--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Defines that the role will be deployed on a host machine is_metal: true ## Verbosity Options debug: False verbose: True ## APT Cache options cache_timeout: 600 neutron_git_repo: https://git.openstack.org/openstack/neutron neutron_git_install_branch: master neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas neutron_fwaas_git_install_branch: master neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas neutron_lbaas_git_install_branch: master neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas neutron_vpnaas_git_install_branch: master neutron_requirements_git_repo: https://git.openstack.org/openstack/requirements neutron_requirements_git_install_branch: master neutron_developer_mode: false neutron_developer_constraints: - "git+{{ neutron_git_repo }}@{{ neutron_git_install_branch }}#egg=neutron" - "git+{{ neutron_fwaas_git_repo }}@{{ neutron_fwaas_git_install_branch }}#egg=neutron-fwaas" - "git+{{ neutron_lbaas_git_repo }}@{{ neutron_lbaas_git_install_branch }}#egg=neutron-lbaas" - "git+{{ neutron_vpnaas_git_repo }}@{{ neutron_vpnaas_git_install_branch }}#egg=neutron-vpnaas" # Name of the virtual env to deploy into neutron_venv_tag: untagged neutron_venv_bin: "/openstack/venvs/neutron-{{ neutron_venv_tag }}/bin" # Set this to enable or disable installing in a venv neutron_venv_enabled: true # The bin path defaults to the venv path however if installation in a # venv is disabled the bin path will be dynamically set based on the # system path used when the installing. neutron_bin: "{{ neutron_venv_bin }}" neutron_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/neutron.tgz # Set the lib dir path to that of the local python path where neutron is installed. # This is used for role access to the db migrations. # Example: # neutron_lib_dir: "/usr/local/lib/python2.7/dist-packages/" neutron_venv_lib_dir: "{{ neutron_bin | dirname }}/lib/python2.7/site-packages/" neutron_non_venv_lib_dir: "/usr/local/lib/python2.7/dist-packages/" neutron_lib_dir: "{{ (neutron_venv_enabled | bool) | ternary(neutron_venv_lib_dir, neutron_non_venv_lib_dir) }}" # Enable/Disable Ceilometer neutron_ceilometer_enabled: False # Fatal Deprecations neutron_fatal_deprecations: False ## neutron User / Group neutron_system_user_name: neutron neutron_system_group_name: neutron neutron_system_comment: neutron system user neutron_system_shell: /bin/false neutron_system_home_folder: "/var/lib/{{ neutron_system_user_name }}" ## DB neutron_galera_user: neutron neutron_galera_database: neutron neutron_db_config: /etc/neutron/neutron.conf neutron_db_plugin: "/etc/neutron/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}" neutron_db_max_overflow: 20 neutron_db_pool_size: 120 neutron_db_pool_timeout: 30 ## RabbitMQ info neutron_rabbitmq_userid: neutron neutron_rabbitmq_vhost: /neutron ## Plugins neutron_plugin_core: "{{ neutron_plugins[neutron_plugin_type].plugin_core }}" # Other plugins can be added to the system by simply extending the list `neutron_plugin_base`. # neutron_plugin_base: # - router # - firewall # - lbaas # - lbaasv2 # - vpnaas # - metering # - qos neutron_plugin_base: - router - metering neutron_plugin_loaded_base: "{% for plugin in neutron_plugin_base %}{{ plugin }}{% if not loop.last %},{% endif %}{% endfor %}" # Neutron Plugins neutron_plugin_type: ml2 neutron_plugins: ml2: plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin plugin_ini: plugins/ml2/ml2_conf.ini plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plumgrid: plugin_core: networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2 plugin_ini: plugins/plumgrid/plumgrid.ini plugin_conf_ini_overrides: "{{ neutron_plumgrid_conf_ini_overrides }}" nuage: plugin_core: neutron.plugins.nuage.plugin.NuagePlugin plugin_ini: plugins/nuage/nuage.ini