ranganathanm/octavia.conf

## octavia.conf
Octavia is the new(ish) loadbalancer for OpenStack. I recently set up the "simplest possible but not simpler"
octavia with a little help from my friends at sSackOverflow and other places.
I had a few hiccups along the way. In particular, I was confused about the openstack documentation
(it has some obsolete stuff in it).  You will find a sample of this file in the git octavia distribution on github.
You will need to customize it. Here's my octavia configuration (maybe it can help others):


[DEFAULT]
host=controller01
auth_strategy = keystone
debug = True
transport_url = rabbit://openstack:rabbit@controller01//
my_ip = 10.0.31.10
publish_errors=True

[api_settings]
bind_host = 0.0.0.0
bind_port = 9876
auth_strategy = keystone
api_v1_enabled = False
api_v2_enabled = True


[database]
# This line MUST be changed to actually run the plugin.
# Example:
# connection = mysql+pymysql://root:pass@127.0.0.1:3306/octavia
# Replace 127.0.0.1 above with the IP address of the database used by the
# main octavia server. (Leave it as is if the database runs on this host.)

# connection = mysql+pymysql://
connection = mysql+pymysql://octavia:octavia@controller01/octavia

# NOTE: In deployment the [database] section and its connection attribute may
# be set in the corresponding core plugin '.ini' file. However, it is suggested
# to put the [database] section and its connection attribute in this
# configuration file.

[health_manager]
bind_ip = 0.0.0.0
bind_port = 5555
controller_ip_port_list = 10.0.31.10:5555
event_streamer_driver = noop_event_streamer
heartbeat_key = insecure


[keystone_authtoken]
www_authenticate_uri = http://controller01:5000
auth_url = http://controller01:5000
memcached_servers = controller01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = octavia
password =  octavia

[certificates]
# Copy these from the octavia distro - do a git pull to get it.
ca_certificate =   /etc/octavia/certs/ca_01.pem
ca_private_key =  /etc/octavia/certs/private/cakey.pem
ca_private_key_passphrase = foobar

[anchor]


[networking]


[haproxy_amphora]
connection_max_retries = 1300
connection_retry_interval = 5
bind_host = 0.0.0.0
bind_port = 9443


server_ca = /etc/octavia/certs/ca_01.pem
client_cert = /etc/octavia/certs/client.pem


rest_request_conn_timeout = 10
rest_request_read_timeout = 120

[controller_worker]

amp_image_id = 4be853f4-2ef5-40fd-9072-01d2856a9778

amp_flavor_id = e061b040-48e4-49d3-8103-f0331cabe302


amp_ssh_key_name = lb-keypair

amp_boot_network_list = eb3d3bae-8a4f-425b-ba86-65e012fc604d
amp_secgroup_list = mysecgroup
mphora_driver = amphora_haproxy_rest_driver

compute_driver = compute_nova_driver

network_driver = allowed_address_pairs_driver

loadbalancer_topology = SINGLE

[task_flow]
# engine = serial
# max_workers = 5
#
# This setting prevents the controller worker from reverting taskflow flows.
# This will leave resources in an inconsistent state and should only be used
# for debugging purposes.
# disable_revert = False

[oslo_messaging]


topic = octavia_prov


event_stream_transport_url = rabbit://openstack:rabbit@controller01//

[house_keeping]


[amphora_agent]
# agent_server_ca = /etc/octavia/certs/client_ca.pem
# agent_server_cert = /etc/octavia/certs/server.pem

# Defaults for agent_server_network_dir when not specified here are:
# Ubuntu: /etc/netns/amphora-haproxy/network/interfaces.d/
# Centos/fedora/rhel: /etc/netns/amphora-haproxy/sysconfig/network-scripts/
#
# agent_server_network_dir =

# agent_server_network_file =
# agent_request_read_timeout = 120

[keepalived_vrrp]
# Amphora Role/Priority advertisement interval in seconds
# vrrp_advert_int = 1

# Service health check interval and success/fail count
# vrrp_check_interval = 5
# vrpp_fail_count = 2
# vrrp_success_count = 2

# Amphora MASTER gratuitous ARP refresh settings
# vrrp_garp_refresh_interval = 5
# vrrp_garp_refresh_count = 2

[service_auth]
# memcached_servers =
memcached_servers = controller01:11211
# cafile = /opt/stack/data/ca-bundle.pem
project_domain_name = Default
# project_name = admin
user_domain_name = Default
password = openstack
username = admin
auth_type = password
project_name = admin
auth_url = http://controller01:5000

[nova]
url= http://controller01:8774/v2.1
auth_url = http://controller01:5000

project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova

[glance]

[neutron]

endpoint = http://controller01:9696

region_name = RegionOne

username = neutron
password = neutron

[quotas]
	Octavia is the new(ish) loadbalancer for OpenStack. I recently set up the "simplest possible but not simpler"
	octavia with a little help from my friends at sSackOverflow and other places.
	I had a few hiccups along the way. In particular, I was confused about the openstack documentation
	(it has some obsolete stuff in it). You will find a sample of this file in the git octavia distribution on github.
	You will need to customize it. Here's my octavia configuration (maybe it can help others):


