Merge "Reduce neutron configuration"

playbooks/roles/os_neutron/defaults/main.yml

@@ -192,9 +192,6 @@ neutron_ml2_mechanism_drivers: "linuxbridge,l2population"
 #   type: "veth"
 neutron_overlay_network: {}
 
-# Set the vxlan udp port. This is only used when neutron_tunnel_address is defined.
-neutron_vxlan_udp_port: 4789
-
 ## The neutron multicast group address. This should be set as a host variable if used.
 ## This defaults to an empty string
 # neutron_vxlan_group: 239.1.1.100

playbooks/roles/os_neutron/templates/dhcp_agent.ini.j2

@@ -3,19 +3,28 @@
 {% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
 {% set api_threads = _api_threads if _api_threads > 0 else 1 %}
 
+# General
 [DEFAULT]
 verbose = {{ verbose }}
 debug = {{ debug }}
 
-interface_driver = {{ neutron_driver_interface }}
-dhcp_driver = {{ neutron_driver_dhcp }}
-enable_isolated_metadata = True
-
 num_sync_threads = {{ neutron_num_sync_threads | default(api_threads) }}
 
-dhcp_domain = {{ neutron_dhcp_domain }}
-dhcp_delete_namespaces = {{ neutron_dhcp_delete_namespaces }}
+# Drivers
+interface_driver = {{ neutron_driver_interface }}
+dhcp_driver = {{ neutron_driver_dhcp }}
 
+# Default domain for DHCP leases
+dhcp_domain = {{ neutron_dhcp_domain }}
+
+# Dnsmasq options
 dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
 dnsmasq_dns_servers = {{ neutron_dnsmasq_dns_servers }}
 dnsmasq_lease_max = {{ neutron_dnsmasq_lease_max }}
+
+# Metadata
+enable_isolated_metadata = True
+
+# Delete defunct namespaces
+dhcp_delete_namespaces = {{ neutron_dhcp_delete_namespaces }}
+

playbooks/roles/os_neutron/templates/l3_agent.ini.j2

@@ -1,34 +1,41 @@
 # {{ ansible_managed }}
 
+# General
 [DEFAULT]
 verbose = {{ verbose }}
 debug = {{ debug }}
 
-allow_automatic_l3agent_failover = True
-enable_metadata_proxy = True
+handle_internal_only_routers = True
 external_network_bridge = {{ neutron_external_network_bridge }}
 gateway_external_network_id = {{ neutron_gateway_external_network_id }}
 
-# L3 Agent HA
-ha_confs_path = {{ neutron_system_home_folder }}/ha_confs
-ha_vrrp_advert_int = {{ neutron_ha_vrrp_advert_int }}
-ha_vrrp_auth_password = {{ neutron_ha_vrrp_auth_password }}
-ha_vrrp_auth_type = {{ neutron_ha_vrrp_auth_type }}
-handle_internal_only_routers = {{ neutron_handle_internal_only_routers }}
-l3_ha = {{ neutron_l3_ha_enabled }}
-l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }}
-max_l3_agents_per_router = {{ neutron_max_l3_agents_per_router | default(groups['neutron_agent']|length) }}
+# Drivers
+interface_driver = {{ neutron_driver_interface }}
+
+# Agent mode (legacy only)
+agent_mode = {{ neutron_agent_mode }}
+
+# Conventional failover
+allow_automatic_l3agent_failover = True
 
 {% set min_router = groups['neutron_agent'] | length // 2 %}
 {% set min_l3_router = min_router if min_router > 0 else 1 %}
 
 min_l3_agents_per_router = {{ neutron_min_l3_agents_per_router | default(min_l3_router) }}
+max_l3_agents_per_router = {{ neutron_max_l3_agents_per_router | default(groups['neutron_agent']|length) }}
+
+# HA failover
+l3_ha = {{ neutron_l3_ha_enabled }}
+l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }}
+ha_confs_path = {{ neutron_system_home_folder }}/ha_confs
+ha_vrrp_advert_int = {{ neutron_ha_vrrp_advert_int }}
+ha_vrrp_auth_password = {{ neutron_ha_vrrp_auth_password }}
+ha_vrrp_auth_type = {{ neutron_ha_vrrp_auth_type }}
+handle_internal_only_routers = {{ neutron_handle_internal_only_routers }}
 send_arp_for_ha = 3
 
