ironic-neutron-agent - Configuration Options¶
The following is an overview of all available configuration options in networking-baremetal. For a sample configuration file, refer to Sample Configuration File.
DEFAULT¶
- debug¶
- Type:
boolean
- Default:
False- Mutable:
This option can be changed without restarting.
If set to true, the logging level will be set to DEBUG instead of the default INFO level.
- log_config_append¶
- Type:
string
- Default:
<None>- Mutable:
This option can be changed without restarting.
The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log-date-format).
Deprecated Variations¶ Group
Name
DEFAULT
log-config
DEFAULT
log_config
- log_date_format¶
- Type:
string
- Default:
%Y-%m-%d %H:%M:%S
Defines the format string for %(asctime)s in log records. Default: the value above . This option is ignored if log_config_append is set.
- log_file¶
- Type:
string
- Default:
<None>
(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.
Deprecated Variations¶ Group
Name
DEFAULT
logfile
- log_dir¶
- Type:
string
- Default:
<None>
(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.
Deprecated Variations¶ Group
Name
DEFAULT
logdir
- use_syslog¶
- Type:
boolean
- Default:
False
Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.
- use_journal¶
- Type:
boolean
- Default:
False
Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.
- syslog_log_facility¶
- Type:
string
- Default:
LOG_USER
Syslog facility to receive log lines. This option is ignored if log_config_append is set.
- use_json¶
- Type:
boolean
- Default:
False
Use JSON formatting for logging. This option is ignored if log_config_append is set.
- use_stderr¶
- Type:
boolean
- Default:
False
Log output to standard error. This option is ignored if log_config_append is set.
- log_color¶
- Type:
boolean
- Default:
False
(Optional) Set the ‘color’ key according to log levels. This option takes effect only when logging to stderr or stdout is used. This option is ignored if log_config_append is set.
- log_rotate_interval¶
- Type:
integer
- Default:
1
The amount of time before the log files are rotated. This option is ignored unless log_rotation_type is set to “interval”.
- log_rotate_interval_type¶
- Type:
string
- Default:
days- Valid Values:
Seconds, Minutes, Hours, Days, Weekday, Midnight
Rotation interval type. The time of the last file change (or the time when the service was started) is used when scheduling the next rotation.
- max_logfile_count¶
- Type:
integer
- Default:
30
Maximum number of rotated log files.
- max_logfile_size_mb¶
- Type:
integer
- Default:
200
Log file maximum size in MB. This option is ignored if “log_rotation_type” is not set to “size”.
- log_rotation_type¶
- Type:
string
- Default:
none- Valid Values:
interval, size, none
Log rotation type.
Possible values
- interval
Rotate logs at predefined time intervals.
- size
Rotate logs once they reach a predefined size.
- none
Do not rotate log files.
- logging_context_format_string¶
- Type:
string
- Default:
%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s
Format string to use for log messages with context. Used by oslo_log.formatters.ContextFormatter
- logging_default_format_string¶
- Type:
string
- Default:
%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
Format string to use for log messages when context is undefined. Used by oslo_log.formatters.ContextFormatter
- logging_debug_format_suffix¶
- Type:
string
- Default:
%(funcName)s %(pathname)s:%(lineno)d
Additional data to append to log message when logging level for the message is DEBUG. Used by oslo_log.formatters.ContextFormatter
- logging_exception_prefix¶
- Type:
string
- Default:
%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
Prefix each line of exception output with this format. Used by oslo_log.formatters.ContextFormatter
- logging_user_identity_format¶
- Type:
string
- Default:
%(user)s %(project)s %(domain)s %(system_scope)s %(user_domain)s %(project_domain)s
Defines the format string for %(user_identity)s that is used in logging_context_format_string. Used by oslo_log.formatters.ContextFormatter
- default_log_levels¶
- Type:
list
- Default:
['amqp=WARN', 'boto=WARN', 'sqlalchemy=WARN', 'suds=INFO', 'oslo.messaging=INFO', 'oslo_messaging=INFO', 'iso8601=WARN', 'requests.packages.urllib3.connectionpool=WARN', 'urllib3.connectionpool=WARN', 'websocket=WARN', 'requests.packages.urllib3.util.retry=WARN', 'urllib3.util.retry=WARN', 'keystonemiddleware=WARN', 'routes.middleware=WARN', 'stevedore=WARN', 'taskflow=WARN', 'keystoneauth=WARN', 'oslo.cache=INFO', 'oslo_policy=INFO', 'dogpile.core.dogpile=INFO']
List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.
