openstack-ansible-os_neutron/vars/main.yml
Erik Berg edf0a25ca2 l3 agent on network_hosts do dvr_snat, anywhere else dvr
With the change in queens of moving the neutron agents from
containers onto the network_hosts, if those hosts happen to
also be your nova_computes, VM's without a floating ip would
lose north/south network.

Checking for physical_host_group could make this patch work for
neutron_agents_containers on pike aswell, if we want to
backport it that far.

Change-Id: I6bb24a8719b3902d6f510c70705cdb63076a1a08
Signed-off-by: Erik Berg <openstack@slipsprogrammor.no>
2019-10-25 20:05:55 +02:00

544 lines
22 KiB
YAML

---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
###
### Open vSwitch
###
neutron_needs_openvswitch: >-
{{ (neutron_services['neutron-openvswitch-agent']['group'] in group_names and neutron_services['neutron-openvswitch-agent'].service_en | bool)
or (neutron_services['neutron-ovn-northd']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool)
or (neutron_services['neutron-ovn-controller']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool)
or ((neutron_services['neutron-server']['group'] not in group_names) and neutron_plugin_type == 'ml2.opendaylight') }}
# Set the Calico Felix agent executable destination path
calico_felix_bin: /usr/local/bin/calico-felix
###
### Python code details
###
neutron_pip_packages:
- neutron
- osprofiler
- PyMySQL
- python-memcached
- systemd-python
# Specific pip packages provided by the user
neutron_user_pip_packages: []
neutron_optional_oslomsg_amqp1_pip_packages:
- oslo.messaging[amqp1]
neutron_optional_bgp_pip_packages:
- neutron_dynamic_routing
neutron_optional_calico_pip_packages:
- networking-calico
- python-etcd
neutron_optional_fwaas_pip_packages:
- neutron_fwaas
neutron_optional_vpnaas_pip_packages:
- neutron_vpnaas
neutron_optional_opendaylight_pip_packages:
- networking-odl
- ceilometer
- networking-bgpvpn
neutron_optional_sfc_pip_packages:
- networking-sfc
neutron_proprietary_nuage_pip_packages:
- nuage-openstack-neutron
- nuage-openstack-neutronclient
- nuagenetlib
neutron_optional_ovn_pip_packages:
- networking-ovn
neutron_venv_packages: >-
{%- set pkg_list = neutron_pip_packages | union(neutron_user_pip_packages) %}
{%- if neutron_bgp | bool %}
{%- set _ = pkg_list.extend(neutron_optional_bgp_pip_packages) %}
{%- endif %}
{%- if (neutron_fwaas | bool) or (neutron_fwaas_v2 | bool) %}
{%- set _ = pkg_list.extend(neutron_optional_fwaas_pip_packages) %}
{%- endif %}
{%- if neutron_vpnaas | bool %}
{%- set _ = pkg_list.extend(neutron_optional_vpnaas_pip_packages) %}
{%- endif %}
{%- if neutron_sfc | bool %}
{%- set _ = pkg_list.extend(neutron_optional_sfc_pip_packages) %}
{%- endif %}
{%- if neutron_oslomsg_amqp1_enabled | bool %}
{%- set _ = pkg_list.extend(neutron_optional_oslomsg_amqp1_pip_packages) %}
{%- endif %}
{%- if (neutron_plugin_type.split('.')[-1] == 'calico') and
((neutron_services['neutron-server']['group'] in group_names) or
(neutron_services['calico-felix']['group'] in group_names) or
(neutron_services['calico-dhcp-agent']['group'] in group_names)) %}
{%- set _ = pkg_list.extend(neutron_optional_calico_pip_packages) %}
{%- endif %}
{%- if (neutron_plugin_type.split('.')[-1] == 'nuage') and
(neutron_services['neutron-server']['group'] in group_names) %}
{%- set _ = pkg_list.extend(neutron_optional_nuage_pip_packages) %}
{%- endif %}
{%- if neutron_plugin_type.split('.')[-1] == 'opendaylight' %}
{%- set _ = pkg_list.extend(neutron_optional_opendaylight_pip_packages) %}
{%- if 'sfc' in neutron_plugin_base %}
{%- set _ = pkg_list.extend(neutron_optional_sfc_pip_packages) %}
{%- endif %}
{%- endif %}
{%- if (neutron_plugin_type.split('.')[-1] == 'ovn') and
((neutron_services['neutron-server']['group'] in group_names) or
