| {%- from "neutron/map.jinja" import fwaas, server with context %} |
| [DEFAULT] |
| |
| # |
| # From neutron |
| # |
| |
| # Where to store Neutron state files. This directory must be writable by the |
| # agent. (string value) |
| #state_path = /var/lib/neutron |
| state_path = /var/lib/neutron |
| |
| # The host IP to bind to. (unknown value) |
| #bind_host = 0.0.0.0 |
| bind_host = {{ server.bind.address }} |
| |
| # The port to bind to (port value) |
| # Minimum value: 0 |
| # Maximum value: 65535 |
| #bind_port = 9696 |
| bind_port = {{ server.bind.port }} |
| |
| # The path for API extensions. Note that this can be a colon-separated list of |
| # paths. For example: api_extensions_path = |
| # extensions:/path/to/more/exts:/even/more/exts. The __path__ of |
| # neutron.extensions is appended to this, so if your extensions are in there |
| # you don't need to specify them here. (string value) |
| #api_extensions_path = |
| |
| # The type of authentication to use (string value) |
| #auth_strategy = keystone |
| auth_strategy = keystone |
| |
| {%- if server.core_plugin is defined %} |
| core_plugin = {{ server.core_plugin }} |
| {%- if server.service_plugins is defined %} |
| {%- set service_plugins = [] %} |
| {%- for sname,service in server.service_plugins.iteritems() %} |
| {%- if service.enabled%} |
| {%- do service_plugins.append(sname)%} |
| {%- endif %} |
| {%- endfor %} |
| service_plugins = {{ ','.join(service_plugins) }} |
| {%- endif %} |
| {%- else %} |
| |
| {% if server.backend.engine == "contrail" %} |
| |
| api_extensions_path = extensions:/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions:/usr/lib/python2.7/dist-packages/neutron_lbaas/extensions |
| # The core plugin Neutron will use (string value) |
| core_plugin = neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2 |
| |
| service_plugins = neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2 |
| |
| {% elif server.backend.engine in ["ml2", "ovn"] %} |
| |
| core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin |
| |
| {% if server.backend.engine == "ml2" %} |
| {% set l3_plugin = 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' %} |
| {% elif server.backend.engine == "ovn" %} |
| {% set l3_plugin = 'networking_ovn.l3.l3_ovn.OVNL3RouterPlugin' %} |
| {% endif %} |
| |
| service_plugins = {{ server.backend.get('router', l3_plugin)}},metering |
| {%- if fwaas.get('enabled', False) -%},{{ fwaas[fwaas.api_version]['service_plugin'] }}{%- endif -%} |
| {%- if server.get('qos', 'True') -%},neutron.services.qos.qos_plugin.QoSPlugin{%- endif -%} |
| {%- if server.get('vlan_aware_vms', False) -%},trunk{%- endif -%} |
| {%- if server.l2gw is defined and server.l2gw.get('enabled', False) -%},networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin{%- endif -%} |
| {%- if server.get('bgp_vpn', {}).get('enabled', False) -%},bgpvpn{%- endif -%} |
| {%- if server.get('sfc', {}).get('enabled', False) -%},flow_classifier,sfc{%- endif -%} |
| |
| {% endif %} |
| {%- endif %} |
| |
| # The service plugins Neutron will use (list value) |
| #service_plugins = |
| |
| # The base MAC address Neutron will use for VIFs. The first 3 octets will |
| # remain unchanged. If the 4th octet is not 00, it will also be used. The |
| # others will be randomly generated. (string value) |
| #base_mac = fa:16:3e:00:00:00 |
| {%- if server.base_mac is defined %} |
| base_mac = {{ server.base_mac }} |
| {%- endif %} |
| |
| # Allow the usage of the bulk API (boolean value) |
| #allow_bulk = true |
| |
| # The maximum number of items returned in a single response, value was |
| # 'infinite' or negative integer means no limit (string value) |
| #pagination_max_limit = -1 |
| pagination_max_limit = {{ server.pagination_max_limit|default('-1') }} |
| |
| # Default value of availability zone hints. The availability zone aware |
