neutron/files/mitaka/openvswitch_agent.ini

{%- if pillar.neutron.gateway is defined %}
{%- from "neutron/map.jinja" import gateway as neutron with context %}
{%- else %}
{%- from "neutron/map.jinja" import compute as neutron with context %}
{%- endif %}

[DEFAULT]

#
# From oslo.log
#

# If set to true, the logging level will be set to DEBUG instead of the default INFO level. (boolean value)
#debug = false

# If set to false, the logging level will be set to WARNING instead of the default INFO level. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#verbose = true

# The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging
# configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging
# configuration is set in the configuration file and other logging configuration options are ignored (for example,
# logging_context_format_string). (string value)
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append = <None>

# Defines the format string for %%(asctime)s in log records. Default: %(default)s . This option is ignored if log_config_append is set.
# (string value)
#log_date_format = %Y-%m-%d %H:%M:%S

# (Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This
# option is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file = <None>

# (Optional) The base directory used for relative log_file  paths. This option is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logdir
#log_dir = <None>

# Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified
# path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if
# log_config_append is set. (boolean value)
#watch_log_file = false

# Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if
# log_config_append is set. (boolean value)
#use_syslog = false

# Syslog facility to receive log lines. This option is ignored if log_config_append is set. (string value)
#syslog_log_facility = LOG_USER

# Log output to standard error. This option is ignored if log_config_append is set. (boolean value)
#use_stderr = true

# Format string to use for log messages with context. (string value)
#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s

# Format string to use for log messages when context is undefined. (string value)
#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

# Additional data to append to log message when logging level for the message is DEBUG. (string value)
#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d

# Prefix each line of exception output with this format. (string value)
#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

# Defines the format string for %(user_identity)s that is used in logging_context_format_string. (string value)
#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s

# List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set. (list value)
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO

# Enables or disables publication of error events. (boolean value)
#publish_errors = false

# The format for an instance that is passed with the log message. (string value)
#instance_format = "[instance: %(uuid)s] "

# The format for an instance UUID that is passed with the log message. (string value)
#instance_uuid_format = "[instance: %(uuid)s] "

# Enables or disables fatal status of deprecations. (boolean value)
#fatal_deprecations = false


[agent]

#
# From neutron.ml2.ovs.agent
#

# The number of seconds the agent will wait between polling for local device changes. (integer value)
#polling_interval = 2

# Minimize polling by monitoring ovsdb for interface changes. (boolean value)
#minimize_polling = true

# The number of seconds to wait before respawning the ovsdb monitor after losing communication with it. (integer value)
#ovsdb_monitor_respawn_interval = 30

# Network types supported by the agent (gre and/or vxlan). (list value)
#tunnel_types =
{%- if "vxlan" in neutron.backend.tenant_network_types %}
tunnel_types =vxlan

# The UDP port to use for VXLAN tunnels. (port value)
# Minimum value: 0
# Maximum value: 65535
#vxlan_udp_port = 4789
vxlan_udp_port = 4789

# MTU size of veth interfaces (integer value)
#veth_mtu = 9000

# Use ML2 l2population mechanism driver to learn remote MAC and IPs and improve tunnel scalability. (boolean value)
#l2_population = false
l2_population = True

# Enable local ARP responder if it is supported. Requires OVS 2.1 and ML2 l2population driver. Allows the switch (when supporting an
# overlay) to respond to an ARP request locally without performing a costly ARP broadcast into the overlay. (boolean value)
#arp_responder = false
arp_responder = True
{%- endif %}

# Enable suppression of ARP responses that don't match an IP address that belongs to the port from which they originate. Note: This prevents
# the VMs attached to this agent from spoofing, it doesn't protect them from other devices which have the capability to spoof (e.g. bare
# metal or VMs attached to agents without this flag set to True). Spoofing rules will not be added to any ports that have port security
# disabled. For LinuxBridge, this requires ebtables. For OVS, it requires a version that supports matching ARP headers. This option will be
# removed in Newton so the only way to disable protection will be via the port security extension. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#prevent_arp_spoofing = true

# Set or un-set the don't fragment (DF) bit on outgoing IP packet carrying GRE/VXLAN tunnel. (boolean value)
#dont_fragment = true

# Make the l2 agent run in DVR mode. (boolean value)
#enable_distributed_routing = false
enable_distributed_routing = {{ neutron.get('dvr', 'False') }}

# Set new timeout in seconds for new rpc calls after agent receives SIGTERM. If value is set to 0, rpc timeout won't be changed (integer
# value)
#quitting_rpc_timeout = 10

