OpenStack: Install default configuration files

Add the default configuration files for Keystone, Nova,
Neutron, Glance, Cinder, Swift, Ceilometer, Ironic and Tempest.

Also install configuration files which will are not going to be modified
in the following commit, in the post-install-commands for the chunk; as
opposite to having them laying around in the repo and installing them
with the install-files configuration extension.

Note:
  - Some configuration files have been created using commands given in
    their documentations or they .conf.sample files.
  - To generate cinder.conf use the following command on the top of the
    cinder repository:
    ./tools/config/generate_sample.sh -b . -p cinder -o etc/cinder
  - Nova.conf has been taken from:
    http://pkgs.fedoraproject.org/cgit/openstack-nova.git/tree/nova.conf.sample
    commit 69755b4a072edff0957ee256290395600edbab9e
  - tempest.conf has been taken from the tag version '4'.

Signed-off-by: Francisco Redondo Marchena <francisco.marchena@codethink.co.uk>
Signed-off-by: Patrick Darley <patrick.darley@codethink.co.uk>
Signed-off-by: Tiago Gomes <tiago.gomes@codethink.co.uk>

Change-Id: Id26886aaaa9edd8509412615a65e681d5c8117ed

1 files changed, 544 insertions, 223 deletions

diff --git a/install-files/openstack/usr/share/openstack/ironic/ironic.conf b/install-files/openstack/usr/share/openstack/ironic/ironic.conf
index 75c62b8e..ccf368f0 100644
--- a/install-files/openstack/usr/share/openstack/ironic/ironic.conf
+++ b/install-files/openstack/usr/share/openstack/ironic/ironic.conf
@@ -4,129 +4,13 @@
 # Options defined in oslo.messaging
 #
 
-# Use durable queues in amqp. (boolean value)
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues=false
-
-# Auto-delete queues in amqp. (boolean value)
-#amqp_auto_delete=false
-
-# Size of RPC connection pool. (integer value)
-#rpc_conn_pool_size=30
-
-# Qpid broker hostname. (string value)
-#qpid_hostname=localhost
-
-# Qpid broker port. (integer value)
-#qpid_port=5672
-
-# Qpid HA cluster host:port pairs. (list value)
-#qpid_hosts=$qpid_hostname:$qpid_port
-
-# Username for Qpid connection. (string value)
-#qpid_username=
-
-# Password for Qpid connection. (string value)
-#qpid_password=
-
-# Space separated list of SASL mechanisms to use for auth.
-# (string value)
-#qpid_sasl_mechanisms=
-
-# Seconds between connection keepalive heartbeats. (integer
-# value)
-#qpid_heartbeat=60
-
-# Transport to use, either 'tcp' or 'ssl'. (string value)
-#qpid_protocol=tcp
-
-# Whether to disable the Nagle algorithm. (boolean value)
-#qpid_tcp_nodelay=true
-
-# The number of prefetched messages held by receiver. (integer
-# value)
-#qpid_receiver_capacity=1
-
-# The qpid topology version to use.  Version 1 is what was
-# originally used by impl_qpid.  Version 2 includes some
-# backwards-incompatible changes that allow broker federation
-# to work.  Users should update to version 2 when they are
-# able to take everything down, as it requires a clean break.
-# (integer value)
-#qpid_topology_version=1
-
-# SSL version to use (valid only if SSL enabled). valid values
-# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some
-# distributions. (string value)
-#kombu_ssl_version=
-
-# SSL key file (valid only if SSL enabled). (string value)
-#kombu_ssl_keyfile=
-
-# SSL cert file (valid only if SSL enabled). (string value)
-#kombu_ssl_certfile=
-
-# SSL certification authority file (valid only if SSL
-# enabled). (string value)
-#kombu_ssl_ca_certs=
-
-# How long to wait before reconnecting in response to an AMQP
-# consumer cancel notification. (floating point value)
-#kombu_reconnect_delay=1.0
-
-# The RabbitMQ broker address where a single node is used.
-# (string value)
-rabbit_host={{ RABBITMQ_HOST }}
-
-# The RabbitMQ broker port where a single node is used.
-# (integer value)
-rabbit_port={{ RABBITMQ_PORT }}
-
-# RabbitMQ HA cluster host:port pairs. (list value)
-#rabbit_hosts=$rabbit_host:$rabbit_port
-
-# Connect over SSL for RabbitMQ. (boolean value)
-#rabbit_use_ssl=false
-
-# The RabbitMQ userid. (string value)
-rabbit_userid={{ RABBITMQ_USER }}
-
-# The RabbitMQ password. (string value)
-rabbit_password={{ RABBITMQ_PASSWORD }}
-
-# the RabbitMQ login method (string value)
-#rabbit_login_method=AMQPLAIN
-
-# The RabbitMQ virtual host. (string value)
-#rabbit_virtual_host=/
-
-# How frequently to retry connecting with RabbitMQ. (integer
-# value)
-#rabbit_retry_interval=1
-
-# How long to backoff for between retries when connecting to
-# RabbitMQ. (integer value)
-#rabbit_retry_backoff=2
-
-# Maximum number of RabbitMQ connection retries. Default is 0
-# (infinite retry count). (integer value)
-#rabbit_max_retries=0
-
-# Use HA queues in RabbitMQ (x-ha-policy: all). If you change
-# this option, you must wipe the RabbitMQ database. (boolean
-# value)
-#rabbit_ha_queues=false
-
-# If passed, use a fake RabbitMQ provider. (boolean value)
-#fake_rabbit=false
-
 # ZeroMQ bind address. Should be a wildcard (*), an ethernet
 # interface, or IP. The "host" option should point or resolve
 # to this address. (string value)
 #rpc_zmq_bind_address=*
 
