5f0aa7b045
Using noop driver to disable security group is confusing. In this commit, we introduce enable_security_group in server side. DocImpact UpgradeImpact Implements bp: security-group-config-cleanup Related-Bug: 1112912 Change-Id: Ice44a4e2a519c64e613eeb24372de46726473339
79 lines
3.0 KiB
INI
79 lines
3.0 KiB
INI
[vlans]
|
|
# (StrOpt) Type of network to allocate for tenant networks. The
|
|
# default value 'local' is useful only for single-box testing and
|
|
# provides no connectivity between hosts. You MUST change this to
|
|
# 'vlan' and configure network_vlan_ranges below in order for tenant
|
|
# networks to provide connectivity between hosts. Set to 'none' to
|
|
# disable creation of tenant networks.
|
|
#
|
|
# tenant_network_type = local
|
|
# Example: tenant_network_type = vlan
|
|
|
|
# (ListOpt) Comma-separated list of
|
|
# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges
|
|
# of VLAN IDs on named physical networks that are available for
|
|
# allocation. All physical networks listed are available for flat and
|
|
# VLAN provider network creation. Specified ranges of VLAN IDs are
|
|
# available for tenant network allocation if tenant_network_type is
|
|
# 'vlan'. If empty, only local networks may be created.
|
|
#
|
|
# network_vlan_ranges =
|
|
# Example: network_vlan_ranges = physnet1:1000:2999
|
|
|
|
[linux_bridge]
|
|
# (ListOpt) Comma-separated list of
|
|
# <physical_network>:<physical_interface> tuples mapping physical
|
|
# network names to the agent's node-specific physical network
|
|
# interfaces to be used for flat and VLAN networks. All physical
|
|
# networks listed in network_vlan_ranges on the server should have
|
|
# mappings to appropriate interfaces on each agent.
|
|
#
|
|
# physical_interface_mappings =
|
|
# Example: physical_interface_mappings = physnet1:eth1
|
|
|
|
[vxlan]
|
|
# (BoolOpt) enable VXLAN on the agent
|
|
# VXLAN support can be enabled when agent is managed by ml2 plugin using
|
|
# linuxbridge mechanism driver. Useless if set while using linuxbridge plugin.
|
|
# enable_vxlan = False
|
|
#
|
|
# (IntOpt) use specific TTL for vxlan interface protocol packets
|
|
# ttl =
|
|
#
|
|
# (IntOpt) use specific TOS for vxlan interface protocol packets
|
|
# tos =
|
|
#
|
|
# (StrOpt) multicast group to use for broadcast emulation.
|
|
# This group must be the same on all the agents.
|
|
# vxlan_group = 224.0.0.1
|
|
#
|
|
# (StrOpt) Local IP address to use for VXLAN endpoints (required)
|
|
# local_ip =
|
|
#
|
|
# (BoolOpt) Flag to enable l2population extension. This option should be used
|
|
# in conjunction with ml2 plugin l2population mechanism driver (in that case,
|
|
# both linuxbridge and l2population mechanism drivers should be loaded).
|
|
# It enables plugin to populate VXLAN forwarding table, in order to limit
|
|
# the use of broadcast emulation (multicast will be turned off if kernel and
|
|
# iproute2 supports unicast flooding - requires 3.11 kernel and iproute2 3.10)
|
|
# l2_population = False
|
|
|
|
[agent]
|
|
# Agent's polling interval in seconds
|
|
# polling_interval = 2
|
|
|
|
# (BoolOpt) Enable server RPC compatibility with old (pre-havana)
|
|
# agents.
|
|
#
|
|
# rpc_support_old_agents = False
|
|
# Example: rpc_support_old_agents = True
|
|
|
|
[securitygroup]
|
|
# Firewall driver for realizing neutron security group function
|
|
# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
|
|
# Example: firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
|
|
|
|
# Controls if neutron security group is enabled or not.
|
|
# It should be false when you use nova security group.
|
|
# enable_security_group = True
|