93ad57f47e
Add TLS support for backend Neutron API Server communication using HAProxy to perform TLS termination. When used in conjunction with enabling TLS for service API endpoints, network communication will be encrypted end to end, from client through HAProxy to the Neutron service. Change-Id: Ib333a1f1bd12491df72a9e52d961161210e2d330 Partially-Implements: blueprint add-ssl-internal-network
783 lines
41 KiB
YAML
783 lines
41 KiB
YAML
---
|
|
project_name: "neutron"
|
|
|
|
neutron_services:
|
|
neutron-server:
|
|
container_name: "neutron_server"
|
|
image: "{{ neutron_server_image_full }}"
|
|
enabled: true
|
|
group: "neutron-server"
|
|
host_in_groups: "{{ inventory_hostname in groups['neutron-server'] }}"
|
|
volumes: "{{ neutron_server_default_volumes + neutron_server_extra_volumes }}"
|
|
dimensions: "{{ neutron_server_dimensions }}"
|
|
healthcheck: "{{ neutron_server_healthcheck }}"
|
|
haproxy:
|
|
neutron_server:
|
|
enabled: "{{ enable_neutron | bool and not neutron_enable_tls_backend | bool}}"
|
|
mode: "http"
|
|
external: false
|
|
port: "{{ neutron_server_port }}"
|
|
listen_port: "{{ neutron_server_listen_port }}"
|
|
neutron_server_external:
|
|
enabled: "{{ enable_neutron | bool and not neutron_enable_tls_backend | bool}}"
|
|
mode: "http"
|
|
external: true
|
|
port: "{{ neutron_server_port }}"
|
|
listen_port: "{{ neutron_server_listen_port }}"
|
|
neutron-openvswitch-agent:
|
|
container_name: "neutron_openvswitch_agent"
|
|
image: "{{ neutron_openvswitch_agent_image_full }}"
|
|
enabled: "{{ neutron_plugin_agent == 'openvswitch' }}"
|
|
privileged: True
|
|
environment:
|
|
KOLLA_LEGACY_IPTABLES: "{{ neutron_legacy_iptables | bool | lower }}"
|
|
host_in_groups: >-
|
|
{{
|
|
( inventory_hostname in groups['compute']
|
|
or (enable_manila_backend_generic | bool and inventory_hostname in groups['manila-share'])
|
|
or inventory_hostname in groups['neutron-dhcp-agent']
|
|
or inventory_hostname in groups['neutron-l3-agent']
|
|
or inventory_hostname in groups['neutron-metadata-agent']
|
|
and not enable_nova_fake | bool
|
|
) or
|
|
( inventory_hostname in groups['neutron-dhcp-agent']
|
|
or inventory_hostname in groups['neutron-l3-agent']
|
|
or inventory_hostname in groups['neutron-metadata-agent']
|
|
and enable_nova_fake | bool
|
|
)
|
|
}}
|
|
volumes: "{{ neutron_openvswitch_agent_default_volumes + neutron_openvswitch_agent_extra_volumes }}"
|
|
dimensions: "{{ neutron_openvswitch_agent_dimensions }}"
|
|
healthcheck: "{{ neutron_openvswitch_agent_healthcheck }}"
|
|
neutron-linuxbridge-agent:
|
|
container_name: "neutron_linuxbridge_agent"
|
|
image: "{{ neutron_linuxbridge_agent_image_full }}"
|
|
privileged: True
|
|
enabled: "{{ neutron_plugin_agent == 'linuxbridge' }}"
|
|
environment:
|
|
KOLLA_LEGACY_IPTABLES: "{{ neutron_legacy_iptables | bool | lower }}"
|
|
host_in_groups: >-
|
|
{{
|
|
inventory_hostname in groups['compute']
|
|
or (enable_manila | bool and inventory_hostname in groups['manila-share'])
|
|
or inventory_hostname in groups['neutron-dhcp-agent']
|
|
or inventory_hostname in groups['neutron-l3-agent']
|
|
or inventory_hostname in groups['neutron-metadata-agent']
|
|
}}
|
|
volumes: "{{ neutron_linuxbridge_agent_default_volumes + neutron_linuxbridge_agent_extra_volumes }}"
|
|
dimensions: "{{ neutron_linuxbridge_agent_dimensions }}"
|
|
healthcheck: "{{ neutron_linuxbridge_agent_healthcheck }}"
|
|
neutron-dhcp-agent:
|
|
container_name: "neutron_dhcp_agent"
|
|
image: "{{ neutron_dhcp_agent_image_full }}"
|
|
privileged: True
|
|
enabled: "{{ neutron_plugin_agent not in ['ovn', 'vmware_nsxv', 'vmware_nsxv3'] }}"
|
|
group: "neutron-dhcp-agent"
|
|
host_in_groups: "{{ inventory_hostname in groups['neutron-dhcp-agent'] }}"
|
|
volumes: "{{ neutron_dhcp_agent_default_volumes + neutron_dhcp_agent_extra_volumes }}"
|
|
dimensions: "{{ neutron_dhcp_agent_dimensions }}"
|
|
healthcheck: "{{ neutron_dhcp_agent_healthcheck }}"
|
|
neutron-l3-agent:
|
|
container_name: "neutron_l3_agent"
|
|
image: "{{ neutron_l3_agent_image_full }}"
|
|
privileged: True
|
|
enabled: "{{ neutron_plugin_agent not in ['ovn', 'vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] }}"
|
|
environment:
|
|
KOLLA_LEGACY_IPTABLES: "{{ neutron_legacy_iptables | bool | lower }}"
|
|
host_in_groups: >-
|
|
{{
|
|
inventory_hostname in groups['neutron-l3-agent']
|
|
or (inventory_hostname in groups['compute'] and enable_neutron_dvr | bool)
|
|
}}
|
|
volumes: "{{ neutron_l3_agent_default_volumes + neutron_l3_agent_extra_volumes }}"
|
|
dimensions: "{{ neutron_l3_agent_dimensions }}"
|
|
healthcheck: "{{ neutron_l3_agent_healthcheck }}"
|
|
neutron-sriov-agent:
|
|
container_name: "neutron_sriov_agent"
|
|
image: "{{ neutron_sriov_agent_image_full }}"
|
|
