diff --git a/etc/nsx.ini b/etc/nsx.ini deleted file mode 100644 index 9a24c6ea63..0000000000 --- a/etc/nsx.ini +++ /dev/null @@ -1,431 +0,0 @@ -[DEFAULT] -# User name for NSX controller -# nsx_user = admin - -# Password for NSX controller -# nsx_password = admin - -# Time before aborting a request on an unresponsive controller (Seconds) -# http_timeout = 75 - -# Maximum number of times a particular request should be retried -# retries = 2 - -# Maximum number of times a redirect response should be followed -# redirects = 2 - -# Comma-separated list of NSX controller endpoints (:). When port -# is omitted, 443 is assumed. This option MUST be specified, e.g.: -# nsx_controllers = xx.yy.zz.ww:443, aa.bb.cc.dd, ee.ff.gg.hh.ee:80 - -# UUID of the pre-existing default NSX Transport zone to be used for creating -# tunneled isolated "Neutron" networks. This option MUST be specified, e.g.: -# default_tz_uuid = 1e8e52cf-fa7f-46b0-a14a-f99835a9cb53 - -# (Optional) UUID for the default l3 gateway service to use with this cluster. -# To be specified if planning to use logical routers with external gateways. -# default_l3_gw_service_uuid = - -# (Optional) UUID for the default l2 gateway service to use with this cluster. -# To be specified for providing a predefined gateway tenant for connecting their networks. -# default_l2_gw_service_uuid = - -# (Optional) UUID for the default service cluster. A service cluster is introduced to -# represent a group of gateways and it is needed in order to use Logical Services like -# dhcp and metadata in the logical space. NOTE: If agent_mode is set to 'agentless' this -# config parameter *MUST BE* set to a valid pre-existent service cluster uuid. -# default_service_cluster_uuid = - -# Name of the default interface name to be used on network-gateway. This value -# will be used for any device associated with a network gateway for which an -# interface name was not specified -# nsx_default_interface_name = breth0 - -# Reconnect connection to nsx if not used within this amount of time. -# conn_idle_timeout = 900 - -# Specify the class path for the Layer 2 gateway backend driver(i.e. NSXv3/NSX-V). -# This field will be used when a L2 Gateway service plugin is configured. -# nsx_l2gw_driver = - -# (Optional) URL for distributed locking coordination resource for lock manager -# This value is passed as a parameter to tooz coordinator. -# By default, value is None and oslo_concurrency is used for single-node -# lock management. -# locking_coordinator_url = - -[quotas] -# number of network gateways allowed per tenant, -1 means unlimited -# quota_network_gateway = 5 - -[nsxv] -# URL for NSXv manager -# manager_uri = https://management_ip - -# User name for NSXv manager -# user = admin - -# Password for NSXv manager -# password = default - -# Specify a CA bundle file to use in verifying the NSXv server certificate. -# ca_file = - -# If True, the NSXv server certificate is not verified. If False, -# then the default CA truststore is used for verification. This option -# is ignored if "ca_file" is set. -# insecure = True - -# (Required) Datacenter MoRef ID for Edge deployment -# datacenter_moid = - -# (Required) Cluster MoRef IDs for OpenStack compute clusters, comma separated -# cluster_moid = - -# (Optional) Deployment Container MoRef ID for NSX Edge deployment -# If not specified, either a default global container will be used, or -# the resource pool and datastore specified below will be used -# deployment_container_id = - -# (Optional) Resource pool MoRef ID for NSX Edge deployment -# resource_pool_id = - -# (Optional) Datastore MoRef ID for NSX Edge deployment -# datastore_id = - -# (Required) Portgroup MoRef ID for Edge physical network connectivity -# external_network = - -# (Optional) Asynchronous task status check interval -# default is 2000 (millisecond) -# task_status_check_interval = 2000 - -# (Optional) Transport Zone MoRef ID for VXLAN logical networks -# vdn_scope_id = - -# (Optional) DVS MoRef ID for DVS connected to Management / Edge cluster -# dvs_id = - -# (ListOpt) Define backup edge pool's management range with the four-tuple: -# :[edge_size]::. -# edge_type:'service'(service edge) or 'vdr'(distributed edge). -# edge_size: 'compact', 'large'(by default), 'xlarge' or 'quadlarge'. -# -# By default, edge pool manager would manage service edge -# with compact&&large size and distributed edge with large size as following: -# backup_edge_pool = service:large:4:10,service:compact:4:10,vdr:large:4:10 - -# (Optional) Maximum number of sub interfaces supported per vnic in edge -# default is 20 -# maximum_tunnels_per_vnic = 20 - -# Maximum number of API retries -# retries = 10 - -# (Optional) Portgroup MoRef ID for metadata proxy management network -# mgt_net_moid = - -# (Optional) Management network IP address for metadata proxy, comma separated -# mgt_net_proxy_ips = - -# (Optional) Management network netmask for metadata proxy -# mgt_net_proxy_netmask = - -# (Optional) Management network default gateway for metadata proxy -# mgt_net_default_gateway = - -# (Optional) IP addresses used by Nova metadata service -# nova_metadata_ips = - -# (Optional) TCP Port used by Nova metadata server -# nova_metadata_port = 8775 - -# (Optional) Shared secret to sign metadata requests -# metadata_shared_secret = - -# (Optional) If True, the end to end connection for metadata service is -# not verified. If False, the default CA truststore is used for verification. -# metadata_insecure = - -# (Optional) Comma separated list of tcp ports, to be allowed access to the -# metadata proxy, in addition to the default 80,443,8775 tcp ports -# metadata_service_allowed_ports = - -# (Optional) Client certificate to use when metadata connection is to be -# verified. If not provided, a self signed certificate will be used. -# metadata_nova_client_cert = - -# (Optional) Private key to use for client certificate -# metadata_nova_client_priv_key = - -# (Optional) Indicates if Nsxv spoofguard component is used to implement -# port-security feature. -# spoofguard_enabled = True - -# (Optional) Deploys NSX Edges in HA mode -# edge_ha = False - -# (Optional) Edge appliance size to be used for creating exclusive router. -# Valid values: ['compact', 'large', 'xlarge', 'quadlarge'] -# This exclusive_router_appliance_size will be picked up if --router-size -# parameter is not specified while doing neutron router-create -# exclusive_router_appliance_size = compact - -# (ListOpt) Ordered list of router_types to allocate as tenant routers. -# It limits the router types that the Nsxv can support for tenants: -# distributed: router is supported by distributed edge at the backend. -# shared: multiple routers share the same service edge at the backend. -# exclusive: router exclusively occupies one service edge at the backend. -# Nsxv would select the first available router type from tenant_router_types -# list if router-type is not specified. -# If the tenant defines the router type with "--distributed", -# "--router_type exclusive" or "--router_type shared", Nsxv would verify that -# the router type is in tenant_router_types. -# Admin supports all these three router types -# -# tenant_router_types = shared, distributed, exclusive -# Example: tenant_router_types = distributed, shared - -# (Optional) Enable an administrator to configure the edge user and password -# Username to configure for Edge appliance login -# edge_appliance_user = -# (Optional) Password to configure for Edge appliance login -# edge_appliance_password = - -# (Optional) DHCP lease time -# dhcp_lease_time = 86400 - -# (Optional) Indicates whether distributed-firewall rule for security-groups -# blocked traffic is logged. -# log_security_groups_blocked_traffic = False - -# (Optional) Indicates whether distributed-firewall security-groups rules are -# logged. -# log_security_groups_allowed_traffic = False - -# (Optional) In some cases the Neutron router is not present to provide the -# metadata IP but the DHCP server can be used to provide this info. Setting -# this value will force the DHCP edge server to append specific host routes -# to the DHCP request. If this option is set, then the metadata service will -# be activated for all the dhcp enabled networks. -# Note: this option can only be supported at NSX manager version 6.2.3 or -# higher -# dhcp_force_metadata = True - -[nsx] -# Maximum number of ports for each bridged logical switch -# The recommended value for this parameter varies with NSX version -# Please use: -# NSX 2.x -> 64 -# NSX 3.0, 3.1 -> 5000 -# NSX 3.2 -> 10000 -# max_lp_per_bridged_ls = 5000 - -# Maximum number of ports for each overlay (stt, gre) logical switch -# max_lp_per_overlay_ls = 256 - -# Number of connections to each controller node. -# default is 10 -# concurrent_connections = 10 - -# Number of seconds a generation id should be valid for (default -1 meaning do not time out) -# nsx_gen_timeout = -1 - -# Acceptable values for 'metadata_mode' are: -# - 'access_network': this enables a dedicated connection to the metadata -# proxy for metadata server access via Neutron router. -# - 'dhcp_host_route': this enables host route injection via the dhcp agent. -# This option is only useful if running on