Octavia Configuration Options¶
Table of Contents
-
host
¶ Type: hostname Default: ubuntu-xenial-osic-cloud1-s3700-9588999
The hostname Octavia is running on
-
octavia_plugins
¶ Type: string Default: hot_plug_plugin
Name of the controller plugin to use
-
bind_host
¶ Type: ip address Default: <None>
The host IP to bind to
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This setting has moved to the [api_settings] section.
-
bind_port
¶ Type: port number Default: <None>
Minimum Value: 0 Maximum Value: 65535 The port to bind to
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This setting has moved to the [api_settings] section.
-
auth_strategy
¶ Type: string Default: <None>
Valid Values: noauth, keystone, testing The auth strategy for API requests.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This setting has moved to the [api_settings] section.
-
api_handler
¶ Type: string Default: <None>
The handler that the API communicates with
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This setting has moved to the [api_settings] section.
-
agent_server_ca
¶ Type: string Default: /etc/octavia/certs/client_ca.pem
The ca which signed the client certificates
-
agent_server_cert
¶ Type: string Default: /etc/octavia/certs/server.pem
The server certificate for the agent.py server to use
-
agent_server_network_dir
¶ Type: string Default: <None>
The directory where new network interfaces are located
-
agent_server_network_file
¶ Type: string Default: <None>
The file where the network interfaces are located. Specifying this will override any value set for agent_server_network_dir.
-
agent_request_read_timeout
¶ Type: integer Default: 120
The time in seconds to allow a request from the controller to run before terminating the socket.
-
amphora_id
¶ Type: string Default: <None>
The amphora ID.
-
cert_manager
¶ Type: string Default: barbican_cert_manager
Name of the cert manager to use
-
cert_generator
¶ Type: string Default: local_cert_generator
Name of the cert generator to use
-
barbican_auth
¶ Type: string Default: barbican_acl_auth
Name of the Barbican authentication method to use
-
service_name
¶ Type: string Default: <None>
The name of the certificate service in the keystonecatalog
-
endpoint
¶ Type: string Default: <None>
A new endpoint to override the endpoint in the keystone catalog.
-
region_name
¶ Type: string Default: <None>
Region in Identity service catalog to use for communication with the barbican service.
-
endpoint_type
¶ Type: string Default: publicURL
The endpoint_type to be used for barbican service.
-
ca_certificates_file
¶ Type: string Default: <None>
CA certificates file path
-
insecure
¶ Type: boolean Default: false
Disable certificate validation on SSL connections
-
workers
¶ Type: integer Default: 1
Minimum Value: 1 Number of workers for the controller-worker service.
-
amp_active_retries
¶ Type: integer Default: 10
Retry attempts to wait for Amphora to become active
-
amp_active_wait_sec
¶ Type: integer Default: 10
Seconds to wait between checks on whether an Amphora has become active
-
amp_flavor_id
¶ Type: string Default: Nova instance flavor id for the Amphora
-
amp_image_tag
¶ Type: string Default: Glance image tag for the Amphora image to boot. Use this option to be able to update the image without reconfiguring Octavia. Ignored if amp_image_id is defined.
-
amp_image_id
¶ Type: string Default: Glance image id for the Amphora image to boot
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: Superseded by amp_image_tag option.
-
amp_image_owner_id
¶ Type: string Default: Restrict glance image selection to a specific owner ID. This is a recommended security setting.
-
amp_ssh_key_name
¶ Type: string Default: SSH key name used to boot the Amphora
-
amp_ssh_access_allowed
¶ Type: boolean Default: true
Determines whether or not to allow access to the Amphorae
-
amp_boot_network_list
¶ Type: list Default: List of networks to attach to the Amphorae. All networks defined in the list will be attached to each amphora.
-
amp_secgroup_list
¶ Type: list Default: List of security groups to attach to the Amphora.
