openstack/openstack-ansible-os_octavia
Code Issues Proposed changes
openstack-ansible-os_octavia/templates/octavia.conf.j2
Dmitriy Rabotyagov c0783fcdf5 Add quorum queues support for service 
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.

In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.

Change-Id: I4781a0c23274b145970b3269e517c2a62497acc4
2023-10-20 12:34:55 +00:00

194 lines
8.6 KiB
Django/Jinja
Raw Blame History

[DEFAULT]
debug = {{ debug }}
use_journal = True
executor_thread_pool_size = {{ octavia_rpc_thread_pool_size }}
rpc_conn_pool_size = {{ octavia_rpc_conn_pool_size }}
transport_url = {{ octavia_oslomsg_rpc_transport }}://{% for host in octavia_oslomsg_rpc_servers.split(',') %}{{ octavia_oslomsg_rpc_userid }}:{{ octavia_oslomsg_rpc_password }}@{{ host }}:{{ octavia_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _octavia_oslomsg_rpc_vhost_conf }}{% if octavia_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ octavia_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ octavia_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
[api_settings]
bind_host = {{ octavia_uwsgi_bind_address }}
bind_port = {{ octavia_service_port }}
healthcheck_enabled = True
auth_strategy = {{ octavia_auth_strategy }}
# Allow users to create TLS Terminated listeners?
allow_tls_terminated_listeners = {{ octavia_tls_listener_enabled }}
default_provider_driver = {{ octavia_default_provider_driver }}
enabled_provider_drivers = {{ octavia_enabled_provider_drivers | join(',') }}
[oslo_messaging]
topic = octavia_prov
[oslo_messaging_rabbit]
ssl = {{ octavia_oslomsg_rpc_use_ssl }}
rabbit_quorum_queue = {{ octavia_oslomsg_rabbit_quorum_queues }}
rabbit_quorum_delivery_limit = {{ octavia_oslomsg_rabbit_quorum_delivery_limit }}
rabbit_quorum_max_memory_bytes = {{ octavia_oslomsg_rabbit_quorum_max_memory_bytes }}
[oslo_messaging_notifications]
driver = {{ (octavia_ceilometer_enabled | bool) | ternary('messagingv2', 'noop') }}
transport_url = {{ octavia_oslomsg_notify_transport }}://{% for host in octavia_oslomsg_notify_servers.split(',') %}{{ octavia_oslomsg_notify_userid }}:{{ octavia_oslomsg_notify_password }}@{{ host }}:{{ octavia_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _octavia_oslomsg_notify_vhost_conf }}{% if octavia_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ octavia_oslomsg_notify_ssl_version }}&ssl_ca_file={{ octavia_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
[database]
connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}:{{ octavia_galera_port }}/{{ octavia_galera_database }}?charset=utf8{% if octavia_galera_use_ssl | bool %}&ssl_verify_cert=true{% if octavia_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ octavia_galera_ssl_ca_cert }}{% endif %}{% endif +%}
max_overflow = {{ octavia_db_max_overflow }}
max_pool_size = {{ octavia_db_max_pool_size }}
pool_timeout = {{ octavia_db_pool_timeout }}
connection_recycle_time = {{ octavia_db_connection_recycle_time }}
[health_manager]
bind_ip = 0.0.0.0
bind_port = {{ octavia_health_manager_port }}
# controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555
controller_ip_port_list = {% for host in octavia_hm_hosts.split(',') %}{{ host }}:{{ octavia_health_manager_port }}{% if not loop.last %},{% endif %}{% endfor %}
heartbeat_key = {{ octavia_health_hmac_key }}
# Enable provisioning status sync with neutron db
sync_provisioning_status = {{ octavia_sync_provisioning_status }}
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ octavia_keystone_auth_plugin }}
auth_url = {{ keystone_service_internaluri }}/v3
www_authenticate_uri = {{ keystone_service_internaluri }}/v3
auth_version = 3
project_domain_id = {{ octavia_service_project_domain_id }}
user_domain_id = {{ octavia_service_user_domain_id }}
project_name = {{ octavia_service_project_name }}
username = {{ octavia_service_user_name }}
password = {{ octavia_service_password }}
region_name = {{ keystone_service_region }}
auth_type = password
endpoint_type = {{ octavia_clients_endpoint }}
memcached_servers = {{ octavia_memcached_servers }}
token_cache_time = 300
service_token_roles = "{{ octavia_service_token_roles | join(',') }}"
service_token_roles_required = {{ octavia_service_token_roles_required | bool }}
service_type = {{ octavia_service_type }}
