| {%- set neutron = pillar.neutron.server %} |
| {%- from "neutron/map.jinja" import server with context %} |
| [DEFAULT] |
| # Print more verbose output (set logging level to INFO instead of default WARNING level). |
| # verbose = False |
| verbose = true |
| |
| # =========Start Global Config Option for Distributed L3 Router=============== |
| # Setting the "router_distributed" flag to "True" will default to the creation |
| # of distributed tenant routers. The admin can override this flag by specifying |
| # the type of the router on the create request (admin-only attribute). Default |
| # value is "False" to support legacy mode (centralized) routers. |
| # |
| # router_distributed = False |
| # |
| # ===========End Global Config Option for Distributed L3 Router=============== |
| |
| # Print debugging output (set logging level to DEBUG instead of default WARNING level). |
| # debug = False |
| |
| # Where to store Neutron state files. This directory must be writable by the |
| # user executing the agent. |
| # state_path = /var/lib/neutron |
| state_path = /var/lib/neutron |
| |
| # log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s |
| # log_date_format = %Y-%m-%d %H:%M:%S |
| |
| # use_syslog -> syslog |
| # log_file and log_dir -> log_dir/log_file |
| # (not log_file) and log_dir -> log_dir/{binary_name}.log |
| # use_stderr -> stderr |
| # (not user_stderr) and (not log_file) -> stdout |
| # publish_errors -> notification system |
| |
| # use_syslog = False |
| # syslog_log_facility = LOG_USER |
| |
| # use_stderr = True |
| # log_file = |
| # log_dir = |
| |
| # publish_errors = False |
| |
| # Address to bind the API server to |
| bind_host = {{ neutron.bind.address }} |
| |
| # Port the bind the API server to |
| # bind_port = 9696 |
| bind_port = {{ neutron.bind.port }} |
| |
| # Path to the extensions. Note that this can be a colon-separated list of |
| # paths. For example: |
| # api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions |
| # The __path__ of neutron.extensions is appended to this, so if your |
| # extensions are in there you don't need to specify them here |
| # api_extensions_path = |
| |
| # (StrOpt) Neutron core plugin entrypoint to be loaded from the |
| # neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the |
| # plugins included in the neutron source distribution. For compatibility with |
| # previous versions, the class name of a plugin can be specified instead of its |
| # entrypoint name. |
| # |
| #core_plugin = ml2 |
| # Example: core_plugin = ml2 |
| |
| {%- if server.backend.engine == "contrail" %} |
| core_plugin = neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2 |
| api_extensions_path = extensions:/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions:/usr/lib/python2.7/dist-packages/neutron_lbaas/extensions |
| {%- elif server.backend.engine == "midonet" %} |
| core_plugin = midonet.neutron.plugin_v2.MidonetPluginV2 |
| {%- endif %} |
| |
| # (ListOpt) List of service plugin entrypoints to be loaded from the |
| # neutron.service_plugins namespace. See setup.cfg for the entrypoint names of |
| # the plugins included in the neutron source distribution. For compatibility |
| # with previous versions, the class name of a plugin can be specified instead |
| # of its entrypoint name. |
| # |
| # service_plugins = |
| # Example: service_plugins = router,firewall,lbaas,vpnaas,metering |
| |
| {%- if server.backend.engine == "contrail" %} |
| service_plugins = neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin |
| {%- elif server.backend.engine == "midonet" %} |
| service_plugins = lbaas,midonet.neutron.services.l3.l3_midonet.MidonetL3ServicePlugin,midonet.neutron.services.firewall.plugin.MidonetFirewallPlugin |
| {%- endif %} |
| |
| # Paste configuration file |
| # api_paste_config = api-paste.ini |
| |
| # (StrOpt) Hostname to be used by the neutron server, agents and services |
| # running on this machine. All the agents and services running on this machine |
| # must use the same host value. |
| # The default value is hostname of the machine. |
| # |
| # host = |
| |
| # The strategy to be used for auth. |
| # Supported values are 'keystone'(default), 'noauth'. |
| # auth_strategy = keystone |
| auth_strategy = keystone |
| |
| # Base MAC address. The first 3 octets will remain unchanged. If the |
| # 4h octet is not 00, it will also be used. The others will be |
| # randomly generated. |
| # 3 octet |
| # base_mac = fa:16:3e:00:00:00 |
| # 4 octet |
| # base_mac = fa:16:3e:4f:00:00 |
| |
| # DVR Base MAC address. The first 3 octets will remain unchanged. If the |
| # 4th octet is not 00, it will also be used. The others will be randomly |
| # generated. The 'dvr_base_mac' *must* be different from 'base_mac' to |
| # avoid mixing them up with MAC's allocated for tenant ports. |
| # A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00 |
| # The default is 3 octet |
| # dvr_base_mac = fa:16:3f:00:00:00 |
| |
| # Maximum amount of retries to generate a unique MAC address |
| # mac_generation_retries = 16 |
| |
| # DHCP Lease duration (in seconds). Use -1 to |
