Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 8fa18182f5bc8e0a3ec8fe54b38c896aabf42027 / . / charts / neutron / values.yaml
blob: 122d912a19cb6550d0c945e4185bd2ebae6dd88d [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for neutron.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21images:
22 tags:
23 bootstrap: docker.io/openstackhelm/heat:stein-ubuntu_bionic
24 test: docker.io/xrally/xrally-openstack:2.0.0
25 purge_test: docker.io/openstackhelm/ospurge:latest
26 db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
27 neutron_db_sync: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
28 db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
29 rabbit_init: docker.io/rabbitmq:3.7-management
30 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
31 ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic
32 ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]33 netoffload: ghcr.io/vexxhost/netoffload:v1.0.1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]34 neutron_server: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
35 neutron_dhcp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
36 neutron_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]37 neutron_ovn_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]38 neutron_l3: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
39 neutron_l2gw: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
40 neutron_openvswitch_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
41 neutron_linuxbridge_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
42 neutron_sriov_agent: docker.io/openstackhelm/neutron:stein-18.04-sriov
43 neutron_sriov_agent_init: docker.io/openstackhelm/neutron:stein-18.04-sriov
44 neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
45 neutron_ironic_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
46 neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
47 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
48 image_repo_sync: docker.io/docker:17.07.0
49 pull_policy: "IfNotPresent"
50 local_registry:
51 active: false
52 exclude:
53 - dep_check
54 - image_repo_sync
55
56labels:
57 agent:
58 dhcp:
59 node_selector_key: openstack-control-plane
60 node_selector_value: enabled
61 l3:
62 node_selector_key: openstack-control-plane
63 node_selector_value: enabled
64 metadata:
65 node_selector_key: openstack-control-plane
66 node_selector_value: enabled
67 l2gw:
68 node_selector_key: openstack-control-plane
69 node_selector_value: enabled
70 job:
71 node_selector_key: openstack-control-plane
72 node_selector_value: enabled
73 lb:
74 node_selector_key: linuxbridge
75 node_selector_value: enabled
76 # openvswitch is a special case, requiring a special
77 # label that can apply to both control hosts
78 # and compute hosts, until we get more sophisticated
79 # with our daemonset scheduling
80 ovs:
81 node_selector_key: openvswitch
82 node_selector_value: enabled
83 sriov:
84 node_selector_key: sriov
85 node_selector_value: enabled
86 bagpipe_bgp:
87 node_selector_key: openstack-compute-node
88 node_selector_value: enabled
89 server:
90 node_selector_key: openstack-control-plane
91 node_selector_value: enabled
92 ironic_agent:
93 node_selector_key: openstack-control-plane
94 node_selector_value: enabled
95 netns_cleanup_cron:
96 node_selector_key: openstack-control-plane
97 node_selector_value: enabled
98 test:
99 node_selector_key: openstack-control-plane
100 node_selector_value: enabled
101
102network:
103 # provide what type of network wiring will be used
104 backend:
105 - openvswitch
106 # NOTE(Portdirect): Share network namespaces with the host,
107 # allowing agents to be restarted without packet loss and simpler
108 # debugging. This feature requires mount propagation support.
109 share_namespaces: true
110 interface:
111 # Tunnel interface will be used for VXLAN tunneling.
112 tunnel: null
113 # If tunnel is null there is a fallback mechanism to search
114 # for interface with routing using tunnel network cidr.
115 tunnel_network_cidr: "0/0"
116 # To perform setup of network interfaces using the SR-IOV init
117 # container you can use a section similar to:
118 # sriov:
119 # - device: ${DEV}
120 # num_vfs: 8
121 # mtu: 9214
122 # promisc: false
123 # qos:
124 # - vf_num: 0
125 # share: 10
126 # queues_per_vf:
127 # - num_queues: 16
128 # exclude_vf: 0,11,21
129 server:
130 ingress:
131 public: true
132 classes:
133 namespace: "nginx"
134 cluster: "nginx-cluster"
135 annotations:
136 nginx.ingress.kubernetes.io/rewrite-target: /
137 external_policy_local: false
138 node_port:
139 enabled: false
140 port: 30096
141
142bootstrap:
143 enabled: false
144 ks_user: neutron
145 script: |
146 openstack token issue
147
148dependencies:
149 dynamic:
150 common:
151 local_image_registry:
152 jobs:
153 - neutron-image-repo-sync
154 services:
155 - endpoint: node
156 service: local_image_registry
157 targeted:
158 sriov: {}
159 l2gateway: {}
160 bagpipe_bgp: {}
161 openvswitch:
162 dhcp:
163 pod:
164 - requireSameNode: true
165 labels:
166 application: neutron
167 component: neutron-ovs-agent
168 l3:
169 pod:
170 - requireSameNode: true
171 labels:
172 application: neutron
173 component: neutron-ovs-agent
174 metadata:
175 pod:
176 - requireSameNode: true
177 labels:
178 application: neutron
179 component: neutron-ovs-agent
180 linuxbridge:
181 dhcp:
182 pod:
183 - requireSameNode: true
184 labels:
185 application: neutron
186 component: neutron-lb-agent
187 l3:
188 pod:
189 - requireSameNode: true
190 labels:
191 application: neutron
192 component: neutron-lb-agent
193 metadata:
194 pod:
195 - requireSameNode: true
196 labels:
197 application: neutron
198 component: neutron-lb-agent
199 lb_agent:
200 pod: null
201 static:
202 bootstrap:
203 services:
204 - endpoint: internal
205 service: network
206 - endpoint: internal
207 service: compute
208 db_drop:
209 services:
210 - endpoint: internal
211 service: oslo_db
212 db_init:
213 services:
214 - endpoint: internal
215 service: oslo_db
216 db_sync:
217 jobs:
218 - neutron-db-init
219 services:
220 - endpoint: internal
221 service: oslo_db
222 dhcp:
223 pod: null
224 jobs:
225 - neutron-rabbit-init
226 services:
227 - endpoint: internal
228 service: oslo_messaging
229 - endpoint: internal
230 service: network
231 - endpoint: internal
232 service: compute
233 ks_endpoints:
234 jobs:
235 - neutron-ks-service
236 services:
237 - endpoint: internal
238 service: identity
239 ks_service:
240 services:
241 - endpoint: internal
242 service: identity
243 ks_user:
244 services:
245 - endpoint: internal
246 service: identity
247 rabbit_init:
248 services:
249 - service: oslo_messaging
250 endpoint: internal
251 l3:
252 pod: null
253 jobs:
254 - neutron-rabbit-init
255 services:
256 - endpoint: internal
257 service: oslo_messaging
258 - endpoint: internal
259 service: network
260 - endpoint: internal
261 service: compute
262 lb_agent:
263 pod: null
264 jobs:
265 - neutron-rabbit-init
266 services:
267 - endpoint: internal
268 service: oslo_messaging
269 - endpoint: internal
270 service: network
271 metadata:
272 pod: null
273 jobs:
274 - neutron-rabbit-init
275 services:
276 - endpoint: internal
277 service: oslo_messaging
278 - endpoint: internal
279 service: network
280 - endpoint: internal
281 service: compute
282 - endpoint: public
283 service: compute_metadata
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]284 ovn_metadata:
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]285 pod:
286 - requireSameNode: true
287 labels:
288 application: ovn
289 component: ovn-controller
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]290 services:
291 - endpoint: internal
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]292 service: compute_metadata
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]293 ovs_agent:
294 jobs:
295 - neutron-rabbit-init
