Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 8351946c76994a7c26d2e62b2777ec741d5f6b6b / . / charts / neutron / values.yaml
blob: 23494605e8e9ef7b6e648dc9089617fd36323a2e [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for neutron.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21images:
22 tags:
23 bootstrap: docker.io/openstackhelm/heat:stein-ubuntu_bionic
24 test: docker.io/xrally/xrally-openstack:2.0.0
25 purge_test: docker.io/openstackhelm/ospurge:latest
26 db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
27 neutron_db_sync: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
28 db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
29 rabbit_init: docker.io/rabbitmq:3.7-management
30 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
31 ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic
32 ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]33 netoffload: ghcr.io/vexxhost/netoffload:v1.0.1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]34 neutron_server: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
35 neutron_dhcp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
36 neutron_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]37 neutron_ovn_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]38 neutron_l3: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
39 neutron_l2gw: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
40 neutron_openvswitch_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
41 neutron_linuxbridge_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
42 neutron_sriov_agent: docker.io/openstackhelm/neutron:stein-18.04-sriov
43 neutron_sriov_agent_init: docker.io/openstackhelm/neutron:stein-18.04-sriov
44 neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
45 neutron_ironic_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
46 neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
47 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
48 image_repo_sync: docker.io/docker:17.07.0
49 pull_policy: "IfNotPresent"
50 local_registry:
51 active: false
52 exclude:
53 - dep_check
54 - image_repo_sync
55
56labels:
57 agent:
58 dhcp:
59 node_selector_key: openstack-control-plane
60 node_selector_value: enabled
61 l3:
62 node_selector_key: openstack-control-plane
63 node_selector_value: enabled
64 metadata:
65 node_selector_key: openstack-control-plane
66 node_selector_value: enabled
67 l2gw:
68 node_selector_key: openstack-control-plane
69 node_selector_value: enabled
70 job:
71 node_selector_key: openstack-control-plane
72 node_selector_value: enabled
73 lb:
74 node_selector_key: linuxbridge
75 node_selector_value: enabled
76 # openvswitch is a special case, requiring a special
77 # label that can apply to both control hosts
78 # and compute hosts, until we get more sophisticated
79 # with our daemonset scheduling
okozachenko120383519462023-07-29 01:30:02 +1000[diff] [blame^]80 ovn:
81 node_selector_key: ovn
82 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]83 ovs:
84 node_selector_key: openvswitch
85 node_selector_value: enabled
86 sriov:
87 node_selector_key: sriov
88 node_selector_value: enabled
89 bagpipe_bgp:
90 node_selector_key: openstack-compute-node
91 node_selector_value: enabled
92 server:
93 node_selector_key: openstack-control-plane
94 node_selector_value: enabled
95 ironic_agent:
96 node_selector_key: openstack-control-plane
97 node_selector_value: enabled
98 netns_cleanup_cron:
99 node_selector_key: openstack-control-plane
100 node_selector_value: enabled
101 test:
102 node_selector_key: openstack-control-plane
103 node_selector_value: enabled
104
105network:
106 # provide what type of network wiring will be used
107 backend:
108 - openvswitch
109 # NOTE(Portdirect): Share network namespaces with the host,
110 # allowing agents to be restarted without packet loss and simpler
111 # debugging. This feature requires mount propagation support.
112 share_namespaces: true
113 interface:
114 # Tunnel interface will be used for VXLAN tunneling.
115 tunnel: null
116 # If tunnel is null there is a fallback mechanism to search
117 # for interface with routing using tunnel network cidr.
118 tunnel_network_cidr: "0/0"
119 # To perform setup of network interfaces using the SR-IOV init
120 # container you can use a section similar to:
121 # sriov:
122 # - device: ${DEV}
123 # num_vfs: 8
124 # mtu: 9214
125 # promisc: false
126 # qos:
127 # - vf_num: 0
128 # share: 10
129 # queues_per_vf:
130 # - num_queues: 16
131 # exclude_vf: 0,11,21
132 server:
133 ingress:
134 public: true
135 classes:
136 namespace: "nginx"
137 cluster: "nginx-cluster"
138 annotations:
139 nginx.ingress.kubernetes.io/rewrite-target: /
140 external_policy_local: false
141 node_port:
142 enabled: false
143 port: 30096
144
145bootstrap:
146 enabled: false
147 ks_user: neutron
148 script: |
149 openstack token issue
150
151dependencies:
152 dynamic:
153 common:
154 local_image_registry:
155 jobs:
156 - neutron-image-repo-sync
157 services:
158 - endpoint: node
159 service: local_image_registry
160 targeted:
161 sriov: {}
162 l2gateway: {}
163 bagpipe_bgp: {}
164 openvswitch:
165 dhcp:
166 pod:
167 - requireSameNode: true
168 labels:
169 application: neutron
170 component: neutron-ovs-agent
171 l3:
172 pod:
173 - requireSameNode: true
174 labels:
175 application: neutron
176 component: neutron-ovs-agent
177 metadata:
178 pod:
179 - requireSameNode: true
180 labels:
181 application: neutron
182 component: neutron-ovs-agent
183 linuxbridge:
184 dhcp:
185 pod:
186 - requireSameNode: true
187 labels:
188 application: neutron
189 component: neutron-lb-agent
190 l3:
191 pod:
192 - requireSameNode: true
193 labels:
194 application: neutron
195 component: neutron-lb-agent
196 metadata:
197 pod:
198 - requireSameNode: true
199 labels:
200 application: neutron
201 component: neutron-lb-agent
202 lb_agent:
203 pod: null
204 static:
205 bootstrap:
206 services:
207 - endpoint: internal
208 service: network
209 - endpoint: internal
210 service: compute
211 db_drop:
212 services:
213 - endpoint: internal
214 service: oslo_db
215 db_init:
216 services:
217 - endpoint: internal
218 service: oslo_db
219 db_sync:
220 jobs:
221 - neutron-db-init
222 services:
223 - endpoint: internal
224 service: oslo_db
225 dhcp:
226 pod: null
227 jobs:
228 - neutron-rabbit-init
229 services:
230 - endpoint: internal
231 service: oslo_messaging
232 - endpoint: internal
233 service: network
234 - endpoint: internal
235 service: compute
236 ks_endpoints:
237 jobs:
238 - neutron-ks-service
239 services:
240 - endpoint: internal
241 service: identity
242 ks_service:
243 services:
244 - endpoint: internal
245 service: identity
246 ks_user:
247 services:
248 - endpoint: internal
249 service: identity
250 rabbit_init:
251 services:
252 - service: oslo_messaging
253 endpoint: internal
254 l3:
255 pod: null
256 jobs:
257 - neutron-rabbit-init
258 services:
259 - endpoint: internal
260 service: oslo_messaging
261 - endpoint: internal
262 service: network
263 - endpoint: internal
264 service: compute
265 lb_agent:
266 pod: null
267 jobs:
268 - neutron-rabbit-init
269 services:
270 - endpoint: internal
271 service: oslo_messaging
272 - endpoint: internal
273 service: network
274 metadata:
275 pod: null
276 jobs:
277 - neutron-rabbit-init
278 services:
279 - endpoint: internal
280 service: oslo_messaging
281 - endpoint: internal
282 service: network
283 - endpoint: internal
284 service: compute
285 - endpoint: public
286 service: compute_metadata
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]287 ovn_metadata:
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]288 pod:
289 - requireSameNode: true
290 labels:
291 application: ovn
292 component: ovn-controller
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]293 services:
294 - endpoint: internal
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]295 service: compute_metadata
