Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/2024.1 / . / charts / neutron / values.yaml
blob: 57cb3b70042f2cc8052b02751ebc0d8e429dfdff [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for neutron.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21images:
22 tags:
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]23 bootstrap: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]24 test: docker.io/xrally/xrally-openstack:2.0.0
25 purge_test: docker.io/openstackhelm/ospurge:latest
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]26 db_init: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
27 neutron_db_sync: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
28 db_drop: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
29 rabbit_init: docker.io/rabbitmq:3.13-management
30 ks_user: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
31 ks_service: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
32 ks_endpoints: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]33 netoffload: ghcr.io/vexxhost/netoffload:v1.0.1
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]34 neutron_server: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]35 neutron_policy_server: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]36 neutron_rpc_server: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
37 neutron_dhcp: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
38 neutron_metadata: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
39 neutron_ovn_metadata: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]40 neutron_ovn_vpn: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]41 neutron_l3: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
42 neutron_l2gw: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
43 neutron_openvswitch_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
44 neutron_linuxbridge_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]45 neutron_sriov_agent: docker.io/openstackhelm/neutron:stein-18.04-sriov
46 neutron_sriov_agent_init: docker.io/openstackhelm/neutron:stein-18.04-sriov
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]47 neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
48 neutron_bgp_dragent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Dong Macd00c3d2025-01-16 09:57:50 +0000[diff] [blame]49 neutron_ironic_agent_init: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
Rico Linc49f8522024-05-07 17:43:21 +0800[diff] [blame]50 neutron_ironic_agent: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
51 neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]52 dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]53 image_repo_sync: docker.io/docker:17.07.0
54 pull_policy: "IfNotPresent"
55 local_registry:
56 active: false
57 exclude:
58 - dep_check
59 - image_repo_sync
60
61labels:
62 agent:
63 dhcp:
64 node_selector_key: openstack-control-plane
65 node_selector_value: enabled
66 l3:
67 node_selector_key: openstack-control-plane
68 node_selector_value: enabled
69 metadata:
70 node_selector_key: openstack-control-plane
71 node_selector_value: enabled
72 l2gw:
73 node_selector_key: openstack-control-plane
74 node_selector_value: enabled
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]75 ovn_vpn:
76 node_selector_key: openstack-control-plane
77 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]78 job:
79 node_selector_key: openstack-control-plane
80 node_selector_value: enabled
81 lb:
82 node_selector_key: linuxbridge
83 node_selector_value: enabled
84 # openvswitch is a special case, requiring a special
85 # label that can apply to both control hosts
86 # and compute hosts, until we get more sophisticated
87 # with our daemonset scheduling
88 ovs:
89 node_selector_key: openvswitch
90 node_selector_value: enabled
91 sriov:
92 node_selector_key: sriov
93 node_selector_value: enabled
94 bagpipe_bgp:
95 node_selector_key: openstack-compute-node
96 node_selector_value: enabled
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]97 bgp_dragent:
98 node_selector_key: openstack-compute-node
99 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]100 server:
101 node_selector_key: openstack-control-plane
102 node_selector_value: enabled
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]103 rpc_server:
104 node_selector_key: openstack-control-plane
105 node_selector_value: enabled
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]106 ironic_agent:
107 node_selector_key: openstack-control-plane
108 node_selector_value: enabled
109 netns_cleanup_cron:
110 node_selector_key: openstack-control-plane
111 node_selector_value: enabled
112 test:
113 node_selector_key: openstack-control-plane
114 node_selector_value: enabled
115
116network:
117 # provide what type of network wiring will be used
118 backend:
119 - openvswitch
120 # NOTE(Portdirect): Share network namespaces with the host,
121 # allowing agents to be restarted without packet loss and simpler
122 # debugging. This feature requires mount propagation support.
123 share_namespaces: true
124 interface:
125 # Tunnel interface will be used for VXLAN tunneling.
126 tunnel: null
127 # If tunnel is null there is a fallback mechanism to search
128 # for interface with routing using tunnel network cidr.
129 tunnel_network_cidr: "0/0"
130 # To perform setup of network interfaces using the SR-IOV init
131 # container you can use a section similar to:
132 # sriov:
133 # - device: ${DEV}
134 # num_vfs: 8
135 # mtu: 9214
136 # promisc: false
137 # qos:
138 # - vf_num: 0
139 # share: 10
140 # queues_per_vf:
141 # - num_queues: 16
142 # exclude_vf: 0,11,21
143 server:
144 ingress:
145 public: true
146 classes:
147 namespace: "nginx"
148 cluster: "nginx-cluster"
149 annotations:
150 nginx.ingress.kubernetes.io/rewrite-target: /
151 external_policy_local: false
152 node_port:
153 enabled: false
154 port: 30096
155
156bootstrap:
157 enabled: false
158 ks_user: neutron
159 script: |
160 openstack token issue
161
162dependencies:
163 dynamic:
164 common:
165 local_image_registry:
166 jobs:
167 - neutron-image-repo-sync
168 services:
169 - endpoint: node
170 service: local_image_registry
171 targeted:
172 sriov: {}
173 l2gateway: {}
174 bagpipe_bgp: {}
Mohammed Naserfd8edcc2023-09-06 22:32:16 +0000[diff] [blame]175 ovn:
176 server:
177 pod: null
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]178 bgp_dragent: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]179 openvswitch:
180 dhcp:
181 pod:
182 - requireSameNode: true
183 labels:
184 application: neutron
185 component: neutron-ovs-agent
186 l3:
187 pod:
188 - requireSameNode: true
189 labels:
190 application: neutron
191 component: neutron-ovs-agent
192 metadata:
193 pod:
194 - requireSameNode: true
195 labels:
196 application: neutron
197 component: neutron-ovs-agent
198 linuxbridge:
199 dhcp:
200 pod:
201 - requireSameNode: true
202 labels:
203 application: neutron
204 component: neutron-lb-agent
205 l3:
206 pod:
207 - requireSameNode: true
208 labels:
209 application: neutron
210 component: neutron-lb-agent
211 metadata:
212 pod:
213 - requireSameNode: true
214 labels:
215 application: neutron
216 component: neutron-lb-agent
217 lb_agent:
218 pod: null
219 static:
220 bootstrap:
221 services:
222 - endpoint: internal
223 service: network
224 - endpoint: internal
225 service: compute
226 db_drop:
227 services:
228 - endpoint: internal
229 service: oslo_db
230 db_init:
231 services:
232 - endpoint: internal
233 service: oslo_db
234 db_sync:
235 jobs:
236 - neutron-db-init
237 services:
238 - endpoint: internal
239 service: oslo_db
240 dhcp:
241 pod: null
242 jobs:
243 - neutron-rabbit-init
244 services:
245 - endpoint: internal
246 service: oslo_messaging
247 - endpoint: internal
248 service: network
249 - endpoint: internal
250 service: compute
251 ks_endpoints:
252 jobs:
253 - neutron-ks-service
254 services:
255 - endpoint: internal
256 service: identity
257 ks_service:
258 services:
259 - endpoint: internal
260 service: identity
261 ks_user:
262 services:
263 - endpoint: internal
264 service: identity
265 rabbit_init:
266 services:
267 - service: oslo_messaging
268 endpoint: internal
269 l3:
270 pod: null
271 jobs:
272 - neutron-rabbit-init
273 services:
274 - endpoint: internal
275 service: oslo_messaging
276 - endpoint: internal
277 service: network
278 - endpoint: internal
279 service: compute
280 lb_agent:
281 pod: null
282 jobs:
283 - neutron-rabbit-init
284 services:
285 - endpoint: internal
286 service: oslo_messaging
287 - endpoint: internal
288 service: network
289 metadata:
290 pod: null
291 jobs:
292 - neutron-rabbit-init
293 services:
294 - endpoint: internal
295 service: oslo_messaging
296 - endpoint: internal
297 service: network
298 - endpoint: internal
299 service: compute
300 - endpoint: public
301 service: compute_metadata
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]302 ovn_metadata:
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]303 pod:
304 - requireSameNode: true
305 labels:
306 application: ovn
307 component: ovn-controller
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]308 services:
309 - endpoint: internal
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]310 service: compute_metadata
Mohammed Naserfd8edcc2023-09-06 22:32:16 +0000[diff] [blame]311 - endpoint: internal
312 service: network
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]313 ovn_vpn_agent:
314 pod:
315 - requireSameNode: true
316 labels:
317 application: ovn
318 component: ovn-controller
319 services:
320 - endpoint: internal
321 service: oslo_messaging
322 - endpoint: internal
323 service: network
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]324 ovs_agent:
325 jobs:
326 - neutron-rabbit-init
327 pod:
328 - requireSameNode: true
329 labels:
330 application: openvswitch
331 component: server
332 services:
333 - endpoint: internal
334 service: oslo_messaging
335 - endpoint: internal
336 service: network
337 server:
338 jobs:
339 - neutron-db-sync
340 - neutron-ks-user
341 - neutron-ks-endpoints
342 - neutron-rabbit-init
343 services:
344 - endpoint: internal
345 service: oslo_db
346 - endpoint: internal
347 service: oslo_messaging
348 - endpoint: internal
349 service: oslo_cache
350 - endpoint: internal
351 service: identity
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]352 rpc_server:
353 jobs:
354 - neutron-db-sync
355 - neutron-rabbit-init
356 services:
357 - endpoint: internal
358 service: oslo_db
359 - endpoint: internal
360 service: oslo_messaging
361 - endpoint: internal
362 service: oslo_cache
363 - endpoint: internal
364 service: identity
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]365 ironic_agent:
366 jobs:
367 - neutron-db-sync
368 - neutron-ks-user
369 - neutron-ks-endpoints
370 - neutron-rabbit-init
371 services:
372 - endpoint: internal
373 service: oslo_db
374 - endpoint: internal
375 service: oslo_messaging
376 - endpoint: internal
377 service: oslo_cache
378 - endpoint: internal
379 service: identity
380 tests:
381 services:
382 - endpoint: internal
383 service: network
384 - endpoint: internal
385 service: compute
386 image_repo_sync:
387 services:
388 - endpoint: internal
389 service: local_image_registry
390
391pod:
Dong Ma56e23472025-02-11 11:03:48 +0000[diff] [blame]392 priorityClassName:
Dong Mad2ef43c2025-02-13 16:15:52 +0000[diff] [blame]393 bagpipe_bgp: null
394 bgp_dragent: null
Dong Ma56e23472025-02-11 11:03:48 +0000[diff] [blame]395 neutron_dhcp_agent: null
396 neutron_l2gw_agent: null
397 neutron_l3_agent: null
398 neutron_lb_agent: null
399 neutron_metadata_agent: null
400 neutron_netns_cleanup_cron: null
Dong Mad2ef43c2025-02-13 16:15:52 +0000[diff] [blame]401 ovn_vpn_agent: null
Dong Ma56e23472025-02-11 11:03:48 +0000[diff] [blame]402 neutron_ovn_metadata_agent: null
403 neutron_ovs_agent: null
404 neutron_sriov_agent: null
405 neutron_ironic_agent: null
406 neutron_rpc_server: null
407 neutron_server: null
408 neutron_tests: null
Dong Mad2ef43c2025-02-13 16:15:52 +0000[diff] [blame]409 bootstrap: null
Dong Ma56e23472025-02-11 11:03:48 +0000[diff] [blame]410 db_sync: null
411 runtimeClassName:
Dong Mad2ef43c2025-02-13 16:15:52 +0000[diff] [blame]412 bagpipe_bgp: null
413 bgp_dragent: null
Dong Ma56e23472025-02-11 11:03:48 +0000[diff] [blame]414 neutron_dhcp_agent: null
415 neutron_l2gw_agent: null
416 neutron_l3_agent: null
417 neutron_lb_agent: null
418 neutron_metadata_agent: null
419 neutron_netns_cleanup_cron: null
Dong Mad2ef43c2025-02-13 16:15:52 +0000[diff] [blame]420 ovn_vpn_agent: null
Dong Ma56e23472025-02-11 11:03:48 +0000[diff] [blame]421 neutron_ovn_metadata_agent: null
422 neutron_ovs_agent: null
423 neutron_sriov_agent: null
424 neutron_ironic_agent: null
425 neutron_rpc_server: null
426 neutron_server: null
427 neutron_tests: null
Dong Mad2ef43c2025-02-13 16:15:52 +0000[diff] [blame]428 bootstrap: null
Dong Ma56e23472025-02-11 11:03:48 +0000[diff] [blame]429 db_sync: null
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]430 sidecars:
431 neutron_policy_server: false
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]432 use_fqdn:
433 neutron_agent: true
434 probes:
435 rpc_timeout: 60
436 rpc_retries: 2
437 dhcp_agent:
438 dhcp_agent:
439 readiness:
440 enabled: true
441 params:
442 initialDelaySeconds: 30
443 periodSeconds: 190
444 timeoutSeconds: 185
445 liveness:
446 enabled: true
447 params:
448 initialDelaySeconds: 120
449 periodSeconds: 600
450 timeoutSeconds: 580
451 l3_agent:
452 l3_agent:
453 readiness:
454 enabled: true
455 params:
456 initialDelaySeconds: 30
457 periodSeconds: 190
458 timeoutSeconds: 185
459 liveness:
460 enabled: true
461 params:
462 initialDelaySeconds: 120
463 periodSeconds: 600
464 timeoutSeconds: 580
465 lb_agent:
466 lb_agent:
467 readiness:
468 enabled: true
469 metadata_agent:
470 metadata_agent:
471 readiness:
472 enabled: true
473 params:
474 initialDelaySeconds: 30
475 periodSeconds: 190
476 timeoutSeconds: 185
477 liveness:
478 enabled: true
479 params:
480 initialDelaySeconds: 120
481 periodSeconds: 600
482 timeoutSeconds: 580
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]483 ovn_vpn_agent:
484 ovn_vpn_agent:
485 readiness:
486 enabled: true
487 params:
488 initialDelaySeconds: 30
489 periodSeconds: 190
490 timeoutSeconds: 185
491 liveness:
492 enabled: true
493 params:
494 initialDelaySeconds: 120
495 periodSeconds: 600
496 timeoutSeconds: 580
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]497 ovn_metadata_agent:
498 ovn_metadata_agent:
499 readiness:
500 enabled: true
501 params:
502 initialDelaySeconds: 30
503 periodSeconds: 190
504 timeoutSeconds: 185
505 liveness:
506 enabled: true
507 params:
508 initialDelaySeconds: 120
509 periodSeconds: 600
510 timeoutSeconds: 580
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]511 ovs_agent:
512 ovs_agent:
513 readiness:
514 enabled: true
515 params:
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]516 timeoutSeconds: 10
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]517 liveness:
518 enabled: true
519 params:
520 initialDelaySeconds: 120
521 periodSeconds: 600
522 timeoutSeconds: 580
523 sriov_agent:
524 sriov_agent:
525 readiness:
526 enabled: true
527 params:
528 initialDelaySeconds: 30
529 periodSeconds: 190
530 timeoutSeconds: 185
531 bagpipe_bgp:
532 bagpipe_bgp:
533 readiness:
534 enabled: true
535 params:
536 liveness:
537 enabled: true
538 params:
539 initialDelaySeconds: 60
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]540 bgp_dragent:
541 bgp_dragent:
542 readiness:
543 enabled: false
544 params:
545 liveness:
546 enabled: true
547 params:
548 initialDelaySeconds: 60
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]549 l2gw_agent:
550 l2gw_agent:
551 readiness:
552 enabled: true
553 params:
554 initialDelaySeconds: 30
555 periodSeconds: 15
556 timeoutSeconds: 65
557 liveness:
558 enabled: true
559 params:
560 initialDelaySeconds: 120
561 periodSeconds: 90
562 timeoutSeconds: 70
563 server:
564 server:
565 readiness:
566 enabled: true
567 params:
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]568 periodSeconds: 15
569 timeoutSeconds: 10
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]570 liveness:
571 enabled: true
572 params:
573 initialDelaySeconds: 60
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]574 periodSeconds: 15
575 timeoutSeconds: 10
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]576 rpc_server:
577 rpc_server:
578 readiness:
579 enabled: true
580 params:
581 periodSeconds: 15
582 timeoutSeconds: 10
583 liveness:
584 enabled: true
585 params:
586 initialDelaySeconds: 60
587 periodSeconds: 15
588 timeoutSeconds: 10
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]589 security_context:
590 neutron_dhcp_agent:
591 pod:
592 runAsUser: 42424
593 container:
594 neutron_dhcp_agent:
595 readOnlyRootFilesystem: true
596 privileged: true
597 neutron_l2gw_agent:
598 pod:
599 runAsUser: 42424
600 container:
601 neutron_l2gw_agent:
602 readOnlyRootFilesystem: true
603 privileged: true
604 neutron_bagpipe_bgp:
605 pod:
606 runAsUser: 42424
607 container:
608 neutron_bagpipe_bgp:
609 readOnlyRootFilesystem: true
610 privileged: true
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]611 neutron_bgp_dragent:
612 pod:
613 runAsUser: 42424
614 container:
615 neutron_bgp_dragent:
616 readOnlyRootFilesystem: true
617 privileged: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]618 neutron_l3_agent:
619 pod:
620 runAsUser: 42424
621 container:
622 neutron_l3_agent:
623 readOnlyRootFilesystem: true
624 privileged: true
625 neutron_lb_agent:
626 pod:
627 runAsUser: 42424
628 container:
629 neutron_lb_agent_kernel_modules:
630 capabilities:
631 add:
632 - SYS_MODULE
633 - SYS_CHROOT
634 runAsUser: 0
635 readOnlyRootFilesystem: true
636 neutron_lb_agent_init:
637 privileged: true
638 runAsUser: 0
639 readOnlyRootFilesystem: true
640 neutron_lb_agent:
641 readOnlyRootFilesystem: true
642 privileged: true
643 neutron_metadata_agent:
644 pod:
645 runAsUser: 42424
646 container:
647 neutron_metadata_agent_init:
648 runAsUser: 0
649 readOnlyRootFilesystem: true
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]650 neutron_ovn_metadata_agent:
651 pod:
652 runAsUser: 42424
653 container:
654 neutron_ovn_metadata_agent_init:
655 runAsUser: 0
656 readOnlyRootFilesystem: true
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]657 ovn_vpn_agent:
658 pod:
659 runAsUser: 42424
660 container:
661 ovn_vpn_agent_init:
662 runAsUser: 0
663 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]664 neutron_ovs_agent:
665 pod:
666 runAsUser: 42424
667 container:
668 neutron_openvswitch_agent_kernel_modules:
669 capabilities:
670 add:
671 - SYS_MODULE
672 - SYS_CHROOT
673 runAsUser: 0
674 readOnlyRootFilesystem: true
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]675 netoffload:
676 privileged: true
677 runAsUser: 0
678 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]679 neutron_ovs_agent_init:
680 privileged: true
681 runAsUser: 0
682 readOnlyRootFilesystem: true
683 neutron_ovs_agent:
