openstack-ansible-os_octavia/templates/octavia.conf.j2

[DEFAULT]
debug = {{ debug }}
use_journal = True
executor_thread_pool_size = {{ octavia_rpc_thread_pool_size }}
rpc_conn_pool_size = {{ octavia_rpc_conn_pool_size }}
transport_url = {{ octavia_oslomsg_rpc_transport }}://{% for host in octavia_oslomsg_rpc_servers.split(',') %}{{ octavia_oslomsg_rpc_userid }}:{{ octavia_oslomsg_rpc_password }}@{{ host }}:{{ octavia_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ octavia_oslomsg_rpc_vhost }}{% if octavia_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ octavia_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ octavia_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}

[api_settings]
bind_host = {{ octavia_uwsgi_bind_address }}
bind_port = {{ octavia_service_port }}
healthcheck_enabled = True

auth_strategy = {{ octavia_auth_strategy }}

# Allow users to create TLS Terminated listeners?
allow_tls_terminated_listeners = {{ octavia_tls_listener_enabled }}

default_provider_driver = {{ octavia_default_provider_driver }}
enabled_provider_drivers = {{ octavia_enabled_provider_drivers | join(',') }}

[oslo_messaging]
topic = octavia_prov

[oslo_messaging_rabbit]
ssl = {{ octavia_oslomsg_rpc_use_ssl }}

[oslo_messaging_notifications]
driver = {{ (octavia_ceilometer_enabled | bool) | ternary('messagingv2', 'noop') }}
transport_url = {{ octavia_oslomsg_notify_transport }}://{% for host in octavia_oslomsg_notify_servers.split(',') %}{{ octavia_oslomsg_notify_userid }}:{{ octavia_oslomsg_notify_password }}@{{ host }}:{{ octavia_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ octavia_oslomsg_notify_vhost }}{% if octavia_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ octavia_oslomsg_notify_ssl_version }}&ssl_ca_file={{ octavia_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}

[database]
connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}/{{ octavia_galera_database }}?charset=utf8{% if octavia_galera_use_ssl | bool %}&ssl_verify_cert=true{% if octavia_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ octavia_galera_ssl_ca_cert }}{% endif %}{% endif +%}
max_overflow = {{ octavia_db_max_overflow }}
max_pool_size = {{ octavia_db_max_pool_size }}
pool_timeout = {{ octavia_db_pool_timeout }}
connection_recycle_time = {{ octavia_db_connection_recycle_time }}

[health_manager]
bind_ip = 0.0.0.0
bind_port = {{ octavia_health_manager_port }}
# controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555
controller_ip_port_list = {% for host in octavia_hm_hosts.split(',') %}{{ host }}:{{ octavia_health_manager_port }}{% if not loop.last %},{% endif %}{% endfor %}

heartbeat_key = {{ octavia_health_hmac_key }}

# Enable provisioning status sync with neutron db
sync_provisioning_status = {{ octavia_sync_provisioning_status }}

[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ octavia_keystone_auth_plugin }}
auth_url = {{ keystone_service_internaluri }}/v3
www_authenticate_uri = {{ keystone_service_internaluri }}/v3
auth_version = 3
project_domain_id = {{ octavia_service_project_domain_id }}
user_domain_id = {{ octavia_service_user_domain_id }}
project_name = {{ octavia_service_project_name }}
username = {{ octavia_service_user_name }}
password = {{ octavia_service_password }}
region_name = {{ keystone_service_region }}
auth_type = password
endpoint_type = {{ octavia_clients_endpoint }}
memcached_servers = {{ octavia_memcached_servers }}
token_cache_time = 300
service_token_roles = "{{ octavia_service_token_roles | join(',') }}"
service_token_roles_required = {{ octavia_service_token_roles_required | bool }}
service_type = {{ octavia_service_type }}

# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}

[certificates]
ca_certificate = /etc/octavia/certs/server_ca.pem
ca_private_key = /etc/octavia/certs/ca_key.pem
ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }}
signing_digest = sha256
{% if octavia_barbican_enabled %}
cert_manager = barbican_cert_manager
endpoint_type = {{ octavia_clients_endpoint }}
region_name = {{ keystone_service_region }}
{% endif %}

[haproxy_amphora]
{% if octavia_haproxy_amphora_template is defined %}
haproxy_template = {{ octavia_haproxy_amphora_template }}
{% endif %}

bind_port = {{ octavia_agent_port }}

client_cert = /etc/octavia/certs/client.pem
server_ca = /etc/octavia/certs/server_ca.pem


[controller_worker]
amp_active_retries = {{ octavia_amp_active_retries }}
amp_image_tag = {{ octavia_glance_image_tag }}
amp_image_owner_id = {{ octavia_amp_image_owner_id }}
amp_flavor_id = {{ octavia_nova_flavor_uuid }}
{% if octavia_ssh_enabled %}
amp_ssh_key_name = {{ octavia_ssh_key_name }}
{% endif %}
amp_boot_network_list = {{ octavia_neutron_management_network_uuid }}
amp_secgroup_list = {{ octavia_security_group_name }}
client_ca = /etc/octavia/certs/client_ca.pem
amphora_driver = {{ octavia_amphora_driver }}
compute_driver = {{ octavia_compute_driver }}
network_driver = {{ octavia_network_driver }}

{% if octavia_cinder_enabled %}
volume_driver = volume_cinder_driver
{% else %}
volume_driver = volume_noop_driver
{% endif %}

loadbalancer_topology = {{ octavia_loadbalancer_topology }}


[task_flow]
max_workers = {{ octavia_task_flow_max_workers }}

{% if octavia_coordination_enable %}
persistence_connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}/{{ octavia_galera_persistence_database }}?charset=utf8{% if octavia_galera_use_ssl | bool %}&ssl_verify_cert=true{% if octavia_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ octavia_galera_ssl_ca_cert }}{% endif %}{% endif +%}
jobboard_enabled = True
jobboard_backend_driver = {{ _octavia_jobboard_driver_map[octavia_coordination_driver] }}
jobboard_backend_hosts = {{ groups[octavia_coordination_group] | map('extract', hostvars, 'ansible_host') | list | join(',') }}
jobboard_backend_port = {{ octavia_coordination_port }}
jobboard_backend_namespace = {{ octavia_coordination_namespace }}

{% if octavia_coordination_driver == 'zookeeper' %}
jobboard_zookeeper_ssl_options = use_ssl:{{ octavia_coordination_client_ssl | bool }},verify_certs:{{ octavia_coordination_verify_cert | bool }}
{% endif %}
{% if octavia_coordination_driver == 'redis' %}
jobboard_redis_backend_ssl_options = ssl:{{ octavia_coordination_client_ssl | bool }},ssl_cert_reqs:{{ octavia_coordination_verify_cert | ternary('required', 'None') }}
{% endif %}
{% endif %}

[service_auth]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ octavia_keystone_auth_plugin }}
auth_url = {{ keystone_service_internaluri }}/v3
www_authenticate_uri = {{ keystone_service_internaluri }}/v3
auth_version = 3
project_domain_name = {{ octavia_service_project_domain_id }}
user_domain_name = {{ octavia_service_user_domain_id }}
project_name = {{ octavia_service_project_name }}
username = {{ octavia_service_user_name }}
password = {{ octavia_service_password }}
region_name = {{ keystone_service_region }}
auth_type = password
memcached_servers = {{ octavia_memcached_servers }}
endpoint_type = {{ octavia_clients_endpoint }}
token_cache_time = 300

# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}


[octavia]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}

[nova]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
enable_anti_affinity = {{ octavia_enable_anti_affinity }}

{% if octavia_amp_availability_zone is defined %}availability_zone={{ octavia_amp_availability_zone }}{%endif%}

{% if octavia_cinder_enabled %}
[cinder]
service_name = {{ cinder_service_v3_name | default('cinderv3') }}
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
availability_zone = {{ cinder_default_availability_zone }}
volume_size = {{ octavia_cinder_volume_size }}
volume_type = {{ octavia_cinder_volume_type }}
volume_create_retry_interval = 5
volume_create_timeout = 50
volume_create_max_retries = 2
{% endif %}

[glance]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}

[neutron]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}