Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / c6a9829eebf60762d9cad31a72d66e99e5977050 / . / charts / neutron / values.yaml
blob: 83e34c088e8360c11c2f81c07fd0b050f8838681 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for neutron.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21images:
22 tags:
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]23 bootstrap: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]24 test: docker.io/xrally/xrally-openstack:2.0.0
25 purge_test: docker.io/openstackhelm/ospurge:latest
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]26 db_init: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
27 neutron_db_sync: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
28 db_drop: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
29 rabbit_init: docker.io/rabbitmq:3.13-management
30 ks_user: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
31 ks_service: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
32 ks_endpoints: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]33 netoffload: ghcr.io/vexxhost/netoffload:v1.0.1
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]34 neutron_server: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]35 neutron_policy_server: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]36 neutron_rpc_server: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
37 neutron_dhcp: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
38 neutron_metadata: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
39 neutron_ovn_metadata: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]40 neutron_ovn_vpn: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]41 neutron_l3: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
42 neutron_l2gw: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
43 neutron_openvswitch_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
44 neutron_linuxbridge_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]45 neutron_sriov_agent: docker.io/openstackhelm/neutron:stein-18.04-sriov
46 neutron_sriov_agent_init: docker.io/openstackhelm/neutron:stein-18.04-sriov
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]47 neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
48 neutron_bgp_dragent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Dong Macd00c3d2025-01-16 09:57:50 +0000[diff] [blame]49 neutron_ironic_agent_init: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]50 neutron_ironic_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
51 neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]52 dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]53 image_repo_sync: docker.io/docker:17.07.0
54 pull_policy: "IfNotPresent"
55 local_registry:
56 active: false
57 exclude:
58 - dep_check
59 - image_repo_sync
60
61labels:
62 agent:
63 dhcp:
64 node_selector_key: openstack-control-plane
65 node_selector_value: enabled
66 l3:
67 node_selector_key: openstack-control-plane
68 node_selector_value: enabled
69 metadata:
70 node_selector_key: openstack-control-plane
71 node_selector_value: enabled
72 l2gw:
73 node_selector_key: openstack-control-plane
74 node_selector_value: enabled
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]75 ovn_vpn:
76 node_selector_key: openstack-control-plane
77 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]78 job:
79 node_selector_key: openstack-control-plane
80 node_selector_value: enabled
81 lb:
82 node_selector_key: linuxbridge
83 node_selector_value: enabled
84 # openvswitch is a special case, requiring a special
85 # label that can apply to both control hosts
86 # and compute hosts, until we get more sophisticated
87 # with our daemonset scheduling
88 ovs:
89 node_selector_key: openvswitch
90 node_selector_value: enabled
91 sriov:
92 node_selector_key: sriov
93 node_selector_value: enabled
94 bagpipe_bgp:
95 node_selector_key: openstack-compute-node
96 node_selector_value: enabled
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]97 bgp_dragent:
98 node_selector_key: openstack-compute-node
99 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]100 server:
101 node_selector_key: openstack-control-plane
102 node_selector_value: enabled
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]103 rpc_server:
104 node_selector_key: openstack-control-plane
105 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]106 ironic_agent:
107 node_selector_key: openstack-control-plane
108 node_selector_value: enabled
109 netns_cleanup_cron:
110 node_selector_key: openstack-control-plane
111 node_selector_value: enabled
112 test:
113 node_selector_key: openstack-control-plane
114 node_selector_value: enabled
115
116network:
117 # provide what type of network wiring will be used
118 backend:
119 - openvswitch
120 # NOTE(Portdirect): Share network namespaces with the host,
121 # allowing agents to be restarted without packet loss and simpler
122 # debugging. This feature requires mount propagation support.
123 share_namespaces: true
124 interface:
125 # Tunnel interface will be used for VXLAN tunneling.
126 tunnel: null
127 # If tunnel is null there is a fallback mechanism to search
128 # for interface with routing using tunnel network cidr.
129 tunnel_network_cidr: "0/0"
130 # To perform setup of network interfaces using the SR-IOV init
131 # container you can use a section similar to:
132 # sriov:
133 # - device: ${DEV}
134 # num_vfs: 8
135 # mtu: 9214
136 # promisc: false
137 # qos:
138 # - vf_num: 0
139 # share: 10
140 # queues_per_vf:
141 # - num_queues: 16
142 # exclude_vf: 0,11,21
143 server:
144 ingress:
145 public: true
146 classes:
147 namespace: "nginx"
148 cluster: "nginx-cluster"
149 annotations:
150 nginx.ingress.kubernetes.io/rewrite-target: /
151 external_policy_local: false
152 node_port:
153 enabled: false
154 port: 30096
155
156bootstrap:
157 enabled: false
158 ks_user: neutron
159 script: |
160 openstack token issue
161
162dependencies:
163 dynamic:
164 common:
165 local_image_registry:
166 jobs:
167 - neutron-image-repo-sync
168 services:
169 - endpoint: node
170 service: local_image_registry
171 targeted:
172 sriov: {}
173 l2gateway: {}
174 bagpipe_bgp: {}
Mohammed Naserfd8edcc2023-09-06 22:32:16 +0000[diff] [blame]175 ovn:
176 server:
177 pod: null
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]178 bgp_dragent: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]179 openvswitch:
180 dhcp:
181 pod:
182 - requireSameNode: true
183 labels:
184 application: neutron
185 component: neutron-ovs-agent
186 l3:
187 pod:
188 - requireSameNode: true
189 labels:
190 application: neutron
191 component: neutron-ovs-agent
192 metadata:
193 pod:
194 - requireSameNode: true
195 labels:
196 application: neutron
197 component: neutron-ovs-agent
198 linuxbridge:
199 dhcp:
200 pod:
201 - requireSameNode: true
202 labels:
203 application: neutron
204 component: neutron-lb-agent
205 l3:
206 pod:
207 - requireSameNode: true
208 labels:
209 application: neutron
210 component: neutron-lb-agent
211 metadata:
212 pod:
213 - requireSameNode: true
214 labels:
215 application: neutron
216 component: neutron-lb-agent
217 lb_agent:
218 pod: null
219 static:
220 bootstrap:
221 services:
222 - endpoint: internal
223 service: network
224 - endpoint: internal
225 service: compute
226 db_drop:
227 services:
228 - endpoint: internal
229 service: oslo_db
230 db_init:
231 services:
232 - endpoint: internal
233 service: oslo_db
234 db_sync:
235 jobs:
236 - neutron-db-init
237 services:
238 - endpoint: internal
239 service: oslo_db
240 dhcp:
241 pod: null
242 jobs:
243 - neutron-rabbit-init
244 services:
245 - endpoint: internal
246 service: oslo_messaging
247 - endpoint: internal
248 service: network
249 - endpoint: internal
250 service: compute
251 ks_endpoints:
252 jobs:
253 - neutron-ks-service
254 services:
255 - endpoint: internal
256 service: identity
257 ks_service:
258 services:
259 - endpoint: internal
260 service: identity
261 ks_user:
262 services:
263 - endpoint: internal
264 service: identity
265 rabbit_init:
266 services:
267 - service: oslo_messaging
268 endpoint: internal
269 l3:
270 pod: null
271 jobs:
272 - neutron-rabbit-init
273 services:
274 - endpoint: internal
275 service: oslo_messaging
276 - endpoint: internal
277 service: network
278 - endpoint: internal
279 service: compute
280 lb_agent:
281 pod: null
282 jobs:
283 - neutron-rabbit-init
284 services:
285 - endpoint: internal
286 service: oslo_messaging
287 - endpoint: internal
288 service: network
289 metadata:
290 pod: null
291 jobs:
292 - neutron-rabbit-init
293 services:
294 - endpoint: internal
295 service: oslo_messaging
296 - endpoint: internal
297 service: network
298 - endpoint: internal
299 service: compute
300 - endpoint: public
301 service: compute_metadata
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]302 ovn_metadata:
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]303 pod:
304 - requireSameNode: true
305 labels:
306 application: ovn
307 component: ovn-controller
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]308 services:
309 - endpoint: internal
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]310 service: compute_metadata
Mohammed Naserfd8edcc2023-09-06 22:32:16 +0000[diff] [blame]311 - endpoint: internal
312 service: network
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]313 ovn_vpn_agent:
314 pod:
315 - requireSameNode: true
316 labels:
317 application: ovn
318 component: ovn-controller
319 services:
320 - endpoint: internal
