chef/cookbooks/octavia/templates/default/100-octavia.conf.erb
# Copyright 2019, SUSE LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
[DEFAULT]
debug = <%= @node[:octavia][:debug] %>
transport_url = <%= @rabbit_settings[:url] %>
[certificates]
cert_generator = local_cert_generator
cert_manager = barbican_cert_manager
endpoint = <%= @barbican_endpoint %>
endpoint_type = "internalURL"
insecure = <%= @octavia_keystone_settings['insecure'] %>
ca_certificate = <%= @node[:octavia][:certs][:cert_path] %><%= @node[:octavia][:certs][:server_ca_cert_path] %>
ca_private_key = <%= @node[:octavia][:certs][:cert_path] %><%= @node[:octavia][:certs][:server_ca_key_path] %>
ca_private_key_passphrase = <%= @node[:octavia][:certs][:passphrase] %>
[database]
connection = <%= @octavia_db_connection %>
[haproxy_amphora]
client_cert = <%= @node[:octavia][:certs][:cert_path]%><%=@node[:octavia][:certs][:client_cert_and_key_path] %>
server_ca = <%= @node[:octavia][:certs][:cert_path]%><%=@node[:octavia][:certs][:server_ca_cert_path] %>
key_path = <%= @node[:octavia][:certs][:cert_path]%><%= @node[:octavia][:amphora][:keypair_private_cert]%>
base_path = /var/lib/octavia
base_cert_dir = <%= @node[:octavia][:certs][:cert_path]%>
connection_max_retries = <%= @node[:octavia][:amphora][:connection_max_retries] %>
connection_retry_interval = <%= @node[:octavia][:amphora][:connection_retry_interval] %>
[keystone_authtoken]
auth_version = <%= @octavia_keystone_settings['api_version'] %>
www_authenticate_uri = <%= @octavia_keystone_settings["public_auth_url"] %>
auth_url = <%= KeystoneHelper.versioned_service_URL(@octavia_keystone_settings["protocol"],
@octavia_keystone_settings["internal_url_host"],
@octavia_keystone_settings["service_port"],
@octavia_keystone_settings['api_version']) %>
auth_type = password
project_name = <%= @octavia_keystone_settings['service_tenant'] %>
project_domain_name = <%= @octavia_keystone_settings['default_user_domain'] %>
user_domain_name = <%= @octavia_keystone_settings['default_user_domain'] %>
username = <%= @octavia_keystone_settings['service_user'] %>
password = <%= @octavia_keystone_settings['service_password'] %>
region_name = <%= @octavia_keystone_settings['endpoint_region'] %>
service_token_roles_required = true
service_token_roles = admin
memcached_servers = <%= @memcached_servers.join(',') %>
memcache_security_strategy = ENCRYPT
memcache_secret_key = <%= node[:octavia][:memcache_secret_key] %>
memcache_pool_socket_timeout = 1
[networking]
port_detach_timeout = <%= @node[:octavia][:networking][:port_detach_timeout] %>
[neutron]
endpoint = <%= @neutron_endpoint %>
endpoint_type = "internalURL"
insecure = <%= @octavia_keystone_settings['insecure'] %>
[nova]
endpoint = <%= @nova_endpoint %>
endpoint_type = "internalURL"
insecure = <%= @octavia_keystone_settings['insecure'] %>
[oslo_messaging]
topic = octavia_prov
rpc_thread_pool_size = <%= @node[:octavia][:oslo][:rpc_thread_pool_size] %>
[oslo_messaging_rabbit]
amqp_durable_queues = <%= @rabbit_settings[:durable_queues] %>
rabbit_ha_queues = <%= @rabbit_settings[:ha_queues] %>
ssl = <%= @rabbit_settings[:use_ssl] %>
<% if @rabbit_settings[:client_ca_certs] -%>
ssl_ca_file = <%= @rabbit_settings[:client_ca_certs] %>
<% end -%>
heartbeat_timeout_threshold = <%= @rabbit_settings[:heartbeat_timeout] %>
[service_auth]
auth_url = <%= KeystoneHelper.versioned_service_URL(@octavia_keystone_settings["protocol"],
@octavia_keystone_settings["internal_url_host"],
@octavia_keystone_settings["service_port"],
@octavia_keystone_settings['api_version']) %>
auth_type = password
project_name = <%= @octavia_keystone_settings['service_project'] %>
project_domain_name = <%= @octavia_keystone_settings['default_user_domain'] %>
user_domain_name = <%= @octavia_keystone_settings['default_user_domain'] %>
username = <%= @octavia_keystone_settings['service_user'] %>
password = <%= @octavia_keystone_settings['service_password'] %>
region_name = <%= @octavia_keystone_settings['endpoint_region'] %>
cafile = /etc/ssl/ca-bundle.pem
<% if @node[:octavia][:debug] %>
[task_flow]
disable_revert = False
<% end %>