| # tell dnsmasq to use infinite lease times. |
| # dhcp_lease_duration = 86400 |
| |
| # Allow sending resource operation notification to DHCP agent |
| # dhcp_agent_notification = True |
| |
| {%- if server.backend.engine == "midonet" %} |
| dhcp_agent_notification = False |
| {%- endif %} |
| |
| dns_domain = {{ neutron.dns_domain }} |
| |
| # Enable or disable bulk create/update/delete operations |
| # allow_bulk = True |
| # Enable or disable pagination |
| {% if server.get('allow_pagination', false) %} |
| allow_pagination = True |
| {% else %} |
| allow_pagination = False |
| {% endif %} |
| # Enable or disable sorting |
| # allow_sorting = False |
| # Enable or disable overlapping IPs for subnets |
| # Attention: the following parameter MUST be set to False if Neutron is |
| # being used in conjunction with nova security groups |
| # allow_overlapping_ips = False |
| allow_overlapping_ips = True |
| # Ensure that configured gateway is on subnet. For IPv6, validate only if |
| # gateway is not a link local address. Deprecated, to be removed during the |
| # K release, at which point the check will be mandatory. |
| # force_gateway_on_subnet = True |
| |
| # Default maximum number of items returned in a single response, |
| # value == infinite and value < 0 means no max limit, and value must |
| # be greater than 0. If the number of items requested is greater than |
| # pagination_max_limit, server will just return pagination_max_limit |
| # of number of items. |
| pagination_max_limit = {{ server.pagination_max_limit|default('-1') }} |
| |
| # Maximum number of DNS nameservers per subnet |
| # max_dns_nameservers = 5 |
| |
| # Maximum number of host routes per subnet |
| # max_subnet_host_routes = 20 |
| |
| # Maximum number of fixed ips per port |
| # max_fixed_ips_per_port = 5 |
| |
| # Maximum number of routes per router |
| # max_routes = 30 |
| |
| # Default Subnet Pool to be used for IPv4 subnet-allocation. |
| # Specifies by UUID the pool to be used in case of subnet-create being called |
| # without a subnet-pool ID. The default of None means that no pool will be |
| # used unless passed explicitly to subnet create. If no pool is used, then a |
| # CIDR must be passed to create a subnet and that subnet will not be allocated |
| # from any pool; it will be considered part of the tenant's private address |
| # space. |
| # default_ipv4_subnet_pool = |
| |
| # Default Subnet Pool to be used for IPv6 subnet-allocation. |
| # Specifies by UUID the pool to be used in case of subnet-create being |
| # called without a subnet-pool ID. Set to "prefix_delegation" |
| # to enable IPv6 Prefix Delegation in a PD-capable environment. |
| # See the description for default_ipv4_subnet_pool for more information. |
| # default_ipv6_subnet_pool = |
| |
| # =========== items for MTU selection and advertisement ============= |
| # Advertise MTU. If True, effort is made to advertise MTU |
| # settings to VMs via network methods (ie. DHCP and RA MTU options) |
| # when the network's preferred MTU is known. |
| # advertise_mtu = False |
| # ======== end of items for MTU selection and advertisement ========= |
| |
| # =========== items for agent management extension ============= |
| # Seconds to regard the agent as down; should be at least twice |
| # report_interval, to be sure the agent is down for good |
| # agent_down_time = 75 |
| # =========== end of items for agent management extension ===== |
| |
| # =========== items for agent scheduler extension ============= |
| # Driver to use for scheduling network to DHCP agent |
| # network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler |
| # Driver to use for scheduling router to a default L3 agent |
| # router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler |
| # Driver to use for scheduling a loadbalancer pool to an lbaas agent |
| # loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler |
| |
| # (StrOpt) Representing the resource type whose load is being reported by |
| # the agent. |
| # This can be 'networks','subnets' or 'ports'. When specified (Default is networks), |
| # the server will extract particular load sent as part of its agent configuration object |
| # from the agent report state, which is the number of resources being consumed, at |
| # every report_interval. |
| # dhcp_load_type can be used in combination with network_scheduler_driver = |
| # neutron.scheduler.dhcp_agent_scheduler.WeightScheduler |
| # When the network_scheduler_driver is WeightScheduler, dhcp_load_type can |
| # be configured to represent the choice for the resource being balanced. |
| # Example: dhcp_load_type = networks |
| # Values: |
| # networks - number of networks hosted on the agent |
| # subnets - number of subnets associated with the networks hosted on the agent |
| # ports - number of ports associated with the networks hosted on the agent |
| # dhcp_load_type = networks |
| |
| # Allow auto scheduling networks to DHCP agent. It will schedule non-hosted |
| # networks to first DHCP agent which sends get_active_networks message to |
| # neutron server |
| # network_auto_schedule = True |
| |
