{"id":464,"sha1":"c6cedcef1c3502a02b810d4e863e2032217dc690","playbook":{"id":4,"items":{"plays":104,"tasks":1377,"results":1365,"hosts":2,"files":504,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":8,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:39:52.478534Z","ended":"2025-12-08T14:14:54.510371Z","duration":"00:35:02.031837","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.3","server_version":"1.7.4","status":"failed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2014, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n###\n### Verbosity Options\n###\n\ndebug: false\n\n###\n### Service setup options\n###\n\n# Set the host which will execute the shade modules\n# for the service setup. The host must already have\n# clouds.yaml properly configured.\nneutron_service_setup_host: \"{{ openstack_service_setup_host | default('localhost') }}\"\nneutron_service_setup_host_python_interpreter: >-\n {{\n openstack_service_setup_host_python_interpreter | default(\n (neutron_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\n\n###\n### Packages Options\n###\n\n# Set the package install state for distribution\n# Options are 'present' and 'latest'\nneutron_package_state: \"{{ package_state | default('latest') }}\"\n\n# Set installation method.\nneutron_install_method: \"{{ service_install_method | default('source') }}\"\nneutron_venv_python_executable: \"{{ openstack_venv_python_executable | default('python3') }}\"\n\n###\n### Python code details\n###\n\n# Set the package install state for pip_package\n# Options are 'present' and 'latest'\nneutron_pip_package_state: \"latest\"\n\n# Source git repo/branch settings\nneutron_git_repo: https://opendev.org/openstack/neutron\nneutron_git_install_branch: master\nneutron_fwaas_git_repo: https://opendev.org/openstack/neutron-fwaas\nneutron_fwaas_git_install_branch: master\nneutron_vpnaas_git_repo: https://opendev.org/openstack/neutron-vpnaas\nneutron_vpnaas_git_install_branch: master\nneutron_dynamic_routing_git_repo: https://opendev.org/openstack/neutron-dynamic-routing\nneutron_dynamic_routing_git_install_branch: master\nnetworking_odl_git_repo: https://opendev.org/openstack/networking-odl\nnetworking_odl_git_install_branch: master\nnetworking_ovn_bgp_git_repo: https://opendev.org/openstack/ovn-bgp-agent\nnetworking_ovn_bgp_git_install_branch: master\nnetworking_sfc_git_repo: https://opendev.org/openstack/networking-sfc\nnetworking_sfc_git_install_branch: master\nnetworking_bgpvpn_git_repo: https://opendev.org/openstack/networking-bgpvpn\nnetworking_bgpvpn_git_install_branch: master\nceilometer_git_repo: https://opendev.org/openstack/ceilometer\nceilometer_git_install_branch: master\nnetworking_baremetal_git_repo: https://opendev.org/openstack/networking-baremetal\nnetworking_baremetal_git_install_branch: master\nnetworking_generic_switch_git_repo: https://opendev.org/openstack/networking-generic-switch\nnetworking_generic_switch_git_install_branch: master\nnetworking_nsx_git_repo: https://opendev.org/x/vmware-nsx\nnetworking_nsx_git_install_branch: master\nnetworking_nsxlib_git_repo: https://opendev.org/x/vmware-nsxlib\nnetworking_nsxlib_git_install_branch: master\n\nneutron_upper_constraints_url: >-\n {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}\nneutron_git_constraints:\n - \"--constraint {{ neutron_upper_constraints_url }}\"\n\nneutron_pip_install_args: \"{{ pip_install_options | default('') }}\"\n\n# Name of the virtual env to deploy into\nneutron_venv_tag: \"{{ venv_tag | default('untagged') }}\"\n\n###\n### Generic Neutron Config\n###\n\n# Fatal Deprecations\nneutron_fatal_deprecations: false\n\n# If ``neutron_api_workers`` is unset the system will use half the number of available VCPUs to\n# compute the number of api workers to use with a default capping value of 16.