a host that does not support -# namespaces otherwise access_network should be used. -# metadata_mode = access_network - -# The default network transport type to use (stt, gre, bridge, ipsec_gre, or ipsec_stt) -# default_transport_type = stt - -# Specifies in which mode the plugin needs to operate in order to provide DHCP and -# metadata proxy services to tenant instances. If 'agent' is chosen (default) -# the NSX plugin relies on external RPC agents (i.e. dhcp and metadata agents) to -# provide such services. In this mode, the plugin supports API extensions 'agent' -# and 'dhcp_agent_scheduler'. If 'agentless' is chosen (experimental in Icehouse), -# the plugin will use NSX logical services for DHCP and metadata proxy. This -# simplifies the deployment model for Neutron, in that the plugin no longer requires -# the RPC agents to operate. When 'agentless' is chosen, the config option metadata_mode -# becomes ineffective. The 'agentless' mode works only on NSX 4.1. -# Furthermore, a 'combined' mode is also provided and is used to support existing -# deployments that want to adopt the agentless mode. With this mode, existing networks -# keep being served by the existing infrastructure (thus preserving backward -# compatibility, whereas new networks will be served by the new infrastructure. -# Migration tools are provided to 'move' one network from one model to another; with -# agent_mode set to 'combined', option 'network_auto_schedule' in neutron.conf is -# ignored, as new networks will no longer be scheduled to existing dhcp agents. -# agent_mode = agent - -# Specifies which mode packet replication should be done in. If set to service -# a service node is required in order to perform packet replication. This can -# also be set to source if one wants replication to be performed locally (NOTE: -# usually only useful for testing if one does not want to deploy a service node). -# In order to leverage distributed routers, replication_mode should be set to -# "service". -# replication_mode = service - -[nsx_sync] -# Interval in seconds between runs of the status synchronization task. -# The plugin will aim at resynchronizing operational status for all -# resources in this interval, and it should be therefore large enough -# to ensure the task is feasible. Otherwise the plugin will be -# constantly synchronizing resource status, ie: a new task is started -# as soon as the previous is completed. -# If this value is set to 0, the state synchronization thread for this -# Neutron instance will be disabled. -# state_sync_interval = 10 - -# Random additional delay between two runs of the state synchronization task. -# An additional wait time between 0 and max_random_sync_delay seconds -# will be added on top of state_sync_interval. -# max_random_sync_delay = 0 - -# Minimum delay, in seconds, between two status synchronization requests for NSX. -# Depending on chunk size, controller load, and other factors, state -# synchronization requests might be pretty heavy. This means the -# controller might take time to respond, and its load might be quite -# increased by them. This parameter allows to specify a minimum -# interval between two subsequent requests. -# The value for this parameter must never exceed state_sync_interval. -# If this does, an error will be raised at startup. -# min_sync_req_delay = 1 - -# Minimum number of resources to be retrieved from NSX in a single status -# synchronization request. -# The actual size of the chunk will increase if the number of resources is such -# that using the minimum chunk size will cause the interval between two -# requests to be less than min_sync_req_delay -# min_chunk_size = 500 - -# Enable this option to allow punctual state synchronization on show -# operations. In this way, show operations will always fetch the operational -# status of the resource from the NSX backend, and this might have -# a considerable impact on overall performance. -# always_read_status = False - -[nsx_lsn] -# Pull LSN information from NSX in case it is missing from the local -# data store. This is useful to rebuild the local store in case of -# server recovery -# sync_on_missing_data = False - -[nsx_dhcp] -# (Optional) Comma separated list of additional dns servers. Default is an empty list -# extra_domain_name_servers = - -# Domain to use for building the hostnames -# domain_name = openstacklocal - -# Default DHCP lease time -# default_lease_time = 43200 - -[nsx_metadata] -# IP address used by Metadata server -# metadata_server_address = 127.0.0.1 - -# TCP Port used by Metadata server -# metadata_server_port = 8775 - -# When