OpenStack to Nautobot Synchronization
This guide explains how OpenStack data (Keystone, Neutron, Ironic) is
synchronized to Nautobot and how to handle situations when they get out of sync.
Event-Driven Sync
Under normal operation, OpenStack data is automatically synchronized to Nautobot
via Oslo notifications. When changes occur, events are published to RabbitMQ
and processed by Argo Events workflows.
How It Works
- OpenStack services publish Oslo notifications to RabbitMQ when resources change
- Argo Events EventSources consume messages from the queues
- Sensors filter for relevant events and trigger workflows
- The
openstack-oslo-eventworkflow processes the event and updates Nautobot
Supported Events
The following events trigger Nautobot updates:
| Service | Event Type | Action |
|---|---|---|
| Keystone | identity.project.created |
Creates tenant in Nautobot |
| Keystone | identity.project.updated |
Updates tenant in Nautobot |
| Keystone | identity.project.deleted |
Deletes tenant from Nautobot |
| Neutron | network.create.end |
Creates UCVNI in Nautobot |
| Neutron | network.update.end |
Updates UCVNI in Nautobot |
| Neutron | network.delete.end |
Deletes UCVNI from Nautobot |
| Neutron | subnet.create.end |
Creates IPAM namespace/prefix in Nautobot |
| Neutron | subnet.update.end |
Updates IPAM namespace/prefix in Nautobot |
| Neutron | subnet.delete.end |
Deletes IPAM namespace/prefix from Nautobot |
| Ironic | baremetal.node.update.end |
Updates device in Nautobot |
| Ironic | baremetal.node.delete.end |
Deletes device from Nautobot |
| Ironic | baremetal.node.provision_set.end |
Updates device status and syncs inspection data |
| Ironic | baremetal.port.create.end |
Creates interface in Nautobot |
| Ironic | baremetal.port.update.end |
Updates interface in Nautobot |
| Ironic | baremetal.port.delete.end |
Deletes interface from Nautobot |
| Ironic | baremetal.portgroup.create.end |
Creates interface in Nautobot |
| Ironic | baremetal.portgroup.update.end |
Updates interface in Nautobot |
| Ironic | baremetal.portgroup.delete.end |
Deletes interface from Nautobot |
Data Synchronized
Keystone Projects → Nautobot Tenants:
- Tenant name and description
Neutron Networks → Nautobot UCVNIs:
- UCVNI identifier and VLAN segmentation ID
- Associated tenant
Neutron Subnets → Nautobot IPAM:
- IPAM namespace per network
- Prefix with CIDR
Ironic Nodes → Nautobot Devices:
- Device name (generated from manufacturer and service tag)
- Serial number
- Manufacturer and model
- Hardware specs (memory, CPUs, local storage)
- Provision state (mapped to Nautobot status)
- Location and rack (derived from connected switches)
- Tenant (from Ironic lessee field)
- Network interfaces and their connections
Bulk Resync
When Nautobot gets out of sync with OpenStack (e.g., after database restore,
missed events, or manual changes), you can perform a bulk resync.
Resync Order
The resync workflow runs three steps sequentially in dependency order:
- Keystone - Syncs projects as tenants (must exist before devices reference them)
- Neutron - Syncs networks as UCVNIs and subnets as IPAM namespaces/prefixes
- Ironic - Syncs nodes as devices with interfaces
Each step continues even if the previous step fails.
Scheduled Resync (CronWorkflow)
A CronWorkflow runs daily at 2:00 AM UTC to catch any drift between OpenStack
and Nautobot. This provides a safety net for missed events.
Check the schedule:
Manually trigger the scheduled workflow:
Suspend/resume the schedule:
On-Demand Resync (WorkflowTemplate)
Resync all OpenStack resources:
Using CLI Directly
For debugging or running outside the cluster:
# Resync all Keystone projects
resync-keystone-nautobot \
--nautobot_url https://nautobot.example.com \
--nautobot_token <token>
# Resync all Neutron networks and subnets
resync-neutron-nautobot \
--nautobot_url https://nautobot.example.com \
--nautobot_token <token>
# Resync all Ironic nodes
resync-ironic-nautobot \
--nautobot_url https://nautobot.example.com \
--nautobot_token <token>