Move vmware plugin from neutron to vmware_nsx repo (etc part)

Move from neutron:/etc/neutron/plugins/vmware/* to vmware-nsx:/vmware_nsx/etc/. This is the first part of vmware plugin decomposition (etc, extensions, and database). Change-Id: Ibb8334f38c1b9a83c07eafaedc65a8828a30d1e2
2015-08-06 15:52:04 -07:00 · 2015-08-06 15:52:04 -07:00 · b27bc19421
commit b27bc19421
parent 809f882256
3 changed files with 300 additions and 0 deletions
--- a/vmware_nsx/etc/nsx.ini
+++ b/vmware_nsx/etc/nsx.ini
@ -0,0 +1,283 @@
+[DEFAULT]
+# User name for NSX controller
+# nsx_user = admin
+
+# Password for NSX controller
+# nsx_password = admin
+
+# Time before aborting a request on an unresponsive controller (Seconds)
+# http_timeout = 75
+
+# Maximum number of times a particular request should be retried
+# retries = 2
+
+# Maximum number of times a redirect response should be followed
+# redirects = 2
+
+# Comma-separated list of NSX controller endpoints (<ip>:<port>). When port
+# is omitted, 443 is assumed. This option MUST be specified, e.g.:
+# nsx_controllers = xx.yy.zz.ww:443, aa.bb.cc.dd, ee.ff.gg.hh.ee:80
+
+# UUID of the pre-existing default NSX Transport zone to be used for creating
+# tunneled isolated "Neutron" networks. This option MUST be specified, e.g.:
+# default_tz_uuid = 1e8e52cf-fa7f-46b0-a14a-f99835a9cb53
+
+# (Optional) UUID for the default l3 gateway service to use with this cluster.
+# To be specified if planning to use logical routers with external gateways.
+# default_l3_gw_service_uuid =
+
+# (Optional) UUID for the default l2 gateway service to use with this cluster.
+# To be specified for providing a predefined gateway tenant for connecting their networks.
+# default_l2_gw_service_uuid =
+
+# (Optional) UUID for the default service cluster. A service cluster is introduced to
+# represent a group of gateways and it is needed in order to use Logical Services like
+# dhcp and metadata in the logical space. NOTE: If agent_mode is set to 'agentless' this
+# config parameter *MUST BE* set to a valid pre-existent service cluster uuid.
+# default_service_cluster_uuid =
+
+# Name of the default interface name to be used on network-gateway.  This value
+# will be used for any device associated with a network gateway for which an
+# interface name was not specified
+# nsx_default_interface_name = breth0
+
+# Reconnect connection to nsx if not used within this amount of time.
+# conn_idle_timeout = 900
+
+[quotas]
+# number of network gateways allowed per tenant, -1 means unlimited
+# quota_network_gateway = 5
+
+[nsxv]
+# URL for NSXv manager
+# manager_uri = https://management_ip
+
+# User name for NSXv manager
+# user = admin
+
+# Password for NSXv manager
+# password = default
+
+# (Required) Datacenter ID for Edge deployment
+# datacenter_moid =
+
+# (Required) Cluster IDs for clusters containing OpenStack hosts
+# cluster_moid =
+
+# (Optional) Deployment Container ID for NSX Edge deployment
+# If not specified, either a default global container will be used, or
+# the resource pool and datastore specified below will be used
+# deployment_container_id =
+
+# (Optional) Resource pool ID for NSX Edge deployment
+# resource_pool_id =
+
+# (Optional) Datastore ID for NSX Edge deployment
+# datastore_id =
+
+# (Required) UUID of logic switch for physical network connectivity
+# external_network =
+
+# (Optional) Asynchronous task status check interval
+# default is 2000 (millisecond)
+# task_status_check_interval = 2000
+
+# (Optional) Network scope ID for VXLAN virtual wires
+# vdn_scope_id =
+
+# (Optional) DVS ID for VLANS
+# dvs_id =
+
+# (ListOpt) Define backup edge pool's management range with the four-tuple:
+# <edge_type>:[edge_size]:<minimum_pooled_edges>:<maximum_pooled_edges>.
+# edge_type:'service'(service edge) or 'vdr'(distributed edge).
+# edge_size: 'compact', 'large'(by default), 'xlarge' or 'quadlarge'.
