diff options
Diffstat (limited to 'install-files/openstack/usr/share')
66 files changed, 5558 insertions, 7420 deletions
diff --git a/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf b/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf index b572d40f..66a1db14 100644 --- a/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf +++ b/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf @@ -1,1023 +1,1327 @@ [DEFAULT] - -# -# Options defined in ceilometer.middleware -# - -# Exchanges name to listen for notifications. (multi valued) -#http_control_exchanges=nova -#http_control_exchanges=glance -#http_control_exchanges=neutron -#http_control_exchanges=cinder - - -# -# Options defined in ceilometer.pipeline -# - -# Configuration file for pipeline definition. (string value) -#pipeline_cfg_file=pipeline.yaml - - -# -# Options defined in ceilometer.sample -# - -# Source for samples emitted on this instance. (string value) -# Deprecated group/name - [DEFAULT]/counter_source -#sample_source=openstack - - -# -# Options defined in ceilometer.service -# - -# Name of this node, which must be valid in an AMQP key. Can -# be an opaque identifier. For ZeroMQ only, must be a valid -# host name, FQDN, or IP address. (string value) -#host=ceilometer - -# Dispatcher to process data. (multi valued) -#dispatcher=database - -# Number of workers for collector service. A single -# collector is enabled by default. (integer value) -#collector_workers=1 - -# Number of workers for notification service. A single -# notification agent is enabled by default. (integer value) -#notification_workers=1 - - -# -# Options defined in ceilometer.api.app -# - -# The strategy to use for auth: noauth or keystone. (string -# value) -auth_strategy=keystone - -# Deploy the deprecated v1 API. (boolean value) -#enable_v1_api=true - - + # -# Options defined in ceilometer.compute.notifications +# From ceilometer # - + +# To reduce large requests at same time to Nova or other components +# from different compute agents, shuffle start time of polling task. +# (integer value) +#shuffle_time_before_polling_task = 0 + +# Configuration file for WSGI definition of API. (string value) +#api_paste_config = api_paste.ini + +# Number of workers for Ceilometer API server. (integer value) +#api_workers = 1 + +# Polling namespace(s) to be used while resource polling (unknown +# type) +#polling_namespaces = ['compute', 'central'] + +# List of pollsters (or wildcard templates) to be used while polling +# (unknown type) +#pollster_list = [] + # Exchange name for Nova notifications. (string value) -#nova_control_exchange=nova - - -# -# Options defined in ceilometer.compute.util -# - -# List of metadata prefixes reserved for metering use. (list -# value) -#reserved_metadata_namespace=metering. - +#nova_control_exchange = nova + +# List of metadata prefixes reserved for metering use. (list value) +#reserved_metadata_namespace = metering. + # Limit on length of reserved metadata values. (integer value) -#reserved_metadata_length=256 - - -# -# Options defined in ceilometer.compute.virt.inspector -# - -# Inspector to use for inspecting the hypervisor layer. -# (string value) -#hypervisor_inspector=libvirt - - -# -# Options defined in ceilometer.compute.virt.libvirt.inspector -# - -# Libvirt domain type (valid options are: kvm, lxc, qemu, uml, -# xen). (string value) -#libvirt_type=kvm - +#reserved_metadata_length = 256 + +# List of metadata keys reserved for metering use. And these keys are +# additional to the ones included in the namespace. (list value) +#reserved_metadata_keys = + +# Inspector to use for inspecting the hypervisor layer. (string value) +#hypervisor_inspector = libvirt + +# Libvirt domain type. (string value) +# Allowed values: kvm, lxc, qemu, uml, xen +#libvirt_type = kvm + # Override the default libvirt URI (which is dependent on # libvirt_type). (string value) -#libvirt_uri= - - -# -# Options defined in ceilometer.image.notifications -# - +#libvirt_uri = + +# Exchange name for Data Processing notifications. (string value) +#sahara_control_exchange = sahara + +# Dispatcher to process data. (multi valued) +# Deprecated group/name - [collector]/dispatcher +#dispatcher = database + +# Exchange name for Keystone notifications. (string value) +#keystone_control_exchange = keystone + +# Number of items to request in each paginated Glance API request +# (parameter used by glancecelient). If this is less than or equal to +# 0, page size is not specified (default value in glanceclient is +# used). (integer value) +#glance_page_size = 0 + # Exchange name for Glance notifications. (string value) -#glance_control_exchange=glance - - -# -# Options defined in ceilometer.network.notifications -# - +#glance_control_exchange = glance + +# Exchange name for Ironic notifications. (string value) +#ironic_exchange = ironic + +# Exchanges name to listen for notifications. (multi valued) +#http_control_exchanges = nova +#http_control_exchanges = glance +#http_control_exchanges = neutron +#http_control_exchanges = cinder + # Exchange name for Neutron notifications. (string value) # Deprecated group/name - [DEFAULT]/quantum_control_exchange -#neutron_control_exchange=neutron - - -# -# Options defined in ceilometer.objectstore.swift -# - -# Swift reseller prefix. Must be on par with reseller_prefix -# in proxy-server.conf. (string value) -#reseller_prefix=AUTH_ - - -# -# Options defined in ceilometer.openstack.common.db.sqlalchemy.session -# - -# The file name to use with SQLite (string value) -#sqlite_db=ceilometer.sqlite - -# If True, SQLite uses synchronous mode (boolean value) -#sqlite_synchronous=true - - -# -# Options defined in ceilometer.openstack.common.eventlet_backdoor -# - -# Enable eventlet backdoor. Acceptable values are 0, <port>, -# and <start>:<end>, where 0 results in listening on a random -# tcp port number; <port> results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port=<None> - - -# -# Options defined in ceilometer.openstack.common.lockutils -# - -# Whether to disable inter-process locks. (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. (string value) -#lock_path=<None> - - -# -# Options defined in ceilometer.openstack.common.log -# - -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error (boolean value) -#use_stderr=true - -# Format string to use for log messages with context (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format +#neutron_control_exchange = neutron + +# Allow novaclient's debug log output. (boolean value) +#nova_http_log_debug = false + +# Swift reseller prefix. Must be on par with reseller_prefix in proxy- +# server.conf. (string value) +#reseller_prefix = AUTH_ + +# Enable eventlet backdoor. Acceptable values are 0, <port>, and +# <start>:<end>, where 0 results in listening on a random tcp port +# number; <port> results in listening on the specified port number +# (and not enabling backdoor if that port is in use); and +# <start>:<end> results in listening on the smallest unused port +# number within the specified range of port numbers. The chosen port +# is displayed in the service's log file. (string value) +#backdoor_port = <None> + +# Print debugging output (set logging level to DEBUG instead of +# default WARNING level). (boolean value) +#debug = false + +# Print more verbose output (set logging level to INFO instead of +# default WARNING level). (boolean value) +#verbose = false + +# Log output to standard error. (boolean value) +#use_stderr = true + +# The name of a logging configuration file. This file is appended to +# any existing logging configuration files. For details about logging +# configuration files, see the Python logging module documentation. # (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN - -# Publish error events (boolean value) -#publish_errors=false - -# Make deprecations fatal (boolean value) -#fatal_deprecations=false - -# If an instance is passed with the log message, format it -# like this (string value) -#instance_format="[instance: %(uuid)s] " - -# If an instance UUID is passed with the log message, format -# it like this (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of logging configuration file. It does not disable -# existing loggers, but just appends specified logging -# configuration to any other existing logging options. Please -# see the Python logging module documentation for details on -# logging configuration files. (string value) # Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> - -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and +#log_config_append = <None> + +# DEPRECATED. A logging.Formatter log message format string which may +# use any of the available logging.LogRecord attributes. This option +# is deprecated. Please use logging_context_format_string and # logging_default_format_string instead. (string value) -#log_format=<None> - -# Format string for %%(asctime)s in log records. Default: -# %(default)s (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) +#log_format = <None> + +# Format string for %%(asctime)s in log records. Default: %(default)s +# . (string value) +#log_date_format = %Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to output to. If no default is set, +# logging will go to stdout. (string value) # Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> - -# (Optional) The base directory used for relative --log-file -# paths (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> - -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and then will be changed in J to honor RFC5424 -# (boolean value) -use_syslog=true - -# (Optional) Use syslog rfc5424 format for logging. If -# enabled, will add APP-NAME (RFC5424) before the MSG part of -# the syslog message. The old format without APP-NAME is -# deprecated in I, and will be removed in J. (boolean value) -#use_syslog_rfc_format=false - -# Syslog facility to receive log lines (string value) -#syslog_log_facility=LOG_USER - - -# -# Options defined in ceilometer.openstack.common.middleware.sizelimit -# - -# The maximum body size per request, in bytes (integer value) -# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size -#max_request_body_size=114688 - - -# -# Options defined in ceilometer.openstack.common.notifier.api -# - -# Driver or drivers to handle sending notifications (multi -# valued) -#notification_driver= - -# Default notification level for outgoing notifications +#log_file = <None> + +# (Optional) The base directory used for relative --log-file paths. # (string value) -#default_notification_level=INFO - -# Default publisher_id for outgoing notifications (string -# value) -#default_publisher_id=<None> - - -# -# Options defined in ceilometer.openstack.common.notifier.rpc_notifier -# - -# AMQP topic used for OpenStack notifications (list value) -#notification_topics=notifications - - -# -# Options defined in ceilometer.openstack.common.policy -# - -# JSON file containing policy (string value) -#policy_file=policy.json - -# Rule enforced when requested rule is not found (string +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = <None> + +# Use syslog for logging. Existing syslog format is DEPRECATED during +# I, and will change in J to honor RFC5424. (boolean value) +#use_syslog = false + +# (Optional) Enables or disables syslog rfc5424 format for logging. If +# enabled, prefixes the MSG part of the syslog message with APP-NAME +# (RFC5424). The format without the APP-NAME is deprecated in I, and +# will be removed in J. (boolean value) +#use_syslog_rfc_format = false + +# Syslog facility to receive log lines. (string value) +#syslog_log_facility = LOG_USER + +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Format string to use for log messages without context. (string # value) -#policy_default_rule=default - - -# -# Options defined in ceilometer.openstack.common.rpc -# - -# The messaging module to use, defaults to kombu. (string +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + +# Prefix each line of exception output with this format. (string # value) -rpc_backend=rabbit - -# Size of RPC thread pool (integer value) -#rpc_thread_pool_size=64 - -# Size of RPC connection pool (integer value) -#rpc_conn_pool_size=30 - -# Seconds to wait for a response from call or multicall -# (integer value) -#rpc_response_timeout=60 - -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 - -# Modules of exceptions that are permitted to be recreated -# upon receiving exception data from an rpc call. (list value) -#allowed_rpc_exception_modules=nova.exception,cinder.exception,exceptions - -# If passed, use a fake RabbitMQ provider (boolean value) -#fake_rabbit=false - -# AMQP exchange to connect to if using RabbitMQ or Qpid -# (string value) -#control_exchange=openstack - - -# -# Options defined in ceilometer.openstack.common.rpc.amqp -# - -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false - - -# -# Options defined in ceilometer.openstack.common.rpc.impl_kombu -# - -# If SSL is enabled, the SSL version to use. Valid values are -# TLSv1, SSLv23 and SSLv3. SSLv2 might be available on some -# distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled) (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled) (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL enabled) -# (string value) -#kombu_ssl_ca_certs= - -# The RabbitMQ broker address where a single node is used +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s + +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN + +# Enables or disables publication of error events. (boolean value) +#publish_errors = false + +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false + +# The format for an instance that is passed with the log message. # (string value) -rabbit_host = {{ RABBITMQ_HOST }} +#instance_format = "[instance: %(uuid)s] " - -# The RabbitMQ broker port where a single node is used -# (integer value) -rabbit_port= {{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ (boolean value) -rabbit_use_ssl=false - -# The RabbitMQ userid (string value) -rabbit_userid= {{ RABBITMQ_USER }} - -# The RabbitMQ password (string value) -rabbit_password = {{ RABBITMQ_PASSWORD }} - - -# The RabbitMQ virtual host (string value) -rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count) (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - - -# -# Options defined in ceilometer.openstack.common.rpc.impl_qpid -# - -# Qpid broker hostname (string value) -#qpid_hostname=localhost - -# Qpid broker port (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for qpid connection (string value) -#qpid_username= - -# Password for qpid connection (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth +# The format for an instance UUID that is passed with the log message. # (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl' (string value) -#qpid_protocol=tcp - -# Disable Nagle algorithm (boolean value) -#qpid_tcp_nodelay=true - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - - -# -# Options defined in ceilometer.openstack.common.rpc.impl_zmq -# - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* - -# MatchMaker driver (string value) -#rpc_zmq_matchmaker=ceilometer.openstack.common.rpc.matchmaker.MatchMakerLocalhost - -# ZeroMQ receiver listening port (integer value) -#rpc_zmq_port=9501 - -# Number of ZeroMQ contexts, defaults to 1 (integer value) -#rpc_zmq_contexts=1 - -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> - -# Directory for holding IPC sockets (string value) -#rpc_zmq_ipc_dir=/var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=ceilometer - - -# -# Options defined in ceilometer.openstack.common.rpc.matchmaker -# - -# Heartbeat frequency (integer value) -#matchmaker_heartbeat_freq=300 - -# Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 - - -# -# Options defined in ceilometer.orchestration.notifications -# - +#instance_uuid_format = "[instance: %(uuid)s] " + # Exchange name for Heat notifications (string value) -#heat_control_exchange=heat - - -# -# Options defined in ceilometer.storage -# - +#heat_control_exchange = heat + +# Configuration file for pipeline definition. (string value) +#pipeline_cfg_file = pipeline.yaml + +# Configuration file for event pipeline definition. (string value) +#event_pipeline_cfg_file = event_pipeline.yaml + +# Exchange name for DBaaS notifications. (string value) +#trove_control_exchange = trove + +# Exchange name for Messaging service notifications. (string value) +#zaqar_control_exchange = zaqar + +# Source for samples emitted on this instance. (string value) +# Deprecated group/name - [DEFAULT]/counter_source +#sample_source = openstack + +# Name of this node, which must be valid in an AMQP key. Can be an +# opaque identifier. For ZeroMQ only, must be a valid host name, FQDN, +# or IP address. (string value) +#host = noisecell + +# Number of workers for collector service. A single collector is +# enabled by default. (integer value) +#collector_workers = 1 + +# Number of workers for notification service. A single notification +# agent is enabled by default. (integer value) +#notification_workers = 1 + +# Timeout seconds for HTTP requests. Set it to None to disable +# timeout. (integer value) +#http_timeout = 600 + # DEPRECATED - Database connection string. (string value) -#database_connection=<None> - - -# -# Options defined in ceilometer.storage.sqlalchemy.models -# - -# MySQL engine to use. (string value) -#mysql_engine=InnoDB - - -# -# Options defined in ceilometer.volume.notifications -# - +#database_connection = <None> + +# Path to the rootwrap configuration file touse for running commands +# as root (string value) +#rootwrap_config = /etc/ceilometer/rootwrap.conf + # Exchange name for Cinder notifications. (string value) -cinder_control_exchange=cinder - - -[alarm] - +#cinder_control_exchange = cinder + # -# Options defined in ceilometer.cli +# From oslo.messaging # - -# Class to launch as alarm evaluation service. (string value) -#evaluation_service=ceilometer.alarm.service.SingletonAlarmService - - + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet +# interface, or IP. The "host" option should point or resolve to this +# address. (string value) +#rpc_zmq_bind_address = * + +# MatchMaker driver. (string value) +#rpc_zmq_matchmaker = local + +# ZeroMQ receiver listening port. (integer value) +#rpc_zmq_port = 9501 + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts = 1 + +# Maximum number of ingress messages to locally buffer per topic. +# Default is unlimited. (integer value) +#rpc_zmq_topic_backlog = <None> + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir = /var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP address. +# Must match "host" option, if running Nova. (string value) +#rpc_zmq_host = localhost + +# Seconds to wait before a cast expires (TTL). Only supported by +# impl_zmq. (integer value) +#rpc_cast_timeout = 30 + +# Heartbeat frequency. (integer value) +#matchmaker_heartbeat_freq = 300 + +# Heartbeat time-to-live. (integer value) +#matchmaker_heartbeat_ttl = 600 + +# Size of RPC thread pool. (integer value) +#rpc_thread_pool_size = 64 + +# Driver or drivers to handle sending notifications. (multi valued) +#notification_driver = + +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +#notification_topics = notifications + +# Seconds to wait for a response from a call. (integer value) +#rpc_response_timeout = 60 + +# A URL representing the messaging driver to use and its full +# configuration. If not set, we fall back to the rpc_backend option +# and driver specific configuration. (string value) +#transport_url = <None> + +# The messaging driver to use, defaults to rabbit. Other drivers +# include qpid and zmq. (string value) +#rpc_backend = rabbit + +# The default exchange under which topics are scoped. May be +# overridden by an exchange name specified in the transport_url +# option. (string value) +#control_exchange = openstack + + +[alarm] + # -# Options defined in ceilometer.alarm.notifier.rest +# From ceilometer # - + # SSL Client certificate for REST notifier. (string value) -#rest_notifier_certificate_file= - +#rest_notifier_certificate_file = + # SSL Client private key for REST notifier. (string value) -#rest_notifier_certificate_key= - -# Whether to verify the SSL Server certificate when calling -# alarm action. (boolean value) -#rest_notifier_ssl_verify=true - - -# -# Options defined in ceilometer.alarm.rpc -# - -# The topic that ceilometer uses for alarm notifier messages. -# (string value) -#notifier_rpc_topic=alarm_notifier - -# The topic that ceilometer uses for alarm partition -# coordination messages. (string value) -#partition_rpc_topic=alarm_partition_coordination - - -# -# Options defined in ceilometer.alarm.service -# - -# Period of evaluation cycle, should be >= than configured -# pipeline interval for collection of underlying metrics. -# (integer value) +#rest_notifier_certificate_key = + +# Whether to verify the SSL Server certificate when calling alarm +# action. (boolean value) +#rest_notifier_ssl_verify = true + +# Number of retries for REST notifier (integer value) +#rest_notifier_max_retries = 0 + +# Period of evaluation cycle, should be >= than configured pipeline +# interval for collection of underlying metrics. (integer value) # Deprecated group/name - [alarm]/threshold_evaluation_interval -#evaluation_interval=60 - - -# -# Options defined in ceilometer.api.controllers.v2 -# - +#evaluation_interval = 60 + +# The topic that ceilometer uses for alarm notifier messages. (string +# value) +#notifier_rpc_topic = alarm_notifier + +# The topic that ceilometer uses for alarm partition coordination +# messages. DEPRECATED: RPC-based partitionedalarm evaluation service +# will be removed in Kilo in favour of the default alarm evaluation +# service using tooz for partitioning. (string value) +#partition_rpc_topic = alarm_partition_coordination + +# URL to Gnocchi. (string value) +#gnocchi_url = http://localhost:8041 + # Record alarm change events. (boolean value) -#record_history=true - - +#record_history = true + +# Maximum number of alarms defined for a user. (integer value) +#user_alarm_quota = <None> + +# Maximum number of alarms defined for a project. (integer value) +#project_alarm_quota = <None> + +# Driver to use for alarm evaluation service. DEPRECATED: "singleton" +# and "partitioned" alarm evaluator services will be removed in Kilo +# in favour of the default alarm evaluation service using tooz for +# partitioning. (string value) +#evaluation_service = default + + [api] - + # -# Options defined in ceilometer.api +# From ceilometer # - + # The port for the ceilometer API server. (integer value) # Deprecated group/name - [DEFAULT]/metering_api_port -#port=8777 - +#port = 8777 + # The listen IP for the ceilometer API server. (string value) -#host=0.0.0.0 - - +#host = 0.0.0.0 + +# Toggle Pecan Debug Middleware. (boolean value) +#pecan_debug = false + + +[central] + +# +# From ceilometer +# + +# Work-load partitioning group prefix. Use only if you want to run +# multiple polling agents with different config files. For each sub- +# group of the agent pool with the same partitioning_group_prefix a +# disjoint subset of pollsters should be loaded. (string value) +# Deprecated group/name - [central]/partitioning_group_prefix +#partitioning_group_prefix = <None> + + [collector] - + # -# Options defined in ceilometer.collector +# From ceilometer # - -# Address to which the UDP socket is bound. Set to an empty -# string to disable. (string value) -#udp_address=0.0.0.0 - + +# Address to which the UDP socket is bound. Set to an empty string to +# disable. (string value) +#udp_address = 0.0.0.0 + # Port to which the UDP socket is bound. (integer value) -#udp_port=4952 - - +#udp_port = 4952 + +# Requeue the sample on the collector sample queue when the collector +# fails to dispatch it. This is only valid if the sample come from the +# notifier publisher. (boolean value) +#requeue_sample_on_dispatcher_error = false + +# Requeue the event on the collector event queue when the collector +# fails to dispatch it. (boolean value) +#requeue_event_on_dispatcher_error = false + + +[compute] + +# +# From ceilometer +# + +# Enable work-load partitioning, allowing multiple compute agents to +# be run simultaneously. (boolean value) +#workload_partitioning = false + + +[coordination] + +# +# From ceilometer +# + +# The backend URL to use for distributed coordination. If left empty, +# per-deployment central agent and per-host compute agent won't do +# workload partitioning and will only function correctly if a single +# instance of that service is running. (string value) +#backend_url = <None> + +# Number of seconds between heartbeats for distributed coordination. +# (floating point value) +#heartbeat = 1.0 + +# Number of seconds between checks to see if group membership has +# changed (floating point value) +#check_watchers = 10.0 + + [database] - + # -# Options defined in ceilometer.openstack.common.db.api +# From ceilometer # - -# The backend to use for db (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy - - + +# Number of seconds that samples are kept in the database for (<= 0 +# means forever). (integer value) +# Deprecated group/name - [database]/time_to_live +#metering_time_to_live = -1 + +# Number of seconds that events are kept in the database for (<= 0 +# means forever). (integer value) +#event_time_to_live = -1 + +# The connection string used to connect to the metering database. (if +# unset, connection is used) (string value) +#metering_connection = <None> + +# The connection string used to connect to the alarm database. (if +# unset, connection is used) (string value) +#alarm_connection = <None> + +# The connection string used to connect to the event database. (if +# unset, connection is used) (string value) +#event_connection = <None> + +# The name of the replica set which is used to connect to MongoDB +# database. If it is set, MongoReplicaSetClient will be used instead +# of MongoClient. (string value) +#mongodb_replica_set = + +# The max length of resources id in DB2 nosql, the value should be +# larger than len(hostname) * 2 as compute node's resource id is +# <hostname>_<nodename>. (integer value) +#db2nosql_resource_id_maxlen = 512 + # -# Options defined in ceilometer.openstack.common.db.sqlalchemy.session +# From oslo.db # - -# The SQLAlchemy connection string used to connect to the -# database (string value) + +# The file name to use with SQLite. (string value) +# Deprecated group/name - [DEFAULT]/sqlite_db +#sqlite_db = oslo.sqlite + +# If True, SQLite uses synchronous mode. (boolean value) +# Deprecated group/name - [DEFAULT]/sqlite_synchronous +#sqlite_synchronous = true + +# The back end to use for the database. (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend = sqlalchemy + +# The SQLAlchemy connection string to use to connect to the database. +# (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection -connection=postgresql://{{ CEILOMETER_DB_USER }}:{{ CEILOMETER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ceilometer +#connection = <None> -# The SQLAlchemy connection string used to connect to the -# slave database (string value) -#slave_connection= - -# Timeout before idle sql connections are reaped (integer -# value) +# The SQLAlchemy connection string to use to connect to the slave +# database. (string value) +#slave_connection = <None> + +# The SQL mode to be used for MySQL sessions. This option, including +# the default, overrides any server-set SQL mode. To use whatever SQL +# mode is set by the server configuration, set this to no value. +# Example: mysql_sql_mode= (string value) +#mysql_sql_mode = TRADITIONAL + +# Timeout before idle SQL connections are reaped. (integer value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool -# (integer value) +#idle_timeout = 3600 + +# Minimum number of SQL connections to keep open in a pool. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool -# (integer value) +#min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size=<None> - -# Maximum db connection retries during startup. (setting -1 -# implies an infinite retry count) (integer value) +#max_pool_size = <None> + +# Maximum number of database connection retries during startup. Set to +# -1 to specify an infinite retry count. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 - -# Interval between retries of opening a sql connection -# (integer value) +#max_retries = 10 + +# Interval between retries of opening a SQL connection. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 - -# If set, use this value for max_overflow with sqlalchemy -# (integer value) +#retry_interval = 10 + +# If set, use this value for max_overflow with SQLAlchemy. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow=<None> - -# Verbosity of SQL debugging information. 0=None, -# 100=Everything (integer value) +#max_overflow = <None> + +# Verbosity of SQL debugging information: 0=None, 100=Everything. +# (integer value) # Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 - -# Add python stack traces to SQL as comment strings (boolean -# value) +#connection_debug = 0 + +# Add Python stack traces to SQL as comment strings. (boolean value) # Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false - -# If set, use this value for pool_timeout with sqlalchemy -# (integer value) +#connection_trace = false + +# If set, use this value for pool_timeout with SQLAlchemy. (integer +# value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout=<None> - - -# -# Options defined in ceilometer.storage -# - -# Number of seconds that samples are kept in the database for -# (<= 0 means forever). (integer value) -#time_to_live=-1 - - +#pool_timeout = <None> + +# Enable the experimental use of database reconnect on connection +# lost. (boolean value) +#use_db_reconnect = false + +# Seconds between retries of a database transaction. (integer value) +#db_retry_interval = 1 + +# If True, increases the interval between retries of a database +# operation up to db_max_retry_interval. (boolean value) +#db_inc_retry_interval = true + +# If db_inc_retry_interval is set, the maximum seconds between retries +# of a database operation. (integer value) +#db_max_retry_interval = 10 + +# Maximum retries in case of connection error or deadlock error before +# error is raised. Set to -1 to specify an infinite retry count. +# (integer value) +#db_max_retries = 20 + + [dispatcher_file] - + # -# Options defined in ceilometer.dispatcher.file +# From ceilometer # - -# Name and the location of the file to record meters. (string -# value) -#file_path=<None> - + +# Name and the location of the file to record meters. (string value) +#file_path = <None> + # The max size of the file. (integer value) -#max_bytes=0 - +#max_bytes = 0 + # The max number of the files to keep. (integer value) -#backup_count=0 - - +#backup_count = 0 + + [event] - + # -# Options defined in ceilometer.event.converter +# From ceilometer # - + # Configuration file for event definitions. (string value) -#definitions_cfg_file=event_definitions.yaml - -# Drop notifications if no event definition matches. -# (Otherwise, we convert them with just the default traits) -# (boolean value) -#drop_unmatched_notifications=false - - +#definitions_cfg_file = event_definitions.yaml + +# Drop notifications if no event definition matches. (Otherwise, we +# convert them with just the default traits) (boolean value) +#drop_unmatched_notifications = false + +# Store the raw notification for select priority levels (info and/or +# error). By default, raw details are not captured. (multi valued) +#store_raw = + + +[hardware] + +# +# From ceilometer +# + +# URL scheme to use for hardware nodes. (string value) +#url_scheme = snmp:// + +# SNMPd user name of all nodes running in the cloud. (string value) +#readonly_user_name = ro_snmp_user + +# SNMPd password of all the nodes running in the cloud. (string value) +#readonly_user_password = password + + +[ipmi] + +# +# From ceilometer +# + +# Number of retries upon Intel Node Manager initialization failure +# (integer value) +#node_manager_init_retry = 3 + +# Tolerance of IPMI/NM polling failures before disable this pollster. +# Negative indicates retrying forever. (integer value) +#polling_retry = 3 + + [keystone_authtoken] - + # -# Options defined in keystoneclient.middleware.auth_token +# From keystonemiddleware.auth_token # - -# Prefix to prepend at the beginning of the path (string -# value) -#auth_admin_prefix= - -# Host providing the admin Identity API endpoint (string + +# Complete public Identity API endpoint. (string value) +#auth_uri = <None> + +# API version of the admin Identity API endpoint. (string value) +#auth_version = <None> + +# Do not handle authorization requests within the middleware, but +# delegate the authorization decision to downstream WSGI components. +# (boolean value) +#delay_auth_decision = false + +# Request timeout value for communicating with Identity API server. +# (integer value) +#http_connect_timeout = <None> + +# How many times are we trying to reconnect when communicating with +# Identity API Server. (integer value) +#http_request_max_retries = 3 + +# Env key for the swift cache. (string value) +#cache = <None> + +# Required if identity server requires client certificate (string # value) -#auth_host=127.0.0.1 - -# Port of the admin Identity API endpoint (integer value) -#auth_port=35357 - -# Protocol of the admin Identity API endpoint(http or https) -# (string value) -#auth_protocol=https - -# Complete public Identity API endpoint (string value) -auth_uri= http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 - - -# API version of the admin Identity API endpoint (string +#certfile = <None> + +# Required if identity server requires client certificate (string # value) -#auth_version=<None> - -# Do not handle authorization requests within the middleware, -# but delegate the authorization decision to downstream WSGI -# components (boolean value) -#delay_auth_decision=false - -# Request timeout value for communicating with Identity API -# server. (boolean value) -#http_connect_timeout=<None> - -# How many times are we trying to reconnect when communicating -# with Identity API Server. (integer value) -#http_request_max_retries=3 - -# Allows to pass in the name of a fake http_handler callback -# function used instead of httplib.HTTPConnection or -# httplib.HTTPSConnection. Useful for unit testing where -# network is not available. (string value) -#http_handler=<None> - -# Single shared secret with the Keystone configuration used -# for bootstrapping a Keystone installation, or otherwise -# bypassing the normal authentication process. (string value) -#admin_token=<None> - -# Keystone account username (string value) -admin_user = {{ CEILOMETER_SERVICE_USER }} - -# Keystone account password (string value) -admin_password = {{ CEILOMETER_SERVICE_PASSWORD }} - -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name = service - -# Env key for the swift cache (string value) -#cache=<None> - -# Required if Keystone server requires client certificate -# (string value) -#certfile=<None> - -# Required if Keystone server requires client certificate -# (string value) -#keyfile=<None> - -# A PEM encoded Certificate Authority to use when verifying -# HTTPS connections. Defaults to system CAs. (string value) -#cafile=<None> - +#keyfile = <None> + +# A PEM encoded Certificate Authority to use when verifying HTTPs +# connections. Defaults to system CAs. (string value) +#cafile = <None> + # Verify HTTPS connections. (boolean value) -#insecure=false - -# Directory used to cache files related to PKI tokens (string -# value) -#signing_dir=<None> - -# If defined, the memcache server(s) to use for caching (list +#insecure = false + +# Directory used to cache files related to PKI tokens. (string value) +#signing_dir = <None> + +# Optionally specify a list of memcached server(s) to use for caching. +# If left undefined, tokens will instead be cached in-process. (list # value) # Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers=<None> - -# In order to prevent excessive requests and validations, the -# middleware uses an in-memory cache for the tokens the -# Keystone API returns. This is only valid if memcache_servers -# is defined. Set to -1 to disable caching completely. -# (integer value) -#token_cache_time=300 - -# Value only used for unit testing (integer value) -#revocation_cache_time=1 - -# (optional) if defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable -# values are MAC or ENCRYPT. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token -# data is encrypted and authenticated in the cache. If the -# value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -#memcache_security_strategy=<None> - -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string +#memcached_servers = <None> + +# In order to prevent excessive effort spent validating tokens, the +# middleware caches previously-seen tokens for a configurable duration +# (in seconds). Set to -1 to disable caching completely. (integer # value) -#memcache_secret_key=<None> - -# (optional) indicate whether to set the X-Service-Catalog -# header. If False, middleware will not ask for service -# catalog on token validation and will not set the X-Service- -# Catalog header. (boolean value) -#include_service_catalog=true - -# Used to control the use and type of token binding. Can be -# set to: "disabled" to not check token binding. "permissive" -# (default) to validate binding information if the bind type -# is of a form known to the server and ignore it if not. -# "strict" like "permissive" but if the bind type is unknown -# the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string +#token_cache_time = 300 + +# Determines the frequency at which the list of revoked tokens is +# retrieved from the Identity service (in seconds). A high number of +# revocation events combined with a low cache duration may +# significantly reduce performance. (integer value) +#revocation_cache_time = 10 + +# (Optional) If defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable values are +# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in +# the cache. If ENCRYPT, token data is encrypted and authenticated in +# the cache. If the value is not one of these options or empty, +# auth_token will raise an exception on initialization. (string value) +#memcache_security_strategy = <None> + +# (Optional, mandatory if memcache_security_strategy is defined) This +# string is used for key derivation. (string value) +#memcache_secret_key = <None> + +# (Optional) Number of seconds memcached server is considered dead +# before it is tried again. (integer value) +#memcache_pool_dead_retry = 300 + +# (Optional) Maximum total number of open connections to every +# memcached server. (integer value) +#memcache_pool_maxsize = 10 + +# (Optional) Socket timeout in seconds for communicating with a +# memcache server. (integer value) +#memcache_pool_socket_timeout = 3 + +# (Optional) Number of seconds a connection to memcached is held +# unused in the pool before it is closed. (integer value) +#memcache_pool_unused_timeout = 60 + +# (Optional) Number of seconds that an operation will wait to get a +# memcache client connection from the pool. (integer value) +#memcache_pool_conn_get_timeout = 10 + +# (Optional) Use the advanced (eventlet safe) memcache client pool. +# The advanced pool will only work under python 2.x. (boolean value) +#memcache_use_advanced_pool = false + +# (Optional) Indicate whether to set the X-Service-Catalog header. If +# False, middleware will not ask for service catalog on token +# validation and will not set the X-Service-Catalog header. (boolean +# value) +#include_service_catalog = true + +# Used to control the use and type of token binding. Can be set to: +# "disabled" to not check token binding. "permissive" (default) to +# validate binding information if the bind type is of a form known to +# the server and ignore it if not. "strict" like "permissive" but if +# the bind type is unknown the token will be rejected. "required" any +# form of token binding is needed to be allowed. Finally the name of a +# binding method that must be present in tokens. (string value) +#enforce_token_bind = permissive + +# If true, the revocation list will be checked for cached tokens. This +# requires that PKI tokens are configured on the identity server. +# (boolean value) +#check_revocations_for_cached = false + +# Hash algorithms to use for hashing PKI tokens. This may be a single +# algorithm or multiple. The algorithms are those supported by Python +# standard hashlib.new(). The hashes will be tried in the order given, +# so put the preferred one first for performance. The result of the +# first hash will be stored in the cache. This will typically be set +# to multiple values only while migrating from a less secure algorithm +# to a more secure one. Once all the old tokens are expired this +# option should be set to a single value for better performance. (list +# value) +#hash_algorithms = md5 + +# Prefix to prepend at the beginning of the path. Deprecated, use +# identity_uri. (string value) +#auth_admin_prefix = + +# Host providing the admin Identity API endpoint. Deprecated, use +# identity_uri. (string value) +#auth_host = 127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +#auth_port = 35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +#auth_protocol = https + +# Complete admin Identity API endpoint. This should specify the +# unversioned root endpoint e.g. https://localhost:35357/ (string # value) -#enforce_token_bind=permissive - - +#identity_uri = <None> + +# This option is deprecated and may be removed in a future release. +# Single shared secret with the Keystone configuration used for +# bootstrapping a Keystone installation, or otherwise bypassing the +# normal authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token = <None> + +# Service username. (string value) +#admin_user = <None> + +# Service user password. (string value) +#admin_password = <None> + +# Service tenant name. (string value) +#admin_tenant_name = admin + + [matchmaker_redis] - + # -# Options defined in ceilometer.openstack.common.rpc.matchmaker_redis +# From oslo.messaging # - -# Host to locate redis (string value) -#host=127.0.0.1 - + +# Host to locate redis. (string value) +#host = 127.0.0.1 + # Use this port to connect to redis host. (integer value) -#port=6379 - -# Password for Redis server. (optional) (string value) -#password=<None> - - +#port = 6379 + +# Password for Redis server (optional). (string value) +#password = <None> + + [matchmaker_ring] - + # -# Options defined in ceilometer.openstack.common.rpc.matchmaker_ring +# From oslo.messaging # - -# Matchmaker ring file (JSON) (string value) + +# Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json - - +#ringfile = /etc/oslo/matchmaker_ring.json + + [notification] - + # -# Options defined in ceilometer.notification +# From ceilometer # - -# Acknowledge message when event persistence fails. (boolean -# value) -#ack_on_event_error=true - + +# Acknowledge message when event persistence fails. (boolean value) +# Deprecated group/name - [collector]/ack_on_event_error +#ack_on_event_error = true + # Save event details. (boolean value) -#store_events=false - - +# Deprecated group/name - [collector]/store_events +#store_events = false + +# WARNING: Ceilometer historically offered the ability to store events +# as meters. This usage is NOT advised as it can flood the metering +# database and cause performance degradation. This option disables the +# collection of non-metric meters and will be the default behavior in +# Liberty. (boolean value) +#disable_non_metric_meters = false + +# Enable workload partitioning, allowing multiple notification agents +# to be run simultaneously. (boolean value) +#workload_partitioning = false + +# Messaging URLs to listen for notifications. Example: +# transport://user:pass@host1:port[,hostN:portN]/virtual_host +# (DEFAULT/transport_url is used if empty) (multi valued) +#messaging_urls = + + +[oslo_concurrency] + +# +# From oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +# Deprecated group/name - [DEFAULT]/disable_process_locking +#disable_process_locking = false + +# Directory to use for lock files. For security, the specified +# directory should only be writable by the user running the processes +# that need locking. Defaults to environment variable OSLO_LOCK_PATH. +# If external locks are used, a lock path must be set. (string value) +# Deprecated group/name - [DEFAULT]/lock_path +#lock_path = <None> + + +[oslo_messaging_amqp] + +# +# From oslo.messaging +# + +# address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +#server_request_prefix = exclusive + +# address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +#broadcast_prefix = broadcast + +# address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +#group_request_prefix = unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +#container_name = <None> + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +#idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +#trace = false + +# CA certificate PEM file for verifing server certificate (string +# value) +# Deprecated group/name - [amqp1]/ssl_ca_file +#ssl_ca_file = + +# Identifying certificate PEM file to present to clients (string +# value) +# Deprecated group/name - [amqp1]/ssl_cert_file +#ssl_cert_file = + +# Private key PEM file used to sign cert_file certificate (string +# value) +# Deprecated group/name - [amqp1]/ssl_key_file +#ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +#ssl_key_password = <None> + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +#allow_insecure_clients = false + + +[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +#qpid_hostname = localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +#qpid_port = 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +#qpid_hosts = $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +#qpid_username = + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +#qpid_password = + +# Space separated list of SASL mechanisms to use for auth. (string +# value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +#qpid_sasl_mechanisms = + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +#qpid_heartbeat = 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +#qpid_protocol = tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +#qpid_tcp_nodelay = true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +#qpid_receiver_capacity = 1 + +# The qpid topology version to use. Version 1 is what was originally +# used by impl_qpid. Version 2 includes some backwards-incompatible +# changes that allow broker federation to work. Users should update +# to version 2 when they are able to take everything down, as it +# requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +#qpid_topology_version = 1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# SSL version to use (valid only if SSL enabled). Valid values are +# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be +# available on some distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +#kombu_ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +#kombu_ssl_keyfile = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +#kombu_ssl_certfile = + +# SSL certification authority file (valid only if SSL enabled). +# (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +#kombu_ssl_ca_certs = + +# How long to wait before reconnecting in response to an AMQP consumer +# cancel notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +#kombu_reconnect_delay = 1.0 + +# The RabbitMQ broker address where a single node is used. (string +# value) +# Deprecated group/name - [DEFAULT]/rabbit_host +#rabbit_host = localhost + +# The RabbitMQ broker port where a single node is used. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_port +#rabbit_port = 5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +#rabbit_hosts = $rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +#rabbit_use_ssl = false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +#rabbit_userid = guest + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +#rabbit_password = guest + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +#rabbit_login_method = AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +#rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +#rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. +# (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +#rabbit_retry_backoff = 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +#rabbit_max_retries = 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this +# option, you must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +#rabbit_ha_queues = false + +# Number of seconds after which the Rabbit broker is considered down +# if heartbeat's keep-alive fails (0 disables the heartbeat, >0 +# enables it. Enabling heartbeats requires kombu>=3.0.7 and +# amqp>=1.4.0). EXPERIMENTAL (integer value) +#heartbeat_timeout_threshold = 0 + +# How often times during the heartbeat_timeout_threshold we check the +# heartbeat. (integer value) +#heartbeat_rate = 2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +#fake_rabbit = false + + +[oslo_policy] + +# +# From oslo.policy +# + +# The JSON file that defines policies. (string value) +# Deprecated group/name - [DEFAULT]/policy_file +#policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. (string +# value) +# Deprecated group/name - [DEFAULT]/policy_default_rule +#policy_default_rule = default + +# Directories where policy configuration files are stored. They can be +# relative to any directory in the search path defined by the +# config_dir option, or absolute paths. The file defined by +# policy_file must exist for these directories to be searched. +# Missing or empty directories are ignored. (multi valued) +# Deprecated group/name - [DEFAULT]/policy_dirs +#policy_dirs = policy.d + + +[polling] + +# +# From ceilometer +# + +# Work-load partitioning group prefix. Use only if you want to run +# multiple polling agents with different config files. For each sub- +# group of the agent pool with the same partitioning_group_prefix a +# disjoint subset of pollsters should be loaded. (string value) +# Deprecated group/name - [central]/partitioning_group_prefix +#partitioning_group_prefix = <None> + + [publisher] - + # -# Options defined in ceilometer.publisher.utils +# From ceilometer # - -# Secret value for signing metering messages. (string value) + +# Secret value for signing messages. Set value empty if signing is not +# required to avoid computational overhead. (string value) # Deprecated group/name - [DEFAULT]/metering_secret # Deprecated group/name - [publisher_rpc]/metering_secret -# It should be set to some random value -metering_secret = {{ METERING_SECRET }} - +# Deprecated group/name - [publisher]/metering_secret +#telemetry_secret = change this for valid signing + + +[publisher_notifier] + +# +# From ceilometer +# + +# The topic that ceilometer uses for metering notifications. (string +# value) +#metering_topic = metering + +# The topic that ceilometer uses for event notifications. (string +# value) +#event_topic = event + +# The driver that ceilometer uses for metering notifications. (string +# value) +# Deprecated group/name - [DEFAULT]/metering_driver +#telemetry_driver = messagingv2 + + [publisher_rpc] - + # -# Options defined in ceilometer.publisher.rpc +# From ceilometer # - -# The topic that ceilometer uses for metering messages. -# (string value) -#metering_topic=metering - - -[rpc_notifier2] - -# -# Options defined in ceilometer.openstack.common.notifier.rpc_notifier2 -# - -# AMQP topic(s) used for OpenStack notifications (list value) -#topics=notifications - - + +# The topic that ceilometer uses for metering messages. (string value) +# Deprecated group/name - [DEFAULT]/metering_topic +#metering_topic = metering + + +[rgw_admin_credentials] + +# +# From ceilometer +# + +# Access key for Radosgw Admin. (string value) +#access_key = <None> + +# Secret key for Radosgw Admin. (string value) +#secret_key = <None> + + [service_credentials] - + # -# Options defined in ceilometer.service +# From ceilometer # - -# User name to use for OpenStack service access. (string -# value) -os_username = {{ CEILOMETER_SERVICE_USER }} - + +# User name to use for OpenStack service access. (string value) +# Deprecated group/name - [DEFAULT]/os_username +#os_username = ceilometer + # Password to use for OpenStack service access. (string value) -os_password = {{ CEILOMETER_SERVICE_PASSWORD }} - -# Tenant ID to use for OpenStack service access. (string -# value) -#os_tenant_id= - -# Tenant name to use for OpenStack service access. (string -# value) -os_tenant_name = service - +# Deprecated group/name - [DEFAULT]/os_password +#os_password = admin + +# Tenant ID to use for OpenStack service access. (string value) +# Deprecated group/name - [DEFAULT]/os_tenant_id +#os_tenant_id = + +# Tenant name to use for OpenStack service access. (string value) +# Deprecated group/name - [DEFAULT]/os_tenant_name +#os_tenant_name = admin + # Certificate chain for SSL validation. (string value) -#os_cacert=<None> - +#os_cacert = <None> + # Auth URL to use for OpenStack service access. (string value) -os_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +# Deprecated group/name - [DEFAULT]/os_auth_url +#os_auth_url = http://localhost:5000/v2.0 + +# Region name to use for OpenStack service endpoints. (string value) +# Deprecated group/name - [DEFAULT]/os_region_name +#os_region_name = <None> -# Region name to use for OpenStack service endpoints. (string -# value) -os_region_name=regionOne - # Type of endpoint in Identity service catalog to use for # communication with OpenStack services. (string value) -os_endpoint_type=internalURL - -# Disables X.509 certificate validation when an SSL connection -# to Identity Service is established. (boolean value) -#insecure=false - - -[ssl] - -# -# Options defined in ceilometer.openstack.common.sslutils -# - -# CA certificate file to use to verify connecting clients -# (string value) -#ca_file=<None> - -# Certificate file to use when starting the server securely -# (string value) -#cert_file=<None> - -# Private key file to use when starting the server securely -# (string value) -#key_file=<None> - - +#os_endpoint_type = publicURL + +# Disables X.509 certificate validation when an SSL connection to +# Identity Service is established. (boolean value) +#insecure = false + + +[service_types] + +# +# From ceilometer +# + +# Kwapi service type. (string value) +#kwapi = energy + +# Glance service type. (string value) +#glance = image + +# Neutron service type. (string value) +#neutron = network + +# Nova service type. (string value) +#nova = compute + +# Radosgw service type. (string value) +#radosgw = object-store + +# Swift service type. (string value) +#swift = object-store + + [vmware] - -# -# Options defined in ceilometer.compute.virt.vmware.inspector -# - -# IP address of the VMware Vsphere host (string value) -#host_ip= - -# Username of VMware Vsphere (string value) -#host_username= - -# Password of VMware Vsphere (string value) -#host_password= - -# Number of times a VMware Vsphere API must be retried -# (integer value) -#api_retry_count=10 - -# Sleep time in seconds for polling an ongoing async task -# (floating point value) -#task_poll_interval=0.5 + +# +# From ceilometer +# + +# IP address of the VMware Vsphere host. (string value) +#host_ip = + +# Port of the VMware Vsphere host. (integer value) +#host_port = 443 + +# Username of VMware Vsphere. (string value) +#host_username = + +# Password of VMware Vsphere. (string value) +#host_password = + +# Number of times a VMware Vsphere API may be retried. (integer value) +#api_retry_count = 10 + +# Sleep time in seconds for polling an ongoing async task. (floating +# point value) +#task_poll_interval = 0.5 + +# Optional vim service WSDL location e.g +# http://<server>/vimService.wsdl. Optional over-ride to default +# location for bug work-arounds. (string value) +#wsdl_location = <None> + + +[xenapi] + +# +# From ceilometer +# + +# URL for connection to XenServer/Xen Cloud Platform. (string value) +#connection_url = <None> + +# Username for connection to XenServer/Xen Cloud Platform. (string +# value) +#connection_username = root + +# Password for connection to XenServer/Xen Cloud Platform. (string +# value) +#connection_password = <None> + +# Timeout in seconds for XenAPI login. (integer value) +#login_timeout = 10 diff --git a/install-files/openstack/usr/share/openstack/cinder/api-paste.ini b/install-files/openstack/usr/share/openstack/cinder/api-paste.ini deleted file mode 100644 index ba922d5f..00000000 --- a/install-files/openstack/usr/share/openstack/cinder/api-paste.ini +++ /dev/null @@ -1,60 +0,0 @@ -############# -# OpenStack # -############# - -[composite:osapi_volume] -use = call:cinder.api:root_app_factory -/: apiversions -/v1: openstack_volume_api_v1 -/v2: openstack_volume_api_v2 - -[composite:openstack_volume_api_v1] -use = call:cinder.api.middleware.auth:pipeline_factory -noauth = request_id faultwrap sizelimit osprofiler noauth apiv1 -keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 -keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 - -[composite:openstack_volume_api_v2] -use = call:cinder.api.middleware.auth:pipeline_factory -noauth = request_id faultwrap sizelimit osprofiler noauth apiv2 -keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 -keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 - -[filter:request_id] -paste.filter_factory = cinder.openstack.common.middleware.request_id:RequestIdMiddleware.factory - -[filter:faultwrap] -paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes - -[filter:noauth] -paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory - -[filter:sizelimit] -paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory - -[app:apiv1] -paste.app_factory = cinder.api.v1.router:APIRouter.factory - -[app:apiv2] -paste.app_factory = cinder.api.v2.router:APIRouter.factory - -[pipeline:apiversions] -pipeline = faultwrap osvolumeversionapp - -[app:osvolumeversionapp] -paste.app_factory = cinder.api.versions:Versions.factory - -########## -# Shared # -########## - -[filter:keystonecontext] -paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/install-files/openstack/usr/share/openstack/cinder/cinder.conf b/install-files/openstack/usr/share/openstack/cinder/cinder.conf index a58004b5..8afdb941 100644 --- a/install-files/openstack/usr/share/openstack/cinder/cinder.conf +++ b/install-files/openstack/usr/share/openstack/cinder/cinder.conf @@ -4,130 +4,13 @@ # Options defined in oslo.messaging # -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in AMQP. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on -# some distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} - -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake -# (boolean value) -#fake_rabbit=false - # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) #rpc_zmq_bind_address=* # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker=local # ZeroMQ receiver listening port. (integer value) #rpc_zmq_port=9501 @@ -157,12 +40,12 @@ rabbit_password={{ RABBITMQ_PASSWORD }} # Heartbeat time-to-live. (integer value) #matchmaker_heartbeat_ttl=600 -# Size of RPC greenthread pool. (integer value) +# Size of RPC thread pool. (integer value) #rpc_thread_pool_size=64 # Driver or drivers to handle sending notifications. (multi # valued) -notification_driver=messagingv2 +#notification_driver= # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics @@ -178,12 +61,12 @@ notification_driver=messagingv2 # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) -rpc_backend=rabbit +#rpc_backend=rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the # transport_url option. (string value) -control_exchange=cinder +#control_exchange=openstack # @@ -306,6 +189,12 @@ control_exchange=cinder # with big service catalogs). (integer value) #max_header_line=16384 +# Timeout for client connections' socket operations. If an +# incoming connection is idle for this number of seconds it +# will be closed. A value of '0' means wait forever. (integer +# value) +#client_socket_timeout=900 + # If False, closes the client socket connection explicitly. # Setting it to True to maintain backward compatibility. # Recommended setting is set it to False. (boolean value) @@ -372,13 +261,41 @@ control_exchange=cinder # +# Options defined in cinder.api.views.versions +# + +# Public url to use for versions endpoint. The default is +# None, which will use the request's host_url attribute to +# populate the URL base. If Cinder is operating behind a +# proxy, you will want to change this to represent the proxy's +# URL. (string value) +#public_endpoint=<None> + + +# +# Options defined in cinder.backup.chunkeddriver +# + +# Compression algorithm (None to disable) (string value) +#backup_compression_algorithm=zlib + + +# # Options defined in cinder.backup.driver # # Backup metadata version to be used when backing up volume # metadata. If this number is bumped, make sure the service # doing the restore supports the new version. (integer value) -#backup_metadata_version=1 +#backup_metadata_version=2 + +# The number of chunks or objects, for which one Ceilometer +# notification will be sent (integer value) +#backup_object_number_per_notification=10 + +# Interval, in seconds, between two progress notifications +# reporting the backup status (integer value) +#backup_timer_interval=120 # @@ -415,6 +332,42 @@ control_exchange=cinder # +# Options defined in cinder.backup.drivers.nfs +# + +# The maximum size in bytes of the files used to hold backups. +# If the volume being backed up exceeds this size, then it +# will be backed up into multiple files. (integer value) +#backup_file_size=1999994880 + +# The size in bytes that changes are tracked for incremental +# backups. backup_swift_object_size has to be multiple of +# backup_swift_block_size. (integer value) +#backup_sha_block_size_bytes=32768 + +# Enable or Disable the timer to send the periodic progress +# notifications to Ceilometer when backing up the volume to +# the backend storage. The default value is True to enable the +# timer. (boolean value) +#backup_enable_progress_timer=true + +# Base dir containing mount point for NFS share. (string +# value) +#backup_mount_point_base=$state_path/backup_mount + +# NFS share in fqdn:path, ipv4addr:path, or "[ipv6addr]:path" +# format. (string value) +#backup_share=<None> + +# Mount options passed to the NFS client. See NFS man page for +# details. (string value) +#backup_mount_options=<None> + +# Custom container to use for backups. (string value) +#backup_container=<None> + + +# # Options defined in cinder.backup.drivers.swift # @@ -450,6 +403,11 @@ control_exchange=cinder # The size in bytes of Swift backup objects (integer value) #backup_swift_object_size=52428800 +# The size in bytes that changes are tracked for incremental +# backups. backup_swift_object_size has to be multiple of +# backup_swift_block_size. (integer value) +#backup_swift_block_size=32768 + # The number of retries to make for Swift operations (integer # value) #backup_swift_retry_attempts=3 @@ -458,8 +416,11 @@ control_exchange=cinder # value) #backup_swift_retry_backoff=2 -# Compression algorithm (None to disable) (string value) -#backup_compression_algorithm=zlib +# Enable or Disable the timer to send the periodic progress +# notifications to Ceilometer when backing up the volume to +# the Swift backend storage. The default value is True to +# enable the timer. (boolean value) +#backup_swift_enable_progress_timer=true # @@ -487,23 +448,51 @@ control_exchange=cinder # +# Options defined in cinder.cmd.volume +# + +# Backend override of host value. (string value) +# Deprecated group/name - [DEFAULT]/host +#backend_host=<None> + + +# +# Options defined in cinder.cmd.volume_usage_audit +# + +# If this option is specified then the start time specified is +# used instead of the start time of the last completed audit +# period. (string value) +#start_time=<None> + +# If this option is specified then the end time specified is +# used instead of the end time of the last completed audit +# period. (string value) +#end_time=<None> + +# Send the volume and snapshot create and delete notifications +# generated in the specified period. (boolean value) +#send_actions=false + + +# # Options defined in cinder.common.config # # File name for the paste.deploy config for cinder-api (string # value) -api_paste_config=api-paste.ini +#api_paste_config=api-paste.ini # Top-level directory for maintaining cinder's state (string # value) # Deprecated group/name - [DEFAULT]/pybasedir -state_path=/var/lib/cinder +#state_path=/var/lib/cinder # IP address of this host (string value) -my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +#my_ip=10.0.0.1 # Default glance host name or IP (string value) -glance_host={{ CONTROLLER_HOST_ADDRESS }} +#glance_host=$my_ip # Default glance port (integer value) #glance_port=9292 @@ -597,7 +586,7 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # Path to the rootwrap configuration file to use for running # commands as root (string value) -rootwrap_config=/etc/cinder/rootwrap.conf +#rootwrap_config=/etc/cinder/rootwrap.conf # Enable monkey patching (boolean value) #monkey_patch=false @@ -619,14 +608,14 @@ rootwrap_config=/etc/cinder/rootwrap.conf # The strategy to use for auth. Supports noauth, keystone, and # deprecated. (string value) -auth_strategy=keystone +#auth_strategy=noauth # A list of backend names to use. These backend names should # be backed by a unique [CONFIG] group with its options (list # value) #enabled_backends=<None> -# Whether snapshots count against GigaByte quota (boolean +# Whether snapshots count against gigabyte quota (boolean # value) #no_snapshot_gb_quota=false @@ -642,6 +631,19 @@ auth_strategy=keystone # (string value) #consistencygroup_api_class=cinder.consistencygroup.api.API +# OpenStack privileged account username. Used for requests to +# other services (such as Nova) that require an account with +# special rights. (string value) +#os_privileged_user_name=<None> + +# Password associated with the OpenStack privileged account. +# (string value) +#os_privileged_user_password=<None> + +# Tenant name associated with the OpenStack privileged +# account. (string value) +#os_privileged_user_tenant=<None> + # # Options defined in cinder.compute @@ -659,11 +661,11 @@ auth_strategy=keystone # Match this value when searching for nova in the service # catalog. Format is: separated values of the form: # <service_type>:<service_name>:<endpoint_type> (string value) -#nova_catalog_info=compute:nova:publicURL +#nova_catalog_info=compute:Compute Service:publicURL # Same as nova_catalog_info, but for admin endpoint. (string # value) -#nova_catalog_admin_info=compute:nova:adminURL +#nova_catalog_admin_info=compute:Compute Service:adminURL # Override service catalog lookup with template for nova # endpoint e.g. http://localhost:8774/v2/%(project_id)s @@ -690,16 +692,13 @@ auth_strategy=keystone # Options defined in cinder.db.api # -# The backend to use for db (string value) -#db_backend=sqlalchemy - # Services to be added to the available pool on create # (boolean value) #enable_new_services=true # Template string to be used to generate volume names (string # value) -volume_name_template=volume-%s +#volume_name_template=volume-%s # Template string to be used to generate snapshot names # (string value) @@ -756,112 +755,6 @@ volume_name_template=volume-%s # -# Options defined in cinder.openstack.common.lockutils -# - -# Whether to disable inter-process locks (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. Default to a temp directory -# (string value) -lock_path=/var/lock/cinder - - -# -# Options defined in cinder.openstack.common.log -# - -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> - -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format=<None> - -# Format string for %%(asctime)s in log records. Default: -# %(default)s . (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> - -# (Optional) The base directory used for relative --log-file -# paths. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> - -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and will change in J to honor RFC5424. (boolean -# value) -use_syslog = True - -# (Optional) Enables or disables syslog rfc5424 format for -# logging. If enabled, prefixes the MSG part of the syslog -# message with APP-NAME (RFC5424). The format without the APP- -# NAME is deprecated in I, and will be removed in J. (boolean -# value) -#use_syslog_rfc_format=false - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility=LOG_USER - - -# # Options defined in cinder.openstack.common.periodic_task # @@ -881,6 +774,23 @@ use_syslog = True # (string value) #policy_default_rule=default +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. The +# file defined by policy_file must exist for these directories +# to be searched. Missing or empty directories are ignored. +# (multi valued) +#policy_dirs=policy.d + + +# +# Options defined in cinder.openstack.common.versionutils +# + +# Enables or disables fatal status of deprecations. (boolean +# value) +#fatal_deprecations=false + # # Options defined in cinder.scheduler.driver @@ -995,12 +905,12 @@ use_syslog = True # volume (integer value) #num_iser_scan_tries=3 -# The maximum number of iSER target IDs per host (integer -# value) -#iser_num_targets=100 +# This option is deprecated and unused. It will be removed in +# the Liberty release. (integer value) +#iser_num_targets=<None> # Prefix for iSER volumes (string value) -#iser_target_prefix=iqn.2010-10.org.iser.openstack: +#iser_target_prefix=iqn.2010-10.org.openstack: # The IP address that the iSER daemon is listening on (string # value) @@ -1022,16 +932,20 @@ use_syslog = True # value) #reserved_percentage=0 -# The maximum number of iSCSI target IDs per host (integer -# value) -#iscsi_num_targets=100 +# This option is deprecated and unused. It will be removed in +# the Liberty release. (integer value) +#iscsi_num_targets=<None> # Prefix for iSCSI volumes (string value) #iscsi_target_prefix=iqn.2010-10.org.openstack: # The IP address that the iSCSI daemon is listening on (string # value) -iscsi_ip_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +#iscsi_ip_address=$my_ip + +# The list of secondary IP addresses of the iSCSI daemon (list +# value) +#iscsi_secondary_ip_addresses= # The port that the iSCSI daemon is listening on (integer # value) @@ -1044,15 +958,19 @@ iscsi_ip_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # The backend name for a given driver implementation (string # value) -volume_backend_name=LVM_iSCSI +#volume_backend_name=<None> # Do we attach/detach volumes in cinder using multipath for # volume to image and image to volume transfers? (boolean # value) #use_multipath_for_image_xfer=false -# Method used to wipe old volumes (valid options are: none, -# zero, shred) (string value) +# If this is set to True, attachment of volumes for image +# transfer will be aborted when multipathd is not running. +# Otherwise, it will fallback to single path. (boolean value) +#enforce_multipath_for_image_xfer=false + +# Method used to wipe old volumes (string value) #volume_clear=zero # Size in MiB to wipe at start of old volumes. 0 => all @@ -1065,18 +983,24 @@ volume_backend_name=LVM_iSCSI #volume_clear_ionice=<None> # iSCSI target user-land tool to use. tgtadm is default, use -# lioadm for LIO iSCSI support, iseradm for the ISER protocol, -# or fake for testing. (string value) -iscsi_helper=lioadm +# lioadm for LIO iSCSI support, scstadmin for SCST target +# support, iseradm for the ISER protocol, ietadm for iSCSI +# Enterprise Target, iscsictl for Chelsio iSCSI Target or fake +# for testing. (string value) +#iscsi_helper=tgtadm # Volume configuration file storage directory (string value) -volumes_dir=$state_path/volumes +#volumes_dir=$state_path/volumes # IET configuration file (string value) #iet_conf=/etc/iet/ietd.conf -# Comma-separated list of initiator IQNs allowed to connect to -# the iSCSI target. (From Nova compute nodes.) (string value) +# Chiscsi (CXT) global defaults configuration file (string +# value) +#chiscsi_conf=/etc/chelsio-iscsi/chiscsi.conf + +# This option is deprecated and unused. It will be removed in +# the next release. (string value) #lio_initiator_iqns= # Sets the behavior of the iSCSI target to either perform @@ -1102,6 +1026,13 @@ volumes_dir=$state_path/volumes # value) #iscsi_write_cache=on +# Determines the iSCSI protocol for new iSCSI volumes, created +# with tgtadm or lioadm target helpers. In order to enable +# RDMA, this parameter should be set with the value "iser". +# The supported iSCSI protocol values are "iscsi" and "iser". +# (string value) +#iscsi_protocol=iscsi + # The path to the client certificate key for verification, if # the driver supports it. (string value) #driver_client_cert_key=<None> @@ -1110,6 +1041,57 @@ volumes_dir=$state_path/volumes # driver supports it. (string value) #driver_client_cert=<None> +# Tell driver to use SSL for connection to backend storage if +# the driver supports it. (boolean value) +#driver_use_ssl=false + +# Float representation of the over subscription ratio when +# thin provisioning is involved. Default ratio is 20.0, +# meaning provisioned capacity can be 20 times of the total +# physical capacity. If the ratio is 10.5, it means +# provisioned capacity can be 10.5 times of the total physical +# capacity. A ratio of 1.0 means provisioned capacity cannot +# exceed the total physical capacity. A ratio lower than 1.0 +# will be ignored and the default value will be used instead. +# (floating point value) +#max_over_subscription_ratio=20.0 + +# Certain ISCSI targets have predefined target names, SCST +# target driver uses this name. (string value) +#scst_target_iqn_name=<None> + +# SCST target implementation can choose from multiple SCST +# target drivers. (string value) +#scst_target_driver=iscsi + +# Option to enable/disable CHAP authentication for targets. +# (boolean value) +# Deprecated group/name - [DEFAULT]/eqlx_use_chap +#use_chap_auth=false + +# CHAP user name. (string value) +# Deprecated group/name - [DEFAULT]/eqlx_chap_login +#chap_username= + +# Password for specified CHAP account name. (string value) +# Deprecated group/name - [DEFAULT]/eqlx_chap_password +#chap_password= + +# Namespace for driver private data values to be saved in. +# (string value) +#driver_data_namespace=<None> + +# String representation for an equation that will be used to +# filter hosts. Only used when the driver filter is set to be +# used by the Cinder scheduler. (string value) +#filter_function=<None> + +# String representation for an equation that will be used to +# determine the goodness of a host. Only used when using the +# goodness weigher is set to be used by the Cinder scheduler. +# (string value) +#goodness_function=<None> + # # Options defined in cinder.volume.drivers.block_device @@ -1120,31 +1102,47 @@ volumes_dir=$state_path/volumes # -# Options defined in cinder.volume.drivers.coraid +# Options defined in cinder.volume.drivers.cloudbyte.options # -# IP address of Coraid ESM (string value) -#coraid_esm_address= +# These values will be used for CloudByte storage's addQos API +# call. (dict value) +#cb_add_qosgroup=latency:15,iops:10,graceallowed:false,iopscontrol:true,memlimit:0,throughput:0,tpcontrol:false,networkspeed:0 + +# Driver will use this API key to authenticate against the +# CloudByte storage's management interface. (string value) +#cb_apikey=None -# User name to connect to Coraid ESM (string value) -#coraid_user=admin +# CloudByte storage specific account name. This maps to a +# project name in OpenStack. (string value) +#cb_account_name=None -# Name of group on Coraid ESM to which coraid_user belongs -# (must have admin privilege) (string value) -#coraid_group=admin +# This corresponds to the name of Tenant Storage Machine (TSM) +# in CloudByte storage. A volume will be created in this TSM. +# (string value) +#cb_tsm_name=None -# Password to connect to Coraid ESM (string value) -#coraid_password=password +# A retry value in seconds. Will be used by the driver to +# check if volume creation was successful in CloudByte +# storage. (integer value) +#cb_confirm_volume_create_retry_interval=5 -# Volume Type key name to store ESM Repository Name (string +# Will confirm a successful volume creation in CloudByte +# storage by making this many number of attempts. (integer # value) -#coraid_repository_key=coraid_repository +#cb_confirm_volume_create_retries=3 + +# These values will be used for CloudByte storage's +# createVolume API call. (dict value) +#cb_create_volume=compression:off,deduplication:off,blocklength:512B,sync:always,protocoltype:ISCSI,recordsize:16k # # Options defined in cinder.volume.drivers.datera # +# DEPRECATED: This will be removed in the Liberty release. Use +# san_login and san_password instead. This directly sets the # Datera API token. (string value) #datera_api_token=<None> @@ -1159,6 +1157,25 @@ volumes_dir=$state_path/volumes # +# Options defined in cinder.volume.drivers.dell.dell_storagecenter_common +# + +# Storage Center System Serial Number (integer value) +#dell_sc_ssn=64702 + +# Dell API port (integer value) +#dell_sc_api_port=3033 + +# Name of the server folder to use on the Storage Center +# (string value) +#dell_sc_server_folder=openstack + +# Name of the volume folder to use on the Storage Center +# (string value) +#dell_sc_volume_folder=openstack + + +# # Options defined in cinder.volume.drivers.emc.emc_vmax_common # @@ -1211,60 +1228,69 @@ volumes_dir=$state_path/volumes # False. (boolean value) #initiator_auto_registration=false +# Automatically deregister initiators after the related +# storage group is destroyed. By default, the value is False. +# (boolean value) +#initiator_auto_deregistration=false + +# Report free_capacity_gb as 0 when the limit to maximum +# number of pool LUNs is reached. By default, the value is +# False. (boolean value) +#check_max_pool_luns_threshold=false + +# Delete a LUN even if it is in Storage Groups. (boolean +# value) +#force_delete_lun_in_storagegroup=false + + +# +# Options defined in cinder.volume.drivers.emc.xtremio +# + +# XMS cluster id in multi-cluster environment (string value) +#xtremio_cluster_name= + # # Options defined in cinder.volume.drivers.eqlx # -# Group name to use for creating volumes (string value) +# Group name to use for creating volumes. Defaults to +# "group-0". (string value) #eqlx_group_name=group-0 -# Timeout for the Group Manager cli command execution (integer -# value) +# Timeout for the Group Manager cli command execution. Default +# is 30. (integer value) #eqlx_cli_timeout=30 -# Maximum retry count for reconnection (integer value) +# Maximum retry count for reconnection. Default is 5. (integer +# value) #eqlx_cli_max_retries=5 -# Use CHAP authentication for targets? (boolean value) +# Use CHAP authentication for targets. Note that this option +# is deprecated in favour of "use_chap_auth" as specified in +# cinder/volume/driver.py and will be removed in next release. +# (boolean value) #eqlx_use_chap=false -# Existing CHAP account name (string value) +# Existing CHAP account name. Note that this option is +# deprecated in favour of "chap_username" as specified in +# cinder/volume/driver.py and will be removed in next release. +# (string value) #eqlx_chap_login=admin -# Password for specified CHAP account name (string value) +# Password for specified CHAP account name. Note that this +# option is deprecated in favour of "chap_password" as +# specified in cinder/volume/driver.py and will be removed in +# the next release (string value) #eqlx_chap_password=password -# Pool in which volumes will be created (string value) +# Pool in which volumes will be created. Defaults to +# "default". (string value) #eqlx_pool=default # -# Options defined in cinder.volume.drivers.fujitsu_eternus_dx_common -# - -# The configuration file for the Cinder SMI-S driver (string -# value) -#cinder_smis_config_file=/etc/cinder/cinder_fujitsu_eternus_dx.xml - - -# -# Options defined in cinder.volume.drivers.fusionio.ioControl -# - -# amount of time wait for iSCSI target to come online (integer -# value) -#fusionio_iocontrol_targetdelay=5 - -# number of retries for GET operations (integer value) -#fusionio_iocontrol_retry=3 - -# verify the array certificate on each transaction (boolean -# value) -#fusionio_iocontrol_verify_cert=true - - -# # Options defined in cinder.volume.drivers.glusterfs # @@ -1407,6 +1433,20 @@ volumes_dir=$state_path/volumes # +# Options defined in cinder.volume.drivers.ibm.flashsystem +# + +# Connection protocol should be FC. (string value) +#flashsystem_connection_protocol=FC + +# Connect with multipath (FC only). (boolean value) +#flashsystem_multipath_enabled=false + +# Allows vdisk to multi host mapping. (boolean value) +#flashsystem_multihostmap_enabled=true + + +# # Options defined in cinder.volume.drivers.ibm.gpfs # @@ -1452,22 +1492,6 @@ volumes_dir=$state_path/volumes # Options defined in cinder.volume.drivers.ibm.ibmnas # -# IP address or Hostname of NAS system. (string value) -#nas_ip= - -# User name to connect to NAS system. (string value) -#nas_login=admin - -# Password to connect to NAS system. (string value) -#nas_password= - -# SSH port to use to connect to NAS system. (integer value) -#nas_ssh_port=22 - -# Filename of private key to use for SSH authentication. -# (string value) -#nas_private_key= - # IBMNAS platform type to be used as backend storage; valid # values are - v7ku : for using IBM Storwize V7000 Unified, # sonas : for using IBM Scale Out NAS, gpfs-nas : for using @@ -1550,8 +1574,7 @@ volumes_dir=$state_path/volumes # value) #xiv_ds8k_proxy=xiv_ds8k_openstack.nova_proxy.XIVDS8KNovaProxy -# Connection type to the IBM Storage Array -# (fibre_channel|iscsi) (string value) +# Connection type to the IBM Storage Array (string value) #xiv_ds8k_connection_type=iscsi # CHAP authentication mode, effective only for iscsi @@ -1565,17 +1588,22 @@ volumes_dir=$state_path/volumes # Name for the VG that will contain exported volumes (string # value) -volume_group=cinder-volumes +#volume_group=cinder-volumes # If >0, create LVs with multiple mirrors. Note that this # requires lvm_mirrors + 2 PVs with available space (integer # value) #lvm_mirrors=0 -# Type of LVM volumes to deploy; (default or thin) (string -# value) +# Type of LVM volumes to deploy (string value) #lvm_type=default +# LVM conf file to use for the LVM driver in Cinder; this +# setting is ignored if the specified file does not exist (You +# can also specify 'None' to not use a conf file even if one +# exists). (string value) +#lvm_conf_file=/etc/cinder/lvm.conf + # # Options defined in cinder.volume.drivers.netapp.options @@ -1584,11 +1612,18 @@ volume_group=cinder-volumes # The vFiler unit on which provisioning of block storage # volumes will be done. This option is only used by the driver # when connecting to an instance with a storage family of Data -# ONTAP operating in 7-Mode and the storage protocol selected -# is iSCSI. Only use this option when utilizing the MultiStore -# feature on the NetApp storage system. (string value) +# ONTAP operating in 7-Mode. Only use this option when +# utilizing the MultiStore feature on the NetApp storage +# system. (string value) #netapp_vfiler=<None> +# The name of the config.conf stanza for a Data ONTAP (7-mode) +# HA partner. This option is only used by the driver when +# connecting to an instance with a storage family of Data +# ONTAP operating in 7-Mode, and it is required if the storage +# protocol selected is FC. (string value) +#netapp_partner_backend_name=<None> + # Administrative user account name used to access the storage # system or proxy server. (string value) #netapp_login=<None> @@ -1599,14 +1634,7 @@ volume_group=cinder-volumes # This option specifies the virtual storage server (Vserver) # name on the storage cluster on which provisioning of block -# storage volumes should occur. If using the NFS storage -# protocol, this parameter is mandatory for storage service -# catalog support (utilized by Cinder volume type extra_specs -# support). If this option is specified, the exports belonging -# to the Vserver will only be used for provisioning in the -# future. Block storage volumes on exports not belonging to -# the Vserver specified by this option will continue to -# function normally. (string value) +# storage volumes should occur. (string value) #netapp_vserver=<None> # The hostname (or IP address) for the storage system or proxy @@ -1614,11 +1642,10 @@ volume_group=cinder-volumes #netapp_server_hostname=<None> # The TCP port to use for communication with the storage -# system or proxy server. Traditionally, port 80 is used for -# HTTP and port 443 is used for HTTPS; however, this value -# should be changed if an alternate port has been configured -# on the storage system or proxy server. (integer value) -#netapp_server_port=80 +# system or proxy server. If not specified, Data ONTAP drivers +# will use 80 for HTTP and 443 for HTTPS; E-Series will use +# 8080 for HTTP and 8443 for HTTPS. (integer value) +#netapp_server_port=<None> # This option is used to specify the path to the E-Series # proxy application on a proxy server. The value is combined @@ -1687,11 +1714,11 @@ volume_group=cinder-volumes #netapp_size_multiplier=1.2 # This option is only utilized when the storage protocol is -# configured to use iSCSI. This option is used to restrict -# provisioning to the specified controller volumes. Specify -# the value of this option to be a comma separated list of -# NetApp controller volume names to be used for provisioning. -# (string value) +# configured to use iSCSI or FC. This option is used to +# restrict provisioning to the specified controller volumes. +# Specify the value of this option to be a comma separated +# list of NetApp controller volume names to be used for +# provisioning. (string value) #netapp_volume_list=<None> # The storage family type used on the storage system; valid @@ -1701,89 +1728,15 @@ volume_group=cinder-volumes #netapp_storage_family=ontap_cluster # The storage protocol to be used on the data path with the -# storage system; valid values are iscsi or nfs. (string -# value) +# storage system. (string value) #netapp_storage_protocol=<None> # The transport protocol used when communicating with the -# storage system or proxy server. Valid values are http or -# https. (string value) +# storage system or proxy server. (string value) #netapp_transport_type=http # -# Options defined in cinder.volume.drivers.nexenta.options -# - -# IP address of Nexenta SA (string value) -#nexenta_host= - -# HTTP port to connect to Nexenta REST API server (integer -# value) -#nexenta_rest_port=2000 - -# Use http or https for REST connection (default auto) (string -# value) -#nexenta_rest_protocol=auto - -# User name to connect to Nexenta SA (string value) -#nexenta_user=admin - -# Password to connect to Nexenta SA (string value) -#nexenta_password=nexenta - -# Nexenta target portal port (integer value) -#nexenta_iscsi_target_portal_port=3260 - -# SA Pool that holds all volumes (string value) -#nexenta_volume=cinder - -# IQN prefix for iSCSI targets (string value) -#nexenta_target_prefix=iqn.1986-03.com.sun:02:cinder- - -# Prefix for iSCSI target groups on SA (string value) -#nexenta_target_group_prefix=cinder/ - -# File with the list of available nfs shares (string value) -#nexenta_shares_config=/etc/cinder/nfs_shares - -# Base directory that contains NFS share mount points (string -# value) -#nexenta_mount_point_base=$state_path/mnt - -# Enables or disables the creation of volumes as sparsed files -# that take no space. If disabled (False), volume is created -# as a regular file, which takes a long time. (boolean value) -#nexenta_sparsed_volumes=true - -# Default compression value for new ZFS folders. (string -# value) -#nexenta_volume_compression=on - -# If set True cache NexentaStor appliance volroot option -# value. (boolean value) -#nexenta_nms_cache_volroot=true - -# Enable stream compression, level 1..9. 1 - gives best speed; -# 9 - gives best compression. (integer value) -#nexenta_rrmgr_compression=0 - -# TCP Buffer size in KiloBytes. (integer value) -#nexenta_rrmgr_tcp_buf_size=4096 - -# Number of TCP connections. (integer value) -#nexenta_rrmgr_connections=2 - -# Block size for volumes (default=blank means 8KB) (string -# value) -#nexenta_blocksize= - -# Enables or disables the creation of sparse volumes (boolean -# value) -#nexenta_sparse=false - - -# # Options defined in cinder.volume.drivers.nfs # @@ -1813,6 +1766,11 @@ volume_group=cinder-volumes # nfs man page for details. (string value) #nfs_mount_options=<None> +# The number of attempts to mount nfs shares before raising an +# error. At least one attempt will be made to mount an nfs +# share, regardless of the value specified. (integer value) +#nfs_mount_attempts=3 + # # Options defined in cinder.volume.drivers.nimble @@ -1826,6 +1784,15 @@ volume_group=cinder-volumes # +# Options defined in cinder.volume.drivers.openvstorage +# + +# Vpool to use for volumes - backend is defined by vpool not +# by us. (string value) +#vpool_name= + + +# # Options defined in cinder.volume.drivers.prophetstor.options # @@ -1846,6 +1813,31 @@ volume_group=cinder-volumes # +# Options defined in cinder.volume.drivers.quobyte +# + +# URL to the Quobyte volume e.g., quobyte://<DIR host>/<volume +# name> (string value) +#quobyte_volume_url=<None> + +# Path to a Quobyte Client configuration file. (string value) +#quobyte_client_cfg=<None> + +# Create volumes as sparse files which take no space. If set +# to False, volume is created as regular file.In such case +# volume creation takes a lot of time. (boolean value) +#quobyte_sparsed_volumes=true + +# Create volumes as QCOW2 files rather than raw files. +# (boolean value) +#quobyte_qcow2_volumes=true + +# Base dir containing the mount point for the Quobyte volume. +# (string value) +#quobyte_mount_point_base=$state_path/mnt + + +# # Options defined in cinder.volume.drivers.rbd # @@ -1869,7 +1861,8 @@ volume_group=cinder-volumes # Directory where temporary image files are stored when the # volume driver does not write them directly to the volume. -# (string value) +# Warning: this option is now deprecated, please use +# image_conversion_dir instead. (string value) #volume_tmp_dir=<None> # Maximum number of nested volume clones that are taken before @@ -1907,6 +1900,32 @@ volume_group=cinder-volumes # (string value) #nas_private_key= +# Allow network-attached storage systems to operate in a +# secure environment where root level access is not permitted. +# If set to False, access is as the root user and insecure. If +# set to True, access is not as root. If set to auto, a check +# is done to determine if this is a new installation: True is +# used if so, otherwise False. Default is auto. (string value) +#nas_secure_file_operations=auto + +# Set more secure file permissions on network-attached storage +# volume files to restrict broad other/world access. If set to +# False, volumes are created with open permissions. If set to +# True, volumes are created with permissions for the cinder +# user and group (660). If set to auto, a check is done to +# determine if this is a new installation: True is used if so, +# otherwise False. Default is auto. (string value) +#nas_secure_file_permissions=auto + +# Path to the share to use for storing Cinder volumes. For +# example: "/srv/export1" for an NFS server export available +# at 10.0.5.10:/srv/export1 . (string value) +#nas_share_path= + +# Options used to mount the storage backend file system where +# Cinder volumes are stored. (string value) +#nas_mount_options=<None> + # # Options defined in cinder.volume.drivers.san.hp.hp_3par_common @@ -1922,11 +1941,11 @@ volume_group=cinder-volumes # 3PAR Super user password (string value) #hp3par_password= -# The CPG to use for volume creation (string value) +# List of the CPG(s) to use for volume creation (list value) #hp3par_cpg=OpenStack -# The CPG to use for Snapshots for volumes. If empty -# hp3par_cpg will be used (string value) +# The CPG to use for Snapshots for volumes. If empty the +# userCPG will be used. (string value) #hp3par_cpg_snap= # The time in hours to retain a snapshot. You can't delete it @@ -1974,14 +1993,6 @@ volume_group=cinder-volumes # -# Options defined in cinder.volume.drivers.san.hp.hp_msa_common -# - -# The VDisk to use for volume creation. (string value) -#msa_vdisk=OpenStack - - -# # Options defined in cinder.volume.drivers.san.san # @@ -2022,15 +2033,6 @@ volume_group=cinder-volumes # -# Options defined in cinder.volume.drivers.san.solaris -# - -# The ZFS path under which to create zvols for volumes. -# (string value) -#san_zfs_volume_base=rpool/ - - -# # Options defined in cinder.volume.drivers.scality # @@ -2053,8 +2055,7 @@ volume_group=cinder-volumes #smbfs_shares_config=/etc/cinder/smbfs_shares # Default format that will be used when creating volumes if no -# volume format is specified. Can be set to: raw, qcow2, vhd -# or vhdx. (string value) +# volume format is specified. (string value) #smbfs_default_volume_format=qcow2 # Create volumes as sparsed files which take no space rather @@ -2097,12 +2098,48 @@ volume_group=cinder-volumes # default behavior). The default is NO prefix. (string value) #sf_account_prefix=<None> +# Account name on the SolidFire Cluster to use as owner of +# template/cache volumes (created if does not exist). (string +# value) +#sf_template_account_name=openstack-vtemplate + +# Create an internal cache of copy of images when a bootable +# volume is created to eliminate fetch from glance and qemu- +# conversion on subsequent calls. (boolean value) +#sf_allow_template_caching=true + # SolidFire API port. Useful if the device api is behind a # proxy on a different port. (integer value) #sf_api_port=443 # +# Options defined in cinder.volume.drivers.srb +# + +# Comma-separated list of REST servers IP to connect to. (eg +# http://IP1/,http://IP2:81/path (string value) +#srb_base_urls=<None> + + +# +# Options defined in cinder.volume.drivers.violin.v6000_common +# + +# IP address or hostname of mg-a (string value) +#gateway_mga=<None> + +# IP address or hostname of mg-b (string value) +#gateway_mgb=<None> + +# Use igroups to manage targets and initiators (boolean value) +#use_igroups=false + +# Global backend request timeout, in seconds (integer value) +#request_timeout=300 + + +# # Options defined in cinder.volume.drivers.vmware.vmdk # @@ -2165,98 +2202,55 @@ volume_group=cinder-volumes # -# Options defined in cinder.volume.drivers.zadara +# Options defined in cinder.volume.drivers.xio # -# Management IP of Zadara VPSA (string value) -#zadara_vpsa_ip=<None> +# Default storage pool for volumes. (integer value) +#ise_storage_pool=1 -# Zadara VPSA port number (string value) -#zadara_vpsa_port=<None> +# Raid level for ISE volumes. (integer value) +#ise_raid=1 -# Use SSL connection (boolean value) -#zadara_vpsa_use_ssl=false +# Number of retries (per port) when establishing connection to +# ISE management port. (integer value) +#ise_connection_retries=5 -# User name for the VPSA (string value) -#zadara_user=<None> +# Interval (secs) between retries. (integer value) +#ise_retry_interval=1 -# Password for the VPSA (string value) -#zadara_password=<None> +# Number on retries to get completion status after issuing a +# command to ISE. (integer value) +#ise_completion_retries=30 -# Name of VPSA storage pool for volumes (string value) -#zadara_vpsa_poolname=<None> -# Default thin provisioning policy for volumes (boolean value) -#zadara_vol_thin=true - -# Default encryption policy for volumes (boolean value) -#zadara_vol_encrypt=false +# +# Options defined in cinder.volume.drivers.zfssa.zfssanfs +# -# Default template for VPSA volume names (string value) -#zadara_vol_name_template=OS_%s +# Data path IP address (string value) +#zfssa_data_ip=<None> -# Automatically detach from servers on volume delete (boolean -# value) -#zadara_vpsa_auto_detach_on_delete=true +# HTTPS port number (string value) +#zfssa_https_port=443 -# Don't halt on deletion of non-existing volumes (boolean +# Options to be passed while mounting share over nfs (string # value) -#zadara_vpsa_allow_nonexistent_delete=true - - -# -# Options defined in cinder.volume.drivers.zfssa.zfssaiscsi -# +#zfssa_nfs_mount_options= # Storage pool name. (string value) -#zfssa_pool=<None> +#zfssa_nfs_pool= # Project name. (string value) -#zfssa_project=<None> +#zfssa_nfs_project=NFSProject -# Block size: 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k. -# (string value) -#zfssa_lun_volblocksize=8k +# Share name. (string value) +#zfssa_nfs_share=nfs_share -# Flag to enable sparse (thin-provisioned): True, False. -# (boolean value) -#zfssa_lun_sparse=false - -# Data compression-off, lzjb, gzip-2, gzip, gzip-9. (string -# value) -#zfssa_lun_compression= +# Data compression. (string value) +#zfssa_nfs_share_compression=off # Synchronous write bias-latency, throughput. (string value) -#zfssa_lun_logbias= - -# iSCSI initiator group. (string value) -#zfssa_initiator_group= - -# iSCSI initiator IQNs. (comma separated) (string value) -#zfssa_initiator= - -# iSCSI initiator CHAP user. (string value) -#zfssa_initiator_user= - -# iSCSI initiator CHAP password. (string value) -#zfssa_initiator_password= - -# iSCSI target group name. (string value) -#zfssa_target_group=tgt-grp - -# iSCSI target CHAP user. (string value) -#zfssa_target_user= - -# iSCSI target CHAP password. (string value) -#zfssa_target_password= - -# iSCSI target portal (Data-IP:Port, w.x.y.z:3260). (string -# value) -#zfssa_target_portal=<None> - -# Network interfaces of iSCSI targets. (comma separated) -# (string value) -#zfssa_target_interfaces=<None> +#zfssa_nfs_share_logbias=latency # REST connection timeout. (seconds) (integer value) #zfssa_rest_timeout=<None> @@ -2267,7 +2261,7 @@ volume_group=cinder-volumes # # Driver to use for volume creation (string value) -volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver +#volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver # Timeout for creating the volume to migrate to when # performing volume migration (seconds) (integer value) @@ -2281,7 +2275,12 @@ volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver #zoning_mode=none # User defined capabilities, a JSON formatted string -# specifying key/value pairs. (string value) +# specifying key/value pairs. The key/value pairs can be used +# by the CapabilitiesFilter to select between backends when +# requests specify volume types. For example, specifying a +# service level or the geographical location of a backend, +# then creating a volume type to allow the user to select by +# these different properties. (string value) #extra_capabilities={} @@ -2350,112 +2349,6 @@ volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver [database] # -# Options defined in oslo.db -# - -# The file name to use with SQLite. (string value) -#sqlite_db=oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous=true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy - -# The SQLAlchemy connection string to use to connect to the -# database. (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/cinder - -# The SQLAlchemy connection string to use to connect to the -# slave database. (string value) -#slave_connection=<None> - -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode=TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size=<None> - -# Maximum number of database connection retries during -# startup. Set to -1 to specify an infinite retry count. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 - -# Interval between retries of opening a SQL connection. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 - -# If set, use this value for max_overflow with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow=<None> - -# Verbosity of SQL debugging information: 0=None, -# 100=Everything. (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 - -# Add Python stack traces to SQL as comment strings. (boolean -# value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false - -# If set, use this value for pool_timeout with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout=<None> - -# Enable the experimental use of database reconnect on -# connection lost. (boolean value) -#use_db_reconnect=false - -# Seconds between database connection retries. (integer value) -#db_retry_interval=1 - -# If True, increases the interval between database connection -# retries up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval=true - -# If db_inc_retry_interval is set, the maximum seconds between -# database connection retries. (integer value) -#db_max_retry_interval=10 - -# Maximum database connection retries before error is raised. -# Set to -1 to specify an infinite retry count. (integer -# value) -#db_max_retries=20 - - -# # Options defined in oslo.db.concurrency # @@ -2491,15 +2384,16 @@ connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROL # value) #zone_driver=cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver.BrcdFCZoneDriver -# Zoning policy configured by user (string value) +# Zoning policy configured by user; valid values include +# "initiator-target" or "initiator" (string value) #zoning_policy=initiator-target -# Comma separated list of fibre channel fabric names. This +# Comma separated list of Fibre Channel fabric names. This # list of names is used to retrieve other SAN credentials for # connecting to each SAN fabric (string value) #fc_fabric_names=<None> -# FC San Lookup Service (string value) +# FC SAN Lookup Service (string value) #fc_san_lookup_service=cinder.zonemanager.drivers.brocade.brcd_fc_san_lookup_service.BrcdFCSanLookupService @@ -2528,7 +2422,7 @@ connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROL # # Authentication url for encryption service. (string value) -#encryption_auth_url=http://localhost:5000/v2.0 +#encryption_auth_url=http://localhost:5000/v3 # Url for encryption service. (string value) #encryption_api_url=http://localhost:9311/v1 @@ -2540,73 +2434,34 @@ connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROL # Options defined in keystonemiddleware.auth_token # -# Prefix to prepend at the beginning of the path. Deprecated, -# use identity_uri. (string value) -#auth_admin_prefix= - -# Host providing the admin Identity API endpoint. Deprecated, -# use identity_uri. (string value) -#auth_host=127.0.0.1 +# Complete public Identity API endpoint. (string value) +#auth_uri=<None> -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -#auth_port=35357 - -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -#auth_protocol=https - -# Complete public Identity API endpoint (string value) -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 - -# Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint e.g. https://localhost:35357/ -# (string value) -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 - -# API version of the admin Identity API endpoint (string +# API version of the admin Identity API endpoint. (string # value) #auth_version=<None> # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI -# components (boolean value) +# components. (boolean value) #delay_auth_decision=false # Request timeout value for communicating with Identity API -# server. (boolean value) +# server. (integer value) #http_connect_timeout=<None> # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries=3 -# This option is deprecated and may be removed in a future -# release. Single shared secret with the Keystone -# configuration used for bootstrapping a Keystone -# installation, or otherwise bypassing the normal -# authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token=<None> - -# Keystone account username (string value) -admin_user={{ CINDER_SERVICE_USER }} - -# Keystone account password (string value) -admin_password={{ CINDER_SERVICE_PASSWORD }} - -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name=service - -# Env key for the swift cache (string value) +# Env key for the swift cache. (string value) #cache=<None> -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #certfile=<None> -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #keyfile=<None> @@ -2617,7 +2472,7 @@ admin_tenant_name=service # Verify HTTPS connections. (boolean value) #insecure=false -# Directory used to cache files related to PKI tokens (string +# Directory used to cache files related to PKI tokens. (string # value) #signing_dir=<None> @@ -2640,7 +2495,7 @@ admin_tenant_name=service # value) #revocation_cache_time=10 -# (optional) if defined, indicate whether token data should be +# (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable # values are MAC or ENCRYPT. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token @@ -2649,38 +2504,38 @@ admin_tenant_name=service # raise an exception on initialization. (string value) #memcache_security_strategy=<None> -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string +# (Optional, mandatory if memcache_security_strategy is +# defined) This string is used for key derivation. (string # value) #memcache_secret_key=<None> -# (optional) number of seconds memcached server is considered +# (Optional) Number of seconds memcached server is considered # dead before it is tried again. (integer value) #memcache_pool_dead_retry=300 -# (optional) max total number of open connections to every +# (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize=10 -# (optional) socket timeout in seconds for communicating with +# (Optional) Socket timeout in seconds for communicating with # a memcache server. (integer value) #memcache_pool_socket_timeout=3 -# (optional) number of seconds a connection to memcached is +# (Optional) Number of seconds a connection to memcached is # held unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout=60 -# (optional) number of seconds that an operation will wait to +# (Optional) Number of seconds that an operation will wait to # get a memcache client connection from the pool. (integer # value) #memcache_pool_conn_get_timeout=10 -# (optional) use the advanced (eventlet safe) memcache client +# (Optional) Use the advanced (eventlet safe) memcache client # pool. The advanced pool will only work under python 2.x. # (boolean value) #memcache_use_advanced_pool=false -# (optional) indicate whether to set the X-Service-Catalog +# (Optional) Indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) @@ -2699,7 +2554,7 @@ admin_tenant_name=service # If true, the revocation list will be checked for cached # tokens. This requires that PKI tokens are configured on the -# Keystone server. (boolean value) +# identity server. (boolean value) #check_revocations_for_cached=false # Hash algorithms to use for hashing PKI tokens. This may be a @@ -2747,7 +2602,6 @@ admin_tenant_name=service # # Options defined in oslo.messaging # -# NOTE: Options in this group are supported when using oslo.messaging >=1.5.0. # address prefix used when sending to a specific server # (string value) @@ -2791,6 +2645,157 @@ admin_tenant_name=service #allow_insecure_clients=false +[oslo_messaging_qpid] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The number of prefetched messages held by receiver. (integer +# value) +#qpid_receiver_capacity=1 + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + + +[oslo_messaging_rabbit] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# SSL version to use (valid only if SSL enabled). Valid values +# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may +# be available on some distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +#rabbit_host=localhost + +# The RabbitMQ broker port where a single node is used. +# (integer value) +#rabbit_port=5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +#rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +#rabbit_userid=guest + +# The RabbitMQ password. (string value) +#rabbit_password=guest + +# The RabbitMQ login method. (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# Number of seconds after which the Rabbit broker is +# considered down if heartbeat's keep-alive fails (0 disables +# the heartbeat, >0 enables it. Enabling heartbeats requires +# kombu>=3.0.7 and amqp>=1.4.0). EXPERIMENTAL (integer value) +#heartbeat_timeout_threshold=0 + +# How often times during the heartbeat_timeout_threshold we +# check the heartbeat. (integer value) +#heartbeat_rate=2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +#fake_rabbit=false + + [profiler] # @@ -2804,22 +2809,173 @@ admin_tenant_name=service #trace_sqlalchemy=false -[ssl] +[DEFAULT] + + +[keystone_authtoken] # -# Options defined in cinder.openstack.common.sslutils +# From keystonemiddleware.auth_token # -# CA certificate file to use to verify connecting clients -# (string value) -#ca_file=<None> +# Complete public Identity API endpoint. (string value) +#auth_uri = <None> -# Certificate file to use when starting the server securely -# (string value) -#cert_file=<None> +# API version of the admin Identity API endpoint. (string value) +#auth_version = <None> -# Private key file to use when starting the server securely -# (string value) -#key_file=<None> +# Do not handle authorization requests within the middleware, but +# delegate the authorization decision to downstream WSGI components. +# (boolean value) +#delay_auth_decision = false + +# Request timeout value for communicating with Identity API server. +# (integer value) +#http_connect_timeout = <None> + +# How many times are we trying to reconnect when communicating with +# Identity API Server. (integer value) +#http_request_max_retries = 3 + +# Env key for the swift cache. (string value) +#cache = <None> + +# Required if identity server requires client certificate (string +# value) +#certfile = <None> + +# Required if identity server requires client certificate (string +# value) +#keyfile = <None> + +# A PEM encoded Certificate Authority to use when verifying HTTPs +# connections. Defaults to system CAs. (string value) +#cafile = <None> + +# Verify HTTPS connections. (boolean value) +#insecure = false + +# Directory used to cache files related to PKI tokens. (string value) +#signing_dir = <None> + +# Optionally specify a list of memcached server(s) to use for caching. +# If left undefined, tokens will instead be cached in-process. (list +# value) +# Deprecated group/name - [DEFAULT]/memcache_servers +#memcached_servers = <None> + +# In order to prevent excessive effort spent validating tokens, the +# middleware caches previously-seen tokens for a configurable duration +# (in seconds). Set to -1 to disable caching completely. (integer +# value) +#token_cache_time = 300 + +# Determines the frequency at which the list of revoked tokens is +# retrieved from the Identity service (in seconds). A high number of +# revocation events combined with a low cache duration may +# significantly reduce performance. (integer value) +#revocation_cache_time = 10 + +# (Optional) If defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable values are +# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in +# the cache. If ENCRYPT, token data is encrypted and authenticated in +# the cache. If the value is not one of these options or empty, +# auth_token will raise an exception on initialization. (string value) +#memcache_security_strategy = <None> + +# (Optional, mandatory if memcache_security_strategy is defined) This +# string is used for key derivation. (string value) +#memcache_secret_key = <None> + +# (Optional) Number of seconds memcached server is considered dead +# before it is tried again. (integer value) +#memcache_pool_dead_retry = 300 + +# (Optional) Maximum total number of open connections to every +# memcached server. (integer value) +#memcache_pool_maxsize = 10 + +# (Optional) Socket timeout in seconds for communicating with a +# memcache server. (integer value) +#memcache_pool_socket_timeout = 3 + +# (Optional) Number of seconds a connection to memcached is held +# unused in the pool before it is closed. (integer value) +#memcache_pool_unused_timeout = 60 + +# (Optional) Number of seconds that an operation will wait to get a +# memcache client connection from the pool. (integer value) +#memcache_pool_conn_get_timeout = 10 + +# (Optional) Use the advanced (eventlet safe) memcache client pool. +# The advanced pool will only work under python 2.x. (boolean value) +#memcache_use_advanced_pool = false + +# (Optional) Indicate whether to set the X-Service-Catalog header. If +# False, middleware will not ask for service catalog on token +# validation and will not set the X-Service-Catalog header. (boolean +# value) +#include_service_catalog = true + +# Used to control the use and type of token binding. Can be set to: +# "disabled" to not check token binding. "permissive" (default) to +# validate binding information if the bind type is of a form known to +# the server and ignore it if not. "strict" like "permissive" but if +# the bind type is unknown the token will be rejected. "required" any +# form of token binding is needed to be allowed. Finally the name of a +# binding method that must be present in tokens. (string value) +#enforce_token_bind = permissive + +# If true, the revocation list will be checked for cached tokens. This +# requires that PKI tokens are configured on the identity server. +# (boolean value) +#check_revocations_for_cached = false + +# Hash algorithms to use for hashing PKI tokens. This may be a single +# algorithm or multiple. The algorithms are those supported by Python +# standard hashlib.new(). The hashes will be tried in the order given, +# so put the preferred one first for performance. The result of the +# first hash will be stored in the cache. This will typically be set +# to multiple values only while migrating from a less secure algorithm +# to a more secure one. Once all the old tokens are expired this +# option should be set to a single value for better performance. (list +# value) +#hash_algorithms = md5 + +# Prefix to prepend at the beginning of the path. Deprecated, use +# identity_uri. (string value) +#auth_admin_prefix = + +# Host providing the admin Identity API endpoint. Deprecated, use +# identity_uri. (string value) +#auth_host = 127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +#auth_port = 35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +#auth_protocol = https + +# Complete admin Identity API endpoint. This should specify the +# unversioned root endpoint e.g. https://localhost:35357/ (string +# value) +#identity_uri = <None> + +# This option is deprecated and may be removed in a future release. +# Single shared secret with the Keystone configuration used for +# bootstrapping a Keystone installation, or otherwise bypassing the +# normal authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token = <None> + +# Service username. (string value) +#admin_user = <None> +# Service user password. (string value) +#admin_password = <None> +# Service tenant name. (string value) +#admin_tenant_name = admin diff --git a/install-files/openstack/usr/share/openstack/cinder/policy.json b/install-files/openstack/usr/share/openstack/cinder/policy.json deleted file mode 100644 index 8f3a7b2f..00000000 --- a/install-files/openstack/usr/share/openstack/cinder/policy.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "context_is_admin": "role:admin", - "admin_or_owner": "is_admin:True or project_id:%(project_id)s", - "default": "rule:admin_or_owner", - - "admin_api": "is_admin:True", - - "volume:create": "", - "volume:get_all": "", - "volume:get_volume_metadata": "", - "volume:get_volume_admin_metadata": "rule:admin_api", - "volume:delete_volume_admin_metadata": "rule:admin_api", - "volume:update_volume_admin_metadata": "rule:admin_api", - "volume:get_snapshot": "", - "volume:get_all_snapshots": "", - "volume:extend": "", - "volume:update_readonly_flag": "", - "volume:retype": "", - - "volume_extension:types_manage": "rule:admin_api", - "volume_extension:types_extra_specs": "rule:admin_api", - "volume_extension:volume_type_encryption": "rule:admin_api", - "volume_extension:volume_encryption_metadata": "rule:admin_or_owner", - "volume_extension:extended_snapshot_attributes": "", - "volume_extension:volume_image_metadata": "", - - "volume_extension:quotas:show": "", - "volume_extension:quotas:update": "rule:admin_api", - "volume_extension:quota_classes": "", - - "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", - "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", - "volume_extension:backup_admin_actions:reset_status": "rule:admin_api", - "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", - "volume_extension:volume_admin_actions:force_detach": "rule:admin_api", - "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api", - "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api", - "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api", - - "volume_extension:volume_host_attribute": "rule:admin_api", - "volume_extension:volume_tenant_attribute": "rule:admin_or_owner", - "volume_extension:volume_mig_status_attribute": "rule:admin_api", - "volume_extension:hosts": "rule:admin_api", - "volume_extension:services": "rule:admin_api", - - "volume_extension:volume_manage": "rule:admin_api", - "volume_extension:volume_unmanage": "rule:admin_api", - - "volume:services": "rule:admin_api", - - "volume:create_transfer": "", - "volume:accept_transfer": "", - "volume:delete_transfer": "", - "volume:get_all_transfers": "", - - "volume_extension:replication:promote": "rule:admin_api", - "volume_extension:replication:reenable": "rule:admin_api", - - "backup:create" : "", - "backup:delete": "", - "backup:get": "", - "backup:get_all": "", - "backup:restore": "", - "backup:backup-import": "rule:admin_api", - "backup:backup-export": "rule:admin_api", - - "snapshot_extension:snapshot_actions:update_snapshot_status": "", - - "consistencygroup:create" : "group:nobody", - "consistencygroup:delete": "group:nobody", - "consistencygroup:get": "group:nobody", - "consistencygroup:get_all": "group:nobody", - - "consistencygroup:create_cgsnapshot" : "", - "consistencygroup:delete_cgsnapshot": "", - "consistencygroup:get_cgsnapshot": "", - "consistencygroup:get_all_cgsnapshots": "", - - "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api" -} diff --git a/install-files/openstack/usr/share/openstack/glance/glance-api-paste.ini b/install-files/openstack/usr/share/openstack/glance/glance-api-paste.ini deleted file mode 100644 index 86a4cdb1..