From 0e08d90c53f824108c6e8a83c068649ed6dbf2ff Mon Sep 17 00:00:00 2001 From: Pedro Alvarez Date: Tue, 14 Apr 2015 12:01:49 +0000 Subject: Openstack: Make Neutron configurable Change-Id: I517142d6879f4cfce821a21a5fe2b661e184ce53 Signed-off-by: Pedro Alvarez Signed-off-by: Francisco Redondo Marchena Signed-off-by: Richard Maw --- openstack-neutron.configure | 104 ++++++++++++++++++++ openstack/manifest | 73 ++++++++++++++ .../system/openstack-neutron-dhcp-agent.service | 15 +++ .../system/openstack-neutron-l3-agent.service | 16 +++ .../openstack-neutron-metadata-agent.service | 15 +++ .../system/openstack-neutron-ovs-cleanup.service | 17 ++++ ...nstack-neutron-plugin-openvswitch-agent.service | 15 +++ .../system/openstack-neutron-server.service | 15 +++ .../systemd/system/openstack-neutron-setup.service | 10 ++ openstack/usr/share/openstack/neutron.yml | 109 +++++++++++++++++++++ .../usr/share/openstack/neutron/dhcp_agent.ini | 9 +- openstack/usr/share/openstack/neutron/l3_agent.ini | 7 +- .../usr/share/openstack/neutron/metadata_agent.ini | 15 +-- openstack/usr/share/openstack/neutron/neutron.conf | 57 ++++++----- .../openstack/neutron/plugins/ml2/ml2_conf.ini | 21 +++- systems/openstack-system-x86_64.morph | 1 + 16 files changed, 455 insertions(+), 44 deletions(-) create mode 100644 openstack-neutron.configure create mode 100644 openstack/usr/lib/systemd/system/openstack-neutron-dhcp-agent.service create mode 100644 openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service create mode 100644 openstack/usr/lib/systemd/system/openstack-neutron-metadata-agent.service create mode 100644 openstack/usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service create mode 100644 openstack/usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service create mode 100644 openstack/usr/lib/systemd/system/openstack-neutron-server.service create mode 100644 openstack/usr/lib/systemd/system/openstack-neutron-setup.service create mode 100644 openstack/usr/share/openstack/neutron.yml diff --git a/openstack-neutron.configure b/openstack-neutron.configure new file mode 100644 index 00000000..50a6d1e4 --- /dev/null +++ b/openstack-neutron.configure @@ -0,0 +1,104 @@ +#!/bin/sh + +# Copyright (C) 2014-2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . + +set -e + +ROOT="$1" + +########################################################################## + +ln -sf "/usr/lib/systemd/system/openstack-neutron-setup.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-neutron-setup.service" + +############################################# +# Ensure /var/run is an appropriate symlink # +############################################# + +if ! link="$(readlink "$ROOT/var/run")" || [ "$link" != ../run ]; then + rm -rf "$ROOT/var/run" + ln -s ../run "$ROOT/var/run" +fi + +########################################################################## +# Check variables +########################################################################## + + +if [ -z "$NEUTRON_SERVICE_USER" -a \ + -z "$NEUTRON_SERVICE_PASSWORD" -a \ + -z "$NEUTRON_DB_USER" -a \ + -z "$NEUTRON_DB_PASSWORD" -a \ + -z "$METADATA_PROXY_SHARED_SECRET" -a \ + -z "$NOVA_SERVICE_USER" -a \ + -z "$NOVA_SERVICE_PASSWORD" -a \ + -z "$RABBITMQ_HOST" -a \ + -z "$RABBITMQ_USER" -a \ + -z "$RABBITMQ_PASSWORD" -a \ + -z "$RABBITMQ_PORT" -a \ + -z "$CONTROLLER_HOST_ADDRESS" -a \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -a \ + -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then + # No NOVA options defined, do nothing. + exit 0 +fi + +if [ -z "$NEUTRON_SERVICE_USER" -o \ + -z "$NEUTRON_SERVICE_PASSWORD" -o \ + -z "$NEUTRON_DB_USER" -o \ + -z "$NEUTRON_DB_PASSWORD" -o \ + -z "$METADATA_PROXY_SHARED_SECRET" -o \ + -z "$NOVA_SERVICE_USER" -o \ + -z "$NOVA_SERVICE_PASSWORD" -o \ + -z "$RABBITMQ_HOST" -o \ + -z "$RABBITMQ_USER" -o \ + -z "$RABBITMQ_PASSWORD" -o \ + -z "$RABBITMQ_PORT" -o \ + -z "$CONTROLLER_HOST_ADDRESS" -o \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \ + -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then + echo Some options required for Nova were defined, but not all. + exit 1 +fi + +########################################################################## +# Generate config variable shell snippet +########################################################################## + +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/neutron.conf" +import os, sys, yaml + +nova_configuration={ + 'NEUTRON_SERVICE_USER': os.environ['NEUTRON_SERVICE_USER'], + 'NEUTRON_SERVICE_PASSWORD': os.environ['NEUTRON_SERVICE_PASSWORD'], + 'NEUTRON_DB_USER': os.environ['NEUTRON_DB_USER'], + 'NEUTRON_DB_PASSWORD': os.environ['NEUTRON_DB_PASSWORD'], + 'METADATA_PROXY_SHARED_SECRET': os.environ['METADATA_PROXY_SHARED_SECRET'], + 'NOVA_SERVICE_USER': os.environ['NOVA_SERVICE_USER'], + 'NOVA_SERVICE_PASSWORD': os.environ['NOVA_SERVICE_PASSWORD'], + 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'], + 'RABBITMQ_USER': os.environ['RABBITMQ_USER'], + 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'], + 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'], + 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], + 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], + 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'], +} + +yaml.dump(nova_configuration, sys.stdout, default_flow_style=False) +EOF diff --git a/openstack/manifest b/openstack/manifest index 052d3707..e6b9e053 100644 --- a/openstack/manifest +++ b/openstack/manifest @@ -26,6 +26,72 @@ 0100644 0 0 /usr/share/openstack/keystone/policy.json 0100644 0 0 /usr/share/openstack/keystone/keystone-paste.ini 0100644 0 0 /usr/share/openstack/network.yml +0040755 0 0 /usr/share/openstack/neutron +0100644 0 0 /usr/share/openstack/neutron.yml +0100644 0 0 /usr/share/openstack/neutron/neutron.conf +0100644 0 0 /usr/share/openstack/neutron/api-paste.ini +0100644 0 0 /usr/share/openstack/neutron/policy.json +0100644 0 0 /usr/share/openstack/neutron/l3_agent.ini +0100644 0 0 /usr/share/openstack/neutron/dhcp_agent.ini +0100644 0 0 /usr/share/openstack/neutron/lbaas_agent.ini +0100644 0 0 /usr/share/openstack/neutron/metadata_agent.ini +0100644 0 0 /usr/share/openstack/neutron/fwaas_driver.ini +0100644 0 0 /usr/share/openstack/neutron/metering_agent.ini +0100644 0 0 /usr/share/openstack/neutron/vpn_agent.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/ +0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch +0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl +0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs +0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs +0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README +0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README +0040755 0 0 /usr/share/openstack/neutron/plugins/brocade +0100644 0 0 /usr/share/openstack/neutron/plugins/brocade/brocade.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/cisco +0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/embrane +0100644 0 0 /usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/hyperv +0100644 0 0 /usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/ibm +0100644 0 0 /usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/linuxbridge +0100644 0 0 /usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/metaplugin +0100644 0 0 /usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/midonet +0100644 0 0 /usr/share/openstack/neutron/plugins/midonet/midonet.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/ml2 +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/mlnx +0100644 0 0 /usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/nec +0100644 0 0 /usr/share/openstack/neutron/plugins/nec/nec.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/nuage +0100644 0 0 /usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/oneconvergence +0100644 0 0 /usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/opencontrail +0100644 0 0 /usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/openvswitch +0100644 0 0 /usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/plumgrid +0100644 0 0 /usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/vmware +0100644 0 0 /usr/share/openstack/neutron/plugins/vmware/nsx.ini 0040755 0 0 /usr/share/openstack/nova 0100644 0 0 /usr/share/openstack/nova.yml 0100644 0 0 /usr/share/openstack/nova/logging.conf @@ -47,6 +113,13 @@ 0100644 0 0 /usr/lib/systemd/system/openstack-glance-api.service 0100644 0 0 /usr/lib/systemd/system/openstack-glance-registry.service 0100644 0 0 /usr/lib/systemd/system/openstack-network-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-server.