599 lines
25 KiB
Plaintext
599 lines
25 KiB
Plaintext
<%= node["openstack"]["network"]["custom_template_banner"] %>
|
|
[DEFAULT]
|
|
# Print more verbose output (set logging level to INFO instead of default WARNING level).
|
|
verbose = <%= node["openstack"]["network"]["verbose"] %>
|
|
|
|
# =========Start Global Config Option for Distributed L3 Router===============
|
|
# Setting the "router_distributed" flag to "True" will default to the creation
|
|
# of distributed tenant routers. The admin can override this flag by specifying
|
|
# the type of the router on the create request (admin-only attribute). Default
|
|
# value is "False" to support legacy mode (centralized) routers.
|
|
#
|
|
router_distributed = <%= @router_distributed %>
|
|
#
|
|
# ===========End Global Config Option for Distributed L3 Router===============
|
|
|
|
# Print debugging output (set logging level to DEBUG instead of default WARNING level).
|
|
debug = <%= node["openstack"]["network"]["debug"] %>
|
|
|
|
# Where to store Neutron state files. This directory must be writable by the
|
|
# user executing the agent.
|
|
state_path = <%= node["openstack"]["network"]["state_path"] %>
|
|
|
|
# Where to store lock files
|
|
lock_path = <%= node["openstack"]["network"]["lock_path"] %>
|
|
|
|
# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
|
|
# log_date_format = %Y-%m-%d %H:%M:%S
|
|
|
|
# use_syslog -> syslog
|
|
# log_file and log_dir -> log_dir/log_file
|
|
<% if node["openstack"]["network"]["syslog"]["use"] %>
|
|
log_config = /etc/openstack/logging.conf
|
|
<% end %>
|
|
# (not log_file) and log_dir -> log_dir/{binary_name}.log
|
|
# use_stderr -> stderr
|
|
# (not user_stderr) and (not log_file) -> stdout
|
|
# publish_errors -> notification system
|
|
|
|
# use_syslog = False
|
|
# syslog_log_facility = LOG_USER
|
|
|
|
# use_stderr = True
|
|
# log_file =
|
|
log_dir = <%= node['openstack']['network']['log_dir'] %>
|
|
|
|
# publish_errors = False
|
|
|
|
# Address to bind the API server
|
|
bind_host = <%= @bind_address %>
|
|
|
|
# Port the bind the API server to
|
|
bind_port = <%= @bind_port %>
|
|
|
|
# Path to the extensions. Note that this can be a colon-separated list of
|
|
# paths. For example:
|
|
# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
|
|
# The __path__ of neutron.extensions is appended to this, so if your
|
|
# extensions are in there you don't need to specify them here
|
|
# api_extensions_path =
|
|
|
|
# (StrOpt) Neutron core plugin entrypoint to be loaded from the
|
|
# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the
|
|
# plugins included in the neutron source distribution. For compatibility with
|
|
# previous versions, the class name of a plugin can be specified instead of its
|
|
# entrypoint name.
|
|
#
|
|
core_plugin = <%= @core_plugin %>
|
|
|
|
# (ListOpt) List of service plugin entrypoints to be loaded from the
|
|
# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
|
|
# the plugins included in the neutron source distribution. For compatibility
|
|
# with previous versions, the class name of a plugin can be specified instead
|
|
# of its entrypoint name.
|
|
<% if node['openstack']['network']['service_plugins'].any? %>
|
|
service_plugins = <%= node['openstack']['network']['service_plugins'].join(',') %>