\n# neutron_api_workers: 16\n\n## Cap the maximun number of threads / workers when a user value is unspecified.\nneutron_api_threads_max: 16\nneutron_api_threads: \"{{ [[ansible_facts['processor_vcpus'] | default(2) // 2, 1] | max, neutron_api_threads_max] | min }}\"\n\nneutron_agent_down_time: 120\nneutron_agent_polling_interval: 5\nneutron_report_interval: \"{{ neutron_agent_down_time | int / 2 | int }}\"\n\nneutron_dns_domain: \"{{ dhcp_domain | default('openstacklocal.') }}\"\n\n# If ``neutron_num_sync_threads`` is unset, the system will use the value of\n# neutron_api_threads in templates/dhcp_agent.ini.j2 for num_sync_threads.\n# neutron_num_sync_threads: 4\n\n###\n### DNSMasq configuration\n###\n# Dnsmasq doesn't work with config_template override, a deployer\n# should instead configure its own neutron_dhcp_config key/values like this:\n# neutron_dhcp_config:\n# dhcp-option-force: \"26,1500\"\nneutron_dhcp_config: {}\n\n# Dnsmasq has furthermore some options in its configuration that are not\n# key/value pairs but just options. A deployer can configure those with this\n# list:\nneutron_dhcp_config_list: []\n\n# Disable dnsmasq to resolve DNS via local resolv.conf.\n# When dnsmasq_dns_servers are not set,\n# and neutron_dnsmasq_noresolv is set to True, dnsmasq will reply with\n# empty respose on DNS requests.\nneutron_dnsmasq_noresolv: false\n\n###\n### Tunable Overrides (Sorted alphabetically)\n###\n\n# These variables facilitate adding config file entries\n# for anything supported by the service. See the section\n# 'Overriding OpenStack configuration defaults' in the\n# 'Advanced configuration' appendix of the Deploy Guide.\nneutron_api_paste_ini_overrides: {}\nneutron_bgp_dragent_ini_overrides: {}\nneutron_bgp_dragent_init_overrides: {}\nneutron_dhcp_agent_ini_overrides: {}\nneutron_dhcp_agent_init_overrides: {}\nneutron_ironic_neutron_agent_ini_overrides: {}\nneutron_ironic_neutron_agent_init_overrides: {}\nneutron_l3_agent_ini_overrides: {}\nneutron_l3_agent_init_overrides: {}\nneutron_metadata_agent_ini_overrides: {}\nneutron_metadata_agent_init_overrides: {}\nneutron_metering_agent_ini_overrides: {}\nneutron_metering_agent_init_overrides: {}\nneutron_ml2_conf_ini_overrides: {}\nneutron_ml2_conf_genericswitch_ini_overrides: {}\nneutron_neutron_conf_overrides: {}\nneutron_nuage_conf_ini_overrides: {}\nneutron_openvswitch_agent_ini_overrides: {}\nneutron_openvswitch_agent_init_overrides: {}\nneutron_ovn_bgp_agent_ini_overrides: {}\nneutron_ovn_bgp_agent_init_overrides: {}\nneutron_nsx_conf_ini_overrides: {}\n# Provide a list of access controls to update the default policy.json with.\n# These changes will be merged\n# with the access controls in the default policy.json. E.g.\n# neutron_policy_overrides:\n# \"create_subnet\": \"rule:admin_or_network_owner\"\n# \"get_subnet\": \"rule:admin_or_owner or rule:shared\"\nneutron_policy_overrides: {}\n_neutron_rootwrap_conf_overrides:\n DEFAULT:\n filters_path: \"{{ neutron_conf_dir }}/rootwrap.d,/usr/share/neutron/rootwrap\"\n exec_dirs: \"{{ neutron_bin }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts\"\nneutron_rootwrap_conf_overrides: {}\n\nneutron_api_uwsgi_ini_overrides: {}\nneutron_periodic_workers_init_overrides: {}\nneutron_server_init_overrides: {}\nneutron_rpc_server_init_overrides: {}\nneutron_sriov_nic_agent_ini_overrides: {}\nneutron_sriov_nic_agent_init_overrides: {}\nneutron_ovn_maintenance_init_overrides: {}\nneutron_ovn_metadata_agent_ini_overrides: {}\nneutron_ovn_metadata_agent_init_overrides: {}\n\n###\n### UWSGI\n###\nneutron_wsgi_processes_max: 