	[DEFAULT]
	host=controller01
	auth_strategy = keystone
	debug = True
	transport_url = rabbit://openstack:rabbit@controller01//
	my_ip = 10.0.31.10
	publish_errors=True

	[api_settings]
	bind_host = 0.0.0.0
	bind_port = 9876
	auth_strategy = keystone
	api_v1_enabled = False
	api_v2_enabled = True


	[database]
	# This line MUST be changed to actually run the plugin.
	# Example:
	# connection = mysql+pymysql://root:pass@127.0.0.1:3306/octavia
	# Replace 127.0.0.1 above with the IP address of the database used by the
	# main octavia server. (Leave it as is if the database runs on this host.)

	# connection = mysql+pymysql://
	connection = mysql+pymysql://octavia:octavia@controller01/octavia

	# NOTE: In deployment the [database] section and its connection attribute may
	# be set in the corresponding core plugin '.ini' file. However, it is suggested
	# to put the [database] section and its connection attribute in this
	# configuration file.

	[health_manager]
	bind_ip = 0.0.0.0
	bind_port = 5555
	controller_ip_port_list = 10.0.31.10:5555
	event_streamer_driver = noop_event_streamer
	heartbeat_key = insecure


	[keystone_authtoken]
	www_authenticate_uri = http://controller01:5000
	auth_url = http://controller01:5000
	memcached_servers = controller01:11211
	auth_type = password
	project_domain_name = default
	user_domain_name = default
	project_name = service
	username = octavia
	password = octavia

	[certificates]
	# Copy these from the octavia distro - do a git pull to get it.
	ca_certificate = /etc/octavia/certs/ca_01.pem
	ca_private_key = /etc/octavia/certs/private/cakey.pem
	ca_private_key_passphrase = foobar

	[anchor]


	[networking]


	[haproxy_amphora]
	connection_max_retries = 1300
	connection_retry_interval = 5
	bind_host = 0.0.0.0
	bind_port = 9443


	server_ca = /etc/octavia/certs/ca_01.pem
	client_cert = /etc/octavia/certs/client.pem


	rest_request_conn_timeout = 10
	rest_request_read_timeout = 120

	[controller_worker]

	amp_image_id = 4be853f4-2ef5-40fd-9072-01d2856a9778

	amp_flavor_id = e061b040-48e4-49d3-8103-f0331cabe302


	amp_ssh_key_name = lb-keypair

	amp_boot_network_list = eb3d3bae-8a4f-425b-ba86-65e012fc604d
	amp_secgroup_list = mysecgroup
	mphora_driver = amphora_haproxy_rest_driver

	compute_driver = compute_nova_driver

	network_driver = allowed_address_pairs_driver

	loadbalancer_topology = SINGLE

	[task_flow]
	# engine = serial
	# max_workers = 5
	#
	# This setting prevents the controller worker from reverting taskflow flows.
	# This will leave resources in an inconsistent state and should only be used
	# for debugging purposes.
	# disable_revert = False

	[oslo_messaging]


	topic = octavia_prov


	event_stream_transport_url = rabbit://openstack:rabbit@controller01//

	[house_keeping]


	[amphora_agent]
	# agent_server_ca = /etc/octavia/certs/client_ca.pem
	# agent_server_cert = /etc/octavia/certs/server.pem

	# Defaults for agent_server_network_dir when not specified here are:
	# Ubuntu: /etc/netns/amphora-haproxy/network/interfaces.d/
	# Centos/fedora/rhel: /etc/netns/amphora-haproxy/sysconfig/network-scripts/
	#
	# agent_server_network_dir =

	# agent_server_network_file =
	# agent_request_read_timeout = 120

	[keepalived_vrrp]
	# Amphora Role/Priority advertisement interval in seconds
	# vrrp_advert_int = 1

	# Service health check interval and success/fail count
	# vrrp_check_interval = 5
	# vrpp_fail_count = 2
	# vrrp_success_count = 2

	# Amphora MASTER gratuitous ARP refresh settings
	# vrrp_garp_refresh_interval = 5
	# vrrp_garp_refresh_count = 2

	[service_auth]
	# memcached_servers =
	memcached_servers = controller01:11211
	# cafile = /opt/stack/data/ca-bundle.pem
	project_domain_name = Default
	# project_name = admin
	user_domain_name = Default
	password = openstack
	username = admin
	auth_type = password
	project_name = admin
	auth_url = http://controller01:5000

	[nova]
	url= http://controller01:8774/v2.1
	auth_url = http://controller01:5000

	project_domain_name = default
	user_domain_name = default
	region_name = RegionOne
	project_name = service
	username = nova
	password = nova

	[glance]

	[neutron]

	endpoint = http://controller01:9696

	region_name = RegionOne

	username = neutron
	password = neutron

	[quotas]