296 pod:
297 - requireSameNode: true
298 labels:
299 application: openvswitch
300 component: server
301 services:
302 - endpoint: internal
303 service: oslo_messaging
304 - endpoint: internal
305 service: network
306 server:
307 jobs:
308 - neutron-db-sync
309 - neutron-ks-user
310 - neutron-ks-endpoints
311 - neutron-rabbit-init
312 services:
313 - endpoint: internal
314 service: oslo_db
315 - endpoint: internal
316 service: oslo_messaging
317 - endpoint: internal
318 service: oslo_cache
319 - endpoint: internal
320 service: identity
321 ironic_agent:
322 jobs:
323 - neutron-db-sync
324 - neutron-ks-user
325 - neutron-ks-endpoints
326 - neutron-rabbit-init
327 services:
328 - endpoint: internal
329 service: oslo_db
330 - endpoint: internal
331 service: oslo_messaging
332 - endpoint: internal
333 service: oslo_cache
334 - endpoint: internal
335 service: identity
336 tests:
337 services:
338 - endpoint: internal
339 service: network
340 - endpoint: internal
341 service: compute
342 image_repo_sync:
343 services:
344 - endpoint: internal
345 service: local_image_registry
346
347pod:
348 use_fqdn:
349 neutron_agent: true
350 probes:
351 rpc_timeout: 60
352 rpc_retries: 2
353 dhcp_agent:
354 dhcp_agent:
355 readiness:
356 enabled: true
357 params:
358 initialDelaySeconds: 30
359 periodSeconds: 190
360 timeoutSeconds: 185
361 liveness:
362 enabled: true
363 params:
364 initialDelaySeconds: 120
365 periodSeconds: 600
366 timeoutSeconds: 580
367 l3_agent:
368 l3_agent:
369 readiness:
370 enabled: true
371 params:
372 initialDelaySeconds: 30
373 periodSeconds: 190
374 timeoutSeconds: 185
375 liveness:
376 enabled: true
377 params:
378 initialDelaySeconds: 120
379 periodSeconds: 600
380 timeoutSeconds: 580
381 lb_agent:
382 lb_agent:
383 readiness:
384 enabled: true
385 metadata_agent:
386 metadata_agent:
387 readiness:
388 enabled: true
389 params:
390 initialDelaySeconds: 30
391 periodSeconds: 190
392 timeoutSeconds: 185
393 liveness:
394 enabled: true
395 params:
396 initialDelaySeconds: 120
397 periodSeconds: 600
398 timeoutSeconds: 580
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]399 ovn_metadata_agent:
400 ovn_metadata_agent:
401 readiness:
402 enabled: true
403 params:
404 initialDelaySeconds: 30
405 periodSeconds: 190
406 timeoutSeconds: 185
407 liveness:
408 enabled: true
409 params:
410 initialDelaySeconds: 120
411 periodSeconds: 600
412 timeoutSeconds: 580
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]413 ovs_agent:
414 ovs_agent:
415 readiness:
416 enabled: true
417 params:
418 liveness:
419 enabled: true
420 params:
421 initialDelaySeconds: 120
422 periodSeconds: 600
423 timeoutSeconds: 580
424 sriov_agent:
425 sriov_agent:
426 readiness:
427 enabled: true
428 params:
429 initialDelaySeconds: 30
430 periodSeconds: 190
431 timeoutSeconds: 185
432 bagpipe_bgp:
433 bagpipe_bgp:
434 readiness:
435 enabled: true
436 params:
437 liveness:
438 enabled: true
439 params:
440 initialDelaySeconds: 60
441 l2gw_agent:
442 l2gw_agent:
443 readiness:
444 enabled: true
445 params:
446 initialDelaySeconds: 30
447 periodSeconds: 15
448 timeoutSeconds: 65
449 liveness:
450 enabled: true
451 params:
452 initialDelaySeconds: 120
453 periodSeconds: 90
454 timeoutSeconds: 70
455 server:
456 server:
457 readiness:
458 enabled: true
459 params:
460 liveness:
461 enabled: true
462 params:
463 initialDelaySeconds: 60
464 security_context:
465 neutron_dhcp_agent:
466 pod:
467 runAsUser: 42424
468 container:
469 neutron_dhcp_agent:
470 readOnlyRootFilesystem: true
471 privileged: true
472 neutron_l2gw_agent:
473 pod:
474 runAsUser: 42424
475 container:
476 neutron_l2gw_agent:
477 readOnlyRootFilesystem: true
478 privileged: true
479 neutron_bagpipe_bgp:
480 pod:
481 runAsUser: 42424
482 container:
483 neutron_bagpipe_bgp:
484 readOnlyRootFilesystem: true
485 privileged: true
486 neutron_l3_agent:
487 pod:
488 runAsUser: 42424
489 container:
490 neutron_l3_agent:
491 readOnlyRootFilesystem: true
492 privileged: true
493 neutron_lb_agent:
494 pod:
495 runAsUser: 42424
496 container:
497 neutron_lb_agent_kernel_modules:
498 capabilities:
499 add:
500 - SYS_MODULE
501 - SYS_CHROOT
502 runAsUser: 0
503 readOnlyRootFilesystem: true
504 neutron_lb_agent_init:
505 privileged: true
506 runAsUser: 0
507 readOnlyRootFilesystem: true
508 neutron_lb_agent:
509 readOnlyRootFilesystem: true
510 privileged: true
511 neutron_metadata_agent:
512 pod:
513 runAsUser: 42424
514 container:
515 neutron_metadata_agent_init:
516 runAsUser: 0
517 readOnlyRootFilesystem: true
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]518 neutron_ovn_metadata_agent:
519 pod:
520 runAsUser: 42424
521 container:
522 neutron_ovn_metadata_agent_init:
523 runAsUser: 0
524 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]525 neutron_ovs_agent:
526 pod:
527 runAsUser: 42424
528 container:
529 neutron_openvswitch_agent_kernel_modules:
530 capabilities:
531 add:
532 - SYS_MODULE
533 - SYS_CHROOT
534 runAsUser: 0
535 readOnlyRootFilesystem: true
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]536 netoffload:
537 privileged: true
538 runAsUser: 0
539 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]540 neutron_ovs_agent_init:
541 privileged: true
542 runAsUser: 0
543 readOnlyRootFilesystem: true
544 neutron_ovs_agent:
545 readOnlyRootFilesystem: true
546 privileged: true
547 neutron_server:
548 pod:
549 runAsUser: 42424
550 container:
551 nginx:
552 runAsUser: 0
553 readOnlyRootFilesystem: false
554 neutron_server:
555 allowPrivilegeEscalation: false
556 readOnlyRootFilesystem: true
557 neutron_sriov_agent:
558 pod:
559 runAsUser: 42424
560 container:
561 neutron_sriov_agent_init:
562 privileged: true
563 runAsUser: 0
564 readOnlyRootFilesystem: false
565 neutron_sriov_agent:
566 readOnlyRootFilesystem: true
567 privileged: true
568 neutron_ironic_agent:
569 pod:
570 runAsUser: 42424
571 container:
572 neutron_ironic_agent:
573 allowPrivilegeEscalation: false
574 readOnlyRootFilesystem: true
575 neutron_netns_cleanup_cron:
576 pod:
577 runAsUser: 42424
578 container:
579 neutron_netns_cleanup_cron:
580 readOnlyRootFilesystem: true
581 privileged: true
582 affinity:
583 anti:
584 type:
585 default: preferredDuringSchedulingIgnoredDuringExecution
586 topologyKey:
587 default: kubernetes.io/hostname
588 weight:
589 default: 10
590 tolerations:
591 neutron:
592 enabled: false
593 tolerations:
594 - key: node-role.kubernetes.io/master
595 operator: Exists
596 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]597 - key: node-role.kubernetes.io/control-plane
598 operator: Exists
599 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]600 mounts:
601 neutron_server:
602 init_container: null
603 neutron_server:
604 volumeMounts:
605 volumes:
606 neutron_dhcp_agent:
607 init_container: null
608 neutron_dhcp_agent:
609 volumeMounts:
610 volumes:
611 neutron_l3_agent:
612 init_container: null
613 neutron_l3_agent:
614 volumeMounts:
615 volumes:
616 neutron_lb_agent:
617 init_container: null
618 neutron_lb_agent:
619 volumeMounts:
620 volumes:
621 neutron_metadata_agent:
622 init_container: null
623 neutron_metadata_agent:
624 volumeMounts:
625 volumes:
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]626 neutron_ovn_metadata_agent:
627 init_container: null
628 neutron_ovn_metadata_agent:
629 volumeMounts:
630 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]631 neutron_ovs_agent:
632 init_container: null
633 neutron_ovs_agent:
634 volumeMounts:
635 volumes:
636 neutron_sriov_agent:
637 init_container: null
638 neutron_sriov_agent:
639 volumeMounts:
640 volumes:
641 neutron_l2gw_agent:
642 init_container: null
643 neutron_l2gw_agent:
644 volumeMounts:
645 volumes:
646 bagpipe_bgp:
647 init_container: null
648 bagpipe_bgp:
649 volumeMounts:
650 volumes:
651 neutron_ironic_agent:
652 init_container: null
653 neutron_ironic_agent:
654 volumeMounts:
655 volumes:
656 neutron_netns_cleanup_cron:
657 init_container: null
658 neutron_netns_cleanup_cron:
659 volumeMounts:
660 volumes:
661 neutron_tests:
662 init_container: null
663 neutron_tests:
664 volumeMounts:
665 volumes:
666 neutron_bootstrap:
667 init_container: null
668 neutron_bootstrap:
669 volumeMounts:
670 volumes:
671 neutron_db_sync:
672 neutron_db_sync:
673 volumeMounts:
674 - name: db-sync-conf
675 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
676 subPath: ml2_conf.ini
677 readOnly: true
678 volumes:
679 replicas:
680 server: 1
681 ironic_agent: 1
682 lifecycle:
683 upgrades:
684 deployments:
685 revision_history: 3
686 pod_replacement_strategy: RollingUpdate
687 rolling_update:
688 max_unavailable: 1
689 max_surge: 3
690 daemonsets:
691 pod_replacement_strategy: RollingUpdate
692 dhcp_agent:
693 enabled: true
694 min_ready_seconds: 0
695 max_unavailable: 1
696 l3_agent:
697 enabled: true
698 min_ready_seconds: 0
699 max_unavailable: 1
700 lb_agent:
701 enabled: true
702 min_ready_seconds: 0
703 max_unavailable: 1
704 metadata_agent:
705 enabled: true
706 min_ready_seconds: 0
707 max_unavailable: 1
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]708 ovn_metadata_agent:
709 enabled: true
710 min_ready_seconds: 0
711 max_unavailable: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]712 ovs_agent:
713 enabled: true
714 min_ready_seconds: 0
715 max_unavailable: 1
716 sriov_agent:
717 enabled: true
718 min_ready_seconds: 0
719 max_unavailable: 1
720 netns_cleanup_cron:
721 enabled: true
722 min_ready_seconds: 0
723 max_unavailable: 1
724 disruption_budget:
725 server:
726 min_available: 0
727 termination_grace_period:
728 server:
729 timeout: 30
730 ironic_agent:
731 timeout: 30
732 resources:
733 enabled: false
734 agent:
735 dhcp:
736 requests:
737 memory: "128Mi"
738 cpu: "100m"
739 limits:
740 memory: "1024Mi"
741 cpu: "2000m"
742 l3:
743 requests:
744 memory: "128Mi"
745 cpu: "100m"
746 limits:
747 memory: "1024Mi"
748 cpu: "2000m"
749 lb:
750 requests:
751 memory: "128Mi"
752 cpu: "100m"
753 limits:
754 memory: "1024Mi"
755 cpu: "2000m"
756 metadata:
757 requests:
758 memory: "128Mi"
759 cpu: "100m"
760 limits:
761 memory: "1024Mi"
762 cpu: "2000m"
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]763 ovn_metadata:
764 requests:
765 memory: "128Mi"
766 cpu: "100m"
767 limits:
768 memory: "1024Mi"
769 cpu: "2000m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]770 ovs:
771 requests:
772 memory: "128Mi"
773 cpu: "100m"
774 limits:
775 memory: "1024Mi"
776 cpu: "2000m"
777 sriov:
778 requests:
779 memory: "128Mi"
780 cpu: "100m"
781 limits:
782 memory: "1024Mi"
783 cpu: "2000m"
784 l2gw:
785 requests:
786 memory: "128Mi"
787 cpu: "100m"
788 limits:
789 memory: "1024Mi"
790 cpu: "2000m"
791 bagpipe_bgp:
792 requests:
793 memory: "128Mi"
794 cpu: "100m"
795 limits:
796 memory: "1024Mi"
797 cpu: "2000m"
798 server:
799 requests:
800 memory: "128Mi"
801 cpu: "100m"
802 limits:
803 memory: "1024Mi"
804 cpu: "2000m"
805 ironic_agent:
806 requests:
807 memory: "128Mi"
808 cpu: "100m"
809 limits:
810 memory: "1024Mi"
811 cpu: "2000m"
812 netns_cleanup_cron:
813 requests:
814 memory: "128Mi"
815 cpu: "100m"
816 limits:
817 memory: "1024Mi"
818 cpu: "2000m"
819 jobs:
820 bootstrap:
821 requests:
822 memory: "128Mi"
823 cpu: "100m"
824 limits:
825 memory: "1024Mi"
826 cpu: "2000m"
827 db_init:
828 requests:
829 memory: "128Mi"
830 cpu: "100m"
831 limits:
832 memory: "1024Mi"
833 cpu: "2000m"
834 rabbit_init:
835 requests:
836 memory: "128Mi"
837 cpu: "100m"
838 limits:
839 memory: "1024Mi"
840 cpu: "2000m"
841 db_sync:
842 requests:
843 memory: "128Mi"
844 cpu: "100m"
845 limits:
846 memory: "1024Mi"
847 cpu: "2000m"
848 db_drop:
849 requests:
850 memory: "128Mi"
851 cpu: "100m"
852 limits:
853 memory: "1024Mi"
854 cpu: "2000m"
855 ks_endpoints:
856 requests:
857 memory: "128Mi"
858 cpu: "100m"
859 limits:
860 memory: "1024Mi"
861 cpu: "2000m"
862 ks_service:
863 requests:
864 memory: "128Mi"
865 cpu: "100m"
866 limits:
867 memory: "1024Mi"
868 cpu: "2000m"
869 ks_user:
870 requests:
871 memory: "128Mi"
872 cpu: "100m"
873 limits:
874 memory: "1024Mi"
875 cpu: "2000m"
876 tests:
877 requests:
878 memory: "128Mi"
879 cpu: "100m"
880 limits:
881 memory: "1024Mi"
882 cpu: "2000m"
883 image_repo_sync:
884 requests:
885 memory: "128Mi"
886 cpu: "100m"
887 limits:
888 memory: "1024Mi"
889 cpu: "2000m"
890
891conf:
892 rally_tests:
893 force_project_purge: false
894 run_tempest: false
895 clean_up: |
896 # NOTE: We will make the best effort to clean up rally generated networks and routers,
897 # but should not block further automated deployment.
898 set +e
899 PATTERN="^[sc]_rally_"
900
901 ROUTERS=$(openstack router list --format=value -c Name | grep -e $PATTERN | sort | tr -d '\r')
902 NETWORKS=$(openstack network list --format=value -c Name | grep -e $PATTERN | sort | tr -d '\r')
903
904 for ROUTER in $ROUTERS
905 do
906 openstack router unset --external-gateway $ROUTER
907 openstack router set --disable --no-ha $ROUTER
908
909 SUBNS=$(openstack router show $ROUTER -c interfaces_info --format=value | python -m json.tool | grep -oP '(?<="subnet_id": ")[a-f0-9\-]{36}(?=")' | sort | uniq)
910 for SUBN in $SUBNS
911 do
912 openstack router remove subnet $ROUTER $SUBN
913 done
914
915 for PORT in $(openstack port list --router $ROUTER --format=value -c ID | tr -d '\r')
916 do
917 openstack router remove port $ROUTER $PORT
918 done
919
920 openstack router delete $ROUTER
921 done
922
923 for NETWORK in $NETWORKS
924 do
925 for PORT in $(openstack port list --network $NETWORK --format=value -c ID | tr -d '\r')
926 do
927 openstack port delete $PORT
928 done
929 openstack network delete $NETWORK
930 done
931 set -e
932 tests:
933 NeutronNetworks.create_and_delete_networks:
934 - args:
935 network_create_args: {}
936 context:
937 quotas:
938 neutron:
939 network: -1
940 runner:
941 concurrency: 1
942 times: 1
943 type: constant
944 sla:
945 failure_rate:
946 max: 0
947 NeutronNetworks.create_and_delete_ports:
948 - args:
949 network_create_args: {}
950 port_create_args: {}
951 ports_per_network: 10
952 context:
953 network: {}
954 quotas:
955 neutron:
956 network: -1
957 port: -1
958 runner:
959 concurrency: 1
960 times: 1
961 type: constant
962 sla:
963 failure_rate:
964 max: 0
965 NeutronNetworks.create_and_delete_routers:
966 - args:
967 network_create_args: {}
968 router_create_args: {}
969 subnet_cidr_start: 1.1.0.0/30
970 subnet_create_args: {}
971 subnets_per_network: 2
972 context:
973 network: {}
974 quotas:
975 neutron:
976 network: -1
977 router: -1
978 subnet: -1
979 runner:
980 concurrency: 1
981 times: 1
982 type: constant
983 sla:
984 failure_rate:
985 max: 0
986 NeutronNetworks.create_and_delete_subnets:
987 - args:
988 network_create_args: {}
989 subnet_cidr_start: 1.1.0.0/30
990 subnet_create_args: {}
991 subnets_per_network: 2
992 context:
993 network: {}
994 quotas:
995 neutron:
996 network: -1
997 subnet: -1
998 runner:
999 concurrency: 1
1000 times: 1
1001 type: constant
1002 sla:
1003 failure_rate:
1004 max: 0
1005 NeutronNetworks.create_and_list_routers:
1006 - args:
1007 network_create_args: {}
1008 router_create_args: {}
1009 subnet_cidr_start: 1.1.0.0/30
1010 subnet_create_args: {}
1011 subnets_per_network: 2
1012 context:
1013 network: {}
1014 quotas:
1015 neutron:
1016 network: -1
1017 router: -1
1018 subnet: -1
1019 runner:
1020 concurrency: 1
1021 times: 1
1022 type: constant
1023 sla:
1024 failure_rate:
1025 max: 0
1026 NeutronNetworks.create_and_list_subnets:
1027 - args:
1028 network_create_args: {}
1029 subnet_cidr_start: 1.1.0.0/30
1030 subnet_create_args: {}
1031 subnets_per_network: 2
1032 context:
1033 network: {}
1034 quotas:
1035 neutron:
1036 network: -1
1037 subnet: -1
1038 runner:
1039 concurrency: 1
1040 times: 1
1041 type: constant
