compute-neutron.conf

1. [DEFAULT]
2. # Print more verbose output (set logging level to INFO instead of default WARNING level).
3. # verbose = False
4.  
5. # Print debugging output (set logging level to DEBUG instead of default WARNING level).
6. debug = TRUE
7.  
8. # Where to store Neutron state files. This directory must be writable by the
9. # user executing the agent.
10. state_path = /var/lib/neutron
11.  
12. # Where to store lock files
13. lock_path = $state_path/lock
14.  
15. # log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
16. # log_date_format = %Y-%m-%d %H:%M:%S
17.  
18. # use_syslog -> syslog
19. # log_file and log_dir -> log_dir/log_file
20. # (not log_file) and log_dir -> log_dir/{binary_name}.log
21. # use_stderr -> stderr
22. # (not user_stderr) and (not log_file) -> stdout
23. # publish_errors -> notification system
24.  
25. # use_syslog = False
26. # syslog_log_facility = LOG_USER
27.  
28. # use_stderr = True
29. # log_file =
30. # log_dir =
31.  
32. # publish_errors = False
33.  
34. # Address to bind the API server to
35. # bind_host = 0.0.0.0
36.  
37. # Port the bind the API server to
38. # bind_port = 9696
39.  
40. # Path to the extensions. Note that this can be a colon-separated list of
41. # paths. For example:
42. # api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
43. # The __path__ of neutron.extensions is appended to this, so if your
44. # extensions are in there you don't need to specify them here
45. # api_extensions_path =
46.  
47. # (StrOpt) Neutron core plugin entrypoint to be loaded from the
48. # neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the
49. # plugins included in the neutron source distribution. For compatibility with
50. # previous versions, the class name of a plugin can be specified instead of its
51. # entrypoint name.
52. #
53. core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
54. # Example: core_plugin = ml2
55.  
56. # (ListOpt) List of service plugin entrypoints to be loaded from the
57. # neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
58. # the plugins included in the neutron source distribution. For compatibility
59. # with previous versions, the class name of a plugin can be specified instead
60. # of its entrypoint name.
61. #
62. service_plugins = router
63. # Example: service_plugins = router,firewall,lbaas,vpnaas,metering
64.  
65. # Paste configuration file
66. # api_paste_config = api-paste.ini
67.  
68. # The strategy to be used for auth.
69. # Supported values are 'keystone'(default), 'noauth'.
70. auth_strategy = keystone
71.  
72. # Base MAC address. The first 3 octets will remain unchanged. If the
73. # 4h octet is not 00, it will also be used. The others will be
74. # randomly generated.
75. # 3 octet
76. # base_mac = fa:16:3e:00:00:00
77. # 4 octet
78. base_mac = fa:16:3e:4f:00:00
79.  
80. # Maximum amount of retries to generate a unique MAC address
81. # mac_generation_retries = 16
82.  
83. # DHCP Lease duration (in seconds)
84. # dhcp_lease_duration = 86400
85.  
86. # Allow sending resource operation notification to DHCP agent
87. # dhcp_agent_notification = True
88.  
89. # Enable or disable bulk create/update/delete operations
90. # allow_bulk = True
91. # Enable or disable pagination
92. # allow_pagination = False
93. # Enable or disable sorting
94. # allow_sorting = False
95. # Enable or disable overlapping IPs for subnets
96. # Attention: the following parameter MUST be set to False if Neutron is
97. # being used in conjunction with nova security groups
98. allow_overlapping_ips = TRUE
99. # Ensure that configured gateway is on subnet
100. # force_gateway_on_subnet = False
101.  
102.  
103. # RPC configuration options. Defined in rpc __init__
104. # The messaging module to use, defaults to kombu.
105. rpc_backend = neutron.openstack.common.rpc.impl_kombu
106. # Size of RPC thread pool
107. # rpc_thread_pool_size = 64
108. # Size of RPC connection pool
109. # rpc_conn_pool_size = 30
110. # Seconds to wait for a response from call or multicall
111. # rpc_response_timeout = 60
112. # Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
113. # rpc_cast_timeout = 30
114. # Modules of exceptions that are permitted to be recreated
115. # upon receiving exception data from an rpc call.
116. # allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception
117. # AMQP exchange to connect to if using RabbitMQ or QPID
118. # control_exchange = neutron
119.  