+#
+# By default, edge pool manager would manage service edge
+# with compact&&large size and distributed edge with large size as following:
+# backup_edge_pool = service:large:4:10,service:compact:4:10,vdr:large:4:10
+
+# (Optional) Maximum number of sub interfaces supported per vnic in edge
+# default is 20
+# maximum_tunnels_per_vnic = 20
+
+# Maximum number of API retries
+# retries = 10
+
+# (Optional) Network ID for management network connectivity
+# mgt_net_moid =
+
+# (Optional) Management network IP address for metadata proxy
+# mgt_net_proxy_ips =
+
+# (Optional) Management network netmask for metadata proxy
+# mgt_net_proxy_netmask =
+
+# (Optional) Management network default gateway for metadata proxy
+# mgt_net_default_gateway =
+
+# (Optional) IP addresses used by Nova metadata service
+# nova_metadata_ips =
+
+# (Optional) TCP Port used by Nova metadata server
+# nova_metadata_port = 8775
+
+# (Optional) Shared secret to sign metadata requests
+# metadata_shared_secret =
+
+# (Optional) Indicates if Nsxv spoofguard component is used to implement
+# port-security feature.
+# spoofguard_enabled = True
+
+# (ListOpt) Ordered list of router_types to allocate as tenant routers.
+# It limits the router types that the Nsxv can support for tenants:
+# distributed: router is supported by distributed edge at the backend.
+# shared: multiple routers share the same service edge at the backend.
+# exclusive: router exclusivly occupies one service edge at the backend.
+# Nsxv would select the first available router type from tenant_router_types
+# list if router-type is not specified.
+# If the tenant defines the router type with "--distributed",
+# "--router_type exclusive" or "--router_type shared", Nsxv would verify that
+# the router type is in tenant_router_types.
+# Admin supports all these three router types
+#
+# tenant_router_types = shared, distributed, exclusive
+# Example: tenant_router_types = distributed, shared
+
+# (Optional) Enable an administrator to configure the edge user and password
+# Username to configure for Edge appliance login
+# edge_appliance_user =
+# (Optional) Password to configure for Edge appliance login
+# edge_appliance_password =
+
+# (Optional) URL for distributed locking coordination resource for lock manager
+# This value is passed as a parameter to tooz coordinator.
+# By default, value is None and oslo_concurrency is used for single-node
+# lock management.
+# locking_coordinator_url =
+
+# (Optional) DHCP lease time
+# dhcp_lease_time = 86400
+
+[nsx]
+# Maximum number of ports for each bridged logical switch
+# The recommended value for this parameter varies with NSX version
+# Please use:
+# NSX 2.x -> 64
+# NSX 3.0, 3.1 -> 5000
+# NSX 3.2 -> 10000
+# max_lp_per_bridged_ls = 5000
+
+# Maximum number of ports for each overlay (stt, gre) logical switch
+# max_lp_per_overlay_ls = 256
+
+# Number of connections to each controller node.
+# default is 10
+# concurrent_connections = 10
+
+# Number of seconds a generation id should be valid for (default -1 meaning do not time out)
+# nsx_gen_timeout = -1
+
+# Acceptable values for 'metadata_mode' are:
+#   - 'access_network': this enables a dedicated connection to the metadata
+#     proxy for metadata server access via Neutron router.
+#   - 'dhcp_host_route': this enables host route injection via the dhcp agent.
+# This option is only useful if running on a host that does not support
+# namespaces otherwise access_network should be used.
+# metadata_mode = access_network
+
+# The default network transport type to use (stt, gre, bridge, ipsec_gre, or ipsec_stt)
+# default_transport_type = stt
+
+# Specifies in which mode the plugin needs to operate in order to provide DHCP and
+# metadata proxy services to tenant instances. If 'agent' is chosen (default)
+# the NSX plugin relies on external RPC agents (i.e. dhcp and metadata agents) to
+# provide such services. In this mode, the plugin supports API extensions 'agent'
+# and 'dhcp_agent_scheduler'. If 'agentless' is chosen (experimental in Icehouse),
+# the plugin will use NSX logical services for DHCP and metadata proxy. This
+# simplifies the deployment model for Neutron, in that the plugin no longer requires
+# the RPC agents to operate. When 'agentless' is chosen, the config option metadata_mode
+# becomes ineffective. The 'agentless' mode is supported from NSX 4.2 or above.
+# Furthermore, a 'combined' mode is also provided and is used to support existing
+# deployments that want to adopt the agentless mode going forward. With this mode,
+# existing networks keep being served by the existing infrastructure (thus preserving
+# backward compatibility, whereas new networks will be served by the new infrastructure.