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]296 ovs_agent:
297 jobs:
298 - neutron-rabbit-init
299 pod:
300 - requireSameNode: true
301 labels:
302 application: openvswitch
303 component: server
304 services:
305 - endpoint: internal
306 service: oslo_messaging
307 - endpoint: internal
308 service: network
309 server:
310 jobs:
311 - neutron-db-sync
312 - neutron-ks-user
313 - neutron-ks-endpoints
314 - neutron-rabbit-init
315 services:
316 - endpoint: internal
317 service: oslo_db
318 - endpoint: internal
319 service: oslo_messaging
320 - endpoint: internal
321 service: oslo_cache
322 - endpoint: internal
323 service: identity
324 ironic_agent:
325 jobs:
326 - neutron-db-sync
327 - neutron-ks-user
328 - neutron-ks-endpoints
329 - neutron-rabbit-init
330 services:
331 - endpoint: internal
332 service: oslo_db
333 - endpoint: internal
334 service: oslo_messaging
335 - endpoint: internal
336 service: oslo_cache
337 - endpoint: internal
338 service: identity
339 tests:
340 services:
341 - endpoint: internal
342 service: network
343 - endpoint: internal
344 service: compute
345 image_repo_sync:
346 services:
347 - endpoint: internal
348 service: local_image_registry
349
350pod:
351 use_fqdn:
352 neutron_agent: true
353 probes:
354 rpc_timeout: 60
355 rpc_retries: 2
356 dhcp_agent:
357 dhcp_agent:
358 readiness:
359 enabled: true
360 params:
361 initialDelaySeconds: 30
362 periodSeconds: 190
363 timeoutSeconds: 185
364 liveness:
365 enabled: true
366 params:
367 initialDelaySeconds: 120
368 periodSeconds: 600
369 timeoutSeconds: 580
370 l3_agent:
371 l3_agent:
372 readiness:
373 enabled: true
374 params:
375 initialDelaySeconds: 30
376 periodSeconds: 190
377 timeoutSeconds: 185
378 liveness:
379 enabled: true
380 params:
381 initialDelaySeconds: 120
382 periodSeconds: 600
383 timeoutSeconds: 580
384 lb_agent:
385 lb_agent:
386 readiness:
387 enabled: true
388 metadata_agent:
389 metadata_agent:
390 readiness:
391 enabled: true
392 params:
393 initialDelaySeconds: 30
394 periodSeconds: 190
395 timeoutSeconds: 185
396 liveness:
397 enabled: true
398 params:
399 initialDelaySeconds: 120
400 periodSeconds: 600
401 timeoutSeconds: 580
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]402 ovn_metadata_agent:
403 ovn_metadata_agent:
404 readiness:
405 enabled: true
406 params:
407 initialDelaySeconds: 30
408 periodSeconds: 190
409 timeoutSeconds: 185
410 liveness:
411 enabled: true
412 params:
413 initialDelaySeconds: 120
414 periodSeconds: 600
415 timeoutSeconds: 580
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]416 ovs_agent:
417 ovs_agent:
418 readiness:
419 enabled: true
420 params:
421 liveness:
422 enabled: true
423 params:
424 initialDelaySeconds: 120
425 periodSeconds: 600
426 timeoutSeconds: 580
427 sriov_agent:
428 sriov_agent:
429 readiness:
430 enabled: true
431 params:
432 initialDelaySeconds: 30
433 periodSeconds: 190
434 timeoutSeconds: 185
435 bagpipe_bgp:
436 bagpipe_bgp:
437 readiness:
438 enabled: true
439 params:
440 liveness:
441 enabled: true
442 params:
443 initialDelaySeconds: 60
444 l2gw_agent:
445 l2gw_agent:
446 readiness:
447 enabled: true
448 params:
449 initialDelaySeconds: 30
450 periodSeconds: 15
451 timeoutSeconds: 65
452 liveness:
453 enabled: true
454 params:
455 initialDelaySeconds: 120
456 periodSeconds: 90
457 timeoutSeconds: 70
458 server:
459 server:
460 readiness:
461 enabled: true
462 params:
463 liveness:
464 enabled: true
465 params:
466 initialDelaySeconds: 60
467 security_context:
468 neutron_dhcp_agent:
469 pod:
470 runAsUser: 42424
471 container:
472 neutron_dhcp_agent:
473 readOnlyRootFilesystem: true
474 privileged: true
475 neutron_l2gw_agent:
476 pod:
477 runAsUser: 42424
478 container:
479 neutron_l2gw_agent:
480 readOnlyRootFilesystem: true
481 privileged: true
482 neutron_bagpipe_bgp:
483 pod:
484 runAsUser: 42424
485 container:
486 neutron_bagpipe_bgp:
487 readOnlyRootFilesystem: true
488 privileged: true
489 neutron_l3_agent:
490 pod:
491 runAsUser: 42424
492 container:
493 neutron_l3_agent:
494 readOnlyRootFilesystem: true
495 privileged: true
496 neutron_lb_agent:
497 pod:
498 runAsUser: 42424
499 container:
500 neutron_lb_agent_kernel_modules:
501 capabilities:
502 add:
503 - SYS_MODULE
504 - SYS_CHROOT
505 runAsUser: 0
506 readOnlyRootFilesystem: true
507 neutron_lb_agent_init:
508 privileged: true
509 runAsUser: 0
510 readOnlyRootFilesystem: true
511 neutron_lb_agent:
512 readOnlyRootFilesystem: true
513 privileged: true
514 neutron_metadata_agent:
515 pod:
516 runAsUser: 42424
517 container:
518 neutron_metadata_agent_init:
519 runAsUser: 0
520 readOnlyRootFilesystem: true
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]521 neutron_ovn_metadata_agent:
522 pod:
523 runAsUser: 42424
524 container:
525 neutron_ovn_metadata_agent_init:
526 runAsUser: 0
527 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]528 neutron_ovs_agent:
529 pod:
530 runAsUser: 42424
531 container:
532 neutron_openvswitch_agent_kernel_modules:
533 capabilities:
534 add:
535 - SYS_MODULE
536 - SYS_CHROOT
537 runAsUser: 0
538 readOnlyRootFilesystem: true
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]539 netoffload:
540 privileged: true
541 runAsUser: 0
542 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]543 neutron_ovs_agent_init:
544 privileged: true
545 runAsUser: 0
546 readOnlyRootFilesystem: true
547 neutron_ovs_agent:
548 readOnlyRootFilesystem: true
549 privileged: true
550 neutron_server:
551 pod:
552 runAsUser: 42424
553 container:
554 nginx:
555 runAsUser: 0
556 readOnlyRootFilesystem: false
557 neutron_server:
558 allowPrivilegeEscalation: false
559 readOnlyRootFilesystem: true
560 neutron_sriov_agent:
561 pod:
562 runAsUser: 42424
563 container:
564 neutron_sriov_agent_init:
565 privileged: true
566 runAsUser: 0
567 readOnlyRootFilesystem: false
568 neutron_sriov_agent:
569 readOnlyRootFilesystem: true
570 privileged: true
571 neutron_ironic_agent:
572 pod:
573 runAsUser: 42424
574 container:
575 neutron_ironic_agent:
576 allowPrivilegeEscalation: false
577 readOnlyRootFilesystem: true
578 neutron_netns_cleanup_cron:
579 pod:
580 runAsUser: 42424
581 container:
582 neutron_netns_cleanup_cron:
583 readOnlyRootFilesystem: true
584 privileged: true
585 affinity:
586 anti:
587 type:
588 default: preferredDuringSchedulingIgnoredDuringExecution
589 topologyKey:
590 default: kubernetes.io/hostname
591 weight:
592 default: 10
593 tolerations:
594 neutron:
595 enabled: false
596 tolerations:
597 - key: node-role.kubernetes.io/master
598 operator: Exists
599 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]600 - key: node-role.kubernetes.io/control-plane
601 operator: Exists
602 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]603 mounts:
604 neutron_server:
605 init_container: null
606 neutron_server:
607 volumeMounts:
608 volumes:
609 neutron_dhcp_agent:
610 init_container: null
611 neutron_dhcp_agent:
612 volumeMounts:
613 volumes:
614 neutron_l3_agent:
615 init_container: null
616 neutron_l3_agent:
617 volumeMounts:
618 volumes:
619 neutron_lb_agent:
620 init_container: null
621 neutron_lb_agent:
622 volumeMounts:
623 volumes:
624 neutron_metadata_agent:
625 init_container: null
626 neutron_metadata_agent:
627 volumeMounts:
628 volumes:
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]629 neutron_ovn_metadata_agent:
630 init_container: null
631 neutron_ovn_metadata_agent:
632 volumeMounts:
633 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]634 neutron_ovs_agent:
635 init_container: null
636 neutron_ovs_agent:
637 volumeMounts:
638 volumes:
639 neutron_sriov_agent:
640 init_container: null
641 neutron_sriov_agent:
642 volumeMounts:
643 volumes:
644 neutron_l2gw_agent:
645 init_container: null
646 neutron_l2gw_agent:
647 volumeMounts:
648 volumes:
649 bagpipe_bgp:
650 init_container: null
651 bagpipe_bgp:
652 volumeMounts:
653 volumes:
