| {%- from "octavia/map.jinja" import api with context %} |
| {%- from "octavia/map.jinja" import manager with context %} |
| [DEFAULT] |
| |
| # |
| # From octavia |
| # |
| |
| # The hostname Octavia is running on (string value) |
| #host = example.domain |
| |
| # Name of the controller plugin to use (string value) |
| #octavia_plugins = hot_plug_plugin |
| |
| |
| {%- if manager.logging is defined %} |
| {%- set _data = manager.logging %} |
| {%- include "oslo_templates/files/" ~ manager.version ~ "/oslo/_log.conf" %} |
| {%- endif %} |
| debug = {{ manager.get('debug', 'False') }} |
| |
| # A URL representing the messaging driver to use and its full configuration. |
| # (string value) |
| #transport_url = <None> |
| {%- if manager.message_queue.members is defined %} |
| transport_url = rabbit://{% for member in manager.message_queue.members -%} |
| {{ manager.message_queue.user }}:{{ manager.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }} |
| {%- if not loop.last -%},{%- endif -%} |
| {%- endfor -%} |
| /{{ manager.message_queue.virtual_host }} |
| {%- else %} |
| transport_url = rabbit://{{ manager.message_queue.user }}:{{ manager.message_queue.password }}@{{ manager.message_queue.host }}:{{ manager.message_queue.port }}/{{ manager.message_queue.virtual_host }} |
| {%- endif %} |
| |
| |
| # |
| # From oslo.service.service |
| # |
| |
| # Enable eventlet backdoor. Acceptable values are 0, <port>, and |
| # <start>:<end>, where 0 results in listening on a random tcp port number; |
| # <port> results in listening on the specified port number (and not enabling |
| # backdoor if that port is in use); and <start>:<end> results in listening on |
| # the smallest unused port number within the specified range of port numbers. |
| # The chosen port is displayed in the service's log file. (string value) |
| #backdoor_port = <None> |
| |
| # Enable eventlet backdoor, using the provided path as a unix socket that can |
| # receive connections. This option is mutually exclusive with 'backdoor_port' |
| # in that only one should be provided. If both are provided then the existence |
| # of this option overrides the usage of that option. (string value) |
| #backdoor_socket = <None> |
| |
| # Enables or disables logging values of all registered options when starting a |
| # service (at DEBUG level). (boolean value) |
| #log_options = true |
| |
| # Specify a timeout after which a gracefully shutdown server will exit. Zero |
| # value means endless wait. (integer value) |
| #graceful_shutdown_timeout = 60 |
| |
| |
| [api_settings] |
| |
| # |
| # From octavia |
| # |
| |
| # The host IP to bind to (IP address value) |
| #bind_host = 127.0.0.1 |
| {%- if pillar.octavia.api is defined %} |
| bind_host = {{ api.bind.address }} |
| {% endif %} |
| |
| # The port to bind to (port value) |
| # Minimum value: 0 |
| # Maximum value: 65535 |
| #bind_port = 9876 |
| {%- if pillar.octavia.api is defined %} |
| bind_port = {{ api.bind.port }} |
| {% endif %} |
| |
| # The auth strategy for API requests. (string value) |
| # Allowed values: noauth, keystone |
| #auth_strategy = keystone |
| |
| # The handler that the API communicates with (string value) |
| #api_handler = queue_producer |
| |
| # Allow the usage of the pagination (boolean value) |
| #allow_pagination = false |
| |
| # Allow the usage of the sorting (boolean value) |
| #allow_sorting = false |
| |
| # Allow the usage of the filtering (boolean value) |
| #allow_filtering = false |
| |
| # Allow the usage of the field selection (boolean value) |
| #allow_field_selection = false |
| |
| # The maximum number of items returned in a single response. |
| # The string 'infinite' or a negative integer value means 'no limit' |
| #pagination_max_limit = 'infinite' |
| |
| # Base URI for the API for use in pagination links. |
| # This will be autodetected from the request if not overridden here. |
| #api_base_uri = '' |
| |
| # Enable/disable exposing API endpoints (boolean value) |
| # api_v1_enabled = True |
| # api_v2_enabled = True |
