├── tests ├── inventory ├── centos-7-test.yml ├── test.yml ├── ansible.cfg └── Dockerfile.centos-7 ├── tasks ├── neutron_network_ovs.yml ├── neutron_metadata_agent.yml ├── neutron_db_setup.yml ├── neutron_configure.yml ├── neutron_nova.yml ├── main.yml ├── neutron_install_RedHat.yml ├── neutron_service_setup.yml ├── neutron_post_install.yml └── neutron_network_lxb.yml ├── vars ├── main.yml └── RedHat.yml ├── files └── ssh.config ├── meta └── main.yml ├── handlers └── main.yml ├── README.md ├── .travis.yml └── defaults └── main.yml /tests/inventory: -------------------------------------------------------------------------------- 1 | localhost -------------------------------------------------------------------------------- /tasks/neutron_network_ovs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-role-openstack-neutron 3 | -------------------------------------------------------------------------------- /files/ssh.config: -------------------------------------------------------------------------------- 1 | Host * 2 | StrictHostKeyChecking no 3 | UserKnownHostsFile=/dev/null -------------------------------------------------------------------------------- /tests/centos-7-test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # test file 3 | 4 | - hosts: localhost 5 | roles: 6 | - role_under_test 7 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # test file 3 | 4 | - hosts: all 5 | remote_user: root 6 | roles: 7 | - ansible-role-openstack-neutron 8 | -------------------------------------------------------------------------------- /tests/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | roles_path = ../../ 3 | host_key_checking = False 4 | ansible_managed = Ansible managed: modified on %Y-%m-%d %H:%M:%S by {uid} on {host} 5 | -------------------------------------------------------------------------------- /tasks/neutron_metadata_agent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure neutron metadata. 3 | shell: | 4 | openstack-config --set "{{ neutron_metadata_config_location }}" "{{ item.section }}" "{{ item.param }}" "{{ item.value }}" 5 | with_items: 6 | - "{{ neutron_metadata_config }}" 7 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: z 3 | description: Installs and configures openstack neutron. 4 | company: 5 | license: license (BSD, MIT) 6 | min_ansible_version: 1.9 7 | platforms: 8 | - name: EL 9 | versions: 10 | - 7 11 | galaxy_tags: 12 | - cloud 13 | - neutron 14 | - openstack 15 | dependencies: [] 16 | -------------------------------------------------------------------------------- /tasks/neutron_db_setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for neutron DB Setup 3 | 4 | - name: DB sync for neutron. 5 | shell: | 6 | neutron-db-manage --config-file {{ neutron_config_location }} \ 7 | --config-file {{ neutron_ml2_config_location }} upgrade head 8 | become: yes 9 | become_user: "{{ neutron_system_user_name }}" 10 | ignore_errors: True 11 | run_once: True 12 | notify: restart nova api 13 | -------------------------------------------------------------------------------- /tasks/neutron_configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # neutron network linux bridge 3 | - include: neutron_network_lxb.yml 4 | when: 5 | - neutron_network_lxb | bool 6 | 7 | # neutron network openvswitch 8 | - include: neutron_network_ovs.yml 9 | when: 10 | - neutron_network_ovs | bool 11 | 12 | # neutron metadata agent 13 | - include: neutron_metadata_agent.yml 14 | when: 15 | - inventory_hostname in groups['neutron_controller'] 16 | 17 | # neutron nova 18 | - include: neutron_nova.yml 19 | -------------------------------------------------------------------------------- /tasks/neutron_nova.