654 neutron_ironic_agent:
655 init_container: null
656 neutron_ironic_agent:
657 volumeMounts:
658 volumes:
659 neutron_netns_cleanup_cron:
660 init_container: null
661 neutron_netns_cleanup_cron:
662 volumeMounts:
663 volumes:
664 neutron_tests:
665 init_container: null
666 neutron_tests:
667 volumeMounts:
668 volumes:
669 neutron_bootstrap:
670 init_container: null
671 neutron_bootstrap:
672 volumeMounts:
673 volumes:
674 neutron_db_sync:
675 neutron_db_sync:
676 volumeMounts:
677 - name: db-sync-conf
678 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
679 subPath: ml2_conf.ini
680 readOnly: true
681 volumes:
682 replicas:
683 server: 1
684 ironic_agent: 1
685 lifecycle:
686 upgrades:
687 deployments:
688 revision_history: 3
689 pod_replacement_strategy: RollingUpdate
690 rolling_update:
691 max_unavailable: 1
692 max_surge: 3
693 daemonsets:
694 pod_replacement_strategy: RollingUpdate
695 dhcp_agent:
696 enabled: true
697 min_ready_seconds: 0
698 max_unavailable: 1
699 l3_agent:
700 enabled: true
701 min_ready_seconds: 0
702 max_unavailable: 1
703 lb_agent:
704 enabled: true
705 min_ready_seconds: 0
706 max_unavailable: 1
707 metadata_agent:
708 enabled: true
709 min_ready_seconds: 0
710 max_unavailable: 1
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]711 ovn_metadata_agent:
712 enabled: true
713 min_ready_seconds: 0
714 max_unavailable: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]715 ovs_agent:
716 enabled: true
717 min_ready_seconds: 0
718 max_unavailable: 1
719 sriov_agent:
720 enabled: true
721 min_ready_seconds: 0
722 max_unavailable: 1
723 netns_cleanup_cron:
724 enabled: true
725 min_ready_seconds: 0
726 max_unavailable: 1
727 disruption_budget:
728 server:
729 min_available: 0
730 termination_grace_period:
731 server:
732 timeout: 30
733 ironic_agent:
734 timeout: 30
735 resources:
736 enabled: false
737 agent:
738 dhcp:
739 requests:
740 memory: "128Mi"
741 cpu: "100m"
742 limits:
743 memory: "1024Mi"
744 cpu: "2000m"
745 l3:
746 requests:
747 memory: "128Mi"
748 cpu: "100m"
749 limits:
750 memory: "1024Mi"
751 cpu: "2000m"
752 lb:
753 requests:
754 memory: "128Mi"
755 cpu: "100m"
756 limits:
757 memory: "1024Mi"
758 cpu: "2000m"
759 metadata:
760 requests:
761 memory: "128Mi"
762 cpu: "100m"
763 limits:
764 memory: "1024Mi"
765 cpu: "2000m"
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]766 ovn_metadata:
767 requests:
768 memory: "128Mi"
769 cpu: "100m"
770 limits:
771 memory: "1024Mi"
772 cpu: "2000m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]773 ovs:
774 requests:
775 memory: "128Mi"
776 cpu: "100m"
777 limits:
778 memory: "1024Mi"
779 cpu: "2000m"
780 sriov:
781 requests:
782 memory: "128Mi"
783 cpu: "100m"
784 limits:
785 memory: "1024Mi"
786 cpu: "2000m"
787 l2gw:
788 requests:
789 memory: "128Mi"
790 cpu: "100m"
791 limits:
792 memory: "1024Mi"
793 cpu: "2000m"
794 bagpipe_bgp:
795 requests:
796 memory: "128Mi"
797 cpu: "100m"
798 limits:
799 memory: "1024Mi"
800 cpu: "2000m"
801 server:
802 requests:
803 memory: "128Mi"
804 cpu: "100m"
805 limits:
806 memory: "1024Mi"
807 cpu: "2000m"
808 ironic_agent:
809 requests:
810 memory: "128Mi"
811 cpu: "100m"
812 limits:
813 memory: "1024Mi"
814 cpu: "2000m"
815 netns_cleanup_cron:
816 requests:
817 memory: "128Mi"
818 cpu: "100m"
819 limits:
820 memory: "1024Mi"
821 cpu: "2000m"
822 jobs:
823 bootstrap:
824 requests:
825 memory: "128Mi"
826 cpu: "100m"
827 limits:
828 memory: "1024Mi"
829 cpu: "2000m"
830 db_init:
831 requests:
832 memory: "128Mi"
833 cpu: "100m"
834 limits:
835 memory: "1024Mi"
836 cpu: "2000m"
837 rabbit_init:
838 requests:
839 memory: "128Mi"
840 cpu: "100m"
841 limits:
842 memory: "1024Mi"
843 cpu: "2000m"
844 db_sync:
845 requests:
846 memory: "128Mi"
847 cpu: "100m"
848 limits:
849 memory: "1024Mi"
850 cpu: "2000m"
851 db_drop:
852 requests:
853 memory: "128Mi"
854 cpu: "100m"
855 limits:
856 memory: "1024Mi"
857 cpu: "2000m"
858 ks_endpoints:
859 requests:
860 memory: "128Mi"
861 cpu: "100m"
862 limits:
863 memory: "1024Mi"
864 cpu: "2000m"
865 ks_service:
866 requests:
867 memory: "128Mi"
868 cpu: "100m"
869 limits:
870 memory: "1024Mi"
871 cpu: "2000m"
872 ks_user:
873 requests:
874 memory: "128Mi"
875 cpu: "100m"
876 limits:
877 memory: "1024Mi"
878 cpu: "2000m"
879 tests:
880 requests:
881 memory: "128Mi"
882 cpu: "100m"
883 limits:
884 memory: "1024Mi"
885 cpu: "2000m"
886 image_repo_sync:
887 requests:
888 memory: "128Mi"
889 cpu: "100m"
890 limits:
891 memory: "1024Mi"
892 cpu: "2000m"
893
894conf:
895 rally_tests:
896 force_project_purge: false
897 run_tempest: false
898 clean_up: |
899 # NOTE: We will make the best effort to clean up rally generated networks and routers,
900 # but should not block further automated deployment.
901 set +e
902 PATTERN="^[sc]_rally_"
903
904 ROUTERS=$(openstack router list --format=value -c Name | grep -e $PATTERN | sort | tr -d '\r')
905 NETWORKS=$(openstack network list --format=value -c Name | grep -e $PATTERN | sort | tr -d '\r')
906
907 for ROUTER in $ROUTERS
908 do
909 openstack router unset --external-gateway $ROUTER
910 openstack router set --disable --no-ha $ROUTER
911
912 SUBNS=$(openstack router show $ROUTER -c interfaces_info --format=value | python -m json.tool | grep -oP '(?<="subnet_id": ")[a-f0-9\-]{36}(?=")' | sort | uniq)
913 for SUBN in $SUBNS
914 do
915 openstack router remove subnet $ROUTER $SUBN
916 done
917
918 for PORT in $(openstack port list --router $ROUTER --format=value -c ID | tr -d '\r')
919 do
920 openstack router remove port $ROUTER $PORT
921 done
922
923 openstack router delete $ROUTER
924 done
925
926 for NETWORK in $NETWORKS
927 do
928 for PORT in $(openstack port list --network $NETWORK --format=value -c ID | tr -d '\r')
929 do
930 openstack port delete $PORT
931 done
932 openstack network delete $NETWORK
933 done
934 set -e
935 tests:
936 NeutronNetworks.create_and_delete_networks:
937 - args:
938 network_create_args: {}
939 context:
940 quotas:
941 neutron:
942 network: -1
943 runner:
944 concurrency: 1
945 times: 1
946 type: constant
947 sla:
948 failure_rate:
949 max: 0
950 NeutronNetworks.create_and_delete_ports:
951 - args:
952 network_create_args: {}
953 port_create_args: {}
954 ports_per_network: 10
955 context:
956 network: {}
957 quotas:
958 neutron:
959 network: -1
960 port: -1
961 runner:
962 concurrency: 1
963 times: 1
964 type: constant
965 sla:
966 failure_rate:
967 max: 0
968 NeutronNetworks.create_and_delete_routers:
969 - args:
970 network_create_args: {}
971 router_create_args: {}
972 subnet_cidr_start: 1.1.0.0/30
973 subnet_create_args: {}
974 subnets_per_network: 2
975 context:
976 network: {}
977 quotas:
978 neutron:
979 network: -1
980 router: -1
981 subnet: -1
982 runner:
983 concurrency: 1
984 times: 1
985 type: constant
986 sla:
987 failure_rate:
988 max: 0
989 NeutronNetworks.create_and_delete_subnets:
990 - args:
991 network_create_args: {}
992 subnet_cidr_start: 1.1.0.0/30
993 subnet_create_args: {}
994 subnets_per_network: 2
995 context:
996 network: {}
997 quotas:
998 neutron:
999 network: -1
1000 subnet: -1
1001 runner:
1002 concurrency: 1
1003 times: 1
1004 type: constant
1005 sla:
1006 failure_rate:
1007 max: 0
1008 NeutronNetworks.create_and_list_routers:
1009 - args:
1010 network_create_args: {}
1011 router_create_args: {}
1012 subnet_cidr_start: 1.1.0.0/30
1013 subnet_create_args: {}
1014 subnets_per_network: 2
1015 context:
1016 network: {}
1017 quotas:
1018 neutron:
1019 network: -1
1020 router: -1
1021 subnet: -1
1022 runner:
1023 concurrency: 1
1024 times: 1
1025 type: constant
1026 sla:
1027 failure_rate:
1028 max: 0
1029 NeutronNetworks.create_and_list_subnets:
1030 - args:
1031 network_create_args: {}
1032 subnet_cidr_start: 1.1.0.0/30
1033 subnet_create_args: {}
1034 subnets_per_network: 2
1035 context:
1036 network: {}
1037 quotas:
1038 neutron:
1039 network: -1
1040 subnet: -1
1041 runner:
1042 concurrency: 1
1043 times: 1
1044 type: constant
1045 sla:
1046 failure_rate:
1047 max: 0
1048 NeutronNetworks.create_and_show_network:
1049 - args:
1050 network_create_args: {}
1051 context:
1052 quotas:
1053 neutron:
1054 network: -1
1055 runner:
1056 concurrency: 1
1057 times: 1
1058 type: constant
1059 sla:
1060 failure_rate:
1061 max: 0
1062 NeutronNetworks.create_and_update_networks:
1063 - args:
1064 network_create_args: {}
1065 network_update_args:
1066 admin_state_up: false
1067 context:
1068 quotas:
1069 neutron:
1070 network: -1
1071 runner:
1072 concurrency: 1
1073 times: 1
1074 type: constant
1075 sla:
1076 failure_rate:
1077 max: 0
1078 NeutronNetworks.create_and_update_ports:
1079 - args:
1080 network_create_args: {}
1081 port_create_args: {}
1082 port_update_args:
1083 admin_state_up: false
1084 device_id: dummy_id
1085 device_owner: dummy_owner
1086 ports_per_network: 5
1087 context:
1088 network: {}
1089 quotas:
1090 neutron:
1091 network: -1
1092 port: -1
1093 runner:
1094 concurrency: 1
1095 times: 1
1096 type: constant
1097 sla:
1098 failure_rate:
1099 max: 0
1100 NeutronNetworks.create_and_update_routers:
1101 - args:
1102 network_create_args: {}
1103 router_create_args: {}
1104 router_update_args:
1105 admin_state_up: false
1106 subnet_cidr_start: 1.1.0.0/30
1107 subnet_create_args: {}
1108 subnets_per_network: 2
1109 context:
1110 network: {}
1111 quotas:
1112 neutron:
1113 network: -1
1114 router: -1
1115 subnet: -1
1116 runner:
1117 concurrency: 1
1118 times: 1
1119 type: constant
1120 sla:
1121 failure_rate:
1122 max: 0
1123 NeutronNetworks.create_and_update_subnets:
1124 - args:
1125 network_create_args: {}
1126 subnet_cidr_start: 1.4.0.0/16
1127 subnet_create_args: {}
1128 subnet_update_args:
1129 enable_dhcp: false
1130 subnets_per_network: 2
1131 context:
1132 network: {}
1133 quotas:
1134 neutron:
1135 network: -1
1136 subnet: -1
1137 runner:
1138 concurrency: 1
1139 times: 1
1140 type: constant
1141 sla:
1142 failure_rate:
1143 max: 0
1144 NeutronNetworks.list_agents:
1145 - args:
1146 agent_args: {}
1147 runner:
1148 concurrency: 1
1149 times: 1
1150 type: constant
1151 sla:
1152 failure_rate:
1153 max: 0
1154 NeutronSecurityGroup.create_and_list_security_groups:
1155 - args:
1156 security_group_create_args: {}
1157 context:
1158 quotas:
1159 neutron:
1160 security_group: -1
1161 runner:
1162 concurrency: 1
1163 times: 1
1164 type: constant
1165 sla:
1166 failure_rate:
1167 max: 0
1168 NeutronSecurityGroup.create_and_update_security_groups:
1169 - args:
1170 security_group_create_args: {}
1171 security_group_update_args: {}
1172 context:
1173 quotas:
1174 neutron:
1175 security_group: -1
1176 runner:
1177 concurrency: 1
1178 times: 1
1179 type: constant
1180 sla:
1181 failure_rate:
1182 max: 0
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1183 paste: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1184 policy: {}
1185 api_audit_map:
1186 DEFAULT:
1187 target_endpoint_type: None
1188 custom_actions:
1189 add_router_interface: update/add
1190 remove_router_interface: update/remove
1191 path_keywords:
1192 floatingips: ip
1193 healthmonitors: healthmonitor
1194 health_monitors: health_monitor
1195 lb: None
1196 members: member
1197 metering-labels: label
1198 metering-label-rules: rule
1199 networks: network
1200 pools: pool
1201 ports: port
1202 routers: router
1203 quotas: quota
1204 security-groups: security-group
1205 security-group-rules: rule
1206 subnets: subnet
1207 vips: vip
1208 service_endpoints:
1209 network: service/network
1210 neutron_sudoers: |
1211 # This sudoers file supports rootwrap for both Kolla and LOCI Images.
1212 Defaults !requiretty
1213 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
1214 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *, /var/lib/openstack/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
1215 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf, /var/lib/openstack/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
1216 rootwrap: |
1217 # Configuration for neutron-rootwrap
1218 # This file should be owned by (and only-writeable by) the root user
1219
1220 [DEFAULT]
1221 # List of directories to load filter definitions from (separated by ',').
1222 # These directories MUST all be only writeable by root !
1223 filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap,/var/lib/openstack/etc/neutron/rootwrap.d
1224
1225 # List of directories to search executables in, in case filters do not
1226 # explicitely specify a full path (separated by ',')
1227 # If not specified, defaults to system PATH environment variable.
1228 # These directories MUST all be only writeable by root !
1229 exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin
1230
1231 # Enable logging to syslog
1232 # Default value is False
1233 use_syslog=False
1234
1235 # Which syslog facility to use.
1236 # Valid values include auth, authpriv, syslog, local0, local1...
1237 # Default value is 'syslog'
1238 syslog_log_facility=syslog
1239
1240 # Which messages to log.
1241 # INFO means log all usage
1242 # ERROR means only log unsuccessful attempts
1243 syslog_log_level=ERROR
1244
1245 [xenapi]
1246 # XenAPI configuration is only required by the L2 agent if it is to
1247 # target a XenServer/XCP compute host's dom0.
1248 xenapi_connection_url=<None>
1249 xenapi_connection_username=root
1250 xenapi_connection_password=<None>
1251 rootwrap_filters:
1252 debug:
1253 pods:
1254 - dhcp_agent
1255 - l3_agent
1256 - lb_agent
1257 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1258 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1259 - ovs_agent
1260 - sriov_agent
1261 content: |
1262 # neutron-rootwrap command filters for nodes on which neutron is
1263 # expected to control network
1264 #
1265 # This file should be owned by (and only-writeable by) the root user
1266
1267 # format seems to be
1268 # cmd-name: filter-name, raw-command, user, args
1269
1270 [Filters]
1271
1272 # This is needed because we should ping
1273 # from inside a namespace which requires root
1274 # _alt variants allow to match -c and -w in any order
1275 # (used by NeutronDebugAgent.ping_all)
1276 ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
1277 ping_alt: RegExpFilter, ping, root, ping, -c, \d+, -w, \d+, [0-9\.]+
1278 ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+
1279 ping6_alt: RegExpFilter, ping6, root, ping6, -c, \d+, -w, \d+, [0-9A-Fa-f:]+
1280 dibbler:
1281 pods:
1282 - dhcp_agent
1283 - l3_agent
1284 - lb_agent
1285 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1286 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1287 - ovs_agent
1288 - sriov_agent
1289 content: |
1290 # neutron-rootwrap command filters for nodes on which neutron is
1291 # expected to control network
1292 #
1293 # This file should be owned by (and only-writeable by) the root user
1294
1295 # format seems to be
1296 # cmd-name: filter-name, raw-command, user, args
1297
1298 [Filters]
1299
1300 # Filters for the dibbler-based reference implementation of the pluggable
1301 # Prefix Delegation driver. Other implementations using an alternative agent
1302 # should include a similar filter in this folder.
1303
1304 # prefix_delegation_agent
1305 dibbler-client: CommandFilter, dibbler-client, root
1306 ipset_firewall:
1307 pods:
1308 - dhcp_agent
1309 - l3_agent
1310 - lb_agent
1311 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1312 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1313 - ovs_agent
1314 - sriov_agent
1315 content: |
1316 # neutron-rootwrap command filters for nodes on which neutron is
1317 # expected to control network
1318 #
1319 # This file should be owned by (and only-writeable by) the root user
1320
1321 # format seems to be
1322 # cmd-name: filter-name, raw-command, user, args
1323
1324 [Filters]
1325 # neutron/agent/linux/iptables_firewall.py
1326 # "ipset", "-A", ...
1327 ipset: CommandFilter, ipset, root
1328 l3:
1329 pods:
1330 - dhcp_agent
1331 - l3_agent
1332 - lb_agent
1333 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1334 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1335 - ovs_agent
1336 - sriov_agent
1337 content: |
1338 # neutron-rootwrap command filters for nodes on which neutron is
1339 # expected to control network
1340 #
1341 # This file should be owned by (and only-writeable by) the root user
1342
1343 # format seems to be
1344 # cmd-name: filter-name, raw-command, user, args
1345
1346 [Filters]
1347
1348 # arping
1349 arping: CommandFilter, arping, root
1350
1351 # l3_agent
1352 sysctl: CommandFilter, sysctl, root
1353 route: CommandFilter, route, root
1354 radvd: CommandFilter, radvd, root
1355
1356 # haproxy
1357 haproxy: RegExpFilter, haproxy, root, haproxy, -f, .*
1358 kill_haproxy: KillFilter, root, haproxy, -15, -9, -HUP
1359
1360 # metadata proxy
1361 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
1362 # RHEL invocation of the metadata proxy will report /usr/bin/python
1363 kill_metadata: KillFilter, root, python, -15, -9
1364 kill_metadata2: KillFilter, root, python2, -15, -9
1365 kill_metadata7: KillFilter, root, python2.7, -15, -9
1366 kill_metadata3: KillFilter, root, python3, -15, -9
1367 kill_metadata35: KillFilter, root, python3.5, -15, -9
1368 kill_metadata36: KillFilter, root, python3.6, -15, -9
1369 kill_metadata37: KillFilter, root, python3.7, -15, -9
1370 kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -15, -9, -HUP
1371 kill_radvd: KillFilter, root, /sbin/radvd, -15, -9, -HUP
1372
1373 # ip_lib
1374 ip: IpFilter, ip, root
1375 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1376 ip_exec: IpNetnsExecFilter, ip, root
1377
1378 # l3_tc_lib
1379 l3_tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
1380 l3_tc_add_qdisc_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress
1381 l3_tc_add_qdisc_egress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, root, handle, 1:, htb
1382 l3_tc_show_filters: RegExpFilter, tc, root, tc, -p, -s, -d, filter, show, dev, .+, parent, .+, prio, 1
1383 l3_tc_delete_filters: RegExpFilter, tc, root, tc, filter, del, dev, .+, parent, .+, prio, 1, handle, .+, u32
1384 l3_tc_add_filter_ingress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, dst, .+, police, rate, .+, burst, .+, drop, flowid, :1
1385 l3_tc_add_filter_egress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, src, .+, police, rate, .+, burst, .+, drop, flowid, :1
1386
1387 # For ip monitor
1388 kill_ip_monitor: KillFilter, root, ip, -9
1389
1390 # ovs_lib (if OVSInterfaceDriver is used)
1391 ovs-vsctl: CommandFilter, ovs-vsctl, root
1392
1393 # iptables_manager
1394 iptables-save: CommandFilter, iptables-save, root
1395 iptables-restore: CommandFilter, iptables-restore, root
1396 ip6tables-save: CommandFilter, ip6tables-save, root
1397 ip6tables-restore: CommandFilter, ip6tables-restore, root
1398
1399 # Keepalived
1400 keepalived: CommandFilter, keepalived, root
1401 kill_keepalived: KillFilter, root, keepalived, -HUP, -15, -9
1402
1403 # l3 agent to delete floatingip's conntrack state
1404 conntrack: CommandFilter, conntrack, root
1405
1406 # keepalived state change monitor
1407 keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root
1408 # The following filters are used to kill the keepalived state change monitor.
1409 # Since the monitor runs as a Python script, the system reports that the
1410 # command of the process to be killed is python.
1411 # TODO(mlavalle) These kill filters will be updated once we come up with a
1412 # mechanism to kill using the name of the script being executed by Python
1413 kill_keepalived_monitor_py: KillFilter, root, python, -15
1414 kill_keepalived_monitor_py27: KillFilter, root, python2.7, -15
1415 kill_keepalived_monitor_py3: KillFilter, root, python3, -15
1416 kill_keepalived_monitor_py35: KillFilter, root, python3.5, -15
1417 kill_keepalived_monitor_py36: KillFilter, root, python3.6, -15
1418 kill_keepalived_monitor_py37: KillFilter, root, python3.7, -15
1419 netns_cleanup:
1420 pods:
1421 - dhcp_agent
1422 - l3_agent
1423 - lb_agent
1424 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1425 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1426 - ovs_agent
1427 - sriov_agent
1428 - netns_cleanup_cron
1429 content: |
1430 # neutron-rootwrap command filters for nodes on which neutron is
1431 # expected to control network
1432 #
1433 # This file should be owned by (and only-writeable by) the root user
1434
1435 # format seems to be
1436 # cmd-name: filter-name, raw-command, user, args
1437
1438 [Filters]
1439
1440 # netns-cleanup
1441 netstat: CommandFilter, netstat, root
1442 dhcp:
1443 pods:
1444 - dhcp_agent
1445 - l3_agent
1446 - lb_agent
1447 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1448 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1449 - ovs_agent
1450 - sriov_agent
1451 - netns_cleanup_cron
1452 content: |
1453 # neutron-rootwrap command filters for nodes on which neutron is
1454 # expected to control network
1455 #
1456 # This file should be owned by (and only-writeable by) the root user
1457
1458 # format seems to be
1459 # cmd-name: filter-name, raw-command, user, args
1460
1461 [Filters]
1462
1463 # dhcp-agent
1464 dnsmasq: CommandFilter, dnsmasq, root
1465 # dhcp-agent uses kill as well, that's handled by the generic KillFilter
1466 # it looks like these are the only signals needed, per
1467 # neutron/agent/linux/dhcp.py
1468 kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP, -15
1469 kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP, -15
1470
1471 ovs-vsctl: CommandFilter, ovs-vsctl, root
1472 ivs-ctl: CommandFilter, ivs-ctl, root
1473 mm-ctl: CommandFilter, mm-ctl, root
1474 dhcp_release: CommandFilter, dhcp_release, root
1475 dhcp_release6: CommandFilter, dhcp_release6, root
1476
1477 # metadata proxy
1478 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
1479 # RHEL invocation of the metadata proxy will report /usr/bin/python
1480 kill_metadata: KillFilter, root, python, -9
1481 kill_metadata2: KillFilter, root, python2, -9
1482 kill_metadata7: KillFilter, root, python2.7, -9
1483 kill_metadata3: KillFilter, root, python3, -9
1484 kill_metadata35: KillFilter, root, python3.5, -9
1485 kill_metadata36: KillFilter, root, python3.6, -9
1486 kill_metadata37: KillFilter, root, python3.7, -9
1487
1488 # ip_lib
1489 ip: IpFilter, ip, root
1490 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1491 ip_exec: IpNetnsExecFilter, ip, root
1492 ebtables:
1493 pods:
1494 - dhcp_agent
1495 - l3_agent
1496 - lb_agent
1497 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1498 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1499 - ovs_agent
1500 - sriov_agent
1501 content: |
1502 # neutron-rootwrap command filters for nodes on which neutron is
1503 # expected to control network
1504 #
1505 # This file should be owned by (and only-writeable by) the root user
1506
1507 # format seems to be
1508 # cmd-name: filter-name, raw-command, user, args
1509
1510 [Filters]
1511
1512 ebtables: CommandFilter, ebtables, root
1513 iptables_firewall:
1514 pods:
1515 - dhcp_agent
1516 - l3_agent
1517 - lb_agent
1518 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1519 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1520 - ovs_agent
1521 - sriov_agent
1522 content: |
1523 # neutron-rootwrap command filters for nodes on which neutron is
1524 # expected to control network
1525 #
1526 # This file should be owned by (and only-writeable by) the root user
1527
1528 # format seems to be
1529 # cmd-name: filter-name, raw-command, user, args
1530
1531 [Filters]
1532
1533 # neutron/agent/linux/iptables_firewall.py
1534 # "iptables-save", ...
1535 iptables-save: CommandFilter, iptables-save, root
1536 iptables-restore: CommandFilter, iptables-restore, root
1537 ip6tables-save: CommandFilter, ip6tables-save, root
1538 ip6tables-restore: CommandFilter, ip6tables-restore, root
1539
1540 # neutron/agent/linux/iptables_firewall.py
1541 # "iptables", "-A", ...
1542 iptables: CommandFilter, iptables, root
1543 ip6tables: CommandFilter, ip6tables, root
1544
1545 # neutron/agent/linux/iptables_firewall.py
1546 sysctl: CommandFilter, sysctl, root
1547
1548 # neutron/agent/linux/ip_conntrack.py
1549 conntrack: CommandFilter, conntrack, root
1550 linuxbridge_plugin:
1551 pods:
1552 - dhcp_agent
1553 - l3_agent
1554 - lb_agent
1555 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1556 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1557 - ovs_agent
1558 - sriov_agent
1559 content: |
1560 # neutron-rootwrap command filters for nodes on which neutron is
1561 # expected to control network
1562 #
1563 # This file should be owned by (and only-writeable by) the root user
1564
1565 # format seems to be
1566 # cmd-name: filter-name, raw-command, user, args
1567
1568 [Filters]
1569
1570 # linuxbridge-agent
1571 # unclear whether both variants are necessary, but I'm transliterating
1572 # from the old mechanism
1573 brctl: CommandFilter, brctl, root
1574 bridge: CommandFilter, bridge, root
1575
1576 # ip_lib
1577 ip: IpFilter, ip, root
1578 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1579 ip_exec: IpNetnsExecFilter, ip, root
1580
1581 # tc commands needed for QoS support
1582 tc_replace_tbf: RegExpFilter, tc, root, tc, qdisc, replace, dev, .+, root, tbf, rate, .+, latency, .+, burst, .+
1583 tc_add_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress, handle, .+
1584 tc_delete: RegExpFilter, tc, root, tc, qdisc, del, dev, .+, .+
1585 tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
1586 tc_show_filters: RegExpFilter, tc, root, tc, filter, show, dev, .+, parent, .+
1587 tc_add_filter: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, all, prio, .+, basic, police, rate, .+, burst, .+, mtu, .+, drop
1588 openvswitch_plugin:
1589 pods:
1590 - dhcp_agent
1591 - l3_agent
1592 - lb_agent
1593 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1594 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1595 - ovs_agent
1596 - sriov_agent
1597 content: |
1598 # neutron-rootwrap command filters for nodes on which neutron is
1599 # expected to control network
1600 #
1601 # This file should be owned by (and only-writeable by) the root user
1602
1603 # format seems to be
1604 # cmd-name: filter-name, raw-command, user, args
1605
1606 [Filters]
1607
1608 # openvswitch-agent
1609 # unclear whether both variants are necessary, but I'm transliterating
1610 # from the old mechanism
1611 ovs-vsctl: CommandFilter, ovs-vsctl, root
1612 # NOTE(yamamoto): of_interface=native doesn't use ovs-ofctl
1613 ovs-ofctl: CommandFilter, ovs-ofctl, root
1614 ovs-appctl: CommandFilter, ovs-appctl, root
1615 kill_ovsdb_client: KillFilter, root, /usr/bin/ovsdb-client, -9
1616 ovsdb-client: CommandFilter, ovsdb-client, root
1617 xe: CommandFilter, xe, root
1618
1619 # ip_lib
1620 ip: IpFilter, ip, root
1621 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1622 ip_exec: IpNetnsExecFilter, ip, root
1623
1624 # needed for FDB extension
1625 bridge: CommandFilter, bridge, root
1626 privsep:
1627 pods:
1628 - dhcp_agent
1629 - l3_agent
1630 - lb_agent
1631 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1632 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1633 - ovs_agent
1634 - sriov_agent
1635 - netns_cleanup_cron
1636 content: |
1637 # Command filters to allow privsep daemon to be started via rootwrap.