(neutron_services['neutron-ovn-northd']['group'] in group_names) or
(neutron_services['neutron-ovn-controller']['group'] in group_names)) %}
{%- set _ = pkg_list.extend(neutron_optional_ovn_pip_packages) %}
{%- endif %}
{{- pkg_list | unique }}
###
### Generic Neutron Config
###
neutron_conf_dir: /etc/neutron
neutron_lock_path: "/var/lock/neutron"
neutron_system_user_name: neutron
neutron_system_group_name: neutron
neutron_system_comment: neutron system user
neutron_system_shell: /bin/false
neutron_system_home_folder: "/var/lib/{{ neutron_system_user_name }}"
###
### DB (Galera) integration
###
neutron_db_config: "{{ neutron_conf_dir }}/neutron.conf"
neutron_db_plugin: "{{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}"
###
### Telemetry integration
###
# Please add 'metering' to the neutron_plugin_base list
#TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle
neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services.metering.metering_plugin.MeteringPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}"
###
### Neutron Plugins
###
neutron_plugin_core: "{{ neutron_plugins[neutron_plugin_type].plugin_core }}"
neutron_plugins:
ml2.lxb:
driver_firewall: iptables
driver_interface: linuxbridge
drivers_type: "{{ neutron_ml2_drivers_type }}"
l2_population: "{{ neutron_l2_population }}"
mechanisms: "linuxbridge"
l3_agent_mode: "legacy"
plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}"
plugin_core: ml2
plugin_ini: plugins/ml2/ml2_conf.ini
ml2.ovs:
driver_firewall: iptables_hybrid
driver_interface: openvswitch
drivers_type: "{{ neutron_ml2_drivers_type }}"
l2_population: "{{ neutron_l2_population }}"
mechanisms: "openvswitch"
l3_agent_mode: "legacy"
plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}"
plugin_core: ml2
plugin_ini: plugins/ml2/ml2_conf.ini
ml2.ovs.dvr:
driver_firewall: iptables_hybrid
driver_interface: openvswitch
drivers_type: "{{ neutron_ml2_drivers_type }}"
l2_population: "{{ neutron_l2_population }}"
mechanisms: "openvswitch"
l3_agent_mode: "{% if 'network_hosts' in group_names %}dvr_snat{% else %}dvr{% endif %}"
router_distributed: True
plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}"
plugin_core: ml2
plugin_ini: plugins/ml2/ml2_conf.ini
ml2.calico:
drivers_type: "flat, local"
mechanisms: "calico"
plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}"
plugin_core: ml2
plugin_ini: plugins/ml2/ml2_conf.ini
nuage:
plugin_core: nuage_neutron.plugins.nuage.plugin.NuagePlugin
plugin_ini: plugins/nuage/nuage.ini
plugin_conf_ini_overrides: "{{ neutron_nuage_conf_ini_overrides }}"
ml2.sriov:
driver_types: "{{ neutron_ml2_drivers_type }}"
mechanisms: "sriovnicswitch"
plugin_ini: plugins/ml2/sriov_nic_agent.ini
plugin_conf_ini_overrides: "{{ neutron_sriov_nic_agent_ini_overrides }}"
ml2.opendaylight:
drivers_type: "local,flat,vlan,gre,vxlan"
mechanisms: "opendaylight_v2"
plugin_conf_ini_overrides: "{{ neutron_opendaylight_conf_ini_overrides }}"
plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin
plugin_ini: plugins/ml2/ml2_conf.ini
driver_interface: "openvswitch"
l3_agent_mode: "legacy"
ml2.ovn:
drivers_type: "{{ neutron_ml2_drivers_type }}"
mechanisms: "ovn"
plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}"
plugin_core: ml2
plugin_ini: plugins/ml2/ml2_conf.ini
###
### ML2 Plugin Configuration
###
neutron_ml2_mechanism_drivers: >-
{%- set _var = [] -%}
{%- for plugin in [neutron_plugin_type]|union(neutron_plugin_types) -%}
{%- if _var.append(neutron_plugins[plugin].mechanisms) -%}{%- endif -%}
{%- endfor -%}
{%- if neutron_l2_population | bool -%}
{%- if _var.append('l2population') -%}{%- endif -%}
{%- endif -%}
{{ _var | join(',') }}
# OVS
_neutron_non_tunnel_types:
- flat
- vlan
- local
