diff --git a/doc/config-reference/source/networking.rst b/doc/config-reference/source/networking.rst index 2c49f5f371..aa553dab0e 100644 --- a/doc/config-reference/source/networking.rst +++ b/doc/config-reference/source/networking.rst @@ -7,6 +7,7 @@ Networking networking/networking_options_reference.rst networking/networking_log.rst networking/sample-configuration-files.rst + networking/sample-configuration-files-advanced.rst tables/conf-changes/neutron.rst This chapter explains the OpenStack Networking configuration options. diff --git a/doc/config-reference/source/networking/sample-configuration-files-advanced.rst b/doc/config-reference/source/networking/sample-configuration-files-advanced.rst new file mode 100644 index 0000000000..0717293df2 --- /dev/null +++ b/doc/config-reference/source/networking/sample-configuration-files-advanced.rst @@ -0,0 +1,52 @@ +================================================ +Networking advanced services configuration files +================================================ + +The Networking advanced services such as Load-Balancer-as-a-Service (LBaaS), +Firewall-as-a-Service (FWaaS), and VPN-as-a-Service (VPNaaS) implement +the automatic generation of configuration files. Here are the sample +configuration files and you can generate the latest configuration files +by running the ``generate_config_file_samples.sh`` script provided by +each `LBaaS +`__, +`FWaaS +`__, +and `VPNaaS +`__ +services on their root directory. + +Load-Balancer-as-a-Service (LBaaS) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +neutron_lbaas.conf +------------------ + +.. literalinclude:: ../samples/neutron-lbaas/neutron_lbaas.conf.sample + :language: ini + +lbaas_agent.ini +--------------- + +.. literalinclude:: ../samples/neutron-lbaas/lbaas_agent.ini.sample + :language: ini + +services_lbaas.conf +------------------- + +.. literalinclude:: ../samples/neutron-lbaas/services_lbaas.conf.sample + :language: ini + +VPN-as-a-Service (VPNaaS) +~~~~~~~~~~~~~~~~~~~~~~~~~ + +neutron_vpnaas.conf +------------------- + +.. literalinclude:: ../samples/neutron-vpnaas/neutron_vpnaas.conf.sample + :language: ini + +vpn_agent.ini +------------- + +.. literalinclude:: ../samples/neutron-vpnaas/vpn_agent.ini.sample + :language: ini diff --git a/doc/config-reference/source/samples/neutron-lbaas/lbaas_agent.ini.sample b/doc/config-reference/source/samples/neutron-lbaas/lbaas_agent.ini.sample new file mode 100644 index 0000000000..7b8a392c50 --- /dev/null +++ b/doc/config-reference/source/samples/neutron-lbaas/lbaas_agent.ini.sample @@ -0,0 +1,155 @@ +[DEFAULT] + +# +# From neutron.lbaas.agent +# + +# Name of Open vSwitch bridge to use (string value) +#ovs_integration_bridge = br-int + +# Seconds between periodic task runs (integer value) +#periodic_interval = 10 + +# MTU setting for device. (integer value) +#network_device_mtu = + +# The driver used to manage the virtual interface. (string value) +#interface_driver = + +# Drivers used to manage loadbalancing devices (multi valued) +#device_driver = neutron_lbaas.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver + +# Uses veth for an OVS interface or not. Support kernels with limited namespace +# support (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. (boolean +# value) +#ovs_use_veth = false + +# +# From oslo.log +# + +# The name of a logging configuration file. This file is appended to any +# existing logging configuration files. For details about logging configuration +# files, see the Python logging module documentation. Note that when logging +# configuration files are used all logging configuration is defined in the +# configuration file and other logging configuration options are ignored (for +# example, log_format). (string value) +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append = + +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Format string to use for log messages when context is undefined. (string +# value) +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Additional data to append to log message when logging level for the message +# is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + +# Prefix each line of exception output with this format. (string value) +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s + +# Defines the format string for %(user_identity)s that is used in +# logging_context_format_string. (string value) +#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s + +# List of package logging levels in logger=LEVEL pairs. This option is ignored +# if log_config_append is set. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN + +# Uses logging handler designed to watch file system. When log file is moved or +# removed this handler will open a new log file with specified path +# instantaneously. It makes sense only if log_file option is specified and +# Linux platform is used. This option is ignored if log_config_append is set. +# (boolean value) +#watch_log_file = false + +# Enables or disables publication of error events. (boolean value) +#publish_errors = false + +# If set to true, the logging level will be set to DEBUG instead of the default +# INFO level. (boolean value) +#debug = false + +# If set to false, the logging level will be set to WARNING instead of the +# default INFO level. (boolean value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +#verbose = true + +# Use syslog for logging. Existing syslog format is DEPRECATED and will be +# changed later to honor RFC5424. This option is ignored if log_config_append +# is set. (boolean value) +#use_syslog = false + +# The format for an instance that is passed with the log message. (string +# value) +#instance_format = "[instance: %(uuid)s] " + +# DEPRECATED. A logging.Formatter log message format string which may use any +# of the available logging.LogRecord attributes. This option is deprecated. +# Please use logging_context_format_string and logging_default_format_string +# instead. This option is ignored if log_config_append is set. (string value) +#log_format = + +# Enables or disables syslog rfc5424 format for logging. If enabled, prefixes +# the MSG part of the syslog message with APP-NAME (RFC5424). The format +# without the APP-NAME is deprecated in Kilo, and will be removed in Mitaka, +# along with this option. This option is ignored if log_config_append is set. +# (boolean value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +#use_syslog_rfc_format = true + +# Defines the format string for %%(asctime)s in log records. Default: +# %(default)s . This option is ignored if log_config_append is set. (string +# value) +#log_date_format = %Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to send logging output to. If no default is set, +# logging will go to stderr as defined by use_stderr. This option is ignored if +# log_config_append is set. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file = + +# Syslog facility to receive log lines. This option is ignored if +# log_config_append is set. (string value) +#syslog_log_facility = LOG_USER + +# The format for an instance UUID that is passed with the log message. (string +# value) +#instance_uuid_format = "[instance: %(uuid)s] " + +# (Optional) The base directory used for relative log_file paths. This option +# is ignored if log_config_append is set. (string value) +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = + +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false + +# Log output to standard error. This option is ignored if log_config_append is +# set. (boolean value) +#use_stderr = true + + +[haproxy] + +# +# From neutron.lbaas.agent +# + +# The user group (string value) +# Deprecated group/name - [DEFAULT]/user_group +#user_group = nogroup + +# When delete and re-add the same vip, send this many gratuitous ARPs to flush +# the ARP cache in the Router. Set it below or equal to 0 to disable this +# feature. (integer value) +#send_gratuitous_arp = 3 + +# Location to store config and state files (string value) +# Deprecated group/name - [DEFAULT]/loadbalancer_state_path +#loadbalancer_state_path = $state_path/lbaas diff --git