openstack/openstack-ansible-os_neutron
Code Issues Proposed changes
65fba08c94
openstack-ansible-os_neutron/templates/neutron.conf.j2
Dmitriy Rabotyagov 70bb847605 Add Availability Zone variables 
At the moment the only way to configure multi-AZ support in Neutron were
config overrides, which work quite nicely with LXB/OVS scenarios. However,
with OVN changing configuration is not enough, and command that sets
up OVN Gateway should provide extra CMS option.

In order to improve AZ support in Neutron role, we add couple of variables
that control behaviour and allow to perform required configuration without
config overrides for OVS/LXB/OVN.

Co-Authored-By: Danila Balagansky <dbalagansky@me.com>
Closes-Bug: #2002040
Change-Id: Ic964329c06765176692f7b0c32f33ec46360a3fb
2024-01-03 15:03:27 +01:00

282 lines
11 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
{% set neutron_plugin_loaded_base = [] %}
{% for plugin in neutron_plugin_base %}
{% if plugin not in ['dns', 'dns_domain_ports', 'subnet_dns_publish_fixed_ip', 'dns_domain_keywords'] %}
{% set _ = neutron_plugin_loaded_base.append(plugin) %}
{% endif %}
{% endfor %}
# General, applies to all host groups
[DEFAULT]
# Disable stderr logging
use_stderr = False
debug = {{ debug }}
fatal_deprecations = {{ neutron_fatal_deprecations }}
use_journal = True
## Rpc all
executor_thread_pool_size = {{ neutron_rpc_thread_pool_size }}
rpc_response_timeout = {{ neutron_rpc_response_timeout }}
transport_url = {{ neutron_oslomsg_rpc_transport }}://{% for host in neutron_oslomsg_rpc_servers.split(',') %}{{ neutron_oslomsg_rpc_userid }}:{{ neutron_oslomsg_rpc_password }}@{{ host }}:{{ neutron_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _neutron_oslomsg_rpc_vhost_conf }}{% if neutron_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ neutron_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ neutron_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
# Domain to use for building hostnames
dns_domain = {{ neutron_dns_domain }}
{% if neutron_services['neutron-server']['group'] in group_names %}
# Enable SSL on the API server
use_ssl = {{ neutron_backend_ssl }}
# General, only applies to neutron server host group
vlan_transparent = False
# Availability zone
{% if neutron_default_availability_zones %}
default_availability_zones = {{ neutron_default_availability_zones | join(',') }}
{% if neutron_default_availability_zones | length > 1 %}
router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.AZLeastRoutersScheduler
network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.AZAwareWeightScheduler
{% endif %}
{% endif %}
# Plugins
core_plugin = {{ neutron_plugin_core }}
{% if neutron_plugin_type.split('.')[0] == 'ml2' %}
service_plugins = {{ neutron_plugin_loaded_base | join(',') }}
{% endif %}
# MAC address generation for VIFs
base_mac = fa:16:3e:00:00:00
mac_generation_retries = 16
# Authentication method
auth_strategy = keystone
# Drivers
network_scheduler_driver = {{ neutron_driver_network_scheduler }}
router_scheduler_driver = {{ neutron_driver_router_scheduler }}
# Schedulers
network_auto_schedule = True
router_auto_schedule = True
# Distributed virtual routing
router_distributed = {{ neutron_plugins[neutron_plugin_type].router_distributed | default('False') }}
enable_dvr = {{ neutron_plugins[neutron_plugin_type].router_distributed | default('False') }}
# Agents
agent_down_time = {{ neutron_agent_down_time }}
{% set num_l3_agent = (neutron_l3_agents_max | int) if neutron_l3_agents_max is defined else groups[neutron_services['neutron-l3-agent']['group']] | length %}
{% if neutron_plugin_type.split('.')[0] == 'ml2' and num_l3_agent >= 2 %}
{% if neutron_services['neutron-linuxbridge-agent']['service_en'] | bool or neutron_services['neutron-openvswitch-agent']['service_en'] | bool %}
{% set max_l3_router = num_l3_agent if num_l3_agent > 2 else 2 %}
# L3HA
l3_ha = True
l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }}