plugin_conf_ini_overrides: "{{ neutron_nuage_conf_ini_overrides }}" neutron_services: neutron-dhcp-agent: group: neutron_dhcp_agent service_name: neutron-dhcp-agent service_en: True service_conf: dhcp_agent.ini service_group: neutron_agent service_rootwrap: rootwrap.d/dhcp.filters config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini config_overrides: "{{ neutron_dhcp_agent_ini_overrides }}" config_type: "ini" neutron-linuxbridge-agent: group: neutron_linuxbridge_agent service_name: neutron-linuxbridge-agent service_en: True service_conf: plugins/ml2/linuxbridge_agent.ini service_group: neutron_linuxbridge_agent service_rootwrap: rootwrap.d/linuxbridge-plugin.filters config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini config_overrides: "{{ neutron_linuxbridge_agent_ini_overrides }}" config_type: "ini" neutron-metadata-agent: group: neutron_metadata_agent service_name: neutron-metadata-agent service_en: True service_conf: metadata_agent.ini service_group: neutron_agent config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini config_overrides: "{{ neutron_metadata_agent_ini_overrides }}" config_type: "ini" neutron-metering-agent: group: neutron_metering_agent service_name: neutron-metering-agent service_en: "{{ neutron_metering }}" service_conf: metering_agent.ini service_group: neutron_agent config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metering_agent.ini config_overrides: "{{ neutron_metering_agent_ini_overrides }}" config_type: "ini" neutron-l3-agent: group: neutron_l3_agent service_name: neutron-l3-agent service_en: "{{ neutron_l3 }}" service_conf: l3_agent.ini service_group: neutron_agent service_rootwrap: rootwrap.d/l3.filters config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini config_overrides: "{{ neutron_l3_agent_ini_overrides }}" config_type: "ini" neutron-lbaas-agent: group: neutron_lbaas_agent service_name: neutron-lbaas-agent service_en: "{{ neutron_lbaas }}" service_conf: lbaas_agent.ini service_group: neutron_agent service_rootwrap: rootwrap.d/lbaas-haproxy.filters config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/lbaas_agent.ini config_overrides: "{{ neutron_lbaas_agent_ini_overrides }}" config_type: "ini" neutron-lbaasv2-agent: group: neutron_lbaas_agent service_name: neutron-lbaasv2-agent service_en: "{{ neutron_lbaasv2 }}" service_conf: lbaas_agent.ini service_group: neutron_agent service_rootwrap: rootwrap.d/lbaas-haproxy.filters config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/lbaas_agent.ini config_overrides: "{{ neutron_lbaas_agent_ini_overrides }}" config_type: "ini" neutron-vpnaas-agent: group: neutron_l3_agent service_name: neutron-vpnaas-agent service_en: "{{ neutron_vpnaas }}" service_conf: vpnaas_agent.ini service_group: neutron_agent service_rootwrap: rootwrap.d/vpnaas.filters config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/vpnaas_agent.ini config_overrides: "{{ neutron_vpnaas_agent_ini_overrides }}" config_type: "ini" neutron-server: group: neutron_server service_name: neutron-server service_en: True service_group: neutron_server config_options: "--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}" ## Neutron LBaaS # See documentation section titled "Configuring the Network Load Balacing # Service (Optional)" for more details. # # To enable LBaaS v1, add 'lbaas' to neutron_plugin_base list. # To enable LBaaS v2, add 'lbaasv2' to neutron_plugin_base list # TODO(odyssey4me): Remove the classpath from this conditional in the Newton cycle. neutron_lbaas: "{% if 'lbaas' in neutron_plugin_base or 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}" neutron_lbaasv2: "{% if 'lbaasv2' in neutron_plugin_base or 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2' in neutron_plugin_base %}True{% else %}False{% endif %}" ## Neutron L3 ## Please add 