Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 1b47eda85f9e4f8a3f180e8bdfc4d52b9a9c8e59 / . / charts / neutron / values.yaml
blob: 819d7853bfa97661529b1f954569f1ae7dc12526 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for neutron.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21images:
22 tags:
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]23 bootstrap: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]24 test: docker.io/xrally/xrally-openstack:2.0.0
25 purge_test: docker.io/openstackhelm/ospurge:latest
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]26 db_init: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
27 neutron_db_sync: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
28 db_drop: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
29 rabbit_init: docker.io/rabbitmq:3.13-management
30 ks_user: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
31 ks_service: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
32 ks_endpoints: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]33 netoffload: ghcr.io/vexxhost/netoffload:v1.0.1
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]34 neutron_server: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]35 neutron_policy_server: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]36 neutron_rpc_server: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
37 neutron_dhcp: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
38 neutron_metadata: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
39 neutron_ovn_metadata: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]40 neutron_ovn_vpn: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]41 neutron_l3: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
42 neutron_l2gw: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
43 neutron_openvswitch_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
44 neutron_linuxbridge_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]45 neutron_sriov_agent: docker.io/openstackhelm/neutron:stein-18.04-sriov
46 neutron_sriov_agent_init: docker.io/openstackhelm/neutron:stein-18.04-sriov
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]47 neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
48 neutron_bgp_dragent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
49 neutron_ironic_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
50 neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]51 dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]52 image_repo_sync: docker.io/docker:17.07.0
53 pull_policy: "IfNotPresent"
54 local_registry:
55 active: false
56 exclude:
57 - dep_check
58 - image_repo_sync
59
60labels:
61 agent:
62 dhcp:
63 node_selector_key: openstack-control-plane
64 node_selector_value: enabled
65 l3:
66 node_selector_key: openstack-control-plane
67 node_selector_value: enabled
68 metadata:
69 node_selector_key: openstack-control-plane
70 node_selector_value: enabled
71 l2gw:
72 node_selector_key: openstack-control-plane
73 node_selector_value: enabled
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]74 ovn_vpn:
75 node_selector_key: openstack-control-plane
76 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]77 job:
78 node_selector_key: openstack-control-plane
79 node_selector_value: enabled
80 lb:
81 node_selector_key: linuxbridge
82 node_selector_value: enabled
83 # openvswitch is a special case, requiring a special
84 # label that can apply to both control hosts
85 # and compute hosts, until we get more sophisticated
86 # with our daemonset scheduling
87 ovs:
88 node_selector_key: openvswitch
89 node_selector_value: enabled
90 sriov:
91 node_selector_key: sriov
92 node_selector_value: enabled
93 bagpipe_bgp:
94 node_selector_key: openstack-compute-node
95 node_selector_value: enabled
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]96 bgp_dragent:
97 node_selector_key: openstack-compute-node
98 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]99 server:
100 node_selector_key: openstack-control-plane
101 node_selector_value: enabled
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]102 rpc_server:
103 node_selector_key: openstack-control-plane
104 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]105 ironic_agent:
106 node_selector_key: openstack-control-plane
107 node_selector_value: enabled
108 netns_cleanup_cron:
109 node_selector_key: openstack-control-plane
110 node_selector_value: enabled
111 test:
112 node_selector_key: openstack-control-plane
113 node_selector_value: enabled
114
115network:
116 # provide what type of network wiring will be used
117 backend:
118 - openvswitch
119 # NOTE(Portdirect): Share network namespaces with the host,
120 # allowing agents to be restarted without packet loss and simpler
121 # debugging. This feature requires mount propagation support.
122 share_namespaces: true
123 interface:
124 # Tunnel interface will be used for VXLAN tunneling.
125 tunnel: null
126 # If tunnel is null there is a fallback mechanism to search
127 # for interface with routing using tunnel network cidr.
128 tunnel_network_cidr: "0/0"
129 # To perform setup of network interfaces using the SR-IOV init
130 # container you can use a section similar to:
131 # sriov:
132 # - device: ${DEV}
133 # num_vfs: 8
134 # mtu: 9214
135 # promisc: false
136 # qos:
137 # - vf_num: 0
138 # share: 10
139 # queues_per_vf:
140 # - num_queues: 16
141 # exclude_vf: 0,11,21
142 server:
143 ingress:
144 public: true
145 classes:
146 namespace: "nginx"
147 cluster: "nginx-cluster"
148 annotations:
149 nginx.ingress.kubernetes.io/rewrite-target: /
150 external_policy_local: false
151 node_port:
152 enabled: false
153 port: 30096
154
155bootstrap:
156 enabled: false
157 ks_user: neutron
158 script: |
159 openstack token issue
160
161dependencies:
162 dynamic:
163 common:
164 local_image_registry:
165 jobs:
166 - neutron-image-repo-sync
167 services:
168 - endpoint: node
169 service: local_image_registry
170 targeted:
171 sriov: {}
172 l2gateway: {}
173 bagpipe_bgp: {}
Mohammed Naserfd8edcc2023-09-06 22:32:16 +0000[diff] [blame]174 ovn:
175 server:
176 pod: null
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]177 bgp_dragent: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]178 openvswitch:
179 dhcp:
180 pod:
181 - requireSameNode: true
182 labels:
183 application: neutron
184 component: neutron-ovs-agent
185 l3:
186 pod:
187 - requireSameNode: true
188 labels:
189 application: neutron
190 component: neutron-ovs-agent
191 metadata:
192 pod:
193 - requireSameNode: true
194 labels:
195 application: neutron
196 component: neutron-ovs-agent
197 linuxbridge:
198 dhcp:
199 pod:
200 - requireSameNode: true
201 labels:
202 application: neutron
203 component: neutron-lb-agent
204 l3:
205 pod:
206 - requireSameNode: true
207 labels:
208 application: neutron
209 component: neutron-lb-agent
210 metadata:
211 pod:
212 - requireSameNode: true
213 labels:
214 application: neutron
215 component: neutron-lb-agent
216 lb_agent:
217 pod: null
218 static:
219 bootstrap:
220 services:
221 - endpoint: internal
222 service: network
223 - endpoint: internal
224 service: compute
225 db_drop:
226 services:
227 - endpoint: internal
228 service: oslo_db
229 db_init:
230 services:
231 - endpoint: internal
232 service: oslo_db
233 db_sync:
234 jobs:
235 - neutron-db-init
236 services:
237 - endpoint: internal
238 service: oslo_db
239 dhcp:
240 pod: null
241 jobs:
242 - neutron-rabbit-init
243 services:
244 - endpoint: internal
245 service: oslo_messaging
246 - endpoint: internal
247 service: network
248 - endpoint: internal
249 service: compute
250 ks_endpoints:
251 jobs:
252 - neutron-ks-service
253 services:
254 - endpoint: internal
255 service: identity
256 ks_service:
257 services:
258 - endpoint: internal
259 service: identity
260 ks_user:
261 services:
262 - endpoint: internal
263 service: identity
264 rabbit_init:
265 services:
266 - service: oslo_messaging
267 endpoint: internal
268 l3:
269 pod: null
270 jobs:
271 - neutron-rabbit-init
272 services:
273 - endpoint: internal
274 service: oslo_messaging
275 - endpoint: internal
276 service: network
277 - endpoint: internal
278 service: compute
279 lb_agent:
280 pod: null
281 jobs:
282 - neutron-rabbit-init
283 services:
284 - endpoint: internal
285 service: oslo_messaging
286 - endpoint: internal
287 service: network
288 metadata:
289 pod: null
290 jobs:
291 - neutron-rabbit-init
292 services:
293 - endpoint: internal
294 service: oslo_messaging
295 - endpoint: internal
296 service: network
297 - endpoint: internal
298 service: compute
299 - endpoint: public
300 service: compute_metadata
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]301 ovn_metadata:
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]302 pod:
303 - requireSameNode: true
304 labels:
305 application: ovn
306 component: ovn-controller
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]307 services:
308 - endpoint: internal
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]309 service: compute_metadata
Mohammed Naserfd8edcc2023-09-06 22:32:16 +0000[diff] [blame]310 - endpoint: internal
311 service: network
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]312 ovn_vpn_agent:
313 pod:
314 - requireSameNode: true
315 labels:
316 application: ovn
317 component: ovn-controller
318 services:
319 - endpoint: internal
320 service: oslo_messaging
321 - endpoint: internal
322 service: network
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]323 ovs_agent:
324 jobs:
325 - neutron-rabbit-init
326 pod:
327 - requireSameNode: true
328 labels:
329 application: openvswitch
330 component: server
331 services:
332 - endpoint: internal
333 service: oslo_messaging
334 - endpoint: internal
335 service: network
336 server:
337 jobs:
338 - neutron-db-sync
339 - neutron-ks-user
340 - neutron-ks-endpoints
341 - neutron-rabbit-init
342 services:
343 - endpoint: internal
344 service: oslo_db
345 - endpoint: internal
346 service: oslo_messaging
347 - endpoint: internal
348 service: oslo_cache
349 - endpoint: internal
350 service: identity
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]351 rpc_server:
352 jobs:
353 - neutron-db-sync
354 - neutron-rabbit-init
355 services:
356 - endpoint: internal
357 service: oslo_db
358 - endpoint: internal
359 service: oslo_messaging
360 - endpoint: internal
361 service: oslo_cache
362 - endpoint: internal
363 service: identity
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]364 ironic_agent:
365 jobs:
366 - neutron-db-sync
367 - neutron-ks-user
368 - neutron-ks-endpoints
369 - neutron-rabbit-init
370 services:
371 - endpoint: internal
372 service: oslo_db
373 - endpoint: internal
374 service: oslo_messaging
375 - endpoint: internal
376 service: oslo_cache
377 - endpoint: internal
378 service: identity
379 tests:
380 services:
381 - endpoint: internal
382 service: network
383 - endpoint: internal
384 service: compute
385 image_repo_sync:
386 services:
387 - endpoint: internal
388 service: local_image_registry
389
390pod:
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]391 sidecars:
392 neutron_policy_server: false
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]393 use_fqdn:
394 neutron_agent: true
395 probes:
396 rpc_timeout: 60
397 rpc_retries: 2
398 dhcp_agent:
399 dhcp_agent:
400 readiness:
401 enabled: true
402 params:
403 initialDelaySeconds: 30
404 periodSeconds: 190
405 timeoutSeconds: 185
406 liveness:
407 enabled: true
408 params:
409 initialDelaySeconds: 120
410 periodSeconds: 600
411 timeoutSeconds: 580
412 l3_agent:
413 l3_agent:
414 readiness:
415 enabled: true
416 params:
417 initialDelaySeconds: 30
418 periodSeconds: 190
419 timeoutSeconds: 185
420 liveness:
421 enabled: true
422 params:
423 initialDelaySeconds: 120
424 periodSeconds: 600
425 timeoutSeconds: 580
426 lb_agent:
427 lb_agent:
428 readiness:
429 enabled: true
430 metadata_agent:
431 metadata_agent:
432 readiness:
433 enabled: true
434 params:
435 initialDelaySeconds: 30
436 periodSeconds: 190
437 timeoutSeconds: 185
438 liveness:
439 enabled: true
440 params:
441 initialDelaySeconds: 120
442 periodSeconds: 600
443 timeoutSeconds: 580
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]444 ovn_vpn_agent:
445 ovn_vpn_agent:
446 readiness:
447 enabled: true
448 params:
449 initialDelaySeconds: 30
450 periodSeconds: 190
451 timeoutSeconds: 185
452 liveness:
453 enabled: true
454 params:
455 initialDelaySeconds: 120
456 periodSeconds: 600
457 timeoutSeconds: 580
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]458 ovn_metadata_agent:
459 ovn_metadata_agent:
460 readiness:
461 enabled: true
462 params:
463 initialDelaySeconds: 30
464 periodSeconds: 190
465 timeoutSeconds: 185
466 liveness:
467 enabled: true
468 params:
469 initialDelaySeconds: 120
470 periodSeconds: 600
471 timeoutSeconds: 580
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]472 ovs_agent:
473 ovs_agent:
474 readiness:
475 enabled: true
476 params:
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]477 timeoutSeconds: 10
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]478 liveness:
479 enabled: true
480 params:
481 initialDelaySeconds: 120
482 periodSeconds: 600
483 timeoutSeconds: 580
484 sriov_agent:
485 sriov_agent:
486 readiness:
487 enabled: true
488 params:
489 initialDelaySeconds: 30
490 periodSeconds: 190
491 timeoutSeconds: 185
492 bagpipe_bgp:
493 bagpipe_bgp:
494 readiness:
495 enabled: true
496 params:
497 liveness:
498 enabled: true
499 params:
500 initialDelaySeconds: 60
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]501 bgp_dragent:
502 bgp_dragent:
503 readiness:
504 enabled: false
505 params:
506 liveness:
507 enabled: true
508 params:
509 initialDelaySeconds: 60
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]510 l2gw_agent:
511 l2gw_agent:
512 readiness:
513 enabled: true
514 params:
515 initialDelaySeconds: 30
516 periodSeconds: 15
517 timeoutSeconds: 65
518 liveness:
519 enabled: true
520 params:
521 initialDelaySeconds: 120
522 periodSeconds: 90
523 timeoutSeconds: 70
524 server:
525 server:
526 readiness:
527 enabled: true
528 params:
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]529 periodSeconds: 15
530 timeoutSeconds: 10
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]531 liveness:
532 enabled: true
533 params:
534 initialDelaySeconds: 60
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]535 periodSeconds: 15
536 timeoutSeconds: 10
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]537 rpc_server:
538 rpc_server:
539 readiness:
540 enabled: true
541 params:
542 periodSeconds: 15
543 timeoutSeconds: 10
544 liveness:
545 enabled: true
546 params:
547 initialDelaySeconds: 60
548 periodSeconds: 15
549 timeoutSeconds: 10
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]550 security_context:
551 neutron_dhcp_agent:
552 pod:
553 runAsUser: 42424
554 container:
555 neutron_dhcp_agent:
556 readOnlyRootFilesystem: true
557 privileged: true
558 neutron_l2gw_agent:
559 pod:
560 runAsUser: 42424
561 container:
562 neutron_l2gw_agent:
563 readOnlyRootFilesystem: true
564 privileged: true
565 neutron_bagpipe_bgp:
566 pod:
567 runAsUser: 42424
568 container:
569 neutron_bagpipe_bgp:
570 readOnlyRootFilesystem: true
571 privileged: true
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]572 neutron_bgp_dragent:
573 pod:
574 runAsUser: 42424
575 container:
576 neutron_bgp_dragent:
577 readOnlyRootFilesystem: true
578 privileged: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]579 neutron_l3_agent:
580 pod:
581 runAsUser: 42424
582 container:
583 neutron_l3_agent:
584 readOnlyRootFilesystem: true
585 privileged: true
586 neutron_lb_agent:
587 pod:
588 runAsUser: 42424
589 container:
590 neutron_lb_agent_kernel_modules:
591 capabilities:
592 add:
593 - SYS_MODULE
594 - SYS_CHROOT
595 runAsUser: 0
596 readOnlyRootFilesystem: true
597 neutron_lb_agent_init:
598 privileged: true
599 runAsUser: 0
600 readOnlyRootFilesystem: true
601 neutron_lb_agent:
602 readOnlyRootFilesystem: true
603 privileged: true
604 neutron_metadata_agent:
605 pod:
606 runAsUser: 42424
607 container:
608 neutron_metadata_agent_init:
609 runAsUser: 0
610 readOnlyRootFilesystem: true
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]611 neutron_ovn_metadata_agent:
612 pod:
613 runAsUser: 42424
614 container:
615 neutron_ovn_metadata_agent_init:
616 runAsUser: 0
617 readOnlyRootFilesystem: true
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]618 ovn_vpn_agent:
619 pod:
620 runAsUser: 42424
621 container:
622 ovn_vpn_agent_init:
623 runAsUser: 0
624 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]625 neutron_ovs_agent:
626 pod:
627 runAsUser: 42424
628 container:
629 neutron_openvswitch_agent_kernel_modules:
630 capabilities:
631 add:
632 - SYS_MODULE
633 - SYS_CHROOT
634 runAsUser: 0
635 readOnlyRootFilesystem: true
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]636 netoffload:
637 privileged: true
638 runAsUser: 0
639 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]640 neutron_ovs_agent_init:
641 privileged: true
642 runAsUser: 0
643 readOnlyRootFilesystem: true
644 neutron_ovs_agent:
645 readOnlyRootFilesystem: true
646 privileged: true
647 neutron_server:
648 pod:
649 runAsUser: 42424
650 container:
651 nginx:
652 runAsUser: 0
653 readOnlyRootFilesystem: false
654 neutron_server:
655 allowPrivilegeEscalation: false
656 readOnlyRootFilesystem: true
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]657 neutron_policy_server:
658 allowPrivilegeEscalation: false
659 readOnlyRootFilesystem: true
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]660 neutron_rpc_server:
661 pod:
662 runAsUser: 42424
663 container:
664 neutron_rpc_server:
665 allowPrivilegeEscalation: false
666 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]667 neutron_sriov_agent:
668 pod:
669 runAsUser: 42424
670 container:
671 neutron_sriov_agent_init:
672 privileged: true
673 runAsUser: 0
674 readOnlyRootFilesystem: false
675 neutron_sriov_agent:
676 readOnlyRootFilesystem: true
677 privileged: true
678 neutron_ironic_agent:
679 pod:
680 runAsUser: 42424
681 container:
682 neutron_ironic_agent:
683 allowPrivilegeEscalation: false
684 readOnlyRootFilesystem: true
685 neutron_netns_cleanup_cron:
686 pod:
687 runAsUser: 42424
688 container:
689 neutron_netns_cleanup_cron:
690 readOnlyRootFilesystem: true
691 privileged: true
692 affinity:
693 anti:
694 type:
695 default: preferredDuringSchedulingIgnoredDuringExecution
696 topologyKey:
697 default: kubernetes.io/hostname
698 weight:
699 default: 10
700 tolerations:
701 neutron:
702 enabled: false
703 tolerations:
704 - key: node-role.kubernetes.io/master
705 operator: Exists
706 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]707 - key: node-role.kubernetes.io/control-plane
708 operator: Exists
709 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]710 mounts:
711 neutron_server:
712 init_container: null
713 neutron_server:
714 volumeMounts:
715 volumes:
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]716 neutron_rpc_server:
717 init_container: null
718 neutron_rpc_server:
719 volumeMounts:
720 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]721 neutron_dhcp_agent:
722 init_container: null
723 neutron_dhcp_agent:
724 volumeMounts:
725 volumes:
726 neutron_l3_agent:
727 init_container: null
728 neutron_l3_agent:
729 volumeMounts:
730 volumes:
731 neutron_lb_agent:
732 init_container: null
733 neutron_lb_agent:
734 volumeMounts:
735 volumes:
736 neutron_metadata_agent:
737 init_container: null
738 neutron_metadata_agent:
739 volumeMounts:
740 volumes:
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]741 neutron_ovn_metadata_agent:
742 init_container: null
743 neutron_ovn_metadata_agent:
744 volumeMounts:
745 volumes:
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]746 ovn_vpn_agent:
747 init_container: null
748 ovn_vpn_agent:
749 volumeMounts:
750 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]751 neutron_ovs_agent:
752 init_container: null
753 neutron_ovs_agent:
754 volumeMounts:
755 volumes:
756 neutron_sriov_agent:
757 init_container: null
758 neutron_sriov_agent:
759 volumeMounts:
760 volumes:
761 neutron_l2gw_agent:
762 init_container: null
763 neutron_l2gw_agent:
764 volumeMounts:
765 volumes:
766 bagpipe_bgp:
767 init_container: null
768 bagpipe_bgp:
769 volumeMounts:
770 volumes:
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]771 bgp_dragent:
772 init_container: null
773 bgp_dragent:
774 volumeMounts:
775 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]776 neutron_ironic_agent:
777 init_container: null
778 neutron_ironic_agent:
779 volumeMounts:
780 volumes:
781 neutron_netns_cleanup_cron:
782 init_container: null
783 neutron_netns_cleanup_cron:
784 volumeMounts:
785 volumes:
786 neutron_tests:
787 init_container: null
788 neutron_tests:
789 volumeMounts:
790 volumes:
791 neutron_bootstrap:
792 init_container: null
793 neutron_bootstrap:
794 volumeMounts:
795 volumes:
796 neutron_db_sync:
797 neutron_db_sync:
798 volumeMounts:
799 - name: db-sync-conf
800 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
801 subPath: ml2_conf.ini
802 readOnly: true
803 volumes:
804 replicas:
805 server: 1
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]806 rpc_server: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]807 ironic_agent: 1
808 lifecycle:
809 upgrades:
810 deployments:
811 revision_history: 3
812 pod_replacement_strategy: RollingUpdate
813 rolling_update:
814 max_unavailable: 1
815 max_surge: 3
816 daemonsets:
817 pod_replacement_strategy: RollingUpdate
818 dhcp_agent:
819 enabled: true
820 min_ready_seconds: 0
821 max_unavailable: 1
822 l3_agent:
823 enabled: true
824 min_ready_seconds: 0
825 max_unavailable: 1
826 lb_agent:
827 enabled: true
828 min_ready_seconds: 0
829 max_unavailable: 1
830 metadata_agent:
831 enabled: true
832 min_ready_seconds: 0
833 max_unavailable: 1
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]834 ovn_metadata_agent:
835 enabled: true
836 min_ready_seconds: 0
837 max_unavailable: 1
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]838 ovn_vpn_agent:
839 enabled: true
840 min_ready_seconds: 0
841 max_unavailable: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]842 ovs_agent:
843 enabled: true
844 min_ready_seconds: 0
845 max_unavailable: 1
846 sriov_agent:
847 enabled: true
848 min_ready_seconds: 0
849 max_unavailable: 1
850 netns_cleanup_cron:
851 enabled: true
852 min_ready_seconds: 0
853 max_unavailable: 1
854 disruption_budget:
855 server:
856 min_available: 0
857 termination_grace_period:
858 server:
859 timeout: 30
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]860 rpc_server:
861 timeout: 30
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]862 ironic_agent:
863 timeout: 30
864 resources:
865 enabled: false
866 agent:
867 dhcp:
868 requests:
869 memory: "128Mi"
870 cpu: "100m"
871 limits:
872 memory: "1024Mi"
873 cpu: "2000m"
874 l3:
875 requests:
876 memory: "128Mi"
877 cpu: "100m"
878 limits:
879 memory: "1024Mi"
880 cpu: "2000m"
881 lb:
882 requests:
883 memory: "128Mi"
884 cpu: "100m"
885 limits:
886 memory: "1024Mi"
887 cpu: "2000m"
888 metadata:
889 requests:
890 memory: "128Mi"
891 cpu: "100m"
892 limits:
893 memory: "1024Mi"
894 cpu: "2000m"
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]895 ovn_metadata:
896 requests:
897 memory: "128Mi"
898 cpu: "100m"
899 limits:
900 memory: "1024Mi"
901 cpu: "2000m"
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]902 ovn_vpn:
903 requests:
904 memory: "128Mi"
905 cpu: "100m"
906 limits:
907 memory: "1024Mi"
908 cpu: "2000m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]909 ovs:
910 requests:
911 memory: "128Mi"
912 cpu: "100m"
913 limits:
914 memory: "1024Mi"
915 cpu: "2000m"
916 sriov:
917 requests:
918 memory: "128Mi"
919 cpu: "100m"
920 limits:
921 memory: "1024Mi"
922 cpu: "2000m"
923 l2gw:
924 requests:
925 memory: "128Mi"
926 cpu: "100m"
927 limits:
928 memory: "1024Mi"
929 cpu: "2000m"
930 bagpipe_bgp:
931 requests:
932 memory: "128Mi"
933 cpu: "100m"
934 limits:
935 memory: "1024Mi"
936 cpu: "2000m"
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]937 bgp_dragent:
938 requests:
939 memory: "128Mi"
940 cpu: "100m"
941 limits:
942 memory: "1024Mi"
943 cpu: "2000m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]944 server:
945 requests:
946 memory: "128Mi"
947 cpu: "100m"
948 limits:
949 memory: "1024Mi"
950 cpu: "2000m"
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]951 neutron_policy_server:
952 requests:
953 memory: "128Mi"
954 cpu: "100m"
955 limits:
956 memory: "256Mi"
957 cpu: "500m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]958 ironic_agent:
959 requests:
960 memory: "128Mi"
961 cpu: "100m"
962 limits:
963 memory: "1024Mi"
964 cpu: "2000m"
965 netns_cleanup_cron:
966 requests:
967 memory: "128Mi"
968 cpu: "100m"
969 limits:
970 memory: "1024Mi"
971 cpu: "2000m"
972 jobs:
973 bootstrap:
974 requests:
975 memory: "128Mi"
976 cpu: "100m"
977 limits:
978 memory: "1024Mi"
979 cpu: "2000m"
980 db_init:
981 requests:
982 memory: "128Mi"
983 cpu: "100m"
984 limits:
985 memory: "1024Mi"
986 cpu: "2000m"
987 rabbit_init:
988 requests:
989 memory: "128Mi"
990 cpu: "100m"
991 limits:
992 memory: "1024Mi"
993 cpu: "2000m"
994 db_sync:
995 requests:
996 memory: "128Mi"
997 cpu: "100m"
998 limits:
999 memory: "1024Mi"
1000 cpu: "2000m"
1001 db_drop:
1002 requests:
1003 memory: "128Mi"
1004 cpu: "100m"
1005 limits:
1006 memory: "1024Mi"
1007 cpu: "2000m"
1008 ks_endpoints:
1009 requests:
1010 memory: "128Mi"
1011 cpu: "100m"
1012 limits:
1013 memory: "1024Mi"
1014 cpu: "2000m"
1015 ks_service:
1016 requests:
1017 memory: "128Mi"
1018 cpu: "100m"
1019 limits:
1020 memory: "1024Mi"
1021 cpu: "2000m"
1022 ks_user:
1023 requests:
1024 memory: "128Mi"
1025 cpu: "100m"
1026 limits:
1027 memory: "1024Mi"
1028 cpu: "2000m"
1029 tests:
1030 requests:
1031 memory: "128Mi"
1032 cpu: "100m"
1033 limits:
1034 memory: "1024Mi"
1035 cpu: "2000m"
1036 image_repo_sync:
1037 requests:
1038 memory: "128Mi"
1039 cpu: "100m"
1040 limits:
1041 memory: "1024Mi"
1042 cpu: "2000m"
1043
1044conf:
1045 rally_tests:
1046 force_project_purge: false
1047 run_tempest: false
1048 clean_up: |
1049 # NOTE: We will make the best effort to clean up rally generated networks and routers,
1050 # but should not block further automated deployment.
1051 set +e
1052 PATTERN="^[sc]_rally_"
1053
1054 ROUTERS=$(openstack router list --format=value -c Name | grep -e $PATTERN | sort | tr -d '\r')
1055 NETWORKS=$(openstack network list --format=value -c Name | grep -e $PATTERN | sort | tr -d '\r')
1056
1057 for ROUTER in $ROUTERS
1058 do
1059 openstack router unset --external-gateway $ROUTER
1060 openstack router set --disable --no-ha $ROUTER
1061
1062 SUBNS=$(openstack router show $ROUTER -c interfaces_info --format=value | python -m json.tool | grep -oP '(?<="subnet_id": ")[a-f0-9\-]{36}(?=")' | sort | uniq)
1063 for SUBN in $SUBNS
1064 do
1065 openstack router remove subnet $ROUTER $SUBN
1066 done
1067
1068 for PORT in $(openstack port list --router $ROUTER --format=value -c ID | tr -d '\r')
1069 do
1070 openstack router remove port $ROUTER $PORT
1071 done
1072
1073 openstack router delete $ROUTER
1074 done
1075
1076 for NETWORK in $NETWORKS
1077 do
1078 for PORT in $(openstack port list --network $NETWORK --format=value -c ID | tr -d '\r')
1079 do
1080 openstack port delete $PORT
1081 done
1082 openstack network delete $NETWORK
1083 done
1084 set -e
1085 tests:
1086 NeutronNetworks.create_and_delete_networks:
1087 - args:
1088 network_create_args: {}
1089 context:
1090 quotas:
1091 neutron:
1092 network: -1
1093 runner:
1094 concurrency: 1
1095 times: 1
1096 type: constant
1097 sla:
1098 failure_rate:
1099 max: 0
1100 NeutronNetworks.create_and_delete_ports:
1101 - args:
1102 network_create_args: {}
1103 port_create_args: {}
1104 ports_per_network: 10
1105 context:
1106 network: {}
1107 quotas:
1108 neutron:
1109 network: -1
1110 port: -1
1111 runner:
1112 concurrency: 1
1113 times: 1
1114 type: constant
1115 sla:
1116 failure_rate:
1117 max: 0
1118 NeutronNetworks.create_and_delete_routers:
1119 - args:
1120 network_create_args: {}
1121 router_create_args: {}
1122 subnet_cidr_start: 1.1.0.0/30
1123 subnet_create_args: {}
1124 subnets_per_network: 2
1125 context:
1126 network: {}
1127 quotas:
1128 neutron:
1129 network: -1
1130 router: -1
1131 subnet: -1
1132 runner:
1133 concurrency: 1
1134 times: 1
1135 type: constant
1136 sla:
1137 failure_rate:
1138 max: 0
1139 NeutronNetworks.create_and_delete_subnets:
1140 - args:
1141 network_create_args: {}
1142 subnet_cidr_start: 1.1.0.0/30
1143 subnet_create_args: {}
1144 subnets_per_network: 2
1145 context:
1146 network: {}
1147 quotas:
1148 neutron:
1149 network: -1
1150 subnet: -1
1151 runner:
1152 concurrency: 1
1153 times: 1
1154 type: constant
1155 sla:
1156 failure_rate:
1157 max: 0
1158 NeutronNetworks.create_and_list_routers:
1159 - args:
1160 network_create_args: {}
1161 router_create_args: {}
1162 subnet_cidr_start: 1.1.0.0/30
1163 subnet_create_args: {}
1164 subnets_per_network: 2
1165 context:
1166 network: {}
1167 quotas:
1168 neutron:
1169 network: -1
1170 router: -1
1171 subnet: -1
1172 runner:
1173 concurrency: 1
1174 times: 1
1175 type: constant
1176 sla:
1177 failure_rate:
1178 max: 0
1179 NeutronNetworks.create_and_list_subnets:
1180 - args:
1181 network_create_args: {}
1182 subnet_cidr_start: 1.1.0.0/30
1183 subnet_create_args: {}
1184 subnets_per_network: 2
1185 context:
1186 network: {}
1187 quotas:
1188 neutron:
1189 network: -1
1190 subnet: -1
1191 runner:
1192 concurrency: 1
1193 times: 1
1194 type: constant
1195 sla:
1196 failure_rate:
1197 max: 0
1198 NeutronNetworks.create_and_show_network:
1199 - args:
1200 network_create_args: {}
1201 context:
1202 quotas:
1203 neutron:
1204 network: -1
1205 runner:
1206 concurrency: 1
1207 times: 1
1208 type: constant
1209 sla:
1210 failure_rate:
1211 max: 0
1212 NeutronNetworks.create_and_update_networks:
1213 - args:
1214 network_create_args: {}
1215 network_update_args:
1216 admin_state_up: false
1217 context:
1218 quotas:
1219 neutron:
1220 network: -1
1221 runner:
1222 concurrency: 1
1223 times: 1
1224 type: constant
1225 sla:
1226 failure_rate:
1227 max: 0
1228 NeutronNetworks.create_and_update_ports:
1229 - args:
1230 network_create_args: {}
1231 port_create_args: {}
1232 port_update_args:
1233 admin_state_up: false
1234 device_id: dummy_id
1235 device_owner: dummy_owner
1236 ports_per_network: 5
1237 context:
1238 network: {}
1239 quotas:
1240 neutron:
1241 network: -1
1242 port: -1
1243 runner:
1244 concurrency: 1
1245 times: 1
1246 type: constant
1247 sla:
1248 failure_rate:
1249 max: 0
1250 NeutronNetworks.create_and_update_routers:
1251 - args:
1252 network_create_args: {}
1253 router_create_args: {}
1254 router_update_args:
1255 admin_state_up: false
1256 subnet_cidr_start: 1.1.0.0/30
1257 subnet_create_args: {}
1258 subnets_per_network: 2
1259 context:
1260 network: {}
1261 quotas:
1262 neutron:
1263 network: -1
1264 router: -1
1265 subnet: -1
1266 runner:
1267 concurrency: 1
1268 times: 1
1269 type: constant
1270 sla:
1271 failure_rate:
1272 max: 0
1273 NeutronNetworks.create_and_update_subnets:
1274 - args:
1275 network_create_args: {}
1276 subnet_cidr_start: 1.4.0.0/16
1277 subnet_create_args: {}
1278 subnet_update_args:
1279 enable_dhcp: false
1280 subnets_per_network: 2
1281 context:
1282 network: {}
1283 quotas:
1284 neutron:
1285 network: -1
1286 subnet: -1
1287 runner:
1288 concurrency: 1
1289 times: 1
1290 type: constant
1291 sla:
1292 failure_rate:
1293 max: 0
1294 NeutronNetworks.list_agents:
1295 - args:
1296 agent_args: {}
1297 runner:
1298 concurrency: 1
1299 times: 1
1300 type: constant
1301 sla:
1302 failure_rate:
1303 max: 0
1304 NeutronSecurityGroup.create_and_list_security_groups:
1305 - args:
1306 security_group_create_args: {}
1307 context:
1308 quotas:
1309 neutron:
1310 security_group: -1
1311 runner:
1312 concurrency: 1
1313 times: 1
1314 type: constant
1315 sla:
1316 failure_rate:
1317 max: 0
1318 NeutronSecurityGroup.create_and_update_security_groups:
1319 - args:
1320 security_group_create_args: {}
1321 security_group_update_args: {}
1322 context:
1323 quotas:
1324 neutron:
1325 security_group: -1
1326 runner:
1327 concurrency: 1
1328 times: 1
1329 type: constant
1330 sla:
1331 failure_rate:
1332 max: 0
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]1333 paste:
1334 composite:neutron:
1335 use: egg:Paste#urlmap
1336 /: neutronversions_composite
1337 /v2.0: neutronapi_v2_0
1338 composite:neutronapi_v2_0:
1339 use: call:neutron.auth:pipeline_factory
1340 noauth: cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
1341 keystone: cors http_proxy_to_wsgi request_id catch_errors authtoken audit keystonecontext extensions neutronapiapp_v2_0
1342 composite:neutronversions_composite:
1343 use: call:neutron.auth:pipeline_factory
1344 noauth: cors http_proxy_to_wsgi neutronversions
1345 keystone: cors http_proxy_to_wsgi neutronversions
1346 filter:request_id:
1347 paste.filter_factory: oslo_middleware:RequestId.factory
1348 filter:catch_errors:
1349 paste.filter_factory: oslo_middleware:CatchErrors.factory
1350 filter:cors:
1351 paste.filter_factory: oslo_middleware.cors:filter_factory
1352 oslo_config_project: neutron
1353 filter:http_proxy_to_wsgi:
1354 paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
1355 filter:keystonecontext:
1356 paste.filter_factory: neutron.auth:NeutronKeystoneContext.factory
1357 filter:authtoken:
1358 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
1359 filter:audit:
1360 paste.filter_factory: keystonemiddleware.audit:filter_factory
1361 audit_map_file: /etc/neutron/api_audit_map.conf
1362 filter:extensions:
1363 paste.filter_factory: neutron.api.extensions:plugin_aware_extension_middleware_factory
1364 app:neutronversions:
1365 paste.app_factory: neutron.pecan_wsgi.app:versions_factory
1366 app:neutronapiapp_v2_0:
1367 paste.app_factory: neutron.api.v2.router:APIRouter.factory
1368 filter:osprofiler:
1369 paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]1370 neutron_api_uwsgi:
1371 uwsgi:
1372 add-header: "Connection: close"
1373 buffer-size: 65535
1374 die-on-term: true
1375 enable-threads: true
1376 exit-on-reload: false
1377 hook-master-start: unix_signal:15 gracefully_kill_them_all
1378 lazy-apps: true
1379 log-x-forwarded-for: true
1380 master: true
1381 procname-prefix-spaced: "neutron-api:"
1382 route-user-agent: '^kube-probe.* donotlog:'
1383 thunder-lock: true
1384 worker-reload-mercy: 80
1385 wsgi-file: /var/lib/openstack/bin/neutron-api
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]1386 neutron_policy_server_uwsgi:
1387 uwsgi:
1388 add-header: "Connection: close"
1389 buffer-size: 65535
1390 die-on-term: true
1391 enable-threads: true
1392 exit-on-reload: false
1393 hook-master-start: unix_signal:15 gracefully_kill_them_all
1394 lazy-apps: true
1395 log-x-forwarded-for: true
1396 master: true
1397 procname-prefix-spaced: "neutron-policy-server:"
1398 route-user-agent: '^kube-probe.* donotlog:'
1399 thunder-lock: true
1400 worker-reload-mercy: 80
1401 wsgi-file: /var/lib/openstack/bin/neutron-policy-server-wsgi
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1402 policy: {}
1403 api_audit_map:
1404 DEFAULT:
1405 target_endpoint_type: None
1406 custom_actions:
1407 add_router_interface: update/add
1408 remove_router_interface: update/remove
1409 path_keywords:
1410 floatingips: ip
1411 healthmonitors: healthmonitor
1412 health_monitors: health_monitor
1413 lb: None
1414 members: member
1415 metering-labels: label
1416 metering-label-rules: rule
1417 networks: network
1418 pools: pool
1419 ports: port
1420 routers: router
1421 quotas: quota
1422 security-groups: security-group
1423 security-group-rules: rule
1424 subnets: subnet
1425 vips: vip
1426 service_endpoints:
1427 network: service/network
1428 neutron_sudoers: |
1429 # This sudoers file supports rootwrap for both Kolla and LOCI Images.
1430 Defaults !requiretty
1431 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
1432 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *, /var/lib/openstack/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
1433 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf, /var/lib/openstack/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
1434 rootwrap: |
1435 # Configuration for neutron-rootwrap
1436 # This file should be owned by (and only-writeable by) the root user
1437
1438 [DEFAULT]
1439 # List of directories to load filter definitions from (separated by ',').
1440 # These directories MUST all be only writeable by root !
1441 filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap,/var/lib/openstack/etc/neutron/rootwrap.d
1442
1443 # List of directories to search executables in, in case filters do not
1444 # explicitely specify a full path (separated by ',')
1445 # If not specified, defaults to system PATH environment variable.
1446 # These directories MUST all be only writeable by root !
1447 exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin
1448
1449 # Enable logging to syslog
1450 # Default value is False
1451 use_syslog=False
1452
1453 # Which syslog facility to use.
1454 # Valid values include auth, authpriv, syslog, local0, local1...
1455 # Default value is 'syslog'
1456 syslog_log_facility=syslog
1457
1458 # Which messages to log.
1459 # INFO means log all usage
1460 # ERROR means only log unsuccessful attempts
1461 syslog_log_level=ERROR
1462
1463 [xenapi]
1464 # XenAPI configuration is only required by the L2 agent if it is to
1465 # target a XenServer/XCP compute host's dom0.
1466 xenapi_connection_url=<None>
1467 xenapi_connection_username=root
1468 xenapi_connection_password=<None>
1469 rootwrap_filters:
1470 debug:
1471 pods:
1472 - dhcp_agent
1473 - l3_agent
1474 - lb_agent
1475 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1476 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1477 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1478 - ovs_agent
1479 - sriov_agent
1480 content: |
1481 # neutron-rootwrap command filters for nodes on which neutron is
1482 # expected to control network
1483 #
1484 # This file should be owned by (and only-writeable by) the root user
1485
1486 # format seems to be
1487 # cmd-name: filter-name, raw-command, user, args
1488
1489 [Filters]
1490
1491 # This is needed because we should ping
1492 # from inside a namespace which requires root
1493 # _alt variants allow to match -c and -w in any order
1494 # (used by NeutronDebugAgent.ping_all)
1495 ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
1496 ping_alt: RegExpFilter, ping, root, ping, -c, \d+, -w, \d+, [0-9\.]+
1497 ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+
1498 ping6_alt: RegExpFilter, ping6, root, ping6, -c, \d+, -w, \d+, [0-9A-Fa-f:]+
1499 dibbler:
1500 pods:
1501 - dhcp_agent
1502 - l3_agent
1503 - lb_agent
1504 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1505 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1506 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1507 - ovs_agent
1508 - sriov_agent
1509 content: |
1510 # neutron-rootwrap command filters for nodes on which neutron is
1511 # expected to control network
1512 #
1513 # This file should be owned by (and only-writeable by) the root user
1514
1515 # format seems to be
1516 # cmd-name: filter-name, raw-command, user, args
1517
1518 [Filters]
1519
1520 # Filters for the dibbler-based reference implementation of the pluggable
1521 # Prefix Delegation driver. Other implementations using an alternative agent
1522 # should include a similar filter in this folder.
1523
1524 # prefix_delegation_agent
1525 dibbler-client: CommandFilter, dibbler-client, root
1526 ipset_firewall:
1527 pods:
1528 - dhcp_agent
1529 - l3_agent
1530 - lb_agent
1531 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1532 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1533 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1534 - ovs_agent
1535 - sriov_agent
1536 content: |
1537 # neutron-rootwrap command filters for nodes on which neutron is
1538 # expected to control network
1539 #
1540 # This file should be owned by (and only-writeable by) the root user
1541
1542 # format seems to be
1543 # cmd-name: filter-name, raw-command, user, args
1544
1545 [Filters]
1546 # neutron/agent/linux/iptables_firewall.py
1547 # "ipset", "-A", ...
1548 ipset: CommandFilter, ipset, root
1549 l3:
1550 pods:
1551 - dhcp_agent
1552 - l3_agent
1553 - lb_agent
1554 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1555 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1556 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1557 - ovs_agent
1558 - sriov_agent
1559 content: |
1560 # neutron-rootwrap command filters for nodes on which neutron is
1561 # expected to control network
1562 #
1563 # This file should be owned by (and only-writeable by) the root user
1564
1565 # format seems to be
1566 # cmd-name: filter-name, raw-command, user, args
1567
1568 [Filters]
1569
1570 # arping
1571 arping: CommandFilter, arping, root
1572
1573 # l3_agent
1574 sysctl: CommandFilter, sysctl, root
1575 route: CommandFilter, route, root
1576 radvd: CommandFilter, radvd, root
1577
1578 # haproxy
1579 haproxy: RegExpFilter, haproxy, root, haproxy, -f, .*
1580 kill_haproxy: KillFilter, root, haproxy, -15, -9, -HUP
1581
1582 # metadata proxy
1583 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
1584 # RHEL invocation of the metadata proxy will report /usr/bin/python
1585 kill_metadata: KillFilter, root, python, -15, -9
1586 kill_metadata2: KillFilter, root, python2, -15, -9
1587 kill_metadata7: KillFilter, root, python2.7, -15, -9
1588 kill_metadata3: KillFilter, root, python3, -15, -9
1589 kill_metadata35: KillFilter, root, python3.5, -15, -9
1590 kill_metadata36: KillFilter, root, python3.6, -15, -9
1591 kill_metadata37: KillFilter, root, python3.7, -15, -9
1592 kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -15, -9, -HUP
1593 kill_radvd: KillFilter, root, /sbin/radvd, -15, -9, -HUP
1594
1595 # ip_lib
1596 ip: IpFilter, ip, root
1597 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1598 ip_exec: IpNetnsExecFilter, ip, root
1599
1600 # l3_tc_lib
1601 l3_tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
1602 l3_tc_add_qdisc_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress
1603 l3_tc_add_qdisc_egress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, root, handle, 1:, htb
1604 l3_tc_show_filters: RegExpFilter, tc, root, tc, -p, -s, -d, filter, show, dev, .+, parent, .+, prio, 1
1605 l3_tc_delete_filters: RegExpFilter, tc, root, tc, filter, del, dev, .+, parent, .+, prio, 1, handle, .+, u32
1606 l3_tc_add_filter_ingress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, dst, .+, police, rate, .+, burst, .+, drop, flowid, :1
1607 l3_tc_add_filter_egress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, src, .+, police, rate, .+, burst, .+, drop, flowid, :1
1608
1609 # For ip monitor
1610 kill_ip_monitor: KillFilter, root, ip, -9
1611
1612 # ovs_lib (if OVSInterfaceDriver is used)
1613 ovs-vsctl: CommandFilter, ovs-vsctl, root
1614
1615 # iptables_manager
1616 iptables-save: CommandFilter, iptables-save, root
1617 iptables-restore: CommandFilter, iptables-restore, root
1618 ip6tables-save: CommandFilter, ip6tables-save, root
1619 ip6tables-restore: CommandFilter, ip6tables-restore, root
1620
1621 # Keepalived
1622 keepalived: CommandFilter, keepalived, root
1623 kill_keepalived: KillFilter, root, keepalived, -HUP, -15, -9
1624
1625 # l3 agent to delete floatingip's conntrack state
1626 conntrack: CommandFilter, conntrack, root
1627
1628 # keepalived state change monitor
1629 keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root
1630 # The following filters are used to kill the keepalived state change monitor.
1631 # Since the monitor runs as a Python script, the system reports that the
1632 # command of the process to be killed is python.
1633 # TODO(mlavalle) These kill filters will be updated once we come up with a
1634 # mechanism to kill using the name of the script being executed by Python
1635 kill_keepalived_monitor_py: KillFilter, root, python, -15
1636 kill_keepalived_monitor_py27: KillFilter, root, python2.7, -15
1637 kill_keepalived_monitor_py3: KillFilter, root, python3, -15
1638 kill_keepalived_monitor_py35: KillFilter, root, python3.5, -15
1639 kill_keepalived_monitor_py36: KillFilter, root, python3.6, -15
1640 kill_keepalived_monitor_py37: KillFilter, root, python3.7, -15
1641 netns_cleanup:
1642 pods:
1643 - dhcp_agent
1644 - l3_agent
1645 - lb_agent
1646 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1647 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1648 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1649 - ovs_agent
1650 - sriov_agent
1651 - netns_cleanup_cron
1652 content: |
1653 # neutron-rootwrap command filters for nodes on which neutron is
1654 # expected to control network
1655 #
1656 # This file should be owned by (and only-writeable by) the root user
1657
1658 # format seems to be
1659 # cmd-name: filter-name, raw-command, user, args
1660
1661 [Filters]
1662
1663 # netns-cleanup
1664 netstat: CommandFilter, netstat, root
1665 dhcp:
1666 pods:
1667 - dhcp_agent
1668 - l3_agent
1669 - lb_agent
1670 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1671 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1672 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1673 - ovs_agent
1674 - sriov_agent
1675 - netns_cleanup_cron
1676 content: |
1677 # neutron-rootwrap command filters for nodes on which neutron is
1678 # expected to control network
1679 #
1680 # This file should be owned by (and only-writeable by) the root user
1681
1682 # format seems to be
1683 # cmd-name: filter-name, raw-command, user, args
1684
1685 [Filters]
1686
1687 # dhcp-agent
1688 dnsmasq: CommandFilter, dnsmasq, root
1689 # dhcp-agent uses kill as well, that's handled by the generic KillFilter
1690 # it looks like these are the only signals needed, per
1691 # neutron/agent/linux/dhcp.py
1692 kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP, -15
1693 kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP, -15
1694
1695 ovs-vsctl: CommandFilter, ovs-vsctl, root
1696 ivs-ctl: CommandFilter, ivs-ctl, root
1697 mm-ctl: CommandFilter, mm-ctl, root
1698 dhcp_release: CommandFilter, dhcp_release, root
1699 dhcp_release6: CommandFilter, dhcp_release6, root
1700
1701 # metadata proxy
1702 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
1703 # RHEL invocation of the metadata proxy will report /usr/bin/python
1704 kill_metadata: KillFilter, root, python, -9
1705 kill_metadata2: KillFilter, root, python2, -9
1706 kill_metadata7: KillFilter, root, python2.7, -9
1707 kill_metadata3: KillFilter, root, python3, -9
1708 kill_metadata35: KillFilter, root, python3.5, -9
1709 kill_metadata36: KillFilter, root, python3.6, -9
1710 kill_metadata37: KillFilter, root, python3.7, -9
1711
1712 # ip_lib
1713 ip: IpFilter, ip, root
1714 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1715 ip_exec: IpNetnsExecFilter, ip, root
1716 ebtables:
1717 pods:
1718 - dhcp_agent
1719 - l3_agent
1720 - lb_agent
1721 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1722 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1723 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1724 - ovs_agent
1725 - sriov_agent
1726 content: |
1727 # neutron-rootwrap command filters for nodes on which neutron is
1728 # expected to control network
1729 #
1730 # This file should be owned by (and only-writeable by) the root user
1731
1732 # format seems to be
1733 # cmd-name: filter-name, raw-command, user, args
1734
1735 [Filters]
1736
1737 ebtables: CommandFilter, ebtables, root
1738 iptables_firewall:
1739 pods:
1740 - dhcp_agent
1741 - l3_agent
1742 - lb_agent
1743 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1744 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1745 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1746 - ovs_agent
1747 - sriov_agent
1748 content: |
1749 # neutron-rootwrap command filters for nodes on which neutron is
1750 # expected to control network
1751 #
1752 # This file should be owned by (and only-writeable by) the root user
1753
1754 # format seems to be
1755 # cmd-name: filter-name, raw-command, user, args
1756
1757 [Filters]
1758
1759 # neutron/agent/linux/iptables_firewall.py
1760 # "iptables-save", ...
1761 iptables-save: CommandFilter, iptables-save, root
1762 iptables-restore: CommandFilter, iptables-restore, root
1763 ip6tables-save: CommandFilter, ip6tables-save, root
1764 ip6tables-restore: CommandFilter, ip6tables-restore, root
1765
1766 # neutron/agent/linux/iptables_firewall.py
1767 # "iptables", "-A", ...
1768 iptables: CommandFilter, iptables, root
1769 ip6tables: CommandFilter, ip6tables, root
1770
1771 # neutron/agent/linux/iptables_firewall.py
1772 sysctl: CommandFilter, sysctl, root
1773
1774 # neutron/agent/linux/ip_conntrack.py
1775 conntrack: CommandFilter, conntrack, root
1776 linuxbridge_plugin:
1777 pods:
1778 - dhcp_agent
1779 - l3_agent
1780 - lb_agent
1781 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1782 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1783 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1784 - ovs_agent
1785 - sriov_agent
1786 content: |
1787 # neutron-rootwrap command filters for nodes on which neutron is
1788 # expected to control network
1789 #
1790 # This file should be owned by (and only-writeable by) the root user
1791
1792 # format seems to be
1793 # cmd-name: filter-name, raw-command, user, args
1794
1795 [Filters]
1796
1797 # linuxbridge-agent
1798 # unclear whether both variants are necessary, but I'm transliterating
1799 # from the old mechanism
1800 brctl: CommandFilter, brctl, root
1801 bridge: CommandFilter, bridge, root
1802
1803 # ip_lib
1804 ip: IpFilter, ip, root
1805 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1806 ip_exec: IpNetnsExecFilter, ip, root
1807
1808 # tc commands needed for QoS support
1809 tc_replace_tbf: RegExpFilter, tc, root, tc, qdisc, replace, dev, .+, root, tbf, rate, .+, latency, .+, burst, .+
1810 tc_add_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress, handle, .+
1811 tc_delete: RegExpFilter, tc, root, tc, qdisc, del, dev, .+, .+
1812 tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
1813 tc_show_filters: RegExpFilter, tc, root, tc, filter, show, dev, .+, parent, .+
1814 tc_add_filter: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, all, prio, .+, basic, police, rate, .+, burst, .+, mtu, .+, drop
1815 openvswitch_plugin:
1816 pods:
1817 - dhcp_agent
1818 - l3_agent
1819 - lb_agent
1820 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1821 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1822 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1823 - ovs_agent
1824 - sriov_agent
1825 content: |
1826 # neutron-rootwrap command filters for nodes on which neutron is
1827 # expected to control network
1828 #
1829 # This file should be owned by (and only-writeable by) the root user
1830
1831 # format seems to be
1832 # cmd-name: filter-name, raw-command, user, args
1833
1834 [Filters]
1835
1836 # openvswitch-agent
1837 # unclear whether both variants are necessary, but I'm transliterating
1838 # from the old mechanism
1839 ovs-vsctl: CommandFilter, ovs-vsctl, root
1840 # NOTE(yamamoto): of_interface=native doesn't use ovs-ofctl
1841 ovs-ofctl: CommandFilter, ovs-ofctl, root
1842 ovs-appctl: CommandFilter, ovs-appctl, root
1843 kill_ovsdb_client: KillFilter, root, /usr/bin/ovsdb-client, -9
1844 ovsdb-client: CommandFilter, ovsdb-client, root
1845 xe: CommandFilter, xe, root
1846
1847 # ip_lib
1848 ip: IpFilter, ip, root
1849 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1850 ip_exec: IpNetnsExecFilter, ip, root
1851
1852 # needed for FDB extension
1853 bridge: CommandFilter, bridge, root
1854 privsep:
1855 pods:
1856 - dhcp_agent
1857 - l3_agent
1858 - lb_agent
1859 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1860 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1861 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1862 - ovs_agent
1863 - sriov_agent
1864 - netns_cleanup_cron
1865 content: |
1866 # Command filters to allow privsep daemon to be started via rootwrap.
1867 #
1868 # This file should be owned by (and only-writeable by) the root user
1869
1870 [Filters]
1871
1872 # By installing the following, the local admin is asserting that:
1873 #
1874 # 1. The python module load path used by privsep-helper
1875 # command as root (as started by sudo/rootwrap) is trusted.
1876 # 2. Any oslo.config files matching the --config-file
1877 # arguments below are trusted.
1878 # 3. Users allowed to run sudo/rootwrap with this configuration(*) are
1879 # also allowed to invoke python "entrypoint" functions from
1880 # --privsep_context with the additional (possibly root) privileges
1881 # configured for that context.
1882 #
1883 # (*) ie: the user is allowed by /etc/sudoers to run rootwrap as root
1884 #
1885 # In particular, the oslo.config and python module path must not
1886 # be writeable by the unprivileged user.
1887
1888 # oslo.privsep default neutron context
1889 privsep: PathFilter, privsep-helper, root,
1890 --config-file, /etc,
1891 --privsep_context, neutron.privileged.default,
1892 --privsep_sock_path, /
1893
1894 # NOTE: A second `--config-file` arg can also be added above. Since
1895 # many neutron components are installed like that (eg: by devstack).
1896 # Adjust to suit local requirements.
1897 linux_vxlan:
1898 pods:
1899 - bagpipe_bgp
1900 content: |
1901 # bagpipe-bgp-rootwrap command filters for nodes on which bagpipe-bgp is
1902 # expected to control VXLAN Linux Bridge dataplane
1903 #
1904 # This file should be owned by (and only-writeable by) the root user
1905
1906 # format seems to be
1907 # cmd-name: filter-name, raw-command, user, args
1908
1909 [Filters]
1910
1911 #
1912 modprobe: CommandFilter, modprobe, root
1913
1914 #
1915 brctl: CommandFilter, brctl, root
1916 bridge: CommandFilter, bridge, root
1917
1918 # ip_lib
1919 ip: IpFilter, ip, root
1920 ip_exec: IpNetnsExecFilter, ip, root
1921
1922 # shell (for piped commands)
1923 sh: CommandFilter, sh, root
1924 mpls_ovs_dataplane:
1925 pods:
1926 - bagpipe_bgp
1927 content: |
1928 # bagpipe-bgp-rootwrap command filters for nodes on which bagpipe-bgp is
1929 # expected to control MPLS OpenVSwitch dataplane
1930 #
1931 # This file should be owned by (and only-writeable by) the root user
1932
1933 # format seems to be
1934 # cmd-name: filter-name, raw-command, user, args
1935
1936 [Filters]
1937
1938 # openvswitch
1939 ovs-vsctl: CommandFilter, ovs-vsctl, root
1940 ovs-ofctl: CommandFilter, ovs-ofctl, root
1941
1942 # ip_lib
1943 ip: IpFilter, ip, root
1944 ip_exec: IpNetnsExecFilter, ip, root
1945
1946 # shell (for piped commands)
1947 sh: CommandFilter, sh, root
1948 neutron:
1949 DEFAULT:
1950 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
1951 log_config_append: /etc/neutron/logging.conf
1952 # NOTE(portdirect): the bind port should not be defined, and is manipulated
1953 # via the endpoints section.
1954 bind_port: null
1955 default_availability_zones: nova
1956 api_workers: 1
1957 rpc_workers: 4
1958 allow_overlapping_ips: True
1959 state_path: /var/lib/neutron
1960 # core_plugin can be: ml2, calico
1961 core_plugin: ml2
1962 # service_plugin can be: router, odl-router, empty for calico,
1963 # networking_ovn.l3.l3_ovn.OVNL3RouterPlugin for OVN
1964 service_plugins: router
1965 allow_automatic_l3agent_failover: True
1966 l3_ha: True
1967 max_l3_agents_per_router: 2
1968 l3_ha_network_type: vxlan
1969 network_auto_schedule: True
1970 router_auto_schedule: True
1971 # (NOTE)portdirect: if unset this is populated dynamically from the value in
1972 # 'network.backend' to sane defaults.
1973 interface_driver: null
1974 oslo_concurrency:
1975 lock_path: /var/lib/neutron/tmp
1976 database:
1977 max_retries: -1
1978 agent:
1979 root_helper: sudo /var/lib/openstack/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
1980 root_helper_daemon: sudo /var/lib/openstack/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
1981 oslo_messaging_notifications:
1982 driver: messagingv2
1983 oslo_messaging_rabbit:
1984 rabbit_ha_queues: true
1985 oslo_middleware:
1986 enable_proxy_headers_parsing: true
1987 oslo_policy:
1988 policy_file: /etc/neutron/policy.yaml
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]1989 ovn:
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]1990 ovn_metadata_enabled: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1991 nova:
1992 auth_type: password
1993 auth_version: v3
1994 endpoint_type: internal
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]1995 placement:
1996 auth_type: password
1997 auth_version: v3
1998 endpoint_type: internal
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1999 designate:
2000 auth_type: password
2001 auth_version: v3
2002 endpoint_type: internal
2003 allow_reverse_dns_lookup: true
2004 ironic:
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]2005 auth_type: password
2006 auth_version: v3
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2007 endpoint_type: internal
2008 keystone_authtoken:
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]2009 service_token_roles: service
2010 service_token_roles_required: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2011 memcache_security_strategy: ENCRYPT
2012 auth_type: password
2013 auth_version: v3
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]2014 service_type: network
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2015 octavia:
2016 request_poll_timeout: 3000
2017 logging:
2018 loggers:
2019 keys:
2020 - root
2021 - neutron
2022 - neutron_taas
2023 handlers:
2024 keys:
2025 - stdout
2026 - stderr
2027 - "null"
2028 formatters:
2029 keys:
2030 - context
2031 - default
2032 logger_root:
2033 level: WARNING
2034 handlers: 'null'
2035 logger_neutron:
2036 level: INFO
2037 handlers:
2038 - stdout
2039 qualname: neutron
2040 logger_neutron_taas:
2041 level: INFO
2042 handlers:
2043 - stdout
2044 qualname: neutron_taas
2045 logger_amqp:
2046 level: WARNING
2047 handlers: stderr
2048 qualname: amqp
2049 logger_amqplib:
2050 level: WARNING
2051 handlers: stderr
2052 qualname: amqplib
2053 logger_eventletwsgi:
2054 level: WARNING
2055 handlers: stderr
2056 qualname: eventlet.wsgi.server
2057 logger_sqlalchemy:
2058 level: WARNING
2059 handlers: stderr
2060 qualname: sqlalchemy
2061 logger_boto:
2062 level: WARNING
2063 handlers: stderr
2064 qualname: boto
2065 handler_null:
2066 class: logging.NullHandler
2067 formatter: default
2068 args: ()
2069 handler_stdout:
2070 class: StreamHandler
2071 args: (sys.stdout,)
2072 formatter: context
2073 handler_stderr:
2074 class: StreamHandler
2075 args: (sys.stderr,)
2076 formatter: context
2077 formatter_context:
2078 class: oslo_log.formatters.ContextFormatter
2079 datefmt: "%Y-%m-%d %H:%M:%S"
2080 formatter_default:
2081 format: "%(message)s"
2082 datefmt: "%Y-%m-%d %H:%M:%S"
2083 plugins:
2084 ml2_conf:
2085 ml2:
2086 extension_drivers: port_security
2087 # (NOTE)portdirect: if unset this is populated dyanmicly from the value
2088 # in 'network.backend' to sane defaults.
2089 mechanism_drivers: null
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]2090 type_drivers: flat,vlan,vxlan,local
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2091 tenant_network_types: vxlan
2092 ml2_type_vxlan:
2093 vni_ranges: 1:1000
2094 vxlan_group: 239.1.1.1
2095 ml2_type_flat:
2096 flat_networks: "*"
2097 # If you want to use the external network as a tagged provider network,
2098 # a range should be specified including the intended VLAN target
2099 # using ml2_type_vlan.network_vlan_ranges:
2100 # ml2_type_vlan:
2101 # network_vlan_ranges: "external:1100:1110"
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]2102 ml2_type_geneve:
2103 vni_ranges: 1:65536
2104 max_header_size: 38
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2105 agent:
2106 extensions: ""
2107 ml2_conf_sriov: null
2108 taas:
2109 taas:
2110 enabled: False
2111 openvswitch_agent:
2112 agent:
2113 tunnel_types: vxlan
2114 l2_population: True
2115 arp_responder: True
2116 ovs:
2117 bridge_mappings: "external:br-ex"
2118 securitygroup:
2119 firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
2120 linuxbridge_agent:
2121 linux_bridge:
2122 # To define Flat and VLAN connections, in LB we can assign
2123 # specific interface to the flat/vlan network name using:
2124 # physical_interface_mappings: "external:eth3"
2125 # Or we can set the mapping between the network and bridge:
2126 bridge_mappings: "external:br-ex"
2127 # The two above options are exclusive, do not use both of them at once
2128 securitygroup:
2129 firewall_driver: iptables
2130 vxlan:
2131 l2_population: True
2132 arp_responder: True
2133 macvtap_agent: null
2134 sriov_agent:
2135 securitygroup:
2136 firewall_driver: neutron.agent.firewall.NoopFirewallDriver
2137 sriov_nic:
2138 physical_device_mappings: physnet2:enp3s0f1
2139 # NOTE: do not use null here, use an empty string
2140 exclude_devices: ""
2141 dhcp_agent:
2142 DEFAULT:
2143 # (NOTE)portdirect: if unset this is populated dyanmicly from the value in
2144 # 'network.backend' to sane defaults.
2145 interface_driver: null
2146 dnsmasq_config_file: /etc/neutron/dnsmasq.conf
2147 force_metadata: True
2148 dnsmasq: |
2149 #no-hosts
2150 #port=5353
2151 #cache-size=500
2152 #no-negcache
2153 #dns-forward-max=100
2154 #resolve-file=
2155 #strict-order
2156 #bind-interface
2157 #bind-dynamic
2158 #domain=
2159 #dhcp-range=10.10.10.10,10.10.10.100,24h
2160 #dhcp-lease-max=150
2161 #dhcp-host=11:22:33:44:55:66,ignore
2162 #dhcp-option=3,10.10.10.1
2163 #dhcp-option-force=26,1450
2164
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]2165 neutron_vpnaas: null
2166 ovn_vpn_agent:
2167 DEFAULT:
2168 interface_driver: openvswitch
2169 vpnagent:
2170 vpn_device_driver: neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver
2171 ovs:
2172 ovsdb_connection: unix:/run/openvswitch/db.sock
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2173 l3_agent:
2174 DEFAULT:
2175 # (NOTE)portdirect: if unset this is populated dyanmicly from the value in
2176 # 'network.backend' to sane defaults.
2177 interface_driver: null
2178 agent_mode: legacy
2179 metering_agent: null
2180 metadata_agent:
2181 DEFAULT:
2182 # we cannot change the proxy socket path as it is declared
2183 # as a hostPath volume from agent daemonsets
2184 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
2185 metadata_proxy_shared_secret: "password"
2186 cache:
2187 enabled: true
2188 backend: dogpile.cache.memcached
2189 bagpipe_bgp: {}
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]2190 ovn_metadata_agent:
2191 DEFAULT:
2192 # we cannot change the proxy socket path as it is declared
2193 # as a hostPath volume from agent daemonsets
2194 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
2195 metadata_proxy_shared_secret: "password"
2196 metadata_workers: 2
2197 cache:
2198 enabled: true
2199 backend: dogpile.cache.memcached
2200 ovs:
2201 ovsdb_connection: unix:/run/openvswitch/db.sock
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]2202 bgp_dragent: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2203
2204 rabbitmq:
2205 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
2206 policies:
2207 - vhost: "neutron"
2208 name: "ha_ttl_neutron"
2209 definition:
2210 # mirror messges to other nodes in rmq cluster
2211 ha-mode: "all"
2212 ha-sync-mode: "automatic"
2213 # 70s
2214 message-ttl: 70000
2215 priority: 0
2216 apply-to: all
2217 pattern: '^(?!(amq\.|reply_)).*'
2218 ## NOTE: "besteffort" is meant for dev env with mixed compute type only.
2219 ## This helps prevent sriov init script from failing due to mis-matched NIC
2220 ## For prod env, target NIC should match and init script should fail otherwise.
2221 ## sriov_init:
2222 ## - besteffort
2223 sriov_init:
2224 -
2225 # auto_bridge_add is a table of "bridge: interface" pairs
2226 # To automatically add a physical interfaces to a specific bridges,
2227 # for example eth3 to bridge br-physnet1, if0 to br0 and iface_two
2228 # to br1 do something like:
2229 #
2230 # auto_bridge_add:
2231 # br-physnet1: eth3
2232 # br0: if0
2233 # br1: iface_two
2234 # br-ex will be added by default
2235 auto_bridge_add:
2236 br-ex: null
2237
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]2238 # Network off-loading configuration
2239 netoffload:
ricolin18e6fd32023-07-17 06:17:15 +0000[diff] [blame]2240 enabled: false
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]2241 asap2:
2242 # - dev: enp97s0f0
2243 # vfs: 16
2244
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2245 # configuration of OVS DPDK bridges and NICs
2246 # this is a separate section and not part of the auto_bridge_add section
2247 # because additional parameters are needed
2248 ovs_dpdk:
2249 enabled: false
2250 # setting update_dpdk_bond_config to true will have default behavior,
2251 # which may cause disruptions in ovs dpdk traffic in case of neutron
2252 # ovs agent restart or when dpdk nic/bond configurations are changed.
2253 # Setting this to false will configure dpdk in the first run and
2254 # disable nic/bond config on event of restart or config update.
2255 update_dpdk_bond_config: true
2256 driver: uio_pci_generic
2257 # In case bonds are configured, the nics which are part of those bonds
2258 # must NOT be provided here.
2259 nics:
2260 - name: dpdk0
2261 pci_id: '0000:05:00.0'
2262 # Set VF Index in case some particular VF(s) need to be
2263 # used with ovs-dpdk.
2264 # vf_index: 0
2265 bridge: br-phy
2266 migrate_ip: true
2267 n_rxq: 2
2268 n_txq: 2
2269 pmd_rxq_affinity: "0:3,1:27"
2270 ofport_request: 1
2271 # optional parameters for tuning the OVS DPDK config
2272 # in alignment with the available hardware resources
2273 # mtu: 2000
2274 # n_rxq_size: 1024
2275 # n_txq_size: 1024
2276 # vhost-iommu-support: true
2277 bridges:
2278 - name: br-phy
2279 # optional parameter, in case tunnel traffic needs to be transported over a vlan underlay
2280 # - tunnel_underlay_vlan: 45
2281 # Optional parameter for configuring bonding in OVS-DPDK
2282 # - name: br-phy-bond0
2283 # bonds:
2284 # - name: dpdkbond0
2285 # bridge: br-phy-bond0
2286 # # The IP from the first nic in nics list shall be used
2287 # migrate_ip: true
2288 # mtu: 2000
2289 # # Please note that n_rxq is set for each NIC individually
2290 # # rather than denoting the total number of rx queues for
2291 # # the bond as a whole. So setting n_rxq = 2 below for ex.
2292 # # would be 4 rx queues in total for the bond.
2293 # # Same for n_txq
2294 # n_rxq: 2
2295 # n_txq: 2
2296 # ofport_request: 1
2297 # n_rxq_size: 1024
2298 # n_txq_size: 1024
2299 # vhost-iommu-support: true
2300 # ovs_options: "bond_mode=active-backup"
2301 # nics:
2302 # - name: dpdk_b0s0
2303 # pci_id: '0000:06:00.0'
2304 # pmd_rxq_affinity: "0:3,1:27"
2305 # # Set VF Index in case some particular VF(s) need to be
2306 # # used with ovs-dpdk. In which case pci_id of PF must be
2307 # # provided above.
2308 # # vf_index: 0
2309 # - name: dpdk_b0s1
2310 # pci_id: '0000:07:00.0'
2311 # pmd_rxq_affinity: "0:3,1:27"
2312 # # Set VF Index in case some particular VF(s) need to be
2313 # # used with ovs-dpdk. In which case pci_id of PF must be
2314 # # provided above.
