--- # Copyright 2017, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ### ### Open vSwitch ### neutron_needs_openvswitch: >- {{ (neutron_services['neutron-openvswitch-agent']['group'] in group_names and neutron_services['neutron-openvswitch-agent'].service_en | bool) or (neutron_services['neutron-ovn-northd']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool) or (neutron_services['neutron-ovn-controller']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool) or ((neutron_services['neutron-server']['group'] not in group_names) and neutron_plugin_type == 'ml2.opendaylight') }} # Set the Calico Felix agent executable destination path calico_felix_bin: /usr/local/bin/calico-felix ### ### Python code details ### neutron_pip_packages: - neutron - osprofiler - PyMySQL - python-memcached - systemd-python # Specific pip packages provided by the user neutron_user_pip_packages: [] neutron_optional_oslomsg_amqp1_pip_packages: - oslo.messaging[amqp1] neutron_optional_bgp_pip_packages: - neutron_dynamic_routing neutron_optional_calico_pip_packages: - networking-calico - python-etcd neutron_optional_fwaas_pip_packages: - neutron_fwaas neutron_optional_vpnaas_pip_packages: - neutron_vpnaas neutron_optional_opendaylight_pip_packages: - networking-odl - ceilometer - networking-bgpvpn neutron_optional_sfc_pip_packages: - networking-sfc neutron_proprietary_nuage_pip_packages: - nuage-openstack-neutron - nuage-openstack-neutronclient - nuagenetlib neutron_optional_ovn_pip_packages: - networking-ovn neutron_venv_packages: >- {%- set pkg_list = neutron_pip_packages | union(neutron_user_pip_packages) %} {%- if neutron_bgp | bool %} {%- set _ = pkg_list.extend(neutron_optional_bgp_pip_packages) %} {%- endif %} {%- if (neutron_fwaas | bool) or (neutron_fwaas_v2 | bool) %} {%- set _ = pkg_list.extend(neutron_optional_fwaas_pip_packages) %} {%- endif %} {%- if neutron_vpnaas | bool %} {%- set _ = pkg_list.extend(neutron_optional_vpnaas_pip_packages) %} {%- endif %} {%- if neutron_sfc | bool %} {%- set _ = pkg_list.extend(neutron_optional_sfc_pip_packages) %} {%- endif %} {%- if neutron_oslomsg_amqp1_enabled | bool %} {%- set _ = pkg_list.extend(neutron_optional_oslomsg_amqp1_pip_packages) %} {%- endif %} {%- if (neutron_plugin_type.split('.')[-1] == 'calico') and ((neutron_services['neutron-server']['group'] in group_names) or (neutron_services['calico-felix']['group'] in group_names) or (neutron_services['calico-dhcp-agent']['group'] in group_names)) %} {%- set _ = pkg_list.extend(neutron_optional_calico_pip_packages) %} {%- endif %} {%- if (neutron_plugin_type.split('.')[-1] == 'nuage') and (neutron_services['neutron-server']['group'] in group_names) %} {%- set _ = pkg_list.extend(neutron_optional_nuage_pip_packages) %} {%- endif %} {%- if neutron_plugin_type.split('.')[-1] == 'opendaylight' %} {%- set _ = pkg_list.extend(neutron_optional_opendaylight_pip_packages) %} {%- if 'sfc' in neutron_plugin_base %} {%- set _ = pkg_list.extend(neutron_optional_sfc_pip_packages) %} {%- endif %} {%- endif %} {%- if (neutron_plugin_type.split('.')[-1] == 'ovn') and ((neutron_services['neutron-server']['group'] in group_names) or (neutron_services['neutron-ovn-northd']['group'] in group_names) or (neutron_services['neutron-ovn-controller']['group'] in group_names)) %} {%- set _ = pkg_list.extend(neutron_optional_ovn_pip_packages) %} {%- endif %} {{- pkg_list | unique }} ### ### Generic Neutron Config ### neutron_conf_dir: /etc/neutron neutron_lock_path: "/var/lock/neutron" neutron_system_user_name: neutron neutron_system_group_name: neutron neutron_system_comment: neutron system user neutron_system_shell: /bin/false neutron_system_home_folder: "/var/lib/{{ neutron_system_user_name }}" ### ### DB (Galera) integration ### neutron_db_config: "{{ neutron_conf_dir }}/neutron.conf" neutron_db_plugin: "{{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}" ### ### Telemetry integration ### # Please add 'metering' to the neutron_plugin_base list #TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services.metering.metering_plugin.MeteringPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}" ### ### Neutron Plugins ### neutron_plugin_core: "{{ neutron_plugins[neutron_plugin_type].plugin_core }}" neutron_plugins: ml2.lxb: driver_firewall: iptables driver_interface: linuxbridge drivers_type: "{{ neutron_ml2_drivers_type }}" l2_population: "{{ neutron_l2_population }}" mechanisms: "linuxbridge" l3_agent_mode: "legacy" plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: ml2 plugin_ini: plugins/ml2/ml2_conf.ini ml2.ovs: driver_firewall: iptables_hybrid driver_interface: openvswitch drivers_type: "{{ neutron_ml2_drivers_type }}" l2_population: "{{ neutron_l2_population }}" mechanisms: "openvswitch" l3_agent_mode: "legacy" plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: ml2 plugin_ini: plugins/ml2/ml2_conf.ini ml2.ovs.dvr: driver_firewall: iptables_hybrid driver_interface: openvswitch drivers_type: "{{ neutron_ml2_drivers_type }}" l2_population: "{{ neutron_l2_population }}" mechanisms: "openvswitch" l3_agent_mode: "{% if 'nova_compute' in group_names %}dvr{% else %}dvr_snat{% endif %}" router_distributed: True plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: ml2 plugin_ini: plugins/ml2/ml2_conf.ini ml2.calico: drivers_type: "flat, local" mechanisms: "calico" plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: ml2 plugin_ini: plugins/ml2/ml2_conf.ini nuage: plugin_core: nuage_neutron.plugins.nuage.plugin.NuagePlugin plugin_ini: plugins/nuage/nuage.ini plugin_conf_ini_overrides: "{{ neutron_nuage_conf_ini_overrides }}" ml2.sriov: driver_types: "{{ neutron_ml2_drivers_type }}" mechanisms: "sriovnicswitch" plugin_ini: plugins/ml2/sriov_nic_agent.ini plugin_conf_ini_overrides: "{{ neutron_sriov_nic_agent_ini_overrides }}" ml2.opendaylight: drivers_type: "local,flat,vlan,gre,vxlan" mechanisms: "opendaylight_v2" plugin_conf_ini_overrides: "{{ neutron_opendaylight_conf_ini_overrides }}" plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin plugin_ini: plugins/ml2/ml2_conf.ini driver_interface: "openvswitch" l3_agent_mode: "legacy" ml2.ovn: drivers_type: "{{ neutron_ml2_drivers_type }}" mechanisms: "ovn" plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: ml2 plugin_ini: plugins/ml2/ml2_conf.ini ### ### ML2 Plugin Configuration ### neutron_ml2_mechanism_drivers: >- {%- set _var = [] -%} {%- for plugin in [neutron_plugin_type]|union(neutron_plugin_types) -%} {%- if _var.append(neutron_plugins[plugin].mechanisms) -%}{%- endif -%} {%- endfor -%} {%- if neutron_l2_population | bool -%} {%- if _var.append('l2population') -%}{%- endif -%} {%- endif -%} {{ _var | join(',') }} # OVS _neutron_non_tunnel_types: - flat - vlan - local # Tunnel network types used by the OVS agent neutron_tunnel_types: "{{ neutron_ml2_drivers_type.split(',') | difference(_neutron_non_tunnel_types) | join(',') }}" # OpenDaylight opendaylight_extra_features: |- {%- set features = ['odl-netvirt-openstack'] -%} {%- if 'sfc' in neutron_plugin_base -%} {%- set features = ['odl-netvirt-sfc'] -%} {%- endif -%} {{ features }} opendaylight_install_method: "{{ (ansible_os_family=='Debian') | ternary('deb_repo', 'rpm_repo') }}" ovs_manager_list: |- {% set ovs_managers_odls = [] %} {% for odl_ip_address in groups[neutron_services['neutron-server']['group']] | map('extract', hostvars, 'ansible_host') | list -%} {% set _ = ovs_managers_odls.append('tcp:' ~ odl_ip_address ~ ':6640') %} {%- endfor %} {{ ovs_managers_odls | join(' ') }} ### ### L3 Agent Plugin Configuration ### ## Please add 'router' to the neutron_plugin_base list #TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle # Should the neutron-l3-agent service should be enabled on the host neutron_l3: "{% if 'router' in neutron_plugin_base or 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' in neutron_plugin_base or 'df-l3' in neutron_plugin_base %}True{% else %}False{% endif %}" ### ### DHCP Agent Plugin Configuration ### neutron_dhcp: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}" ### ### Metadata Agent Plugin Configuration ### neutron_metadata: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}" ### ### FWaaS Plugin Configuration ### # Please add the 'firewall' to the neutron_plugin_base list neutron_fwaas: "{{ ('firewall' in neutron_plugin_base) | ternary('True', 'False') }}" neutron_fwaas_v2: "{{ ('firewall_v2' in neutron_plugin_base) | ternary('True', 'False') }}" ### ### VPNaaS Plugin Configuration ### # Please add the 'vpnaas' to the neutron_plugin_base list neutron_vpnaas: "{% if 'vpnaas' in neutron_plugin_base %}True{% else %}False{% endif %}" ## Neutron Dynamic Routing Agent's BGP Plugin Configuration # To enable the BGP plugin, add the following item to the neutron_plugin_base list: # neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin # # NOTE(matias): BgpPlugin doesn't have entry points and the full classpath # is required. neutron_bgp: "{% if 'neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}" neutron_bgp_speaker_driver: neutron_dynamic_routing.services.bgp.agent.driver.os_ken.driver.OsKenBgpDriver neutron_bgp_router_id: "{{ neutron_local_ip }}" ### ### port_forwarding ### neutron_port_forwarding: "{{ ('port_forwarding' in neutron_plugin_base) | ternary('True', 'False') }}" ### ### Service Function Chaining ### neutron_sfc: "{{ ('sfc' in neutron_plugin_base) | ternary('True', 'False') }}" ### ### Services info ### # # Compile a list of the services on a host based on whether # the host is in the host group and the service is enabled. # The service list is provided in the defined start order. # filtered_neutron_services: |- {% set services = [] %} {% for key, value in neutron_services.items() %} {% if (value['group'] in group_names) and (('service_en' not in value) or ('service_en' in value and value['service_en'])) %} {% set _ = value.update({'service_key': key}) %} {% set _ = services.append(value) %} {% endif %} {% endfor %} {{ services | sort(attribute='start_order') }} ### ### Internals: neutron_services mappings ### neutron_services: neutron-dhcp-agent: group: neutron_dhcp_agent service_name: neutron-dhcp-agent service_en: "{{ neutron_dhcp | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: dhcp_agent.ini service_rootwrap: rootwrap.d/dhcp.filters execstarts: "{{ neutron_bin }}/neutron-dhcp-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/dhcp_agent.ini" config_overrides: "{{ neutron_dhcp_agent_ini_overrides }}" config_type: "ini" init_config_overrides: "{{ neutron_dhcp_agent_init_overrides }}" start_order: 3 neutron-openvswitch-agent: group: neutron_openvswitch_agent service_name: neutron-openvswitch-agent service_en: "{{ neutron_plugin_type in ['ml2.ovs', 'ml2.ovs.dvr'] }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: plugins/ml2/openvswitch_agent.ini service_rootwrap: rootwrap.d/openvswitch-plugin.filters execstarts: "{{ neutron_bin }}/neutron-openvswitch-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/openvswitch_agent.ini" config_overrides: "{{ neutron_openvswitch_agent_ini_overrides }}" config_type: "ini" init_config_overrides: "{{ neutron_openvswitch_agent_init_overrides }}" start_order: 2 neutron-linuxbridge-agent: group: neutron_linuxbridge_agent