# Tunnel network types used by the OVS agent
neutron_tunnel_types: "{{ neutron_ml2_drivers_type.split(',') | difference(_neutron_non_tunnel_types) | join(',') }}"
# OpenDaylight
opendaylight_extra_features: |-
{%- set features = ['odl-netvirt-openstack'] -%}
{%- if 'sfc' in neutron_plugin_base -%}
{%- set features = ['odl-netvirt-sfc'] -%}
{%- endif -%}
{{ features }}
opendaylight_install_method: "{{ (ansible_os_family=='Debian') | ternary('deb_repo', 'rpm_repo') }}"
ovs_manager_list: |-
{% set ovs_managers_odls = [] %}
{% for odl_ip_address in groups[neutron_services['neutron-server']['group']] | map('extract', hostvars, 'ansible_host') | list -%}
{% set _ = ovs_managers_odls.append('tcp:' ~ odl_ip_address ~ ':6640') %}
{%- endfor %}
{{ ovs_managers_odls | join(' ') }}
###
### L3 Agent Plugin Configuration
###
## Please add 'router' to the neutron_plugin_base list
#TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle
# Should the neutron-l3-agent service should be enabled on the host
neutron_l3: "{% if 'router' in neutron_plugin_base or 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' in neutron_plugin_base or 'df-l3' in neutron_plugin_base %}True{% else %}False{% endif %}"
###
### DHCP Agent Plugin Configuration
###
neutron_dhcp: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}"
###
### Metadata Agent Plugin Configuration
###
neutron_metadata: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}"
###
### FWaaS Plugin Configuration
###
# Please add the 'firewall' to the neutron_plugin_base list
neutron_fwaas: "{{ ('firewall' in neutron_plugin_base) | ternary('True', 'False') }}"
neutron_fwaas_v2: "{{ ('firewall_v2' in neutron_plugin_base) | ternary('True', 'False') }}"
###
### VPNaaS Plugin Configuration
###
# Please add the 'vpnaas' to the neutron_plugin_base list
neutron_vpnaas: "{% if 'vpnaas' in neutron_plugin_base %}True{% else %}False{% endif %}"
## Neutron Dynamic Routing Agent's BGP Plugin Configuration
# To enable the BGP plugin, add the following item to the neutron_plugin_base list:
# neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin
#
# NOTE(matias): BgpPlugin doesn't have entry points and the full classpath
# is required.
neutron_bgp: "{% if 'neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}"
neutron_bgp_speaker_driver: neutron_dynamic_routing.services.bgp.agent.driver.os_ken.driver.OsKenBgpDriver
neutron_bgp_router_id: "{{ neutron_local_ip }}"
###
### port_forwarding
###
neutron_port_forwarding: "{{ ('port_forwarding' in neutron_plugin_base) | ternary('True', 'False') }}"
###
### Service Function Chaining
###
neutron_sfc: "{{ ('sfc' in neutron_plugin_base) | ternary('True', 'False') }}"
###
### Services info
###
#
# Compile a list of the services on a host based on whether
# the host is in the host group and the service is enabled.
# The service list is provided in the defined start order.
#
filtered_neutron_services: |-
{% set services = [] %}
{% for key, value in neutron_services.items() %}
{% if (value['group'] in group_names) and
(('service_en' not in value) or
('service_en' in value and value['service_en'])) %}
{% set _ = value.update({'service_key': key}) %}
{% set _ = services.append(value) %}
{% endif %}
{% endfor %}
{{ services | sort(attribute='start_order') }}
###
### Internals: neutron_services mappings
###
neutron_services:
neutron-dhcp-agent:
group: neutron_dhcp_agent
service_name: neutron-dhcp-agent
service_en: "{{ neutron_dhcp | bool }}"
service_conf_path: "{{ neutron_conf_dir }}"
service_conf: dhcp_agent.ini
service_rootwrap: rootwrap.d/dhcp.filters
execstarts: "{{ neutron_bin }}/neutron-dhcp-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/dhcp_agent.ini"
config_overrides: "{{ neutron_dhcp_agent_ini_overrides }}"
config_type: "ini"
init_config_overrides: "{{ neutron_dhcp_agent_init_overrides }}"
start_order: 3
