Octavia Configuration Options¶

host¶

Type:	hostname
Default:	ubuntu-xenial-ovh-gra1-0012178644

The hostname Octavia is running on

octavia_plugins¶

Type:	string
Default:	hot_plug_plugin

Name of the controller plugin to use

bind_host¶

Type:	ip address
Default:	<None>

The host IP to bind to

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:	This setting has moved to the [api_settings] section.

bind_port¶

Type:	port number
Default:	<None>
Minimum Value:	0
Maximum Value:	65535

The port to bind to

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:	This setting has moved to the [api_settings] section.

auth_strategy¶

Type:	string
Default:	<None>
Valid Values:	noauth, keystone, testing

The auth strategy for API requests.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:	This setting has moved to the [api_settings] section.

api_handler¶

Type:	string
Default:	<None>

The handler that the API communicates with

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:	This setting has moved to the [api_settings] section.

agent_server_ca¶

Type:	string
Default:	/etc/octavia/certs/client_ca.pem

The ca which signed the client certificates

agent_server_cert¶

Type:	string
Default:	/etc/octavia/certs/server.pem

The server certificate for the agent.py server to use

agent_server_network_dir¶

Type:	string
Default:	<None>

The directory where new network interfaces are located

agent_server_network_file¶

Type:	string
Default:	<None>

The file where the network interfaces are located. Specifying this will override any value set for agent_server_network_dir.

agent_request_read_timeout¶

Type:	integer
Default:	120

The time in seconds to allow a request from the controller to run before terminating the socket.

amphora_id¶

Type:	string
Default:	<None>

The amphora ID.

url¶

Type:	string
Default:	http://localhost:9999/v1/sign/default

Anchor URL

username¶

Type:	string
Default:	<None>

Anchor username

password¶

Type:	string
Default:	<None>

Anchor password

bind_host¶

Type:	ip address
Default:	127.0.0.1

The host IP to bind to

bind_port¶

Type:	port number
Default:	9876
Minimum Value:	0
Maximum Value:	65535

The port to bind to

auth_strategy¶

Type:	string
Default:	keystone
Valid Values:	noauth, keystone, testing

The auth strategy for API requests.

api_handler¶

Type:	string
Default:	queue_producer

The handler that the API communicates with

allow_pagination¶

Type:	boolean
Default:	true

Allow the usage of pagination

allow_sorting¶

Type:	boolean
Default:	true

Allow the usage of sorting

allow_filtering¶

Type:	boolean
Default:	true

Allow the usage of filtering

allow_field_selection¶

Type:	boolean
Default:	true

Allow the usage of field selection

pagination_max_limit¶

Type:	string
Default:	1000

The maximum number of items returned in a single response. The string ‘infinite’ or a negative integer value means ‘no limit’

api_base_uri¶

Type:	string
Default:	<None>

Base URI for the API for use in pagination links. This will be autodetected from the request if not overridden here.

api_v1_enabled¶

Type:	boolean
Default:	true

Expose the v1 API?

api_v2_enabled¶

Type:	boolean
Default:	true

Expose the v2 API?

allow_tls_terminated_listeners¶

Type:	boolean
Default:	true

Allow users to create TLS Terminated listeners?

cert_manager¶

Type:	string
Default:	barbican_cert_manager

Name of the cert manager to use

cert_generator¶

Type:	string
Default:	local_cert_generator

Name of the cert generator to use

barbican_auth¶

Type:	string
Default:	barbican_acl_auth

Name of the Barbican authentication method to use

service_name¶

Type:	string
Default:	<None>

The name of the certificate service in the keystonecatalog

endpoint¶

Type:	string
Default:	<None>

A new endpoint to override the endpoint in the keystone catalog.

region_name¶

Type:	string
Default:	<None>

Region in Identity service catalog to use for communication with the barbican service.

endpoint_type¶

Type:	string
Default:	publicURL

The endpoint_type to be used for barbican service.

ca_certificates_file¶

Type:	string
Default:	<None>

CA certificates file path

insecure¶

Type:	boolean
Default:	false

Disable certificate validation on SSL connections

workers¶

Type:	integer
Default:	1
Minimum Value:	1

Number of workers for the controller-worker service.

amp_active_retries¶

Type:	integer
Default:	10

Retry attempts to wait for Amphora to become active

amp_active_wait_sec¶

Type:	integer
Default:	10

Seconds to wait between checks on whether an Amphora has become active

amp_flavor_id¶

Type:	string
Default:

Nova instance flavor id for the Amphora

amp_image_tag¶

Type:	string
Default:

Glance image tag for the Amphora image to boot. Use this option to be able to update the image without reconfiguring Octavia. Ignored if amp_image_id is defined.

amp_image_id¶

Type:	string
Default:

Glance image id for the Amphora image to boot

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:	Superseded by amp_image_tag option.

amp_image_owner_id¶

Type:	string
Default:

Restrict glance image selection to a specific owner ID. This is a recommended security setting.

amp_ssh_key_name¶

Type:	string
Default:

SSH key name used to boot the Amphora

amp_ssh_access_allowed¶

Type:	boolean
Default:	true

Determines whether or not to allow access to the Amphorae

amp_boot_network_list¶

Type:	list
Default:

List of networks to attach to the Amphorae. All networks defined in the list will be attached to each amphora.

amp_secgroup_list¶

Type:	list
Default:

List of security groups to attach to the Amphora.

client_ca¶

Type:	string
Default:	/etc/octavia/certs/ca_01.pem

Client CA for the amphora agent to use

amphora_driver¶

Type:	string
Default:	amphora_noop_driver

Name of the amphora driver to use

compute_driver¶

Type:	string
Default:	compute_noop_driver

Name of the compute driver to use

network_driver¶

Type:	string
Default:	network_noop_driver

Name of the network driver to use

loadbalancer_topology¶

Type:	string
Default:	SINGLE
Valid Values:	ACTIVE_STANDBY, SINGLE

Load balancer topology configuration. SINGLE - One amphora per load balancer. ACTIVE_STANDBY - Two amphora per load balancer.

user_data_config_drive¶

Type:	boolean
Default:	false

If True, build cloud-init user-data that is passed to the config drive on Amphora boot instead of personality files. If False, utilize personality files.

service_name¶

Type:	string
Default:	<None>

The name of the glance service in the keystone catalog

endpoint¶

Type:	string
Default:	<None>

A new endpoint to override the endpoint in the keystone catalog.

region_name¶

Type:	string
Default:	<None>

Region in Identity service catalog to use for communication with the OpenStack services.

endpoint_type¶

Type:	string
Default:	publicURL

Endpoint interface in identity service to use

ca_certificates_file¶

Type:	string
Default:	<None>

CA certificates file path

insecure¶

Type:	boolean
Default:	false

Disable certificate validation on SSL connections

base_path¶

Type:	string
Default:	/var/lib/octavia

Base directory for amphora files.

base_cert_dir¶

Type:	string
Default:	/var/lib/octavia/certs

Base directory for cert storage.

haproxy_template¶

Type:	string
Default:	<None>

Custom haproxy template.

connection_max_retries¶

Type:	integer
Default:	300

Retry threshold for connecting to amphorae.

connection_retry_interval¶

Type:	integer
Default:	5

Retry timeout between connection attempts in seconds.

build_rate_limit¶

Type:	integer
Default:	-1

Number of amphorae that could be built per controllerworker, simultaneously.

build_active_retries¶

Type:	integer
Default:	300

Retry threshold for waiting for a build slot for an amphorae.

build_retry_interval¶

Type:	integer
Default:	5

Retry timeout between build attempts in seconds.

user_group¶

Type:	string
Default:	<None>

The user group for haproxy to run under inside the amphora.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:	This is now automatically discovered and configured.

haproxy_stick_size¶

Type:	string
Default:	10k

Size of the HAProxy stick table. Accepts k, m, g suffixes. Example: 10k

bind_host¶

Type:	ip address
Default:	::

The host IP to bind to

bind_port¶

Type:	port number
Default:	9443
Minimum Value:	0
Maximum Value:	65535

The port to bind to

lb_network_interface¶

Type:	string
Default:	o-hm0

Network interface through which to reach amphora, only required if using IPv6 link local addresses.

haproxy_cmd¶

Type:	string
Default:	/usr/sbin/haproxy

The full path to haproxy

respawn_count¶

Type:	integer
Default:	2

The respawn count for haproxy’s upstart script

respawn_interval¶

Type:	integer
Default:	2

The respawn interval for haproxy’s upstart script

rest_request_conn_timeout¶

Type:	floating point
Default:	10

The time in seconds to wait for a REST API to connect.

rest_request_read_timeout¶

Type:	floating point
Default:	60

The time in seconds to wait for a REST API response.

client_cert¶

Type:	string
Default:	/etc/octavia/certs/client.pem

The client certificate to talk to the agent

server_ca¶

Type:	string
Default:	/etc/octavia/certs/server_ca.pem

The ca which signed the server certificates

use_upstart¶

Type:	boolean
Default:	true

If False, use sysvinit.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:	This is now automatically discovered and configured.

