openstack-ansible-os_neutron/templates/plugins/ml2/ml2_conf.ini.j2
Marc Gariepy 556c5c6733 add ovn ssl config
Create ssl-certs for ovn deployment
ssl encryption is now enabled between neutron and ovn componants.

Change-Id: If8ca3f2035ada97cff248ad49771eefab95c6c23
2022-11-30 16:03:14 +00:00

69 lines
2.9 KiB
Django/Jinja

# {{ ansible_managed }}
# ML2 general
[ml2]
type_drivers = {{ neutron_plugins[neutron_plugin_type].drivers_type }}
tenant_network_types = {{ neutron_provider_networks.network_types if neutron_provider_networks.network_types != '' else 'local' }}
mechanism_drivers = {{ neutron_ml2_mechanism_drivers }}
extension_drivers = port_security{% if 'qos' in neutron_plugin_base %},qos{% endif %}{% if 'dns' in neutron_plugin_base %},dns{% endif %}{% if 'dns_domain_ports' in neutron_plugin_base %},dns_domain_ports{% endif %}{% if 'subnet_dns_publish_fixed_ip' in neutron_plugin_base %},subnet_dns_publish_fixed_ip{% endif %}{% if 'dns_domain_keywords' in neutron_plugin_base %},dns_domain_keywords{% endif %}
{% if neutron_provider_networks.network_mappings is defined and (neutron_plugin_type == 'ml2.opendaylight' and ('odl-router_v2' in neutron_plugin_base or 'odl-router' in neutron_plugin_base)) %}
bridge_mappings = {{ neutron_provider_networks.network_mappings }}
{% endif %}
{% if neutron_provider_networks.network_flat_networks is defined %}
# ML2 flat networks
[ml2_type_flat]
flat_networks = {{ neutron_provider_networks.network_flat_networks }}
{% endif %}
{% if neutron_provider_networks.network_vlan_ranges is defined %}
# ML2 VLAN networks
[ml2_type_vlan]
network_vlan_ranges = {{ neutron_provider_networks.network_vlan_ranges }}
{% endif %}
{% if neutron_provider_networks.network_vxlan_ranges is defined %}
# ML2 VXLAN networks
[ml2_type_vxlan]
vxlan_group = {{ neutron_vxlan_group }}
vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }}
{% endif %}
{% if neutron_provider_networks.network_geneve_ranges is defined %}
[ml2_type_geneve]
vni_ranges = {{ neutron_provider_networks.network_geneve_ranges }}
max_header_size = 38
{% endif %}
{% if neutron_plugin_type == 'ml2.ovn' %}
{% if (neutron_services['neutron-server']['group'] in group_names or neutron_services['neutron-ovn-controller']['group'] in group_names) %}
[ovn]
ovn_native_dhcp = True
ovn_nb_connection = {{ neutron_ovn_nb_connection }}
ovn_sb_connection = {{ neutron_ovn_sb_connection }}
ovn_l3_scheduler = {{ neutron_ovn_l3_scheduler }}
ovn_metadata_enabled = True
{% endif %}
{% if neutron_ovn_ssl and (neutron_services['neutron-server']['group'] in group_names or neutron_services['neutron-ovn-controller']['group'] in group_names) %}
ovn_sb_ca_cert={{ [neutron_conf_version_dir, neutron_ovn_ssl_ca_cert] | join('/') }}
ovn_sb_certificate={{ [neutron_conf_version_dir, neutron_ovn_ssl_cert] | join('/') }}
ovn_sb_private_key={{ [neutron_conf_version_dir, neutron_ovn_ssl_key] | join('/') }}
ovn_nb_ca_cert={{ [neutron_conf_version_dir, neutron_ovn_ssl_ca_cert] | join('/') }}
ovn_nb_certificate={{ [neutron_conf_version_dir, neutron_ovn_ssl_cert] | join('/') }}
ovn_nb_private_key={{ [neutron_conf_version_dir, neutron_ovn_ssl_key] | join('/') }}
{% endif %}
{% endif %}
# Security groups
[securitygroup]
enable_security_group = True
enable_ipset = True