diff options
150 files changed, 7213 insertions, 8766 deletions
@@ -4,3 +4,9 @@ README for morphs These are some morphologies for Baserock. Baserock is a system for developing embedded and appliance Linux systems. For more information, see <http://wiki.baserock.org>. + +The systems listed in the systems/ directory are example systems +that build and run at some point. The only ones we can be sure +that still build in current master of definitions are the ones that +we keep building in our ci system; they are listed in +http://git.baserock.org/cgi-bin/cgit.cgi/baserock/baserock/definitions.git/tree/clusters/ci.morph diff --git a/clusters/openstack-three-node-installer.morph b/clusters/openstack-three-node-installer.morph index a316a56c..b9c72364 100644 --- a/clusters/openstack-three-node-installer.morph +++ b/clusters/openstack-three-node-installer.morph @@ -154,6 +154,7 @@ systems: EXTERNAL_INTERFACE: enp3s0 NETWORK_CONFIG: enp3s0:dhcp;enp2s0:static,address=10.0.0.1,netmask=255.255.255.0 + SYNC_TIME_WITH_CONTROLLER: True subsystems: - morph: systems/initramfs-x86_64.morph deploy: @@ -197,6 +198,7 @@ systems: HOSTS_SELF: 10.0.0.2 threenode-controller EXTERNAL_INTERFACE: enp2s0 NETWORK_CONFIG: enp2s0:dhcp;enp0s26u1u2:static,address=10.0.0.2,netmask=255.255.255.0 + SYNC_TIME_WITH_CONTROLLER: False subsystems: - morph: systems/initramfs-x86_64.morph deploy: @@ -233,6 +235,7 @@ systems: HOSTS_SELF: 10.0.0.3 threenode-compute EXTERNAL_INTERFACE: eno1 NETWORK_CONFIG: eno1:dhcp;enp0s29u1u3:static,address=10.0.0.3,netmask=255.255.255.0 + SYNC_TIME_WITH_CONTROLLER: True subsystems: - morph: systems/initramfs-x86_64.morph deploy: diff --git a/clusters/openstack-two-node-installer.morph b/clusters/openstack-two-node-installer.morph index d4f94cfb..29c028dc 100644 --- a/clusters/openstack-two-node-installer.morph +++ b/clusters/openstack-two-node-installer.morph @@ -151,6 +151,7 @@ systems: HOSTS_COMPUTE: 10.0.0.3 twonode-compute.os-mgmt EXTERNAL_INTERFACE: enp3s0 NETWORK_CONFIG: enp3s0:dhcp;enp2s0:static,address=10.0.0.1,netmask=255.255.255.0 + SYNC_TIME_WITH_CONTROLLER: False subsystems: - morph: systems/initramfs-x86_64.morph deploy: @@ -194,6 +195,7 @@ systems: HOSTS_SELF: 10.0.0.3 twonode-compute EXTERNAL_INTERFACE: eno1 NETWORK_CONFIG: eno1:dhcp;enp0s29u1u3:static,address=10.0.0.3,netmask=255.255.255.0 + SYNC_TIME_WITH_CONTROLLER: True subsystems: - morph: systems/initramfs-x86_64.morph deploy: diff --git a/extensions/openstack-ceilometer.configure b/extensions/openstack-ceilometer.configure index 9c0b7b6d..a98c4d73 100644 --- a/extensions/openstack-ceilometer.configure +++ b/extensions/openstack-ceilometer.configure @@ -66,6 +66,7 @@ if [ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -o \ -z "$RABBITMQ_USER" -o \ -z "$RABBITMQ_PASSWORD" -o \ -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \ + -z "$NOVA_VIRT_TYPE" -o \ -z "$CONTROLLER_HOST_ADDRESS" ]; then echo Some options required for Ceilometer were defined, but not all. exit 1 @@ -114,6 +115,7 @@ ceilometer_configuration={ 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'], 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], + 'NOVA_VIRT_TYPE': os.environ['NOVA_VIRT_TYPE'], } yaml.dump(ceilometer_configuration, sys.stdout, default_flow_style=False) diff --git a/extensions/openstack-network.configure b/extensions/openstack-network.configure index 10be5a1c..9128f845 100644 --- a/extensions/openstack-network.configure +++ b/extensions/openstack-network.configure @@ -23,6 +23,36 @@ enable(){ "$ROOT/etc/systemd/system/multi-user.target.wants/$1.service" } +unnaceptable(){ + eval echo Unexpected value \$$1 for $1 >&2 + exit 1 +} + +check_bool(){ + case "$(eval echo \"\$$1\")" in + True|'') + eval "$1=true" + ;; + False) + eval "$1=false" + ;; + *) + unnaceptable "$1" + ;; + esac +} + +########################################################################## +# Check variables +########################################################################## + +check_bool NEUTRON_ENABLE_MANAGER +check_bool NEUTRON_ENABLE_AGENT + +if ! "$NEUTRON_ENABLE_MANAGER" && ! "$NEUTRON_ENABLE_AGENT"; then + exit 0 +fi + ################### # Enable services # ################### diff --git a/extensions/openstack-nova.configure b/extensions/openstack-nova.configure index 213f1852..9e77305d 100644 --- a/extensions/openstack-nova.configure +++ b/extensions/openstack-nova.configure @@ -103,14 +103,6 @@ if "$NOVA_ENABLE_CONTROLLER"; then done fi -########################################################################## -# Change iprange for the interal libvirt to avoid clashes -# with eth0 ip range -########################################################################## - -sed -i "s/192\.168\.122\./192\.168\.1\./g" \ - "$ROOT"/etc/libvirt/qemu/networks/default.xml - ########################################################################## # Generate configuration file diff --git a/extensions/openstack-time.configure b/extensions/openstack-time.configure new file mode 100644 index 00000000..4f5c8fbd --- /dev/null +++ b/extensions/openstack-time.configure @@ -0,0 +1,61 @@ +#!/bin/sh + +# Copyright (C) 2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +ROOT="$1" + +unnaceptable(){ + eval echo Unexpected value \$$1 for $1 >&2 + exit 1 +} + +check_bool(){ + case "$(eval echo \"\$$1\")" in + True) + eval "$1=true" + ;; + False|'') + eval "$1=false" + ;; + *) + unnaceptable "$1" + ;; + esac +} +check_bool SYNC_TIME_WITH_CONTROLLER + +if "$SYNC_TIME_WITH_CONTROLLER"; then + + cat << EOF > "$ROOT"/etc/ntpd.conf +# We use iburst here to reduce the potential initial delay to set the clock +server $CONTROLLER_HOST_ADDRESS iburst + +# kod - notify client when packets are denied service, +# rather than just dropping the packets +# +# nomodify - deny queries which attempt to modify the state of the server +# +# notrap - decline to provide mode 6 control message trap service to +# matching hosts +# +# see ntp.conf(5) for more details +restrict -4 default limited limited nomodify +restrict -6 default limited limited notrap nomodify +EOF + +fi diff --git a/install-files/openstack/etc/horizon/apache-horizon.conf b/install-files/openstack/etc/horizon/apache-horizon.conf index ea88897a..ab3cf0c7 100644 --- a/install-files/openstack/etc/horizon/apache-horizon.conf +++ b/install-files/openstack/etc/horizon/apache-horizon.conf @@ -1,16 +1,18 @@ <VirtualHost *:80> - WSGIScriptAlias /horizon /var/lib/horizon/openstack_dashboard/django.wsgi + WSGIScriptAlias / /var/lib/horizon/openstack_dashboard/wsgi/django.wsgi WSGIDaemonProcess horizon user=horizon group=horizon processes=3 threads=10 home=/var/lib/horizon display-name=horizon WSGIApplicationGroup %{GLOBAL} - RedirectMatch ^/$ /horizon/ - SetEnv APACHE_RUN_USER apache SetEnv APACHE_RUN_GROUP apache WSGIProcessGroup horizon DocumentRoot /var/lib/horizon/.blackhole - Alias /static /var/lib/horizon/openstack_dashboard/static + Alias /static /var/lib/horizon/static + + <Directory /var/lib/horizon/static> + Require all granted + </Directory> <Directory /var/lib/horizon/openstack_dashboard > Options Indexes FollowSymLinks MultiViews diff --git a/install-files/openstack/etc/horizon/openstack_dashboard/local_settings.py b/install-files/openstack/etc/horizon/openstack_dashboard/local_settings.py deleted file mode 100644 index febc3e70..00000000 --- a/install-files/openstack/etc/horizon/openstack_dashboard/local_settings.py +++ /dev/null @@ -1,551 +0,0 @@ -import os - -from django.utils.translation import ugettext_lazy as _ - -from openstack_dashboard import exceptions - -DEBUG = True -TEMPLATE_DEBUG = DEBUG - -STATIC_ROOT = "/var/lib/horizon/openstack_dashboard/static" - -# Required for Django 1.5. -# If horizon is running in production (DEBUG is False), set this -# with the list of host/domain names that the application can serve. -# For more information see: -# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts -#ALLOWED_HOSTS = ['horizon.example.com', ] -ALLOWED_HOSTS = ['*'] - -# Set SSL proxy settings: -# For Django 1.4+ pass this header from the proxy after terminating the SSL, -# and don't forget to strip it from the client's request. -# For more information see: -# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header -# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') - -# If Horizon is being served through SSL, then uncomment the following two -# settings to better secure the cookies from security exploits -#CSRF_COOKIE_SECURE = True -#SESSION_COOKIE_SECURE = True - -# Overrides for OpenStack API versions. Use this setting to force the -# OpenStack dashboard to use a specific API version for a given service API. -# NOTE: The version should be formatted as it appears in the URL for the -# service API. For example, The identity service APIs have inconsistent -# use of the decimal point, so valid options would be "2.0" or "3". -# OPENSTACK_API_VERSIONS = { -# "data_processing": 1.1, -# "identity": 3, -# "volume": 2 -# } - -# Set this to True if running on multi-domain model. When this is enabled, it -# will require user to enter the Domain name in addition to username for login. -# OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False - -# Overrides the default domain used when running on single-domain model -# with Keystone V3. All entities will be created in the default domain. -# OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default' - -# Set Console type: -# valid options would be "AUTO"(default), "VNC", "SPICE", "RDP" or None -# Set to None explicitly if you want to deactivate the console. -# CONSOLE_TYPE = "AUTO" - -# Default OpenStack Dashboard configuration. -HORIZON_CONFIG = { - 'user_home': 'openstack_dashboard.views.get_user_home', - 'ajax_queue_limit': 10, - 'auto_fade_alerts': { - 'delay': 3000, - 'fade_duration': 1500, - 'types': ['alert-success', 'alert-info'] - }, - 'help_url': "http://docs.openstack.org", - 'exceptions': {'recoverable': exceptions.RECOVERABLE, - 'not_found': exceptions.NOT_FOUND, - 'unauthorized': exceptions.UNAUTHORIZED}, - 'modal_backdrop': 'static', - 'angular_modules': [], - 'js_files': [], -} - -# Specify a regular expression to validate user passwords. -# HORIZON_CONFIG["password_validator"] = { -# "regex": '.*', -# "help_text": _("Your password does not meet the requirements.") -# } - -# Disable simplified floating IP address management for deployments with -# multiple floating IP pools or complex network requirements. -# HORIZON_CONFIG["simple_ip_management"] = False - -# Turn off browser autocompletion for forms including the login form and -# the database creation workflow if so desired. -# HORIZON_CONFIG["password_autocomplete"] = "off" - -# Setting this to True will disable the reveal button for password fields, -# including on the login form. -# HORIZON_CONFIG["disable_password_reveal"] = False - -#LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) - -LOCAL_PATH = "/var/lib/horizon" - -# Set custom secret key: -# You can either set it to a specific value or you can let horizon generate a -# default secret key that is unique on this machine, e.i. regardless of the -# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, there -# may be situations where you would want to set this explicitly, e.g. when -# multiple dashboard instances are distributed on different machines (usually -# behind a load-balancer). Either you have to make sure that a session gets all -# requests routed to the same dashboard instance or you set the same SECRET_KEY -# for all of them. -from horizon.utils import secret_key -SECRET_KEY = secret_key.generate_or_read_from_file( - os.path.join(LOCAL_PATH, '.secret_key_store')) - -# We recommend you use memcached for development; otherwise after every reload -# of the django development server, you will have to login again. To use -# memcached set CACHES to something like -CACHES = { - 'default': { - 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', - 'LOCATION': '127.0.0.1:11211', - } -} - -#CACHES = { -# 'default': { -# 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache' -# } -#} - -# Send email to the console by default -EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' -# Or send them to /dev/null -#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' - -# Configure these for your outgoing email host -# EMAIL_HOST = 'smtp.my-company.com' -# EMAIL_PORT = 25 -# EMAIL_HOST_USER = 'djangomail' -# EMAIL_HOST_PASSWORD = 'top-secret!' - -# For multiple regions uncomment this configuration, and add (endpoint, title). -# AVAILABLE_REGIONS = [ -# ('http://cluster1.example.com:5000/v2.0', 'cluster1'), -# ('http://cluster2.example.com:5000/v2.0', 'cluster2'), -# ] - -OPENSTACK_HOST = "127.0.0.1" -OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST -OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" - -# Disable SSL certificate checks (useful for self-signed certificates): -# OPENSTACK_SSL_NO_VERIFY = True - -# The CA certificate to use to verify SSL connections -# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem' - -# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the -# capabilities of the auth backend for Keystone. -# If Keystone has been configured to use LDAP as the auth backend then set -# can_edit_user to False and name to 'ldap'. -# -# TODO(tres): Remove these once Keystone has an API to identify auth backend. -OPENSTACK_KEYSTONE_BACKEND = { - 'name': 'native', - 'can_edit_user': True, - 'can_edit_group': True, - 'can_edit_project': True, - 'can_edit_domain': True, - 'can_edit_role': True -} - -#Setting this to True, will add a new "Retrieve Password" action on instance, -#allowing Admin session password retrieval/decryption. -#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False - -# The Xen Hypervisor has the ability to set the mount point for volumes -# attached to instances (other Hypervisors currently do not). Setting -# can_set_mount_point to True will add the option to set the mount point -# from the UI. -OPENSTACK_HYPERVISOR_FEATURES = { - 'can_set_mount_point': False, - 'can_set_password': False, -} - -# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional -# services provided by cinder that is not exposed by its extension API. -OPENSTACK_CINDER_FEATURES = { - 'enable_backup': False, -} - -# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional -# services provided by neutron. Options currently available are load -# balancer service, security groups, quotas, VPN service. -OPENSTACK_NEUTRON_NETWORK = { - 'enable_router': True, - 'enable_quotas': True, - 'enable_ipv6': True, - 'enable_distributed_router': False, - 'enable_ha_router': False, - 'enable_lb': True, - 'enable_firewall': True, - 'enable_vpn': True, - # The profile_support option is used to detect if an external router can be - # configured via the dashboard. When using specific plugins the - # profile_support can be turned on if needed. - 'profile_support': None, - #'profile_support': 'cisco', - # Set which provider network types are supported. Only the network types - # in this list will be available to choose from when creating a network. - # Network types include local, flat, vlan, gre, and vxlan. - 'supported_provider_types': ['*'], -} - -# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features -# in the OpenStack Dashboard related to the Image service, such as the list -# of supported image formats. -# OPENSTACK_IMAGE_BACKEND = { -# 'image_formats': [ -# ('', _('Select format')), -# ('aki', _('AKI - Amazon Kernel Image')), -# ('ami', _('AMI - Amazon Machine Image')), -# ('ari', _('ARI - Amazon Ramdisk Image')), -# ('iso', _('ISO - Optical Disk Image')), -# ('qcow2', _('QCOW2 - QEMU Emulator')), -# ('raw', _('Raw')), -# ('vdi', _('VDI')), -# ('vhd', _('VHD')), -# ('vmdk', _('VMDK')) -# ] -# } - -# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for -# image custom property attributes that appear on image detail pages. -IMAGE_CUSTOM_PROPERTY_TITLES = { - "architecture": _("Architecture"), - "kernel_id": _("Kernel ID"), - "ramdisk_id": _("Ramdisk ID"), - "image_state": _("Euca2ools state"), - "project_id": _("Project ID"), - "image_type": _("Image Type") -} - -# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image -# custom properties should not be displayed in the Image Custom Properties -# table. -IMAGE_RESERVED_CUSTOM_PROPERTIES = [] - -# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints -# in the Keystone service catalog. Use this setting when Horizon is running -# external to the OpenStack environment. The default is 'publicURL'. -#OPENSTACK_ENDPOINT_TYPE = "publicURL" - -# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the -# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints -# in the Keystone service catalog. Use this setting when Horizon is running -# external to the OpenStack environment. The default is None. This -# value should differ from OPENSTACK_ENDPOINT_TYPE if used. -#SECONDARY_ENDPOINT_TYPE = "publicURL" - -# The number of objects (Swift containers/objects or images) to display -# on a single page before providing a paging element (a "more" link) -# to paginate results. -API_RESULT_LIMIT = 1000 -API_RESULT_PAGE_SIZE = 20 - -# Specify a maximum number of items to display in a dropdown. -DROPDOWN_MAX_ITEMS = 30 - -# The timezone of the server. This should correspond with the timezone -# of your entire OpenStack installation, and hopefully be in UTC. -TIME_ZONE = "UTC" - -# When launching an instance, the menu of available flavors is -# sorted by RAM usage, ascending. If you would like a different sort order, -# you can provide another flavor attribute as sorting key. Alternatively, you -# can provide a custom callback method to use for sorting. You can also provide -# a flag for reverse sort. For more info, see -# http://docs.python.org/2/library/functions.html#sorted -# CREATE_INSTANCE_FLAVOR_SORT = { -# 'key': 'name', -# # or -# 'key': my_awesome_callback_method, -# 'reverse': False, -# } - -# The Horizon Policy Enforcement engine uses these values to load per service -# policy rule files. The content of these files should match the files the -# OpenStack services are using to determine role based access control in the -# target installation. - -# Path to directory containing policy.json files -#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf") -# Map of local copy of service policy files -#POLICY_FILES = { -# 'identity': 'keystone_policy.json', -# 'compute': 'nova_policy.json', -# 'volume': 'cinder_policy.json', -# 'image': 'glance_policy.json', -# 'orchestration': 'heat_policy.json', -# 'network': 'neutron_policy.json', -#} - -# Trove user and database extension support. By default support for -# creating users and databases on database instances is turned on. -# To disable these extensions set the permission here to something -# unusable such as ["!"]. -# TROVE_ADD_USER_PERMS = [] -# TROVE_ADD_DATABASE_PERMS = [] - -LOGGING = { - 'version': 1, - # When set to True this will disable all logging except - # for loggers specified in this configuration dictionary. Note that - # if nothing is specified here and disable_existing_loggers is True, - # django.db.backends will still log unless it is disabled explicitly. - 'disable_existing_loggers': False, - 'handlers': { - 'null': { - 'level': 'DEBUG', - 'class': 'django.utils.log.NullHandler', - }, - 'console': { - # Set the level to "DEBUG" for verbose output logging. - 'level': 'INFO', - 'class': 'logging.StreamHandler', - }, - }, - 'loggers': { - # Logging from django.db.backends is VERY verbose, send to null - # by default. - 'django.db.backends': { - 'handlers': ['null'], - 'propagate': False, - }, - 'requests': { - 'handlers': ['null'], - 'propagate': False, - }, - 'horizon': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'openstack_dashboard': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'novaclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'cinderclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'keystoneclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'glanceclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'neutronclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'heatclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'ceilometerclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'troveclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'swiftclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'openstack_auth': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'nose.plugins.manager': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'django': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'iso8601': { - 'handlers': ['null'], - 'propagate': False, - }, - 'scss': { - 'handlers': ['null'], - 'propagate': False, - }, - } -} - -# 'direction' should not be specified for all_tcp/udp/icmp. -# It is specified in the form. -SECURITY_GROUP_RULES = { - 'all_tcp': { - 'name': _('All TCP'), - 'ip_protocol': 'tcp', - 'from_port': '1', - 'to_port': '65535', - }, - 'all_udp': { - 'name': _('All UDP'), - 'ip_protocol': 'udp', - 'from_port': '1', - 'to_port': '65535', - }, - 'all_icmp': { - 'name': _('All ICMP'), - 'ip_protocol': 'icmp', - 'from_port': '-1', - 'to_port': '-1', - }, - 'ssh': { - 'name': 'SSH', - 'ip_protocol': 'tcp', - 'from_port': '22', - 'to_port': '22', - }, - 'smtp': { - 'name': 'SMTP', - 'ip_protocol': 'tcp', - 'from_port': '25', - 'to_port': '25', - }, - 'dns': { - 'name': 'DNS', - 'ip_protocol': 'tcp', - 'from_port': '53', - 'to_port': '53', - }, - 'http': { - 'name': 'HTTP', - 'ip_protocol': 'tcp', - 'from_port': '80', - 'to_port': '80', - }, - 'pop3': { - 'name': 'POP3', - 'ip_protocol': 'tcp', - 'from_port': '110', - 'to_port': '110', - }, - 'imap': { - 'name': 'IMAP', - 'ip_protocol': 'tcp', - 'from_port': '143', - 'to_port': '143', - }, - 'ldap': { - 'name': 'LDAP', - 'ip_protocol': 'tcp', - 'from_port': '389', - 'to_port': '389', - }, - 'https': { - 'name': 'HTTPS', - 'ip_protocol': 'tcp', - 'from_port': '443', - 'to_port': '443', - }, - 'smtps': { - 'name': 'SMTPS', - 'ip_protocol': 'tcp', - 'from_port': '465', - 'to_port': '465', - }, - 'imaps': { - 'name': 'IMAPS', - 'ip_protocol': 'tcp', - 'from_port': '993', - 'to_port': '993', - }, - 'pop3s': { - 'name': 'POP3S', - 'ip_protocol': 'tcp', - 'from_port': '995', - 'to_port': '995', - }, - 'ms_sql': { - 'name': 'MS SQL', - 'ip_protocol': 'tcp', - 'from_port': '1433', - 'to_port': '1433', - }, - 'mysql': { - 'name': 'MYSQL', - 'ip_protocol': 'tcp', - 'from_port': '3306', - 'to_port': '3306', - }, - 'rdp': { - 'name': 'RDP', - 'ip_protocol': 'tcp', - 'from_port': '3389', - 'to_port': '3389', - }, -} - -# Deprecation Notice: -# -# The setting FLAVOR_EXTRA_KEYS has been deprecated. -# Please load extra spec metadata into the Glance Metadata Definition Catalog. -# -# The sample quota definitions can be found in: -# <glance_source>/etc/metadefs/compute-quota.json -# -# The metadata definition catalog supports CLI and API: -# $glance --os-image-api-version 2 help md-namespace-import -# $glance-manage db_load_metadefs <directory_with_definition_files> -# -# See Metadata Definitions on: http://docs.openstack.org/developer/glance/ - -# Indicate to the Sahara data processing service whether or not -# automatic floating IP allocation is in effect. If it is not -# in effect, the user will be prompted to choose a floating IP -# pool for use in their cluster. False by default. You would want -# to set this to True if you were running Nova Networking with -# auto_assign_floating_ip = True. -# SAHARA_AUTO_IP_ALLOCATION_ENABLED = False - -# The hash algorithm to use for authentication tokens. This must -# match the hash algorithm that the identity server and the -# auth_token middleware are using. Allowed values are the -# algorithms supported by Python's hashlib library. -# OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5' -LOGIN_URL='/horizon/auth/login/' -LOGOUT_URL='/horizon/auth/logout/' -LOGIN_REDIRECT_URL='/horizon/' diff --git a/install-files/openstack/etc/neutron/dnsmasq-neutron.conf b/install-files/openstack/etc/neutron/dnsmasq-neutron.conf new file mode 100644 index 00000000..d2659481 --- /dev/null +++ b/install-files/openstack/etc/neutron/dnsmasq-neutron.conf @@ -0,0 +1,2 @@ +# Provide a MTU (DHCP MTU option 26) +dhcp-option-force=26,1454 diff --git a/install-files/openstack/etc/tempest/set_openstack_to_run_tempest.sh b/install-files/openstack/etc/tempest/set_openstack_to_run_tempest.sh new file mode 100755 index 00000000..30539488 --- /dev/null +++ b/install-files/openstack/etc/tempest/set_openstack_to_run_tempest.sh @@ -0,0 +1,113 @@ +#!/bin/bash +# +# Copyright ©2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. +# + + +# This script creates an public image in the admin tenant and +# sets tempest.conf variables for running tests with images involved. +# This is the minimal configuration to run tests for compute (api and services +# tests). +# +# NOTE: the test image will be the following cirros image: +# http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img +# + + +set -e + +# Global variables +admin_filename="admin_env" +admin_test_image="cirros64_img_ref" +image_ref="" + +# Openstack admin credentials +admin_username="admin" +admin_password="veryinsecure" +admin_tenant="admin" + +# Create a file with the environment variables +# required for setting a Openstack admin user in the +# admin tenant. +create_admin_user_env(){ + cat > "$admin_filename" <<EOF + export OS_USERNAME="$admin_username" + export OS_PASSWORD="$admin_password" + export OS_TENANT_NAME="$admin_tenant" + export OS_AUTH_URL=http://$(hostname):35357/v2.0 +EOF +} + +# Set the image fields in tempest.conf with the UUID of the admin_test_image. +configure_image_ref(){ + image_ref="$(glance image-list | grep "$admin_test_image" | tr -d [:space:] | cut -d'|' -f 2)" + if [ -z "image_ref" ]; then + echo "ERROR: image_ref is empty, please check that $admin_test_image is in the image list." + exit 1 + fi + # Configure the UUID (image_ref) for the created image + sed -r -i "s/[#]?image_ref =.*/image_ref = $image_ref/" tempest.conf + # Configure image_ssh_user for the created image + sed -r -i "s/[#]?image_ssh_user =.*/image_ssh_user = cirros/" tempest.conf + # Configure image_ssh_password for the created image + sed -r -i "s/[#]?image_ssh_password =.*/image_ssh_password = 'cubswin:)'/" tempest.conf + # Configure the UUID (image_ref_alt) for the created image + sed -r -i "s/[#]?image_ref_alt =.*/image_ref_alt = $image_ref/" tempest.conf + # Configure image_alt_ssh_user for the created image + sed -r -i "s/[#]?image_alt_ssh_user =.*/image_alt_ssh_user = cirros/" tempest.conf +} + +create_image_for_user(){ +# Create a image in the tenant $user called + local user_name="$1" + local test_image="$2" + + # Set the credential for $user + source "${user_name}_env" + # If there is an image with the same name as $test image, remove it. + if [ $(glance image-list | grep "$test_image" | wc -l) -gt 0 ]; then + declare -a previous_img=$(glance image-list | grep "$test_image" | awk -F "|" '{ print $2 }') + for index in ${previous_img[@]}; do + glance image-delete "$index" + done + fi + glance image-create --name "$test_image" \ + --location http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img \ + --is-public true --disk-format qcow2 --container-format bare --progress + if [[ $? -eq 0 ]] \ + || [[ "$(glance image-list | grep "$test_image" | wc -l)" == "1" ]]; then + configure_image_ref + else + echo "ERROR: glance image-create failed." + exit 1 + fi +} + +create_tempest_custom_flavor(){ + # Set the credential for admin + source "${admin_username}_env" + # In order to run tests in VMs we need a alternative flavor + # smaller than the small and bigger than the tiny flavor. + # So we create a flavor with the following features: + # name=m1.tempest_tests ID=6 Memory_MB=1024 Disk=1 Ephemeral=0 VCPUS=1 + echo "Creating custom small flavor for tempest tests and set it as alt_flavor in tempest.conf" + nova flavor-create m1.tempest_tests 6 1024 1 1 + sed -r -i "s/[#]?flavor_ref_alt =.*/flavor_ref_alt = 6/" tempest.conf +} + +# Configure Openstack for running tempest tests. +create_admin_user_env +create_image_for_user "$admin_username" "$admin_test_image" +create_tempest_custom_flavor diff --git a/install-files/openstack/etc/tempest/tempest.conf b/install-files/openstack/etc/tempest/tempest.conf index 05f0eca1..c045392c 100644 --- a/install-files/openstack/etc/tempest/tempest.conf +++ b/install-files/openstack/etc/tempest/tempest.conf @@ -1,17 +1,7 @@ [DEFAULT] # -# From tempest.config -# - -# Whether to disable inter-process locks (boolean value) -#disable_process_locking = false - -# Directory to use for lock files. (string value) -lock_path = /run/lock - -# -# From tempest.config +# From oslo.log # # Print debugging output (set logging level to DEBUG instead of @@ -22,10 +12,6 @@ lock_path = /run/lock # default WARNING level). (boolean value) #verbose = false -# -# From tempest.config -# - # The name of a logging configuration file. This file is appended to # any existing logging configuration files. For details about logging # configuration files, see the Python logging module documentation. @@ -33,28 +19,25 @@ lock_path = /run/lock # Deprecated group/name - [DEFAULT]/log_config #log_config_append = <None> +# DEPRECATED. A logging.Formatter log message format string which may +# use any of the available logging.LogRecord attributes. This option +# is deprecated. Please use logging_context_format_string and +# logging_default_format_string instead. (string value) +#log_format = <None> + # Format string for %%(asctime)s in log records. Default: %(default)s # . (string value) #log_date_format = %Y-%m-%d %H:%M:%S -# (Optional) The base directory used for relative --log-file paths. -# (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = <None> - # (Optional) Name of log file to output to. If no default is set, # logging will go to stdout. (string value) # Deprecated group/name - [DEFAULT]/logfile #log_file = <None> -# DEPRECATED. A logging.Formatter log message format string which may -# use any of the available logging.LogRecord attributes. This option -# is deprecated. Please use logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format = <None> - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility = LOG_USER +# (Optional) The base directory used for relative --log-file paths. +# (string value) +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = <None> # Use syslog for logging. Existing syslog format is DEPRECATED during # I, and will change in J to honor RFC5424. (boolean value) @@ -66,48 +49,43 @@ use_syslog = true # will be removed in J. (boolean value) #use_syslog_rfc_format = false -# -# From tempest.config -# +# Syslog facility to receive log lines. (string value) +#syslog_log_facility = LOG_USER # Log output to standard error. (boolean value) #use_stderr = true -# -# From tempest.config -# - -# List of logger=LEVEL pairs. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -# The format for an instance that is passed with the log message. -# (string value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. -# (string value) -#instance_uuid_format = "[instance: %(uuid)s] " - # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s -# Data to append to log format when level is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - # Format string to use for log messages without context. (string # value) #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + # Prefix each line of exception output with this format. (string # value) #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN + # Enables or disables publication of error events. (boolean value) #publish_errors = false +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false + +# The format for an instance that is passed with the log message. +# (string value) +#instance_format = "[instance: %(uuid)s] " + +# The format for an instance UUID that is passed with the log message. +# (string value) +#instance_uuid_format = "[instance: %(uuid)s] " + [auth] @@ -115,6 +93,14 @@ use_syslog = true # From tempest.config # +# Path to the yaml file that contains the list of credentials to use +# for running tests. If used when running in parallel you have to make +# sure sufficient credentials are provided in the accounts file. For +# example if no tests with roles are being run it requires at least `2 +# * CONC` distinct accounts configured in the `test_accounts_file`, +# with CONC == the number of concurrent test processes. (string value) +#test_accounts_file = <None> + # Allows test cases to create/destroy tenants and users. This option # requires that OpenStack Identity API admin credentials are known. If # false, isolated test cases and parallel execution, can still be @@ -123,17 +109,13 @@ use_syslog = true # Deprecated group/name - [orchestration]/allow_tenant_isolation allow_tenant_isolation = true -# If set to True it enables the Accounts provider, which locks -# credentials to allow for parallel execution with pre-provisioned -# accounts. It can only be used to run tests that ensure credentials -# cleanup happens. It requires at least `2 * CONC` distinct accounts -# configured in `test_accounts_file`, with CONC == the number of -# concurrent test processes. (boolean value) -#locking_credentials_provider = false +# Roles to assign to all users created by tempest (list value) +#tempest_roles = -# Path to the yaml file that contains the list of credentials to use -# for running tests (string value) -#test_accounts_file = etc/accounts.yaml +# Only applicable when identity.auth_version is v3.Domain within which +# isolated credentials are provisioned.The default "None" means that +# the domain from theadmin user is used instead. (string value) +#tenant_isolation_domain_name = <None> [baremetal] @@ -142,26 +124,27 @@ allow_tenant_isolation = true # From tempest.config # -# Timeout for Ironic node to completely provision (integer value) -#active_timeout = 300 - -# Timeout for association of Nova instance and Ironic node (integer -# value) -#association_timeout = 30 - # Catalog type of the baremetal provisioning service (string value) #catalog_type = baremetal -# Driver name which Ironic uses (string value) -#driver = fake - # Whether the Ironic nova-compute driver is enabled (boolean value) #driver_enabled = false +# Driver name which Ironic uses (string value) +#driver = fake + # The endpoint type to use for the baremetal provisioning service # (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL #endpoint_type = publicURL +# Timeout for Ironic node to completely provision (integer value) +#active_timeout = 300 + +# Timeout for association of Nova instance and Ironic node (integer +# value) +#association_timeout = 30 + # Timeout for Ironic power transitions. (integer value) #power_timeout = 60 @@ -175,47 +158,47 @@ allow_tenant_isolation = true # From tempest.config # -# AKI Kernel Image manifest (string value) -#aki_manifest = cirros-0.3.0-x86_64-vmlinuz.manifest.xml +# EC2 URL (string value) +#ec2_url = http://localhost:8773/services/Cloud -# AMI Machine Image manifest (string value) -#ami_manifest = cirros-0.3.0-x86_64-blank.img.manifest.xml +# S3 URL (string value) +#s3_url = http://localhost:8080 -# ARI Ramdisk Image manifest (string value) -#ari_manifest = cirros-0.3.0-x86_64-initrd.manifest.xml +# AWS Secret Key (string value) +#aws_secret = <None> # AWS Access Key (string value) #aws_access = <None> -# AWS Secret Key (string value) -#aws_secret = <None> - # AWS Zone for EC2 tests (string value) #aws_zone = nova -# Status Change Test Interval (integer value) -#build_interval = 1 +# S3 Materials Path (string value) +#s3_materials_path = /opt/stack/devstack/files/images/s3-materials/cirros-0.3.0 -# Status Change Timeout (integer value) -#build_timeout = 60 +# ARI Ramdisk Image manifest (string value) +#ari_manifest = cirros-0.3.0-x86_64-initrd.manifest.xml -# EC2 URL (string value) -#ec2_url = http://localhost:8773/services/Cloud +# AMI Machine Image manifest (string value) +#ami_manifest = cirros-0.3.0-x86_64-blank.img.manifest.xml -# boto Http socket timeout (integer value) -#http_socket_timeout = 3 +# AKI Kernel Image manifest (string value) +#aki_manifest = cirros-0.3.0-x86_64-vmlinuz.manifest.xml # Instance type (string value) #instance_type = m1.tiny +# boto Http socket timeout (integer value) +#http_socket_timeout = 3 + # boto num_retries on error (integer value) #num_retries = 1 -# S3 Materials Path (string value) -#s3_materials_path = /opt/stack/devstack/files/images/s3-materials/cirros-0.3.0 +# Status Change Timeout (integer value) +#build_timeout = 60 -# S3 URL (string value) -#s3_url = http://localhost:8080 +# Status Change Test Interval (integer value) +#build_interval = 1 [cli] @@ -224,16 +207,16 @@ allow_tenant_isolation = true # From tempest.config # +# enable cli tests (boolean value) +enabled = true + # directory where python client binaries are located (string value) cli_dir = /usr/bin -# enable cli tests (boolean value) -#enabled = true - # Whether the tempest run location has access to the *-manage # commands. In a pure blackbox environment it will not. (boolean # value) -#has_manage = true +has_manage = true # Number of seconds to wait on a CLI timeout (integer value) #timeout = 15 @@ -245,138 +228,123 @@ cli_dir = /usr/bin # From tempest.config # -# Time in seconds between build status checks. (integer value) -#build_interval = 1 - -# Timeout in seconds to wait for an instance to build. (integer value) -#build_timeout = 300 - -# Catalog type of the Compute service. (string value) -#catalog_type = compute - -# Catalog type of the Compute v3 service. (string value) -#catalog_v3_type = computev3 - -# The endpoint type to use for the compute service. (string value) -#endpoint_type = publicURL +# Valid primary image reference to be used in tests. This is a +# required option (string value) +#image_ref = <None> -# Visible fixed network name (string value) -#fixed_network_name = private +# Valid secondary image reference to be used in tests. This is a +# required option, but if only one image is available duplicate the +# value of image_ref above (string value) +#image_ref_alt = <None> # Valid primary flavor to use in tests. (string value) -#flavor_ref = 1 +flavor_ref = 1 # Valid secondary flavor to be used in tests. (string value) -#flavor_ref_alt = 2 +flavor_ref_alt = 2 -# Unallocated floating IP range, which will be used to test the -# floating IP bulk feature for CRUD operation. (string value) -#floating_ip_range = 10.0.0.0/29 +# User name used to authenticate to an instance. (string value) +#image_ssh_user = root -# Password used to authenticate to an instance using the alternate -# image. (string value) -#image_alt_ssh_password = password +# Password used to authenticate to an instance. (string value) +#image_ssh_password = password # User name used to authenticate to an instance using the alternate # image. (string value) #image_alt_ssh_user = root -# Valid primary image reference to be used in tests. This is a -# required option (string value) -#image_ref = <None> - -# Valid secondary image reference to be used in tests. This is a -# required option, but if only one image is available duplicate the -# value of image_ref above (string value) -#image_ref_alt = <None> +# Time in seconds between build status checks. (integer value) +build_interval = 1 -# Password used to authenticate to an instance. (string value) -#image_ssh_password = password +# Timeout in seconds to wait for an instance to build. Other services +# that do not define build_timeout will inherit this value. (integer +# value) +build_timeout = 300 -# User name used to authenticate to an instance. (string value) -#image_ssh_user = root +# Should the tests ssh to instances? (boolean value) +#run_ssh = false -# IP version used for SSH connections. (integer value) -#ip_version_for_ssh = 4 +# Auth method used for authenticate to the instance. Valid choices +# are: keypair, configured, adminpass and disabled. Keypair: start the +# servers with a ssh keypair. Configured: use the configured user and +# password. Adminpass: use the injected adminPass. Disabled: avoid +# using ssh when it is an option. (string value) +ssh_auth_method = adminpass -# Network used for SSH connections. (string value) -#network_for_ssh = public +# How to connect to the instance? fixed: using the first ip belongs +# the fixed network floating: creating and using a floating ip. +# (string value) +ssh_connect_method = floating -# Path to a private key file for SSH access to remote hosts (string -# value) -#path_to_private_key = <None> +# User name used to authenticate to an instance. (string value) +#ssh_user = root # Timeout in seconds to wait for ping to succeed. (integer value) #ping_timeout = 120 -# Additional wait time for clean state, when there is no OS-EXT-STS -# extension available (integer value) -#ready_wait = 0 - -# The compute region name to use. If empty, the value of -# identity.region is used instead. If no such region is found in the -# service catalog, the first found one is used. (string value) -#region = +# The packet size for ping packets originating from remote linux hosts +# (integer value) +#ping_size = 56 -# Should the tests ssh to instances? (boolean value) -#run_ssh = false +# The number of ping packets originating from remote linux hosts +# (integer value) +#ping_count = 1 -# Time in seconds before a shelved instance is eligible for removing -# from a host. -1 never offload, 0 offload when shelved. This time -# should be the same as the time of nova.conf, and some tests will run -# for as long as the time. (integer value) -#shelved_offload_time = 0 +# Timeout in seconds to wait for authentication to succeed. (integer +# value) +#ssh_timeout = 300 -# Auth method used for authenticate to the instance. Valid choices -# are: keypair, configured, adminpass. keypair: start the servers with -# an ssh keypair. configured: use the configured user and password. -# adminpass: use the injected adminPass. disabled: avoid using ssh -# when it is an option. (string value) -#ssh_auth_method = keypair +# Additional wait time for clean state, when there is no OS-EXT-STS +# extension available (integer value) +#ready_wait = 0 # Timeout in seconds to wait for output from ssh channel. (integer # value) #ssh_channel_timeout = 60 -# How to connect to the instance? fixed: using the first ip belongs -# the fixed network floating: creating and using a floating ip (string -# value) -#ssh_connect_method = fixed +# Name of the fixed network that is visible to all test tenants. If +# multiple networks are available for a tenant this is the network +# which will be used for creating servers if tempest does not create a +# network or a network is not specified elsewhere. It may be used for +# ssh validation only if floating IPs are disabled. (string value) +#fixed_network_name = <None> -# Timeout in seconds to wait for authentication to succeed. (integer -# value) -#ssh_timeout = 300 +# Network used for SSH connections. Ignored if +# use_floatingip_for_ssh=true or run_ssh=false. (string value) +#network_for_ssh = public -# User name used to authenticate to an instance. (string value) -#ssh_user = root +# IP version used for SSH connections. (integer value) +ip_version_for_ssh = 4 # Does SSH use Floating IPs? (boolean value) #use_floatingip_for_ssh = true -# Expected device name when a volume is attached to an instance -# (string value) -#volume_device_name = vdb - - -[compute-admin] +# Catalog type of the Compute service. (string value) +catalog_type = compute -# -# From tempest.config -# +# The compute region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +region = regionOne -# Domain name for authentication as admin (Keystone V3).The same -# domain applies to user and project (string value) -#domain_name = <None> +# The endpoint type to use for the compute service. (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL +endpoint_type = publicURL -# API key to use when authenticating as admin. (string value) -password = {{ NOVA_SERVICE_PASSWORD }} +# Expected device name when a volume is attached to an instance +# (string value) +volume_device_name = vdb -# Administrative Tenant name to use for Nova API requests. (string -# value) -tenant_name = service +# Time in seconds before a shelved instance is eligible for removing +# from a host. -1 never offload, 0 offload when shelved. This time +# should be the same as the time of nova.conf, and some tests will run +# for as long as the time. (integer value) +#shelved_offload_time = 0 -# Administrative Username to use for Nova API requests. (string value) -username = {{ NOVA_SERVICE_USER }} +# Unallocated floating IP range, which will be used to test the +# floating IP bulk feature for CRUD operation. This block must not +# overlap an existing floating IP pool. (string value) +#floating_ip_range = 10.0.0.0/29 [compute-feature-enabled] @@ -385,87 +353,84 @@ username = {{ NOVA_SERVICE_USER }} # From tempest.config # +# If false, skip disk config tests (boolean value) +disk_config = true + # A list of enabled compute extensions with a special entry all which # indicates every extension is enabled. Each extension should be # specified with alias name. Empty list indicates all extensions are # disabled (list value) #api_extensions = all -# If false, skip all nova v3 tests. (boolean value) -api_v3 = false - -# A list of enabled v3 extensions with a special entry all which -# indicates every extension is enabled. Each extension should be -# specified with alias name. Empty list indicates all extensions are -# disabled (list value) -#api_v3_extensions = all - -# Does the test environment block migration support cinder iSCSI -# volumes (boolean value) -#block_migrate_cinder_iscsi = false - -# Does the test environment use block devices for live migration -# (boolean value) -#block_migration_for_live_migration = false - # Does the test environment support changing the admin password? # (boolean value) -#change_password = false +change_password = false # Does the test environment support obtaining instance serial console # output? (boolean value) -#console_output = true +console_output = true -# If false, skip disk config tests (boolean value) -#disk_config = true +# Does the test environment support resizing? (boolean value) +resize = false -# Enables returning of the instance password by the relevant server -# API calls such as create, rebuild or rescue. (boolean value) -#enable_instance_password = true +# Does the test environment support pausing? (boolean value) +pause = true -# Does the test environment support dynamic network interface -# attachment? (boolean value) -#interface_attach = true +# Does the test environment support shelving/unshelving? (boolean +# value) +shelve = true + +# Does the test environment support suspend/resume? (boolean value) +suspend = true # Does the test environment support live migration available? (boolean # value) -#live_migration = false +live_migration = false -# Does the test environment support pausing? (boolean value) -#pause = true +# Does the test environment use block devices for live migration +# (boolean value) +block_migration_for_live_migration = false + +# Does the test environment block migration support cinder iSCSI +# volumes. Note, libvirt doesn't support this, see +# https://bugs.launchpad.net/nova/+bug/1398999 (boolean value) +block_migrate_cinder_iscsi = false + +# Enable VNC console. This configuration value should be same as +# [nova.vnc]->vnc_enabled in nova.conf (boolean value) +vnc_console = true + +# Enable Spice console. This configuration value should be same as +# [nova.spice]->enabled in nova.conf (boolean value) +spice_console = false # Enable RDP console. This configuration value should be same as # [nova.rdp]->enabled in nova.conf (boolean value) -#rdp_console = false +rdp_console = false # Does the test environment support instance rescue mode? (boolean # value) -#rescue = true +rescue = true -# Does the test environment support resizing? (boolean value) -#resize = false +# Enables returning of the instance password by the relevant server +# API calls such as create, rebuild or rescue. (boolean value) +enable_instance_password = true -# Does the test environment support shelving/unshelving? (boolean -# value) -#shelve = true +# Does the test environment support dynamic network interface +# attachment? (boolean value) +interface_attach = true # Does the test environment support creating snapshot images of # running instances? (boolean value) snapshot = true -# Enable Spice console. This configuration value should be same as -# [nova.spice]->enabled in nova.conf (boolean value) -spice_console = false - -# Does the test environment support suspend/resume? (boolean value) -#suspend = true - -# Enable VNC console. This configuration value should be same as -# [nova.vnc]->vnc_enabled in nova.conf (boolean value) -vnc_console = true +# Does the test environment have the ec2 api running? (boolean value) +ec2_api = false -# If false skip all v2 api tests with xml (boolean value) -#xml_api_v2 = true +# Does Nova preserve preexisting ports from Neutron when deleting an +# instance? This should be set to True if testing Kilo+ Nova. (boolean +# value) +preserve_ports = true [dashboard] @@ -475,10 +440,10 @@ vnc_console = true # # Where the dashboard can be found (string value) -dashboard_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon +dashboard_url = http://{{ CONTROLLER_HOST_ADDRESS }} # Login page for the dashboard (string value) -login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon/auth/login/ +login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/auth/login/ [data_processing] @@ -492,9 +457,20 @@ login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon/auth/login/ # The endpoint type to use for the data processing service. (string # value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL #endpoint_type = publicURL +[data_processing-feature-enabled] + +# +# From tempest.config +# + +# List of enabled data processing plugins (list value) +#plugins = vanilla,hdp + + [database] # @@ -504,12 +480,12 @@ login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon/auth/login/ # Catalog type of the Database service. (string value) #catalog_type = database -# Current database version to use in database tests. (string value) -#db_current_version = v1.0 - # Valid primary flavor to use in database tests. (string value) #db_flavor_ref = 1 +# Current database version to use in database tests. (string value) +#db_current_version = v1.0 + [debug] @@ -517,9 +493,6 @@ login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon/auth/login/ # From tempest.config # -# Enable diagnostic commands (boolean value) -#enable = true - # A regex to determine which requests should be traced. This is a # regex to match the caller for rest client requests to be able to # selectively trace calls out of specific classes and methods. It @@ -541,78 +514,81 @@ login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon/auth/login/ # From tempest.config # -# Admin domain name for authentication (Keystone V3).The same domain -# applies to user and project (string value) -#admin_domain_name = <None> - -# API key to use when authenticating as admin. (string value) -admin_password = {{ KEYSTONE_ADMIN_PASSWORD }} +# Catalog type of the Identity service. (string value) +catalog_type = identity -# Role required to administrate keystone. (string value) -admin_role = admin +# Set to True if using self-signed SSL certificates. (boolean value) +#disable_ssl_certificate_validation = false -# Administrative Tenant name to use for Keystone API requests. (string -# value) -admin_tenant_name = admin +# Specify a CA bundle file to use in verifying a TLS (https) server +# certificate. (string value) +#ca_certificates_file = <None> -# Administrative Username to use for Keystone API requests. (string -# value) -admin_username = admin +# Full URI of the OpenStack Identity API (Keystone), v2 (string value) +uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0/ -# Alternate domain name for authentication (Keystone V3).The same -# domain applies to user and project (string value) -#alt_domain_name = <None> +# Full URI of the OpenStack Identity API (Keystone), v3 (string value) +#uri_v3 = <None> -# API key to use when authenticating as alternate user. (string value) -#alt_password = <None> +# Identity API version to be used for authentication for API tests. +# (string value) +auth_version = v2 -# Alternate user's Tenant name to use for Nova API requests. (string +# The identity region name to use. Also used as the other services' +# region name unless they are set explicitly. If no such region is +# found in the service catalog, the first found one is used. (string # value) -#alt_tenant_name = <None> +region = RegionOne -# Username of alternate user to use for Nova API requests. (string -# value) -#alt_username = <None> +# The endpoint type to use for the identity service. (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL +endpoint_type = publicURL -# Identity API version to be used for authentication for API tests. -# (string value) -auth_version = v2 +# Username to use for Nova API requests. (string value) +username = {{ NOVA_SERVICE_USER }} -# Catalog type of the Identity service. (string value) -catalog_type = identity +# Tenant name to use for Nova API requests. (string value) +tenant_name = service -# Set to True if using self-signed SSL certificates. (boolean value) -#disable_ssl_certificate_validation = false +# Role required to administrate keystone. (string value) +admin_role = admin + +# API key to use when authenticating. (string value) +password = {{ NOVA_SERVICE_PASSWORD }} # Domain name for authentication (Keystone V3).The same domain applies # to user and project (string value) #domain_name = <None> -# The endpoint type to use for the identity service. (string value) -#endpoint_type = publicURL - -# API key to use when authenticating. (string value) -password = {{ NOVA_SERVICE_PASSWORD }} +# Username of alternate user to use for Nova API requests. (string +# value) +#alt_username = <None> -# The identity region name to use. Also used as the other services' -# region name unless they are set explicitly. If no such region is -# found in the service catalog, the first found one is used. (string +# Alternate user's Tenant name to use for Nova API requests. (string # value) -#region = RegionOne +#alt_tenant_name = <None> -# Tenant name to use for Nova API requests. (string value) -tenant_name = service +# API key to use when authenticating as alternate user. (string value) +#alt_password = <None> -# Full URI of the OpenStack Identity API (Keystone), v2 (string value) -uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0/ +# Alternate domain name for authentication (Keystone V3).The same +# domain applies to user and project (string value) +#alt_domain_name = <None> -# Full URI of the OpenStack Identity API (Keystone), v3 (string value) -# -# Tempest complains if we don't set any uri_v3, even if it's disabled. -uri_v3 = <None> +# Administrative Username to use for Keystone API requests. (string +# value) +admin_username = admin -# Username to use for Nova API requests. (string value) -username = {{ NOVA_SERVICE_USER }} +# Administrative Tenant name to use for Keystone API requests. (string +# value) +admin_tenant_name = admin + +# API key to use when authenticating as admin. (string value) +admin_password = {{ KEYSTONE_ADMIN_PASSWORD }} + +# Admin domain name for authentication (Keystone V3).The same domain +# applies to user and project (string value) +#admin_domain_name = <None> [identity-feature-enabled] @@ -621,16 +597,16 @@ username = {{ NOVA_SERVICE_USER }} # From tempest.config # +# Does the identity service have delegation and impersonation enabled +# (boolean value) +trust = false + # Is the v2 identity API enabled (boolean value) api_v2 = true # Is the v3 identity API enabled (boolean value) api_v3 = false -# Does the identity service have delegation and impersonation enabled -# (boolean value) -#trust = true - [image] @@ -641,16 +617,25 @@ api_v3 = false # Catalog type of the Image service. (string value) catalog_type = image +# The image region name to use. If empty, the value of identity.region +# is used instead. If no such region is found in the service catalog, +# the first found one is used. (string value) +region = regionOne + # The endpoint type to use for the image service. (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL endpoint_type = publicURL # http accessible image (string value) http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.gz -# The image region name to use. If empty, the value of identity.region -# is used instead. If no such region is found in the service catalog, -# the first found one is used. (string value) -#region = +# Timeout in seconds to wait for an image to become available. +# (integer value) +build_timeout = 300 + +# Time in seconds between image operation status checks. (integer +# value) +build_interval = 1 [image-feature-enabled] @@ -659,12 +644,12 @@ http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar. # From tempest.config # -# Is the v1 image API enabled (boolean value) -#api_v1 = true - # Is the v2 image API enabled (boolean value) api_v2 = true +# Is the v1 image API enabled (boolean value) +api_v1 = true + [input-scenario] @@ -672,18 +657,18 @@ api_v2 = true # From tempest.config # -# Matching flavors become parameters for scenario tests (string value) -#flavor_regex = ^m1.nano$ - # Matching images become parameters for scenario tests (string value) -#image_regex = ^cirros-0.3.1-x86_64-uec$ +image_regex = ^cirros-0.3.1-x86_64-uec$ + +# Matching flavors become parameters for scenario tests (string value) +flavor_regex = ^m1.nano$ # SSH verification in tests is skippedfor matching images (string # value) #non_ssh_image_regex = ^.*[Ww]in.*$ # List of user mapped to regex to matching image names. (string value) -#ssh_user_regex = [["^.*[Cc]irros.*$", "root"]] +#ssh_user_regex = [["^.*[Cc]irros.*$", "cirros"]] [messaging] @@ -693,33 +678,33 @@ api_v2 = true # # Catalog type of the Messaging service. (string value) -#catalog_type = messaging +catalog_type = messaging -# The maximum grace period for a claim (integer value) -#max_claim_grace = 43200 +# The maximum number of queue records per page when listing queues +# (integer value) +max_queues_per_page = 20 -# The maximum ttl for a claim (integer value) -#max_claim_ttl = 43200 +# The maximum metadata size for a queue (integer value) +max_queue_metadata = 65536 -# The maximum size of a message body (integer value) -#max_message_size = 262144 +# The maximum number of queue message per page when listing (or) +# posting messages (integer value) +max_messages_per_page = 20 -# The maximum ttl for a message (integer value) -#max_message_ttl = 1209600 +# The maximum size of a message body (integer value) +max_message_size = 262144 # The maximum number of messages per claim (integer value) -#max_messages_per_claim = 20 +max_messages_per_claim = 20 -# The maximum number of queue message per page when listing (or) -# posting messages (integer value) -#max_messages_per_page = 20 +# The maximum ttl for a message (integer value) +max_message_ttl = 1209600 -# The maximum metadata size for a queue (integer value) -#max_queue_metadata = 65536 +# The maximum ttl for a claim (integer value) +max_claim_ttl = 43200 -# The maximum number of queue records per page when listing queues -# (integer value) -#max_queues_per_page = 20 +# The maximum grace period for a claim (integer value) +max_claim_grace = 43200 [negative] @@ -729,7 +714,7 @@ api_v2 = true # # Test generator class for all negative tests (string value) -#test_generator = tempest.common.generator.negative_generator.NegativeTestGenerator +test_generator = tempest.common.generator.negative_generator.NegativeTestGenerator [network] @@ -738,42 +723,23 @@ api_v2 = true # From tempest.config # -# Time in seconds between network operation status checks. (integer -# value) -#build_interval = 1 - -# Timeout in seconds to wait for network operation to complete. -# (integer value) -#build_timeout = 300 - # Catalog type of the Neutron service. (string value) -#catalog_type = network - -# List of dns servers whichs hould be used for subnet creation (list -# value) -#dns_servers = 8.8.8.8,8.8.4.4 - -# The endpoint type to use for the network service. (string value) -#endpoint_type = publicURL - -# Id of the public network that provides external connectivity (string -# value) -#public_network_id = - -# Id of the public router that provides external connectivity (string -# value) -#public_router_id = +catalog_type = network # The network region name to use. If empty, the value of # identity.region is used instead. If no such region is found in the # service catalog, the first found one is used. (string value) -#region = +region = regionOne + +# The endpoint type to use for the network service. (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL +endpoint_type = publicURL # The cidr block to allocate tenant ipv4 subnets from (string value) -#tenant_network_cidr = 10.100.0.0/16 +tenant_network_cidr = 192.168.1.0/24 # The mask bits for tenant ipv4 subnets (integer value) -#tenant_network_mask_bits = 28 +tenant_network_mask_bits = 28 # The cidr block to allocate tenant ipv6 subnets from (string value) #tenant_network_v6_cidr = 2003::/48 @@ -781,10 +747,42 @@ api_v2 = true # The mask bits for tenant ipv6 subnets (integer value) #tenant_network_v6_mask_bits = 64 -# Whether tenant network connectivity should be evaluated directly -# (boolean value) +# Whether tenant networks can be reached directly from the test +# client. This must be set to True when the 'fixed' ssh_connect_method +# is selected. (boolean value) #tenant_networks_reachable = false +# Id of the public network that provides external connectivity (string +# value) +#public_network_id = + +# Default floating network name. Used to allocate floating IPs when +# neutron is enabled. (string value) +#floating_network_name = <None> + +# Id of the public router that provides external connectivity. This +# should only be used when Neutron's 'allow_overlapping_ips' is set to +# 'False' in neutron.conf. usually not needed past 'Grizzly' release +# (string value) +#public_router_id = + +# Timeout in seconds to wait for network operation to complete. +# (integer value) +build_timeout = 300 + +# Time in seconds between network operation status checks. (integer +# value) +build_interval = 1 + +# List of dns servers which should be used for subnet creation (list +# value) +dns_servers = 8.8.8.8,8.8.4.4 + +# vnic_type to use when Launching instances with pre-configured ports. +# Supported ports are: ['normal','direct','macvtap'] (string value) +# Allowed values: <None>, normal, direct, macvtap +#port_vnic_type = <None> + [network-feature-enabled] @@ -792,18 +790,22 @@ api_v2 = true # From tempest.config # +# Allow the execution of IPv6 tests (boolean value) +ipv6 = false + # A list of enabled network extensions with a special entry all which # indicates every extension is enabled. Empty list indicates all # extensions are disabled (list value) -#api_extensions = all - -# Allow the execution of IPv6 tests (boolean value) -#ipv6 = true +api_extensions = router # Allow the execution of IPv6 subnet tests that use the extended IPv6 # attributes ipv6_ra_mode and ipv6_address_mode (boolean value) #ipv6_subnet_attributes = false +# Does the test environment support changing port admin state (boolean +# value) +#port_admin_state_change = true + [object-storage] @@ -814,30 +816,41 @@ api_v2 = true # Catalog type of the Object-Storage service. (string value) #catalog_type = object-store -# Number of seconds to wait while looping to check the status of a -# container to container synchronization (integer value) -#container_sync_interval = 5 - -# Number of seconds to time on waiting for a container to container -# synchronization complete. (integer value) -#container_sync_timeout = 120 +# The object-storage region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = # The endpoint type to use for the object-store service. (string # value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL #endpoint_type = publicURL +# Number of seconds to time on waiting for a container to container +# synchronization complete. (integer value) +#container_sync_timeout = 600 + +# Number of seconds to wait while looping to check the status of a +# container to container synchronization (integer value) +#container_sync_interval = 5 + # Role to add to users created for swift tests to enable creating # containers (string value) #operator_role = Member -# The object-storage region name to use. If empty, the value of -# identity.region is used instead. If no such region is found in the -# service catalog, the first found one is used. (string value) -#region = - # User role that has reseller admin (string value) #reseller_admin_role = ResellerAdmin +# Name of sync realm. A sync realm is a set of clusters that have +# agreed to allow container syncing with each other. Set the same +# realm name as Swift's container-sync-realms.conf (string value) +#realm_name = realm1 + +# One name of cluster which is set in the realm whose name is set in +# 'realm_name' item in this file. Set the same cluster name as Swift's +# container-sync-realms.conf (string value) +#cluster_name = name1 + [object-storage-feature-enabled] @@ -845,20 +858,20 @@ api_v2 = true # From tempest.config # -# Execute (old style) container-sync tests (boolean value) -#container_sync = true - -# Execute discoverability tests (boolean value) -#discoverability = true - # A list of the enabled optional discoverable apis. A single entry, # all, indicates that all of these features are expected to be enabled # (list value) #discoverable_apis = all +# Execute (old style) container-sync tests (boolean value) +#container_sync = true + # Execute object-versioning tests (boolean value) #object_versioning = true +# Execute discoverability tests (boolean value) +#discoverability = true + [orchestration] @@ -866,22 +879,27 @@ api_v2 = true # From tempest.config # -# Time in seconds between build status checks. (integer value) -#build_interval = 1 - -# Timeout in seconds to wait for a stack to build. (integer value) -#build_timeout = 1200 - # Catalog type of the Orchestration service. (string value) #catalog_type = orchestration +# The orchestration region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = + # The endpoint type to use for the orchestration service. (string # value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL #endpoint_type = publicURL -# Name of heat-cfntools enabled image to use when launching test -# instances. (string value) -#image_ref = <None> +# Role required for users to be able to manage stacks (string value) +#stack_owner_role = heat_stack_owner + +# Time in seconds between build status checks. (integer value) +#build_interval = 1 + +# Timeout in seconds to wait for a stack to build. (integer value) +#build_timeout = 1200 # Instance type for tests. Needs to be big enough for a full OS plus # the test workload (string value) @@ -892,16 +910,29 @@ api_v2 = true # Value must match heat configuration of the same name. (integer # value) -#max_resources_per_stack = 1000 +#max_template_size = 524288 # Value must match heat configuration of the same name. (integer # value) -#max_template_size = 524288 +#max_resources_per_stack = 1000 -# The orchestration region name to use. If empty, the value of -# identity.region is used instead. If no such region is found in the -# service catalog, the first found one is used. (string value) -#region = + +[oslo_concurrency] + +# +# From oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +# Deprecated group/name - [DEFAULT]/disable_process_locking +disable_process_locking = false + +# Directory to use for lock files. For security, the specified +# directory should only be writable by the user running the processes +# that need locking. Defaults to environment variable OSLO_LOCK_PATH. +# If external locks are used, a lock path must be set. (string value) +# Deprecated group/name - [DEFAULT]/lock_path +lock_path = /run/lock [scenario] @@ -910,34 +941,40 @@ api_v2 = true # From tempest.config # -# AKI image file name (string value) -#aki_img_file = cirros-0.3.1-x86_64-vmlinuz +# Directory containing image files (string value) +#img_dir = /opt/stack/new/devstack/files/images/cirros-0.3.1-x86_64-uec -# AMI image file name (string value) -#ami_img_file = cirros-0.3.1-x86_64-blank.img +# Image file name (string value) +# Deprecated group/name - [DEFAULT]/qcow2_img_file +#img_file = cirros-0.3.1-x86_64-disk.img -# ARI image file name (string value) -#ari_img_file = cirros-0.3.1-x86_64-initrd +# Image disk format (string value) +#img_disk_format = qcow2 # Image container format (string value) #img_container_format = bare -# Directory containing image files (string value) -#img_dir = /opt/stack/new/devstack/files/images/cirros-0.3.1-x86_64-uec +# AMI image file name (string value) +#ami_img_file = cirros-0.3.1-x86_64-blank.img -# Image disk format (string value) -#img_disk_format = qcow2 +# ARI image file name (string value) +#ari_img_file = cirros-0.3.1-x86_64-initrd -# Image file name (string value) -# Deprecated group/name - [DEFAULT]/qcow2_img_file -#img_file = cirros-0.3.1-x86_64-disk.img +# AKI image file name (string value) +#aki_img_file = cirros-0.3.1-x86_64-vmlinuz + +# ssh username for the image file (string value) +#ssh_user = cirros # specifies how many resources to request at once. Used for large # operations testing. (integer value) #large_ops_number = 0 -# ssh username for the image file (string value) -#ssh_user = cirros +# DHCP client used by images to renew DCHP lease. If left empty, +# update operation will be skipped. Supported clients: "udhcpc", +# "dhclient" (string value) +# Allowed values: udhcpc, dhclient +#dhcp_client = udhcpc [service_available] @@ -946,36 +983,36 @@ api_v2 = true # From tempest.config # -# Whether or not Ceilometer is expected to be available (boolean -# value) -ceilometer = false - # Whether or not cinder is expected to be available (boolean value) cinder = true +# Whether or not neutron is expected to be available (boolean value) +neutron = true + # Whether or not glance is expected to be available (boolean value) glance = true +# Whether or not swift is expected to be available (boolean value) +swift = false + +# Whether or not nova is expected to be available (boolean value) +nova = true + # Whether or not Heat is expected to be available (boolean value) heat = false +# Whether or not Ceilometer is expected to be available (boolean +# value) +ceilometer = true + # Whether or not Horizon is expected to be available (boolean value) horizon = true -# Whether or not Ironic is expected to be available (boolean value) -ironic = false - -# Whether or not neutron is expected to be available (boolean value) -neutron = true - -# Whether or not nova is expected to be available (boolean value) -nova = true - # Whether or not Sahara is expected to be available (boolean value) sahara = false -# Whether or not swift is expected to be available (boolean value) -swift = false +# Whether or not Ironic is expected to be available (boolean value) +ironic = false # Whether or not Trove is expected to be available (boolean value) trove = false @@ -990,40 +1027,40 @@ zaqar = false # From tempest.config # -# Controller host. (string value) -#controller = <None> - -# The number of threads created while stress test. (integer value) -#default_thread_number_per_action = 4 - -# Allows a full cleaning process after a stress test. Caution : this -# cleanup will remove every objects of every tenant. (boolean value) -#full_clean_stack = false - -# Prevent the cleaning (tearDownClass()) between each stress test run -# if an exception occurs during this run. (boolean value) -#leave_dirty_stack = false - -# time (in seconds) between log file error checks. (integer value) -#log_check_interval = 60 +# Directory containing log files on the compute nodes (string value) +#nova_logdir = <None> # Maximum number of instances to create during test. (integer value) #max_instances = 16 -# Directory containing log files on the compute nodes (string value) -#nova_logdir = <None> +# Controller host. (string value) +#controller = <None> # Controller host. (string value) #target_controller = <None> -# regexp for list of log files. (string value) -#target_logfiles = <None> +# ssh user. (string value) +#target_ssh_user = <None> # Path to private key. (string value) #target_private_key_path = <None> -# ssh user. (string value) -#target_ssh_user = <None> +# regexp for list of log files. (string value) +#target_logfiles = <None> + +# time (in seconds) between log file error checks. (integer value) +#log_check_interval = 60 + +# The number of threads created while stress test. (integer value) +#default_thread_number_per_action = 4 + +# Prevent the cleaning (tearDownClass()) between each stress test run +# if an exception occurs during this run. (boolean value) +#leave_dirty_stack = false + +# Allows a full cleaning process after a stress test. Caution : this +# cleanup will remove every objects of every tenant. (boolean value) +#full_clean_stack = false [telemetry] @@ -1033,29 +1070,54 @@ zaqar = false # # Catalog type of the Telemetry service. (string value) -#catalog_type = metering +catalog_type = metering # The endpoint type to use for the telemetry service. (string value) -#endpoint_type = publicURL +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL +endpoint_type = publicURL # This variable is used as flag to enable notification tests (boolean # value) -#too_slow_to_test = true +too_slow_to_test = true -[volume] +[validation] # # From tempest.config # -# Name of the backend1 (must be declared in cinder.conf) (string -# value) -backend1_name = LVM_iSCSI +# Default IP type used for validation: -fixed: uses the first IP +# belonging to the fixed network -floating: creates and uses a +# floating IP (string value) +# Allowed values: fixed, floating +connect_method = floating -# Name of the backend2 (must be declared in cinder.conf) (string -# value) -#backend2_name = BACKEND_2 +# Default authentication method to the instance. Only ssh via keypair +# is supported for now. Additional methods will be handled in a +# separate spec. (string value) +# Allowed values: keypair +auth_method = keypair + +# Default IP version for ssh connections. (integer value) +ip_version_for_ssh = 4 + +# Timeout in seconds to wait for ping to succeed. (integer value) +ping_timeout = 120 + +# Timeout in seconds to wait for the TCP connection to be successful. +# (integer value) +connect_timeout = 60 + +# Timeout in seconds to wait for the ssh banner. (integer value) +ssh_timeout = 300 + + +[volume] + +# +# From tempest.config +# # Time in seconds between volume availability checks. (integer value) #build_interval = 1 @@ -1067,16 +1129,22 @@ backend1_name = LVM_iSCSI # Catalog type of the Volume Service (string value) catalog_type = volume -# Disk format to use when copying a volume to image (string value) -disk_format = raw +# The volume region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +region = regionOne # The endpoint type to use for the volume service. (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL endpoint_type = publicURL -# The volume region name to use. If empty, the value of -# identity.region is used instead. If no such region is found in the -# service catalog, the first found one is used. (string value) -#region = +# Name of the backend1 (must be declared in cinder.conf) (string +# value) +backend1_name = LVM_iSCSI + +# Name of the backend2 (must be declared in cinder.conf) (string +# value) +#backend2_name = BACKEND_2 # Backend protocol to target when creating volume types (string value) storage_protocol = iSCSI @@ -1084,6 +1152,9 @@ storage_protocol = iSCSI # Backend vendor to target when creating volume types (string value) #vendor_name = Open Source +# Disk format to use when copying a volume to image (string value) +disk_format = raw + # Default size in GB for volumes created by volumes tests (integer # value) volume_size = 1 @@ -1095,10 +1166,19 @@ volume_size = 1 # From tempest.config # +# Runs Cinder multi-backend test (requires 2 backends) (boolean value) +multi_backend = false + +# Runs Cinder volumes backup test (boolean value) +backup = false + +# Runs Cinder volume snapshot test (boolean value) +snapshot = true + # A list of enabled volume extensions with a special entry all which # indicates every extension is enabled. Empty list indicates all # extensions are disabled (list value) -#api_extensions = all +api_extensions = all # Is the v1 volume API enabled (boolean value) api_v1 = true @@ -1106,11 +1186,3 @@ api_v1 = true # Is the v2 volume API enabled (boolean value) api_v2 = true -# Runs Cinder volumes backup test (boolean value) -backup = true - -# Runs Cinder multi-backend test (requires 2 backends) (boolean value) -multi_backend = false - -# Runs Cinder volume snapshot test (boolean value) -snapshot = true diff --git a/install-files/openstack/manifest b/install-files/openstack/manifest index aa4d5430..3d9ea2dd 100644 --- a/install-files/openstack/manifest +++ b/install-files/openstack/manifest @@ -1,8 +1,9 @@ +0040755 0 0 /etc/neutron +0100644 0 0 /etc/neutron/dnsmasq-neutron.conf 0040755 0 0 /etc/horizon 0100644 0 0 /etc/horizon/apache-horizon.conf -0040755 0 0 /etc/horizon/openstack_dashboard -0100644 0 0 /etc/horizon/openstack_dashboard/local_settings.py template 0100644 0 0 /etc/tempest/tempest.conf +0100755 0 0 /etc/tempest/set_openstack_to_run_tempest.sh 0040755 0 0 /usr/share/openstack 0100644 0 0 /usr/share/openstack/hosts 0040755 0 0 /usr/share/openstack/ceilometer @@ -14,111 +15,37 @@ template 0100644 0 0 /etc/tempest/tempest.conf 0100644 0 0 /usr/share/openstack/cinder-db.yml 0100644 0 0 /usr/share/openstack/cinder-lvs.yml 0100644 0 0 /usr/share/openstack/cinder/cinder.conf -0100644 0 0 /usr/share/openstack/cinder/api-paste.ini -0100644 0 0 /usr/share/openstack/cinder/policy.json 0040755 0 0 /usr/share/openstack/extras 0100644 0 0 /usr/share/openstack/extras/00-disable-device.network 0100644 0 0 /usr/share/openstack/extras/60-device-dhcp.network 0100644 0 0 /usr/share/openstack/glance.yml 0040755 0 0 /usr/share/openstack/glance -0100644 0 0 /usr/share/openstack/glance/logging.conf 0100644 0 0 /usr/share/openstack/glance/glance-api.conf 0100644 0 0 /usr/share/openstack/glance/glance-registry.conf -0100644 0 0 /usr/share/openstack/glance/glance-scrubber.conf -0100644 0 0 /usr/share/openstack/glance/glance-cache.conf -0100644 0 0 /usr/share/openstack/glance/schema-image.json -0100644 0 0 /usr/share/openstack/glance/policy.json -0100644 0 0 /usr/share/openstack/glance/glance-api-paste.ini -0100644 0 0 /usr/share/openstack/glance/glance-registry-paste.ini 0100644 0 0 /usr/share/openstack/horizon.yml 0040755 0 0 /usr/share/openstack/ironic 0100644 0 0 /usr/share/openstack/ironic.yml 0100644 0 0 /usr/share/openstack/ironic/ironic.conf -0100644 0 0 /usr/share/openstack/ironic/policy.json 0100644 0 0 /usr/share/openstack/iscsi.yml 0100644 0 0 /usr/share/openstack/keystone.yml 0040755 0 0 /usr/share/openstack/keystone -0100644 0 0 /usr/share/openstack/keystone/logging.conf 0100644 0 0 /usr/share/openstack/keystone/keystone.conf -0100644 0 0 /usr/share/openstack/keystone/policy.json -0100644 0 0 /usr/share/openstack/keystone/keystone-paste.ini 0100644 0 0 /usr/share/openstack/network.yml 0040755 0 0 /usr/share/openstack/neutron 0100644 0 0 /usr/share/openstack/neutron-config.yml 0100644 0 0 /usr/share/openstack/neutron-db.yml -0100644 0 0 /usr/share/openstack/neutron/neutron.conf -0100644 0 0 /usr/share/openstack/neutron/api-paste.ini -0100644 0 0 /usr/share/openstack/neutron/policy.json -0100644 0 0 /usr/share/openstack/neutron/l3_agent.ini 0100644 0 0 /usr/share/openstack/neutron/dhcp_agent.ini -0100644 0 0 /usr/share/openstack/neutron/lbaas_agent.ini +0100644 0 0 /usr/share/openstack/neutron/l3_agent.ini +0100644 0 0 /usr/share/openstack/neutron/neutron.conf 0100644 0 0 /usr/share/openstack/neutron/metadata_agent.ini -0100644 0 0 /usr/share/openstack/neutron/fwaas_driver.ini -0100644 0 0 /usr/share/openstack/neutron/metering_agent.ini -0100644 0 0 /usr/share/openstack/neutron/vpn_agent.ini 0040755 0 0 /usr/share/openstack/neutron/plugins/ -0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch -0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl -0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs -0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs -0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README -0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README -0040755 0 0 /usr/share/openstack/neutron/plugins/brocade -0100644 0 0 /usr/share/openstack/neutron/plugins/brocade/brocade.