Networking advanced services configuration files

Networking advanced services configuration files

The Networking advanced services such as Load-Balancer-as-a-Service (LBaaS), Firewall-as-a-Service (FWaaS), and VPN-as-a-Service (VPNaaS) implement the automatic generation of configuration files. Here are the sample configuration files and you can generate the latest configuration files by running the generate_config_file_samples.sh script provided by each LBaaS, FWaaS, and VPNaaS services on their root directory.

Load-Balancer-as-a-Service (LBaaS)

neutron_lbaas.conf

[DEFAULT]

#
# From neutron.lbaas
#

# Driver to use for scheduling to a default loadbalancer agent (string value)
#loadbalancer_scheduler_driver = neutron_lbaas.agent_scheduler.ChanceScheduler


[certificates]

#
# From neutron.lbaas
#

# Absolute path to the certificate storage directory. Defaults to
# env[OS_LBAAS_TLS_STORAGE]. (string value)
#storage_path = /var/lib/neutron-lbaas/certificates/

# Certificate Manager plugin. Defaults to barbican. (string value)
#cert_manager_type = barbican


[quotas]

#
# From neutron.lbaas
#

# Number of Loadbalancer Listeners allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_listener = -1

# Number of LoadBalancers allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_loadbalancer = 10

# Number of pool members allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_member = -1

# Number of health monitors allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_healthmonitor = -1

# Number of pools allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_pool = 10


[service_auth]

#
# From neutron.lbaas
#

# The deployment region (string value)
#region = RegionOne

# The service admin user name (string value)
#admin_user = admin

# The name of the service (string value)
#service_name = lbaas

# Authentication endpoint (string value)
#auth_url = http://127.0.0.1:5000/v2.0

# The service admin tenant name (string value)
#admin_tenant_name = admin

# The auth version used to authenticate (string value)
#auth_version = 2

# The service admin password (string value)
#admin_password = password

# The admin user domain name (string value)
#admin_user_domain = admin

# The admin project domain name (string value)
#admin_project_domain = admin


[service_providers]

#
# From neutron.lbaas
#

# Defines providers for advanced services using the format:
# <service_type>:<name>:<driver>[:default] (multi valued)
#service_provider =

lbaas_agent.ini

[DEFAULT]

#
# From neutron.lbaas.agent
#

# Name of Open vSwitch bridge to use (string value)
#ovs_integration_bridge = br-int

# Seconds between periodic task runs (integer value)
#periodic_interval = 10

# MTU setting for device. (integer value)
#network_device_mtu = <None>

# The driver used to manage the virtual interface. (string value)
#interface_driver = <None>

# Drivers used to manage loadbalancing devices (multi valued)
#device_driver = neutron_lbaas.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver

# Uses veth for an OVS interface or not. Support kernels with limited namespace
# support (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. (boolean
# value)
#ovs_use_veth = false

#
# From oslo.log
#

# The name of a logging configuration file. This file is appended to any
# existing logging configuration files. For details about logging configuration
# files, see the Python logging module documentation. Note that when logging
# configuration files are used all logging configuration is defined in the
# configuration file and other logging configuration options are ignored.
# (string value)
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append = <None>

# Format string to use for log messages with context. (string value)
#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s

# Format string to use for log messages when context is undefined. (string
# value)
#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

# Additional data to append to log message when logging level for the message
# is DEBUG. (string value)
#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d

# Prefix each line of exception output with this format. (string value)
#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

# Defines the format string for %(user_identity)s that is used in
# logging_context_format_string. (string value)
#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s

# List of package logging levels in logger=LEVEL pairs. This option is ignored
# if log_config_append is set. (list value)
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN

# Uses logging handler designed to watch file system. When log file is moved or
# removed this handler will open a new log file with specified path
# instantaneously. It makes sense only if log_file option is specified and
# Linux platform is used. This option is ignored if log_config_append is set.
# (boolean value)
#watch_log_file = false

# Enables or disables publication of error events. (boolean value)
#publish_errors = false

# If set to true, the logging level will be set to DEBUG instead of the default
# INFO level. (boolean value)
#debug = false

# If set to false, the logging level will be set to WARNING instead of the
# default INFO level. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#verbose = true

# Use syslog for logging. Existing syslog format is DEPRECATED and will be
# changed later to honor RFC5424. This option is ignored if log_config_append
# is set. (boolean value)
#use_syslog = false

# The format for an instance that is passed with the log message. (string
# value)
#instance_format = "[instance: %(uuid)s] "

# Enables or disables syslog rfc5424 format for logging. If enabled, prefixes
# the MSG part of the syslog message with APP-NAME (RFC5424). The format
# without the APP-NAME is deprecated in Kilo, and will be removed in Mitaka,
# along with this option. This option is ignored if log_config_append is set.
# (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#use_syslog_rfc_format = true

# Defines the format string for %%(asctime)s in log records. Default:
# %(default)s . This option is ignored if log_config_append is set. (string
# value)
#log_date_format = %Y-%m-%d %H:%M:%S

