5f0aa7b045
Using noop driver to disable security group is confusing. In this commit, we introduce enable_security_group in server side. DocImpact UpgradeImpact Implements bp: security-group-config-cleanup Related-Bug: 1112912 Change-Id: Ice44a4e2a519c64e613eeb24372de46726473339
170 lines
6.1 KiB
INI
170 lines
6.1 KiB
INI
[ovs]
|
|
# (StrOpt) Type of network to allocate for tenant networks. The
|
|
# default value 'local' is useful only for single-box testing and
|
|
# provides no connectivity between hosts. You MUST either change this
|
|
# to 'vlan' and configure network_vlan_ranges below or change this to
|
|
# 'gre' or 'vxlan' and configure tunnel_id_ranges below in order for
|
|
# tenant networks to provide connectivity between hosts. Set to 'none'
|
|
# to disable creation of tenant networks.
|
|
#
|
|
# tenant_network_type = local
|
|
# Example: tenant_network_type = gre
|
|
# Example: tenant_network_type = vxlan
|
|
|
|
# (ListOpt) Comma-separated list of
|
|
# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges
|
|
# of VLAN IDs on named physical networks that are available for
|
|
# allocation. All physical networks listed are available for flat and
|
|
# VLAN provider network creation. Specified ranges of VLAN IDs are
|
|
# available for tenant network allocation if tenant_network_type is
|
|
# 'vlan'. If empty, only gre, vxlan and local networks may be created.
|
|
#
|
|
# network_vlan_ranges =
|
|
# Example: network_vlan_ranges = physnet1:1000:2999
|
|
|
|
# (BoolOpt) Set to True in the server and the agents to enable support
|
|
# for GRE or VXLAN networks. Requires kernel support for OVS patch ports and
|
|
# GRE or VXLAN tunneling.
|
|
#
|
|
# WARNING: This option will be deprecated in the Icehouse release, at which
|
|
# point setting tunnel_type below will be required to enable
|
|
# tunneling.
|
|
#
|
|
# enable_tunneling = False
|
|
|
|
# (StrOpt) The type of tunnel network, if any, supported by the plugin. If
|
|
# this is set, it will cause tunneling to be enabled. If this is not set and
|
|
# the option enable_tunneling is set, this will default to 'gre'.
|
|
#
|
|
# tunnel_type =
|
|
# Example: tunnel_type = gre
|
|
# Example: tunnel_type = vxlan
|
|
|
|
# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples
|
|
# enumerating ranges of GRE or VXLAN tunnel IDs that are available for
|
|
# tenant network allocation if tenant_network_type is 'gre' or 'vxlan'.
|
|
#
|
|
# tunnel_id_ranges =
|
|
# Example: tunnel_id_ranges = 1:1000
|
|
|
|
# Do not change this parameter unless you have a good reason to.
|
|
# This is the name of the OVS integration bridge. There is one per hypervisor.
|
|
# The integration bridge acts as a virtual "patch bay". All VM VIFs are
|
|
# attached to this bridge and then "patched" according to their network
|
|
# connectivity.
|
|
#
|
|
# integration_bridge = br-int
|
|
|
|
# Only used for the agent if tunnel_id_ranges (above) is not empty for
|
|
# the server. In most cases, the default value should be fine.
|
|
#
|
|
# tunnel_bridge = br-tun
|
|
|
|
# Peer patch port in integration bridge for tunnel bridge
|
|
# int_peer_patch_port = patch-tun
|
|
|
|
# Peer patch port in tunnel bridge for integration bridge
|
|
# tun_peer_patch_port = patch-int
|
|
|
|
# Uncomment this line for the agent if tunnel_id_ranges (above) is not
|
|
# empty for the server. Set local-ip to be the local IP address of
|
|
# this hypervisor.
|
|
#
|
|
# local_ip =
|
|
|
|
# (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples
|
|
# mapping physical network names to the agent's node-specific OVS
|