16\nneutron_wsgi_processes: \"{{ [[ansible_facts['processor_vcpus'] | default(1), 1] | max * 2, neutron_wsgi_processes_max] | min }}\"\nneutron_wsgi_threads: 1\nneutron_uwsgi_tls:\n crt: \"{{ neutron_ssl_cert }}\"\n key: \"{{ neutron_ssl_key }}\"\n\n###\n### Quotas\n###\n\nneutron_default_quota: -1\nneutron_quota_floatingip: 50\nneutron_quota_health_monitor: -1\nneutron_quota_member: -1\nneutron_quota_network: 100\nneutron_quota_network_gateway: 5\nneutron_quota_packet_filter: 100\nneutron_quota_pool: 10\nneutron_quota_port: 500\nneutron_quota_router: 10\nneutron_quota_security_group: 10\nneutron_quota_security_group_rule: 100\nneutron_quota_subnet: 100\nneutron_quota_vip: 10\nneutron_quota_firewall: 10\nneutron_quota_firewall_policy: 10\nneutron_quota_firewall_rule: 100\n\n###\n### DB (Galera) integration\n###\n\nneutron_db_setup_host: \"{{ openstack_db_setup_host | default('localhost') }}\"\nneutron_db_setup_python_interpreter: >-\n {{\n openstack_db_setup_python_interpreter | default(\n (neutron_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\nneutron_galera_address: \"{{ galera_address | default('127.0.0.1') }}\"\nneutron_galera_user: neutron\nneutron_galera_database: neutron\nneutron_db_max_overflow: \"{{ openstack_db_max_overflow | default('50') }}\"\nneutron_db_max_pool_size: \"{{ openstack_db_max_pool_size | default('5') }}\"\nneutron_db_pool_timeout: \"{{ openstack_db_pool_timeout | default('30') }}\"\nneutron_db_connection_recycle_time: \"{{ openstack_db_connection_recycle_time | default('600') }}\"\nneutron_galera_use_ssl: \"{{ galera_use_ssl | default(False) }}\"\nneutron_galera_ssl_ca_cert: \"{{ galera_ssl_ca_cert | default('') }}\"\nneutron_galera_port: \"{{ galera_port | default('3306') }}\"\n\n###\n### Oslo Messaging\n###\n\n# RabbitMQ\n\nneutron_oslomsg_heartbeat_in_pthread: \"{{ oslomsg_heartbeat_in_pthread | default(False) }}\"\n\n# RPC\n\nneutron_oslomsg_rpc_host_group: \"{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}\"\nneutron_oslomsg_rpc_setup_host: \"{{ (neutron_oslomsg_rpc_host_group in groups) | ternary(groups[neutron_oslomsg_rpc_host_group][0], 'localhost') }}\"\nneutron_oslomsg_rpc_transport: \"{{ oslomsg_rpc_transport | default('rabbit') }}\"\nneutron_oslomsg_rpc_servers: \"{{ oslomsg_rpc_servers | default('127.0.0.1') }}\"\nneutron_oslomsg_rpc_port: \"{{ oslomsg_rpc_port | default('5672') }}\"\nneutron_oslomsg_rpc_use_ssl: \"{{ oslomsg_rpc_use_ssl | default(False) }}\"\nneutron_oslomsg_rpc_userid: neutron\nneutron_oslomsg_rpc_policies: []\nneutron_oslomsg_rpc_vhost:\n - name: /neutron\n state: \"{{ neutron_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}\"\n - name: neutron\n state: \"{{ neutron_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}\"\nneutron_oslomsg_rpc_ssl_version: \"{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}\"\nneutron_oslomsg_rpc_ssl_ca_file: \"{{ oslomsg_rpc_ssl_ca_file | default('') }}\"\n\n# Notify\nneutron_oslomsg_notify_configure: \"{{ oslomsg_notify_configure | default(neutron_ceilometer_enabled) }}\"\nneutron_oslomsg_notify_host_group: \"{{ oslomsg_notify_host_group | default('rabbitmq_all') }}\"\nneutron_oslomsg_notify_setup_host: >-\n {{ (neutron_oslomsg_notify_host_group in groups) | ternary(groups[neutron_oslomsg_notify_host_group][0], 'localhost') }}\nneutron_oslomsg_notify_transport: \"{{ oslomsg_notify_transport | default('rabbit') }}\"\nneutron_oslomsg_notify_servers: \"{{ oslomsg_notify_servers | default('127.0.0.1') }}\"\nneutron_oslomsg_notify_port: \"{{ oslomsg_notify_port | default('5672') }}\"\nneutron_oslomsg_notify_use_ssl: \"{{ oslomsg_notify_use_ssl | default(False) }}\"\nneutron_oslomsg_notify_userid: \"{{ neutron_oslomsg_rpc_userid }}\"\nneutron_oslomsg_notify_password: \"{{ neutron_oslomsg_rpc_password }}\"\nneutron_oslomsg_notify_vhost: \"{{ neutron_oslomsg_rpc_vhost }}\"\nneutron_oslomsg_notify_ssl_version: \"{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}\"\nneutron_oslomsg_notify_ssl_ca_file: \"{{ oslomsg_notify_ssl_ca_file | default('') }}\"\nneutron_oslomsg_notify_policies: []\n\n###\n### (RabbitMQ) integration\n###\nneutron_oslomsg_rabbit_quorum_queues: \"{{ oslomsg_rabbit_quorum_queues | default(True) }}\"\nneutron_oslomsg_rabbit_stream_fanout: \"{{ oslomsg_rabbit_stream_fanout | default(neutron_oslomsg_rabbit_quorum_queues) }}\"\nneutron_oslomsg_rabbit_transient_quorum_queues: \"{{ oslomsg_rabbit_transient_quorum_queues | default(neutron_oslomsg_rabbit_stream_fanout) }}\"\nneutron_oslomsg_rabbit_qos_prefetch_count: \"{{ oslomsg_rabbit_qos_prefetch_count | default(neutron_oslomsg_rabbit_stream_fanout | ternary(10, 0)) }}\"\nneutron_oslomsg_rabbit_queue_manager: \"{{ oslomsg_rabbit_queue_manager | default(neutron_oslomsg_rabbit_quorum_queues) }}\"\nneutron_oslomsg_rabbit_quorum_delivery_limit: \"{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}\"\nneutron_oslomsg_rabbit_quorum_max_memory_bytes: \"{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}\"\nneutron_rpc_thread_pool_size: 64\nneutron_rpc_conn_pool_size: 30\nneutron_rpc_response_timeout: 60\nneutron_rpc_workers_max: 16\nneutron_rpc_workers: >-\n {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, neutron_rpc_workers_max] | min }}\n\n###\n### Identity (Keystone) integration\n###\n\nneutron_service_project_name: service\nneutron_service_project_domain_id: default\nneutron_service_user_domain_id: default\nneutron_service_role_names:\n - admin\n - service\nneutron_service_token_roles:\n - service\nneutron_service_token_roles_required: \"{{ openstack_service_token_roles_required | default(True) }}\"\nneutron_service_user_name: neutron\nneutron_service_name: neutron\nneutron_service_type: network\nneutron_service_description: \"OpenStack Networking\"\nneutron_api_bind_address: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\nneutron_service_port: 9696\nneutron_service_proto: http\nneutron_service_publicuri_proto: \"{{ openstack_service_publicuri_proto | default(neutron_service_proto) }}\"\nneutron_service_adminuri_proto: \"{{ openstack_service_adminuri_proto | default(neutron_service_proto) }}\"\nneutron_service_internaluri_proto: \"{{ openstack_service_internaluri_proto | default(neutron_service_proto) }}\"\nneutron_service_publicuri: \"{{ neutron_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}\"\nneutron_service_publicurl: \"{{ neutron_service_publicuri }}\"\nneutron_service_adminuri: \"{{ neutron_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}\"\nneutron_service_adminurl: \"{{ neutron_service_adminuri }}\"\nneutron_service_internaluri: \"{{ neutron_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}\"\nneutron_service_internalurl: \"{{ neutron_service_internaluri }}\"\nneutron_service_region: \"{{ service_region | default('RegionOne') }}\"\nneutron_keystone_auth_plugin: \"{{ neutron_keystone_auth_type }}\"\nneutron_keystone_auth_type: password\nneutron_service_in_ldap: \"{{ service_ldap_backend_enabled | default(False) }}\"\n\n###\n### Availability zones\n###\n# Availability zone defines current AZ of the component. For OVN you can define\n# multiple AZs separated with a colon, ie \"az1:az2\"\nneutron_availability_zone: nova\n\n# Default availability zones do define a list of zones to where routers/agents\n# will be scheduled by default. This is a list, since a deployment might stretch\n# networks across AZs.