privileged: True
|
|
enabled: "{{ enable_neutron_sriov | bool and neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3' ] }}"
|
|
host_in_groups: "{{ inventory_hostname in groups['compute'] }}"
|
|
volumes: "{{ neutron_sriov_agent_default_volumes + neutron_sriov_agent_extra_volumes }}"
|
|
dimensions: "{{ neutron_sriov_agent_dimensions }}"
|
|
healthcheck: "{{ neutron_sriov_agent_healthcheck }}"
|
|
neutron-mlnx-agent:
|
|
container_name: "neutron_mlnx_agent"
|
|
image: "{{ neutron_mlnx_agent_image_full }}"
|
|
enabled: "{{ enable_neutron_mlnx | bool and neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3' ] }}"
|
|
host_in_groups: "{{ inventory_hostname in groups['compute'] }}"
|
|
volumes: "{{ neutron_mlnx_agent_default_volumes + neutron_mlnx_agent_extra_volumes }}"
|
|
dimensions: "{{ neutron_mlnx_agent_dimensions }}"
|
|
neutron-eswitchd:
|
|
container_name: "neutron_eswitchd"
|
|
image: "{{ neutron_eswitchd_image_full }}"
|
|
privileged: True
|
|
enabled: "{{ enable_neutron_mlnx | bool and neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3' ] }}"
|
|
host_in_groups: "{{ inventory_hostname in groups['compute'] }}"
|
|
volumes: "{{ neutron_eswitchd_default_volumes + neutron_eswitchd_extra_volumes }}"
|
|
dimensions: "{{ neutron_eswitchd_dimensions }}"
|
|
neutron-metadata-agent:
|
|
container_name: "neutron_metadata_agent"
|
|
image: "{{ neutron_metadata_agent_image_full }}"
|
|
privileged: True
|
|
enabled: "{{ neutron_plugin_agent not in [ 'ovn', 'vmware_nsxv', 'vmware_nsxv3' ] }}"
|
|
host_in_groups: >-
|
|
{{
|
|
inventory_hostname in groups['neutron-metadata-agent']
|
|
or (inventory_hostname in groups['compute'] and neutron_plugin_agent == 'openvswitch' and enable_neutron_dvr | bool)
|
|
}}
|
|
volumes: "{{ neutron_metadata_agent_default_volumes + neutron_metadata_agent_extra_volumes }}"
|
|
dimensions: "{{ neutron_metadata_agent_dimensions }}"
|
|
healthcheck: "{{ neutron_metadata_agent_healthcheck }}"
|
|
neutron-ovn-metadata-agent:
|
|
container_name: "neutron_ovn_metadata_agent"
|
|
image: "{{ neutron_ovn_metadata_agent_image_full }}"
|
|
privileged: True
|
|
enabled: "{{ neutron_plugin_agent == 'ovn' }}"
|
|
host_in_groups: "{{ inventory_hostname in groups['neutron-ovn-metadata-agent'] }}"
|
|
volumes: "{{ neutron_ovn_metadata_agent_default_volumes + neutron_ovn_metadata_agent_extra_volumes }}"
|
|
dimensions: "{{ neutron_ovn_metadata_agent_dimensions }}"
|
|
healthcheck: "{{ neutron_ovn_metadata_agent_healthcheck }}"
|
|
neutron-bgp-dragent:
|
|
container_name: "neutron_bgp_dragent"
|
|
image: "{{ neutron_bgp_dragent_image_full }}"
|
|
privileged: True
|
|
enabled: "{{ enable_neutron_bgp_dragent | bool and neutron_plugin_agent not in ['ovn', 'vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] }}"
|
|
group: "neutron-bgp-dragent"
|
|
host_in_groups: "{{ inventory_hostname in groups['neutron-bgp-dragent'] }}"
|
|
volumes: "{{ neutron_bgp_dragent_default_volumes + neutron_bgp_dragent_extra_volumes }}"
|
|
dimensions: "{{ neutron_bgp_dragent_dimensions }}"
|
|
neutron-infoblox-ipam-agent:
|
|
container_name: "neutron_infoblox_ipam_agent"
|
|
image: "{{ neutron_infoblox_ipam_agent_image_full }}"
|
|
privileged: True
|
|
enabled: "{{ enable_neutron_infoblox_ipam_agent | bool }}"
|
|
group: "neutron-infoblox-ipam-agent"
|
|
host_in_groups: "{{ inventory_hostname in groups['neutron-infoblox-ipam-agent'] }}"
|
|
volumes: "{{ neutron_infoblox_ipam_agent_default_volumes + neutron_infoblox_ipam_agent_extra_volumes }}"
|
|
dimensions: "{{ neutron_infoblox_ipam_agent_dimensions }}"
|
|
neutron-metering-agent:
|
|
container_name: "neutron_metering_agent"
|
|
image: "{{ neutron_metering_agent_image_full }}"
|
|
privileged: True
|
|
enabled: "{{ enable_neutron_metering | bool }}"
|
|
group: "neutron-metering-agent"
|
|
host_in_groups: "{{ inventory_hostname in groups['neutron-metering-agent'] }}"
|
|
volumes: "{{ neutron_metering_agent_default_volumes + neutron_metering_agent_extra_volumes }}"
|
|
dimensions: "{{ neutron_metering_agent_dimensions }}"
|
|
ironic-neutron-agent:
|
|
container_name: "ironic_neutron_agent"
|
|
image: "{{ ironic_neutron_agent_image_full }}"
|
|
privileged: False
|
|
enabled: "{{ enable_ironic_neutron_agent | bool }}"
|
|
group: "ironic-neutron-agent"
|
|
host_in_groups: "{{ inventory_hostname in groups['ironic-neutron-agent'] }}"
|
|
volumes: "{{ ironic_neutron_agent_default_volumes + ironic_neutron_agent_extra_volumes }}"
|
|
dimensions: "{{ ironic_neutron_agent_dimensions }}"
|
|
neutron-tls-proxy:
|
|
container_name: neutron_tls_proxy
|
|
group: neutron-server
|
|
host_in_groups: "{{ inventory_hostname in groups['neutron-server'] }}"
|
|
enabled: "{{ neutron_enable_tls_backend }}"
|
|
image: "{{ neutron_tls_proxy_image_full }}"
|
