Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 5afa8d9afe456fe1c3cac2a2d05b14af1bb0326d / . / charts / neutron / values.yaml
blob: 83968e7cb96c8daee95c503ceea6f0bbcd322fab [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for neutron.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21images:
22 tags:
23 bootstrap: docker.io/openstackhelm/heat:stein-ubuntu_bionic
24 test: docker.io/xrally/xrally-openstack:2.0.0
25 purge_test: docker.io/openstackhelm/ospurge:latest
26 db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
27 neutron_db_sync: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
28 db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
29 rabbit_init: docker.io/rabbitmq:3.7-management
30 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
31 ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic
32 ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]33 netoffload: ghcr.io/vexxhost/netoffload:v1.0.1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]34 neutron_server: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
35 neutron_dhcp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
36 neutron_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]37 neutron_ovn_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]38 neutron_l3: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
39 neutron_l2gw: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
40 neutron_openvswitch_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
41 neutron_linuxbridge_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
42 neutron_sriov_agent: docker.io/openstackhelm/neutron:stein-18.04-sriov
43 neutron_sriov_agent_init: docker.io/openstackhelm/neutron:stein-18.04-sriov
44 neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
45 neutron_ironic_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
46 neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
47 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
48 image_repo_sync: docker.io/docker:17.07.0
49 pull_policy: "IfNotPresent"
50 local_registry:
51 active: false
52 exclude:
53 - dep_check
54 - image_repo_sync
55
56labels:
57 agent:
58 dhcp:
59 node_selector_key: openstack-control-plane
60 node_selector_value: enabled
61 l3:
62 node_selector_key: openstack-control-plane
63 node_selector_value: enabled
64 metadata:
65 node_selector_key: openstack-control-plane
66 node_selector_value: enabled
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]67 ovn_metadata:
68 node_selector_key: openstack-compute-node
69 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]70 l2gw:
71 node_selector_key: openstack-control-plane
72 node_selector_value: enabled
73 job:
74 node_selector_key: openstack-control-plane
75 node_selector_value: enabled
76 lb:
77 node_selector_key: linuxbridge
78 node_selector_value: enabled
79 # openvswitch is a special case, requiring a special
80 # label that can apply to both control hosts
81 # and compute hosts, until we get more sophisticated
82 # with our daemonset scheduling
83 ovs:
84 node_selector_key: openvswitch
85 node_selector_value: enabled
86 sriov:
87 node_selector_key: sriov
88 node_selector_value: enabled
89 bagpipe_bgp:
90 node_selector_key: openstack-compute-node
91 node_selector_value: enabled
92 server:
93 node_selector_key: openstack-control-plane
94 node_selector_value: enabled
95 ironic_agent:
96 node_selector_key: openstack-control-plane
97 node_selector_value: enabled
98 netns_cleanup_cron:
99 node_selector_key: openstack-control-plane
100 node_selector_value: enabled
101 test:
102 node_selector_key: openstack-control-plane
103 node_selector_value: enabled
104
105network:
106 # provide what type of network wiring will be used
107 backend:
108 - openvswitch
109 # NOTE(Portdirect): Share network namespaces with the host,
110 # allowing agents to be restarted without packet loss and simpler
111 # debugging. This feature requires mount propagation support.
112 share_namespaces: true
113 interface:
114 # Tunnel interface will be used for VXLAN tunneling.
115 tunnel: null
116 # If tunnel is null there is a fallback mechanism to search
117 # for interface with routing using tunnel network cidr.
118 tunnel_network_cidr: "0/0"
119 # To perform setup of network interfaces using the SR-IOV init
120 # container you can use a section similar to:
121 # sriov:
122 # - device: ${DEV}
123 # num_vfs: 8
124 # mtu: 9214
125 # promisc: false
126 # qos:
127 # - vf_num: 0
128 # share: 10
129 # queues_per_vf:
130 # - num_queues: 16
131 # exclude_vf: 0,11,21
132 server:
133 ingress:
134 public: true
135 classes:
136 namespace: "nginx"
137 cluster: "nginx-cluster"
138 annotations:
139 nginx.ingress.kubernetes.io/rewrite-target: /
140 external_policy_local: false
141 node_port:
142 enabled: false
143 port: 30096
144
145bootstrap:
146 enabled: false
147 ks_user: neutron
148 script: |
149 openstack token issue
150
151dependencies:
152 dynamic:
153 common:
154 local_image_registry:
155 jobs:
156 - neutron-image-repo-sync
157 services:
158 - endpoint: node
159 service: local_image_registry
160 targeted:
161 sriov: {}
162 l2gateway: {}
163 bagpipe_bgp: {}
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]164 ovn: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]165 openvswitch:
166 dhcp:
167 pod:
168 - requireSameNode: true
169 labels:
170 application: neutron
171 component: neutron-ovs-agent
172 l3:
173 pod:
174 - requireSameNode: true
175 labels:
176 application: neutron
177 component: neutron-ovs-agent
178 metadata:
179 pod:
180 - requireSameNode: true
181 labels:
182 application: neutron
183 component: neutron-ovs-agent
184 linuxbridge:
185 dhcp:
186 pod:
187 - requireSameNode: true
188 labels:
189 application: neutron
190 component: neutron-lb-agent
191 l3:
192 pod:
193 - requireSameNode: true
194 labels:
195 application: neutron
196 component: neutron-lb-agent
197 metadata:
198 pod:
199 - requireSameNode: true
200 labels:
201 application: neutron
202 component: neutron-lb-agent
203 lb_agent:
204 pod: null
205 static:
206 bootstrap:
207 services:
208 - endpoint: internal
209 service: network
210 - endpoint: internal
211 service: compute
212 db_drop:
213 services:
214 - endpoint: internal
215 service: oslo_db
216 db_init:
217 services:
218 - endpoint: internal
219 service: oslo_db
220 db_sync:
221 jobs:
222 - neutron-db-init
223 services:
224 - endpoint: internal
225 service: oslo_db
226 dhcp:
227 pod: null
228 jobs:
229 - neutron-rabbit-init
230 services:
231 - endpoint: internal
232 service: oslo_messaging
233 - endpoint: internal
234 service: network
235 - endpoint: internal
236 service: compute
237 ks_endpoints:
238 jobs:
239 - neutron-ks-service
240 services:
241 - endpoint: internal
242 service: identity
243 ks_service:
244 services:
245 - endpoint: internal
246 service: identity
247 ks_user:
248 services:
249 - endpoint: internal
250 service: identity
251 rabbit_init:
252 services:
253 - service: oslo_messaging
254 endpoint: internal
255 l3:
256 pod: null
257 jobs:
258 - neutron-rabbit-init
259 services:
260 - endpoint: internal
261 service: oslo_messaging
262 - endpoint: internal
263 service: network
264 - endpoint: internal
265 service: compute
266 lb_agent:
267 pod: null
268 jobs:
269 - neutron-rabbit-init
270 services:
271 - endpoint: internal
272 service: oslo_messaging
273 - endpoint: internal
274 service: network
275 metadata:
276 pod: null
277 jobs:
278 - neutron-rabbit-init
279 services:
280 - endpoint: internal
281 service: oslo_messaging
282 - endpoint: internal
283 service: network
284 - endpoint: internal
285 service: compute
286 - endpoint: public
287 service: compute_metadata
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]288 ovn_metadata:
289 pod: null
290 jobs:
291 - neutron-rabbit-init
292 services:
293 - endpoint: internal
294 service: oslo_messaging
295 - endpoint: internal
296 service: network
297 - endpoint: internal