| |
| {%- if pillar.octavia.api is defined %} |
| api_v1_enabled = {{ api.get('api_v1_enabled', 'True') }} |
| api_v2_enabled = {{ api.get('api_v2_enabled', 'True') }} |
| {% endif %} |
| |
| # Allow users to create TLS Terminated listeners |
| #allow_tls_terminated_listeners = True |
| |
| [amphora_agent] |
| |
| # |
| # From octavia |
| # |
| |
| # The ca which signed the client certificates (string value) |
| #agent_server_ca = /etc/octavia/certs/client_ca.pem |
| |
| # The server certificate for the agent.py server to use (string value) |
| #agent_server_cert = /etc/octavia/certs/server.pem |
| |
| # The directory where new network interfaces are located (string value) |
| #agent_server_network_dir = <None> |
| |
| # The file where the network interfaces are located. Specifying this will |
| # override any value set for agent_server_network_dir. (string value) |
| #agent_server_network_file = <None> |
| |
| # The time in seconds to allow a request from the controller to run before |
| # terminating the socket. (integer value) |
| #agent_request_read_timeout = 120 |
| |
| # The amphora ID. (string value) |
| #amphora_id = <None> |
| |
| [certificates] |
| |
| # |
| # From octavia |
| # |
| |
| # Absolute path to the CA Certificate for signing. Defaults |
| # to env[OS_OCTAVIA_TLS_CA_CERT]. |
| # ca_certificate = /etc/ssl/certs/ssl-cert-snakeoil.pem |
| ca_certificate = {{ manager.certificates.ca_certificate }} |
| |
| # Absolute path to the Private Key for signing. Defaults |
| # to env[OS_OCTAVIA_TLS_CA_KEY]. |
| # ca_private_key = /etc/ssl/private/ssl-cert-snakeoil.key |
| ca_private_key = {{ manager.certificates.ca_private_key }} |
| |
| # Passphrase for the Private Key. Defaults |
| # to env[OS_OCTAVIA_CA_KEY_PASS] or None. |
| # ca_private_key_passphrase = |
| |
| # Certificate signing digest. Defaults |
| # to env[OS_OCTAVIA_CA_SIGNING_DIGEST] or "sha256". |
| # signing_digest = sha256 |
| |
| # Absolute path to the certificate storage directory. |
| # Defaults to env[OS_OCTAVIA_TLS_STORAGE]. |
| # storage_path = /var/lib/octavia/certificates/ |
| |
| # Name of the cert manager to use (string value) |
| #cert_manager = barbican_cert_manager |
| |
| # Name of the cert generator to use (string value) |
| #cert_generator = local_cert_generator |
| |
| # Name of the Barbican authentication method to use (string value) |
| #barbican_auth = barbican_acl_auth |
| |
| # The name of the certificate service in the keystonecatalog (string value) |
| #service_name = <None> |
| |
| # A new endpoint to override the endpoint in the keystone catalog. (string |
| # value) |
| #endpoint = <None> |
| |
| # Region in Identity service catalog to use for communication with the barbican |
| # service. (string value) |
| #region_name = <None> |
| |
| # The endpoint_type to be used for barbican service. (string value) |
| #endpoint_type = publicURL |
| endpoint_type = {{ manager.identity.get('endpoint_type', 'public') }} |
| |
| # CA certificates file path (string value) |
| #ca_certificates_file = <None> |
| |
| # Disable certificate validation on SSL connections (boolean value) |
| #insecure = false |
| |
| [controller_worker] |
| |
| # |
| # From octavia |
| # |
| |
| # Retry attempts to wait for Amphora to become active (integer value) |
| #amp_active_retries = 10 |
| amp_active_retries = 100 |
| |
| # Seconds to wait between checks on whether an Amphora has become active |
| # (integer value) |
| #amp_active_wait_sec = 10 |
| amp_active_wait_sec = 2 |
| |
| # Nova instance flavor id for the Amphora (string value) |
| #amp_flavor_id = |
| amp_flavor_id = {{ manager.controller_worker.amp_flavor_id }} |
| |
| # Glance image tag for the Amphora image to boot. Use this option to be able to |
| # update the image without reconfiguring Octavia. Ignored if amp_image_id is |
| # defined. (string value) |
| #amp_image_tag = |
| amp_image_tag = {{ manager.controller_worker.amp_image_tag }} |
| |
| # Restrict glance image selection to a specific owner ID. This is a |