- publish_errors¶
- Type:
boolean
- Default:
False
Enables or disables publication of error events.
- instance_format¶
- Type:
string
- Default:
"[instance: %(uuid)s] "
The format for an instance that is passed with the log message.
- instance_uuid_format¶
- Type:
string
- Default:
"[instance: %(uuid)s] "
The format for an instance UUID that is passed with the log message.
- rate_limit_interval¶
- Type:
integer
- Default:
0
Interval, number of seconds, of log rate limiting.
- rate_limit_burst¶
- Type:
integer
- Default:
0
Maximum number of logged messages per rate_limit_interval.
- rate_limit_except_level¶
- Type:
string
- Default:
CRITICAL- Valid Values:
CRITICAL, ERROR, INFO, WARNING, DEBUG, ‘’
Log level name used by rate limiting. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered.
- fatal_deprecations¶
- Type:
boolean
- Default:
False
Enables or disables fatal status of deprecations.
agent¶
- report_interval¶
- Type:
floating point
- Default:
30
Seconds between nodes reporting state to server; should be less than agent_down_time, best if it is half or less than agent_down_time.
- log_agent_heartbeats¶
- Type:
boolean
- Default:
False
Log agent heartbeats
baremetal_agent¶
- enable_ha_chassis_group_alignment¶
- Type:
boolean
- Default:
True
Enable HA chassis group alignment reconciliation for router ports on networks with baremetal external ports. This fixes Launchpad bug #1995078 where mismatched HA chassis group priorities between router gateway ports and baremetal external ports cause intermittent connectivity issues. When enabled, the agent ensures router ports use the same ha_chassis_group as baremetal external ports on the same network.
- ha_chassis_group_alignment_interval¶
- Type:
integer
- Default:
600- Minimum Value:
60
Interval in seconds between HA chassis group alignment reconciliation runs. This controls how frequently the agent checks for and fixes mismatched HA chassis groups. Default is 600 seconds (10 minutes). Minimum is 60 seconds to avoid excessive API load.
- limit_ha_chassis_group_alignment_to_recent_changes_only¶
- Type:
boolean
- Default:
True
When enabled, HA chassis group alignment only checks resources created or updated within the time window specified by ha_chassis_group_alignment_window. This reduces reconciliation overhead by focusing on recently created resources that may have mismatched HA chassis groups. When disabled, performs full reconciliation of all resources on each run, which is more thorough but has higher API and database load.
- ha_chassis_group_alignment_window¶
- Type:
integer
- Default:
1200- Minimum Value:
0
Time window in seconds for checking recent resources when limit_ha_chassis_group_alignment_to_recent_changes_only is enabled. Default is 1200 seconds (20 minutes), which is 2x the default alignment interval. Resources created or updated within this window will be checked for HA chassis group alignment. Setting to 0 effectively disables windowing even if the limit flag is enabled.
- enable_router_ha_binding¶
- Type:
boolean
- Default:
True
Enable router HA binding for router interface ports on networks with baremetal nodes. When enabled, the agent automatically binds router interface ports to the same HA chassis group as the network’s external ports, enabling proper ARP resolution and connectivity between baremetal nodes and their router gateway on VLAN networks. This fixes Launchpad bug #2144458 where baremetal nodes experience persistent connectivity failures to their router gateway. Uses both event-driven binding (for immediate response) and periodic reconciliation (for edge cases).
- enable_router_ha_binding_events¶
- Type:
boolean
- Default:
True
Enable event-driven router HA binding. When enabled, the agent responds immediately to HA chassis group creation events by binding router interface ports on the affected network. This provides instant connectivity when networks are created. Requires enable_router_ha_binding to be enabled. If disabled, only periodic reconciliation will be used, which may result in connectivity delays until the next reconciliation cycle.
- router_ha_binding_interval¶
- Type:
integer
- Default:
600- Minimum Value:
60
Interval in seconds for periodic router HA binding reconciliation. This ensures router interface ports are bound to network HA chassis groups even if events are missed or routers are added after the fact. Default is 600 seconds (10 minutes). Minimum is 60 seconds.
- router_ha_binding_startup_jitter_max¶
- Type:
integer
- Default:
60- Minimum Value:
0
Maximum random delay in seconds to add to initial reconciliation start time. This prevents thundering herd issues when multiple agents restart simultaneously (e.g., post-upgrade). A value of 60 means each agent will start reconciliation within 0-60 seconds of startup. Matches l2vni_startup_jitter_max for consistency.
ironic¶
- auth_strategy¶
- Type:
string
- Default:
keystone- Valid Values:
keystone, noauth
Method to use for authentication: noauth or keystone.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
- Reason:
This option is no longer used, please use the [ironic]/auth_type option instead.