 # MatchMaker driver. (string value)
-#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost
+#rpc_zmq_matchmaker=oslo_messaging._drivers.matchmaker.MatchMakerLocalhost
 
 # ZeroMQ receiver listening port. (integer value)
 #rpc_zmq_port=9501
@@ -156,7 +40,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }}
 # Heartbeat time-to-live. (integer value)
 #matchmaker_heartbeat_ttl=600
 
-# Size of RPC greenthread pool. (integer value)
+# Size of RPC thread pool. (integer value)
 #rpc_thread_pool_size=64
 
 # Driver or drivers to handle sending notifications. (multi
@@ -190,10 +74,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }}
 #
 
 # IP address of this host. (string value)
-my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
-
-# Use IPv6. (boolean value)
-#use_ipv6=false
+#my_ip=10.0.0.1
 
 
 #
@@ -204,6 +85,10 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
 # (string value)
 #auth_strategy=keystone
 
+# Enable pecan debug mode. WARNING: this is insecure and
+# should not be used in production. (boolean value)
+#pecan_debug=false
+
 
 #
 # Options defined in ironic.common.driver_factory
@@ -217,7 +102,7 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
 # present on your system may be found by enumerating the
 # "ironic.drivers" entrypoint. An example may be found in the
 # developer documentation online. (list value)
-enabled_drivers=pxe_ipmitool,pxe_ssh
+#enabled_drivers=pxe_ipmitool
 
 
 #
@@ -268,6 +153,9 @@ enabled_drivers=pxe_ipmitool,pxe_ssh
 # value)
 #isolinux_config_template=$pybasedir/common/isolinux_config.template
 
+# Template file for grub configuration file. (string value)
+#grub_config_template=$pybasedir/common/grub_conf.template
+
 
 #
 # Options defined in ironic.common.paths
@@ -287,18 +175,6 @@ enabled_drivers=pxe_ipmitool,pxe_ssh
 
 
 #
-# Options defined in ironic.common.policy
-#
-
-# JSON file representing policy. (string value)
-#policy_file=policy.json
-
-# Rule checked when requested rule is not found. (string
-# value)
-#policy_default_rule=default
-
-
-#
 # Options defined in ironic.common.service
 #
 
@@ -351,17 +227,6 @@ enabled_drivers=pxe_ipmitool,pxe_ssh
 
 
 #
-# Options defined in ironic.openstack.common.lockutils
-#
-
-# Enables or disables inter-process locks. (boolean value)
-#disable_process_locking=false
-
-# Directory to use for lock files. (string value)
-#lock_path=<None>
-
-
-#
 # Options defined in ironic.openstack.common.log
 #
 
@@ -393,7 +258,7 @@ enabled_drivers=pxe_ipmitool,pxe_ssh
 #logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
 
 # List of logger=LEVEL pairs. (list value)
-#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN
+#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
 
