399c83618d
Due to the shortcoming of QManager implementation [1], in case of uWSGI usage on metal hosts, the flow ends up with having the same hostname/processname set, making services to fight over same file under SHM. In order to avoid this, we prepend the hostname with a service_name. We can not change processname instead, since it will lead to the fight between different processes of the same service. [1] https://bugs.launchpad.net/oslo.messaging/+bug/2065922 Change-Id: Id7a52f7e7ebb658b7a5af914d4101be4632022c8
289 lines
11 KiB
Django/Jinja
289 lines
11 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
{% set neutron_plugin_loaded_base = [] %}
|
|
|
|
{% for plugin in neutron_plugin_base %}
|
|
{% if plugin not in ['dns', 'dns_domain_ports', 'subnet_dns_publish_fixed_ip', 'dns_domain_keywords'] %}
|
|
{% set _ = neutron_plugin_loaded_base.append(plugin) %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
# General, applies to all host groups
|
|
[DEFAULT]
|
|
# Disable stderr logging
|
|
use_stderr = False
|
|
debug = {{ debug }}
|
|
fatal_deprecations = {{ neutron_fatal_deprecations }}
|
|
use_journal = True
|
|
|
|
## Rpc all
|
|
executor_thread_pool_size = {{ neutron_rpc_thread_pool_size }}
|
|
rpc_response_timeout = {{ neutron_rpc_response_timeout }}
|
|
transport_url = {{ neutron_oslomsg_rpc_transport }}://{% for host in neutron_oslomsg_rpc_servers.split(',') %}{{ neutron_oslomsg_rpc_userid }}:{{ neutron_oslomsg_rpc_password }}@{{ host }}:{{ neutron_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _neutron_oslomsg_rpc_vhost_conf }}{% if neutron_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ neutron_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ neutron_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
|
|
|
|
# Domain to use for building hostnames
|
|
dns_domain = {{ neutron_dns_domain }}
|
|
|
|
{% if neutron_services['neutron-server']['group'] in group_names %}
|
|
|
|
# Enable SSL on the API server
|
|
use_ssl = {{ neutron_backend_ssl }}
|
|
|
|
# General, only applies to neutron server host group
|
|
vlan_transparent = False
|
|
|
|
# Availability zone
|
|
{% if neutron_default_availability_zones %}
|
|
default_availability_zones = {{ neutron_default_availability_zones | join(',') }}
|
|
{% if neutron_default_availability_zones | length > 1 %}
|
|
router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.AZLeastRoutersScheduler
|
|
network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.AZAwareWeightScheduler
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
# Plugins
|
|
core_plugin = {{ neutron_plugin_core }}
|
|
{% if neutron_plugin_type.split('.')[0] == 'ml2' %}
|
|
service_plugins = {{ neutron_plugin_loaded_base | join(',') }}
|
|
{% endif %}
|
|
|
|
# MAC address generation for VIFs
|
|
base_mac = fa:16:3e:00:00:00
|
|
mac_generation_retries = 16
|
|
|
|
# Authentication method
|
|
auth_strategy = keystone
|
|
|
|
# Drivers
|
|
network_scheduler_driver = {{ neutron_driver_network_scheduler }}
|
|
router_scheduler_driver = {{ neutron_driver_router_scheduler }}
|
|
|
|
# Schedulers
|
|
network_auto_schedule = True
|
|
router_auto_schedule = True
|
|
|
|
# Distributed virtual routing
|
|
router_distributed = {{ neutron_plugins[neutron_plugin_type].router_distributed | default('False') }}
|
|
