Octavia Configuration Options

Table of Contents

• Octavia Configuration Options
  • DEFAULT
  • amphora_agent
  • certificates
  • controller_worker
  • glance
  • haproxy_amphora
  • health_manager
  • house_keeping
  • keepalived_vrrp
  • networking
  • neutron
  • nova
  • oslo_messaging
  • service_auth
  • task_flow

DEFAULT

host

Type:hostname Default:ubuntu-xenial-osic-cloud1-s3700-9588999

The hostname Octavia is running on

octavia_plugins

Type:string Default:hot_plug_plugin

Name of the controller plugin to use

bind_host

Type:ip address Default:<None>

The host IP to bind to

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This setting has moved to the [api_settings] section.

bind_port

Type:port number Default:<None> Minimum Value:0 Maximum Value:65535

The port to bind to

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This setting has moved to the [api_settings] section.

auth_strategy

Type:string Default:<None> Valid Values:noauth, keystone, testing

The auth strategy for API requests.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This setting has moved to the [api_settings] section.

api_handler

Type:string Default:<None>

The handler that the API communicates with

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This setting has moved to the [api_settings] section.

amphora_agent

agent_server_ca

Type:string Default:/etc/octavia/certs/client_ca.pem

The ca which signed the client certificates

agent_server_cert

Type:string Default:/etc/octavia/certs/server.pem

The server certificate for the agent.py server to use

agent_server_network_dir

Type:string Default:<None>

The directory where new network interfaces are located

agent_server_network_file

Type:string Default:<None>

The file where the network interfaces are located. Specifying this will override any value set for agent_server_network_dir.

agent_request_read_timeout

Type:integer Default:120

The time in seconds to allow a request from the controller to run before terminating the socket.

amphora_id

Type:string Default:<None>

The amphora ID.

certificates

cert_manager

Type:string Default:barbican_cert_manager

Name of the cert manager to use

cert_generator

Type:string Default:local_cert_generator

Name of the cert generator to use

barbican_auth

Type:string Default:barbican_acl_auth

Name of the Barbican authentication method to use

service_name

Type:string Default:<None>

The name of the certificate service in the keystonecatalog

endpoint

Type:string Default:<None>

A new endpoint to override the endpoint in the keystone catalog.

region_name

Type:string Default:<None>

Region in Identity service catalog to use for communication with the barbican service.

endpoint_type

Type:string Default:publicURL

The endpoint_type to be used for barbican service.

ca_certificates_file

Type:string Default:<None>

CA certificates file path

insecure

Type:boolean Default:false

Disable certificate validation on SSL connections

controller_worker

workers

Type:integer Default:1 Minimum Value:1

Number of workers for the controller-worker service.

amp_active_retries

Type:integer Default:10

Retry attempts to wait for Amphora to become active

amp_active_wait_sec

Type:integer Default:10

Seconds to wait between checks on whether an Amphora has become active

amp_flavor_id

Type:string Default:

Nova instance flavor id for the Amphora

amp_image_tag

Type:string Default:

Glance image tag for the Amphora image to boot. Use this option to be able to update the image without reconfiguring Octavia. Ignored if amp_image_id is defined.

amp_image_id

Type:string Default:

Glance image id for the Amphora image to boot

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:Superseded by amp_image_tag option.

amp_image_owner_id

Type:string Default:

Restrict glance image selection to a specific owner ID. This is a recommended security setting.

amp_ssh_key_name

Type:string Default:

SSH key name used to boot the Amphora

amp_ssh_access_allowed

Type:boolean Default:true

Determines whether or not to allow access to the Amphorae

amp_boot_network_list

Type:list Default:

List of networks to attach to the Amphorae. All networks defined in the list will be attached to each amphora.

amp_secgroup_list

Type:list Default:

List of security groups to attach to the Amphora.

client_ca

Type:string Default:/etc/octavia/certs/ca_01.pem

Client CA for the amphora agent to use

amphora_driver

Type:string Default:amphora_noop_driver

Name of the amphora driver to use

compute_driver

Type:string Default:compute_noop_driver

Name of the compute driver to use

network_driver

Type:string Default:network_noop_driver

Name of the network driver to use

loadbalancer_topology

Type:string Default:SINGLE Valid Values:ACTIVE_STANDBY, SINGLE

Load balancer topology configuration. SINGLE - One amphora per load balancer. ACTIVE_STANDBY - Two amphora per load balancer.

user_data_config_drive

Type:boolean Default:false

If True, build cloud-init user-data that is passed to the config drive on Amphora boot instead of personality files. If False, utilize personality files.

glance

service_name

Type:string Default:<None>

The name of the glance service in the keystone catalog

endpoint

Type:string Default:<None>

A new endpoint to override the endpoint in the keystone catalog.

region_name

Type:string Default:<None>

Region in Identity service catalog to use for communication with the OpenStack services.

