diff --git a/README.md b/README.md index 8580120c..d2a09e6c 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,12 @@ Description =========== -TODO: (jklare) needs refactoring too - -This cookbook installs the **OpenStack Network** service (formerly project-named Quantum, current name is Neutron) -as part of a Chef reference deployment of OpenStack. +This cookbook installs the OpenStack Network service **Neutron** as part of a +Chef reference deployment of OpenStack. The +https://github.com/openstack/openstack-chef-repo contains documentation for using this cookbook in the context of a full OpenStack deployment. More information about the OpenStack Network service is available -[here](http://docs.openstack.org/trunk/openstack-network/admin/content/index.html) +[here](http://docs.openstack.org/mitaka/config-reference/networking.html) Usage ===== @@ -18,182 +17,156 @@ L3 networking for various hardware vendors and standards. Requirements ============ -Chef 11.4.4 or higher required (for Chef environment use) +- Chef 12 or higher +- chefdk 0.9.0 for testing (also includes berkshelf for cookbook dependency + resolution) + +Platform +======== + +- ubuntu +- redhat +- centos Cookbooks ---------- +========= The following cookbooks are dependencies: -* openstack-identity -* openstack-common - -Recipes -======= - -client ------- - -- Install the network client packages - -server ------- - -- Installs the openstack-network API server - -dhcp\_agent --------- - -- Installs the DHCP agent - -l3\_agent --------- - -- Installs the L3 agent and metadata agent - -vpn\_agent --------- - -- Installs the VPN agent - -Identity-registration ---------------------- - -- Registers the OpenStack Network API endpoint and service user with Keystone - -hyperv ------- - -- Install the drivers for hyperv needed by OpenStack network. -- The networking-hyperv has not been included by linux distributions, it needs been created by users. -- The source code of networking-hyperv maintains in https://github.com/stackforge/networking-hyperv. +- 'openstack-common', '>= 13.0.0' +- 'openstack-identity', '>= 13.0.0' Attributes ========== -* `openstack['network']['service_provider']` - Array of service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. -* `openstack['network']['api']['auth']['version']` - Select v2.0 or v3.0. Default v2.0. The auth API version used to interact with identity service. -* `openstack['network']["misc_neutron"]` - Array of strings to be added to neutron.conf -* `openstack['network']['api']['auth']['memcached_servers']` - A list of memcached server(s) for caching -* `openstack['network']['api']['auth']['memcache_security_strategy']` - Whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. -* `openstack['network']['api']['auth']['memcache_secret_key']` - This string is used for key derivation. -* `openstack['network']['api']['auth']['hash_algorithms']` - Hash algorithms to use for hashing PKI tokens. -* `openstack['network']['api']['auth']['cafile']` - A PEM encoded Certificate Authority to use when verifying HTTPs connections. -* `openstack['network']['api']['auth']['insecure']` - Whether to allow the client to perform insecure SSL (https) requests. -* `openstack['network']['dbsync_timeout']` - Set dbsync command timeout value +Please see the extensive inline documentation in `attributes/*.rb` for +descriptions of all the settable attributes for this cookbook. -TODO -* `openstack["network"]["service_plugins"]` - Array of Python classes to be used as `service_plugins` in neutron.conf (default: []). Set it to ['neutron.plugins.services.agent_loadbalancer.plugin.LoadBalancerPlugin'] to include the load balancer plugin. +Note that all attributes are in the `default['openstack']` "namespace" -Neutron Nova interactions -------------------------- -* `openstack["network"]["nova"]["cafile"]` - CA file for novaclient to verify server certificates -* `openstack["network"]["nova"]["insecure"]` - Boolean to control ignoring SSL errors on the nova url +The usage of attributes to generate the neutron.conf is described in the +openstack-common cookbook. -MQ attributes -------------- -* `openstack["network"]["mq"]["service_type"]` - Select qpid or rabbitmq. default rabbitmq -TODO: move rabbit parameters under openstack["network"]["mq"] -* `openstack["network"]["rabbit"]["username"]` - Username for nova rabbit access -* `openstack["network"]["rabbit"]["vhost"]` - The rabbit vhost to use -* `openstack["network"]["rabbit"]["port"]` - The rabbit port to use -* `openstack["network"]["rabbit"]["host"]` - The rabbit host to use (must set when `openstack["network"]["rabbit"]["ha"]` false). -* `openstack["network"]["rabbit"]["ha"]` - Whether or not to use rabbit ha - -* `openstack["network"]["mq"]["qpid"]["host"]` - The qpid host to use -* `openstack["network"]["mq"]["qpid"]["port"]` - The qpid port to use -* `openstack["network"]["mq"]["qpid"]["qpid_hosts"]` - Qpid hosts. TODO. use only when ha is specified. -* `openstack["network"]["mq"]["qpid"]["username"]` - Username for qpid connection -* `openstack["network"]["mq"]["qpid"]["password"]` - Password for qpid connection -* `openstack["network"]["mq"]["qpid"]["sasl_mechanisms"]` - Space separated list of SASL mechanisms to use for auth -* `openstack["network"]["mq"]["qpid"]["reconnect_timeout"]` - The number of seconds to wait before deciding that a reconnect attempt has failed. -* `openstack["network"]["mq"]["qpid"]["reconnect_limit"]` - The limit for the number of times to reconnect before considering the connection to be failed. -* `openstack["network"]["mq"]["qpid"]["reconnect_interval_min"]` - Minimum number of seconds between connection attempts. -* `openstack["network"]["mq"]["qpid"]["reconnect_interval_max"]` - Maximum number of seconds between connection attempts. -* `openstack["network"]["mq"]["qpid"]["reconnect_interval"]` - Equivalent to setting qpid_reconnect_interval_min and qpid_reconnect_interval_max to the same value. -* `openstack["network"]["mq"]["qpid"]["heartbeat"]` - Seconds between heartbeat messages sent to ensure that the connection is still alive. -* `openstack["network"]["mq"]["qpid"]["protocol"]` - Protocol to use. Default tcp. -* `openstack["network"]["mq"]["qpid"]["tcp_nodelay"]` - Disable the Nagle algorithm. default disabled. - -Linuxbridge plugin attributes ------------------------------ -* `openstack['openstack']['network']['linuxbridge']['tenant_network_type']` - Type of network to allocate for tenant networks. (default 'local') -* `openstack['openstack']['network']['linuxbridge']['network_vlan_ranges']` - Comma-separated list of [::] tuples enumerating ranges of VLAN IDs -* `openstack['openstack']['network']['linuxbridge']['physical_interface_mappings']` - (ListOpt) Comma-separated list of : tuples mapping physical network names -* `openstack['openstack']['network']['linuxbridge']['enable_vxlan']` - (BoolOpt) enable VXLAN on the agent. (default false) -* `openstack['openstack']['network']['linuxbridge']['ttl']` - (IntOpt) use specific TTL for vxlan interface protocol packets -* `openstack['openstack']['network']['linuxbridge']['tos']` - (IntOpt) use specific TOS for vxlan interface protocol packets -* `openstack['openstack']['network']['linuxbridge']['vxlan_group']` - (StrOpt) multicast group to use for broadcast emulation. (default '224.0.0.1') -* `openstack['openstack']['network']['linuxbridge']['l2_population']` - (BoolOpt) Flag to enable l2population extension. (default false) -* `openstack['openstack']['network']['linuxbridge']['polling_interval']` - Agent polling interval in seconds. (default 2) -* `openstack['openstack']['network']['linuxbridge']['rpc_support_old_agents']` - (BoolOpt) Enable server RPC compatibility with old (pre-havana). (default false) -* `openstack['openstack']['network']['linuxbridge']['firewall_driver']` - Firewall driver for realizing neutron security group function - -Modular Layer 2 Plugin Configuration ------------------------------------- -* `openstack['openstack']['network']['ml2']['type_drivers']` - (ListOpt) List of network type driver entrypoints to be loaded from the neutron.ml2.type_drivers namespace. -* `openstack['openstack']['network']['ml2']['tenant_network_types']` - (ListOpt) Ordered list of net work_types to allocate as tenant networks. (default local) -* `openstack['openstack']['network']['ml2']['mechanism_drivers']` - (ListOpt) Ordered list of networ king mechanism driver entrypoints to be loaded from the neutron.ml2.mechanism_drivers namespace. -* `openstack['openstack']['network']['ml2']['flat_networks']` - (ListOpt) List of physical_network names with which flat networks can be created. -* `openstack['openstack']['network']['ml2']['network_vlan_ranges']` - (ListOpt) List of [::] tuples specifying physical_network names usable for VLAN provider and tenant networks -* `openstack['openstack']['network']['ml2']['tunnel_id_ranges']` - (ListOpt) Comma-separated