openvswitch_agent.ini¶
DEFAULT¶
- rpc_response_max_timeout¶
- Type:
integer
- Default:
600
Maximum seconds to wait for a response from an RPC call.
- debug¶
- Type:
boolean
- Default:
False
- Mutable:
This option can be changed without restarting.
If set to true, the logging level will be set to DEBUG instead of the default INFO level.
- log_config_append¶
- Type:
string
- Default:
<None>
- Mutable:
This option can be changed without restarting.
The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log-date-format).
¶ Group
Name
DEFAULT
log-config
DEFAULT
log_config
- log_date_format¶
- Type:
string
- Default:
%Y-%m-%d %H:%M:%S
Defines the format string for %(asctime)s in log records. Default: the value above . This option is ignored if log_config_append is set.
- log_file¶
- Type:
string
- Default:
<None>
(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.
¶ Group
Name
DEFAULT
logfile
- log_dir¶
- Type:
string
- Default:
<None>
(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.
¶ Group
Name
DEFAULT
logdir
- watch_log_file¶
- Type:
boolean
- Default:
False
Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.
- use_syslog¶
- Type:
boolean
- Default:
False
Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.
- use_journal¶
- Type:
boolean
- Default:
False
Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.
- syslog_log_facility¶
- Type:
string
- Default:
LOG_USER
Syslog facility to receive log lines. This option is ignored if log_config_append is set.
- use_json¶
- Type:
boolean
- Default:
False
Use JSON formatting for logging. This option is ignored if log_config_append is set.
- use_stderr¶
- Type:
boolean
- Default:
False
Log output to standard error. This option is ignored if log_config_append is set.
- use_eventlog¶
- Type:
boolean
- Default:
False
Log output to Windows Event Log.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
- Reason:
Windows support is no longer maintained.
- log_rotate_interval¶
- Type:
integer
- Default:
1
The amount of time before the log files are rotated. This option is ignored unless log_rotation_type is set to “interval”.
- log_rotate_interval_type¶
- Type:
string
- Default:
days
- Valid Values:
Seconds, Minutes, Hours, Days, Weekday, Midnight
Rotation interval type. The time of the last file change (or the time when the service was started) is used when scheduling the next rotation.
- max_logfile_count¶
- Type:
integer
- Default:
30
Maximum number of rotated log files.
- max_logfile_size_mb¶
- Type:
integer
- Default:
200
Log file maximum size in MB. This option is ignored if “log_rotation_type” is not set to “size”.
- log_rotation_type¶
- Type:
string
- Default:
none
- Valid Values:
interval, size, none
Log rotation type.
Possible values
- interval
Rotate logs at predefined time intervals.
- size
Rotate logs once they reach a predefined size.
- none
Do not rotate log files.
- logging_context_format_string¶
- Type:
string
- Default:
%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s
Format string to use for log messages with context. Used by oslo_log.formatters.ContextFormatter
- logging_default_format_string¶
- Type:
string
- Default:
%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
Format string to use for log messages when context is undefined. Used by oslo_log.formatters.ContextFormatter
- logging_debug_format_suffix¶
- Type:
string
- Default:
%(funcName)s %(pathname)s:%(lineno)d
Additional data to append to log message when logging level for the message is DEBUG. Used by oslo_log.formatters.ContextFormatter
- logging_exception_prefix¶
- Type:
string
- Default:
%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
Prefix each line of exception output with this format. Used by oslo_log.formatters.ContextFormatter
- logging_user_identity_format¶
- Type:
string
- Default:
%(user)s %(project)s %(domain)s %(system_scope)s %(user_domain)s %(project_domain)s
Defines the format string for %(user_identity)s that is used in logging_context_format_string. Used by oslo_log.formatters.ContextFormatter
- default_log_levels¶
- Type:
list
- Default:
['amqp=WARN', 'amqplib=WARN', 'boto=WARN', 'qpid=WARN', 'sqlalchemy=WARN', 'suds=INFO', 'oslo.messaging=INFO', 'oslo_messaging=INFO', 'iso8601=WARN', 'requests.packages.urllib3.connectionpool=WARN', 'urllib3.connectionpool=WARN', 'websocket=WARN', 'requests.packages.urllib3.util.retry=WARN', 'urllib3.util.retry=WARN', 'keystonemiddleware=WARN', 'routes.middleware=WARN', 'stevedore=WARN', 'taskflow=WARN', 'keystoneauth=WARN', 'oslo.cache=INFO', 'oslo_policy=INFO', 'dogpile.core.dogpile=INFO']
List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.
