summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTiago Gomes <tiago.gomes@codethink.co.uk>2015-05-19 15:00:52 (GMT)
committerTiago Gomes <tiago.gomes@codethink.co.uk>2015-05-20 14:09:40 (GMT)
commit8e6921b91ab6ac81325e898308d24c504ee54ea2 (patch)
tree0bd9c9e4a0ff0c30f21d7a9c4ff3cec7224e4f00
parent2a12037c85bb2be69001d775ae779c6a415ae373 (diff)
downloaddefinitions-baserock/tiagogomes/os-kilo.tar.gz
Neutron: add back the custom configurationbaserock/tiagogomes/os-kilo
Add back the custom configuration for Neutron, this time adapted for the OpenStack Kilo release.
-rw-r--r--openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service3
-rw-r--r--openstack/usr/share/openstack/neutron-config.yml11
-rw-r--r--openstack/usr/share/openstack/neutron-db.yml2
-rw-r--r--openstack/usr/share/openstack/neutron/dhcp_agent.ini6
-rw-r--r--openstack/usr/share/openstack/neutron/l3_agent.ini4
-rw-r--r--openstack/usr/share/openstack/neutron/metadata_agent.ini14
-rw-r--r--openstack/usr/share/openstack/neutron/neutron.conf66
-rw-r--r--openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini24
8 files changed, 73 insertions, 57 deletions
diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service
index 76efea5..72cd165 100644
--- a/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service
+++ b/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service
@@ -11,8 +11,7 @@ StandardOutput=null
StandardError=null
ExecStart=/usr/bin/neutron-l3-agent \
--config-file=/etc/neutron/neutron.conf \
- --config-file=/etc/neutron/l3_agent.ini \
- --config-file=/etc/neutron/fwaas_driver.ini
+ --config-file=/etc/neutron/l3_agent.ini
[Install]
WantedBy=multi-user.target
diff --git a/openstack/usr/share/openstack/neutron-config.yml b/openstack/usr/share/openstack/neutron-config.yml
index 97f4c76..5d59435 100644
--- a/openstack/usr/share/openstack/neutron-config.yml
+++ b/openstack/usr/share/openstack/neutron-config.yml
@@ -22,17 +22,6 @@
- /var/lock/neutron
- /var/log/neutron
- - name: Get service tenant id needed in neutron.conf
- shell: |
- keystone \
- --os-endpoint http://{{ CONTROLLER_HOST_ADDRESS|quote }}:35357/v2.0 \
- --os-token {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN|quote }} \
- tenant-get service | grep id | tr -d " " | cut -d"|" -f3
- register: tenant_service_id
-
- - set_fact:
- SERVICE_TENANT_ID: "{{ tenant_service_id.stdout }}"
-
- name: Create the directories needed for Neutron configuration files.
file:
path: /etc/{{ item }}
diff --git a/openstack/usr/share/openstack/neutron-db.yml b/openstack/usr/share/openstack/neutron-db.yml
index 91dde6f..9cc77b5 100644
--- a/openstack/usr/share/openstack/neutron-db.yml
+++ b/openstack/usr/share/openstack/neutron-db.yml
@@ -46,6 +46,6 @@
neutron-db-manage \
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
- upgrade juno
+ upgrade head
sudo: yes
sudo_user: neutron
diff --git a/openstack/usr/share/openstack/neutron/dhcp_agent.ini b/openstack/usr/share/openstack/neutron/dhcp_agent.ini
index a0adcca..e0963e5 100644
--- a/openstack/usr/share/openstack/neutron/dhcp_agent.ini
+++ b/openstack/usr/share/openstack/neutron/dhcp_agent.ini
@@ -13,7 +13,7 @@
# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP,
# BigSwitch/Floodlight)
-# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# Name of Open vSwitch bridge to use
