openvswitch_agent.ini

DEFAULT

rpc_response_max_timeout
Type:

integer

Default:

600

Maximum seconds to wait for a response from an RPC call.

debug
Type:

boolean

Default:

False

Mutable:

This option can be changed without restarting.

If set to true, the logging level will be set to DEBUG instead of the default INFO level.

log_config_append
Type:

string

Default:

<None>

Mutable:

This option can be changed without restarting.

The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log-date-format).

Deprecated Variations

Group

Name

DEFAULT

log-config

DEFAULT

log_config

log_date_format
Type:

string

Default:

%Y-%m-%d %H:%M:%S

Defines the format string for %(asctime)s in log records. Default: the value above . This option is ignored if log_config_append is set.

log_file
Type:

string

Default:

<None>

(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.

Deprecated Variations

Group

Name

DEFAULT

logfile

log_dir
Type:

string

Default:

<None>

(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.

Deprecated Variations

Group

Name

DEFAULT

logdir

watch_log_file
Type:

boolean

Default:

False

Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.

use_syslog
Type:

boolean

Default:

False

Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.

use_journal
Type:

boolean

Default:

False

Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.

syslog_log_facility
Type:

string

Default:

LOG_USER

Syslog facility to receive log lines. This option is ignored if log_config_append is set.

use_json
Type:

boolean

Default:

False

Use JSON formatting for logging. This option is ignored if log_config_append is set.

use_stderr
Type:

boolean

Default:

False

Log output to standard error. This option is ignored if log_config_append is set.

use_eventlog
Type:

boolean

Default:

False

Log output to Windows Event Log.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:

Windows support is no longer maintained.

log_rotate_interval
Type:

integer

Default:

1

The amount of time before the log files are rotated. This option is ignored unless log_rotation_type is set to “interval”.

log_rotate_interval_type
Type:

string

Default:

days

Valid Values:

Seconds, Minutes, Hours, Days, Weekday, Midnight

Rotation interval type. The time of the last file change (or the time when the service was started) is used when scheduling the next rotation.

max_logfile_count
Type:

integer

Default:

30

Maximum number of rotated log files.

max_logfile_size_mb
Type:

integer

Default:

200

Log file maximum size in MB. This option is ignored if “log_rotation_type” is not set to “size”.

log_rotation_type
Type:

string

Default:

none

Valid Values:

interval, size, none

Log rotation type.

Possible values

interval

Rotate logs at predefined time intervals.

size

Rotate logs once they reach a predefined size.

none

Do not rotate log files.

logging_context_format_string
Type:

string

Default:

%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s

Format string to use for log messages with context. Used by oslo_log.formatters.ContextFormatter

logging_default_format_string
Type:

string

Default:

%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

Format string to use for log messages when context is undefined. Used by oslo_log.formatters.ContextFormatter

logging_debug_format_suffix
Type:

string

Default:

%(funcName)s %(pathname)s:%(lineno)d

Additional data to append to log message when logging level for the message is DEBUG. Used by oslo_log.formatters.ContextFormatter

logging_exception_prefix
Type:

string

Default:

%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

Prefix each line of exception output with this format. Used by oslo_log.formatters.ContextFormatter

logging_user_identity_format
Type:

string

Default:

%(user)s %(project)s %(domain)s %(system_scope)s %(user_domain)s %(project_domain)s

Defines the format string for %(user_identity)s that is used in logging_context_format_string. Used by oslo_log.formatters.ContextFormatter

default_log_levels
Type:

list

Default:

['amqp=WARN', 'amqplib=WARN', 'boto=WARN', 'qpid=WARN', 'sqlalchemy=WARN', 'suds=INFO', 'oslo.messaging=INFO', 'oslo_messaging=INFO', 'iso8601=WARN', 'requests.packages.urllib3.connectionpool=WARN', 'urllib3.connectionpool=WARN', 'websocket=WARN', 'requests.packages.urllib3.util.retry=WARN', 'urllib3.util.retry=WARN', 'keystonemiddleware=WARN', 'routes.middleware=WARN', 'stevedore=WARN', 'taskflow=WARN', 'keystoneauth=WARN', 'oslo.cache=INFO', 'oslo_policy=INFO', 'dogpile.core.dogpile=INFO']

