--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ## Verbosity Options debug: False # Set the package install state for distribution packages # Options are 'present' and 'latest' neutron_package_state: "latest" neutron_git_repo: https://git.openstack.org/openstack/neutron neutron_git_install_branch: master neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas neutron_fwaas_git_install_branch: master neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas neutron_lbaas_git_install_branch: master neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas neutron_vpnaas_git_install_branch: master neutron_requirements_git_repo: https://git.openstack.org/openstack/requirements neutron_requirements_git_install_branch: master neutron_developer_mode: false neutron_developer_constraints: - "git+{{ neutron_git_repo }}@{{ neutron_git_install_branch }}#egg=neutron" - "git+{{ neutron_fwaas_git_repo }}@{{ neutron_fwaas_git_install_branch }}#egg=neutron-fwaas" - "git+{{ neutron_lbaas_git_repo }}@{{ neutron_lbaas_git_install_branch }}#egg=neutron-lbaas" - "git+{{ neutron_vpnaas_git_repo }}@{{ neutron_vpnaas_git_install_branch }}#egg=neutron-vpnaas" # Name of the virtual env to deploy into neutron_venv_tag: untagged neutron_bin: "/openstack/venvs/neutron-{{ neutron_venv_tag }}/bin" neutron_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/neutron.tgz # Set the lib dir path to that of the local python path where neutron is installed. neutron_lib_dir: "{{ neutron_bin | dirname }}/lib/python2.7/site-packages/" # Enable/Disable Ceilometer neutron_ceilometer_enabled: False # Fatal Deprecations neutron_fatal_deprecations: False ## neutron User / Group neutron_system_user_name: neutron neutron_system_group_name: neutron neutron_system_comment: neutron system user neutron_system_shell: /bin/false neutron_system_home_folder: "/var/lib/{{ neutron_system_user_name }}" ## DB neutron_galera_user: neutron neutron_galera_database: neutron neutron_db_config: /etc/neutron/neutron.conf neutron_db_plugin: "/etc/neutron/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}" neutron_db_max_overflow: 20 neutron_db_pool_size: 120 neutron_db_pool_timeout: 30 ## RabbitMQ info ## Configuration for RPC communications neutron_rabbitmq_userid: neutron neutron_rabbitmq_vhost: /neutron neutron_rabbitmq_port: 5672 neutron_rabbitmq_servers: 127.0.0.1 neutron_rabbitmq_use_ssl: False ## Configuration for notifications communication, i.e. [oslo_messaging_notifications] neutron_rabbitmq_telemetry_userid: "{{ neutron_rabbitmq_userid }}" neutron_rabbitmq_telemetry_password: "{{ neutron_rabbitmq_password }}" neutron_rabbitmq_telemetry_vhost: "{{ neutron_rabbitmq_vhost }}" neutron_rabbitmq_telemetry_port: "{{ neutron_rabbitmq_port }}" neutron_rabbitmq_telemetry_servers: "{{ neutron_rabbitmq_servers }}" neutron_rabbitmq_telemetry_use_ssl: "{{ neutron_rabbitmq_use_ssl }}" ## Plugins neutron_plugin_core: "{{ neutron_plugins[neutron_plugin_type].plugin_core }}" # Other plugins can be added to the system by simply extending the list `neutron_plugin_base`. # neutron_plugin_base: # - router # - firewall # - lbaas # - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 # - vpnaas # - metering # - qos neutron_plugin_base: - router - metering neutron_plugin_loaded_base: "{% for plugin in neutron_plugin_base %}{{ plugin }}{% if not loop.last %},{% endif %}{% endfor %}" # Neutron Plugins neutron_plugin_type: ml2.lxb neutron_plugins: ml2.lxb: driver_firewall: neutron.agent.linux.iptables_firewall.IptablesFirewallDriver driver_interface: neutron.agent.linux.interface.BridgeInterfaceDriver drivers_type: "{{ neutron_ml2_drivers_type }}" l2_population: "{{ neutron_l2_population }}" mechanisms: "linuxbridge{% if neutron_l2_population | bool %},l2population{% endif %}" l3_agent_mode: "legacy" plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin plugin_ini: plugins/ml2/ml2_conf.ini ml2.ovs: driver_firewall: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver driver_interface: neutron.agent.linux.interface.OVSInterfaceDriver drivers_type: "{{ neutron_ml2_drivers_type }}" l2_population: "{{ neutron_l2_population }}" mechanisms: "openvswitch{% if neutron_l2_population | bool %},l2population{% endif %}" l3_agent_mode: "legacy" plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin plugin_ini: plugins/ml2/ml2_conf.ini ml2.ovs.dvr: driver_firewall: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver driver_interface: neutron.agent.linux.interface.OVSInterfaceDriver drivers_type: "{{ neutron_ml2_drivers_type }}" l2_population: "{{ neutron_l2_population }}" mechanisms: "openvswitch{% if neutron_l2_population | bool %},l2population{% endif %}" l3_agent_mode: "{% if 'nova_compute' in group_names %}dvr{% else %}dvr_snat{% endif %}" router_distributed: True plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin plugin_ini: plugins/ml2/ml2_conf.ini plumgrid: plugin_conf_ini_overrides: "{{ neutron_plumgrid_conf_ini_overrides }}" plugin_core: networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2 plugin_ini: plugins/plumgrid/plumgrid.ini nuage: plugin_core: neutron.plugins.nuage.plugin.NuagePlugin plugin_ini: plugins/nuage/nuage.ini plugin_conf_ini_overrides: "{{ neutron_nuage_conf_ini_overrides }}" neutron_services: neutron-dhcp-agent: group: neutron_dhcp_agent service_name: neutron-dhcp-agent service_en: "{{ neutron_dhcp | bool }}" service_conf_path: "/etc/neutron" service_conf: dhcp_agent.ini service_rootwrap: rootwrap.d/dhcp.filters config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file=/var/log/neutron/neutron-dhcp-agent.log config_overrides: "{{ neutron_dhcp_agent_ini_overrides }}" config_type: "ini" neutron-openvswitch-agent: group: neutron_openvswitch_agent service_name: neutron-openvswitch-agent service_en: "{{ 'ml2.ovs' in neutron_plugin_type }}" service_conf_path: "/etc/neutron" service_conf: plugins/ml2/openvswitch_agent.ini service_rootwrap: rootwrap.d/openvswitch-plugin.filters config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --log-file=/var/log/neutron/neutron-openvswitch-agent.log config_overrides: "{{ neutron_openvswitch_agent_ini_overrides }}" config_type: "ini" neutron-linuxbridge-agent: group: neutron_linuxbridge_agent service_name: neutron-linuxbridge-agent service_en: "{{ neutron_plugin_type == 'ml2.lxb' }}" service_conf_path: "/etc/neutron" service_conf: plugins/ml2/linuxbridge_agent.ini service_rootwrap: rootwrap.d/linuxbridge-plugin.filters config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini --log-file=/var/log/neutron/neutron-linuxbridge-agent.log config_overrides: "{{ neutron_linuxbridge_agent_ini_overrides }}" config_type: "ini" neutron-metadata-agent: group: neutron_metadata_agent service_name: neutron-metadata-agent service_en: "{{ neutron_metadata | bool }}" service_conf_path: "/etc/neutron" service_conf: metadata_agent.ini config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --log-file=/var/log/neutron/neutron-metadata-agent.log config_overrides: "{{ neutron_metadata_agent_ini_overrides }}" config_type: "ini" neutron-metering-agent: group: neutron_metering_agent service_name: neutron-metering-agent service_en: "{{ neutron_metering | bool }}" service_conf_path: "/etc/neutron" service_conf: metering_agent.ini config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metering_agent.ini --log-file=/var/log/neutron/neutron-metering-agent.log config_overrides: "{{ neutron_metering_agent_ini_overrides }}" config_type: "ini" neutron-l3-agent: group: neutron_l3_agent service_name: neutron-l3-agent service_en: "{{ neutron_l3 | bool }}" service_conf_path: "/etc/neutron" service_conf: l3_agent.ini service_rootwrap: rootwrap.d/l3.filters config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --log-file=/var/log/neutron/neutron-l3-agent.log config_overrides: "{{ neutron_l3_agent_ini_overrides }}" config_type: "ini" neutron-lbaasv2-agent: group: neutron_lbaasv2_agent service_name: neutron-lbaasv2-agent service_en: "{{ neutron_lbaasv2 | bool }}" service_conf_path: "/etc/neutron" service_conf: lbaas_agent.ini service_rootwrap: rootwrap.d/lbaas-haproxy.filters config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/lbaas_agent.ini --log-file=/var/log/neutron/neutron-lbaasv2-agent.log config_overrides: "{{ neutron_lbaas_agent_ini_overrides }}" config_type: "ini" neutron-vpnaas-agent: group: neutron_l3_agent service_name: neutron-vpn-agent service_en: "{{ neutron_vpnaas | bool }}" service_conf_path: "/etc/neutron" service_conf: vpnaas_agent.ini service_rootwrap: rootwrap.d/vpnaas.filters config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/vpnaas_agent.ini --log-file=/var/log/neutron/neutron-vpn-agent.log config_overrides: "{{ neutron_vpnaas_agent_ini_overrides }}" config_type: "ini" neutron-server: group: neutron_server service_name: neutron-server service_en: True config_options: "--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/{{ neutron_plugins[neutron_plugin_type].plugin_ini }} --log-file=/var/log/neutron/neutron-server.log" ## Neutron DHCP Agent neutron_dhcp: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}" ## Neutron Metadata Agent neutron_metadata: "{% if neutron_plugin_type.split('.')