bind_ip¶

Type:	ip address
Default:	127.0.0.1

IP address the controller will listen on for heart beats

bind_port¶

Type:	port number
Default:	5555
Minimum Value:	0
Maximum Value:	65535

Port number the controller will listen onfor heart beats

failover_threads¶

Type:	integer
Default:	10

Number of threads performing amphora failovers.

status_update_threads¶

Type:	integer
Default:	<None>

Number of processes for amphora status update.

heartbeat_key¶

Type:	string
Default:	<None>

key used to validate amphora sendingthe message

heartbeat_timeout¶

Type:	integer
Default:	60

Interval, in seconds, to wait before failing over an amphora.

health_check_interval¶

Type:	integer
Default:	3

Sleep time between health checks in seconds.

sock_rlimit¶

Type:	integer
Default:	0 sets the value of the heartbeat recv buffer

controller_ip_port_list¶

Type:	list
Default:

List of controller ip and port pairs for the heartbeat receivers. Example 127.0.0.1:5555, 192.168.0.1:5555

heartbeat_interval¶

Type:	integer
Default:	10

Sleep time between sending heartbeats.

health_update_driver¶

Type:	string
Default:	health_db

Driver for updating amphora health system.

stats_update_driver¶

Type:	string
Default:	stats_db

Driver for updating amphora statistics.

event_streamer_driver¶

Type:	string
Default:	noop_event_streamer

Specifies which driver to use for the event_streamer for syncing the octavia and neutron_lbaas dbs. If you don’t need to sync the database or are running octavia in stand alone mode use the noop_event_streamer

sync_provisioning_status¶

Type:	boolean
Default:	false

Enable provisioning status sync with neutron db

spare_check_interval¶

Type:	integer
Default:	30

Spare check interval in seconds

spare_amphora_pool_size¶

Type:	integer
Default:	0

Number of spare amphorae

cleanup_interval¶

Type:	integer
Default:	30

DB cleanup interval in seconds

amphora_expiry_age¶

Type:	integer
Default:	604800

Amphora expiry age in seconds

load_balancer_expiry_age¶

Type:	integer
Default:	604800

Load balancer expiry age in seconds

cert_interval¶

Type:	integer
Default:	3600

Certificate check interval in seconds

cert_expiry_buffer¶

Type:	integer
Default:	1209600

Seconds until certificate expiration

cert_rotate_threads¶

Type:	integer
Default:	10

Number of threads performing amphora certificate rotation

vrrp_advert_int¶

Type:	integer
Default:	1

Amphora role and priority advertisement interval in seconds.

vrrp_check_interval¶

Type:	integer
Default:	5

VRRP health check script run interval in seconds.

vrrp_fail_count¶

Type:	integer
Default:	2

Number of successive failures before transition to a fail state.

vrrp_success_count¶

Type:	integer
Default:	2

Number of consecutive successes before transition to a success state.

vrrp_garp_refresh_interval¶

Type:	integer
Default:	5

Time in seconds between gratuitous ARP announcements from the MASTER.

vrrp_garp_refresh_count¶

Type:	integer
Default:	2

Number of gratuitous ARP announcements to make on each refresh interval.

max_retries¶

Type:	integer
Default:	15

The maximum attempts to retry an action with the networking service.

retry_interval¶

Type:	integer
Default:	1

Seconds to wait before retrying an action with the networking service.

port_detach_timeout¶

Type:	integer
Default:	300

Seconds to wait for a port to detach from an amphora.

allow_vip_network_id¶

Type:	boolean
Default:	true

Can users supply a network_id for their VIP?

allow_vip_subnet_id¶

Type:	boolean
Default:	true

Can users supply a subnet_id for their VIP?

allow_vip_port_id¶

Type:	boolean
Default:	true

Can users supply a port_id for their VIP?

valid_vip_networks¶

Type:	list
Default:	<None>

List of network_ids that are valid for VIP creation. If this field is empty, no validation is performed.

service_name¶

Type:	string
Default:	<None>

The name of the neutron service in the keystone catalog

endpoint¶

Type:	string
Default:	<None>

A new endpoint to override the endpoint in the keystone catalog.

region_name¶

Type:	string
Default:	<None>

Region in Identity service catalog to use for communication with the OpenStack services.