# (Optional) Name of log file to send logging output to. If no default is set,
# logging will go to stderr as defined by use_stderr. This option is ignored if
# log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file = <None>

# Syslog facility to receive log lines. This option is ignored if
# log_config_append is set. (string value)
#syslog_log_facility = LOG_USER

# The format for an instance UUID that is passed with the log message. (string
# value)
#instance_uuid_format = "[instance: %(uuid)s] "

# (Optional) The base directory used for relative log_file  paths. This option
# is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logdir
#log_dir = <None>

# Enables or disables fatal status of deprecations. (boolean value)
#fatal_deprecations = false

# Log output to standard error. This option is ignored if log_config_append is
# set. (boolean value)
#use_stderr = true


[haproxy]

#
# From neutron.lbaas.agent
#

# The user group (string value)
# Deprecated group/name - [DEFAULT]/user_group
#user_group = nogroup

# When delete and re-add the same vip, send this many gratuitous ARPs to flush
# the ARP cache in the Router. Set it below or equal to 0 to disable this
# feature. (integer value)
#send_gratuitous_arp = 3

# Location to store config and state files (string value)
# Deprecated group/name - [DEFAULT]/loadbalancer_state_path
#loadbalancer_state_path = $state_path/lbaas

services_lbaas.conf

[DEFAULT]


[haproxy]

#
# From neutron.lbaas.service
#

# Location to store config and state files (string value)
# Deprecated group/name - [DEFAULT]/loadbalancer_state_path
#loadbalancer_state_path = $state_path/lbaas

# The user group (string value)
# Deprecated group/name - [DEFAULT]/user_group
#user_group = nogroup

# Seconds between periodic task runs (integer value)
#periodic_interval = 10

# Jinja template file for haproxy configuration (string value)
#jinja_config_template = /home/venkatamahesh/programs/openstack/neutron-lbaas/neutron_lbaas/services/loadbalancer/drivers/haproxy/templates/haproxy.loadbalancer.j2

# The driver used to manage the virtual interface. (string value)
#interface_driver = <None>

# When delete and re-add the same vip, send this many gratuitous ARPs to flush
# the ARP cache in the Router. Set it below or equal to 0 to disable this
# feature. (integer value)
#send_gratuitous_arp = 3


[netscaler_driver]

#
# From neutron.lbaas.service
#

# Username to login to the NetScaler Control Center Server. (string value)
#netscaler_ncc_username = <None>

# The URL to reach the NetScaler Control Center Server. (string value)
#netscaler_ncc_uri = <None>

# Password to login to the NetScaler Control Center Server. (string value)
#netscaler_ncc_password = <None>


[octavia]

#
# From neutron.lbaas.service
#

# Time to stop polling octavia when a status of an entity does not change.
# (integer value)
#request_poll_timeout = 100

# True if Octavia will be responsible for allocating the VIP. False if neutron-
# lbaas will allocate it and pass to Octavia. (boolean value)
#allocates_vip = false

# Interval in seconds to poll octavia when an entity is created, updated, or
# deleted. (integer value)
#request_poll_interval = 3

# URL of Octavia controller root (string value)
#base_url = http://127.0.0.1:9876


[radware]

#
# From neutron.lbaas.service
#

# Service ADC version. (string value)
#service_adc_version =

# Name of the l4 workflow action. Default: BaseCreate. (string value)
#l4_action_name = BaseCreate

# List of actions that are not pushed to the completion queue. (list value)
#actions_to_skip = setup_l2_l3

# Enables or disables the Service HA pair. Default: False. (boolean value)
#service_ha_pair = false

# IP address of vDirect server. (string value)
#vdirect_address = <None>

# Resource pool IDs. (list value)
#service_resource_pool_ids =

# Service throughput. Default: 1000. (integer value)
#service_throughput = 1000

# Name of l2_l3 workflow. Default: openstack_l2_l3. (string value)
#l2_l3_workflow_name = openstack_l2_l3

# IP address of secondary vDirect server. (string value)
#ha_secondary_address = <None>

# A required VLAN for the interswitch link to use. (integer value)
#service_isl_vlan = -1

# vDirect user name. (string value)
#vdirect_user = vDirect

# Parameter for l2_l3 workflow setup. (dict value)
#l2_l3_setup_params = data_ip_address:192.168.200.99,data_ip_mask:255.255.255.0,data_port:1,gateway:192.168.200.1,ha_port:2

# Service SSL throughput. Default: 100. (integer value)
#service_ssl_throughput = 100

# vDirect user password. (string value)
#vdirect_password = radware

# Parameter for l2_l3 workflow constructor. (dict value)
#l2_l3_ctor_params = allocate_ha_ips:True,allocate_ha_vrrp:True,ha_ip_pool_name:default,ha_network_name:HA-Network,service:_REPLACE_,twoleg_enabled:_REPLACE_