|
volumes: "{{ neutron_tls_proxy_default_volumes + neutron_tls_proxy_extra_volumes }}"
|
|
dimensions: "{{ neutron_tls_proxy_dimensions }}"
|
|
healthcheck: "{{ neutron_tls_proxy_healthcheck }}"
|
|
haproxy:
|
|
neutron_tls_proxy:
|
|
enabled: "{{ enable_neutron | bool and neutron_enable_tls_backend | bool }}"
|
|
mode: "http"
|
|
external: false
|
|
port: "{{ neutron_server_port }}"
|
|
listen_port: "{{ neutron_server_listen_port }}"
|
|
tls_backend: "yes"
|
|
neutron_tls_proxy_external:
|
|
enabled: "{{ enable_neutron | bool and neutron_enable_tls_backend | bool }}"
|
|
mode: "http"
|
|
external: true
|
|
port: "{{ neutron_server_port }}"
|
|
listen_port: "{{ neutron_server_listen_port }}"
|
|
tls_backend: "yes"
|
|
|
|
####################
|
|
# Database
|
|
####################
|
|
neutron_database_name: "neutron"
|
|
neutron_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}neutron{% endif %}"
|
|
neutron_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
|
|
|
|
|
|
####################
|
|
# Docker
|
|
####################
|
|
neutron_install_type: "{{ kolla_install_type }}"
|
|
neutron_tag: "{{ openstack_tag }}"
|
|
|
|
neutron_dhcp_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-dhcp-agent"
|
|
neutron_dhcp_agent_tag: "{{ neutron_tag }}"
|
|
neutron_dhcp_agent_image_full: "{{ neutron_dhcp_agent_image }}:{{ neutron_dhcp_agent_tag }}"
|
|
|
|
neutron_l3_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-l3-agent"
|
|
neutron_l3_agent_tag: "{{ neutron_tag }}"
|
|
neutron_l3_agent_image_full: "{{ neutron_l3_agent_image }}:{{ neutron_l3_agent_tag }}"
|
|
|
|
neutron_sriov_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-sriov-agent"
|
|
neutron_sriov_agent_tag: "{{ neutron_tag }}"
|
|
neutron_sriov_agent_image_full: "{{ neutron_sriov_agent_image }}:{{ neutron_sriov_agent_tag }}"
|
|
|
|
neutron_mlnx_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-mlnx-agent"
|
|
neutron_mlnx_agent_tag: "{{ neutron_tag }}"
|
|
neutron_mlnx_agent_image_full: "{{ neutron_mlnx_agent_image }}:{{ neutron_mlnx_agent_tag }}"
|
|
|
|
neutron_eswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-mlnx-agent"
|
|
neutron_eswitchd_tag: "{{ neutron_mlnx_agent_tag }}"
|
|
neutron_eswitchd_image_full: "{{ neutron_eswitchd_image }}:{{ neutron_eswitchd_tag }}"
|
|
|
|
neutron_linuxbridge_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-linuxbridge-agent"
|
|
neutron_linuxbridge_agent_tag: "{{ neutron_tag }}"
|
|
neutron_linuxbridge_agent_image_full: "{{ neutron_linuxbridge_agent_image }}:{{ neutron_linuxbridge_agent_tag }}"
|
|
|
|
neutron_metadata_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-metadata-agent"
|
|
neutron_metadata_agent_tag: "{{ neutron_tag }}"
|
|
neutron_metadata_agent_image_full: "{{ neutron_metadata_agent_image }}:{{ neutron_metadata_agent_tag }}"
|
|
|
|
neutron_ovn_metadata_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-metadata-agent"
|
|
neutron_ovn_metadata_agent_tag: "{{ neutron_tag }}"
|
|
neutron_ovn_metadata_agent_image_full: "{{ neutron_ovn_metadata_agent_image }}:{{ neutron_ovn_metadata_agent_tag }}"
|
|
|
|
neutron_openvswitch_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-openvswitch-agent"
|
|
neutron_openvswitch_agent_tag: "{{ neutron_tag }}"
|
|
neutron_openvswitch_agent_image_full: "{{ neutron_openvswitch_agent_image }}:{{ neutron_openvswitch_agent_tag }}"
|
|
|
|
neutron_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-server"
|
|
neutron_server_tag: "{{ neutron_tag }}"
|
|
neutron_server_image_full: "{{ neutron_server_image }}:{{ neutron_server_tag }}"
|
|
|
|
neutron_bgp_dragent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-bgp-dragent"
|
|
neutron_bgp_dragent_tag: "{{ neutron_tag }}"
|
|
neutron_bgp_dragent_image_full: "{{ neutron_bgp_dragent_image }}:{{ neutron_bgp_dragent_tag }}"
|
|
|
|
neutron_infoblox_ipam_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-infoblox-ipam-agent"
|
|
neutron_infoblox_ipam_agent_tag: "{{ neutron_tag }}"
|
|
neutron_infoblox_ipam_agent_image_full: "{{ neutron_infoblox_ipam_agent_image }}:{{ neutron_infoblox_ipam_agent_tag }}"
|
|
|
|
neutron_metering_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-metering-agent"
|
|
neutron_metering_agent_tag: "{{ neutron_tag }}"
|
|
neutron_metering_agent_image_full: "{{ neutron_metering_agent_image }}:{{ neutron_metering_agent_tag }}"
|
|
|
|
ironic_neutron_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-ironic-neutron-agent"
|
|
ironic_neutron_agent_tag: "{{ neutron_tag }}"
|
|
ironic_neutron_agent_image_full: "{{ ironic_neutron_agent_image }}:{{ ironic_neutron_agent_tag }}"
|
|
|
|
neutron_tls_proxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-haproxy"
|
|
neutron_tls_proxy_tag: "{{ neutron_tag }}"
|
|
