openstack
/
cookbook-openstack-network
Code Issues Proposed changes

initial commit of working cookbook-openstack-network 

Change-Id: Ib9fd63532becac6738db19f8de81885a5e04025a
This commit is contained in:
Alan Meadows 2013-06-20 17:07:59 -07:00
parent ee4275d2e5
commit e31a3c4eab
56 changed files with 3468 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.gitignore vendored Normal file
View File

@ -0,0 +1,10 @@
Berksfile.lock
validation.pem
metadata.json
*~
.bundle/
cookbooks/
.cookbooks
.vagrant
*.swp

8
Berksfile Normal file
View File

@ -0,0 +1,8 @@
site :opscode
cookbook 'openstack-network', :path => '.'
cookbook 'apt', :git => 'https://github.com/opscode-cookbooks/apt.git'
cookbook 'openstack-identity', :git => 'https://github.com/stackforge/cookbook-openstack-identity.git'
cookbook 'openstack-common', :git => 'https://github.com/att-cloud/cookbook-openstack-common.git'
cookbook 'database'
cookbook 'mysql'

11
Gemfile Normal file
View File

@ -0,0 +1,11 @@
# A sample Gemfile
source "https://rubygems.org"
gem "chef", "~> 11.4.4"
gem "json", "<= 1.7.7" # chef dependency
gem "berkshelf", "~> 1.4.5"
gem "chefspec", "~> 1.2.0"
gem "foodcritic"
gem "strainer"
gem "webmock", "~> 1.11.0"

203
Gemfile.lock Normal file
View File

@ -0,0 +1,203 @@
GEM
remote: https://rubygems.org/
specs:
activesupport (3.2.13)
i18n (= 0.6.1)
multi_json (~> 1.0)
addressable (2.3.4)
akami (1.2.0)
gyoku (>= 0.4.0)
nokogiri (>= 1.4.0)
berkshelf (1.4.6)
activesupport (>= 3.2.0)
addressable
celluloid (>= 0.14.0)
chozo (>= 0.6.1)
faraday (>= 0.8.5)
hashie (>= 2.0.2)
json (>= 1.5.0)
minitar
mixlib-config (~> 1.1)
mixlib-shellout (~> 1.1)
multi_json (~> 1.5)
retryable
ridley (~> 0.12.4)
solve (>= 0.4.2)
thor (~> 0.18.0)
yajl-ruby
builder (3.2.2)
celluloid (0.14.1)
timers (>= 1.0.0)
chef (11.4.4)
erubis
highline (>= 1.6.9)
json (>= 1.4.4, <= 1.7.7)
mixlib-authentication (>= 1.3.0)
mixlib-cli (~> 1.3.0)
mixlib-config (>= 1.1.2)
mixlib-log (>= 1.3.0)
mixlib-shellout
net-ssh (~> 2.6)
net-ssh-multi (~> 1.1.0)
ohai (>= 0.6.0)
rest-client (>= 1.0.4, < 1.7.0)
yajl-ruby (~> 1.1)
chefspec (1.2.0)
chef (>= 10.0)
erubis
fauxhai (>= 0.1.1, < 2.0)
minitest-chef-handler (>= 0.6.0)
rspec (~> 2.0)
chozo (0.6.1)
activesupport (>= 3.2.0)
hashie (>= 2.0.2)
multi_json (>= 1.3.0)
ci_reporter (1.8.4)
builder (>= 2.1.2)
crack (0.4.0)
safe_yaml (~> 0.9.0)
diff-lcs (1.2.4)
erubis (2.7.0)
faraday (0.8.7)
multipart-post (~> 1.1)
fauxhai (1.1.1)
httparty
net-ssh
ohai
ffi (1.9.0)
foodcritic (2.1.0)
erubis
gherkin (~> 2.11.7)
nokogiri (~> 1.5.4)
rak (~> 1.4)
treetop (~> 1.4.10)
yajl-ruby (~> 1.1.0)
gherkin (2.11.8)
multi_json (~> 1.3)
gssapi (1.0.3)
ffi (>= 1.0.1)
gyoku (1.0.0)
builder (>= 2.1.2)
hashie (2.0.5)
highline (1.6.19)
httparty (0.11.0)
multi_json (~> 1.0)
multi_xml (>= 0.5.2)
httpclient (2.2.0.2)
httpi (0.9.7)
rack
i18n (0.6.1)
ipaddress (0.8.0)
json (1.7.7)
little-plugger (1.1.3)
logging (1.6.2)
little-plugger (>= 1.1.3)
mime-types (1.23)
minitar (0.5.4)
minitest (4.7.4)
minitest-chef-handler (1.0.1)
chef
ci_reporter
minitest (~> 4.7.3)
mixlib-authentication (1.3.0)
mixlib-log
mixlib-cli (1.3.0)
mixlib-config (1.1.2)
mixlib-log (1.6.0)
mixlib-shellout (1.1.0)
multi_json (1.7.7)
multi_xml (0.5.4)
multipart-post (1.2.0)
net-http-persistent (2.8)
net-ssh (2.6.7)
net-ssh-gateway (1.2.0)
net-ssh (>= 2.6.5)
net-ssh-multi (1.1)
net-ssh (>= 2.1.4)
net-ssh-gateway (>= 0.99.0)
nokogiri (1.5.10)
nori (1.1.5)
ohai (6.16.0)
ipaddress
mixlib-cli
mixlib-config
mixlib-log
mixlib-shellout
systemu
yajl-ruby
polyglot (0.3.3)
rack (1.5.2)
rak (1.4)
rest-client (1.6.7)
mime-types (>= 1.16)
retryable (1.3.3)
ridley (0.12.4)
addressable
celluloid (~> 0.14.0)
chozo (>= 0.6.0)
erubis
faraday (>= 0.8.4)
hashie (>= 2.0.2)
mixlib-authentication (>= 1.3.0)
mixlib-config (>= 1.1.0)
mixlib-log (>= 1.3.0)
mixlib-shellout (>= 1.1.0)
net-http-persistent (>= 2.8)
net-ssh
retryable
solve (>= 0.4.4)
winrm (~> 1.1.0)
rspec (2.13.0)
rspec-core (~> 2.13.0)
rspec-expectations (~> 2.13.0)
rspec-mocks (~> 2.13.0)
rspec-core (2.13.1)
rspec-expectations (2.13.0)
diff-lcs (>= 1.1.3, < 2.0)
rspec-mocks (2.13.1)
rubyntlm (0.1.1)
safe_yaml (0.9.3)
savon (0.9.5)
akami (~> 1.0)
builder (>= 2.1.2)
gyoku (>= 0.4.0)
httpi (~> 0.9)
nokogiri (>= 1.4.0)
nori (~> 1.0)
wasabi (~> 1.0)
solve (0.5.0)
strainer (2.1.0)
berkshelf (~> 1.3)
systemu (2.5.2)
thor (0.18.1)
timers (1.1.0)
treetop (1.4.14)
polyglot
polyglot (>= 0.3.1)
uuidtools (2.1.4)
wasabi (1.0.0)
nokogiri (>= 1.4.0)
webmock (1.11.0)
addressable (>= 2.2.7)
crack (>= 0.3.2)
winrm (1.1.2)
gssapi (~> 1.0.0)
httpclient (~> 2.2.0.2)
logging (~> 1.6.1)
nokogiri (~> 1.5.0)
rubyntlm (~> 0.1.1)
savon (= 0.9.5)
uuidtools (~> 2.1.2)
yajl-ruby (1.1.0)
PLATFORMS
ruby
DEPENDENCIES
berkshelf (~> 1.4.5)
chef (~> 11.4.4)
chefspec (~> 1.2.0)
foodcritic
json (<= 1.7.7)
strainer
webmock (~> 1.11.0)

85
README.md
View File

@ -1,37 +1,93 @@
Description
===========
Installs the OpenStack Network service **Quantum** as part of the OpenStack reference deployment Chef for OpenStack. The http://github.com/mattray/chef-openstack-repo contains documentation for using this cookbook in the context of a full OpenStack deployment. Quantum is currently installed from packages.
This cookbook installs the **OpenStack Network** service (formerly project-named Quantum)
as part of a Chef reference deployment of OpenStack.
https://wiki.openstack.org/wiki/Quantum
Requirements
============
Cookbooks
---------
More information about the OpenStack Network service is available
[here](http://docs.openstack.org/trunk/openstack-network/admin/content/index.html)
Usage
=====
OpenStack Network's design is modular, with plugins available that handle L2 and
L3 networking for various hardware vendors and standards.
Requirements
============
* Chef 11.4.4 or higher required (for Chef environment use)
* [Network Addr](https://gist.github.com/jtimberman/1040543) Ohai plugin.
Platform
--------
* Ubuntu-12.04+
* Fedora-17+
Cookbooks
---------
The following cookbooks are dependencies:
* database
* identity
* mysql
* openstack-common `>= 2.0.0`
Recipes
=======
server
------
- Installs the openstack-network API server
dhcp\_agent
--------
- Installs the DHCP agent
l3\_agent
--------
- Installs the L3 agent and metadata agent
keystone-registration
---------------------
- Registers the OpenStack Network API endpoint and service user with Keystone
db
--
- Creates the OpenStack Network database
Attributes
==========
Testing
=====
TODO
This cookbook is using [ChefSpec](https://github.com/acrmp/chefspec) for testing. Run the following before commiting. It will run your tests, and check for lint errors.
Templates
=========
$ ./run_tests.bash
* `api-paste.ini.erb` - Paste config for OpenStack Network server
* `quantum.conf.erb` - Config file for OpenStack Network server
* `policy.json.erb` - Configuration of ACLs for glance API server
License and Author
==================
License and Author
==================
| | |
|:---------------------|:---------------------------------------------------|
| **Author** | Matt Ray (<matt@opscode.com>) |
| **Authors** | Alan Meadows (<alan.meadows@gmail.com>) |
| | Jay Pipes (<jaypipes@gmail.com>) |
| | |
| **Copyright** | Copyright (c) 2013, Opscode, Inc. |
| **Copyright** | Copyright (c) 2013, AT&T Services, Inc. |
| | Copyright (c) 2012, Rackspace US, Inc. |
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -44,3 +100,4 @@ distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and⋅
limitations under the License.