+# Migration tools are provided to 'move' one network from one model to another; with
+# agent_mode set to 'combined', option 'network_auto_schedule' in neutron.conf is
+# ignored, as new networks will no longer be scheduled to existing dhcp agents.
+# agent_mode = agent
+
+# Specifies which mode packet replication should be done in. If set to service
+# a service node is required in order to perform packet replication. This can
+# also be set to source if one wants replication to be performed locally (NOTE:
+# usually only useful for testing if one does not want to deploy a service node).
+# In order to leverage distributed routers, replication_mode should be set to
+# "service".
+# replication_mode = service
+
+[nsx_sync]
+# Interval in seconds between runs of the status synchronization task.
+# The plugin will aim at resynchronizing operational status for all
+# resources in this interval, and it should be therefore large enough
+# to ensure the task is feasible. Otherwise the plugin will be
+# constantly synchronizing resource status, ie: a new task is started
+# as soon as the previous is completed.
+# If this value is set to 0, the state synchronization thread for this
+# Neutron instance will be disabled.
+# state_sync_interval = 10
+
+# Random additional delay between two runs of the state synchronization task.
+# An additional wait time between 0 and max_random_sync_delay seconds
+# will be added on top of state_sync_interval.
+# max_random_sync_delay = 0
+
+# Minimum delay, in seconds, between two status synchronization requests for NSX.
+# Depending on chunk size, controller load, and other factors, state
+# synchronization requests might be pretty heavy. This means the
+# controller might take time to respond, and its load might be quite
+# increased by them. This parameter allows to specify a minimum
+# interval between two subsequent requests.
+# The value for this parameter must never exceed state_sync_interval.
+# If this does, an error will be raised at startup.
+# min_sync_req_delay = 1
+
+# Minimum number of resources to be retrieved from NSX in a single status
+# synchronization request.
+# The actual size of the chunk will increase if the number of resources is such
+# that using the minimum chunk size will cause the interval between two
+# requests to be less than min_sync_req_delay
+# min_chunk_size = 500
+
+# Enable this option to allow punctual state synchronization on show
+# operations. In this way, show operations will always fetch the operational
+# status of the resource from the NSX backend, and this might have
+# a considerable impact on overall performance.
+# always_read_status = False
+
+[nsx_lsn]
+# Pull LSN information from NSX in case it is missing from the local
+# data store. This is useful to rebuild the local store in case of
+# server recovery
+# sync_on_missing_data = False
+
+[nsx_dhcp]
+# (Optional) Comma separated list of additional dns servers. Default is an empty list
+# extra_domain_name_servers =
+
+# Domain to use for building the hostnames
+# domain_name = openstacklocal
+
+# Default DHCP lease time
+# default_lease_time = 43200
+
+[nsx_metadata]
+# IP address used by Metadata server
+# metadata_server_address = 127.0.0.1
+
+# TCP Port used by Metadata server
+# metadata_server_port = 8775
+
+# When proxying metadata requests, Neutron signs the Instance-ID header with a
+# shared secret to prevent spoofing. You may select any string for a secret,
+# but it MUST match with the configuration used by the Metadata server
+# metadata_shared_secret =
--- a/vmware_nsx/etc/policy/network-gateways.json
+++ b/vmware_nsx/etc/policy/network-gateways.json
@ -0,0 +1,10 @@
+{
+    "create_network_gateway": "rule:admin_or_owner",
+    "update_network_gateway": "rule:admin_or_owner",
+    "delete_network_gateway": "rule:admin_or_owner",
+    "connect_network": "rule:admin_or_owner",
+    "disconnect_network": "rule:admin_or_owner",
+    "create_gateway_device": "rule:admin_or_owner",
+    "update_gateway_device": "rule:admin_or_owner",
+    "delete_gateway_device": "rule_admin_or_owner"
+}
--- a/vmware_nsx/etc/policy/routers.json
+++ b/vmware_nsx/etc/policy/routers.json
@ -0,0 +1,7 @@
+{
+    "create_router:external_gateway_info:enable_snat": "rule:admin_or_owner",
+    "create_router:distributed": "rule:admin_or_owner",
+    "get_router:distributed": "rule:admin_or_owner",
+    "update_router:external_gateway_info:enable_snat": "rule:admin_or_owner",
+    "update_router:distributed": "rule:admin_or_owner"
+}