diff options
Diffstat (limited to 'openstack/etc')
-rw-r--r-- | openstack/etc/horizon/apache-horizon.conf | 34 | ||||
-rw-r--r-- | openstack/etc/horizon/openstack_dashboard/local_settings.py | 551 | ||||
-rw-r--r-- | openstack/etc/tempest/tempest.conf | 1116 |
3 files changed, 1701 insertions, 0 deletions
diff --git a/openstack/etc/horizon/apache-horizon.conf b/openstack/etc/horizon/apache-horizon.conf new file mode 100644 index 00000000..ea88897a --- /dev/null +++ b/openstack/etc/horizon/apache-horizon.conf @@ -0,0 +1,34 @@ +<VirtualHost *:80> + WSGIScriptAlias /horizon /var/lib/horizon/openstack_dashboard/django.wsgi + WSGIDaemonProcess horizon user=horizon group=horizon processes=3 threads=10 home=/var/lib/horizon display-name=horizon + WSGIApplicationGroup %{GLOBAL} + + RedirectMatch ^/$ /horizon/ + + SetEnv APACHE_RUN_USER apache + SetEnv APACHE_RUN_GROUP apache + WSGIProcessGroup horizon + + DocumentRoot /var/lib/horizon/.blackhole + Alias /static /var/lib/horizon/openstack_dashboard/static + + <Directory /var/lib/horizon/openstack_dashboard > + Options Indexes FollowSymLinks MultiViews + AllowOverride None + # Apache 2.4 uses mod_authz_host for access control now (instead of + # "Allow") + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + </Directory> + + ErrorLog /var/log/httpd/horizon_error.log + LogLevel warn + CustomLog /var/log/httpd/horizon_access.log combined +</VirtualHost> + +WSGISocketPrefix /var/run/httpd diff --git a/openstack/etc/horizon/openstack_dashboard/local_settings.py b/openstack/etc/horizon/openstack_dashboard/local_settings.py new file mode 100644 index 00000000..febc3e70 --- /dev/null +++ b/openstack/etc/horizon/openstack_dashboard/local_settings.py @@ -0,0 +1,551 @@ +import os + +from django.utils.translation import ugettext_lazy as _ + +from openstack_dashboard import exceptions + +DEBUG = True +TEMPLATE_DEBUG = DEBUG + +STATIC_ROOT = "/var/lib/horizon/openstack_dashboard/static" + +# Required for Django 1.5. +# If horizon is running in production (DEBUG is False), set this +# with the list of host/domain names that the application can serve. +# For more information see: +# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts +#ALLOWED_HOSTS = ['horizon.example.com', ] +ALLOWED_HOSTS = ['*'] + +# Set SSL proxy settings: +# For Django 1.4+ pass this header from the proxy after terminating the SSL, +# and don't forget to strip it from the client's request. +# For more information see: +# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header +# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') + +# If Horizon is being served through SSL, then uncomment the following two +# settings to better secure the cookies from security exploits +#CSRF_COOKIE_SECURE = True +#SESSION_COOKIE_SECURE = True + +# Overrides for OpenStack API versions. Use this setting to force the +# OpenStack dashboard to use a specific API version for a given service API. +# NOTE: The version should be formatted as it appears in the URL for the +# service API. For example, The identity service APIs have inconsistent +# use of the decimal point, so valid options would be "2.0" or "3". +# OPENSTACK_API_VERSIONS = { +# "data_processing": 1.1, +# "identity": 3, +# "volume": 2 +# } + +# Set this to True if running on multi-domain model. When this is enabled, it +# will require user to enter the Domain name in addition to username for login. +# OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False + +# Overrides the default domain used when running on single-domain model +# with Keystone V3. All entities will be created in the default domain. +# OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default' + +# Set Console type: +# valid options would be "AUTO"(default), "VNC", "SPICE", "RDP" or None +# Set to None explicitly if you want to deactivate the console. +# CONSOLE_TYPE = "AUTO" + +# Default OpenStack Dashboard configuration. +HORIZON_CONFIG = { + 'user_home': 'openstack_dashboard.views.get_user_home', + 'ajax_queue_limit': 10, + 'auto_fade_alerts': { + 'delay': 3000, + 'fade_duration': 1500, + 'types': ['alert-success', 'alert-info'] + }, + 'help_url': "http://docs.openstack.org", + 'exceptions': {'recoverable': exceptions.RECOVERABLE, + 'not_found': exceptions.NOT_FOUND, + 'unauthorized': exceptions.UNAUTHORIZED}, + 'modal_backdrop': 'static', + 'angular_modules': [], + 'js_files': [], +} + +# Specify a regular expression to validate user passwords. +# HORIZON_CONFIG["password_validator"] = { +# "regex": '.*', +# "help_text": _("Your password does not meet the requirements.") +# } + +# Disable simplified floating IP address management for deployments with +# multiple floating IP pools or complex network requirements. +# HORIZON_CONFIG["simple_ip_management"] = False + +# Turn off browser autocompletion for forms including the login form and +# the database creation workflow if so desired. +# HORIZON_CONFIG["password_autocomplete"] = "off" + +# Setting this to True will disable the reveal button for password fields, +# including on the login form. +# HORIZON_CONFIG["disable_password_reveal"] = False + +#LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) + +LOCAL_PATH = "/var/lib/horizon" + +# Set custom secret key: +# You can either set it to a specific value or you can let horizon generate a +# default secret key that is unique on this machine, e.i. regardless of the +# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, there +# may be situations where you would want to set this explicitly, e.g. when +# multiple dashboard instances are distributed on different machines (usually +# behind a load-balancer). Either you have to make sure that a session gets all +# requests routed to the same dashboard instance or you set the same SECRET_KEY +# for all of them. +from horizon.utils import secret_key +SECRET_KEY = secret_key.generate_or_read_from_file( + os.path.join(LOCAL_PATH, '.secret_key_store')) + +# We recommend you use memcached for development; otherwise