Reduce neutron configuration

Reduce neutron configuration as follows:

1) Limit [ml2*] sections to neutron server containers [1].
2) Remove the [vlan] section everywhere because it only
   pertains to the defunct Linux bridge monolithic
   plug-in [2].
3) Explicitly disable VXLAN if deployment only includes flat
   or VLAN networks [3].
4) Limit Linux bridge agent configuration options to neutron
   agent containers.
5) Remove [agent] tunnel_type option because the Linux bridge
   agent does not use it.
6) Move some options to correct locations.
7) Reorder some options to improve readability.
8) Annotate groups of options or specific options.

[1] https://review.openstack.org/#/c/196759/
[2] https://review.openstack.org/#/c/196765/
[3] https://review.openstack.org/#/c/160826/

Change-Id: I275fb600360530534f7673e6eb2a3d397b10fb8e
Closes-Bug: #1473230
This commit is contained in:
Matthew Kassawara 2015-07-16 19:02:26 -05:00 committed by Jesse Pretorius
parent d82bbb4336
commit 4f4d81acb5
7 changed files with 143 additions and 108 deletions

View File

@ -192,9 +192,6 @@ neutron_ml2_mechanism_drivers: "linuxbridge,l2population"
# type: "veth" # type: "veth"
neutron_overlay_network: {} neutron_overlay_network: {}
# Set the vxlan udp port. This is only used when neutron_tunnel_address is defined.
neutron_vxlan_udp_port: 4789
## The neutron multicast group address. This should be set as a host variable if used. ## The neutron multicast group address. This should be set as a host variable if used.
## This defaults to an empty string ## This defaults to an empty string
# neutron_vxlan_group: 239.1.1.100 # neutron_vxlan_group: 239.1.1.100

View File

@ -3,19 +3,28 @@
{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} {% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
{% set api_threads = _api_threads if _api_threads > 0 else 1 %} {% set api_threads = _api_threads if _api_threads > 0 else 1 %}
# General
[DEFAULT] [DEFAULT]
verbose = {{ verbose }} verbose = {{ verbose }}
debug = {{ debug }} debug = {{ debug }}
interface_driver = {{ neutron_driver_interface }}
dhcp_driver = {{ neutron_driver_dhcp }}
enable_isolated_metadata = True
num_sync_threads = {{ neutron_num_sync_threads | default(api_threads) }} num_sync_threads = {{ neutron_num_sync_threads | default(api_threads) }}
dhcp_domain = {{ neutron_dhcp_domain }} # Drivers
dhcp_delete_namespaces = {{ neutron_dhcp_delete_namespaces }} interface_driver = {{ neutron_driver_interface }}
dhcp_driver = {{ neutron_driver_dhcp }}
# Default domain for DHCP leases
dhcp_domain = {{ neutron_dhcp_domain }}
# Dnsmasq options
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
dnsmasq_dns_servers = {{ neutron_dnsmasq_dns_servers }} dnsmasq_dns_servers = {{ neutron_dnsmasq_dns_servers }}
dnsmasq_lease_max = {{ neutron_dnsmasq_lease_max }} dnsmasq_lease_max = {{ neutron_dnsmasq_lease_max }}
# Metadata
enable_isolated_metadata = True
# Delete defunct namespaces
dhcp_delete_namespaces = {{ neutron_dhcp_delete_namespaces }}

