Load Balancing as a Service (LBaaS) for OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

572 lines
19KB

  1. [DEFAULT]
  2. # Print debugging output (set logging level to DEBUG instead of default WARNING level).
  3. # debug = False
  4. # Plugin options are hot_plug_plugin (Hot-pluggable controller plugin)
  5. # octavia_plugins = hot_plug_plugin
  6. # Hostname to be used by the host machine for services running on it.
  7. # The default value is the hostname of the host machine.
  8. # host =
  9. # AMQP Transport URL
  10. # For Single Host, specify one full transport URL:
  11. # transport_url = rabbit://<user>:<pass>@127.0.0.1:5672/<vhost>
  12. # For HA, specify queue nodes in cluster, comma delimited:
  13. # transport_url = rabbit://<user>:<pass>@server01,<user>:<pass>@server02/<vhost>
  14. # transport_url =
  15. [api_settings]
  16. # bind_host = 127.0.0.1
  17. # bind_port = 9876
  18. # How should authentication be handled (keystone, noauth)
  19. # auth_strategy = keystone
  20. # allow_pagination = True
  21. # allow_sorting = True
  22. # pagination_max_limit = 1000
  23. # Base URI for the API for use in pagination links.
  24. # This will be autodetected from the request if not overridden here.
  25. # Example:
  26. # api_base_uri = http://localhost:9876
  27. # api_base_uri =
  28. # Enable/disable ability for users to create TLS Terminated listeners
  29. # allow_tls_terminated_listeners = True
  30. # Enable/disable ability for users to create PING type Health Monitors
  31. # allow_ping_health_monitors = True
  32. # Dictionary of enabled provider driver names and descriptions
  33. # A comma separated list of dictionaries of the enabled provider driver names
  34. # and descriptions.
  35. # enabled_provider_drivers = amphora:The Octavia Amphora driver.,octavia: \
  36. # Deprecated alias of the Octavia Amphora driver.
  37. # Default provider driver
  38. # default_provider_driver = amphora
  39. # The minimum health monitor delay interval for UDP-CONNECT Health Monitor type
  40. # udp_connect_min_interval_health_monitor = 3
  41. [database]
  42. # This line MUST be changed to actually run the plugin.
  43. # Example:
  44. # connection = mysql+pymysql://root:pass@127.0.0.1:3306/octavia
  45. # Replace 127.0.0.1 above with the IP address of the database used by the
  46. # main octavia server. (Leave it as is if the database runs on this host.)
  47. # connection = mysql+pymysql://
  48. # NOTE: In deployment the [database] section and its connection attribute may
  49. # be set in the corresponding core plugin '.ini' file. However, it is suggested
  50. # to put the [database] section and its connection attribute in this
  51. # configuration file.
  52. [health_manager]
  53. # bind_ip = 127.0.0.1
  54. # bind_port = 5555
  55. # controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555
  56. # controller_ip_port_list =
  57. # failover_threads = 10
  58. # status_update_threads will default to the number of processors on the host.
  59. # This setting is deprecated and if you specify health_update_threads and
  60. # stats_update_threads, they override this parameter.
  61. # status_update_threads =
  62. # health_update_threads will default to the number of processors on the host
  63. # health_update_threads =
  64. # stats_update_threads will default to the number of processors on the host
  65. # stats_update_threads =
  66. # heartbeat_interval = 10
  67. # heartbeat_key =
  68. # heartbeat_timeout = 60
  69. # health_check_interval = 3
  70. # sock_rlimit = 0
  71. # Health/StatsUpdate options are
  72. # *_db
  73. # *_logger
  74. # health_update_driver = health_db
  75. # stats_update_driver = stats_db
  76. [keystone_authtoken]
  77. # This group of config options are imported from keystone middleware. Thus the
  78. # option names should match the names declared in the middleware.
