# neutron.conf
[DEFAULT]
debug = {{ neutron_logging_debug }}

log_dir = /var/log/kolla/neutron

# NOTE(elemoine): set use_stderr to False or the logs will also be sent to
# stderr and collected by Docker
use_stderr = False
{% if neutron_enable_tls_backend | bool %}
bind_host = 127.0.0.1
{% else %}
bind_host = {{ api_interface_address }}
{% endif %}

bind_port = {{ neutron_server_listen_port }}

api_paste_config = /etc/neutron/api-paste.ini

api_workers = {{ neutron_api_workers }}
rpc_workers = {{ openstack_service_rpc_workers }}
rpc_state_report_workers = {{ openstack_service_rpc_workers }}

# NOTE(SamYaple): We must specify this value here rather than the metadata conf
# because it is used by the l3 and dhcp agents. The reason the path has 'kolla'
# in it is because we are sharing this socket in a volume which is it's own dir
metadata_proxy_socket = /var/lib/neutron/kolla/metadata_proxy

{% if neutron_plugin_agent == "openvswitch" or (neutron_plugin_agent == "ovn" and neutron_ovn_dhcp_agent | bool) %}
interface_driver = openvswitch
{% elif neutron_plugin_agent == "linuxbridge" %}
interface_driver = linuxbridge
{% endif %}

{% if enable_nova_fake | bool %}
ovs_integration_bridge = br-int-{{ item }}
host = {{ ansible_facts.hostname }}_{{ item }}
{% endif %}

{% if neutron_plugin_agent == 'vmware_nsxv' %}
core_plugin = vmware_nsx.plugin.NsxVPlugin
{% elif neutron_plugin_agent == 'vmware_nsxv3' %}
core_plugin = vmware_nsx.plugin.NsxV3Plugin
dhcp_agent_notification = False
{% elif neutron_plugin_agent == 'vmware_nsxp' %}
core_plugin = vmware_nsx.plugin.NsxPolicyPlugin
dhcp_agent_notification = False
{% elif neutron_plugin_agent == 'vmware_dvs' %}
core_plugin = vmware_nsx.plugin.NsxDvsPlugin
{% else %}
core_plugin = ml2
service_plugins = {{ neutron_service_plugins|map(attribute='name')|join(',') }}
{% endif %}

{% if enable_neutron_agent_ha | bool %}
dhcp_agents_per_network = {{ dhcp_agents_per_network }}
l3_ha = true
max_l3_agents_per_router = {{ max_l3_agents_per_router }}
{% endif %}

transport_url = {{ rpc_transport_url }}

{% if enable_neutron_dvr | bool %}
router_distributed = True
{% endif %}

{% if enable_designate | bool %}
{% if designate_ns_record is string %}
dns_domain = {{ designate_ns_record }}.
{% endif %}
external_dns_driver = designate
{% if neutron_plugin_agent == 'vmware_nsxv' %}
nsx_extension_drivers = vmware_nsxv_dns
{% elif neutron_plugin_agent == 'vmware_nsxv3' %}
nsx_extension_drivers = vmware_nsxv3_dns
{% elif neutron_plugin_agent == 'vmware_nsxp' %}
nsx_extension_drivers = vmware_nsxp_dns
{% elif neutron_plugin_agent == 'vmware_dvs' %}
nsx_extension_drivers = vmware_dvs_dns
{% endif %}
{% endif %}

ipam_driver = {{ neutron_ipam_driver }}

[nova]
auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
region_name = {{ openstack_region_name }}
project_name = service
username = {{ nova_keystone_user }}
password = {{ nova_keystone_password }}
endpoint_type = internal
cafile = {{ openstack_cacert }}

[oslo_middleware]
enable_proxy_headers_parsing = True

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

[agent]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf

[database]
connection = mysql+pymysql://{{ neutron_database_user }}:{{ neutron_database_password }}@{{ neutron_database_address }}/{{ neutron_database_name }}
connection_recycle_time = {{ database_connection_recycle_time }}
max_pool_size = {{ database_max_pool_size }}
max_retries = -1

[keystone_authtoken]
service_type = network
www_authenticate_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ neutron_keystone_user }}
password = {{ neutron_keystone_password }}
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}

memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}

memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}

[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
{% if neutron_enabled_notification_topics %}
driver = messagingv2
topics = {{ neutron_enabled_notification_topics | map(attribute='name') | join(',') }}
{% else %}
driver = noop
{% endif %}

[oslo_messaging_rabbit]
heartbeat_in_pthread = false
{% if om_enable_rabbitmq_tls | bool %}
ssl = true
ssl_ca_file = {{ om_rabbitmq_cacert }}
{% endif %}
{% if om_enable_rabbitmq_high_availability | bool %}
amqp_durable_queues = true
{% endif %}

{% if neutron_policy_file is defined %}
[oslo_policy]
policy_file = {{ neutron_policy_file }}
{% endif %}

{% if enable_neutron_sfc | bool %}
[sfc]
drivers = ovs

[flowclassifier]
drivers = ovs
{% endif %}

{% if enable_designate | bool %}
[designate]
url = {{ designate_internal_endpoint }}/v2
auth_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ designate_keystone_user }}
password = {{ designate_keystone_password }}
allow_reverse_dns_lookup = True
ipv4_ptr_zone_prefix_size = 24
ipv6_ptr_zone_prefix_size = 116
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
{% endif %}

{% if enable_osprofiler | bool %}
[profiler]
enabled = true
trace_sqlalchemy = true
hmac_keys = {{ osprofiler_secret }}
connection_string = {{ osprofiler_backend_connection_string }}
{% endif %}

[placement]
auth_type = password
auth_url = {{ keystone_internal_url }}
username = {{ placement_keystone_user }}
password = {{ placement_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
project_name = service
project_domain_name = {{ default_project_domain_name }}
endpoint_type = internal
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}

[privsep]
helper_command=sudo neutron-rootwrap /etc/neutron/rootwrap.conf privsep-helper

{% if enable_neutron_infoblox_ipam_agent | bool %}
[infoblox]
keystone_admin_project_domain_id = {{ default_project_domain_id }}
keystone_admin_user_domain_id = {{ default_user_domain_id }}
keystone_admin_project_name = service
keystone_admin_username = {{ neutron_keystone_user }}
keystone_admin_password = {{ neutron_keystone_password }}
keystone_auth_uri = {{ keystone_internal_url }}
keystone_auth_version = v3
cloud_data_center_id = {{ infoblox_cloud_data_center_id }}

[infoblox-dc:{{ infoblox_cloud_data_center_id }}]
grid_master_host = {{ infoblox_grid_master_host }}
grid_master_name = {{ infoblox_grid_master_name }}
admin_user_name = {{ infoblox_admin_user_name }}
admin_password = {{ infoblox_admin_password }}
wapi_version = {{ infoblox_wapi_version }}
wapi_max_results = {{ infoblox_wapi_max_results }}
{% endif %}