321 service: oslo_messaging
322 - endpoint: internal
323 service: network
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]324 ovs_agent:
325 jobs:
326 - neutron-rabbit-init
327 pod:
328 - requireSameNode: true
329 labels:
330 application: openvswitch
331 component: server
332 services:
333 - endpoint: internal
334 service: oslo_messaging
335 - endpoint: internal
336 service: network
337 server:
338 jobs:
339 - neutron-db-sync
340 - neutron-ks-user
341 - neutron-ks-endpoints
342 - neutron-rabbit-init
343 services:
344 - endpoint: internal
345 service: oslo_db
346 - endpoint: internal
347 service: oslo_messaging
348 - endpoint: internal
349 service: oslo_cache
350 - endpoint: internal
351 service: identity
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]352 rpc_server:
353 jobs:
354 - neutron-db-sync
355 - neutron-rabbit-init
356 services:
357 - endpoint: internal
358 service: oslo_db
359 - endpoint: internal
360 service: oslo_messaging
361 - endpoint: internal
362 service: oslo_cache
363 - endpoint: internal
364 service: identity
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]365 ironic_agent:
366 jobs:
367 - neutron-db-sync
368 - neutron-ks-user
369 - neutron-ks-endpoints
370 - neutron-rabbit-init
371 services:
372 - endpoint: internal
373 service: oslo_db
374 - endpoint: internal
375 service: oslo_messaging
376 - endpoint: internal
377 service: oslo_cache
378 - endpoint: internal
379 service: identity
380 tests:
381 services:
382 - endpoint: internal
383 service: network
384 - endpoint: internal
385 service: compute
386 image_repo_sync:
387 services:
388 - endpoint: internal
389 service: local_image_registry
390
391pod:
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]392 sidecars:
393 neutron_policy_server: false
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]394 use_fqdn:
395 neutron_agent: true
396 probes:
397 rpc_timeout: 60
398 rpc_retries: 2
399 dhcp_agent:
400 dhcp_agent:
401 readiness:
402 enabled: true
403 params:
404 initialDelaySeconds: 30
405 periodSeconds: 190
406 timeoutSeconds: 185
407 liveness:
408 enabled: true
409 params:
410 initialDelaySeconds: 120
411 periodSeconds: 600
412 timeoutSeconds: 580
413 l3_agent:
414 l3_agent:
415 readiness:
416 enabled: true
417 params:
418 initialDelaySeconds: 30
419 periodSeconds: 190
420 timeoutSeconds: 185
421 liveness:
422 enabled: true
423 params:
424 initialDelaySeconds: 120
425 periodSeconds: 600
426 timeoutSeconds: 580
427 lb_agent:
428 lb_agent:
429 readiness:
430 enabled: true
431 metadata_agent:
432 metadata_agent:
433 readiness:
434 enabled: true
435 params:
436 initialDelaySeconds: 30
437 periodSeconds: 190
438 timeoutSeconds: 185
439 liveness:
440 enabled: true
441 params:
442 initialDelaySeconds: 120
443 periodSeconds: 600
444 timeoutSeconds: 580
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]445 ovn_vpn_agent:
446 ovn_vpn_agent:
447 readiness:
448 enabled: true
449 params:
450 initialDelaySeconds: 30
451 periodSeconds: 190
452 timeoutSeconds: 185
453 liveness:
454 enabled: true
455 params:
456 initialDelaySeconds: 120
457 periodSeconds: 600
458 timeoutSeconds: 580
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]459 ovn_metadata_agent:
460 ovn_metadata_agent:
461 readiness:
462 enabled: true
463 params:
464 initialDelaySeconds: 30
465 periodSeconds: 190
466 timeoutSeconds: 185
467 liveness:
468 enabled: true
469 params:
470 initialDelaySeconds: 120
471 periodSeconds: 600
472 timeoutSeconds: 580
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]473 ovs_agent:
474 ovs_agent:
475 readiness:
476 enabled: true
477 params:
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]478 timeoutSeconds: 10
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]479 liveness:
480 enabled: true
481 params:
482 initialDelaySeconds: 120
483 periodSeconds: 600
484 timeoutSeconds: 580
485 sriov_agent:
486 sriov_agent:
487 readiness:
488 enabled: true
489 params:
490 initialDelaySeconds: 30
491 periodSeconds: 190
492 timeoutSeconds: 185
493 bagpipe_bgp:
494 bagpipe_bgp:
495 readiness:
496 enabled: true
497 params:
498 liveness:
499 enabled: true
500 params:
501 initialDelaySeconds: 60
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]502 bgp_dragent:
503 bgp_dragent:
504 readiness:
505 enabled: false
506 params:
507 liveness:
508 enabled: true
509 params:
510 initialDelaySeconds: 60
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]511 l2gw_agent:
512 l2gw_agent:
513 readiness:
514 enabled: true
515 params:
516 initialDelaySeconds: 30
517 periodSeconds: 15
518 timeoutSeconds: 65
519 liveness:
520 enabled: true
521 params:
522 initialDelaySeconds: 120
523 periodSeconds: 90
524 timeoutSeconds: 70
525 server:
526 server:
527 readiness:
528 enabled: true
529 params:
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]530 periodSeconds: 15
531 timeoutSeconds: 10
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]532 liveness:
533 enabled: true
534 params:
535 initialDelaySeconds: 60
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]536 periodSeconds: 15
537 timeoutSeconds: 10
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]538 rpc_server:
539 rpc_server:
540 readiness:
541 enabled: true
542 params:
543 periodSeconds: 15
544 timeoutSeconds: 10
545 liveness:
546 enabled: true
547 params:
548 initialDelaySeconds: 60
549 periodSeconds: 15
550 timeoutSeconds: 10
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]551 security_context:
552 neutron_dhcp_agent:
553 pod:
554 runAsUser: 42424
555 container:
556 neutron_dhcp_agent:
557 readOnlyRootFilesystem: true
558 privileged: true
559 neutron_l2gw_agent:
560 pod:
561 runAsUser: 42424
562 container:
563 neutron_l2gw_agent:
564 readOnlyRootFilesystem: true
565 privileged: true
566 neutron_bagpipe_bgp:
567 pod:
568 runAsUser: 42424
569 container:
570 neutron_bagpipe_bgp:
571 readOnlyRootFilesystem: true
572 privileged: true
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]573 neutron_bgp_dragent:
574 pod:
575 runAsUser: 42424
576 container:
577 neutron_bgp_dragent:
578 readOnlyRootFilesystem: true
579 privileged: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]580 neutron_l3_agent:
581 pod:
582 runAsUser: 42424
583 container:
584 neutron_l3_agent:
585 readOnlyRootFilesystem: true
586 privileged: true
587 neutron_lb_agent:
588 pod:
589 runAsUser: 42424
590 container:
591 neutron_lb_agent_kernel_modules:
592 capabilities:
593 add:
594 - SYS_MODULE
595 - SYS_CHROOT
596 runAsUser: 0
597 readOnlyRootFilesystem: true
598 neutron_lb_agent_init:
599 privileged: true
600 runAsUser: 0
601 readOnlyRootFilesystem: true
602 neutron_lb_agent:
603 readOnlyRootFilesystem: true
604 privileged: true
605 neutron_metadata_agent:
606 pod:
607 runAsUser: 42424
608 container:
609 neutron_metadata_agent_init:
610 runAsUser: 0
611 readOnlyRootFilesystem: true
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]612 neutron_ovn_metadata_agent:
613 pod:
614 runAsUser: 42424
615 container:
616 neutron_ovn_metadata_agent_init:
617 runAsUser: 0
618 readOnlyRootFilesystem: true
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]619 ovn_vpn_agent:
620 pod:
621 runAsUser: 42424
622 container:
623 ovn_vpn_agent_init:
624 runAsUser: 0
625 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]626 neutron_ovs_agent:
627 pod:
628 runAsUser: 42424
629 container:
630 neutron_openvswitch_agent_kernel_modules:
631 capabilities:
632 add:
633 - SYS_MODULE
634 - SYS_CHROOT
635 runAsUser: 0
636 readOnlyRootFilesystem: true
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]637 netoffload:
638 privileged: true
639 runAsUser: 0
640 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]641 neutron_ovs_agent_init:
642 privileged: true
643 runAsUser: 0
644 readOnlyRootFilesystem: true
645 neutron_ovs_agent:
646 readOnlyRootFilesystem: true
647 privileged: true
648 neutron_server:
649 pod:
650 runAsUser: 42424
651 container:
652 nginx:
653 runAsUser: 0
654 readOnlyRootFilesystem: false
655 neutron_server:
656 allowPrivilegeEscalation: false
657 readOnlyRootFilesystem: true
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]658 neutron_policy_server:
659 allowPrivilegeEscalation: false
660 readOnlyRootFilesystem: true
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]661 neutron_rpc_server:
662 pod:
663 runAsUser: 42424
664 container:
665 neutron_rpc_server:
666 allowPrivilegeEscalation: false
667 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]668 neutron_sriov_agent:
669 pod:
670 runAsUser: 42424
671 container:
672 neutron_sriov_agent_init:
673 privileged: true
674 runAsUser: 0
675 readOnlyRootFilesystem: false
676 neutron_sriov_agent:
677 readOnlyRootFilesystem: true
678 privileged: true
679 neutron_ironic_agent:
680 pod:
681 runAsUser: 42424
682 container:
Dong Macd00c3d2025-01-16 09:57:50 +0000[diff] [blame]683 neutron_ironic_agent_init:
684 runAsUser: 0
685 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]686 neutron_ironic_agent:
687 allowPrivilegeEscalation: false
688 readOnlyRootFilesystem: true
689 neutron_netns_cleanup_cron:
690 pod:
691 runAsUser: 42424
692 container:
693 neutron_netns_cleanup_cron:
694 readOnlyRootFilesystem: true
695 privileged: true
696 affinity:
697 anti:
698 type:
699 default: preferredDuringSchedulingIgnoredDuringExecution
700 topologyKey:
701 default: kubernetes.io/hostname
702 weight:
703 default: 10
704 tolerations:
705 neutron:
706 enabled: false
707 tolerations:
708 - key: node-role.kubernetes.io/master
709 operator: Exists