| # Allow auto scheduling routers to L3 agent. It will schedule non-hosted |
| # routers to first L3 agent which sends sync_routers message to neutron server |
| # router_auto_schedule = True |
| |
| # Allow automatic rescheduling of routers from dead L3 agents with |
| # admin_state_up set to True to alive agents. |
| # allow_automatic_l3agent_failover = False |
| |
| # Allow automatic removal of networks from dead DHCP agents with |
| # admin_state_up set to True. |
| # Networks could then be rescheduled if network_auto_schedule is True |
| # allow_automatic_dhcp_failover = True |
| |
| # Number of DHCP agents scheduled to host a network. This enables redundant |
| # DHCP agents for configured networks. |
| # dhcp_agents_per_network = 1 |
| |
| # Enable services on agents with admin_state_up False. |
| # If this option is False, when admin_state_up of an agent is turned to |
| # False, services on it will be disabled. If this option is True, services |
| # on agents with admin_state_up False keep available and manual scheduling |
| # to such agents is available. Agents with admin_state_up False are not |
| # selected for automatic scheduling regardless of this option. |
| # enable_services_on_agents_with_admin_state_down = False |
| |
| # =========== end of items for agent scheduler extension ===== |
| |
| # =========== items for l3 extension ============== |
| # Enable high availability for virtual routers. |
| # l3_ha = False |
| # |
| # Maximum number of l3 agents which a HA router will be scheduled on. If it |
| # is set to 0 the router will be scheduled on every agent. |
| # max_l3_agents_per_router = 3 |
| # |
| # Minimum number of l3 agents which a HA router will be scheduled on. The |
| # default value is 2. |
| # min_l3_agents_per_router = 2 |
| # |
| # CIDR of the administrative network if HA mode is enabled |
| # l3_ha_net_cidr = 169.254.192.0/18 |
| # =========== end of items for l3 extension ======= |
| |
| # =========== items for metadata proxy configuration ============== |
| # User (uid or name) running metadata proxy after its initialization |
| # (if empty: agent effective user) |
| # metadata_proxy_user = |
| |
| # Group (gid or name) running metadata proxy after its initialization |
| # (if empty: agent effective group) |
| # metadata_proxy_group = |
| |
| # Enable/Disable log watch by metadata proxy, it should be disabled when |
| # metadata_proxy_user/group is not allowed to read/write its log file and |
| # 'copytruncate' logrotate option must be used if logrotate is enabled on |
| # metadata proxy log files. Option default value is deduced from |
| # metadata_proxy_user: watch log is enabled if metadata_proxy_user is agent |
| # effective user id/name. |
| # metadata_proxy_watch_log = |
| |
| # Location of Metadata Proxy UNIX domain socket |
| # metadata_proxy_socket = $state_path/metadata_proxy |
| # =========== end of items for metadata proxy configuration ============== |
| |
| # ========== items for VLAN trunking networks ========== |
| # Setting this flag to True will allow plugins that support it to |
| # create VLAN transparent networks. This flag has no effect for |
| # plugins that do not support VLAN transparent networks. |
| # vlan_transparent = False |
| # ========== end of items for VLAN trunking networks ========== |
| |
| # =========== WSGI parameters related to the API server ============== |
| # Number of separate worker processes to spawn. The default, 0, runs the |
| # worker thread in the current process. Greater than 0 launches that number of |
| # child processes as workers. The parent process manages them. |
| # api_workers = 0 |
| {%- if server.api_workers is defined %} |
| api_workers = {{ server.api_workers }} |
| {%- endif %} |
| |
| # Number of separate RPC worker processes to spawn. The default, 0, runs the |
| # worker thread in the current process. Greater than 0 launches that number of |
| # child processes as RPC workers. The parent process manages them. |
| # This feature is experimental until issues are addressed and testing has been |
| # enabled for various plugins for compatibility. |
| # rpc_workers = 0 |
| {%- if server.rpc_workers is defined %} |
| rpc_workers = {{ server.rpc_workers }} |
| {%- endif %} |
| |
| # Timeout for client connections socket operations. If an |
| # incoming connection is idle for this number of seconds it |
| # will be closed. A value of '0' means wait forever. (integer |
| # value) |
| # client_socket_timeout = 900 |
| |
| # wsgi keepalive option. Determines if connections are allowed to be held open |
| # by clients after a request is fulfilled. A value of False will ensure that |
| # the socket connection will be explicitly closed once a response has been |
| # sent to the client. |
| # wsgi_keep_alive = True |
| |
| # Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when |
| # starting API server. Not supported on OS X. |
| # tcp_keepidle = 600 |
| |
| # Number of seconds to keep retrying to listen |
| # retry_until_window = 30 |
| |
| # Number of backlog requests to configure the socket with. |
| # backlog = 4096 |
| |
| # Max header line to accommodate large tokens |
| # max_header_line = 16384 |
