openstack-ansible-os_neutron/templates/neutron.conf.j2
Guilherme Steinmüller b1f4269ecc Add neutron-rootwrap-daemon
This patch introduces neutron-rootwrap-daemon[1]
to neutron.conf and sudoers.d files which provide us
improvements in performance such as openratins
with DHCP agents.

[1] https://specs.openstack.org/openstack/neutron-specs/specs/kilo/rootwrap-daemon-mode.html

Change-Id: I659b8fb695dce5b9997de2acc770b1e7fbeae6d4
2019-02-27 20:13:56 +00:00

281 lines
10 KiB
Django/Jinja

# {{ ansible_managed }}
{% set neutron_plugin_loaded_base = [] %}
{% for plugin in neutron_plugin_base %}
{% if plugin not in ['dns', 'dns_domain_ports'] %}
{% set _ = neutron_plugin_loaded_base.append(plugin) %}
{% endif %}
{% endfor %}
{% if (neutron_lbaasv2|bool) and ('neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2' not in neutron_plugin_base) -%}
{% if neutron_octavia_proxy_plugin|bool %}
{% set _ = neutron_plugin_loaded_base.append("lbaasv2-proxy") %}
{% else %}
{% set _ = neutron_plugin_loaded_base.append("lbaasv2") %}
{% endif %}
{% endif %}
# General, applies to all host groups
[DEFAULT]
# Disable stderr logging
use_stderr = False
debug = {{ debug }}
fatal_deprecations = {{ neutron_fatal_deprecations }}
log_file = {{ neutron_log_dir }}/neutron.log
## Rpc all
executor_thread_pool_size = {{ neutron_rpc_thread_pool_size }}
rpc_response_timeout = {{ neutron_rpc_response_timeout }}
transport_url = {{ neutron_oslomsg_rpc_transport }}://{% for host in neutron_oslomsg_rpc_servers.split(',') %}{{ neutron_oslomsg_rpc_userid }}:{{ neutron_oslomsg_rpc_password }}@{{ host }}:{{ neutron_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ neutron_oslomsg_rpc_vhost }}{% if neutron_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
# Domain to use for building hostnames
dns_domain = {{ neutron_dns_domain }}
{% if neutron_services['neutron-server']['group'] in group_names %}
# General, only applies to neutron server host group
allow_overlapping_ips = True
vlan_transparent = False
# Plugins
core_plugin = {{ neutron_plugin_core }}
{% if neutron_plugin_type.split('.')[0] == 'ml2' %}
service_plugins = {{ neutron_plugin_loaded_base | join(',') }}
{% endif %}
# MAC address generation for VIFs
base_mac = fa:16:3e:00:00:00
mac_generation_retries = 16
# Authentication method
auth_strategy = keystone
# Drivers
network_scheduler_driver = {{ neutron_driver_network_scheduler }}
router_scheduler_driver = {{ neutron_driver_router_scheduler }}
loadbalancer_pool_scheduler_driver = {{ neutron_driver_loadbalancer_pool_scheduler }}
# Schedulers
network_auto_schedule = True
router_auto_schedule = True
# Distributed virtual routing
router_distributed = {{ neutron_plugins[neutron_plugin_type].router_distributed | default('False') }}
enable_dvr = {{ neutron_plugins[neutron_plugin_type].router_distributed | default('False') }}
# Agents
agent_down_time = {{ neutron_agent_down_time }}
{% set num_agent = groups[neutron_services['neutron-dhcp-agent']['group']] | length %}
{% if neutron_plugin_type.split('.')[0] == 'ml2' and num_agent >= 2 %}
{% if neutron_services['neutron-linuxbridge-agent']['service_en'] | bool or neutron_services['neutron-openvswitch-agent']['service_en'] | bool %}
{% set max_l3_router = num_agent if num_agent > 2 else 2 %}
# L3HA
l3_ha = True
l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }}
max_l3_agents_per_router = {{ max_l3_router }}
{% if neutron_provider_networks.network_mappings_list is defined and ((neutron_provider_networks.network_mappings_list | length) > 0) %}
