Load-Balancer-as-a-Service configuration options¶
Use the following options in the neutron_lbaas.conf file for the
LBaaS agent.
Note
The common configurations for shared services and libraries, such as database connections and RPC messaging, are described at Common configurations.
| Configuration option = Default value | Description |
|---|---|
| [certificates] | |
barbican_auth = barbican_acl_auth |
(String) Name of the Barbican authentication method to use |
cert_manager_type = barbican |
(String) Certificate Manager plugin. Defaults to barbican. |
storage_path = /var/lib/neutron-lbaas/certificates/ |
(String) Absolute path to the certificate storage directory. Defaults to env[OS_LBAAS_TLS_STORAGE]. |
Use the following options in the lbaas_agent.ini file for the
LBaaS agent.
| Configuration option = Default value | Description |
|---|---|
| [DEFAULT] | |
debug = False |
(Boolean) If set to true, the logging level will be set to DEBUG instead of the default INFO level. Mutable This option can be changed without restarting. |
device_driver = ['neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver'] |
(Multi-valued) Drivers used to manage loadbalancing devices |
interface_driver = None |
(String) The driver used to manage the virtual interface. |
periodic_interval = 40 |
(Integer) Seconds between running periodic tasks. |
| [haproxy] | |
loadbalancer_state_path = $state_path/lbaas |
(String) Location to store config and state files |
send_gratuitous_arp = 3 |
(Integer) When delete and re-add the same vip, send this many gratuitous ARPs to flush the ARP cache in the Router. Set it below or equal to 0 to disable this feature. |
user_group = nogroup |
(String) The user group |
Use the following options in the services_lbaas.conf file for the
LBaaS agent.
| Configuration option = Default value | Description |
|---|---|
| [DEFAULT] | |
loadbalancer_scheduler_driver = neutron_lbaas.agent_scheduler.ChanceScheduler |
(String) Driver to use for scheduling to a default loadbalancer agent |
| [haproxy] | |
jinja_config_template = /usr/lib/python/site-packages/neutron-lbaas/neutron_lbaas/drivers/haproxy/templates/haproxy.loadbalancer.j2 |
(String) Jinja template file for haproxy configuration |
| [octavia] | |
allocates_vip = False |
(Boolean) True if Octavia will be responsible for allocating the VIP. False if neutron-lbaas will allocate it and pass to Octavia. |
base_url = http://127.0.0.1:9876 |
(String) URL of Octavia controller root |
request_poll_interval = 3 |
(Integer) Interval in seconds to poll octavia when an entity is created, updated, or deleted. |
request_poll_timeout = 100 |
(Integer) Time to stop polling octavia when a status of an entity does not change. |
| [radwarev2] | |
child_workflow_template_names = manage_l3 |
(List) Name of child workflow templates used.Default: manage_l3 |
ha_secondary_address = None |
(String) IP address of secondary vDirect server. |
service_adc_type = VA |
(String) Service ADC type. Default: VA. |
service_adc_version = |
(String) Service ADC version. |
service_cache = 20 |
(Integer) Size of service cache. Default: 20. |
service_compression_throughput = 100 |
(Integer) Service compression throughput. Default: 100. |
service_ha_pair = False |
(Boolean) Enables or disables the Service HA pair. Default: False. |
service_isl_vlan = -1 |
(Integer) A required VLAN for the interswitch link to use. |
service_resource_pool_ids = |
(List) Resource pool IDs. |
service_session_mirroring_enabled = False |
(Boolean) Enable or disable Alteon interswitch link for stateful session failover. Default: False. |
service_ssl_throughput = 100 |
(Integer) Service SSL throughput. Default: 100. |
service_throughput = 1000 |
(Integer) Service throughput. Default: 1000. |
stats_action_name = stats |
(String) Name of the workflow action for statistics. Default: stats. |
vdirect_address = None |
(String) IP address of vDirect server. |
vdirect_password = radware |
(String) vDirect user password. |
vdirect_user = vDirect |
(String) vDirect user name. |
workflow_action_name = apply |
(String) Name of the workflow action. Default: apply. |
workflow_params = {'data_ip_address': '192.168.200.99', 'ha_network_name': 'HA-Network', 'ha_port': 2, 'allocate_ha_ips': True, 'ha_ip_pool_name': 'default', 'allocate_ha_vrrp': True, 'data_port': 1, 'gateway': '192.168.200.1', 'twoleg_enabled': '_REPLACE_', 'data_ip_mask': '255.255.255.0'} |
(Dict) Parameter for l2_l3 workflow constructor. |
workflow_template_name = os_lb_v2 |
(String) Name of the workflow template. Default: os_lb_v2. |
| [radwarev2_debug] | |
configure_l3 = True |
(Boolean) Configule ADC with L3 parameters? |
configure_l4 = True |
(Boolean) Configule ADC with L4 parameters? |
provision_service = True |
(Boolean) Provision ADC service? |
Octavia configuration options¶
Octavia is an operator-grade open source load balancing solution.