List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.

publish_errors
Type:

boolean

Default:

False

Enables or disables publication of error events.

instance_format
Type:

string

Default:

"[instance: %(uuid)s] "

The format for an instance that is passed with the log message.

instance_uuid_format
Type:

string

Default:

"[instance: %(uuid)s] "

The format for an instance UUID that is passed with the log message.

rate_limit_interval
Type:

integer

Default:

0

Interval, number of seconds, of log rate limiting.

rate_limit_burst
Type:

integer

Default:

0

Maximum number of logged messages per rate_limit_interval.

rate_limit_except_level
Type:

string

Default:

CRITICAL

Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered.

fatal_deprecations
Type:

boolean

Default:

False

Enables or disables fatal status of deprecations.

agent

minimize_polling
Type:

boolean

Default:

True

Minimize polling by monitoring OVSDB for interface changes.

ovsdb_monitor_respawn_interval
Type:

integer

Default:

30

The number of seconds to wait before respawning the OVSDB monitor after losing communication with it.

tunnel_types
Type:

list

Default:

[]

Network types supported by the agent (gre, vxlan and/or geneve).

vxlan_udp_port
Type:

port number

Default:

4789

Minimum Value:

0

Maximum Value:

65535

The UDP port to use for VXLAN tunnels.

l2_population
Type:

boolean

Default:

False

Use ML2 l2population mechanism driver to learn remote MAC and IPs and improve tunnel scalability.

arp_responder
Type:

boolean

Default:

False

Enable local ARP responder if it is supported. Requires OVS 2.1 and ML2 l2population driver. Allows the switch (when supporting an overlay) to respond to an ARP request locally without performing a costly ARP broadcast into the overlay. NOTE: If enable_distributed_routing is set to True then arp_responder will automatically be set to True in the agent, regardless of the setting in the config file.

dont_fragment
Type:

boolean

Default:

True

Set or un-set the do not fragment (DF) bit on outgoing IP packet carrying GRE/VXLAN tunnel.

enable_distributed_routing
Type:

boolean

Default:

False

Make the l2 agent run in DVR mode.

drop_flows_on_start
Type:

boolean

Default:

False

Reset flow table on start. Setting this to True will cause brief traffic interruption.

tunnel_csum
Type:

boolean

Default:

False

Set or un-set the tunnel header checksum on outgoing IP packet carrying GRE/VXLAN tunnel.

baremetal_smartnic
Type:

boolean

Default:

False

Enable the agent to process Smart NIC ports.

explicitly_egress_direct
Type:

boolean

Default:

False

When set to True, the accepted egress unicast traffic will not use action NORMAL. The accepted egress packets will be taken care of in the final egress tables direct output flows for unicast traffic. This will aslo change the pipleline for ingress traffic to ports without security, the final output action will be hit in table 94.

extensions
Type:

list

Default:

[]

Extensions list to use

dhcp

enable_ipv6
Type:

boolean

Default:

True

When set to True, the OVS agent DHCP extension will add related flows for DHCPv6 packets.

dhcp_renewal_time
Type:

integer

Default:

0

DHCP renewal time T1 (in seconds). If set to 0, it will default to half of the lease time.

dhcp_rebinding_time
Type:

integer

Default:

0

DHCP rebinding time T2 (in seconds). If set to 0, it will default to 7/8 of the lease time.

metadata

auth_ca_cert
Type:

string

Default:

<None>

Certificate Authority public key (CA cert) file for ssl

nova_metadata_host
Type:

host address

Default:

127.0.0.1

IP address or DNS name of Nova metadata server.

nova_metadata_port
Type:

port number

Default:

8775

Minimum Value:

0

Maximum Value:

65535

TCP Port used by Nova metadata server.

metadata_proxy_shared_secret
Type:

string

Default:

''