after every reload +# of the django development server, you will have to login again. To use +# memcached set CACHES to something like +CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': '127.0.0.1:11211', + } +} + +#CACHES = { +# 'default': { +# 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache' +# } +#} + +# Send email to the console by default +EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' +# Or send them to /dev/null +#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' + +# Configure these for your outgoing email host +# EMAIL_HOST = 'smtp.my-company.com' +# EMAIL_PORT = 25 +# EMAIL_HOST_USER = 'djangomail' +# EMAIL_HOST_PASSWORD = 'top-secret!' + +# For multiple regions uncomment this configuration, and add (endpoint, title). +# AVAILABLE_REGIONS = [ +# ('http://cluster1.example.com:5000/v2.0', 'cluster1'), +# ('http://cluster2.example.com:5000/v2.0', 'cluster2'), +# ] + +OPENSTACK_HOST = "127.0.0.1" +OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST +OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" + +# Disable SSL certificate checks (useful for self-signed certificates): +# OPENSTACK_SSL_NO_VERIFY = True + +# The CA certificate to use to verify SSL connections +# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem' + +# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the +# capabilities of the auth backend for Keystone. +# If Keystone has been configured to use LDAP as the auth backend then set +# can_edit_user to False and name to 'ldap'. +# +# TODO(tres): Remove these once Keystone has an API to identify auth backend. +OPENSTACK_KEYSTONE_BACKEND = { + 'name': 'native', + 'can_edit_user': True, + 'can_edit_group': True, + 'can_edit_project': True, + 'can_edit_domain': True, + 'can_edit_role': True +} + +#Setting this to True, will add a new "Retrieve Password" action on instance, +#allowing Admin session password retrieval/decryption. +#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False + +# The Xen Hypervisor has the ability to set the mount point for volumes +# attached to instances (other Hypervisors currently do not). Setting +# can_set_mount_point to True will add the option to set the mount point +# from the UI. +OPENSTACK_HYPERVISOR_FEATURES = { + 'can_set_mount_point': False, + 'can_set_password': False, +} + +# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional +# services provided by cinder that is not exposed by its extension API. +OPENSTACK_CINDER_FEATURES = { + 'enable_backup': False, +} + +# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional +# services provided by neutron. Options currently available are load +# balancer service, security groups, quotas, VPN service. +OPENSTACK_NEUTRON_NETWORK = { + 'enable_router': True, + 'enable_quotas': True, + 'enable_ipv6': True, + 'enable_distributed_router': False, + 'enable_ha_router': False, + 'enable_lb': True, + 'enable_firewall': True, + 'enable_vpn': True, + # The profile_support option is used to detect if an external router can be + # configured via the dashboard. When using specific plugins the + # profile_support can be turned on if needed. + 'profile_support': None, + #'profile_support': 'cisco', + # Set which provider network types are supported. Only the network types + # in this list will be available to choose from when creating a network. + # Network types include local, flat, vlan, gre, and vxlan. + 'supported_provider_types': ['*'], +} + +# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features +# in the OpenStack Dashboard related to the Image service, such as the list +# of supported image formats. +# OPENSTACK_IMAGE_BACKEND = { +# 'image_formats': [ +# ('', _('Select format')), +# ('aki', _('AKI - Amazon Kernel Image')), +# ('ami', _('AMI - Amazon Machine Image')), +# ('ari', _('ARI - Amazon Ramdisk Image')), +# ('iso', _('ISO - Optical Disk Image')), +# ('qcow2', _('QCOW2 - QEMU Emulator')), +# ('raw', _('Raw')), +# ('vdi', _('VDI')), +# ('vhd', _('VHD')), +# ('vmdk', _('VMDK')) +# ] +# } + +# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for +# image custom property attributes that appear on image detail pages. +IMAGE_CUSTOM_PROPERTY_TITLES = { + "architecture": _("Architecture"), + "kernel_id": _("Kernel ID"), + "ramdisk_id": _("Ramdisk ID"), + "image_state": _("Euca2ools state"), + "project_id": _("Project ID"), + "image_type": _("Image Type") +} + +# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image +# custom properties should not be displayed in the Image Custom Properties +# table. +IMAGE_RESERVED_CUSTOM_PROPERTIES = [] + +# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints +# in the Keystone service catalog. Use this setting when Horizon is running +# external to the OpenStack environment. The default is 'publicURL'. +#OPENSTACK_ENDPOINT_TYPE = "publicURL" + +# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the +# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints +# in the Keystone service catalog. Use this setting when Horizon is running +# external to the OpenStack environment. The default is None. This +# value should differ from OPENSTACK_ENDPOINT_TYPE if used. +#SECONDARY_ENDPOINT_TYPE = "publicURL" + +# The number of objects (Swift containers/objects or images) to display +# on a single page before providing a paging element (a "more" link) +# to paginate results. +API_RESULT_LIMIT = 1000 +API_RESULT_PAGE_SIZE = 20 + +# Specify a maximum number of items to display in a dropdown. +DROPDOWN_MAX_ITEMS = 30 + +# The timezone of the server. This should correspond with the timezone +# of your entire OpenStack installation, and hopefully be in UTC. +TIME_ZONE = "UTC" + +# When launching an instance, the menu of available flavors is +# sorted by RAM usage, ascending. If you would like a different sort order, +# you can provide another flavor attribute as sorting key. Alternatively, you +# can provide a custom callback method to use for sorting. You can also provide +# a flag for