# Reset flow table on start. Setting this to True will cause brief traffic interruption. (boolean value)
#drop_flows_on_start = false
drop_flows_on_start = False

# Set or un-set the tunnel header checksum  on outgoing IP packet carrying GRE/VXLAN tunnel. (boolean value)
#tunnel_csum = false

# Selects the Agent Type reported (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#agent_type = Open vSwitch agent


[ovs]

#
# From neutron.ml2.ovs.agent
#

# Integration bridge to use. Do not change this parameter unless you have a good reason to. This is the name of the OVS integration bridge.
# There is one per hypervisor. The integration bridge acts as a virtual 'patch bay'. All VM VIFs are attached to this bridge and then
# 'patched' according to their network connectivity. (string value)
#integration_bridge = br-int
integration_bridge = br-int

# Tunnel bridge to use. (string value)
#tunnel_bridge = br-tun
tunnel_bridge = br-tun

# Peer patch port in integration bridge for tunnel bridge. (string value)
#int_peer_patch_port = patch-tun

# Peer patch port in tunnel bridge for integration bridge. (string value)
#tun_peer_patch_port = patch-int

# Local IP address of tunnel endpoint. Can be either an IPv4 or IPv6 address. (IP address value)
#local_ip = <None>
{%- if "vxlan" in neutron.backend.tenant_network_types %}
local_ip = {{ neutron.local_ip }}
{%- endif %}

# Comma-separated list of <physical_network>:<bridge> tuples mapping physical network names to the agent's node-specific Open vSwitch bridge
# names to be used for flat and VLAN networks. The length of bridge names should be no more than 11. Each bridge must exist, and should have
# a physical network interface configured as a port. All physical networks configured on the server should have mappings to appropriate
# bridges on each agent. Note: If you remove a bridge from this mapping, make sure to disconnect it from the integration bridge as it won't
# be managed by the agent anymore. Deprecated for ofagent. (list value)
#bridge_mappings =
{%- if "vlan" in neutron.backend.tenant_network_types %}
bridge_mappings ={%- if neutron.get('external_access', True) %}physnet1:br-floating,{%- endif %}physnet2:br-prv
{%- elif neutron.get('external_access', True) %}
bridge_mappings =physnet1:br-floating
{%- endif %}
# Use veths instead of patch ports to interconnect the integration bridge to physical networks. Support kernel without Open vSwitch patch
# port support so long as it is set to True. (boolean value)
#use_veth_interconnection = false

# OpenFlow interface to use. (string value)
# Allowed values: ovs-ofctl, native
#of_interface = ovs-ofctl

# OVS datapath to use. 'system' is the default value and corresponds to the kernel datapath. To enable the userspace datapath set this value
# to 'netdev'. (string value)
# Allowed values: system, netdev
#datapath_type = system
{%- if neutron.dpdk %}
datapath_type = netdev
{%- endif %}

# OVS vhost-user socket directory. (string value)
#vhostuser_socket_dir = /var/run/openvswitch

# Address to listen on for OpenFlow connections. Used only for 'native' driver. (IP address value)
#of_listen_address = 127.0.0.1

# Port to listen on for OpenFlow connections. Used only for 'native' driver. (port value)
# Minimum value: 0
# Maximum value: 65535
#of_listen_port = 6633

# Timeout in seconds to wait for the local switch connecting the controller. Used only for 'native' driver. (integer value)
#of_connect_timeout = 30

# Timeout in seconds to wait for a single OpenFlow request. Used only for 'native' driver. (integer value)
#of_request_timeout = 10

# The interface for interacting with the OVSDB (string value)
# Allowed values: vsctl, native
#ovsdb_interface = vsctl

# The connection string for the native OVSDB backend. Requires the native ovsdb_interface to be enabled. (string value)
#ovsdb_connection = tcp:127.0.0.1:6640

[securitygroup]

#
# From neutron.ml2.ovs.agent
#

# Driver for security groups firewall in the L2 agent (string value)
#firewall_driver = <None>
{%- if neutron.dpdk %}
firewall_driver = openvswitch
{%- else %}
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
{%- endif %}

# Controls whether the neutron security group API is enabled in the server. It should be false when using no security groups or using the
# nova security group API. (boolean value)
#enable_security_group = true
enable_security_group = True

# Use ipset to speed-up the iptables based security groups. Enabling ipset support requires that ipset is installed on L2 agent node.
# (boolean value)
#enable_ipset = true