diff options
author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2015-05-18 14:51:08 +0000 |
---|---|---|
committer | Francisco Redondo Marchena <francisco.marchena@codethink.co.uk> | 2015-06-11 17:04:29 +0000 |
commit | bfe523b5328d9fdccefb29b685d396e3de7427e2 (patch) | |
tree | fec786e8bfe8a8d9fe4660c5a8b7a7482dc53965 /install-files | |
parent | e267a5c31bbc570b15d8efd767a5e3d6379fe803 (diff) | |
download | definitions-bfe523b5328d9fdccefb29b685d396e3de7427e2.tar.gz |
OpenStack: Install default configuration files
Add the default configuration files for Keystone, Nova,
Neutron, Glance, Cinder, Swift, Ceilometer, Ironic and Tempest.
Also install configuration files which will are not going to be modified
in the following commit, in the post-install-commands for the chunk; as
opposite to having them laying around in the repo and installing them
with the install-files configuration extension.
Note:
- Some configuration files have been created using commands given in
their documentations or they .conf.sample files.
- To generate cinder.conf use the following command on the top of the
cinder repository:
./tools/config/generate_sample.sh -b . -p cinder -o etc/cinder
- Nova.conf has been taken from:
http://pkgs.fedoraproject.org/cgit/openstack-nova.git/tree/nova.conf.sample
commit 69755b4a072edff0957ee256290395600edbab9e
- tempest.conf has been taken from the tag version '4'.
Signed-off-by: Francisco Redondo Marchena <francisco.marchena@codethink.co.uk>
Signed-off-by: Patrick Darley <patrick.darley@codethink.co.uk>
Signed-off-by: Tiago Gomes <tiago.gomes@codethink.co.uk>
Change-Id: Id26886aaaa9edd8509412615a65e681d5c8117ed
Diffstat (limited to 'install-files')
69 files changed, 6104 insertions, 8519 deletions
diff --git a/install-files/openstack/etc/horizon/openstack_dashboard/local_settings.py b/install-files/openstack/etc/horizon/openstack_dashboard/local_settings.py deleted file mode 100644 index febc3e70..00000000 --- a/install-files/openstack/etc/horizon/openstack_dashboard/local_settings.py +++ /dev/null @@ -1,551 +0,0 @@ -import os - -from django.utils.translation import ugettext_lazy as _ - -from openstack_dashboard import exceptions - -DEBUG = True -TEMPLATE_DEBUG = DEBUG - -STATIC_ROOT = "/var/lib/horizon/openstack_dashboard/static" - -# Required for Django 1.5. -# If horizon is running in production (DEBUG is False), set this -# with the list of host/domain names that the application can serve. -# For more information see: -# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts -#ALLOWED_HOSTS = ['horizon.example.com', ] -ALLOWED_HOSTS = ['*'] - -# Set SSL proxy settings: -# For Django 1.4+ pass this header from the proxy after terminating the SSL, -# and don't forget to strip it from the client's request. -# For more information see: -# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header -# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') - -# If Horizon is being served through SSL, then uncomment the following two -# settings to better secure the cookies from security exploits -#CSRF_COOKIE_SECURE = True -#SESSION_COOKIE_SECURE = True - -# Overrides for OpenStack API versions. Use this setting to force the -# OpenStack dashboard to use a specific API version for a given service API. -# NOTE: The version should be formatted as it appears in the URL for the -# service API. For example, The identity service APIs have inconsistent -# use of the decimal point, so valid options would be "2.0" or "3". -# OPENSTACK_API_VERSIONS = { -# "data_processing": 1.1, -# "identity": 3, -# "volume": 2 -# } - -# Set this to True if running on multi-domain model. When this is enabled, it -# will require user to enter the Domain name in addition to username for login. -# OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False - -# Overrides the default domain used when running on single-domain model -# with Keystone V3. All entities will be created in the default domain. -# OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default' - -# Set Console type: -# valid options would be "AUTO"(default), "VNC", "SPICE", "RDP" or None -# Set to None explicitly if you want to deactivate the