Conf Files

Conf Files#

This section discusses plugin configuration files and flags.

Conf File Location#

The location of the conf files directory, or individual conf files can be set using a VPP agent CLI start flag, or env variable export.

Conf file directory

Conf file directory flag:

-config-dir="."

If the conf file directory is /opt/vpp-agent/dev, then start the VPP agent with this command:

vpp-agent --config-dir=/opt/vpp-agent/dev

Same conf file directory, but using the env variable of CONFIG_DIR:

export CONFIG_DIR=/opt/vpp-agent/dev

Individual conf file location

Using per-plugin flags or env variables will override the conf file directory option.

If the etcd conf file location is /opt/vpp-agent/dev/etcd.conf, then start the VPP agent with the etcd conf file flag of --etcd-config= like so:

vpp-agent -etcd-config=/opt/vpp-agent/dev/etcd.conf

Using the ETCD_CONFIG env variable:

export ETCD_CONFIG=/opt/vpp-agent/dev/etcd.conf

Plugin Conf Files#

Bolt#

-bolt-config=

Bolt Conf File Options

Option	Type	Description
db-path	string	Path to Bolt DB file
file-mode	os.FileMode	File mode and permission bits in decimal format
lock-timeout	time.Duration	Timeout duration for waiting to obtain file lock, set to zero to wait indefinitely.

Bolt References:

Cassandra#

-cassandra-config=

Cassandra Conf File Options

Option	Type	Default	Description
endpoints	string		list of host IP addresses of cassandra cluster nodes
port	int	9042	Cassandra port
op_timeout	time.Duration	600ms	Connection Timeout
dial_timeout	time.Duration	600ms	initial session timeout, used during initial dial to server
redial_interval	time.Duration	60sec	Interval between gocql attempts to reconnect to known down nodes
protocol_version	int	4	Sets the version of the native protocol to use. This will enable features in the driver for specific protocol versions. Generally this should be set to a known version (2,3,4) for the cluster being connected to. If it is 0 or unset (the default), then the driver will attempt to discover the highest supported protocol for the cluster. In clusters with nodes of different versions, the protocol selected is not defined (i.e., it can be any of the supported in the cluster).
TLS Setup			Defines client cert, client private key, certificate authority, whether to skip verification of server name & certificate, disable TLS

Cassandra References:

Consul#

-consul-config=

Consul Conf File Options

Option	Type	Default	Description
address	string	0.0.0.0:8500	Consul server address
resync-after-reconnect	bool	false	Perform resync procedure for all registered plugins following reconnect to Consul server

Consult References:

etcd#

-etcd-config=

etcd Conf File Options

Option	Type	Default	Description
endpoints	string	172.17.0.1:2379	list of host IP addresses of ETCD database server
dial-timeout	time.Duration	1000000000ns	timeout for connecting to etcd
operation-timeout	time.Duration	3000000000ns	timeout for any request-reply etcd operation
insecure-transport	bool	false	TLS not used
insecure-skip-tls-verify	bool	false	Controls whether a client verifies the server’s certificate chain and host name. If InsecureSkipVerify is true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. This should be used only for testing.
cert-file	string		TLS Certification File
key-file	string		TLS certification key
ca-file	string		CA file used to create a set of x509 certificates
auto-compact	time.Duration	0	Interval between etcd auto compaction cycles. 0 means disabled
resync-after-reconnect	bool	false	Perform resync procedure for all registered plugins following reconnect to etcd server
allow-delayed-start	bool	false	Allow to start without connected ETCD database. Plugin will try to connect and if successful, overall resync will be called
reconnect-interval	time.Duration	2000000000ns	Interval between attempts to reconnect to the etcd server

etcd References:

FileDB#

-filedb-config=

FileDB Conf File Options

Option	Type	Default	Description
configuration-paths	string		A set of files/directories with configuration files. Examples are `/path/to/directory/` or `/path/to/file.ext`. If the target is a directory, all .json or .yaml files are read.
status-path	string		Path to the file where status data will be stored. `/path/to/status.txt` is an example. If it is not defined, status is not propagated. The file extension determines whether the data will be stored in .json or .yaml format. The target cannot be a directory.

Note: filesystem refers to the name of the FileDB plugin.