| # schedulers use this when the resources availability_zone_hints is empty. |
| # Multiple availability zones can be specified by a comma separated string. |
| # This value can be empty. In this case, even if availability_zone_hints for a |
| # resource is empty, availability zone is considered for high availability |
| # while scheduling the resource. (list value) |
| #default_availability_zones = |
| |
| # Maximum number of DNS nameservers per subnet (integer value) |
| #max_dns_nameservers = 5 |
| |
| # Maximum number of host routes per subnet (integer value) |
| #max_subnet_host_routes = 20 |
| |
| # Enables IPv6 Prefix Delegation for automatic subnet CIDR allocation. Set to |
| # True to enable IPv6 Prefix Delegation for subnet allocation in a PD-capable |
| # environment. Users making subnet creation requests for IPv6 subnets without |
| # providing a CIDR or subnetpool ID will be given a CIDR via the Prefix |
| # Delegation mechanism. Note that enabling PD will override the behavior of the |
| # default IPv6 subnetpool. (boolean value) |
| #ipv6_pd_enabled = false |
| |
| # DHCP lease duration (in seconds). Use -1 to tell dnsmasq to use infinite |
| # lease times. (integer value) |
| #dhcp_lease_duration = 86400 |
| dhcp_lease_duration = {{ server.dhcp_lease_duration|default('600') }} |
| |
| # Domain to use for building the hostnames (string value) |
| #dns_domain = openstacklocal |
| dns_domain = {{ server.dns_domain }} |
| |
| # Driver for external DNS integration. (string value) |
| #external_dns_driver = <None> |
| {%- if server.backend.get('extension', {}).get('dns', {}).get('enabled', False) %} |
| external_dns_driver={{ server.backend.get('extension', {}).get('dns', {}).get('engine', '') }} |
| {%- endif %} |
| |
| # Allow sending resource operation notification to DHCP agent (boolean value) |
| #dhcp_agent_notification = true |
| |
| # Allow overlapping IP support in Neutron. Attention: the following parameter |
| # MUST be set to False if Neutron is being used in conjunction with Nova |
| # security groups. (boolean value) |
| #allow_overlapping_ips = false |
| allow_overlapping_ips = True |
| |
| # Hostname to be used by the Neutron server, agents and services running on |
| # this machine. All the agents and services running on this machine must use |
| # the same host value. (unknown value) |
| #host = example.domain |
| |
| # This string is prepended to the normal URL that is returned in links to the |
| # OpenStack Network API. If it is empty (the default), the URLs are returned |
| # unchanged. (string value) |
| #network_link_prefix = <None> |
| |
| # Send notification to nova when port status changes (boolean value) |
| #notify_nova_on_port_status_changes = true |
| notify_nova_on_port_status_changes = true |
| |
| # Send notification to nova when port data (fixed_ips/floatingip) changes so |
| # nova can update its cache. (boolean value) |
| #notify_nova_on_port_data_changes = true |
| notify_nova_on_port_data_changes = true |
| |
| # Number of seconds between sending events to nova if there are any events to |
| # send. (integer value) |
| #send_events_interval = 2 |
| |
| # Neutron IPAM (IP address management) driver to use. By default, the reference |
| # implementation of the Neutron IPAM driver is used. (string value) |
| #ipam_driver = internal |
| |
| # If True, then allow plugins that support it to create VLAN transparent |
| # networks. (boolean value) |
| #vlan_transparent = false |
| |
| # MTU of the underlying physical network. Neutron uses this value to calculate |
| # MTU for all virtual network components. For flat and VLAN networks, neutron |
| # uses this value without modification. For overlay networks such as VXLAN, |
| # neutron automatically subtracts the overlay protocol overhead from this |
| # value. Defaults to 1500, the standard value for Ethernet. (integer value) |
| # Deprecated group/name - [ml2]/segment_mtu |