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-api-paste.ini +++ /dev/null @@ -1,77 +0,0 @@ -# Use this pipeline for no auth or image caching - DEFAULT -[pipeline:glance-api] -pipeline = versionnegotiation osprofiler unauthenticated-context rootapp - -# Use this pipeline for image caching and no auth -[pipeline:glance-api-caching] -pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp - -# Use this pipeline for caching w/ management interface but no auth -[pipeline:glance-api-cachemanagement] -pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp - -# Use this pipeline for keystone auth -[pipeline:glance-api-keystone] -pipeline = versionnegotiation osprofiler authtoken context rootapp - -# Use this pipeline for keystone auth with image caching -[pipeline:glance-api-keystone+caching] -pipeline = versionnegotiation osprofiler authtoken context cache rootapp - -# Use this pipeline for keystone auth with caching and cache management -[pipeline:glance-api-keystone+cachemanagement] -pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user. -[pipeline:glance-api-trusted-auth] -pipeline = versionnegotiation osprofiler context rootapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user and uses cache management -[pipeline:glance-api-trusted-auth+cachemanagement] -pipeline = versionnegotiation osprofiler context cache cachemanage rootapp - -[composite:rootapp] -paste.composite_factory = glance.api:root_app_factory -/: apiversions -/v1: apiv1app -/v2: apiv2app - -[app:apiversions] -paste.app_factory = glance.api.versions:create_resource - -[app:apiv1app] -paste.app_factory = glance.api.v1.router:API.factory - -[app:apiv2app] -paste.app_factory = glance.api.v2.router:API.factory - -[filter:versionnegotiation] -paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory - -[filter:cache] -paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory - -[filter:cachemanage] -paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory - -[filter:context] -paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory - -[filter:unauthenticated-context] -paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory -delay_auth_decision = true - -[filter:gzip] -paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes diff --git a/install-files/openstack/usr/share/openstack/glance/glance-api.conf b/install-files/openstack/usr/share/openstack/glance/glance-api.conf index 39257a6d..6e85cbb5 100644 --- a/install-files/openstack/usr/share/openstack/glance/glance-api.conf +++ b/install-files/openstack/usr/share/openstack/glance/glance-api.conf @@ -5,12 +5,6 @@ # Show debugging output in logs (sets DEBUG log level output) #debug = False -# Which backend scheme should Glance use by default is not specified -# in a request to add a new image to Glance? Known schemes are determined -# by the known_stores option below. -# Default: 'file' -default_store = file - # Maximum image size (in bytes) that may be uploaded through the # Glance API server. Defaults to 1 TB. # WARNING: this value should only be increased after careful consideration @@ -18,7 +12,7 @@ default_store = file #image_size_cap = 1099511627776 # Address to bind the API server -bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +bind_host = 0.0.0.0 # Port the bind the API server to bind_port = 9292 @@ -28,7 +22,7 @@ bind_port = 9292 # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. -# log_file = /var/log/glance/api.log +log_file = /var/log/glance/api.log # Backlog requests when creating socket backlog = 4096 @@ -85,11 +79,6 @@ backlog = 4096 # Supported values for the 'disk_format' image attribute #disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso -# Directory to use for lock files. Default to a temp directory -# (string value). This setting needs to be the same for both -# glance-scrubber and glance-api. -#lock_path=<None> - # Property Protections config file # This file contains the rules for property protections and the roles/policies # associated with it. @@ -109,11 +98,25 @@ backlog = 4096 # and 'store_type'. #location_strategy = location_order + +# Public url to use for versions endpoint. The default is None, +# which will use the request's host_url attribute to populate the URL base. +# If Glance is operating behind a proxy, you will want to change this to +# represent the proxy's URL. +#public_endpoint=<None> + +# http_keepalive option. If False, server will return the header +# "Connection: close", If True, server will return "Connection: Keep-Alive" +# in its responses. In order to close the client socket connection +# explicitly after the response is sent and read successfully by the client, +# you simply have to set this option to False when you create a wsgi server. +#http_keepalive = True + # ================= Syslog Options ============================ # Send logs to syslog (/dev/log) instead of to file specified # by `log_file` -use_syslog = True +#use_syslog = False # Facility to use. If unset defaults to LOG_USER. #syslog_log_facility = LOG_LOCAL0 @@ -136,10 +139,19 @@ use_syslog = True # Should be set to a random string of length 16, 24 or 32 bytes #metadata_encryption_key = <16, 24 or 32 char registry metadata key> + +# Digest algorithm which will be used for digital signature, the default is +# sha1 in Kilo for a smooth upgrade process, and it will be updated with +# sha256 in next release(L). Use command +# "openssl list-message-digest-algorithms" to get the available algorithms +# supported by the version of OpenSSL on the platform. Examples are 'sha1', +# 'sha256', 'sha512', etc. +#digest_algorithm = sha1 + # ============ Registry Options =============================== # Address to find the registry server -registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +registry_host = 0.0.0.0 # Port the registry server is listening on registry_port = 9191 @@ -174,10 +186,6 @@ registry_client_protocol = http # Default: 600 #registry_client_timeout = 600 -# Whether to automatically create the database tables. -# Default: False -#db_auto_create = False - # Enable DEBUG log messages from sqlalchemy which prints every database # query and response. # Default: False @@ -207,20 +215,30 @@ registry_client_protocol = http # Driver or drivers to handle sending notifications. Set to # 'messaging' to send notifications to a message queue. -notification_driver = messagingv2 +# notification_driver = noop # Default publisher_id for outgoing notifications. # default_publisher_id = image.localhost +# List of disabled notifications. A notification can be given either as a +# notification type to disable a single event, or as a notification group +# prefix to disable all events within a group. +# Example: if this config option is set to +# ["image.create", "metadef_namespace"], then "image.create" notification will +# not be sent after image is created and none of the notifications for +# metadefinition namespaces will be sent. +# disabled_notifications = [] + # Messaging driver used for 'messaging' notifications driver -rpc_backend=rabbit +# rpc_backend = 'rabbit' -# Configuration options if sending notifications via rabbitmq -rabbit_host = {{ RABBITMQ_HOST }} -rabbit_port = {{ RABBITMQ_PORT }} +# Configuration options if sending notifications via rabbitmq (these are +# the defaults) +rabbit_host = localhost +rabbit_port = 5672 rabbit_use_ssl = false -rabbit_userid = {{ RABBITMQ_USER }} -rabbit_password = {{ RABBITMQ_PASSWORD }} +rabbit_userid = guest +rabbit_password = guest rabbit_virtual_host = / rabbit_notification_exchange = glance rabbit_notification_topic = notifications @@ -228,22 +246,22 @@ rabbit_durable_queues = False # Configuration options if sending notifications via Qpid (these are # the defaults) -#qpid_notification_exchange = glance -#qpid_notification_topic = notifications -#qpid_hostname = localhost -#qpid_port = 5672 -#qpid_username = -#qpid_password = -#qpid_sasl_mechanisms = -#qpid_reconnect_timeout = 0 -#qpid_reconnect_limit = 0 -#qpid_reconnect_interval_min = 0 -#qpid_reconnect_interval_max = 0 -#qpid_reconnect_interval = 0 -#qpid_heartbeat = 5 +qpid_notification_exchange = glance +qpid_notification_topic = notifications +qpid_hostname = localhost +qpid_port = 5672 +qpid_username = +qpid_password = +qpid_sasl_mechanisms = +qpid_reconnect_timeout = 0 +qpid_reconnect_limit = 0 +qpid_reconnect_interval_min = 0 +qpid_reconnect_interval_max = 0 +qpid_reconnect_interval = 0 +qpid_heartbeat = 5 # Set to 'ssl' to enable SSL -#qpid_protocol = tcp -#qpid_tcp_nodelay = True +qpid_protocol = tcp +qpid_tcp_nodelay = True # ============ Delayed Delete Options ============================= @@ -281,6 +299,25 @@ scrubber_datadir = /var/lib/glance/scrubber # Base directory that the Image Cache uses image_cache_dir = /var/lib/glance/image-cache/ +# =============== Policy Options ================================== + +[oslo_policy] +# The JSON file that defines policies. +# Deprecated group/name - [DEFAULT]/policy_file +#policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. +# Deprecated group/name - [DEFAULT]/policy_default_rule +#policy_default_rule = default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. +# The file defined by policy_file must exist for these +# directories to be searched. +# Deprecated group/name - [DEFAULT]/policy_dirs +#policy_dirs = policy.d + # =============== Database Options ================================= [database] @@ -300,8 +337,6 @@ image_cache_dir = /var/lib/glance/image-cache/ # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = <None> -connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance - # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To @@ -381,12 +416,25 @@ connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROL # (setting -1 implies an infinite retry count) (integer value) #db_max_retries = 20 +[oslo_concurrency] + +# Enables or disables inter-process locks. (boolean value) +# Deprecated group/name - [DEFAULT]/disable_process_locking +#disable_process_locking = false + +# Directory to use for lock files. For security, the specified +# directory should only be writable by the user running the processes +# that need locking. It could be read from environment variable +# OSLO_LOCK_PATH. This setting needs to be the same for both +# glance-scrubber and glance-api service. Default to a temp directory. +# Deprecated group/name - [DEFAULT]/lock_path (string value) +#lock_path = /tmp + [keystone_authtoken] -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 -admin_tenant_name = service -admin_user = {{ GLANCE_SERVICE_USER }} -admin_password = {{ GLANCE_SERVICE_PASSWORD }} +identity_uri = http://127.0.0.1:35357 +admin_tenant_name = %SERVICE_TENANT_NAME% +admin_user = %SERVICE_USER% +admin_password = %SERVICE_PASSWORD% revocation_cache_time = 10 [paste_deploy] @@ -397,11 +445,11 @@ revocation_cache_time = 10 # service name removed. For example, if your paste section name is # [pipeline:glance-api-keystone], you would configure the flavor below # as 'keystone'. -flavor=keystone +#flavor= [store_type_location_strategy] # The scheme list to use to get store preference order. The scheme must be -# registered by one of the stores defined by the 'known_stores' config option. +# registered by one of the stores defined by the 'stores' config option. # This option will be applied when you using 'store_type' option as image # location strategy defined by the 'location_strategy' config option. #store_type_preference = @@ -422,16 +470,44 @@ flavor=keystone # task_time_to_live = 48 # Specifies which task executor to be used to run the task scripts. -# The default value for task_executor is eventlet. -# task_executor = eventlet +# The default value for task_executor is taskflow. +# task_executor = taskflow + +# Work dir for asynchronous task operations. The directory set here +# will be used to operate over images - normally before they are +# imported in the destination store. When providing work dir, make sure +# enough space is provided for concurrent tasks to run efficiently +# without running out of space. A rough estimation can be done by +# multiplying the number of `max_workers` - or the N of workers running +# - by an average image size (e.g 500MB). The image size estimation +# should be done based on the average size in your deployment. Note that +# depending on the tasks running you may need to multiply this number by +# some factor depending on what the task does. For example, you may want +# to double the available size if image conversion is enabled. All this +# being said, remember these are just estimations and you should do them +# based on the worst case scenario and be prepared to act in case they +# were wrong. +# work_dir=None # Specifies the maximum number of eventlet threads which can be spun up by # the eventlet based task executor to perform execution of Glance tasks. +# DEPRECATED: Use [taskflow_executor]/max_workers instead. # eventlet_executor_pool_size = 1000 +[taskflow_executor] +# The mode in which the engine will run. Can be 'default', 'serial', +# 'parallel' or 'worker-based' +#engine_mode = serial + +# The number of parallel activities executed at the same time by +# the engine. The value can be greater than one when the engine mode is +# 'parallel' or 'worker-based', otherwise this value will be ignored. +#max_workers = 10 + [glance_store] # List of which store classes and store class locations are # currently known to glance at startup. +# Deprecated group/name - [DEFAULT]/known_stores # Existing but disabled stores: # glance.store.rbd.Store, # glance.store.s3.Store, @@ -443,6 +519,13 @@ flavor=keystone #stores = glance.store.filesystem.Store, # glance.store.http.Store +# Which backend scheme should Glance use by default is not specified +# in a request to add a new image to Glance? Known schemes are determined +# by the stores option. +# Deprecated group/name - [DEFAULT]/default_store +# Default: 'file' +default_store = file + # ============ Filesystem Store Options ======================== # Directory that the Filesystem backend store @@ -518,18 +601,27 @@ swift_store_large_object_size = 5120 # the image file, and the default is 200MB swift_store_large_object_chunk_size = 200 -# Whether to use ServiceNET to communicate with the Swift storage servers. -# (If you aren't RACKSPACE, leave this False!) +# If set, the configured endpoint will be used. If None, the storage URL +# from the auth response will be used. The location of an object is +# obtained by appending the container and object to the configured URL. # -# To use ServiceNET for authentication, prefix hostname of -# `swift_store_auth_address` with 'snet-'. -# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ -swift_enable_snet = False +# swift_store_endpoint = https://www.example.com/v1/not_a_container +#swift_store_endpoint = # If set to True enables multi-tenant storage mode which causes Glance images # to be stored in tenant specific Swift accounts. #swift_store_multi_tenant = False +# If set to an integer value between 1 and 32, a single-tenant store will +# use multiple containers to store images. If set to the default value of 0, +# only a single container will be used. Multi-tenant stores are not affected +# by this option. The max number of containers that will be used to store +# images is approximately 16^N where N is the value of this option. Discuss +# the impact of this with your swift deployment team, as this option is only +# beneficial in the largest of deployments where swift rate limiting can lead +# to unwanted throttling on a single container. +#swift_store_multiple_containers_seed = 0 + # A list of swift ACL strings that will be applied as both read and # write ACLs to the containers created by Glance in multi-tenant # mode. This grants the specified tenants/users read and write access @@ -559,12 +651,16 @@ swift_enable_snet = False # Bypass SSL verification for Swift #swift_store_auth_insecure = False +# The path to a CA certificate bundle file to use for SSL verification when +# communicating with Swift. +#swift_store_cacert = + # ============ S3 Store Options ============================= # Address where the S3 authentication service lives # Valid schemes are 'http://' and 'https://' # If no scheme specified, default to 'http://' -s3_store_host = 127.0.0.1:8080/v1.0/ +s3_store_host = s3.amazonaws.com # User to authenticate against the S3 authentication service s3_store_access_key = <20-char AWS access key> @@ -678,11 +774,27 @@ sheepdog_store_chunk_size = 64 # Inventory path to a datacenter (string value) # Value optional when vmware_server_ip is an ESX/ESXi host: if specified # should be `ha-datacenter`. +# Deprecated in favor of vmware_datastores. #vmware_datacenter_path = <None> # Datastore associated with the datacenter (string value) +# Deprecated in favor of vmware_datastores. #vmware_datastore_name = <None> +# A list of datastores where the image can be stored. +# This option may be specified multiple times for specifying multiple +# datastores. Either one of vmware_datastore_name or vmware_datastores is +# required. The datastore name should be specified after its datacenter +# path, separated by ":". An optional weight may be given after the datastore +# name, separated again by ":". Thus, the required format becomes +# <datacenter_path>:<datastore_name>:<optional_weight>. +# When adding an image, the datastore with highest weight will be selected, +# unless there is not enough free space available in cases where the image size +# is already known. If no weight is given, it is assumed to be zero and the +# directory will be considered for selection last. If multiple datastores have +# the same weight, then the one with the most free space available is selected. +#vmware_datastores = <None> + # The number of times we retry on failures # e.g., socket error, etc (integer value) #vmware_api_retry_count = 10 diff --git a/install-files/openstack/usr/share/openstack/glance/glance-cache.conf b/install-files/openstack/usr/share/openstack/glance/glance-cache.conf deleted file mode 100644 index 3f2d4603..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-cache.conf +++ /dev/null @@ -1,200 +0,0 @@ -[DEFAULT] -# Show more verbose log output (sets INFO log level output) -#verbose = False - -# Show debugging output in logs (sets DEBUG log level output) -#debug = False - -# Log to this file. Make sure you do not set the same log file for both the API -# and registry servers! -# -# If `log_file` is omitted and `use_syslog` is false, then log messages are -# sent to stdout as a fallback. -# log_file = /var/log/glance/image-cache.log - -# Send logs to syslog (/dev/log) instead of to file specified by `log_file` -use_syslog = True - -# Directory that the Image Cache writes data to -image_cache_dir = /var/lib/glance/image-cache/ - -# Number of seconds after which we should consider an incomplete image to be -# stalled and eligible for reaping -image_cache_stall_time = 86400 - -# Max cache size in bytes -image_cache_max_size = 10737418240 - -# Address to find the registry server -registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Port the registry server is listening on -registry_port = 9191 - -# Auth settings if using Keystone -# auth_url = http://127.0.0.1:5000/v2.0/ -# admin_tenant_name = %SERVICE_TENANT_NAME% -# admin_user = %SERVICE_USER% -# admin_password = %SERVICE_PASSWORD% - -# List of which store classes and store class locations are -# currently known to glance at startup. -# known_stores = glance.store.filesystem.Store, -# glance.store.http.Store, -# glance.store.rbd.Store, -# glance.store.s3.Store, -# glance.store.swift.Store, -# glance.store.sheepdog.Store, -# glance.store.cinder.Store, -# glance.store.vmware_datastore.Store, - -# ============ Filesystem Store Options ======================== - -# Directory that the Filesystem backend store -# writes image data to -filesystem_store_datadir = /var/lib/glance/images/ - -# ============ Swift Store Options ============================= - -# Version of the authentication service to use -# Valid versions are '2' for keystone and '1' for swauth and rackspace -swift_store_auth_version = 2 - -# Address where the Swift authentication service lives -# Valid schemes are 'http://' and 'https://' -# If no scheme specified, default to 'https://' -# For swauth, use something like '127.0.0.1:8080/v1.0/' -swift_store_auth_address = 127.0.0.1:5000/v2.0/ - -# User to authenticate against the Swift authentication service -# If you use Swift authentication service, set it to 'account':'user' -# where 'account' is a Swift storage account and 'user' -# is a user in that account -swift_store_user = jdoe:jdoe - -# Auth key for the user authenticating against the -# Swift authentication service -swift_store_key = a86850deb2742ec3cb41518e26aa2d89 - -# Container within the account that the account should use -# for storing images in Swift -swift_store_container = glance - -# Do we create the container if it does not exist? -swift_store_create_container_on_put = False - -# What size, in MB, should Glance start chunking image files -# and do a large object manifest in Swift? By default, this is -# the maximum object size in Swift, which is 5GB -swift_store_large_object_size = 5120 - -# When doing a large object manifest, what size, in MB, should -# Glance write chunks to Swift? This amount of data is written -# to a temporary disk buffer during the process of chunking -# the image file, and the default is 200MB -swift_store_large_object_chunk_size = 200 - -# Whether to use ServiceNET to communicate with the Swift storage servers. -# (If you aren't RACKSPACE, leave this False!) -# -# To use ServiceNET for authentication, prefix hostname of -# `swift_store_auth_address` with 'snet-'. -# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ -swift_enable_snet = False - -# ============ S3 Store Options ============================= - -# Address where the S3 authentication service lives -# Valid schemes are 'http://' and 'https://' -# If no scheme specified, default to 'http://' -s3_store_host = 127.0.0.1:8080/v1.0/ - -# User to authenticate against the S3 authentication service -s3_store_access_key = <20-char AWS access key> - -# Auth key for the user authenticating against the -# S3 authentication service -s3_store_secret_key = <40-char AWS secret key> - -# Container within the account that the account should use -# for storing images in S3. Note that S3 has a flat namespace, -# so you need a unique bucket name for your glance images. An -# easy way to do this is append your AWS access key to "glance". -# S3 buckets in AWS *must* be lowercased, so remember to lowercase -# your AWS access key if you use it in your bucket name below! -s3_store_bucket = <lowercased 20-char aws access key>glance - -# Do we create the bucket if it does not exist? -s3_store_create_bucket_on_put = False - -# When sending images to S3, the data will first be written to a -# temporary buffer on disk. By default the platform's temporary directory -# will be used. If required, an alternative directory can be specified here. -# s3_store_object_buffer_dir = /path/to/dir - -# ============ Cinder Store Options =========================== - -# Info to match when looking for cinder in the service catalog -# Format is : separated values of the form: -# <service_type>:<service_name>:<endpoint_type> (string value) -#cinder_catalog_info = volume:cinder:publicURL - -# Override service catalog lookup with template for cinder endpoint -# e.g. http://localhost:8776/v1/%(project_id)s (string value) -#cinder_endpoint_template = <None> - -# Region name of this node (string value) -#os_region_name = <None> - -# Location of ca certicates file to use for cinder client requests -# (string value) -#cinder_ca_certificates_file = <None> - -# Number of cinderclient retries on failed http calls (integer value) -#cinder_http_retries = 3 - -# Allow to perform insecure SSL requests to cinder (boolean value) -#cinder_api_insecure = False - -# ============ VMware Datastore Store Options ===================== - -# ESX/ESXi or vCenter Server target system. -# The server value can be an IP address or a DNS name -# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com -#vmware_server_host = <None> - -# Server username (string value) -#vmware_server_username = <None> - -# Server password (string value) -#vmware_server_password = <None> - -# Inventory path to a datacenter (string value) -# Value optional when vmware_server_ip is an ESX/ESXi host: if specified -# should be `ha-datacenter`. -#vmware_datacenter_path = <None> - -# Datastore associated with the datacenter (string value) -#vmware_datastore_name = <None> - -# The number of times we retry on failures -# e.g., socket error, etc (integer value) -#vmware_api_retry_count = 10 - -# The interval used for polling remote tasks -# invoked on VMware ESX/VC server in seconds (integer value) -#vmware_task_poll_interval = 5 - -# Absolute path of the folder containing the images in the datastore -# (string value) -#vmware_store_image_dir = /openstack_glance - -# Allow to perform insecure SSL requests to the target system (boolean value) -#vmware_api_insecure = False - -# ================= Security Options ========================== - -# AES key for encrypting store 'location' metadata, including -# -- if used -- Swift or S3 credentials -# Should be set to a random string of length 16, 24 or 32 bytes -# metadata_encryption_key = <16, 24 or 32 char registry metadata key> diff --git a/install-files/openstack/usr/share/openstack/glance/glance-registry-paste.ini b/install-files/openstack/usr/share/openstack/glance/glance-registry-paste.ini deleted file mode 100644 index df403f6e..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-registry-paste.ini +++ /dev/null @@ -1,30 +0,0 @@ -# Use this pipeline for no auth - DEFAULT -[pipeline:glance-registry] -pipeline = osprofiler unauthenticated-context registryapp - -# Use this pipeline for keystone auth -[pipeline:glance-registry-keystone] -pipeline = osprofiler authtoken context registryapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user. -[pipeline:glance-registry-trusted-auth] -pipeline = osprofiler context registryapp - -[app:registryapp] -paste.app_factory = glance.registry.api:API.factory - -[filter:context] -paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory - -[filter:unauthenticated-context] -paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes diff --git a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf index 302f4138..f7ce7956 100644 --- a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf +++ b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf @@ -6,7 +6,7 @@ #debug = False # Address to bind the registry server -bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +bind_host = 0.0.0.0 # Port the bind the registry server to bind_port = 9191 @@ -16,7 +16,7 @@ bind_port = 9191 # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. -# log_file = /var/log/glance/registry.log +log_file = /var/log/glance/registry.log # Backlog requests when creating socket backlog = 4096 @@ -49,20 +49,23 @@ limit_param_default = 25 # Role used to identify an authenticated user as administrator #admin_role = admin -# Whether to automatically create the database tables. -# Default: False -#db_auto_create = False - # Enable DEBUG log messages from sqlalchemy which prints every database # query and response. # Default: False #sqlalchemy_debug = True +# http_keepalive option. If False, server will return the header +# "Connection: close", If True, server will return "Connection: Keep-Alive" +# in its responses. In order to close the client socket connection +# explicitly after the response is sent and read successfully by the client, +# you simply have to set this option to False when you create a wsgi server. +#http_keepalive = True + # ================= Syslog Options ============================ # Send logs to syslog (/dev/log) instead of to file specified # by `log_file` -use_syslog = True +#use_syslog = False # Facility to use. If unset defaults to LOG_USER. #syslog_log_facility = LOG_LOCAL1 @@ -82,20 +85,21 @@ use_syslog = True # Driver or drivers to handle sending notifications. Set to # 'messaging' to send notifications to a message queue. -notification_driver = messagingv2 +# notification_driver = noop # Default publisher_id for outgoing notifications. # default_publisher_id = image.localhost # Messaging driver used for 'messaging' notifications driver -rpc_backend=rabbit +# rpc_backend = 'rabbit' -# Configuration options if sending notifications via rabbitmq -rabbit_host = {{ RABBITMQ_HOST }} -rabbit_port = {{ RABBITMQ_PORT }} +# Configuration options if sending notifications via rabbitmq (these are +# the defaults) +rabbit_host = localhost +rabbit_port = 5672 rabbit_use_ssl = false -rabbit_userid = {{ RABBITMQ_USER }} -rabbit_password = {{ RABBITMQ_PASSWORD }} +rabbit_userid = guest +rabbit_password = guest rabbit_virtual_host = / rabbit_notification_exchange = glance rabbit_notification_topic = notifications @@ -121,6 +125,25 @@ qpid_protocol = tcp qpid_tcp_nodelay = True +# =============== Policy Options ============================== + +[oslo_policy] +# The JSON file that defines policies. +# Deprecated group/name - [DEFAULT]/policy_file +#policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. +# Deprecated group/name - [DEFAULT]/policy_default_rule +#policy_default_rule = default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. +# The file defined by policy_file must exist for these +# directories to be searched. +# Deprecated group/name - [DEFAULT]/policy_dirs +#policy_dirs = policy.d + # ================= Database Options ========================== [database] @@ -140,7 +163,6 @@ qpid_tcp_nodelay = True # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = <None> -connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To @@ -221,11 +243,10 @@ connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROL #db_max_retries = 20 [keystone_authtoken] -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 -admin_tenant_name = service -admin_user = {{ GLANCE_SERVICE_USER }} -admin_password = {{ GLANCE_SERVICE_PASSWORD }} +identity_uri = http://127.0.0.1:35357 +admin_tenant_name = %SERVICE_TENANT_NAME% +admin_user = %SERVICE_USER% +admin_password = %SERVICE_PASSWORD% [paste_deploy] # Name of the paste configuration file that defines the available pipelines @@ -235,7 +256,7 @@ admin_password = {{ GLANCE_SERVICE_PASSWORD }} # service name removed. For example, if your paste section name is # [pipeline:glance-registry-keystone], you would configure the flavor below # as 'keystone'. -flavor=keystone +#flavor= [profiler] # If False fully disable profiling feature. diff --git a/install-files/openstack/usr/share/openstack/glance/glance-scrubber.conf b/install-files/openstack/usr/share/openstack/glance/glance-scrubber.conf deleted file mode 100644 index cdbfda71..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-scrubber.conf +++ /dev/null @@ -1,108 +0,0 @@ -[DEFAULT] -# Show more verbose log output (sets INFO log level output) -#verbose = False - -# Show debugging output in logs (sets DEBUG log level output) -#debug = False - -# Log to this file. Make sure you do not set the same log file for both the API -# and registry servers! -# -# If `log_file` is omitted and `use_syslog` is false, then log messages are -# sent to stdout as a fallback. -# log_file = /var/log/glance/scrubber.log - -# Send logs to syslog (/dev/log) instead of to file specified by `log_file` -use_syslog = True - -# Should we run our own loop or rely on cron/scheduler to run us -daemon = False - -# Loop time between checking for new items to schedule for delete -wakeup_time = 300 - -# Directory that the scrubber will use to remind itself of what to delete -# Make sure this is also set in glance-api.conf -scrubber_datadir = /var/lib/glance/scrubber - -# Only one server in your deployment should be designated the cleanup host -cleanup_scrubber = False - -# pending_delete items older than this time are candidates for cleanup -cleanup_scrubber_time = 86400 - -# Address to find the registry server for cleanups -registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Port the registry server is listening on -registry_port = 9191 - -# Auth settings if using Keystone -# auth_url = http://127.0.0.1:5000/v2.0/ -# admin_tenant_name = %SERVICE_TENANT_NAME% -# admin_user = %SERVICE_USER% -# admin_password = %SERVICE_PASSWORD% - -# Directory to use for lock files. Default to a temp directory -# (string value). This setting needs to be the same for both -# glance-scrubber and glance-api. -#lock_path=<None> - -# API to use for accessing data. Default value points to sqlalchemy -# package, it is also possible to use: glance.db.registry.api -#data_api = glance.db.sqlalchemy.api - -# ================= Security Options ========================== - -# AES key for encrypting store 'location' metadata, including -# -- if used -- Swift or S3 credentials -# Should be set to a random string of length 16, 24 or 32 bytes -#metadata_encryption_key = <16, 24 or 32 char registry metadata key> - -# ================= Database Options ===============+========== - -[database] - -# The SQLAlchemy connection string used to connect to the -# database (string value) -#connection=sqlite:////glance/openstack/common/db/$sqlite_db - -# The SQLAlchemy connection string used to connect to the -# slave database (string value) -#slave_connection= - -# timeout before idle sql connections are reaped (integer -# value) -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool -# (integer value) -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool -# (integer value) -#max_pool_size=<None> - -# maximum db connection retries during startup. (setting -1 -# implies an infinite retry count) (integer value) -#max_retries=10 - -# interval between retries of opening a sql connection -# (integer value) -#retry_interval=10 - -# If set, use this value for max_overflow with sqlalchemy -# (integer value) -#max_overflow=<None> - -# Verbosity of SQL debugging information. 0=None, -# 100=Everything (integer value) -#connection_debug=0 - -# Add python stack traces to SQL as comment strings (boolean -# value) -#connection_trace=false - -# If set, use this value for pool_timeout with sqlalchemy -# (integer value) -#pool_timeout=<None> diff --git a/install-files/openstack/usr/share/openstack/glance/logging.conf b/install-files/openstack/usr/share/openstack/glance/logging.conf deleted file mode 100644 index 7e7f31f0..00000000 --- a/install-files/openstack/usr/share/openstack/glance/logging.conf +++ /dev/null @@ -1,54 +0,0 @@ -[loggers] -keys=root,api,registry,combined - -[formatters] -keys=normal,normal_with_name,debug - -[handlers] -keys=production,file,devel - -[logger_root] -level=NOTSET -handlers=devel - -[logger_api] -level=DEBUG -handlers=devel -qualname=glance-api - -[logger_registry] -level=DEBUG -handlers=devel -qualname=glance-registry - -[logger_combined] -level=DEBUG -handlers=devel -qualname=glance-combined - -[handler_production] -class=handlers.SysLogHandler -level=ERROR -formatter=normal_with_name -args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) - -[handler_file] -class=FileHandler -level=DEBUG -formatter=normal_with_name -args=('glance.log', 'w') - -[handler_devel] -class=StreamHandler -level=NOTSET -formatter=debug -args=(sys.stdout,) - -[formatter_normal] -format=%(asctime)s %(levelname)s %(message)s - -[formatter_normal_with_name] -format=(%(name)s): %(asctime)s %(levelname)s %(message)s - -[formatter_debug] -format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s diff --git a/install-files/openstack/usr/share/openstack/glance/policy.json b/install-files/openstack/usr/share/openstack/glance/policy.json deleted file mode 100644 index 325f00b2..00000000 --- a/install-files/openstack/usr/share/openstack/glance/policy.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "context_is_admin": "role:admin", - "default": "", - - "add_image": "", - "delete_image": "", - "get_image": "", - "get_images": "", - "modify_image": "", - "publicize_image": "role:admin", - "copy_from": "", - - "download_image": "", - "upload_image": "", - - "delete_image_location": "", - "get_image_location": "", - "set_image_location": "", - - "add_member": "", - "delete_member": "", - "get_member": "", - "get_members": "", - "modify_member": "", - - "manage_image_cache": "role:admin", - - "get_task": "", - "get_tasks": "", - "add_task": "", - "modify_task": "", - - "get_metadef_namespace": "", - "get_metadef_namespaces":"", - "modify_metadef_namespace":"", - "add_metadef_namespace":"", - - "get_metadef_object":"", - "get_metadef_objects":"", - "modify_metadef_object":"", - "add_metadef_object":"", - - "list_metadef_resource_types":"", - "get_metadef_resource_type":"", - "add_metadef_resource_type_association":"", - - "get_metadef_property":"", - "get_metadef_properties":"", - "modify_metadef_property":"", - "add_metadef_property":"" - -} diff --git a/install-files/openstack/usr/share/openstack/glance/schema-image.json b/install-files/openstack/usr/share/openstack/glance/schema-image.json deleted file mode 100644 index 5aafd6b3..00000000 --- a/install-files/openstack/usr/share/openstack/glance/schema-image.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "kernel_id": { - "type": "string", - "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", - "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image." - }, - "ramdisk_id": { - "type": "string", - "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", - "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image." - }, - "instance_uuid": { - "type": "string", - "description": "ID of instance used to create this image." - }, - "architecture": { - "description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", - "type": "string" - }, - "os_distro": { - "description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", - "type": "string" - }, - "os_version": { - "description": "Operating system version as specified by the distributor", - "type": "string" - } -} diff --git a/install-files/openstack/usr/share/openstack/ironic/ironic.conf b/install-files/openstack/usr/share/openstack/ironic/ironic.conf index 75c62b8e..ccf368f0 100644 --- a/install-files/openstack/usr/share/openstack/ironic/ironic.conf +++ b/install-files/openstack/usr/share/openstack/ironic/ironic.conf @@ -4,129 +4,13 @@ # Options defined in oslo.messaging # -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some -# distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} - -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - -# If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false - # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) #rpc_zmq_bind_address=* # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker=oslo_messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) #rpc_zmq_port=9501 @@ -156,7 +40,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }} # Heartbeat time-to-live. (integer value) #matchmaker_heartbeat_ttl=600 -# Size of RPC greenthread pool. (integer value) +# Size of RPC thread pool. (integer value) #rpc_thread_pool_size=64 # Driver or drivers to handle sending notifications. (multi @@ -190,10 +74,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }} # # IP address of this host. (string value) -my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Use IPv6. (boolean value) -#use_ipv6=false +#my_ip=10.0.0.1 # @@ -204,6 +85,10 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # (string value) #auth_strategy=keystone +# Enable pecan debug mode. WARNING: this is insecure and +# should not be used in production. (boolean value) +#pecan_debug=false + # # Options defined in ironic.common.driver_factory @@ -217,7 +102,7 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # present on your system may be found by enumerating the # "ironic.drivers" entrypoint. An example may be found in the # developer documentation online. (list value) -enabled_drivers=pxe_ipmitool,pxe_ssh +#enabled_drivers=pxe_ipmitool # @@ -268,6 +153,9 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # value) #isolinux_config_template=$pybasedir/common/isolinux_config.template +# Template file for grub configuration file. (string value) +#grub_config_template=$pybasedir/common/grub_conf.template + # # Options defined in ironic.common.paths @@ -287,18 +175,6 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # -# Options defined in ironic.common.policy -# - -# JSON file representing policy. (string value) -#policy_file=policy.json - -# Rule checked when requested rule is not found. (string -# value) -#policy_default_rule=default - - -# # Options defined in ironic.common.service # @@ -351,17 +227,6 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # -# Options defined in ironic.openstack.common.lockutils -# - -# Enables or disables inter-process locks. (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. (string value) -#lock_path=<None> - - -# # Options defined in ironic.openstack.common.log # @@ -393,7 +258,7 @@ enabled_drivers=pxe_ipmitool,pxe_ssh #logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s # List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN +#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN # Enables or disables publication of error events. (boolean # value) @@ -442,7 +307,7 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # Use syslog for logging. Existing syslog format is DEPRECATED # during I, and will change in J to honor RFC5424. (boolean # value) -use_syslog=True +#use_syslog=false # (Optional) Enables or disables syslog rfc5424 format for # logging. If enabled, prefixes the MSG part of the syslog @@ -464,6 +329,15 @@ use_syslog=True #run_external_periodic_tasks=true +# +# Options defined in ironic.openstack.common.versionutils +# + +# Enables or disables fatal status of deprecations. (boolean +# value) +#fatal_deprecations=false + + [agent] # @@ -480,6 +354,22 @@ use_syslog=True # Neutron bootfile DHCP parameter. (string value) #agent_pxe_bootfile_name=pxelinux.0 +# Priority to run in-band erase devices via the Ironic Python +# Agent ramdisk. If unset, will use the priority set in the +# ramdisk (defaults to 10 for the GenericHardwareManager). If +# set to 0, will not run during cleaning. (integer value) +#agent_erase_devices_priority=<None> + +# Whether Ironic will manage TFTP files for the deploy +# ramdisks. If set to False, you will need to configure your +# own TFTP server that allows booting the deploy ramdisks. +# (boolean value) +#manage_tftp=true + +# +# Options defined in ironic.drivers.modules.agent_base_vendor +# + # Maximum interval (in seconds) for agent heartbeats. (integer # value) #heartbeat_timeout=300 @@ -494,6 +384,30 @@ use_syslog=True #agent_api_version=v1 +[amt] + +# +# Options defined in ironic.drivers.modules.amt.common +# + +# Protocol used for AMT endpoint, support http/https (string +# value) +#protocol=http + + +# +# Options defined in ironic.drivers.modules.amt.power +# + +# Maximum number of times to attempt an AMT operation, before +# failing (integer value) +#max_attempts=3 + +# Amount of time (in seconds) to wait, before retrying an AMT +# operation (integer value) +#action_wait=10 + + [api] # @@ -520,7 +434,7 @@ use_syslog=True # URL of Ironic API service. If not set ironic can get the # current value from the keystone service catalog. (string # value) -api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 +#api_url=<None> # Seconds between conductor heart beats. (integer value) #heartbeat_interval=10 @@ -587,6 +501,31 @@ api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 # the check entirely. (integer value) #sync_local_state_interval=180 +# Whether to upload the config drive to Swift. (boolean value) +#configdrive_use_swift=false + +# Name of the Swift container to store config drive data. Used +# when configdrive_use_swift is True. (string value) +#configdrive_swift_container=ironic_configdrive_container + +# Timeout (seconds) for waiting for node inspection. 0 - +# unlimited. (integer value) +#inspect_timeout=1800 + +# Cleaning is a configurable set of steps, such as erasing +# disk drives, that are performed on the node to ensure it is +# in a baseline state and ready to be deployed to. This is +# done after instance deletion, and during the transition from +# a "managed" to "available" state. When enabled, the +# particular steps performed to clean a node depend on which +# driver that node is managed by; see the individual driver's +# documentation for details. NOTE: The introduction of the +# cleaning operation causes instance deletion to take +# significantly longer. In an environment where all tenants +# are trusted (eg, because there is only one tenant), this +# option could be safely disabled. (boolean value) +#clean_nodes=true + [console] @@ -635,7 +574,7 @@ api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection -connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ironic +#connection=<None> # The SQLAlchemy connection string to use to connect to the # slave database. (string value) @@ -667,8 +606,9 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size=<None> -# Maximum db connection retries during startup. Set to -1 to -# specify an infinite retry count. (integer value) +# Maximum number of database connection retries during +# startup. Set to -1 to specify an infinite retry count. +# (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries=10 @@ -704,20 +644,22 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL # connection lost. (boolean value) #use_db_reconnect=false -# Seconds between database connection retries. (integer value) +# Seconds between retries of a database transaction. (integer +# value) #db_retry_interval=1 -# If True, increases the interval between database connection -# retries up to db_max_retry_interval. (boolean value) +# If True, increases the interval between retries of a +# database operation up to db_max_retry_interval. (boolean +# value) #db_inc_retry_interval=true # If db_inc_retry_interval is set, the maximum seconds between -# database connection retries. (integer value) +# retries of a database operation. (integer value) #db_max_retry_interval=10 -# Maximum database connection retries before error is raised. -# Set to -1 to specify an infinite retry count. (integer -# value) +# Maximum retries in case of connection error or deadlock +# error before error is raised. Set to -1 to specify an +# infinite retry count. (integer value) #db_max_retries=20 @@ -729,6 +671,25 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL #mysql_engine=InnoDB +[deploy] + +# +# Options defined in ironic.drivers.modules.deploy_utils +# + +# Size of EFI system partition in MiB when configuring UEFI +# systems for local boot. (integer value) +#efi_system_partition_size=200 + +# Block size to use when writing to the nodes disk. (string +# value) +#dd_block_size=1M + +# Maximum attempts to verify an iSCSI connection is active, +# sleeping 1 second between attempts. (integer value) +#iscsi_verify_attempts=3 + + [dhcp] # @@ -740,6 +701,26 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL #dhcp_provider=neutron +[discoverd] + +# +# Options defined in ironic.drivers.modules.discoverd +# + +# whether to enable inspection using ironic-discoverd (boolean +# value) +#enabled=false + +# ironic-discoverd HTTP endpoint. If this is not set, the +# ironic-discoverd client default (http://127.0.0.1:5050) will +# be used. (string value) +#service_url=<None> + +# period (in seconds) to check status of nodes on inspection +# (integer value) +#status_check_period=60 + + [disk_partitioner] # @@ -811,13 +792,22 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL # (string value) #swift_container=glance +# This should match a config by the same name in the Glance +# configuration file. When set to 0, a single-tenant store +# will only use one container to store all images. When set to +# an integer value between 1 and 32, a single-tenant store +# will use multiple containers to store images, and this value +# will determine how many containers are created. (integer +# value) +#swift_store_multiple_containers_seed=0 + # # Options defined in ironic.common.image_service # # Default glance hostname or IP address. (string value) -glance_host={{ CONTROLLER_HOST_ADDRESS }} +#glance_host=$my_ip # Default glance port. (integer value) #glance_port=9292 @@ -828,7 +818,7 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # A list of the glance api servers available to ironic. Prefix # with https:// for SSL-based glance API servers. Format is -# [hostname|IP]:port. (string value) +# [hostname|IP]:port. (list value) #glance_api_servers=<None> # Allow to perform insecure SSL (https) requests to glance. @@ -839,8 +829,9 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # (integer value) #glance_num_retries=0 -# Default protocol to use when connecting to glance. Set to -# https for SSL. (string value) +# Authentication strategy to use when connecting to glance. +# Only "keystone" and "noauth" are currently supported by +# ironic. (string value) #auth_strategy=keystone @@ -865,6 +856,43 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # +# Options defined in ironic.drivers.modules.ilo.deploy +# + +# Priority for erase devices clean step. If unset, it defaults +# to 10. If set to 0, the step will be disabled and will not +# run during cleaning. (integer value) +#clean_priority_erase_devices=<None> + + +# +# Options defined in ironic.drivers.modules.ilo.management +# + +# Priority for reset_ilo clean step. (integer value) +#clean_priority_reset_ilo=1 + +# Priority for reset_bios_to_default clean step. (integer +# value) +#clean_priority_reset_bios_to_default=10 + +# Priority for reset_secure_boot_keys clean step. This step +# will reset the secure boot keys to manufacturing defaults. +# (integer value) +#clean_priority_reset_secure_boot_keys_to_default=20 + +# Priority for clear_secure_boot_keys clean step. This step is +# not enabled by default. It can be enabled to to clear all +# secure boot keys enrolled with iLO. (integer value) +#clean_priority_clear_secure_boot_keys=0 + +# Priority for reset_ilo_credential clean step. This step +# requires "ilo_change_password" parameter to be updated in +# nodes's driver_info with the new password. (integer value) +#clean_priority_reset_ilo_credential=30 + + +# # Options defined in ironic.drivers.modules.ilo.power # @@ -883,8 +911,12 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # Options defined in ironic.drivers.modules.ipminative # -# Maximum time in seconds to retry IPMI operations. (integer -# value) +# Maximum time in seconds to retry IPMI operations. There is a +# tradeoff when setting this value. Setting this too low may +# cause older BMCs to crash and require a hard reset. However, +# setting too high can cause the sync power state periodic +# task to hang when there are slow or unresponsive BMCs. +# (integer value) #retry_timeout=60 # Minimum time, in seconds, between IPMI operations sent to a @@ -894,79 +926,73 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} #min_command_interval=5 -[keystone_authtoken] +[irmc] # -# Options defined in keystonemiddleware.auth_token +# Options defined in ironic.drivers.modules.irmc.common # -# Prefix to prepend at the beginning of the path. Deprecated, -# use identity_uri. (string value) -#auth_admin_prefix= +# Port to be used for iRMC operations, either 80 or 443 +# (integer value) +#port=443 -# Host providing the admin Identity API endpoint. Deprecated, -# use identity_uri. (string value) -#auth_host=127.0.0.1 +# Authentication method to be used for iRMC operations, either +# "basic" or "digest" (string value) +#auth_method=basic -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -#auth_port=35357 +# Timeout (in seconds) for iRMC operations (integer value) +#client_timeout=60 -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -#auth_protocol=https +# Sensor data retrieval method, either "ipmitool" or "scci" +# (string value) +#sensor_method=ipmitool -# Complete public Identity API endpoint (string value) -auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -# Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint e.g. https://localhost:35357/ +[keystone] + +# +# Options defined in ironic.common.keystone +# + +# The region used for getting endpoints of OpenStackservices. # (string value) -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +#region_name=<None> + + +[keystone_authtoken] -# API version of the admin Identity API endpoint (string +# +# Options defined in keystonemiddleware.auth_token +# + +# Complete public Identity API endpoint. (string value) +#auth_uri=<None> + +# API version of the admin Identity API endpoint. (string # value) #auth_version=<None> # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI -# components (boolean value) +# components. (boolean value) #delay_auth_decision=false # Request timeout value for communicating with Identity API -# server. (boolean value) +# server. (integer value) #http_connect_timeout=<None> # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries=3 -# This option is deprecated and may be removed in a future -# release. Single shared secret with the Keystone -# configuration used for bootstrapping a Keystone -# installation, or otherwise bypassing the normal -# authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token=<None> - -# Keystone account username (string value) -admin_user={{ IRONIC_SERVICE_USER }} - -# Keystone account password (string value) -admin_password={{ IRONIC_SERVICE_PASSWORD }} - -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name=service - -# Env key for the swift cache (string value) +# Env key for the swift cache. (string value) #cache=<None> -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #certfile=<None> -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #keyfile=<None> @@ -977,7 +1003,7 @@ admin_tenant_name=service # Verify HTTPS connections. (boolean value) #insecure=false -# Directory used to cache files related to PKI tokens (string +# Directory used to cache files related to PKI tokens. (string # value) #signing_dir=<None> @@ -1000,7 +1026,7 @@ admin_tenant_name=service # value) #revocation_cache_time=10 -# (optional) if defined, indicate whether token data should be +# (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable # values are MAC or ENCRYPT. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token @@ -1009,38 +1035,38 @@ admin_tenant_name=service # raise an exception on initialization. (string value) #memcache_security_strategy=<None> -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string +# (Optional, mandatory if memcache_security_strategy is +# defined) This string is used for key derivation. (string # value) #memcache_secret_key=<None> -# (optional) number of seconds memcached server is considered +# (Optional) Number of seconds memcached server is considered # dead before it is tried again. (integer value) #memcache_pool_dead_retry=300 -# (optional) max total number of open connections to every +# (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize=10 -# (optional) socket timeout in seconds for communicating with +# (Optional) Socket timeout in seconds for communicating with # a memcache server. (integer value) #memcache_pool_socket_timeout=3 -# (optional) number of seconds a connection to memcached is +# (Optional) Number of seconds a connection to memcached is # held unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout=60 -# (optional) number of seconds that an operation will wait to +# (Optional) Number of seconds that an operation will wait to # get a memcache client connection from the pool. (integer # value) #memcache_pool_conn_get_timeout=10 -# (optional) use the advanced (eventlet safe) memcache client +# (Optional) Use the advanced (eventlet safe) memcache client # pool. The advanced pool will only work under python 2.x. # (boolean value) #memcache_use_advanced_pool=false -# (optional) indicate whether to set the X-Service-Catalog +# (Optional) Indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) @@ -1059,7 +1085,7 @@ admin_tenant_name=service # If true, the revocation list will be checked for cached # tokens. This requires that PKI tokens are configured on the -# Keystone server. (boolean value) +# identity server. (boolean value) #check_revocations_for_cached=false # Hash algorithms to use for hashing PKI tokens. This may be a @@ -1074,6 +1100,44 @@ admin_tenant_name=service # (list value) #hash_algorithms=md5 +# Prefix to prepend at the beginning of the path. Deprecated, +# use identity_uri. (string value) +#auth_admin_prefix= + +# Host providing the admin Identity API endpoint. Deprecated, +# use identity_uri. (string value) +#auth_host=127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +#auth_port=35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +#auth_protocol=https + +# Complete admin Identity API endpoint. This should specify +# the unversioned root endpoint e.g. https://localhost:35357/ +# (string value) +#identity_uri=<None> + +# This option is deprecated and may be removed in a future +# release. Single shared secret with the Keystone +# configuration used for bootstrapping a Keystone +# installation, or otherwise bypassing the normal +# authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token=<None> + +# Service username. (string value) +#admin_user=<None> + +# Service user password. (string value) +#admin_password=<None> + +# Service tenant name. (string value) +#admin_tenant_name=admin + [matchmaker_redis] @@ -1109,12 +1173,16 @@ admin_tenant_name=service # # URL for connecting to neutron. (string value) -url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 +#url=http://$my_ip:9696 # Timeout value for connecting to neutron in seconds. (integer # value) #url_timeout=30 +# Client retries in the case of a failed request. (integer +# value) +#retries=3 + # Default authentication strategy to use when connecting to # neutron. Can be either "keystone" or "noauth". Running # neutron in noauth mode (related to but not affected by this @@ -1122,6 +1190,248 @@ url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 # (string value) #auth_strategy=keystone +# UUID of the network to create Neutron ports on when booting +# to a ramdisk for cleaning/zapping using Neutron DHCP (string +# value) +#cleaning_network_uuid=<None> + + +[oslo_concurrency] + +# +# Options defined in oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +#disable_process_locking=false + +# Directory to use for lock files. For security, the +# specified directory should only be writable by the user +# running the processes that need locking. Defaults to +# environment variable OSLO_LOCK_PATH. If external locks are +# used, a lock path must be set. (string value) +#lock_path=<None> + + +[oslo_messaging_amqp] + +# +# Options defined in oslo.messaging +# + +# address prefix used when sending to a specific server +# (string value) +#server_request_prefix=exclusive + +# address prefix used when broadcasting to all servers (string +# value) +#broadcast_prefix=broadcast + +# address prefix when sending to any server in group (string +# value) +#group_request_prefix=unicast + +# Name for the AMQP container (string value) +#container_name=<None> + +# Timeout for inactive connections (in seconds) (integer +# value) +#idle_timeout=0 + +# Debug: dump AMQP frames to stdout (boolean value) +#trace=false + +# CA certificate PEM file for verifing server certificate +# (string value) +#ssl_ca_file= + +# Identifying certificate PEM file to present to clients +# (string value) +#ssl_cert_file= + +# Private key PEM file used to sign cert_file certificate +# (string value) +#ssl_key_file= + +# Password for decrypting ssl_key_file (if encrypted) (string +# value) +#ssl_key_password=<None> + +# Accept clients using either SSL or plain TCP (boolean value) +#allow_insecure_clients=false + + +[oslo_messaging_qpid] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The number of prefetched messages held by receiver. (integer +# value) +#qpid_receiver_capacity=1 + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + + +[oslo_messaging_rabbit] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# SSL version to use (valid only if SSL enabled). Valid values +# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may +# be available on some distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +#rabbit_host=localhost + +# The RabbitMQ broker port where a single node is used. +# (integer value) +#rabbit_port=5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +#rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +#rabbit_userid=guest + +# The RabbitMQ password. (string value) +#rabbit_password=guest + +# The RabbitMQ login method. (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# Number of seconds after which the Rabbit broker is +# considered down if heartbeat's keep-alive fails (0 disable +# the heartbeat). (integer value) +#heartbeat_timeout_threshold=60 + +# How often times during the heartbeat_timeout_threshold we +# check the heartbeat. (integer value) +#heartbeat_rate=2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +#fake_rabbit=false + + +[oslo_policy] + +# +# Options defined in oslo.policy +# + +# The JSON file that defines policies. (string value) +#policy_file=policy.json + +# Default rule. Enforced when a requested rule is not found. +# (string value) +#policy_default_rule=default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. The +# file defined by policy_file must exist for these directories +# to be searched. Missing or empty directories are ignored. +# (multi valued) +#policy_dirs=policy.d + [pxe] @@ -1173,11 +1483,11 @@ url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 #tftp_server=$my_ip # Ironic compute node's tftp root path. (string value) -tftp_root=/srv/tftp_root/ +#tftp_root=/tftpboot # Directory where master tftp images are stored on disk. # (string value) -tftp_master_path=/srv/tftp_root/master_images +#tftp_master_path=/tftpboot/master_images # Bootfile DHCP parameter. (string value) #pxe_bootfile_name=pxelinux.0 @@ -1245,3 +1555,14 @@ tftp_master_path=/srv/tftp_root/master_images #swift_max_retries=2 +[virtualbox] + +# +# Options defined in ironic.drivers.modules.virtualbox +# + +# Port on which VirtualBox web service is listening. (integer +# value) +#port=18083 + + diff --git a/install-files/openstack/usr/share/openstack/ironic/policy.json b/install-files/openstack/usr/share/openstack/ironic/policy.json deleted file mode 100644 index 94ac3a5b..00000000 --- a/install-files/openstack/usr/share/openstack/ironic/policy.