list of : tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation -* `openstack['openstack']['network']['ml2']['vni_ranges']` - (ListOpt) Comma-separated list of : tuples enumerating ranges of VXLAN VNI IDs that are available for tenant network allocation. -* `openstack['openstack']['network']['ml2']['vxlan_group']` - (StrOpt) Multicast group for the VXLAN interface. - -DHCP Agent Configuration ------------------------- -* `openstack['openstack']['network']['dhcp']['dhcp_delete_namespaces']` - (StrOpt) If True, namespaces will be deleted when a dhcp server is disabled. -* `openstack['openstack']['network']['dhcp']['dhcp_agents_per_network']` - (IntOpt) Set the number of dhcp agents for each network. (default 1) - -L3 Agent Configuration ----------------------- -* `openstack['openstack']['network']['l3']['router_delete_namespaces']` - (StrOpt) If True, namespaces will be deleted when a router is destroyed. -* `openstack['openstack']['network']['l3']['ha']['l3_ha']` - (BoolOpt) If True, virtual router will be created as ha by default. (default False) -* `openstack['openstack']['network']['l3']['ha']['max_l3_agents_per_router']` - (IntOpt) The maximum number of l3 agents for each ha router. (default 3) -* `openstack['openstack']['network']['l3']['ha']['ha_vrrp_advert_int']` - (IntOpt) The advertisement interval in seconds. (default 2) -* `openstack['openstack']['network']['l3']['router_distributed'] - Both true(bool) and 'true'(str) will set DVR(Distributed Virtual Router) configure enabled. Setting 'auto' will do a simple check then decide whether or not to enable DVR, default is enabled with OVS. -* `openstack['openstack']['network']['l3']['router_delete_namespaces'] - (StrOpt) If True, namespaces will be deleted when a router is destroyed. - -VPN Agent Configuration ----------------------- -* `openstack['openstack']['network']['enable_vpn'] - (BoolOpt) Used to enable VPN agent, if true, namespaces must be enabled. (default false) -* `openstack['openstack']['network']['vpn']['vpn_device_driver'] - (ListOpt) Comma-separated list of VPN device drivers which VPN agent will use -* `openstack['openstack']['network']['vpn']['ipsec_status_check_interval'] - (IntOpt) Status check interval for ipsec VPN - -LBaaS Agent Configuration ----------------------- -* `openstack['openstack']['network']['lbaas']['custom_interface_driver']` - Custom plugin to support new interface drivers -* `openstack['openstack']['network']['lbaas']['ovs_use_veth']` - (BoolOpt) Used to enable veth pairs for OVS based plugins - -The following attributes are defined in attributes/default.rb of the common cookbook, but are documented here due to their relevance: - -* `openstack['endpoints']['network-api-bind']['host']` - The IP address to bind the api service to -* `openstack['endpoints']['network-api-bind']['port']` - The port to bind the api service to -* `openstack['endpoints']['network-api-bind']['bind_interface']` - The interface name to bind the api service to - -If the value of the 'bind_interface' attribute is non-nil, then the network service will be bound to the first IP address on that interface. If the value of the 'bind_interface' attribute is nil, then the network service will be bound to the IP address specified in the host attribute. - - -Templates -========= -* `neutron.conf.erb` - Config file for OpenStack Network server -* `ml2_conf.ini.erb` - Configuration of Network ML2 Plugins -* `vpn_agent.ini.erb` - Config file for Network VPN agent - -Testing +Recipes ======= -Please refer to the [TESTING.md](TESTING.md) for instructions for testing the cookbook. +## openstack-network::client +- Install the network client packages -Berkshelf -===== +## openstack-network::db_migration +- Migrates the neutron database -Berks will resolve version requirements and dependencies on first run and -store these in Berksfile.lock. If new cookbooks become available you can run -`berks update` to update the references in Berksfile.lock. Berksfile.lock will -be included in stable branches to provide a known good set of dependencies. -Berksfile.lock will not be included in development branches to encourage -development against the latest cookbooks. +## openstack-network::default +- Configures common pieces needed for all neutron services and create the + neutron.conf + +## openstack-network::dhcp_agent +- Installs the DHCP agent + +The configuration for