[DEFAULT] # User name for NSX controller # nsx_user = admin # Password for NSX controller # nsx_password = admin # Total time limit for a cluster request # (including retries across different controllers) # req_timeout = 30 # Time before aborting a request on an unresponsive controller # http_timeout = 10 # Maximum number of times a particular request should be retried # retries = 2 # Maximum number of times a redirect response should be followed # redirects = 2 # Comma-separated list of NSX controller endpoints (:). When port # is omitted, 443 is assumed. This option MUST be specified, e.g.: # nsx_controllers = xx.yy.zz.ww:443, aa.bb.cc.dd, ee.ff.gg.hh.ee:80 # UUID of the pre-existing default NSX Transport zone to be used for creating # tunneled isolated "Neutron" networks. This option MUST be specified, e.g.: # default_tz_uuid = 1e8e52cf-fa7f-46b0-a14a-f99835a9cb53 # (Optional) UUID for the default l3 gateway service to use with this cluster. # To be specified if planning to use logical routers with external gateways. # default_l3_gw_service_uuid = # (Optional) UUID for the default l2 gateway service to use with this cluster. # To be specified for providing a predefined gateway tenant for connecting their networks. # default_l2_gw_service_uuid = # (Optional) UUID for the default service cluster. A service cluster is introduced to # represent a group of gateways and it is needed in order to use Logical Services like # dhcp and metadata in the logical space. NOTE: If agent_mode is set to 'agentless' this # config parameter *MUST BE* set to a valid pre-existent service cluster uuid. # default_service_cluster_uuid = # Name of the default interface name to be used on network-gateway. This value # will be used for any device associated with a network gateway for which an # interface name was not specified # default_interface_name = breth0 [quotas] # number of network gateways allowed per tenant, -1 means unlimited # quota_network_gateway = 5 [vcns] # URL for VCNS manager # manager_uri = https://management_ip # User name for VCNS manager # user = admin # Password for VCNS manager # password = default # (Optional) Datacenter ID for Edge deployment # datacenter_moid = # (Optional) Deployment Container ID for NSX Edge deployment # If not specified, either a default global container will be used, or # the resource pool and datastore specified below will be used # deployment_container_id = # (Optional) Resource pool ID for NSX Edge deployment # resource_pool_id = # (Optional) Datastore ID for NSX Edge deployment # datastore_id = # (Required) UUID of logic switch for physical network connectivity # external_network = # (Optional) Asynchronous task status check interval # default is 2000 (millisecond) # task_status_check_interval = 2000 [nsx] # Maximum number of ports for each bridged logical switch # The recommended value for this parameter varies with NSX version # Please use: # NSX 2.x -> 64 # NSX 3.0, 3.1 -> 5000 # NSX 3.2 -> 10000 # max_lp_per_bridged_ls = 5000 # Maximum number of ports for each overlay (stt, gre) logical switch # max_lp_per_overlay_ls = 256 # Number of connections to each controller node. # default is 10 # concurrent_connections = 10 # Number of seconds a generation id should be valid for (default -1 meaning do not time out) # nsx_gen_timeout = -1 # Acceptable values for 'metadata_mode' are: # - 'access_network': this enables a dedicated connection to the metadata # proxy for metadata server access via Neutron router. # - 'dhcp_host_route': this enables host route injection via the dhcp agent. # This option is only useful if running on a host that does not support # namespaces otherwise access_network should be used. # metadata_mode = access_network # The default network transport type to use (stt, gre, bridge, ipsec_gre, or ipsec_stt) # default_transport_type = stt # Specifies in which mode the plugin needs to operate in order to provide DHCP and # metadata proxy services to tenant instances. If 'agent' is chosen (default) # the NSX plugin relies on external RPC agents (i.e. dhcp and metadata agents) to # provide such services. In this mode, the plugin supports API extensions 'agent' # and 'dhcp_agent_scheduler'. If 'agentless' is chosen (experimental in Icehouse), # the plugin will use NSX logical services for DHCP and metadata proxy. This # simplifies the deployment model for Neutron, in that the plugin no longer requires # the RPC agents to operate. When 'agentless' is chosen, the config option metadata_mode # becomes ineffective. The 'agentless' mode is supported from NSX 4.2 or above. # Furthermore, a 'combined' mode is also provided and is used to support existing # deployments that want to adopt the agentless mode going forward. With this mode, # existing networks keep being served by the existing infrastructure (thus preserving # backward compatibility, whereas new networks will be served by the new infrastructure. # Migration tools are provided to 'move' one network from one model to another; with # agent_mode set to 'combined', option 'network_auto_schedule' in neutron.conf is # ignored, as new networks will no longer be scheduled to existing dhcp agents. # agent_mode = agent # Specifies which mode packet replication should be done in. If set to service # a service node is required in order to perform packet replication. This can # also be set to source if one wants replication to be performed locally (NOTE: # usually only useful for testing if one does not want to deploy a service node). # replication_mode = service [nsx_sync] # Interval in seconds between runs of the status synchronization task. # The plugin will aim at resynchronizing operational status for all # resources in this interval, and it should be therefore large enough # to ensure the task is feasible. Otherwise the plugin will be # constantly synchronizing resource status, ie: a new task is started # as soon as the previous is completed. # If this value is set to 0, the state synchronization thread for this # Neutron instance will be disabled. # state_sync_interval = 10 # Random additional delay between two runs of the state synchronization task. # An additional wait time between 0 and max_random_sync_delay seconds # will be added on top of state_sync_interval. # max_random_sync_delay = 0 # Minimum delay, in seconds, between two status synchronization requests for NSX. # Depending on chunk size, controller load, and other factors, state # synchronization requests might be pretty heavy. This means the # controller might take time to respond, and its load might be quite # increased by them. This parameter allows to specify a minimum # interval between two subsequent requests. # The value for this parameter must never exceed state_sync_interval. # If this does, an error will be raised at startup. # min_sync_req_delay = 1 # Minimum number of resources to be retrieved from NSX in a single status # synchronization request. # The actual size of the chunk will increase if the number of resources is such # that using the minimum chunk size will cause the interval between two # requests to be less than min_sync_req_delay # min_chunk_size = 500 # Enable this option to allow punctual state synchronization on show # operations. In this way, show operations will always fetch the operational # status of the resource from the NSX backend, and this might have # a considerable impact on overall performance. # always_read_status = False [nsx_lsn] # Pull LSN information from NSX in case it is missing from the local # data store. This is useful to rebuild the local store in case of # server recovery # sync_on_missing_data = False [nsx_dhcp] # (Optional) Comma separated list of additional dns servers. Default is an empty list # extra_domain_name_servers = # Domain to use for building the hostnames # domain_name = openstacklocal # Default DHCP lease time # default_lease_time = 43200 [nsx_metadata] # IP address used by Metadata server # metadata_server_address = 127.0.0.1 # TCP Port used by Metadata server # metadata_server_port = 8775 # When proxying metadata requests, Neutron signs the Instance-ID header with a # shared secret to prevent spoofing. You may select any string for a secret, # but it MUST match with the configuration used by the Metadata server # metadata_shared_secret =