proxying metadata requests, Neutron signs the Instance-ID header with a -# shared secret to prevent spoofing. You may select any string for a secret, -# but it MUST match with the configuration used by the Metadata server -# metadata_shared_secret = - -[nsx_v3] -# IP address of one or more NSX managers separated by commas. -# The IP address should be of the form: -# [://][:] -# If scheme is not provided https is used. If port is not provided -# port 80 is used for http and port 443 for https. -# nsx_api_managers = 1.2.3.4 - -# User name of NSX Manager -# nsx_api_user = admin - -# Password of NSX Manager -# nsx_api_password = default - -# UUID of the default NSX overlay transport zone that will be used for creating -# tunneled isolated Neutron networks. If no physical network is specified when -# creating a logical network, this transport zone will be used by default -# default_overlay_tz_uuid = afc40f8a-4967-477e-a17a-9d560d1786c7 - -# (Optional) Only required when creating VLAN or flat provider networks. UUID -# of default NSX VLAN transport zone that will be used for bridging between -# Neutron networks, if no physical network has been specified -# default_vlan_tz_uuid = afc40f8a-4967-477e-a17a-9d560d1786c7 - -# Maximum number of times to retry API requests upon stale revision errors. -# retries = 10 - -# Specify a CA bundle file to use in verifying the NSX Manager -# server certificate. This option is ignored if "insecure" is set to True. -# If "insecure" is set to False and ca_file is unset, the system root CAs -# will be used to verify the server certificate. -# ca_file = - -# If true, the NSX Manager server certificate is not verified. If false -# the CA bundle specified via "ca_file" will be used or if unset the -# default system root CAs will be used. -# insecure = True - -# The time in seconds before aborting a HTTP connection to a NSX manager. -# http_timeout = 10 - -# The time in seconds before aborting a HTTP read response from a NSX manager. -# http_read_timeout = 180 - -# Maximum number of times to retry a HTTP connection. -# http_retries = 3 - -# Maximum number of connection connections to each NSX manager. -# concurrent_connections = 10 - -# The amount of time in seconds to wait before ensuring connectivity to -# the NSX manager if no manager connection has been used. -# conn_idle_timeout = 10 - -# UUID of the default tier0 router that will be used for connecting to -# tier1 logical routers and configuring external networks -# default_tier0_router_uuid = 412983fd-9016-45e5-93f2-48ba2a931225 - -# (Optional) UUID of the default NSX bridge cluster that will be used to -# perform L2 gateway bridging between VXLAN and VLAN networks. It is an -# optional field. If default bridge cluster UUID is not specified, admin will -# have to manually create a L2 gateway corresponding to a NSX Bridge Cluster -# using L2 gateway APIs. This field must be specified on one of the active -# neutron servers only. -# default_bridge_cluster_uuid = - -# (Optional) The number of nested groups which are used by the plugin, -# each Neutron security-groups is added to one nested group, and each nested -# group can contain as maximum as 500 security-groups, therefore, the maximum -# number of security groups that can be created is -# 500 * number_of_nested_groups. -# The default is 8 nested groups, which allows a maximum of 4k security-groups, -# to allow creation of more security-groups, modify this figure. -# number_of_nested_groups = - -# Acceptable values for 'metadata_mode' are: -# - 'access_network': this enables a dedicated connection to the metadata -# proxy for metadata server access via Neutron router. -# - 'dhcp_host_route': this enables host route injection via the dhcp agent. -# This option is only useful if running on a host that does not support -# namespaces otherwise access_network should be used. -# metadata_mode = access_network - -# If True, an internal metadata network will be created for a router only when -# the router is attached to a DHCP-disabled subnet. -# metadata_on_demand = False - -# (Optional) Indicates whether distributed-firewall rule for security-groups -# blocked traffic is logged. -# log_security_groups_blocked_traffic = False - -# (Optional) Indicates whether distributed-firewall security-groups rules are -# logged. -# log_security_groups_allowed_traffic = False diff --git a/setup.cfg b/setup.cfg index b5bfe2b8a3..008f9b2144 100644 --- a/setup.cfg +++ b/setup.cfg @@ -21,8 +21,6 @@ classifier = [files] packages = vmware_nsx -data_files = - etc/neutron/plugins/vmware = etc/nsx.ini [entry_points] console_scripts =