710 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]711 - key: node-role.kubernetes.io/control-plane
712 operator: Exists
713 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]714 mounts:
715 neutron_server:
716 init_container: null
717 neutron_server:
718 volumeMounts:
719 volumes:
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]720 neutron_rpc_server:
721 init_container: null
722 neutron_rpc_server:
723 volumeMounts:
724 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]725 neutron_dhcp_agent:
726 init_container: null
727 neutron_dhcp_agent:
728 volumeMounts:
729 volumes:
730 neutron_l3_agent:
731 init_container: null
732 neutron_l3_agent:
733 volumeMounts:
734 volumes:
735 neutron_lb_agent:
736 init_container: null
737 neutron_lb_agent:
738 volumeMounts:
739 volumes:
740 neutron_metadata_agent:
741 init_container: null
742 neutron_metadata_agent:
743 volumeMounts:
744 volumes:
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]745 neutron_ovn_metadata_agent:
746 init_container: null
747 neutron_ovn_metadata_agent:
748 volumeMounts:
749 volumes:
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]750 ovn_vpn_agent:
751 init_container: null
752 ovn_vpn_agent:
753 volumeMounts:
754 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]755 neutron_ovs_agent:
756 init_container: null
757 neutron_ovs_agent:
758 volumeMounts:
759 volumes:
760 neutron_sriov_agent:
761 init_container: null
762 neutron_sriov_agent:
763 volumeMounts:
764 volumes:
765 neutron_l2gw_agent:
766 init_container: null
767 neutron_l2gw_agent:
768 volumeMounts:
769 volumes:
770 bagpipe_bgp:
771 init_container: null
772 bagpipe_bgp:
773 volumeMounts:
774 volumes:
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]775 bgp_dragent:
776 init_container: null
777 bgp_dragent:
778 volumeMounts:
779 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]780 neutron_ironic_agent:
781 init_container: null
782 neutron_ironic_agent:
783 volumeMounts:
784 volumes:
785 neutron_netns_cleanup_cron:
786 init_container: null
787 neutron_netns_cleanup_cron:
788 volumeMounts:
789 volumes:
790 neutron_tests:
791 init_container: null
792 neutron_tests:
793 volumeMounts:
794 volumes:
795 neutron_bootstrap:
796 init_container: null
797 neutron_bootstrap:
798 volumeMounts:
799 volumes:
800 neutron_db_sync:
801 neutron_db_sync:
802 volumeMounts:
803 - name: db-sync-conf
804 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
805 subPath: ml2_conf.ini
806 readOnly: true
807 volumes:
808 replicas:
809 server: 1
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]810 rpc_server: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]811 ironic_agent: 1
812 lifecycle:
813 upgrades:
814 deployments:
815 revision_history: 3
816 pod_replacement_strategy: RollingUpdate
817 rolling_update:
818 max_unavailable: 1
819 max_surge: 3
820 daemonsets:
821 pod_replacement_strategy: RollingUpdate
822 dhcp_agent:
823 enabled: true
824 min_ready_seconds: 0
825 max_unavailable: 1
826 l3_agent:
827 enabled: true
828 min_ready_seconds: 0
829 max_unavailable: 1
830 lb_agent:
831 enabled: true
832 min_ready_seconds: 0
833 max_unavailable: 1
834 metadata_agent:
835 enabled: true
836 min_ready_seconds: 0
837 max_unavailable: 1
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]838 ovn_metadata_agent:
839 enabled: true
840 min_ready_seconds: 0
841 max_unavailable: 1
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]842 ovn_vpn_agent:
843 enabled: true
844 min_ready_seconds: 0
845 max_unavailable: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]846 ovs_agent:
847 enabled: true
848 min_ready_seconds: 0
849 max_unavailable: 1
850 sriov_agent:
851 enabled: true
852 min_ready_seconds: 0
853 max_unavailable: 1
854 netns_cleanup_cron:
855 enabled: true
856 min_ready_seconds: 0
857 max_unavailable: 1
858 disruption_budget:
859 server:
860 min_available: 0
861 termination_grace_period:
862 server:
863 timeout: 30
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]864 rpc_server:
865 timeout: 30
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]866 ironic_agent:
867 timeout: 30
868 resources:
869 enabled: false
870 agent:
871 dhcp:
872 requests:
873 memory: "128Mi"
874 cpu: "100m"
875 limits:
876 memory: "1024Mi"
877 cpu: "2000m"
878 l3:
879 requests:
880 memory: "128Mi"
881 cpu: "100m"
882 limits:
883 memory: "1024Mi"
884 cpu: "2000m"
885 lb:
886 requests:
887 memory: "128Mi"
888 cpu: "100m"
889 limits:
890 memory: "1024Mi"
891 cpu: "2000m"
892 metadata:
893 requests:
894 memory: "128Mi"
895 cpu: "100m"
896 limits:
897 memory: "1024Mi"
898 cpu: "2000m"
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]899 ovn_metadata:
900 requests:
901 memory: "128Mi"
902 cpu: "100m"
903 limits:
904 memory: "1024Mi"
905 cpu: "2000m"
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]906 ovn_vpn:
907 requests:
908 memory: "128Mi"
909 cpu: "100m"
910 limits:
911 memory: "1024Mi"
912 cpu: "2000m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]913 ovs:
914 requests:
915 memory: "128Mi"
916 cpu: "100m"
917 limits:
918 memory: "1024Mi"
919 cpu: "2000m"
920 sriov:
921 requests:
922 memory: "128Mi"
923 cpu: "100m"
924 limits:
925 memory: "1024Mi"
926 cpu: "2000m"
927 l2gw:
928 requests:
929 memory: "128Mi"
930 cpu: "100m"
931 limits:
932 memory: "1024Mi"
933 cpu: "2000m"
934 bagpipe_bgp:
935 requests:
936 memory: "128Mi"
937 cpu: "100m"
938 limits:
939 memory: "1024Mi"
940 cpu: "2000m"
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]941 bgp_dragent:
942 requests:
943 memory: "128Mi"
944 cpu: "100m"
945 limits:
946 memory: "1024Mi"
947 cpu: "2000m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]948 server:
949 requests:
950 memory: "128Mi"
951 cpu: "100m"
952 limits:
953 memory: "1024Mi"
954 cpu: "2000m"
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]955 neutron_policy_server:
956 requests:
957 memory: "128Mi"
958 cpu: "100m"
959 limits:
960 memory: "256Mi"
961 cpu: "500m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]962 ironic_agent:
963 requests:
964 memory: "128Mi"
965 cpu: "100m"
966 limits:
967 memory: "1024Mi"
968 cpu: "2000m"
969 netns_cleanup_cron:
970 requests:
971 memory: "128Mi"
972 cpu: "100m"
973 limits:
974 memory: "1024Mi"
975 cpu: "2000m"
976 jobs:
977 bootstrap:
978 requests:
979 memory: "128Mi"
980 cpu: "100m"
981 limits:
982 memory: "1024Mi"
983 cpu: "2000m"
984 db_init:
985 requests:
986 memory: "128Mi"
987 cpu: "100m"
988 limits:
989 memory: "1024Mi"
990 cpu: "2000m"
991 rabbit_init:
992 requests:
993 memory: "128Mi"
994 cpu: "100m"
995 limits:
996 memory: "1024Mi"
997 cpu: "2000m"
998 db_sync:
999 requests:
1000 memory: "128Mi"
1001 cpu: "100m"
1002 limits:
1003 memory: "1024Mi"
1004 cpu: "2000m"
1005 db_drop:
1006 requests:
1007 memory: "128Mi"
1008 cpu: "100m"
1009 limits:
1010 memory: "1024Mi"
1011 cpu: "2000m"
1012 ks_endpoints:
1013 requests:
1014 memory: "128Mi"
1015 cpu: "100m"
1016 limits:
1017 memory: "1024Mi"
1018 cpu: "2000m"
1019 ks_service:
1020 requests:
1021 memory: "128Mi"
1022 cpu: "100m"
1023 limits:
1024 memory: "1024Mi"
1025 cpu: "2000m"
1026 ks_user:
1027 requests:
1028 memory: "128Mi"
1029 cpu: "100m"
1030 limits:
1031 memory: "1024Mi"
1032 cpu: "2000m"
1033 tests:
1034 requests:
1035 memory: "128Mi"
1036 cpu: "100m"
1037 limits:
1038 memory: "1024Mi"
1039 cpu: "2000m"
1040 image_repo_sync:
1041 requests:
1042 memory: "128Mi"
1043 cpu: "100m"
1044 limits:
1045 memory: "1024Mi"
1046 cpu: "2000m"
1047
1048conf:
1049 rally_tests:
1050 force_project_purge: false
1051 run_tempest: false
1052 clean_up: |
1053 # NOTE: We will make the best effort to clean up rally generated networks and routers,
1054 # but should not block further automated deployment.
1055 set +e
1056 PATTERN="^[sc]_rally_"
1057
1058 ROUTERS=$(openstack router list --format=value -c Name | grep -e $PATTERN | sort | tr -d '\r')
1059 NETWORKS=$(openstack network list --format=value -c Name | grep -e $PATTERN | sort | tr -d '\r')
1060
1061 for ROUTER in $ROUTERS
1062 do
1063 openstack router unset --external-gateway $ROUTER
1064 openstack router set --disable --no-ha $ROUTER
1065
1066 SUBNS=$(openstack router show $ROUTER -c interfaces_info --format=value | python -m json.tool | grep -oP '(?<="subnet_id": ")[a-f0-9\-]{36}(?=")' | sort | uniq)
1067 for SUBN in $SUBNS
1068 do
1069 openstack router remove subnet $ROUTER $SUBN
1070 done
1071
1072 for PORT in $(openstack port list --router $ROUTER --format=value -c ID | tr -d '\r')
1073 do
1074 openstack router remove port $ROUTER $PORT
1075 done
1076
1077 openstack router delete $ROUTER
1078 done
1079
1080 for NETWORK in $NETWORKS
1081 do
1082 for PORT in $(openstack port list --network $NETWORK --format=value -c ID | tr -d '\r')
1083 do
1084 openstack port delete $PORT
1085 done
1086 openstack network delete $NETWORK
1087 done
1088 set -e
1089 tests:
1090 NeutronNetworks.create_and_delete_networks:
1091 - args:
1092 network_create_args: {}
1093 context:
1094 quotas:
1095 neutron:
1096 network: -1
1097 runner:
1098 concurrency: 1
1099 times: 1
1100 type: constant
1101 sla:
1102 failure_rate:
1103 max: 0
1104 NeutronNetworks.create_and_delete_ports:
1105 - args:
1106 network_create_args: {}
1107 port_create_args: {}
1108 ports_per_network: 10
1109 context:
1110 network: {}
1111 quotas:
1112 neutron:
1113 network: -1
1114 port: -1
1115 runner:
1116 concurrency: 1
1117 times: 1
1118 type: constant
1119 sla:
1120 failure_rate:
1121 max: 0
1122 NeutronNetworks.create_and_delete_routers:
1123 - args:
1124 network_create_args: {}
1125 router_create_args: {}
1126 subnet_cidr_start: 1.1.0.0/30
1127 subnet_create_args: {}
1128 subnets_per_network: 2
1129 context:
1130 network: {}
1131 quotas:
1132 neutron:
1133 network: -1
1134 router: -1
1135 subnet: -1
1136 runner:
1137 concurrency: 1
1138 times: 1
1139 type: constant
1140 sla:
1141 failure_rate:
1142 max: 0
1143 NeutronNetworks.create_and_delete_subnets:
1144 - args:
1145 network_create_args: {}
1146 subnet_cidr_start: 1.1.0.0/30
1147 subnet_create_args: {}
1148 subnets_per_network: 2
1149 context:
1150 network: {}
1151 quotas:
1152 neutron:
1153 network: -1
1154 subnet: -1
1155 runner:
1156 concurrency: 1
1157 times: 1
1158 type: constant
1159 sla:
1160 failure_rate:
1161 max: 0
1162 NeutronNetworks.create_and_list_routers:
1163 - args:
1164 network_create_args: {}
1165 router_create_args: {}
1166 subnet_cidr_start: 1.1.0.0/30
1167 subnet_create_args: {}
1168 subnets_per_network: 2
1169 context:
1170 network: {}
1171 quotas:
1172 neutron:
1173 network: -1
1174 router: -1
1175 subnet: -1
1176 runner:
1177 concurrency: 1
1178 times: 1
1179 type: constant
1180 sla:
1181 failure_rate:
1182 max: 0
1183 NeutronNetworks.create_and_list_subnets:
1184 - args:
1185 network_create_args: {}
1186 subnet_cidr_start: 1.1.0.0/30
1187 subnet_create_args: {}
1188 subnets_per_network: 2
1189 context:
1190 network: {}
1191 quotas:
1192 neutron:
1193 network: -1
1194 subnet: -1
1195 runner:
1196 concurrency: 1
1197 times: 1
1198 type: constant
1199 sla:
1200 failure_rate:
1201 max: 0
1202 NeutronNetworks.create_and_show_network:
1203 - args:
1204 network_create_args: {}
1205 context:
1206 quotas:
1207 neutron:
1208 network: -1
1209 runner:
1210 concurrency: 1
1211 times: 1
1212 type: constant
1213 sla:
1214 failure_rate:
1215 max: 0
1216 NeutronNetworks.create_and_update_networks:
1217 - args:
1218 network_create_args: {}
1219 network_update_args:
1220 admin_state_up: false
1221 context:
1222 quotas:
1223 neutron:
1224 network: -1
1225 runner:
1226 concurrency: 1
1227 times: 1
1228 type: constant
1229 sla:
1230 failure_rate:
1231 max: 0
1232 NeutronNetworks.create_and_update_ports:
1233 - args:
1234 network_create_args: {}
1235 port_create_args: {}
1236 port_update_args:
1237 admin_state_up: false
1238 device_id: dummy_id
1239 device_owner: dummy_owner
1240 ports_per_network: 5
1241 context:
1242 network: {}
1243 quotas:
1244 neutron:
1245 network: -1
1246 port: -1
1247 runner:
1248 concurrency: 1
1249 times: 1
1250 type: constant
1251 sla:
1252 failure_rate:
1253 max: 0
1254 NeutronNetworks.create_and_update_routers:
1255 - args:
1256 network_create_args: {}
1257 router_create_args: {}
1258 router_update_args:
1259 admin_state_up: false
1260 subnet_cidr_start: 1.1.0.0/30
1261 subnet_create_args: {}
1262 subnets_per_network: 2
1263 context:
1264 network: {}
1265 quotas:
1266 neutron:
1267 network: -1
1268 router: -1
1269 subnet: -1
1270 runner:
1271 concurrency: 1
1272 times: 1
1273 type: constant
1274 sla:
1275 failure_rate:
1276 max: 0
1277 NeutronNetworks.create_and_update_subnets:
1278 - args:
1279 network_create_args: {}
1280 subnet_cidr_start: 1.4.0.0/16
1281 subnet_create_args: {}
1282 subnet_update_args:
1283 enable_dhcp: false
1284 subnets_per_network: 2
1285 context:
1286 network: {}
1287 quotas:
1288 neutron:
1289 network: -1
1290 subnet: -1
1291 runner:
1292 concurrency: 1
1293 times: 1
1294 type: constant
1295 sla:
1296 failure_rate:
1297 max: 0
1298 NeutronNetworks.list_agents:
1299 - args:
1300 agent_args: {}
1301 runner:
1302 concurrency: 1
1303 times: 1
1304 type: constant
1305 sla:
1306 failure_rate:
1307 max: 0
1308 NeutronSecurityGroup.create_and_list_security_groups:
1309 - args:
1310 security_group_create_args: {}
1311 context:
1312 quotas:
1313 neutron:
1314 security_group: -1
1315 runner:
1316 concurrency: 1
1317 times: 1
1318 type: constant
1319 sla:
1320 failure_rate:
1321 max: 0
1322 NeutronSecurityGroup.create_and_update_security_groups:
1323 - args:
1324 security_group_create_args: {}
1325 security_group_update_args: {}
1326 context:
1327 quotas:
1328 neutron:
1329 security_group: -1
1330 runner:
1331 concurrency: 1
1332 times: 1
1333 type: constant
1334 sla:
1335 failure_rate:
1336 max: 0
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]1337 paste:
1338 composite:neutron:
1339 use: egg:Paste#urlmap
1340 /: neutronversions_composite
1341 /v2.0: neutronapi_v2_0
1342 composite:neutronapi_v2_0:
1343 use: call:neutron.auth:pipeline_factory
1344 noauth: cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
1345 keystone: cors http_proxy_to_wsgi request_id catch_errors authtoken audit keystonecontext extensions neutronapiapp_v2_0
1346 composite:neutronversions_composite:
1347 use: call:neutron.auth:pipeline_factory
1348 noauth: cors http_proxy_to_wsgi neutronversions
1349 keystone: cors http_proxy_to_wsgi neutronversions
1350 filter:request_id:
1351 paste.filter_factory: oslo_middleware:RequestId.factory
1352 filter:catch_errors:
1353 paste.filter_factory: oslo_middleware:CatchErrors.factory
1354 filter:cors:
1355 paste.filter_factory: oslo_middleware.cors:filter_factory
1356 oslo_config_project: neutron
1357 filter:http_proxy_to_wsgi:
1358 paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
1359 filter:keystonecontext:
1360 paste.filter_factory: neutron.auth:NeutronKeystoneContext.factory
1361 filter:authtoken:
1362 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
1363 filter:audit:
1364 paste.filter_factory: keystonemiddleware.audit:filter_factory
1365 audit_map_file: /etc/neutron/api_audit_map.conf
1366 filter:extensions:
1367 paste.filter_factory: neutron.api.extensions:plugin_aware_extension_middleware_factory
1368 app:neutronversions:
1369 paste.app_factory: neutron.pecan_wsgi.app:versions_factory
1370 app:neutronapiapp_v2_0:
1371 paste.app_factory: neutron.api.v2.router:APIRouter.factory
1372 filter:osprofiler:
1373 paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]1374 neutron_api_uwsgi:
1375 uwsgi:
1376 add-header: "Connection: close"
1377 buffer-size: 65535
1378 die-on-term: true
1379 enable-threads: true
1380 exit-on-reload: false
1381 hook-master-start: unix_signal:15 gracefully_kill_them_all
1382 lazy-apps: true
1383 log-x-forwarded-for: true
1384 master: true
1385 procname-prefix-spaced: "neutron-api:"
1386 route-user-agent: '^kube-probe.* donotlog:'
1387 thunder-lock: true
1388 worker-reload-mercy: 80
1389 wsgi-file: /var/lib/openstack/bin/neutron-api
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]1390 neutron_policy_server_uwsgi:
1391 uwsgi:
1392 add-header: "Connection: close"
1393 buffer-size: 65535
1394 die-on-term: true
1395 enable-threads: true
1396 exit-on-reload: false
1397 hook-master-start: unix_signal:15 gracefully_kill_them_all
1398 lazy-apps: true
1399 log-x-forwarded-for: true
1400 master: true
1401 procname-prefix-spaced: "neutron-policy-server:"
1402 route-user-agent: '^kube-probe.* donotlog:'
1403 thunder-lock: true
1404 worker-reload-mercy: 80
1405 wsgi-file: /var/lib/openstack/bin/neutron-policy-server-wsgi
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1406 policy: {}
1407 api_audit_map:
1408 DEFAULT:
1409 target_endpoint_type: None
1410 custom_actions:
1411 add_router_interface: update/add
1412 remove_router_interface: update/remove
1413 path_keywords:
1414 floatingips: ip
1415 healthmonitors: healthmonitor
1416 health_monitors: health_monitor
1417 lb: None
1418 members: member
1419 metering-labels: label
1420 metering-label-rules: rule
1421 networks: network
1422 pools: pool
1423 ports: port
1424 routers: router
1425 quotas: quota
1426 security-groups: security-group
1427 security-group-rules: rule
1428 subnets: subnet
1429 vips: vip
1430 service_endpoints:
1431 network: service/network
1432 neutron_sudoers: |
1433 # This sudoers file supports rootwrap for both Kolla and LOCI Images.
1434 Defaults !requiretty
1435 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
1436 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *, /var/lib/openstack/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
1437 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf, /var/lib/openstack/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
1438 rootwrap: |
1439 # Configuration for neutron-rootwrap
1440 # This file should be owned by (and only-writeable by) the root user
1441
1442 [DEFAULT]
1443 # List of directories to load filter definitions from (separated by ',').
1444 # These directories MUST all be only writeable by root !
1445 filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap,/var/lib/openstack/etc/neutron/rootwrap.d
1446
1447 # List of directories to search executables in, in case filters do not
1448 # explicitely specify a full path (separated by ',')
1449 # If not specified, defaults to system PATH environment variable.
1450 # These directories MUST all be only writeable by root !
1451 exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin
1452
1453 # Enable logging to syslog
1454 # Default value is False
1455 use_syslog=False
1456
1457 # Which syslog facility to use.
1458 # Valid values include auth, authpriv, syslog, local0, local1...
1459 # Default value is 'syslog'
1460 syslog_log_facility=syslog
1461
1462 # Which messages to log.
1463 # INFO means log all usage
1464 # ERROR means only log unsuccessful attempts
1465 syslog_log_level=ERROR
1466
1467 [xenapi]
1468 # XenAPI configuration is only required by the L2 agent if it is to
1469 # target a XenServer/XCP compute host's dom0.