enable_dvr = {{ neutron_plugins[neutron_plugin_type].router_distributed | default('False') }}
|
|
|
|
# Agents
|
|
agent_down_time = {{ neutron_agent_down_time }}
|
|
|
|
{% set num_l3_agent = (neutron_l3_agents_max | int) if neutron_l3_agents_max is defined else groups[neutron_services['neutron-l3-agent']['group']] | length %}
|
|
{% if neutron_plugin_type.split('.')[0] == 'ml2' and num_l3_agent >= 2 %}
|
|
{% if neutron_services['neutron-linuxbridge-agent']['service_en'] | bool or neutron_services['neutron-openvswitch-agent']['service_en'] | bool %}
|
|
|
|
{% set max_l3_router = num_l3_agent if num_l3_agent > 2 else 2 %}
|
|
|
|
# L3HA
|
|
l3_ha = True
|
|
l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }}
|
|
max_l3_agents_per_router = {{ max_l3_router }}
|
|
{% if neutron_provider_networks.network_mappings_list is defined and ((neutron_provider_networks.network_mappings_list | length) > 0) %}
|
|
ha_network_type = {{ neutron_provider_networks.network_mappings_list[0].split(':')[0] }}
|
|
ha_network_physical_name = {{ neutron_provider_networks.network_mappings_list[0].split(':')[-1] }}
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
# API
|
|
bind_port = 9696
|
|
bind_host = {{ neutron_api_bind_address }}
|
|
|
|
# Workers
|
|
api_workers = {{ neutron_api_workers | default(neutron_api_threads) }}
|
|
rpc_workers = {{ neutron_rpc_workers }}
|
|
|
|
{% set num_dhcp_agent = (neutron_dhcp_agents_max | int) if neutron_dhcp_agents_max is defined else groups[neutron_services['neutron-dhcp-agent']['group']] | length %}
|
|
{% set dhcp_agents_max = num_dhcp_agent if num_dhcp_agent > 2 else 2 %}
|
|
# DHCP
|
|
{% if neutron_plugin_type == 'vmware.nsx' %}
|
|
dhcp_agent_notification = False
|
|
{% else %}
|
|
dhcp_agent_notification = True
|
|
dhcp_agents_per_network = {{ dhcp_agents_max }}
|
|
dhcp_lease_duration = 86400
|
|
{% endif %}
|
|
|
|
|
|
# Driver for external DNS integration. (string value)
|
|
{% if neutron_designate_enabled %}
|
|
external_dns_driver = designate
|
|
{% else %}
|
|
#external_dns_driver = <None>
|
|
{% endif %}
|
|
|
|
# Nova notifications
|
|
notify_nova_on_port_status_changes = True
|
|
notify_nova_on_port_data_changes = True
|
|
send_events_interval = 2
|
|
|
|
# End of [DEFAULT] section
|
|
|
|
{% if neutron_plugin_type == 'ml2.lxb' %}
|
|
[experimental]
|
|
linuxbridge = True
|
|
{% endif %}
|
|
|
|
{% if neutron_designate_enabled %}
|
|
|
|
[designate]
|
|
|
|
# required by current dns integration implementation
|
|
url = {{ designate_service_adminurl }}
|
|
region_name = {{ neutron_service_region }}
|
|
auth_type = password
|
|
username = {{ neutron_service_user_name }}
|
|
password = {{ neutron_service_password }}
|
|
project_name = {{ neutron_service_project_name }}
|
|
user_domain_id = {{ neutron_service_user_domain_id }}
|
|
project_domain_id = {{ neutron_service_project_domain_id }}
|
|
auth_url = {{ keystone_service_adminurl }}
|
|
insecure = {{ keystone_service_adminuri_insecure | bool }}
|
|
|
|
allow_reverse_dns_lookup = {{ neutron_allow_reverse_dns_lookup }}
|
|
ipv4_ptr_zone_prefix_size = {{ neutron_ipv4_ptr_zone_prefix_size }}
|
|
ipv6_ptr_zone_prefix_size = {{ neutron_ipv6_ptr_zone_prefix_size }}
|
|
{% endif %}
|
|
|
|
[placement]
|
|
auth_type = password
|
|
username = {{ neutron_service_user_name }}
