Integration is provided via a plugin. There are multiple configuration settings required for proper indexing and incremental updates. Some of the settings are specified in Searchlight configuration files. Others are provided in other service configuration files.
Searchlight resource configuration options are shown below with their configuration file and default values.
See Searchlight Plugin Documentation for common options with their default values, general configuration information, and an example complete configuration.
Note
Unless you are changing to a non-default value, you do not need to specify any of the following configuration options.
[resource_plugin:os_neutron_net]
enabled = true
[resource_plugin:os_neutron_port]
enabled = true
[resource_plugin:os_neutron_subnet]
enabled = true
[resource_plugin:os_neutron_router]
enabled = true
Neutron sends notifications on create/update/delete actions on the concepts that it implements. Currently Searchlight supports indexing for networks, subnets, ports and routers.
Notifications must be configured properly for searchlight to process incremental updates. Use the following:
notification_driver = messaging
notification_topics = searchlight_indexer
Note
Restart the Neutron api service (q-svc) after making changes.
The settings above may be automatically configured by stack.sh by adding them to the following post config section in devstack. Just place the following in local.conf and copy the above settings underneath it.:
[[post-config|$NEUTRON_CONF]]
[DEFAULT]
RBAC in searchlight neutron plugin is implemented as:
Networks are visible within a tenant OR if they are shared OR if they are external. Subnets are visible within a tenant OR if their network is shared (OR for admins if their network is external) Ports are visible within a tenant (OR for admins if their network is shared or external) Routers are visible within a tenant
DHCP ports are not indexed. Neutron doesn’t provide a reliable way for Searchlight to index these ports since they are created and modified asynchronously from the subnets that they’re attached to.
All provider:* properties of networks are exposed to administrators only. All binding:* properties of ports are also visible only to administrators. The ‘distributed’ and ‘ha’ router properties are available only to administrators.
Additional properties can be protected similarly with the admin_only_fields under each plugin’s configuration section. Glob-like patterns are supported. For instance:
[resource_plugin:os_neutron_net]
admin_only_fields=admin_state_up,status
See: ADMIN_ONLY_FIELDS in: * searchlight/elasticsearch/plugins/neutron/networks.py * searchlight/elasticsearch/plugins/neutron/ports.py * searchlight/elasticsearch/plugins/neutron/routers.py