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "admin": "role:admin or role:administrator", - "admin_api": "is_admin:True", - "default": "rule:admin_api" -} diff --git a/install-files/openstack/usr/share/openstack/keystone/keystone-paste.ini b/install-files/openstack/usr/share/openstack/keystone/keystone-paste.ini deleted file mode 100644 index 46f994c3..00000000 --- a/install-files/openstack/usr/share/openstack/keystone/keystone-paste.ini +++ /dev/null @@ -1,121 +0,0 @@ -# Keystone PasteDeploy configuration file. - -[filter:debug] -paste.filter_factory = keystone.common.wsgi:Debug.factory - -[filter:build_auth_context] -paste.filter_factory = keystone.middleware:AuthContextMiddleware.factory - -[filter:token_auth] -paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory - -[filter:admin_token_auth] -paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory - -[filter:xml_body] -paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory - -[filter:xml_body_v2] -paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV2.factory - -[filter:xml_body_v3] -paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV3.factory - -[filter:json_body] -paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory - -[filter:user_crud_extension] -paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory - -[filter:crud_extension] -paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory - -[filter:ec2_extension] -paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory - -[filter:ec2_extension_v3] -paste.filter_factory = keystone.contrib.ec2:Ec2ExtensionV3.factory - -[filter:federation_extension] -paste.filter_factory = keystone.contrib.federation.routers:FederationExtension.factory - -[filter:oauth1_extension] -paste.filter_factory = keystone.contrib.oauth1.routers:OAuth1Extension.factory - -[filter:s3_extension] -paste.filter_factory = keystone.contrib.s3:S3Extension.factory - -[filter:endpoint_filter_extension] -paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory - -[filter:endpoint_policy_extension] -paste.filter_factory = keystone.contrib.endpoint_policy.routers:EndpointPolicyExtension.factory - -[filter:simple_cert_extension] -paste.filter_factory = keystone.contrib.simple_cert:SimpleCertExtension.factory - -[filter:revoke_extension] -paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory - -[filter:url_normalize] -paste.filter_factory = keystone.middleware:NormalizingFilter.factory - -[filter:sizelimit] -paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory - -[filter:stats_monitoring] -paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory - -[filter:stats_reporting] -paste.filter_factory = keystone.contrib.stats:StatsExtension.factory - -[filter:access_log] -paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory - -[app:public_service] -paste.app_factory = keystone.service:public_app_factory - -[app:service_v3] -paste.app_factory = keystone.service:v3_app_factory - -[app:admin_service] -paste.app_factory = keystone.service:admin_app_factory - -[pipeline:public_api] -# The last item in this pipeline must be public_service or an equivalent -# application. It cannot be a filter. -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service - -[pipeline:admin_api] -# The last item in this pipeline must be admin_service or an equivalent -# application. It cannot be a filter. -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service - -[pipeline:api_v3] -# The last item in this pipeline must be service_v3 or an equivalent -# application. It cannot be a filter. -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3 - -[app:public_version_service] -paste.app_factory = keystone.service:public_version_app_factory - -[app:admin_version_service] -paste.app_factory = keystone.service:admin_version_app_factory - -[pipeline:public_version_api] -pipeline = sizelimit url_normalize xml_body public_version_service - -[pipeline:admin_version_api] -pipeline = sizelimit url_normalize xml_body admin_version_service - -[composite:main] -use = egg:Paste#urlmap -/v2.0 = public_api -/v3 = api_v3 -/ = public_version_api - -[composite:admin] -use = egg:Paste#urlmap -/v2.0 = admin_api -/v3 = api_v3 -/ = admin_version_api diff --git a/install-files/openstack/usr/share/openstack/keystone/keystone.conf b/install-files/openstack/usr/share/openstack/keystone/keystone.conf index 4e04c81b..1c2298bf 100644 --- a/install-files/openstack/usr/share/openstack/keystone/keystone.conf +++ b/install-files/openstack/usr/share/openstack/keystone/keystone.conf @@ -1,1588 +1,1733 @@ [DEFAULT] # -# Options defined in keystone +# From keystone # -# A "shared secret" that can be used to bootstrap Keystone. -# This "token" does not represent a user, and carries no -# explicit authorization. To disable in production (highly -# recommended), remove AdminTokenAuthMiddleware from your -# paste application pipelines (for example, in keystone- -# paste.ini). (string value) -admin_token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} - -# The IP address of the network interface for the public -# service to listen on. (string value) -# Deprecated group/name - [DEFAULT]/bind_host -#public_bind_host=0.0.0.0 - -# The IP address of the network interface for the admin -# service to listen on. (string value) -# Deprecated group/name - [DEFAULT]/bind_host -#admin_bind_host=0.0.0.0 - -# (Deprecated) The port which the OpenStack Compute service -# listens on. This option was only used for string replacement -# in the templated catalog backend. Templated catalogs should -# replace the "$(compute_port)s" substitution with the static -# port of the compute service. As of Juno, this option is -# deprecated and will be removed in the L release. (integer +# A "shared secret" that can be used to bootstrap Keystone. This "token" does +# not represent a user, and carries no explicit authorization. To disable in +# production (highly recommended), remove AdminTokenAuthMiddleware from your +# paste application pipelines (for example, in keystone-paste.ini). (string # value) -#compute_port=8774 +#admin_token = ADMIN + +# (Deprecated) The port which the OpenStack Compute service listens on. This +# option was only used for string replacement in the templated catalog backend. +# Templated catalogs should replace the "$(compute_port)s" substitution with +# the static port of the compute service. As of Juno, this option is deprecated +# and will be removed in the L release. (integer value) +#compute_port = 8774 + +# The base public endpoint URL for Keystone that is advertised to clients +# (NOTE: this does NOT affect how Keystone listens for connections). Defaults +# to the base host URL of the request. E.g. a request to +# http://server:5000/v3/users will default to http://server:5000. You should +# only need to set this value if the base URL contains a path (e.g. /prefix/v3) +# or the endpoint should be found on a different server. (string value) +#public_endpoint = <None> + +# The base admin endpoint URL for Keystone that is advertised to clients (NOTE: +# this does NOT affect how Keystone listens for connections). Defaults to the +# base host URL of the request. E.g. a request to http://server:35357/v3/users +# will default to http://server:35357. You should only need to set this value +# if the base URL contains a path (e.g. /prefix/v3) or the endpoint should be +# found on a different server. (string value) +#admin_endpoint = <None> + +# Maximum depth of the project hierarchy. WARNING: setting it to a large value +# may adversely impact performance. (integer value) +#max_project_tree_depth = 5 -# The port number which the admin service listens on. (integer -# value) -admin_port=35357 - -# The port number which the public service listens on. -# (integer value) -public_port=5000 - -# The base public endpoint URL for Keystone that is advertised -# to clients (NOTE: this does NOT affect how Keystone listens -# for connections). Defaults to the base host URL of the -# request. E.g. a request to http://server:5000/v2.0/users -# will default to http://server:5000. You should only need to -# set this value if the base URL contains a path (e.g. -# /prefix/v2.0) or the endpoint should be found on a different -# server. (string value) -#public_endpoint=<None> - -# The base admin endpoint URL for Keystone that is advertised -# to clients (NOTE: this does NOT affect how Keystone listens -# for connections). Defaults to the base host URL of the -# request. E.g. a request to http://server:35357/v2.0/users -# will default to http://server:35357. You should only need to -# set this value if the base URL contains a path (e.g. -# /prefix/v2.0) or the endpoint should be found on a different -# server. (string value) -#admin_endpoint=<None> - -# The number of worker processes to serve the public WSGI -# application. Defaults to number of CPUs (minimum of 2). -# (integer value) -#public_workers=<None> +# Limit the sizes of user & project ID/names. (integer value) +#max_param_size = 64 -# The number of worker processes to serve the admin WSGI -# application. Defaults to number of CPUs (minimum of 2). +# Similar to max_param_size, but provides an exception for token values. # (integer value) -#admin_workers=<None> - -# Enforced by optional sizelimit middleware -# (keystone.middleware:RequestBodySizeLimiter). (integer -# value) -#max_request_body_size=114688 +#max_token_size = 8192 -# Limit the sizes of user & project ID/names. (integer value) -#max_param_size=64 +# Similar to the member_role_name option, this represents the default role ID +# used to associate users with their default projects in the v2 API. This will +# be used as the explicit role where one is not specified by the v2 API. +# (string value) +#member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab -# Similar to max_param_size, but provides an exception for -# token values. (integer value) -#max_token_size=8192 +# This is the role name used in combination with the member_role_id option; see +# that option for more detail. (string value) +#member_role_name = _member_ -# During a SQL upgrade member_role_id will be used to create a -# new role that will replace records in the assignment table -# with explicit role grants. After migration, the -# member_role_id will be used in the API add_user_to_project. -# (string value) -#member_role_id=9fe2ff9ee4384b1894a90878d3e92bab - -# During a SQL upgrade member_role_name will be used to create -# a new role that will replace records in the assignment table -# with explicit role grants. After migration, member_role_name -# will be ignored. (string value) -#member_role_name=_member_ - -# The value passed as the keyword "rounds" to passlib's -# encrypt method. (integer value) -#crypt_strength=40000 - -# Set this to true if you want to enable TCP_KEEPALIVE on -# server sockets, i.e. sockets used by the Keystone wsgi -# server for client connections. (boolean value) -#tcp_keepalive=false - -# Sets the value of TCP_KEEPIDLE in seconds for each server -# socket. Only applies if tcp_keepalive is true. Not supported -# on OS X. (integer value) -#tcp_keepidle=600 - -# The maximum number of entities that will be returned in a -# collection, with no limit set by default. This global limit -# may be then overridden for a specific driver, by specifying -# a list_limit in the appropriate section (e.g. [assignment]). +# The value passed as the keyword "rounds" to passlib's encrypt method. # (integer value) -#list_limit=<None> - -# Set this to false if you want to enable the ability for -# user, group and project entities to be moved between domains -# by updating their domain_id. Allowing such movement is not -# recommended if the scope of a domain admin is being -# restricted by use of an appropriate policy file (see +#crypt_strength = 40000 + +# The maximum number of entities that will be returned in a collection, with no +# limit set by default. This global limit may be then overridden for a specific +# driver, by specifying a list_limit in the appropriate section (e.g. +# [assignment]). (integer value) +#list_limit = <None> + +# Set this to false if you want to enable the ability for user, group and +# project entities to be moved between domains by updating their domain_id. +# Allowing such movement is not recommended if the scope of a domain admin is +# being restricted by use of an appropriate policy file (see # policy.v3cloudsample as an example). (boolean value) -#domain_id_immutable=true +#domain_id_immutable = true -# If set to true, strict password length checking is performed -# for password manipulation. If a password exceeds the maximum -# length, the operation will fail with an HTTP 403 Forbidden -# error. If set to false, passwords are automatically -# truncated to the maximum length. (boolean value) -#strict_password_check=false +# If set to true, strict password length checking is performed for password +# manipulation. If a password exceeds the maximum length, the operation will +# fail with an HTTP 403 Forbidden error. If set to false, passwords are +# automatically truncated to the maximum length. (boolean value) +#strict_password_check = false +# The HTTP header used to determine the scheme for the original request, even +# if it was removed by an SSL terminating proxy. Typical value is +# "HTTP_X_FORWARDED_PROTO". (string value) +#secure_proxy_ssl_header = <None> # -# Options defined in oslo.messaging +# From keystone.notifications # -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false +# Default publisher_id for outgoing notifications (string value) +#default_publisher_id = <None> -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false +# Define the notification format for Identity Service events. A "basic" +# notification has information about the resource being operated on. A "cadf" +# notification has the same information, as well as information about the +# initiator of the event. Valid options are: basic and cadf (string value) +#notification_format = basic -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 +# +# From keystone.openstack.common.eventlet_backdoor +# -# Qpid broker hostname. (string value) -#qpid_hostname=localhost +# Enable eventlet backdoor. Acceptable values are 0, <port>, and +# <start>:<end>, where 0 results in listening on a random tcp port number; +# <port> results in listening on the specified port number (and not enabling +# backdoor if that port is in use); and <start>:<end> results in listening on +# the smallest unused port number within the specified range of port numbers. +# The chosen port is displayed in the service's log file. (string value) +#backdoor_port = <None> -# Qpid broker port. (integer value) -#qpid_port=5672 +# +# From oslo.log +# -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port +# Print debugging output (set logging level to DEBUG instead of default WARNING +# level). (boolean value) +#debug = false -# Username for Qpid connection. (string value) -#qpid_username= +# Print more verbose output (set logging level to INFO instead of default +# WARNING level). (boolean value) +#verbose = false -# Password for Qpid connection. (string value) -#qpid_password= +# The name of a logging configuration file. This file is appended to any +# existing logging configuration files. For details about logging configuration +# files, see the Python logging module documentation. (string value) +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append = <None> -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= +# DEPRECATED. A logging.Formatter log message format string which may use any +# of the available logging.LogRecord attributes. This option is deprecated. +# Please use logging_context_format_string and logging_default_format_string +# instead. (string value) +#log_format = <None> -# Seconds between connection keepalive heartbeats. (integer +# Format string for %%(asctime)s in log records. Default: %(default)s . (string # value) -#qpid_heartbeat=60 +#log_date_format = %Y-%m-%d %H:%M:%S -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true +# (Optional) Name of log file to output to. If no default is set, logging will +# go to stdout. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file = <None> -# The number of prefetched messages held by receiver. (integer +# (Optional) The base directory used for relative --log-file paths. (string # value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some -# distributions. (string value) -#kombu_ssl_version= +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = <None> -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= +# Use syslog for logging. Existing syslog format is DEPRECATED during I, and +# will change in J to honor RFC5424. (boolean value) +#use_syslog = false -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= +# (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, +# prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The +# format without the APP-NAME is deprecated in I, and will be removed in J. +# (boolean value) +#use_syslog_rfc_format = false -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= +# Syslog facility to receive log lines. (string value) +#syslog_log_facility = LOG_USER -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 +# Log output to standard error. (boolean value) +#use_stderr = true -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} +# Format string to use for log messages without context. (string value) +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s -# RabbitMQ HA cluster host:port pairs. (list value) -rabbit_hosts=$rabbit_host:$rabbit_port +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d -# Connect over SSL for RabbitMQ. (boolean value) -rabbit_use_ssl=false +# Prefix each line of exception output with this format. (string value) +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} +# Enables or disables publication of error events. (boolean value) +#publish_errors = false -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer +# The format for an instance that is passed with the log message. (string # value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 +#instance_format = "[instance: %(uuid)s] " -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean +# The format for an instance UUID that is passed with the log message. (string # value) -#rabbit_ha_queues=false +#instance_uuid_format = "[instance: %(uuid)s] " -# If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false +# +# From oslo.messaging +# -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. (string value) +#rpc_zmq_bind_address = * # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker = oslo_messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 +#rpc_zmq_port = 9501 # Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 +#rpc_zmq_contexts = 1 -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> +# Maximum number of ingress messages to locally buffer per topic. Default is +# unlimited. (integer value) +#rpc_zmq_topic_backlog = <None> # Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack +#rpc_zmq_ipc_dir = /var/run/openstack -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=keystone +# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match +# "host" option, if running Nova. (string value) +#rpc_zmq_host = localhost -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +# (integer value) +#rpc_cast_timeout = 30 # Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 +#matchmaker_heartbeat_freq = 300 # Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 +#matchmaker_heartbeat_ttl = 600 -# Size of RPC greenthread pool. (integer value) -#rpc_thread_pool_size=64 +# Size of RPC thread pool. (integer value) +#rpc_thread_pool_size = 64 -# Driver or drivers to handle sending notifications. (multi -# valued) -#notification_driver= +# Driver or drivers to handle sending notifications. (multi valued) +#notification_driver = # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics -#notification_topics=notifications +#notification_topics = notifications # Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -#transport_url=<None> - -# The messaging driver to use, defaults to rabbit. Other -# drivers include qpid and zmq. (string value) -rpc_backend=rabbit +#rpc_response_timeout = 60 -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -#control_exchange=keystone +# A URL representing the messaging driver to use and its full configuration. If +# not set, we fall back to the rpc_backend option and driver specific +# configuration. (string value) +#transport_url = <None> +# The messaging driver to use, defaults to rabbit. Other drivers include qpid +# and zmq. (string value) +#rpc_backend = rabbit -# -# Options defined in keystone.notifications -# +# The default exchange under which topics are scoped. May be overridden by an +# exchange name specified in the transport_url option. (string value) +#control_exchange = keystone -# Default publisher_id for outgoing notifications (string -# value) -#default_publisher_id=<None> +[assignment] # -# Options defined in keystone.openstack.common.eventlet_backdoor +# From keystone # -# Enable eventlet backdoor. Acceptable values are 0, <port>, -# and <start>:<end>, where 0 results in listening on a random -# tcp port number; <port> results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port=<None> +# Assignment backend driver. (string value) +#driver = <None> + +[auth] # -# Options defined in keystone.openstack.common.log +# From keystone # -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> - -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format=<None> - -# Format string for %%(asctime)s in log records. Default: -# %(default)s . (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> - -# (Optional) The base directory used for relative --log-file -# paths. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> - -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and will change in J to honor RFC5424. (boolean -# value) -use_syslog=True - -# (Optional) Enables or disables syslog rfc5424 format for -# logging. If enabled, prefixes the MSG part of the syslog -# message with APP-NAME (RFC5424). The format without the APP- -# NAME is deprecated in I, and will be removed in J. (boolean -# value) -#use_syslog_rfc_format=false - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility=LOG_USER +# Default auth methods. (list value) +#methods = external,password,token,oauth1 +# The password auth plugin module. (string value) +#password = keystone.auth.plugins.password.Password -# -# Options defined in keystone.openstack.common.policy -# +# The token auth plugin module. (string value) +#token = keystone.auth.plugins.token.Token -# The JSON file that defines policies. (string value) -#policy_file=policy.json +# The external (REMOTE_USER) auth plugin module. (string value) +#external = keystone.auth.plugins.external.DefaultDomain -# Default rule. Enforced when a requested rule is not found. -# (string value) -#policy_default_rule=default +# The oAuth1.0 auth plugin module. (string value) +#oauth1 = keystone.auth.plugins.oauth1.OAuth -[assignment] +[cache] # -# Options defined in keystone +# From keystone # -# Assignment backend driver. (string value) -#driver=<None> - -# Toggle for assignment caching. This has no effect unless -# global caching is enabled. (boolean value) -#caching=true +# Prefix for building the configuration dictionary for the cache region. This +# should not need to be changed unless there is another dogpile.cache region +# with the same configuration name. (string value) +#config_prefix = cache.keystone -# TTL (in seconds) to cache assignment data. This has no -# effect unless global caching is enabled. (integer value) -#cache_time=<None> +# Default TTL, in seconds, for any cached item in the dogpile.cache region. +# This applies to any cached method that doesn't have an explicit cache +# expiration time defined for it. (integer value) +#expiration_time = 600 -# Maximum number of entities that will be returned in an -# assignment collection. (integer value) -#list_limit=<None> +# Dogpile.cache backend module. It is recommended that Memcache with pooling +# (keystone.cache.memcache_pool) or Redis (dogpile.cache.redis) be used in +# production deployments. Small workloads (single process) like devstack can +# use the dogpile.cache.memory backend. (string value) +#backend = keystone.common.cache.noop +# Arguments supplied to the backend module. Specify this option once per +# argument to be passed to the dogpile.cache backend. Example format: +# "<argname>:<value>". (multi valued) +#backend_argument = -[auth] +# Proxy classes to import that will affect the way the dogpile.cache backend +# functions. See the dogpile.cache documentation on changing-backend-behavior. +# (list value) +#proxies = -# -# Options defined in keystone -# - -# Default auth methods. (list value) -#methods=external,password,token - -# The password auth plugin module. (string value) -#password=keystone.auth.plugins.password.Password +# Global toggle for all caching using the should_cache_fn mechanism. (boolean +# value) +#enabled = false -# The token auth plugin module. (string value) -#token=keystone.auth.plugins.token.Token +# Extra debugging from the cache backend (cache keys, get/set/delete/etc +# calls). This is only really useful if you need to see the specific cache- +# backend get/set/delete calls with the keys/values. Typically this should be +# left set to false. (boolean value) +#debug_cache_backend = false -# The external (REMOTE_USER) auth plugin module. (string -# value) -#external=keystone.auth.plugins.external.DefaultDomain +# Memcache servers in the format of "host:port". (dogpile.cache.memcache and +# keystone.cache.memcache_pool backends only). (list value) +#memcache_servers = localhost:11211 +# Number of seconds memcached server is considered dead before it is tried +# again. (dogpile.cache.memcache and keystone.cache.memcache_pool backends +# only). (integer value) +#memcache_dead_retry = 300 -[cache] +# Timeout in seconds for every call to a server. (dogpile.cache.memcache and +# keystone.cache.memcache_pool backends only). (integer value) +#memcache_socket_timeout = 3 -# -# Options defined in keystone -# - -# Prefix for building the configuration dictionary for the -# cache region. This should not need to be changed unless -# there is another dogpile.cache region with the same -# configuration name. (string value) -#config_prefix=cache.keystone - -# Default TTL, in seconds, for any cached item in the -# dogpile.cache region. This applies to any cached method that -# doesn't have an explicit cache expiration time defined for -# it. (integer value) -#expiration_time=600 - -# Dogpile.cache backend module. It is recommended that -# Memcache with pooling (keystone.cache.memcache_pool) or -# Redis (dogpile.cache.redis) be used in production -# deployments. Small workloads (single process) like devstack -# can use the dogpile.cache.memory backend. (string value) -#backend=keystone.common.cache.noop - -# Arguments supplied to the backend module. Specify this -# option once per argument to be passed to the dogpile.cache -# backend. Example format: "<argname>:<value>". (multi valued) -#backend_argument= - -# Proxy classes to import that will affect the way the -# dogpile.cache backend functions. See the dogpile.cache -# documentation on changing-backend-behavior. (list value) -#proxies= - -# Global toggle for all caching using the should_cache_fn -# mechanism. (boolean value) -#enabled=false - -# Extra debugging from the cache backend (cache keys, -# get/set/delete/etc calls). This is only really useful if you -# need to see the specific cache-backend get/set/delete calls -# with the keys/values. Typically this should be left set to -# false. (boolean value) -#debug_cache_backend=false - -# Memcache servers in the format of "host:port". -# (dogpile.cache.memcache and keystone.cache.memcache_pool -# backends only) (list value) -#memcache_servers=localhost:11211 - -# Number of seconds memcached server is considered dead before -# it is tried again. (dogpile.cache.memcache and -# keystone.cache.memcache_pool backends only) (integer value) -#memcache_dead_retry=300 - -# Timeout in seconds for every call to a server. -# (dogpile.cache.memcache and keystone.cache.memcache_pool -# backends only) (integer value) -#memcache_socket_timeout=3 - -# Max total number of open connections to every memcached -# server. (keystone.cache.memcache_pool backend only) (integer -# value) -#memcache_pool_maxsize=10 +# Max total number of open connections to every memcached server. +# (keystone.cache.memcache_pool backend only). (integer value) +#memcache_pool_maxsize = 10 -# Number of seconds a connection to memcached is held unused -# in the pool before it is closed. -# (keystone.cache.memcache_pool backend only) (integer value) -#memcache_pool_unused_timeout=60 +# Number of seconds a connection to memcached is held unused in the pool before +# it is closed. (keystone.cache.memcache_pool backend only). (integer value) +#memcache_pool_unused_timeout = 60 -# Number of seconds that an operation will wait to get a -# memcache client connection. (integer value) -#memcache_pool_connection_get_timeout=10 +# Number of seconds that an operation will wait to get a memcache client +# connection. (integer value) +#memcache_pool_connection_get_timeout = 10 [catalog] # -# Options defined in keystone +# From keystone # -# Catalog template file name for use with the template catalog -# backend. (string value) -#template_file=default_catalog.templates +# Catalog template file name for use with the template catalog backend. (string +# value) +#template_file = default_catalog.templates # Catalog backend driver. (string value) -#driver=keystone.catalog.backends.sql.Catalog - -# Toggle for catalog caching. This has no effect unless global -# caching is enabled. (boolean value) -#caching=true +#driver = keystone.catalog.backends.sql.Catalog -# Time to cache catalog data (in seconds). This has no effect -# unless global and catalog caching are enabled. (integer -# value) -#cache_time=<None> +# Toggle for catalog caching. This has no effect unless global caching is +# enabled. (boolean value) +#caching = true -# Maximum number of entities that will be returned in a -# catalog collection. (integer value) -#list_limit=<None> +# Time to cache catalog data (in seconds). This has no effect unless global and +# catalog caching are enabled. (integer value) +#cache_time = <None> -# (Deprecated) List of possible substitutions for use in -# formatting endpoints. Use caution when modifying this list. -# It will give users with permission to create endpoints the -# ability to see those values in your configuration file. This -# option will be removed in Juno. (list value) -#endpoint_substitution_whitelist=tenant_id,user_id,public_bind_host,admin_bind_host,compute_host,compute_port,admin_port,public_port,public_endpoint,admin_endpoint +# Maximum number of entities that will be returned in a catalog collection. +# (integer value) +#list_limit = <None> [credential] # -# Options defined in keystone +# From keystone # # Credential backend driver. (string value) -#driver=keystone.credential.backends.sql.Credential +#driver = keystone.credential.backends.sql.Credential [database] # -# Options defined in oslo.db +# From oslo.db # # The file name to use with SQLite. (string value) -#sqlite_db=oslo.sqlite +# Deprecated group/name - [DEFAULT]/sqlite_db +#sqlite_db = oslo.sqlite # If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous=true +# Deprecated group/name - [DEFAULT]/sqlite_synchronous +#sqlite_synchronous = true # The back end to use for the database. (string value) # Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy +#backend = sqlalchemy -# The SQLAlchemy connection string to use to connect to the -# database. (string value) +# The SQLAlchemy connection string to use to connect to the database. (string +# value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection -#connection=<None> -connection=postgresql://{{ KEYSTONE_DB_USER }}:{{ KEYSTONE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/keystone +#connection = <None> -# The SQLAlchemy connection string to use to connect to the -# slave database. (string value) -#slave_connection=<None> +# The SQLAlchemy connection string to use to connect to the slave database. +# (string value) +#slave_connection = <None> -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode=TRADITIONAL +# The SQL mode to be used for MySQL sessions. This option, including the +# default, overrides any server-set SQL mode. To use whatever SQL mode is set +# by the server configuration, set this to no value. Example: mysql_sql_mode= +# (string value) +#mysql_sql_mode = TRADITIONAL -# Timeout before idle SQL connections are reaped. (integer -# value) +# Timeout before idle SQL connections are reaped. (integer value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 +#idle_timeout = 3600 -# Minimum number of SQL connections to keep open in a pool. -# (integer value) +# Minimum number of SQL connections to keep open in a pool. (integer value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 +#min_pool_size = 1 -# Maximum number of SQL connections to keep open in a pool. -# (integer value) +# Maximum number of SQL connections to keep open in a pool. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size=<None> +#max_pool_size = <None> -# Maximum db connection retries during startup. Set to -1 to +# Maximum number of database connection retries during startup. Set to -1 to # specify an infinite retry count. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 +#max_retries = 10 -# Interval between retries of opening a SQL connection. -# (integer value) +# Interval between retries of opening a SQL connection. (integer value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 +#retry_interval = 10 -# If set, use this value for max_overflow with SQLAlchemy. -# (integer value) +# If set, use this value for max_overflow with SQLAlchemy. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow=<None> +#max_overflow = <None> -# Verbosity of SQL debugging information: 0=None, -# 100=Everything. (integer value) +# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 +#connection_debug = 0 -# Add Python stack traces to SQL as comment strings. (boolean -# value) +# Add Python stack traces to SQL as comment strings. (boolean value) # Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false +#connection_trace = false -# If set, use this value for pool_timeout with SQLAlchemy. -# (integer value) +# If set, use this value for pool_timeout with SQLAlchemy. (integer value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout=<None> +#pool_timeout = <None> -# Enable the experimental use of database reconnect on -# connection lost. (boolean value) -#use_db_reconnect=false +# Enable the experimental use of database reconnect on connection lost. +# (boolean value) +#use_db_reconnect = false -# Seconds between database connection retries. (integer value) -#db_retry_interval=1 +# Seconds between retries of a database transaction. (integer value) +#db_retry_interval = 1 -# If True, increases the interval between database connection -# retries up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval=true +# If True, increases the interval between retries of a database operation up to +# db_max_retry_interval. (boolean value) +#db_inc_retry_interval = true -# If db_inc_retry_interval is set, the maximum seconds between -# database connection retries. (integer value) -#db_max_retry_interval=10 +# If db_inc_retry_interval is set, the maximum seconds between retries of a +# database operation. (integer value) +#db_max_retry_interval = 10 -# Maximum database connection retries before error is raised. -# Set to -1 to specify an infinite retry count. (integer -# value) -#db_max_retries=20 +# Maximum retries in case of connection error or deadlock error before error is +# raised. Set to -1 to specify an infinite retry count. (integer value) +#db_max_retries = 20 -[ec2] +[domain_config] # -# Options defined in keystone +# From keystone # -# EC2Credential backend driver. (string value) -#driver=keystone.contrib.ec2.backends.kvs.Ec2 +# Domain config backend driver. (string value) +#driver = keystone.resource.config_backends.sql.DomainConfig + +# Toggle for domain config caching. This has no effect unless global caching is +# enabled. (boolean value) +#caching = true + +# TTL (in seconds) to cache domain config data. This has no effect unless +# domain config caching is enabled. (integer value) +#cache_time = 300 [endpoint_filter] # -# Options defined in keystone +# From keystone # # Endpoint Filter backend driver (string value) -#driver=keystone.contrib.endpoint_filter.backends.sql.EndpointFilter +#driver = keystone.contrib.endpoint_filter.backends.sql.EndpointFilter -# Toggle to return all active endpoints if no filter exists. -# (boolean value) -#return_all_endpoints_if_no_filter=true +# Toggle to return all active endpoints if no filter exists. (boolean value) +#return_all_endpoints_if_no_filter = true [endpoint_policy] # -# Options defined in keystone +# From keystone # # Endpoint policy backend driver (string value) -#driver=keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy +#driver = keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy + + +[eventlet_server] + +# +# From keystone +# + +# The number of worker processes to serve the public eventlet application. +# Defaults to number of CPUs (minimum of 2). (integer value) +# Deprecated group/name - [DEFAULT]/public_workers +#public_workers = <None> + +# The number of worker processes to serve the admin eventlet application. +# Defaults to number of CPUs (minimum of 2). (integer value) +# Deprecated group/name - [DEFAULT]/admin_workers +#admin_workers = <None> + +# The IP address of the network interface for the public service to listen on. +# (string value) +# Deprecated group/name - [DEFAULT]/bind_host +# Deprecated group/name - [DEFAULT]/public_bind_host +#public_bind_host = 0.0.0.0 + +# The port number which the public service listens on. (integer value) +# Deprecated group/name - [DEFAULT]/public_port +#public_port = 5000 + +# The IP address of the network interface for the admin service to listen on. +# (string value) +# Deprecated group/name - [DEFAULT]/bind_host +# Deprecated group/name - [DEFAULT]/admin_bind_host +#admin_bind_host = 0.0.0.0 + +# The port number which the admin service listens on. (integer value) +# Deprecated group/name - [DEFAULT]/admin_port +#admin_port = 35357 + +# Set this to true if you want to enable TCP_KEEPALIVE on server sockets, i.e. +# sockets used by the Keystone wsgi server for client connections. (boolean +# value) +# Deprecated group/name - [DEFAULT]/tcp_keepalive +#tcp_keepalive = false + +# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only +# applies if tcp_keepalive is true. (integer value) +# Deprecated group/name - [DEFAULT]/tcp_keepidle +#tcp_keepidle = 600 + + +[eventlet_server_ssl] + +# +# From keystone +# + +# Toggle for SSL support on the Keystone eventlet servers. (boolean value) +# Deprecated group/name - [ssl]/enable +#enable = false + +# Path of the certfile for SSL. For non-production environments, you may be +# interested in using `keystone-manage ssl_setup` to generate self-signed +# certificates. (string value) +# Deprecated group/name - [ssl]/certfile +#certfile = /etc/keystone/ssl/certs/keystone.pem + +# Path of the keyfile for SSL. (string value) +# Deprecated group/name - [ssl]/keyfile +#keyfile = /etc/keystone/ssl/private/keystonekey.pem + +# Path of the CA cert file for SSL. (string value) +# Deprecated group/name - [ssl]/ca_certs +#ca_certs = /etc/keystone/ssl/certs/ca.pem + +# Require client certificate. (boolean value) +# Deprecated group/name - [ssl]/cert_required +#cert_required = false [federation] # -# Options defined in keystone +# From keystone # # Federation backend driver. (string value) -#driver=keystone.contrib.federation.backends.sql.Federation +#driver = keystone.contrib.federation.backends.sql.Federation + +# Value to be used when filtering assertion parameters from the environment. +# (string value) +#assertion_prefix = + +# Value to be used to obtain the entity ID of the Identity Provider from the +# environment (e.g. if using the mod_shib plugin this value is `Shib-Identity- +# Provider`). (string value) +#remote_id_attribute = <None> + +# A domain name that is reserved to allow federated ephemeral users to have a +# domain concept. Note that an admin will not be able to create a domain with +# this name or update an existing domain to this name. You are not advised to +# change this value unless you really have to. Changing this option to empty +# string or None will not have any impact and default name will be used. +# (string value) +#federated_domain_name = Federated + +# A list of trusted dashboard hosts. Before accepting a Single Sign-On request +# to return a token, the origin host must be a member of the trusted_dashboard +# list. This configuration option may be repeated for multiple values. For +# example: trusted_dashboard=http://acme.com trusted_dashboard=http://beta.com +# (multi valued) +#trusted_dashboard = + +# Location of Single Sign-On callback handler, will return a token to a trusted +# dashboard host. (string value) +#sso_callback_template = /etc/keystone/sso_callback_template.html + + +[fernet_tokens] + +# +# From keystone +# -# Value to be used when filtering assertion parameters from -# the environment. (string value) -#assertion_prefix= +# Directory containing Fernet token keys. (string value) +#key_repository = /etc/keystone/fernet-keys/ + +# This controls how many keys are held in rotation by keystone-manage +# fernet_rotate before they are discarded. The default value of 3 means that +# keystone will maintain one staged key, one primary key, and one secondary +# key. Increasing this value means that additional secondary keys will be kept +# in the rotation. (integer value) +#max_active_keys = 3 [identity] # -# Options defined in keystone +# From keystone # -# This references the domain to use for all Identity API v2 -# requests (which are not aware of domains). A domain with -# this ID will be created for you by keystone-manage db_sync -# in migration 008. The domain referenced by this ID cannot be -# deleted on the v3 API, to prevent accidentally breaking the -# v2 API. There is nothing special about this domain, other -# than the fact that it must exist to order to maintain -# support for your v2 clients. (string value) -#default_domain_id=default +# This references the domain to use for all Identity API v2 requests (which are +# not aware of domains). A domain with this ID will be created for you by +# keystone-manage db_sync in migration 008. The domain referenced by this ID +# cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API. +# There is nothing special about this domain, other than the fact that it must +# exist to order to maintain support for your v2 clients. (string value) +#default_domain_id = default + +# A subset (or all) of domains can have their own identity driver, each with +# their own partial configuration options, stored in either the resource +# backend or in a file in a domain configuration directory (depending on the +# setting of domain_configurations_from_database). Only values specific to the +# domain need to be specified in this manner. This feature is disabled by +# default; set to true to enable. (boolean value) +#domain_specific_drivers_enabled = false -# A subset (or all) of domains can have their own identity -# driver, each with their own partial configuration file in a -# domain configuration directory. Only values specific to the -# domain need to be placed in the domain specific -# configuration file. This feature is disabled by default; set -# to true to enable. (boolean value) -#domain_specific_drivers_enabled=false +# Extract the domain specific configuration options from the resource backend +# where they have been stored with the domain data. This feature is disabled by +# default (in which case the domain specific options will be loaded from files +# in the domain configuration directory); set to true to enable. (boolean +# value) +#domain_configurations_from_database = false -# Path for Keystone to locate the domain specific identity -# configuration files if domain_specific_drivers_enabled is -# set to true. (string value) -#domain_config_dir=/etc/keystone/domains +# Path for Keystone to locate the domain specific identity configuration files +# if domain_specific_drivers_enabled is set to true. (string value) +#domain_config_dir = /etc/keystone/domains # Identity backend driver. (string value) -#driver=keystone.identity.backends.sql.Identity +#driver = keystone.identity.backends.sql.Identity -# Maximum supported length for user passwords; decrease to -# improve performance. (integer value) -#max_password_length=4096 +# Toggle for identity caching. This has no effect unless global caching is +# enabled. (boolean value) +#caching = true + +# Time to cache identity data (in seconds). This has no effect unless global +# and identity caching are enabled. (integer value) +#cache_time = 600 + +# Maximum supported length for user passwords; decrease to improve performance. +# (integer value) +#max_password_length = 4096 -# Maximum number of entities that will be returned in an -# identity collection. (integer value) -#list_limit=<None> +# Maximum number of entities that will be returned in an identity collection. +# (integer value) +#list_limit = <None> [identity_mapping] # -# Options defined in keystone +# From keystone # # Keystone Identity Mapping backend driver. (string value) -#driver=keystone.identity.mapping_backends.sql.Mapping - -# Public ID generator for user and group entities. The -# Keystone identity mapper only supports generators that -# produce no more than 64 characters. (string value) -#generator=keystone.identity.id_generators.sha256.Generator - -# The format of user and group IDs changed in Juno for -# backends that do not generate UUIDs (e.g. LDAP), with -# keystone providing a hash mapping to the underlying -# attribute in LDAP. By default this mapping is disabled, -# which ensures that existing IDs will not change. Even when -# the mapping is enabled by using domain specific drivers, any -# users and groups from the default domain being handled by -# LDAP will still not be mapped to ensure their IDs remain -# backward compatible. Setting this value to False will enable -# the mapping for even the default LDAP driver. It is only -# safe to do this if you do not already have assignments for -# users and groups from the default LDAP domain, and it is -# acceptable for Keystone to provide the different IDs to -# clients than it did previously. Typically this means that -# the only time you can set this value to False is when -# configuring a fresh installation. (boolean value) -#backward_compatible_ids=true +#driver = keystone.identity.mapping_backends.sql.Mapping + +# Public ID generator for user and group entities. The Keystone identity mapper +# only supports generators that produce no more than 64 characters. (string +# value) +#generator = keystone.identity.id_generators.sha256.Generator + +# The format of user and group IDs changed in Juno for backends that do not +# generate UUIDs (e.g. LDAP), with keystone providing a hash mapping to the +# underlying attribute in LDAP. By default this mapping is disabled, which +# ensures that existing IDs will not change. Even when the mapping is enabled +# by using domain specific drivers, any users and groups from the default +# domain being handled by LDAP will still not be mapped to ensure their IDs +# remain backward compatible. Setting this value to False will enable the +# mapping for even the default LDAP driver. It is only safe to do this if you +# do not already have assignments for users and groups from the default LDAP +# domain, and it is acceptable for Keystone to provide the different IDs to +# clients than it did previously. Typically this means that the only time you +# can set this value to False is when configuring a fresh installation. +# (boolean value) +#backward_compatible_ids = true [kvs] # -# Options defined in keystone +# From keystone # -# Extra dogpile.cache backend modules to register with the -# dogpile.cache library. (list value) -#backends= +# Extra dogpile.cache backend modules to register with the dogpile.cache +# library. (list value) +#backends = -# Prefix for building the configuration dictionary for the KVS -# region. This should not need to be changed unless there is -# another dogpile.cache region with the same configuration -# name. (string value) -#config_prefix=keystone.kvs +# Prefix for building the configuration dictionary for the KVS region. This +# should not need to be changed unless there is another dogpile.cache region +# with the same configuration name. (string value) +#config_prefix = keystone.kvs -# Toggle to disable using a key-mangling function to ensure -# fixed length keys. This is toggle-able for debugging -# purposes, it is highly recommended to always leave this set -# to true. (boolean value) -#enable_key_mangler=true +# Toggle to disable using a key-mangling function to ensure fixed length keys. +# This is toggle-able for debugging purposes, it is highly recommended to +# always leave this set to true. (boolean value) +#enable_key_mangler = true -# Default lock timeout for distributed locking. (integer -# value) -#default_lock_timeout=5 +# Default lock timeout (in seconds) for distributed locking. (integer value) +#default_lock_timeout = 5 [ldap] # -# Options defined in keystone +# From keystone # # URL for connecting to the LDAP server. (string value) -#url=ldap://localhost +#url = ldap://localhost # User BindDN to query the LDAP server. (string value) -#user=<None> +#user = <None> -# Password for the BindDN to query the LDAP server. (string -# value) -#password=<None> +# Password for the BindDN to query the LDAP server. (string value) +#password = <None> # LDAP server suffix (string value) -#suffix=cn=example,cn=com +#suffix = cn=example,cn=com -# If true, will add a dummy member to groups. This is required -# if the objectclass for groups requires the "member" -# attribute. (boolean value) -#use_dumb_member=false +# If true, will add a dummy member to groups. This is required if the +# objectclass for groups requires the "member" attribute. (boolean value) +#use_dumb_member = false -# DN of the "dummy member" to use when "use_dumb_member" is -# enabled. (string value) -#dumb_member=cn=dumb,dc=nonexistent +# DN of the "dummy member" to use when "use_dumb_member" is enabled. (string +# value) +#dumb_member = cn=dumb,dc=nonexistent -# Delete subtrees using the subtree delete control. Only -# enable this option if your LDAP server supports subtree -# deletion. (boolean value) -#allow_subtree_delete=false +# Delete subtrees using the subtree delete control. Only enable this option if +# your LDAP server supports subtree deletion. (boolean value) +#allow_subtree_delete = false -# The LDAP scope for queries, this can be either "one" -# (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). -# (string value) -#query_scope=one +# The LDAP scope for queries, this can be either "one" (onelevel/singleLevel) +# or "sub" (subtree/wholeSubtree). (string value) +#query_scope = one -# Maximum results per page; a value of zero ("0") disables -# paging. (integer value) -#page_size=0 +# Maximum results per page; a value of zero ("0") disables paging. (integer +# value) +#page_size = 0 -# The LDAP dereferencing option for queries. This can be -# either "never", "searching", "always", "finding" or -# "default". The "default" option falls back to using default -# dereferencing configured by your ldap.conf. (string value) -#alias_dereferencing=default +# The LDAP dereferencing option for queries. This can be either "never", +# "searching", "always", "finding" or "default". The "default" option falls +# back to using default dereferencing configured by your ldap.conf. (string +# value) +#alias_dereferencing = default -# Sets the LDAP debugging level for LDAP calls. A value of 0 -# means that debugging is not enabled. This value is a -# bitmask, consult your LDAP documentation for possible -# values. (integer value) -#debug_level=<None> +# Sets the LDAP debugging level for LDAP calls. A value of 0 means that +# debugging is not enabled. This value is a bitmask, consult your LDAP +# documentation for possible values. (integer value) +#debug_level = <None> -# Override the system's default referral chasing behavior for -# queries. (boolean value) -#chase_referrals=<None> +# Override the system's default referral chasing behavior for queries. (boolean +# value) +#chase_referrals = <None> # Search base for users. (string value) -#user_tree_dn=<None> +#user_tree_dn = <None> # LDAP search filter for users. (string value) -#user_filter=<None> +#user_filter = <None> # LDAP objectclass for users. (string value) -#user_objectclass=inetOrgPerson +#user_objectclass = inetOrgPerson -# LDAP attribute mapped to user id. WARNING: must not be a -# multivalued attribute. (string value) -#user_id_attribute=cn +# LDAP attribute mapped to user id. WARNING: must not be a multivalued +# attribute. (string value) +#user_id_attribute = cn # LDAP attribute mapped to user name. (string value) -#user_name_attribute=sn +#user_name_attribute = sn # LDAP attribute mapped to user email. (string value) -#user_mail_attribute=mail +#user_mail_attribute = mail # LDAP attribute mapped to password. (string value) -#user_pass_attribute=userPassword +#user_pass_attribute = userPassword # LDAP attribute mapped to user enabled flag. (string value) -#user_enabled_attribute=enabled - -# Invert the meaning of the boolean enabled values. Some LDAP -# servers use a boolean lock attribute where "true" means an -# account is disabled. Setting "user_enabled_invert = true" -# will allow these lock attributes to be used. This setting -# will have no effect if "user_enabled_mask" or -# "user_enabled_emulation" settings are in use. (boolean -# value) -#user_enabled_invert=false - -# Bitmask integer to indicate the bit that the enabled value -# is stored in if the LDAP server represents "enabled" as a -# bit on an integer rather than a boolean. A value of "0" -# indicates the mask is not used. If this is not set to "0" -# the typical value is "2". This is typically used when -# "user_enabled_attribute = userAccountControl". (integer -# value) -#user_enabled_mask=0 - -# Default value to enable users. This should match an -# appropriate int value if the LDAP server uses non-boolean -# (bitmask) values to indicate if a user is enabled or -# disabled. If this is not set to "True" the typical value is -# "512". This is typically used when "user_enabled_attribute = -# userAccountControl". (string value) -#user_enabled_default=True +#user_enabled_attribute = enabled + +# Invert the meaning of the boolean enabled values. Some LDAP servers use a +# boolean lock attribute where "true" means an account is disabled. Setting +# "user_enabled_invert = true" will allow these lock attributes to be used. +# This setting will have no effect if "user_enabled_mask" or +# "user_enabled_emulation" settings are in use. (boolean value) +#user_enabled_invert = false + +# Bitmask integer to indicate the bit that the enabled value is stored in if +# the LDAP server represents "enabled" as a bit on an integer rather than a +# boolean. A value of "0" indicates the mask is not used. If this is not set to +# "0" the typical value is "2". This is typically used when +# "user_enabled_attribute = userAccountControl". (integer value) +#user_enabled_mask = 0 + +# Default value to enable users. This should match an appropriate int value if +# the LDAP server uses non-boolean (bitmask) values to indicate if a user is +# enabled or disabled. If this is not set to "True" the typical value is "512". +# This is typically used when "user_enabled_attribute = userAccountControl". +# (string value) +#user_enabled_default = True -# List of attributes stripped off the user on update. (list -# value) -#user_attribute_ignore=default_project_id,tenants +# List of attributes stripped off the user on update. (list value) +#user_attribute_ignore = default_project_id,tenants -# LDAP attribute mapped to default_project_id for users. -# (string value) -#user_default_project_id_attribute=<None> +# LDAP attribute mapped to default_project_id for users. (string value) +#user_default_project_id_attribute = <None> # Allow user creation in LDAP backend. (boolean value) -#user_allow_create=true +#user_allow_create = true # Allow user updates in LDAP backend. (boolean value) -#user_allow_update=true +#user_allow_update = true # Allow user deletion in LDAP backend. (boolean value) -#user_allow_delete=true +#user_allow_delete = true -# If true, Keystone uses an alternative method to determine if -# a user is enabled or not by checking if they are a member of -# the "user_enabled_emulation_dn" group. (boolean value) -#user_enabled_emulation=false +# If true, Keystone uses an alternative method to determine if a user is +# enabled or not by checking if they are a member of the +# "user_enabled_emulation_dn" group. (boolean value) +#user_enabled_emulation = false -# DN of the group entry to hold enabled users when using -# enabled emulation. (string value) -#user_enabled_emulation_dn=<None> +# DN of the group entry to hold enabled users when using enabled emulation. +# (string value) +#user_enabled_emulation_dn = <None> -# List of additional LDAP attributes used for mapping -# additional attribute mappings for users. Attribute mapping -# format is <ldap_attr>:<user_attr>, where ldap_attr is the -# attribute in the LDAP entry and user_attr is the Identity -# API attribute. (list value) -#user_additional_attribute_mapping= +# List of additional LDAP attributes used for mapping additional attribute +# mappings for users. Attribute mapping format is <ldap_attr>:<user_attr>, +# where ldap_attr is the attribute in the LDAP entry and user_attr is the +# Identity API attribute. (list value) +#user_additional_attribute_mapping = # Search base for projects (string value) # Deprecated group/name - [ldap]/tenant_tree_dn -#project_tree_dn=<None> +#project_tree_dn = <None> # LDAP search filter for projects. (string value) # Deprecated group/name - [ldap]/tenant_filter -#project_filter=<None> +#project_filter = <None> # LDAP objectclass for projects. (string value) # Deprecated group/name - [ldap]/tenant_objectclass -#project_objectclass=groupOfNames +#project_objectclass = groupOfNames # LDAP attribute mapped to project id. (string value) # Deprecated group/name - [ldap]/tenant_id_attribute -#project_id_attribute=cn +#project_id_attribute = cn -# LDAP attribute mapped to project membership for user. -# (string value) +# LDAP attribute mapped to project membership for user. (string value) # Deprecated group/name - [ldap]/tenant_member_attribute -#project_member_attribute=member +#project_member_attribute = member # LDAP attribute mapped to project name. (string value) # Deprecated group/name - [ldap]/tenant_name_attribute -#project_name_attribute=ou +#project_name_attribute = ou # LDAP attribute mapped to project description. (string value) # Deprecated group/name - [ldap]/tenant_desc_attribute -#project_desc_attribute=description +#project_desc_attribute = description # LDAP attribute mapped to project enabled. (string value) # Deprecated group/name - [ldap]/tenant_enabled_attribute -#project_enabled_attribute=enabled +#project_enabled_attribute = enabled # LDAP attribute mapped to project domain_id. (string value) # Deprecated group/name - [ldap]/tenant_domain_id_attribute -#project_domain_id_attribute=businessCategory +#project_domain_id_attribute = businessCategory -# List of attributes stripped off the project on update. (list -# value) +# List of attributes stripped off the project on update. (list value) # Deprecated group/name - [ldap]/tenant_attribute_ignore -#project_attribute_ignore= +#project_attribute_ignore = # Allow project creation in LDAP backend. (boolean value) # Deprecated group/name - [ldap]/tenant_allow_create -#project_allow_create=true +#project_allow_create = true # Allow project update in LDAP backend. (boolean value) # Deprecated group/name - [ldap]/tenant_allow_update -#project_allow_update=true +#project_allow_update = true # Allow project deletion in LDAP backend. (boolean value) # Deprecated group/name - [ldap]/tenant_allow_delete -#project_allow_delete=true +#project_allow_delete = true -# If true, Keystone uses an alternative method to determine if -# a project is enabled or not by checking if they are a member -# of the "project_enabled_emulation_dn" group. (boolean value) +# If true, Keystone uses an alternative method to determine if a project is +# enabled or not by checking if they are a member of the +# "project_enabled_emulation_dn" group. (boolean value) # Deprecated group/name - [ldap]/tenant_enabled_emulation -#project_enabled_emulation=false +#project_enabled_emulation = false -# DN of the group entry to hold enabled projects when using -# enabled emulation. (string value) +# DN of the group entry to hold enabled projects when using enabled emulation. +# (string value) # Deprecated group/name - [ldap]/tenant_enabled_emulation_dn -#project_enabled_emulation_dn=<None> +#project_enabled_emulation_dn = <None> -# Additional attribute mappings for projects. Attribute -# mapping format is <ldap_attr>:<user_attr>, where ldap_attr -# is the attribute in the LDAP entry and user_attr is the -# Identity API attribute. (list value) +# Additional attribute mappings for projects. Attribute mapping format is +# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry +# and user_attr is the Identity API attribute. (list value) # Deprecated group/name - [ldap]/tenant_additional_attribute_mapping -#project_additional_attribute_mapping= +#project_additional_attribute_mapping = # Search base for roles. (string value) -#role_tree_dn=<None> +#role_tree_dn = <None> # LDAP search filter for roles. (string value) -#role_filter=<None> +#role_filter = <None> # LDAP objectclass for roles. (string value) -#role_objectclass=organizationalRole +#role_objectclass = organizationalRole # LDAP attribute mapped to role id. (string value) -#role_id_attribute=cn +#role_id_attribute = cn # LDAP attribute mapped to role name. (string value) -#role_name_attribute=ou +#role_name_attribute = ou # LDAP attribute mapped to role membership. (string value) -#role_member_attribute=roleOccupant +#role_member_attribute = roleOccupant -# List of attributes stripped off the role on update. (list -# value) -#role_attribute_ignore= +# List of attributes stripped off the role on update. (list value) +#role_attribute_ignore = # Allow role creation in LDAP backend. (boolean value) -#role_allow_create=true +#role_allow_create = true # Allow role update in LDAP backend. (boolean value) -#role_allow_update=true +#role_allow_update = true # Allow role deletion in LDAP backend. (boolean value) -#role_allow_delete=true +#role_allow_delete = true -# Additional attribute mappings for roles. Attribute mapping -# format is <ldap_attr>:<user_attr>, where ldap_attr is the -# attribute in the LDAP entry and user_attr is the Identity -# API attribute. (list value) -#role_additional_attribute_mapping= +# Additional attribute mappings for roles. Attribute mapping format is +# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry +# and user_attr is the Identity API attribute. (list value) +#role_additional_attribute_mapping = # Search base for groups. (string value) -#group_tree_dn=<None> +#group_tree_dn = <None> # LDAP search filter for groups. (string value) -#group_filter=<None> +#group_filter = <None> # LDAP objectclass for groups. (string value) -#group_objectclass=groupOfNames +#group_objectclass = groupOfNames # LDAP attribute mapped to group id. (string value) -#group_id_attribute=cn +#group_id_attribute = cn # LDAP attribute mapped to group name. (string value) -#group_name_attribute=ou +#group_name_attribute = ou -# LDAP attribute mapped to show group membership. (string -# value) -#group_member_attribute=member +# LDAP attribute mapped to show group membership. (string value) +#group_member_attribute = member # LDAP attribute mapped to group description. (string value) -#group_desc_attribute=description +#group_desc_attribute = description -# List of attributes stripped off the group on update. (list -# value) -#group_attribute_ignore= +# List of attributes stripped off the group on update. (list value) +#group_attribute_ignore = # Allow group creation in LDAP backend. (boolean value) -#group_allow_create=true +#group_allow_create = true # Allow group update in LDAP backend. (boolean value) -#group_allow_update=true +#group_allow_update = true # Allow group deletion in LDAP backend. (boolean value) -#group_allow_delete=true - -# Additional attribute mappings for groups. Attribute mapping -# format is <ldap_attr>:<user_attr>, where ldap_attr is the -# attribute in the LDAP entry and user_attr is the Identity -# API attribute. (list value) -#group_additional_attribute_mapping= +#group_allow_delete = true -# CA certificate file path for communicating with LDAP -# servers. (string value) -#tls_cacertfile=<None> +# Additional attribute mappings for groups. Attribute mapping format is +# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry +# and user_attr is the Identity API attribute. (list value) +#group_additional_attribute_mapping = -# CA certificate directory path for communicating with LDAP -# servers. (string value) -#tls_cacertdir=<None> +# CA certificate file path for communicating with LDAP servers. (string value) +#tls_cacertfile = <None> -# Enable TLS for communicating with LDAP servers. (boolean +# CA certificate directory path for communicating with LDAP servers. (string # value) -#use_tls=false +#tls_cacertdir = <None> -# Valid options for tls_req_cert are demand, never, and allow. -# (string value) -#tls_req_cert=demand +# Enable TLS for communicating with LDAP servers. (boolean value) +#use_tls = false + +# Valid options for tls_req_cert are demand, never, and allow. (string value) +#tls_req_cert = demand # Enable LDAP connection pooling. (boolean value) -#use_pool=false +#use_pool = false # Connection pool size. (integer value) -#pool_size=10 +#pool_size = 10 # Maximum count of reconnect trials. (integer value) -#pool_retry_max=3 +#pool_retry_max = 3 -# Time span in seconds to wait between two reconnect trials. -# (floating point value) -#pool_retry_delay=0.1 +# Time span in seconds to wait between two reconnect trials. (floating point +# value) +#pool_retry_delay = 0.1 -# Connector timeout in seconds. Value -1 indicates indefinite -# wait for response. (integer value) -#pool_connection_timeout=-1 +# Connector timeout in seconds. Value -1 indicates indefinite wait for +# response. (integer value) +#pool_connection_timeout = -1 # Connection lifetime in seconds. (integer value) -#pool_connection_lifetime=600 +#pool_connection_lifetime = 600 -# Enable LDAP connection pooling for end user authentication. -# If use_pool is disabled, then this setting is meaningless -# and is not used at all. (boolean value) -#use_auth_pool=false +# Enable LDAP connection pooling for end user authentication. If use_pool is +# disabled, then this setting is meaningless and is not used at all. (boolean +# value) +#use_auth_pool = false # End user auth connection pool size. (integer value) -#auth_pool_size=100 +#auth_pool_size = 100 -# End user auth connection lifetime in seconds. (integer -# value) -#auth_pool_connection_lifetime=60 +# End user auth connection lifetime in seconds. (integer value) +#auth_pool_connection_lifetime = 60 [matchmaker_redis] # -# Options defined in oslo.messaging +# From oslo.messaging # # Host to locate redis. (string value) -#host=127.0.0.1 +#host = 127.0.0.1 # Use this port to connect to redis host. (integer value) -#port=6379 +#port = 6379 # Password for Redis server (optional). (string value) -#password=<None> +#password = <None> [matchmaker_ring] # -# Options defined in oslo.messaging +# From oslo.messaging # # Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json +#ringfile = /etc/oslo/matchmaker_ring.json [memcache] # -# Options defined in keystone +# From keystone # # Memcache servers in the format of "host:port". (list value) -#servers=localhost:11211 - -# Number of seconds memcached server is considered dead before -# it is tried again. This is used by the key value store -# system (e.g. token pooled memcached persistence backend). -# (integer value) -#dead_retry=300 +#servers = localhost:11211 -# Timeout in seconds for every call to a server. This is used -# by the key value store system (e.g. token pooled memcached -# persistence backend). (integer value) -#socket_timeout=3 +# Number of seconds memcached server is considered dead before it is tried +# again. This is used by the key value store system (e.g. token pooled +# memcached persistence backend). (integer value) +#dead_retry = 300 -# Max total number of open connections to every memcached -# server. This is used by the key value store system (e.g. -# token pooled memcached persistence backend). (integer value) -#pool_maxsize=10 +# Timeout in seconds for every call to a server. This is used by the key value +# store system (e.g. token pooled memcached persistence backend). (integer +# value) +#socket_timeout = 3 -# Number of seconds a connection to memcached is held unused -# in the pool before it is closed. This is used by the key -# value store system (e.g. token pooled memcached persistence +# Max total number of open connections to every memcached server. This is used +# by the key value store system (e.g. token pooled memcached persistence # backend). (integer value) -#pool_unused_timeout=60 +#pool_maxsize = 10 -# Number of seconds that an operation will wait to get a -# memcache client connection. This is used by the key value -# store system (e.g. token pooled memcached persistence -# backend). (integer value) -#pool_connection_get_timeout=10 +# Number of seconds a connection to memcached is held unused in the pool before +# it is closed. This is used by the key value store system (e.g. token pooled +# memcached persistence backend). (integer value) +#pool_unused_timeout = 60 + +# Number of seconds that an operation will wait to get a memcache client +# connection. This is used by the key value store system (e.g. token pooled +# memcached persistence backend). (integer value) +#pool_connection_get_timeout = 10 [oauth1] # -# Options defined in keystone +# From keystone # # Credential backend driver. (string value) -#driver=keystone.contrib.oauth1.backends.sql.OAuth1 +#driver = keystone.contrib.oauth1.backends.sql.OAuth1 -# Duration (in seconds) for the OAuth Request Token. (integer -# value) -#request_token_duration=28800 +# Duration (in seconds) for the OAuth Request Token. (integer value) +#request_token_duration = 28800 -# Duration (in seconds) for the OAuth Access Token. (integer -# value) -#access_token_duration=86400 +# Duration (in seconds) for the OAuth Access Token. (integer value) +#access_token_duration = 86400 [os_inherit] # -# Options defined in keystone +# From keystone +# + +# role-assignment inheritance to projects from owning domain or from projects +# higher in the hierarchy can be optionally enabled. (boolean value) +#enabled = false + + +[oslo_messaging_amqp] + # +# From oslo.messaging +# + +# address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +#server_request_prefix = exclusive + +# address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +#broadcast_prefix = broadcast + +# address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +#group_request_prefix = unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +#container_name = <None> + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +#idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +#trace = false + +# CA certificate PEM file for verifing server certificate (string value) +# Deprecated group/name - [amqp1]/ssl_ca_file +#ssl_ca_file = + +# Identifying certificate PEM file to present to clients (string value) +# Deprecated group/name - [amqp1]/ssl_cert_file +#ssl_cert_file = + +# Private key PEM file used to sign cert_file certificate (string value) +# Deprecated group/name - [amqp1]/ssl_key_file +#ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +#ssl_key_password = <None> + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +#allow_insecure_clients = false -# role-assignment inheritance to projects from owning domain -# can be optionally enabled. (boolean value) -#enabled=false + +[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +#qpid_hostname = localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +#qpid_port = 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +#qpid_hosts = $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +#qpid_username = + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +#qpid_password = + +# Space separated list of SASL mechanisms to use for auth. (string value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +#qpid_sasl_mechanisms = + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +#qpid_heartbeat = 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +#qpid_protocol = tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +#qpid_tcp_nodelay = true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +#qpid_receiver_capacity = 1 + +# The qpid topology version to use. Version 1 is what was originally used by +# impl_qpid. Version 2 includes some backwards-incompatible changes that allow +# broker federation to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +#qpid_topology_version = 1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and +# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some +# distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +#kombu_ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +#kombu_ssl_keyfile = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +#kombu_ssl_certfile = + +# SSL certification authority file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +#kombu_ssl_ca_certs = + +# How long to wait before reconnecting in response to an AMQP consumer cancel +# notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +#kombu_reconnect_delay = 1.0 + +# The RabbitMQ broker address where a single node is used. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_host +#rabbit_host = localhost + +# The RabbitMQ broker port where a single node is used. (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_port +#rabbit_port = 5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +#rabbit_hosts = $rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +#rabbit_use_ssl = false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +#rabbit_userid = guest + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +#rabbit_password = guest + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +#rabbit_login_method = AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +#rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +#rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +#rabbit_retry_backoff = 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry +# count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +#rabbit_max_retries = 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you +# must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +#rabbit_ha_queues = false + +# Number of seconds after which the Rabbit broker is considered down if +# heartbeat's keep-alive fails (0 disable the heartbeat). (integer value) +#heartbeat_timeout_threshold = 60 + +# How often times during the heartbeat_timeout_threshold we check the +# heartbeat. (integer value) +#heartbeat_rate = 2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +#fake_rabbit = false + + +[oslo_middleware] + +# +# From oslo.middleware +# + +# The maximum body size for each request, in bytes. (integer value) +# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size +# Deprecated group/name - [DEFAULT]/max_request_body_size +#max_request_body_size = 114688 + + +[oslo_policy] + +# +# From oslo.policy +# + +# The JSON file that defines policies. (string value) +# Deprecated group/name - [DEFAULT]/policy_file +#policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. (string value) +# Deprecated group/name - [DEFAULT]/policy_default_rule +#policy_default_rule = default + +# Directories where policy configuration files are stored. They can be relative +# to any directory in the search path defined by the config_dir option, or +# absolute paths. The file defined by policy_file must exist for these +# directories to be searched. Missing or empty directories are ignored. (multi +# valued) +# Deprecated group/name - [DEFAULT]/policy_dirs +#policy_dirs = policy.d [paste_deploy] # -# Options defined in keystone +# From keystone # -# Name of the paste configuration file that defines the -# available pipelines. (string value) -#config_file=keystone-paste.ini +# Name of the paste configuration file that defines the available pipelines. +# (string value) +#config_file = keystone-paste.ini [policy] # -# Options defined in keystone +# From keystone # # Policy backend driver. (string value) -#driver=keystone.policy.backends.sql.Policy +#driver = keystone.policy.backends.sql.Policy + +# Maximum number of entities that will be returned in a policy collection. +# (integer value) +#list_limit = <None> + -# Maximum number of entities that will be returned in a policy -# collection. (integer value) -#list_limit=<None> +[resource] + +# +# From keystone +# + +# Resource backend driver. If a resource driver is not specified, the +# assignment driver will choose the resource driver. (string value) +#driver = <None> + +# Toggle for resource caching. This has no effect unless global caching is +# enabled. (boolean value) +# Deprecated group/name - [assignment]/caching +#caching = true + +# TTL (in seconds) to cache resource data. This has no effect unless global +# caching is enabled. (integer value) +# Deprecated group/name - [assignment]/cache_time +#cache_time = <None> + +# Maximum number of entities that will be returned in a resource collection. +# (integer value) +# Deprecated group/name - [assignment]/list_limit +#list_limit = <None> [revoke] # -# Options defined in keystone +# From keystone +# + +# An implementation of the backend for persisting revocation events. (string +# value) +#driver = keystone.contrib.revoke.backends.sql.Revoke + +# This value (calculated in seconds) is added to token expiration before a +# revocation event may be removed from the backend. (integer value) +#expiration_buffer = 1800 + +# Toggle for revocation event caching. This has no effect unless global caching +# is enabled. (boolean value) +#caching = true + +# Time to cache the revocation list and the revocation events (in seconds). +# This has no effect unless global and token caching are enabled. (integer +# value) +# Deprecated group/name - [token]/revocation_cache_time +#cache_time = 3600 + + +[role] + +# +# From keystone # -# An implementation of the backend for persisting revocation -# events. (string value) -#driver=keystone.contrib.revoke.backends.kvs.Revoke +# Role backend driver. (string value) +#driver = <None> -# This value (calculated in seconds) is added to token -# expiration before a revocation event may be removed from the -# backend. (integer value) -#expiration_buffer=1800 +# Toggle for role caching. This has no effect unless global caching is enabled. +# (boolean value) +#caching = true + +# TTL (in seconds) to cache role data. This has no effect unless global caching +# is enabled. (integer value) +#cache_time = <None> -# Toggle for revocation event caching. This has no effect -# unless global caching is enabled. (boolean value) -#caching=true +# Maximum number of entities that will be returned in a role collection. +# (integer value) +#list_limit = <None> [saml] # -# Options defined in keystone +# From keystone # -# Default TTL, in seconds, for any generated SAML assertion -# created by Keystone. (integer value) -#assertion_expiration_time=3600 +# Default TTL, in seconds, for any generated SAML assertion created by +# Keystone. (integer value) +#assertion_expiration_time = 3600 -# Binary to be called for XML signing. Install the appropriate -# package, specify absolute path or adjust your PATH -# environment variable if the binary cannot be found. (string -# value) -#xmlsec1_binary=xmlsec1 - -# Path of the certfile for SAML signing. For non-production -# environments, you may be interested in using `keystone- -# manage pki_setup` to generate self-signed certificates. -# Note, the path cannot contain a comma. (string value) -#certfile=/etc/keystone/ssl/certs/signing_cert.pem - -# Path of the keyfile for SAML signing. Note, the path cannot -# contain a comma. (string value) -#keyfile=/etc/keystone/ssl/private/signing_key.pem - -# Entity ID value for unique Identity Provider identification. -# Usually FQDN is set with a suffix. A value is required to -# generate IDP Metadata. For example: -# https://keystone.example.com/v3/OS-FEDERATION/saml2/idp -# (string value) -#idp_entity_id=<None> +# Binary to be called for XML signing. Install the appropriate package, specify +# absolute path or adjust your PATH environment variable if the binary cannot +# be found. (string value) +#xmlsec1_binary = xmlsec1 + +# Path of the certfile for SAML signing. For non-production environments, you +# may be interested in using `keystone-manage pki_setup` to generate self- +# signed certificates. Note, the path cannot contain a comma. (string value) +#certfile = /etc/keystone/ssl/certs/signing_cert.pem -# Identity Provider Single-Sign-On service value, required in -# the Identity Provider's metadata. A value is required to -# generate IDP Metadata. For example: -# https://keystone.example.com/v3/OS-FEDERATION/saml2/sso +# Path of the keyfile for SAML signing. Note, the path cannot contain a comma. # (string value) -#idp_sso_endpoint=<None> +#keyfile = /etc/keystone/ssl/private/signing_key.pem -# Language used by the organization. (string value) -#idp_lang=en +# Entity ID value for unique Identity Provider identification. Usually FQDN is +# set with a suffix. A value is required to generate IDP Metadata. For example: +# https://keystone.example.com/v3/OS-FEDERATION/saml2/idp (string value) +#idp_entity_id = <None> -# Organization name the installation belongs to. (string +# Identity Provider Single-Sign-On service value, required in the Identity +# Provider's metadata. A value is required to generate IDP Metadata. For +# example: https://keystone.example.com/v3/OS-FEDERATION/saml2/sso (string # value) -#idp_organization_name=<None> +#idp_sso_endpoint = <None> + +# Language used by the organization. (string value) +#idp_lang = en + +# Organization name the installation belongs to. (string value) +#idp_organization_name = <None> # Organization name to be displayed. (string value) -#idp_organization_display_name=<None> +#idp_organization_display_name = <None> # URL of the organization. (string value) -#idp_organization_url=<None> +#idp_organization_url = <None> # Company of contact person. (string value) -#idp_contact_company=<None> +#idp_contact_company = <None> # Given name of contact person (string value) -#idp_contact_name=<None> +#idp_contact_name = <None> # Surname of contact person. (string value) -#idp_contact_surname=<None> +#idp_contact_surname = <None> # Email address of contact person. (string value) -#idp_contact_email=<None> +#idp_contact_email = <None> # Telephone number of contact person. (string value) -#idp_contact_telephone=<None> +#idp_contact_telephone = <None> + +# Contact type. Allowed values are: technical, support, administrative billing, +# and other (string value) +#idp_contact_type = other -# Contact type. Allowed values are: technical, support, -# administrative billing, and other (string value) -#idp_contact_type=other +# Path to the Identity Provider Metadata file. This file should be generated +# with the keystone-manage saml_idp_metadata command. (string value) +#idp_metadata_path = /etc/keystone/saml2_idp_metadata.xml -# Path to the Identity Provider Metadata file. This file -# should be generated with the keystone-manage -# saml_idp_metadata command. (string value) -#idp_metadata_path=/etc/keystone/saml2_idp_metadata.xml +# The prefix to use for the RelayState SAML attribute, used when generating ECP +# wrapped assertions. (string value) +#relay_state_prefix = ss:mem: [signing] # -# Options defined in keystone +# From keystone # -# Deprecated in favor of provider in the [token] section. -# (string value) -#token_format=<None> - -# Path of the certfile for token signing. For non-production -# environments, you may be interested in using `keystone- -# manage pki_setup` to generate self-signed certificates. -# (string value) -#certfile=/etc/keystone/ssl/certs/signing_cert.pem +# Path of the certfile for token signing. For non-production environments, you +# may be interested in using `keystone-manage pki_setup` to generate self- +# signed certificates. (string value) +#certfile = /etc/keystone/ssl/certs/signing_cert.pem # Path of the keyfile for token signing. (string value) -#keyfile=/etc/keystone/ssl/private/signing_key.pem +#keyfile = /etc/keystone/ssl/private/signing_key.pem # Path of the CA for token signing. (string value) -#ca_certs=/etc/keystone/ssl/certs/ca.pem +#ca_certs = /etc/keystone/ssl/certs/ca.pem # Path of the CA key for token signing. (string value) -#ca_key=/etc/keystone/ssl/private/cakey.pem +#ca_key = /etc/keystone/ssl/private/cakey.pem -# Key size (in bits) for token signing cert (auto generated -# certificate). (integer value) -#key_size=2048 +# Key size (in bits) for token signing cert (auto generated certificate). +# (integer value) +#key_size = 2048 -# Days the token signing cert is valid for (auto generated -# certificate). (integer value) -#valid_days=3650 +# Days the token signing cert is valid for (auto generated certificate). +# (integer value) +#valid_days = 3650 -# Certificate subject (auto generated certificate) for token -# signing. (string value) -#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com +# Certificate subject (auto generated certificate) for token signing. (string +# value) +#cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com [ssl] # -# Options defined in keystone +# From keystone # -# Toggle for SSL support on the Keystone eventlet servers. -# (boolean value) -#enable=false - -# Path of the certfile for SSL. For non-production -# environments, you may be interested in using `keystone- -# manage ssl_setup` to generate self-signed certificates. -# (string value) -#certfile=/etc/keystone/ssl/certs/keystone.pem - -# Path of the keyfile for SSL. (string value) -#keyfile=/etc/keystone/ssl/private/keystonekey.pem - -# Path of the ca cert file for SSL. (string value) -#ca_certs=/etc/keystone/ssl/certs/ca.pem - # Path of the CA key file for SSL. (string value) -#ca_key=/etc/keystone/ssl/private/cakey.pem +#ca_key = /etc/keystone/ssl/private/cakey.pem -# Require client certificate. (boolean value) -#cert_required=false +# SSL key length (in bits) (auto generated certificate). (integer value) +#key_size = 1024 -# SSL key length (in bits) (auto generated certificate). +# Days the certificate is valid for once signed (auto generated certificate). # (integer value) -#key_size=1024 - -# Days the certificate is valid for once signed (auto -# generated certificate). (integer value) -#valid_days=3650 - -# SSL certificate subject (auto generated certificate). -# (string value) -#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost - - -[stats] +#valid_days = 3650 -# -# Options defined in keystone -# - -# Stats backend driver. (string value) -#driver=keystone.contrib.stats.backends.kvs.Stats +# SSL certificate subject (auto generated certificate). (string value) +#cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=localhost [token] # -# Options defined in keystone +# From keystone # -# External auth mechanisms that should add bind information to -# token, e.g., kerberos,x509. (list value) -#bind= +# External auth mechanisms that should add bind information to token, e.g., +# kerberos,x509. (list value) +#bind = -# Enforcement policy on tokens presented to Keystone with bind -# information. One of disabled, permissive, strict, required -# or a specifically required bind mode, e.g., kerberos or x509 -# to require binding to that authentication. (string value) -#enforce_token_bind=permissive +# Enforcement policy on tokens presented to Keystone with bind information. One +# of disabled, permissive, strict, required or a specifically required bind +# mode, e.g., kerberos or x509 to require binding to that authentication. +# (string value) +#enforce_token_bind = permissive -# Amount of time a token should remain valid (in seconds). -# (integer value) -#expiration=3600 +# Amount of time a token should remain valid (in seconds). (integer value) +#expiration = 3600 -# Controls the token construction, validation, and revocation -# operations. Core providers are -# "keystone.token.providers.[pkiz|pki|uuid].Provider". The -# default provider is pkiz. (string value) -provider=keystone.token.providers.uuid.Provider +# Controls the token construction, validation, and revocation operations. Core +# providers are "keystone.token.providers.[fernet|pkiz|pki|uuid].Provider". +# (string value) +#provider = keystone.token.providers.uuid.Provider # Token persistence backend driver. (string value) -driver=keystone.token.backends.sql.Token +#driver = keystone.token.persistence.backends.sql.Token -# Toggle for token system caching. This has no effect unless -# global caching is enabled. (boolean value) -#caching=true +# Toggle for token system caching. This has no effect unless global caching is +# enabled. (boolean value) +#caching = true -# Time to cache the revocation list and the revocation events -# if revoke extension is enabled (in seconds). This has no -# effect unless global and token caching are enabled. (integer -# value) -#revocation_cache_time=3600 - -# Time to cache tokens (in seconds). This has no effect unless -# global and token caching are enabled. (integer value) -#cache_time=<None> - -# Revoke token by token identifier. Setting revoke_by_id to -# true enables various forms of enumerating tokens, e.g. `list -# tokens for user`. These enumerations are processed to -# determine the list of tokens to revoke. Only disable if you -# are switching to using the Revoke extension with a backend -# other than KVS, which stores events in memory. (boolean +# Time to cache tokens (in seconds). This has no effect unless global and token +# caching are enabled. (integer value) +#cache_time = <None> + +# Revoke token by token identifier. Setting revoke_by_id to true enables +# various forms of enumerating tokens, e.g. `list tokens for user`. These +# enumerations are processed to determine the list of tokens to revoke. Only +# disable if you are switching to using the Revoke extension with a backend +# other than KVS, which stores events in memory. (boolean value) +#revoke_by_id = true + +# Allow rescoping of scoped token. Setting allow_rescoped_scoped_token to false +# prevents a user from exchanging a scoped token for any other token. (boolean # value) -#revoke_by_id=true +#allow_rescope_scoped_token = true -# The hash algorithm to use for PKI tokens. This can be set to -# any algorithm that hashlib supports. WARNING: Before -# changing this value, the auth_token middleware must be -# configured with the hash_algorithms, otherwise token +# The hash algorithm to use for PKI tokens. This can be set to any algorithm +# that hashlib supports. WARNING: Before changing this value, the auth_token +# middleware must be configured with the hash_algorithms, otherwise token # revocation will not be processed correctly. (string value) -#hash_algorithm=md5 +#hash_algorithm = md5 [trust] # -# Options defined in keystone +# From keystone # -# Delegation and impersonation features can be optionally -# disabled. (boolean value) -#enabled=true +# Delegation and impersonation features can be optionally disabled. (boolean +# value) +#enabled = true -# Trust backend driver. (string value) -#driver=keystone.trust.backends.sql.Trust +# Enable redelegation feature. (boolean value) +#allow_redelegation = false +# Maximum depth of trust redelegation. (integer value) +#max_redelegation_count = 3 +# Trust backend driver. (string value) +#driver = keystone.trust.backends.sql.Trust diff --git a/install-files/openstack/usr/share/openstack/keystone/logging.conf b/install-files/openstack/usr/share/openstack/keystone/logging.conf deleted file mode 100644 index 6cb8c425..00000000 --- a/install-files/openstack/usr/share/openstack/keystone/logging.conf +++ /dev/null @@ -1,65 +0,0 @@ -[loggers] -keys=root,access - -[handlers] -keys=production,file,access_file,devel - -[formatters] -keys=minimal,normal,debug - - -########### -# Loggers # -########### - -[logger_root] -level=WARNING -handlers=file - -[logger_access] -level=INFO -qualname=access -handlers=access_file - - -################ -# Log Handlers # -################ - -[handler_production] -class=handlers.SysLogHandler -level=ERROR -formatter=normal -args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) - -[handler_file] -class=handlers.WatchedFileHandler -level=WARNING -formatter=normal -args=('error.log',) - -[handler_access_file] -class=handlers.WatchedFileHandler -level=INFO -formatter=minimal -args=('access.log',) - -[handler_devel] -class=StreamHandler -level=NOTSET -formatter=debug -args=(sys.stdout,) - - -################## -# Log Formatters # -################## - -[formatter_minimal] -format=%(message)s - -[formatter_normal] -format=(%(name)s): %(asctime)s %(levelname)s %(message)s - -[formatter_debug] -format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s diff --git a/install-files/openstack/usr/share/openstack/keystone/policy.json b/install-files/openstack/usr/share/openstack/keystone/policy.json deleted file mode 100644 index af65205e..00000000 --- a/install-files/openstack/usr/share/openstack/keystone/policy.json +++ /dev/null @@ -1,171 +0,0 @@ -{ - "admin_required": "role:admin or is_admin:1", - "service_role": "role:service", - "service_or_admin": "rule:admin_required or rule:service_role", - "owner" : "user_id:%(user_id)s", - "admin_or_owner": "rule:admin_required or rule:owner", - - "default": "rule:admin_required", - - "identity:get_region": "", - "identity:list_regions": "", - "identity:create_region": "rule:admin_required", - "identity:update_region": "rule:admin_required", - "identity:delete_region": "rule:admin_required", - - "identity:get_service": "rule:admin_required", - "identity:list_services": "rule:admin_required", - "identity:create_service": "rule:admin_required", - "identity:update_service": "rule:admin_required", - "identity:delete_service": "rule:admin_required", - - "identity:get_endpoint": "rule:admin_required", - "identity:list_endpoints": "rule:admin_required", - "identity:create_endpoint": "rule:admin_required", - "identity:update_endpoint": "rule:admin_required", - "identity:delete_endpoint": "rule:admin_required", - - "identity:get_domain": "rule:admin_required", - "identity:list_domains": "rule:admin_required", - "identity:create_domain": "rule:admin_required", - "identity:update_domain": "rule:admin_required", - "identity:delete_domain": "rule:admin_required", - - "identity:get_project": "rule:admin_required", - "identity:list_projects": "rule:admin_required", - "identity:list_user_projects": "rule:admin_or_owner", - "identity:create_project": "rule:admin_required", - "identity:update_project": "rule:admin_required", - "identity:delete_project": "rule:admin_required", - - "identity:get_user": "rule:admin_required", - "identity:list_users": "rule:admin_required", - "identity:create_user": "rule:admin_required", - "identity:update_user": "rule:admin_required", - "identity:delete_user": "rule:admin_required", - "identity:change_password": "rule:admin_or_owner", - - "identity:get_group": "rule:admin_required", - "identity:list_groups": "rule:admin_required", - "identity:list_groups_for_user": "rule:admin_or_owner", - "identity:create_group": "rule:admin_required", - "identity:update_group": "rule:admin_required", - "identity:delete_group": "rule:admin_required", - "identity:list_users_in_group": "rule:admin_required", - "identity:remove_user_from_group": "rule:admin_required", - "identity:check_user_in_group": "rule:admin_required", - "identity:add_user_to_group": "rule:admin_required", - - "identity:get_credential": "rule:admin_required", - "identity:list_credentials": "rule:admin_required", - "identity:create_credential": "rule:admin_required", - "identity:update_credential": "rule:admin_required", - "identity:delete_credential": "rule:admin_required", - - "identity:ec2_get_credential": "rule:admin_or_owner", - "identity:ec2_list_credentials": "rule:admin_or_owner", - "identity:ec2_create_credential": "rule:admin_or_owner", - "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)", - - "identity:get_role": "rule:admin_required", - "identity:list_roles": "rule:admin_required", - "identity:create_role": "rule:admin_required", - "identity:update_role": "rule:admin_required", - "identity:delete_role": "rule:admin_required", - - "identity:check_grant": "rule:admin_required", - "identity:list_grants": "rule:admin_required", - "identity:create_grant": "rule:admin_required", - "identity:revoke_grant": "rule:admin_required", - - "identity:list_role_assignments": "rule:admin_required", - - "identity:get_policy": "rule:admin_required", - "identity:list_policies": "rule:admin_required", - "identity:create_policy": "rule:admin_required", - "identity:update_policy": "rule:admin_required", - "identity:delete_policy": "rule:admin_required", - - "identity:check_token": "rule:admin_required", - "identity:validate_token": "rule:service_or_admin", - "identity:validate_token_head": "rule:service_or_admin", - "identity:revocation_list": "rule:service_or_admin", - "identity:revoke_token": "rule:admin_or_owner", - - "identity:create_trust": "user_id:%(trust.trustor_user_id)s", - "identity:get_trust": "rule:admin_or_owner", - "identity:list_trusts": "", - "identity:list_roles_for_trust": "", - "identity:check_role_for_trust": "", - "identity:get_role_for_trust": "", - "identity:delete_trust": "", - - "identity:create_consumer": "rule:admin_required", - "identity:get_consumer": "rule:admin_required", - "identity:list_consumers": "rule:admin_required", - "identity:delete_consumer": "rule:admin_required", - "identity:update_consumer": "rule:admin_required", - - "identity:authorize_request_token": "rule:admin_required", - "identity:list_access_token_roles": "rule:admin_required", - "identity:get_access_token_role": "rule:admin_required", - "identity:list_access_tokens": "rule:admin_required", - "identity:get_access_token": "rule:admin_required", - "identity:delete_access_token": "rule:admin_required", - - "identity:list_projects_for_endpoint": "rule:admin_required", - "identity:add_endpoint_to_project": "rule:admin_required", - "identity:check_endpoint_in_project": "rule:admin_required", - "identity:list_endpoints_for_project": "rule:admin_required", - "identity:remove_endpoint_from_project": "rule:admin_required", - - "identity:create_endpoint_group": "rule:admin_required", - "identity:list_endpoint_groups": "rule:admin_required", - "identity:get_endpoint_group": "rule:admin_required", - "identity:update_endpoint_group": "rule:admin_required", - "identity:delete_endpoint_group": "rule:admin_required", - "identity:list_projects_associated_with_endpoint_group": "rule:admin_required", - "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required", - "identity:list_endpoint_groups_for_project": "rule:admin_required", - "identity:add_endpoint_group_to_project": "rule:admin_required", - "identity:remove_endpoint_group_from_project": "rule:admin_required", - - "identity:create_identity_provider": "rule:admin_required", - "identity:list_identity_providers": "rule:admin_required", - "identity:get_identity_providers": "rule:admin_required", - "identity:update_identity_provider": "rule:admin_required", - "identity:delete_identity_provider": "rule:admin_required", - - "identity:create_protocol": "rule:admin_required", - "identity:update_protocol": "rule:admin_required", - "identity:get_protocol": "rule:admin_required", - "identity:list_protocols": "rule:admin_required", - "identity:delete_protocol": "rule:admin_required", - - "identity:create_mapping": "rule:admin_required", - "identity:get_mapping": "rule:admin_required", - "identity:list_mappings": "rule:admin_required", - "identity:delete_mapping": "rule:admin_required", - "identity:update_mapping": "rule:admin_required", - - "identity:get_auth_catalog": "", - "identity:get_auth_projects": "", - "identity:get_auth_domains": "", - - "identity:list_projects_for_groups": "", - "identity:list_domains_for_groups": "", - - "identity:list_revoke_events": "", - - "identity:create_policy_association_for_endpoint": "rule:admin_required", - "identity:check_policy_association_for_endpoint": "rule:admin_required", - "identity:delete_policy_association_for_endpoint": "rule:admin_required", - "identity:create_policy_association_for_service": "rule:admin_required", - "identity:check_policy_association_for_service": "rule:admin_required", - "identity:delete_policy_association_for_service": "rule:admin_required", - "identity:create_policy_association_for_region_and_service": "rule:admin_required", - "identity:check_policy_association_for_region_and_service": "rule:admin_required", - "identity:delete_policy_association_for_region_and_service": "rule:admin_required", - "identity:get_policy_for_endpoint": "rule:admin_required", - "identity:list_endpoints_for_policy": "rule:admin_required" -} diff --git a/install-files/openstack/usr/share/openstack/neutron/api-paste.ini b/install-files/openstack/usr/share/openstack/neutron/api-paste.ini deleted file mode 100644 index bbcd4152..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/api-paste.ini +++ /dev/null @@ -1,30 +0,0 @@ -[composite:neutron] -use = egg:Paste#urlmap -/: neutronversions -/v2.0: neutronapi_v2_0 - -[composite:neutronapi_v2_0] -use = call:neutron.auth:pipeline_factory -noauth = request_id catch_errors extensions neutronapiapp_v2_0 -keystone = request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0 - -[filter:request_id] -paste.filter_factory = neutron.openstack.common.middleware.request_id:RequestIdMiddleware.factory - -[filter:catch_errors] -paste.filter_factory = neutron.openstack.common.middleware.catch_errors:CatchErrorsMiddleware.factory - -[filter:keystonecontext] -paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:extensions] -paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory - -[app:neutronversions] -paste.app_factory = neutron.api.versions:Versions.factory - -[app:neutronapiapp_v2_0] -paste.app_factory = neutron.api.v2.router:APIRouter.factory diff --git a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini index c6c2b9a7..a0adccaa 100644 --- a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini +++ b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini @@ -1,7 +1,6 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = False -use_syslog = True # The DHCP agent will resync its state with Neutron to recover from any # transient notification or rpc errors. The interval is number of @@ -14,7 +13,7 @@ use_syslog = True # Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, # BigSwitch/Floodlight) -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Name of Open vSwitch bridge to use # ovs_integration_bridge = br-int @@ -29,18 +28,20 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # The agent can use other DHCP drivers. Dnsmasq is the simplest and requires # no additional setup of the DHCP server. -dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq +# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True +# iproute2 package that supports namespaces). This option is deprecated and +# will be removed in a future release, at which point the old behavior of +# use_namespaces = True will be enforced. +# use_namespaces = True # The DHCP server can assist with providing metadata support on isolated # networks. Setting this value to True will cause the DHCP server to append # specific host routes to the DHCP request. The metadata service will only # be activated when the subnet does not contain any router port. The guest # instance must be configured to request host routes via DHCP (Option 121). -enable_isolated_metadata = True +# enable_isolated_metadata = False # Allows for serving metadata requests coming from a dedicated metadata # access network whose cidr is 169.254.169.254/16 (or larger prefix), and @@ -73,16 +74,15 @@ enable_isolated_metadata = True # Location to DHCP lease relay UNIX domain socket # dhcp_lease_relay_socket = $state_path/dhcp/lease_relay -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy +# Use broadcast in DHCP replies +# dhcp_broadcast_reply = False -# dhcp_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the dhcp agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. -# If True, namespaces will be deleted when a dhcp server is disabled. -# dhcp_delete_namespaces = False +# dhcp_delete_namespaces, which is True by default, can be set to False if +# namespaces can't be deleted cleanly on the host running the DHCP agent. +# Disable this if you hit the issue in +# https://bugs.launchpad.net/neutron/+bug/1052535 or if +# you are sure that your version of iproute suffers from the problem. +# dhcp_delete_namespaces = True # Timeout for ovs-vsctl commands. # If the timeout expires, ovs commands will fail with ALARMCLOCK error. diff --git a/install-files/openstack/usr/share/openstack/neutron/fwaas_driver.ini b/install-files/openstack/usr/share/openstack/neutron/fwaas_driver.ini deleted file mode 100644 index 41f761ab..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/fwaas_driver.ini +++ /dev/null @@ -1,3 +0,0 @@ -[fwaas] -#driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver -#enabled = True diff --git a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini index 000cd997..0d56436b 100644 --- a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini +++ b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini @@ -1,7 +1,6 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = False -use_syslog = True # L3 requires that an interface driver be set. Choose the one that best # matches your plugin. @@ -9,7 +8,7 @@ use_syslog = True # Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) # that supports L3 agent -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Use veth for an OVS interface or not. # Support kernels with limited namespace support @@ -20,8 +19,10 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True +# iproute2 package that supports namespaces). This option is deprecated and +# will be removed in a future release, at which point the old behavior of +# use_namespaces = True will be enforced. +# use_namespaces = True # If use_namespaces is set as False then the agent can only configure one router. @@ -35,6 +36,20 @@ use_namespaces = True # must be left empty. # gateway_external_network_id = +# With IPv6, the network used for the external gateway does not need +# to have an associated subnet, since the automatically assigned +# link-local address (LLA) can be used. However, an IPv6 gateway address +# is needed for use as the next-hop for the default route. If no IPv6 +# gateway address is configured here, (and only then) the neutron router +# will be configured to get its default route from router advertisements (RAs) +# from the upstream router; in which case the upstream router must also be +# configured to send these RAs. +# The ipv6_gateway, when configured, should be the LLA of the interface +# on the upstream router. If a next-hop using a global unique address (GUA) +# is desired, it needs to be done via a subnet allocated to the network +# and not through this parameter. +# ipv6_gateway = + # Indicates that this L3 agent should also handle routers that do not have # an external network gateway configured. This option should be True only # for a single agent in a Neutron deployment, and may be False for all agents @@ -44,7 +59,7 @@ use_namespaces = True # Name of bridge used for external network traffic. This should be set to # empty value for the linux bridge. when this parameter is set, each L3 agent # can be associated with no more than one external network. -external_network_bridge = br-ex +# external_network_bridge = br-ex # TCP Port used by Neutron metadata server # metadata_port = 9697 @@ -64,16 +79,19 @@ external_network_bridge = br-ex # if the Nova metadata server is not available # enable_metadata_proxy = True -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy +# Iptables mangle mark used to mark metadata valid requests +# metadata_access_mark = 0x1 + +# Iptables mangle mark used to mark ingress from external network +# external_ingress_mark = 0x2 -# router_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the L3 agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. +# router_delete_namespaces, which is True by default, can be set to False if +# namespaces can't be deleted cleanly on the host running the L3 agent. +# Disable this if you hit the issue in +# https://bugs.launchpad.net/neutron/+bug/1052535 or if +# you are sure that your version of iproute suffers from the problem. # If True, namespaces will be deleted when a router is destroyed. -# router_delete_namespaces = False +# router_delete_namespaces = True # Timeout for ovs-vsctl commands. # If the timeout expires, ovs commands will fail with ALARMCLOCK error. diff --git a/install-files/openstack/usr/share/openstack/neutron/lbaas_agent.ini b/install-files/openstack/usr/share/openstack/neutron/lbaas_agent.ini deleted file mode 100644 index 68a2759e..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/lbaas_agent.ini +++ /dev/null @@ -1,42 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output). -# debug = False - -# The LBaaS agent will resync its state with Neutron to recover from any -# transient notification or rpc errors. The interval is number of -# seconds between attempts. -# periodic_interval = 10 - -# LBaas requires an interface driver be set. Choose the one that best -# matches your plugin. -# interface_driver = - -# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC, NVP, -# BigSwitch/Floodlight) -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -# ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# The agent requires drivers to manage the loadbalancer. HAProxy is the opensource version. -# Multiple device drivers reflecting different service providers could be specified: -# device_driver = path.to.provider1.driver.Driver -# device_driver = path.to.provider2.driver.Driver -# Default is: -# device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver - -[haproxy] -# Location to store config and state files -# loadbalancer_state_path = $state_path/lbaas - -# The user group -# user_group = nogroup - -# When delete and re-add the same vip, send this many gratuitous ARPs to flush -# the ARP cache in the Router. Set it below or equal to 0 to disable this feature. -# send_gratuitous_arp = 3 diff --git a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini index ed238770..4a0331ee 100644 --- a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini +++ b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini @@ -1,24 +1,23 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = True -use_syslog = True # The Neutron user information for accessing the Neutron API. -auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -auth_region = regionOne +auth_url = http://localhost:5000/v2.0 +auth_region = RegionOne # Turn off verification of the certificate for ssl # auth_insecure = False # Certificate Authority public key (CA cert) file for ssl # auth_ca_cert = -admin_tenant_name = service -admin_user = {{ NEUTRON_SERVICE_USER }} -admin_password = {{ NEUTRON_SERVICE_PASSWORD }} +admin_tenant_name = %SERVICE_TENANT_NAME% +admin_user = %SERVICE_USER% +admin_password = %SERVICE_PASSWORD% # Network service endpoint type to pull from the keystone catalog # endpoint_type = adminURL # IP address used by Nova metadata server -nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }} +# nova_metadata_ip = 127.0.0.1 # TCP Port used by Nova metadata server # nova_metadata_port = 8775 @@ -40,12 +39,21 @@ nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }} # When proxying metadata requests, Neutron signs the Instance-ID header with a # shared secret to prevent spoofing. You may select any string for a secret, # but it must match here and in the configuration used by the Nova Metadata -# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret -metadata_proxy_shared_secret = {{ METADATA_PROXY_SHARED_SECRET }} +# Server. NOTE: Nova uses the same config key, but in [neutron] section. +# metadata_proxy_shared_secret = # Location of Metadata Proxy UNIX domain socket # metadata_proxy_socket = $state_path/metadata_proxy +# Metadata Proxy UNIX domain socket mode, 3 values allowed: +# 'deduce': deduce mode from metadata_proxy_user/group values, +# 'user': set metadata proxy socket mode to 0o644, to use when +# metadata_proxy_user is agent effective user or root, +# 'group': set metadata proxy socket mode to 0o664, to use when +# metadata_proxy_group is agent effective group, +# 'all': set metadata proxy socket mode to 0o666, to use otherwise. +# metadata_proxy_socket_mode = deduce + # Number of separate worker processes for metadata server. Defaults to # half the number of CPU cores # metadata_workers = diff --git a/install-files/openstack/usr/share/openstack/neutron/metering_agent.ini b/install-files/openstack/usr/share/openstack/neutron/metering_agent.ini deleted file mode 100644 index 88826ce7..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/metering_agent.ini +++ /dev/null @@ -1,18 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = True - -# Default driver: -# driver = neutron.services.metering.drivers.noop.noop_driver.NoopMeteringDriver -# Example of non-default driver -# driver = neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver - -# Interval between two metering measures -# measure_interval = 30 - -# Interval between two metering reports -# report_interval = 300 - -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# use_namespaces = True diff --git a/install-files/openstack/usr/share/openstack/neutron/neutron.conf b/install-files/openstack/usr/share/openstack/neutron/neutron.conf index 51de7464..ee42954b 100644 --- a/install-files/openstack/usr/share/openstack/neutron/neutron.conf +++ b/install-files/openstack/usr/share/openstack/neutron/neutron.conf @@ -17,10 +17,7 @@ # Where to store Neutron state files. This directory must be writable by the # user executing the agent. -state_path = /var/lib/neutron - -# Where to store lock files -lock_path = $state_path/lock +# state_path = /var/lib/neutron # log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s # log_date_format = %Y-%m-%d %H:%M:%S @@ -32,8 +29,7 @@ lock_path = $state_path/lock # (not user_stderr) and (not log_file) -> stdout # publish_errors -> notification system -use_syslog = True - +# use_syslog = False # syslog_log_facility = LOG_USER # use_stderr = True @@ -61,7 +57,7 @@ use_syslog = True # previous versions, the class name of a plugin can be specified instead of its # entrypoint name. # -core_plugin = ml2 +# core_plugin = # Example: core_plugin = ml2 # (ListOpt) List of service plugin entrypoints to be loaded from the @@ -70,15 +66,22 @@ core_plugin = ml2 # with previous versions, the class name of a plugin can be specified instead # of its entrypoint name. # -service_plugins = router +# service_plugins = # Example: service_plugins = router,firewall,lbaas,vpnaas,metering # Paste configuration file -api_paste_config = api-paste.ini +# api_paste_config = api-paste.ini + +# (StrOpt) Hostname to be used by the neutron server, agents and services +# running on this machine. All the agents and services running on this machine +# must use the same host value. +# The default value is hostname of the machine. +# +# host = # The strategy to be used for auth. # Supported values are 'keystone'(default), 'noauth'. -auth_strategy = keystone +# auth_strategy = keystone # Base MAC address. The first 3 octets will remain unchanged. If the # 4h octet is not 00, it will also be used. The others will be @@ -115,7 +118,7 @@ auth_strategy = keystone # Enable or disable overlapping IPs for subnets # Attention: the following parameter MUST be set to False if Neutron is # being used in conjunction with nova security groups -allow_overlapping_ips = True +# allow_overlapping_ips = False # Ensure that configured gateway is on subnet. For IPv6, validate only if # gateway is not a link local address. Deprecated, to be removed during the # K release, at which point the check will be mandatory. @@ -140,6 +143,29 @@ allow_overlapping_ips = True # Maximum number of routes per router # max_routes = 30 +# Default Subnet Pool to be used for IPv4 subnet-allocation. +# Specifies by UUID the pool to be used in case of subnet-create being called +# without a subnet-pool ID. The default of None means that no pool will be +# used unless passed explicitly to subnet create. If no pool is used, then a +# CIDR must be passed to create a subnet and that subnet will not be allocated +# from any pool; it will be considered part of the tenant's private address +# space. +# default_ipv4_subnet_pool = + +# Default Subnet Pool to be used for IPv6 subnet-allocation. +# Specifies by UUID the pool to be used in case of subnet-create being +# called without a subnet-pool ID. Set to "prefix_delegation" +# to enable IPv6 Prefix Delegation in a PD-capable environment. +# See the description for default_ipv4_subnet_pool for more information. +# default_ipv6_subnet_pool = + +# =========== items for MTU selection and advertisement ============= +# Advertise MTU. If True, effort is made to advertise MTU +# settings to VMs via network methods (ie. DHCP and RA MTU options) +# when the network's preferred MTU is known. +# advertise_mtu = False +# ======== end of items for MTU selection and advertisement ========= + # =========== items for agent management extension ============= # Seconds to regard the agent as down; should be at least twice # report_interval, to be sure the agent is down for good @@ -154,6 +180,23 @@ allow_overlapping_ips = True # Driver to use for scheduling a loadbalancer pool to an lbaas agent # loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler +# (StrOpt) Representing the resource type whose load is being reported by +# the agent. +# This can be 'networks','subnets' or 'ports'. When specified (Default is networks), +# the server will extract particular load sent as part of its agent configuration object +# from the agent report state, which is the number of resources being consumed, at +# every report_interval. +# dhcp_load_type can be used in combination with network_scheduler_driver = +# neutron.scheduler.dhcp_agent_scheduler.WeightScheduler +# When the network_scheduler_driver is WeightScheduler, dhcp_load_type can +# be configured to represent the choice for the resource being balanced. +# Example: dhcp_load_type = networks +# Values: +# networks - number of networks hosted on the agent +# subnets - number of subnets associated with the networks hosted on the agent +# ports - number of ports associated with the networks hosted on the agent +# dhcp_load_type = networks + # Allow auto scheduling networks to DHCP agent. It will schedule non-hosted # networks to first DHCP agent which sends get_active_networks message to # neutron server @@ -167,10 +210,25 @@ allow_overlapping_ips = True # admin_state_up set to True to alive agents. # allow_automatic_l3agent_failover = False -# Number of DHCP agents scheduled to host a network. This enables redundant -# DHCP agents for configured networks. +# Allow automatic removal of networks from dead DHCP agents with +# admin_state_up set to True. +# Networks could then be rescheduled if network_auto_schedule is True +# allow_automatic_dhcp_failover = True + +# Number of DHCP agents scheduled to host a tenant network. +# If this number is greater than 1, the scheduler automatically +# assigns multiple DHCP agents for a given tenant network, +# providing high availability for DHCP service. # dhcp_agents_per_network = 1 +# Enable services on agents with admin_state_up False. +# If this option is False, when admin_state_up of an agent is turned to +# False, services on it will be disabled. If this option is True, services +# on agents with admin_state_up False keep available and manual scheduling +# to such agents is available. Agents with admin_state_up False are not +# selected for automatic scheduling regardless of this option. +# enable_services_on_agents_with_admin_state_down = False + # =========== end of items for agent scheduler extension ===== # =========== items for l3 extension ============== @@ -187,8 +245,39 @@ allow_overlapping_ips = True # # CIDR of the administrative network if HA mode is enabled # l3_ha_net_cidr = 169.254.192.0/18 +# +# Enable snat by default on external gateway when available +# enable_snat_by_default = True # =========== end of items for l3 extension ======= +# =========== items for metadata proxy configuration ============== +# User (uid or name) running metadata proxy after its initialization +# (if empty: agent effective user) +# metadata_proxy_user = + +# Group (gid or name) running metadata proxy after its initialization +# (if empty: agent effective group) +# metadata_proxy_group = + +# Enable/Disable log watch by metadata proxy, it should be disabled when +# metadata_proxy_user/group is not allowed to read/write its log file and +# 'copytruncate' logrotate option must be used if logrotate is enabled on +# metadata proxy log files. Option default value is deduced from +# metadata_proxy_user: watch log is enabled if metadata_proxy_user is agent +# effective user id/name. +# metadata_proxy_watch_log = + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy +# =========== end of items for metadata proxy configuration ============== + +# ========== items for VLAN trunking networks ========== +# Setting this flag to True will allow plugins that support it to +# create VLAN transparent networks. This flag has no effect for +# plugins that do not support VLAN transparent networks. +# vlan_transparent = False +# ========== end of items for VLAN trunking networks ========== + # =========== WSGI parameters related to the API server ============== # Number of separate worker processes to spawn. The default, 0, runs the # worker thread in the current process. Greater than 0 launches that number of @@ -202,6 +291,18 @@ allow_overlapping_ips = True # enabled for various plugins for compatibility. # rpc_workers = 0 +# Timeout for client connections socket operations. If an +# incoming connection is idle for this number of seconds it +# will be closed. A value of '0' means wait forever. (integer +# value) +# client_socket_timeout = 900 + +# wsgi keepalive option. Determines if connections are allowed to be held open +# by clients after a request is fulfilled. A value of False will ensure that +# the socket connection will be explicitly closed once a response has been +# sent to the client. +# wsgi_keep_alive = True + # Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when # starting API server. Not supported on OS X. # tcp_keepidle = 600 @@ -231,32 +332,36 @@ allow_overlapping_ips = True # ssl_ca_file = /path/to/cafile # ======== end of WSGI parameters related to the API server ========== - # ======== neutron nova interactions ========== # Send notification to nova when port status is active. -notify_nova_on_port_status_changes = True +# notify_nova_on_port_status_changes = True # Send notifications to nova when port data (fixed_ips/floatingips) change # so nova can update it's cache. -notify_nova_on_port_data_changes = True +# notify_nova_on_port_data_changes = True # URL for connection to nova (Only supports one nova region currently). -nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2 +# nova_url = http://127.0.0.1:8774/v2 # Name of nova region to use. Useful if keystone manages more than one region -nova_region_name = regionOne +# nova_region_name = # Username for connection to nova in admin context -nova_admin_username = {{ NOVA_SERVICE_USER }} +# nova_admin_username = # The uuid of the admin nova tenant -nova_admin_tenant_id = {{ SERVICE_TENANT_ID }} +# nova_admin_tenant_id = + +# The name of the admin nova tenant. If the uuid of the admin nova tenant +# is set, this is optional. Useful for cases where the uuid of the admin +# nova tenant is not available when configuration is being done. +# nova_admin_tenant_name = # Password for connection to nova in admin context. -nova_admin_password = {{ NOVA_SERVICE_PASSWORD }} +# nova_admin_password = # Authorization URL for connection to nova in admin context. -nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 +# nova_admin_auth_url = # CA file for novaclient to verify server certificates # nova_ca_certificates_file = @@ -275,42 +380,42 @@ nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 # Use durable queues in amqp. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false +# amqp_durable_queues=false # Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false +# amqp_auto_delete=false # Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 +# rpc_conn_pool_size=30 # Qpid broker hostname. (string value) -#qpid_hostname=localhost +# qpid_hostname=localhost # Qpid broker port. (integer value) -#qpid_port=5672 +# qpid_port=5672 # Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port +# qpid_hosts=$qpid_hostname:$qpid_port # Username for Qpid connection. (string value) -#qpid_username= +# qpid_username= # Password for Qpid connection. (string value) -#qpid_password= +# qpid_password= # Space separated list of SASL mechanisms to use for auth. # (string value) -#qpid_sasl_mechanisms= +# qpid_sasl_mechanisms= # Seconds between connection keepalive heartbeats. (integer # value) -#qpid_heartbeat=60 +# qpid_heartbeat=60 # Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp +# qpid_protocol=tcp # Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true +# qpid_tcp_nodelay=true # The qpid topology version to use. Version 1 is what was # originally used by impl_qpid. Version 2 includes some @@ -318,136 +423,136 @@ nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 # to work. Users should update to version 2 when they are # able to take everything down, as it requires a clean break. # (integer value) -#qpid_topology_version=1 +# qpid_topology_version=1 # SSL version to use (valid only if SSL enabled). valid values # are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some # distributions. (string value) -#kombu_ssl_version= +# kombu_ssl_version= # SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= +# kombu_ssl_keyfile= # SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= +# kombu_ssl_certfile= # SSL certification authority file (valid only if SSL # enabled). (string value) -#kombu_ssl_ca_certs= +# kombu_ssl_ca_certs= # How long to wait before reconnecting in response to an AMQP # consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 +# kombu_reconnect_delay=1.0 # The RabbitMQ broker address where a single node is used. # (string value) -rabbit_host={{ RABBITMQ_HOST }} +# rabbit_host=localhost # The RabbitMQ broker port where a single node is used. # (integer value) -rabbit_port={{ RABBITMQ_PORT }} +# rabbit_port=5672 # RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port +# rabbit_hosts=$rabbit_host:$rabbit_port # Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false +# rabbit_use_ssl=false # The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} +# rabbit_userid=guest # The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} +# rabbit_password=guest # the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN +# rabbit_login_method=AMQPLAIN # The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ +# rabbit_virtual_host=/ # How frequently to retry connecting with RabbitMQ. (integer # value) -#rabbit_retry_interval=1 +# rabbit_retry_interval=1 # How long to backoff for between retries when connecting to # RabbitMQ. (integer value) -#rabbit_retry_backoff=2 +# rabbit_retry_backoff=2 # Maximum number of RabbitMQ connection retries. Default is 0 # (infinite retry count). (integer value) -#rabbit_max_retries=0 +# rabbit_max_retries=0 # Use HA queues in RabbitMQ (x-ha-policy: all). If you change # this option, you must wipe the RabbitMQ database. (boolean # value) -#rabbit_ha_queues=false +# rabbit_ha_queues=false # If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false +# fake_rabbit=false # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) -#rpc_zmq_bind_address=* +# rpc_zmq_bind_address=* # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +# rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 +# rpc_zmq_port=9501 # Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 +# rpc_zmq_contexts=1 # Maximum number of ingress messages to locally buffer per # topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> +# rpc_zmq_topic_backlog= # Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack +# rpc_zmq_ipc_dir=/var/run/openstack # Name of this node. Must be a valid hostname, FQDN, or IP # address. Must match "host" option, if running Nova. (string # value) -#rpc_zmq_host=oslo +# rpc_zmq_host=oslo # Seconds to wait before a cast expires (TTL). Only supported # by impl_zmq. (integer value) -#rpc_cast_timeout=30 +# rpc_cast_timeout=30 # Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 +# matchmaker_heartbeat_freq=300 # Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 +# matchmaker_heartbeat_ttl=600 # Size of RPC greenthread pool. (integer value) -#rpc_thread_pool_size=64 +# rpc_thread_pool_size=64 # Driver or drivers to handle sending notifications. (multi # valued) -notification_driver=neutron.openstack.common.notifier.rpc_notifier +# notification_driver= # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics -#notification_topics=notifications +# notification_topics=notifications # Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 +# rpc_response_timeout=60 # A URL representing the messaging driver to use and its full # configuration. If not set, we fall back to the rpc_backend # option and driver specific configuration. (string value) -#transport_url=<None> +# transport_url= # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) -rpc_backend=rabbit +# rpc_backend=rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the # transport_url option. (string value) -#control_exchange=openstack +# control_exchange=openstack [matchmaker_redis] @@ -457,13 +562,13 @@ rpc_backend=rabbit # # Host to locate redis. (string value) -#host=127.0.0.1 +# host=127.0.0.1 # Use this port to connect to redis host. (integer value) -#port=6379 +# port=6379 # Password for Redis server (optional). (string value) -#password=<None> +# password= [matchmaker_ring] @@ -474,13 +579,14 @@ rpc_backend=rabbit # Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json +# ringfile=/etc/oslo/matchmaker_ring.json [quotas] # Default driver to use for quota checks # quota_driver = neutron.db.quota_db.DbQuotaDriver # Resource name(s) that are supported in quota features +# This option is deprecated for removal in the M release, please refrain from using it # quota_items = network,subnet,port # Default number of resource allowed per tenant. A negative value means @@ -523,6 +629,16 @@ rpc_backend=rabbit # and that is the reason why quota is possible. # quota_health_monitor = -1 +# Number of loadbalancers allowed per tenant. A negative value means unlimited. +# quota_loadbalancer = 10 + +# Number of listeners allowed per tenant. A negative value means unlimited. +# quota_listener = -1 + +# Number of v2 health monitors allowed per tenant. A negative value means +# unlimited. These health monitors exist under the lbaas v2 API +# quota_healthmonitor = -1 + # Number of routers allowed per tenant. A negative value means unlimited. # quota_router = 10 @@ -543,9 +659,29 @@ rpc_backend=rabbit [agent] # Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real # root filter facility. -# Change to "sudo" to skip the filtering and just run the comand directly +# Change to "sudo" to skip the filtering and just run the command directly # root_helper = sudo -root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf + +# Set to true to add comments to generated iptables rules that describe +# each rule's purpose. (System must support the iptables comments module.) +# comment_iptables_rules = True + +# Root helper daemon application to use when possible. +# root_helper_daemon = + +# Use the root helper when listing the namespaces on a system. This may not +# be required depending on the security configuration. If the root helper is +# not required, set this to False for a performance improvement. +# use_helper_for_ns_read = True + +# The interval to check external processes for failure in seconds (0=disabled) +# check_child_processes_interval = 60 + +# Action to take when an external process spawned by an agent dies +# Values: +# respawn - Respawns the external process +# exit - Exits the agent +# check_child_processes_action = respawn # =========== items for agent management extension ============= # seconds between nodes reporting state to server; should be less than @@ -555,11 +691,11 @@ root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf # =========== end of items for agent management extension ===== [keystone_authtoken] -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 -admin_tenant_name = service -admin_user = {{ NEUTRON_SERVICE_USER }} -admin_password = {{ NEUTRON_SERVICE_PASSWORD }} +auth_uri = http://127.0.0.1:35357/v2.0/ +identity_uri = http://127.0.0.1:5000 +admin_tenant_name = %SERVICE_TENANT_NAME% +admin_user = %SERVICE_USER% +admin_password = %SERVICE_PASSWORD% [database] # This line MUST be changed to actually run the plugin. @@ -572,8 +708,6 @@ admin_password = {{ NEUTRON_SERVICE_PASSWORD }} # be set in the corresponding core plugin '.ini' file. However, it is suggested # to put the [database] section and its connection attribute in this # configuration file. -#connection=sqlite:////var/lib/neutron/neutron.sqlite -connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron # Database engine for which script will be generated when using offline # migration @@ -611,30 +745,265 @@ connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTR # If set, use this value for pool_timeout with sqlalchemy # pool_timeout = 10 -[service_providers] -# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. -# Must be in form: -# service_provider=<service_type>:<name>:<driver>[:default] -# List of allowed service types includes LOADBALANCER, FIREWALL, VPN -# Combination of <service type> and <name> must be unique; <driver> must also be unique -# This is multiline option, example for default provider: -# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default -# example of non-default provider: -# service_provider=FIREWALL:name2:firewall_driver_path -# --- Reference implementations --- -service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default -service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default -# In order to activate Radware's lbaas driver you need to uncomment the next line. -# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. -# Otherwise comment the HA Proxy line -# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default -# uncomment the following line to make the 'netscaler' LBaaS provider available. -# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver -# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. -# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default -# Uncomment the line below to use Embrane heleos as Load Balancer service provider. -# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default -# Uncomment the line below to use the A10 Networks LBaaS driver. Requires 'pip install a10-neutron-lbaas'. -#service_provider = LOADBALANCER:A10Networks:neutron.services.loadbalancer.drivers.a10networks.driver_v1.ThunderDriver:default -# Uncomment the following line to test the LBaaS v2 API _WITHOUT_ a real backend -# service_provider = LOADBALANCER:LoggingNoop:neutron.services.loadbalancer.drivers.logging_noop.driver.LoggingNoopLoadBalancerDriver:default +[nova] +# Name of the plugin to load +# auth_plugin = + +# Config Section from which to load plugin specific options +# auth_section = + +# PEM encoded Certificate Authority to use when verifying HTTPs connections. +# cafile = + +# PEM encoded client certificate cert file +# certfile = + +# Verify HTTPS connections. +# insecure = False + +# PEM encoded client certificate key file +# keyfile = + +# Name of nova region to use. Useful if keystone manages more than one region. +# region_name = + +# Timeout value for http requests +# timeout = + +[oslo_concurrency] + +# Directory to use for lock files. For security, the specified directory should +# only be writable by the user running the processes that need locking. +# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, +# a lock path must be set. +lock_path = $state_path/lock + +# Enables or disables inter-process locks. +# disable_process_locking = False + +[oslo_policy] + +# The JSON file that defines policies. +# policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. +# policy_default_rule = default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path defined by the +# config_dir option, or absolute paths. The file defined by policy_file +# must exist for these directories to be searched. Missing or empty +# directories are ignored. +# policy_dirs = policy.d + +[oslo_messaging_amqp] + +# +# From oslo.messaging +# + +# Address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +# server_request_prefix = exclusive + +# Address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +# broadcast_prefix = broadcast + +# Address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +# group_request_prefix = unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +# container_name = + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +# idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +# trace = false + +# CA certificate PEM file for verifing server certificate (string value) +# Deprecated group/name - [amqp1]/ssl_ca_file +# ssl_ca_file = + +# Identifying certificate PEM file to present to clients (string value) +# Deprecated group/name - [amqp1]/ssl_cert_file +# ssl_cert_file = + +# Private key PEM file used to sign cert_file certificate (string value) +# Deprecated group/name - [amqp1]/ssl_key_file +# ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +# ssl_key_password = + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +# allow_insecure_clients = false + + +[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +# amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +# amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +# rpc_conn_pool_size = 30 + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +# qpid_hostname = localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +# qpid_port = 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +# qpid_hosts = $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +# qpid_username = + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +# qpid_password = + +# Space separated list of SASL mechanisms to use for auth. (string value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +# qpid_sasl_mechanisms = + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +# qpid_heartbeat = 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +# qpid_protocol = tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +# qpid_tcp_nodelay = true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +# qpid_receiver_capacity = 1 + +# The qpid topology version to use. Version 1 is what was originally used by +# impl_qpid. Version 2 includes some backwards-incompatible changes that allow +# broker federation to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +# qpid_topology_version = 1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +# amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +# amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +# rpc_conn_pool_size = 30 + +# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and +# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some +# distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +# kombu_ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +# kombu_ssl_keyfile = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +# kombu_ssl_certfile = + +# SSL certification authority file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +# kombu_ssl_ca_certs = + +# How long to wait before reconnecting in response to an AMQP consumer cancel +# notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +# kombu_reconnect_delay = 1.0 + +# The RabbitMQ broker address where a single node is used. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_host +# rabbit_host = localhost + +# The RabbitMQ broker port where a single node is used. (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_port +# rabbit_port = 5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +# rabbit_hosts = $rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +# rabbit_use_ssl = false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +# rabbit_userid = guest + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +# rabbit_password = guest + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +# rabbit_login_method = AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +# rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +# rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +# rabbit_retry_backoff = 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry +# count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +# rabbit_max_retries = 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you +# must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +# rabbit_ha_queues = false + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +# fake_rabbit = false diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini deleted file mode 100644 index 256f7855..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini +++ /dev/null @@ -1,114 +0,0 @@ -# Config file for neutron-proxy-plugin. - -[restproxy] -# All configuration for this plugin is in section '[restproxy]' -# -# The following parameters are supported: -# servers : <host:port>[,<host:port>]* (Error if not set) -# server_auth : <username:password> (default: no auth) -# server_ssl : True | False (default: True) -# ssl_cert_directory : <path> (default: /etc/neutron/plugins/bigswitch/ssl) -# no_ssl_validation : True | False (default: False) -# ssl_sticky : True | False (default: True) -# sync_data : True | False (default: False) -# auto_sync_on_failure : True | False (default: True) -# consistency_interval : <integer> (default: 60 seconds) -# server_timeout : <integer> (default: 10 seconds) -# neutron_id : <string> (default: neutron-<hostname>) -# add_meta_server_route : True | False (default: True) -# thread_pool_size : <int> (default: 4) - -# A comma separated list of BigSwitch or Floodlight servers and port numbers. The plugin proxies the requests to the BigSwitch/Floodlight server, which performs the networking configuration. Note that only one server is needed per deployment, but you may wish to deploy multiple servers to support failover. -servers=localhost:8080 - -# The username and password for authenticating against the BigSwitch or Floodlight controller. -# server_auth=username:password - -# Use SSL when connecting to the BigSwitch or Floodlight controller. -# server_ssl=True - -# Directory which contains the ca_certs and host_certs to be used to validate -# controller certificates. -# ssl_cert_directory=/etc/neutron/plugins/bigswitch/ssl/ - -# If a certificate does not exist for a controller, trust and store the first -# certificate received for that controller and use it to validate future -# connections to that controller. -# ssl_sticky=True - -# Do not validate the controller certificates for SSL -# Warning: This will not provide protection against man-in-the-middle attacks -# no_ssl_validation=False - -# Sync data on connect -# sync_data=False - -# If neutron fails to create a resource because the backend controller -# doesn't know of a dependency, automatically trigger a full data -# synchronization to the controller. -# auto_sync_on_failure=True - -# Time between verifications that the backend controller -# database is consistent with Neutron. (0 to disable) -# consistency_interval = 60 - -# Maximum number of seconds to wait for proxy request to connect and complete. -# server_timeout=10 - -# User defined identifier for this Neutron deployment -# neutron_id = - -# Flag to decide if a route to the metadata server should be injected into the VM -# add_meta_server_route = True - -# Number of threads to use to handle large volumes of port creation requests -# thread_pool_size = 4 - -[nova] -# Specify the VIF_TYPE that will be controlled on the Nova compute instances -# options: ivs or ovs -# default: ovs -# vif_type = ovs - -# Overrides for vif types based on nova compute node host IDs -# Comma separated list of host IDs to fix to a specific VIF type -# The VIF type is taken from the end of the configuration item -# node_override_vif_<vif_type> -# For example, the following would set the VIF type to IVS for -# host-id1 and host-id2 -# node_overrride_vif_ivs=host-id1,host-id2 - -[router] -# Specify the default router rules installed in newly created tenant routers -# Specify multiple times for multiple rules -# Format is <tenant>:<source>:<destination>:<action> -# Optionally, a comma-separated list of nexthops may be included after <action> -# Use an * to specify default for all tenants -# Default is any any allow for all tenants -# tenant_default_router_rule=*:any:any:permit - -# Maximum number of rules that a single router may have -# Default is 200 -# max_router_rules=200 - -[restproxyagent] - -# Specify the name of the bridge used on compute nodes -# for attachment. -# Default: br-int -# integration_bridge=br-int - -# Change the frequency of polling by the restproxy agent. -# Value is seconds -# Default: 5 -# polling_interval=5 - -# Virtual switch type on the compute node. -# Options: ovs or ivs -# Default: ovs -# virtual_switch_type = ovs - -[securitygroup] -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README b/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README deleted file mode 100644 index e7e47a27..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README +++ /dev/null @@ -1,3 +0,0 @@ -Certificates in this folder will be used to -verify signatures for any controllers the plugin -connects to. diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README b/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README deleted file mode 100644 index 8f5f5e77..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README +++ /dev/null @@ -1,6 +0,0 @@ -Certificates in this folder must match the name -of the controller they should be used to authenticate -with a .pem extension. - -For example, the certificate for the controller -"192.168.0.1" should be named "192.168.0.1.pem". diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/brocade/brocade.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/brocade/brocade.ini deleted file mode 100644 index 916e9e5d..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/brocade/brocade.ini +++ /dev/null @@ -1,29 +0,0 @@ -[switch] -# username = The SSH username to use -# password = The SSH password to use -# address = The address of the host to SSH to -# ostype = Should be NOS, but is unused otherwise -# -# Example: -# username = admin -# password = password -# address = 10.24.84.38 -# ostype = NOS - -[physical_interface] -# physical_interface = The network interface to use when creating a port -# -# Example: -# physical_interface = physnet1 - -[vlans] -# network_vlan_ranges = <physical network name>:nnnn:mmmm -# -# Example: -# network_vlan_ranges = physnet1:1000:2999 - -[linux_bridge] -# physical_interface_mappings = <physical network name>:<local interface> -# -# Example: -# physical_interface_mappings = physnet1:em1 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini deleted file mode 100644 index d99e8382..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini +++ /dev/null @@ -1,15 +0,0 @@ -[cfg_agent] -# (IntOpt) Interval in seconds for processing of service updates. -# That is when the config agent's process_services() loop executes -# and it lets each service helper to process its service resources. -# rpc_loop_interval = 10 - -# (StrOpt) Period-separated module path to the routing service helper class. -# routing_svc_helper_class = neutron.plugins.cisco.cfg_agent.service_helpers.routing_svc_helper.RoutingServiceHelper - -# (IntOpt) Timeout value in seconds for connecting to a hosting device. -# device_connection_timeout = 30 - -# (IntOpt) The time in seconds until a backlogged hosting device is -# presumed dead or booted to an error state. -# hosting_device_dead_timeout = 300 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini deleted file mode 100644 index 17eae737..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini +++ /dev/null @@ -1,100 +0,0 @@ -[cisco] - -# (StrOpt) A short prefix to prepend to the VLAN number when creating a -# VLAN interface. For example, if an interface is being created for -# VLAN 2001 it will be named 'q-2001' using the default prefix. -# -# vlan_name_prefix = q- -# Example: vlan_name_prefix = vnet- - -# (StrOpt) A short prefix to prepend to the VLAN number when creating a -# provider VLAN interface. For example, if an interface is being created -# for provider VLAN 3003 it will be named 'p-3003' using the default prefix. -# -# provider_vlan_name_prefix = p- -# Example: provider_vlan_name_prefix = PV- - -# (BoolOpt) A flag indicating whether Openstack networking should manage the -# creation and removal of VLAN interfaces for provider networks on the Nexus -# switches. If the flag is set to False then Openstack will not create or -# remove VLAN interfaces for provider networks, and the administrator needs -# to manage these interfaces manually or by external orchestration. -# -# provider_vlan_auto_create = True - -# (BoolOpt) A flag indicating whether Openstack networking should manage -# the adding and removing of provider VLANs from trunk ports on the Nexus -# switches. If the flag is set to False then Openstack will not add or -# remove provider VLANs from trunk ports, and the administrator needs to -# manage these operations manually or by external orchestration. -# -# provider_vlan_auto_trunk = True - -# (StrOpt) Period-separated module path to the model class to use for -# the Cisco neutron plugin. -# -# model_class = neutron.plugins.cisco.models.virt_phy_sw_v2.VirtualPhysicalSwitchModelV2 - -# (BoolOpt) A flag to enable Layer 3 support on the Nexus switches. -# Note: This feature is not supported on all models/versions of Cisco -# Nexus switches. To use this feature, all of the Nexus switches in the -# deployment must support it. -# nexus_l3_enable = False - -# (BoolOpt) A flag to enable round robin scheduling of routers for SVI. -# svi_round_robin = False - -# Cisco Nexus Switch configurations. -# Each switch to be managed by Openstack Neutron must be configured here. -# -# N1KV Format. -# [N1KV:<IP address of VSM>] -# username=<credential username> -# password=<credential password> -# -# Example: -# [N1KV:2.2.2.2] -# username=admin -# password=mySecretPassword - -[cisco_n1k] - -# (StrOpt) Specify the name of the integration bridge to which the VIFs are -# attached. -# Default value: br-int -# integration_bridge = br-int - -# (StrOpt) Name of the policy profile to be associated with a port when no -# policy profile is specified during port creates. -# Default value: service_profile -# default_policy_profile = service_profile - -# (StrOpt) Name of the policy profile to be associated with a port owned by -# network node (dhcp, router). -# Default value: dhcp_pp -# network_node_policy_profile = dhcp_pp - -# (StrOpt) Name of the network profile to be associated with a network when no -# network profile is specified during network creates. Admin should pre-create -# a network profile with this name. -# Default value: default_network_profile -# default_network_profile = network_pool - -# (IntOpt) Time in seconds for which the plugin polls the VSM for updates in -# policy profiles. -# Default value: 60 -# poll_duration = 60 - -# (BoolOpt) Specify whether tenants are restricted from accessing all the -# policy profiles. -# Default value: False, indicating all tenants can access all policy profiles. -# -# restrict_policy_profiles = False - -# (IntOpt) Number of threads to use to make HTTP requests to the VSM. -# Default value: 4 -# http_pool_size = 4 - -# (IntOpt) Timeout duration in seconds for the http request -# Default value: 15 -# http_timeout = 15 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini deleted file mode 100644 index 3ef271d2..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini +++ /dev/null @@ -1,76 +0,0 @@ -[general] -#(IntOpt) Time in seconds between renewed scheduling attempts of non-scheduled routers -# backlog_processing_interval = 10 - -#(StrOpt) Name of the L3 admin tenant -# l3_admin_tenant = L3AdminTenant - -#(StrOpt) Name of management network for hosting device configuration -# management_network = osn_mgmt_nw - -#(StrOpt) Default security group applied on management port -# default_security_group = mgmt_sec_grp - -#(IntOpt) Seconds of no status update until a cfg agent is considered down -# cfg_agent_down_time = 60 - -#(StrOpt) Path to templates for hosting devices -# templates_path = /opt/stack/data/neutron/cisco/templates - -#(StrOpt) Path to config drive files for service VM instances -# service_vm_config_path = /opt/stack/data/neutron/cisco/config_drive - -#(BoolOpt) Ensure that Nova is running before attempting to create any VM -# ensure_nova_running = True - -[hosting_devices] -# Settings coupled to CSR1kv VM devices -# ------------------------------------- -#(StrOpt) Name of Glance image for CSR1kv -# csr1kv_image = csr1kv_openstack_img - -#(StrOpt) UUID of Nova flavor for CSR1kv -# csr1kv_flavor = 621 - -#(StrOpt) Plugging driver for CSR1kv -# csr1kv_plugging_driver = neutron.plugins.cisco.l3.plugging_drivers.n1kv_trunking_driver.N1kvTrunkingPlugDriver - -#(StrOpt) Hosting device driver for CSR1kv -# csr1kv_device_driver = neutron.plugins.cisco.l3.hosting_device_drivers.csr1kv_hd_driver.CSR1kvHostingDeviceDriver - -#(StrOpt) Config agent router service driver for CSR1kv -# csr1kv_cfgagent_router_driver = neutron.plugins.cisco.cfg_agent.device_drivers.csr1kv.csr1kv_routing_driver.CSR1kvRoutingDriver - -#(StrOpt) Configdrive template file for CSR1kv -# csr1kv_configdrive_template = csr1kv_cfg_template - -#(IntOpt) Booting time in seconds before a CSR1kv becomes operational -# csr1kv_booting_time = 420 - -#(StrOpt) Username to use for CSR1kv configurations -# csr1kv_username = stack - -#(StrOpt) Password to use for CSR1kv configurations -# csr1kv_password = cisco - -[n1kv] -# Settings coupled to inter-working with N1kv plugin -# -------------------------------------------------- -#(StrOpt) Name of N1kv port profile for management ports -# management_port_profile = osn_mgmt_pp - -#(StrOpt) Name of N1kv port profile for T1 ports (i.e., ports carrying traffic -# from VXLAN segmented networks). -# t1_port_profile = osn_t1_pp - -#(StrOpt) Name of N1kv port profile for T2 ports (i.e., ports carrying traffic -# from VLAN segmented networks). -# t2_port_profile = osn_t2_pp - -#(StrOpt) Name of N1kv network profile for T1 networks (i.e., trunk networks -# for VXLAN segmented traffic). -# t1_network_profile = osn_t1_np - -#(StrOpt) Name of N1kv network profile for T2 networks (i.e., trunk networks -# for VLAN segmented traffic). -# t2_network_profile = osn_t2_np diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini deleted file mode 100644 index 0aee17eb..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini +++ /dev/null @@ -1,26 +0,0 @@ -[cisco_csr_ipsec] -# Status check interval in seconds, for VPNaaS IPSec connections used on CSR -# status_check_interval = 60 - -# Cisco CSR management port information for REST access used by VPNaaS -# TODO(pcm): Remove once CSR is integrated in as a Neutron router. -# -# Format is: -# [cisco_csr_rest:<public IP>] -# rest_mgmt = <mgmt port IP> -# tunnel_ip = <tunnel IP> -# username = <user> -# password = <password> -# timeout = <timeout> -# host = <hostname> -# tunnel_if = <tunnel I/F> -# -# where: -# public IP ----- Public IP address of router used with a VPN service (1:1 with CSR) -# tunnel IP ----- Public IP address of the CSR used for the IPSec tunnel -# mgmt port IP -- IP address of CSR for REST API access -# user ---------- Username for REST management port access to Cisco CSR -# password ------ Password for REST management port access to Cisco CSR -# timeout ------- REST request timeout to Cisco CSR (optional) -# hostname ------ Name of host where CSR is running as a VM -# tunnel I/F ---- CSR port name used for tunnels' IP address diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini deleted file mode 100644 index 0ca9b46f..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini +++ /dev/null @@ -1,41 +0,0 @@ -[heleos] -#configure the ESM management address -#in the first version of this plugin, only one ESM can be specified -#Example: -#esm_mgmt= - -#configure admin username and password -#admin_username= -#admin_password= - -#router image id -#Example: -#router_image=932ce713-e210-3d54-a0a5-518b0b5ee1b0 - -#mgmt shared security zone id -#defines the shared management security zone. Each tenant can have a private one configured through the ESM -#Example: -#mgmt_id=c0bc9b6c-f110-46cf-bb01-733bfe4b5a1a - -#in-band shared security zone id -#defines the shared in-band security zone. Each tenant can have a private one configured through the ESM -#Example: -#inband_id=a6b7999d-3806-4b04-81f6-e0c5c8271afc - -#oob-band shared security zone id -#defines the shared out-of-band security zone. Each tenant can have a private one configured through the ESM -#Example: -#oob_id=e7eda5cc-b977-46cb-9c14-cab43c1b7871 - -#dummy security zone id -#defines the dummy security zone ID. this security zone will be used by the DVAs with no neutron interfaces -#Example: -#dummy_utif_id=d9911310-25fc-4733-a2e0-c0eda024ef08 - -#resource pool id -#define the shared resource pool. Each tenant can have a private one configured through the ESM -#Example -#resource_pool_id= - -#define if the requests have to be executed asynchronously by the plugin or not -#async_requests= diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini deleted file mode 100644 index 5eeec570..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini +++ /dev/null @@ -1,63 +0,0 @@ -[hyperv] -# (StrOpt) Type of network to allocate for tenant networks. The -# default value 'local' is useful only for single-box testing and -# provides no connectivity between hosts. You MUST either change this -# to 'vlan' and configure network_vlan_ranges below or to 'flat'. -# Set to 'none' to disable creation of tenant networks. -# -# tenant_network_type = local -# Example: tenant_network_type = vlan - -# (ListOpt) Comma-separated list of -# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges -# of VLAN IDs on named physical networks that are available for -# allocation. All physical networks listed are available for flat and -# VLAN provider network creation. Specified ranges of VLAN IDs are -# available for tenant network allocation if tenant_network_type is -# 'vlan'. If empty, only gre and local networks may be created. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = physnet1:1000:2999 - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -# (ListOpt) Comma separated list of <physical_network>:<vswitch> -# where the physical networks can be expressed with wildcards, -# e.g.: ."*:external". -# The referred external virtual switches need to be already present on -# the Hyper-V server. -# If a given physical network name will not match any value in the list -# the plugin will look for a virtual switch with the same name. -# -# physical_network_vswitch_mappings = *:external -# Example: physical_network_vswitch_mappings = net1:external1,net2:external2 - -# (StrOpt) Private virtual switch name used for local networking. -# -# local_network_vswitch = private -# Example: local_network_vswitch = custom_vswitch - -# (BoolOpt) Enables metrics collections for switch ports by using Hyper-V's -# metric APIs. Collected data can by retrieved by other apps and services, -# e.g.: Ceilometer. Requires Hyper-V / Windows Server 2012 and above. -# -# enable_metrics_collection = False - -#----------------------------------------------------------------------------- -# Sample Configurations. -#----------------------------------------------------------------------------- -# -# Neutron server: -# -# [HYPERV] -# tenant_network_type = vlan -# network_vlan_ranges = default:2000:3999 -# -# Agent running on Hyper-V node: -# -# [AGENT] -# polling_interval = 2 -# physical_network_vswitch_mappings = *:external -# local_network_vswitch = private diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini deleted file mode 100644 index 0fab5070..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini +++ /dev/null @@ -1,50 +0,0 @@ -[sdnve] -# (ListOpt) The IP address of one (or more) SDN-VE controllers -# Default value is: controller_ips = 127.0.0.1 -# Example: controller_ips = 127.0.0.1,127.0.0.2 -# (StrOpt) The integration bridge for OF based implementation -# The default value for integration_bridge is None -# Example: integration_bridge = br-int -# (ListOpt) The interface mapping connecting the integration -# bridge to external network as a list of physical network names and -# interfaces: <physical_network_name>:<interface_name> -# Example: interface_mappings = default:eth2 -# (BoolOpt) Used to reset the integration bridge, if exists -# The default value for reset_bridge is True -# Example: reset_bridge = False -# (BoolOpt) Used to set the OVS controller as out-of-band -# The default value for out_of_band is True -# Example: out_of_band = False -# -# (BoolOpt) The fake controller for testing purposes -# Default value is: use_fake_controller = False -# (StrOpt) The port number for use with controller -# The default value for the port is 8443 -# Example: port = 8443 -# (StrOpt) The userid for use with controller -# The default value for the userid is admin -# Example: userid = sdnve_user -# (StrOpt) The password for use with controller -# The default value for the password is admin -# Example: password = sdnve_password -# -# (StrOpt) The default type of tenants (and associated resources) -# Available choices are: OVERLAY or OF -# The default value for tenant type is OVERLAY -# Example: default_tenant_type = OVERLAY -# (StrOpt) The string in tenant description that indicates -# Default value for OF tenants: of_signature = SDNVE-OF -# (StrOpt) The string in tenant description that indicates -# Default value for OVERLAY tenants: overlay_signature = SDNVE-OVERLAY - -[sdnve_agent] -# (IntOpt) Agent's polling interval in seconds -# polling_interval = 2 -# (StrOpt) What to use for root helper -# The default value: root_helper = 'sudo' -# (BoolOpt) Whether to use rpc or not -# The default value: rpc = True - -[securitygroup] -# The security group is not supported: -# firewall_driver = neutron.agent.firewall.NoopFirewallDriver diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini deleted file mode 100644 index 94fe9803..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini +++ /dev/null @@ -1,78 +0,0 @@ -[vlans] -# (StrOpt) Type of network to allocate for tenant networks. The -# default value 'local' is useful only for single-box testing and -# provides no connectivity between hosts. You MUST change this to -# 'vlan' and configure network_vlan_ranges below in order for tenant -# networks to provide connectivity between hosts. Set to 'none' to -# disable creation of tenant networks. -# -# tenant_network_type = local -# Example: tenant_network_type = vlan - -# (ListOpt) Comma-separated list of -# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges -# of VLAN IDs on named physical networks that are available for -# allocation. All physical networks listed are available for flat and -# VLAN provider network creation. Specified ranges of VLAN IDs are -# available for tenant network allocation if tenant_network_type is -# 'vlan'. If empty, only local networks may be created. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = physnet1:1000:2999 - -[linux_bridge] -# (ListOpt) Comma-separated list of -# <physical_network>:<physical_interface> tuples mapping physical -# network names to the agent's node-specific physical network -# interfaces to be used for flat and VLAN networks. All physical -# networks listed in network_vlan_ranges on the server should have -# mappings to appropriate interfaces on each agent. -# -# physical_interface_mappings = -# Example: physical_interface_mappings = physnet1:eth1 - -[vxlan] -# (BoolOpt) enable VXLAN on the agent -# VXLAN support can be enabled when agent is managed by ml2 plugin using -# linuxbridge mechanism driver. Useless if set while using linuxbridge plugin. -# enable_vxlan = False -# -# (IntOpt) use specific TTL for vxlan interface protocol packets -# ttl = -# -# (IntOpt) use specific TOS for vxlan interface protocol packets -# tos = -# -# (StrOpt) multicast group to use for broadcast emulation. -# This group must be the same on all the agents. -# vxlan_group = 224.0.0.1 -# -# (StrOpt) Local IP address to use for VXLAN endpoints (required) -# local_ip = -# -# (BoolOpt) Flag to enable l2population extension. This option should be used -# in conjunction with ml2 plugin l2population mechanism driver (in that case, -# both linuxbridge and l2population mechanism drivers should be loaded). -# It enables plugin to populate VXLAN forwarding table, in order to limit -# the use of broadcast emulation (multicast will be turned off if kernel and -# iproute2 supports unicast flooding - requires 3.11 kernel and iproute2 3.10) -# l2_population = False - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -# (BoolOpt) Enable server RPC compatibility with old (pre-havana) -# agents. -# -# rpc_support_old_agents = False -# Example: rpc_support_old_agents = True - -[securitygroup] -# Firewall driver for realizing neutron security group function -# firewall_driver = neutron.agent.firewall.NoopFirewallDriver -# Example: firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini deleted file mode 100644 index 2b9bfa5e..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini +++ /dev/null @@ -1,31 +0,0 @@ -# Config file for Metaplugin - -[meta] -# Comma separated list of flavor:neutron_plugin for plugins to load. -# Extension method is searched in the list order and the first one is used. -plugin_list = 'ml2:neutron.plugins.ml2.plugin.Ml2Plugin,nvp:neutron.plugins.vmware.plugin.NsxPluginV2' - -# Comma separated list of flavor:neutron_plugin for L3 service plugins -# to load. -# This is intended for specifying L2 plugins which support L3 functions. -# If you use a router service plugin, set this blank. -l3_plugin_list = - -# Default flavor to use, when flavor:network is not specified at network -# creation. -default_flavor = 'nvp' - -# Default L3 flavor to use, when flavor:router is not specified at router -# creation. -# Ignored if 'l3_plugin_list' is blank. -default_l3_flavor = - -# Comma separated list of supported extension aliases. -supported_extension_aliases = 'provider,binding,agent,dhcp_agent_scheduler' - -# Comma separated list of method:flavor to select specific plugin for a method. -# This has priority over method search order based on 'plugin_list'. -extension_map = 'get_port_stats:nvp' - -# Specifies flavor for plugin to handle 'q-plugin' RPC requests. -rpc_flavor = 'ml2' diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/midonet/midonet.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/midonet/midonet.ini deleted file mode 100644 index f2e94052..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/midonet/midonet.ini +++ /dev/null @@ -1,19 +0,0 @@ - -[midonet] -# MidoNet API server URI -# midonet_uri = http://localhost:8080/midonet-api - -# MidoNet admin username -# username = admin - -# MidoNet admin password -# password = passw0rd - -# ID of the project that MidoNet admin user belongs to -# project_id = 77777777-7777-7777-7777-777777777777 - -# Virtual provider router ID -# provider_router_id = 00112233-0011-0011-0011-001122334455 - -# Path to midonet host uuid file -# midonet_host_uuid_path = /etc/midolman/host_uuid.properties diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini index b8097ce2..ac9a3d0d 100644 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini +++ b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini @@ -4,7 +4,6 @@ # # type_drivers = local,flat,vlan,gre,vxlan # Example: type_drivers = flat,vlan,gre,vxlan -type_drivers = flat,gre # (ListOpt) Ordered list of network_types to allocate as tenant # networks. The default value 'local' is useful for single-box testing @@ -12,7 +11,6 @@ type_drivers = flat,gre # # tenant_network_types = local # Example: tenant_network_types = vlan,gre,vxlan -tenant_network_types = gre # (ListOpt) Ordered list of networking mechanism driver entrypoints # to be loaded from the neutron.ml2.mechanism_drivers namespace. @@ -22,13 +20,44 @@ tenant_network_types = gre # Example: mechanism_drivers = cisco,logger # Example: mechanism_drivers = openvswitch,brocade # Example: mechanism_drivers = linuxbridge,brocade -mechanism_drivers = openvswitch # (ListOpt) Ordered list of extension driver entrypoints # to be loaded from the neutron.ml2.extension_drivers namespace. # extension_drivers = # Example: extension_drivers = anewextensiondriver +# =========== items for MTU selection and advertisement ============= +# (IntOpt) Path MTU. The maximum permissible size of an unfragmented +# packet travelling from and to addresses where encapsulated Neutron +# traffic is sent. Drivers calculate maximum viable MTU for +# validating tenant requests based on this value (typically, +# path_mtu - max encap header size). If <=0, the path MTU is +# indeterminate and no calculation takes place. +# path_mtu = 0 + +# (IntOpt) Segment MTU. The maximum permissible size of an +# unfragmented packet travelling a L2 network segment. If <=0, +# the segment MTU is indeterminate and no calculation takes place. +# segment_mtu = 0 + +# (ListOpt) Physical network MTUs. List of mappings of physical +# network to MTU value. The format of the mapping is +# <physnet>:<mtu val>. This mapping allows specifying a +# physical network MTU value that differs from the default +# segment_mtu value. +# physical_network_mtus = +# Example: physical_network_mtus = physnet1:1550, physnet2:1500 +# ======== end of items for MTU selection and advertisement ========= + +# (StrOpt) Default network type for external networks when no provider +# attributes are specified. By default it is None, which means that if +# provider attributes are not specified while creating external networks +# then they will have the same type as tenant networks. +# Allowed values for external_network_type config option depend on the +# network type values configured in type_drivers config option. +# external_network_type = +# Example: external_network_type = local + [ml2_type_flat] # (ListOpt) List of physical_network names with which flat networks # can be created. Use * to allow flat networks with arbitrary @@ -37,7 +66,6 @@ mechanism_drivers = openvswitch # flat_networks = # Example:flat_networks = physnet1,physnet2 # Example:flat_networks = * -flat_networks = External [ml2_type_vlan] # (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples @@ -47,11 +75,10 @@ flat_networks = External # # network_vlan_ranges = # Example: network_vlan_ranges = physnet1:1000:2999,physnet2 -#network_vlan_ranges = Physnet1:100:200 [ml2_type_gre] # (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation -tunnel_id_ranges = 1:1000 +# tunnel_id_ranges = [ml2_type_vxlan] # (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating @@ -69,18 +96,8 @@ tunnel_id_ranges = 1:1000 [securitygroup] # Controls if neutron security group is enabled or not. # It should be false when you use nova security group. -enable_security_group = True +# enable_security_group = True # Use ipset to speed-up the iptables security groups. Enabling ipset support # requires that ipset is installed on L2 agent node. -enable_ipset = True - -firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -[ovs] -local_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} -enable_tunneling = True -bridge_mappings=External:br-ex - -[agent] -tunnel_types = gre +# enable_ipset = True diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini deleted file mode 100644 index abaf5bc7..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini +++ /dev/null @@ -1,100 +0,0 @@ -# Defines configuration options specific for Arista ML2 Mechanism driver - -[ml2_arista] -# (StrOpt) EOS IP address. This is required field. If not set, all -# communications to Arista EOS will fail -# -# eapi_host = -# Example: eapi_host = 192.168.0.1 -# -# (StrOpt) EOS command API username. This is required field. -# if not set, all communications to Arista EOS will fail. -# -# eapi_username = -# Example: arista_eapi_username = admin -# -# (StrOpt) EOS command API password. This is required field. -# if not set, all communications to Arista EOS will fail. -# -# eapi_password = -# Example: eapi_password = my_password -# -# (StrOpt) Defines if hostnames are sent to Arista EOS as FQDNs -# ("node1.domain.com") or as short names ("node1"). This is -# optional. If not set, a value of "True" is assumed. -# -# use_fqdn = -# Example: use_fqdn = True -# -# (IntOpt) Sync interval in seconds between Neutron plugin and EOS. -# This field defines how often the synchronization is performed. -# This is an optional field. If not set, a value of 180 seconds -# is assumed. -# -# sync_interval = -# Example: sync_interval = 60 -# -# (StrOpt) Defines Region Name that is assigned to this OpenStack Controller. -# This is useful when multiple OpenStack/Neutron controllers are -# managing the same Arista HW clusters. Note that this name must -# match with the region name registered (or known) to keystone -# service. Authentication with Keysotne is performed by EOS. -# This is optional. If not set, a value of "RegionOne" is assumed. -# -# region_name = -# Example: region_name = RegionOne - - -[l3_arista] - -# (StrOpt) primary host IP address. This is required field. If not set, all -# communications to Arista EOS will fail. This is the host where -# primary router is created. -# -# primary_l3_host = -# Example: primary_l3_host = 192.168.10.10 -# -# (StrOpt) Primary host username. This is required field. -# if not set, all communications to Arista EOS will fail. -# -# primary_l3_host_username = -# Example: arista_primary_l3_username = admin -# -# (StrOpt) Primary host password. This is required field. -# if not set, all communications to Arista EOS will fail. -# -# primary_l3_host_password = -# Example: primary_l3_password = my_password -# -# (StrOpt) IP address of the second Arista switch paired as -# MLAG (Multi-chassis Link Aggregation) with the first. -# This is optional field, however, if mlag_config flag is set, -# then this is a required field. If not set, all -# communications to Arista EOS will fail. If mlag_config is set -# to False, then this field is ignored -# -# seconadary_l3_host = -# Example: seconadary_l3_host = 192.168.10.20 -# -# (BoolOpt) Defines if Arista switches are configured in MLAG mode -# If yes, all L3 configuration is pushed to both switches -# automatically. If this flag is set, ensure that secondary_l3_host -# is set to the second switch's IP. -# This flag is Optional. If not set, a value of "False" is assumed. -# -# mlag_config = -# Example: mlag_config = True -# -# (BoolOpt) Defines if the router is created in default VRF or a -# a specific VRF. This is optional. -# If not set, a value of "False" is assumed. -# -# Example: use_vrf = True -# -# (IntOpt) Sync interval in seconds between Neutron plugin and EOS. -# This field defines how often the synchronization is performed. -# This is an optional field. If not set, a value of 180 seconds -# is assumed. -# -# l3_sync_interval = -# Example: l3_sync_interval = 60 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini deleted file mode 100644 index 67574110..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini +++ /dev/null @@ -1,15 +0,0 @@ -[ml2_brocade] -# username = <mgmt admin username> -# password = <mgmt admin password> -# address = <switch mgmt ip address> -# ostype = NOS -# osversion = autodetect | n.n.n -# physical_networks = physnet1,physnet2 -# -# Example: -# username = admin -# password = password -# address = 10.24.84.38 -# ostype = NOS -# osversion = 4.1.1 -# physical_networks = physnet1,physnet2 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini deleted file mode 100644 index 1b69100e..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini +++ /dev/null @@ -1,118 +0,0 @@ -[ml2_cisco] - -# (StrOpt) A short prefix to prepend to the VLAN number when creating a -# VLAN interface. For example, if an interface is being created for -# VLAN 2001 it will be named 'q-2001' using the default prefix. -# -# vlan_name_prefix = q- -# Example: vlan_name_prefix = vnet- - -# (BoolOpt) A flag to enable round robin scheduling of routers for SVI. -# svi_round_robin = False - -# -# (StrOpt) The name of the physical_network managed via the Cisco Nexus Switch. -# This string value must be present in the ml2_conf.ini network_vlan_ranges -# variable. -# -# managed_physical_network = -# Example: managed_physical_network = physnet1 - -# Cisco Nexus Switch configurations. -# Each switch to be managed by Openstack Neutron must be configured here. -# -# Cisco Nexus Switch Format. -# [ml2_mech_cisco_nexus:<IP address of switch>] -# <hostname>=<intf_type:port> (1) -# ssh_port=<ssh port> (2) -# username=<credential username> (3) -# password=<credential password> (4) -# -# (1) For each host connected to a port on the switch, specify the hostname -# and the Nexus physical port (interface) it is connected to. -# Valid intf_type's are 'ethernet' and 'port-channel'. -# The default setting for <intf_type:> is 'ethernet' and need not be -# added to this setting. -# (2) The TCP port for connecting via SSH to manage the switch. This is -# port number 22 unless the switch has been configured otherwise. -# (3) The username for logging into the switch to manage it. -# (4) The password for logging into the switch to manage it. -# -# Example: -# [ml2_mech_cisco_nexus:1.1.1.1] -# compute1=1/1 -# compute2=ethernet:1/2 -# compute3=port-channel:1 -# ssh_port=22 -# username=admin -# password=mySecretPassword - -[ml2_cisco_apic] - -# Hostname:port list of APIC controllers -# apic_hosts = 1.1.1.1:80, 1.1.1.2:8080, 1.1.1.3:80 - -# Username for the APIC controller -# apic_username = user - -# Password for the APIC controller -# apic_password = password - -# Whether use SSl for connecting to the APIC controller or not -# apic_use_ssl = True - -# How to map names to APIC: use_uuid or use_name -# apic_name_mapping = use_name - -# Names for APIC objects used by Neutron -# Note: When deploying multiple clouds against one APIC, -# these names must be unique between the clouds. -# apic_vmm_domain = openstack -# apic_vlan_ns_name = openstack_ns -# apic_node_profile = openstack_profile -# apic_entity_profile = openstack_entity -# apic_function_profile = openstack_function -# apic_app_profile_name = openstack_app -# Agent timers for State reporting and topology discovery -# apic_sync_interval = 30 -# apic_agent_report_interval = 30 -# apic_agent_poll_interval = 2 - -# Specify your network topology. -# This section indicates how your compute nodes are connected to the fabric's -# switches and ports. The format is as follows: -# -# [apic_switch:<swich_id_from_the_apic>] -# <compute_host>,<compute_host> = <switchport_the_host(s)_are_connected_to> -# -# You can have multiple sections, one for each switch in your fabric that is -# participating in Openstack. e.g. -# -# [apic_switch:17] -# ubuntu,ubuntu1 = 1/10 -# ubuntu2,ubuntu3 = 1/11 -# -# [apic_switch:18] -# ubuntu5,ubuntu6 = 1/1 -# ubuntu7,ubuntu8 = 1/2 - -# Describe external connectivity. -# In this section you can specify the external network configuration in order -# for the plugin to be able to teach the fabric how to route the internal -# traffic to the outside world. The external connectivity configuration -# format is as follows: -# -# [apic_external_network:<externalNetworkName>] -# switch = <switch_id_from_the_apic> -# port = <switchport_the_external_router_is_connected_to> -# encap = <encapsulation> -# cidr_exposed = <cidr_exposed_to_the_external_router> -# gateway_ip = <ip_of_the_external_gateway> -# -# An example follows: -# [apic_external_network:network_ext] -# switch=203 -# port=1/34 -# encap=vlan-100 -# cidr_exposed=10.10.40.2/16 -# gateway_ip=10.10.40.1 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini deleted file mode 100644 index 6ee4a4e0..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini +++ /dev/null @@ -1,52 +0,0 @@ -# Defines Configuration options for FSL SDN OS Mechanism Driver -# Cloud Resource Discovery (CRD) authorization credentials -[ml2_fslsdn] -#(StrOpt) User name for authentication to CRD. -# e.g.: user12 -# -# crd_user_name = - -#(StrOpt) Password for authentication to CRD. -# e.g.: secret -# -# crd_password = - -#(StrOpt) Tenant name for CRD service. -# e.g.: service -# -# crd_tenant_name = - -#(StrOpt) CRD auth URL. -# e.g.: http://127.0.0.1:5000/v2.0/ -# -# crd_auth_url = - -#(StrOpt) URL for connecting to CRD Service. -# e.g.: http://127.0.0.1:9797 -# -# crd_url= - -#(IntOpt) Timeout value for connecting to CRD service -# in seconds, e.g.: 30 -# -# crd_url_timeout= - -#(StrOpt) Region name for connecting to CRD in -# admin context, e.g.: RegionOne -# -# crd_region_name= - -#(BoolOpt)If set, ignore any SSL validation issues (boolean value) -# e.g.: False -# -# crd_api_insecure= - -#(StrOpt)Authorization strategy for connecting to CRD in admin -# context, e.g.: keystone -# -# crd_auth_strategy= - -#(StrOpt)Location of CA certificates file to use for CRD client -# requests. -# -# crd_ca_certificates_file= diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini deleted file mode 100644 index 46139aed..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini +++ /dev/null @@ -1,4 +0,0 @@ -[eswitch] -# (StrOpt) Type of Network Interface to allocate for VM: -# mlnx_direct or hostdev according to libvirt terminology -# vnic_type = mlnx_direct diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini deleted file mode 100644 index dbbfcbd2..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini +++ /dev/null @@ -1,28 +0,0 @@ -# Defines configuration options specific to the Tail-f NCS Mechanism Driver - -[ml2_ncs] -# (StrOpt) Tail-f NCS HTTP endpoint for REST access to the OpenStack -# subtree. -# If this is not set then no HTTP requests will be made. -# -# url = -# Example: url = http://ncs/api/running/services/openstack - -# (StrOpt) Username for HTTP basic authentication to NCS. -# This is an optional parameter. If unspecified then no authentication is used. -# -# username = -# Example: username = admin - -# (StrOpt) Password for HTTP basic authentication to NCS. -# This is an optional parameter. If unspecified then no authentication is used. -# -# password = -# Example: password = admin - -# (IntOpt) Timeout in seconds to wait for NCS HTTP request completion. -# This is an optional parameter, default value is 10 seconds. -# -# timeout = -# Example: timeout = 15 - diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini deleted file mode 100644 index 9e88c1bb..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini +++ /dev/null @@ -1,30 +0,0 @@ -# Configuration for the OpenDaylight MechanismDriver - -[ml2_odl] -# (StrOpt) OpenDaylight REST URL -# If this is not set then no HTTP requests will be made. -# -# url = -# Example: url = http://192.168.56.1:8080/controller/nb/v2/neutron - -# (StrOpt) Username for HTTP basic authentication to ODL. -# -# username = -# Example: username = admin - -# (StrOpt) Password for HTTP basic authentication to ODL. -# -# password = -# Example: password = admin - -# (IntOpt) Timeout in seconds to wait for ODL HTTP request completion. -# This is an optional parameter, default value is 10 seconds. -# -# timeout = 10 -# Example: timeout = 15 - -# (IntOpt) Timeout in minutes to wait for a Tomcat session timeout. -# This is an optional parameter, default value is 30 minutes. -# -# session_timeout = 30 -# Example: session_timeout = 60 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini deleted file mode 100644 index 4a94b987..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini +++ /dev/null @@ -1,13 +0,0 @@ -# Defines configuration options specific to the OpenFlow Agent Mechanism Driver - -[ovs] -# Please refer to configuration options to the OpenvSwitch - -[agent] -# (IntOpt) Number of seconds to retry acquiring an Open vSwitch datapath. -# This is an optional parameter, default value is 60 seconds. -# -# get_datapath_retry_times = -# Example: get_datapath_retry_times = 30 - -# Please refer to configuration options to the OpenvSwitch else the above. diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini deleted file mode 100644 index 9566f54c..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini +++ /dev/null @@ -1,31 +0,0 @@ -# Defines configuration options for SRIOV NIC Switch MechanismDriver -# and Agent - -[ml2_sriov] -# (ListOpt) Comma-separated list of -# supported Vendor PCI Devices, in format vendor_id:product_id -# -# supported_pci_vendor_devs = 15b3:1004, 8086:10c9 -# Example: supported_pci_vendor_devs = 15b3:1004 -# -# (BoolOpt) Requires running SRIOV neutron agent for port binding -# agent_required = True - -[sriov_nic] -# (ListOpt) Comma-separated list of <physical_network>:<network_device> -# tuples mapping physical network names to the agent's node-specific -# physical network device interfaces of SR-IOV physical function to be used -# for VLAN networks. All physical networks listed in network_vlan_ranges on -# the server should have mappings to appropriate interfaces on each agent. -# -# physical_device_mappings = -# Example: physical_device_mappings = physnet1:eth1 -# -# (ListOpt) Comma-separated list of <network_device>:<vfs__to_exclude> -# tuples, mapping network_device to the agent's node-specific list of virtual -# functions that should not be used for virtual networking. -# vfs_to_exclude is a semicolon-separated list of virtual -# functions to exclude from network_device. The network_device in the -# mapping should appear in the physical_device_mappings list. -# exclude_devices = -# Example: exclude_devices = eth1:0000:07:00.2; 0000:07:00.3 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini deleted file mode 100644 index b1225111..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini +++ /dev/null @@ -1,79 +0,0 @@ -[mlnx] -# (StrOpt) Type of network to allocate for tenant networks. The -# default value is 'vlan' You MUST configure network_vlan_ranges below -# in order for tenant networks to provide connectivity between hosts. -# Set to 'none' to disable creation of tenant networks. -# -# tenant_network_type = vlan -# Example: tenant_network_type = vlan - -# (ListOpt) Comma-separated list of -# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges -# of VLAN IDs on named physical networks that are available for -# allocation. All physical networks listed are available for flat and -# VLAN provider network creation. Specified ranges of VLAN IDs are -# available for tenant network allocation if tenant_network_type is -# 'vlan'. If empty, only local networks may be created. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = default:1:100 - -# (ListOpt) Comma-separated list of -# <physical_network>:<physical_network_type> tuples mapping physical -# network names to physical network types. All physical -# networks listed in network_vlan_ranges should have -# mappings to appropriate physical network type. -# Type of the physical network can be either eth (Ethernet) or -# ib (InfiniBand). If empty, physical network eth type is assumed. -# -# physical_network_type_mappings = -# Example: physical_network_type_mappings = default:eth - -# (StrOpt) Type of the physical network, can be either 'eth' or 'ib' -# The default value is 'eth' -# physical_network_type = eth - -[eswitch] -# (ListOpt) Comma-separated list of -# <physical_network>:<physical_interface> tuples mapping physical -# network names to the agent's node-specific physical network -# interfaces to be used for flat and VLAN networks. All physical -# networks listed in network_vlan_ranges on the server should have -# mappings to appropriate interfaces on each agent. -# -# physical_interface_mappings = -# Example: physical_interface_mappings = default:eth2 - -# (StrOpt) Type of Network Interface to allocate for VM: -# direct or hosdev according to libvirt terminology -# vnic_type = mlnx_direct - -# (StrOpt) Eswitch daemon end point connection url -# daemon_endpoint = 'tcp://127.0.0.1:60001' - -# The number of milliseconds the agent will wait for -# response on request to daemon -# request_timeout = 3000 - -# The number of retries the agent will send request -# to daemon before giving up -# retries = 3 - -# The backoff rate multiplier for waiting period between retries -# on request to daemon, i.e. value of 2 will double -# the request timeout each retry -# backoff_rate = 2 - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -# (BoolOpt) Enable server RPC compatibility with old (pre-havana) -# agents. -# -# rpc_support_old_agents = False - -[securitygroup] -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/nec/nec.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/nec/nec.ini deleted file mode 100644 index aa4171da..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/nec/nec.ini +++ /dev/null @@ -1,60 +0,0 @@ -# Sample Configurations - -[ovs] -# Do not change this parameter unless you have a good reason to. -# This is the name of the OVS integration bridge. There is one per hypervisor. -# The integration bridge acts as a virtual "patch port". All VM VIFs are -# attached to this bridge and then "patched" according to their network -# connectivity. -# integration_bridge = br-int - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -[securitygroup] -# Firewall driver for realizing neutron security group function -firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True - -[ofc] -# Specify OpenFlow Controller Host, Port and Driver to connect. -# host = 127.0.0.1 -# port = 8888 - -# Base URL of OpenFlow Controller REST API. -# It is prepended to a path of each API request. -# path_prefix = - -# Drivers are in neutron/plugins/nec/drivers/ . -# driver = trema - -# PacketFilter is available when it's enabled in this configuration -# and supported by the driver. -# enable_packet_filter = true - -# Use SSL to connect -# use_ssl = false - -# Key file -# key_file = - -# Certificate file -# cert_file = - -# Disable SSL certificate verification -# insecure_ssl = false - -# Maximum attempts per OFC API request. NEC plugin retries -# API request to OFC when OFC returns ServiceUnavailable (503). -# The value must be greater than 0. -# api_max_attempts = 3 - -[provider] -# Default router provider to use. -# default_router_provider = l3-agent -# List of enabled router providers. -# router_providers = l3-agent,openflow diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini deleted file mode 100644 index aad37bd5..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini +++ /dev/null @@ -1,41 +0,0 @@ -# Please fill in the correct data for all the keys below and uncomment key-value pairs -[restproxy] -# (StrOpt) Default Network partition in which VSD will -# orchestrate network resources using openstack -# -#default_net_partition_name = <default-net-partition-name> - -# (StrOpt) Nuage provided uri for initial authorization to -# access VSD -# -#auth_resource = /auth - -# (StrOpt) IP Address and Port of VSD -# -#server = ip:port - -# (StrOpt) Organization name in which VSD will orchestrate -# network resources using openstack -# -#organization = org - -# (StrOpt) Username and password of VSD for authentication -# -#serverauth = uname:pass - -# (BoolOpt) Boolean for SSL connection with VSD server -# -#serverssl = True - -# (StrOpt) Nuage provided base uri to reach out to VSD -# -#base_uri = /base - -[syncmanager] -# (BoolOpt) Boolean to enable sync between openstack and VSD -# -#enable_sync = False - -# (IntOpt) Sync interval in seconds between openstack and VSD -# -#sync_interval = 0
