[DEFAULT] debug = {{ debug }} use_journal = True executor_thread_pool_size = {{ octavia_rpc_thread_pool_size }} rpc_conn_pool_size = {{ octavia_rpc_conn_pool_size }} transport_url = {{ octavia_oslomsg_rpc_transport }}://{% for host in octavia_oslomsg_rpc_servers.split(',') %}{{ octavia_oslomsg_rpc_userid }}:{{ octavia_oslomsg_rpc_password }}@{{ host }}:{{ octavia_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ octavia_oslomsg_rpc_vhost }}{% if octavia_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} [api_settings] bind_host = {{ octavia_uwsgi_bind_address }} bind_port = {{ octavia_service_port }} auth_strategy = {{ octavia_auth_strategy }} # Allow users to create TLS Terminated listeners? allow_tls_terminated_listeners = {{ octavia_tls_listener_enabled }} [oslo_messaging] topic = octavia_prov [oslo_messaging_rabbit] ssl = {{ octavia_oslomsg_rpc_use_ssl }} [oslo_messaging_notifications] driver = {{ (octavia_ceilometer_enabled | bool) | ternary('messagingv2', 'noop') }} transport_url = {{ octavia_oslomsg_notify_transport }}://{% for host in octavia_oslomsg_notify_servers.split(',') %}{{ octavia_oslomsg_notify_userid }}:{{ octavia_oslomsg_notify_password }}@{{ host }}:{{ octavia_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ octavia_oslomsg_notify_vhost }}{% if octavia_oslomsg_notify_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} [database] connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}/{{ octavia_galera_database }}?charset=utf8{% if octavia_galera_use_ssl | bool %}&ssl_ca={{ octavia_galera_ssl_ca_cert }}{% endif %} max_overflow = {{ octavia_db_max_overflow }} max_pool_size = {{ octavia_db_pool_size }} pool_timeout = {{ octavia_db_pool_timeout }} [health_manager] bind_ip = 0.0.0.0 bind_port = {{ octavia_health_manager_port }} # controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555 controller_ip_port_list = {% for host in octavia_hm_hosts.split(',') %}{{ host }}:{{ octavia_health_manager_port }}{% if not loop.last %},{% endif %}{% endfor %} heartbeat_key = {{ octavia_health_hmac_key }} # Enable provisioning status sync with neutron db sync_provisioning_status = {{ octavia_sync_provisioning_status }} [keystone_authtoken] insecure = {{ keystone_service_internaluri_insecure | bool }} auth_type = {{ octavia_keystone_auth_plugin }} auth_url = {{ keystone_service_internaluri }}/v3 www_authenticate_uri = {{ keystone_service_internaluri }}/v3 auth_version = 3 project_domain_id = {{ octavia_service_project_domain_id }} user_domain_id = {{ octavia_service_user_domain_id }} project_name = {{ octavia_service_project_name }} username = {{ octavia_service_user_name }} password = {{ octavia_service_password }} region_name = {{ keystone_service_region }} auth_type = password endpoint_type = {{ octavia_clients_endpoint }} memcached_servers = {{ octavia_memcached_servers }} token_cache_time = 300 service_token_roles = "{{ octavia_service_role_name }}" service_token_roles_required = True # if your memcached server is shared, use these settings to avoid cache poisoning memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcached_encryption_key }} [certificates] # cert_generator = local_cert_generator # For local certificate signing (development only): ca_certificate = /etc/octavia/certs/ca.pem ca_private_key = /etc/octavia/certs/ca_key.pem ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }} signing_digest = {{ octavia_signing_digest }} endpoint_type = {{ octavia_clients_endpoint }} [haproxy_amphora] {% if octavia_haproxy_amphora_template is defined %} haproxy_template = {{ octavia_haproxy_amphora_template }} {% endif %} bind_port = {{ octavia_agent_port }} client_cert = /etc/octavia/certs/client.pem server_ca = /etc/octavia/certs/server_ca.pem [controller_worker] amp_active_retries = {{ octavia_amp_active_retries }} amp_image_id = {{ octavia_amp_image_id }} amp_image_tag = {{ octavia_glance_image_tag }} amp_image_owner_id = {{ octavia_amp_image_owner_id }} amp_flavor_id = {{ octavia_nova_flavor_uuid }} amp_ssh_key_name = {{ octavia_ssh_key_name }} amp_ssh_access_allowed = {{ octavia_ssh_enabled }} amp_boot_network_list = {{ octavia_neutron_management_network_uuid }} amp_secgroup_list = {{ octavia_security_group_name }} client_ca = /etc/octavia/certs/client_ca.pem amphora_driver = {{ octavia_amphora_driver }} compute_driver = {{ octavia_compute_driver }} network_driver = {{ octavia_network_driver }} {% if octavia_cinder_enabled %} volume_driver = volume_cinder_driver {% else %} volume_driver = volume_noop_driver {% endif %} loadbalancer_topology = {{ octavia_loadbalancer_topology }} [task_flow] # engine = serial max_workers = {{ octavia_task_flow_max_workers }} [service_auth] insecure = {{ keystone_service_internaluri_insecure | bool }} auth_plugin = {{ octavia_keystone_auth_plugin }} auth_url = {{ keystone_service_internaluri }}/v3 www_authenticate_uri = {{ keystone_service_internaluri }}/v3 auth_version = 3 project_domain_name = {{ octavia_service_project_domain_id }} user_domain_name = {{ octavia_service_user_domain_id }} project_name = {{ octavia_service_project_name }} username = {{ octavia_service_user_name }} password = {{ octavia_service_password }} region_name = {{ keystone_service_region }} auth_type = password memcached_servers = {{ octavia_memcached_servers }} endpoint_type = {{ octavia_clients_endpoint }} token_cache_time = 300 # if your memcached server is shared, use these settings to avoid cache poisoning memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcached_encryption_key }} [octavia] region_name = {{ keystone_service_region }} endpoint_type = {{ octavia_clients_endpoint }} [nova] region_name = {{ keystone_service_region }} endpoint_type = {{ octavia_clients_endpoint }} enable_anti_affinity = {{ octavia_enable_anti_affinity }} {% if octavia_amp_availability_zone is defined %}availability_zone={{ octavia_amp_availability_zone }}{%endif%} {% if octavia_cinder_enabled %} [cinder] service_name = {{ cinder_service_v3_name | default('cinderv3') }} region_name = {{ keystone_service_region }} endpoint_type = {{ octavia_clients_endpoint }} availability_zone = nova volume_size = 16 volume_type = "volumes-hdd" volume_create_retry_interval = 5 volume_create_timeout = 50 volume_create_max_retries = 2 {% endif %} [glance] region_name = {{ keystone_service_region }} endpoint_type = {{ octavia_clients_endpoint }} [neutron] region_name = {{ keystone_service_region }} endpoint_type = {{ octavia_clients_endpoint }}