| #global_physnet_mtu = 1500 |
| global_physnet_mtu = {{ server.get('global_physnet_mtu', '1500') }} |
| |
| # Number of backlog requests to configure the socket with (integer value) |
| #backlog = 4096 |
| |
| # Number of seconds to keep retrying to listen (integer value) |
| #retry_until_window = 30 |
| |
| # Enable SSL on the API server (boolean value) |
| #use_ssl = false |
| |
| # Seconds between running periodic tasks. (integer value) |
| #periodic_interval = 40 |
| |
| # Number of separate API worker processes for service. If not specified, the |
| # default is equal to the number of CPUs available for best performance. |
| # (integer value) |
| #api_workers = <None> |
| {%- if server.api_workers is defined %} |
| api_workers = {{ server.api_workers }} |
| {%- endif %} |
| |
| # Number of RPC worker processes for service. (integer value) |
| #rpc_workers = 1 |
| {%- if server.rpc_workers is defined %} |
| rpc_workers = {{ server.rpc_workers }} |
| {%- else %} |
| rpc_workers = {{ grains.num_cpus }} |
| {%- endif %} |
| |
| |
| # Number of RPC worker processes dedicated to state reports queue. (integer |
| # value) |
| #rpc_state_report_workers = 1 |
| {%- if server.rpc_state_report_workers is defined %} |
| rpc_state_report_workers = {{ server.rpc_state_report_workers }} |
| {%- else %} |
| rpc_state_report_workers = 4 |
| {%- endif %} |
| |
| # Range of seconds to randomly delay when starting the periodic task scheduler |
| # to reduce stampeding. (Disable by setting to 0) (integer value) |
| #periodic_fuzzy_delay = 5 |
| |
| # |
| # From neutron.agent |
| # |
| |
| # The driver used to manage the virtual interface. (string value) |
| #interface_driver = <None> |
| |
| # Location for Metadata Proxy UNIX domain socket. (string value) |
| #metadata_proxy_socket = $state_path/metadata_proxy |
| |
| # User (uid or name) running metadata proxy after its initialization (if empty: |
| # agent effective user). (string value) |
| #metadata_proxy_user = |
| |
| # Group (gid or name) running metadata proxy after its initialization (if |
| # empty: agent effective group). (string value) |
| #metadata_proxy_group = |
| |
| # |
| # From neutron.db |
| # |
| |
| # Seconds to regard the agent is down; should be at least twice |
| # report_interval, to be sure the agent is down for good. (integer value) |
| #agent_down_time = 75 |
| |
| # Representing the resource type whose load is being reported by the agent. |
| # This can be "networks", "subnets" or "ports". When specified (Default is |
| # networks), the server will extract particular load sent as part of its agent |
| # configuration object from the agent report state, which is the number of |
| # resources being consumed, at every report_interval.dhcp_load_type can be used |
| # in combination with network_scheduler_driver = |
| # neutron.scheduler.dhcp_agent_scheduler.WeightScheduler When the |
| # network_scheduler_driver is WeightScheduler, dhcp_load_type can be configured |
| # to represent the choice for the resource being balanced. Example: |
| # dhcp_load_type=networks (string value) |
| # Possible values: |
| # networks - <No description provided> |
| # subnets - <No description provided> |
| # ports - <No description provided> |
| #dhcp_load_type = networks |
| |
| # Agent starts with admin_state_up=False when enable_new_agents=False. In the |
| # case, user's resources will not be scheduled automatically to the agent until |
| # admin changes admin_state_up to True. (boolean value) |
| #enable_new_agents = true |
| |
| # Maximum number of routes per router (integer value) |
| #max_routes = 30 |
| |
| # Define the default value of enable_snat if not provided in |
| # external_gateway_info. (boolean value) |
| #enable_snat_by_default = true |
| |
| # Driver to use for scheduling network to DHCP agent (string value) |
| #network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.WeightScheduler |