reverse sort. For more info, see +# http://docs.python.org/2/library/functions.html#sorted +# CREATE_INSTANCE_FLAVOR_SORT = { +# 'key': 'name', +# # or +# 'key': my_awesome_callback_method, +# 'reverse': False, +# } + +# The Horizon Policy Enforcement engine uses these values to load per service +# policy rule files. The content of these files should match the files the +# OpenStack services are using to determine role based access control in the +# target installation. + +# Path to directory containing policy.json files +#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf") +# Map of local copy of service policy files +#POLICY_FILES = { +# 'identity': 'keystone_policy.json', +# 'compute': 'nova_policy.json', +# 'volume': 'cinder_policy.json', +# 'image': 'glance_policy.json', +# 'orchestration': 'heat_policy.json', +# 'network': 'neutron_policy.json', +#} + +# Trove user and database extension support. By default support for +# creating users and databases on database instances is turned on. +# To disable these extensions set the permission here to something +# unusable such as ["!"]. +# TROVE_ADD_USER_PERMS = [] +# TROVE_ADD_DATABASE_PERMS = [] + +LOGGING = { + 'version': 1, + # When set to True this will disable all logging except + # for loggers specified in this configuration dictionary. Note that + # if nothing is specified here and disable_existing_loggers is True, + # django.db.backends will still log unless it is disabled explicitly. + 'disable_existing_loggers': False, + 'handlers': { + 'null': { + 'level': 'DEBUG', + 'class': 'django.utils.log.NullHandler', + }, + 'console': { + # Set the level to "DEBUG" for verbose output logging. + 'level': 'INFO', + 'class': 'logging.StreamHandler', + }, + }, + 'loggers': { + # Logging from django.db.backends is VERY verbose, send to null + # by default. + 'django.db.backends': { + 'handlers': ['null'], + 'propagate': False, + }, + 'requests': { + 'handlers': ['null'], + 'propagate': False, + }, + 'horizon': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'openstack_dashboard': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'novaclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'cinderclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'keystoneclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'glanceclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'neutronclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'heatclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'ceilometerclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'troveclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'swiftclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'openstack_auth': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'nose.plugins.manager': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'django': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'iso8601': { + 'handlers': ['null'], + 'propagate': False, + }, + 'scss': { + 'handlers': ['null'], + 'propagate': False, + }, + } +} + +# 'direction' should not be specified for all_tcp/udp/icmp. +# It is specified in the form. +SECURITY_GROUP_RULES = { + 'all_tcp': { + 'name': _('All TCP'), + 'ip_protocol': 'tcp', + 'from_port': '1', + 'to_port': '65535', + }, + 'all_udp': { + 'name': _('All UDP'), + 'ip_protocol': 'udp', + 'from_port': '1', + 'to_port': '65535', + }, + 'all_icmp': { + 'name': _('All ICMP'), + 'ip_protocol': 'icmp', + 'from_port': '-1', + 'to_port': '-1', + }, + 'ssh': { + 'name': 'SSH', + 'ip_protocol': 'tcp', + 'from_port': '22', + 'to_port': '22', + }, + 'smtp': { + 'name': 'SMTP', + 'ip_protocol': 'tcp', + 'from_port': '25', + 'to_port': '25', + }, + 'dns': { + 'name': 'DNS', + 'ip_protocol': 'tcp', + 'from_port': '53', + 'to_port': '53', + }, + 'http': { + 'name': 'HTTP', + 'ip_protocol': 'tcp', + 'from_port': '80', + 'to_port': '80', + }, + 'pop3': { + 'name': 'POP3', + 'ip_protocol': 'tcp', + 'from_port': '110', + 'to_port': '110', + }, + 'imap': { + 'name': 'IMAP', + 'ip_protocol': 'tcp', + 'from_port': '143', + 'to_port': '143', + }, + 'ldap': { + 'name': 'LDAP', + 'ip_protocol': 'tcp', + 'from_port': '389', + 'to_port': '389', + }, + 'https': { + 'name': 'HTTPS', + 'ip_protocol': 'tcp', + 'from_port': '443', + 'to_port': '443', + }, + 'smtps': { + 'name': 'SMTPS', + 'ip_protocol': 'tcp', + 'from_port': '465', + 'to_port': '465', + }, + 'imaps': { + 'name': 'IMAPS', + 'ip_protocol': 'tcp', + 'from_port': '993', + 'to_port': '993', + }, + 'pop3s': { + 'name': 'POP3S', + 'ip_protocol': 'tcp', + 'from_port': '995', + 'to_port': '995', + }, + 'ms_sql': { + 'name': 'MS SQL', + 'ip_protocol': 'tcp', + 'from_port': '1433', + 'to_port': '1433', + }, + 'mysql': { + 'name': 'MYSQL', + 'ip_protocol': 'tcp', + 'from_port': '3306', + 'to_port': '3306', + }, + 'rdp': { + 'name': 'RDP', + 'ip_protocol': 'tcp', + 'from_port': '3389', + 'to_port': '3389', + }, +} + +# Deprecation Notice: +# +# The setting FLAVOR_EXTRA_KEYS has been deprecated. +# Please load extra spec metadata into the Glance Metadata Definition Catalog. +# +# The sample quota definitions can be found in: +# <glance_source>/etc/metadefs/compute-quota.json +# +# The metadata definition catalog supports CLI and API: +# $glance --os-image-api-version 2 help md-namespace-import +# $glance-manage db_load_metadefs <directory_with_definition_files> +# +# See Metadata Definitions on: http://docs.openstack.org/developer/glance/ + +# Indicate to the Sahara data processing service whether or not +# automatic floating IP allocation is in effect. If it is not +# in effect, the user will be prompted to choose a floating IP +# pool for use in their cluster. False by default. You would want +# to set this to True if you were running Nova Networking with +# auto_assign_floating_ip = True. +# SAHARA_AUTO_IP_ALLOCATION_ENABLED = False + +# The hash algorithm to use for authentication tokens. This must +# match the hash algorithm that the identity server and the +# auth_token middleware are