neutron_tls_proxy_image_full: "{{ neutron_tls_proxy_image }}:{{ neutron_tls_proxy_tag }}"
|
|
|
|
neutron_agent_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
neutron_dhcp_agent_dimensions: "{{ neutron_agent_dimensions }}"
|
|
neutron_l3_agent_dimensions: "{{ neutron_agent_dimensions }}"
|
|
neutron_sriov_agent_dimensions: "{{ neutron_agent_dimensions }}"
|
|
neutron_mlnx_agent_dimensions: "{{ neutron_agent_dimensions }}"
|
|
neutron_eswitchd_dimensions: "{{ neutron_agent_dimensions }}"
|
|
neutron_linuxbridge_agent_dimensions: "{{ neutron_agent_dimensions }}"
|
|
neutron_metadata_agent_dimensions: "{{ neutron_agent_dimensions }}"
|
|
neutron_ovn_metadata_agent_dimensions: "{{ neutron_agent_dimensions }}"
|
|
neutron_openvswitch_agent_dimensions: "{{ neutron_agent_dimensions }}"
|
|
neutron_server_dimensions: "{{ default_container_dimensions }}"
|
|
neutron_bgp_dragent_dimensions: "{{ default_container_dimensions }}"
|
|
neutron_infoblox_ipam_agent_dimensions: "{{ default_container_dimensions }}"
|
|
neutron_metering_agent_dimensions: "{{ neutron_agent_dimensions }}"
|
|
ironic_neutron_agent_dimensions: "{{ default_container_dimensions }}"
|
|
neutron_tls_proxy_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
neutron_dhcp_agent_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
neutron_dhcp_agent_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
neutron_dhcp_agent_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
neutron_dhcp_agent_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
neutron_dhcp_agent_healthcheck_test: ["CMD-SHELL", "healthcheck_port neutron-dhcp-agent {{ om_rpc_port }}"]
|
|
neutron_dhcp_agent_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
neutron_dhcp_agent_healthcheck:
|
|
interval: "{{ neutron_dhcp_agent_healthcheck_interval }}"
|
|
retries: "{{ neutron_dhcp_agent_healthcheck_retries }}"
|
|
start_period: "{{ neutron_dhcp_agent_healthcheck_start_period }}"
|
|
test: "{% if neutron_dhcp_agent_enable_healthchecks | bool %}{{ neutron_dhcp_agent_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ neutron_dhcp_agent_healthcheck_timeout }}"
|
|
|
|
neutron_l3_agent_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
neutron_l3_agent_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
neutron_l3_agent_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
neutron_l3_agent_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
neutron_l3_agent_healthcheck_test: ["CMD-SHELL", "healthcheck_port 'neutron-l3-agent ' {{ om_rpc_port }}"]
|
|
neutron_l3_agent_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
neutron_l3_agent_healthcheck:
|
|
interval: "{{ neutron_l3_agent_healthcheck_interval }}"
|
|
retries: "{{ neutron_l3_agent_healthcheck_retries }}"
|
|
start_period: "{{ neutron_l3_agent_healthcheck_start_period }}"
|
|
test: "{% if neutron_l3_agent_enable_healthchecks | bool %}{{ neutron_l3_agent_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ neutron_l3_agent_healthcheck_timeout }}"
|
|
|
|
neutron_linuxbridge_agent_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
neutron_linuxbridge_agent_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
neutron_linuxbridge_agent_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
neutron_linuxbridge_agent_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
neutron_linuxbridge_agent_healthcheck_test: ["CMD-SHELL", "healthcheck_port neutron-linuxbridge-agent {{ om_rpc_port }}"]
|
|
neutron_linuxbridge_agent_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
neutron_linuxbridge_agent_healthcheck:
|
|
interval: "{{ neutron_linuxbridge_agent_healthcheck_interval }}"
|
|
retries: "{{ neutron_linuxbridge_agent_healthcheck_retries }}"
|
|
start_period: "{{ neutron_linuxbridge_agent_healthcheck_start_period }}"
|
|
test: "{% if neutron_linuxbridge_agent_enable_healthchecks | bool %}{{ neutron_linuxbridge_agent_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ neutron_linuxbridge_agent_healthcheck_timeout }}"
|
|
|
|
neutron_metadata_agent_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
neutron_metadata_agent_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
neutron_metadata_agent_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
neutron_metadata_agent_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
neutron_metadata_agent_healthcheck_test: ["CMD-SHELL", "healthcheck_port neutron-metadata-agent {{ om_rpc_port }}"]
|
|
neutron_metadata_agent_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
neutron_metadata_agent_healthcheck:
|
|
interval: "{{ neutron_metadata_agent_healthcheck_interval }}"
|
|
retries: "{{ neutron_metadata_agent_healthcheck_retries }}"
|
|
start_period: "{{ neutron_metadata_agent_healthcheck_start_period }}"
|
|