1638 #
1639 # This file should be owned by (and only-writeable by) the root user
1640
1641 [Filters]
1642
1643 # By installing the following, the local admin is asserting that:
1644 #
1645 # 1. The python module load path used by privsep-helper
1646 # command as root (as started by sudo/rootwrap) is trusted.
1647 # 2. Any oslo.config files matching the --config-file
1648 # arguments below are trusted.
1649 # 3. Users allowed to run sudo/rootwrap with this configuration(*) are
1650 # also allowed to invoke python "entrypoint" functions from
1651 # --privsep_context with the additional (possibly root) privileges
1652 # configured for that context.
1653 #
1654 # (*) ie: the user is allowed by /etc/sudoers to run rootwrap as root
1655 #
1656 # In particular, the oslo.config and python module path must not
1657 # be writeable by the unprivileged user.
1658
1659 # oslo.privsep default neutron context
1660 privsep: PathFilter, privsep-helper, root,
1661 --config-file, /etc,
1662 --privsep_context, neutron.privileged.default,
1663 --privsep_sock_path, /
1664
1665 # NOTE: A second `--config-file` arg can also be added above. Since
1666 # many neutron components are installed like that (eg: by devstack).
1667 # Adjust to suit local requirements.
1668 linux_vxlan:
1669 pods:
1670 - bagpipe_bgp
1671 content: |
1672 # bagpipe-bgp-rootwrap command filters for nodes on which bagpipe-bgp is
1673 # expected to control VXLAN Linux Bridge dataplane
1674 #
1675 # This file should be owned by (and only-writeable by) the root user
1676
1677 # format seems to be
1678 # cmd-name: filter-name, raw-command, user, args
1679
1680 [Filters]
1681
1682 #
1683 modprobe: CommandFilter, modprobe, root
1684
1685 #
1686 brctl: CommandFilter, brctl, root
1687 bridge: CommandFilter, bridge, root
1688
1689 # ip_lib
1690 ip: IpFilter, ip, root
1691 ip_exec: IpNetnsExecFilter, ip, root
1692
1693 # shell (for piped commands)
1694 sh: CommandFilter, sh, root
1695 mpls_ovs_dataplane:
1696 pods:
1697 - bagpipe_bgp
1698 content: |
1699 # bagpipe-bgp-rootwrap command filters for nodes on which bagpipe-bgp is
1700 # expected to control MPLS OpenVSwitch dataplane
1701 #
1702 # This file should be owned by (and only-writeable by) the root user
1703
1704 # format seems to be
1705 # cmd-name: filter-name, raw-command, user, args
1706
1707 [Filters]
1708
1709 # openvswitch
1710 ovs-vsctl: CommandFilter, ovs-vsctl, root
1711 ovs-ofctl: CommandFilter, ovs-ofctl, root
1712
1713 # ip_lib
1714 ip: IpFilter, ip, root
1715 ip_exec: IpNetnsExecFilter, ip, root
1716
1717 # shell (for piped commands)
1718 sh: CommandFilter, sh, root
1719 neutron:
1720 DEFAULT:
1721 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
1722 log_config_append: /etc/neutron/logging.conf
1723 # NOTE(portdirect): the bind port should not be defined, and is manipulated
1724 # via the endpoints section.
1725 bind_port: null
1726 default_availability_zones: nova
1727 api_workers: 1
1728 rpc_workers: 4
1729 allow_overlapping_ips: True
1730 state_path: /var/lib/neutron
1731 # core_plugin can be: ml2, calico
1732 core_plugin: ml2
1733 # service_plugin can be: router, odl-router, empty for calico,
1734 # networking_ovn.l3.l3_ovn.OVNL3RouterPlugin for OVN
1735 service_plugins: router
1736 allow_automatic_l3agent_failover: True
1737 l3_ha: True
1738 max_l3_agents_per_router: 2
1739 l3_ha_network_type: vxlan
1740 network_auto_schedule: True
1741 router_auto_schedule: True
1742 # (NOTE)portdirect: if unset this is populated dynamically from the value in
1743 # 'network.backend' to sane defaults.
1744 interface_driver: null
1745 oslo_concurrency:
1746 lock_path: /var/lib/neutron/tmp
1747 database:
1748 max_retries: -1
1749 agent:
1750 root_helper: sudo /var/lib/openstack/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
1751 root_helper_daemon: sudo /var/lib/openstack/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
1752 oslo_messaging_notifications:
1753 driver: messagingv2
1754 oslo_messaging_rabbit:
1755 rabbit_ha_queues: true
1756 oslo_middleware:
1757 enable_proxy_headers_parsing: true
1758 oslo_policy:
1759 policy_file: /etc/neutron/policy.yaml
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]1760 ovn:
1761 enable_distributed_floating_ip: true
1762 ovn_metadata_enabled: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1763 nova:
1764 auth_type: password
1765 auth_version: v3
1766 endpoint_type: internal
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]1767 placement:
1768 auth_type: password
1769 auth_version: v3
1770 endpoint_type: internal
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1771 designate:
1772 auth_type: password
1773 auth_version: v3
1774 endpoint_type: internal
1775 allow_reverse_dns_lookup: true
1776 ironic:
1777 endpoint_type: internal
1778 keystone_authtoken:
1779 memcache_security_strategy: ENCRYPT
1780 auth_type: password
1781 auth_version: v3
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1782 service_type: network
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1783 octavia:
1784 request_poll_timeout: 3000
1785 logging:
1786 loggers:
1787 keys:
1788 - root
1789 - neutron
1790 - neutron_taas
1791 handlers:
1792 keys:
1793 - stdout
1794 - stderr
1795 - "null"
1796 formatters:
1797 keys:
1798 - context
1799 - default
1800 logger_root:
1801 level: WARNING
1802 handlers: 'null'
1803 logger_neutron:
1804 level: INFO
1805 handlers:
1806 - stdout
1807 qualname: neutron
1808 logger_neutron_taas:
1809 level: INFO
1810 handlers:
1811 - stdout
1812 qualname: neutron_taas
1813 logger_amqp:
1814 level: WARNING
1815 handlers: stderr
1816 qualname: amqp
1817 logger_amqplib:
1818 level: WARNING
1819 handlers: stderr
1820 qualname: amqplib
1821 logger_eventletwsgi:
1822 level: WARNING
1823 handlers: stderr
1824 qualname: eventlet.wsgi.server
1825 logger_sqlalchemy:
1826 level: WARNING
1827 handlers: stderr
1828 qualname: sqlalchemy
1829 logger_boto:
1830 level: WARNING
1831 handlers: stderr
1832 qualname: boto
1833 handler_null:
1834 class: logging.NullHandler
1835 formatter: default
1836 args: ()
1837 handler_stdout:
1838 class: StreamHandler
1839 args: (sys.stdout,)
1840 formatter: context
1841 handler_stderr:
1842 class: StreamHandler
1843 args: (sys.stderr,)
1844 formatter: context
1845 formatter_context:
1846 class: oslo_log.formatters.ContextFormatter
1847 datefmt: "%Y-%m-%d %H:%M:%S"
1848 formatter_default:
1849 format: "%(message)s"
1850 datefmt: "%Y-%m-%d %H:%M:%S"
1851 plugins:
1852 ml2_conf:
1853 ml2:
1854 extension_drivers: port_security
1855 # (NOTE)portdirect: if unset this is populated dyanmicly from the value
1856 # in 'network.backend' to sane defaults.
1857 mechanism_drivers: null
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1858 type_drivers: flat,vlan,vxlan,local
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1859 tenant_network_types: vxlan
1860 ml2_type_vxlan:
1861 vni_ranges: 1:1000
1862 vxlan_group: 239.1.1.1
1863 ml2_type_flat:
1864 flat_networks: "*"
1865 # If you want to use the external network as a tagged provider network,
1866 # a range should be specified including the intended VLAN target
1867 # using ml2_type_vlan.network_vlan_ranges:
1868 # ml2_type_vlan:
1869 # network_vlan_ranges: "external:1100:1110"
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]1870 ml2_type_geneve:
1871 vni_ranges: 1:65536
1872 max_header_size: 38
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1873 agent:
1874 extensions: ""
1875 ml2_conf_sriov: null
1876 taas:
1877 taas:
1878 enabled: False
1879 openvswitch_agent:
1880 agent:
1881 tunnel_types: vxlan
1882 l2_population: True
1883 arp_responder: True
1884 ovs:
1885 bridge_mappings: "external:br-ex"
1886 securitygroup:
1887 firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
1888 linuxbridge_agent:
1889 linux_bridge:
1890 # To define Flat and VLAN connections, in LB we can assign
1891 # specific interface to the flat/vlan network name using:
1892 # physical_interface_mappings: "external:eth3"
1893 # Or we can set the mapping between the network and bridge:
1894 bridge_mappings: "external:br-ex"
1895 # The two above options are exclusive, do not use both of them at once
1896 securitygroup:
1897 firewall_driver: iptables
1898 vxlan:
1899 l2_population: True
1900 arp_responder: True
1901 macvtap_agent: null
1902 sriov_agent:
1903 securitygroup:
1904 firewall_driver: neutron.agent.firewall.NoopFirewallDriver
1905 sriov_nic:
1906 physical_device_mappings: physnet2:enp3s0f1
1907 # NOTE: do not use null here, use an empty string
1908 exclude_devices: ""
1909 dhcp_agent:
1910 DEFAULT:
1911 # (NOTE)portdirect: if unset this is populated dyanmicly from the value in
1912 # 'network.backend' to sane defaults.
1913 interface_driver: null
1914 dnsmasq_config_file: /etc/neutron/dnsmasq.conf
1915 force_metadata: True
1916 dnsmasq: |
1917 #no-hosts
1918 #port=5353
1919 #cache-size=500
1920 #no-negcache
1921 #dns-forward-max=100
1922 #resolve-file=
1923 #strict-order
1924 #bind-interface
1925 #bind-dynamic
1926 #domain=
1927 #dhcp-range=10.10.10.10,10.10.10.100,24h
1928 #dhcp-lease-max=150
1929 #dhcp-host=11:22:33:44:55:66,ignore
1930 #dhcp-option=3,10.10.10.1
1931 #dhcp-option-force=26,1450
1932
1933 l3_agent:
1934 DEFAULT:
1935 # (NOTE)portdirect: if unset this is populated dyanmicly from the value in
1936 # 'network.backend' to sane defaults.
1937 interface_driver: null
1938 agent_mode: legacy
1939 metering_agent: null
1940 metadata_agent:
1941 DEFAULT:
1942 # we cannot change the proxy socket path as it is declared
1943 # as a hostPath volume from agent daemonsets
1944 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
1945 metadata_proxy_shared_secret: "password"
1946 cache:
1947 enabled: true
1948 backend: dogpile.cache.memcached
1949 bagpipe_bgp: {}
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]1950 ovn_metadata_agent:
1951 DEFAULT:
1952 # we cannot change the proxy socket path as it is declared
1953 # as a hostPath volume from agent daemonsets
1954 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
1955 metadata_proxy_shared_secret: "password"
1956 metadata_workers: 2
1957 cache:
1958 enabled: true
1959 backend: dogpile.cache.memcached
1960 ovs:
1961 ovsdb_connection: unix:/run/openvswitch/db.sock
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1962
1963 rabbitmq:
1964 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
1965 policies:
1966 - vhost: "neutron"
1967 name: "ha_ttl_neutron"
1968 definition:
1969 # mirror messges to other nodes in rmq cluster
1970 ha-mode: "all"
1971 ha-sync-mode: "automatic"
1972 # 70s
1973 message-ttl: 70000
1974 priority: 0
1975 apply-to: all
1976 pattern: '^(?!(amq\.|reply_)).*'
1977 ## NOTE: "besteffort" is meant for dev env with mixed compute type only.
1978 ## This helps prevent sriov init script from failing due to mis-matched NIC
1979 ## For prod env, target NIC should match and init script should fail otherwise.
1980 ## sriov_init:
1981 ## - besteffort
1982 sriov_init:
1983 -
1984 # auto_bridge_add is a table of "bridge: interface" pairs
1985 # To automatically add a physical interfaces to a specific bridges,
1986 # for example eth3 to bridge br-physnet1, if0 to br0 and iface_two
1987 # to br1 do something like:
1988 #
1989 # auto_bridge_add:
1990 # br-physnet1: eth3
1991 # br0: if0
1992 # br1: iface_two
1993 # br-ex will be added by default
1994 auto_bridge_add:
1995 br-ex: null
1996
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]1997 # Network off-loading configuration
1998 netoffload:
ricolin18e6fd32023-07-17 06:17:15 +0000[diff] [blame]1999 enabled: false
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]2000 asap2:
2001 # - dev: enp97s0f0
2002 # vfs: 16
2003
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2004 # configuration of OVS DPDK bridges and NICs
2005 # this is a separate section and not part of the auto_bridge_add section
2006 # because additional parameters are needed
2007 ovs_dpdk:
2008 enabled: false
2009 # setting update_dpdk_bond_config to true will have default behavior,
2010 # which may cause disruptions in ovs dpdk traffic in case of neutron
2011 # ovs agent restart or when dpdk nic/bond configurations are changed.
2012 # Setting this to false will configure dpdk in the first run and
2013 # disable nic/bond config on event of restart or config update.
2014 update_dpdk_bond_config: true
2015 driver: uio_pci_generic
2016 # In case bonds are configured, the nics which are part of those bonds
2017 # must NOT be provided here.
2018 nics:
2019 - name: dpdk0
2020 pci_id: '0000:05:00.0'
2021 # Set VF Index in case some particular VF(s) need to be
2022 # used with ovs-dpdk.
2023 # vf_index: 0
2024 bridge: br-phy
2025 migrate_ip: true
2026 n_rxq: 2
2027 n_txq: 2
2028 pmd_rxq_affinity: "0:3,1:27"
2029 ofport_request: 1
2030 # optional parameters for tuning the OVS DPDK config
2031 # in alignment with the available hardware resources
2032 # mtu: 2000
2033 # n_rxq_size: 1024
2034 # n_txq_size: 1024
2035 # vhost-iommu-support: true
2036 bridges:
2037 - name: br-phy
2038 # optional parameter, in case tunnel traffic needs to be transported over a vlan underlay
2039 # - tunnel_underlay_vlan: 45
2040 # Optional parameter for configuring bonding in OVS-DPDK
2041 # - name: br-phy-bond0
2042 # bonds:
2043 # - name: dpdkbond0
2044 # bridge: br-phy-bond0
2045 # # The IP from the first nic in nics list shall be used
2046 # migrate_ip: true
2047 # mtu: 2000
2048 # # Please note that n_rxq is set for each NIC individually
2049 # # rather than denoting the total number of rx queues for
2050 # # the bond as a whole. So setting n_rxq = 2 below for ex.
2051 # # would be 4 rx queues in total for the bond.
2052 # # Same for n_txq
2053 # n_rxq: 2
2054 # n_txq: 2
2055 # ofport_request: 1
2056 # n_rxq_size: 1024
2057 # n_txq_size: 1024
2058 # vhost-iommu-support: true
2059 # ovs_options: "bond_mode=active-backup"
2060 # nics:
2061 # - name: dpdk_b0s0
2062 # pci_id: '0000:06:00.0'
2063 # pmd_rxq_affinity: "0:3,1:27"
2064 # # Set VF Index in case some particular VF(s) need to be
2065 # # used with ovs-dpdk. In which case pci_id of PF must be
2066 # # provided above.
2067 # # vf_index: 0
2068 # - name: dpdk_b0s1
2069 # pci_id: '0000:07:00.0'
2070 # pmd_rxq_affinity: "0:3,1:27"
2071 # # Set VF Index in case some particular VF(s) need to be
2072 # # used with ovs-dpdk. In which case pci_id of PF must be
2073 # # provided above.