120. # If passed, use a fake RabbitMQ provider
121. # fake_rabbit = False
122.  
123. # Configuration options if sending notifications via kombu rpc (these are
124. # the defaults)
125. # SSL version to use (valid only if SSL enabled)
126. # kombu_ssl_version =
127. # SSL key file (valid only if SSL enabled)
128. # kombu_ssl_keyfile =
129. # SSL cert file (valid only if SSL enabled)
130. # kombu_ssl_certfile =
131. # SSL certification authority file (valid only if SSL enabled)
132. # kombu_ssl_ca_certs =
133. # IP address of the RabbitMQ installation
134. rabbit_host = amqp.pod1.com
135. # Password of the RabbitMQ server
136. rabbit_password = rabbit
137. # Port where RabbitMQ server is running/listening
138. rabbit_port = 5672
139. # RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
140. # rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
141. # rabbit_hosts = localhost:5672
142. # User ID used for RabbitMQ connections
143. rabbit_userid = rabbit
144. # Location of a virtual RabbitMQ installation.
145. # rabbit_virtual_host = /
146. # Maximum retries with trying to connect to RabbitMQ
147. # (the default of 0 implies an infinite retry count)
148. # rabbit_max_retries = 0
149. # RabbitMQ connection retry interval
150. # rabbit_retry_interval = 1
151. # Use HA queues in RabbitMQ (x-ha-policy: all). You need to
152. # wipe RabbitMQ database when changing this option. (boolean value)
153. # rabbit_ha_queues = false
154.  
155. # QPID
156. # rpc_backend=neutron.openstack.common.rpc.impl_qpid
157. # Qpid broker hostname
158. # qpid_hostname = localhost
159. # Qpid broker port
160. # qpid_port = 5672
161. # Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
162. # qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
163. # qpid_hosts = localhost:5672
164. # Username for qpid connection
165. # qpid_username = ''
166. # Password for qpid connection
167. # qpid_password = ''
168. # Space separated list of SASL mechanisms to use for auth
169. # qpid_sasl_mechanisms = ''
170. # Seconds between connection keepalive heartbeats
171. # qpid_heartbeat = 60
172. # Transport to use, either 'tcp' or 'ssl'
173. # qpid_protocol = tcp
174. # Disable Nagle algorithm
175. # qpid_tcp_nodelay = True
176.  
177. # ZMQ
178. # rpc_backend=neutron.openstack.common.rpc.impl_zmq
179. # ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
180. # The "host" option should point or resolve to this address.
181. # rpc_zmq_bind_address = *
182.  
183. # ============ Notification System Options =====================
184.  
185. # Notifications can be sent when network/subnet/port are created, updated or deleted.
186. # There are three methods of sending notifications: logging (via the
187. # log_file directive), rpc (via a message queue) and
188. # noop (no notifications sent, the default)
189.  
190. # Notification_driver can be defined multiple times
191. # Do nothing driver
192. # notification_driver = neutron.openstack.common.notifier.no_op_notifier
193. # Logging driver
194. # notification_driver = neutron.openstack.common.notifier.log_notifier
195. # RPC driver.
196. notification_driver = neutron.openstack.common.notifier.rpc_notifier
197.  
198. # default_notification_level is used to form actual topic name(s) or to set logging level
199. # default_notification_level = INFO
200.  
201. # default_publisher_id is a part of the notification payload
202. # host = myhost.com
203. # default_publisher_id = $host
204.  
205. # Defined in rpc_notifier, can be comma separated values.
206. # The actual topic names will be %s.%(default_notification_level)s
207. # notification_topics = notifications
208.  
209. # Default maximum number of items returned in a single response,
210. # value == infinite and value < 0 means no max limit, and value must
211. # be greater than 0. If the number of items requested is greater than
212. # pagination_max_limit, server will just return pagination_max_limit
213. # of number of items.
214. # pagination_max_limit = -1
215.  
216. # Maximum number of DNS nameservers per subnet
217. # max_dns_nameservers = 5
218.  
219. # Maximum number of host routes per subnet
220. # max_subnet_host_routes = 20
221.  
222. # Maximum number of fixed ips per port
223. # max_fixed_ips_per_port = 5
224.  
225. # =========== items for agent management extension =============
226. # Seconds to regard the agent as down; should be at least twice
227. # report_interval, to be sure the agent is down for good
228. # agent_down_time = 75
229. # =========== end of items for agent management extension =====
230.  
