d73df70d85
When load balancer is deleted the corresponding DB entry is marked as DELETED and is never actually removed along with a VIP associated whit this load balancer. This adds a new method to db_cleanup routine that scans the DB for load balancers with DELETED provisioning_status and deletes them from db if they are older than load_balancer_expiry_age. Corresponding VIP entries are deleted in cascade. Added new config option `load_balancer_expiry_age` to the `house_keeping` config section. Also changed the default value of exp_age argument to CONF.house_keeping.amphora_expiry_age in check_amphora_expiry_age method. DocImpact Closes-Bug #1573725 Change-Id: I4f99d38f44f218ac55a76ef062ed9ea401c0a02d
290 lines
8.5 KiB
Plaintext
290 lines
8.5 KiB
Plaintext
[DEFAULT]
|
|
# Print more verbose output (set logging level to INFO instead of default WARNING level).
|
|
# verbose = False
|
|
# Print debugging output (set logging level to DEBUG instead of default WARNING level).
|
|
# debug = False
|
|
# bind_host = 0.0.0.0
|
|
# bind_port = 9876
|
|
# api_handler = queue_producer
|
|
#
|
|
# Plugin options are hot_plug_plugin (Hot-pluggable controller plugin)
|
|
#
|
|
# octavia_plugins = hot_plug_plugin
|
|
|
|
# Hostname to be used by the host machine for services running on it.
|
|
# The default value is the hostname of the host machine.
|
|
# host =
|
|
|
|
[database]
|
|
# This line MUST be changed to actually run the plugin.
|
|
# Example:
|
|
# connection = mysql+pymysql://root:pass@127.0.0.1:3306/octavia
|
|
# Replace 127.0.0.1 above with the IP address of the database used by the
|
|
# main octavia server. (Leave it as is if the database runs on this host.)
|
|
|
|
# connection = mysql+pymysql://
|
|
|
|
# NOTE: In deployment the [database] section and its connection attribute may
|
|
# be set in the corresponding core plugin '.ini' file. However, it is suggested
|
|
# to put the [database] section and its connection attribute in this
|
|
# configuration file.
|
|
|
|
[health_manager]
|
|
# bind_ip = 0.0.0.0
|
|
# bind_port = 5555
|
|
# controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555
|
|
# controller_ip_port_list =
|
|
# failover_threads = 10
|
|
# status_update_threads = 50
|
|
# heartbeat_interval = 10
|
|
# heartbeat_key =
|
|
# heartbeat_timeout = 60
|
|
# health_check_interval = 3
|
|
# sock_rlimit = 0
|
|
|
|
# EventStreamer options are
|
|
# queue_event_streamer,
|
|
# noop_event_streamer
|
|
# event_streamer_driver = noop_event_streamer
|
|
|
|
|
|
|
|
[keystone_authtoken]
|
|
# This group of config options are imported from keystone middleware. Thus the
|
|
# option names should match the names declared in the middleware.
|
|
# auth_uri = https://localhost:5000/v3
|
|
# admin_user = octavia
|
|
# admin_password = password
|
|
# admin_tenant_name = service
|
|
# insecure = False
|
|
# cafile =
|
|
|
|
[keystone_authtoken_v3]
|
|
# If using Keystone v3
|
|
# admin_user_domain = default
|
|
# admin_project_domain = default
|
|
|
|
[certificates]
