Configure OVN southdb connection.
OVN Octavia provider gained support for health monitoring, this is achieved by allowing the octavia-driver-agent connect to the southdb, this change adds the connection strings otherwise the daemon tries to connect to 127.0.0.1:6442 . Change-Id: I6f7f1b9252e74ddcc2729a11c74b3c08ee8a7eb2 Closes-Bug: #1980290
This commit is contained in:
parent
e237d6621e
commit
a705435156
|
@ -0,0 +1,167 @@
|
|||
# victoria
|
||||
[DEFAULT]
|
||||
debug = {{ options.debug }}
|
||||
|
||||
{% include "parts/section-transport-url" %}
|
||||
|
||||
{% if ovsdb_subordinate and ovsdb_subordinate.ovn_configured and ovsdb_cms -%}
|
||||
[api_settings]
|
||||
{% if options.enable_amphora -%}
|
||||
enabled_provider_drivers = amphora:The Octavia Amphora driver,ovn:Octavia OVN driver
|
||||
{% else -%}
|
||||
enabled_provider_drivers = ovn:Octavia OVN driver
|
||||
{% endif -%}
|
||||
|
||||
[ovn]
|
||||
ovn_nb_connection={{ ','.join(ovsdb_cms.db_nb_connection_strs) }}
|
||||
ovn_nb_private_key=/etc/octavia/ovn_private_key.pem
|
||||
ovn_nb_certificate=/etc/octavia/ovn_certificate.pem
|
||||
ovn_nb_ca_cert=/etc/octavia/ovn_ca_cert.pem
|
||||
|
||||
ovn_sb_connection={{ ','.join(ovsdb_cms.db_sb_connection_strs) }}
|
||||
ovn_sb_private_key=/etc/octavia/ovn_private_key.pem
|
||||
ovn_sb_certificate=/etc/octavia/ovn_certificate.pem
|
||||
ovn_sb_ca_cert=/etc/octavia/ovn_ca_cert.pem
|
||||
|
||||
[driver_agent]
|
||||
enabled_provider_agents = ovn
|
||||
{% endif %}
|
||||
|
||||
[health_manager]
|
||||
{% if options.health_manager_bind_ip -%}
|
||||
bind_ip = {{ options.health_manager_bind_ip }}
|
||||
{% endif -%}
|
||||
{% if options.controller_ip_port_list -%}
|
||||
controller_ip_port_list = {{ options.controller_ip_port_list }}
|
||||
{% endif -%}
|
||||
heartbeat_key = {{ options.heartbeat_key }}
|
||||
health_update_threads = {{ options.workers }}
|
||||
stats_update_threads = {{ options.workers }}
|
||||
|
||||
[house_keeping]
|
||||
{% if options.spare_amphora_pool_size -%}
|
||||
spare_amphora_pool_size = {{ options.spare_amphora_pool_size }}
|
||||
{% endif %}
|
||||
|
||||
[controller_worker]
