/
Neutron
Document toolboxDocument toolbox

Neutron

Owned by Jyothi KP
Last updated: Aug 01, 2022
4 min read

The Grid connectivity and credentials configuration must be added to the neutron.conf file in infoblox and infoblox-dc stanzas. The infoblox stanza contains keystone authentication and a list of Grids, and then in each there is an infoblox-dc stanza containing the appropriate configuration for each Grid. Support for multiple Grids is not yet available.

For keystone authentication, add an entry for the following configuration:
keystone_auth_uri = <auth_uri>
keystone_admin_username = <username>
keystone_admin_password = <password>

If keystone_auth_uri does not include keystone version, then configure keystone_auth_version or it will take version 2.0 by default.
keystone_auth_version = <auth_version>

For keystone version 2.0, add:
keystone_admin_tenant_name = <tenant_name>

For keystone version 3, add:
keystone_admin_user_domain_id = <user_domain_id>

Note

For keystone version 3, you can set any one of the following scopes: project level or domain level.

# if authorization is project-level scope add:
keystone_admin_project_name = <project_name>
keystone_admin_project_domain_id = <project_domain_id>

# if authorization is domain-level scope add:
keystone_admin_domain_id = <domain_id>

For TLS support, add the following keystone configuration:
cafile = <cafile>
insecure = <True/False> # default value: False
cert = <cert>
key = <key>

The following table lists general configuration options for the Infoblox IPAM Driver for OpenStack Neutron.

Option

Description

Option

Description

keystone_auth_uri

OpenStack keystone authentication URI

keystone_admin_username

OpenStack keystone admin user name

keystone_admin_password

Password of keystone admin user

keystone_auth_version

OpenStack keystone version

keystone_admin_tenant_name

Tenant name of keystone admin user

keystone_admin_user_domain_id

User Domain Id of keystone admin user

keystone_admin_project_name

Project name of keystone admin user

keystone_admin_project_domain_id

Project Domain Id of keystone admin user

keystone_admin_domain_id

Domain Id of keystone admin user

cafile

CA certificate bundle file for keystone authentication

insecure

Disable server certificate verification

cert

Client certificate bundle file for keystone authentication

key

Client certificate key file for keystone authentication

cloud_data_center_id

An integer ID used for the data center. This is used to form the stanza name for the rest of the options. If you have multiple instances of OpenStack sharing the same Infoblox Grid, this ID needs to be unique across the instances. The ID should begin with 1 and increment by 1 as you add another OpenStack instance. This ID is used to generate a unique ID for a network view that is cached in neutron database. Starting it with a very high number may exceed the max length of a network view id.

grid_master_host

The IP address, hostname, or FQDN of the Grid Master (GM). Proxying is supported so this does not have to be the exact IP or hostname of the GM if you have a situation where you cannot reach the GM directly in your network. It can be any connection information that proxies to the GM.

grid_master_name

The name of the Grid Master (GM) This has to be the exact GM name registered in the Infoblox Grid.

admin_user_name

The user name to use for the WAPI

admin_password

The password to use for the WAPI

wapi_version

The WAPI version to use. Supported versions: WAPI version 2.5 and later ; NIOS 8.1.0 and later

wapi_max_results

The maximum number of objects to be returned by WAPI. If this is set to a negative number, WAPI will return an error when the number of returned objects would exceed the setting. If this is set to a positive number, the results will be truncated when necessary. The default is -1000. If you experience the “Result set too large” error, increase this value

ssl_verify

Set to false if you use a self-signed SSL certificate, and true if you use a certificate signed by a known certificate authority. You can also set this to a path to a certificate file so that verification will be done even for a self-signed certificate. Using a value of False in a production environment is not secure.

http_pool_connections,
http_pool_maxsize,
http_request_timeout

Optional parameters to control the HTTP session pool

Additionally, the ipam_driver option must be set in neutron.conf to “infoblox”.

Note

These settings must be done on each controller that runs the Neutron service.

Example:
[DEFAULT]
ipam_driver = infoblox
notification_driver = messagingv2
notification_topics = notifications

[infoblox]
cloud_data_center_id = 1
keystone_admin_project_domain_id = default
keystone_admin_user_domain_id = default
keystone_admin_domain_id = default
keystone_admin_username = admin
keystone_admin_password = infoblox
keystone_auth_uri = http://10.39.12.101/identity
keystone_auth_version = v3
cafile = /opt/stack/data/ca-bundle.pem
insecure = False
key = <key>
cert = <cert>

[infoblox-dc:1]
grid_master_host = 10.35.114.2
grid_master_name = gmc.com
admin_user_name = admin
admin_password = infoblox
wapi_version = 2.7
wapi_max_results = -50000

If Cloud Platform (CP) member is part of the NIOS Grid, then create a user with cloud-api-only user group and configure the user as described in the section Configuring a User and update neutron.conf as follows:
Example:
[infoblox-dc:1]
grid_master_host = 10.35.114.2
grid_master_name = gmc.com
admin_user_name = cloud-api-only_user_name
admin_password = cloud-api-only_user_password
wapi_version = 2.7
wapi_max_results = -50000

If you want to use CP members only, use the CP Members Host IP address in the grid_master_host field.
Example:
[infoblox-dc:1]
grid_master_host = x.x.x.x(CP Host IP)
grid_master_name = gmc.com (grid_master_hostname)
admin_user_name = cloud-api-only_user_name
admin_password = cloud-api-only_user_password
wapi_version = 2.7
wapi_max_results = -50000

Related content