openstack/openstack-ansible-os_octavia
Code Issues Proposed changes
3b6f39ffbd
openstack-ansible-os_octavia/templates/octavia.conf.j2
Dmitriy Rabotyagov 03f797df2a Define ovn provider agent when OVN is used 
Defining OVN provider agent is required for the OVN driver as it is
responsible for connection to NB DB and listens to the events in it.

Without the any provider being enabled octavia-driver-agent service is
not doing anything. Moreover, assinged FIP to the LB VIP will not be
working properly, as that needs update to the LB inside of OVN, which
is performed only when agent detects changes to the VIP port.

Change-Id: I82b4cd6749f42220be799c3a3e0d6bc14255125f
2024-08-27 21:34:12 +02:00

221 lines
9.9 KiB
Django/Jinja
Raw Blame History

[DEFAULT]
debug = {{ debug }}
use_journal = True
executor_thread_pool_size = {{ octavia_rpc_thread_pool_size }}
rpc_conn_pool_size = {{ octavia_rpc_conn_pool_size }}
transport_url = {{ octavia_oslomsg_rpc_transport }}://{% for host in octavia_oslomsg_rpc_servers.split(',') %}{{ octavia_oslomsg_rpc_userid }}:{{ octavia_oslomsg_rpc_password }}@{{ host }}:{{ octavia_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _octavia_oslomsg_rpc_vhost_conf }}{% if octavia_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ octavia_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ octavia_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
[api_settings]
bind_host = {{ octavia_uwsgi_bind_address }}
bind_port = {{ octavia_service_port }}
healthcheck_enabled = True
auth_strategy = {{ octavia_auth_strategy }}
# Allow users to create TLS Terminated listeners?
allow_tls_terminated_listeners = {{ octavia_tls_listener_enabled }}
default_provider_driver = {{ octavia_default_provider_driver }}
enabled_provider_drivers = {{ octavia_enabled_provider_drivers | select() | join(',') }}
[oslo_messaging]
topic = octavia_prov
[oslo_messaging_rabbit]
ssl = {{ octavia_oslomsg_rpc_use_ssl }}
rabbit_quorum_queue = {{ octavia_oslomsg_rabbit_quorum_queues }}
rabbit_transient_quorum_queue = {{ octavia_oslomsg_rabbit_transient_quorum_queues }}
rabbit_qos_prefetch_count = {{ octavia_oslomsg_rabbit_qos_prefetch_count }}
use_queue_manager = {{ octavia_oslomsg_rabbit_queue_manager }}
{% if octavia_oslomsg_rabbit_queue_manager %}
hostname = {{ [ansible_facts['hostname'], octavia_service_name] | join('-') }}
{% endif %}
rabbit_stream_fanout = {{ octavia_oslomsg_rabbit_stream_fanout }}
rabbit_quorum_delivery_limit = {{ octavia_oslomsg_rabbit_quorum_delivery_limit }}
rabbit_quorum_max_memory_bytes = {{ octavia_oslomsg_rabbit_quorum_max_memory_bytes }}
[oslo_messaging_notifications]
driver = {{ (octavia_oslomsg_notify_configure | bool) | ternary('messagingv2', 'noop') }}
transport_url = {{ octavia_oslomsg_notify_transport }}://{% for host in octavia_oslomsg_notify_servers.split(',') %}{{ octavia_oslomsg_notify_userid }}:{{ octavia_oslomsg_notify_password }}@{{ host }}:{{ octavia_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _octavia_oslomsg_notify_vhost_conf }}{% if octavia_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ octavia_oslomsg_notify_ssl_version }}&ssl_ca_file={{ octavia_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
[database]
connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}:{{ octavia_galera_port }}/{{ octavia_galera_database }}?charset=utf8{% if octavia_galera_use_ssl | bool %}&ssl_verify_cert=true{% if octavia_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ octavia_galera_ssl_ca_cert }}{% endif %}{% endif +%}
max_overflow = {{ octavia_db_max_overflow }}
max_pool_size = {{ octavia_db_max_pool_size }}
pool_timeout = {{ octavia_db_pool_timeout }}
connection_recycle_time = {{ octavia_db_connection_recycle_time }}
[health_manager]
bind_ip = 0.0.0.0
bind_port = {{ octavia_health_manager_port }}
# controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555
controller_ip_port_list = {% for host in octavia_hm_hosts.split(',') %}{{ host }}:{{ octavia_health_manager_port }}{% if not loop.last %},{% endif %}{% endfor %}
heartbeat_key = {{ octavia_health_hmac_key }}
# Enable provisioning status sync with neutron db
sync_provisioning_status = {{ octavia_sync_provisioning_status }}
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ octavia_keystone_auth_plugin }}
auth_url = {{ keystone_service_internaluri }}/v3
www_authenticate_uri = {{ keystone_service_internaluri }}/v3
auth_version = 3
project_domain_id = {{ octavia_service_project_domain_id }}
user_domain_id = {{ octavia_service_user_domain_id }}
project_name = {{ octavia_service_project_name }}
username = {{ octavia_service_user_name }}
password = {{ octavia_service_password }}
region_name = {{ keystone_service_region }}
auth_type = password
endpoint_type = {{ octavia_clients_endpoint }}
memcached_servers = {{ octavia_memcached_servers }}
token_cache_time = 300
service_token_roles = "{{ octavia_service_token_roles | join(',') }}"
service_token_roles_required = {{ octavia_service_token_roles_required | bool }}
service_type = {{ octavia_service_type }}
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
[certificates]
