2 # Print more verbose output (set logging level to INFO instead of default WARNING level).
3 verbose = {{ VERBOSE }}
5 # Print debugging output (set logging level to DEBUG instead of default WARNING level).
8 # Where to store Neutron state files. This directory must be writable by the
9 # user executing the agent.
10 state_path = /var/lib/neutron
12 # Where to store lock files
13 lock_path = $state_path/lock
15 # log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
16 # log_date_format = %Y-%m-%d %H:%M:%S
18 # use_syslog -> syslog
19 # log_file and log_dir -> log_dir/log_file
20 # (not log_file) and log_dir -> log_dir/{binary_name}.log
21 # use_stderr -> stderr
22 # (not user_stderr) and (not log_file) -> stdout
23 # publish_errors -> notification system
26 # syslog_log_facility = LOG_USER
30 log_dir = /var/log/neutron
32 # publish_errors = False
34 # Address to bind the API server to
35 bind_host = {{ network_server_host }}
37 # Port the bind the API server to
40 # Path to the extensions. Note that this can be a colon-separated list of
42 # api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
43 # The __path__ of neutron.extensions is appended to this, so if your
44 # extensions are in there you don't need to specify them here
45 # api_extensions_path =
47 # (StrOpt) Neutron core plugin entrypoint to be loaded from the
48 # neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the
49 # plugins included in the neutron source distribution. For compatibility with
50 # previous versions, the class name of a plugin can be specified instead of its
53 #core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
55 # Example: core_plugin = ml2
57 # (ListOpt) List of service plugin entrypoints to be loaded from the
58 # neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
59 # the plugins included in the neutron source distribution. For compatibility
60 # with previous versions, the class name of a plugin can be specified instead
61 # of its entrypoint name.
64 # Example: service_plugins = router,firewall,lbaas,vpnaas,metering
65 service_plugins = router
67 # Paste configuration file
68 api_paste_config = api-paste.ini
70 # The strategy to be used for auth.
71 # Supported values are 'keystone'(default), 'noauth'.
72 auth_strategy = keystone
74 # Base MAC address. The first 3 octets will remain unchanged. If the
75 # 4h octet is not 00, it will also be used. The others will be
78 # base_mac = fa:16:3e:00:00:00
80 # base_mac = fa:16:3e:4f:00:00
82 # Maximum amount of retries to generate a unique MAC address
83 # mac_generation_retries = 16
85 # DHCP Lease duration (in seconds)
86 dhcp_lease_duration = 86400
88 # Allow sending resource operation notification to DHCP agent
89 # dhcp_agent_notification = True
91 # Enable or disable bulk create/update/delete operations
93 # Enable or disable pagination
94 # allow_pagination = False
95 # Enable or disable sorting
96 # allow_sorting = False
97 # Enable or disable overlapping IPs for subnets
98 # Attention: the following parameter MUST be set to False if Neutron is
99 # being used in conjunction with nova security groups
100 allow_overlapping_ips = True
101 # Ensure that configured gateway is on subnet
102 # force_gateway_on_subnet = False
105 # RPC configuration options. Defined in rpc __init__
106 # The messaging module to use, defaults to kombu.
107 # rpc_backend = neutron.openstack.common.rpc.impl_kombu
109 rabbit_host = {{ rabbit_host }}
110 rabbit_password = {{ RABBIT_PASS }}
112 # Size of RPC thread pool
113 rpc_thread_pool_size = 240
114 # Size of RPC connection pool
115 rpc_conn_pool_size = 100
116 # Seconds to wait for a response from call or multicall
117 rpc_response_timeout = 300
118 # Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
119 rpc_cast_timeout = 300
120 # Modules of exceptions that are permitted to be recreated
121 # upon receiving exception data from an rpc call.
122 # allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception
123 # AMQP exchange to connect to if using RabbitMQ or QPID
124 # control_exchange = neutron
126 # If passed, use a fake RabbitMQ provider
127 # fake_rabbit = False
129 # Configuration options if sending notifications via kombu rpc (these are
131 # SSL version to use (valid only if SSL enabled)
132 # kombu_ssl_version =
133 # SSL key file (valid only if SSL enabled)
134 # kombu_ssl_keyfile =
135 # SSL cert file (valid only if SSL enabled)
136 # kombu_ssl_certfile =
137 # SSL certification authority file (valid only if SSL enabled)
138 # kombu_ssl_ca_certs =
139 # Port where RabbitMQ server is running/listening
141 # RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
142 # rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
143 # rabbit_hosts = localhost:5672
144 # User ID used for RabbitMQ connections
145 rabbit_userid = {{ RABBIT_USER }}
146 # Location of a virtual RabbitMQ installation.
