3 # Installs the neutron package and configures
4 # /etc/neutron/neutron.conf
9 # (required) Whether or not to enable the neutron service
13 # (optional) The state of the package
14 # Defaults to 'present'
17 # (optional) Verbose logging
21 # (optional) Print debug messages in the logs
25 # (optional) The IP/interface to bind to
26 # Defaults to 0.0.0.0 (all interfaces)
29 # (optional) The port to use
33 # (optional) Neutron plugin provider
34 # Defaults to openvswitch
35 # Could be bigswitch, brocade, cisco, embrane, hyperv, linuxbridge, midonet, ml2, mlnx, nec, nicira, plumgrid, ryu
38 # (optional) Advanced service modules.
39 # Could be an array that can have these elements:
40 # router, firewall, lbaas, vpnaas, metering
44 # (optional) How to authenticate
45 # Defaults to 'keystone'. 'noauth' is the only other valid option
48 # (optional) The MAC address pattern to use.
49 # Defaults to fa:16:3e:00:00:00
51 # [*mac_generation_retries*]
52 # (optional) How many times to try to generate a unique mac
55 # [*dhcp_lease_duration*]
56 # (optional) DHCP lease
57 # Defaults to 86400 seconds
59 # [*dhcp_agents_per_network*]
60 # (optional) Number of DHCP agents scheduled to host a network.
61 # This enables redundant DHCP agents for configured networks.
64 # [*network_device_mtu*]
65 # (optional) The MTU size for the interfaces managed by neutron
68 # [*dhcp_agent_notification*]
69 # (optional) Allow sending resource operation notification to DHCP agent.
73 # (optional) Enable bulk crud operations
76 # [*allow_pagination*]
77 # (optional) Enable pagination
81 # (optional) Enable sorting
84 # [*allow_overlapping_ips*]
85 # (optional) Enables network namespaces
88 # [*api_extensions_path*]
89 # (optional) Specify additional paths for API extensions that the
90 # module in use needs to load.
94 # (optional) Seconds between nodes reporting state to server; should be less than
95 # agent_down_time, best if it is half or less than agent_down_time.
96 # agent_down_time is a config for neutron-server, set by class neutron::server
97 # report_interval is a config for neutron agents, set by class neutron
100 # [*control_exchange*]
101 # (optional) What RPC queue/exchange to use
102 # Defaults to neutron
105 # (optional) what rpc/queuing service to use
106 # Defaults to impl_kombu (rabbitmq)
108 # [*rabbit_password*]
112 # (optional) Various rabbitmq settings
115 # (optional) array of rabbitmq servers for HA.
116 # A single IP address, such as a VIP, can be used for load-balancing
117 # multiple RabbitMQ Brokers.
121 # (optional) Connect over SSL for RabbitMQ
124 # [*kombu_ssl_ca_certs*]
125 # (optional) SSL certification authority file (valid only if SSL enabled).
128 # [*kombu_ssl_certfile*]
129 # (optional) SSL cert file (valid only if SSL enabled).
132 # [*kombu_ssl_keyfile*]
133 # (optional) SSL key file (valid only if SSL enabled).
136 # [*kombu_ssl_version*]
137 # (optional) SSL version to use (valid only if SSL enabled).
138 # Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
139 # available on some distributions.