Use the following options in the /etc/octavia/octavia.conf file
to configure the octavia service.
| Configuration option = Default value | Description |
|---|---|
| [keystone_authtoken_v3] | |
admin_project_domain = default |
(String) Admin project keystone authentication domain |
admin_user_domain = default |
(String) Admin user keystone authentication domain |
| Configuration option = Default value | Description |
|---|---|
| [DEFAULT] | |
allow_bulk = True |
(Boolean) Allow the usage of the bulk API |
allow_pagination = False |
(Boolean) Allow the usage of the pagination |
allow_sorting = False |
(Boolean) Allow the usage of the sorting |
api_extensions_path = |
(String) The path for API extensions |
api_handler = queue_producer |
(String) The handler that the API communicates with |
api_paste_config = api-paste.ini |
(String) The API paste config file to use |
auth_strategy = noauth |
(String) The auth strategy for API requests. |
bind_host = 127.0.0.1 |
(IP) The host IP to bind to |
bind_port = 9876 |
(Port number) The port to bind to |
control_exchange = octavia |
(String) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option. |
executor_thread_pool_size = 64 |
(Integer) Size of executor thread pool. |
host = localhost |
(String) The hostname Octavia is running on |
octavia_plugins = hot_plug_plugin |
(String) Name of the controller plugin to use |
pagination_max_limit = -1 |
(String) The maximum number of items returned in a single response. The string ‘infinite’ or a negative integer value means ‘no limit’ |
| [amphora_agent] | |
agent_request_read_timeout = 120 |
(Integer) The time in seconds to allow a request from the controller to run before terminating the socket. |
agent_server_ca = /etc/octavia/certs/client_ca.pem |
(String) The ca which signed the client certificates |
agent_server_cert = /etc/octavia/certs/server.pem |
(String) The server certificate for the agent.py server to use |
agent_server_network_dir = None |
(String) The directory where new network interfaces are located |
agent_server_network_file = None |
(String) The file where the network interfaces are located. Specifying this will override any value set for agent_server_network_dir. |
amphora_id = None |
(String) The amphora ID. |
| [anchor] | |
password = None |
(String) Anchor password |
url = http://localhost:9999/v1/sign/default |
(String) Anchor URL |
username = None |
(String) Anchor username |
| [certificates] | |
barbican_auth = barbican_acl_auth |
(String) Name of the Barbican authentication method to use |
ca_certificate = /etc/ssl/certs/ssl-cert-snakeoil.pem |
(String) Absolute path to the CA Certificate for signing. Defaults to env[OS_OCTAVIA_TLS_CA_CERT]. |
ca_certificates_file = None |
(String) CA certificates file path |
ca_private_key = /etc/ssl/private/ssl-cert-snakeoil.key |
(String) Absolute path to the Private Key for signing. Defaults to env[OS_OCTAVIA_TLS_CA_KEY]. |
ca_private_key_passphrase = None |
(String) Passphrase for the Private Key. Defaults to env[OS_OCTAVIA_CA_KEY_PASS] or None. |
cert_generator = local_cert_generator |
(String) Name of the cert generator to use |
cert_manager = barbican_cert_manager |
(String) Name of the cert manager to use |
endpoint = None |
(String) A new endpoint to override the endpoint in the keystone catalog. |
endpoint_type = publicURL |
(String) The endpoint_type to be used for barbican service. |
insecure = False |
(Boolean) Disable certificate validation on SSL connections |
region_name = None |
(String) Region in Identity service catalog to use for communication with the barbican service. |
service_name = None |
(String) The name of the certificate service in the keystonecatalog |
signing_digest = sha256 |
(String) Certificate signing digest. Defaults to env[OS_OCTAVIA_CA_SIGNING_DIGEST] or “sha256”. |
storage_path = /var/lib/octavia/certificates/ |
(String) Absolute path to the certificate storage directory. Defaults to env[OS_OCTAVIA_TLS_STORAGE]. |