684 readOnlyRootFilesystem: true
685 privileged: true
686 neutron_server:
687 pod:
688 runAsUser: 42424
689 container:
690 nginx:
691 runAsUser: 0
692 readOnlyRootFilesystem: false
693 neutron_server:
694 allowPrivilegeEscalation: false
695 readOnlyRootFilesystem: true
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]696 neutron_policy_server:
697 allowPrivilegeEscalation: false
698 readOnlyRootFilesystem: true
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]699 neutron_rpc_server:
700 pod:
701 runAsUser: 42424
702 container:
703 neutron_rpc_server:
704 allowPrivilegeEscalation: false
705 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]706 neutron_sriov_agent:
707 pod:
708 runAsUser: 42424
709 container:
710 neutron_sriov_agent_init:
711 privileged: true
712 runAsUser: 0
713 readOnlyRootFilesystem: false
714 neutron_sriov_agent:
715 readOnlyRootFilesystem: true
716 privileged: true
717 neutron_ironic_agent:
718 pod:
719 runAsUser: 42424
720 container:
Dong Macd00c3d2025-01-16 09:57:50 +0000[diff] [blame]721 neutron_ironic_agent_init:
722 runAsUser: 0
723 readOnlyRootFilesystem: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]724 neutron_ironic_agent:
725 allowPrivilegeEscalation: false
726 readOnlyRootFilesystem: true
727 neutron_netns_cleanup_cron:
728 pod:
729 runAsUser: 42424
730 container:
731 neutron_netns_cleanup_cron:
732 readOnlyRootFilesystem: true
733 privileged: true
734 affinity:
735 anti:
736 type:
737 default: preferredDuringSchedulingIgnoredDuringExecution
738 topologyKey:
739 default: kubernetes.io/hostname
740 weight:
741 default: 10
742 tolerations:
743 neutron:
744 enabled: false
745 tolerations:
746 - key: node-role.kubernetes.io/master
747 operator: Exists
748 effect: NoSchedule
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]749 - key: node-role.kubernetes.io/control-plane
750 operator: Exists
751 effect: NoSchedule
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]752 mounts:
753 neutron_server:
754 init_container: null
755 neutron_server:
756 volumeMounts:
757 volumes:
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]758 neutron_rpc_server:
759 init_container: null
760 neutron_rpc_server:
761 volumeMounts:
762 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]763 neutron_dhcp_agent:
764 init_container: null
765 neutron_dhcp_agent:
766 volumeMounts:
767 volumes:
768 neutron_l3_agent:
769 init_container: null
770 neutron_l3_agent:
771 volumeMounts:
772 volumes:
773 neutron_lb_agent:
774 init_container: null
775 neutron_lb_agent:
776 volumeMounts:
777 volumes:
778 neutron_metadata_agent:
779 init_container: null
780 neutron_metadata_agent:
781 volumeMounts:
782 volumes:
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]783 neutron_ovn_metadata_agent:
784 init_container: null
785 neutron_ovn_metadata_agent:
786 volumeMounts:
787 volumes:
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]788 ovn_vpn_agent:
789 init_container: null
790 ovn_vpn_agent:
791 volumeMounts:
792 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]793 neutron_ovs_agent:
794 init_container: null
795 neutron_ovs_agent:
796 volumeMounts:
797 volumes:
798 neutron_sriov_agent:
799 init_container: null
800 neutron_sriov_agent:
801 volumeMounts:
802 volumes:
803 neutron_l2gw_agent:
804 init_container: null
805 neutron_l2gw_agent:
806 volumeMounts:
807 volumes:
808 bagpipe_bgp:
809 init_container: null
810 bagpipe_bgp:
811 volumeMounts:
812 volumes:
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]813 bgp_dragent:
814 init_container: null
815 bgp_dragent:
816 volumeMounts:
817 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]818 neutron_ironic_agent:
819 init_container: null
820 neutron_ironic_agent:
821 volumeMounts:
822 volumes:
823 neutron_netns_cleanup_cron:
824 init_container: null
825 neutron_netns_cleanup_cron:
826 volumeMounts:
827 volumes:
828 neutron_tests:
829 init_container: null
830 neutron_tests:
831 volumeMounts:
832 volumes:
833 neutron_bootstrap:
834 init_container: null
835 neutron_bootstrap:
836 volumeMounts:
837 volumes:
838 neutron_db_sync:
839 neutron_db_sync:
840 volumeMounts:
841 - name: db-sync-conf
842 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
843 subPath: ml2_conf.ini
844 readOnly: true
845 volumes:
846 replicas:
847 server: 1
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]848 rpc_server: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]849 ironic_agent: 1
850 lifecycle:
851 upgrades:
852 deployments:
853 revision_history: 3
854 pod_replacement_strategy: RollingUpdate
855 rolling_update:
856 max_unavailable: 1
857 max_surge: 3
858 daemonsets:
859 pod_replacement_strategy: RollingUpdate
860 dhcp_agent:
861 enabled: true
862 min_ready_seconds: 0
863 max_unavailable: 1
864 l3_agent:
865 enabled: true
866 min_ready_seconds: 0
867 max_unavailable: 1
868 lb_agent:
869 enabled: true
870 min_ready_seconds: 0
871 max_unavailable: 1
872 metadata_agent:
873 enabled: true
874 min_ready_seconds: 0
875 max_unavailable: 1
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]876 ovn_metadata_agent:
877 enabled: true
878 min_ready_seconds: 0
879 max_unavailable: 1
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]880 ovn_vpn_agent:
881 enabled: true
882 min_ready_seconds: 0
883 max_unavailable: 1
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]884 ovs_agent:
885 enabled: true
886 min_ready_seconds: 0
887 max_unavailable: 1
888 sriov_agent:
889 enabled: true
890 min_ready_seconds: 0
891 max_unavailable: 1
892 netns_cleanup_cron:
893 enabled: true
894 min_ready_seconds: 0
895 max_unavailable: 1
896 disruption_budget:
897 server:
898 min_available: 0
899 termination_grace_period:
900 server:
901 timeout: 30
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]902 rpc_server:
903 timeout: 30
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]904 ironic_agent:
905 timeout: 30
906 resources:
907 enabled: false
908 agent:
909 dhcp:
910 requests:
911 memory: "128Mi"
912 cpu: "100m"
913 limits:
914 memory: "1024Mi"
915 cpu: "2000m"
916 l3:
917 requests:
918 memory: "128Mi"
919 cpu: "100m"
920 limits:
921 memory: "1024Mi"
922 cpu: "2000m"
923 lb:
924 requests:
925 memory: "128Mi"
926 cpu: "100m"
927 limits:
928 memory: "1024Mi"
929 cpu: "2000m"
930 metadata:
931 requests:
932 memory: "128Mi"
933 cpu: "100m"
934 limits:
935 memory: "1024Mi"
936 cpu: "2000m"
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]937 ovn_metadata:
938 requests:
939 memory: "128Mi"
940 cpu: "100m"
941 limits:
942 memory: "1024Mi"
943 cpu: "2000m"
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]944 ovn_vpn:
945 requests:
946 memory: "128Mi"
947 cpu: "100m"
948 limits:
949 memory: "1024Mi"
950 cpu: "2000m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]951 ovs:
952 requests:
953 memory: "128Mi"
954 cpu: "100m"
955 limits:
956 memory: "1024Mi"
957 cpu: "2000m"
958 sriov:
959 requests:
960 memory: "128Mi"
961 cpu: "100m"
962 limits:
963 memory: "1024Mi"
964 cpu: "2000m"
965 l2gw:
966 requests:
967 memory: "128Mi"
968 cpu: "100m"
969 limits:
970 memory: "1024Mi"
971 cpu: "2000m"
972 bagpipe_bgp:
973 requests:
974 memory: "128Mi"
975 cpu: "100m"
976 limits:
977 memory: "1024Mi"
978 cpu: "2000m"
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]979 bgp_dragent:
980 requests:
981 memory: "128Mi"
982 cpu: "100m"
983 limits:
984 memory: "1024Mi"
985 cpu: "2000m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]986 server:
987 requests:
988 memory: "128Mi"
989 cpu: "100m"
990 limits:
991 memory: "1024Mi"
992 cpu: "2000m"
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]993 neutron_policy_server:
994 requests:
995 memory: "128Mi"
996 cpu: "100m"
997 limits:
998 memory: "256Mi"
999 cpu: "500m"
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1000 ironic_agent:
1001 requests:
1002 memory: "128Mi"
1003 cpu: "100m"
1004 limits:
1005 memory: "1024Mi"
1006 cpu: "2000m"
1007 netns_cleanup_cron:
1008 requests:
1009 memory: "128Mi"
1010 cpu: "100m"
1011 limits:
1012 memory: "1024Mi"
1013 cpu: "2000m"
1014 jobs:
1015 bootstrap:
1016 requests:
1017 memory: "128Mi"
1018 cpu: "100m"
1019 limits:
1020 memory: "1024Mi"
1021 cpu: "2000m"
1022 db_init:
1023 requests:
1024 memory: "128Mi"
1025 cpu: "100m"
1026 limits:
1027 memory: "1024Mi"
1028 cpu: "2000m"
1029 rabbit_init:
1030 requests:
1031 memory: "128Mi"
1032 cpu: "100m"
1033 limits:
1034 memory: "1024Mi"
1035 cpu: "2000m"
1036 db_sync:
1037 requests:
1038 memory: "128Mi"
1039 cpu: "100m"
1040 limits:
1041 memory: "1024Mi"
1042 cpu: "2000m"
1043 db_drop:
1044 requests:
1045 memory: "128Mi"
1046 cpu: "100m"
1047 limits:
1048 memory: "1024Mi"
1049 cpu: "2000m"
1050 ks_endpoints:
1051 requests:
1052 memory: "128Mi"
1053 cpu: "100m"
1054 limits:
1055 memory: "1024Mi"
1056 cpu: "2000m"
1057 ks_service:
1058 requests:
1059 memory: "128Mi"
1060 cpu: "100m"
1061 limits:
1062 memory: "1024Mi"
1063 cpu: "2000m"
1064 ks_user:
1065 requests:
1066 memory: "128Mi"
1067 cpu: "100m"
1068 limits:
1069 memory: "1024Mi"
1070 cpu: "2000m"
1071 tests:
1072 requests:
1073 memory: "128Mi"
1074 cpu: "100m"
1075 limits:
1076 memory: "1024Mi"
1077 cpu: "2000m"
1078 image_repo_sync:
1079 requests:
1080 memory: "128Mi"
1081 cpu: "100m"
1082 limits:
1083 memory: "1024Mi"
1084 cpu: "2000m"
1085
1086conf:
1087 rally_tests:
1088 force_project_purge: false
1089 run_tempest: false
1090 clean_up: |
1091 # NOTE: We will make the best effort to clean up rally generated networks and routers,
1092 # but should not block further automated deployment.