neutron-dhcp-agent is generated from the attributes in +using the same template as for the neutron.conf + +``` +node['openstack']['network_dhcp']['conf'] +``` + +## openstack-network::fwaas +**This is a 'work in progress' recipe and is currently not tested** +- Installs the Firewall as a Service + +## openstack-network::identity_registration +- Registers the OpenStack Network API endpoint and service user with Keystone + +## openstack-network::l3_agent +- Installs the L3 agent + +The configuration for neutron-l3-agent is generated from the attributes in using +the same template as for the neutron.conf + +``` +node['openstack']['network_l3']['conf'] +``` + +## openstack-network::lbaas +- Installs the Loadbalancer as a Service + +The configuration for neutron-lbaas-agent is generated from the attributes in +using the same template as for the neutron.conf + +``` +node['openstack']['network_lbaas']['conf'] +``` + +## openstack-network::metadata_agent +- Installs the metadata agent + +The configuration for neutron-metadata-agent is generated from the attributes in +using the same template as for the neutron.conf + +``` +node['openstack']['network_metadata']['conf'] +``` + +## openstack-network::metering_agent +- Installs the metering agent + +The configuration for neutron-metadata-agent is generated from the attributes in +using the same template as for the neutron.conf + +``` +node['openstack']['network_metering']['conf'] +``` + +## openstack-network::ml2_core_plugin +- Configure the ml2_core_plugin + +## openstack-network::ml2_linuxbridge +- Configure the ml2 linuxbridge plugin + +## openstack-network::ml2_openvswitch +- Configure the ml2 openvswitch plugin + +## openstack-network::openvswitch +- Installs openvswitch + +## openstack-network::openvswitch_agent +- Installs the openvswitch agent + +## openstack-network::plugin_config +- Generates all the needed plugin configurations directly from the attributes + in: + +``` +node['openstack']['network']['plugins'][myplugin] +``` + +The final configuration file is generated exactly like all OpenStack service +configuration files (e.g. neutron.conf), but the attribute mentioned above +allows you additionally to define the file name and patch with: + +``` +# this will also generate the path recursively if not already existent +node['openstack']['network']['plugins'][myplugin]['path'] +# this defines the filename for the plugin config (e.g. ml2_conf.ini) +node['openstack']['network']['plugins'][myplugin]['filename'] +``` +In the examples above, the variable 'myplugin' can be used to generate multiple +plugin configurations with different configs and filenames. Please refer to the +recipe openstack-network::ml2_openvswitch for an full example on the usage of +this attributes. + +## openstack-network::server +- Installs the openstack-network API server (currently aka neutron-server) + +## openstack-network::vpnaas +- Installs the VPN as a Service + +The configuration for neutron-vpn-agent is generated from the attributes in +using the same template as for the neutron.conf + +``` +node['openstack']['network_vpnaas']['conf'] +``` License and Author ================== @@ -209,6 +182,7 @@ License and Author | | Mark Vanderwiel() | | | Eric Zhou() | | | Jan Klare () | +| | Christoph Albers () | | | | | **Copyright** | Copyright (c) 2013, AT&T Services, Inc. | | | Copyright (c) 2013-2014, SUSE Linux GmbH | diff --git a/metadata.rb b/metadata.rb index ed7e9c5d..cb224a34 100644 --- a/metadata.rb +++ b/metadata.rb @@ -6,13 +6,6 @@ license 'Apache 2.0' description 'Installs and configures the OpenStack Network API Service and various agents and plugins' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '13.0.0' -recipe 'openstack-network::client', 'Install packages required for network client' -recipe 'openstack-network::server', 'Installs packages required for a OpenStack Network server' -recipe 'openstack-network::openvswitch', 'Installs packages required for OVS' -recipe 'openstack-network::metadata_agent', 'Installs packages required for a OpenStack Network Metadata Agent' -recipe 'openstack-network::identity_registration', 'Registers OpenStack Network endpoints and service user with Keystone' -recipe 'openstack-network::vpn_agent', 'Installs packages required for Network VPN Agent' -recipe 'openstack-network::hyperv', 'Installs packages required for OpenStack Network Hyperv drivers' %w(ubuntu redhat centos).each do |os| supports os