- publish_errors¶
- Type:
boolean
- Default:
False
Enables or disables publication of error events.
- instance_format¶
- Type:
string
- Default:
"[instance: %(uuid)s] "
The format for an instance that is passed with the log message.
- instance_uuid_format¶
- Type:
string
- Default:
"[instance: %(uuid)s] "
The format for an instance UUID that is passed with the log message.
- rate_limit_interval¶
- Type:
integer
- Default:
0
Interval, number of seconds, of log rate limiting.
- rate_limit_burst¶
- Type:
integer
- Default:
0
Maximum number of logged messages per rate_limit_interval.
- rate_limit_except_level¶
- Type:
string
- Default:
CRITICAL
Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered.
- fatal_deprecations¶
- Type:
boolean
- Default:
False
Enables or disables fatal status of deprecations.
agent¶
- minimize_polling¶
- Type:
boolean
- Default:
True
Minimize polling by monitoring OVSDB for interface changes.
- ovsdb_monitor_respawn_interval¶
- Type:
integer
- Default:
30
The number of seconds to wait before respawning the OVSDB monitor after losing communication with it.
- tunnel_types¶
- Type:
list
- Default:
[]
Network types supported by the agent (gre, vxlan and/or geneve).
- vxlan_udp_port¶
- Type:
port number
- Default:
4789
- Minimum Value:
0
- Maximum Value:
65535
The UDP port to use for VXLAN tunnels.
- l2_population¶
- Type:
boolean
- Default:
False
Use ML2 l2population mechanism driver to learn remote MAC and IPs and improve tunnel scalability.
- arp_responder¶
- Type:
boolean
- Default:
False
Enable local ARP responder if it is supported. Requires OVS 2.1 and ML2 l2population driver. Allows the switch (when supporting an overlay) to respond to an ARP request locally without performing a costly ARP broadcast into the overlay. NOTE: If enable_distributed_routing is set to True then arp_responder will automatically be set to True in the agent, regardless of the setting in the config file.
- dont_fragment¶
- Type:
boolean
- Default:
True
Set or un-set the do not fragment (DF) bit on outgoing IP packet carrying GRE/VXLAN tunnel.
- enable_distributed_routing¶
- Type:
boolean
- Default:
False
Make the l2 agent run in DVR mode.
- drop_flows_on_start¶
- Type:
boolean
- Default:
False
Reset flow table on start. Setting this to True will cause brief traffic interruption.
- tunnel_csum¶
- Type:
boolean
- Default:
False
Set or un-set the tunnel header checksum on outgoing IP packet carrying GRE/VXLAN tunnel.
- baremetal_smartnic¶
- Type:
boolean
- Default:
False
Enable the agent to process Smart NIC ports.
- explicitly_egress_direct¶
- Type:
boolean
- Default:
False
When set to True, the accepted egress unicast traffic will not use action NORMAL. The accepted egress packets will be taken care of in the final egress tables direct output flows for unicast traffic. This will aslo change the pipleline for ingress traffic to ports without security, the final output action will be hit in table 94.
- extensions¶
- Type:
list
- Default:
[]
Extensions list to use
dhcp¶
- enable_ipv6¶
- Type:
boolean
- Default:
True
When set to True, the OVS agent DHCP extension will add related flows for DHCPv6 packets.
- dhcp_renewal_time¶
- Type:
integer
- Default:
0
DHCP renewal time T1 (in seconds). If set to 0, it will default to half of the lease time.
- dhcp_rebinding_time¶
- Type:
integer
- Default:
0
DHCP rebinding time T2 (in seconds). If set to 0, it will default to 7/8 of the lease time.
metadata¶
- auth_ca_cert¶
- Type:
string
- Default:
<None>
Certificate Authority public key (CA cert) file for ssl
- nova_metadata_host¶
- Type:
host address
- Default:
127.0.0.1
IP address or DNS name of Nova metadata server.
- nova_metadata_port¶
- Type:
port number
- Default:
8775
- Minimum Value:
0
- Maximum Value:
65535
TCP Port used by Nova metadata server.