a/doc/config-reference/source/samples/neutron-lbaas/neutron_lbaas.conf.sample b/doc/config-reference/source/samples/neutron-lbaas/neutron_lbaas.conf.sample new file mode 100644 index 0000000000..c0b96ec3f9 --- /dev/null +++ b/doc/config-reference/source/samples/neutron-lbaas/neutron_lbaas.conf.sample @@ -0,0 +1,94 @@ +[DEFAULT] + +# +# From neutron.lbaas +# + +# Driver to use for scheduling to a default loadbalancer agent (string value) +#loadbalancer_scheduler_driver = neutron_lbaas.agent_scheduler.ChanceScheduler + + +[certificates] + +# +# From neutron.lbaas +# + +# Absolute path to the certificate storage directory. Defaults to +# env[OS_LBAAS_TLS_STORAGE]. (string value) +#storage_path = /var/lib/neutron-lbaas/certificates/ + +# Certificate Manager plugin. Defaults to barbican. (string value) +#cert_manager_type = barbican + + +[quotas] + +# +# From neutron.lbaas +# + +# Number of Loadbalancer Listeners allowed per tenant. A negative value means +# unlimited. (integer value) +#quota_listener = -1 + +# Number of LoadBalancers allowed per tenant. A negative value means unlimited. +# (integer value) +#quota_loadbalancer = 10 + +# Number of pool members allowed per tenant. A negative value means unlimited. +# (integer value) +#quota_member = -1 + +# Number of health monitors allowed per tenant. A negative value means +# unlimited. (integer value) +#quota_healthmonitor = -1 + +# Number of pools allowed per tenant. A negative value means unlimited. +# (integer value) +#quota_pool = 10 + + +[service_auth] + +# +# From neutron.lbaas +# + +# The deployment region (string value) +#region = RegionOne + +# The service admin user name (string value) +#admin_user = admin + +# The name of the service (string value) +#service_name = lbaas + +# Authentication endpoint (string value) +#auth_url = http://127.0.0.1:5000/v2.0 + +# The service admin tenant name (string value) +#admin_tenant_name = admin + +# The auth version used to authenticate (string value) +#auth_version = 2 + +# The service admin password (string value) +#admin_password = password + +# The admin user domain name (string value) +#admin_user_domain = admin + +# The admin project domain name (string value) +#admin_project_domain = admin + + +[service_providers] + +# +# From neutron.lbaas +# + +# Defines providers for advanced services using the format: +# ::[:default] (multi valued) +#service_provider = diff --git a/doc/config-reference/source/samples/neutron-lbaas/services_lbaas.conf.sample b/doc/config-reference/source/samples/neutron-lbaas/services_lbaas.conf.sample new file mode 100644 index 0000000000..1cfd85f986 --- /dev/null +++ b/doc/config-reference/source/samples/neutron-lbaas/services_lbaas.conf.sample @@ -0,0 +1,217 @@ +[DEFAULT] + + +[haproxy] + +# +# From neutron.lbaas.service +# + +# Location to store config and state files (string value) +# Deprecated group/name - [DEFAULT]/loadbalancer_state_path +#loadbalancer_state_path = $state_path/lbaas + +# The user group (string value) +# Deprecated group/name - [DEFAULT]/user_group +#user_group = nogroup + +# Seconds between periodic task runs (integer value) +#periodic_interval = 10 + +# Jinja template file for haproxy configuration (string value) +#jinja_config_template = /home/venkatamahesh/programs/openstack/neutron-lbaas/neutron_lbaas/services/loadbalancer/drivers/haproxy/templates/haproxy.loadbalancer.j2 + +# The driver used to manage the virtual interface. (string value) +#interface_driver = + +# When delete and re-add the same vip, send this many gratuitous ARPs to flush +# the ARP cache in the Router. Set it below or equal to 0 to disable this +# feature. (integer value) +#send_gratuitous_arp = 3 + + +[netscaler_driver] + +# +# From neutron.lbaas.service +# + +# Username to login to the NetScaler Control Center Server. (string value) +#netscaler_ncc_username = + +# The URL to reach the NetScaler Control Center Server. (string value) +#netscaler_ncc_uri = + +# Password to login to the NetScaler Control Center Server. (string value) +#netscaler_ncc_password = + + +[octavia] + +# +# From