0100644 0 0 /usr/share/openstack/neutron/fwaas_driver.ini
+0100644 0 0 /usr/share/openstack/neutron/metering_agent.ini
+0100644 0 0 /usr/share/openstack/neutron/vpn_agent.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/
+0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch
+0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl
+0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs
+0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs
+0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README
+0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README
+0040755 0 0 /usr/share/openstack/neutron/plugins/brocade
+0100644 0 0 /usr/share/openstack/neutron/plugins/brocade/brocade.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/cisco
+0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini
+0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini
+0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini
+0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/embrane
+0100644 0 0 /usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/hyperv
+0100644 0 0 /usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/ibm
+0100644 0 0 /usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/linuxbridge
+0100644 0 0 /usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/metaplugin
+0100644 0 0 /usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/midonet
+0100644 0 0 /usr/share/openstack/neutron/plugins/midonet/midonet.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/ml2
+0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
+0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini
+0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini
+0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini
+0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini
+0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini
+0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini
+0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini
+0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini
+0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/mlnx
+0100644 0 0 /usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/nec
+0100644 0 0 /usr/share/openstack/neutron/plugins/nec/nec.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/nuage
+0100644 0 0 /usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/oneconvergence
+0100644 0 0 /usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/opencontrail
+0100644 0 0 /usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/openvswitch
+0100644 0 0 /usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/plumgrid
+0100644 0 0 /usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini
+0040755 0 0 /usr/share/openstack/neutron/plugins/vmware
+0100644 0 0 /usr/share/openstack/neutron/plugins/vmware/nsx.ini
0040755 0 0 /usr/share/openstack/nova
0100644 0 0 /usr/share/openstack/nova.yml
0100644 0 0 /usr/share/openstack/nova/logging.conf
@@ -47,6 +114,13 @@
0100644 0 0 /usr/lib/systemd/system/openstack-glance-api.service
0100644 0 0 /usr/lib/systemd/system/openstack-glance-registry.service
0100644 0 0 /usr/lib/systemd/system/openstack-network-setup.service
+0100644 0 0 /usr/lib/systemd/system/openstack-neutron-setup.service
+0100644 0 0 /usr/lib/systemd/system/openstack-neutron-server.service
+0100644 0 0 /usr/lib/systemd/system/openstack-neutron-metadata-agent.service
+0100644 0 0 /usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service
+0100644 0 0 /usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service
+0100644 0 0 /usr/lib/systemd/system/openstack-neutron-dhcp-agent.service
+0100644 0 0 /usr/lib/systemd/system/openstack-neutron-l3-agent.service
0100644 0 0 /usr/lib/systemd/system/openstack-nova-setup.service
0100644 0 0 /usr/lib/systemd/system/openstack-nova-compute.service
0100644 0 0 /usr/lib/systemd/system/openstack-nova-conductor.service
diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-dhcp-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-dhcp-agent.service
new file mode 100644
index 0000000..34a682b
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-neutron-dhcp-agent.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Neutron DHCP Agent
+After=network-online.target openstack-neutron-ovs-cleanup.service
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=neutron
+ExecStart=/usr/bin/neutron-dhcp-agent \
+ --config-file=/etc/neutron/neutron.conf \
+ --config-file=/etc/neutron/dhcp_agent.ini \
+ --log-file=/var/log/neutron/dhcp-agent.log
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service
new file mode 100644
index 0000000..bd514aa
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Neutron Layer 3 Agent
+After=network-online.target openstack-neutron-ovs-cleanup.service
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=neutron
+ExecStart=/usr/bin/neutron-l3-agent \
+ --config-file=/etc/neutron/neutron.conf \
+ --config-file=/etc/neutron/l3_agent.ini \
+ --config-file=/etc/neutron/fwaas_driver.ini \
+ --log-file=/var/log/neutron/l3-agent.log
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-metadata-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-metadata-agent.service
new file mode 100644
index 0000000..22bbf67
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-neutron-metadata-agent.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Neutron Metadata Plugin Agent
+After=network-online.target openstack-neutron-setup.service
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=neutron
+ExecStart=/usr/bin/neutron-metadata-agent \
+ --config-file=/etc/neutron/neutron.conf \
+ --config-file=/etc/neutron/metadata_agent.ini \
+ --log-file=/var/log/neutron/metadata-agent.log
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service b/openstack/usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service
new file mode 100644
index 0000000..544531e
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Neutron OVS cleanup
+After=network-online.target openstack-neutron-setup.service openvswitch.service
+Wants=network-online.target
+Before=openstack-neutron-plugin-openvswitch-agent.service
+ConditionFileIsExecutable=/usr/bin/neutron-ovs-cleanup
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+User=neutron
+ExecStart=/usr/bin/neutron-ovs-cleanup \
+ --log-file /var/log/neutron/ovs-cleanup.log \
+ --config-file /etc/neutron/neutron.conf --verbose
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service
new file mode 100644
index 0000000..894c3a4
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Neutron OpenvSwitch Plugin Agent
+After=network-online.target openstack-neutron-setup.service
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=neutron
+ExecStart=/usr/bin/neutron-openvswitch-agent \
+ --config-file=/etc/neutron/neutron.conf \
+ --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini \
+ --log-file=/var/log/neutron/openvswitch-agent.log
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-server.service b/openstack/usr/lib/systemd/system/openstack-neutron-server.service
new file mode 100644
index 0000000..05dfb7a
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-neutron-server.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Neutron Api Server