using. Allowed values are the +# algorithms supported by Python's hashlib library. +# OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5' +LOGIN_URL='/horizon/auth/login/' +LOGOUT_URL='/horizon/auth/logout/' +LOGIN_REDIRECT_URL='/horizon/' diff --git a/openstack/etc/tempest/tempest.conf b/openstack/etc/tempest/tempest.conf new file mode 100644 index 00000000..05f0eca1 --- /dev/null +++ b/openstack/etc/tempest/tempest.conf @@ -0,0 +1,1116 @@ +[DEFAULT] + +# +# From tempest.config +# + +# Whether to disable inter-process locks (boolean value) +#disable_process_locking = false + +# Directory to use for lock files. (string value) +lock_path = /run/lock + +# +# From tempest.config +# + +# Print debugging output (set logging level to DEBUG instead of +# default WARNING level). (boolean value) +#debug = false + +# Print more verbose output (set logging level to INFO instead of +# default WARNING level). (boolean value) +#verbose = false + +# +# From tempest.config +# + +# The name of a logging configuration file. This file is appended to +# any existing logging configuration files. For details about logging +# configuration files, see the Python logging module documentation. +# (string value) +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append = <None> + +# Format string for %%(asctime)s in log records. Default: %(default)s +# . (string value) +#log_date_format = %Y-%m-%d %H:%M:%S + +# (Optional) The base directory used for relative --log-file paths. +# (string value) +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = <None> + +# (Optional) Name of log file to output to. If no default is set, +# logging will go to stdout. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file = <None> + +# DEPRECATED. A logging.Formatter log message format string which may +# use any of the available logging.LogRecord attributes. This option +# is deprecated. Please use logging_context_format_string and +# logging_default_format_string instead. (string value) +#log_format = <None> + +# Syslog facility to receive log lines. (string value) +#syslog_log_facility = LOG_USER + +# Use syslog for logging. Existing syslog format is DEPRECATED during +# I, and will change in J to honor RFC5424. (boolean value) +use_syslog = true + +# (Optional) Enables or disables syslog rfc5424 format for logging. If +# enabled, prefixes the MSG part of the syslog message with APP-NAME +# (RFC5424). The format without the APP-NAME is deprecated in I, and +# will be removed in J. (boolean value) +#use_syslog_rfc_format = false + +# +# From tempest.config +# + +# Log output to standard error. (boolean value) +#use_stderr = true + +# +# From tempest.config +# + +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN + +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false + +# The format for an instance that is passed with the log message. +# (string value) +#instance_format = "[instance: %(uuid)s] " + +# The format for an instance UUID that is passed with the log message. +# (string value) +#instance_uuid_format = "[instance: %(uuid)s] " + +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + +# Format string to use for log messages without context. (string +# value) +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Prefix each line of exception output with this format. (string +# value) +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s + +# Enables or disables publication of error events. (boolean value) +#publish_errors = false + + +[auth] + +# +# From tempest.config +# + +# Allows test cases to create/destroy tenants and users. This option +# requires that OpenStack Identity API admin credentials are known. If +# false, isolated test cases and parallel execution, can still be +# achieved configuring a list of test accounts (boolean value) +# Deprecated group/name - [compute]/allow_tenant_isolation +# Deprecated group/name - [orchestration]/allow_tenant_isolation +allow_tenant_isolation = true + +# If set to True it enables the Accounts provider, which locks +# credentials to allow for parallel execution with pre-provisioned +# accounts. It can only be used to run tests that ensure credentials +# cleanup happens. It requires at least `2 * CONC` distinct accounts +# configured in `test_accounts_file`, with CONC == the number of +# concurrent test processes. (boolean value) +#locking_credentials_provider = false + +# Path to the yaml file that contains the list of credentials to use +# for running tests (string value) +#test_accounts_file = etc/accounts.yaml + + +[baremetal] + +# +# From tempest.config +# + +# Timeout for Ironic node to completely provision (integer value) +#active_timeout = 300 + +# Timeout for association of Nova instance and Ironic node (integer +# value) +#association_timeout = 30 + +# Catalog type of the baremetal provisioning service (string value) +#catalog_type = baremetal + +# Driver name which Ironic uses (string value) +#driver = fake + +# Whether the Ironic nova-compute driver is enabled (boolean value) +#driver_enabled = false + +# The endpoint type to use for the baremetal provisioning service +# (string value) +#endpoint_type = publicURL + +# Timeout for Ironic power transitions. (integer value) +#power_timeout = 60 + +# Timeout for unprovisioning an Ironic node. (integer value) +#unprovision_timeout = 60 + + +[boto] + +# +# From tempest.config +# + +# AKI Kernel Image manifest (string value) +#aki_manifest = cirros-0.3.0-x86_64-vmlinuz.manifest.xml + +# AMI Machine Image manifest (string value) +#ami_manifest = cirros-0.3.0-x86_64-blank.img.manifest.xml + +# ARI Ramdisk Image manifest (string value) +#ari_manifest = cirros-0.3.0-x86_64-initrd.manifest.xml + +# AWS Access Key (string value) +#aws_access = <None> + +# AWS Secret Key (string value) +#aws_secret = <None> + +# AWS Zone for EC2 tests (string value) +#aws_zone = nova + +# Status Change Test Interval (integer value) +#build_interval = 1 + +# Status Change Timeout (integer value) +#build_timeout = 60 + +# EC2 