298 service: compute
299 - endpoint: public
300 service: compute_metadata
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]301 ovs_agent:
302 jobs:
303 - neutron-rabbit-init
304 pod:
305 - requireSameNode: true
306 labels:
307 application: openvswitch
308 component: server
309 services:
310 - endpoint: internal
311 service: oslo_messaging
312 - endpoint: internal
313 service: network
314 server:
315 jobs:
316 - neutron-db-sync
317 - neutron-ks-user
318 - neutron-ks-endpoints
319 - neutron-rabbit-init
320 services:
321 - endpoint: internal
322 service: oslo_db
323 - endpoint: internal
324 service: oslo_messaging
325 - endpoint: internal
326 service: oslo_cache
327 - endpoint: internal
328 service: identity
329 ironic_agent:
330 jobs:
331 - neutron-db-sync
332 - neutron-ks-user
333 - neutron-ks-endpoints
334 - neutron-rabbit-init
335 services:
336 - endpoint: internal
337 service: oslo_db
338 - endpoint: internal
339 service: oslo_messaging
340 - endpoint: internal
341 service: oslo_cache
342 - endpoint: internal
343 service: identity
344 tests:
345 services:
346 - endpoint: internal
347 service: network
348 - endpoint: internal
349 service: compute
350 image_repo_sync:
351 services:
352 - endpoint: internal
353 service: local_image_registry
354
355pod:
356 use_fqdn:
357 neutron_agent: true
358 probes:
359 rpc_timeout: 60
360 rpc_retries: 2
361 dhcp_agent:
362 dhcp_agent:
363 readiness:
364 enabled: true
365 params:
366 initialDelaySeconds: 30
367 periodSeconds: 190
368 timeoutSeconds: 185
369 liveness:
370 enabled: true
371 params:
372 initialDelaySeconds: 120
373 periodSeconds: 600
374 timeoutSeconds: 580
375 l3_agent:
376 l3_agent:
377 readiness:
378 enabled: true
379 params:
380 initialDelaySeconds: 30
381 periodSeconds: 190
382 timeoutSeconds: 185
383 liveness:
384 enabled: true
385 params:
386 initialDelaySeconds: 120
387 periodSeconds: 600
388 timeoutSeconds: 580
389 lb_agent:
390 lb_agent:
391 readiness:
392 enabled: true
393 metadata_agent:
394 metadata_agent:
395 readiness:
396 enabled: true
397 params:
398 initialDelaySeconds: 30
399 periodSeconds: 190
400 timeoutSeconds: 185
401 liveness:
402 enabled: true
403 params:
404 initialDelaySeconds: 120
405 periodSeconds: 600
406 timeoutSeconds: 580
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]407 ovn_metadata_agent:
408 ovn_metadata_agent:
409 readiness:
410 enabled: true
411 params:
412 initialDelaySeconds: 30
413 periodSeconds: 190
414 timeoutSeconds: 185
415 liveness:
416 enabled: true
417 params:
418 initialDelaySeconds: 120
419 periodSeconds: 600
420 timeoutSeconds: 580
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]421 ovs_agent:
422 ovs_agent:
423 readiness:
424 enabled: true
425 params:
426 liveness:
427 enabled: true
428 params:
429 initialDelaySeconds: 120
430 periodSeconds: 600
431 timeoutSeconds: 580
432 sriov_agent:
433 sriov_agent:
434 readiness:
435 enabled: true
436 params:
437 initialDelaySeconds: 30
438 periodSeconds: 190
439 timeoutSeconds: 185
440 bagpipe_bgp:
441 bagpipe_bgp:
442 readiness:
443 enabled: true
444 params:
445 liveness:
446 enabled: true
447 params:
448 initialDelaySeconds: 60
449 l2gw_agent:
450 l2gw_agent:
451 readiness:
452 enabled: true
453 params:
454 initialDelaySeconds: 30
455 periodSeconds: 15
456 timeoutSeconds: 65
457 liveness:
458 enabled: true
459 params:
460 initialDelaySeconds: 120
461 periodSeconds: 90
462 timeoutSeconds: 70
463 server:
464 server:
465 readiness:
466 enabled: true
467 params:
468 liveness:
469 enabled: true
470 params:
471 initialDelaySeconds: 60
472 security_context:
473 neutron_dhcp_agent:
474 pod:
475 runAsUser: 42424
476 container:
477 neutron_dhcp_agent:
478 readOnlyRootFilesystem: true
479 privileged: true
480 neutron_l2gw_agent:
481 pod:
482 runAsUser: 42424
483 container:
484 neutron_l2gw_agent:
485 readOnlyRootFilesystem: true
486 privileged: true
487 neutron_bagpipe_bgp:
488 pod:
489 runAsUser: 42424
490 container:
491 neutron_bagpipe_bgp:
492 readOnlyRootFilesystem: true
493 privileged: true
494 neutron_l3_agent:
495 pod:
496 runAsUser: 42424
497 container:
498 neutron_l3_agent:
499 readOnlyRootFilesystem: true
500 privileged: true
501 neutron_lb_agent:
502 pod:
503 runAsUser: 42424
504 container:
505 neutron_lb_agent_kernel_modules:
506 capabilities:
507 add:
508 - SYS_MODULE
509 - SYS_CHROOT
510 runAsUser: 0
511 readOnlyRootFilesystem: true
512 neutron_lb_agent_init:
513 privileged: true
514 runAsUser: 0
515 readOnlyRootFilesystem: true
516 neutron_lb_agent:
517 readOnlyRootFilesystem: true
518 privileged: true
519 neutron_metadata_agent:
520 pod:
521 runAsUser: 42424
522 container:
523 neutron_metadata_agent_init:
524 runAsUser: 0
525 readOnlyRootFilesystem: true
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]526 neutron_ovn_metadata_agent:
527 pod:
528 runAsUser: 42424
529 container:
530 neutron_ovn_metadata_agent_init:
531 runAsUser: 0
532 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]533 neutron_ovs_agent:
534 pod:
535 runAsUser: 42424
536 container:
537 neutron_openvswitch_agent_kernel_modules:
538 capabilities:
539 add:
540 - SYS_MODULE
541 - SYS_CHROOT
542 runAsUser: 0
543 readOnlyRootFilesystem: true
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]544 netoffload:
545 privileged: true
546 runAsUser: 0
547 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]548 neutron_ovs_agent_init:
549 privileged: true
550 runAsUser: 0
551 readOnlyRootFilesystem: true
552 neutron_ovs_agent:
553 readOnlyRootFilesystem: true
554 privileged: true
555 neutron_server:
556 pod:
557 runAsUser: 42424
558 container:
559 nginx:
560 runAsUser: 0
561 readOnlyRootFilesystem: false
562 neutron_server:
563 allowPrivilegeEscalation: false
564 readOnlyRootFilesystem: true
565 neutron_sriov_agent:
566 pod:
567 runAsUser: 42424
568 container:
569 neutron_sriov_agent_init:
570 privileged: true
571 runAsUser: 0
572 readOnlyRootFilesystem: false
573 neutron_sriov_agent:
574 readOnlyRootFilesystem: true
575 privileged: true
576 neutron_ironic_agent:
577 pod:
578 runAsUser: 42424
579 container:
580 neutron_ironic_agent:
581 allowPrivilegeEscalation: false
582 readOnlyRootFilesystem: true
583 neutron_netns_cleanup_cron:
584 pod:
585 runAsUser: 42424
586 container:
587 neutron_netns_cleanup_cron:
588 readOnlyRootFilesystem: true
589 privileged: true
590 affinity:
591 anti:
592 type:
593 default: preferredDuringSchedulingIgnoredDuringExecution
594 topologyKey:
595 default: kubernetes.io/hostname
596 weight:
597 default: 10
598 tolerations:
599 neutron:
600 enabled: false
601 tolerations:
602 - key: node-role.kubernetes.io/master
603 operator: Exists
604 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]605 - key: node-role.kubernetes.io/control-plane
606 operator: Exists
607 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]608 mounts:
609 neutron_server:
610 init_container: null
611 neutron_server:
612 volumeMounts:
613 volumes:
614 neutron_dhcp_agent:
615 init_container: null
616 neutron_dhcp_agent:
617 volumeMounts:
618 volumes:
619 neutron_l3_agent:
620 init_container: null
621 neutron_l3_agent:
622 volumeMounts:
623 volumes:
624 neutron_lb_agent:
625 init_container: null
626 neutron_lb_agent:
627 volumeMounts:
628 volumes:
629 neutron_metadata_agent:
630 init_container: null
631 neutron_metadata_agent:
632 volumeMounts:
633 volumes:
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]634 neutron_ovn_metadata_agent:
635 init_container: null
636 neutron_ovn_metadata_agent:
637 volumeMounts:
638 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]639 neutron_ovs_agent:
640 init_container: null
641 neutron_ovs_agent:
642 volumeMounts:
643 volumes:
644 neutron_sriov_agent:
645 init_container: null
646 neutron_sriov_agent:
647 volumeMounts:
648 volumes:
649 neutron_l2gw_agent:
650 init_container: null
651 neutron_l2gw_agent:
652 volumeMounts:
653 volumes:
654 bagpipe_bgp:
655 init_container: null
656 bagpipe_bgp:
657 volumeMounts:
658 volumes:
659 neutron_ironic_agent:
660 init_container: null
661 neutron_ironic_agent:
662 volumeMounts:
663 volumes:
664 neutron_netns_cleanup_cron:
665 init_container: null
666 neutron_netns_cleanup_cron:
667 volumeMounts:
668 volumes:
669 neutron_tests:
670 init_container: null
671 neutron_tests:
672 volumeMounts:
673 volumes:
674 neutron_bootstrap:
675 init_container: null
676 neutron_bootstrap:
677 volumeMounts:
678 volumes:
679 neutron_db_sync:
680 neutron_db_sync:
681 volumeMounts:
682 - name: db-sync-conf
683 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
684 subPath: ml2_conf.ini
685 readOnly: true
686 volumes:
687 replicas:
688 server: 1
689 ironic_agent: 1
690 lifecycle:
691 upgrades:
692 deployments:
693 revision_history: 3
694 pod_replacement_strategy: RollingUpdate
695 rolling_update:
696 max_unavailable: 1
697 max_surge: 3
698 daemonsets:
699 pod_replacement_strategy: RollingUpdate
700 dhcp_agent:
701 enabled: true
702 min_ready_seconds: 0
703 max_unavailable: 1
704 l3_agent:
705 enabled: true
706 min_ready_seconds: 0
707 max_unavailable: 1
708 lb_agent:
709 enabled: true
710 min_ready_seconds: 0
711 max_unavailable: 1
712 metadata_agent:
713 enabled: true
714 min_ready_seconds: 0
715 max_unavailable: 1
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]716 ovn_metadata_agent:
717 enabled: true
718 min_ready_seconds: 0
719 max_unavailable: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]720 ovs_agent:
721 enabled: true
722 min_ready_seconds: 0
723 max_unavailable: 1
724 sriov_agent:
725 enabled: true
726 min_ready_seconds: 0
727 max_unavailable: 1
728 netns_cleanup_cron:
729 enabled: true
730 min_ready_seconds: 0
731 max_unavailable: 1
732 disruption_budget:
733 server:
734 min_available: 0
735 termination_grace_period:
736 server:
737 timeout: 30
738 ironic_agent:
739 timeout: 30
740 resources:
741 enabled: false
742 agent:
743 dhcp:
744 requests:
745 memory: "128Mi"
746 cpu: "100m"
747 limits:
748 memory: "1024Mi"
749 cpu: "2000m"
750 l3:
751 requests:
752 memory: "128Mi"
753 cpu: "100m"
754 limits:
755 memory: "1024Mi"
756 cpu: "2000m"
757 lb:
758 requests:
759 memory: "128Mi"
760 cpu: "100m"
761 limits:
762 memory: "1024Mi"
763 cpu: "2000m"
764 metadata:
765 requests:
766 memory: "128Mi"
767 cpu: "100m"
768 limits:
769 memory: "1024Mi"
770 cpu: "2000m"
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]771 ovn_metadata:
772 requests:
773 memory: "128Mi"
774 cpu: "100m"
775 limits:
776 memory: "1024Mi"
777 cpu: "2000m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]778 ovs:
779 requests:
780 memory: "128Mi"
781 cpu: "100m"
782 limits:
783 memory: "1024Mi"
784 cpu: "2000m"
785 sriov:
786 requests:
787 memory: "128Mi"
788 cpu: "100m"
789 limits:
790 memory: "1024Mi"
791 cpu: "2000m"
792 l2gw:
793 requests:
794 memory: "128Mi"
795 cpu: "100m"
796 limits:
797 memory: "1024Mi"
798 cpu: "2000m"
799 bagpipe_bgp:
800 requests:
801 memory: "128Mi"
802 cpu: "100m"
803 limits:
804 memory: "1024Mi"
805 cpu: "2000m"
806 server:
807 requests:
808 memory: "128Mi"
809 cpu: "100m"
810 limits:
811 memory: "1024Mi"
812 cpu: "2000m"
813 ironic_agent:
814 requests:
815 memory: "128Mi"
816 cpu: "100m"
817 limits:
818 memory: "1024Mi"
819 cpu: "2000m"
820 netns_cleanup_cron:
821 requests:
822 memory: "128Mi"
823 cpu: "100m"
824 limits:
825 memory: "1024Mi"
826 cpu: "2000m"
827 jobs:
828 bootstrap:
829 requests:
830 memory: "128Mi"
831 cpu: "100m"
832 limits:
833 memory: "1024Mi"
834 cpu: "2000m"
835 db_init:
836 requests:
837 memory: "128Mi"
838 cpu: "100m"
839 limits:
840 memory: "1024Mi"
841 cpu: "2000m"
842 rabbit_init:
843 requests:
844 memory: "128Mi"
845 cpu: "100m"
846 limits:
847 memory: "1024Mi"
848 cpu: "2000m"
849 db_sync:
850 requests:
851 memory: "128Mi"
852 cpu: "100m"
853 limits:
854 memory: "1024Mi"
855 cpu: "2000m"
856 db_drop:
857 requests:
858 memory: "128Mi"
859 cpu: "100m"
860 limits:
861 memory: "1024Mi"
862 cpu: "2000m"
863 ks_endpoints:
864 requests:
865 memory: "128Mi"
866 cpu: "100m"
867 limits:
868 memory: "1024Mi"
869 cpu: "2000m"
870 ks_service:
871 requests:
872 memory: "128Mi"
873 cpu: "100m"
874 limits:
875 memory: "1024Mi"
876 cpu: "2000m"
877 ks_user:
878 requests:
879 memory: "128Mi"
880 cpu: "100m"
881 limits:
882 memory: "1024Mi"
883 cpu: "2000m"
884 tests:
885 requests:
886 memory: "128Mi"
887 cpu: "100m"
888 limits:
889 memory: "1024Mi"
890 cpu: "2000m"
891 image_repo_sync:
892 requests:
893 memory: "128Mi"
894 cpu: "100m"
895 limits:
896 memory: "1024Mi"
897 cpu: "2000m"
898
899conf:
900 rally_tests:
901 force_project_purge: false
902 run_tempest: false
903 clean_up: |
904 # NOTE: We will make the best effort to clean up rally generated networks and routers,
905 # but should not block further automated deployment.
906 set +e
907 PATTERN="^[sc]_rally_"
908
909 ROUTERS=$(openstack router list --format=value -c Name | grep -e $PATTERN | sort | tr -d '\r')
910 NETWORKS=$(openstack network list --format=value -c Name | grep -e $PATTERN | sort | tr -d '\r')
911
912 for ROUTER in $ROUTERS
913 do
914 openstack router unset --external-gateway $ROUTER
915 openstack router set --disable --no-ha $ROUTER
916
917 SUBNS=$(openstack router show $ROUTER -c interfaces_info --format=value | python -m json.tool | grep -oP '(?<="subnet_id": ")[a-f0-9\-]{36}(?=")' | sort | uniq)
918 for SUBN in $SUBNS
919 do
920 openstack router remove subnet $ROUTER $SUBN
921 done
922
923 for PORT in $(openstack port list --router $ROUTER --format=value -c ID | tr -d '\r')
924 do
925 openstack router remove port $ROUTER $PORT
926 done
927
928 openstack router delete $ROUTER
929 done
930
931 for NETWORK in $NETWORKS
932 do
933 for PORT in $(openstack port list --network $NETWORK --format=value -c ID | tr -d '\r')
934 do
935 openstack port delete $PORT
936 done
937 openstack network delete $NETWORK
938 done
939 set -e
940 tests:
941 NeutronNetworks.create_and_delete_networks:
942 - args:
943 network_create_args: {}
944 context:
945 quotas:
946 neutron:
947 network: -1
948 runner:
949 concurrency: 1
950 times: 1
951 type: constant
952 sla:
953 failure_rate:
954 max: 0
955 NeutronNetworks.create_and_delete_ports:
956 - args:
957 network_create_args: {}
958 port_create_args: {}
959 ports_per_network: 10
960 context:
961 network: {}
962 quotas:
963 neutron:
964 network: -1
965 port: -1
966 runner:
967 concurrency: 1
968 times: 1
969 type: constant
970 sla:
971 failure_rate:
972 max: 0
973 NeutronNetworks.create_and_delete_routers:
974 - args:
975 network_create_args: {}
976 router_create_args: {}
977 subnet_cidr_start: 1.1.0.0/30
978 subnet_create_args: {}
979 subnets_per_network: 2
980 context:
981 network: {}
982 quotas:
983 neutron:
984 network: -1
985 router: -1
986 subnet: -1
987 runner:
988 concurrency: 1
989 times: 1
990 type: constant
991 sla:
992 failure_rate:
993 max: 0
994 NeutronNetworks.create_and_delete_subnets:
995 - args:
996 network_create_args: {}
997 subnet_cidr_start: 1.1.0.0/30
998 subnet_create_args: {}
999 subnets_per_network: 2
1000 context:
1001 network: {}
1002 quotas:
1003 neutron:
1004 network: -1
1005 subnet: -1
1006 runner:
1007 concurrency: 1
1008 times: 1
1009 type: constant
1010 sla:
1011 failure_rate:
1012 max: 0
1013 NeutronNetworks.create_and_list_routers:
1014 - args:
1015 network_create_args: {}
1016 router_create_args: {}
1017 subnet_cidr_start: 1.1.0.0/30
1018 subnet_create_args: {}
1019 subnets_per_network: 2
1020 context:
1021 network: {}
1022 quotas:
1023 neutron:
1024 network: -1
1025 router: -1
1026 subnet: -1
1027 runner:
1028 concurrency: 1
1029 times: 1
1030 type: constant
1031 sla:
1032 failure_rate:
1033 max: 0
1034 NeutronNetworks.create_and_list_subnets:
1035 - args:
1036 network_create_args: {}
1037 subnet_cidr_start: 1.1.0.0/30
1038 subnet_create_args: {}
1039 subnets_per_network: 2
1040 context:
1041 network: {}
1042 quotas:
1043 neutron:
1044 network: -1
1045 subnet: -1
1046 runner:
1047 concurrency: 1
1048 times: 1
1049 type: constant
1050 sla:
1051 failure_rate:
1052 max: 0
1053 NeutronNetworks.create_and_show_network:
1054 - args:
1055 network_create_args: {}
1056 context:
1057 quotas:
1058 neutron:
1059 network: -1
1060 runner:
1061 concurrency: 1
1062 times: 1
1063 type: constant
1064 sla:
1065 failure_rate:
1066 max: 0
1067 NeutronNetworks.create_and_update_networks:
1068 - args:
1069 network_create_args: {}
1070 network_update_args:
1071 admin_state_up: false
1072 context:
1073 quotas:
1074 neutron:
1075 network: -1
1076 runner:
1077 concurrency: 1
1078 times: 1
1079 type: constant
1080 sla:
1081 failure_rate:
1082 max: 0
1083 NeutronNetworks.create_and_update_ports:
1084 - args:
1085 network_create_args: {}
1086 port_create_args: {}
1087 port_update_args:
1088 admin_state_up: false
1089 device_id: dummy_id
1090 device_owner: dummy_owner
1091 ports_per_network: 5
1092 context:
1093 network: {}
1094 quotas:
1095 neutron:
1096 network: -1
1097 port: -1
1098 runner:
1099 concurrency: 1
1100 times: 1
1101 type: constant
1102 sla:
1103 failure_rate:
1104 max: 0
1105 NeutronNetworks.create_and_update_routers:
1106 - args:
1107 network_create_args: {}
1108 router_create_args: {}
1109 router_update_args:
1110 admin_state_up: false
1111 subnet_cidr_start: 1.1.0.0/30
1112 subnet_create_args: {}
1113 subnets_per_network: 2
1114 context:
1115 network: {}
1116 quotas:
1117 neutron:
1118 network: -1
1119 router: -1
1120 subnet: -1
1121 runner:
1122 concurrency: 1
1123 times: 1
1124 type: constant
1125 sla:
1126 failure_rate:
1127 max: 0
1128 NeutronNetworks.create_and_update_subnets:
1129 - args:
1130 network_create_args: {}
1131 subnet_cidr_start: 1.4.0.0/16
1132 subnet_create_args: {}
1133 subnet_update_args:
1134 enable_dhcp: false
1135 subnets_per_network: 2
1136 context:
1137 network: {}
1138 quotas:
1139 neutron:
1140 network: -1
1141 subnet: -1
1142 runner:
1143 concurrency: 1
1144 times: 1
1145 type: constant
1146 sla:
1147 failure_rate:
1148 max: 0
1149 NeutronNetworks.list_agents:
1150 - args:
1151 agent_args: {}
1152 runner:
1153 concurrency: 1
1154 times: 1
1155 type: constant
1156 sla:
1157 failure_rate:
1158 max: 0
1159 NeutronSecurityGroup.create_and_list_security_groups:
1160 - args:
1161 security_group_create_args: {}
1162 context:
1163 quotas:
1164 neutron:
1165 security_group: -1
1166 runner:
1167 concurrency: 1
1168 times: 1
1169 type: constant
1170 sla:
1171 failure_rate:
1172 max: 0
1173 NeutronSecurityGroup.create_and_update_security_groups:
1174 - args:
1175 security_group_create_args: {}
1176 security_group_update_args: {}
1177 context:
1178 quotas:
1179 neutron:
1180 security_group: -1
1181 runner:
1182 concurrency: 1
1183 times: 1
1184 type: constant
1185 sla:
1186 failure_rate:
1187 max: 0
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1188 paste: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1189 policy: {}
1190 api_audit_map:
1191 DEFAULT:
1192 target_endpoint_type: None
1193 custom_actions:
1194 add_router_interface: update/add
1195 remove_router_interface: update/remove
1196 path_keywords:
1197 floatingips: ip
1198 healthmonitors: healthmonitor
1199 health_monitors: health_monitor
1200 lb: None
1201 members: member
1202 metering-labels: label
1203 metering-label-rules: rule
1204 networks: network
1205 pools: pool
1206 ports: port
1207 routers: router
1208 quotas: quota
1209 security-groups: security-group
1210 security-group-rules: rule
1211 subnets: subnet
1212 vips: vip
1213 service_endpoints:
1214 network: service/network
1215 neutron_sudoers: |
1216 # This sudoers file supports rootwrap for both Kolla and LOCI Images.
1217 Defaults !requiretty
1218 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
1219 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *, /var/lib/openstack/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
1220 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf, /var/lib/openstack/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
1221 rootwrap: |
1222 # Configuration for neutron-rootwrap
1223 # This file should be owned by (and only-writeable by) the root user
1224
1225 [DEFAULT]
1226 # List of directories to load filter definitions from (separated by ',').
1227 # These directories MUST all be only writeable by root !
1228 filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap,/var/lib/openstack/etc/neutron/rootwrap.d
1229
1230 # List of directories to search executables in, in case filters do not
1231 # explicitely specify a full path (separated by ',')
1232 # If not specified, defaults to system PATH environment variable.
1233 # These directories MUST all be only writeable by root !
1234 exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin
1235
1236 # Enable logging to syslog
1237 # Default value is False
1238 use_syslog=False
1239
1240 # Which syslog facility to use.
1241 # Valid values include auth, authpriv, syslog, local0, local1...
1242 # Default value is 'syslog'
1243 syslog_log_facility=syslog
1244
1245 # Which messages to log.
1246 # INFO means log all usage
1247 # ERROR means only log unsuccessful attempts
1248 syslog_log_level=ERROR
1249
1250 [xenapi]
1251 # XenAPI configuration is only required by the L2 agent if it is to
1252 # target a XenServer/XCP compute host's dom0.
1253 xenapi_connection_url=<None>
1254 xenapi_connection_username=root
1255 xenapi_connection_password=<None>
1256 rootwrap_filters:
1257 debug:
1258 pods:
1259 - dhcp_agent
1260 - l3_agent
1261 - lb_agent
1262 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1263 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1264 - ovs_agent
1265 - sriov_agent
1266 content: |
1267 # neutron-rootwrap command filters for nodes on which neutron is
1268 # expected to control network
1269 #
1270 # This file should be owned by (and only-writeable by) the root user
1271
1272 # format seems to be
1273 # cmd-name: filter-name, raw-command, user, args
1274
1275 [Filters]
1276
1277 # This is needed because we should ping
1278 # from inside a namespace which requires root
1279 # _alt variants allow to match -c and -w in any order
1280 # (used by NeutronDebugAgent.ping_all)
1281 ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
1282 ping_alt: RegExpFilter, ping, root, ping, -c, \d+, -w, \d+, [0-9\.]+
1283 ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+
1284 ping6_alt: RegExpFilter, ping6, root, ping6, -c, \d+, -w, \d+, [0-9A-Fa-f:]+
1285 dibbler:
1286 pods:
1287 - dhcp_agent
1288 - l3_agent
1289 - lb_agent
1290 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1291 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1292 - ovs_agent
1293 - sriov_agent
1294 content: |
1295 # neutron-rootwrap command filters for nodes on which neutron is
1296 # expected to control network
1297 #
1298 # This file should be owned by (and only-writeable by) the root user
1299
1300 # format seems to be
1301 # cmd-name: filter-name, raw-command, user, args
1302
1303 [Filters]
1304
1305 # Filters for the dibbler-based reference implementation of the pluggable
1306 # Prefix Delegation driver. Other implementations using an alternative agent
1307 # should include a similar filter in this folder.
1308
1309 # prefix_delegation_agent
1310 dibbler-client: CommandFilter, dibbler-client, root
1311 ipset_firewall:
1312 pods:
1313 - dhcp_agent
1314 - l3_agent
1315 - lb_agent
1316 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1317 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1318 - ovs_agent
1319 - sriov_agent
1320 content: |
1321 # neutron-rootwrap command filters for nodes on which neutron is
1322 # expected to control network
1323 #
1324 # This file should be owned by (and only-writeable by) the root user
1325
1326 # format seems to be
1327 # cmd-name: filter-name, raw-command, user, args
1328
1329 [Filters]
1330 # neutron/agent/linux/iptables_firewall.py
1331 # "ipset", "-A", ...
1332 ipset: CommandFilter, ipset, root
1333 l3:
1334 pods:
1335 - dhcp_agent
1336 - l3_agent
1337 - lb_agent
1338 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1339 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1340 - ovs_agent
1341 - sriov_agent
1342 content: |
1343 # neutron-rootwrap command filters for nodes on which neutron is
1344 # expected to control network
1345 #
1346 # This file should be owned by (and only-writeable by) the root user
1347
1348 # format seems to be
1349 # cmd-name: filter-name, raw-command, user, args
1350
1351 [Filters]
1352
1353 # arping
1354 arping: CommandFilter, arping, root
1355
1356 # l3_agent
1357 sysctl: CommandFilter, sysctl, root
1358 route: CommandFilter, route, root
1359 radvd: CommandFilter, radvd, root
1360
1361 # haproxy
1362 haproxy: RegExpFilter, haproxy, root, haproxy, -f, .*
1363 kill_haproxy: KillFilter, root, haproxy, -15, -9, -HUP
1364
1365 # metadata proxy
1366 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
1367 # RHEL invocation of the metadata proxy will report /usr/bin/python
1368 kill_metadata: KillFilter, root, python, -15, -9
1369 kill_metadata2: KillFilter, root, python2, -15, -9
1370 kill_metadata7: KillFilter, root, python2.7, -15, -9
1371 kill_metadata3: KillFilter, root, python3, -15, -9
1372 kill_metadata35: KillFilter, root, python3.5, -15, -9
1373 kill_metadata36: KillFilter, root, python3.6, -15, -9
1374 kill_metadata37: KillFilter, root, python3.7, -15, -9
1375 kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -15, -9, -HUP
1376 kill_radvd: KillFilter, root, /sbin/radvd, -15, -9, -HUP
1377
1378 # ip_lib
1379 ip: IpFilter, ip, root
1380 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1381 ip_exec: IpNetnsExecFilter, ip, root
1382
1383 # l3_tc_lib
1384 l3_tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
1385 l3_tc_add_qdisc_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress
1386 l3_tc_add_qdisc_egress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, root, handle, 1:, htb
1387 l3_tc_show_filters: RegExpFilter, tc, root, tc, -p, -s, -d, filter, show, dev, .+, parent, .+, prio, 1
1388 l3_tc_delete_filters: RegExpFilter, tc, root, tc, filter, del, dev, .+, parent, .+, prio, 1, handle, .+, u32
1389 l3_tc_add_filter_ingress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, dst, .+, police, rate, .+, burst, .+, drop, flowid, :1
1390 l3_tc_add_filter_egress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, src, .+, police, rate, .+, burst, .+, drop, flowid, :1
1391
1392 # For ip monitor
1393 kill_ip_monitor: KillFilter, root, ip, -9
1394
1395 # ovs_lib (if OVSInterfaceDriver is used)
1396 ovs-vsctl: CommandFilter, ovs-vsctl, root
1397
1398 # iptables_manager
1399 iptables-save: CommandFilter, iptables-save, root
1400 iptables-restore: CommandFilter, iptables-restore, root
1401 ip6tables-save: CommandFilter, ip6tables-save, root
1402 ip6tables-restore: CommandFilter, ip6tables-restore, root
1403
1404 # Keepalived
1405 keepalived: CommandFilter, keepalived, root
1406 kill_keepalived: KillFilter, root, keepalived, -HUP, -15, -9
1407
1408 # l3 agent to delete floatingip's conntrack state
1409 conntrack: CommandFilter, conntrack, root
1410
1411 # keepalived state change monitor
1412 keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root
1413 # The following filters are used to kill the keepalived state change monitor.
1414 # Since the monitor runs as a Python script, the system reports that the
1415 # command of the process to be killed is python.
1416 # TODO(mlavalle) These kill filters will be updated once we come up with a
1417 # mechanism to kill using the name of the script being executed by Python
1418 kill_keepalived_monitor_py: KillFilter, root, python, -15
1419 kill_keepalived_monitor_py27: KillFilter, root, python2.7, -15
1420 kill_keepalived_monitor_py3: KillFilter, root, python3, -15
1421 kill_keepalived_monitor_py35: KillFilter, root, python3.5, -15
1422 kill_keepalived_monitor_py36: KillFilter, root, python3.6, -15
1423 kill_keepalived_monitor_py37: KillFilter, root, python3.7, -15
1424 netns_cleanup:
1425 pods:
1426 - dhcp_agent
1427 - l3_agent
1428 - lb_agent
1429 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1430 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1431 - ovs_agent
1432 - sriov_agent
1433 - netns_cleanup_cron
1434 content: |
1435 # neutron-rootwrap command filters for nodes on which neutron is
1436 # expected to control network
1437 #
1438 # This file should be owned by (and only-writeable by) the root user
1439
1440 # format seems to be
1441 # cmd-name: filter-name, raw-command, user, args
1442
1443 [Filters]
1444
1445 # netns-cleanup
1446 netstat: CommandFilter, netstat, root
1447 dhcp:
1448 pods:
1449 - dhcp_agent
1450 - l3_agent
1451 - lb_agent
1452 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1453 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1454 - ovs_agent
1455 - sriov_agent
1456 - netns_cleanup_cron
1457 content: |
1458 # neutron-rootwrap command filters for nodes on which neutron is
1459 # expected to control network
1460 #
1461 # This file should be owned by (and only-writeable by) the root user
1462
1463 # format seems to be
1464 # cmd-name: filter-name, raw-command, user, args
1465
1466 [Filters]
1467
1468 # dhcp-agent
1469 dnsmasq: CommandFilter, dnsmasq, root
1470 # dhcp-agent uses kill as well, that's handled by the generic KillFilter
1471 # it looks like these are the only signals needed, per
1472 # neutron/agent/linux/dhcp.py
1473 kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP, -15
1474 kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP, -15
1475
1476 ovs-vsctl: CommandFilter, ovs-vsctl, root
1477 ivs-ctl: CommandFilter, ivs-ctl, root
1478 mm-ctl: CommandFilter, mm-ctl, root
1479 dhcp_release: CommandFilter, dhcp_release, root
1480 dhcp_release6: CommandFilter, dhcp_release6, root
1481
1482 # metadata proxy
1483 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
1484 # RHEL invocation of the metadata proxy will report /usr/bin/python
1485 kill_metadata: KillFilter, root, python, -9
1486 kill_metadata2: KillFilter, root, python2, -9
1487 kill_metadata7: KillFilter, root, python2.7, -9
1488 kill_metadata3: KillFilter, root, python3, -9
1489 kill_metadata35: KillFilter, root, python3.5, -9
1490 kill_metadata36: KillFilter, root, python3.6, -9
1491 kill_metadata37: KillFilter, root, python3.7, -9
1492
1493 # ip_lib
1494 ip: IpFilter, ip, root
1495 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1496 ip_exec: IpNetnsExecFilter, ip, root
1497 ebtables:
1498 pods:
1499 - dhcp_agent
1500 - l3_agent
1501 - lb_agent
1502 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1503 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1504 - ovs_agent
1505 - sriov_agent
1506 content: |
1507 # neutron-rootwrap command filters for nodes on which neutron is
1508 # expected to control network
1509 #
1510 # This file should be owned by (and only-writeable by) the root user
1511
1512 # format seems to be
1513 # cmd-name: filter-name, raw-command, user, args
1514
1515 [Filters]
1516
1517 ebtables: CommandFilter, ebtables, root
1518 iptables_firewall:
1519 pods:
1520 - dhcp_agent
1521 - l3_agent
1522 - lb_agent
1523 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1524 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1525 - ovs_agent
1526 - sriov_agent
1527 content: |
1528 # neutron-rootwrap command filters for nodes on which neutron is
1529 # expected to control network
1530 #
1531 # This file should be owned by (and only-writeable by) the root user
1532
1533 # format seems to be
1534 # cmd-name: filter-name, raw-command, user, args
1535
1536 [Filters]
1537
1538 # neutron/agent/linux/iptables_firewall.py
1539 # "iptables-save", ...
1540 iptables-save: CommandFilter, iptables-save, root
1541 iptables-restore: CommandFilter, iptables-restore, root
1542 ip6tables-save: CommandFilter, ip6tables-save, root
1543 ip6tables-restore: CommandFilter, ip6tables-restore, root
1544
1545 # neutron/agent/linux/iptables_firewall.py
1546 # "iptables", "-A", ...