+Wants=openstack-neutron-network-configuration-one-node.service network-online.target
+After=network-online.target openstack-neutron-setup.service openstack-neutron-network-configuration-one-node.service
+
+[Service]
+Type=simple
+User=neutron
+ExecStart=/usr/bin/neutron-server \
+ --config-file=/etc/neutron/neutron.conf \
+ --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini \
+ --log-file=/var/log/neutron/neutron-server.log
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-setup.service b/openstack/usr/lib/systemd/system/openstack-neutron-setup.service
new file mode 100644
index 0000000..99213b6
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-neutron-setup.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Run neutron-setup Ansible scripts
+After=network-online.target openstack-keystone-setup.service postgres-server.service
+Wants=network-online.target
+
+[Service]
+ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/neutron.yml
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openstack/usr/share/openstack/neutron.yml b/openstack/usr/share/openstack/neutron.yml
new file mode 100644
index 0000000..7529a65
--- /dev/null
+++ b/openstack/usr/share/openstack/neutron.yml
@@ -0,0 +1,109 @@
+---
+- hosts: localhost
+ vars_files:
+ - "/etc/openstack/neutron.conf"
+ tasks:
+
+ - name: Create the neutron user.
+ user:
+ name: neutron
+ comment: Openstack Neutron Daemons
+ shell: /sbin/nologin
+ home: /var/lib/neutron
+
+ - name: Create the /var folders for neutron
+ file:
+ path: "{{ item }}"
+ state: directory
+ owner: neutron
+ group: neutron
+ with_items:
+ - /var/run/neutron
+ - /var/lock/neutron
+ - /var/log/neutron
+
+ - name: Get service tenant id needed in neutron.conf
+ shell: |
+ keystone \
+ --os-endpoint http://{{ CONTROLLER_HOST_ADDRESS|quote }}:35357/v2.0 \
+ --os-token {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN|quote }} \
+ tenant-get service | grep id | tr -d " " | cut -d"|" -f3
+ register: tenant_service_id
+
+ - set_fact:
+ SERVICE_TENANT_ID: "{{ tenant_service_id.stdout }}"
+
+ - name: Create the directories needed for Neutron configuration files.
+ file:
+ path: /etc/{{ item }}
+ state: directory
+ with_lines:
+ - cd /usr/share/openstack && find neutron -type d
+
+ - name: Add configuration needed for neutron using templates
+ template:
+ src: /usr/share/openstack/{{ item }}
+ dest: /etc/{{ item }}
+ with_lines:
+ - cd /usr/share/openstack && find neutron -type f
+
+ - name: Create neutron service user in service tenatnt
+ keystone_user:
+ user: "{{ NEUTRON_SERVICE_USER }}"
+ password: "{{ NEUTRON_SERVICE_PASSWORD }}"
+ tenant: service
+ token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}"
+
+ - name: Add admin role to neutron service user in service tenant
+ keystone_user:
+ role: admin
+ user: "{{ NEUTRON_SERVICE_USER }}"
+ tenant: service
+ token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}"
+
+ - keystone_service:
+ name: neutron
+ type: network
+ description: Openstack Compute Networking
+ publicurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9696
+ internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9696
+ adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9696
+ region: regionOne
+ token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}"
+
+ - name: Create postgresql user for neutron
+ postgresql_user:
+ name: "{{ NEUTRON_DB_USER }}"
+ password: "{{ NEUTRON_DB_PASSWORD }}"
+ sudo: yes
+ sudo_user: neutron
+
+ - name: Create database for neutron services
+ postgresql_db:
+ name: neutron
+ owner: "{{ NEUTRON_DB_USER }}"
+ sudo: yes
+ sudo_user: neutron
+
+ - name: Initiate neutron database
+ shell: |
+ neutron-db-manage \
+ --config-file /etc/neutron/neutron.conf \
+ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+ upgrade juno
+ sudo: yes
+ sudo_user: neutron
+
+ - name: Enable and start openstack-neutron services
+ service:
+ name: "{{ item }}"
+ enabled: yes
+ state: started
+ with_items:
+ - openstack-neutron-ovs-cleanup.service
+ - openstack-neutron-server.service
+ - openstack-neutron-dhcp-agent.service
+ - openstack-neutron-l3-agent.service
+ - openstack-neutron-metadata-agent.service
+ - openstack-neutron-plugin-openvswitch-agent.service
+
diff --git a/openstack/usr/share/openstack/neutron/dhcp_agent.ini b/openstack/usr/share/openstack/neutron/dhcp_agent.ini
index 9836d35..c6c2b9a 100644
--- a/openstack/usr/share/openstack/neutron/dhcp_agent.ini
+++ b/openstack/usr/share/openstack/neutron/dhcp_agent.ini
@@ -1,6 +1,7 @@
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
# debug = False
+use_syslog = True
# The DHCP agent will resync its state with Neutron to recover from any
# transient notification or rpc errors. The interval is number of
@@ -13,7 +14,7 @@
# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP,
# BigSwitch/Floodlight)
-# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# Name of Open vSwitch bridge to use
# ovs_integration_bridge = br-int
@@ -28,18 +29,18 @@
# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires
# no additional setup of the DHCP server.
-# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
-# use_namespaces = True
+use_namespaces = True
# The DHCP server can assist with providing metadata support on isolated
# networks. Setting this value to True will cause the DHCP server to append
# specific host routes to the DHCP request. The metadata service will only
# be activated when the subnet does not contain any router port. The guest
# instance must be configured to request host routes via DHCP (Option 121).
-# enable_isolated_metadata = False
+enable_isolated_metadata = True
# Allows for serving metadata requests coming from a dedicated metadata
# access network whose cidr is 169.254.169.254/16 (or larger prefix), and
diff --git a/openstack/usr/share/openstack/neutron/l3_agent.ini b/openstack/usr/share/openstack/neutron/l3_agent.ini
index 94c9714..000cd99 100644
--- a/openstack/usr/share/openstack/neutron/l3_agent.ini
+++ b/openstack/usr/share/openstack/neutron/l3_agent.ini
@@ -1,6 +1,7 @@
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
# debug = False
+use_syslog = True
# L3 requires that an interface driver be set. Choose the one that best
# matches your plugin.
@@ -8,7 +9,7 @@
# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC)
# that supports L3 agent
-# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# Use veth for an OVS interface or not.
# Support kernels with limited namespace support
@@ -20,7 +21,7 @@
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
-# use_namespaces = True
+use_namespaces = True
# If use_namespaces is set as False then the agent can only configure one router.
@@ -43,7 +44,7 @@
# Name of bridge used for external network traffic. This should be set to
# empty value for the linux bridge. when this parameter is set, each L3 agent
# can be associated with no more than one external network.
-# external_network_bridge = br-ex
+external_network_bridge = br-ex
# TCP Port used by Neutron metadata server
# metadata_port = 9697
diff --git a/openstack/usr/share/openstack/neutron/metadata_agent.ini b/openstack/usr/share/openstack/neutron/metadata_agent.ini
