Created
December 7, 2017 03:40
-
-
Save TrongTan124/79a792635b9365271abbba60d94abbfe to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [DEFAULT] | |
| # Print debugging output (set logging level to DEBUG instead of default WARNING level). | |
| debug = {{ debug }} | |
| {% if not octavia_v2|bool %} | |
| bind_host = 0.0.0.0 | |
| bind_port = {{ octavia_service_port }} | |
| # api_handler = queue_producer | |
| # | |
| # How should authentication be handled (keystone, noauth) | |
| auth_strategy = {{ octavia_auth_strategy }} | |
| # | |
| {% endif %} | |
| # Plugin options are hot_plug_plugin (Hot-pluggable controller plugin) | |
| # | |
| # octavia_plugins = hot_plug_plugin | |
| # Hostname to be used by the host machine for services running on it. | |
| # The default value is the hostname of the host machine. | |
| # host = | |
| # AMQP Transport URL | |
| # For Single Host, specify one full transport URL: | |
| # transport_url = rabbit://<user>:<pass>@127.0.0.1:5672/<vhost> | |
| # For HA, specify queue nodes in cluster, comma delimited: | |
| # transport_url = rabbit://<user>:<pass>@server01,<user>:<pass>@server02/<vhost> | |
| transport_url = rabbit://{% for host in octavia_rabbitmq_servers.split(',') %}{{ octavia_rabbitmq_userid }}:{{ octavia_rabbitmq_password }}@{{ host }}:{{ octavia_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ octavia_rabbitmq_vhost }}{% endif %}{% endfor %} | |
| [api_settings] | |
| bind_host = 0.0.0.0 | |
| bind_port = {{ octavia_service_port }} | |
| # api_handler = queue_producer | |
| # | |
| # How should authentication be handled (keystone, noauth) | |
| # Note: remove "noauth" once LP bug is fixed | |
| auth_strategy = {{ octavia_auth_strategy }} | |
| # | |
| api_v1_enabled = {{ octavia_v1 }} | |
| api_v2_enabled = {{ octavia_v2 }} | |
| # Allow users to create TLS Terminated listeners? | |
| allow_tls_terminated_listeners = {{ octavia_tls_listener_enabled }} | |
| # pre Ocata | |
| [oslo_messaging_rabbit] | |
| ssl = {{ octavia_rabbitmq_use_ssl }} | |
| rpc_conn_pool_size = {{ octavia_rpc_conn_pool_size }} | |
| [database] | |
| connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}/{{ octavia_galera_database }}?charset=utf8 | |
| max_overflow = {{ octavia_db_max_overflow }} | |
| max_pool_size = {{ octavia_db_pool_size }} | |
| pool_timeout = {{ octavia_db_pool_timeout }} | |
| [health_manager] | |
| bind_ip = 0.0.0.0 | |
| bind_port = {{ octavia_health_manager_port }} | |
| # controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555 | |
| controller_ip_port_list = {% for host in octavia_hm_hosts.split(',') %}{{ host }}:{{ octavia_health_manager_port }}{% if not loop.last %},{% endif %}{% endfor %} | |
| # failover_threads = 10 | |
| # status_update_threads = 50 | |
| # heartbeat_interval = 10 | |
| heartbeat_key = {{ octavia_health_hmac_key }} | |
| # heartbeat_timeout = 60 | |
| # health_check_interval = 3 | |
| # sock_rlimit = 0 | |
| # EventStreamer options are | |
| # queue_event_streamer, | |
| # noop_event_streamer | |
| event_streamer_driver = {% if octavia_event_streamer|bool %}queue_event_streamer{% else %}noop_event_streamer{% endif %} | |
| # Enable provisioning status sync with neutron db | |
| sync_provisioning_status = {{ octavia_sync_provisioning_status }} | |
| [keystone_authtoken] | |
| insecure = {{ keystone_service_internaluri_insecure | bool }} | |
| auth_type = {{ octavia_keystone_auth_plugin }} | |
| auth_url = {{ keystone_service_internaluri }}/v3 | |
| auth_uri = {{ keystone_service_internaluri }}/v3 | |
| auth_version = 3 | |
| project_domain_id = {{ octavia_service_project_domain_id }} | |
| user_domain_id = {{ octavia_service_user_domain_id }} | |
| project_name = {{ octavia_service_project_name }} | |
| username = {{ octavia_service_user_name }} | |