ha_network_type = {{ neutron_provider_networks.network_mappings_list[0].split(':')[0] }}
ha_network_physical_name = {{ neutron_provider_networks.network_mappings_list[0].split(':')[-1] }}
{% endif %}
{% endif %}
{% endif %}
# API
bind_port = 9696
bind_host = 0.0.0.0
# Workers
api_workers = {{ neutron_api_workers | default(neutron_api_threads) }}
rpc_workers = {{ neutron_rpc_workers }}
{% set dhcp_agents_max = num_agent if num_agent > 2 else 2 %}
# DHCP
dhcp_agent_notification = True
dhcp_agents_per_network = {{ dhcp_agents_max }}
dhcp_lease_duration = 86400
# Driver for external DNS integration. (string value)
{% if neutron_designate_enabled %}
external_dns_driver = designate
{% else %}
#external_dns_driver = <None>
{% endif %}
# Nova notifications
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
send_events_interval = 2
# End of [DEFAULT] section
{% if neutron_designate_enabled %}
[designate]
# required by current dns integration implementation
url = {{ designate_service_adminurl }}
auth_type = {{ designate_keystone_auth_plugin }}
auth_uri = {{ keystone_service_adminuri }}
auth_url = {{ keystone_service_adminurl }}
region_name = {{ designate_service_region }}
project_domain_id = {{ designate_service_project_domain_id }}
user_domain_id = {{ designate_service_user_domain_id }}
project_name = {{ designate_service_project_name }}
username = {{ designate_service_user_name }}
password = {{ designate_service_password }}
allow_reverse_dns_lookup = {{ neutron_allow_reverse_dns_lookup }}
ipv4_ptr_zone_prefix_size = {{ neutron_ipv4_ptr_zone_prefix_size }}
ipv6_ptr_zone_prefix_size = {{ neutron_ipv6_ptr_zone_prefix_size }}
{% endif %}
[nova]
insecure = {{ keystone_service_adminuri_insecure | bool }}
auth_type = {{ nova_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminurl }}
region_name = {{ nova_service_region }}
project_domain_id = {{ nova_service_project_domain_id }}
user_domain_id = {{ nova_service_user_domain_id }}
project_name = {{ nova_service_project_name }}
username = {{ nova_service_user_name }}
password = {{ nova_service_password }}
endpoint_type = internal
# Quotas
[quotas]
quota_driver = {{ neutron_driver_quota }}
quota_items = network,subnet,port
default_quota = {{ neutron_default_quota }}
quota_floatingip = {{ neutron_quota_floatingip }}
quota_health_monitor = {{ neutron_quota_health_monitor }}
quota_member = {{ neutron_quota_member }}
quota_network = {{ neutron_quota_network }}
quota_network_gateway = {{ neutron_quota_network_gateway }}
quota_packet_filter = {{ neutron_quota_packet_filter }}
quota_pool = {{ neutron_quota_pool }}
quota_port = {{ neutron_quota_port }}
quota_router = {{ neutron_quota_router }}
quota_security_group = {{ neutron_quota_security_group }}
quota_security_group_rule = {{ neutron_quota_security_group_rule }}
quota_subnet = {{ neutron_quota_subnet }}
quota_vip = {{ neutron_quota_vip }}
quota_firewall = {{ neutron_quota_firewall }}
quota_firewall_policy = {{ neutron_quota_firewall_policy }}
quota_firewall_rule = {{ neutron_quota_firewall_rule }}
# Keystone authentication
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ neutron_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminuri }}
www_authenticate_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ neutron_service_project_domain_id }}
user_domain_id = {{ neutron_service_user_domain_id }}
project_name = {{ neutron_service_project_name }}
username = {{ neutron_service_user_name }}
password = {{ neutron_service_password }}
region_name = {{ keystone_service_region }}
memcached_servers = {{ memcached_servers }}
