Skip to main content
Calico Open Source 3.32 (latest) documentation

Configure systems for use with Calico

When running Calico with OpenStack, you also need to configure various OpenStack components, as follows.

Nova (/etc/nova/nova.conf)

Calico uses the Nova metadata service to provide metadata to VMs, without any proxying by Neutron. To make that work:

  • An instance of the Nova metadata API must run on every compute node.
  • /etc/nova/nova.conf must not set service_neutron_metadata_proxy or service_metadata_proxy to True. (The default False value is correct for a Calico cluster.)

Neutron server (/etc/neutron/neutron.conf)

In /etc/neutron/neutron.conf you need the following settings to configure the Neutron service.

SettingValueMeaning
core_plugincalicoUse the Calico core plugin

The following options in the [calico] section of /etc/neutron/neutron.conf govern how the Calico plugin and DHCP agent connect to the Calico etcd datastore. You should set etcd_host to the IP of your etcd server, and etcd_port if that server is using a non-standard port. If the etcd server is TLS-secured, also set:

  • etcd_cert_file to a client certificate, which must be signed by a Certificate Authority that the server trusts

  • etcd_key_file to the corresponding private key file

  • etcd_ca_cert_file to a file containing data for the Certificate Authorities that you trust to sign the etcd server's certificate.

SettingDefault ValueMeaning
etcd_host127.0.0.1The hostname or IP of the etcd server
etcd_port2379The port to use for the etcd node/proxy
etcd_key_fileThe path to the TLS key file to use with etcd
etcd_cert_fileThe path to the TLS client certificate file to use with etcd
etcd_ca_cert_fileThe path to the TLS CA certificate file to use with etcd

In a multi-region deployment, [calico] openstack_region configures the name of the region that the local compute or controller node belongs to.

SettingDefault ValueMeaning
openstack_regionnoneThe name of the region that the local compute of controller node belongs to.

When specified, the value of openstack_region must be a string of lower case alphanumeric characters or '-', starting and ending with an alphanumeric character, and must match the value of OpenStackRegion configured for the Felixes in the same region.