FileDB References:

GoVPPMux#

-govpp-config=

GoVPPMux Conf File Options

Option	Type	Default	Description
binapi-socket-path	string	/run/vpp-api.sock	defines path to the binapi socket file
connect-via-shm	bool	false	Connect to VPP for configuration requests via the shared memory
shm-prefix	string		Defines a prefix prepended to the name used for shared memory (SHM) segments. If not set, shared memory segments are created directly in the SHM directory /dev/shm.
stats-socket-path	string	/run/vpp/stats.sock	Defines path to the stats socket file
resync-after-reconnect	bool	false	Perform resync procedure for all registered plugins following reconnect to VPP
retry-request-count	int	0	Number of binary API request retries if VPP is suddenly disconnected
retry-request-timeout	time.Duration	500ms	Interval between binary API request retries
retry-connect-count	int	3	Number of connection request retries if VPP is not unreachable.
retry-connect-timeout	time.Duration	1000000000ns	Interval between connection request retries
proxy-enabled	bool	true	Enable VPP proxy
health-check-probe-interval	time.Duration		time between health check probes
health-check-reply-timeout	time.Duration		if this timer pops, probe is considered failed
health-check-threshold	int		number of consecutive failed health checks until an error is reported

GoVPPMux References:

GRPC#

-grpc-config=

GRPC Conf File Options

Option	Type	Default	Description
endpoint	string	0.0.0.0:9111	address of gRPC netListener
permission	int	000	Three or four-digit permission setup for unix domain socket file (if used)
force-socket-removal	bool	false	If set and unix type network is used, the existing socket file will be always removed and re-created
network	string	tcp	Available socket types: tcp, tcp4, tcp6, unix and unixpacket.
max-msg-size	int	4096	Maximum message size in bytes for inbound messages
max-concurrent-streams	unit32	0	returns a ServerOption that will apply a limit on the number of concurrent streams to each ServerTransport
extended-logging	bool	false	Enables logging additional gRPC transport messages
insecure-transport	bool	false	if true, TLS configuration will not be used

The following config file options are used if insecure-transport is false:

Option	Type	Description
cert-file	string	Required for creating a secure connection. example is /path/to/cert.pem
key-file	string	Required for creating a secure connection. example is /path/to/key.pem
ca-file	string	Set custom CA to verify client’s certificate. If not set, client’s certificate is not required. Examples ca-files are /path/to/ca1.pem and /path/to/ca2.pem

This flag can be used to set the GRPC port:

-grpc-port=

GRPC References:

Kafka#

-kafka-config=

Kafka Conf File Options

Option	Type	Default	Description
Addrs	string	127.0.0.1:9092	Kafka server addresses
group_id	string		Name of the consumer’s group
TLS			TLS Configuration

Kafka References:

KV Scheduler#

-kvscheduler-config=

KV Scheduler Conf File Options

Option	Type	Default	Description
record-transaction-history	bool	`true`	History of processed transactions is recorded
transaction-history-age-limit	uint32 (in minutes)	24hrs	Age limit for recording transaction history with the exception of permanently recorded init period
permanently-recorded-init-period	uint32 (in minutes)	60min	Duration of period from init that will be permanently recorded
enable-txn-simulation	bool	`false`	Enable transaction simulation
print-txn-summary	bool	`true`	Print transaction summary for each transaction

KV Scheduler References:

KV Scheduler plugin doc

Linux Interface Plugin#

-linux-ifplugin-config=

Linux Interface Plugin Conf File Options

Option	Type	Default	Description
disabled	bool	false	Used to disable linux ifplugin
go-routines-count	int	10	How many goroutines (at most) will split configured network namespaces to execute the Retrieve operation in parallel

Linux Interface References:

Linux IP Tables#

-linux-iptables-config=

Linux IP Tables Plugin Conf File Options

Option	Type	Default	Description
disabled	bool	false	Used to disable linux iptables plugin
go-routines-count	int	10	How many goroutines (at most) will split configured network namespaces to execute the Retrieve operation in parallel

Linux IP Tables References:

Linux L3#

-linux-l3plugin-config=

Linux L3 Plugin Conf File Options

Option	Type	Default	Description
disabled	bool	false	Used to disable linux L3 plugin
go-routines-count	int	10	How many goroutines (at most) will split configured network namespaces to execute the Retrieve operation in parallel

Linux L3 References:

Linux Namespace#

--linux-nsplugin-config=

Linux Namespace Plugin Conf File Options

Option	Type	Default	Description
disabled	bool	false	Used to disable linux namespace plugin

Linux Namespace References:

Log Manager#

--logs-config=

Log Manager Conf File Options

Option	Type	Default	Description
default-level	string	info	Set default config level for every plugin. Overwritten by environmental variable ‘INITIAL_LOGLVL’
loggers			Specifies a list of named loggers with their respective log levels. see `loggers` example below
hooks			Specifies a list of hooks for logging to external links. Parameters for a given hook are protocol, address, port and levels. See `hooks` example below.