147 # rabbit_virtual_host = /
148 # Maximum retries with trying to connect to RabbitMQ
149 # (the default of 0 implies an infinite retry count)
150 # rabbit_max_retries = 0
151 # RabbitMQ connection retry interval
152 # rabbit_retry_interval = 1
153 # Use HA queues in RabbitMQ (x-ha-policy: all). You need to
154 # wipe RabbitMQ database when changing this option. (boolean value)
155 # rabbit_ha_queues = false
157 # rpc_backend=neutron.openstack.common.rpc.impl_qpid
158 # Qpid broker hostname
159 # qpid_hostname = localhost
162 # Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
163 # qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
164 # qpid_hosts = localhost:5672
165 # Username for qpid connection
167 # Password for qpid connection
169 # Space separated list of SASL mechanisms to use for auth
170 # qpid_sasl_mechanisms = ''
171 # Seconds between connection keepalive heartbeats
172 # qpid_heartbeat = 60
173 # Transport to use, either 'tcp' or 'ssl'
174 # qpid_protocol = tcp
175 # Disable Nagle algorithm
176 # qpid_tcp_nodelay = True
179 # rpc_backend=neutron.openstack.common.rpc.impl_zmq
180 # ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
181 # The "host" option should point or resolve to this address.
182 # rpc_zmq_bind_address = *
184 # ============ Notification System Options =====================
186 # Notifications can be sent when network/subnet/port are created, updated or deleted.
187 # There are three methods of sending notifications: logging (via the
188 # log_file directive), rpc (via a message queue) and
189 # noop (no notifications sent, the default)
191 # Notification_driver can be defined multiple times
193 # notification_driver = neutron.openstack.common.notifier.no_op_notifier
195 # notification_driver = neutron.openstack.common.notifier.log_notifier
197 notification_driver = neutron.openstack.common.notifier.rpc_notifier
199 # default_notification_level is used to form actual topic name(s) or to set logging level
200 default_notification_level = INFO
202 # default_publisher_id is a part of the notification payload
204 # default_publisher_id = $host
206 # Defined in rpc_notifier, can be comma separated values.
207 # The actual topic names will be %s.%(default_notification_level)s
208 notification_topics = notifications
210 # Default maximum number of items returned in a single response,
211 # value == infinite and value < 0 means no max limit, and value must
212 # be greater than 0. If the number of items requested is greater than
213 # pagination_max_limit, server will just return pagination_max_limit
214 # of number of items.
215 # pagination_max_limit = -1
217 # Maximum number of DNS nameservers per subnet
218 # max_dns_nameservers = 5
220 # Maximum number of host routes per subnet
221 # max_subnet_host_routes = 20
223 # Maximum number of fixed ips per port
224 # max_fixed_ips_per_port = 5
226 # =========== items for agent management extension =============
227 # Seconds to regard the agent as down; should be at least twice
228 # report_interval, to be sure the agent is down for good
230 # =========== end of items for agent management extension =====
232 # =========== items for agent scheduler extension =============
233 # Driver to use for scheduling network to DHCP agent
234 network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
235 # Driver to use for scheduling router to a default L3 agent
236 router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
237 # Driver to use for scheduling a loadbalancer pool to an lbaas agent
238 # loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
240 # Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
241 # networks to first DHCP agent which sends get_active_networks message to
243 # network_auto_schedule = True
245 # Allow auto scheduling routers to L3 agent. It will schedule non-hosted
246 # routers to first L3 agent which sends sync_routers message to neutron server
247 # router_auto_schedule = True
249 # Number of DHCP agents scheduled to host a network. This enables redundant
250 # DHCP agents for configured networks.
251 # dhcp_agents_per_network = 1
253 # =========== end of items for agent scheduler extension =====
255 # =========== WSGI parameters related to the API server ==============
256 # Number of separate worker processes to spawn. The default, 0, runs the
257 # worker thread in the current process. Greater than 0 launches that number of
258 # child processes as workers. The parent process manages them.
261 # Number of separate RPC worker processes to spawn. The default, 0, runs the
262 # worker thread in the current process. Greater than 0 launches that number of
263 # child processes as RPC workers. The parent process manages them.
264 # This feature is experimental until issues are addressed and testing has been
265 # enabled for various plugins for compatibility.
268 # Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
269 # starting API server. Not supported on OS X.
272 # Number of seconds to keep retrying to listen
273 # retry_until_window = 30
275 # Number of backlog requests to configure the socket with.
278 # Max header line to accommodate large tokens
279 # max_header_line = 16384
281 # Enable SSL on the API server
284 # Certificate file to use when starting API server securely
285 # ssl_cert_file = /path/to/certfile
287 # Private key file to use when starting API server securely
288 # ssl_key_file = /path/to/keyfile
290 # CA certificate file to use when starting API server securely to
291 # verify connecting clients. This is an optional parameter only required if
292 # API clients need to authenticate to the API server using SSL certificates
293 # signed by a trusted CA
294 # ssl_ca_file = /path/to/cafile
295 # ======== end of WSGI parameters related to the API server ==========
298 # ======== neutron nova interactions ==========
299 # Send notification to nova when port status is active.
