# {{ ansible_managed }} {% set neutron_plugin_loaded_base = [] %} {% for plugin in neutron_plugin_base %} {% if plugin not in ['dns', 'dns_domain_ports', 'subnet_dns_publish_fixed_ip', 'dns_domain_keywords'] %} {% set _ = neutron_plugin_loaded_base.append(plugin) %} {% endif %} {% endfor %} # General, applies to all host groups [DEFAULT] # Disable stderr logging use_stderr = False debug = {{ debug }} fatal_deprecations = {{ neutron_fatal_deprecations }} use_journal = True ## Rpc all executor_thread_pool_size = {{ neutron_rpc_thread_pool_size }} rpc_response_timeout = {{ neutron_rpc_response_timeout }} transport_url = {{ neutron_oslomsg_rpc_transport }}://{% for host in neutron_oslomsg_rpc_servers.split(',') %}{{ neutron_oslomsg_rpc_userid }}:{{ neutron_oslomsg_rpc_password }}@{{ host }}:{{ neutron_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _neutron_oslomsg_rpc_vhost_conf }}{% if neutron_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ neutron_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ neutron_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} # Domain to use for building hostnames dns_domain = {{ neutron_dns_domain }} {% if neutron_services['neutron-server']['group'] in group_names %} # Enable SSL on the API server use_ssl = {{ neutron_backend_ssl }} # General, only applies to neutron server host group vlan_transparent = False # Availability zone {% if neutron_default_availability_zones %} default_availability_zones = {{ neutron_default_availability_zones | join(',') }} {% if neutron_default_availability_zones | length > 1 %} router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.AZLeastRoutersScheduler network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.AZAwareWeightScheduler {% endif %} {% endif %} # Plugins core_plugin = {{ neutron_plugin_core }} {% if neutron_plugin_type.split('.')[0] == 'ml2' %} service_plugins = {{ neutron_plugin_loaded_base | join(',') }} {% endif %} # MAC address generation for VIFs base_mac = fa:16:3e:00:00:00 mac_generation_retries = 16 # Authentication method auth_strategy = keystone # Drivers network_scheduler_driver = {{ neutron_driver_network_scheduler }} router_scheduler_driver = {{ neutron_driver_router_scheduler }} # Schedulers network_auto_schedule = True router_auto_schedule = True # Distributed virtual routing router_distributed = {{ neutron_plugins[neutron_plugin_type].router_distributed | default('False') }} enable_dvr = {{ neutron_plugins[neutron_plugin_type].router_distributed | default('False') }} # Agents agent_down_time = {{ neutron_agent_down_time }} {% set num_l3_agent = (neutron_l3_agents_max | int) if neutron_l3_agents_max is defined else groups[neutron_services['neutron-l3-agent']['group']] | length %} {% if neutron_plugin_type.split('.')[0] == 'ml2' and num_l3_agent >= 2 %} {% if neutron_services['neutron-linuxbridge-agent']['service_en'] | bool or neutron_services['neutron-openvswitch-agent']['service_en'] | bool %} {% set max_l3_router = num_l3_agent if num_l3_agent > 2 else 2 %} # L3HA l3_ha = True l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }} max_l3_agents_per_router = {{ max_l3_router }} {% if neutron_provider_networks.network_mappings_list is defined and ((neutron_provider_networks.network_mappings_list | length) > 0) %} ha_network_type = {{ neutron_provider_networks.network_mappings_list[0].split(':')[0] }} ha_network_physical_name = {{ neutron_provider_networks.network_mappings_list[0].split(':')[-1] }} {% endif %} {% endif %} {% endif %} # API bind_port = 9696 bind_host = {{ neutron_api_bind_address }} # Workers api_workers = {{ neutron_api_workers | default(neutron_api_threads) }} rpc_workers = {{ neutron_rpc_workers }} {% set num_dhcp_agent = (neutron_dhcp_agents_max | int) if neutron_dhcp_agents_max is defined else groups[neutron_services['neutron-dhcp-agent']['group']] | length %} {% set dhcp_agents_max = num_dhcp_agent if num_dhcp_agent > 2 else 2 %} # DHCP {% if neutron_plugin_type == 'vmware.nsx' %} dhcp_agent_notification = False {% else %} dhcp_agent_notification = True dhcp_agents_per_network = {{ dhcp_agents_max }} dhcp_lease_duration = 86400 {% endif %} # Driver for external DNS integration. (string value) {% if neutron_designate_enabled %} external_dns_driver = designate {% else %} #external_dns_driver = {% endif %} # Nova notifications notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True send_events_interval = 2 # End of [DEFAULT] section {% if neutron_plugin_type == 'ml2.lxb' %} [experimental] linuxbridge = True {% endif %} {% if neutron_designate_enabled %} [designate] # required by current dns integration implementation url = {{ designate_service_adminurl }} region_name = {{ neutron_service_region }} auth_type = password username = {{ neutron_service_user_name }} password = {{ neutron_service_password }} project_name = {{ neutron_service_project_name }} user_domain_id = {{ neutron_service_user_domain_id }} project_domain_id = {{ neutron_service_project_domain_id }} auth_url = {{ keystone_service_adminurl }} insecure = {{ keystone_service_adminuri_insecure | bool }} allow_reverse_dns_lookup = {{ neutron_allow_reverse_dns_lookup }} ipv4_ptr_zone_prefix_size = {{ neutron_ipv4_ptr_zone_prefix_size }} ipv6_ptr_zone_prefix_size = {{ neutron_ipv6_ptr_zone_prefix_size }} {% endif %} [placement] auth_type = password username = {{ neutron_service_user_name }} password = {{ neutron_service_password }} project_name = {{ neutron_service_project_name }} user_domain_id = {{ neutron_service_user_domain_id }} project_domain_id = {{ neutron_service_project_domain_id }} region_name = {{ neutron_service_region }} auth_url = {{ keystone_service_adminurl }} insecure = {{ keystone_service_adminuri_insecure | bool }} endpoint_type = internal [nova] region_name = {{ neutron_service_region }} auth_type = password username = {{ neutron_service_user_name }} password = {{ neutron_service_password }} project_name = {{ neutron_service_project_name }} user_domain_id = {{ neutron_service_user_domain_id }} project_domain_id = {{ neutron_service_project_domain_id }} auth_url = {{ keystone_service_adminurl }} endpoint_type = internal insecure = {{ keystone_service_adminuri_insecure | bool }} # Quotas [quotas] quota_driver = {{ neutron_driver_quota }} quota_items = network,subnet,port default_quota = {{ neutron_default_quota }} quota_floatingip = {{ neutron_quota_floatingip }} quota_health_monitor = {{ neutron_quota_health_monitor }} quota_member = {{ neutron_quota_member }} quota_network = {{ neutron_quota_network }} quota_network_gateway = {{ neutron_quota_network_gateway }} quota_packet_filter = {{ neutron_quota_packet_filter }} quota_pool = {{ neutron_quota_pool }} quota_port = {{ neutron_quota_port }} quota_router = {{ neutron_quota_router }} quota_security_group = {{ neutron_quota_security_group }} quota_security_group_rule = {{ neutron_quota_security_group_rule }} quota_subnet = {{ neutron_quota_subnet }} quota_vip = {{ neutron_quota_vip }} quota_firewall = {{ neutron_quota_firewall }} quota_firewall_policy = {{ neutron_quota_firewall_policy }} quota_firewall_rule = {{ neutron_quota_firewall_rule }} # Keystone authentication [keystone_authtoken] insecure = {{ keystone_service_internaluri_insecure | bool }} auth_type = {{ neutron_keystone_auth_plugin }} auth_url = {{ keystone_service_adminuri }} www_authenticate_uri = {{ keystone_service_internaluri }} project_domain_id = {{ neutron_service_project_domain_id }} user_domain_id = {{ neutron_service_user_domain_id }} project_name = {{ neutron_service_project_name }} username = {{ neutron_service_user_name }} password = {{ neutron_service_password }} region_name = {{ keystone_service_region }} service_token_roles_required = {{ neutron_service_token_roles_required | bool }} service_token_roles = {{ neutron_service_token_roles | join(',') }} service_type = {{ neutron_service_type }} memcached_servers = {{ neutron_memcached_servers }} token_cache_time = 300 # Prevent cache poisoning if sharing a memcached server memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcached_encryption_key }} # Workaround for https://bugs.launchpad.net/keystonemiddleware/+bug/1883659 memcache_use_advanced_pool = True # Database [database] connection = mysql+pymysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ neutron_galera_address }}:{{ neutron_galera_port }}/{{ neutron_galera_database }}?charset=utf8{% if neutron_galera_use_ssl | bool %}&ssl_verify_cert=true{% if neutron_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ neutron_galera_ssl_ca_cert }}{% endif %}{% endif +%} max_overflow = {{ neutron_db_max_overflow }} max_pool_size = {{ neutron_db_max_pool_size }} pool_timeout = {{ neutron_db_pool_timeout }} connection_recycle_time = {{ neutron_db_connection_recycle_time }} # Service providers [service_providers] {% if neutron_vpnaas | bool %} service_provider = {{ neutron_vpnaas_service_provider }} {% endif %} {% if neutron_fwaas_v2 | bool %} service_provider = {{ neutron_fwaasv2_service_provider }} {% endif %} {% endif %} # Agent [agent] polling_interval = {{ neutron_agent_polling_interval|default(5) }} report_interval = {{ neutron_report_interval|int }} root_helper = sudo {{ neutron_bin }}/neutron-rootwrap {{ neutron_conf_dir }}/rootwrap.conf root_helper_daemon = sudo {{ neutron_bin }}/neutron-rootwrap-daemon {{ neutron_conf_dir }}/rootwrap.conf # Messaging [oslo_messaging_rabbit] rpc_conn_pool_size = {{ neutron_rpc_conn_pool_size }} heartbeat_in_pthread = {{ neutron_oslomsg_heartbeat_in_pthread }} rabbit_quorum_queue = {{ neutron_oslomsg_rabbit_quorum_queues }} rabbit_quorum_delivery_limit = {{ neutron_oslomsg_rabbit_quorum_delivery_limit }} rabbit_quorum_max_memory_bytes = {{ neutron_oslomsg_rabbit_quorum_max_memory_bytes }} # Notifications [oslo_messaging_notifications] {% set notification_topics = [] %} {% if neutron_ceilometer_enabled %} {% set _ = notification_topics.append('notifications') %} {% endif %} topics = {{ notification_topics | join(',') }} driver = {{ (notification_topics | length > 0) | ternary('messagingv2', 'noop') }} transport_url = {{ neutron_oslomsg_notify_transport }}://{% for host in neutron_oslomsg_notify_servers.split(',') %}{{ neutron_oslomsg_notify_userid }}:{{ neutron_oslomsg_notify_password }}@{{ host }}:{{ neutron_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _neutron_oslomsg_notify_vhost_conf }}{% if neutron_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ neutron_oslomsg_notify_ssl_version }}&ssl_ca_file={{ neutron_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} # Concurrency (locking mechanisms) [oslo_concurrency] lock_path = {{ neutron_lock_dir }}/{{ neutron_system_slice_name }} {% if neutron_services['neutron-server']['group'] in group_names and 'sfc' in neutron_plugin_base %} # ODL-SFC [sfc] drivers = ovs [flowclassifier] drivers = ovs {% endif %} {% if neutron_services['neutron-server']['group'] in group_names and neutron_backend_ssl | bool %} [ssl] cert_file = {{ neutron_ssl_cert }} key_file = {{ neutron_ssl_key }} {% endif %}