1093 set +e
1094 PATTERN="^[sc]_rally_"
1095
1096 ROUTERS=$(openstack router list --format=value -c Name | grep -e $PATTERN | sort | tr -d '\r')
1097 NETWORKS=$(openstack network list --format=value -c Name | grep -e $PATTERN | sort | tr -d '\r')
1098
1099 for ROUTER in $ROUTERS
1100 do
1101 openstack router unset --external-gateway $ROUTER
1102 openstack router set --disable --no-ha $ROUTER
1103
1104 SUBNS=$(openstack router show $ROUTER -c interfaces_info --format=value | python -m json.tool | grep -oP '(?<="subnet_id": ")[a-f0-9\-]{36}(?=")' | sort | uniq)
1105 for SUBN in $SUBNS
1106 do
1107 openstack router remove subnet $ROUTER $SUBN
1108 done
1109
1110 for PORT in $(openstack port list --router $ROUTER --format=value -c ID | tr -d '\r')
1111 do
1112 openstack router remove port $ROUTER $PORT
1113 done
1114
1115 openstack router delete $ROUTER
1116 done
1117
1118 for NETWORK in $NETWORKS
1119 do
1120 for PORT in $(openstack port list --network $NETWORK --format=value -c ID | tr -d '\r')
1121 do
1122 openstack port delete $PORT
1123 done
1124 openstack network delete $NETWORK
1125 done
1126 set -e
1127 tests:
1128 NeutronNetworks.create_and_delete_networks:
1129 - args:
1130 network_create_args: {}
1131 context:
1132 quotas:
1133 neutron:
1134 network: -1
1135 runner:
1136 concurrency: 1
1137 times: 1
1138 type: constant
1139 sla:
1140 failure_rate:
1141 max: 0
1142 NeutronNetworks.create_and_delete_ports:
1143 - args:
1144 network_create_args: {}
1145 port_create_args: {}
1146 ports_per_network: 10
1147 context:
1148 network: {}
1149 quotas:
1150 neutron:
1151 network: -1
1152 port: -1
1153 runner:
1154 concurrency: 1
1155 times: 1
1156 type: constant
1157 sla:
1158 failure_rate:
1159 max: 0
1160 NeutronNetworks.create_and_delete_routers:
1161 - args:
1162 network_create_args: {}
1163 router_create_args: {}
1164 subnet_cidr_start: 1.1.0.0/30
1165 subnet_create_args: {}
1166 subnets_per_network: 2
1167 context:
1168 network: {}
1169 quotas:
1170 neutron:
1171 network: -1
1172 router: -1
1173 subnet: -1
1174 runner:
1175 concurrency: 1
1176 times: 1
1177 type: constant
1178 sla:
1179 failure_rate:
1180 max: 0
1181 NeutronNetworks.create_and_delete_subnets:
1182 - args:
1183 network_create_args: {}
1184 subnet_cidr_start: 1.1.0.0/30
1185 subnet_create_args: {}
1186 subnets_per_network: 2
1187 context:
1188 network: {}
1189 quotas:
1190 neutron:
1191 network: -1
1192 subnet: -1
1193 runner:
1194 concurrency: 1
1195 times: 1
1196 type: constant
1197 sla:
1198 failure_rate:
1199 max: 0
1200 NeutronNetworks.create_and_list_routers:
1201 - args:
1202 network_create_args: {}
1203 router_create_args: {}
1204 subnet_cidr_start: 1.1.0.0/30
1205 subnet_create_args: {}
1206 subnets_per_network: 2
1207 context:
1208 network: {}
1209 quotas:
1210 neutron:
1211 network: -1
1212 router: -1
1213 subnet: -1
1214 runner:
1215 concurrency: 1
1216 times: 1
1217 type: constant
1218 sla:
1219 failure_rate:
1220 max: 0
1221 NeutronNetworks.create_and_list_subnets:
1222 - args:
1223 network_create_args: {}
1224 subnet_cidr_start: 1.1.0.0/30
1225 subnet_create_args: {}
1226 subnets_per_network: 2
1227 context:
1228 network: {}
1229 quotas:
1230 neutron:
1231 network: -1
1232 subnet: -1
1233 runner:
1234 concurrency: 1
1235 times: 1
1236 type: constant
1237 sla:
1238 failure_rate:
1239 max: 0
1240 NeutronNetworks.create_and_show_network:
1241 - args:
1242 network_create_args: {}
1243 context:
1244 quotas:
1245 neutron:
1246 network: -1
1247 runner:
1248 concurrency: 1
1249 times: 1
1250 type: constant
1251 sla:
1252 failure_rate:
1253 max: 0
1254 NeutronNetworks.create_and_update_networks:
1255 - args:
1256 network_create_args: {}
1257 network_update_args:
1258 admin_state_up: false
1259 context:
1260 quotas:
1261 neutron:
1262 network: -1
1263 runner:
1264 concurrency: 1
1265 times: 1
1266 type: constant
1267 sla:
1268 failure_rate:
1269 max: 0
1270 NeutronNetworks.create_and_update_ports:
1271 - args:
1272 network_create_args: {}
1273 port_create_args: {}
1274 port_update_args:
1275 admin_state_up: false
1276 device_id: dummy_id
1277 device_owner: dummy_owner
1278 ports_per_network: 5
1279 context:
1280 network: {}
1281 quotas:
1282 neutron:
1283 network: -1
1284 port: -1
1285 runner:
1286 concurrency: 1
1287 times: 1
1288 type: constant
1289 sla:
1290 failure_rate:
1291 max: 0
1292 NeutronNetworks.create_and_update_routers:
1293 - args:
1294 network_create_args: {}
1295 router_create_args: {}
1296 router_update_args:
1297 admin_state_up: false
1298 subnet_cidr_start: 1.1.0.0/30
1299 subnet_create_args: {}
1300 subnets_per_network: 2
1301 context:
1302 network: {}
1303 quotas:
1304 neutron:
1305 network: -1
1306 router: -1
1307 subnet: -1
1308 runner:
1309 concurrency: 1
1310 times: 1
1311 type: constant
1312 sla:
1313 failure_rate:
1314 max: 0
1315 NeutronNetworks.create_and_update_subnets:
1316 - args:
1317 network_create_args: {}
1318 subnet_cidr_start: 1.4.0.0/16
1319 subnet_create_args: {}
1320 subnet_update_args:
1321 enable_dhcp: false
1322 subnets_per_network: 2
1323 context:
1324 network: {}
1325 quotas:
1326 neutron:
1327 network: -1
1328 subnet: -1
1329 runner:
1330 concurrency: 1
1331 times: 1
1332 type: constant
1333 sla:
1334 failure_rate:
1335 max: 0
1336 NeutronNetworks.list_agents:
1337 - args:
1338 agent_args: {}
1339 runner:
1340 concurrency: 1
1341 times: 1
1342 type: constant
1343 sla:
1344 failure_rate:
1345 max: 0
1346 NeutronSecurityGroup.create_and_list_security_groups:
1347 - args:
1348 security_group_create_args: {}
1349 context:
1350 quotas:
1351 neutron:
1352 security_group: -1
1353 runner:
1354 concurrency: 1
1355 times: 1
1356 type: constant
1357 sla:
1358 failure_rate:
1359 max: 0
1360 NeutronSecurityGroup.create_and_update_security_groups:
1361 - args:
1362 security_group_create_args: {}
1363 security_group_update_args: {}
1364 context:
1365 quotas:
1366 neutron:
1367 security_group: -1
1368 runner:
1369 concurrency: 1
1370 times: 1
1371 type: constant
1372 sla:
1373 failure_rate:
1374 max: 0
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]1375 paste:
1376 composite:neutron:
1377 use: egg:Paste#urlmap
1378 /: neutronversions_composite
1379 /v2.0: neutronapi_v2_0
1380 composite:neutronapi_v2_0:
1381 use: call:neutron.auth:pipeline_factory
1382 noauth: cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
1383 keystone: cors http_proxy_to_wsgi request_id catch_errors authtoken audit keystonecontext extensions neutronapiapp_v2_0
1384 composite:neutronversions_composite:
1385 use: call:neutron.auth:pipeline_factory
1386 noauth: cors http_proxy_to_wsgi neutronversions
1387 keystone: cors http_proxy_to_wsgi neutronversions
1388 filter:request_id:
1389 paste.filter_factory: oslo_middleware:RequestId.factory
1390 filter:catch_errors:
1391 paste.filter_factory: oslo_middleware:CatchErrors.factory
1392 filter:cors:
1393 paste.filter_factory: oslo_middleware.cors:filter_factory
1394 oslo_config_project: neutron
1395 filter:http_proxy_to_wsgi:
1396 paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
1397 filter:keystonecontext:
1398 paste.filter_factory: neutron.auth:NeutronKeystoneContext.factory
1399 filter:authtoken:
1400 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
1401 filter:audit:
1402 paste.filter_factory: keystonemiddleware.audit:filter_factory
1403 audit_map_file: /etc/neutron/api_audit_map.conf
1404 filter:extensions:
1405 paste.filter_factory: neutron.api.extensions:plugin_aware_extension_middleware_factory
1406 app:neutronversions:
1407 paste.app_factory: neutron.pecan_wsgi.app:versions_factory
1408 app:neutronapiapp_v2_0:
1409 paste.app_factory: neutron.api.v2.router:APIRouter.factory
1410 filter:osprofiler:
1411 paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]1412 neutron_api_uwsgi:
1413 uwsgi:
1414 add-header: "Connection: close"
1415 buffer-size: 65535
1416 die-on-term: true
1417 enable-threads: true
1418 exit-on-reload: false
1419 hook-master-start: unix_signal:15 gracefully_kill_them_all
1420 lazy-apps: true
1421 log-x-forwarded-for: true
1422 master: true
1423 procname-prefix-spaced: "neutron-api:"
1424 route-user-agent: '^kube-probe.* donotlog:'
1425 thunder-lock: true
1426 worker-reload-mercy: 80
1427 wsgi-file: /var/lib/openstack/bin/neutron-api
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]1428 neutron_policy_server_uwsgi:
1429 uwsgi:
1430 add-header: "Connection: close"
1431 buffer-size: 65535
1432 die-on-term: true
1433 enable-threads: true
1434 exit-on-reload: false
1435 hook-master-start: unix_signal:15 gracefully_kill_them_all
1436 lazy-apps: true
1437 log-x-forwarded-for: true
1438 master: true
1439 procname-prefix-spaced: "neutron-policy-server:"
1440 route-user-agent: '^kube-probe.* donotlog:'
1441 thunder-lock: true
1442 worker-reload-mercy: 80
1443 wsgi-file: /var/lib/openstack/bin/neutron-policy-server-wsgi
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1444 policy: {}
1445 api_audit_map:
1446 DEFAULT:
1447 target_endpoint_type: None
1448 custom_actions:
1449 add_router_interface: update/add
1450 remove_router_interface: update/remove
1451 path_keywords:
1452 floatingips: ip
1453 healthmonitors: healthmonitor
1454 health_monitors: health_monitor
1455 lb: None
1456 members: member
1457 metering-labels: label
1458 metering-label-rules: rule
1459 networks: network
1460 pools: pool
1461 ports: port
1462 routers: router
1463 quotas: quota
1464 security-groups: security-group
1465 security-group-rules: rule
1466 subnets: subnet
1467 vips: vip
1468 service_endpoints:
1469 network: service/network
1470 neutron_sudoers: |
1471 # This sudoers file supports rootwrap for both Kolla and LOCI Images.
1472 Defaults !requiretty
1473 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
1474 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *, /var/lib/openstack/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
1475 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf, /var/lib/openstack/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
1476 rootwrap: |
1477 # Configuration for neutron-rootwrap
1478 # This file should be owned by (and only-writeable by) the root user
1479
1480 [DEFAULT]
1481 # List of directories to load filter definitions from (separated by ',').
1482 # These directories MUST all be only writeable by root !
1483 filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap,/var/lib/openstack/etc/neutron/rootwrap.d
1484
1485 # List of directories to search executables in, in case filters do not
1486 # explicitely specify a full path (separated by ',')
1487 # If not specified, defaults to system PATH environment variable.
1488 # These directories MUST all be only writeable by root !
1489 exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin
1490
1491 # Enable logging to syslog
1492 # Default value is False
1493 use_syslog=False
1494
1495 # Which syslog facility to use.