|
|
<% end %>
|
|
|
|
# Paste configuration file
|
|
api_paste_config = api-paste.ini
|
|
|
|
# The strategy to be used for auth.
|
|
# Supported values are 'keystone'(default), 'noauth'.
|
|
# auth_strategy = keystone
|
|
auth_strategy = <%= node["openstack"]["network"]['auth_strategy'] %>
|
|
|
|
# Base MAC address. The first 3 octets will remain unchanged. If the
|
|
# 4h octet is not 00, it will also be used. The others will be
|
|
# randomly generated.
|
|
# 3 octet
|
|
# base_mac = fa:16:3e:00:00:00
|
|
# 4 octet
|
|
# base_mac = fa:16:3e:4f:00:00
|
|
|
|
# DVR Base MAC address. The first 3 octets will remain unchanged. If the
|
|
# 4th octet is not 00, it will also be used. The others will be randomly
|
|
# generated. The 'dvr_base_mac' *must* be different from 'base_mac' to
|
|
# avoid mixing them up with MAC's allocated for tenant ports.
|
|
# A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00
|
|
# The default is 3 octet
|
|
# dvr_base_mac = fa:16:3f:00:00:00
|
|
|
|
# Maximum amount of retries to generate a unique MAC address
|
|
# mac_generation_retries = 16
|
|
|
|
# DHCP Lease duration (in seconds). Use -1 to
|
|
# tell dnsmasq to use infinite lease times.
|
|
dhcp_lease_duration = <%= node["openstack"]["network"]["dhcp_lease_duration"] %>
|
|
|
|
# Allow sending resource operation notification to DHCP agent
|
|
# dhcp_agent_notification = True
|
|
|
|
# Enable or disable bulk create/update/delete operations
|
|
# allow_bulk = True
|
|
# Enable or disable pagination
|
|
# allow_pagination = False
|
|
# Enable or disable sorting
|
|
# allow_sorting = False
|
|
# Enable or disable overlapping IPs for subnets
|
|
# Attention: the following parameter MUST be set to False if Neutron is
|
|
# being used in conjunction with nova security groups
|
|
# allow_overlapping_ips = False
|
|
# Ensure that configured gateway is on subnet
|
|
# force_gateway_on_subnet = False
|
|
|
|
|
|
# RPC configuration options. Defined in rpc __init__
|
|
# The messaging module to use, defaults to kombu.
|
|
# rpc_backend = neutron.openstack.common.rpc.impl_kombu
|
|
# Size of RPC thread pool
|
|
rpc_thread_pool_size = <%= node['openstack']['network']['rpc_thread_pool_size'] %>
|
|
# Size of RPC connection pool
|
|
rpc_conn_pool_size = <%= node['openstack']['network']['rpc_conn_pool_size'] %>
|
|
# Seconds to wait for a response from call or multicall
|
|
rpc_response_timeout = <%= node['openstack']['network']['rpc_response_timeout'] %>
|
|
# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
|
|
# rpc_cast_timeout = 30
|
|
# Modules of exceptions that are permitted to be recreated
|
|
# upon receiving exception data from an rpc call.
|
|
# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception
|
|
# AMQP exchange to connect to if using RabbitMQ or QPID
|
|
control_exchange = <%= node["openstack"]["network"]["control_exchange"] %>
|
|
# AMQP queue config options
|
|
amqp_durable_queues=<%= node['openstack']['mq']['network']['durable_queues'] %>
|
|
amqp_auto_delete=<%= node['openstack']['mq']['network']['auto_delete'] %>
|
|
|
|
# Configuration options if sending notifications via kombu rpc (these are
|
|
# the defaults)
|
|
# SSL version to use (valid only if SSL enabled)
|
|
# kombu_ssl_version =
|
|
# SSL key file (valid only if SSL enabled)
|
|
# kombu_ssl_keyfile =
|
|
