openstack-ansible-os_neutron/defaults/main.yml

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

###
### Verbosity Options
###

debug: False

###
### Packages Options
###

# Set the package install state for distribution
# Options are 'present' and 'latest'
neutron_package_state: "latest"

###
### Python code details
###

# Set the package install state for pip_package
# Options are 'present' and 'latest'
neutron_pip_package_state: "latest"

# Source git repo/branch settings
neutron_git_repo: https://git.openstack.org/openstack/neutron
neutron_git_install_branch: master
neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas
neutron_fwaas_git_install_branch: master
neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas
neutron_lbaas_git_install_branch: master
neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas
neutron_vpnaas_git_install_branch: master
neutron_dynamic_routing_git_repo: https://git.openstack.org/openstack/neutron-dynamic-routing
neutron_dynamic_routing_git_install_branch: master
networking_calico_git_repo: https://git.openstack.org/openstack/networking-calico
networking_calico_git_install_branch: master
dragonflow_git_repo: https://git.openstack.org/openstack/dragonflow
dragonflow_git_install_branch: master

# Developer mode
neutron_developer_mode: false

# Name of the virtual env to deploy into
neutron_venv_tag: untagged

# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
neutron_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/neutron.tgz

###
### Generic Neutron Config
###

# Fatal Deprecations
neutron_fatal_deprecations: False

# If ``neutron_api_workers`` is unset the system will use half the number of available VCPUs to
# compute the number of api workers to use with a default capping value of 16.
# neutron_api_workers: 16

## Cap the maximun number of threads / workers when a user value is unspecified.
neutron_api_threads_max: 16
neutron_api_threads: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, neutron_api_threads_max] | min }}"

neutron_agent_down_time: 120
neutron_agent_polling_interval: 5
neutron_report_interval: "{{ neutron_agent_down_time | int / 2 | int }}"

neutron_external_network_bridge: ""

neutron_dns_domain: openstacklocal

# If ``neutron_num_sync_threads`` is unset, the system will use the value of
# neutron_api_threads in templates/dhcp_agent.ini.j2 for num_sync_threads.
# neutron_num_sync_threads: 4

###
### Tunable Overrides (Sorted alphabetically)
###

# These variables facilitate adding config file entries
# for anything supported by the service. See the section
# 'Overriding OpenStack configuration defaults' in the
# 'Advanced configuration' appendix of the Deploy Guide.
neutron_api_paste_ini_overrides: {}
neutron_bgp_dragent_ini_overrides: {}
neutron_bgp_dragent_init_overrides: {}
neutron_calico_dhcp_agent_ini_overrides: {}
neutron_calico_dhcp_agent_init_overrides: {}
neutron_calico_felix_ini_overrides: {}
neutron_calico_felix_init_overrides: {}
neutron_dhcp_agent_ini_overrides: {}
neutron_dhcp_agent_init_overrides: {}
neutron_dnsmasq_neutron_conf_overrides: {}
neutron_dragonflow_controller_agent_init_overrides: {}
neutron_dragonflow_ini_overrides: {}
neutron_dragonflow_l3_agent_init_overrides: {}
neutron_dragonflow_pubsub_agent_init_overrides: {}
neutron_l3_agent_ini_overrides: {}
neutron_l3_agent_init_overrides: {}
neutron_lbaas_agent_ini_overrides: {}
neutron_lbaas_agent_init_overrides: {}
neutron_linuxbridge_agent_ini_overrides: {}
neutron_linuxbridge_agent_init_overrides: {}
neutron_metadata_agent_ini_overrides: {}
neutron_metadata_agent_init_overrides: {}
neutron_metering_agent_ini_overrides: {}
neutron_metering_agent_init_overrides: {}
neutron_ml2_conf_ini_overrides: {}
neutron_neutron_conf_overrides: {}
neutron_nuage_conf_ini_overrides: {}
neutron_openvswitch_agent_ini_overrides: {}
neutron_openvswitch_agent_init_overrides: {}
# Provide a list of access controls to update the default policy.json with.
# These changes will be merged
# with the access controls in the default policy.json. E.g.
#neutron_policy_overrides:
#  "create_subnet": "rule:admin_or_network_owner"
#  "get_subnet": "rule:admin_or_owner or rule:shared"
neutron_policy_overrides: {}
neutron_rootwrap_conf_overrides: {}
neutron_server_init_overrides: {}
neutron_sriov_nic_agent_ini_overrides: {}
neutron_sriov_nic_agent_init_overrides: {}
neutron_vpn_agent_init_overrides: {}
neutron_vpnaas_agent_ini_overrides: {}

