openstack/openstack-manuals
Code Issues Proposed changes
openstack-manuals/doc/config-reference/source/tables/nova-network.rst
KATO Tomoyuki 55167764ae [config-ref] fix incorrect table format 
re-run the tool with latest version.

Closes-Bug: #1638004

Change-Id: I13a4e53c403e189839d04a0376bc0db1cf0ef049
2016-11-12 20:43:46 +09:00

527 lines
25 KiB
ReStructuredText
Raw Blame History

..
Warning: Do not edit this file. It is automatically generated from the
software project's code and your changes will be overwritten.
The tool to generate this file lives in openstack-doc-tools repository.
Please make any changes needed in the code, then run the
autogenerate-config-doc tool from the openstack-doc-tools repository, or
ask for help on the documentation mailing list, IRC channel or meeting.
.. _nova-network:
.. list-table:: Description of network configuration options
:header-rows: 1
:class: config-ref-table
* - Configuration option = Default value
- Description
* - **[DEFAULT]**
-
* - ``allow_same_net_traffic`` = ``True``
- (Boolean) Determine whether to allow network traffic from same network.
When set to true, hosts on the same subnet are not filtered and are allowed to pass all types of traffic between them. On a flat network, this allows all instances from all projects unfiltered communication. With VLAN networking, this allows access between instances within the same project.
This option only applies when using the ``nova-network`` service. When using another networking services, such as Neutron, security groups or other approaches should be used.
Possible values:
* True: Network traffic should be allowed pass between all instances on the same network, regardless of their tenant and security policies
* False: Network traffic should not be allowed pass between instances unless it is unblocked in a security group
Interdependencies to other options:
* ``use_neutron``: This must be set to ``False`` to enable ``nova-network`` networking
* ``firewall_driver``: This must be set to ``nova.virt.libvirt.firewall.IptablesFirewallDriver`` to ensure the libvirt firewall driver is enabled.
* - ``auto_assign_floating_ip`` = ``False``
- (Boolean) Autoassigning floating IP to VM
When set to True, floating IP is auto allocated and associated to the VM upon creation.
* - ``cnt_vpn_clients`` = ``0``
- (Integer) This option represents the number of IP addresses to reserve at the top of the address range for VPN clients. It also will be ignored if the configuration option for `network_manager` is not set to the default of 'nova.network.manager.VlanManager'.
Possible values:
Any integer, 0 or greater. The default is 0.
Related options:
``use_neutron``, ``network_manager``
* - ``create_unique_mac_address_attempts`` = ``5``
- (Integer) This option determines how many times nova-network will attempt to create a unique MAC address before giving up and raising a `VirtualInterfaceMacAddressException` error.
Possible values:
Any positive integer. The default is 5.
Related options:
``use_neutron``
* - ``default_access_ip_network_name`` = ``None``
- (String) Name of the network to be used to set access IPs for instances. If there are multiple IPs to choose from, an arbitrary one will be chosen.
Possible values:
* None (default)
* Any string representing network name.
* - ``default_floating_pool`` = ``nova``
- (String) Default pool for floating IPs.
This option specifies the default floating IP pool for allocating floating IPs.
While allocating a floating ip, users can optionally pass in the name of the pool they want to allocate from, otherwise it will be pulled from the default pool.
If this option is not set, then 'nova' is used as default floating pool.
Possible values:
* Any string representing a floating IP pool name
* - ``defer_iptables_apply`` = ``False``
- (Boolean) Whether to batch up the application of IPTables rules during a host restart and apply all at the end of the init phase.
* - ``dhcp_domain`` = ``novalocal``
- (String) This option allows you to specify the domain for the DHCP server.
Possible values:
Any string that is a valid domain name.
Related options:
``use_neutron``
* - ``dhcp_lease_time`` = ``86400``
- (Integer) The lifetime of a DHCP lease, in seconds. The default is 86400 (one day).
Possible values:
Any positive integer value.
* - ``dhcpbridge`` = ``$bindir/nova-dhcpbridge``
- (String) The location of the binary nova-dhcpbridge. By default it is the binary named 'nova-dhcpbridge' that is installed with all the other nova binaries.