1547 iptables: CommandFilter, iptables, root
1548 ip6tables: CommandFilter, ip6tables, root
1549
1550 # neutron/agent/linux/iptables_firewall.py
1551 sysctl: CommandFilter, sysctl, root
1552
1553 # neutron/agent/linux/ip_conntrack.py
1554 conntrack: CommandFilter, conntrack, root
1555 linuxbridge_plugin:
1556 pods:
1557 - dhcp_agent
1558 - l3_agent
1559 - lb_agent
1560 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1561 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1562 - ovs_agent
1563 - sriov_agent
1564 content: |
1565 # neutron-rootwrap command filters for nodes on which neutron is
1566 # expected to control network
1567 #
1568 # This file should be owned by (and only-writeable by) the root user
1569
1570 # format seems to be
1571 # cmd-name: filter-name, raw-command, user, args
1572
1573 [Filters]
1574
1575 # linuxbridge-agent
1576 # unclear whether both variants are necessary, but I'm transliterating
1577 # from the old mechanism
1578 brctl: CommandFilter, brctl, root
1579 bridge: CommandFilter, bridge, root
1580
1581 # ip_lib
1582 ip: IpFilter, ip, root
1583 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1584 ip_exec: IpNetnsExecFilter, ip, root
1585
1586 # tc commands needed for QoS support
1587 tc_replace_tbf: RegExpFilter, tc, root, tc, qdisc, replace, dev, .+, root, tbf, rate, .+, latency, .+, burst, .+
1588 tc_add_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress, handle, .+
1589 tc_delete: RegExpFilter, tc, root, tc, qdisc, del, dev, .+, .+
1590 tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
1591 tc_show_filters: RegExpFilter, tc, root, tc, filter, show, dev, .+, parent, .+
1592 tc_add_filter: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, all, prio, .+, basic, police, rate, .+, burst, .+, mtu, .+, drop
1593 openvswitch_plugin:
1594 pods:
1595 - dhcp_agent
1596 - l3_agent
1597 - lb_agent
1598 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1599 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1600 - ovs_agent
1601 - sriov_agent
1602 content: |
1603 # neutron-rootwrap command filters for nodes on which neutron is
1604 # expected to control network
1605 #
1606 # This file should be owned by (and only-writeable by) the root user
1607
1608 # format seems to be
1609 # cmd-name: filter-name, raw-command, user, args
1610
1611 [Filters]
1612
1613 # openvswitch-agent
1614 # unclear whether both variants are necessary, but I'm transliterating
1615 # from the old mechanism
1616 ovs-vsctl: CommandFilter, ovs-vsctl, root
1617 # NOTE(yamamoto): of_interface=native doesn't use ovs-ofctl
1618 ovs-ofctl: CommandFilter, ovs-ofctl, root
1619 ovs-appctl: CommandFilter, ovs-appctl, root
1620 kill_ovsdb_client: KillFilter, root, /usr/bin/ovsdb-client, -9
1621 ovsdb-client: CommandFilter, ovsdb-client, root
1622 xe: CommandFilter, xe, root
1623
1624 # ip_lib
1625 ip: IpFilter, ip, root
1626 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1627 ip_exec: IpNetnsExecFilter, ip, root
1628
1629 # needed for FDB extension
1630 bridge: CommandFilter, bridge, root
1631 privsep:
1632 pods:
1633 - dhcp_agent
1634 - l3_agent
1635 - lb_agent
1636 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1637 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1638 - ovs_agent
1639 - sriov_agent
1640 - netns_cleanup_cron
1641 content: |
1642 # Command filters to allow privsep daemon to be started via rootwrap.
1643 #
1644 # This file should be owned by (and only-writeable by) the root user
1645
1646 [Filters]
1647
1648 # By installing the following, the local admin is asserting that:
1649 #
1650 # 1. The python module load path used by privsep-helper
1651 # command as root (as started by sudo/rootwrap) is trusted.
1652 # 2. Any oslo.config files matching the --config-file
1653 # arguments below are trusted.
1654 # 3. Users allowed to run sudo/rootwrap with this configuration(*) are
1655 # also allowed to invoke python "entrypoint" functions from
1656 # --privsep_context with the additional (possibly root) privileges
1657 # configured for that context.
1658 #
1659 # (*) ie: the user is allowed by /etc/sudoers to run rootwrap as root
1660 #
1661 # In particular, the oslo.config and python module path must not
1662 # be writeable by the unprivileged user.
1663
1664 # oslo.privsep default neutron context
1665 privsep: PathFilter, privsep-helper, root,
1666 --config-file, /etc,
1667 --privsep_context, neutron.privileged.default,
1668 --privsep_sock_path, /
1669
1670 # NOTE: A second `--config-file` arg can also be added above. Since
1671 # many neutron components are installed like that (eg: by devstack).
1672 # Adjust to suit local requirements.
1673 linux_vxlan:
1674 pods:
1675 - bagpipe_bgp
1676 content: |
1677 # bagpipe-bgp-rootwrap command filters for nodes on which bagpipe-bgp is
1678 # expected to control VXLAN Linux Bridge dataplane
1679 #
1680 # This file should be owned by (and only-writeable by) the root user
1681
1682 # format seems to be
1683 # cmd-name: filter-name, raw-command, user, args
1684
1685 [Filters]
1686
1687 #
1688 modprobe: CommandFilter, modprobe, root
1689
1690 #
1691 brctl: CommandFilter, brctl, root
1692 bridge: CommandFilter, bridge, root
1693
1694 # ip_lib
1695 ip: IpFilter, ip, root
1696 ip_exec: IpNetnsExecFilter, ip, root
1697
1698 # shell (for piped commands)
1699 sh: CommandFilter, sh, root
1700 mpls_ovs_dataplane:
1701 pods:
1702 - bagpipe_bgp
1703 content: |
1704 # bagpipe-bgp-rootwrap command filters for nodes on which bagpipe-bgp is
1705 # expected to control MPLS OpenVSwitch dataplane
1706 #
1707 # This file should be owned by (and only-writeable by) the root user
1708
1709 # format seems to be
1710 # cmd-name: filter-name, raw-command, user, args
1711
1712 [Filters]
1713
1714 # openvswitch
1715 ovs-vsctl: CommandFilter, ovs-vsctl, root
1716 ovs-ofctl: CommandFilter, ovs-ofctl, root
1717
1718 # ip_lib
1719 ip: IpFilter, ip, root
1720 ip_exec: IpNetnsExecFilter, ip, root
1721
1722 # shell (for piped commands)
1723 sh: CommandFilter, sh, root
1724 neutron:
1725 DEFAULT:
1726 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
1727 log_config_append: /etc/neutron/logging.conf
1728 # NOTE(portdirect): the bind port should not be defined, and is manipulated
1729 # via the endpoints section.
1730 bind_port: null
1731 default_availability_zones: nova
1732 api_workers: 1
1733 rpc_workers: 4
1734 allow_overlapping_ips: True
1735 state_path: /var/lib/neutron
1736 # core_plugin can be: ml2, calico
1737 core_plugin: ml2
1738 # service_plugin can be: router, odl-router, empty for calico,
1739 # networking_ovn.l3.l3_ovn.OVNL3RouterPlugin for OVN
1740 service_plugins: router
1741 allow_automatic_l3agent_failover: True
1742 l3_ha: True
1743 max_l3_agents_per_router: 2
1744 l3_ha_network_type: vxlan
1745 network_auto_schedule: True
1746 router_auto_schedule: True
1747 # (NOTE)portdirect: if unset this is populated dynamically from the value in
1748 # 'network.backend' to sane defaults.
1749 interface_driver: null
1750 oslo_concurrency:
1751 lock_path: /var/lib/neutron/tmp
1752 database:
1753 max_retries: -1
1754 agent:
1755 root_helper: sudo /var/lib/openstack/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
1756 root_helper_daemon: sudo /var/lib/openstack/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
1757 oslo_messaging_notifications:
1758 driver: messagingv2
1759 oslo_messaging_rabbit:
1760 rabbit_ha_queues: true
1761 oslo_middleware:
1762 enable_proxy_headers_parsing: true
1763 oslo_policy:
1764 policy_file: /etc/neutron/policy.yaml
1765 nova:
1766 auth_type: password
1767 auth_version: v3
1768 endpoint_type: internal
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]1769 placement:
1770 auth_type: password
1771 auth_version: v3
1772 endpoint_type: internal
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1773 designate:
1774 auth_type: password
1775 auth_version: v3
1776 endpoint_type: internal
1777 allow_reverse_dns_lookup: true
1778 ironic:
1779 endpoint_type: internal
1780 keystone_authtoken:
1781 memcache_security_strategy: ENCRYPT
1782 auth_type: password
1783 auth_version: v3
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1784 service_type: network
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1785 octavia:
1786 request_poll_timeout: 3000
1787 logging:
1788 loggers:
1789 keys:
1790 - root
1791 - neutron
1792 - neutron_taas
1793 handlers:
1794 keys:
1795 - stdout
1796 - stderr
1797 - "null"
1798 formatters:
1799 keys:
1800 - context
1801 - default
1802 logger_root:
1803 level: WARNING
1804 handlers: 'null'
1805 logger_neutron:
1806 level: INFO
1807 handlers:
1808 - stdout
1809 qualname: neutron
1810 logger_neutron_taas:
1811 level: INFO
1812 handlers:
1813 - stdout
1814 qualname: neutron_taas
1815 logger_amqp:
1816 level: WARNING
1817 handlers: stderr
1818 qualname: amqp
1819 logger_amqplib:
1820 level: WARNING
1821 handlers: stderr
1822 qualname: amqplib
1823 logger_eventletwsgi:
1824 level: WARNING
1825 handlers: stderr
1826 qualname: eventlet.wsgi.server
1827 logger_sqlalchemy:
1828 level: WARNING
1829 handlers: stderr
1830 qualname: sqlalchemy
1831 logger_boto:
1832 level: WARNING
1833 handlers: stderr
1834 qualname: boto
1835 handler_null:
1836 class: logging.NullHandler
1837 formatter: default
1838 args: ()
1839 handler_stdout:
1840 class: StreamHandler
1841 args: (sys.stdout,)
1842 formatter: context
1843 handler_stderr:
1844 class: StreamHandler
1845 args: (sys.stderr,)
1846 formatter: context
1847 formatter_context:
1848 class: oslo_log.formatters.ContextFormatter
1849 datefmt: "%Y-%m-%d %H:%M:%S"
1850 formatter_default:
1851 format: "%(message)s"
1852 datefmt: "%Y-%m-%d %H:%M:%S"
1853 plugins:
1854 ml2_conf:
1855 ml2:
1856 extension_drivers: port_security
1857 # (NOTE)portdirect: if unset this is populated dyanmicly from the value
1858 # in 'network.backend' to sane defaults.