1470 xenapi_connection_url=<None>
1471 xenapi_connection_username=root
1472 xenapi_connection_password=<None>
1473 rootwrap_filters:
1474 debug:
1475 pods:
1476 - dhcp_agent
1477 - l3_agent
1478 - lb_agent
1479 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1480 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1481 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1482 - ovs_agent
1483 - sriov_agent
1484 content: |
1485 # neutron-rootwrap command filters for nodes on which neutron is
1486 # expected to control network
1487 #
1488 # This file should be owned by (and only-writeable by) the root user
1489
1490 # format seems to be
1491 # cmd-name: filter-name, raw-command, user, args
1492
1493 [Filters]
1494
1495 # This is needed because we should ping
1496 # from inside a namespace which requires root
1497 # _alt variants allow to match -c and -w in any order
1498 # (used by NeutronDebugAgent.ping_all)
1499 ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
1500 ping_alt: RegExpFilter, ping, root, ping, -c, \d+, -w, \d+, [0-9\.]+
1501 ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+
1502 ping6_alt: RegExpFilter, ping6, root, ping6, -c, \d+, -w, \d+, [0-9A-Fa-f:]+
1503 dibbler:
1504 pods:
1505 - dhcp_agent
1506 - l3_agent
1507 - lb_agent
1508 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1509 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1510 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1511 - ovs_agent
1512 - sriov_agent
1513 content: |
1514 # neutron-rootwrap command filters for nodes on which neutron is
1515 # expected to control network
1516 #
1517 # This file should be owned by (and only-writeable by) the root user
1518
1519 # format seems to be
1520 # cmd-name: filter-name, raw-command, user, args
1521
1522 [Filters]
1523
1524 # Filters for the dibbler-based reference implementation of the pluggable
1525 # Prefix Delegation driver. Other implementations using an alternative agent
1526 # should include a similar filter in this folder.
1527
1528 # prefix_delegation_agent
1529 dibbler-client: CommandFilter, dibbler-client, root
1530 ipset_firewall:
1531 pods:
1532 - dhcp_agent
1533 - l3_agent
1534 - lb_agent
1535 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1536 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1537 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1538 - ovs_agent
1539 - sriov_agent
1540 content: |
1541 # neutron-rootwrap command filters for nodes on which neutron is
1542 # expected to control network
1543 #
1544 # This file should be owned by (and only-writeable by) the root user
1545
1546 # format seems to be
1547 # cmd-name: filter-name, raw-command, user, args
1548
1549 [Filters]
1550 # neutron/agent/linux/iptables_firewall.py
1551 # "ipset", "-A", ...
1552 ipset: CommandFilter, ipset, root
1553 l3:
1554 pods:
1555 - dhcp_agent
1556 - l3_agent
1557 - lb_agent
1558 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1559 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1560 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1561 - ovs_agent
1562 - sriov_agent
1563 content: |
1564 # neutron-rootwrap command filters for nodes on which neutron is
1565 # expected to control network
1566 #
1567 # This file should be owned by (and only-writeable by) the root user
1568
1569 # format seems to be
1570 # cmd-name: filter-name, raw-command, user, args
1571
1572 [Filters]
1573
1574 # arping
1575 arping: CommandFilter, arping, root
1576
1577 # l3_agent
1578 sysctl: CommandFilter, sysctl, root
1579 route: CommandFilter, route, root
1580 radvd: CommandFilter, radvd, root
1581
1582 # haproxy
1583 haproxy: RegExpFilter, haproxy, root, haproxy, -f, .*
1584 kill_haproxy: KillFilter, root, haproxy, -15, -9, -HUP
1585
1586 # metadata proxy
1587 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
1588 # RHEL invocation of the metadata proxy will report /usr/bin/python
1589 kill_metadata: KillFilter, root, python, -15, -9
1590 kill_metadata2: KillFilter, root, python2, -15, -9
1591 kill_metadata7: KillFilter, root, python2.7, -15, -9
1592 kill_metadata3: KillFilter, root, python3, -15, -9
1593 kill_metadata35: KillFilter, root, python3.5, -15, -9
1594 kill_metadata36: KillFilter, root, python3.6, -15, -9
1595 kill_metadata37: KillFilter, root, python3.7, -15, -9
1596 kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -15, -9, -HUP
1597 kill_radvd: KillFilter, root, /sbin/radvd, -15, -9, -HUP
1598
1599 # ip_lib
1600 ip: IpFilter, ip, root
1601 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1602 ip_exec: IpNetnsExecFilter, ip, root
1603
1604 # l3_tc_lib
1605 l3_tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
1606 l3_tc_add_qdisc_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress
1607 l3_tc_add_qdisc_egress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, root, handle, 1:, htb
1608 l3_tc_show_filters: RegExpFilter, tc, root, tc, -p, -s, -d, filter, show, dev, .+, parent, .+, prio, 1
1609 l3_tc_delete_filters: RegExpFilter, tc, root, tc, filter, del, dev, .+, parent, .+, prio, 1, handle, .+, u32
1610 l3_tc_add_filter_ingress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, dst, .+, police, rate, .+, burst, .+, drop, flowid, :1
1611 l3_tc_add_filter_egress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, src, .+, police, rate, .+, burst, .+, drop, flowid, :1
1612
1613 # For ip monitor
1614 kill_ip_monitor: KillFilter, root, ip, -9
1615
1616 # ovs_lib (if OVSInterfaceDriver is used)
1617 ovs-vsctl: CommandFilter, ovs-vsctl, root
1618
1619 # iptables_manager
1620 iptables-save: CommandFilter, iptables-save, root
1621 iptables-restore: CommandFilter, iptables-restore, root
1622 ip6tables-save: CommandFilter, ip6tables-save, root
1623 ip6tables-restore: CommandFilter, ip6tables-restore, root
1624
1625 # Keepalived
1626 keepalived: CommandFilter, keepalived, root
1627 kill_keepalived: KillFilter, root, keepalived, -HUP, -15, -9
1628
1629 # l3 agent to delete floatingip's conntrack state
1630 conntrack: CommandFilter, conntrack, root
1631
1632 # keepalived state change monitor
1633 keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root
1634 # The following filters are used to kill the keepalived state change monitor.
1635 # Since the monitor runs as a Python script, the system reports that the
1636 # command of the process to be killed is python.
1637 # TODO(mlavalle) These kill filters will be updated once we come up with a
1638 # mechanism to kill using the name of the script being executed by Python
1639 kill_keepalived_monitor_py: KillFilter, root, python, -15
1640 kill_keepalived_monitor_py27: KillFilter, root, python2.7, -15
1641 kill_keepalived_monitor_py3: KillFilter, root, python3, -15
1642 kill_keepalived_monitor_py35: KillFilter, root, python3.5, -15
1643 kill_keepalived_monitor_py36: KillFilter, root, python3.6, -15
1644 kill_keepalived_monitor_py37: KillFilter, root, python3.7, -15
1645 netns_cleanup:
1646 pods:
1647 - dhcp_agent
1648 - l3_agent
1649 - lb_agent
1650 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1651 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1652 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1653 - ovs_agent
1654 - sriov_agent
1655 - netns_cleanup_cron
1656 content: |
1657 # neutron-rootwrap command filters for nodes on which neutron is
1658 # expected to control network
1659 #
1660 # This file should be owned by (and only-writeable by) the root user
1661
1662 # format seems to be
1663 # cmd-name: filter-name, raw-command, user, args
1664
1665 [Filters]
1666
1667 # netns-cleanup
1668 netstat: CommandFilter, netstat, root
1669 dhcp:
1670 pods:
1671 - dhcp_agent
1672 - l3_agent
1673 - lb_agent
1674 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1675 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1676 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1677 - ovs_agent
1678 - sriov_agent
1679 - netns_cleanup_cron
1680 content: |
1681 # neutron-rootwrap command filters for nodes on which neutron is
1682 # expected to control network
1683 #
1684 # This file should be owned by (and only-writeable by) the root user
1685
1686 # format seems to be
1687 # cmd-name: filter-name, raw-command, user, args
1688
1689 [Filters]
1690
1691 # dhcp-agent
1692 dnsmasq: CommandFilter, dnsmasq, root
1693 # dhcp-agent uses kill as well, that's handled by the generic KillFilter
1694 # it looks like these are the only signals needed, per
1695 # neutron/agent/linux/dhcp.py
1696 kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP, -15
1697 kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP, -15
1698
1699 ovs-vsctl: CommandFilter, ovs-vsctl, root
1700 ivs-ctl: CommandFilter, ivs-ctl, root
1701 mm-ctl: CommandFilter, mm-ctl, root
1702 dhcp_release: CommandFilter, dhcp_release, root
1703 dhcp_release6: CommandFilter, dhcp_release6, root
1704
1705 # metadata proxy
1706 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
1707 # RHEL invocation of the metadata proxy will report /usr/bin/python
1708 kill_metadata: KillFilter, root, python, -9
1709 kill_metadata2: KillFilter, root, python2, -9
1710 kill_metadata7: KillFilter, root, python2.7, -9
1711 kill_metadata3: KillFilter, root, python3, -9
1712 kill_metadata35: KillFilter, root, python3.5, -9
1713 kill_metadata36: KillFilter, root, python3.6, -9
1714 kill_metadata37: KillFilter, root, python3.7, -9
1715
1716 # ip_lib
1717 ip: IpFilter, ip, root
1718 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1719 ip_exec: IpNetnsExecFilter, ip, root
1720 ebtables:
1721 pods:
1722 - dhcp_agent
1723 - l3_agent
1724 - lb_agent
1725 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1726 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1727 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1728 - ovs_agent
1729 - sriov_agent
1730 content: |
1731 # neutron-rootwrap command filters for nodes on which neutron is
1732 # expected to control network
1733 #
1734 # This file should be owned by (and only-writeable by) the root user
1735
1736 # format seems to be
1737 # cmd-name: filter-name, raw-command, user, args
1738
1739 [Filters]
1740
1741 ebtables: CommandFilter, ebtables, root
1742 iptables_firewall:
1743 pods:
1744 - dhcp_agent
1745 - l3_agent
1746 - lb_agent
1747 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1748 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1749 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1750 - ovs_agent
1751 - sriov_agent
1752 content: |
1753 # neutron-rootwrap command filters for nodes on which neutron is
1754 # expected to control network
1755 #
1756 # This file should be owned by (and only-writeable by) the root user
1757
1758 # format seems to be
1759 # cmd-name: filter-name, raw-command, user, args
1760
1761 [Filters]
1762
1763 # neutron/agent/linux/iptables_firewall.py
1764 # "iptables-save", ...