View File

@ -1,34 +1,41 @@
# {{ ansible_managed }} # {{ ansible_managed }}
# General
[DEFAULT] [DEFAULT]
verbose = {{ verbose }} verbose = {{ verbose }}
debug = {{ debug }} debug = {{ debug }}
allow_automatic_l3agent_failover = True handle_internal_only_routers = True
enable_metadata_proxy = True
external_network_bridge = {{ neutron_external_network_bridge }} external_network_bridge = {{ neutron_external_network_bridge }}
gateway_external_network_id = {{ neutron_gateway_external_network_id }} gateway_external_network_id = {{ neutron_gateway_external_network_id }}
# L3 Agent HA # Drivers
ha_confs_path = {{ neutron_system_home_folder }}/ha_confs interface_driver = {{ neutron_driver_interface }}
ha_vrrp_advert_int = {{ neutron_ha_vrrp_advert_int }}
ha_vrrp_auth_password = {{ neutron_ha_vrrp_auth_password }} # Agent mode (legacy only)
ha_vrrp_auth_type = {{ neutron_ha_vrrp_auth_type }} agent_mode = {{ neutron_agent_mode }}
handle_internal_only_routers = {{ neutron_handle_internal_only_routers }}
l3_ha = {{ neutron_l3_ha_enabled }} # Conventional failover
l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }} allow_automatic_l3agent_failover = True
max_l3_agents_per_router = {{ neutron_max_l3_agents_per_router | default(groups['neutron_agent']|length) }}
{% set min_router = groups['neutron_agent'] | length // 2 %} {% set min_router = groups['neutron_agent'] | length // 2 %}
{% set min_l3_router = min_router if min_router > 0 else 1 %} {% set min_l3_router = min_router if min_router > 0 else 1 %}
min_l3_agents_per_router = {{ neutron_min_l3_agents_per_router | default(min_l3_router) }} min_l3_agents_per_router = {{ neutron_min_l3_agents_per_router | default(min_l3_router) }}
max_l3_agents_per_router = {{ neutron_max_l3_agents_per_router | default(groups['neutron_agent']|length) }}
# HA failover
l3_ha = {{ neutron_l3_ha_enabled }}
l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }}
ha_confs_path = {{ neutron_system_home_folder }}/ha_confs
ha_vrrp_advert_int = {{ neutron_ha_vrrp_advert_int }}
ha_vrrp_auth_password = {{ neutron_ha_vrrp_auth_password }}
ha_vrrp_auth_type = {{ neutron_ha_vrrp_auth_type }}
handle_internal_only_routers = {{ neutron_handle_internal_only_routers }}
send_arp_for_ha = 3 send_arp_for_ha = 3
# L3 configuration options # Metadata
router_delete_namespaces = {{ neutron_l3_router_delete_namespaces }} enable_metadata_proxy = True
# L3 Agent interfaces # Delete defunct namespaces
interface_driver = {{ neutron_driver_interface }} router_delete_namespaces = {{ neutron_l3_router_delete_namespaces }}
handle_internal_only_routers = True
agent_mode = {{ neutron_agent_mode }}

View File

@ -3,11 +3,12 @@
{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} {% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
{% set api_threads = _api_threads if _api_threads > 0 else 1 %} {% set api_threads = _api_threads if _api_threads > 0 else 1 %}
# General
[DEFAULT] [DEFAULT]
verbose = {{ verbose }} verbose = {{ verbose }}
debug = {{ debug }} debug = {{ debug }}
# The Neutron user information for accessing the Neutron API. # Neutron credentials for API access
auth_plugin = {{ neutron_keystone_auth_plugin }} auth_plugin = {{ neutron_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminuri }} auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }} auth_uri = {{ keystone_service_internaluri }}
@ -19,14 +20,16 @@ username = {{ neutron_service_user_name }}
password = {{ neutron_service_password }} password = {{ neutron_service_password }}
endpoint_type = adminURL endpoint_type = adminURL
# TCP Port used by Nova metadata server # Nova metadata service IP and port
nova_metadata_ip = {{ internal_lb_vip_address }} nova_metadata_ip = {{ internal_lb_vip_address }}
nova_metadata_port = {{ nova_metadata_port }} nova_metadata_port = {{ nova_metadata_port }}
# Number of backlog requests to configure the metadata server socket with # Metadata proxy shared secret
metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }} metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
# Workers and backlog requests
metadata_workers = {{ neutron_metadata_workers | default(api_threads) }} metadata_workers = {{ neutron_metadata_workers | default(api_threads) }}
metadata_backlog = {{ neutron_metadata_backlog }} metadata_backlog = {{ neutron_metadata_backlog }}
# Metadata Caching # Caching
cache_url = memory://?default_ttl=5 cache_url = memory://?default_ttl=5