| # recommended security setting. (string value) |
| #amp_image_owner_id = |
| amp_image_owner_id = {{ amp_image_owner_id }} |
| |
| # SSH key name used to boot the Amphora (string value) |
| #amp_ssh_key_name = |
| amp_ssh_key_name = {{ manager.controller_worker.amp_ssh_key_name }} |
| |
| # Determines whether or not to allow access to the Amphorae (boolean value) |
| #amp_ssh_access_allowed = true |
| |
| # List of networks to attach to the Amphorae. All networks defined in the list |
| # will be attached to each amphora. (list value) |
| #amp_boot_network_list = |
| amp_boot_network_list = {{ amp_boot_network_list }} |
| |
| # List of security groups to attach to the Amphora. (list value) |
| #amp_secgroup_list = |
| amp_secgroup_list = {{ amp_secgroup_list }} |
| |
| # Client CA for the amphora agent to use (string value) |
| #client_ca = /etc/octavia/certs/ca_01.pem |
| client_ca = {{ manager.haproxy_amphora.server_ca }} |
| |
| # Name of the amphora driver to use (string value) |
| #amphora_driver = amphora_noop_driver |
| amphora_driver = amphora_haproxy_rest_driver |
| |
| # Name of the compute driver to use (string value) |
| #compute_driver = compute_noop_driver |
| compute_driver = compute_nova_driver |
| |
| # Name of the network driver to use (string value) |
| #network_driver = network_noop_driver |
| network_driver = allowed_address_pairs_driver |
| |
| # Distributor driver options are distributor_noop_driver |
| # single_VIP_amphora |
| # |
| # distributor_driver = distributor_noop_driver |
| |
| # Load balancer topology configuration. SINGLE - One amphora per load balancer. |
| # ACTIVE_STANDBY - Two amphora per load balancer. (string value) |
| # Allowed values: ACTIVE_STANDBY, SINGLE |
| #loadbalancer_topology = SINGLE |
| loadbalancer_topology = {{ manager.controller_worker.loadbalancer_topology }} |
| |
| # If True, build cloud-init user-data that is passed to the config drive on |
| # Amphora boot instead of personality files. If False, utilize personality |
| # files. (boolean value) |
| #user_data_config_drive = false |
| |
| [cors] |
| {%- if pillar.octavia.api is defined %} |
| {%- if api.cors is defined %} |
| {%- set _data = api.cors %} |
| {%- include "oslo_templates/files/" ~ manager.version ~ "/oslo/_cors.conf" %} |
| {%- endif %} |
| {%- endif %} |
| |
| [database] |
| |
| {%- set _data = manager.database %} |
| {%- if _data.ssl is defined and 'cacert_file' not in _data.ssl.keys() %}{% do _data['ssl'].update({'cacert_file': api.cacert_file}) %}{% endif %} |
| {%- include "oslo_templates/files/" ~ manager.version ~ "/oslo/_database.conf" %} |
| |
| [glance] |
| |
| # |
| # From octavia |
| # |
| |
| # The name of the glance service in the keystone catalog (string value) |
| #service_name = <None> |
| |
| # A new endpoint to override the endpoint in the keystone catalog. (string |
| # value) |
| #endpoint = <None> |
| |
| # Region in Identity service catalog to use for communication with the |
| # OpenStack services. (string value) |
| #region_name = <None> |
| |
| # Endpoint interface in identity service to use (string value) |
| #endpoint_type = publicURL |
| endpoint_type = {{ manager.identity.get('endpoint_type', 'public') }} |
| |
| # CA certificates file path (string value) |
| #ca_certificates_file = <None> |
| |
| # Disable certificate validation on SSL connections (boolean value) |
| #insecure = false |
| |
| [haproxy_amphora] |
| |
| # |
| # From octavia |
| # |
| |
| # Base directory for amphora files. (string value) |
| #base_path = /var/lib/octavia |
| base_path = /var/lib/octavia |
| |
| # Base directory for cert storage. (string value) |
| #base_cert_dir = /var/lib/octavia/certs |
| base_cert_dir = /var/lib/octavia/certs |
| |
| # Custom haproxy template. (string value) |
| #haproxy_template = <None> |
| # connection_logging = True |
| |
| # Retry threshold for connecting to amphorae. (integer value) |
| #connection_max_retries = 300 |
| connection_max_retries = 100 |
| |
| # Retry timeout between connection attempts in seconds. (integer value) |