| |
| # Enable SSL on the API server |
| # use_ssl = False |
| |
| # Certificate file to use when starting API server securely |
| # ssl_cert_file = /path/to/certfile |
| |
| # Private key file to use when starting API server securely |
| # ssl_key_file = /path/to/keyfile |
| |
| # CA certificate file to use when starting API server securely to |
| # verify connecting clients. This is an optional parameter only required if |
| # API clients need to authenticate to the API server using SSL certificates |
| # signed by a trusted CA |
| # ssl_ca_file = /path/to/cafile |
| # ======== end of WSGI parameters related to the API server ========== |
| |
| # ======== neutron nova interactions ========== |
| # Send notification to nova when port status is active. |
| # notify_nova_on_port_status_changes = True |
| notify_nova_on_port_status_changes = True |
| |
| # Send notifications to nova when port data (fixed_ips/floatingips) change |
| # so nova can update it's cache. |
| # notify_nova_on_port_data_changes = True |
| |
| {%- if server.backend.engine == "contrail" %} |
| # TEMPORARY BUG - cannot associate floating ips with notification port True. OpenStack Bug |
| notify_nova_on_port_data_changes = False |
| {%- elif server.backend.engine == "midonet" %} |
| notify_nova_on_port_data_changes = True |
| {%- endif %} |
| |
| # URL for connection to nova (Only supports one nova region currently). |
| # nova_url = http://127.0.0.1:8774/v2 |
| nova_url = http://{{ neutron.compute.host }}:8774/v2 |
| |
| # Name of nova region to use. Useful if keystone manages more than one region |
| # nova_region_name = |
| nova_region_name = {{ neutron.compute.region }} |
| |
| # Username for connection to nova in admin context |
| # nova_admin_username = |
| nova_admin_username = {{ neutron.compute.user }} |
| |
| # The uuid of the admin nova tenant |
| # nova_admin_tenant_id = |
| |
| # The name of the admin nova tenant. If the uuid of the admin nova tenant |
| # is set, this is optional. Useful for cases where the uuid of the admin |
| # nova tenant is not available when configuration is being done. |
| # nova_admin_tenant_name = |
| nova_admin_tenant_name = {{ neutron.compute.tenant }} |
| |
| # Password for connection to nova in admin context. |
| # nova_admin_password = |
| nova_admin_password = {{ neutron.compute.password }} |
| |
| # Authorization URL for connection to nova in admin context. |
| # nova_admin_auth_url = |
| nova_admin_auth_url = http://{{ neutron.identity.host }}:35357/v2.0 |
| |
| # CA file for novaclient to verify server certificates |
| # nova_ca_certificates_file = |
| |
| # Boolean to control ignoring SSL errors on the nova url |
| # nova_api_insecure = False |
| |
| # Number of seconds between sending events to nova if there are any events to send |
| # send_events_interval = 2 |
| send_events_interval = 2 |
| |
| # ======== end of neutron nova interactions ========== |
| |
| # |
| # Options defined in oslo.messaging |
| # |
| |
| # Use durable queues in amqp. (boolean value) |
| # Deprecated group/name - [DEFAULT]/rabbit_durable_queues |
| # amqp_durable_queues=false |
| |
| # Auto-delete queues in amqp. (boolean value) |
| # amqp_auto_delete=false |
| |
| # Size of RPC connection pool. (integer value) |
| # rpc_conn_pool_size=30 |
| |
| # Qpid broker hostname. (string value) |
| # qpid_hostname=localhost |
| |
| # Qpid broker port. (integer value) |
| # qpid_port=5672 |
| |
| # Qpid HA cluster host:port pairs. (list value) |
| # qpid_hosts=$qpid_hostname:$qpid_port |
| |
| # Username for Qpid connection. (string value) |
| # qpid_username= |
| |
| # Password for Qpid connection. (string value) |
| # qpid_password= |
| |
| # Space separated list of SASL mechanisms to use for auth. |
| # (string value) |
| # qpid_sasl_mechanisms= |
| |
| # Seconds between connection keepalive heartbeats. (integer |
| # value) |
| # qpid_heartbeat=60 |
| |
| # Transport to use, either 'tcp' or 'ssl'. (string value) |
| # qpid_protocol=tcp |
| |
| # Whether to disable the Nagle algorithm. (boolean value) |
| # qpid_tcp_nodelay=true |
| |
| # The qpid topology version to use. Version 1 is what was |
| # originally used by impl_qpid. Version 2 includes some |
| # backwards-incompatible changes that allow broker federation |
| # to work. Users should update to version 2 when they are |
| # able to take everything down, as it requires a clean break. |
| # (integer value) |
| # qpid_topology_version=1 |
| |
| # SSL version to use (valid only if SSL enabled). valid values |
| # are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some |
| # distributions. (string value) |
| # kombu_ssl_version= |
| |
| # SSL key file (valid only if SSL enabled). (string value) |
| # kombu_ssl_keyfile= |
| |
| # SSL cert file (valid only if SSL enabled). (string value) |
| # kombu_ssl_certfile= |
| |
| # SSL certification authority file (valid only if SSL |
| # enabled). (string value) |
| # kombu_ssl_ca_certs= |
| |
| # How long to wait before reconnecting in response to an AMQP |
| # consumer cancel notification. (floating point value) |
| # kombu_reconnect_delay=1.0 |
| |