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure neutron nova. 3 | shell: | 4 | openstack-config --set "{{ neutron_nova_config_location }}" "{{ item.section }}" "{{ item.param }}" "{{ item.value }}" 5 | with_items: 6 | - "{{ neutron_nova_config }}" 7 | when: 8 | - inventory_hostname in groups['neutron_controller'] 9 | 10 | - name: Configure neutron compute nova. 11 | shell: | 12 | openstack-config --set "{{ neutron_nova_config_location }}" "{{ item.section }}" "{{ item.param }}" "{{ item.value }}" 13 | with_items: 14 | - "{{ neutron_compute_nova_config }}" 15 | when: 16 | - inventory_hostname in groups['neutron_compute'] 17 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for ansible-role-openstack-neutron 3 | 4 | - name: restart lxb neutron 5 | service: 6 | name: "{{ item }}" 7 | state: restarted 8 | with_items: 9 | - "{{ neutron_lxb_system_service_name }}" 10 | 11 | - name: restart lxb neutron compute 12 | service: 13 | name: "{{ item }}" 14 | state: restarted 15 | with_items: 16 | - "{{ neutron_lxb_compute_system_service_name }}" 17 | 18 | - name: restart nova api 19 | service: 20 | name: "openstack-nova-api" 21 | state: restarted 22 | 23 | - name: restart nova compute 24 | service: 25 | name: "openstack-nova-compute" 26 | state: restarted 27 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: openstack-neutron 2 | 3 | [![Build Status](https://travis-ci.org/devops/ansible-role-openstack-neutron.svg?branch=master)](https://travis-ci.org/devops/ansible-role-openstack-neutron) 4 | 5 | Ansible role that installs and configures openstack neutron. 6 | 7 | ## Requirements 8 | 9 | None. 10 | 11 | ## Role Variables 12 | 13 | ### `defaults/main.yml` 14 | 15 | 16 | ### `vars/RedHat.yml` 17 | 18 | 19 | ## Dependencies 20 | 21 | None. 22 | 23 | ## Example Playbook 24 | 25 | 1) Install openstack-neutron and use the default settings. 26 | 27 | - hosts: all 28 | roles: 29 | - ansible-role-openstack-neutron 30 | 31 | 32 | ## License 33 | 34 | MIT / BSD 35 | 36 | ## Author Information 37 | 38 | z. 39 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for ansible-role-openstack-neutron 3 | 4 | # Variable setup. 5 | - name: Include OS-specific variables. 6 | include_vars: "{{ ansible_os_family }}.yml" 7 | 8 | - include: neutron_service_setup.yml 9 | run_once: True 10 | when: 11 | - "inventory_hostname in groups['neutron_controller']" 12 | 13 | # Setup/Install tasks. 14 | - include: neutron_install_RedHat.yml 15 | when: ansible_os_family == 'RedHat' 16 | tags: neutron_install 17 | 18 | # Configure tasks. 19 | - include: neutron_configure.yml 20 | tags: neutron_configure 21 | 22 | # DB tasks. 23 | - include: neutron_db_setup.yml 24 | when: 25 | - "inventory_hostname in groups['neutron_controller']" 26 | 27 | # Finalize installation tasks. 28 | - include: neutron_post_install.yml 29 | -------------------------------------------------------------------------------- /tests/Dockerfile.centos-7: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | # Install systemd -- See https://hub.docker.com/_/centos/ 4 | RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs 5 | RUN yum -y update; yum clean all; \ 6 | (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ 7 | rm -f /lib/systemd/system/multi-user.target.wants/*; \ 8 | rm -f /etc/systemd/system/*.wants/*; \ 9 | rm -f /lib/systemd/system/local-fs.target.wants/*; \ 10 | rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ 11 | rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ 12 | rm -f /lib/systemd/system/basic.target.wants/*; \ 13 | rm -f /lib/systemd/system/anaconda.target.wants/*; 14 | 15 | # Install Ansible 16 | RUN yum -y install epel-release 17 | RUN yum -y install git ansible sudo iproute 18 | RUN yum clean all 19 | 20 | # Install Ansible inventory file 21 | RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts 22 | 23 | VOLUME ["/sys/fs/cgroup"] 24 | CMD ["/usr/sbin/init"] 25 | -------------------------------------------------------------------------------- /vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for Redhat 3 | 4 | neutron_lxb_packages: 5 | - openstack-neutron 6 | - openstack-neutron-ml2 7 | - openstack-neutron-linuxbridge 8 | - ebtables 9 | 10 | neutron_ovs_packages: [] 11 | 12 | neutron_lxb_compute_packages: 13 | - openstack-neutron-linuxbridge 