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/cisco -0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/embrane -0100644 0 0 /usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/hyperv -0100644 0 0 /usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/ibm -0100644 0 0 /usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/linuxbridge -0100644 0 0 /usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/metaplugin -0100644 0 0 /usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/midonet -0100644 0 0 /usr/share/openstack/neutron/plugins/midonet/midonet.ini 0040755 0 0 /usr/share/openstack/neutron/plugins/ml2 0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/mlnx -0100644 0 0 /usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/nec -0100644 0 0 /usr/share/openstack/neutron/plugins/nec/nec.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/nuage -0100644 0 0 /usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/oneconvergence -0100644 0 0 /usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/opencontrail -0100644 0 0 /usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/openvswitch -0100644 0 0 /usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/plumgrid -0100644 0 0 /usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/vmware -0100644 0 0 /usr/share/openstack/neutron/plugins/vmware/nsx.ini 0040755 0 0 /usr/share/openstack/nova 0100644 0 0 /usr/share/openstack/nova-config.yml 0100644 0 0 /usr/share/openstack/nova-db.yml -0100644 0 0 /usr/share/openstack/nova/logging.conf 0100644 0 0 /usr/share/openstack/nova/nova.conf 0100644 0 0 /usr/share/openstack/nova/nova-compute.conf -0100644 0 0 /usr/share/openstack/nova/policy.json -0100644 0 0 /usr/share/openstack/nova/cells.json -0100644 0 0 /usr/share/openstack/nova/api-paste.ini 0100644 0 0 /usr/share/openstack/openvswitch.yml 0040755 0 0 /usr/share/openstack/postgres 0100644 0 0 /usr/share/openstack/postgres.yml diff --git a/install-files/openstack/usr/lib/systemd/system/openstack-cinder-volume.service b/install-files/openstack/usr/lib/systemd/system/openstack-cinder-volume.service index c56ee693..a5b7fe85 100644 --- a/install-files/openstack/usr/lib/systemd/system/openstack-cinder-volume.service +++ b/install-files/openstack/usr/lib/systemd/system/openstack-cinder-volume.service @@ -2,6 +2,7 @@ Description=OpenStack Cinder volume server ConditionPathExists=/etc/cinder/cinder.conf After=network-online.target openstack-cinder-config-setup.service openstack-cinder-db-setup.service openstack-cinder-lv-setup.service lvm2-lvmetad.service iscsid.service target.service +Requisite=openstack-cinder-lv-setup.service Wants=network-online.target [Service] diff --git a/install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service b/install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service index 76efea5c..72cd1651 100644 --- a/install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service +++ b/install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service @@ -11,8 +11,7 @@ StandardOutput=null StandardError=null ExecStart=/usr/bin/neutron-l3-agent \ --config-file=/etc/neutron/neutron.conf \ - --config-file=/etc/neutron/l3_agent.ini \ - --config-file=/etc/neutron/fwaas_driver.ini + --config-file=/etc/neutron/l3_agent.ini [Install] WantedBy=multi-user.target diff --git a/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf b/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf index b572d40f..b1ad2f47 100644 --- a/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf +++ b/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf @@ -1,1023 +1,1330 @@ [DEFAULT] - -# -# Options defined in ceilometer.middleware -# - -# Exchanges name to listen for notifications. (multi valued) -#http_control_exchanges=nova -#http_control_exchanges=glance -#http_control_exchanges=neutron -#http_control_exchanges=cinder - - -# -# Options defined in ceilometer.pipeline -# - -# Configuration file for pipeline definition. (string value) -#pipeline_cfg_file=pipeline.yaml - - -# -# Options defined in ceilometer.sample -# - -# Source for samples emitted on this instance. (string value) -# Deprecated group/name - [DEFAULT]/counter_source -#sample_source=openstack - - -# -# Options defined in ceilometer.service -# - -# Name of this node, which must be valid in an AMQP key. Can -# be an opaque identifier. For ZeroMQ only, must be a valid -# host name, FQDN, or IP address. (string value) -#host=ceilometer - -# Dispatcher to process data. (multi valued) -#dispatcher=database - -# Number of workers for collector service. A single -# collector is enabled by default. (integer value) -#collector_workers=1 - -# Number of workers for notification service. A single -# notification agent is enabled by default. (integer value) -#notification_workers=1 - - -# -# Options defined in ceilometer.api.app -# - -# The strategy to use for auth: noauth or keystone. (string -# value) -auth_strategy=keystone - -# Deploy the deprecated v1 API. (boolean value) -#enable_v1_api=true - - + # -# Options defined in ceilometer.compute.notifications +# From ceilometer # - + +auth_strategy = keystone + +# To reduce large requests at same time to Nova or other components +# from different compute agents, shuffle start time of polling task. +# (integer value) +#shuffle_time_before_polling_task = 0 + +# Configuration file for WSGI definition of API. (string value) +api_paste_config = api_paste.ini + +# Number of workers for Ceilometer API server. (integer value) +#api_workers = 1 + +# Polling namespace(s) to be used while resource polling (unknown +# type) +#polling_namespaces = ['compute', 'central'] + +# List of pollsters (or wildcard templates) to be used while polling +# (unknown type) +#pollster_list = [] + # Exchange name for Nova notifications. (string value) -#nova_control_exchange=nova - - -# -# Options defined in ceilometer.compute.util -# - -# List of metadata prefixes reserved for metering use. (list -# value) -#reserved_metadata_namespace=metering. - +nova_control_exchange = nova + +# List of metadata prefixes reserved for metering use. (list value) +reserved_metadata_namespace = metering. + # Limit on length of reserved metadata values. (integer value) -#reserved_metadata_length=256 - - -# -# Options defined in ceilometer.compute.virt.inspector -# - -# Inspector to use for inspecting the hypervisor layer. -# (string value) -#hypervisor_inspector=libvirt - - -# -# Options defined in ceilometer.compute.virt.libvirt.inspector -# - -# Libvirt domain type (valid options are: kvm, lxc, qemu, uml, -# xen). (string value) -#libvirt_type=kvm - +#reserved_metadata_length = 256 + +# List of metadata keys reserved for metering use. And these keys are +# additional to the ones included in the namespace. (list value) +#reserved_metadata_keys = + +# Inspector to use for inspecting the hypervisor layer. (string value) +hypervisor_inspector = libvirt + +# Libvirt domain type. (string value) +# Allowed values: kvm, lxc, qemu, uml, xen +libvirt_type = {{ NOVA_VIRT_TYPE }} + # Override the default libvirt URI (which is dependent on # libvirt_type). (string value) -#libvirt_uri= - - -# -# Options defined in ceilometer.image.notifications -# - +#libvirt_uri = + +# Exchange name for Data Processing notifications. (string value) +#sahara_control_exchange = sahara + +# Dispatcher to process data. (multi valued) +# Deprecated group/name - [collector]/dispatcher +#dispatcher = database + +# Exchange name for Keystone notifications. (string value) +keystone_control_exchange = keystone + +# Number of items to request in each paginated Glance API request +# (parameter used by glancecelient). If this is less than or equal to +# 0, page size is not specified (default value in glanceclient is +# used). (integer value) +#glance_page_size = 0 + # Exchange name for Glance notifications. (string value) -#glance_control_exchange=glance - - -# -# Options defined in ceilometer.network.notifications -# - +glance_control_exchange = glance + +# Exchange name for Ironic notifications. (string value) +ironic_exchange = ironic + +# Exchanges name to listen for notifications. (multi valued) +#http_control_exchanges = nova +#http_control_exchanges = glance +#http_control_exchanges = neutron +#http_control_exchanges = cinder + # Exchange name for Neutron notifications. (string value) # Deprecated group/name - [DEFAULT]/quantum_control_exchange -#neutron_control_exchange=neutron - - -# -# Options defined in ceilometer.objectstore.swift -# - -# Swift reseller prefix. Must be on par with reseller_prefix -# in proxy-server.conf. (string value) -#reseller_prefix=AUTH_ - - -# -# Options defined in ceilometer.openstack.common.db.sqlalchemy.session -# - -# The file name to use with SQLite (string value) -#sqlite_db=ceilometer.sqlite - -# If True, SQLite uses synchronous mode (boolean value) -#sqlite_synchronous=true - - -# -# Options defined in ceilometer.openstack.common.eventlet_backdoor -# - -# Enable eventlet backdoor. Acceptable values are 0, <port>, -# and <start>:<end>, where 0 results in listening on a random -# tcp port number; <port> results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port=<None> - - -# -# Options defined in ceilometer.openstack.common.lockutils -# - -# Whether to disable inter-process locks. (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. (string value) -#lock_path=<None> - - -# -# Options defined in ceilometer.openstack.common.log -# - -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error (boolean value) -#use_stderr=true - -# Format string to use for log messages with context (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format +neutron_control_exchange = neutron + +# Allow novaclient's debug log output. (boolean value) +#nova_http_log_debug = false + +# Swift reseller prefix. Must be on par with reseller_prefix in proxy- +# server.conf. (string value) +#reseller_prefix = AUTH_ + +# Enable eventlet backdoor. Acceptable values are 0, <port>, and +# <start>:<end>, where 0 results in listening on a random tcp port +# number; <port> results in listening on the specified port number +# (and not enabling backdoor if that port is in use); and +# <start>:<end> results in listening on the smallest unused port +# number within the specified range of port numbers. The chosen port +# is displayed in the service's log file. (string value) +#backdoor_port = <None> + +# Print debugging output (set logging level to DEBUG instead of +# default WARNING level). (boolean value) +#debug = false + +# Print more verbose output (set logging level to INFO instead of +# default WARNING level). (boolean value) +#verbose = false + +# Log output to standard error. (boolean value) +#use_stderr = true + +# The name of a logging configuration file. This file is appended to +# any existing logging configuration files. For details about logging +# configuration files, see the Python logging module documentation. # (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN - -# Publish error events (boolean value) -#publish_errors=false - -# Make deprecations fatal (boolean value) -#fatal_deprecations=false - -# If an instance is passed with the log message, format it -# like this (string value) -#instance_format="[instance: %(uuid)s] " - -# If an instance UUID is passed with the log message, format -# it like this (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of logging configuration file. It does not disable -# existing loggers, but just appends specified logging -# configuration to any other existing logging options. Please -# see the Python logging module documentation for details on -# logging configuration files. (string value) # Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> - -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and +#log_config_append = <None> + +# DEPRECATED. A logging.Formatter log message format string which may +# use any of the available logging.LogRecord attributes. This option +# is deprecated. Please use logging_context_format_string and # logging_default_format_string instead. (string value) -#log_format=<None> - -# Format string for %%(asctime)s in log records. Default: -# %(default)s (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) +#log_format = <None> + +# Format string for %%(asctime)s in log records. Default: %(default)s +# . (string value) +#log_date_format = %Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to output to. If no default is set, +# logging will go to stdout. (string value) # Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> - -# (Optional) The base directory used for relative --log-file -# paths (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> - -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and then will be changed in J to honor RFC5424 -# (boolean value) -use_syslog=true - -# (Optional) Use syslog rfc5424 format for logging. If -# enabled, will add APP-NAME (RFC5424) before the MSG part of -# the syslog message. The old format without APP-NAME is -# deprecated in I, and will be removed in J. (boolean value) -#use_syslog_rfc_format=false - -# Syslog facility to receive log lines (string value) -#syslog_log_facility=LOG_USER - - -# -# Options defined in ceilometer.openstack.common.middleware.sizelimit -# - -# The maximum body size per request, in bytes (integer value) -# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size -#max_request_body_size=114688 - - -# -# Options defined in ceilometer.openstack.common.notifier.api -# - -# Driver or drivers to handle sending notifications (multi -# valued) -#notification_driver= - -# Default notification level for outgoing notifications +#log_file = <None> + +# (Optional) The base directory used for relative --log-file paths. # (string value) -#default_notification_level=INFO - -# Default publisher_id for outgoing notifications (string -# value) -#default_publisher_id=<None> - - -# -# Options defined in ceilometer.openstack.common.notifier.rpc_notifier -# - -# AMQP topic used for OpenStack notifications (list value) -#notification_topics=notifications - - -# -# Options defined in ceilometer.openstack.common.policy -# - -# JSON file containing policy (string value) -#policy_file=policy.json - -# Rule enforced when requested rule is not found (string +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = <None> + +# Use syslog for logging. Existing syslog format is DEPRECATED during +# I, and will change in J to honor RFC5424. (boolean value) +use_syslog = True + +# (Optional) Enables or disables syslog rfc5424 format for logging. If +# enabled, prefixes the MSG part of the syslog message with APP-NAME +# (RFC5424). The format without the APP-NAME is deprecated in I, and +# will be removed in J. (boolean value) +#use_syslog_rfc_format = false + +# Syslog facility to receive log lines. (string value) +#syslog_log_facility = LOG_USER + +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Format string to use for log messages without context. (string # value) -#policy_default_rule=default - - -# -# Options defined in ceilometer.openstack.common.rpc -# - -# The messaging module to use, defaults to kombu. (string +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + +# Prefix each line of exception output with this format. (string # value) -rpc_backend=rabbit - -# Size of RPC thread pool (integer value) -#rpc_thread_pool_size=64 - -# Size of RPC connection pool (integer value) -#rpc_conn_pool_size=30 - -# Seconds to wait for a response from call or multicall -# (integer value) -#rpc_response_timeout=60 - -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 - -# Modules of exceptions that are permitted to be recreated -# upon receiving exception data from an rpc call. (list value) -#allowed_rpc_exception_modules=nova.exception,cinder.exception,exceptions - -# If passed, use a fake RabbitMQ provider (boolean value) -#fake_rabbit=false - -# AMQP exchange to connect to if using RabbitMQ or Qpid -# (string value) -#control_exchange=openstack - - -# -# Options defined in ceilometer.openstack.common.rpc.amqp -# - -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false - - -# -# Options defined in ceilometer.openstack.common.rpc.impl_kombu -# - -# If SSL is enabled, the SSL version to use. Valid values are -# TLSv1, SSLv23 and SSLv3. SSLv2 might be available on some -# distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled) (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled) (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL enabled) +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s + +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN + +# Enables or disables publication of error events. (boolean value) +#publish_errors = false + +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false + +# The format for an instance that is passed with the log message. # (string value) -#kombu_ssl_ca_certs= - -# The RabbitMQ broker address where a single node is used +#instance_format = "[instance: %(uuid)s] " + +# The format for an instance UUID that is passed with the log message. # (string value) -rabbit_host = {{ RABBITMQ_HOST }} +#instance_uuid_format = "[instance: %(uuid)s] " - -# The RabbitMQ broker port where a single node is used -# (integer value) -rabbit_port= {{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ (boolean value) -rabbit_use_ssl=false - -# The RabbitMQ userid (string value) -rabbit_userid= {{ RABBITMQ_USER }} - -# The RabbitMQ password (string value) -rabbit_password = {{ RABBITMQ_PASSWORD }} +# Exchange name for Heat notifications (string value) +#heat_control_exchange = heat + +# Configuration file for pipeline definition. (string value) +pipeline_cfg_file = pipeline.yaml + +# Configuration file for event pipeline definition. (string value) +event_pipeline_cfg_file = event_pipeline.yaml + +# Exchange name for DBaaS notifications. (string value) +#trove_control_exchange = trove + +# Exchange name for Messaging service notifications. (string value) +#zaqar_control_exchange = zaqar + +# Source for samples emitted on this instance. (string value) +# Deprecated group/name - [DEFAULT]/counter_source +#sample_source = openstack + +# Name of this node, which must be valid in an AMQP key. Can be an +# opaque identifier. For ZeroMQ only, must be a valid host name, FQDN, +# or IP address. (string value) +#host = noisecell + +# Number of workers for collector service. A single collector is +# enabled by default. (integer value) +#collector_workers = 1 + +# Number of workers for notification service. A single notification +# agent is enabled by default. (integer value) +#notification_workers = 1 + +# Timeout seconds for HTTP requests. Set it to None to disable +# timeout. (integer value) +#http_timeout = 600 + +# DEPRECATED - Database connection string. (string value) +#database_connection = <None> + +# Path to the rootwrap configuration file touse for running commands +# as root (string value) +rootwrap_config = /etc/ceilometer/rootwrap.conf + +# Exchange name for Cinder notifications. (string value) +cinder_control_exchange = cinder - -# The RabbitMQ virtual host (string value) -rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count) (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - - -# -# Options defined in ceilometer.openstack.common.rpc.impl_qpid -# - -# Qpid broker hostname (string value) -#qpid_hostname=localhost - -# Qpid broker port (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for qpid connection (string value) -#qpid_username= - -# Password for qpid connection (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl' (string value) -#qpid_protocol=tcp - -# Disable Nagle algorithm (boolean value) -#qpid_tcp_nodelay=true - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - - # -# Options defined in ceilometer.openstack.common.rpc.impl_zmq +# From oslo.messaging # - + # ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* - -# MatchMaker driver (string value) -#rpc_zmq_matchmaker=ceilometer.openstack.common.rpc.matchmaker.MatchMakerLocalhost - -# ZeroMQ receiver listening port (integer value) -#rpc_zmq_port=9501 - -# Number of ZeroMQ contexts, defaults to 1 (integer value) -#rpc_zmq_contexts=1 - -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> - -# Directory for holding IPC sockets (string value) -#rpc_zmq_ipc_dir=/var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=ceilometer - - -# -# Options defined in ceilometer.openstack.common.rpc.matchmaker -# - -# Heartbeat frequency (integer value) -#matchmaker_heartbeat_freq=300 - +# interface, or IP. The "host" option should point or resolve to this +# address. (string value) +#rpc_zmq_bind_address = * + +# MatchMaker driver. (string value) +#rpc_zmq_matchmaker = local + +# ZeroMQ receiver listening port. (integer value) +#rpc_zmq_port = 9501 + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts = 1 + +# Maximum number of ingress messages to locally buffer per topic. +# Default is unlimited. (integer value) +#rpc_zmq_topic_backlog = <None> + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir = /var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP address. +# Must match "host" option, if running Nova. (string value) +#rpc_zmq_host = localhost + +# Seconds to wait before a cast expires (TTL). Only supported by +# impl_zmq. (integer value) +#rpc_cast_timeout = 30 + +# Heartbeat frequency. (integer value) +#matchmaker_heartbeat_freq = 300 + # Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 - - -# -# Options defined in ceilometer.orchestration.notifications -# - -# Exchange name for Heat notifications (string value) -#heat_control_exchange=heat - - -# -# Options defined in ceilometer.storage -# - -# DEPRECATED - Database connection string. (string value) -#database_connection=<None> - - -# -# Options defined in ceilometer.storage.sqlalchemy.models -# - -# MySQL engine to use. (string value) -#mysql_engine=InnoDB - - -# -# Options defined in ceilometer.volume.notifications -# - -# Exchange name for Cinder notifications. (string value) -cinder_control_exchange=cinder - - +#matchmaker_heartbeat_ttl = 600 + +# Size of RPC thread pool. (integer value) +#rpc_thread_pool_size = 64 + +# Driver or drivers to handle sending notifications. (multi valued) +#notification_driver = + +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +#notification_topics = notifications + +# Seconds to wait for a response from a call. (integer value) +#rpc_response_timeout = 60 + +# A URL representing the messaging driver to use and its full +# configuration. If not set, we fall back to the rpc_backend option +# and driver specific configuration. (string value) +#transport_url = <None> + +# The messaging driver to use, defaults to rabbit. Other drivers +# include qpid and zmq. (string value) +rpc_backend = rabbit + +# The default exchange under which topics are scoped. May be +# overridden by an exchange name specified in the transport_url +# option. (string value) +#control_exchange = openstack + + [alarm] - -# -# Options defined in ceilometer.cli -# - -# Class to launch as alarm evaluation service. (string value) -#evaluation_service=ceilometer.alarm.service.SingletonAlarmService - - + # -# Options defined in ceilometer.alarm.notifier.rest +# From ceilometer # - + # SSL Client certificate for REST notifier. (string value) -#rest_notifier_certificate_file= - +#rest_notifier_certificate_file = + # SSL Client private key for REST notifier. (string value) -#rest_notifier_certificate_key= - -# Whether to verify the SSL Server certificate when calling -# alarm action. (boolean value) -#rest_notifier_ssl_verify=true - - -# -# Options defined in ceilometer.alarm.rpc -# - -# The topic that ceilometer uses for alarm notifier messages. -# (string value) -#notifier_rpc_topic=alarm_notifier - -# The topic that ceilometer uses for alarm partition -# coordination messages. (string value) -#partition_rpc_topic=alarm_partition_coordination - - -# -# Options defined in ceilometer.alarm.service -# - -# Period of evaluation cycle, should be >= than configured -# pipeline interval for collection of underlying metrics. -# (integer value) +#rest_notifier_certificate_key = + +# Whether to verify the SSL Server certificate when calling alarm +# action. (boolean value) +#rest_notifier_ssl_verify = true + +# Number of retries for REST notifier (integer value) +#rest_notifier_max_retries = 0 + +# Period of evaluation cycle, should be >= than configured pipeline +# interval for collection of underlying metrics. (integer value) # Deprecated group/name - [alarm]/threshold_evaluation_interval -#evaluation_interval=60 - - -# -# Options defined in ceilometer.api.controllers.v2 -# - +#evaluation_interval = 60 + +# The topic that ceilometer uses for alarm notifier messages. (string +# value) +notifier_rpc_topic = alarm_notifier + +# The topic that ceilometer uses for alarm partition coordination +# messages. DEPRECATED: RPC-based partitionedalarm evaluation service +# will be removed in Kilo in favour of the default alarm evaluation +# service using tooz for partitioning. (string value) +#partition_rpc_topic = alarm_partition_coordination + +# URL to Gnocchi. (string value) +#gnocchi_url = http://localhost:8041 + # Record alarm change events. (boolean value) -#record_history=true - - +#record_history = true + +# Maximum number of alarms defined for a user. (integer value) +#user_alarm_quota = <None> + +# Maximum number of alarms defined for a project. (integer value) +#project_alarm_quota = <None> + +# Driver to use for alarm evaluation service. DEPRECATED: "singleton" +# and "partitioned" alarm evaluator services will be removed in Kilo +# in favour of the default alarm evaluation service using tooz for +# partitioning. (string value) +#evaluation_service = default + + [api] - + # -# Options defined in ceilometer.api +# From ceilometer # - + # The port for the ceilometer API server. (integer value) # Deprecated group/name - [DEFAULT]/metering_api_port -#port=8777 - +port = 8777 + # The listen IP for the ceilometer API server. (string value) -#host=0.0.0.0 - - +host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +# Toggle Pecan Debug Middleware. (boolean value) +#pecan_debug = false + + +[central] + +# +# From ceilometer +# + +# Work-load partitioning group prefix. Use only if you want to run +# multiple polling agents with different config files. For each sub- +# group of the agent pool with the same partitioning_group_prefix a +# disjoint subset of pollsters should be loaded. (string value) +# Deprecated group/name - [central]/partitioning_group_prefix +#partitioning_group_prefix = <None> + + [collector] - + # -# Options defined in ceilometer.collector +# From ceilometer # - -# Address to which the UDP socket is bound. Set to an empty -# string to disable. (string value) -#udp_address=0.0.0.0 - + +# Address to which the UDP socket is bound. Set to an empty string to +# disable. (string value) +#udp_address = 0.0.0.0 + # Port to which the UDP socket is bound. (integer value) -#udp_port=4952 - - +#udp_port = 4952 + +# Requeue the sample on the collector sample queue when the collector +# fails to dispatch it. This is only valid if the sample come from the +# notifier publisher. (boolean value) +#requeue_sample_on_dispatcher_error = false + +# Requeue the event on the collector event queue when the collector +# fails to dispatch it. (boolean value) +#requeue_event_on_dispatcher_error = false + + +[compute] + +# +# From ceilometer +# + +# Enable work-load partitioning, allowing multiple compute agents to +# be run simultaneously. (boolean value) +#workload_partitioning = false + + +[coordination] + +# +# From ceilometer +# + +# The backend URL to use for distributed coordination. If left empty, +# per-deployment central agent and per-host compute agent won't do +# workload partitioning and will only function correctly if a single +# instance of that service is running. (string value) +#backend_url = <None> + +# Number of seconds between heartbeats for distributed coordination. +# (floating point value) +#heartbeat = 1.0 + +# Number of seconds between checks to see if group membership has +# changed (floating point value) +#check_watchers = 10.0 + + [database] - + # -# Options defined in ceilometer.openstack.common.db.api +# From ceilometer # - -# The backend to use for db (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy - - + +# Number of seconds that samples are kept in the database for (<= 0 +# means forever). (integer value) +# Deprecated group/name - [database]/time_to_live +#metering_time_to_live = -1 + +# Number of seconds that events are kept in the database for (<= 0 +# means forever). (integer value) +#event_time_to_live = -1 + +# The connection string used to connect to the metering database. (if +# unset, connection is used) (string value) +#metering_connection = <None> + +# The connection string used to connect to the alarm database. (if +# unset, connection is used) (string value) +#alarm_connection = <None> + +# The connection string used to connect to the event database. (if +# unset, connection is used) (string value) +#event_connection = <None> + +# The name of the replica set which is used to connect to MongoDB +# database. If it is set, MongoReplicaSetClient will be used instead +# of MongoClient. (string value) +#mongodb_replica_set = + +# The max length of resources id in DB2 nosql, the value should be +# larger than len(hostname) * 2 as compute node's resource id is +# <hostname>_<nodename>. (integer value) +#db2nosql_resource_id_maxlen = 512 + # -# Options defined in ceilometer.openstack.common.db.sqlalchemy.session +# From oslo.db # - -# The SQLAlchemy connection string used to connect to the -# database (string value) + +# The file name to use with SQLite. (string value) +# Deprecated group/name - [DEFAULT]/sqlite_db +#sqlite_db = oslo.sqlite + +# If True, SQLite uses synchronous mode. (boolean value) +# Deprecated group/name - [DEFAULT]/sqlite_synchronous +#sqlite_synchronous = true + +# The back end to use for the database. (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend = sqlalchemy + +# The SQLAlchemy connection string to use to connect to the database. +# (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection +#connection = <None> connection=postgresql://{{ CEILOMETER_DB_USER }}:{{ CEILOMETER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ceilometer -# The SQLAlchemy connection string used to connect to the -# slave database (string value) -#slave_connection= - -# Timeout before idle sql connections are reaped (integer -# value) +# The SQLAlchemy connection string to use to connect to the slave +# database. (string value) +#slave_connection = <None> + +# The SQL mode to be used for MySQL sessions. This option, including +# the default, overrides any server-set SQL mode. To use whatever SQL +# mode is set by the server configuration, set this to no value. +# Example: mysql_sql_mode= (string value) +#mysql_sql_mode = TRADITIONAL + +# Timeout before idle SQL connections are reaped. (integer value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool -# (integer value) +#idle_timeout = 3600 + +# Minimum number of SQL connections to keep open in a pool. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool -# (integer value) +#min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size=<None> - -# Maximum db connection retries during startup. (setting -1 -# implies an infinite retry count) (integer value) +#max_pool_size = <None> + +# Maximum number of database connection retries during startup. Set to +# -1 to specify an infinite retry count. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 - -# Interval between retries of opening a sql connection -# (integer value) +#max_retries = 10 + +# Interval between retries of opening a SQL connection. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 - -# If set, use this value for max_overflow with sqlalchemy -# (integer value) +#retry_interval = 10 + +# If set, use this value for max_overflow with SQLAlchemy. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow=<None> - -# Verbosity of SQL debugging information. 0=None, -# 100=Everything (integer value) +#max_overflow = <None> + +# Verbosity of SQL debugging information: 0=None, 100=Everything. +# (integer value) # Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 - -# Add python stack traces to SQL as comment strings (boolean -# value) +#connection_debug = 0 + +# Add Python stack traces to SQL as comment strings. (boolean value) # Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false - -# If set, use this value for pool_timeout with sqlalchemy -# (integer value) +#connection_trace = false + +# If set, use this value for pool_timeout with SQLAlchemy. (integer +# value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout=<None> - - -# -# Options defined in ceilometer.storage -# - -# Number of seconds that samples are kept in the database for -# (<= 0 means forever). (integer value) -#time_to_live=-1 - - +#pool_timeout = <None> + +# Enable the experimental use of database reconnect on connection +# lost. (boolean value) +#use_db_reconnect = false + +# Seconds between retries of a database transaction. (integer value) +#db_retry_interval = 1 + +# If True, increases the interval between retries of a database +# operation up to db_max_retry_interval. (boolean value) +#db_inc_retry_interval = true + +# If db_inc_retry_interval is set, the maximum seconds between retries +# of a database operation. (integer value) +#db_max_retry_interval = 10 + +# Maximum retries in case of connection error or deadlock error before +# error is raised. Set to -1 to specify an infinite retry count. +# (integer value) +#db_max_retries = 20 + + [dispatcher_file] - + # -# Options defined in ceilometer.dispatcher.file +# From ceilometer # - -# Name and the location of the file to record meters. (string -# value) -#file_path=<None> - + +# Name and the location of the file to record meters. (string value) +#file_path = <None> + # The max size of the file. (integer value) -#max_bytes=0 - +#max_bytes = 0 + # The max number of the files to keep. (integer value) -#backup_count=0 - - +#backup_count = 0 + + [event] - + # -# Options defined in ceilometer.event.converter +# From ceilometer # - + # Configuration file for event definitions. (string value) -#definitions_cfg_file=event_definitions.yaml - -# Drop notifications if no event definition matches. -# (Otherwise, we convert them with just the default traits) -# (boolean value) -#drop_unmatched_notifications=false - - +definitions_cfg_file = event_definitions.yaml + +# Drop notifications if no event definition matches. (Otherwise, we +# convert them with just the default traits) (boolean value) +#drop_unmatched_notifications = false + +# Store the raw notification for select priority levels (info and/or +# error). By default, raw details are not captured. (multi valued) +#store_raw = + + +[hardware] + +# +# From ceilometer +# + +# URL scheme to use for hardware nodes. (string value) +#url_scheme = snmp:// + +# SNMPd user name of all nodes running in the cloud. (string value) +#readonly_user_name = ro_snmp_user + +# SNMPd password of all the nodes running in the cloud. (string value) +#readonly_user_password = password + + +[ipmi] + +# +# From ceilometer +# + +# Number of retries upon Intel Node Manager initialization failure +# (integer value) +#node_manager_init_retry = 3 + +# Tolerance of IPMI/NM polling failures before disable this pollster. +# Negative indicates retrying forever. (integer value) +#polling_retry = 3 + + [keystone_authtoken] - + # -# Options defined in keystoneclient.middleware.auth_token +# From keystonemiddleware.auth_token # - -# Prefix to prepend at the beginning of the path (string -# value) -#auth_admin_prefix= - -# Host providing the admin Identity API endpoint (string + +# Complete public Identity API endpoint. (string value) +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + +# API version of the admin Identity API endpoint. (string value) +#auth_version = <None> + +# Do not handle authorization requests within the middleware, but +# delegate the authorization decision to downstream WSGI components. +# (boolean value) +#delay_auth_decision = false + +# Request timeout value for communicating with Identity API server. +# (integer value) +#http_connect_timeout = <None> + +# How many times are we trying to reconnect when communicating with +# Identity API Server. (integer value) +#http_request_max_retries = 3 + +# Env key for the swift cache. (string value) +#cache = <None> + +# Required if identity server requires client certificate (string # value) -#auth_host=127.0.0.1 - -# Port of the admin Identity API endpoint (integer value) -#auth_port=35357 - -# Protocol of the admin Identity API endpoint(http or https) -# (string value) -#auth_protocol=https - -# Complete public Identity API endpoint (string value) -auth_uri= http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +#certfile = <None> - -# API version of the admin Identity API endpoint (string +# Required if identity server requires client certificate (string # value) -#auth_version=<None> - -# Do not handle authorization requests within the middleware, -# but delegate the authorization decision to downstream WSGI -# components (boolean value) -#delay_auth_decision=false - -# Request timeout value for communicating with Identity API -# server. (boolean value) -#http_connect_timeout=<None> - -# How many times are we trying to reconnect when communicating -# with Identity API Server. (integer value) -#http_request_max_retries=3 - -# Allows to pass in the name of a fake http_handler callback -# function used instead of httplib.HTTPConnection or -# httplib.HTTPSConnection. Useful for unit testing where -# network is not available. (string value) -#http_handler=<None> - -# Single shared secret with the Keystone configuration used -# for bootstrapping a Keystone installation, or otherwise -# bypassing the normal authentication process. (string value) -#admin_token=<None> - -# Keystone account username (string value) -admin_user = {{ CEILOMETER_SERVICE_USER }} - -# Keystone account password (string value) -admin_password = {{ CEILOMETER_SERVICE_PASSWORD }} - -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name = service - -# Env key for the swift cache (string value) -#cache=<None> - -# Required if Keystone server requires client certificate -# (string value) -#certfile=<None> - -# Required if Keystone server requires client certificate -# (string value) -#keyfile=<None> - -# A PEM encoded Certificate Authority to use when verifying -# HTTPS connections. Defaults to system CAs. (string value) -#cafile=<None> - +#keyfile = <None> + +# A PEM encoded Certificate Authority to use when verifying HTTPs +# connections. Defaults to system CAs. (string value) +#cafile = <None> + # Verify HTTPS connections. (boolean value) -#insecure=false - -# Directory used to cache files related to PKI tokens (string -# value) -#signing_dir=<None> - -# If defined, the memcache server(s) to use for caching (list +#insecure = false + +# Directory used to cache files related to PKI tokens. (string value) +#signing_dir = <None> + +# Optionally specify a list of memcached server(s) to use for caching. +# If left undefined, tokens will instead be cached in-process. (list # value) # Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers=<None> - -# In order to prevent excessive requests and validations, the -# middleware uses an in-memory cache for the tokens the -# Keystone API returns. This is only valid if memcache_servers -# is defined. Set to -1 to disable caching completely. -# (integer value) -#token_cache_time=300 - -# Value only used for unit testing (integer value) -#revocation_cache_time=1 - -# (optional) if defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable -# values are MAC or ENCRYPT. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token -# data is encrypted and authenticated in the cache. If the -# value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -#memcache_security_strategy=<None> - -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string +#memcached_servers = <None> + +# In order to prevent excessive effort spent validating tokens, the +# middleware caches previously-seen tokens for a configurable duration +# (in seconds). Set to -1 to disable caching completely. (integer # value) -#memcache_secret_key=<None> - -# (optional) indicate whether to set the X-Service-Catalog -# header. If False, middleware will not ask for service -# catalog on token validation and will not set the X-Service- -# Catalog header. (boolean value) -#include_service_catalog=true - -# Used to control the use and type of token binding. Can be -# set to: "disabled" to not check token binding. "permissive" -# (default) to validate binding information if the bind type -# is of a form known to the server and ignore it if not. -# "strict" like "permissive" but if the bind type is unknown -# the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string +#token_cache_time = 300 + +# Determines the frequency at which the list of revoked tokens is +# retrieved from the Identity service (in seconds). A high number of +# revocation events combined with a low cache duration may +# significantly reduce performance. (integer value) +#revocation_cache_time = 10 + +# (Optional) If defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable values are +# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in +# the cache. If ENCRYPT, token data is encrypted and authenticated in +# the cache. If the value is not one of these options or empty, +# auth_token will raise an exception on initialization. (string value) +#memcache_security_strategy = <None> + +# (Optional, mandatory if memcache_security_strategy is defined) This +# string is used for key derivation. (string value) +#memcache_secret_key = <None> + +# (Optional) Number of seconds memcached server is considered dead +# before it is tried again. (integer value) +#memcache_pool_dead_retry = 300 + +# (Optional) Maximum total number of open connections to every +# memcached server. (integer value) +#memcache_pool_maxsize = 10 + +# (Optional) Socket timeout in seconds for communicating with a +# memcache server. (integer value) +#memcache_pool_socket_timeout = 3 + +# (Optional) Number of seconds a connection to memcached is held +# unused in the pool before it is closed. (integer value) +#memcache_pool_unused_timeout = 60 + +# (Optional) Number of seconds that an operation will wait to get a +# memcache client connection from the pool. (integer value) +#memcache_pool_conn_get_timeout = 10 + +# (Optional) Use the advanced (eventlet safe) memcache client pool. +# The advanced pool will only work under python 2.x. (boolean value) +#memcache_use_advanced_pool = false + +# (Optional) Indicate whether to set the X-Service-Catalog header. If +# False, middleware will not ask for service catalog on token +# validation and will not set the X-Service-Catalog header. (boolean # value) -#enforce_token_bind=permissive - - +#include_service_catalog = true + +# Used to control the use and type of token binding. Can be set to: +# "disabled" to not check token binding. "permissive" (default) to +# validate binding information if the bind type is of a form known to +# the server and ignore it if not. "strict" like "permissive" but if +# the bind type is unknown the token will be rejected. "required" any +# form of token binding is needed to be allowed. Finally the name of a +# binding method that must be present in tokens. (string value) +#enforce_token_bind = permissive + +# If true, the revocation list will be checked for cached tokens. This +# requires that PKI tokens are configured on the identity server. +# (boolean value) +#check_revocations_for_cached = false + +# Hash algorithms to use for hashing PKI tokens. This may be a single +# algorithm or multiple. The algorithms are those supported by Python +# standard hashlib.new(). The hashes will be tried in the order given, +# so put the preferred one first for performance. The result of the +# first hash will be stored in the cache. This will typically be set +# to multiple values only while migrating from a less secure algorithm +# to a more secure one. Once all the old tokens are expired this +# option should be set to a single value for better performance. (list +# value) +#hash_algorithms = md5 + +# Prefix to prepend at the beginning of the path. Deprecated, use +# identity_uri. (string value) +#auth_admin_prefix = + +# Host providing the admin Identity API endpoint. Deprecated, use +# identity_uri. (string value) +#auth_host = 127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +#auth_port = 35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +#auth_protocol = https + +# Complete admin Identity API endpoint. This should specify the +# unversioned root endpoint e.g. https://localhost:35357/ (string +# value) +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 + +# This option is deprecated and may be removed in a future release. +# Single shared secret with the Keystone configuration used for +# bootstrapping a Keystone installation, or otherwise bypassing the +# normal authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token = <None> + +# Service username. (string value) +admin_user = {{ CEILOMETER_SERVICE_USER }} + +# Service user password. (string value) +admin_password = {{ CEILOMETER_SERVICE_PASSWORD }} + +# Service tenant name. (string value) +admin_tenant_name = service + + [matchmaker_redis] - + # -# Options defined in ceilometer.openstack.common.rpc.matchmaker_redis +# From oslo.messaging # - -# Host to locate redis (string value) -#host=127.0.0.1 - + +# Host to locate redis. (string value) +#host = 127.0.0.1 + # Use this port to connect to redis host. (integer value) -#port=6379 - -# Password for Redis server. (optional) (string value) -#password=<None> - - +#port = 6379 + +# Password for Redis server (optional). (string value) +#password = <None> + + [matchmaker_ring] - + # -# Options defined in ceilometer.openstack.common.rpc.matchmaker_ring +# From oslo.messaging # - -# Matchmaker ring file (JSON) (string value) + +# Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json - - +#ringfile = /etc/oslo/matchmaker_ring.json + + [notification] - + # -# Options defined in ceilometer.notification +# From ceilometer # - -# Acknowledge message when event persistence fails. (boolean -# value) -#ack_on_event_error=true - + +# Acknowledge message when event persistence fails. (boolean value) +# Deprecated group/name - [collector]/ack_on_event_error +#ack_on_event_error = true + # Save event details. (boolean value) -#store_events=false - - +# Deprecated group/name - [collector]/store_events +#store_events = false + +# WARNING: Ceilometer historically offered the ability to store events +# as meters. This usage is NOT advised as it can flood the metering +# database and cause performance degradation. This option disables the +# collection of non-metric meters and will be the default behavior in +# Liberty. (boolean value) +#disable_non_metric_meters = false + +# Enable workload partitioning, allowing multiple notification agents +# to be run simultaneously. (boolean value) +#workload_partitioning = false + +# Messaging URLs to listen for notifications. Example: +# transport://user:pass@host1:port[,hostN:portN]/virtual_host +# (DEFAULT/transport_url is used if empty) (multi valued) +#messaging_urls = + + +[oslo_concurrency] + +# +# From oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +# Deprecated group/name - [DEFAULT]/disable_process_locking +#disable_process_locking = false + +# Directory to use for lock files. For security, the specified +# directory should only be writable by the user running the processes +# that need locking. Defaults to environment variable OSLO_LOCK_PATH. +# If external locks are used, a lock path must be set. (string value) +# Deprecated group/name - [DEFAULT]/lock_path +#lock_path = <None> + + +[oslo_messaging_amqp] + +# +# From oslo.messaging +# + +# address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +#server_request_prefix = exclusive + +# address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +#broadcast_prefix = broadcast + +# address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +#group_request_prefix = unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +#container_name = <None> + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +#idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +#trace = false + +# CA certificate PEM file for verifing server certificate (string +# value) +# Deprecated group/name - [amqp1]/ssl_ca_file +#ssl_ca_file = + +# Identifying certificate PEM file to present to clients (string +# value) +# Deprecated group/name - [amqp1]/ssl_cert_file +#ssl_cert_file = + +# Private key PEM file used to sign cert_file certificate (string +# value) +# Deprecated group/name - [amqp1]/ssl_key_file +#ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +#ssl_key_password = <None> + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +#allow_insecure_clients = false + + +[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +#qpid_hostname = localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +#qpid_port = 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +#qpid_hosts = $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +#qpid_username = + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +#qpid_password = + +# Space separated list of SASL mechanisms to use for auth. (string +# value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +#qpid_sasl_mechanisms = + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +#qpid_heartbeat = 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +#qpid_protocol = tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +#qpid_tcp_nodelay = true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +#qpid_receiver_capacity = 1 + +# The qpid topology version to use. Version 1 is what was originally +# used by impl_qpid. Version 2 includes some backwards-incompatible +# changes that allow broker federation to work. Users should update +# to version 2 when they are able to take everything down, as it +# requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +#qpid_topology_version = 1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# SSL version to use (valid only if SSL enabled). Valid values are +# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be +# available on some distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +#kombu_ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +#kombu_ssl_keyfile = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +#kombu_ssl_certfile = + +# SSL certification authority file (valid only if SSL enabled). +# (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +#kombu_ssl_ca_certs = + +# How long to wait before reconnecting in response to an AMQP consumer +# cancel notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +#kombu_reconnect_delay = 1.0 + +# The RabbitMQ broker address where a single node is used. (string +# value) +# Deprecated group/name - [DEFAULT]/rabbit_host +rabbit_host = {{ RABBITMQ_HOST }} + +# The RabbitMQ broker port where a single node is used. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_port +rabbit_port = {{ RABBITMQ_PORT }} + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +#rabbit_hosts = $rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +rabbit_use_ssl = false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +rabbit_userid = {{ RABBITMQ_USER }} + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +rabbit_password = {{ RABBITMQ_PASSWORD }} + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +#rabbit_login_method = AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +#rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. +# (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +#rabbit_retry_backoff = 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +#rabbit_max_retries = 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this +# option, you must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +#rabbit_ha_queues = false + +# Number of seconds after which the Rabbit broker is considered down +# if heartbeat's keep-alive fails (0 disables the heartbeat, >0 +# enables it. Enabling heartbeats requires kombu>=3.0.7 and +# amqp>=1.4.0). EXPERIMENTAL (integer value) +#heartbeat_timeout_threshold = 0 + +# How often times during the heartbeat_timeout_threshold we check the +# heartbeat. (integer value) +#heartbeat_rate = 2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +#fake_rabbit = false + + +[oslo_policy] + +# +# From oslo.policy +# + +# The JSON file that defines policies. (string value) +# Deprecated group/name - [DEFAULT]/policy_file +policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. (string +# value) +# Deprecated group/name - [DEFAULT]/policy_default_rule +policy_default_rule = default + +# Directories where policy configuration files are stored. They can be +# relative to any directory in the search path defined by the +# config_dir option, or absolute paths. The file defined by +# policy_file must exist for these directories to be searched. +# Missing or empty directories are ignored. (multi valued) +# Deprecated group/name - [DEFAULT]/policy_dirs +#policy_dirs = policy.d + + +[polling] + +# +# From ceilometer +# + +# Work-load partitioning group prefix. Use only if you want to run +# multiple polling agents with different config files. For each sub- +# group of the agent pool with the same partitioning_group_prefix a +# disjoint subset of pollsters should be loaded. (string value) +# Deprecated group/name - [central]/partitioning_group_prefix +#partitioning_group_prefix = <None> + + [publisher] - + # -# Options defined in ceilometer.publisher.utils +# From ceilometer # - -# Secret value for signing metering messages. (string value) + +# Secret value for signing messages. Set value empty if signing is not +# required to avoid computational overhead. (string value) # Deprecated group/name - [DEFAULT]/metering_secret # Deprecated group/name - [publisher_rpc]/metering_secret -# It should be set to some random value -metering_secret = {{ METERING_SECRET }} - +# Deprecated group/name - [publisher]/metering_secret +#telemetry_secret = change this for valid signing + + +[publisher_notifier] + +# +# From ceilometer +# + +# The topic that ceilometer uses for metering notifications. (string +# value) +#metering_topic = metering + +# The topic that ceilometer uses for event notifications. (string +# value) +#event_topic = event + +# The driver that ceilometer uses for metering notifications. (string +# value) +# Deprecated group/name - [DEFAULT]/metering_driver +#telemetry_driver = messagingv2 + + [publisher_rpc] - + # -# Options defined in ceilometer.publisher.rpc +# From ceilometer # - -# The topic that ceilometer uses for metering messages. -# (string value) -#metering_topic=metering - - -[rpc_notifier2] - -# -# Options defined in ceilometer.openstack.common.notifier.rpc_notifier2 -# - -# AMQP topic(s) used for OpenStack notifications (list value) -#topics=notifications - - + +# The topic that ceilometer uses for metering messages. (string value) +# Deprecated group/name - [DEFAULT]/metering_topic +#metering_topic = metering + + +[rgw_admin_credentials] + +# +# From ceilometer +# + +# Access key for Radosgw Admin. (string value) +#access_key = <None> + +# Secret key for Radosgw Admin. (string value) +#secret_key = <None> + + [service_credentials] - + # -# Options defined in ceilometer.service +# From ceilometer # - -# User name to use for OpenStack service access. (string -# value) + +# User name to use for OpenStack service access. (string value) +# Deprecated group/name - [DEFAULT]/os_username os_username = {{ CEILOMETER_SERVICE_USER }} - + # Password to use for OpenStack service access. (string value) +# Deprecated group/name - [DEFAULT]/os_password os_password = {{ CEILOMETER_SERVICE_PASSWORD }} - -# Tenant ID to use for OpenStack service access. (string -# value) -#os_tenant_id= - -# Tenant name to use for OpenStack service access. (string -# value) + +# Tenant ID to use for OpenStack service access. (string value) +# Deprecated group/name - [DEFAULT]/os_tenant_id +#os_tenant_id = + +# Tenant name to use for OpenStack service access. (string value) +# Deprecated group/name - [DEFAULT]/os_tenant_name os_tenant_name = service - + # Certificate chain for SSL validation. (string value) -#os_cacert=<None> - +#os_cacert = <None> + # Auth URL to use for OpenStack service access. (string value) +# Deprecated group/name - [DEFAULT]/os_auth_url os_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -# Region name to use for OpenStack service endpoints. (string -# value) -os_region_name=regionOne - +# Region name to use for OpenStack service endpoints. (string value) +# Deprecated group/name - [DEFAULT]/os_region_name +os_region_name = regionOne + # Type of endpoint in Identity service catalog to use for # communication with OpenStack services. (string value) -os_endpoint_type=internalURL - -# Disables X.509 certificate validation when an SSL connection -# to Identity Service is established. (boolean value) -#insecure=false - - -[ssl] - -# -# Options defined in ceilometer.openstack.common.sslutils -# - -# CA certificate file to use to verify connecting clients -# (string value) -#ca_file=<None> - -# Certificate file to use when starting the server securely -# (string value) -#cert_file=<None> - -# Private key file to use when starting the server securely -# (string value) -#key_file=<None> - - +os_endpoint_type = internalURL + +# Disables X.509 certificate validation when an SSL connection to +# Identity Service is established. (boolean value) +#insecure = false + + +[service_types] + +# +# From ceilometer +# + +# Kwapi service type. (string value) +#kwapi = energy + +# Glance service type. (string value) +glance = image + +# Neutron service type. (string value) +neutron = network + +# Nova service type. (string value) +nova = compute + +# Radosgw service type. (string value) +#radosgw = object-store + +# Swift service type. (string value) +#swift = object-store + + [vmware] - -# -# Options defined in ceilometer.compute.virt.vmware.inspector -# - -# IP address of the VMware Vsphere host (string value) -#host_ip= - -# Username of VMware Vsphere (string value) -#host_username= - -# Password of VMware Vsphere (string value) -#host_password= - -# Number of times a VMware Vsphere API must be retried -# (integer value) -#api_retry_count=10 - -# Sleep time in seconds for polling an ongoing async task -# (floating point value) -#task_poll_interval=0.5 + +# +# From ceilometer +# + +# IP address of the VMware Vsphere host. (string value) +#host_ip = + +# Port of the VMware Vsphere host. (integer value) +#host_port = 443 + +# Username of VMware Vsphere. (string value) +#host_username = + +# Password of VMware Vsphere. (string value) +#host_password = + +# Number of times a VMware Vsphere API may be retried. (integer value) +#api_retry_count = 10 + +# Sleep time in seconds for polling an ongoing async task. (floating +# point value) +#task_poll_interval = 0.5 + +# Optional vim service WSDL location e.g +# http://<server>/vimService.wsdl. Optional over-ride to default +# location for bug work-arounds. (string value) +#wsdl_location = <None> + + +[xenapi] + +# +# From ceilometer +# + +# URL for connection to XenServer/Xen Cloud Platform. (string value) +#connection_url = <None> + +# Username for connection to XenServer/Xen Cloud Platform. (string +# value) +#connection_username = root + +# Password for connection to XenServer/Xen Cloud Platform. (string +# value) +#connection_password = <None> + +# Timeout in seconds for XenAPI login. (integer value) +#login_timeout = 10 diff --git a/install-files/openstack/usr/share/openstack/cinder-db.yml b/install-files/openstack/usr/share/openstack/cinder-db.yml index 2a211720..5f89da37 100644 --- a/install-files/openstack/usr/share/openstack/cinder-db.yml +++ b/install-files/openstack/usr/share/openstack/cinder-db.yml @@ -54,7 +54,6 @@ sudo_user: cinder - name: Initiate cinder database - cinder_manage: - action: dbsync + command: cinder-manage db sync sudo: yes sudo_user: cinder diff --git a/install-files/openstack/usr/share/openstack/cinder/api-paste.ini b/install-files/openstack/usr/share/openstack/cinder/api-paste.ini deleted file mode 100644 index ba922d5f..00000000 --- a/install-files/openstack/usr/share/openstack/cinder/api-paste.ini +++ /dev/null @@ -1,60 +0,0 @@ -############# -# OpenStack # -############# - -[composite:osapi_volume] -use = call:cinder.api:root_app_factory -/: apiversions -/v1: openstack_volume_api_v1 -/v2: openstack_volume_api_v2 - -[composite:openstack_volume_api_v1] -use = call:cinder.api.middleware.auth:pipeline_factory -noauth = request_id faultwrap sizelimit osprofiler noauth apiv1 -keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 -keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 - -[composite:openstack_volume_api_v2] -use = call:cinder.api.middleware.auth:pipeline_factory -noauth = request_id faultwrap sizelimit osprofiler noauth apiv2 -keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 -keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 - -[filter:request_id] -paste.filter_factory = cinder.openstack.common.middleware.request_id:RequestIdMiddleware.factory - -[filter:faultwrap] -paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes - -[filter:noauth] -paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory - -[filter:sizelimit] -paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory - -[app:apiv1] -paste.app_factory = cinder.api.v1.router:APIRouter.factory - -[app:apiv2] -paste.app_factory = cinder.api.v2.router:APIRouter.factory - -[pipeline:apiversions] -pipeline = faultwrap osvolumeversionapp - -[app:osvolumeversionapp] -paste.app_factory = cinder.api.versions:Versions.factory - -########## -# Shared # -########## - -[filter:keystonecontext] -paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/install-files/openstack/usr/share/openstack/cinder/cinder.conf b/install-files/openstack/usr/share/openstack/cinder/cinder.conf index a58004b5..f3e4f11c 100644 --- a/install-files/openstack/usr/share/openstack/cinder/cinder.conf +++ b/install-files/openstack/usr/share/openstack/cinder/cinder.conf @@ -1,133 +1,18 @@ [DEFAULT] +use_syslog = True + # # Options defined in oslo.messaging # -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in AMQP. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on -# some distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} - -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake -# (boolean value) -#fake_rabbit=false - # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) #rpc_zmq_bind_address=* # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker=local # ZeroMQ receiver listening port. (integer value) #rpc_zmq_port=9501 @@ -157,7 +42,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }} # Heartbeat time-to-live. (integer value) #matchmaker_heartbeat_ttl=600 -# Size of RPC greenthread pool. (integer value) +# Size of RPC thread pool. (integer value) #rpc_thread_pool_size=64 # Driver or drivers to handle sending notifications. (multi @@ -306,6 +191,12 @@ control_exchange=cinder # with big service catalogs). (integer value) #max_header_line=16384 +# Timeout for client connections' socket operations. If an +# incoming connection is idle for this number of seconds it +# will be closed. A value of '0' means wait forever. (integer +# value) +#client_socket_timeout=900 + # If False, closes the client socket connection explicitly. # Setting it to True to maintain backward compatibility. # Recommended setting is set it to False. (boolean value) @@ -372,13 +263,41 @@ control_exchange=cinder # +# Options defined in cinder.api.views.versions +# + +# Public url to use for versions endpoint. The default is +# None, which will use the request's host_url attribute to +# populate the URL base. If Cinder is operating behind a +# proxy, you will want to change this to represent the proxy's +# URL. (string value) +#public_endpoint=<None> + + +# +# Options defined in cinder.backup.chunkeddriver +# + +# Compression algorithm (None to disable) (string value) +#backup_compression_algorithm=zlib + + +# # Options defined in cinder.backup.driver # # Backup metadata version to be used when backing up volume # metadata. If this number is bumped, make sure the service # doing the restore supports the new version. (integer value) -#backup_metadata_version=1 +#backup_metadata_version=2 + +# The number of chunks or objects, for which one Ceilometer +# notification will be sent (integer value) +#backup_object_number_per_notification=10 + +# Interval, in seconds, between two progress notifications +# reporting the backup status (integer value) +#backup_timer_interval=120 # @@ -415,6 +334,42 @@ control_exchange=cinder # +# Options defined in cinder.backup.drivers.nfs +# + +# The maximum size in bytes of the files used to hold backups. +# If the volume being backed up exceeds this size, then it +# will be backed up into multiple files. (integer value) +#backup_file_size=1999994880 + +# The size in bytes that changes are tracked for incremental +# backups. backup_swift_object_size has to be multiple of +# backup_swift_block_size. (integer value) +#backup_sha_block_size_bytes=32768 + +# Enable or Disable the timer to send the periodic progress +# notifications to Ceilometer when backing up the volume to +# the backend storage. The default value is True to enable the +# timer. (boolean value) +#backup_enable_progress_timer=true + +# Base dir containing mount point for NFS share. (string +# value) +#backup_mount_point_base=$state_path/backup_mount + +# NFS share in fqdn:path, ipv4addr:path, or "[ipv6addr]:path" +# format. (string value) +#backup_share=<None> + +# Mount options passed to the NFS client. See NFS man page for +# details. (string value) +#backup_mount_options=<None> + +# Custom container to use for backups. (string value) +#backup_container=<None> + + +# # Options defined in cinder.backup.drivers.swift # @@ -450,6 +405,11 @@ control_exchange=cinder # The size in bytes of Swift backup objects (integer value) #backup_swift_object_size=52428800 +# The size in bytes that changes are tracked for incremental +# backups. backup_swift_object_size has to be multiple of +# backup_swift_block_size. (integer value) +#backup_swift_block_size=32768 + # The number of retries to make for Swift operations (integer # value) #backup_swift_retry_attempts=3 @@ -458,8 +418,11 @@ control_exchange=cinder # value) #backup_swift_retry_backoff=2 -# Compression algorithm (None to disable) (string value) -#backup_compression_algorithm=zlib +# Enable or Disable the timer to send the periodic progress +# notifications to Ceilometer when backing up the volume to +# the Swift backend storage. The default value is True to +# enable the timer. (boolean value) +#backup_swift_enable_progress_timer=true # @@ -487,6 +450,34 @@ control_exchange=cinder # +# Options defined in cinder.cmd.volume +# + +# Backend override of host value. (string value) +# Deprecated group/name - [DEFAULT]/host +#backend_host=<None> + + +# +# Options defined in cinder.cmd.volume_usage_audit +# + +# If this option is specified then the start time specified is +# used instead of the start time of the last completed audit +# period. (string value) +#start_time=<None> + +# If this option is specified then the end time specified is +# used instead of the end time of the last completed audit +# period. (string value) +#end_time=<None> + +# Send the volume and snapshot create and delete notifications +# generated in the specified period. (boolean value) +#send_actions=false + + +# # Options defined in cinder.common.config # @@ -626,7 +617,7 @@ auth_strategy=keystone # value) #enabled_backends=<None> -# Whether snapshots count against GigaByte quota (boolean +# Whether snapshots count against gigabyte quota (boolean # value) #no_snapshot_gb_quota=false @@ -642,6 +633,19 @@ auth_strategy=keystone # (string value) #consistencygroup_api_class=cinder.consistencygroup.api.API +# OpenStack privileged account username. Used for requests to +# other services (such as Nova) that require an account with +# special rights. (string value) +#os_privileged_user_name=<None> + +# Password associated with the OpenStack privileged account. +# (string value) +#os_privileged_user_password=<None> + +# Tenant name associated with the OpenStack privileged +# account. (string value) +#os_privileged_user_tenant=<None> + # # Options defined in cinder.compute @@ -659,11 +663,11 @@ auth_strategy=keystone # Match this value when searching for nova in the service # catalog. Format is: separated values of the form: # <service_type>:<service_name>:<endpoint_type> (string value) -#nova_catalog_info=compute:nova:publicURL +#nova_catalog_info=compute:Compute Service:publicURL # Same as nova_catalog_info, but for admin endpoint. (string # value) -#nova_catalog_admin_info=compute:nova:adminURL +#nova_catalog_admin_info=compute:Compute Service:adminURL # Override service catalog lookup with template for nova # endpoint e.g. http://localhost:8774/v2/%(project_id)s @@ -690,9 +694,6 @@ auth_strategy=keystone # Options defined in cinder.db.api # -# The backend to use for db (string value) -#db_backend=sqlalchemy - # Services to be added to the available pool on create # (boolean value) #enable_new_services=true @@ -703,11 +704,11 @@ volume_name_template=volume-%s # Template string to be used to generate snapshot names # (string value) -#snapshot_name_template=snapshot-%s +snapshot_name_template=snapshot-%s # Template string to be used to generate backup names (string # value) -#backup_name_template=backup-%s +backup_name_template=backup-%s # @@ -756,112 +757,6 @@ volume_name_template=volume-%s # -# Options defined in cinder.openstack.common.lockutils -# - -# Whether to disable inter-process locks (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. Default to a temp directory -# (string value) -lock_path=/var/lock/cinder - - -# -# Options defined in cinder.openstack.common.log -# - -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> - -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format=<None> - -# Format string for %%(asctime)s in log records. Default: -# %(default)s . (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> - -# (Optional) The base directory used for relative --log-file -# paths. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> - -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and will change in J to honor RFC5424. (boolean -# value) -use_syslog = True - -# (Optional) Enables or disables syslog rfc5424 format for -# logging. If enabled, prefixes the MSG part of the syslog -# message with APP-NAME (RFC5424). The format without the APP- -# NAME is deprecated in I, and will be removed in J. (boolean -# value) -#use_syslog_rfc_format=false - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility=LOG_USER - - -# # Options defined in cinder.openstack.common.periodic_task # @@ -881,6 +776,23 @@ use_syslog = True # (string value) #policy_default_rule=default +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. The +# file defined by policy_file must exist for these directories +# to be searched. Missing or empty directories are ignored. +# (multi valued) +#policy_dirs=policy.d + + +# +# Options defined in cinder.openstack.common.versionutils +# + +# Enables or disables fatal status of deprecations. (boolean +# value) +#fatal_deprecations=false + # # Options defined in cinder.scheduler.driver @@ -995,12 +907,12 @@ use_syslog = True # volume (integer value) #num_iser_scan_tries=3 -# The maximum number of iSER target IDs per host (integer -# value) -#iser_num_targets=100 +# This option is deprecated and unused. It will be removed in +# the Liberty release. (integer value) +#iser_num_targets=<None> # Prefix for iSER volumes (string value) -#iser_target_prefix=iqn.2010-10.org.iser.openstack: +#iser_target_prefix=iqn.2010-10.org.openstack: # The IP address that the iSER daemon is listening on (string # value) @@ -1022,9 +934,9 @@ use_syslog = True # value) #reserved_percentage=0 -# The maximum number of iSCSI target IDs per host (integer -# value) -#iscsi_num_targets=100 +# This option is deprecated and unused. It will be removed in +# the Liberty release. (integer value) +#iscsi_num_targets=<None> # Prefix for iSCSI volumes (string value) #iscsi_target_prefix=iqn.2010-10.org.openstack: @@ -1033,9 +945,13 @@ use_syslog = True # value) iscsi_ip_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +# The list of secondary IP addresses of the iSCSI daemon (list +# value) +#iscsi_secondary_ip_addresses= + # The port that the iSCSI daemon is listening on (integer # value) -#iscsi_port=3260 +iscsi_port=3260 # The maximum number of times to rescan targets to find volume # (integer value) @@ -1051,13 +967,17 @@ volume_backend_name=LVM_iSCSI # value) #use_multipath_for_image_xfer=false -# Method used to wipe old volumes (valid options are: none, -# zero, shred) (string value) -#volume_clear=zero +# If this is set to True, attachment of volumes for image +# transfer will be aborted when multipathd is not running. +# Otherwise, it will fallback to single path. (boolean value) +#enforce_multipath_for_image_xfer=false + +# Method used to wipe old volumes (string value) +volume_clear=zero # Size in MiB to wipe at start of old volumes. 