|
||||
{% if options.amp_ssh_key_name %}
|
||||
amp_ssh_key_name = {{ options.amp_ssh_key_name }}
|
||||
{% endif -%}
|
||||
{% if options.amp_image_owner_id -%}
|
||||
amp_image_owner_id = {{ options.amp_image_owner_id }}
|
||||
{% endif -%}
|
||||
{% if options.amp_secgroup_list -%}
|
||||
amp_secgroup_list = {{ options.amp_secgroup_list }}
|
||||
{% endif -%}
|
||||
{% if options.amp_flavor_id -%}
|
||||
amp_flavor_id = {{ options.amp_flavor_id }}
|
||||
{% endif -%}
|
||||
{% if options.amp_boot_network_list -%}
|
||||
amp_boot_network_list = {{ options.amp_boot_network_list }}
|
||||
{% endif -%}
|
||||
{% if options.amp_image_tag -%}
|
||||
amp_image_tag = {{ options.amp_image_tag }}
|
||||
{% endif -%}
|
||||
amp_active_retries = 180
|
||||
# This certificate is installed on the ``Amphorae`` and used for validating
|
||||
# the authenticity of the ``Octavia`` controller.
|
||||
client_ca = {{ options.controller_cacert }}
|
||||
network_driver = allowed_address_pairs_driver
|
||||
compute_driver = compute_nova_driver
|
||||
amphora_driver = amphora_haproxy_rest_driver
|
||||
loadbalancer_topology = {{ options.loadbalancer_topology }}
|
||||
|
||||
[certificates]
|
||||
# NOTE(fnordahl) certificates for authentication between Octavia controllers
|
||||
# and its Amphorae instances are issued locally on the Octavia controller.
|
||||
#
|
||||
# At the time of this writing this is the only supported alternative upstream
|
||||
# after the retirement of the Anchor project [0].
|
||||
#
|
||||
# Note that these certificates are not used for any load balancer payload data
|
||||
#
|
||||
# 0: https://review.opendev.org/#/c/597022/
|
||||
cert_generator = local_cert_generator
|
||||
# This certificate is used to issue individual certificates for each
|
||||
# ``Amphora`` and to validate their authenticity when they connect to the
|
||||
# ``Octavia`` controller.
|
||||
ca_certificate = {{ options.issuing_cacert }}
|
||||
ca_private_key = {{ options.issuing_ca_private_key }}
|
||||
ca_private_key_passphrase = {{ options.issuing_ca_private_key_passphrase }}
|
||||
|
||||
cert_manager = barbican_cert_manager
|
||||
{% if options.region -%}
|
||||
region_name = {{ options.region }}
|
||||
{% endif -%}
|
||||
{% if options.use_internal_endpoints -%}
|
||||
endpoint_type = internalURL
|
||||
{%- endif %}
|
||||
|
||||
|
||||
[haproxy_amphora]
|
||||
# This certificate is used by the ``Octavia`` controller to validate the
|
||||
# authenticity of the ``Amphorae`` connecting to it.
|
||||
server_ca = {{ options.issuing_cacert }}
|
||||
# This certificate is used by the ``Octavia`` controller when it takes on the
|
||||
# role as a "client" connecting to the ``Amphorae``.
|
||||
client_cert = {{ options.controller_cert }}
|
||||
|
||||
{% include "parts/section-database" %}
|
||||
|
||||
[service_auth]
|
||||
auth_section = keystone_authtoken
|
||||
|
||||
{% include "parts/section-keystone-authtoken" %}
|
||||
{% if options.use_internal_endpoints -%}
|
||||
endpoint_type = internalURL
|
||||
{%- endif %}
|
||||
|
||||
[oslo_messaging]
|
||||
topic = octavia
|
||||
|
||||
[nova]
|
||||
{% if options.region -%}
|
||||
region_name = {{ options.region }}
|
||||
{% endif -%}
|
||||
{% if options.use_internal_endpoints -%}
|
||||
endpoint_type = internalURL
|
||||
{%- endif %}
|
||||
{%- if options.loadbalancer_topology == "SINGLE" or options.anti_affinity_policy == "disable" %}
|
||||
enable_anti_affinity = False
|
||||
{%- elif options.loadbalancer_topology == "ACTIVE_STANDBY" %}
|
||||
{%- if options.anti_affinity_policy == "auto" %}
|
||||
enable_anti_affinity = True
|
||||
anti_affinity_policy = "soft-anti-affinity"
|
||||
{%- elif options.anti_affinity_policy in ["anti-affinity", "soft-anti-affinity"] %}
|
||||
enable_anti_affinity = True
|
||||
anti_affinity_policy = {{ options.anti_affinity_policy }}
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
|
||||
[cinder]
|
||||
{% if options.region -%}
|
||||
region_name = {{ options.region }}
|
||||
{% endif -%}
|
||||
{% if options.use_internal_endpoints -%}
|
||||
endpoint_type = internalURL
|
||||
{%- endif %}
|
||||
|
||||
[glance]
|
||||
{% if options.region -%}
|
||||
region_name = {{ options.region }}
|
||||
{% endif -%}
|
||||
{% if options.use_internal_endpoints -%}
|
||||
endpoint_type = internalURL
|
||||
{%- endif %}
|
||||
|
||||
[neutron]
|
||||
{% if options.region -%}
|
||||
region_name = {{ options.region }}
|
||||
{% endif -%}
|
||||
{% if options.use_internal_endpoints -%}
|
||||
endpoint_type = internalURL
|
||||
{%- endif %}
|
||||
|
||||
{% include "parts/section-oslo-messaging-rabbit" %}
|
||||
|
||||
{% include "parts/section-oslo-middleware" %}
|
Loading…
Reference in New Issue