[config-ref] Auto-generation of neutron-vpnaas/lbaas conf files

From mitaka, the neutron-vpnaas and neutron-lbaas configuration files
are auto-generated and so updated the documentation

Change-Id: Ia82048e704f5501e940adb1670df2db160b3753c
Closes-Bug: #1524568
Closes-Bug: #1525424
This commit is contained in:
venkatamahesh 2016-01-01 00:36:18 +05:30
parent 1ade495555
commit 14ceea0521
7 changed files with 602 additions and 0 deletions

View File

@ -7,6 +7,7 @@ Networking
networking/networking_options_reference.rst networking/networking_options_reference.rst
networking/networking_log.rst networking/networking_log.rst
networking/sample-configuration-files.rst networking/sample-configuration-files.rst
networking/sample-configuration-files-advanced.rst
tables/conf-changes/neutron.rst tables/conf-changes/neutron.rst
This chapter explains the OpenStack Networking configuration options. This chapter explains the OpenStack Networking configuration options.

View File

@ -0,0 +1,52 @@
================================================
Networking advanced services configuration files
================================================
The Networking advanced services such as Load-Balancer-as-a-Service (LBaaS),
Firewall-as-a-Service (FWaaS), and VPN-as-a-Service (VPNaaS) implement
the automatic generation of configuration files. Here are the sample
configuration files and you can generate the latest configuration files
by running the ``generate_config_file_samples.sh`` script provided by
each `LBaaS
<https://git.openstack.org/cgit/openstack/neutron-lbaas/tree/tools/generate_config_file_samples.sh>`__,
`FWaaS
<https://git.openstack.org/cgit/openstack/neutron-fwaas/tree/tools/generate_config_file_samples.sh>`__,
and `VPNaaS
<https://git.openstack.org/cgit/openstack/neutron-vpnaas/tree/tools/generate_config_file_samples.sh>`__
services on their root directory.
Load-Balancer-as-a-Service (LBaaS)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
neutron_lbaas.conf
------------------
.. literalinclude:: ../samples/neutron-lbaas/neutron_lbaas.conf.sample
:language: ini
lbaas_agent.ini
---------------
.. literalinclude:: ../samples/neutron-lbaas/lbaas_agent.ini.sample
:language: ini
services_lbaas.conf
-------------------
.. literalinclude:: ../samples/neutron-lbaas/services_lbaas.conf.sample
:language: ini
VPN-as-a-Service (VPNaaS)
~~~~~~~~~~~~~~~~~~~~~~~~~
neutron_vpnaas.conf
-------------------
.. literalinclude:: ../samples/neutron-vpnaas/neutron_vpnaas.conf.sample
:language: ini
vpn_agent.ini
-------------
.. literalinclude:: ../samples/neutron-vpnaas/vpn_agent.ini.sample
:language: ini

View File

@ -0,0 +1,155 @@
[DEFAULT]
#
# From neutron.lbaas.agent
#
# Name of Open vSwitch bridge to use (string value)
#ovs_integration_bridge = br-int
# Seconds between periodic task runs (integer value)
#periodic_interval = 10
# MTU setting for device. (integer value)
#network_device_mtu = <None>
# The driver used to manage the virtual interface. (string value)
#interface_driver = <None>
# Drivers used to manage loadbalancing devices (multi valued)
#device_driver = neutron_lbaas.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