1042 sla:
1043 failure_rate:
1044 max: 0
1045 NeutronNetworks.create_and_show_network:
1046 - args:
1047 network_create_args: {}
1048 context:
1049 quotas:
1050 neutron:
1051 network: -1
1052 runner:
1053 concurrency: 1
1054 times: 1
1055 type: constant
1056 sla:
1057 failure_rate:
1058 max: 0
1059 NeutronNetworks.create_and_update_networks:
1060 - args:
1061 network_create_args: {}
1062 network_update_args:
1063 admin_state_up: false
1064 context:
1065 quotas:
1066 neutron:
1067 network: -1
1068 runner:
1069 concurrency: 1
1070 times: 1
1071 type: constant
1072 sla:
1073 failure_rate:
1074 max: 0
1075 NeutronNetworks.create_and_update_ports:
1076 - args:
1077 network_create_args: {}
1078 port_create_args: {}
1079 port_update_args:
1080 admin_state_up: false
1081 device_id: dummy_id
1082 device_owner: dummy_owner
1083 ports_per_network: 5
1084 context:
1085 network: {}
1086 quotas:
1087 neutron:
1088 network: -1
1089 port: -1
1090 runner:
1091 concurrency: 1
1092 times: 1
1093 type: constant
1094 sla:
1095 failure_rate:
1096 max: 0
1097 NeutronNetworks.create_and_update_routers:
1098 - args:
1099 network_create_args: {}
1100 router_create_args: {}
1101 router_update_args:
1102 admin_state_up: false
1103 subnet_cidr_start: 1.1.0.0/30
1104 subnet_create_args: {}
1105 subnets_per_network: 2
1106 context:
1107 network: {}
1108 quotas:
1109 neutron:
1110 network: -1
1111 router: -1
1112 subnet: -1
1113 runner:
1114 concurrency: 1
1115 times: 1
1116 type: constant
1117 sla:
1118 failure_rate:
1119 max: 0
1120 NeutronNetworks.create_and_update_subnets:
1121 - args:
1122 network_create_args: {}
1123 subnet_cidr_start: 1.4.0.0/16
1124 subnet_create_args: {}
1125 subnet_update_args:
1126 enable_dhcp: false
1127 subnets_per_network: 2
1128 context:
1129 network: {}
1130 quotas:
1131 neutron:
1132 network: -1
1133 subnet: -1
1134 runner:
1135 concurrency: 1
1136 times: 1
1137 type: constant
1138 sla:
1139 failure_rate:
1140 max: 0
1141 NeutronNetworks.list_agents:
1142 - args:
1143 agent_args: {}
1144 runner:
1145 concurrency: 1
1146 times: 1
1147 type: constant
1148 sla:
1149 failure_rate:
1150 max: 0
1151 NeutronSecurityGroup.create_and_list_security_groups:
1152 - args:
1153 security_group_create_args: {}
1154 context:
1155 quotas:
1156 neutron:
1157 security_group: -1
1158 runner:
1159 concurrency: 1
1160 times: 1
1161 type: constant
1162 sla:
1163 failure_rate:
1164 max: 0
1165 NeutronSecurityGroup.create_and_update_security_groups:
1166 - args:
1167 security_group_create_args: {}
1168 security_group_update_args: {}
1169 context:
1170 quotas:
1171 neutron:
1172 security_group: -1
1173 runner:
1174 concurrency: 1
1175 times: 1
1176 type: constant
1177 sla:
1178 failure_rate:
1179 max: 0
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1180 paste: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1181 policy: {}
1182 api_audit_map:
1183 DEFAULT:
1184 target_endpoint_type: None
1185 custom_actions:
1186 add_router_interface: update/add
1187 remove_router_interface: update/remove
1188 path_keywords:
1189 floatingips: ip
1190 healthmonitors: healthmonitor
1191 health_monitors: health_monitor
1192 lb: None
1193 members: member
1194 metering-labels: label
1195 metering-label-rules: rule
1196 networks: network
1197 pools: pool
1198 ports: port
1199 routers: router
1200 quotas: quota
1201 security-groups: security-group
1202 security-group-rules: rule
1203 subnets: subnet
1204 vips: vip
1205 service_endpoints:
1206 network: service/network
1207 neutron_sudoers: |
1208 # This sudoers file supports rootwrap for both Kolla and LOCI Images.
1209 Defaults !requiretty
1210 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
1211 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *, /var/lib/openstack/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
1212 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf, /var/lib/openstack/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
1213 rootwrap: |
1214 # Configuration for neutron-rootwrap
1215 # This file should be owned by (and only-writeable by) the root user
1216
1217 [DEFAULT]
1218 # List of directories to load filter definitions from (separated by ',').
1219 # These directories MUST all be only writeable by root !
1220 filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap,/var/lib/openstack/etc/neutron/rootwrap.d
1221
1222 # List of directories to search executables in, in case filters do not
1223 # explicitely specify a full path (separated by ',')
1224 # If not specified, defaults to system PATH environment variable.
1225 # These directories MUST all be only writeable by root !
1226 exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin
1227
1228 # Enable logging to syslog
1229 # Default value is False
1230 use_syslog=False
1231
1232 # Which syslog facility to use.
1233 # Valid values include auth, authpriv, syslog, local0, local1...
1234 # Default value is 'syslog'
1235 syslog_log_facility=syslog
1236
1237 # Which messages to log.
1238 # INFO means log all usage
1239 # ERROR means only log unsuccessful attempts
1240 syslog_log_level=ERROR
1241
1242 [xenapi]
1243 # XenAPI configuration is only required by the L2 agent if it is to
1244 # target a XenServer/XCP compute host's dom0.
1245 xenapi_connection_url=<None>
1246 xenapi_connection_username=root
1247 xenapi_connection_password=<None>
1248 rootwrap_filters:
1249 debug:
1250 pods:
1251 - dhcp_agent
1252 - l3_agent
1253 - lb_agent
1254 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1255 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1256 - ovs_agent
1257 - sriov_agent
1258 content: |
1259 # neutron-rootwrap command filters for nodes on which neutron is
1260 # expected to control network
1261 #
1262 # This file should be owned by (and only-writeable by) the root user
1263
1264 # format seems to be
1265 # cmd-name: filter-name, raw-command, user, args
1266
1267 [Filters]
1268
1269 # This is needed because we should ping
1270 # from inside a namespace which requires root
1271 # _alt variants allow to match -c and -w in any order
1272 # (used by NeutronDebugAgent.ping_all)
1273 ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
1274 ping_alt: RegExpFilter, ping, root, ping, -c, \d+, -w, \d+, [0-9\.]+
1275 ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+
1276 ping6_alt: RegExpFilter, ping6, root, ping6, -c, \d+, -w, \d+, [0-9A-Fa-f:]+
1277 dibbler:
1278 pods:
1279 - dhcp_agent
1280 - l3_agent
1281 - lb_agent
1282 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1283 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1284 - ovs_agent
1285 - sriov_agent
1286 content: |
1287 # neutron-rootwrap command filters for nodes on which neutron is
1288 # expected to control network
1289 #
1290 # This file should be owned by (and only-writeable by) the root user
1291
1292 # format seems to be
1293 # cmd-name: filter-name, raw-command, user, args
1294
1295 [Filters]
1296
1297 # Filters for the dibbler-based reference implementation of the pluggable
1298 # Prefix Delegation driver. Other implementations using an alternative agent
1299 # should include a similar filter in this folder.
1300
1301 # prefix_delegation_agent
1302 dibbler-client: CommandFilter, dibbler-client, root
1303 ipset_firewall:
1304 pods:
1305 - dhcp_agent
1306 - l3_agent
1307 - lb_agent
1308 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1309 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1310 - ovs_agent
1311 - sriov_agent
1312 content: |
1313 # neutron-rootwrap command filters for nodes on which neutron is
1314 # expected to control network
1315 #
1316 # This file should be owned by (and only-writeable by) the root user
1317
1318 # format seems to be
1319 # cmd-name: filter-name, raw-command, user, args
1320
1321 [Filters]
1322 # neutron/agent/linux/iptables_firewall.py
1323 # "ipset", "-A", ...