1765 iptables-save: CommandFilter, iptables-save, root
1766 iptables-restore: CommandFilter, iptables-restore, root
1767 ip6tables-save: CommandFilter, ip6tables-save, root
1768 ip6tables-restore: CommandFilter, ip6tables-restore, root
1769
1770 # neutron/agent/linux/iptables_firewall.py
1771 # "iptables", "-A", ...
1772 iptables: CommandFilter, iptables, root
1773 ip6tables: CommandFilter, ip6tables, root
1774
1775 # neutron/agent/linux/iptables_firewall.py
1776 sysctl: CommandFilter, sysctl, root
1777
1778 # neutron/agent/linux/ip_conntrack.py
1779 conntrack: CommandFilter, conntrack, root
1780 linuxbridge_plugin:
1781 pods:
1782 - dhcp_agent
1783 - l3_agent
1784 - lb_agent
1785 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1786 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1787 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1788 - ovs_agent
1789 - sriov_agent
1790 content: |
1791 # neutron-rootwrap command filters for nodes on which neutron is
1792 # expected to control network
1793 #
1794 # This file should be owned by (and only-writeable by) the root user
1795
1796 # format seems to be
1797 # cmd-name: filter-name, raw-command, user, args
1798
1799 [Filters]
1800
1801 # linuxbridge-agent
1802 # unclear whether both variants are necessary, but I'm transliterating
1803 # from the old mechanism
1804 brctl: CommandFilter, brctl, root
1805 bridge: CommandFilter, bridge, root
1806
1807 # ip_lib
1808 ip: IpFilter, ip, root
1809 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1810 ip_exec: IpNetnsExecFilter, ip, root
1811
1812 # tc commands needed for QoS support
1813 tc_replace_tbf: RegExpFilter, tc, root, tc, qdisc, replace, dev, .+, root, tbf, rate, .+, latency, .+, burst, .+
1814 tc_add_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress, handle, .+
1815 tc_delete: RegExpFilter, tc, root, tc, qdisc, del, dev, .+, .+
1816 tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
1817 tc_show_filters: RegExpFilter, tc, root, tc, filter, show, dev, .+, parent, .+
1818 tc_add_filter: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, all, prio, .+, basic, police, rate, .+, burst, .+, mtu, .+, drop
1819 openvswitch_plugin:
1820 pods:
1821 - dhcp_agent
1822 - l3_agent
1823 - lb_agent
1824 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1825 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1826 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1827 - ovs_agent
1828 - sriov_agent
1829 content: |
1830 # neutron-rootwrap command filters for nodes on which neutron is
1831 # expected to control network
1832 #
1833 # This file should be owned by (and only-writeable by) the root user
1834
1835 # format seems to be
1836 # cmd-name: filter-name, raw-command, user, args
1837
1838 [Filters]
1839
1840 # openvswitch-agent
1841 # unclear whether both variants are necessary, but I'm transliterating
1842 # from the old mechanism
1843 ovs-vsctl: CommandFilter, ovs-vsctl, root
1844 # NOTE(yamamoto): of_interface=native doesn't use ovs-ofctl
1845 ovs-ofctl: CommandFilter, ovs-ofctl, root
1846 ovs-appctl: CommandFilter, ovs-appctl, root
1847 kill_ovsdb_client: KillFilter, root, /usr/bin/ovsdb-client, -9
1848 ovsdb-client: CommandFilter, ovsdb-client, root
1849 xe: CommandFilter, xe, root
1850
1851 # ip_lib
1852 ip: IpFilter, ip, root
1853 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1854 ip_exec: IpNetnsExecFilter, ip, root
1855
1856 # needed for FDB extension
1857 bridge: CommandFilter, bridge, root
1858 privsep:
1859 pods:
1860 - dhcp_agent
1861 - l3_agent
1862 - lb_agent
1863 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1864 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1865 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1866 - ovs_agent
1867 - sriov_agent
1868 - netns_cleanup_cron
1869 content: |
1870 # Command filters to allow privsep daemon to be started via rootwrap.
1871 #
1872 # This file should be owned by (and only-writeable by) the root user
1873
1874 [Filters]
1875
1876 # By installing the following, the local admin is asserting that:
1877 #
1878 # 1. The python module load path used by privsep-helper
1879 # command as root (as started by sudo/rootwrap) is trusted.
1880 # 2. Any oslo.config files matching the --config-file
1881 # arguments below are trusted.
1882 # 3. Users allowed to run sudo/rootwrap with this configuration(*) are
1883 # also allowed to invoke python "entrypoint" functions from
1884 # --privsep_context with the additional (possibly root) privileges
1885 # configured for that context.
1886 #
1887 # (*) ie: the user is allowed by /etc/sudoers to run rootwrap as root
1888 #
1889 # In particular, the oslo.config and python module path must not
1890 # be writeable by the unprivileged user.
1891
1892 # oslo.privsep default neutron context
1893 privsep: PathFilter, privsep-helper, root,
1894 --config-file, /etc,
1895 --privsep_context, neutron.privileged.default,
1896 --privsep_sock_path, /
1897
1898 # NOTE: A second `--config-file` arg can also be added above. Since
1899 # many neutron components are installed like that (eg: by devstack).
1900 # Adjust to suit local requirements.
1901 linux_vxlan:
1902 pods:
1903 - bagpipe_bgp
1904 content: |
1905 # bagpipe-bgp-rootwrap command filters for nodes on which bagpipe-bgp is
1906 # expected to control VXLAN Linux Bridge dataplane
1907 #
1908 # This file should be owned by (and only-writeable by) the root user
1909
1910 # format seems to be
1911 # cmd-name: filter-name, raw-command, user, args
1912
1913 [Filters]
1914
1915 #
1916 modprobe: CommandFilter, modprobe, root
1917
1918 #
1919 brctl: CommandFilter, brctl, root
1920 bridge: CommandFilter, bridge, root
1921
1922 # ip_lib
1923 ip: IpFilter, ip, root
1924 ip_exec: IpNetnsExecFilter, ip, root
1925
1926 # shell (for piped commands)
1927 sh: CommandFilter, sh, root
1928 mpls_ovs_dataplane:
1929 pods:
1930 - bagpipe_bgp
1931 content: |
1932 # bagpipe-bgp-rootwrap command filters for nodes on which bagpipe-bgp is
1933 # expected to control MPLS OpenVSwitch dataplane
1934 #
1935 # This file should be owned by (and only-writeable by) the root user
1936
1937 # format seems to be
1938 # cmd-name: filter-name, raw-command, user, args
1939
1940 [Filters]
1941
1942 # openvswitch
1943 ovs-vsctl: CommandFilter, ovs-vsctl, root
1944 ovs-ofctl: CommandFilter, ovs-ofctl, root
1945
1946 # ip_lib
1947 ip: IpFilter, ip, root
1948 ip_exec: IpNetnsExecFilter, ip, root
1949
1950 # shell (for piped commands)
1951 sh: CommandFilter, sh, root
1952 neutron:
1953 DEFAULT:
1954 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
1955 log_config_append: /etc/neutron/logging.conf
1956 # NOTE(portdirect): the bind port should not be defined, and is manipulated
1957 # via the endpoints section.
1958 bind_port: null
1959 default_availability_zones: nova
1960 api_workers: 1
1961 rpc_workers: 4
1962 allow_overlapping_ips: True
1963 state_path: /var/lib/neutron
1964 # core_plugin can be: ml2, calico
1965 core_plugin: ml2
1966 # service_plugin can be: router, odl-router, empty for calico,
1967 # networking_ovn.l3.l3_ovn.OVNL3RouterPlugin for OVN
1968 service_plugins: router
1969 allow_automatic_l3agent_failover: True
1970 l3_ha: True
1971 max_l3_agents_per_router: 2
1972 l3_ha_network_type: vxlan
1973 network_auto_schedule: True
1974 router_auto_schedule: True
1975 # (NOTE)portdirect: if unset this is populated dynamically from the value in
1976 # 'network.backend' to sane defaults.
1977 interface_driver: null
1978 oslo_concurrency:
1979 lock_path: /var/lib/neutron/tmp
1980 database:
1981 max_retries: -1
1982 agent:
1983 root_helper: sudo /var/lib/openstack/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
1984 root_helper_daemon: sudo /var/lib/openstack/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
1985 oslo_messaging_notifications:
1986 driver: messagingv2
1987 oslo_messaging_rabbit:
1988 rabbit_ha_queues: true
1989 oslo_middleware:
1990 enable_proxy_headers_parsing: true
1991 oslo_policy:
1992 policy_file: /etc/neutron/policy.yaml
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]1993 ovn:
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]1994 ovn_metadata_enabled: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1995 nova:
1996 auth_type: password
1997 auth_version: v3
1998 endpoint_type: internal
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]1999 placement:
2000 auth_type: password
2001 auth_version: v3
2002 endpoint_type: internal
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2003 designate:
2004 auth_type: password
2005 auth_version: v3
2006 endpoint_type: internal
2007 allow_reverse_dns_lookup: true
2008 ironic:
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]2009 auth_type: password
2010 auth_version: v3
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2011 endpoint_type: internal
2012 keystone_authtoken:
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]2013 service_token_roles: service
2014 service_token_roles_required: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2015 memcache_security_strategy: ENCRYPT
2016 auth_type: password
2017 auth_version: v3
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]2018 service_type: network
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2019 octavia:
2020 request_poll_timeout: 3000
2021 logging:
2022 loggers:
2023 keys:
2024 - root
2025 - neutron
2026 - neutron_taas
2027 handlers:
2028 keys:
2029 - stdout
2030 - stderr
2031 - "null"
2032 formatters:
2033 keys:
2034 - context
2035 - default
2036 logger_root:
2037 level: WARNING
2038 handlers: 'null'
2039 logger_neutron:
2040 level: INFO
2041 handlers:
2042 - stdout
2043 qualname: neutron
2044 logger_neutron_taas:
2045 level: INFO
2046 handlers:
2047 - stdout
2048 qualname: neutron_taas
2049 logger_amqp:
2050 level: WARNING
2051 handlers: stderr
2052 qualname: amqp
2053 logger_amqplib:
2054 level: WARNING
2055 handlers: stderr
2056 qualname: amqplib
2057 logger_eventletwsgi:
2058 level: WARNING
2059 handlers: stderr
2060 qualname: eventlet.wsgi.server
2061 logger_sqlalchemy:
2062 level: WARNING
2063 handlers: stderr
2064 qualname: sqlalchemy
2065 logger_boto:
2066 level: WARNING
2067 handlers: stderr
2068 qualname: boto
2069 handler_null:
2070 class: logging.NullHandler
2071 formatter: default
2072 args: ()
2073 handler_stdout:
2074 class: StreamHandler
2075 args: (sys.stdout,)
2076 formatter: context
2077 handler_stderr:
2078 class: StreamHandler
2079 args: (sys.stderr,)
2080 formatter: context
2081 formatter_context:
2082 class: oslo_log.formatters.ContextFormatter
2083 datefmt: "%Y-%m-%d %H:%M:%S"
2084 formatter_default:
2085 format: "%(message)s"
2086 datefmt: "%Y-%m-%d %H:%M:%S"
2087 plugins:
2088 ml2_conf:
2089 ml2:
2090 extension_drivers: port_security
2091 # (NOTE)portdirect: if unset this is populated dyanmicly from the value
2092 # in 'network.backend' to sane defaults.