2315 # # vf_index: 0
2316 #
2317 # Set the log level for each target module (default level is always dbg)
2318 # Supported log levels are: off, emer, err, warn, info, dbg
2319 #
2320 # modules:
2321 # - name: dpdk
2322 # log_level: info
2323
2324# Names of secrets used by bootstrap and environmental checks
2325secrets:
2326 identity:
2327 admin: neutron-keystone-admin
2328 neutron: neutron-keystone-user
2329 test: neutron-keystone-test
2330 oslo_db:
2331 admin: neutron-db-admin
2332 neutron: neutron-db-user
2333 oslo_messaging:
2334 admin: neutron-rabbitmq-admin
2335 neutron: neutron-rabbitmq-user
2336 tls:
2337 compute_metadata:
2338 metadata:
2339 internal: metadata-tls-metadata
2340 network:
2341 server:
2342 public: neutron-tls-public
2343 internal: neutron-tls-server
2344 oci_image_registry:
2345 neutron: neutron-oci-image-registry
2346
2347# typically overridden by environmental
2348# values, but should include all endpoints
2349# required by this chart
2350endpoints:
2351 cluster_domain_suffix: cluster.local
2352 local_image_registry:
2353 name: docker-registry
2354 namespace: docker-registry
2355 hosts:
2356 default: localhost
2357 internal: docker-registry
2358 node: localhost
2359 host_fqdn_override:
2360 default: null
2361 port:
2362 registry:
2363 node: 5000
2364 oci_image_registry:
2365 name: oci-image-registry
2366 namespace: oci-image-registry
2367 auth:
2368 enabled: false
2369 neutron:
2370 username: neutron
2371 password: password
2372 hosts:
2373 default: localhost
2374 host_fqdn_override:
2375 default: null
2376 port:
2377 registry:
2378 default: null
2379 oslo_db:
2380 auth:
2381 admin:
2382 username: root
2383 password: password
2384 secret:
2385 tls:
2386 internal: mariadb-tls-direct
2387 neutron:
2388 username: neutron
2389 password: password
2390 hosts:
2391 default: mariadb
2392 host_fqdn_override:
2393 default: null
2394 path: /neutron
2395 scheme: mysql+pymysql
2396 port:
2397 mysql:
2398 default: 3306
2399 oslo_messaging:
2400 auth:
2401 admin:
2402 username: rabbitmq
2403 password: password
2404 secret:
2405 tls:
2406 internal: rabbitmq-tls-direct
2407 neutron:
2408 username: neutron
2409 password: password
2410 statefulset:
2411 replicas: 2
2412 name: rabbitmq-rabbitmq
2413 hosts:
2414 default: rabbitmq
2415 host_fqdn_override:
2416 default: null
2417 path: /neutron
2418 scheme: rabbit
2419 port:
2420 amqp:
2421 default: 5672
2422 http:
2423 default: 15672
2424 oslo_cache:
2425 auth:
2426 # NOTE(portdirect): this is used to define the value for keystone
2427 # authtoken cache encryption key, if not set it will be populated
2428 # automatically with a random value, but to take advantage of
2429 # this feature all services should be set to use the same key,
2430 # and memcache service.
2431 memcache_secret_key: null
2432 hosts:
2433 default: memcached
2434 host_fqdn_override:
2435 default: null
2436 port:
2437 memcache:
2438 default: 11211
2439 compute:
2440 name: nova
2441 hosts:
2442 default: nova-api
2443 public: nova
2444 host_fqdn_override:
2445 default: null
2446 path:
2447 default: "/v2.1/%(tenant_id)s"
2448 scheme:
2449 default: 'http'
2450 port:
2451 api:
2452 default: 8774
2453 public: 80
2454 novncproxy:
2455 default: 6080
2456 compute_metadata:
2457 name: nova
2458 hosts:
2459 default: nova-metadata
2460 public: metadata
2461 host_fqdn_override:
2462 default: null
2463 path:
2464 default: /
2465 scheme:
2466 default: 'http'
2467 port:
2468 metadata:
2469 default: 8775
2470 public: 80
2471 identity:
2472 name: keystone
2473 auth:
2474 admin:
2475 region_name: RegionOne
2476 username: admin
2477 password: password
2478 project_name: admin
2479 user_domain_name: default
2480 project_domain_name: default
2481 neutron:
Mohammed Naserda994232024-04-13 12:34:01 -0400[diff] [blame]2482 role: admin,service
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2483 region_name: RegionOne
2484 username: neutron
2485 password: password
2486 project_name: service
2487 user_domain_name: service
2488 project_domain_name: service
2489 nova:
2490 region_name: RegionOne
2491 project_name: service
2492 username: nova
2493 password: password
2494 user_domain_name: service
2495 project_domain_name: service
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]2496 placement:
2497 region_name: RegionOne
2498 project_name: service
2499 username: placement
2500 password: password
2501 user_domain_name: service
2502 project_domain_name: service
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2503 designate:
2504 region_name: RegionOne
2505 project_name: service
2506 username: designate
2507 password: password
2508 user_domain_name: service
2509 project_domain_name: service
2510 ironic:
2511 region_name: RegionOne
2512 project_name: service
2513 username: ironic
2514 password: password
2515 user_domain_name: service
2516 project_domain_name: service
2517 test:
2518 role: admin
2519 region_name: RegionOne
2520 username: neutron-test
2521 password: password
2522 # NOTE: this project will be purged and reset if
2523 # conf.rally_tests.force_project_purge is set to true
2524 # which may be required upon test failure, but be aware that this will
2525 # expunge all openstack objects, so if this is used a seperate project
2526 # should be used for each helm test, and also it should be ensured
2527 # that this project is not in use by other tenants
2528 project_name: test
2529 user_domain_name: service
2530 project_domain_name: service
2531 hosts:
2532 default: keystone
2533 internal: keystone-api
2534 host_fqdn_override:
2535 default: null
2536 path:
2537 default: /v3
2538 scheme:
2539 default: http
2540 port:
2541 api:
2542 default: 80
2543 internal: 5000
2544 network:
2545 name: neutron
2546 hosts:
2547 default: neutron-server
2548 public: neutron
2549 host_fqdn_override:
2550 default: null
2551 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
2552 # endpoints using the following format:
2553 # public:
2554 # host: null
2555 # tls:
2556 # crt: null
2557 # key: null
2558 path:
2559 default: null
2560 scheme:
2561 default: 'http'
2562 service: 'http'
2563 port:
2564 api:
2565 default: 9696
2566 public: 80
2567 service: 9696
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]2568 policy_server:
2569 default: 9697
2570 public: 80
2571 service: 9697
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2572 load_balancer:
2573 name: octavia
2574 hosts:
2575 default: octavia-api
2576 public: octavia
2577 host_fqdn_override:
2578 default: null
2579 path:
2580 default: null
2581 scheme:
2582 default: http
2583 port:
2584 api:
2585 default: 9876
2586 public: 80
2587 fluentd:
2588 namespace: osh-infra
2589 name: fluentd
2590 hosts:
2591 default: fluentd-logging
2592 host_fqdn_override:
2593 default: null
2594 path:
2595 default: null
2596 scheme: 'http'
2597 port:
2598 service:
2599 default: 24224
2600 metrics:
2601 default: 24220
2602 dns:
2603 name: designate
2604 hosts:
2605 default: designate-api
2606 public: designate
2607 host_fqdn_override:
2608 default: null
2609 path:
2610 default: /
2611 scheme:
2612 default: 'http'
2613 port:
2614 api:
2615 default: 9001
2616 public: 80
2617 baremetal:
2618 name: ironic
2619 hosts:
2620 default: ironic-api
2621 public: ironic
2622 host_fqdn_override:
2623 default: null
2624 path:
2625 default: null
2626 scheme:
2627 default: 'http'
2628 port:
2629 api:
2630 default: 6385
2631 public: 80
2632 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
2633 # They are using to enable the Egress K8s network policy.
2634 kube_dns:
2635 namespace: kube-system
2636 name: kubernetes-dns
2637 hosts:
2638 default: kube-dns
2639 host_fqdn_override:
2640 default: null
2641 path:
2642 default: null
2643 scheme: http
2644 port:
2645 dns:
2646 default: 53
2647 protocol: UDP
2648 ingress:
2649 namespace: null
2650 name: ingress
2651 hosts:
2652 default: ingress
2653 port:
2654 ingress:
2655 default: 80
2656
2657network_policy:
2658 neutron:
2659 # TODO(lamt): Need to tighten this ingress for security.
2660 ingress:
2661 - {}
2662 egress:
2663 - {}
2664
2665helm3_hook: true
2666
2667health_probe:
2668 logging:
2669 level: ERROR
2670
2671tls:
2672 identity: false
2673 oslo_messaging: false
2674 oslo_db: false
2675
2676manifests:
2677 certificates: false
2678 configmap_bin: true
2679 configmap_etc: true
2680 daemonset_dhcp_agent: true
2681 daemonset_l3_agent: true
2682 daemonset_lb_agent: true
2683 daemonset_metadata_agent: true
2684 daemonset_ovs_agent: true
2685 daemonset_sriov_agent: true
2686 daemonset_l2gw_agent: false
2687 daemonset_bagpipe_bgp: false
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]2688 daemonset_bgp_dragent: false
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2689 daemonset_netns_cleanup_cron: true
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]2690 daemonset_ovn_metadata_agent: false
2691 daemonset_ovn_vpn_agent: false
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2692 deployment_ironic_agent: false
2693 deployment_server: true
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]2694 deployment_rpc_server: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2695 ingress_server: true
2696 job_bootstrap: true
2697 job_db_init: true
2698 job_db_sync: true
2699 job_db_drop: false
2700 job_image_repo_sync: true
2701 job_ks_endpoints: true
2702 job_ks_service: true
2703 job_ks_user: true
2704 job_rabbit_init: true
2705 pdb_server: true
2706 pod_rally_test: true
2707 network_policy: false
2708 secret_db: true
2709 secret_ingress_tls: true
2710 secret_keystone: true
2711 secret_rabbitmq: true
2712 secret_registry: true
2713 service_ingress_server: true
2714 service_server: true
2715...