Octavia Configuration Options

host
Type:hostname
Default:ubuntu-xenial-osic-cloud1-s3700-9588999

The hostname Octavia is running on

octavia_plugins
Type:string
Default:hot_plug_plugin

Name of the controller plugin to use

bind_host
Type:ip address
Default:<None>

The host IP to bind to

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This setting has moved to the [api_settings] section.
bind_port
Type:port number
Default:<None>
Minimum Value:0
Maximum Value:65535

The port to bind to

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This setting has moved to the [api_settings] section.
auth_strategy
Type:string
Default:<None>
Valid Values:noauth, keystone, testing

The auth strategy for API requests.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This setting has moved to the [api_settings] section.
api_handler
Type:string
Default:<None>

The handler that the API communicates with

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This setting has moved to the [api_settings] section.
agent_server_ca
Type:string
Default:/etc/octavia/certs/client_ca.pem

The ca which signed the client certificates

agent_server_cert
Type:string
Default:/etc/octavia/certs/server.pem

The server certificate for the agent.py server to use

agent_server_network_dir
Type:string
Default:<None>

The directory where new network interfaces are located

agent_server_network_file
Type:string
Default:<None>

The file where the network interfaces are located. Specifying this will override any value set for agent_server_network_dir.

agent_request_read_timeout
Type:integer
Default:120

The time in seconds to allow a request from the controller to run before terminating the socket.

amphora_id
Type:string
Default:<None>

The amphora ID.

cert_manager
Type:string
Default:barbican_cert_manager

Name of the cert manager to use

cert_generator
Type:string
Default:local_cert_generator

Name of the cert generator to use

barbican_auth
Type:string
Default:barbican_acl_auth

Name of the Barbican authentication method to use

service_name
Type:string
Default:<None>

The name of the certificate service in the keystonecatalog

endpoint
Type:string
Default:<None>

A new endpoint to override the endpoint in the keystone catalog.

region_name
Type:string
Default:<None>

Region in Identity service catalog to use for communication with the barbican service.

endpoint_type
Type:string
Default:publicURL

The endpoint_type to be used for barbican service.

ca_certificates_file
Type:string
Default:<None>

CA certificates file path

insecure
Type:boolean
Default:false

Disable certificate validation on SSL connections

workers
Type:integer
Default:1
Minimum Value:1

Number of workers for the controller-worker service.

amp_active_retries
Type:integer
Default:10

Retry attempts to wait for Amphora to become active

amp_active_wait_sec
Type:integer
Default:10

Seconds to wait between checks on whether an Amphora has become active

amp_flavor_id
Type:string
Default:

Nova instance flavor id for the Amphora

amp_image_tag
Type:string
Default:

Glance image tag for the Amphora image to boot. Use this option to be able to update the image without reconfiguring Octavia. Ignored if amp_image_id is defined.

amp_image_id
Type:string
Default:

Glance image id for the Amphora image to boot

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:Superseded by amp_image_tag option.
amp_image_owner_id
Type:string
Default:

Restrict glance image selection to a specific owner ID. This is a recommended security setting.

amp_ssh_key_name
Type:string
Default:

SSH key name used to boot the Amphora

amp_ssh_access_allowed
Type:boolean
Default:true

Determines whether or not to allow access to the Amphorae

amp_boot_network_list
Type:list
Default:

List of networks to attach to the Amphorae. All networks defined in the list will be attached to each amphora.

amp_secgroup_list
Type:list
Default:

List of security groups to attach to the Amphora.

client_ca
Type:string
Default:/etc/octavia/certs/ca_01.pem

Client CA for the amphora agent to use

amphora_driver
Type:string
Default:amphora_noop_driver

Name of the amphora driver to use

compute_driver
Type:string
Default:compute_noop_driver

Name of the compute driver to use

network_driver
Type:string
Default:network_noop_driver

Name of the network driver to use

loadbalancer_topology
Type:string
Default:SINGLE
Valid Values:ACTIVE_STANDBY, SINGLE

Load balancer topology configuration. SINGLE - One amphora per load balancer. ACTIVE_STANDBY - Two amphora per load balancer.

user_data_config_drive
Type:boolean
Default:false

If True, build cloud-init user-data that is passed to the config drive on Amphora boot instead of personality files. If False, utilize personality files.

service_name
Type:string
Default:<None>

The name of the glance service in the keystone catalog

endpoint
Type:string
Default:<None>

A new endpoint to override the endpoint in the keystone catalog.

region_name
Type:string
Default:<None>

Region in Identity service catalog to use for communication with the OpenStack services.

endpoint_type
Type:string
Default:publicURL

Endpoint interface in identity service to use

ca_certificates_file
Type:string
Default:<None>

CA certificates file path

insecure
Type:boolean
Default:false

Disable certificate validation on SSL connections

base_path
Type:string
Default:/var/lib/octavia

Base directory for amphora files.