1496 # Valid values include auth, authpriv, syslog, local0, local1...
1497 # Default value is 'syslog'
1498 syslog_log_facility=syslog
1499
1500 # Which messages to log.
1501 # INFO means log all usage
1502 # ERROR means only log unsuccessful attempts
1503 syslog_log_level=ERROR
1504
1505 [xenapi]
1506 # XenAPI configuration is only required by the L2 agent if it is to
1507 # target a XenServer/XCP compute host's dom0.
1508 xenapi_connection_url=<None>
1509 xenapi_connection_username=root
1510 xenapi_connection_password=<None>
1511 rootwrap_filters:
1512 debug:
1513 pods:
1514 - dhcp_agent
1515 - l3_agent
1516 - lb_agent
1517 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1518 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1519 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1520 - ovs_agent
1521 - sriov_agent
1522 content: |
1523 # neutron-rootwrap command filters for nodes on which neutron is
1524 # expected to control network
1525 #
1526 # This file should be owned by (and only-writeable by) the root user
1527
1528 # format seems to be
1529 # cmd-name: filter-name, raw-command, user, args
1530
1531 [Filters]
1532
1533 # This is needed because we should ping
1534 # from inside a namespace which requires root
1535 # _alt variants allow to match -c and -w in any order
1536 # (used by NeutronDebugAgent.ping_all)
1537 ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
1538 ping_alt: RegExpFilter, ping, root, ping, -c, \d+, -w, \d+, [0-9\.]+
1539 ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+
1540 ping6_alt: RegExpFilter, ping6, root, ping6, -c, \d+, -w, \d+, [0-9A-Fa-f:]+
1541 dibbler:
1542 pods:
1543 - dhcp_agent
1544 - l3_agent
1545 - lb_agent
1546 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1547 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1548 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1549 - ovs_agent
1550 - sriov_agent
1551 content: |
1552 # neutron-rootwrap command filters for nodes on which neutron is
1553 # expected to control network
1554 #
1555 # This file should be owned by (and only-writeable by) the root user
1556
1557 # format seems to be
1558 # cmd-name: filter-name, raw-command, user, args
1559
1560 [Filters]
1561
1562 # Filters for the dibbler-based reference implementation of the pluggable
1563 # Prefix Delegation driver. Other implementations using an alternative agent
1564 # should include a similar filter in this folder.
1565
1566 # prefix_delegation_agent
1567 dibbler-client: CommandFilter, dibbler-client, root
1568 ipset_firewall:
1569 pods:
1570 - dhcp_agent
1571 - l3_agent
1572 - lb_agent
1573 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1574 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1575 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1576 - ovs_agent
1577 - sriov_agent
1578 content: |
1579 # neutron-rootwrap command filters for nodes on which neutron is
1580 # expected to control network
1581 #
1582 # This file should be owned by (and only-writeable by) the root user
1583
1584 # format seems to be
1585 # cmd-name: filter-name, raw-command, user, args
1586
1587 [Filters]
1588 # neutron/agent/linux/iptables_firewall.py
1589 # "ipset", "-A", ...
1590 ipset: CommandFilter, ipset, root
1591 l3:
1592 pods:
1593 - dhcp_agent
1594 - l3_agent
1595 - lb_agent
1596 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1597 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1598 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1599 - ovs_agent
1600 - sriov_agent
1601 content: |
1602 # neutron-rootwrap command filters for nodes on which neutron is
1603 # expected to control network
1604 #
1605 # This file should be owned by (and only-writeable by) the root user
1606
1607 # format seems to be
1608 # cmd-name: filter-name, raw-command, user, args
1609
1610 [Filters]
1611
1612 # arping
1613 arping: CommandFilter, arping, root
1614
1615 # l3_agent
1616 sysctl: CommandFilter, sysctl, root
1617 route: CommandFilter, route, root
1618 radvd: CommandFilter, radvd, root
1619
1620 # haproxy
1621 haproxy: RegExpFilter, haproxy, root, haproxy, -f, .*
1622 kill_haproxy: KillFilter, root, haproxy, -15, -9, -HUP
1623
1624 # metadata proxy
1625 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
1626 # RHEL invocation of the metadata proxy will report /usr/bin/python
1627 kill_metadata: KillFilter, root, python, -15, -9
1628 kill_metadata2: KillFilter, root, python2, -15, -9
1629 kill_metadata7: KillFilter, root, python2.7, -15, -9
1630 kill_metadata3: KillFilter, root, python3, -15, -9
1631 kill_metadata35: KillFilter, root, python3.5, -15, -9
1632 kill_metadata36: KillFilter, root, python3.6, -15, -9
1633 kill_metadata37: KillFilter, root, python3.7, -15, -9
1634 kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -15, -9, -HUP
1635 kill_radvd: KillFilter, root, /sbin/radvd, -15, -9, -HUP
1636
1637 # ip_lib
1638 ip: IpFilter, ip, root
1639 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1640 ip_exec: IpNetnsExecFilter, ip, root
1641
1642 # l3_tc_lib
1643 l3_tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
1644 l3_tc_add_qdisc_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress
1645 l3_tc_add_qdisc_egress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, root, handle, 1:, htb
1646 l3_tc_show_filters: RegExpFilter, tc, root, tc, -p, -s, -d, filter, show, dev, .+, parent, .+, prio, 1
1647 l3_tc_delete_filters: RegExpFilter, tc, root, tc, filter, del, dev, .+, parent, .+, prio, 1, handle, .+, u32
1648 l3_tc_add_filter_ingress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, dst, .+, police, rate, .+, burst, .+, drop, flowid, :1
1649 l3_tc_add_filter_egress: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, ip, prio, 1, u32, match, ip, src, .+, police, rate, .+, burst, .+, drop, flowid, :1
1650
1651 # For ip monitor
1652 kill_ip_monitor: KillFilter, root, ip, -9
1653
1654 # ovs_lib (if OVSInterfaceDriver is used)
1655 ovs-vsctl: CommandFilter, ovs-vsctl, root
1656
1657 # iptables_manager
1658 iptables-save: CommandFilter, iptables-save, root
1659 iptables-restore: CommandFilter, iptables-restore, root
1660 ip6tables-save: CommandFilter, ip6tables-save, root
1661 ip6tables-restore: CommandFilter, ip6tables-restore, root
1662
1663 # Keepalived
1664 keepalived: CommandFilter, keepalived, root
1665 kill_keepalived: KillFilter, root, keepalived, -HUP, -15, -9
1666
1667 # l3 agent to delete floatingip's conntrack state
1668 conntrack: CommandFilter, conntrack, root
1669
1670 # keepalived state change monitor
1671 keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root
1672 # The following filters are used to kill the keepalived state change monitor.
1673 # Since the monitor runs as a Python script, the system reports that the
1674 # command of the process to be killed is python.
1675 # TODO(mlavalle) These kill filters will be updated once we come up with a
1676 # mechanism to kill using the name of the script being executed by Python
1677 kill_keepalived_monitor_py: KillFilter, root, python, -15
1678 kill_keepalived_monitor_py27: KillFilter, root, python2.7, -15
1679 kill_keepalived_monitor_py3: KillFilter, root, python3, -15
1680 kill_keepalived_monitor_py35: KillFilter, root, python3.5, -15
1681 kill_keepalived_monitor_py36: KillFilter, root, python3.6, -15
1682 kill_keepalived_monitor_py37: KillFilter, root, python3.7, -15
1683 netns_cleanup:
1684 pods:
1685 - dhcp_agent
1686 - l3_agent
1687 - lb_agent
1688 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1689 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1690 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1691 - ovs_agent
1692 - sriov_agent
1693 - netns_cleanup_cron
1694 content: |
1695 # neutron-rootwrap command filters for nodes on which neutron is
1696 # expected to control network
1697 #
1698 # This file should be owned by (and only-writeable by) the root user
1699
1700 # format seems to be
1701 # cmd-name: filter-name, raw-command, user, args
1702
1703 [Filters]
1704
1705 # netns-cleanup
1706 netstat: CommandFilter, netstat, root
1707 dhcp:
1708 pods:
1709 - dhcp_agent
1710 - l3_agent
1711 - lb_agent
1712 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1713 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1714 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1715 - ovs_agent
1716 - sriov_agent
1717 - netns_cleanup_cron
1718 content: |
1719 # neutron-rootwrap command filters for nodes on which neutron is
1720 # expected to control network
1721 #
1722 # This file should be owned by (and only-writeable by) the root user
1723
1724 # format seems to be
1725 # cmd-name: filter-name, raw-command, user, args
1726
1727 [Filters]
1728
1729 # dhcp-agent
1730 dnsmasq: CommandFilter, dnsmasq, root
1731 # dhcp-agent uses kill as well, that's handled by the generic KillFilter
1732 # it looks like these are the only signals needed, per
1733 # neutron/agent/linux/dhcp.py
1734 kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP, -15
1735 kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP, -15
1736
1737 ovs-vsctl: CommandFilter, ovs-vsctl, root
1738 ivs-ctl: CommandFilter, ivs-ctl, root
1739 mm-ctl: CommandFilter, mm-ctl, root
1740 dhcp_release: CommandFilter, dhcp_release, root
1741 dhcp_release6: CommandFilter, dhcp_release6, root
1742
1743 # metadata proxy
1744 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
1745 # RHEL invocation of the metadata proxy will report /usr/bin/python
1746 kill_metadata: KillFilter, root, python, -9
1747 kill_metadata2: KillFilter, root, python2, -9
1748 kill_metadata7: KillFilter, root, python2.7, -9
1749 kill_metadata3: KillFilter, root, python3, -9
1750 kill_metadata35: KillFilter, root, python3.5, -9
1751 kill_metadata36: KillFilter, root, python3.6, -9
1752 kill_metadata37: KillFilter, root, python3.7, -9
1753
1754 # ip_lib
1755 ip: IpFilter, ip, root
1756 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1757 ip_exec: IpNetnsExecFilter, ip, root
1758 ebtables:
1759 pods:
1760 - dhcp_agent
1761 - l3_agent
1762 - lb_agent
1763 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1764 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1765 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1766 - ovs_agent
1767 - sriov_agent
1768 content: |
1769 # neutron-rootwrap command filters for nodes on which neutron is
1770 # expected to control network
1771 #
1772 # This file should be owned by (and only-writeable by) the root user
1773
1774 # format seems to be
1775 # cmd-name: filter-name, raw-command, user, args
1776
1777 [Filters]
1778
1779 ebtables: CommandFilter, ebtables, root
1780 iptables_firewall:
1781 pods:
1782 - dhcp_agent
1783 - l3_agent
1784 - lb_agent
1785 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1786 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1787 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1788 - ovs_agent
1789 - sriov_agent
1790 content: |
1791 # neutron-rootwrap command filters for nodes on which neutron is
1792 # expected to control network
1793 #
1794 # This file should be owned by (and only-writeable by) the root user
1795
1796 # format seems to be
1797 # cmd-name: filter-name, raw-command, user, args
1798
1799 [Filters]
1800
1801 # neutron/agent/linux/iptables_firewall.py
1802 # "iptables-save", ...