 # Enables or disables publication of error events. (boolean
 # value)
@@ -442,7 +307,7 @@ enabled_drivers=pxe_ipmitool,pxe_ssh
 # Use syslog for logging. Existing syslog format is DEPRECATED
 # during I, and will change in J to honor RFC5424. (boolean
 # value)
-use_syslog=True
+#use_syslog=false
 
 # (Optional) Enables or disables syslog rfc5424 format for
 # logging. If enabled, prefixes the MSG part of the syslog
@@ -464,6 +329,15 @@ use_syslog=True
 #run_external_periodic_tasks=true
 
 
+#
+# Options defined in ironic.openstack.common.versionutils
+#
+
+# Enables or disables fatal status of deprecations. (boolean
+# value)
+#fatal_deprecations=false
+
+
 [agent]
 
 #
@@ -480,6 +354,22 @@ use_syslog=True
 # Neutron bootfile DHCP parameter. (string value)
 #agent_pxe_bootfile_name=pxelinux.0
 
+# Priority to run in-band erase devices via the Ironic Python
+# Agent ramdisk. If unset, will use the priority set in the
+# ramdisk (defaults to 10 for the GenericHardwareManager). If
+# set to 0, will not run during cleaning. (integer value)
+#agent_erase_devices_priority=<None>
+
+# Whether Ironic will manage TFTP files for the deploy
+# ramdisks. If set to False, you will need to configure your
+# own TFTP server that allows booting the deploy ramdisks.
+# (boolean value)
+#manage_tftp=true
+
+#
+# Options defined in ironic.drivers.modules.agent_base_vendor
+#
+
 # Maximum interval (in seconds) for agent heartbeats. (integer
 # value)
 #heartbeat_timeout=300
@@ -494,6 +384,30 @@ use_syslog=True
 #agent_api_version=v1
 
 
+[amt]
+
+#
+# Options defined in ironic.drivers.modules.amt.common
+#
+
+# Protocol used for AMT endpoint, support http/https (string
+# value)
+#protocol=http
+
+
+#
+# Options defined in ironic.drivers.modules.amt.power
+#
+
+# Maximum number of times to attempt an AMT operation, before
+# failing (integer value)
+#max_attempts=3
+
+# Amount of time (in seconds) to wait, before retrying an AMT
+# operation (integer value)
+#action_wait=10
+
+
 [api]
 
 #
@@ -520,7 +434,7 @@ use_syslog=True
 # URL of Ironic API service. If not set ironic can get the
 # current value from the keystone service catalog. (string
 # value)
-api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385
+#api_url=<None>
 
 # Seconds between conductor heart beats. (integer value)
 #heartbeat_interval=10
@@ -587,6 +501,31 @@ api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385
 # the check entirely. (integer value)
 #sync_local_state_interval=180
 
+# Whether to upload the config drive to Swift. (boolean value)
+#configdrive_use_swift=false
+
+# Name of the Swift container to store config drive data. Used
+# when configdrive_use_swift is True. (string value)
+#configdrive_swift_container=ironic_configdrive_container
+
+# Timeout (seconds) for waiting for node inspection. 0 -
+# unlimited. (integer value)
+#inspect_timeout=1800
+
+# Cleaning is a configurable set of steps, such as erasing
+# disk drives, that are performed on the node to ensure it is
+# in a baseline state and ready to be deployed to. This is
+# done after instance deletion, and during the transition from
+# a "managed" to "available" state. When enabled, the
+# particular steps performed to clean a node depend on which
+# driver that node is managed by; see the individual driver's
+# documentation for details. NOTE: The introduction of the
+# cleaning operation causes instance deletion to take
+# significantly longer. In an environment where all tenants
+# are trusted (eg, because there is only one tenant), this
+# option could be safely disabled. (boolean value)
+#clean_nodes=true
+
 
 [console]
 
@@ -635,7 +574,7 @@ api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385
 # Deprecated group/name - [DEFAULT]/sql_connection
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
-connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ironic
+#connection=<None>
 
 # The SQLAlchemy connection string to use to connect to the
 # slave database. (string value)
@@ -667,8 +606,9 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
 #max_pool_size=<None>
 
-# Maximum db connection retries during startup. Set to -1 to
-# specify an infinite retry count. (integer value)
+# Maximum number of database connection retries during
+# startup. Set to -1 to specify an infinite retry count.
+# (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_retries
 # Deprecated group/name - [DATABASE]/sql_max_retries
 #max_retries=10
@@ -704,20 +644,22 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL
 # connection lost. (boolean value)
 #use_db_reconnect=false
 