# SSL cert file (valid only if SSL enabled)
|
|
# kombu_ssl_certfile =
|
|
# SSL certification authority file (valid only if SSL enabled)'
|
|
# kombu_ssl_ca_certs =
|
|
|
|
# allow_overlapping_ips = False
|
|
allow_overlapping_ips = <%= node["openstack"]["network"]["allow_overlapping_ips"] %>
|
|
|
|
<% if @mq_service_type == "rabbitmq" %>
|
|
<% if node["openstack"]["mq"]["network"]["rabbit"]["use_ssl"] && node["openstack"]["mq"]["network"]["rabbit"]["kombu_ssl_version"] %>
|
|
kombu_ssl_version=<%= node["openstack"]["mq"]["network"]["rabbit"]["kombu_ssl_version"] %>
|
|
<% end -%>
|
|
|
|
##### RABBITMQ #####
|
|
rpc_backend=neutron.openstack.common.rpc.impl_kombu
|
|
rabbit_userid=<%= node["openstack"]["mq"]["network"]["rabbit"]["userid"] %>
|
|
rabbit_password=<%= @mq_password %>
|
|
rabbit_virtual_host=<%= node["openstack"]["mq"]["network"]["rabbit"]["vhost"] %>
|
|
<% if node["openstack"]["mq"]["network"]["rabbit"]["ha"] %>
|
|
# Use HA queues in RabbitMQ (x-ha-policy: all).You need to
|
|
# wipe RabbitMQ database when changing this option. (boolean value)
|
|
rabbit_hosts=<%= @rabbit_hosts %>
|
|
rabbit_ha_queues=True
|
|
rabbit_use_ssl=<%= node["openstack"]["mq"]["network"]["rabbit"]["use_ssl"] %>
|
|
<% else %>
|
|
rabbit_host=<%= node["openstack"]["mq"]["network"]["rabbit"]["host"] %>
|
|
rabbit_port=<%= node["openstack"]["mq"]["network"]["rabbit"]["port"] %>
|
|
rabbit_use_ssl=<%= node["openstack"]["mq"]["network"]["rabbit"]["use_ssl"] %>
|
|
<% end %>
|
|
# Maximum retries with trying to connect to RabbitMQ
|
|
# (the default of 0 implies an infinite retry count)
|
|
rabbit_max_retries=<%= node["openstack"]["mq"]["network"]["rabbit"]["rabbit_max_retries"] %>
|
|
# RabbitMQ connection retry interval
|
|
rabbit_retry_interval=<%= node["openstack"]["mq"]["network"]["rabbit"]["rabbit_retry_interval"] %>
|
|
<% end %>
|
|
|
|
<% if @mq_service_type == "qpid" %>
|
|
##### QPID #####
|
|
rpc_backend=neutron.openstack.common.rpc.impl_qpid
|
|
qpid_hostname=<%= node["openstack"]["mq"]["network"]["qpid"]["host"] %>
|
|
qpid_port=<%= node["openstack"]["mq"]["network"]["qpid"]["port"] %>
|
|
qpid_password=<%= @mq_password %>
|
|
qpid_username=<%= node["openstack"]["mq"]["network"]["qpid"]["username"] %>
|
|
qpid_sasl_mechanisms=<%= node["openstack"]["mq"]["network"]["qpid"]["sasl_mechanisms"] %>
|
|
qpid_reconnect=<%= node["openstack"]["mq"]["network"]["qpid"]["reconnect"] %>
|
|
qpid_reconnect_timeout=<%= node["openstack"]["mq"]["network"]["qpid"]["reconnect_timeout"] %>
|
|
qpid_reconnect_limit=<%= node["openstack"]["mq"]["network"]["qpid"]["reconnect_limit"] %>
|
|
qpid_reconnect_interval_min=<%= node["openstack"]["mq"]["network"]["qpid"]["reconnect_interval_min"] %>
|
|
qpid_reconnect_interval_max=<%= node["openstack"]["mq"]["network"]["qpid"]["reconnect_interval_max"] %>
|
|
qpid_reconnect_interval=<%= node["openstack"]["mq"]["network"]["qpid"]["reconnect_interval"] %>
|
|
qpid_heartbeat=<%= node["openstack"]["mq"]["network"]["qpid"]["heartbeat"] %>
|
|
# qpid protocol. default 'tcp'. set to 'ssl' to enable SSL
|
|
qpid_protocol=<%= node["openstack"]["mq"]["network"]["qpid"]["protocol"] %>
|
|
qpid_tcp_nodelay=<%= node["openstack"]["mq"]["network"]["qpid"]["tcp_nodelay"] %>
|
|
qpid_topology_version=<%= node['openstack']['mq']['network']['qpid']['topology_version'] %>