\n# Default: Neutron will attempt scheduling across all defined AZs for Neutron hosts.\nneutron_default_availability_zones: >-\n {{\n groups['neutron_all'] | map(\n 'extract', hostvars, 'neutron_availability_zone') | map(\n 'default', neutron_availability_zone) | map('split', ':') | flatten | unique\n }}\n\n###\n### Telemetry integration\n###\n\nneutron_ceilometer_enabled: \"{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}\"\n\n###\n### Designate integration\n###\n\nneutron_designate_enabled: \"{{ (groups['designate_all'] is defined) and (groups['designate_all'] | length > 0) }}\"\nneutron_allow_reverse_dns_lookup: true\nneutron_ipv4_ptr_zone_prefix_size: 24\nneutron_ipv6_ptr_zone_prefix_size: 116\n\n###\n### Plugins Loading\n###\n\n# Other plugins can be added to the system by simply extending the list `neutron_plugin_base`.\n# neutron_plugin_base:\n# - router\n# - firewall_v2\n# - neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin\n# - vpnaas\n# - metering\n# - qos\n# - dns/dns_domain_ports/subnet_dns_publish_fixed_ip either one or the other, not both\n# - port_forwarding\nneutron_plugin_base:\n - ovn-router\n\n###\n### Memcache override\n###\nneutron_memcached_servers: \"{{ memcached_servers }}\"\n\n###\n### ML2 Plugin Configuration\n###\n\n# The neutron core plugin (ML2) is defined with neutron_plugin_type,\n# you can not load multiple ML2 plugins as core.\nneutron_plugin_type: \"ml2.ovn\"\n\n# Additional ML2 plugins can be loaded with neutron_plugin_types (as list)\nneutron_plugin_types: []\n\n# ml2 network type drivers to load\nneutron_ml2_drivers_type: \"geneve,vlan,flat\"\n\n# Enable or disable L2 Population.\n# When using ovs dvr it must be enabled\nneutron_l2_population: \"{{ neutron_plugin_type == 'ml2.ovs.dvr' }}\"\n\nneutron_vxlan_enabled: true\n\n## The neutron multicast group address. This should be set as a host variable if used.\nneutron_vxlan_group: \"239.1.1.1\"\n\n# The neutron multicast time-to-live. Number of L3 hops before routers will drop the traffic\nneutron_vxlan_ttl: 32\n\nneutron_sriov_excluded_devices: \"\"\n\n# neutron_local_ip is used for the VXLAN local tunnel endpoint\nneutron_local_ip: \"{{ tunnel_address | default('127.0.0.1') }}\"\n\n## Set this variable to configure the provider networks that will be available\n## When setting up networking in things like the ml2_conf.ini file. Normally\n## this will be defined as a host variable used within neutron as network configuration\n## are likely to differ in between hosts.\n# neutron_provider_networks:\n# network_flat_networks: \"flat\"\n# network_mappings: \"flat:eth12,vlan:eth11\"\n# network_types: \"vxlan,flat,vlan\"\n# network_vlan_ranges: \"vlan:1:1,vlan:1024:1025\"\n# network_vxlan_ranges: \"1:1000\"\n# network_geneve_ranges: \"1:1000\"\n# network_sriov_mappings: \"vlan:p4p1\"\n\n###\n### L3 Agent Plugin Configuration\n###\n\n# L3HA configuration options\nneutron_ha_vrrp_auth_type: PASS\nneutron_l3_ha_net_cidr: 169.254.192.0/18\n\nneutron_l3_cleanup_on_shutdown: false\n\n## List of extensions enabled for L3\n## The list can be extended by operator if needed, ie in user_variables.yml:\n# neutron_l3_agent_extensions: \"{{ _neutron_l3_agent_extensions + ['neutron_fip_qos'] }}\"\nneutron_l3_agent_extensions: \"{{ _neutron_l3_agent_extensions }}\"\n\n# Specify the maximum number of L3 agents per tenant network. Defaults to the total number of agents deployed\n# neutron_l3_agents_max: 2\n\n###\n### DHCP Agent Plugin Configuration\n###\n\n# Comma-separated list of DNS servers which will be used by dnsmasq as forwarders.\n# This variable will be used for the same purpose for OVN, when dnsmasq is not used.\nneutron_dnsmasq_dns_servers: \"\"\n\n# Limit number of leases to prevent a denial-of-service.