  79. # The www_authenticate_uri is the public endpoint and is returned in headers on a 401
  80. # www_authenticate_uri = https://localhost:5000/v3
  81. # The auth_url is the admin endpoint actually used for validating tokens
  82. # auth_url = https://localhost:5000/v3
  83. # username = octavia
  84. # password = password
  85. # project_name = service
  86. # Domain names must be set, these are *not* default but work for most clouds
  87. # project_domain_name = Default
  88. # user_domain_name = Default
  89. # insecure = False
  90. # cafile =
  91. [certificates]
  92. # Certificate Generator options are local_cert_generator
  93. # cert_generator = local_cert_generator
  94. # For local certificate signing:
  95. # ca_certificate = /etc/ssl/certs/ssl-cert-snakeoil.pem
  96. # ca_private_key = /etc/ssl/private/ssl-cert-snakeoil.key
  97. # ca_private_key_passphrase =
  98. # server_certs_key_passphrase = insecure-key-do-not-use-this-key
  99. # signing_digest = sha256
  100. # cert_validity_time = 2592000 # 30 days = 30d * 24h * 60m * 60s = 2592000s
  101. # storage_path = /var/lib/octavia/certificates/
  102. # For the TLS management
  103. # Certificate Manager options are local_cert_manager
  104. # barbican_cert_manager
  105. # castellan_cert_manager
  106. # cert_manager = barbican_cert_manager
  107. # For Barbican authentication (if using any Barbican based cert class)
  108. # barbican_auth = barbican_acl_auth
  109. #
  110. # Region in Identity service catalog to use for communication with the Barbican service.
  111. # region_name =
  112. #
  113. # Endpoint type to use for communication with the Barbican service.
  114. # endpoint_type = publicURL
  115. [networking]
  116. # The maximum attempts to retry an action with the networking service.
  117. # max_retries = 15
  118. # Seconds to wait before retrying an action with the networking service.
  119. # retry_interval = 1
  120. # The maximum time to wait, in seconds, for a port to detach from an amphora
  121. # port_detach_timeout = 300
  122. # Allow/disallow specific network object types when creating VIPs.
  123. # allow_vip_network_id = True
  124. # allow_vip_subnet_id = True
  125. # allow_vip_port_id = True
  126. # List of network_ids that are valid for VIP creation.
  127. # If this field empty, no validation is performed.
  128. # valid_vip_networks =
  129. # List of reserved IP addresses that cannot be used for member addresses
  130. # The default is the nova metadata service address
  131. # reserved_ips = ['169.254.169.254']
  132. [haproxy_amphora]
  133. # base_path = /var/lib/octavia
  134. # base_cert_dir = /var/lib/octavia/certs
  135. # Absolute path to a custom HAProxy template file
  136. # haproxy_template =
  137. # connection_logging = True
  138. # connection_max_retries = 120
  139. # connection_retry_interval = 5
  140. # build_rate_limit = -1
  141. # build_active_retries = 120
  142. # build_retry_interval = 5
  143. # Maximum number of entries that can fit in the stick table.
  144. # The size supports "k", "m", "g" suffixes.
  145. # haproxy_stick_size = 10k
  146. # REST Driver specific
  147. # bind_host = 0.0.0.0
  148. # bind_port = 9443
  149. #
  150. # This setting is only needed with IPv6 link-local addresses (fe80::/64) are
  151. # used for communication between Octavia and its Amphora, if IPv4 or other IPv6
  152. # addresses are used it can be ignored.
  153. # lb_network_interface = o-hm0
  154. #
  155. # haproxy_cmd = /usr/sbin/haproxy
  156. # respawn_count = 2
  157. # respawn_interval = 2
  158. # client_cert = /etc/octavia/certs/client.pem
  159. # server_ca = /etc/octavia/certs/server_ca.pem
  160. #
  161. # This setting is deprecated. It is now automatically discovered.
  162. # use_upstart = True
  163. #
  164. # rest_request_conn_timeout = 10
  165. # rest_request_read_timeout = 60
  166. #
  167. # These "active" timeouts are used once the amphora should already
  168. # be fully up and active. These values are lower than the other values to
  169. # facilitate "fail fast" scenarios like failovers
  170. # active_connection_max_retries = 15
  171. # active_connection_rety_interval = 2
  172. # The user flow log format for HAProxy.
  173. # {{ project_id }} and {{ lb_id }} will be automatically substituted by the
  174. # controller when configuring HAProxy if they are present in the string.
  175. # user_log_format = '{{ project_id }} {{ lb_id }} %f %ci %cp %t %{+Q}r %ST %B %U %[ssl_c_verify] %{+Q}[ssl_c_s_dn] %b %s %Tt %tsc'
  176. [controller_worker]
  177. # workers = 1
  178. # amp_active_retries = 30
  179. # amp_active_wait_sec = 10
  180. # Glance parameters to extract image ID to use for amphora. Only one of
  181. # parameters is needed. Using tags is the recommended way to refer to images.