|
|
<% end %>
|
|
|
|
# ZMQ
|
|
# rpc_backend=neutron.openstack.common.rpc.impl_zmq
|
|
# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
|
|
# The "host" option should point or resolve to this address.
|
|
# rpc_zmq_bind_address = *
|
|
|
|
# ============ Notification System Options =====================
|
|
|
|
# Notifications can be sent when network/subnet/port are create, updated or deleted.
|
|
# There are three methods of sending notifications: logging (via the
|
|
# log_file directive), rpc (via a message queue) and
|
|
# noop (no notifications sent, the default)
|
|
|
|
# Notification_driver can be defined multiple times
|
|
# Do nothing driver
|
|
# notification_driver = neutron.openstack.common.notifier.no_op_notifier
|
|
# Logging driver
|
|
# notification_driver = neutron.openstack.common.notifier.log_notifier
|
|
# RPC driver. DHCP agents needs it.
|
|
#notification_driver = neutron.openstack.common.notifier.rpc_notifier
|
|
notification_driver = <%= node["openstack"]["network"]["notification_driver"] %>
|
|
|
|
# default_notification_level is used to form actual topic name(s) or to set logging level
|
|
default_notification_level = INFO
|
|
|
|
# default_publisher_id is a part of the notification payload
|
|
# host = myhost.com
|
|
# default_publisher_id = $host
|
|
|
|
# Defined in rpc_notifier, can be comma separated values.
|
|
# The actual topic names will be %s.%(default_notification_level)s
|
|
notification_topics = <%= node["openstack"]["mq"]["network"]["notification_topics"] %>
|
|
|
|
# Default maximum number of items returned in a single response,
|
|
# value == infinite and value < 0 means no max limit, and value must
|
|
# be greater than 0. If the number of items requested is greater than
|
|
# pagination_max_limit, server will just return pagination_max_limit
|
|
# of number of items.
|
|
# pagination_max_limit = -1
|
|
|
|
# Maximum number of DNS nameservers per subnet
|
|
# max_dns_nameservers = 5
|
|
|
|
# Maximum number of host routes per subnet
|
|
# max_subnet_host_routes = 20
|
|
|
|
# Maximum number of fixed ips per port
|
|
# max_fixed_ips_per_port = 5
|
|
|
|
# Maximum number of routes per router
|
|
# max_routes = 30
|
|
|
|
# =========== items for agent management extension =============
|
|
# Seconds to regard the agent as down; should be at least twice
|
|
# report_interval, to be sure the agent is down for good
|
|
agent_down_time = <%= node["openstack"]["network"]["api"]["agent"]["agent_down_time"] %>
|
|
# =========== end of items for agent management extension =====
|
|
|
|
# =========== items for agent scheduler extension =============
|
|
# Driver to use for scheduling network to DHCP agent
|
|
network_scheduler_driver = <%= node["openstack"]["network"]["dhcp"]["scheduler"] %>