| password = {{ octavia_service_password }} | |
| region_name = {{ keystone_service_region }} | |
| auth_type = password | |
| endpoint_type = {{ octavia_clients_endpoint }} | |
| memcached_servers = {{ memcached_servers }} | |
| token_cache_time = 300 | |
| # if your memcached server is shared, use these settings to avoid cache poisoning | |
| memcache_security_strategy = ENCRYPT | |
| memcache_secret_key = {{ memcached_encryption_key }} | |
| [certificates] | |
| # cert_generator = local_cert_generator | |
| # For local certificate signing (development only): | |
| ca_certificate = /etc/octavia/certs/ca.pem | |
| ca_private_key = /etc/octavia/certs/ca_key.pem | |
| ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }} | |
| signing_digest = {{ octavia_signing_digest }} | |
| # storage_path = /var/lib/octavia/certificates/ | |
| # For the TLS management | |
| # Certificate Manager options are local_cert_manager | |
| # barbican_cert_manager | |
| # cert_manager = barbican_cert_manager | |
| # For Barbican authentication (if using any Barbican based cert class) | |
| # barbican_auth = barbican_acl_auth | |
| # | |
| # Region in Identity service catalog to use for communication with the Barbican service. | |
| # region_name = | |
| # | |
| # Endpoint type to use for communication with the Barbican service. | |
| # endpoint_type = publicURL | |
| [anchor] | |
| # Use OpenStack anchor to sign the amphora REST API certificates | |
| # url = http://localhost:9999/v1/sign/default | |
| # username = | |
| # password = | |
| [networking] | |
| # The maximum attempts to retry an action with the networking service. | |
| # max_retries = 15 | |
| # Seconds to wait before retrying an action with the networking service. | |
| # retry_interval = 1 | |
| # The maximum time to wait, in seconds, for a port to detach from an amphora | |
| # port_detach_timeout = 300 | |
| [haproxy_amphora] | |
| # base_path = /var/lib/octavia | |
| # base_cert_dir = /var/lib/octavia/certs | |
| # Absolute path to a custom HAProxy template file | |
| {% if octavia_haproxy_amphora_template is defined %} | |
| haproxy_template = {{ octavia_haproxy_amphora_template }} | |
| {% endif %} | |
| # connection_max_retries = 300 | |
| # connection_retry_interval = 5 | |
| # Maximum number of entries that can fit in the stick table. | |
| # The size supports "k", "m", "g" suffixes. | |
| # haproxy_stick_size = 10k | |
| # REST Driver specific | |
| # bind_host = 0.0.0.0 | |
| bind_port = {{ octavia_agent_port }} | |
| # | |
| # This setting is only needed with IPv6 link-local addresses (fe80::/64) are | |
| # used for communication between Octavia and its Amphora, if IPv4 or other IPv6 | |
| # addresses are used it can be ignored. | |
| # lb_network_interface = o-hm0 | |
| # | |
| # haproxy_cmd = /usr/sbin/haproxy | |
| # respawn_count = 2 | |
| # respawn_interval = 2 | |
| client_cert = /etc/octavia/certs/client.pem | |
| server_ca = /etc/octavia/certs/server_ca.pem | |
| # | |
| # This setting is deprecated. It is now automatically discovered. | |
| # use_upstart = True | |
| # | |
| # rest_request_conn_timeout = 10 | |
| # rest_request_read_timeout = 60 | |
| [controller_worker] | |
| # amp_active_retries = 10 | |
| # amp_active_wait_sec = 10 | |
| # Glance parameters to extract image ID to use for amphora. Only one of | |
| # parameters is needed. Using tags is the recommended way to refer to images. | |
| amp_image_id = {{ octavia_amp_image_id }} | |
| amp_image_tag = {{ octavia_glance_image_tag }} | |
| # Optional owner ID used to restrict glance images to one owner ID. | |
| # This is a recommended security setting. | |
| amp_image_owner_id = {{ octavia_amp_image_owner_id }} | |
| # octavia parameters to use when booting amphora | |
| amp_flavor_id = {{ octavia_nova_flavor_uuid }} | |
