40701500b5
Add support to enabling logging of security groups for OpenStack Queens or later; this feature is enabled via the neutron-api charm, with local charm configuration options to allow control of rate and burst limits and to set a local log output directory if require (allowing log data to be written to a separate partition for example). The feature is only compatible with the openvswitch firewall driver and will not be enabled if this configuration option is not set. Basic deployment tests changes is included here since nova-cloud-controller unit and relation was missing before, and it leads to CI constantly failing. Corresponding charm-helpers change: https://github.com/juju/charm-helpers/pull/228 Change-Id: Id6ed09f714981e87838186d51a4f5e693bedb1d3 Closes-Bug: #1787397 Depends-On: https://review.openstack.org/602355
47 lines
1.3 KiB
INI
47 lines
1.3 KiB
INI
# queens
|
|
###############################################################################
|
|
# [ WARNING ]
|
|
# Configuration file maintained by Juju. Local changes may be overwritten.
|
|
# Config managed by neutron-openvswitch charm
|
|
###############################################################################
|
|
[ovs]
|
|
enable_tunneling = True
|
|
local_ip = {{ local_ip }}
|
|
bridge_mappings = {{ bridge_mappings }}
|
|
{% if enable_dpdk -%}
|
|
datapath_type = netdev
|
|
vhostuser_socket_dir = /run/libvirt-vhost-user
|
|
{% endif -%}
|
|
|
|
[agent]
|
|
tunnel_types = {{ overlay_network_type }}
|
|
l2_population = {{ l2_population }}
|
|
enable_distributed_routing = {{ distributed_routing }}
|
|
prevent_arp_spoofing = {{ prevent_arp_spoofing }}
|
|
{% if veth_mtu -%}
|
|
veth_mtu = {{ veth_mtu }}
|
|
{% endif -%}
|
|
polling_interval = {{ polling_interval }}
|
|
{% if extension_drivers -%}
|
|
extensions = {{ extension_drivers }}
|
|
{% endif -%}
|
|
|
|
[securitygroup]
|
|
{% if neutron_security_groups and not enable_dpdk -%}
|
|
enable_security_group = True
|
|
firewall_driver = {{ firewall_driver }}
|
|
{% else -%}
|
|
enable_security_group = False
|
|
{% endif -%}
|
|
|
|
{% if enable_nsg_logging -%}
|
|
[network_log]
|
|
{% if nsg_log_rate_limit -%}
|
|
rate_limit = {{ nsg_log_rate_limit }}
|
|
{% endif -%}
|
|
burst_limit = {{ nsg_log_burst_limit }}
|
|
{% if nsg_log_output_base -%}
|
|
local_output_log_base = {{ nsg_log_output_base }}
|
|
{% endif -%}
|
|
{% endif -%}
|