mirror of
https://github.com/openvswitch/ovs
synced 2025-10-23 14:57:06 +00:00
166 lines
6.8 KiB
Bash
166 lines
6.8 KiB
Bash
# This is a POSIX shell fragment -*- sh -*-
|
|
|
|
# To configure the secure channel, fill in the following properly and
|
|
# uncomment them. Afterward, the secure channel will come up
|
|
# automatically at boot time. It can be started immediately with
|
|
# /etc/init.d/openvswitch-switch start
|
|
# Alternatively, use the ovs-switch-setup program (from the
|
|
# openvswitch-switch-config package) to do everything automatically.
|
|
|
|
# NETDEVS: Which network devices should the OpenFlow switch include?
|
|
#
|
|
# List the network devices that should become part of the OpenFlow
|
|
# switch, separated by spaces. At least two devices must be selected
|
|
# for this machine to be a useful switch. Unselecting all network
|
|
# devices will disable the OpenFlow switch entirely.
|
|
#
|
|
# The network devices that you select should not be configured with IP
|
|
# or IPv6 addresses, even if the switch contacts the controller over
|
|
# one of the selected network devices. This is because a running
|
|
# Open vSwitch switch takes over network devices at a low level: they
|
|
# become part of the switch and cannot be used for other purposes.
|
|
#NETDEVS=""
|
|
|
|
# MODE: The OpenFlow switch has three modes that determine how it
|
|
# reaches the controller:
|
|
#
|
|
# * in-band with discovery: A single network is used for OpenFlow
|
|
# traffic and other data traffic; that is, the switch contacts the
|
|
# controller over one of the network devices selected as OpenFlow
|
|
# switch ports. The switch automatically determines the location of
|
|
# the controller using a DHCP request with an OpenFlow-specific
|
|
# vendor option. This is the most common case.
|
|
#
|
|
# * in-band: As above, but the location of the controller is manually
|
|
# configured.
|
|
#
|
|
# * out-of-band: OpenFlow traffic uses a network separate from the
|
|
# data traffic that it controls. If this is the case, the control
|
|
# network must already be configured on a network device other than
|
|
# one of those selected as an Open vSwitch switch port in the previous
|
|
# question.
|
|
#
|
|
# Set MODE to 'discovery', 'in-band', or 'out-of-band' for these
|
|
# respective cases.
|
|
MODE=discovery
|
|
|
|
# SWITCH_IP: In 'in-band' mode, the switch's IP address may be
|
|
# configured statically or dynamically:
|
|
#
|
|
# * For static configuration, specify the switch's IP address as a
|
|
# string. In this case you may also set SWITCH_NETMASK and
|
|
# SWITCH_GATEWAY appropriately (see below).
|
|
#
|
|
# * For dynamic configuration with DHCP (the most common case),
|
|
# specify "dhcp". Configuration with DHCP will only work reliably
|
|
# if the network topology allows the switch to contact the DHCP
|
|
# server before it connects to the OpenFlow controller.
|
|
#
|
|
# This setting has no effect unless MODE is set to 'in-band'.
|
|
SWITCH_IP=dhcp
|
|
|
|
# SWITCH_NETMASK: IP netmask to use in 'in-band' mode when the switch
|
|
# IP address is not 'dhcp'.
|
|
#SWITCH_NETMASK=255.255.255.0
|
|
|
|
# SWITCH_GATEWAY: IP gateway to use in 'in-band' mode when the switch
|
|
# IP address is not 'dhcp'.
|
|
#SWITCH_GATEWAY=192.168.1.1
|
|
|
|
# CONTROLLER: Location of controller.
|
|
# One of the following formats:
|
|
# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST
|
|
# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST
|
|
# The default below assumes that the controller is running locally.
|
|
# This setting has no effect when MODE is set to 'discovery'.
|
|
#CONTROLLER="tcp:127.0.0.1"