  182. # amp_image_id =
  183. # amp_image_tag =
  184. # Optional owner ID used to restrict glance images to one owner ID.
  185. # This is a recommended security setting.
  186. # amp_image_owner_id =
  187. # Nova parameters to use when booting amphora
  188. # amp_flavor_id =
  189. # Upload the ssh key as the service_auth user described elsewhere in this config.
  190. # Leaving this variable blank will install no ssh key on the amphora.
  191. # amp_ssh_key_name =
  192. # Networks to attach to the Amphorae examples:
  193. # - One primary network
  194. # - - amp_boot_network_list = 22222222-3333-4444-5555-666666666666
  195. # - Multiple networks
  196. # - - amp_boot_network_list = 11111111-2222-33333-4444-555555555555, 22222222-3333-4444-5555-666666666666
  197. # - All networks defined in the list will be attached to each amphora
  198. # amp_boot_network_list =
  199. # amp_secgroup_list =
  200. # client_ca = /etc/octavia/certs/ca_01.pem
  201. # Amphora driver options are amphora_noop_driver,
  202. # amphora_haproxy_rest_driver
  203. #
  204. # amphora_driver = amphora_noop_driver
  205. #
  206. # Compute driver options are compute_noop_driver
  207. # compute_nova_driver
  208. #
  209. # compute_driver = compute_noop_driver
  210. #
  211. # Network driver options are network_noop_driver
  212. # allowed_address_pairs_driver
  213. #
  214. # network_driver = network_noop_driver
  215. # Volume driver options are volume_noop_driver
  216. # volume_cinder_driver
  217. #
  218. # volume_driver = volume_noop_driver
  219. #
  220. # Distributor driver options are distributor_noop_driver
  221. # single_VIP_amphora
  222. #
  223. # distributor_driver = distributor_noop_driver
  224. #
  225. # Load balancer topology options are SINGLE, ACTIVE_STANDBY
  226. # loadbalancer_topology = SINGLE
  227. # user_data_config_drive = False
  228. [task_flow]
  229. # TaskFlow engine options are:
  230. # - serial: Runs all tasks on a single thread.
  231. # - parallel: Schedules tasks onto different threads to allow
  232. # for running non-dependent tasks simultaneously
  233. #
  234. # engine = parallel
  235. # max_workers = 5
  236. #
  237. # This setting prevents the controller worker from reverting taskflow flows.
  238. # This will leave resources in an inconsistent state and should only be used
  239. # for debugging purposes.
  240. # disable_revert = False
  241. [oslo_messaging]
  242. # Queue Consumer Thread Pool Size
  243. # rpc_thread_pool_size = 2
  244. # Topic (i.e. Queue) Name
  245. # topic = octavia_prov
  246. [oslo_middleware]
  247. # HTTPProxyToWSGI middleware enabled
  248. # enable_proxy_headers_parsing = False
  249. [house_keeping]
  250. # Interval in seconds to initiate spare amphora checks
  251. # spare_check_interval = 30
  252. # spare_amphora_pool_size = 0
  253. # Cleanup interval for Deleted amphora
  254. # cleanup_interval = 30
  255. # Amphora expiry age in seconds. Default is 1 week
  256. # amphora_expiry_age = 604800
  257. # Load balancer expiry age in seconds. Default is 1 week
  258. # load_balancer_expiry_age = 604800
  259. [amphora_agent]
  260. # agent_server_ca = /etc/octavia/certs/client_ca.pem
  261. # agent_server_cert = /etc/octavia/certs/server.pem
  262. # Defaults for agent_server_network_dir when not specified here are:
  263. # Ubuntu: /etc/netns/amphora-haproxy/network/interfaces.d/
  264. # Centos/fedora/rhel: /etc/netns/amphora-haproxy/sysconfig/network-scripts/
  265. #
  266. # agent_server_network_dir =
  267. # agent_server_network_file =
  268. # agent_request_read_timeout = 180
  269. # Minimum TLS protocol, eg: TLS, TLSv1.1, TLSv1.2, TLSv1.3 (if available)
  270. # agent_tls_protocol = TLSv1.2
  271. # Amphora default UDP driver is keepalived_lvs
  272. #
  273. # amphora_udp_driver = keepalived_lvs
  274. ##### Log offloading
  275. #
  276. # Note: The admin and tenant logs can point to the same endpoints.
  277. #
  278. # List of log server ip and port pairs for Administrative logs.
