[DEFAULT]
debug = {{ octavia_logging_debug }}

log_dir = /var/log/kolla/octavia

transport_url = {{ rpc_transport_url }}

[api_settings]
bind_host = {{ api_interface_address }}
bind_port = {{ octavia_api_listen_port }}

[certificates]
ca_private_key_passphrase = {{ octavia_ca_password }}
ca_private_key = /etc/octavia/certs/server_ca.key.pem
ca_certificate = /etc/octavia/certs/server_ca.cert.pem
{% if enable_barbican | bool %}
region_name = {{ openstack_region_name }}
endpoint_type = internal
ca_certificates_file = {{ openstack_cacert }}
{% endif %}

[haproxy_amphora]
server_ca = /etc/octavia/certs/server_ca.cert.pem
client_cert = /etc/octavia/certs/client.cert-and-key.pem

[database]
connection = mysql+pymysql://{{ octavia_database_user }}:{{ octavia_database_password }}@{{ octavia_database_address }}/{{ octavia_database_name }}
max_retries = -1

[service_auth]
auth_url = {{ keystone_admin_url }}
auth_type = password
username = {{ octavia_keystone_user }}
password = {{ octavia_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
project_name = {{ octavia_service_auth_project }}
project_domain_name = {{ default_project_domain_name }}
cafile = {{ openstack_cacert }}

memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}

[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_admin_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ octavia_keystone_user }}
password = {{ octavia_keystone_password }}
cafile = {{ openstack_cacert }}

memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}

[health_manager]
bind_port = {{ octavia_health_manager_port }}
bind_ip = {{ octavia_network_interface_address }}
heartbeat_key = insecure
controller_ip_port_list = {% for host in groups['octavia-health-manager'] %}{{ 'octavia_network' | kolla_address(host) | put_address_in_context('url') }}:{{ octavia_health_manager_port }}{% if not loop.last %},{% endif %}{% endfor %}

stats_update_threads = {{ openstack_service_workers }}
health_update_threads = {{ openstack_service_workers }}

[controller_worker]
amp_boot_network_list = {{ octavia_amp_boot_network_list }}
amp_image_tag = amphora
amp_secgroup_list = {{ octavia_amp_secgroup_list }}
amp_flavor_id = {{ octavia_amp_flavor_id }}
amp_ssh_key_name = octavia_ssh_key
client_ca = /etc/octavia/certs/client_ca.cert.pem
network_driver = allowed_address_pairs_driver
compute_driver = compute_nova_driver
amphora_driver = amphora_haproxy_rest_driver
amp_active_retries = 100
amp_active_wait_sec = 2
loadbalancer_topology = {{ octavia_loadbalancer_topology }}

[oslo_messaging]
topic = octavia_prov
rpc_thread_pool_size = 2

[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}

{% if octavia_policy_file is defined %}
[oslo_policy]
policy_file = {{ octavia_policy_file }}
{% endif %}

[glance]
region_name = {{ openstack_region_name }}
endpoint_type = internal
ca_certificates_file = {{ openstack_cacert }}

[neutron]
region_name = {{ openstack_region_name }}
endpoint_type = internal
ca_certificates_file = {{ openstack_cacert }}

[nova]
region_name = {{ openstack_region_name }}
endpoint_type = internal
ca_certificates_file = {{ openstack_cacert }}