\nneutron_dnsmasq_lease_max: 16777216\n\n# Specify if dnsmasq should send a route to metadata server through DHCP 121 message to VM\nneutron_dnsmasq_force_metadata: false\n\n# Specify the maximum number of DHCP agents per tenant network. Defaults to the total number of agents deployed\n# neutron_dhcp_agents_max: 2\n\n###\n### Metadata Agent Plugin Configuration\n###\n\n# If ``neutron_metadata_workers`` is unset the system will use half the number of available VCPUs to\n# compute the number of api workers to use with a default capping value of 16.\n# neutron_metadata_workers: 16\nneutron_metadata_backlog: 4096\n\n# The port used by neutron to access the nova metadata service.\nneutron_nova_metadata_port: \"{{ nova_metadata_port | default(8775) }}\"\n\n# The protocol used by neutron to access the nova metadata service.\nneutron_nova_metadata_protocol: \"{{ nova_metadata_protocol | default('http') }}\"\n\n# If the nova_metadata_protocol is using a self-signed cert, then\n# this flag should be set to a boolean True.\nneutron_nova_metadata_insecure: \"{{ nova_metadata_insecure | default(False) }}\"\n\n###\n### FWaaS Configuration\n###\n\nneutron_driver_fwaasv2: iptables_v2\nneutron_fwaasv2_service_provider: FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default\n\n###\n### VPNaaS Configuration\n###\n\n# See VPNaaS documentation for driver/service provider selection\n# in case you want to override it.\nneutron_driver_vpnaas: \"{{ _neutron_driver_vpnaas }}\"\nneutron_vpnaas_service_provider: \"{{ _neutron_vpnaas_service_provider }}\"\n\n# Set this variable to use custom config file for strongswan/openswan\n# neutron_vpnaas_custom_config:\n# - src: \"/etc/openstack_deploy/strongswan/strongswan.conf.template\"\n# dest: \"{{ neutron_conf_dir }}/strongswan.conf.template\"\n# condition: \"{{ ansible_facts['os_family'] | lower == 'debian' }}\"\n\nneutron_vpnaas_custom_config: []\nneutron_ovn_vpn_agent_overrides: {}\nneutron_ovn_vpn_agent_init_overrides: {}\n\n# OVN Defaults\nneutron_ovn_ssl: true\novn_proto: \"{{ (neutron_ovn_ssl) | ternary('ssl', 'tcp') }}\"\nneutron_ovn_primary_cluster_node: \"{{ groups[neutron_services['neutron-ovn-northd']['group']] | first }}\"\nneutron_ovn_northd_service_name: ovn-northd\nneutron_ovn_controller_service_name: ovn-controller\nneutron_ovn_l3_scheduler: leastloaded\nneutron_ovn_distributed_fip: false\nneutron_ovn_nb_connection: >-\n {{ ovn_proto }}:{{ groups['neutron_ovn_northd'] | map('extract', hostvars, ['ansible_host']) | join(':6641,' + ovn_proto + ':') }}:6641\nneutron_ovn_sb_connection: >-\n {{ ovn_proto }}:{{ groups['neutron_ovn_northd'] | map('extract', hostvars, ['ansible_host']) | join(':6642,' + ovn_proto + ':') }}:6642\nneutron_ovsdb_manager_host: 127.0.0.1\nneutron_ovsdb_manager_port: 6640\nneutron_ovsdb_manager_proto: tcp\nneutron_ovsdb_manager: \"p{{ [neutron_ovsdb_manager_proto, neutron_ovsdb_manager_port, neutron_ovsdb_manager_host] | select | join(':') }}\"\nneutron_ovsdb_manager_connection: \"{{ [neutron_ovsdb_manager_proto, neutron_ovsdb_manager_host, neutron_ovsdb_manager_port] | select | join(':') }}\"\nneutron_ovn_sb_inactivity_probe: 60000\nneutron_ovn_nb_inactivity_probe: 60000\n\n# OVN BGP Agent\nneutron_ovn_bgp_enable: false\nneutron_ovn_bgp_agent_group: \"{{ neutron_ovn_distributed_fip | ternary('neutron_ovn_controller', 'neutron_ovn_gateway') }}\"\nneutron_ovn_bgp_agent_driver: nb_ovn_bgp_driver\nneutron_ovn_bgp_exposing_method: underlay\nneutron_ovn_bgp_expose_tenant_networks: false\nneutron_ovn_bgp_expose_ipv6_gua_tenant_networks: false\n# Provide config needed for BGP peering\n# neutron_ovn_bgp_config:\n# AS: 64999\n# nic: bgp-nic\n# vrf: bgp-vrf\n# vrf_table_id: 10\nneutron_ovn_bgp_config: {}\nneutron_frr_bgp_config: []\nneutron_frr_staticd_routes: []\n\n# This section is used when neutron_ovn_bgp_exposing_method\n# is set to \"ovn\".