c81772024c
When the internal VIP is moved in the event of a failure of the active controller, OpenStack services can become unresponsive as they try to talk with MariaDB using connections from the SQLAlchemy pool. It has been argued that OpenStack doesn't really need to use connection pooling with MariaDB [1]. This commit reduces the use of connection pooling via two configuration options: - max_pool_size is set to 1 to allow only a single connection in the pool (it is not possible to disable connection pooling entirely via oslo.db, and max_pool_size = 0 means unlimited pool size) - lower connection_recycle_time from the default of one hour to 10 seconds, which means the single connection in the pool will be recreated regularly These settings have shown better reactivity of the system in the event of a failover. [1] http://lists.openstack.org/pipermail/openstack-dev/2015-April/061808.html Change-Id: Ib6a62d4428db9b95569314084090472870417f3d Closes-Bug: #1896635
130 lines
4.0 KiB
Django/Jinja
130 lines
4.0 KiB
Django/Jinja
[DEFAULT]
|
|
debug = {{ zun_logging_debug }}
|
|
|
|
{% if service_name == 'zun-api' %}
|
|
# Force zun-api.log or will use app.wsgi
|
|
log_file = /var/log/kolla/zun/zun-api.log
|
|
{% endif %}
|
|
|
|
log_dir = /var/log/kolla/zun
|
|
transport_url = {{ rpc_transport_url }}
|
|
|
|
state_path = /var/lib/zun
|
|
container_driver = docker
|
|
capsule_driver = cri
|
|
|
|
[network]
|
|
driver = kuryr
|
|
|
|
[api]
|
|
host_ip = {{ api_interface_address }}
|
|
port = {{ zun_api_port }}
|
|
workers = {{ openstack_service_workers }}
|
|
|
|
[database]
|
|
connection = mysql+pymysql://{{ zun_database_user }}:{{ zun_database_password }}@{{ zun_database_address }}/{{ zun_database_name }}
|
|
connection_recycle_time = {{ database_connection_recycle_time }}
|
|
max_pool_size = {{ database_max_pool_size }}
|
|
max_retries = -1
|
|
|
|
# NOTE(yoctozepto): despite what the docs say, both keystone_auth and
|
|
# keystone_authtoken sections are used and Zun internals may use either -
|
|
# - best keep them both in sync
|
|
[keystone_auth]
|
|
www_authenticate_uri = {{ keystone_internal_url }}
|
|
auth_url = {{ keystone_admin_url }}
|
|
auth_type = password
|
|
project_domain_id = {{ default_project_domain_id }}
|
|
user_domain_id = {{ default_user_domain_id }}
|
|
project_name = service
|
|
username = {{ zun_keystone_user }}
|
|
password = {{ zun_keystone_password }}
|
|
service_token_roles_required = True
|
|
region_name = {{ openstack_region_name }}
|
|
cafile = {{ openstack_cacert }}
|
|
|
|
{% if enable_memcached | bool %}
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcache_secret_key }}
|
|
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
|
{% endif %}
|
|
|
|
# NOTE(yoctozepto): despite what the docs say, both keystone_auth and
|
|
# keystone_authtoken sections are used and Zun internals may use either -
|
|
# - best keep them both in sync
|
|
[keystone_authtoken]
|
|
www_authenticate_uri = {{ keystone_internal_url }}
|
|
auth_url = {{ keystone_admin_url }}
|
|
auth_type = password
|
|
project_domain_id = {{ default_project_domain_id }}
|
|
user_domain_id = {{ default_user_domain_id }}
|
|
project_name = service
|
|
username = {{ zun_keystone_user }}
|
|
password = {{ zun_keystone_password }}
|
|
service_token_roles_required = True
|
|
region_name = {{ openstack_region_name }}
|
|
cafile = {{ openstack_cacert }}
|
|
|
|
{% if enable_memcached | bool %}
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcache_secret_key }}
|
|
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
|
{% endif %}
|
|
|
|
[zun_client]
|
|
region_name = {{ openstack_region_name }}
|
|
endpoint_type = internalURL
|
|
ca_file = {{ openstack_cacert }}
|
|
|
|
[glance_client]
|
|
region_name = {{ openstack_region_name }}
|
|
endpoint_type = internalURL
|
|
ca_file = {{ openstack_cacert }}
|
|
|
|
[neutron_client]
|
|
region_name = {{ openstack_region_name }}
|
|
endpoint_type = internalURL
|
|
ca_file = {{ openstack_cacert }}
|
|
|
|
[cinder_client]
|
|
region_name = {{ openstack_region_name }}
|
|
endpoint_type = internalURL
|
|
ca_file = {{ openstack_cacert }}
|
|
|
|
[placement_client]
|
|
region_name = {{ openstack_region_name }}
|
|
endpoint_type = internalURL
|
|
ca_file = {{ openstack_cacert }}
|
|
|
|
{% if enable_osprofiler | bool %}
|
|
[profiler]
|
|
enabled = true
|
|
trace_sqlalchemy = true
|
|
hmac_keys = {{ osprofiler_secret }}
|
|
connection_string = {{ osprofiler_backend_connection_string }}
|
|
{% endif %}
|
|
|
|
[oslo_concurrency]
|
|
lock_path = /var/lib/zun/tmp
|
|
|
|
{% if zun_policy_file is defined %}
|
|
[oslo_policy]
|
|
policy_file = {{ zun_policy_file }}
|
|
{% endif %}
|
|
|
|
[compute]
|
|
host_shared_with_nova = {{ inventory_hostname in groups['compute'] and enable_nova | bool and not enable_nova_fake | bool }}
|
|
|
|
[websocket_proxy]
|
|
wsproxy_host = {{ api_interface_address }}
|
|
wsproxy_port = {{ zun_wsproxy_port }}
|
|
base_url = ws://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ zun_wsproxy_port }}
|
|
|
|
[docker]
|
|
api_url = tcp://{{ api_interface_address | put_address_in_context('url') }}:2375
|
|
docker_remote_api_host = {{ api_interface_address }}
|
|
docker_remote_api_port = 2375
|
|
|
|
[cni_daemon]
|
|
cni_daemon_port = {{ zun_cni_daemon_port }}
|