- service_type¶
- Type:
string
- Default:
<None>
The default service_type for endpoint URL discovery.
- service_name¶
- Type:
string
- Default:
<None>
The default service_name for endpoint URL discovery.
- valid_interfaces¶
- Type:
list
- Default:
<None>
List of interfaces, in order of preference, for endpoint URL.
- region_name¶
- Type:
string
- Default:
<None>
The default region_name for endpoint URL discovery.
Deprecated Variations¶ Group
Name
ironic
os_region
- endpoint_override¶
- Type:
string
- Default:
<None>
Always use this endpoint URL for requests for this client. NOTE: The unversioned endpoint should be specified here; to request a particular API version, use the version, min-version, and/or max-version options.
Deprecated Variations¶ Group
Name
ironic
ironic_url
- version¶
- Type:
string
- Default:
<None>
Minimum Major API version within a given Major API version for endpoint URL discovery. Mutually exclusive with min_version and max_version
- min_version¶
- Type:
string
- Default:
<None>
The minimum major version of a given API, intended to be used as the lower bound of a range with max_version. Mutually exclusive with version. If min_version is given with no max_version it is as if max version is “latest”.
- max_version¶
- Type:
string
- Default:
<None>
The maximum major version of a given API, intended to be used as the upper bound of a range with min_version. Mutually exclusive with version.
- connect_retries¶
- Type:
integer
- Default:
<None>
The maximum number of retries that should be attempted for connection errors.
- connect_retry_delay¶
- Type:
floating point
- Default:
<None>
Delay (in seconds) between two retries for connection errors. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
- status_code_retries¶
- Type:
integer
- Default:
<None>
The maximum number of retries that should be attempted for retriable HTTP status codes.
Deprecated Variations¶ Group
Name
ironic
max_retries
- status_code_retry_delay¶
- Type:
floating point
- Default:
<None>
Delay (in seconds) between two retries for retriable status codes. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
Deprecated Variations¶ Group
Name
ironic
retry_interval
- retriable_status_codes¶
- Type:
list
- Default:
<None>
List of retriable HTTP status codes that should be retried. If not set default to [503]
- interface¶
- Type:
string
- Default:
<None>
The default interface for endpoint URL discovery.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
- Reason:
Using valid-interfaces is preferrable because it is capable of accepting a list of possible interfaces.
- cafile¶
- Type:
string
- Default:
<None>
PEM encoded Certificate Authority to use when verifying HTTPs connections.
- certfile¶
- Type:
string
- Default:
<None>
PEM encoded client certificate cert file
- keyfile¶
- Type:
string
- Default:
<None>
PEM encoded client certificate key file
- insecure¶
- Type:
boolean
- Default:
False
Verify HTTPS connections.
- timeout¶
- Type:
integer
- Default:
<None>
Timeout value for http requests
- collect_timing¶
- Type:
boolean
- Default:
False
Collect per-API call timing information.
- split_loggers¶
- Type:
boolean
- Default:
False
Log requests to multiple loggers.
- auth_url¶
- Type:
unknown type
- Default:
<None>
Authentication URL
- system_scope¶
- Type:
unknown type
- Default:
<None>
Scope for system operations
- domain_id¶
- Type:
unknown type
- Default:
<None>
Domain ID to scope to
- domain_name¶
- Type:
unknown type
- Default:
<None>
Domain name to scope to
- project_id¶
- Type:
unknown type
- Default:
<None>
Project ID to scope to
- project_name¶
- Type:
unknown type
- Default:
<None>
Project name to scope to
- project_domain_id¶
- Type:
unknown type
- Default:
<None>
Domain ID containing project
- project_domain_name¶
- Type:
unknown type
- Default:
<None>
Domain name containing project
- trust_id¶
- Type:
unknown type
- Default:
<None>
ID of the trust to use as a trustee use
- user_id¶
- Type:
unknown type
- Default:
<None>
User’s user ID
- username¶
- Type:
unknown type
- Default:
<None>
User’s username
Deprecated Variations¶ Group
Name
ironic
user-name
ironic
user_name
- user_domain_id¶
- Type:
unknown type
- Default:
<None>
User’s domain ID
- user_domain_name¶
- Type:
unknown type
- Default:
<None>
User’s domain name
- password¶
- Type:
unknown type
- Default:
<None>
User’s password
l2vni¶
- enable_l2vni_trunk_reconciliation¶
- Type:
boolean
- Default:
True
Enable L2VNI trunk port reconciliation based on OVN ha_chassis_group membership. When enabled, the agent will automatically manage trunk subports for network nodes to ensure only required VLANs are trunked to each chassis. This feature creates anchor ports and trunk configurations to bridge overlay networks to physical network infrastructure.