URL (string value) +#ec2_url = http://localhost:8773/services/Cloud + +# boto Http socket timeout (integer value) +#http_socket_timeout = 3 + +# Instance type (string value) +#instance_type = m1.tiny + +# boto num_retries on error (integer value) +#num_retries = 1 + +# S3 Materials Path (string value) +#s3_materials_path = /opt/stack/devstack/files/images/s3-materials/cirros-0.3.0 + +# S3 URL (string value) +#s3_url = http://localhost:8080 + + +[cli] + +# +# From tempest.config +# + +# directory where python client binaries are located (string value) +cli_dir = /usr/bin + +# enable cli tests (boolean value) +#enabled = true + +# Whether the tempest run location has access to the *-manage +# commands. In a pure blackbox environment it will not. (boolean +# value) +#has_manage = true + +# Number of seconds to wait on a CLI timeout (integer value) +#timeout = 15 + + +[compute] + +# +# From tempest.config +# + +# Time in seconds between build status checks. (integer value) +#build_interval = 1 + +# Timeout in seconds to wait for an instance to build. (integer value) +#build_timeout = 300 + +# Catalog type of the Compute service. (string value) +#catalog_type = compute + +# Catalog type of the Compute v3 service. (string value) +#catalog_v3_type = computev3 + +# The endpoint type to use for the compute service. (string value) +#endpoint_type = publicURL + +# Visible fixed network name (string value) +#fixed_network_name = private + +# Valid primary flavor to use in tests. (string value) +#flavor_ref = 1 + +# Valid secondary flavor to be used in tests. (string value) +#flavor_ref_alt = 2 + +# Unallocated floating IP range, which will be used to test the +# floating IP bulk feature for CRUD operation. (string value) +#floating_ip_range = 10.0.0.0/29 + +# Password used to authenticate to an instance using the alternate +# image. (string value) +#image_alt_ssh_password = password + +# User name used to authenticate to an instance using the alternate +# image. (string value) +#image_alt_ssh_user = root + +# Valid primary image reference to be used in tests. This is a +# required option (string value) +#image_ref = <None> + +# Valid secondary image reference to be used in tests. This is a +# required option, but if only one image is available duplicate the +# value of image_ref above (string value) +#image_ref_alt = <None> + +# Password used to authenticate to an instance. (string value) +#image_ssh_password = password + +# User name used to authenticate to an instance. (string value) +#image_ssh_user = root + +# IP version used for SSH connections. (integer value) +#ip_version_for_ssh = 4 + +# Network used for SSH connections. (string value) +#network_for_ssh = public + +# Path to a private key file for SSH access to remote hosts (string +# value) +#path_to_private_key = <None> + +# Timeout in seconds to wait for ping to succeed. (integer value) +#ping_timeout = 120 + +# Additional wait time for clean state, when there is no OS-EXT-STS +# extension available (integer value) +#ready_wait = 0 + +# The compute region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = + +# Should the tests ssh to instances? (boolean value) +#run_ssh = false + +# Time in seconds before a shelved instance is eligible for removing +# from a host. -1 never offload, 0 offload when shelved. This time +# should be the same as the time of nova.conf, and some tests will run +# for as long as the time. (integer value) +#shelved_offload_time = 0 + +# Auth method used for authenticate to the instance. Valid choices +# are: keypair, configured, adminpass. keypair: start the servers with +# an ssh keypair. configured: use the configured user and password. +# adminpass: use the injected adminPass. disabled: avoid using ssh +# when it is an option. (string value) +#ssh_auth_method = keypair + +# Timeout in seconds to wait for output from ssh channel. (integer +# value) +#ssh_channel_timeout = 60 + +# How to connect to the instance? fixed: using the first ip belongs +# the fixed network floating: creating and using a floating ip (string +# value) +#ssh_connect_method = fixed + +# Timeout in seconds to wait for authentication to succeed. (integer +# value) +#ssh_timeout = 300 + +# User name used to authenticate to an instance. (string value) +#ssh_user = root + +# Does SSH use Floating IPs? (boolean value) +#use_floatingip_for_ssh = true + +# Expected device name when a volume is attached to an instance +# (string value) +#volume_device_name = vdb + + +[compute-admin] + +# +# From tempest.config +# + +# Domain name for authentication as admin (Keystone V3).The same +# domain applies to user and project (string value) +#domain_name = <None> + +# API key to use when authenticating as admin. (string value) +password = {{ NOVA_SERVICE_PASSWORD }} + +# Administrative Tenant name to use for Nova API requests. (string +# value) +tenant_name = service + +# Administrative Username to use for Nova API requests. (string value) +username = {{ NOVA_SERVICE_USER }} + + +[compute-feature-enabled] + +# +# From tempest.config +# + +# A list of enabled compute extensions with a special entry all which +# indicates every extension is enabled. Each extension should be +# specified with alias name. Empty list indicates all extensions are +# disabled (list value) +#api_extensions = all + +# If false, skip all nova v3 tests. (boolean value) +api_v3 = false + +# A list of enabled v3 extensions with a special entry all which +# indicates every extension is enabled. Each extension should be +# specified with alias name. Empty list indicates all extensions are +# disabled (list value) +#api_v3_extensions = all + +# Does the test environment block migration support cinder iSCSI +# volumes (boolean value) +#block_migrate_cinder_iscsi = false + +# Does the test environment use block devices for live migration +# (boolean value) +#block_migration_for_live_migration = false + +# Does the test environment support changing the admin password? +# (boolean