Possible values:
Any string representing the full path to the binary for dhcpbridge
* - ``dhcpbridge_flagfile`` = ``['/etc/nova/nova-dhcpbridge.conf']``
- (Multi-valued) This option is a list of full paths to one or more configuration files for dhcpbridge. In most cases the default path of '/etc/nova/nova-dhcpbridge.conf' should be sufficient, but if you have special needs for configuring dhcpbridge, you can change or add to this list.
Possible values
A list of strings, where each string is the full path to a dhcpbridge configuration file.
* - ``dns_server`` = ``[]``
- (Multi-valued) Despite the singular form of the name of this option, it is actually a list of zero or more server addresses that dnsmasq will use for DNS nameservers. If this is not empty, dnsmasq will not read /etc/resolv.conf, but will only use the servers specified in this option. If the option use_network_dns_servers is True, the dns1 and dns2 servers from the network will be appended to this list, and will be used as DNS servers, too.
Possible values:
A list of strings, where each string is either an IP address or a FQDN.
Related options:
use_network_dns_servers
* - ``dns_update_periodic_interval`` = ``-1``
- (Integer) This option determines the time, in seconds, to wait between refreshing DNS entries for the network.
Possible values:
Either -1 (default), or any positive integer. A negative value will disable the updates.
Related options:
``use_neutron``
* - ``dnsmasq_config_file`` =
- (String) The path to the custom dnsmasq configuration file, if any.
Possible values:
The full path to the configuration file, or an empty string if there is no custom dnsmasq configuration file.
* - ``ebtables_exec_attempts`` = ``3``
- (Integer) This option determines the number of times to retry ebtables commands before giving up. The minimum number of retries is 1.
Possible values:
* Any positive integer
Related options:
* ebtables_retry_interval
* - ``ebtables_retry_interval`` = ``1.0``
- (Floating point) This option determines the time, in seconds, that the system will sleep in between ebtables retries. Note that each successive retry waits a multiple of this value, so for example, if this is set to the default of 1.0 seconds, and ebtables_exec_attempts is 4, after the first failure, the system will sleep for 1
* 1.0 seconds, after the second failure it will sleep 2
* 1.0 seconds, and after the third failure it will sleep 3
* 1.0 seconds.
Possible values:
* Any non-negative float or integer. Setting this to zero will result in no waiting between attempts.
Related options:
* ebtables_exec_attempts
* - ``firewall_driver`` = ``None``
- (String) Firewall driver to use with ``nova-network`` service.
This option only applies when using the ``nova-network`` service. When using another networking services, such as Neutron, this should be to set to the ``nova.virt.firewall.NoopFirewallDriver``.
If unset (the default), this will default to the hypervisor-specified default driver.
Possible values:
* nova.virt.firewall.IptablesFirewallDriver
* nova.virt.firewall.NoopFirewallDriver
* nova.virt.libvirt.firewall.IptablesFirewallDriver
* [...]
Interdependencies to other options:
* ``use_neutron``: This must be set to ``False`` to enable ``nova-network`` networking
* - ``fixed_ip_disassociate_timeout`` = ``600``
- (Integer) This is the number of seconds to wait before disassociating a deallocated fixed IP address. This is only used with the nova-network service, and has no effect when using neutron for networking.
Possible values:
Any integer, zero or greater. The default is 600 (10 minutes).
Related options:
``use_neutron``
* - ``flat_injected`` = ``False``
- (Boolean) This option determines whether the network setup information is injected into the VM before it is booted. While it was originally designed to be used only by nova-network, it is also used by the vmware and xenapi virt drivers to control whether network information is injected into a VM.
* - ``flat_interface`` = ``None``
- (String) This option is the name of the virtual interface of the VM on which the bridge will be built. While it was originally designed to be used only by nova-network, it is also used by libvirt for the bridge interface name.
Possible values:
Any valid virtual interface name, such as 'eth0'
* - ``flat_network_bridge`` = ``None``
- (String) This option determines the bridge used for simple network interfaces when no bridge is specified in the VM creation request.
Please note that this option is only used when using nova-network instead of Neutron in your deployment.
Possible values:
Any string representing a valid network bridge, such as 'br100'
Related options:
``use_neutron``
* - ``flat_network_dns`` = ``8.8.4.4``
- (String) This is the address of the DNS server for a simple network. If this option is not specified, the default of '8.8.4.4' is used.
Please note that this option is only used when using nova-network instead of Neutron in your deployment.
Possible values:
Any valid IP address.