max_l3_agents_per_router = {{ max_l3_router }}
{% if neutron_provider_networks.network_mappings_list is defined and ((neutron_provider_networks.network_mappings_list | length) > 0) %}
ha_network_type = {{ neutron_provider_networks.network_mappings_list[0].split(':')[0] }}
ha_network_physical_name = {{ neutron_provider_networks.network_mappings_list[0].split(':')[-1] }}
{% endif %}
{% endif %}
{% endif %}
# API
bind_port = 9696
bind_host = {{ neutron_api_bind_address }}
# Workers
api_workers = {{ neutron_api_workers | default(neutron_api_threads) }}
rpc_workers = {{ neutron_rpc_workers }}
{% set num_dhcp_agent = (neutron_dhcp_agents_max | int) if neutron_dhcp_agents_max is defined else groups[neutron_services['neutron-dhcp-agent']['group']] | length %}
{% set dhcp_agents_max = num_dhcp_agent if num_dhcp_agent > 2 else 2 %}
# DHCP
{% if neutron_plugin_type == 'vmware.nsx' %}
dhcp_agent_notification = False
{% else %}
dhcp_agent_notification = True
dhcp_agents_per_network = {{ dhcp_agents_max }}
dhcp_lease_duration = 86400
{% endif %}
# Driver for external DNS integration. (string value)
{% if neutron_designate_enabled %}
external_dns_driver = designate
{% else %}
#external_dns_driver = <None>
{% endif %}
# Nova notifications
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
send_events_interval = 2
# End of [DEFAULT] section
{% if neutron_plugin_type == 'ml2.lxb' %}
[experimental]
linuxbridge = True
{% endif %}
{% if neutron_designate_enabled %}
[designate]
# required by current dns integration implementation
url = {{ designate_service_adminurl }}
region_name = {{ neutron_service_region }}
auth_type = password
username = {{ neutron_service_user_name }}
password = {{ neutron_service_password }}
project_name = {{ neutron_service_project_name }}
user_domain_id = {{ neutron_service_user_domain_id }}
project_domain_id = {{ neutron_service_project_domain_id }}
auth_url = {{ keystone_service_adminurl }}
insecure = {{ keystone_service_adminuri_insecure | bool }}
allow_reverse_dns_lookup = {{ neutron_allow_reverse_dns_lookup }}
ipv4_ptr_zone_prefix_size = {{ neutron_ipv4_ptr_zone_prefix_size }}
ipv6_ptr_zone_prefix_size = {{ neutron_ipv6_ptr_zone_prefix_size }}
{% endif %}
[placement]
auth_type = password
username = {{ neutron_service_user_name }}
password = {{ neutron_service_password }}
project_name = {{ neutron_service_project_name }}
user_domain_id = {{ neutron_service_user_domain_id }}
project_domain_id = {{ neutron_service_project_domain_id }}
region_name = {{ neutron_service_region }}
auth_url = {{ keystone_service_adminurl }}
insecure = {{ keystone_service_adminuri_insecure | bool }}
endpoint_type = internal
[nova]
region_name = {{ neutron_service_region }}
auth_type = password
username = {{ neutron_service_user_name }}
password = {{ neutron_service_password }}
project_name = {{ neutron_service_project_name }}
user_domain_id = {{ neutron_service_user_domain_id }}
project_domain_id = {{ neutron_service_project_domain_id }}
auth_url = {{ keystone_service_adminurl }}
endpoint_type = internal
insecure = {{ keystone_service_adminuri_insecure | bool }}
# Quotas
[quotas]
quota_driver = {{ neutron_driver_quota }}
quota_items = network,subnet,port
default_quota = {{ neutron_default_quota }}
quota_floatingip = {{ neutron_quota_floatingip }}
quota_health_monitor = {{ neutron_quota_health_monitor }}
quota_member = {{ neutron_quota_member }}
quota_network = {{ neutron_quota_network }}
quota_network_gateway = {{ neutron_quota_network_gateway }}
quota_packet_filter = {{ neutron_quota_packet_filter }}
quota_pool = {{ neutron_quota_pool }}
quota_port = {{ neutron_quota_port }}
quota_router = {{ neutron_quota_router }}
quota_security_group = {{ neutron_quota_security_group }}
quota_security_group_rule = {{ neutron_quota_security_group_rule }}
quota_subnet = {{ neutron_quota_subnet }}
quota_vip = {{ neutron_quota_vip }}
quota_firewall = {{ neutron_quota_firewall }}
