diff --git a/playbooks/roles/os_neutron/defaults/main.yml b/playbooks/roles/os_neutron/defaults/main.yml index 691f90c63b..f5ee973b23 100644 --- a/playbooks/roles/os_neutron/defaults/main.yml +++ b/playbooks/roles/os_neutron/defaults/main.yml @@ -192,9 +192,6 @@ neutron_ml2_mechanism_drivers: "linuxbridge,l2population" # type: "veth" neutron_overlay_network: {} -# Set the vxlan udp port. This is only used when neutron_tunnel_address is defined. -neutron_vxlan_udp_port: 4789 - ## The neutron multicast group address. This should be set as a host variable if used. ## This defaults to an empty string # neutron_vxlan_group: 239.1.1.100 diff --git a/playbooks/roles/os_neutron/templates/dhcp_agent.ini.j2 b/playbooks/roles/os_neutron/templates/dhcp_agent.ini.j2 index 4de712980b..52dce45029 100644 --- a/playbooks/roles/os_neutron/templates/dhcp_agent.ini.j2 +++ b/playbooks/roles/os_neutron/templates/dhcp_agent.ini.j2 @@ -3,19 +3,28 @@ {% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} {% set api_threads = _api_threads if _api_threads > 0 else 1 %} +# General [DEFAULT] verbose = {{ verbose }} debug = {{ debug }} -interface_driver = {{ neutron_driver_interface }} -dhcp_driver = {{ neutron_driver_dhcp }} -enable_isolated_metadata = True - num_sync_threads = {{ neutron_num_sync_threads | default(api_threads) }} -dhcp_domain = {{ neutron_dhcp_domain }} -dhcp_delete_namespaces = {{ neutron_dhcp_delete_namespaces }} +# Drivers +interface_driver = {{ neutron_driver_interface }} +dhcp_driver = {{ neutron_driver_dhcp }} +# Default domain for DHCP leases +dhcp_domain = {{ neutron_dhcp_domain }} + +# Dnsmasq options dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf dnsmasq_dns_servers = {{ neutron_dnsmasq_dns_servers }} dnsmasq_lease_max = {{ neutron_dnsmasq_lease_max }} + +# Metadata +enable_isolated_metadata = True + +# Delete defunct namespaces +dhcp_delete_namespaces = {{ neutron_dhcp_delete_namespaces }} + diff --git a/playbooks/roles/os_neutron/templates/l3_agent.ini.j2 b/playbooks/roles/os_neutron/templates/l3_agent.ini.j2 index 5802758c12..10022484fa 100644 --- a/playbooks/roles/os_neutron/templates/l3_agent.ini.j2 +++ b/playbooks/roles/os_neutron/templates/l3_agent.ini.j2 @@ -1,34 +1,41 @@ # {{ ansible_managed }} +# General [DEFAULT] verbose = {{ verbose }} debug = {{ debug }} -allow_automatic_l3agent_failover = True -enable_metadata_proxy = True +handle_internal_only_routers = True external_network_bridge = {{ neutron_external_network_bridge }} gateway_external_network_id = {{ neutron_gateway_external_network_id }} -# L3 Agent HA -ha_confs_path = {{ neutron_system_home_folder }}/ha_confs -ha_vrrp_advert_int = {{ neutron_ha_vrrp_advert_int }} -ha_vrrp_auth_password = {{ neutron_ha_vrrp_auth_password }} -ha_vrrp_auth_type = {{ neutron_ha_vrrp_auth_type }} -handle_internal_only_routers = {{ neutron_handle_internal_only_routers }} -l3_ha = {{ neutron_l3_ha_enabled }} -l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }} -max_l3_agents_per_router = {{ neutron_max_l3_agents_per_router | default(groups['neutron_agent']|length) }} +# Drivers +interface_driver = {{ neutron_driver_interface }} + +# Agent mode (legacy only) +agent_mode = {{ neutron_agent_mode }} + +# Conventional failover +allow_automatic_l3agent_failover = True {% set min_router = groups['neutron_agent'] | length // 2 %} {% set min_l3_router = min_router if min_router > 0 else 1 %} min_l3_agents_per_router = {{ neutron_min_l3_agents_per_router | default(min_l3_router) }} +max_l3_agents_per_router = {{ neutron_max_l3_agents_per_router | default(groups['neutron_agent']|length) }} + +# HA failover +l3_ha = {{ neutron_l3_ha_enabled }} +l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }} +ha_confs_path = {{ neutron_system_home_folder }}/ha_confs +ha_vrrp_advert_int = {{ neutron_ha_vrrp_advert_int }} +ha_vrrp_auth_password = {{ neutron_ha_vrrp_auth_password }} +ha_vrrp_auth_type = {{ neutron_ha_vrrp_auth_type }} +handle_internal_only_routers = {{ neutron_handle_internal_only_routers }} send_arp_for_ha = 3 -# L3 configuration options -router_delete_namespaces = {{ neutron_l3_router_delete_namespaces }} +# Metadata +enable_metadata_proxy = True -# L3 Agent interfaces -interface_driver = {{ neutron_driver_interface }} -handle_internal_only_routers = True -agent_mode = {{ neutron_agent_mode }} +# Delete defunct namespaces +router_delete_namespaces = {{ neutron_l3_router_delete_namespaces }} diff --git a/playbooks/roles/os_neutron/templates/metadata_agent.ini.j2 b/playbooks/roles/os_neutron/templates/metadata_agent.ini.j2 index a5626cd2ff..ca8c9cfd1c 100644 --- a/playbooks/roles/os_neutron/templates/metadata_agent.ini.j2 +++ b/playbooks/roles/os_neutron/templates/metadata_agent.ini.j2 @@ -3,11 +3,12 @@ {% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} {% set api_threads = _api_threads if _api_threads > 0 else 1 %} +# General [DEFAULT] verbose = {{ verbose }} debug = {{ debug }} -# The Neutron user information for accessing the Neutron API. +# Neutron credentials for API access auth_plugin = {{ neutron_keystone_auth_plugin }} auth_url = {{ keystone_service_adminuri }} auth_uri = {{ keystone_service_internaluri }} @@ -19,14 +20,16 @@ username = {{ neutron_service_user_name }} password = {{ neutron_service_password }} endpoint_type = adminURL -# TCP Port used by Nova metadata server +# Nova metadata service IP and port nova_metadata_ip = {{ internal_lb_vip_address }} nova_metadata_port = {{ nova_metadata_port }} -# Number of backlog requests to configure the metadata server socket with +# Metadata proxy shared secret metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }} + +# Workers and backlog requests metadata_workers = {{ neutron_metadata_workers | default(api_threads) }} metadata_backlog = {{ neutron_metadata_backlog }} -# Metadata Caching +# Caching cache_url = memory://?default_ttl=5 diff --git a/playbooks/roles/os_neutron/templates/metering_agent.ini.j2 b/playbooks/roles/os_neutron/templates/metering_agent.ini.j2 index 9b5a5efd8f..bee349f23b 100644 --- a/playbooks/roles/os_neutron/templates/metering_agent.ini.j2 +++ b/playbooks/roles/os_neutron/templates/metering_agent.ini.j2 @@ -1,11 +1,15 @@ # {{ ansible_managed }} +# General [DEFAULT] verbose = {{ verbose }} debug = {{ debug }} +# Drivers driver = {{ neutron_driver_metering }} interface_driver = {{ neutron_driver_interface }} + +# Intervals measure_interval = 30 [AGENT] diff --git a/playbooks/roles/os_neutron/templates/neutron.conf.j2 b/playbooks/roles/os_neutron/templates/neutron.conf.j2 index 7afd42777b..b9622533a4 100644 --- a/playbooks/roles/os_neutron/templates/neutron.conf.j2 +++ b/playbooks/roles/os_neutron/templates/neutron.conf.j2 @@ -3,72 +3,66 @@ {% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} {% set api_threads = _api_threads if _api_threads > 0 else 1 %} +# General, applies to all host groups [DEFAULT] verbose = {{ verbose }} debug = {{ debug }} fatal_deprecations = {{ neutron_fatal_deprecations }} - use_syslog = False - log_file = /var/log/neutron/neutron.log -auth_strategy = keystone + +{% if inventory_hostname in groups['neutron_server'] %} + +# General, only applies to neutron server host group network_device_mtu = {{ neutron_network_device_mtu }} allow_overlapping_ips = True vlan_transparent = False - -## Drivers -network_scheduler_driver = {{ neutron_driver_network_scheduler }} -router_scheduler_driver = {{ neutron_driver_router_scheduler }} -loadbalancer_pool_scheduler_driver = {{ neutron_driver_loadbalancer_pool_scheduler }} -dhcp_driver = {{ neutron_driver_dhcp }} -notification_driver = {{ neutron_driver_notification }} - - -## Schedulers -router_distributed = False -network_auto_schedule = True -router_auto_schedule = True - - -## Agents -agent_down_time = {{ neutron_agent_down_time }} - - -## API -bind_port = 9696 -bind_host = 0.0.0.0 - - -## Workers -api_workers = {{ neutron_api_workers | default(api_threads) }} -rpc_workers = {{ neutron_rpc_workers }} - - -## Plugins +# Plugins core_plugin = {{ neutron_plugin_core }} service_plugins = {{ neutron_plugin_loaded_base }} - -## MAC Address +# MAC address generation for VIFs base_mac = fa:16:3e:00:00:00 mac_generation_retries = 16 +# Authentication method +auth_strategy = keystone -## DHCP +# Drivers +network_scheduler_driver = {{ neutron_driver_network_scheduler }} +router_scheduler_driver = {{ neutron_driver_router_scheduler }} +loadbalancer_pool_scheduler_driver = {{ neutron_driver_loadbalancer_pool_scheduler }} +notification_driver = {{ neutron_driver_notification }} + +# Schedulers +network_auto_schedule = True +router_auto_schedule = True + +# Distributed virtual routing (disable by default) +router_distributed = False + +# Agents +agent_down_time = {{ neutron_agent_down_time }} + +# API +bind_port = 9696 +bind_host = 0.0.0.0 + +# Workers +api_workers = {{ neutron_api_workers | default(api_threads) }} +rpc_workers = {{ neutron_rpc_workers }} + +# DHCP dhcp_agent_notification = True dhcp_agents_per_network = {{ groups['neutron_agent'] | length }} -dhcp_delete_namespaces = True dhcp_lease_duration = 86400 advertise_mtu = False -## Notifications +# Nova notifications notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True send_events_interval = 2 - - -## Nova nova_url = {{ nova_service_adminurl|replace('/%(tenant_id)s', '') }} ## Rpc all @@ -87,7 +81,7 @@ project_name = {{ nova_service_project_name }} username = {{ nova_service_user_name }} password = {{ nova_service_password }} - +# Quotas [quotas] quota_driver = {{ neutron_driver_quota }} quota_items = network,subnet,port @@ -106,13 +100,7 @@ quota_security_group_rule = {{ neutron_quota_security_group_rule }} quota_subnet = {{ neutron_quota_subnet }} quota_vip = {{ neutron_quota_vip }} - -[agent] -polling_interval = {{ neutron_agent_polling_interval|default(5) }} -report_interval = {{ neutron_report_interval|int }} -root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf - - +# Keystone authentication [keystone_authtoken] insecure = {{ keystone_service_internaluri_insecure | bool }} auth_plugin = {{ neutron_keystone_auth_plugin }} @@ -130,34 +118,41 @@ memcached_servers = {{ memcached_servers }} token_cache_time = 300 revocation_cache_time = 60 -# if your memcached server is shared, use these settings to avoid cache poisoning +# Prevent cache poisoning if sharing a memcached server memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcached_encryption_key }} -# if your keystone deployment uses PKI, and you value security over performance: +# Enable if your keystone deployment uses PKI and you prefer security over +# performance (disable by default) check_revocations_for_cached = False -{% if inventory_hostname in groups['neutron_server'] %} - +# Database [database] connection = mysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ neutron_galera_address }}/{{ neutron_galera_database }}?charset=utf8 max_overflow = {{ neutron_db_max_overflow }} max_pool_size = {{ neutron_db_pool_size }} pool_timeout = {{ neutron_db_pool_timeout }} +# Service providers +[service_providers] +service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default + {% endif %} +# Agent +[agent] +polling_interval = {{ neutron_agent_polling_interval|default(5) }} +report_interval = {{ neutron_report_interval|int }} +root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf + +# Messaging service [oslo_messaging_rabbit] rabbit_port = {{ rabbitmq_port }} rabbit_userid = {{ rabbitmq_userid }} rabbit_password = {{ rabbitmq_password }} rabbit_hosts = {{ rabbitmq_servers }} - +# Concurrency (locking mechanisms) [oslo_concurrency] lock_path = /var/lock/neutron - - -[service_providers] -service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default -service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default diff --git a/playbooks/roles/os_neutron/templates/plugins/ml2/ml2_conf.ini.j2 b/playbooks/roles/os_neutron/templates/plugins/ml2/ml2_conf.ini.j2 index 31ee9a7145..3a82320258 100644 --- a/playbooks/roles/os_neutron/templates/plugins/ml2/ml2_conf.ini.j2 +++ b/playbooks/roles/os_neutron/templates/plugins/ml2/ml2_conf.ini.j2 @@ -1,5 +1,8 @@ # {{ ansible_managed }} +{% if inventory_hostname in groups['neutron_server'] %} + +# ML2 general [ml2] type_drivers = {{ neutron_ml2_drivers_type }} tenant_network_types = {{ neutron_provider_networks.network_types }} @@ -7,66 +10,83 @@ mechanism_drivers = {{ neutron_ml2_mechanism_drivers }} path_mtu = 0 segment_mtu = 0 - {% if neutron_provider_networks.network_flat_networks %} + +# ML2 flat networks [ml2_type_flat] flat_networks = {{ neutron_provider_networks.network_flat_networks }} + {% endif %} - {% if neutron_provider_networks.network_vlan_ranges %} + +# ML2 VLAN networks [ml2_type_vlan] network_vlan_ranges = {{ neutron_provider_networks.network_vlan_ranges }} - -[vlans] -tenant_network_type = vlan -network_vlan_ranges = {{ neutron_provider_networks.network_vlan_ranges }} {% endif %} - {% if neutron_provider_networks.network_vxlan_ranges is defined %} + +# ML2 VXLAN networks [ml2_type_vxlan] vxlan_group = {{ neutron_vxlan_group|default('') }} vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }} + +{% endif %} {% endif %} +{% if inventory_hostname in groups['neutron_linuxbridge_agent'] %} + +# Linux bridge agent VXLAN networks +[vxlan] {% if neutron_overlay_network %} -[vxlan] + enable_vxlan = True vxlan_group = {{ neutron_vxlan_group|default('') }} + {% if (is_metal == true or is_metal == "True") and neutron_overlay_network.bridge is defined %} {% set on_metal_tunnel_bridge = 'ansible_' + neutron_overlay_network.bridge|replace('-', '_') %} + +# VXLAN local tunnel endpoint (bare metal) local_ip = {{ hostvars[inventory_hostname][on_metal_tunnel_bridge]['ipv4']['address'] }} + {% else %} + +# VXLAN local tunnel endpoint (container) local_ip = {{ neutron_overlay_network.address }} + {% endif %} + l2_population = {{ neutron_l2_population }} + +{% else %} + +# Disable VXLAN for deployments with only flat or VLAN networks +enable_vxlan = False + {% endif %} - -[agent] -tunnel_types = vxlan -## VXLAN udp port -# This is set for the vxlan port and while this -# is being set here it's ignored because -# the port is assigned by the kernel -vxlan_udp_port = {{ neutron_vxlan_udp_port }} - - {% if neutron_provider_networks.network_mappings is defined %} + +# Linux bridge agent physical interface mappings [linux_bridge] physical_interface_mappings = {{ neutron_provider_networks.network_mappings }} + {% endif %} +# Agent (empty for Linux bridge agent) +[agent] +# L2 population [l2pop] agent_boot_time = 180 +{% endif %} +# Security groups [securitygroup] enable_security_group = True enable_ipset = True firewall_driver = {{ neutron_driver_firewall }} -