base_cert_dir
Type:string
Default:/var/lib/octavia/certs

Base directory for cert storage.

haproxy_template
Type:string
Default:<None>

Custom haproxy template.

connection_max_retries
Type:integer
Default:300

Retry threshold for connecting to amphorae.

connection_retry_interval
Type:integer
Default:5

Retry timeout between connection attempts in seconds.

build_rate_limit
Type:integer
Default:-1

Number of amphorae that could be built per controllerworker, simultaneously.

build_active_retries
Type:integer
Default:300

Retry threshold for waiting for a build slot for an amphorae.

build_retry_interval
Type:integer
Default:5

Retry timeout between build attempts in seconds.

user_group
Type:string
Default:<None>

The user group for haproxy to run under inside the amphora.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This is now automatically discovered and configured.
haproxy_stick_size
Type:string
Default:10k

Size of the HAProxy stick table. Accepts k, m, g suffixes. Example: 10k

bind_host
Type:ip address
Default:::

The host IP to bind to

bind_port
Type:port number
Default:9443
Minimum Value:0
Maximum Value:65535

The port to bind to

lb_network_interface
Type:string
Default:o-hm0

Network interface through which to reach amphora, only required if using IPv6 link local addresses.

haproxy_cmd
Type:string
Default:/usr/sbin/haproxy

The full path to haproxy

respawn_count
Type:integer
Default:2

The respawn count for haproxy’s upstart script

respawn_interval
Type:integer
Default:2

The respawn interval for haproxy’s upstart script

rest_request_conn_timeout
Type:floating point
Default:10

The time in seconds to wait for a REST API to connect.

rest_request_read_timeout
Type:floating point
Default:60

The time in seconds to wait for a REST API response.

client_cert
Type:string
Default:/etc/octavia/certs/client.pem

The client certificate to talk to the agent

server_ca
Type:string
Default:/etc/octavia/certs/server_ca.pem

The ca which signed the server certificates

use_upstart
Type:boolean
Default:true

If False, use sysvinit.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This is now automatically discovered and configured.
bind_ip
Type:ip address
Default:127.0.0.1

IP address the controller will listen on for heart beats

bind_port
Type:port number
Default:5555
Minimum Value:0
Maximum Value:65535

Port number the controller will listen onfor heart beats

failover_threads
Type:integer
Default:10

Number of threads performing amphora failovers.

status_update_threads
Type:integer
Default:50

Number of threads performing amphora status update.

heartbeat_key
Type:string
Default:<None>

key used to validate amphora sendingthe message

heartbeat_timeout
Type:integer
Default:60

Interval, in seconds, to wait before failing over an amphora.

health_check_interval
Type:integer
Default:3

Sleep time between health checks in seconds.

sock_rlimit
Type:

integer

Default:

0

sets the value of the heartbeat recv buffer

controller_ip_port_list
Type:list
Default:

List of controller ip and port pairs for the heartbeat receivers. Example 127.0.0.1:5555, 192.168.0.1:5555

heartbeat_interval
Type:integer
Default:10

Sleep time between sending heartbeats.

event_streamer_driver
Type:string
Default:noop_event_streamer

Specifies which driver to use for the event_streamer for syncing the octavia and neutron_lbaas dbs. If you don’t need to sync the database or are running octavia in stand alone mode use the noop_event_streamer

spare_check_interval
Type:integer
Default:30

Spare check interval in seconds

spare_amphora_pool_size
Type:integer
Default:0

Number of spare amphorae

cleanup_interval
Type:integer
Default:30

DB cleanup interval in seconds

amphora_expiry_age
Type:integer
Default:604800

Amphora expiry age in seconds

load_balancer_expiry_age
Type:integer
Default:604800

Load balancer expiry age in seconds

cert_interval
Type:integer
Default:3600

Certificate check interval in seconds

cert_expiry_buffer
Type:integer
Default:1209600

Seconds until certificate expiration

cert_rotate_threads
Type:integer
Default:10

Number of threads performing amphora certificate rotation

vrrp_advert_int
Type:integer
Default:1

Amphora role and priority advertisement interval in seconds.

vrrp_check_interval
Type:integer
Default:5

VRRP health check script run interval in seconds.

vrrp_fail_count
Type:integer
Default:2

Number of successive failures before transition to a fail state.

vrrp_success_count
Type:integer
Default:2

Number of consecutive successes before transition to a success state.

vrrp_garp_refresh_interval
Type:integer
Default:5

Time in seconds between gratuitous ARP announcements from the MASTER.

vrrp_garp_refresh_count
Type:integer
Default:2

Number of gratuitous ARP announcements to make on each refresh interval.