token_cache_time = 300
# Prevent cache poisoning if sharing a memcached server
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
# Database
[database]
connection = mysql+pymysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ neutron_galera_address }}/{{ neutron_galera_database }}?charset=utf8{% if neutron_galera_use_ssl | bool %}&ssl_ca={{ neutron_galera_ssl_ca_cert }}{% endif %}
max_overflow = {{ neutron_db_max_overflow }}
max_pool_size = {{ neutron_db_pool_size }}
pool_timeout = {{ neutron_db_pool_timeout }}
# Service providers
[service_providers]
{% if neutron_lbaasv2 | bool %}
{% for service_provider in neutron_lbaasv2_service_provider.split(',') %}
service_provider = {{ service_provider }}
{% endfor %}
{% endif %}
{% if neutron_vpnaas | bool %}
service_provider = {{ neutron_vpnaas_service_provider }}
{% endif %}
{% if neutron_fwaas_v2 | bool %}
service_provider = {{ neutron_fwaasv2_service_provider }}
{% endif %}
{% if neutron_lbaasv2 | bool %}
{% if neutron_lbaas_octavia | bool %}
[octavia]
base_url= {{ octavia_service_internaluri }}
request_poll_timeout = {{ neutron_octavia_request_poll_timeout }}
{% endif %}
# Configure Barbican - TLS will not work if Barbican is misisng
[certificates]
# Certificate Manager plugin. Defaults to barbican. (string value)
cert_manager_type = barbican
# Name of the Barbican authentication method to use (string value)
#barbican_auth = barbican_acl_auth
[service_auth]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ neutron_keystone_auth_plugin }}
# this needs to have a v3 added manually :-(
auth_url = {{ keystone_service_internaluri }}/v3
admin_project_domain = {{ neutron_service_project_domain_id }}
admin_user_domain = {{ neutron_service_user_domain_id }}
admin_tenant_name = {{ neutron_service_project_name }}
admin_user = {{ neutron_service_user_name }}
admin_password = {{ neutron_service_password }}
region = {{ keystone_service_region }}
endpoint_type = internalURL
service_name = neutron
auth_version = 3
{% endif %}
{% endif %}
# Agent
[agent]
polling_interval = {{ neutron_agent_polling_interval|default(5) }}
report_interval = {{ neutron_report_interval|int }}
root_helper = sudo {{ neutron_bin }}/neutron-rootwrap {{ neutron_conf_dir }}/rootwrap.conf
root_helper_daemon = sudo {{ neutron_bin }}/neutron-rootwrap-daemon {{ neutron_conf_dir }}/rootwrap.conf
# Messaging
[oslo_messaging_rabbit]
ssl = {{ neutron_oslomsg_rpc_use_ssl }}
rpc_conn_pool_size = {{ neutron_rpc_conn_pool_size }}
# Notifications
[oslo_messaging_notifications]
{% set notification_topics = ['notifications'] %}
{% if neutron_designate_enabled %}
{% set _ = notification_topics.append(neutron_notifications_designate) %}
{% endif %}
topics = {{ notification_topics | join(',') }}
driver = messagingv2
transport_url = {{ neutron_oslomsg_notify_transport }}://{% for host in neutron_oslomsg_notify_servers.split(',') %}{{ neutron_oslomsg_notify_userid }}:{{ neutron_oslomsg_notify_password }}@{{ host }}:{{ neutron_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ neutron_oslomsg_notify_vhost }}{% if neutron_oslomsg_notify_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
# Concurrency (locking mechanisms)
[oslo_concurrency]
lock_path = {{ neutron_lock_path }}
{% if neutron_services['neutron-server']['group'] in group_names and 'sfc' in neutron_plugin_base %}
# ODL-SFC
[sfc]
drivers = {{ (neutron_plugin_type == 'ml2.opendaylight') | ternary('odl_v2', 'ovs') }}
[flowclassifier]
drivers = {{ (neutron_plugin_type == 'ml2.opendaylight') | ternary('odl_v2', 'ovs') }}
{% endif %}