- l2vni_reconciliation_interval¶
- Type:
integer
- Default:
180- Minimum Value:
30
Interval in seconds between L2VNI trunk reconciliation runs. Default is 180 seconds (3 minutes).
- l2vni_network_nodes_config¶
- Type:
string
- Default:
/etc/neutron/l2vni_network_nodes.yaml
Path to YAML file containing network node trunk port configuration. Used as fallback when trunk configuration is not available from OVN LLDP data or Ironic. The file should define system_id or hostname, physical_network, and local_link_information for each network node. Network nodes can be identified by either system_id (OVN chassis UUID) or hostname (OVN chassis hostname) for easier configuration.
- l2vni_auto_create_networks¶
- Type:
boolean
- Default:
True
Automatically create Neutron networks for ha_chassis_groups and subport anchors if they do not exist. These networks are used for metadata and modeling, not for passing traffic. If disabled, networks must be pre-created with names matching the expected patterns.
- l2vni_subport_anchor_network¶
- Type:
string
- Default:
l2vni-subport-anchor
Name of the shared network used for all trunk subports. This network is used to signal VLAN bindings to ML2 switch plugins and does not pass actual traffic. Will be auto-created if l2vni_auto_create_networks is enabled.
- l2vni_subport_anchor_network_type¶
- Type:
string
- Default:
geneve- Valid Values:
geneve, vxlan
Network type to use for L2VNI anchor networks (both subport anchor and ha_chassis_group networks). These networks are used for metadata and modeling only, not for passing traffic. Must match the overlay network type configured in your environment. If the specified type is not available, network creation will fail with an error rather than falling back to an alternative type.
- l2vni_startup_jitter_max¶
- Type:
integer
- Default:
60- Minimum Value:
0
Maximum random delay in seconds to add to initial reconciliation start time. This prevents thundering herd issues when multiple agents restart simultaneously (e.g., post-upgrade). A value of 60 means each agent will start reconciliation within 0-60 seconds of startup.
- enable_l2vni_trunk_reconciliation_events¶
- Type:
boolean
- Default:
True
Enable event-driven L2VNI trunk reconciliation. When enabled, the agent watches OVN Northbound database for localnet port creation and deletion events and triggers immediate reconciliation. This eliminates the stale IDL cache issue and provides sub-second reconciliation latency. Periodic reconciliation still runs as a safety net. Requires enable_l2vni_trunk_reconciliation to be enabled. If disabled, only periodic reconciliation will be used.
- ovn_nb_connection¶
- Type:
list
- Default:
<None>
OVN Northbound database connection string(s). For HA deployments, specify multiple comma-separated connection strings. Used to query ha_chassis_groups, logical switches, and router ports for L2VNI trunk reconciliation. If not specified, reads from [ovn] ovn_nb_connection (shared with Neutron ML2). Defaults to tcp:127.0.0.1:6641 if neither is configured.
- ovn_sb_connection¶
- Type:
list
- Default:
<None>
OVN Southbound database connection string(s). For HA deployments, specify multiple comma-separated connection strings. Used to query chassis information and LLDP data for L2VNI trunk reconciliation. If not specified, reads from [ovn] ovn_sb_connection (shared with Neutron ML2). Defaults to tcp:127.0.0.1:6642 if neither is configured.
- ovn_ovsdb_timeout¶
- Type:
integer
- Default:
<None>
Timeout in seconds for OVN OVSDB connections. If not specified, reads from [ovn] ovsdb_connection_timeout (shared with Neutron ML2). Defaults to 180 if neither is configured.
- ironic_cache_ttl¶
- Type:
integer
- Default:
3600- Minimum Value:
300
Time-to-live in seconds for cached Ironic node and port data. Each system_id entry is cached independently and expires after this duration from when it was fetched. This avoids thundering herd issues when multiple agents are running. A small amount of jitter (10-20%) is automatically added to spread cache refresh times. Default is 3600 seconds (1 hour). Minimum is 300 seconds (5 minutes) to avoid excessive API load.
- ironic_conductor_group¶
- Type:
string
- Default:
<None>
Ironic conductor group to filter nodes when querying for local_link_information data. This allows the agent to only query nodes managed by a specific conductor group, reducing API load in large deployments. If not specified, all nodes are queried.