###
### Quotas
###

neutron_default_quota: -1
neutron_quota_floatingip: 50
neutron_quota_health_monitor: -1
neutron_quota_member: -1
neutron_quota_network: 10
neutron_quota_network_gateway: 5
neutron_quota_packet_filter: 100
neutron_quota_pool: 10
neutron_quota_port: 50
neutron_quota_router: 10
neutron_quota_security_group: 10
neutron_quota_security_group_rule: 100
neutron_quota_subnet: 10
neutron_quota_vip: 10

###
### DB (Galera) integration
###

neutron_galera_user: neutron
neutron_galera_database: neutron
neutron_db_max_overflow: 20
neutron_db_pool_size: 120
neutron_db_pool_timeout: 30

###
### RPC (RabbitMQ) integration
###

neutron_rabbitmq_userid: neutron
neutron_rabbitmq_vhost: /neutron
neutron_rabbitmq_port: 5672
neutron_rabbitmq_servers: 127.0.0.1
neutron_rabbitmq_use_ssl: False
neutron_rpc_thread_pool_size: 64
neutron_rpc_conn_pool_size: 30
neutron_rpc_response_timeout: 60
neutron_rpc_workers: 1

###
### Identity (Keystone) integration
###

neutron_service_project_name: service
neutron_service_project_domain_id: default
neutron_service_user_domain_id: default
neutron_service_role_name: admin
neutron_service_user_name: neutron
neutron_service_name: neutron
neutron_service_type: network
neutron_service_description: "OpenStack Networking"
neutron_service_port: 9696
neutron_service_proto: http
neutron_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(neutron_service_proto) }}"
neutron_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(neutron_service_proto) }}"
neutron_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(neutron_service_proto) }}"
neutron_service_publicuri: "{{ neutron_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}"
neutron_service_publicurl: "{{ neutron_service_publicuri }}"
neutron_service_adminuri: "{{ neutron_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
neutron_service_adminurl: "{{ neutron_service_adminuri }}"
neutron_service_internaluri: "{{ neutron_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
neutron_service_internalurl: "{{ neutron_service_internaluri }}"
neutron_service_region: RegionOne
neutron_keystone_auth_plugin: "{{ neutron_keystone_auth_type }}"
neutron_keystone_auth_type: password
neutron_service_in_ldap: false

###
### Telemetry integration
###

neutron_ceilometer_enabled: False

# Configuration for notifications communication, i.e. [oslo_messaging_notifications]
neutron_rabbitmq_telemetry_userid: "{{ neutron_rabbitmq_userid }}"
neutron_rabbitmq_telemetry_password: "{{ neutron_rabbitmq_password }}"
neutron_rabbitmq_telemetry_vhost: "{{ neutron_rabbitmq_vhost }}"
neutron_rabbitmq_telemetry_port: "{{ neutron_rabbitmq_port }}"
neutron_rabbitmq_telemetry_servers: "{{ neutron_rabbitmq_servers }}"
neutron_rabbitmq_telemetry_use_ssl: "{{ neutron_rabbitmq_use_ssl }}"

###
### Designate integration
###

neutron_designate_enabled: False

# Notifications topic for designate
neutron_notifications_designate: notifications_designate

###
### Plugins Loading
###

# Other plugins can be added to the system by simply extending the list `neutron_plugin_base`.
# neutron_plugin_base:
#   - router
#   - firewall
#   - lbaas
#   - neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin
#   - vpnaas
#   - metering
#   - qos
#   - dns
neutron_plugin_base:
  - router
  - metering