View File

@ -1,11 +1,15 @@
# {{ ansible_managed }} # {{ ansible_managed }}
# General
[DEFAULT] [DEFAULT]
verbose = {{ verbose }} verbose = {{ verbose }}
debug = {{ debug }} debug = {{ debug }}
# Drivers
driver = {{ neutron_driver_metering }} driver = {{ neutron_driver_metering }}
interface_driver = {{ neutron_driver_interface }} interface_driver = {{ neutron_driver_interface }}
# Intervals
measure_interval = 30 measure_interval = 30
[AGENT] [AGENT]

View File

@ -3,72 +3,66 @@
{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} {% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
{% set api_threads = _api_threads if _api_threads > 0 else 1 %} {% set api_threads = _api_threads if _api_threads > 0 else 1 %}
# General, applies to all host groups
[DEFAULT] [DEFAULT]
verbose = {{ verbose }} verbose = {{ verbose }}
debug = {{ debug }} debug = {{ debug }}
fatal_deprecations = {{ neutron_fatal_deprecations }} fatal_deprecations = {{ neutron_fatal_deprecations }}
use_syslog = False use_syslog = False
log_file = /var/log/neutron/neutron.log log_file = /var/log/neutron/neutron.log
auth_strategy = keystone
{% if inventory_hostname in groups['neutron_server'] %}
# General, only applies to neutron server host group
network_device_mtu = {{ neutron_network_device_mtu }} network_device_mtu = {{ neutron_network_device_mtu }}
allow_overlapping_ips = True allow_overlapping_ips = True
vlan_transparent = False vlan_transparent = False
# Plugins
## Drivers
network_scheduler_driver = {{ neutron_driver_network_scheduler }}
router_scheduler_driver = {{ neutron_driver_router_scheduler }}
loadbalancer_pool_scheduler_driver = {{ neutron_driver_loadbalancer_pool_scheduler }}
dhcp_driver = {{ neutron_driver_dhcp }}
notification_driver = {{ neutron_driver_notification }}
## Schedulers
router_distributed = False
network_auto_schedule = True
router_auto_schedule = True
## Agents
agent_down_time = {{ neutron_agent_down_time }}
## API
bind_port = 9696
bind_host = 0.0.0.0
## Workers
api_workers = {{ neutron_api_workers | default(api_threads) }}
rpc_workers = {{ neutron_rpc_workers }}
## Plugins
core_plugin = {{ neutron_plugin_core }} core_plugin = {{ neutron_plugin_core }}
service_plugins = {{ neutron_plugin_loaded_base }} service_plugins = {{ neutron_plugin_loaded_base }}
# MAC address generation for VIFs
## MAC Address
base_mac = fa:16:3e:00:00:00 base_mac = fa:16:3e:00:00:00
mac_generation_retries = 16 mac_generation_retries = 16
# Authentication method
auth_strategy = keystone
## DHCP # Drivers
network_scheduler_driver = {{ neutron_driver_network_scheduler }}
router_scheduler_driver = {{ neutron_driver_router_scheduler }}
loadbalancer_pool_scheduler_driver = {{ neutron_driver_loadbalancer_pool_scheduler }}
notification_driver = {{ neutron_driver_notification }}
# Schedulers
network_auto_schedule = True
router_auto_schedule = True
# Distributed virtual routing (disable by default)
router_distributed = False
# Agents
agent_down_time = {{ neutron_agent_down_time }}
# API
bind_port = 9696
bind_host = 0.0.0.0
# Workers
api_workers = {{ neutron_api_workers | default(api_threads) }}
rpc_workers = {{ neutron_rpc_workers }}
# DHCP
dhcp_agent_notification = True dhcp_agent_notification = True
dhcp_agents_per_network = {{ groups['neutron_agent'] | length }} dhcp_agents_per_network = {{ groups['neutron_agent'] | length }}
dhcp_delete_namespaces = True
dhcp_lease_duration = 86400 dhcp_lease_duration = 86400
advertise_mtu = False advertise_mtu = False
## Notifications # Nova notifications
notify_nova_on_port_status_changes = True notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True notify_nova_on_port_data_changes = True