# Uses veth for an OVS interface or not. Support kernels with limited namespace
# support (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. (boolean
# value)
#ovs_use_veth = false
#
# From oslo.log
#
# The name of a logging configuration file. This file is appended to any
# existing logging configuration files. For details about logging configuration
# files, see the Python logging module documentation. Note that when logging
# configuration files are used all logging configuration is defined in the
# configuration file and other logging configuration options are ignored (for
# example, log_format). (string value)
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append = <None>
# Format string to use for log messages with context. (string value)
#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
# Format string to use for log messages when context is undefined. (string
# value)
#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
# Additional data to append to log message when logging level for the message
# is DEBUG. (string value)
#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
# Prefix each line of exception output with this format. (string value)
#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
# Defines the format string for %(user_identity)s that is used in
# logging_context_format_string. (string value)
#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
# List of package logging levels in logger=LEVEL pairs. This option is ignored
# if log_config_append is set. (list value)
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN
# Uses logging handler designed to watch file system. When log file is moved or
# removed this handler will open a new log file with specified path
# instantaneously. It makes sense only if log_file option is specified and
# Linux platform is used. This option is ignored if log_config_append is set.
# (boolean value)
#watch_log_file = false
# Enables or disables publication of error events. (boolean value)
#publish_errors = false
# If set to true, the logging level will be set to DEBUG instead of the default
# INFO level. (boolean value)
#debug = false
# If set to false, the logging level will be set to WARNING instead of the
# default INFO level. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#verbose = true
# Use syslog for logging. Existing syslog format is DEPRECATED and will be
# changed later to honor RFC5424. This option is ignored if log_config_append
# is set. (boolean value)
#use_syslog = false
# The format for an instance that is passed with the log message. (string
# value)
#instance_format = "[instance: %(uuid)s] "
# DEPRECATED. A logging.Formatter log message format string which may use any
# of the available logging.LogRecord attributes. This option is deprecated.
# Please use logging_context_format_string and logging_default_format_string
# instead. This option is ignored if log_config_append is set. (string value)
#log_format = <None>
# Enables or disables syslog rfc5424 format for logging. If enabled, prefixes
# the MSG part of the syslog message with APP-NAME (RFC5424). The format
# without the APP-NAME is deprecated in Kilo, and will be removed in Mitaka,
# along with this option. This option is ignored if log_config_append is set.
# (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#use_syslog_rfc_format = true
# Defines the format string for %%(asctime)s in log records. Default:
# %(default)s . This option is ignored if log_config_append is set. (string
# value)
#log_date_format = %Y-%m-%d %H:%M:%S
# (Optional) Name of log file to send logging output to. If no default is set,
# logging will go to stderr as defined by use_stderr. This option is ignored if
# log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file = <None>
# Syslog facility to receive log lines. This option is ignored if
# log_config_append is set. (string value)
#syslog_log_facility = LOG_USER
# The format for an instance UUID that is passed with the log message. (string
# value)
#instance_uuid_format = "[instance: %(uuid)s] "
# (Optional) The base directory used for relative log_file paths. This option
# is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logdir
#log_dir = <None>
# Enables or disables fatal status of deprecations. (boolean value)
#fatal_deprecations = false
# Log output to standard error. This option is ignored if log_config_append is
# set. (boolean value)
#use_stderr = true
[haproxy]
#
# From neutron.lbaas.agent
#
# The user group (string value)
# Deprecated group/name - [DEFAULT]/user_group
#user_group = nogroup
# When delete and re-add the same vip, send this many gratuitous ARPs to flush
# the ARP cache in the Router. Set it below or equal to 0 to disable this
# feature. (integer value)
#send_gratuitous_arp = 3
# Location to store config and state files (string value)
# Deprecated group/name - [DEFAULT]/loadbalancer_state_path
#loadbalancer_state_path = $state_path/lbaas

View File

@ -0,0 +1,94 @@
[DEFAULT]
#
# From neutron.lbaas
#
# Driver to use for scheduling to a default loadbalancer agent (string value)
#loadbalancer_scheduler_driver = neutron_lbaas.agent_scheduler.ChanceScheduler