When proxying metadata requests, Neutron signs the Instance-ID header with a shared secret to prevent spoofing. You may select any string for a secret, but it must match here and in the configuration used by the Nova metadata server. NOTE: Nova uses the same config key, but in [neutron] section.

nova_metadata_protocol
Type:

string

Default:

http

Valid Values:

http, https

Protocol to access Nova metadata, http or https

nova_metadata_insecure
Type:

boolean

Default:

False

Allow to perform insecure SSL (https) requests to Nova metadata

nova_client_cert
Type:

string

Default:

''

Client certificate for Nova metadata api server.

nova_client_priv_key
Type:

string

Default:

''

Private key of client certificate.

network_log

rate_limit
Type:

integer

Default:

100

Minimum Value:

100

Maximum packets logging per second.

burst_limit
Type:

integer

Default:

25

Minimum Value:

25

Maximum number of packets per rate_limit.

local_output_log_base
Type:

string

Default:

<None>

Output logfile path on agent side, default syslog file.

ovs

integration_bridge
Type:

string

Default:

br-int

Integration bridge to use. Do not change this parameter unless you have a good reason to. This is the name of the OVS integration bridge. There is one per hypervisor. The integration bridge acts as a virtual ‘patch bay’. All VM VIFs are attached to this bridge and then ‘patched’ according to their network connectivity.

tunnel_bridge
Type:

string

Default:

br-tun

Tunnel bridge to use.

int_peer_patch_port
Type:

string

Default:

patch-tun

Peer patch port in integration bridge for tunnel bridge.

tun_peer_patch_port
Type:

string

Default:

patch-int

Peer patch port in tunnel bridge for integration bridge.

local_ip
Type:

ip address

Default:

<None>

IP address of local overlay (tunnel) network endpoint. Use either an IPv4 or IPv6 address that resides on one of the host network interfaces. The IP version of this value must match the value of the ‘overlay_ip_version’ option in the ML2 plug-in configuration file on the neutron server node(s).

bridge_mappings
Type:

list

Default:

[]

Comma-separated list of <physical_network>:<bridge> tuples mapping physical network names to the agent’s node-specific Open vSwitch bridge names to be used for flat and VLAN networks. The length of bridge names should be no more than 11. Each bridge must exist, and should have a physical network interface configured as a port. All physical networks configured on the server should have mappings to appropriate bridges on each agent. Note: If you remove a bridge from this mapping, make sure to disconnect it from the integration bridge as it won’t be managed by the agent anymore.

resource_provider_bandwidths
Type:

list

Default:

[]

Comma-separated list of <bridge>:<egress_bw>:<ingress_bw> tuples, showing the available bandwidth for the given bridge in the given direction. The direction is meant from VM perspective. Bandwidth is measured in kilobits per second (kbps). The bridge must appear in bridge_mappings as the value. But not all bridges in bridge_mappings must be listed here. For a bridge not listed here we neither create a resource provider in placement nor report inventories against. An omitted direction means we do not report an inventory for the corresponding class.

resource_provider_hypervisors
Type:

dict

Default:

{}

Mapping of bridges to hypervisors: <bridge>:<hypervisor>,… hypervisor name is used to locate the parent of the resource provider tree. Only needs to be set in the rare case when the hypervisor name is different from the resource_provider_default_hypervisor config option value as known by the nova-compute managing that hypervisor.

resource_provider_packet_processing_without_direction
Type:

list

Default:

[]

Comma-separated list of <hypervisor>:<packet_rate> tuples, defining the minimum packet rate the OVS backend can guarantee in kilo (1000) packet per second. The hypervisor name is used to locate the parent of the resource provider tree. Only needs to be set in the rare case when the hypervisor name is different from the DEFAULT.host config option value as known by the nova-compute managing that hypervisor or if multiple hypervisors are served by the same OVS backend. The default is :0 which means no packet processing capacity is guaranteed on the hypervisor named according to DEFAULT.host.

resource_provider_packet_processing_with_direction
Type:

list

Default:

[]