neutron.lbaas.service +# + +# Time to stop polling octavia when a status of an entity does not change. +# (integer value) +#request_poll_timeout = 100 + +# True if Octavia will be responsible for allocating the VIP. False if neutron- +# lbaas will allocate it and pass to Octavia. (boolean value) +#allocates_vip = false + +# Interval in seconds to poll octavia when an entity is created, updated, or +# deleted. (integer value) +#request_poll_interval = 3 + +# URL of Octavia controller root (string value) +#base_url = http://127.0.0.1:9876 + + +[radware] + +# +# From neutron.lbaas.service +# + +# Service ADC version. (string value) +#service_adc_version = + +# Name of the l4 workflow action. Default: BaseCreate. (string value) +#l4_action_name = BaseCreate + +# List of actions that are not pushed to the completion queue. (list value) +#actions_to_skip = setup_l2_l3 + +# Enables or disables the Service HA pair. Default: False. (boolean value) +#service_ha_pair = false + +# IP address of vDirect server. (string value) +#vdirect_address = + +# Resource pool IDs. (list value) +#service_resource_pool_ids = + +# Service throughput. Default: 1000. (integer value) +#service_throughput = 1000 + +# Name of l2_l3 workflow. Default: openstack_l2_l3. (string value) +#l2_l3_workflow_name = openstack_l2_l3 + +# IP address of secondary vDirect server. (string value) +#ha_secondary_address = + +# A required VLAN for the interswitch link to use. (integer value) +#service_isl_vlan = -1 + +# vDirect user name. (string value) +#vdirect_user = vDirect + +# Parameter for l2_l3 workflow setup. (dict value) +#l2_l3_setup_params = data_ip_address:192.168.200.99,data_ip_mask:255.255.255.0,data_port:1,gateway:192.168.200.1,ha_port:2 + +# Service SSL throughput. Default: 100. (integer value) +#service_ssl_throughput = 100 + +# vDirect user password. (string value) +#vdirect_password = radware + +# Parameter for l2_l3 workflow constructor. (dict value) +#l2_l3_ctor_params = allocate_ha_ips:True,allocate_ha_vrrp:True,ha_ip_pool_name:default,ha_network_name:HA-Network,service:_REPLACE_,twoleg_enabled:_REPLACE_ + +# Service compression throughput. Default: 100. (integer value) +#service_compression_throughput = 100 + +# Name of l4 workflow. Default: openstack_l4. (string value) +#l4_workflow_name = openstack_l4 + +# Service ADC type. Default: VA. (string value) +#service_adc_type = VA + +# Enable or disable Alteon interswitch link for stateful session failover. +# Default: False. (boolean value) +#service_session_mirroring_enabled = false + +# Size of service cache. Default: 20. (integer value) +#service_cache = 20 + + +[radwarev2] + +# +# From neutron.lbaas.service +# + +# Name of the workflow action for statistics. Default: stats. (string value) +#stats_action_name = stats + +# Service throughput. Default: 1000. (integer value) +#service_throughput = 1000 + +# vDirect user name. (string value) +#vdirect_user = vDirect + +# Resource pool IDs. (list value) +#service_resource_pool_ids = + +# A required VLAN for the interswitch link to use. (integer value) +#service_isl_vlan = -1 + +# Service SSL throughput. Default: 100. (integer value) +#service_ssl_throughput = 100 + +# vDirect user password. (string value) +#vdirect_password = radware + +# Enable or disable Alteon interswitch link for stateful session failover. +# Default: False. (boolean value) +#service_session_mirroring_enabled = false + +# Parameter for l2_l3 workflow constructor. (dict value) +#workflow_params = allocate_ha_ips:True,allocate_ha_vrrp:True,data_ip_address:192.168.200.99,data_ip_mask:255.255.255.0,data_port:1,gateway:192.168.200.1,ha_ip_pool_name:default,ha_network_name:HA-Network,ha_port:2,twoleg_enabled:_REPLACE_ + +# IP address of vDirect server. (string value) +#vdirect_address = + +# Service ADC type. Default: VA. (string value) +#service_adc_type = VA + +# Name of the workflow template. Default: os_lb_v2. (string value) +#workflow_template_name = os_lb_v2 + +# Size of service cache. Default: 20. (integer value) +#service_cache = 20 + +# Service compression throughput. Default: 