\n# This requires a standalone \"local\" cluster per node where\n# ovn-bgp-agent runs.\nneutron_ovn_bgp_local_nbdb: tcp:127.0.0.1:6641\nneutron_ovn_bgp_local_nics: []\nneutron_ovn_bgp_local_peers: []\nneutron_ovn_bgp_provider_networks_prefixes: []\n\n# Storage location for SSL certificate authority\nneutron_ovn_pki_dir: \"{{ openstack_pki_dir }}\"\n# Delegated host for operating the certificate authority\nneutron_ovn_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n# The local address used for the neutron_ovn node\nneutron_ovn_node_address: \"{{ management_address | default('127.0.0.1') }}\"\n# neutron OVN server certificate\nneutron_ovn_pki_keys_path: \"{{ neutron_ovn_pki_dir ~ '/certs/private/' }}\"\nneutron_ovn_pki_certs_path: \"{{ neutron_ovn_pki_dir ~ '/certs/certs/' }}\"\nneutron_ovn_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name }}\"\nneutron_ovn_pki_intermediate_chain_path: >-\n {{ neutron_ovn_pki_dir ~ '/roots/' ~ neutron_ovn_pki_intermediate_cert_name ~ '/certs/' ~ neutron_ovn_pki_intermediate_cert_name ~ '-chain.crt' }}\nneutron_ovn_pki_regen_cert: \"\"\nneutron_ovn_pki_certificates:\n - name: \"neutron_ovn_{{ ansible_facts['hostname'] }}\"\n provider: ownca\n cn: \"{{ ansible_facts['hostname'] }}\"\n san: \"{{ 'DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ neutron_ovn_node_address }}\"\n signed_by: \"{{ neutron_ovn_pki_intermediate_cert_name }}\"\n\n# OVN destination files for SSL certificates\nneutron_ovn_ssl_cert: \"neutron_ovn.pem\"\nneutron_ovn_ssl_key: \"neutron_ovn.key\"\nneutron_ovn_ssl_ca_cert: \"neutron_ovn-ca.pem\"\nneutron_ovn_conf_dir: \"/etc/openvswitch\"\n# Installation details for SSL certificates\nneutron_ovn_pki_install_certificates:\n - src: \"{{ neutron_ovn_user_ssl_cert | default(neutron_ovn_pki_certs_path ~ 'neutron_ovn_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}\"\n\n dest: \"{{ [neutron_ovn_conf_dir, neutron_ovn_ssl_cert] | join('/') }}\"\n owner: \"{{ neutron_ovn_system_user_name }}\"\n group: \"{{ neutron_ovn_system_user_name }}\"\n mode: \"0644\"\n condition: \"{{ (neutron_ovn_ssl and neutron_needs_openvswitch and neutron_plugin_type == 'ml2.ovn') }}\"\n - src: \"{{ neutron_ovn_user_ssl_key | default(neutron_ovn_pki_keys_path ~ 'neutron_ovn_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n dest: \"{{ [neutron_ovn_conf_dir, neutron_ovn_ssl_key] | join('/') }}\"\n owner: \"{{ neutron_ovn_system_user_name }}\"\n group: \"{{ neutron_ovn_system_user_name }}\"\n mode: \"0600\"\n condition: \"{{ (neutron_ovn_ssl and neutron_needs_openvswitch) }}\"\n - src: \"{{ neutron_ovn_user_ssl_ca_cert | default(neutron_ovn_pki_intermediate_chain_path) }}\"\n dest: \"{{ [neutron_ovn_conf_dir, neutron_ovn_ssl_ca_cert] | join('/') }}\"\n owner: \"{{ (neutron_services['neutron-server']['group'] in group_names) | ternary(neutron_service_user_name, neutron_ovn_system_user_name) }}\"\n group: \"{{ (neutron_services['neutron-server']['group'] in group_names) | ternary(neutron_service_user_name, neutron_ovn_system_user_name) }}\"\n mode: \"0644\"\n condition: \"{{ (neutron_ovn_ssl and neutron_needs_openvswitch and neutron_plugin_type == 'ml2.ovn') }}\"\n - src: \"{{ neutron_ovn_user_ssl_cert | default(neutron_ovn_pki_certs_path ~ 'neutron_ovn_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}\"\n dest: \"{{ [neutron_conf_version_dir, neutron_ovn_ssl_cert] | join('/') }}\"\n owner: \"{{ neutron_service_user_name }}\"\n group: \"{{ neutron_service_user_name }}\"\n mode: \"0644\"\n condition: \"{{ (neutron_ovn_ssl and neutron_plugin_type == 'ml2.ovn' and (filtered_neutron_services | length + uwsgi_neutron_services | length) > 0) }}\"\n - src: \"{{ neutron_ovn_user_ssl_key | default(neutron_ovn_pki_keys_path ~ 'neutron_ovn_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n dest: \"{{ [neutron_conf_version_dir, neutron_ovn_ssl_key] | join('/') }}\"\n owner: \"{{ neutron_service_user_name }}\"\n group: \"{{ neutron_service_user_name }}\"\n mode: \"0600\"\n condition: \"{{ (neutron_ovn_ssl and neutron_plugin_type == 'ml2.ovn' and (filtered_neutron_services | length + uwsgi_neutron_services | length) > 0) }}\"\n - src: \"{{ neutron_ovn_user_ssl_ca_cert | default(neutron_ovn_pki_intermediate_chain_path) }}\"\n dest: \"{{ [neutron_conf_version_dir, neutron_ovn_ssl_ca_cert] | join('/') }}\"\n owner: \"{{ neutron_service_user_name }}\"\n group: \"{{ neutron_service_user_name }}\"\n mode: \"0644\"\n condition: \"{{ (neutron_ovn_ssl and neutron_plugin_type == 'ml2.ovn' and (filtered_neutron_services | length + uwsgi_neutron_services | length) > 0) }}\"\n\n# Define user-provided SSL certificates in:\n# /etc/openstack_deploy/user_variables.yml\n# neutron_ovnnb_user_ssl_cert: \n# neutron_ovnnb_user_ssl_key: \n# neutron_ovnsb_user_ssl_cert: \n# neutron_ovnsb_user_ssl_key: \n\n###\n### DPDK Configuration\n###\n\novs_datapath: \"netdev\"\novs_dpdk_pci_addresses: []\novs_dpdk_driver: vfio-pci\novs_dpdk_support: false\novs_dpdk_lcore_mask: 1\novs_dpdk_pmd_cpu_mask: 2\novs_dpdk_socket_mem: \"1024\"\novs_dpdk_nr_1g_pages: 0\novs_dpdk_nr_2m_pages: 0\n\n###\n### Backend TLS\n###\n\n# Define if communication between haproxy and service backends should be\n# encrypted with TLS.\nneutron_backend_ssl: \"{{ openstack_service_backend_ssl | default(False) }}\"\n\n# Storage location for SSL certificate authority\nneutron_pki_dir: \"{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}\"\n\n# Delegated host for operating the certificate authority\nneutron_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n# neutron server certificate\nneutron_pki_keys_path: \"{{ neutron_pki_dir ~ '/certs/private/' }}\"\nneutron_pki_certs_path: \"{{ neutron_pki_dir ~ '/certs/certs/' }}\"\nneutron_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}\"\nneutron_pki_regen_cert: \"\"\nneutron_pki_san: \"{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}\"\nneutron_pki_certificates:\n - name: \"neutron_{{ ansible_facts['hostname'] }}\"\n provider: ownca\n cn: \"{{ ansible_facts['hostname'] }}\"\n san: \"{{ neutron_pki_san }}\"\n signed_by: \"{{ neutron_pki_intermediate_cert_name }}\"\n\n# neutron destination files for SSL certificates\nneutron_ssl_cert: \"{{ neutron_conf_version_dir }}/neutron.pem\"\nneutron_ssl_key: \"{{ neutron_conf_version_dir }}/neutron.key\"\n\n# Installation details for SSL certificates\nneutron_pki_install_certificates:\n - src: \"{{ neutron_user_ssl_cert | default(neutron_pki_certs_path ~ 'neutron_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}\"\n dest: \"{{ neutron_ssl_cert }}\"\n owner: \"{{ neutron_system_user_name }}\"\n group: \"{{ neutron_system_user_name }}\"\n mode: \"0644\"\n - src: \"{{ neutron_user_ssl_key | default(neutron_pki_keys_path ~ 'neutron_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n dest: \"{{ neutron_ssl_key }}\"\n owner: \"{{ neutron_system_user_name }}\"\n group: \"{{ neutron_system_user_name }}\"\n mode: \"0600\"\n\n# Define user-provided SSL certificates\n# neutron_user_ssl_cert: \n# neutron_user_ssl_key: \n","created":"2025-12-08T13:39:58.111233Z","updated":"2025-12-08T13:39:58.111263Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-os_neutron/defaults/main.yml"}