[certificates]
#
# From neutron.lbaas
#
# Absolute path to the certificate storage directory. Defaults to
# env[OS_LBAAS_TLS_STORAGE]. (string value)
#storage_path = /var/lib/neutron-lbaas/certificates/
# Certificate Manager plugin. Defaults to barbican. (string value)
#cert_manager_type = barbican
[quotas]
#
# From neutron.lbaas
#
# Number of Loadbalancer Listeners allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_listener = -1
# Number of LoadBalancers allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_loadbalancer = 10
# Number of pool members allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_member = -1
# Number of health monitors allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_healthmonitor = -1
# Number of pools allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_pool = 10
[service_auth]
#
# From neutron.lbaas
#
# The deployment region (string value)
#region = RegionOne
# The service admin user name (string value)
#admin_user = admin
# The name of the service (string value)
#service_name = lbaas
# Authentication endpoint (string value)
#auth_url = http://127.0.0.1:5000/v2.0
# The service admin tenant name (string value)
#admin_tenant_name = admin
# The auth version used to authenticate (string value)
#auth_version = 2
# The service admin password (string value)
#admin_password = password
# The admin user domain name (string value)
#admin_user_domain = admin
# The admin project domain name (string value)
#admin_project_domain = admin
[service_providers]
#
# From neutron.lbaas
#
# Defines providers for advanced services using the format:
# <service_type>:<name>:<driver>[:default] (multi valued)
#service_provider =

View File

@ -0,0 +1,217 @@
[DEFAULT]
[haproxy]
#
# From neutron.lbaas.service
#
# Location to store config and state files (string value)
# Deprecated group/name - [DEFAULT]/loadbalancer_state_path
#loadbalancer_state_path = $state_path/lbaas
# The user group (string value)
# Deprecated group/name - [DEFAULT]/user_group
#user_group = nogroup
# Seconds between periodic task runs (integer value)
#periodic_interval = 10
# Jinja template file for haproxy configuration (string value)
#jinja_config_template = /home/venkatamahesh/programs/openstack/neutron-lbaas/neutron_lbaas/services/loadbalancer/drivers/haproxy/templates/haproxy.loadbalancer.j2
# The driver used to manage the virtual interface. (string value)
#interface_driver = <None>
# When delete and re-add the same vip, send this many gratuitous ARPs to flush
# the ARP cache in the Router. Set it below or equal to 0 to disable this
# feature. (integer value)
#send_gratuitous_arp = 3
[netscaler_driver]
#
# From neutron.lbaas.service
#
# Username to login to the NetScaler Control Center Server. (string value)
#netscaler_ncc_username = <None>
# The URL to reach the NetScaler Control Center Server. (string value)
#netscaler_ncc_uri = <None>
# Password to login to the NetScaler Control Center Server. (string value)
#netscaler_ncc_password = <None>
[octavia]
#
# From neutron.lbaas.service
#
# Time to stop polling octavia when a status of an entity does not change.
# (integer value)
#request_poll_timeout = 100
# True if Octavia will be responsible for allocating the VIP. False if neutron-
# lbaas will allocate it and pass to Octavia. (boolean value)
#allocates_vip = false
# Interval in seconds to poll octavia when an entity is created, updated, or
# deleted. (integer value)
#request_poll_interval = 3
# URL of Octavia controller root (string value)
#base_url = http://127.0.0.1:9876
[radware]
#
# From neutron.lbaas.service
#
# Service ADC version. (string value)
#service_adc_version =
# Name of the l4 workflow action. Default: BaseCreate. (string value)
#l4_action_name = BaseCreate
# List of actions that are not pushed to the completion queue. (list value)
#actions_to_skip = setup_l2_l3
# Enables or disables the Service HA pair. Default: False. (boolean value)
#service_ha_pair = false
# IP address of vDirect server. (string value)
#vdirect_address = <None>
# Resource pool IDs. (list value)
#service_resource_pool_ids =
# Service throughput. Default: 1000. (integer value)
#service_throughput = 1000
# Name of l2_l3 workflow. Default: openstack_l2_l3. (string value)
#l2_l3_workflow_name = openstack_l2_l3
# IP address of secondary vDirect server. (string value)
#ha_secondary_address = <None>
# A required VLAN for the interswitch link to use. (integer value)
#service_isl_vlan = -1
# vDirect user name. (string value)
#vdirect_user = vDirect
# Parameter for l2_l3 workflow setup. (dict value)
#l2_l3_setup_params = data_ip_address:192.168.200.99,data_ip_mask:255.255.255.0,data_port:1,gateway:192.168.200.1,ha_port:2
# Service SSL throughput. Default: 100. (integer value)
#service_ssl_throughput = 100
# vDirect user password. (string value)
#vdirect_password = radware
# Parameter for l2_l3 workflow constructor. (dict value)
#l2_l3_ctor_params = allocate_ha_ips:True,allocate_ha_vrrp:True,ha_ip_pool_name:default,ha_network_name:HA-Network,service:_REPLACE_,twoleg_enabled:_REPLACE_