-
client_ca
¶ Type: string Default: /etc/octavia/certs/ca_01.pem
Client CA for the amphora agent to use
-
amphora_driver
¶ Type: string Default: amphora_noop_driver
Name of the amphora driver to use
-
compute_driver
¶ Type: string Default: compute_noop_driver
Name of the compute driver to use
-
network_driver
¶ Type: string Default: network_noop_driver
Name of the network driver to use
-
loadbalancer_topology
¶ Type: string Default: SINGLE
Valid Values: ACTIVE_STANDBY, SINGLE Load balancer topology configuration. SINGLE - One amphora per load balancer. ACTIVE_STANDBY - Two amphora per load balancer.
-
user_data_config_drive
¶ Type: boolean Default: false
If True, build cloud-init user-data that is passed to the config drive on Amphora boot instead of personality files. If False, utilize personality files.
-
service_name
¶ Type: string Default: <None>
The name of the glance service in the keystone catalog
-
endpoint
¶ Type: string Default: <None>
A new endpoint to override the endpoint in the keystone catalog.
-
region_name
¶ Type: string Default: <None>
Region in Identity service catalog to use for communication with the OpenStack services.
-
endpoint_type
¶ Type: string Default: publicURL
Endpoint interface in identity service to use
-
ca_certificates_file
¶ Type: string Default: <None>
CA certificates file path
-
insecure
¶ Type: boolean Default: false
Disable certificate validation on SSL connections
-
base_path
¶ Type: string Default: /var/lib/octavia
Base directory for amphora files.
-
base_cert_dir
¶ Type: string Default: /var/lib/octavia/certs
Base directory for cert storage.
-
haproxy_template
¶ Type: string Default: <None>
Custom haproxy template.
-
connection_max_retries
¶ Type: integer Default: 300
Retry threshold for connecting to amphorae.
-
connection_retry_interval
¶ Type: integer Default: 5
Retry timeout between connection attempts in seconds.
-
build_rate_limit
¶ Type: integer Default: -1
Number of amphorae that could be built per controllerworker, simultaneously.
-
build_active_retries
¶ Type: integer Default: 300
Retry threshold for waiting for a build slot for an amphorae.
-
build_retry_interval
¶ Type: integer Default: 5
Retry timeout between build attempts in seconds.
-
user_group
¶ Type: string Default: <None>
The user group for haproxy to run under inside the amphora.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This is now automatically discovered and configured.
-
haproxy_stick_size
¶ Type: string Default: 10k
Size of the HAProxy stick table. Accepts k, m, g suffixes. Example: 10k
-
bind_host
¶ Type: ip address Default: ::
The host IP to bind to
-
bind_port
¶ Type: port number Default: 9443
Minimum Value: 0 Maximum Value: 65535 The port to bind to
-
lb_network_interface
¶ Type: string Default: o-hm0
Network interface through which to reach amphora, only required if using IPv6 link local addresses.
-
haproxy_cmd
¶ Type: string Default: /usr/sbin/haproxy
The full path to haproxy
-
respawn_count
¶ Type: integer Default: 2
The respawn count for haproxy’s upstart script
-
respawn_interval
¶ Type: integer Default: 2
The respawn interval for haproxy’s upstart script
-
rest_request_conn_timeout
¶ Type: floating point Default: 10
The time in seconds to wait for a REST API to connect.
-
rest_request_read_timeout
¶ Type: floating point Default: 60
The time in seconds to wait for a REST API response.
-
client_cert
¶ Type: string Default: /etc/octavia/certs/client.pem
The client certificate to talk to the agent
-
server_ca
¶ Type: string Default: /etc/octavia/certs/server_ca.pem
The ca which signed the server certificates
-
use_upstart
¶ Type: boolean Default: true
If False, use sysvinit.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This is now automatically discovered and configured.