quota_firewall_policy = {{ neutron_quota_firewall_policy }}
quota_firewall_rule = {{ neutron_quota_firewall_rule }}
# Keystone authentication
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ neutron_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminuri }}
www_authenticate_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ neutron_service_project_domain_id }}
user_domain_id = {{ neutron_service_user_domain_id }}
project_name = {{ neutron_service_project_name }}
username = {{ neutron_service_user_name }}
password = {{ neutron_service_password }}
region_name = {{ keystone_service_region }}
service_token_roles_required = {{ neutron_service_token_roles_required | bool }}
service_token_roles = {{ neutron_service_token_roles | join(',') }}
service_type = {{ neutron_service_type }}
memcached_servers = {{ neutron_memcached_servers }}
token_cache_time = 300
# Prevent cache poisoning if sharing a memcached server
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
# Workaround for https://bugs.launchpad.net/keystonemiddleware/+bug/1883659
memcache_use_advanced_pool = True
# Database
[database]
connection = mysql+pymysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ neutron_galera_address }}:{{ neutron_galera_port }}/{{ neutron_galera_database }}?charset=utf8{% if neutron_galera_use_ssl | bool %}&ssl_verify_cert=true{% if neutron_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ neutron_galera_ssl_ca_cert }}{% endif %}{% endif +%}
max_overflow = {{ neutron_db_max_overflow }}
max_pool_size = {{ neutron_db_max_pool_size }}
pool_timeout = {{ neutron_db_pool_timeout }}
connection_recycle_time = {{ neutron_db_connection_recycle_time }}
# Service providers
[service_providers]
{% if neutron_vpnaas | bool %}
service_provider = {{ neutron_vpnaas_service_provider }}
{% endif %}
{% if neutron_fwaas_v2 | bool %}
service_provider = {{ neutron_fwaasv2_service_provider }}
{% endif %}
{% endif %}
# Agent
[agent]
polling_interval = {{ neutron_agent_polling_interval|default(5) }}
report_interval = {{ neutron_report_interval|int }}
root_helper = sudo {{ neutron_bin }}/neutron-rootwrap {{ neutron_conf_dir }}/rootwrap.conf
root_helper_daemon = sudo {{ neutron_bin }}/neutron-rootwrap-daemon {{ neutron_conf_dir }}/rootwrap.conf
# Messaging
[oslo_messaging_rabbit]
rpc_conn_pool_size = {{ neutron_rpc_conn_pool_size }}
heartbeat_in_pthread = {{ neutron_oslomsg_heartbeat_in_pthread }}
rabbit_quorum_queue = {{ neutron_oslomsg_rabbit_quorum_queues }}
rabbit_quorum_delivery_limit = {{ neutron_oslomsg_rabbit_quorum_delivery_limit }}
rabbit_quorum_max_memory_bytes = {{ neutron_oslomsg_rabbit_quorum_max_memory_bytes }}
# Notifications
[oslo_messaging_notifications]
{% set notification_topics = [] %}
{% if neutron_ceilometer_enabled %}
{% set _ = notification_topics.append('notifications') %}
{% endif %}
topics = {{ notification_topics | join(',') }}
driver = {{ (notification_topics | length > 0) | ternary('messagingv2', 'noop') }}
transport_url = {{ neutron_oslomsg_notify_transport }}://{% for host in neutron_oslomsg_notify_servers.split(',') %}{{ neutron_oslomsg_notify_userid }}:{{ neutron_oslomsg_notify_password }}@{{ host }}:{{ neutron_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _neutron_oslomsg_notify_vhost_conf }}{% if neutron_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ neutron_oslomsg_notify_ssl_version }}&ssl_ca_file={{ neutron_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
# Concurrency (locking mechanisms)
[oslo_concurrency]
lock_path = {{ neutron_lock_dir }}/{{ neutron_system_slice_name }}
{% if neutron_services['neutron-server']['group'] in group_names and 'sfc' in neutron_plugin_base %}
# ODL-SFC
[sfc]
drivers = ovs
[flowclassifier]
drivers = ovs
{% endif %}
{% if neutron_services['neutron-server']['group'] in group_names and neutron_backend_ssl | bool %}
[ssl]
cert_file = {{ neutron_ssl_cert }}
key_file = {{ neutron_ssl_key }}
{% endif %}
View Git Blame Copy Permalink