value) +#change_password = false + +# Does the test environment support obtaining instance serial console +# output? (boolean value) +#console_output = true + +# If false, skip disk config tests (boolean value) +#disk_config = true + +# Enables returning of the instance password by the relevant server +# API calls such as create, rebuild or rescue. (boolean value) +#enable_instance_password = true + +# Does the test environment support dynamic network interface +# attachment? (boolean value) +#interface_attach = true + +# Does the test environment support live migration available? (boolean +# value) +#live_migration = false + +# Does the test environment support pausing? (boolean value) +#pause = true + +# Enable RDP console. This configuration value should be same as +# [nova.rdp]->enabled in nova.conf (boolean value) +#rdp_console = false + +# Does the test environment support instance rescue mode? (boolean +# value) +#rescue = true + +# Does the test environment support resizing? (boolean value) +#resize = false + +# Does the test environment support shelving/unshelving? (boolean +# value) +#shelve = true + +# Does the test environment support creating snapshot images of +# running instances? (boolean value) +snapshot = true + +# Enable Spice console. This configuration value should be same as +# [nova.spice]->enabled in nova.conf (boolean value) +spice_console = false + +# Does the test environment support suspend/resume? (boolean value) +#suspend = true + +# Enable VNC console. This configuration value should be same as +# [nova.vnc]->vnc_enabled in nova.conf (boolean value) +vnc_console = true + +# If false skip all v2 api tests with xml (boolean value) +#xml_api_v2 = true + + +[dashboard] + +# +# From tempest.config +# + +# Where the dashboard can be found (string value) +dashboard_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon + +# Login page for the dashboard (string value) +login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon/auth/login/ + + +[data_processing] + +# +# From tempest.config +# + +# Catalog type of the data processing service. (string value) +#catalog_type = data_processing + +# The endpoint type to use for the data processing service. (string +# value) +#endpoint_type = publicURL + + +[database] + +# +# From tempest.config +# + +# Catalog type of the Database service. (string value) +#catalog_type = database + +# Current database version to use in database tests. (string value) +#db_current_version = v1.0 + +# Valid primary flavor to use in database tests. (string value) +#db_flavor_ref = 1 + + +[debug] + +# +# From tempest.config +# + +# Enable diagnostic commands (boolean value) +#enable = true + +# A regex to determine which requests should be traced. This is a +# regex to match the caller for rest client requests to be able to +# selectively trace calls out of specific classes and methods. It +# largely exists for test development, and is not expected to be used +# in a real deploy of tempest. This will be matched against the +# discovered ClassName:method in the test environment. Expected +# values for this field are: * ClassName:test_method_name - traces +# one test_method * ClassName:setUp(Class) - traces specific setup +# functions * ClassName:tearDown(Class) - traces specific teardown +# functions * ClassName:_run_cleanups - traces the cleanup functions +# If nothing is specified, this feature is not enabled. To trace +# everything specify .* as the regex. (string value) +#trace_requests = + + +[identity] + +# +# From tempest.config +# + +# Admin domain name for authentication (Keystone V3).The same domain +# applies to user and project (string value) +#admin_domain_name = <None> + +# API key to use when authenticating as admin. (string value) +admin_password = {{ KEYSTONE_ADMIN_PASSWORD }} + +# Role required to administrate keystone. (string value) +admin_role = admin + +# Administrative Tenant name to use for Keystone API requests. (string +# value) +admin_tenant_name = admin + +# Administrative Username to use for Keystone API requests. (string +# value) +admin_username = admin + +# Alternate domain name for authentication (Keystone V3).The same +# domain applies to user and project (string value) +#alt_domain_name = <None> + +# API key to use when authenticating as alternate user. (string value) +#alt_password = <None> + +# Alternate user's Tenant name to use for Nova API requests. (string +# value) +#alt_tenant_name = <None> + +# Username of alternate user to use for Nova API requests. (string +# value) +#alt_username = <None> + +# Identity API version to be used for authentication for API tests. +# (string value) +auth_version = v2 + +# Catalog type of the Identity service. (string value) +catalog_type = identity + +# Set to True if using self-signed SSL certificates. (boolean value) +#disable_ssl_certificate_validation = false + +# Domain name for authentication (Keystone V3).The same domain applies +# to user and project (string value) +#domain_name = <None> + +# The endpoint type to use for the identity service. (string value) +#endpoint_type = publicURL + +# API key to use when authenticating. (string value) +password = {{ NOVA_SERVICE_PASSWORD }} + +# The identity region name to use. Also used as the other services' +# region name unless they are set explicitly. If no such region is +# found in the service catalog, the first found one is used. (string +# value) +#region = RegionOne + +# Tenant name to use for Nova API requests. (string value) +tenant_name = service + +# Full URI of the OpenStack Identity API (Keystone), v2 (string value) +uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0/ + +# Full URI of the OpenStack Identity API (Keystone), v3 (string value) +# +# Tempest complains if we don't set any uri_v3, even if it's disabled. +uri_v3 = <None> + +# Username to use for Nova API requests. (string value) +username = {{ NOVA_SERVICE_USER }} + + +[identity-feature-enabled] + +# +# From tempest.config +# + +# Is the v2 