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-metadata-agent.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-dhcp-agent.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-l3-agent.service 0100644 0 0 /usr/lib/systemd/system/openstack-nova-setup.service 0100644 0 0 /usr/lib/systemd/system/openstack-nova-compute.service 0100644 0 0 /usr/lib/systemd/system/openstack-nova-conductor.service diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-dhcp-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-dhcp-agent.service new file mode 100644 index 00000000..34a682b6 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-dhcp-agent.service @@ -0,0 +1,15 @@ +[Unit] +Description=Neutron DHCP Agent +After=network-online.target openstack-neutron-ovs-cleanup.service +Wants=network-online.target + +[Service] +Type=simple +User=neutron +ExecStart=/usr/bin/neutron-dhcp-agent \ + --config-file=/etc/neutron/neutron.conf \ + --config-file=/etc/neutron/dhcp_agent.ini \ + --log-file=/var/log/neutron/dhcp-agent.log + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service new file mode 100644 index 00000000..bd514aa1 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service @@ -0,0 +1,16 @@ +[Unit] +Description=Neutron Layer 3 Agent +After=network-online.target openstack-neutron-ovs-cleanup.service +Wants=network-online.target + +[Service] +Type=simple +User=neutron +ExecStart=/usr/bin/neutron-l3-agent \ + --config-file=/etc/neutron/neutron.conf \ + --config-file=/etc/neutron/l3_agent.ini \ + --config-file=/etc/neutron/fwaas_driver.ini \ + --log-file=/var/log/neutron/l3-agent.log + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-metadata-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-metadata-agent.service new file mode 100644 index 00000000..22bbf675 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-metadata-agent.service @@ -0,0 +1,15 @@ +[Unit] +Description=Neutron Metadata Plugin Agent +After=network-online.target openstack-neutron-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=neutron +ExecStart=/usr/bin/neutron-metadata-agent \ + --config-file=/etc/neutron/neutron.conf \ + --config-file=/etc/neutron/metadata_agent.ini \ + --log-file=/var/log/neutron/metadata-agent.log + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service b/openstack/usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service new file mode 100644 index 00000000..544531ed --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service @@ -0,0 +1,17 @@ +[Unit] +Description=Neutron OVS cleanup +After=network-online.target openstack-neutron-setup.service openvswitch.service +Wants=network-online.target +Before=openstack-neutron-plugin-openvswitch-agent.service +ConditionFileIsExecutable=/usr/bin/neutron-ovs-cleanup + +[Service] +Type=oneshot +RemainAfterExit=yes +User=neutron +ExecStart=/usr/bin/neutron-ovs-cleanup \ + --log-file /var/log/neutron/ovs-cleanup.log \ + --config-file /etc/neutron/neutron.conf --verbose + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service new file mode 100644 index 00000000..894c3a45 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service @@ -0,0 +1,15 @@ +[Unit] +Description=Neutron OpenvSwitch Plugin Agent +After=network-online.target openstack-neutron-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=neutron +ExecStart=/usr/bin/neutron-openvswitch-agent \ + --config-file=/etc/neutron/neutron.conf \ + --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini \ + --log-file=/var/log/neutron/openvswitch-agent.log + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-server.service b/openstack/usr/lib/systemd/system/openstack-neutron-server.service new file mode 100644 index 00000000..05dfb7aa --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-server.service @@ -0,0 +1,15 @@ +[Unit] +Description=Neutron Api Server +Wants=openstack-neutron-network-configuration-one-node.service network-online.target +After=network-online.target openstack-neutron-setup.service openstack-neutron-network-configuration-one-node.service + +[Service] +Type=simple +User=neutron +ExecStart=/usr/bin/neutron-server \ + --config-file=/etc/neutron/neutron.conf \ + --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini \ + --log-file=/var/log/neutron/neutron-server.log + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-setup.service b/openstack/usr/lib/systemd/system/openstack-neutron-setup.service new file mode 100644 index 00000000..99213b6a --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-setup.service @@ -0,0 +1,10 @@ +[Unit] +Description=Run neutron-setup Ansible scripts +After=network-online.target openstack-keystone-setup.service postgres-server.service +Wants=network-online.target + +[Service] +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/neutron.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/share/openstack/neutron.yml b/openstack/usr/share/openstack/neutron.yml new file mode 100644 index 00000000..7529a656 --- /dev/null +++ b/openstack/usr/share/openstack/neutron.yml @@ -0,0 +1,109 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/neutron.conf" + tasks: + + - name: Create the neutron user. + user: + name: neutron + comment: Openstack Neutron Daemons + shell: /sbin/nologin + home: /var/lib/neutron + + - name: Create the /var folders for neutron + file: + path: "{{ item }}" + state: directory + owner: neutron + group: neutron + with_items: + - /var/run/neutron + - /var/lock/neutron + - /var/log/neutron + + - name: Get service tenant id needed in neutron.conf + shell: | + keystone \ + --os-endpoint http://{{ CONTROLLER_HOST_ADDRESS|quote }}:35357/v2.0 \ + --os-token {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN|quote }} \ + tenant-get service | grep id | tr -d " " | cut -d"|" -f3 + register: tenant_service_id + + - set_fact: + SERVICE_TENANT_ID: "{{ tenant_service_id.stdout }}" + + - name: Create the directories needed for Neutron configuration files. + file: + path: /etc/{{ item }} + state: directory + with_lines: + - cd /usr/share/openstack && find neutron -type d + + - name: Add configuration needed for neutron using templates + template: + src: /usr/share/openstack/{{ item }} + dest: /etc/{{ item }} + with_lines: + - cd /usr/share/openstack && find neutron -type f + + - name: Create neutron service user in service tenatnt + keystone_user: + user: "{{ NEUTRON_SERVICE_USER }}" + password: "{{ NEUTRON_SERVICE_PASSWORD }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Add admin role to neutron service user in service tenant + keystone_user: + role: admin + user: "{{ NEUTRON_SERVICE_USER }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - keystone_service: + name: neutron + type: network + description: Openstack Compute Networking + publicurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9696 + internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9696 + adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9696 + region: regionOne + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Create postgresql user for neutron + postgresql_user: + name: "{{ NEUTRON_DB_USER }}" + password: "{{ NEUTRON_DB_PASSWORD }}" + sudo: yes + sudo_user: neutron + + - name: Create database for neutron services + postgresql_db: + name: neutron + owner: "{{ NEUTRON_DB_USER }}" + sudo: yes + sudo_user: neutron + + - name: Initiate neutron database + shell: | + neutron-db-manage \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + upgrade juno + sudo: yes + sudo_user: neutron + + - name: Enable and start openstack-neutron services + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: + - openstack-neutron-ovs-cleanup.service + - openstack-neutron-server.service + - openstack-neutron-dhcp-agent.service + - openstack-neutron-l3-agent.service + - openstack-neutron-metadata-agent.service + - openstack-neutron-plugin-openvswitch-agent.service + diff --git a/openstack/usr/share/openstack/neutron/dhcp_agent.ini b/openstack/usr/share/openstack/neutron/dhcp_agent.ini index 9836d350..c6c2b9a7 100644 --- a/openstack/usr/share/openstack/neutron/dhcp_agent.ini +++ b/openstack/usr/share/openstack/neutron/dhcp_agent.ini @@ -1,6 +1,7 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = False +use_syslog = True # The DHCP agent will resync its state with Neutron to recover from any # transient notification or rpc errors. The interval is number of @@ -13,7 +14,7 @@ # Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, # BigSwitch/Floodlight) -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Name of Open vSwitch bridge to use # ovs_integration_bridge = br-int @@ -28,18 +29,18 @@ # The agent can use other DHCP drivers. Dnsmasq is the simplest and requires # no additional setup of the DHCP server. -# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq +dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and # iproute2 package that supports namespaces). -# use_namespaces = True +use_namespaces = True # The DHCP server can assist with providing metadata support on isolated # networks. Setting this value to True will cause the DHCP server to append # specific host routes to the DHCP request. The metadata service will only # be activated when the subnet does not contain any router port. The guest # instance must be configured to request host routes via DHCP (Option 121). -# enable_isolated_metadata = False +enable_isolated_metadata = True # Allows for serving metadata requests coming from a dedicated metadata # access network whose cidr is 169.254.169.254/16 (or larger prefix), and diff --git a/openstack/usr/share/openstack/neutron/l3_agent.ini b/openstack/usr/share/openstack/neutron/l3_agent.ini index 94c97147..000cd997 100644 --- a/openstack/usr/share/openstack/neutron/l3_agent.ini +++ b/openstack/usr/share/openstack/neutron/l3_agent.ini @@ -1,6 +1,7 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = False +use_syslog = True # L3 requires that an interface driver be set. Choose the one that best # matches your plugin. @@ -8,7 +9,7 @@ # Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) # that supports L3 agent -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Use veth for an OVS interface or not. # Support kernels with limited namespace support @@ -20,7 +21,7 @@ # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and # iproute2 package that supports namespaces). -# use_namespaces = True +use_namespaces = True # If use_namespaces is set as False then the agent can only configure one router. @@ -43,7 +44,7 @@ # Name of bridge used for external network traffic. This should be set to # empty value for the linux bridge. when this parameter is set, each L3 agent # can be associated with no more than one external network. -# external_network_bridge = br-ex +external_network_bridge = br-ex # TCP Port used by Neutron metadata server # metadata_port = 9697 diff --git a/openstack/usr/share/openstack/neutron/metadata_agent.ini b/openstack/usr/share/openstack/neutron/metadata_agent.ini index 84442ea1..ed238770 100644 --- a/openstack/usr/share/openstack/neutron/metadata_agent.ini +++ b/openstack/usr/share/openstack/neutron/metadata_agent.ini @@ -1,23 +1,24 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = True +use_syslog = True # The Neutron user information for accessing the Neutron API. -auth_url = http://localhost:5000/v2.0 -auth_region = RegionOne +auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +auth_region = regionOne # Turn off verification of the certificate for ssl # auth_insecure = False # Certificate Authority public key (CA cert) file for ssl # auth_ca_cert = -admin_tenant_name = %SERVICE_TENANT_NAME% -admin_user = %SERVICE_USER% -admin_password = %SERVICE_PASSWORD% +admin_tenant_name = service +admin_user = {{ NEUTRON_SERVICE_USER }} +admin_password = {{ NEUTRON_SERVICE_PASSWORD }} # Network service endpoint type to pull from the keystone catalog # endpoint_type = adminURL # IP address used by Nova metadata server -# nova_metadata_ip = 127.0.0.1 +nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }} # TCP Port used by Nova metadata server # nova_metadata_port = 8775 @@ -40,7 +41,7 @@ admin_password = %SERVICE_PASSWORD% # shared secret to prevent spoofing. You may select any string for a secret, # but it must match here and in the configuration used by the Nova Metadata # Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret -# metadata_proxy_shared_secret = +metadata_proxy_shared_secret = {{ METADATA_PROXY_SHARED_SECRET }} # Location of Metadata Proxy UNIX domain socket # metadata_proxy_socket = $state_path/metadata_proxy diff --git a/openstack/usr/share/openstack/neutron/neutron.conf