231. # =========== items for agent scheduler extension =============
232. # Driver to use for scheduling network to DHCP agent
233. # network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
234. # Driver to use for scheduling router to a default L3 agent
235. # router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
236. # Driver to use for scheduling a loadbalancer pool to an lbaas agent
237. # loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
238.  
239. # Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
240. # networks to first DHCP agent which sends get_active_networks message to
241. # neutron server
242. # network_auto_schedule = True
243.  
244. # Allow auto scheduling routers to L3 agent. It will schedule non-hosted
245. # routers to first L3 agent which sends sync_routers message to neutron server
246. # router_auto_schedule = True
247.  
248. # Number of DHCP agents scheduled to host a network. This enables redundant
249. # DHCP agents for configured networks.
250. # dhcp_agents_per_network = 1
251.  
252. # =========== end of items for agent scheduler extension =====
253.  
254. # =========== WSGI parameters related to the API server ==============
255. # Number of separate worker processes to spawn. The default, 0, runs the
256. # worker thread in the current process. Greater than 0 launches that number of
257. # child processes as workers. The parent process manages them.
258. # api_workers = 0
259.  
260. # Number of separate RPC worker processes to spawn. The default, 0, runs the
261. # worker thread in the current process. Greater than 0 launches that number of
262. # child processes as RPC workers. The parent process manages them.
263. # This feature is experimental until issues are addressed and testing has been
264. # enabled for various plugins for compatibility.
265. # rpc_workers = 0
266.  
267. # Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
268. # starting API server. Not supported on OS X.
269. # tcp_keepidle = 600
270.  
271. # Number of seconds to keep retrying to listen
272. # retry_until_window = 30
273.  
274. # Number of backlog requests to configure the socket with.
275. # backlog = 4096
276.  
277. # Max header line to accommodate large tokens
278. # max_header_line = 16384
279.  
280. # Enable SSL on the API server
281. # use_ssl = False
282.  
283. # Certificate file to use when starting API server securely
284. # ssl_cert_file = /path/to/certfile
285.  
286. # Private key file to use when starting API server securely
287. # ssl_key_file = /path/to/keyfile
288.  
289. # CA certificate file to use when starting API server securely to
290. # verify connecting clients. This is an optional parameter only required if
291. # API clients need to authenticate to the API server using SSL certificates
292. # signed by a trusted CA
293. # ssl_ca_file = /path/to/cafile
294. # ======== end of WSGI parameters related to the API server ==========
295.  
296.  
297. # ======== neutron nova interactions ==========
298. # Send notification to nova when port status is active.
299. # notify_nova_on_port_status_changes = True
300.  
301. # Send notifications to nova when port data (fixed_ips/floatingips) change
302. # so nova can update it's cache.
303. # notify_nova_on_port_data_changes = True
304.  
305. # URL for connection to nova (Only supports one nova region currently).
306. # nova_url = http://127.0.0.1:8774/v2
307.  
308. # Name of nova region to use. Useful if keystone manages more than one region
309. # nova_region_name =
310.  
311. # Username for connection to nova in admin context
312. # nova_admin_username =
313.  
314. # The uuid of the admin nova tenant
315. # nova_admin_tenant_id =
316.  
317. # Password for connection to nova in admin context.
318. # nova_admin_password =
319.  
320. # Authorization URL for connection to nova in admin context.
321. # nova_admin_auth_url =
322.  
323. # Number of seconds between sending events to nova if there are any events to send
324. # send_events_interval = 2
325.  
326. # ======== end of neutron nova interactions ==========
327.  
328. [quotas]
329. # Default driver to use for quota checks
330. # quota_driver = neutron.db.quota_db.DbQuotaDriver
331.  
332. # Resource name(s) that are supported in quota features
333. # quota_items = network,subnet,port
334.  
335. # Default number of resource allowed per tenant. A negative value means
336. # unlimited.
337. # default_quota = -1
338.  
339. # Number of networks allowed per tenant. A negative value means unlimited.
340. # quota_network = 10
341.  
342. # Number of subnets allowed per tenant. A negative value means unlimited.
343. # quota_subnet = 10
344.  
345. # Number of ports allowed per tenant. A negative value means unlimited.