test: "{% if neutron_metadata_agent_enable_healthchecks | bool %}{{ neutron_metadata_agent_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ neutron_metadata_agent_healthcheck_timeout }}"
|
|
|
|
neutron_openvswitch_agent_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
neutron_openvswitch_agent_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
neutron_openvswitch_agent_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
neutron_openvswitch_agent_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
neutron_openvswitch_agent_healthcheck_test: ["CMD-SHELL", "healthcheck_port neutron-openvswitch-agent {{ om_rpc_port }}"]
|
|
neutron_openvswitch_agent_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
neutron_openvswitch_agent_healthcheck:
|
|
interval: "{{ neutron_openvswitch_agent_healthcheck_interval }}"
|
|
retries: "{{ neutron_openvswitch_agent_healthcheck_retries }}"
|
|
start_period: "{{ neutron_openvswitch_agent_healthcheck_start_period }}"
|
|
test: "{% if neutron_openvswitch_agent_enable_healthchecks | bool %}{{ neutron_openvswitch_agent_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ neutron_openvswitch_agent_healthcheck_timeout }}"
|
|
|
|
neutron_ovn_metadata_agent_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
neutron_ovn_metadata_agent_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
neutron_ovn_metadata_agent_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
neutron_ovn_metadata_agent_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
neutron_ovn_metadata_agent_healthcheck_test: ["CMD-SHELL", "healthcheck_port python {{ ovn_sb_db_port }}"]
|
|
neutron_ovn_metadata_agent_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
neutron_ovn_metadata_agent_healthcheck:
|
|
interval: "{{ neutron_ovn_metadata_agent_healthcheck_interval }}"
|
|
retries: "{{ neutron_ovn_metadata_agent_healthcheck_retries }}"
|
|
start_period: "{{ neutron_ovn_metadata_agent_healthcheck_start_period }}"
|
|
test: "{% if neutron_ovn_metadata_agent_enable_healthchecks | bool %}{{ neutron_ovn_metadata_agent_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ neutron_ovn_metadata_agent_healthcheck_timeout }}"
|
|
|
|
neutron_server_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
neutron_server_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
neutron_server_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
neutron_server_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
neutron_server_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{% if neutron_enable_tls_backend | bool %}localhost{% else %}{{ api_interface_address | put_address_in_context('url') }}{% endif %}:{{ neutron_server_listen_port }}"]
|
|
neutron_server_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
neutron_server_healthcheck:
|
|
interval: "{{ neutron_server_healthcheck_interval }}"
|
|
retries: "{{ neutron_server_healthcheck_retries }}"
|
|
start_period: "{{ neutron_server_healthcheck_start_period }}"
|
|
test: "{% if neutron_server_enable_healthchecks | bool %}{{ neutron_server_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ neutron_server_healthcheck_timeout }}"
|
|
|
|
neutron_tls_proxy_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
neutron_tls_proxy_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
neutron_tls_proxy_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
neutron_tls_proxy_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
neutron_tls_proxy_healthcheck_test: ["CMD-SHELL", "healthcheck_curl -u {{ haproxy_user }}:{{ haproxy_password }} {{ api_interface_address | put_address_in_context('url') }}:{{ neutron_tls_proxy_stats_port }}"]
|
|
neutron_tls_proxy_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
neutron_tls_proxy_healthcheck:
|
|
interval: "{{ neutron_tls_proxy_healthcheck_interval }}"
|
|
retries: "{{ neutron_tls_proxy_healthcheck_retries }}"
|
|
start_period: "{{ neutron_tls_proxy_healthcheck_start_period }}"
|
|
test: "{% if neutron_tls_proxy_enable_healthchecks | bool %}{{ neutron_tls_proxy_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ neutron_tls_proxy_healthcheck_timeout }}"
|
|
|
|
neutron_sriov_agent_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
neutron_sriov_agent_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
neutron_sriov_agent_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
neutron_sriov_agent_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
neutron_sriov_agent_healthcheck_test: ["CMD-SHELL", "healthcheck_port neutron-sriov-nic-agent {{ om_rpc_port }}"]
|
|
neutron_sriov_agent_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
neutron_sriov_agent_healthcheck:
|
|
interval: "{{ neutron_sriov_agent_healthcheck_interval }}"
|
|
retries: "{{ neutron_sriov_agent_healthcheck_retries }}"
|
|