-# L3 configuration options
-router_delete_namespaces = {{ neutron_l3_router_delete_namespaces }}
+# Metadata
+enable_metadata_proxy = True
 
-# L3 Agent interfaces
-interface_driver = {{ neutron_driver_interface }}
-handle_internal_only_routers = True
-agent_mode = {{ neutron_agent_mode }}
+# Delete defunct namespaces
+router_delete_namespaces = {{ neutron_l3_router_delete_namespaces }}

playbooks/roles/os_neutron/templates/metadata_agent.ini.j2

@@ -3,11 +3,12 @@
 {% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
 {% set api_threads = _api_threads if _api_threads > 0 else 1 %}
 
+# General
 [DEFAULT]
 verbose = {{ verbose }}
 debug = {{ debug }}
 
-# The Neutron user information for accessing the Neutron API.
+# Neutron credentials for API access
 auth_plugin = {{ neutron_keystone_auth_plugin }}
 auth_url = {{ keystone_service_adminuri }}
 auth_uri = {{ keystone_service_internaluri }}
@@ -19,14 +20,16 @@ username = {{ neutron_service_user_name }}
 password = {{ neutron_service_password }}
 endpoint_type = adminURL
 
-# TCP Port used by Nova metadata server
+# Nova metadata service IP and port
 nova_metadata_ip = {{ internal_lb_vip_address }}
 nova_metadata_port = {{ nova_metadata_port }}
 
-# Number of backlog requests to configure the metadata server socket with
+# Metadata proxy shared secret
 metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
+
+# Workers and backlog requests
 metadata_workers = {{ neutron_metadata_workers | default(api_threads) }}
 metadata_backlog = {{ neutron_metadata_backlog }}
 
-# Metadata Caching
+# Caching
 cache_url = memory://?default_ttl=5

playbooks/roles/os_neutron/templates/metering_agent.ini.j2

@@ -1,11 +1,15 @@
 # {{ ansible_managed }}
 
+# General
 [DEFAULT]
 verbose = {{ verbose }}
 debug = {{ debug }}
 
+# Drivers
 driver = {{ neutron_driver_metering }}
 interface_driver = {{ neutron_driver_interface }}
+
+# Intervals
 measure_interval = 30
 
 [AGENT]

playbooks/roles/os_neutron/templates/neutron.conf.j2

@@ -3,72 +3,66 @@
 {% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
 {% set api_threads = _api_threads if _api_threads > 0 else 1 %}
 
+# General, applies to all host groups
 [DEFAULT]
 verbose = {{ verbose }}
 debug = {{ debug }}
 fatal_deprecations = {{ neutron_fatal_deprecations }}
-
 use_syslog = False
-
 log_file = /var/log/neutron/neutron.log
-auth_strategy = keystone
+
+{% if inventory_hostname in groups['neutron_server'] %}
+
+# General, only applies to neutron server host group
 network_device_mtu = {{ neutron_network_device_mtu }}
 allow_overlapping_ips = True
 vlan_transparent = False
 
-
-## Drivers
-network_scheduler_driver = {{ neutron_driver_network_scheduler }}
-router_scheduler_driver = {{ neutron_driver_router_scheduler }}
-loadbalancer_pool_scheduler_driver = {{ neutron_driver_loadbalancer_pool_scheduler }}
-dhcp_driver = {{ neutron_driver_dhcp }}
-notification_driver = {{ neutron_driver_notification }}
-
-
-## Schedulers
-router_distributed = False
-network_auto_schedule = True
-router_auto_schedule = True
-
-
-## Agents
-agent_down_time = {{ neutron_agent_down_time }}
-
-
-## API
-bind_port = 9696
-bind_host = 0.0.0.0
-
-
-## Workers
-api_workers = {{ neutron_api_workers | default(api_threads) }}
-rpc_workers = {{ neutron_rpc_workers }}
-
-
-## Plugins
+# Plugins
 core_plugin = {{ neutron_plugin_core }}
 service_plugins = {{ neutron_plugin_loaded_base }}
 