Related options:
``use_neutron``
* - ``floating_ip_dns_manager`` = ``nova.network.noop_dns_driver.NoopDNSDriver``
- (String) Full class name for the DNS Manager for floating IPs.
This option specifies the class of the driver that provides functionality to manage DNS entries associated with floating IPs.
When a user adds a DNS entry for a specified domain to a floating IP, nova will add a DNS entry using the specified floating DNS driver. When a floating IP is deallocated, its DNS entry will automatically be deleted.
Possible values:
* Full Python path to the class to be used
* - ``force_dhcp_release`` = ``True``
- (Boolean) When this option is True, a call is made to release the DHCP for the instance when that instance is terminated.
Related options:
``use_neutron``
* - ``force_snat_range`` = ``[]``
- (Multi-valued) This is a list of zero or more IP ranges that traffic from the `routing_source_ip` will be SNATted to. If the list is empty, then no SNAT rules are created.
Possible values:
A list of strings, each of which should be a valid CIDR.
Related options:
routing_source_ip
* - ``forward_bridge_interface`` = ``['all']``
- (Multi-valued) One or more interfaces that bridges can forward traffic to. If any of the items in this list is the special keyword 'all', then all traffic will be forwarded.
Possible values:
A list of zero or more interface names, or the word 'all'.
* - ``gateway`` = ``None``
- (String) This is the default IPv4 gateway. It is used only in the testing suite.
Please note that this option is only used when using nova-network instead of Neutron in your deployment.
Possible values:
Any valid IP address.
Related options:
``use_neutron``, ``gateway_v6``
* - ``injected_network_template`` = ``$pybasedir/nova/virt/interfaces.template``
- (String) Template file for injected network
* - ``instance_dns_domain`` =
- (String) If specified, Nova checks if the availability_zone of every instance matches what the database says the availability_zone should be for the specified dns_domain.
* - ``instance_dns_manager`` = ``nova.network.noop_dns_driver.NoopDNSDriver``
- (String) Full class name for the DNS Manager for instance IPs.
This option specifies the class of the driver that provides functionality to manage DNS entries for instances.
On instance creation, nova will add DNS entries for the instance name and id, using the specified instance DNS driver and domain. On instance deletion, nova will remove the DNS entries.
Possible values:
* Full Python path to the class to be used
* - ``iptables_bottom_regex`` =
- (String) This expression, if defined, will select any matching iptables rules and place them at the bottom when applying metadata changes to the rules.
Possible values:
* Any string representing a valid regular expression, or an empty string
Related options:
* iptables_top_regex
* - ``iptables_drop_action`` = ``DROP``
- (String) By default, packets that do not pass the firewall are DROPped. In many cases, though, an operator may find it more useful to change this from DROP to REJECT, so that the user issuing those packets may have a better idea as to what's going on, or LOGDROP in order to record the blocked traffic before DROPping.
Possible values:
* A string representing an iptables chain. The default is DROP.
* - ``iptables_top_regex`` =
- (String) This expression, if defined, will select any matching iptables rules and place them at the top when applying metadata changes to the rules.
Possible values:
* Any string representing a valid regular expression, or an empty string
Related options:
* iptables_bottom_regex
* - ``l3_lib`` = ``nova.network.l3.LinuxNetL3``
- (String) This option allows you to specify the L3 management library to be used.
Possible values:
Any dot-separated string that represents the import path to an L3 networking library.
Related options:
``use_neutron``
* - ``linuxnet_interface_driver`` = ``nova.network.linux_net.LinuxBridgeInterfaceDriver``
- (String) This is the class used as the ethernet device driver for linuxnet bridge operations. The default value should be all you need for most cases, but if you wish to use a customized class, set this option to the full dot-separated import path for that class.
Possible values:
Any string representing a dot-separated class path that Nova can import.
* - ``linuxnet_ovs_integration_bridge`` = ``br-int``
- (String) The name of the Open vSwitch bridge that is used with linuxnet when connecting with Open vSwitch."
Possible values:
Any string representing a valid bridge name.
* - ``multi_host`` = ``False``
- (Boolean) Default value for multi_host in networks. Also, if set, some rpc network calls will be sent directly to host.
* - ``network_allocate_retries`` = ``0``
- (Integer) Number of times to retry network allocation. It is required to attempt network allocation retries if the virtual interface plug fails.