14 | - ebtables 15 | - ipset 16 | 17 | neutron_ovs_compute_packages: [] 18 | 19 | neutron_lxb_system_service_name: 20 | - neutron-server 21 | - neutron-linuxbridge-agent 22 | - neutron-dhcp-agent 23 | - neutron-metadata-agent 24 | 25 | neutron_l3_agent_service_name: neutron-l3-agent 26 | 27 | neutron_lxb_compute_system_service_name: 28 | - neutron-linuxbridge-agent 29 | 30 | neutron_ovs_compute_system_service_name: 31 | - neutron-openvswitch-agent 32 | 33 | neutron_config_location: /etc/neutron/neutron.conf 34 | neutron_ml2_config_location: /etc/neutron/plugins/ml2/ml2_conf.ini 35 | neutron_ml2_lxb_config_location: /etc/neutron/plugins/ml2/linuxbridge_agent.ini 36 | neutron_dhcp_config_location: /etc/neutron/dhcp_agent.ini 37 | neutron_metadata_config_location: /etc/neutron/metadata_agent.ini 38 | neutron_nova_config_location: /etc/nova/nova.conf 39 | neutron_l3_config_location: /etc/neutron/l3_agent.ini 40 | -------------------------------------------------------------------------------- /tasks/neutron_install_RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for neutron install on RedHat 3 | 4 | - name: Install OpenStack neutron controller packages(lxb). 5 | yum: 6 | name: "{{ item }}" 7 | state: installed 8 | with_items: "{{ neutron_lxb_packages }}" 9 | when: 10 | - inventory_hostname in groups['neutron_controller'] 11 | - neutron_network_lxb | bool 12 | 13 | - name: Install OpenStack neutron controller packages(ovs). 14 | yum: 15 | name: "{{ item }}" 16 | state: installed 17 | with_items: "{{ neutron_ovs_packages }}" 18 | when: 19 | - inventory_hostname in groups['neutron_controller'] 20 | - neutron_network_ovs | bool 21 | 22 | - name: Install OpenStack neutron compute packages(lxb). 23 | yum: 24 | name: "{{ item }}" 25 | state: installed 26 | with_items: "{{ neutron_lxb_compute_packages }}" 27 | when: 28 | - inventory_hostname in groups['neutron_compute'] 29 | - neutron_network_lxb | bool 30 | 31 | - name: Install OpenStack neutron compute packages(ovs). 32 | yum: 33 | name: "{{ item }}" 34 | state: installed 35 | with_items: "{{ neutron_ovs_compute_packages }}" 36 | when: 37 | - inventory_hostname in groups['neutron_compute'] 38 | - neutron_network_ovs | bool 39 | -------------------------------------------------------------------------------- /tasks/neutron_service_setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for openstack-neutron service setup 3 | 4 | - name: Create the service credentials for neutron. 5 | shell: | 6 | openstack user create --domain default --password "{{ neutron_keystone_password }}" "{{ neutron_keystone_user }}" 7 | openstack role add --project service --user {{ neutron_keystone_user }} admin 8 | environment: 9 | - "{{ token_auth_env }}" 10 | 11 | - name: Create the service entity for neutron. 12 | shell: | 13 | openstack service create --name "{{ neutron_service_name }}" --description "{{ neutron_service_description }}" "{{ neutron_service_type }}" 14 | environment: 15 | - "{{ token_auth_env }}" 16 | 17 | # Create the API endpoint for neutron. 18 | - name: Check if API endpoint exists for service "{{ neutron_service_type }}" 19 | shell: "openstack endpoint list --service {{ neutron_service_type }}" 20 | register: check_endpoint_result 21 | environment: 22 | - "{{ token_auth_env }}" 23 | ignore_errors: True 24 | 25 | - name: "Specify API endpoints for {{ neutron_service_type }} service" 26 | when: check_endpoint_result.rc == 0 27 | shell: | 28 | openstack endpoint create --region {{ neutron_service_region }} {{ neutron_service_type }} public {{ neutron_service_public_url }} 29 | openstack endpoint create --region {{ neutron_service_region }} {{ neutron_service_type }} internal {{ neutron_service_internal_url }} 30 | openstack endpoint create --region {{ neutron_service_region }} {{ neutron_service_type }} admin {{ neutron_service_admin_url }} 31 | environment: 32 | - "{{ token_auth_env }}" 33 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | env: 3 | - distribution: centos 4 | version: 7 5 | init: /usr/lib/systemd/systemd 6 | run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" 7 | playbook: centos-7-test.yml 8 | 9 | services: 10 | - docker 11 | 12 | before_install: 13 | # Pull container 14 | - 'sudo docker pull ${distribution}:${version}' 15 | 16 | # Customize container 17 | - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' 18 | 19 | script: 20 | - container_id=$(mktemp) 21 | 22 | # Run container in detached state 23 | - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' 24 | 25 | # Ansible syntax check. 