neutron-openvswitch-agent:
group: neutron_openvswitch_agent
service_name: neutron-openvswitch-agent
service_en: "{{ neutron_plugin_type in ['ml2.ovs', 'ml2.ovs.dvr'] }}"
service_conf_path: "{{ neutron_conf_dir }}"
service_conf: plugins/ml2/openvswitch_agent.ini
service_rootwrap: rootwrap.d/openvswitch-plugin.filters
execstarts: "{{ neutron_bin }}/neutron-openvswitch-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/openvswitch_agent.ini"
config_overrides: "{{ neutron_openvswitch_agent_ini_overrides }}"
config_type: "ini"
init_config_overrides: "{{ neutron_openvswitch_agent_init_overrides }}"
start_order: 2
neutron-linuxbridge-agent:
group: neutron_linuxbridge_agent
service_name: neutron-linuxbridge-agent
service_en: "{{ neutron_plugin_type == 'ml2.lxb' }}"
service_conf_path: "{{ neutron_conf_dir }}"
service_conf: plugins/ml2/linuxbridge_agent.ini
service_rootwrap: rootwrap.d/linuxbridge-plugin.filters
execstarts: "{{ neutron_bin }}/neutron-linuxbridge-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/linuxbridge_agent.ini"
config_overrides: "{{ neutron_linuxbridge_agent_ini_overrides }}"
config_type: "ini"
init_config_overrides: "{{ neutron_linuxbridge_agent_init_overrides }}"
start_order: 2
neutron-metadata-agent:
group: neutron_metadata_agent
service_name: neutron-metadata-agent
service_en: "{{ neutron_metadata | bool }}"
service_conf_path: "{{ neutron_conf_dir }}"
service_conf: metadata_agent.ini
execstarts: "{{ neutron_bin }}/neutron-metadata-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metadata_agent.ini"
config_overrides: "{{ neutron_metadata_agent_ini_overrides }}"
config_type: "ini"
init_config_overrides: "{{ neutron_metadata_agent_init_overrides }}"
start_order: 3
neutron-metering-agent:
group: neutron_metering_agent
service_name: neutron-metering-agent
service_en: "{{ neutron_metering | bool }}"
service_conf_path: "{{ neutron_conf_dir }}"
service_conf: metering_agent.ini
execstarts: "{{ neutron_bin }}/neutron-metering-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metering_agent.ini"
config_overrides: "{{ neutron_metering_agent_ini_overrides }}"
config_type: "ini"
init_config_overrides: "{{ neutron_metering_agent_init_overrides }}"
# Other agents will use neutron_plugins[neutron_plugin_type].driver_interface
# for the interface_driver, but that uses a stevedore alias. Metering agent
# hasn't been updated to use stevedore alises so that fails. To work around
# the problem until metering agent is updated, we should use the full
# module.class path to the interface driver.
# TODO(hughsaunders): switch back to stevedore when
# https://review.openstack.org/#/c/419881/ merges and is backported.
interface_driver: neutron.agent.linux.interface.BridgeInterfaceDriver
start_order: 3
neutron-l3-agent:
group: neutron_l3_agent
service_name: neutron-l3-agent
service_en: "{{ neutron_l3 | bool }}"
service_conf_path: "{{ neutron_conf_dir }}"
service_conf: l3_agent.ini
service_rootwrap: rootwrap.d/l3.filters
environment:
PATH: "{{ neutron_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
execstarts: "{{ neutron_bin }}/neutron-l3-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/l3_agent.ini"
config_overrides: "{{ neutron_l3_agent_ini_overrides }}"
config_type: "ini"
init_config_overrides: "{{ neutron_l3_agent_init_overrides }}"
start_order: 3
neutron-bgp-dragent:
group: neutron_bgp_dragent
service_name: neutron-bgp-dragent
service_en: "{{ neutron_bgp | bool }}"
service_conf_path: "{{ neutron_conf_dir }}"
service_conf: bgp_dragent.ini
execstarts: "{{ neutron_bin }}/neutron-bgp-dragent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/bgp_dragent.ini"
config_overrides: "{{ neutron_bgp_dragent_ini_overrides }}"
config_type: "ini"
init_config_overrides: "{{ neutron_bgp_dragent_init_overrides }}"