Possible values:
* Any positive integer representing retry count.
* - ``network_driver`` = ``nova.network.linux_net``
- (String) Driver to use for network creation
* - ``network_manager`` = ``nova.network.manager.VlanManager``
- (String) Full class name for the Manager for network
* - ``network_size`` = ``256``
- (Integer) This option determines the number of addresses in each private subnet.
Please note that this option is only used when using nova-network instead of Neutron in your deployment.
Possible values:
Any positive integer that is less than or equal to the available network size. Note that if you are creating multiple networks, they must all fit in the available IP address space. The default is 256.
Related options:
``use_neutron``, ``num_networks``
* - ``network_topic`` = ``network``
- (String) The topic network nodes listen on
* - ``networks_path`` = ``$state_path/networks``
- (String) The location where the network configuration files will be kept. The default is the 'networks' directory off of the location where nova's Python module is installed.
Possible values
A string containing the full path to the desired configuration directory
* - ``num_networks`` = ``1``
- (Integer) This option represents the number of networks to create if not explicitly specified when the network is created. The only time this is used is if a CIDR is specified, but an explicit network_size is not. In that case, the subnets are created by diving the IP address space of the CIDR by num_networks. The resulting subnet sizes cannot be larger than the configuration option `network_size`; in that event, they are reduced to `network_size`, and a warning is logged.
Please note that this option is only used when using nova-network instead of Neutron in your deployment.
Possible values:
Any positive integer is technically valid, although there are practical limits based upon available IP address space and virtual interfaces. The default is 1.
Related options:
``use_neutron``, ``network_size``
* - ``ovs_vsctl_timeout`` = ``120``
- (Integer) This option represents the period of time, in seconds, that the ovs_vsctl calls will wait for a response from the database before timing out. A setting of 0 means that the utility should wait forever for a response.
Possible values:
* Any positive integer if a limited timeout is desired, or zero if the calls should wait forever for a response.
* - ``public_interface`` = ``eth0``
- (String) This is the name of the network interface for public IP addresses. The default is 'eth0'.
Possible values:
Any string representing a network interface name
* - ``routing_source_ip`` = ``$my_ip``
- (String) This is the public IP address of the network host. It is used when creating a SNAT rule.
Possible values:
Any valid IP address
Related options:
force_snat_range
* - ``send_arp_for_ha`` = ``False``
- (Boolean) When True, when a device starts up, and upon binding floating IP addresses, arp messages will be sent to ensure that the arp caches on the compute hosts are up-to-date.
Related options:
send_arp_for_ha_count
* - ``send_arp_for_ha_count`` = ``3``
- (Integer) When arp messages are configured to be sent, they will be sent with the count set to the value of this option. Of course, if this is set to zero, no arp messages will be sent.
Possible values:
Any integer greater than or equal to 0
Related options:
send_arp_for_ha
* - ``share_dhcp_address`` = ``False``
- (Boolean) DEPRECATED: THIS VALUE SHOULD BE SET WHEN CREATING THE NETWORK.
If True in multi_host mode, all compute hosts share the same dhcp address. The same IP address used for DHCP will be added on each nova-network node which is only visible to the VMs on the same host.
The use of this configuration has been deprecated and may be removed in any release after Mitaka. It is recommended that instead of relying on this option, an explicit value should be passed to 'create_networks()' as a keyword argument with the name 'share_address'.
* - ``teardown_unused_network_gateway`` = ``False``
- (Boolean) Determines whether unused gateway devices, both VLAN and bridge, are deleted if the network is in nova-network VLAN mode and is multi-hosted.
Related options:
``use_neutron``, ``vpn_ip``, ``fake_network``
* - ``update_dns_entries`` = ``False``
- (Boolean) When this option is True, whenever a DNS entry must be updated, a fanout cast message is sent to all network hosts to update their DNS entries in multi-host mode.
Related options:
``use_neutron``
* - ``use_network_dns_servers`` = ``False``
- (Boolean) When this option is set to True, the dns1 and dns2 servers for the network specified by the user on boot will be used for DNS, as well as any specified in the `dns_server` option.
Related options:
dns_server
* - ``use_neutron`` = ``False``
- (Boolean) Whether to use Neutron or Nova Network as the back end for networking. Defaults to False (indicating Nova network).Set to True to use neutron.