'router' to the neutron_plugin_base list #TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle neutron_l3: "{% if 'router' in neutron_plugin_base or 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}" ## Neutron Metering # Please add 'metering' to the neutron_plugin_base list #TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services.metering.metering_plugin.MeteringPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}" ## Neutron FWaaS # Please add the 'firewall' to the neutron_plugin_base list neutron_fwaas: "{% if 'firewall' in neutron_plugin_base %}True{% else %}False{% endif %}" ## Neutron VPNaaS # Please add the 'vpnaas' to the neutron_plugin_base list neutron_vpnaas: "{% if 'vpnaas' in neutron_plugin_base %}True{% else %}False{% endif %}" ## Drivers neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler neutron_driver_loadbalancer_pool_scheduler: neutron_lbaas.services.loadbalancer.agent_scheduler.ChanceScheduler neutron_driver_interface: neutron.agent.linux.interface.BridgeInterfaceDriver neutron_driver_metering: neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver neutron_driver_dhcp: neutron.agent.linux.dhcp.Dnsmasq neutron_driver_quota: neutron.db.quota.driver.DbQuotaDriver neutron_driver_firewall: neutron.agent.linux.iptables_firewall.IptablesFirewallDriver neutron_driver_vpnaas: neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver ## Quotas neutron_default_quota: -1 neutron_quota_floatingip: 50 neutron_quota_health_monitor: -1 neutron_quota_member: -1 neutron_quota_network: 10 neutron_quota_network_gateway: 5 neutron_quota_packet_filter: 100 neutron_quota_pool: 10 neutron_quota_port: 50 neutron_quota_router: 10 neutron_quota_security_group: 10 neutron_quota_security_group_rule: 100 neutron_quota_subnet: 10 neutron_quota_vip: 10 ## General Neutron configuration # If ``neutron_api_workers`` is unset the system will use half the number of available VCPUs to # compute the number of api workers to use. # neutron_api_workers: 16 # If ``neutron_metadata_workers`` is unset the system will use half the number of available VCPUs to # compute the number of api workers to use. # neutron_metadata_workers: 16 neutron_metadata_backlog: 128 ## Auth neutron_service_project_name: service neutron_service_project_domain_id: default neutron_service_user_domain_id: default neutron_service_role_name: admin neutron_service_user_name: neutron neutron_service_name: neutron neutron_service_type: network neutron_service_description: "OpenStack Networking" neutron_service_port: 9696 neutron_service_proto: http neutron_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(neutron_service_proto) }}" neutron_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(neutron_service_proto) }}" neutron_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(neutron_service_proto) }}" neutron_service_publicuri: "{{ neutron_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}" neutron_service_publicurl: "{{ neutron_service_publicuri }}" neutron_service_adminuri: "{{ neutron_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}" neutron_service_adminurl: "{{ neutron_service_adminuri }}" neutron_service_internaluri: "{{ neutron_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}" neutron_service_internalurl: "{{ neutron_service_internaluri }}" neutron_service_region: RegionOne ## Keystone authentication middleware neutron_keystone_auth_plugin: password ## Agent neutron_external_network_bridge: "" neutron_gateway_external_network_id: "" neutron_agent_mode: legacy neutron_agent_down_time: 120 neutron_agent_polling_interval: 5 neutron_report_interval: "{{ neutron_agent_down_time | int / 2 | int }}" neutron_network_device_mtu: 1450 # L3HA configuration options. neutron_ha_vrrp_auth_type: PASS neutron_l3_ha_net_cidr: 169.254.192.0/18 # DHCP AGENT CONFIG neutron_dhcp_config: dhcp-option-force: "26,1450" log-facility: "/var/log/neutron/neutron-dnsmasq.log" # Types of networks supported by the ml2 plugin neutron_ml2_drivers_type: "flat,vlan,vxlan,local" neutron_ml2_mechanism_drivers: "linuxbridge,l2population" # Enable or disable L2 Population. neutron_l2_population: "False" ## Set this to configure overlay networks. The default is set as an empty hash. # neutron_overlay_network: # address: "172.29.241.248" # bridge: "br-vxlan" # interface: "eth10" # netmask: "255.255.252.0" # type: "veth" neutron_overlay_network: {} ## The neutron multicast group address. This should be set as a host variable if used. ## This defaults to an empty string # neutron_vxlan_group: 239.1.1.100 neutron_vxlan_group: "239.1.1.1" ## Set this variable to configure the provider networks that will be available ## When setting up networking in things like the ml2_conf.ini file. Normally ## this will be defined as a host variable used within neutron as network configuration ## are likely to differ in between hosts. # neutron_provider_networks: # network_flat_networks: "flat" # network_mappings: "flat:eth12,vlan:eth11" # network_types: "vxlan,flat,vlan" # network_vlan_ranges: "vlan:1:1,vlan:1024:1025" # network_vxlan_ranges: "1:1000" neutron_vxlan_enabled: true neutron_dhcp_domain: openstacklocal # Comma-separated list of DNS servers which will be used by dnsmasq as forwarders. neutron_dnsmasq_dns_servers: "" # Limit number of leases to prevent a denial-of-service. neutron_dnsmasq_lease_max: 16777216 # If ``neutron_num_sync_threads`` is unset, the system will use the value of api_workers calculated # in templates/dhcp_agent.ini.j2 for num_sync_threads. # neutron_num_sync_threads: 4 ## RPC neutron_rpc_backend: rabbit neutron_rpc_thread_pool_size: 64 neutron_rpc_conn_pool_size: 30 neutron_rpc_response_timeout: 60 neutron_rpc_workers: 1 neutron_service_in_ldap: false ## Policy vars # Provide a list of access controls to update the default policy.json with. These changes will be merged # with the access controls in the default policy.json. E.g. #neutron_policy_overrides: # "create_subnet": "rule:admin_or_network_owner" # "get_subnet": "rule:admin_or_owner or rule:shared" # neutron_local_ip is used for the VXLAN local tunnel endpoint neutron_local_ip: 127.0.0.1 neutron_apt_packages: - conntrack - dnsmasq-base - dnsmasq-utils - ebtables - ipset - iputils-arping - keepalived - libpq-dev - radvd neutron_lbaas_apt_packages: - haproxy neutron_vpnaas_apt_packages: - openswan neutron_apt_remove_packages: - conntrackd # neutron packages that must be installed before anything else neutron_requires_pip_packages: - virtualenv - virtualenv-tools - python-keystoneclient # Keystoneclient needed to OSA keystone lib - httplib2 neutron_pip_packages: - configobj - cliff - keystonemiddleware - PyMySQL - neutron - neutron_fwaas - neutron_lbaas - neutron_vpnaas - pycrypto - python-glanceclient - python-keystoneclient - python-memcached - python-neutronclient - python-novaclient - repoze.lru neutron_optional_plumgrid_pip_packages: - networking-plumgrid==2015.2.1.1 neutron_proprietary_nuage_pip_packages: - nuage-openstack-neutron - nuage-openstack-neutronclient - nuagenetlib ## Tunable overrides neutron_neutron_conf_overrides: {} neutron_ml2_conf_ini_overrides: {} neutron_plumgrid_conf_ini_overrides: {} neutron_plumlib_ini_overrides: {} neutron_nuage_conf_ini_overrides: {} neutron_dhcp_agent_ini_overrides: {} neutron_api_paste_ini_overrides: {} neutron_rootwrap_conf_overrides: {} neutron_policy_overrides: {} neutron_dnsmasq_neutron_conf_overrides: {} neutron_l3_agent_ini_overrides: {} neutron_metadata_agent_ini_overrides: {} neutron_metering_agent_ini_overrides: {} neutron_linuxbridge_agent_ini_overrides: {} neutron_lbaas_agent_ini_overrides: {} neutron_vpnaas_agent_ini_overrides: {}