service_name: neutron-linuxbridge-agent service_en: "{{ neutron_plugin_type == 'ml2.lxb' }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: plugins/ml2/linuxbridge_agent.ini service_rootwrap: rootwrap.d/linuxbridge-plugin.filters execstarts: "{{ neutron_bin }}/neutron-linuxbridge-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/linuxbridge_agent.ini" config_overrides: "{{ neutron_linuxbridge_agent_ini_overrides }}" config_type: "ini" init_config_overrides: "{{ neutron_linuxbridge_agent_init_overrides }}" start_order: 2 neutron-metadata-agent: group: neutron_metadata_agent service_name: neutron-metadata-agent service_en: "{{ neutron_metadata | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: metadata_agent.ini execstarts: "{{ neutron_bin }}/neutron-metadata-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metadata_agent.ini" config_overrides: "{{ neutron_metadata_agent_ini_overrides }}" config_type: "ini" init_config_overrides: "{{ neutron_metadata_agent_init_overrides }}" start_order: 3 neutron-metering-agent: group: neutron_metering_agent service_name: neutron-metering-agent service_en: "{{ neutron_metering | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: metering_agent.ini execstarts: "{{ neutron_bin }}/neutron-metering-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metering_agent.ini" config_overrides: "{{ neutron_metering_agent_ini_overrides }}" config_type: "ini" init_config_overrides: "{{ neutron_metering_agent_init_overrides }}" # Other agents will use neutron_plugins[neutron_plugin_type].driver_interface # for the interface_driver, but that uses a stevedore alias. Metering agent # hasn't been updated to use stevedore alises so that fails. To work around # the problem until metering agent is updated, we should use the full # module.class path to the interface driver. # TODO(hughsaunders): switch back to stevedore when # https://review.openstack.org/#/c/419881/ merges and is backported. interface_driver: neutron.agent.linux.interface.BridgeInterfaceDriver start_order: 3 neutron-l3-agent: group: neutron_l3_agent service_name: neutron-l3-agent service_en: "{{ neutron_l3 | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: l3_agent.ini service_rootwrap: rootwrap.d/l3.filters environment: PATH: "{{ neutron_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" execstarts: "{{ neutron_bin }}/neutron-l3-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/l3_agent.ini" config_overrides: "{{ neutron_l3_agent_ini_overrides }}" config_type: "ini" init_config_overrides: "{{ neutron_l3_agent_init_overrides }}" start_order: 3 neutron-bgp-dragent: group: neutron_bgp_dragent service_name: neutron-bgp-dragent service_en: "{{ neutron_bgp | bool }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: bgp_dragent.ini execstarts: "{{ neutron_bin }}/neutron-bgp-dragent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/bgp_dragent.ini" config_overrides: "{{ neutron_bgp_dragent_ini_overrides }}" config_type: "ini" init_config_overrides: "{{ neutron_bgp_dragent_init_overrides }}" start_order: 3 # TODO(mnaser): neutron-vpnaas-agent binary was dropped in Queens # and replaced by a plugin to neutron-l3-agent. We missed # this in Queens, so let's remove this in T to disable # the service. neutron-vpnaas-agent: group: neutron_l3_agent service_name: neutron-vpn-agent service_en: false service_conf_path: "{{ neutron_conf_dir }}" service_conf: vpnaas_agent.ini service_rootwrap: rootwrap.d/vpnaas.filters execstarts: "{{ neutron_bin }}/neutron-vpn-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/vpnaas_agent.ini" config_overrides: "{{ neutron_vpnaas_agent_ini_overrides }}" config_type: "ini" init_config_overrides: "{{ neutron_vpn_agent_init_overrides }}" start_order: 