1803 iptables-save: CommandFilter, iptables-save, root
1804 iptables-restore: CommandFilter, iptables-restore, root
1805 ip6tables-save: CommandFilter, ip6tables-save, root
1806 ip6tables-restore: CommandFilter, ip6tables-restore, root
1807
1808 # neutron/agent/linux/iptables_firewall.py
1809 # "iptables", "-A", ...
1810 iptables: CommandFilter, iptables, root
1811 ip6tables: CommandFilter, ip6tables, root
1812
1813 # neutron/agent/linux/iptables_firewall.py
1814 sysctl: CommandFilter, sysctl, root
1815
1816 # neutron/agent/linux/ip_conntrack.py
1817 conntrack: CommandFilter, conntrack, root
1818 linuxbridge_plugin:
1819 pods:
1820 - dhcp_agent
1821 - l3_agent
1822 - lb_agent
1823 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1824 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1825 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1826 - ovs_agent
1827 - sriov_agent
1828 content: |
1829 # neutron-rootwrap command filters for nodes on which neutron is
1830 # expected to control network
1831 #
1832 # This file should be owned by (and only-writeable by) the root user
1833
1834 # format seems to be
1835 # cmd-name: filter-name, raw-command, user, args
1836
1837 [Filters]
1838
1839 # linuxbridge-agent
1840 # unclear whether both variants are necessary, but I'm transliterating
1841 # from the old mechanism
1842 brctl: CommandFilter, brctl, root
1843 bridge: CommandFilter, bridge, root
1844
1845 # ip_lib
1846 ip: IpFilter, ip, root
1847 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1848 ip_exec: IpNetnsExecFilter, ip, root
1849
1850 # tc commands needed for QoS support
1851 tc_replace_tbf: RegExpFilter, tc, root, tc, qdisc, replace, dev, .+, root, tbf, rate, .+, latency, .+, burst, .+
1852 tc_add_ingress: RegExpFilter, tc, root, tc, qdisc, add, dev, .+, ingress, handle, .+
1853 tc_delete: RegExpFilter, tc, root, tc, qdisc, del, dev, .+, .+
1854 tc_show_qdisc: RegExpFilter, tc, root, tc, qdisc, show, dev, .+
1855 tc_show_filters: RegExpFilter, tc, root, tc, filter, show, dev, .+, parent, .+
1856 tc_add_filter: RegExpFilter, tc, root, tc, filter, add, dev, .+, parent, .+, protocol, all, prio, .+, basic, police, rate, .+, burst, .+, mtu, .+, drop
1857 openvswitch_plugin:
1858 pods:
1859 - dhcp_agent
1860 - l3_agent
1861 - lb_agent
1862 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1863 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1864 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1865 - ovs_agent
1866 - sriov_agent
1867 content: |
1868 # neutron-rootwrap command filters for nodes on which neutron is
1869 # expected to control network
1870 #
1871 # This file should be owned by (and only-writeable by) the root user
1872
1873 # format seems to be
1874 # cmd-name: filter-name, raw-command, user, args
1875
1876 [Filters]
1877
1878 # openvswitch-agent
1879 # unclear whether both variants are necessary, but I'm transliterating
1880 # from the old mechanism
1881 ovs-vsctl: CommandFilter, ovs-vsctl, root
1882 # NOTE(yamamoto): of_interface=native doesn't use ovs-ofctl
1883 ovs-ofctl: CommandFilter, ovs-ofctl, root
1884 ovs-appctl: CommandFilter, ovs-appctl, root
1885 kill_ovsdb_client: KillFilter, root, /usr/bin/ovsdb-client, -9
1886 ovsdb-client: CommandFilter, ovsdb-client, root
1887 xe: CommandFilter, xe, root
1888
1889 # ip_lib
1890 ip: IpFilter, ip, root
1891 find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
1892 ip_exec: IpNetnsExecFilter, ip, root
1893
1894 # needed for FDB extension
1895 bridge: CommandFilter, bridge, root
1896 privsep:
1897 pods:
1898 - dhcp_agent
1899 - l3_agent
1900 - lb_agent
1901 - metadata_agent
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]1902 - ovn_metadata_agent
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]1903 - ovn_vpn_agent
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1904 - ovs_agent
1905 - sriov_agent
1906 - netns_cleanup_cron
1907 content: |
1908 # Command filters to allow privsep daemon to be started via rootwrap.
1909 #
1910 # This file should be owned by (and only-writeable by) the root user
1911
1912 [Filters]
1913
1914 # By installing the following, the local admin is asserting that:
1915 #
1916 # 1. The python module load path used by privsep-helper
1917 # command as root (as started by sudo/rootwrap) is trusted.
1918 # 2. Any oslo.config files matching the --config-file
1919 # arguments below are trusted.
1920 # 3. Users allowed to run sudo/rootwrap with this configuration(*) are
1921 # also allowed to invoke python "entrypoint" functions from
1922 # --privsep_context with the additional (possibly root) privileges
1923 # configured for that context.
1924 #
1925 # (*) ie: the user is allowed by /etc/sudoers to run rootwrap as root
1926 #
1927 # In particular, the oslo.config and python module path must not
1928 # be writeable by the unprivileged user.
1929
1930 # oslo.privsep default neutron context
1931 privsep: PathFilter, privsep-helper, root,
1932 --config-file, /etc,
1933 --privsep_context, neutron.privileged.default,
1934 --privsep_sock_path, /
1935
1936 # NOTE: A second `--config-file` arg can also be added above. Since
1937 # many neutron components are installed like that (eg: by devstack).
1938 # Adjust to suit local requirements.
1939 linux_vxlan:
1940 pods:
1941 - bagpipe_bgp
1942 content: |
1943 # bagpipe-bgp-rootwrap command filters for nodes on which bagpipe-bgp is
1944 # expected to control VXLAN Linux Bridge dataplane
1945 #
1946 # This file should be owned by (and only-writeable by) the root user
1947
1948 # format seems to be
1949 # cmd-name: filter-name, raw-command, user, args
1950
1951 [Filters]
1952
1953 #
1954 modprobe: CommandFilter, modprobe, root
1955
1956 #
1957 brctl: CommandFilter, brctl, root
1958 bridge: CommandFilter, bridge, root
1959
1960 # ip_lib
1961 ip: IpFilter, ip, root
1962 ip_exec: IpNetnsExecFilter, ip, root
1963
1964 # shell (for piped commands)
1965 sh: CommandFilter, sh, root
1966 mpls_ovs_dataplane:
1967 pods:
1968 - bagpipe_bgp
1969 content: |
1970 # bagpipe-bgp-rootwrap command filters for nodes on which bagpipe-bgp is
1971 # expected to control MPLS OpenVSwitch dataplane
1972 #
1973 # This file should be owned by (and only-writeable by) the root user
1974
1975 # format seems to be
1976 # cmd-name: filter-name, raw-command, user, args
1977
1978 [Filters]
1979
1980 # openvswitch
1981 ovs-vsctl: CommandFilter, ovs-vsctl, root
1982 ovs-ofctl: CommandFilter, ovs-ofctl, root
1983
1984 # ip_lib
1985 ip: IpFilter, ip, root
1986 ip_exec: IpNetnsExecFilter, ip, root
1987
1988 # shell (for piped commands)
1989 sh: CommandFilter, sh, root
1990 neutron:
1991 DEFAULT:
1992 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
1993 log_config_append: /etc/neutron/logging.conf
1994 # NOTE(portdirect): the bind port should not be defined, and is manipulated
1995 # via the endpoints section.
1996 bind_port: null
1997 default_availability_zones: nova
1998 api_workers: 1
1999 rpc_workers: 4
2000 allow_overlapping_ips: True
2001 state_path: /var/lib/neutron
2002 # core_plugin can be: ml2, calico
2003 core_plugin: ml2
2004 # service_plugin can be: router, odl-router, empty for calico,
2005 # networking_ovn.l3.l3_ovn.OVNL3RouterPlugin for OVN
2006 service_plugins: router
2007 allow_automatic_l3agent_failover: True
2008 l3_ha: True
2009 max_l3_agents_per_router: 2
2010 l3_ha_network_type: vxlan
2011 network_auto_schedule: True
2012 router_auto_schedule: True
2013 # (NOTE)portdirect: if unset this is populated dynamically from the value in
2014 # 'network.backend' to sane defaults.
2015 interface_driver: null
2016 oslo_concurrency:
2017 lock_path: /var/lib/neutron/tmp
2018 database:
2019 max_retries: -1
2020 agent:
2021 root_helper: sudo /var/lib/openstack/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
2022 root_helper_daemon: sudo /var/lib/openstack/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
2023 oslo_messaging_notifications:
2024 driver: messagingv2
2025 oslo_messaging_rabbit:
2026 rabbit_ha_queues: true
2027 oslo_middleware:
2028 enable_proxy_headers_parsing: true
2029 oslo_policy:
2030 policy_file: /etc/neutron/policy.yaml
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]2031 ovn:
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]2032 ovn_metadata_enabled: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2033 nova:
2034 auth_type: password
2035 auth_version: v3
2036 endpoint_type: internal
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]2037 placement:
2038 auth_type: password
2039 auth_version: v3
2040 endpoint_type: internal
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2041 designate:
2042 auth_type: password
2043 auth_version: v3
2044 endpoint_type: internal
2045 allow_reverse_dns_lookup: true
2046 ironic:
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]2047 auth_type: password
2048 auth_version: v3
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2049 endpoint_type: internal
2050 keystone_authtoken:
okozachenko120317930d42023-09-06 00:24:05 +1000[diff] [blame]2051 service_token_roles: service
2052 service_token_roles_required: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2053 memcache_security_strategy: ENCRYPT
2054 auth_type: password
2055 auth_version: v3
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]2056 service_type: network
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2057 octavia:
2058 request_poll_timeout: 3000
2059 logging:
2060 loggers:
2061 keys:
2062 - root
2063 - neutron
2064 - neutron_taas
2065 handlers:
2066 keys:
2067 - stdout
2068 - stderr
2069 - "null"
2070 formatters:
2071 keys:
2072 - context
2073 - default
2074 logger_root:
2075 level: WARNING
2076 handlers: 'null'
2077 logger_neutron:
2078 level: INFO
2079 handlers:
2080 - stdout
2081 qualname: neutron
2082 logger_neutron_taas:
2083 level: INFO
2084 handlers:
2085 - stdout
2086 qualname: neutron_taas
2087 logger_amqp:
2088 level: WARNING
2089 handlers: stderr
2090 qualname: amqp
2091 logger_amqplib:
2092 level: WARNING
2093 handlers: stderr
2094 qualname: amqplib
2095 logger_eventletwsgi:
2096 level: WARNING
2097 handlers: stderr
2098 qualname: eventlet.wsgi.server
2099 logger_sqlalchemy:
2100 level: WARNING
2101 handlers: stderr
2102 qualname: sqlalchemy
2103 logger_boto:
2104 level: WARNING
2105 handlers: stderr
2106 qualname: boto
2107 handler_null:
2108 class: logging.NullHandler
2109 formatter: default
2110 args: ()
2111 handler_stdout:
2112 class: StreamHandler
2113 args: (sys.stdout,)
2114 formatter: context
2115 handler_stderr:
2116 class: StreamHandler
2117 args: (sys.stderr,)
2118 formatter: context
2119 formatter_context:
2120 class: oslo_log.formatters.ContextFormatter
2121 datefmt: "%Y-%m-%d %H:%M:%S"
2122 formatter_default:
2123 format: "%(message)s"
2124 datefmt: "%Y-%m-%d %H:%M:%S"
2125 plugins:
2126 ml2_conf:
2127 ml2:
2128 extension_drivers: port_security
2129 # (NOTE)portdirect: if unset this is populated dyanmicly from the value
2130 # in 'network.backend' to sane defaults.