2093 mechanism_drivers: null
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]2094 type_drivers: flat,vlan,vxlan,local
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2095 tenant_network_types: vxlan
2096 ml2_type_vxlan:
2097 vni_ranges: 1:1000
2098 vxlan_group: 239.1.1.1
2099 ml2_type_flat:
2100 flat_networks: "*"
2101 # If you want to use the external network as a tagged provider network,
2102 # a range should be specified including the intended VLAN target
2103 # using ml2_type_vlan.network_vlan_ranges:
2104 # ml2_type_vlan:
2105 # network_vlan_ranges: "external:1100:1110"
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]2106 ml2_type_geneve:
2107 vni_ranges: 1:65536
2108 max_header_size: 38
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2109 agent:
2110 extensions: ""
2111 ml2_conf_sriov: null
2112 taas:
2113 taas:
2114 enabled: False
2115 openvswitch_agent:
2116 agent:
2117 tunnel_types: vxlan
2118 l2_population: True
2119 arp_responder: True
2120 ovs:
2121 bridge_mappings: "external:br-ex"
2122 securitygroup:
2123 firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
2124 linuxbridge_agent:
2125 linux_bridge:
2126 # To define Flat and VLAN connections, in LB we can assign
2127 # specific interface to the flat/vlan network name using:
2128 # physical_interface_mappings: "external:eth3"
2129 # Or we can set the mapping between the network and bridge:
2130 bridge_mappings: "external:br-ex"
2131 # The two above options are exclusive, do not use both of them at once
2132 securitygroup:
2133 firewall_driver: iptables
2134 vxlan:
2135 l2_population: True
2136 arp_responder: True
2137 macvtap_agent: null
2138 sriov_agent:
2139 securitygroup:
2140 firewall_driver: neutron.agent.firewall.NoopFirewallDriver
2141 sriov_nic:
2142 physical_device_mappings: physnet2:enp3s0f1
2143 # NOTE: do not use null here, use an empty string
2144 exclude_devices: ""
2145 dhcp_agent:
2146 DEFAULT:
2147 # (NOTE)portdirect: if unset this is populated dyanmicly from the value in
2148 # 'network.backend' to sane defaults.
2149 interface_driver: null
2150 dnsmasq_config_file: /etc/neutron/dnsmasq.conf
2151 force_metadata: True
JustHumanzf1cf7ef2025-02-11 00:09:55 +0700[diff] [blame]2152 # NOTE(mnaser): This has to be here in order for the DHCP agent to work with OVN.
2153 ovs: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2154 dnsmasq: |
2155 #no-hosts
2156 #port=5353
2157 #cache-size=500
2158 #no-negcache
2159 #dns-forward-max=100
2160 #resolve-file=
2161 #strict-order
2162 #bind-interface
2163 #bind-dynamic
2164 #domain=
2165 #dhcp-range=10.10.10.10,10.10.10.100,24h
2166 #dhcp-lease-max=150
2167 #dhcp-host=11:22:33:44:55:66,ignore
2168 #dhcp-option=3,10.10.10.1
2169 #dhcp-option-force=26,1450
2170
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]2171 neutron_vpnaas: null
2172 ovn_vpn_agent:
2173 DEFAULT:
2174 interface_driver: openvswitch
2175 vpnagent:
2176 vpn_device_driver: neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver
2177 ovs:
2178 ovsdb_connection: unix:/run/openvswitch/db.sock
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2179 l3_agent:
2180 DEFAULT:
2181 # (NOTE)portdirect: if unset this is populated dyanmicly from the value in
2182 # 'network.backend' to sane defaults.
2183 interface_driver: null
2184 agent_mode: legacy
2185 metering_agent: null
2186 metadata_agent:
2187 DEFAULT:
2188 # we cannot change the proxy socket path as it is declared
2189 # as a hostPath volume from agent daemonsets
2190 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
2191 metadata_proxy_shared_secret: "password"
2192 cache:
2193 enabled: true
2194 backend: dogpile.cache.memcached
2195 bagpipe_bgp: {}
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]2196 ovn_metadata_agent:
2197 DEFAULT:
2198 # we cannot change the proxy socket path as it is declared
2199 # as a hostPath volume from agent daemonsets
2200 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
2201 metadata_proxy_shared_secret: "password"
2202 metadata_workers: 2
2203 cache:
2204 enabled: true
2205 backend: dogpile.cache.memcached
2206 ovs:
2207 ovsdb_connection: unix:/run/openvswitch/db.sock
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]2208 bgp_dragent: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2209
2210 rabbitmq:
2211 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
2212 policies:
2213 - vhost: "neutron"
2214 name: "ha_ttl_neutron"
2215 definition:
2216 # mirror messges to other nodes in rmq cluster
2217 ha-mode: "all"
2218 ha-sync-mode: "automatic"
2219 # 70s
2220 message-ttl: 70000
2221 priority: 0
2222 apply-to: all
2223 pattern: '^(?!(amq\.|reply_)).*'
2224 ## NOTE: "besteffort" is meant for dev env with mixed compute type only.
2225 ## This helps prevent sriov init script from failing due to mis-matched NIC
2226 ## For prod env, target NIC should match and init script should fail otherwise.
2227 ## sriov_init:
2228 ## - besteffort
2229 sriov_init:
2230 -
2231 # auto_bridge_add is a table of "bridge: interface" pairs
2232 # To automatically add a physical interfaces to a specific bridges,
2233 # for example eth3 to bridge br-physnet1, if0 to br0 and iface_two
2234 # to br1 do something like:
2235 #
2236 # auto_bridge_add:
2237 # br-physnet1: eth3
2238 # br0: if0
2239 # br1: iface_two
2240 # br-ex will be added by default
2241 auto_bridge_add:
2242 br-ex: null
2243
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]2244 # Network off-loading configuration
2245 netoffload:
ricolin18e6fd32023-07-17 06:17:15 +0000[diff] [blame]2246 enabled: false
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]2247 asap2:
2248 # - dev: enp97s0f0
2249 # vfs: 16
2250
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2251 # configuration of OVS DPDK bridges and NICs
2252 # this is a separate section and not part of the auto_bridge_add section
2253 # because additional parameters are needed
2254 ovs_dpdk:
2255 enabled: false
2256 # setting update_dpdk_bond_config to true will have default behavior,
2257 # which may cause disruptions in ovs dpdk traffic in case of neutron
2258 # ovs agent restart or when dpdk nic/bond configurations are changed.
2259 # Setting this to false will configure dpdk in the first run and
2260 # disable nic/bond config on event of restart or config update.
2261 update_dpdk_bond_config: true
2262 driver: uio_pci_generic
2263 # In case bonds are configured, the nics which are part of those bonds
2264 # must NOT be provided here.
2265 nics:
2266 - name: dpdk0
2267 pci_id: '0000:05:00.0'
2268 # Set VF Index in case some particular VF(s) need to be
2269 # used with ovs-dpdk.
2270 # vf_index: 0
2271 bridge: br-phy
2272 migrate_ip: true
2273 n_rxq: 2
2274 n_txq: 2
2275 pmd_rxq_affinity: "0:3,1:27"
2276 ofport_request: 1
2277 # optional parameters for tuning the OVS DPDK config
2278 # in alignment with the available hardware resources
2279 # mtu: 2000
2280 # n_rxq_size: 1024
2281 # n_txq_size: 1024
2282 # vhost-iommu-support: true
2283 bridges:
2284 - name: br-phy
2285 # optional parameter, in case tunnel traffic needs to be transported over a vlan underlay
2286 # - tunnel_underlay_vlan: 45
2287 # Optional parameter for configuring bonding in OVS-DPDK
2288 # - name: br-phy-bond0
2289 # bonds:
2290 # - name: dpdkbond0
2291 # bridge: br-phy-bond0
2292 # # The IP from the first nic in nics list shall be used
2293 # migrate_ip: true
2294 # mtu: 2000
2295 # # Please note that n_rxq is set for each NIC individually
2296 # # rather than denoting the total number of rx queues for
2297 # # the bond as a whole. So setting n_rxq = 2 below for ex.
2298 # # would be 4 rx queues in total for the bond.
2299 # # Same for n_txq
2300 # n_rxq: 2
2301 # n_txq: 2
2302 # ofport_request: 1
2303 # n_rxq_size: 1024
2304 # n_txq_size: 1024
2305 # vhost-iommu-support: true
2306 # ovs_options: "bond_mode=active-backup"
2307 # nics:
2308 # - name: dpdk_b0s0
2309 # pci_id: '0000:06:00.0'
2310 # pmd_rxq_affinity: "0:3,1:27"
2311 # # Set VF Index in case some particular VF(s) need to be
2312 # # used with ovs-dpdk. In which case pci_id of PF must be
2313 # # provided above.
2314 # # vf_index: 0
2315 # - name: dpdk_b0s1
2316 # pci_id: '0000:07:00.0'
2317 # pmd_rxq_affinity: "0:3,1:27"
2318 # # Set VF Index in case some particular VF(s) need to be
2319 # # used with ovs-dpdk. In which case pci_id of PF must be
2320 # # provided above.