ca_certificate = /etc/octavia/certs/server_ca.pem
ca_private_key = /etc/octavia/certs/ca_key.pem
ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }}
signing_digest = sha256
{% if octavia_barbican_enabled %}
cert_manager = barbican_cert_manager
endpoint_type = {{ octavia_clients_endpoint }}
region_name = {{ keystone_service_region }}
{% endif %}
[haproxy_amphora]
{% if octavia_haproxy_amphora_template is defined %}
haproxy_template = {{ octavia_haproxy_amphora_template }}
{% endif %}
bind_port = {{ octavia_agent_port }}
client_cert = /etc/octavia/certs/client.pem
server_ca = /etc/octavia/certs/server_ca.pem
[controller_worker]
amp_active_retries = {{ octavia_amp_active_retries }}
amp_image_tag = {{ octavia_glance_image_tag }}
amp_image_owner_id = {{ octavia_amp_image_owner_id }}
amp_flavor_id = {{ octavia_nova_flavor_uuid }}
{% if octavia_ssh_enabled %}
amp_ssh_key_name = {{ octavia_ssh_key_name }}
{% endif %}
amp_boot_network_list = {{ octavia_neutron_management_network_uuid }}
amp_secgroup_list = {{ octavia_security_group_name }}
client_ca = /etc/octavia/certs/client_ca.pem
amphora_driver = {{ octavia_amphora_driver }}
compute_driver = {{ octavia_compute_driver }}
network_driver = {{ octavia_network_driver }}
{% if octavia_cinder_enabled %}
volume_driver = volume_cinder_driver
{% else %}
volume_driver = volume_noop_driver
{% endif %}
loadbalancer_topology = {{ octavia_loadbalancer_topology }}
[task_flow]
max_workers = {{ octavia_task_flow_max_workers }}
{% if octavia_coordination_enable %}
persistence_connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}/{{ octavia_galera_persistence_database }}?charset=utf8{% if octavia_galera_use_ssl | bool %}&ssl_verify_cert=true{% if octavia_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ octavia_galera_ssl_ca_cert }}{% endif %}{% endif +%}
jobboard_enabled = True
jobboard_backend_driver = {{ _octavia_jobboard_driver_map[octavia_coordination_driver] }}
jobboard_backend_hosts = {{ groups[octavia_coordination_group] | map('extract', hostvars, 'ansible_host') | list | join(',') }}
jobboard_backend_port = {{ octavia_coordination_port }}
jobboard_backend_namespace = {{ octavia_coordination_namespace }}
{% if octavia_coordination_driver == 'zookeeper' %}
jobboard_zookeeper_ssl_options = use_ssl:{{ octavia_coordination_client_ssl | bool }},verify_certs:{{ octavia_coordination_verify_cert | bool }}
{% endif %}
{% if octavia_coordination_driver == 'redis' %}
jobboard_redis_backend_ssl_options = ssl:{{ octavia_coordination_client_ssl | bool }},ssl_cert_reqs:{{ octavia_coordination_verify_cert | ternary('required', 'None') }}
{% endif %}
{% endif %}
[service_auth]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ octavia_keystone_auth_plugin }}
auth_url = {{ keystone_service_internaluri }}/v3
www_authenticate_uri = {{ keystone_service_internaluri }}/v3
auth_version = 3
project_domain_name = {{ octavia_service_project_domain_id }}
user_domain_name = {{ octavia_service_user_domain_id }}
project_name = {{ octavia_service_project_name }}
username = {{ octavia_service_user_name }}
password = {{ octavia_service_password }}
region_name = {{ keystone_service_region }}
auth_type = password
memcached_servers = {{ octavia_memcached_servers }}
valid_interfaces = {{ octavia_clients_endpoint }}
token_cache_time = 300
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
[octavia]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
[nova]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
enable_anti_affinity = {{ octavia_enable_anti_affinity }}
{% if octavia_amp_availability_zone %}availability_zone={{ octavia_amp_availability_zone }}{% endif %}
{% if octavia_cinder_enabled %}
[cinder]
service_name = {{ cinder_service_v3_name | default('cinderv3') }}
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
availability_zone = {{ cinder_default_availability_zone }}
volume_size = {{ octavia_cinder_volume_size }}
volume_type = {{ octavia_cinder_volume_type }}
volume_create_retry_interval = 5
volume_create_timeout = 50
volume_create_max_retries = 2
{% endif %}
[glance]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
[neutron]
region_name = {{ keystone_service_region }}
valid_interfaces = {{ octavia_clients_endpoint }}
{% set _enabled_provider_agents = octavia_enabled_provider_agents | select() %}
{% if _enabled_provider_agents | length > 0 %}
[driver_agent]
enabled_provider_agents = {{ _enabled_provider_agents | join(',') }}
{% endif %}
{% if octavia_ovn_enabled %}
[ovn]
ovn_nb_connection = {{ octavia_ovn_nb_connection }}
ovn_sb_connection = {{ octavia_ovn_sb_connection }}
{% if octavia_ovn_ssl %}
ovn_sb_ca_cert={{ ["/etc/octavia/certs", octavia_ovn_ssl_ca_cert] | join('/') }}
ovn_sb_certificate={{ ["/etc/octavia/certs", octavia_ovn_ssl_cert] | join('/') }}
ovn_sb_private_key={{ ["/etc/octavia/certs", octavia_ovn_ssl_key] | join('/') }}
ovn_nb_ca_cert={{ ["/etc/octavia/certs", octavia_ovn_ssl_ca_cert] | join('/') }}
ovn_nb_certificate={{ ["/etc/octavia/certs", octavia_ovn_ssl_cert] | join('/') }}
ovn_nb_private_key={{ ["/etc/octavia/certs", octavia_ovn_ssl_key] | join('/') }}
{% endif %}
{% endif %}
View Git Blame Copy Permalink