-# Seconds between database connection retries. (integer value)
+# Seconds between retries of a database transaction. (integer
+# value)
 #db_retry_interval=1
 
-# If True, increases the interval between database connection
-# retries up to db_max_retry_interval. (boolean value)
+# If True, increases the interval between retries of a
+# database operation up to db_max_retry_interval. (boolean
+# value)
 #db_inc_retry_interval=true
 
 # If db_inc_retry_interval is set, the maximum seconds between
-# database connection retries. (integer value)
+# retries of a database operation. (integer value)
 #db_max_retry_interval=10
 
-# Maximum database connection retries before error is raised.
-# Set to -1 to specify an infinite retry count. (integer
-# value)
+# Maximum retries in case of connection error or deadlock
+# error before error is raised. Set to -1 to specify an
+# infinite retry count. (integer value)
 #db_max_retries=20
 
 
@@ -729,6 +671,25 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL
 #mysql_engine=InnoDB
 
 
+[deploy]
+
+#
+# Options defined in ironic.drivers.modules.deploy_utils
+#
+
+# Size of EFI system partition in MiB when configuring UEFI
+# systems for local boot. (integer value)
+#efi_system_partition_size=200
+
+# Block size to use when writing to the nodes disk. (string
+# value)
+#dd_block_size=1M
+
+# Maximum attempts to verify an iSCSI connection is active,
+# sleeping 1 second between attempts. (integer value)
+#iscsi_verify_attempts=3
+
+
 [dhcp]
 
 #
@@ -740,6 +701,26 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL
 #dhcp_provider=neutron
 
 
+[discoverd]
+
+#
+# Options defined in ironic.drivers.modules.discoverd
+#
+
+# whether to enable inspection using ironic-discoverd (boolean
+# value)
+#enabled=false
+
+# ironic-discoverd HTTP endpoint. If this is not set, the
+# ironic-discoverd client default (http://127.0.0.1:5050) will
+# be used. (string value)
+#service_url=<None>
+
+# period (in seconds) to check status of nodes on inspection
+# (integer value)
+#status_check_period=60
+
+
 [disk_partitioner]
 
 #
@@ -811,13 +792,22 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL
 # (string value)
 #swift_container=glance
 
+# This should match a config by the same name in the Glance
+# configuration file. When set to 0, a single-tenant store
+# will only use one container to store all images. When set to
+# an integer value between 1 and 32, a single-tenant store
+# will use multiple containers to store images, and this value
+# will determine how many containers are created. (integer
+# value)
+#swift_store_multiple_containers_seed=0
+
 
 #
 # Options defined in ironic.common.image_service
 #
 
 # Default glance hostname or IP address. (string value)
-glance_host={{ CONTROLLER_HOST_ADDRESS }}
+#glance_host=$my_ip
 
 # Default glance port. (integer value)
 #glance_port=9292
@@ -828,7 +818,7 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }}
 
 # A list of the glance api servers available to ironic. Prefix
 # with https:// for SSL-based glance API servers. Format is
-# [hostname|IP]:port. (string value)
+# [hostname|IP]:port. (list value)
 #glance_api_servers=<None>
 
 # Allow to perform insecure SSL (https) requests to glance.
@@ -839,8 +829,9 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }}
 # (integer value)
 #glance_num_retries=0
 
-# Default protocol to use when connecting to glance. Set to
-# https for SSL. (string value)
+# Authentication strategy to use when connecting to glance.
+# Only "keystone" and "noauth" are currently supported by
+# ironic. (string value)
 #auth_strategy=keystone
 