2321 # # vf_index: 0
2322 #
2323 # Set the log level for each target module (default level is always dbg)
2324 # Supported log levels are: off, emer, err, warn, info, dbg
2325 #
2326 # modules:
2327 # - name: dpdk
2328 # log_level: info
2329
2330# Names of secrets used by bootstrap and environmental checks
2331secrets:
2332 identity:
2333 admin: neutron-keystone-admin
2334 neutron: neutron-keystone-user
2335 test: neutron-keystone-test
2336 oslo_db:
2337 admin: neutron-db-admin
2338 neutron: neutron-db-user
2339 oslo_messaging:
2340 admin: neutron-rabbitmq-admin
2341 neutron: neutron-rabbitmq-user
2342 tls:
2343 compute_metadata:
2344 metadata:
2345 internal: metadata-tls-metadata
2346 network:
2347 server:
2348 public: neutron-tls-public
2349 internal: neutron-tls-server
2350 oci_image_registry:
2351 neutron: neutron-oci-image-registry
2352
2353# typically overridden by environmental
2354# values, but should include all endpoints
2355# required by this chart
2356endpoints:
2357 cluster_domain_suffix: cluster.local
2358 local_image_registry:
2359 name: docker-registry
2360 namespace: docker-registry
2361 hosts:
2362 default: localhost
2363 internal: docker-registry
2364 node: localhost
2365 host_fqdn_override:
2366 default: null
2367 port:
2368 registry:
2369 node: 5000
2370 oci_image_registry:
2371 name: oci-image-registry
2372 namespace: oci-image-registry
2373 auth:
2374 enabled: false
2375 neutron:
2376 username: neutron
2377 password: password
2378 hosts:
2379 default: localhost
2380 host_fqdn_override:
2381 default: null
2382 port:
2383 registry:
2384 default: null
2385 oslo_db:
2386 auth:
2387 admin:
2388 username: root
2389 password: password
2390 secret:
2391 tls:
2392 internal: mariadb-tls-direct
2393 neutron:
2394 username: neutron
2395 password: password
2396 hosts:
2397 default: mariadb
2398 host_fqdn_override:
2399 default: null
2400 path: /neutron
2401 scheme: mysql+pymysql
2402 port:
2403 mysql:
2404 default: 3306
2405 oslo_messaging:
2406 auth:
2407 admin:
2408 username: rabbitmq
2409 password: password
2410 secret:
2411 tls:
2412 internal: rabbitmq-tls-direct
2413 neutron:
2414 username: neutron
2415 password: password
2416 statefulset:
2417 replicas: 2
2418 name: rabbitmq-rabbitmq
2419 hosts:
2420 default: rabbitmq
2421 host_fqdn_override:
2422 default: null
2423 path: /neutron
2424 scheme: rabbit
2425 port:
2426 amqp:
2427 default: 5672
2428 http:
2429 default: 15672
2430 oslo_cache:
2431 auth:
2432 # NOTE(portdirect): this is used to define the value for keystone
2433 # authtoken cache encryption key, if not set it will be populated
2434 # automatically with a random value, but to take advantage of
2435 # this feature all services should be set to use the same key,
2436 # and memcache service.
2437 memcache_secret_key: null
2438 hosts:
2439 default: memcached
2440 host_fqdn_override:
2441 default: null
2442 port:
2443 memcache:
2444 default: 11211
2445 compute:
2446 name: nova
2447 hosts:
2448 default: nova-api
2449 public: nova
2450 host_fqdn_override:
2451 default: null
2452 path:
2453 default: "/v2.1/%(tenant_id)s"
2454 scheme:
2455 default: 'http'
2456 port:
2457 api:
2458 default: 8774
2459 public: 80
2460 novncproxy:
2461 default: 6080
2462 compute_metadata:
2463 name: nova
2464 hosts:
2465 default: nova-metadata
2466 public: metadata
2467 host_fqdn_override:
2468 default: null
2469 path:
2470 default: /
2471 scheme:
2472 default: 'http'
2473 port:
2474 metadata:
2475 default: 8775
2476 public: 80
2477 identity:
2478 name: keystone
2479 auth:
2480 admin:
2481 region_name: RegionOne
2482 username: admin
2483 password: password
2484 project_name: admin
2485 user_domain_name: default
2486 project_domain_name: default
2487 neutron:
Mohammed Naserda994232024-04-13 12:34:01 -0400[diff] [blame]2488 role: admin,service
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2489 region_name: RegionOne
2490 username: neutron
2491 password: password
2492 project_name: service
2493 user_domain_name: service
2494 project_domain_name: service
2495 nova:
2496 region_name: RegionOne
2497 project_name: service
2498 username: nova
2499 password: password
2500 user_domain_name: service
2501 project_domain_name: service
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]2502 placement:
2503 region_name: RegionOne
2504 project_name: service
2505 username: placement
2506 password: password
2507 user_domain_name: service
2508 project_domain_name: service
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2509 designate:
2510 region_name: RegionOne
2511 project_name: service
2512 username: designate
2513 password: password
2514 user_domain_name: service
2515 project_domain_name: service
2516 ironic:
2517 region_name: RegionOne
2518 project_name: service
2519 username: ironic
2520 password: password
2521 user_domain_name: service
2522 project_domain_name: service
2523 test:
2524 role: admin
2525 region_name: RegionOne
2526 username: neutron-test
2527 password: password
2528 # NOTE: this project will be purged and reset if
2529 # conf.rally_tests.force_project_purge is set to true
2530 # which may be required upon test failure, but be aware that this will
2531 # expunge all openstack objects, so if this is used a seperate project
2532 # should be used for each helm test, and also it should be ensured
2533 # that this project is not in use by other tenants
2534 project_name: test
2535 user_domain_name: service
2536 project_domain_name: service
2537 hosts:
2538 default: keystone
2539 internal: keystone-api
2540 host_fqdn_override:
2541 default: null
2542 path:
2543 default: /v3
2544 scheme:
2545 default: http
2546 port:
2547 api:
2548 default: 80
2549 internal: 5000
2550 network:
2551 name: neutron
2552 hosts:
2553 default: neutron-server
2554 public: neutron
2555 host_fqdn_override:
2556 default: null
2557 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
2558 # endpoints using the following format:
2559 # public:
2560 # host: null
2561 # tls:
2562 # crt: null
2563 # key: null
2564 path:
2565 default: null
2566 scheme:
2567 default: 'http'
2568 service: 'http'
2569 port:
2570 api:
2571 default: 9696
2572 public: 80
2573 service: 9696
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]2574 policy_server:
2575 default: 9697
2576 public: 80
2577 service: 9697
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2578 load_balancer:
2579 name: octavia
2580 hosts:
2581 default: octavia-api
2582 public: octavia
2583 host_fqdn_override:
2584 default: null
2585 path:
2586 default: null
2587 scheme:
2588 default: http
2589 port:
2590 api:
2591 default: 9876
2592 public: 80
2593 fluentd:
2594 namespace: osh-infra
2595 name: fluentd
2596 hosts:
2597 default: fluentd-logging
2598 host_fqdn_override:
2599 default: null
2600 path:
2601 default: null
2602 scheme: 'http'
2603 port:
2604 service:
2605 default: 24224
2606 metrics:
2607 default: 24220
2608 dns:
2609 name: designate
2610 hosts:
2611 default: designate-api
2612 public: designate
2613 host_fqdn_override:
2614 default: null
2615 path:
2616 default: /
2617 scheme:
2618 default: 'http'
2619 port:
2620 api:
2621 default: 9001
2622 public: 80
2623 baremetal:
2624 name: ironic
2625 hosts:
2626 default: ironic-api
2627 public: ironic
2628 host_fqdn_override:
2629 default: null
2630 path:
2631 default: null
2632 scheme:
2633 default: 'http'
2634 port:
2635 api:
2636 default: 6385
2637 public: 80
2638 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
2639 # They are using to enable the Egress K8s network policy.
2640 kube_dns:
2641 namespace: kube-system
2642 name: kubernetes-dns
2643 hosts:
2644 default: kube-dns
2645 host_fqdn_override:
2646 default: null
2647 path:
2648 default: null
2649 scheme: http
2650 port:
2651 dns:
2652 default: 53
2653 protocol: UDP
2654 ingress:
2655 namespace: null
2656 name: ingress
2657 hosts:
2658 default: ingress
2659 port:
2660 ingress:
2661 default: 80
2662
2663network_policy:
2664 neutron:
2665 # TODO(lamt): Need to tighten this ingress for security.
2666 ingress:
2667 - {}
2668 egress:
2669 - {}
2670
2671helm3_hook: true
2672
2673health_probe:
2674 logging:
2675 level: ERROR
2676
2677tls:
2678 identity: false
2679 oslo_messaging: false
2680 oslo_db: false
2681
2682manifests:
2683 certificates: false
2684 configmap_bin: true
2685 configmap_etc: true
2686 daemonset_dhcp_agent: true
2687 daemonset_l3_agent: true
2688 daemonset_lb_agent: true
2689 daemonset_metadata_agent: true
2690 daemonset_ovs_agent: true
2691 daemonset_sriov_agent: true
2692 daemonset_l2gw_agent: false
2693 daemonset_bagpipe_bgp: false
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]2694 daemonset_bgp_dragent: false
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2695 daemonset_netns_cleanup_cron: true
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]2696 daemonset_ovn_metadata_agent: false
2697 daemonset_ovn_vpn_agent: false
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2698 deployment_ironic_agent: false
2699 deployment_server: true
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]2700 deployment_rpc_server: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2701 ingress_server: true
2702 job_bootstrap: true
2703 job_db_init: true
2704 job_db_sync: true
2705 job_db_drop: false
2706 job_image_repo_sync: true
2707 job_ks_endpoints: true
2708 job_ks_service: true
2709 job_ks_user: true
2710 job_rabbit_init: true
2711 pdb_server: true
2712 pod_rally_test: true
2713 network_policy: false
2714 secret_db: true
2715 secret_ingress_tls: true
2716 secret_keystone: true
2717 secret_rabbitmq: true
2718 secret_registry: true
2719 service_ingress_server: true
2720 service_server: true
2721...