1859 mechanism_drivers: null
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1860 type_drivers: flat,vlan,vxlan,local
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1861 tenant_network_types: vxlan
1862 ml2_type_vxlan:
1863 vni_ranges: 1:1000
1864 vxlan_group: 239.1.1.1
1865 ml2_type_flat:
1866 flat_networks: "*"
1867 # If you want to use the external network as a tagged provider network,
1868 # a range should be specified including the intended VLAN target
1869 # using ml2_type_vlan.network_vlan_ranges:
1870 # ml2_type_vlan:
1871 # network_vlan_ranges: "external:1100:1110"
1872 agent:
1873 extensions: ""
1874 ml2_conf_sriov: null
1875 taas:
1876 taas:
1877 enabled: False
1878 openvswitch_agent:
1879 agent:
1880 tunnel_types: vxlan
1881 l2_population: True
1882 arp_responder: True
1883 ovs:
1884 bridge_mappings: "external:br-ex"
1885 securitygroup:
1886 firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
1887 linuxbridge_agent:
1888 linux_bridge:
1889 # To define Flat and VLAN connections, in LB we can assign
1890 # specific interface to the flat/vlan network name using:
1891 # physical_interface_mappings: "external:eth3"
1892 # Or we can set the mapping between the network and bridge:
1893 bridge_mappings: "external:br-ex"
1894 # The two above options are exclusive, do not use both of them at once
1895 securitygroup:
1896 firewall_driver: iptables
1897 vxlan:
1898 l2_population: True
1899 arp_responder: True
1900 macvtap_agent: null
1901 sriov_agent:
1902 securitygroup:
1903 firewall_driver: neutron.agent.firewall.NoopFirewallDriver
1904 sriov_nic:
1905 physical_device_mappings: physnet2:enp3s0f1
1906 # NOTE: do not use null here, use an empty string
1907 exclude_devices: ""
1908 dhcp_agent:
1909 DEFAULT:
1910 # (NOTE)portdirect: if unset this is populated dyanmicly from the value in
1911 # 'network.backend' to sane defaults.
1912 interface_driver: null
1913 dnsmasq_config_file: /etc/neutron/dnsmasq.conf
1914 force_metadata: True
1915 dnsmasq: |
1916 #no-hosts
1917 #port=5353
1918 #cache-size=500
1919 #no-negcache
1920 #dns-forward-max=100
1921 #resolve-file=
1922 #strict-order
1923 #bind-interface
1924 #bind-dynamic
1925 #domain=
1926 #dhcp-range=10.10.10.10,10.10.10.100,24h
1927 #dhcp-lease-max=150
1928 #dhcp-host=11:22:33:44:55:66,ignore
1929 #dhcp-option=3,10.10.10.1
1930 #dhcp-option-force=26,1450
1931
1932 l3_agent:
1933 DEFAULT:
1934 # (NOTE)portdirect: if unset this is populated dyanmicly from the value in
1935 # 'network.backend' to sane defaults.
1936 interface_driver: null
1937 agent_mode: legacy
1938 metering_agent: null
1939 metadata_agent:
1940 DEFAULT:
1941 # we cannot change the proxy socket path as it is declared
1942 # as a hostPath volume from agent daemonsets
1943 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
1944 metadata_proxy_shared_secret: "password"
1945 cache:
1946 enabled: true
1947 backend: dogpile.cache.memcached
1948 bagpipe_bgp: {}
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1949 ovn_metadata_agent: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1950
1951 rabbitmq:
1952 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
1953 policies:
1954 - vhost: "neutron"
1955 name: "ha_ttl_neutron"
1956 definition:
1957 # mirror messges to other nodes in rmq cluster
1958 ha-mode: "all"
1959 ha-sync-mode: "automatic"
1960 # 70s
1961 message-ttl: 70000
1962 priority: 0
1963 apply-to: all
1964 pattern: '^(?!(amq\.|reply_)).*'
1965 ## NOTE: "besteffort" is meant for dev env with mixed compute type only.
1966 ## This helps prevent sriov init script from failing due to mis-matched NIC
1967 ## For prod env, target NIC should match and init script should fail otherwise.
1968 ## sriov_init:
1969 ## - besteffort
1970 sriov_init:
1971 -
1972 # auto_bridge_add is a table of "bridge: interface" pairs
1973 # To automatically add a physical interfaces to a specific bridges,
1974 # for example eth3 to bridge br-physnet1, if0 to br0 and iface_two
1975 # to br1 do something like:
1976 #
1977 # auto_bridge_add:
1978 # br-physnet1: eth3
1979 # br0: if0
1980 # br1: iface_two
1981 # br-ex will be added by default
1982 auto_bridge_add:
1983 br-ex: null
1984
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]1985 # Network off-loading configuration
1986 netoffload:
ricolin18e6fd32023-07-17 06:17:15 +0000[diff] [blame]1987 enabled: false
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]1988 asap2:
1989 # - dev: enp97s0f0
1990 # vfs: 16
1991
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1992 # configuration of OVS DPDK bridges and NICs
1993 # this is a separate section and not part of the auto_bridge_add section
1994 # because additional parameters are needed
1995 ovs_dpdk:
1996 enabled: false
1997 # setting update_dpdk_bond_config to true will have default behavior,
1998 # which may cause disruptions in ovs dpdk traffic in case of neutron
1999 # ovs agent restart or when dpdk nic/bond configurations are changed.
2000 # Setting this to false will configure dpdk in the first run and
2001 # disable nic/bond config on event of restart or config update.
2002 update_dpdk_bond_config: true
2003 driver: uio_pci_generic
2004 # In case bonds are configured, the nics which are part of those bonds
2005 # must NOT be provided here.
2006 nics:
2007 - name: dpdk0
2008 pci_id: '0000:05:00.0'
2009 # Set VF Index in case some particular VF(s) need to be
2010 # used with ovs-dpdk.
2011 # vf_index: 0
2012 bridge: br-phy
2013 migrate_ip: true
2014 n_rxq: 2
2015 n_txq: 2
2016 pmd_rxq_affinity: "0:3,1:27"
2017 ofport_request: 1
2018 # optional parameters for tuning the OVS DPDK config
2019 # in alignment with the available hardware resources
2020 # mtu: 2000
2021 # n_rxq_size: 1024
2022 # n_txq_size: 1024
2023 # vhost-iommu-support: true
2024 bridges:
2025 - name: br-phy
2026 # optional parameter, in case tunnel traffic needs to be transported over a vlan underlay
2027 # - tunnel_underlay_vlan: 45
2028 # Optional parameter for configuring bonding in OVS-DPDK
2029 # - name: br-phy-bond0
2030 # bonds:
2031 # - name: dpdkbond0
2032 # bridge: br-phy-bond0
2033 # # The IP from the first nic in nics list shall be used
2034 # migrate_ip: true
2035 # mtu: 2000
2036 # # Please note that n_rxq is set for each NIC individually
2037 # # rather than denoting the total number of rx queues for
2038 # # the bond as a whole. So setting n_rxq = 2 below for ex.
2039 # # would be 4 rx queues in total for the bond.
2040 # # Same for n_txq
2041 # n_rxq: 2
2042 # n_txq: 2
2043 # ofport_request: 1
2044 # n_rxq_size: 1024
2045 # n_txq_size: 1024
2046 # vhost-iommu-support: true
2047 # ovs_options: "bond_mode=active-backup"
2048 # nics:
2049 # - name: dpdk_b0s0
2050 # pci_id: '0000:06:00.0'
2051 # pmd_rxq_affinity: "0:3,1:27"
2052 # # Set VF Index in case some particular VF(s) need to be
2053 # # used with ovs-dpdk. In which case pci_id of PF must be
2054 # # provided above.
2055 # # vf_index: 0
2056 # - name: dpdk_b0s1
2057 # pci_id: '0000:07:00.0'
2058 # pmd_rxq_affinity: "0:3,1:27"
2059 # # Set VF Index in case some particular VF(s) need to be
2060 # # used with ovs-dpdk. In which case pci_id of PF must be
2061 # # provided above.