Loggers example:

loggers:
  - name: "agentcore",
    level: debug
  - name: "status-check",
    level: info
  - name: "linux-plugin",
    level: warn

Hooks example:

hooks:
  syslog:
    levels:
    - panic
#    - fatal
#    - error
#    - warn
#    - info
#    - debug
#  fluent:
#    address: "10.20.30.41"
#    port: 4521
#    protocol: tcp
#    levels:
#     - error
#  logstash:
#    address: "10.20.30.42"
#    port: 123
#    protocol: tcp

Log Manager References:

Process Manager#

-process-manager-config=

Process Manager Conf File Options

Option	Type	Default	Description
template-path	string		path where process templates will be stored

Process Manager References:

REST#

-http-config=

REST Plugin Conf File Options

Option	Type	Default	Description
endpoint	string	0.0.0.0:9191	Address of the HTTP server
read-timeout	time.Duration	0	Maximum amount of time (in nanoseconds) for reading the entire request, including the body. Read-timeout does not let handlers make per-request decisions on each request body’s acceptable deadline or upload rate. Therefore most users will prefer to use read-header-timeout. It is valid to use both.
read-header-timeout	time.Duration	0	Maximum amount of time (in nanoseconds) to read request headers. The connection’s read deadline is reset after reading the headers and the Handler can decide what is considered too slow for the body.
write-timeout	time.Duration	0	Maximum amount of time (in nanoseconds) before timing out writes to a response. It is reset whenever a new request’s header is read. It does not let Handlers make decisions on a per-request basis.
idle-timeout	time.Duration	0	Maximum amount of time (in nanoseconds) to wait for the next request when keepalives are enabled. If the idle timeout is zero, the value of read-timeout is used. If both are zero, there is no timeout.
max-header-bytes	int	0	Maximum number of bytes the server will read parsing the request header’s keys and values, including the request line. It does not limit the size of the request body.
enable-token-auth	bool	false	Enables or disables HTTP token authentication
users			Registers additional users with permissions. Admin with full access to every permission group is registered automatically. Password must be in hashed form. See `users` format example below.
password-hash-cost	int	7	Number in range 4-31 used as a parameter for hashing passwords. Large numbers require more CPU time and memory to process.
token-expiration	time.Duration	60000000000ns	Token expiration time in nanoseconds. Zero means no expiration time
token-signature	string		string value used as key to sign a tokens

User format example:

users:
   - name: <name>
     password_hash: <hash>
     permissions: [<group1>, <group2>, ...]
`

This flag can be used to set the HTTP port:

-http-port=

REST References:

Service Label#

--microservice-label=

Service Label Plugin Conf File Options

Option	Type	Default	Description
microservice-label	string		Identifies a particular instance of a VPP agent. Used to form a key prefix associated with the VPP agent’s config data contained in an etcd data store.

Service Label References:

Service Label plugin doc

Supervisor#

The supervisor is an infrastructure plugin providing mechanisms to handle and manage processes and process hooks.

The conf file is split into two main categories:

programs or processes
hooks

Each of these may contain multiple entries so more programs or hooks can be contained in a single file.

