Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / neutron / 37aacbf98ef3ec6202217a6bcf45d649f4edb48c / . / neutron / files / rocky / openvswitch_agent.ini
blob: 5330ff0f26ec0098c82e5e21f979af64e7d585cf [file] [log] [blame]
{%- if pillar.neutron.gateway is defined %}
{%- from "neutron/map.jinja" import gateway as neutron with context %}
{%- else %}
{%- from "neutron/map.jinja" import compute as neutron with context %}
{%- endif %}
[DEFAULT]
{%- if neutron.logging is defined %}
{%- set _data = neutron.logging %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/oslo/_log.conf" %}
{%- endif %}
[agent]
#
# From neutron.ml2.ovs.agent
#
# Minimize polling by monitoring ovsdb for interface changes. (boolean value)
#minimize_polling = true
# The number of seconds to wait before respawning the ovsdb monitor after
# losing communication with it. (integer value)
#ovsdb_monitor_respawn_interval = 30
{%- if "vxlan" in neutron.backend.tenant_network_types %}
# Network types supported by the agent (gre, vxlan and/or geneve). (list value)
tunnel_types = vxlan
# The UDP port to use for VXLAN tunnels. (port value)
# Minimum value: 0
# Maximum value: 65535
vxlan_udp_port = 4789
# MTU size of veth interfaces (integer value)
#veth_mtu = 9000
# Use ML2 l2population mechanism driver to learn remote MAC and IPs and improve
# tunnel scalability. (boolean value)
l2_population = true
# Enable local ARP responder if it is supported. Requires OVS 2.1 and ML2
# l2population driver. Allows the switch (when supporting an overlay) to
# respond to an ARP request locally without performing a costly ARP broadcast
# into the overlay. (boolean value)
arp_responder = true
# Set or un-set the don't fragment (DF) bit on outgoing IP packet carrying
# GRE/VXLAN tunnel. (boolean value)
#dont_fragment = true
{%- endif %}
# Make the l2 agent run in DVR mode. (boolean value)
enable_distributed_routing = {{ neutron.get('dvr', 'false') }}
# Reset flow table on start. Setting this to True will cause brief traffic
# interruption. (boolean value)
drop_flows_on_start = false
# Set or un-set the tunnel header checksum on outgoing IP packet carrying
# GRE/VXLAN tunnel. (boolean value)
#tunnel_csum = false
# DEPRECATED: Selects the Agent Type reported (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#agent_type = Open vSwitch agent
# Extensions list to use (list value)
{%- set extensions = [] %}
{%- for section_key in ('ovs_extension', 'extension') %}
{%- for ext_name, ext_params in neutron.backend.get(section_key, {}).iteritems() %}
{%- do extensions.append(ext_name) if ext_params.get('enabled', False) %}
{%- endfor %}
{%- endfor %}
{#- NOTE: Below section is for backward compatible when extentions were #}
{#- separated properties without neutron:backend:extension pillar #}
{%- do extensions.append('qos') if neutron.get('qos', True) %}
extensions = {{ extensions|unique|join(',') }}
[network_log]
#
# From neutron.ml2.ovs.agent
#
# Maximum packets logging per second. (integer value)
# Minimum value: 100
#rate_limit = 100
# Maximum number of packets per rate_limit. (integer value)
# Minimum value: 25
#burst_limit = 25
# Output logfile path on agent side, default syslog file. (string value)
#local_output_log_base = <None>
[ovs]
#
# From neutron.ml2.ovs.agent
#
# Integration bridge to use. Do not change this parameter unless you have a
# good reason to. This is the name of the OVS integration bridge. There is one
# per hypervisor. The integration bridge acts as a virtual 'patch bay'. All VM
# VIFs are attached to this bridge and then 'patched' according to their
# network connectivity. (string value)
#integration_bridge = br-int
# Tunnel bridge to use. (string value)
#tunnel_bridge = br-tun
# Peer patch port in integration bridge for tunnel bridge. (string value)
#int_peer_patch_port = patch-tun
# Peer patch port in tunnel bridge for integration bridge. (string value)
#tun_peer_patch_port = patch-int
# IP address of local overlay (tunnel) network endpoint. Use either an IPv4 or
# IPv6 address that resides on one of the host network interfaces. The IP
# version of this value must match the value of the 'overlay_ip_version' option
# in the ML2 plug-in configuration file on the neutron server node(s). (IP
# address value)
#local_ip = <None>
{%- if 'vxlan' in neutron.backend.tenant_network_types %}
local_ip = {{ neutron.local_ip }}
{%- endif %}
# Comma-separated list of <physical_network>:<bridge> tuples mapping physical
# network names to the agent's node-specific Open vSwitch bridge names to be
# used for flat and VLAN networks. The length of bridge names should be no more
# than 11. Each bridge must exist, and should have a physical network interface
# configured as a port. All physical networks configured on the server should
# have mappings to appropriate bridges on each agent. Note: If you remove a
# bridge from this mapping, make sure to disconnect it from the integration
# bridge as it won't be managed by the agent anymore. (list value)
{% set bridge_mappings = [] %}