index 84442ea..ed23877 100644
--- a/openstack/usr/share/openstack/neutron/metadata_agent.ini
+++ b/openstack/usr/share/openstack/neutron/metadata_agent.ini
@@ -1,23 +1,24 @@
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
# debug = True
+use_syslog = True
# The Neutron user information for accessing the Neutron API.
-auth_url = http://localhost:5000/v2.0
-auth_region = RegionOne
+auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
+auth_region = regionOne
# Turn off verification of the certificate for ssl
# auth_insecure = False
# Certificate Authority public key (CA cert) file for ssl
# auth_ca_cert =
-admin_tenant_name = %SERVICE_TENANT_NAME%
-admin_user = %SERVICE_USER%
-admin_password = %SERVICE_PASSWORD%
+admin_tenant_name = service
+admin_user = {{ NEUTRON_SERVICE_USER }}
+admin_password = {{ NEUTRON_SERVICE_PASSWORD }}
# Network service endpoint type to pull from the keystone catalog
# endpoint_type = adminURL
# IP address used by Nova metadata server
-# nova_metadata_ip = 127.0.0.1
+nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }}
# TCP Port used by Nova metadata server
# nova_metadata_port = 8775
@@ -40,7 +41,7 @@ admin_password = %SERVICE_PASSWORD%
# shared secret to prevent spoofing. You may select any string for a secret,
# but it must match here and in the configuration used by the Nova Metadata
# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret
-# metadata_proxy_shared_secret =
+metadata_proxy_shared_secret = {{ METADATA_PROXY_SHARED_SECRET }}
# Location of Metadata Proxy UNIX domain socket
# metadata_proxy_socket = $state_path/metadata_proxy
diff --git a/openstack/usr/share/openstack/neutron/neutron.conf b/openstack/usr/share/openstack/neutron/neutron.conf