- Type:
string
- Default:
''
When proxying metadata requests, Neutron signs the Instance-ID header with a shared secret to prevent spoofing. You may select any string for a secret, but it must match here and in the configuration used by the Nova metadata server. NOTE: Nova uses the same config key, but in [neutron] section.
- nova_metadata_protocol¶
- Type:
string
- Default:
http
- Valid Values:
http, https
Protocol to access Nova metadata, http or https
- nova_metadata_insecure¶
- Type:
boolean
- Default:
False
Allow to perform insecure SSL (https) requests to Nova metadata
- nova_client_cert¶
- Type:
string
- Default:
''
Client certificate for Nova metadata api server.
- nova_client_priv_key¶
- Type:
string
- Default:
''
Private key of client certificate.
network_log¶
- rate_limit¶
- Type:
integer
- Default:
100
- Minimum Value:
100
Maximum packets logging per second.
- burst_limit¶
- Type:
integer
- Default:
25
- Minimum Value:
25
Maximum number of packets per rate_limit.
- local_output_log_base¶
- Type:
string
- Default:
<None>
Output logfile path on agent side, default syslog file.
ovs¶
- integration_bridge¶
- Type:
string
- Default:
br-int
Integration bridge to use. Do not change this parameter unless you have a good reason to. This is the name of the OVS integration bridge. There is one per hypervisor. The integration bridge acts as a virtual ‘patch bay’. All VM VIFs are attached to this bridge and then ‘patched’ according to their network connectivity.
- tunnel_bridge¶
- Type:
string
- Default:
br-tun
Tunnel bridge to use.
- int_peer_patch_port¶
- Type:
string
- Default:
patch-tun
Peer patch port in integration bridge for tunnel bridge.
- tun_peer_patch_port¶
- Type:
string
- Default:
patch-int
Peer patch port in tunnel bridge for integration bridge.
- local_ip¶
- Type:
ip address
- Default:
<None>
IP address of local overlay (tunnel) network endpoint. Use either an IPv4 or IPv6 address that resides on one of the host network interfaces. The IP version of this value must match the value of the ‘overlay_ip_version’ option in the ML2 plug-in configuration file on the neutron server node(s).
- bridge_mappings¶
- Type:
list
- Default:
[]
Comma-separated list of <physical_network>:<bridge> tuples mapping physical network names to the agent’s node-specific Open vSwitch bridge names to be used for flat and VLAN networks. The length of bridge names should be no more than 11. Each bridge must exist, and should have a physical network interface configured as a port. All physical networks configured on the server should have mappings to appropriate bridges on each agent. Note: If you remove a bridge from this mapping, make sure to disconnect it from the integration bridge as it won’t be managed by the agent anymore.
- resource_provider_bandwidths¶
- Type:
list
- Default:
[]
Comma-separated list of <bridge>:<egress_bw>:<ingress_bw> tuples, showing the available bandwidth for the given bridge in the given direction. The direction is meant from VM perspective. Bandwidth is measured in kilobits per second (kbps). The bridge must appear in bridge_mappings as the value. But not all bridges in bridge_mappings must be listed here. For a bridge not listed here we neither create a resource provider in placement nor report inventories against. An omitted direction means we do not report an inventory for the corresponding class.
- resource_provider_hypervisors¶
- Type:
dict
- Default:
{}
Mapping of bridges to hypervisors: <bridge>:<hypervisor>,… hypervisor name is used to locate the parent of the resource provider tree. Only needs to be set in the rare case when the hypervisor name is different from the resource_provider_default_hypervisor config option value as known by the nova-compute managing that hypervisor.
- resource_provider_packet_processing_without_direction¶
- Type:
list
- Default:
[]
Comma-separated list of <hypervisor>:<packet_rate> tuples, defining the minimum packet rate the OVS backend can guarantee in kilo (1000) packet per second. The hypervisor name is used to locate the parent of the resource provider tree. Only needs to be set in the rare case when the hypervisor name is different from the DEFAULT.host config option value as known by the nova-compute managing that hypervisor or if multiple hypervisors are served by the same OVS backend. The default is :0 which means no packet processing capacity is guaranteed on the hypervisor named according to DEFAULT.host.