 
@@ -865,6 +856,43 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }}
 
 
 #
+# Options defined in ironic.drivers.modules.ilo.deploy
+#
+
+# Priority for erase devices clean step. If unset, it defaults
+# to 10. If set to 0, the step will be disabled and will not
+# run during cleaning. (integer value)
+#clean_priority_erase_devices=<None>
+
+
+#
+# Options defined in ironic.drivers.modules.ilo.management
+#
+
+# Priority for reset_ilo clean step. (integer value)
+#clean_priority_reset_ilo=1
+
+# Priority for reset_bios_to_default clean step. (integer
+# value)
+#clean_priority_reset_bios_to_default=10
+
+# Priority for reset_secure_boot_keys clean step. This step
+# will reset the secure boot keys to manufacturing  defaults.
+# (integer value)
+#clean_priority_reset_secure_boot_keys_to_default=20
+
+# Priority for clear_secure_boot_keys clean step. This step is
+# not enabled by default. It can be enabled to to clear all
+# secure boot keys enrolled with iLO. (integer value)
+#clean_priority_clear_secure_boot_keys=0
+
+# Priority for reset_ilo_credential clean step. This step
+# requires "ilo_change_password" parameter to be updated in
+# nodes's driver_info with the new password. (integer value)
+#clean_priority_reset_ilo_credential=30
+
+
+#
 # Options defined in ironic.drivers.modules.ilo.power
 #
 
@@ -883,8 +911,12 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }}
 # Options defined in ironic.drivers.modules.ipminative
 #
 
-# Maximum time in seconds to retry IPMI operations. (integer
-# value)
+# Maximum time in seconds to retry IPMI operations. There is a
+# tradeoff when setting this value. Setting this too low may
+# cause older BMCs to crash and require a hard reset. However,
+# setting too high can cause the sync power state periodic
+# task to hang when there are slow or unresponsive BMCs.
+# (integer value)
 #retry_timeout=60
 
 # Minimum time, in seconds, between IPMI operations sent to a
@@ -894,79 +926,73 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }}
 #min_command_interval=5
 
 
-[keystone_authtoken]
+[irmc]
 
 #
-# Options defined in keystonemiddleware.auth_token
+# Options defined in ironic.drivers.modules.irmc.common
 #
 
-# Prefix to prepend at the beginning of the path. Deprecated,
-# use identity_uri. (string value)
-#auth_admin_prefix=
+# Port to be used for iRMC operations, either 80 or 443
+# (integer value)
+#port=443
 
-# Host providing the admin Identity API endpoint. Deprecated,
-# use identity_uri. (string value)
-#auth_host=127.0.0.1
+# Authentication method to be used for iRMC operations, either
+# "basic" or "digest" (string value)
+#auth_method=basic
 
-# Port of the admin Identity API endpoint. Deprecated, use
-# identity_uri. (integer value)
-#auth_port=35357
+# Timeout (in seconds) for iRMC operations (integer value)
+#client_timeout=60
 
-# Protocol of the admin Identity API endpoint (http or https).
-# Deprecated, use identity_uri. (string value)
-#auth_protocol=https
+# Sensor data retrieval method, either "ipmitool" or "scci"
+# (string value)
+#sensor_method=ipmitool
 
-# Complete public Identity API endpoint (string value)
-auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
 
-# Complete admin Identity API endpoint. This should specify
-# the unversioned root endpoint e.g. https://localhost:35357/
+[keystone]
+
+#
+# Options defined in ironic.common.keystone
+#
+
+# The region used for getting endpoints of OpenStackservices.
 # (string value)
-identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
+#region_name=<None>
+
+
+[keystone_authtoken]
 
-# API version of the admin Identity API endpoint (string
+#
+# Options defined in keystonemiddleware.auth_token
+#
+
+# Complete public Identity API endpoint. (string value)
+#auth_uri=<None>
+
+# API version of the admin Identity API endpoint. (string
 # value)
 #auth_version=<None>
 
 # Do not handle authorization requests within the middleware,
 # but delegate the authorization decision to downstream WSGI
-# components (boolean value)
+# components. (boolean value)
 #delay_auth_decision=false
 
 # Request timeout value for communicating with Identity API
-# server. (boolean value)
+# server. (integer value)
 #http_connect_timeout=<None>
 
 # How many times are we trying to reconnect when communicating
 # with Identity API Server. (integer value)
 #http_request_max_retries=3
 
-# This option is deprecated and may be removed in a future
-# release. Single shared secret with the Keystone
-# configuration used for bootstrapping a Keystone
-# installation, or otherwise bypassing the normal
-# authentication process. This option should not be used, use
-# `admin_user` and `admin_password` instead. (string value)
-#admin_token=<None>
-
-# Keystone account username (string value)
-admin_user={{ IRONIC_SERVICE_USER }}
-
-# Keystone account password (string value)
-admin_password={{ IRONIC_SERVICE_PASSWORD }}
-
-# Keystone service account tenant name to validate user tokens
-# (string value)
-admin_tenant_name=service
-
-# Env key for the swift cache (string value)
+# Env key for the swift cache. (string value)
 #cache=<None>
 