2131 mechanism_drivers: null
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]2132 type_drivers: flat,vlan,vxlan,local
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2133 tenant_network_types: vxlan
2134 ml2_type_vxlan:
2135 vni_ranges: 1:1000
2136 vxlan_group: 239.1.1.1
2137 ml2_type_flat:
2138 flat_networks: "*"
2139 # If you want to use the external network as a tagged provider network,
2140 # a range should be specified including the intended VLAN target
2141 # using ml2_type_vlan.network_vlan_ranges:
2142 # ml2_type_vlan:
2143 # network_vlan_ranges: "external:1100:1110"
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]2144 ml2_type_geneve:
2145 vni_ranges: 1:65536
2146 max_header_size: 38
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2147 agent:
2148 extensions: ""
2149 ml2_conf_sriov: null
2150 taas:
2151 taas:
2152 enabled: False
2153 openvswitch_agent:
2154 agent:
2155 tunnel_types: vxlan
2156 l2_population: True
2157 arp_responder: True
2158 ovs:
2159 bridge_mappings: "external:br-ex"
2160 securitygroup:
2161 firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
2162 linuxbridge_agent:
2163 linux_bridge:
2164 # To define Flat and VLAN connections, in LB we can assign
2165 # specific interface to the flat/vlan network name using:
2166 # physical_interface_mappings: "external:eth3"
2167 # Or we can set the mapping between the network and bridge:
2168 bridge_mappings: "external:br-ex"
2169 # The two above options are exclusive, do not use both of them at once
2170 securitygroup:
2171 firewall_driver: iptables
2172 vxlan:
2173 l2_population: True
2174 arp_responder: True
2175 macvtap_agent: null
2176 sriov_agent:
2177 securitygroup:
2178 firewall_driver: neutron.agent.firewall.NoopFirewallDriver
2179 sriov_nic:
2180 physical_device_mappings: physnet2:enp3s0f1
2181 # NOTE: do not use null here, use an empty string
2182 exclude_devices: ""
2183 dhcp_agent:
2184 DEFAULT:
2185 # (NOTE)portdirect: if unset this is populated dyanmicly from the value in
2186 # 'network.backend' to sane defaults.
2187 interface_driver: null
2188 dnsmasq_config_file: /etc/neutron/dnsmasq.conf
2189 force_metadata: True
JustHumanzf1cf7ef2025-02-11 00:09:55 +0700[diff] [blame]2190 # NOTE(mnaser): This has to be here in order for the DHCP agent to work with OVN.
2191 ovs: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2192 dnsmasq: |
2193 #no-hosts
2194 #port=5353
2195 #cache-size=500
2196 #no-negcache
2197 #dns-forward-max=100
2198 #resolve-file=
2199 #strict-order
2200 #bind-interface
2201 #bind-dynamic
2202 #domain=
2203 #dhcp-range=10.10.10.10,10.10.10.100,24h
2204 #dhcp-lease-max=150
2205 #dhcp-host=11:22:33:44:55:66,ignore
2206 #dhcp-option=3,10.10.10.1
2207 #dhcp-option-force=26,1450
2208
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]2209 neutron_vpnaas: null
2210 ovn_vpn_agent:
2211 DEFAULT:
2212 interface_driver: openvswitch
2213 vpnagent:
2214 vpn_device_driver: neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver
2215 ovs:
2216 ovsdb_connection: unix:/run/openvswitch/db.sock
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2217 l3_agent:
2218 DEFAULT:
2219 # (NOTE)portdirect: if unset this is populated dyanmicly from the value in
2220 # 'network.backend' to sane defaults.
2221 interface_driver: null
2222 agent_mode: legacy
2223 metering_agent: null
2224 metadata_agent:
2225 DEFAULT:
2226 # we cannot change the proxy socket path as it is declared
2227 # as a hostPath volume from agent daemonsets
2228 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
2229 metadata_proxy_shared_secret: "password"
2230 cache:
2231 enabled: true
2232 backend: dogpile.cache.memcached
2233 bagpipe_bgp: {}
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]2234 ovn_metadata_agent:
2235 DEFAULT:
2236 # we cannot change the proxy socket path as it is declared
2237 # as a hostPath volume from agent daemonsets
2238 metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
2239 metadata_proxy_shared_secret: "password"
2240 metadata_workers: 2
2241 cache:
2242 enabled: true
2243 backend: dogpile.cache.memcached
2244 ovs:
2245 ovsdb_connection: unix:/run/openvswitch/db.sock
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]2246 bgp_dragent: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2247
2248 rabbitmq:
2249 # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
2250 policies:
2251 - vhost: "neutron"
2252 name: "ha_ttl_neutron"
2253 definition:
2254 # mirror messges to other nodes in rmq cluster
2255 ha-mode: "all"
2256 ha-sync-mode: "automatic"
2257 # 70s
2258 message-ttl: 70000
2259 priority: 0
2260 apply-to: all
2261 pattern: '^(?!(amq\.|reply_)).*'
2262 ## NOTE: "besteffort" is meant for dev env with mixed compute type only.
2263 ## This helps prevent sriov init script from failing due to mis-matched NIC
2264 ## For prod env, target NIC should match and init script should fail otherwise.
2265 ## sriov_init:
2266 ## - besteffort
2267 sriov_init:
2268 -
2269 # auto_bridge_add is a table of "bridge: interface" pairs
2270 # To automatically add a physical interfaces to a specific bridges,
2271 # for example eth3 to bridge br-physnet1, if0 to br0 and iface_two
2272 # to br1 do something like:
2273 #
2274 # auto_bridge_add:
2275 # br-physnet1: eth3
2276 # br0: if0
2277 # br1: iface_two
2278 # br-ex will be added by default
2279 auto_bridge_add:
2280 br-ex: null
2281
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]2282 # Network off-loading configuration
2283 netoffload:
ricolin18e6fd32023-07-17 06:17:15 +0000[diff] [blame]2284 enabled: false
Mohammed Nasera720f882023-06-30 23:48:02 -0400[diff] [blame]2285 asap2:
2286 # - dev: enp97s0f0
2287 # vfs: 16
2288
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2289 # configuration of OVS DPDK bridges and NICs
2290 # this is a separate section and not part of the auto_bridge_add section
2291 # because additional parameters are needed
2292 ovs_dpdk:
2293 enabled: false
2294 # setting update_dpdk_bond_config to true will have default behavior,
2295 # which may cause disruptions in ovs dpdk traffic in case of neutron
2296 # ovs agent restart or when dpdk nic/bond configurations are changed.
2297 # Setting this to false will configure dpdk in the first run and
2298 # disable nic/bond config on event of restart or config update.
2299 update_dpdk_bond_config: true
2300 driver: uio_pci_generic
2301 # In case bonds are configured, the nics which are part of those bonds
2302 # must NOT be provided here.
2303 nics:
2304 - name: dpdk0
2305 pci_id: '0000:05:00.0'
2306 # Set VF Index in case some particular VF(s) need to be
2307 # used with ovs-dpdk.
2308 # vf_index: 0
2309 bridge: br-phy
2310 migrate_ip: true
2311 n_rxq: 2
2312 n_txq: 2
2313 pmd_rxq_affinity: "0:3,1:27"
2314 ofport_request: 1
2315 # optional parameters for tuning the OVS DPDK config
2316 # in alignment with the available hardware resources
2317 # mtu: 2000
2318 # n_rxq_size: 1024
2319 # n_txq_size: 1024
2320 # vhost-iommu-support: true
2321 bridges:
2322 - name: br-phy
2323 # optional parameter, in case tunnel traffic needs to be transported over a vlan underlay
2324 # - tunnel_underlay_vlan: 45
2325 # Optional parameter for configuring bonding in OVS-DPDK
2326 # - name: br-phy-bond0
2327 # bonds:
2328 # - name: dpdkbond0
2329 # bridge: br-phy-bond0
2330 # # The IP from the first nic in nics list shall be used
2331 # migrate_ip: true
2332 # mtu: 2000
2333 # # Please note that n_rxq is set for each NIC individually
2334 # # rather than denoting the total number of rx queues for
2335 # # the bond as a whole. So setting n_rxq = 2 below for ex.
2336 # # would be 4 rx queues in total for the bond.
2337 # # Same for n_txq
2338 # n_rxq: 2
2339 # n_txq: 2
2340 # ofport_request: 1
2341 # n_rxq_size: 1024
2342 # n_txq_size: 1024
2343 # vhost-iommu-support: true
2344 # ovs_options: "bond_mode=active-backup"
2345 # nics:
2346 # - name: dpdk_b0s0
2347 # pci_id: '0000:06:00.0'
2348 # pmd_rxq_affinity: "0:3,1:27"
2349 # # Set VF Index in case some particular VF(s) need to be
2350 # # used with ovs-dpdk. In which case pci_id of PF must be
2351 # # provided above.
