This cookbook configures the networking required for OpenStack, specifically for the compute service nova.


Chef 0.10.0 or higher required (for Chef environment use)


  • CentOS >= 6.3
  • Ubuntu >= 12.04


The following cookbooks are dependencies:

  • mysql
  • nova
  • osops-utils
  • sysctl


Nova Networking

  • nova["network"]["provider"] - The networking provider to use with nova. By default this is set to nova, but can be changed to neutron.
  • nova["networks"] - An array of networks to be assigned to instances on creation


        "label" => "public",
        "ipv4_cidr" => "",
        "bridge" => "br100",
        "bridge_dev" => "eth2",
        "dns1" => "",
        "dns2" => ""
        "label" => "private",
        "ipv4_cidr" => "",
        "bridge" => "br200",
        "bridge_dev" => "eth3",
        "dns1" => "",
        "dns2" => ""
  • nova["network"]["public_interface"] - Interface for public IPs
  • nova["network"]["dmz_cidr"] - A dmz range that should be accepted
  • nova["network"]["network_manager"] - Class name for network manager
  • nova["network"]["dhcp_domain"] - Domain to use for building hostnames
  • nova["network"]["force_dhcp_release"] - Send DHCP release on instance termination?
  • nova["network"]["send_arp_for_ha"] - Send gratuitous ARPs for HA setup?
  • nova["network"]["auto_assign_floating_ip"] - Auto-assigning floating ip to VM?
  • nova["network"]["floating_pool_name"] - if creating a floating ip pool, what to name it
  • nova["network"]["multi_host"] - Use multi-host mode?
  • nova["network"]["platform"] - Hash of platform specific package/service names and options

Neutron Networking

  • neutron["network_api_class"] - used in nova.conf.the neutron api driver class.
  • neutron["auth_strategy"] - used in nova.conf. the authentication strategy to use, by default this is set to keystone
  • neutron["libvirt_vif_driver"]- used in nova.conf. the virtual interface driver, by default nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
  • neutron["linuxnet_interface_driver"] - used in nova.conf. the linux net interface driver, by default
  • neutron["firewall_driver"] - used in nova.conf. the firewall driver to use, by default nova.virt.libvirt.firewall.IptablesFirewallDriver
  • neutron["agent_down_time"] - Seconds elapsed until an agent is considered down
  • neutron["services"]["api"]["scheme"] - scheme for service (http/https)
  • neutron["services"]["api"]["network"] - osops_networks network name which service operates on
  • neutron["services"]["api"]["port"] - port service binds to
  • neutron["services"]["api"]["path"] - service URI
  • neutron["services"]["api"]["cert_override"] - for https - specify a custom certificate file location
  • neutron["services"]["api"]["key_override"] - for https - specify a custom key file location
  • neutron["db"]["name"] - database name
  • neutron["db"]["username"] - database username
  • neutron["db"]["service_tenant_name"] - defaults to service
  • neutron["db"]["service_user"] - defaults to neutron
  • neutron["db"]["service_role"] - defaults to admin
  • neutron["database"]["sqlalchemy_pool_size"] - defaults to 5
  • neutron["debug"] - default log level is INFO
  • neutron["verbose"] - default log level is INFO
  • neutron["overlap_ips"] - Enable or disable overlapping IPs for subnets. MUST be set to False if Neutron is being used in conjunction with nova security groups and/or metadata service.
  • neutron["use_namespaces"] - should correspond to overlap_ips used for dhcp agent and l3 agent.
  • neutron["plugin"] - select the neutron backend driver plugin to use, currently only supports openvswitch
  • neutron["l3"]["router_id"] - once a default network and router are created update the environment with the router uuid
  • neutron["l3"]["gateway_external_net_id"] - once a default network and router are created update the environment with the external network uuid
  • neutron["ovs"]["network_type"] - used to select the network type, currently only supports gre tunnels.
  • neutron["ovs"]["tunneling"] - must be true if using GRE
  • neutron["ovs"]["tunnel_ranges"] - Enumerating ranges of GRE tunnel ID
  • neutron["ovs"]["tunnel_bridge"] - the tunnel interface name
  • neutron["ovs"]["external_bridge"] - the external interface name
  • neutron["ovs"]["external_interface"] - an available interface on the node that will access the external network
  • neutron["dhcp_domain"] - Domain to use for instance host names
  • neutron["ovs"]["provider_networks"] - an Array of provider networks to create. Example:
    "label" => "ph-eth1",
    "bridge" => "br-eth1",
    "vlans" => "1:1000"
    "label" => "ph-eth0",
    "bridge" => "br-eth0",
    "vlans" => "1001:1024"


The recipes nova-controller and nova-compute are used in their corresponding roles single-controller and single-compute. The role neutron-network-manager has been added to indicate a node that is running l3_agent, dhcp_agent, and ovs_plugin.

Networks LWRP

The nova-network cookbook has a resource and provider named networks. This LWRP provides the ability to create a fixed network, delete a fixed network, create a floating ip network, and delete a floating ip network.


Create a fixed network

nova_network_networks "Create #{label}" do
    label label
    multi_host T|F
    fixed_range cidr
    bridge host bridge name (i.e. br100)
    bridge_int host bridge interface (i.e. eth0)
    dns1 primary dns server ip or name
    dns2 secondary dns server ip or name
    action :create_fixed

Delete a fixed_network

nova_network_networks "Delete #{label}" do
    fixed_range cidr
    action :delete_fixed

Create a floating ip network

nova_network_networks "Create floating ip network #{cidr}" do
    pool floating_pool_name
    float_range cidr
    action :create_floating

Delete a floating ip network

nova_network_networks "Delete floating ip network #{cidr}" do
    float_range cidr
    action :delete_floating

License and Author

Author:: Justin Shepherd (
Author:: Jason Cannavale (
Author:: Ron Pedde (
Author:: Joseph Breu (
Author:: William Kelly (
Author:: Darren Birkett (
Author:: Evan Callicoat (
Author:: Chris Laco (
Author:: Matt Thompson (
Author:: Andy McCrae (

Copyright 2012-2013, Rackspace US, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.