x/vmware-nsx
Code Issues Proposed changes
6ccae5b9ae
vmware-nsx/devstack
History
Anna Khmelnitsky 6e1a21881e NSXV3: Initial client certificate auth support 
Client certificate authentication is disabled by default.
To enable client auth, define the following in nsx.ini:
nsx_use_client_auth = True
nsx_client_cert_storage = nsx-db
nsx_client_cert_file = <file to store certificate and private key>

To enable client auth in devstack, define the following in local.conf:
NSX_USE_CLIENT_CERT_AUTH=True

This commit covers only DB type of cert storage. Barbican storage
and imported cert will be added later. Also planned for near future:

    reload cert from DB if NSX connection failes due to bad cert
    show warning when cert nears expiration
    delete cert file from file system on neutron exit

Change-Id: Ic70a949b740d9149d71187b02640d3071a3e0159
2017-02-02 09:39:18 +00:00
..
lib NSXV3: Initial client certificate auth support 2017-02-02 09:39:18 +00:00
nsx_v NSXV devstackgaterc file 2016-12-26 18:35:54 +00:00
nsx_v3 Add native DHCP config in nsxv3 sample local.conf 2016-09-27 19:00:24 +00:00
tools NSXV3: Initial client certificate auth support 2017-02-02 09:39:18 +00:00
localrc_nsx_v3 NSX|V3: Add support for native metadata proxy service 2016-06-23 08:45:47 +00:00
override-defaults Define has_neutron_plugin_security_group using override-defaults 2016-01-13 23:26:21 +09:00
plugin.sh NSX cleanup script to clean only related resources 2017-01-30 10:20:11 +00:00
README.rst NSX|V add edge_ha per availability zone 2016-07-20 10:58:49 +03:00
settings Implement devstack external plugin 2015-02-24 08:46:13 -08:00

README.rst

Devstack external plugin

Add and set the following in your local.conf/localrc file:

enable_plugin vmware-nsx https://git.openstack.org/openstack/vmware-nsx

For Nsx-mh:

Q_PLUGIN=vmware_nsx

PUBLIC_BRIDGE # bridge used for external connectivity, typically br-ex NSX_GATEWAY_NETWORK_INTERFACE # interface used to communicate with the NSX Gateway NSX_GATEWAY_NETWORK_CIDR # CIDR to configure $PUBLIC_BRIDGE, e.g. 172.24.4.211/24

For Nsx-v:

Q_PLUGIN=vmware_nsx_v

NSXV_MANAGER_URI # URL for NSXv manager (e.g - https://management_ip). NSXV_USER # NSXv username. NSXV_PASSWORD # NSXv password. NSXV_CLUSTER_MOID # clusters ids containing OpenStack hosts. NSXV_DATACENTER_MOID # datacenter id for edge deployment. NSXV_RESOURCE_POOL_ID # resource-pool id for edge deployment. NSXV_AVAILABILITY_ZONES # alternative resource-pools/data stores ids/edge_ha for edge deployment NSXV_DATASTORE_ID # datastore id for edge deployment. NSXV_EXTERNAL_NETWORK # id of logic switch for physical network connectivity. NSXV_VDN_SCOPE_ID # network scope id for VXLAN virtual-wires. NSXV_DVS_ID # Dvs id for VLAN based networks. NSXV_BACKUP_POOL # backup edge pools management range, # <edge_type>:[edge_size]:<minimum_pooled_edges>:<maximum_pooled_edges>. # edge_type:'service'(service edge) or 'vdr'(distributed edge). # edge_size: 'compact', 'large'(by default), 'xlarge' or 'quadlarge'.

# To enable the metadata service, the following variables should be also set: NSXV_MGT_NET_PROXY_IPS # management network IP address for metadata proxy. NSXV_MGT_NET_PROXY_NETMASK # management network netmask for metadata proxy. NSXV_NOVA_METADATA_IPS # IP addresses used by Nova metadata service. NSXV_NOVA_METADATA_PORT # TCP Port used by Nova metadata server. NSXV_MGT_NET_MOID # Network ID for management network connectivity