index 0836626..51de746 100644
--- a/openstack/usr/share/openstack/neutron/neutron.conf
+++ b/openstack/usr/share/openstack/neutron/neutron.conf
@@ -17,7 +17,7 @@
# Where to store Neutron state files. This directory must be writable by the
# user executing the agent.
-# state_path = /var/lib/neutron
+state_path = /var/lib/neutron
# Where to store lock files
lock_path = $state_path/lock
@@ -32,7 +32,8 @@ lock_path = $state_path/lock
# (not user_stderr) and (not log_file) -> stdout
# publish_errors -> notification system
-# use_syslog = False
+use_syslog = True
+
# syslog_log_facility = LOG_USER
# use_stderr = True
@@ -60,7 +61,7 @@ lock_path = $state_path/lock
# previous versions, the class name of a plugin can be specified instead of its
# entrypoint name.
#
-# core_plugin =
+core_plugin = ml2
# Example: core_plugin = ml2
# (ListOpt) List of service plugin entrypoints to be loaded from the
@@ -69,15 +70,15 @@ lock_path = $state_path/lock
# with previous versions, the class name of a plugin can be specified instead
# of its entrypoint name.
#
-# service_plugins =
+service_plugins = router
# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
# Paste configuration file
-# api_paste_config = api-paste.ini
+api_paste_config = api-paste.ini
# The strategy to be used for auth.
# Supported values are 'keystone'(default), 'noauth'.
-# auth_strategy = keystone
+auth_strategy = keystone
# Base MAC address. The first 3 octets will remain unchanged. If the
# 4h octet is not 00, it will also be used. The others will be
@@ -114,7 +115,7 @@ lock_path = $state_path/lock
# Enable or disable overlapping IPs for subnets
# Attention: the following parameter MUST be set to False if Neutron is
# being used in conjunction with nova security groups
-# allow_overlapping_ips = False
+allow_overlapping_ips = True
# Ensure that configured gateway is on subnet. For IPv6, validate only if
# gateway is not a link local address. Deprecated, to be removed during the
# K release, at which point the check will be mandatory.
@@ -233,29 +234,29 @@ lock_path = $state_path/lock
# ======== neutron nova interactions ==========
# Send notification to nova when port status is active.
-# notify_nova_on_port_status_changes = True
+notify_nova_on_port_status_changes = True
# Send notifications to nova when port data (fixed_ips/floatingips) change
# so nova can update it's cache.
-# notify_nova_on_port_data_changes = True
+notify_nova_on_port_data_changes = True
# URL for connection to nova (Only supports one nova region currently).
-# nova_url = http://127.0.0.1:8774/v2
+nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2
# Name of nova region to use. Useful if keystone manages more than one region
-# nova_region_name =
+nova_region_name = regionOne
# Username for connection to nova in admin context
-# nova_admin_username =
+nova_admin_username = {{ NOVA_SERVICE_USER }}
# The uuid of the admin nova tenant
-# nova_admin_tenant_id =
+nova_admin_tenant_id = {{ SERVICE_TENANT_ID }}
# Password for connection to nova in admin context.
-# nova_admin_password =
+nova_admin_password = {{ NOVA_SERVICE_PASSWORD }}
# Authorization URL for connection to nova in admin context.
-# nova_admin_auth_url =
+nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0
# CA file for novaclient to verify server certificates
# nova_ca_certificates_file =
@@ -340,11 +341,11 @@ lock_path = $state_path/lock
# The RabbitMQ broker address where a single node is used.
# (string value)
-#rabbit_host=localhost
+rabbit_host={{ RABBITMQ_HOST }}
# The RabbitMQ broker port where a single node is used.
# (integer value)
-#rabbit_port=5672
+rabbit_port={{ RABBITMQ_PORT }}
# RabbitMQ HA cluster host:port pairs. (list value)
#rabbit_hosts=$rabbit_host:$rabbit_port
@@ -353,10 +354,10 @@ lock_path = $state_path/lock
#rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
-#rabbit_userid=guest
+rabbit_userid={{ RABBITMQ_USER }}
# The RabbitMQ password. (string value)
-#rabbit_password=guest
+rabbit_password={{ RABBITMQ_PASSWORD }}
# the RabbitMQ login method (string value)
#rabbit_login_method=AMQPLAIN
@@ -425,7 +426,7 @@ lock_path = $state_path/lock