|
|
# cert_generator = local_cert_generator
|
|
|
|
# For local certificate signing (development only):
|
|
# ca_certificate = /etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
# ca_private_key = /etc/ssl/private/ssl-cert-snakeoil.key
|
|
# ca_private_key_passphrase =
|
|
# signing_digest = sha256
|
|
# storage_path = /var/lib/octavia/certificates/
|
|
|
|
# For the TLS management
|
|
# Certificate Manager options are local_cert_manager
|
|
# barbican_cert_manager
|
|
# cert_manager = barbican_cert_manager
|
|
# For Barbican authentication (if using any Barbican based cert class)
|
|
# barbican_auth = barbican_acl_auth
|
|
#
|
|
# Region in Identity service catalog to use for communication with the Barbican service.
|
|
# region_name =
|
|
#
|
|
# Endpoint type to use for communication with the Barbican service.
|
|
# endpoint_type = publicURL
|
|
|
|
|
|
[anchor]
|
|
# Use OpenStack anchor to sign the amphora REST API certificates
|
|
# url = http://localhost:9999/v1/sign/default
|
|
# username =
|
|
# password =
|
|
|
|
[networking]
|
|
# Network to communicate with amphora
|
|
# lb_network_name =
|
|
# The maximum attempts to retry an action with the networking service.
|
|
# max_retries = 15
|
|
# Seconds to wait before retrying an action with the networking service.
|
|
# retry_interval = 1
|
|
|
|
[haproxy_amphora]
|
|
# base_path = /var/lib/octavia
|
|
# base_cert_dir = /var/lib/octavia/certs
|
|
# Absolute path to a custom HAProxy template file
|
|
# haproxy_template =
|
|
# connection_max_retries = 300
|
|
# connection_retry_interval = 5
|
|
|
|
# Maximum number of entries that can fit in the stick table.
|
|
# The size supports "k", "m", "g" suffixes.
|
|
# haproxy_stick_size = 10k
|
|
|
|
# REST Driver specific
|
|
# bind_host = 0.0.0.0
|
|
# bind_port = 9443
|
|
# haproxy_cmd = /usr/sbin/haproxy
|
|
# respawn_count = 2
|
|
# respawn_interval = 2
|
|
# client_cert = /etc/octavia/certs/client.pem
|
|
# server_ca = /etc/octavia/certs/server_ca.pem
|
|
# use_upstart = True
|
|
# rest_request_conn_timeout = 10
|
|
# rest_request_read_timeout = 60
|
|
|
|
[controller_worker]
|
|
# amp_active_retries = 10
|
|
# amp_active_wait_sec = 10
|
|
# Glance parameters to extract image ID to use for amphora. Only one of
|
|
# parameters is needed. Using tags is the recommended way to refer to images.
|
|
# amp_image_id =
|
|
# amp_image_tag =
|
|
# Nova parameters to use when booting amphora
|
|
# amp_flavor_id =
|
|
# amp_ssh_key_name =
|
|
# amp_ssh_allowed_access = True
|
|
|
|
# Networks to attach to the Amphorae examples:
|
|
# - One primary network
|
|
# - - amp_boot_network_list = 22222222-3333-4444-5555-666666666666
|
|
# - Multiple networks
|
|
# - - amp_boot_network_list = 11111111-2222-33333-4444-555555555555, 22222222-3333-4444-5555-666666666666
|
|
# - All networks defined in the list will be attached to each ampohra
|
|
# amp_boot_network_list =
|
|
|
|
# Takes a single network id that is attached to amphorae on boot
|
|
# Deprecated...
|
|
# amp_network =
|
|
|
|
# amp_secgroup_list =
|
|
# client_ca = /etc/octavia/certs/ca_01.pem
|
|
|
|
# Amphora driver options are amphora_noop_driver,
|
|
# amphora_haproxy_rest_driver
|
|
#
|
|
# amphora_driver = amphora_noop_driver
|
|
#
|
|
# Compute driver options are compute_noop_driver
|
|
# compute_nova_driver
|
|
#
|
|
# compute_driver = compute_noop_driver
|
|
#
|
|
# Network driver options are network_noop_driver
|
|
# allowed_address_pairs_driver
|
|
#
|
|
# network_driver = network_noop_driver
|
|
#
|
|
# Certificate Generator options are local_cert_generator
|
|
# barbican_cert_generator
|
|
# anchor_cert_generator
|
|
# cert_generator = local_cert_generator
|