| # The RabbitMQ broker address where a single node is used. |
| # (string value) |
| # rabbit_host=localhost |
| |
| # The RabbitMQ broker port where a single node is used. |
| # (integer value) |
| # rabbit_port=5672 |
| |
| # RabbitMQ HA cluster host:port pairs. (list value) |
| # rabbit_hosts=$rabbit_host:$rabbit_port |
| |
| # Connect over SSL for RabbitMQ. (boolean value) |
| # rabbit_use_ssl=false |
| |
| # The RabbitMQ userid. (string value) |
| # rabbit_userid=guest |
| |
| # The RabbitMQ password. (string value) |
| # rabbit_password=guest |
| |
| # the RabbitMQ login method (string value) |
| # rabbit_login_method=AMQPLAIN |
| |
| # The RabbitMQ virtual host. (string value) |
| # rabbit_virtual_host=/ |
| |
| # How frequently to retry connecting with RabbitMQ. (integer |
| # value) |
| # rabbit_retry_interval=1 |
| |
| # How long to backoff for between retries when connecting to |
| # RabbitMQ. (integer value) |
| # rabbit_retry_backoff=2 |
| |
| # Maximum number of RabbitMQ connection retries. Default is 0 |
| # (infinite retry count). (integer value) |
| # rabbit_max_retries=0 |
| |
| # Use HA queues in RabbitMQ (x-ha-policy: all). If you change |
| # this option, you must wipe the RabbitMQ database. (boolean |
| # value) |
| # rabbit_ha_queues=false |
| |
| # If passed, use a fake RabbitMQ provider. (boolean value) |
| # fake_rabbit=false |
| |
| # ZeroMQ bind address. Should be a wildcard (*), an ethernet |
| # interface, or IP. The "host" option should point or resolve |
| # to this address. (string value) |
| # rpc_zmq_bind_address=* |
| |
| # MatchMaker driver. (string value) |
| # rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost |
| |
| # ZeroMQ receiver listening port. (integer value) |
| # rpc_zmq_port=9501 |
| |
| # Number of ZeroMQ contexts, defaults to 1. (integer value) |
| # rpc_zmq_contexts=1 |
| |
| # Maximum number of ingress messages to locally buffer per |
| # topic. Default is unlimited. (integer value) |
| # rpc_zmq_topic_backlog= |
| |
| # Directory for holding IPC sockets. (string value) |
| # rpc_zmq_ipc_dir=/var/run/openstack |
| |
| # Name of this node. Must be a valid hostname, FQDN, or IP |
| # address. Must match "host" option, if running Nova. (string |
| # value) |
| # rpc_zmq_host=oslo |
| |
| # Seconds to wait before a cast expires (TTL). Only supported |
| # by impl_zmq. (integer value) |
| # rpc_cast_timeout=30 |
| rpc_cast_timeout=30 |
| |
| # Heartbeat frequency. (integer value) |
| # matchmaker_heartbeat_freq=300 |
| |
| # Heartbeat time-to-live. (integer value) |
| # matchmaker_heartbeat_ttl=600 |
| |
| # Size of RPC greenthread pool. (integer value) |
| # rpc_thread_pool_size=64 |
| rpc_thread_pool_size=70 |
| |
| # Driver or drivers to handle sending notifications. (multi |
| # valued) |
| # notification_driver= |
| {%- if server.notification is mapping %} |
| notification_driver = {{ server.notification.get('driver', 'messagingv2') }} |
| {%- if server.notification.topics is defined %} |
| notification_topics = {{ server.notification.topics }} |
| {%- endif %} |
| {%- elif server.notification %} |
| notification_driver = neutron.openstack.common.notifier.rpc_notifier |
| {%- endif %} |
| # AMQP topic used for OpenStack notifications. (list value) |
| # Deprecated group/name - [rpc_notifier2]/topics |
| # notification_topics=notifications |
| |
| # Seconds to wait for a response from a call. (integer value) |
| # rpc_response_timeout=60 |
| rpc_response_timeout=60 |
| |
| # A URL representing the messaging driver to use and its full |
| # configuration. If not set, we fall back to the rpc_backend |
| # option and driver specific configuration. (string value) |
| # transport_url= |
| |
| # The messaging driver to use, defaults to rabbit. Other |
| # drivers include qpid and zmq. (string value) |
| # rpc_backend=rabbit |
| rpc_backend=rabbit |
| |
| # The default exchange under which topics are scoped. May be |
| # overridden by an exchange name specified in the |
| # transport_url option. (string value) |
| # control_exchange=openstack |
| |
| |
| [matchmaker_redis] |
| |
| # |
| # Options defined in oslo.messaging |
| # |
| |
| # Host to locate redis. (string value) |
| # host=127.0.0.1 |
| |
| # Use this port to connect to redis host. (integer value) |
| # port=6379 |
| |
| # Password for Redis server (optional). (string value) |
| # password= |
| |
| |
| [matchmaker_ring] |
| |
| # |
| # Options defined in oslo.messaging |
| # |
| |
| # Matchmaker ring file (JSON). (string value) |
| # Deprecated group/name - [DEFAULT]/matchmaker_ringfile |
| # ringfile=/etc/oslo/matchmaker_ring.json |
| |
| [quotas] |
| # Default driver to use for quota checks |
| # quota_driver = neutron.db.quota_db.DbQuotaDriver |
| |
| {%- if server.backend.engine == "contrail" %} |
| quota_driver = neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver |
| {%- endif %} |
| |
| # Resource name(s) that are supported in quota features |
| # quota_items = network,subnet,port |
| |
| # Default number of resource allowed per tenant. A negative value means |
| # unlimited. |
| # default_quota = -1 |
| |
| # Number of networks allowed per tenant. A negative value means unlimited. |