endpoint_type

Type:string Default:publicURL

Endpoint interface in identity service to use

ca_certificates_file

Type:string Default:<None>

CA certificates file path

insecure

Type:boolean Default:false

Disable certificate validation on SSL connections

haproxy_amphora

base_path

Type:string Default:/var/lib/octavia

Base directory for amphora files.

base_cert_dir

Type:string Default:/var/lib/octavia/certs

Base directory for cert storage.

haproxy_template

Type:string Default:<None>

Custom haproxy template.

connection_max_retries

Type:integer Default:300

Retry threshold for connecting to amphorae.

connection_retry_interval

Type:integer Default:5

Retry timeout between connection attempts in seconds.

build_rate_limit

Type:integer Default:-1

Number of amphorae that could be built per controllerworker, simultaneously.

build_active_retries

Type:integer Default:300

Retry threshold for waiting for a build slot for an amphorae.

build_retry_interval

Type:integer Default:5

Retry timeout between build attempts in seconds.

user_group

Type:string Default:<None>

The user group for haproxy to run under inside the amphora.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This is now automatically discovered and configured.

haproxy_stick_size

Type:string Default:10k

Size of the HAProxy stick table. Accepts k, m, g suffixes. Example: 10k

bind_host

Type:ip address Default:::

The host IP to bind to

bind_port

Type:port number Default:9443 Minimum Value:0 Maximum Value:65535

The port to bind to

lb_network_interface

Type:string Default:o-hm0

Network interface through which to reach amphora, only required if using IPv6 link local addresses.

haproxy_cmd

Type:string Default:/usr/sbin/haproxy

The full path to haproxy

respawn_count

Type:integer Default:2

The respawn count for haproxy’s upstart script

respawn_interval

Type:integer Default:2

The respawn interval for haproxy’s upstart script

rest_request_conn_timeout

Type:floating point Default:10

The time in seconds to wait for a REST API to connect.

rest_request_read_timeout

Type:floating point Default:60

The time in seconds to wait for a REST API response.

client_cert

Type:string Default:/etc/octavia/certs/client.pem

The client certificate to talk to the agent

server_ca

Type:string Default:/etc/octavia/certs/server_ca.pem

The ca which signed the server certificates

use_upstart

Type:boolean Default:true

If False, use sysvinit.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This is now automatically discovered and configured.

health_manager

bind_ip

Type:ip address Default:127.0.0.1

IP address the controller will listen on for heart beats

bind_port

Type:port number Default:5555 Minimum Value:0 Maximum Value:65535

Port number the controller will listen onfor heart beats

failover_threads

Type:integer Default:10

Number of threads performing amphora failovers.

status_update_threads

Type:integer Default:50

Number of threads performing amphora status update.

heartbeat_key

Type:string Default:<None>

key used to validate amphora sendingthe message

heartbeat_timeout

Type:integer Default:60

Interval, in seconds, to wait before failing over an amphora.

health_check_interval

Type:integer Default:3

Sleep time between health checks in seconds.

sock_rlimit

Type:

integer

Default:

0

sets the value of the heartbeat recv buffer

controller_ip_port_list

Type:list Default:

List of controller ip and port pairs for the heartbeat receivers. Example 127.0.0.1:5555, 192.168.0.1:5555

heartbeat_interval

Type:integer Default:10

Sleep time between sending heartbeats.

event_streamer_driver

Type:string Default:noop_event_streamer

Specifies which driver to use for the event_streamer for syncing the octavia and neutron_lbaas dbs. If you don’t need to sync the database or are running octavia in stand alone mode use the noop_event_streamer

house_keeping

spare_check_interval

Type:integer Default:30

Spare check interval in seconds

spare_amphora_pool_size

Type:integer Default:0

Number of spare amphorae

cleanup_interval

Type:integer Default:30

DB cleanup interval in seconds

amphora_expiry_age

Type:integer Default:604800

Amphora expiry age in seconds

load_balancer_expiry_age

Type:integer Default:604800

Load balancer expiry age in seconds

cert_interval

Type:integer Default:3600

Certificate check interval in seconds

cert_expiry_buffer

Type:integer Default:1209600

Seconds until certificate expiration

cert_rotate_threads

Type:integer Default:10

Number of threads performing amphora certificate rotation

keepalived_vrrp

vrrp_advert_int

Type:integer Default:1

Amphora role and priority advertisement interval in seconds.

vrrp_check_interval

Type:integer Default:5

VRRP health check script run interval in seconds.

vrrp_fail_count

Type:integer Default:2

Number of successive failures before transition to a fail state.

vrrp_success_count

Type:integer Default:2

Number of consecutive successes before transition to a success state.

vrrp_garp_refresh_interval

Type:integer Default:5

Time in seconds between gratuitous ARP announcements from the MASTER.