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
[certificates]
ca_certificate = /etc/octavia/certs/server_ca.pem
ca_private_key = /etc/octavia/certs/ca_key.pem
ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }}
signing_digest = sha256
{% if octavia_barbican_enabled %}
cert_manager = barbican_cert_manager
endpoint_type = {{ octavia_clients_endpoint }}
region_name = {{ keystone_service_region }}
{% endif %}
[haproxy_amphora]
{% if octavia_haproxy_amphora_template is defined %}
haproxy_template = {{ octavia_haproxy_amphora_template }}
{% endif %}
bind_port = {{ octavia_agent_port }}
client_cert = /etc/octavia/certs/client.pem
server_ca = /etc/octavia/certs/server_ca.pem
[controller_worker]
amp_active_retries = {{ octavia_amp_active_retries }}
amp_image_tag = {{ octavia_glance_image_tag }}
amp_image_owner_id = {{ octavia_amp_image_owner_id }}
amp_flavor_id = {{ octavia_nova_flavor_uuid }}
{% if octavia_ssh_enabled %}
amp_ssh_key_name = {{ octavia_ssh_key_name }}
{% endif %}
amp_boot_network_list = {{ octavia_neutron_management_network_uuid }}
amp_secgroup_list = {{ octavia_security_group_name }}
client_ca = /etc/octavia/certs/client_ca.pem
amphora_driver = {{ octavia_amphora_driver }}
compute_driver = {{ octavia_compute_driver }}
network_driver = {{ octavia_network_driver }}
{% if octavia_cinder_enabled %}
volume_driver = volume_cinder_driver
{% else %}
volume_driver = volume_noop_driver
{% endif %}
loadbalancer_topology = {{ octavia_loadbalancer_topology }}
[task_flow]
max_workers = {{ octavia_task_flow_max_workers }}
{% if octavia_coordination_enable %}
persistence_connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}/{{ octavia_galera_persistence_database }}?charset=utf8{% if octavia_galera_use_ssl | bool %}&ssl_verify_cert=true{% if octavia_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ octavia_galera_ssl_ca_cert }}{% endif %}{% endif +%}
jobboard_enabled = True
jobboard_backend_driver = {{ _octavia_jobboard_driver_map[octavia_coordination_driver] }}
jobboard_backend_hosts = {{ groups[octavia_coordination_group] | map('extract', hostvars, 'ansible_host') | list | join(',') }}
jobboard_backend_port = {{ octavia_coordination_port }}
jobboard_backend_namespace = {{ octavia_coordination_namespace }}
{% if octavia_coordination_driver == 'zookeeper' %}
jobboard_zookeeper_ssl_options = use_ssl:{{ octavia_coordination_client_ssl | bool }},verify_certs:{{ octavia_coordination_verify_cert | bool }}
{% endif %}
{% if octavia_coordination_driver == 'redis' %}
jobboard_redis_backend_ssl_options = ssl:{{ octavia_coordination_client_ssl | bool }},ssl_cert_reqs:{{ octavia_coordination_verify_cert | ternary('required', 'None') }}
{% endif %}
{% endif %}
[service_auth]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ octavia_keystone_auth_plugin }}
auth_url = {{ keystone_service_internaluri }}/v3
www_authenticate_uri = {{ keystone_service_internaluri }}/v3
auth_version = 3
project_domain_name = {{ octavia_service_project_domain_id }}
user_domain_name = {{ octavia_service_user_domain_id }}
project_name = {{ octavia_service_project_name }}
username = {{ octavia_service_user_name }}
password = {{ octavia_service_password }}
region_name = {{ keystone_service_region }}
auth_type = password
memcached_servers = {{ octavia_memcached_servers }}
endpoint_type = {{ octavia_clients_endpoint }}
token_cache_time = 300
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
[octavia]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
[nova]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
enable_anti_affinity = {{ octavia_enable_anti_affinity }}
{% if octavia_amp_availability_zone is defined %}availability_zone={{ octavia_amp_availability_zone }}{%endif%}
{% if octavia_cinder_enabled %}
[cinder]
service_name = {{ cinder_service_v3_name | default('cinderv3') }}
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
availability_zone = {{ cinder_default_availability_zone }}
volume_size = {{ octavia_cinder_volume_size }}
volume_type = {{ octavia_cinder_volume_type }}
volume_create_retry_interval = 5
volume_create_timeout = 50
volume_create_max_retries = 2
{% endif %}
[glance]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
[neutron]
region_name = {{ keystone_service_region }}
endpoint_type = {{ octavia_clients_endpoint }}
View Git Blame Copy Permalink