0 => all # (integer value) -#volume_clear_size=0 +volume_clear_size=50 # The flag to pass to ionice to alter the i/o priority of the # process used to zero a volume after deletion, for example @@ -1065,8 +985,10 @@ volume_backend_name=LVM_iSCSI #volume_clear_ionice=<None> # iSCSI target user-land tool to use. tgtadm is default, use -# lioadm for LIO iSCSI support, iseradm for the ISER protocol, -# or fake for testing. (string value) +# lioadm for LIO iSCSI support, scstadmin for SCST target +# support, iseradm for the ISER protocol, ietadm for iSCSI +# Enterprise Target, iscsictl for Chelsio iSCSI Target or fake +# for testing. (string value) iscsi_helper=lioadm # Volume configuration file storage directory (string value) @@ -1075,8 +997,12 @@ volumes_dir=$state_path/volumes # IET configuration file (string value) #iet_conf=/etc/iet/ietd.conf -# Comma-separated list of initiator IQNs allowed to connect to -# the iSCSI target. (From Nova compute nodes.) (string value) +# Chiscsi (CXT) global defaults configuration file (string +# value) +#chiscsi_conf=/etc/chelsio-iscsi/chiscsi.conf + +# This option is deprecated and unused. It will be removed in +# the next release. (string value) #lio_initiator_iqns= # Sets the behavior of the iSCSI target to either perform @@ -1102,6 +1028,13 @@ volumes_dir=$state_path/volumes # value) #iscsi_write_cache=on +# Determines the iSCSI protocol for new iSCSI volumes, created +# with tgtadm or lioadm target helpers. In order to enable +# RDMA, this parameter should be set with the value "iser". +# The supported iSCSI protocol values are "iscsi" and "iser". +# (string value) +#iscsi_protocol=iscsi + # The path to the client certificate key for verification, if # the driver supports it. (string value) #driver_client_cert_key=<None> @@ -1110,6 +1043,57 @@ volumes_dir=$state_path/volumes # driver supports it. (string value) #driver_client_cert=<None> +# Tell driver to use SSL for connection to backend storage if +# the driver supports it. (boolean value) +#driver_use_ssl=false + +# Float representation of the over subscription ratio when +# thin provisioning is involved. Default ratio is 20.0, +# meaning provisioned capacity can be 20 times of the total +# physical capacity. If the ratio is 10.5, it means +# provisioned capacity can be 10.5 times of the total physical +# capacity. A ratio of 1.0 means provisioned capacity cannot +# exceed the total physical capacity. A ratio lower than 1.0 +# will be ignored and the default value will be used instead. +# (floating point value) +#max_over_subscription_ratio=20.0 + +# Certain ISCSI targets have predefined target names, SCST +# target driver uses this name. (string value) +#scst_target_iqn_name=<None> + +# SCST target implementation can choose from multiple SCST +# target drivers. (string value) +#scst_target_driver=iscsi + +# Option to enable/disable CHAP authentication for targets. +# (boolean value) +# Deprecated group/name - [DEFAULT]/eqlx_use_chap +#use_chap_auth=false + +# CHAP user name. (string value) +# Deprecated group/name - [DEFAULT]/eqlx_chap_login +#chap_username= + +# Password for specified CHAP account name. (string value) +# Deprecated group/name - [DEFAULT]/eqlx_chap_password +#chap_password= + +# Namespace for driver private data values to be saved in. +# (string value) +#driver_data_namespace=<None> + +# String representation for an equation that will be used to +# filter hosts. Only used when the driver filter is set to be +# used by the Cinder scheduler. (string value) +#filter_function=<None> + +# String representation for an equation that will be used to +# determine the goodness of a host. Only used when using the +# goodness weigher is set to be used by the Cinder scheduler. +# (string value) +#goodness_function=<None> + # # Options defined in cinder.volume.drivers.block_device @@ -1120,31 +1104,47 @@ volumes_dir=$state_path/volumes # -# Options defined in cinder.volume.drivers.coraid +# Options defined in cinder.volume.drivers.cloudbyte.options # -# IP address of Coraid ESM (string value) -#coraid_esm_address= +# These values will be used for CloudByte storage's addQos API +# call. (dict value) +#cb_add_qosgroup=latency:15,iops:10,graceallowed:false,iopscontrol:true,memlimit:0,throughput:0,tpcontrol:false,networkspeed:0 -# User name to connect to Coraid ESM (string value) -#coraid_user=admin +# Driver will use this API key to authenticate against the +# CloudByte storage's management interface. (string value) +#cb_apikey=None -# Name of group on Coraid ESM to which coraid_user belongs -# (must have admin privilege) (string value) -#coraid_group=admin +# CloudByte storage specific account name. This maps to a +# project name in OpenStack. (string value) +#cb_account_name=None -# Password to connect to Coraid ESM (string value) -#coraid_password=password +# This corresponds to the name of Tenant Storage Machine (TSM) +# in CloudByte storage. A volume will be created in this TSM. +# (string value) +#cb_tsm_name=None + +# A retry value in seconds. Will be used by the driver to +# check if volume creation was successful in CloudByte +# storage. (integer value) +#cb_confirm_volume_create_retry_interval=5 -# Volume Type key name to store ESM Repository Name (string +# Will confirm a successful volume creation in CloudByte +# storage by making this many number of attempts. (integer # value) -#coraid_repository_key=coraid_repository +#cb_confirm_volume_create_retries=3 + +# These values will be used for CloudByte storage's +# createVolume API call. (dict value) +#cb_create_volume=compression:off,deduplication:off,blocklength:512B,sync:always,protocoltype:ISCSI,recordsize:16k # # Options defined in cinder.volume.drivers.datera # +# DEPRECATED: This will be removed in the Liberty release. Use +# san_login and san_password instead. This directly sets the # Datera API token. (string value) #datera_api_token=<None> @@ -1159,6 +1159,25 @@ volumes_dir=$state_path/volumes # +# Options defined in cinder.volume.drivers.dell.dell_storagecenter_common +# + +# Storage Center System Serial Number (integer value) +#dell_sc_ssn=64702 + +# Dell API port (integer value) +#dell_sc_api_port=3033 + +# Name of the server folder to use on the Storage Center +# (string value) +#dell_sc_server_folder=openstack + +# Name of the volume folder to use on the Storage Center +# (string value) +#dell_sc_volume_folder=openstack + + +# # Options defined in cinder.volume.drivers.emc.emc_vmax_common # @@ -1211,60 +1230,69 @@ volumes_dir=$state_path/volumes # False. (boolean value) #initiator_auto_registration=false +# Automatically deregister initiators after the related +# storage group is destroyed. By default, the value is False. +# (boolean value) +#initiator_auto_deregistration=false + +# Report free_capacity_gb as 0 when the limit to maximum +# number of pool LUNs is reached. By default, the value is +# False. (boolean value) +#check_max_pool_luns_threshold=false + +# Delete a LUN even if it is in Storage Groups. (boolean +# value) +#force_delete_lun_in_storagegroup=false + + +# +# Options defined in cinder.volume.drivers.emc.xtremio +# + +# XMS cluster id in multi-cluster environment (string value) +#xtremio_cluster_name= + # # Options defined in cinder.volume.drivers.eqlx # -# Group name to use for creating volumes (string value) +# Group name to use for creating volumes. Defaults to +# "group-0". (string value) #eqlx_group_name=group-0 -# Timeout for the Group Manager cli command execution (integer -# value) +# Timeout for the Group Manager cli command execution. Default +# is 30. (integer value) #eqlx_cli_timeout=30 -# Maximum retry count for reconnection (integer value) +# Maximum retry count for reconnection. Default is 5. (integer +# value) #eqlx_cli_max_retries=5 -# Use CHAP authentication for targets? (boolean value) +# Use CHAP authentication for targets. Note that this option +# is deprecated in favour of "use_chap_auth" as specified in +# cinder/volume/driver.py and will be removed in next release. +# (boolean value) #eqlx_use_chap=false -# Existing CHAP account name (string value) +# Existing CHAP account name. Note that this option is +# deprecated in favour of "chap_username" as specified in +# cinder/volume/driver.py and will be removed in next release. +# (string value) #eqlx_chap_login=admin -# Password for specified CHAP account name (string value) +# Password for specified CHAP account name. Note that this +# option is deprecated in favour of "chap_password" as +# specified in cinder/volume/driver.py and will be removed in +# the next release (string value) #eqlx_chap_password=password -# Pool in which volumes will be created (string value) +# Pool in which volumes will be created. Defaults to +# "default". (string value) #eqlx_pool=default # -# Options defined in cinder.volume.drivers.fujitsu_eternus_dx_common -# - -# The configuration file for the Cinder SMI-S driver (string -# value) -#cinder_smis_config_file=/etc/cinder/cinder_fujitsu_eternus_dx.xml - - -# -# Options defined in cinder.volume.drivers.fusionio.ioControl -# - -# amount of time wait for iSCSI target to come online (integer -# value) -#fusionio_iocontrol_targetdelay=5 - -# number of retries for GET operations (integer value) -#fusionio_iocontrol_retry=3 - -# verify the array certificate on each transaction (boolean -# value) -#fusionio_iocontrol_verify_cert=true - - -# # Options defined in cinder.volume.drivers.glusterfs # @@ -1407,6 +1435,20 @@ volumes_dir=$state_path/volumes # +# Options defined in cinder.volume.drivers.ibm.flashsystem +# + +# Connection protocol should be FC. (string value) +#flashsystem_connection_protocol=FC + +# Connect with multipath (FC only). (boolean value) +#flashsystem_multipath_enabled=false + +# Allows vdisk to multi host mapping. (boolean value) +#flashsystem_multihostmap_enabled=true + + +# # Options defined in cinder.volume.drivers.ibm.gpfs # @@ -1452,22 +1494,6 @@ volumes_dir=$state_path/volumes # Options defined in cinder.volume.drivers.ibm.ibmnas # -# IP address or Hostname of NAS system. (string value) -#nas_ip= - -# User name to connect to NAS system. (string value) -#nas_login=admin - -# Password to connect to NAS system. (string value) -#nas_password= - -# SSH port to use to connect to NAS system. (integer value) -#nas_ssh_port=22 - -# Filename of private key to use for SSH authentication. -# (string value) -#nas_private_key= - # IBMNAS platform type to be used as backend storage; valid # values are - v7ku : for using IBM Storwize V7000 Unified, # sonas : for using IBM Scale Out NAS, gpfs-nas : for using @@ -1550,8 +1576,7 @@ volumes_dir=$state_path/volumes # value) #xiv_ds8k_proxy=xiv_ds8k_openstack.nova_proxy.XIVDS8KNovaProxy -# Connection type to the IBM Storage Array -# (fibre_channel|iscsi) (string value) +# Connection type to the IBM Storage Array (string value) #xiv_ds8k_connection_type=iscsi # CHAP authentication mode, effective only for iscsi @@ -1572,10 +1597,15 @@ volume_group=cinder-volumes # value) #lvm_mirrors=0 -# Type of LVM volumes to deploy; (default or thin) (string -# value) +# Type of LVM volumes to deploy (string value) #lvm_type=default +# LVM conf file to use for the LVM driver in Cinder; this +# setting is ignored if the specified file does not exist (You +# can also specify 'None' to not use a conf file even if one +# exists). (string value) +#lvm_conf_file=/etc/cinder/lvm.conf + # # Options defined in cinder.volume.drivers.netapp.options @@ -1584,11 +1614,18 @@ volume_group=cinder-volumes # The vFiler unit on which provisioning of block storage # volumes will be done. This option is only used by the driver # when connecting to an instance with a storage family of Data -# ONTAP operating in 7-Mode and the storage protocol selected -# is iSCSI. Only use this option when utilizing the MultiStore -# feature on the NetApp storage system. (string value) +# ONTAP operating in 7-Mode. Only use this option when +# utilizing the MultiStore feature on the NetApp storage +# system. (string value) #netapp_vfiler=<None> +# The name of the config.conf stanza for a Data ONTAP (7-mode) +# HA partner. This option is only used by the driver when +# connecting to an instance with a storage family of Data +# ONTAP operating in 7-Mode, and it is required if the storage +# protocol selected is FC. (string value) +#netapp_partner_backend_name=<None> + # Administrative user account name used to access the storage # system or proxy server. (string value) #netapp_login=<None> @@ -1599,14 +1636,7 @@ volume_group=cinder-volumes # This option specifies the virtual storage server (Vserver) # name on the storage cluster on which provisioning of block -# storage volumes should occur. If using the NFS storage -# protocol, this parameter is mandatory for storage service -# catalog support (utilized by Cinder volume type extra_specs -# support). If this option is specified, the exports belonging -# to the Vserver will only be used for provisioning in the -# future. Block storage volumes on exports not belonging to -# the Vserver specified by this option will continue to -# function normally. (string value) +# storage volumes should occur. (string value) #netapp_vserver=<None> # The hostname (or IP address) for the storage system or proxy @@ -1614,11 +1644,10 @@ volume_group=cinder-volumes #netapp_server_hostname=<None> # The TCP port to use for communication with the storage -# system or proxy server. Traditionally, port 80 is used for -# HTTP and port 443 is used for HTTPS; however, this value -# should be changed if an alternate port has been configured -# on the storage system or proxy server. (integer value) -#netapp_server_port=80 +# system or proxy server. If not specified, Data ONTAP drivers +# will use 80 for HTTP and 443 for HTTPS; E-Series will use +# 8080 for HTTP and 8443 for HTTPS. (integer value) +#netapp_server_port=<None> # This option is used to specify the path to the E-Series # proxy application on a proxy server. The value is combined @@ -1687,11 +1716,11 @@ volume_group=cinder-volumes #netapp_size_multiplier=1.2 # This option is only utilized when the storage protocol is -# configured to use iSCSI. This option is used to restrict -# provisioning to the specified controller volumes. Specify -# the value of this option to be a comma separated list of -# NetApp controller volume names to be used for provisioning. -# (string value) +# configured to use iSCSI or FC. This option is used to +# restrict provisioning to the specified controller volumes. +# Specify the value of this option to be a comma separated +# list of NetApp controller volume names to be used for +# provisioning. (string value) #netapp_volume_list=<None> # The storage family type used on the storage system; valid @@ -1701,89 +1730,15 @@ volume_group=cinder-volumes #netapp_storage_family=ontap_cluster # The storage protocol to be used on the data path with the -# storage system; valid values are iscsi or nfs. (string -# value) +# storage system. (string value) #netapp_storage_protocol=<None> # The transport protocol used when communicating with the -# storage system or proxy server. Valid values are http or -# https. (string value) +# storage system or proxy server. (string value) #netapp_transport_type=http # -# Options defined in cinder.volume.drivers.nexenta.options -# - -# IP address of Nexenta SA (string value) -#nexenta_host= - -# HTTP port to connect to Nexenta REST API server (integer -# value) -#nexenta_rest_port=2000 - -# Use http or https for REST connection (default auto) (string -# value) -#nexenta_rest_protocol=auto - -# User name to connect to Nexenta SA (string value) -#nexenta_user=admin - -# Password to connect to Nexenta SA (string value) -#nexenta_password=nexenta - -# Nexenta target portal port (integer value) -#nexenta_iscsi_target_portal_port=3260 - -# SA Pool that holds all volumes (string value) -#nexenta_volume=cinder - -# IQN prefix for iSCSI targets (string value) -#nexenta_target_prefix=iqn.1986-03.com.sun:02:cinder- - -# Prefix for iSCSI target groups on SA (string value) -#nexenta_target_group_prefix=cinder/ - -# File with the list of available nfs shares (string value) -#nexenta_shares_config=/etc/cinder/nfs_shares - -# Base directory that contains NFS share mount points (string -# value) -#nexenta_mount_point_base=$state_path/mnt - -# Enables or disables the creation of volumes as sparsed files -# that take no space. If disabled (False), volume is created -# as a regular file, which takes a long time. (boolean value) -#nexenta_sparsed_volumes=true - -# Default compression value for new ZFS folders. (string -# value) -#nexenta_volume_compression=on - -# If set True cache NexentaStor appliance volroot option -# value. (boolean value) -#nexenta_nms_cache_volroot=true - -# Enable stream compression, level 1..9. 1 - gives best speed; -# 9 - gives best compression. (integer value) -#nexenta_rrmgr_compression=0 - -# TCP Buffer size in KiloBytes. (integer value) -#nexenta_rrmgr_tcp_buf_size=4096 - -# Number of TCP connections. (integer value) -#nexenta_rrmgr_connections=2 - -# Block size for volumes (default=blank means 8KB) (string -# value) -#nexenta_blocksize= - -# Enables or disables the creation of sparse volumes (boolean -# value) -#nexenta_sparse=false - - -# # Options defined in cinder.volume.drivers.nfs # @@ -1813,6 +1768,11 @@ volume_group=cinder-volumes # nfs man page for details. (string value) #nfs_mount_options=<None> +# The number of attempts to mount nfs shares before raising an +# error. At least one attempt will be made to mount an nfs +# share, regardless of the value specified. (integer value) +#nfs_mount_attempts=3 + # # Options defined in cinder.volume.drivers.nimble @@ -1826,6 +1786,15 @@ volume_group=cinder-volumes # +# Options defined in cinder.volume.drivers.openvstorage +# + +# Vpool to use for volumes - backend is defined by vpool not +# by us. (string value) +#vpool_name= + + +# # Options defined in cinder.volume.drivers.prophetstor.options # @@ -1846,6 +1815,31 @@ volume_group=cinder-volumes # +# Options defined in cinder.volume.drivers.quobyte +# + +# URL to the Quobyte volume e.g., quobyte://<DIR host>/<volume +# name> (string value) +#quobyte_volume_url=<None> + +# Path to a Quobyte Client configuration file. (string value) +#quobyte_client_cfg=<None> + +# Create volumes as sparse files which take no space. If set +# to False, volume is created as regular file.In such case +# volume creation takes a lot of time. (boolean value) +#quobyte_sparsed_volumes=true + +# Create volumes as QCOW2 files rather than raw files. +# (boolean value) +#quobyte_qcow2_volumes=true + +# Base dir containing the mount point for the Quobyte volume. +# (string value) +#quobyte_mount_point_base=$state_path/mnt + + +# # Options defined in cinder.volume.drivers.rbd # @@ -1869,7 +1863,8 @@ volume_group=cinder-volumes # Directory where temporary image files are stored when the # volume driver does not write them directly to the volume. -# (string value) +# Warning: this option is now deprecated, please use +# image_conversion_dir instead. (string value) #volume_tmp_dir=<None> # Maximum number of nested volume clones that are taken before @@ -1907,6 +1902,32 @@ volume_group=cinder-volumes # (string value) #nas_private_key= +# Allow network-attached storage systems to operate in a +# secure environment where root level access is not permitted. +# If set to False, access is as the root user and insecure. If +# set to True, access is not as root. If set to auto, a check +# is done to determine if this is a new installation: True is +# used if so, otherwise False. Default is auto. (string value) +#nas_secure_file_operations=auto + +# Set more secure file permissions on network-attached storage +# volume files to restrict broad other/world access. If set to +# False, volumes are created with open permissions. If set to +# True, volumes are created with permissions for the cinder +# user and group (660). If set to auto, a check is done to +# determine if this is a new installation: True is used if so, +# otherwise False. Default is auto. (string value) +#nas_secure_file_permissions=auto + +# Path to the share to use for storing Cinder volumes. For +# example: "/srv/export1" for an NFS server export available +# at 10.0.5.10:/srv/export1 . (string value) +#nas_share_path= + +# Options used to mount the storage backend file system where +# Cinder volumes are stored. (string value) +#nas_mount_options=<None> + # # Options defined in cinder.volume.drivers.san.hp.hp_3par_common @@ -1922,11 +1943,11 @@ volume_group=cinder-volumes # 3PAR Super user password (string value) #hp3par_password= -# The CPG to use for volume creation (string value) +# List of the CPG(s) to use for volume creation (list value) #hp3par_cpg=OpenStack -# The CPG to use for Snapshots for volumes. If empty -# hp3par_cpg will be used (string value) +# The CPG to use for Snapshots for volumes. If empty the +# userCPG will be used. (string value) #hp3par_cpg_snap= # The time in hours to retain a snapshot. You can't delete it @@ -1974,14 +1995,6 @@ volume_group=cinder-volumes # -# Options defined in cinder.volume.drivers.san.hp.hp_msa_common -# - -# The VDisk to use for volume creation. (string value) -#msa_vdisk=OpenStack - - -# # Options defined in cinder.volume.drivers.san.san # @@ -2022,15 +2035,6 @@ volume_group=cinder-volumes # -# Options defined in cinder.volume.drivers.san.solaris -# - -# The ZFS path under which to create zvols for volumes. -# (string value) -#san_zfs_volume_base=rpool/ - - -# # Options defined in cinder.volume.drivers.scality # @@ -2053,8 +2057,7 @@ volume_group=cinder-volumes #smbfs_shares_config=/etc/cinder/smbfs_shares # Default format that will be used when creating volumes if no -# volume format is specified. Can be set to: raw, qcow2, vhd -# or vhdx. (string value) +# volume format is specified. (string value) #smbfs_default_volume_format=qcow2 # Create volumes as sparsed files which take no space rather @@ -2097,12 +2100,48 @@ volume_group=cinder-volumes # default behavior). The default is NO prefix. (string value) #sf_account_prefix=<None> +# Account name on the SolidFire Cluster to use as owner of +# template/cache volumes (created if does not exist). (string +# value) +#sf_template_account_name=openstack-vtemplate + +# Create an internal cache of copy of images when a bootable +# volume is created to eliminate fetch from glance and qemu- +# conversion on subsequent calls. (boolean value) +#sf_allow_template_caching=true + # SolidFire API port. Useful if the device api is behind a # proxy on a different port. (integer value) #sf_api_port=443 # +# Options defined in cinder.volume.drivers.srb +# + +# Comma-separated list of REST servers IP to connect to. (eg +# http://IP1/,http://IP2:81/path (string value) +#srb_base_urls=<None> + + +# +# Options defined in cinder.volume.drivers.violin.v6000_common +# + +# IP address or hostname of mg-a (string value) +#gateway_mga=<None> + +# IP address or hostname of mg-b (string value) +#gateway_mgb=<None> + +# Use igroups to manage targets and initiators (boolean value) +#use_igroups=false + +# Global backend request timeout, in seconds (integer value) +#request_timeout=300 + + +# # Options defined in cinder.volume.drivers.vmware.vmdk # @@ -2165,98 +2204,55 @@ volume_group=cinder-volumes # -# Options defined in cinder.volume.drivers.zadara +# Options defined in cinder.volume.drivers.xio # -# Management IP of Zadara VPSA (string value) -#zadara_vpsa_ip=<None> +# Default storage pool for volumes. (integer value) +#ise_storage_pool=1 -# Zadara VPSA port number (string value) -#zadara_vpsa_port=<None> +# Raid level for ISE volumes. (integer value) +#ise_raid=1 -# Use SSL connection (boolean value) -#zadara_vpsa_use_ssl=false +# Number of retries (per port) when establishing connection to +# ISE management port. (integer value) +#ise_connection_retries=5 -# User name for the VPSA (string value) -#zadara_user=<None> +# Interval (secs) between retries. (integer value) +#ise_retry_interval=1 -# Password for the VPSA (string value) -#zadara_password=<None> +# Number on retries to get completion status after issuing a +# command to ISE. (integer value) +#ise_completion_retries=30 -# Name of VPSA storage pool for volumes (string value) -#zadara_vpsa_poolname=<None> -# Default thin provisioning policy for volumes (boolean value) -#zadara_vol_thin=true - -# Default encryption policy for volumes (boolean value) -#zadara_vol_encrypt=false +# +# Options defined in cinder.volume.drivers.zfssa.zfssanfs +# -# Default template for VPSA volume names (string value) -#zadara_vol_name_template=OS_%s +# Data path IP address (string value) +#zfssa_data_ip=<None> -# Automatically detach from servers on volume delete (boolean -# value) -#zadara_vpsa_auto_detach_on_delete=true +# HTTPS port number (string value) +#zfssa_https_port=443 -# Don't halt on deletion of non-existing volumes (boolean +# Options to be passed while mounting share over nfs (string # value) -#zadara_vpsa_allow_nonexistent_delete=true - - -# -# Options defined in cinder.volume.drivers.zfssa.zfssaiscsi -# +#zfssa_nfs_mount_options= # Storage pool name. (string value) -#zfssa_pool=<None> +#zfssa_nfs_pool= # Project name. (string value) -#zfssa_project=<None> +#zfssa_nfs_project=NFSProject -# Block size: 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k. -# (string value) -#zfssa_lun_volblocksize=8k +# Share name. (string value) +#zfssa_nfs_share=nfs_share -# Flag to enable sparse (thin-provisioned): True, False. -# (boolean value) -#zfssa_lun_sparse=false - -# Data compression-off, lzjb, gzip-2, gzip, gzip-9. (string -# value) -#zfssa_lun_compression= +# Data compression. (string value) +#zfssa_nfs_share_compression=off # Synchronous write bias-latency, throughput. (string value) -#zfssa_lun_logbias= - -# iSCSI initiator group. (string value) -#zfssa_initiator_group= - -# iSCSI initiator IQNs. (comma separated) (string value) -#zfssa_initiator= - -# iSCSI initiator CHAP user. (string value) -#zfssa_initiator_user= - -# iSCSI initiator CHAP password. (string value) -#zfssa_initiator_password= - -# iSCSI target group name. (string value) -#zfssa_target_group=tgt-grp - -# iSCSI target CHAP user. (string value) -#zfssa_target_user= - -# iSCSI target CHAP password. (string value) -#zfssa_target_password= - -# iSCSI target portal (Data-IP:Port, w.x.y.z:3260). (string -# value) -#zfssa_target_portal=<None> - -# Network interfaces of iSCSI targets. (comma separated) -# (string value) -#zfssa_target_interfaces=<None> +#zfssa_nfs_share_logbias=latency # REST connection timeout. (seconds) (integer value) #zfssa_rest_timeout=<None> @@ -2281,7 +2277,12 @@ volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver #zoning_mode=none # User defined capabilities, a JSON formatted string -# specifying key/value pairs. (string value) +# specifying key/value pairs. The key/value pairs can be used +# by the CapabilitiesFilter to select between backends when +# requests specify volume types. For example, specifying a +# service level or the geographical location of a backend, +# then creating a volume type to allow the user to select by +# these different properties. (string value) #extra_capabilities={} @@ -2350,112 +2351,6 @@ volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver [database] # -# Options defined in oslo.db -# - -# The file name to use with SQLite. (string value) -#sqlite_db=oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous=true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy - -# The SQLAlchemy connection string to use to connect to the -# database. (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/cinder - -# The SQLAlchemy connection string to use to connect to the -# slave database. (string value) -#slave_connection=<None> - -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode=TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size=<None> - -# Maximum number of database connection retries during -# startup. Set to -1 to specify an infinite retry count. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 - -# Interval between retries of opening a SQL connection. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 - -# If set, use this value for max_overflow with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow=<None> - -# Verbosity of SQL debugging information: 0=None, -# 100=Everything. (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 - -# Add Python stack traces to SQL as comment strings. (boolean -# value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false - -# If set, use this value for pool_timeout with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout=<None> - -# Enable the experimental use of database reconnect on -# connection lost. (boolean value) -#use_db_reconnect=false - -# Seconds between database connection retries. (integer value) -#db_retry_interval=1 - -# If True, increases the interval between database connection -# retries up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval=true - -# If db_inc_retry_interval is set, the maximum seconds between -# database connection retries. (integer value) -#db_max_retry_interval=10 - -# Maximum database connection retries before error is raised. -# Set to -1 to specify an infinite retry count. (integer -# value) -#db_max_retries=20 - - -# # Options defined in oslo.db.concurrency # @@ -2464,6 +2359,10 @@ connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROL # Deprecated group/name - [DEFAULT]/dbapi_use_tpool #use_tpool=false +# The SQLAlchemy connection string to use to connect to the +# database. (string value) +connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/cinder + [fc-zone-manager] @@ -2491,15 +2390,16 @@ connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROL # value) #zone_driver=cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver.BrcdFCZoneDriver -# Zoning policy configured by user (string value) +# Zoning policy configured by user; valid values include +# "initiator-target" or "initiator" (string value) #zoning_policy=initiator-target -# Comma separated list of fibre channel fabric names. This +# Comma separated list of Fibre Channel fabric names. This # list of names is used to retrieve other SAN credentials for # connecting to each SAN fabric (string value) #fc_fabric_names=<None> -# FC San Lookup Service (string value) +# FC SAN Lookup Service (string value) #fc_san_lookup_service=cinder.zonemanager.drivers.brocade.brcd_fc_san_lookup_service.BrcdFCSanLookupService @@ -2528,85 +2428,50 @@ connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROL # # Authentication url for encryption service. (string value) -#encryption_auth_url=http://localhost:5000/v2.0 +#encryption_auth_url=http://localhost:5000/v3 # Url for encryption service. (string value) #encryption_api_url=http://localhost:9311/v1 +[oslo_concurrency] + +lock_path = /var/lock/cinder + [keystone_authtoken] # # Options defined in keystonemiddleware.auth_token # -# Prefix to prepend at the beginning of the path. Deprecated, -# use identity_uri. (string value) -#auth_admin_prefix= - -# Host providing the admin Identity API endpoint. Deprecated, -# use identity_uri. (string value) -#auth_host=127.0.0.1 - -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -#auth_port=35357 - -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -#auth_protocol=https - -# Complete public Identity API endpoint (string value) -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 - -# Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint e.g. https://localhost:35357/ -# (string value) -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +# Complete public Identity API endpoint. (string value) +auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -# API version of the admin Identity API endpoint (string +# API version of the admin Identity API endpoint. (string # value) #auth_version=<None> # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI -# components (boolean value) +# components. (boolean value) #delay_auth_decision=false # Request timeout value for communicating with Identity API -# server. (boolean value) +# server. (integer value) #http_connect_timeout=<None> # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries=3 -# This option is deprecated and may be removed in a future -# release. Single shared secret with the Keystone -# configuration used for bootstrapping a Keystone -# installation, or otherwise bypassing the normal -# authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token=<None> - -# Keystone account username (string value) -admin_user={{ CINDER_SERVICE_USER }} - -# Keystone account password (string value) -admin_password={{ CINDER_SERVICE_PASSWORD }} - -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name=service - -# Env key for the swift cache (string value) +# Env key for the swift cache. (string value) #cache=<None> -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #certfile=<None> -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #keyfile=<None> @@ -2617,7 +2482,7 @@ admin_tenant_name=service # Verify HTTPS connections. (boolean value) #insecure=false -# Directory used to cache files related to PKI tokens (string +# Directory used to cache files related to PKI tokens. (string # value) #signing_dir=<None> @@ -2640,7 +2505,7 @@ admin_tenant_name=service # value) #revocation_cache_time=10 -# (optional) if defined, indicate whether token data should be +# (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable # values are MAC or ENCRYPT. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token @@ -2649,38 +2514,38 @@ admin_tenant_name=service # raise an exception on initialization. (string value) #memcache_security_strategy=<None> -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string +# (Optional, mandatory if memcache_security_strategy is +# defined) This string is used for key derivation. (string # value) #memcache_secret_key=<None> -# (optional) number of seconds memcached server is considered +# (Optional) Number of seconds memcached server is considered # dead before it is tried again. (integer value) #memcache_pool_dead_retry=300 -# (optional) max total number of open connections to every +# (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize=10 -# (optional) socket timeout in seconds for communicating with +# (Optional) Socket timeout in seconds for communicating with # a memcache server. (integer value) #memcache_pool_socket_timeout=3 -# (optional) number of seconds a connection to memcached is +# (Optional) Number of seconds a connection to memcached is # held unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout=60 -# (optional) number of seconds that an operation will wait to +# (Optional) Number of seconds that an operation will wait to # get a memcache client connection from the pool. (integer # value) #memcache_pool_conn_get_timeout=10 -# (optional) use the advanced (eventlet safe) memcache client +# (Optional) Use the advanced (eventlet safe) memcache client # pool. The advanced pool will only work under python 2.x. # (boolean value) #memcache_use_advanced_pool=false -# (optional) indicate whether to set the X-Service-Catalog +# (Optional) Indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) @@ -2699,7 +2564,7 @@ admin_tenant_name=service # If true, the revocation list will be checked for cached # tokens. This requires that PKI tokens are configured on the -# Keystone server. (boolean value) +# identity server. (boolean value) #check_revocations_for_cached=false # Hash algorithms to use for hashing PKI tokens. This may be a @@ -2747,7 +2612,6 @@ admin_tenant_name=service # # Options defined in oslo.messaging # -# NOTE: Options in this group are supported when using oslo.messaging >=1.5.0. # address prefix used when sending to a specific server # (string value) @@ -2791,6 +2655,157 @@ admin_tenant_name=service #allow_insecure_clients=false +[oslo_messaging_qpid] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The number of prefetched messages held by receiver. (integer +# value) +#qpid_receiver_capacity=1 + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + + +[oslo_messaging_rabbit] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# SSL version to use (valid only if SSL enabled). Valid values +# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may +# be available on some distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +rabbit_host={{ RABBITMQ_HOST }} + +# The RabbitMQ broker port where a single node is used. +# (integer value) +rabbit_port={{ RABBITMQ_PORT }} + +# RabbitMQ HA cluster host:port pairs. (list value) +rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +#rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +rabbit_userid={{ RABBITMQ_USER }} + +# The RabbitMQ password. (string value) +rabbit_password={{ RABBITMQ_PASSWORD }} + +# The RabbitMQ login method. (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# Number of seconds after which the Rabbit broker is +# considered down if heartbeat's keep-alive fails (0 disables +# the heartbeat, >0 enables it. Enabling heartbeats requires +# kombu>=3.0.7 and amqp>=1.4.0). EXPERIMENTAL (integer value) +#heartbeat_timeout_threshold=0 + +# How often times during the heartbeat_timeout_threshold we +# check the heartbeat. (integer value) +#heartbeat_rate=2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +#fake_rabbit=false + + [profiler] # @@ -2804,22 +2819,173 @@ admin_tenant_name=service #trace_sqlalchemy=false -[ssl] +[DEFAULT] + + +[keystone_authtoken] # -# Options defined in cinder.openstack.common.sslutils +# From keystonemiddleware.auth_token # -# CA certificate file to use to verify connecting clients -# (string value) -#ca_file=<None> +# Complete public Identity API endpoint. (string value) +#auth_uri = <None> -# Certificate file to use when starting the server securely -# (string value) -#cert_file=<None> +# API version of the admin Identity API endpoint. (string value) +#auth_version = <None> -# Private key file to use when starting the server securely -# (string value) -#key_file=<None> +# Do not handle authorization requests within the middleware, but +# delegate the authorization decision to downstream WSGI components. +# (boolean value) +#delay_auth_decision = false + +# Request timeout value for communicating with Identity API server. +# (integer value) +#http_connect_timeout = <None> + +# How many times are we trying to reconnect when communicating with +# Identity API Server. (integer value) +#http_request_max_retries = 3 + +# Env key for the swift cache. (string value) +#cache = <None> + +# Required if identity server requires client certificate (string +# value) +#certfile = <None> + +# Required if identity server requires client certificate (string +# value) +#keyfile = <None> + +# A PEM encoded Certificate Authority to use when verifying HTTPs +# connections. Defaults to system CAs. (string value) +#cafile = <None> + +# Verify HTTPS connections. (boolean value) +#insecure = false + +# Directory used to cache files related to PKI tokens. (string value) +#signing_dir = <None> + +# Optionally specify a list of memcached server(s) to use for caching. +# If left undefined, tokens will instead be cached in-process. (list +# value) +# Deprecated group/name - [DEFAULT]/memcache_servers +#memcached_servers = <None> + +# In order to prevent excessive effort spent validating tokens, the +# middleware caches previously-seen tokens for a configurable duration +# (in seconds). Set to -1 to disable caching completely. (integer +# value) +#token_cache_time = 300 + +# Determines the frequency at which the list of revoked tokens is +# retrieved from the Identity service (in seconds). A high number of +# revocation events combined with a low cache duration may +# significantly reduce performance. (integer value) +#revocation_cache_time = 10 + +# (Optional) If defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable values are +# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in +# the cache. If ENCRYPT, token data is encrypted and authenticated in +# the cache. If the value is not one of these options or empty, +# auth_token will raise an exception on initialization. (string value) +#memcache_security_strategy = <None> + +# (Optional, mandatory if memcache_security_strategy is defined) This +# string is used for key derivation. (string value) +#memcache_secret_key = <None> + +# (Optional) Number of seconds memcached server is considered dead +# before it is tried again. (integer value) +#memcache_pool_dead_retry = 300 + +# (Optional) Maximum total number of open connections to every +# memcached server. (integer value) +#memcache_pool_maxsize = 10 + +# (Optional) Socket timeout in seconds for communicating with a +# memcache server. (integer value) +#memcache_pool_socket_timeout = 3 + +# (Optional) Number of seconds a connection to memcached is held +# unused in the pool before it is closed. (integer value) +#memcache_pool_unused_timeout = 60 + +# (Optional) Number of seconds that an operation will wait to get a +# memcache client connection from the pool. (integer value) +#memcache_pool_conn_get_timeout = 10 + +# (Optional) Use the advanced (eventlet safe) memcache client pool. +# The advanced pool will only work under python 2.x. (boolean value) +#memcache_use_advanced_pool = false + +# (Optional) Indicate whether to set the X-Service-Catalog header. If +# False, middleware will not ask for service catalog on token +# validation and will not set the X-Service-Catalog header. (boolean +# value) +#include_service_catalog = true + +# Used to control the use and type of token binding. Can be set to: +# "disabled" to not check token binding. "permissive" (default) to +# validate binding information if the bind type is of a form known to +# the server and ignore it if not. "strict" like "permissive" but if +# the bind type is unknown the token will be rejected. "required" any +# form of token binding is needed to be allowed. Finally the name of a +# binding method that must be present in tokens. (string value) +#enforce_token_bind = permissive + +# If true, the revocation list will be checked for cached tokens. This +# requires that PKI tokens are configured on the identity server. +# (boolean value) +#check_revocations_for_cached = false + +# Hash algorithms to use for hashing PKI tokens. This may be a single +# algorithm or multiple. The algorithms are those supported by Python +# standard hashlib.new(). The hashes will be tried in the order given, +# so put the preferred one first for performance. The result of the +# first hash will be stored in the cache. This will typically be set +# to multiple values only while migrating from a less secure algorithm +# to a more secure one. Once all the old tokens are expired this +# option should be set to a single value for better performance. (list +# value) +#hash_algorithms = md5 + +# Prefix to prepend at the beginning of the path. Deprecated, use +# identity_uri. (string value) +#auth_admin_prefix = + +# Host providing the admin Identity API endpoint. Deprecated, use +# identity_uri. (string value) +#auth_host = 127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +#auth_port = 35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +#auth_protocol = https + +# Complete admin Identity API endpoint. This should specify the +# unversioned root endpoint e.g. https://localhost:35357/ (string +# value) +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 + +# This option is deprecated and may be removed in a future release. +# Single shared secret with the Keystone configuration used for +# bootstrapping a Keystone installation, or otherwise bypassing the +# normal authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token = <None> + +# Service username. (string value) +admin_user = {{ CINDER_SERVICE_USER }} +# Service user password. (string value) +admin_password = {{ CINDER_SERVICE_PASSWORD }} +# Service tenant name. (string value) +admin_tenant_name = service diff --git a/install-files/openstack/usr/share/openstack/cinder/policy.json b/install-files/openstack/usr/share/openstack/cinder/policy.json deleted file mode 100644 index 8f3a7b2f..00000000 --- a/install-files/openstack/usr/share/openstack/cinder/policy.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "context_is_admin": "role:admin", - "admin_or_owner": "is_admin:True or project_id:%(project_id)s", - "default": "rule:admin_or_owner", - - "admin_api": "is_admin:True", - - "volume:create": "", - "volume:get_all": "", - "volume:get_volume_metadata": "", - "volume:get_volume_admin_metadata": "rule:admin_api", - "volume:delete_volume_admin_metadata": "rule:admin_api", - "volume:update_volume_admin_metadata": "rule:admin_api", - "volume:get_snapshot": "", - "volume:get_all_snapshots": "", - "volume:extend": "", - "volume:update_readonly_flag": "", - "volume:retype": "", - - "volume_extension:types_manage": "rule:admin_api", - "volume_extension:types_extra_specs": "rule:admin_api", - "volume_extension:volume_type_encryption": "rule:admin_api", - "volume_extension:volume_encryption_metadata": "rule:admin_or_owner", - "volume_extension:extended_snapshot_attributes": "", - "volume_extension:volume_image_metadata": "", - - "volume_extension:quotas:show": "", - "volume_extension:quotas:update": "rule:admin_api", - "volume_extension:quota_classes": "", - - "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", - "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", - "volume_extension:backup_admin_actions:reset_status": "rule:admin_api", - "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", - "volume_extension:volume_admin_actions:force_detach": "rule:admin_api", - "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api", - "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api", - "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api", - - "volume_extension:volume_host_attribute": "rule:admin_api", - "volume_extension:volume_tenant_attribute": "rule:admin_or_owner", - "volume_extension:volume_mig_status_attribute": "rule:admin_api", - "volume_extension:hosts": "rule:admin_api", - "volume_extension:services": "rule:admin_api", - - "volume_extension:volume_manage": "rule:admin_api", - "volume_extension:volume_unmanage": "rule:admin_api", - - "volume:services": "rule:admin_api", - - "volume:create_transfer": "", - "volume:accept_transfer": "", - "volume:delete_transfer": "", - "volume:get_all_transfers": "", - - "volume_extension:replication:promote": "rule:admin_api", - "volume_extension:replication:reenable": "rule:admin_api", - - "backup:create" : "", - "backup:delete": "", - "backup:get": "", - "backup:get_all": "", - "backup:restore": "", - "backup:backup-import": "rule:admin_api", - "backup:backup-export": "rule:admin_api", - - "snapshot_extension:snapshot_actions:update_snapshot_status": "", - - "consistencygroup:create" : "group:nobody", - "consistencygroup:delete": "group:nobody", - "consistencygroup:get": "group:nobody", - "consistencygroup:get_all": "group:nobody", - - "consistencygroup:create_cgsnapshot" : "", - "consistencygroup:delete_cgsnapshot": "", - "consistencygroup:get_cgsnapshot": "", - "consistencygroup:get_all_cgsnapshots": "", - - "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api" -} diff --git a/install-files/openstack/usr/share/openstack/glance.yml b/install-files/openstack/usr/share/openstack/glance.yml index aa7e4c78..830f2bd3 100644 --- a/install-files/openstack/usr/share/openstack/glance.yml +++ b/install-files/openstack/usr/share/openstack/glance.yml @@ -78,8 +78,7 @@ sudo_user: glance - name: Initiate glance database - glance_manage: - action: dbsync + command: glance-manage db_sync sudo: yes sudo_user: glance diff --git a/install-files/openstack/usr/share/openstack/glance/glance-api-paste.ini b/install-files/openstack/usr/share/openstack/glance/glance-api-paste.ini deleted file mode 100644 index 86a4cdb1..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-api-paste.ini +++ /dev/null @@ -1,77 +0,0 @@ -# Use this pipeline for no auth or image caching - DEFAULT -[pipeline:glance-api] -pipeline = versionnegotiation osprofiler unauthenticated-context rootapp - -# Use this pipeline for image caching and no auth -[pipeline:glance-api-caching] -pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp - -# Use this pipeline for caching w/ management interface but no auth -[pipeline:glance-api-cachemanagement] -pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp - -# Use this pipeline for keystone auth -[pipeline:glance-api-keystone] -pipeline = versionnegotiation osprofiler authtoken context rootapp - -# Use this pipeline for keystone auth with image caching -[pipeline:glance-api-keystone+caching] -pipeline = versionnegotiation osprofiler authtoken context cache rootapp - -# Use this pipeline for keystone auth with caching and cache management -[pipeline:glance-api-keystone+cachemanagement] -pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user. -[pipeline:glance-api-trusted-auth] -pipeline = versionnegotiation osprofiler context rootapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user and uses cache management -[pipeline:glance-api-trusted-auth+cachemanagement] -pipeline = versionnegotiation osprofiler context cache cachemanage rootapp - -[composite:rootapp] -paste.composite_factory = glance.api:root_app_factory -/: apiversions -/v1: apiv1app -/v2: apiv2app - -[app:apiversions] -paste.app_factory = glance.api.versions:create_resource - -[app:apiv1app] -paste.app_factory = glance.api.v1.router:API.factory - -[app:apiv2app] -paste.app_factory = glance.api.v2.router:API.factory - -[filter:versionnegotiation] -paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory - -[filter:cache] -paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory - -[filter:cachemanage] -paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory - -[filter:context] -paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory - -[filter:unauthenticated-context] -paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory -delay_auth_decision = true - -[filter:gzip] -paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes diff --git a/install-files/openstack/usr/share/openstack/glance/glance-api.conf b/install-files/openstack/usr/share/openstack/glance/glance-api.conf index 39257a6d..9c2e6628 100644 --- a/install-files/openstack/usr/share/openstack/glance/glance-api.conf +++ b/install-files/openstack/usr/share/openstack/glance/glance-api.conf @@ -5,12 +5,6 @@ # Show debugging output in logs (sets DEBUG log level output) #debug = False -# Which backend scheme should Glance use by default is not specified -# in a request to add a new image to Glance? Known schemes are determined -# by the known_stores option below. -# Default: 'file' -default_store = file - # Maximum image size (in bytes) that may be uploaded through the # Glance API server. Defaults to 1 TB. # WARNING: this value should only be increased after careful consideration @@ -85,11 +79,6 @@ backlog = 4096 # Supported values for the 'disk_format' image attribute #disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso -# Directory to use for lock files. Default to a temp directory -# (string value). This setting needs to be the same for both -# glance-scrubber and glance-api. -#lock_path=<None> - # Property Protections config file # This file contains the rules for property protections and the roles/policies # associated with it. @@ -109,6 +98,20 @@ backlog = 4096 # and 'store_type'. #location_strategy = location_order + +# Public url to use for versions endpoint. The default is None, +# which will use the request's host_url attribute to populate the URL base. +# If Glance is operating behind a proxy, you will want to change this to +# represent the proxy's URL. +#public_endpoint=<None> + +# http_keepalive option. If False, server will return the header +# "Connection: close", If True, server will return "Connection: Keep-Alive" +# in its responses. In order to close the client socket connection +# explicitly after the response is sent and read successfully by the client, +# you simply have to set this option to False when you create a wsgi server. +#http_keepalive = True + # ================= Syslog Options ============================ # Send logs to syslog (/dev/log) instead of to file specified @@ -136,6 +139,15 @@ use_syslog = True # Should be set to a random string of length 16, 24 or 32 bytes #metadata_encryption_key = <16, 24 or 32 char registry metadata key> + +# Digest algorithm which will be used for digital signature, the default is +# sha1 in Kilo for a smooth upgrade process, and it will be updated with +# sha256 in next release(L). Use command +# "openssl list-message-digest-algorithms" to get the available algorithms +# supported by the version of OpenSSL on the platform. Examples are 'sha1', +# 'sha256', 'sha512', etc. +#digest_algorithm = sha1 + # ============ Registry Options =============================== # Address to find the registry server @@ -174,10 +186,6 @@ registry_client_protocol = http # Default: 600 #registry_client_timeout = 600 -# Whether to automatically create the database tables. -# Default: False -#db_auto_create = False - # Enable DEBUG log messages from sqlalchemy which prints every database # query and response. # Default: False @@ -212,10 +220,20 @@ notification_driver = messagingv2 # Default publisher_id for outgoing notifications. # default_publisher_id = image.localhost +# List of disabled notifications. A notification can be given either as a +# notification type to disable a single event, or as a notification group +# prefix to disable all events within a group. +# Example: if this config option is set to +# ["image.create", "metadef_namespace"], then "image.create" notification will +# not be sent after image is created and none of the notifications for +# metadefinition namespaces will be sent. +# disabled_notifications = [] + # Messaging driver used for 'messaging' notifications driver -rpc_backend=rabbit +rpc_backend = 'rabbit' -# Configuration options if sending notifications via rabbitmq +# Configuration options if sending notifications via rabbitmq (these are +# the defaults) rabbit_host = {{ RABBITMQ_HOST }} rabbit_port = {{ RABBITMQ_PORT }} rabbit_use_ssl = false @@ -281,6 +299,25 @@ scrubber_datadir = /var/lib/glance/scrubber # Base directory that the Image Cache uses image_cache_dir = /var/lib/glance/image-cache/ +# =============== Policy Options ================================== + +[oslo_policy] +# The JSON file that defines policies. +# Deprecated group/name - [DEFAULT]/policy_file +#policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. +# Deprecated group/name - [DEFAULT]/policy_default_rule +#policy_default_rule = default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. +# The file defined by policy_file must exist for these +# directories to be searched. +# Deprecated group/name - [DEFAULT]/policy_dirs +#policy_dirs = policy.d + # =============== Database Options ================================= [database] @@ -302,7 +339,6 @@ image_cache_dir = /var/lib/glance/image-cache/ #connection = <None> connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance - # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To # use whatever SQL mode is set by the server configuration, @@ -381,6 +417,20 @@ connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROL # (setting -1 implies an infinite retry count) (integer value) #db_max_retries = 20 +[oslo_concurrency] + +# Enables or disables inter-process locks. (boolean value) +# Deprecated group/name - [DEFAULT]/disable_process_locking +#disable_process_locking = false + +# Directory to use for lock files. For security, the specified +# directory should only be writable by the user running the processes +# that need locking. It could be read from environment variable +# OSLO_LOCK_PATH. This setting needs to be the same for both +# glance-scrubber and glance-api service. Default to a temp directory. +# Deprecated group/name - [DEFAULT]/lock_path (string value) +#lock_path = /tmp + [keystone_authtoken] auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 @@ -401,7 +451,7 @@ flavor=keystone [store_type_location_strategy] # The scheme list to use to get store preference order. The scheme must be -# registered by one of the stores defined by the 'known_stores' config option. +# registered by one of the stores defined by the 'stores' config option. # This option will be applied when you using 'store_type' option as image # location strategy defined by the 'location_strategy' config option. #store_type_preference = @@ -422,16 +472,44 @@ flavor=keystone # task_time_to_live = 48 # Specifies which task executor to be used to run the task scripts. -# The default value for task_executor is eventlet. -# task_executor = eventlet +# The default value for task_executor is taskflow. +# task_executor = taskflow + +# Work dir for asynchronous task operations. The directory set here +# will be used to operate over images - normally before they are +# imported in the destination store. When providing work dir, make sure +# enough space is provided for concurrent tasks to run efficiently +# without running out of space. A rough estimation can be done by +# multiplying the number of `max_workers` - or the N of workers running +# - by an average image size (e.g 500MB). The image size estimation +# should be done based on the average size in your deployment. Note that +# depending on the tasks running you may need to multiply this number by +# some factor depending on what the task does. For example, you may want +# to double the available size if image conversion is enabled. All this +# being said, remember these are just estimations and you should do them +# based on the worst case scenario and be prepared to act in case they +# were wrong. +# work_dir=None # Specifies the maximum number of eventlet threads which can be spun up by # the eventlet based task executor to perform execution of Glance tasks. +# DEPRECATED: Use [taskflow_executor]/max_workers instead. # eventlet_executor_pool_size = 1000 +[taskflow_executor] +# The mode in which the engine will run. Can be 'default', 'serial', +# 'parallel' or 'worker-based' +#engine_mode = serial + +# The number of parallel activities executed at the same time by +# the engine. The value can be greater than one when the engine mode is +# 'parallel' or 'worker-based', otherwise this value will be ignored. +#max_workers = 10 + [glance_store] # List of which store classes and store class locations are # currently known to glance at startup. +# Deprecated group/name - [DEFAULT]/known_stores # Existing but disabled stores: # glance.store.rbd.Store, # glance.store.s3.Store, @@ -443,6 +521,13 @@ flavor=keystone #stores = glance.store.filesystem.Store, # glance.store.http.Store +# Which backend scheme should Glance use by default is not specified +# in a request to add a new image to Glance? Known schemes are determined +# by the stores option. +# Deprecated group/name - [DEFAULT]/default_store +# Default: 'file' +default_store = file + # ============ Filesystem Store Options ======================== # Directory that the Filesystem backend store @@ -518,18 +603,27 @@ swift_store_large_object_size = 5120 # the image file, and the default is 200MB swift_store_large_object_chunk_size = 200 -# Whether to use ServiceNET to communicate with the Swift storage servers. -# (If you aren't RACKSPACE, leave this False!) +# If set, the configured endpoint will be used. If None, the storage URL +# from the auth response will be used. The location of an object is +# obtained by appending the container and object to the configured URL. # -# To use ServiceNET for authentication, prefix hostname of -# `swift_store_auth_address` with 'snet-'. -# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ -swift_enable_snet = False +# swift_store_endpoint = https://www.example.com/v1/not_a_container +#swift_store_endpoint = # If set to True enables multi-tenant storage mode which causes Glance images # to be stored in tenant specific Swift accounts. #swift_store_multi_tenant = False +# If set to an integer value between 1 and 32, a single-tenant store will +# use multiple containers to store images. If set to the default value of 0, +# only a single container will be used. Multi-tenant stores are not affected +# by this option. The max number of containers that will be used to store +# images is approximately 16^N where N is the value of this option. Discuss +# the impact of this with your swift deployment team, as this option is only +# beneficial in the largest of deployments where swift rate limiting can lead +# to unwanted throttling on a single container. +#swift_store_multiple_containers_seed = 0 + # A list of swift ACL strings that will be applied as both read and # write ACLs to the containers created by Glance in multi-tenant # mode. This grants the specified tenants/users read and write access @@ -559,12 +653,16 @@ swift_enable_snet = False # Bypass SSL verification for Swift #swift_store_auth_insecure = False +# The path to a CA certificate bundle file to use for SSL verification when +# communicating with Swift. +#swift_store_cacert = + # ============ S3 Store Options ============================= # Address where the S3 authentication service lives # Valid schemes are 'http://' and 'https://' # If no scheme specified, default to 'http://' -s3_store_host = 127.0.0.1:8080/v1.0/ +s3_store_host = s3.amazonaws.com # User to authenticate against the S3 authentication service s3_store_access_key = <20-char AWS access key> @@ -678,11 +776,27 @@ sheepdog_store_chunk_size = 64 # Inventory path to a datacenter (string value) # Value optional when vmware_server_ip is an ESX/ESXi host: if specified # should be `ha-datacenter`. +# Deprecated in favor of vmware_datastores. #vmware_datacenter_path = <None> # Datastore associated with the datacenter (string value) +# Deprecated in favor of vmware_datastores. #vmware_datastore_name = <None> +# A list of datastores where the image can be stored. +# This option may be specified multiple times for specifying multiple +# datastores. Either one of vmware_datastore_name or vmware_datastores is +# required. The datastore name should be specified after its datacenter +# path, separated by ":". An optional weight may be given after the datastore +# name, separated again by ":". Thus, the required format becomes +# <datacenter_path>:<datastore_name>:<optional_weight>. +# When adding an image, the datastore with highest weight will be selected, +# unless there is not enough free space available in cases where the image size +# is already known. If no weight is given, it is assumed to be zero and the +# directory will be considered for selection last. If multiple datastores have +# the same weight, then the one with the most free space available is selected. +#vmware_datastores = <None> + # The number of times we retry on failures # e.g., socket error, etc (integer value) #vmware_api_retry_count = 10 diff --git a/install-files/openstack/usr/share/openstack/glance/glance-cache.conf b/install-files/openstack/usr/share/openstack/glance/glance-cache.conf deleted file mode 100644 index 3f2d4603..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-cache.conf +++ /dev/null @@ -1,200 +0,0 @@ -[DEFAULT] -# Show more verbose log output (sets INFO log level output) -#verbose = False - -# Show debugging output in logs (sets DEBUG log level output) -#debug = False - -# Log to this file. Make sure you do not set the same log file for both the API -# and registry servers! -# -# If `log_file` is omitted and `use_syslog` is false, then log messages are -# sent to stdout as a fallback. -# log_file = /var/log/glance/image-cache.log - -# Send logs to syslog (/dev/log) instead of to file specified by `log_file` -use_syslog = True - -# Directory that the Image Cache writes data to -image_cache_dir = /var/lib/glance/image-cache/ - -# Number of seconds after which we should consider an incomplete image to be -# stalled and eligible for reaping -image_cache_stall_time = 86400 - -# Max cache size in bytes -image_cache_max_size = 10737418240 - -# Address to find the registry server -registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Port the registry server is listening on -registry_port = 9191 - -# Auth settings if using Keystone -# auth_url = http://127.0.0.1:5000/v2.0/ -# admin_tenant_name = %SERVICE_TENANT_NAME% -# admin_user = %SERVICE_USER% -# admin_password = %SERVICE_PASSWORD% - -# List of which store classes and store class locations are -# currently known to glance at startup. -# known_stores = glance.store.filesystem.Store, -# glance.store.http.Store, -# glance.store.rbd.Store, -# glance.store.s3.Store, -# glance.store.swift.Store, -# glance.store.sheepdog.Store, -# glance.store.cinder.Store, -# glance.store.vmware_datastore.Store, - -# ============ Filesystem Store Options ======================== - -# Directory that the Filesystem backend store -# writes image data to -filesystem_store_datadir = /var/lib/glance/images/ - -# ============ Swift Store Options ============================= - -# Version of the authentication service to use -# Valid versions are '2' for keystone and '1' for swauth and rackspace -swift_store_auth_version = 2 - -# Address where the Swift authentication service lives -# Valid schemes are 'http://' and 'https://' -# If no scheme specified, default to 'https://' -# For swauth, use something like '127.0.0.1:8080/v1.0/' -swift_store_auth_address = 127.0.0.1:5000/v2.0/ - -# User to authenticate against the Swift authentication service -# If you use Swift authentication service, set it to 'account':'user' -# where 'account' is a Swift storage account and 'user' -# is a user in that account -swift_store_user = jdoe:jdoe - -# Auth key for the user authenticating against the -# Swift authentication service -swift_store_key = a86850deb2742ec3cb41518e26aa2d89 - -# Container within the account that the account should use -# for storing images in Swift -swift_store_container = glance - -# Do we create the container if it does not exist? -swift_store_create_container_on_put = False - -# What size, in MB, should Glance start chunking image files -# and do a large object manifest in Swift? By default, this is -# the maximum object size in Swift, which is 5GB -swift_store_large_object_size = 5120 - -# When doing a large object manifest, what size, in MB, should -# Glance write chunks to Swift? This amount of data is written -# to a temporary disk buffer during the process of chunking -# the image file, and the default is 200MB -swift_store_large_object_chunk_size = 200 - -# Whether to use ServiceNET to communicate with the Swift storage servers. -# (If you aren't RACKSPACE, leave this False!) -# -# To use ServiceNET for authentication, prefix hostname of -# `swift_store_auth_address` with 'snet-'. -# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ -swift_enable_snet = False - -# ============ S3 Store Options ============================= - -# Address where the S3 authentication service lives -# Valid schemes are 'http://' and 'https://' -# If no scheme specified, default to 'http://' -s3_store_host = 127.0.0.1:8080/v1.0/ - -# User to authenticate against the S3 authentication service -s3_store_access_key = <20-char AWS access key> - -# Auth key for the user authenticating against the -# S3 authentication service -s3_store_secret_key = <40-char AWS secret key> - -# Container within the account that the account should use -# for storing images in S3. Note that S3 has a flat namespace, -# so you need a unique bucket name for your glance images. An -# easy way to do this is append your AWS access key to "glance". -# S3 buckets in AWS *must* be lowercased, so remember to lowercase -# your AWS access key if you use it in your bucket name below! -s3_store_bucket = <lowercased 20-char aws access key>glance - -# Do we create the bucket if it does not exist? -s3_store_create_bucket_on_put = False - -# When sending images to S3, the data will first be written to a -# temporary buffer on disk. By default the platform's temporary directory -# will be used. If required, an alternative directory can be specified here. -# s3_store_object_buffer_dir = /path/to/dir - -# ============ Cinder Store Options =========================== - -# Info to match when looking for cinder in the service catalog -# Format is : separated values of the form: -# <service_type>:<service_name>:<endpoint_type> (string value) -#cinder_catalog_info = volume:cinder:publicURL - -# Override service catalog lookup with template for cinder endpoint -# e.g. http://localhost:8776/v1/%(project_id)s (string value) -#cinder_endpoint_template = <None> - -# Region name of this node (string value) -#os_region_name = <None> - -# Location of ca certicates file to use for cinder client requests -# (string value) -#cinder_ca_certificates_file = <None> - -# Number of cinderclient retries on failed http calls (integer value) -#cinder_http_retries = 3 - -# Allow to perform insecure SSL requests to cinder (boolean value) -#cinder_api_insecure = False - -# ============ VMware Datastore Store Options ===================== - -# ESX/ESXi or vCenter Server target system. -# The server value can be an IP address or a DNS name -# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com -#vmware_server_host = <None> - -# Server username (string value) -#vmware_server_username = <None> - -# Server password (string value) -#vmware_server_password = <None> - -# Inventory path to a datacenter (string value) -# Value optional when vmware_server_ip is an ESX/ESXi host: if specified -# should be `ha-datacenter`. -#vmware_datacenter_path = <None> - -# Datastore associated with the datacenter (string value) -#vmware_datastore_name = <None> - -# The number of times we retry on failures -# e.g., socket error, etc (integer value) -#vmware_api_retry_count = 10 - -# The interval used for polling remote tasks -# invoked on VMware ESX/VC server in seconds (integer value) -#vmware_task_poll_interval = 5 - -# Absolute path of the folder containing the images in the datastore -# (string value) -#vmware_store_image_dir = /openstack_glance - -# Allow to perform insecure SSL requests to the target system (boolean value) -#vmware_api_insecure = False - -# ================= Security Options ========================== - -# AES key for encrypting store 'location' metadata, including -# -- if used -- Swift or S3 credentials -# Should be set to a random string of length 16, 24 or 32 bytes -# metadata_encryption_key = <16, 24 or 32 char registry metadata key> diff --git a/install-files/openstack/usr/share/openstack/glance/glance-registry-paste.ini b/install-files/openstack/usr/share/openstack/glance/glance-registry-paste.ini deleted file mode 100644 index df403f6e..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-registry-paste.ini +++ /dev/null @@ -1,30 +0,0 @@ -# Use this pipeline for no auth - DEFAULT -[pipeline:glance-registry] -pipeline = osprofiler unauthenticated-context registryapp - -# Use this pipeline for keystone auth -[pipeline:glance-registry-keystone] -pipeline = osprofiler authtoken context registryapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user. -[pipeline:glance-registry-trusted-auth] -pipeline = osprofiler context registryapp - -[app:registryapp] -paste.app_factory = glance.registry.api:API.factory - -[filter:context] -paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory - -[filter:unauthenticated-context] -paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes diff --git a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf index 302f4138..40993d8d 100644 --- a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf +++ b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf @@ -49,15 +49,18 @@ limit_param_default = 25 # Role used to identify an authenticated user as administrator #admin_role = admin -# Whether to automatically create the database tables. -# Default: False -#db_auto_create = False - # Enable DEBUG log messages from sqlalchemy which prints every database # query and response. # Default: False #sqlalchemy_debug = True +# http_keepalive option. If False, server will return the header +# "Connection: close", If True, server will return "Connection: Keep-Alive" +# in its responses. In order to close the client socket connection +# explicitly after the response is sent and read successfully by the client, +# you simply have to set this option to False when you create a wsgi server. +#http_keepalive = True + # ================= Syslog Options ============================ # Send logs to syslog (/dev/log) instead of to file specified @@ -88,9 +91,10 @@ notification_driver = messagingv2 # default_publisher_id = image.localhost # Messaging driver used for 'messaging' notifications driver -rpc_backend=rabbit +rpc_backend = 'rabbit' -# Configuration options if sending notifications via rabbitmq +# Configuration options if sending notifications via rabbitmq (these are +# the defaults) rabbit_host = {{ RABBITMQ_HOST }} rabbit_port = {{ RABBITMQ_PORT }} rabbit_use_ssl = false @@ -103,23 +107,42 @@ rabbit_durable_queues = False # Configuration options if sending notifications via Qpid (these are # the defaults) -qpid_notification_exchange = glance -qpid_notification_topic = notifications -qpid_hostname = localhost -qpid_port = 5672 -qpid_username = -qpid_password = -qpid_sasl_mechanisms = -qpid_reconnect_timeout = 0 -qpid_reconnect_limit = 0 -qpid_reconnect_interval_min = 0 -qpid_reconnect_interval_max = 0 -qpid_reconnect_interval = 0 -qpid_heartbeat = 5 +#qpid_notification_exchange = glance +#qpid_notification_topic = notifications +#qpid_hostname = localhost +#qpid_port = 5672 +#qpid_username = +#qpid_password = +#qpid_sasl_mechanisms = +#qpid_reconnect_timeout = 0 +#qpid_reconnect_limit = 0 +#qpid_reconnect_interval_min = 0 +#qpid_reconnect_interval_max = 0 +#qpid_reconnect_interval = 0 +#qpid_heartbeat = 5 # Set to 'ssl' to enable SSL -qpid_protocol = tcp -qpid_tcp_nodelay = True +#qpid_protocol = tcp +#qpid_tcp_nodelay = True + + +# =============== Policy Options ============================== + +[oslo_policy] +# The JSON file that defines policies. +# Deprecated group/name - [DEFAULT]/policy_file +#policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. +# Deprecated group/name - [DEFAULT]/policy_default_rule +#policy_default_rule = default +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. +# The file defined by policy_file must exist for these +# directories to be searched. +# Deprecated group/name - [DEFAULT]/policy_dirs +#policy_dirs = policy.d # ================= Database Options ========================== diff --git a/install-files/openstack/usr/share/openstack/glance/glance-scrubber.conf b/install-files/openstack/usr/share/openstack/glance/glance-scrubber.conf deleted file mode 100644 index cdbfda71..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-scrubber.conf +++ /dev/null @@ -1,108 +0,0 @@ -[DEFAULT] -# Show more verbose log output (sets INFO log level output) -#verbose = False - -# Show debugging output in logs (sets DEBUG log level output) -#debug = False - -# Log to this file. Make sure you do not set the same log file for both the API -# and registry servers! -# -# If `log_file` is omitted and `use_syslog` is false, then log messages are -# sent to stdout as a fallback. -# log_file = /var/log/glance/scrubber.log - -# Send logs to syslog (/dev/log) instead of to file specified by `log_file` -use_syslog = True - -# Should we run our own loop or rely on cron/scheduler to run us -daemon = False - -# Loop time between checking for new items to schedule for delete -wakeup_time = 300 - -# Directory that the scrubber will use to remind itself of what to delete -# Make sure this is also set in glance-api.conf -scrubber_datadir = /var/lib/glance/scrubber - -# Only one server in your deployment should be designated the cleanup host -cleanup_scrubber = False - -# pending_delete items older than this time are candidates for cleanup -cleanup_scrubber_time = 86400 - -# Address to find the registry server for cleanups -registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Port the registry server is listening on -registry_port = 9191 - -# Auth settings if using Keystone -# auth_url = http://127.0.0.1:5000/v2.0/ -# admin_tenant_name = %SERVICE_TENANT_NAME% -# admin_user = %SERVICE_USER% -# admin_password = %SERVICE_PASSWORD% - -# Directory to use for lock files. Default to a temp directory -# (string value). This setting needs to be the same for both -# glance-scrubber and glance-api. -#lock_path=<None> - -# API to use for accessing data. Default value points to sqlalchemy -# package, it is also possible to use: glance.db.registry.api -#data_api = glance.db.sqlalchemy.api - -# ================= Security Options ========================== - -# AES key for encrypting store 'location' metadata, including -# -- if used -- Swift or S3 credentials -# Should be set to a random string of length 16, 24 or 32 bytes -#metadata_encryption_key = <16, 24 or 32 char registry metadata key> - -# ================= Database Options ===============+========== - -[database] - -# The SQLAlchemy connection string used to connect to the -# database (string value) -#connection=sqlite:////glance/openstack/common/db/$sqlite_db - -# The SQLAlchemy connection string used to connect to the -# slave database (string value) -#slave_connection= - -# timeout before idle sql connections are reaped (integer -# value) -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool -# (integer value) -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool -# (integer value) -#max_pool_size=<None> - -# maximum db connection retries during startup. (setting -1 -# implies an infinite retry count) (integer value) -#max_retries=10 - -# interval between retries of opening a sql connection -# (integer value) -#retry_interval=10 - -# If set, use this value for max_overflow with sqlalchemy -# (integer value) -#max_overflow=<None> - -# Verbosity of SQL debugging information. 0=None, -# 100=Everything (integer value) -#connection_debug=0 - -# Add python stack traces to SQL as comment strings (boolean -# value) -#connection_trace=false - -# If set, use this value for pool_timeout with sqlalchemy -# (integer value) -#pool_timeout=<None> diff --git a/install-files/openstack/usr/share/openstack/glance/logging.conf b/install-files/openstack/usr/share/openstack/glance/logging.conf deleted file mode 100644 index 7e7f31f0..00000000 --- a/install-files/openstack/usr/share/openstack/glance/logging.conf +++ /dev/null @@ -1,54 +0,0 @@ -[loggers] -keys=root,api,registry,combined - -[formatters] -keys=normal,normal_with_name,debug - -[handlers] -keys=production,file,devel - -[logger_root] -level=NOTSET -handlers=devel - -[logger_api] -level=DEBUG -handlers=devel -qualname=glance-api - -[logger_registry] -level=DEBUG -handlers=devel -qualname=glance-registry - -[logger_combined] -level=DEBUG -handlers=devel -qualname=glance-combined - -[handler_production] -class=handlers.SysLogHandler -level=ERROR -formatter=normal_with_name -args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) - -[handler_file] -class=FileHandler -level=DEBUG -formatter=normal_with_name -args=('glance.log', 'w') - -[handler_devel] -class=StreamHandler -level=NOTSET -formatter=debug -args=(sys.stdout,) - -[formatter_normal] -format=%(asctime)s %(levelname)s %(message)s - -[formatter_normal_with_name] -format=(%(name)s): %(asctime)s %(levelname)s %(message)s - -[formatter_debug] -format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s diff --git a/install-files/openstack/usr/share/openstack/glance/policy.json b/install-files/openstack/usr/share/openstack/glance/policy.json deleted file mode 100644 index 325f00b2..00000000 --- a/install-files/openstack/usr/share/openstack/glance/policy.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "context_is_admin": "role:admin", - "default": "", - - "add_image": "", - "delete_image": "", - "get_image": "", - "get_images": "", - "modify_image": "", - "publicize_image": "role:admin", - "copy_from": "", - - "download_image": "", - "upload_image": "", - - "delete_image_location": "", - "get_image_location": "", - "set_image_location": "", - - "add_member": "", - "delete_member": "", - "get_member": "", - "get_members": "", - "modify_member": "", - - "manage_image_cache": "role:admin", - - "get_task": "", - "get_tasks": "", - "add_task": "", - "modify_task": "", - - "get_metadef_namespace": "", - "get_metadef_namespaces":"", - "modify_metadef_namespace":"", - "add_metadef_namespace":"", - - "get_metadef_object":"", - "get_metadef_objects":"", - "modify_metadef_object":"", - "add_metadef_object":"", - - "list_metadef_resource_types":"", - "get_metadef_resource_type":"", - "add_metadef_resource_type_association":"", - - "get_metadef_property":"", - "get_metadef_properties":"", - "modify_metadef_property":"", - "add_metadef_property":"" - -} diff --git a/install-files/openstack/usr/share/openstack/glance/schema-image.json b/install-files/openstack/usr/share/openstack/glance/schema-image.json deleted file mode 100644 index 5aafd6b3..00000000 --- a/install-files/openstack/usr/share/openstack/glance/schema-image.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "kernel_id": { - "type": "string", - "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", - "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image." - }, - "ramdisk_id": { - "type": "string", - "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", - "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image." - }, - "instance_uuid": { - "type": "string", - "description": "ID of instance used to create this image." - }, - "architecture": { - "description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", - "type": "string" - }, - "os_distro": { - "description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", - "type": "string" - }, - "os_version": { - "description": "Operating system version as specified by the distributor", - "type": "string" - } -} diff --git a/install-files/openstack/usr/share/openstack/horizon.yml b/install-files/openstack/usr/share/openstack/horizon.yml index 14cea5c5..1fec4ab0 100644 --- a/install-files/openstack/usr/share/openstack/horizon.yml +++ b/install-files/openstack/usr/share/openstack/horizon.yml @@ -23,14 +23,13 @@ shell: /sbin/nologin home: /var/lib/horizon - - name: Create the /var folders for horizon + - name: Fix permissions in /var/lib/horizon file: - path: "{{ item }}" + path: /var/lib/horizon state: directory owner: horizon group: horizon - with_items: - - /var/lib/horizon + recurse: yes - name: Link horizon apache configuration file: diff --git a/install-files/openstack/usr/share/openstack/ironic/ironic.conf b/install-files/openstack/usr/share/openstack/ironic/ironic.conf index 75c62b8e..a5b5d2e3 100644 --- a/install-files/openstack/usr/share/openstack/ironic/ironic.conf +++ b/install-files/openstack/usr/share/openstack/ironic/ironic.conf @@ -4,129 +4,13 @@ # Options defined in oslo.messaging # -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some -# distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} - -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - -# If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false - # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) #rpc_zmq_bind_address=* # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker=oslo_messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) #rpc_zmq_port=9501 @@ -156,7 +40,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }} # Heartbeat time-to-live. (integer value) #matchmaker_heartbeat_ttl=600 -# Size of RPC greenthread pool. (integer value) +# Size of RPC thread pool. (integer value) #rpc_thread_pool_size=64 # Driver or drivers to handle sending notifications. (multi @@ -190,10 +74,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }} # # IP address of this host. (string value) -my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Use IPv6. (boolean value) -#use_ipv6=false +my_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # @@ -204,6 +85,10 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # (string value) #auth_strategy=keystone +# Enable pecan debug mode. WARNING: this is insecure and +# should not be used in production. (boolean value) +#pecan_debug=false + # # Options defined in ironic.common.driver_factory @@ -268,6 +153,9 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # value) #isolinux_config_template=$pybasedir/common/isolinux_config.template +# Template file for grub configuration file. (string value) +#grub_config_template=$pybasedir/common/grub_conf.template + # # Options defined in ironic.common.paths @@ -287,18 +175,6 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # -# Options defined in ironic.common.policy -# - -# JSON file representing policy. (string value) -#policy_file=policy.json - -# Rule checked when requested rule is not found. (string -# value) -#policy_default_rule=default - - -# # Options defined in ironic.common.service # @@ -351,17 +227,6 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # -# Options defined in ironic.openstack.common.lockutils -# - -# Enables or disables inter-process locks. (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. (string value) -#lock_path=<None> - - -# # Options defined in ironic.openstack.common.log # @@ -393,7 +258,7 @@ enabled_drivers=pxe_ipmitool,pxe_ssh #logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s # List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN +#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN # Enables or disables publication of error events. (boolean # value) @@ -442,7 +307,7 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # Use syslog for logging. Existing syslog format is DEPRECATED # during I, and will change in J to honor RFC5424. (boolean # value) -use_syslog=True +use_syslog=true # (Optional) Enables or disables syslog rfc5424 format for # logging. If enabled, prefixes the MSG part of the syslog @@ -464,6 +329,15 @@ use_syslog=True #run_external_periodic_tasks=true +# +# Options defined in ironic.openstack.common.versionutils +# + +# Enables or disables fatal status of deprecations. (boolean +# value) +#fatal_deprecations=false + + [agent] # @@ -480,6 +354,22 @@ use_syslog=True # Neutron bootfile DHCP parameter. (string value) #agent_pxe_bootfile_name=pxelinux.0 +# Priority to run in-band erase devices via the Ironic Python +# Agent ramdisk. If unset, will use the priority set in the +# ramdisk (defaults to 10 for the GenericHardwareManager). If +# set to 0, will not run during cleaning. (integer value) +#agent_erase_devices_priority=<None> + +# Whether Ironic will manage TFTP files for the deploy +# ramdisks. If set to False, you will need to configure your +# own TFTP server that allows booting the deploy ramdisks. +# (boolean value) +#manage_tftp=true + +# +# Options defined in ironic.drivers.modules.agent_base_vendor +# + # Maximum interval (in seconds) for agent heartbeats. (integer # value) #heartbeat_timeout=300 @@ -494,6 +384,30 @@ use_syslog=True #agent_api_version=v1 +[amt] + +# +# Options defined in ironic.drivers.modules.amt.common +# + +# Protocol used for AMT endpoint, support http/https (string +# value) +#protocol=http + + +# +# Options defined in ironic.drivers.modules.amt.power +# + +# Maximum number of times to attempt an AMT operation, before +# failing (integer value) +#max_attempts=3 + +# Amount of time (in seconds) to wait, before retrying an AMT +# operation (integer value) +#action_wait=10 + + [api] # @@ -520,7 +434,7 @@ use_syslog=True # URL of Ironic API service. If not set ironic can get the # current value from the keystone service catalog. (string # value) -api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 +api_url = http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 # Seconds between conductor heart beats. (integer value) #heartbeat_interval=10 @@ -587,6 +501,31 @@ api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 # the check entirely. (integer value) #sync_local_state_interval=180 +# Whether to upload the config drive to Swift. (boolean value) +#configdrive_use_swift=false + +# Name of the Swift container to store config drive data. Used +# when configdrive_use_swift is True. (string value) +#configdrive_swift_container=ironic_configdrive_container + +# Timeout (seconds) for waiting for node inspection. 