vrrp_garp_refresh_count

Type:integer Default:2

Number of gratuitous ARP announcements to make on each refresh interval.

networking

max_retries

Type:integer Default:15

The maximum attempts to retry an action with the networking service.

retry_interval

Type:integer Default:1

Seconds to wait before retrying an action with the networking service.

port_detach_timeout

Type:integer Default:300

Seconds to wait for a port to detach from an amphora.

allow_vip_network_id

Type:boolean Default:true

Can users supply a network_id for their VIP?

allow_vip_subnet_id

Type:boolean Default:true

Can users supply a subnet_id for their VIP?

allow_vip_port_id

Type:boolean Default:true

Can users supply a port_id for their VIP?

valid_vip_networks

Type:list Default:<None>

List of network_ids that are valid for VIP creation. If this field is empty, no validation is performed.

neutron

service_name

Type:string Default:<None>

The name of the neutron service in the keystone catalog

endpoint

Type:string Default:<None>

A new endpoint to override the endpoint in the keystone catalog.

region_name

Type:string Default:<None>

Region in Identity service catalog to use for communication with the OpenStack services.

endpoint_type

Type:string Default:publicURL

Endpoint interface in identity service to use

ca_certificates_file

Type:string Default:<None>

CA certificates file path

insecure

Type:boolean Default:false

Disable certificate validation on SSL connections

nova

service_name

Type:string Default:<None>

The name of the nova service in the keystone catalog

endpoint

Type:string Default:<None>

A new endpoint to override the endpoint in the keystone catalog.

region_name

Type:string Default:<None>

Region in Identity service catalog to use for communication with the OpenStack services.

endpoint_type

Type:string Default:publicURL

Endpoint interface in identity service to use

ca_certificates_file

Type:string Default:<None>

CA certificates file path

insecure

Type:boolean Default:false

Disable certificate validation on SSL connections

enable_anti_affinity

Type:boolean Default:false

Flag to indicate if nova anti-affinity feature is turned on.

anti_affinity_policy

Type:string Default:anti-affinity Valid Values:anti-affinity, soft-anti-affinity

Sets the anti-affinity policy for nova

random_amphora_name_length

Type:integer Default:0

If non-zero, generate a random name of the length provided for each amphora, in the format “a[A-Z0-9]*”. Otherwise, the default name format will be used: “amphora-{UUID}”.

availability_zone

Type:string Default:<None>

Availability zone to use for creating Amphorae

oslo_messaging

topic

Type:string Default:<None>

event_stream_topic

Type:string Default:neutron_lbaas_event

topic name for communicating events through a queue

service_auth

auth_url

Type:unknown type Default:<None>

Authentication URL

auth_type

Type:unknown type Default:<None>

Authentication type to load

Deprecated Variations

Group	Name
service_auth	auth_plugin

cafile

Type:string Default:<None>

PEM encoded Certificate Authority to use when verifying HTTPs connections.

certfile

Type:string Default:<None>

PEM encoded client certificate cert file

default_domain_id

Type:unknown type Default:<None>

Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.

default_domain_name

Type:unknown type Default:<None>

Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.

domain_id

Type:unknown type Default:<None>

Domain ID to scope to

domain_name

Type:unknown type Default:<None>

Domain name to scope to

insecure

Type:boolean Default:false

Verify HTTPS connections.

keyfile

Type:string Default:<None>

PEM encoded client certificate key file

password

Type:unknown type Default:<None>

User’s password

project_domain_id

Type:unknown type Default:<None>

Domain ID containing project

project_domain_name

Type:unknown type Default:<None>

Domain name containing project

project_id

Type:unknown type Default:<None>

Project ID to scope to

Deprecated Variations

Group	Name
service_auth	tenant-id
service_auth	tenant_id

project_name

Type:unknown type Default:<None>

Project name to scope to

Deprecated Variations

Group	Name
service_auth	tenant-name
service_auth	tenant_name

tenant_id

Type:unknown type Default:<None>

Tenant ID

tenant_name

Type:unknown type Default:<None>

Tenant Name

timeout

Type:integer Default:<None>

Timeout value for http requests

trust_id

Type:unknown type Default:<None>

Trust ID

user_domain_id

Type:unknown type Default:<None>

User’s domain id

user_domain_name

Type:unknown type Default:<None>

User’s domain name

user_id

Type:unknown type Default:<None>

User id

username

Type:unknown type Default:<None>

Username

Deprecated Variations

Group	Name
service_auth	user-name
service_auth	user_name

task_flow

engine

Type:string Default:serial

TaskFlow engine to use

max_workers

Type:integer Default:5

The maximum number of workers

disable_revert

Type:boolean Default:false

If True, disables the controller worker taskflow flows from reverting. This will leave resources in an inconsistent state and should only be used for debugging purposes.