[0] == 'ml2' and (neutron_plugin_type == 'ml2.ovs.dvr' or 'nova_compute' not in group_names) %}True{% else %}False{% endif %}" ## Neutron LBaaS # See documentation section titled "Configuring the Network Load Balancing # Service (Optional)" for more details. # # To enable LBaaS v2, add the following item to the neutron_plugin_base list: # neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 # # NOTE(mhayden): neutron-lbaas doesn't have entry points and the full classpath # is required. neutron_lbaasv2: "{% if 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2' in neutron_plugin_base %}True{% else %}False{% endif %}" neutron_lbaasv2_device_driver: neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver neutron_lbaasv2_service_provider: LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default ## Neutron L3 ## Please add 'router' to the neutron_plugin_base list #TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle # Should the neutron-l3-agent service should be enabled on the host neutron_l3: "{% if ('router' in neutron_plugin_base or 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' in neutron_plugin_base) and (neutron_plugin_type == 'ml2.ovs.dvr' or 'nova_compute' not in group_names) %}True{% else %}False{% endif %}" # Set this option to "true" to enable legacy neutron L3HA tool support # TODO(cloudnull): Remove this in the Ocata cycle neutron_legacy_ha_tool_enabled: false ## Neutron Metering # Please add 'metering' to the neutron_plugin_base list #TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services.metering.metering_plugin.MeteringPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}" ## Neutron FWaaS # Please add the 'firewall' to the neutron_plugin_base list neutron_fwaas: "{% if 'firewall' in neutron_plugin_base %}True{% else %}False{% endif %}" ## Neutron VPNaaS # Please add the 'vpnaas' to the neutron_plugin_base list neutron_vpnaas: "{% if 'vpnaas' in neutron_plugin_base %}True{% else %}False{% endif %}" ## Drivers neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler neutron_driver_loadbalancer_pool_scheduler: neutron_lbaas.services.loadbalancer.agent_scheduler.ChanceScheduler neutron_driver_metering: neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver neutron_driver_dhcp: neutron.agent.linux.dhcp.Dnsmasq neutron_driver_quota: neutron.db.quota.driver.DbQuotaDriver neutron_driver_vpnaas: neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver ## Quotas neutron_default_quota: -1 neutron_quota_floatingip: 50 neutron_quota_health_monitor: -1 neutron_quota_member: -1 neutron_quota_network: 10 neutron_quota_network_gateway: 5 neutron_quota_packet_filter: 100 neutron_quota_pool: 10 neutron_quota_port: 50 neutron_quota_router: 10 neutron_quota_security_group: 10 neutron_quota_security_group_rule: 100 neutron_quota_subnet: 10 neutron_quota_vip: 10 ## General Neutron configuration # If ``neutron_api_workers`` is unset the system will use half the number of available VCPUs to # compute the number of api workers to use. # neutron_api_workers: 16 # If ``neutron_metadata_workers`` is unset the system will use half the number of available VCPUs to # compute the number of api workers to use. # neutron_metadata_workers: 16 neutron_metadata_backlog: 4096 ## Auth neutron_service_project_name: service neutron_service_project_domain_id: default neutron_service_user_domain_id: default neutron_service_role_name: admin neutron_service_user_name: neutron neutron_service_name: neutron neutron_service_type: network neutron_service_description: "OpenStack Networking" neutron_service_port: 9696 neutron_service_proto: http neutron_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(neutron_service_proto) }}" neutron_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(neutron_service_proto) }}" neutron_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(neutron_service_proto) }}" neutron_service_publicuri: "{{ neutron_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}" neutron_service_publicurl: "{{ neutron_service_publicuri }}" neutron_service_adminuri: "{{ neutron_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}" neutron_service_adminurl: "{{ neutron_service_adminuri }}" neutron_service_internaluri: "{{ neutron_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}" neutron_service_internalurl: "{{ neutron_service_internaluri }}" neutron_service_region: RegionOne ## Keystone authentication middleware neutron_keystone_auth_plugin: password ## Agent neutron_external_network_bridge: "" neutron_gateway_external_network_id: "" neutron_agent_down_time: 120 neutron_agent_polling_interval: 5 neutron_report_interval: "{{ neutron_agent_down_time | int / 2 | int }}" # L3HA configuration options. neutron_ha_vrrp_auth_type: PASS neutron_l3_ha_net_cidr: 169.254.192.0/18 # DHCP AGENT CONFIG neutron_dhcp_config: log-facility: "/var/log/neutron/neutron-dnsmasq.log" _neutron_non_tunnel_types: - flat - vlan - local # ml2 network type drivers to load neutron_ml2_drivers_type: "flat,vlan,vxlan,local" # Tunnel network types used by the OVS agent neutron_tunnel_types: "{{ neutron_ml2_drivers_type.split(',') | difference(_neutron_non_tunnel_types) | join(',') }}" # Enable or disable L2 Population. neutron_l2_population: "False" ## The neutron multicast group address. This should be set as a host variable if used. ## This defaults to the multicast address "239.1.1.1" # neutron_vxlan_group: 239.1.1.100 neutron_vxlan_group: "239.1.1.1" ## Set this variable to configure the provider networks that will be available ## When setting up networking in things like the ml2_conf.ini file. Normally ## this will be defined as a host variable used within neutron as network configuration ## are likely to differ in between hosts. # neutron_provider_networks: # network_flat_networks: "flat" # network_mappings: "flat:eth12,vlan:eth11" # network_types: "vxlan,flat,vlan" # network_vlan_ranges: "vlan:1:1,vlan:1024:1025" # network_vxlan_ranges: "1:1000" neutron_vxlan_enabled: true neutron_dhcp_domain: openstacklocal # Comma-separated list of DNS servers which will be used by dnsmasq as forwarders. neutron_dnsmasq_dns_servers: "" # Limit number of leases to prevent a denial-of-service. neutron_dnsmasq_lease_max: 16777216 # If ``neutron_num_sync_threads`` is unset, the system will use the value of api_workers calculated # in templates/dhcp_agent.ini.j2 for num_sync_threads. # neutron_num_sync_threads: 4 ## RPC neutron_rpc_backend: rabbit neutron_rpc_thread_pool_size: 64 neutron_rpc_conn_pool_size: 30 neutron_rpc_response_timeout: 60 neutron_rpc_workers: 1 neutron_service_in_ldap: false ## Policy vars # Provide a list of access controls to update the default policy.json with. These changes will be merged # with the access controls in the default policy.json. E.g. #neutron_policy_overrides: # "create_subnet": "rule:admin_or_network_owner" # "get_subnet": "rule:admin_or_owner or rule:shared" # neutron_local_ip is used for the VXLAN local tunnel endpoint neutron_local_ip: 127.0.0.1 # Toggle the use of Ubuntu Cloud Archive neutron_uca_enable: True # Ubuntu Cloud Archive mirror URL uca_apt_repo_url: "http://ubuntu-cloud.archive.canonical.com/ubuntu" # When running in an AIO, we need to implement an iptables rule in any # neutron_agent containers to that ensure instances can communicate with # the neutron metadata service. This is necessary because in an AIO # environment there are no physical interfaces involved in instance -> # metadata requests, and this results in the checksums being incorrect. neutron_metadata_checksum_fix: False # neutron packages that must be installed before anything else neutron_requires_pip_packages: - virtualenv - virtualenv-tools - python-keystoneclient # Keystoneclient needed to OSA keystone lib - httplib2 neutron_pip_packages: - configobj - cliff - keystonemiddleware - PyMySQL - neutron - neutron_fwaas - neutron_lbaas - neutron_vpnaas - pycrypto - python-glanceclient - python-keystoneclient - python-memcached - python-neutronclient - python-novaclient - repoze.lru neutron_optional_plumgrid_pip_packages: - networking-plumgrid==2015.2.1.1 neutron_proprietary_nuage_pip_packages: - nuage-openstack-neutron - nuage-openstack-neutronclient - nuagenetlib # This variable is used by the repo_build process to determine # which host group to check for members of before building the # pip packages required by this role. The value is picked up # by the py_pkgs lookup. neutron_role_project_group: neutron_all ## Tunable overrides neutron_neutron_conf_overrides: {} neutron_ml2_conf_ini_overrides: {} neutron_plumgrid_conf_ini_overrides: {} neutron_plumlib_ini_overrides: {} neutron_nuage_conf_ini_overrides: {} neutron_dhcp_agent_ini_overrides: {} neutron_api_paste_ini_overrides: {} neutron_rootwrap_conf_overrides: {} neutron_policy_overrides: {} neutron_dnsmasq_neutron_conf_overrides: {} neutron_l3_agent_ini_overrides: {} neutron_metadata_agent_ini_overrides: {} neutron_metering_agent_ini_overrides: {} neutron_linuxbridge_agent_ini_overrides: {} neutron_lbaas_agent_ini_overrides: {} neutron_vpnaas_agent_ini_overrides: {} neutron_openvswitch_agent_ini_overrides: {}