617
attributes/default.rb Normal file
View File

@ -0,0 +1,617 @@
#
# Cookbook Name:: openstack-network
# Attributes:: default
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Set to some text value if you want templated config files
# to contain a custom banner at the top of the written file
default["openstack"]["network"]["custom_template_banner"] = "
# This file autogenerated by Chef
# Do not edit, changes will be overwritten
"
default["openstack"]["network"]["verbose"] = "False"
default["openstack"]["network"]["debug"] = "False"
default["openstack"]["network"]["user"] = "quantum"
default["openstack"]["network"]["group"] = "quantum"
# Gets set in the Network Endpoint when registering with Keystone
default["openstack"]["network"]["region"] = "RegionOne"
# The name of the Chef role that knows about the message queue server
# that Quantum uses
default["openstack"]["network"]["rabbit_server_chef_role"] = "rabbitmq-server"
default["openstack"]["network"]["rabbit"]["username"] = "rabbit"
default["openstack"]["network"]["rabbit"]["vhost"] = "/nova"
default["openstack"]["network"]["db"]["username"] = "quantum"
# Used in the Keystone authtoken middleware configuration
default["openstack"]["network"]["service_tenant_name"] = "service"
default["openstack"]["network"]["service_user"] = "quantum"
# Keystone PKI signing directory.
default["openstack"]["network"]["api"]["auth"]["cache_dir"] = "/var/cache/quantum/api"
# If set, Quantum API service will bind to the address on this interface,
# otherwise it will bind to the API endpoint's host.
default["openstack"]["network"]["api"]["bind_interface"] = nil
# logging attribute
default["openstack"]["network"]["syslog"]["use"] = false
default["openstack"]["network"]["syslog"]["facility"] = "LOG_LOCAL2"
default["openstack"]["network"]["syslog"]["config_facility"] = "local2"
# the plugins to install on the server. this will be
# quantum-plugin-%plugin% and the first plugin in the
# list should match the core plugin below
default["openstack"]["network"]["plugins"] = ['openvswitch', 'openvswitch-agent' ]
# the core plugin to use for quantum
default["openstack"]["network"]["core_plugin"] = "quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2"
# The bridging interface driver.
#
# Options are:
#
# - quantum.agent.linux.interface.OVSInterfaceDriver
# - quantum.agent.linux.interface.BridgeInterfaceDriver
#
default["openstack"]["network"]["interface_driver"] = 'quantum.agent.linux.interface.OVSInterfaceDriver'
# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires
# no additional setup of the DHCP server.
default["openstack"]["network"]["dhcp_driver"] = 'quantum.agent.linux.dhcp.Dnsmasq'
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
default["openstack"]["network"]["use_namespaces"] = "True"
# ============================= DHCP Agent Configuration ===================
# Number of seconds between sync of DHCP agent with Quantum API server
default["openstack"]["network"]["dhcp"]["resync_interval"] = 5
# OVS based plugins(Ryu, NEC, NVP, BigSwitch/Floodlight) that use OVS
# as OpenFlow switch and check port status
default["openstack"]["network"]["dhcp"]["ovs_use_veth"] = "True"
# The DHCP server can assist with providing metadata support on isolated
# networks. Setting this value to True will cause the DHCP server to append
# specific host routes to the DHCP request. The metadata service will only
# be activated when the subnet gateway_ip is None. The guest instance must
# be configured to request host routes via DHCP (Option 121).
default["openstack"]["network"]["dhcp"]["enable_isolated_metadata"] = "False"
# Allows for serving metadata requests coming from a dedicated metadata
# access network whose cidr is 169.254.169.254/16 (or larger prefix), and
# is connected to a Quantum router from which the VMs send metadata
# request. In this case DHCP Option 121 will not be injected in VMs, as
# they will be able to reach 169.254.169.254 through a router.
# This option requires enable_isolated_metadata = True
default["openstack"]["network"]["dhcp"]["enable_metadata_network"] = "False"
# ============================= L3 Agent Configuration =====================
# If use_namespaces is set as False then the agent can only configure one router.
# This is done by setting the specific router_id.
default["openstack"]["network"]["l3"]["router_id"] = ""
# Each L3 agent can be associated with at most one external network. This
# value should be set to the UUID of that external network. If empty,
# the agent will enforce that only a single external networks exists and
# use that external network id
default["openstack"]["network"]["l3"]["gateway_external_network_id"] = ""
# Indicates that this L3 agent should also handle routers that do not have
# an external network gateway configured. This option should be True only
# for a single agent in a Quantum deployment, and may be False for all agents
# if all routers must have an external network gateway
default["openstack"]["network"]["l3"]["handle_internal_only_routers"] = "True"
# Name of bridge used for external network traffic. This should be set to
# empty value for the linux bridge
default["openstack"]["network"]["l3"]["external_network_bridge"] = "br-ex"
# Interface to use for external bridge.
default["openstack"]["network"]["l3"]["external_network_bridge_interface"] = "eth1"
# TCP Port used by Quantum metadata server
default["openstack"]["network"]["l3"]["metadata_port"] = 9697
# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0
# to disable this feature.
default["openstack"]["network"]["l3"]["send_arp_for_ha"] = 3
# seconds between re-sync routers' data if needed
default["openstack"]["network"]["l3"]["periodic_interval"] = 40
# seconds to start to sync routers' data after
# starting agent
default["openstack"]["network"]["l3"]["periodic_fuzzy_delay"] = 5
# ============================= Metadata Agent Configuration ===============
# The location of the Nova Metadata API service to proxy to.
default["openstack"]["network"]["metadata"]["nova_metadata_ip"] = "127.0.0.1"
# ============================= LBaaS Agent Configuration ==================
# Number of seconds between sync of LBaaS agent with Quantum API server
default["openstack"]["network"]["lbaas"]["periodic_interval"] = 10
# ============================= OVS Plugin Configuration ===================
# Type of network to allocate for tenant networks. The default value 'local' is
# useful only for single-box testing and provides no connectivity between hosts.
# You MUST either change this to 'vlan' and configure network_vlan_ranges below
# or change this to 'gre' and configure tunnel_id_ranges below in order for tenant
# networks to provide connectivity between hosts. Set to 'none' to disable creation
# of tenant networks.
default["openstack"]["network"]["openvswitch"]["tenant_network_type"] = 'local'
# Comma-separated list of <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating
# ranges of VLAN IDs on named physical networks that are available for allocation.
# All physical networks listed are available for flat and VLAN provider network
# creation. Specified ranges of VLAN IDs are available for tenant network
# allocation if tenant_network_type is 'vlan'. If empty, only gre and local
# networks may be created.
#
# Example: network_vlan_ranges = physnet1:1000:2999
default["openstack"]["network"]["openvswitch"]["network_vlan_ranges"] = ""
# Set to True in the server and the agents to enable support
# for GRE networks. Requires kernel support for OVS patch ports and
# GRE tunneling.
default["openstack"]["network"]["openvswitch"]["enable_tunneling"] = "False"
# Comma-separated list of <tun_min>:<tun_max> tuples
# enumerating ranges of GRE tunnel IDs that are available for tenant
# network allocation if tenant_network_type is 'gre'.
#
# Example: tunnel_id_ranges = 1:1000
default["openstack"]["network"]["openvswitch"]["tunnel_id_ranges"] = ""
# Do not change this parameter unless you have a good reason to.
# This is the name of the OVS integration bridge. There is one per hypervisor.
# The integration bridge acts as a virtual "patch bay". All VM VIFs are
# attached to this bridge and then "patched" according to their network
# connectivity.
default["openstack"]["network"]["openvswitch"]["integration_bridge"] = "br-int"
# Only used for the agent if tunnel_id_ranges (above) is not empty for
# the server. In most cases, the default value should be fine
default["openstack"]["network"]["openvswitch"]["tunnel_bridge"] = "br-tun"
# Peer patch port in integration bridge for tunnel bridge
default["openstack"]["network"]["openvswitch"]["int_peer_patch_port"] = "patch-tun"
# Peer patch port in tunnel bridge for integration bridge
default["openstack"]["network"]["openvswitch"]["tun_peer_patch_port"] = "patch-int"
# Uncomment this line for the agent if tunnel_id_ranges (above) is not
# empty for the server. Set local-ip to be the local IP address of
# this hypervisor
default["openstack"]["network"]["openvswitch"]["local_ip"] = ""
# Comma-separated list of <physical_network>:<bridge> tuples
# mapping physical network names to the agent's node-specific OVS
# bridge names to be used for flat and VLAN networks. The length of
# bridge names should be no more than 11. Each bridge must
# exist, and should have a physical network interface configured as a
# port. All physical networks listed in network_vlan_ranges on the
# server should have mappings to appropriate bridges on each agent.
#
# Example: bridge_mappings = physnet1:br-eth1
default["openstack"]["network"]["openvswitch"]["bridge_mappings"] = ""
# ============================= LinuxBridge Plugin Configuration ===========
# Type of network to allocate for tenant networks. The
# default value 'local' is useful only for single-box testing and
# provides no connectivity between hosts. You MUST change this to
# 'vlan' and configure network_vlan_ranges below in order for tenant
# networks to provide connectivity between hosts. Set to 'none' to
# disable creation of tenant networks.
default["openstack"]["network"]["linuxbridge"]["tenant_network_type"] = 'local'
# Comma-separated list of <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating
# ranges of VLAN IDs on named physical networks that are available for allocation.
# All physical networks listed are available for flat and VLAN provider network
# creation. Specified ranges of VLAN IDs are available for tenant network
# allocation if tenant_network_type is 'vlan'. If empty, only gre and local
# networks may be created.
#
# Example: network_vlan_ranges = physnet1:1000:2999
default["openstack"]["network"]["linuxbridge"]["network_vlan_ranges"] = ""
# (ListOpt) Comma-separated list of
# <physical_network>:<physical_interface> tuples mapping physical
# network names to the agent's node-specific physical network
# interfaces to be used for flat and VLAN networks. All physical
# networks listed in network_vlan_ranges on the server should have
# mappings to appropriate interfaces on each agent.
#
# Example: physical_interface_mappings = physnet1:eth1
default["openstack"]["network"]["linuxbridge"]["physical_interface_mappings"] = ""
# ============================= BigSwitch Plugin Configuration =============
# Not really sure what this is...
default["openstack"]["network"]["bigswitch"]["servers"] = "localhost:8080"
# ============================= Brocade Plugin Configuration ===============
# username = <mgmt admin username>
default["openstack"]["network"]["brocade"]["switch_username"] = "admin"
# password = <mgmt admin password>
default["openstack"]["network"]["brocade"]["switch_password"] = "admin"
# address = <switch mgmt ip address>
default["openstack"]["network"]["brocade"]["switch_address"] = "127.0.0.1"
# ostype = NOS
default["openstack"]["network"]["brocade"]["switch_ostype"] = "NOS"
# physical_interface = <physical network name>
#
# Example:
# physical_interface = physnet1
default["openstack"]["network"]["brocade"]["physical_interface"] = "physnet1"
# (ListOpt) Comma-separated list of
# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges
# of VLAN IDs on named physical networks that are available for
# allocation. All physical networks listed are available for flat and
# VLAN provider network creation.
#
# Default: network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999
default["openstack"]["network"]["brocade"]["network_vlan_ranges"] = ""
# (ListOpt) Comma-separated list of
# <physical_network>:<physical_interface> tuples mapping physical
# network names to the agent's node-specific physical network
# interfaces to be used for flat and VLAN networks. All physical
# networks listed in network_vlan_ranges on the server should have
# mappings to appropriate interfaces on each agent.
#
# Example: physical_interface_mappings = physnet1:eth1
default["openstack"]["network"]["brocade"]["physical_interface_mappings"] = ""
# ============================= Cisco Plugin Configuration =================
# The module and class name path for the nexus plugin
default["openstack"]["network"]["cisco"]["nexus_plugin"] = "quantum.plugins.cisco.nexus.cisco_nexus_plugin_v2.NexusPlugin"
# The module and class name path for the vswitch plugin
default["openstack"]["network"]["cisco"]["vswitch_plugin"] = "quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2"
# Start of the tenant VLAN range
default["openstack"]["network"]["cisco"]["vlan_start"] = 100
# End of the tenant VLAN range
default["openstack"]["network"]["cisco"]["vlan_end"] = 3000
# Prefix for tenant VLANs
default["openstack"]["network"]["cisco"]["vlan_name_prefix"] = "q-"
# Maximum number of ports
default["openstack"]["network"]["cisco"]["max_ports"] = 100
# Max number of port profiles
default["openstack"]["network"]["cisco"]["max_port_profiles"] = 65568
# Maximum number of networks
default["openstack"]["network"]["cisco"]["max_networks"] = 65568
# Module and class path for switch model
default["openstack"]["network"]["cisco"]["model_class"] = "quantum.plugins.cisco.models.virt_phy_sw_v2.VirtualPhysicalSwitchModelV2"
# Module and class path for VLAN network manager
default["openstack"]["network"]["cisco"]["manager_class"] = "quantum.plugins.cisco.segmentation.l2network_vlan_mgr_v2.L2NetworkVLANMgr"
# Module and class path for the Nexus driver
default["openstack"]["network"]["cisco"]["nexus_driver"] = "quantum.plugins.cisco.tests.unit.v2.nexus.fake_nexus_driver.CiscoNEXUSFakeDriver"
# For each Nexus switch, add a hash to the
# node["openstack"]["network"]["cisco"]["nexus_switches"] Hash,
# using the switch's IP address as the outer Hash key with each
# hash containing this information:
#
# - ssh_port=<ssh port>
# - username=<credential username>
# - password=<credential password>
# - hosts = [ (<hostname>,<port>), ... ]
#
# Example:
#
# node["openstack"]["network"]["cisco"]["nexus_switches"]["1.1.1.1"]["ssh_port"] = 22
# node["openstack"]["network"]["cisco"]["nexus_switches"]["1.1.1.1"]["username"] = "admin"
# node["openstack"]["network"]["cisco"]["nexus_switches"]["1.1.1.1"]["password"] = "mySecretPassword"
# node["openstack"]["network"]["cisco"]["nexus_switches"]["1.1.1.1"]["hosts"] = [ [ "compute1", "1/1" ],
# [ "compute2", "1/2" ]]
#
#
# will write the following to the Cisco plugin config INI file:
# [NEXUS_SWITCH:1.1.1.1]
# compute1=1/1
# compute2=1/2
# ssh_port=22
# username=admin
# password=mySecretPassword
#
default["openstack"]["network"]["cisco"]["nexus_switches"] = {}
# ============================= Hyper-V Plugin Configuration ===============
# Type of network to allocate for tenant networks. The
# default value 'local' is useful only for single-box testing and
# provides no connectivity between hosts. You MUST change this to
# 'vlan' and configure network_vlan_ranges below in order for tenant
# networks to provide connectivity between hosts. Set to 'none' to
# disable creation of tenant networks.
default["openstack"]["network"]["hyperv"]["tenant_network_type"] = 'local'
# Comma-separated list of <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating
# ranges of VLAN IDs on named physical networks that are available for allocation.
# All physical networks listed are available for flat and VLAN provider network
# creation. Specified ranges of VLAN IDs are available for tenant network
# allocation if tenant_network_type is 'vlan'. If empty, only gre and local
# networks may be created.
#
# Example: network_vlan_ranges = physnet1:1000:2999
default["openstack"]["network"]["hyperv"]["network_vlan_ranges"] = ""
# Agent's polling interval in seconds
default["openstack"]["network"]["hyperv"]["polling_interval"] = 2
# (ListOpt) Comma separated list of <physical_network>:<vswitch>
# where the physical networks can be expressed with wildcards,
# e.g.: ."*:external".
# The referred external virtual switches need to be already present on
# the Hyper-V server.
# If a given physical network name will not match any value in the list
# the plugin will look for a virtual switch with the same name.
#
# Default: physical_network_vswitch_mappings = *:external
# Example: physical_network_vswitch_mappings = net1:external1,net2:external2
default["openstack"]["network"]["hyperv"]["physical_network_vswitch_mappings"] = "*:external"
# (StrOpt) Private virtual switch name used for local networking.
#
# Default: local_network_vswitch = private
# Example: local_network_vswitch = custom_vswitch
default["openstack"]["network"]["hyperv"]["local_network_vswitch"] = "private"
# ============================= Metaplugin Plugin Configuration ============
## This is list of flavor:quantum_plugins
# extension method is used in the order of this list
default["openstack"]["network"]["metaplugin"]["plugin_list"] = "openvswitch:quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2,linuxbridge:quantum.plugins.linuxbridge.lb_quantum_plugin.LinuxBridgePluginV2"
default["openstack"]["network"]["metaplugin"]["l3_plugin_list"] = "openvswitch:quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2,linuxbridge:quantum.plugins.linuxbridge.lb_quantum_plugin.LinuxBridgePluginV2"
# Default "flavor" for L2 and L3
default["openstack"]["network"]["metaplugin"]["default_flavor"] = "openvswitch"
default["openstack"]["network"]["metaplugin"]["default_l3_flavor"] = "openvswitch"
# ============================= Midonet Plugin Configuration ===============
# MidoNet API server URI
default["openstack"]["network"]["midonet"]["midonet_uri"] = "http://localhost:8080/midonet-api"
# MidoNet admin username
default["openstack"]["network"]["midonet"]["username"] = "admin"
# MidoNet admin password
default["openstack"]["network"]["midonet"]["password"] = "passw0rd"
# ID of the project that MidoNet admin user belongs to
default["openstack"]["network"]["midonet"]["project_id"] = "77777777-7777-7777-7777-777777777777"
# Virtual provider router ID
default["openstack"]["network"]["midonet"]["provider_router_id"] = "00112233-0011-0011-0011-001122334455"
# Virtual metadata router ID
default["openstack"]["network"]["midonet"]["metadata_router_id"] = "ffeeddcc-ffee-ffee-ffee-ffeeddccbbaa"
# ============================= NEC Plugin Configuration ===================
# Do not change this parameter unless you have a good reason to.
# This is the name of the OVS integration bridge. There is one per hypervisor.
# The integration bridge acts as a virtual "patch port". All VM VIFs are
# attached to this bridge and then "patched" according to their network
# connectivity.
default["openstack"]["network"]["nec"]["integration_bridge"] = "br-int"
# Agent's polling interval in seconds
default["openstack"]["network"]["nec"]["polling_interval"] = 2
# Firewall driver for realizing quantum security group function
default["openstack"]["network"]["nec"]["firewall_driver"] = "quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver"
# Specify OpenFlow Controller Host, Port and Driver to connect.
default["openstack"]["network"]["nec"]["ofc_host"] = "127.0.0.1"
default["openstack"]["network"]["nec"]["ofc_port"] = 8888
# Drivers are in quantum/plugins/nec/drivers/ .
default["openstack"]["network"]["nec"]["ofc_driver"] = "trema"
# PacketFilter is available when it's enabled in this configuration
# and supported by the driver.
default["openstack"]["network"]["nec"]["ofc_enable_packet_filter"] = "true"
# ============================= Nicira Plugin Configuration ================
# User name for NVP controller
default["openstack"]["network"]["nicira"]["nvp_user"] = "admin"
# Password for NVP controller
default["openstack"]["network"]["nicira"]["nvp_password"] = "admin"
# Total time limit for a cluster request
# (including retries across different controllers)
default["openstack"]["network"]["nicira"]["req_timeout"] = 30
# Time before aborting a request on an unresponsive controller
default["openstack"]["network"]["nicira"]["http_timeout"] = 10
# Maximum number of times a particular request should be retried
default["openstack"]["network"]["nicira"]["retries"] = 2
# Maximum number of times a redirect response should be followed
default["openstack"]["network"]["nicira"]["redirects"] = 2
# Comma-separated list of NVP controller endpoints (<ip>:<port>). When port
# is omitted, 443 is assumed. This option MUST be specified, e.g.:
default["openstack"]["network"]["nicira"]["nvp_controllers"] = "xx.yy.zz.ww:443, aa.bb.cc.dd, ee.ff.gg.hh.ee:80"
# UUID of the pre-existing default NVP Transport zone to be used for creating
# tunneled isolated "Quantum" networks. This option MUST be specified, e.g.:
default["openstack"]["network"]["nicira"]["default_tz_uuid"] = "1e8e52cf-fa7f-46b0-a14a-f99835a9cb53"
# (Optional) UUID of the cluster in NVP. It can be retrieved from NVP management
# console "admin" section.
default["openstack"]["network"]["nicira"]["nvp_cluster_uuid"] = "615be8e4-82e9-4fd2-b4b3-fd141e51a5a7"
# (Optional) UUID for the default l3 gateway service to use with this cluster.
# To be specified if planning to use logical routers with external gateways.
default["openstack"]["network"]["nicira"]["default_l3_gw_service_uuid"] = ""
# (Optional) UUID for the default l2 gateway service to use with this cluster.
# To be specified for providing a predefined gateway tenant for connecting their networks.
default["openstack"]["network"]["nicira"]["default_l2_gw_service_uuid"] = ""
# Name of the default interface name to be used on network-gateway. This value
# will be used for any device associated with a network gateway for which an
# interface name was not specified
default["openstack"]["network"]["nicira"]["default_iface_name"] = "breth0"
# number of network gateways allowed per tenant, -1 means unlimited
default["openstack"]["network"]["nicira"]["quota_network_gateway"] = 5
# Maximum number of ports for each bridged logical switch
default["openstack"]["network"]["nicira"]["max_lp_per_bridged_ls"] = 64
# Maximum number of ports for each overlay (stt, gre) logical switch
default["openstack"]["network"]["nicira"]["max_lp_per_overlay_ls"] = 256
# Number of connects to each controller node.
default["openstack"]["network"]["nicira"]["concurrent_connections"] = 3
# Acceptable values for 'metadata_mode' are:
# - 'access_network': this enables a dedicated connection to the metadata
# proxy for metadata server access via Quantum router.
# - 'dhcp_host_route': this enables host route injection via the dhcp agent.
# This option is only useful if running on a host that does not support
# namespaces otherwise access_network should be used.
default["openstack"]["network"]["nicira"]["metadata_mode"] = "access_network"
# ============================= PLUMGrid Plugin Configuration ==============
# This line should be pointing to the NOS server,
# for the PLUMgrid platform. In other deployments,
# this is known as controller
default["openstack"]["network"]["plumgrid"]["nos_server"] = "127.0.0.1"
default["openstack"]["network"]["plumgrid"]["nos_server_port"] = "<nos-port>"
# Authentification parameters for the NOS server.
# These are the admin credentials to manage and control
# the NOS server.
default["openstack"]["network"]["plumgrid"]["username"] = "<nos-admin-username>"
default["openstack"]["network"]["plumgrid"]["password"] = "<nos-admin-password>"
default["openstack"]["network"]["plumgrid"]["servertimeout"] = 5
# Name of the network topology to be deployed by NOS
default["openstack"]["network"]["plumgrid"]["topologyname"] = "<nos-topology-name>"
# ============================= Ryu Plugin Configuration ===================
# Do not change this parameter unless you have a good reason to.
# This is the name of the OVS integration bridge. There is one per hypervisor.
# The integration bridge acts as a virtual "patch port". All VM VIFs are
# attached to this bridge and then "patched" according to their network
# connectivity.
default["openstack"]["network"]["ryu"]["integration_bridge"] = "br-int"
# openflow_rest_api = <host IP address of ofp rest api service>:<port: 8080>
default["openstack"]["network"]["ryu"]["openflow_rest_api"] = "127.0.0.1:8080"
# tunnel key range: 0 < tunnel_key_min < tunnel_key_max
# VLAN: 12bits, GRE, VXLAN: 24bits
default["openstack"]["network"]["ryu"]["tunnel_key_min"] = 1
default["openstack"]["network"]["ryu"]["tunnel_key_max"] = "0xffffff"
# tunnel_ip = <ip address for tunneling>
# tunnel_interface = interface for tunneling
# when tunnel_ip is NOT specified, ip address is read
# from this interface
default["openstack"]["network"]["ryu"]["tunnel_ip"] = ""
default["openstack"]["network"]["ryu"]["tunnel_interface"] = "eth0"
# ovsdb_port = port number on which ovsdb is listening
# ryu-agent uses this parameter to setup ovsdb.
# ovs-vsctl set-manager ptcp:<ovsdb_port>
# See set-manager section of man ovs-vsctl for details.
# currently ptcp is only supported.
# ovsdb_ip = <host IP address on which ovsdb is listening>
# ovsdb_interface = interface for ovsdb
# when ovsdb_addr NOT specifiied, ip address is gotten
# from this interface
default["openstack"]["network"]["ryu"]["ovsdb_port"] = 6634
default["openstack"]["network"]["ryu"]["ovsdb_ip"] = ""
default["openstack"]["network"]["ryu"]["ovsdb_interface"] = "eth0"
# Firewall driver for realizing quantum security group function
default["openstack"]["network"]["ryu"]["firewall_driver"] = "quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver"
# Agent's polling interval in seconds
default["openstack"]["network"]["ryu"]["polling_interval"] = 2
# platform-specific settings
case platform
when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this
default["openstack"]["network"]["platform"] = {
"mysql_python_packages" => [ "MySQL-python" ],
"nova_network_packages" => [ "openstack-nova-network" ],
"quantum_packages" => [ "openstack-quantum" ],
"quantum_dhcp_packages" => [ "openstack-quantum" ],
"quantum_l3_packages" => [ "quantum-l3-agent" ],
"quantum_plugin_package" => "openstack-quantum-%plugin%",
"quantum_server_service" => "quantum-server",
"quantum_dhcp_agent_service" => "quantum-dhcp-agent",
"quantum_l3_agent_service" => "quantum-l3-agent",
"package_overrides" => ""
}
when "ubuntu"
default["openstack"]["network"]["platform"] = {
"mysql_python_packages" => [ "python-mysqldb" ],
"nova_network_packages" => [ "nova-network" ],
"quantum_packages" => [ "quantum-server", "python-quantumclient", "python-pyparsing", "python-cliff" ],
"quantum_dhcp_packages" => [ "quantum-dhcp-agent" ],
"quantum_l3_packages" => [ "quantum-l3-agent" ],
"quantum_plugin_package" => "quantum-plugin-%plugin%",
"quantum_openvswitch_packages" => [ "openvswitch-switch", "openvswitch-datapath-dkms", "bridge-utils" ],
"quantum_openvswitch_service" => "openvswitch-switch",
"quantum_server_service" => "quantum-server",
"quantum_dhcp_agent_service" => "quantum-dhcp-agent",
"quantum_l3_agent_service" => "quantum-l3-agent",
"package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'"
}
end