140 # Defaults to 'TLSv1'
142 # [*kombu_reconnect_delay*]
143 # (optional) The amount of time to wait before attempting to reconnect
144 # to MQ provider. This is used in some cases where you may need to wait
145 # for the provider to propery premote the master before attempting to
146 # reconnect. See https://review.openstack.org/#/c/76686
155 # [*qpid_tcp_nodelay*]
157 # [*qpid_reconnect_timeout*]
158 # [*qpid_reconnect_limit*]
159 # [*qpid_reconnect_interval*]
160 # [*qpid_reconnect_interval_min*]
161 # [*qpid_reconnect_interval_max*]
162 # (optional) various QPID options
165 # (optinal) Enable SSL on the API server
166 # Defaults to false, not set
169 # (optinal) certificate file to use when starting api server securely
170 # defaults to false, not set
173 # (optional) Private key file to use when starting API server securely
174 # Defaults to false, not set
177 # (optional) CA certificate file to use to verify connecting clients
178 # Defaults to false, not set
181 # (optional) Use syslog for logging
185 # (optional) Syslog facility to receive log lines
186 # Defaults to LOG_USER
189 # (optional) Where to log
193 # (optional) Directory where logs should be stored
194 # If set to boolean false, it will not log to any directory
195 # Defaults to /var/log/neutron
199 $package_ensure = 'present',
202 $bind_host = '0.0.0.0',
204 $core_plugin = 'openvswitch',
205 $service_plugins = undef,
206 $auth_strategy = 'keystone',
207 $base_mac = 'fa:16:3e:00:00:00',
208 $mac_generation_retries = 16,
209 $dhcp_lease_duration = 86400,
210 $dhcp_agents_per_network = 1,
211 $network_device_mtu = undef,
212 $dhcp_agent_notification = true,
214 $allow_pagination = false,
215 $allow_sorting = false,
216 $allow_overlapping_ips = false,
217 $api_extensions_path = undef,
218 $root_helper = 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf',
219 $report_interval = '30',
220 $control_exchange = 'neutron',
221 $rpc_backend = 'neutron.openstack.common.rpc.impl_kombu',
222 $rabbit_password = false,
223 $rabbit_host = 'localhost',
224 $rabbit_hosts = false,
225 $rabbit_port = '5672',
226 $rabbit_user = 'guest',
227 $rabbit_virtual_host = '/',
228 $rabbit_use_ssl = false,
229 $kombu_ssl_ca_certs = undef,
230 $kombu_ssl_certfile = undef,
231 $kombu_ssl_keyfile = undef,
232 $kombu_ssl_version = 'TLSv1',
233 $kombu_reconnect_delay = '1.0',
234 $qpid_hostname = 'localhost',
236 $qpid_username = 'guest',
237 $qpid_password = 'guest',
238 $qpid_heartbeat = 60,
239 $qpid_protocol = 'tcp',
240 $qpid_tcp_nodelay = true,
241 $qpid_reconnect = true,
242 $qpid_reconnect_timeout = 0,
243 $qpid_reconnect_limit = 0,
244 $qpid_reconnect_interval_min = 0,
245 $qpid_reconnect_interval_max = 0,
246 $qpid_reconnect_interval = 0,
252 $log_facility = 'LOG_USER',
254 $log_dir = '/var/log/neutron',
257 include neutron::params
259 Package['neutron'] -> Neutron_config<||>
260 Package['neutron'] -> Nova_Admin_Tenant_Id_Setter<||>
264 fail('The cert_file parameter is required when use_ssl is set to true')
267 fail('The key_file parameter is required when use_ssl is set to true')
271 if $ca_file and !$use_ssl {
272 fail('The ca_file parameter requires that use_ssl to be set to true')
275 if $kombu_ssl_ca_certs and !$rabbit_use_ssl {
276 fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
278 if $kombu_ssl_certfile and !$rabbit_use_ssl {
279 fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
281 if $kombu_ssl_keyfile and !$rabbit_use_ssl {
282 fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
284 if ($kombu_ssl_certfile and !$kombu_ssl_keyfile) or ($kombu_ssl_keyfile and !$kombu_ssl_certfile) {
285 fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together')
289 require => Package['neutron'],
295 file { '/etc/neutron':
300 file { '/etc/neutron/neutron.conf': }
303 ensure => $package_ensure,
304 name => $::neutron::params::package_name,
308 'DEFAULT/verbose': value => $verbose;
309 'DEFAULT/debug': value => $debug;
310 'DEFAULT/bind_host': value => $bind_host;
311 'DEFAULT/bind_port': value => $bind_port;
312 'DEFAULT/auth_strategy': value => $auth_strategy;
313 'DEFAULT/core_plugin': value => $core_plugin;
314 'DEFAULT/base_mac': value => $base_mac;
315 'DEFAULT/mac_generation_retries': value => $mac_generation_retries;
316 'DEFAULT/dhcp_lease_duration': value => $dhcp_lease_duration;
317 'DEFAULT/dhcp_agents_per_network': value => $dhcp_agents_per_network;
318 'DEFAULT/dhcp_agent_notification': value => $dhcp_agent_notification;
319 'DEFAULT/allow_bulk': value => $allow_bulk;
320 'DEFAULT/allow_pagination': value => $allow_pagination;
321 'DEFAULT/allow_sorting': value => $allow_sorting;
322 'DEFAULT/allow_overlapping_ips': value => $allow_overlapping_ips;
323 'DEFAULT/control_exchange': value => $control_exchange;
324 'DEFAULT/rpc_backend': value => $rpc_backend;
325 'DEFAULT/api_extensions_path': value => $api_extensions_path;
326 'agent/root_helper': value => $root_helper;
327 'agent/report_interval': value => $report_interval;
332 'DEFAULT/log_file': value => $log_file;
333 'DEFAULT/log_dir': value => $log_dir;
338 'DEFAULT/log_dir': value => $log_dir;
339 'DEFAULT/log_file': ensure => absent;
343 'DEFAULT/log_dir': ensure => absent;
344 'DEFAULT/log_file': ensure => absent;
349 if $network_device_mtu {
351 'DEFAULT/network_device_mtu': value => $network_device_mtu;
355 'DEFAULT/network_device_mtu': ensure => absent;
360 if $service_plugins {
361 if is_array($service_plugins) {
362 neutron_config { 'DEFAULT/service_plugins': value => join($service_plugins, ',') }
364 fail('service_plugins should be an array.')