-
bind_ip
¶ Type: ip address Default: 127.0.0.1
IP address the controller will listen on for heart beats
-
bind_port
¶ Type: port number Default: 5555
Minimum Value: 0 Maximum Value: 65535 Port number the controller will listen onfor heart beats
-
failover_threads
¶ Type: integer Default: 10
Number of threads performing amphora failovers.
-
status_update_threads
¶ Type: integer Default: 50
Number of threads performing amphora status update.
-
heartbeat_key
¶ Type: string Default: <None>
key used to validate amphora sendingthe message
-
heartbeat_timeout
¶ Type: integer Default: 60
Interval, in seconds, to wait before failing over an amphora.
-
health_check_interval
¶ Type: integer Default: 3
Sleep time between health checks in seconds.
-
sock_rlimit
¶ Type: integer
Default: 0
sets the value of the heartbeat recv buffer
-
controller_ip_port_list
¶ Type: list Default: List of controller ip and port pairs for the heartbeat receivers. Example 127.0.0.1:5555, 192.168.0.1:5555
-
heartbeat_interval
¶ Type: integer Default: 10
Sleep time between sending heartbeats.
-
event_streamer_driver
¶ Type: string Default: noop_event_streamer
Specifies which driver to use for the event_streamer for syncing the octavia and neutron_lbaas dbs. If you don’t need to sync the database or are running octavia in stand alone mode use the noop_event_streamer
-
spare_check_interval
¶ Type: integer Default: 30
Spare check interval in seconds
-
spare_amphora_pool_size
¶ Type: integer Default: 0
Number of spare amphorae
-
cleanup_interval
¶ Type: integer Default: 30
DB cleanup interval in seconds
-
amphora_expiry_age
¶ Type: integer Default: 604800
Amphora expiry age in seconds
-
load_balancer_expiry_age
¶ Type: integer Default: 604800
Load balancer expiry age in seconds
-
cert_interval
¶ Type: integer Default: 3600
Certificate check interval in seconds
-
cert_expiry_buffer
¶ Type: integer Default: 1209600
Seconds until certificate expiration
-
cert_rotate_threads
¶ Type: integer Default: 10
Number of threads performing amphora certificate rotation
-
vrrp_advert_int
¶ Type: integer Default: 1
Amphora role and priority advertisement interval in seconds.
-
vrrp_check_interval
¶ Type: integer Default: 5
VRRP health check script run interval in seconds.
-
vrrp_fail_count
¶ Type: integer Default: 2
Number of successive failures before transition to a fail state.
-
vrrp_success_count
¶ Type: integer Default: 2
Number of consecutive successes before transition to a success state.
-
vrrp_garp_refresh_interval
¶ Type: integer Default: 5
Time in seconds between gratuitous ARP announcements from the MASTER.
-
vrrp_garp_refresh_count
¶ Type: integer Default: 2
Number of gratuitous ARP announcements to make on each refresh interval.
-
max_retries
¶ Type: integer Default: 15
The maximum attempts to retry an action with the networking service.
-
retry_interval
¶ Type: integer Default: 1
Seconds to wait before retrying an action with the networking service.
-
port_detach_timeout
¶ Type: integer Default: 300
Seconds to wait for a port to detach from an amphora.
-
allow_vip_network_id
¶ Type: boolean Default: true
Can users supply a network_id for their VIP?
-
allow_vip_subnet_id
¶ Type: boolean Default: true
Can users supply a subnet_id for their VIP?
-
allow_vip_port_id
¶ Type: boolean Default: true
Can users supply a port_id for their VIP?
-
valid_vip_networks
¶ Type: list Default: <None>
List of network_ids that are valid for VIP creation. If this field is empty, no validation is performed.
-
service_name
¶ Type: string Default: <None>
The name of the neutron service in the keystone catalog
-
endpoint
¶ Type: string Default: <None>
A new endpoint to override the endpoint in the keystone catalog.
-
region_name
¶ Type: string Default: <None>
Region in Identity service catalog to use for communication with the OpenStack services.