| # quota_network = 10 |
| |
| # Number of subnets allowed per tenant. A negative value means unlimited. |
| # quota_subnet = 10 |
| |
| # Number of ports allowed per tenant. A negative value means unlimited. |
| # quota_port = 50 |
| |
| # Number of security groups allowed per tenant. A negative value means |
| # unlimited. |
| # quota_security_group = 10 |
| |
| # Number of security group rules allowed per tenant. A negative value means |
| # unlimited. |
| # quota_security_group_rule = 100 |
| |
| # Number of vips allowed per tenant. A negative value means unlimited. |
| # quota_vip = 10 |
| |
| # Number of pools allowed per tenant. A negative value means unlimited. |
| # quota_pool = 10 |
| |
| # Number of pool members allowed per tenant. A negative value means unlimited. |
| # The default is unlimited because a member is not a real resource consumer |
| # on Openstack. However, on back-end, a member is a resource consumer |
| # and that is the reason why quota is possible. |
| # quota_member = -1 |
| |
| # Number of health monitors allowed per tenant. A negative value means |
| # unlimited. |
| # The default is unlimited because a health monitor is not a real resource |
| # consumer on Openstack. However, on back-end, a member is a resource consumer |
| # and that is the reason why quota is possible. |
| # quota_health_monitor = -1 |
| |
| # Number of loadbalancers allowed per tenant. A negative value means unlimited. |
| # quota_loadbalancer = 10 |
| |
| # Number of listeners allowed per tenant. A negative value means unlimited. |
| # quota_listener = -1 |
| |
| # Number of v2 health monitors allowed per tenant. A negative value means |
| # unlimited. These health monitors exist under the lbaas v2 API |
| # quota_healthmonitor = -1 |
| |
| # Number of routers allowed per tenant. A negative value means unlimited. |
| # quota_router = 10 |
| |
| # Number of floating IPs allowed per tenant. A negative value means unlimited. |
| # quota_floatingip = 50 |
| |
| # Number of firewalls allowed per tenant. A negative value means unlimited. |
| # quota_firewall = 1 |
| |
| # Number of firewall policies allowed per tenant. A negative value means |
| # unlimited. |
| # quota_firewall_policy = 1 |
| |
| # Number of firewall rules allowed per tenant. A negative value means |
| # unlimited. |
| # quota_firewall_rule = 100 |
| |
| [agent] |
| # Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real |
| # root filter facility. |
| # Change to "sudo" to skip the filtering and just run the command directly |
| root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf |
| |
| # Set to true to add comments to generated iptables rules that describe |
| # each rule's purpose. (System must support the iptables comments module.) |
| # comment_iptables_rules = True |
| |
| # Root helper daemon application to use when possible. |
| # root_helper_daemon = |
| |
| # Use the root helper when listing the namespaces on a system. This may not |
| # be required depending on the security configuration. If the root helper is |
| # not required, set this to False for a performance improvement. |
| # use_helper_for_ns_read = True |
| |
| # The interval to check external processes for failure in seconds (0=disabled) |
| # check_child_processes_interval = 60 |
| |
| # Action to take when an external process spawned by an agent dies |
| # Values: |
| # respawn - Respawns the external process |
| # exit - Exits the agent |
| # check_child_processes_action = respawn |
| |
| # =========== items for agent management extension ============= |
| # seconds between nodes reporting state to server; should be less than |
| # agent_down_time, best if it is half or less than agent_down_time |
| # report_interval = 30 |
| |
| # =========== end of items for agent management extension ===== |
| |
| [keystone_authtoken] |
| |
| identity_uri = http://{{ neutron.identity.host }}:5000 |
| auth_host = {{ neutron.identity.host }} |
| auth_port = {{ neutron.identity.port }} |
| auth_protocol = http |
| admin_tenant_name = {{ neutron.identity.tenant }} |
| admin_user = {{ neutron.identity.user }} |
| admin_password = {{ neutron.identity.password }} |
| auth_uri=http://{{ neutron.identity.host }}:5000 |
| auth_url=http://{{ neutron.identity.host }}:35357 |
| auth_region={{ neutron.identity.region }} |
| |
| [database] |
| # This line MUST be changed to actually run the plugin. |
| # Example: |
| |
| {%- if server.backend.engine == "contrail" %} |
| connection = sqlite:////var/lib/neutron/neutron.sqlite |
| {%- elif server.backend.engine == "midonet" %} |
| connection = {{ server.database.engine }}://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }} |
| {%- endif %} |
| |
| # Replace 127.0.0.1 above with the IP address of the database used by the |
| # main neutron server. (Leave it as is if the database runs on this host.) |
| # connection = sqlite:// |
| # NOTE: In deployment the [database] section and its connection attribute may |
| # be set in the corresponding core plugin '.ini' file. However, it is suggested |
| # to put the [database] section and its connection attribute in this |