# ovs_integration_bridge = br-int
@@ -28,7 +28,7 @@
# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires
# no additional setup of the DHCP server.
-# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces). This option is deprecated and
@@ -41,7 +41,7 @@
# specific host routes to the DHCP request. The metadata service will only
# be activated when the subnet does not contain any router port. The guest
# instance must be configured to request host routes via DHCP (Option 121).
-# enable_isolated_metadata = False
+enable_isolated_metadata = True
# Allows for serving metadata requests coming from a dedicated metadata
# access network whose cidr is 169.254.169.254/16 (or larger prefix), and
diff --git a/openstack/usr/share/openstack/neutron/l3_agent.ini b/openstack/usr/share/openstack/neutron/l3_agent.ini
index 0d56436..bc1321e 100644
--- a/openstack/usr/share/openstack/neutron/l3_agent.ini
+++ b/openstack/usr/share/openstack/neutron/l3_agent.ini
@@ -4,7 +4,7 @@
# L3 requires that an interface driver be set. Choose the one that best
# matches your plugin.
-# interface_driver =
+interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC)
# that supports L3 agent
@@ -59,7 +59,7 @@
# Name of bridge used for external network traffic. This should be set to
# empty value for the linux bridge. when this parameter is set, each L3 agent
# can be associated with no more than one external network.
-# external_network_bridge = br-ex
+external_network_bridge = br-ex
# TCP Port used by Neutron metadata server
# metadata_port = 9697
diff --git a/openstack/usr/share/openstack/neutron/metadata_agent.ini b/openstack/usr/share/openstack/neutron/metadata_agent.ini
index 4a0331e..ee89c94 100644
--- a/openstack/usr/share/openstack/neutron/metadata_agent.ini
+++ b/openstack/usr/share/openstack/neutron/metadata_agent.ini
@@ -3,21 +3,21 @@
# debug = True
# The Neutron user information for accessing the Neutron API.
-auth_url = http://localhost:5000/v2.0
-auth_region = RegionOne
+auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
+auth_region = regionOne
# Turn off verification of the certificate for ssl
# auth_insecure = False
# Certificate Authority public key (CA cert) file for ssl
# auth_ca_cert =
-admin_tenant_name = %SERVICE_TENANT_NAME%
-admin_user = %SERVICE_USER%
-admin_password = %SERVICE_PASSWORD%
+admin_tenant_name = service
+admin_user = {{ NEUTRON_SERVICE_USER }}
+admin_password = {{ NEUTRON_SERVICE_PASSWORD }}
# Network service endpoint type to pull from the keystone catalog
# endpoint_type = adminURL
# IP address used by Nova metadata server
-# nova_metadata_ip = 127.0.0.1
+nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }}
# TCP Port used by Nova metadata server
# nova_metadata_port = 8775
@@ -40,7 +40,7 @@ admin_password = %SERVICE_PASSWORD%
# shared secret to prevent spoofing. You may select any string for a secret,
# but it must match here and in the configuration used by the Nova Metadata
# Server. NOTE: Nova uses the same config key, but in [neutron] section.
-# metadata_proxy_shared_secret =
+metadata_proxy_shared_secret = {{ METADATA_PROXY_SHARED_SECRET }}
# Location of Metadata Proxy UNIX domain socket
# metadata_proxy_socket = $state_path/metadata_proxy
diff --git a/openstack/usr/share/openstack/neutron/neutron.conf b/openstack/usr/share/openstack/neutron/neutron.conf