start_order: 3
# TODO(mnaser): neutron-vpnaas-agent binary was dropped in Queens
# and replaced by a plugin to neutron-l3-agent. We missed
# this in Queens, so let's remove this in T to disable
# the service.
neutron-vpnaas-agent:
group: neutron_l3_agent
service_name: neutron-vpn-agent
service_en: false
service_conf_path: "{{ neutron_conf_dir }}"
service_conf: vpnaas_agent.ini
service_rootwrap: rootwrap.d/vpnaas.filters
execstarts: "{{ neutron_bin }}/neutron-vpn-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/vpnaas_agent.ini"
config_overrides: "{{ neutron_vpnaas_agent_ini_overrides }}"
config_type: "ini"
init_config_overrides: "{{ neutron_vpn_agent_init_overrides }}"
start_order: 3
neutron-server:
group: neutron_server
service_name: neutron-server
service_en: True
execstarts: "{{ neutron_bin }}/neutron-server --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}"
init_config_overrides: "{{ neutron_server_init_overrides }}"
start_order: 1
calico-felix:
group: neutron_calico_dhcp_agent
systemd_user_name: root
systemd_group_name: root
service_name: calico-felix
service_en: "{{ neutron_plugin_type == 'ml2.calico' }}"
service_conf_path: /etc/calico
service_conf: felix.cfg
execstarts: "{{ calico_felix_bin }} --config-file /etc/calico/felix.cfg"
config_overrides: "{{ neutron_calico_felix_ini_overrides }}"
config_type: "ini"
init_config_overrides: "{{ neutron_calico_felix_init_overrides }}"
start_order: 3
calico-dhcp-agent:
group: neutron_calico_dhcp_agent
systemd_user_name: root
systemd_group_name: root
service_name: calico-dhcp-agent
service_en: "{{ neutron_plugin_type == 'ml2.calico' }}"
service_rootwrap: rootwrap.d/dhcp.filters
execstarts: "{{ neutron_bin }}/calico-dhcp-agent --config-file {{ neutron_conf_dir }}/neutron.conf"
config_overrides: "{{ neutron_calico_dhcp_agent_ini_overrides }}"
config_type: "ini"
init_config_overrides: "{{ neutron_calico_dhcp_agent_init_overrides }}"
start_order: 3
neutron-sriov-nic-agent:
group: neutron_sriov_nic_agent
service_name: neutron-sriov-nic-agent
service_en: "{{ 'ml2.sriov' in neutron_plugin_types }}"
service_conf_path: "{{ neutron_conf_dir }}"
service_conf: plugins/ml2/sriov_nic_agent.ini
execstarts: "{{ neutron_bin }}/neutron-sriov-nic-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/sriov_nic_agent.ini"
config_overrides: "{{ neutron_sriov_nic_agent_ini_overrides }}"
config_type: "ini"
init_config_overrides: "{{ neutron_sriov_nic_agent_init_overrides }}"
start_order: 3
neutron-ovn-northd:
group: neutron_ovn_northd
service_en: False
neutron-ovn-controller:
group: neutron_ovn_controller
service_en: False
networking-ovn-metadata-agent:
group: neutron_ovn_controller
systemd_user_name: root
systemd_group_name: root
service_name: networking-ovn-metadata-agent
service_en: "{{ neutron_plugin_type == 'ml2.ovn' }}"
service_conf_path: "{{ neutron_conf_dir }}"
service_conf: networking_ovn_metadata_agent.ini
service_rootwrap: rootwrap.d/ovn-plugin.filters
execstarts: "{{ neutron_bin }}/networking-ovn-metadata-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/networking_ovn_metadata_agent.ini"
config_overrides: "{{ neutron_ovn_metadata_agent_ini_overrides }}"
config_type: "ini"
init_config_overrides: "{{ neutron_ovn_metadata_agent_init_overrides }}"
start_order: 3
###
### Internals: Drivers mappings
###
neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
neutron_driver_metering: neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver
neutron_driver_dhcp: neutron.agent.linux.dhcp.Dnsmasq
neutron_driver_quota: neutron.db.quota.driver.DbQuotaDriver
###
### Internals: py_pkgs
###
# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
neutron_role_project_group: neutron_all
###
### Internals: files central to neutron we can override
###
neutron_core_files:
- tmp_f: "/tmp/api-paste.ini.original"
target_f: "{{ neutron_conf_dir }}/api-paste.ini"
config_overrides: "{{ _neutron_api_paste_ini_overrides | combine(neutron_api_paste_ini_overrides, recursive=True) }}"
config_type: "ini"
- tmp_f: "/tmp/rootwrap.conf.original"
target_f: "{{ neutron_conf_dir }}/rootwrap.conf"
config_overrides: "{{ _neutron_rootwrap_conf_overrides | combine(neutron_rootwrap_conf_overrides, recursive=True) }}"
config_type: "ini"
owner: "root"
group: "{{ neutron_system_group_name }}"
mode: "0640"