openstack/openstack-ansible-os_octavia
Code Issues Proposed changes
b4e90bf68f
openstack-ansible-os_octavia/templates/octavia.conf.j2
Satish Patel 1be636c5ab Removing spare_amphora_pool_size option 
Victoria and future releases going to deprecate this option.
https://docs.openstack.org/octavia/latest/configuration/configref.html#house_keeping.spare_amphora_pool_size

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/765544
Change-Id: I99425c9b65c6327636a94c00b32545553a705611
2020-12-05 00:22:47 +00:00

171 lines
6.5 KiB
Django/Jinja
Raw Blame History

[DEFAULT]
debug = {{ debug }}
use_journal = True
executor_thread_pool_size = {{ octavia_rpc_thread_pool_size }}
rpc_conn_pool_size = {{ octavia_rpc_conn_pool_size }}
transport_url = {{ octavia_oslomsg_rpc_transport }}://{% for host in octavia_oslomsg_rpc_servers.split(',') %}{{ octavia_oslomsg_rpc_userid }}:{{ octavia_oslomsg_rpc_password }}@{{ host }}:{{ octavia_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ octavia_oslomsg_rpc_vhost }}{% if octavia_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
[api_settings]
bind_host = {{ octavia_uwsgi_bind_address }}
bind_port = {{ octavia_service_port }}
auth_strategy = {{ octavia_auth_strategy }}
# Allow users to create TLS Terminated listeners?
allow_tls_terminated_listeners = {{ octavia_tls_listener_enabled }}
[oslo_messaging]
topic = octavia_prov
[oslo_messaging_rabbit]
ssl = {{ octavia_oslomsg_rpc_use_ssl }}
[oslo_messaging_notifications]
driver = {{ (octavia_ceilometer_enabled | bool) | ternary('messagingv2', 'noop') }}
transport_url = {{ octavia_oslomsg_notify_transport }}://{% for host in octavia_oslomsg_notify_servers.split(',') %}{{ octavia_oslomsg_notify_userid }}:{{ octavia_oslomsg_notify_password }}@{{ host }}:{{ octavia_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ octavia_oslomsg_notify_vhost }}{% if octavia_oslomsg_notify_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
[database]
connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}/{{ octavia_galera_database }}?charset=utf8{% if octavia_galera_use_ssl | bool %}&ssl_ca={{ octavia_galera_ssl_ca_cert }}{% endif %}
max_overflow = {{ octavia_db_max_overflow }}
max_pool_size = {{ octavia_db_pool_size }}
pool_timeout = {{ octavia_db_pool_timeout }}
[health_manager]
bind_ip = 0.0.0.0
bind_port = {{ octavia_health_manager_port }}
# controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555
controller_ip_port_list = {% for host in octavia_hm_hosts.split(',') %}{{ host }}:{{ octavia_health_manager_port }}{% if not loop.last %},{% endif %}{% endfor %}
heartbeat_key = {{ octavia_health_hmac_key }}
# Enable provisioning status sync with neutron db
sync_provisioning_status = {{ octavia_sync_provisioning_status }}
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ octavia_keystone_auth_plugin }}
auth_url = {{ keystone_service_internaluri }}/v3
www_authenticate_uri = {{ keystone_service_internaluri }}/v3
auth_version = 3
project_domain_id = {{ octavia_service_project_domain_id }}
user_domain_id = {{ octavia_service_user_domain_id }}
project_name = {{ octavia_service_project_name }}
username = {{ octavia_service_user_name }}
password = {{ octavia_service_password }}
region_name = {{ keystone_service_region }}
auth_type = password
endpoint_type = {{ octavia_clients_endpoint }}
memcached_servers = {{ octavia_memcached_servers }}
token_cache_time = 300
service_token_roles = "{{ octavia_service_role_name }}"
service_token_roles_required = True
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
[certificates]
# cert_generator = local_cert_generator
# For local certificate signing (development only):
ca_certificate = /etc/octavia/certs/ca.pem
ca_private_key = /etc/octavia/certs/ca_key.pem
ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }}
signing_digest = {{ octavia_signing_digest }}
endpoint_type = {{ octavia_clients_endpoint }}
[haproxy_amphora]
{% if octavia_haproxy_amphora_template is defined %}
haproxy_template = {{ octavia_haproxy_amphora_template }}
{% endif %}
bind_port = {{ octavia_agent_port }}
client_cert = /etc/octavia/certs/client.pem
server_ca = /etc/octavia/certs/server_ca.pem
[controller_worker]
amp_active_retries = {{ octavia_amp_active_retries }}
amp_image_id = {{ octavia_amp_image_id }}
amp_image_tag = {{ octavia_glance_image_tag }}
amp_image_owner_id = {{ octavia_amp_image_owner_id }}
amp_flavor_id = {{ octavia_nova_flavor_uuid }}
amp_ssh_key_name = {{ octavia_ssh_key_name }}
amp_ssh_access_allowed = {{ octavia_ssh_enabled }}
amp_boot_network_list = {{ octavia_neutron_management_network_uuid }}
amp_secgroup_list = {{ octavia_security_group_name }}
client_ca = /etc/octavia/certs/client_ca.pem
amphora_driver = {{ octavia_amphora_driver }}
compute_driver = {{ octavia_compute_driver }}
network_driver = {{ octavia_network_driver }}
{% if octavia_cinder_enabled %}
volume_driver = volume_cinder_driver
{% else %}
volume_driver = volume_noop_driver
{% endif %}
loadbalancer_topology = {{ octavia_loadbalancer_topology }}
[task_flow]
# engine = serial
max_workers = {{ octavia_task_flow_max_workers }}
[service_auth]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ octavia_keystone_auth_plugin }}
auth_url = {{ keystone_service_internaluri }}/v3
www_authenticate_uri = {{ keystone_service_internaluri }}/v3
auth_version = 3
project_domain_name = {{ octavia_service_project_domain_id }}
user_domain_name = {{ octavia_service_user_domain_id }}
project_name = {{ octavia_service_project_name }}
username = {{ octavia_service_user_name }}
password = {{ octavia_service_password }}
region_name = {{ keystone_service_region }}
auth_type = password
memcached_servers = {{ octavia_memcached_servers }}
endpoint_type = {{ octavia_clients_endpoint }}
token_cache_time = 300
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
[octavia]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
[nova]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
enable_anti_affinity = {{ octavia_enable_anti_affinity }}
{% if octavia_amp_availability_zone is defined %}availability_zone={{ octavia_amp_availability_zone }}{%endif%}
{% if octavia_cinder_enabled %}
[cinder]
service_name = {{ cinder_service_v3_name | default('cinderv3') }}
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
availability_zone = nova
volume_size = 16
volume_type = "volumes-hdd"
volume_create_retry_interval = 5
volume_create_timeout = 50
volume_create_max_retries = 2
{% endif %}
[glance]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
[neutron]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
View Git Blame Copy Permalink