#!/usr/bin/env bash set -o errexit -o nounset TOP_DIR=$(cd "$(dirname "$0")/.." && pwd) source "$TOP_DIR/config/paths" source "$CONFIG_DIR/credentials" source "$LIB_DIR/functions.guest.sh" source "$CONFIG_DIR/openstack" exec_logfile indicate_current_auto #------------------------------------------------------------------------------ # Networking Option 2: Self-service networks # http://docs.openstack.org/mitaka/install-guide-ubuntu/neutron-controller-install-option2.html #------------------------------------------------------------------------------ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Install the components # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - echo "Installing additional packages for self-service networks." sudo apt-get install -y \ neutron-server neutron-plugin-ml2 \ neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \ neutron-metadata-agent echo "Configuring neutron for controller node." function get_database_url { local db_user=$NEUTRON_DB_USER local database_host=controller echo "mysql+pymysql://$db_user:$NEUTRON_DBPASS@$database_host/neutron" } database_url=$(get_database_url) # Get neutron service info. neutron_admin_user=$(service_to_user_name neutron) # Get nova service info. nova_admin_user=$(service_to_user_name nova) echo "Setting database connection: $database_url." conf=/etc/neutron/neutron.conf # Configure [database] section. iniset_sudo $conf database connection "$database_url" # Configure [DEFAULT] section. iniset_sudo $conf DEFAULT core_plugin ml2 iniset_sudo $conf DEFAULT service_plugins router iniset_sudo $conf DEFAULT allow_overlapping_ips True iniset_sudo $conf DEFAULT rpc_backend rabbit # Configure [oslo_messaging_rabbit] section. iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASS" # Configuring [DEFAULT] section. iniset_sudo $conf DEFAULT auth_strategy keystone # Configuring [keystone_authtoken] section. iniset_sudo $conf keystone_authtoken auth_uri http://controller:5000 iniset_sudo $conf keystone_authtoken auth_url http://controller:35357 iniset_sudo $conf keystone_authtoken memcached_servers controller:11211 iniset_sudo $conf keystone_authtoken auth_type password iniset_sudo $conf keystone_authtoken project_domain_name default iniset_sudo $conf keystone_authtoken user_domain_name default iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME" iniset_sudo $conf keystone_authtoken username "$neutron_admin_user" iniset_sudo $conf keystone_authtoken password "$NEUTRON_PASS" # Configure nova related parameters iniset_sudo $conf DEFAULT notify_nova_on_port_status_changes True iniset_sudo $conf DEFAULT notify_nova_on_port_data_changes True iniset_sudo $conf DEFAULT nova_url http://controller:8774/v2 # Configure [nova] section. iniset_sudo $conf nova auth_url http://controller:35357 iniset_sudo $conf nova auth_type password iniset_sudo $conf nova project_domain_name default iniset_sudo $conf nova user_domain_name default iniset_sudo $conf nova region_name "$REGION" iniset_sudo $conf nova project_name "$SERVICE_PROJECT_NAME" iniset_sudo $conf nova username "$nova_admin_user" iniset_sudo $conf nova password "$NOVA_PASS" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Configure the Modular Layer 2 (ML2) plug-in # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - echo "Configuring the Modular Layer 2 (ML2) plug-in." conf=/etc/neutron/plugins/ml2/ml2_conf.ini # Edit the [ml2] section. iniset_sudo $conf ml2 type_drivers flat,vlan,vxlan iniset_sudo $conf ml2 tenant_network_types vxlan iniset_sudo $conf ml2 mechanism_drivers linuxbridge,l2population iniset_sudo $conf ml2 extension_drivers port_security # Edit the [ml2_type_flat] section. iniset_sudo $conf ml2_type_flat flat_networks provider iniset_sudo $conf ml2_type_vxlan vni_ranges 1:1000 # Edit the [securitygroup] section. iniset_sudo $conf securitygroup enable_ipset True # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Configure the Linux bridge agent # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - echo "Configuring Linux Bridge agent." conf=/etc/neutron/plugins/ml2/linuxbridge_agent.ini # Edit the [linux_bridge] section. set_iface_list PUBLIC_INTERFACE_NAME=$(ifnum_to_ifname 2) echo "PUBLIC_INTERFACE_NAME=$PUBLIC_INTERFACE_NAME" iniset_sudo $conf linux_bridge physical_interface_mappings provider:$PUBLIC_INTERFACE_NAME # Edit the [vxlan] section. OVERLAY_INTERFACE_IP_ADDRESS=$(get_node_ip_in_network "$(hostname)" "mgmt") iniset_sudo $conf vxlan enable_vxlan True iniset_sudo $conf vxlan local_ip $OVERLAY_INTERFACE_IP_ADDRESS iniset_sudo $conf vxlan l2_population True # Edit the [agent] section. iniset_sudo $conf agent prevent_arp_spoofing True # Edit the [securitygroup] section. iniset_sudo $conf securitygroup enable_security_group True iniset_sudo $conf securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Configure the layer-3 agent # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - echo "Configuring the layer-3 agent." conf=/etc/neutron/l3_agent.ini iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver # The external_network_bridge option intentionally lacks a value to enable # multiple external networks on a single agent. iniset_sudo $conf DEFAULT external_network_bridge "" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Configure the DHCP agent # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - echo "Configuring the DHCP agent." conf=/etc/neutron/dhcp_agent.ini iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver iniset_sudo $conf DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq iniset_sudo $conf DEFAULT enable_isolated_metadata True iniset_sudo $conf DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf cat << DNSMASQ | sudo tee /etc/neutron/dnsmasq-neutron.conf # Override --no-hosts dnsmasq option supplied by neutron addn-hosts=/etc/hosts # Log dnsmasq queries to syslog log-queries # Verbose logging for DHCP log-dhcp DNSMASQ