| #connection_retry_interval = 5 |
| connection_retry_interval = 1 |
| |
| # Number of amphorae that could be built per controller worker, simultaneously. |
| #build_rate_limit=-1 |
| |
| # Retry threshold for waiting for a build slot for an amphorae. |
| #build_active_retries=300 |
| |
| # Retry timeout between build attempts in seconds. |
| #build_retry_interval=5 |
| |
| # The user group for haproxy to run under inside the amphora. (string value) |
| #user_group = nogroup |
| |
| # Size of the HAProxy stick table. Accepts k, m, g suffixes. Example: 10k |
| # (string value) |
| #haproxy_stick_size = 10k |
| |
| # The host IP to bind to (IP address value) |
| #bind_host = :: |
| |
| # The port to bind to (port value) |
| # Minimum value: 0 |
| # Maximum value: 65535 |
| #bind_port = 9443 |
| |
| # Network interface through which to reach amphora, only required if using IPv6 |
| # link local addresses. (string value) |
| #lb_network_interface = o-hm0 |
| |
| # The full path to haproxy (string value) |
| #haproxy_cmd = /usr/sbin/haproxy |
| |
| # The respawn count for haproxy's upstart script (integer value) |
| #respawn_count = 2 |
| |
| # The respawn interval for haproxy's upstart script (integer value) |
| #respawn_interval = 2 |
| |
| # The time in seconds to wait for a REST API to connect. (floating point value) |
| #rest_request_conn_timeout = 10 |
| rest_request_conn_timeout = 10 |
| |
| # The time in seconds to wait for a REST API response. (floating point value) |
| #rest_request_read_timeout = 60 |
| rest_request_read_timeout = 120 |
| |
| # These "active" timeouts are used once the amphora should already |
| # be fully up and active. These values are lower than the other values to |
| # facilitate "fail fast" scenarios like failovers |
| # active_connection_max_retries = 15 |
| # active_connection_rety_interval = 2 |
| |
| # The client certificate to talk to the agent (string value) |
| #client_cert = /etc/octavia/certs/client.pem |
| client_cert = {{ manager.haproxy_amphora.client_cert_all }} |
| |
| # The ca which signed the server certificates (string value) |
| #server_ca = /etc/octavia/certs/server_ca.pem |
| server_ca = {{ manager.haproxy_amphora.server_ca }} |
| |
| |
| [health_manager] |
| |
| # |
| # From octavia |
| # |
| |
| # IP address the controller will listen on for heart beats (IP address value) |
| #bind_ip = 127.0.0.1 |
| bind_ip = {{ manager.health_manager.bind_ip }} |
| |
| # Port number the controller will listen on for heart beats (port value) |
| # Minimum value: 0 |
| # Maximum value: 65535 |
| #bind_port = 5555 |
| bind_port = {{ manager.health_manager.get('bind_port', 5555) }} |
| |
| # Number of threads performing amphora failovers. (integer value) |
| #failover_threads = 10 |
| |
| # status_update_threads will default to the number of processors on the host |
| # status_update_threads = |
| |
| # key used to validate amphora sending the message (string value) |
| #heartbeat_key = <None> |
| heartbeat_key = {{ manager.health_manager.heartbeat_key }} |
| |
| # Interval, in seconds, to wait before failing over an amphora. (integer value) |
| #heartbeat_timeout = 60 |
| |
| # Sleep time between health checks in seconds. (integer value) |
| #health_check_interval = 3 |
| |
| # sets the value of the heartbeat recv buffer (integer value) |
| #sock_rlimit = 0 |
| |
| # Health/StatsUpdate options are |
| # *_db |
| # *_logger |
| # health_update_driver = health_db |
| # stats_update_driver = stats_db |
| |
| # List of controller ip and port pairs for the heartbeat receivers. Example |
| # 127.0.0.1:5555, 192.168.0.1:5555 (list value) |
| #controller_ip_port_list = |
| {%- if manager.health_manager.controller_ip_port_list is defined %} |
| controller_ip_port_list = {{ manager.health_manager.controller_ip_port_list }} |
| {%- else %} |
| controller_ip_port_list = {{ manager.health_manager.bind_ip }}:{{ manager.health_manager.get('bind_port', 5555) }} |
| {%- endif %} |
| |
| # Sleep time between sending heartbeats. (integer value) |
| #heartbeat_interval = 10 |
