neutron/files/rocky/openvswitch_agent.ini

{%- if pillar.neutron.gateway is defined %}
{%- from "neutron/map.jinja" import gateway as neutron with context %}
{%- else %}
{%- from "neutron/map.jinja" import compute as neutron with context %}
{%- endif %}
[DEFAULT]

{%- if neutron.logging is defined %}
{%- set _data = neutron.logging %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/oslo/_log.conf" %}
{%- endif %}


[agent]

#
# From neutron.ml2.ovs.agent
#

# Minimize polling by monitoring ovsdb for interface changes. (boolean value)
#minimize_polling = true

# The number of seconds to wait before respawning the ovsdb monitor after
# losing communication with it. (integer value)
#ovsdb_monitor_respawn_interval = 30

{%- if "vxlan" in neutron.backend.tenant_network_types %}
# Network types supported by the agent (gre, vxlan and/or geneve). (list value)
tunnel_types = vxlan

# The UDP port to use for VXLAN tunnels. (port value)
# Minimum value: 0
# Maximum value: 65535
vxlan_udp_port = 4789

# MTU size of veth interfaces (integer value)
#veth_mtu = 9000

# Use ML2 l2population mechanism driver to learn remote MAC and IPs and improve
# tunnel scalability. (boolean value)
l2_population = true

# Enable local ARP responder if it is supported. Requires OVS 2.1 and ML2
# l2population driver. Allows the switch (when supporting an overlay) to
# respond to an ARP request locally without performing a costly ARP broadcast
# into the overlay. (boolean value)
arp_responder = true

# Set or un-set the don't fragment (DF) bit on outgoing IP packet carrying
# GRE/VXLAN tunnel. (boolean value)
#dont_fragment = true
{%- endif %}

# Make the l2 agent run in DVR mode. (boolean value)
enable_distributed_routing = {{ neutron.get('dvr', 'false') }}

# Reset flow table on start. Setting this to True will cause brief traffic
# interruption. (boolean value)
drop_flows_on_start = false

# Set or un-set the tunnel header checksum  on outgoing IP packet carrying
# GRE/VXLAN tunnel. (boolean value)
#tunnel_csum = false

# DEPRECATED: Selects the Agent Type reported (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#agent_type = Open vSwitch agent

# Extensions list to use (list value)
{%- set extensions = [] %}
{%- for section_key in ('ovs_extension', 'extension') %}
{%-   for ext_name, ext_params in neutron.backend.get(section_key, {}).iteritems() %}
{%-     do extensions.append(ext_name) if ext_params.get('enabled', False)  %}
{%-   endfor %}
{%- endfor %}
{#- NOTE: Below section is for backward compatible when extentions were #}
{#- separated properties without neutron:backend:extension pillar #}
{%- do extensions.append('qos') if neutron.get('qos', True) %}
extensions = {{ extensions|unique|join(',') }}


[network_log]

#
# From neutron.ml2.ovs.agent
#

# Maximum packets logging per second. (integer value)
# Minimum value: 100
#rate_limit = 100

# Maximum number of packets per rate_limit. (integer value)
# Minimum value: 25
#burst_limit = 25

# Output logfile path on agent side, default syslog file. (string value)
#local_output_log_base = <None>


[ovs]

#
# From neutron.ml2.ovs.agent
#

# Integration bridge to use. Do not change this parameter unless you have a
# good reason to. This is the name of the OVS integration bridge. There is one
# per hypervisor. The integration bridge acts as a virtual 'patch bay'. All VM
# VIFs are attached to this bridge and then 'patched' according to their
# network connectivity. (string value)
#integration_bridge = br-int

# Tunnel bridge to use. (string value)
#tunnel_bridge = br-tun

# Peer patch port in integration bridge for tunnel bridge. (string value)
#int_peer_patch_port = patch-tun

# Peer patch port in tunnel bridge for integration bridge. (string value)
#tun_peer_patch_port = patch-int

# IP address of local overlay (tunnel) network endpoint. Use either an IPv4 or
# IPv6 address that resides on one of the host network interfaces. The IP
# version of this value must match the value of the 'overlay_ip_version' option
# in the ML2 plug-in configuration file on the neutron server node(s). (IP
# address value)
#local_ip = <None>
{%- if 'vxlan' in neutron.backend.tenant_network_types %}
local_ip = {{ neutron.local_ip }}
{%- endif %}