|
|
# Driver to use for scheduling router to a default L3 agent
|
|
router_scheduler_driver = <%= node["openstack"]["network"]["l3"]["scheduler"] %>
|
|
# Driver to use for scheduling a loadbalancer pool to an lbaas agent
|
|
# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
|
|
|
|
# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
|
|
# networks to first DHCP agent which sends get_active_networks message to
|
|
# neutron server
|
|
# network_auto_schedule = True
|
|
|
|
# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
|
|
# routers to first L3 agent which sends sync_routers message to neutron server
|
|
# router_auto_schedule = True
|
|
|
|
# Number of DHCP agents scheduled to host a network. This enables redundant
|
|
# DHCP agents for configured networks.
|
|
dhcp_agents_per_network = <%= node['openstack']['network']['dhcp']['dhcp_agents_per_network'] %>
|
|
|
|
# =========== end of items for agent scheduler extension =====
|
|
|
|
# =========== items for l3 extension ==============
|
|
# Enable high availability for virtual routers.
|
|
l3_ha = <%= node['openstack']['network']['l3']['ha']['l3_ha'] %>
|
|
|
|
# Maximum number of l3 agents which a HA router will be scheduled on. If it
|
|
# is set to 0 the router will be scheduled on every agent.
|
|
max_l3_agents_per_router = <%= node['openstack']['network']['l3']['ha']['max_l3_agents_per_router'] %>
|
|
|
|
# Minimum number of l3 agents which a HA router will be scheduled on. The
|
|
# default value is 2.
|
|
# min_l3_agents_per_router = 2
|
|
|
|
# CIDR of the administrative network if HA mode is enabled
|
|
# l3_ha_net_cidr = 169.254.192.0/18
|
|
|
|
# =========== end of items for l3 extension =======
|
|
|
|
# =========== WSGI parameters related to the API server ==============
|
|
# Number of separate worker processes to spawn. The default, 0, runs the
|
|
# worker thread in the current process. Greater than 0 launches that number of
|
|
# child processes as workers. The parent process manages them.
|
|
api_workers = <%= node["openstack"]["network"]["api_workers"] %>
|
|
|
|
# Number of separate RPC worker processes to spawn. The default, 0, runs the
|
|
# worker thread in the current process. Greater than 0 launches that number of
|
|
# child processes as RPC workers. The parent process manages them.
|
|
# This feature is experimental until issues are addressed and testing has been
|
|
# enabled for various plugins for compatibility.
|
|
rpc_workers = <%= node["openstack"]["network"]["rpc_workers"] %>
|
|
|
|
# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
|
|
# starting API server. Not supported on OS X.
|
|
# tcp_keepidle = 600
|
|
|
|
# Number of seconds to keep retrying to listen
|
|
# retry_until_window = 30
|
|
|
|
# Number of backlog requests to configure the socket with.
|
|
# backlog = 4096
|
|
|
|
# Max header line to accommodate large tokens
|
|
# max_header_line = 16384
|
|
|
|
# Enable SSL on the API server
|
|
# use_ssl = False
|
|
|
|
# Certificate file to use when starting API server securely
|
|
# ssl_cert_file = /path/to/certfile
|
|
|
|
# Private key file to use when starting API server securely
|
|
# ssl_key_file = /path/to/keyfile
|
|
|
|
# CA certificate file to use when starting API server securely to
|
|
# verify connecting clients. This is an optional parameter only required if
|
|
# API clients need to authenticate to the API server using SSL certificates
|
|
# signed by a trusted CA
|
|
# ssl_ca_file = /path/to/cafile
|
|
# ======== end of WSGI parameters related to the API server ==========
|
|
|
|
# ======== neutron nova interactions ==========
|
|
# Send notification to nova when port status is active.
|
|
notify_nova_on_port_status_changes = <%= node["openstack"]["network"]["nova"]["notify_nova_on_port_status_changes"] %>
|
|
|
|
# Send notifications to nova when port data (fixed_ips/floatingips) change
|
|
# so nova can update it's cache.
|
|
notify_nova_on_port_data_changes = <%= node["openstack"]["network"]["nova"]["notify_nova_on_port_data_changes"] %>