2074 # # vf_index: 0
2075 #
2076 # Set the log level for each target module (default level is always dbg)
2077 # Supported log levels are: off, emer, err, warn, info, dbg
2078 #
2079 # modules:
2080 # - name: dpdk
2081 # log_level: info
2082
2083# Names of secrets used by bootstrap and environmental checks
2084secrets:
2085 identity:
2086 admin: neutron-keystone-admin
2087 neutron: neutron-keystone-user
2088 test: neutron-keystone-test
2089 oslo_db:
2090 admin: neutron-db-admin
2091 neutron: neutron-db-user
2092 oslo_messaging:
2093 admin: neutron-rabbitmq-admin
2094 neutron: neutron-rabbitmq-user
2095 tls:
2096 compute_metadata:
2097 metadata:
2098 internal: metadata-tls-metadata
2099 network:
2100 server:
2101 public: neutron-tls-public
2102 internal: neutron-tls-server
2103 oci_image_registry:
2104 neutron: neutron-oci-image-registry
2105
2106# typically overridden by environmental
2107# values, but should include all endpoints
2108# required by this chart
2109endpoints:
2110 cluster_domain_suffix: cluster.local
2111 local_image_registry:
2112 name: docker-registry
2113 namespace: docker-registry
2114 hosts:
2115 default: localhost
2116 internal: docker-registry
2117 node: localhost
2118 host_fqdn_override:
2119 default: null
2120 port:
2121 registry:
2122 node: 5000
2123 oci_image_registry:
2124 name: oci-image-registry
2125 namespace: oci-image-registry
2126 auth:
2127 enabled: false
2128 neutron:
2129 username: neutron
2130 password: password
2131 hosts:
2132 default: localhost
2133 host_fqdn_override:
2134 default: null
2135 port:
2136 registry:
2137 default: null
2138 oslo_db:
2139 auth:
2140 admin:
2141 username: root
2142 password: password
2143 secret:
2144 tls:
2145 internal: mariadb-tls-direct
2146 neutron:
2147 username: neutron
2148 password: password
2149 hosts:
2150 default: mariadb
2151 host_fqdn_override:
2152 default: null
2153 path: /neutron
2154 scheme: mysql+pymysql
2155 port:
2156 mysql:
2157 default: 3306
2158 oslo_messaging:
2159 auth:
2160 admin:
2161 username: rabbitmq
2162 password: password
2163 secret:
2164 tls:
2165 internal: rabbitmq-tls-direct
2166 neutron:
2167 username: neutron
2168 password: password
2169 statefulset:
2170 replicas: 2
2171 name: rabbitmq-rabbitmq
2172 hosts:
2173 default: rabbitmq
2174 host_fqdn_override:
2175 default: null
2176 path: /neutron
2177 scheme: rabbit
2178 port:
2179 amqp:
2180 default: 5672
2181 http:
2182 default: 15672
2183 oslo_cache:
2184 auth:
2185 # NOTE(portdirect): this is used to define the value for keystone
2186 # authtoken cache encryption key, if not set it will be populated
2187 # automatically with a random value, but to take advantage of
2188 # this feature all services should be set to use the same key,
2189 # and memcache service.
2190 memcache_secret_key: null
2191 hosts:
2192 default: memcached
2193 host_fqdn_override:
2194 default: null
2195 port:
2196 memcache:
2197 default: 11211
2198 compute:
2199 name: nova
2200 hosts:
2201 default: nova-api
2202 public: nova
2203 host_fqdn_override:
2204 default: null
2205 path:
2206 default: "/v2.1/%(tenant_id)s"
2207 scheme:
2208 default: 'http'
2209 port:
2210 api:
2211 default: 8774
2212 public: 80
2213 novncproxy:
2214 default: 6080
2215 compute_metadata:
2216 name: nova
2217 hosts:
2218 default: nova-metadata
2219 public: metadata
2220 host_fqdn_override:
2221 default: null
2222 path:
2223 default: /
2224 scheme:
2225 default: 'http'
2226 port:
2227 metadata:
2228 default: 8775
2229 public: 80
2230 identity:
2231 name: keystone
2232 auth:
2233 admin:
2234 region_name: RegionOne
2235 username: admin
2236 password: password
2237 project_name: admin
2238 user_domain_name: default
2239 project_domain_name: default
2240 neutron:
2241 role: admin
2242 region_name: RegionOne
2243 username: neutron
2244 password: password
2245 project_name: service
2246 user_domain_name: service
2247 project_domain_name: service
2248 nova:
2249 region_name: RegionOne
2250 project_name: service
2251 username: nova
2252 password: password
2253 user_domain_name: service
2254 project_domain_name: service
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]2255 placement:
2256 region_name: RegionOne
2257 project_name: service
2258 username: placement
2259 password: password
2260 user_domain_name: service
2261 project_domain_name: service
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2262 designate:
2263 region_name: RegionOne
2264 project_name: service
2265 username: designate
2266 password: password
2267 user_domain_name: service
2268 project_domain_name: service
2269 ironic:
2270 region_name: RegionOne
2271 project_name: service
2272 username: ironic
2273 password: password
2274 user_domain_name: service
2275 project_domain_name: service
2276 test:
2277 role: admin
2278 region_name: RegionOne
2279 username: neutron-test
2280 password: password
2281 # NOTE: this project will be purged and reset if
2282 # conf.rally_tests.force_project_purge is set to true
2283 # which may be required upon test failure, but be aware that this will
2284 # expunge all openstack objects, so if this is used a seperate project
2285 # should be used for each helm test, and also it should be ensured
2286 # that this project is not in use by other tenants
2287 project_name: test
2288 user_domain_name: service
2289 project_domain_name: service
2290 hosts:
2291 default: keystone
2292 internal: keystone-api
2293 host_fqdn_override:
2294 default: null
2295 path:
2296 default: /v3
2297 scheme:
2298 default: http
2299 port:
2300 api:
2301 default: 80
2302 internal: 5000
2303 network:
2304 name: neutron
2305 hosts:
2306 default: neutron-server
2307 public: neutron
2308 host_fqdn_override:
2309 default: null
2310 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
2311 # endpoints using the following format:
2312 # public:
2313 # host: null
2314 # tls:
2315 # crt: null
2316 # key: null
2317 path:
2318 default: null
2319 scheme:
2320 default: 'http'
2321 service: 'http'
2322 port:
2323 api:
2324 default: 9696
2325 public: 80
2326 service: 9696
2327 load_balancer:
2328 name: octavia
2329 hosts:
2330 default: octavia-api
2331 public: octavia
2332 host_fqdn_override:
2333 default: null
2334 path:
2335 default: null
2336 scheme:
2337 default: http
2338 port:
2339 api:
2340 default: 9876
2341 public: 80
2342 fluentd:
2343 namespace: osh-infra
2344 name: fluentd
2345 hosts:
2346 default: fluentd-logging
2347 host_fqdn_override:
2348 default: null
2349 path:
2350 default: null
2351 scheme: 'http'
2352 port:
2353 service:
2354 default: 24224
2355 metrics:
2356 default: 24220
2357 dns:
2358 name: designate
2359 hosts:
2360 default: designate-api
2361 public: designate
2362 host_fqdn_override:
2363 default: null
2364 path:
2365 default: /
2366 scheme:
2367 default: 'http'
2368 port:
2369 api:
2370 default: 9001
2371 public: 80
2372 baremetal:
2373 name: ironic
2374 hosts:
2375 default: ironic-api
2376 public: ironic
2377 host_fqdn_override:
2378 default: null
2379 path:
2380 default: null
2381 scheme:
2382 default: 'http'
2383 port:
2384 api:
2385 default: 6385
2386 public: 80
2387 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
2388 # They are using to enable the Egress K8s network policy.
2389 kube_dns:
2390 namespace: kube-system
2391 name: kubernetes-dns
2392 hosts:
2393 default: kube-dns
2394 host_fqdn_override:
2395 default: null
2396 path:
2397 default: null
2398 scheme: http
2399 port:
2400 dns:
2401 default: 53
2402 protocol: UDP
2403 ingress:
2404 namespace: null
2405 name: ingress
2406 hosts:
2407 default: ingress
2408 port:
2409 ingress:
2410 default: 80
2411
2412network_policy:
2413 neutron:
2414 # TODO(lamt): Need to tighten this ingress for security.
2415 ingress:
2416 - {}
2417 egress:
2418 - {}
2419
2420helm3_hook: true
2421
2422health_probe:
2423 logging:
2424 level: ERROR
2425
2426tls:
2427 identity: false
2428 oslo_messaging: false
2429 oslo_db: false
2430
2431manifests:
2432 certificates: false
2433 configmap_bin: true
2434 configmap_etc: true
2435 daemonset_dhcp_agent: true
2436 daemonset_l3_agent: true
2437 daemonset_lb_agent: true
2438 daemonset_metadata_agent: true
2439 daemonset_ovs_agent: true
2440 daemonset_sriov_agent: true
2441 daemonset_l2gw_agent: false
2442 daemonset_bagpipe_bgp: false
2443 daemonset_netns_cleanup_cron: true
2444 deployment_ironic_agent: false
2445 deployment_server: true
2446 ingress_server: true
2447 job_bootstrap: true
2448 job_db_init: true
2449 job_db_sync: true
2450 job_db_drop: false
2451 job_image_repo_sync: true
2452 job_ks_endpoints: true
2453 job_ks_service: true
2454 job_ks_user: true
2455 job_rabbit_init: true
2456 pdb_server: true
2457 pod_rally_test: true
2458 network_policy: false
2459 secret_db: true
2460 secret_ingress_tls: true
2461 secret_keystone: true
2462 secret_rabbitmq: true
2463 secret_registry: true
2464 service_ingress_server: true
2465 service_server: true
2466...