identity API enabled (boolean value) +api_v2 = true + +# Is the v3 identity API enabled (boolean value) +api_v3 = false + +# Does the identity service have delegation and impersonation enabled +# (boolean value) +#trust = true + + +[image] + +# +# From tempest.config +# + +# Catalog type of the Image service. (string value) +catalog_type = image + +# The endpoint type to use for the image service. (string value) +endpoint_type = publicURL + +# http accessible image (string value) +http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.gz + +# The image region name to use. If empty, the value of identity.region +# is used instead. If no such region is found in the service catalog, +# the first found one is used. (string value) +#region = + + +[image-feature-enabled] + +# +# From tempest.config +# + +# Is the v1 image API enabled (boolean value) +#api_v1 = true + +# Is the v2 image API enabled (boolean value) +api_v2 = true + + +[input-scenario] + +# +# From tempest.config +# + +# Matching flavors become parameters for scenario tests (string value) +#flavor_regex = ^m1.nano$ + +# Matching images become parameters for scenario tests (string value) +#image_regex = ^cirros-0.3.1-x86_64-uec$ + +# SSH verification in tests is skippedfor matching images (string +# value) +#non_ssh_image_regex = ^.*[Ww]in.*$ + +# List of user mapped to regex to matching image names. (string value) +#ssh_user_regex = [["^.*[Cc]irros.*$", "root"]] + + +[messaging] + +# +# From tempest.config +# + +# Catalog type of the Messaging service. (string value) +#catalog_type = messaging + +# The maximum grace period for a claim (integer value) +#max_claim_grace = 43200 + +# The maximum ttl for a claim (integer value) +#max_claim_ttl = 43200 + +# The maximum size of a message body (integer value) +#max_message_size = 262144 + +# The maximum ttl for a message (integer value) +#max_message_ttl = 1209600 + +# The maximum number of messages per claim (integer value) +#max_messages_per_claim = 20 + +# The maximum number of queue message per page when listing (or) +# posting messages (integer value) +#max_messages_per_page = 20 + +# The maximum metadata size for a queue (integer value) +#max_queue_metadata = 65536 + +# The maximum number of queue records per page when listing queues +# (integer value) +#max_queues_per_page = 20 + + +[negative] + +# +# From tempest.config +# + +# Test generator class for all negative tests (string value) +#test_generator = tempest.common.generator.negative_generator.NegativeTestGenerator + + +[network] + +# +# From tempest.config +# + +# Time in seconds between network operation status checks. (integer +# value) +#build_interval = 1 + +# Timeout in seconds to wait for network operation to complete. +# (integer value) +#build_timeout = 300 + +# Catalog type of the Neutron service. (string value) +#catalog_type = network + +# List of dns servers whichs hould be used for subnet creation (list +# value) +#dns_servers = 8.8.8.8,8.8.4.4 + +# The endpoint type to use for the network service. (string value) +#endpoint_type = publicURL + +# Id of the public network that provides external connectivity (string +# value) +#public_network_id = + +# Id of the public router that provides external connectivity (string +# value) +#public_router_id = + +# The network region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = + +# The cidr block to allocate tenant ipv4 subnets from (string value) +#tenant_network_cidr = 10.100.0.0/16 + +# The mask bits for tenant ipv4 subnets (integer value) +#tenant_network_mask_bits = 28 + +# The cidr block to allocate tenant ipv6 subnets from (string value) +#tenant_network_v6_cidr = 2003::/48 + +# The mask bits for tenant ipv6 subnets (integer value) +#tenant_network_v6_mask_bits = 64 + +# Whether tenant network connectivity should be evaluated directly +# (boolean value) +#tenant_networks_reachable = false + + +[network-feature-enabled] + +# +# From tempest.config +# + +# A list of enabled network extensions with a special entry all which +# indicates every extension is enabled. Empty list indicates all +# extensions are disabled (list value) +#api_extensions = all + +# Allow the execution of IPv6 tests (boolean value) +#ipv6 = true + +# Allow the execution of IPv6 subnet tests that use the extended IPv6 +# attributes ipv6_ra_mode and ipv6_address_mode (boolean value) +#ipv6_subnet_attributes = false + + +[object-storage] + +# +# From tempest.config +# + +# Catalog type of the Object-Storage service. (string value) +#catalog_type = object-store + +# Number of seconds to wait while looping to check the status of a +# container to container synchronization (integer value) +#container_sync_interval = 5 + +# Number of seconds to time on waiting for a container to container +# synchronization complete. (integer value) +#container_sync_timeout = 120 + +# The endpoint type to use for the object-store service. (string +# value) +#endpoint_type = publicURL + +# Role to add to users created for swift tests to enable creating +# containers (string value) +#operator_role = Member + +# The object-storage region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = + +# User role that has reseller admin (string value) +#reseller_admin_role = ResellerAdmin + + +[object-storage-feature-enabled] + +# +# From tempest.config +# + +# Execute (old style) container-sync tests (boolean value) +#container_sync = true + +# Execute discoverability tests (boolean value) +#discoverability = true + +# A list of the enabled optional discoverable apis. A single entry, +# all, indicates that all of these features are expected to be enabled +# (list value) +#discoverable_apis = all + +# Execute object-versioning tests (boolean value) +#object_versioning = true + + +[orchestration] + +# +# From tempest.config +# + +# Time in seconds between build status checks. (integer value) +#build_interval = 1 + +# Timeout in seconds to wait for a stack to build. (integer value) +#build_timeout = 1200 + +# Catalog