-
-## MAC Address
+# MAC address generation for VIFs
 base_mac = fa:16:3e:00:00:00
 mac_generation_retries = 16
 
+# Authentication method
+auth_strategy = keystone
 
-## DHCP
+# Drivers
+network_scheduler_driver = {{ neutron_driver_network_scheduler }}
+router_scheduler_driver = {{ neutron_driver_router_scheduler }}
+loadbalancer_pool_scheduler_driver = {{ neutron_driver_loadbalancer_pool_scheduler }}
+notification_driver = {{ neutron_driver_notification }}
+
+# Schedulers
+network_auto_schedule = True
+router_auto_schedule = True
+
+# Distributed virtual routing (disable by default)
+router_distributed = False
+
+# Agents
+agent_down_time = {{ neutron_agent_down_time }}
+
+# API
+bind_port = 9696
+bind_host = 0.0.0.0
+
+# Workers
+api_workers = {{ neutron_api_workers | default(api_threads) }}
+rpc_workers = {{ neutron_rpc_workers }}
+
+# DHCP
 dhcp_agent_notification = True
 dhcp_agents_per_network = {{ groups['neutron_agent'] | length }}
-dhcp_delete_namespaces = True
 dhcp_lease_duration = 86400
 advertise_mtu = False
 
-## Notifications
+# Nova notifications
 notify_nova_on_port_status_changes = True
 notify_nova_on_port_data_changes = True
 send_events_interval = 2
-
-
-## Nova
 nova_url = {{ nova_service_adminurl|replace('/%(tenant_id)s', '') }}
 
 ## Rpc all
@@ -87,7 +81,7 @@ project_name = {{ nova_service_project_name }}
 username = {{ nova_service_user_name }}
 password = {{ nova_service_password }}
 
-
+# Quotas
 [quotas]
 quota_driver = {{ neutron_driver_quota }}
 quota_items = network,subnet,port
@@ -106,13 +100,7 @@ quota_security_group_rule = {{ neutron_quota_security_group_rule }}
 quota_subnet = {{ neutron_quota_subnet }}
 quota_vip = {{ neutron_quota_vip }}
 
-
-[agent]
-polling_interval = {{ neutron_agent_polling_interval|default(5) }}
-report_interval = {{ neutron_report_interval|int }}
-root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
-
-
+# Keystone authentication
 [keystone_authtoken]
 insecure = {{ keystone_service_internaluri_insecure | bool }}
 auth_plugin = {{ neutron_keystone_auth_plugin }}
@@ -130,34 +118,41 @@ memcached_servers = {{ memcached_servers }}
 token_cache_time = 300
 revocation_cache_time = 60
 
-# if your memcached server is shared, use these settings to avoid cache poisoning
+# Prevent cache poisoning if sharing a memcached server
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcached_encryption_key }}
 
-# if your keystone deployment uses PKI, and you value security over performance:
+# Enable if your keystone deployment uses PKI and you prefer security over
+# performance (disable by default)
 check_revocations_for_cached = False
 
-{% if inventory_hostname in groups['neutron_server'] %}
-
+# Database
 [database]
 connection = mysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ neutron_galera_address }}/{{ neutron_galera_database }}?charset=utf8
 max_overflow = {{ neutron_db_max_overflow }}
 max_pool_size = {{ neutron_db_pool_size }}
 pool_timeout = {{ neutron_db_pool_timeout }}
 
+# Service providers
+[service_providers]
+service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
+service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
+
 {% endif %}
 