14
files/default/etc/quantum/rootwrap.d/debug.filters Normal file
View File

@ -0,0 +1,14 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# This is needed because we should ping
# from inside a namespace which requires root
ping: RegExpFilter, /bin/ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
ping6: RegExpFilter, /bin/ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+

40
files/default/etc/quantum/rootwrap.d/dhcp.filters Normal file
View File

@ -0,0 +1,40 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# dhcp-agent
ip_exec_dnsmasq: DnsmasqNetnsFilter, /sbin/ip, root
dnsmasq: DnsmasqFilter, /sbin/dnsmasq, root
dnsmasq_usr: DnsmasqFilter, /usr/sbin/dnsmasq, root
# dhcp-agent uses kill as well, that's handled by the generic KillFilter
# it looks like these are the only signals needed, per
# quantum/agent/linux/dhcp.py
kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP
kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
# dhcp-agent uses cat
cat: RegExpFilter, /bin/cat, root, cat, /proc/\d+/cmdline
ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root
ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root
ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root
ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root
# metadata proxy
metadata_proxy: CommandFilter, /usr/bin/quantum-ns-metadata-proxy, root
# If installed from source (say, by devstack), the prefix will be
# /usr/local instead of /usr/bin.
metadata_proxy_local: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9
# ip_lib
ip: IpFilter, /sbin/ip, root
ip_usr: IpFilter, /usr/sbin/ip, root
ip_exec: IpNetnsExecFilter, /sbin/ip, root
ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root

21
files/default/etc/quantum/rootwrap.d/iptables-firewall.filters Normal file
View File

@ -0,0 +1,21 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# quantum/agent/linux/iptables_manager.py
# "iptables-save", ...
iptables-save: CommandFilter, /sbin/iptables-save, root
iptables-restore: CommandFilter, /sbin/iptables-restore, root
ip6tables-save: CommandFilter, /sbin/ip6tables-save, root
ip6tables-restore: CommandFilter, /sbin/ip6tables-restore, root
# quantum/agent/linux/iptables_manager.py
# "iptables", "-A", ...
iptables: CommandFilter, /sbin/iptables, root
ip6tables: CommandFilter, /sbin/ip6tables, root

43
files/default/etc/quantum/rootwrap.d/l3.filters Normal file
View File

@ -0,0 +1,43 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# arping
arping: CommandFilter, /usr/bin/arping, root
arping_sbin: CommandFilter, /sbin/arping, root
# l3_agent
sysctl: CommandFilter, /sbin/sysctl, root
route: CommandFilter, /sbin/route, root
# metadata proxy
metadata_proxy: CommandFilter, /usr/bin/quantum-ns-metadata-proxy, root
# If installed from source (say, by devstack), the prefix will be
# /usr/local instead of /usr/bin.
metadata_proxy_local: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9
# ip_lib
ip: IpFilter, /sbin/ip, root
ip_usr: IpFilter, /usr/sbin/ip, root
ip_exec: IpNetnsExecFilter, /sbin/ip, root
ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root
# ovs_lib (if OVSInterfaceDriver is used)
ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root
ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root
ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root
ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root
# iptables_manager
iptables-save: CommandFilter, /sbin/iptables-save, root
iptables-restore: CommandFilter, /sbin/iptables-restore, root
ip6tables-save: CommandFilter, /sbin/ip6tables-save, root
ip6tables-restore: CommandFilter, /sbin/ip6tables-restore, root

29
files/default/etc/quantum/rootwrap.d/lbaas-haproxy.filters Normal file
View File

@ -0,0 +1,29 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# haproxy
haproxy: CommandFilter, /usr/sbin/haproxy, root
# lbaas-agent uses kill as well, that's handled by the generic KillFilter
kill_haproxy_usr: KillFilter, root, /usr/sbin/haproxy, -9, -HUP
# lbaas-agent uses cat
cat: RegExpFilter, /bin/cat, root, cat, /proc/\d+/cmdline
ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root
ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root
ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root
ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root
# ip_lib
ip: IpFilter, /sbin/ip, root
ip_usr: IpFilter, /usr/sbin/ip, root
ip_exec: IpNetnsExecFilter, /sbin/ip, root
ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root

21
files/default/etc/quantum/rootwrap.d/linuxbridge-plugin.filters Normal file
View File

@ -0,0 +1,21 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# linuxbridge-agent
# unclear whether both variants are necessary, but I'm transliterating
# from the old mechanism
brctl: CommandFilter, /sbin/brctl, root
brctl_usr: CommandFilter, /usr/sbin/brctl, root
# ip_lib
ip: IpFilter, /sbin/ip, root
ip_usr: IpFilter, /usr/sbin/ip, root
ip_exec: IpNetnsExecFilter, /sbin/ip, root
ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root

15
files/default/etc/quantum/rootwrap.d/nec-plugin.filters Normal file
View File

@ -0,0 +1,15 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# nec_quantum_agent
ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root
ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root
ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root
ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root

29
files/default/etc/quantum/rootwrap.d/openvswitch-plugin.filters Normal file
View File

@ -0,0 +1,29 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# openvswitch-agent
# unclear whether both variants are necessary, but I'm transliterating
# from the old mechanism
ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root
ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root
ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root
ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root
ovs-ofctl: CommandFilter, /bin/ovs-ofctl, root
ovs-ofctl_usr: CommandFilter, /usr/bin/ovs-ofctl, root
ovs-ofctl_sbin: CommandFilter, /sbin/ovs-ofctl, root
ovs-ofctl_sbin_usr: CommandFilter, /usr/sbin/ovs-ofctl, root
xe: CommandFilter, /sbin/xe, root
xe_usr: CommandFilter, /usr/sbin/xe, root
# ip_lib
ip: IpFilter, /sbin/ip, root
ip_usr: IpFilter, /usr/sbin/ip, root
ip_exec: IpNetnsExecFilter, /sbin/ip, root
ip_exec_usr: IpNetnsExecFilter, /usr/sbin/ip, root