346. # quota_port = 50
347.  
348. # Number of security groups allowed per tenant. A negative value means
349. # unlimited.
350. # quota_security_group = 10
351.  
352. # Number of security group rules allowed per tenant. A negative value means
353. # unlimited.
354. # quota_security_group_rule = 100
355.  
356. # Number of vips allowed per tenant. A negative value means unlimited.
357. # quota_vip = 10
358.  
359. # Number of pools allowed per tenant. A negative value means unlimited.
360. # quota_pool = 10
361.  
362. # Number of pool members allowed per tenant. A negative value means unlimited.
363. # The default is unlimited because a member is not a real resource consumer
364. # on Openstack. However, on back-end, a member is a resource consumer
365. # and that is the reason why quota is possible.
366. # quota_member = -1
367.  
368. # Number of health monitors allowed per tenant. A negative value means
369. # unlimited.
370. # The default is unlimited because a health monitor is not a real resource
371. # consumer on Openstack. However, on back-end, a member is a resource consumer
372. # and that is the reason why quota is possible.
373. # quota_health_monitors = -1
374.  
375. # Number of routers allowed per tenant. A negative value means unlimited.
376. # quota_router = 10
377.  
378. # Number of floating IPs allowed per tenant. A negative value means unlimited.
379. # quota_floatingip = 50
380.  
381. [agent]
382. # Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
383. # root filter facility.
384. # Change to "sudo" to skip the filtering and just run the comand directly
385. root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
386.  
387. # =========== items for agent management extension =============
388. # seconds between nodes reporting state to server; should be less than
389. # agent_down_time, best if it is half or less than agent_down_time
390. # report_interval = 30
391.  
392. # =========== end of items for agent management extension =====
393.  
394. [keystone_authtoken]
395. auth_host =keystone.pod1.com
396. auth_port = 35357
397. auth_protocol = http
398. admin_tenant_name = service
399. admin_user = neutron
400. admin_password = neutron
401. signing_dir = $state_path/keystone-signing
402.  
403. [database]
404. # This line MUST be changed to actually run the plugin.
405. # Example:
406. # connection = mysql://root:pass@127.0.0.1:3306/neutron
407. # Replace 127.0.0.1 above with the IP address of the database used by the
408. # main neutron server. (Leave it as is if the database runs on this host.)
409. connection = sqlite:////var/lib/neutron/neutron.sqlite
410.  
411. # The SQLAlchemy connection string used to connect to the slave database
412. # slave_connection =
413.  
414. # Database reconnection retry times - in event connectivity is lost
415. # set to -1 implies an infinite retry count
416. # max_retries = 10
417.  
418. # Database reconnection interval in seconds - if the initial connection to the
419. # database fails
420. # retry_interval = 10
421.  
422. # Minimum number of SQL connections to keep open in a pool
423. # min_pool_size = 1
424.  
425. # Maximum number of SQL connections to keep open in a pool
426. # max_pool_size = 10
427.  
428. # Timeout in seconds before idle sql connections are reaped
429. # idle_timeout = 3600
430.  
431. # If set, use this value for max_overflow with sqlalchemy
432. # max_overflow = 20
433.  
434. # Verbosity of SQL debugging information. 0=None, 100=Everything
435. # connection_debug = 0
436.  
437. # Add python stack traces to SQL as comment strings
438. # connection_trace = False
439.  
440. # If set, use this value for pool_timeout with sqlalchemy
441. # pool_timeout = 10
442.  
443. [service_providers]
444. # Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
445. # Must be in form:
446. # service_provider=<service_type>:<name>:<driver>[:default]
447. # List of allowed service types includes LOADBALANCER, FIREWALL, VPN
448. # Combination of <service type> and <name> must be unique; <driver> must also be unique
449. # This is multiline option, example for default provider:
450. # service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
451. # example of non-default provider:
452. # service_provider=FIREWALL:name2:firewall_driver_path
453. # --- Reference implementations ---
454. service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
455. service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
456. # In order to activate Radware's lbaas driver you need to uncomment the next line.
457. # If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
458. # Otherwise comment the HA Proxy line
459. # service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
460. # uncomment the following line to make the 'netscaler' LBaaS provider available.
461. # service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
462. # Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver.
463. # service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
464. # Uncomment the line below to use Embrane heleos as Load Balancer service provider.
465. # service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default