---
octavia_services:
  octavia-api:
    container_name: octavia_api
    group: octavia-api
    enabled: true
    image: "{{ octavia_api_image_full }}"
    volumes: "{{ octavia_api_default_volumes + octavia_api_extra_volumes }}"
    dimensions: "{{ octavia_api_dimensions }}"
    healthcheck: "{{ octavia_api_healthcheck }}"
    haproxy:
      octavia_api:
        enabled: "{{ enable_octavia }}"
        mode: "http"
        external: false
        port: "{{ octavia_api_port }}"
        listen_port: "{{ octavia_api_listen_port }}"
        tls_backend: "{{ octavia_enable_tls_backend }}"
      octavia_api_external:
        enabled: "{{ enable_octavia }}"
        mode: "http"
        external: true
        external_fqdn: "{{ octavia_external_fqdn }}"
        port: "{{ octavia_api_public_port }}"
        listen_port: "{{ octavia_api_listen_port }}"
        tls_backend: "{{ octavia_enable_tls_backend }}"
  octavia-driver-agent:
    container_name: octavia_driver_agent
    group: octavia-driver-agent
    enabled: "{{ enable_octavia_driver_agent }}"
    image: "{{ octavia_driver_agent_image_full }}"
    volumes: "{{ octavia_driver_agent_default_volumes + octavia_driver_agent_extra_volumes }}"
    dimensions: "{{ octavia_driver_agent_dimensions }}"
  octavia-health-manager:
    container_name: octavia_health_manager
    group: octavia-health-manager
    enabled: true
    image: "{{ octavia_health_manager_image_full }}"
    volumes: "{{ octavia_health_manager_default_volumes + octavia_health_manager_extra_volumes }}"
    dimensions: "{{ octavia_health_manager_dimensions }}"
    healthcheck: "{{ octavia_health_manager_healthcheck }}"
  octavia-housekeeping:
    container_name: octavia_housekeeping
    group: octavia-housekeeping
    enabled: true
    image: "{{ octavia_housekeeping_image_full }}"
    volumes: "{{ octavia_housekeeping_default_volumes + octavia_housekeeping_extra_volumes }}"
    dimensions: "{{ octavia_housekeeping_dimensions }}"
    healthcheck: "{{ octavia_housekeeping_healthcheck }}"
  octavia-worker:
    container_name: octavia_worker
    group: octavia-worker
    enabled: true
    image: "{{ octavia_worker_image_full }}"
    volumes: "{{ octavia_worker_default_volumes + octavia_worker_extra_volumes }}"
    dimensions: "{{ octavia_worker_dimensions }}"
    healthcheck: "{{ octavia_worker_healthcheck }}"

octavia_required_roles:
  - load-balancer_observer
  - load-balancer_global_observer
  - load-balancer_member
  - load-balancer_admin
  - load-balancer_quota_admin

####################
# Config Validate
####################
octavia_config_validation:
  - generator: "/octavia/etc/config/octavia-config-generator.conf"
    config: "/etc/octavia/octavia.conf"

####################
# Database
####################
octavia_database_name: "octavia"
octavia_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}octavia{% endif %}"
octavia_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"

octavia_persistence_database_name: "octavia_persistence"
octavia_persistence_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}octavia_persistence{% endif %}"
octavia_persistence_database_address: "{{ octavia_database_address }}"

####################
# Database sharding
####################
octavia_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ octavia_database_shard_id }}{% else %}{{ database_user }}{% endif %}"
octavia_database_shard_id: "{{ mariadb_default_database_shard_id | int }}"
octavia_persistence_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ octavia_persistence_database_shard_id }}{% else %}{{ database_user }}{% endif %}"
octavia_persistence_database_shard_id: "{{ octavia_database_shard_id | int }}"
octavia_database_shard:
  users:
    - user: "{{ octavia_database_user }}"
      password: "{{ octavia_database_password }}"
    - user: "{{ octavia_persistence_database_user }}"
      password: "{{ octavia_persistence_database_password }}"
  rules:
    - schema: "{{ octavia_database_name }}"
      shard_id: "{{ octavia_database_shard_id }}"
    - schema: "{{ octavia_persistence_database_name }}"
      shard_id: "{{ octavia_persistence_database_shard_id }}"


####################
# Docker
####################
octavia_tag: "{{ openstack_tag }}"

octavia_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}octavia-api"
octavia_api_tag: "{{ octavia_tag }}"
octavia_api_image_full: "{{ octavia_api_image }}:{{ octavia_api_tag }}"

octavia_driver_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}octavia-driver-agent"
octavia_driver_agent_tag: "{{ octavia_tag }}"
octavia_driver_agent_image_full: "{{ octavia_driver_agent_image }}:{{ octavia_driver_agent_tag }}"

octavia_health_manager_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}octavia-health-manager"
octavia_health_manager_tag: "{{ octavia_tag }}"
octavia_health_manager_image_full: "{{ octavia_health_manager_image }}:{{ octavia_health_manager_tag }}"