- ironic_shard¶
- Type:
string
- Default:
<None>
Ironic shard to filter nodes when querying for local_link_information data. This allows the agent to only query nodes in a specific shard, reducing API load in large sharded deployments. If not specified, all nodes are queried.
neutron¶
- service_type¶
- Type:
string
- Default:
<None>
The default service_type for endpoint URL discovery.
- service_name¶
- Type:
string
- Default:
<None>
The default service_name for endpoint URL discovery.
- valid_interfaces¶
- Type:
list
- Default:
<None>
List of interfaces, in order of preference, for endpoint URL.
- region_name¶
- Type:
string
- Default:
<None>
The default region_name for endpoint URL discovery.
- endpoint_override¶
- Type:
string
- Default:
<None>
Always use this endpoint URL for requests for this client. NOTE: The unversioned endpoint should be specified here; to request a particular API version, use the version, min-version, and/or max-version options.
- version¶
- Type:
string
- Default:
<None>
Minimum Major API version within a given Major API version for endpoint URL discovery. Mutually exclusive with min_version and max_version
- min_version¶
- Type:
string
- Default:
<None>
The minimum major version of a given API, intended to be used as the lower bound of a range with max_version. Mutually exclusive with version. If min_version is given with no max_version it is as if max version is “latest”.
- max_version¶
- Type:
string
- Default:
<None>
The maximum major version of a given API, intended to be used as the upper bound of a range with min_version. Mutually exclusive with version.
- connect_retries¶
- Type:
integer
- Default:
<None>
The maximum number of retries that should be attempted for connection errors.
- connect_retry_delay¶
- Type:
floating point
- Default:
<None>
Delay (in seconds) between two retries for connection errors. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
- status_code_retries¶
- Type:
integer
- Default:
<None>
The maximum number of retries that should be attempted for retriable HTTP status codes.
- status_code_retry_delay¶
- Type:
floating point
- Default:
<None>
Delay (in seconds) between two retries for retriable status codes. If not set, exponential retry starting with 0.5 seconds up to a maximum of 60 seconds is used.
- retriable_status_codes¶
- Type:
list
- Default:
<None>
List of retriable HTTP status codes that should be retried. If not set default to [503]
- interface¶
- Type:
string
- Default:
<None>
The default interface for endpoint URL discovery.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
- Reason:
Using valid-interfaces is preferrable because it is capable of accepting a list of possible interfaces.
- cafile¶
- Type:
string
- Default:
<None>
PEM encoded Certificate Authority to use when verifying HTTPs connections.
- certfile¶
- Type:
string
- Default:
<None>
PEM encoded client certificate cert file
- keyfile¶
- Type:
string
- Default:
<None>
PEM encoded client certificate key file
- insecure¶
- Type:
boolean
- Default:
False
Verify HTTPS connections.
- timeout¶
- Type:
integer
- Default:
<None>
Timeout value for http requests
- collect_timing¶
- Type:
boolean
- Default:
False
Collect per-API call timing information.
- split_loggers¶
- Type:
boolean
- Default:
False
Log requests to multiple loggers.
- auth_url¶
- Type:
unknown type
- Default:
<None>
Authentication URL
- system_scope¶
- Type:
unknown type
- Default:
<None>
Scope for system operations
- domain_id¶
- Type:
unknown type
- Default:
<None>
Domain ID to scope to
- domain_name¶
- Type:
unknown type
- Default:
<None>
Domain name to scope to
- project_id¶
- Type:
unknown type
- Default:
<None>
Project ID to scope to
- project_name¶
- Type:
unknown type
- Default:
<None>
Project name to scope to
- project_domain_id¶
- Type:
unknown type
- Default:
<None>
Domain ID containing project
- project_domain_name¶
- Type:
unknown type
- Default:
<None>
Domain name containing project
- trust_id¶
- Type:
unknown type
- Default:
<None>
ID of the trust to use as a trustee use
- user_id¶
- Type:
unknown type
- Default:
<None>
User’s user ID
- username¶
- Type:
unknown type
- Default:
<None>
User’s username
Deprecated Variations¶ Group
Name
neutron
user-name
neutron
user_name
- user_domain_id¶
- Type:
unknown type
- Default:
<None>
User’s domain ID
- user_domain_name¶
- Type:
unknown type
- Default:
<None>
User’s domain name
- password¶
- Type:
unknown type
- Default:
<None>
User’s password