type of the Orchestration service. (string value) +#catalog_type = orchestration + +# The endpoint type to use for the orchestration service. (string +# value) +#endpoint_type = publicURL + +# Name of heat-cfntools enabled image to use when launching test +# instances. (string value) +#image_ref = <None> + +# Instance type for tests. Needs to be big enough for a full OS plus +# the test workload (string value) +#instance_type = m1.micro + +# Name of existing keypair to launch servers with. (string value) +#keypair_name = <None> + +# Value must match heat configuration of the same name. (integer +# value) +#max_resources_per_stack = 1000 + +# Value must match heat configuration of the same name. (integer +# value) +#max_template_size = 524288 + +# The orchestration region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = + + +[scenario] + +# +# From tempest.config +# + +# AKI image file name (string value) +#aki_img_file = cirros-0.3.1-x86_64-vmlinuz + +# AMI image file name (string value) +#ami_img_file = cirros-0.3.1-x86_64-blank.img + +# ARI image file name (string value) +#ari_img_file = cirros-0.3.1-x86_64-initrd + +# Image container format (string value) +#img_container_format = bare + +# Directory containing image files (string value) +#img_dir = /opt/stack/new/devstack/files/images/cirros-0.3.1-x86_64-uec + +# Image disk format (string value) +#img_disk_format = qcow2 + +# Image file name (string value) +# Deprecated group/name - [DEFAULT]/qcow2_img_file +#img_file = cirros-0.3.1-x86_64-disk.img + +# specifies how many resources to request at once. Used for large +# operations testing. (integer value) +#large_ops_number = 0 + +# ssh username for the image file (string value) +#ssh_user = cirros + + +[service_available] + +# +# From tempest.config +# + +# Whether or not Ceilometer is expected to be available (boolean +# value) +ceilometer = false + +# Whether or not cinder is expected to be available (boolean value) +cinder = true + +# Whether or not glance is expected to be available (boolean value) +glance = true + +# Whether or not Heat is expected to be available (boolean value) +heat = false + +# Whether or not Horizon is expected to be available (boolean value) +horizon = true + +# Whether or not Ironic is expected to be available (boolean value) +ironic = false + +# Whether or not neutron is expected to be available (boolean value) +neutron = true + +# Whether or not nova is expected to be available (boolean value) +nova = true + +# Whether or not Sahara is expected to be available (boolean value) +sahara = false + +# Whether or not swift is expected to be available (boolean value) +swift = false + +# Whether or not Trove is expected to be available (boolean value) +trove = false + +# Whether or not Zaqar is expected to be available (boolean value) +zaqar = false + + +[stress] + +# +# From tempest.config +# + +# Controller host. (string value) +#controller = <None> + +# The number of threads created while stress test. (integer value) +#default_thread_number_per_action = 4 + +# Allows a full cleaning process after a stress test. Caution : this +# cleanup will remove every objects of every tenant. (boolean value) +#full_clean_stack = false + +# Prevent the cleaning (tearDownClass()) between each stress test run +# if an exception occurs during this run. (boolean value) +#leave_dirty_stack = false + +# time (in seconds) between log file error checks. (integer value) +#log_check_interval = 60 + +# Maximum number of instances to create during test. (integer value) +#max_instances = 16 + +# Directory containing log files on the compute nodes (string value) +#nova_logdir = <None> + +# Controller host. (string value) +#target_controller = <None> + +# regexp for list of log files. (string value) +#target_logfiles = <None> + +# Path to private key. (string value) +#target_private_key_path = <None> + +# ssh user. (string value) +#target_ssh_user = <None> + + +[telemetry] + +# +# From tempest.config +# + +# Catalog type of the Telemetry service. (string value) +#catalog_type = metering + +# The endpoint type to use for the telemetry service. (string value) +#endpoint_type = publicURL + +# This variable is used as flag to enable notification tests (boolean +# value) +#too_slow_to_test = true + + +[volume] + +# +# From tempest.config +# + +# Name of the backend1 (must be declared in cinder.conf) (string +# value) +backend1_name = LVM_iSCSI + +# Name of the backend2 (must be declared in cinder.conf) (string +# value) +#backend2_name = BACKEND_2 + +# Time in seconds between volume availability checks. (integer value) +#build_interval = 1 + +# Timeout in seconds to wait for a volume to become available. +# (integer value) +#build_timeout = 300 + +# Catalog type of the Volume Service (string value) +catalog_type = volume + +# Disk format to use when copying a volume to image (string value) +disk_format = raw + +# The endpoint type to use for the volume service. (string value) +endpoint_type = publicURL + +# The volume region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = + +# Backend protocol to target when creating volume types (string value) +storage_protocol = iSCSI + +# Backend vendor to target when creating volume types (string value) +#vendor_name = Open Source + +# Default size in GB for volumes created by volumes tests (integer +# value) +volume_size = 1 + + +[volume-feature-enabled] + +# +# From tempest.config +# + +# A list of enabled volume extensions with a special entry all which +# indicates every extension is enabled. Empty list indicates all +# extensions are disabled (list value) +#api_extensions = all + +# Is the v1 volume API enabled (boolean value) +api_v1 = true + +# Is the v2 volume API enabled (boolean value) +api_v2 = true + +# Runs Cinder volumes backup test (boolean value) +backup = true + +# Runs Cinder multi-backend test (requires 2 backends) (boolean value) +multi_backend = false + +# Runs Cinder volume snapshot test (boolean value) +snapshot = true |