25
files/default/etc/quantum/rootwrap.d/ryu-plugin.filters Normal file
View File

@ -0,0 +1,25 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# ryu-agent
# unclear whether both variants are necessary, but I'm transliterating
# from the old mechanism
# quantum/plugins/ryu/agent/ryu_quantum_agent.py:
# "ovs-vsctl", "--timeout=2", ...
ovs-vsctl: CommandFilter, /bin/ovs-vsctl, root
ovs-vsctl_usr: CommandFilter, /usr/bin/ovs-vsctl, root
ovs-vsctl_sbin: CommandFilter, /sbin/ovs-vsctl, root
ovs-vsctl_sbin_usr: CommandFilter, /usr/sbin/ovs-vsctl, root
# quantum/plugins/ryu/agent/ryu_quantum_agent.py:
# "xe", "vif-param-get", ...
xe: CommandFilter, /bin/xe, root
xe_usr: CommandFilter, /usr/bin/xe, root

18
metadata.rb Normal file
View File

@ -0,0 +1,18 @@
name "openstack-network"
maintainer "Jay Pipes <jaypipes@gmail.com>"
license "Apache 2.0"
description "Installs and configures the OpenStack Network API Service and various agents and plugins"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version "7.0.0"
recipe "openstack-network::server", "Installs packages required for a OpenStack Network server"
recipe "openstack-network::db", "Creates the OpenStack Network database"
recipe "openstack-network::keystone_registration", "Registers OpenStack Network endpoints and service user with Keystone"
%w{ ubuntu fedora redhat centos }.each do |os|
supports os
end
depends "database"
depends "openstack-identity", "~> 7.0"
depends "mysql"
depends "openstack-common", "~> 0.2.0"

30
recipes/bigswitch.rb Normal file
View File

@ -0,0 +1,30 @@
#
# Cookbook Name:: openstack-network
# Recipe:: bigswitch
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template "/etc/quantum/plugins/bigswitch/restproxy.ini" do
source "plugins/bigswitch/restproxy.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
variables(
:sql_connection => sql_connection
)
notifies :restart, "service[quantum-server]", :immediately
end

30
recipes/brocade.rb Normal file
View File

@ -0,0 +1,30 @@
#
# Cookbook Name:: openstack-network
# Recipe:: brocade
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template "/etc/quantum/plugins/brocade/brocade.ini" do
source "plugins/brocade/brocade.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
variables(
:sql_connection => sql_connection
)
notifies :restart, "service[quantum-server]", :immediately
end

30
recipes/cisco.rb Normal file
View File

@ -0,0 +1,30 @@
#
# Cookbook Name:: openstack-network
# Recipe:: cisco
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template "/etc/quantum/plugins/cisco/cisco_plugins.ini" do
source "plugins/cisco/cisco_plugins.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
variables(
:sql_connection => sql_connection
)
notifies :restart, "service[quantum-server]", :immediately
end

32
recipes/db.rb Normal file
View File

@ -0,0 +1,32 @@
#
# Cookbook Name:: openstack-network
# Recipe:: db
#
# Copyright 2012, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This recipe should be placed in the run_list of the node that
# runs the database server that houses the Nova main database
class ::Chef::Recipe
include ::Openstack
end
db_pass = db_password "quantum"
db_create_with_user("network",
node["openstack"]["network"]["db"]["username"],
db_pass
)

68
recipes/dhcp_agent.rb Normal file
View File

@ -0,0 +1,68 @@
#
# Cookbook Name:: openstack-network
# Recipe:: dhcp_agent
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This will copy recursively all the files in
# /files/default/etc/quantum/rootwrap.d
remote_directory "/etc/quantum/rootwrap.d" do
files_owner node["openstack"]["network"]["user"]
files_group node["openstack"]["network"]["group"]
files_mode 00700
end
directory "/etc/quantum/plugins" do
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00700
end
platform_options["quantum_dhcp_packages"].each do |pkg|
package pkg do
action :install
end
end
service "quantum-dhcp-agent" do
service_name platform_options["quantum_dhcp_agent_service"]
supports :status => true, :restart => true
action :enable
end
# Some plugins have DHCP functionality, so we install the plugin
# Python package and include the plugin-specific recipe here...
main_plugin = node["openstack"]["network"]["interface_driver"].split('.').last.downcase
package platform_options["quantum_plugin_package"].gsub("%plugin%", main_plugin) do
action :install
end
include_recipe "openstack-network::#{main_plugin}"
execute "quantum-dhcp-setup --plugin #{main_plugin}" do
only_if { platform?(%w(fedora redhat centos)) } # :pragma-foodcritic: ~FC024 - won't fix this
end
template "/etc/quantum/dhcp_agent.ini" do
source "dhcp_agent.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
notifies :restart, "service[quantum-dhcp-agent]", :immediately
end

32
recipes/hyperv.rb Normal file
View File

@ -0,0 +1,32 @@
#
# Cookbook Name:: openstack-network
# Recipe:: hyperv
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#(alanmeadows) TODO
#FC033: Missing template: .cookbooks/openstack-network/recipes/hyperv.rb:20
#template "/etc/quantum/plugins/hyperv/hyperv_quantum_plugin.ini" do
# source "plugins/hyperv/hyperv_quantum__plugin.ini.erb"
# owner node["openstack"]["network"]["user"]
# group node["openstack"]["network"]["group"]
# mode 00644
# variables(
# :sql_connection => sql_connection
# )
#
# notifies :restart, "service[quantum-server]", :immediately
#end

87
recipes/keystone_registration.rb Normal file
View File

@ -0,0 +1,87 @@
#
# Cookbook Name:: openstack-network
# Recipe:: keystone_registration
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require "uri"
class ::Chef::Recipe
include ::Openstack
end
identity_admin_endpoint = endpoint "identity-admin"
bootstrap_token = secret "secrets", "keystone_bootstrap_token"
auth_uri = ::URI.decode identity_admin_endpoint.to_s
api_endpoint = endpoint "network-api"
service_pass = service_password "quantum"
service_tenant_name = node["openstack"]["network"]["service_tenant_name"]
service_user = node["openstack"]["network"]["service_user"]
service_role = node["openstack"]["network"]["service_role"]
keystone_register "Register Network API Service" do
auth_uri auth_uri
bootstrap_token bootstrap_token
service_name "quantum"
service_type "network"
service_description "OpenStack Network Service"
action :create_service
end
keystone_register "Register Network Endpoint" do
auth_uri auth_uri
bootstrap_token bootstrap_token
service_type "network"
endpoint_region node["openstack"]["network"]["region"]
endpoint_adminurl api_endpoint.to_s
endpoint_internalurl api_endpoint.to_s
endpoint_publicurl api_endpoint.to_s
action :create_endpoint
end
keystone_register "Register Service Tenant" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
tenant_description "Service Tenant"
action :create_tenant
end
keystone_register "Register #{service_user} User" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
user_name service_user
user_pass service_pass
action :create_user
end
keystone_register "Grant '#{service_role}' Role to #{service_user} User for #{service_tenant_name} Tenant" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name service_tenant_name
user_name service_user
role_name service_role
action :grant_role
end

84
recipes/l3_agent.rb Normal file
View File

@ -0,0 +1,84 @@
#
# Cookbook Name:: openstack-network
# Recipe:: l3_agent
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Some plugins have L3 functionality, so we install the plugin
# Python package and include the plugin-specific recipe here...
main_plugin = node["openstack"]["network"]["interface_driver"].split('.').last.downcase
# This will copy recursively all the files in
# /files/default/etc/quantum/rootwrap.d
remote_directory "/etc/quantum/rootwrap.d" do
files_owner node["openstack"]["network"]["user"]
files_group node["openstack"]["network"]["group"]
files_mode 00700
end
directory "/etc/quantum/plugins" do
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00700
end
platform_options["quantum_l3_packages"].each do |pkg|
package pkg do
action :install
# The providers below do not use the generic L3 agent...
not_if { ["nicira", "plumgrid", "bigswitch"].include?(main_plugin)
end
end
service "quantum-l3-agent" do
service_name platform_options["quantum_l3_agent_service"]
supports :status => true, :restart => true
action :enable
end
package platform_options["quantum_plugin_package"].gsub("%plugin%", main_plugin) do
action :install
end
include_recipe "openstack-network::#{main_plugin}"
execute "quantum-l3-setup --plugin #{main_plugin}" do
only_if {
platform?(%w(fedora redhat centos)) and not # :pragma-foodcritic: ~FC024 - won't fix this
["nicira", "plumgrid", "bigswitch"].include?(main_plugin)
}
end
template "/etc/quantum/l3_agent.ini" do
source "l3_agent.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
notifies :restart, "service[quantum-l3-agent]", :immediately
end
if not ["nicira", "plumgrid", "bigswitch"].include?(main_plugin) do
# See http://docs.openstack.org/trunk/openstack-network/admin/content/install_quantum-l3.html
ext_bridge = node["openstack"]["network"]["l3"]["external_network_bridge"]
ext_bridge_iface = node["openstack"]["network"]["l3"]["external_network_bridge_interface"]
execute "create external network bridge" do
command "ovs-vsctl add-br #{ext_bridge} && ovs-vsctl add-port #{ext_bridge} #{ext_bridge_iface}"
action :run
not_if "ovs-vsctl show | grep 'Bridge #{ext_bridge}'"
end
end

30
recipes/linuxbridge.rb Normal file
View File

@ -0,0 +1,30 @@
#
# Cookbook Name:: openstack-network
# Recipe:: linuxbridge
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template "/etc/quantum/plugins/linuxbridge/linuxbridge_conf.ini" do
source "plugins/linuxbridge/linuxbridge_conf.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
variables(
:sql_connection => sql_connection
)
notifies :restart, "service[quantum-server]", :immediately
end

32
recipes/metaplugin.rb Normal file
View File

@ -0,0 +1,32 @@
#
# Cookbook Name:: openstack-network
# Recipe:: metaplugin
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (alanmeadows): TODO
# FC033: Missing template: .cookbooks/openstack-network/recipes/metaplugin.rb:20
# template "/etc/quantum/plugins/metaplugin/metaplugin_plugins.ini" do
# source "plugins/metaplugin/metaplugin_plugins.ini.erb"
# owner node["openstack"]["network"]["user"]
# group node["openstack"]["network"]["group"]
# mode 00644
# variables(
# :sql_connection => sql_connection
# )
#
# notifies :restart, "service[quantum-server]", :immediately
# end

30
recipes/midonet.rb Normal file
View File

@ -0,0 +1,30 @@
#
# Cookbook Name:: openstack-network
# Recipe:: midonet
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template "/etc/quantum/plugins/midonet/midonet.ini" do
source "plugins/midonet/midonet.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
variables(
:sql_connection => sql_connection
)
notifies :restart, "service[quantum-server]", :immediately
end

30
recipes/nec.rb Normal file
View File

@ -0,0 +1,30 @@
#
# Cookbook Name:: openstack-network
# Recipe:: nec
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template "/etc/quantum/plugins/nec/nec.ini" do
source "plugins/nec/nec.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
variables(
:sql_connection => sql_connection
)
notifies :restart, "service[quantum-server]", :immediately
end

30
recipes/nicira.rb Normal file
View File

@ -0,0 +1,30 @@
#
# Cookbook Name:: openstack-network
# Recipe:: nicira
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template "/etc/quantum/plugins/nicira/nvp.ini" do
source "plugins/nicira/nvp.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
variables(
:sql_connection => sql_connection
)
notifies :restart, "service[quantum-server]", :immediately
end

53
recipes/openvswitch.rb Normal file
View File

@ -0,0 +1,53 @@
#
# Cookbook Name:: openstack-network
# Recipe:: opensvswitch
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# discover database attributes
db_user = node["openstack"]["network"]["db"]["username"]
db_pass = db_password "quantum"
sql_connection = db_uri("network", db_user, db_pass)
platform_options = node["openstack"]["network"]["platform"]
platform_options["quantum_openvswitch_packages"].each do |pkg|
package pkg do
action :install
end
end
service "quantum-openvswitch-switch" do
service_name platform_options["quantum_openvswitch_service"]
supports :status => true, :restart => true
action :enable
end
execute "quantum-node-setup --plugin openvswitch" do
only_if { platform?(%w(fedora redhat centos)) } # :pragma-foodcritic: ~FC024 - won't fix this
end
template "/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini" do
source "plugins/openvswitch/ovs_quantum_plugin.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
variables(
:sql_connection => sql_connection
)
notifies :restart, "service[quantum-server]", :immediately
end

30
recipes/plumgrid.rb Normal file
View File

@ -0,0 +1,30 @@
#
# Cookbook Name:: openstack-network
# Recipe:: plumgrid
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template "/etc/quantum/plugins/plumgrid/plumgrid.ini" do
source "plugins/plumgrid/plumgrid.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
variables(
:sql_connection => sql_connection
)
notifies :restart, "service[quantum-server]", :immediately
end

30
recipes/ryu.rb Normal file
View File

@ -0,0 +1,30 @@
#
# Cookbook Name:: openstack-network
# Recipe:: ryu
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
template "/etc/quantum/plugins/ryu/ryu.ini" do
source "plugins/ryu/ryu.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
variables(
:sql_connection => sql_connection
)
notifies :restart, "service[quantum-server]", :immediately
end

