[DEFAULT] debug = {{ debug }} use_journal = True executor_thread_pool_size = {{ octavia_rpc_thread_pool_size }} rpc_conn_pool_size = {{ octavia_rpc_conn_pool_size }} transport_url = {{ octavia_oslomsg_rpc_transport }}://{% for host in octavia_oslomsg_rpc_servers.split(',') %}{{ octavia_oslomsg_rpc_userid }}:{{ octavia_oslomsg_rpc_password }}@{{ host }}:{{ octavia_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _octavia_oslomsg_rpc_vhost_conf }}{% if octavia_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ octavia_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ octavia_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} [api_settings] bind_host = {{ octavia_uwsgi_bind_address }} bind_port = {{ octavia_service_port }} healthcheck_enabled = True auth_strategy = {{ octavia_auth_strategy }} # Allow users to create TLS Terminated listeners? allow_tls_terminated_listeners = {{ octavia_tls_listener_enabled }} default_provider_driver = {{ octavia_default_provider_driver }} enabled_provider_drivers = {{ octavia_enabled_provider_drivers | select() | join(',') }} [oslo_messaging] topic = octavia_prov [oslo_messaging_rabbit] ssl = {{ octavia_oslomsg_rpc_use_ssl }} rabbit_quorum_queue = {{ octavia_oslomsg_rabbit_quorum_queues }} rabbit_transient_quorum_queue = {{ octavia_oslomsg_rabbit_transient_quorum_queues }} rabbit_qos_prefetch_count = {{ octavia_oslomsg_rabbit_qos_prefetch_count }} use_queue_manager = {{ octavia_oslomsg_rabbit_queue_manager }} {% if octavia_oslomsg_rabbit_queue_manager %} hostname = {{ [ansible_facts['hostname'], octavia_service_name] | join('-') }} {% endif %} rabbit_stream_fanout = {{ octavia_oslomsg_rabbit_stream_fanout }} rabbit_quorum_delivery_limit = {{ octavia_oslomsg_rabbit_quorum_delivery_limit }} rabbit_quorum_max_memory_bytes = {{ octavia_oslomsg_rabbit_quorum_max_memory_bytes }} [oslo_messaging_notifications] driver = {{ (octavia_oslomsg_notify_configure | bool) | ternary('messagingv2', 'noop') }} transport_url = {{ octavia_oslomsg_notify_transport }}://{% for host in octavia_oslomsg_notify_servers.split(',') %}{{ octavia_oslomsg_notify_userid }}:{{ octavia_oslomsg_notify_password }}@{{ host }}:{{ octavia_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _octavia_oslomsg_notify_vhost_conf }}{% if octavia_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ octavia_oslomsg_notify_ssl_version }}&ssl_ca_file={{ octavia_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} [database] connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}:{{ octavia_galera_port }}/{{ octavia_galera_database }}?charset=utf8{% if octavia_galera_use_ssl | bool %}&ssl_verify_cert=true{% if octavia_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ octavia_galera_ssl_ca_cert }}{% endif %}{% endif +%} max_overflow = {{ octavia_db_max_overflow }} max_pool_size = {{ octavia_db_max_pool_size }} pool_timeout = {{ octavia_db_pool_timeout }} connection_recycle_time = {{ octavia_db_connection_recycle_time }} [health_manager] bind_ip = 0.0.0.0 bind_port = {{ octavia_health_manager_port }} # controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555 controller_ip_port_list = {% for host in octavia_hm_hosts.split(',') %}{{ host }}:{{ octavia_health_manager_port }}{% if not loop.last %},{% endif %}{% endfor %} heartbeat_key = {{ octavia_health_hmac_key }} # Enable provisioning status sync with neutron db sync_provisioning_status = {{ octavia_sync_provisioning_status }} [keystone_authtoken] insecure = {{ keystone_service_internaluri_insecure | bool }} auth_type = {{ octavia_keystone_auth_plugin }} auth_url = {{ keystone_service_internaluri }}/v3 www_authenticate_uri = {{ keystone_service_internaluri }}/v3 auth_version = 3 project_domain_id = {{ octavia_service_project_domain_id }} user_domain_id = {{ octavia_service_user_domain_id }} project_name = {{ octavia_service_project_name }} username = {{ octavia_service_user_name }} password = {{ octavia_service_password }} region_name = {{ keystone_service_region }} auth_type = password endpoint_type = {{ octavia_clients_endpoint }} memcached_servers = {{ octavia_memcached_servers }} token_cache_time = 300 service_token_roles = "{{ octavia_service_token_roles | join(',') }}" service_token_roles_required = {{ octavia_service_token_roles_required | bool }} service_type = {{ octavia_service_type }} # if your memcached server is shared, use these settings to avoid cache poisoning memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcached_encryption_key }} [certificates] ca_certificate = /etc/octavia/certs/server_ca.pem ca_private_key = /etc/octavia/certs/ca_key.pem ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }} signing_digest = sha256 {% if octavia_barbican_enabled %} cert_manager = barbican_cert_manager endpoint_type = {{ octavia_clients_endpoint }} region_name = {{ keystone_service_region }} {% endif %} [haproxy_amphora] {% if octavia_haproxy_amphora_template is defined %} haproxy_template = {{ octavia_haproxy_amphora_template }} {% endif %} bind_port = {{ octavia_agent_port }} client_cert = /etc/octavia/certs/client.pem server_ca = /etc/octavia/certs/server_ca.pem [controller_worker] amp_active_retries = {{ octavia_amp_active_retries }} amp_image_tag = {{ octavia_glance_image_tag }} amp_image_owner_id = {{ octavia_amp_image_owner_id }} amp_flavor_id = {{ octavia_nova_flavor_uuid }} {% if octavia_ssh_enabled %} amp_ssh_key_name = {{ octavia_ssh_key_name }} {% endif %} amp_boot_network_list = {{ octavia_neutron_management_network_uuid }} amp_secgroup_list = {{ octavia_security_group_name }} client_ca = /etc/octavia/certs/client_ca.pem amphora_driver = {{ octavia_amphora_driver }} compute_driver = {{ octavia_compute_driver }} network_driver = {{ octavia_network_driver }} {% if octavia_cinder_enabled %} volume_driver = volume_cinder_driver {% else %} volume_driver = volume_noop_driver {% endif %} loadbalancer_topology = {{ octavia_loadbalancer_topology }} [task_flow] max_workers = {{ octavia_task_flow_max_workers }} {% if octavia_coordination_enable %} persistence_connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}/{{ octavia_galera_persistence_database }}?charset=utf8{% if octavia_galera_use_ssl | bool %}&ssl_verify_cert=true{% if octavia_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ octavia_galera_ssl_ca_cert }}{% endif %}{% endif +%} jobboard_enabled = True jobboard_backend_driver = {{ _octavia_jobboard_driver_map[octavia_coordination_driver] }} jobboard_backend_hosts = {{ groups[octavia_coordination_group] | map('extract', hostvars, 'ansible_host') | list | join(',') }} jobboard_backend_port = {{ octavia_coordination_port }} jobboard_backend_namespace = {{ octavia_coordination_namespace }} {% if octavia_coordination_driver == 'zookeeper' %} jobboard_zookeeper_ssl_options = use_ssl:{{ octavia_coordination_client_ssl | bool }},verify_certs:{{ octavia_coordination_verify_cert | bool }} {% endif %} {% if octavia_coordination_driver == 'redis' %} jobboard_redis_backend_ssl_options = ssl:{{ octavia_coordination_client_ssl | bool }},ssl_cert_reqs:{{ octavia_coordination_verify_cert | ternary('required', 'None') }} {% endif %} {% endif %} [service_auth] insecure = {{ keystone_service_internaluri_insecure | bool }} auth_plugin = {{ octavia_keystone_auth_plugin }} auth_url = {{ keystone_service_internaluri }}/v3 www_authenticate_uri = {{ keystone_service_internaluri }}/v3 auth_version = 3 project_domain_name = {{ octavia_service_project_domain_id }} user_domain_name = {{ octavia_service_user_domain_id }} project_name = {{ octavia_service_project_name }} username = {{ octavia_service_user_name }} password = {{ octavia_service_password }} region_name = {{ keystone_service_region }} auth_type = password memcached_servers = {{ octavia_memcached_servers }} valid_interfaces = {{ octavia_clients_endpoint }} token_cache_time = 300 # if your memcached server is shared, use these settings to avoid cache poisoning memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcached_encryption_key }} [octavia] region_name = {{ keystone_service_region }} endpoint_type = {{ octavia_clients_endpoint }} [nova] region_name = {{ keystone_service_region }} endpoint_type = {{ octavia_clients_endpoint }} enable_anti_affinity = {{ octavia_enable_anti_affinity }} {% if octavia_amp_availability_zone %}availability_zone={{ octavia_amp_availability_zone }}{% endif %} {% if octavia_cinder_enabled %} [cinder] service_name = {{ cinder_service_v3_name | default('cinderv3') }} region_name = {{ keystone_service_region }} endpoint_type = {{ octavia_clients_endpoint }} availability_zone = {{ cinder_default_availability_zone }} volume_size = {{ octavia_cinder_volume_size }} volume_type = {{ octavia_cinder_volume_type }} volume_create_retry_interval = 5 volume_create_timeout = 50 volume_create_max_retries = 2 {% endif %} [glance] region_name = {{ keystone_service_region }} endpoint_type = {{ octavia_clients_endpoint }} [neutron] region_name = {{ keystone_service_region }} valid_interfaces = {{ octavia_clients_endpoint }} {% set _enabled_provider_agents = octavia_enabled_provider_agents | select() %} {% if _enabled_provider_agents | length > 0 %} [driver_agent] enabled_provider_agents = {{ _enabled_provider_agents | join(',') }} {% endif %} {% if octavia_ovn_enabled %} [ovn] ovn_nb_connection = {{ octavia_ovn_nb_connection }} ovn_sb_connection = {{ octavia_ovn_sb_connection }} {% if octavia_ovn_ssl %} ovn_sb_ca_cert={{ ["/etc/octavia/certs", octavia_ovn_ssl_ca_cert] | join('/') }} ovn_sb_certificate={{ ["/etc/octavia/certs", octavia_ovn_ssl_cert] | join('/') }} ovn_sb_private_key={{ ["/etc/octavia/certs", octavia_ovn_ssl_key] | join('/') }} ovn_nb_ca_cert={{ ["/etc/octavia/certs", octavia_ovn_ssl_ca_cert] | join('/') }} ovn_nb_certificate={{ ["/etc/octavia/certs", octavia_ovn_ssl_cert] | join('/') }} ovn_nb_private_key={{ ["/etc/octavia/certs", octavia_ovn_ssl_key] | join('/') }} {% endif %} {% endif %}