# Comma-separated list of <physical_network>:<bridge> tuples mapping physical
# network names to the agent's node-specific Open vSwitch bridge names to be
# used for flat and VLAN networks. The length of bridge names should be no more
# than 11. Each bridge must exist, and should have a physical network interface
# configured as a port. All physical networks configured on the server should
# have mappings to appropriate bridges on each agent. Note: If you remove a
# bridge from this mapping, make sure to disconnect it from the integration
# bridge as it won't be managed by the agent anymore. (list value)
{% set bridge_mappings = [] %}
{%- if neutron.bridge_mappings is defined %}
{%-   for physnet, bridge in neutron.bridge_mappings.iteritems() %}
{%-     do bridge_mappings.append(physnet ~ ':' ~ bridge) %}
{%-   endfor %}
{%- endif %}
{%- if 'br-floating' not in neutron.get('bridge_mappings', {}).values() %}
{%-   if neutron.get('external_access', True) %}
{%-     do bridge_mappings.append('physnet1:br-floating') %}
{%-   endif %}
{%- endif %}
{%- if 'br-prv' not in neutron.get('bridge_mappings', {}).values() %}
{%-   if "vlan" in neutron.backend.tenant_network_types %}
{%-     do bridge_mappings.append('physnet2:br-prv') %}
{%-   endif %}
{%- endif %}
{%- if 'br-baremetal' not in neutron.get('bridge_mappings', {}).values() %}
{%-   if neutron.get('ironic_enabled', False) %}
{%-     do bridge_mappings.append('physnet3:br-baremetal') %}
{%-   endif %}
{%- endif %}
{%- if bridge_mappings %}
bridge_mappings = {{ bridge_mappings|join(',') }}
{%- else %}
#bridge_mappings =
{%- endif %}

# Use veths instead of patch ports to interconnect the integration bridge to
# physical networks. Support kernel without Open vSwitch patch port support so
# long as it is set to True. (boolean value)
#use_veth_interconnection = false

# DEPRECATED: OpenFlow interface to use. (string value)
# Possible values:
# ovs-ofctl - <No description provided>
# native - <No description provided>
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#of_interface = native

# OVS datapath to use. 'system' is the default value and corresponds to the
# kernel datapath. To enable the userspace datapath set this value to 'netdev'.
# (string value)
# Possible values:
# system - <No description provided>
# netdev - <No description provided>
#datapath_type = system
{%- if neutron.dpdk %}
datapath_type = netdev
{%- endif %}

# OVS vhost-user socket directory. (string value)
#vhostuser_socket_dir = /var/run/openvswitch
{%- if neutron.vhost_socket_dir is defined %}
vhostuser_socket_dir = {{ neutron.vhost_socket_dir }}
{%- endif %}

# Address to listen on for OpenFlow connections. Used only for 'native' driver.
# (IP address value)
#of_listen_address = 127.0.0.1

# Port to listen on for OpenFlow connections. Used only for 'native' driver.
# (port value)
# Minimum value: 0
# Maximum value: 65535
#of_listen_port = 6633

# Timeout in seconds to wait for the local switch connecting the controller.
# Used only for 'native' driver. (integer value)
#of_connect_timeout = 30

# Timeout in seconds to wait for a single OpenFlow request. Used only for
# 'native' driver. (integer value)
#of_request_timeout = 10

# DEPRECATED: The interface for interacting with the OVSDB (string value)
# Possible values:
# native - <No description provided>
# vsctl - <No description provided>
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#ovsdb_interface = native

# The connection string for the OVSDB backend. Will be used by ovsdb-client
# when monitoring and used for the all ovsdb commands when native
# ovsdb_interface is enabled (string value)
#ovsdb_connection = tcp:127.0.0.1:6640

# The SSL private key file to use when interacting with OVSDB. Required when
# using an "ssl:" prefixed ovsdb_connection (string value)
#ssl_key_file = <None>

# The SSL certificate file to use when interacting with OVSDB. Required when
# using an "ssl:" prefixed ovsdb_connection (string value)
#ssl_cert_file = <None>

# The Certificate Authority (CA) certificate to use when interacting with
# OVSDB.  Required when using an "ssl:" prefixed ovsdb_connection (string
# value)
#ssl_ca_cert_file = <None>

# Enable OVSDB debug logs (boolean value)
#ovsdb_debug = false


[securitygroup]

#
# From neutron.ml2.ovs.agent
#

# Driver for security groups firewall in the L2 agent (string value)
{%- if not neutron.get('security_groups_enabled', True) %}
{%-   set _firewall_driver = 'noop' %}
{%- elif neutron.dpdk or neutron.get('vlan_aware_vms', False) %}
{%-   set _firewall_driver = 'openvswitch' %}
{%- else %}
{%-   set _firewall_driver = 'iptables_hybrid' %}
{%- endif %}
firewall_driver = {{ neutron.get('firewall_driver', _firewall_driver) }}

# Controls whether the neutron security group API is enabled in the server. It
# should be false when using no security groups or using the nova security
# group API. (boolean value)
enable_security_group = {{ neutron.get('security_groups_enabled', 'true') }}

# Use ipset to speed-up the iptables based security groups. Enabling ipset
# support requires that ipset is installed on L2 agent node. (boolean value)
#enable_ipset = true


[xenapi]

#
# From neutron.ml2.xenapi
#

# URL for connection to XenServer/Xen Cloud Platform. (string value)
#connection_url = <None>

# Username for connection to XenServer/Xen Cloud Platform. (string value)
#connection_username = <None>

# Password for connection to XenServer/Xen Cloud Platform. (string value)
#connection_password = <None>