Roman Krček 15140d532d Put memcache_security_strategy in single place at all.yml
For possible config options see docs
https://docs.openstack.org/keystonemiddleware/latest/middlewarearchitecture.html#memcache-protection

Closes-bug: #1850733
Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>
Change-Id: I169e27899f7350f5eb8adb1f81a062c51e6cbdfc
2024-08-12 09:12:13 +00:00

127 lines
3.9 KiB
Django/Jinja

[DEFAULT]
debug = {{ designate_logging_debug }}
log_dir = /var/log/kolla/designate
transport_url = {{ rpc_transport_url }}
[service:central]
default_pool_id = {{ designate_pool_id }}
workers = {{ designate_central_workers }}
[service:api]
listen = {{ api_interface_address | put_address_in_context('url') }}:{{ designate_api_listen_port }}
api_base_uri = {{ designate_internal_endpoint }}
workers = {{ designate_api_workers }}
enable_api_admin = True
enable_host_header = True
enabled_extensions_admin = quotas, reports
[keystone_authtoken]
service_type = dns
www_authenticate_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ designate_keystone_user }}
password = {{ designate_keystone_password }}
http_connect_timeout = 60
service_token_roles_required = True
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
memcache_security_strategy = {{ memcache_security_strategy }}
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% if service_name == 'designate-mdns' %}
[service:mdns]
listen = {{ 'dns' | kolla_address | put_address_in_context('url') }}:{{ designate_mdns_port }}
workers = {{ designate_mdns_workers }}
{% endif %}
[service:worker]
workers = {{ designate_worker_workers }}
[service:producer]
workers = {{ designate_producer_workers }}
threads = 1000
[network_api:neutron]
ca_certificates_file = "{{ openstack_cacert }}"
endpoint_type = internalURL
[storage:sqlalchemy]
connection = mysql+pymysql://{{ designate_database_user }}:{{ designate_database_password }}@{{ designate_database_address }}/{{ designate_database_name }}
max_retries = 10
idle_timeout = 3600
{% if service_name == 'designate-sink' and designate_enable_notifications_sink | bool %}
[service:sink]
enabled_notification_handlers = nova_fixed, neutron_floatingip
workers = {{ designate_sink_workers }}
[handler:nova_fixed]
#NOTE: zone_id must be manually filled an ID from openstack zone list
zone_id =
notification_topics = {{ designate_notifications_topic_name }}
control_exchange = nova
formatv4 = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(zone)s'
formatv4 = '%(hostname)s.%(project)s.%(zone)s'
formatv4 = '%(hostname)s.%(zone)s'
formatv6 = '%(hostname)s.%(zone)s'
formatv6 = '%(hostname)s.%(project)s.%(zone)s'
[handler:neutron_floatingip]
#NOTE: zone_id must be manually filled an ID from openstack zone list
zone_id =
notification_topics = {{ designate_notifications_topic_name }}
control_exchange = neutron
formatv4 = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(zone)s'
{% endif %}
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
{% if designate_enabled_notification_topics %}
driver = messagingv2
topics = {{ designate_enabled_notification_topics | map(attribute='name') | join(',') }}
{% else %}
driver = noop
{% endif %}
[oslo_messaging_rabbit]
heartbeat_in_pthread = false
{% if om_enable_rabbitmq_tls | bool %}
ssl = true
ssl_ca_file = {{ om_rabbitmq_cacert }}
{% endif %}
{% if om_enable_rabbitmq_high_availability | bool %}
amqp_durable_queues = true
{% endif %}
{% if om_enable_rabbitmq_quorum_queues | bool %}
rabbit_quorum_queue = true
{% endif %}
[oslo_concurrency]
lock_path = /var/lib/designate/tmp
[oslo_middleware]
enable_proxy_headers_parsing = True
{% if designate_policy_file is defined %}
[oslo_policy]
policy_file = {{ designate_policy_file }}
{% endif %}
[coordination]
{% if designate_coordination_backend == 'redis' %}
backend_url = {{ redis_connection_string }}
{% endif %}
{#
NOTE(yoctozepto): etcd is not supported due to lack of group membership
support via tooz, see https://launchpad.net/bugs/1872205
#}