Vladimir Grevtsev 40701500b5 Enable support for security group logging
Add support to enabling logging of security groups for
OpenStack Queens or later; this feature is enabled via
the neutron-api charm, with local charm configuration
options to allow control of rate and burst limits and to
set a local log output directory if require (allowing log
data to be written to a separate partition for example).

The feature is only compatible with the openvswitch firewall
driver and will not be enabled if this configuration option
is not set.

Basic deployment tests changes is included here since
nova-cloud-controller unit and relation was missing before,
and it leads to CI constantly failing.

Corresponding charm-helpers change:
https://github.com/juju/charm-helpers/pull/228

Change-Id: Id6ed09f714981e87838186d51a4f5e693bedb1d3
Closes-Bug: #1787397
Depends-On: https://review.openstack.org/602355
2018-10-09 18:55:04 +03:00

47 lines
1.3 KiB
INI

# queens
###############################################################################
# [ WARNING ]
# Configuration file maintained by Juju. Local changes may be overwritten.
# Config managed by neutron-openvswitch charm
###############################################################################
[ovs]
enable_tunneling = True
local_ip = {{ local_ip }}
bridge_mappings = {{ bridge_mappings }}
{% if enable_dpdk -%}
datapath_type = netdev
vhostuser_socket_dir = /run/libvirt-vhost-user
{% endif -%}
[agent]
tunnel_types = {{ overlay_network_type }}
l2_population = {{ l2_population }}
enable_distributed_routing = {{ distributed_routing }}
prevent_arp_spoofing = {{ prevent_arp_spoofing }}
{% if veth_mtu -%}
veth_mtu = {{ veth_mtu }}
{% endif -%}
polling_interval = {{ polling_interval }}
{% if extension_drivers -%}
extensions = {{ extension_drivers }}
{% endif -%}
[securitygroup]
{% if neutron_security_groups and not enable_dpdk -%}
enable_security_group = True
firewall_driver = {{ firewall_driver }}
{% else -%}
enable_security_group = False
{% endif -%}
{% if enable_nsg_logging -%}
[network_log]
{% if nsg_log_rate_limit -%}
rate_limit = {{ nsg_log_rate_limit }}
{% endif -%}
burst_limit = {{ nsg_log_burst_limit }}
{% if nsg_log_output_base -%}
local_output_log_base = {{ nsg_log_output_base }}
{% endif -%}
{% endif -%}