start_period: "{{ neutron_sriov_agent_healthcheck_start_period }}"
|
|
test: "{% if neutron_sriov_agent_enable_healthchecks | bool %}{{ neutron_sriov_agent_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ neutron_sriov_agent_healthcheck_timeout }}"
|
|
|
|
neutron_dhcp_agent_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-dhcp-agent/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
|
|
- "/run/netns:/run/netns:shared"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
|
neutron_l3_agent_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-l3-agent/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "/lib/modules:/lib/modules:ro"
|
|
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
|
|
- "/run/netns:/run/netns:shared"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
|
neutron_sriov_agent_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-sriov-agent/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
|
neutron_mlnx_agent_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-mlnx-agent/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
|
neutron_eswitchd_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-eswitchd/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "/run/libvirt:/run/libvirt:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
|
neutron_linuxbridge_agent_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-linuxbridge-agent/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "/lib/modules:/lib/modules:ro"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
|
neutron_metadata_agent_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-metadata-agent/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
|
neutron_ovn_metadata_agent_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-ovn-metadata-agent/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
|
|
- "/run/openvswitch:/run/openvswitch:shared"
|
|
- "/run/netns:/run/netns:shared"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
|
neutron_openvswitch_agent_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-openvswitch-agent/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "/lib/modules:/lib/modules:ro"
|
|
- "/run/openvswitch:/run/openvswitch:shared"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
|
neutron_server_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-server/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
|
neutron_bgp_dragent_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-bgp-dragent/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
neutron_infoblox_ipam_agent_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-infoblox-ipam-agent/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
neutron_metering_agent_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-metering-agent/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "{{ kolla_dev_repos_directory ~ '/neutron/neutron:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/neutron' if neutron_dev_mode | bool else '' }}"
|
|
ironic_neutron_agent_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-neutron-agent/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
neutron_tls_proxy_default_volumes:
|
|
- "{{ node_config_directory }}/neutron-tls-proxy/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
|
|
neutron_extra_volumes: "{{ default_extra_volumes }}"
|
|
neutron_dhcp_agent_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_l3_agent_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_sriov_agent_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_mlnx_agent_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_eswitchd_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_linuxbridge_agent_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_metadata_agent_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_ovn_metadata_agent_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_openvswitch_agent_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_server_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_bgp_dragent_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_infoblox_ipam_agent_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_metering_agent_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
ironic_neutron_agent_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
neutron_tls_proxy_extra_volumes: "{{ neutron_extra_volumes }}"
|
|
|
|
####################
|
|
# OpenStack
|
|
####################
|
|
dhcp_agents_per_network: 2
|
|
max_l3_agents_per_router: 3
|
|
|
|
neutron_logging_debug: "{{ openstack_logging_debug }}"
|
|
|
|
openstack_neutron_auth: "{{ openstack_auth }}"
|
|
|
|
# Set to KOLLA_SKIP to skip setting these (even if set already - total ignore).
|
|
# Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file.
