openstack-ansible-os_neutron/templates/neutron_ovn_metadata_agent.ini.j2
Dmitriy Rabotyagov 601c66666f Run neutron OVN agents as neutron user
As of today we run some agents, like neutron-ovn-metadata agent as
root user, since it needs access to ovsdb socket, which has 750 permissions
by default.

With that, for OVN we already use connection via host:port to the same
ovsdb manager, which allows to run it as an arbitrary user.

In order to align connection methods and to run services with lower
privileges
we introduce couple of new variables that allow to create valid connection
strings for both OpenFlow listeners and regular connection to the manager.

Change-Id: Iceab27aa1fdacc8b13f7ef6974b6a9076b8b7cd9
2024-02-20 13:34:49 +01:00

19 lines
467 B
Django/Jinja

# {{ ansible_managed }}
[DEFAULT]
debug = {{ debug }}
use_journal = true
# Nova metadata service IP and port
nova_metadata_host = {{ internal_lb_vip_address }}
# Metadata proxy shared secret
metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
# Protocol to access nova metadata, http or https
nova_metadata_protocol = {{ neutron_nova_metadata_protocol }}
[ovs]
ovsdb_connection = {{ neutron_ovsdb_manager_connection }}
ovsdb_connection_timeout = 180