Configure OVN southdb connection.

OVN Octavia provider gained support for health monitoring, this is achieved by allowing the octavia-driver-agent connect to the southdb, this change adds the connection strings otherwise the daemon tries to connect to 127.0.0.1:6442 . Change-Id: I6f7f1b9252e74ddcc2729a11c74b3c08ee8a7eb2 Closes-Bug: #1980290
2022-06-30 09:58:56 -04:00 · 2022-06-30 09:58:56 -04:00 · a705435156
parent e237d6621e
commit a705435156
1 changed files with 167 additions and 0 deletions
--- a/src/templates/xena/octavia.conf
+++ b/src/templates/xena/octavia.conf
@ -0,0 +1,167 @@
+# victoria
+[DEFAULT]
+debug = {{ options.debug }}
+
+{% include "parts/section-transport-url" %}
+
+{% if ovsdb_subordinate and ovsdb_subordinate.ovn_configured and ovsdb_cms -%}
+[api_settings]
+{% if options.enable_amphora -%}
+enabled_provider_drivers = amphora:The Octavia Amphora driver,ovn:Octavia OVN driver
+{% else -%}
+enabled_provider_drivers = ovn:Octavia OVN driver
+{% endif -%}
+
+[ovn]
+ovn_nb_connection={{ ','.join(ovsdb_cms.db_nb_connection_strs) }}
+ovn_nb_private_key=/etc/octavia/ovn_private_key.pem
+ovn_nb_certificate=/etc/octavia/ovn_certificate.pem
+ovn_nb_ca_cert=/etc/octavia/ovn_ca_cert.pem
+
+ovn_sb_connection={{ ','.join(ovsdb_cms.db_sb_connection_strs) }}
+ovn_sb_private_key=/etc/octavia/ovn_private_key.pem
+ovn_sb_certificate=/etc/octavia/ovn_certificate.pem
+ovn_sb_ca_cert=/etc/octavia/ovn_ca_cert.pem
+
+[driver_agent]
+enabled_provider_agents = ovn
+{% endif %}
+
+[health_manager]
+{% if options.health_manager_bind_ip -%}
+bind_ip = {{ options.health_manager_bind_ip }}
+{% endif -%}
+{% if options.controller_ip_port_list -%}
+controller_ip_port_list = {{ options.controller_ip_port_list }}
+{% endif -%}
+heartbeat_key = {{ options.heartbeat_key }}
+health_update_threads = {{ options.workers }}
+stats_update_threads = {{ options.workers }}
+
+[house_keeping]
+{% if options.spare_amphora_pool_size -%}
+spare_amphora_pool_size = {{ options.spare_amphora_pool_size }}
+{% endif %}
+
+[controller_worker]
+{% if options.amp_ssh_key_name %}
+amp_ssh_key_name = {{ options.amp_ssh_key_name }}
+{% endif -%}
+{% if options.amp_image_owner_id -%}
+amp_image_owner_id = {{ options.amp_image_owner_id }}
+{% endif -%}
+{% if options.amp_secgroup_list -%}
+amp_secgroup_list = {{ options.amp_secgroup_list }}
+{% endif -%}
+{% if options.amp_flavor_id -%}
+amp_flavor_id = {{ options.amp_flavor_id }}
+{% endif -%}
+{% if options.amp_boot_network_list -%}
+amp_boot_network_list = {{ options.amp_boot_network_list }}
+{% endif -%}
+{% if options.amp_image_tag -%}
+amp_image_tag = {{ options.amp_image_tag }}
+{% endif -%}
+amp_active_retries = 180
+# This certificate is installed on the ``Amphorae`` and used for validating
+# the authenticity of the ``Octavia`` controller.
+client_ca = {{ options.controller_cacert }}
+network_driver = allowed_address_pairs_driver
+compute_driver = compute_nova_driver
+amphora_driver = amphora_haproxy_rest_driver
+loadbalancer_topology = {{ options.loadbalancer_topology }}
+
+[certificates]
+# NOTE(fnordahl) certificates for authentication between Octavia controllers
+# and its Amphorae instances are issued locally on the Octavia controller.
+#
+# At the time of this writing this is the only supported alternative upstream
+# after the retirement of the Anchor project [0].
+#
+# Note that these certificates are not used for any load balancer payload data
+#
+# 0: https://review.opendev.org/#/c/597022/
+cert_generator = local_cert_generator
+# This certificate is used to issue individual certificates for each
+# ``Amphora`` and to validate their authenticity when they connect to the
+# ``Octavia`` controller.
+ca_certificate = {{ options.issuing_cacert }}
+ca_private_key = {{ options.issuing_ca_private_key }}
+ca_private_key_passphrase = {{ options.issuing_ca_private_key_passphrase }}
+
+cert_manager = barbican_cert_manager
+{% if options.region -%}
+region_name = {{ options.region }}
+{% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+
+
+[haproxy_amphora]
+# This certificate is used by the ``Octavia`` controller to validate the
+# authenticity of the ``Amphorae`` connecting to it.
+server_ca = {{ options.issuing_cacert }}
+# This certificate is used by the ``Octavia`` controller when it takes on the
+# role as a "client" connecting to the ``Amphorae``.
+client_cert = {{ options.controller_cert }}
+
+{% include "parts/section-database" %}
+
+[service_auth]
+auth_section = keystone_authtoken
+
+{% include "parts/section-keystone-authtoken" %}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+
+[oslo_messaging]
+topic = octavia
+
+[nova]
+{% if options.region -%}
+region_name = {{ options.region }}
+{% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+{%- if options.loadbalancer_topology == "SINGLE" or options.anti_affinity_policy == "disable" %}
+enable_anti_affinity = False
+{%- elif options.loadbalancer_topology == "ACTIVE_STANDBY" %}
+{%- if options.anti_affinity_policy == "auto" %}
+enable_anti_affinity = True
+anti_affinity_policy = "soft-anti-affinity"
+{%- elif options.anti_affinity_policy in ["anti-affinity", "soft-anti-affinity"] %}
+enable_anti_affinity = True
+anti_affinity_policy = {{ options.anti_affinity_policy }}
+{%- endif %}
+{%- endif %}
+
+[cinder]
+{% if options.region -%}
+region_name = {{ options.region }}
+{% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+
+[glance]
+{% if options.region -%}
+region_name = {{ options.region }}
+{% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+
+[neutron]
+{% if options.region -%}
+region_name = {{ options.region }}
+{% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+
+{% include "parts/section-oslo-messaging-rabbit" %}
+
+{% include "parts/section-oslo-middleware" %}