# Service compression throughput. Default: 100. (integer value)
#service_compression_throughput = 100

# Name of l4 workflow. Default: openstack_l4. (string value)
#l4_workflow_name = openstack_l4

# Service ADC type. Default: VA. (string value)
#service_adc_type = VA

# Enable or disable Alteon interswitch link for stateful session failover.
# Default: False. (boolean value)
#service_session_mirroring_enabled = false

# Size of service cache. Default: 20. (integer value)
#service_cache = 20


[radwarev2]

#
# From neutron.lbaas.service
#

# Name of the workflow action for statistics. Default: stats. (string value)
#stats_action_name = stats

# Service throughput. Default: 1000. (integer value)
#service_throughput = 1000

# vDirect user name. (string value)
#vdirect_user = vDirect

# Resource pool IDs. (list value)
#service_resource_pool_ids =

# A required VLAN for the interswitch link to use. (integer value)
#service_isl_vlan = -1

# Service SSL throughput. Default: 100. (integer value)
#service_ssl_throughput = 100

# vDirect user password. (string value)
#vdirect_password = radware

# Enable or disable Alteon interswitch link for stateful session failover.
# Default: False. (boolean value)
#service_session_mirroring_enabled = false

# Parameter for l2_l3 workflow constructor. (dict value)
#workflow_params = allocate_ha_ips:True,allocate_ha_vrrp:True,data_ip_address:192.168.200.99,data_ip_mask:255.255.255.0,data_port:1,gateway:192.168.200.1,ha_ip_pool_name:default,ha_network_name:HA-Network,ha_port:2,twoleg_enabled:_REPLACE_

# IP address of vDirect server. (string value)
#vdirect_address = <None>

# Service ADC type. Default: VA. (string value)
#service_adc_type = VA

# Name of the workflow template. Default: os_lb_v2. (string value)
#workflow_template_name = os_lb_v2

# Size of service cache. Default: 20. (integer value)
#service_cache = 20

# Service compression throughput. Default: 100. (integer value)
#service_compression_throughput = 100

# Service ADC version. (string value)
#service_adc_version =

# Name of child workflow templates used.Default: manage_l3 (list value)
#child_workflow_template_names = manage_l3

# Enables or disables the Service HA pair. Default: False. (boolean value)
#service_ha_pair = false

# Name of the workflow action. Default: apply. (string value)
#workflow_action_name = apply

# IP address of secondary vDirect server. (string value)
#ha_secondary_address = <None>


[radwarev2_debug]

#
# From neutron.lbaas.service
#

# Provision ADC service? (boolean value)
#provision_service = true

# Configule ADC with L4 parameters? (boolean value)
#configure_l4 = true

# Configule ADC with L3 parameters? (boolean value)
#configure_l3 = true

VPN-as-a-Service (VPNaaS)

neutron_vpnaas.conf

[DEFAULT]


[service_providers]

#
# From neutron.vpnaas
#

# Defines providers for advanced services using the format:
# <service_type>:<name>:<driver>[:default] (multi valued)
#service_provider =

vpn_agent.ini

[DEFAULT]


[ipsec]

#
# From neutron.vpnaas.agent
#

# Interval for checking ipsec status (integer value)
#ipsec_status_check_interval = 60

# Enable detail logging for ipsec pluto process. If the flag set to True, the
# detailed logging will be written into config_base_dir/<pid>/log. Note: This
# setting applies to OpenSwan and LibreSwan only. StrongSwan logs to syslog.
# (boolean value)
#enable_detailed_logging = false

# Location to store ipsec server config files (string value)
#config_base_dir = $state_path/ipsec


[pluto]

#
# From neutron.vpnaas.agent
#

# A factor to increase the retry interval for each retry (floating point value)
# Deprecated group/name - [libreswan]/shutdown_check_back_off
#shutdown_check_back_off = 1.5

# Initial interval in seconds for checking if pluto daemon is shutdown (integer
# value)
# Deprecated group/name - [libreswan]/shutdown_check_timeout
#shutdown_check_timeout = 1

# The maximum number of retries for checking for pluto daemon shutdown (integer
# value)
# Deprecated group/name - [libreswan]/shutdown_check_retries
#shutdown_check_retries = 5


[strongswan]

#
# From neutron.vpnaas.agent
#

# Template file for ipsec secret configuration. (string value)
#ipsec_secret_template = /home/venkatamahesh/programs/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.secret.template

# Template file for strongswan configuration. (string value)
#strongswan_config_template = /home/venkatamahesh/programs/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/strongswan.conf.template

# The area where default StrongSwan configuration files are located. (string
# value)
#default_config_area = /etc/strongswan.d

# Template file for ipsec configuration. (string value)
#ipsec_config_template = /home/venkatamahesh/programs/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.conf.template


[vpnagent]

#
# From neutron.vpnaas.agent
#

# The vpn device drivers Neutron will use (multi valued)
#vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver, neutron_vpnaas.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver, neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver, neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver, neutron_vpnaas.services.vpn.device_drivers.fedora_strongswan_ipsec.FedoraStrongSwanDriver, neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.