Windows>> ansible-role-os-networks>> 返回
项目作者: stackhpc

项目描述 :
Ansible role to register OpenStack networks, subnets and routers
高级语言:
项目地址: git://github.com/stackhpc/ansible-role-os-networks.git
创建时间: 2017-05-16T17:06:31Z
项目社区:https://github.com/stackhpc/ansible-role-os-networks
开源协议:Apache License 2.0
下载


NOTE:

This repository is no longer maintained - role has been moved to Ansible
collection
now ➡️ https://github.com/stackhpc/ansible-collection-openstack

OpenStack Networks

This role can be used to register networks, subnets and routers in neutron
using the os_network, os_subnet and os_router modules.

Requirements

The OpenStack neutron API should be accessible from the target host.

Role Variables

os_networks_venv is a path to a directory in which to create a virtualenv.

os_networks_auth_type is an authentication type compatible with the
auth_type argument of os_* Ansible modules.

os_networks_auth is a dict containing authentication information
compatible with the auth argument of os_* Ansible modules.

os_networks_cacert is an optional path to a CA certificate bundle.

os_networks_cloud is an optional name of a cloud in clouds.yaml.

os_networks_interface is the endpoint URL type to fetch from the service
catalog. Maybe be one of public, admin, or internal.

os_networks is a list of networks to register. Each item should be a
dict containing the following items:

  • name: Name of the neutron network.
  • provider_network_type: Provider type of the neutron network.
  • provider_physical_network: Provider physical network of the neutron
    network.
  • provider_segmentation_id: Provider segmentation ID of the neutron network.
  • shared: Whether the neutron network is shared.
  • external: Whether the neutron network is external.
  • project: Optionally create this network for a project other than the
    authenticating project.
  • state: Optional state of the network, default is present.
  • mtu: The maximum transmission unit (MTU) value to address fragmentation.
    Network will use OpenStack defaults if this option is not provided.
    Requires ansible >= 2.9.
  • port_security_enabled: Whether port security is enabled on the network
    or not. Network will use OpenStack defaults if this option is not utilised.
    Boolean, true to enable, false otherwise. Requires ansible >= 2.8.
  • dns_domain: The DNS domain value to set. Network will use Openstack
    defaults if this option is not provided. Requires ansible >= 2.9.
  • subnets: A list of subnets to create in this network. Each item should
    be a dict containing the following items:
    • name: Name of the neutron subnet.
    • cidr: CIDR representation of the neutron subnet’s IP network.
    • dns_nameservers: A list of DNS nameservers for the subnet.
    • extra_specs: Optional Dictionary with extra key/value pairs
      passed to the API. Requires ansible >= 2.7.
    • gateway_ip: IP address of the neutron subnet’s gateway.
    • no_gateway_ip: Optional boolean, whether to omit a gateway IP. If unset,
      this will be true if gateway_ip is specified, and false otherwise.
    • enable_dhcp: Whether to enable DHCP on the subnet.
    • allocation_pool_start: Start of the neutron subnet’s IP allocation
      pool.
    • allocation_pool_end: End of the neutron subnet’s IP allocation pool.
    • host_routes: A list of classless static routes to supply to hosts
      connected to this subnet. A list of dicts of destination
      (destination network in CIDR encoding) and nexthop
      (router IP on this subnet) must be supplied.
    • ip_version: Optional IP version for the subnet.
    • ipv6_address_mode: Optional IPv6 address mode for the subnet.
    • ipv6_ra_mode: Optional IPv6 router advertisement mode for the subnet.
    • use_default_subnetpool: Optional boolean, whether to use the default
      subnet pool for the IP version.
    • project: Optionally create this subnet for a project other than the
      authenticating project.
    • state: Optional state of the subnet, default is present.

os_networks_routers is a list of routers to create. Each item should be a
dict containing the following items:

  • name: Name of the neutron router.
  • interfaces: List of names of subnets to attach to the router
    internal interface.
  • network: Unique name or ID of the external gateway network.
  • external_fixed_ips: Optional list of IP address parameters for the
    external gateway network. Each is a dictionary with the subnet name or
    subnet ID and the IP address to assign on the subnet.
  • project: Optionally create this router for a project other than the
    authenticating project.
  • state: Optional state of the router, default is present.

os_networks_security_groups: List of security groups to create.
Each item should be a dict containing the following items:

  • name: Name of the security group.
  • description: Optional description of the security group.
  • project: Optional project in which to register the security group.
  • state: Optional state of the security group, default is present.
  • rules: Optional list of rules to add to the security group. Each item
    should be a dict containing the following items:
    • direction: Optional direction of the rule, default is ingress.
    • ethertype: Optional Ethertype of the rule, default is IPv4
    • port_range_min: Optional starting port.
    • port_range_max: Optional ending port.
    • protocol: Optional IP protocol of the rule.
    • remote_group: Optional name or ID of the security group to link.
    • remote_ip_prefix: Optional source IP address prefix in CIDR notation.
    • state: Optional state of the rule, default is present.

os_networks_rbac is a list of role-based access control
shares for named networks and projects. See the Neutron RBAC admin
guide
for details. Each entry in the list is a dictionary containing the
following items:

  • network: The name of the network to share. This network is normally
    owned by the admin project and not shared or external.
  • access: The mode of sharing with the target project(s). Valid options
    are access_as_external and access_as_shared
  • projects: A list of project names for sharing the named network
    in the designated way.

NOTE: RBAC assignments cannot be modified after they are created.

Dependencies

This role depends on the stackhpc.os_openstacksdk role.

Example Playbook

The following playbook registers a neutron network, subnet and router.
A classless static route is defined to access another subnet through a
different gateway.

  1. ---
  2. - name: Ensure networks, subnets and routers are registered
  3.   hosts: neutron-api
  4.   roles:
  5.     - role: os-networks
  6.       os_networks_venv: "~/os-networks-venv"
  7.       os_networks_auth_type: "password"
  8.       os_networks_auth:
  9.         project_name: <keystone project>
  10.         username: <keystone user>
  11.         password: <keystone password>
  12.         auth_url: <keystone auth URL>
  13.       os_networks:
  14.         - name: net1
  15.           provider_network_type: vlan
  16.           provider_physical_network: physnet1
  17.           provider_segmentation_id: 1234
  18.           shared: true
  19.           external: false
  20.           subnets:
  21.             - name: subnet1
  22.               cidr: 10.0.0.0/24
  23.               gateway_ip: 10.0.0.1
  24.               allocation_pool_start: 10.0.0.2
  25.               allocation_pool_end: 10.0.0.254
  26.               host_routes:
  27.                 - destination: 10.0.1.0/24
  28.                   nexthop: 10.0.0.254
  29.       os_networks_routers:
  30.         - name: router1
  31.           interfaces:
  32.             - subnet1
  33.           network: net1
  34.       os_networks_security_groups:
  35.         - name: secgroup1
  36.           rules:
  37.             - protocol: icmp

Author Information