From 8e6921b91ab6ac81325e898308d24c504ee54ea2 Mon Sep 17 00:00:00 2001 From: Tiago Gomes Date: Tue, 19 May 2015 15:00:52 +0000 Subject: Neutron: add back the custom configuration Add back the custom configuration for Neutron, this time adapted for the OpenStack Kilo release. --- .../system/openstack-neutron-l3-agent.service | 3 +- openstack/usr/share/openstack/neutron-config.yml | 11 ---- openstack/usr/share/openstack/neutron-db.yml | 2 +- .../usr/share/openstack/neutron/dhcp_agent.ini | 6 +- openstack/usr/share/openstack/neutron/l3_agent.ini | 4 +- .../usr/share/openstack/neutron/metadata_agent.ini | 14 ++--- openstack/usr/share/openstack/neutron/neutron.conf | 66 ++++++++++++++-------- .../openstack/neutron/plugins/ml2/ml2_conf.ini | 24 +++++--- 8 files changed, 73 insertions(+), 57 deletions(-) diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service index 76efea5c..72cd1651 100644 --- a/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service +++ b/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service @@ -11,8 +11,7 @@ StandardOutput=null StandardError=null ExecStart=/usr/bin/neutron-l3-agent \ --config-file=/etc/neutron/neutron.conf \ - --config-file=/etc/neutron/l3_agent.ini \ - --config-file=/etc/neutron/fwaas_driver.ini + --config-file=/etc/neutron/l3_agent.ini [Install] WantedBy=multi-user.target diff --git a/openstack/usr/share/openstack/neutron-config.yml b/openstack/usr/share/openstack/neutron-config.yml index 97f4c76e..5d594353 100644 --- a/openstack/usr/share/openstack/neutron-config.yml +++ b/openstack/usr/share/openstack/neutron-config.yml @@ -22,17 +22,6 @@ - /var/lock/neutron - /var/log/neutron - - name: Get service tenant id needed in neutron.conf - shell: | - keystone \ - --os-endpoint http://{{ CONTROLLER_HOST_ADDRESS|quote }}:35357/v2.0 \ - --os-token {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN|quote }} \ - tenant-get service | grep id | tr -d " " | cut -d"|" -f3 - register: tenant_service_id - - - set_fact: - SERVICE_TENANT_ID: "{{ tenant_service_id.stdout }}" - - name: Create the directories needed for Neutron configuration files. file: path: /etc/{{ item }} diff --git a/openstack/usr/share/openstack/neutron-db.yml b/openstack/usr/share/openstack/neutron-db.yml index 91dde6fe..9cc77b5a 100644 --- a/openstack/usr/share/openstack/neutron-db.yml +++ b/openstack/usr/share/openstack/neutron-db.yml @@ -46,6 +46,6 @@ neutron-db-manage \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ - upgrade juno + upgrade head sudo: yes sudo_user: neutron diff --git a/openstack/usr/share/openstack/neutron/dhcp_agent.ini b/openstack/usr/share/openstack/neutron/dhcp_agent.ini index a0adccaa..e0963e57 100644 --- a/openstack/usr/share/openstack/neutron/dhcp_agent.ini +++ b/openstack/usr/share/openstack/neutron/dhcp_agent.ini @@ -13,7 +13,7 @@ # Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, # BigSwitch/Floodlight) -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Name of Open vSwitch bridge to use # ovs_integration_bridge = br-int @@ -28,7 +28,7 @@ # The agent can use other DHCP drivers. Dnsmasq is the simplest and requires # no additional setup of the DHCP server. -# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq +dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and # iproute2 package that supports namespaces). This option is deprecated and @@ -41,7 +41,7 @@ # specific host routes to the DHCP request. The metadata service will only # be activated when the subnet does not contain any router port. The guest # instance must be configured to request host routes via DHCP (Option 121). -# enable_isolated_metadata = False +enable_isolated_metadata = True # Allows for serving metadata requests coming from a dedicated metadata # access network whose cidr is 169.254.169.254/16 (or larger prefix), and diff --git a/openstack/usr/share/openstack/neutron/l3_agent.ini b/openstack/usr/share/openstack/neutron/l3_agent.ini index 0d56436b..bc1321e4 100644 --- a/openstack/usr/share/openstack/neutron/l3_agent.ini +++ b/openstack/usr/share/openstack/neutron/l3_agent.ini @@ -4,7 +4,7 @@ # L3 requires that an interface driver be set. Choose the one that best # matches your plugin. -# interface_driver = +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) # that supports L3 agent @@ -59,7 +59,7 @@ # Name of bridge used for external network traffic. This should be set to # empty value for the linux bridge. when this parameter is set, each L3 agent # can be associated with no more than one external network. -# external_network_bridge = br-ex +external_network_bridge = br-ex # TCP Port used by Neutron metadata server # metadata_port = 9697 diff --git a/openstack/usr/share/openstack/neutron/metadata_agent.ini b/openstack/usr/share/openstack/neutron/metadata_agent.ini index 4a0331ee..ee89c943 100644 --- a/openstack/usr/share/openstack/neutron/metadata_agent.ini +++ b/openstack/usr/share/openstack/neutron/metadata_agent.ini @@ -3,21 +3,21 @@ # debug = True # The Neutron user information for accessing the Neutron API. -auth_url = http://localhost:5000/v2.0 -auth_region = RegionOne +auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +auth_region = regionOne # Turn off verification of the certificate for ssl # auth_insecure = False # Certificate Authority public key (CA cert) file for ssl # auth_ca_cert = -admin_tenant_name = %SERVICE_TENANT_NAME% -admin_user = %SERVICE_USER% -admin_password = %SERVICE_PASSWORD% +admin_tenant_name = service +admin_user = {{ NEUTRON_SERVICE_USER }} +admin_password = {{ NEUTRON_SERVICE_PASSWORD }} # Network service endpoint type to pull from the keystone catalog # endpoint_type = adminURL # IP address used by Nova metadata server -# nova_metadata_ip = 127.0.0.1 +nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }} # TCP Port used by Nova metadata server # nova_metadata_port = 8775 @@ -40,7 +40,7 @@ admin_password = %SERVICE_PASSWORD% # shared secret to prevent spoofing. You may select any string for a secret, # but it must match here and in the configuration used by the Nova Metadata # Server. NOTE: Nova uses the same config key, but in [neutron] section. -# metadata_proxy_shared_secret = +metadata_proxy_shared_secret = {{ METADATA_PROXY_SHARED_SECRET }} # Location of Metadata Proxy UNIX domain socket # metadata_proxy_socket = $state_path/metadata_proxy diff --git a/openstack/usr/share/openstack/neutron/neutron.conf b/openstack/usr/share/openstack/neutron/neutron.conf index ee42954b..33c6398a 100644 --- a/openstack/usr/share/openstack/neutron/neutron.conf +++ b/openstack/usr/share/openstack/neutron/neutron.conf @@ -29,7 +29,7 @@ # (not user_stderr) and (not log_file) -> stdout # publish_errors -> notification system -# use_syslog = False +use_syslog = True # syslog_log_facility = LOG_USER # use_stderr = True @@ -57,7 +57,7 @@ # previous versions, the class name of a plugin can be specified instead of its # entrypoint name. # -# core_plugin = +core_plugin = ml2 # Example: core_plugin = ml2 # (ListOpt) List of service plugin entrypoints to be loaded from the @@ -66,7 +66,7 @@ # with previous versions, the class name of a plugin can be specified instead # of its entrypoint name. # -# service_plugins = +service_plugins = router # Example: service_plugins = router,firewall,lbaas,vpnaas,metering # Paste configuration file @@ -81,7 +81,7 @@ # The strategy to be used for auth. # Supported values are 'keystone'(default), 'noauth'. -# auth_strategy = keystone +auth_strategy = keystone # Base MAC address. The first 3 octets will remain unchanged. If the # 4h octet is not 00, it will also be used. The others will be @@ -118,7 +118,7 @@ # Enable or disable overlapping IPs for subnets # Attention: the following parameter MUST be set to False if Neutron is # being used in conjunction with nova security groups -# allow_overlapping_ips = False +allow_overlapping_ips = True # Ensure that configured gateway is on subnet. For IPv6, validate only if # gateway is not a link local address. Deprecated, to be removed during the # K release, at which point the check will be mandatory. @@ -334,14 +334,14 @@ # ======== neutron nova interactions ========== # Send notification to nova when port status is active. -# notify_nova_on_port_status_changes = True +notify_nova_on_port_status_changes = True # Send notifications to nova when port data (fixed_ips/floatingips) change # so nova can update it's cache. -# notify_nova_on_port_data_changes = True +notify_nova_on_port_data_changes = True # URL for connection to nova (Only supports one nova region currently). -# nova_url = http://127.0.0.1:8774/v2 +nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2 # Name of nova region to use. Useful if keystone manages more than one region # nova_region_name = @@ -450,7 +450,7 @@ # The RabbitMQ broker port where a single node is used. # (integer value) -# rabbit_port=5672 +# rabbit_port =5672 # RabbitMQ HA cluster host:port pairs. (list value) # rabbit_hosts=$rabbit_host:$rabbit_port @@ -531,7 +531,7 @@ # Driver or drivers to handle sending notifications. (multi # valued) -# notification_driver= +notification_driver = neutron.openstack.common.notifier.rpc_notifier # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics @@ -547,7 +547,7 @@ # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) -# rpc_backend=rabbit +rpc_backend = rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the @@ -660,7 +660,7 @@ # Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real # root filter facility. # Change to "sudo" to skip the filtering and just run the command directly -# root_helper = sudo +root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf # Set to true to add comments to generated iptables rules that describe # each rule's purpose. (System must support the iptables comments module.) @@ -691,11 +691,11 @@ # =========== end of items for agent management extension ===== [keystone_authtoken] -auth_uri = http://127.0.0.1:35357/v2.0/ -identity_uri = http://127.0.0.1:5000 -admin_tenant_name = %SERVICE_TENANT_NAME% -admin_user = %SERVICE_USER% -admin_password = %SERVICE_PASSWORD% +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +admin_tenant_name = service +admin_user = {{ NEUTRON_SERVICE_USER }} +admin_password = {{ NEUTRON_SERVICE_PASSWORD }} [database] # This line MUST be changed to actually run the plugin. @@ -703,7 +703,8 @@ admin_password = %SERVICE_PASSWORD% # connection = mysql://root:pass@127.0.0.1:3306/neutron # Replace 127.0.0.1 above with the IP address of the database used by the # main neutron server. (Leave it as is if the database runs on this host.) -# connection = sqlite:// +connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron + # NOTE: In deployment the [database] section and its connection attribute may # be set in the corresponding core plugin '.ini' file. However, it is suggested # to put the [database] section and its connection attribute in this @@ -747,7 +748,7 @@ admin_password = %SERVICE_PASSWORD% [nova] # Name of the plugin to load -# auth_plugin = +auth_plugin = password # Config Section from which to load plugin specific options # auth_section = @@ -765,11 +766,28 @@ admin_password = %SERVICE_PASSWORD% # keyfile = # Name of nova region to use. Useful if keystone manages more than one region. -# region_name = +region_name = regionOne # Timeout value for http requests # timeout = +# Authorization URL for connection to nova in admin context. +auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + +# Username for connection to nova in admin context +username = {{ NOVA_SERVICE_USER }} + +# Password for connection to nova in admin context. +password = {{ NOVA_SERVICE_PASSWORD }} + +# The uuid of the admin nova tenant +# tenant_id = + +# The name of the admin nova tenant. If the uuid of the admin nova tenant +# is set, this is optional. Useful for cases where the uuid of the admin +# nova tenant is not available when configuration is being done. +tenant_name = service + [oslo_concurrency] # Directory to use for lock files. For security, the specified directory should @@ -956,11 +974,11 @@ lock_path = $state_path/lock # The RabbitMQ broker address where a single node is used. (string value) # Deprecated group/name - [DEFAULT]/rabbit_host -# rabbit_host = localhost +rabbit_host = {{ RABBITMQ_HOST }} # The RabbitMQ broker port where a single node is used. (integer value) # Deprecated group/name - [DEFAULT]/rabbit_port -# rabbit_port = 5672 +rabbit_port = {{ RABBITMQ_PORT }} # RabbitMQ HA cluster host:port pairs. (list value) # Deprecated group/name - [DEFAULT]/rabbit_hosts @@ -972,11 +990,11 @@ lock_path = $state_path/lock # The RabbitMQ userid. (string value) # Deprecated group/name - [DEFAULT]/rabbit_userid -# rabbit_userid = guest +rabbit_userid = {{ RABBITMQ_USER }} # The RabbitMQ password. (string value) # Deprecated group/name - [DEFAULT]/rabbit_password -# rabbit_password = guest +rabbit_password = {{ RABBITMQ_PASSWORD }} # The RabbitMQ login method. (string value) # Deprecated group/name - [DEFAULT]/rabbit_login_method diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini index ac9a3d0d..3258a40f 100644 --- a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini +++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini @@ -2,19 +2,19 @@ # (ListOpt) List of network type driver entrypoints to be loaded from # the neutron.ml2.type_drivers namespace. # -# type_drivers = local,flat,vlan,gre,vxlan +type_drivers = flat,gre # Example: type_drivers = flat,vlan,gre,vxlan # (ListOpt) Ordered list of network_types to allocate as tenant # networks. The default value 'local' is useful for single-box testing # but provides no connectivity between hosts. # -# tenant_network_types = local +tenant_network_types = gre # Example: tenant_network_types = vlan,gre,vxlan # (ListOpt) Ordered list of networking mechanism driver entrypoints # to be loaded from the neutron.ml2.mechanism_drivers namespace. -# mechanism_drivers = +mechanism_drivers = openvswitch # Example: mechanism_drivers = openvswitch,mlnx # Example: mechanism_drivers = arista # Example: mechanism_drivers = cisco,logger @@ -63,7 +63,7 @@ # can be created. Use * to allow flat networks with arbitrary # physical_network names. # -# flat_networks = +flat_networks = External # Example:flat_networks = physnet1,physnet2 # Example:flat_networks = * @@ -78,7 +78,7 @@ [ml2_type_gre] # (ListOpt) Comma-separated list of : tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation -# tunnel_id_ranges = +tunnel_id_ranges = 1:1000 [ml2_type_vxlan] # (ListOpt) Comma-separated list of : tuples enumerating @@ -96,8 +96,18 @@ [securitygroup] # Controls if neutron security group is enabled or not. # It should be false when you use nova security group. -# enable_security_group = True +enable_security_group = True # Use ipset to speed-up the iptables security groups. Enabling ipset support # requires that ipset is installed on L2 agent node. -# enable_ipset = True +enable_ipset = True + +firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + +[ovs] +local_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +enable_tunneling = True +bridge_mappings=External:br-ex + +[agent] +tunnel_types = gre -- cgit v1.2.1