|
|
|
|
# URL for connection to nova (Only supports one nova region currently).
|
|
nova_url = <%= @nova_endpoint %>
|
|
|
|
# Name of nova region to use. Useful if keystone manages more than one region
|
|
nova_region_name = <%= node["openstack"]["network"]["nova"]["region_name"] %>
|
|
|
|
# Username for connection to nova in admin context
|
|
nova_admin_username = <%= node["openstack"]["network"]["nova"]["admin_username"] %>
|
|
|
|
<% if node['openstack']['network']['nova']['admin_tenant_id'] -%>
|
|
# The uuid of the admin nova tenant
|
|
nova_admin_tenant_id = <%= node["openstack"]["network"]["nova"]["admin_tenant_id"] %>
|
|
<% end -%>
|
|
|
|
# The name of the admin nova tenant. If the uuid of the admin nova tenant
|
|
# is set, this is optional.
|
|
nova_admin_tenant_name = <%= node["openstack"]["network"]["nova"]["admin_tenant_name"] %>
|
|
|
|
# Password for connection to nova in admin context.
|
|
nova_admin_password = <%= @nova_admin_pass %>
|
|
|
|
# Authorization URL for connection to nova in admin context.
|
|
nova_admin_auth_url = <%= @identity_uri %>
|
|
|
|
# CA file for novaclient to verify server certificates
|
|
<% if node['openstack']['network']['nova']['nova_ca_certificates_file'] -%>
|
|
nova_ca_certificates_file = <%= node['openstack']['network']['nova']['nova_ca_certificates_file'] %>
|
|
<% else -%>
|
|
# nova_ca_certificates_file =
|
|
<% end -%>
|
|
|
|
# Boolean to control ignoring SSL errors on the nova url
|
|
# nova_api_insecure = False
|
|
nova_api_insecure = <%= node['openstack']['network']['nova']['nova_api_insecure'] %>
|
|
|
|
# Number of seconds between sending events to nova if there are any events to send
|
|
send_events_interval = <%= node["openstack"]["network"]["nova"]["send_events_interval"] %>
|
|
|
|
# ======== end of neutron nova interactions ==========
|
|
|
|
# Misc options
|
|
<% if node["openstack"]["network"]["misc_neutron"] %>
|
|
<% node["openstack"]["network"]["misc_neutron"].each do |m| %>
|
|
<%= m %>
|
|
<% end %>
|
|
<% end %>
|
|
|
|
[matchmaker_redis]
|
|
|
|
#
|
|
# Options defined in oslo.messaging
|
|
#
|
|
|
|
# Host to locate redis. (string value)
|
|
#host=127.0.0.1
|
|
|
|
# Use this port to connect to redis host. (integer value)
|
|
#port=6379
|
|
|
|
# Password for Redis server (optional). (string value)
|
|
#password=<None>
|
|
|
|
|
|
[matchmaker_ring]
|
|
|
|
#
|
|
# Options defined in oslo.messaging
|
|
#
|
|
|
|
# Matchmaker ring file (JSON). (string value)
|
|
# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
|
|
#ringfile=/etc/oslo/matchmaker_ring.json
|
|
|
|
[quotas]
