--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ## Verbosity Options debug: False # Set the package install state for distribution and pip packages # Options are 'present' and 'latest' neutron_package_state: "latest" neutron_pip_package_state: "latest" neutron_git_repo: https://git.openstack.org/openstack/neutron neutron_git_install_branch: master neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas neutron_fwaas_git_install_branch: master neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas neutron_lbaas_git_install_branch: master neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas neutron_vpnaas_git_install_branch: master neutron_dynamic_routing_git_repo: https://git.openstack.org/openstack/neutron-dynamic-routing neutron_dynamic_routing_git_install_branch: master calico_git_repo: https://github.com/projectcalico/felix calico_git_install_branch: master networking_calico_git_repo: https://git.openstack.org/openstack/networking-calico networking_calico_git_install_branch: master dragonflow_git_repo: https://git.openstack.org/openstack/dragonflow dragonflow_git_install_branch: master neutron_developer_mode: false neutron_developer_constraints: - "git+{{ neutron_git_repo }}@{{ neutron_git_install_branch }}#egg=neutron" - "git+{{ neutron_fwaas_git_repo }}@{{ neutron_fwaas_git_install_branch }}#egg=neutron-fwaas" - "git+{{ neutron_lbaas_git_repo }}@{{ neutron_lbaas_git_install_branch }}#egg=neutron-lbaas" - "git+{{ neutron_vpnaas_git_repo }}@{{ neutron_vpnaas_git_install_branch }}#egg=neutron-vpnaas" - "git+{{ neutron_dynamic_routing_git_repo }}@{{ neutron_dynamic_routing_git_install_branch }}#egg=neutron-dynamic-routing" - "git+{{ calico_git_repo }}@{{ calico_git_install_branch }}#egg=felix" - "git+{{ networking_calico_git_repo }}@{{ networking_calico_git_install_branch }}#egg=networking-calico" - "git+{{ dragonflow_git_repo }}@{{ dragonflow_git_install_branch }}#egg=dragonflow" # Name of the virtual env to deploy into neutron_venv_tag: untagged neutron_bin: "/openstack/venvs/neutron-{{ neutron_venv_tag }}/bin" # venv_download, even when true, will use the fallback method of building the # venv from scratch if the venv download fails. neutron_venv_download: "{{ not neutron_developer_mode | bool }}" neutron_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/neutron.tgz # Set the lib dir path to that of the local python path where neutron is installed. neutron_lib_dir: "{{ neutron_bin | dirname }}/lib/python2.7/site-packages/" # Set the Neutron configuration path neutron_conf_dir: /etc/neutron neutron_lock_path: "/var/lock/neutron" # Enable/Disable designate neutron_designate_enabled: False # Notifications topic for designate neutron_notifications_designate: notifications_designate # Enable/Disable Ceilometer neutron_ceilometer_enabled: False # Fatal Deprecations neutron_fatal_deprecations: False ## neutron User / Group neutron_system_user_name: neutron neutron_system_group_name: neutron neutron_system_comment: neutron system user neutron_system_shell: /bin/false neutron_system_home_folder: "/var/lib/{{ neutron_system_user_name }}" ## DB neutron_galera_user: neutron neutron_galera_database: neutron neutron_db_config: "{{ neutron_conf_dir }}/neutron.conf" neutron_db_plugin: "{{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}" neutron_db_max_overflow: 20 neutron_db_pool_size: 120 neutron_db_pool_timeout: 30 ## RabbitMQ info ## Configuration for RPC communications neutron_rabbitmq_userid: neutron neutron_rabbitmq_vhost: /neutron neutron_rabbitmq_port: 5672 neutron_rabbitmq_servers: 127.0.0.1 neutron_rabbitmq_use_ssl: False ## Configuration for notifications communication, i.e. [oslo_messaging_notifications] neutron_rabbitmq_telemetry_userid: "{{ neutron_rabbitmq_userid }}" neutron_rabbitmq_telemetry_password: "{{ neutron_rabbitmq_password }}" neutron_rabbitmq_telemetry_vhost: "{{ neutron_rabbitmq_vhost }}" neutron_rabbitmq_telemetry_port: "{{ neutron_rabbitmq_port }}" neutron_rabbitmq_telemetry_servers: "{{ neutron_rabbitmq_servers }}" neutron_rabbitmq_telemetry_use_ssl: "{{ neutron_rabbitmq_use_ssl }}" ## Plugins neutron_plugin_core: "{{ neutron_plugins[neutron_plugin_type].plugin_core }}" # Other plugins can be added to the system by simply extending the list `neutron_plugin_base`. # neutron_plugin_base: # - router # - firewall # - lbaas # - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 # - neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin # - vpnaas # - metering # - qos neutron_plugin_base: - router - metering neutron_plugin_loaded_base: "{% for plugin in neutron_plugin_base %}{{ plugin }}{% if not loop.last %},{% endif %}{% endfor %}" # Neutron Plugins # The neutron core plugin (ML2) is defined with neutron_plugin_type, # you can not load multiple ML2 plugins as core. # Additional ML2 plugins can be loaded with neutron_plugin_types (as list) neutron_plugin_type: 'ml2.lxb' neutron_plugin_types: [] neutron_ml2_mechanism_drivers: >- {%- set _var = [] -%} {%- for plugin in [neutron_plugin_type]|union(neutron_plugin_types) -%} {%- if _var.append(neutron_plugins[plugin].mechanisms) -%}{%- endif -%} {%- endfor -%} {%- if neutron_l2_population | bool -%} {%- if _var.append('l2population') -%}{%- endif -%} {%- endif -%} {{ _var | join(',') }} neutron_plugins: ml2.lxb: driver_firewall: iptables driver_interface: linuxbridge drivers_type: "{{ neutron_ml2_drivers_type }}" l2_population: "{{ neutron_l2_population }}" mechanisms: "linuxbridge" l3_agent_mode: "legacy" plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: ml2 plugin_ini: plugins/ml2/ml2_conf.ini ml2.ovs: driver_firewall: iptables_hybrid driver_interface: openvswitch drivers_type: "{{ neutron_ml2_drivers_type }}" l2_population: "{{ neutron_l2_population }}" mechanisms: "openvswitch" l3_agent_mode: "legacy" plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: ml2 plugin_ini: plugins/ml2/ml2_conf.ini ml2.ovs.dvr: driver_firewall: iptables_hybrid driver_interface: openvswitch drivers_type: "{{ neutron_ml2_drivers_type }}" l2_population: "{{ neutron_l2_population }}" mechanisms: "openvswitch" l3_agent_mode: "{% if 'nova_compute' in group_names %}dvr{% else %}dvr_snat{% endif %}" router_distributed: True plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: ml2 plugin_ini: plugins/ml2/ml2_conf.ini ml2.calico: drivers_type: "flat, local" mechanisms: "calico" plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: ml2 plugin_ini: plugins/ml2/ml2_conf.ini ml2.dragonflow: plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin plugin_ini: plugins/ml2/ml2_conf.ini drivers_type: "{{ neutron_ml2_drivers_type }}" mechanisms: "df" plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" l3_agent_mode: "legacy" driver_interface: "openvswitch" plumgrid: plugin_conf_ini_overrides: "{{ neutron_plumgrid_conf_ini_overrides }}" plugin_core: networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2 plugin_ini: plugins/plumgrid/plumgrid.ini nuage: plugin_core: neutron.plugins.nuage.plugin.NuagePlugin plugin_ini: plugins/nuage/nuage.ini plugin_conf_ini_overrides: "{{ neutron_nuage_conf_ini_overrides }}" ml2.sriov: driver_types: "{{ neutron_ml2_drivers_type }}" mechanisms: "sriovnicswitch" plugin_ini: plugins/ml2/sriov_nic_agent.ini plugin_conf_ini_overrides: "{{ neutron_sriov_nic_agent_ini_overrides }}" neutron_services: neutron-dhcp-agent: group: neutron_dhcp_agent service_name: neutron-dhcp-agent service_en: "{{ neutron_dhcp | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: dhcp_agent.ini service_rootwrap: rootwrap.d/dhcp.filters config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/dhcp_agent.ini --log-file=/var/log/neutron/neutron-dhcp-agent.log" config_overrides: "{{ neutron_dhcp_agent_ini_overrides }}" config_type: "ini" neutron-openvswitch-agent: group: neutron_openvswitch_agent service_name: neutron-openvswitch-agent service_en: "{{ 'ml2.ovs' in neutron_plugin_type }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: plugins/ml2/openvswitch_agent.ini service_rootwrap: rootwrap.d/openvswitch-plugin.filters config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/openvswitch_agent.ini --log-file=/var/log/neutron/neutron-openvswitch-agent.log" config_overrides: "{{ neutron_openvswitch_agent_ini_overrides }}" config_type: "ini" neutron-linuxbridge-agent: group: neutron_linuxbridge_agent service_name: neutron-linuxbridge-agent service_en: "{{ neutron_plugin_type == 'ml2.lxb' }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: plugins/ml2/linuxbridge_agent.ini