- resource_provider_packet_processing_with_direction¶
- Type:
list
- Default:
[]
Similar to the resource_provider_packet_processing_without_direction but used in case the OVS backend has hardware offload capabilities. In this case the format is <hypervisor>:<egress_pkt_rate>:<ingress_pkt_rate> which allows defining packet processing capacity per traffic direction. The direction is meant from the VM perspective. Note that the resource_provider_packet_processing_without_direction and the resource_provider_packet_processing_with_direction are mutually exclusive options.
- resource_provider_default_hypervisor¶
- Type:
string
- Default:
<None>
The default hypervisor name used to locate the parent of the resource provider. If this option is not set, canonical name is used
- resource_provider_inventory_defaults¶
- Type:
dict
- Default:
{'allocation_ratio': 1.0, 'min_unit': 1, 'step_size': 1, 'reserved': 0}
Key:value pairs to specify defaults used while reporting resource provider inventories. Possible keys with their types: allocation_ratio:float, max_unit:int, min_unit:int, reserved:int, step_size:int, See also: https://docs.openstack.org/api-ref/placement/#update-resource-provider-inventories
- resource_provider_packet_processing_inventory_defaults¶
- Type:
dict
- Default:
{'allocation_ratio': 1.0, 'min_unit': 1, 'step_size': 1, 'reserved': 0}
Key:value pairs to specify defaults used while reporting packet rate inventories. Possible keys with their types: allocation_ratio:float, max_unit:int, min_unit:int, reserved:int, step_size:int, See also: https://docs.openstack.org/api-ref/placement/#update-resource-provider-inventories
- datapath_type¶
- Type:
string
- Default:
system
- Valid Values:
system, netdev
OVS datapath to use. ‘system’ is the default value and corresponds to the kernel datapath. To enable the userspace datapath set this value to ‘netdev’.
- vhostuser_socket_dir¶
- Type:
string
- Default:
/var/run/openvswitch
OVS vhost-user socket directory.
- of_listen_address¶
- Type:
ip address
- Default:
127.0.0.1
Address to listen on for OpenFlow connections.
- of_listen_port¶
- Type:
port number
- Default:
6633
- Minimum Value:
0
- Maximum Value:
65535
Port to listen on for OpenFlow connections.
- of_connect_timeout¶
- Type:
integer
- Default:
300
Timeout in seconds to wait for the local switch connecting the controller.
- of_request_timeout¶
- Type:
integer
- Default:
300
Timeout in seconds to wait for a single OpenFlow request.
- of_inactivity_probe¶
- Type:
integer
- Default:
10
The inactivity_probe interval in seconds for the local switch connection to the controller. A value of 0 disables inactivity probes.
- openflow_processed_per_port¶
- Type:
boolean
- Default:
False
If enabled, all OpenFlow rules associated to a port are processed at once, in one single transaction. That avoids possible inconsistencies during OVS agent restart and port updates. If disabled, the flows will be processed in batches of
_constants.AGENT_RES_PROCESSING_STEP
number of OpenFlow rules.
- ovsdb_connection¶
- Type:
string
- Default:
tcp:127.0.0.1:6640
The connection string for the OVSDB backend. Will be used for all OVSDB commands and by ovsdb-client when monitoring
- ssl_key_file¶
- Type:
string
- Default:
<None>
The SSL private key file to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection
- ssl_cert_file¶
- Type:
string
- Default:
<None>
The SSL certificate file to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection
- ssl_ca_cert_file¶
- Type:
string
- Default:
<None>
The Certificate Authority (CA) certificate to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection
- ovsdb_debug¶
- Type:
boolean
- Default:
False
Enable OVSDB debug logs
securitygroup¶
- firewall_driver¶
- Type:
string
- Default:
<None>
Driver for security groups firewall in the L2 agent
- enable_security_group¶
- Type:
boolean
- Default:
True
Controls whether the neutron security group API is enabled in the server. It should be false when using no security groups or using the Nova security group API.
- enable_ipset¶
- Type:
boolean
- Default:
True
Use IPsets to speed-up the iptables based security groups. Enabling IPset support requires that ipset is installed on the L2 agent node.
- permitted_ethertypes¶
- Type:
list
- Default:
[]
Comma-separated list of ethertypes to be permitted, in hexadecimal (starting with “0x”). For example, “0x4008” to permit InfiniBand.