# Driver or drivers to handle sending notifications. (multi
# valued)
-#notification_driver=
+notification_driver=neutron.openstack.common.notifier.rpc_notifier
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
@@ -441,7 +442,7 @@ lock_path = $state_path/lock
# The messaging driver to use, defaults to rabbit. Other
# drivers include qpid and zmq. (string value)
-#rpc_backend=rabbit
+rpc_backend=rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the
@@ -544,6 +545,7 @@ lock_path = $state_path/lock
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
# root_helper = sudo
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
# =========== items for agent management extension =============
# seconds between nodes reporting state to server; should be less than
@@ -553,12 +555,11 @@ lock_path = $state_path/lock
# =========== end of items for agent management extension =====
[keystone_authtoken]
-auth_host = 127.0.0.1
-auth_port = 35357
-auth_protocol = http
-admin_tenant_name = %SERVICE_TENANT_NAME%
-admin_user = %SERVICE_USER%
-admin_password = %SERVICE_PASSWORD%
+auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
+identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
+admin_tenant_name = service
+admin_user = {{ NEUTRON_SERVICE_USER }}
+admin_password = {{ NEUTRON_SERVICE_PASSWORD }}
[database]
# This line MUST be changed to actually run the plugin.
@@ -571,6 +572,8 @@ admin_password = %SERVICE_PASSWORD%
# be set in the corresponding core plugin '.ini' file. However, it is suggested
# to put the [database] section and its connection attribute in this
# configuration file.
+#connection=sqlite:////var/lib/neutron/neutron.sqlite
+connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron
# Database engine for which script will be generated when using offline
# migration
diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
index 4fb1a4a..b8097ce 100644
--- a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
+++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
@@ -4,6 +4,7 @@
#
# type_drivers = local,flat,vlan,gre,vxlan
# Example: type_drivers = flat,vlan,gre,vxlan
+type_drivers = flat,gre
# (ListOpt) Ordered list of network_types to allocate as tenant
# networks. The default value 'local' is useful for single-box testing
@@ -11,6 +12,7 @@
#
# tenant_network_types = local
# Example: tenant_network_types = vlan,gre,vxlan
+tenant_network_types = gre
# (ListOpt) Ordered list of networking mechanism driver entrypoints
# to be loaded from the neutron.ml2.mechanism_drivers namespace.
@@ -20,6 +22,7 @@
# Example: mechanism_drivers = cisco,logger
# Example: mechanism_drivers = openvswitch,brocade
# Example: mechanism_drivers = linuxbridge,brocade
+mechanism_drivers = openvswitch
# (ListOpt) Ordered list of extension driver entrypoints
# to be loaded from the neutron.ml2.extension_drivers namespace.
@@ -34,6 +37,7 @@
# flat_networks =
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *
+flat_networks = External
[ml2_type_vlan]
# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples
@@ -43,10 +47,11 @@
#
# network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999,physnet2
+#network_vlan_ranges = Physnet1:100:200
[ml2_type_gre]
# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
-# tunnel_id_ranges =
+tunnel_id_ranges = 1:1000
[ml2_type_vxlan]
# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating
@@ -64,8 +69,18 @@
[securitygroup]
# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
-# enable_security_group = True
+enable_security_group = True
# Use ipset to speed-up the iptables security groups. Enabling ipset support
# requires that ipset is installed on L2 agent node.
-# enable_ipset = True
+enable_ipset = True
+
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+
+[ovs]
+local_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
+enable_tunneling = True
+bridge_mappings=External:br-ex
+
+[agent]
+tunnel_types = gre
diff --git a/systems/openstack-server.morph b/systems/openstack-server.morph
index 64b5646..aa369f2 100644
--- a/systems/openstack-server.morph
+++ b/systems/openstack-server.morph
@@ -68,3 +68,4 @@ configuration-extensions:
- openstack-cinder
- openstack-nova
- openstack-network
+- openstack-neutron