| # configuration file. |
| |
| # Database engine for which script will be generated when using offline |
| # migration |
| # engine = |
| |
| # The SQLAlchemy connection string used to connect to the slave database |
| # slave_connection = |
| |
| # Database reconnection retry times - in event connectivity is lost |
| # set to -1 implies an infinite retry count |
| # max_retries = 10 |
| |
| # Database reconnection interval in seconds - if the initial connection to the |
| # database fails |
| # retry_interval = 10 |
| |
| # Minimum number of SQL connections to keep open in a pool |
| # min_pool_size = 1 |
| |
| # Maximum number of SQL connections to keep open in a pool |
| # max_pool_size = 10 |
| |
| # Timeout in seconds before idle sql connections are reaped |
| # idle_timeout = 3600 |
| |
| # If set, use this value for max_overflow with sqlalchemy |
| # max_overflow = 20 |
| |
| # Verbosity of SQL debugging information. 0=None, 100=Everything |
| # connection_debug = 0 |
| |
| # Add python stack traces to SQL as comment strings |
| # connection_trace = False |
| |
| # If set, use this value for pool_timeout with sqlalchemy |
| # pool_timeout = 10 |
| |
| [nova] |
| # Name of the plugin to load |
| # auth_plugin = |
| auth_plugin = password |
| |
| # Config Section from which to load plugin specific options |
| # auth_section = |
| |
| # PEM encoded Certificate Authority to use when verifying HTTPs connections. |
| # cafile = |
| |
| # PEM encoded client certificate cert file |
| # certfile = |
| |
| # Verify HTTPS connections. |
| # insecure = False |
| |
| # PEM encoded client certificate key file |
| # keyfile = |
| |
| # Name of nova region to use. Useful if keystone manages more than one region. |
| # region_name = |
| |
| # Timeout value for http requests |
| # timeout = |
| |
| [oslo_concurrency] |
| |
| # Directory to use for lock files. For security, the specified directory should |
| # only be writable by the user running the processes that need locking. |
| # Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, |
| # a lock path must be set. |
| lock_path = $state_path/lock |
| |
| # Enables or disables inter-process locks. |
| # disable_process_locking = False |
| |
| [oslo_policy] |
| |
| # The JSON file that defines policies. |
| # policy_file = policy.json |
| |
| # Default rule. Enforced when a requested rule is not found. |
| # policy_default_rule = default |
| |
| # Directories where policy configuration files are stored. |
| # They can be relative to any directory in the search path defined by the |
| # config_dir option, or absolute paths. The file defined by policy_file |
| # must exist for these directories to be searched. Missing or empty |
| # directories are ignored. |
| # policy_dirs = policy.d |
| |
| [oslo_messaging_amqp] |
| |
| # |
| # From oslo.messaging |
| # |
| |
| # Address prefix used when sending to a specific server (string value) |
| # Deprecated group/name - [amqp1]/server_request_prefix |
| # server_request_prefix = exclusive |
| |
| # Address prefix used when broadcasting to all servers (string value) |
| # Deprecated group/name - [amqp1]/broadcast_prefix |
| # broadcast_prefix = broadcast |
| |
| # Address prefix when sending to any server in group (string value) |
| # Deprecated group/name - [amqp1]/group_request_prefix |
| # group_request_prefix = unicast |
| |
| # Name for the AMQP container (string value) |
| # Deprecated group/name - [amqp1]/container_name |
| # container_name = |
| |
| # Timeout for inactive connections (in seconds) (integer value) |
| # Deprecated group/name - [amqp1]/idle_timeout |
| # idle_timeout = 0 |
| |
| # Debug: dump AMQP frames to stdout (boolean value) |
| # Deprecated group/name - [amqp1]/trace |
| # trace = false |
| |
| # CA certificate PEM file for verifing server certificate (string value) |
| # Deprecated group/name - [amqp1]/ssl_ca_file |
| # ssl_ca_file = |
| |
| # Identifying certificate PEM file to present to clients (string value) |
| # Deprecated group/name - [amqp1]/ssl_cert_file |
| # ssl_cert_file = |
| |
| # Private key PEM file used to sign cert_file certificate (string value) |
| # Deprecated group/name - [amqp1]/ssl_key_file |
| # ssl_key_file = |
| |
| # Password for decrypting ssl_key_file (if encrypted) (string value) |
| # Deprecated group/name - [amqp1]/ssl_key_password |
| # ssl_key_password = |
| |
| # Accept clients using either SSL or plain TCP (boolean value) |
| # Deprecated group/name - [amqp1]/allow_insecure_clients |
| # allow_insecure_clients = false |
| |
| |
| [oslo_messaging_qpid] |
| |
| # |
| # From oslo.messaging |
| # |
| |
| # Use durable queues in AMQP. (boolean value) |
| # Deprecated group/name - [DEFAULT]/rabbit_durable_queues |
| # amqp_durable_queues = false |
| |
| # Auto-delete queues in AMQP. (boolean value) |
| # Deprecated group/name - [DEFAULT]/amqp_auto_delete |
| # amqp_auto_delete = false |
| |
| # Size of RPC connection pool. (integer value) |
| # Deprecated group/name - [DEFAULT]/rpc_conn_pool_size |
| # rpc_conn_pool_size = 30 |
| |
| # Qpid broker hostname. (string value) |
| # Deprecated group/name - [DEFAULT]/qpid_hostname |
