47a2b8fbb4
Add support to enable logging of security groups for OpenStack Queens or later; this feature is enabled via the neutron-api charm, with local configuration options provided in the neutron-openvswitch charm. The feature is only compatible with the openvswitch firewall driver and will not be enabled if this configuration option is not set in the neutron-openvswitch charm. This change is removing unnecessary Neutron config option "neutron_firewall_driver" since FW drivers are being handled on agents side (not on API server) since Mitaka release. Change-Id: Icadb055b2c5c3216b6d086b44a4823595b2baffa Closes-Bug: #1787397
117 lines
2.9 KiB
Plaintext
117 lines
2.9 KiB
Plaintext
# mitaka
|
|
###############################################################################
|
|
# [ WARNING ]
|
|
# Configuration file maintained by Juju. Local changes may be overwritten.
|
|
# Restart trigger {{ restart_trigger }}
|
|
###############################################################################
|
|
[DEFAULT]
|
|
verbose = {{ verbose }}
|
|
debug = {{ debug }}
|
|
use_syslog = {{ use_syslog }}
|
|
state_path = /var/lib/neutron
|
|
bind_host = {{ bind_host }}
|
|
auth_strategy = keystone
|
|
api_workers = {{ workers }}
|
|
rpc_workers = {{ workers }}
|
|
|
|
router_distributed = {{ enable_dvr }}
|
|
|
|
{% if dns_domain -%}
|
|
dns_domain = {{ dns_domain }}
|
|
{% endif -%}
|
|
|
|
l3_ha = {{ l3_ha }}
|
|
{% if l3_ha -%}
|
|
max_l3_agents_per_router = {{ max_l3_agents_per_router }}
|
|
min_l3_agents_per_router = {{ min_l3_agents_per_router }}
|
|
{% endif -%}
|
|
|
|
{% if neutron_bind_port -%}
|
|
bind_port = {{ neutron_bind_port }}
|
|
{% else -%}
|
|
bind_port = 9696
|
|
{% endif -%}
|
|
|
|
{% if core_plugin -%}
|
|
core_plugin = {{ core_plugin }}
|
|
{% if service_plugins -%}
|
|
service_plugins = {{ service_plugins }}
|
|
{% endif -%}
|
|
{% endif -%}
|
|
|
|
{% if neutron_security_groups -%}
|
|
allow_overlapping_ips = True
|
|
{% endif -%}
|
|
|
|
dhcp_agents_per_network = {{ dhcp_agents_per_network }}
|
|
|
|
notify_nova_on_port_status_changes = True
|
|
notify_nova_on_port_data_changes = True
|
|
|
|
{% if sections and 'DEFAULT' in sections -%}
|
|
{% for key, value in sections['DEFAULT'] -%}
|
|
{{ key }} = {{ value }}
|
|
{% endfor -%}
|
|
{% endif %}
|
|
|
|
{% if user_config_flags -%}
|
|
{% for key, value in user_config_flags.items() -%}
|
|
{{ key }} = {{ value }}
|
|
{% endfor -%}
|
|
{% endif -%}
|
|
|
|
{% if global_physnet_mtu -%}
|
|
global_physnet_mtu = {{ global_physnet_mtu }}
|
|
{% endif -%}
|
|
|
|
{% if enable_designate -%}
|
|
external_dns_driver = designate
|
|
{% endif -%}
|
|
|
|
{% include "section-zeromq" %}
|
|
|
|
[quotas]
|
|
{% if quota_driver -%}
|
|
quota_driver = {{ quota_driver }}
|
|
{% else -%}
|
|
quota_driver = neutron.db.quota_db.DbQuotaDriver
|
|
{% endif -%}
|
|
{% if neutron_security_groups -%}
|
|
quota_items = network,subnet,port,security_group,security_group_rule
|
|
quota_security_group = {{ quota_security_group }}
|
|
quota_security_group_rule = {{ quota_security_group_rule }}
|
|
{% else -%}
|
|
quota_items = network,subnet,port
|
|
{% endif -%}
|
|
quota_network = {{ quota_network }}
|
|
quota_subnet = {{ quota_subnet }}
|
|
quota_port = {{ quota_port }}
|
|
quota_vip = {{ quota_vip }}
|
|
quota_pool = {{ quota_pool }}
|
|
quota_member = {{ quota_member }}
|
|
quota_health_monitors = {{ quota_health_monitors }}
|
|
quota_router = {{ quota_router }}
|
|
quota_floatingip = {{ quota_floatingip }}
|
|
|
|
[agent]
|
|
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
|
|
|
|
{% include "section-keystone-authtoken-mitaka" %}
|
|
|
|
{% include "parts/section-database" %}
|
|
|
|
{% include "section-rabbitmq-oslo" %}
|
|
|
|
{% include "section-oslo-notifications" %}
|
|
|
|
[oslo_concurrency]
|
|
lock_path = $state_path/lock
|
|
|
|
{% include "parts/section-nova" %}
|
|
|
|
{% if enable_designate -%}
|
|
{% include "parts/section-designate" %}
|
|
{% endif -%}
|
|
|
|
{% include "section-oslo-middleware" %}
|