Similar to the resource_provider_packet_processing_without_direction but used in case the OVS backend has hardware offload capabilities. In this case the format is <hypervisor>:<egress_pkt_rate>:<ingress_pkt_rate> which allows defining packet processing capacity per traffic direction. The direction is meant from the VM perspective. Note that the resource_provider_packet_processing_without_direction and the resource_provider_packet_processing_with_direction are mutually exclusive options.

resource_provider_default_hypervisor
Type:

string

Default:

<None>

The default hypervisor name used to locate the parent of the resource provider. If this option is not set, canonical name is used

resource_provider_inventory_defaults
Type:

dict

Default:

{'allocation_ratio': 1.0, 'min_unit': 1, 'step_size': 1, 'reserved': 0}

Key:value pairs to specify defaults used while reporting resource provider inventories. Possible keys with their types: allocation_ratio:float, max_unit:int, min_unit:int, reserved:int, step_size:int, See also: https://docs.openstack.org/api-ref/placement/#update-resource-provider-inventories

resource_provider_packet_processing_inventory_defaults
Type:

dict

Default:

{'allocation_ratio': 1.0, 'min_unit': 1, 'step_size': 1, 'reserved': 0}

Key:value pairs to specify defaults used while reporting packet rate inventories. Possible keys with their types: allocation_ratio:float, max_unit:int, min_unit:int, reserved:int, step_size:int, See also: https://docs.openstack.org/api-ref/placement/#update-resource-provider-inventories

datapath_type
Type:

string

Default:

system

Valid Values:

system, netdev

OVS datapath to use. ‘system’ is the default value and corresponds to the kernel datapath. To enable the userspace datapath set this value to ‘netdev’.

vhostuser_socket_dir
Type:

string

Default:

/var/run/openvswitch

OVS vhost-user socket directory.

of_listen_address
Type:

ip address

Default:

127.0.0.1

Address to listen on for OpenFlow connections.

of_listen_port
Type:

port number

Default:

6633

Minimum Value:

0

Maximum Value:

65535

Port to listen on for OpenFlow connections.

of_connect_timeout
Type:

integer

Default:

300

Timeout in seconds to wait for the local switch connecting the controller.

of_request_timeout
Type:

integer

Default:

300

Timeout in seconds to wait for a single OpenFlow request.

of_inactivity_probe
Type:

integer

Default:

10

The inactivity_probe interval in seconds for the local switch connection to the controller. A value of 0 disables inactivity probes.

openflow_processed_per_port
Type:

boolean

Default:

False

If enabled, all OpenFlow rules associated to a port are processed at once, in one single transaction. That avoids possible inconsistencies during OVS agent restart and port updates. If disabled, the flows will be processed in batches of _constants.AGENT_RES_PROCESSING_STEP number of OpenFlow rules.

ovsdb_connection
Type:

string

Default:

tcp:127.0.0.1:6640

The connection string for the OVSDB backend. Will be used for all OVSDB commands and by ovsdb-client when monitoring

ssl_key_file
Type:

string

Default:

<None>

The SSL private key file to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection

ssl_cert_file
Type:

string

Default:

<None>

The SSL certificate file to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection

ssl_ca_cert_file
Type:

string

Default:

<None>

The Certificate Authority (CA) certificate to use when interacting with OVSDB. Required when using an “ssl:” prefixed ovsdb_connection

ovsdb_debug
Type:

boolean

Default:

False

Enable OVSDB debug logs

securitygroup

firewall_driver
Type:

string

Default:

<None>

Driver for security groups firewall in the L2 agent

enable_security_group
Type:

boolean

Default:

True

Controls whether the neutron security group API is enabled in the server. It should be false when using no security groups or using the Nova security group API.

enable_ipset
Type:

boolean

Default:

True

Use IPsets to speed-up the iptables based security groups. Enabling IPset support requires that ipset is installed on the L2 agent node.

permitted_ethertypes
Type:

list

Default:

[]

Comma-separated list of ethertypes to be permitted, in hexadecimal (starting with “0x”). For example, “0x4008” to permit InfiniBand.