  279. # Additional hosts are backup to the primary server. If none are
  280. # specified, remote logging is disabled.
  281. # Example 192.0.2.1:10514, 2001:db8:1::10:10514'
  282. #
  283. # admin_log_targets =
  284. #
  285. # List of log server ip and port pairs for tenant traffic logs.
  286. # Additional hosts are backup to the primary server. If none are
  287. # specified, remote logging is disabled.
  288. # Example 192.0.2.1:10514, 2001:db8:2::15:10514'
  289. #
  290. # tenant_log_targets =
  291. # Sets the syslog LOG_LOCAL[0-7] facility number for amphora log offloading.
  292. # user_log_facility will receive the traffic flow logs.
  293. # administrative_log_facility will receive the amphora processes logs.
  294. # Note: Some processes only support LOG_LOCAL, so we are restricted to the
  295. # LOG_LOCAL facilities.
  296. #
  297. # user_log_facility = 0
  298. # administrative_log_facility = 1
  299. # The log forwarding protocol to use. One of TCP or UDP.
  300. # log_protocol = UDP
  301. # The maximum attempts to retry connecting to the logging host.
  302. # log_retry_count = 5
  303. # The time, in seconds, to wait between retries connecting to the logging host.
  304. # log_retry_interval = 2
  305. # The queue size (messages) to buffer log messages.
  306. # log_queue_size = 10000
  307. # Controller local path to a custom logging configuration template.
  308. # Currently this is an rsyslog configuration file template.
  309. # logging_template_override =
  310. # When True, the amphora will forward all of the system logs (except tenant
  311. # traffice logs) to the admin log target(s). When False, only amphora specific
  312. # admin logs will be forwarded.
  313. # forward_all_logs = False
  314. # When True, no logs will be written to the amphora filesystem. When False,
  315. # log files will be written to the local filesystem.
  316. # disable_local_log_storage = False
  317. [keepalived_vrrp]
  318. # Amphora Role/Priority advertisement interval in seconds
  319. # vrrp_advert_int = 1
  320. # Service health check interval and success/fail count
  321. # vrrp_check_interval = 5
  322. # vrrp_fail_count = 2
  323. # vrrp_success_count = 2
  324. # Amphora MASTER gratuitous ARP refresh settings
  325. # vrrp_garp_refresh_interval = 5
  326. # vrrp_garp_refresh_count = 2
  327. [service_auth]
  328. # memcached_servers =
  329. # cafile = /opt/stack/data/ca-bundle.pem
  330. # project_domain_name = Default
  331. # project_name = admin
  332. # user_domain_name = Default
  333. # password = password
  334. # username = admin
  335. # auth_type = password
  336. # auth_url = http://localhost:5555/
  337. [nova]
  338. # The name of the nova service in the keystone catalog
  339. # service_name =
  340. # Custom nova endpoint if override is necessary
  341. # endpoint =
  342. # Region in Identity service catalog to use for communication with the
  343. # OpenStack services.
  344. # region_name =
  345. # Endpoint type in Identity service catalog to use for communication with
  346. # the OpenStack services.
  347. # endpoint_type = publicURL
  348. # CA certificates file to verify neutron connections when TLS is enabled
  349. # ca_certificates_file =
  350. # Disable certificate validation on SSL connections
  351. # insecure = False
  352. # If non-zero, generate a random name of the length provided for each amphora,
  353. # in the format "a[A-Z0-9]*".
  354. # Otherwise, the default name format will be used: "amphora-{UUID}".
  355. # random_amphora_name_length = 0
  356. #
  357. # Availability zone to use for creating Amphorae
  358. # availability_zone =
  359. # Enable anti-affinity in nova
  360. # enable_anti_affinity = False
  361. # Set the anti-affinity policy to what is suitable.
  362. # Nova supports: anti-affinity and soft-anti-affinity
  363. # anti_affinity_policy = anti-affinity
  364. [cinder]
  365. # The name of the cinder service in the keystone catalog
  366. # service_name =
  367. # Custom cinder endpoint if override is necessary
  368. # endpoint =
  369. # Region in Identity service catalog to use for communication with the
  370. # OpenStack services.
  371. # region_name =
  372. # Endpoint type in Identity service catalog to use for communication with
  373. # the OpenStack services.
