NOTE:

This repository is no longer active - the role has moved to the Ansible collection at ➡️ https://github.com/stackhpc/ansible-collection-openstack

OpenStack Networks

This role helps you register networks, subnets, and routers in Neutron using the os_network, os_subnet, and os_router modules.

Requirements

You need to be able to access the OpenStack Neutron API from the machine where you run this role.

Role Variables

• os_networks_venv: Directory path to create a virtual environment.

• os_networks_auth_type: Type of authentication, compatible with auth_type in os_* Ansible modules.

• os_networks_auth: Dictionary with authentication details, compatible with auth in os_* Ansible modules.

• os_networks_cacert: Optional path to a CA certificate bundle.

• os_networks_cloud: Optional cloud name from clouds.yaml.

• os_networks_interface: Service endpoint type: public, admin, or internal.

• os_networks: List of networks to create. Each network should have:

  • name: Name of the Neutron network.
  • provider_network_type: Type of the provider network.
  • provider_physical_network: Physical network for the provider.
  • provider_segmentation_id: Segmentation ID for the provider network.
  • shared: Indicates if the network is shared.
  • external: Indicates if the network is external.
  • project: Optionally create for a different project.
  • state: Optional status of the network, defaults to present.
  • mtu: Optional MTU value to avoid fragmentation. Defaults used if not specified (requires Ansible >= 2.9).
  • port_security_enabled: Enable or disable port security (requires Ansible >= 2.8).
  • dns_domain: Optional DNS domain value (defaults used if not specified).
  • subnets: List of subnets to create in this network. Each subnet should have:
    • name: Name of the Neutron subnet.
    • cidr: CIDR format of the subnet's IP network.
    • dns_nameservers: List of DNS servers for the subnet.
    • extra_specs: Optional extra specs as key/value pairs (requires Ansible >= 2.7).
    • gateway_ip: IP address of the subnet's gateway.
    • no_gateway_ip: Omit gateway IP option (defaults determined based on gateway_ip).
    • enable_dhcp: Enable or disable DHCP for the subnet.
    • allocation_pool_start: Starting IP for the subnet's allocation pool.
    • allocation_pool_end: Ending IP for the subnet's allocation pool.
    • host_routes: List of static routes for hosts on this subnet, including destination and nexthop.
    • ip_version: Optional IP version for the subnet.
    • ipv6_address_mode, ipv6_ra_mode: Optional modes for IPv6 addressing and router advertisements.
    • use_default_subnetpool: Use default subnet pool for the IP version.
    • project: Optionally create for a different project.
    • state: Optional status of the subnet, defaults to present.

• os_networks_routers: List of routers to create. Each router should have:

  • name: Name of the Neutron router.
  • interfaces: Names of subnets to connect to the router.
  • network: Name or ID of the external network.
  • external_fixed_ips: Optional list of IP settings for the external network.
  • project: Optionally create for a different project.
  • state: Optional status of the router, defaults to present.

• os_networks_security_groups: List of security groups to create. Each group should have:

  • name: Name of the security group.
  • description: Optional description of the group.
  • project: Optional project for the group.
  • state: Optional status of the group, defaults to present.
  • rules: Optional rules for the group. Each rule should contain:
    • direction: Optional direction of the rule, defaults to ingress.
    • ethertype: Optional type, defaults to IPv4.
    • port_range_min, port_range_max: Optional port range.
    • protocol: Optional protocol.
    • remote_group: Optional related security group.
    • remote_ip_prefix: Optional source IP prefix in CIDR format.
    • state: Optional status of the rule, defaults to present.

• os_networks_rbac: List of role-based access control details for named networks. Each item should specify:

  • network: Name of the network to share.
  • access: Sharing mode options: access_as_external or access_as_shared.
  • projects: List of projects to share with.

NOTE: RBAC settings cannot be changed once created.

Dependencies

This role requires the stackhpc.os_openstacksdk role.

Example Playbook

This playbook registers a Neutron network, subnet, and router, and defines a static route for access.

---
- name: Ensure networks, subnets and routers are registered
  hosts: neutron-api
  roles:
    - role: os-networks
      os_networks_venv: "~/os-networks-venv"
      os_networks_auth_type: "password"
      os_networks_auth:
        project_name: <keystone project>
        username: <keystone user>
        password: <keystone password>
        auth_url: <keystone auth URL>
      os_networks:
        - name: net1
          provider_network_type: vlan
          provider_physical_network: physnet1
          provider_segmentation_id: 1234
          shared: true
          external: false
          subnets:
            - name: subnet1
              cidr: 10.0.0.0/24
              gateway_ip: 10.0.0.1
              allocation_pool_start: 10.0.0.2
              allocation_pool_end: 10.0.0.254
              host_routes:
                - destination: 10.0.1.0/24
                  nexthop: 10.0.0.254
      os_networks_routers:
        - name: router1
          interfaces:
            - subnet1
          network: net1
      os_networks_security_groups:
        - name: secgroup1
          rules:
            - protocol: icmp

Author Information

• Mark Goddard (mark@stackhpc.com)