26 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook} --syntax-check' 27 | 28 | # Test role. 29 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook}' 30 | 31 | # Test role idempotence. 32 | - > 33 | sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook} 34 | | grep -q 'changed=0.*failed=0' 35 | && (echo 'Idempotence test: pass' && exit 0) 36 | || (echo 'Idempotence test: fail' && exit 1) 37 | 38 | # Some debugging (show all the logs). 39 | - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ss -ntlup || true 40 | 41 | # Clean up 42 | - sudo docker stop "$(cat ${container_id})" 43 | 44 | notifications: 45 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 46 | -------------------------------------------------------------------------------- /tasks/neutron_post_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for openstack-neutron post install 3 | 4 | ## Controller 5 | - name: Ensure ml2 config symbolic is exists. 6 | file: 7 | src: "{{ neutron_ml2_config_location }}" 8 | dest: /etc/neutron/plugin.ini 9 | state: link 10 | when: 11 | - inventory_hostname in groups['neutron_controller'] 12 | 13 | - name: Ensure openstack neutron services is started and enabled at boot. 14 | service: 15 | name: "{{ item }}" 16 | state: started 17 | enabled: yes 18 | with_items: 19 | - "{{ neutron_lxb_system_service_name }}" 20 | when: 21 | - inventory_hostname in groups['neutron_controller'] 22 | - neutron_network_lxb | bool 23 | 24 | - name: Ensure openstack neutron layer-3 services is started and enabled at boot. 25 | service: 26 | name: "{{ item }}" 27 | state: started 28 | enabled: yes 29 | with_items: 30 | - "{{ neutron_l3_agent_service_name }}" 31 | when: 32 | - inventory_hostname in groups['neutron_controller'] 33 | - neutron_l3_agent | bool 34 | 35 | ## Compute 36 | - name: Ensure openstack neutron compute services is started and enabled at boot(lxb). 37 | service: 38 | name: "{{ item }}" 39 | state: started 40 | enabled: yes 41 | with_items: 42 | - "{{ neutron_lxb_compute_system_service_name }}" 43 | when: 44 | - inventory_hostname in groups['neutron_compute'] 45 | - neutron_network_lxb | bool 46 | notify: 47 | - restart nova compute 48 | 49 | - name: Ensure openstack neutron compute services is started and enabled at boot(ovs). 50 | service: 51 | name: "{{ item }}" 52 | state: started 53 | enabled: yes 54 | with_items: 55 | - "{{ neutron_ovs_compute_system_service_name }}" 56 | when: 57 | - inventory_hostname in groups['neutron_compute'] 58 | - neutron_network_ovs | bool 59 | notify: 60 | - restart nova compute -------------------------------------------------------------------------------- /tasks/neutron_network_lxb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Controller 3 | - name: Configure neutron controller(1). 4 | shell: | 5 | openstack-config --set "{{ neutron_config_location }}" "{{ item.section }}" "{{ item.param }}" "{{ item.value }}" 6 | with_items: 7 | - "{{ neutron_config }}" 8 | when: 9 | - inventory_hostname in groups['neutron_controller'] 10 | 11 | - name: Configure neutron controller(ml2). 12 | shell: | 13 | openstack-config --set "{{ neutron_ml2_config_location }}" "{{ item.section }}" "{{ item.param }}" "{{ item.value }}" 14 | with_items: 15 | - "{{ neutron_ml2_config }}" 16 | when: 17 | - inventory_hostname in groups['neutron_controller'] 18 | 19 | - name: Configure neutron controller(lxb-agent). 