|
|
# Default driver to use for quota checks
|
|
# quota_driver = neutron.db.quota_db.DbQuotaDriver
|
|
|
|
# Resource name(s) that are supported in quota features
|
|
quota_items = <%= node["openstack"]["network"]["quota"]["items"] %>
|
|
|
|
# Default number of resource allowed per tenant. A negative value means
|
|
# unlimited.
|
|
default_quota = <%= node["openstack"]["network"]["quota"]["default"] %>
|
|
|
|
# Number of networks allowed per tenant. A negative value means unlimited.
|
|
quota_network = <%= node["openstack"]["network"]["quota"]["network"] %>
|
|
|
|
# Number of subnets allowed per tenant. A negative value means unlimited.
|
|
quota_subnet = <%= node["openstack"]["network"]["quota"]["subnet"] %>
|
|
|
|
# Number of ports allowed per tenant. A negative value means unlimited.
|
|
quota_port = <%= node["openstack"]["network"]["quota"]["port"] %>
|
|
|
|
# Number of security groups allowed per tenant. A negative value means
|
|
# unlimited.
|
|
quota_security_group = <%= node["openstack"]["network"]["quota"]["security_group"] %>
|
|
|
|
# Number of security group rules allowed per tenant. A negative value means
|
|
# unlimited.
|
|
quota_security_group_rule = <%= node["openstack"]["network"]["quota"]["security_group_rule"] %>
|
|
|
|
# Number of vips allowed per tenant. A negative value means unlimited.
|
|
quota_driver = <%= node["openstack"]["network"]["quota"]["driver"] %>
|
|
|
|
# Number of pools allowed per tenant. A negative value means unlimited.
|
|
# quota_pool = 10
|
|
|
|
# Number of pool members allowed per tenant. A negative value means unlimited.
|
|
# The default is unlimited because a member is not a real resource consumer
|
|
# on Openstack. However, on back-end, a member is a resource consumer
|
|
# and that is the reason why quota is possible.
|
|
# quota_member = -1
|
|
|
|
# Number of health monitors allowed per tenant. A negative value means
|
|
# unlimited.
|
|
# The default is unlimited because a health monitor is not a real resource
|
|
# consumer on Openstack. However, on back-end, a member is a resource consumer
|
|
# and that is the reason why quota is possible.
|
|
# quota_health_monitor = -1
|
|
|
|
# Number of routers allowed per tenant. A negative value means unlimited.
|
|
quota_router = <%= node["openstack"]["network"]["quota"]["router"] %>
|
|
|
|
# Number of floating IPs allowed per tenant. A negative value means unlimited.
|
|
quota_floatingip = <%= node["openstack"]["network"]["quota"]["floatingip"] %>
|
|
|
|
# Number of firewalls allowed per tenant. A negative value means unlimited.
|
|
# quota_firewall = 1
|
|
|
|
# Number of firewall policies allowed per tenant. A negative value means
|
|
# unlimited.
|
|
# quota_firewall_policy = 1
|
|
|
|
# Number of firewall rules allowed per tenant. A negative value means
|
|
# unlimited.
|
|
# quota_firewall_rule = 100
|
|
|
|
[agent]
|
|
# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
|
|
# root filter facility.
|
|
# Change to "sudo" to skip the filtering and just run the comand directly
|
|
# root_helper = sudo
|
|
<% if node["openstack"]["network"]["use_rootwrap"] %>
|
|
root_helper = "sudo neutron-rootwrap /etc/neutron/rootwrap.conf"
|
|
<% end %>
|
|
|
|
# =========== items for agent management extension =============
|
|
# seconds between nodes reporting state to server; should be less than
|
|
# agent_down_time, best if it is half or less than agent_down_time
|
|
report_interval = <%= node["openstack"]["network"]["api"]["agent"]["agent_report_interval"] %>
|
|
|
|
# =========== end of items for agent management extension =====
|
|
|
|
[keystone_authtoken]
|
|
auth_uri = <%= @auth_uri %>
|
|
identity_uri = <%= @identity_uri %>
|
|
auth_version = <%= node['openstack']['network']['api']['auth']['version'] %>
|
|
admin_tenant_name = <%= node["openstack"]["network"]["service_tenant_name"] %>
|
|
admin_user = <%= node["openstack"]["network"]["service_user"] %>
|
|
admin_password = <%= @service_pass %>
|
|
signing_dir = <%= node["openstack"]["network"]["api"]["agent"]["signing_dir"] %>
|
|
<% unless node['openstack']['network']['api']['auth']['cafile'].nil? %>
|
|
cafile = <%= node['openstack']['network']['api']['auth']['cafile'] %>
|
|
<% end %>
|
|
<% unless node['openstack']['network']['api']['auth']['memcached_servers'].nil? %>
|
|
memcached_servers = <%= node['openstack']['network']['api']['auth']['memcached_servers'] %>
|
|
<% end %>
|
|
<% unless node['openstack']['network']['api']['auth']['memcache_security_strategy'].nil? %>
|
|
memcache_security_strategy = <%= node['openstack']['network']['api']['auth']['memcache_security_strategy'] %>
|
|
<% end %>
|
|
<% unless node['openstack']['network']['api']['auth']['memcache_secret_key'].nil? %>
|
|
memcache_secret_key = <%= node['openstack']['network']['api']['auth']['memcache_secret_key'] %>
|
|
<% end %>
|
|
hash_algorithms = <%= node['openstack']['network']['api']['auth']['hash_algorithms'] %>
|
|
insecure = <%= node['openstack']['network']['api']['auth']['insecure'] %>
|
|
|
|
[database]