204
recipes/server.rb Normal file
View File

@ -0,0 +1,204 @@
#
# Cookbook Name:: openstack-network
# Recipe:: server
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require "uri"
class ::Chef::Recipe
include ::Openstack
end
main_plugin = node["openstack"]["network"]["plugins"].first.downcase
core_plugin = node["openstack"]["network"]["core_plugin"]
if node["openstack"]["network"]["syslog"]["use"]
include_recipe "openstack-common::logging"
end
platform_options = node["openstack"]["network"]["platform"]
platform_options["nova_network_packages"].each do |pkg|
package pkg do
action :purge
end
end
platform_options["mysql_python_packages"].each do |pkg|
package pkg do
action :install
end
end
platform_options["quantum_packages"].each do |pkg|
package pkg do
action :install
end
end
platform_options["quantum_l3_packages"].each do |pkg|
package pkg do
action :install
end
end
platform_options["quantum_dhcp_packages"].each do |pkg|
package pkg do
action :install
end
end
service "quantum-server" do
service_name platform_options["quantum_server_service"]
supports :status => true, :restart => true
action :enable
end
service "quantum-l3-agent" do
service_name platform_options["quantum_l3_agent_service"]
supports :status => true, :restart => true
# The providers below do not use the generic L3 agent...
not_if { ["nicira", "plumgrid", "bigswitch"].include?(main_plugin) }
action :enable
end
service "quantum-dhcp-agent" do
service_name platform_options["quantum_dhcp_agent_service"]
supports :status => true, :restart => true
action :enable
end
service "quantum-metadata-agent" do
service_name platform_options["quantum_metadata_agent_service"]
supports :status => true, :restart => true
action :enable
end
# This will copy recursively all the files in
# /files/default/etc/quantum/rootwrap.d
remote_directory "/etc/quantum/rootwrap.d" do
files_owner node["openstack"]["network"]["user"]
files_group node["openstack"]["network"]["group"]
files_mode 00700
end
directory "/etc/quantum/plugins" do
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00700
end
directory ::File.dirname node["openstack"]["network"]["api"]["auth"]["cache_dir"] do
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00700
only_if { node["openstack"]["auth"]["strategy"] == "pki" }
end
template "/etc/quantum/policy.json" do
source "policy.json.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
notifies :restart, "service[quantum-server]", :immediately
end
rabbit_server_role = node["openstack"]["network"]["rabbit_server_chef_role"]
rabbit_info = config_by_role rabbit_server_role, "queue"
rabbit_user = node["openstack"]["network"]["rabbit"]["username"]
rabbit_vhost = node["openstack"]["network"]["rabbit"]["vhost"]
rabbit_pass = user_password "rabbit"
identity_endpoint = endpoint "identity-api"
auth_uri = ::URI.decode identity_endpoint.to_s
db_user = node["openstack"]["network"]["db"]["username"]
db_pass = db_password "quantum"
sql_connection = db_uri("network", db_user, db_pass)
api_endpoint = endpoint "network-api"
service_pass = service_password "quantum"
service_tenant_name = node["openstack"]["network"]["service_tenant_name"]
service_user = node["openstack"]["network"]["service_user"]
if node["openstack"]["network"]["api"]["bind_interface"].nil?
bind_address = api_endpoint.host
else
bind_address = node["network"]["ipaddress_#{node["openstack"]["network"]["api"]["bind_interface"]}"]
end
# Here is where we set up the appropriate plugin INI files
# for the L2 and L3 drivers...
# Install the plugin's Python package
node["openstack"]["network"]["plugins"].each do |pkg|
plugin_fmt = platform_options["quantum_plugin_package"]
pkg = plugin_fmt.gsub("%plugin%", pkg)
package pkg do
action :install
end
end
begin
include_recipe "openstack-network::#{main_plugin}"
rescue Chef::Exceptions::RecipeNotFound
Chef::Log.warn "Could not find recipe openstack-network::#{main_plugin} for inclusion"
end
template "/etc/quantum/quantum.conf" do
source "quantum.conf.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
variables(
:bind_address => bind_address,
:bind_port => api_endpoint.port,
:rabbit_ipaddress => rabbit_info["host"],
:rabbit_user => rabbit_user,
:rabbit_password => rabbit_pass,
:rabbit_port => rabbit_info["port"],
:rabbit_virtual_host => rabbit_vhost,
:core_plugin => core_plugin
)
notifies :restart, "service[quantum-server]", :immediately
end
template "/etc/quantum/api-paste.ini" do
source "api-paste.ini.erb"
owner node["openstack"]["network"]["user"]
group node["openstack"]["network"]["group"]
mode 00644
variables(
"identity_endpoint" => identity_endpoint,
"service_pass" => service_pass
)
notifies :restart, "service[quantum-server]", :immediately
end
directory "/var/cache/quantum" do
owner "quantum"
group "quantum"
mode 00700
end

23
run_tests.bash Executable file
View File

@ -0,0 +1,23 @@
#!/usr/bin/env bash
# A script to run tests locally before committing.
set -e
COOKBOOK=$(awk '/^name/ {print $NF}' metadata.rb |tr -d \"\')
if [ -z $COOKBOOK ]; then
echo "Cookbook name not defined in metadata.rb"
    exit 1
fi
BUNDLE_PATH=${BUNDLE_PATH:-.bundle}
BERKSHELF_PATH=${BERKSHELF_PATH:-.cookbooks}
echo "Using bundle path: $BUNDLE_PATH"
echo "Using berkshelf path: $BERKSHELF_PATH"
bundle install --path=${BUNDLE_PATH}
bundle exec berks install --path=${BERKSHELF_PATH}
bundle exec rspec ${BERKSHELF_PATH}/${COOKBOOK}
bundle exec foodcritic -f any -t ~FC003 -t ~FC023 ${BERKSHELF_PATH}/${COOKBOOK}

30
spec/server_spec.rb Normal file
View File

@ -0,0 +1,30 @@
require_relative 'spec_helper'
describe 'openstack-network::server' do
#-------------------
# UBUNTU
#-------------------
describe "ubuntu" do
before do
quantum_stubs
@chef_run = ::ChefSpec::ChefRunner.new ::UBUNTU_OPTS
@node = @chef_run.node
@node.set['lsb']['code'] = 'precise'
@node.set['openstack']['developer_mode'] = true
# mock out an interface on the storage node
@node.set["network"] = MOCK_NODE_NETWORK_DATA['network']
@chef_run.converge "openstack-network::server"
end
it "installs quamtum packages" do
expect(@chef_run).to install_package "quantum-server"
end
end
end

56
spec/spec_helper.rb Normal file
View File

@ -0,0 +1,56 @@
require "chefspec"
::LOG_LEVEL = :fatal
::REDHAT_OPTS = {
:platform => "redhat",
:log_level => ::LOG_LEVEL
}
::UBUNTU_OPTS = {
:platform => "ubuntu",
:version => "12.04",
:log_level => ::LOG_LEVEL
}
MOCK_NODE_NETWORK_DATA =
{
"ipaddress" => '10.0.0.2',
"fqdn" => 'localhost.localdomain',
"hostname" => 'localhost',
"network" => {
"default_interface" => "eth0",
"interfaces" => {
"eth0" => {
"addresses" => {
"fe80::a00:27ff:feca:ab08" => {"scope" => "Link", "prefixlen" => "64", "family" => "inet6"},
"10.0.0.2" => {"netmask" => "255.255.255.0", "broadcast" => "10.0.0.255", "family" => "inet"},
"08:00:27:CA:AB:08" => {"family" => "lladdr"}
},
},
"lo" => {
"addresses" => {
"::1" => {"scope" => "Node", "prefixlen" => "128", "family" => "inet6"},
"127.0.0.1" => {"netmask" => "255.0.0.0", "family" => "inet"}
},
},
},
}
}
def quantum_stubs
::Chef::Recipe.any_instance.stub(:config_by_role).
with("rabbitmq-server", "queue").and_return(
{'host' => 'rabbit-host', 'port' => 'rabbit-port'}
)
::Chef::Recipe.any_instance.stub(:config_by_role).
with("glance-api", "glance").and_return []
::Chef::Recipe.any_instance.stub(:secret).
with("secrets", "openstack_identity_bootstrap_token").
and_return "bootstrap-token"
::Chef::Recipe.any_instance.stub(:db_password).and_return String.new
::Chef::Recipe.any_instance.stub(:user_password).and_return String.new
::Chef::Recipe.any_instance.stub(:service_password).and_return String.new
::Chef::Recipe.any_instance.stub(:service_password).with("quantum").
and_return "quantum-pass"
end

34
templates/default/api-paste.ini.erb Normal file
View File

@ -0,0 +1,34 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[composite:quantum]
use = egg:Paste#urlmap
/: quantumversions
/v2.0: quantumapi_v2_0
[composite:quantumapi_v2_0]
use = call:quantum.auth:pipeline_factory
noauth = extensions quantumapiapp_v2_0
keystone = authtoken keystonecontext extensions quantumapiapp_v2_0
[filter:keystonecontext]
paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory
[filter:extensions]
paste.filter_factory = quantum.api.extensions:plugin_aware_extension_middleware_factory
[app:quantumversions]
paste.app_factory = quantum.api.versions:Versions.factory
[app:quantumapiapp_v2_0]
paste.app_factory = quantum.api.v2.router:APIRouter.factory
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = <%= @identity_endpoint.host %>
auth_port = <%= @identity_endpoint.port %>
auth_protocol = <%= @identity_endpoint.scheme %>
admin_tenant_name = <%= node["openstack"]["network"]["service_tenant_name"] %>
admin_user = <%= node["openstack"]["network"]["service_user"] %>
admin_password = <%= @service_pass %>
delay_auth_decision = true
signing_dir = <%= node["openstack"]["network"]["api"]["auth"]["cache_dir"] %>

46
templates/default/dhcp_agent.ini.erb Normal file
View File

@ -0,0 +1,46 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
debug = <%= node["openstack"]["network"]["debug"] %>
# The DHCP agent will resync its state with Quantum to recover from any
# transient notification or rpc errors. The interval is number of
# seconds between attempts.
resync_interval = <%= node["openstack"]["network"]["dhcp"]["resync_interval"] %>
# The DHCP requires that an inteface driver be set. Choose the one that best
# matches your plugin.
# OVS based plugins (OVS, Ryu, NEC, NVP, BigSwitch/Floodlight)
# interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
# LinuxBridge
#interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
interface_driver = <%= node["openstack"]["network"]["interface_driver"] %>
# OVS based plugins(Ryu, NEC, NVP, BigSwitch/Floodlight) that use OVS
# as OpenFlow switch and check port status
ovs_use_veth = <%= node["openstack"]["network"]["dhcp"]["ovs_use_veth"] %>
# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires
# no additional setup of the DHCP server.
dhcp_driver = <%= node["openstack"]["network"]["dhcp_driver"] %>
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
use_namespaces = <%= node["openstack"]["network"]["use_namespaces"] %>
# The DHCP server can assist with providing metadata support on isolated
# networks. Setting this value to True will cause the DHCP server to append
# specific host routes to the DHCP request. The metadata service will only
# be activated when the subnet gateway_ip is None. The guest instance must
# be configured to request host routes via DHCP (Option 121).
enable_isolated_metadata = <%= node["openstack"]["network"]["dhcp"]["enable_isolated_metadata"] %>
# Allows for serving metadata requests coming from a dedicated metadata
# access network whose cidr is 169.254.169.254/16 (or larger prefix), and
# is connected to a Quantum router from which the VMs send metadata
# request. In this case DHCP Option 121 will not be injected in VMs, as
# they will be able to reach 169.254.169.254 through a router.
# This option requires enable_isolated_metadata = True
enable_metadata_network = <%= node["openstack"]["network"]["dhcp"]["enable_metadata_network"] %>

52
templates/default/l3_agent.ini.erb Normal file
View File

@ -0,0 +1,52 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
debug = <%= node["openstack"]["network"]["debug"] %>
# L3 requires that an interface driver be set. Choose the one that best
# matches your plugin.
# OVS based plugins (OVS, Ryu, NEC, NVP, BigSwitch/Floodlight)
# interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
# LinuxBridge
#interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
interface_driver = <%= node["openstack"]["network"]["interface_driver"] %>
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
use_namespaces = <%= node["openstack"]["network"]["use_namespaces"] %>
# If use_namespaces is set as False then the agent can only configure one router.
# This is done by setting the specific router_id.
router_id = <%= node["openstack"]["network"]["l3"]["router_id"] %>
# Each L3 agent can be associated with at most one external network. This
# value should be set to the UUID of that external network. If empty,
# the agent will enforce that only a single external networks exists and
# use that external network id
# gateway_external_network_id = <%= node["openstack"]["network"]["l3"]["gateway_external_network_id"] %>
# Indicates that this L3 agent should also handle routers that do not have
# an external network gateway configured. This option should be True only
# for a single agent in a Quantum deployment, and may be False for all agents
# if all routers must have an external network gateway
handle_internal_only_routers = <%= node["openstack"]["network"]["l3"]["handle_internal_only_routers"] %>
# Name of bridge used for external network traffic. This should be set to
# empty value for the linux bridge
external_network_bridge = <%= node["openstack"]["network"]["l3"]["external_network_bridge"] %>
# TCP Port used by Quantum metadata server
metadata_port = <%= node["openstack"]["network"]["l3"]["metadata_port"] %>
# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0
# to disable this feature.
send_arp_for_ha = <%= node["openstack"]["network"]["l3"]["send_arp_for_ha"] %>
# seconds between re-sync routers' data if needed
periodic_interval = <%= node["openstack"]["network"]["l3"]["periodic_interval"] %>
# seconds to start to sync routers' data after
# starting agent
periodic_fuzzy_delay = <%= node["openstack"]["network"]["l3"]["periodic_fuzz_delay"] %>

29
templates/default/lbaas_agent.ini.erb Normal file
View File

@ -0,0 +1,29 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
debug = <%= node["openstack"]["network"]["debug"] %>
# The LBaaS agent will resync its state with Quantum to recover from any
# transient notification or rpc errors. The interval is number of
# seconds between attempts.
periodic_interval = <%= node["openstack"]["network"]["lbaas"]["periodic_interval"] %>
# OVS based plugins(OVS, Ryu, NEC, NVP, BigSwitch/Floodlight)
interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
# OVS based plugins(Ryu, NEC, NVP, BigSwitch/Floodlight) that use OVS
# as OpenFlow switch and check port status
# ovs_use_veth = True
# LinuxBridge
# interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
# The agent requires a driver to manage the loadbalancer. HAProxy is the
# opensource version.
device_driver = quantum.plugins.services.agent_loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
# use_namespaces = True
# The user group
# user_group = nogroup

25
templates/default/metadata_agent.ini.erb Normal file
View File

@ -0,0 +1,25 @@
B
bsbrbÂode["openstack"]["network"]["custom_template_banner"] %>
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
debug = <%= node["openstack"]["network"]["debug"] %>
# The Quantum user information for accessing the Quantum API.
auth_url = http://localhost:35357/v2.0
auth_region = RegionOne
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
# IP address used by Nova metadata server
nova_metadata_ip = <%= node["openstack"]["network"]["metadata"]["nova_metadata_ip"] %>
# TCP Port used by Nova metadata server
# nova_metadata_port = 8775
# When proxying metadata requests, Quantum signs the Instance-ID header with a
# shared secret to prevent spoofing. You may select any string for a secret,
# but it must match here and in the configuration used by the Nova Metadata
# Server. NOTE: Nova uses a different key: quantum_metadata_proxy_shared_secret
# metadata_proxy_shared_secret =

