summaryrefslogtreecommitdiff
path: root/openstack/usr/share/openstack/neutron.yml
blob: a452166d6f5cdf9ee30cf6f6a6a0865b1ff9d44e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

---
- hosts: localhost
  vars_files:
  - "/etc/openstack/neutron.conf"
  tasks:

  - name: Create the neutron user.
    user: name=neutron comment="Openstack Neutron Daemons" shell=/sbin/nologin home=/var/lib/neutron

  - name: Create the /var folders for neutron
    file: path={{ item }} state=directory owner=neutron group=neutron
    with_items:
    - /var/run/neutron
    - /var/lock/neutron
    - /var/log/neutron

  - name: Get service tenant id needed in neutron.conf
    shell: |
           keystone \
               --os-endpoint http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 \
               --os-token {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} \
               tenant-get service | grep id | tr -d " " | cut -d"|" -f3
    register: tenant_service_id

  - set_fact: SERVICE_TENANT_ID={{ tenant_service_id.stdout }}

  - name: Create the directories needed for Neutron configuration files.
    file: path=/etc/{{ item }} state=directory
    with_lines:
    - (cd /usr/share/openstack &&  find neutron -type d)

  - name: Add configuration needed for neutron using templates
    template: src=/usr/share/openstack/{{ item }} dest=/etc/{{ item }}
    with_lines:
    - (cd /usr/share/openstack && find neutron -type f)

  - keystone_user: >
        user={{ NEUTRON_SERVICE_USER }}
        password={{ NEUTRON_SERVICE_PASSWORD }}
        tenant=service
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}

  - keystone_user: >
        role=admin
        user={{ NEUTRON_SERVICE_USER }}
        tenant=service
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}

  - keystone_service: >
        name=neutron
        type=network
        description="Openstack Compute Networking"
        publicurl=http://{{ CONTROLLER_HOST_ADDRESS }}:9696
        internalurl=http://{{ CONTROLLER_HOST_ADDRESS }}:9696
        adminurl=http://{{ CONTROLLER_HOST_ADDRESS }}:9696
        region='regionOne'
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}

  - postgresql_user: name={{ NEUTRON_DB_USER }} password={{ NEUTRON_DB_PASSWORD }}
    sudo: yes
    sudo_user: neutron
  - postgresql_db: name=neutron owner={{ NEUTRON_DB_USER }}
    sudo: yes
    sudo_user: neutron

  - shell: |
           neutron neutron-db-manage \
               --config-file /etc/neutron/neutron.conf \
               --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
               upgrade juno
    sudo: yes
    sudo_user: neutron

# Create the bridges to use the External network mapped
# This configuration is for 1 node and it was taken from:
# https://fosskb.wordpress.com/2014/10/18/openstack-juno-on-ubuntu-14-10/
# and https://fosskb.wordpress.com/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface/

  - name: Get the name of the network device
    shell: |
           ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $1 } '
    register: eth_dev

  - name: Disable dhcp on the bound physical interface
    template: >
        src=/usr/share/openstack/extras/00-disable-device.network
        dest=/etc/systemd/network/00-disable-{{ eth_dev.stdout }}-config.network
    register:
    - eth_dev_disabled

  - name: Get ip of the network device only if dhcp wasn't disabled
    shell: |
           ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } '
    register: eth_ip
    when: eth_dev_disabled|changed

  - name: >
        Deallocate ip address for external interface so we don't try to route
        connections out of an interface that not longer works. Run only when
        dhcp wasn't disabled for that interface
  - shell: ip addr del {{ eth_ip.stdout }} dev {{ eth_dev.stdout }}
    when: eth_dev_disabled|changed

  - name: Disable dhcp on all the internal interfaces
    template: >
        src=/usr/share/openstack/extras/00-disable-device.network
        dest=/etc/systemd/network/00-disable-{{ item }}-config.network
    with_items:
    - eth_dev.stdout
    - br-eth1
    - br-ex
    - eth1-br-proxy
    - proxy-br-eth1
    - proxy-br-ex
    - ovs-system

  - name: Restart networkd so it understands to not bring up the interfaces disabled
    service: name=systemd-networkd.service state=restarted

#ovs-vsctl \
#    -- add-br br-eth0 \
#    -- add-port br-eth0 $eth_dev \
#    -- set bridge br-eth0 other-config:hwaddr=$eth_mac
#

  - name: Get mac of the network device only if dhcp wasn't disabled
    shell: ip link show {{ eth_dev.stdout }} | sed -r 's/\s+/\n/g' | sed -n '/link\/ether/{n;p}'
    register: eth_mac
    when: eth_dev_disabled|changed

  - openvswitch_bridge: bridge=br-eth0 state=present
  - openvswitch_port: bridge=br-eth0 port={{ eht_dev.stdout }} state=present
  - shell: ovs_vsctl set bridge br-eth0 other-config:hwaddr={{ eth_mac.stdout }}
    when: eth_dev_disabled|changed

  - name: Enable dhcp on the Open vSwitch device that replaces our external interface
    template: >
        src=/usr/share/openstack/extras/10-device-dhcp.network
        dest=/etc/systemd/network/10-{{ item }}-dhcp.network
    with_items:
    - br-eth0

  - name: Restart networkd again so it will DHCP in the Open vSwitch interface
    service: name=systemd-networkd.service state=restarted

#ovs-vsctl \
#    -- add-br br-eth1 \
#    -- add-port br-eth1 eth1-br-proxy \
#    -- set interface eth1-br-proxy type=patch options:peer=proxy-br-eth1 \
#    -- add-port br-eth0 proxy-br-eth1 \
#    -- set interface proxy-br-eth1 type=patch options:peer=eth1-br-proxy \
#    -- add-br br-ex \
#    -- add-port br-ex ex-br-proxy \
#    -- set interface ex-br-proxy type=patch options:peer=proxy-br-ex \
#    -- add-port br-eth0 proxy-br-ex \
#    -- set interface proxy-br-ex type=patch options:peer=ex-br-proxy


- openvswitch_bridge: bridge=br-eth1 state=present
- openvswitch_port: bridge=br-eth1 port=eth1-br-proxy state=present
- shell: ovs-vsctl set interface eth1-br-proxy type=patch options:peer=proxy-br-eth1
- openvswitch_port: bridge=br-eth0 port=proxy-br-eth1 state=present
- shell: ovs-vsctl set interface proxy-br-eth1 type=patch options:peer=eth1-br-proxy \
- openvswitch_bridge: bridge=br-ex state=present
- openvswitch_port: bridge=br-ex port=ex-br-proxy state=present
- shell: ovs-vsctl set interface ex-br-proxy type=patch options:peer=proxy-br-ex
- openvswitch_port: bridge=br-eth0 port=proxy-br-ex state=present
- shell: ovs-vsctl set interface proxy-br-ex type=patch options:peer=ex-br-proxy \





## SERVICES
  - name: Enable and start openstack-keystone service
    service: name=openstack-keystone.service enabled=yes state=started
View Lorry Controller Status