# {{ ansible_managed }} {% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} {% set api_threads = _api_threads if _api_threads > 0 else 1 %} # General, applies to all host groups [DEFAULT] debug = {{ debug }} fatal_deprecations = {{ neutron_fatal_deprecations }} log_file = /var/log/neutron/neutron.log {% if inventory_hostname in groups[neutron_services['neutron-server']['group']] %} # General, only applies to neutron server host group allow_overlapping_ips = True vlan_transparent = False # Plugins core_plugin = {{ neutron_plugin_core }} {% if neutron_plugin_type.split('.')[0] == 'ml2' %} service_plugins = {{ neutron_plugin_loaded_base }} {% endif %} # MAC address generation for VIFs base_mac = fa:16:3e:00:00:00 mac_generation_retries = 16 # Authentication method auth_strategy = keystone # Drivers network_scheduler_driver = {{ neutron_driver_network_scheduler }} router_scheduler_driver = {{ neutron_driver_router_scheduler }} loadbalancer_pool_scheduler_driver = {{ neutron_driver_loadbalancer_pool_scheduler }} {% if neutron_ceilometer_enabled %} notification_driver = messagingv2 {% endif %} # Schedulers network_auto_schedule = True router_auto_schedule = True # Distributed virtual routing (disable by default) router_distributed = False # Agents agent_down_time = {{ neutron_agent_down_time }} {% set num_agent = groups[neutron_services['neutron-dhcp-agent']['group']] | length %} {% if neutron_plugin_type.split('.')[0] == 'ml2' and num_agent >= 2 %} {% if neutron_services['neutron-linuxbridge-agent']['service_en'] | bool %} {% set max_l3_router = num_agent if num_agent > 2 else 2 %} {% set min_l3_router = num_agent if (num_agent > 2 and num_agent < max_l3_router) else 2 %} # L3HA l3_ha = True l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }} min_l3_agents_per_router = {{ min_l3_router }} max_l3_agents_per_router = {{ max_l3_router }} ha_network_type = {{ neutron_provider_networks.network_mappings_list[0].split(':')[0] }} ha_network_physical_name = {{ neutron_provider_networks.network_mappings_list[0].split(':')[-1] }} {% endif %} {% endif %} # API bind_port = 9696 bind_host = 0.0.0.0 # Workers api_workers = {{ neutron_api_workers | default(api_threads) }} rpc_workers = {{ neutron_rpc_workers }} {% set dhcp_agents_max = num_agent if num_agent > 2 else 2 %} # DHCP dhcp_agent_notification = True dhcp_agents_per_network = {{ dhcp_agents_max }} dhcp_lease_duration = 86400 # Nova notifications notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True send_events_interval = 2 nova_url = {{ nova_service_adminurl|replace('/%(tenant_id)s', '') }} ## Rpc all rpc_backend = {{ neutron_rpc_backend }} executor_thread_pool_size = {{ neutron_rpc_thread_pool_size }} rpc_conn_pool_size = {{ neutron_rpc_conn_pool_size }} rpc_response_timeout = {{ neutron_rpc_response_timeout }} [nova] auth_plugin = {{ nova_keystone_auth_plugin }} auth_url = {{ keystone_service_adminurl }} region_name = {{ nova_service_region }} project_domain_id = {{ nova_service_project_domain_id }} user_domain_id = {{ nova_service_user_domain_id }} project_name = {{ nova_service_project_name }} username = {{ nova_service_user_name }} password = {{ nova_service_password }} endpoint_type = internal # Quotas [quotas] quota_driver = {{ neutron_driver_quota }} quota_items = network,subnet,port default_quota = {{ neutron_default_quota }} quota_floatingip = {{ neutron_quota_floatingip }} quota_health_monitor = {{ neutron_quota_health_monitor }} quota_member = {{ neutron_quota_member }} quota_network = {{ neutron_quota_network }} quota_network_gateway = {{ neutron_quota_network_gateway }} quota_packet_filter = {{ neutron_quota_packet_filter }} quota_pool = {{ neutron_quota_pool }} quota_port = {{ neutron_quota_port }} quota_router = {{ neutron_quota_router }} quota_security_group = {{ neutron_quota_security_group }} quota_security_group_rule = {{ neutron_quota_security_group_rule }} quota_subnet = {{ neutron_quota_subnet }} quota_vip = {{ neutron_quota_vip }} # Keystone authentication [keystone_authtoken] insecure = {{ keystone_service_internaluri_insecure | bool }} auth_plugin = {{ neutron_keystone_auth_plugin }} signing_dir = /var/cache/neutron auth_url = {{ keystone_service_adminuri }} auth_uri = {{ keystone_service_internaluri }} project_domain_id = {{ neutron_service_project_domain_id }} user_domain_id = {{ neutron_service_user_domain_id }} project_name = {{ neutron_service_project_name }} username = {{ neutron_service_user_name }} password = {{ neutron_service_password }} memcached_servers = {{ memcached_servers }} token_cache_time = 300 revocation_cache_time = 60 # Prevent cache poisoning if sharing a memcached server memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcached_encryption_key }} # Enable if your keystone deployment uses PKI and you prefer security over # performance (disable by default) check_revocations_for_cached = False # Database [database] connection = mysql+pymysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ neutron_galera_address }}/{{ neutron_galera_database }}?charset=utf8 max_overflow = {{ neutron_db_max_overflow }} max_pool_size = {{ neutron_db_pool_size }} pool_timeout = {{ neutron_db_pool_timeout }} # Service providers [service_providers] {% if neutron_lbaas | bool %} service_provider = LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default {% elif neutron_lbaasv2 | bool %} service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default {% endif %} {% if neutron_vpnaas| bool %} service_provider = VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default {% endif %} {% endif %} {% if neutron_fwaas | bool and neutron_plugin_type != 'plumgrid' %} [fwaas] enabled = true driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver {% endif %} # Agent [agent] polling_interval = {{ neutron_agent_polling_interval|default(5) }} report_interval = {{ neutron_report_interval|int }} root_helper = sudo {{ neutron_bin }}/neutron-rootwrap /etc/neutron/rootwrap.conf # Messaging service [oslo_messaging_rabbit] rabbit_port = {{ neutron_rabbitmq_port }} rabbit_userid = {{ neutron_rabbitmq_userid }} rabbit_password = {{ neutron_rabbitmq_password }} rabbit_virtual_host = {{ neutron_rabbitmq_vhost }} rabbit_hosts = {{ neutron_rabbitmq_servers }} rabbit_use_ssl = {{ neutron_rabbitmq_use_ssl }} # Concurrency (locking mechanisms) [oslo_concurrency] lock_path = /var/lock/neutron