service_rootwrap: rootwrap.d/linuxbridge-plugin.filters config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/linuxbridge_agent.ini --log-file=/var/log/neutron/neutron-linuxbridge-agent.log" config_overrides: "{{ neutron_linuxbridge_agent_ini_overrides }}" config_type: "ini" neutron-metadata-agent: group: neutron_metadata_agent service_name: neutron-metadata-agent service_en: "{{ neutron_metadata | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: metadata_agent.ini config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metadata_agent.ini --log-file=/var/log/neutron/neutron-metadata-agent.log" config_overrides: "{{ neutron_metadata_agent_ini_overrides }}" config_type: "ini" neutron-metering-agent: group: neutron_metering_agent service_name: neutron-metering-agent service_en: "{{ neutron_metering | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: metering_agent.ini config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metering_agent.ini --log-file=/var/log/neutron/neutron-metering-agent.log" config_overrides: "{{ neutron_metering_agent_ini_overrides }}" config_type: "ini" # Other agents will use neutron_plugins[neutron_plugin_type].driver_interface # for the interface_driver, but that uses a stevedore alias. Metering agent # hasn't been updated to use stevedore alises so that fails. To work around # the problem until metering agent is updated, we should use the full # module.class path to the interface driver. # TODO(hughsaunders): switch back to stevedore when # https://review.openstack.org/#/c/419881/ merges and is backported. interface_driver: neutron.agent.linux.interface.BridgeInterfaceDriver neutron-l3-agent: group: neutron_l3_agent service_name: neutron-l3-agent service_en: "{{ neutron_l3 | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: l3_agent.ini service_rootwrap: rootwrap.d/l3.filters config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/l3_agent.ini --log-file=/var/log/neutron/neutron-l3-agent.log" config_overrides: "{{ neutron_l3_agent_ini_overrides }}" config_type: "ini" neutron-lbaasv2-agent: group: neutron_lbaas_agent service_name: neutron-lbaasv2-agent service_en: "{{ neutron_lbaasv2 | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: lbaas_agent.ini service_rootwrap: rootwrap.d/lbaas-haproxy.filters config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/lbaas_agent.ini --log-file=/var/log/neutron/neutron-lbaasv2-agent.log" config_overrides: "{{ neutron_lbaas_agent_ini_overrides }}" config_type: "ini" neutron-bgp-dragent: group: neutron_bgp_dragent service_name: neutron-bgp-dragent service_en: "{{ neutron_bgp | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: bgp_dragent.ini config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/bgp_dragent.ini --log-file=/var/log/neutron/neutron-bgp-dragent.log" config_overrides: "{{ neutron_bgp_dragent_ini_overrides }}" config_type: "ini" neutron-vpnaas-agent: group: neutron_l3_agent service_name: neutron-vpn-agent service_en: "{{ neutron_vpnaas | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: vpnaas_agent.ini service_rootwrap: rootwrap.d/vpnaas.filters config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/vpnaas_agent.ini --log-file=/var/log/neutron/neutron-vpn-agent.log" config_overrides: "{{ neutron_vpnaas_agent_ini_overrides }}" config_type: "ini" neutron-server: group: neutron_server service_name: neutron-server service_en: True config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }} --log-file=/var/log/neutron/neutron-server.log {% if neutron_plugin_type == 'ml2.dragonflow' %}--config-file {{ neutron_conf_dir }}/dragonflow.ini{% endif %}" calico-felix: group: neutron_calico_dhcp_agent service_name: calico-felix service_en: "{{ neutron_plugin_type == 'ml2.calico' }}" service_conf_path: /etc/calico service_conf: felix.cfg config_options: --config-file /etc/calico/felix.cfg config_overrides: "{{ neutron_calico_felix_ini_overrides }}" config_type: "ini" calico-dhcp-agent: group: neutron_calico_dhcp_agent service_name: calico-dhcp-agent service_en: "{{ neutron_plugin_type == 'ml2.calico' }}" service_rootwrap: rootwrap.d/dhcp.filters config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf" config_overrides: "{{ neutron_calico_dhcp_agent_ini_overrides }}" config_type: "ini" neutron-sriov-nic-agent: group: neutron_sriov_nic_agent service_name: neutron-sriov-nic-agent service_en: "{{ 'ml2.sriov' in neutron_plugin_types }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: plugins/ml2/sriov_nic_agent.ini config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/sriov_nic_agent.ini --log-file=/var/log/neutron/neutron-sriov-nic-agent.log" config_overrides: "{{ neutron_sriov_nic_agent_ini_overrides }}" config_type: "ini" dragonflow-controller-agent: group: dragonflow_controller_agent service_name: df-local-controller service_en: "{{ neutron_plugin_type == 'ml2.dragonflow' }}" config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/dragonflow.ini --log-file=/var/log/dragonflow/df-local-controller.log" config_overrides: "{{ neutron_dragonflow_ini_overrides }}" config_type: "ini" dragonflow-l3-agent: group: dragonflow_l3_agent service_name: df-l3-agent service_en: "{{ neutron_plugin_type == 'ml2.dragonflow' and neutron_l3 | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: l3_agent.ini service_rootwrap: rootwrap.d/l3.filters config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/l3_agent.ini --log-file=/var/log/dragonflow/df-l3-agent.log" config_overrides: "{{ neutron_dragonflow_ini_overrides }}" config_type: "ini" dragonflow-pubsub-agent: group: dragonflow_pubsub_agent service_name: df-publisher-service service_en: "{{ neutron_plugin_type == 'ml2.dragonflow' }}" config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/dragonflow.ini --log-file=/var/log/dragonflow/df-publisher-service.log" config_overrides: "{{ neutron_dragonflow_ini_overrides }}" config_type: "ini" ## Neutron DHCP Agent neutron_dhcp: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}" ## Neutron Metadata Agent neutron_metadata: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}" ## Neutron LBaaS # See documentation section titled "Configuring the Network Load Balancing # Service (Optional)" for more details. # # To enable LBaaS v2, add the following item to the neutron_plugin_base list: # neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 # # NOTE(mhayden): neutron-lbaas doesn't have entry points and the full classpath # is required. neutron_lbaasv2: "{% if 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2' in neutron_plugin_base %}True{% else %}False{% endif %}" neutron_lbaasv2_device_driver: neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver neutron_lbaasv2_service_provider: LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default ## Neutron L3 ## Please add 'router' to the neutron_plugin_base list #TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle # Should the neutron-l3-agent service should be enabled on the host neutron_l3: "{% if 'router' in neutron_plugin_base or 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' in neutron_plugin_base or 'df-l3' in neutron_plugin_base %}True{% else %}False{% endif %}" # Set this option to "true" to enable legacy neutron L3HA tool support # TODO(cloudnull): Remove this in the Ocata cycle neutron_legacy_ha_tool_enabled: false ## Neutron Metering # Please add 'metering' to the neutron_plugin_base list #TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services.metering.metering_plugin.MeteringPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}" ## Neutron FWaaS # Please add the 'firewall' to the neutron_plugin_base list neutron_fwaas: "{% if 'firewall' in neutron_plugin_base %}True{% else %}False{% endif %}" ## Neutron VPNaaS # Please add the 'vpnaas' to the neutron_plugin_base list neutron_vpnaas: "{% if 'vpnaas' in neutron_plugin_base %}True{% else %}False{% endif %}" ## Neutron Dynamic Routing Agent's BGP plugin # To enable the BGP plugin, add the following item to the neutron_plugin_base list: # neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin # # NOTE(matias): BgpPlugin doesn't have entry points and the full classpath # is required. neutron_bgp: "{% if 'neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}" neutron_bgp_speaker_driver: neutron_dynamic_routing.services.bgp.agent.driver.ryu.driver.RyuBgpDriver neutron_bgp_router_id: "{{ neutron_local_ip }}" ## Drivers neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler neutron_driver_loadbalancer_pool_scheduler: neutron_lbaas.services.loadbalancer.agent_scheduler.ChanceScheduler neutron_driver_metering: neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver neutron_driver_dhcp: neutron.agent.linux.dhcp.Dnsmasq neutron_driver_quota: neutron.db.quota.driver.DbQuotaDriver ## Quotas neutron_default_quota: -1 neutron_quota_floatingip: 50 neutron_quota_health_monitor: -1 neutron_quota_member: -1 neutron_quota_network: 10 neutron_quota_network_gateway: 5 neutron_quota_packet_filter: 100 neutron_quota_pool: 10 neutron_quota_port: 50 neutron_quota_router: 10 neutron_quota_security_group: 10 neutron_quota_security_group_rule: 100 neutron_quota_subnet: 10 neutron_quota_vip: 10 ## General Neutron configuration # If ``neutron_api_workers`` is unset the system will use half the number of available VCPUs to # compute the number of api workers to use with a default capping value of 16. # neutron_api_workers: 16 # If ``neutron_metadata_workers`` is unset the system will use half the number of available VCPUs to # compute the number of api workers to use with a default capping value of 16. # neutron_metadata_workers: 16 ## Cap the maximun number of threads / workers when a user value is unspecified. neutron_api_threads_max: 16 neutron_api_threads: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, neutron_api_threads_max] | min }}" neutron_metadata_backlog: 4096 ## Auth neutron_service_project_name: service neutron_service_project_domain_id: default neutron_service_user_domain_id: default neutron_service_role_name: admin neutron_service_user_name: neutron neutron_service_name: neutron neutron_service_type: network neutron_service_description: "OpenStack Networking" neutron_service_port: 9696 neutron_service_proto: http neutron_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(neutron_service_proto) }}" neutron_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(neutron_service_proto) }}" neutron_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(neutron_service_proto) }}" neutron_service_publicuri: "{{ neutron_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}" neutron_service_publicurl: "{{ neutron_service_publicuri }}" neutron_service_adminuri: "{{ neutron_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}" neutron_service_adminurl: "{{ neutron_service_adminuri }}" neutron_service_internaluri: "{{ neutron_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}" neutron_service_internalurl: "{{ neutron_service_internaluri }}" neutron_service_region: RegionOne ## Keystone authentication middleware neutron_keystone_auth_plugin: password ## Agent neutron_external_network_bridge: "" neutron_gateway_external_network_id: "" neutron_agent_down_time: 120 neutron_agent_polling_interval: 5 neutron_report_interval: "{{ neutron_agent_down_time | int / 2 | int }}" # L3HA configuration options. neutron_ha_vrrp_auth_type: PASS neutron_l3_ha_net_cidr: 169.254.192.0/18 # DHCP AGENT CONFIG neutron_dhcp_config: log-facility: "/var/log/neutron/neutron-dnsmasq.log" _neutron_non_tunnel_types: - flat - vlan - local # ml2 network type drivers to load neutron_ml2_drivers_type: "flat,vlan,vxlan,local" # Tunnel network types used by the OVS agent neutron_tunnel_types: "{{ neutron_ml2_drivers_type.split(',') | difference(_neutron_non_tunnel_types) | join(',') }}" # Enable or disable L2 Population. neutron_l2_population: "False" ## The neutron multicast group address. This should be set as a host variable if used. ## This defaults to the multicast address "239.1.1.1" # neutron_vxlan_group: 239.1.1.100 neutron_vxlan_group: "239.1.1.1" ## Set this variable to configure the provider networks that will be available ## When setting up networking in things like the ml2_conf.ini file. Normally ## this will be defined as a host variable used within neutron as network configuration ## are likely to differ in between hosts. # neutron_provider_networks: # network_flat_networks: "flat" # network_mappings: "flat:eth12,vlan:eth11" # network_types: "vxlan,flat,vlan" # network_vlan_ranges: "vlan:1:1,vlan:1024:1025" # network_vxlan_ranges: "1:1000" # network_sriov_mappings: "vlan:p4p1" neutron_vxlan_enabled: true neutron_sriov_excluded_devices: "" neutron_dns_domain: openstacklocal # Comma-separated list of DNS servers which