console. -# CONSOLE_TYPE = "AUTO" - -# Default OpenStack Dashboard configuration. -HORIZON_CONFIG = { - 'user_home': 'openstack_dashboard.views.get_user_home', - 'ajax_queue_limit': 10, - 'auto_fade_alerts': { - 'delay': 3000, - 'fade_duration': 1500, - 'types': ['alert-success', 'alert-info'] - }, - 'help_url': "http://docs.openstack.org", - 'exceptions': {'recoverable': exceptions.RECOVERABLE, - 'not_found': exceptions.NOT_FOUND, - 'unauthorized': exceptions.UNAUTHORIZED}, - 'modal_backdrop': 'static', - 'angular_modules': [], - 'js_files': [], -} - -# Specify a regular expression to validate user passwords. -# HORIZON_CONFIG["password_validator"] = { -# "regex": '.*', -# "help_text": _("Your password does not meet the requirements.") -# } - -# Disable simplified floating IP address management for deployments with -# multiple floating IP pools or complex network requirements. -# HORIZON_CONFIG["simple_ip_management"] = False - -# Turn off browser autocompletion for forms including the login form and -# the database creation workflow if so desired. -# HORIZON_CONFIG["password_autocomplete"] = "off" - -# Setting this to True will disable the reveal button for password fields, -# including on the login form. -# HORIZON_CONFIG["disable_password_reveal"] = False - -#LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) - -LOCAL_PATH = "/var/lib/horizon" - -# Set custom secret key: -# You can either set it to a specific value or you can let horizon generate a -# default secret key that is unique on this machine, e.i. regardless of the -# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, there -# may be situations where you would want to set this explicitly, e.g. when -# multiple dashboard instances are distributed on different machines (usually -# behind a load-balancer). Either you have to make sure that a session gets all -# requests routed to the same dashboard instance or you set the same SECRET_KEY -# for all of them. -from horizon.utils import secret_key -SECRET_KEY = secret_key.generate_or_read_from_file( - os.path.join(LOCAL_PATH, '.secret_key_store')) - -# We recommend you use memcached for development; otherwise after every reload -# of the django development server, you will have to login again. To use -# memcached set CACHES to something like -CACHES = { - 'default': { - 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', - 'LOCATION': '127.0.0.1:11211', - } -} - -#CACHES = { -# 'default': { -# 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache' -# } -#} - -# Send email to the console by default -EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' -# Or send them to /dev/null -#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' - -# Configure these for your outgoing email host -# EMAIL_HOST = 'smtp.my-company.com' -# EMAIL_PORT = 25 -# EMAIL_HOST_USER = 'djangomail' -# EMAIL_HOST_PASSWORD = 'top-secret!' - -# For multiple regions uncomment this configuration, and add (endpoint, title). -# AVAILABLE_REGIONS = [ -# ('http://cluster1.example.com:5000/v2.0', 'cluster1'), -# ('http://cluster2.example.com:5000/v2.0', 'cluster2'), -# ] - -OPENSTACK_HOST = "127.0.0.1" -OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST -OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" - -# Disable SSL certificate checks (useful for self-signed certificates): -# OPENSTACK_SSL_NO_VERIFY = True - -# The CA certificate to use to verify SSL connections -# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem' - -# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the -# capabilities of the auth backend for Keystone. -# If Keystone has been configured to use LDAP as the auth backend then set -# can_edit_user to False and name to 'ldap'. -# -# TODO(tres): Remove these once Keystone has an API to identify auth backend. -OPENSTACK_KEYSTONE_BACKEND = { - 'name': 'native', - 'can_edit_user': True, - 'can_edit_group': True, - 'can_edit_project': True, - 'can_edit_domain': True, - 'can_edit_role': True -} - -#Setting this to True, will add a new "Retrieve Password" action on instance, -#allowing Admin session password retrieval/decryption. -#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False - -# The Xen Hypervisor has the ability to set the mount point for volumes -# attached to instances (other Hypervisors currently do not). Setting -# can_set_mount_point to True will add the option to set the mount point -# from the UI. -OPENSTACK_HYPERVISOR_FEATURES = { - 'can_set_mount_point': False, - 'can_set_password': False, -} - -# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional -# services provided by cinder that is not exposed by its extension API. -OPENSTACK_CINDER_FEATURES = { - 'enable_backup': False, -} - -# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional -# services provided by neutron. Options currently available are load -# balancer service, security groups, quotas, VPN service. -OPENSTACK_NEUTRON_NETWORK = { - 'enable_router': True, - 'enable_quotas': True, - 'enable_ipv6': True, - 'enable_distributed_router': False, - 'enable_ha_router': False, - 'enable_lb': True, - 'enable_firewall': True, - 'enable_vpn': True, - # The profile_support option is used to detect if an external router can be - # configured via the dashboard. When using specific plugins the - # profile_support can be turned on if needed. - 'profile_support': None, - #'profile_support': 'cisco', - # Set which provider network types are supported. Only the network types - # in this list will be available to choose from when creating a network. - # Network types include local, flat, vlan, gre, and vxlan. - 'supported_provider_types': ['*'], -} - -# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features -# in the OpenStack Dashboard related to the Image service, such as the list -# of supported image formats. -# OPENSTACK_IMAGE_BACKEND = { -# 'image_formats': [ -# ('', _('Select format')), -# ('aki', _('AKI - Amazon Kernel Image')), -# ('ami', _('AMI - Amazon Machine Image')), -# ('ari', _('ARI - Amazon Ramdisk Image')), -# ('iso', _('ISO - Optical Disk Image')), -# ('qcow2', _('QCOW2 - QEMU Emulator')), -# ('raw', _('Raw')), -# ('vdi', _('VDI')), -# ('vhd', _('VHD')), -# ('vmdk', _('VMDK')) -# ] -# } - -# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for -# image custom property attributes that appear on image detail pages. -IMAGE_CUSTOM_PROPERTY_TITLES = { - "architecture": _("Architecture"), - "kernel_id": _("Kernel ID"), - "ramdisk_id": _("Ramdisk ID"), - "image_state": _("Euca2ools state"), - "project_id": _("Project ID"), - "image_type": _("Image Type") -} - -# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image -# custom properties should not be displayed in the Image Custom Properties -# table. -IMAGE_RESERVED_CUSTOM_PROPERTIES = [] - -# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints -# in the Keystone service catalog. Use this setting when Horizon is running -# external to the OpenStack environment. The default is 'publicURL'. -#OPENSTACK_ENDPOINT_TYPE = "publicURL" - -# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the -# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints -# in the Keystone service catalog. Use this setting when Horizon is running -# external to the OpenStack environment. The default is None. This -# value should differ from OPENSTACK_ENDPOINT_TYPE if used. -#SECONDARY_ENDPOINT_TYPE = "publicURL" - -# The number of objects (Swift containers/objects or images) to display -# on a single page before providing a paging element (a "more" link) -# to paginate results. -API_RESULT_LIMIT = 1000 -API_RESULT_PAGE_SIZE = 20 - -# Specify a maximum number of items to display in a dropdown. -DROPDOWN_MAX_ITEMS = 30 - -# The timezone of the server. This should correspond with the timezone -# of your entire OpenStack installation, and hopefully be in UTC. -TIME_ZONE = "UTC" - -# When launching an instance, the menu of available flavors is -# sorted by RAM usage, ascending. If you would like a different sort order, -# you can provide another flavor attribute as sorting key. Alternatively, you -# can provide a custom callback method to use for sorting. You can also provide -# a flag for reverse sort. For more info, see -# http://docs.python.org/2/library/functions.html#sorted -# CREATE_INSTANCE_FLAVOR_SORT = { -# 'key': 'name', -# # or -# 'key': my_awesome_callback_method, -# 