| amp_ssh_key_name = {{ octavia_ssh_key_name }} | |
| amp_ssh_access_allowed = {{ octavia_ssh_enabled }} | |
| # Networks to attach to the Amphorae examples: | |
| # - One primary network | |
| # - - amp_boot_network_list = 22222222-3333-4444-5555-666666666666 | |
| # - Multiple networks | |
| # - - amp_boot_network_list = 11111111-2222-33333-4444-555555555555, 22222222-3333-4444-5555-666666666666 | |
| # - All networks defined in the list will be attached to each amphora | |
| amp_boot_network_list = {{ octavia_neutron_management_network_uuid }} | |
| # Takes a single network id that is attached to amphorae on boot | |
| # Deprecated... | |
| # amp_network = | |
| amp_secgroup_list = {{ octavia_security_group_name }} | |
| client_ca = /etc/octavia/certs/client_ca.pem | |
| # Amphora driver options are amphora_noop_driver, | |
| # amphora_haproxy_rest_driver | |
| # | |
| amphora_driver = {{ octavia_amphora_driver }} | |
| # | |
| # Compute driver options are compute_noop_driver | |
| # compute_octavia_driver | |
| # | |
| compute_driver = {{ octavia_compute_driver }} | |
| # | |
| # Network driver options are network_noop_driver | |
| # allowed_address_pairs_driver | |
| # | |
| network_driver = {{ octavia_network_driver }} | |
| # | |
| # Certificate Generator options are local_cert_generator | |
| # barbican_cert_generator | |
| # anchor_cert_generator | |
| # cert_generator = local_cert_generator | |
| # | |
| # Load balancer topology options are SINGLE, ACTIVE_STANDBY | |
| loadbalancer_topology = {{ octavia_loadbalancer_topology }} | |
| # user_data_config_drive = False | |
| [task_flow] | |
| # engine = serial | |
| max_workers = {{ octavia_task_flow_max_workers }} | |
| [oslo_messaging] | |
| # Queue Consumer Thread Pool Size | |
| rpc_thread_pool_size = {{ octavia_rpc_thread_pool_size }} | |
| # Topic (i.e. Queue) Name | |
| topic = octavia_prov | |
| # Topic for octavia's events sent to a queue | |
| event_stream_topic = neutron_lbaas_event | |
| # Put it into the Neutron queue | |
| {% if octavia_event_streamer|bool %} | |
| event_stream_transport_url = rabbit://{% for host in neutron_rabbitmq_servers.split(',') %}{{ octavia_neutron_rabbitmq_userid }}:{{ octavia_neutron_rabbitmq_password }}@{{ host }}:{{ neutron_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ neutron_rabbitmq_vhost }}{% endif %}{% endfor %} | |
| {% endif %} | |
| [house_keeping] | |
| # Interval in seconds to initiate spare amphora checks | |
| # spare_check_interval = 30 | |
| spare_amphora_pool_size = {{ octavia_spare_amphora_pool_size }} | |
| # Cleanup interval for Deleted amphora | |
| # cleanup_interval = 30 | |
| # Amphora expiry age in seconds. Default is 1 week | |
| # amphora_expiry_age = 604800 | |
| # Load balancer expiry age in seconds. Default is 1 week | |
| # load_balancer_expiry_age = 604800 | |
| [amphora_agent] | |
| # agent_server_ca = /etc/octavia/certs/client_ca.pem | |
| # agent_server_cert = /etc/octavia/certs/server.pem | |
| # agent_server_network_dir = /etc/netns/amphora-haproxy/network/interfaces.d/ | |
| # agent_server_network_file = | |
| # agent_request_read_timeout = 120 | |
| [keepalived_vrrp] | |
| # Amphora Role/Priority advertisement interval in seconds | |
| # vrrp_advert_int = 1 | |
| # Service health check interval and success/fail count | |
| # vrrp_check_interval = 5 | |
| # vrpp_fail_count = 2 | |
| # vrrp_success_count = 2 | |
| # Amphora MASTER gratuitous ARP refresh settings | |
| # vrrp_garp_refresh_interval = 5 | |
| # vrrp_garp_refresh_count = 2 | |
| [service_auth] | |
| # memcached_servers = | |
| # signing_dir = | |
| # cafile = /opt/stack/data/ca-bundle.pem | |
| # project_domain_name = Default | |
| # project_name = admin | |
| # user_domain_name = Default | |
| # password = password | |