-
endpoint_type
¶ Type: string Default: publicURL
Endpoint interface in identity service to use
-
ca_certificates_file
¶ Type: string Default: <None>
CA certificates file path
-
insecure
¶ Type: boolean Default: false
Disable certificate validation on SSL connections
-
service_name
¶ Type: string Default: <None>
The name of the nova service in the keystone catalog
-
endpoint
¶ Type: string Default: <None>
A new endpoint to override the endpoint in the keystone catalog.
-
region_name
¶ Type: string Default: <None>
Region in Identity service catalog to use for communication with the OpenStack services.
-
endpoint_type
¶ Type: string Default: publicURL
Endpoint interface in identity service to use
-
ca_certificates_file
¶ Type: string Default: <None>
CA certificates file path
-
insecure
¶ Type: boolean Default: false
Disable certificate validation on SSL connections
-
enable_anti_affinity
¶ Type: boolean Default: false
Flag to indicate if nova anti-affinity feature is turned on.
-
anti_affinity_policy
¶ Type: string Default: anti-affinity
Valid Values: anti-affinity, soft-anti-affinity Sets the anti-affinity policy for nova
-
random_amphora_name_length
¶ Type: integer Default: 0
If non-zero, generate a random name of the length provided for each amphora, in the format “a[A-Z0-9]*”. Otherwise, the default name format will be used: “amphora-{UUID}”.
-
availability_zone
¶ Type: string Default: <None>
Availability zone to use for creating Amphorae
-
topic
¶ Type: string Default: <None>
-
event_stream_topic
¶ Type: string Default: neutron_lbaas_event
topic name for communicating events through a queue
-
auth_url
¶ Type: unknown type Default: <None>
Authentication URL
-
auth_type
¶ Type: unknown type Default: <None>
Authentication type to load
¶ Group Name service_auth auth_plugin
-
cafile
¶ Type: string Default: <None>
PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
certfile
¶ Type: string Default: <None>
PEM encoded client certificate cert file
-
default_domain_id
¶ Type: unknown type Default: <None>
Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
-
default_domain_name
¶ Type: unknown type Default: <None>
Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
-
domain_id
¶ Type: unknown type Default: <None>
Domain ID to scope to
-
domain_name
¶ Type: unknown type Default: <None>
Domain name to scope to
-
insecure
¶ Type: boolean Default: false
Verify HTTPS connections.
-
keyfile
¶ Type: string Default: <None>
PEM encoded client certificate key file
-
password
¶ Type: unknown type Default: <None>
User’s password
-
project_domain_id
¶ Type: unknown type Default: <None>
Domain ID containing project
-
project_domain_name
¶ Type: unknown type Default: <None>
Domain name containing project
-
project_id
¶ Type: unknown type Default: <None>
Project ID to scope to
¶ Group Name service_auth tenant-id service_auth tenant_id
-
project_name
¶ Type: unknown type Default: <None>
Project name to scope to
¶ Group Name service_auth tenant-name service_auth tenant_name
-
tenant_id
¶ Type: unknown type Default: <None>
Tenant ID
-
tenant_name
¶ Type: unknown type Default: <None>
Tenant Name
-
timeout
¶ Type: integer Default: <None>
Timeout value for http requests
-
trust_id
¶ Type: unknown type Default: <None>
Trust ID
-
user_domain_id
¶ Type: unknown type Default: <None>
User’s domain id
-
user_domain_name
¶ Type: unknown type Default: <None>
User’s domain name
-
user_id
¶ Type: unknown type Default: <None>
User id
-
username
¶ Type: unknown type Default: <None>
Username
¶ Group Name service_auth user-name service_auth user_name
-
engine
¶ Type: string Default: serial
TaskFlow engine to use
-
max_workers
¶ Type: integer Default: 5
The maximum number of workers
-
disable_revert
¶ Type: boolean Default: false
If True, disables the controller worker taskflow flows from reverting. This will leave resources in an inconsistent state and should only be used for debugging purposes.