|
#
|
|
# Load balancer topology options are SINGLE, ACTIVE_STANDBY
|
|
# loadbalancer_topology = SINGLE
|
|
# user_data_config_drive = False
|
|
|
|
[task_flow]
|
|
# engine = serial
|
|
# max_workers = 5
|
|
|
|
[oslo_messaging_rabbit]
|
|
# Rabbit and HA configuration:
|
|
# rabbit_userid = octavia
|
|
# rabbit_password = password
|
|
# rabbit_port = 5672
|
|
|
|
# For HA, specify queue nodes in cluster, comma delimited:
|
|
# For example: rabbit_hosts = 192.168.50.8:5672, 192.168.50.9:5672
|
|
# rabbit_hosts = localhost:5672
|
|
|
|
[oslo_messaging]
|
|
# Queue Consumer Thread Pool Size
|
|
# rpc_thread_pool_size = 2
|
|
|
|
# Topic (i.e. Queue) Name
|
|
# topic = octavia_prov
|
|
|
|
# Topic for octavia's events sent to a queue
|
|
# event_stream_topic = neutron_lbaas_event
|
|
|
|
[house_keeping]
|
|
# Interval in seconds to initiate spare amphora checks
|
|
# spare_check_interval = 30
|
|
# spare_amphora_pool_size = 0
|
|
|
|
# Cleanup interval for Deleted amphora
|
|
# cleanup_interval = 30
|
|
# Amphora expiry age in seconds. Default is 1 week
|
|
# amphora_expiry_age = 604800
|
|
|
|
# Load balancer expiry age in seconds. Default is 1 week
|
|
# load_balancer_expiry_age = 604800
|
|
|
|
[amphora_agent]
|
|
# agent_server_ca = /etc/octavia/certs/client_ca.pem
|
|
# agent_server_cert = /etc/octavia/certs/server.pem
|
|
# agent_server_network_dir = /etc/netns/amphora-haproxy/network/interfaces.d/
|
|
# agent_server_network_file =
|
|
|
|
[keepalived_vrrp]
|
|
# Amphora Role/Priority advertisement interval in seconds
|
|
# vrrp_advert_int = 1
|
|
|
|
# Service health check interval and success/fail count
|
|
# vrrp_check_interval = 5
|
|
# vrpp_fail_count = 2
|
|
# vrrp_success_count = 2
|
|
|
|
# Amphora MASTER gratuitous ARP refresh settings
|
|
# vrrp_garp_refresh_interval = 5
|
|
# vrrp_garp_refresh_count = 2
|
|
|
|
[glance]
|
|
# The name of the glance service in the keystone catalog
|
|
# service_name =
|
|
# Custom glance endpoint if override is necessary
|
|
# endpoint =
|
|
|
|
# Region in Identity service catalog to use for communication with the OpenStack services.
|
|
# region_name =
|
|
|
|
# Endpoint type in Identity service catalog to use for communication with
|
|
# the OpenStack services.
|
|
# endpoint_type = publicURL
|
|
|
|
# CA certificates file to verify glance connections when TLS is enabled
|
|
# insecure = False
|
|
# ca_certificates_file =
|
|
|
|
[nova]
|
|
# The name of the nova service in the keystone catalog
|
|
# service_name =
|
|
# Custom nova endpoint if override is necessary
|
|
# endpoint =
|
|
|
|
# Region in Identity service catalog to use for communication with the OpenStack services.
|
|
# region_name =
|
|
|
|
# Endpoint type in Identity service catalog to use for communication with
|
|
# the OpenStack services.
|
|
# endpoint_type = publicURL
|
|
|
|
# CA certificates file to verify nova connections when TLS is enabled
|
|
# insecure = False
|
|
# ca_certificates_file =
|
|
|
|
# Flag to enable nova anti-affinity capabilities to place amphorae on
|
|
# different hosts
|
|
# enable_anti_affinity = False
|
|
|
|
[neutron]
|
|
# The name of the neutron service in the keystone catalog
|
|
# service_name =
|
|
# Custom neutron endpoint if override is necessary
|
|
# endpoint =
|
|
|
|
# Region in Identity service catalog to use for communication with the OpenStack services.
|
|
# region_name =
|
|
|
|
# Endpoint type in Identity service catalog to use for communication with
|
|
# the OpenStack services.
|
|
# endpoint_type = publicURL
|
|
|
|
# CA certificates file to verify neutron connections when TLS is enabled
|
|
# insecure = False
|
|
# ca_certificates_file =
|