| |
| # Specifies which driver to use for the event_streamer for syncing the octavia |
| # and neutron_lbaas dbs. If you don't need to sync the database or are running |
| # octavia in stand alone mode use the noop_event_streamer (string value) |
| #event_streamer_driver = noop_event_streamer |
| # Enable provisioning status sync with neutron db |
| # sync_provisioning_status = False |
| |
| [house_keeping] |
| |
| # |
| # From octavia |
| # |
| |
| # Spare check interval in seconds (integer value) |
| #spare_check_interval = 30 |
| |
| # Number of spare amphorae (integer value) |
| #spare_amphora_pool_size = 0 |
| spare_amphora_pool_size = {{ manager.house_keeping.spare_amphora_pool_size }} |
| |
| # DB cleanup interval in seconds (integer value) |
| #cleanup_interval = 30 |
| |
| # Amphora expiry age in seconds (integer value) |
| #amphora_expiry_age = 604800 |
| amphora_expiry_age = 3600 |
| |
| # Load balancer expiry age in seconds (integer value) |
| #load_balancer_expiry_age = 604800 |
| load_balancer_expiry_age = 3600 |
| |
| # Certificate check interval in seconds (integer value) |
| #cert_interval = 3600 |
| |
| # Seconds until certificate expiration (integer value) |
| #cert_expiry_buffer = 1209600 |
| |
| # Number of threads performing amphora certificate rotation (integer value) |
| #cert_rotate_threads = 10 |
| |
| [keepalived_vrrp] |
| |
| # |
| # From octavia |
| # |
| |
| # Amphora role and priority advertisement interval in seconds. (integer value) |
| #vrrp_advert_int = 1 |
| |
| # VRRP check script run interval in seconds. (integer value) |
| #vrrp_check_interval = 5 |
| |
| # Number of successive failures before transition to a fail state. (integer |
| # value) |
| #vrrp_fail_count = 2 |
| |
| # Number of consecutive successes before transition to a success state. |
| # (integer value) |
| #vrrp_success_count = 2 |
| |
| # Time in seconds between gratuitous ARP announcements from the MASTER. |
| # (integer value) |
| #vrrp_garp_refresh_interval = 5 |
| |
| # Number of gratuitous ARP announcements to make on each refresh interval. |
| # (integer value) |
| #vrrp_garp_refresh_count = 2 |
| |
| [keystone_authtoken] |
| |
| # |
| # From keystonemiddleware.auth_token |
| # |
| |
| # Complete "public" Identity API endpoint. This endpoint should not be an |
| # "admin" endpoint, as it should be accessible by all end users. |
| # Unauthenticated clients are redirected to this endpoint to authenticate. |
| # Although this endpoint should ideally be unversioned, client support in the |
| # wild varies. If you're using a versioned v2 endpoint here, then this should |
| # *not* be the same endpoint the service user utilizes for validating tokens, |
| # because normal end users may not be able to reach that endpoint. (string |
| # value) |
| # The www_authenticate_uri is the public endpoint and is returned in headers on a 401 |
| # auth_uri = https://localhost:5000/v3 # www_authenticate_uri |
| auth_uri=http://{{ manager.identity.host }}:5000/v3 |
| |
| # The auth_url is the admin endpoint actually used for validating tokens |
| #auth_url = <None> |
| auth_url=http://{{ manager.identity.host }}:35357 |
| |
| {%- set _data = manager.identity %} |
| {%- set auth_type = _data.get('auth_type', 'password') %} |
| {%- include "oslo_templates/files/" ~ manager.version ~ "/keystonemiddleware/_auth_token.conf" %} |
| {%- include "oslo_templates/files/" ~ manager.version ~ "/keystoneauth/_type_" + auth_type + ".conf" %} |
| |
| |
| [matchmaker_redis] |
| |
| # |
| # From oslo.messaging |
| # |
| |
| # DEPRECATED: Host to locate redis. (string value) |
| # This option is deprecated for removal. |
| # Its value may be silently ignored in the future. |
| # Reason: Replaced by [DEFAULT]/transport_url |
| #host = 127.0.0.1 |
| |
| # DEPRECATED: Use this port to connect to redis host. (port value) |
| # Minimum value: 0 |
| # Maximum value: 65535 |
| # This option is deprecated for removal. |
| # Its value may be silently ignored in the future. |