2352 # # vf_index: 0
2353 # - name: dpdk_b0s1
2354 # pci_id: '0000:07:00.0'
2355 # pmd_rxq_affinity: "0:3,1:27"
2356 # # Set VF Index in case some particular VF(s) need to be
2357 # # used with ovs-dpdk. In which case pci_id of PF must be
2358 # # provided above.
2359 # # vf_index: 0
2360 #
2361 # Set the log level for each target module (default level is always dbg)
2362 # Supported log levels are: off, emer, err, warn, info, dbg
2363 #
2364 # modules:
2365 # - name: dpdk
2366 # log_level: info
2367
2368# Names of secrets used by bootstrap and environmental checks
2369secrets:
2370 identity:
2371 admin: neutron-keystone-admin
2372 neutron: neutron-keystone-user
2373 test: neutron-keystone-test
2374 oslo_db:
2375 admin: neutron-db-admin
2376 neutron: neutron-db-user
2377 oslo_messaging:
2378 admin: neutron-rabbitmq-admin
2379 neutron: neutron-rabbitmq-user
2380 tls:
2381 compute_metadata:
2382 metadata:
2383 internal: metadata-tls-metadata
2384 network:
2385 server:
2386 public: neutron-tls-public
2387 internal: neutron-tls-server
2388 oci_image_registry:
2389 neutron: neutron-oci-image-registry
2390
2391# typically overridden by environmental
2392# values, but should include all endpoints
2393# required by this chart
2394endpoints:
2395 cluster_domain_suffix: cluster.local
2396 local_image_registry:
2397 name: docker-registry
2398 namespace: docker-registry
2399 hosts:
2400 default: localhost
2401 internal: docker-registry
2402 node: localhost
2403 host_fqdn_override:
2404 default: null
2405 port:
2406 registry:
2407 node: 5000
2408 oci_image_registry:
2409 name: oci-image-registry
2410 namespace: oci-image-registry
2411 auth:
2412 enabled: false
2413 neutron:
2414 username: neutron
2415 password: password
2416 hosts:
2417 default: localhost
2418 host_fqdn_override:
2419 default: null
2420 port:
2421 registry:
2422 default: null
2423 oslo_db:
2424 auth:
2425 admin:
2426 username: root
2427 password: password
2428 secret:
2429 tls:
2430 internal: mariadb-tls-direct
2431 neutron:
2432 username: neutron
2433 password: password
2434 hosts:
2435 default: mariadb
2436 host_fqdn_override:
2437 default: null
2438 path: /neutron
2439 scheme: mysql+pymysql
2440 port:
2441 mysql:
2442 default: 3306
2443 oslo_messaging:
2444 auth:
2445 admin:
2446 username: rabbitmq
2447 password: password
2448 secret:
2449 tls:
2450 internal: rabbitmq-tls-direct
2451 neutron:
2452 username: neutron
2453 password: password
2454 statefulset:
2455 replicas: 2
2456 name: rabbitmq-rabbitmq
2457 hosts:
2458 default: rabbitmq
2459 host_fqdn_override:
2460 default: null
2461 path: /neutron
2462 scheme: rabbit
2463 port:
2464 amqp:
2465 default: 5672
2466 http:
2467 default: 15672
2468 oslo_cache:
2469 auth:
2470 # NOTE(portdirect): this is used to define the value for keystone
2471 # authtoken cache encryption key, if not set it will be populated
2472 # automatically with a random value, but to take advantage of
2473 # this feature all services should be set to use the same key,
2474 # and memcache service.
2475 memcache_secret_key: null
2476 hosts:
2477 default: memcached
2478 host_fqdn_override:
2479 default: null
2480 port:
2481 memcache:
2482 default: 11211
2483 compute:
2484 name: nova
2485 hosts:
2486 default: nova-api
2487 public: nova
2488 host_fqdn_override:
2489 default: null
2490 path:
2491 default: "/v2.1/%(tenant_id)s"
2492 scheme:
2493 default: 'http'
2494 port:
2495 api:
2496 default: 8774
2497 public: 80
2498 novncproxy:
2499 default: 6080
2500 compute_metadata:
2501 name: nova
2502 hosts:
2503 default: nova-metadata
2504 public: metadata
2505 host_fqdn_override:
2506 default: null
2507 path:
2508 default: /
2509 scheme:
2510 default: 'http'
2511 port:
2512 metadata:
2513 default: 8775
2514 public: 80
2515 identity:
2516 name: keystone
2517 auth:
2518 admin:
2519 region_name: RegionOne
2520 username: admin
2521 password: password
2522 project_name: admin
2523 user_domain_name: default
2524 project_domain_name: default
2525 neutron:
Mohammed Naserda994232024-04-13 12:34:01 -0400[diff] [blame]2526 role: admin,service
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2527 region_name: RegionOne
2528 username: neutron
2529 password: password
2530 project_name: service
2531 user_domain_name: service
2532 project_domain_name: service
2533 nova:
2534 region_name: RegionOne
2535 project_name: service
2536 username: nova
2537 password: password
2538 user_domain_name: service
2539 project_domain_name: service
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]2540 placement:
2541 region_name: RegionOne
2542 project_name: service
2543 username: placement
2544 password: password
2545 user_domain_name: service
2546 project_domain_name: service
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2547 designate:
2548 region_name: RegionOne
2549 project_name: service
2550 username: designate
2551 password: password
2552 user_domain_name: service
2553 project_domain_name: service
2554 ironic:
2555 region_name: RegionOne
2556 project_name: service
2557 username: ironic
2558 password: password
2559 user_domain_name: service
2560 project_domain_name: service
2561 test:
2562 role: admin
2563 region_name: RegionOne
2564 username: neutron-test
2565 password: password
2566 # NOTE: this project will be purged and reset if
2567 # conf.rally_tests.force_project_purge is set to true
2568 # which may be required upon test failure, but be aware that this will
2569 # expunge all openstack objects, so if this is used a seperate project
2570 # should be used for each helm test, and also it should be ensured
2571 # that this project is not in use by other tenants
2572 project_name: test
2573 user_domain_name: service
2574 project_domain_name: service
2575 hosts:
2576 default: keystone
2577 internal: keystone-api
2578 host_fqdn_override:
2579 default: null
2580 path:
2581 default: /v3
2582 scheme:
2583 default: http
2584 port:
2585 api:
2586 default: 80
2587 internal: 5000
2588 network:
2589 name: neutron
2590 hosts:
2591 default: neutron-server
2592 public: neutron
2593 host_fqdn_override:
2594 default: null
2595 # NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
2596 # endpoints using the following format:
2597 # public:
2598 # host: null
2599 # tls:
2600 # crt: null
2601 # key: null
2602 path:
2603 default: null
2604 scheme:
2605 default: 'http'
2606 service: 'http'
2607 port:
2608 api:
2609 default: 9696
2610 public: 80
2611 service: 9696
Mohammed Naserd70a6912024-07-03 00:09:44 -0400[diff] [blame]2612 policy_server:
2613 default: 9697
2614 public: 80
2615 service: 9697
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2616 load_balancer:
2617 name: octavia
2618 hosts:
2619 default: octavia-api
2620 public: octavia
2621 host_fqdn_override:
2622 default: null
2623 path:
2624 default: null
2625 scheme:
2626 default: http
2627 port:
2628 api:
2629 default: 9876
2630 public: 80
2631 fluentd:
2632 namespace: osh-infra
2633 name: fluentd
2634 hosts:
2635 default: fluentd-logging
2636 host_fqdn_override:
2637 default: null
2638 path:
2639 default: null
2640 scheme: 'http'
2641 port:
2642 service:
2643 default: 24224
2644 metrics:
2645 default: 24220
2646 dns:
2647 name: designate
2648 hosts:
2649 default: designate-api
2650 public: designate
2651 host_fqdn_override:
2652 default: null
2653 path:
2654 default: /
2655 scheme:
2656 default: 'http'
2657 port:
2658 api:
2659 default: 9001
2660 public: 80
2661 baremetal:
2662 name: ironic
2663 hosts:
2664 default: ironic-api
2665 public: ironic
2666 host_fqdn_override:
2667 default: null
2668 path:
2669 default: null
2670 scheme:
2671 default: 'http'
2672 port:
2673 api:
2674 default: 6385
2675 public: 80
2676 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
2677 # They are using to enable the Egress K8s network policy.
2678 kube_dns:
2679 namespace: kube-system
2680 name: kubernetes-dns
2681 hosts:
2682 default: kube-dns
2683 host_fqdn_override:
2684 default: null
2685 path:
2686 default: null
2687 scheme: http
2688 port:
2689 dns:
2690 default: 53
2691 protocol: UDP
2692 ingress:
2693 namespace: null
2694 name: ingress
2695 hosts:
2696 default: ingress
2697 port:
2698 ingress:
2699 default: 80
2700
2701network_policy:
2702 neutron:
2703 # TODO(lamt): Need to tighten this ingress for security.
2704 ingress:
2705 - {}
2706 egress:
2707 - {}
2708
2709helm3_hook: true
2710
2711health_probe:
2712 logging:
2713 level: ERROR
2714
2715tls:
2716 identity: false
2717 oslo_messaging: false
2718 oslo_db: false
2719
2720manifests:
2721 certificates: false
2722 configmap_bin: true
2723 configmap_etc: true
2724 daemonset_dhcp_agent: true
2725 daemonset_l3_agent: true
2726 daemonset_lb_agent: true
2727 daemonset_metadata_agent: true
2728 daemonset_ovs_agent: true
2729 daemonset_sriov_agent: true
2730 daemonset_l2gw_agent: false
2731 daemonset_bagpipe_bgp: false
Rico Lincf86b122023-11-02 01:29:14 +0800[diff] [blame]2732 daemonset_bgp_dragent: false
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2733 daemonset_netns_cleanup_cron: true
vexxhost-bote001f042024-10-25 16:34:25 -0400[diff] [blame]2734 daemonset_ovn_metadata_agent: false
2735 daemonset_ovn_vpn_agent: false
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2736 deployment_ironic_agent: false
2737 deployment_server: true
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]2738 deployment_rpc_server: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]2739 ingress_server: true
2740 job_bootstrap: true
2741 job_db_init: true
2742 job_db_sync: true
2743 job_db_drop: false
2744 job_image_repo_sync: true
2745 job_ks_endpoints: true
2746 job_ks_service: true
2747 job_ks_user: true
2748 job_rabbit_init: true
2749 pdb_server: true
2750 pod_rally_test: true
2751 network_policy: false
2752 secret_db: true
2753 secret_ingress_tls: true
2754 secret_keystone: true
2755 secret_rabbitmq: true
2756 secret_registry: true
2757 service_ingress_server: true
2758 service_server: true
2759...