{%- if neutron.bridge_mappings is defined %}
{%- for physnet, bridge in neutron.bridge_mappings.iteritems() %}
{%- do bridge_mappings.append(physnet ~ ':' ~ bridge) %}
{%- endfor %}
{%- endif %}
{%- if 'br-floating' not in neutron.get('bridge_mappings', {}).values() %}
{%- if neutron.get('external_access', True) %}
{%- do bridge_mappings.append('physnet1:br-floating') %}
{%- endif %}
{%- endif %}
{%- if 'br-prv' not in neutron.get('bridge_mappings', {}).values() %}
{%- if "vlan" in neutron.backend.tenant_network_types %}
{%- do bridge_mappings.append('physnet2:br-prv') %}
{%- endif %}
{%- endif %}
{%- if 'br-baremetal' not in neutron.get('bridge_mappings', {}).values() %}
{%- if neutron.get('ironic_enabled', False) %}
{%- do bridge_mappings.append('physnet3:br-baremetal') %}
{%- endif %}
{%- endif %}
{%- if bridge_mappings %}
bridge_mappings = {{ bridge_mappings|join(',') }}
{%- else %}
#bridge_mappings =
{%- endif %}
# Use veths instead of patch ports to interconnect the integration bridge to
# physical networks. Support kernel without Open vSwitch patch port support so
# long as it is set to True. (boolean value)
#use_veth_interconnection = false
# DEPRECATED: OpenFlow interface to use. (string value)
# Possible values:
# ovs-ofctl - <No description provided>
# native - <No description provided>
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#of_interface = native
# OVS datapath to use. 'system' is the default value and corresponds to the
# kernel datapath. To enable the userspace datapath set this value to 'netdev'.
# (string value)
# Possible values:
# system - <No description provided>
# netdev - <No description provided>
#datapath_type = system
{%- if neutron.dpdk %}
datapath_type = netdev
{%- endif %}
# OVS vhost-user socket directory. (string value)
#vhostuser_socket_dir = /var/run/openvswitch
{%- if neutron.vhost_socket_dir is defined %}
vhostuser_socket_dir = {{ neutron.vhost_socket_dir }}
{%- endif %}
# Address to listen on for OpenFlow connections. Used only for 'native' driver.
# (IP address value)
#of_listen_address = 127.0.0.1
# Port to listen on for OpenFlow connections. Used only for 'native' driver.
# (port value)
# Minimum value: 0
# Maximum value: 65535
#of_listen_port = 6633
# Timeout in seconds to wait for the local switch connecting the controller.
# Used only for 'native' driver. (integer value)
#of_connect_timeout = 30
# Timeout in seconds to wait for a single OpenFlow request. Used only for
# 'native' driver. (integer value)
#of_request_timeout = 10
# DEPRECATED: The interface for interacting with the OVSDB (string value)
# Possible values:
# native - <No description provided>
# vsctl - <No description provided>
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#ovsdb_interface = native
# The connection string for the OVSDB backend. Will be used by ovsdb-client
# when monitoring and used for the all ovsdb commands when native
# ovsdb_interface is enabled (string value)
#ovsdb_connection = tcp:127.0.0.1:6640
# The SSL private key file to use when interacting with OVSDB. Required when
# using an "ssl:" prefixed ovsdb_connection (string value)
#ssl_key_file = <None>
# The SSL certificate file to use when interacting with OVSDB. Required when
# using an "ssl:" prefixed ovsdb_connection (string value)
#ssl_cert_file = <None>
# The Certificate Authority (CA) certificate to use when interacting with
# OVSDB. Required when using an "ssl:" prefixed ovsdb_connection (string
# value)
#ssl_ca_cert_file = <None>
# Enable OVSDB debug logs (boolean value)
#ovsdb_debug = false
[securitygroup]
#
# From neutron.ml2.ovs.agent
#
# Driver for security groups firewall in the L2 agent (string value)
{%- if not neutron.get('security_groups_enabled', True) %}
{%- set _firewall_driver = 'noop' %}
{%- elif neutron.dpdk or neutron.get('vlan_aware_vms', False) %}
{%- set _firewall_driver = 'openvswitch' %}
{%- else %}
{%- set _firewall_driver = 'iptables_hybrid' %}
{%- endif %}
firewall_driver = {{ neutron.get('firewall_driver', _firewall_driver) }}
# Controls whether the neutron security group API is enabled in the server. It
# should be false when using no security groups or using the nova security
# group API. (boolean value)
enable_security_group = {{ neutron.get('security_groups_enabled', 'true') }}
# Use ipset to speed-up the iptables based security groups. Enabling ipset
# support requires that ipset is installed on L2 agent node. (boolean value)
#enable_ipset = true
[xenapi]
#
# From neutron.ml2.xenapi
#
# URL for connection to XenServer/Xen Cloud Platform. (string value)
#connection_url = <None>
# Username for connection to XenServer/Xen Cloud Platform. (string value)
#connection_username = <None>
# Password for connection to XenServer/Xen Cloud Platform. (string value)
#connection_password = <None>