octavia_housekeeping_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}octavia-housekeeping"
octavia_housekeeping_tag: "{{ octavia_tag }}"
octavia_housekeeping_image_full: "{{ octavia_housekeeping_image }}:{{ octavia_housekeeping_tag }}"

octavia_worker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}octavia-worker"
octavia_worker_tag: "{{ octavia_tag }}"
octavia_worker_image_full: "{{ octavia_worker_image }}:{{ octavia_worker_tag }}"

octavia_api_dimensions: "{{ default_container_dimensions }}"
octavia_driver_agent_dimensions: "{{ default_container_dimensions }}"
octavia_health_manager_dimensions: "{{ default_container_dimensions }}"
octavia_housekeeping_dimensions: "{{ default_container_dimensions }}"
octavia_worker_dimensions: "{{ default_container_dimensions }}"

octavia_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
octavia_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
octavia_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
octavia_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
octavia_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl {{ 'https' if octavia_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ octavia_api_listen_port }}"]
octavia_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
octavia_api_healthcheck:
  interval: "{{ octavia_api_healthcheck_interval }}"
  retries: "{{ octavia_api_healthcheck_retries }}"
  start_period: "{{ octavia_api_healthcheck_start_period }}"
  test: "{% if octavia_api_enable_healthchecks | bool %}{{ octavia_api_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ octavia_api_healthcheck_timeout }}"

octavia_health_manager_enable_healthchecks: "{{ enable_container_healthchecks }}"
octavia_health_manager_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
octavia_health_manager_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
octavia_health_manager_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
octavia_health_manager_healthcheck_test: ["CMD-SHELL", "healthcheck_port octavia-health-manager {{ database_port }}"]
octavia_health_manager_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
octavia_health_manager_healthcheck:
  interval: "{{ octavia_health_manager_healthcheck_interval }}"
  retries: "{{ octavia_health_manager_healthcheck_retries }}"
  start_period: "{{ octavia_health_manager_healthcheck_start_period }}"
  test: "{% if octavia_health_manager_enable_healthchecks | bool %}{{ octavia_health_manager_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ octavia_health_manager_healthcheck_timeout }}"

octavia_housekeeping_enable_healthchecks: "{{ enable_container_healthchecks }}"
octavia_housekeeping_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
octavia_housekeeping_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
octavia_housekeeping_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
octavia_housekeeping_healthcheck_test: ["CMD-SHELL", "healthcheck_port octavia-housekeeping {{ database_port }}"]
octavia_housekeeping_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
octavia_housekeeping_healthcheck:
  interval: "{{ octavia_housekeeping_healthcheck_interval }}"
  retries: "{{ octavia_housekeeping_healthcheck_retries }}"
  start_period: "{{ octavia_housekeeping_healthcheck_start_period }}"
  test: "{% if octavia_housekeeping_enable_healthchecks | bool %}{{ octavia_housekeeping_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ octavia_housekeeping_healthcheck_timeout }}"

octavia_worker_enable_healthchecks: "{{ enable_container_healthchecks }}"
octavia_worker_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
octavia_worker_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
octavia_worker_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
octavia_worker_healthcheck_test: ["CMD-SHELL", "healthcheck_port octavia-worker {{ om_rpc_port }}"]
octavia_worker_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
octavia_worker_healthcheck:
  interval: "{{ octavia_worker_healthcheck_interval }}"
  retries: "{{ octavia_worker_healthcheck_retries }}"
  start_period: "{{ octavia_worker_healthcheck_start_period }}"
  test: "{% if octavia_worker_enable_healthchecks | bool %}{{ octavia_worker_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ octavia_worker_healthcheck_timeout }}"

octavia_api_default_volumes:
  - "{{ node_config_directory }}/octavia-api/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "kolla_logs:/var/log/kolla/"
  - "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"
  - "octavia_driver_agent:/var/run/octavia/"
octavia_health_manager_default_volumes:
  - "{{ node_config_directory }}/octavia-health-manager/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "kolla_logs:/var/log/kolla/"
  - "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"
octavia_driver_agent_default_volumes:
  - "{{ node_config_directory }}/octavia-driver-agent/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "kolla_logs:/var/log/kolla/"
  - "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"
  - "octavia_driver_agent:/var/run/octavia/"
octavia_housekeeping_default_volumes:
  - "{{ node_config_directory }}/octavia-housekeeping/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "kolla_logs:/var/log/kolla/"
  - "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"
octavia_worker_default_volumes:
  - "{{ node_config_directory }}/octavia-worker/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "kolla_logs:/var/log/kolla/"
  - "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"

octavia_extra_volumes: "{{ default_extra_volumes }}"
octavia_api_extra_volumes: "{{ octavia_extra_volumes }}"
octavia_driver_agent_extra_volumes: "{{ octavia_extra_volumes }}"
octavia_health_manager_extra_volumes: "{{ octavia_extra_volumes }}"
octavia_housekeeping_extra_volumes: "{{ octavia_extra_volumes }}"
octavia_worker_extra_volumes: "{{ octavia_extra_volumes }}"