* - ``use_neutron_default_nets`` = ``False``
- (Boolean) When True, the TenantNetworkController will query the Neutron API to get the default networks to use.
Related options:
* neutron_default_tenant_id
* - ``use_single_default_gateway`` = ``False``
- (Boolean) When set to True, only the firt nic of a VM will get its default gateway from the DHCP server.
* - ``vlan_interface`` = ``None``
- (String) This option is the name of the virtual interface of the VM on which the VLAN bridge will be built. While it was originally designed to be used only by nova-network, it is also used by libvirt and xenapi for the bridge interface name.
Please note that this setting will be ignored in nova-network if the configuration option for `network_manager` is not set to the default of 'nova.network.manager.VlanManager'.
Possible values:
Any valid virtual interface name, such as 'eth0'
* - ``vlan_start`` = ``100``
- (Integer) This is the VLAN number used for private networks. Note that the when creating the networks, if the specified number has already been assigned, nova-network will increment this number until it finds an available VLAN.
Please note that this option is only used when using nova-network instead of Neutron in your deployment. It also will be ignored if the configuration option for `network_manager` is not set to the default of 'nova.network.manager.VlanManager'.
Possible values:
Any integer between 1 and 4094. Values outside of that range will raise a ValueError exception. Default = 100.
Related options:
``network_manager``, ``use_neutron``
* - **[libvirt]**
-
* - ``remote_filesystem_transport`` = ``ssh``
- (String) Use ssh or rsync transport for creating, copying, removing files on the remote host.
* - **[os_vif_linux_bridge]**
-
* - ``flat_interface`` = ``None``
- (String) FlatDhcp will bridge into this interface if set
* - ``forward_bridge_interface`` = ``['all']``
- (Multi-valued) An interface that bridges can forward to. If this is set to all then all traffic will be forwarded. Can be specified multiple times.
* - ``iptables_bottom_regex`` =
- (String) Regular expression to match the iptables rule that should always be on the bottom.
* - ``iptables_drop_action`` = ``DROP``
- (String) The table that iptables to jump to when a packet is to be dropped.
* - ``iptables_top_regex`` =
- (String) Regular expression to match the iptables rule that should always be on the top.
* - ``network_device_mtu`` = ``1500``
- (Integer) MTU setting for network interface.
* - ``use_ipv6`` = ``False``
- (Boolean) Use IPv6
* - ``vlan_interface`` = ``None``
- (String) VLANs will bridge into this interface if set
* - **[os_vif_ovs]**
-
* - ``network_device_mtu`` = ``1500``
- (Integer) MTU setting for network interface.
* - ``ovs_vsctl_timeout`` = ``120``
- (Integer) Amount of time, in seconds, that ovs_vsctl should wait for a response from the database. 0 is to wait forever.
* - **[vif_plug_linux_bridge_privileged]**
-
* - ``capabilities`` = ``[]``
- (Unknown) List of Linux capabilities retained by the privsep daemon.
* - ``group`` = ``None``
- (String) Group that the privsep daemon should run as.
* - ``helper_command`` = ``None``
- (String) Command to invoke to start the privsep daemon if not using the "fork" method. If not specified, a default is generated using "sudo privsep-helper" and arguments designed to recreate the current configuration. This command must accept suitable --privsep_context and --privsep_sock_path arguments.
* - ``user`` = ``None``
- (String) User that the privsep daemon should run as.
* - **[vif_plug_ovs_privileged]**
-
* - ``capabilities`` = ``[]``
- (Unknown) List of Linux capabilities retained by the privsep daemon.
* - ``group`` = ``None``
- (String) Group that the privsep daemon should run as.
* - ``helper_command`` = ``None``
- (String) Command to invoke to start the privsep daemon if not using the "fork" method. If not specified, a default is generated using "sudo privsep-helper" and arguments designed to recreate the current configuration. This command must accept suitable --privsep_context and --privsep_sock_path arguments.
* - ``user`` = ``None``
- (String) User that the privsep daemon should run as.
* - **[vmware]**
-
* - ``vlan_interface`` = ``vmnic0``
- (String) This option specifies the physical ethernet adapter name for VLAN networking.
Set the vlan_interface configuration option to match the ESX host interface that handles VLAN-tagged VM traffic.
Possible values:
* Any valid string representing VLAN interface name
View Git Blame Copy Permalink