|
|
neutron_l3_agent_host_rp_filter_mode: 0
|
|
neutron_l3_agent_host_ipv4_neigh_gc_thresh1: 128
|
|
neutron_l3_agent_host_ipv4_neigh_gc_thresh2: 28672
|
|
neutron_l3_agent_host_ipv4_neigh_gc_thresh3: 32768
|
|
neutron_l3_agent_host_ipv6_neigh_gc_thresh1: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"
|
|
neutron_l3_agent_host_ipv6_neigh_gc_thresh2: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"
|
|
neutron_l3_agent_host_ipv6_neigh_gc_thresh3: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"
|
|
|
|
####################
|
|
# Subprojects
|
|
####################
|
|
neutron_subprojects:
|
|
- name: "networking-sfc"
|
|
enabled: "{{ enable_neutron_sfc | bool }}"
|
|
- name: "neutron-dynamic-routing"
|
|
enabled: "{{ enable_neutron_bgp_dragent | bool }}"
|
|
- name: "neutron-vpnaas"
|
|
enabled: "{{ enable_neutron_vpnaas | bool }}"
|
|
|
|
####################
|
|
# Mechanism drivers
|
|
####################
|
|
mechanism_drivers:
|
|
- name: "linuxbridge"
|
|
enabled: "{{ neutron_plugin_agent == 'linuxbridge' }}"
|
|
- name: "openvswitch"
|
|
enabled: "{{ neutron_plugin_agent == 'openvswitch' }}"
|
|
- name: "mlnx_infiniband"
|
|
enabled: "{{ enable_neutron_mlnx | bool }}"
|
|
- name: "baremetal"
|
|
enabled: "{{ enable_ironic_neutron_agent | bool }}"
|
|
- name: "l2population"
|
|
enabled: "{{ neutron_plugin_agent != 'ovn' }}"
|
|
- name: "ovn"
|
|
enabled: "{{ neutron_plugin_agent == 'ovn' }}"
|
|
- name: "sriovnicswitch"
|
|
enabled: "{{ enable_neutron_sriov | bool }}"
|
|
|
|
neutron_mechanism_drivers: "{{ mechanism_drivers | selectattr('enabled', 'equalto', true) | list }}"
|
|
|
|
####################
|
|
# Extension drivers
|
|
####################
|
|
extension_drivers:
|
|
- name: "qos"
|
|
enabled: "{{ enable_neutron_qos | bool }}"
|
|
- name: "port_security"
|
|
enabled: true
|
|
- name: "dns"
|
|
enabled: "{{ enable_designate | bool }}"
|
|
- name: "sfc"
|
|
enabled: "{{ enable_neutron_sfc | bool }}"
|
|
|
|
neutron_extension_drivers: "{{ extension_drivers | selectattr('enabled', 'equalto', true) | list }}"
|
|
|
|
####################
|
|
# Neutron bootstrap
|
|
####################
|
|
neutron_bootstrap_services: "{{ neutron_subprojects | selectattr('enabled') | map(attribute='name') | list }}"
|
|
|
|
####################
|
|
# Neutron upgrade
|
|
####################
|
|
neutron_enable_rolling_upgrade: "yes"
|
|
neutron_rolling_upgrade_services: "{{ neutron_subprojects | selectattr('enabled') | map(attribute='name') | list }}"
|
|
|
|
####################
|
|
# Service Plugins
|
|
####################
|
|
service_plugins:
|
|
- name: "flow_classifier"
|
|
enabled: "{{ enable_neutron_sfc | bool }}"
|
|
- name: "metering"
|
|
enabled: "{{ enable_neutron_metering | bool }}"
|
|
- name: "neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin"
|
|
enabled: "{{ enable_neutron_bgp_dragent | bool }}"
|
|
- name: "qos"
|
|
enabled: "{{ enable_neutron_qos | bool }}"
|
|
- name: "router"
|
|
enabled: "{{ neutron_plugin_agent != 'ovn' }}"
|
|
- name: "segments"
|
|
enabled: "{{ enable_neutron_segments | bool }}"
|
|
- name: "sfc"
|
|
enabled: "{{ enable_neutron_sfc | bool }}"
|
|
- name: "trunk"
|
|
enabled: "{{ enable_neutron_trunk | bool }}"
|
|
- name: "vpnaas"
|
|
enabled: "{{ enable_neutron_vpnaas | bool }}"
|
|
- name: "port_forwarding"
|
|
enabled: "{{ enable_neutron_port_forwarding | bool }}"
|
|
- name: "ovn-router"
|
|
enabled: "{{ neutron_plugin_agent == 'ovn' }}"
|
|
|
|
neutron_service_plugins: "{{ service_plugins | selectattr('enabled', 'equalto', true) | list }}"
|
|
|
|
####################
|
|
# Notification
|
|
####################
|
|
neutron_notification_topics:
|
|
- name: notifications
|
|
enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool or enable_neutron_infoblox_ipam_agent | bool }}"
|
|
- name: notifications_designate
|
|
enabled: "{{ enable_designate | bool }}"
|
|
- name: vitrage_notifications
|
|
enabled: "{{ enable_vitrage | bool }}"
|
|
|
|
neutron_enabled_notification_topics: "{{ neutron_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
|
|
|
|
####################
|
|
# Agent Extensions
|
|
####################
|
|
agent_extensions:
|
|
- name: "qos"
|
|
enabled: "{{ enable_neutron_qos | bool }}"
|
|
- name: "sfc"
|
|
enabled: "{{ enable_neutron_sfc | bool }}"
|
|
- name: "fdb"
|
|
enabled: "{{ enable_neutron_sriov | bool }}"
|
|
|
|