300 notify_nova_on_port_status_changes = True
302 # Send notifications to nova when port data (fixed_ips/floatingips) change
303 # so nova can update it's cache.
304 notify_nova_on_port_data_changes = True
306 # URL for connection to nova (Only supports one nova region currently).
307 nova_url = http://{{ HA_VIP }}:8774/v2
309 # Name of nova region to use. Useful if keystone manages more than one region
310 nova_region_name = RegionOne
312 # Username for connection to nova in admin context
313 nova_admin_username = nova
315 # The uuid of the admin nova tenant
316 nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }}
318 # Password for connection to nova in admin context.
319 nova_admin_password = {{ NOVA_PASS }}
321 # Authorization URL for connection to nova in admin context.
322 nova_admin_auth_url = http://{{ HA_VIP }}:35357/v2.0
324 # Number of seconds between sending events to nova if there are any events to send
325 send_events_interval = 2
327 # ======== end of neutron nova interactions ==========
330 # Default driver to use for quota checks
331 quota_driver = neutron.db.quota_db.DbQuotaDriver
333 # Resource name(s) that are supported in quota features
334 quota_items = network,subnet,port
336 # Default number of resource allowed per tenant. A negative value means
340 # Number of networks allowed per tenant. A negative value means unlimited.
343 # Number of subnets allowed per tenant. A negative value means unlimited.
346 # Number of ports allowed per tenant. A negative value means unlimited.
349 # Number of security groups allowed per tenant. A negative value means
351 quota_security_group = 1000
353 # Number of security group rules allowed per tenant. A negative value means
355 quota_security_group_rule = 1000
357 # Number of vips allowed per tenant. A negative value means unlimited.
360 # Number of pools allowed per tenant. A negative value means unlimited.
363 # Number of pool members allowed per tenant. A negative value means unlimited.
364 # The default is unlimited because a member is not a real resource consumer
365 # on Openstack. However, on back-end, a member is a resource consumer
366 # and that is the reason why quota is possible.
369 # Number of health monitors allowed per tenant. A negative value means
371 # The default is unlimited because a health monitor is not a real resource
372 # consumer on Openstack. However, on back-end, a member is a resource consumer
373 # and that is the reason why quota is possible.
374 # quota_health_monitors = -1
376 # Number of routers allowed per tenant. A negative value means unlimited.
379 # Number of floating IPs allowed per tenant. A negative value means unlimited.
380 # quota_floatingip = 50
383 # Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
384 # root filter facility.
385 # Change to "sudo" to skip the filtering and just run the comand directly
386 root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
388 # =========== items for agent management extension =============
389 # seconds between nodes reporting state to server; should be less than
390 # agent_down_time, best if it is half or less than agent_down_time
393 # =========== end of items for agent management extension =====
396 auth_uri = http://{{ HA_VIP }}:5000/v2.0
397 identity_uri = http://{{ HA_VIP }}:35357
398 admin_tenant_name = service
400 admin_password = {{ NEUTRON_PASS }}
401 signing_dir = $state_path/keystone-signing
404 # This line MUST be changed to actually run the plugin.
406 # connection = mysql://root:pass@127.0.0.1:3306/neutron
407 # Replace 127.0.0.1 above with the IP address of the database used by the
408 # main neutron server. (Leave it as is if the database runs on this host.)
409 # connection = sqlite:////var/lib/neutron/neutron.sqlite
410 #connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
412 # The SQLAlchemy connection string used to connect to the slave database
415 # Database reconnection retry times - in event connectivity is lost
416 # set to -1 implies an infinite retry count
419 # Database reconnection interval in seconds - if the initial connection to the
423 # Minimum number of SQL connections to keep open in a pool
426 # Maximum number of SQL connections to keep open in a pool
429 # Timeout in seconds before idle sql connections are reaped
432 # If set, use this value for max_overflow with sqlalchemy
435 # Verbosity of SQL debugging information. 0=None, 100=Everything
438 # Add python stack traces to SQL as comment strings
439 connection_trace = False
441 # If set, use this value for pool_timeout with sqlalchemy
445 # Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
447 # service_provider=<service_type>:<name>:<driver>[:default]
448 # List of allowed service types includes LOADBALANCER, FIREWALL, VPN
449 # Combination of <service type> and <name> must be unique; <driver> must also be unique
450 # This is multiline option, example for default provider:
451 # service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
452 # example of non-default provider:
453 # service_provider=FIREWALL:name2:firewall_driver_path
454 # --- Reference implementations ---
455 service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
456 service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
457 # In order to activate Radware's lbaas driver you need to uncomment the next line.
458 # If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
459 # Otherwise comment the HA Proxy line
460 # service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
461 # uncomment the following line to make the 'netscaler' LBaaS provider available.
462 # service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
463 # Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver.
464 # service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
465 # Uncomment the line below to use Embrane heleos as Load Balancer service provider.
466 # service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default