| |
| # Allow auto scheduling networks to DHCP agent. (boolean value) |
| #network_auto_schedule = true |
| |
| # Automatically remove networks from offline DHCP agents. (boolean value) |
| #allow_automatic_dhcp_failover = true |
| |
| # Number of DHCP agents scheduled to host a tenant network. If this number is |
| # greater than 1, the scheduler automatically assigns multiple DHCP agents for |
| # a given tenant network, providing high availability for DHCP service. |
| # (integer value) |
| #dhcp_agents_per_network = 1 |
| dhcp_agents_per_network = 2 |
| |
| # Enable services on an agent with admin_state_up False. If this option is |
| # False, when admin_state_up of an agent is turned False, services on it will |
| # be disabled. Agents with admin_state_up False are not selected for automatic |
| # scheduling regardless of this option. But manual scheduling to such agents is |
| # available if this option is True. (boolean value) |
| #enable_services_on_agents_with_admin_state_down = false |
| |
| # The base mac address used for unique DVR instances by Neutron. The first 3 |
| # octets will remain unchanged. If the 4th octet is not 00, it will also be |
| # used. The others will be randomly generated. The 'dvr_base_mac' *must* be |
| # different from 'base_mac' to avoid mixing them up with MAC's allocated for |
| # tenant ports. A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00. |
| # The default is 3 octet (string value) |
| #dvr_base_mac = fa:16:3f:00:00:00 |
| {%- if server.dvr_base_mac is defined %} |
| {%- if server.base_mac is defined %} |
| {%- if server.base_mac != server.dvr_base_mac %} |
| dvr_base_mac = {{ server.dvr_base_mac }} |
| {%- endif %} |
| {%- else %} |
| dvr_base_mac = {{ server.dvr_base_mac }} |
| {%- endif %} |
| {%- endif %} |
| |
| # System-wide flag to determine the type of router that tenants can create. |
| # Only admin can override. (boolean value) |
| #router_distributed = false |
| router_distributed = {{ server.get('dvr', 'False') }} |
| |
| # Determine if setup is configured for DVR. If False, DVR API extension will be |
| # disabled. (boolean value) |
| #enable_dvr = true |
| enable_dvr = {{ server.get('dvr', 'False') }} |
| |
| # Driver to use for scheduling router to a default L3 agent (string value) |
| #router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler |
| router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler |
| |
| # Allow auto scheduling of routers to L3 agent. (boolean value) |
| #router_auto_schedule = true |
| |
| # Automatically reschedule routers from offline L3 agents to online L3 agents. |
| # (boolean value) |
| #allow_automatic_l3agent_failover = false |
| allow_automatic_l3agent_failover = true |
| |
| # Enable HA mode for virtual routers. (boolean value) |
| #l3_ha = false |
| l3_ha = {{ server.get('l3_ha', 'False') }} |
| |
| # Maximum number of L3 agents which a HA router will be scheduled on. If it is |
| # set to 0 then the router will be scheduled on every agent. (integer value) |
| #max_l3_agents_per_router = 3 |
| max_l3_agents_per_router = 0 |
| |
| # Subnet used for the l3 HA admin network. (string value) |
| #l3_ha_net_cidr = 169.254.192.0/18 |
| |
| # The network type to use when creating the HA network for an HA router. By |
| # default or if empty, the first 'tenant_network_types' is used. This is |
| # helpful when the VRRP traffic should use a specific network which is not the |
| # default one. (string value) |
| #l3_ha_network_type = |
| |
| # The physical network name with which the HA network can be created. (string |
| # value) |
| #l3_ha_network_physical_name = |
| |
| # |
| # From neutron.extensions |
| # |
| |
| # Maximum number of allowed address pairs (integer value) |
| #max_allowed_address_pair = 10 |
| |
| {%- if server.logging is defined %} |
| {%- set _data = server.logging %} |