# Service compression throughput. Default: 100. (integer value)
#service_compression_throughput = 100
# Name of l4 workflow. Default: openstack_l4. (string value)
#l4_workflow_name = openstack_l4
# Service ADC type. Default: VA. (string value)
#service_adc_type = VA
# Enable or disable Alteon interswitch link for stateful session failover.
# Default: False. (boolean value)
#service_session_mirroring_enabled = false
# Size of service cache. Default: 20. (integer value)
#service_cache = 20
[radwarev2]
#
# From neutron.lbaas.service
#
# Name of the workflow action for statistics. Default: stats. (string value)
#stats_action_name = stats
# Service throughput. Default: 1000. (integer value)
#service_throughput = 1000
# vDirect user name. (string value)
#vdirect_user = vDirect
# Resource pool IDs. (list value)
#service_resource_pool_ids =
# A required VLAN for the interswitch link to use. (integer value)
#service_isl_vlan = -1
# Service SSL throughput. Default: 100. (integer value)
#service_ssl_throughput = 100
# vDirect user password. (string value)
#vdirect_password = radware
# Enable or disable Alteon interswitch link for stateful session failover.
# Default: False. (boolean value)
#service_session_mirroring_enabled = false
# Parameter for l2_l3 workflow constructor. (dict value)
#workflow_params = allocate_ha_ips:True,allocate_ha_vrrp:True,data_ip_address:192.168.200.99,data_ip_mask:255.255.255.0,data_port:1,gateway:192.168.200.1,ha_ip_pool_name:default,ha_network_name:HA-Network,ha_port:2,twoleg_enabled:_REPLACE_
# IP address of vDirect server. (string value)
#vdirect_address = <None>
# Service ADC type. Default: VA. (string value)
#service_adc_type = VA
# Name of the workflow template. Default: os_lb_v2. (string value)
#workflow_template_name = os_lb_v2
# Size of service cache. Default: 20. (integer value)
#service_cache = 20
# Service compression throughput. Default: 100. (integer value)
#service_compression_throughput = 100
# Service ADC version. (string value)
#service_adc_version =
# Name of child workflow templates used.Default: manage_l3 (list value)
#child_workflow_template_names = manage_l3
# Enables or disables the Service HA pair. Default: False. (boolean value)
#service_ha_pair = false
# Name of the workflow action. Default: apply. (string value)
#workflow_action_name = apply
# IP address of secondary vDirect server. (string value)
#ha_secondary_address = <None>
[radwarev2_debug]
#
# From neutron.lbaas.service
#
# Provision ADC service? (boolean value)
#provision_service = true
# Configule ADC with L4 parameters? (boolean value)
#configure_l4 = true
# Configule ADC with L3 parameters? (boolean value)
#configure_l3 = true

View File

@ -0,0 +1,12 @@
[DEFAULT]
[service_providers]
#
# From neutron.vpnaas
#
# Defines providers for advanced services using the format:
# <service_type>:<name>:<driver>[:default] (multi valued)
#service_provider =

View File

@ -0,0 +1,71 @@
[DEFAULT]
[ipsec]
#
# From neutron.vpnaas.agent
#
# Interval for checking ipsec status (integer value)
#ipsec_status_check_interval = 60
# Enable detail logging for ipsec pluto process. If the flag set to True, the
# detailed logging will be written into config_base_dir/<pid>/log. Note: This
# setting applies to OpenSwan and LibreSwan only. StrongSwan logs to syslog.
# (boolean value)
#enable_detailed_logging = false
# Location to store ipsec server config files (string value)
#config_base_dir = $state_path/ipsec
[pluto]
#
# From neutron.vpnaas.agent
#
# A factor to increase the retry interval for each retry (floating point value)
# Deprecated group/name - [libreswan]/shutdown_check_back_off
#shutdown_check_back_off = 1.5
# Initial interval in seconds for checking if pluto daemon is shutdown (integer
# value)
# Deprecated group/name - [libreswan]/shutdown_check_timeout
#shutdown_check_timeout = 1
# The maximum number of retries for checking for pluto daemon shutdown (integer
# value)
# Deprecated group/name - [libreswan]/shutdown_check_retries
#shutdown_check_retries = 5
[strongswan]
#
# From neutron.vpnaas.agent
#
# Template file for ipsec secret configuration. (string value)
#ipsec_secret_template = /home/venkatamahesh/programs/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.secret.template
# Template file for strongswan configuration. (string value)
#strongswan_config_template = /home/venkatamahesh/programs/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/strongswan.conf.template
# The area where default StrongSwan configuration files are located. (string
# value)
#default_config_area = /etc/strongswan.d
# Template file for ipsec configuration. (string value)
#ipsec_config_template = /home/venkatamahesh/programs/openstack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.conf.template
[vpnagent]
#
# From neutron.vpnaas.agent
#
# The vpn device drivers Neutron will use (multi valued)
#vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver, neutron_vpnaas.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver, neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver, neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver, neutron_vpnaas.services.vpn.device_drivers.fedora_strongswan_ipsec.FedoraStrongSwanDriver, neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver