601c66666f
As of today we run some agents, like neutron-ovn-metadata agent as root user, since it needs access to ovsdb socket, which has 750 permissions by default. With that, for OVN we already use connection via host:port to the same ovsdb manager, which allows to run it as an arbitrary user. In order to align connection methods and to run services with lower privileges we introduce couple of new variables that allow to create valid connection strings for both OpenFlow listeners and regular connection to the manager. Change-Id: Iceab27aa1fdacc8b13f7ef6974b6a9076b8b7cd9
19 lines
467 B
Django/Jinja
19 lines
467 B
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
[DEFAULT]
|
|
debug = {{ debug }}
|
|
use_journal = true
|
|
|
|
# Nova metadata service IP and port
|
|
nova_metadata_host = {{ internal_lb_vip_address }}
|
|
|
|
# Metadata proxy shared secret
|
|
metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
|
|
|
|
# Protocol to access nova metadata, http or https
|
|
nova_metadata_protocol = {{ neutron_nova_metadata_protocol }}
|
|
|
|
[ovs]
|
|
ovsdb_connection = {{ neutron_ovsdb_manager_connection }}
|
|
ovsdb_connection_timeout = 180
|