09df6fc1aa
A combination of durable queues and classic queue mirroring can be used to provide high availability of RabbitMQ. However, these options should only be used together, otherwise the system will become unstable. Using the flag ``om_enable_rabbitmq_high_availability`` will either enable both options at once, or neither of them. There are some queues that should not be mirrored: * ``reply`` queues (these have a single consumer and TTL policy) * ``fanout`` queues (these have a TTL policy) * ``amq`` queues (these are auto-delete queues, with a single consumer) An exclusionary pattern is used in the classic mirroring policy. This pattern is ``^(?!(amq\\.)|(.*_fanout_)|(reply_)).*`` Change-Id: I51c8023b260eb40b2eaa91bd276b46890c215c25
136 lines
4.2 KiB
Django/Jinja
136 lines
4.2 KiB
Django/Jinja
[DEFAULT]
|
|
debug = {{ zun_logging_debug }}
|
|
|
|
{% if service_name == 'zun-api' %}
|
|
# Force zun-api.log or will use app.wsgi
|
|
log_file = /var/log/kolla/zun/zun-api.log
|
|
{% endif %}
|
|
|
|
log_dir = /var/log/kolla/zun
|
|
transport_url = {{ rpc_transport_url }}
|
|
|
|
state_path = /var/lib/zun
|
|
container_driver = docker
|
|
capsule_driver = cri
|
|
|
|
[network]
|
|
driver = kuryr
|
|
|
|
[database]
|
|
connection = mysql+pymysql://{{ zun_database_user }}:{{ zun_database_password }}@{{ zun_database_address }}/{{ zun_database_name }}
|
|
connection_recycle_time = {{ database_connection_recycle_time }}
|
|
max_pool_size = {{ database_max_pool_size }}
|
|
max_retries = -1
|
|
|
|
# NOTE(yoctozepto): despite what the docs say, both keystone_auth and
|
|
# keystone_authtoken sections are used and Zun internals may use either -
|
|
# - best keep them both in sync
|
|
[keystone_auth]
|
|
www_authenticate_uri = {{ keystone_internal_url }}
|
|
auth_url = {{ keystone_internal_url }}
|
|
auth_type = password
|
|
project_domain_id = {{ default_project_domain_id }}
|
|
user_domain_id = {{ default_user_domain_id }}
|
|
project_name = service
|
|
username = {{ zun_keystone_user }}
|
|
password = {{ zun_keystone_password }}
|
|
service_token_roles_required = True
|
|
region_name = {{ openstack_region_name }}
|
|
cafile = {{ openstack_cacert }}
|
|
|
|
{% if enable_memcached | bool %}
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcache_secret_key }}
|
|
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
|
{% endif %}
|
|
|
|
# NOTE(yoctozepto): despite what the docs say, both keystone_auth and
|
|
# keystone_authtoken sections are used and Zun internals may use either -
|
|
# - best keep them both in sync
|
|
[keystone_authtoken]
|
|
service_type = container
|
|
www_authenticate_uri = {{ keystone_internal_url }}
|
|
auth_url = {{ keystone_internal_url }}
|
|
auth_type = password
|
|
project_domain_id = {{ default_project_domain_id }}
|
|
user_domain_id = {{ default_user_domain_id }}
|
|
project_name = service
|
|
username = {{ zun_keystone_user }}
|
|
password = {{ zun_keystone_password }}
|
|
service_token_roles_required = True
|
|
region_name = {{ openstack_region_name }}
|
|
cafile = {{ openstack_cacert }}
|
|
|
|
{% if enable_memcached | bool %}
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcache_secret_key }}
|
|
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
|
{% endif %}
|
|
|
|
[zun_client]
|
|
region_name = {{ openstack_region_name }}
|
|
endpoint_type = internalURL
|
|
ca_file = {{ openstack_cacert }}
|
|
|
|
[glance_client]
|
|
region_name = {{ openstack_region_name }}
|
|
endpoint_type = internalURL
|
|
ca_file = {{ openstack_cacert }}
|
|
|
|
[neutron_client]
|
|
region_name = {{ openstack_region_name }}
|
|
endpoint_type = internalURL
|
|
ca_file = {{ openstack_cacert }}
|
|
|
|
[cinder_client]
|
|
region_name = {{ openstack_region_name }}
|
|
endpoint_type = internalURL
|
|
ca_file = {{ openstack_cacert }}
|
|
|
|
[placement_client]
|
|
region_name = {{ openstack_region_name }}
|
|
endpoint_type = internalURL
|
|
ca_file = {{ openstack_cacert }}
|
|
|
|
{% if enable_osprofiler | bool %}
|
|
[profiler]
|
|
enabled = true
|
|
trace_sqlalchemy = true
|
|
hmac_keys = {{ osprofiler_secret }}
|
|
connection_string = {{ osprofiler_backend_connection_string }}
|
|
{% endif %}
|
|
|
|
[oslo_concurrency]
|
|
lock_path = /var/lib/zun/tmp
|
|
|
|
{% if zun_policy_file is defined %}
|
|
[oslo_policy]
|
|
policy_file = {{ zun_policy_file }}
|
|
{% endif %}
|
|
|
|
[compute]
|
|
host_shared_with_nova = {{ inventory_hostname in groups['compute'] and enable_nova | bool and not enable_nova_fake | bool }}
|
|
|
|
[websocket_proxy]
|
|
wsproxy_host = {{ api_interface_address }}
|
|
wsproxy_port = {{ zun_wsproxy_port }}
|
|
base_url = {{ zun_wsproxy_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ zun_wsproxy_port }}
|
|
|
|
[docker]
|
|
api_url = tcp://{{ api_interface_address | put_address_in_context('url') }}:2375
|
|
docker_remote_api_host = {{ api_interface_address }}
|
|
docker_remote_api_port = 2375
|
|
|
|
[cni_daemon]
|
|
cni_daemon_port = {{ zun_cni_daemon_port }}
|
|
|
|
[oslo_messaging_rabbit]
|
|
heartbeat_in_pthread = {{ service_name == 'zun-api' }}
|
|
{% if om_enable_rabbitmq_tls | bool %}
|
|
ssl = true
|
|
ssl_ca_file = {{ om_rabbitmq_cacert }}
|
|
{% endif %}
|
|
{% if om_enable_rabbitmq_high_availability | bool %}
|
|
amqp_durable_queues = true
|
|
{% endif %}
|