0 - +# unlimited. (integer value) +#inspect_timeout=1800 + +# Cleaning is a configurable set of steps, such as erasing +# disk drives, that are performed on the node to ensure it is +# in a baseline state and ready to be deployed to. This is +# done after instance deletion, and during the transition from +# a "managed" to "available" state. When enabled, the +# particular steps performed to clean a node depend on which +# driver that node is managed by; see the individual driver's +# documentation for details. NOTE: The introduction of the +# cleaning operation causes instance deletion to take +# significantly longer. In an environment where all tenants +# are trusted (eg, because there is only one tenant), this +# option could be safely disabled. (boolean value) +#clean_nodes=true + [console] @@ -635,7 +574,7 @@ api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection -connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ironic +connection = postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ironic # The SQLAlchemy connection string to use to connect to the # slave database. (string value) @@ -667,8 +606,9 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size=<None> -# Maximum db connection retries during startup. Set to -1 to -# specify an infinite retry count. (integer value) +# Maximum number of database connection retries during +# startup. Set to -1 to specify an infinite retry count. +# (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries=10 @@ -704,20 +644,22 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL # connection lost. (boolean value) #use_db_reconnect=false -# Seconds between database connection retries. (integer value) +# Seconds between retries of a database transaction. (integer +# value) #db_retry_interval=1 -# If True, increases the interval between database connection -# retries up to db_max_retry_interval. (boolean value) +# If True, increases the interval between retries of a +# database operation up to db_max_retry_interval. (boolean +# value) #db_inc_retry_interval=true # If db_inc_retry_interval is set, the maximum seconds between -# database connection retries. (integer value) +# retries of a database operation. (integer value) #db_max_retry_interval=10 -# Maximum database connection retries before error is raised. -# Set to -1 to specify an infinite retry count. (integer -# value) +# Maximum retries in case of connection error or deadlock +# error before error is raised. Set to -1 to specify an +# infinite retry count. (integer value) #db_max_retries=20 @@ -729,6 +671,25 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL #mysql_engine=InnoDB +[deploy] + +# +# Options defined in ironic.drivers.modules.deploy_utils +# + +# Size of EFI system partition in MiB when configuring UEFI +# systems for local boot. (integer value) +#efi_system_partition_size=200 + +# Block size to use when writing to the nodes disk. (string +# value) +#dd_block_size=1M + +# Maximum attempts to verify an iSCSI connection is active, +# sleeping 1 second between attempts. (integer value) +#iscsi_verify_attempts=3 + + [dhcp] # @@ -740,6 +701,26 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL #dhcp_provider=neutron +[discoverd] + +# +# Options defined in ironic.drivers.modules.discoverd +# + +# whether to enable inspection using ironic-discoverd (boolean +# value) +#enabled=false + +# ironic-discoverd HTTP endpoint. If this is not set, the +# ironic-discoverd client default (http://127.0.0.1:5050) will +# be used. (string value) +#service_url=<None> + +# period (in seconds) to check status of nodes on inspection +# (integer value) +#status_check_period=60 + + [disk_partitioner] # @@ -811,13 +792,22 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL # (string value) #swift_container=glance +# This should match a config by the same name in the Glance +# configuration file. When set to 0, a single-tenant store +# will only use one container to store all images. When set to +# an integer value between 1 and 32, a single-tenant store +# will use multiple containers to store images, and this value +# will determine how many containers are created. (integer +# value) +#swift_store_multiple_containers_seed=0 + # # Options defined in ironic.common.image_service # # Default glance hostname or IP address. (string value) -glance_host={{ CONTROLLER_HOST_ADDRESS }} +glance_host = {{ CONTROLLER_HOST_ADDRESS }} # Default glance port. (integer value) #glance_port=9292 @@ -828,7 +818,7 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # A list of the glance api servers available to ironic. Prefix # with https:// for SSL-based glance API servers. Format is -# [hostname|IP]:port. (string value) +# [hostname|IP]:port. (list value) #glance_api_servers=<None> # Allow to perform insecure SSL (https) requests to glance. @@ -839,8 +829,9 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # (integer value) #glance_num_retries=0 -# Default protocol to use when connecting to glance. Set to -# https for SSL. (string value) +# Authentication strategy to use when connecting to glance. +# Only "keystone" and "noauth" are currently supported by +# ironic. (string value) #auth_strategy=keystone @@ -865,6 +856,43 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # +# Options defined in ironic.drivers.modules.ilo.deploy +# + +# Priority for erase devices clean step. If unset, it defaults +# to 10. If set to 0, the step will be disabled and will not +# run during cleaning. (integer value) +#clean_priority_erase_devices=<None> + + +# +# Options defined in ironic.drivers.modules.ilo.management +# + +# Priority for reset_ilo clean step. (integer value) +#clean_priority_reset_ilo=1 + +# Priority for reset_bios_to_default clean step. (integer +# value) +#clean_priority_reset_bios_to_default=10 + +# Priority for reset_secure_boot_keys clean step. This step +# will reset the secure boot keys to manufacturing defaults. +# (integer value) +#clean_priority_reset_secure_boot_keys_to_default=20 + +# Priority for clear_secure_boot_keys clean step. This step is +# not enabled by default. It can be enabled to to clear all +# secure boot keys enrolled with iLO. (integer value) +#clean_priority_clear_secure_boot_keys=0 + +# Priority for reset_ilo_credential clean step. This step +# requires "ilo_change_password" parameter to be updated in +# nodes's driver_info with the new password. (integer value) +#clean_priority_reset_ilo_credential=30 + + +# # Options defined in ironic.drivers.modules.ilo.power # @@ -883,8 +911,12 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # Options defined in ironic.drivers.modules.ipminative # -# Maximum time in seconds to retry IPMI operations. (integer -# value) +# Maximum time in seconds to retry IPMI operations. There is a +# tradeoff when setting this value. Setting this too low may +# cause older BMCs to crash and require a hard reset. However, +# setting too high can cause the sync power state periodic +# task to hang when there are slow or unresponsive BMCs. +# (integer value) #retry_timeout=60 # Minimum time, in seconds, between IPMI operations sent to a @@ -894,79 +926,73 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} #min_command_interval=5 -[keystone_authtoken] +[irmc] # -# Options defined in keystonemiddleware.auth_token +# Options defined in ironic.drivers.modules.irmc.common # -# Prefix to prepend at the beginning of the path. Deprecated, -# use identity_uri. (string value) -#auth_admin_prefix= +# Port to be used for iRMC operations, either 80 or 443 +# (integer value) +#port=443 -# Host providing the admin Identity API endpoint. Deprecated, -# use identity_uri. (string value) -#auth_host=127.0.0.1 +# Authentication method to be used for iRMC operations, either +# "basic" or "digest" (string value) +#auth_method=basic -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -#auth_port=35357 +# Timeout (in seconds) for iRMC operations (integer value) +#client_timeout=60 -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -#auth_protocol=https +# Sensor data retrieval method, either "ipmitool" or "scci" +# (string value) +#sensor_method=ipmitool -# Complete public Identity API endpoint (string value) -auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -# Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint e.g. https://localhost:35357/ +[keystone] + +# +# Options defined in ironic.common.keystone +# + +# The region used for getting endpoints of OpenStackservices. # (string value) -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +#region_name=<None> + + +[keystone_authtoken] + +# +# Options defined in keystonemiddleware.auth_token +# -# API version of the admin Identity API endpoint (string +# Complete public Identity API endpoint. (string value) +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + +# API version of the admin Identity API endpoint. (string # value) #auth_version=<None> # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI -# components (boolean value) +# components. (boolean value) #delay_auth_decision=false # Request timeout value for communicating with Identity API -# server. (boolean value) +# server. (integer value) #http_connect_timeout=<None> # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries=3 -# This option is deprecated and may be removed in a future -# release. Single shared secret with the Keystone -# configuration used for bootstrapping a Keystone -# installation, or otherwise bypassing the normal -# authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token=<None> - -# Keystone account username (string value) -admin_user={{ IRONIC_SERVICE_USER }} - -# Keystone account password (string value) -admin_password={{ IRONIC_SERVICE_PASSWORD }} - -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name=service - -# Env key for the swift cache (string value) +# Env key for the swift cache. (string value) #cache=<None> -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #certfile=<None> -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #keyfile=<None> @@ -977,7 +1003,7 @@ admin_tenant_name=service # Verify HTTPS connections. (boolean value) #insecure=false -# Directory used to cache files related to PKI tokens (string +# Directory used to cache files related to PKI tokens. (string # value) #signing_dir=<None> @@ -1000,7 +1026,7 @@ admin_tenant_name=service # value) #revocation_cache_time=10 -# (optional) if defined, indicate whether token data should be +# (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable # values are MAC or ENCRYPT. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token @@ -1009,38 +1035,38 @@ admin_tenant_name=service # raise an exception on initialization. (string value) #memcache_security_strategy=<None> -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string +# (Optional, mandatory if memcache_security_strategy is +# defined) This string is used for key derivation. (string # value) #memcache_secret_key=<None> -# (optional) number of seconds memcached server is considered +# (Optional) Number of seconds memcached server is considered # dead before it is tried again. (integer value) #memcache_pool_dead_retry=300 -# (optional) max total number of open connections to every +# (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize=10 -# (optional) socket timeout in seconds for communicating with +# (Optional) Socket timeout in seconds for communicating with # a memcache server. (integer value) #memcache_pool_socket_timeout=3 -# (optional) number of seconds a connection to memcached is +# (Optional) Number of seconds a connection to memcached is # held unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout=60 -# (optional) number of seconds that an operation will wait to +# (Optional) Number of seconds that an operation will wait to # get a memcache client connection from the pool. (integer # value) #memcache_pool_conn_get_timeout=10 -# (optional) use the advanced (eventlet safe) memcache client +# (Optional) Use the advanced (eventlet safe) memcache client # pool. The advanced pool will only work under python 2.x. # (boolean value) #memcache_use_advanced_pool=false -# (optional) indicate whether to set the X-Service-Catalog +# (Optional) Indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) @@ -1059,7 +1085,7 @@ admin_tenant_name=service # If true, the revocation list will be checked for cached # tokens. This requires that PKI tokens are configured on the -# Keystone server. (boolean value) +# identity server. (boolean value) #check_revocations_for_cached=false # Hash algorithms to use for hashing PKI tokens. This may be a @@ -1074,6 +1100,44 @@ admin_tenant_name=service # (list value) #hash_algorithms=md5 +# Prefix to prepend at the beginning of the path. Deprecated, +# use identity_uri. (string value) +#auth_admin_prefix= + +# Host providing the admin Identity API endpoint. Deprecated, +# use identity_uri. (string value) +#auth_host=127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +#auth_port=35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +#auth_protocol=https + +# Complete admin Identity API endpoint. This should specify +# the unversioned root endpoint e.g. https://localhost:35357/ +# (string value) +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 + +# This option is deprecated and may be removed in a future +# release. Single shared secret with the Keystone +# configuration used for bootstrapping a Keystone +# installation, or otherwise bypassing the normal +# authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token=<None> + +# Service username. (string value) +admin_user = {{ IRONIC_SERVICE_USER }} + +# Service user password. (string value) +admin_password = {{ IRONIC_SERVICE_PASSWORD }} + +# Service tenant name. (string value) +admin_tenant_name=service + [matchmaker_redis] @@ -1109,12 +1173,16 @@ admin_tenant_name=service # # URL for connecting to neutron. (string value) -url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 +url = http://{{ CONTROLLER_HOST_ADDRESS }}:9696 # Timeout value for connecting to neutron in seconds. (integer # value) #url_timeout=30 +# Client retries in the case of a failed request. (integer +# value) +#retries=3 + # Default authentication strategy to use when connecting to # neutron. Can be either "keystone" or "noauth". Running # neutron in noauth mode (related to but not affected by this @@ -1122,6 +1190,248 @@ url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 # (string value) #auth_strategy=keystone +# UUID of the network to create Neutron ports on when booting +# to a ramdisk for cleaning/zapping using Neutron DHCP (string +# value) +#cleaning_network_uuid=<None> + + +[oslo_concurrency] + +# +# Options defined in oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +#disable_process_locking=false + +# Directory to use for lock files. For security, the +# specified directory should only be writable by the user +# running the processes that need locking. Defaults to +# environment variable OSLO_LOCK_PATH. If external locks are +# used, a lock path must be set. (string value) +#lock_path=<None> + + +[oslo_messaging_amqp] + +# +# Options defined in oslo.messaging +# + +# address prefix used when sending to a specific server +# (string value) +#server_request_prefix=exclusive + +# address prefix used when broadcasting to all servers (string +# value) +#broadcast_prefix=broadcast + +# address prefix when sending to any server in group (string +# value) +#group_request_prefix=unicast + +# Name for the AMQP container (string value) +#container_name=<None> + +# Timeout for inactive connections (in seconds) (integer +# value) +#idle_timeout=0 + +# Debug: dump AMQP frames to stdout (boolean value) +#trace=false + +# CA certificate PEM file for verifing server certificate +# (string value) +#ssl_ca_file= + +# Identifying certificate PEM file to present to clients +# (string value) +#ssl_cert_file= + +# Private key PEM file used to sign cert_file certificate +# (string value) +#ssl_key_file= + +# Password for decrypting ssl_key_file (if encrypted) (string +# value) +#ssl_key_password=<None> + +# Accept clients using either SSL or plain TCP (boolean value) +#allow_insecure_clients=false + + +[oslo_messaging_qpid] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The number of prefetched messages held by receiver. (integer +# value) +#qpid_receiver_capacity=1 + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + + +[oslo_messaging_rabbit] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# SSL version to use (valid only if SSL enabled). Valid values +# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may +# be available on some distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +rabbit_host = {{ RABBITMQ_HOST }} + +# The RabbitMQ broker port where a single node is used. +# (integer value) +rabbit_port = {{ RABBITMQ_PORT }} + +# RabbitMQ HA cluster host:port pairs. (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +#rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +rabbit_userid = {{ RABBITMQ_USER }} + +# The RabbitMQ password. (string value) +rabbit_password = {{ RABBITMQ_PASSWORD }} + +# The RabbitMQ login method. (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# Number of seconds after which the Rabbit broker is +# considered down if heartbeat's keep-alive fails (0 disable +# the heartbeat). (integer value) +#heartbeat_timeout_threshold=60 + +# How often times during the heartbeat_timeout_threshold we +# check the heartbeat. (integer value) +#heartbeat_rate=2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +#fake_rabbit=false + + +[oslo_policy] + +# +# Options defined in oslo.policy +# + +# The JSON file that defines policies. (string value) +#policy_file=policy.json + +# Default rule. Enforced when a requested rule is not found. +# (string value) +#policy_default_rule=default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. The +# file defined by policy_file must exist for these directories +# to be searched. Missing or empty directories are ignored. +# (multi valued) +#policy_dirs=policy.d + [pxe] @@ -1245,3 +1555,14 @@ tftp_master_path=/srv/tftp_root/master_images #swift_max_retries=2 +[virtualbox] + +# +# Options defined in ironic.drivers.modules.virtualbox +# + +# Port on which VirtualBox web service is listening. (integer +# value) +#port=18083 + + diff --git a/install-files/openstack/usr/share/openstack/ironic/policy.json b/install-files/openstack/usr/share/openstack/ironic/policy.json deleted file mode 100644 index 94ac3a5b..00000000 --- a/install-files/openstack/usr/share/openstack/ironic/policy.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "admin": "role:admin or role:administrator", - "admin_api": "is_admin:True", - "default": "rule:admin_api" -} diff --git a/install-files/openstack/usr/share/openstack/keystone.yml b/install-files/openstack/usr/share/openstack/keystone.yml index 330d74d0..00bcac1a 100644 --- a/install-files/openstack/usr/share/openstack/keystone.yml +++ b/install-files/openstack/usr/share/openstack/keystone.yml @@ -88,9 +88,8 @@ sudo: yes sudo_user: keystone - - name: Initiatie keystone database - keystone_manage: - action: dbsync + - name: Initiate keystone database + command: keystone-manage db_sync sudo: yes sudo_user: keystone diff --git a/install-files/openstack/usr/share/openstack/keystone/keystone-paste.ini b/install-files/openstack/usr/share/openstack/keystone/keystone-paste.ini deleted file mode 100644 index 46f994c3..00000000 --- a/install-files/openstack/usr/share/openstack/keystone/keystone-paste.ini +++ /dev/null @@ -1,121 +0,0 @@ -# Keystone PasteDeploy configuration file. - -[filter:debug] -paste.filter_factory = keystone.common.wsgi:Debug.factory - -[filter:build_auth_context] -paste.filter_factory = keystone.middleware:AuthContextMiddleware.factory - -[filter:token_auth] -paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory - -[filter:admin_token_auth] -paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory - -[filter:xml_body] -paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory - -[filter:xml_body_v2] -paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV2.factory - -[filter:xml_body_v3] -paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV3.factory - -[filter:json_body] -paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory - -[filter:user_crud_extension] -paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory - -[filter:crud_extension] -paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory - -[filter:ec2_extension] -paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory - -[filter:ec2_extension_v3] -paste.filter_factory = keystone.contrib.ec2:Ec2ExtensionV3.factory - -[filter:federation_extension] -paste.filter_factory = keystone.contrib.federation.routers:FederationExtension.factory - -[filter:oauth1_extension] -paste.filter_factory = keystone.contrib.oauth1.routers:OAuth1Extension.factory - -[filter:s3_extension] -paste.filter_factory = keystone.contrib.s3:S3Extension.factory - -[filter:endpoint_filter_extension] -paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory - -[filter:endpoint_policy_extension] -paste.filter_factory = keystone.contrib.endpoint_policy.routers:EndpointPolicyExtension.factory - -[filter:simple_cert_extension] -paste.filter_factory = keystone.contrib.simple_cert:SimpleCertExtension.factory - -[filter:revoke_extension] -paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory - -[filter:url_normalize] -paste.filter_factory = keystone.middleware:NormalizingFilter.factory - -[filter:sizelimit] -paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory - -[filter:stats_monitoring] -paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory - -[filter:stats_reporting] -paste.filter_factory = keystone.contrib.stats:StatsExtension.factory - -[filter:access_log] -paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory - -[app:public_service] -paste.app_factory = keystone.service:public_app_factory - -[app:service_v3] -paste.app_factory = keystone.service:v3_app_factory - -[app:admin_service] -paste.app_factory = keystone.service:admin_app_factory - -[pipeline:public_api] -# The last item in this pipeline must be public_service or an equivalent -# application. It cannot be a filter. -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service - -[pipeline:admin_api] -# The last item in this pipeline must be admin_service or an equivalent -# application. It cannot be a filter. -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service - -[pipeline:api_v3] -# The last item in this pipeline must be service_v3 or an equivalent -# application. It cannot be a filter. -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3 - -[app:public_version_service] -paste.app_factory = keystone.service:public_version_app_factory - -[app:admin_version_service] -paste.app_factory = keystone.service:admin_version_app_factory - -[pipeline:public_version_api] -pipeline = sizelimit url_normalize xml_body public_version_service - -[pipeline:admin_version_api] -pipeline = sizelimit url_normalize xml_body admin_version_service - -[composite:main] -use = egg:Paste#urlmap -/v2.0 = public_api -/v3 = api_v3 -/ = public_version_api - -[composite:admin] -use = egg:Paste#urlmap -/v2.0 = admin_api -/v3 = api_v3 -/ = admin_version_api diff --git a/install-files/openstack/usr/share/openstack/keystone/keystone.conf b/install-files/openstack/usr/share/openstack/keystone/keystone.conf index 4e04c81b..1a082601 100644 --- a/install-files/openstack/usr/share/openstack/keystone/keystone.conf +++ b/install-files/openstack/usr/share/openstack/keystone/keystone.conf @@ -1,1588 +1,1733 @@ [DEFAULT] # -# Options defined in keystone +# From keystone # -# A "shared secret" that can be used to bootstrap Keystone. -# This "token" does not represent a user, and carries no -# explicit authorization. To disable in production (highly -# recommended), remove AdminTokenAuthMiddleware from your -# paste application pipelines (for example, in keystone- -# paste.ini). (string value) -admin_token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} - -# The IP address of the network interface for the public -# service to listen on. (string value) -# Deprecated group/name - [DEFAULT]/bind_host -#public_bind_host=0.0.0.0 - -# The IP address of the network interface for the admin -# service to listen on. (string value) -# Deprecated group/name - [DEFAULT]/bind_host -#admin_bind_host=0.0.0.0 - -# (Deprecated) The port which the OpenStack Compute service -# listens on. This option was only used for string replacement -# in the templated catalog backend. Templated catalogs should -# replace the "$(compute_port)s" substitution with the static -# port of the compute service. As of Juno, this option is -# deprecated and will be removed in the L release. (integer +# A "shared secret" that can be used to bootstrap Keystone. This "token" does +# not represent a user, and carries no explicit authorization. To disable in +# production (highly recommended), remove AdminTokenAuthMiddleware from your +# paste application pipelines (for example, in keystone-paste.ini). (string # value) -#compute_port=8774 +admin_token = {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + +# (Deprecated) The port which the OpenStack Compute service listens on. This +# option was only used for string replacement in the templated catalog backend. +# Templated catalogs should replace the "$(compute_port)s" substitution with +# the static port of the compute service. As of Juno, this option is deprecated +# and will be removed in the L release. (integer value) +#compute_port = 8774 + +# The base public endpoint URL for Keystone that is advertised to clients +# (NOTE: this does NOT affect how Keystone listens for connections). Defaults +# to the base host URL of the request. E.g. a request to +# http://server:5000/v3/users will default to http://server:5000. You should +# only need to set this value if the base URL contains a path (e.g. /prefix/v3) +# or the endpoint should be found on a different server. (string value) +#public_endpoint = <None> + +# The base admin endpoint URL for Keystone that is advertised to clients (NOTE: +# this does NOT affect how Keystone listens for connections). Defaults to the +# base host URL of the request. E.g. a request to http://server:35357/v3/users +# will default to http://server:35357. You should only need to set this value +# if the base URL contains a path (e.g. /prefix/v3) or the endpoint should be +# found on a different server. (string value) +#admin_endpoint = <None> + +# Maximum depth of the project hierarchy. WARNING: setting it to a large value +# may adversely impact performance. (integer value) +#max_project_tree_depth = 5 -# The port number which the admin service listens on. (integer -# value) -admin_port=35357 - -# The port number which the public service listens on. -# (integer value) -public_port=5000 - -# The base public endpoint URL for Keystone that is advertised -# to clients (NOTE: this does NOT affect how Keystone listens -# for connections). Defaults to the base host URL of the -# request. E.g. a request to http://server:5000/v2.0/users -# will default to http://server:5000. You should only need to -# set this value if the base URL contains a path (e.g. -# /prefix/v2.0) or the endpoint should be found on a different -# server. (string value) -#public_endpoint=<None> - -# The base admin endpoint URL for Keystone that is advertised -# to clients (NOTE: this does NOT affect how Keystone listens -# for connections). Defaults to the base host URL of the -# request. E.g. a request to http://server:35357/v2.0/users -# will default to http://server:35357. You should only need to -# set this value if the base URL contains a path (e.g. -# /prefix/v2.0) or the endpoint should be found on a different -# server. (string value) -#admin_endpoint=<None> - -# The number of worker processes to serve the public WSGI -# application. Defaults to number of CPUs (minimum of 2). -# (integer value) -#public_workers=<None> +# Limit the sizes of user & project ID/names. (integer value) +#max_param_size = 64 -# The number of worker processes to serve the admin WSGI -# application. Defaults to number of CPUs (minimum of 2). +# Similar to max_param_size, but provides an exception for token values. # (integer value) -#admin_workers=<None> - -# Enforced by optional sizelimit middleware -# (keystone.middleware:RequestBodySizeLimiter). (integer -# value) -#max_request_body_size=114688 +#max_token_size = 8192 -# Limit the sizes of user & project ID/names. (integer value) -#max_param_size=64 +# Similar to the member_role_name option, this represents the default role ID +# used to associate users with their default projects in the v2 API. This will +# be used as the explicit role where one is not specified by the v2 API. +# (string value) +#member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab -# Similar to max_param_size, but provides an exception for -# token values. (integer value) -#max_token_size=8192 +# This is the role name used in combination with the member_role_id option; see +# that option for more detail. (string value) +#member_role_name = _member_ -# During a SQL upgrade member_role_id will be used to create a -# new role that will replace records in the assignment table -# with explicit role grants. After migration, the -# member_role_id will be used in the API add_user_to_project. -# (string value) -#member_role_id=9fe2ff9ee4384b1894a90878d3e92bab - -# During a SQL upgrade member_role_name will be used to create -# a new role that will replace records in the assignment table -# with explicit role grants. After migration, member_role_name -# will be ignored. (string value) -#member_role_name=_member_ - -# The value passed as the keyword "rounds" to passlib's -# encrypt method. (integer value) -#crypt_strength=40000 - -# Set this to true if you want to enable TCP_KEEPALIVE on -# server sockets, i.e. sockets used by the Keystone wsgi -# server for client connections. (boolean value) -#tcp_keepalive=false - -# Sets the value of TCP_KEEPIDLE in seconds for each server -# socket. Only applies if tcp_keepalive is true. Not supported -# on OS X. (integer value) -#tcp_keepidle=600 - -# The maximum number of entities that will be returned in a -# collection, with no limit set by default. This global limit -# may be then overridden for a specific driver, by specifying -# a list_limit in the appropriate section (e.g. [assignment]). +# The value passed as the keyword "rounds" to passlib's encrypt method. # (integer value) -#list_limit=<None> - -# Set this to false if you want to enable the ability for -# user, group and project entities to be moved between domains -# by updating their domain_id. Allowing such movement is not -# recommended if the scope of a domain admin is being -# restricted by use of an appropriate policy file (see +#crypt_strength = 40000 + +# The maximum number of entities that will be returned in a collection, with no +# limit set by default. This global limit may be then overridden for a specific +# driver, by specifying a list_limit in the appropriate section (e.g. +# [assignment]). (integer value) +#list_limit = <None> + +# Set this to false if you want to enable the ability for user, group and +# project entities to be moved between domains by updating their domain_id. +# Allowing such movement is not recommended if the scope of a domain admin is +# being restricted by use of an appropriate policy file (see # policy.v3cloudsample as an example). (boolean value) -#domain_id_immutable=true +#domain_id_immutable = true -# If set to true, strict password length checking is performed -# for password manipulation. If a password exceeds the maximum -# length, the operation will fail with an HTTP 403 Forbidden -# error. If set to false, passwords are automatically -# truncated to the maximum length. (boolean value) -#strict_password_check=false +# If set to true, strict password length checking is performed for password +# manipulation. If a password exceeds the maximum length, the operation will +# fail with an HTTP 403 Forbidden error. If set to false, passwords are +# automatically truncated to the maximum length. (boolean value) +#strict_password_check = false +# The HTTP header used to determine the scheme for the original request, even +# if it was removed by an SSL terminating proxy. Typical value is +# "HTTP_X_FORWARDED_PROTO". (string value) +#secure_proxy_ssl_header = <None> # -# Options defined in oslo.messaging +# From keystone.notifications # -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false +# Default publisher_id for outgoing notifications (string value) +#default_publisher_id = <None> -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false +# Define the notification format for Identity Service events. A "basic" +# notification has information about the resource being operated on. A "cadf" +# notification has the same information, as well as information about the +# initiator of the event. Valid options are: basic and cadf (string value) +#notification_format = basic -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 +# +# From keystone.openstack.common.eventlet_backdoor +# -# Qpid broker hostname. (string value) -#qpid_hostname=localhost +# Enable eventlet backdoor. Acceptable values are 0, <port>, and +# <start>:<end>, where 0 results in listening on a random tcp port number; +# <port> results in listening on the specified port number (and not enabling +# backdoor if that port is in use); and <start>:<end> results in listening on +# the smallest unused port number within the specified range of port numbers. +# The chosen port is displayed in the service's log file. (string value) +#backdoor_port = <None> -# Qpid broker port. (integer value) -#qpid_port=5672 +# +# From oslo.log +# -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port +# Print debugging output (set logging level to DEBUG instead of default WARNING +# level). (boolean value) +#debug = false -# Username for Qpid connection. (string value) -#qpid_username= +# Print more verbose output (set logging level to INFO instead of default +# WARNING level). (boolean value) +#verbose = false -# Password for Qpid connection. (string value) -#qpid_password= +# The name of a logging configuration file. This file is appended to any +# existing logging configuration files. For details about logging configuration +# files, see the Python logging module documentation. (string value) +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append = <None> -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= +# DEPRECATED. A logging.Formatter log message format string which may use any +# of the available logging.LogRecord attributes. This option is deprecated. +# Please use logging_context_format_string and logging_default_format_string +# instead. (string value) +#log_format = <None> -# Seconds between connection keepalive heartbeats. (integer +# Format string for %%(asctime)s in log records. Default: %(default)s . (string # value) -#qpid_heartbeat=60 +#log_date_format = %Y-%m-%d %H:%M:%S -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true +# (Optional) Name of log file to output to. If no default is set, logging will +# go to stdout. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file = <None> -# The number of prefetched messages held by receiver. (integer +# (Optional) The base directory used for relative --log-file paths. (string # value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some -# distributions. (string value) -#kombu_ssl_version= +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = <None> -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= +# Use syslog for logging. Existing syslog format is DEPRECATED during I, and +# will change in J to honor RFC5424. (boolean value) +#use_syslog = false -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= +# (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, +# prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The +# format without the APP-NAME is deprecated in I, and will be removed in J. +# (boolean value) +#use_syslog_rfc_format = false -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= +# Syslog facility to receive log lines. (string value) +#syslog_log_facility = LOG_USER -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 +# Log output to standard error. (boolean value) +#use_stderr = true -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} +# Format string to use for log messages without context. (string value) +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s -# RabbitMQ HA cluster host:port pairs. (list value) -rabbit_hosts=$rabbit_host:$rabbit_port +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d -# Connect over SSL for RabbitMQ. (boolean value) -rabbit_use_ssl=false +# Prefix each line of exception output with this format. (string value) +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} +# Enables or disables publication of error events. (boolean value) +#publish_errors = false -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer +# The format for an instance that is passed with the log message. (string # value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 +#instance_format = "[instance: %(uuid)s] " -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean +# The format for an instance UUID that is passed with the log message. (string # value) -#rabbit_ha_queues=false +#instance_uuid_format = "[instance: %(uuid)s] " -# If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false +# +# From oslo.messaging +# -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. (string value) +#rpc_zmq_bind_address = * # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker = oslo_messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 +#rpc_zmq_port = 9501 # Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 +#rpc_zmq_contexts = 1 -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> +# Maximum number of ingress messages to locally buffer per topic. Default is +# unlimited. (integer value) +#rpc_zmq_topic_backlog = <None> # Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack +#rpc_zmq_ipc_dir = /var/run/openstack -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=keystone +# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match +# "host" option, if running Nova. (string value) +#rpc_zmq_host = localhost -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +# (integer value) +#rpc_cast_timeout = 30 # Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 +#matchmaker_heartbeat_freq = 300 # Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 +#matchmaker_heartbeat_ttl = 600 -# Size of RPC greenthread pool. (integer value) -#rpc_thread_pool_size=64 +# Size of RPC thread pool. (integer value) +#rpc_thread_pool_size = 64 -# Driver or drivers to handle sending notifications. (multi -# valued) -#notification_driver= +# Driver or drivers to handle sending notifications. (multi valued) +#notification_driver = # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics -#notification_topics=notifications +#notification_topics = notifications # Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -#transport_url=<None> - -# The messaging driver to use, defaults to rabbit. Other -# drivers include qpid and zmq. (string value) -rpc_backend=rabbit +#rpc_response_timeout = 60 -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -#control_exchange=keystone +# A URL representing the messaging driver to use and its full configuration. If +# not set, we fall back to the rpc_backend option and driver specific +# configuration. (string value) +#transport_url = <None> +# The messaging driver to use, defaults to rabbit. Other drivers include qpid +# and zmq. (string value) +rpc_backend = rabbit -# -# Options defined in keystone.notifications -# +# The default exchange under which topics are scoped. May be overridden by an +# exchange name specified in the transport_url option. (string value) +#control_exchange = keystone -# Default publisher_id for outgoing notifications (string -# value) -#default_publisher_id=<None> +[assignment] # -# Options defined in keystone.openstack.common.eventlet_backdoor +# From keystone # -# Enable eventlet backdoor. Acceptable values are 0, <port>, -# and <start>:<end>, where 0 results in listening on a random -# tcp port number; <port> results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port=<None> +# Assignment backend driver. (string value) +#driver = <None> + +[auth] # -# Options defined in keystone.openstack.common.log +# From keystone # -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> - -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format=<None> - -# Format string for %%(asctime)s in log records. Default: -# %(default)s . (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> - -# (Optional) The base directory used for relative --log-file -# paths. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> - -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and will change in J to honor RFC5424. (boolean -# value) -use_syslog=True - -# (Optional) Enables or disables syslog rfc5424 format for -# logging. If enabled, prefixes the MSG part of the syslog -# message with APP-NAME (RFC5424). The format without the APP- -# NAME is deprecated in I, and will be removed in J. (boolean -# value) -#use_syslog_rfc_format=false - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility=LOG_USER +# Default auth methods. (list value) +#methods = external,password,token,oauth1 +# The password auth plugin module. (string value) +#password = keystone.auth.plugins.password.Password -# -# Options defined in keystone.openstack.common.policy -# +# The token auth plugin module. (string value) +#token = keystone.auth.plugins.token.Token -# The JSON file that defines policies. (string value) -#policy_file=policy.json +# The external (REMOTE_USER) auth plugin module. (string value) +#external = keystone.auth.plugins.external.DefaultDomain -# Default rule. Enforced when a requested rule is not found. -# (string value) -#policy_default_rule=default +# The oAuth1.0 auth plugin module. (string value) +#oauth1 = keystone.auth.plugins.oauth1.OAuth -[assignment] +[cache] # -# Options defined in keystone +# From keystone # -# Assignment backend driver. (string value) -#driver=<None> - -# Toggle for assignment caching. This has no effect unless -# global caching is enabled. (boolean value) -#caching=true +# Prefix for building the configuration dictionary for the cache region. This +# should not need to be changed unless there is another dogpile.cache region +# with the same configuration name. (string value) +#config_prefix = cache.keystone -# TTL (in seconds) to cache assignment data. This has no -# effect unless global caching is enabled. (integer value) -#cache_time=<None> +# Default TTL, in seconds, for any cached item in the dogpile.cache region. +# This applies to any cached method that doesn't have an explicit cache +# expiration time defined for it. (integer value) +#expiration_time = 600 -# Maximum number of entities that will be returned in an -# assignment collection. (integer value) -#list_limit=<None> +# Dogpile.cache backend module. It is recommended that Memcache with pooling +# (keystone.cache.memcache_pool) or Redis (dogpile.cache.redis) be used in +# production deployments. Small workloads (single process) like devstack can +# use the dogpile.cache.memory backend. (string value) +#backend = keystone.common.cache.noop +# Arguments supplied to the backend module. Specify this option once per +# argument to be passed to the dogpile.cache backend. Example format: +# "<argname>:<value>". (multi valued) +#backend_argument = -[auth] +# Proxy classes to import that will affect the way the dogpile.cache backend +# functions. See the dogpile.cache documentation on changing-backend-behavior. +# (list value) +#proxies = -# -# Options defined in keystone -# - -# Default auth methods. (list value) -#methods=external,password,token - -# The password auth plugin module. (string value) -#password=keystone.auth.plugins.password.Password +# Global toggle for all caching using the should_cache_fn mechanism. (boolean +# value) +#enabled = false -# The token auth plugin module. (string value) -#token=keystone.auth.plugins.token.Token +# Extra debugging from the cache backend (cache keys, get/set/delete/etc +# calls). This is only really useful if you need to see the specific cache- +# backend get/set/delete calls with the keys/values. Typically this should be +# left set to false. (boolean value) +#debug_cache_backend = false -# The external (REMOTE_USER) auth plugin module. (string -# value) -#external=keystone.auth.plugins.external.DefaultDomain +# Memcache servers in the format of "host:port". (dogpile.cache.memcache and +# keystone.cache.memcache_pool backends only). (list value) +#memcache_servers = localhost:11211 +# Number of seconds memcached server is considered dead before it is tried +# again. (dogpile.cache.memcache and keystone.cache.memcache_pool backends +# only). (integer value) +#memcache_dead_retry = 300 -[cache] +# Timeout in seconds for every call to a server. (dogpile.cache.memcache and +# keystone.cache.memcache_pool backends only). (integer value) +#memcache_socket_timeout = 3 -# -# Options defined in keystone -# - -# Prefix for building the configuration dictionary for the -# cache region. This should not need to be changed unless -# there is another dogpile.cache region with the same -# configuration name. (string value) -#config_prefix=cache.keystone - -# Default TTL, in seconds, for any cached item in the -# dogpile.cache region. This applies to any cached method that -# doesn't have an explicit cache expiration time defined for -# it. (integer value) -#expiration_time=600 - -# Dogpile.cache backend module. It is recommended that -# Memcache with pooling (keystone.cache.memcache_pool) or -# Redis (dogpile.cache.redis) be used in production -# deployments. Small workloads (single process) like devstack -# can use the dogpile.cache.memory backend. (string value) -#backend=keystone.common.cache.noop - -# Arguments supplied to the backend module. Specify this -# option once per argument to be passed to the dogpile.cache -# backend. Example format: "<argname>:<value>". (multi valued) -#backend_argument= - -# Proxy classes to import that will affect the way the -# dogpile.cache backend functions. See the dogpile.cache -# documentation on changing-backend-behavior. (list value) -#proxies= - -# Global toggle for all caching using the should_cache_fn -# mechanism. (boolean value) -#enabled=false - -# Extra debugging from the cache backend (cache keys, -# get/set/delete/etc calls). This is only really useful if you -# need to see the specific cache-backend get/set/delete calls -# with the keys/values. Typically this should be left set to -# false. (boolean value) -#debug_cache_backend=false - -# Memcache servers in the format of "host:port". -# (dogpile.cache.memcache and keystone.cache.memcache_pool -# backends only) (list value) -#memcache_servers=localhost:11211 - -# Number of seconds memcached server is considered dead before -# it is tried again. (dogpile.cache.memcache and -# keystone.cache.memcache_pool backends only) (integer value) -#memcache_dead_retry=300 - -# Timeout in seconds for every call to a server. -# (dogpile.cache.memcache and keystone.cache.memcache_pool -# backends only) (integer value) -#memcache_socket_timeout=3 - -# Max total number of open connections to every memcached -# server. (keystone.cache.memcache_pool backend only) (integer -# value) -#memcache_pool_maxsize=10 +# Max total number of open connections to every memcached server. +# (keystone.cache.memcache_pool backend only). (integer value) +#memcache_pool_maxsize = 10 -# Number of seconds a connection to memcached is held unused -# in the pool before it is closed. -# (keystone.cache.memcache_pool backend only) (integer value) -#memcache_pool_unused_timeout=60 +# Number of seconds a connection to memcached is held unused in the pool before +# it is closed. (keystone.cache.memcache_pool backend only). (integer value) +#memcache_pool_unused_timeout = 60 -# Number of seconds that an operation will wait to get a -# memcache client connection. (integer value) -#memcache_pool_connection_get_timeout=10 +# Number of seconds that an operation will wait to get a memcache client +# connection. (integer value) +#memcache_pool_connection_get_timeout = 10 [catalog] # -# Options defined in keystone +# From keystone # -# Catalog template file name for use with the template catalog -# backend. (string value) -#template_file=default_catalog.templates +# Catalog template file name for use with the template catalog backend. (string +# value) +#template_file = default_catalog.templates # Catalog backend driver. (string value) -#driver=keystone.catalog.backends.sql.Catalog - -# Toggle for catalog caching. This has no effect unless global -# caching is enabled. (boolean value) -#caching=true +#driver = keystone.catalog.backends.sql.Catalog -# Time to cache catalog data (in seconds). This has no effect -# unless global and catalog caching are enabled. (integer -# value) -#cache_time=<None> +# Toggle for catalog caching. This has no effect unless global caching is +# enabled. (boolean value) +#caching = true -# Maximum number of entities that will be returned in a -# catalog collection. (integer value) -#list_limit=<None> +# Time to cache catalog data (in seconds). This has no effect unless global and +# catalog caching are enabled. (integer value) +#cache_time = <None> -# (Deprecated) List of possible substitutions for use in -# formatting endpoints. Use caution when modifying this list. -# It will give users with permission to create endpoints the -# ability to see those values in your configuration file. This -# option will be removed in Juno. (list value) -#endpoint_substitution_whitelist=tenant_id,user_id,public_bind_host,admin_bind_host,compute_host,compute_port,admin_port,public_port,public_endpoint,admin_endpoint +# Maximum number of entities that will be returned in a catalog collection. +# (integer value) +#list_limit = <None> [credential] # -# Options defined in keystone +# From keystone # # Credential backend driver. (string value) -#driver=keystone.credential.backends.sql.Credential +#driver = keystone.credential.backends.sql.Credential [database] # -# Options defined in oslo.db +# From oslo.db # # The file name to use with SQLite. (string value) -#sqlite_db=oslo.sqlite +# Deprecated group/name - [DEFAULT]/sqlite_db +#sqlite_db = oslo.sqlite # If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous=true +# Deprecated group/name - [DEFAULT]/sqlite_synchronous +#sqlite_synchronous = true # The back end to use for the database. (string value) # Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy +#backend = sqlalchemy -# The SQLAlchemy connection string to use to connect to the -# database. (string value) +# The SQLAlchemy connection string to use to connect to the database. (string +# value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection -#connection=<None> connection=postgresql://{{ KEYSTONE_DB_USER }}:{{ KEYSTONE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/keystone -# The SQLAlchemy connection string to use to connect to the -# slave database. (string value) -#slave_connection=<None> +# The SQLAlchemy connection string to use to connect to the slave database. +# (string value) +#slave_connection = <None> -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode=TRADITIONAL +# The SQL mode to be used for MySQL sessions. This option, including the +# default, overrides any server-set SQL mode. To use whatever SQL mode is set +# by the server configuration, set this to no value. Example: mysql_sql_mode= +# (string value) +#mysql_sql_mode = TRADITIONAL -# Timeout before idle SQL connections are reaped. (integer -# value) +# Timeout before idle SQL connections are reaped. (integer value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 +#idle_timeout = 3600 -# Minimum number of SQL connections to keep open in a pool. -# (integer value) +# Minimum number of SQL connections to keep open in a pool. (integer value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 +#min_pool_size = 1 -# Maximum number of SQL connections to keep open in a pool. -# (integer value) +# Maximum number of SQL connections to keep open in a pool. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size=<None> +#max_pool_size = <None> -# Maximum db connection retries during startup. Set to -1 to +# Maximum number of database connection retries during startup. Set to -1 to # specify an infinite retry count. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 +#max_retries = 10 -# Interval between retries of opening a SQL connection. -# (integer value) +# Interval between retries of opening a SQL connection. (integer value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 +#retry_interval = 10 -# If set, use this value for max_overflow with SQLAlchemy. -# (integer value) +# If set, use this value for max_overflow with SQLAlchemy. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow=<None> +#max_overflow = <None> -# Verbosity of SQL debugging information: 0=None, -# 100=Everything. (integer value) +# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 +#connection_debug = 0 -# Add Python stack traces to SQL as comment strings. (boolean -# value) +# Add Python stack traces to SQL as comment strings. (boolean value) # Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false +#connection_trace = false -# If set, use this value for pool_timeout with SQLAlchemy. -# (integer value) +# If set, use this value for pool_timeout with SQLAlchemy. (integer value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout=<None> +#pool_timeout = <None> -# Enable the experimental use of database reconnect on -# connection lost. (boolean value) -#use_db_reconnect=false +# Enable the experimental use of database reconnect on connection lost. +# (boolean value) +#use_db_reconnect = false -# Seconds between database connection retries. (integer value) -#db_retry_interval=1 +# Seconds between retries of a database transaction. (integer value) +#db_retry_interval = 1 -# If True, increases the interval between database connection -# retries up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval=true +# If True, increases the interval between retries of a database operation up to +# db_max_retry_interval. (boolean value) +#db_inc_retry_interval = true -# If db_inc_retry_interval is set, the maximum seconds between -# database connection retries. (integer value) -#db_max_retry_interval=10 +# If db_inc_retry_interval is set, the maximum seconds between retries of a +# database operation. (integer value) +#db_max_retry_interval = 10 -# Maximum database connection retries before error is raised. -# Set to -1 to specify an infinite retry count. (integer -# value) -#db_max_retries=20 +# Maximum retries in case of connection error or deadlock error before error is +# raised. Set to -1 to specify an infinite retry count. (integer value) +#db_max_retries = 20 -[ec2] +[domain_config] # -# Options defined in keystone +# From keystone # -# EC2Credential backend driver. (string value) -#driver=keystone.contrib.ec2.backends.kvs.Ec2 +# Domain config backend driver. (string value) +#driver = keystone.resource.config_backends.sql.DomainConfig + +# Toggle for domain config caching. This has no effect unless global caching is +# enabled. (boolean value) +#caching = true + +# TTL (in seconds) to cache domain config data. This has no effect unless +# domain config caching is enabled. (integer value) +#cache_time = 300 [endpoint_filter] # -# Options defined in keystone +# From keystone # # Endpoint Filter backend driver (string value) -#driver=keystone.contrib.endpoint_filter.backends.sql.EndpointFilter +#driver = keystone.contrib.endpoint_filter.backends.sql.EndpointFilter -# Toggle to return all active endpoints if no filter exists. -# (boolean value) -#return_all_endpoints_if_no_filter=true +# Toggle to return all active endpoints if no filter exists. (boolean value) +#return_all_endpoints_if_no_filter = true [endpoint_policy] # -# Options defined in keystone +# From keystone # # Endpoint policy backend driver (string value) -#driver=keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy +#driver = keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy + + +[eventlet_server] + +# +# From keystone +# + +# The number of worker processes to serve the public eventlet application. +# Defaults to number of CPUs (minimum of 2). (integer value) +# Deprecated group/name - [DEFAULT]/public_workers +#public_workers = <None> + +# The number of worker processes to serve the admin eventlet application. +# Defaults to number of CPUs (minimum of 2). (integer value) +# Deprecated group/name - [DEFAULT]/admin_workers +#admin_workers = <None> + +# The IP address of the network interface for the public service to listen on. +# (string value) +# Deprecated group/name - [DEFAULT]/bind_host +# Deprecated group/name - [DEFAULT]/public_bind_host +#public_bind_host = 0.0.0.0 + +# The port number which the public service listens on. (integer value) +# Deprecated group/name - [DEFAULT]/public_port +public_port = 5000 + +# The IP address of the network interface for the admin service to listen on. +# (string value) +# Deprecated group/name - [DEFAULT]/bind_host +# Deprecated group/name - [DEFAULT]/admin_bind_host +#admin_bind_host = 0.0.0.0 + +# The port number which the admin service listens on. (integer value) +# Deprecated group/name - [DEFAULT]/admin_port +admin_port = 35357 + +# Set this to true if you want to enable TCP_KEEPALIVE on server sockets, i.e. +# sockets used by the Keystone wsgi server for client connections. (boolean +# value) +# Deprecated group/name - [DEFAULT]/tcp_keepalive +#tcp_keepalive = false + +# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only +# applies if tcp_keepalive is true. (integer value) +# Deprecated group/name - [DEFAULT]/tcp_keepidle +#tcp_keepidle = 600 + + +[eventlet_server_ssl] + +# +# From keystone +# + +# Toggle for SSL support on the Keystone eventlet servers. (boolean value) +# Deprecated group/name - [ssl]/enable +#enable = false + +# Path of the certfile for SSL. For non-production environments, you may be +# interested in using `keystone-manage ssl_setup` to generate self-signed +# certificates. (string value) +# Deprecated group/name - [ssl]/certfile +#certfile = /etc/keystone/ssl/certs/keystone.pem + +# Path of the keyfile for SSL. (string value) +# Deprecated group/name - [ssl]/keyfile +#keyfile = /etc/keystone/ssl/private/keystonekey.pem + +# Path of the CA cert file for SSL. (string value) +# Deprecated group/name - [ssl]/ca_certs +#ca_certs = /etc/keystone/ssl/certs/ca.pem + +# Require client certificate. (boolean value) +# Deprecated group/name - [ssl]/cert_required +#cert_required = false [federation] # -# Options defined in keystone +# From keystone # # Federation backend driver. (string value) -#driver=keystone.contrib.federation.backends.sql.Federation +#driver = keystone.contrib.federation.backends.sql.Federation + +# Value to be used when filtering assertion parameters from the environment. +# (string value) +#assertion_prefix = + +# Value to be used to obtain the entity ID of the Identity Provider from the +# environment (e.g. if using the mod_shib plugin this value is `Shib-Identity- +# Provider`). (string value) +#remote_id_attribute = <None> + +# A domain name that is reserved to allow federated ephemeral users to have a +# domain concept. Note that an admin will not be able to create a domain with +# this name or update an existing domain to this name. You are not advised to +# change this value unless you really have to. Changing this option to empty +# string or None will not have any impact and default name will be used. +# (string value) +#federated_domain_name = Federated + +# A list of trusted dashboard hosts. Before accepting a Single Sign-On request +# to return a token, the origin host must be a member of the trusted_dashboard +# list. This configuration option may be repeated for multiple values. For +# example: trusted_dashboard=http://acme.com trusted_dashboard=http://beta.com +# (multi valued) +#trusted_dashboard = + +# Location of Single Sign-On callback handler, will return a token to a trusted +# dashboard host. (string value) +#sso_callback_template = /etc/keystone/sso_callback_template.html + + +[fernet_tokens] + +# +# From keystone +# -# Value to be used when filtering assertion parameters from -# the environment. (string value) -#assertion_prefix= +# Directory containing Fernet token keys. (string value) +#key_repository = /etc/keystone/fernet-keys/ + +# This controls how many keys are held in rotation by keystone-manage +# fernet_rotate before they are discarded. The default value of 3 means that +# keystone will maintain one staged key, one primary key, and one secondary +# key. Increasing this value means that additional secondary keys will be kept +# in the rotation. (integer value) +#max_active_keys = 3 [identity] # -# Options defined in keystone +# From keystone # -# This references the domain to use for all Identity API v2 -# requests (which are not aware of domains). A domain with -# this ID will be created for you by keystone-manage db_sync -# in migration 008. The domain referenced by this ID cannot be -# deleted on the v3 API, to prevent accidentally breaking the -# v2 API. There is nothing special about this domain, other -# than the fact that it must exist to order to maintain -# support for your v2 clients. (string value) -#default_domain_id=default +# This references the domain to use for all Identity API v2 requests (which are +# not aware of domains). A domain with this ID will be created for you by +# keystone-manage db_sync in migration 008. The domain referenced by this ID +# cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API. +# There is nothing special about this domain, other than the fact that it must +# exist to order to maintain support for your v2 clients. (string value) +#default_domain_id = default + +# A subset (or all) of domains can have their own identity driver, each with +# their own partial configuration options, stored in either the resource +# backend or in a file in a domain configuration directory (depending on the +# setting of domain_configurations_from_database). Only values specific to the +# domain need to be specified in this manner. This feature is disabled by +# default; set to true to enable. (boolean value) +#domain_specific_drivers_enabled = false -# A subset (or all) of domains can have their own identity -# driver, each with their own partial configuration file in a -# domain configuration directory. Only values specific to the -# domain need to be placed in the domain specific -# configuration file. This feature is disabled by default; set -# to true to enable. (boolean value) -#domain_specific_drivers_enabled=false +# Extract the domain specific configuration options from the resource backend +# where they have been stored with the domain data. This feature is disabled by +# default (in which case the domain specific options will be loaded from files +# in the domain configuration directory); set to true to enable. (boolean +# value) +#domain_configurations_from_database = false -# Path for Keystone to locate the domain specific identity -# configuration files if domain_specific_drivers_enabled is -# set to true. (string value) -#domain_config_dir=/etc/keystone/domains +# Path for Keystone to locate the domain specific identity configuration files +# if domain_specific_drivers_enabled is set to true. (string value) +#domain_config_dir = /etc/keystone/domains # Identity backend driver. (string value) -#driver=keystone.identity.backends.sql.Identity +#driver = keystone.identity.backends.sql.Identity -# Maximum supported length for user passwords; decrease to -# improve performance. (integer value) -#max_password_length=4096 +# Toggle for identity caching. This has no effect unless global caching is +# enabled. (boolean value) +#caching = true + +# Time to cache identity data (in seconds). This has no effect unless global +# and identity caching are enabled. (integer value) +#cache_time = 600 + +# Maximum supported length for user passwords; decrease to improve performance. +# (integer value) +#max_password_length = 4096 -# Maximum number of entities that will be returned in an -# identity collection. (integer value) -#list_limit=<None> +# Maximum number of entities that will be returned in an identity collection. +# (integer value) +#list_limit = <None> [identity_mapping] # -# Options defined in keystone +# From keystone # # Keystone Identity Mapping backend driver. (string value) -#driver=keystone.identity.mapping_backends.sql.Mapping - -# Public ID generator for user and group entities. The -# Keystone identity mapper only supports generators that -# produce no more than 64 characters. (string value) -#generator=keystone.identity.id_generators.sha256.Generator - -# The format of user and group IDs changed in Juno for -# backends that do not generate UUIDs (e.g. LDAP), with -# keystone providing a hash mapping to the underlying -# attribute in LDAP. By default this mapping is disabled, -# which ensures that existing IDs will not change. Even when -# the mapping is enabled by using domain specific drivers, any -# users and groups from the default domain being handled by -# LDAP will still not be mapped to ensure their IDs remain -# backward compatible. Setting this value to False will enable -# the mapping for even the default LDAP driver. It is only -# safe to do this if you do not already have assignments for -# users and groups from the default LDAP domain, and it is -# acceptable for Keystone to provide the different IDs to -# clients than it did previously. Typically this means that -# the only time you can set this value to False is when -# configuring a fresh installation. (boolean value) -#backward_compatible_ids=true +#driver = keystone.identity.mapping_backends.sql.Mapping + +# Public ID generator for user and group entities. The Keystone identity mapper +# only supports generators that produce no more than 64 characters. (string +# value) +#generator = keystone.identity.id_generators.sha256.Generator + +# The format of user and group IDs changed in Juno for backends that do not +# generate UUIDs (e.g. LDAP), with keystone providing a hash mapping to the +# underlying attribute in LDAP. By default this mapping is disabled, which +# ensures that existing IDs will not change. Even when the mapping is enabled +# by using domain specific drivers, any users and groups from the default +# domain being handled by LDAP will still not be mapped to ensure their IDs +# remain backward compatible. Setting this value to False will enable the +# mapping for even the default LDAP driver. It is only safe to do this if you +# do not already have assignments for users and groups from the default LDAP +# domain, and it is acceptable for Keystone to provide the different IDs to +# clients than it did previously. Typically this means that the only time you +# can set this value to False is when configuring a fresh installation. +# (boolean value) +#backward_compatible_ids = true [kvs] # -# Options defined in keystone +# From keystone # -# Extra dogpile.cache backend modules to register with the -# dogpile.cache library. (list value) -#backends= +# Extra dogpile.cache backend modules to register with the dogpile.cache +# library. (list value) +#backends = -# Prefix for building the configuration dictionary for the KVS -# region. This should not need to be changed unless there is -# another dogpile.cache region with the same configuration -# name. (string value) -#config_prefix=keystone.kvs +# Prefix for building the configuration dictionary for the KVS region. This +# should not need to be changed unless there is another dogpile.cache region +# with the same configuration name. (string value) +#config_prefix = keystone.kvs -# Toggle to disable using a key-mangling function to ensure -# fixed length keys. This is toggle-able for debugging -# purposes, it is highly recommended to always leave this set -# to true. (boolean value) -#enable_key_mangler=true +# Toggle to disable using a key-mangling function to ensure fixed length keys. +# This is toggle-able for debugging purposes, it is highly recommended to +# always leave this set to true. (boolean value) +#enable_key_mangler = true -# Default lock timeout for distributed locking. (integer -# value) -#default_lock_timeout=5 +# Default lock timeout (in seconds) for distributed locking. (integer value) +#default_lock_timeout = 5 [ldap] # -# Options defined in keystone +# From keystone # # URL for connecting to the LDAP server. (string value) -#url=ldap://localhost +#url = ldap://localhost # User BindDN to query the LDAP server. (string value) -#user=<None> +#user = <None> -# Password for the BindDN to query the LDAP server. (string -# value) -#password=<None> +# Password for the BindDN to query the LDAP server. (string value) +#password = <None> # LDAP server suffix (string value) -#suffix=cn=example,cn=com +#suffix = cn=example,cn=com -# If true, will add a dummy member to groups. This is required -# if the objectclass for groups requires the "member" -# attribute. (boolean value) -#use_dumb_member=false +# If true, will add a dummy member to groups. This is required if the +# objectclass for groups requires the "member" attribute. (boolean value) +#use_dumb_member = false -# DN of the "dummy member" to use when "use_dumb_member" is -# enabled. (string value) -#dumb_member=cn=dumb,dc=nonexistent +# DN of the "dummy member" to use when "use_dumb_member" is enabled. (string +# value) +#dumb_member = cn=dumb,dc=nonexistent -# Delete subtrees using the subtree delete control. Only -# enable this option if your LDAP server supports subtree -# deletion. (boolean value) -#allow_subtree_delete=false +# Delete subtrees using the subtree delete control. Only enable this option if +# your LDAP server supports subtree deletion. (boolean value) +#allow_subtree_delete = false -# The LDAP scope for queries, this can be either "one" -# (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). -# (string value) -#query_scope=one +# The LDAP scope for queries, this can be either "one" (onelevel/singleLevel) +# or "sub" (subtree/wholeSubtree). (string value) +#query_scope = one -# Maximum results per page; a value of zero ("0") disables -# paging. (integer value) -#page_size=0 +# Maximum results per page; a value of zero ("0") disables paging. (integer +# value) +#page_size = 0 -# The LDAP dereferencing option for queries. This can be -# either "never", "searching", "always", "finding" or -# "default". The "default" option falls back to using default -# dereferencing configured by your ldap.conf. (string value) -#alias_dereferencing=default +# The LDAP dereferencing option for queries. This can be either "never", +# "searching", "always", "finding" or "default". The "default" option falls +# back to using default dereferencing configured by your ldap.conf. (string +# value) +#alias_dereferencing = default -# Sets the LDAP debugging level for LDAP calls. A value of 0 -# means that debugging is not enabled. This value is a -# bitmask, consult your LDAP documentation for possible -# values. (integer value) -#debug_level=<None> +# Sets the LDAP debugging level for LDAP calls. A value of 0 means that +# debugging is not enabled. This value is a bitmask, consult your LDAP +# documentation for possible values. (integer value) +#debug_level = <None> -# Override the system's default referral chasing behavior for -# queries. (boolean value) -#chase_referrals=<None> +# Override the system's default referral chasing behavior for queries. (boolean +# value) +#chase_referrals = <None> # Search base for users. (string value) -#user_tree_dn=<None> +#user_tree_dn = <None> # LDAP search filter for users. (string value) -#user_filter=<None> +#user_filter = <None> # LDAP objectclass for users. (string value) -#user_objectclass=inetOrgPerson +#user_objectclass = inetOrgPerson -# LDAP attribute mapped to user id. WARNING: must not be a -# multivalued attribute. (string value) -#user_id_attribute=cn +# LDAP attribute mapped to user id. WARNING: must not be a multivalued +# attribute. (string value) +#user_id_attribute = cn # LDAP attribute mapped to user name. (string value) -#user_name_attribute=sn +#user_name_attribute = sn # LDAP attribute mapped to user email. (string value) -#user_mail_attribute=mail +#user_mail_attribute = mail # LDAP attribute mapped to password. (string value) -#user_pass_attribute=userPassword +#user_pass_attribute = userPassword # LDAP attribute mapped to user enabled flag. (string value) -#user_enabled_attribute=enabled - -# Invert the meaning of the boolean enabled values. Some LDAP -# servers use a boolean lock attribute where "true" means an -# account is disabled. Setting "user_enabled_invert = true" -# will allow these lock attributes to be used. This setting -# will have no effect if "user_enabled_mask" or -# "user_enabled_emulation" settings are in use. (boolean -# value) -#user_enabled_invert=false - -# Bitmask integer to indicate the bit that the enabled value -# is stored in if the LDAP server represents "enabled" as a -# bit on an integer rather than a boolean. A value of "0" -# indicates the mask is not used. If this is not set to "0" -# the typical value is "2". This is typically used when -# "user_enabled_attribute = userAccountControl". (integer -# value) -#user_enabled_mask=0 - -# Default value to enable users. This should match an -# appropriate int value if the LDAP server uses non-boolean -# (bitmask) values to indicate if a user is enabled or -# disabled. If this is not set to "True" the typical value is -# "512". This is typically used when "user_enabled_attribute = -# userAccountControl". (string value) -#user_enabled_default=True +#user_enabled_attribute = enabled + +# Invert the meaning of the boolean enabled values. Some LDAP servers use a +# boolean lock attribute where "true" means an account is disabled. Setting +# "user_enabled_invert = true" will allow these lock attributes to be used. +# This setting will have no effect if "user_enabled_mask" or +# "user_enabled_emulation" settings are in use. (boolean value) +#user_enabled_invert = false + +# Bitmask integer to indicate the bit that the enabled value is stored in if +# the LDAP server represents "enabled" as a bit on an integer rather than a +# boolean. A value of "0" indicates the mask is not used. If this is not set to +# "0" the typical value is "2". This is typically used when +# "user_enabled_attribute = userAccountControl". (integer value) +#user_enabled_mask = 0 + +# Default value to enable users. This should match an appropriate int value if +# the LDAP server uses non-boolean (bitmask) values to indicate if a user is +# enabled or disabled. If this is not set to "True" the typical value is "512". +# This is typically used when "user_enabled_attribute = userAccountControl". +# (string value) +#user_enabled_default = True -# List of attributes stripped off the user on update. (list -# value) -#user_attribute_ignore=default_project_id,tenants +# List of attributes stripped off the user on update. (list value) +#user_attribute_ignore = default_project_id,tenants -# LDAP attribute mapped to default_project_id for users. -# (string value) -#user_default_project_id_attribute=<None> +# LDAP attribute mapped to default_project_id for users. (string value) +#user_default_project_id_attribute = <None> # Allow user creation in LDAP backend. (boolean value) -#user_allow_create=true +#user_allow_create = true # Allow user updates in LDAP backend. (boolean value) -#user_allow_update=true +#user_allow_update = true # Allow user deletion in LDAP backend. (boolean value) -#user_allow_delete=true +#user_allow_delete = true -# If true, Keystone uses an alternative method to determine if -# a user is enabled or not by checking if they are a member of -# the "user_enabled_emulation_dn" group. (boolean value) -#user_enabled_emulation=false +# If true, Keystone uses an alternative method to determine if a user is +# enabled or not by checking if they are a member of the +# "user_enabled_emulation_dn" group. (boolean value) +#user_enabled_emulation = false -# DN of the group entry to hold enabled users when using -# enabled emulation. (string value) -#user_enabled_emulation_dn=<None> +# DN of the group entry to hold enabled users when using enabled emulation. +# (string value) +#user_enabled_emulation_dn = <None> -# List of additional LDAP attributes used for mapping -# additional attribute mappings for users. Attribute mapping -# format is <ldap_attr>:<user_attr>, where ldap_attr is the -# attribute in the LDAP entry and user_attr is the Identity -# API attribute. (list value) -#user_additional_attribute_mapping= +# List of additional LDAP attributes used for mapping additional attribute +# mappings for users. Attribute mapping format is <ldap_attr>:<user_attr>, +# where ldap_attr is the attribute in the LDAP entry and user_attr is the +# Identity API attribute. (list value) +#user_additional_attribute_mapping = # Search base for projects (string value) # Deprecated group/name - [ldap]/tenant_tree_dn -#project_tree_dn=<None> +#project_tree_dn = <None> # LDAP search filter for projects. (string value) # Deprecated group/name - [ldap]/tenant_filter -#project_filter=<None> +#project_filter = <None> # LDAP objectclass for projects. (string value) # Deprecated group/name - [ldap]/tenant_objectclass -#project_objectclass=groupOfNames +#project_objectclass = groupOfNames # LDAP attribute mapped to project id. (string value) # Deprecated group/name - [ldap]/tenant_id_attribute -#project_id_attribute=cn +#project_id_attribute = cn -# LDAP attribute mapped to project membership for user. -# (string value) +# LDAP attribute mapped to project membership for user. (string value) # Deprecated group/name - [ldap]/tenant_member_attribute -#project_member_attribute=member +#project_member_attribute = member # LDAP attribute mapped to project name. (string value) # Deprecated group/name - [ldap]/tenant_name_attribute -#project_name_attribute=ou +#project_name_attribute = ou # LDAP attribute mapped to project description. (string value) # Deprecated group/name - [ldap]/tenant_desc_attribute -#project_desc_attribute=description +#project_desc_attribute = description # LDAP attribute mapped to project enabled. (string value) # Deprecated group/name - [ldap]/tenant_enabled_attribute -#project_enabled_attribute=enabled +#project_enabled_attribute = enabled # LDAP attribute mapped to project domain_id. (string value) # Deprecated group/name - [ldap]/tenant_domain_id_attribute -#project_domain_id_attribute=businessCategory +#project_domain_id_attribute = businessCategory -# List of attributes stripped off the project on update. (list -# value) +# List of attributes stripped off the project on update. (list value) # Deprecated group/name - [ldap]/tenant_attribute_ignore -#project_attribute_ignore= +#project_attribute_ignore = # Allow project creation in LDAP backend. (boolean value) # Deprecated group/name - [ldap]/tenant_allow_create -#project_allow_create=true +#project_allow_create = true # Allow project update in LDAP backend. (boolean value) # Deprecated group/name - [ldap]/tenant_allow_update -#project_allow_update=true +#project_allow_update = true # Allow project deletion in LDAP backend. (boolean value) # Deprecated group/name - [ldap]/tenant_allow_delete -#project_allow_delete=true +#project_allow_delete = true -# If true, Keystone uses