\ No newline at end of file diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini deleted file mode 100644 index a1c05d97..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini +++ /dev/null @@ -1,35 +0,0 @@ -[nvsd] -# Configure the NVSD controller. The plugin proxies the api calls using -# to NVSD controller which implements the required functionality. - -# IP address of NVSD controller api server -# nvsd_ip = <ip address of nvsd controller> - -# Port number of NVSD controller api server -# nvsd_port = 8082 - -# Authentication credentials to access the api server -# nvsd_user = <nvsd controller username> -# nvsd_passwd = <password> - -# API request timeout in seconds -# request_timeout = <default request timeout> - -# Maximum number of retry attempts to login to the NVSD controller -# Specify 0 to retry until success (default) -# nvsd_retries = 0 - -[securitygroup] -# Specify firewall_driver option, if neutron security groups are disabled, -# then NoopFirewallDriver otherwise OVSHybridIptablesFirewallDriver. -# firewall_driver = neutron.agent.firewall.NoopFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True - -[agent] -# root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf - -[database] -# connection = mysql://root:<passwd>@127.0.0.1/<neutron_db>?charset=utf8 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini deleted file mode 100644 index 629f1fc4..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini +++ /dev/null @@ -1,26 +0,0 @@ -# OpenContrail is an Apache 2.0-licensed project that is built using -# standards-based protocols and provides all the necessary components for -# network virtualization–SDN controller, virtual router, analytics engine, -# and published northbound APIs -# For more information visit: http://opencontrail.org - -# Opencontrail plugin specific configuration -[CONTRAIL] -# (StrOpt) IP address to connect to opencontrail controller. -# Uncomment this line for specifying the IP address of the opencontrail -# Api-Server. -# Default value is local host(127.0.0.1). -# api_server_ip='127.0.0.1' - -# (IntOpt) port to connect to opencontrail controller. -# Uncomment this line for the specifying the Port of the opencontrail -# Api-Server. -# Default value is 8082 -# api_server_port=8082 - -# (DictOpt) enable opencontrail extensions -# Opencontrail in future would support extension such as ipam, policy, -# these extensions can be configured as shown below. Plugin will then -# load the specified extensions. -# Default value is None, it wont load any extension -# contrail_extensions=ipam:<classpath>,policy:<classpath> diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini deleted file mode 100644 index 9c8e6b58..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini +++ /dev/null @@ -1,190 +0,0 @@ -[ovs] -# (StrOpt) Type of network to allocate for tenant networks. The -# default value 'local' is useful only for single-box testing and -# provides no connectivity between hosts. You MUST either change this -# to 'vlan' and configure network_vlan_ranges below or change this to -# 'gre' or 'vxlan' and configure tunnel_id_ranges below in order for -# tenant networks to provide connectivity between hosts. Set to 'none' -# to disable creation of tenant networks. -# -# tenant_network_type = local -# Example: tenant_network_type = gre -# Example: tenant_network_type = vxlan - -# (ListOpt) Comma-separated list of -# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges -# of VLAN IDs on named physical networks that are available for -# allocation. All physical networks listed are available for flat and -# VLAN provider network creation. Specified ranges of VLAN IDs are -# available for tenant network allocation if tenant_network_type is -# 'vlan'. If empty, only gre, vxlan and local networks may be created. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = physnet1:1000:2999 - -# (BoolOpt) Set to True in the server and the agents to enable support -# for GRE or VXLAN networks. Requires kernel support for OVS patch ports and -# GRE or VXLAN tunneling. -# -# WARNING: This option will be deprecated in the Icehouse release, at which -# point setting tunnel_type below will be required to enable -# tunneling. -# -# enable_tunneling = False - -# (StrOpt) The type of tunnel network, if any, supported by the plugin. If -# this is set, it will cause tunneling to be enabled. If this is not set and -# the option enable_tunneling is set, this will default to 'gre'. -# -# tunnel_type = -# Example: tunnel_type = gre -# Example: tunnel_type = vxlan - -# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples -# enumerating ranges of GRE or VXLAN tunnel IDs that are available for -# tenant network allocation if tenant_network_type is 'gre' or 'vxlan'. -# -# tunnel_id_ranges = -# Example: tunnel_id_ranges = 1:1000 - -# Do not change this parameter unless you have a good reason to. -# This is the name of the OVS integration bridge. There is one per hypervisor. -# The integration bridge acts as a virtual "patch bay". All VM VIFs are -# attached to this bridge and then "patched" according to their network -# connectivity. -# -# integration_bridge = br-int - -# Only used for the agent if tunnel_id_ranges (above) is not empty for -# the server. In most cases, the default value should be fine. -# -# tunnel_bridge = br-tun - -# Peer patch port in integration bridge for tunnel bridge -# int_peer_patch_port = patch-tun - -# Peer patch port in tunnel bridge for integration bridge -# tun_peer_patch_port = patch-int - -# Uncomment this line for the agent if tunnel_id_ranges (above) is not -# empty for the server. Set local-ip to be the local IP address of -# this hypervisor. -# -# local_ip = - -# (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples -# mapping physical network names to the agent's node-specific OVS -# bridge names to be used for flat and VLAN networks. The length of -# bridge names should be no more than 11. Each bridge must -# exist, and should have a physical network interface configured as a -# port. All physical networks listed in network_vlan_ranges on the -# server should have mappings to appropriate bridges on each agent. -# -# bridge_mappings = -# Example: bridge_mappings = physnet1:br-eth1 - -# (BoolOpt) Use veths instead of patch ports to interconnect the integration -# bridge to physical networks. Support kernel without ovs patch port support -# so long as it is set to True. -# use_veth_interconnection = False - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -# Minimize polling by monitoring ovsdb for interface changes -# minimize_polling = True - -# When minimize_polling = True, the number of seconds to wait before -# respawning the ovsdb monitor after losing communication with it -# ovsdb_monitor_respawn_interval = 30 - -# (ListOpt) The types of tenant network tunnels supported by the agent. -# Setting this will enable tunneling support in the agent. This can be set to -# either 'gre' or 'vxlan'. If this is unset, it will default to [] and -# disable tunneling support in the agent. When running the agent with the OVS -# plugin, this value must be the same as "tunnel_type" in the "[ovs]" section. -# When running the agent with ML2, you can specify as many values here as -# your compute hosts supports. -# -# tunnel_types = -# Example: tunnel_types = gre -# Example: tunnel_types = vxlan -# Example: tunnel_types = vxlan, gre - -# (IntOpt) The port number to utilize if tunnel_types includes 'vxlan'. By -# default, this will make use of the Open vSwitch default value of '4789' if -# not specified. -# -# vxlan_udp_port = -# Example: vxlan_udp_port = 8472 - -# (IntOpt) This is the MTU size of veth interfaces. -# Do not change unless you have a good reason to. -# The default MTU size of veth interfaces is 1500. -# This option has no effect if use_veth_interconnection is False -# veth_mtu = -# Example: veth_mtu = 1504 - -# (BoolOpt) Flag to enable l2-population extension. This option should only be -# used in conjunction with ml2 plugin and l2population mechanism driver. It'll -# enable plugin to populate remote ports macs and IPs (using fdb_add/remove -# RPC calbbacks instead of tunnel_sync/update) on OVS agents in order to -# optimize tunnel management. -# -# l2_population = False - -# Enable local ARP responder. Requires OVS 2.1. This is only used by the l2 -# population ML2 MechanismDriver. -# -# arp_responder = False - -# (BoolOpt) Set or un-set the don't fragment (DF) bit on outgoing IP packet -# carrying GRE/VXLAN tunnel. The default value is True. -# -# dont_fragment = True - -# (BoolOpt) Set to True on L2 agents to enable support -# for distributed virtual routing. -# -# enable_distributed_routing = False - -[securitygroup] -# Firewall driver for realizing neutron security group function. -# firewall_driver = neutron.agent.firewall.NoopFirewallDriver -# Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True - -#----------------------------------------------------------------------------- -# Sample Configurations. -#----------------------------------------------------------------------------- -# -# 1. With VLANs on eth1. -# [ovs] -# network_vlan_ranges = default:2000:3999 -# tunnel_id_ranges = -# integration_bridge = br-int -# bridge_mappings = default:br-eth1 -# -# 2. With GRE tunneling. -# [ovs] -# network_vlan_ranges = -# tunnel_id_ranges = 1:1000 -# integration_bridge = br-int -# tunnel_bridge = br-tun -# local_ip = 10.0.0.3 -# -# 3. With VXLAN tunneling. -# [ovs] -# network_vlan_ranges = -# tenant_network_type = vxlan -# tunnel_type = vxlan -# tunnel_id_ranges = 1:1000 -# integration_bridge = br-int -# tunnel_bridge = br-tun -# local_ip = 10.0.0.3 -# [agent] -# tunnel_types = vxlan diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini deleted file mode 100644 index bfe8062a..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini +++ /dev/null @@ -1,14 +0,0 @@ -# Config file for Neutron PLUMgrid Plugin - -[plumgriddirector] -# This line should be pointing to the PLUMgrid Director, -# for the PLUMgrid platform. -# director_server=<director-ip-address> -# director_server_port=<director-port> -# Authentification parameters for the Director. -# These are the admin credentials to manage and control -# the PLUMgrid Director server. -# username=<director-admin-username> -# password=<director-admin-password> -# servertimeout=5 -# driver=<plugin-driver> diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/vmware/nsx.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/vmware/nsx.ini deleted file mode 100644 index baca73b8..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/vmware/nsx.ini +++ /dev/null @@ -1,200 +0,0 @@ -[DEFAULT] -# User name for NSX controller -# nsx_user = admin - -# Password for NSX controller -# nsx_password = admin - -# Time before aborting a request on an unresponsive controller (Seconds) -# http_timeout = 75 - -# Maximum number of times a particular request should be retried -# retries = 2 - -# Maximum number of times a redirect response should be followed -# redirects = 2 - -# Comma-separated list of NSX controller endpoints (<ip>:<port>). When port -# is omitted, 443 is assumed. This option MUST be specified, e.g.: -# nsx_controllers = xx.yy.zz.ww:443, aa.bb.cc.dd, ee.ff.gg.hh.ee:80 - -# UUID of the pre-existing default NSX Transport zone to be used for creating -# tunneled isolated "Neutron" networks. This option MUST be specified, e.g.: -# default_tz_uuid = 1e8e52cf-fa7f-46b0-a14a-f99835a9cb53 - -# (Optional) UUID for the default l3 gateway service to use with this cluster. -# To be specified if planning to use logical routers with external gateways. -# default_l3_gw_service_uuid = - -# (Optional) UUID for the default l2 gateway service to use with this cluster. -# To be specified for providing a predefined gateway tenant for connecting their networks. -# default_l2_gw_service_uuid = - -# (Optional) UUID for the default service cluster. A service cluster is introduced to -# represent a group of gateways and it is needed in order to use Logical Services like -# dhcp and metadata in the logical space. NOTE: If agent_mode is set to 'agentless' this -# config parameter *MUST BE* set to a valid pre-existent service cluster uuid. -# default_service_cluster_uuid = - -# Name of the default interface name to be used on network-gateway. This value -# will be used for any device associated with a network gateway for which an -# interface name was not specified -# default_interface_name = breth0 - -[quotas] -# number of network gateways allowed per tenant, -1 means unlimited -# quota_network_gateway = 5 - -[vcns] -# URL for VCNS manager -# manager_uri = https://management_ip - -# User name for VCNS manager -# user = admin - -# Password for VCNS manager -# password = default - -# (Optional) Datacenter ID for Edge deployment -# datacenter_moid = - -# (Optional) Deployment Container ID for NSX Edge deployment -# If not specified, either a default global container will be used, or -# the resource pool and datastore specified below will be used -# deployment_container_id = - -# (Optional) Resource pool ID for NSX Edge deployment -# resource_pool_id = - -# (Optional) Datastore ID for NSX Edge deployment -# datastore_id = - -# (Required) UUID of logic switch for physical network connectivity -# external_network = - -# (Optional) Asynchronous task status check interval -# default is 2000 (millisecond) -# task_status_check_interval = 2000 - -[nsx] -# Maximum number of ports for each bridged logical switch -# The recommended value for this parameter varies with NSX version -# Please use: -# NSX 2.x -> 64 -# NSX 3.0, 3.1 -> 5000 -# NSX 3.2 -> 10000 -# max_lp_per_bridged_ls = 5000 - -# Maximum number of ports for each overlay (stt, gre) logical switch -# max_lp_per_overlay_ls = 256 - -# Number of connections to each controller node. -# default is 10 -# concurrent_connections = 10 - -# Number of seconds a generation id should be valid for (default -1 meaning do not time out) -# nsx_gen_timeout = -1 - -# Acceptable values for 'metadata_mode' are: -# - 'access_network': this enables a dedicated connection to the metadata -# proxy for metadata server access via Neutron router. -# - 'dhcp_host_route': this enables host route injection via the dhcp agent. -# This option is only useful if running on a host that does not support -# namespaces otherwise access_network should be used. -# metadata_mode = access_network - -# The default network transport type to use (stt, gre, bridge, ipsec_gre, or ipsec_stt) -# default_transport_type = stt - -# Specifies in which mode the plugin needs to operate in order to provide DHCP and -# metadata proxy services to tenant instances. If 'agent' is chosen (default) -# the NSX plugin relies on external RPC agents (i.e. dhcp and metadata agents) to -# provide such services. In this mode, the plugin supports API extensions 'agent' -# and 'dhcp_agent_scheduler'. If 'agentless' is chosen (experimental in Icehouse), -# the plugin will use NSX logical services for DHCP and metadata proxy. This -# simplifies the deployment model for Neutron, in that the plugin no longer requires -# the RPC agents to operate. When 'agentless' is chosen, the config option metadata_mode -# becomes ineffective. The 'agentless' mode is supported from NSX 4.2 or above. -# Furthermore, a 'combined' mode is also provided and is used to support existing -# deployments that want to adopt the agentless mode going forward. With this mode, -# existing networks keep being served by the existing infrastructure (thus preserving -# backward compatibility, whereas new networks will be served by the new infrastructure. -# Migration tools are provided to 'move' one network from one model to another; with -# agent_mode set to 'combined', option 'network_auto_schedule' in neutron.conf is -# ignored, as new networks will no longer be scheduled to existing dhcp agents. -# agent_mode = agent - -# Specifies which mode packet replication should be done in. If set to service -# a service node is required in order to perform packet replication. This can -# also be set to source if one wants replication to be performed locally (NOTE: -# usually only useful for testing if one does not want to deploy a service node). -# In order to leverage distributed routers, replication_mode should be set to -# "service". -# replication_mode = service - -[nsx_sync] -# Interval in seconds between runs of the status synchronization task. -# The plugin will aim at resynchronizing operational status for all -# resources in this interval, and it should be therefore large enough -# to ensure the task is feasible. Otherwise the plugin will be -# constantly synchronizing resource status, ie: a new task is started -# as soon as the previous is completed. -# If this value is set to 0, the state synchronization thread for this -# Neutron instance will be disabled. -# state_sync_interval = 10 - -# Random additional delay between two runs of the state synchronization task. -# An additional wait time between 0 and max_random_sync_delay seconds -# will be added on top of state_sync_interval. -# max_random_sync_delay = 0 - -# Minimum delay, in seconds, between two status synchronization requests for NSX. -# Depending on chunk size, controller load, and other factors, state -# synchronization requests might be pretty heavy. This means the -# controller might take time to respond, and its load might be quite -# increased by them. This parameter allows to specify a minimum -# interval between two subsequent requests. -# The value for this parameter must never exceed state_sync_interval. -# If this does, an error will be raised at startup. -# min_sync_req_delay = 1 - -# Minimum number of resources to be retrieved from NSX in a single status -# synchronization request. -# The actual size of the chunk will increase if the number of resources is such -# that using the minimum chunk size will cause the interval between two -# requests to be less than min_sync_req_delay -# min_chunk_size = 500 - -# Enable this option to allow punctual state synchronization on show -# operations. In this way, show operations will always fetch the operational -# status of the resource from the NSX backend, and this might have -# a considerable impact on overall performance. -# always_read_status = False - -[nsx_lsn] -# Pull LSN information from NSX in case it is missing from the local -# data store. This is useful to rebuild the local store in case of -# server recovery -# sync_on_missing_data = False - -[nsx_dhcp] -# (Optional) Comma separated list of additional dns servers. Default is an empty list -# extra_domain_name_servers = - -# Domain to use for building the hostnames -# domain_name = openstacklocal - -# Default DHCP lease time -# default_lease_time = 43200 - -[nsx_metadata] -# IP address used by Metadata server -# metadata_server_address = 127.0.0.1 - -# TCP Port used by Metadata server -# metadata_server_port = 8775 - -# When proxying metadata requests, Neutron signs the Instance-ID header with a -# shared secret to prevent spoofing. You may select any string for a secret, -# but it MUST match with the configuration used by the Metadata server -# metadata_shared_secret = diff --git a/install-files/openstack/usr/share/openstack/neutron/policy.json b/install-files/openstack/usr/share/openstack/neutron/policy.json deleted file mode 100644 index e7db4357..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/policy.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "context_is_admin": "role:admin", - "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s", - "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s", - "admin_only": "rule:context_is_admin", - "regular_user": "", - "shared": "field:networks:shared=True", - "shared_firewalls": "field:firewalls:shared=True", - "external": "field:networks:router:external=True", - "default": "rule:admin_or_owner", - - "create_subnet": "rule:admin_or_network_owner", - "get_subnet": "rule:admin_or_owner or rule:shared", - "update_subnet": "rule:admin_or_network_owner", - "delete_subnet": "rule:admin_or_network_owner", - - "create_network": "", - "get_network": "rule:admin_or_owner or rule:shared or rule:external", - "get_network:router:external": "rule:regular_user", - "get_network:segments": "rule:admin_only", - "get_network:provider:network_type": "rule:admin_only", - "get_network:provider:physical_network": "rule:admin_only", - "get_network:provider:segmentation_id": "rule:admin_only", - "get_network:queue_id": "rule:admin_only", - "create_network:shared": "rule:admin_only", - "create_network:router:external": "rule:admin_only", - "create_network:segments": "rule:admin_only", - "create_network:provider:network_type": "rule:admin_only", - "create_network:provider:physical_network": "rule:admin_only", - "create_network:provider:segmentation_id": "rule:admin_only", - "update_network": "rule:admin_or_owner", - "update_network:segments": "rule:admin_only", - "update_network:shared": "rule:admin_only", - "update_network:provider:network_type": "rule:admin_only", - "update_network:provider:physical_network": "rule:admin_only", - "update_network:provider:segmentation_id": "rule:admin_only", - "update_network:router:external": "rule:admin_only", - "delete_network": "rule:admin_or_owner", - - "create_port": "", - "create_port:mac_address": "rule:admin_or_network_owner", - "create_port:fixed_ips": "rule:admin_or_network_owner", - "create_port:port_security_enabled": "rule:admin_or_network_owner", - "create_port:binding:host_id": "rule:admin_only", - "create_port:binding:profile": "rule:admin_only", - "create_port:mac_learning_enabled": "rule:admin_or_network_owner", - "get_port": "rule:admin_or_owner", - "get_port:queue_id": "rule:admin_only", - "get_port:binding:vif_type": "rule:admin_only", - "get_port:binding:vif_details": "rule:admin_only", - "get_port:binding:host_id": "rule:admin_only", - "get_port:binding:profile": "rule:admin_only", - "update_port": "rule:admin_or_owner", - "update_port:fixed_ips": "rule:admin_or_network_owner", - "update_port:port_security_enabled": "rule:admin_or_network_owner", - "update_port:binding:host_id": "rule:admin_only", - "update_port:binding:profile": "rule:admin_only", - "update_port:mac_learning_enabled": "rule:admin_or_network_owner", - "delete_port": "rule:admin_or_owner", - - "get_router:ha": "rule:admin_only", - "create_router": "rule:regular_user", - "create_router:external_gateway_info:enable_snat": "rule:admin_only", - "create_router:distributed": "rule:admin_only", - "create_router:ha": "rule:admin_only", - "get_router": "rule:admin_or_owner", - "get_router:distributed": "rule:admin_only", - "update_router:external_gateway_info:enable_snat": "rule:admin_only", - "update_router:distributed": "rule:admin_only", - "update_router:ha": "rule:admin_only", - "delete_router": "rule:admin_or_owner", - - "add_router_interface": "rule:admin_or_owner", - "remove_router_interface": "rule:admin_or_owner", - - "create_firewall": "", - "get_firewall": "rule:admin_or_owner", - "create_firewall:shared": "rule:admin_only", - "get_firewall:shared": "rule:admin_only", - "update_firewall": "rule:admin_or_owner", - "update_firewall:shared": "rule:admin_only", - "delete_firewall": "rule:admin_or_owner", - - "create_firewall_policy": "", - "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls", - "create_firewall_policy:shared": "rule:admin_or_owner", - "update_firewall_policy": "rule:admin_or_owner", - "delete_firewall_policy": "rule:admin_or_owner", - - "create_firewall_rule": "", - "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls", - "update_firewall_rule": "rule:admin_or_owner", - "delete_firewall_rule": "rule:admin_or_owner", - - "create_qos_queue": "rule:admin_only", - "get_qos_queue": "rule:admin_only", - - "update_agent": "rule:admin_only", - "delete_agent": "rule:admin_only", - "get_agent": "rule:admin_only", - - "create_dhcp-network": "rule:admin_only", - "delete_dhcp-network": "rule:admin_only", - "get_dhcp-networks": "rule:admin_only", - "create_l3-router": "rule:admin_only", - "delete_l3-router": "rule:admin_only", - "get_l3-routers": "rule:admin_only", - "get_dhcp-agents": "rule:admin_only", - "get_l3-agents": "rule:admin_only", - "get_loadbalancer-agent": "rule:admin_only", - "get_loadbalancer-pools": "rule:admin_only", - - "create_floatingip": "rule:regular_user", - "update_floatingip": "rule:admin_or_owner", - "delete_floatingip": "rule:admin_or_owner", - "get_floatingip": "rule:admin_or_owner", - - "create_network_profile": "rule:admin_only", - "update_network_profile": "rule:admin_only", - "delete_network_profile": "rule:admin_only", - "get_network_profiles": "", - "get_network_profile": "", - "update_policy_profiles": "rule:admin_only", - "get_policy_profiles": "", - "get_policy_profile": "", - - "create_metering_label": "rule:admin_only", - "delete_metering_label": "rule:admin_only", - "get_metering_label": "rule:admin_only", - - "create_metering_label_rule": "rule:admin_only", - "delete_metering_label_rule": "rule:admin_only", - "get_metering_label_rule": "rule:admin_only", - - "get_service_provider": "rule:regular_user", - "get_lsn": "rule:admin_only", - "create_lsn": "rule:admin_only" -} diff --git a/install-files/openstack/usr/share/openstack/neutron/vpn_agent.ini b/install-files/openstack/usr/share/openstack/neutron/vpn_agent.ini deleted file mode 100644 index c3089df9..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/vpn_agent.ini +++ /dev/null @@ -1,14 +0,0 @@ -[DEFAULT] -# VPN-Agent configuration file -# Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also - -[vpnagent] -# vpn device drivers which vpn agent will use -# If we want to use multiple drivers, we need to define this option multiple times. -# vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver -# vpn_device_driver=neutron.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver -# vpn_device_driver=another_driver - -[ipsec] -# Status check interval -# ipsec_status_check_interval=60 diff --git a/install-files/openstack/usr/share/openstack/nova/api-paste.ini b/install-files/openstack/usr/share/openstack/nova/api-paste.ini deleted file mode 100644 index 2a825a5b..00000000 --- a/install-files/openstack/usr/share/openstack/nova/api-paste.ini +++ /dev/null @@ -1,118 +0,0 @@ -############ -# Metadata # -############ -[composite:metadata] -use = egg:Paste#urlmap -/: meta - -[pipeline:meta] -pipeline = ec2faultwrap logrequest metaapp - -[app:metaapp] -paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory - -####### -# EC2 # -####### - -[composite:ec2] -use = egg:Paste#urlmap -/services/Cloud: ec2cloud - -[composite:ec2cloud] -use = call:nova.api.auth:pipeline_factory -noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor -keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor - -[filter:ec2faultwrap] -paste.filter_factory = nova.api.ec2:FaultWrapper.factory - -[filter:logrequest] -paste.filter_factory = nova.api.ec2:RequestLogging.factory - -[filter:ec2lockout] -paste.filter_factory = nova.api.ec2:Lockout.factory - -[filter:ec2keystoneauth] -paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory - -[filter:ec2noauth] -paste.filter_factory = nova.api.ec2:NoAuth.factory - -[filter:cloudrequest] -controller = nova.api.ec2.cloud.CloudController -paste.filter_factory = nova.api.ec2:Requestify.factory - -[filter:authorizer] -paste.filter_factory = nova.api.ec2:Authorizer.factory - -[filter:validator] -paste.filter_factory = nova.api.ec2:Validator.factory - -[app:ec2executor] -paste.app_factory = nova.api.ec2:Executor.factory - -############# -# OpenStack # -############# - -[composite:osapi_compute] -use = call:nova.api.openstack.urlmap:urlmap_factory -/: oscomputeversions -/v1.1: openstack_compute_api_v2 -/v2: openstack_compute_api_v2 -/v3: openstack_compute_api_v3 - -[composite:openstack_compute_api_v2] -use = call:nova.api.auth:pipeline_factory -noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2 -keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2 -keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2 - -[composite:openstack_compute_api_v3] -use = call:nova.api.auth:pipeline_factory_v3 -noauth = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3 -keystone = request_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v3 - -[filter:request_id] -paste.filter_factory = nova.openstack.common.middleware.request_id:RequestIdMiddleware.factory - -[filter:compute_req_id] -paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory - -[filter:faultwrap] -paste.filter_factory = nova.api.openstack:FaultWrapper.factory - -[filter:noauth] -paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory - -[filter:noauth_v3] -paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareV3.factory - -[filter:ratelimit] -paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory - -[filter:sizelimit] -paste.filter_factory = nova.api.sizelimit:RequestBodySizeLimiter.factory - -[app:osapi_compute_app_v2] -paste.app_factory = nova.api.openstack.compute:APIRouter.factory - -[app:osapi_compute_app_v3] -paste.app_factory = nova.api.openstack.compute:APIRouterV3.factory - -[pipeline:oscomputeversions] -pipeline = faultwrap oscomputeversionapp - -[app:oscomputeversionapp] -paste.app_factory = nova.api.openstack.compute.versions:Versions.factory - -########## -# Shared # -########## - -[filter:keystonecontext] -paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/install-files/openstack/usr/share/openstack/nova/cells.json b/install-files/openstack/usr/share/openstack/nova/cells.json deleted file mode 100644 index cc74930d..00000000 --- a/install-files/openstack/usr/share/openstack/nova/cells.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parent": { - "name": "parent", - "api_url": "http://api.example.com:8774", - "transport_url": "rabbit://rabbit.example.com", - "weight_offset": 0.0, - "weight_scale": 1.0, - "is_parent": true - }, - "cell1": { - "name": "cell1", - "api_url": "http://api.example.com:8774", - "transport_url": "rabbit://rabbit1.example.com", - "weight_offset": 0.0, - "weight_scale": 1.0, - "is_parent": false - }, - "cell2": { - "name": "cell2", - "api_url": "http://api.example.com:8774", - "transport_url": "rabbit://rabbit2.example.com", - "weight_offset": 0.0, - "weight_scale": 1.0, - "is_parent": false - } -} diff --git a/install-files/openstack/usr/share/openstack/nova/logging.conf b/install-files/openstack/usr/share/openstack/nova/logging.conf deleted file mode 100644 index 5482a040..00000000 --- a/install-files/openstack/usr/share/openstack/nova/logging.conf +++ /dev/null @@ -1,81 +0,0 @@ -[loggers] -keys = root, nova - -[handlers] -keys = stderr, stdout, watchedfile, syslog, null - -[formatters] -keys = context, default - -[logger_root] -level = WARNING -handlers = null - -[logger_nova] -level = INFO -handlers = stderr -qualname = nova - -[logger_amqp] -level = WARNING -handlers = stderr -qualname = amqp - -[logger_amqplib] -level = WARNING -handlers = stderr -qualname = amqplib - -[logger_sqlalchemy] -level = WARNING -handlers = stderr -qualname = sqlalchemy -# "level = INFO" logs SQL queries. -# "level = DEBUG" logs SQL queries and results. -# "level = WARNING" logs neither. (Recommended for production systems.) - -[logger_boto] -level = WARNING -handlers = stderr -qualname = boto - -[logger_suds] -level = INFO -handlers = stderr -qualname = suds - -[logger_eventletwsgi] -level = WARNING -handlers = stderr -qualname = eventlet.wsgi.server - -[handler_stderr] -class = StreamHandler -args = (sys.stderr,) -formatter = context - -[handler_stdout] -class = StreamHandler -args = (sys.stdout,) -formatter = context - -[handler_watchedfile] -class = handlers.WatchedFileHandler -args = ('nova.log',) -formatter = context - -[handler_syslog] -class = handlers.SysLogHandler -args = ('/dev/log', handlers.SysLogHandler.LOG_USER) -formatter = context - -[handler_null] -class = nova.openstack.common.log.NullHandler -formatter = default -args = () - -[formatter_context] -class = nova.openstack.common.log.ContextFormatter - -[formatter_default] -format = %(message)s diff --git a/install-files/openstack/usr/share/openstack/nova/nova.conf b/install-files/openstack/usr/share/openstack/nova/nova.conf index 43343cdd..b49f9522 100644 --- a/install-files/openstack/usr/share/openstack/nova/nova.conf +++ b/install-files/openstack/usr/share/openstack/nova/nova.conf @@ -1,188 +1,68 @@ [DEFAULT] # -# Options defined in oslo.messaging +# From oslo.messaging # -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some -# distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} - -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - -# If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. (string value) +#rpc_zmq_bind_address = * # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker = oslo_messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 +#rpc_zmq_port = 9501 # Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 +#rpc_zmq_contexts = 1 -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> +# Maximum number of ingress messages to locally buffer per topic. Default is +# unlimited. (integer value) +#rpc_zmq_topic_backlog = <None> # Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack +#rpc_zmq_ipc_dir = /var/run/openstack -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=nova +# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match +# "host" option, if running Nova. (string value) +#rpc_zmq_host = localhost -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +# (integer value) +#rpc_cast_timeout = 30 # Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 +#matchmaker_heartbeat_freq = 300 # Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 +#matchmaker_heartbeat_ttl = 600 -# Size of RPC greenthread pool. (integer value) -#rpc_thread_pool_size=64 +# Size of RPC thread pool. (integer value) +#rpc_thread_pool_size = 64 -# Driver or drivers to handle sending notifications. (multi -# valued) -notification_driver=messagingv2 +# Driver or drivers to handle sending notifications. (multi valued) +#notification_driver = # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics -#notification_topics=notifications +#notification_topics = notifications # Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 +#rpc_response_timeout = 60 -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -#transport_url=<None> +# A URL representing the messaging driver to use and its full configuration. If +# not set, we fall back to the rpc_backend option and driver specific +# configuration. (string value) +#transport_url = <None> -# The messaging driver to use, defaults to rabbit. Other -# drivers include qpid and zmq. (string value) -rpc_backend=rabbit +# The messaging driver to use, defaults to rabbit. Other drivers include qpid +# and zmq. (string value) +#rpc_backend = rabbit -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -#control_exchange=openstack +# The default exchange under which topics are scoped. May be overridden by an +# exchange name specified in the transport_url option. (string value) +#control_exchange = openstack # @@ -241,7 +121,10 @@ rpc_backend=rabbit # # IP address of this host (string value) -my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +#my_ip=10.0.0.1 + +# Block storage IP address of this host (string value) +#my_block_storage_ip=$my_ip # Name of this node. This can be an opaque identifier. It is # not necessarily a hostname, FQDN, or IP address. However, @@ -262,7 +145,7 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # notifications, "vm_state" for notifications on VM state # changes, or "vm_and_task_state" for notifications on VM and # task state changes. (string value) -notify_on_state_change=vm_and_task_state +#notify_on_state_change=<None> # If set, send api.fault notifications on caught exceptions in # the API service. (boolean value) @@ -290,7 +173,7 @@ notify_on_state_change=vm_and_task_state # Top-level directory for maintaining nova's state (string # value) -state_path=/var/lib/nova +#state_path=$pybasedir # @@ -325,7 +208,6 @@ state_path=/var/lib/nova #quota_injected_file_content_bytes=10240 # Length of injected file path (integer value) -# Deprecated group/name - [DEFAULT]/quota_injected_file_path_bytes #quota_injected_file_path_length=255 # Number of security groups per project (integer value) @@ -347,11 +229,18 @@ state_path=/var/lib/nova # value) #reservation_expire=86400 -# Count of reservations until usage is refreshed (integer -# value) +# Count of reservations until usage is refreshed. This +# defaults to 0(off) to avoid additional load but it is useful +# to turn on to help keep quota usage up to date and reduce +# the impact of out of sync usage issues. (integer value) #until_refresh=0 -# Number of seconds between subsequent usage refreshes +# Number of seconds between subsequent usage refreshes. This +# defaults to 0(off) to avoid additional load but it is useful +# to turn on to help keep quota usage up to date and reduce +# the impact of out of sync usage issues. Note that quotas are +# not updated on a periodic task, they will update on a new +# reservation if max_age has passed since the last reservation # (integer value) #max_age=0 @@ -376,7 +265,7 @@ state_path=/var/lib/nova #periodic_fuzzy_delay=60 # A list of APIs to enable by default (list value) -enabled_apis=ec2,osapi_compute,metadata +#enabled_apis=ec2,osapi_compute,metadata # A list of APIs with enabled SSL (list value) #enabled_ssl_apis= @@ -420,7 +309,7 @@ enabled_apis=ec2,osapi_compute,metadata #metadata_workers=<None> # Full class name for the Manager for compute (string value) -compute_manager={{ COMPUTE_MANAGER }} +#compute_manager=nova.compute.manager.ComputeManager # Full class name for the Manager for console proxy (string # value) @@ -444,14 +333,6 @@ compute_manager={{ COMPUTE_MANAGER }} # -# Options defined in nova.test -# - -# File name of clean sqlite db (string value) -#sqlite_clean_db=clean.sqlite - - -# # Options defined in nova.utils # @@ -466,11 +347,11 @@ compute_manager={{ COMPUTE_MANAGER }} # Time period to generate instance usages for. Time period # must be hour, day, month or year (string value) -instance_usage_audit_period=hour +#instance_usage_audit_period=month # Path to the rootwrap configuration file to use for running # commands as root (string value) -rootwrap_config=/etc/nova/rootwrap.conf +#rootwrap_config=/etc/nova/rootwrap.conf # Explicitly specify the temporary working directory (string # value) @@ -483,7 +364,7 @@ rootwrap_config=/etc/nova/rootwrap.conf # File name for the paste.deploy config for nova-api (string # value) -api_paste_config=api-paste.ini +#api_paste_config=api-paste.ini # A python format string that is used as the template to # generate log lines. The following values can be formatted @@ -515,6 +396,16 @@ api_paste_config=api-paste.ini # with big service catalogs). (integer value) #max_header_line=16384 +# If False, closes the client socket connection explicitly. +# (boolean value) +#wsgi_keep_alive=true + +# Timeout for client connections' socket operations. If an +# incoming connection is idle for this number of seconds it +# will be closed. A value of '0' means wait forever. (integer +# value) +#client_socket_timeout=900 + # # Options defined in nova.api.auth @@ -525,9 +416,13 @@ api_paste_config=api-paste.ini # v3 api. (boolean value) #api_rate_limit=false -# The strategy to use for auth: noauth or keystone. (string -# value) -auth_strategy=keystone +# The strategy to use for auth: keystone, noauth +# (deprecated), or noauth2. Both noauth and noauth2 are +# designed for testing only, as they do no actual credential +# checking. noauth provides administrative credentials +# regardless of the passed in user, noauth2 only does if +# 'admin' is specified as the username. (string value) +#auth_strategy=keystone # Treat X-Forwarded-For as the canonical remote address. Only # enable this if you have a sanitizing proxy. (boolean value) @@ -561,6 +456,9 @@ auth_strategy=keystone # Time in seconds before ec2 timestamp expires (integer value) #ec2_timestamp_expiry=300 +# Disable SSL certificate verification. (boolean value) +#keystone_ec2_insecure=false + # # Options defined in nova.api.ec2.cloud @@ -581,7 +479,7 @@ auth_strategy=keystone # The path prefix used to call the ec2 API server (string # value) -#ec2_path=/services/Cloud +#ec2_path=/ # List of region=fqdn pairs separated by commas (list value) #region_list= @@ -600,6 +498,19 @@ auth_strategy=keystone # +# Options defined in nova.api.metadata.handler +# + +# Time in seconds to cache metadata; 0 to disable metadata +# caching entirely (not recommended). Increasingthis should +# improve response times of the metadata API when under heavy +# load. Higher values may increase memoryusage and result in +# longer times for host metadata changes to take effect. +# (integer value) +#metadata_cache_expiration=15 + + +# # Options defined in nova.api.metadata.vendordata_json # @@ -640,7 +551,7 @@ auth_strategy=keystone # osapi_compute_extension option with # nova.api.openstack.compute.contrib.select_extensions (list # value) -osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions +#osapi_compute_ext_list= # @@ -666,6 +577,10 @@ osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # value) #neutron_default_tenant_id=default +# Number of private networks allowed per project (integer +# value) +#quota_networks=3 + # # Options defined in nova.api.openstack.compute.extensions @@ -696,15 +611,6 @@ osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # -# Options defined in nova.api.sizelimit -# - -# The maximum body size per each osapi request(bytes) (integer -# value) -#osapi_max_request_body_size=114688 - - -# # Options defined in nova.cert.rpcapi # @@ -807,7 +713,7 @@ osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # hostnames. To restore legacy behavior of every instance # having the same name, set this option to "%(name)s". Valid # keys for the template are: name, uuid, count. (string value) -#multi_instance_display_name_template=%(name)s-%(uuid)s +#multi_instance_display_name_template=%(name)s-%(count)d # Maximum number of devices that will result in a local image # being created on the hypervisor node. Setting this to 0 @@ -847,7 +753,7 @@ osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # Generate periodic compute.instance.exists notifications # (boolean value) -instance_usage_audit=True +#instance_usage_audit=false # Number of 1 second retries needed in live_migration (integer # value) @@ -861,6 +767,10 @@ instance_usage_audit=True # (integer value) #network_allocate_retries=0 +# Maximum number of instance builds to run concurrently +# (integer value) +#max_concurrent_builds=10 + # Number of times to retry block device allocation on failures # (integer value) #block_device_allocate_retries=60 @@ -871,17 +781,15 @@ instance_usage_audit=True # Interval to pull network bandwidth usage info. Not supported # on all hypervisors. Set to -1 to disable. Setting this to 0 -# will disable, but this will change in the K release to mean -# "run at the default rate". (integer value) +# will run at the default rate. (integer value) #bandwidth_poll_interval=600 # Interval to sync power states between the database and the -# hypervisor. Set to -1 to disable. Setting this to 0 will -# disable, but this will change in Juno to mean "run at the -# default rate". (integer value) +# hypervisor. Set to -1 to disable. Setting this to 0 will run +# at the default rate. (integer value) #sync_power_state_interval=600 -# Number of seconds between instance info_cache self healing +# Number of seconds between instance network information cache # updates (integer value) #heal_instance_info_cache_interval=60 @@ -894,9 +802,8 @@ instance_usage_audit=True #volume_usage_poll_interval=0 # Interval in seconds for polling shelved instances to -# offload. Set to -1 to disable.Setting this to 0 will -# disable, but this will change in Juno to mean "run at the -# default rate". (integer value) +# offload. Set to -1 to disable.Setting this to 0 will run at +# the default rate. (integer value) #shelved_poll_interval=3600 # Time in seconds before a shelved instance is eligible for @@ -905,16 +812,24 @@ instance_usage_audit=True #shelved_offload_time=0 # Interval in seconds for retrying failed instance file -# deletes (integer value) +# deletes. Set to -1 to disable. Setting this to 0 will run at +# the default rate. (integer value) #instance_delete_interval=300 # Waiting time interval (seconds) between block device # allocation retries on failures (integer value) #block_device_allocate_retries_interval=3 -# Action to take if a running deleted instance is -# detected.Valid options are 'noop', 'log', 'shutdown', or -# 'reap'. Set to 'noop' to take no action. (string value) +# Waiting time interval (seconds) between sending the +# scheduler a list of current instance UUIDs to verify that +# its view of instances is in sync with nova. If the CONF +# option `scheduler_tracks_instance_changes` is False, +# changing this option will have no effect. (integer value) +#scheduler_instance_sync_interval=120 + +# Action to take if a running deleted instance is detected. +# Valid options are 'noop', 'log', 'shutdown', or 'reap'. Set +# to 'noop' to take no action. (string value) #running_deleted_instance_action=reap # Number of seconds to wait between runs of the cleanup task. @@ -932,7 +847,8 @@ instance_usage_audit=True #reboot_timeout=0 # Amount of time in seconds an instance can be in BUILD before -# going into ERROR status.Set to 0 to disable. (integer value) +# going into ERROR status. Set to 0 to disable. (integer +# value) #instance_build_timeout=0 # Automatically unrescue an instance after N seconds. Set to 0 @@ -970,7 +886,7 @@ instance_usage_audit=True # Amount of memory in MB to reserve for the host (integer # value) -reserved_host_memory_mb={{ RESERVED_HOST_MEMORY_MB }} +#reserved_host_memory_mb=512 # Class that will manage stats for the local compute host # (string value) @@ -1021,18 +937,6 @@ reserved_host_memory_mb={{ RESERVED_HOST_MEMORY_MB }} # -# Options defined in nova.console.vmrc -# - -# DEPRECATED. Port for VMware VMRC connections (integer value) -#console_vmrc_port=443 - -# DEPRECATED. Number of retries for retrieving VMRC -# information (integer value) -#console_vmrc_error_retries=10 - - -# # Options defined in nova.console.xvp # @@ -1078,11 +982,11 @@ reserved_host_memory_mb={{ RESERVED_HOST_MEMORY_MB }} # Template string to be used to generate instance names # (string value) -instance_name_template=instance-%08x +#instance_name_template=instance-%08x # Template string to be used to generate snapshot names # (string value) -snapshot_name_template=snapshot-%s +#snapshot_name_template=snapshot-%s # @@ -1146,7 +1050,7 @@ snapshot_name_template=snapshot-%s # The full class name of the network API class to use (string # value) -network_api_class=nova.network.neutronv2.api.API +#network_api_class=nova.network.api.API # @@ -1251,7 +1155,7 @@ network_api_class=nova.network.neutronv2.api.API # servers. (boolean value) #use_network_dns_servers=false -# A list of dmz range that should be accepted (list value) +# A list of dmz ranges that should be accepted (list value) #dmz_cidr= # Traffic to this range will always be snatted to the fallback @@ -1264,7 +1168,7 @@ network_api_class=nova.network.neutronv2.api.API #dnsmasq_config_file= # Driver used to create ethernet devices. (string value) -linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver +#linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver # Name of Open vSwitch bridge used with linuxnet (string # value) @@ -1291,12 +1195,12 @@ linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver # The port for the metadata API port (integer value) #metadata_port=8775 -# Regular expression to match iptables rule that should always -# be on the top. (string value) +# Regular expression to match the iptables rule that should +# always be on the top. (string value) #iptables_top_regex= -# Regular expression to match iptables rule that should always -# be on the bottom. (string value) +# Regular expression to match the iptables rule that should +# always be on the bottom. (string value) #iptables_bottom_regex= # The table that iptables to jump to when a packet is to be @@ -1312,6 +1216,14 @@ linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver # value) #fake_network=false +# Number of times to retry ebtables commands on failure. +# (integer value) +#ebtables_exec_attempts=3 + +# Number of seconds to wait between ebtables retries. +# (floating point value) +#ebtables_retry_interval=1.0 + # # Options defined in nova.network.manager @@ -1416,7 +1328,7 @@ linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver # # The full class name of the security API class (string value) -security_group_api=neutron +#security_group_api=nova # @@ -1450,156 +1362,91 @@ security_group_api=neutron # -# Options defined in nova.openstack.common.eventlet_backdoor +# From oslo.log # -# Enable eventlet backdoor. Acceptable values are 0, <port>, -# and <start>:<end>, where 0 results in listening on a random -# tcp port number; <port> results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port=<None> - - -# -# Options defined in nova.openstack.common.lockutils -# - -# Enables or disables inter-process locks. (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. (string value) -lock_path=/var/lock/nova - - -# -# Options defined in nova.openstack.common.log -# - -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " +# Print debugging output (set logging level to DEBUG instead of default WARNING +# level). (boolean value) +#debug = false -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " +# Print more verbose output (set logging level to INFO instead of default +# WARNING level). (boolean value) +#verbose = false -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. (string value) +# The name of a logging configuration file. This file is appended to any +# existing logging configuration files. For details about logging configuration +# files, see the Python logging module documentation. (string value) # Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> +#log_config_append = <None> -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format=<None> +# DEPRECATED. A logging.Formatter log message format string which may use any +# of the available logging.LogRecord attributes. This option is deprecated. +# Please use logging_context_format_string and logging_default_format_string +# instead. (string value) +#log_format = <None> -# Format string for %%(asctime)s in log records. Default: -# %(default)s . (string value) -#log_date_format=%Y-%m-%d %H:%M:%S +# Format string for %%(asctime)s in log records. Default: %(default)s . (string +# value) +#log_date_format = %Y-%m-%d %H:%M:%S -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) +# (Optional) Name of log file to output to. If no default is set, logging will +# go to stdout. (string value) # Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> +#log_file = <None> -# (Optional) The base directory used for relative --log-file -# paths. (string value) +# (Optional) The base directory used for relative --log-file paths. (string +# value) # Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> +#log_dir = <None> -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and will change in J to honor RFC5424. (boolean -# value) -use_syslog=True +# Use syslog for logging. Existing syslog format is DEPRECATED during I, and +# will change in J to honor RFC5424. (boolean value) +#use_syslog = false -# (Optional) Enables or disables syslog rfc5424 format for -# logging. If enabled, prefixes the MSG part of the syslog -# message with APP-NAME (RFC5424). The format without the APP- -# NAME is deprecated in I, and will be removed in J. (boolean -# value) -#use_syslog_rfc_format=false +# (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, +# prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The +# format without the APP-NAME is deprecated in I, and will be removed in J. +# (boolean value) +#use_syslog_rfc_format = false # Syslog facility to receive log lines. (string value) -#syslog_log_facility=LOG_USER +#syslog_log_facility = LOG_USER +# Log output to standard error. (boolean value) +#use_stderr = true -# -# Options defined in nova.openstack.common.memorycache -# +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s -# Memcached servers or None for in process cache. (list value) -#memcached_servers=<None> +# Format string to use for log messages without context. (string value) +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d -# -# Options defined in nova.openstack.common.periodic_task -# +# Prefix each line of exception output with this format. (string value) +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s -# Some periodic tasks can be run in a separate process. Should -# we run them here? (boolean value) -#run_external_periodic_tasks=true +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN +# Enables or disables publication of error events. (boolean value) +#publish_errors = false -# -# Options defined in nova.openstack.common.policy -# +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false -# The JSON file that defines policies. (string value) -#policy_file=policy.json +# The format for an instance that is passed with the log message. (string +# value) +#instance_format = "[instance: %(uuid)s] " -# Default rule. Enforced when a requested rule is not found. -# (string value) -#policy_default_rule=default +# The format for an instance UUID that is passed with the log message. (string +# value) +#instance_uuid_format = "[instance: %(uuid)s] " # -# Options defined in nova.pci.pci_request +# Options defined in nova.pci.request # # An alias for a PCI passthrough device requirement. This @@ -1613,7 +1460,7 @@ use_syslog=True # -# Options defined in nova.pci.pci_whitelist +# Options defined in nova.pci.whitelist # # White list of PCI devices available to VMs. For example: @@ -1627,7 +1474,7 @@ use_syslog=True # # The scheduler host manager class to use (string value) -scheduler_host_manager={{ SCHEDULER_HOST_MANAGER }} +#scheduler_host_manager=nova.scheduler.host_manager.HostManager # @@ -1719,7 +1566,7 @@ scheduler_host_manager={{ SCHEDULER_HOST_MANAGER }} # for RamFilter. For AggregateRamFilter, it will fall back to # this configuration value if no per-aggregate setting found. # (floating point value) -ram_allocation_ratio={{ RAM_ALLOCATION_RATIO }} +#ram_allocation_ratio=1.5 # @@ -1728,18 +1575,22 @@ ram_allocation_ratio={{ RAM_ALLOCATION_RATIO }} # Filter classes available to the scheduler which may be # specified more than once. An entry of -# "nova.scheduler.filters.standard_filters" maps to all -# filters included with nova. (multi valued) +# "nova.scheduler.filters.all_filters" maps to all filters +# included with nova. (multi valued) #scheduler_available_filters=nova.scheduler.filters.all_filters # Which filter class names to use for filtering hosts when not # specified in the request. (list value) -scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter +#scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter # Which weight class names to use for weighing hosts (list # value) #scheduler_weight_classes=nova.scheduler.weights.all_weighers +# Determines if the Scheduler tracks changes to instances to +# help with its filtering decisions. (boolean value) +#scheduler_tracks_instance_changes=true + # # Options defined in nova.scheduler.ironic_host_manager @@ -1759,7 +1610,7 @@ scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFi # # Default driver to use for the scheduler (string value) -scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler +#scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # How often (in seconds) to run periodic tasks in the # scheduler driver of your choice. Please note this is likely @@ -1796,6 +1647,16 @@ scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # +# Options defined in nova.scheduler.weights.io_ops +# + +# Multiplier used for weighing host io ops. Negative numbers +# mean a preference to choose light workload compute hosts. +# (floating point value) +#io_ops_weight_multiplier=-1.0 + + +# # Options defined in nova.scheduler.weights.ram # @@ -1821,12 +1682,9 @@ scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # (string value) #config_drive_format=iso9660 -# DEPRECATED (not needed any more): Where to put temporary -# files associated with config drive creation (string value) -#config_drive_tempdir=<None> - -# Set to force injection to take place on a config drive (if -# set, valid options are: always) (string value) +# Set to "always" to force injection to take place on a config +# drive. NOTE: The "always" will be deprecated in the Liberty +# release cycle. (string value) #force_config_drive=<None> # Name and optionally path of the tool used for ISO image @@ -1867,7 +1725,7 @@ scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # include: libvirt.LibvirtDriver, xenapi.XenAPIDriver, # fake.FakeDriver, baremetal.BareMetalDriver, # vmwareapi.VMwareVCDriver, hyperv.HyperVDriver (string value) -compute_driver={{ COMPUTE_DRIVER }} +#compute_driver=<None> # The default format an ephemeral_volume will be formatted # with on creation. (string value) @@ -1898,7 +1756,7 @@ compute_driver={{ COMPUTE_DRIVER }} # Firewall