| # qpid_hostname = localhost |
| |
| # Qpid broker port. (integer value) |
| # Deprecated group/name - [DEFAULT]/qpid_port |
| # qpid_port = 5672 |
| |
| # Qpid HA cluster host:port pairs. (list value) |
| # Deprecated group/name - [DEFAULT]/qpid_hosts |
| # qpid_hosts = $qpid_hostname:$qpid_port |
| |
| # Username for Qpid connection. (string value) |
| # Deprecated group/name - [DEFAULT]/qpid_username |
| # qpid_username = |
| |
| # Password for Qpid connection. (string value) |
| # Deprecated group/name - [DEFAULT]/qpid_password |
| # qpid_password = |
| |
| # Space separated list of SASL mechanisms to use for auth. (string value) |
| # Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms |
| # qpid_sasl_mechanisms = |
| |
| # Seconds between connection keepalive heartbeats. (integer value) |
| # Deprecated group/name - [DEFAULT]/qpid_heartbeat |
| # qpid_heartbeat = 60 |
| |
| # Transport to use, either 'tcp' or 'ssl'. (string value) |
| # Deprecated group/name - [DEFAULT]/qpid_protocol |
| # qpid_protocol = tcp |
| |
| # Whether to disable the Nagle algorithm. (boolean value) |
| # Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay |
| # qpid_tcp_nodelay = true |
| |
| # The number of prefetched messages held by receiver. (integer value) |
| # Deprecated group/name - [DEFAULT]/qpid_receiver_capacity |
| # qpid_receiver_capacity = 1 |
| |
| # The qpid topology version to use. Version 1 is what was originally used by |
| # impl_qpid. Version 2 includes some backwards-incompatible changes that allow |
| # broker federation to work. Users should update to version 2 when they are |
| # able to take everything down, as it requires a clean break. (integer value) |
| # Deprecated group/name - [DEFAULT]/qpid_topology_version |
| # qpid_topology_version = 1 |
| |
| |
| [oslo_messaging_rabbit] |
| |
| # |
| # From oslo.messaging |
| # |
| |
| # Use durable queues in AMQP. (boolean value) |
| # Deprecated group/name - [DEFAULT]/rabbit_durable_queues |
| # amqp_durable_queues = false |
| |
| # Auto-delete queues in AMQP. (boolean value) |
| # Deprecated group/name - [DEFAULT]/amqp_auto_delete |
| # amqp_auto_delete = false |
| |
| # Size of RPC connection pool. (integer value) |
| # Deprecated group/name - [DEFAULT]/rpc_conn_pool_size |
| rpc_conn_pool_size = 40 |
| |
| # SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and |
| # SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some |
| # distributions. (string value) |
| # Deprecated group/name - [DEFAULT]/kombu_ssl_version |
| # kombu_ssl_version = |
| |
| # SSL key file (valid only if SSL enabled). (string value) |
| # Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile |
| # kombu_ssl_keyfile = |
| |
| # SSL cert file (valid only if SSL enabled). (string value) |
| # Deprecated group/name - [DEFAULT]/kombu_ssl_certfile |
| # kombu_ssl_certfile = |
| |
| # SSL certification authority file (valid only if SSL enabled). (string value) |
| # Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs |
| # kombu_ssl_ca_certs = |
| |
| # How long to wait before reconnecting in response to an AMQP consumer cancel |
| # notification. (floating point value) |
| # Deprecated group/name - [DEFAULT]/kombu_reconnect_delay |
| # kombu_reconnect_delay = 1.0 |
| |
| # The RabbitMQ broker address where a single node is used. (string value) |
| # Deprecated group/name - [DEFAULT]/rabbit_host |
| # rabbit_host = localhost |
| |
| {%- if server.message_queue.members is defined %} |
| rabbit_hosts = {% for member in server.message_queue.members -%} |
| {{ member.host }}:{{ member.get('port', 5672) }} |
| {%- if not loop.last -%},{%- endif -%} |
| {%- endfor -%} |
| {%- else %} |
| rabbit_host = {{ server.message_queue.host }} |
| rabbit_port = {{ server.message_queue.port }} |
| {%- endif %} |
| |
| rabbit_userid = {{ neutron.message_queue.user }} |
| rabbit_password = {{ neutron.message_queue.password }} |
| rabbit_virtual_host = {{ neutron.message_queue.virtual_host }} |
| |
| |
| rabbit_retry_interval = 1 |
| |
| rabbit_retry_backoff = 2 |
| |
| rabbit_max_retries = 0 |
| |
| # Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you |
| # must wipe the RabbitMQ database. (boolean value) |
| # Deprecated group/name - [DEFAULT]/rabbit_ha_queues |
| # rabbit_ha_queues = false |
| |
| # Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) |
| # Deprecated group/name - [DEFAULT]/fake_rabbit |
| # fake_rabbit = false |
| [QUOTAS] |
| quota_network = -1 |
| quota_subnet = -1 |
| quota_port = -1 |
| |
| [NOVA] |
| {%- if server.backend.engine == "contrail" %} |
| vif_types = vrouter |
| {%- endif %} |
| |
| [service_providers] |
| {%- if server.backend.engine == "contrail" %} |
| service_provider = LOADBALANCER:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDriver:default |
| {%- elif server.backend.engine == "midonet" %} |
| service_provider = LOADBALANCER:Midonet:midonet.neutron.services.loadbalancer.driver.MidonetLoadbalancerDriver:default |
| {%- endif %} |
| |
| {% if server.backend.engine == "contrail" %} |
| {% include "neutron/files/"+server.version+"/ContrailPlugin.ini" %} |
| {% endif %} |