39
templates/default/plugins/bigswitch/restproxy.ini.erb Normal file
View File

@ -0,0 +1,39 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DATABASE]
# This line MUST be changed to actually run the plugin.
# Example:
# sql_connection = mysql://root:pass@127.0.0.1:3306/restproxy_quantum
# Replace 127.0.0.1 above with the IP address of the database used by the
# main quantum server. (Leave it as is if the database runs on this host.)
sql_connection = <%= @sql_connection %>
# Database reconnection retry times - in event connectivity is lost
# set to -1 implies an infinite retry count
# sql_max_retries = 10
# Database reconnection interval in seconds - if the initial connection to the
# database fails
reconnect_interval = 2
# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size,
# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled.
# sql_dbpool_enable = False
# Minimum number of SQL connections to keep open in a pool
# sql_min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# sql_max_pool_size = 5
# Timeout in seconds before idle sql connections are reaped
# sql_idle_timeout = 3600
[RESTPROXY]
# All configuration for this plugin is in section '[restproxy]'
#
# The following parameters are supported:
# servers : <host:port>[,<host:port>]* (Error if not set)
# server_auth : <username:password> (default: no auth)
# server_ssl : True | False (default: False)
# sync_data : True | False (default: False)
# server_timeout : 10 (default: 10 seconds)
#
servers = <%= node["openstack"]["network"]["bigswitch"]["servers"] %>
#server_auth=username:password
#server_ssl=True
#sync_data=True
#server_timeout=10

57
templates/default/plugins/brocade/brocade.ini.erb Normal file
View File

@ -0,0 +1,57 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[SWITCH]
# username = <mgmt admin username>
username = <%= node["openstack"]["network"]["brocade"]["switch_username"] %>
# password = <mgmt admin password>
password = <%= node["openstack"]["network"]["brocade"]["switch_password"] %>
# address = <switch mgmt ip address>
address = <%= node["openstack"]["network"]["brocade"]["switch_address"] %>
# ostype = NOS
ostype = <%= node["openstack"]["network"]["brocade"]["switch_ostype"] %>
# Example:
# username = admin
# password = password
# address = 10.24.84.38
# ostype = NOS
[DATABASE]
# sql_connection = sqlite://
# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size,
# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled.
# sql_dbpool_enable = False
# Minimum number of SQL connections to keep open in a pool
# sql_min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# sql_max_pool_size = 5
# Timeout in seconds before idle sql connections are reaped
# sql_idle_timeout = 3600
#
# Example:
# sql_connection = mysql://root:pass@localhost/brcd_quantum?charset=utf8
sql_connection = <%= @sql_connection %>
[PHYSICAL_INTERFACE]
# physical_interface = <physical network name>
#
# Example:
# physical_interface = physnet1
physical_interface = <%= node["openstack"]["network"]["brocade"]["physical_interface"] %>
[VLANS]
# network_vlan_ranges = <physical network name>:nnnn:mmmm
#
# Example:
# network_vlan_ranges = physnet1:1000:2999
network_vlan_ranges = <%= node["openstack"]["network"]["brocade"]["network_vlan_ranges"] %>
[AGENT]
# Example:
# root_helper = sudo /usr/local/bin/quantum-rootwrap /etc/quantum/rootwrap.conf
[LINUX_BRIDGE]
# physical_interface_mappings = <physical network name>:<local interface>
#
# Example:
# physical_interface_mappings = physnet1:em1
physical_interface_mappings = <%= node["openstack"]["network"]["brocade"]["physical_interface_mappings"] %>

36
templates/default/plugins/cisco/cisco_plugins.ini.erb Normal file
View File

@ -0,0 +1,36 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[CISCO_PLUGINS]
nexus_plugin = <%= node["openstack"]["network"]["cisco"]["nexus_plugin"] %>
vswitch_plugin = <%= node["openstack"]["network"]["cisco"]["vswitch_plugin"] %>
[CISCO]
vlan_start = <%= node["openstack"]["network"]["cisco"]["vlan_start"] %>
vlan_end = <%= node["openstack"]["network"]["cisco"]["vlan_end"] %>
vlan_name_prefix = <%= node["openstack"]["network"]["cisco"]["vlan_name_prefix"] %>
max_ports = <%= node["openstack"]["network"]["cisco"]["max_ports"] %>
max_port_profiles = <%= node["openstack"]["network"]["cisco"]["max_port_profiles"] %>
max_networks = <%= node["openstack"]["network"]["cisco"]["max_networks"] %>
model_class = <%= node["openstack"]["network"]["cisco"]["model_class"] %>
manager_class = <%= node["openstack"]["network"]["cisco"]["manager_class"] %>
nexus_driver = <%= node["openstack"]["network"]["cisco"]["nexus_driver"] %>
<%- node["openstack"]["network"]["cisco"]["nexus_switch"].each_pair do | ip, info | -%>
[NEXUS_SWITCH:<%= @ip %>]
<%- @info["hosts"].each do | host_info | -%>
<%= @host_info[0] %> = <%= @host_info[1] %>
<%- end -%>
ssh_port = <%= @info["ssh_port"] %>
username = <%= @info["username"] %>
password = <%= @info["password"] %>
<%- end -%>
[DATABASE]
#
# This line MUST be changed to actually run the plugin.
# Example:
# sql_connection = mysql://quantum:password@127.0.0.1:3306/cisco_quantum
# Replace 127.0.0.1 above with the IP address of the database used by the
# main quantum server. (Leave it as is if the database runs on this host.)
#
sql_connection = <%= @sql_connection %>

68
templates/default/plugins/hyperv/hyperv_quantum_plugin.ini.erb Normal file
View File

@ -0,0 +1,68 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DATABASE]
# This line MUST be changed to actually run the plugin.
# Example:
# sql_connection = mysql://quantum:password@127.0.0.1:3306/hyperv_quantum
# Replace 127.0.0.1 above with the IP address of the database used by the
# main quantum server. (Leave it as is if the database runs on this host.)
sql_connection = <%= @sql_connection %>
# Database reconnection retry times - in event connectivity is lost
# set to -1 implies an infinite retry count
# sql_max_retries = 10
# Database reconnection interval in seconds - if the initial connection to the
# database fails
reconnect_interval = 2
# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size,
# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled.
# sql_dbpool_enable = False
# Minimum number of SQL connections to keep open in a pool
# sql_min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# sql_max_pool_size = 5
# Timeout in seconds before idle sql connections are reaped
# sql_idle_timeout = 3600
[HYPERV]
# (StrOpt) Type of network to allocate for tenant networks. The
# default value 'local' is useful only for single-box testing and
# provides no connectivity between hosts. You MUST either change this
# to 'vlan' and configure network_vlan_ranges below or to 'flat'.
# Set to 'none' to disable creation of tenant networks.
#
# Default: tenant_network_type = local
# Example: tenant_network_type = vlan
tenant_network_type = <%= node["openstack"]["network"]["hyperv"]["tenant_network_type"] %>
# (ListOpt) Comma-separated list of
# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges
# of VLAN IDs on named physical networks that are available for
# allocation. All physical networks listed are available for flat and
# VLAN provider network creation. Specified ranges of VLAN IDs are
# available for tenant network allocation if tenant_network_type is
# 'vlan'. If empty, only gre and local networks may be created.
#
# Default: network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999
network_vlan_ranges = <%= node["openstack"]["network"]["hyperv"]["network_vlan_ranges"] %>
[AGENT]
# Agent's polling interval in seconds
polling_interval = <%= node["openstack"]["network"]["hyperv"]["polling_interval"] %>
# (ListOpt) Comma separated list of <physical_network>:<vswitch>
# where the physical networks can be expressed with wildcards,
# e.g.: ."*:external".
# The referred external virtual switches need to be already present on
# the Hyper-V server.
# If a given physical network name will not match any value in the list
# the plugin will look for a virtual switch with the same name.
#
# Default: physical_network_vswitch_mappings = *:external
# Example: physical_network_vswitch_mappings = net1:external1,net2:external2
physical_network_vswitch_mappings = <%= node["openstack"]["network"]["hyperv"]["physical_network_vswitch_mappings"] %>
# (StrOpt) Private virtual switch name used for local networking.
#
# Default: local_network_vswitch = private
# Example: local_network_vswitch = custom_vswitch
local_network_vswitch = <%= node["openstack"]["network"]["hyperv"]["local_network_vswitch"] %>

67
templates/default/plugins/linuxbridge/linuxbridge_conf.ini.erb Normal file
View File

@ -0,0 +1,67 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[VLANS]
# (StrOpt) Type of network to allocate for tenant networks. The
# default value 'local' is useful only for single-box testing and
# provides no connectivity between hosts. You MUST change this to
# 'vlan' and configure network_vlan_ranges below in order for tenant
# networks to provide connectivity between hosts. Set to 'none' to
# disable creation of tenant networks.
#
# Default: tenant_network_type = local
# Example: tenant_network_type = vlan
tenant_network_type = <%= node["openstack"]["network"]["linuxbridge"]["tenant_network_type"] %>
# (ListOpt) Comma-separated list of
# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges
# of VLAN IDs on named physical networks that are available for
# allocation. All physical networks listed are available for flat and
# VLAN provider network creation. Specified ranges of VLAN IDs are
# available for tenant network allocation if tenant_network_type is
# 'vlan'. If empty, only local networks may be created.
#
# Default: network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999
network_vlan_ranges = <%= node["openstack"]["network"]["linuxbridge"]["network_vlan_ranges"] %>
[DATABASE]
# This line MUST be changed to actually run the plugin.
# Example:
# sql_connection = mysql://root:nova@127.0.0.1:3306/quantum_linux_bridge
# Replace 127.0.0.1 above with the IP address of the database used by the
# main quantum server. (Leave it as is if the database runs on this host.)
sql_connection = <%= @sql_connection %>
# Database reconnection retry times - in event connectivity is lost
# set to -1 implies an infinite retry count
# sql_max_retries = 10
# Database reconnection interval in seconds - if the initial connection to the
# database fails
reconnect_interval = 2
# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size,
# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled.
# sql_dbpool_enable = False
# Minimum number of SQL connections to keep open in a pool
# sql_min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# sql_max_pool_size = 5
# Timeout in seconds before idle sql connections are reaped
# sql_idle_timeout = 3600
[LINUX_BRIDGE]
# (ListOpt) Comma-separated list of
# <physical_network>:<physical_interface> tuples mapping physical
# network names to the agent's node-specific physical network
# interfaces to be used for flat and VLAN networks. All physical
# networks listed in network_vlan_ranges on the server should have
# mappings to appropriate interfaces on each agent.
#
# Default: physical_interface_mappings =
# Example: physical_interface_mappings = physnet1:eth1
physical_interface_mappings = <%= node["openstack"]["network"]["linuxbridge"]["physical_interface_mappings"] %>
[AGENT]
# Agent's polling interval in seconds
polling_interval = 2
[SECURITYGROUP]
# Firewall driver for realizing quantum security group function
firewall_driver = quantum.agent.linux.iptables_firewall.IptablesFirewallDriver

40
templates/default/plugins/metaplugin/metaplugin.ini.erb Normal file
View File

@ -0,0 +1,40 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DATABASE]
# This line MUST be changed to actually run the plugin.
# Example:
# sql_connection = mysql://root:nova@127.0.0.1:3306/ovs_quantum
# Replace 127.0.0.1 above with the IP address of the database used by the
# main quantum server. (Leave it as is if the database runs on this host.)
sql_connection = <%= @sql_connection %>
# Database reconnection retry times - in event connectivity is lost
# set to -1 implgies an infinite retry count
# sql_max_retries = 10
# Database reconnection interval in seconds - if the initial connection to the
# database fails
reconnect_interval = 2
# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size,
# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled.
# sql_dbpool_enable = False
# Minimum number of SQL connections to keep open in a pool
# sql_min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# sql_max_pool_size = 5
# Timeout in seconds before idle sql connections are reaped
# sql_idle_timeout = 3600
[META]
## This is list of flavor:quantum_plugins
# extension method is used in the order of this list
plugin_list = <%= node["openstack"]["network"]["metaplugin"]["plugin_list"] %>
l3_plugin_list = <%= node["openstack"]["network"]["metaplugin"]["l3_plugin_list"] %>
# Default value of flavor
default_flavor = <%= node["openstack"]["network"]["metaplugin"]["default_flavor"] %>
default_l3_flavor = <%= node["openstack"]["network"]["metaplugin"]["default_l3_flavor"] %>
# supported extentions
supported_extension_aliases = providernet
# specific method map for each flavor to extensions
extension_map = get_port_stats:nvp

43
templates/default/plugins/midonet/midonet.ini.erb Normal file
View File

@ -0,0 +1,43 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DATABASE]
# This line MUST be changed to actually run the plugin.
# Example:
# sql_connection = mysql://root:pass@127.0.0.1:3306/midonet_quantum
# Replace 127.0.0.1 above with the IP address of the database used by the
# main quantum server. (Leave it as is if the database runs on this host.)
sql_connection = <%= @sql_connection %>
# Database reconnection retry times - in event connectivity is lost
# set to -1 implies an infinite retry count
# sql_max_retries = 10
# Database reconnection interval in seconds - if the initial connection to the
# database fails
reconnect_interval = 2
# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size,
# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled.
# sql_dbpool_enable = False
# Minimum number of SQL connections to keep open in a pool
# sql_min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# sql_max_pool_size = 5
# Timeout in seconds before idle sql connections are reaped
# sql_idle_timeout = 3600
[MIDONET]
# MidoNet API server URI
# midonet_uri = http://localhost:8080/midonet-api
midonet_uri = <%= node["openstack"]["network"]["midonet"]["midonet_uri"] %>
# MidoNet admin username
username = <%= node["openstack"]["network"]["midonet"]["username"] %>
# MidoNet admin password
password = <%= node["openstack"]["network"]["midonet"]["password"] %>
# ID of the project that MidoNet admin user belongs to
project_id = <%= node["openstack"]["network"]["midonet"]["project_id"] %>
# Virtual provider router ID
provider_router_id = <%= node["openstack"]["network"]["midonet"]["provider_router_id"] %>
# Virtual metadata router ID
metadata_router_id = <%= node["openstack"]["network"]["midonet"]["metadata_router_id"] %>