  374. # endpoint_type = publicURL
  375. # Availability zone to use for creating Volume
  376. # availability_zone =
  377. # CA certificates file to verify cinder connections when TLS is enabled
  378. # insecure = False
  379. # ca_certificates_file =
  380. # Size of root volume in GB for Amphora Instance when use Cinder
  381. # In some storage backends such as ScaleIO, the size of volume is multiple of 8
  382. # volume_size = 16
  383. # Volume type to be used for Amphora Instance root disk
  384. # If not specified, default_volume_type from cinder.conf will be used
  385. # volume_type =
  386. # Interval time to wait until volume becomes available
  387. # volume_create_retry_interval = 5
  388. # Timeout to wait for volume creation success
  389. # volume_create_timeout = 300
  390. # Maximum number of retries to create volume
  391. # volume_create_max_retries = 5
  392. [glance]
  393. # The name of the glance service in the keystone catalog
  394. # service_name =
  395. # Custom glance endpoint if override is necessary
  396. # endpoint =
  397. # Region in Identity service catalog to use for communication with the
  398. # OpenStack services.
  399. # region_name =
  400. # Endpoint type in Identity service catalog to use for communication with
  401. # the OpenStack services.
  402. # endpoint_type = publicURL
  403. # CA certificates file to verify neutron connections when TLS is enabled
  404. # insecure = False
  405. # ca_certificates_file =
  406. [neutron]
  407. # The name of the neutron service in the keystone catalog
  408. # service_name =
  409. # Custom neutron endpoint if override is necessary
  410. # endpoint =
  411. # Region in Identity service catalog to use for communication with the
  412. # OpenStack services.
  413. # region_name =
  414. # Endpoint type in Identity service catalog to use for communication with
  415. # the OpenStack services.
  416. # endpoint_type = publicURL
  417. # CA certificates file to verify neutron connections when TLS is enabled
  418. # insecure = False
  419. # ca_certificates_file =
  420. [quotas]
  421. # default_load_balancer_quota = -1
  422. # default_listener_quota = -1
  423. # default_member_quota = -1
  424. # default_pool_quota = -1
  425. # default_health_monitor_quota = -1
  426. [audit]
  427. # Enable auditing of API requests.
  428. # enabled = False
  429. # Path to audit map file for octavia-api service. Used only
  430. # when API audit is enabled.
  431. # audit_map_file = /etc/octavia/octavia_api_audit_map.conf
  432. # Comma separated list of REST API HTTP methods to be
  433. # ignored during audit. For example: auditing will not be done
  434. # on any GET or POST requests if this is set to "GET,POST". It
  435. # is used only when API audit is enabled.
  436. # ignore_req_list =
  437. [audit_middleware_notifications]
  438. # Note: This section comes from openstack/keystonemiddleware
  439. # It is included here for documentation convenience and may be out of date
  440. # Indicate whether to use oslo_messaging as the notifier. If set to False,
  441. # the local logger will be used as the notifier. If set to True, the
  442. # oslo_messaging package must also be present. Otherwise, the local will be
  443. # used instead.
  444. # use_oslo_messaging = True
  445. # The Driver to handle sending notifications. Possible values are messaging,
  446. # messagingv2, routing, log, test, noop. If not specified, then value from
  447. # oslo_messaging_notifications conf section is used.
  448. # driver =
  449. # List of AMQP topics used for OpenStack notifications. If not specified,
  450. # then value from oslo_messaging_notifications conf section is used.
  451. # topics =
  452. # A URL representing messaging driver to use for notification. If not
  453. # specified, we fall back to the same configuration used for RPC.
  454. # transport_url =
  455. [driver_agent]
  456. # status_socket_path = /var/run/octavia/status.sock
  457. # stats_socket_path = /var/run/octavia/stats.sock
  458. # get_socket_path = /var/run/octavia/get.sock
  459. # Maximum time to wait for a status message before checking for shutdown
  460. # status_request_timeout = 5
  461. # Maximum number of status processes per driver-agent
  462. # status_max_processes = 50
  463. # Maximum time to wait for a stats message before checking for shutdown
  464. # stats_request_timeout = 5
  465. # Maximum number of stats processes per driver-agent
  466. # stats_max_processes = 50
  467. # Percentage of max_processes (both status and stats) in use to start
  468. # logging warning messages about an overloaded driver-agent.
  469. # max_process_warning_percent = .75
  470. # How long in seconds to wait for provider agents to exit before killing them.
  471. # provider_agent_shutdown_timeout = 60
  472. # List of enabled provider agents.
  473. # enabled_provider_agents =