| {%- include "oslo_templates/files/queens/oslo/_log.conf" %} |
| {%- endif %} |
| |
| |
| {%- set _data = server.message_queue %} |
| {%- include "oslo_templates/files/queens/oslo/messaging/_default.conf" %} |
| |
| {%- set _data = {} %} |
| {%- include "oslo_templates/files/queens/oslo/service/_wsgi_default.conf" %} |
| |
| nova_url = http://{{ server.compute.host }}:8774/v2 |
| |
| |
| [agent] |
| |
| # |
| # From neutron.agent |
| # |
| |
| # Root helper application. Use 'sudo neutron-rootwrap |
| # /etc/neutron/rootwrap.conf' to use the real root filter facility. Change to |
| # 'sudo' to skip the filtering and just run the command directly. (string |
| # value) |
| #root_helper_daemon = <None> |
| root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf |
| |
| # Use the root helper when listing the namespaces on a system. This may not be |
| # required depending on the security configuration. If the root helper is not |
| # required, set this to False for a performance improvement. (boolean value) |
| #use_helper_for_ns_read = true |
| |
| # Root helper daemon application to use when possible. For the agent which |
| # needs to execute commands in Dom0 in the hypervisor of XenServer, this item |
| # should be set to 'xenapi_root_helper', so that it will keep a XenAPI session |
| # to pass commands to Dom0. (string value) |
| #root_helper_daemon = <None> |
| {%- if server.root_helper_daemon|default(True) %} |
| root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf |
| {%- endif %} |
| |
| # Seconds between nodes reporting state to server; should be less than |
| # agent_down_time, best if it is half or less than agent_down_time. (floating |
| # point value) |
| #report_interval = 30 |
| report_interval = 10 |
| |
| # Log agent heartbeats (boolean value) |
| #log_agent_heartbeats = false |
| |
| # Add comments to iptables rules. Set to false to disallow the addition of |
| # comments to generated iptables rules that describe each rule's purpose. |
| # System must support the iptables comments module for addition of comments. |
| # (boolean value) |
| #comment_iptables_rules = true |
| |
| # Duplicate every iptables difference calculation to ensure the format being |
| # generated matches the format of iptables-save. This option should not be |
| # turned on for production systems because it imposes a performance penalty. |
| # (boolean value) |
| #debug_iptables_rules = false |
| |
| # Action to be executed when a child process dies (string value) |
| # Possible values: |
| # respawn - <No description provided> |
| # exit - <No description provided> |
| #check_child_processes_action = respawn |
| |
| # Interval between checks of child process liveness (seconds), use 0 to disable |
| # (integer value) |
| #check_child_processes_interval = 60 |
| |
| # Availability zone of this node (string value) |
| #availability_zone = nova |
| |
| |
| [cors] |
| {%- if server.cors is defined %} |
| {%- set _data = server.cors %} |
| {%- include "oslo_templates/files/queens/oslo/_cors.conf" %} |
| {%- endif %} |
| |
| |
| [database] |
| {%- set _data = server.database %} |
| {%- if _data.ssl is defined and 'cacert_file' not in _data.get('ssl', {}).keys() %}{% do _data['ssl'].update({'cacert_file': server.cacert_file}) %}{% endif %} |
| {%- include "oslo_templates/files/queens/oslo/_database.conf" %} |
| |
| [keystone_authtoken] |
| {%- set _data = server.identity %} |
| {%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': server.cacert_file}) %}{% endif %} |
| {%- set auth_type = _data.get('auth_type', 'password') %} |
| {%- include "oslo_templates/files/queens/keystonemiddleware/_auth_token.conf" %} |
| {%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %} |
| |
| |
| [nova] |
| {%- set _data = server.get('compute', server.get('identity', {})) %} |
| {%- if 'protocol' not in _data.keys() %}{% do _data.update({'protocol': server.get('identity', {}).get('protocol', 'http')}) %}{% endif %} |
