[DEFAULT] # Print more verbose output (set logging level to INFO instead of default WARNING level). # verbose = False # Print debugging output (set logging level to DEBUG instead of default WARNING level). # debug = False # bind_host = 0.0.0.0 # bind_port = 9876 # api_handler = queue_producer # # Plugin options are hot_plug_plugin (Hot-pluggable controller plugin) # # octavia_plugins = hot_plug_plugin # Hostname to be used by the host machine for services running on it. # The default value is the hostname of the host machine. # host = [database] # This line MUST be changed to actually run the plugin. # Example: # connection = mysql+pymysql://root:pass@127.0.0.1:3306/octavia # Replace 127.0.0.1 above with the IP address of the database used by the # main octavia server. (Leave it as is if the database runs on this host.) # connection = mysql+pymysql:// # NOTE: In deployment the [database] section and its connection attribute may # be set in the corresponding core plugin '.ini' file. However, it is suggested # to put the [database] section and its connection attribute in this # configuration file. [health_manager] # bind_ip = 0.0.0.0 # bind_port = 5555 # controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555 # controller_ip_port_list = # failover_threads = 10 # status_update_threads = 50 # heartbeat_interval = 10 # heartbeat_key = # heartbeat_timeout = 60 # health_check_interval = 3 # sock_rlimit = 0 # EventStreamer options are # queue_event_streamer, # noop_event_streamer # event_streamer_driver = noop_event_streamer [keystone_authtoken] # This group of config options are imported from keystone middleware. Thus the # option names should match the names declared in the middleware. # auth_uri = https://localhost:5000/v3 # admin_user = octavia # admin_password = password # admin_tenant_name = service # insecure = False # cafile = [keystone_authtoken_v3] # If using Keystone v3 # admin_user_domain = default # admin_project_domain = default [certificates] # cert_generator = local_cert_generator # For local certificate signing (development only): # ca_certificate = /etc/ssl/certs/ssl-cert-snakeoil.pem # ca_private_key = /etc/ssl/private/ssl-cert-snakeoil.key # ca_private_key_passphrase = # signing_digest = sha256 # storage_path = /var/lib/octavia/certificates/ # For the TLS management # Certificate Manager options are local_cert_manager # barbican_cert_manager # cert_manager = barbican_cert_manager # For Barbican authentication (if using any Barbican based cert class) # barbican_auth = barbican_acl_auth # # Region in Identity service catalog to use for communication with the Barbican service. # region_name = # # Endpoint type to use for communication with the Barbican service. # endpoint_type = publicURL [anchor] # Use OpenStack anchor to sign the amphora REST API certificates # url = http://localhost:9999/v1/sign/default # username = # password = [networking] # Network to communicate with amphora # lb_network_name = # The maximum attempts to retry an action with the networking service. # max_retries = 15 # Seconds to wait before retrying an action with the networking service. # retry_interval = 1 [haproxy_amphora] # base_path = /var/lib/octavia # base_cert_dir = /var/lib/octavia/certs # Absolute path to a custom HAProxy template file # haproxy_template = # connection_max_retries = 300 # connection_retry_interval = 5 # Maximum number of entries that can fit in the stick table. # The size supports "k", "m", "g" suffixes. # haproxy_stick_size = 10k # REST Driver specific # bind_host = 0.0.0.0 # bind_port = 9443 # haproxy_cmd = /usr/sbin/haproxy # respawn_count = 2 # respawn_interval = 2 # client_cert = /etc/octavia/certs/client.pem # server_ca = /etc/octavia/certs/server_ca.pem # use_upstart = True # rest_request_conn_timeout = 10 # rest_request_read_timeout = 60 [controller_worker] # amp_active_retries = 10 # amp_active_wait_sec = 10 # Glance parameters to extract image ID to use for amphora. Only one of # parameters is needed. Using tags is the recommended way to refer to images. # amp_image_id = # amp_image_tag = # Nova parameters to use when booting amphora # amp_flavor_id = # amp_ssh_key_name = # amp_ssh_allowed_access = True # Networks to attach to the Amphorae examples: # - One primary network # - - amp_boot_network_list = 22222222-3333-4444-5555-666666666666 # - Multiple networks # - - amp_boot_network_list = 11111111-2222-33333-4444-555555555555, 22222222-3333-4444-5555-666666666666 # - All networks defined in the list will be attached to each ampohra # amp_boot_network_list = # Takes a single network id that is attached to amphorae on boot # Deprecated... # amp_network = # amp_secgroup_list = # client_ca = /etc/octavia/certs/ca_01.pem # Amphora driver options are amphora_noop_driver, # amphora_haproxy_rest_driver # # amphora_driver = amphora_noop_driver # # Compute driver options are compute_noop_driver # compute_nova_driver # # compute_driver = compute_noop_driver # # Network driver options are network_noop_driver # allowed_address_pairs_driver # # network_driver = network_noop_driver # # Certificate Generator options are local_cert_generator # barbican_cert_generator # anchor_cert_generator # cert_generator = local_cert_generator # # Load balancer topology options are SINGLE, ACTIVE_STANDBY # loadbalancer_topology = SINGLE # user_data_config_drive = False [task_flow] # engine = serial # max_workers = 5 [oslo_messaging_rabbit] # Rabbit and HA configuration: # rabbit_userid = octavia # rabbit_password = password # rabbit_port = 5672 # For HA, specify queue nodes in cluster, comma delimited: # For example: rabbit_hosts = 192.168.50.8:5672, 192.168.50.9:5672 # rabbit_hosts = localhost:5672 [oslo_messaging] # Queue Consumer Thread Pool Size # rpc_thread_pool_size = 2 # Topic (i.e. Queue) Name # topic = octavia_prov # Topic for octavia's events sent to a queue # event_stream_topic = neutron_lbaas_event [house_keeping] # Interval in seconds to initiate spare amphora checks # spare_check_interval = 30 # spare_amphora_pool_size = 0 # Cleanup interval for Deleted amphora # cleanup_interval = 30 # Amphora expiry age in seconds. Default is 1 week # amphora_expiry_age = 604800 [amphora_agent] # agent_server_ca = /etc/octavia/certs/client_ca.pem # agent_server_cert = /etc/octavia/certs/server.pem # agent_server_network_dir = /etc/netns/amphora-haproxy/network/interfaces.d/ # agent_server_network_file = [keepalived_vrrp] # Amphora Role/Priority advertisement interval in seconds # vrrp_advert_int = 1 # Service health check interval and success/fail count # vrrp_check_interval = 5 # vrpp_fail_count = 2 # vrrp_success_count = 2 # Amphora MASTER gratuitous ARP refresh settings # vrrp_garp_refresh_interval = 5 # vrrp_garp_refresh_count = 2 [glance] # The name of the glance service in the keystone catalog # service_name = # Custom glance endpoint if override is necessary # endpoint = # Region in Identity service catalog to use for communication with the OpenStack services. # region_name = # Endpoint type in Identity service catalog to use for communication with # the OpenStack services. # endpoint_type = publicURL # CA certificates file to verify glance connections when TLS is enabled # insecure = False # ca_certificates_file = [nova] # The name of the nova service in the keystone catalog # service_name = # Custom nova endpoint if override is necessary # endpoint = # Region in Identity service catalog to use for communication with the OpenStack services. # region_name = # Endpoint type in Identity service catalog to use for communication with # the OpenStack services. # endpoint_type = publicURL # CA certificates file to verify nova connections when TLS is enabled # insecure = False # ca_certificates_file = # Flag to enable nova anti-affinity capabilities to place amphorae on # different hosts # enable_anti_affinity = False [neutron] # The name of the neutron service in the keystone catalog # service_name = # Custom neutron endpoint if override is necessary # endpoint = # Region in Identity service catalog to use for communication with the OpenStack services. # region_name = # Endpoint type in Identity service catalog to use for communication with # the OpenStack services. # endpoint_type = publicURL # CA certificates file to verify neutron connections when TLS is enabled # insecure = False # ca_certificates_file =