an alternative method to determine if -# a project is enabled or not by checking if they are a member -# of the "project_enabled_emulation_dn" group. (boolean value) +# If true, Keystone uses an alternative method to determine if a project is +# enabled or not by checking if they are a member of the +# "project_enabled_emulation_dn" group. (boolean value) # Deprecated group/name - [ldap]/tenant_enabled_emulation -#project_enabled_emulation=false +#project_enabled_emulation = false -# DN of the group entry to hold enabled projects when using -# enabled emulation. (string value) +# DN of the group entry to hold enabled projects when using enabled emulation. +# (string value) # Deprecated group/name - [ldap]/tenant_enabled_emulation_dn -#project_enabled_emulation_dn=<None> +#project_enabled_emulation_dn = <None> -# Additional attribute mappings for projects. Attribute -# mapping format is <ldap_attr>:<user_attr>, where ldap_attr -# is the attribute in the LDAP entry and user_attr is the -# Identity API attribute. (list value) +# Additional attribute mappings for projects. Attribute mapping format is +# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry +# and user_attr is the Identity API attribute. (list value) # Deprecated group/name - [ldap]/tenant_additional_attribute_mapping -#project_additional_attribute_mapping= +#project_additional_attribute_mapping = # Search base for roles. (string value) -#role_tree_dn=<None> +#role_tree_dn = <None> # LDAP search filter for roles. (string value) -#role_filter=<None> +#role_filter = <None> # LDAP objectclass for roles. (string value) -#role_objectclass=organizationalRole +#role_objectclass = organizationalRole # LDAP attribute mapped to role id. (string value) -#role_id_attribute=cn +#role_id_attribute = cn # LDAP attribute mapped to role name. (string value) -#role_name_attribute=ou +#role_name_attribute = ou # LDAP attribute mapped to role membership. (string value) -#role_member_attribute=roleOccupant +#role_member_attribute = roleOccupant -# List of attributes stripped off the role on update. (list -# value) -#role_attribute_ignore= +# List of attributes stripped off the role on update. (list value) +#role_attribute_ignore = # Allow role creation in LDAP backend. (boolean value) -#role_allow_create=true +#role_allow_create = true # Allow role update in LDAP backend. (boolean value) -#role_allow_update=true +#role_allow_update = true # Allow role deletion in LDAP backend. (boolean value) -#role_allow_delete=true +#role_allow_delete = true -# Additional attribute mappings for roles. Attribute mapping -# format is <ldap_attr>:<user_attr>, where ldap_attr is the -# attribute in the LDAP entry and user_attr is the Identity -# API attribute. (list value) -#role_additional_attribute_mapping= +# Additional attribute mappings for roles. Attribute mapping format is +# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry +# and user_attr is the Identity API attribute. (list value) +#role_additional_attribute_mapping = # Search base for groups. (string value) -#group_tree_dn=<None> +#group_tree_dn = <None> # LDAP search filter for groups. (string value) -#group_filter=<None> +#group_filter = <None> # LDAP objectclass for groups. (string value) -#group_objectclass=groupOfNames +#group_objectclass = groupOfNames # LDAP attribute mapped to group id. (string value) -#group_id_attribute=cn +#group_id_attribute = cn # LDAP attribute mapped to group name. (string value) -#group_name_attribute=ou +#group_name_attribute = ou -# LDAP attribute mapped to show group membership. (string -# value) -#group_member_attribute=member +# LDAP attribute mapped to show group membership. (string value) +#group_member_attribute = member # LDAP attribute mapped to group description. (string value) -#group_desc_attribute=description +#group_desc_attribute = description -# List of attributes stripped off the group on update. (list -# value) -#group_attribute_ignore= +# List of attributes stripped off the group on update. (list value) +#group_attribute_ignore = # Allow group creation in LDAP backend. (boolean value) -#group_allow_create=true +#group_allow_create = true # Allow group update in LDAP backend. (boolean value) -#group_allow_update=true +#group_allow_update = true # Allow group deletion in LDAP backend. (boolean value) -#group_allow_delete=true - -# Additional attribute mappings for groups. Attribute mapping -# format is <ldap_attr>:<user_attr>, where ldap_attr is the -# attribute in the LDAP entry and user_attr is the Identity -# API attribute. (list value) -#group_additional_attribute_mapping= +#group_allow_delete = true -# CA certificate file path for communicating with LDAP -# servers. (string value) -#tls_cacertfile=<None> +# Additional attribute mappings for groups. Attribute mapping format is +# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry +# and user_attr is the Identity API attribute. (list value) +#group_additional_attribute_mapping = -# CA certificate directory path for communicating with LDAP -# servers. (string value) -#tls_cacertdir=<None> +# CA certificate file path for communicating with LDAP servers. (string value) +#tls_cacertfile = <None> -# Enable TLS for communicating with LDAP servers. (boolean +# CA certificate directory path for communicating with LDAP servers. (string # value) -#use_tls=false +#tls_cacertdir = <None> -# Valid options for tls_req_cert are demand, never, and allow. -# (string value) -#tls_req_cert=demand +# Enable TLS for communicating with LDAP servers. (boolean value) +#use_tls = false + +# Valid options for tls_req_cert are demand, never, and allow. (string value) +#tls_req_cert = demand # Enable LDAP connection pooling. (boolean value) -#use_pool=false +#use_pool = false # Connection pool size. (integer value) -#pool_size=10 +#pool_size = 10 # Maximum count of reconnect trials. (integer value) -#pool_retry_max=3 +#pool_retry_max = 3 -# Time span in seconds to wait between two reconnect trials. -# (floating point value) -#pool_retry_delay=0.1 +# Time span in seconds to wait between two reconnect trials. (floating point +# value) +#pool_retry_delay = 0.1 -# Connector timeout in seconds. Value -1 indicates indefinite -# wait for response. (integer value) -#pool_connection_timeout=-1 +# Connector timeout in seconds. Value -1 indicates indefinite wait for +# response. (integer value) +#pool_connection_timeout = -1 # Connection lifetime in seconds. (integer value) -#pool_connection_lifetime=600 +#pool_connection_lifetime = 600 -# Enable LDAP connection pooling for end user authentication. -# If use_pool is disabled, then this setting is meaningless -# and is not used at all. (boolean value) -#use_auth_pool=false +# Enable LDAP connection pooling for end user authentication. If use_pool is +# disabled, then this setting is meaningless and is not used at all. (boolean +# value) +#use_auth_pool = false # End user auth connection pool size. (integer value) -#auth_pool_size=100 +#auth_pool_size = 100 -# End user auth connection lifetime in seconds. (integer -# value) -#auth_pool_connection_lifetime=60 +# End user auth connection lifetime in seconds. (integer value) +#auth_pool_connection_lifetime = 60 [matchmaker_redis] # -# Options defined in oslo.messaging +# From oslo.messaging # # Host to locate redis. (string value) -#host=127.0.0.1 +#host = 127.0.0.1 # Use this port to connect to redis host. (integer value) -#port=6379 +#port = 6379 # Password for Redis server (optional). (string value) -#password=<None> +#password = <None> [matchmaker_ring] # -# Options defined in oslo.messaging +# From oslo.messaging # # Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json +#ringfile = /etc/oslo/matchmaker_ring.json [memcache] # -# Options defined in keystone +# From keystone # # Memcache servers in the format of "host:port". (list value) -#servers=localhost:11211 - -# Number of seconds memcached server is considered dead before -# it is tried again. This is used by the key value store -# system (e.g. token pooled memcached persistence backend). -# (integer value) -#dead_retry=300 +#servers = localhost:11211 -# Timeout in seconds for every call to a server. This is used -# by the key value store system (e.g. token pooled memcached -# persistence backend). (integer value) -#socket_timeout=3 +# Number of seconds memcached server is considered dead before it is tried +# again. This is used by the key value store system (e.g. token pooled +# memcached persistence backend). (integer value) +#dead_retry = 300 -# Max total number of open connections to every memcached -# server. This is used by the key value store system (e.g. -# token pooled memcached persistence backend). (integer value) -#pool_maxsize=10 +# Timeout in seconds for every call to a server. This is used by the key value +# store system (e.g. token pooled memcached persistence backend). (integer +# value) +#socket_timeout = 3 -# Number of seconds a connection to memcached is held unused -# in the pool before it is closed. This is used by the key -# value store system (e.g. token pooled memcached persistence +# Max total number of open connections to every memcached server. This is used +# by the key value store system (e.g. token pooled memcached persistence # backend). (integer value) -#pool_unused_timeout=60 +#pool_maxsize = 10 -# Number of seconds that an operation will wait to get a -# memcache client connection. This is used by the key value -# store system (e.g. token pooled memcached persistence -# backend). (integer value) -#pool_connection_get_timeout=10 +# Number of seconds a connection to memcached is held unused in the pool before +# it is closed. This is used by the key value store system (e.g. token pooled +# memcached persistence backend). (integer value) +#pool_unused_timeout = 60 + +# Number of seconds that an operation will wait to get a memcache client +# connection. This is used by the key value store system (e.g. token pooled +# memcached persistence backend). (integer value) +#pool_connection_get_timeout = 10 [oauth1] # -# Options defined in keystone +# From keystone # # Credential backend driver. (string value) -#driver=keystone.contrib.oauth1.backends.sql.OAuth1 +#driver = keystone.contrib.oauth1.backends.sql.OAuth1 -# Duration (in seconds) for the OAuth Request Token. (integer -# value) -#request_token_duration=28800 +# Duration (in seconds) for the OAuth Request Token. (integer value) +#request_token_duration = 28800 -# Duration (in seconds) for the OAuth Access Token. (integer -# value) -#access_token_duration=86400 +# Duration (in seconds) for the OAuth Access Token. (integer value) +#access_token_duration = 86400 [os_inherit] # -# Options defined in keystone +# From keystone +# + +# role-assignment inheritance to projects from owning domain or from projects +# higher in the hierarchy can be optionally enabled. (boolean value) +#enabled = false + + +[oslo_messaging_amqp] + # +# From oslo.messaging +# + +# address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +#server_request_prefix = exclusive + +# address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +#broadcast_prefix = broadcast + +# address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +#group_request_prefix = unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +#container_name = <None> + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +#idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +#trace = false + +# CA certificate PEM file for verifing server certificate (string value) +# Deprecated group/name - [amqp1]/ssl_ca_file +#ssl_ca_file = + +# Identifying certificate PEM file to present to clients (string value) +# Deprecated group/name - [amqp1]/ssl_cert_file +#ssl_cert_file = + +# Private key PEM file used to sign cert_file certificate (string value) +# Deprecated group/name - [amqp1]/ssl_key_file +#ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +#ssl_key_password = <None> + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +#allow_insecure_clients = false -# role-assignment inheritance to projects from owning domain -# can be optionally enabled. (boolean value) -#enabled=false + +[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +#qpid_hostname = localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +#qpid_port = 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +#qpid_hosts = $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +#qpid_username = + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +#qpid_password = + +# Space separated list of SASL mechanisms to use for auth. (string value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +#qpid_sasl_mechanisms = + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +#qpid_heartbeat = 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +#qpid_protocol = tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +#qpid_tcp_nodelay = true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +#qpid_receiver_capacity = 1 + +# The qpid topology version to use. Version 1 is what was originally used by +# impl_qpid. Version 2 includes some backwards-incompatible changes that allow +# broker federation to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +#qpid_topology_version = 1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and +# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some +# distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +#kombu_ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +#kombu_ssl_keyfile = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +#kombu_ssl_certfile = + +# SSL certification authority file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +#kombu_ssl_ca_certs = + +# How long to wait before reconnecting in response to an AMQP consumer cancel +# notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +#kombu_reconnect_delay = 1.0 + +# The RabbitMQ broker address where a single node is used. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_host +rabbit_host = {{ RABBITMQ_HOST }} + +# The RabbitMQ broker port where a single node is used. (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_port +rabbit_port = {{ RABBITMQ_PORT }} + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +rabbit_hosts = $rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +rabbit_use_ssl = false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +rabbit_userid = {{ RABBITMQ_USER }} + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +rabbit_password = {{ RABBITMQ_PASSWORD }} + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +#rabbit_login_method = AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +#rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +#rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +#rabbit_retry_backoff = 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry +# count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +#rabbit_max_retries = 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you +# must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +#rabbit_ha_queues = false + +# Number of seconds after which the Rabbit broker is considered down if +# heartbeat's keep-alive fails (0 disable the heartbeat). (integer value) +#heartbeat_timeout_threshold = 60 + +# How often times during the heartbeat_timeout_threshold we check the +# heartbeat. (integer value) +#heartbeat_rate = 2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +#fake_rabbit = false + + +[oslo_middleware] + +# +# From oslo.middleware +# + +# The maximum body size for each request, in bytes. (integer value) +# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size +# Deprecated group/name - [DEFAULT]/max_request_body_size +#max_request_body_size = 114688 + + +[oslo_policy] + +# +# From oslo.policy +# + +# The JSON file that defines policies. (string value) +# Deprecated group/name - [DEFAULT]/policy_file +#policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. (string value) +# Deprecated group/name - [DEFAULT]/policy_default_rule +#policy_default_rule = default + +# Directories where policy configuration files are stored. They can be relative +# to any directory in the search path defined by the config_dir option, or +# absolute paths. The file defined by policy_file must exist for these +# directories to be searched. Missing or empty directories are ignored. (multi +# valued) +# Deprecated group/name - [DEFAULT]/policy_dirs +#policy_dirs = policy.d [paste_deploy] # -# Options defined in keystone +# From keystone # -# Name of the paste configuration file that defines the -# available pipelines. (string value) -#config_file=keystone-paste.ini +# Name of the paste configuration file that defines the available pipelines. +# (string value) +#config_file = keystone-paste.ini [policy] # -# Options defined in keystone +# From keystone # # Policy backend driver. (string value) -#driver=keystone.policy.backends.sql.Policy +#driver = keystone.policy.backends.sql.Policy + +# Maximum number of entities that will be returned in a policy collection. +# (integer value) +#list_limit = <None> + -# Maximum number of entities that will be returned in a policy -# collection. (integer value) -#list_limit=<None> +[resource] + +# +# From keystone +# + +# Resource backend driver. If a resource driver is not specified, the +# assignment driver will choose the resource driver. (string value) +#driver = <None> + +# Toggle for resource caching. This has no effect unless global caching is +# enabled. (boolean value) +# Deprecated group/name - [assignment]/caching +#caching = true + +# TTL (in seconds) to cache resource data. This has no effect unless global +# caching is enabled. (integer value) +# Deprecated group/name - [assignment]/cache_time +#cache_time = <None> + +# Maximum number of entities that will be returned in a resource collection. +# (integer value) +# Deprecated group/name - [assignment]/list_limit +#list_limit = <None> [revoke] # -# Options defined in keystone +# From keystone +# + +# An implementation of the backend for persisting revocation events. (string +# value) +#driver = keystone.contrib.revoke.backends.sql.Revoke + +# This value (calculated in seconds) is added to token expiration before a +# revocation event may be removed from the backend. (integer value) +#expiration_buffer = 1800 + +# Toggle for revocation event caching. This has no effect unless global caching +# is enabled. (boolean value) +#caching = true + +# Time to cache the revocation list and the revocation events (in seconds). +# This has no effect unless global and token caching are enabled. (integer +# value) +# Deprecated group/name - [token]/revocation_cache_time +#cache_time = 3600 + + +[role] + +# +# From keystone # -# An implementation of the backend for persisting revocation -# events. (string value) -#driver=keystone.contrib.revoke.backends.kvs.Revoke +# Role backend driver. (string value) +#driver = <None> -# This value (calculated in seconds) is added to token -# expiration before a revocation event may be removed from the -# backend. (integer value) -#expiration_buffer=1800 +# Toggle for role caching. This has no effect unless global caching is enabled. +# (boolean value) +#caching = true + +# TTL (in seconds) to cache role data. This has no effect unless global caching +# is enabled. (integer value) +#cache_time = <None> -# Toggle for revocation event caching. This has no effect -# unless global caching is enabled. (boolean value) -#caching=true +# Maximum number of entities that will be returned in a role collection. +# (integer value) +#list_limit = <None> [saml] # -# Options defined in keystone +# From keystone # -# Default TTL, in seconds, for any generated SAML assertion -# created by Keystone. (integer value) -#assertion_expiration_time=3600 +# Default TTL, in seconds, for any generated SAML assertion created by +# Keystone. (integer value) +#assertion_expiration_time = 3600 -# Binary to be called for XML signing. Install the appropriate -# package, specify absolute path or adjust your PATH -# environment variable if the binary cannot be found. (string -# value) -#xmlsec1_binary=xmlsec1 - -# Path of the certfile for SAML signing. For non-production -# environments, you may be interested in using `keystone- -# manage pki_setup` to generate self-signed certificates. -# Note, the path cannot contain a comma. (string value) -#certfile=/etc/keystone/ssl/certs/signing_cert.pem - -# Path of the keyfile for SAML signing. Note, the path cannot -# contain a comma. (string value) -#keyfile=/etc/keystone/ssl/private/signing_key.pem - -# Entity ID value for unique Identity Provider identification. -# Usually FQDN is set with a suffix. A value is required to -# generate IDP Metadata. For example: -# https://keystone.example.com/v3/OS-FEDERATION/saml2/idp -# (string value) -#idp_entity_id=<None> +# Binary to be called for XML signing. Install the appropriate package, specify +# absolute path or adjust your PATH environment variable if the binary cannot +# be found. (string value) +#xmlsec1_binary = xmlsec1 + +# Path of the certfile for SAML signing. For non-production environments, you +# may be interested in using `keystone-manage pki_setup` to generate self- +# signed certificates. Note, the path cannot contain a comma. (string value) +#certfile = /etc/keystone/ssl/certs/signing_cert.pem -# Identity Provider Single-Sign-On service value, required in -# the Identity Provider's metadata. A value is required to -# generate IDP Metadata. For example: -# https://keystone.example.com/v3/OS-FEDERATION/saml2/sso +# Path of the keyfile for SAML signing. Note, the path cannot contain a comma. # (string value) -#idp_sso_endpoint=<None> +#keyfile = /etc/keystone/ssl/private/signing_key.pem -# Language used by the organization. (string value) -#idp_lang=en +# Entity ID value for unique Identity Provider identification. Usually FQDN is +# set with a suffix. A value is required to generate IDP Metadata. For example: +# https://keystone.example.com/v3/OS-FEDERATION/saml2/idp (string value) +#idp_entity_id = <None> -# Organization name the installation belongs to. (string +# Identity Provider Single-Sign-On service value, required in the Identity +# Provider's metadata. A value is required to generate IDP Metadata. For +# example: https://keystone.example.com/v3/OS-FEDERATION/saml2/sso (string # value) -#idp_organization_name=<None> +#idp_sso_endpoint = <None> + +# Language used by the organization. (string value) +#idp_lang = en + +# Organization name the installation belongs to. (string value) +#idp_organization_name = <None> # Organization name to be displayed. (string value) -#idp_organization_display_name=<None> +#idp_organization_display_name = <None> # URL of the organization. (string value) -#idp_organization_url=<None> +#idp_organization_url = <None> # Company of contact person. (string value) -#idp_contact_company=<None> +#idp_contact_company = <None> # Given name of contact person (string value) -#idp_contact_name=<None> +#idp_contact_name = <None> # Surname of contact person. (string value) -#idp_contact_surname=<None> +#idp_contact_surname = <None> # Email address of contact person. (string value) -#idp_contact_email=<None> +#idp_contact_email = <None> # Telephone number of contact person. (string value) -#idp_contact_telephone=<None> +#idp_contact_telephone = <None> + +# Contact type. Allowed values are: technical, support, administrative billing, +# and other (string value) +#idp_contact_type = other -# Contact type. Allowed values are: technical, support, -# administrative billing, and other (string value) -#idp_contact_type=other +# Path to the Identity Provider Metadata file. This file should be generated +# with the keystone-manage saml_idp_metadata command. (string value) +#idp_metadata_path = /etc/keystone/saml2_idp_metadata.xml -# Path to the Identity Provider Metadata file. This file -# should be generated with the keystone-manage -# saml_idp_metadata command. (string value) -#idp_metadata_path=/etc/keystone/saml2_idp_metadata.xml +# The prefix to use for the RelayState SAML attribute, used when generating ECP +# wrapped assertions. (string value) +#relay_state_prefix = ss:mem: [signing] # -# Options defined in keystone +# From keystone # -# Deprecated in favor of provider in the [token] section. -# (string value) -#token_format=<None> - -# Path of the certfile for token signing. For non-production -# environments, you may be interested in using `keystone- -# manage pki_setup` to generate self-signed certificates. -# (string value) -#certfile=/etc/keystone/ssl/certs/signing_cert.pem +# Path of the certfile for token signing. For non-production environments, you +# may be interested in using `keystone-manage pki_setup` to generate self- +# signed certificates. (string value) +#certfile = /etc/keystone/ssl/certs/signing_cert.pem # Path of the keyfile for token signing. (string value) -#keyfile=/etc/keystone/ssl/private/signing_key.pem +#keyfile = /etc/keystone/ssl/private/signing_key.pem # Path of the CA for token signing. (string value) -#ca_certs=/etc/keystone/ssl/certs/ca.pem +#ca_certs = /etc/keystone/ssl/certs/ca.pem # Path of the CA key for token signing. (string value) -#ca_key=/etc/keystone/ssl/private/cakey.pem +#ca_key = /etc/keystone/ssl/private/cakey.pem -# Key size (in bits) for token signing cert (auto generated -# certificate). (integer value) -#key_size=2048 +# Key size (in bits) for token signing cert (auto generated certificate). +# (integer value) +#key_size = 2048 -# Days the token signing cert is valid for (auto generated -# certificate). (integer value) -#valid_days=3650 +# Days the token signing cert is valid for (auto generated certificate). +# (integer value) +#valid_days = 3650 -# Certificate subject (auto generated certificate) for token -# signing. (string value) -#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com +# Certificate subject (auto generated certificate) for token signing. (string +# value) +#cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com [ssl] # -# Options defined in keystone +# From keystone # -# Toggle for SSL support on the Keystone eventlet servers. -# (boolean value) -#enable=false - -# Path of the certfile for SSL. For non-production -# environments, you may be interested in using `keystone- -# manage ssl_setup` to generate self-signed certificates. -# (string value) -#certfile=/etc/keystone/ssl/certs/keystone.pem - -# Path of the keyfile for SSL. (string value) -#keyfile=/etc/keystone/ssl/private/keystonekey.pem - -# Path of the ca cert file for SSL. (string value) -#ca_certs=/etc/keystone/ssl/certs/ca.pem - # Path of the CA key file for SSL. (string value) -#ca_key=/etc/keystone/ssl/private/cakey.pem +#ca_key = /etc/keystone/ssl/private/cakey.pem -# Require client certificate. (boolean value) -#cert_required=false +# SSL key length (in bits) (auto generated certificate). (integer value) +#key_size = 1024 -# SSL key length (in bits) (auto generated certificate). +# Days the certificate is valid for once signed (auto generated certificate). # (integer value) -#key_size=1024 - -# Days the certificate is valid for once signed (auto -# generated certificate). (integer value) -#valid_days=3650 - -# SSL certificate subject (auto generated certificate). -# (string value) -#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost - - -[stats] +#valid_days = 3650 -# -# Options defined in keystone -# - -# Stats backend driver. (string value) -#driver=keystone.contrib.stats.backends.kvs.Stats +# SSL certificate subject (auto generated certificate). (string value) +#cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=localhost [token] # -# Options defined in keystone +# From keystone # -# External auth mechanisms that should add bind information to -# token, e.g., kerberos,x509. (list value) -#bind= +# External auth mechanisms that should add bind information to token, e.g., +# kerberos,x509. (list value) +#bind = -# Enforcement policy on tokens presented to Keystone with bind -# information. One of disabled, permissive, strict, required -# or a specifically required bind mode, e.g., kerberos or x509 -# to require binding to that authentication. (string value) -#enforce_token_bind=permissive +# Enforcement policy on tokens presented to Keystone with bind information. One +# of disabled, permissive, strict, required or a specifically required bind +# mode, e.g., kerberos or x509 to require binding to that authentication. +# (string value) +#enforce_token_bind = permissive -# Amount of time a token should remain valid (in seconds). -# (integer value) -#expiration=3600 +# Amount of time a token should remain valid (in seconds). (integer value) +#expiration = 3600 -# Controls the token construction, validation, and revocation -# operations. Core providers are -# "keystone.token.providers.[pkiz|pki|uuid].Provider". The -# default provider is pkiz. (string value) -provider=keystone.token.providers.uuid.Provider +# Controls the token construction, validation, and revocation operations. Core +# providers are "keystone.token.providers.[fernet|pkiz|pki|uuid].Provider". +# (string value) +provider = keystone.token.providers.uuid.Provider # Token persistence backend driver. (string value) -driver=keystone.token.backends.sql.Token +driver = keystone.token.persistence.backends.sql.Token -# Toggle for token system caching. This has no effect unless -# global caching is enabled. (boolean value) -#caching=true +# Toggle for token system caching. This has no effect unless global caching is +# enabled. (boolean value) +#caching = true -# Time to cache the revocation list and the revocation events -# if revoke extension is enabled (in seconds). This has no -# effect unless global and token caching are enabled. (integer -# value) -#revocation_cache_time=3600 - -# Time to cache tokens (in seconds). This has no effect unless -# global and token caching are enabled. (integer value) -#cache_time=<None> - -# Revoke token by token identifier. Setting revoke_by_id to -# true enables various forms of enumerating tokens, e.g. `list -# tokens for user`. These enumerations are processed to -# determine the list of tokens to revoke. Only disable if you -# are switching to using the Revoke extension with a backend -# other than KVS, which stores events in memory. (boolean +# Time to cache tokens (in seconds). This has no effect unless global and token +# caching are enabled. (integer value) +#cache_time = <None> + +# Revoke token by token identifier. Setting revoke_by_id to true enables +# various forms of enumerating tokens, e.g. `list tokens for user`. These +# enumerations are processed to determine the list of tokens to revoke. Only +# disable if you are switching to using the Revoke extension with a backend +# other than KVS, which stores events in memory. (boolean value) +#revoke_by_id = true + +# Allow rescoping of scoped token. Setting allow_rescoped_scoped_token to false +# prevents a user from exchanging a scoped token for any other token. (boolean # value) -#revoke_by_id=true +#allow_rescope_scoped_token = true -# The hash algorithm to use for PKI tokens. This can be set to -# any algorithm that hashlib supports. WARNING: Before -# changing this value, the auth_token middleware must be -# configured with the hash_algorithms, otherwise token +# The hash algorithm to use for PKI tokens. This can be set to any algorithm +# that hashlib supports. WARNING: Before changing this value, the auth_token +# middleware must be configured with the hash_algorithms, otherwise token # revocation will not be processed correctly. (string value) -#hash_algorithm=md5 +#hash_algorithm = md5 [trust] # -# Options defined in keystone +# From keystone # -# Delegation and impersonation features can be optionally -# disabled. (boolean value) -#enabled=true +# Delegation and impersonation features can be optionally disabled. (boolean +# value) +#enabled = true -# Trust backend driver. (string value) -#driver=keystone.trust.backends.sql.Trust +# Enable redelegation feature. (boolean value) +#allow_redelegation = false +# Maximum depth of trust redelegation. (integer value) +#max_redelegation_count = 3 +# Trust backend driver. (string value) +#driver = keystone.trust.backends.sql.Trust diff --git a/install-files/openstack/usr/share/openstack/keystone/logging.conf b/install-files/openstack/usr/share/openstack/keystone/logging.conf deleted file mode 100644 index 6cb8c425..00000000 --- a/install-files/openstack/usr/share/openstack/keystone/logging.conf +++ /dev/null @@ -1,65 +0,0 @@ -[loggers] -keys=root,access - -[handlers] -keys=production,file,access_file,devel - -[formatters] -keys=minimal,normal,debug - - -########### -# Loggers # -########### - -[logger_root] -level=WARNING -handlers=file - -[logger_access] -level=INFO -qualname=access -handlers=access_file - - -################ -# Log Handlers # -################ - -[handler_production] -class=handlers.SysLogHandler -level=ERROR -formatter=normal -args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) - -[handler_file] -class=handlers.WatchedFileHandler -level=WARNING -formatter=normal -args=('error.log',) - -[handler_access_file] -class=handlers.WatchedFileHandler -level=INFO -formatter=minimal -args=('access.log',) - -[handler_devel] -class=StreamHandler -level=NOTSET -formatter=debug -args=(sys.stdout,) - - -################## -# Log Formatters # -################## - -[formatter_minimal] -format=%(message)s - -[formatter_normal] -format=(%(name)s): %(asctime)s %(levelname)s %(message)s - -[formatter_debug] -format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s diff --git a/install-files/openstack/usr/share/openstack/keystone/policy.json b/install-files/openstack/usr/share/openstack/keystone/policy.json deleted file mode 100644 index af65205e..00000000 --- a/install-files/openstack/usr/share/openstack/keystone/policy.json +++ /dev/null @@ -1,171 +0,0 @@ -{ - "admin_required": "role:admin or is_admin:1", - "service_role": "role:service", - "service_or_admin": "rule:admin_required or rule:service_role", - "owner" : "user_id:%(user_id)s", - "admin_or_owner": "rule:admin_required or rule:owner", - - "default": "rule:admin_required", - - "identity:get_region": "", - "identity:list_regions": "", - "identity:create_region": "rule:admin_required", - "identity:update_region": "rule:admin_required", - "identity:delete_region": "rule:admin_required", - - "identity:get_service": "rule:admin_required", - "identity:list_services": "rule:admin_required", - "identity:create_service": "rule:admin_required", - "identity:update_service": "rule:admin_required", - "identity:delete_service": "rule:admin_required", - - "identity:get_endpoint": "rule:admin_required", - "identity:list_endpoints": "rule:admin_required", - "identity:create_endpoint": "rule:admin_required", - "identity:update_endpoint": "rule:admin_required", - "identity:delete_endpoint": "rule:admin_required", - - "identity:get_domain": "rule:admin_required", - "identity:list_domains": "rule:admin_required", - "identity:create_domain": "rule:admin_required", - "identity:update_domain": "rule:admin_required", - "identity:delete_domain": "rule:admin_required", - - "identity:get_project": "rule:admin_required", - "identity:list_projects": "rule:admin_required", - "identity:list_user_projects": "rule:admin_or_owner", - "identity:create_project": "rule:admin_required", - "identity:update_project": "rule:admin_required", - "identity:delete_project": "rule:admin_required", - - "identity:get_user": "rule:admin_required", - "identity:list_users": "rule:admin_required", - "identity:create_user": "rule:admin_required", - "identity:update_user": "rule:admin_required", - "identity:delete_user": "rule:admin_required", - "identity:change_password": "rule:admin_or_owner", - - "identity:get_group": "rule:admin_required", - "identity:list_groups": "rule:admin_required", - "identity:list_groups_for_user": "rule:admin_or_owner", - "identity:create_group": "rule:admin_required", - "identity:update_group": "rule:admin_required", - "identity:delete_group": "rule:admin_required", - "identity:list_users_in_group": "rule:admin_required", - "identity:remove_user_from_group": "rule:admin_required", - "identity:check_user_in_group": "rule:admin_required", - "identity:add_user_to_group": "rule:admin_required", - - "identity:get_credential": "rule:admin_required", - "identity:list_credentials": "rule:admin_required", - "identity:create_credential": "rule:admin_required", - "identity:update_credential": "rule:admin_required", - "identity:delete_credential": "rule:admin_required", - - "identity:ec2_get_credential": "rule:admin_or_owner", - "identity:ec2_list_credentials": "rule:admin_or_owner", - "identity:ec2_create_credential": "rule:admin_or_owner", - "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)", - - "identity:get_role": "rule:admin_required", - "identity:list_roles": "rule:admin_required", - "identity:create_role": "rule:admin_required", - "identity:update_role": "rule:admin_required", - "identity:delete_role": "rule:admin_required", - - "identity:check_grant": "rule:admin_required", - "identity:list_grants": "rule:admin_required", - "identity:create_grant": "rule:admin_required", - "identity:revoke_grant": "rule:admin_required", - - "identity:list_role_assignments": "rule:admin_required", - - "identity:get_policy": "rule:admin_required", - "identity:list_policies": "rule:admin_required", - "identity:create_policy": "rule:admin_required", - "identity:update_policy": "rule:admin_required", - "identity:delete_policy": "rule:admin_required", - - "identity:check_token": "rule:admin_required", - "identity:validate_token": "rule:service_or_admin", - "identity:validate_token_head": "rule:service_or_admin", - "identity:revocation_list": "rule:service_or_admin", - "identity:revoke_token": "rule:admin_or_owner", - - "identity:create_trust": "user_id:%(trust.trustor_user_id)s", - "identity:get_trust": "rule:admin_or_owner", - "identity:list_trusts": "", - "identity:list_roles_for_trust": "", - "identity:check_role_for_trust": "", - "identity:get_role_for_trust": "", - "identity:delete_trust": "", - - "identity:create_consumer": "rule:admin_required", - "identity:get_consumer": "rule:admin_required", - "identity:list_consumers": "rule:admin_required", - "identity:delete_consumer": "rule:admin_required", - "identity:update_consumer": "rule:admin_required", - - "identity:authorize_request_token": "rule:admin_required", - "identity:list_access_token_roles": "rule:admin_required", - "identity:get_access_token_role": "rule:admin_required", - "identity:list_access_tokens": "rule:admin_required", - "identity:get_access_token": "rule:admin_required", - "identity:delete_access_token": "rule:admin_required", - - "identity:list_projects_for_endpoint": "rule:admin_required", - "identity:add_endpoint_to_project": "rule:admin_required", - "identity:check_endpoint_in_project": "rule:admin_required", - "identity:list_endpoints_for_project": "rule:admin_required", - "identity:remove_endpoint_from_project": "rule:admin_required", - - "identity:create_endpoint_group": "rule:admin_required", - "identity:list_endpoint_groups": "rule:admin_required", - "identity:get_endpoint_group": "rule:admin_required", - "identity:update_endpoint_group": "rule:admin_required", - "identity:delete_endpoint_group": "rule:admin_required", - "identity:list_projects_associated_with_endpoint_group": "rule:admin_required", - "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required", - "identity:list_endpoint_groups_for_project": "rule:admin_required", - "identity:add_endpoint_group_to_project": "rule:admin_required", - "identity:remove_endpoint_group_from_project": "rule:admin_required", - - "identity:create_identity_provider": "rule:admin_required", - "identity:list_identity_providers": "rule:admin_required", - "identity:get_identity_providers": "rule:admin_required", - "identity:update_identity_provider": "rule:admin_required", - "identity:delete_identity_provider": "rule:admin_required", - - "identity:create_protocol": "rule:admin_required", - "identity:update_protocol": "rule:admin_required", - "identity:get_protocol": "rule:admin_required", - "identity:list_protocols": "rule:admin_required", - "identity:delete_protocol": "rule:admin_required", - - "identity:create_mapping": "rule:admin_required", - "identity:get_mapping": "rule:admin_required", - "identity:list_mappings": "rule:admin_required", - "identity:delete_mapping": "rule:admin_required", - "identity:update_mapping": "rule:admin_required", - - "identity:get_auth_catalog": "", - "identity:get_auth_projects": "", - "identity:get_auth_domains": "", - - "identity:list_projects_for_groups": "", - "identity:list_domains_for_groups": "", - - "identity:list_revoke_events": "", - - "identity:create_policy_association_for_endpoint": "rule:admin_required", - "identity:check_policy_association_for_endpoint": "rule:admin_required", - "identity:delete_policy_association_for_endpoint": "rule:admin_required", - "identity:create_policy_association_for_service": "rule:admin_required", - "identity:check_policy_association_for_service": "rule:admin_required", - "identity:delete_policy_association_for_service": "rule:admin_required", - "identity:create_policy_association_for_region_and_service": "rule:admin_required", - "identity:check_policy_association_for_region_and_service": "rule:admin_required", - "identity:delete_policy_association_for_region_and_service": "rule:admin_required", - "identity:get_policy_for_endpoint": "rule:admin_required", - "identity:list_endpoints_for_policy": "rule:admin_required" -} diff --git a/install-files/openstack/usr/share/openstack/neutron-config.yml b/install-files/openstack/usr/share/openstack/neutron-config.yml index 97f4c76e..5d594353 100644 --- a/install-files/openstack/usr/share/openstack/neutron-config.yml +++ b/install-files/openstack/usr/share/openstack/neutron-config.yml @@ -22,17 +22,6 @@ - /var/lock/neutron - /var/log/neutron - - name: Get service tenant id needed in neutron.conf - shell: | - keystone \ - --os-endpoint http://{{ CONTROLLER_HOST_ADDRESS|quote }}:35357/v2.0 \ - --os-token {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN|quote }} \ - tenant-get service | grep id | tr -d " " | cut -d"|" -f3 - register: tenant_service_id - - - set_fact: - SERVICE_TENANT_ID: "{{ tenant_service_id.stdout }}" - - name: Create the directories needed for Neutron configuration files. file: path: /etc/{{ item }} diff --git a/install-files/openstack/usr/share/openstack/neutron-db.yml b/install-files/openstack/usr/share/openstack/neutron-db.yml index 91dde6fe..9cc77b5a 100644 --- a/install-files/openstack/usr/share/openstack/neutron-db.yml +++ b/install-files/openstack/usr/share/openstack/neutron-db.yml @@ -46,6 +46,6 @@ neutron-db-manage \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ - upgrade juno + upgrade head sudo: yes sudo_user: neutron diff --git a/install-files/openstack/usr/share/openstack/neutron/api-paste.ini b/install-files/openstack/usr/share/openstack/neutron/api-paste.ini deleted file mode 100644 index bbcd4152..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/api-paste.ini +++ /dev/null @@ -1,30 +0,0 @@ -[composite:neutron] -use = egg:Paste#urlmap -/: neutronversions -/v2.0: neutronapi_v2_0 - -[composite:neutronapi_v2_0] -use = call:neutron.auth:pipeline_factory -noauth = request_id catch_errors extensions neutronapiapp_v2_0 -keystone = request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0 - -[filter:request_id] -paste.filter_factory = neutron.openstack.common.middleware.request_id:RequestIdMiddleware.factory - -[filter:catch_errors] -paste.filter_factory = neutron.openstack.common.middleware.catch_errors:CatchErrorsMiddleware.factory - -[filter:keystonecontext] -paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:extensions] -paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory - -[app:neutronversions] -paste.app_factory = neutron.api.versions:Versions.factory - -[app:neutronapiapp_v2_0] -paste.app_factory = neutron.api.v2.router:APIRouter.factory diff --git a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini index c6c2b9a7..1ab4c806 100644 --- a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini +++ b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini @@ -1,7 +1,6 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = False -use_syslog = True # The DHCP agent will resync its state with Neutron to recover from any # transient notification or rpc errors. The interval is number of @@ -32,8 +31,10 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True +# iproute2 package that supports namespaces). This option is deprecated and +# will be removed in a future release, at which point the old behavior of +# use_namespaces = True will be enforced. +# use_namespaces = True # The DHCP server can assist with providing metadata support on isolated # networks. Setting this value to True will cause the DHCP server to append @@ -61,7 +62,7 @@ enable_isolated_metadata = True # dhcp_domain = openstacklocal # Override the default dnsmasq settings with this file -# dnsmasq_config_file = +dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf # Comma-separated list of DNS servers which will be used by dnsmasq # as forwarders. @@ -73,16 +74,15 @@ enable_isolated_metadata = True # Location to DHCP lease relay UNIX domain socket # dhcp_lease_relay_socket = $state_path/dhcp/lease_relay -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy +# Use broadcast in DHCP replies +# dhcp_broadcast_reply = False -# dhcp_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the dhcp agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. -# If True, namespaces will be deleted when a dhcp server is disabled. -# dhcp_delete_namespaces = False +# dhcp_delete_namespaces, which is True by default, can be set to False if +# namespaces can't be deleted cleanly on the host running the DHCP agent. +# Disable this if you hit the issue in +# https://bugs.launchpad.net/neutron/+bug/1052535 or if +# you are sure that your version of iproute suffers from the problem. +# dhcp_delete_namespaces = True # Timeout for ovs-vsctl commands. # If the timeout expires, ovs commands will fail with ALARMCLOCK error. diff --git a/install-files/openstack/usr/share/openstack/neutron/fwaas_driver.ini b/install-files/openstack/usr/share/openstack/neutron/fwaas_driver.ini deleted file mode 100644 index 41f761ab..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/fwaas_driver.ini +++ /dev/null @@ -1,3 +0,0 @@ -[fwaas] -#driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver -#enabled = True diff --git a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini index 000cd997..bc1321e4 100644 --- a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini +++ b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini @@ -1,15 +1,14 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = False -use_syslog = True # L3 requires that an interface driver be set. Choose the one that best # matches your plugin. -# interface_driver = +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) # that supports L3 agent -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Use veth for an OVS interface or not. # Support kernels with limited namespace support @@ -20,8 +19,10 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True +# iproute2 package that supports namespaces). This option is deprecated and +# will be removed in a future release, at which point the old behavior of +# use_namespaces = True will be enforced. +# use_namespaces = True # If use_namespaces is set as False then the agent can only configure one router. @@ -35,6 +36,20 @@ use_namespaces = True # must be left empty. # gateway_external_network_id = +# With IPv6, the network used for the external gateway does not need +# to have an associated subnet, since the automatically assigned +# link-local address (LLA) can be used. However, an IPv6 gateway address +# is needed for use as the next-hop for the default route. If no IPv6 +# gateway address is configured here, (and only then) the neutron router +# will be configured to get its default route from router advertisements (RAs) +# from the upstream router; in which case the upstream router must also be +# configured to send these RAs. +# The ipv6_gateway, when configured, should be the LLA of the interface +# on the upstream router. If a next-hop using a global unique address (GUA) +# is desired, it needs to be done via a subnet allocated to the network +# and not through this parameter. +# ipv6_gateway = + # Indicates that this L3 agent should also handle routers that do not have # an external network gateway configured. This option should be True only # for a single agent in a Neutron deployment, and may be False for all agents @@ -64,16 +79,19 @@ external_network_bridge = br-ex # if the Nova metadata server is not available # enable_metadata_proxy = True -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy +# Iptables mangle mark used to mark metadata valid requests +# metadata_access_mark = 0x1 + +# Iptables mangle mark used to mark ingress from external network +# external_ingress_mark = 0x2 -# router_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the L3 agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. +# router_delete_namespaces, which is True by default, can be set to False if +# namespaces can't be deleted cleanly on the host running the L3 agent. +# Disable this if you hit the issue in +# https://bugs.launchpad.net/neutron/+bug/1052535 or if +# you are sure that your version of iproute suffers from the problem. # If True, namespaces will be deleted when a router is destroyed. -# router_delete_namespaces = False +# router_delete_namespaces = True # Timeout for ovs-vsctl commands. # If the timeout expires, ovs commands will fail with ALARMCLOCK error. diff --git a/install-files/openstack/usr/share/openstack/neutron/lbaas_agent.ini b/install-files/openstack/usr/share/openstack/neutron/lbaas_agent.ini deleted file mode 100644 index 68a2759e..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/lbaas_agent.ini +++ /dev/null @@ -1,42 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output). -# debug = False - -# The LBaaS agent will resync its state with Neutron to recover from any -# transient notification or rpc errors. The interval is number of -# seconds between attempts. -# periodic_interval = 10 - -# LBaas requires an interface driver be set. Choose the one that best -# matches your plugin. -# interface_driver = - -# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC, NVP, -# BigSwitch/Floodlight) -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -# ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# The agent requires drivers to manage the loadbalancer. HAProxy is the opensource version. -# Multiple device drivers reflecting different service providers could be specified: -# device_driver = path.to.provider1.driver.Driver -# device_driver = path.to.provider2.driver.Driver -# Default is: -# device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver - -[haproxy] -# Location to store config and state files -# loadbalancer_state_path = $state_path/lbaas - -# The user group -# user_group = nogroup - -# When delete and re-add the same vip, send this many gratuitous ARPs to flush -# the ARP cache in the Router. Set it below or equal to 0 to disable this feature. -# send_gratuitous_arp = 3 diff --git a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini index ed238770..ee89c943 100644 --- a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini +++ b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini @@ -1,10 +1,9 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = True -use_syslog = True # The Neutron user information for accessing the Neutron API. -auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 auth_region = regionOne # Turn off verification of the certificate for ssl # auth_insecure = False @@ -40,12 +39,21 @@ nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }} # When proxying metadata requests, Neutron signs the Instance-ID header with a # shared secret to prevent spoofing. You may select any string for a secret, # but it must match here and in the configuration used by the Nova Metadata -# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret +# Server. NOTE: Nova uses the same config key, but in [neutron] section. metadata_proxy_shared_secret = {{ METADATA_PROXY_SHARED_SECRET }} # Location of Metadata Proxy UNIX domain socket # metadata_proxy_socket = $state_path/metadata_proxy +# Metadata Proxy UNIX domain socket mode, 3 values allowed: +# 'deduce': deduce mode from metadata_proxy_user/group values, +# 'user': set metadata proxy socket mode to 0o644, to use when +# metadata_proxy_user is agent effective user or root, +# 'group': set metadata proxy socket mode to 0o664, to use when +# metadata_proxy_group is agent effective group, +# 'all': set metadata proxy socket mode to 0o666, to use otherwise. +# metadata_proxy_socket_mode = deduce + # Number of separate worker processes for metadata server. Defaults to # half the number of CPU cores # metadata_workers = diff --git a/install-files/openstack/usr/share/openstack/neutron/metering_agent.ini b/install-files/openstack/usr/share/openstack/neutron/metering_agent.ini deleted file mode 100644 index 88826ce7..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/metering_agent.ini +++ /dev/null @@ -1,18 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = True - -# Default driver: -# driver = neutron.services.metering.drivers.noop.noop_driver.NoopMeteringDriver -# Example of non-default driver -# driver = neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver - -# Interval between two metering measures -# measure_interval = 30 - -# Interval between two metering reports -# report_interval = 300 - -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# use_namespaces = True diff --git a/install-files/openstack/usr/share/openstack/neutron/neutron.conf b/install-files/openstack/usr/share/openstack/neutron/neutron.conf index 51de7464..33c6398a 100644 --- a/install-files/openstack/usr/share/openstack/neutron/neutron.conf +++ b/install-files/openstack/usr/share/openstack/neutron/neutron.conf @@ -17,10 +17,7 @@ # Where to store Neutron state files. This directory must be writable by the # user executing the agent. -state_path = /var/lib/neutron - -# Where to store lock files -lock_path = $state_path/lock +# state_path = /var/lib/neutron # log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s # log_date_format = %Y-%m-%d %H:%M:%S @@ -33,7 +30,6 @@ lock_path = $state_path/lock # publish_errors -> notification system use_syslog = True - # syslog_log_facility = LOG_USER # use_stderr = True @@ -74,7 +70,14 @@ service_plugins = router # Example: service_plugins = router,firewall,lbaas,vpnaas,metering # Paste configuration file -api_paste_config = api-paste.ini +# api_paste_config = api-paste.ini + +# (StrOpt) Hostname to be used by the neutron server, agents and services +# running on this machine. All the agents and services running on this machine +# must use the same host value. +# The default value is hostname of the machine. +# +# host = # The strategy to be used for auth. # Supported values are 'keystone'(default), 'noauth'. @@ -140,6 +143,29 @@ allow_overlapping_ips = True # Maximum number of routes per router # max_routes = 30 +# Default Subnet Pool to be used for IPv4 subnet-allocation. +# Specifies by UUID the pool to be used in case of subnet-create being called +# without a subnet-pool ID. The default of None means that no pool will be +# used unless passed explicitly to subnet create. If no pool is used, then a +# CIDR must be passed to create a subnet and that subnet will not be allocated +# from any pool; it will be considered part of the tenant's private address +# space. +# default_ipv4_subnet_pool = + +# Default Subnet Pool to be used for IPv6 subnet-allocation. +# Specifies by UUID the pool to be used in case of subnet-create being +# called without a subnet-pool ID. Set to "prefix_delegation" +# to enable IPv6 Prefix Delegation in a PD-capable environment. +# See the description for default_ipv4_subnet_pool for more information. +# default_ipv6_subnet_pool = + +# =========== items for MTU selection and advertisement ============= +# Advertise MTU. If True, effort is made to advertise MTU +# settings to VMs via network methods (ie. DHCP and RA MTU options) +# when the network's preferred MTU is known. +# advertise_mtu = False +# ======== end of items for MTU selection and advertisement ========= + # =========== items for agent management extension ============= # Seconds to regard the agent as down; should be at least twice # report_interval, to be sure the agent is down for good @@ -154,6 +180,23 @@ allow_overlapping_ips = True # Driver to use for scheduling a loadbalancer pool to an lbaas agent # loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler +# (StrOpt) Representing the resource type whose load is being reported by +# the agent. +# This can be 'networks','subnets' or 'ports'. When specified (Default is networks), +# the server will extract particular load sent as part of its agent configuration object +# from the agent report state, which is the number of resources being consumed, at +# every report_interval. +# dhcp_load_type can be used in combination with network_scheduler_driver = +# neutron.scheduler.dhcp_agent_scheduler.WeightScheduler +# When the network_scheduler_driver is WeightScheduler, dhcp_load_type can +# be configured to represent the choice for the resource being balanced. +# Example: dhcp_load_type = networks +# Values: +# networks - number of networks hosted on the agent +# subnets - number of subnets associated with the networks hosted on the agent +# ports - number of ports associated with the networks hosted on the agent +# dhcp_load_type = networks + # Allow auto scheduling networks to DHCP agent. It will schedule non-hosted # networks to first DHCP agent which sends get_active_networks message to # neutron server @@ -167,10 +210,25 @@ allow_overlapping_ips = True # admin_state_up set to True to alive agents. # allow_automatic_l3agent_failover = False -# Number of DHCP agents scheduled to host a network. This enables redundant -# DHCP agents for configured networks. +# Allow automatic removal of networks from dead DHCP agents with +# admin_state_up set to True. +# Networks could then be rescheduled if network_auto_schedule is True +# allow_automatic_dhcp_failover = True + +# Number of DHCP agents scheduled to host a tenant network. +# If this number is greater than 1, the scheduler automatically +# assigns multiple DHCP agents for a given tenant network, +# providing high availability for DHCP service. # dhcp_agents_per_network = 1 +# Enable services on agents with admin_state_up False. +# If this option is False, when admin_state_up of an agent is turned to +# False, services on it will be disabled. If this option is True, services +# on agents with admin_state_up False keep available and manual scheduling +# to such agents is available. Agents with admin_state_up False are not +# selected for automatic scheduling regardless of this option. +# enable_services_on_agents_with_admin_state_down = False + # =========== end of items for agent scheduler extension ===== # =========== items for l3 extension ============== @@ -187,8 +245,39 @@ allow_overlapping_ips = True # # CIDR of the administrative network if HA mode is enabled # l3_ha_net_cidr = 169.254.192.0/18 +# +# Enable snat by default on external gateway when available +# enable_snat_by_default = True # =========== end of items for l3 extension ======= +# =========== items for metadata proxy configuration ============== +# User (uid or name) running metadata proxy after its initialization +# (if empty: agent effective user) +# metadata_proxy_user = + +# Group (gid or name) running metadata proxy after its initialization +# (if empty: agent effective group) +# metadata_proxy_group = + +# Enable/Disable log watch by metadata proxy, it should be disabled when +# metadata_proxy_user/group is not allowed to read/write its log file and +# 'copytruncate' logrotate option must be used if logrotate is enabled on +# metadata proxy log files. Option default value is deduced from +# metadata_proxy_user: watch log is enabled if metadata_proxy_user is agent +# effective user id/name. +# metadata_proxy_watch_log = + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy +# =========== end of items for metadata proxy configuration ============== + +# ========== items for VLAN trunking networks ========== +# Setting this flag to True will allow plugins that support it to +# create VLAN transparent networks. This flag has no effect for +# plugins that do not support VLAN transparent networks. +# vlan_transparent = False +# ========== end of items for VLAN trunking networks ========== + # =========== WSGI parameters related to the API server ============== # Number of separate worker processes to spawn. The default, 0, runs the # worker thread in the current process. Greater than 0 launches that number of @@ -202,6 +291,18 @@ allow_overlapping_ips = True # enabled for various plugins for compatibility. # rpc_workers = 0 +# Timeout for client connections socket operations. If an +# incoming connection is idle for this number of seconds it +# will be closed. A value of '0' means wait forever. (integer +# value) +# client_socket_timeout = 900 + +# wsgi keepalive option. Determines if connections are allowed to be held open +# by clients after a request is fulfilled. A value of False will ensure that +# the socket connection will be explicitly closed once a response has been +# sent to the client. +# wsgi_keep_alive = True + # Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when # starting API server. Not supported on OS X. # tcp_keepidle = 600 @@ -231,7 +332,6 @@ allow_overlapping_ips = True # ssl_ca_file = /path/to/cafile # ======== end of WSGI parameters related to the API server ========== - # ======== neutron nova interactions ========== # Send notification to nova when port status is active. notify_nova_on_port_status_changes = True @@ -241,22 +341,27 @@ notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True # URL for connection to nova (Only supports one nova region currently). -nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2 +nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2 # Name of nova region to use. Useful if keystone manages more than one region -nova_region_name = regionOne +# nova_region_name = # Username for connection to nova in admin context -nova_admin_username = {{ NOVA_SERVICE_USER }} +# nova_admin_username = # The uuid of the admin nova tenant -nova_admin_tenant_id = {{ SERVICE_TENANT_ID }} +# nova_admin_tenant_id = + +# The name of the admin nova tenant. If the uuid of the admin nova tenant +# is set, this is optional. Useful for cases where the uuid of the admin +# nova tenant is not available when configuration is being done. +# nova_admin_tenant_name = # Password for connection to nova in admin context. -nova_admin_password = {{ NOVA_SERVICE_PASSWORD }} +# nova_admin_password = # Authorization URL for connection to nova in admin context. -nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 +# nova_admin_auth_url = # CA file for novaclient to verify server certificates # nova_ca_certificates_file = @@ -275,42 +380,42 @@ nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 # Use durable queues in amqp. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false +# amqp_durable_queues=false # Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false +# amqp_auto_delete=false # Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 +# rpc_conn_pool_size=30 # Qpid broker hostname. (string value) -#qpid_hostname=localhost +# qpid_hostname=localhost # Qpid broker port. (integer value) -#qpid_port=5672 +# qpid_port=5672 # Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port +# qpid_hosts=$qpid_hostname:$qpid_port # Username for Qpid connection. (string value) -#qpid_username= +# qpid_username= # Password for Qpid connection. (string value) -#qpid_password= +# qpid_password= # Space separated list of SASL mechanisms to use for auth. # (string value) -#qpid_sasl_mechanisms= +# qpid_sasl_mechanisms= # Seconds between connection keepalive heartbeats. (integer # value) -#qpid_heartbeat=60 +# qpid_heartbeat=60 # Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp +# qpid_protocol=tcp # Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true +# qpid_tcp_nodelay=true # The qpid topology version to use. Version 1 is what was # originally used by impl_qpid. Version 2 includes some @@ -318,136 +423,136 @@ nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 # to work. Users should update to version 2 when they are # able to take everything down, as it requires a clean break. # (integer value) -#qpid_topology_version=1 +# qpid_topology_version=1 # SSL version to use (valid only if SSL enabled). valid values # are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some # distributions. (string value) -#kombu_ssl_version= +# kombu_ssl_version= # SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= +# kombu_ssl_keyfile= # SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= +# kombu_ssl_certfile= # SSL certification authority file (valid only if SSL # enabled). (string value) -#kombu_ssl_ca_certs= +# kombu_ssl_ca_certs= # How long to wait before reconnecting in response to an AMQP # consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 +# kombu_reconnect_delay=1.0 # The RabbitMQ broker address where a single node is used. # (string value) -rabbit_host={{ RABBITMQ_HOST }} +# rabbit_host=localhost # The RabbitMQ broker port where a single node is used. # (integer value) -rabbit_port={{ RABBITMQ_PORT }} +# rabbit_port =5672 # RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port +# rabbit_hosts=$rabbit_host:$rabbit_port # Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false +# rabbit_use_ssl=false # The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} +# rabbit_userid=guest # The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} +# rabbit_password=guest # the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN +# rabbit_login_method=AMQPLAIN # The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ +# rabbit_virtual_host=/ # How frequently to retry connecting with RabbitMQ. (integer # value) -#rabbit_retry_interval=1 +# rabbit_retry_interval=1 # How long to backoff for between retries when connecting to # RabbitMQ. (integer value) -#rabbit_retry_backoff=2 +# rabbit_retry_backoff=2 # Maximum number of RabbitMQ connection retries. Default is 0 # (infinite retry count). (integer value) -#rabbit_max_retries=0 +# rabbit_max_retries=0 # Use HA queues in RabbitMQ (x-ha-policy: all). If you change # this option, you must wipe the RabbitMQ database. (boolean # value) -#rabbit_ha_queues=false +# rabbit_ha_queues=false # If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false +# fake_rabbit=false # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) -#rpc_zmq_bind_address=* +# rpc_zmq_bind_address=* # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +# rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 +# rpc_zmq_port=9501 # Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 +# rpc_zmq_contexts=1 # Maximum number of ingress messages to locally buffer per # topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> +# rpc_zmq_topic_backlog= # Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack +# rpc_zmq_ipc_dir=/var/run/openstack # Name of this node. Must be a valid hostname, FQDN, or IP # address. Must match "host" option, if running Nova. (string # value) -#rpc_zmq_host=oslo +# rpc_zmq_host=oslo # Seconds to wait before a cast expires (TTL). Only supported # by impl_zmq. (integer value) -#rpc_cast_timeout=30 +# rpc_cast_timeout=30 # Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 +# matchmaker_heartbeat_freq=300 # Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 +# matchmaker_heartbeat_ttl=600 # Size of RPC greenthread pool. (integer value) -#rpc_thread_pool_size=64 +# rpc_thread_pool_size=64 # Driver or drivers to handle sending notifications. (multi # valued) -notification_driver=neutron.openstack.common.notifier.rpc_notifier +notification_driver = neutron.openstack.common.notifier.rpc_notifier # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics -#notification_topics=notifications +# notification_topics=notifications # Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 +# rpc_response_timeout=60 # A URL representing the messaging driver to use and its full # configuration. If not set, we fall back to the rpc_backend # option and driver specific configuration. (string value) -#transport_url=<None> +# transport_url= # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) -rpc_backend=rabbit +rpc_backend = rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the # transport_url option. (string value) -#control_exchange=openstack +# control_exchange=openstack [matchmaker_redis] @@ -457,13 +562,13 @@ rpc_backend=rabbit # # Host to locate redis. (string value) -#host=127.0.0.1 +# host=127.0.0.1 # Use this port to connect to redis host. (integer value) -#port=6379 +# port=6379 # Password for Redis server (optional). (string value) -#password=<None> +# password= [matchmaker_ring] @@ -474,13 +579,14 @@ rpc_backend=rabbit # Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json +# ringfile=/etc/oslo/matchmaker_ring.json [quotas] # Default driver to use for quota checks # quota_driver = neutron.db.quota_db.DbQuotaDriver # Resource name(s) that are supported in quota features +# This option is deprecated for removal in the M release, please refrain from using it # quota_items = network,subnet,port # Default number of resource allowed per tenant. A negative value means @@ -523,6 +629,16 @@ rpc_backend=rabbit # and that is the reason why quota is possible. # quota_health_monitor = -1 +# Number of loadbalancers allowed per tenant. A negative value means unlimited. +# quota_loadbalancer = 10 + +# Number of listeners allowed per tenant. A negative value means unlimited. +# quota_listener = -1 + +# Number of v2 health monitors allowed per tenant. A negative value means +# unlimited. These health monitors exist under the lbaas v2 API +# quota_healthmonitor = -1 + # Number of routers allowed per tenant. A negative value means unlimited. # quota_router = 10 @@ -543,10 +659,30 @@ rpc_backend=rabbit [agent] # Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real # root filter facility. -# Change to "sudo" to skip the filtering and just run the comand directly -# root_helper = sudo +# Change to "sudo" to skip the filtering and just run the command directly root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf +# Set to true to add comments to generated iptables rules that describe +# each rule's purpose. (System must support the iptables comments module.) +# comment_iptables_rules = True + +# Root helper daemon application to use when possible. +# root_helper_daemon = + +# Use the root helper when listing the namespaces on a system. This may not +# be required depending on the security configuration. If the root helper is +# not required, set this to False for a performance improvement. +# use_helper_for_ns_read = True + +# The interval to check external processes for failure in seconds (0=disabled) +# check_child_processes_interval = 60 + +# Action to take when an external process spawned by an agent dies +# Values: +# respawn - Respawns the external process +# exit - Exits the agent +# check_child_processes_action = respawn + # =========== items for agent management extension ============= # seconds between nodes reporting state to server; should be less than # agent_down_time, best if it is half or less than agent_down_time @@ -555,8 +691,8 @@ root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf # =========== end of items for agent management extension ===== [keystone_authtoken] -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 admin_tenant_name = service admin_user = {{ NEUTRON_SERVICE_USER }} admin_password = {{ NEUTRON_SERVICE_PASSWORD }} @@ -567,13 +703,12 @@ admin_password = {{ NEUTRON_SERVICE_PASSWORD }} # connection = mysql://root:pass@127.0.0.1:3306/neutron # Replace 127.0.0.1 above with the IP address of the database used by the # main neutron server. (Leave it as is if the database runs on this host.) -# connection = sqlite:// +connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron + # NOTE: In deployment the [database] section and its connection attribute may # be set in the corresponding core plugin '.ini' file. However, it is suggested # to put the [database] section and its connection attribute in this # configuration file. -#connection=sqlite:////var/lib/neutron/neutron.sqlite -connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron # Database engine for which script will be generated when using offline # migration @@ -611,30 +746,282 @@ connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTR # If set, use this value for pool_timeout with sqlalchemy # pool_timeout = 10 -[service_providers] -# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. -# Must be in form: -# service_provider=<service_type>:<name>:<driver>[:default] -# List of allowed service types includes LOADBALANCER, FIREWALL, VPN -# Combination of <service type> and <name> must be unique; <driver> must also be unique -# This is multiline option, example for default provider: -# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default -# example of non-default provider: -# service_provider=FIREWALL:name2:firewall_driver_path -# --- Reference implementations --- -service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default -service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default -# In order to activate Radware's lbaas driver you need to uncomment the next line. -# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. -# Otherwise comment the HA Proxy line -# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default -# uncomment the following line to make the 'netscaler' LBaaS provider available. -# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver -# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. -# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default -# Uncomment the line below to use Embrane heleos as Load Balancer service provider. -# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default -# Uncomment the line below to use the A10 Networks LBaaS driver. Requires 'pip install a10-neutron-lbaas'. -#service_provider = LOADBALANCER:A10Networks:neutron.services.loadbalancer.drivers.a10networks.driver_v1.ThunderDriver:default -# Uncomment the following line to test the LBaaS v2 API _WITHOUT_ a real backend -# service_provider = LOADBALANCER:LoggingNoop:neutron.services.loadbalancer.drivers.logging_noop.driver.LoggingNoopLoadBalancerDriver:default +[nova] +# Name of the plugin to load +auth_plugin = password + +# Config Section from which to load plugin specific options +# auth_section = + +# PEM encoded Certificate Authority to use when verifying HTTPs connections. +# cafile = + +# PEM encoded client certificate cert file +# certfile = + +# Verify HTTPS connections. +# insecure = False + +# PEM encoded client certificate key file +# keyfile = + +# Name of nova region to use. Useful if keystone manages more than one region. +region_name = regionOne + +# Timeout value for http requests +# timeout = + +# Authorization URL for connection to nova in admin context. +auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + +# Username for connection to nova in admin context +username = {{ NOVA_SERVICE_USER }} + +# Password for connection to nova in admin context. +password = {{ NOVA_SERVICE_PASSWORD }} + +# The uuid of the admin nova tenant +# tenant_id = + +# The name of the admin nova tenant. If the uuid of the admin nova tenant +# is set, this is optional. Useful for cases where the uuid of the admin +# nova tenant is not available when configuration is being done. +tenant_name = service + +[oslo_concurrency] + +# Directory to use for lock files. For security, the specified directory should +# only be writable by the user running the processes that need locking. +# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, +# a lock path must be set. +lock_path = $state_path/lock + +# Enables or disables inter-process locks. +# disable_process_locking = False + +[oslo_policy] + +# The JSON file that defines policies. +# policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. +# policy_default_rule = default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path defined by the +# config_dir option, or absolute paths. The file defined by policy_file +# must exist for these directories to be searched. Missing or empty +# directories are ignored. +# policy_dirs = policy.d + +[oslo_messaging_amqp] + +# +# From oslo.messaging +# + +# Address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +# server_request_prefix = exclusive + +# Address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +# broadcast_prefix = broadcast + +# Address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +# group_request_prefix = unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +# container_name = + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +# idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +# trace = false + +# CA certificate PEM file for verifing server certificate (string value) +# Deprecated group/name - [amqp1]/ssl_ca_file +# ssl_ca_file = + +# Identifying certificate PEM file to present to clients (string value) +# Deprecated group/name - [amqp1]/ssl_cert_file +# ssl_cert_file = + +# Private key PEM file used to sign cert_file certificate (string value) +# Deprecated group/name - [amqp1]/ssl_key_file +# ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +# ssl_key_password = + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +# allow_insecure_clients = false + + +[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +# amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +# amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +# rpc_conn_pool_size = 30 + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +# qpid_hostname = localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +# qpid_port = 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +# qpid_hosts = $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +# qpid_username = + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +# qpid_password = + +# Space separated list of SASL mechanisms to use for auth. (string value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +# qpid_sasl_mechanisms = + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +# qpid_heartbeat = 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +# qpid_protocol = tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +# qpid_tcp_nodelay = true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +# qpid_receiver_capacity = 1 + +# The qpid topology version to use. Version 1 is what was originally used by +# impl_qpid. Version 2 includes some backwards-incompatible changes that allow +# broker federation to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +# qpid_topology_version = 1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +# amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +# amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +# rpc_conn_pool_size = 30 + +# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and +# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some +# distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +# kombu_ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +# kombu_ssl_keyfile = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +# kombu_ssl_certfile = + +# SSL certification authority file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +# kombu_ssl_ca_certs = + +# How long to wait before reconnecting in response to an AMQP consumer cancel +# notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +# kombu_reconnect_delay = 1.0 + +# The RabbitMQ broker address where a single node is used. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_host +rabbit_host = {{ RABBITMQ_HOST }} + +# The RabbitMQ broker port where a single node is used. (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_port +rabbit_port = {{ RABBITMQ_PORT }} + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +# rabbit_hosts = $rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +# rabbit_use_ssl = false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +rabbit_userid = {{ RABBITMQ_USER }} + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +rabbit_password = {{ RABBITMQ_PASSWORD }} + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +# rabbit_login_method = AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +# rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +# rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +# rabbit_retry_backoff = 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry +# count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +# rabbit_max_retries = 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you +# must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +# rabbit_ha_queues = false + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +# fake_rabbit = false diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini deleted file mode 100644 index 256f7855..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini +++ /dev/null @@ -1,114 +0,0 @@ -# Config file for neutron-proxy-plugin. - -[restproxy] -# All configuration for this plugin is in section '[restproxy]' -# -# The following parameters are supported: -# servers : <host:port>[,<host:port>]* (Error if not set) -# server_auth : <username:password> (default: no auth) -# server_ssl : True | False (default: True) -# ssl_cert_directory : <path> (default: /etc/neutron/plugins/bigswitch/ssl) -# no_ssl_validation : True | False (default: False) -# ssl_sticky : True | False (default: True) -# sync_data : True | False (default: False) -# auto_sync_on_failure : True | False (default: True) -# consistency_interval : <integer> (default: 60 seconds) -# server_timeout : <integer> (default: 10 seconds) -# neutron_id : <string> (default: neutron-<hostname>) -# add_meta_server_route : True | False (default: True) -# thread_pool_size : <int> (default: 4) - -# A comma separated list of BigSwitch or Floodlight servers and port numbers. The plugin proxies the requests to the BigSwitch/Floodlight server, which performs the networking configuration. Note that only one server is needed per deployment, but you may wish to deploy multiple servers to support failover. -servers=localhost:8080 - -# The username and password for authenticating against the BigSwitch or Floodlight controller. -# server_auth=username:password - -# Use SSL when connecting to the BigSwitch or Floodlight controller. -# server_ssl=True - -# Directory which contains the ca_certs and host_certs to be used to validate -# controller certificates. -# ssl_cert_directory=/etc/neutron/plugins/bigswitch/ssl/ - -# If a certificate does not exist for a controller, trust and store the first -# certificate received for that controller and use it to validate future -# connections to that controller. -# ssl_sticky=True - -# Do not validate the controller certificates for SSL -# Warning: This will not provide protection against man-in-the-middle attacks -# no_ssl_validation=False - -# Sync data on connect -# sync_data=False - -# If neutron fails to create a resource because the backend controller -# doesn't know of a dependency, automatically trigger a full data -# synchronization to the controller. -# auto_sync_on_failure=True - -# Time between verifications that the backend controller -# database is consistent with Neutron. (0 to disable) -# consistency_interval = 60 - -# Maximum number of seconds to wait for proxy request to connect and complete. -# server_timeout=10 - -# User defined identifier for this Neutron deployment -# neutron_id = - -# Flag to decide if a route to the metadata server should be injected into the VM -# add_meta_server_route = True - -# Number of threads to use to handle large volumes of port creation requests -# thread_pool_size = 4 - -[nova] -# Specify the VIF_TYPE that will be controlled on the Nova compute instances -# options: ivs or ovs -# default: ovs -# vif_type = ovs - -# Overrides for vif types based on nova compute node host IDs -# Comma separated list of host IDs to fix to a specific VIF type -# The VIF type is taken from the end of the configuration item -# node_override_vif_<vif_type> -# For example, the following would set the VIF type to IVS for -# host-id1 and host-id2 -# node_overrride_vif_ivs=host-id1,host-id2 - -[router] -# Specify the default router rules installed in newly created tenant routers -# Specify multiple times for multiple rules -# Format is <tenant>:<source>:<destination>:<action> -# Optionally, a comma-separated list of nexthops may be included after <action> -# Use an * to specify default for all tenants -# Default is any any allow for all tenants -# tenant_default_router_rule=*:any:any:permit - -# Maximum number of rules that a single router may have -# Default is 200 -# max_router_rules=200 - -[restproxyagent] - -# Specify the name of the bridge used on compute nodes -# for attachment. -# Default: br-int -# integration_bridge=br-int - -# Change the frequency of polling by the restproxy agent. -# Value is seconds -# Default: 5 -# polling_interval=5 - -# Virtual switch type on the compute node. -# Options: ovs or ivs -# Default: ovs -# virtual_switch_type = ovs - -[securitygroup] -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README b/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README deleted file mode 100644 index e7e47a27..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README +++ /dev/null @@ -1,3 +0,0 @@ -Certificates in this folder will be used to -verify signatures for any controllers the plugin -connects to. diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README b/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README deleted file mode 100644 index 8f5f5e77..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README +++ /dev/null @@ -1,6 +0,0 @@ -Certificates in this folder must match the name -of the controller they should be used to authenticate -with a .pem extension. - -For example, the certificate for the controller -"192.168.0.1" should be named "192.168.0.1.pem". diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/brocade/brocade.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/brocade/brocade.ini deleted file mode 100644 index 916e9e5d..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/brocade/brocade.ini +++ /dev/null @@ -1,29 +0,0 @@ -[switch] -# username = The SSH username to use -# password = The SSH password to use -# address = The address of the host to SSH to -# ostype = Should be NOS, but is unused otherwise -# -# Example: -# username = admin -# password = password -# address = 10.24.84.38 -# ostype = NOS - -[physical_interface] -# physical_interface = The network interface to use when creating a port -# -# Example: -# physical_interface = physnet1 - -[vlans] -# network_vlan_ranges = <physical network name>:nnnn:mmmm -# -# Example: -# network_vlan_ranges = physnet1:1000:2999 - -[linux_bridge] -# physical_interface_mappings = <physical network name>:<local interface> -# -# Example: -# physical_interface_mappings = physnet1:em1 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini deleted file mode 100644 index d99e8382..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini +++ /dev/null @@ -1,15 +0,0 @@ -[cfg_agent] -# (IntOpt) Interval in seconds for processing of service updates. -# That is when the config agent's process_services() loop executes -# and it lets each service helper to process its service resources. -# rpc_loop_interval = 10 - -# (StrOpt) Period-separated module path to the routing service helper class. -# routing_svc_helper_class = neutron.plugins.cisco.cfg_agent.service_helpers.routing_svc_helper.RoutingServiceHelper - -# (IntOpt) Timeout value in seconds for connecting to a hosting device. -# device_connection_timeout = 30 - -# (IntOpt) The time in seconds until a backlogged hosting device is -# presumed dead or booted to an error state. -# hosting_device_dead_timeout = 300 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini deleted file mode 100644 index 17eae737..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini +++ /dev/null @@ -1,100 +0,0 @@ -[cisco] - -# (StrOpt) A short prefix to prepend to the VLAN number when creating a -# VLAN interface. For example, if an interface is being created for -# VLAN 2001 it will be named 'q-2001' using the default prefix. -# -# vlan_name_prefix = q- -# Example: vlan_name_prefix = vnet- - -# (StrOpt) A short prefix to prepend to the VLAN number when creating a -# provider VLAN interface. For example, if an interface is being created -# for provider VLAN 3003 it will be named 'p-3003' using the default prefix. -# -# provider_vlan_name_prefix = p- -# Example: provider_vlan_name_prefix = PV- - -# (BoolOpt) A flag indicating whether Openstack networking should manage the -# creation and removal of VLAN interfaces for provider networks on the Nexus -# switches. If the flag is set to False then Openstack will not create or -# remove VLAN interfaces for provider networks, and the administrator needs -# to manage these interfaces manually or by external orchestration. -# -# provider_vlan_auto_create = True - -# (BoolOpt) A flag indicating whether Openstack networking should manage -# the adding and removing of provider VLANs from trunk ports on the Nexus -# switches. If the flag is set to False then Openstack will not add or -# remove provider VLANs from trunk ports, and the administrator needs to -# manage these operations manually or by external orchestration. -# -# provider_vlan_auto_trunk = True - -# (StrOpt) Period-separated module path to the model class to use for -# the Cisco neutron plugin. -# -# model_class = neutron.plugins.cisco.models.virt_phy_sw_v2.VirtualPhysicalSwitchModelV2 - -# (BoolOpt) A flag to enable Layer 3 support on the Nexus switches. -# Note: This feature is not supported on all models/versions of Cisco -# Nexus switches. To use this feature, all of the Nexus switches in the -# deployment must support it. -# nexus_l3_enable = False - -# (BoolOpt) A flag to enable round robin scheduling of routers for SVI. -# svi_round_robin = False - -# Cisco Nexus Switch configurations. -# Each switch to be managed by Openstack Neutron must be configured here. -# -# N1KV Format. -# [N1KV:<IP address of VSM>] -# username=<credential username> -# password=<credential password> -# -# Example: -# [N1KV:2.2.2.2] -# username=admin -# password=mySecretPassword - -[cisco_n1k] - -# (StrOpt) Specify the name of the integration bridge to which the VIFs are -# attached. -# Default value: br-int -# integration_bridge = br-int - -# (StrOpt) Name of the policy profile to be associated with a port when no -# policy profile is specified during port creates. -# Default value: service_profile -# default_policy_profile = service_profile - -# (StrOpt) Name of the policy profile to be associated with a port owned by -# network node (dhcp, router). -# Default value: dhcp_pp -# network_node_policy_profile = dhcp_pp - -# (StrOpt) Name of the network profile to be associated with a network when no -# network profile is specified during network creates. Admin should pre-create -# a network profile with this name. -# Default value: default_network_profile -# default_network_profile = network_pool - -# (IntOpt) Time in seconds for which the plugin polls the VSM for updates in -# policy profiles. -# Default value: 60 -# poll_duration = 60 - -# (BoolOpt) Specify whether tenants are restricted from accessing all the -# policy profiles. -# Default value: False, indicating all tenants can access all policy profiles. -# -# restrict_policy_profiles = False - -# (IntOpt) Number of threads to use to make HTTP requests to the VSM. -# Default value: 4 -# http_pool_size = 4 - -# (IntOpt) Timeout duration in seconds for the http request -# Default value: 15 -# http_timeout = 15 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini deleted file mode 100644 index 3ef271d2..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini +++ /dev/null @@ -1,76 +0,0 @@ -[general] -#(IntOpt) Time in seconds between renewed scheduling attempts of non-scheduled routers -# backlog_processing_interval = 10 - -#(StrOpt) Name of the L3 admin tenant -# l3_admin_tenant = L3AdminTenant - -#(StrOpt) Name of management network for hosting device configuration -# management_network = osn_mgmt_nw - -#(StrOpt) Default security group applied on management port -# default_security_group = mgmt_sec_grp - -#(IntOpt) Seconds of no status update until a cfg agent is considered down -# cfg_agent_down_time = 60 - -#(StrOpt) Path to templates for hosting devices -# templates_path = /opt/stack/data/neutron/cisco/templates - -#(StrOpt) Path to config drive files for service VM instances -# service_vm_config_path = /opt/stack/data/neutron/cisco/config_drive - -#(BoolOpt) Ensure that Nova is running before attempting to create any VM -# ensure_nova_running = True - -[hosting_devices] -# Settings coupled to CSR1kv VM devices -# ------------------------------------- -#(StrOpt) Name of Glance image for CSR1kv -# csr1kv_image = csr1kv_openstack_img - -#(StrOpt) UUID of Nova flavor for CSR1kv -# csr1kv_flavor = 621 - -#(StrOpt) Plugging driver for CSR1kv -# csr1kv_plugging_driver = neutron.plugins.cisco.l3.plugging_drivers.n1kv_trunking_driver.N1kvTrunkingPlugDriver - -#(StrOpt) Hosting device driver for CSR1kv -# csr1kv_device_driver = neutron.plugins.cisco.l3.hosting_device_drivers.csr1kv_hd_driver.CSR1kvHostingDeviceDriver - -#(StrOpt) Config agent router service driver for CSR1kv -# csr1kv_cfgagent_router_driver = neutron.plugins.cisco.cfg_agent.device_drivers.csr1kv.csr1kv_routing_driver.CSR1kvRoutingDriver - -#(StrOpt) Configdrive template file for CSR1kv -# csr1kv_configdrive_template = csr1kv_cfg_template - -#(IntOpt) Booting time in seconds before a CSR1kv becomes operational -# csr1kv_booting_time = 420 - -#(StrOpt) Username to use for CSR1kv configurations -# csr1kv_username = stack - -#(StrOpt) Password to use for CSR1kv configurations -# csr1kv_password = cisco - -[n1kv] -# Settings coupled to inter-working with N1kv plugin -# -------------------------------------------------- -#(StrOpt) Name of N1kv port profile for management ports -# management_port_profile = osn_mgmt_pp - -#(StrOpt) Name of N1kv port profile for T1 ports (i.e., ports carrying traffic -# from VXLAN segmented networks). -# t1_port_profile = osn_t1_pp - -#(StrOpt) Name of N1kv port profile for T2 ports (i.e., ports carrying traffic -# from VLAN segmented networks). -# t2_port_profile = osn_t2_pp - -#(StrOpt) Name of N1kv network profile for T1 networks (i.e., trunk networks -# for VXLAN segmented traffic). -# t1_network_profile = osn_t1_np - -#(StrOpt) Name of N1kv network profile for T2 networks (i.e., trunk networks -# for VLAN segmented traffic). -# t2_network_profile = osn_t2_np diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini deleted file mode 100644 index 0aee17eb..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini +++ /dev/null @@ -1,26 +0,0 @@ -[cisco_csr_ipsec] -# Status check interval in seconds, for VPNaaS IPSec connections used on CSR -# status_check_interval = 60 - -# Cisco CSR management port information for REST access used by VPNaaS -# TODO(pcm): Remove once CSR is integrated in as a Neutron router. -# -# Format is: -# [cisco_csr_rest:<public IP>] -# rest_mgmt = <mgmt port IP> -# tunnel_ip = <tunnel IP> -# username = <user> -# password = <password> -# timeout = <timeout> -# host = <hostname> -# tunnel_if = <tunnel I/F> -# -# where: -# public IP ----- Public IP address of router used with a VPN service (1:1 with CSR) -# tunnel IP ----- Public IP address of the CSR used for the IPSec tunnel -# mgmt port IP -- IP address of CSR for REST API access -# user ---------- Username for REST management port access to Cisco CSR -# password ------ Password for REST management port access to Cisco CSR -# timeout ------- REST request timeout to Cisco CSR (optional) -# hostname ------ Name of host where CSR is running as a VM -# tunnel I/F ---- CSR port name used for tunnels' IP address diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini deleted file mode 100644 index 0ca9b46f..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini +++ /dev/null @@ -1,41 +0,0 @@ -[heleos] -#configure the ESM management address -#in the first version of this plugin, only one ESM can be specified -#Example: -#esm_mgmt= - -#configure admin username and password -#admin_username= -#admin_password= - -#router image id -#Example: -#router_image=932ce713-e210-3d54-a0a5-518b0b5ee1b0 - -#mgmt shared security zone id -#defines the shared management security zone. Each tenant can have a private one configured through the ESM -#Example: -#mgmt_id=c0bc9b6c-f110-46cf-bb01-733bfe4b5a1a - -#in-band shared security zone id -#defines the shared in-band security zone. Each tenant can have a private one configured through the ESM -#Example: -#inband_id=a6b7999d-3806-4b04-81f6-e0c5c8271afc - -#oob-band shared security zone id -#defines the shared out-of-band security zone. Each tenant can have a private one configured through the ESM -#Example: -#oob_id=e7eda5cc-b977-46cb-9c14-cab43c1b7871 - -#dummy security zone id -#defines the dummy security zone ID. this security zone will be used by the DVAs with no neutron interfaces -#Example: -#dummy_utif_id=d9911310-25fc-4733-a2e0-c0eda024ef08 - -#resource pool id -#define the shared resource pool. Each tenant can have a private one configured through the ESM -#Example -#resource_pool_id= - -#define if the requests have to be executed asynchronously by the plugin or not -#async_requests= diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini deleted file mode 100644 index 5eeec570..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini +++ /dev/null @@ -1,63 +0,0 @@ -[hyperv] -# (StrOpt) Type of network to allocate for tenant networks. The -# default value 'local' is useful only for single-box testing and -# provides no connectivity between hosts. You MUST either change this -# to 'vlan' and configure network_vlan_ranges below or to 'flat'. -# Set to 'none' to disable creation of tenant networks. -# -# tenant_network_type = local -# Example: tenant_network_type = vlan - -# (ListOpt) Comma-separated list of -# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges -# of VLAN IDs on named physical networks that are available for -# allocation. All physical networks listed are available for flat and -# VLAN provider network creation. Specified ranges of VLAN IDs are -# available for tenant network allocation if tenant_network_type is -# 'vlan'. If empty, only gre and local networks may be created. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = physnet1:1000:2999 - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -# (ListOpt) Comma separated list of <physical_network>:<vswitch> -# where the physical networks can be expressed with wildcards, -# e.g.: ."*:external". -# The referred external virtual switches need to be already present on -# the Hyper-V server. -# If a given physical network name will not match any value in the list -# the plugin will look for a virtual switch with the same name. -# -# physical_network_vswitch_mappings = *:external -# Example: physical_network_vswitch_mappings = net1:external1,net2:external2 - -# (StrOpt) Private virtual switch name used for local networking. -# -# local_network_vswitch = private -# Example: local_network_vswitch = custom_vswitch - -# (BoolOpt) Enables metrics collections for switch ports by using Hyper-V's -# metric APIs. Collected data can by retrieved by other apps and services, -# e.g.: Ceilometer. Requires Hyper-V / Windows Server 2012 and above. -# -# enable_metrics_collection = False - -#----------------------------------------------------------------------------- -# Sample Configurations. -#----------------------------------------------------------------------------- -# -# Neutron server: -# -# [HYPERV] -# tenant_network_type = vlan -# network_vlan_ranges = default:2000:3999 -# -# Agent running on Hyper-V node: -# -# [AGENT] -# polling_interval = 2 -# physical_network_vswitch_mappings = *:external -# local_network_vswitch = private diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini deleted file mode 100644 index 0fab5070..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini +++ /dev/null @@ -1,50 +0,0 @@ -[sdnve] -# (ListOpt) The IP address of one (or more) SDN-VE controllers -# Default value is: controller_ips = 127.0.0.1 -# Example: controller_ips = 127.0.0.1,127.0.0.2 -# (StrOpt) The integration bridge for OF based implementation -# The default value for integration_bridge is None -# Example: integration_bridge = br-int -# (ListOpt) The interface mapping connecting the integration -# bridge to external network as a list of physical network names and -# interfaces: <physical_network_name>:<interface_name> -# Example: interface_mappings = default:eth2 -# (BoolOpt) Used to reset the integration bridge, if exists -# The default value for reset_bridge is True -# Example: reset_bridge = False -# (BoolOpt) Used to set the OVS controller as out-of-band -# The default value for out_of_band is True -# Example: out_of_band = False -# -# (BoolOpt) The fake controller for testing purposes -# Default value is: use_fake_controller = False -# (StrOpt) The port number for use with controller -# The default value for the port is 8443 -# Example: port = 8443 -# (StrOpt) The userid for use with controller -# The default value for the userid is admin -# Example: userid = sdnve_user -# (StrOpt) The password for use with controller -# The default value for the password is admin -# Example: password = sdnve_password -# -# (StrOpt) The default type of tenants (and associated resources) -# Available choices are: OVERLAY or OF -# The default value for tenant type is OVERLAY -# Example: default_tenant_type = OVERLAY -# (StrOpt) The string in tenant description that indicates -# Default value for OF tenants: of_signature = SDNVE-OF -# (StrOpt) The string in tenant description that indicates -# Default value for OVERLAY tenants: overlay_signature = SDNVE-OVERLAY - -[sdnve_agent] -# (IntOpt) Agent's polling interval in seconds -# polling_interval = 2 -# (StrOpt) What to use for root helper -# The default value: root_helper = 'sudo' -# (BoolOpt) Whether to use rpc or not -# The default value: rpc = True - -[securitygroup] -# The security group is not supported: -# firewall_driver = neutron.agent.firewall.NoopFirewallDriver diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini deleted file mode 100644 index 94fe9803..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini +++ /dev/null @@ -1,78 +0,0 @@ -[vlans] -# (StrOpt) Type of network to allocate for tenant networks. The -# default value 'local' is useful only for single-box testing and -# provides no connectivity between hosts. You MUST change this to -# 'vlan' and configure network_vlan_ranges below in order for tenant -# networks to provide connectivity between hosts. Set to 'none' to -# disable creation of tenant networks. -# -# tenant_network_type = local -# Example: tenant_network_type = vlan - -# (ListOpt) Comma-separated list of -# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges -# of VLAN IDs on named physical networks that are available for -# allocation. All physical networks listed are available for flat and -# VLAN provider network creation. Specified ranges of VLAN IDs are -# available for tenant network allocation if tenant_network_type is -# 'vlan'. If empty, only local networks may be created. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = physnet1:1000:2999 - -[linux_bridge] -# (ListOpt) Comma-separated list of -# <physical_network>:<physical_interface> tuples mapping physical -# network names to the agent's node-specific physical network -# interfaces to be used for flat and VLAN networks. All physical -# networks listed in network_vlan_ranges on the server should have -# mappings to appropriate interfaces on each agent. -# -# physical_interface_mappings = -# Example: physical_interface_mappings = physnet1:eth1 - -[vxlan] -# (BoolOpt) enable VXLAN on the agent -# VXLAN support can be enabled when agent is managed by ml2 plugin using -# linuxbridge mechanism driver. Useless if set while using linuxbridge plugin. -# enable_vxlan = False -# -# (IntOpt) use specific TTL for vxlan interface protocol packets -# ttl = -# -# (IntOpt) use specific TOS for vxlan interface protocol packets -# tos = -# -# (StrOpt) multicast group to use for broadcast emulation. -# This group must be the same on all the agents. -# vxlan_group = 224.0.0.1 -# -# (StrOpt) Local IP address to use for VXLAN endpoints (required) -# local_ip = -# -# (BoolOpt) Flag to enable l2population extension. This option should be used -# in conjunction with ml2 plugin l2population mechanism driver (in that case, -# both linuxbridge and l2population mechanism drivers should be loaded). -# It enables plugin to populate VXLAN forwarding table, in order to limit -# the use of broadcast emulation (multicast will be turned off if kernel and -# iproute2 supports unicast flooding - requires 3.11 kernel and iproute2 3.10) -# l2_population = False - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -# (BoolOpt) Enable server RPC compatibility with old (pre-havana) -# agents. -# -# rpc_support_old_agents = False -# Example: rpc_support_old_agents = True - -[securitygroup] -# Firewall driver for realizing neutron security group function -# firewall_driver = neutron.agent.firewall.NoopFirewallDriver -# Example: firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini deleted file mode 100644 index 2b9bfa5e..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini +++ /dev/null @@ -1,31 +0,0 @@ -# Config file for Metaplugin - -[meta] -# Comma separated list of flavor:neutron_plugin for plugins to load. -# Extension method is searched in the list order and the first one is used. -plugin_list = 'ml2:neutron.plugins.ml2.plugin.Ml2Plugin,nvp:neutron.plugins.vmware.plugin.NsxPluginV2' - -# Comma separated list of flavor:neutron_plugin for L3 service plugins -# to load. -# This is intended for specifying L2 plugins which support L3 functions. -# If you use a router service plugin, set this blank. -l3_plugin_list = - -# Default flavor to use, when flavor:network is not specified at network -# creation. -default_flavor = 'nvp' - -# Default L3 flavor to use, when flavor:router is not specified at router -# creation. -# Ignored if 'l3_plugin_list' is blank. -default_l3_flavor = - -# Comma separated list of supported extension aliases. -supported_extension_aliases = 'provider,binding,agent,dhcp_agent_scheduler' - -# Comma separated list of method:flavor to select specific plugin for a method. -# This has priority over method search order based on 'plugin_list'. -extension_map = 'get_port_stats:nvp' - -# Specifies flavor for plugin to handle 'q-plugin' RPC requests. -rpc_flavor = 'ml2' diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/midonet/midonet.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/midonet/midonet.ini deleted file mode 100644 index f2e94052..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/midonet/midonet.ini +++ /dev/null @@ -1,19 +0,0 @@ - -[midonet] -# MidoNet API server URI -# midonet_uri = http://localhost:8080/midonet-api - -# MidoNet admin username -# username = admin - -# MidoNet admin password -# password = passw0rd - -# ID of the project that MidoNet admin user belongs to -# project_id = 77777777-7777-7777-7777-777777777777 - -# Virtual provider router ID -# provider_router_id = 00112233-0011-0011-0011-001122334455 - -# Path to midonet host uuid file -# midonet_host_uuid_path = /etc/midolman/host_uuid.properties diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini index b8097ce2..3258a40f 100644 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini +++ b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini @@ -2,42 +2,70 @@ # (ListOpt) List of network type driver entrypoints to be loaded from # the neutron.ml2.type_drivers namespace. # -# type_drivers = local,flat,vlan,gre,vxlan -# Example: type_drivers = flat,vlan,gre,vxlan type_drivers = flat,gre +# Example: type_drivers = flat,vlan,gre,vxlan # (ListOpt) Ordered list of network_types to allocate as tenant # networks. The default value 'local' is useful for single-box testing # but provides no connectivity between hosts. # -# tenant_network_types = local -# Example: tenant_network_types = vlan,gre,vxlan tenant_network_types = gre +# Example: tenant_network_types = vlan,gre,vxlan # (ListOpt) Ordered list of networking mechanism driver entrypoints # to be loaded from the neutron.ml2.mechanism_drivers namespace. -# mechanism_drivers = +mechanism_drivers = openvswitch # Example: mechanism_drivers = openvswitch,mlnx # Example: mechanism_drivers = arista # Example: mechanism_drivers = cisco,logger # Example: mechanism_drivers = openvswitch,brocade # Example: mechanism_drivers = linuxbridge,brocade -mechanism_drivers = openvswitch # (ListOpt) Ordered list of extension driver entrypoints # to be loaded from the neutron.ml2.extension_drivers namespace. # extension_drivers = # Example: extension_drivers = anewextensiondriver +# =========== items for MTU selection and advertisement ============= +# (IntOpt) Path MTU. The maximum permissible size of an unfragmented +# packet travelling from and to addresses where encapsulated Neutron +# traffic is sent. Drivers calculate maximum viable MTU for +# validating tenant requests based on this value (typically, +# path_mtu - max encap header size). If <=0, the path MTU is +# indeterminate and no calculation takes place. +# path_mtu = 0 + +# (IntOpt) Segment MTU. The maximum permissible size of an +# unfragmented packet travelling a L2 network segment. If <=0, +# the segment MTU is indeterminate and no calculation takes place. +# segment_mtu = 0 + +# (ListOpt) Physical network MTUs. List of mappings of physical +# network to MTU value. The format of the mapping is +# <physnet>:<mtu val>. This mapping allows specifying a +# physical network MTU value that differs from the default +# segment_mtu value. +# physical_network_mtus = +# Example: physical_network_mtus = physnet1:1550, physnet2:1500 +# ======== end of items for MTU selection and advertisement ========= + +# (StrOpt) Default network type for external networks when no provider +# attributes are specified. By default it is None, which means that if +# provider attributes are not specified while creating external networks +# then they will have the same type as tenant networks. +# Allowed values for external_network_type config option depend on the +# network type values configured in type_drivers config option. +# external_network_type = +# Example: external_network_type = local + [ml2_type_flat] # (ListOpt) List of physical_network names with which flat networks # can be created. Use * to allow flat networks with arbitrary # physical_network names. # -# flat_networks = +flat_networks = External # Example:flat_networks = physnet1,physnet2 # Example:flat_networks = * -flat_networks = External [ml2_type_vlan] # (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples @@ -47,7 +75,6 @@ flat_networks = External # # network_vlan_ranges = # Example: network_vlan_ranges = physnet1:1000:2999,physnet2 -#network_vlan_ranges = Physnet1:100:200 [ml2_type_gre] # (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation @@ -75,7 +102,7 @@ enable_security_group = True # requires that ipset is installed on L2 agent node. enable_ipset = True -firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver [ovs] local_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini deleted file mode 100644 index abaf5bc7..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini +++ /dev/null @@ -1,100 +0,0 @@ -# Defines configuration options specific for Arista ML2 Mechanism driver - -[ml2_arista] -# (StrOpt) EOS IP address. This is required field. If not set, all -# communications to Arista EOS will fail -# -# eapi_host = -# Example: eapi_host = 192.168.0.1 -# -# (StrOpt) EOS command API username. This is required field. -# if not set, all communications to Arista EOS will fail. -# -# eapi_username = -# Example: arista_eapi_username = admin -# -# (StrOpt) EOS command API password. This is required field. -# if not set, all communications to Arista EOS will fail. -# -# eapi_password = -# Example: eapi_password = my_password -# -# (StrOpt) Defines if hostnames are sent to Arista EOS as FQDNs -# ("node1.domain.com") or as short names ("node1"). This is -# optional. If not set, a value of "True" is assumed. -# -# use_fqdn = -# Example: use_fqdn = True -# -# (IntOpt) Sync interval in seconds between Neutron plugin and EOS. -# This field defines how often the synchronization is performed. -# This is an optional field. If not set, a value of 180 seconds -# is assumed. -# -# sync_interval = -# Example: sync_interval = 60 -# -# (StrOpt) Defines Region Name that is assigned to this OpenStack Controller. -# This is useful when multiple OpenStack/Neutron controllers are -# managing the same Arista HW clusters. Note that this name must -# match with the region name registered (or known) to keystone -# service. Authentication with Keysotne is performed by EOS. -# This is optional. If not set, a value of "RegionOne" is assumed. -# -# region_name = -# Example: region_name = RegionOne - - -[l3_arista] - -# (StrOpt) primary host IP address. This is required field. If not set, all -# communications to Arista EOS will fail. This is the host where -# primary router is created. -# -# primary_l3_host = -# Example: primary_l3_host = 192.168.10.10 -# -# (StrOpt) Primary host username. This is required field. -# if not set, all communications to Arista EOS will fail. -# -# primary_l3_host_username = -# Example: arista_primary_l3_username = admin -# -# (StrOpt) Primary host password. This is required field. -# if not set, all communications to Arista EOS will fail. -# -# primary_l3_host_password = -# Example: primary_l3_password = my_password -# -# (StrOpt) IP address of the second Arista switch paired as -# MLAG (Multi-chassis Link Aggregation) with the first. -# This is optional field, however, if mlag_config flag is set, -# then this is a required field. If not set, all -# communications to Arista EOS will fail. If mlag_config is set -# to False, then this field is ignored -# -# seconadary_l3_host = -# Example: seconadary_l3_host = 192.168.10.20 -# -# (BoolOpt) Defines if Arista switches are configured in MLAG mode -# If yes, all L3 configuration is pushed to both switches -# automatically. If this flag is set, ensure that secondary_l3_host -# is set to the second switch's IP. -# This flag is Optional. If not set, a value of "False" is assumed. -# -# mlag_config = -# Example: mlag_config = True -# -# (BoolOpt) Defines if the router is created in default VRF or a -# a specific VRF. This is optional. -# If not set, a value of "False" is assumed. -# -# Example: use_vrf = True -# -# (IntOpt) Sync interval in seconds between Neutron plugin and EOS. -# This field defines how often the synchronization is performed. -# This is an optional field. If not set, a value of 180 seconds -# is assumed. -# -# l3_sync_interval = -# Example: l3_sync_interval = 60 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini deleted file mode 100644 index 67574110..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini +++ /dev/null @@ -1,15 +0,0 @@ -[ml2_brocade] -# username = <mgmt admin username> -# password = <mgmt admin password> -# address = <switch mgmt ip address> -# ostype = NOS -# osversion = autodetect | n.n.n -# physical_networks = physnet1,physnet2 -# -# Example: -# username = admin -# password = password -# address = 10.24.84.38 -# ostype = NOS -# osversion = 4.1.1 -# physical_networks = physnet1,physnet2 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini deleted file mode 100644 index 1b69100e..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini +++ /dev/null @@ -1,118 +0,0 @@ -[ml2_cisco] - -# (StrOpt) A short prefix to prepend to the VLAN number when creating a -# VLAN interface. For example, if an interface is being created for -# VLAN 2001 it will be named 'q-2001' using the default prefix. -# -# vlan_name_prefix = q- -# Example: vlan_name_prefix = vnet- - -# (BoolOpt) A flag to enable round robin scheduling of routers for SVI. -# svi_round_robin = False - -# -# (StrOpt) The name of the physical_network managed via the Cisco Nexus Switch. -# This string value must be present in the ml2_conf.ini network_vlan_ranges -# variable. -# -# managed_physical_network = -# Example: managed_physical_network = physnet1 - -# Cisco Nexus Switch configurations. -# Each switch to be managed by Openstack Neutron must be configured here. -# -# Cisco Nexus Switch Format. -# [ml2_mech_cisco_nexus:<IP address of switch>] -# <hostname>=<intf_type:port> (1) -# ssh_port=<ssh port> (2) -# username=<credential username> (3) -# password=<credential password> (4) -# -# (1) For each host connected to a port on the switch, specify the hostname -# and the Nexus physical port (interface) it is connected to. -# Valid intf_type's are 'ethernet' and 'port-channel'. -# The default setting for <intf_type:> is 'ethernet' and need not be -# added to this setting. -# (2) The TCP port for connecting via SSH to manage the switch. This is -# port number 22 unless the switch has been configured otherwise. -# (3) The username for logging into the switch to manage it. -# (4) The password for logging into the switch to manage it. -# -# Example: -# [ml2_mech_cisco_nexus:1.1.1.1] -# compute1=1/1 -# compute2=ethernet:1/2 -# compute3=port-channel:1 -# ssh_port=22 -# username=admin -# password=mySecretPassword - -[ml2_cisco_apic] - -# Hostname:port list of APIC controllers -# apic_hosts = 1.1.1.1:80, 1.1.1.2:8080, 1.1.1.3:80 - -# Username for the APIC controller -# apic_username = user - -# Password for the APIC controller -# apic_password = password - -# Whether use SSl for connecting to the APIC controller or not -# apic_use_ssl = True - -# How to map names to APIC: use_uuid or use_name -# apic_name_mapping = use_name - -# Names for APIC objects used by Neutron -# Note: When deploying multiple clouds against one APIC, -# these names must be unique between the clouds. -# apic_vmm_domain = openstack -# apic_vlan_ns_name = openstack_ns -# apic_node_profile = openstack_profile -# apic_entity_profile = openstack_entity -# apic_function_profile = openstack_function -# apic_app_profile_name = openstack_app -# Agent timers for State reporting and topology discovery -# apic_sync_interval = 30 -# apic_agent_report_interval = 30 -# apic_agent_poll_interval = 2 - -# Specify your network topology. -# This section indicates how your compute nodes are connected to the fabric's -# switches and ports. The format is as follows: -# -# [apic_switch:<swich_id_from_the_apic>] -# <compute_host>,<compute_host> = <switchport_the_host(s)_are_connected_to> -# -# You can have multiple sections, one for each switch in your fabric that is -# participating in Openstack. e.g. -# -# [apic_switch:17] -# ubuntu,ubuntu1 = 1/10 -# ubuntu2,ubuntu3 = 1/11 -# -# [apic_switch:18] -# ubuntu5,ubuntu6 = 1/1 -# ubuntu7,ubuntu8 = 1/2 - -# Describe external connectivity. -# In this section you can specify the external network configuration in order -# for the plugin to be able to teach the fabric how to route the internal -# traffic to the outside world. The external connectivity configuration -# format is as follows: -# -# [apic_external_network:<externalNetworkName>] -# switch = <switch_id_from_the_apic> -# port = <switchport_the_external_router_is_connected_to> -# encap = <encapsulation> -# cidr_exposed = <cidr_exposed_to_the_external_router> -# gateway_ip = <ip_of_the_external_gateway> -# -# An example follows: -# [apic_external_network:network_ext] -# switch=203 -# port=1/34 -# encap=vlan-100 -# cidr_exposed=10.10.40.2/16 -# gateway_ip=10.10.40.1 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini deleted file mode 100644 index 6ee4a4e0..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini +++ /dev/null @@ -1,52 +0,0 @@ -# Defines Configuration options for FSL SDN OS Mechanism Driver -# Cloud Resource Discovery (CRD) authorization credentials -[ml2_fslsdn] -#(StrOpt) User name for authentication to CRD. -# e.g.: user12 -# -# crd_user_name = - -#(StrOpt) Password for authentication to CRD. -# e.g.: secret -# -# crd_password = - -#(StrOpt) Tenant name for CRD service. -# e.g.: service -# -# crd_tenant_name = - -#(StrOpt) CRD auth URL. -# e.g.: http://127.0.0.1:5000/v2.0/ -# -# crd_auth_url = - -#(StrOpt) URL for connecting to CRD Service. -# e.g.: http://127.0.0.1:9797 -# -# crd_url= - -#(IntOpt) Timeout value for connecting to CRD service -# in seconds, e.g.: 30 -# -# crd_url_timeout= - -#(StrOpt) Region name for connecting to CRD in -# admin context, e.g.: RegionOne -# -# crd_region_name= - -#(BoolOpt)If set, ignore any SSL validation issues (boolean value) -# e.g.: False -# -# crd_api_insecure= - -#(StrOpt)Authorization strategy for connecting to CRD in admin -# context, e.g.: keystone -# -# crd_auth_strategy= - -#(StrOpt)Location of CA certificates file to use for CRD client -# requests. -# -# crd_ca_certificates_file= diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini deleted file mode 100644 index 46139aed..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini +++ /dev/null @@ -1,4 +0,0 @@ -[eswitch] -# (StrOpt) Type of Network Interface to allocate for VM: -# mlnx_direct or hostdev according to libvirt terminology -# vnic_type = mlnx_direct diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini deleted file mode 100644 index dbbfcbd2..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini +++ /dev/null @@ -1,28 +0,0 @@ -# Defines configuration options specific to the Tail-f NCS Mechanism Driver - -[ml2_ncs] -# (StrOpt) Tail-f NCS HTTP endpoint for REST access to the OpenStack -# subtree. -# If this is not set then no HTTP requests will be made. -# -# url = -# Example: url = http://ncs/api/running/services/openstack - -# (StrOpt) Username for HTTP basic authentication to NCS. -# This is an optional parameter. If unspecified then no authentication is used. -# -# username = -# Example: username = admin - -# (StrOpt) Password for HTTP basic authentication to NCS. -# This is an optional parameter. If unspecified then no authentication is used. -# -# password = -# Example: password = admin - -# (IntOpt) Timeout in seconds to wait for NCS HTTP request completion. -# This is an optional parameter, default value is 10 seconds. -# -# timeout = -# Example: timeout = 15 - diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini deleted file mode 100644 index 9e88c1bb..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini +++ /dev/null @@ -1,30 +0,0 @@ -# Configuration for the OpenDaylight MechanismDriver - -[ml2_odl] -# (StrOpt) OpenDaylight REST URL -# If this is not set then no HTTP requests will be made. -# -# url = -# Example: url = http://192.168.56.1:8080/controller/nb/v2/neutron - -# (StrOpt) Username for HTTP basic authentication to ODL. -# -# username = -# Example: username = admin - -# (StrOpt) Password for HTTP basic authentication to ODL. -# -# password = -# Example: password = admin - -# (IntOpt) Timeout in seconds to wait for ODL HTTP request completion. -# This is an optional parameter, default value is 10 seconds. -# -# timeout = 10 -# Example: timeout = 15 - -# (IntOpt) Timeout in minutes to wait for a Tomcat session timeout. -# This is an optional parameter, default value is 30 minutes. -# -# session_timeout = 30 -# Example: session_timeout = 60 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini deleted file mode 100644 index 4a94b987..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini +++ /dev/null @@ -1,13 +0,0 @@ -# Defines configuration options specific to the OpenFlow Agent Mechanism Driver - -[ovs] -# Please refer to configuration options to the OpenvSwitch - -[agent] -# (IntOpt) Number of seconds to retry acquiring an Open vSwitch datapath. -# This is an optional parameter, default value is 60 seconds. -# -# get_datapath_retry_times = -# Example: get_datapath_retry_times = 30 - -# Please refer to configuration options to the OpenvSwitch else the above. diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini deleted file mode 100644 index 9566f54c..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini +++ /dev/null @@ -1,31 +0,0 @@ -# Defines configuration options for SRIOV NIC Switch MechanismDriver -# and Agent - -[ml2_sriov] -# (ListOpt) Comma-separated list of -# supported Vendor PCI Devices, in format vendor_id:product_id -# -# supported_pci_vendor_devs = 15b3:1004, 8086:10c9 -# Example: supported_pci_vendor_devs = 15b3:1004 -# -# (BoolOpt) Requires running SRIOV neutron agent for port binding -# agent_required = True - -[sriov_nic] -# (ListOpt) Comma-separated list of <physical_network>:<network_device> -# tuples mapping physical network names to the agent's node-specific -# physical network device interfaces of SR-IOV physical function to be used -# for VLAN networks. All physical networks listed in network_vlan_ranges on -# the server should have mappings to appropriate interfaces on each agent. -# -# physical_device_mappings = -# Example: physical_device_mappings = physnet1:eth1 -# -# (ListOpt) Comma-separated list of <network_device>:<vfs__to_exclude> -# tuples, mapping network_device to the agent's node-specific list of virtual -# functions that should not be used for virtual networking. -# vfs_to_exclude is a semicolon-separated list of virtual -# functions to exclude from network_device. The network_device in the -# mapping should appear in the physical_device_mappings list. -# exclude_devices = -# Example: exclude_devices = eth1:0000:07:00.2; 0000:07:00.3 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini deleted file mode 100644 index b1225111..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini +++ /dev/null @@ -1,79 +0,0 @@ -[mlnx] -# (StrOpt) Type of network to allocate for tenant networks. The -# default value is 'vlan' You MUST configure network_vlan_ranges below -# in order for tenant networks to provide connectivity between hosts. -# Set to 'none' to disable creation of tenant networks. -# -# tenant_network_type = vlan -# Example: tenant_network_type = vlan - -# (ListOpt) Comma-separated list of -# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges -# of VLAN IDs on named physical networks that are available for -# allocation. All physical networks listed are available for flat and -# VLAN provider network creation. Specified ranges of VLAN IDs are -# available for tenant network allocation if tenant_network_type is -# 'vlan'. If empty, only local networks may be created. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = default:1:100 - -# (ListOpt) Comma-separated list of -# <physical_network>:<physical_network_type> tuples mapping physical -# network names to physical network types. All physical -# networks listed in network_vlan_ranges should have -# mappings to appropriate physical network type. -# Type of the physical network can be either eth (Ethernet) or -# ib (InfiniBand). If empty, physical network eth type is assumed. -# -# physical_network_type_mappings = -# Example: physical_network_type_mappings = default:eth - -# (StrOpt) Type of the physical network, can be either 'eth' or 'ib' -# The default value is 'eth' -# physical_network_type = eth - -[eswitch] -# (ListOpt) Comma-separated list of -# <physical_network>:<physical_interface> tuples mapping physical -# network names to the agent's node-specific physical network -# interfaces to be used for flat and VLAN networks. All physical -# networks listed in network_vlan_ranges on the server should have -# mappings to appropriate interfaces on each agent. -# -# physical_interface_mappings = -# Example: physical_interface_mappings = default:eth2 - -# (StrOpt) Type of Network Interface to allocate for VM: -# direct or hosdev according to libvirt terminology -# vnic_type = mlnx_direct - -# (StrOpt) Eswitch daemon end point connection url -# daemon_endpoint = 'tcp://127.0.0.1:60001' - -# The number of milliseconds the agent will wait for -# response on request to daemon -# request_timeout = 3000 - -# The number of retries the agent will send request -# to daemon before giving up -# retries = 3 - -# The backoff rate multiplier for waiting period between retries -# on request to daemon, i.e. value of 2 will double -# the request timeout each retry -# backoff_rate = 2 - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -# (BoolOpt) Enable server RPC compatibility with old (pre-havana) -# agents. -# -# rpc_support_old_agents = False - -[securitygroup] -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/nec/nec.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/nec/nec.ini deleted file mode 100644 index aa4171da..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/nec/nec.ini +++ /dev/null @@ -1,60 +0,0 @@ -# Sample Configurations - -[ovs] -# Do not change this parameter unless you have a good reason to. -# This is the name of the OVS integration bridge. There is one per hypervisor. -# The integration bridge acts as a virtual "patch port". All VM VIFs are -# attached to this bridge and then "patched" according to their network -# connectivity. -# integration_bridge = br-int - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -[securitygroup] -# Firewall driver for realizing neutron security group function -firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True - -[ofc] -# Specify OpenFlow Controller Host, Port and Driver to connect. -# host = 127.0.0.1 -# port = 8888 - -# Base URL of OpenFlow Controller REST API. -# It is prepended to a path of each API request. -# path_prefix = - -# Drivers are in neutron/plugins/nec/drivers/ . -# driver = trema - -# PacketFilter is available when it's enabled in this configuration -# and supported by the driver. -# enable_packet_filter = true - -# Use SSL to connect -# use_ssl = false - -# Key file -# key_file = - -# Certificate file -# cert_file = - -# Disable SSL certificate verification -# insecure_ssl = false - -# Maximum attempts per OFC API request. NEC plugin retries -# API request to OFC when OFC returns ServiceUnavailable (503). -# The value must be greater than 0. -# api_max_attempts = 3 - -[provider] -# Default router provider to use. -# default_router_provider = l3-agent -# List of enabled router providers. -# router_providers = l3-agent,openflow diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini deleted file mode 100644 index aad37bd5..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini +++ /dev/null @@ -1,41 +0,0 @@ -# Please fill in the correct data for all the keys below and uncomment key-value pairs -[restproxy] -# (StrOpt) Default Network partition in which VSD will -# orchestrate network resources using openstack -# -#default_net_partition_name = <default-net-partition-name> - -# (StrOpt) Nuage provided uri for initial authorization to -# access VSD -# -#auth_resource = /auth - -# (StrOpt) IP Address and Port of VSD -# -#server = ip:port - -# (StrOpt) Organization name in which VSD will orchestrate -# network resources using openstack -# -#organization = org - -# (StrOpt) Username and password of VSD for authentication -# -#serverauth = uname:pass - -# (BoolOpt) Boolean for SSL connection with VSD server -# -#serverssl = True - -# (StrOpt) Nuage provided base uri to reach out to VSD -# -#base_uri = /base - -[syncmanager] -# (BoolOpt) Boolean to enable sync between openstack and VSD -# -#enable_sync = False - -# (IntOpt) Sync interval in seconds between openstack and VSD -# -#sync_interval = 0
\ No newline at end of file diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini deleted file mode 100644 index a1c05d97..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini +++ /dev/null @@ -1,35 +0,0 @@ -[nvsd] -# Configure the NVSD controller. The plugin proxies the api calls using -# to NVSD controller which implements the required functionality. - -# IP address of NVSD controller api server -# nvsd_ip = <ip address of nvsd controller> - -# Port number of NVSD controller api server -# nvsd_port = 8082 - -# Authentication credentials to access the api server -# nvsd_user = <nvsd controller username> -# nvsd_passwd = <password> - -# API request timeout in seconds -# request_timeout = <default request timeout> - -# Maximum number of retry attempts to login to the NVSD controller -# Specify 0 to retry until success (default) -# nvsd_retries = 0 - -[securitygroup] -# Specify firewall_driver option, if neutron security groups are disabled, -# then NoopFirewallDriver otherwise OVSHybridIptablesFirewallDriver. -# firewall_driver = neutron.agent.firewall.NoopFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True - -[agent] -# root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf - -[database] -# connection = mysql://root:<passwd>@127.0.0.1/<neutron_db>?charset=utf8 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini deleted file mode 100644 index 629f1fc4..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini +++ /dev/null @@ -1,26 +0,0 @@ -# OpenContrail is an Apache 2.0-licensed project that is built using -# standards-based protocols and provides all the necessary components for -# network virtualization–SDN controller, virtual router, analytics engine, -# and published northbound APIs -# For more information visit: http://opencontrail.org - -# Opencontrail plugin specific configuration -[CONTRAIL] -# (StrOpt) IP address to connect to opencontrail controller. -# Uncomment this line for specifying the IP address of the opencontrail -# Api-Server. -# Default value is local host(127.0.0.1). -# api_server_ip='127.0.0.1' - -# (IntOpt) port to connect to opencontrail controller. -# Uncomment this line for the specifying the Port of the opencontrail -# Api-Server. -# Default value is 8082 -# api_server_port=8082 - -# (DictOpt) enable opencontrail extensions -# Opencontrail in future would support extension such as ipam, policy, -# these extensions can be configured as shown below. Plugin will then -# load the specified extensions. -# Default value is None, it wont load any extension -# contrail_extensions=ipam:<classpath>,policy:<classpath> diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini deleted file mode 100644 index 9c8e6b58..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini +++ /dev/null @@ -1,190 +0,0 @@ -[ovs] -# (StrOpt) Type of network to allocate for tenant networks. The -# default value 'local' is useful only for single-box testing and -# provides no connectivity between hosts. You MUST either change this -# to 'vlan' and configure network_vlan_ranges below or change this to -# 'gre' or 'vxlan' and configure tunnel_id_ranges below in order for -# tenant networks to provide connectivity between hosts. Set to 'none' -# to disable creation of tenant networks. -# -# tenant_network_type = local -# Example: tenant_network_type = gre -# Example: tenant_network_type = vxlan - -# (ListOpt) Comma-separated list of -# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges -# of VLAN IDs on named physical networks that are available for -# allocation. All physical networks listed are available for flat and -# VLAN provider network creation. Specified ranges of VLAN IDs are -# available for tenant network allocation if tenant_network_type is -# 'vlan'. If empty, only gre, vxlan and local networks may be created. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = physnet1:1000:2999 - -# (BoolOpt) Set to True in the server and the agents to enable support -# for GRE or VXLAN networks. Requires kernel support for OVS patch ports and -# GRE or VXLAN tunneling. -# -# WARNING: This option will be deprecated in the Icehouse release, at which -# point setting tunnel_type below will be required to enable -# tunneling. -# -# enable_tunneling = False - -# (StrOpt) The type of tunnel network, if any, supported by the plugin. If -# this is set, it will cause tunneling to be enabled. If this is not set and -# the option enable_tunneling is set, this will default to 'gre'. -# -# tunnel_type = -# Example: tunnel_type = gre -# Example: tunnel_type = vxlan - -# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples -# enumerating ranges of GRE or VXLAN tunnel IDs that are available for -# tenant network allocation if tenant_network_type is 'gre' or 'vxlan'. -# -# tunnel_id_ranges = -# Example: tunnel_id_ranges = 1:1000 - -# Do not change this parameter unless you have a good reason to. -# This is the name of the OVS integration bridge. There is one per hypervisor. -# The integration bridge acts as a virtual "patch bay". All VM VIFs are -# attached to this bridge and then "patched" according to their network -# connectivity. -# -# integration_bridge = br-int - -# Only used for the agent if tunnel_id_ranges (above) is not empty for -# the server. In most cases, the default value should be fine. -# -# tunnel_bridge = br-tun - -# Peer patch port in integration bridge for tunnel bridge -# int_peer_patch_port = patch-tun - -# Peer patch port in tunnel bridge for integration bridge -# tun_peer_patch_port = patch-int - -# Uncomment this line for the agent if tunnel_id_ranges (above) is not -# empty for the server. Set local-ip to be the local IP address of -# this hypervisor. -# -# local_ip = - -# (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples -# mapping physical network names to the agent's node-specific OVS -# bridge names to be used for flat and VLAN networks. The length of -# bridge names should be no more than 11. Each bridge must -# exist, and should have a physical network interface configured as a -# port. All physical networks listed in network_vlan_ranges on the -# server should have mappings to appropriate bridges on each agent. -# -# bridge_mappings = -# Example: bridge_mappings = physnet1:br-eth1 - -# (BoolOpt) Use veths instead of patch ports to interconnect the integration -# bridge to physical networks. Support kernel without ovs patch port support -# so long as it is set to True. -# use_veth_interconnection = False - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -# Minimize polling by monitoring ovsdb for interface changes -# minimize_polling = True - -# When minimize_polling = True, the number of seconds to wait before -# respawning the ovsdb monitor after losing communication with it -# ovsdb_monitor_respawn_interval = 30 - -# (ListOpt) The types of tenant network tunnels supported by the agent. -# Setting this will enable tunneling support in the agent. This can be set to -# either 'gre' or 'vxlan'. If this is unset, it will default to [] and -# disable tunneling support in the agent. When running the agent with the OVS -# plugin, this value must be the same as "tunnel_type" in the "[ovs]" section. -# When running the agent with ML2, you can specify as many values here as -# your compute hosts supports. -# -# tunnel_types = -# Example: tunnel_types = gre -# Example: tunnel_types = vxlan -# Example: tunnel_types = vxlan, gre - -# (IntOpt) The port number to utilize if tunnel_types includes 'vxlan'. By -# default, this will make use of the Open vSwitch default value of '4789' if -# not specified. -# -# vxlan_udp_port = -# Example: vxlan_udp_port = 8472 - -# (IntOpt) This is the MTU size of veth interfaces. -# Do not change unless you have a good reason to. -# The default MTU size of veth interfaces is 1500. -# This option has no effect if use_veth_interconnection is False -# veth_mtu = -# Example: veth_mtu = 1504 - -# (BoolOpt) Flag to enable l2-population extension. This option should only be -# used in conjunction with ml2 plugin and l2population mechanism driver. It'll -# enable plugin to populate remote ports macs and IPs (using fdb_add/remove -# RPC calbbacks instead of tunnel_sync/update) on OVS agents in order to -# optimize tunnel management. -# -# l2_population = False - -# Enable local ARP responder. Requires OVS 2.1. This is only used by the l2 -# population ML2 MechanismDriver. -# -# arp_responder = False - -# (BoolOpt) Set or un-set the don't fragment (DF) bit on outgoing IP packet -# carrying GRE/VXLAN tunnel. The default value is True. -# -# dont_fragment = True - -# (BoolOpt) Set to True on L2 agents to enable support -# for distributed virtual routing. -# -# enable_distributed_routing = False - -[securitygroup] -# Firewall driver for realizing neutron security group function. -# firewall_driver = neutron.agent.firewall.NoopFirewallDriver -# Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True - -#----------------------------------------------------------------------------- -# Sample Configurations. -#----------------------------------------------------------------------------- -# -# 1. With VLANs on eth1. -# [ovs] -# network_vlan_ranges = default:2000:3999 -# tunnel_id_ranges = -# integration_bridge = br-int -# bridge_mappings = default:br-eth1 -# -# 2. With GRE tunneling. -# [ovs] -# network_vlan_ranges = -# tunnel_id_ranges = 1:1000 -# integration_bridge = br-int -# tunnel_bridge = br-tun -# local_ip = 10.0.0.3 -# -# 3. With VXLAN tunneling. -# [ovs] -# network_vlan_ranges = -# tenant_network_type = vxlan -# tunnel_type = vxlan -# tunnel_id_ranges = 1:1000 -# integration_bridge = br-int -# tunnel_bridge = br-tun -# local_ip = 10.0.0.3 -# [agent] -# tunnel_types = vxlan diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini deleted file mode 100644 index bfe8062a..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini +++ /dev/null @@ -1,14 +0,0 @@ -# Config file for Neutron PLUMgrid Plugin - -[plumgriddirector] -# This line should be pointing to the PLUMgrid Director, -# for the PLUMgrid platform. -# director_server=<director-ip-address> -# director_server_port=<director-port> -# Authentification parameters for the Director. -# These are the admin credentials to manage and control -# the PLUMgrid Director server. -# username=<director-admin-username> -# password=<director-admin-password> -# servertimeout=5 -# driver=<plugin-driver> diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/vmware/nsx.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/vmware/nsx.ini deleted file mode 100644 index baca73b8..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/vmware/nsx.ini +++ /dev/null @@ -1,200 +0,0 @@ -[DEFAULT] -# User name for NSX controller -# nsx_user = admin - -# Password for NSX controller -# nsx_password = admin - -# Time before aborting a request on an unresponsive controller (Seconds) -# http_timeout = 75 - -# Maximum number of times a particular request should be retried -# retries = 2 - -# Maximum number of times a redirect response should be followed -# redirects = 2 - -# Comma-separated list of NSX controller endpoints (<ip>:<port>). When port -# is omitted, 443 is assumed. This option MUST be specified, e.g.: -# nsx_controllers = xx.yy.zz.ww:443, aa.bb.cc.dd, ee.ff.gg.hh.ee:80 - -# UUID of the pre-existing default NSX Transport zone to be used for creating -# tunneled isolated "Neutron" networks. This option MUST be specified, e.g.: -# default_tz_uuid = 1e8e52cf-fa7f-46b0-a14a-f99835a9cb53 - -# (Optional) UUID for the default l3 gateway service to use with this cluster. -# To be specified if planning to use logical routers with external gateways. -# default_l3_gw_service_uuid = - -# (Optional) UUID for the default l2 gateway service to use with this cluster. -# To be specified for providing a predefined gateway tenant for connecting their networks. -# default_l2_gw_service_uuid = - -# (Optional) UUID for the default service cluster. A service cluster is introduced to -# represent a group of gateways and it is needed in order to use Logical Services like -# dhcp and metadata in the logical space. NOTE: If agent_mode is set to 'agentless' this -# config parameter *MUST BE* set to a valid pre-existent service cluster uuid. -# default_service_cluster_uuid = - -# Name of the default interface name to be used on network-gateway. This value -# will be used for any device associated with a network gateway for which an -# interface name was not specified -# default_interface_name = breth0 - -[quotas] -# number of network gateways allowed per tenant, -1 means unlimited -# quota_network_gateway = 5 - -[vcns] -# URL for VCNS manager -# manager_uri = https://management_ip - -# User name for VCNS manager -# user = admin - -# Password for VCNS manager -# password = default - -# (Optional) Datacenter ID for Edge deployment -# datacenter_moid = - -# (Optional) Deployment Container ID for NSX Edge deployment -# If not specified, either a default global container will be used, or -# the resource pool and datastore specified below will be used -# deployment_container_id = - -# (Optional) Resource pool ID for NSX Edge deployment -# resource_pool_id = - -# (Optional) Datastore ID for NSX Edge deployment -# datastore_id = - -# (Required) UUID of logic switch for physical network connectivity -# external_network = - -# (Optional) Asynchronous task status check interval -# default is 2000 (millisecond) -# task_status_check_interval = 2000 - -[nsx] -# Maximum number of ports for each bridged logical switch -# The recommended value for this parameter varies with NSX version -# Please use: -# NSX 2.x -> 64 -# NSX 3.0, 3.1 -> 5000 -# NSX 3.2 -> 10000 -# max_lp_per_bridged_ls = 5000 - -# Maximum number of ports for each overlay (stt, gre) logical switch -# max_lp_per_overlay_ls = 256 - -# Number of connections to each controller node. -# default is 10 -# concurrent_connections = 10 - -# Number of seconds a generation id should be valid for (default -1 meaning do not time out) -# nsx_gen_timeout = -1 - -# Acceptable values for 'metadata_mode' are: -# - 'access_network': this enables a dedicated connection to the metadata -# proxy for metadata server access via Neutron router. -# - 'dhcp_host_route': this enables host route injection via the dhcp agent. -# This option is only useful if running on a host that does not support -# namespaces otherwise access_network should be used. -# metadata_mode = access_network - -# The default network transport type to use (stt, gre, bridge, ipsec_gre, or ipsec_stt) -# default_transport_type = stt - -# Specifies in which mode the plugin needs to operate in order to provide DHCP and -# metadata proxy services to tenant instances. If 'agent' is chosen (default) -# the NSX plugin relies on external RPC agents (i.e. dhcp and metadata agents) to -# provide such services. In this mode, the plugin supports API extensions 'agent' -# and 'dhcp_agent_scheduler'. If 'agentless' is chosen (experimental in Icehouse), -# the plugin will use NSX logical services for DHCP and metadata proxy. This -# simplifies the deployment model for Neutron, in that the plugin no longer requires -# the RPC agents to operate. When 'agentless' is chosen, the config option metadata_mode -# becomes ineffective. The 'agentless' mode is supported from NSX 4.2 or above. -# Furthermore, a 'combined' mode is also provided and is used to support existing -# deployments that want to adopt the agentless mode going forward. With this mode, -# existing networks keep being served by the existing infrastructure (thus preserving -# backward compatibility, whereas new networks will be served by the new infrastructure. -# Migration tools are provided to 'move' one network from one model to another; with -# agent_mode set to 'combined', option 'network_auto_schedule' in neutron.conf is -# ignored, as new networks will no longer be scheduled to existing dhcp agents. -# agent_mode = agent - -# Specifies which mode packet replication should be done in. If set to service -# a service node is required in order to perform packet replication. This can -# also be set to source if one wants replication to be performed locally (NOTE: -# usually only useful for testing if one does not want to deploy a service node). -# In order to leverage distributed routers, replication_mode should be set to -# "service". -# replication_mode = service - -[nsx_sync] -# Interval in seconds between runs of the status synchronization task. -# The plugin will aim at resynchronizing operational status for all -# resources in this interval, and it should be therefore large enough -# to ensure the task is feasible. Otherwise the plugin will be -# constantly synchronizing resource status, ie: a new task is started -# as soon as the previous is completed. -# If this value is set to 0, the state synchronization thread for this -# Neutron instance will be disabled. -# state_sync_interval = 10 - -# Random additional delay between two runs of the state synchronization task. -# An additional wait time between 0 and max_random_sync_delay seconds -# will be added on top of state_sync_interval. -# max_random_sync_delay = 0 - -# Minimum delay, in seconds, between two status synchronization requests for NSX. -# Depending on chunk size, controller load, and other factors, state -# synchronization requests might be pretty heavy. This means the -# controller might take time to respond, and its load might be quite -# increased by them. This parameter allows to specify a minimum -# interval between two subsequent requests. -# The value for this parameter must never exceed state_sync_interval. -# If this does, an error will be raised at startup. -# min_sync_req_delay = 1 - -# Minimum number of resources to be retrieved from NSX in a single status -# synchronization request. -# The actual size of the chunk will increase if the number of resources is such -# that using the minimum chunk size will cause the interval between two -# requests to be less than min_sync_req_delay -# min_chunk_size = 500 - -# Enable this option to allow punctual state synchronization on show -# operations. In this way, show operations will always fetch the operational -# status of the resource from the NSX backend, and this might have -# a considerable impact on overall performance. -# always_read_status = False - -[nsx_lsn] -# Pull LSN information from NSX in case it is missing from the local -# data store. This is useful to rebuild the local store in case of -# server recovery -# sync_on_missing_data = False - -[nsx_dhcp] -# (Optional) Comma separated list of additional dns servers. Default is an empty list -# extra_domain_name_servers = - -# Domain to use for building the hostnames -# domain_name = openstacklocal - -# Default DHCP lease time -# default_lease_time = 43200 - -[nsx_metadata] -# IP address used by Metadata server -# metadata_server_address = 127.0.0.1 - -# TCP Port used by Metadata server -# metadata_server_port = 8775 - -# When proxying metadata requests, Neutron signs the Instance-ID header with a -# shared secret to prevent spoofing. You may select any string for a secret, -# but it MUST match with the configuration used by the Metadata server -# metadata_shared_secret = diff --git a/install-files/openstack/usr/share/openstack/neutron/policy.json b/install-files/openstack/usr/share/openstack/neutron/policy.json deleted file mode 100644 index e7db4357..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/policy.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "context_is_admin": "role:admin", - "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s", - "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s", - "admin_only": "rule:context_is_admin", - "regular_user": "", - "shared": "field:networks:shared=True", - "shared_firewalls": "field:firewalls:shared=True", - "external": "field:networks:router:external=True", - "default": "rule:admin_or_owner", - - "create_subnet": "rule:admin_or_network_owner", - "get_subnet": "rule:admin_or_owner or rule:shared", - "update_subnet": "rule:admin_or_network_owner", - "delete_subnet": "rule:admin_or_network_owner", - - "create_network": "", - "get_network": "rule:admin_or_owner or rule:shared or rule:external", - "get_network:router:external": "rule:regular_user", - "get_network:segments": "rule:admin_only", - "get_network:provider:network_type": "rule:admin_only", - "get_network:provider:physical_network": "rule:admin_only", - "get_network:provider:segmentation_id": "rule:admin_only", - "get_network:queue_id": "rule:admin_only", - "create_network:shared": "rule:admin_only", - "create_network:router:external": "rule:admin_only", - "create_network:segments": "rule:admin_only", - "create_network:provider:network_type": "rule:admin_only", - "create_network:provider:physical_network": "rule:admin_only", - "create_network:provider:segmentation_id": "rule:admin_only", - "update_network": "rule:admin_or_owner", - "update_network:segments": "rule:admin_only", - "update_network:shared": "rule:admin_only", - "update_network:provider:network_type": "rule:admin_only", - "update_network:provider:physical_network": "rule:admin_only", - "update_network:provider:segmentation_id": "rule:admin_only", - "update_network:router:external": "rule:admin_only", - "delete_network": "rule:admin_or_owner", - - "create_port": "", - "create_port:mac_address": "rule:admin_or_network_owner", - "create_port:fixed_ips": "rule:admin_or_network_owner", - "create_port:port_security_enabled": "rule:admin_or_network_owner", - "create_port:binding:host_id": "rule:admin_only", - "create_port:binding:profile": "rule:admin_only", - "create_port:mac_learning_enabled": "rule:admin_or_network_owner", - "get_port": "rule:admin_or_owner", - "get_port:queue_id": "rule:admin_only", - "get_port:binding:vif_type": "rule:admin_only", - "get_port:binding:vif_details": "rule:admin_only", - "get_port:binding:host_id": "rule:admin_only", - "get_port:binding:profile": "rule:admin_only", - "update_port": "rule:admin_or_owner", - "update_port:fixed_ips": "rule:admin_or_network_owner", - "update_port:port_security_enabled": "rule:admin_or_network_owner", - "update_port:binding:host_id": "rule:admin_only", - "update_port:binding:profile": "rule:admin_only", - "update_port:mac_learning_enabled": "rule:admin_or_network_owner", - "delete_port": "rule:admin_or_owner", - - "get_router:ha": "rule:admin_only", - "create_router": "rule:regular_user", - "create_router:external_gateway_info:enable_snat": "rule:admin_only", - "create_router:distributed": "rule:admin_only", - "create_router:ha": "rule:admin_only", - "get_router": "rule:admin_or_owner", - "get_router:distributed": "rule:admin_only", - "update_router:external_gateway_info:enable_snat": "rule:admin_only", - "update_router:distributed": "rule:admin_only", - "update_router:ha": "rule:admin_only", - "delete_router": "rule:admin_or_owner", - - "add_router_interface": "rule:admin_or_owner", - "remove_router_interface": "rule:admin_or_owner", - - "create_firewall": "", - "get_firewall": "rule:admin_or_owner", - "create_firewall:shared": "rule:admin_only", - "get_firewall:shared": "rule:admin_only", - "update_firewall": "rule:admin_or_owner", - "update_firewall:shared": "rule:admin_only", - "delete_firewall": "rule:admin_or_owner", - - "create_firewall_policy": "", - "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls", - "create_firewall_policy:shared": "rule:admin_or_owner", - "update_firewall_policy": "rule:admin_or_owner", - "delete_firewall_policy": "rule:admin_or_owner", - - "create_firewall_rule": "", - "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls", - "update_firewall_rule": "rule:admin_or_owner", - "delete_firewall_rule": "rule:admin_or_owner", - - "create_qos_queue": "rule:admin_only", - "get_qos_queue": "rule:admin_only", - - "update_agent": "rule:admin_only", - "delete_agent": "rule:admin_only", - "get_agent": "rule:admin_only", - - "create_dhcp-network": "rule:admin_only", - "delete_dhcp-network": "rule:admin_only", - "get_dhcp-networks": "rule:admin_only", - "create_l3-router": "rule:admin_only", - "delete_l3-router": "rule:admin_only", - "get_l3-routers": "rule:admin_only", - "get_dhcp-agents": "rule:admin_only", - "get_l3-agents": "rule:admin_only", - "get_loadbalancer-agent": "rule:admin_only", - "get_loadbalancer-pools": "rule:admin_only", - - "create_floatingip": "rule:regular_user", - "update_floatingip": "rule:admin_or_owner", - "delete_floatingip": "rule:admin_or_owner", - "get_floatingip": "rule:admin_or_owner", - - "create_network_profile": "rule:admin_only", - "update_network_profile": "rule:admin_only", - "delete_network_profile": "rule:admin_only", - "get_network_profiles": "", - "get_network_profile": "", - "update_policy_profiles": "rule:admin_only", - "get_policy_profiles": "", - "get_policy_profile": "", - - "create_metering_label": "rule:admin_only", - "delete_metering_label": "rule:admin_only", - "get_metering_label": "rule:admin_only", - - "create_metering_label_rule": "rule:admin_only", - "delete_metering_label_rule": "rule:admin_only", - "get_metering_label_rule": "rule:admin_only", - - "get_service_provider": "rule:regular_user", - "get_lsn": "rule:admin_only", - "create_lsn": "rule:admin_only" -} diff --git a/install-files/openstack/usr/share/openstack/neutron/vpn_agent.ini b/install-files/openstack/usr/share/openstack/neutron/vpn_agent.ini deleted file mode 100644 index c3089df9..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/vpn_agent.ini +++ /dev/null @@ -1,14 +0,0 @@ -[DEFAULT] -# VPN-Agent configuration file -# Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also - -[vpnagent] -# vpn device drivers which vpn agent will use -# If we want to use multiple drivers, we need to define this option multiple times. -# vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver -# vpn_device_driver=neutron.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver -# vpn_device_driver=another_driver - -[ipsec] -# Status check interval -# ipsec_status_check_interval=60 diff --git a/install-files/openstack/usr/share/openstack/nova-db.yml b/install-files/openstack/usr/share/openstack/nova-db.yml index e7dc5b10..800d6c4b 100644 --- a/install-files/openstack/usr/share/openstack/nova-db.yml +++ b/install-files/openstack/usr/share/openstack/nova-db.yml @@ -45,7 +45,6 @@ sudo_user: nova - name: Initiate nova database - nova_manage: - action: dbsync + command: nova-manage db sync sudo: yes sudo_user: nova diff --git a/install-files/openstack/usr/share/openstack/nova/api-paste.ini b/install-files/openstack/usr/share/openstack/nova/api-paste.ini deleted file mode 100644 index 2a825a5b..00000000 --- a/install-files/openstack/usr/share/openstack/nova/api-paste.ini +++ /dev/null @@ -1,118 +0,0 @@ -############ -# Metadata # -############ -[composite:metadata] -use = egg:Paste#urlmap -/: meta - -[pipeline:meta] -pipeline = ec2faultwrap logrequest metaapp - -[app:metaapp] -paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory - -####### -# EC2 # -####### - -[composite:ec2] -use = egg:Paste#urlmap -/services/Cloud: ec2cloud - -[composite:ec2cloud] -use = call:nova.api.auth:pipeline_factory -noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor -keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor - -[filter:ec2faultwrap] -paste.filter_factory = nova.api.ec2:FaultWrapper.factory - -[filter:logrequest] -paste.filter_factory = nova.api.ec2:RequestLogging.factory - -[filter:ec2lockout] -paste.filter_factory = nova.api.ec2:Lockout.factory - -[filter:ec2keystoneauth] -paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory - -[filter:ec2noauth] -paste.filter_factory = nova.api.ec2:NoAuth.factory - -[filter:cloudrequest] -controller = nova.api.ec2.cloud.CloudController -paste.filter_factory = nova.api.ec2:Requestify.factory - -[filter:authorizer] -paste.filter_factory = nova.api.ec2:Authorizer.factory - -[filter:validator] -paste.filter_factory = nova.api.ec2:Validator.factory - -[app:ec2executor] -paste.app_factory = nova.api.ec2:Executor.factory - -############# -# OpenStack # -############# - -[composite:osapi_compute] -use = call:nova.api.openstack.urlmap:urlmap_factory -/: oscomputeversions -/v1.1: openstack_compute_api_v2 -/v2: openstack_compute_api_v2 -/v3: openstack_compute_api_v3 - -[composite:openstack_compute_api_v2] -use = call:nova.api.auth:pipeline_factory -noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2 -keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2 -keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2 - -[composite:openstack_compute_api_v3] -use = call:nova.api.auth:pipeline_factory_v3 -noauth = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3 -keystone = request_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v3 - -[filter:request_id] -paste.filter_factory = nova.openstack.common.middleware.request_id:RequestIdMiddleware.factory - -[filter:compute_req_id] -paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory - -[filter:faultwrap] -paste.filter_factory = nova.api.openstack:FaultWrapper.factory - -[filter:noauth] -paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory - -[filter:noauth_v3] -paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareV3.factory - -[filter:ratelimit] -paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory - -[filter:sizelimit] -paste.filter_factory = nova.api.sizelimit:RequestBodySizeLimiter.factory - -[app:osapi_compute_app_v2] -paste.app_factory = nova.api.openstack.compute:APIRouter.factory - -[app:osapi_compute_app_v3] -paste.app_factory = nova.api.openstack.compute:APIRouterV3.factory - -[pipeline:oscomputeversions] -pipeline = faultwrap oscomputeversionapp - -[app:oscomputeversionapp] -paste.app_factory = nova.api.openstack.compute.versions:Versions.factory - -########## -# Shared # -########## - -[filter:keystonecontext] -paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/install-files/openstack/usr/share/openstack/nova/cells.json b/install-files/openstack/usr/share/openstack/nova/cells.json deleted file mode 100644 index cc74930d..00000000 --- a/install-files/openstack/usr/share/openstack/nova/cells.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parent": { - "name": "parent", - "api_url": "http://api.example.com:8774", - "transport_url": "rabbit://rabbit.example.com", - "weight_offset": 0.0, - "weight_scale": 1.0, - "is_parent": true - }, - "cell1": { - "name": "cell1", - "api_url": "http://api.example.com:8774", - "transport_url": "rabbit://rabbit1.example.com", - "weight_offset": 0.0, - "weight_scale": 1.0, - "is_parent": false - }, - "cell2": { - "name": "cell2", - "api_url": "http://api.example.com:8774", - "transport_url": "rabbit://rabbit2.example.com", - "weight_offset": 0.0, - "weight_scale": 1.0, - "is_parent": false - } -} diff --git a/install-files/openstack/usr/share/openstack/nova/logging.conf b/install-files/openstack/usr/share/openstack/nova/logging.conf deleted file mode 100644 index 5482a040..00000000 --- a/install-files/openstack/usr/share/openstack/nova/logging.conf +++ /dev/null @@ -1,81 +0,0 @@ -[loggers] -keys = root, nova - -[handlers] -keys = stderr, stdout, watchedfile, syslog, null - -[formatters] -keys = context, default - -[logger_root] -level = WARNING -handlers = null - -[logger_nova] -level = INFO -handlers = stderr -qualname = nova - -[logger_amqp] -level = WARNING -handlers = stderr -qualname = amqp - -[logger_amqplib] -level = WARNING -handlers = stderr -qualname = amqplib - -[logger_sqlalchemy] -level = WARNING -handlers = stderr -qualname = sqlalchemy -# "level = INFO" logs SQL queries. -# "level = DEBUG" logs SQL queries and results. -# "level = WARNING" logs neither. (Recommended for production systems.) - -[logger_boto] -level = WARNING -handlers = stderr -qualname = boto - -[logger_suds] -level = INFO -handlers = stderr -qualname = suds - -[logger_eventletwsgi] -level = WARNING -handlers = stderr -qualname = eventlet.wsgi.server - -[handler_stderr] -class = StreamHandler -args = (sys.stderr,) -formatter = context - -[handler_stdout] -class = StreamHandler -args = (sys.stdout,) -formatter = context - -[handler_watchedfile] -class = handlers.WatchedFileHandler -args = ('nova.log',) -formatter = context - -[handler_syslog] -class = handlers.SysLogHandler -args = ('/dev/log', handlers.SysLogHandler.LOG_USER) -formatter = context - -[handler_null] -class = nova.openstack.common.log.NullHandler -formatter = default -args = () - -[formatter_context] -class = nova.openstack.common.log.ContextFormatter - -[formatter_default] -format = %(message)s diff --git a/install-files/openstack/usr/share/openstack/nova/nova.conf b/install-files/openstack/usr/share/openstack/nova/nova.conf index 43343cdd..9fc10493 100644 --- a/install-files/openstack/usr/share/openstack/nova/nova.conf +++ b/install-files/openstack/usr/share/openstack/nova/nova.conf @@ -1,188 +1,68 @@ [DEFAULT] # -# Options defined in oslo.messaging +# From oslo.messaging # -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some -# distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} - -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - -# If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. (string value) +#rpc_zmq_bind_address = * # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker = oslo_messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 +#rpc_zmq_port = 9501 # Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 +#rpc_zmq_contexts = 1 -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> +# Maximum number of ingress messages to locally buffer per topic. Default is +# unlimited. (integer value) +#rpc_zmq_topic_backlog = <None> # Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack +#rpc_zmq_ipc_dir = /var/run/openstack -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=nova +# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match +# "host" option, if running Nova. (string value) +#rpc_zmq_host = localhost -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +# (integer value) +#rpc_cast_timeout = 30 # Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 +#matchmaker_heartbeat_freq = 300 # Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 +#matchmaker_heartbeat_ttl = 600 -# Size of RPC greenthread pool. (integer value) -#rpc_thread_pool_size=64 +# Size of RPC thread pool. (integer value) +#rpc_thread_pool_size = 64 -# Driver or drivers to handle sending notifications. (multi -# valued) -notification_driver=messagingv2 +# Driver or drivers to handle sending notifications. (multi valued) +notification_driver = messagingv2 # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics -#notification_topics=notifications +#notification_topics = notifications # Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 +#rpc_response_timeout = 60 -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -#transport_url=<None> +# A URL representing the messaging driver to use and its full configuration. If +# not set, we fall back to the rpc_backend option and driver specific +# configuration. (string value) +#transport_url = <None> -# The messaging driver to use, defaults to rabbit. Other -# drivers include qpid and zmq. (string value) -rpc_backend=rabbit +# The messaging driver to use, defaults to rabbit. Other drivers include qpid +# and zmq. (string value) +rpc_backend = rabbit -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -#control_exchange=openstack +# The default exchange under which topics are scoped. May be overridden by an +# exchange name specified in the transport_url option. (string value) +#control_exchange = openstack # @@ -243,6 +123,9 @@ rpc_backend=rabbit # IP address of this host (string value) my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +# Block storage IP address of this host (string value) +#my_block_storage_ip=$my_ip + # Name of this node. This can be an opaque identifier. It is # not necessarily a hostname, FQDN, or IP address. However, # the node name must be valid within an AMQP key, and if using @@ -325,7 +208,6 @@ state_path=/var/lib/nova #quota_injected_file_content_bytes=10240 # Length of injected file path (integer value) -# Deprecated group/name - [DEFAULT]/quota_injected_file_path_bytes #quota_injected_file_path_length=255 # Number of security groups per project (integer value) @@ -347,11 +229,18 @@ state_path=/var/lib/nova # value) #reservation_expire=86400 -# Count of reservations until usage is refreshed (integer -# value) +# Count of reservations until usage is refreshed. This +# defaults to 0(off) to avoid additional load but it is useful +# to turn on to help keep quota usage up to date and reduce +# the impact of out of sync usage issues. (integer value) #until_refresh=0 -# Number of seconds between subsequent usage refreshes +# Number of seconds between subsequent usage refreshes. This +# defaults to 0(off) to avoid additional load but it is useful +# to turn on to help keep quota usage up to date and reduce +# the impact of out of sync usage issues. Note that quotas are +# not updated on a periodic task, they will update on a new +# reservation if max_age has passed since the last reservation # (integer value) #max_age=0 @@ -444,14 +333,6 @@ compute_manager={{ COMPUTE_MANAGER }} # -# Options defined in nova.test -# - -# File name of clean sqlite db (string value) -#sqlite_clean_db=clean.sqlite - - -# # Options defined in nova.utils # @@ -515,6 +396,16 @@ api_paste_config=api-paste.ini # with big service catalogs). (integer value) #max_header_line=16384 +# If False, closes the client socket connection explicitly. +# (boolean value) +#wsgi_keep_alive=true + +# Timeout for client connections' socket operations. If an +# incoming connection is idle for this number of seconds it +# will be closed. A value of '0' means wait forever. (integer +# value) +#client_socket_timeout=900 + # # Options defined in nova.api.auth @@ -525,8 +416,12 @@ api_paste_config=api-paste.ini # v3 api. (boolean value) #api_rate_limit=false -# The strategy to use for auth: noauth or keystone. (string -# value) +# The strategy to use for auth: keystone, noauth +# (deprecated), or noauth2. Both noauth and noauth2 are +# designed for testing only, as they do no actual credential +# checking. noauth provides administrative credentials +# regardless of the passed in user, noauth2 only does if +# 'admin' is specified as the username. (string value) auth_strategy=keystone # Treat X-Forwarded-For as the canonical remote address. Only @@ -561,6 +456,9 @@ auth_strategy=keystone # Time in seconds before ec2 timestamp expires (integer value) #ec2_timestamp_expiry=300 +# Disable SSL certificate verification. (boolean value) +#keystone_ec2_insecure=false + # # Options defined in nova.api.ec2.cloud @@ -581,7 +479,7 @@ auth_strategy=keystone # The path prefix used to call the ec2 API server (string # value) -#ec2_path=/services/Cloud +#ec2_path=/ # List of region=fqdn pairs separated by commas (list value) #region_list= @@ -600,6 +498,19 @@ auth_strategy=keystone # +# Options defined in nova.api.metadata.handler +# + +# Time in seconds to cache metadata; 0 to disable metadata +# caching entirely (not recommended). Increasingthis should +# improve response times of the metadata API when under heavy +# load. Higher values may increase memoryusage and result in +# longer times for host metadata changes to take effect. +# (integer value) +#metadata_cache_expiration=15 + + +# # Options defined in nova.api.metadata.vendordata_json # @@ -640,7 +551,7 @@ auth_strategy=keystone # osapi_compute_extension option with # nova.api.openstack.compute.contrib.select_extensions (list # value) -osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions +#osapi_compute_ext_list= # @@ -666,13 +577,17 @@ osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # value) #neutron_default_tenant_id=default +# Number of private networks allowed per project (integer +# value) +#quota_networks=3 + # # Options defined in nova.api.openstack.compute.extensions # # osapi compute extension to load (multi valued) -#osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions +osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # @@ -696,15 +611,6 @@ osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # -# Options defined in nova.api.sizelimit -# - -# The maximum body size per each osapi request(bytes) (integer -# value) -#osapi_max_request_body_size=114688 - - -# # Options defined in nova.cert.rpcapi # @@ -807,7 +713,7 @@ osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # hostnames. To restore legacy behavior of every instance # having the same name, set this option to "%(name)s". Valid # keys for the template are: name, uuid, count. (string value) -#multi_instance_display_name_template=%(name)s-%(uuid)s +#multi_instance_display_name_template=%(name)s-%(count)d # Maximum number of devices that will result in a local image # being created on the hypervisor node. Setting this to 0 @@ -847,7 +753,7 @@ osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # Generate periodic compute.instance.exists notifications # (boolean value) -instance_usage_audit=True +instance_usage_audit= True # Number of 1 second retries needed in live_migration (integer # value) @@ -861,6 +767,10 @@ instance_usage_audit=True # (integer value) #network_allocate_retries=0 +# Maximum number of instance builds to run concurrently +# (integer value) +#max_concurrent_builds=10 + # Number of times to retry block device allocation on failures # (integer value) #block_device_allocate_retries=60 @@ -871,17 +781,15 @@ instance_usage_audit=True # Interval to pull network bandwidth usage info. Not supported # on all hypervisors. Set to -1 to disable. Setting this to 0 -# will disable, but this will change in the K release to mean -# "run at the default rate". (integer value) +# will run at the default rate. (integer value) #bandwidth_poll_interval=600 # Interval to sync power states between the database and the -# hypervisor. Set to -1 to disable. Setting this to 0 will -# disable, but this will change in Juno to mean "run at the -# default rate". (integer value) +# hypervisor. Set to -1 to disable. Setting this to 0 will run +# at the default rate. (integer value) #sync_power_state_interval=600 -# Number of seconds between instance info_cache self healing +# Number of seconds between instance network information cache # updates (integer value) #heal_instance_info_cache_interval=60 @@ -894,9 +802,8 @@ instance_usage_audit=True #volume_usage_poll_interval=0 # Interval in seconds for polling shelved instances to -# offload. Set to -1 to disable.Setting this to 0 will -# disable, but this will change in Juno to mean "run at the -# default rate". (integer value) +# offload. Set to -1 to disable.Setting this to 0 will run at +# the default rate. (integer value) #shelved_poll_interval=3600 # Time in seconds before a shelved instance is eligible for @@ -905,16 +812,24 @@ instance_usage_audit=True #shelved_offload_time=0 # Interval in seconds for retrying failed instance file -# deletes (integer value) +# deletes. Set to -1 to disable. Setting this to 0 will run at +# the default rate. (integer value) #instance_delete_interval=300 # Waiting time interval (seconds) between block device # allocation retries on failures (integer value) #block_device_allocate_retries_interval=3 -# Action to take if a running deleted instance is -# detected.Valid options are 'noop', 'log', 'shutdown', or -# 'reap'. Set to 'noop' to take no action. (string value) +# Waiting time interval (seconds) between sending the +# scheduler a list of current instance UUIDs to verify that +# its view of instances is in sync with nova. If the CONF +# option `scheduler_tracks_instance_changes` is False, +# changing this option will have no effect. (integer value) +#scheduler_instance_sync_interval=120 + +# Action to take if a running deleted instance is detected. +# Valid options are 'noop', 'log', 'shutdown', or 'reap'. Set +# to 'noop' to take no action. (string value) #running_deleted_instance_action=reap # Number of seconds to wait between runs of the cleanup task. @@ -932,7 +847,8 @@ instance_usage_audit=True #reboot_timeout=0 # Amount of time in seconds an instance can be in BUILD before -# going into ERROR status.Set to 0 to disable. (integer value) +# going into ERROR status. Set to 0 to disable. (integer +# value) #instance_build_timeout=0 # Automatically unrescue an instance after N seconds. Set to 0 @@ -1021,18 +937,6 @@ reserved_host_memory_mb={{ RESERVED_HOST_MEMORY_MB }} # -# Options defined in nova.console.vmrc -# - -# DEPRECATED. Port for VMware VMRC connections (integer value) -#console_vmrc_port=443 - -# DEPRECATED. Number of retries for retrieving VMRC -# information (integer value) -#console_vmrc_error_retries=10 - - -# # Options defined in nova.console.xvp # @@ -1251,7 +1155,7 @@ network_api_class=nova.network.neutronv2.api.API # servers. (boolean value) #use_network_dns_servers=false -# A list of dmz range that should be accepted (list value) +# A list of dmz ranges that should be accepted (list value) #dmz_cidr= # Traffic to this range will always be snatted to the fallback @@ -1291,12 +1195,12 @@ linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver # The port for the metadata API port (integer value) #metadata_port=8775 -# Regular expression to match iptables rule that should always -# be on the top. (string value) +# Regular expression to match the iptables rule that should +# always be on the top. (string value) #iptables_top_regex= -# Regular expression to match iptables rule that should always -# be on the bottom. (string value) +# Regular expression to match the iptables rule that should +# always be on the bottom. (string value) #iptables_bottom_regex= # The table that iptables to jump to when a packet is to be @@ -1312,6 +1216,14 @@ linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver # value) #fake_network=false +# Number of times to retry ebtables commands on failure. +# (integer value) +#ebtables_exec_attempts=3 + +# Number of seconds to wait between ebtables retries. +# (floating point value) +#ebtables_retry_interval=1.0 + # # Options defined in nova.network.manager @@ -1450,156 +1362,91 @@ security_group_api=neutron # -# Options defined in nova.openstack.common.eventlet_backdoor +# From oslo.log # -# Enable eventlet backdoor. Acceptable values are 0, <port>, -# and <start>:<end>, where 0 results in listening on a random -# tcp port number; <port> results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port=<None> - - -# -# Options defined in nova.openstack.common.lockutils -# - -# Enables or disables inter-process locks. (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. (string value) -lock_path=/var/lock/nova +# Print debugging output (set logging level to DEBUG instead of default WARNING +# level). (boolean value) +#debug = false +# Print more verbose output (set logging level to INFO instead of default +# WARNING level). (boolean value) +#verbose = false -# -# Options defined in nova.openstack.common.log -# - -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. (string value) +# The name of a logging configuration file. This file is appended to any +# existing logging configuration files. For details about logging configuration +# files, see the Python logging module documentation. (string value) # Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> +#log_config_append = <None> -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format=<None> +# DEPRECATED. A logging.Formatter log message format string which may use any +# of the available logging.LogRecord attributes. This option is deprecated. +# Please use logging_context_format_string and logging_default_format_string +# instead. (string value) +#log_format = <None> -# Format string for %%(asctime)s in log records. Default: -# %(default)s . (string value) -#log_date_format=%Y-%m-%d %H:%M:%S +# Format string for %%(asctime)s in log records. Default: %(default)s . (string +# value) +#log_date_format = %Y-%m-%d %H:%M:%S -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) +# (Optional) Name of log file to output to. If no default is set, logging will +# go to stdout. (string value) # Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> +#log_file = <None> -# (Optional) The base directory used for relative --log-file -# paths. (string value) +# (Optional) The base directory used for relative --log-file paths. (string +# value) # Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> +#log_dir = <None> -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and will change in J to honor RFC5424. (boolean -# value) -use_syslog=True +# Use syslog for logging. Existing syslog format is DEPRECATED during I, and +# will change in J to honor RFC5424. (boolean value) +use_syslog = True -# (Optional) Enables or disables syslog rfc5424 format for -# logging. If enabled, prefixes the MSG part of the syslog -# message with APP-NAME (RFC5424). The format without the APP- -# NAME is deprecated in I, and will be removed in J. (boolean -# value) -#use_syslog_rfc_format=false +# (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, +# prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The +# format without the APP-NAME is deprecated in I, and will be removed in J. +# (boolean value) +#use_syslog_rfc_format = false # Syslog facility to receive log lines. (string value) -#syslog_log_facility=LOG_USER +#syslog_log_facility = LOG_USER +# Log output to standard error. (boolean value) +#use_stderr = true -# -# Options defined in nova.openstack.common.memorycache -# +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s -# Memcached servers or None for in process cache. (list value) -#memcached_servers=<None> +# Format string to use for log messages without context. (string value) +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d -# -# Options defined in nova.openstack.common.periodic_task -# +# Prefix each line of exception output with this format. (string value) +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s -# Some periodic tasks can be run in a separate process. Should -# we run them here? (boolean value) -#run_external_periodic_tasks=true +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN +# Enables or disables publication of error events. (boolean value) +#publish_errors = false -# -# Options defined in nova.openstack.common.policy -# +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false -# The JSON file that defines policies. (string value) -#policy_file=policy.json +# The format for an instance that is passed with the log message. (string +# value) +#instance_format = "[instance: %(uuid)s] " -# Default rule. Enforced when a requested rule is not found. -# (string value) -#policy_default_rule=default +# The format for an instance UUID that is passed with the log message. (string +# value) +#instance_uuid_format = "[instance: %(uuid)s] " # -# Options defined in nova.pci.pci_request +# Options defined in nova.pci.request # # An alias for a PCI passthrough device requirement. This @@ -1613,7 +1460,7 @@ use_syslog=True # -# Options defined in nova.pci.pci_whitelist +# Options defined in nova.pci.whitelist # # White list of PCI devices available to VMs. For example: @@ -1728,8 +1575,8 @@ ram_allocation_ratio={{ RAM_ALLOCATION_RATIO }} # Filter classes available to the scheduler which may be # specified more than once. An entry of -# "nova.scheduler.filters.standard_filters" maps to all -# filters included with nova. (multi valued) +# "nova.scheduler.filters.all_filters" maps to all filters +# included with nova. (multi valued) #scheduler_available_filters=nova.scheduler.filters.all_filters # Which filter class names to use for filtering hosts when not @@ -1740,6 +1587,10 @@ scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFi # value) #scheduler_weight_classes=nova.scheduler.weights.all_weighers +# Determines if the Scheduler tracks changes to instances to +# help with its filtering decisions. (boolean value) +#scheduler_tracks_instance_changes=true + # # Options defined in nova.scheduler.ironic_host_manager @@ -1796,6 +1647,16 @@ scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # +# Options defined in nova.scheduler.weights.io_ops +# + +# Multiplier used for weighing host io ops. Negative numbers +# mean a preference to choose light workload compute hosts. +# (floating point value) +#io_ops_weight_multiplier=-1.0 + + +# # Options defined in nova.scheduler.weights.ram # @@ -1821,12 +1682,9 @@ scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # (string value) #config_drive_format=iso9660 -# DEPRECATED (not needed any more): Where to put temporary -# files associated with config drive creation (string value) -#config_drive_tempdir=<None> - -# Set to force injection to take place on a config drive (if -# set, valid options are: always) (string value) +# Set to "always" to force injection to take place on a config +# drive. NOTE: The "always" will be deprecated in the Liberty +# release cycle. (string value) #force_config_drive=<None> # Name and optionally path of the tool used for ISO image @@ -1919,9 +1777,8 @@ firewall_driver=nova.virt.firewall.NoopFirewallDriver # # Number of seconds to wait between runs of the image cache -# manager. Set to -1 to disable. Setting this to 0 will -# disable, but this will change in the K release to mean "run -# at the default rate". (integer value) +# manager. Set to -1 to disable. Setting this to 0 will run at +# the default rate. (integer value) #image_cache_manager_interval=2400 # Where cached images are stored under $instances_path. This @@ -2000,169 +1857,140 @@ vnc_keymap=en-us #volume_api_class=nova.volume.cinder.API -[baremetal] - # -# Options defined in nova.virt.baremetal.db.api +# Options defined in nova.openstack.common.eventlet_backdoor # -# The backend to use for bare-metal database (string value) -#db_backend=sqlalchemy +# Enable eventlet backdoor. Acceptable values are 0, <port>, +# and <start>:<end>, where 0 results in listening on a random +# tcp port number; <port> results in listening on the +# specified port number (and not enabling backdoor if that +# port is in use); and <start>:<end> results in listening on +# the smallest unused port number within the specified range +# of port numbers. The chosen port is displayed in the +# service's log file. (string value) +#backdoor_port=<None> # -# Options defined in nova.virt.baremetal.db.sqlalchemy.session +# Options defined in nova.openstack.common.memorycache # -# The SQLAlchemy connection string used to connect to the -# bare-metal database (string value) -#sql_connection=sqlite:///$state_path/baremetal_nova.sqlite +# Memcached servers or None for in process cache. (list value) +#memcached_servers=<None> # -# Options defined in nova.virt.baremetal.driver +# Options defined in nova.openstack.common.periodic_task # -# Baremetal VIF driver. (string value) -#vif_driver=nova.virt.baremetal.vif_driver.BareMetalVIFDriver - -# Baremetal volume driver. (string value) -#volume_driver=nova.virt.baremetal.volume_driver.LibvirtVolumeDriver - -# A list of additional capabilities corresponding to -# flavor_extra_specs for this compute host to advertise. Valid -# entries are name=value, pairs For example, "key1:val1, -# key2:val2" (list value) -#flavor_extra_specs= - -# Baremetal driver back-end (pxe or tilera) (string value) -#driver=nova.virt.baremetal.pxe.PXE - -# Baremetal power management method (string value) -#power_manager=nova.virt.baremetal.ipmi.IPMI - -# Baremetal compute node's tftp root path (string value) -#tftp_root=/tftpboot +# Some periodic tasks can be run in a separate process. Should +# we run them here? (boolean value) +#run_external_periodic_tasks=true # -# Options defined in nova.virt.baremetal.ipmi +# Options defined in nova.openstack.common.policy # -# Path to baremetal terminal program (string value) -#terminal=shellinaboxd - -# Path to baremetal terminal SSL cert(PEM) (string value) -#terminal_cert_dir=<None> +# The JSON file that defines policies. (string value) +#policy_file=policy.json -# Path to directory stores pidfiles of baremetal_terminal +# Default rule. Enforced when a requested rule is not found. # (string value) -#terminal_pid_dir=$state_path/baremetal/console +#policy_default_rule=default -# Maximal number of retries for IPMI operations (integer -# value) -#ipmi_power_retry=10 +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. The +# file defined by policy_file must exist for these directories +# to be searched. Missing or empty directories are ignored. +# (multi valued) +#policy_dirs=policy.d # -# Options defined in nova.virt.baremetal.pxe +# Options defined in nova.openstack.common.versionutils # -# Default kernel image ID used in deployment phase (string +# Enables or disables fatal status of deprecations. (boolean # value) -#deploy_kernel=<None> +#fatal_deprecations=false -# Default ramdisk image ID used in deployment phase (string -# value) -#deploy_ramdisk=<None> -# Template file for injected network config (string value) -#net_config_template=$pybasedir/nova/virt/baremetal/net-dhcp.ubuntu.template +[api_database] -# Additional append parameters for baremetal PXE boot (string -# value) -#pxe_append_params=nofb nomodeset vga=normal +# +# Options defined in nova.db.sqlalchemy.api +# -# Template file for PXE configuration (string value) -#pxe_config_template=$pybasedir/nova/virt/baremetal/pxe_config.template +# The SQLAlchemy connection string to use to connect to the +# Nova API database. (string value) +#connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova -# If True, enable file injection for network info, files and -# admin password (boolean value) -#use_file_injection=false +# If True, SQLite uses synchronous mode. (boolean value) +#sqlite_synchronous=true -# Timeout for PXE deployments. Default: 0 (unlimited) (integer +# Timeout before idle SQL connections are reaped. (integer # value) -#pxe_deploy_timeout=0 - -# If set, pass the network configuration details to the -# initramfs via cmdline. (boolean value) -#pxe_network_config=false - -# This gets passed to Neutron as the bootfile dhcp parameter. -# (string value) -#pxe_bootfile_name=pxelinux.0 +#idle_timeout=3600 +# Maximum number of SQL connections to keep open in a pool. +# (integer value) +#max_pool_size=<None> -# -# Options defined in nova.virt.baremetal.tilera_pdu -# +# Maximum number of database connection retries during +# startup. Set to -1 to specify an infinite retry count. +# (integer value) +#max_retries=10 -# IP address of tilera pdu (string value) -#tile_pdu_ip=10.0.100.1 +# Interval between retries of opening a SQL connection. +# (integer value) +#retry_interval=10 -# Management script for tilera pdu (string value) -#tile_pdu_mgr=/tftpboot/pdu_mgr +# If set, use this value for max_overflow with SQLAlchemy. +# (integer value) +#max_overflow=<None> -# Power status of tilera PDU is OFF (integer value) -#tile_pdu_off=2 +# Verbosity of SQL debugging information: 0=None, +# 100=Everything. (integer value) +#connection_debug=0 -# Power status of tilera PDU is ON (integer value) -#tile_pdu_on=1 +# Add Python stack traces to SQL as comment strings. (boolean +# value) +#connection_trace=false -# Power status of tilera PDU (integer value) -#tile_pdu_status=9 +# If set, use this value for pool_timeout with SQLAlchemy. +# (integer value) +#pool_timeout=<None> -# Wait time in seconds until check the result after tilera -# power operations (integer value) -#tile_power_wait=9 +[barbican] # -# Options defined in nova.virt.baremetal.virtual_power_driver +# Options defined in nova.keymgr.barbican # -# IP or name to virtual power host (string value) -#virtual_power_ssh_host= - -# Port to use for ssh to virtual power host (integer value) -#virtual_power_ssh_port=22 - -# Base command to use for virtual power(vbox, virsh) (string -# value) -#virtual_power_type=virsh - -# User to execute virtual power commands as (string value) -#virtual_power_host_user= +# Info to match when looking for barbican in the service +# catalog. Format is: separated values of the form: +# <service_type>:<service_name>:<endpoint_type> (string value) +#catalog_info=key-manager:barbican:public -# Password for virtual power host_user (string value) -#virtual_power_host_pass= +# Override service catalog lookup with template for barbican +# endpoint e.g. http://localhost:9311/v1/%(project_id)s +# (string value) +#endpoint_template=<None> -# The ssh key for virtual power host_user (string value) -#virtual_power_host_key=<None> +# Region name of this node (string value) +#os_region_name=<None> # -# Options defined in nova.virt.baremetal.volume_driver +# Options defined in nova.volume.cinder # -# Do not set this out of dev/test environments. If a node does -# not have a fixed PXE IP address, volumes are exported with -# globally opened ACL (boolean value) -#use_unsafe_iscsi=false - -# The iSCSI IQN prefix used in baremetal volume connections. -# (string value) -#iscsi_iqn_prefix=iqn.2010-10.org.openstack.baremetal +# Region name of this node (string value) +#os_region_name=<None> [cells] @@ -2321,41 +2149,19 @@ vnc_keymap=en-us # Info to match when looking for cinder in the service # catalog. Format is: separated values of the form: # <service_type>:<service_name>:<endpoint_type> (string value) -# Deprecated group/name - [DEFAULT]/cinder_catalog_info -#catalog_info=volume:cinder:publicURL +#catalog_info=volumev2:cinderv2:publicURL # Override service catalog lookup with template for cinder # endpoint e.g. http://localhost:8776/v1/%(project_id)s # (string value) -# Deprecated group/name - [DEFAULT]/cinder_endpoint_template #endpoint_template=<None> -# Region name of this node (string value) -# Deprecated group/name - [DEFAULT]/os_region_name -#os_region_name=<None> - -# Location of ca certificates file to use for cinder client -# requests. (string value) -# Deprecated group/name - [DEFAULT]/cinder_ca_certificates_file -#ca_certificates_file=<None> - # Number of cinderclient retries on failed http calls (integer # value) -# Deprecated group/name - [DEFAULT]/cinder_http_retries #http_retries=3 -# HTTP inactivity timeout (in seconds) (integer value) -# Deprecated group/name - [DEFAULT]/cinder_http_timeout -#http_timeout=<None> - -# Allow to perform insecure SSL requests to cinder (boolean -# value) -# Deprecated group/name - [DEFAULT]/cinder_api_insecure -#api_insecure=false - # Allow attach between instance and volume in different # availability zones. (boolean value) -# Deprecated group/name - [DEFAULT]/cinder_cross_az_attach #cross_az_attach=true @@ -2380,6 +2186,123 @@ use_local=true #workers=<None> +[database] + +# +# From oslo.db +# + +# The file name to use with SQLite. (string value) +# Deprecated group/name - [DEFAULT]/sqlite_db +#sqlite_db = oslo.sqlite + +# If True, SQLite uses synchronous mode. (boolean value) +# Deprecated group/name - [DEFAULT]/sqlite_synchronous +#sqlite_synchronous = true + +# The back end to use for the database. (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend = sqlalchemy + +# The SQLAlchemy connection string to use to connect to the database. (string +# value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +#connection = <None> +connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova + +# The SQLAlchemy connection string to use to connect to the slave database. +# (string value) +#slave_connection = <None> + +# The SQL mode to be used for MySQL sessions. This option, including the +# default, overrides any server-set SQL mode. To use whatever SQL mode is set +# by the server configuration, set this to no value. Example: mysql_sql_mode= +# (string value) +#mysql_sql_mode = TRADITIONAL + +# Timeout before idle SQL connections are reaped. (integer value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout = 3600 + +# Minimum number of SQL connections to keep open in a pool. (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size = <None> + +# Maximum number of database connection retries during startup. Set to -1 to +# specify an infinite retry count. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries = 10 + +# Interval between retries of opening a SQL connection. (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval = 10 + +# If set, use this value for max_overflow with SQLAlchemy. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow = <None> + +# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug = 0 + +# Add Python stack traces to SQL as comment strings. (boolean value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace = false + +# If set, use this value for pool_timeout with SQLAlchemy. (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout = <None> + +# Enable the experimental use of database reconnect on connection lost. +# (boolean value) +#use_db_reconnect = false + +# Seconds between retries of a database transaction. (integer value) +#db_retry_interval = 1 + +# If True, increases the interval between retries of a database operation up to +# db_max_retry_interval. (boolean value) +#db_inc_retry_interval = true + +# If db_inc_retry_interval is set, the maximum seconds between retries of a +# database operation. (integer value) +#db_max_retry_interval = 10 + +# Maximum retries in case of connection error or deadlock error before error is +# raised. Set to -1 to specify an infinite retry count. (integer value) +#db_max_retries = 20 + + +# +# Options defined in nova.db.sqlalchemy.api +# + +# The SQLAlchemy connection string to use to connect to the +# slave database. (string value) +#slave_connection=<None> + +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode=TRADITIONAL + + [ephemeral_storage_encryption] # @@ -2408,32 +2331,26 @@ use_local=true # # Default glance hostname or IP address (string value) -# Deprecated group/name - [DEFAULT]/glance_host host={{ CONTROLLER_HOST_ADDRESS }} # Default glance port (integer value) -# Deprecated group/name - [DEFAULT]/glance_port port=9292 # Default protocol to use when connecting to glance. Set to # https for SSL. (string value) -# Deprecated group/name - [DEFAULT]/glance_protocol protocol=http # A list of the glance api servers available to nova. Prefix # with https:// for ssl-based glance api servers. # ([hostname|ip]:port) (list value) -# Deprecated group/name - [DEFAULT]/glance_api_servers api_servers=$host:$port # Allow to perform insecure SSL (https) requests to glance # (boolean value) -# Deprecated group/name - [DEFAULT]/glance_api_insecure #api_insecure=false -# Number of retries when downloading an image from glance -# (integer value) -# Deprecated group/name - [DEFAULT]/glance_num_retries +# Number of retries when uploading / downloading an image to / +# from glance. (integer value) #num_retries=0 # A list of url scheme that can be downloaded directly via the @@ -2442,6 +2359,16 @@ api_servers=$host:$port #allowed_direct_url_schemes= +[guestfs] + +# +# Options defined in nova.virt.disk.vfs.guestfs +# + +# Enable guestfs debug (boolean value) +#debug=false + + [hyperv] # @@ -2575,7 +2502,8 @@ admin_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 # Log level override for ironicclient. Set this in order to # override the global "default_log_levels", "verbose", and -# "debug" settings. (string value) +# "debug" settings. DEPRECATED: use standard logging +# configuration. (string value) #client_log_level=<None> # Ironic keystone tenant name. (string value) @@ -2613,182 +2541,161 @@ admin_tenant_name=service [keystone_authtoken] # -# Options defined in keystonemiddleware.auth_token +# From keystonemiddleware.auth_token # -# Prefix to prepend at the beginning of the path. Deprecated, -# use identity_uri. (string value) -#auth_admin_prefix= - -# Host providing the admin Identity API endpoint. Deprecated, -# use identity_uri. (string value) -#auth_host=127.0.0.1 +# Complete public Identity API endpoint. (string value) +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -auth_port=35357 +# API version of the admin Identity API endpoint. (string value) +auth_version = v2.0 -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -auth_protocol=http +# Do not handle authorization requests within the middleware, but delegate the +# authorization decision to downstream WSGI components. (boolean value) +#delay_auth_decision = false -# Complete public Identity API endpoint (string value) -auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 - -# Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint e.g. https://localhost:35357/ -# (string value) -identity_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:35357 - -# API version of the admin Identity API endpoint (string +# Request timeout value for communicating with Identity API server. (integer # value) -auth_version=v2.0 - -# Do not handle authorization requests within the middleware, -# but delegate the authorization decision to downstream WSGI -# components (boolean value) -#delay_auth_decision=false +#http_connect_timeout = <None> -# Request timeout value for communicating with Identity API -# server. (boolean value) -#http_connect_timeout=<None> +# How many times are we trying to reconnect when communicating with Identity +# API Server. (integer value) +#http_request_max_retries = 3 -# How many times are we trying to reconnect when communicating -# with Identity API Server. (integer value) -#http_request_max_retries=3 +# Env key for the swift cache. (string value) +#cache = <None> -# This option is deprecated and may be removed in a future -# release. Single shared secret with the Keystone -# configuration used for bootstrapping a Keystone -# installation, or otherwise bypassing the normal -# authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token=<None> +# Required if identity server requires client certificate (string value) +#certfile = <None> -# Keystone account username (string value) -admin_user={{ NOVA_SERVICE_USER }} - -# Keystone account password (string value) -admin_password={{ NOVA_SERVICE_PASSWORD }} - -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name=service +# Required if identity server requires client certificate (string value) +#keyfile = <None> -# Env key for the swift cache (string value) -#cache=<None> - -# Required if Keystone server requires client certificate -# (string value) -#certfile=<None> - -# Required if Keystone server requires client certificate -# (string value) -#keyfile=<None> - -# A PEM encoded Certificate Authority to use when verifying -# HTTPs connections. Defaults to system CAs. (string value) -#cafile=<None> +# A PEM encoded Certificate Authority to use when verifying HTTPs connections. +# Defaults to system CAs. (string value) +#cafile = <None> # Verify HTTPS connections. (boolean value) -#insecure=false +#insecure = false -# Directory used to cache files related to PKI tokens (string -# value) -#signing_dir=<None> +# Directory used to cache files related to PKI tokens. (string value) +#signing_dir = <None> -# Optionally specify a list of memcached server(s) to use for -# caching. If left undefined, tokens will instead be cached -# in-process. (list value) +# Optionally specify a list of memcached server(s) to use for caching. If left +# undefined, tokens will instead be cached in-process. (list value) # Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers=<None> +#memcached_servers = <None> -# In order to prevent excessive effort spent validating -# tokens, the middleware caches previously-seen tokens for a -# configurable duration (in seconds). Set to -1 to disable -# caching completely. (integer value) -#token_cache_time=300 +# In order to prevent excessive effort spent validating tokens, the middleware +# caches previously-seen tokens for a configurable duration (in seconds). Set +# to -1 to disable caching completely. (integer value) +#token_cache_time = 300 -# Determines the frequency at which the list of revoked tokens -# is retrieved from the Identity service (in seconds). A high -# number of revocation events combined with a low cache -# duration may significantly reduce performance. (integer -# value) -#revocation_cache_time=10 +# Determines the frequency at which the list of revoked tokens is retrieved +# from the Identity service (in seconds). A high number of revocation events +# combined with a low cache duration may significantly reduce performance. +# (integer value) +#revocation_cache_time = 10 -# (optional) if defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable -# values are MAC or ENCRYPT. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token -# data is encrypted and authenticated in the cache. If the -# value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -#memcache_security_strategy=<None> +# (Optional) If defined, indicate whether token data should be authenticated or +# authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, +# token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data +# is encrypted and authenticated in the cache. If the value is not one of these +# options or empty, auth_token will raise an exception on initialization. +# (string value) +#memcache_security_strategy = <None> + +# (Optional, mandatory if memcache_security_strategy is defined) This string is +# used for key derivation. (string value) +#memcache_secret_key = <None> + +# (Optional) Number of seconds memcached server is considered dead before it is +# tried again. (integer value) +#memcache_pool_dead_retry = 300 + +# (Optional) Maximum total number of open connections to every memcached +# server. (integer value) +#memcache_pool_maxsize = 10 + +# (Optional) Socket timeout in seconds for communicating with a memcache +# server. (integer value) +#memcache_pool_socket_timeout = 3 + +# (Optional) Number of seconds a connection to memcached is held unused in the +# pool before it is closed. (integer value) +#memcache_pool_unused_timeout = 60 + +# (Optional) Number of seconds that an operation will wait to get a memcache +# client connection from the pool. (integer value) +#memcache_pool_conn_get_timeout = 10 + +# (Optional) Use the advanced (eventlet safe) memcache client pool. The +# advanced pool will only work under python 2.x. (boolean value) +#memcache_use_advanced_pool = false + +# (Optional) Indicate whether to set the X-Service-Catalog header. If False, +# middleware will not ask for service catalog on token validation and will not +# set the X-Service-Catalog header. (boolean value) +#include_service_catalog = true + +# Used to control the use and type of token binding. Can be set to: "disabled" +# to not check token binding. "permissive" (default) to validate binding +# information if the bind type is of a form known to the server and ignore it +# if not. "strict" like "permissive" but if the bind type is unknown the token +# will be rejected. "required" any form of token binding is needed to be +# allowed. Finally the name of a binding method that must be present in tokens. +# (string value) +#enforce_token_bind = permissive + +# If true, the revocation list will be checked for cached tokens. This requires +# that PKI tokens are configured on the identity server. (boolean value) +#check_revocations_for_cached = false + +# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm +# or multiple. The algorithms are those supported by Python standard +# hashlib.new(). The hashes will be tried in the order given, so put the +# preferred one first for performance. The result of the first hash will be +# stored in the cache. This will typically be set to multiple values only while +# migrating from a less secure algorithm to a more secure one. Once all the old +# tokens are expired this option should be set to a single value for better +# performance. (list value) +#hash_algorithms = md5 + +# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. +# (string value) +#auth_admin_prefix = -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string -# value) -#memcache_secret_key=<None> +# Host providing the admin Identity API endpoint. Deprecated, use identity_uri. +# (string value) +#auth_host = 127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use identity_uri. +# (integer value) +#auth_port = 35357 -# (optional) number of seconds memcached server is considered -# dead before it is tried again. (integer value) -#memcache_pool_dead_retry=300 +# Protocol of the admin Identity API endpoint (http or https). Deprecated, use +# identity_uri. (string value) +#auth_protocol = https -# (optional) max total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize=10 +# Complete admin Identity API endpoint. This should specify the unversioned +# root endpoint e.g. https://localhost:35357/ (string value) +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 -# (optional) socket timeout in seconds for communicating with -# a memcache server. (integer value) -#memcache_pool_socket_timeout=3 +# This option is deprecated and may be removed in a future release. Single +# shared secret with the Keystone configuration used for bootstrapping a +# Keystone installation, or otherwise bypassing the normal authentication +# process. This option should not be used, use `admin_user` and +# `admin_password` instead. (string value) +#admin_token = <None> -# (optional) number of seconds a connection to memcached is -# held unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout=60 +# Service username. (string value) +admin_user = {{ NOVA_SERVICE_USER }} -# (optional) number of seconds that an operation will wait to -# get a memcache client connection from the pool. (integer -# value) -#memcache_pool_conn_get_timeout=10 +# Service user password. (string value) +admin_password = {{ NOVA_SERVICE_PASSWORD }} -# (optional) use the advanced (eventlet safe) memcache client -# pool. The advanced pool will only work under python 2.x. -# (boolean value) -#memcache_use_advanced_pool=false - -# (optional) indicate whether to set the X-Service-Catalog -# header. If False, middleware will not ask for service -# catalog on token validation and will not set the X-Service- -# Catalog header. (boolean value) -#include_service_catalog=true - -# Used to control the use and type of token binding. Can be -# set to: "disabled" to not check token binding. "permissive" -# (default) to validate binding information if the bind type -# is of a form known to the server and ignore it if not. -# "strict" like "permissive" but if the bind type is unknown -# the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string -# value) -#enforce_token_bind=permissive - -# If true, the revocation list will be checked for cached -# tokens. This requires that PKI tokens are configured on the -# Keystone server. (boolean value) -#check_revocations_for_cached=false - -# Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those -# supported by Python standard hashlib.new(). The hashes will -# be tried in the order given, so put the preferred one first -# for performance. The result of the first hash will be stored -# in the cache. This will typically be set to multiple values -# only while migrating from a less secure algorithm to a more -# secure one. Once all the old tokens are expired this option -# should be set to a single value for better performance. -# (list value) -#hash_algorithms=md5 +# Service tenant name. (string value) +admin_tenant_name = service [libvirt] @@ -2808,7 +2715,7 @@ admin_tenant_name=service #rescue_ramdisk_id=<None> # Libvirt domain type (valid options are: kvm, lxc, qemu, uml, -# xen) (string value) +# xen and parallels) (string value) virt_type={{ NOVA_VIRT_TYPE }} # Override the default libvirt URI (which is dependent on @@ -2849,11 +2756,6 @@ virt_type={{ NOVA_VIRT_TYPE }} # vdi). Defaults to same as source image (string value) #snapshot_image_format=<None> -# DEPRECATED. Libvirt handlers for remote volumes. This option -# is deprecated and will be removed in the Kilo release. (list -# value) -#volume_drivers=iscsi=nova.virt.libvirt.volume.LibvirtISCSIVolumeDriver,iser=nova.virt.libvirt.volume.LibvirtISERVolumeDriver,local=nova.virt.libvirt.volume.LibvirtVolumeDriver,fake=nova.virt.libvirt.volume.LibvirtFakeVolumeDriver,rbd=nova.virt.libvirt.volume.LibvirtNetVolumeDriver,sheepdog=nova.virt.libvirt.volume.LibvirtNetVolumeDriver,nfs=nova.virt.libvirt.volume.LibvirtNFSVolumeDriver,aoe=nova.virt.libvirt.volume.LibvirtAOEVolumeDriver,glusterfs=nova.virt.libvirt.volume.LibvirtGlusterfsVolumeDriver,fibre_channel=nova.virt.libvirt.volume.LibvirtFibreChannelVolumeDriver,scality=nova.virt.libvirt.volume.LibvirtScalityVolumeDriver - # Override the default disk prefix for the devices attached to # a server, which is dependent on virt_type. (valid options # are: sd, xvd, uvd, vd) (string value) @@ -2939,14 +2841,6 @@ virt_type={{ NOVA_VIRT_TYPE }} # flag is set to True. (boolean value) #sparse_logical_volumes=false -# Method used to wipe old volumes (valid options are: none, -# zero, shred) (string value) -#volume_clear=zero - -# Size in MiB to wipe at start of old volumes. 0 => all -# (integer value) -#volume_clear_size=0 - # The RADOS pool in which rbd volumes are stored (string # value) #images_rbd_pool=rbd @@ -2986,6 +2880,19 @@ virt_type={{ NOVA_VIRT_TYPE }} # +# Options defined in nova.virt.libvirt.lvm +# + +# Method used to wipe old volumes (valid options are: none, +# zero, shred) (string value) +#volume_clear=zero + +# Size in MiB to wipe at start of old volumes. 0 => all +# (integer value) +#volume_clear_size=0 + + +# # Options defined in nova.virt.libvirt.utils # @@ -3027,10 +2934,19 @@ virt_type={{ NOVA_VIRT_TYPE }} # node (string value) #nfs_mount_point_base=$state_path/mnt -# Mount options passedf to the NFS client. See section of the +# Mount options passed to the NFS client. See section of the # nfs man page for details (string value) #nfs_mount_options=<None> +# Directory where the SMBFS shares are mounted on the compute +# node (string value) +#smbfs_mount_point_base=$state_path/mnt + +# Mount options passed to the SMBFS client. See mount.cifs man +# page for details. Note that the libvirt-qemu uid and gid +# must be specified. (string value) +#smbfs_mount_options= + # Number of times to rediscover AoE target to find volume # (integer value) #num_aoe_discover_tries=3 @@ -3056,32 +2972,20 @@ virt_type={{ NOVA_VIRT_TYPE }} # Currently supported protocols: [gluster] (list value) #qemu_allowed_storage_drivers= +# Directory where the Quobyte volume is mounted on the compute +# node (string value) +#quobyte_mount_point_base=$state_path/mnt -[matchmaker_redis] - -# -# Options defined in oslo.messaging -# - -# Host to locate redis. (string value) -#host=127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port=6379 - -# Password for Redis server (optional). (string value) -#password=<None> - - -[matchmaker_ring] - -# -# Options defined in oslo.messaging -# +# Path to a Quobyte Client configuration file. (string value) +#quobyte_client_cfg=<None> -# Matchmaker ring file (JSON). (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json +# The iSCSI transport iface to use to connect to target in +# case offload support is desired. Supported transports are +# be2iscsi, bnx2i, cxgb3i, cxgb4i, qla4xxx and ocs. Default +# format is transport_name.hwaddress and can be generated +# manually or via iscsiadm -m iface (string value) +# Deprecated group/name - [DEFAULT]/iscsi_transport +#iscsi_iface=<None> [metrics] @@ -3125,12 +3029,10 @@ virt_type={{ NOVA_VIRT_TYPE }} # Set flag to indicate Neutron will proxy metadata requests # and resolve instance ids. (boolean value) -# Deprecated group/name - [DEFAULT]/service_neutron_metadata_proxy service_metadata_proxy=True # Shared secret to validate proxies Neutron metadata requests # (string value) -# Deprecated group/name - [DEFAULT]/neutron_metadata_proxy_shared_secret metadata_proxy_shared_secret={{ METADATA_PROXY_SHARED_SECRET }} @@ -3139,76 +3041,64 @@ metadata_proxy_shared_secret={{ METADATA_PROXY_SHARED_SECRET }} # # URL for connecting to neutron (string value) -# Deprecated group/name - [DEFAULT]/neutron_url url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 -# Timeout value for connecting to neutron in seconds (integer -# value) -# Deprecated group/name - [DEFAULT]/neutron_url_timeout -#url_timeout=30 - -# User id for connecting to neutron in admin context (string -# value) +# User id for connecting to neutron in admin context. +# DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) #admin_user_id=<None> -# Username for connecting to neutron in admin context (string -# value) -# Deprecated group/name - [DEFAULT]/neutron_admin_username +# Username for connecting to neutron in admin context +# DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) admin_username={{ NEUTRON_SERVICE_USER }} -# Password for connecting to neutron in admin context (string -# value) -# Deprecated group/name - [DEFAULT]/neutron_admin_password +# Password for connecting to neutron in admin context +# DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) admin_password={{ NEUTRON_SERVICE_PASSWORD }} -# Tenant id for connecting to neutron in admin context (string -# value) -# Deprecated group/name - [DEFAULT]/neutron_admin_tenant_id +# Tenant id for connecting to neutron in admin context +# DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) #admin_tenant_id=<None> # Tenant name for connecting to neutron in admin context. This # option will be ignored if neutron_admin_tenant_id is set. # Note that with Keystone V3 tenant names are only unique -# within a domain. (string value) -# Deprecated group/name - [DEFAULT]/neutron_admin_tenant_name +# within a domain. DEPRECATED: specify an auth_plugin and +# appropriate credentials instead. (string value) admin_tenant_name=service # Region name for connecting to neutron in admin context # (string value) -# Deprecated group/name - [DEFAULT]/neutron_region_name #region_name=<None> -# Authorization URL for connecting to neutron in admin context -# (string value) -# Deprecated group/name - [DEFAULT]/neutron_admin_auth_url +# Authorization URL for connecting to neutron in admin +# context. DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) admin_auth_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 -# If set, ignore any SSL validation issues (boolean value) -# Deprecated group/name - [DEFAULT]/neutron_api_insecure -#api_insecure=false - # Authorization strategy for connecting to neutron in admin -# context (string value) -# Deprecated group/name - [DEFAULT]/neutron_auth_strategy +# context. DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. If an auth_plugin is specified strategy +# will be ignored. (string value) auth_strategy=keystone # Name of Integration Bridge used by Open vSwitch (string # value) -# Deprecated group/name - [DEFAULT]/neutron_ovs_bridge #ovs_bridge=br-int # Number of seconds before querying neutron for extensions # (integer value) -# Deprecated group/name - [DEFAULT]/neutron_extension_sync_interval #extension_sync_interval=600 -# Location of CA certificates file to use for neutron client -# requests. (string value) -# Deprecated group/name - [DEFAULT]/neutron_ca_certificates_file -#ca_certificates_file=<None> - -# Allow an instance to have multiple vNICs attached to the -# same Neutron network. (boolean value) +# DEPRECATED: Allow an instance to have multiple vNICs +# attached to the same Neutron network. This option is +# deprecated in the 2015.1 release and will be removed in the +# 2015.2 release where the default behavior will be to always +# allow multiple ports from the same network to be attached to +# an instance. (boolean value) #allow_duplicate_networks=false @@ -3289,12 +3179,10 @@ enabled=false # # Host on which to listen for incoming requests (string value) -# Deprecated group/name - [DEFAULT]/spicehtml5proxy_host #html5proxy_host=0.0.0.0 # Port on which to listen for incoming requests (integer # value) -# Deprecated group/name - [DEFAULT]/spicehtml5proxy_port #html5proxy_port=6082 @@ -3473,6 +3361,20 @@ enabled=false # Options defined in nova.virt.vmwareapi.driver # +# The PBM status. (boolean value) +#pbm_enabled=false + +# PBM service WSDL file location URL. e.g. +# file:///opt/SDK/spbm/wsdl/pbmService.wsdl Not setting this +# will disable storage policy based placement of instances. +# (string value) +#pbm_wsdl_location=<None> + +# The PBM default policy. If pbm_wsdl_location is set and +# there is no defined storage policy for the specific request +# then this policy will be used. (string value) +#pbm_default_policy=<None> + # Hostname or IP address for connection to VMware VC host. # (string value) #host_ip=<None> @@ -3541,6 +3443,42 @@ enabled=false #maximum_objects=100 +# +# Options defined in nova.virt.vmwareapi.vmops +# + +# The prefix for Where cached images are stored. This is NOT +# the full path - just a folder prefix. This should only be +# used when a datastore cache should be shared between compute +# nodes. Note: this should only be used when the compute nodes +# have a shared file system. (string value) +#cache_prefix=<None> + + +[workarounds] + +# +# Options defined in nova.utils +# + +# This option allows a fallback to sudo for performance +# reasons. For example see +# https://bugs.launchpad.net/nova/+bug/1415106 (boolean value) +#disable_rootwrap=false + +# When using libvirt 1.2.2 fails live snapshots intermittently +# under load. This config option provides mechanism to +# disable livesnapshot while this is resolved. See +# https://bugs.launchpad.net/nova/+bug/1334398 (boolean value) +#disable_libvirt_livesnapshot=true + +# Whether to destroy instances on startup when we suspect they +# have previously been evacuated. This can result in data loss +# if undesired. See https://launchpad.net/bugs/1419785 +# (boolean value) +#destroy_after_evacuate=true + + [xenserver] # @@ -3736,7 +3674,8 @@ enabled=false # rsynced (boolean value) #sparse_copy=true -# Maximum number of retries to unplug VBD (integer value) +# Maximum number of retries to unplug VBD. if <=0, should try +# once and no retry (integer value) #num_vbd_unplug_retries=10 # Whether or not to download images via Bit Torrent @@ -3802,8 +3741,268 @@ enabled=false # (integer value) #sg_retry_interval=5 -[database] -# The SQLAlchemy connection string to use to connect to the -# database. (string value) -connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova +[matchmaker_redis] + +# +# From oslo.messaging +# + +# Host to locate redis. (string value) +#host = 127.0.0.1 + +# Use this port to connect to redis host. (integer value) +#port = 6379 + +# Password for Redis server (optional). (string value) +#password = <None> + + +[matchmaker_ring] + +# +# From oslo.messaging +# + +# Matchmaker ring file (JSON). (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +#ringfile = /etc/oslo/matchmaker_ring.json + + +[oslo_concurrency] + +# +# From oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +# Deprecated group/name - [DEFAULT]/disable_process_locking +#disable_process_locking = false + +# Directory to use for lock files. For security, the specified directory +# should only be writable by the user running the processes that need locking. +# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, +# a lock path must be set. (string value) +# Deprecated group/name - [DEFAULT]/lock_path +lock_path = /var/lock/nova + + +[oslo_messaging_amqp] + +# +# From oslo.messaging +# + +# address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +#server_request_prefix = exclusive + +# address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +#broadcast_prefix = broadcast + +# address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +#group_request_prefix = unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +#container_name = <None> + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +#idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +#trace = false + +# CA certificate PEM file for verifing server certificate (string value) +# Deprecated group/name - [amqp1]/ssl_ca_file +#ssl_ca_file = + +# Identifying certificate PEM file to present to clients (string value) +# Deprecated group/name - [amqp1]/ssl_cert_file +#ssl_cert_file = + +# Private key PEM file used to sign cert_file certificate (string value) +# Deprecated group/name - [amqp1]/ssl_key_file +#ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +#ssl_key_password = <None> + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +#allow_insecure_clients = false + + +[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +#qpid_hostname = localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +#qpid_port = 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +#qpid_hosts = $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +#qpid_username = + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +#qpid_password = + +# Space separated list of SASL mechanisms to use for auth. (string value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +#qpid_sasl_mechanisms = + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +#qpid_heartbeat = 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +#qpid_protocol = tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +#qpid_tcp_nodelay = true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +#qpid_receiver_capacity = 1 + +# The qpid topology version to use. Version 1 is what was originally used by +# impl_qpid. Version 2 includes some backwards-incompatible changes that allow +# broker federation to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +#qpid_topology_version = 1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and +# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some +# distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +#kombu_ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +#kombu_ssl_keyfile = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +#kombu_ssl_certfile = + +# SSL certification authority file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +#kombu_ssl_ca_certs = + +# How long to wait before reconnecting in response to an AMQP consumer cancel +# notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +#kombu_reconnect_delay = 1.0 + +# The RabbitMQ broker address where a single node is used. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_host +rabbit_host = {{ RABBITMQ_HOST }} + +# The RabbitMQ broker port where a single node is used. (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_port +rabbit_port = {{ RABBITMQ_PORT }} + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +#rabbit_hosts = $rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +rabbit_use_ssl = false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +rabbit_userid = {{ RABBITMQ_USER }} + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +rabbit_password = {{ RABBITMQ_PASSWORD }} + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +#rabbit_login_method = AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +#rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +#rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +#rabbit_retry_backoff = 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry +# count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +#rabbit_max_retries = 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you +# must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +#rabbit_ha_queues = false + +# Number of seconds after which the Rabbit broker is considered down if +# heartbeat's keep-alive fails (0 disable the heartbeat). (integer value) +#heartbeat_timeout_threshold = 60 + +# How often times during the heartbeat_timeout_threshold we check the +# heartbeat. (integer value) +#heartbeat_rate = 2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +#fake_rabbit = false diff --git a/install-files/openstack/usr/share/openstack/nova/policy.json b/install-files/openstack/usr/share/openstack/nova/policy.json deleted file mode 100644 index cc5b8ea4..00000000 --- a/install-files/openstack/usr/share/openstack/nova/policy.json +++ /dev/null @@ -1,324 +0,0 @@ -{ - "context_is_admin": "role:admin", - "admin_or_owner": "is_admin:True or project_id:%(project_id)s", - "default": "rule:admin_or_owner", - - "cells_scheduler_filter:TargetCellFilter": "is_admin:True", - - "compute:create": "", - "compute:create:attach_network": "", - "compute:create:attach_volume": "", - "compute:create:forced_host": "is_admin:True", - "compute:get_all": "", - "compute:get_all_tenants": "", - "compute:start": "rule:admin_or_owner", - "compute:stop": "rule:admin_or_owner", - "compute:unlock_override": "rule:admin_api", - - "compute:shelve": "", - "compute:shelve_offload": "", - "compute:unshelve": "", - - "compute:volume_snapshot_create": "", - "compute:volume_snapshot_delete": "", - - "admin_api": "is_admin:True", - "compute:v3:servers:start": "rule:admin_or_owner", - "compute:v3:servers:stop": "rule:admin_or_owner", - "compute_extension:v3:os-access-ips:discoverable": "", - "compute_extension:v3:os-access-ips": "", - "compute_extension:accounts": "rule:admin_api", - "compute_extension:admin_actions": "rule:admin_api", - "compute_extension:admin_actions:pause": "rule:admin_or_owner", - "compute_extension:admin_actions:unpause": "rule:admin_or_owner", - "compute_extension:admin_actions:suspend": "rule:admin_or_owner", - "compute_extension:admin_actions:resume": "rule:admin_or_owner", - "compute_extension:admin_actions:lock": "rule:admin_or_owner", - "compute_extension:admin_actions:unlock": "rule:admin_or_owner", - "compute_extension:admin_actions:resetNetwork": "rule:admin_api", - "compute_extension:admin_actions:injectNetworkInfo": "rule:admin_api", - "compute_extension:admin_actions:createBackup": "rule:admin_or_owner", - "compute_extension:admin_actions:migrateLive": "rule:admin_api", - "compute_extension:admin_actions:resetState": "rule:admin_api", - "compute_extension:admin_actions:migrate": "rule:admin_api", - "compute_extension:v3:os-admin-actions": "rule:admin_api", - "compute_extension:v3:os-admin-actions:discoverable": "", - "compute_extension:v3:os-admin-actions:reset_network": "rule:admin_api", - "compute_extension:v3:os-admin-actions:inject_network_info": "rule:admin_api", - "compute_extension:v3:os-admin-actions:reset_state": "rule:admin_api", - "compute_extension:v3:os-admin-password": "", - "compute_extension:v3:os-admin-password:discoverable": "", - "compute_extension:aggregates": "rule:admin_api", - "compute_extension:v3:os-aggregates:discoverable": "", - "compute_extension:v3:os-aggregates:index": "rule:admin_api", - "compute_extension:v3:os-aggregates:create": "rule:admin_api", - "compute_extension:v3:os-aggregates:show": "rule:admin_api", - "compute_extension:v3:os-aggregates:update": "rule:admin_api", - "compute_extension:v3:os-aggregates:delete": "rule:admin_api", - "compute_extension:v3:os-aggregates:add_host": "rule:admin_api", - "compute_extension:v3:os-aggregates:remove_host": "rule:admin_api", - "compute_extension:v3:os-aggregates:set_metadata": "rule:admin_api", - "compute_extension:agents": "rule:admin_api", - "compute_extension:v3:os-agents": "rule:admin_api", - "compute_extension:v3:os-agents:discoverable": "", - "compute_extension:attach_interfaces": "", - "compute_extension:v3:os-attach-interfaces": "", - "compute_extension:v3:os-attach-interfaces:discoverable": "", - "compute_extension:baremetal_nodes": "rule:admin_api", - "compute_extension:cells": "rule:admin_api", - "compute_extension:v3:os-cells": "rule:admin_api", - "compute_extension:v3:os-cells:discoverable": "", - "compute_extension:certificates": "", - "compute_extension:v3:os-certificates:create": "", - "compute_extension:v3:os-certificates:show": "", - "compute_extension:v3:os-certificates:discoverable": "", - "compute_extension:cloudpipe": "rule:admin_api", - "compute_extension:cloudpipe_update": "rule:admin_api", - "compute_extension:console_output": "", - "compute_extension:v3:consoles:discoverable": "", - "compute_extension:v3:os-console-output:discoverable": "", - "compute_extension:v3:os-console-output": "", - "compute_extension:consoles": "", - "compute_extension:v3:os-remote-consoles": "", - "compute_extension:v3:os-remote-consoles:discoverable": "", - "compute_extension:createserverext": "", - "compute_extension:v3:os-create-backup:discoverable": "", - "compute_extension:v3:os-create-backup": "rule:admin_or_owner", - "compute_extension:deferred_delete": "", - "compute_extension:v3:os-deferred-delete": "", - "compute_extension:v3:os-deferred-delete:discoverable": "", - "compute_extension:disk_config": "", - "compute_extension:evacuate": "rule:admin_api", - "compute_extension:v3:os-evacuate": "rule:admin_api", - "compute_extension:v3:os-evacuate:discoverable": "", - "compute_extension:extended_server_attributes": "rule:admin_api", - "compute_extension:v3:os-extended-server-attributes": "rule:admin_api", - "compute_extension:v3:os-extended-server-attributes:discoverable": "", - "compute_extension:extended_status": "", - "compute_extension:v3:os-extended-status": "", - "compute_extension:v3:os-extended-status:discoverable": "", - "compute_extension:extended_availability_zone": "", - "compute_extension:v3:os-extended-availability-zone": "", - "compute_extension:v3:os-extended-availability-zone:discoverable": "", - "compute_extension:extended_ips": "", - "compute_extension:extended_ips_mac": "", - "compute_extension:extended_vif_net": "", - "compute_extension:v3:extension_info:discoverable": "", - "compute_extension:extended_volumes": "", - "compute_extension:v3:os-extended-volumes": "", - "compute_extension:v3:os-extended-volumes:swap": "", - "compute_extension:v3:os-extended-volumes:discoverable": "", - "compute_extension:v3:os-extended-volumes:attach": "", - "compute_extension:v3:os-extended-volumes:detach": "", - "compute_extension:fixed_ips": "rule:admin_api", - "compute_extension:flavor_access": "", - "compute_extension:flavor_access:addTenantAccess": "rule:admin_api", - "compute_extension:flavor_access:removeTenantAccess": "rule:admin_api", - "compute_extension:v3:flavor-access": "", - "compute_extension:v3:flavor-access:discoverable": "", - "compute_extension:v3:flavor-access:remove_tenant_access": "rule:admin_api", - "compute_extension:v3:flavor-access:add_tenant_access": "rule:admin_api", - "compute_extension:flavor_disabled": "", - "compute_extension:flavor_rxtx": "", - "compute_extension:v3:os-flavor-rxtx": "", - "compute_extension:v3:os-flavor-rxtx:discoverable": "", - "compute_extension:flavor_swap": "", - "compute_extension:flavorextradata": "", - "compute_extension:flavorextraspecs:index": "", - "compute_extension:flavorextraspecs:show": "", - "compute_extension:flavorextraspecs:create": "rule:admin_api", - "compute_extension:flavorextraspecs:update": "rule:admin_api", - "compute_extension:flavorextraspecs:delete": "rule:admin_api", - "compute_extension:v3:flavors:discoverable": "", - "compute_extension:v3:flavor-extra-specs:discoverable": "", - "compute_extension:v3:flavor-extra-specs:index": "", - "compute_extension:v3:flavor-extra-specs:show": "", - "compute_extension:v3:flavor-extra-specs:create": "rule:admin_api", - "compute_extension:v3:flavor-extra-specs:update": "rule:admin_api", - "compute_extension:v3:flavor-extra-specs:delete": "rule:admin_api", - "compute_extension:flavormanage": "rule:admin_api", - "compute_extension:v3:flavor-manage": "rule:admin_api", - "compute_extension:floating_ip_dns": "", - "compute_extension:floating_ip_pools": "", - "compute_extension:floating_ips": "", - "compute_extension:floating_ips_bulk": "rule:admin_api", - "compute_extension:fping": "", - "compute_extension:fping:all_tenants": "rule:admin_api", - "compute_extension:hide_server_addresses": "is_admin:False", - "compute_extension:v3:os-hide-server-addresses": "is_admin:False", - "compute_extension:v3:os-hide-server-addresses:discoverable": "", - "compute_extension:hosts": "rule:admin_api", - "compute_extension:v3:os-hosts": "rule:admin_api", - "compute_extension:v3:os-hosts:discoverable": "", - "compute_extension:hypervisors": "rule:admin_api", - "compute_extension:v3:os-hypervisors": "rule:admin_api", - "compute_extension:v3:os-hypervisors:discoverable": "", - "compute_extension:image_size": "", - "compute_extension:instance_actions": "", - "compute_extension:v3:os-server-actions": "", - "compute_extension:v3:os-server-actions:discoverable": "", - "compute_extension:instance_actions:events": "rule:admin_api", - "compute_extension:v3:os-server-actions:events": "rule:admin_api", - "compute_extension:instance_usage_audit_log": "rule:admin_api", - "compute_extension:v3:ips:discoverable": "", - "compute_extension:keypairs": "", - "compute_extension:keypairs:index": "", - "compute_extension:keypairs:show": "", - "compute_extension:keypairs:create": "", - "compute_extension:keypairs:delete": "", - "compute_extension:v3:keypairs:discoverable": "", - "compute_extension:v3:keypairs": "", - "compute_extension:v3:keypairs:index": "", - "compute_extension:v3:keypairs:show": "", - "compute_extension:v3:keypairs:create": "", - "compute_extension:v3:keypairs:delete": "", - "compute_extension:v3:os-lock-server:discoverable": "", - "compute_extension:v3:os-lock-server:lock": "rule:admin_or_owner", - "compute_extension:v3:os-lock-server:unlock": "rule:admin_or_owner", - "compute_extension:v3:os-migrate-server:discoverable": "", - "compute_extension:v3:os-migrate-server:migrate": "rule:admin_api", - "compute_extension:v3:os-migrate-server:migrate_live": "rule:admin_api", - "compute_extension:multinic": "", - "compute_extension:v3:os-multinic": "", - "compute_extension:v3:os-multinic:discoverable": "", - "compute_extension:networks": "rule:admin_api", - "compute_extension:networks:view": "", - "compute_extension:networks_associate": "rule:admin_api", - "compute_extension:v3:os-pause-server:discoverable": "", - "compute_extension:v3:os-pause-server:pause": "rule:admin_or_owner", - "compute_extension:v3:os-pause-server:unpause": "rule:admin_or_owner", - "compute_extension:v3:os-pci:pci_servers": "", - "compute_extension:v3:os-pci:discoverable": "", - "compute_extension:v3:os-pci:index": "rule:admin_api", - "compute_extension:v3:os-pci:detail": "rule:admin_api", - "compute_extension:v3:os-pci:show": "rule:admin_api", - "compute_extension:quotas:show": "", - "compute_extension:quotas:update": "rule:admin_api", - "compute_extension:quotas:delete": "rule:admin_api", - "compute_extension:v3:os-quota-sets:discoverable": "", - "compute_extension:v3:os-quota-sets:show": "", - "compute_extension:v3:os-quota-sets:update": "rule:admin_api", - "compute_extension:v3:os-quota-sets:delete": "rule:admin_api", - "compute_extension:v3:os-quota-sets:detail": "rule:admin_api", - "compute_extension:quota_classes": "", - "compute_extension:rescue": "", - "compute_extension:v3:os-rescue": "", - "compute_extension:v3:os-rescue:discoverable": "", - "compute_extension:v3:os-scheduler-hints:discoverable": "", - "compute_extension:security_group_default_rules": "rule:admin_api", - "compute_extension:security_groups": "", - "compute_extension:v3:os-security-groups": "", - "compute_extension:v3:os-security-groups:discoverable": "", - "compute_extension:server_diagnostics": "rule:admin_api", - "compute_extension:v3:os-server-diagnostics": "rule:admin_api", - "compute_extension:v3:os-server-diagnostics:discoverable": "", - "compute_extension:server_groups": "", - "compute_extension:server_password": "", - "compute_extension:v3:os-server-password": "", - "compute_extension:v3:os-server-password:discoverable": "", - "compute_extension:server_usage": "", - "compute_extension:v3:os-server-usage": "", - "compute_extension:v3:os-server-usage:discoverable": "", - "compute_extension:services": "rule:admin_api", - "compute_extension:v3:os-services": "rule:admin_api", - "compute_extension:v3:os-services:discoverable": "", - "compute_extension:v3:server-metadata:discoverable": "", - "compute_extension:v3:servers:discoverable": "", - "compute_extension:shelve": "", - "compute_extension:shelveOffload": "rule:admin_api", - "compute_extension:v3:os-shelve:shelve": "", - "compute_extension:v3:os-shelve:shelve:discoverable": "", - "compute_extension:v3:os-shelve:shelve_offload": "rule:admin_api", - "compute_extension:simple_tenant_usage:show": "rule:admin_or_owner", - "compute_extension:v3:os-suspend-server:discoverable": "", - "compute_extension:v3:os-suspend-server:suspend": "rule:admin_or_owner", - "compute_extension:v3:os-suspend-server:resume": "rule:admin_or_owner", - "compute_extension:simple_tenant_usage:list": "rule:admin_api", - "compute_extension:unshelve": "", - "compute_extension:v3:os-shelve:unshelve": "", - "compute_extension:users": "rule:admin_api", - "compute_extension:v3:os-user-data:discoverable": "", - "compute_extension:virtual_interfaces": "", - "compute_extension:virtual_storage_arrays": "", - "compute_extension:volumes": "", - "compute_extension:volume_attachments:index": "", - "compute_extension:volume_attachments:show": "", - "compute_extension:volume_attachments:create": "", - "compute_extension:volume_attachments:update": "", - "compute_extension:volume_attachments:delete": "", - "compute_extension:volumetypes": "", - "compute_extension:availability_zone:list": "", - "compute_extension:v3:os-availability-zone:list": "", - "compute_extension:v3:os-availability-zone:discoverable": "", - "compute_extension:availability_zone:detail": "rule:admin_api", - "compute_extension:v3:os-availability-zone:detail": "rule:admin_api", - "compute_extension:used_limits_for_admin": "rule:admin_api", - "compute_extension:migrations:index": "rule:admin_api", - "compute_extension:v3:os-migrations:index": "rule:admin_api", - "compute_extension:v3:os-migrations:discoverable": "", - "compute_extension:os-assisted-volume-snapshots:create": "rule:admin_api", - "compute_extension:os-assisted-volume-snapshots:delete": "rule:admin_api", - "compute_extension:console_auth_tokens": "rule:admin_api", - "compute_extension:v3:os-console-auth-tokens": "rule:admin_api", - "compute_extension:os-server-external-events:create": "rule:admin_api", - "compute_extension:v3:os-server-external-events:create": "rule:admin_api", - - "volume:create": "", - "volume:get_all": "", - "volume:get_volume_metadata": "", - "volume:get_snapshot": "", - "volume:get_all_snapshots": "", - - - "volume_extension:types_manage": "rule:admin_api", - "volume_extension:types_extra_specs": "rule:admin_api", - "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", - "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", - "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", - - - "network:get_all": "", - "network:get": "", - "network:create": "", - "network:delete": "", - "network:associate": "", - "network:disassociate": "", - "network:get_vifs_by_instance": "", - "network:allocate_for_instance": "", - "network:deallocate_for_instance": "", - "network:validate_networks": "", - "network:get_instance_uuids_by_ip_filter": "", - "network:get_instance_id_by_floating_address": "", - "network:setup_networks_on_host": "", - "network:get_backdoor_port": "", - - "network:get_floating_ip": "", - "network:get_floating_ip_pools": "", - "network:get_floating_ip_by_address": "", - "network:get_floating_ips_by_project": "", - "network:get_floating_ips_by_fixed_address": "", - "network:allocate_floating_ip": "", - "network:deallocate_floating_ip": "", - "network:associate_floating_ip": "", - "network:disassociate_floating_ip": "", - "network:release_floating_ip": "", - "network:migrate_instance_start": "", - "network:migrate_instance_finish": "", - - "network:get_fixed_ip": "", - "network:get_fixed_ip_by_address": "", - "network:add_fixed_ip_to_instance": "", - "network:remove_fixed_ip_from_instance": "", - "network:add_network_to_project": "", - "network:get_instance_nw_info": "", - - "network:get_dns_domains": "", - "network:add_dns_entry": "", - "network:modify_dns_entry": "", - "network:delete_dns_entry": "", - "network:get_dns_entries_by_address": "", - "network:get_dns_entries_by_name": "", - "network:create_private_dns_domain": "", - "network:create_public_dns_domain": "", - "network:delete_dns_domain": "" -} diff --git a/install-files/openstack/usr/share/openstack/postgres/postgresql.conf b/install-files/openstack/usr/share/openstack/postgres/postgresql.conf index 74153385..9c8094ea 100644 --- a/install-files/openstack/usr/share/openstack/postgres/postgresql.conf +++ b/install-files/openstack/usr/share/openstack/postgres/postgresql.conf @@ -1,5 +1,5 @@ listen_addresses = '{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}' -max_connections = 100 +max_connections = 300 shared_buffers = 128MB log_timezone = 'UTC' datestyle = 'iso, mdy' diff --git a/install-files/swift/usr/share/swift/etc/swift/container-server.j2 b/install-files/swift/usr/share/swift/etc/swift/container-server.j2 index d226d016..3c63b7d0 100644 --- a/install-files/swift/usr/share/swift/etc/swift/container-server.j2 +++ b/install-files/swift/usr/share/swift/etc/swift/container-server.j2 @@ -168,6 +168,14 @@ recon_cache_path = /var/cache/swift # # Maximum amount of time to spend syncing each container per pass # container_time = 60 +# +# Maximum amount of time in seconds for the connection attempt +# conn_timeout = 5 +# Server errors from requests will be retried by default +# request_tries = 3 +# +# Internal client config file path +# internal_client_conf_path = /etc/swift/internal-client.conf # Note: Put it at the beginning of the pipeline to profile all middleware. But # it is safer to put this after healthcheck. diff --git a/install-files/swift/usr/share/swift/etc/swift/object-server.j2 b/install-files/swift/usr/share/swift/etc/swift/object-server.j2 index 66990be9..19d72f6c 100644 --- a/install-files/swift/usr/share/swift/etc/swift/object-server.j2 +++ b/install-files/swift/usr/share/swift/etc/swift/object-server.j2 @@ -77,7 +77,7 @@ use = egg:swift#object # slow = 0 # # Objects smaller than this are not evicted from the buffercache once read -# keep_cache_size = 5424880 +# keep_cache_size = 5242880 # # If true, objects for authenticated GET requests may be kept in buffer cache # if small enough @@ -212,6 +212,29 @@ recon_cache_path = /var/cache/swift # removed when it has successfully replicated to all the canonical nodes. # handoff_delete = auto +[object-reconstructor] +# You can override the default log routing for this app here (don't use set!): +# Unless otherwise noted, each setting below has the same meaning as described +# in the [object-replicator] section, however these settings apply to the EC +# reconstructor +# +# log_name = object-reconstructor +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# +# daemonize = on +# run_pause = 30 +# concurrency = 1 +# stats_interval = 300 +# node_timeout = 10 +# http_timeout = 60 +# lockup_timeout = 1800 +# reclaim_age = 604800 +# ring_check_interval = 15 +# recon_cache_path = /var/cache/swift +# handoffs_first = False + [object-updater] # You can override the default log routing for this app here (don't use set!): # log_name = object-updater diff --git a/install-files/swift/usr/share/swift/etc/swift/swift.j2 b/install-files/swift/usr/share/swift/etc/swift/swift.j2 index 6d76215a..933e207e 100644 --- a/install-files/swift/usr/share/swift/etc/swift/swift.j2 +++ b/install-files/swift/usr/share/swift/etc/swift/swift.j2 @@ -22,9 +22,13 @@ swift_hash_path_prefix = {{ SWIFT_HASH_PATH_PREFIX }} # defined you must define a policy with index 0 and you must specify a # default. It is recommended you always define a section for # storage-policy:0. +# +# A 'policy_type' argument is also supported but is not mandatory. Default +# policy type 'replication' is used when 'policy_type' is unspecified. [storage-policy:0] name = Policy-0 default = yes +#policy_type = replication # the following section would declare a policy called 'silver', the number of # replicas will be determined by how the ring is built. In this example the @@ -39,9 +43,45 @@ default = yes # current default. #[storage-policy:1] #name = silver +#policy_type = replication + +# The following declares a storage policy of type 'erasure_coding' which uses +# Erasure Coding for data reliability. The 'erasure_coding' storage policy in +# Swift is available as a "beta". Please refer to Swift documentation for +# details on how the 'erasure_coding' storage policy is implemented. +# +# Swift uses PyECLib, a Python Erasure coding API library, for encode/decode +# operations. Please refer to Swift documentation for details on how to +# install PyECLib. +# +# When defining an EC policy, 'policy_type' needs to be 'erasure_coding' and +# EC configuration parameters 'ec_type', 'ec_num_data_fragments' and +# 'ec_num_parity_fragments' must be specified. 