b/openstack/usr/share/openstack/neutron/neutron.conf index 08366264..51de7464 100644 --- a/openstack/usr/share/openstack/neutron/neutron.conf +++ b/openstack/usr/share/openstack/neutron/neutron.conf @@ -17,7 +17,7 @@ # Where to store Neutron state files. This directory must be writable by the # user executing the agent. -# state_path = /var/lib/neutron +state_path = /var/lib/neutron # Where to store lock files lock_path = $state_path/lock @@ -32,7 +32,8 @@ lock_path = $state_path/lock # (not user_stderr) and (not log_file) -> stdout # publish_errors -> notification system -# use_syslog = False +use_syslog = True + # syslog_log_facility = LOG_USER # use_stderr = True @@ -60,7 +61,7 @@ lock_path = $state_path/lock # previous versions, the class name of a plugin can be specified instead of its # entrypoint name. # -# core_plugin = +core_plugin = ml2 # Example: core_plugin = ml2 # (ListOpt) List of service plugin entrypoints to be loaded from the @@ -69,15 +70,15 @@ lock_path = $state_path/lock # with previous versions, the class name of a plugin can be specified instead # of its entrypoint name. # -# service_plugins = +service_plugins = router # Example: service_plugins = router,firewall,lbaas,vpnaas,metering # Paste configuration file -# api_paste_config = api-paste.ini +api_paste_config = api-paste.ini # The strategy to be used for auth. # Supported values are 'keystone'(default), 'noauth'. -# auth_strategy = keystone +auth_strategy = keystone # Base MAC address. The first 3 octets will remain unchanged. If the # 4h octet is not 00, it will also be used. The others will be @@ -114,7 +115,7 @@ lock_path = $state_path/lock # Enable or disable overlapping IPs for subnets # Attention: the following parameter MUST be set to False if Neutron is # being used in conjunction with nova security groups -# allow_overlapping_ips = False +allow_overlapping_ips = True # Ensure that configured gateway is on subnet. For IPv6, validate only if # gateway is not a link local address. Deprecated, to be removed during the # K release, at which point the check will be mandatory. @@ -233,29 +234,29 @@ lock_path = $state_path/lock # ======== neutron nova interactions ========== # Send notification to nova when port status is active. -# notify_nova_on_port_status_changes = True +notify_nova_on_port_status_changes = True # Send notifications to nova when port data (fixed_ips/floatingips) change # so nova can update it's cache. -# notify_nova_on_port_data_changes = True +notify_nova_on_port_data_changes = True # URL for connection to nova (Only supports one nova region currently). -# nova_url = http://127.0.0.1:8774/v2 +nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2 # Name of nova region to use. Useful if keystone manages more than one region -# nova_region_name = +nova_region_name = regionOne # Username for connection to nova in admin context -# nova_admin_username = +nova_admin_username = {{ NOVA_SERVICE_USER }} # The uuid of the admin nova tenant -# nova_admin_tenant_id = +nova_admin_tenant_id = {{ SERVICE_TENANT_ID }} # Password for connection to nova in admin context. -# nova_admin_password = +nova_admin_password = {{ NOVA_SERVICE_PASSWORD }} # Authorization URL for connection to nova in admin context. -# nova_admin_auth_url = +nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 # CA file for novaclient to verify server certificates # nova_ca_certificates_file = @@ -340,11 +341,11 @@ lock_path = $state_path/lock # The RabbitMQ broker address where a single node is used. # (string value) -#rabbit_host=localhost +rabbit_host={{ RABBITMQ_HOST }} # The RabbitMQ broker port where a single node is used. # (integer value) -#rabbit_port=5672 +rabbit_port={{ RABBITMQ_PORT }} # RabbitMQ HA cluster host:port pairs. (list value) #rabbit_hosts=$rabbit_host:$rabbit_port @@ -353,10 +354,10 @@ lock_path = $state_path/lock #rabbit_use_ssl=false # The RabbitMQ userid. (string value) -#rabbit_userid=guest +rabbit_userid={{ RABBITMQ_USER }} # The RabbitMQ password. (string value) -#rabbit_password=guest +rabbit_password={{ RABBITMQ_PASSWORD }} # the RabbitMQ login method (string value) #rabbit_login_method=AMQPLAIN @@ -425,7 +426,7 @@ lock_path = $state_path/lock # Driver or drivers to handle sending notifications. (multi # valued) -#notification_driver= +notification_driver=neutron.openstack.common.notifier.rpc_notifier # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics @@ -441,7 +442,7 @@ lock_path = $state_path/lock # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) -#rpc_backend=rabbit +rpc_backend=rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the @@ -544,6 +545,7 @@ lock_path = $state_path/lock # root filter facility. # Change to "sudo" to skip the filtering and just run the comand directly # root_helper = sudo +root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf # =========== items for agent management extension ============= # seconds between nodes reporting state to server; should be less than @@ -553,12 +555,11 @@ lock_path = $state_path/lock # =========== end of items for agent management extension ===== [keystone_authtoken] -auth_host = 127.0.0.1 -auth_port = 35357 -auth_protocol = http -admin_tenant_name = %SERVICE_TENANT_NAME% -admin_user = %SERVICE_USER% -admin_password = %SERVICE_PASSWORD% +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +admin_tenant_name = service +admin_user = {{ NEUTRON_SERVICE_USER }} +admin_password = {{ NEUTRON_SERVICE_PASSWORD }} [database] # This line MUST be changed to actually run the plugin. @@ -571,6 +572,8 @@ admin_password = %SERVICE_PASSWORD% # be set in the corresponding core plugin '.ini' file. However, it is suggested # to put the [database] section and its connection attribute in this # configuration file. +#connection=sqlite:////var/lib/neutron/neutron.sqlite +connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron # Database engine for which script will be generated when using offline # migration diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini index 4fb1a4a3..b8097ce2 100644 --- a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini +++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini @@ -4,6 +4,7 @@ # # type_drivers = local,flat,vlan,gre,vxlan # Example: type_drivers = flat,vlan,gre,vxlan +type_drivers = flat,gre # (ListOpt) Ordered list of network_types to allocate as tenant # networks. The default value 'local' is useful for single-box testing @@ -11,6 +12,7 @@ # # tenant_network_types = local # Example: tenant_network_types = vlan,gre,vxlan +tenant_network_types = gre # (ListOpt) Ordered list of networking mechanism driver entrypoints # to be loaded from the neutron.ml2.mechanism_drivers namespace. @@ -20,6 +22,7 @@ # Example: mechanism_drivers = cisco,logger # Example: mechanism_drivers = openvswitch,brocade # Example: mechanism_drivers = linuxbridge,brocade +mechanism_drivers = openvswitch # (ListOpt) Ordered list of extension driver entrypoints # to be loaded from the neutron.ml2.extension_drivers namespace. @@ -34,6 +37,7 @@ # flat_networks = # Example:flat_networks = physnet1,physnet2 # Example:flat_networks = * +flat_networks = External [ml2_type_vlan] # (ListOpt) List of [::] tuples @@ -43,10 +47,11 @@ # # network_vlan_ranges = # Example: network_vlan_ranges = physnet1:1000:2999,physnet2 +#network_vlan_ranges = Physnet1:100:200 [ml2_type_gre] # (ListOpt) Comma-separated list of : tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation -# tunnel_id_ranges = +tunnel_id_ranges = 1:1000 [ml2_type_vxlan] # (ListOpt) Comma-separated list of : tuples enumerating @@ -64,8 +69,18 @@ [securitygroup] # Controls if neutron security group is enabled or not. # It should be false when you use nova security group. -# enable_security_group = True +enable_security_group = True # Use ipset to speed-up the iptables security groups. Enabling ipset support # requires that ipset is installed on L2 agent node. -# enable_ipset = True +enable_ipset = True + +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + +[ovs] +local_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +enable_tunneling = True +bridge_mappings=External:br-ex + +[agent] +tunnel_types = gre diff --git a/systems/openstack-system-x86_64.morph b/systems/openstack-system-x86_64.morph index 64b5646b..aa369f26 100644 --- a/systems/openstack-system-x86_64.morph +++ b/systems/openstack-system-x86_64.morph @@ -68,3 +68,4 @@ configuration-extensions: - openstack-cinder - openstack-nova - openstack-network +- openstack-neutron -- cgit v1.2.1