1324 ipset: CommandFilter, ipset, root
1325 l3:
1326 pods:
1327 - dhcp_agent
1328 - l3_agent
1329 - lb_agent
1330 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1331 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1332 - ovs_agent
1333 - sriov_agent
1334 content: |
1335 # neutron-rootwrap command filters for nodes on which neutron is
1336 # expected to control network
1337 #
1338 # This file should be owned by (and only-writeable by) the root user
1339
1340 # format seems to be
1341 # cmd-name: filter-name, raw-command, user, args
1342
1343 [Filters]
1344
1345 # arping
1346 arping: CommandFilter, arping, root
1347
1348 # l3_agent
1349 sysctl: CommandFilter, sysctl, root
1350 route: CommandFilter, route, root
1351 radvd: CommandFilter, radvd, root
1352
1353 # haproxy
1354 haproxy: RegExpFilter, haproxy, root, haproxy, -f, .*
1355 kill_haproxy: KillFilter, root, haproxy, -15, -9, -HUP
1356
1357 # metadata proxy
1358 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
1359 # RHEL invocation of the metadata proxy will report /usr/bin/python
1360 kill_metadata: KillFilter, root, python, -15, -9
1361 kill_metadata2: KillFilter, root, python2, -15, -9
1362 kill_metadata7: KillFilter, root, python2.7, -15, -9
1363 kill_metadata3: KillFilter, root, python3, -15, -9
1364 kill_metadata35: KillFilter, root, python3.5, -15, -9
1365 kill_metadata36: KillFilter, root, python3.6, -15, -9
1366 kill_metadata37: KillFilter, root, python3.7, -15, -9
1367 kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -15, -9, -HUP
1368 kill_radvd: KillFilter, root, /sbin/radvd, -15, -9, -HUP
1369
1370 # ip_lib
1371 ip: IpFilter, ip, root
1372 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1373 ip_exec: IpNetnsExecFilter, ip, root
1374
1375 # l3_tc_lib
1376 l3_tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
1377 l3_tc_add_qdisc_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress
1378 l3_tc_add_qdisc_egress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, root, handle, 1:, htb
1379 l3_tc_show_filters: RegExpFilter, tc, root, tc, -p, -s, -d, filter, show, dev, .+, parent, .+, prio, 1
1380 l3_tc_delete_filters: RegExpFilter, tc, root, tc, filter, del, dev, .+, parent, .+, prio, 1, handle, .+, u32
1381 l3_tc_add_filter_ingress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, dst, .+, police, rate, .+, burst, .+, drop, flowid, :1
1382 l3_tc_add_filter_egress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, src, .+, police, rate, .+, burst, .+, drop, flowid, :1
1383
1384 # For ip monitor
1385 kill_ip_monitor: KillFilter, root, ip, -9
1386
1387 # ovs_lib (if OVSInterfaceDriver is used)
1388 ovs-vsctl: CommandFilter, ovs-vsctl, root
1389
1390 # iptables_manager
1391 iptables-save: CommandFilter, iptables-save, root
1392 iptables-restore: CommandFilter, iptables-restore, root
1393 ip6tables-save: CommandFilter, ip6tables-save, root
1394 ip6tables-restore: CommandFilter, ip6tables-restore, root
1395
1396 # Keepalived
1397 keepalived: CommandFilter, keepalived, root
1398 kill_keepalived: KillFilter, root, keepalived, -HUP, -15, -9
1399
1400 # l3 agent to delete floatingip's conntrack state
1401 conntrack: CommandFilter, conntrack, root
1402
1403 # keepalived state change monitor
1404 keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root
1405 # The following filters are used to kill the keepalived state change monitor.
1406 # Since the monitor runs as a Python script, the system reports that the
1407 # command of the process to be killed is python.
1408 # TODO(mlavalle) These kill filters will be updated once we come up with a
1409 # mechanism to kill using the name of the script being executed by Python
1410 kill_keepalived_monitor_py: KillFilter, root, python, -15
1411 kill_keepalived_monitor_py27: KillFilter, root, python2.7, -15
1412 kill_keepalived_monitor_py3: KillFilter, root, python3, -15
1413 kill_keepalived_monitor_py35: KillFilter, root, python3.5, -15
1414 kill_keepalived_monitor_py36: KillFilter, root, python3.6, -15
1415 kill_keepalived_monitor_py37: KillFilter, root, python3.7, -15
1416 netns_cleanup:
1417 pods:
1418 - dhcp_agent
1419 - l3_agent
1420 - lb_agent
1421 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1422 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1423 - ovs_agent
1424 - sriov_agent
1425 - netns_cleanup_cron
1426 content: |
1427 # neutron-rootwrap command filters for nodes on which neutron is
1428 # expected to control network
1429 #
1430 # This file should be owned by (and only-writeable by) the root user
1431
1432 # format seems to be
1433 # cmd-name: filter-name, raw-command, user, args
1434
1435 [Filters]
1436
1437 # netns-cleanup
1438 netstat: CommandFilter, netstat, root
1439 dhcp:
1440 pods:
1441 - dhcp_agent
1442 - l3_agent
1443 - lb_agent
1444 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1445 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1446 - ovs_agent
1447 - sriov_agent
1448 - netns_cleanup_cron
1449 content: |
1450 # neutron-rootwrap command filters for nodes on which neutron is
1451 # expected to control network
1452 #
1453 # This file should be owned by (and only-writeable by) the root user
1454
1455 # format seems to be
1456 # cmd-name: filter-name, raw-command, user, args
1457
1458 [Filters]
1459
1460 # dhcp-agent
1461 dnsmasq: CommandFilter, dnsmasq, root
1462 # dhcp-agent uses kill as well, that's handled by the generic KillFilter
1463 # it looks like these are the only signals needed, per
1464 # neutron/agent/linux/dhcp.py
1465 kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP, -15
1466 kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP, -15
1467
1468 ovs-vsctl: CommandFilter, ovs-vsctl, root
1469 ivs-ctl: CommandFilter, ivs-ctl, root
1470 mm-ctl: CommandFilter, mm-ctl, root
1471 dhcp_release: CommandFilter, dhcp_release, root
1472 dhcp_release6: CommandFilter, dhcp_release6, root
1473
1474 # metadata proxy
1475 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
1476 # RHEL invocation of the metadata proxy will report /usr/bin/python
1477 kill_metadata: KillFilter, root, python, -9
1478 kill_metadata2: KillFilter, root, python2, -9
1479 kill_metadata7: KillFilter, root, python2.7, -9
1480 kill_metadata3: KillFilter, root, python3, -9
1481 kill_metadata35: KillFilter, root, python3.5, -9
1482 kill_metadata36: KillFilter, root, python3.6, -9
1483 kill_metadata37: KillFilter, root, python3.7, -9
1484
1485 # ip_lib
1486 ip: IpFilter, ip, root
1487 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1488 ip_exec: IpNetnsExecFilter, ip, root
1489 ebtables:
1490 pods:
1491 - dhcp_agent
1492 - l3_agent
1493 - lb_agent
1494 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1495 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1496 - ovs_agent
1497 - sriov_agent
1498 content: |
1499 # neutron-rootwrap command filters for nodes on which neutron is
1500 # expected to control network
1501 #
1502 # This file should be owned by (and only-writeable by) the root user
1503
1504 # format seems to be
1505 # cmd-name: filter-name, raw-command, user, args
1506
1507 [Filters]
1508
1509 ebtables: CommandFilter, ebtables, root
1510 iptables_firewall:
1511 pods:
1512 - dhcp_agent
1513 - l3_agent
1514 - lb_agent
1515 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1516 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1517 - ovs_agent
1518 - sriov_agent
1519 content: |
1520 # neutron-rootwrap command filters for nodes on which neutron is
1521 # expected to control network
1522 #
1523 # This file should be owned by (and only-writeable by) the root user
1524
1525 # format seems to be
1526 # cmd-name: filter-name, raw-command, user, args
1527
1528 [Filters]
1529
1530 # neutron/agent/linux/iptables_firewall.py
1531 # "iptables-save", ...
1532 iptables-save: CommandFilter, iptables-save, root
1533 iptables-restore: CommandFilter, iptables-restore, root
1534 ip6tables-save: CommandFilter, ip6tables-save, root
1535 ip6tables-restore: CommandFilter, ip6tables-restore, root
1536
1537 # neutron/agent/linux/iptables_firewall.py
1538 # "iptables", "-A", ...
1539 iptables: CommandFilter, iptables, root
1540 ip6tables: CommandFilter, ip6tables, root
1541
1542 # neutron/agent/linux/iptables_firewall.py
1543 sysctl: CommandFilter, sysctl, root
1544
1545 # neutron/agent/linux/ip_conntrack.py
1546 conntrack: CommandFilter, conntrack, root
1547 linuxbridge_plugin:
1548 pods:
1549 - dhcp_agent
1550 - l3_agent
1551 - lb_agent
1552 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1553 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1554 - ovs_agent
1555 - sriov_agent
1556 content: |
1557 # neutron-rootwrap command filters for nodes on which neutron is
1558 # expected to control network
1559 #
1560 # This file should be owned by (and only-writeable by) the root user
1561
1562 # format seems to be
1563 # cmd-name: filter-name, raw-command, user, args
1564
1565 [Filters]
1566
1567 # linuxbridge-agent
1568 # unclear whether both variants are necessary, but I'm transliterating
1569 # from the old mechanism
1570 brctl: CommandFilter, brctl, root
1571 bridge: CommandFilter, bridge, root
1572
1573 # ip_lib
1574 ip: IpFilter, ip, root
1575 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1576 ip_exec: IpNetnsExecFilter, ip, root
1577
1578 # tc commands needed for QoS support
1579 tc_replace_tbf: RegExpFilter, tc, root, tc, qdisc, replace, dev, .+, root, tbf, rate, .+, latency, .+, burst, .+
1580 tc_add_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress, handle, .+
1581 tc_delete: RegExpFilter, tc, root, tc, qdisc, del, dev, .+, .+
1582 tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
1583 tc_show_filters: RegExpFilter, tc, root, tc, filter, show, dev, .+, parent, .+
1584 tc_add_filter: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, all, prio, .+, basic, police, rate, .+, burst, .+, mtu, .+, drop
1585 openvswitch_plugin:
1586 pods:
1587 - dhcp_agent
1588 - l3_agent
1589 - lb_agent
1590 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1591 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1592 - ovs_agent
1593 - sriov_agent
1594 content: |
1595 # neutron-rootwrap command filters for nodes on which neutron is
1596 # expected to control network
1597 #
1598 # This file should be owned by (and only-writeable by) the root user
1599
1600 # format seems to be
1601 # cmd-name: filter-name, raw-command, user, args
1602
1603 [Filters]
1604
1605 # openvswitch-agent
1606 # unclear whether both variants are necessary, but I'm transliterating
1607 # from the old mechanism
1608 ovs-vsctl: CommandFilter, ovs-vsctl, root
1609 # NOTE(yamamoto): of_interface=native doesn't use ovs-ofctl
1610 ovs-ofctl: CommandFilter, ovs-ofctl, root
1611 ovs-appctl: CommandFilter, ovs-appctl, root
1612 kill_ovsdb_client: KillFilter, root, /usr/bin/ovsdb-client, -9
1613 ovsdb-client: CommandFilter, ovsdb-client, root
1614 xe: CommandFilter, xe, root
1615
1616 # ip_lib
1617 ip: IpFilter, ip, root
1618 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1619 ip_exec: IpNetnsExecFilter, ip, root
1620
1621 # needed for FDB extension
1622 bridge: CommandFilter, bridge, root
1623 privsep:
1624 pods:
1625 - dhcp_agent
1626 - l3_agent
1627 - lb_agent
1628 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1629 - ovn_metadata_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1630 - ovs_agent
1631 - sriov_agent
1632 - netns_cleanup_cron
1633 content: |
1634 # Command filters to allow privsep daemon to be started via rootwrap.
1635 #
1636 # This file should be owned by (and only-writeable by) the root user
1637
1638 [Filters]
1639
1640 # By installing the following, the local admin is asserting that:
1641 #
1642 # 1. The python module load path used by privsep-helper
1643 # command as root (as started by sudo/rootwrap) is trusted.
1644 # 2. Any oslo.config files matching the --config-file
1645 # arguments below are trusted.
1646 # 3. Users allowed to run sudo/rootwrap with this configuration(*) are
1647 # also allowed to invoke python "entrypoint" functions from
1648 # --privsep_context with the additional (possibly root) privileges
1649 # configured for that context.
1650 #
1651 # (*) ie: the user is allowed by /etc/sudoers to run rootwrap as root
1652 #
1653 # In particular, the oslo.config and python module path must not
1654 # be writeable by the unprivileged user.
1655
1656 # oslo.privsep default neutron context
1657 privsep: PathFilter, privsep-helper, root,
1658 --config-file, /etc,
1659 --privsep_context, neutron.privileged.default,
1660 --privsep_sock_path, /
1661
1662 # NOTE: A second `--config-file` arg can also be added above. Since
1663 # many neutron components are installed like that (eg: by devstack).
1664 # Adjust to suit local requirements.
1665 linux_vxlan:
1666 pods:
1667 - bagpipe_bgp
1668 content: |
1669 # bagpipe-bgp-rootwrap command filters for nodes on which bagpipe-bgp is
1670 # expected to control VXLAN Linux Bridge dataplane
1671 #
1672 # This file should be owned by (and only-writeable by) the root user
1673
1674 # format seems to be
1675 # cmd-name: filter-name, raw-command, user, args
1676
1677 [Filters]
1678
1679 #
1680 modprobe: CommandFilter, modprobe, root
1681
1682 #
1683 brctl: CommandFilter, brctl, root
1684 bridge: CommandFilter, bridge, root
1685
1686 # ip_lib
1687 ip: IpFilter, ip, root
1688 ip_exec: IpNetnsExecFilter, ip, root
1689
1690 # shell (for piped commands)
1691 sh: CommandFilter, sh, root
1692 mpls_ovs_dataplane:
1693 pods:
1694 - bagpipe_bgp
1695 content: |
1696 # bagpipe-bgp-rootwrap command filters for nodes on which bagpipe-bgp is
1697 # expected to control MPLS OpenVSwitch dataplane
1698 #
1699 # This file should be owned by (and only-writeable by) the root user
1700
1701 # format seems to be
1702 # cmd-name: filter-name, raw-command, user, args
1703
1704 [Filters]
1705
1706 # openvswitch
1707 ovs-vsctl: CommandFilter, ovs-vsctl, root
1708 ovs-ofctl: CommandFilter, ovs-ofctl, root
1709
1710 # ip_lib
1711 ip: IpFilter, ip, root
1712 ip_exec: IpNetnsExecFilter, ip, root
1713
1714 # shell (for piped commands)
1715 sh: CommandFilter, sh, root
1716 neutron:
1717 DEFAULT:
1718 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
1719 log_config_append: /etc/neutron/logging.conf
1720 # NOTE(portdirect): the bind port should not be defined, and is manipulated
1721 # via the endpoints section.
1722 bind_port: null
1723 default_availability_zones: nova
1724 api_workers: 1
1725 rpc_workers: 4
1726 allow_overlapping_ips: True
1727 state_path: /var/lib/neutron
1728 # core_plugin can be: ml2, calico
1729 core_plugin: ml2
1730 # service_plugin can be: router, odl-router, empty for calico,
1731 # networking_ovn.l3.l3_ovn.OVNL3RouterPlugin for OVN
1732 service_plugins: router
1733 allow_automatic_l3agent_failover: True
1734 l3_ha: True
1735 max_l3_agents_per_router: 2
1736 l3_ha_network_type: vxlan
1737 network_auto_schedule: True
1738 router_auto_schedule: True
1739 # (NOTE)portdirect: if unset this is populated dynamically from the value in
1740 # 'network.backend' to sane defaults.
1741 interface_driver: null
1742 oslo_concurrency:
1743 lock_path: /var/lib/neutron/tmp
1744 database:
1745 max_retries: -1
1746 agent:
1747 root_helper: sudo /var/lib/openstack/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
1748 root_helper_daemon: sudo /var/lib/openstack/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
1749 oslo_messaging_notifications:
1750 driver: messagingv2
1751 oslo_messaging_rabbit:
1752 rabbit_ha_queues: true
1753 oslo_middleware:
1754 enable_proxy_headers_parsing: true
1755 oslo_policy:
1756 policy_file: /etc/neutron/policy.yaml
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]1757 ovn:
1758 enable_distributed_floating_ip: true
1759 ovn_metadata_enabled: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1760 nova:
1761 auth_type: password
1762 auth_version: v3
1763 endpoint_type: internal
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]1764 placement:
1765 auth_type: password
1766 auth_version: v3
1767 endpoint_type: internal
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1768 designate:
1769 auth_type: password
1770 auth_version: v3
1771 endpoint_type: internal
1772 allow_reverse_dns_lookup: true
1773 ironic:
1774 endpoint_type: internal
1775 keystone_authtoken:
1776 memcache_security_strategy: ENCRYPT
1777 auth_type: password
1778 auth_version: v3
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1779 service_type: network
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1780 octavia:
1781 request_poll_timeout: 3000
1782 logging:
1783 loggers:
1784 keys:
1785 - root
1786 - neutron
1787 - neutron_taas
1788 handlers:
1789 keys:
1790 - stdout
1791 - stderr
1792 - "null"
1793 formatters:
1794 keys:
1795 - context
1796 - default
1797 logger_root:
1798 level: WARNING
1799 handlers: 'null'
1800 logger_neutron:
1801 level: INFO
1802 handlers:
1803 - stdout
1804 qualname: neutron
1805 logger_neutron_taas:
1806 level: INFO
1807 handlers:
1808 - stdout
1809 qualname: neutron_taas
1810 logger_amqp:
1811 level: WARNING
1812 handlers: stderr
1813 qualname: amqp
1814 logger_amqplib:
1815 level: WARNING
1816 handlers: stderr
1817 qualname: amqplib
1818 logger_eventletwsgi:
1819 level: WARNING
1820 handlers: stderr
1821 qualname: eventlet.wsgi.server
1822 logger_sqlalchemy:
1823 level: WARNING
1824 handlers: stderr
1825 qualname: sqlalchemy
1826 logger_boto:
1827 level: WARNING
1828 handlers: stderr
1829 qualname: boto
1830 handler_null:
1831 class: logging.NullHandler
1832 formatter: default
1833 args: ()
1834 handler_stdout:
1835 class: StreamHandler
1836 args: (sys.stdout,)
1837 formatter: context
1838 handler_stderr:
1839 class: StreamHandler
1840 args: (sys.stderr,)
1841 formatter: context
1842 formatter_context:
1843 class: oslo_log.formatters.ContextFormatter
1844 datefmt: "%Y-%m-%d %H:%M:%S"
1845 formatter_default:
1846 format: "%(message)s"
1847 datefmt: "%Y-%m-%d %H:%M:%S"
1848 plugins:
1849 ml2_conf:
1850 ml2:
1851 extension_drivers: port_security
1852 # (NOTE)portdirect: if unset this is populated dyanmicly from the value
1853 # in 'network.backend' to sane defaults.