20 | shell: | 21 | openstack-config --set "{{ neutron_ml2_lxb_config_location }}" "{{ item.section }}" "{{ item.param }}" "{{ item.value }}" 22 | with_items: 23 | - "{{ neutron_ml2_lxb_config }}" 24 | when: 25 | - inventory_hostname in groups['neutron_controller'] 26 | 27 | - name: Configure neutron controller(dhcp-agent). 28 | shell: | 29 | openstack-config --set "{{ neutron_dhcp_config_location }}" "{{ item.section }}" "{{ item.param }}" "{{ item.value }}" 30 | with_items: 31 | - "{{ neutron_dhcp_config }}" 32 | when: 33 | - inventory_hostname in groups['neutron_controller'] 34 | 35 | - name: Configure neutron controller(l3-agent). 36 | shell: | 37 | openstack-config --set "{{ neutron_l3_config_location }}" "{{ item.section }}" "{{ item.param }}" "{{ item.value }}" 38 | with_items: 39 | - "{{ neutron_l3_config }}" 40 | when: 41 | - inventory_hostname in groups['neutron_controller'] 42 | - neutron_l3_agent | bool 43 | 44 | 45 | # Compute 46 | - name: Configure neutron compute. 47 | shell: | 48 | openstack-config --set "{{ neutron_config_location }}" "{{ item.section }}" "{{ item.param }}" "{{ item.value }}" 49 | with_items: 50 | - "{{ neutron_compute_config }}" 51 | when: 52 | - inventory_hostname in groups['neutron_compute'] 53 | tags: 54 | - neutron-compute-config 55 | 56 | - name: Configure neutron compute(lxb-agent). 57 | shell: | 58 | openstack-config --set "{{ neutron_ml2_lxb_config_location }}" "{{ item.section }}" "{{ item.param }}" "{{ item.value }}" 59 | with_items: 60 | - "{{ neutron_ml2_lxb_config }}" 61 | when: 62 | - inventory_hostname in groups['neutron_compute'] 63 | tags: 64 | - neutron-compute-config 65 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ansible-role-openstack-neutron 3 | 4 | # # openstack public confg 5 | # openstack_db_host: "" 6 | # openstack_controller_host: "" 7 | # openstack_keystone_auth_uri: "" 8 | # openstack_keystone_auth_url: "" 9 | # openstack_admin_vip: "" 10 | # openstack_public_vip: "" 11 | # openstack_internal_vip: "" 12 | # openstack_rabbit_hosts: "" 13 | # nova_keystone_user: "nova" 14 | # nova_keystone_password: "nova" 15 | 16 | neutron_system_user_name: neutron 17 | 18 | # neutron service 19 | neutron_service_region: RegionOne 20 | neutron_service_name: neutron 21 | neutron_service_type: network 22 | neutron_service_description: "OpenStack Networking" 23 | neutron_service_admin_url: "http://{{ openstack_admin_vip }}:9696" 24 | neutron_service_internal_url: "http://{{ openstack_internal_vip }}:9696" 25 | neutron_service_public_url: "http://{{ openstack_public_vip }}:9696" 26 | 27 | # neutron db 28 | neutron_db_host: "{{ openstack_db_host }}" 29 | neutron_db_name: "neutron" 30 | neutron_db_user: "neutron" 31 | neutron_db_password: "neutron" 32 | neutron_db_priv: "{{ neutron_db_name }}.*:ALL" 33 | 34 | # neutron rabbitmq 35 | neutron_rabbitmq_host: "{{ openstack_controller_host }}" 36 | neutron_rabbitmq_userid: 'neutron' 37 | neutron_rabbitmq_password: 'neutron' 38 | neutron_rabbitmq_vhost: '/neutron' 39 | 40 | # neutron keystone 41 | neutron_keystone_user: "neutron" 42 | neutron_keystone_password: "neutron" 43 | 44 | # neutron network option 45 | neutron_network_lxb: True 46 | neutron_network_ovs: False 47 | neutron_network_option: "provider" 48 | neutron_public_interface: "{{ openstack_public_interface | default('eth2') }}" 49 | 50 | # neutron config 51 | neutron_core_plugin: "ml2" 52 | neutron_service_plugins: "" 53 | neutron_rpc_backend: "rabbit" 54 | neutron_auth_strategy: "keystone" 55 | neutron_nova_url: "http://{{ openstack_controller_host }}:8774/v2" 56 | neutron_nova_username: "{{ nova_keystone_user }}" 57 | neutron_nova_password: "{{ nova_keystone_password }}" 58 | neutron_lock_path: "/var/lib/neutron/tmp" 59 | neutron_bind_host: "{{ mgmt_ip }}" 60 | neutron_dhcp_lease_duration: -1 61 | neutron_dhcp_agents_per_network: 3 62 | neutron_quota_port: -1 63 | neutron_memcached_servers: "{{ openstack_memcached_servers }}" 64 | 65 | ## neutron rabbitmq config 66 | neutron_rabbit_hosts: "{{ openstack_rabbit_hosts | default('{{ openstack_controller_host }}') }}" 67 | neutron_rabbit_retry_interval: 1 68 | neutron_rabbit_retry_backoff: 2 69 | neutron_rabbit_max_retries: 0 70 | neutron_rabbit_durable_queues: "true" 71 | neutron_rabbit_ha_queues: "true" 72 | 73 | # neutron ml2 config 74 | neutron_ml2_type_drivers: "flat,vlan" 75 | neutron_ml2_tenant_network_types: "" 76 | neutron_ml2_mechanism_drivers: "linuxbridge" 77 | neutron_ml2_extension_drivers: "port_security" 78 | neutron_ml2_flat_networks: "public" 79 | neutron_ml2_enable_ipset: "True" 80 | neutron_network_vlan_ranges: "public" 81 | 82 | # neutron ml2 lxb config 83 | neutron_ml2_physical_interface_mappings: "public:{{ neutron_public_interface }}" 84 | neutron_ml2_enable_vxlan: "False" 85 | neutron_ml2_enable_security_group: "True" 86 | neutron_ml2_firewall_driver: "neutron.agent.linux.iptables_firewall.IptablesFirewallDriver" 87 | 88 | # neutron dhcp config 89 | neutron_dhcp_interface_driver: "neutron.agent.linux.interface.BridgeInterfaceDriver" 90 | neutron_dhcp_dhcp_driver: "neutron.agent.linux.dhcp.Dnsmasq" 91 | neutron_dhcp_enable_isolated_metadata: "True" 92 | 93 | # neutron l3 config 94 | neutron_l3_agent: False 95 | neutron_l3_interface_driver: "neutron.agent.linux.interface.BridgeInterfaceDriver" 96 | neutron_l3_external_network_bridge: "" 97 | 98 | # neutron metadata config 99 | neutron_metadata_nova_metadata_ip: "{{ openstack_controller_host }}" 100 | neutron_metadata_proxy_shared_secret: "openstack" 101 | 102 | # neutron nova config 103 | neutron_url: "http://{{ openstack_controller_host }}:9696" 104 | neutron_nova_service_metadata_proxy: "True" 105 | 106 | neutron_config: 107 | - { section: "database", param: "connection", value: "mysql+pymysql://{{ neutron_db_user }}:{{ neutron_db_password }}@{{ neutron_db_host }}/{{ neutron_db_name }}" } 108 | - { section: "DEFAULT", param: "core_plugin", value: "{{ neutron_core_plugin }}" } 109 | - { section: "DEFAULT", param: "service_plugins", value: "{{ neutron_service_plugins }}" } 110 | - { section: "DEFAULT", param: "rpc_backend", value: "{{ neutron_rpc_backend }}" } 111 | - { section: "DEFAULT", param: "auth_strategy", value: "{{ neutron_auth_strategy }}" } 112 | - { section: "DEFAULT", param: "notify_nova_on_port_status_changes", value: "True" } 113 | - { section: "DEFAULT", param: "notify_nova_on_port_data_changes", value: "True" } 114 | - { section: "DEFAULT", param: "nova_url", value: "{{ neutron_nova_url }}" } 115 | - { section: "DEFAULT", param: "bind_host", value: "{{ neutron_bind_host }}" } 116 | - { section: "DEFAULT", param: "dhcp_lease_duration", value: "{{ neutron_dhcp_lease_duration }}" } 117 | - { section: "DEFAULT", param: "dhcp_agents_per_network", value: "{{ neutron_dhcp_agents_per_network }}" } 118 | - { section: "DEFAULT", param: "l3_ha", value: "True" } 119 | - { section: "DEFAULT", param: "allow_automatic_l3agent_failover", value: "True" } 120 | - { section: "quotas", param: "quota_port", value: "{{ neutron_quota_port }}" } 121 | - { section: "keystone_authtoken", param: "auth_uri", value: "{{ openstack_keystone_auth_uri }}" } 122 | - { section: "keystone_authtoken", param: "auth_url", value: "{{ openstack_keystone_auth_url }}" } 123 | - { section: "keystone_authtoken", param: "memcached_servers", value: "{{ neutron_memcached_servers }}" } 124 | - { section: "keystone_authtoken", param: "auth_type", value: "password" } 125 | - { section: "keystone_authtoken", param: "project_domain_name", value: "default" } 126 | - { section: "keystone_authtoken", param: "user_domain_name", value: "default" } 127 | - { section: "keystone_authtoken", param: "project_name", value: "service" } 128 | - { section: "keystone_authtoken", param: "username", value: "{{ neutron_keystone_user }}" } 129 | - { section: "keystone_authtoken", param: "password", value: "{{ neutron_keystone_password }}" } 130 | - { section: "nova", param: "auth_url", value: "{{ openstack_keystone_auth_url }}" } 131 | - { section: "nova", param: "auth_type", value: "password" } 132 | - { section: "nova", param: "project_domain_name", value: "default" } 133 | - { section: "nova", param: "user_domain_name", value: "default" } 134 | - { section: "nova", param: "region_name", value: "{{ neutron_service_region }}" } 135 | - { section: "nova", param: "project_name", value: "service" } 136 | - { section: "nova", param: "username", value: "{{ neutron_nova_username }}" } 137 | - { section: "nova", param: "password", value: "{{ neutron_nova_password }}" } 138 | - { section: "oslo_concurrency", param: "lock_path", value: "{{ neutron_lock_path }}" } 139 | - { section: "oslo_messaging_rabbit", param: "rabbit_userid", value: "{{ neutron_rabbitmq_userid }}" } 140 | - { section: "oslo_messaging_rabbit", param: "rabbit_password", value: "{{ neutron_rabbitmq_password }}" } 141 | - { section: "oslo_messaging_rabbit", param: "rabbit_virtual_host", value: "{{ neutron_rabbitmq_vhost }}" } 142 | - { section: "oslo_messaging_rabbit", param: "rabbit_hosts", value: "{{ neutron_rabbit_hosts }}" } 143 | - { section: "oslo_messaging_rabbit", param: "rabbit_retry_interval", value: "{{ neutron_rabbit_retry_interval }}" } 144 | - { section: "oslo_messaging_rabbit", param: "rabbit_retry_backoff", value: "{{ neutron_rabbit_retry_backoff }}" } 145 | - { section: "oslo_messaging_rabbit", param: "rabbit_max_retries", value: "{{ neutron_rabbit_max_retries }}" } 146 | - { section: "oslo_messaging_rabbit", param: "rabbit_durable_queues", value: "{{ neutron_rabbit_durable_queues }}" } 147 | - { section: "oslo_messaging_rabbit", param: "rabbit_ha_queues", value: "{{ neutron_rabbit_ha_queues }}" } 148 | 149 | neutron_ml2_config: 150 | - { section: "ml2", param: "type_drivers", value: "{{ neutron_ml2_type_drivers }}" } 151 | - { section: "ml2", param: "tenant_network_types", value: "{{ neutron_ml2_tenant_network_types }}" } 152 | - { section: "ml2", param: "mechanism_drivers", value: "{{ neutron_ml2_mechanism_drivers }}" } 153 | - { section: "ml2", param: "extension_drivers", value: "{{ neutron_ml2_extension_drivers }}" } 154 | - { section: "ml2_type_flat", param: "flat_networks", value: "{{ neutron_ml2_flat_networks }}" } 155 | - { section: "securitygroup", param: "enable_ipset", value: "{{ neutron_ml2_enable_ipset }}" } 156 | - { section: "ml2_type_vlan", param: "network_vlan_ranges", value: "{{ neutron_network_vlan_ranges }}" } 157 | 158 | neutron_ml2_lxb_config: 159 | - { section: "linux_bridge", param: "physical_interface_mappings", value: "{{ neutron_ml2_physical_interface_mappings }}" } 160 | - { section: "vxlan", param: "enable_vxlan", value: "{{ neutron_ml2_enable_vxlan }}" } 161 | - { section: "securitygroup", param: "enable_security_group", value: "{{ neutron_ml2_enable_security_group }}" } 162 | - { section: "securitygroup", param: "firewall_driver", value: "{{ neutron_ml2_firewall_driver }}" } 163 | 164 | neutron_dhcp_config: 165 | - { section: "DEFAULT", param: "interface_driver", value: "{{ neutron_dhcp_interface_driver }}" } 166 | - { section: "DEFAULT", param: "dhcp_driver", value: "{{ neutron_dhcp_dhcp_driver }}" } 167 | - { section: "DEFAULT", param: "enable_isolated_metadata", value: "{{ neutron_dhcp_enable_isolated_metadata }}" } 168 | 169 | neutron_l3_config: 170 | - { section: "DEFAULT", param: "interface_driver", value: "{{ neutron_l3_interface_driver }}" } 171 | - { section: "DEFAULT", param: "external_network_bridge", value: "{{ neutron_l3_external_network_bridge }}" } 172 | 173 | neutron_metadata_config: 174 | - { section: "DEFAULT", param: "nova_metadata_ip", value: "{{ neutron_metadata_nova_metadata_ip }}" } 175 | - { section: "DEFAULT", param: "metadata_proxy_shared_secret", value: "{{ neutron_metadata_proxy_shared_secret }}" } 176 | 177 | neutron_nova_config: 178 | - { section: "neutron", param: "url", value: "{{ neutron_url }}" } 179 | - { section: "neutron", param: "auth_url", value: "{{ openstack_keystone_auth_url }}" } 180 | - { section: "neutron", param: "auth_type", value: "password" } 181 | - { section: "neutron", param: "project_domain_name", value: "default" } 182 | - { section: "neutron", param: "user_domain_name", value: "default" } 183 | - { section: "neutron", param: "region_name", value: "{{ neutron_service_region }}" } 184 | - { section: "neutron", param: "project_name", value: "service" } 185 | - { section: "neutron", param: "username", value: "{{ neutron_keystone_user }}" } 186 | - { section: "neutron", param: "password", value: "{{ neutron_keystone_password }}" } 187 | - { section: "neutron", param: "service_metadata_proxy", value: "{{ neutron_nova_service_metadata_proxy }}" } 188 | - { section: "neutron", param: "metadata_proxy_shared_secret", value: "{{ neutron_metadata_proxy_shared_secret }}" } 189 | 190 | neutron_compute_config: 191 | - { section: "DEFAULT", param: "rpc_backend", value: "{{ neutron_rpc_backend }}" } 192 | - { section: "DEFAULT", param: "auth_strategy", value: "{{ neutron_auth_strategy }}" } 193 | - { section: "DEFAULT", param: "dhcp_lease_duration", value: "{{ neutron_dhcp_lease_duration }}" } 194 | - { section: "keystone_authtoken", param: "auth_uri", value: "{{ openstack_keystone_auth_uri }}" } 195 | - { section: "keystone_authtoken", param: "auth_url", value: "{{ openstack_keystone_auth_url }}" } 196 | - { section: "keystone_authtoken", param: "memcached_servers", value: "{{ neutron_memcached_servers }}" } 197 | - { section: "keystone_authtoken", param: "auth_type", value: "password" } 198 | - { section: "keystone_authtoken", param: "project_domain_name", value: "default" } 199 | - { section: "keystone_authtoken", param: "user_domain_name", value: "default" } 200 | - { section: "keystone_authtoken", param: "project_name", value: "service" } 201 | - { section: "keystone_authtoken", param: "username", value: "{{ neutron_keystone_user }}" } 202 | - { section: "keystone_authtoken", param: "password", value: "{{ neutron_keystone_password }}" } 203 | - { section: "oslo_concurrency", param: "lock_path", value: "{{ neutron_lock_path }}" } 204 | - { section: "oslo_messaging_rabbit", param: "rabbit_userid", value: "{{ neutron_rabbitmq_userid }}" } 205 | - { section: "oslo_messaging_rabbit", param: "rabbit_password", value: "{{ neutron_rabbitmq_password }}" } 206 | - { section: "oslo_messaging_rabbit", param: "rabbit_virtual_host", value: "{{ neutron_rabbitmq_vhost }}" } 207 | - { section: "oslo_messaging_rabbit", param: "rabbit_hosts", value: "{{ neutron_rabbit_hosts }}" } 208 | - { section: "oslo_messaging_rabbit", param: "rabbit_retry_interval", value: "{{ neutron_rabbit_retry_interval }}" } 209 | - { section: "oslo_messaging_rabbit", param: "rabbit_retry_backoff", value: "{{ neutron_rabbit_retry_backoff }}" } 210 | - { section: "oslo_messaging_rabbit", param: "rabbit_max_retries", value: "{{ neutron_rabbit_max_retries }}" } 211 | - { section: "oslo_messaging_rabbit", param: "rabbit_durable_queues", value: "{{ neutron_rabbit_durable_queues }}" } 212 | - { section: "oslo_messaging_rabbit", param: "rabbit_ha_queues", value: "{{ neutron_rabbit_ha_queues }}" } 213 | 214 | neutron_compute_nova_config: 215 | - { section: "neutron", param: "url", value: "{{ neutron_url }}" } 216 | - { section: "neutron", param: "auth_url", value: "{{ openstack_keystone_auth_url }}" } 217 | - { section: "neutron", param: "auth_type", value: "password" } 218 | - { section: "neutron", param: "project_domain_name", value: "default" } 219 | - { section: "neutron", param: "user_domain_name", value: "default" } 220 | - { section: "neutron", param: "region_name", value: "{{ neutron_service_region }}" } 221 | - { section: "neutron", param: "project_name", value: "service" } 222 | - { section: "neutron", param: "username", value: "{{ neutron_keystone_user }}" } 223 | - { section: "neutron", param: "password", value: "{{ neutron_keystone_password }}" } 224 | --------------------------------------------------------------------------------