| [controller_worker] | |
amp_active_retries = 10 |
(Integer) Retry attempts to wait for Amphora to become active |
amp_active_wait_sec = 10 |
(Integer) Seconds to wait between checks on whether an Amphora has become active |
amp_boot_network_list = |
(List) List of networks to attach to the Amphorae. All networks defined in the list will be attached to each amphora. |
amp_flavor_id = |
(String) Nova instance flavor id for the Amphora |
amp_image_id = |
(String) DEPRECATED: Glance image id for the Amphora image to boot Superseded by amp_image_tag option. |
amp_image_owner_id = |
(String) Restrict glance image selection to a specific owner ID. This is a recommended security setting. |
amp_image_tag = |
(String) Glance image tag for the Amphora image to boot. Use this option to be able to update the image without reconfiguring Octavia. Ignored if amp_image_id is defined. |
amp_network = |
(String) DEPRECATED: Network to attach to the Amphorae. Replaced by amp_boot_network_list. |
amp_secgroup_list = |
(List) List of security groups to attach to the Amphora. |
amp_ssh_access_allowed = True |
(Boolean) Determines whether or not to allow access to the Amphorae |
amp_ssh_key_name = |
(String) SSH key name used to boot the Amphora |
amphora_driver = amphora_noop_driver |
(String) Name of the amphora driver to use |
client_ca = /etc/octavia/certs/ca_01.pem |
(String) Client CA for the amphora agent to use |
compute_driver = compute_noop_driver |
(String) Name of the compute driver to use |
loadbalancer_topology = SINGLE |
(String) Load balancer topology configuration. SINGLE - One amphora per load balancer. ACTIVE_STANDBY - Two amphora per load balancer. |
network_driver = network_noop_driver |
(String) Name of the network driver to use |
user_data_config_drive = False |
(Boolean) If True, build cloud-init user-data that is passed to the config drive on Amphora boot instead of personality files. If False, utilize personality files. |
| [glance] | |
ca_certificates_file = None |
(String) CA certificates file path |
endpoint = None |
(String) A new endpoint to override the endpoint in the keystone catalog. |
endpoint_type = publicURL |
(String) Endpoint interface in identity service to use |
insecure = False |
(Boolean) Disable certificate validation on SSL connections |
region_name = None |
(String) Region in Identity service catalog to use for communication with the OpenStack services. |
service_name = None |
(String) The name of the glance service in the keystone catalog |
| [haproxy_amphora] | |
base_cert_dir = /var/lib/octavia/certs |
(String) Base directory for cert storage. |
base_path = /var/lib/octavia |
(String) Base directory for amphora files. |
bind_host = :: |
(IP) The host IP to bind to |
bind_port = 9443 |
(Port number) The port to bind to |
client_cert = /etc/octavia/certs/client.pem |
(String) The client certificate to talk to the agent |
connection_max_retries = 300 |
(Integer) Retry threshold for connecting to amphorae. |
connection_retry_interval = 5 |
(Integer) Retry timeout between connection attempts in seconds. |
haproxy_cmd = /usr/sbin/haproxy |
(String) The full path to haproxy |
haproxy_stick_size = 10k |
(String) Size of the HAProxy stick table. Accepts k, m, g suffixes. Example: 10k |
haproxy_template = None |
(String) Custom haproxy template. |
lb_network_interface = o-hm0 |
(String) Network interface through which to reach amphora, only required if using IPv6 link local addresses. |
respawn_count = 2 |
(Integer) The respawn count for haproxy’s upstart script |
respawn_interval = 2 |
(Integer) The respawn interval for haproxy’s upstart script |
rest_request_conn_timeout = 10 |
(Floating point) The time in seconds to wait for a REST API to connect. |
rest_request_read_timeout = 60 |
(Floating point) The time in seconds to wait for a REST API response. |
server_ca = /etc/octavia/certs/server_ca.pem |