1854 mechanism_drivers: null
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1855 type_drivers: flat,vlan,vxlan,local
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1856 tenant_network_types: vxlan
1857 ml2_type_vxlan:
1858 vni_ranges: 1:1000
1859 vxlan_group: 239.1.1.1
1860 ml2_type_flat:
1861 flat_networks: "*"
1862 # If you want to use the external network as a tagged provider network,
1863 # a range should be specified including the intended VLAN target
1864 # using ml2_type_vlan.network_vlan_ranges:
1865 # ml2_type_vlan:
1866 # network_vlan_ranges: "external:1100:1110"
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]1867 ml2_type_geneve:
1868 vni_ranges: 1:65536
1869 max_header_size: 38
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1870 agent:
1871 extensions: ""
1872 ml2_conf_sriov: null
1873 taas:
1874 taas:
1875 enabled: False
1876 openvswitch_agent:
1877 agent:
1878 tunnel_types: vxlan
1879 l2_population: True
1880 arp_responder: True
1881 ovs:
1882 bridge_mappings: "external:br-ex"
1883 securitygroup:
1884 firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
1885 linuxbridge_agent:
1886 linux_bridge:
1887 # To define Flat and VLAN connections, in LB we can assign
1888 # specific interface to the flat/vlan network name using:
1889 # physical_interface_mappings: "external:eth3"
1890 # Or we can set the mapping between the network and bridge:
1891 bridge_mappings: "external:br-ex"
1892 # The two above options are exclusive, do not use both of them at once
1893 securitygroup:
1894 firewall_driver: iptables
1895 vxlan:
1896 l2_population: True
1897 arp_responder: True
1898 macvtap_agent: null
1899 sriov_agent:
1900 securitygroup:
1901 firewall_driver: neutron.agent.firewall.NoopFirewallDriver
1902 sriov_nic:
1903 physical_device_mappings: physnet2:enp3s0f1
1904 # NOTE: do not use null here, use an empty string
1905 exclude_devices: ""
1906 dhcp_agent:
1907 DEFAULT:
1908 # (NOTE)portdirect: if unset this is populated dyanmicly from the value in
1909 # 'network.backend' to sane defaults.
1910 interface_driver: null
1911 dnsmasq_config_file: /etc/neutron/dnsmasq.conf
1912 force_metadata: True
1913 dnsmasq: |
1914 #no-hosts
1915 #port=5353
1916 #cache-size=500
1917 #no-negcache
1918 #dns-forward-max=100
1919 #resolve-file=
1920 #strict-order
1921 #bind-interface
1922 #bind-dynamic
1923 #domain=
1924 #dhcp-range=10.10.10.10,10.10.10.100,24h
1925 #dhcp-lease-max=150
1926 #dhcp-host=11:22:33:44:55:66,ignore
1927 #dhcp-option=3,10.10.10.1
1928 #dhcp-option-force=26,1450
1929
1930 l3_agent:
1931 DEFAULT:
1932 # (NOTE)portdirect: if unset this is populated dyanmicly from the value in
1933 # 'network.backend' to sane defaults.
1934 interface_driver: null
1935 agent_mode: legacy
1936 metering_agent: null
1937 metadata_agent:
1938 DEFAULT:
1939 # we cannot change the proxy socket path as it is declared
1940 # as a hostPath volume from agent daemonsets
1941 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
1942 metadata_proxy_shared_secret: "password"
1943 cache:
1944 enabled: true
1945 backend: dogpile.cache.memcached
1946 bagpipe_bgp: {}
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]1947 ovn_metadata_agent:
1948 DEFAULT:
1949 # we cannot change the proxy socket path as it is declared
1950 # as a hostPath volume from agent daemonsets
1951 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
1952 metadata_proxy_shared_secret: "password"
1953 metadata_workers: 2
1954 cache:
1955 enabled: true
1956 backend: dogpile.cache.memcached
1957 ovs:
1958 ovsdb_connection: unix:/run/openvswitch/db.sock
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1959
1960 rabbitmq:
1961 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
1962 policies:
1963 - vhost: "neutron"
1964 name: "ha_ttl_neutron"
1965 definition:
1966 # mirror messges to other nodes in rmq cluster
1967 ha-mode: "all"
1968 ha-sync-mode: "automatic"
1969 # 70s
1970 message-ttl: 70000
1971 priority: 0
1972 apply-to: all
1973 pattern: '^(?!(amq\.|reply_)).*'
1974 ## NOTE: "besteffort" is meant for dev env with mixed compute type only.
1975 ## This helps prevent sriov init script from failing due to mis-matched NIC
1976 ## For prod env, target NIC should match and init script should fail otherwise.
1977 ## sriov_init:
1978 ## - besteffort
1979 sriov_init:
1980 -
1981 # auto_bridge_add is a table of "bridge: interface" pairs
1982 # To automatically add a physical interfaces to a specific bridges,
1983 # for example eth3 to bridge br-physnet1, if0 to br0 and iface_two
1984 # to br1 do something like:
1985 #
1986 # auto_bridge_add:
1987 # br-physnet1: eth3
1988 # br0: if0
1989 # br1: iface_two
1990 # br-ex will be added by default
1991 auto_bridge_add:
1992 br-ex: null
1993
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]1994 # Network off-loading configuration
1995 netoffload:
ricolin18e6fd32023-07-17 06:17:15 +0000[diff] [blame]1996 enabled: false
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]1997 asap2:
1998 # - dev: enp97s0f0
1999 # vfs: 16
2000
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2001 # configuration of OVS DPDK bridges and NICs
2002 # this is a separate section and not part of the auto_bridge_add section
2003 # because additional parameters are needed
2004 ovs_dpdk:
2005 enabled: false
2006 # setting update_dpdk_bond_config to true will have default behavior,
2007 # which may cause disruptions in ovs dpdk traffic in case of neutron
2008 # ovs agent restart or when dpdk nic/bond configurations are changed.
2009 # Setting this to false will configure dpdk in the first run and
2010 # disable nic/bond config on event of restart or config update.
2011 update_dpdk_bond_config: true
2012 driver: uio_pci_generic
2013 # In case bonds are configured, the nics which are part of those bonds
2014 # must NOT be provided here.
2015 nics:
2016 - name: dpdk0
2017 pci_id: '0000:05:00.0'
2018 # Set VF Index in case some particular VF(s) need to be
2019 # used with ovs-dpdk.
2020 # vf_index: 0
2021 bridge: br-phy
2022 migrate_ip: true
2023 n_rxq: 2
2024 n_txq: 2
2025 pmd_rxq_affinity: "0:3,1:27"
2026 ofport_request: 1
2027 # optional parameters for tuning the OVS DPDK config
2028 # in alignment with the available hardware resources
2029 # mtu: 2000
2030 # n_rxq_size: 1024
2031 # n_txq_size: 1024
2032 # vhost-iommu-support: true
2033 bridges:
2034 - name: br-phy
2035 # optional parameter, in case tunnel traffic needs to be transported over a vlan underlay
2036 # - tunnel_underlay_vlan: 45
2037 # Optional parameter for configuring bonding in OVS-DPDK
2038 # - name: br-phy-bond0
2039 # bonds:
2040 # - name: dpdkbond0
2041 # bridge: br-phy-bond0
2042 # # The IP from the first nic in nics list shall be used
2043 # migrate_ip: true
2044 # mtu: 2000
2045 # # Please note that n_rxq is set for each NIC individually
2046 # # rather than denoting the total number of rx queues for
2047 # # the bond as a whole. So setting n_rxq = 2 below for ex.
2048 # # would be 4 rx queues in total for the bond.
2049 # # Same for n_txq
2050 # n_rxq: 2
2051 # n_txq: 2
2052 # ofport_request: 1
2053 # n_rxq_size: 1024
2054 # n_txq_size: 1024
2055 # vhost-iommu-support: true
2056 # ovs_options: "bond_mode=active-backup"
2057 # nics:
2058 # - name: dpdk_b0s0
2059 # pci_id: '0000:06:00.0'
2060 # pmd_rxq_affinity: "0:3,1:27"
2061 # # Set VF Index in case some particular VF(s) need to be
2062 # # used with ovs-dpdk. In which case pci_id of PF must be
2063 # # provided above.
2064 # # vf_index: 0
2065 # - name: dpdk_b0s1
2066 # pci_id: '0000:07:00.0'
2067 # pmd_rxq_affinity: "0:3,1:27"
2068 # # Set VF Index in case some particular VF(s) need to be
2069 # # used with ovs-dpdk. In which case pci_id of PF must be
2070 # # provided above.