####################
# OpenStack
####################
octavia_logging_debug: "{{ openstack_logging_debug }}"

octavia_keystone_user: "octavia"

# Project that Octavia will use to interact with other services.  Note that in
# Train and earlier releases this was "admin".
octavia_service_auth_project: "service"

openstack_octavia_auth: "{{ openstack_auth }}"

octavia_api_workers: "{{ openstack_service_workers }}"
octavia_healthmanager_health_workers: "{{ openstack_service_workers }}"
octavia_healthmanager_stats_workers: "{{ openstack_service_workers }}"

####################
# Keystone
####################
octavia_ks_services:
  - name: "octavia"
    type: "load-balancer"
    description: "Octavia Load Balancing Service"
    endpoints:
      - {'interface': 'internal', 'url': '{{ octavia_internal_endpoint }}'}
      - {'interface': 'public', 'url': '{{ octavia_public_endpoint }}'}

octavia_ks_users:
  - project: "service"
    user: "{{ octavia_keystone_user }}"
    password: "{{ octavia_keystone_password }}"
    role: "admin"
  # NOTE(mgoddard): The default for the service auth project is service, but
  # may be customised. Ensure the project exists, and assign the octavia user
  # the admin role in it.
  - project: "{{ octavia_service_auth_project }}"
    user: "{{ octavia_keystone_user }}"
    password: "{{ octavia_keystone_password }}"
    role: "admin"

####################
# Kolla
####################
octavia_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
octavia_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
octavia_dev_mode: "{{ kolla_dev_mode }}"
octavia_source_version: "{{ kolla_source_version }}"

#####################
# Integration Options
#####################
octavia_amp_ssh_key_name: "octavia_ssh_key"
octavia_amp_listen_port: "9443"
octavia_amp_image_tag: "amphora"

# Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ]
octavia_loadbalancer_topology: "SINGLE"

# OpenStack auth used when registering resources for Octavia.
octavia_user_auth:
  auth_url: "{{ keystone_internal_url }}"
  username: "octavia"
  password: "{{ octavia_keystone_password }}"
  project_name: "{{ octavia_service_auth_project }}"
  domain_name: "{{ default_project_domain_name }}"

# Octavia amphora flavor.
# See os_nova_flavor for details. Supported parameters:
# - disk
# - ephemeral (optional)
# - extra_specs (optional)
# - flavorid (optional)
# - is_public (optional)
# - name
# - ram
# - swap (optional)
# - vcpus
octavia_amp_flavor:
  name: "amphora"
  is_public: no
  vcpus: 1
  ram: 1024
  disk: 5

# Octavia security groups. lb-mgmt-sec-grp is for amphorae.
# lb-health-mgr-sec-grp is used for health manager ports.
octavia_amp_security_groups:
  mgmt-sec-grp:
    name: "lb-mgmt-sec-grp"
    enabled: true
    rules:
      - protocol: "{{ 'ipv6-icmp' if octavia_network_address_family == 'ipv6' else 'icmp' }}"
      - protocol: tcp
        src_port: 22
        dst_port: 22
      - protocol: tcp
        src_port: "{{ octavia_amp_listen_port }}"
        dst_port: "{{ octavia_amp_listen_port }}"
  health-mgr-sec-grp:
    name: "lb-health-mgr-sec-grp"
    enabled: "{{ true if octavia_network_type == 'tenant' else false }}"
    rules:
      - protocol: udp
        src_port: "{{ octavia_health_manager_port }}"
        dst_port: "{{ octavia_health_manager_port }}"

# Octavia management network.
# See os_network and os_subnet for details. Supported parameters:
# - external (optional)
# - mtu (optional)
# - name
# - provider_network_type (optional)
# - provider_physical_network (optional)
# - provider_segmentation_id (optional)
# - shared (optional)
# - subnet
# The subnet parameter has the following supported parameters:
# - allocation_pool_start (optional)
# - allocation_pool_end (optional)
# - cidr
# - enable_dhcp (optional)
# - gateway_ip (optional)
# - name
# - no_gateway_ip (optional)
# - ip_version (optional)
# - ipv6_address_mode (optional)
# - ipv6_ra_mode (optional)
octavia_amp_network:
  name: lb-mgmt-net
  shared: false
  subnet:
    name: lb-mgmt-subnet
    cidr: "{{ octavia_amp_network_cidr }}"
    no_gateway_ip: yes
    enable_dhcp: yes

# Octavia management network subnet CIDR.
octavia_amp_network_cidr: 10.1.0.0/24

octavia_amp_router:
  name: lb-mgmt-router
  subnet: "{{ octavia_amp_network['subnet']['name'] }}"

# Octavia provider drivers
octavia_provider_drivers: "amphora:Amphora provider{% if neutron_plugin_agent == 'ovn' %}, ovn:OVN provider{% endif %}"
octavia_provider_agents: "amphora_agent{% if neutron_plugin_agent == 'ovn' %}, ovn{% endif %}"

####################
# TLS
####################
octavia_enable_tls_backend: "{{ kolla_enable_tls_backend }}"