neutron_agent_extensions: "{{ agent_extensions | selectattr('enabled', 'equalto', true) | list }}"
|
|
|
|
l3_agent_extensions:
|
|
- name: "vpnaas"
|
|
enabled: "{{ enable_neutron_vpnaas | bool }}"
|
|
- name: "port_forwarding"
|
|
enabled: "{{ enable_neutron_port_forwarding | bool }}"
|
|
|
|
neutron_l3_agent_extensions: "{{ l3_agent_extensions | selectattr('enabled', 'equalto', true) | list }}"
|
|
|
|
####################
|
|
# VMware NSXV
|
|
####################
|
|
vmware_nsxv_user: "nsx_manager_user"
|
|
vmware_nsxv_manager_uri: "https://127.0.0.1"
|
|
vmware_nsxv_insecure: "True"
|
|
vmware_nsxv_cluster_moid: "TestCluster"
|
|
vmware_nsxv_datacenter_moid: "TestDataCeter"
|
|
vmware_nsxv_resource_pool_id: "TestRSGroup"
|
|
vmware_nsxv_datastore_id: "TestDataStore"
|
|
vmware_nsxv_external_network: "TestDVSPort-Ext"
|
|
vmware_nsxv_vdn_scope_id: "TestVDNScope"
|
|
vmware_nsxv_dvs_id: "TestDVS"
|
|
vmware_nsxv_backup_edge_pool: "service:compact:1:2"
|
|
vmware_nsxv_spoofguard_enabled: "false"
|
|
vmware_nsxv_metadata_initializer: "false"
|
|
vmware_nsxv_edge_ha: "false"
|
|
|
|
####################
|
|
# VMware NSXV3
|
|
####################
|
|
nsxv3_metadata_proxy: "metadata proxy uuid"
|
|
nsxv3_dhcp_profile: "dhcp service uuid"
|
|
nsxv3_native_dhcp_metadata: "true"
|
|
nsxv3_api_user: "user"
|
|
nsxv3_api_managers: "127.0.0.1"
|
|
nsxv3_default_tier0_router: "tier0 router uuid"
|
|
nsxv3_default_vlan_tz: "vlan TZ uuid"
|
|
nsxv3_default_overlay_tz: "overlay TZ uuid"
|
|
|
|
####################
|
|
# VMware DVS
|
|
####################
|
|
vmware_dvs_host_ip: "192.168.1.1"
|
|
vmware_dvs_host_port: "443"
|
|
vmware_dvs_host_username: "admin"
|
|
vmware_dvs_insecure: "True"
|
|
vmware_dvs_dvs_name: "VDS-1"
|
|
vmware_dvs_dhcp_override_mac: ""
|
|
|
|
####################
|
|
# Infoblox IPAM
|
|
####################
|
|
infoblox_cloud_data_center_id: "1"
|
|
infoblox_grid_master_host: "192.168.1.1"
|
|
infoblox_grid_master_name: "infoblox.localdomain"
|
|
infoblox_admin_user_name: "admin"
|
|
infoblox_wapi_version: "2.3"
|
|
infoblox_wapi_max_results: "-50000"
|
|
|
|
######################
|
|
# Mellanox Agent
|
|
######################
|
|
# "ibphysnet" and "ib0" used here as placeholders
|
|
neutron_mlnx_physnet_mappings:
|
|
ibphysnet: "ib0"
|
|
neutron_mlnx_physnets: "{{ neutron_mlnx_physnet_mappings.items() | map('join', ':') | join(',') }}"
|
|
|
|
######################
|
|
# Notification Drivers
|
|
######################
|
|
notification_drivers: []
|
|
|
|
neutron_notification_drivers: "{{ notification_drivers | selectattr('enabled', 'equalto', true) | list }}"
|
|
|
|
####################
|
|
# Kolla
|
|
####################
|
|
neutron_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
|
|
neutron_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
|
|
neutron_dev_mode: "{{ kolla_dev_mode }}"
|
|
neutron_source_version: "{{ kolla_source_version }}"
|
|
|
|
####################
|
|
# Keystone
|
|
####################
|
|
neutron_ks_services:
|
|
- name: "neutron"
|
|
type: "network"
|
|
description: "Openstack Networking"
|
|
endpoints:
|
|
- {'interface': 'admin', 'url': '{{ neutron_admin_endpoint }}'}
|
|
- {'interface': 'internal', 'url': '{{ neutron_internal_endpoint }}'}
|
|
- {'interface': 'public', 'url': '{{ neutron_public_endpoint }}'}
|
|
|
|
neutron_ks_users:
|
|
- project: "service"
|
|
user: "{{ neutron_keystone_user }}"
|
|
password: "{{ neutron_keystone_password }}"
|
|
role: "admin"
|
|
|
|
####################
|
|
# SRIOV
|
|
####################
|
|
neutron_sriov_physnets: "{{ neutron_sriov_physnet_mappings.items() | map('join', ':') | join(',') }}"
|
|
|
|
####################
|
|
# Backend TLS proxy
|
|
####################
|
|
syslog_server: "{{ api_interface_address }}"
|
|
syslog_neutron_tls_proxy_facility: "local4"
|
|
|
|
neutron_tls_proxy_max_connections: 40000
|
|
neutron_tls_proxy_processes: 1
|
|
neutron_tls_proxy_process_cpu_map: "no"
|
|
neutron_tls_proxy_defaults_max_connections: 10000
|
|
neutron_tls_proxy_http_request_timeout: "10s"
|
|
neutron_tls_proxy_http_keep_alive_timeout: "10s"
|
|
neutron_tls_proxy_queue_timeout: "1m"
|
|
neutron_tls_proxy_connect_timeout: "10s"
|
|
neutron_tls_proxy_client_timeout: "1m"
|
|
neutron_tls_proxy_server_timeout: "1m"
|
|
neutron_tls_proxy_check_timeout: "10s"
|
|
# Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options
|
|
neutron_tls_proxy_defaults_balance: "roundrobin"
|