'ec_type' is chosen from the +# list of EC backends supported by PyECLib. The ring configured for the +# storage policy must have it's "replica" count configured to +# 'ec_num_data_fragments' + 'ec_num_parity_fragments' - this requirement is +# validated when services start. 'ec_object_segment_size' is the amount of +# data that will be buffered up before feeding a segment into the +# encoder/decoder. More information about these configuration options and +# supported `ec_type` schemes is available in the Swift documentation. Please +# refer to Swift documentation for details on how to configure EC policies. +# +# The example 'deepfreeze10-4' policy defined below is a _sample_ +# configuration with 10 'data' and 4 'parity' fragments. 'ec_type' +# defines the Erasure Coding scheme. 'jerasure_rs_vand' (Reed-Solomon +# Vandermonde) is used as an example below. +# +#[storage-policy:2] +#name = deepfreeze10-4 +#policy_type = erasure_coding +#ec_type = jerasure_rs_vand +#ec_num_data_fragments = 10 +#ec_num_parity_fragments = 4 +#ec_object_segment_size = 1048576 + # The swift-constraints section sets the basic constraints on data -# saved in the swift cluster. These constraints are automatically +# saved in the swift cluster. These constraints are automatically # published by the proxy server in responses to /info requests. [swift-constraints] @@ -116,3 +156,14 @@ default = yes # of a container name #max_container_name_length = 256 + + +# By default all REST API calls should use "v1" or "v1.0" as the version string, +# for example "/v1/account". This can be manually overridden to make this +# backward-compatible, in case a different version string has been used before. +# Use a comma-separated list in case of multiple allowed versions, for example +# valid_api_versions = v0,v1,v2 +# This is only enforced for account, container and object requests. The allowed +# api versions are by default excluded from /info. + +# valid_api_versions = v1,v1.0 diff --git a/strata/armv7lhf-cross-toolchain.morph b/strata/armv7lhf-cross-toolchain.morph index ffc4a9dd..7112653a 100644 --- a/strata/armv7lhf-cross-toolchain.morph +++ b/strata/armv7lhf-cross-toolchain.morph @@ -6,9 +6,9 @@ build-depends: chunks: - name: armv7lhf-cross-binutils morph: strata/armv7lhf-cross-toolchain/armv7lhf-cross-binutils.morph - repo: upstream:binutils-redhat - ref: b1d3b01332ae49a60ff5d6bf53d3a5b1805769c8 - unpetrify-ref: baserock/build-essential + repo: upstream:binutils-tarball + ref: 5500a97a2ad1735db5b35bc51cfb825c1f4c38df + unpetrify-ref: binutils-2.25 - name: armv7lhf-cross-linux-api-headers morph: strata/armv7lhf-cross-toolchain/armv7lhf-cross-linux-api-headers.morph diff --git a/strata/audio-bluetooth/pulseaudio.morph b/strata/audio-bluetooth/pulseaudio.morph index fa183fcb..960a6452 100644 --- a/strata/audio-bluetooth/pulseaudio.morph +++ b/strata/audio-bluetooth/pulseaudio.morph @@ -2,8 +2,9 @@ name: pulseaudio kind: chunk description: PulseAudio System build-system: autotools +pre-configure-commands: +- NOCONFIGURE=1 ./bootstrap.sh configure-commands: -- ./autogen.sh - ./configure --prefix="$PREFIX" --localstatedir=/var --sysconfdir=/etc --with-database=simple --with-systemduserunitdir=/lib/systemd/system install-commands: - make DESTDIR="$DESTDIR" install diff --git a/strata/build-essential.morph b/strata/build-essential.morph index 3c7bbfa2..0a6f4e68 100644 --- a/strata/build-essential.morph +++ b/strata/build-essential.morph @@ -50,9 +50,9 @@ products: chunks: - name: stage1-binutils morph: strata/build-essential/stage1-binutils.morph - repo: upstream:binutils-redhat - ref: b1d3b01332ae49a60ff5d6bf53d3a5b1805769c8 - unpetrify-ref: baserock/build-essential + repo: upstream:binutils-tarball + ref: 5500a97a2ad1735db5b35bc51cfb825c1f4c38df + unpetrify-ref: binutils-2.25 build-mode: bootstrap prefix: /tools @@ -104,9 +104,9 @@ chunks: - name: stage2-binutils morph: strata/build-essential/stage2-binutils.morph - repo: upstream:binutils-redhat - ref: b1d3b01332ae49a60ff5d6bf53d3a5b1805769c8 - unpetrify-ref: baserock/build-essential + repo: upstream:binutils-tarball + ref: 5500a97a2ad1735db5b35bc51cfb825c1f4c38df + unpetrify-ref: binutils-2.25 build-depends: - stage1-binutils - stage1-gcc @@ -188,8 +188,8 @@ chunks: - name: stage2-make morph: strata/build-essential/stage2-make.morph repo: upstream:make-tarball - ref: f75919b038da8a28388a911303fb86ed7a70ea2c - unpetrify-ref: make-4.1 + ref: 4978d7129e42340ab9efeb0cb9cae4ad0fa052d4 + unpetrify-ref: baserock/make-4.1-ttyname-segfault-fix build-depends: - stage1-binutils - stage1-gcc @@ -285,9 +285,9 @@ chunks: - name: binutils morph: strata/build-essential/binutils.morph - repo: upstream:binutils-redhat - ref: b1d3b01332ae49a60ff5d6bf53d3a5b1805769c8 - unpetrify-ref: baserock/build-essential + repo: upstream:binutils-tarball + ref: 5500a97a2ad1735db5b35bc51cfb825c1f4c38df + unpetrify-ref: binutils-2.25 build-depends: - stage2-binutils - stage2-busybox @@ -377,8 +377,8 @@ chunks: - name: make morph: strata/build-essential/make.morph repo: upstream:make-tarball - ref: f75919b038da8a28388a911303fb86ed7a70ea2c - unpetrify-ref: make-4.1 + ref: 4978d7129e42340ab9efeb0cb9cae4ad0fa052d4 + unpetrify-ref: baserock/make-4.1-ttyname-segfault-fix build-depends: - stage2-binutils - stage2-busybox diff --git a/strata/build-essential/busybox.morph b/strata/build-essential/busybox.morph index b5418bc0..83c05bb5 100644 --- a/strata/build-essential/busybox.morph +++ b/strata/build-essential/busybox.morph @@ -3,7 +3,7 @@ kind: chunk configure-commands: # Busybox's default config has everything enabled. -- make defconfig +- make defconfig KCONFIG_NOTIMESTAMP=1 - sed -e 's|.*UDHCPC_DEFAULT_SCRIPT.*|CONFIG_UDHCPC_DEFAULT_SCRIPT="'"$PREFIX"/share/udhcpc/default.script'"|' -i .config - sed -e 's|.*IFUPDOWN_IFSTATE_PATH.*|CONFIG_IFUPDOWN_IFSTATE_PATH="/run/ifstate"|' -i .config @@ -57,12 +57,12 @@ configure-commands: build-commands: -- make +- make KCONFIG_NOTIMESTAMP=1 install-commands: - | if [ "$PREFIX" = /usr ]; then PREFIX=; fi && - make CONFIG_PREFIX="$DESTDIR$PREFIX" install && + make CONFIG_PREFIX="$DESTDIR$PREFIX" KCONFIG_NOTIMESTAMP=1 install && chmod 6755 "$DESTDIR$PREFIX"/bin/busybox # Set up man environment variables diff --git a/strata/build-essential/stage1-gcc.morph b/strata/build-essential/stage1-gcc.morph index f76b0cc6..6418ed6a 100644 --- a/strata/build-essential/stage1-gcc.morph +++ b/strata/build-essential/stage1-gcc.morph @@ -3,7 +3,10 @@ kind: chunk configure-commands: # Workaround from LFS due GCC not detecting stack protection correctly -- sed -i '/k prot/agcc_cv_libc_provides_ssp=yes' gcc/configure +- | + sed -i -e '/k prot/a \ + gcc_cv_libc_provides_ssp=yes + ' gcc/configure - mkdir o diff --git a/strata/build-essential/stage2-binutils.morph b/strata/build-essential/stage2-binutils.morph index 1c64fb29..b07b56a4 100644 --- a/strata/build-essential/stage2-binutils.morph +++ b/strata/build-essential/stage2-binutils.morph @@ -5,7 +5,7 @@ build-system: autotools configure-commands: - | export STAGE2_SYSROOT="$(dirname $(pwd))" - export CXX=false + export CXX="$TARGET_STAGE1-g++ --sysroot=$STAGE2_SYSROOT" # binutils has its own embedded libtool, which is old and strips out # `--sysroot`. Work around by modifying the compiler command to # include the sysroot flag diff --git a/strata/build-essential/stage2-busybox.morph b/strata/build-essential/stage2-busybox.morph index 98e4bf33..73803f89 100644 --- a/strata/build-essential/stage2-busybox.morph +++ b/strata/build-essential/stage2-busybox.morph @@ -5,7 +5,7 @@ configure-commands: # Explicitly setting HOSTCC is required because we have a 'gcc' earlier in # the PATH supplied by the stage2-gcc chunk, which can't execute outside of # the stage 3 staging area. -- make HOSTCC="/usr/bin/gcc" CROSS_COMPILE=$TARGET_STAGE1- defconfig +- make HOSTCC="/usr/bin/gcc" CROSS_COMPILE=$TARGET_STAGE1- KCONFIG_NOTIMESTAMP=1 defconfig # Avoid dividing applets between $PREFIX/[s]bin and $PREFIX/usr/[s]bin. - '[ "$PREFIX" = /usr ] || sed -e ''s/.*INSTALL_NO_USR.*/CONFIG_INSTALL_NO_USR=y/'' -i .config' @@ -58,7 +58,7 @@ build-commands: export STAGE2_SYSROOT="$(dirname $(pwd))" export CPPFLAGS="--sysroot=$STAGE2_SYSROOT" export LDFLAGS="--sysroot=$STAGE2_SYSROOT" - make HOSTCC="/usr/bin/gcc" CROSS_COMPILE=$TARGET_STAGE1- + make HOSTCC="/usr/bin/gcc" CROSS_COMPILE=$TARGET_STAGE1- KCONFIG_NOTIMESTAMP=1 install-commands: # We expect to be built with a non-standard prefix in stage 2 (i.e. not @@ -68,5 +68,7 @@ install-commands: export CPPFLAGS="--sysroot=$STAGE2_SYSROOT" export LDFLAGS="--sysroot=$STAGE2_SYSROOT" make CONFIG_PREFIX="$DESTDIR$PREFIX" \ - HOSTCC="/usr/bin/gcc" CROSS_COMPILE=$TARGET_STAGE1- install && + HOSTCC="/usr/bin/gcc" \ + CROSS_COMPILE=$TARGET_STAGE1- \ + KCONFIG_NOTIMESTAMP=1 install && chmod 6755 "$DESTDIR$PREFIX"/bin/busybox diff --git a/strata/core.morph b/strata/core.morph index a6a9e06c..e11c2d04 100644 --- a/strata/core.morph +++ b/strata/core.morph @@ -60,6 +60,26 @@ chunks: - autoconf-tarball - perl - texinfo-tarball +- name: help2man + repo: upstream:help2man + ref: 83bab7e2e8e24a380266a9a247c029c49b0de666 + unpetrify-ref: baserock/v1.46.5 + build-depends: + - autoconf-tarball + - automake +# Note: autoconf's version number must be set in autoconf's chunk morph, +# so if you update autoconf be sure to also update the version number +# in strata/core/autoconf.morph +- name: autoconf + morph: strata/core/autoconf.morph + repo: upstream:autoconf + ref: 218f9347c9c34919c2b8eef8d9a0513ac567a3c1 + unpetrify-ref: baserock/v2.69-texinfo-fix + build-depends: + - autoconf-tarball + - automake + - help2man + - texinfo-tarball - name: libtool-tarball morph: strata/core/libtool-tarball.morph repo: upstream:libtool-tarball @@ -71,7 +91,7 @@ chunks: ref: 7cfc09db3e258129ab05811f2f9e351746ddab9f unpetrify-ref: R_2_1_0 build-depends: - - autoconf-tarball + - autoconf - automake - libtool-tarball - name: gettext-tarball @@ -136,24 +156,67 @@ chunks: unpetrify-ref: baserock/morph build-depends: - bash +# Note: bison's version number must be set in bison's chunk morph, +# so if you update bison be sure to also update the version number +# in strata/core/bison.morph +- name: bison + morph: strata/core/bison.morph + repo: upstream:bison + ref: 2ab6d1daaccf32fc4314e4b2fe44da977f11a308 + unpetrify-ref: baserock/v3.0.2 + build-depends: + - autoconf + - automake + - flex + - gettext-tarball + - help2man + - mini-utils +# Note: patch's version number must be set in patch's chunk morph, +# so if you update patch be sure to also update the version number +# in strata/core/patch.morph +- name: patch + morph: strata/core/patch.morph + repo: upstream:patch + ref: 3bbb26c928a147cfcf0756f1cc0a1307e5cc663f + unpetrify-ref: baserock/v2.7.1 + build-depends: + - autoconf + - automake + - mini-utils + - bison - name: xz repo: upstream:xz ref: a0cd05ee71d330b79ead6eb9222e1b24e1559d3a unpetrify-ref: v5.2.0 build-depends: - - autoconf-tarball + - autoconf - automake - gettext-tarball - libtool-tarball +# Note: libtool's version number must be set in libtool's chunk morph, +# so if you update libtool be sure to also update the version number +# in strata/core/libtool.morph +- name: libtool + morph: strata/core/libtool.morph + repo: upstream:libtool + ref: 5e11a17c39a2a976a09c33a568431a9f7ad00d48 + unpetrify-ref: baserock/v2.4.6 + build-depends: + - autoconf + - automake + - help2man + - patch + - texinfo-tarball + - xz - name: libxml2 repo: upstream:libxml2 ref: ee8f1d4cda8dc1a6f2c515fe234f7bc89cdc9f80 unpetrify-ref: baserock/morph build-depends: - - autoconf-tarball + - autoconf - automake - cpython - - libtool-tarball + - libtool - xz - name: ca-certificates morph: strata/core/ca-certificates.morph @@ -169,9 +232,9 @@ chunks: ref: 202aa9f7758636730299b86715d924f54468a908 unpetrify-ref: curl-7_38_0 build-depends: - - autoconf-tarball + - autoconf - automake - - libtool-tarball + - libtool - openssl-new - ca-certificates - name: XML-Parser @@ -187,34 +250,12 @@ chunks: ref: 9874fca7122563e28d699a911404fc49d2a24f1c unpetrify-ref: v2.3.0 build-depends: - - autoconf-tarball + - autoconf - cpython - curl - gettext-tarball - libexpat - openssl-new -- name: help2man - repo: upstream:help2man - ref: 83bab7e2e8e24a380266a9a247c029c49b0de666 - unpetrify-ref: baserock/v1.46.5 - build-depends: - - autoconf-tarball - - automake -# Note: bison's version number must be set in bison's chunk morph, -# so if you update bison be sure to also update the version number -# in strata/core/bison.morph -- name: bison - morph: strata/core/bison.morph - repo: upstream:bison - ref: 2ab6d1daaccf32fc4314e4b2fe44da977f11a308 - unpetrify-ref: baserock/v3.0.2 - build-depends: - - autoconf-tarball - - automake - - flex - - gettext-tarball - - help2man - - mini-utils - name: gperf morph: strata/core/gperf.morph repo: upstream:gperf @@ -226,7 +267,7 @@ chunks: unpetrify-ref: baserock/morph build-depends: - XML-Parser - - autoconf-tarball + - autoconf - automake - perl - name: pkg-config @@ -235,29 +276,29 @@ chunks: ref: 74ceac54ef6f9247c00f08eecd8cca811a3c5934 unpetrify-ref: pkg-config-0.28 build-depends: - - autoconf-tarball + - autoconf - automake - - libtool-tarball + - libtool - name: attr morph: strata/core/attr.morph repo: upstream:attr ref: 4b005410f865895d4dcd56e2c135278a7a315877 unpetrify-ref: baserock/morph build-depends: - - autoconf-tarball + - autoconf - automake - gettext-tarball - - libtool-tarball + - libtool - name: acl morph: strata/core/acl.morph repo: upstream:acl ref: f13e09bd54fd4a501c4952f002ed2752bdd9f93b unpetrify-ref: v2.2.52 build-depends: - - autoconf-tarball + - autoconf - automake - gettext-tarball - - libtool-tarball + - libtool - attr - name: linux-pam morph: strata/core/linux-pam.morph @@ -265,10 +306,10 @@ chunks: ref: b1521c97e73b10469f7b34c0571d51c647eca83c unpetrify-ref: Linux-PAM-1.1.8 build-depends: - - autoconf-tarball + - autoconf - automake - gettext-tarball - - libtool-tarball + - libtool - pkg-config - flex - attr @@ -279,10 +320,10 @@ chunks: ref: 4f7cca1bc9c2a274edb39d351b65747010d3ba7b unpetrify-ref: baserock/morph build-depends: - - autoconf-tarball + - autoconf - automake - gettext-tarball - - libtool-tarball + - libtool - pkg-config - attr - acl @@ -290,29 +331,31 @@ chunks: - name: shadow morph: strata/core/shadow.morph repo: upstream:shadow - ref: 4f5000a45963c2cc2a403ad23e459f20296b29c2 - unpetrify-ref: baserock/4.2 + ref: bfaa59229d61adb7fa0c570f0d94fd324c6e05aa + unpetrify-ref: upstream/4.2.1 build-depends: - - autoconf-tarball + - autoconf - automake - gettext-tarball - - libtool-tarball + - libtool - bison - attr - acl - linux-pam - libcap2 +# Note: util-linux's version number must be set in util-linux's chunk morph, +# so if you update util-linux be sure to also update the version number +# in strata/core/util-linux.morph - name: util-linux morph: strata/core/util-linux.morph repo: upstream:util-linux ref: 34760e62e0d5a25262a6aa801b2f1df61216363f unpetrify-ref: v2.26.1 build-depends: - - autoconf-tarball + - autoconf - automake - gettext-tarball - - git - - libtool-tarball + - libtool - pkg-config - linux-pam - shadow @@ -323,20 +366,13 @@ chunks: build-depends: - flex - texinfo-tarball -- name: patch - morph: strata/core/patch.morph - repo: upstream:patch - ref: 3bbb26c928a147cfcf0756f1cc0a1307e5cc663f - unpetrify-ref: baserock/v2.7.1 - build-depends: - - shadow - name: libxslt repo: upstream:libxslt ref: 73e08bf7c36a9145d38f51d37e66529b873c011a unpetrify-ref: master build-depends: - - autoconf-tarball - - libtool-tarball + - autoconf + - libtool - automake - libxml2 - name: gnome-common @@ -344,7 +380,7 @@ chunks: ref: 5d61b55e8bea32fe2b52e21682ee4b3719b290c5 unpetrify-ref: 3.14.0 build-depends: - - autoconf-tarball + - autoconf - automake - name: libffi morph: strata/core/libffi.morph @@ -352,14 +388,14 @@ chunks: ref: 77d4586cc47e8f4c02278afbc220145bba0d442b unpetrify-ref: baserock/morph build-depends: - - autoconf-tarball + - autoconf - automake - name: glib repo: upstream:glib ref: 966ffb16f6bd54cb3d928a55d00d0eda73592094 unpetrify-ref: 2.44.0 build-depends: - - autoconf-tarball + - autoconf - automake - cpython - gettext-tarball @@ -370,7 +406,7 @@ chunks: ref: c0243e116c5e261c262dded9f4d7726a770c5a19 unpetrify-ref: GOBJECT_INTROSPECTION_1_44_0 build-depends: - - autoconf-tarball + - autoconf - automake - bash - bison diff --git a/strata/core/autoconf.morph b/strata/core/autoconf.morph new file mode 100644 index 00000000..63b95ba8 --- /dev/null +++ b/strata/core/autoconf.morph @@ -0,0 +1,5 @@ +name: autoconf +kind: chunk +build-system: autotools +pre-configure-commands: +- echo "2.69" > .tarball-version diff --git a/strata/core/libtool.morph b/strata/core/libtool.morph new file mode 100644 index 00000000..d4465c31 --- /dev/null +++ b/strata/core/libtool.morph @@ -0,0 +1,6 @@ +name: libtool +kind: chunk +build-system: autotools +pre-configure-commands: +- echo "2.4.6" > .tarball-version +- ./bootstrap diff --git a/strata/core/mini-utils.morph b/strata/core/mini-utils.morph index dc915b30..a3d1109e 100644 --- a/strata/core/mini-utils.morph +++ b/strata/core/mini-utils.morph @@ -1,6 +1,7 @@ name: mini-utils kind: chunk -build-system: autotools -configure-commands: [] +build-system: manual +build-commands: +- make install-commands: - make PREFIX="$PREFIX" DESTDIR="$DESTDIR" install diff --git a/strata/core/patch.morph b/strata/core/patch.morph index b7f146ef..48c9c437 100644 --- a/strata/core/patch.morph +++ b/strata/core/patch.morph @@ -2,4 +2,5 @@ name: patch kind: chunk build-system: autotools pre-configure-commands: +- echo "2.7.1" > .tarball-version - ./bootstrap --skip-po diff --git a/strata/core/shadow.morph b/strata/core/shadow.morph index c8715a7d..cdb1ff75 100644 --- a/strata/core/shadow.morph +++ b/strata/core/shadow.morph @@ -1,10 +1,12 @@ name: shadow kind: chunk build-system: autotools +pre-configure-commands: +- autoreconf -vfi configure-commands: # Installing to /bin so that they overwrite busybox login. - | - ./autogen.sh --with-selinux=no \ + ./configure --with-selinux=no \ --sysconfdir=/etc \ --with-libpam=yes \ --prefix="$PREFIX" \ diff --git a/strata/core/util-linux.morph b/strata/core/util-linux.morph index eebba6f6..290283d1 100644 --- a/strata/core/util-linux.morph +++ b/strata/core/util-linux.morph @@ -1,8 +1,10 @@ name: util-linux kind: chunk build-system: autotools -configure-commands: +pre-configure-commands: +- echo "2.26.1" > .tarball-version - ./autogen.sh +configure-commands: # Installing to /bin so that they overwrite busybox login. - | ./configure --prefix="$PREFIX" \ diff --git a/strata/erlang.morph b/strata/erlang.morph index d31e78cd..e9e61bea 100644 --- a/strata/erlang.morph +++ b/strata/erlang.morph @@ -2,7 +2,7 @@ name: erlang kind: stratum description: stratum for erlang/otp and stuff build-depends: -- morph: strata/tools.morph +- morph: strata/core.morph chunks: - name: erlang morph: strata/erlang/erlang.morph @@ -16,11 +16,3 @@ chunks: unpretrify-ref: master build-depends: - erlang -- name: erlang-sd_notify - morph: strata/erlang/erlang-sd_notify.morph - repo: upstream:erlang-modules/erlang-sd_notify - ref: 99f4689c2c18570680329f822591f95f9341ca10 - unpretrify-ref: master - build-depends: - - erlang - - rebar diff --git a/strata/foundation/fuse.morph b/strata/foundation/fuse.morph index 6f7fc170..5d431307 100644 --- a/strata/foundation/fuse.morph +++ b/strata/foundation/fuse.morph @@ -1,6 +1,5 @@ name: fuse kind: chunk build-system: autotools -configure-commands: +pre-configure-commands: - ./makeconf.sh -- ./configure --prefix="$PREFIX" diff --git a/strata/java.morph b/strata/java.morph new file mode 100644 index 00000000..f10bb8a1 --- /dev/null +++ b/strata/java.morph @@ -0,0 +1,22 @@ +name: java +kind: stratum +description: | + This stratum contains everything necessary to compile and run Java applications + and build OpenJDK from source. +build-depends: +- morph: strata/core.morph +- morph: strata/x-common.morph +- morph: strata/graphics-common.morph +chunks: +- name: java-binary + morph: strata/java/java-binary.morph + repo: github:jmacarthur/openjdk-binary + ref: 6f53762e2632c4b9f9afdfa6995a2c696bb9fd43 + unpetrify-ref: master +- name: java-ant + morph: strata/java/java-ant.morph + repo: upstream:java/ant + ref: b3509fc3250b0f868076c846d29da80cbdc20681 + unpetrify-ref: ANT_194 + build-depends: + - java-binary diff --git a/strata/zookeeper/java-ant.morph b/strata/java/java-ant.morph index 37d402b0..172483ab 100644 --- a/strata/zookeeper/java-ant.morph +++ b/strata/java/java-ant.morph @@ -2,7 +2,7 @@ name: ant kind: chunk build-commands: - | - export JAVA_HOME=/usr/lib/jdk1.8.0_20 + export JAVA_HOME=/usr/lib/java-8-openjdk sh build.sh -Ddist.dir="$DESTDIR/usr/lib/ant" dist - mkdir -p "${DESTDIR}${PREFIX}/bin" - ln -sf "${PREFIX}/lib/ant/bin/ant" "${DESTDIR}${PREFIX}/bin/ant" diff --git a/strata/java/java-binary.morph b/strata/java/java-binary.morph new file mode 100644 index 00000000..c75f39b7 --- /dev/null +++ b/strata/java/java-binary.morph @@ -0,0 +1,16 @@ +name: java-binary +description: | + This is a temporary solution to the OpenJDK build problem. In the future + we expect to be able to build fully from scratch using IcedTea, but for now + we need an existing OpenJDK binary to build OpenJDK. +kind: chunk +configure-commands: [] +build-commands: +- cat j2sdk-image-jdk8build.tar.gz_* > jdk-8u20-linux-x64.tar.gz +install-commands: +- mkdir -p "$DESTDIR$PREFIX"/bin +- mkdir -p "$DESTDIR$PREFIX"/lib +- tar zxf jdk-8u20-linux-x64.tar.gz -C "$DESTDIR$PREFIX"/lib --no-same-owner +- ln -sfn "$PREFIX"/lib/j2sdk-image "$DESTDIR$PREFIX"/lib/java-8-openjdk +- ln -sfn "$PREFIX"/lib/j2sdk-image/jre/bin/java "$DESTDIR$PREFIX"/bin/ +- ln -sfn "$PREFIX"/lib/j2sdk-image/jre/bin/javac "$DESTDIR$PREFIX"/bin/ diff --git a/strata/morph-utils.morph b/strata/morph-utils.morph index acc8fad9..58ca0db7 100644 --- a/strata/morph-utils.morph +++ b/strata/morph-utils.morph @@ -36,7 +36,7 @@ chunks: unpetrify-ref: master - name: morph repo: baserock:baserock/morph - ref: 1da8ee6f66718de5d5dd413e188425ee4bdcfb47 + ref: 2579391b05758940652a8ac5207d0137720affd1 unpetrify-ref: master build-depends: - cmdtest diff --git a/strata/networking-utils.morph b/strata/networking-utils.morph index 951e2d29..445df46d 100644 --- a/strata/networking-utils.morph +++ b/strata/networking-utils.morph @@ -9,6 +9,11 @@ description: | build-depends: - morph: strata/foundation.morph chunks: +- name: ebtables + morph: strata/networking-utils/ebtables.morph + repo: upstream:ebtables + ref: f4bdc80ae8c1a79b4ab5dcb8431ad85aea618d66 + unpetrify-ref: master - name: iproute2 morph: strata/networking-utils/iproute2.morph repo: upstream:iproute2 @@ -43,10 +48,57 @@ chunks: ref: 05df365769597e1d64d02af931d6127762ff2658 unpetrify-ref: libnet-1.2 - name: arping - morph: strata/networking-utils/arping.morph - repo: upstream:arping - ref: a416764b03f4d5960b61372e27d84606899bfe2c - unpetrify-ref: arping-2.15 + morph: strata/networking-utils/iputils.morph + repo: upstream:iputils + ref: d25e54e25107bc7c5d14737ed65f5f52b54f1472 + unpetrify-ref: s20140519 build-depends: - libpcap - libnet +- name: libnfnetlink + morph: strata/networking-utils/libnfnetlink.morph + repo: upstream:libnfnetlink + ref: 1166116e34af868bc814aea338c246e49a7a8748 + unpetrify-ref: libnfnetlink-1.0.1 +- name: libnetfilter_conntrack + morph: strata/networking-utils/libnetfilter_conntrack.morph + repo: upstream:libnetfilter_conntrack + ref: 5ad6ecff6edffd925022372323e42264f61e850d + unpetrify-ref: libnetfilter_conntrack-1.0.4 + build-depends: + - libnfnetlink + - libmnl +- name: libnetfilter_cthelper + morph: strata/networking-utils/libnetfilter_cthelper.morph + repo: upstream:libnetfilter_cthelper + ref: b8df12f352db62d26e5116e960d24774d5c9f3b7 + unpetrify-ref: libnetfilter_cthelper-1.0.0 + build-depends: + - libmnl +- name: libnetfilter_cttimeout + morph: strata/networking-utils/libnetfilter_cttimeout.morph + repo: upstream:libnetfilter_cttimeout + ref: 329652bef21c831dae1a9a79084b999d40b4eb5b + unpetrify-ref: libnetfilter_cttimeout-1.0.0 + build-depends: + - libmnl +- name: libnetfilter_queue + morph: strata/networking-utils/libnetfilter_queue.morph + repo: upstream:libnetfilter_queue + ref: f5d092dd3145d427c7c2ed668e3ac899875c9612 + unpetrify-ref: libnetfilter_queue-1.0.2 + build-depends: + - libnfnetlink + - libmnl +- name: conntrack-tools + morph: strata/networking-utils/conntrack-tools.morph + repo: upstream:conntrack-tools + ref: fbe3181be4f2e33509b1c20b95fd55eb3e7075d7 + unpetrify-ref: conntrack-tools-1.4.2 + build-depends: + - libnfnetlink + - libmnl + - libnetfilter_conntrack + - libnetfilter_cttimeout + - libnetfilter_cthelper + - libnetfilter_queue diff --git a/strata/networking-utils/conntrack-tools.morph b/strata/networking-utils/conntrack-tools.morph new file mode 100644 index 00000000..e0ef7234 --- /dev/null +++ b/strata/networking-utils/conntrack-tools.morph @@ -0,0 +1,4 @@ +name: conntrack-tools +kind: chunk +build-system: autotools +max-jobs: 1 diff --git a/strata/virtualization/ebtables.morph b/strata/networking-utils/ebtables.morph index a4d9fc76..a4d9fc76 100644 --- a/strata/virtualization/ebtables.morph +++ b/strata/networking-utils/ebtables.morph diff --git a/strata/networking-utils/iputils.morph b/strata/networking-utils/iputils.morph new file mode 100644 index 00000000..c9736cc8 --- /dev/null +++ b/strata/networking-utils/iputils.morph @@ -0,0 +1,24 @@ +name: iputils +kind: chunk +build-system: manual +pre-configure-commands: +# gnutls is not currently integrated in definitions so, disabling this +# is required in order to build ping6. If this is not disabled, it will try +# to find gnutls/openssl.h header failing to compile ping6. +- sed -i "s/USE_GNUTLS=yes/USE_GNUTLS=no/" Makefile +build-commands: +- make +- make ninfod +install-commands: +- install -D -m 755 clockdiff "$DESTDIR$PREFIX"/bin/clockdiff +- install -D -m 755 rdisc "$DESTDIR$PREFIX"/bin/rdisc +- install -D -m 755 tracepath "$DESTDIR$PREFIX"/bin/tracepath +- install -D -m 755 tracepath6 "$DESTDIR$PREFIX"/bin/tracepath6 +- install -D -m 755 ninfod/ninfod "$DESTDIR$PREFIX"/bin/ninfod +- install -D -m 755 rarpd "$DESTDIR$PREFIX"/bin/rarpd +# The following binaries are installed to overwrite busybox binaries. +- install -D -m 755 traceroute6 "$DESTDIR$PREFIX"/bin/traceroute6 +- install -D -m 755 arping "$DESTDIR$PREFIX"/sbin/arping +- install -D -m 755 tftpd "$DESTDIR$PREFIX"/sbin/tftpd +- install -D -m 755 ping "$DESTDIR"/bin/ping +- install -D -m 755 ping6 "$DESTDIR"/bin/ping6 diff --git a/strata/networking-utils/libnetfilter_conntrack.morph b/strata/networking-utils/libnetfilter_conntrack.morph new file mode 100644 index 00000000..ef6ebb48 --- /dev/null +++ b/strata/networking-utils/libnetfilter_conntrack.morph @@ -0,0 +1,3 @@ +name: libnetfilter_conntrack +kind: chunk +build-system: autotools diff --git a/strata/networking-utils/libnetfilter_cthelper.morph b/strata/networking-utils/libnetfilter_cthelper.morph new file mode 100644 index 00000000..7f410a4a --- /dev/null +++ b/strata/networking-utils/libnetfilter_cthelper.morph @@ -0,0 +1,3 @@ +name: libnetfilter_cthelper +kind: chunk +build-system: autotools diff --git a/strata/networking-utils/libnetfilter_cttimeout.morph b/strata/networking-utils/libnetfilter_cttimeout.morph new file mode 100644 index 00000000..b2281a5b --- /dev/null +++ b/strata/networking-utils/libnetfilter_cttimeout.morph @@ -0,0 +1,3 @@ +name: libnetfilter_cttimeout +kind: chunk +build-system: autotools diff --git a/strata/networking-utils/libnetfilter_queue.morph b/strata/networking-utils/libnetfilter_queue.morph new file mode 100644 index 00000000..d2b80d38 --- /dev/null +++ b/strata/networking-utils/libnetfilter_queue.morph @@ -0,0 +1,3 @@ +name: libnetfilter_queue +kind: chunk +build-system: autotools diff --git a/strata/networking-utils/arping.morph b/strata/networking-utils/libnfnetlink.morph index d9f5bd30..f4fe79ab 100644 --- a/strata/networking-utils/arping.morph +++ b/strata/networking-utils/libnfnetlink.morph @@ -1,3 +1,3 @@ -name: arping +name: libnfnetlink kind: chunk build-system: autotools diff --git a/strata/ntpd/ntpd.morph b/strata/ntpd/ntpd.morph index 49316c14..b13f4312 100644 --- a/strata/ntpd/ntpd.morph +++ b/strata/ntpd/ntpd.morph @@ -13,7 +13,7 @@ post-install-commands: [Service] Type=forking - ExecStart=/usr/bin/ntpd -u ntp:ntp + ExecStart=/usr/bin/ntpd -u ntp:ntp -Ng PrivateTmp=True Restart=on-failure @@ -40,8 +40,8 @@ post-install-commands: # matching hosts # # see ntp.conf(5) for more details - restrict -4 default kod notrap nomodify - restrict -6 default kod notrap nomodify + restrict -4 default limit kod notrap nomodify + restrict -6 default limit kod notrap nomodify EOF - install -D -m 644 ntp.conf "$DESTDIR"/etc/ntp.conf system-integration: diff --git a/strata/openstack-clients.morph b/strata/openstack-clients.morph index 32e0f356..da177fce 100644 --- a/strata/openstack-clients.morph +++ b/strata/openstack-clients.morph @@ -10,19 +10,19 @@ chunks: unpetrify-ref: 1.1.0 - name: python-keystoneclient repo: upstream:openstack/python-keystoneclient - ref: 79d1eec35aad874a7c08ff22c39260884a5524ba - unpetrify-ref: 0.11.1 + ref: 8fa6b6f0b5e95493342ce71489d04f73db2418b8 + unpetrify-ref: 1.3.1 - name: python-glanceclient repo: upstream:openstack/python-glanceclient - ref: 8a877b2752162d6a2db43d7d61d6311c4f42285b - unpetrify-ref: 0.14.1 + ref: b176c28bbdae3eb5b3280c1981ad2b3b255e234e + unpetrify-ref: 0.17.1 build-depends: - python-keystoneclient - warlock - name: python-novaclient repo: upstream:openstack/python-novaclient - ref: 5ecfdac6b34769e200ff5c4c7429c20518c5b24f - unpetrify-ref: 2.20.0 + ref: e0f5072907a00d48a183dd8fc91a6cf6038ca279 + unpetrify-ref: 2.23.0 build-depends: - python-keystoneclient - name: python-swiftclient @@ -45,35 +45,35 @@ chunks: ref: 8062c76ab3958a570052124f17e71f3dd3ec2257 unpetrify-ref: pyparsing_2.0.3 - name: cmd2 - repo: upstream:python-packages/cmd2.git - ref: 07b4dc3d6991cbdc420c246e807371c97a467d1a - unpetrify-ref: master + repo: upstream:python-packages/cmd2-hg + ref: c0d606bdeb88717ad92ba198bc9232615b83c4cd + unpetrify-ref: 0.6.7 build-depends: - pyparsing - name: cliff repo: upstream:openstack/cliff - ref: 42675b2d7ad93f4bba9c4216874c68b8e5834147 - unpetrify-ref: 1.7.0 + ref: b703ad32743026d253f872caa1ff2cd727803d14 + unpetrify-ref: 1.10.1 build-depends: - cmd2 - pyparsing - name: python-neutronclient repo: upstream:openstack/python-neutronclient - ref: fa5642f1550bc8f818c1686c40edbaf3672d356a - unpetrify-ref: 2.3.9 + ref: aa1215a5ad063b299d32ef319eb63d5210249a9b + unpetrify-ref: 2.4.0 build-depends: - cliff - python-keystoneclient - name: python-ceilometerclient repo: upstream:openstack/python-ceilometerclient - ref: 7316dd16b8850270db27c1298dcf5a2223f2f1e1 - unpetrify-ref: 1.0.12 + ref: 127aadfd2b2daf9884ad7003e23440048e2efbd8 + unpetrify-ref: 1.0.14 build-depends: - python-keystoneclient - name: python-heatclient repo: upstream:openstack/python-heatclient - ref: 6089d31e302d80910cc15132f99a1bf358bbb64f - unpetrify-ref: 0.2.12 + ref: 6d528f005742263837d05250662bf6214a703da8 + unpetrify-ref: 0.4.0 build-depends: - python-keystoneclient - name: python-designateclient @@ -84,16 +84,16 @@ chunks: - cliff - python-keystoneclient - name: python-barbicanclient - repo: upstream:openstack/python-barbicanclient.git - ref: ac30643631b6bc1c40116061f8eb280a7881e422 - unpetrify-ref: 2.2.1 + repo: upstream:openstack/python-barbicanclient + ref: 2919366867af335d59913764a55ca8e95569947d + unpetrify-ref: 3.0.3 build-depends: - python-keystoneclient - cliff - name: python-saharaclient repo: upstream:openstack/python-saharaclient - ref: eadb40ccb62566f02cb93ec03aa232e48835dec3 - unpetrify-ref: 0.7.6 + ref: 319ceb6acf55382218dcd971367613aecb3e4afc + unpetrify-ref: 0.8.0 build-depends: - python-keystoneclient - name: python-ironicclient diff --git a/strata/openstack-common.morph b/strata/openstack-common.morph index 78c04ba6..86c80107 100644 --- a/strata/openstack-common.morph +++ b/strata/openstack-common.morph @@ -14,7 +14,7 @@ chunks: - name: cffi repo: upstream:python-packages/cffi ref: fc53b53095d61a1ec5814c09c3bf2c7e18627fb5 - unpretrify-ref: master + unpetrify-ref: master build-depends: - pycparser - name: pytz @@ -22,9 +22,13 @@ chunks: ref: c414cb801776e11c769fb36c0d37b8d7a7c8712c unpetrify-ref: pytz-2014.10 - name: babel + morph: strata/openstack-common/babel.morph repo: upstream:babel - ref: 246996b0ee51e49ebcd504e234d3bcdcb178996c - unpetrify-ref: master +# Babel requires core-23.1.zip to be present when compiles +# from source, the following branch and commit add this file +# to the repository. + ref: 603e77ae0e43b6ecdb3f3a8ea7988f7e7c83e867 + unpetrify-ref: baserock/1.3-50-g246996b build-depends: - pytz - name: enum34 @@ -52,13 +56,13 @@ chunks: ref: bbb31ed50a5338a7d1c0011fc4429d09954f9f0b unpetrify-ref: release-0.7.12 - name: stevedore - ref: 860bd8f8ecba38fdfda5b41a3a1dbe854d6528e2 - unpetrify-ref: 1.0.0.0a2 repo: upstream:openstack/stevedore + ref: 218e95d5f09563bd14c50ee0441855f3389af7e7 + unpetrify-ref: 1.3.0 - name: oslo-config repo: upstream:openstack/oslo-config - ref: 059579ac2189b94bc9e9555b2e9acfb31a83ef53 - unpetrify-ref: 1.4.0.0a5 + ref: 3c51838cdffe7a5057ff4823a8ab523bfacc3164 + unpetrify-ref: 1.9.3 build-depends: - netaddr - stevedore @@ -68,26 +72,32 @@ chunks: unpetrify-ref: 0.14 - name: oslo-i18n repo: upstream:openstack/oslo-i18n - ref: 040f1d6afa733527385d2309e485bf37e9843b0e - unpetrify-ref: 0.4.0 + ref: b0faab7b3d3ea3b14053ab92dd6086956f643e15 + unpetrify-ref: 1.5.0 build-depends: - babel +- name: netifaces + repo: upstream:python-packages/netifaces + ref: 885b200ba717df87f6e8044ec8c66c677c949bcb + unpetrify-ref: release_0_10_4 - name: oslo-utils repo: upstream:openstack/oslo-utils - ref: 6a123fce93895e92004ce9d5bd8dee3c3642cf41 - unpetrify-ref: 0.3.0 + ref: 91dc782c2f11fb76425effd7a331d63111adf1ce + unpetrify-ref: 1.4.0 build-depends: - babel - pyiso8601 - oslo-i18n + - netifaces + - netaddr - name: futures repo: upstream:python-packages/futures ref: 4f7ceedb8a7742e52b0436a4160c7c44665a2597 unpetrify-ref: 2.2.0 - name: oslo-serialization repo: upstream:openstack/oslo-serialization.git - ref: 80fec894a54253d9b4c80dd8a563957966ca0b88 - unpetrify-ref: 0.3.0 + ref: 7bfd5dece0f22dbdea1c3e524dbc0eca1f70f1b7 + unpetrify-ref: 1.4.0 - name: jsonschema repo: upstream:jsonschema ref: 35b60f390098d3306c03eee27ceec8cf8a493579 @@ -101,8 +111,8 @@ chunks: unpetrify-ref: 0.4.5 repo: upstream:python-packages/greenlet - name: eventlet - ref: 8d2474197de4827a7bca9c33e71a82573b6fc721 - unpetrify-ref: v0.15.2 + ref: bc0a59f8efdb6d436dd41bcf1b2194b8967bfe7f + unpetrify-ref: v0.17.3 repo: upstream:python-packages/eventlet build-depends: - greenlet diff --git a/strata/openstack-common/babel.morph b/strata/openstack-common/babel.morph new file mode 100644 index 00000000..b9dc475c --- /dev/null +++ b/strata/openstack-common/babel.morph @@ -0,0 +1,8 @@ +name: babel +kind: chunk +build-system: python-distutils +# NOTE: remember that Babel requires core-23.1.zip to be +# present when compiles from source see baserock/1.3.50-g246996b +# branch in babel repository in gbo for more information. +pre-build-commands: +- python setup.py import_cldr diff --git a/strata/openstack-services.morph b/strata/openstack-services.morph index 081b97f3..6189527f 100644 --- a/strata/openstack-services.morph +++ b/strata/openstack-services.morph @@ -9,6 +9,11 @@ build-depends: - morph: strata/test-tools.morph - morph: strata/python-tools.morph chunks: +- name: erlang-sd_notify + morph: strata/openstack-services/erlang-sd_notify.morph + repo: upstream:erlang-modules/erlang-sd_notify + ref: 99f4689c2c18570680329f822591f95f9341ca10 + unpretrify-ref: 0.1 - name: rabbitmq-codegen morph: strata/openstack-services/rabbitmq-codegen.morph ref: 4dc5ccde2a0b3d638e5754b00abf94196fe9ca32 @@ -23,8 +28,8 @@ chunks: - rabbitmq-codegen - name: oslo-rootwrap repo: upstream:openstack/oslo-rootwrap - ref: 62d732277de5cf663172eafe6d3a6c149a9cf814 - unpetrify-ref: master + ref: f485b93f475b119e3b8fa6c9cf740207e2d2d7ac + unpetrify-ref: 1.6.0 - name: py-amqp repo: upstream:python-packages/py-amqp ref: 875b10d1715def640042c7ff2f42c00a6c07eed1 @@ -42,8 +47,8 @@ chunks: unpetrify-ref: 0.3.3 - name: kombu repo: upstream:python-packages/kombu - ref: 6e68e54b3a846faa6f8b7e14a4a7ca51d1967bc2 - unpetrify-ref: v3.0.23 + ref: 0287b11ab0698d9c52ef1b1683ced23123d43ba4 + unpetrify-ref: v3.0.26 build-depends: - anyjson - py-amqp @@ -54,8 +59,8 @@ chunks: unpetrify-ref: rel_0_9_8 - name: alembic repo: upstream:python-packages/alembic - ref: 5f952f25caa688d89204d134ee867de7dbad917c - unpetrify-ref: rel_0_7_1 + ref: 6ae4196acc0170ebef29f617b49376b371a8923c + unpetrify-ref: rel_0_7_6 build-depends: - sqlalchemy - name: lockfile @@ -186,13 +191,13 @@ chunks: build-depends: - numpy - name: httplib2 - ref: 058a1f9448d5c27c23772796f83a596caf9188e6 - unpetrify-ref: v0.9 repo: upstream:python-packages/httplib2 + ref: f9f797223d075874b0031aea832152688ec23fef + unpetrify-ref: v0.9.1 - name: suds repo: upstream:python-packages/suds - ref: badd30a87f676d632d7386b05401e6029a5df83c - unpetrify-ref: release-0.3.2 + ref: e7a317f1a20a4d3c86ac85785bb32d24c3d1078f + unpetrify-ref: baserock/release-0.4 - name: jsonrpclib repo: upstream:python-packages/jsonrpclib ref: 53c8ffcfe4dd1718086cc551dce8ac459e8abc67 @@ -270,33 +275,73 @@ chunks: repo: upstream:python-packages/retrying ref: cab083eb5791615fadbc0c98ad77a70d64b77d0d unpetrify-ref: v1.3.1 +- name: oslo-context + repo: upstream:openstack/oslo-context + ref: 1c4757a9fb41e47867bd9b8d390057ad7636b76f + unpetrify-ref: 0.2.0 +- name: oslo-middleware + repo: upstream:openstack/oslo-middleware + ref: bff184a2b5b1a0d3d22508a7544075378aca9e13 + unpetrify-ref: 1.2.0 + build-depends: + - oslo-context - name: oslo-messaging repo: upstream:openstack/oslo-messaging - ref: 6ea3b12492e86f9e8d109fc3490cc4d3a0edd8b6 - unpetrify-ref: 1.4.0.0a5 + ref: 562c41bb78f578ff9c27633c04ac6dd914c55f5a + unpetrify-ref: 1.8.2 build-depends: - kombu +- name: ordereddict + repo: upstream:python-packages/ordereddict-tarball + ref: 332cd0213829089dd827a32e7c5e64c41ce79cbc + unpetrify-ref: ordereddict-1.1 +- name: trollius + repo: upstream:python-packages/trollius + ref: fe6f8d61b1257bc01cdf4f789aaf4a8ec3d6f8ec + unpetrify-ref: trollius-1.0.4 + build-depends: + - ordereddict +- name: aioeventlet + repo: upstream:python-packages/aioeventlet + ref: 3cac0d7740592a380a7dadb2ddcdda000cae2bda + unpetrify-ref: 0.4 + build-depends: + - trollius +- name: urllib3 + repo: upstream:python-packages/urllib3 + ref: 8434c77d845255c4002b505c6c2d79c3b35def0d + unpetrify-ref: 1.10.4 +- name: oslo-concurrency + repo: upstream:openstack/oslo-concurrency + ref: a2473ed0a59e4553766ffcb1ee8f06cb98b14a48 + unpetrify-ref: 1.8.0 + build-depends: + - posix-ipc-tarball + - retrying - name: oslo-vmware repo: upstream:openstack/oslo-vmware - ref: 047d62c4bbd01a951f77a1a4a75fb2b3d8ce23ee - unpetrify-ref: 0.6.0 + ref: 5de2c31e9d24f40fc7d33ddb1ce407ffdc6f366c + unpetrify-ref: 0.11.1 build-depends: + - oslo-concurrency - suds + - urllib3 + - httplib2 - name: taskflow repo: upstream:openstack/taskflow - ref: 1caaecc5d6b2aa4cde4a50e31d1d993fce7a66c4 - unpetrify-ref: 0.5.0 + ref: 28bece7c7c97199b8d941b16865c3670c323589a + unpetrify-ref: 0.7.1 - name: sqlalchemy-migrate repo: upstream:python-packages/sqlalchemy-migrate - ref: 089663761cc15f8b3cdb874b6a76270ccdd0a412 - unpetrify-ref: 0.9.1 + ref: e57ee4c3a4247c634980cbeba74d04a01253967d + unpetrify-ref: 0.9.6 build-depends: - sqlalchemy - tempita - name: oauthlib repo: upstream:python-packages/oauthlib - ref: de773eefcb3c1afe54a0c12d5bf9bd214ceaf404 - unpetrify-ref: 0.6.3 + ref: fd239fca84644896b1971cf24bc6213d065adb86 + unpetrify-ref: 0.7.2 build-depends: - docutils - creole @@ -315,31 +360,54 @@ chunks: unpetrify-ref: 0.3.0 - name: pycadf repo: upstream:python-packages/pycadf - ref: 52727bcea3a98e72331e748ce5f9e3a111a64cd1 - unpetrify-ref: 0.6.0 + ref: 9501f4f74c5d800ae43edbe52680e285cf98c710 + unpetrify-ref: 0.9.0 + build-depends: + - oslo-context build-depends: - oslo-messaging - posix-ipc-tarball - name: keystonemiddleware repo: upstream:openstack/keystonemiddleware - ref: a7beb50b38be5c3dd4c44d68ad79d1bb206dab6b - unpetrify-ref: 1.2.0 + ref: 0e63b0e13d0a7919fddd7576c99bc15a45d31a9f + unpetrify-ref: 1.5.1 + build-depends: + - pycadf + - oslo-context - name: oslo-db repo: upstream:openstack/oslo-db - ref: 0bb1e236daae53a3f5b4b88761d7b19f7961ed6c - unpetrify-ref: 1.0.2 + ref: 3e6a30c396aa42ef0eccb5b3625af728d8d3f437 + unpetrify-ref: 1.7.1 build-depends: - alembic - sqlalchemy - sqlalchemy-migrate - name: glance_store repo: upstream:openstack/glance_store.git - ref: 54f673d4133c1244e2555e7ceb3344c104a74154 - unpetrify-ref: 0.1.8 + ref: ea88e503b617a7ac9a0ae7e537d6517e9992a104 + unpetrify-ref: 0.4.0 + build-depends: + - ordereddict + - oslo-concurrency +- name: oslo-log + repo: upstream:openstack/oslo-log + ref: 54e3d0e705accfaa4c73a01fc2ea1480fcc0024e + unpetrify-ref: 1.0.0 + build-depends: + - oslo-context +- name: oslo-policy + repo: upstream:openstack/oslo-policy + ref: 4c8f38cd1d088c46be314b47f6774e721813c6d9 + unpetrify-ref: 0.3.2 +- name: semantic-version + repo: upstream:python-packages/semantic-version + ref: 2174bdcae6e46f5f68f5b8ea984a695db9f41bcf + unpetrify-ref: v2.4.1 - name: glance + morph: strata/openstack-services/glance.morph repo: upstream:openstack/glance - ref: 1db07bd8c07bbcde4bd267985c4e3961c22b990e - unpetrify-ref: 2014.2.3 + ref: 93b0d5fce3a41e4a3a549f98f78b6681cbc3ea95 + unpetrify-ref: 2015.1.0 build-depends: - sqlalchemy - anyjson @@ -350,20 +418,33 @@ chunks: - keystonemiddleware - wsme - oslo-vmware + - oslo-concurrency + - oslo-context + - oslo-log + - oslo-policy - paste - oslo-db - oslo-messaging - retrying - osprofiler + - ordereddict - glance_store + - semantic-version + - taskflow + - posix-ipc-tarball - name: sqlparse repo: upstream:python-packages/sqlparse ref: 991e7348075accae6d08025212251af21e92e664 unpetrify-ref: 0.1.13 +- name: pysaml2 + repo: upstream:python-packages/pysaml2.git + ref: 13ff5e8899300c9b359fa1bdfdb3d412be0d7356 + unpetrify-ref: 2.4.0 - name: keystone + morph: strata/openstack-services/keystone.morph repo: upstream:openstack/keystone - ref: 91a33875385ca296d24f67d4ef9629a2b33bed99 - unpetrify-ref: 2014.2.3 + ref: 5d3b31f9c3d34599ff8a83eeb7530fc6e0b1b67b + unpetrify-ref: 2015.1.0 build-depends: - paste - routes @@ -371,30 +452,38 @@ chunks: - sqlalchemy-migrate - passlib - keystonemiddleware + - oslo-concurrency - oslo-messaging - oslo-db + - oslo-log + - oslo-middleware + - oslo-policy - oauthlib - dogpile-cache - pycadf - posix-ipc-tarball - - sqlparse + - pysaml2 - name: neutron morph: strata/openstack-services/neutron.morph repo: upstream:openstack/neutron - ref: 96b5962646510ee67b322aa82242e02e3edfaa83 - unpetrify-ref: 2014.2.3 + ref: 7260e0e3fc2ea479e80e0962624aca7fd38a1f60 + unpetrify-ref: 2015.1.0 build-depends: - paste - routes - - anyjson - httplib2 - jsonrpclib - keystonemiddleware - sqlalchemy - alembic + - retrying - oslo-db - oslo-messaging - oslo-rootwrap + - oslo-concurrency + - oslo-context + - oslo-log + - oslo-middleware - name: wsgiref repo: upstream:python-packages/wsgiref.git ref: e8360785eef259394e13b2062407edc3c2cbc1e0 @@ -430,120 +519,149 @@ chunks: - name: nova morph: strata/openstack-services/nova.morph repo: upstream:openstack/nova - ref: e6452b995023e89bf6f1a1fb14f39216f83c760b - unpetrify-ref: 2014.2.3 + ref: 8397b6464af520903f546ce4c6d51a2eb5b4c8a8 + unpetrify-ref: 2015.1.0 build-depends: - sqlalchemy - - anyjson - keystonemiddleware - - kombu - routes - paste - sqlalchemy-migrate - - suds - - posix-ipc-tarball - websockify - - wsgiref - oslo-db - oslo-rootwrap - - pycadf - oslo-messaging - - lockfile - rfc3986 - - oslo-vmware + - oslo-concurrency + - oslo-context + - oslo-log + - oslo-messaging - name: cinder morph: strata/openstack-services/cinder.morph repo: upstream:openstack/cinder - ref: 48c792513fd342a5f82122b12e4ed2afd0de2ae7 - unpetrify-ref: 2014.2.3 + ref: 5987bb2290f629e59b0bcced2f8fe22cdeb9cc6d + unpetrify-ref: 2015.1.0 build-depends: - anyjson - keystonemiddleware - kombu + - oslo-concurrency + - oslo-context - oslo-db + - oslo-log - oslo-messaging + - oslo-middleware - oslo-rootwrap - osprofiler - paste + - retrying - routes - taskflow - rtslib-fb - sqlalchemy - sqlalchemy-migrate - suds - - wsgiref + - oslo-vmware - name: pymemcache - repo: upstream:python-packages/pymemcache.git - ref: 3824d3b0bcdea3e8d0c08598bedfce10fd3c79e0 - unpetrify-ref: master + repo: upstream:python-packages/pymemcache + ref: 0646937c2bfebdb557ec2c01f0e42a9af79ad49d + unpetrify-ref: v1.2.9 - name: sysv_ipc-tarball repo: upstream:python-packages/sysv-ipc-tarball.git ref: a77e3a63f004e6ee789fa05e4a5bbc333b1529f1 unpetrify-ref: sysv_ipc-0.6.8 +- name: redis-py + repo: upstream:python-packages/redis-py + ref: 4d0b0afe9c9a431ed50c3e9fb95a0aa88b1f1038 + unpetrify-ref: 2.10.3 - name: tooz - repo: upstream:python-packages/tooz.git - ref: a90940a506b7c1bf52ef7d2f2ff52204fdcc6221 - unpetrify-ref: 0.7 + repo: upstream:python-packages/tooz + ref: 8086661f404e61c22f0dd1d07b57a864862a0869 + unpetrify-ref: 0.13.2 build-depends: - pymemcache - - sysv_ipc-tarball - msgpack-python - retrying + - redis-py +- name: kafka-python + repo: upstream:python-packages/kafka-python + ref: 8675c3e3e620df5ba9fd7e570c554b773429bd78 + unpetrify-ref: v0.9.3 +- name: werkzeug + repo: upstream:python-packages/werkzeug + ref: 96e49709d627a7766077cff4c98ebf3cad868ceb + unpetrify-ref: v0.10.4 +- name: requests-aws + repo: upstream:python-packages/python-requests-aws + ref: 48fe401c78eb1b1048cd20e2d26015585a7986cb + unpetrify-ref: master - name: ceilometer repo: upstream:openstack/ceilometer morph: strata/openstack-services/ceilometer.morph - ref: 720c2b4915caf5decd3da91ea2d6e6291316b940 - unpetrify-ref: 2014.2.3 + ref: b0447ed8e7bee371bf7095c86e47d717abe89edc + unpetrify-ref: 2014.1.0 build-depends: + - retrying - alembic - - anyjson - croniter - - happybase - jsonpath-rw + - kafka-python - keystonemiddleware - - lockfile - msgpack-python + - oslo-context - oslo-db + - oslo-concurrency + - oslo-policy - oslo-rootwrap - - oslo-vmware - pecan - posix-ipc-tarball - oslo-messaging + - oslo-middleware - pysnmp - sqlalchemy - sqlalchemy-migrate - tooz + - werkzeug - wsme + - requests-aws - name: django-openstack-auth repo: upstream:openstack/django_openstack_auth - ref: e676c88a329af57d6c4f13df54f6e1e06c1f8360 - unpetrify-ref: 1.1.8 + ref: 0e1f7b78277850634992a594132921efb83256e0 + unpetrify-ref: 1.2.0 +- name: pint + repo: upstream:python-packages/pint + ref: e7e7de5ca2e1c19963be8a918369fb19186f9a73 + unpetrify-ref: 0.6 - name: horizon morph: strata/openstack-services/horizon.morph repo: upstream:openstack/horizon - ref: b37c1f3565e89a7fe3fef5ce76e9c26b22e3e7c4 - unpetrify-ref: 2014.2.3 + ref: b99cf48ff346494198fb9740495eacc14fa406bf + unpetrify-ref: 2015.1.0 build-depends: + - pint - django-openstack-auth - - lockfile + - kombu + - oslo-concurrency - name: novnc morph: strata/openstack-services/novnc.morph repo: upstream:novnc ref: 97be997f62d59c028fc45323b00e3b93fafe4eb4 unpetrify-ref: baserock/v0.5.1 -- name: oauth - repo: upstream:python-packages/oauthlib - ref: fd239fca84644896b1971cf24bc6213d065adb86 - unpetrify-ref: 0.072 - name: pyserial repo: upstream:python-packages/pyserial ref: bcfc1ec2fdb9a8c9c867481d7673e85fe512e667 unpetrify-ref: release2_7 +- name: tempest-lib + repo: upstream:openstack/tempest-lib + ref: c307ffc525d896e2071319c8067aec805804f92b + unpetrify-ref: 0.5.0 - name: tempest morph: strata/openstack-services/tempest.morph - repo: upstream:openstack/tempest.git - ref: acba5510785258949679304f3e1a55e53b851962 - unpetrify-ref: "2" + repo: upstream:openstack/tempest + ref: 26149b612d01ad605e4d0f41a2d67280c8088cda + unpetrify-ref: "4" + build-depends: + - tempest-lib - name: tftp-hpa morph: strata/openstack-services/tftp-hpa.morph repo: upstream:tftp-hpa @@ -554,7 +672,7 @@ chunks: repo: upstream:python-packages/singledispatch ref: 92175ba65602a03086d2b1f770f45d88af93fc3e unpetrify-ref: 3.4.0.3 -- name: pysinglefile +- name: pysendfile morph: strata/openstack-services/pysendfile.morph repo: upstream:python-packages/pysendfile ref: 6775b2938ef74255239c8e08458369921297b311 @@ -562,5 +680,22 @@ chunks: - name: ironic morph: strata/openstack-services/ironic.morph repo: upstream:openstack/ironic - ref: 0f4d454bf2093d3d62460f88aa9288bee3286b38 - unpetrify-ref: stable/juno + ref: dee609cb7976e9b3cc07c3d342a271c4a347f69f + unpetrify-ref: 2015.1.0 + build-depends: + - sqlalchemy + - alembic + - sqlalchemy-migrate + - pysendfile + - websockify + - oslo-concurrency + - oslo-context + - oslo-db + - oslo-rootwrap + - oslo-policy + - pecan + - wsme + - keystonemiddleware + - oslo-messaging + - retrying + - posix-ipc-tarball diff --git a/strata/openstack-services/cinder.morph b/strata/openstack-services/cinder.morph index cd680b09..a0fc879f 100644 --- a/strata/openstack-services/cinder.morph +++ b/strata/openstack-services/cinder.morph @@ -2,7 +2,10 @@ name: cinder kind: chunk build-system: python-distutils post-install-commands: -# Install rootwrap.conf +# Install some default configuration files +- install -D -m 644 etc/cinder/logging_sample.conf "$DESTDIR"/etc/cinder/logging.conf +- install -D -m 644 etc/cinder/api-paste.ini "$DESTDIR"/etc/cinder/api-paste.ini +- install -D -m 644 etc/cinder/policy.json "$DESTDIR"/etc/cinder/policy.json - install -D -m 640 etc/cinder/rootwrap.conf "$DESTDIR"/etc/cinder/rootwrap.conf # Move rootwrap files to a proper location - mkdir -p "$DESTDIR"/etc/cinder/rootwrap.d diff --git a/strata/erlang/erlang-sd_notify.morph b/strata/openstack-services/erlang-sd_notify.morph index dd3f66ca..dd3f66ca 100644 --- a/strata/erlang/erlang-sd_notify.morph +++ b/strata/openstack-services/erlang-sd_notify.morph diff --git a/strata/openstack-services/glance.morph b/strata/openstack-services/glance.morph new file mode 100644 index 00000000..3f81a505 --- /dev/null +++ b/strata/openstack-services/glance.morph @@ -0,0 +1,29 @@ +name: glance +kind: chunk +build-system: python-distutils +post-install-commands: +# Install some default configuration files +- mkdir -p "$DESTDIR"/etc/glance +- install -m 644 etc/glance-api-paste.ini "$DESTDIR"/etc/glance/ +- install -m 644 etc/glance-registry-paste.ini "$DESTDIR"/etc/glance/ +- install -m 644 etc/glance-search-paste.ini "$DESTDIR"/etc/glance/ +- install -m 644 etc/policy.json "$DESTDIR"/etc/glance/ +- install -m 644 etc/schema-image.json "$DESTDIR"/etc/glance/ +- install -m 644 etc/search-policy.json "$DESTDIR"/etc/glance/ +# Install predefined namespaces for Glance Metadata Definitions +# Catalog (see more info in its README) +- cp -r etc/metadefs "$DESTDIR"/etc/glance/ +# Install conf files which are not modified by +- install -m 644 etc/glance-scrubber.conf "$DESTDIR"/etc/glance/ +- install -m 644 etc/glance-cache.conf "$DESTDIR"/etc/glance/ +- install -m 644 etc/glance-search.conf "$DESTDIR"/etc/glance/ +- | + install -m 644 etc/glance-swift.conf.sample \ + "$DESTDIR"/etc/glance/glance-swift.conf +- install -m 644 etc/glance-manage.conf "$DESTDIR"/etc/glance/ +- | + install -m 644 etc/property-protections-policies.conf.sample \ + "$DESTDIR"/etc/glance/property-protections-policies.conf +- | + install -m 644 etc/property-protections-roles.conf.sample \ + "$DESTDIR"/etc/glance/property-protections-roles.conf diff --git a/strata/openstack-services/horizon.morph b/strata/openstack-services/horizon.morph index ae6399b1..74930a1e 100644 --- a/strata/openstack-services/horizon.morph +++ b/strata/openstack-services/horizon.morph @@ -4,16 +4,12 @@ configure-commands: # Remove unnecessary .mo files they will be generated # later during package build. - find . -name "django*.mo" -exec rm -f '{}' \; -# Set COMPRESS_OFFLINE=True -- | - sed -i 's:COMPRESS_OFFLINE.=.False:COMPRESS_OFFLINE = True:' \ - openstack_dashboard/settings.py build-commands: # Compile message strings -- cd horizon && django-admin.py compilemessages && cd .. -- cd openstack_dashboard && django-admin.py compilemessages && cd .. +- cd horizon && django-admin.py compilemessages +- cd openstack_dashboard && django-admin.py compilemessages - python setup.py build -post-build-commands: + # Use the local_settings.py example to compile and compress the css, js, etc files. # This is a hack to make SECRET_KEY work. - | @@ -23,37 +19,45 @@ post-build-commands: - python manage.py collectstatic --noinput - python manage.py compress --force install-commands: -# Undo hack +# Install horizon in a temporary folder first, and then move things to the +# right place in $DESTDIR +- mkdir temproot +- python setup.py install -O1 --skip-build --prefix "$PREFIX" --root temproot +# Remove unnecessary .po files +- find temproot -name django.po -exec rm '{}' \; +- find temproot -name djangojs.po -exec rm '{}' \; + +# Move openstack_dashboard to /var/lib/horizon +- mkdir -p "$DESTDIR"/var/lib/horizon/ +- | + mv temproot/"$PREFIX"/lib/python*/site-packages/openstack_dashboard \ + "$DESTDIR"/var/lib/horizon/ +- cp manage.py "$DESTDIR"/var/lib/horizon/openstack_dashboard/ + +# Copy the rest to $DESTDIR +- cp -a temproot/* "$DESTDIR" + +# Copy local_settings to /etc/horizon/openstack_dashboard, so that they +# can be modified, and link them where openstack_dashboard is installed. +- mkdir -p "$DESTDIR"/etc/horizon/openstack_dashboard/ - | cp openstack_dashboard/local/local_settings.py.example \ - openstack_dashboard/local/local_settings.py -# Install horizon -- python setup.py install -O1 --skip-build --prefix "$PREFIX" --root "$DESTDIR" -post-install-commands: -# Remove unnecessary .po files -- find "$DESTDIR" -name django.po -exec rm '{}' \; -- find "$DESTDIR" -name djangojs.po -exec rm '{}' \; -# Link Openstack local_settings where openstack_dashboard is installed. + "$DESTDIR"/etc/horizon/openstack_dashboard/local_settings.py +# Set COMPRESS_OFFLINE=True +- | + echo "COMPRESS_OFFLINE=True" >> \ + "$DESTDIR"/etc/horizon/openstack_dashboard/local_settings.py + - mkdir -p "$DESTDIR"/var/lib/horizon/openstack_dashboard/local - | ln -sf /etc/horizon/openstack_dashboard/local_settings.py \ - "$DESTDIR$PREFIX"/lib/python2.7/site-packages/openstack_dashboard/local/local_settings.py + "$DESTDIR"/var/lib/horizon/openstack_dashboard/local/local_settings.py + # Create the static directory (STATIC_ROOT) used in local_settings.py to keep # the static objects like css files. -- mkdir -p "$DESTDIR"/var/lib/horizon/openstack_dashboard/static +- mkdir -p "$DESTDIR"/var/lib/horizon/static # Copy the compressed static files to horizon. -- cp -a openstack_dashboard/static/* "$DESTDIR"/var/lib/horizon/openstack_dashboard/static -- cp -a horizon/static/* "$DESTDIR"/var/lib/horizon/openstack_dashboard/static -- cp -a static/* "$DESTDIR"/var/lib/horizon/openstack_dashboard/static -# Work around to make django.wsgi working with horizon -# See: https://bugs.launchpad.net/osprofiler/+bug/1361235 -# and: https://git.openstack.org/cgit/openstack/tripleo-image-elements/commit/?id=41c9a1dfad23f8aee366afb6a0b20a6c57ec8f79 -- | - sed -i "s|'../..'|os.path.realpath('../..')|" \ - "$DESTDIR$PREFIX"/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi -# And link this django.wsgi file to the horizon home directory -- | - ln -sf "$PREFIX"/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi \ - "$DESTDIR"/var/lib/horizon/openstack_dashboard/django.wsgi +- cp -a static/* "$DESTDIR"/var/lib/horizon/static + # Create the horizon document root for apache configuration - mkdir -p "$DESTDIR"/var/lib/horizon/.blackhole diff --git a/strata/openstack-services/ironic.morph b/strata/openstack-services/ironic.morph index 850399b4..8003dd17 100644 --- a/strata/openstack-services/ironic.morph +++ b/strata/openstack-services/ironic.morph @@ -2,14 +2,15 @@ name: ironic kind: chunk build-system: python-distutils post-install-commands: -# Install rootwrap.conf -- install -D -m 640 etc/ironic/rootwrap.conf "$DESTDIR"/etc/ironic/rootwrap.conf -# Move rootwrap files to a proper location -- mkdir -p "$DESTDIR"/etc/ironic/rootwrap.d -- install -m 644 etc/ironic/rootwrap.d/* "$DESTDIR"/etc/ironic/rootwrap.d/ -# Add ironic to sudoers controlling which commands will run as a root -# using the openstack rootwrap. - | + mkdir -p "$DESTDIR"/etc/ironic + install -m 644 etc/ironic/policy.json "$DESTDIR"/etc/ironic + install -m 644 etc/ironic/rootwrap.conf "$DESTDIR"/etc/ironic + mkdir -p "$DESTDIR"/etc/ironic/rootwrap.d + install -m 644 etc/ironic/rootwrap.d/* "$DESTDIR"/etc/ironic/rootwrap.d/ + + # Add ironic to sudoers controlling which commands will run as a root + # using the openstack rootwrap. install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/ironic-rootwrap Defaults:ironic !requiretty diff --git a/strata/openstack-services/keystone.morph b/strata/openstack-services/keystone.morph new file mode 100644 index 00000000..836b5d47 --- /dev/null +++ b/strata/openstack-services/keystone.morph @@ -0,0 +1,9 @@ +name: keystone +kind: chunk +build-system: python-distutils +post-install-commands: +# Install some default configuration files +- mkdir -p "$DESTDIR"/etc/keystone +- install -m 644 etc/keystone-paste.ini "$DESTDIR"/etc/keystone/ +- install -m 644 etc/policy.json "$DESTDIR"/etc/keystone/ +- install -m 644 etc/logging.conf.sample "$DESTDIR"/etc/keystone/logging.conf diff --git a/strata/openstack-services/neutron.morph b/strata/openstack-services/neutron.morph index b79a089b..6e203922 100644 --- a/strata/openstack-services/neutron.morph +++ b/strata/openstack-services/neutron.morph @@ -2,14 +2,24 @@ name: neutron kind: chunk build-system: python-distutils post-install-commands: -# Move rootwrap files to a proper location -- mkdir -p "$DESTDIR"/etc/neutron -- mv "$DESTDIR$PREFIX"/etc/neutron/rootwrap.d "$DESTDIR"/etc/neutron/ -- mv "$DESTDIR$PREFIX"/etc/neutron/rootwrap.conf "$DESTDIR"/etc/neutron/ -# Add neutron to sudoers controlling which commands is running as a root -# using the openstack rootwrap. -- mkdir -p "$DESTDIR"/etc/sudoers.d - | + # Move the configuration files to a proper location + mkdir "$DESTDIR"/etc + mv "$DESTDIR/$PREFIX"/etc/neutron "$DESTDIR"/etc + + # Remove unused start/stop script + rm "$DESTDIR/$PREFIX"/etc/init.d/neutron-server + + # Remove configuration files which will be added by Ansible + rm "$DESTDIR"/etc/neutron/neutron.conf + rm "$DESTDIR"/etc/neutron/metadata_agent.ini + rm "$DESTDIR"/etc/neutron/plugins/ml2/ml2_conf.ini + rm "$DESTDIR"/etc/neutron/dhcp_agent.ini + rm "$DESTDIR"/etc/neutron/l3_agent.ini + + # Add neutron to sudoers controlling which commands is running as a + # root using the openstack rootwrap. + mkdir -p "$DESTDIR"/etc/sudoers.d install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/neutron-rootwrap Defaults:neutron !requiretty diff --git a/strata/openstack-services/nova.morph b/strata/openstack-services/nova.morph index bb6dd756..e5a87daf 100644 --- a/strata/openstack-services/nova.morph +++ b/strata/openstack-services/nova.morph @@ -2,11 +2,17 @@ name: nova kind: chunk build-system: python-distutils post-install-commands: +# Install some default configuration files +- mkdir -p "$DESTDIR"/etc/nova +- install -m 644 etc/nova/api-paste.ini "$DESTDIR"/etc/nova/ +- install -m 644 etc/nova/cells.json "$DESTDIR"/etc/nova/ +- install -m 644 etc/nova/logging_sample.conf "$DESTDIR"/etc/nova/logging.conf +- install -m 644 etc/nova/policy.json "$DESTDIR"/etc/nova/ # Install rootwrap.conf -- install -D -m 640 etc/nova/rootwrap.conf "$DESTDIR"/etc/nova/rootwrap.conf +- install -m 640 etc/nova/rootwrap.conf "$DESTDIR"/etc/nova/rootwrap.conf # Move rootwrap files to a proper location - mkdir -p "$DESTDIR"/etc/nova/rootwrap.d -- install -D -m 644 etc/nova/rootwrap.d/* "$DESTDIR"/etc/nova/rootwrap.d/ +- install -m 644 etc/nova/rootwrap.d/* "$DESTDIR"/etc/nova/rootwrap.d/ # Add nova to sudoers controlling which commands will run as a root # using the openstack rootwrap. - mkdir -p "$DESTDIR"/etc/sudoers.d diff --git a/strata/python-common.morph b/strata/python-common.morph index e724d912..d329dc4d 100644 --- a/strata/python-common.morph +++ b/strata/python-common.morph @@ -42,8 +42,8 @@ chunks: - python-json-pointer - name: python-prettytable repo: upstream:python-prettytable - ref: 7a48f1e84049577370cf28632a75d2fd01e4142d - unpetrify-ref: master + ref: bea6a50e4da00074b35b57232771cea58b89b3e0 + unpetrify-ref: 0.7.2-RELEASE - name: configobj repo: upstream:configobj-git ref: 9d2aab01c77dce600b296ba9da1163cc0bbc14e0 diff --git a/strata/swift.morph b/strata/swift.morph index 22ca8a3a..6afcc832 100644 --- a/strata/swift.morph +++ b/strata/swift.morph @@ -3,27 +3,47 @@ kind: stratum description: Distributed object storage build-depends: # openstack-common is required for simplejson, cffi, greenlet, -# eventlet, pastedeploy +# eventlet, pastedeploy, netifaces - morph: strata/openstack-common.morph chunks: - name: dnspython repo: upstream:python-packages/dnspython ref: e1369c62d14f82b80ef11197a490ace5d43bb3f3 unpetrify-ref: v1.12.0 -- name: netifaces - repo: upstream:python-packages/netifaces - ref: 885b200ba717df87f6e8044ec8c66c677c949bcb - unpetrify-ref: release_0_10_4 - name: xattr morph: strata/swift/xattr.morph repo: upstream:python-packages/xattr ref: dd10d44e3eb9a1d2303c1f7d5126c099d56e97fc unpetrify-ref: v0.7.6 +- name: liberasurecode + morph: strata/swift/liberasurecode.morph + repo: upstream:liberasurecode + ref: a380246762c16ea8eb7dbfccd50d296c3743b39e + unpetrify-ref: v1.0.7 +- name: gf-complete + morph: strata/swift/gf-complete.morph + repo: upstream:gf-complete + ref: 715443661c00558fe32f004a4be5f93f341b6e59 + unpetrify-ref: v2 +- name: jerasure + repo: upstream:jerasure + ref: ff7032153ea230fb59596f1f8a0e9ad8653addfb + unpetrify-ref: v2 + build-depends: + - gf-complete +- name: pyeclib + repo: upstream:python-packages/pyeclib + ref: aa58aa887c2327e1394d6f28b3b6b7ab8f190b2b + unpetrify-ref: v1.0.7 + build-depends: + - liberasurecode + - gf-complete + - jerasure - name: swift repo: upstream:openstack/swift - ref: 2e8261a4dc0d0af0c4a46478b81e167bcf02220b - unpetrify-ref: 2.2.0 + ref: f8dee761bd36f857aa1288c27e095907032fad68 + unpetrify-ref: 2.3.0 build-depends: - dnspython - - netifaces - xattr + - pyeclib diff --git a/strata/swift/gf-complete.morph b/strata/swift/gf-complete.morph new file mode 100644 index 00000000..e8965c76 --- /dev/null +++ b/strata/swift/gf-complete.morph @@ -0,0 +1,20 @@ +name: gf-complete +kind: chunk +build-system: autotools +pre-configure-commands: +- ./autogen.sh +configure-commands: +- | + cpu="$(echo $TARGET | cut -d '-' -f 1)" + case "$cpu" in + x86_64) + SSE= + ;; + *) + # Disable SSE4 for any architecture which are not x86_64 bits + # see more information about architecture which support SSE in + # https://en.wikipedia.org/wiki/SSE4#Supporting_CPUs. + SSE=--disable-sse + ;; + esac + ./configure --prefix="$PREFIX" "$SSE" diff --git a/strata/swift/liberasurecode.morph b/strata/swift/liberasurecode.morph new file mode 100644 index 00000000..68839403 --- /dev/null +++ b/strata/swift/liberasurecode.morph @@ -0,0 +1,5 @@ +name: liberasurecode +kind: chunk +build-system: autotools +pre-configure-commands: +- autoreconf -ivf diff --git a/strata/test-tools.morph b/strata/test-tools.morph index 6826c963..7754e91d 100644 --- a/strata/test-tools.morph +++ b/strata/test-tools.morph @@ -48,8 +48,10 @@ chunks: - testtools - name: testscenarios repo: upstream:python-packages/testscenarios - ref: 475857af19a8190c9c0c7f8241b9907b942e19fd + ref: bccfaa71a2def5590161b6d1a247cf23c45a8b4d unpetrify-ref: trunk + build-depends: + - testtools - name: mox repo: upstream:python-packages/mox ref: 160491d0384285698d726b1af21277f336107f51 @@ -79,9 +81,9 @@ chunks: ref: f7f87e4ac1c52342162cf2035f5fe3d273f8b07f unpetrify-ref: master - name: zake - repo: upstream:python-packages/zake.git - ref: 13b92d9db4ad37d9550ef5c5abd323a2530a1e72 - unpetrify-ref: master + repo: upstream:python-packages/zake + ref: 436bab3306aeec420f1281f34bd5d26d7f81038c + unpetrify-ref: 0.2.1 build-depends: - testtools - name: nose diff --git a/strata/virtualization.morph b/strata/virtualization.morph index 548019aa..f2f1a401 100644 --- a/strata/virtualization.morph +++ b/strata/virtualization.morph @@ -3,8 +3,8 @@ kind: stratum description: | Virtualization for baserock NOTE: this stratum requires kernel support, please see openstack bsp - kernel history to check which config are needed for openvswitch, libvirt, - or ebtables, for example. + kernel history to check which config are needed for openvswitch or libvirt, + for example. build-depends: - morph: strata/libsoup-common.morph - morph: strata/python-core.morph @@ -12,6 +12,7 @@ build-depends: - morph: strata/connman-common.morph - morph: strata/lvm.morph - morph: strata/xorg-util-macros-common.morph +- morph: strata/networking-utils.morph chunks: - name: yajl morph: strata/virtualization/yajl.morph @@ -42,11 +43,6 @@ chunks: repo: upstream:dmidecode ref: 47a0aa5d6696a83922ee70279b7253a4e55947d5 unpetrify-ref: master -- name: ebtables - morph: strata/virtualization/ebtables.morph - repo: upstream:ebtables - ref: f4bdc80ae8c1a79b4ab5dcb8431ad85aea618d66 - unpetrify-ref: master - name: libvirt morph: strata/virtualization/libvirt.morph repo: upstream:libvirt @@ -59,7 +55,6 @@ chunks: - xml-catalog - yajl - dmidecode - - ebtables - name: pycurl repo: upstream:pycurl ref: 5ca370827d88817eeca3c56cbb37e4ddccc16c6e diff --git a/strata/wayland-generic.morph b/strata/wayland-generic.morph index c1dde012..37a57c5b 100644 --- a/strata/wayland-generic.morph +++ b/strata/wayland-generic.morph @@ -12,7 +12,7 @@ chunks: - name: wayland morph: strata/wayland-generic/wayland.morph repo: upstream:wayland - ref: 8e9d5a108476b3435a8286613b9a63b69afd92b7 - unpetrify-ref: 1.7.0 + ref: 60024af597b68974c451c89f960a7c11de11c33a + unpetrify-ref: 1.8.0 build-depends: - libxkbcommon diff --git a/strata/weston-common.morph b/strata/weston-common.morph index 2925d72c..fbc5d5f1 100644 --- a/strata/weston-common.morph +++ b/strata/weston-common.morph @@ -10,5 +10,5 @@ chunks: - name: weston morph: strata/weston-common/weston.morph repo: upstream:weston - ref: 322383ed469d69401b502618718a97a4e85c97d8 - unpetrify-ref: baserock/weston-1.7.0/tegra + ref: 97a6d48e725956a58afad4450c5981c42ba4aa9c + unpetrify-ref: baserock/weston-1.8.0/tegra diff --git a/strata/x-common.morph b/strata/x-common.morph index 69ffdba3..28e04fcc 100644 --- a/strata/x-common.morph +++ b/strata/x-common.morph @@ -104,6 +104,7 @@ chunks: - name: xorg-lib-libxshmfence repo: upstream:xorg-lib-libxshmfence ref: 9c4f070e1304a3503cfab08f68573443025fc4c9 + unpetrify-ref: master build-depends: - xorg-proto-x11proto - name: xorg-lib-libXau @@ -232,3 +233,24 @@ chunks: - xorg-proto-fixesproto - xorg-lib-libXau - xorg-lib-libX11 +- name: xorg-lib-libICE + repo: upstream:xorg-lib-libICE + ref: b0cc7794c89d64fc54d0c75b2bba79fd7a1c7e0a + unpetrify-ref: libICE-1.0.9 + build-depends: + - xorg-proto-x11proto + - xorg-lib-libxtrans +- name: xorg-lib-libSM + repo: upstream:xorg-lib-libSM + ref: d0659dcd3aa23598b38826ac78f85071772c436f + unpetrify-ref: libSM-1.2.2 + build-depends: + - xorg-lib-libICE +- name: xorg-lib-libXt + repo: upstream:xorg-lib-libXt + ref: e7411e7e5299116604ff1f01d9415802607f1051 + unpetrify-ref: libXt-1.1.5 + build-depends: + - xorg-proto-kbproto + - xorg-lib-libX11 + - xorg-lib-libSM diff --git a/strata/xstatic.morph b/strata/xstatic.morph index bf21a296..0b400dff 100644 --- a/strata/xstatic.morph +++ b/strata/xstatic.morph @@ -26,8 +26,12 @@ chunks: unpetrify-ref: master - name: xstatic-angular-bootstrap repo: upstream:xstatic-packages/xstatic-angular-bootstrap - ref: 2a8c157b8b0733afbfdaf7eea29cf012a8b7f483 - unpetrify-ref: master + ref: b581edb6975175a564fd02766aef2f9043702c80 + unpetrify-ref: 0.11.0.3 +- name: xstatic-angular-lrdragndrop + repo: upstream:xstatic-packages/xstatic-angular-lrdragndrop + ref: 55c7494492e6da2a6664aa00941864dd64589396 + unpetrify-ref: 1.0.2.3 - name: xstatic-angular-cookies repo: upstream:xstatic-packages/xstatic-angular-cookies ref: 66141a33ae7ad84b82ba9384a8101ae15ccd6da5 @@ -54,8 +58,8 @@ chunks: unpetrify-ref: master - name: xstatic-bootstrap-scss repo: upstream:xstatic-packages/xstatic-bootstrap-scss - ref: e8ca8e38e464691268faec8cd6ae59777ee7ee9e - unpetrify-ref: master + ref: d81b7b71c6c088406e90d1bdba0e10f0a304bbdc + unpetrify-ref: 3.1.1.1 - name: xstatic-d3 repo: upstream:xstatic-packages/xstatic-d3 ref: 1e754e73c801fb9315995ffeb95ae51233c4fcaf @@ -96,6 +100,10 @@ chunks: repo: upstream:xstatic-packages/xstatic-jquery-ui ref: b494369430dafd8ac4ddbe90efb9f8ad20a6e6d1 unpetrify-ref: 1.11.0.1 +- name: xstatic-magic-search + repo: upstream:xstatic-packages/xstatic-magic-search + ref: 60d6954a36e54afa1f925324e7b527d235bdb484 + unpetrify-ref: 0.2.0.1 - name: xstatic-jsencrypt repo: upstream:xstatic-packages/xstatic-jsencrypt ref: 5c0f088310ecd602e3aaf5e683385b0d27258409 @@ -112,3 +120,7 @@ chunks: repo: upstream:xstatic-packages/xstatic-spin ref: 74b4c0d0ff12db1f84787246857d5e925ff6883f unpetrify-ref: master +- name: xstatic-termjs + repo: upstream:xstatic-packages/xstatic-termjs + ref: a4ac0b809ab0d84c636a760215839bb6d68d0113 + unpetrify-ref: master diff --git a/strata/zookeeper.morph b/strata/zookeeper.morph index 2baf6f58..e345b6d1 100644 --- a/strata/zookeeper.morph +++ b/strata/zookeeper.morph @@ -5,22 +5,10 @@ description: | build-depends: - morph: strata/core.morph - morph: strata/test-tools.morph +- morph: strata/java.morph chunks: -- name: java-binary - morph: strata/zookeeper/java-binary.morph - repo: github:franred/gerrit-installation-binaries - ref: ef262c635890f19eaff8ef6bbd831ee9b0d8693e - unpetrify-ref: master -- name: java-ant - morph: strata/zookeeper/java-ant.morph - repo: upstream:java/ant - ref: master - build-depends: - - java-binary - name: zookeeper morph: strata/zookeeper/zookeeper.morph repo: upstream:zookeeper ref: baserock/mikesmith/zookeeper unpetrify-ref: trunk - build-depends: - - java-ant diff --git a/strata/zookeeper/java-binary.morph b/strata/zookeeper/java-binary.morph deleted file mode 100644 index a6c11f95..00000000 --- a/strata/zookeeper/java-binary.morph +++ /dev/null @@ -1,11 +0,0 @@ -name: java-binary -kind: chunk -configure-commands: [] -build-commands: -- cat jdk-8u20-linux-x64.tar.gz_* > jdk-8u20-linux-x64.tar.gz -install-commands: -- mkdir -p "$DESTDIR$PREFIX"/bin -- mkdir -p "$DESTDIR$PREFIX"/lib -- tar zxf jdk-8u20-linux-x64.tar.gz -C "$DESTDIR$PREFIX"/lib -- unzip jce_policy-8.zip -d "$DESTDIR$PREFIX"/lib/jdk1.8.0_20/jre/lib/security -- ln -sfn "$PREFIX"/lib/jdk1.8.0_20/jre/bin/java "$DESTDIR$PREFIX"/bin/ diff --git a/systems/java-build-system-x86_64-generic.morph b/systems/java-build-system-x86_64-generic.morph new file mode 100644 index 00000000..a4ed7643 --- /dev/null +++ b/systems/java-build-system-x86_64-generic.morph @@ -0,0 +1,84 @@ +name: java-build-system-x86_64-generic +kind: system +description: | + A superset of devel-system which can build OpenJDK. + + There are instruction on using and testing java-build-system at: + https://wiki.baserock.org/Java. + + For use on 64-bit Intel x86 computers. +arch: x86_64 +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: foundation + morph: strata/foundation.morph +- name: bsp-x86_64-generic + morph: strata/bsp-x86_64-generic.morph +- name: tools + morph: strata/tools.morph +- name: python-cliapp + morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph +- name: python-wsgi + morph: strata/python-wsgi.morph +- name: morph-utils + morph: strata/morph-utils.morph +- name: openstack-common + morph: strata/openstack-common.morph +- name: openstack-clients + morph: strata/openstack-clients.morph +- name: cloudinit-support + morph: strata/cloudinit-support.morph +- name: nodejs + morph: strata/nodejs.morph +- name: ruby + morph: strata/ruby.morph +- name: lorry + morph: strata/lorry.morph +- name: baserock-import + morph: strata/baserock-import.morph +- name: nfs + morph: strata/nfs.morph +- name: python-core + morph: strata/python-core.morph +- name: python-tools + morph: strata/python-tools.morph +- name: python-common + morph: strata/python-common.morph +- name: devtools + morph: strata/devtools.morph +- name: ansible + morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph +- name: coreutils-common + morph: strata/coreutils-common.morph +- name: x-common + morph: strata/x-common.morph +- name: x-generic + morph: strata/x-generic.morph +- name: cups + morph: strata/cups.morph +- name: java + morph: strata/java.morph +- name: graphics-common + morph: strata/graphics-common.morph +- name: audio-bluetooth + morph: strata/audio-bluetooth.morph +configuration-extensions: +- extensions/set-hostname +- extensions/add-config-files +- extensions/simple-network +- extensions/nfsboot +- extensions/install-files +- extensions/cloud-init +- extensions/fstab +- extensions/install-essential-files diff --git a/systems/openstack-system-x86_64.morph b/systems/openstack-system-x86_64.morph index 2f700e68..af3ade19 100644 --- a/systems/openstack-system-x86_64.morph +++ b/systems/openstack-system-x86_64.morph @@ -80,6 +80,7 @@ configuration-extensions: - extensions/openstack-network - extensions/openstack-neutron - extensions/openstack-ceilometer +- extensions/openstack-time - extensions/fstab - extensions/openstack-ironic - extensions/install-essential-files diff --git a/systems/zookeeper-client-x86_64.morph b/systems/zookeeper-client-x86_64.morph index bc470df5..9b720f50 100644 --- a/systems/zookeeper-client-x86_64.morph +++ b/systems/zookeeper-client-x86_64.morph @@ -19,6 +19,8 @@ strata: morph: strata/zookeeper-client.morph - name: test-tools morph: strata/test-tools.morph +- name: java + morph: strata/java.morph configuration-extensions: - extensions/set-hostname - extensions/add-config-files diff --git a/systems/zookeeper-server-x86_64.morph b/systems/zookeeper-server-x86_64.morph index bc46d7b3..37a60ae2 100644 --- a/systems/zookeeper-server-x86_64.morph +++ b/systems/zookeeper-server-x86_64.morph @@ -19,6 +19,8 @@ strata: morph: strata/zookeeper-server.morph - name: test-tools morph: strata/test-tools.morph +- name: java + morph: strata/java.morph configuration-extensions: - extensions/set-hostname - extensions/add-config-files |