# uncomment them. Afterward, the secure channel will come up
# automatically at boot time. It can be started immediately with
# /etc/init.d/openflow-switch start
-# Alternatively, use the ofp-switch-setup program to do everything
-# automatically.
+# Alternatively, use the ofp-switch-setup program (from the
+# openflow-switch-config package) to do everything automatically.
# NETDEVS: Which network devices should the OpenFlow switch include?
#
# configured statically or dynamically:
#
# * For static configuration, specify the switch's IP address as a
-# string.
+# string. In this case you may also set SWITCH_NETMASK and
+# SWITCH_GATEWAY appropriately.
#
# * For dynamic configuration with DHCP (the most common case),
# specify "dhcp". Configuration with DHCP will only work reliably
#
# This setting has no effect unless MODE is set to 'in-band'.
SWITCH_IP=dhcp
+#SWITCH_NETMASK=255.255.255.0
+#SWITCH_GATEWAY=192.168.1.1
# CONTROLLER: Location of controller.
# One of the following formats:
-# tcp:HOST[:PORT] via TCP to PORT (default: 975) on HOST
-# ssl:HOST[:PORT] via SSL to PORT (default: 976) on HOST
+# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST
+# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST
# The default below assumes that the controller is running locally.
# This setting has no effect when MODE is set to 'discovery'.
#CONTROLLER="tcp:127.0.0.1"
# Required if SSL enabled.
#CACERT=/etc/openflow-switch/cacert.pem
-# Additional options to pass to secchan, e.g. "--fail=open"
+# CACERT_MODE: Two modes are available:
+#
+# * secure: The controller CA certificate named in CACERT above must exist.
+# (You must copy it manually from the PKI server or another trusted source.)
+#
+# * bootstrap: If the controller CA certificate named in CACERT above does
+# not exist, the switch will obtain it from the controller the first time
+# it connects and save a copy to the file named in CACERT. This is insecure,
+# in the same way that initial connections with ssh are insecure, but
+# it is convenient.
+#
+# Set CACERT_MODE to 'secure' or 'bootstrap' for these respective cases.
+#CACERT_MODE=secure
+
+# MGMT_VCONNS: List of vconns (space-separated) on which secchan
+# should listen for management connections from dpctl, etc.
+# openflow-switchui by default connects to
+# unix:/var/run/secchan.mgmt, so do not disable this if you want to
+# use openflow-switchui.
+MGMT_VCONNS="punix:/var/run/secchan.mgmt"
+
+# MONITOR_VCONN: Name of vconn on which secchan should listen for
+# monitoring connections from dpctl.
+MONITOR_VCONN="punix:/var/run/secchan.monitor"
+
+# COMMANDS: Access control list for the commands that can be executed
+# remotely over the OpenFlow protocol, as a comma-separated list of
+# shell glob patterns. Negative patterns (beginning with !) act as a
+# blacklist. To be executable, a command name must match one positive
+# pattern and not match any negative patterns.
+#COMMANDS="reboot,update"
+
+# DAEMON_OPTS: Additional options to pass to secchan, e.g. "--fail=open"
DAEMON_OPTS=""
+
+# CORE_LIMIT: Maximum size for core dumps.
+#
+# Leaving this unset will use the system default. Setting it to 0
+# will disable core dumps. Setting it to "unlimited" will dump all
+# core files regardless of size.
+#CORE_LIMIT=unlimited
+
+# DATAPATH_ID: Identifier for this switch.
+#
+# By default, the switch generates a new, random datapath ID every time
+# it starts up. By setting this value, the datapath ID will be consistent
+# from one run to the next.
+#
+# Set DATAPATH_ID to a MAC address in the form XX:XX:XX:XX:XX:XX where each
+# X is a hexadecimal digit (0-9 or a-f).
+#DATAPATH_ID=XX:XX:XX:XX:XX:XX
git://git.onelab.eu / sliver-openvswitch.git / blobdiff