###
### ML2 Plugin Configuration
###

# The neutron core plugin (ML2) is defined with neutron_plugin_type,
# you can not load multiple ML2 plugins as core.
neutron_plugin_type: 'ml2.lxb'

# Additional ML2 plugins can be loaded with neutron_plugin_types (as list)
neutron_plugin_types: []

# ml2 network type drivers to load
neutron_ml2_drivers_type: "flat,vlan,vxlan,local"

# Enable or disable L2 Population.
neutron_l2_population: "False"

neutron_vxlan_enabled: true

## The neutron multicast group address. This should be set as a host variable if used.
neutron_vxlan_group: "239.1.1.1"

neutron_sriov_excluded_devices: ""

# neutron_local_ip is used for the VXLAN local tunnel endpoint
neutron_local_ip: 127.0.0.1

## Set this variable to configure the provider networks that will be available
## When setting up networking in things like the ml2_conf.ini file. Normally
## this will be defined as a host variable used within neutron as network configuration
## are likely to differ in between hosts.
# neutron_provider_networks:
#   network_flat_networks: "flat"
#   network_mappings: "flat:eth12,vlan:eth11"
#   network_types: "vxlan,flat,vlan"
#   network_vlan_ranges: "vlan:1:1,vlan:1024:1025"
#   network_vxlan_ranges: "1:1000"
#   network_sriov_mappings: "vlan:p4p1"

###
### L3 Agent Plugin Configuration
###

neutron_gateway_external_network_id: ""

# Set this option to "true" to enable legacy neutron L3HA tool support
# TODO(cloudnull): Remove this in the Ocata cycle
neutron_legacy_ha_tool_enabled: false

# L3HA configuration options
neutron_ha_vrrp_auth_type: PASS
neutron_l3_ha_net_cidr: 169.254.192.0/18

###
### DHCP Agent Plugin Configuration
###

# Comma-separated list of DNS servers which will be used by dnsmasq as forwarders.
neutron_dnsmasq_dns_servers: ""

# Limit number of leases to prevent a denial-of-service.
neutron_dnsmasq_lease_max: 16777216

###
### Metadata Agent Plugin Configuration
###

# If ``neutron_metadata_workers`` is unset the system will use half the number of available VCPUs to
# compute the number of api workers to use with a default capping value of 16.
# neutron_metadata_workers: 16
neutron_metadata_backlog: 4096

# When running in an AIO, we need to implement an iptables rule in any
# neutron_agent containers to that ensure instances can communicate with
# the neutron metadata service. This is necessary because in an AIO
# environment there are no physical interfaces involved in instance ->
# metadata requests, and this results in the checksums being incorrect.
neutron_metadata_checksum_fix: False

###
### LBaaS Configuration
###

# See documentation section titled "Configuring the Network Load Balancing
# Service (Optional)" for more details.
neutron_octavia_request_poll_timeout: 100

###
### Dragonflow Configuration
###

# neutron_management_ip is used to configure the location (IP) of the
# neutron-server
neutron_management_ip: 127.0.0.1

# Calico Felix agent upstream settings
calico_felix_url: "https://github.com/projectcalico/felix/releases/download/{{ calico_felix_version }}/calico-felix"
calico_felix_version: 2.3.0
calico_felix_sha256: 6cc538d6d93d2b5e732841769f427ce61a4e7d9a6eedf4ca8d33c4df42cf6419
calico_felix_validate_certs: yes

# Database specific configuration
dragonflow_remote_db_ip: 127.0.0.1 # etcd has local proxy installed
dragonflow_remote_db_port: 4001
dragonflow_port_status_notifier:
dragonflow_apps:
    - l2_app.L2App
    - l3_proactive_app.L3ProactiveApp
    - dhcp_app.DHCPApp
    - dnat_app.DNATApp
    - sg_app.SGApp
    - portsec_app.PortSecApp
dragonflow_ex_peer_patch_port: patch-int
dragonflow_int_peer_patch_port: patch-ex
dragonflow_external_network_bridge: br-ex
dragonflow_publisher_bind_address: "*"