will be used by dnsmasq as forwarders. neutron_dnsmasq_dns_servers: "" # Limit number of leases to prevent a denial-of-service. neutron_dnsmasq_lease_max: 16777216 # If ``neutron_num_sync_threads`` is unset, the system will use the value of # neutron_api_threads in templates/dhcp_agent.ini.j2 for num_sync_threads. # neutron_num_sync_threads: 4 ## RPC neutron_rpc_backend: rabbit neutron_rpc_thread_pool_size: 64 neutron_rpc_conn_pool_size: 30 neutron_rpc_response_timeout: 60 neutron_rpc_workers: 1 neutron_service_in_ldap: false ## Policy vars # Provide a list of access controls to update the default policy.json with. These changes will be merged # with the access controls in the default policy.json. E.g. #neutron_policy_overrides: # "create_subnet": "rule:admin_or_network_owner" # "get_subnet": "rule:admin_or_owner or rule:shared" # neutron_local_ip is used for the VXLAN local tunnel endpoint neutron_local_ip: 127.0.0.1 # neutron_management_ip is used to configure the location (IP) of the # neutron-server # Currently only used in Dragonflow neutron_management_ip: 127.0.0.1 # When running in an AIO, we need to implement an iptables rule in any # neutron_agent containers to that ensure instances can communicate with # the neutron metadata service. This is necessary because in an AIO # environment there are no physical interfaces involved in instance -> # metadata requests, and this results in the checksums being incorrect. neutron_metadata_checksum_fix: False #Dragonflow configuration # Database specific configuration dragonflow_remote_db_ip: 127.0.0.1 # etcd has local proxy installed dragonflow_remote_db_port: 4001 dragonflow_nb_db_class: etcd_nb_db_driver dragonflow_pub_sub_driver: zmq_pubsub_driver dragonflow_pub_sub_multiproc_driver: zmq_pubsub_multiproc_driver dragonflow_pub_sub_multiproc_enabled: "{{ (dragonflow_pub_sub_multiproc_driver | default('', True)) | length > 0 }}" dragonflow_port_status_notifier: dragonflow_apps: - l2_app.L2App - l3_proactive_app.L3ProactiveApp - dhcp_app.DHCPApp - dnat_app.DNATApp - sg_app.SGApp - portsec_app.PortSecApp dragonflow_ex_peer_patch_port: patch-int dragonflow_int_peer_patch_port: patch-ex dragonflow_external_network_bridge: br-ex dragonflow_publisher_bind_address: "*" # neutron packages that must be installed before anything else neutron_requires_pip_packages: - virtualenv - virtualenv-tools - python-keystoneclient # Keystoneclient needed to OSA keystone lib - httplib2 neutron_pip_packages: - configobj - cliff - keystonemiddleware - PyMySQL - neutron - pycrypto - python-glanceclient - python-keystoneclient - python-memcached - python-neutronclient - python-novaclient - repoze.lru neutron_optional_bgp_pip_packages: - neutron_dynamic_routing neutron_optional_calico_pip_packages: - felix - networking-calico - python-etcd neutron_optional_fwaas_pip_packages: - neutron_fwaas neutron_optional_lbaas_pip_packages: - neutron_lbaas neutron_optional_vpnaas_pip_packages: - neutron_vpnaas neutron_optional_dragonflow_pip_packages: - dragonflow - python-etcd neutron_proprietary_nuage_pip_packages: - nuage-openstack-neutron - nuage-openstack-neutronclient - nuagenetlib # This variable is used by the repo_build process to determine # which host group to check for members of before building the # pip packages required by this role. The value is picked up # by the py_pkgs lookup. neutron_role_project_group: neutron_all ## Tunable overrides neutron_neutron_conf_overrides: {} neutron_ml2_conf_ini_overrides: {} neutron_plumgrid_conf_ini_overrides: {} neutron_plumlib_ini_overrides: {} neutron_nuage_conf_ini_overrides: {} neutron_dhcp_agent_ini_overrides: {} neutron_api_paste_ini_overrides: {} neutron_rootwrap_conf_overrides: {} neutron_policy_overrides: {} neutron_dnsmasq_neutron_conf_overrides: {} neutron_l3_agent_ini_overrides: {} neutron_metadata_agent_ini_overrides: {} neutron_metering_agent_ini_overrides: {} neutron_linuxbridge_agent_ini_overrides: {} neutron_lbaas_agent_ini_overrides: {} neutron_vpnaas_agent_ini_overrides: {} neutron_openvswitch_agent_ini_overrides: {} neutron_bgp_dragent_ini_overrides: {} neutron_calico_dhcp_agent_ini_overrides: {} neutron_calico_felix_ini_overrides: {} neutron_sriov_nic_agent_ini_overrides: {} neutron_dragonflow_ini_overrides: {}