|
|
password = {{ neutron_service_password }}
|
|
project_name = {{ neutron_service_project_name }}
|
|
user_domain_id = {{ neutron_service_user_domain_id }}
|
|
project_domain_id = {{ neutron_service_project_domain_id }}
|
|
region_name = {{ neutron_service_region }}
|
|
auth_url = {{ keystone_service_adminurl }}
|
|
insecure = {{ keystone_service_adminuri_insecure | bool }}
|
|
endpoint_type = internal
|
|
|
|
[nova]
|
|
region_name = {{ neutron_service_region }}
|
|
auth_type = password
|
|
username = {{ neutron_service_user_name }}
|
|
password = {{ neutron_service_password }}
|
|
project_name = {{ neutron_service_project_name }}
|
|
user_domain_id = {{ neutron_service_user_domain_id }}
|
|
project_domain_id = {{ neutron_service_project_domain_id }}
|
|
auth_url = {{ keystone_service_adminurl }}
|
|
endpoint_type = internal
|
|
insecure = {{ keystone_service_adminuri_insecure | bool }}
|
|
|
|
# Quotas
|
|
[quotas]
|
|
quota_driver = {{ neutron_driver_quota }}
|
|
quota_items = network,subnet,port
|
|
default_quota = {{ neutron_default_quota }}
|
|
quota_floatingip = {{ neutron_quota_floatingip }}
|
|
quota_health_monitor = {{ neutron_quota_health_monitor }}
|
|
quota_member = {{ neutron_quota_member }}
|
|
quota_network = {{ neutron_quota_network }}
|
|
quota_network_gateway = {{ neutron_quota_network_gateway }}
|
|
quota_packet_filter = {{ neutron_quota_packet_filter }}
|
|
quota_pool = {{ neutron_quota_pool }}
|
|
quota_port = {{ neutron_quota_port }}
|
|
quota_router = {{ neutron_quota_router }}
|
|
quota_security_group = {{ neutron_quota_security_group }}
|
|
quota_security_group_rule = {{ neutron_quota_security_group_rule }}
|
|
quota_subnet = {{ neutron_quota_subnet }}
|
|
quota_vip = {{ neutron_quota_vip }}
|
|
quota_firewall = {{ neutron_quota_firewall }}
|
|
quota_firewall_policy = {{ neutron_quota_firewall_policy }}
|
|
quota_firewall_rule = {{ neutron_quota_firewall_rule }}
|
|
|
|
# Keystone authentication
|
|
[keystone_authtoken]
|
|
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
|
auth_type = {{ neutron_keystone_auth_plugin }}
|
|
auth_url = {{ keystone_service_adminuri }}
|
|
www_authenticate_uri = {{ keystone_service_internaluri }}
|
|
project_domain_id = {{ neutron_service_project_domain_id }}
|
|
user_domain_id = {{ neutron_service_user_domain_id }}
|
|
project_name = {{ neutron_service_project_name }}
|
|
username = {{ neutron_service_user_name }}
|
|
password = {{ neutron_service_password }}
|
|
region_name = {{ keystone_service_region }}
|
|
|
|
service_token_roles_required = {{ neutron_service_token_roles_required | bool }}
|
|
service_token_roles = {{ neutron_service_token_roles | join(',') }}
|
|
service_type = {{ neutron_service_type }}
|
|
|
|
memcached_servers = {{ neutron_memcached_servers }}
|
|
token_cache_time = 300
|
|
# Prevent cache poisoning if sharing a memcached server
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcached_encryption_key }}
|
|
# Workaround for https://bugs.launchpad.net/keystonemiddleware/+bug/1883659
|
|
memcache_use_advanced_pool = True
|
|
|
|
# Database
|
|
[database]
|
|
connection = mysql+pymysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ neutron_galera_address }}:{{ neutron_galera_port }}/{{ neutron_galera_database }}?charset=utf8{% if neutron_galera_use_ssl | bool %}&ssl_verify_cert=true{% if neutron_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ neutron_galera_ssl_ca_cert }}{% endif %}{% endif +%}
|
|
max_overflow = {{ neutron_db_max_overflow }}
|
|
max_pool_size = {{ neutron_db_max_pool_size }}
|
|
pool_timeout = {{ neutron_db_pool_timeout }}
|
|
connection_recycle_time = {{ neutron_db_connection_recycle_time }}
|
|
|
|
# Service providers
|
|
[service_providers]
|
|
{% if neutron_vpnaas | bool %}
|
|
service_provider = {{ neutron_vpnaas_service_provider }}
|
|
{% endif %}
|
|
{% if neutron_fwaas_v2 | bool %}
|
|
service_provider = {{ neutron_fwaasv2_service_provider }}
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
# Agent
|
|
[agent]
|
|
polling_interval = {{ neutron_agent_polling_interval|default(5) }}
|
|
report_interval = {{ neutron_report_interval|int }}
|
|
root_helper = sudo {{ neutron_bin }}/neutron-rootwrap {{ neutron_conf_dir }}/rootwrap.conf
|
|
root_helper_daemon = sudo {{ neutron_bin }}/neutron-rootwrap-daemon {{ neutron_conf_dir }}/rootwrap.conf
|
|
|
|
# Messaging
|
|
[oslo_messaging_rabbit]
|
|
rpc_conn_pool_size = {{ neutron_rpc_conn_pool_size }}
|
|
heartbeat_in_pthread = {{ neutron_oslomsg_heartbeat_in_pthread }}
|
|
rabbit_quorum_queue = {{ neutron_oslomsg_rabbit_quorum_queues }}
|
|
rabbit_transient_quorum_queue = {{ neutron_oslomsg_rabbit_transient_quorum_queues }}
|
|
rabbit_qos_prefetch_count = {{ neutron_oslomsg_rabbit_qos_prefetch_count }}
|
|
use_queue_manager = {{ neutron_oslomsg_rabbit_queue_manager }}
|
|
{% if neutron_oslomsg_rabbit_queue_manager %}
|
|
hostname = {{ [ansible_facts['hostname'], neutron_service_name] | join('-') }}
|
|
{% endif %}
|
|
rabbit_stream_fanout = {{ neutron_oslomsg_rabbit_stream_fanout }}
|
|
rabbit_quorum_delivery_limit = {{ neutron_oslomsg_rabbit_quorum_delivery_limit }}
|
|
rabbit_quorum_max_memory_bytes = {{ neutron_oslomsg_rabbit_quorum_max_memory_bytes }}
|
|
|
|
# Notifications
|
|
[oslo_messaging_notifications]
|
|
{% set notification_topics = [] %}
|
|
{% if neutron_oslomsg_notify_configure %}
|
|
{% set _ = notification_topics.append('notifications') %}
|
|
{% endif %}
|
|
topics = {{ notification_topics | join(',') }}
|
|
driver = {{ (notification_topics | length > 0) | ternary('messagingv2', 'noop') }}
|
|
transport_url = {{ neutron_oslomsg_notify_transport }}://{% for host in neutron_oslomsg_notify_servers.split(',') %}{{ neutron_oslomsg_notify_userid }}:{{ neutron_oslomsg_notify_password }}@{{ host }}:{{ neutron_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _neutron_oslomsg_notify_vhost_conf }}{% if neutron_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ neutron_oslomsg_notify_ssl_version }}&ssl_ca_file={{ neutron_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
|
|
|
|
# Concurrency (locking mechanisms)
|
|
[oslo_concurrency]
|
|
lock_path = {{ neutron_lock_dir }}/{{ neutron_system_slice_name }}
|
|
|
|
{% if neutron_services['neutron-server']['group'] in group_names and 'sfc' in neutron_plugin_base %}
|
|
# ODL-SFC
|
|
[sfc]
|
|
drivers = ovs
|
|
|
|
[flowclassifier]
|
|
drivers = ovs
|
|
{% endif %}
|
|
|
|
{% if neutron_services['neutron-server']['group'] in group_names and neutron_backend_ssl | bool %}
|
|
[ssl]
|
|
cert_file = {{ neutron_ssl_cert }}
|
|
key_file = {{ neutron_ssl_key }}
|
|
{% endif %}
|