send_events_interval = 2 send_events_interval = 2
## Nova
nova_url = {{ nova_service_adminurl|replace('/%(tenant_id)s', '') }} nova_url = {{ nova_service_adminurl|replace('/%(tenant_id)s', '') }}
## Rpc all ## Rpc all
@ -87,7 +81,7 @@ project_name = {{ nova_service_project_name }}
username = {{ nova_service_user_name }} username = {{ nova_service_user_name }}
password = {{ nova_service_password }} password = {{ nova_service_password }}
# Quotas
[quotas] [quotas]
quota_driver = {{ neutron_driver_quota }} quota_driver = {{ neutron_driver_quota }}
quota_items = network,subnet,port quota_items = network,subnet,port
@ -106,13 +100,7 @@ quota_security_group_rule = {{ neutron_quota_security_group_rule }}
quota_subnet = {{ neutron_quota_subnet }} quota_subnet = {{ neutron_quota_subnet }}
quota_vip = {{ neutron_quota_vip }} quota_vip = {{ neutron_quota_vip }}
# Keystone authentication
[agent]
polling_interval = {{ neutron_agent_polling_interval|default(5) }}
report_interval = {{ neutron_report_interval|int }}
root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[keystone_authtoken] [keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }} insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ neutron_keystone_auth_plugin }} auth_plugin = {{ neutron_keystone_auth_plugin }}
@ -130,34 +118,41 @@ memcached_servers = {{ memcached_servers }}
token_cache_time = 300 token_cache_time = 300
revocation_cache_time = 60 revocation_cache_time = 60
# if your memcached server is shared, use these settings to avoid cache poisoning # Prevent cache poisoning if sharing a memcached server
memcache_security_strategy = ENCRYPT memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }} memcache_secret_key = {{ memcached_encryption_key }}
# if your keystone deployment uses PKI, and you value security over performance: # Enable if your keystone deployment uses PKI and you prefer security over
# performance (disable by default)
check_revocations_for_cached = False check_revocations_for_cached = False
{% if inventory_hostname in groups['neutron_server'] %} # Database
[database] [database]
connection = mysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ neutron_galera_address }}/{{ neutron_galera_database }}?charset=utf8 connection = mysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ neutron_galera_address }}/{{ neutron_galera_database }}?charset=utf8
max_overflow = {{ neutron_db_max_overflow }} max_overflow = {{ neutron_db_max_overflow }}
max_pool_size = {{ neutron_db_pool_size }} max_pool_size = {{ neutron_db_pool_size }}
pool_timeout = {{ neutron_db_pool_timeout }} pool_timeout = {{ neutron_db_pool_timeout }}
# Service providers
[service_providers]
service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
{% endif %} {% endif %}
# Agent
[agent]
polling_interval = {{ neutron_agent_polling_interval|default(5) }}
report_interval = {{ neutron_report_interval|int }}
root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
# Messaging service
[oslo_messaging_rabbit] [oslo_messaging_rabbit]
rabbit_port = {{ rabbitmq_port }} rabbit_port = {{ rabbitmq_port }}
rabbit_userid = {{ rabbitmq_userid }} rabbit_userid = {{ rabbitmq_userid }}
rabbit_password = {{ rabbitmq_password }} rabbit_password = {{ rabbitmq_password }}
rabbit_hosts = {{ rabbitmq_servers }} rabbit_hosts = {{ rabbitmq_servers }}
# Concurrency (locking mechanisms)
[oslo_concurrency] [oslo_concurrency]
lock_path = /var/lock/neutron lock_path = /var/lock/neutron
[service_providers]
service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