driver (defaults to hypervisor specific iptables # driver) (string value) -firewall_driver=nova.virt.firewall.NoopFirewallDriver +#firewall_driver=<None> # Whether to allow network traffic from same network (boolean # value) @@ -1919,9 +1777,8 @@ firewall_driver=nova.virt.firewall.NoopFirewallDriver # # Number of seconds to wait between runs of the image cache -# manager. Set to -1 to disable. Setting this to 0 will -# disable, but this will change in the K release to mean "run -# at the default rate". (integer value) +# manager. Set to -1 to disable. Setting this to 0 will run at +# the default rate. (integer value) #image_cache_manager_interval=2400 # Where cached images are stored under $instances_path. This @@ -1959,7 +1816,7 @@ firewall_driver=nova.virt.firewall.NoopFirewallDriver # Location of VNC console proxy, in the form # "http://127.0.0.1:6080/vnc_auto.html" (string value) -novncproxy_base_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6080/vnc_auto.html +#novncproxy_base_url=http://127.0.0.1:6080/vnc_auto.html # Location of nova xvp VNC console proxy, in the form # "http://127.0.0.1:6081/console" (string value) @@ -1967,17 +1824,17 @@ novncproxy_base_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6080/vnc_auto.h # IP address on which instance vncservers should listen # (string value) -vncserver_listen=0.0.0.0 +#vncserver_listen=127.0.0.1 # The address to which proxy clients (like nova-xvpvncproxy) # should connect (string value) -vncserver_proxyclient_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +#vncserver_proxyclient_address=127.0.0.1 # Enable VNC related features (boolean value) -vnc_enabled=true +#vnc_enabled=true # Keymap for VNC (string value) -vnc_keymap=en-us +#vnc_keymap=en-us # @@ -2000,169 +1857,140 @@ vnc_keymap=en-us #volume_api_class=nova.volume.cinder.API -[baremetal] - # -# Options defined in nova.virt.baremetal.db.api +# Options defined in nova.openstack.common.eventlet_backdoor # -# The backend to use for bare-metal database (string value) -#db_backend=sqlalchemy +# Enable eventlet backdoor. Acceptable values are 0, <port>, +# and <start>:<end>, where 0 results in listening on a random +# tcp port number; <port> results in listening on the +# specified port number (and not enabling backdoor if that +# port is in use); and <start>:<end> results in listening on +# the smallest unused port number within the specified range +# of port numbers. The chosen port is displayed in the +# service's log file. (string value) +#backdoor_port=<None> # -# Options defined in nova.virt.baremetal.db.sqlalchemy.session +# Options defined in nova.openstack.common.memorycache # -# The SQLAlchemy connection string used to connect to the -# bare-metal database (string value) -#sql_connection=sqlite:///$state_path/baremetal_nova.sqlite +# Memcached servers or None for in process cache. (list value) +#memcached_servers=<None> # -# Options defined in nova.virt.baremetal.driver +# Options defined in nova.openstack.common.periodic_task # -# Baremetal VIF driver. (string value) -#vif_driver=nova.virt.baremetal.vif_driver.BareMetalVIFDriver - -# Baremetal volume driver. (string value) -#volume_driver=nova.virt.baremetal.volume_driver.LibvirtVolumeDriver - -# A list of additional capabilities corresponding to -# flavor_extra_specs for this compute host to advertise. Valid -# entries are name=value, pairs For example, "key1:val1, -# key2:val2" (list value) -#flavor_extra_specs= - -# Baremetal driver back-end (pxe or tilera) (string value) -#driver=nova.virt.baremetal.pxe.PXE - -# Baremetal power management method (string value) -#power_manager=nova.virt.baremetal.ipmi.IPMI - -# Baremetal compute node's tftp root path (string value) -#tftp_root=/tftpboot +# Some periodic tasks can be run in a separate process. Should +# we run them here? (boolean value) +#run_external_periodic_tasks=true # -# Options defined in nova.virt.baremetal.ipmi +# Options defined in nova.openstack.common.policy # -# Path to baremetal terminal program (string value) -#terminal=shellinaboxd - -# Path to baremetal terminal SSL cert(PEM) (string value) -#terminal_cert_dir=<None> +# The JSON file that defines policies. (string value) +#policy_file=policy.json -# Path to directory stores pidfiles of baremetal_terminal +# Default rule. Enforced when a requested rule is not found. # (string value) -#terminal_pid_dir=$state_path/baremetal/console +#policy_default_rule=default -# Maximal number of retries for IPMI operations (integer -# value) -#ipmi_power_retry=10 +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. The +# file defined by policy_file must exist for these directories +# to be searched. Missing or empty directories are ignored. +# (multi valued) +#policy_dirs=policy.d # -# Options defined in nova.virt.baremetal.pxe +# Options defined in nova.openstack.common.versionutils # -# Default kernel image ID used in deployment phase (string +# Enables or disables fatal status of deprecations. (boolean # value) -#deploy_kernel=<None> +#fatal_deprecations=false -# Default ramdisk image ID used in deployment phase (string -# value) -#deploy_ramdisk=<None> -# Template file for injected network config (string value) -#net_config_template=$pybasedir/nova/virt/baremetal/net-dhcp.ubuntu.template +[api_database] -# Additional append parameters for baremetal PXE boot (string -# value) -#pxe_append_params=nofb nomodeset vga=normal +# +# Options defined in nova.db.sqlalchemy.api +# -# Template file for PXE configuration (string value) -#pxe_config_template=$pybasedir/nova/virt/baremetal/pxe_config.template +# The SQLAlchemy connection string to use to connect to the +# Nova API database. (string value) +#connection=<None> -# If True, enable file injection for network info, files and -# admin password (boolean value) -#use_file_injection=false +# If True, SQLite uses synchronous mode. (boolean value) +#sqlite_synchronous=true -# Timeout for PXE deployments. Default: 0 (unlimited) (integer +# Timeout before idle SQL connections are reaped. (integer # value) -#pxe_deploy_timeout=0 - -# If set, pass the network configuration details to the -# initramfs via cmdline. (boolean value) -#pxe_network_config=false - -# This gets passed to Neutron as the bootfile dhcp parameter. -# (string value) -#pxe_bootfile_name=pxelinux.0 +#idle_timeout=3600 +# Maximum number of SQL connections to keep open in a pool. +# (integer value) +#max_pool_size=<None> -# -# Options defined in nova.virt.baremetal.tilera_pdu -# +# Maximum number of database connection retries during +# startup. Set to -1 to specify an infinite retry count. +# (integer value) +#max_retries=10 -# IP address of tilera pdu (string value) -#tile_pdu_ip=10.0.100.1 +# Interval between retries of opening a SQL connection. +# (integer value) +#retry_interval=10 -# Management script for tilera pdu (string value) -#tile_pdu_mgr=/tftpboot/pdu_mgr +# If set, use this value for max_overflow with SQLAlchemy. +# (integer value) +#max_overflow=<None> -# Power status of tilera PDU is OFF (integer value) -#tile_pdu_off=2 +# Verbosity of SQL debugging information: 0=None, +# 100=Everything. (integer value) +#connection_debug=0 -# Power status of tilera PDU is ON (integer value) -#tile_pdu_on=1 +# Add Python stack traces to SQL as comment strings. (boolean +# value) +#connection_trace=false -# Power status of tilera PDU (integer value) -#tile_pdu_status=9 +# If set, use this value for pool_timeout with SQLAlchemy. +# (integer value) +#pool_timeout=<None> -# Wait time in seconds until check the result after tilera -# power operations (integer value) -#tile_power_wait=9 +[barbican] # -# Options defined in nova.virt.baremetal.virtual_power_driver +# Options defined in nova.keymgr.barbican # -# IP or name to virtual power host (string value) -#virtual_power_ssh_host= - -# Port to use for ssh to virtual power host (integer value) -#virtual_power_ssh_port=22 - -# Base command to use for virtual power(vbox, virsh) (string -# value) -#virtual_power_type=virsh - -# User to execute virtual power commands as (string value) -#virtual_power_host_user= +# Info to match when looking for barbican in the service +# catalog. Format is: separated values of the form: +# <service_type>:<service_name>:<endpoint_type> (string value) +#catalog_info=key-manager:barbican:public -# Password for virtual power host_user (string value) -#virtual_power_host_pass= +# Override service catalog lookup with template for barbican +# endpoint e.g. http://localhost:9311/v1/%(project_id)s +# (string value) +#endpoint_template=<None> -# The ssh key for virtual power host_user (string value) -#virtual_power_host_key=<None> +# Region name of this node (string value) +#os_region_name=<None> # -# Options defined in nova.virt.baremetal.volume_driver +# Options defined in nova.volume.cinder # -# Do not set this out of dev/test environments. If a node does -# not have a fixed PXE IP address, volumes are exported with -# globally opened ACL (boolean value) -#use_unsafe_iscsi=false - -# The iSCSI IQN prefix used in baremetal volume connections. -# (string value) -#iscsi_iqn_prefix=iqn.2010-10.org.openstack.baremetal +# Region name of this node (string value) +#os_region_name=<None> [cells] @@ -2321,41 +2149,19 @@ vnc_keymap=en-us # Info to match when looking for cinder in the service # catalog. Format is: separated values of the form: # <service_type>:<service_name>:<endpoint_type> (string value) -# Deprecated group/name - [DEFAULT]/cinder_catalog_info -#catalog_info=volume:cinder:publicURL +#catalog_info=volumev2:cinderv2:publicURL # Override service catalog lookup with template for cinder # endpoint e.g. http://localhost:8776/v1/%(project_id)s # (string value) -# Deprecated group/name - [DEFAULT]/cinder_endpoint_template #endpoint_template=<None> -# Region name of this node (string value) -# Deprecated group/name - [DEFAULT]/os_region_name -#os_region_name=<None> - -# Location of ca certificates file to use for cinder client -# requests. (string value) -# Deprecated group/name - [DEFAULT]/cinder_ca_certificates_file -#ca_certificates_file=<None> - # Number of cinderclient retries on failed http calls (integer # value) -# Deprecated group/name - [DEFAULT]/cinder_http_retries #http_retries=3 -# HTTP inactivity timeout (in seconds) (integer value) -# Deprecated group/name - [DEFAULT]/cinder_http_timeout -#http_timeout=<None> - -# Allow to perform insecure SSL requests to cinder (boolean -# value) -# Deprecated group/name - [DEFAULT]/cinder_api_insecure -#api_insecure=false - # Allow attach between instance and volume in different # availability zones. (boolean value) -# Deprecated group/name - [DEFAULT]/cinder_cross_az_attach #cross_az_attach=true @@ -2366,7 +2172,7 @@ vnc_keymap=en-us # # Perform nova-conductor operations locally (boolean value) -use_local=true +#use_local=false # The topic on which conductor nodes listen (string value) #topic=conductor @@ -2380,6 +2186,122 @@ use_local=true #workers=<None> +[database] + +# +# From oslo.db +# + +# The file name to use with SQLite. (string value) +# Deprecated group/name - [DEFAULT]/sqlite_db +#sqlite_db = oslo.sqlite + +# If True, SQLite uses synchronous mode. (boolean value) +# Deprecated group/name - [DEFAULT]/sqlite_synchronous +#sqlite_synchronous = true + +# The back end to use for the database. (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend = sqlalchemy + +# The SQLAlchemy connection string to use to connect to the database. (string +# value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +#connection = <None> + +# The SQLAlchemy connection string to use to connect to the slave database. +# (string value) +#slave_connection = <None> + +# The SQL mode to be used for MySQL sessions. This option, including the +# default, overrides any server-set SQL mode. To use whatever SQL mode is set +# by the server configuration, set this to no value. Example: mysql_sql_mode= +# (string value) +#mysql_sql_mode = TRADITIONAL + +# Timeout before idle SQL connections are reaped. (integer value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout = 3600 + +# Minimum number of SQL connections to keep open in a pool. (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size = <None> + +# Maximum number of database connection retries during startup. Set to -1 to +# specify an infinite retry count. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries = 10 + +# Interval between retries of opening a SQL connection. (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval = 10 + +# If set, use this value for max_overflow with SQLAlchemy. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow = <None> + +# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug = 0 + +# Add Python stack traces to SQL as comment strings. (boolean value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace = false + +# If set, use this value for pool_timeout with SQLAlchemy. (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout = <None> + +# Enable the experimental use of database reconnect on connection lost. +# (boolean value) +#use_db_reconnect = false + +# Seconds between retries of a database transaction. (integer value) +#db_retry_interval = 1 + +# If True, increases the interval between retries of a database operation up to +# db_max_retry_interval. (boolean value) +#db_inc_retry_interval = true + +# If db_inc_retry_interval is set, the maximum seconds between retries of a +# database operation. (integer value) +#db_max_retry_interval = 10 + +# Maximum retries in case of connection error or deadlock error before error is +# raised. Set to -1 to specify an infinite retry count. (integer value) +#db_max_retries = 20 + + +# +# Options defined in nova.db.sqlalchemy.api +# + +# The SQLAlchemy connection string to use to connect to the +# slave database. (string value) +#slave_connection=<None> + +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode=TRADITIONAL + + [ephemeral_storage_encryption] # @@ -2408,32 +2330,26 @@ use_local=true # # Default glance hostname or IP address (string value) -# Deprecated group/name - [DEFAULT]/glance_host -host={{ CONTROLLER_HOST_ADDRESS }} +#host=$my_ip # Default glance port (integer value) -# Deprecated group/name - [DEFAULT]/glance_port -port=9292 +#port=9292 # Default protocol to use when connecting to glance. Set to # https for SSL. (string value) -# Deprecated group/name - [DEFAULT]/glance_protocol -protocol=http +#protocol=http # A list of the glance api servers available to nova. Prefix # with https:// for ssl-based glance api servers. # ([hostname|ip]:port) (list value) -# Deprecated group/name - [DEFAULT]/glance_api_servers -api_servers=$host:$port +#api_servers=<None> # Allow to perform insecure SSL (https) requests to glance # (boolean value) -# Deprecated group/name - [DEFAULT]/glance_api_insecure #api_insecure=false -# Number of retries when downloading an image from glance -# (integer value) -# Deprecated group/name - [DEFAULT]/glance_num_retries +# Number of retries when uploading / downloading an image to / +# from glance. (integer value) #num_retries=0 # A list of url scheme that can be downloaded directly via the @@ -2442,6 +2358,16 @@ api_servers=$host:$port #allowed_direct_url_schemes= +[guestfs] + +# +# Options defined in nova.virt.disk.vfs.guestfs +# + +# Enable guestfs debug (boolean value) +#debug=false + + [hyperv] # @@ -2559,27 +2485,28 @@ api_servers=$host:$port #api_version=1 # URL for Ironic API endpoint. (string value) -api_endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:6385/v1 +#api_endpoint=<None> # Ironic keystone admin name (string value) -admin_username={{ IRONIC_SERVICE_USER }} +#admin_username=<None> # Ironic keystone admin password. (string value) -admin_password={{ IRONIC_SERVICE_PASSWORD }} +#admin_password=<None> # Ironic keystone auth token. (string value) #admin_auth_token=<None> # Keystone public API endpoint. (string value) -admin_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 +#admin_url=<None> # Log level override for ironicclient. Set this in order to # override the global "default_log_levels", "verbose", and -# "debug" settings. (string value) +# "debug" settings. DEPRECATED: use standard logging +# configuration. (string value) #client_log_level=<None> # Ironic keystone tenant name. (string value) -admin_tenant_name=service +#admin_tenant_name=<None> # How many retries when a request does conflict. (integer # value) @@ -2613,182 +2540,161 @@ admin_tenant_name=service [keystone_authtoken] # -# Options defined in keystonemiddleware.auth_token +# From keystonemiddleware.auth_token # -# Prefix to prepend at the beginning of the path. Deprecated, -# use identity_uri. (string value) -#auth_admin_prefix= - -# Host providing the admin Identity API endpoint. Deprecated, -# use identity_uri. (string value) -#auth_host=127.0.0.1 - -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -auth_port=35357 - -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -auth_protocol=http +# Complete public Identity API endpoint. (string value) +#auth_uri = <None> -# Complete public Identity API endpoint (string value) -auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +# API version of the admin Identity API endpoint. (string value) +#auth_version = <None> -# Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint e.g. https://localhost:35357/ -# (string value) -identity_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +# Do not handle authorization requests within the middleware, but delegate the +# authorization decision to downstream WSGI components. (boolean value) +#delay_auth_decision = false -# API version of the admin Identity API endpoint (string +# Request timeout value for communicating with Identity API server. (integer # value) -auth_version=v2.0 - -# Do not handle authorization requests within the middleware, -# but delegate the authorization decision to downstream WSGI -# components (boolean value) -#delay_auth_decision=false - -# Request timeout value for communicating with Identity API -# server. (boolean value) -#http_connect_timeout=<None> - -# How many times are we trying to reconnect when communicating -# with Identity API Server. (integer value) -#http_request_max_retries=3 +#http_connect_timeout = <None> -# This option is deprecated and may be removed in a future -# release. Single shared secret with the Keystone -# configuration used for bootstrapping a Keystone -# installation, or otherwise bypassing the normal -# authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token=<None> +# How many times are we trying to reconnect when communicating with Identity +# API Server. (integer value) +#http_request_max_retries = 3 -# Keystone account username (string value) -admin_user={{ NOVA_SERVICE_USER }} +# Env key for the swift cache. (string value) +#cache = <None> -# Keystone account password (string value) -admin_password={{ NOVA_SERVICE_PASSWORD }} +# Required if identity server requires client certificate (string value) +#certfile = <None> -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name=service - -# Env key for the swift cache (string value) -#cache=<None> +# Required if identity server requires client certificate (string value) +#keyfile = <None> -# Required if Keystone server requires client certificate -# (string value) -#certfile=<None> - -# Required if Keystone server requires client certificate -# (string value) -#keyfile=<None> - -# A PEM encoded Certificate Authority to use when verifying -# HTTPs connections. Defaults to system CAs. (string value) -#cafile=<None> +# A PEM encoded Certificate Authority to use when verifying HTTPs connections. +# Defaults to system CAs. (string value) +#cafile = <None> # Verify HTTPS connections. (boolean value) -#insecure=false +#insecure = false -# Directory used to cache files related to PKI tokens (string -# value) -#signing_dir=<None> +# Directory used to cache files related to PKI tokens. (string value) +#signing_dir = <None> -# Optionally specify a list of memcached server(s) to use for -# caching. If left undefined, tokens will instead be cached -# in-process. (list value) +# Optionally specify a list of memcached server(s) to use for caching. If left +# undefined, tokens will instead be cached in-process. (list value) # Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers=<None> +#memcached_servers = <None> -# In order to prevent excessive effort spent validating -# tokens, the middleware caches previously-seen tokens for a -# configurable duration (in seconds). Set to -1 to disable -# caching completely. (integer value) -#token_cache_time=300 +# In order to prevent excessive effort spent validating tokens, the middleware +# caches previously-seen tokens for a configurable duration (in seconds). Set +# to -1 to disable caching completely. (integer value) +#token_cache_time = 300 -# Determines the frequency at which the list of revoked tokens -# is retrieved from the Identity service (in seconds). A high -# number of revocation events combined with a low cache -# duration may significantly reduce performance. (integer -# value) -#revocation_cache_time=10 +# Determines the frequency at which the list of revoked tokens is retrieved +# from the Identity service (in seconds). A high number of revocation events +# combined with a low cache duration may significantly reduce performance. +# (integer value) +#revocation_cache_time = 10 -# (optional) if defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable -# values are MAC or ENCRYPT. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token -# data is encrypted and authenticated in the cache. If the -# value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -#memcache_security_strategy=<None> +# (Optional) If defined, indicate whether token data should be authenticated or +# authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, +# token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data +# is encrypted and authenticated in the cache. If the value is not one of these +# options or empty, auth_token will raise an exception on initialization. +# (string value) +#memcache_security_strategy = <None> + +# (Optional, mandatory if memcache_security_strategy is defined) This string is +# used for key derivation. (string value) +#memcache_secret_key = <None> + +# (Optional) Number of seconds memcached server is considered dead before it is +# tried again. (integer value) +#memcache_pool_dead_retry = 300 + +# (Optional) Maximum total number of open connections to every memcached +# server. (integer value) +#memcache_pool_maxsize = 10 + +# (Optional) Socket timeout in seconds for communicating with a memcache +# server. (integer value) +#memcache_pool_socket_timeout = 3 + +# (Optional) Number of seconds a connection to memcached is held unused in the +# pool before it is closed. (integer value) +#memcache_pool_unused_timeout = 60 + +# (Optional) Number of seconds that an operation will wait to get a memcache +# client connection from the pool. (integer value) +#memcache_pool_conn_get_timeout = 10 + +# (Optional) Use the advanced (eventlet safe) memcache client pool. The +# advanced pool will only work under python 2.x. (boolean value) +#memcache_use_advanced_pool = false + +# (Optional) Indicate whether to set the X-Service-Catalog header. If False, +# middleware will not ask for service catalog on token validation and will not +# set the X-Service-Catalog header. (boolean value) +#include_service_catalog = true + +# Used to control the use and type of token binding. Can be set to: "disabled" +# to not check token binding. "permissive" (default) to validate binding +# information if the bind type is of a form known to the server and ignore it +# if not. "strict" like "permissive" but if the bind type is unknown the token +# will be rejected. "required" any form of token binding is needed to be +# allowed. Finally the name of a binding method that must be present in tokens. +# (string value) +#enforce_token_bind = permissive + +# If true, the revocation list will be checked for cached tokens. This requires +# that PKI tokens are configured on the identity server. (boolean value) +#check_revocations_for_cached = false + +# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm +# or multiple. The algorithms are those supported by Python standard +# hashlib.new(). The hashes will be tried in the order given, so put the +# preferred one first for performance. The result of the first hash will be +# stored in the cache. This will typically be set to multiple values only while +# migrating from a less secure algorithm to a more secure one. Once all the old +# tokens are expired this option should be set to a single value for better +# performance. (list value) +#hash_algorithms = md5 + +# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. +# (string value) +#auth_admin_prefix = -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string -# value) -#memcache_secret_key=<None> +# Host providing the admin Identity API endpoint. Deprecated, use identity_uri. +# (string value) +#auth_host = 127.0.0.1 -# (optional) number of seconds memcached server is considered -# dead before it is tried again. (integer value) -#memcache_pool_dead_retry=300 +# Port of the admin Identity API endpoint. Deprecated, use identity_uri. +# (integer value) +#auth_port = 35357 -# (optional) max total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize=10 +# Protocol of the admin Identity API endpoint (http or https). Deprecated, use +# identity_uri. (string value) +#auth_protocol = https -# (optional) socket timeout in seconds for communicating with -# a memcache server. (integer value) -#memcache_pool_socket_timeout=3 +# Complete admin Identity API endpoint. This should specify the unversioned +# root endpoint e.g. https://localhost:35357/ (string value) +#identity_uri = <None> -# (optional) number of seconds a connection to memcached is -# held unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout=60 +# This option is deprecated and may be removed in a future release. Single +# shared secret with the Keystone configuration used for bootstrapping a +# Keystone installation, or otherwise bypassing the normal authentication +# process. This option should not be used, use `admin_user` and +# `admin_password` instead. (string value) +#admin_token = <None> -# (optional) number of seconds that an operation will wait to -# get a memcache client connection from the pool. (integer -# value) -#memcache_pool_conn_get_timeout=10 +# Service username. (string value) +#admin_user = <None> -# (optional) use the advanced (eventlet safe) memcache client -# pool. The advanced pool will only work under python 2.x. -# (boolean value) -#memcache_use_advanced_pool=false - -# (optional) indicate whether to set the X-Service-Catalog -# header. If False, middleware will not ask for service -# catalog on token validation and will not set the X-Service- -# Catalog header. (boolean value) -#include_service_catalog=true - -# Used to control the use and type of token binding. Can be -# set to: "disabled" to not check token binding. "permissive" -# (default) to validate binding information if the bind type -# is of a form known to the server and ignore it if not. -# "strict" like "permissive" but if the bind type is unknown -# the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string -# value) -#enforce_token_bind=permissive - -# If true, the revocation list will be checked for cached -# tokens. This requires that PKI tokens are configured on the -# Keystone server. (boolean value) -#check_revocations_for_cached=false - -# Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those -# supported by Python standard hashlib.new(). The hashes will -# be tried in the order given, so put the preferred one first -# for performance. The result of the first hash will be stored -# in the cache. This will typically be set to multiple values -# only while migrating from a less secure algorithm to a more -# secure one. Once all the old tokens are expired this option -# should be set to a single value for better performance. -# (list value) -#hash_algorithms=md5 +# Service user password. (string value) +#admin_password = <None> + +# Service tenant name. (string value) +#admin_tenant_name = admin [libvirt] @@ -2808,8 +2714,8 @@ admin_tenant_name=service #rescue_ramdisk_id=<None> # Libvirt domain type (valid options are: kvm, lxc, qemu, uml, -# xen) (string value) -virt_type={{ NOVA_VIRT_TYPE }} +# xen and parallels) (string value) +#virt_type=kvm # Override the default libvirt URI (which is dependent on # virt_type) (string value) @@ -2849,11 +2755,6 @@ virt_type={{ NOVA_VIRT_TYPE }} # vdi). Defaults to same as source image (string value) #snapshot_image_format=<None> -# DEPRECATED. Libvirt handlers for remote volumes. This option -# is deprecated and will be removed in the Kilo release. (list -# value) -#volume_drivers=iscsi=nova.virt.libvirt.volume.LibvirtISCSIVolumeDriver,iser=nova.virt.libvirt.volume.LibvirtISERVolumeDriver,local=nova.virt.libvirt.volume.LibvirtVolumeDriver,fake=nova.virt.libvirt.volume.LibvirtFakeVolumeDriver,rbd=nova.virt.libvirt.volume.LibvirtNetVolumeDriver,sheepdog=nova.virt.libvirt.volume.LibvirtNetVolumeDriver,nfs=nova.virt.libvirt.volume.LibvirtNFSVolumeDriver,aoe=nova.virt.libvirt.volume.LibvirtAOEVolumeDriver,glusterfs=nova.virt.libvirt.volume.LibvirtGlusterfsVolumeDriver,fibre_channel=nova.virt.libvirt.volume.LibvirtFibreChannelVolumeDriver,scality=nova.virt.libvirt.volume.LibvirtScalityVolumeDriver - # Override the default disk prefix for the devices attached to # a server, which is dependent on virt_type. (valid options # are: sd, xvd, uvd, vd) (string value) @@ -2939,14 +2840,6 @@ virt_type={{ NOVA_VIRT_TYPE }} # flag is set to True. (boolean value) #sparse_logical_volumes=false -# Method used to wipe old volumes (valid options are: none, -# zero, shred) (string value) -#volume_clear=zero - -# Size in MiB to wipe at start of old volumes. 0 => all -# (integer value) -#volume_clear_size=0 - # The RADOS pool in which rbd volumes are stored (string # value) #images_rbd_pool=rbd @@ -2986,6 +2879,19 @@ virt_type={{ NOVA_VIRT_TYPE }} # +# Options defined in nova.virt.libvirt.lvm +# + +# Method used to wipe old volumes (valid options are: none, +# zero, shred) (string value) +#volume_clear=zero + +# Size in MiB to wipe at start of old volumes. 0 => all +# (integer value) +#volume_clear_size=0 + + +# # Options defined in nova.virt.libvirt.utils # @@ -3027,10 +2933,19 @@ virt_type={{ NOVA_VIRT_TYPE }} # node (string value) #nfs_mount_point_base=$state_path/mnt -# Mount options passedf to the NFS client. See section of the +# Mount options passed to the NFS client. See section of the # nfs man page for details (string value) #nfs_mount_options=<None> +# Directory where the SMBFS shares are mounted on the compute +# node (string value) +#smbfs_mount_point_base=$state_path/mnt + +# Mount options passed to the SMBFS client. See mount.cifs man +# page for details. Note that the libvirt-qemu uid and gid +# must be specified. (string value) +#smbfs_mount_options= + # Number of times to rediscover AoE target to find volume # (integer value) #num_aoe_discover_tries=3 @@ -3056,32 +2971,20 @@ virt_type={{ NOVA_VIRT_TYPE }} # Currently supported protocols: [gluster] (list value) #qemu_allowed_storage_drivers= +# Directory where the Quobyte volume is mounted on the compute +# node (string value) +#quobyte_mount_point_base=$state_path/mnt -[matchmaker_redis] - -# -# Options defined in oslo.messaging -# - -# Host to locate redis. (string value) -#host=127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port=6379 - -# Password for Redis server (optional). (string value) -#password=<None> - - -[matchmaker_ring] - -# -# Options defined in oslo.messaging -# +# Path to a Quobyte Client configuration file. (string value) +#quobyte_client_cfg=<None> -# Matchmaker ring file (JSON). (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json +# The iSCSI transport iface to use to connect to target in +# case offload support is desired. Supported transports are +# be2iscsi, bnx2i, cxgb3i, cxgb4i, qla4xxx and ocs. Default +# format is transport_name.hwaddress and can be generated +# manually or via iscsiadm -m iface (string value) +# Deprecated group/name - [DEFAULT]/iscsi_transport +#iscsi_iface=<None> [metrics] @@ -3125,13 +3028,11 @@ virt_type={{ NOVA_VIRT_TYPE }} # Set flag to indicate Neutron will proxy metadata requests # and resolve instance ids. (boolean value) -# Deprecated group/name - [DEFAULT]/service_neutron_metadata_proxy -service_metadata_proxy=True +#service_metadata_proxy=false # Shared secret to validate proxies Neutron metadata requests # (string value) -# Deprecated group/name - [DEFAULT]/neutron_metadata_proxy_shared_secret -metadata_proxy_shared_secret={{ METADATA_PROXY_SHARED_SECRET }} +#metadata_proxy_shared_secret= # @@ -3139,76 +3040,64 @@ metadata_proxy_shared_secret={{ METADATA_PROXY_SHARED_SECRET }} # # URL for connecting to neutron (string value) -# Deprecated group/name - [DEFAULT]/neutron_url -url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 +#url=http://127.0.0.1:9696 -# Timeout value for connecting to neutron in seconds (integer -# value) -# Deprecated group/name - [DEFAULT]/neutron_url_timeout -#url_timeout=30 - -# User id for connecting to neutron in admin context (string -# value) +# User id for connecting to neutron in admin context. +# DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) #admin_user_id=<None> -# Username for connecting to neutron in admin context (string -# value) -# Deprecated group/name - [DEFAULT]/neutron_admin_username -admin_username={{ NEUTRON_SERVICE_USER }} +# Username for connecting to neutron in admin context +# DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) +#admin_username=<None> -# Password for connecting to neutron in admin context (string -# value) -# Deprecated group/name - [DEFAULT]/neutron_admin_password -admin_password={{ NEUTRON_SERVICE_PASSWORD }} +# Password for connecting to neutron in admin context +# DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) +#admin_password=<None> -# Tenant id for connecting to neutron in admin context (string -# value) -# Deprecated group/name - [DEFAULT]/neutron_admin_tenant_id +# Tenant id for connecting to neutron in admin context +# DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) #admin_tenant_id=<None> # Tenant name for connecting to neutron in admin context. This # option will be ignored if neutron_admin_tenant_id is set. # Note that with Keystone V3 tenant names are only unique -# within a domain. (string value) -# Deprecated group/name - [DEFAULT]/neutron_admin_tenant_name -admin_tenant_name=service +# within a domain. DEPRECATED: specify an auth_plugin and +# appropriate credentials instead. (string value) +#admin_tenant_name=<None> # Region name for connecting to neutron in admin context # (string value) -# Deprecated group/name - [DEFAULT]/neutron_region_name #region_name=<None> -# Authorization URL for connecting to neutron in admin context -# (string value) -# Deprecated group/name - [DEFAULT]/neutron_admin_auth_url -admin_auth_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - -# If set, ignore any SSL validation issues (boolean value) -# Deprecated group/name - [DEFAULT]/neutron_api_insecure -#api_insecure=false +# Authorization URL for connecting to neutron in admin +# context. DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) +#admin_auth_url=http://localhost:5000/v2.0 # Authorization strategy for connecting to neutron in admin -# context (string value) -# Deprecated group/name - [DEFAULT]/neutron_auth_strategy -auth_strategy=keystone +# context. DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. If an auth_plugin is specified strategy +# will be ignored. (string value) +#auth_strategy=keystone # Name of Integration Bridge used by Open vSwitch (string # value) -# Deprecated group/name - [DEFAULT]/neutron_ovs_bridge #ovs_bridge=br-int # Number of seconds before querying neutron for extensions # (integer value) -# Deprecated group/name - [DEFAULT]/neutron_extension_sync_interval #extension_sync_interval=600 -# Location of CA certificates file to use for neutron client -# requests. (string value) -# Deprecated group/name - [DEFAULT]/neutron_ca_certificates_file -#ca_certificates_file=<None> - -# Allow an instance to have multiple vNICs attached to the -# same Neutron network. (boolean value) +# DEPRECATED: Allow an instance to have multiple vNICs +# attached to the same Neutron network. This option is +# deprecated in the 2015.1 release and will be removed in the +# 2015.2 release where the default behavior will be to always +# allow multiple ports from the same network to be attached to +# an instance. (boolean value) #allow_duplicate_networks=false @@ -3252,7 +3141,7 @@ auth_strategy=keystone # # Host on which to listen for incoming requests (string value) -serialproxy_host=127.0.0.1 +#serialproxy_host=0.0.0.0 # Port on which to listen for incoming requests (integer # value) @@ -3264,7 +3153,7 @@ serialproxy_host=127.0.0.1 # # Enable serial console related features (boolean value) -enabled=false +#enabled=false # Range of TCP ports to use for serial ports on compute hosts # (string value) @@ -3289,12 +3178,10 @@ enabled=false # # Host on which to listen for incoming requests (string value) -# Deprecated group/name - [DEFAULT]/spicehtml5proxy_host #html5proxy_host=0.0.0.0 # Port on which to listen for incoming requests (integer # value) -# Deprecated group/name - [DEFAULT]/spicehtml5proxy_port #html5proxy_port=6082 @@ -3315,7 +3202,7 @@ enabled=false #server_proxyclient_address=127.0.0.1 # Enable spice related features (boolean value) -enabled=false +#enabled=false # Enable spice guest agent support (boolean value) #agent_enabled=true @@ -3473,6 +3360,20 @@ enabled=false # Options defined in nova.virt.vmwareapi.driver # +# The PBM status. (boolean value) +#pbm_enabled=false + +# PBM service WSDL file location URL. e.g. +# file:///opt/SDK/spbm/wsdl/pbmService.wsdl Not setting this +# will disable storage policy based placement of instances. +# (string value) +#pbm_wsdl_location=<None> + +# The PBM default policy. If pbm_wsdl_location is set and +# there is no defined storage policy for the specific request +# then this policy will be used. (string value) +#pbm_default_policy=<None> + # Hostname or IP address for connection to VMware VC host. # (string value) #host_ip=<None> @@ -3541,6 +3442,42 @@ enabled=false #maximum_objects=100 +# +# Options defined in nova.virt.vmwareapi.vmops +# + +# The prefix for Where cached images are stored. This is NOT +# the full path - just a folder prefix. This should only be +# used when a datastore cache should be shared between compute +# nodes. Note: this should only be used when the compute nodes +# have a shared file system. (string value) +#cache_prefix=<None> + + +[workarounds] + +# +# Options defined in nova.utils +# + +# This option allows a fallback to sudo for performance +# reasons. For example see +# https://bugs.launchpad.net/nova/+bug/1415106 (boolean value) +#disable_rootwrap=false + +# When using libvirt 1.2.2 fails live snapshots intermittently +# under load. This config option provides mechanism to +# disable livesnapshot while this is resolved. See +# https://bugs.launchpad.net/nova/+bug/1334398 (boolean value) +#disable_libvirt_livesnapshot=true + +# Whether to destroy instances on startup when we suspect they +# have previously been evacuated. This can result in data loss +# if undesired. See https://launchpad.net/bugs/1419785 +# (boolean value) +#destroy_after_evacuate=true + + [xenserver] # @@ -3736,7 +3673,8 @@ enabled=false # rsynced (boolean value) #sparse_copy=true -# Maximum number of retries to unplug VBD (integer value) +# Maximum number of retries to unplug VBD. if <=0, should try +# once and no retry (integer value) #num_vbd_unplug_retries=10 # Whether or not to download images via Bit Torrent @@ -3802,8 +3740,269 @@ enabled=false # (integer value) #sg_retry_interval=5 -[database] -# The SQLAlchemy connection string to use to connect to the -# database. (string value) -connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova +[matchmaker_redis] + +# +# From oslo.messaging +# + +# Host to locate redis. (string value) +#host = 127.0.0.1 + +# Use this port to connect to redis host. (integer value) +#port = 6379 + +# Password for Redis server (optional). (string value) +#password = <None> + + +[matchmaker_ring] + +# +# From oslo.messaging +# + +# Matchmaker ring file (JSON). (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +#ringfile = /etc/oslo/matchmaker_ring.json + + +[oslo_concurrency] + +# +# From oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +# Deprecated group/name - [DEFAULT]/disable_process_locking +#disable_process_locking = false + +# Directory to use for lock files. For security, the specified directory +# should only be writable by the user running the processes that need locking. +# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, +# a lock path must be set. (string value) +# Deprecated group/name - [DEFAULT]/lock_path +#lock_path = <None> + + +[oslo_messaging_amqp] + +# +# From oslo.messaging +# + +# address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +#server_request_prefix = exclusive + +# address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +#broadcast_prefix = broadcast + +# address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +#group_request_prefix = unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +#container_name = <None> + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +#idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +#trace = false + +# CA certificate PEM file for verifing server certificate (string value) +# Deprecated group/name - [amqp1]/ssl_ca_file +#ssl_ca_file = + +# Identifying certificate PEM file to present to clients (string value) +# Deprecated group/name - [amqp1]/ssl_cert_file +#ssl_cert_file = + +# Private key PEM file used to sign cert_file certificate (string value) +# Deprecated group/name - [amqp1]/ssl_key_file +#ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +#ssl_key_password = <None> + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +#allow_insecure_clients = false + + +[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +#qpid_hostname = localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +#qpid_port = 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +#qpid_hosts = $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +#qpid_username = + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +#qpid_password = + +# Space separated list of SASL mechanisms to use for auth. (string value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +#qpid_sasl_mechanisms = + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +#qpid_heartbeat = 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +#qpid_protocol = tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +#qpid_tcp_nodelay = true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +#qpid_receiver_capacity = 1 + +# The qpid topology version to use. Version 1 is what was originally used by +# impl_qpid. Version 2 includes some backwards-incompatible changes that allow +# broker federation to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +#qpid_topology_version = 1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and +# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some +# distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +#kombu_ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +#kombu_ssl_keyfile = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +#kombu_ssl_certfile = + +# SSL certification authority file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +#kombu_ssl_ca_certs = + +# How long to wait before reconnecting in response to an AMQP consumer cancel +# notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +#kombu_reconnect_delay = 1.0 + +# The RabbitMQ broker address where a single node is used. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_host +#rabbit_host = localhost + +# The RabbitMQ broker port where a single node is used. (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_port +#rabbit_port = 5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +#rabbit_hosts = $rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +#rabbit_use_ssl = false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +#rabbit_userid = guest + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +#rabbit_password = guest + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +#rabbit_login_method = AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +#rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +#rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +#rabbit_retry_backoff = 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry +# count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +#rabbit_max_retries = 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you +# must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +#rabbit_ha_queues = false + +# Number of seconds after which the Rabbit broker is considered down if +# heartbeat's keep-alive fails (0 disable the heartbeat). (integer value) +#heartbeat_timeout_threshold = 60 + +# How often times during the heartbeat_timeout_threshold we check the +# heartbeat. (integer value) +#heartbeat_rate = 2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +#fake_rabbit = false + diff --git a/install-files/openstack/usr/share/openstack/nova/policy.json b/install-files/openstack/usr/share/openstack/nova/policy.json deleted file mode 100644 index cc5b8ea4..00000000 --- a/install-files/openstack/usr/share/openstack/nova/policy.json +++ /dev/null @@ -1,324 +0,0 @@ -{ - "context_is_admin": "role:admin", - "admin_or_owner": "is_admin:True or project_id:%(project_id)s", - "default": "rule:admin_or_owner", - - "cells_scheduler_filter:TargetCellFilter": "is_admin:True", - - "compute:create": "", - "compute:create:attach_network": "", - "compute:create:attach_volume": "", - "compute:create:forced_host": "is_admin:True", - "compute:get_all": "", - "compute:get_all_tenants": "", - "compute:start": "rule:admin_or_owner", - "compute:stop": "rule:admin_or_owner", - "compute:unlock_override": "rule:admin_api", - - "compute:shelve": "", - "compute:shelve_offload": "", - "compute:unshelve": "", - - "compute:volume_snapshot_create": "", - "compute:volume_snapshot_delete": "", - - "admin_api": "is_admin:True", - "compute:v3:servers:start": "rule:admin_or_owner", - "compute:v3:servers:stop": "rule:admin_or_owner", - "compute_extension:v3:os-access-ips:discoverable": "", - "compute_extension:v3:os-access-ips": "", - "compute_extension:accounts": "rule:admin_api", - "compute_extension:admin_actions": "rule:admin_api", - "compute_extension:admin_actions:pause": "rule:admin_or_owner", - "compute_extension:admin_actions:unpause": "rule:admin_or_owner", - "compute_extension:admin_actions:suspend": "rule:admin_or_owner", - "compute_extension:admin_actions:resume": "rule:admin_or_owner", - "compute_extension:admin_actions:lock": "rule:admin_or_owner", - "compute_extension:admin_actions:unlock": "rule:admin_or_owner", - "compute_extension:admin_actions:resetNetwork": "rule:admin_api", - "compute_extension:admin_actions:injectNetworkInfo": "rule:admin_api", - "compute_extension:admin_actions:createBackup": "rule:admin_or_owner", - "compute_extension:admin_actions:migrateLive": "rule:admin_api", - "compute_extension:admin_actions:resetState": "rule:admin_api", - "compute_extension:admin_actions:migrate": "rule:admin_api", - "compute_extension:v3:os-admin-actions": "rule:admin_api", - "compute_extension:v3:os-admin-actions:discoverable": "", - "compute_extension:v3:os-admin-actions:reset_network": "rule:admin_api", - "compute_extension:v3:os-admin-actions:inject_network_info": "rule:admin_api", - "compute_extension:v3:os-admin-actions:reset_state": "rule:admin_api", - "compute_extension:v3:os-admin-password": "", - "compute_extension:v3:os-admin-password:discoverable": "", - "compute_extension:aggregates": "rule:admin_api", - "compute_extension:v3:os-aggregates:discoverable": "", - "compute_extension:v3:os-aggregates:index": "rule:admin_api", - "compute_extension:v3:os-aggregates:create": "rule:admin_api", - "compute_extension:v3:os-aggregates:show": "rule:admin_api", - "compute_extension:v3:os-aggregates:update": "rule:admin_api", - "compute_extension:v3:os-aggregates:delete": "rule:admin_api", - "compute_extension:v3:os-aggregates:add_host": "rule:admin_api", - "compute_extension:v3:os-aggregates:remove_host": "rule:admin_api", - "compute_extension:v3:os-aggregates:set_metadata": "rule:admin_api", - "compute_extension:agents": "rule:admin_api", - "compute_extension:v3:os-agents": "rule:admin_api", - "compute_extension:v3:os-agents:discoverable": "", - "compute_extension:attach_interfaces": "", - "compute_extension:v3:os-attach-interfaces": "", - "compute_extension:v3:os-attach-interfaces:discoverable": "", - "compute_extension:baremetal_nodes": "rule:admin_api", - "compute_extension:cells": "rule:admin_api", - "compute_extension:v3:os-cells": "rule:admin_api", - "compute_extension:v3:os-cells:discoverable": "", - "compute_extension:certificates": "", - "compute_extension:v3:os-certificates:create": "", - "compute_extension:v3:os-certificates:show": "", - "compute_extension:v3:os-certificates:discoverable": "", - "compute_extension:cloudpipe": "rule:admin_api", - "compute_extension:cloudpipe_update": "rule:admin_api", - "compute_extension:console_output": "", - "compute_extension:v3:consoles:discoverable": "", - "compute_extension:v3:os-console-output:discoverable": "", - "compute_extension:v3:os-console-output": "", - "compute_extension:consoles": "", - "compute_extension:v3:os-remote-consoles": "", - "compute_extension:v3:os-remote-consoles:discoverable": "", - "compute_extension:createserverext": "", - "compute_extension:v3:os-create-backup:discoverable": "", - "compute_extension:v3:os-create-backup": "rule:admin_or_owner", - "compute_extension:deferred_delete": "", - "compute_extension:v3:os-deferred-delete": "", - "compute_extension:v3:os-deferred-delete:discoverable": "", - "compute_extension:disk_config": "", - "compute_extension:evacuate": "rule:admin_api", - "compute_extension:v3:os-evacuate": "rule:admin_api", - "compute_extension:v3:os-evacuate:discoverable": "", - "compute_extension:extended_server_attributes": "rule:admin_api", - "compute_extension:v3:os-extended-server-attributes": "rule:admin_api", - "compute_extension:v3:os-extended-server-attributes:discoverable": "", - "compute_extension:extended_status": "", - "compute_extension:v3:os-extended-status": "", - "compute_extension:v3:os-extended-status:discoverable": "", - "compute_extension:extended_availability_zone": "", - "compute_extension:v3:os-extended-availability-zone": "", - "compute_extension:v3:os-extended-availability-zone:discoverable": "", - "compute_extension:extended_ips": "", - "compute_extension:extended_ips_mac": "", - "compute_extension:extended_vif_net": "", - "compute_extension:v3:extension_info:discoverable": "", - "compute_extension:extended_volumes": "", - "compute_extension:v3:os-extended-volumes": "", - "compute_extension:v3:os-extended-volumes:swap": "", - "compute_extension:v3:os-extended-volumes:discoverable": "", - "compute_extension:v3:os-extended-volumes:attach": "", - "compute_extension:v3:os-extended-volumes:detach": "", - "compute_extension:fixed_ips": "rule:admin_api", - "compute_extension:flavor_access": "", - "compute_extension:flavor_access:addTenantAccess": "rule:admin_api", - "compute_extension:flavor_access:removeTenantAccess": "rule:admin_api", - "compute_extension:v3:flavor-access": "", - "compute_extension:v3:flavor-access:discoverable": "", - "compute_extension:v3:flavor-access:remove_tenant_access": "rule:admin_api", - "compute_extension:v3:flavor-access:add_tenant_access": "rule:admin_api", - "compute_extension:flavor_disabled": "", - "compute_extension:flavor_rxtx": "", - "compute_extension:v3:os-flavor-rxtx": "", - "compute_extension:v3:os-flavor-rxtx:discoverable": "", - "compute_extension:flavor_swap": "", - "compute_extension:flavorextradata": "", - "compute_extension:flavorextraspecs:index": "", - "compute_extension:flavorextraspecs:show": "", - "compute_extension:flavorextraspecs:create": "rule:admin_api", - "compute_extension:flavorextraspecs:update": "rule:admin_api", - "compute_extension:flavorextraspecs:delete": "rule:admin_api", - "compute_extension:v3:flavors:discoverable": "", - "compute_extension:v3:flavor-extra-specs:discoverable": "", - "compute_extension:v3:flavor-extra-specs:index": "", - "compute_extension:v3:flavor-extra-specs:show": "", - "compute_extension:v3:flavor-extra-specs:create": "rule:admin_api", - "compute_extension:v3:flavor-extra-specs:update": "rule:admin_api", - "compute_extension:v3:flavor-extra-specs:delete": "rule:admin_api", - "compute_extension:flavormanage": "rule:admin_api", - "compute_extension:v3:flavor-manage": "rule:admin_api", - "compute_extension:floating_ip_dns": "", - "compute_extension:floating_ip_pools": "", - "compute_extension:floating_ips": "", - "compute_extension:floating_ips_bulk": "rule:admin_api", - "compute_extension:fping": "", - "compute_extension:fping:all_tenants": "rule:admin_api", - "compute_extension:hide_server_addresses": "is_admin:False", - "compute_extension:v3:os-hide-server-addresses": "is_admin:False", - "compute_extension:v3:os-hide-server-addresses:discoverable": "", - "compute_extension:hosts": "rule:admin_api", - "compute_extension:v3:os-hosts": "rule:admin_api", - "compute_extension:v3:os-hosts:discoverable": "", - "compute_extension:hypervisors": "rule:admin_api", - "compute_extension:v3:os-hypervisors": "rule:admin_api", - "compute_extension:v3:os-hypervisors:discoverable": "", - "compute_extension:image_size": "", - "compute_extension:instance_actions": "", - "compute_extension:v3:os-server-actions": "", - "compute_extension:v3:os-server-actions:discoverable": "", - "compute_extension:instance_actions:events": "rule:admin_api", - "compute_extension:v3:os-server-actions:events": "rule:admin_api", - "compute_extension:instance_usage_audit_log": "rule:admin_api", - "compute_extension:v3:ips:discoverable": "", - "compute_extension:keypairs": "", - "compute_extension:keypairs:index": "", - "compute_extension:keypairs:show": "", - "compute_extension:keypairs:create": "", - "compute_extension:keypairs:delete": "", - "compute_extension:v3:keypairs:discoverable": "", - "compute_extension:v3:keypairs": "", - "compute_extension:v3:keypairs:index": "", - "compute_extension:v3:keypairs:show": "", - "compute_extension:v3:keypairs:create": "", - "compute_extension:v3:keypairs:delete": "", - "compute_extension:v3:os-lock-server:discoverable": "", - "compute_extension:v3:os-lock-server:lock": "rule:admin_or_owner", - "compute_extension:v3:os-lock-server:unlock": "rule:admin_or_owner", - "compute_extension:v3:os-migrate-server:discoverable": "", - "compute_extension:v3:os-migrate-server:migrate": "rule:admin_api", - "compute_extension:v3:os-migrate-server:migrate_live": "rule:admin_api", - "compute_extension:multinic": "", - "compute_extension:v3:os-multinic": "", - "compute_extension:v3:os-multinic:discoverable": "", - "compute_extension:networks": "rule:admin_api", - "compute_extension:networks:view": "", - "compute_extension:networks_associate": "rule:admin_api", - "compute_extension:v3:os-pause-server:discoverable": "", - "compute_extension:v3:os-pause-server:pause": "rule:admin_or_owner", - "compute_extension:v3:os-pause-server:unpause": "rule:admin_or_owner", - "compute_extension:v3:os-pci:pci_servers": "", - "compute_extension:v3:os-pci:discoverable": "", - "compute_extension:v3:os-pci:index": "rule:admin_api", - "compute_extension:v3:os-pci:detail": "rule:admin_api", - "compute_extension:v3:os-pci:show": "rule:admin_api", - "compute_extension:quotas:show": "", - "compute_extension:quotas:update": "rule:admin_api", - "compute_extension:quotas:delete": "rule:admin_api", - "compute_extension:v3:os-quota-sets:discoverable": "", - "compute_extension:v3:os-quota-sets:show": "", - "compute_extension:v3:os-quota-sets:update": "rule:admin_api", - "compute_extension:v3:os-quota-sets:delete": "rule:admin_api", - "compute_extension:v3:os-quota-sets:detail": "rule:admin_api", - "compute_extension:quota_classes": "", - "compute_extension:rescue": "", - "compute_extension:v3:os-rescue": "", - "compute_extension:v3:os-rescue:discoverable": "", - "compute_extension:v3:os-scheduler-hints:discoverable": "", - "compute_extension:security_group_default_rules": "rule:admin_api", - "compute_extension:security_groups": "", - "compute_extension:v3:os-security-groups": "", - "compute_extension:v3:os-security-groups:discoverable": "", - "compute_extension:server_diagnostics": "rule:admin_api", - "compute_extension:v3:os-server-diagnostics": "rule:admin_api", - "compute_extension:v3:os-server-diagnostics:discoverable": "", - "compute_extension:server_groups": "", - "compute_extension:server_password": "", - "compute_extension:v3:os-server-password": "", - "compute_extension:v3:os-server-password:discoverable": "", - "compute_extension:server_usage": "", - "compute_extension:v3:os-server-usage": "", - "compute_extension:v3:os-server-usage:discoverable": "", - "compute_extension:services": "rule:admin_api", - "compute_extension:v3:os-services": "rule:admin_api", - "compute_extension:v3:os-services:discoverable": "", - "compute_extension:v3:server-metadata:discoverable": "", - "compute_extension:v3:servers:discoverable": "", - "compute_extension:shelve": "", - "compute_extension:shelveOffload": "rule:admin_api", - "compute_extension:v3:os-shelve:shelve": "", - "compute_extension:v3:os-shelve:shelve:discoverable": "", - "compute_extension:v3:os-shelve:shelve_offload": "rule:admin_api", - "compute_extension:simple_tenant_usage:show": "rule:admin_or_owner", - "compute_extension:v3:os-suspend-server:discoverable": "", - "compute_extension:v3:os-suspend-server:suspend": "rule:admin_or_owner", - "compute_extension:v3:os-suspend-server:resume": "rule:admin_or_owner", - "compute_extension:simple_tenant_usage:list": "rule:admin_api", - "compute_extension:unshelve": "", - "compute_extension:v3:os-shelve:unshelve": "", - "compute_extension:users": "rule:admin_api", - "compute_extension:v3:os-user-data:discoverable": "", - "compute_extension:virtual_interfaces": "", - "compute_extension:virtual_storage_arrays": "", - "compute_extension:volumes": "", - "compute_extension:volume_attachments:index": "", - "compute_extension:volume_attachments:show": "", - "compute_extension:volume_attachments:create": "", - "compute_extension:volume_attachments:update": "", - "compute_extension:volume_attachments:delete": "", - "compute_extension:volumetypes": "", - "compute_extension:availability_zone:list": "", - "compute_extension:v3:os-availability-zone:list": "", - "compute_extension:v3:os-availability-zone:discoverable": "", - "compute_extension:availability_zone:detail": "rule:admin_api", - "compute_extension:v3:os-availability-zone:detail": "rule:admin_api", - "compute_extension:used_limits_for_admin": "rule:admin_api", - "compute_extension:migrations:index": "rule:admin_api", - "compute_extension:v3:os-migrations:index": "rule:admin_api", - "compute_extension:v3:os-migrations:discoverable": "", - "compute_extension:os-assisted-volume-snapshots:create": "rule:admin_api", - "compute_extension:os-assisted-volume-snapshots:delete": "rule:admin_api", - "compute_extension:console_auth_tokens": "rule:admin_api", - "compute_extension:v3:os-console-auth-tokens": "rule:admin_api", - "compute_extension:os-server-external-events:create": "rule:admin_api", - "compute_extension:v3:os-server-external-events:create": "rule:admin_api", - - "volume:create": "", - "volume:get_all": "", - "volume:get_volume_metadata": "", - "volume:get_snapshot": "", - "volume:get_all_snapshots": "", - - - "volume_extension:types_manage": "rule:admin_api", - "volume_extension:types_extra_specs": "rule:admin_api", - "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", - "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", - "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", - - - "network:get_all": "", - "network:get": "", - "network:create": "", - "network:delete": "", - "network:associate": "", - "network:disassociate": "", - "network:get_vifs_by_instance": "", - "network:allocate_for_instance": "", - "network:deallocate_for_instance": "", - "network:validate_networks": "", - "network:get_instance_uuids_by_ip_filter": "", - "network:get_instance_id_by_floating_address": "", - "network:setup_networks_on_host": "", - "network:get_backdoor_port": "", - - "network:get_floating_ip": "", - "network:get_floating_ip_pools": "", - "network:get_floating_ip_by_address": "", - "network:get_floating_ips_by_project": "", - "network:get_floating_ips_by_fixed_address": "", - "network:allocate_floating_ip": "", - "network:deallocate_floating_ip": "", - "network:associate_floating_ip": "", - "network:disassociate_floating_ip": "", - "network:release_floating_ip": "", - "network:migrate_instance_start": "", - "network:migrate_instance_finish": "", - - "network:get_fixed_ip": "", - "network:get_fixed_ip_by_address": "", - "network:add_fixed_ip_to_instance": "", - "network:remove_fixed_ip_from_instance": "", - "network:add_network_to_project": "", - "network:get_instance_nw_info": "", - - "network:get_dns_domains": "", - "network:add_dns_entry": "", - "network:modify_dns_entry": "", - "network:delete_dns_entry": "", - "network:get_dns_entries_by_address": "", - "network:get_dns_entries_by_name": "", - "network:create_private_dns_domain": "", - "network:create_public_dns_domain": "", - "network:delete_dns_domain": "" -} |