368 if $rpc_backend == 'neutron.openstack.common.rpc.impl_kombu' {
369 if ! $rabbit_password {
370 fail('When rpc_backend is rabbitmq, you must set rabbit password')
373 neutron_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') }
374 neutron_config { 'DEFAULT/rabbit_ha_queues': value => true }
376 neutron_config { 'DEFAULT/rabbit_host': value => $rabbit_host }
377 neutron_config { 'DEFAULT/rabbit_port': value => $rabbit_port }
378 neutron_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" }
379 neutron_config { 'DEFAULT/rabbit_ha_queues': value => false }
383 'DEFAULT/rabbit_userid': value => $rabbit_user;
384 'DEFAULT/rabbit_password': value => $rabbit_password, secret => true;
385 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
386 'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl;
387 'DEFAULT/kombu_reconnect_delay': value => $kombu_reconnect_delay;
392 if $kombu_ssl_ca_certs {
393 neutron_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; }
395 neutron_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; }
398 if $kombu_ssl_certfile or $kombu_ssl_keyfile {
400 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
401 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile;
405 'DEFAULT/kombu_ssl_certfile': ensure => absent;
406 'DEFAULT/kombu_ssl_keyfile': ensure => absent;
410 if $kombu_ssl_version {
411 neutron_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version; }
413 neutron_config { 'DEFAULT/kombu_ssl_version': ensure => absent; }
418 'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
419 'DEFAULT/kombu_ssl_certfile': ensure => absent;
420 'DEFAULT/kombu_ssl_keyfile': ensure => absent;
421 'DEFAULT/kombu_ssl_version': ensure => absent;
427 if $rpc_backend == 'neutron.openstack.common.rpc.impl_qpid' {
429 'DEFAULT/qpid_hostname': value => $qpid_hostname;
430 'DEFAULT/qpid_port': value => $qpid_port;
431 'DEFAULT/qpid_username': value => $qpid_username;
432 'DEFAULT/qpid_password': value => $qpid_password, secret => true;
433 'DEFAULT/qpid_heartbeat': value => $qpid_heartbeat;
434 'DEFAULT/qpid_protocol': value => $qpid_protocol;
435 'DEFAULT/qpid_tcp_nodelay': value => $qpid_tcp_nodelay;
436 'DEFAULT/qpid_reconnect': value => $qpid_reconnect;
437 'DEFAULT/qpid_reconnect_timeout': value => $qpid_reconnect_timeout;
438 'DEFAULT/qpid_reconnect_limit': value => $qpid_reconnect_limit;
439 'DEFAULT/qpid_reconnect_interval_min': value => $qpid_reconnect_interval_min;
440 'DEFAULT/qpid_reconnect_interval_max': value => $qpid_reconnect_interval_max;
441 'DEFAULT/qpid_reconnect_interval': value => $qpid_reconnect_interval;
446 neutron_config { 'DEFAULT/use_ssl' : value => $use_ssl; }
449 'DEFAULT/ssl_cert_file' : value => $cert_file;
450 'DEFAULT/ssl_key_file' : value => $key_file;
453 neutron_config { 'DEFAULT/ssl_ca_file' : value => $ca_file; }
455 neutron_config { 'DEFAULT/ssl_ca_file' : ensure => absent; }
459 'DEFAULT/ssl_cert_file': ensure => absent;
460 'DEFAULT/ssl_key_file': ensure => absent;
461 'DEFAULT/ssl_ca_file': ensure => absent;
467 'DEFAULT/use_syslog': value => true;
468 'DEFAULT/syslog_log_facility': value => $log_facility;
472 'DEFAULT/use_syslog': value => false;