max_retries
Type:integer
Default:15

The maximum attempts to retry an action with the networking service.

retry_interval
Type:integer
Default:1

Seconds to wait before retrying an action with the networking service.

port_detach_timeout
Type:integer
Default:300

Seconds to wait for a port to detach from an amphora.

allow_vip_network_id
Type:boolean
Default:true

Can users supply a network_id for their VIP?

allow_vip_subnet_id
Type:boolean
Default:true

Can users supply a subnet_id for their VIP?

allow_vip_port_id
Type:boolean
Default:true

Can users supply a port_id for their VIP?

valid_vip_networks
Type:list
Default:<None>

List of network_ids that are valid for VIP creation. If this field is empty, no validation is performed.

service_name
Type:string
Default:<None>

The name of the neutron service in the keystone catalog

endpoint
Type:string
Default:<None>

A new endpoint to override the endpoint in the keystone catalog.

region_name
Type:string
Default:<None>

Region in Identity service catalog to use for communication with the OpenStack services.

endpoint_type
Type:string
Default:publicURL

Endpoint interface in identity service to use

ca_certificates_file
Type:string
Default:<None>

CA certificates file path

insecure
Type:boolean
Default:false

Disable certificate validation on SSL connections

service_name
Type:string
Default:<None>

The name of the nova service in the keystone catalog

endpoint
Type:string
Default:<None>

A new endpoint to override the endpoint in the keystone catalog.

region_name
Type:string
Default:<None>

Region in Identity service catalog to use for communication with the OpenStack services.

endpoint_type
Type:string
Default:publicURL

Endpoint interface in identity service to use

ca_certificates_file
Type:string
Default:<None>

CA certificates file path

insecure
Type:boolean
Default:false

Disable certificate validation on SSL connections

enable_anti_affinity
Type:boolean
Default:false

Flag to indicate if nova anti-affinity feature is turned on.

anti_affinity_policy
Type:string
Default:anti-affinity
Valid Values:anti-affinity, soft-anti-affinity

Sets the anti-affinity policy for nova

random_amphora_name_length
Type:integer
Default:0

If non-zero, generate a random name of the length provided for each amphora, in the format “a[A-Z0-9]*”. Otherwise, the default name format will be used: “amphora-{UUID}”.

availability_zone
Type:string
Default:<None>

Availability zone to use for creating Amphorae

topic
Type:string
Default:<None>
event_stream_topic
Type:string
Default:neutron_lbaas_event

topic name for communicating events through a queue

auth_url
Type:unknown type
Default:<None>

Authentication URL

auth_type
Type:unknown type
Default:<None>

Authentication type to load

Deprecated Variations
Group Name
service_auth auth_plugin
cafile
Type:string
Default:<None>

PEM encoded Certificate Authority to use when verifying HTTPs connections.

certfile
Type:string
Default:<None>

PEM encoded client certificate cert file

default_domain_id
Type:unknown type
Default:<None>

Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.

default_domain_name
Type:unknown type
Default:<None>

Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.

domain_id
Type:unknown type
Default:<None>

Domain ID to scope to

domain_name
Type:unknown type
Default:<None>

Domain name to scope to

insecure
Type:boolean
Default:false

Verify HTTPS connections.

keyfile
Type:string
Default:<None>

PEM encoded client certificate key file

password
Type:unknown type
Default:<None>

User’s password

project_domain_id
Type:unknown type
Default:<None>

Domain ID containing project

project_domain_name
Type:unknown type
Default:<None>

Domain name containing project

project_id
Type:unknown type
Default:<None>

Project ID to scope to

Deprecated Variations
Group Name
service_auth tenant-id
service_auth tenant_id
project_name
Type:unknown type
Default:<None>

Project name to scope to

Deprecated Variations
Group Name
service_auth tenant-name
service_auth tenant_name
tenant_id
Type:unknown type
Default:<None>

Tenant ID

tenant_name
Type:unknown type
Default:<None>

Tenant Name

timeout
Type:integer
Default:<None>

Timeout value for http requests

trust_id
Type:unknown type
Default:<None>

Trust ID

user_domain_id
Type:unknown type
Default:<None>

User’s domain id

user_domain_name
Type:unknown type
Default:<None>

User’s domain name

user_id
Type:unknown type
Default:<None>

User id

username
Type:unknown type
Default:<None>

Username

Deprecated Variations
Group Name
service_auth user-name
service_auth user_name
engine
Type:string
Default:serial

TaskFlow engine to use

max_workers
Type:integer
Default:5

The maximum number of workers

disable_revert
Type:boolean
Default:false

If True, disables the controller worker taskflow flows from reverting. This will leave resources in an inconsistent state and should only be used for debugging purposes.