-# Required if Keystone server requires client certificate
+# Required if identity server requires client certificate
 # (string value)
 #certfile=<None>
 
-# Required if Keystone server requires client certificate
+# Required if identity server requires client certificate
 # (string value)
 #keyfile=<None>
 
@@ -977,7 +1003,7 @@ admin_tenant_name=service
 # Verify HTTPS connections. (boolean value)
 #insecure=false
 
-# Directory used to cache files related to PKI tokens (string
+# Directory used to cache files related to PKI tokens. (string
 # value)
 #signing_dir=<None>
 
@@ -1000,7 +1026,7 @@ admin_tenant_name=service
 # value)
 #revocation_cache_time=10
 
-# (optional) if defined, indicate whether token data should be
+# (Optional) If defined, indicate whether token data should be
 # authenticated or authenticated and encrypted. Acceptable
 # values are MAC or ENCRYPT.  If MAC, token data is
 # authenticated (with HMAC) in the cache. If ENCRYPT, token
@@ -1009,38 +1035,38 @@ admin_tenant_name=service
 # raise an exception on initialization. (string value)
 #memcache_security_strategy=<None>
 
-# (optional, mandatory if memcache_security_strategy is
-# defined) this string is used for key derivation. (string
+# (Optional, mandatory if memcache_security_strategy is
+# defined) This string is used for key derivation. (string
 # value)
 #memcache_secret_key=<None>
 
-# (optional) number of seconds memcached server is considered
+# (Optional) Number of seconds memcached server is considered
 # dead before it is tried again. (integer value)
 #memcache_pool_dead_retry=300
 
-# (optional) max total number of open connections to every
+# (Optional) Maximum total number of open connections to every
 # memcached server. (integer value)
 #memcache_pool_maxsize=10
 
-# (optional) socket timeout in seconds for communicating with
+# (Optional) Socket timeout in seconds for communicating with
 # a memcache server. (integer value)
 #memcache_pool_socket_timeout=3
 
-# (optional) number of seconds a connection to memcached is
+# (Optional) Number of seconds a connection to memcached is
 # held unused in the pool before it is closed. (integer value)
 #memcache_pool_unused_timeout=60
 
-# (optional) number of seconds that an operation will wait to
+# (Optional) Number of seconds that an operation will wait to
 # get a memcache client connection from the pool. (integer
 # value)
 #memcache_pool_conn_get_timeout=10
 
-# (optional) use the advanced (eventlet safe) memcache client
+# (Optional) Use the advanced (eventlet safe) memcache client
 # pool. The advanced pool will only work under python 2.x.
 # (boolean value)
 #memcache_use_advanced_pool=false
 
-# (optional) indicate whether to set the X-Service-Catalog
+# (Optional) Indicate whether to set the X-Service-Catalog
 # header. If False, middleware will not ask for service
 # catalog on token validation and will not set the X-Service-
 # Catalog header. (boolean value)
@@ -1059,7 +1085,7 @@ admin_tenant_name=service
 
 # If true, the revocation list will be checked for cached
 # tokens. This requires that PKI tokens are configured on the
-# Keystone server. (boolean value)
+# identity server. (boolean value)
 #check_revocations_for_cached=false
 
 # Hash algorithms to use for hashing PKI tokens. This may be a
@@ -1074,6 +1100,44 @@ admin_tenant_name=service
 # (list value)
 #hash_algorithms=md5
 
+# Prefix to prepend at the beginning of the path. Deprecated,
+# use identity_uri. (string value)
+#auth_admin_prefix=
+
+# Host providing the admin Identity API endpoint. Deprecated,
+# use identity_uri. (string value)
+#auth_host=127.0.0.1
+
+# Port of the admin Identity API endpoint. Deprecated, use
+# identity_uri. (integer value)
+#auth_port=35357
+
+# Protocol of the admin Identity API endpoint (http or https).
+# Deprecated, use identity_uri. (string value)
+#auth_protocol=https
+
+# Complete admin Identity API endpoint. This should specify
+# the unversioned root endpoint e.g. https://localhost:35357/
+# (string value)
+#identity_uri=<None>
+
+# This option is deprecated and may be removed in a future
+# release. Single shared secret with the Keystone
+# configuration used for bootstrapping a Keystone
+# installation, or otherwise bypassing the normal
+# authentication process. This option should not be used, use
+# `admin_user` and `admin_password` instead. (string value)
+#admin_token=<None>
+
+# Service username. (string value)
+#admin_user=<None>
+
+# Service user password. (string value)
+#admin_password=<None>
+
+# Service tenant name. (string value)
+#admin_tenant_name=admin
+
 
 [matchmaker_redis]
 
@@ -1109,12 +1173,16 @@ admin_tenant_name=service
 #
 
 # URL for connecting to neutron. (string value)
-url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696
+#url=http://$my_ip:9696
 
 # Timeout value for connecting to neutron in seconds. (integer
 # value)
 #url_timeout=30
 
+# Client retries in the case of a failed request. (integer
+# value)
+#retries=3
+
 # Default authentication strategy to use when connecting to
 # neutron. Can be either "keystone" or "noauth". Running
 # neutron in noauth mode (related to but not affected by this
@@ -1122,6 +1190,248 @@ url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696
 # (string value)
 #auth_strategy=keystone
 
+# UUID of the network to create Neutron ports on when booting
+# to a ramdisk for cleaning/zapping using Neutron DHCP (string
+# value)
+#cleaning_network_uuid=<None>
+
+
+[oslo_concurrency]
+
+#
+# Options defined in oslo.concurrency
+#
+
+# Enables or disables inter-process locks. (boolean value)
+#disable_process_locking=false
+
+# Directory to use for lock files.  For security, the
+# specified directory should only be writable by the user
+# running the processes that need locking. Defaults to
+# environment variable OSLO_LOCK_PATH. If external locks are
+# used, a lock path must be set. (string value)
+#lock_path=<None>
+
+
+[oslo_messaging_amqp]
+
+#
+# Options defined in oslo.messaging
+#
+
+# address prefix used when sending to a specific server
+# (string value)
+#server_request_prefix=exclusive
+
+# address prefix used when broadcasting to all servers (string
+# value)
+#broadcast_prefix=broadcast
+
+# address prefix when sending to any server in group (string
+# value)
+#group_request_prefix=unicast
+
+# Name for the AMQP container (string value)
+#container_name=<None>
+
+# Timeout for inactive connections (in seconds) (integer
+# value)
+#idle_timeout=0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+#trace=false
+
+# CA certificate PEM file for verifing server certificate
+# (string value)
+#ssl_ca_file=
+
+# Identifying certificate PEM file to present to clients
+# (string value)
+#ssl_cert_file=
+
+# Private key PEM file used to sign cert_file certificate
+# (string value)
+#ssl_key_file=
+
+# Password for decrypting ssl_key_file (if encrypted) (string
+# value)
+#ssl_key_password=<None>
+
+# Accept clients using either SSL or plain TCP (boolean value)
+#allow_insecure_clients=false
+
+
+[oslo_messaging_qpid]
+
+#
+# Options defined in oslo.messaging
+#
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues=false
+
+# Auto-delete queues in AMQP. (boolean value)
+#amqp_auto_delete=false
+
+# Size of RPC connection pool. (integer value)
+#rpc_conn_pool_size=30
+
+# Qpid broker hostname. (string value)
+#qpid_hostname=localhost
+
+# Qpid broker port. (integer value)
+#qpid_port=5672
+
+# Qpid HA cluster host:port pairs. (list value)
+#qpid_hosts=$qpid_hostname:$qpid_port
+
+# Username for Qpid connection. (string value)
+#qpid_username=
+
+# Password for Qpid connection. (string value)
+#qpid_password=
+
+# Space separated list of SASL mechanisms to use for auth.
+# (string value)
+#qpid_sasl_mechanisms=
+
+# Seconds between connection keepalive heartbeats. (integer
+# value)
+#qpid_heartbeat=60
+
+# Transport to use, either 'tcp' or 'ssl'. (string value)
+#qpid_protocol=tcp
+
+# Whether to disable the Nagle algorithm. (boolean value)
+#qpid_tcp_nodelay=true
+
+# The number of prefetched messages held by receiver. (integer
+# value)
+#qpid_receiver_capacity=1
+
+# The qpid topology version to use.  Version 1 is what was
+# originally used by impl_qpid.  Version 2 includes some
+# backwards-incompatible changes that allow broker federation
+# to work.  Users should update to version 2 when they are
+# able to take everything down, as it requires a clean break.
+# (integer value)
+#qpid_topology_version=1
+
+
+[oslo_messaging_rabbit]
+
+#
+# Options defined in oslo.messaging
+#
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues=false
+
+# Auto-delete queues in AMQP. (boolean value)
+#amqp_auto_delete=false
+
+# Size of RPC connection pool. (integer value)
+#rpc_conn_pool_size=30
+
+# SSL version to use (valid only if SSL enabled). Valid values
+# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may
+# be available on some distributions. (string value)
+#kombu_ssl_version=
+
+# SSL key file (valid only if SSL enabled). (string value)
+#kombu_ssl_keyfile=
+
+# SSL cert file (valid only if SSL enabled). (string value)
+#kombu_ssl_certfile=
+
+# SSL certification authority file (valid only if SSL
+# enabled). (string value)
+#kombu_ssl_ca_certs=
+
+# How long to wait before reconnecting in response to an AMQP
+# consumer cancel notification. (floating point value)
+#kombu_reconnect_delay=1.0
+
+# The RabbitMQ broker address where a single node is used.
+# (string value)
+#rabbit_host=localhost
+
+# The RabbitMQ broker port where a single node is used.
+# (integer value)
+#rabbit_port=5672
+
+# RabbitMQ HA cluster host:port pairs. (list value)
+#rabbit_hosts=$rabbit_host:$rabbit_port
+
+# Connect over SSL for RabbitMQ. (boolean value)
+#rabbit_use_ssl=false
+
+# The RabbitMQ userid. (string value)
+#rabbit_userid=guest
+
+# The RabbitMQ password. (string value)
+#rabbit_password=guest
+
+# The RabbitMQ login method. (string value)
+#rabbit_login_method=AMQPLAIN
+
+# The RabbitMQ virtual host. (string value)
+#rabbit_virtual_host=/
+
+# How frequently to retry connecting with RabbitMQ. (integer
+# value)
+#rabbit_retry_interval=1
+
+# How long to backoff for between retries when connecting to
+# RabbitMQ. (integer value)
+#rabbit_retry_backoff=2
+
+# Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count). (integer value)
+#rabbit_max_retries=0
+
+# Use HA queues in RabbitMQ (x-ha-policy: all). If you change
+# this option, you must wipe the RabbitMQ database. (boolean
+# value)
+#rabbit_ha_queues=false
+
+# Number of seconds after which the Rabbit broker is
+# considered down if heartbeat's keep-alive fails (0 disable
+# the heartbeat). (integer value)
+#heartbeat_timeout_threshold=60
+
+# How often times during the heartbeat_timeout_threshold we
+# check the heartbeat. (integer value)
+#heartbeat_rate=2
+
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
+# (boolean value)
+#fake_rabbit=false
+
+
+[oslo_policy]
+
+#
+# Options defined in oslo.policy
+#
+
+# The JSON file that defines policies. (string value)
+#policy_file=policy.json
+
+# Default rule. Enforced when a requested rule is not found.
+# (string value)
+#policy_default_rule=default
+
+# Directories where policy configuration files are stored.
+# They can be relative to any directory in the search path
+# defined by the config_dir option, or absolute paths. The
+# file defined by policy_file must exist for these directories
+# to be searched.  Missing or empty directories are ignored.
+# (multi valued)
+#policy_dirs=policy.d
+
 
 [pxe]
 
@@ -1173,11 +1483,11 @@ url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696
 #tftp_server=$my_ip
 
 # Ironic compute node's tftp root path. (string value)
-tftp_root=/srv/tftp_root/
+#tftp_root=/tftpboot
 
 # Directory where master tftp images are stored on disk.
 # (string value)
-tftp_master_path=/srv/tftp_root/master_images
+#tftp_master_path=/tftpboot/master_images
 
 # Bootfile DHCP parameter. (string value)
 #pxe_bootfile_name=pxelinux.0
@@ -1245,3 +1555,14 @@ tftp_master_path=/srv/tftp_root/master_images
 #swift_max_retries=2
 
 
+[virtualbox]
+
+#
+# Options defined in ironic.drivers.modules.virtualbox
+#
+
+# Port on which VirtualBox web service is listening. (integer
+# value)
+#port=18083
+
+