56
templates/default/plugins/nec/nec.ini.erb Normal file
View File

@ -0,0 +1,56 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DATABASE]
# This line MUST be changed to actually run the plugin.
# Example:
# sql_connection = mysql://root:nova@127.0.0.1:3306/ovs_quantum
# Replace 127.0.0.1 above with the IP address of the database used by the
# main quantum server. (Leave it as is if the database runs on this host.)
sql_connection = <%= @sql_connection %>
# Database reconnection retry times - in event connectivity is lost
# set to -1 implies an infinite retry count
# sql_max_retries = 10
# Database reconnection interval in seconds - if the initial connection to the
# database fails
reconnect_interval = 2
# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size,
# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled.
# sql_dbpool_enable = False
# Minimum number of SQL connections to keep open in a pool
# sql_min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# sql_max_pool_size = 5
# Timeout in seconds before idle sql connections are reaped
# sql_idle_timeout = 3600
[OVS]
# Do not change this parameter unless you have a good reason to.
# This is the name of the OVS integration bridge. There is one per hypervisor.
# The integration bridge acts as a virtual "patch port". All VM VIFs are
# attached to this bridge and then "patched" according to their network
# connectivity.
integration_bridge = <%= node["openstack"]["network"]["nec"]["integration_bridge"] %>
[AGENT]
# Agent's polling interval in seconds
polling_interval = <%= node["openstack"]["network"]["nec"]["polling_interval"] %>
# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
root_helper = sudo
[SECURITYGROUP]
# Firewall driver for realizing quantum security group function
firewall_driver = <%= node["openstack"]["network"]["nec"]["firewall_driver"] %>
[OFC]
# Specify OpenFlow Controller Host, Port and Driver to connect.
host = <%= node["openstack"]["network"]["nec"]["ofc_host"] %>
port = <%= node["openstack"]["network"]["nec"]["ofc_port"] %>
# Drivers are in quantum/plugins/nec/drivers/ .
driver = <%= node["openstack"]["network"]["nec"]["ofc_driver"] %>
# PacketFilter is available when it's enabled in this configuration
# and supported by the driver.
enable_packet_filter = <%= node["openstack"]["network"]["nec"]["ofc_enable_packet_filter"] %>

116
templates/default/plugins/nicira/nvp.ini.erb Normal file
View File

@ -0,0 +1,116 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
# #############################################################
# WARNINGS: The following deprecations have been made in the
# Havana release. Support for the options below will be removed
# in Ixxx.
#
# Section: [DEFAULT], Option: 'metadata_dhcp_host_route'
# Remarks: Use 'enable_isolated_metadata' in dhcp_agent.ini.
#
#
# Section: [CLUSTER:name], Option: 'nvp_controller_connection'
# Remarks: The configuration will allow the specification of
# a single cluster, therefore [CLUSTER:name] is no
# longer used. Use 'nvp_*', options, 'req_timeout',
# 'retries', etc. as indicated in the DEFAULT section.
# Support for multiple clusters will be added through
# an API extension.
# ##############################################################
[DEFAULT]
# User name for NVP controller
nvp_user = admin <%= node["openstack"]["network"]["nicira"]["nvp_user"] %>
# Password for NVP controller
nvp_password = <%= node["openstack"]["network"]["nicira"]["nvp_password"] %>
# Total time limit for a cluster request
# (including retries across different controllers)
req_timeout = <%= node["openstack"]["network"]["nicira"]["req_timeout"] %>
# Time before aborting a request on an unresponsive controller
http_timeout = <%= node["openstack"]["network"]["nicira"]["http_timeout"] %>
# Maximum number of times a particular request should be retried
retries = <%= node["openstack"]["network"]["nicira"]["retries"] %>
# Maximum number of times a redirect response should be followed
redirects = <%= node["openstack"]["network"]["nicira"]["redirects"] %>
# Comma-separated list of NVP controller endpoints (<ip>:<port>). When port
# is omitted, 443 is assumed. This option MUST be specified, e.g.:
nvp_controllers = <%= node["openstack"]["network"]["nicira"]["nvp_controllers"] %>
# UUID of the pre-existing default NVP Transport zone to be used for creating
# tunneled isolated "Quantum" networks. This option MUST be specified, e.g.:
default_tz_uuid = <%= node["openstack"]["network"]["nicira"]["default_tx_uuid"] %>
# (Optional) UUID of the cluster in NVP. It can be retrieved from NVP management
# console "admin" section.
nvp_cluster_uuid = <%= node["openstack"]["network"]["nicira"]["nvp_cluster_uuid"] %>
# (Optional) UUID for the default l3 gateway service to use with this cluster.
# To be specified if planning to use logical routers with external gateways.
default_l3_gw_service_uuid = <%= node["openstack"]["network"]["nicira"]["default_l3_gateway_service_uuid"] %>
# (Optional) UUID for the default l2 gateway service to use with this cluster.
# To be specified for providing a predefined gateway tenant for connecting their networks.
default_l2_gw_service_uuid = <%= node["openstack"]["network"]["nicira"]["default_l2_gateway_service_uuid"] %>
# Name of the default interface name to be used on network-gateway. This value
# will be used for any device associated with a network gateway for which an
# interface name was not specified
default_iface_name = <%= node["openstack"]["network"]["nicira"]["default_iface_name"] %>
[DATABASE]
# This line MUST be changed to actually run the plugin.
# Example:
# sql_connection = mysql://root:quantum@127.0.0.1:3306/nvp_quantum
# Replace 127.0.0.1 above with the IP address of the database used by the
# main quantum server. (Leave it as is if the database runs on this host.)
sql_connection = <%= @sql_connection %>
# Number of reconnection attempts to the DB; Set to -1 to try indefinitely
# sql_max_retries = 10
# Period between reconnection attempts to the DB
# reconnect_interval = 2
# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size,
# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled.
# sql_dbpool_enable = False
# Minimum number of SQL connections to keep open in a pool
# sql_min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# sql_max_pool_size = 5
# Timeout in seconds before idle sql connections are reaped
# sql_idle_timeout = 3600
[QUOTAS]
# number of network gateways allowed per tenant, -1 means unlimited
quota_network_gateway = <%= node["openstack"]["network"]["nicira"]["quota_network_gateway"] %>
[NVP]
# Maximum number of ports for each bridged logical switch
max_lp_per_bridged_ls = <%= node["openstack"]["network"]["nicira"]["max_lp_per_bridged_ls"] %>
# Maximum number of ports for each overlay (stt, gre) logical switch
max_lp_per_overlay_ls = <%= node["openstack"]["network"]["nicira"]["max_lp_per_overlay_ls"] %>
# Number of connects to each controller node.
concurrent_connections = <%= node["openstack"]["network"]["nicira"]["concurrent_connections"] %>
# Acceptable values for 'metadata_mode' are:
# - 'access_network': this enables a dedicated connection to the metadata
# proxy for metadata server access via Quantum router.
# - 'dhcp_host_route': this enables host route injection via the dhcp agent.
# This option is only useful if running on a host that does not support
# namespaces otherwise access_network should be used.
metadata_mode = <%= node["openstack"]["network"]["nicira"]["metadata_mode"] %>

138
templates/default/plugins/openvswitch/ovs_quantum_plugin.ini.erb Normal file
View File

@ -0,0 +1,138 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DATABASE]
# This line MUST be changed to actually run the plugin.
# Example:
# sql_connection = mysql://root:nova@127.0.0.1:3306/ovs_quantum
# Replace 127.0.0.1 above with the IP address of the database used by the
# main quantum server. (Leave it as is if the database runs on this host.)
sql_connection = <%= @sql_connection %>
# Database reconnection retry times - in event connectivity is lost
# set to -1 implies an infinite retry count
# sql_max_retries = 10
# Database reconnection interval in seconds - if the initial connection to the
# database fails
reconnect_interval = 2
# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size,
# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled.
# sql_dbpool_enable = False
# Minimum number of SQL connections to keep open in a pool
# sql_min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# sql_max_pool_size = 5
# Timeout in seconds before idle sql connections are reaped
# sql_idle_timeout = 3600
[OVS]
# (StrOpt) Type of network to allocate for tenant networks. The
# default value 'local' is useful only for single-box testing and
# provides no connectivity between hosts. You MUST either change this
# to 'vlan' and configure network_vlan_ranges below or change this to
# 'gre' and configure tunnel_id_ranges below in order for tenant
# networks to provide connectivity between hosts. Set to 'none' to
# disable creation of tenant networks.
#
# Default: tenant_network_type = local
# Example: tenant_network_type = gre
tenant_network_type = <%= node["openstack"]["network"]["openvswitch"]["tenant_network_type"] %>
# (ListOpt) Comma-separated list of
# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges
# of VLAN IDs on named physical networks that are available for
# allocation. All physical networks listed are available for flat and
# VLAN provider network creation. Specified ranges of VLAN IDs are
# available for tenant network allocation if tenant_network_type is
# 'vlan'. If empty, only gre and local networks may be created.
#
# Default: network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999
network_vlan_ranges = <%= node["openstack"]["network"]["openvswitch"]["network_vlan_ranges"] %>
# (BoolOpt) Set to True in the server and the agents to enable support
# for GRE networks. Requires kernel support for OVS patch ports and
# GRE tunneling.
#
# Default: enable_tunneling = False
enable_tunneling = <%= node["openstack"]["network"]["openvswitch"]["enable_tunneling"] %>
# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples
# enumerating ranges of GRE tunnel IDs that are available for tenant
# network allocation if tenant_network_type is 'gre'.
#
# Default: tunnel_id_ranges =
# Example: tunnel_id_ranges = 1:1000
tunnel_id_ranges = <%= node["openstack"]["network"]["openvswitch"]["tunnel_id_ranges"] %>
# Do not change this parameter unless you have a good reason to.
# This is the name of the OVS integration bridge. There is one per hypervisor.
# The integration bridge acts as a virtual "patch bay". All VM VIFs are
# attached to this bridge and then "patched" according to their network
# connectivity.
#
# Default: integration_bridge = br-int
integration_bridge = <%= node["openstack"]["network"]["openvswitch"]["integration_bridge"] %>
# Only used for the agent if tunnel_id_ranges (above) is not empty for
# the server. In most cases, the default value should be fine.
#
# Default: tunnel_bridge = br-tun
tunnel_bridge = <%= node["openstack"]["network"]["openvswitch"]["tunnel_bridge"] %>
# Peer patch port in integration bridge for tunnel bridge
# int_peer_patch_port = patch-tun
int_peer_patch_port = <%= node["openstack"]["network"]["openvswitch"]["int_peer_patch_port"] %>
# Peer patch port in tunnel bridge for integration bridge
# tun_peer_patch_port = patch-int
tun_peer_patch_port = <%= node["openstack"]["network"]["openvswitch"]["tun_peer_patch_port"] %>
# Uncomment this line for the agent if tunnel_id_ranges (above) is not
# empty for the server. Set local-ip to be the local IP address of
# this hypervisor.
#
# Default: local_ip =
local_ip = <%= node["openstack"]["network"]["openvswitch"]["local_ip"] %>
# (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples
# mapping physical network names to the agent's node-specific OVS
# bridge names to be used for flat and VLAN networks. The length of
# bridge names should be no more than 11. Each bridge must
# exist, and should have a physical network interface configured as a
# port. All physical networks listed in network_vlan_ranges on the
# server should have mappings to appropriate bridges on each agent.
#
# Default: bridge_mappings =
# Example: bridge_mappings = physnet1:br-eth1
bridge_mappings = <%= node["openstack"]["network"]["openvswitch"]["bridge_mappings"] %>
[AGENT]
# Agent's polling interval in seconds
polling_interval = 2
[SECURITYGROUP]
# Firewall driver for realizing quantum security group function
# firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
#-----------------------------------------------------------------------------
# Sample Configurations.
#-----------------------------------------------------------------------------
#
# 1. With VLANs on eth1.
# [DATABASE]
# sql_connection = mysql://root:nova@127.0.0.1:3306/ovs_quantum
# [OVS]
# network_vlan_ranges = default:2000:3999
# tunnel_id_ranges =
# integration_bridge = br-int
# bridge_mappings = default:br-eth1
# [AGENT]
# Add the following setting, if you want to log to a file
#
# 2. With tunneling.
# [DATABASE]
# sql_connection = mysql://root:nova@127.0.0.1:3306/ovs_quantum
# [OVS]
# network_vlan_ranges =
# tunnel_id_ranges = 1:1000
# integration_bridge = br-int
# tunnel_bridge = br-tun
# local_ip = 10.0.0.3

38
templates/default/plugins/plumgrid/plumgrid.ini.erb Normal file
View File

@ -0,0 +1,38 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DATABASE]
# This line MUST be changed to actually run the plugin.
# Example:
# sql_connection = mysql://<user>:<pass>@<host>:3306/plumgrid_quantum
# Replace <host> above with the IP address of the database used by the
# main quantum server.
sql_connection = <%= @sql_connection %>
# Database reconnection retry times - in event connectivity is lost
# set to -1 implies an infinite retry count
# sql_max_retries = 10
# Database reconnection interval in seconds - if the initial connection to the
# database fails
# reconnect_interval = 2
# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size,
# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled.
# sql_dbpool_enable = False
# Minimum number of SQL connections to keep open in a pool
# sql_min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# sql_max_pool_size = 5
# Timeout in seconds before idle sql connections are reaped
# sql_idle_timeout = 3600
[PLUMgridNOS]
# This line should be pointing to the NOS server,
# for the PLUMgrid platform. In other deployments,
# this is known as controller
nos_server = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %>
nos_server_port = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %>
# Authentification parameters for the NOS server.
# These are the admin credentials to manage and control
# the NOS server.
username = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %>
password = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %>
servertimeout = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %>
# Name of the network topology to be deployed by NOS
topologyname = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %>