2071 # # vf_index: 0
2072 #
2073 # Set the log level for each target module (default level is always dbg)
2074 # Supported log levels are: off, emer, err, warn, info, dbg
2075 #
2076 # modules:
2077 # - name: dpdk
2078 # log_level: info
2079
2080# Names of secrets used by bootstrap and environmental checks
2081secrets:
2082 identity:
2083 admin: neutron-keystone-admin
2084 neutron: neutron-keystone-user
2085 test: neutron-keystone-test
2086 oslo_db:
2087 admin: neutron-db-admin
2088 neutron: neutron-db-user
2089 oslo_messaging:
2090 admin: neutron-rabbitmq-admin
2091 neutron: neutron-rabbitmq-user
2092 tls:
2093 compute_metadata:
2094 metadata:
2095 internal: metadata-tls-metadata
2096 network:
2097 server:
2098 public: neutron-tls-public
2099 internal: neutron-tls-server
2100 oci_image_registry:
2101 neutron: neutron-oci-image-registry
2102
2103# typically overridden by environmental
2104# values, but should include all endpoints
2105# required by this chart
2106endpoints:
2107 cluster_domain_suffix: cluster.local
2108 local_image_registry:
2109 name: docker-registry
2110 namespace: docker-registry
2111 hosts:
2112 default: localhost
2113 internal: docker-registry
2114 node: localhost
2115 host_fqdn_override:
2116 default: null
2117 port:
2118 registry:
2119 node: 5000
2120 oci_image_registry:
2121 name: oci-image-registry
2122 namespace: oci-image-registry
2123 auth:
2124 enabled: false
2125 neutron:
2126 username: neutron
2127 password: password
2128 hosts:
2129 default: localhost
2130 host_fqdn_override:
2131 default: null
2132 port:
2133 registry:
2134 default: null
2135 oslo_db:
2136 auth:
2137 admin:
2138 username: root
2139 password: password
2140 secret:
2141 tls:
2142 internal: mariadb-tls-direct
2143 neutron:
2144 username: neutron
2145 password: password
2146 hosts:
2147 default: mariadb
2148 host_fqdn_override:
2149 default: null
2150 path: /neutron
2151 scheme: mysql+pymysql
2152 port:
2153 mysql:
2154 default: 3306
2155 oslo_messaging:
2156 auth:
2157 admin:
2158 username: rabbitmq
2159 password: password
2160 secret:
2161 tls:
2162 internal: rabbitmq-tls-direct
2163 neutron:
2164 username: neutron
2165 password: password
2166 statefulset:
2167 replicas: 2
2168 name: rabbitmq-rabbitmq
2169 hosts:
2170 default: rabbitmq
2171 host_fqdn_override:
2172 default: null
2173 path: /neutron
2174 scheme: rabbit
2175 port:
2176 amqp:
2177 default: 5672
2178 http:
2179 default: 15672
2180 oslo_cache:
2181 auth:
2182 # NOTE(portdirect): this is used to define the value for keystone
2183 # authtoken cache encryption key, if not set it will be populated
2184 # automatically with a random value, but to take advantage of
2185 # this feature all services should be set to use the same key,
2186 # and memcache service.
2187 memcache_secret_key: null
2188 hosts:
2189 default: memcached
2190 host_fqdn_override:
2191 default: null
2192 port:
2193 memcache:
2194 default: 11211
2195 compute:
2196 name: nova
2197 hosts:
2198 default: nova-api
2199 public: nova
2200 host_fqdn_override:
2201 default: null
2202 path:
2203 default: "/v2.1/%(tenant_id)s"
2204 scheme:
2205 default: 'http'
2206 port:
2207 api:
2208 default: 8774
2209 public: 80
2210 novncproxy:
2211 default: 6080
2212 compute_metadata:
2213 name: nova
2214 hosts:
2215 default: nova-metadata
2216 public: metadata
2217 host_fqdn_override:
2218 default: null
2219 path:
2220 default: /
2221 scheme:
2222 default: 'http'
2223 port:
2224 metadata:
2225 default: 8775
2226 public: 80
2227 identity:
2228 name: keystone
2229 auth:
2230 admin:
2231 region_name: RegionOne
2232 username: admin
2233 password: password
2234 project_name: admin
2235 user_domain_name: default
2236 project_domain_name: default
2237 neutron:
2238 role: admin
2239 region_name: RegionOne
2240 username: neutron
2241 password: password
2242 project_name: service
2243 user_domain_name: service
2244 project_domain_name: service
2245 nova:
2246 region_name: RegionOne
2247 project_name: service
2248 username: nova
2249 password: password
2250 user_domain_name: service
2251 project_domain_name: service
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]2252 placement:
2253 region_name: RegionOne
2254 project_name: service
2255 username: placement
2256 password: password
2257 user_domain_name: service
2258 project_domain_name: service
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2259 designate:
2260 region_name: RegionOne
2261 project_name: service
2262 username: designate
2263 password: password
2264 user_domain_name: service
2265 project_domain_name: service
2266 ironic:
2267 region_name: RegionOne
2268 project_name: service
2269 username: ironic
2270 password: password
2271 user_domain_name: service
2272 project_domain_name: service
2273 test:
2274 role: admin
2275 region_name: RegionOne
2276 username: neutron-test
2277 password: password
2278 # NOTE: this project will be purged and reset if
2279 # conf.rally_tests.force_project_purge is set to true
2280 # which may be required upon test failure, but be aware that this will
2281 # expunge all openstack objects, so if this is used a seperate project
2282 # should be used for each helm test, and also it should be ensured
2283 # that this project is not in use by other tenants
2284 project_name: test
2285 user_domain_name: service
2286 project_domain_name: service
2287 hosts:
2288 default: keystone
2289 internal: keystone-api
2290 host_fqdn_override:
2291 default: null
2292 path:
2293 default: /v3
2294 scheme:
2295 default: http
2296 port:
2297 api:
2298 default: 80
2299 internal: 5000
2300 network:
2301 name: neutron
2302 hosts:
2303 default: neutron-server
2304 public: neutron
2305 host_fqdn_override:
2306 default: null
2307 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
2308 # endpoints using the following format:
2309 # public:
2310 # host: null
2311 # tls:
2312 # crt: null
2313 # key: null
2314 path:
2315 default: null
2316 scheme:
2317 default: 'http'
2318 service: 'http'
2319 port:
2320 api:
2321 default: 9696
2322 public: 80
2323 service: 9696
2324 load_balancer:
2325 name: octavia
2326 hosts:
2327 default: octavia-api
2328 public: octavia
2329 host_fqdn_override:
2330 default: null
2331 path:
2332 default: null
2333 scheme:
2334 default: http
2335 port:
2336 api:
2337 default: 9876
2338 public: 80
2339 fluentd:
2340 namespace: osh-infra
2341 name: fluentd
2342 hosts:
2343 default: fluentd-logging
2344 host_fqdn_override:
2345 default: null
2346 path:
2347 default: null
2348 scheme: 'http'
2349 port:
2350 service:
2351 default: 24224
2352 metrics:
2353 default: 24220
2354 dns:
2355 name: designate
2356 hosts:
2357 default: designate-api
2358 public: designate
2359 host_fqdn_override:
2360 default: null
2361 path:
2362 default: /
2363 scheme:
2364 default: 'http'
2365 port:
2366 api:
2367 default: 9001
2368 public: 80
2369 baremetal:
2370 name: ironic
2371 hosts:
2372 default: ironic-api
2373 public: ironic
2374 host_fqdn_override:
2375 default: null
2376 path:
2377 default: null
2378 scheme:
2379 default: 'http'
2380 port:
2381 api:
2382 default: 6385
2383 public: 80
2384 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
2385 # They are using to enable the Egress K8s network policy.
2386 kube_dns:
2387 namespace: kube-system
2388 name: kubernetes-dns
2389 hosts:
2390 default: kube-dns
2391 host_fqdn_override:
2392 default: null
2393 path:
2394 default: null
2395 scheme: http
2396 port:
2397 dns:
2398 default: 53
2399 protocol: UDP
2400 ingress:
2401 namespace: null
2402 name: ingress
2403 hosts:
2404 default: ingress
2405 port:
2406 ingress:
2407 default: 80
2408
2409network_policy:
2410 neutron:
2411 # TODO(lamt): Need to tighten this ingress for security.
2412 ingress:
2413 - {}
2414 egress:
2415 - {}
2416
2417helm3_hook: true
2418
2419health_probe:
2420 logging:
2421 level: ERROR
2422
2423tls:
2424 identity: false
2425 oslo_messaging: false
2426 oslo_db: false
2427
2428manifests:
2429 certificates: false
2430 configmap_bin: true
2431 configmap_etc: true
2432 daemonset_dhcp_agent: true
2433 daemonset_l3_agent: true
2434 daemonset_lb_agent: true
2435 daemonset_metadata_agent: true
2436 daemonset_ovs_agent: true
2437 daemonset_sriov_agent: true
2438 daemonset_l2gw_agent: false
2439 daemonset_bagpipe_bgp: false
2440 daemonset_netns_cleanup_cron: true
2441 deployment_ironic_agent: false
2442 deployment_server: true
2443 ingress_server: true
2444 job_bootstrap: true
2445 job_db_init: true
2446 job_db_sync: true
2447 job_db_drop: false
2448 job_image_repo_sync: true
2449 job_ks_endpoints: true
2450 job_ks_service: true
2451 job_ks_user: true
2452 job_rabbit_init: true
2453 pdb_server: true
2454 pod_rally_test: true
2455 network_policy: false
2456 secret_db: true
2457 secret_ingress_tls: true
2458 secret_keystone: true
2459 secret_rabbitmq: true
2460 secret_registry: true
2461 service_ingress_server: true
2462 service_server: true
2463...