View File

@ -1,5 +1,8 @@
# {{ ansible_managed }} # {{ ansible_managed }}
{% if inventory_hostname in groups['neutron_server'] %}
# ML2 general
[ml2] [ml2]
type_drivers = {{ neutron_ml2_drivers_type }} type_drivers = {{ neutron_ml2_drivers_type }}
tenant_network_types = {{ neutron_provider_networks.network_types }} tenant_network_types = {{ neutron_provider_networks.network_types }}
@ -7,66 +10,83 @@ mechanism_drivers = {{ neutron_ml2_mechanism_drivers }}
path_mtu = 0 path_mtu = 0
segment_mtu = 0 segment_mtu = 0
{% if neutron_provider_networks.network_flat_networks %} {% if neutron_provider_networks.network_flat_networks %}
# ML2 flat networks
[ml2_type_flat] [ml2_type_flat]
flat_networks = {{ neutron_provider_networks.network_flat_networks }} flat_networks = {{ neutron_provider_networks.network_flat_networks }}
{% endif %} {% endif %}
{% if neutron_provider_networks.network_vlan_ranges %} {% if neutron_provider_networks.network_vlan_ranges %}
# ML2 VLAN networks
[ml2_type_vlan] [ml2_type_vlan]
network_vlan_ranges = {{ neutron_provider_networks.network_vlan_ranges }} network_vlan_ranges = {{ neutron_provider_networks.network_vlan_ranges }}
[vlans]
tenant_network_type = vlan
network_vlan_ranges = {{ neutron_provider_networks.network_vlan_ranges }}
{% endif %} {% endif %}
{% if neutron_provider_networks.network_vxlan_ranges is defined %} {% if neutron_provider_networks.network_vxlan_ranges is defined %}
# ML2 VXLAN networks
[ml2_type_vxlan] [ml2_type_vxlan]
vxlan_group = {{ neutron_vxlan_group|default('') }} vxlan_group = {{ neutron_vxlan_group|default('') }}
vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }} vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }}
{% endif %}
{% endif %} {% endif %}
{% if inventory_hostname in groups['neutron_linuxbridge_agent'] %}
# Linux bridge agent VXLAN networks
[vxlan]
{% if neutron_overlay_network %} {% if neutron_overlay_network %}
[vxlan]
enable_vxlan = True enable_vxlan = True
vxlan_group = {{ neutron_vxlan_group|default('') }} vxlan_group = {{ neutron_vxlan_group|default('') }}
{% if (is_metal == true or is_metal == "True") and neutron_overlay_network.bridge is defined %} {% if (is_metal == true or is_metal == "True") and neutron_overlay_network.bridge is defined %}
{% set on_metal_tunnel_bridge = 'ansible_' + neutron_overlay_network.bridge|replace('-', '_') %} {% set on_metal_tunnel_bridge = 'ansible_' + neutron_overlay_network.bridge|replace('-', '_') %}
# VXLAN local tunnel endpoint (bare metal)
local_ip = {{ hostvars[inventory_hostname][on_metal_tunnel_bridge]['ipv4']['address'] }} local_ip = {{ hostvars[inventory_hostname][on_metal_tunnel_bridge]['ipv4']['address'] }}
{% else %} {% else %}
# VXLAN local tunnel endpoint (container)
local_ip = {{ neutron_overlay_network.address }} local_ip = {{ neutron_overlay_network.address }}
{% endif %} {% endif %}
l2_population = {{ neutron_l2_population }} l2_population = {{ neutron_l2_population }}
{% else %}
# Disable VXLAN for deployments with only flat or VLAN networks
enable_vxlan = False
{% endif %} {% endif %}
[agent]
tunnel_types = vxlan
## VXLAN udp port
# This is set for the vxlan port and while this
# is being set here it's ignored because
# the port is assigned by the kernel
vxlan_udp_port = {{ neutron_vxlan_udp_port }}
{% if neutron_provider_networks.network_mappings is defined %} {% if neutron_provider_networks.network_mappings is defined %}
# Linux bridge agent physical interface mappings
[linux_bridge] [linux_bridge]
physical_interface_mappings = {{ neutron_provider_networks.network_mappings }} physical_interface_mappings = {{ neutron_provider_networks.network_mappings }}
{% endif %} {% endif %}
# Agent (empty for Linux bridge agent)
[agent]
# L2 population
[l2pop] [l2pop]
agent_boot_time = 180 agent_boot_time = 180
{% endif %}
# Security groups
[securitygroup] [securitygroup]
enable_security_group = True enable_security_group = True
enable_ipset = True enable_ipset = True
firewall_driver = {{ neutron_driver_firewall }} firewall_driver = {{ neutron_driver_firewall }}