58
templates/default/plugins/ryu/ryu.ini.erb Normal file
View File

@ -0,0 +1,58 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DATABASE]
# This line MUST be changed to actually run the plugin.
# Example: sql_connection = mysql://root:nova@127.0.0.1:3306/ryu_quantum
sql_connection = <%= @sql_connection %>
# Enable the use of eventlet's db_pool for MySQL. The flags sql_min_pool_size,
# sql_max_pool_size and sql_idle_timeout are relevant only if this is enabled.
# sql_dbpool_enable = False
# Minimum number of SQL connections to keep open in a pool
# sql_min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# sql_max_pool_size = 5
# Timeout in seconds before idle sql connections are reaped
# sql_idle_timeout = 3600
[OVS]
# Do not change this parameter unless you have a good reason to.
# This is the name of the OVS integration bridge. There is one per hypervisor.
# The integration bridge acts as a virtual "patch port". All VM VIFs are
# attached to this bridge and then "patched" according to their network
# connectivity.
integration_bridge = <%= node["openstack"]["network"]["ryu"]["integration_bridge"] %>
# openflow_rest_api = <host IP address of ofp rest api service>:<port: 8080>
openflow_rest_api = <%= node["openstack"]["network"]["ryu"]["openflow_rest_api"] %>
# tunnel key range: 0 < tunnel_key_min < tunnel_key_max
# VLAN: 12bits, GRE, VXLAN: 24bits
tunnel_key_min = <%= node["openstack"]["network"]["ryu"]["tunnel_key_min"] %>
tunnel_key_max = <%= node["openstack"]["network"]["ryu"]["tunnel_key_max"] %>
# tunnel_ip = <ip address for tunneling>
# tunnel_interface = interface for tunneling
# when tunnel_ip is NOT specified, ip address is read
# from this interface
tunnel_ip = <%= node["openstack"]["network"]["ryu"]["tunnel_ip"] %>
tunnel_interface = <%= node["openstack"]["network"]["ryu"]["tunnel_interface"] %>
# ovsdb_port = port number on which ovsdb is listening
# ryu-agent uses this parameter to setup ovsdb.
# ovs-vsctl set-manager ptcp:<ovsdb_port>
# See set-manager section of man ovs-vsctl for details.
# currently ptcp is only supported.
# ovsdb_ip = <host IP address on which ovsdb is listening>
# ovsdb_interface = interface for ovsdb
# when ovsdb_addr NOT specifiied, ip address is gotten
# from this interface
ovsdb_port = <%= node["openstack"]["network"]["ryu"]["ovsdb_port"] %>
ovsdb_ip = <%= node["openstack"]["network"]["ryu"]["ovsdb_ip"] %>
ovsdb_interface = <%= node["openstack"]["network"]["ryu"]["ovsdb_interface"] %>
[SECURITYGROUP]
# Firewall driver for realizing quantum security group function
firewall_driver = <%= node["openstack"]["network"]["ryu"]["firewall_driver"] %>
[AGENT]
# Agent's polling interval in seconds
polling_interval = <%= node["openstack"]["network"]["ryu"]["polling_interval"] %>

76
templates/default/policy.json.erb Normal file
View File

@ -0,0 +1,76 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
{
"context_is_admin": "role:admin",
"admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
"admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network_tenant_id)s",
"admin_only": "rule:context_is_admin",
"regular_user": "",
"shared": "field:networks:shared=True",
"external": "field:networks:router:external=True",
"default": "rule:admin_or_owner",
"extension:provider_network:view": "rule:admin_only",
"extension:provider_network:set": "rule:admin_only",
"extension:router:view": "rule:regular_user",
"extension:port_binding:view": "rule:admin_only",
"extension:port_binding:set": "rule:admin_only",
"subnets:private:read": "rule:admin_or_owner",
"subnets:private:write": "rule:admin_or_owner",
"subnets:shared:read": "rule:regular_user",
"subnets:shared:write": "rule:admin_only",
"create_subnet": "rule:admin_or_network_owner",
"get_subnet": "rule:admin_or_owner or rule:shared",
"update_subnet": "rule:admin_or_network_owner",
"delete_subnet": "rule:admin_or_network_owner",
"create_network": "",
"get_network": "rule:admin_or_owner or rule:shared or rule:external",
"create_network:shared": "rule:admin_only",
"create_network:router:external": "rule:admin_only",
"create_network:provider:network_type": "rule:admin_only",
"create_network:provider:physical_network": "rule:admin_only",
"create_network:provider:segmentation_id": "rule:admin_only",
"update_network": "rule:admin_or_owner",
"update_network:provider:network_type": "rule:admin_only",
"update_network:provider:physical_network": "rule:admin_only",
"update_network:provider:segmentation_id": "rule:admin_only",
"delete_network": "rule:admin_or_owner",
"create_port": "",
"create_port:mac_address": "rule:admin_or_network_owner",
"create_port:fixed_ips": "rule:admin_or_network_owner",
"create_port:port_security_enabled": "rule:admin_or_network_owner",
"get_port": "rule:admin_or_owner",
"update_port": "rule:admin_or_owner",
"update_port:fixed_ips": "rule:admin_or_network_owner",
"update_port:port_security_enabled": "rule:admin_or_network_owner",
"delete_port": "rule:admin_or_owner",
"extension:service_type:view_extended": "rule:admin_only",
"create_service_type": "rule:admin_only",
"update_service_type": "rule:admin_only",
"delete_service_type": "rule:admin_only",
"get_service_type": "rule:regular_user",
"create_qos_queue": "rule:admin_only",
"get_qos_queue": "rule:admin_only",
"get_qos_queues": "rule:admin_only",
"update_agent": "rule:admin_only",
"delete_agent": "rule:admin_only",
"get_agent": "rule:admin_only",
"get_agents": "rule:admin_only",
"create_dhcp-network": "rule:admin_only",
"delete_dhcp-network": "rule:admin_only",
"get_dhcp-networks": "rule:admin_only",
"create_l3-router": "rule:admin_only",
"delete_l3-router": "rule:admin_only",
"get_l3-routers": "rule:admin_only",
"get_dhcp-agents": "rule:admin_only",
"get_l3-agents": "rule:admin_only"
}

298
templates/default/quantum.conf.erb Normal file
View File

@ -0,0 +1,298 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DEFAULT]
# Default log level is INFO
# verbose and debug has the same result.
# One of them will set DEBUG log level output
debug = <%= node["openstack"]["network"]["debug"] %>
verbose = <%= node["openstack"]["network"]["verbose"] %>
# Where to store Quantum state files. This directory must be writable by the
# user executing the agent.
# state_path = /var/lib/quantum
# Where to store lock files
lock_path = $state_path/lock
# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
# log_date_format = %Y-%m-%d %H:%M:%S
# use_syslog -> syslog
# log_file and log_dir -> log_dir/log_file
# (not log_file) and log_dir -> log_dir/{binary_name}.log
# use_stderr -> stderr
# (not user_stderr) and (not log_file) -> stdout
# publish_errors -> notification system
# use_syslog = False
# syslog_log_facility = LOG_USER
# use_stderr = True
# log_file =
# log_dir =
# publish_errors = False
# Address to bind the API server
bind_host = <%= @bind_address %>
# Port the bind the API server to
bind_port = <%= @bind_port %>
# Path to the extensions. Note that this can be a colon-separated list of
# paths. For example:
# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
# The __path__ of quantum.extensions is appended to this, so if your
# extensions are in there you don't need to specify them here
# api_extensions_path =
# Quantum plugin provider module
# core_plugin =
core_plugin = <%= @core_plugin %>
# Advanced service modules
# service_plugins =
# Paste configuration file
api_paste_config = api-paste.ini
# The strategy to be used for auth.
# Supported values are 'keystone'(default), 'noauth'.
# auth_strategy = keystone
# Base MAC address. The first 3 octets will remain unchanged. If the
# 4h octet is not 00, it will also used. The others will be
# randomly generated.
# 3 octet
# base_mac = fa:16:3e:00:00:00
# 4 octet
# base_mac = fa:16:3e:4f:00:00
# Maximum amount of retries to generate a unique MAC address
# mac_generation_retries = 16
# DHCP Lease duration (in seconds)
# dhcp_lease_duration = 120
# Allow sending resource operation notification to DHCP agent
# dhcp_agent_notification = True
# Enable or disable bulk create/update/delete operations
# allow_bulk = True
# Enable or disable pagination
# allow_pagination = False
# Enable or disable sorting
# allow_sorting = False
# Enable or disable overlapping IPs for subnets
# Attention: the following parameter MUST be set to False if Quantum is
# being used in conjunction with nova security groups and/or metadata service.
# allow_overlapping_ips = False
# Ensure that configured gateway is on subnet
# force_gateway_on_subnet = False
# RPC configuration options. Defined in rpc __init__
# The messaging module to use, defaults to kombu.
# rpc_backend = quantum.openstack.common.rpc.impl_kombu
# Size of RPC thread pool
# rpc_thread_pool_size = 64,
# Size of RPC connection pool
# rpc_conn_pool_size = 30
# Seconds to wait for a response from call or multicall
# rpc_response_timeout = 60
# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
# rpc_cast_timeout = 30
# Modules of exceptions that are permitted to be recreated
# upon receiving exception data from an rpc call.
# allowed_rpc_exception_modules = quantum.openstack.common.exception, nova.exception
# AMQP exchange to connect to if using RabbitMQ or QPID
control_exchange = quantum
# Configuration options if sending notifications via kombu rpc (these are
# the defaults)
# SSL version to use (valid only if SSL enabled)
# kombu_ssl_version =
# SSL key file (valid only if SSL enabled)
# kombu_ssl_keyfile =
# SSL cert file (valid only if SSL enabled)
# kombu_ssl_certfile =
# SSL certification authority file (valid only if SSL enabled)'
# kombu_ssl_ca_certs =
##### RABBITMQ #####
rabbit_userid=<%= @rabbit_user %>
rabbit_password=<%= @rabbit_password %>
rabbit_port=<%= @rabbit_port %>
rabbit_host=<%= @rabbit_ipaddress %>
rabbit_virtual_host=<%= @rabbit_virtual_host %>
# Maximum retries with trying to connect to RabbitMQ
# (the default of 0 implies an infinite retry count)
# rabbit_max_retries = 0
# RabbitMQ connection retry interval
# rabbit_retry_interval = 1
# Use HA queues in RabbitMQ (x-ha-policy: all).You need to
# wipe RabbitMQ database when changing this option. (boolean value)
# rabbit_ha_queues = false
# QPID
# rpc_backend=quantum.openstack.common.rpc.impl_qpid
# Qpid broker hostname
# qpid_hostname = localhost
# Qpid broker port
# qpid_port = 5672
# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
# qpid_hosts = localhost:5672
# Username for qpid connection
# qpid_username = ''
# Password for qpid connection
# qpid_password = ''
# Space separated list of SASL mechanisms to use for auth
# qpid_sasl_mechanisms = ''
# Seconds between connection keepalive heartbeats
# qpid_heartbeat = 60
# Transport to use, either 'tcp' or 'ssl'
# qpid_protocol = tcp
# Disable Nagle algorithm
# qpid_tcp_nodelay = True
# ZMQ
# rpc_backend=quantum.openstack.common.rpc.impl_zmq
# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
# The "host" option should point or resolve to this address.
# rpc_zmq_bind_address = *
# ============ Notification System Options =====================
# Notifications can be sent when network/subnet/port are create, updated or deleted.
# There are three methods of sending notifications: logging (via the
# log_file directive), rpc (via a message queue) and
# noop (no notifications sent, the default)
# Notification_driver can be defined multiple times
# Do nothing driver
# notification_driver = quantum.openstack.common.notifier.no_op_notifier
# Logging driver
# notification_driver = quantum.openstack.common.notifier.log_notifier
# RPC driver. DHCP agents needs it.
notification_driver = quantum.openstack.common.notifier.rpc_notifier
# default_notification_level is used to form actual topic name(s) or to set logging level
default_notification_level = INFO
# default_publisher_id is a part of the notification payload
# host = myhost.com
# default_publisher_id = $host
# Defined in rpc_notifier, can be comma separated values.
# The actual topic names will be %s.%(default_notification_level)s
notification_topics = notifications
# Default maximum number of items returned in a single response,
# value == infinite and value < 0 means no max limit, and value must
# greater than 0. If the number of items requested is greater than
# pagination_max_limit, server will just return pagination_max_limit
# of number of items.
# pagination_max_limit = -1
# Maximum number of DNS nameservers per subnet
# max_dns_nameservers = 5
# Maximum number of host routes per subnet
# max_subnet_host_routes = 20
# Maximum number of fixed ips per port
# max_fixed_ips_per_port = 5
# =========== items for agent management extension =============
# Seconds to regard the agent as down.
# agent_down_time = 5
# =========== end of items for agent management extension =====
# =========== items for agent scheduler extension =============
# Driver to use for scheduling network to DHCP agent
# network_scheduler_driver = quantum.scheduler.dhcp_agent_scheduler.ChanceScheduler
# Driver to use for scheduling router to a default L3 agent
# router_scheduler_driver = quantum.scheduler.l3_agent_scheduler.ChanceScheduler
# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
# networks to first DHCP agent which sends get_active_networks message to
# quantum server
# network_auto_schedule = True
# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
# routers to first L3 agent which sends sync_routers message to quantum server
# router_auto_schedule = True
# =========== end of items for agent scheduler extension =====
# =========== WSGI parameters related to the API server ==============
# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
# starting API server. Not supported on OS X.
#tcp_keepidle = 600
# Number of seconds to keep retrying to listen
#retry_until_window = 30
# Number of backlog requests to configure the socket with.
#backlog = 4096
# Enable SSL on the API server
#use_ssl = False
# Certificate file to use when starting API server securely
#ssl_cert_file = /path/to/certfile
# Private key file to use when starting API server securely
#ssl_key_file = /path/to/keyfile
# CA certificate file to use when starting API server securely to
# verify connecting clients. This is an optional parameter only required if
# API clients need to authenticate to the API server using SSL certificates
# signed by a trusted CA
#ssl_ca_file = /path/to/cafile
# ======== end of WSGI parameters related to the API server ==========
[QUOTAS]
# resource name(s) that are supported in quota features
# quota_items = network,subnet,port
# default number of resource allowed per tenant, minus for unlimited
# default_quota = -1
# number of networks allowed per tenant, and minus means unlimited
# quota_network = 10
# number of subnets allowed per tenant, and minus means unlimited
# quota_subnet = 10
# number of ports allowed per tenant, and minus means unlimited
# quota_port = 50
# number of security groups allowed per tenant, and minus means unlimited
# quota_security_group = 10
# number of security group rules allowed per tenant, and minus means unlimited
# quota_security_group_rule = 100
# default driver to use for quota checks
# quota_driver = quantum.quota.ConfDriver
[DEFAULT_SERVICETYPE]
# Description of the default service type (optional)
# description = "default service type"
# Enter a service definition line for each advanced service provided
# by the default service type.
# Each service definition should be in the following format:
# <service>:<plugin>[:driver]
[AGENT]
# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
# root_helper = sudo
# =========== items for agent management extension =============
# seconds between nodes reporting state to server, should be less than
# agent_down_time
# report_interval = 4
# =========== end of items for agent management extension =====

6
templates/default/rootwrap.conf.erb Normal file
View File

@ -0,0 +1,6 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DEFAULT]
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path=/etc/quantum/rootwrap.d,/usr/share/quantum/rootwrap