(String) The ca which signed the server certificates |
use_upstart = True |
(Boolean) DEPRECATED: If False, use sysvinit. This is now automatically discovered and configured. |
user_group = nogroup |
(String) The user group for haproxy to run under inside the amphora. |
| [health_manager] | |
bind_ip = 127.0.0.1 |
(IP) IP address the controller will listen on for heart beats |
bind_port = 5555 |
(Port number) Port number the controller will listen onfor heart beats |
controller_ip_port_list = |
(List) List of controller ip and port pairs for the heartbeat receivers. Example 127.0.0.1:5555, 192.168.0.1:5555 |
event_streamer_driver = noop_event_streamer |
(String) Specifies which driver to use for the event_streamer for syncing the octavia and neutron_lbaas dbs. If you don’t need to sync the database or are running octavia in stand alone mode use the noop_event_streamer |
failover_threads = 10 |
(Integer) Number of threads performing amphora failovers. |
health_check_interval = 3 |
(Integer) Sleep time between health checks in seconds. |
heartbeat_interval = 10 |
(Integer) Sleep time between sending heartbeats. |
heartbeat_key = None |
(String) key used to validate amphora sendingthe message |
heartbeat_timeout = 60 |
(Integer) Interval, in seconds, to wait before failing over an amphora. |
sock_rlimit = 0 |
(Integer) sets the value of the heartbeat recv buffer |
status_update_threads = 50 |
(Integer) Number of threads performing amphora status update. |
| [healthcheck] | |
backends = |
(List) Additional backends that can perform health checks and report that information back as part of a request. |
detailed = False |
(Boolean) Show more detailed information as part of the response |
disable_by_file_path = None |
(String) Check the presence of a file to determine if an application is running on a port. Used by DisableByFileHealthcheck plugin. |
disable_by_file_paths = |
(List) Check the presence of a file based on a port to determine if an application is running on a port. Expects a “port:path” list of strings. Used by DisableByFilesPortsHealthcheck plugin. |
path = /healthcheck |
(String) DEPRECATED: The path to respond to healtcheck requests on. |
| [house_keeping] | |
amphora_expiry_age = 604800 |
(Integer) Amphora expiry age in seconds |
cert_expiry_buffer = 1209600 |
(Integer) Seconds until certificate expiration |
cert_interval = 3600 |
(Integer) Certificate check interval in seconds |
cert_rotate_threads = 10 |
(Integer) Number of threads performing amphora certificate rotation |
cleanup_interval = 30 |
(Integer) DB cleanup interval in seconds |
load_balancer_expiry_age = 604800 |
(Integer) Load balancer expiry age in seconds |
spare_amphora_pool_size = 0 |
(Integer) Number of spare amphorae |
spare_check_interval = 30 |
(Integer) Spare check interval in seconds |
| [keepalived_vrrp] | |
vrrp_advert_int = 1 |
(Integer) Amphora role and priority advertisement interval in seconds. |
vrrp_check_interval = 5 |
(Integer) VRRP health check script run interval in seconds. |
vrrp_fail_count = 2 |
(Integer) Number of successive failures before transition to a fail state. |
vrrp_garp_refresh_count = 2 |
(Integer) Number of gratuitous ARP announcements to make on each refresh interval. |
vrrp_garp_refresh_interval = 5 |
(Integer) Time in seconds between gratuitous ARP announcements from the MASTER. |
vrrp_success_count = 2 |
(Integer) Number of consecutive successes before transition to a success state. |
| [networking] | |
lb_network_name = None |
(String) Name of amphora internal network |
max_retries = 15 |
(Integer) The maximum attempts to retry an action with the networking service. |
port_detach_timeout = 300 |
(Integer) Seconds to wait for a port to detach from an amphora. |
retry_interval = 1 |
(Integer) Seconds to wait before retrying an action with the networking service. |
| [neutron] | |
ca_certificates_file = None |