endpoint_type¶

Type:	string
Default:	publicURL

Endpoint interface in identity service to use

ca_certificates_file¶

Type:	string
Default:	<None>

CA certificates file path

insecure¶

Type:	boolean
Default:	false

Disable certificate validation on SSL connections

service_name¶

Type:	string
Default:	<None>

The name of the nova service in the keystone catalog

endpoint¶

Type:	string
Default:	<None>

A new endpoint to override the endpoint in the keystone catalog.

region_name¶

Type:	string
Default:	<None>

Region in Identity service catalog to use for communication with the OpenStack services.

endpoint_type¶

Type:	string
Default:	publicURL

Endpoint interface in identity service to use

ca_certificates_file¶

Type:	string
Default:	<None>

CA certificates file path

insecure¶

Type:	boolean
Default:	false

Disable certificate validation on SSL connections

enable_anti_affinity¶

Type:	boolean
Default:	false

Flag to indicate if nova anti-affinity feature is turned on.

anti_affinity_policy¶

Type:	string
Default:	anti-affinity
Valid Values:	anti-affinity, soft-anti-affinity

Sets the anti-affinity policy for nova

random_amphora_name_length¶

Type:	integer
Default:	0

If non-zero, generate a random name of the length provided for each amphora, in the format “a[A-Z0-9]*”. Otherwise, the default name format will be used: “amphora-{UUID}”.

availability_zone¶

Type:	string
Default:	<None>

Availability zone to use for creating Amphorae

topic¶

Type:	string
Default:	<None>

event_stream_topic¶

Type:	string
Default:	neutron_lbaas_event

topic name for communicating events through a queue

default_load_balancer_quota¶

Type:	integer
Default:	-1

Default per project load balancer quota.

default_listener_quota¶

Type:	integer
Default:	-1

Default per project listener quota.

default_member_quota¶

Type:	integer
Default:	-1

Default per project member quota.

default_pool_quota¶

Type:	integer
Default:	-1

Default per project pool quota.

default_health_monitor_quota¶

Type:	integer
Default:	-1

Default per project health monitor quota.

auth_url¶

Type:	unknown type
Default:	<None>

Authentication URL

auth_type¶

Type:	unknown type
Default:	<None>

Authentication type to load

Deprecated Variations¶

Group	Name
service_auth	auth_plugin

cafile¶

Type:	string
Default:	<None>

PEM encoded Certificate Authority to use when verifying HTTPs connections.

certfile¶

Type:	string
Default:	<None>

PEM encoded client certificate cert file

default_domain_id¶

Type:	unknown type
Default:	<None>

Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.

default_domain_name¶

Type:	unknown type
Default:	<None>

Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.

domain_id¶

Type:	unknown type
Default:	<None>

Domain ID to scope to

domain_name¶

Type:	unknown type
Default:	<None>

Domain name to scope to

insecure¶

Type:	boolean
Default:	false

Verify HTTPS connections.

keyfile¶

Type:	string
Default:	<None>

PEM encoded client certificate key file

password¶

Type:	unknown type
Default:	<None>

User’s password

project_domain_id¶

Type:	unknown type
Default:	<None>

Domain ID containing project

project_domain_name¶

Type:	unknown type
Default:	<None>

Domain name containing project

project_id¶

Type:	unknown type
Default:	<None>

Project ID to scope to

Deprecated Variations¶

Group	Name
service_auth	tenant-id
service_auth	tenant_id

project_name¶

Type:	unknown type
Default:	<None>

Project name to scope to

Deprecated Variations¶

Group	Name
service_auth	tenant-name
service_auth	tenant_name

tenant_id¶

Type:	unknown type
Default:	<None>

Tenant ID

tenant_name¶

Type:	unknown type
Default:	<None>

Tenant Name

timeout¶

Type:	integer
Default:	<None>

Timeout value for http requests

trust_id¶

Type:	unknown type
Default:	<None>

Trust ID

user_domain_id¶

Type:	unknown type
Default:	<None>

User’s domain id

user_domain_name¶

Type:	unknown type
Default:	<None>

User’s domain name

user_id¶

Type:	unknown type
Default:	<None>

User id

username¶

Type:	unknown type
Default:	<None>

Username

Deprecated Variations¶

Group	Name
service_auth	user-name
service_auth	user_name

engine¶

Type:	string
Default:	serial

TaskFlow engine to use

max_workers¶

Type:	integer
Default:	5

The maximum number of workers

disable_revert¶

Type:	boolean
Default:	false

If True, disables the controller worker taskflow flows from reverting. This will leave resources in an inconsistent state and should only be used for debugging purposes.