| # Reason: Replaced by [DEFAULT]/transport_url |
| #port = 6379 |
| |
| # DEPRECATED: Password for Redis server (optional). (string value) |
| # This option is deprecated for removal. |
| # Its value may be silently ignored in the future. |
| # Reason: Replaced by [DEFAULT]/transport_url |
| #password = |
| |
| # DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g., |
| # [host:port, host1:port ... ] (list value) |
| # This option is deprecated for removal. |
| # Its value may be silently ignored in the future. |
| # Reason: Replaced by [DEFAULT]/transport_url |
| #sentinel_hosts = |
| |
| # Redis replica set name. (string value) |
| #sentinel_group_name = oslo-messaging-zeromq |
| |
| # Time in ms to wait between connection attempts. (integer value) |
| #wait_timeout = 2000 |
| |
| # Time in ms to wait before the transaction is killed. (integer value) |
| #check_timeout = 20000 |
| |
| # Timeout in ms on blocking socket operations. (integer value) |
| #socket_timeout = 10000 |
| |
| [networking] |
| |
| # |
| # From octavia |
| # |
| |
| # The maximum attempts to retry an action with the networking service. (integer |
| # value) |
| #max_retries = 15 |
| |
| # Seconds to wait before retrying an action with the networking service. |
| # (integer value) |
| #retry_interval = 1 |
| |
| # Seconds to wait for a port to detach from an amphora. (integer value) |
| #port_detach_timeout = 300 |
| |
| # Can users supply a network_id for their VIP ? (boolean value) |
| #allow_vip_network_id = True |
| |
| # Can users supply a subnet_id for their VIP ? (boolean value) |
| #allow_vip_port_id = True |
| |
| # List of network_ids that are valid for VIP creation. |
| # If this field is empty, no validation is performed. |
| #valid_vip_networks = <None> |
| |
| [neutron] |
| |
| # |
| # From octavia |
| # |
| |
| # The name of the neutron service in the keystone catalog (string value) |
| #service_name = <None> |
| |
| # A new endpoint to override the endpoint in the keystone catalog. (string |
| # value) |
| #endpoint = <None> |
| |
| # Region in Identity service catalog to use for communication with the |
| # OpenStack services. (string value) |
| #region_name = <None> |
| |
| # Endpoint interface in identity service to use (string value) |
| #endpoint_type = publicURL |
| endpoint_type = {{ manager.identity.get('endpoint_type', 'public') }} |
| |
| # CA certificates file path (string value) |
| #ca_certificates_file = <None> |
| |
| # Disable certificate validation on SSL connections (boolean value) |
| #insecure = false |
| |
| [nova] |
| |
| # |
| # From octavia |
| # |
| |
| # The name of the nova service in the keystone catalog (string value) |
| #service_name = <None> |
| |
| # A new endpoint to override the endpoint in the keystone catalog. (string |
| # value) |
| #endpoint = <None> |
| |
| # Region in Identity service catalog to use for communication with the |
| # OpenStack services. (string value) |
| #region_name = <None> |
| |
| # Endpoint interface in identity service to use (string value) |
| #endpoint_type = publicURL |
| endpoint_type = {{ manager.identity.get('endpoint_type', 'public') }} |
| |
| # CA certificates file path (string value) |
| #ca_certificates_file = <None> |
| |
| # Disable certificate validation on SSL connections (boolean value) |
| #insecure = false |
| |
| # Flag to indicate if nova anti-affinity feature is turned on. (boolean value) |
| #enable_anti_affinity = false |
| |
| [oslo_messaging] |
| |
| # |
| # From octavia |
| # |
| |
| # (string value) |
| #topic = <None> |
| topic = octavia_prov |
| |
| # topic name for communicating events through a queue (string value) |
| #event_stream_topic = neutron_lbaas_event |
| |
| # Transport URL to use for the neutron-lbaas synchronization event stream |
| # when neutron and octavia have separate queues. |
| # For Single Host, specify one full transport URL: |
| # event_stream_transport_url = rabbit://<user>:<pass>@127.0.0.1:5672/<vhost> |
| # For HA, specify queue nodes in cluster, comma delimited: |