| {%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': server.cacert_file}) %}{% endif %} |
| {%- set auth_type = _data.get('auth_type', 'password') %} |
| {%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %} |
| |
| |
| [oslo_concurrency] |
| {%- set _data = server.get('concurrency', {}) %} |
| {%- include "oslo_templates/files/queens/oslo/_concurrency.conf" %} |
| |
| |
| {%- if server.message_queue is defined %} |
| {%- set _data = server.message_queue %} |
| {%- if _data.engine == 'rabbitmq' %} |
| {%- set messaging_engine = 'rabbit' %} |
| {%- else %} |
| {%- set messaging_engine = _data.engine %} |
| {%- endif %} |
| [oslo_messaging_{{ messaging_engine }}] |
| {%- if _data.ssl is defined and 'cacert_file' not in _data.get('ssl', {}).keys() %}{% do _data['ssl'].update({'cacert_file': server.cacert_file}) %}{% endif %} |
| {%- include "oslo_templates/files/queens/oslo/messaging/_" + messaging_engine + ".conf" %} |
| {%- endif %} |
| |
| [oslo_messaging_notifications] |
| {%- set _data = server.notification %} |
| {%- include "oslo_templates/files/queens/oslo/messaging/_notifications.conf" %} |
| |
| |
| [oslo_middleware] |
| {%- set _data = server %} |
| {%- include "oslo_templates/files/queens/oslo/_middleware.conf" %} |
| |
| |
| [oslo_policy] |
| {%- if server.policy is defined %} |
| {%- set _data = server.policy %} |
| {%- include "oslo_templates/files/queens/oslo/_policy.conf" %} |
| {%- endif %} |
| |
| |
| [quotas] |
| |
| # |
| # From neutron |
| # |
| |
| # Default number of resource allowed per tenant. A negative value means |
| # unlimited. (integer value) |
| #default_quota = -1 |
| |
| # Number of networks allowed per tenant. A negative value means unlimited. |
| # (integer value) |
| #quota_network = 100 |
| |
| # Number of subnets allowed per tenant, A negative value means unlimited. |
| # (integer value) |
| #quota_subnet = 100 |
| |
| # Number of ports allowed per tenant. A negative value means unlimited. |
| # (integer value) |
| #quota_port = 500 |
| |
| # Default driver to use for quota checks. (string value) |
| #quota_driver = neutron.db.quota.driver.DbQuotaDriver |
| {% if server.backend.engine == "contrail" %} |
| quota_driver = neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver |
| {% endif %} |
| # Keep in track in the database of current resource quota usage. Plugins which |
| # do not leverage the neutron database should set this flag to False. (boolean |
| # value) |
| #track_quota_usage = true |
| |
| # |
| # From neutron.extensions |
| # |
| |
| # Number of routers allowed per tenant. A negative value means unlimited. |
| # (integer value) |
| #quota_router = 10 |
| |
| # Number of floating IPs allowed per tenant. A negative value means unlimited. |
| # (integer value) |
| #quota_floatingip = 50 |
| |
| # Number of security groups allowed per tenant. A negative value means |
| # unlimited. (integer value) |
| #quota_security_group = 10 |
| |
| # Number of security rules allowed per tenant. A negative value means |
| # unlimited. (integer value) |
| #quota_security_group_rule = 100 |
| |
| |
| [ssl] |
| {%- include "oslo_templates/files/queens/oslo/service/_ssl.conf" %} |
| |
| [ovs] |
| {%- if server.backend.ovsdb_interface is defined %} |
| ovsdb_interface = {{ server.backend.ovsdb_interface }} |
| {%- endif %} |
| {%- if server.backend.ovsdb_connection is defined %} |
| ovsdb_connection = {{ server.backend.ovsdb_connection }} |
| {%- endif %} |
| |
| # Advanced services configs |
| |
| {% if server.lbaas is defined -%} |
| {%- include "neutron/files/queens/lbaas.conf" %} |
| {% endif %} |
| |
| {% if server.bgp_vpn is defined -%} |
| {%- include "neutron/files/queens/bgpvpn.conf" %} |
| {% endif %} |
| |
| {% if server.sfc is defined -%} |
| {%- include "neutron/files/queens/plugins/sfc.conf" %} |
| {% endif %} |