100. (integer value) +#service_compression_throughput = 100 + +# Service ADC version. (string value) +#service_adc_version = + +# Name of child workflow templates used.Default: manage_l3 (list value) +#child_workflow_template_names = manage_l3 + +# Enables or disables the Service HA pair. Default: False. (boolean value) +#service_ha_pair = false + +# Name of the workflow action. Default: apply. (string value) +#workflow_action_name = apply + +# IP address of secondary vDirect server. (string value) +#ha_secondary_address = + + +[radwarev2_debug] + +# +# From neutron.lbaas.service +# + +# Provision ADC service? (boolean value) +#provision_service = true + +# Configule ADC with L4 parameters? (boolean value) +#configure_l4 = true + +# Configule ADC with L3 parameters? (boolean value) +#configure_l3 = true diff --git a/doc/config-reference/source/samples/neutron-vpnaas/neutron_vpnaas.conf.sample b/doc/config-reference/source/samples/neutron-vpnaas/neutron_vpnaas.conf.sample new file mode 100644 index 0000000000..1c85eeba08 --- /dev/null +++ b/doc/config-reference/source/samples/neutron-vpnaas/neutron_vpnaas.conf.sample @@ -0,0 +1,12 @@ +[DEFAULT] + + +[service_providers] + +# +# From neutron.vpnaas +# + +# Defines providers for advanced services using the format: +# ::[:default] (multi valued) +#service_provider = diff --git a/doc/config-reference/source/samples/neutron-vpnaas/vpn_agent.ini.sample b/doc/config-reference/source/samples/neutron-vpnaas/vpn_agent.ini.sample new file mode 100644 index 0000000000..416b4baabf --- /dev/null +++ b/doc/config-reference/source/samples/neutron-vpnaas/vpn_agent.ini.sample @@ -0,0 +1,71 @@ +[DEFAULT] + + +[ipsec] + +# +# From neutron.vpnaas.agent +# + +# Interval for checking ipsec status (integer value) +#ipsec_status_check_interval = 60 + +# Enable detail logging for ipsec pluto process. If the flag set to True, the +# detailed logging will be written into config_base_dir//log. Note: This +# setting applies to OpenSwan and LibreSwan only. StrongSwan logs to syslog. +# (boolean value) +#enable_detailed_logging = false + +# Location to store ipsec server config files (string value) +#config_base_dir = $state_path/ipsec + + +[pluto] + +# +# From neutron.vpnaas.agent +# + +# A factor to increase the retry interval for each retry (floating point value) +# Deprecated group/name - [libreswan]/shutdown_check_back_off +#shutdown_check_back_off = 1.5 + +# Initial interval in seconds for checking if pluto daemon is shutdown (integer +# value) +# Deprecated group/name - [libreswan]/shutdown_check_timeout +#shutdown_check_timeout = 1 + +# The maximum number of retries for checking for pluto daemon shutdown (integer +# value) +# Deprecated group/name - [libreswan]/shutdown_check_retries +#shutdown_check_retries = 5 + + +[strongswan] + +# +# From neutron.vpnaas.agent +# + +# Template file for ipsec secret configuration. (string value) +#ipsec_secret_template = /home/venkatamahesh/programs/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.secret.template + +# Template file for strongswan configuration. (string value) +#strongswan_config_template = /home/venkatamahesh/programs/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/strongswan.conf.template + +# The area where default StrongSwan configuration files are located. (string +# value) +#default_config_area = /etc/strongswan.d + +# Template file for ipsec configuration. (string value) +#ipsec_config_template = /home/venkatamahesh/programs/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.conf.template + + +[vpnagent] + +# +# From neutron.vpnaas.agent +# + +# The vpn device drivers Neutron will use (multi valued) +#vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver, neutron_vpnaas.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver, neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver, neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver, neutron_vpnaas.services.vpn.device_drivers.fedora_strongswan_ipsec.FedoraStrongSwanDriver, neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver