openstack-ansible-os_neutron/templates/neutron.conf.j2
Kevin Carter 06d888b5a0 Add ability to configure Neutron FWaaS
This patch implements the necessary configuration in order to
implement Neutron FWaaS.

Re-Implementation-Of: https://review.openstack.org/#/c/275894/9

Change-Id: Ic046cc9815f7b9c86a52fd75e7c796ecacc9e083
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-03-17 15:32:12 +00:00

193 lines
6.4 KiB
Django/Jinja

# {{ ansible_managed }}
{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
{% set api_threads = _api_threads if _api_threads > 0 else 1 %}
# General, applies to all host groups
[DEFAULT]
verbose = {{ verbose }}
debug = {{ debug }}
fatal_deprecations = {{ neutron_fatal_deprecations }}
log_file = /var/log/neutron/neutron.log
{% if inventory_hostname in groups[neutron_services['neutron-server']['group']] %}
# General, only applies to neutron server host group
network_device_mtu = {{ neutron_network_device_mtu }}
allow_overlapping_ips = True
vlan_transparent = False
# Plugins
core_plugin = {{ neutron_plugin_core }}
{% if neutron_plugin_type != 'plumgrid' %}
service_plugins = {{ neutron_plugin_loaded_base }}
{% endif %}
# MAC address generation for VIFs
base_mac = fa:16:3e:00:00:00
mac_generation_retries = 16
# Authentication method
auth_strategy = keystone
# Drivers
network_scheduler_driver = {{ neutron_driver_network_scheduler }}
router_scheduler_driver = {{ neutron_driver_router_scheduler }}
loadbalancer_pool_scheduler_driver = {{ neutron_driver_loadbalancer_pool_scheduler }}
{% if neutron_ceilometer_enabled %}
notification_driver = messagingv2
{% endif %}
# Schedulers
network_auto_schedule = True
router_auto_schedule = True
# Distributed virtual routing (disable by default)
router_distributed = False
# Agents
agent_down_time = {{ neutron_agent_down_time }}
{% set num_agent = groups[neutron_services['neutron-dhcp-agent']['group']] | length %}
{% if neutron_plugin_type == 'ml2' and num_agent >= 2 %}
{% if neutron_services['neutron-linuxbridge-agent']['service_en'] | bool %}
{% set max_l3_router = num_agent if num_agent > 2 else 2 %}
{% set min_l3_router = num_agent if (num_agent > 2 and num_agent < max_l3_router) else 2 %}
# L3HA
l3_ha = True
l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }}
min_l3_agents_per_router = {{ min_l3_router }}
max_l3_agents_per_router = {{ max_l3_router }}
ha_network_type = {{ neutron_provider_networks.network_mappings_list[0].split(':')[0] }}
ha_network_physical_name = {{ neutron_provider_networks.network_mappings_list[0].split(':')[-1] }}
{% endif %}
{% endif %}
# API
bind_port = 9696
bind_host = 0.0.0.0
# Workers
api_workers = {{ neutron_api_workers | default(api_threads) }}
rpc_workers = {{ neutron_rpc_workers }}
{% set dhcp_agents_max = num_agent if num_agent > 2 else 2 %}
# DHCP
dhcp_agent_notification = True
dhcp_agents_per_network = {{ dhcp_agents_max }}
dhcp_lease_duration = 86400
advertise_mtu = False
# Nova notifications
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
send_events_interval = 2
nova_url = {{ nova_service_adminurl|replace('/%(tenant_id)s', '') }}
## Rpc all
rpc_backend = {{ neutron_rpc_backend }}
executor__thread_pool_size = {{ neutron_rpc_thread_pool_size }}
rpc_conn_pool_size = {{ neutron_rpc_conn_pool_size }}
rpc_response_timeout = {{ neutron_rpc_response_timeout }}
[nova]
auth_plugin = {{ nova_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminurl }}
region_name = {{ nova_service_region }}
project_domain_id = {{ nova_service_project_domain_id }}
user_domain_id = {{ nova_service_user_domain_id }}
project_name = {{ nova_service_project_name }}
username = {{ nova_service_user_name }}
password = {{ nova_service_password }}
# Quotas
[quotas]
quota_driver = {{ neutron_driver_quota }}
quota_items = network,subnet,port
default_quota = {{ neutron_default_quota }}
quota_floatingip = {{ neutron_quota_floatingip }}
quota_health_monitor = {{ neutron_quota_health_monitor }}
quota_member = {{ neutron_quota_member }}
quota_network = {{ neutron_quota_network }}
quota_network_gateway = {{ neutron_quota_network_gateway }}
quota_packet_filter = {{ neutron_quota_packet_filter }}
quota_pool = {{ neutron_quota_pool }}
quota_port = {{ neutron_quota_port }}
quota_router = {{ neutron_quota_router }}
quota_security_group = {{ neutron_quota_security_group }}
quota_security_group_rule = {{ neutron_quota_security_group_rule }}
quota_subnet = {{ neutron_quota_subnet }}
quota_vip = {{ neutron_quota_vip }}
# Keystone authentication
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ neutron_keystone_auth_plugin }}
signing_dir = /var/cache/neutron
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ neutron_service_project_domain_id }}
user_domain_id = {{ neutron_service_user_domain_id }}
project_name = {{ neutron_service_project_name }}
username = {{ neutron_service_user_name }}
password = {{ neutron_service_password }}
memcached_servers = {{ memcached_servers }}
token_cache_time = 300
revocation_cache_time = 60
# Prevent cache poisoning if sharing a memcached server
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
# Enable if your keystone deployment uses PKI and you prefer security over
# performance (disable by default)
check_revocations_for_cached = False
# Database
[database]
connection = mysql+pymysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ neutron_galera_address }}/{{ neutron_galera_database }}?charset=utf8
max_overflow = {{ neutron_db_max_overflow }}
max_pool_size = {{ neutron_db_pool_size }}
pool_timeout = {{ neutron_db_pool_timeout }}
# Service providers
[service_providers]
{% if neutron_lbaas | bool %}
service_provider = LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
{% elif neutron_lbaasv2 | bool %}
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
{% endif %}
#service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
{% endif %}
{% if neutron_fwaas | bool and neutron_plugin_type != 'plumgrid' %}
[fwaas]
enabled = true
driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
{% endif %}
# Agent
[agent]
polling_interval = {{ neutron_agent_polling_interval|default(5) }}
report_interval = {{ neutron_report_interval|int }}
root_helper = sudo {{ neutron_bin }}/neutron-rootwrap /etc/neutron/rootwrap.conf
# Messaging service
[oslo_messaging_rabbit]
rabbit_port = {{ rabbitmq_port }}
rabbit_userid = {{ neutron_rabbitmq_userid }}
rabbit_password = {{ neutron_rabbitmq_password }}
rabbit_virtual_host = {{ neutron_rabbitmq_vhost }}
rabbit_hosts = {{ rabbitmq_servers }}
rabbit_use_ssl = {{ rabbitmq_use_ssl }}
# Concurrency (locking mechanisms)
[oslo_concurrency]
lock_path = /var/lock/neutron