+# Agent
+[agent]
+polling_interval = {{ neutron_agent_polling_interval|default(5) }}
+report_interval = {{ neutron_report_interval|int }}
+root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
+
+# Messaging service
 [oslo_messaging_rabbit]
 rabbit_port = {{ rabbitmq_port }}
 rabbit_userid = {{ rabbitmq_userid }}
 rabbit_password = {{ rabbitmq_password }}
 rabbit_hosts = {{ rabbitmq_servers }}
 
-
+# Concurrency (locking mechanisms)
 [oslo_concurrency]
 lock_path = /var/lock/neutron
-
-
-[service_providers]
-service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

playbooks/roles/os_neutron/templates/plugins/ml2/ml2_conf.ini.j2

@@ -1,5 +1,8 @@
 # {{ ansible_managed }}
 
+{% if inventory_hostname in groups['neutron_server'] %}
+
+# ML2 general
 [ml2]
 type_drivers = {{ neutron_ml2_drivers_type }}
 tenant_network_types = {{ neutron_provider_networks.network_types }}
@@ -7,66 +10,83 @@ mechanism_drivers = {{ neutron_ml2_mechanism_drivers }}
 path_mtu = 0
 segment_mtu = 0
 
-
 {% if neutron_provider_networks.network_flat_networks %}
+
+# ML2 flat networks
 [ml2_type_flat]
 flat_networks = {{ neutron_provider_networks.network_flat_networks }}
+
 {% endif %}
 
-
 {% if neutron_provider_networks.network_vlan_ranges %}
+
+# ML2 VLAN networks
 [ml2_type_vlan]
 network_vlan_ranges = {{ neutron_provider_networks.network_vlan_ranges }}
 
-
-[vlans]
-tenant_network_type = vlan
-network_vlan_ranges = {{ neutron_provider_networks.network_vlan_ranges }}
 {% endif %}
 
-
 {% if neutron_provider_networks.network_vxlan_ranges is defined %}
+
+# ML2 VXLAN networks
 [ml2_type_vxlan]
 vxlan_group = {{ neutron_vxlan_group|default('') }}
 vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }}
+
+{% endif %}
 {% endif %}
 
+{% if inventory_hostname in groups['neutron_linuxbridge_agent'] %}
+
+# Linux bridge agent VXLAN networks
+[vxlan]
 
 {% if neutron_overlay_network %}
-[vxlan]
+
 enable_vxlan = True
 vxlan_group = {{ neutron_vxlan_group|default('') }}
+
 {% if (is_metal == true or is_metal == "True") and neutron_overlay_network.bridge is defined %}
 {% set on_metal_tunnel_bridge = 'ansible_' + neutron_overlay_network.bridge|replace('-', '_') %}
+
+# VXLAN local tunnel endpoint (bare metal)
 local_ip = {{ hostvars[inventory_hostname][on_metal_tunnel_bridge]['ipv4']['address'] }}
+
 {% else %}
+
+# VXLAN local tunnel endpoint (container)
 local_ip = {{ neutron_overlay_network.address }}
+
 {% endif %}
+
 l2_population = {{ neutron_l2_population }}
+
+{% else %}
+
+# Disable VXLAN for deployments with only flat or VLAN networks
+enable_vxlan = False
+
 {% endif %}
 
-
-[agent]
-tunnel_types = vxlan
-## VXLAN udp port
-# This is set for the vxlan port and while this
-# is being set here it's ignored because
-# the port is assigned by the kernel
-vxlan_udp_port = {{ neutron_vxlan_udp_port }}
-
-
 {% if neutron_provider_networks.network_mappings is defined %}
+
+# Linux bridge agent physical interface mappings
 [linux_bridge]
 physical_interface_mappings = {{ neutron_provider_networks.network_mappings }}
+
 {% endif %}
 
+# Agent (empty for Linux bridge agent)
+[agent]
 
+# L2 population
 [l2pop]
 agent_boot_time = 180
 
+{% endif %}
 
+# Security groups
 [securitygroup]
 enable_security_group = True
 enable_ipset = True
 firewall_driver = {{ neutron_driver_firewall }}
-