(String) CA certificates file path |
endpoint = None |
(String) A new endpoint to override the endpoint in the keystone catalog. |
endpoint_type = publicURL |
(String) Endpoint interface in identity service to use |
insecure = False |
(Boolean) Disable certificate validation on SSL connections |
region_name = None |
(String) Region in Identity service catalog to use for communication with the OpenStack services. |
service_name = None |
(String) The name of the neutron service in the keystone catalog |
| [nova] | |
ca_certificates_file = None |
(String) CA certificates file path |
enable_anti_affinity = False |
(Boolean) Flag to indicate if nova anti-affinity feature is turned on. |
endpoint = None |
(String) A new endpoint to override the endpoint in the keystone catalog. |
endpoint_type = publicURL |
(String) Endpoint interface in identity service to use |
insecure = False |
(Boolean) Disable certificate validation on SSL connections |
region_name = None |
(String) Region in Identity service catalog to use for communication with the OpenStack services. |
service_name = None |
(String) The name of the nova service in the keystone catalog |
| [oslo_middleware] | |
enable_proxy_headers_parsing = False |
(Boolean) Whether the application is behind a proxy or not. This determines if the middleware should parse the headers or not. |
max_request_body_size = 114688 |
(Integer) The maximum body size for each request, in bytes. |
secure_proxy_ssl_header = X-Forwarded-Proto |
(String) DEPRECATED: The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by a SSL termination proxy. |
| [oslo_policy] | |
policy_default_rule = default |
(String) Default rule. Enforced when a requested rule is not found. |
policy_dirs = ['policy.d'] |
(Multi-valued) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored. |
policy_file = policy.json |
(String) The file that defines policies. |
| [quotas] | |
default_health_monitor_quota = -1 |
(Integer) Default per project health monitor quota. |
default_listener_quota = -1 |
(Integer) Default per project listener quota. |
default_load_balancer_quota = -1 |
(Integer) Default per project load balancer quota. |
default_member_quota = -1 |
(Integer) Default per project member quota. |
default_pool_quota = -1 |
(Integer) Default per project pool quota. |
| [service_auth] | |
auth_section = None |
(Unknown) Config Section from which to load plugin specific options |
auth_type = None |
(Unknown) Authentication type to load |
cafile = None |
(String) PEM encoded Certificate Authority to use when verifying HTTPs connections. |
certfile = None |
(String) PEM encoded client certificate cert file |
insecure = False |
(Boolean) Verify HTTPS connections. |
keyfile = None |
(String) PEM encoded client certificate key file |
timeout = None |
(Integer) Timeout value for http requests |
| [task_flow] | |
engine = serial |
(String) TaskFlow engine to use |
max_workers = 5 |
(Integer) The maximum number of workers |
| Configuration option = Default value | Description |
|---|---|
| [matchmaker_redis] | |
check_timeout = 20000 |
(Integer) Time in ms to wait before the transaction is killed. |
host = 127.0.0.1 |
(String) DEPRECATED: Host to locate redis. Replaced by [DEFAULT]/transport_url |
password = |
(String) DEPRECATED: Password for Redis server (optional). Replaced by [DEFAULT]/transport_url |
port = 6379 |
(Port number) DEPRECATED: Use this port to connect to redis host. Replaced by [DEFAULT]/transport_url |
sentinel_group_name = oslo-messaging-zeromq |
(String) Redis replica set name. |
sentinel_hosts = |
(List) DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g., [host:port, host1:port ... ] Replaced by [DEFAULT]/transport_url |
socket_timeout = 10000 |
(Integer) Timeout in ms on blocking socket operations. |
wait_timeout = 2000 |
(Integer) Time in ms to wait between connection attempts. |
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.