| # username = admin | |
| # auth_type = password | |
| # auth_url = http://localhost:5555/ | |
| insecure = {{ keystone_service_internaluri_insecure | bool }} | |
| auth_plugin = {{ octavia_keystone_auth_plugin }} | |
| auth_url = {{ keystone_service_internaluri }}/v3 | |
| auth_uri = {{ keystone_service_internaluri }}/v3 | |
| auth_version = 3 | |
| project_domain_name = {{ octavia_service_project_domain_id }} | |
| user_domain_name = {{ octavia_service_user_domain_id }} | |
| project_name = {{ octavia_service_project_name }} | |
| username = {{ octavia_service_user_name }} | |
| password = {{ octavia_service_password }} | |
| region_name = {{ keystone_service_region }} | |
| auth_type = password | |
| memcached_servers = {{ memcached_servers }} | |
| endpoint_type = {{ octavia_clients_endpoint }} | |
| token_cache_time = 300 | |
| # if your memcached server is shared, use these settings to avoid cache poisoning | |
| memcache_security_strategy = ENCRYPT | |
| memcache_secret_key = {{ memcached_encryption_key }} | |
| [octavia] | |
| # The name of the octavia service in the keystone catalog | |
| # service_name = | |
| # Custom octavia endpoint if override is necessary | |
| # endpoint = | |
| # Region in Identity service catalog to use for communication with the | |
| # OpenStack services. | |
| region_name = {{ keystone_service_region }} | |
| # Endpoint type in Identity service catalog to use for communication with | |
| # the OpenStack services. | |
| endpoint_type = {{ octavia_clients_endpoint }} | |
| # CA certificates file to verify neutron connections when TLS is enabled | |
| # insecure = False | |
| # ca_certificates_file = | |
| [nova] | |
| # The name of the nova service in the keystone catalog | |
| # service_name = | |
| # Custom nova endpoint if override is necessary | |
| # endpoint = | |
| # Region in Identity service catalog to use for communication with the | |
| # OpenStack services. | |
| region_name = {{ keystone_service_region }} | |
| # Endpoint type in Identity service catalog to use for communication with | |
| # the OpenStack services. | |
| endpoint_type = {{ octavia_clients_endpoint }} | |
| # CA certificates file to verify neutron connections when TLS is enabled | |
| # insecure = False | |
| # ca_certificates_file = | |
| enable_anti_affinity = {{ octavia_enable_anti_affinity }} | |
| {% if octavia_amp_availability_zone is defined %}availability_zone={{ octavia_amp_availability_zone }}{%endif%} | |
| [glance] | |
| # The name of the glance service in the keystone catalog | |
| # service_name = | |
| # Custom glance endpoint if override is necessary | |
| # endpoint = | |
| # Region in Identity service catalog to use for communication with the | |
| # OpenStack services. | |
| region_name = {{ keystone_service_region }} | |
| # Endpoint type in Identity service catalog to use for communication with | |
| # the OpenStack services. | |
| endpoint_type = {{ octavia_clients_endpoint }} | |
| # CA certificates file to verify neutron connections when TLS is enabled | |
| # insecure = False | |
| # ca_certificates_file = | |
| [neutron] | |
| # The name of the neutron service in the keystone catalog | |
| # service_name = | |
| # Custom neutron endpoint if override is necessary | |
| # endpoint = | |
| # Region in Identity service catalog to use for communication with the | |
| # OpenStack services. | |
| region_name = {{ keystone_service_region }} | |
| # Endpoint type in Identity service catalog to use for communication with | |
| # the OpenStack services. | |
| endpoint_type = {{ octavia_clients_endpoint }} | |
| # CA certificates file to verify neutron connections when TLS is enabled | |
| # insecure = False | |
| # ca_certificates_file = |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment