Prerequisites for OVS Mirroring

This section is only applicable if you are using OVS Mirroring as your traffic acquisition method. The following items are required to deploy a UCT-V OVS agent:

• An existing OpenStack cloud environment should be available with admin project and login credentials to create a monitoring domain.
• A user with OVS access is required to enable OVS-Mirror. The user can be an admin or can be a user with a custom role that has the permissions and the ability to list projects.

OpenStack Cloud Environment Requirements

• ML2 mechanism driver: Open vSwitch.
• You must have the following role privileges as shown in the table for the respective files to enable OVS mirroring:

• File	Command
  /etc/nova/policy.json	"os_compute_api:os-hypervisors": "role:gigamon", "os_compute_api:servers:detail:get_all_tenants": "role:gigamon", "os_compute_api:servers:index:get_all_tenants": "role:gigamon", "os_compute_api:servers:allow_all_filters”:“role:gigamon", “os_compute_api:os-extended-server-attributes”:“role:gigamon”
  /etc/keystone/policy.json	"identity:list_projects": "role:admin or role:gigamon", "identity:list_user_projects": "role:admin or role:gigamon or rule:owner", "identity:list_users": "role:admin or role:gigamon"
  /etc/neutron/policy.json	"context_is_advsvc":  "role:advsvc or role:gigamon", "get_subnet": "rule:admin_or_owner or rule:shared or role:gigamon", "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc”, "update_floatingip": "rule:admin_or_owner or role:gigamon", "get_floatingip": "rule:admin_or_owner or role:gigamon", "get_security_groups": "rule:admin_or_owner or role:gigamon", "get_security_group": "rule:admin_or_owner or or role:gigamon", "get_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner", "get_port:binding:vif_details”:“rule:admin_only or rule:context_is_gigamon”

•