| # event_stream_transport_url = rabbit://<user>:<pass>@server01,<user>:<pass>@server02/<vhost> |
| # event_stream_transport_url = |
| |
| [oslo_messaging_amqp] |
| |
| {%- set _data = manager %} |
| {%- include "oslo_templates/files/" ~ manager.version ~ "/oslo/messaging/_amqp.conf" %} |
| |
| [oslo_messaging_kafka] |
| {%- include "oslo_templates/files/" ~ manager.version ~ "/oslo/messaging/_kafka.conf" %} |
| |
| |
| [oslo_messaging_notifications] |
| |
| {%- set _data = manager.get('notification', {}) %} |
| {%- include "oslo_templates/files/" ~ manager.version ~ "/oslo/messaging/_notifications.conf" %} |
| |
| [oslo_messaging_rabbit] |
| |
| {%- set _data = manager.message_queue %} |
| {%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': manager.cacert_file}) %}{% endif %} |
| {%- include "oslo_templates/files/" ~ manager.version ~ "/oslo/messaging/_rabbit.conf" %} |
| |
| [oslo_messaging_zmq] |
| |
| {%- set _data = manager.message_queue %} |
| {%- include "oslo_templates/files/" ~ manager.version ~ "/oslo/messaging/_zmq.conf" %} |
| |
| [oslo_policy] |
| |
| {%- set _data = manager.get('policy', {}) %} |
| {%- include "oslo_templates/files/" ~ manager.version ~ "/oslo/_policy.conf" %} |
| |
| [service_auth] |
| |
| # |
| # From octavia |
| # |
| |
| # Authentication URL (string value) |
| #auth_url = <None> |
| auth_url=http://{{ manager.identity.host }}:35357 |
| |
| # Authentication type to load (string value) |
| # Deprecated group/name - [service_auth]/auth_plugin |
| #auth_type = <None> |
| auth_type = password |
| |
| # PEM encoded Certificate Authority to use when verifying HTTPs connections. |
| # (string value) |
| #cafile = <None> |
| |
| # PEM encoded client certificate cert file (string value) |
| #certfile = <None> |
| |
| # Optional domain ID to use with v3 and v2 parameters. It will be used for both |
| # the user and project domain in v3 and ignored in v2 authentication. (string |
| # value) |
| #default_domain_id = <None> |
| |
| # Optional domain name to use with v3 API and v2 parameters. It will be used |
| # for both the user and project domain in v3 and ignored in v2 authentication. |
| # (string value) |
| #default_domain_name = <None> |
| |
| # Domain ID to scope to (string value) |
| #domain_id = <None> |
| |
| # Domain name to scope to (string value) |
| #domain_name = <None> |
| |
| # Verify HTTPS connections. (boolean value) |
| #insecure = false |
| |
| # PEM encoded client certificate key file (string value) |
| #keyfile = <None> |
| |
| # User's password (string value) |
| #password = <None> |
| password = {{ manager.identity.password }} |
| |
| # Domain ID containing project (string value) |
| #project_domain_id = <None> |
| project_domain_id = {{ manager.identity.get('domain', 'default') }} |
| |
| # Domain name containing project (string value) |
| #project_domain_name = <None> |
| |
| # Project ID to scope to (string value) |
| # Deprecated group/name - [service_auth]/tenant-id |
| #project_id = <None> |
| |
| # Project name to scope to (string value) |
| # Deprecated group/name - [service_auth]/tenant-name |
| #project_name = <None> |
| project_name = {{ manager.identity.tenant }} |
| |
| # Tenant ID (string value) |
| #tenant_id = <None> |
| |
| # Tenant Name (string value) |
| #tenant_name = <None> |
| |
| # Timeout value for http requests (integer value) |
| #timeout = <None> |
| |
| # Trust ID (string value) |
| #trust_id = <None> |
| |
| # User's domain id (string value) |
| #user_domain_id = <None> |
| user_domain_id = {{ manager.identity.get('domain', 'default') }} |
| |
| # User's domain name (string value) |
| #user_domain_name = <None> |
| |
| # User id (string value) |
| #user_id = <None> |
| |
| # Username (string value) |
| # Deprecated group/name - [service_auth]/user-name |
| #username = <None> |
| username = {{ manager.identity.user }} |
| |
| [task_flow] |
| |
| # |
| # From octavia |
| # |
| |
| # TaskFlow engine to use (string value) |
| #engine = serial |
| |
| # The maximum number of workers (integer value) |
| #max_workers = 5 |