index ee42954..33c6398 100644
--- a/openstack/usr/share/openstack/neutron/neutron.conf
+++ b/openstack/usr/share/openstack/neutron/neutron.conf
@@ -29,7 +29,7 @@
# (not user_stderr) and (not log_file) -> stdout
# publish_errors -> notification system
-# use_syslog = False
+use_syslog = True
# syslog_log_facility = LOG_USER
# use_stderr = True
@@ -57,7 +57,7 @@
# previous versions, the class name of a plugin can be specified instead of its
# entrypoint name.
#
-# core_plugin =
+core_plugin = ml2
# Example: core_plugin = ml2
# (ListOpt) List of service plugin entrypoints to be loaded from the
@@ -66,7 +66,7 @@
# with previous versions, the class name of a plugin can be specified instead
# of its entrypoint name.
#
-# service_plugins =
+service_plugins = router
# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
# Paste configuration file
@@ -81,7 +81,7 @@
# The strategy to be used for auth.
# Supported values are 'keystone'(default), 'noauth'.
-# auth_strategy = keystone
+auth_strategy = keystone
# Base MAC address. The first 3 octets will remain unchanged. If the
# 4h octet is not 00, it will also be used. The others will be
@@ -118,7 +118,7 @@
# Enable or disable overlapping IPs for subnets
# Attention: the following parameter MUST be set to False if Neutron is
# being used in conjunction with nova security groups
-# allow_overlapping_ips = False
+allow_overlapping_ips = True
# Ensure that configured gateway is on subnet. For IPv6, validate only if
# gateway is not a link local address. Deprecated, to be removed during the
# K release, at which point the check will be mandatory.
@@ -334,14 +334,14 @@
# ======== neutron nova interactions ==========
# Send notification to nova when port status is active.
-# notify_nova_on_port_status_changes = True
+notify_nova_on_port_status_changes = True
# Send notifications to nova when port data (fixed_ips/floatingips) change
# so nova can update it's cache.
-# notify_nova_on_port_data_changes = True
+notify_nova_on_port_data_changes = True
# URL for connection to nova (Only supports one nova region currently).
-# nova_url = http://127.0.0.1:8774/v2
+nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2
# Name of nova region to use. Useful if keystone manages more than one region
# nova_region_name =
@@ -450,7 +450,7 @@
# The RabbitMQ broker port where a single node is used.
# (integer value)
-# rabbit_port=5672
+# rabbit_port =5672
# RabbitMQ HA cluster host:port pairs. (list value)
# rabbit_hosts=$rabbit_host:$rabbit_port
@@ -531,7 +531,7 @@
# Driver or drivers to handle sending notifications. (multi
# valued)
-# notification_driver=
+notification_driver = neutron.openstack.common.notifier.rpc_notifier
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
@@ -547,7 +547,7 @@
# The messaging driver to use, defaults to rabbit. Other
# drivers include qpid and zmq. (string value)
-# rpc_backend=rabbit
+rpc_backend = rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the
@@ -660,7 +660,7 @@
# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the command directly
-# root_helper = sudo
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
# Set to true to add comments to generated iptables rules that describe
# each rule's purpose. (System must support the iptables comments module.)
@@ -691,11 +691,11 @@
# =========== end of items for agent management extension =====
[keystone_authtoken]
-auth_uri = http://127.0.0.1:35357/v2.0/
-identity_uri = http://127.0.0.1:5000
-admin_tenant_name = %SERVICE_TENANT_NAME%
-admin_user = %SERVICE_USER%
-admin_password = %SERVICE_PASSWORD%
+auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
+identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
+admin_tenant_name = service
+admin_user = {{ NEUTRON_SERVICE_USER }}
+admin_password = {{ NEUTRON_SERVICE_PASSWORD }}
[database]
# This line MUST be changed to actually run the plugin.
@@ -703,7 +703,8 @@ admin_password = %SERVICE_PASSWORD%
# connection = mysql://root:pass@127.0.0.1:3306/neutron
# Replace 127.0.0.1 above with the IP address of the database used by the
# main neutron server. (Leave it as is if the database runs on this host.)
-# connection = sqlite://
+connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron
+
# NOTE: In deployment the [database] section and its connection attribute may
# be set in the corresponding core plugin '.ini' file. However, it is suggested
# to put the [database] section and its connection attribute in this
@@ -747,7 +748,7 @@ admin_password = %SERVICE_PASSWORD%
[nova]
# Name of the plugin to load
-# auth_plugin =
+auth_plugin = password
# Config Section from which to load plugin specific options
# auth_section =
@@ -765,11 +766,28 @@ admin_password = %SERVICE_PASSWORD%
# keyfile =
# Name of nova region to use. Useful if keystone manages more than one region.
-# region_name =
+region_name = regionOne
# Timeout value for http requests
# timeout =
+# Authorization URL for connection to nova in admin context.
+auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0
+
+# Username for connection to nova in admin context
+username = {{ NOVA_SERVICE_USER }}
+
+# Password for connection to nova in admin context.
+password = {{ NOVA_SERVICE_PASSWORD }}
+
+# The uuid of the admin nova tenant
+# tenant_id =
+
+# The name of the admin nova tenant. If the uuid of the admin nova tenant
+# is set, this is optional. Useful for cases where the uuid of the admin
+# nova tenant is not available when configuration is being done.
+tenant_name = service
+
[oslo_concurrency]
# Directory to use for lock files. For security, the specified directory should
@@ -956,11 +974,11 @@ lock_path = $state_path/lock
# The RabbitMQ broker address where a single node is used. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_host
-# rabbit_host = localhost
+rabbit_host = {{ RABBITMQ_HOST }}
# The RabbitMQ broker port where a single node is used. (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_port
-# rabbit_port = 5672
+rabbit_port = {{ RABBITMQ_PORT }}
# RabbitMQ HA cluster host:port pairs. (list value)
# Deprecated group/name - [DEFAULT]/rabbit_hosts
@@ -972,11 +990,11 @@ lock_path = $state_path/lock
# The RabbitMQ userid. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_userid
-# rabbit_userid = guest
+rabbit_userid = {{ RABBITMQ_USER }}
# The RabbitMQ password. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_password
-# rabbit_password = guest
+rabbit_password = {{ RABBITMQ_PASSWORD }}
# The RabbitMQ login method. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_login_method
diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
index ac9a3d0..3258a40 100644
--- a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
+++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini
@@ -2,19 +2,19 @@
# (ListOpt) List of network type driver entrypoints to be loaded from
# the neutron.ml2.type_drivers namespace.
#
-# type_drivers = local,flat,vlan,gre,vxlan
+type_drivers = flat,gre
# Example: type_drivers = flat,vlan,gre,vxlan
# (ListOpt) Ordered list of network_types to allocate as tenant
# networks. The default value 'local' is useful for single-box testing
# but provides no connectivity between hosts.
#
-# tenant_network_types = local
+tenant_network_types = gre
# Example: tenant_network_types = vlan,gre,vxlan
# (ListOpt) Ordered list of networking mechanism driver entrypoints
# to be loaded from the neutron.ml2.mechanism_drivers namespace.
-# mechanism_drivers =
+mechanism_drivers = openvswitch
# Example: mechanism_drivers = openvswitch,mlnx
# Example: mechanism_drivers = arista
# Example: mechanism_drivers = cisco,logger
@@ -63,7 +63,7 @@
# can be created. Use * to allow flat networks with arbitrary
# physical_network names.
#
-# flat_networks =
+flat_networks = External
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *
@@ -78,7 +78,7 @@
[ml2_type_gre]
# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
-# tunnel_id_ranges =
+tunnel_id_ranges = 1:1000
[ml2_type_vxlan]
# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating
@@ -96,8 +96,18 @@
[securitygroup]
# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
-# enable_security_group = True
+enable_security_group = True
# Use ipset to speed-up the iptables security groups. Enabling ipset support
# requires that ipset is installed on L2 agent node.
-# enable_ipset = True
+enable_ipset = True
+
+firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+
+[ovs]
+local_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
+enable_tunneling = True
+bridge_mappings=External:br-ex
+
+[agent]
+tunnel_types = gre