|
|
# This line MUST be changed to actually run the plugin.
|
|
# Example:
|
|
# connection = mysql://root:pass@127.0.0.1:3306/neutron
|
|
# Replace 127.0.0.1 above with the IP address of the database used by the
|
|
# main neutron server. (Leave it as is if the database runs on this host.)
|
|
connection = <%= @sql_connection %>
|
|
# NOTE: In deployment the [database] section and its connection attribute may
|
|
# be set in the corresponding core plugin '.ini' file. However, it is suggested
|
|
# to put the [database] section and its connection attribute in this
|
|
# configuration file.
|
|
|
|
# Database engine for which script will be generated when using offline
|
|
# migration
|
|
# engine =
|
|
|
|
# The SQLAlchemy connection string used to connect to the slave database
|
|
slave_connection = <%= node['openstack']['db']['network']['slave_connection'] %>
|
|
|
|
# Database reconnection retry times - in event connectivity is lost
|
|
# set to -1 implies an infinite retry count
|
|
max_retries = <%= node['openstack']['db']['network']['max_retries'] %>
|
|
|
|
# Database reconnection interval in seconds - if the initial connection to the
|
|
# database fails
|
|
retry_interval = <%= node['openstack']['db']['network']['retry_interval'] %>
|
|
|
|
# Minimum number of SQL connections to keep open in a pool
|
|
min_pool_size = <%= node['openstack']['db']['network']['min_pool_size'] %>
|
|
|
|
# Maximum number of SQL connections to keep open in a pool
|
|
max_pool_size = <%= node['openstack']['db']['network']['max_pool_size'] %>
|
|
|
|
# Timeout in seconds before idle sql connections are reaped
|
|
idle_timeout = <%= node['openstack']['db']['network']['idle_timeout'] %>
|
|
|
|
# If set, use this value for max_overflow with sqlalchemy
|
|
max_overflow = <%= node['openstack']['db']['network']['max_overflow'] %>
|
|
|
|
# Verbosity of SQL debugging information. 0=None, 100=Everything
|
|
connection_debug = <%= node['openstack']['db']['network']['connection_debug'] %>
|
|
|
|
# Add python stack traces to SQL as comment strings
|
|
connection_trace = <%= node['openstack']['db']['network']['connection_trace'] %>
|
|
|
|
# If set, use this value for pool_timeout with sqlalchemy
|
|
pool_timeout = <%= node['openstack']['db']['network']['pool_timeout'] %>
|
|
|
|
[service_providers]
|
|
# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
|
|
# Must be in form:
|
|
# service_provider=<service_type>:<name>:<driver>[:default]
|
|
# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
|
|
# Combination of <service type> and <name> must be unique; <driver> must also be unique
|
|
# This is multiline option, example for default provider:
|
|
# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
|
|
# example of non-default provider:
|
|
# service_provider=FIREWALL:name2:firewall_driver_path
|
|
# --- Reference implementations ---
|
|
<% if node['openstack']['network']['service_provider'].any? %>
|
|
<% node['openstack']['network']['service_provider'].each do |provider| %>
|
|
service_provider = <%= provider %>
|
|
<% end %>
|
|
<% end %>
|
|
|
|
# =========== end of items for agent management extension =====
|