3 neutron-server: group: neutron_server service_name: neutron-server service_en: True execstarts: "{{ neutron_bin }}/neutron-server --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}" init_config_overrides: "{{ neutron_server_init_overrides }}" start_order: 1 calico-felix: group: neutron_calico_dhcp_agent systemd_user_name: root systemd_group_name: root service_name: calico-felix service_en: "{{ neutron_plugin_type == 'ml2.calico' }}" service_conf_path: /etc/calico service_conf: felix.cfg execstarts: "{{ calico_felix_bin }} --config-file /etc/calico/felix.cfg" config_overrides: "{{ neutron_calico_felix_ini_overrides }}" config_type: "ini" init_config_overrides: "{{ neutron_calico_felix_init_overrides }}" start_order: 3 calico-dhcp-agent: group: neutron_calico_dhcp_agent systemd_user_name: root systemd_group_name: root service_name: calico-dhcp-agent service_en: "{{ neutron_plugin_type == 'ml2.calico' }}" service_rootwrap: rootwrap.d/dhcp.filters execstarts: "{{ neutron_bin }}/calico-dhcp-agent --config-file {{ neutron_conf_dir }}/neutron.conf" config_overrides: "{{ neutron_calico_dhcp_agent_ini_overrides }}" config_type: "ini" init_config_overrides: "{{ neutron_calico_dhcp_agent_init_overrides }}" start_order: 3 neutron-sriov-nic-agent: group: neutron_sriov_nic_agent service_name: neutron-sriov-nic-agent service_en: "{{ 'ml2.sriov' in neutron_plugin_types }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: plugins/ml2/sriov_nic_agent.ini execstarts: "{{ neutron_bin }}/neutron-sriov-nic-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/sriov_nic_agent.ini" config_overrides: "{{ neutron_sriov_nic_agent_ini_overrides }}" config_type: "ini" init_config_overrides: "{{ neutron_sriov_nic_agent_init_overrides }}" start_order: 3 neutron-ovn-northd: group: neutron_ovn_northd service_en: False neutron-ovn-controller: group: neutron_ovn_controller service_en: False networking-ovn-metadata-agent: group: neutron_ovn_controller systemd_user_name: root systemd_group_name: root service_name: networking-ovn-metadata-agent service_en: "{{ neutron_plugin_type == 'ml2.ovn' }}" service_conf_path: "{{ neutron_conf_dir }}" service_conf: networking_ovn_metadata_agent.ini service_rootwrap: rootwrap.d/ovn-plugin.filters execstarts: "{{ neutron_bin }}/networking-ovn-metadata-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/networking_ovn_metadata_agent.ini" config_overrides: "{{ neutron_ovn_metadata_agent_ini_overrides }}" config_type: "ini" init_config_overrides: "{{ neutron_ovn_metadata_agent_init_overrides }}" start_order: 3 ### ### Internals: Drivers mappings ### neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler neutron_driver_metering: neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver neutron_driver_dhcp: neutron.agent.linux.dhcp.Dnsmasq neutron_driver_quota: neutron.db.quota.driver.DbQuotaDriver ### ### Internals: py_pkgs ### # This variable is used by the repo_build process to determine # which host group to check for members of before building the # pip packages required by this role. The value is picked up # by the py_pkgs lookup. neutron_role_project_group: neutron_all ### ### Internals: files central to neutron we can override ### neutron_core_files: - tmp_f: "/tmp/api-paste.ini.original" target_f: "{{ neutron_conf_dir }}/api-paste.ini" config_overrides: "{{ _neutron_api_paste_ini_overrides | combine(neutron_api_paste_ini_overrides, recursive=True) }}" config_type: "ini" - tmp_f: "/tmp/rootwrap.conf.original" target_f: "{{ neutron_conf_dir }}/rootwrap.conf" config_overrides: "{{ _neutron_rootwrap_conf_overrides | combine(neutron_rootwrap_conf_overrides, recursive=True) }}" config_type: "ini" owner: "root" group: "{{ neutron_system_group_name }}" mode: "0640"