|
# bridge names to be used for flat and VLAN networks. The length of
|
|
# bridge names should be no more than 11. Each bridge must
|
|
# exist, and should have a physical network interface configured as a
|
|
# port. All physical networks listed in network_vlan_ranges on the
|
|
# server should have mappings to appropriate bridges on each agent.
|
|
#
|
|
# bridge_mappings =
|
|
# Example: bridge_mappings = physnet1:br-eth1
|
|
|
|
[agent]
|
|
# Agent's polling interval in seconds
|
|
# polling_interval = 2
|
|
|
|
# Minimize polling by monitoring ovsdb for interface changes
|
|
# minimize_polling = True
|
|
|
|
# When minimize_polling = True, the number of seconds to wait before
|
|
# respawning the ovsdb monitor after losing communication with it
|
|
# ovsdb_monitor_respawn_interval = 30
|
|
|
|
# (ListOpt) The types of tenant network tunnels supported by the agent.
|
|
# Setting this will enable tunneling support in the agent. This can be set to
|
|
# either 'gre' or 'vxlan'. If this is unset, it will default to [] and
|
|
# disable tunneling support in the agent. When running the agent with the OVS
|
|
# plugin, this value must be the same as "tunnel_type" in the "[ovs]" section.
|
|
# When running the agent with ML2, you can specify as many values here as
|
|
# your compute hosts supports.
|
|
#
|
|
# tunnel_types =
|
|
# Example: tunnel_types = gre
|
|
# Example: tunnel_types = vxlan
|
|
# Example: tunnel_types = vxlan, gre
|
|
|
|
# (IntOpt) The port number to utilize if tunnel_types includes 'vxlan'. By
|
|
# default, this will make use of the Open vSwitch default value of '4789' if
|
|
# not specified.
|
|
#
|
|
# vxlan_udp_port =
|
|
# Example: vxlan_udp_port = 8472
|
|
|
|
# (IntOpt) This is the MTU size of veth interfaces.
|
|
# Do not change unless you have a good reason to.
|
|
# The default MTU size of veth interfaces is 1500.
|
|
# veth_mtu =
|
|
# Example: veth_mtu = 1504
|
|
|
|
# (BoolOpt) Flag to enable l2-population extension. This option should only be
|
|
# used in conjunction with ml2 plugin and l2population mechanism driver. It'll
|
|
# enable plugin to populate remote ports macs and IPs (using fdb_add/remove
|
|
# RPC calbbacks instead of tunnel_sync/update) on OVS agents in order to
|
|
# optimize tunnel management.
|
|
#
|
|
# l2_population = False
|
|
|
|
[securitygroup]
|
|
# Firewall driver for realizing neutron security group function.
|
|
# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
|
|
# Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
|
|
|
|
# Controls if neutron security group is enabled or not.
|
|
# It should be false when you use nova security group.
|
|
# enable_security_group = True
|
|
|
|
#-----------------------------------------------------------------------------
|
|
# Sample Configurations.
|
|
#-----------------------------------------------------------------------------
|
|
#
|
|
# 1. With VLANs on eth1.
|
|
# [ovs]
|
|
# network_vlan_ranges = default:2000:3999
|
|
# tunnel_id_ranges =
|
|
# integration_bridge = br-int
|
|
# bridge_mappings = default:br-eth1
|
|
#
|
|
# 2. With GRE tunneling.
|
|
# [ovs]
|
|
# network_vlan_ranges =
|
|
# tunnel_id_ranges = 1:1000
|
|
# integration_bridge = br-int
|
|
# tunnel_bridge = br-tun
|
|
# local_ip = 10.0.0.3
|
|
#
|
|
# 3. With VXLAN tunneling.
|
|
# [ovs]
|
|
# network_vlan_ranges =
|
|
# tenant_network_type = vxlan
|
|
# tunnel_type = vxlan
|
|
# tunnel_id_ranges = 1:1000
|
|
# integration_bridge = br-int
|
|
# tunnel_bridge = br-tun
|
|
# local_ip = 10.0.0.3
|
|
# [agent]
|
|
# tunnel_types = vxlan
|