References:

Telemetry#

--telemetry_config=

Telemetry Plugin Conf File Options

Option	Type	Default	Description
disabled	bool	false	Used to disable telemetry plugin
prometheus-disabled	bool	false	export to prometheus
polling-interval	time.Duration	30sec	interval between VPP reads
skipped	string		skip some metrics collection such runtime, memory, buffers, nodes, interfaces

Telemetry References:

VPP Interface#

-vpp-ifplugin-config=

VPP Interface Plugin Conf File Options

Option	Type	Default	Description
MTU	unit32	0	Default maximum transmission unit (MTU) size. The value is used if an interface without an MTU is created. Note that the MTU in the interface configuration is preferred.
status-publishers	string		Enables the VPP agent to send status data back to a KV data store. etcd, redis or both are supported.

vpp-ifplugin.conf file

VPP agent -h command#

Use this command to display flag, conf file name, and env variable information for all conf files.

vpp-agent -h

Output:

                                      __
  _  _____  ___ _______ ____ ____ ___ / /_
 | |/ / _ \/ _ /___/ _ '/ _ '/ -_/ _ / __/  vpp-agent v3.2.0-alpha-1-g615f9fd36
 |___/ .__/ .__/   \_'_/\_' /\__/_//_\__/   Wed Mar 18 17:59:27 UTC 2020 (15 days ago)
    /_/  /_/           /___/                root@67748e05ef29 (go1.14 linux/amd64)

Usage of vpp-agent:
  -config-dir=".": Location of the config files; can also be set via 'CONFIG_DIR' env variable.
  -configurator-config="configurator.conf": Location of the "configurator" plugin config file; can also be set via "CONFIGURATOR_CONFIG" env variable.
  -consul-config="consul.conf": Location of the "consul" plugin config file; can also be set via "CONSUL_CONFIG" env variable.
  -etcd-config="etcd.conf": Location of the "etcd" plugin config file; can also be set via "ETCD_CONFIG" env variable.
  -govpp-config="govpp.conf": Location of the "govpp" plugin config file; can also be set via "GOVPP_CONFIG" env variable.
  -grpc-config="grpc.conf": Location of the "grpc" plugin config file; can also be set via "GRPC_CONFIG" env variable.
  -grpc-port="": Configure "grpc" server port
  -http-config="http.conf": Location of the "http" plugin config file; can also be set via "HTTP_CONFIG" env variable.
  -http-port="9191": Configure "http" server port
  -kafka-config="kafka.conf": Location of the "kafka" plugin config file; can also be set via "KAFKA_CONFIG" env variable.
  -kvscheduler-config="kvscheduler.conf": Location of the "kvscheduler" plugin config file; can also be set via "KVSCHEDULER_CONFIG" env variable.
  -linux-ifplugin-config="linux-ifplugin.conf": Location of the "linux-ifplugin" plugin config file; can also be set via "LINUX-IFPLUGIN_CONFIG" env variable.
  -linux-iptablesplugin-config="linux-iptablesplugin.conf": Location of the "linux-iptablesplugin" plugin config file; can also be set via "LINUX-IPTABLESPLUGIN_CONFIG" env variable.
  -linux-l3plugin-config="linux-l3plugin.conf": Location of the "linux-l3plugin" plugin config file; can also be set via "LINUX-L3PLUGIN_CONFIG" env variable.
  -linux-nsplugin-config="linux-nsplugin.conf": Location of the "linux-nsplugin" plugin config file; can also be set via "LINUX-NSPLUGIN_CONFIG" env variable.
  -logs-config="logs.conf": Location of the "logs" plugin config file; can also be set via "LOGS_CONFIG" env variable.
  -microservice-label="vpp1": microservice label; also set via 'MICROSERVICE_LABEL' env variable.
  -msgsync-config="msgsync.conf": Location of the "msgsync" plugin config file; can also be set via "MSGSYNC_CONFIG" env variable.
  -orchestrator-config="orchestrator.conf": Location of the "orchestrator" plugin config file; can also be set via "ORCHESTRATOR_CONFIG" env variable.
  -redis-config="redis.conf": Location of the "redis" plugin config file; can also be set via "REDIS_CONFIG" env variable.
  -restpapi-config="restpapi.conf": Location of the "restpapi" plugin config file; can also be set via "RESTPAPI_CONFIG" env variable.
  -telemetry-config="telemetry.conf": Location of the "telemetry" plugin config file; can also be set via "TELEMETRY_CONFIG" env variable.
  -vpp-aclplugin-config="vpp-aclplugin.conf": Location of the "vpp-aclplugin" plugin config file; can also be set via "VPP-ACLPLUGIN_CONFIG" env variable.
  -vpp-ifplugin-config="vpp-ifplugin.conf": Location of the "vpp-ifplugin" plugin config file; can also be set via "VPP-IFPLUGIN_CONFIG" env variable.