2062 # # vf_index: 0
2063 #
2064 # Set the log level for each target module (default level is always dbg)
2065 # Supported log levels are: off, emer, err, warn, info, dbg
2066 #
2067 # modules:
2068 # - name: dpdk
2069 # log_level: info
2070
2071# Names of secrets used by bootstrap and environmental checks
2072secrets:
2073 identity:
2074 admin: neutron-keystone-admin
2075 neutron: neutron-keystone-user
2076 test: neutron-keystone-test
2077 oslo_db:
2078 admin: neutron-db-admin
2079 neutron: neutron-db-user
2080 oslo_messaging:
2081 admin: neutron-rabbitmq-admin
2082 neutron: neutron-rabbitmq-user
2083 tls:
2084 compute_metadata:
2085 metadata:
2086 internal: metadata-tls-metadata
2087 network:
2088 server:
2089 public: neutron-tls-public
2090 internal: neutron-tls-server
2091 oci_image_registry:
2092 neutron: neutron-oci-image-registry
2093
2094# typically overridden by environmental
2095# values, but should include all endpoints
2096# required by this chart
2097endpoints:
2098 cluster_domain_suffix: cluster.local
2099 local_image_registry:
2100 name: docker-registry
2101 namespace: docker-registry
2102 hosts:
2103 default: localhost
2104 internal: docker-registry
2105 node: localhost
2106 host_fqdn_override:
2107 default: null
2108 port:
2109 registry:
2110 node: 5000
2111 oci_image_registry:
2112 name: oci-image-registry
2113 namespace: oci-image-registry
2114 auth:
2115 enabled: false
2116 neutron:
2117 username: neutron
2118 password: password
2119 hosts:
2120 default: localhost
2121 host_fqdn_override:
2122 default: null
2123 port:
2124 registry:
2125 default: null
2126 oslo_db:
2127 auth:
2128 admin:
2129 username: root
2130 password: password
2131 secret:
2132 tls:
2133 internal: mariadb-tls-direct
2134 neutron:
2135 username: neutron
2136 password: password
2137 hosts:
2138 default: mariadb
2139 host_fqdn_override:
2140 default: null
2141 path: /neutron
2142 scheme: mysql+pymysql
2143 port:
2144 mysql:
2145 default: 3306
2146 oslo_messaging:
2147 auth:
2148 admin:
2149 username: rabbitmq
2150 password: password
2151 secret:
2152 tls:
2153 internal: rabbitmq-tls-direct
2154 neutron:
2155 username: neutron
2156 password: password
2157 statefulset:
2158 replicas: 2
2159 name: rabbitmq-rabbitmq
2160 hosts:
2161 default: rabbitmq
2162 host_fqdn_override:
2163 default: null
2164 path: /neutron
2165 scheme: rabbit
2166 port:
2167 amqp:
2168 default: 5672
2169 http:
2170 default: 15672
2171 oslo_cache:
2172 auth:
2173 # NOTE(portdirect): this is used to define the value for keystone
2174 # authtoken cache encryption key, if not set it will be populated
2175 # automatically with a random value, but to take advantage of
2176 # this feature all services should be set to use the same key,
2177 # and memcache service.
2178 memcache_secret_key: null
2179 hosts:
2180 default: memcached
2181 host_fqdn_override:
2182 default: null
2183 port:
2184 memcache:
2185 default: 11211
2186 compute:
2187 name: nova
2188 hosts:
2189 default: nova-api
2190 public: nova
2191 host_fqdn_override:
2192 default: null
2193 path:
2194 default: "/v2.1/%(tenant_id)s"
2195 scheme:
2196 default: 'http'
2197 port:
2198 api:
2199 default: 8774
2200 public: 80
2201 novncproxy:
2202 default: 6080
2203 compute_metadata:
2204 name: nova
2205 hosts:
2206 default: nova-metadata
2207 public: metadata
2208 host_fqdn_override:
2209 default: null
2210 path:
2211 default: /
2212 scheme:
2213 default: 'http'
2214 port:
2215 metadata:
2216 default: 8775
2217 public: 80
2218 identity:
2219 name: keystone
2220 auth:
2221 admin:
2222 region_name: RegionOne
2223 username: admin
2224 password: password
2225 project_name: admin
2226 user_domain_name: default
2227 project_domain_name: default
2228 neutron:
2229 role: admin
2230 region_name: RegionOne
2231 username: neutron
2232 password: password
2233 project_name: service
2234 user_domain_name: service
2235 project_domain_name: service
2236 nova:
2237 region_name: RegionOne
2238 project_name: service
2239 username: nova
2240 password: password
2241 user_domain_name: service
2242 project_domain_name: service
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]2243 placement:
2244 region_name: RegionOne
2245 project_name: service
2246 username: placement
2247 password: password
2248 user_domain_name: service
2249 project_domain_name: service
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2250 designate:
2251 region_name: RegionOne
2252 project_name: service
2253 username: designate
2254 password: password
2255 user_domain_name: service
2256 project_domain_name: service
2257 ironic:
2258 region_name: RegionOne
2259 project_name: service
2260 username: ironic
2261 password: password
2262 user_domain_name: service
2263 project_domain_name: service
2264 test:
2265 role: admin
2266 region_name: RegionOne
2267 username: neutron-test
2268 password: password
2269 # NOTE: this project will be purged and reset if
2270 # conf.rally_tests.force_project_purge is set to true
2271 # which may be required upon test failure, but be aware that this will
2272 # expunge all openstack objects, so if this is used a seperate project
2273 # should be used for each helm test, and also it should be ensured
2274 # that this project is not in use by other tenants
2275 project_name: test
2276 user_domain_name: service
2277 project_domain_name: service
2278 hosts:
2279 default: keystone
2280 internal: keystone-api
2281 host_fqdn_override:
2282 default: null
2283 path:
2284 default: /v3
2285 scheme:
2286 default: http
2287 port:
2288 api:
2289 default: 80
2290 internal: 5000
2291 network:
2292 name: neutron
2293 hosts:
2294 default: neutron-server
2295 public: neutron
2296 host_fqdn_override:
2297 default: null
2298 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
2299 # endpoints using the following format:
2300 # public:
2301 # host: null
2302 # tls:
2303 # crt: null
2304 # key: null
2305 path:
2306 default: null
2307 scheme:
2308 default: 'http'
2309 service: 'http'
2310 port:
2311 api:
2312 default: 9696
2313 public: 80
2314 service: 9696
2315 load_balancer:
2316 name: octavia
2317 hosts:
2318 default: octavia-api
2319 public: octavia
2320 host_fqdn_override:
2321 default: null
2322 path:
2323 default: null
2324 scheme:
2325 default: http
2326 port:
2327 api:
2328 default: 9876
2329 public: 80
2330 fluentd:
2331 namespace: osh-infra
2332 name: fluentd
2333 hosts:
2334 default: fluentd-logging
2335 host_fqdn_override:
2336 default: null
2337 path:
2338 default: null
2339 scheme: 'http'
2340 port:
2341 service:
2342 default: 24224
2343 metrics:
2344 default: 24220
2345 dns:
2346 name: designate
2347 hosts:
2348 default: designate-api
2349 public: designate
2350 host_fqdn_override:
2351 default: null
2352 path:
2353 default: /
2354 scheme:
2355 default: 'http'
2356 port:
2357 api:
2358 default: 9001
2359 public: 80
2360 baremetal:
2361 name: ironic
2362 hosts:
2363 default: ironic-api
2364 public: ironic
2365 host_fqdn_override:
2366 default: null
2367 path:
2368 default: null
2369 scheme:
2370 default: 'http'
2371 port:
2372 api:
2373 default: 6385
2374 public: 80
2375 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
2376 # They are using to enable the Egress K8s network policy.
2377 kube_dns:
2378 namespace: kube-system
2379 name: kubernetes-dns
2380 hosts:
2381 default: kube-dns
2382 host_fqdn_override:
2383 default: null
2384 path:
2385 default: null
2386 scheme: http
2387 port:
2388 dns:
2389 default: 53
2390 protocol: UDP
2391 ingress:
2392 namespace: null
2393 name: ingress
2394 hosts:
2395 default: ingress
2396 port:
2397 ingress:
2398 default: 80
2399
2400network_policy:
2401 neutron:
2402 # TODO(lamt): Need to tighten this ingress for security.
2403 ingress:
2404 - {}
2405 egress:
2406 - {}
2407
2408helm3_hook: true
2409
2410health_probe:
2411 logging:
2412 level: ERROR
2413
2414tls:
2415 identity: false
2416 oslo_messaging: false
2417 oslo_db: false
2418
2419manifests:
2420 certificates: false
2421 configmap_bin: true
2422 configmap_etc: true
2423 daemonset_dhcp_agent: true
2424 daemonset_l3_agent: true
2425 daemonset_lb_agent: true
2426 daemonset_metadata_agent: true
2427 daemonset_ovs_agent: true
2428 daemonset_sriov_agent: true
2429 daemonset_l2gw_agent: false
2430 daemonset_bagpipe_bgp: false
2431 daemonset_netns_cleanup_cron: true
2432 deployment_ironic_agent: false
2433 deployment_server: true
2434 ingress_server: true
2435 job_bootstrap: true
2436 job_db_init: true
2437 job_db_sync: true
2438 job_db_drop: false
2439 job_image_repo_sync: true
2440 job_ks_endpoints: true
2441 job_ks_service: true
2442 job_ks_user: true
2443 job_rabbit_init: true
2444 pdb_server: true
2445 pod_rally_test: true
2446 network_policy: false
2447 secret_db: true
2448 secret_ingress_tls: true
2449 secret_keystone: true
2450 secret_rabbitmq: true
2451 secret_registry: true
2452 service_ingress_server: true
2453 service_server: true
2454...