|
|
|
|
# PRIVKEY: Name of file containing switch's private key.
|
|
# Required if SSL enabled.
|
|
#PRIVKEY=/etc/openvswitch-switch/of0-privkey.pem
|
|
|
|
# CERT: Name of file containing certificate for private key.
|
|
# Required if SSL enabled.
|
|
#CERT=/etc/openvswitch-switch/of0-cert.pem
|
|
|
|
# CACERT: Name of file containing controller CA certificate.
|
|
# Required if SSL enabled.
|
|
#CACERT=/etc/openvswitch-switch/cacert.pem
|
|
|
|
# CACERT_MODE: Two modes are available:
|
|
#
|
|
# * secure: The controller CA certificate named in CACERT above must exist.
|
|
# (You must copy it manually from the PKI server or another trusted source.)
|
|
#
|
|
# * bootstrap: If the controller CA certificate named in CACERT above does
|
|
# not exist, the switch will obtain it from the controller the first time
|
|
# it connects and save a copy to the file named in CACERT. This is insecure,
|
|
# in the same way that initial connections with ssh are insecure, but
|
|
# it is convenient.
|
|
#
|
|
# Set CACERT_MODE to 'secure' or 'bootstrap' for these respective cases.
|
|
#CACERT_MODE=secure
|
|
|
|
# MGMT_VCONNS: List of vconns (space-separated) on which secchan
|
|
# should listen for management connections from ovs-ofctl, etc.
|
|
# openvswitch-switchui by default connects to
|
|
# unix:/var/run/secchan.mgmt, so do not disable this if you want to
|
|
# use openvswitch-switchui.
|
|
MGMT_VCONNS="punix:/var/run/secchan.mgmt"
|
|
|
|
# COMMANDS: Access control list for the commands that can be executed
|
|
# remotely over the OpenFlow protocol, as a comma-separated list of
|
|
# shell glob patterns. Negative patterns (beginning with !) act as a
|
|
# blacklist. To be executable, a command name must match one positive
|
|
# pattern and not match any negative patterns.
|
|
#COMMANDS="reboot,update"
|
|
|
|
# DISCONNECTED_MODE: Switch behavior when attempts to connect to the
|
|
# controller repeatedly fail, either 'switch', to act as an L2 switch
|
|
# in this case, or 'drop', to drop all packets (except those necessary
|
|
# to connect to the controller). If unset, the default is 'drop'.
|
|
#DISCONNECTED_MODE=switch
|
|
|
|
# STP: Enable or disabled 802.1D-1998 Spanning Tree Protocol. Set to
|
|
# 'yes' to enable STP, 'no' to disable it. If unset, secchan's
|
|
# current default is 'no' (but this may change in the future).
|
|
#STP=no
|
|
|
|
# RATE_LIMIT: Maximum number of received frames, that do not match any
|
|
# existing switch flow, to forward up to the controller per second.
|
|
# The valid range is 100 and up. If unset, this rate will not be
|
|
# limited.
|
|
#RATE_LIMIT=1000
|
|
|
|
# INACTIVITY_PROBE: The maximum number of seconds of inactivity on the
|
|
# controller connection before secchan sends an inactivity probe
|
|
# message to the controller. The valid range is 5 and up. If unset,
|
|
# secchan defaults to 15 seconds.
|
|
#INACTIVITY_PROBE=5
|
|
|
|
# MAX_BACKOFF: The maximum time that secchan will wait between
|
|
# attempts to connect to the controller. The valid range is 1 and up.
|
|
# If unset, secchan defaults to 15 seconds.
|
|
#MAX_BACKOFF=15
|
|
|
|
# DAEMON_OPTS: Additional options to pass to secchan, e.g. "--fail=open"
|
|
DAEMON_OPTS=""
|
|
|
|
# CORE_LIMIT: Maximum size for core dumps.
|
|
#
|
|
# Leaving this unset will use the system default. Setting it to 0
|
|
# will disable core dumps. Setting it to "unlimited" will dump all
|
|
# core files regardless of size.
|
|
#CORE_LIMIT=unlimited
|
|
|
|
# DATAPATH_ID: Identifier for this switch.
|
|
#
|
|
# By default, the switch checks if the DMI System UUID contains a Nicira
|
|
# mac address to use as a datapath ID. If not, then the switch generates
|
|
# a new, random datapath ID every time it starts up. By setting this
|
|
# value, the supplied datapath ID will always be used.
|
|
#
|
|
# Set DATAPATH_ID to a MAC address in the form XX:XX:XX:XX:XX:XX where each
|
|
# X is a hexadecimal digit (0-9 or a-f).
|
|
#DATAPATH_ID=XX:XX:XX:XX:XX:XX
|