'reverse': False, -# } - -# The Horizon Policy Enforcement engine uses these values to load per service -# policy rule files. The content of these files should match the files the -# OpenStack services are using to determine role based access control in the -# target installation. - -# Path to directory containing policy.json files -#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf") -# Map of local copy of service policy files -#POLICY_FILES = { -# 'identity': 'keystone_policy.json', -# 'compute': 'nova_policy.json', -# 'volume': 'cinder_policy.json', -# 'image': 'glance_policy.json', -# 'orchestration': 'heat_policy.json', -# 'network': 'neutron_policy.json', -#} - -# Trove user and database extension support. By default support for -# creating users and databases on database instances is turned on. -# To disable these extensions set the permission here to something -# unusable such as ["!"]. -# TROVE_ADD_USER_PERMS = [] -# TROVE_ADD_DATABASE_PERMS = [] - -LOGGING = { - 'version': 1, - # When set to True this will disable all logging except - # for loggers specified in this configuration dictionary. Note that - # if nothing is specified here and disable_existing_loggers is True, - # django.db.backends will still log unless it is disabled explicitly. - 'disable_existing_loggers': False, - 'handlers': { - 'null': { - 'level': 'DEBUG', - 'class': 'django.utils.log.NullHandler', - }, - 'console': { - # Set the level to "DEBUG" for verbose output logging. - 'level': 'INFO', - 'class': 'logging.StreamHandler', - }, - }, - 'loggers': { - # Logging from django.db.backends is VERY verbose, send to null - # by default. - 'django.db.backends': { - 'handlers': ['null'], - 'propagate': False, - }, - 'requests': { - 'handlers': ['null'], - 'propagate': False, - }, - 'horizon': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'openstack_dashboard': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'novaclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'cinderclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'keystoneclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'glanceclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'neutronclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'heatclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'ceilometerclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'troveclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'swiftclient': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'openstack_auth': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'nose.plugins.manager': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'django': { - 'handlers': ['console'], - 'level': 'DEBUG', - 'propagate': False, - }, - 'iso8601': { - 'handlers': ['null'], - 'propagate': False, - }, - 'scss': { - 'handlers': ['null'], - 'propagate': False, - }, - } -} - -# 'direction' should not be specified for all_tcp/udp/icmp. -# It is specified in the form. -SECURITY_GROUP_RULES = { - 'all_tcp': { - 'name': _('All TCP'), - 'ip_protocol': 'tcp', - 'from_port': '1', - 'to_port': '65535', - }, - 'all_udp': { - 'name': _('All UDP'), - 'ip_protocol': 'udp', - 'from_port': '1', - 'to_port': '65535', - }, - 'all_icmp': { - 'name': _('All ICMP'), - 'ip_protocol': 'icmp', - 'from_port': '-1', - 'to_port': '-1', - }, - 'ssh': { - 'name': 'SSH', - 'ip_protocol': 'tcp', - 'from_port': '22', - 'to_port': '22', - }, - 'smtp': { - 'name': 'SMTP', - 'ip_protocol': 'tcp', - 'from_port': '25', - 'to_port': '25', - }, - 'dns': { - 'name': 'DNS', - 'ip_protocol': 'tcp', - 'from_port': '53', - 'to_port': '53', - }, - 'http': { - 'name': 'HTTP', - 'ip_protocol': 'tcp', - 'from_port': '80', - 'to_port': '80', - }, - 'pop3': { - 'name': 'POP3', - 'ip_protocol': 'tcp', - 'from_port': '110', - 'to_port': '110', - }, - 'imap': { - 'name': 'IMAP', - 'ip_protocol': 'tcp', - 'from_port': '143', - 'to_port': '143', - }, - 'ldap': { - 'name': 'LDAP', - 'ip_protocol': 'tcp', - 'from_port': '389', - 'to_port': '389', - }, - 'https': { - 'name': 'HTTPS', - 'ip_protocol': 'tcp', - 'from_port': '443', - 'to_port': '443', - }, - 'smtps': { - 'name': 'SMTPS', - 'ip_protocol': 'tcp', - 'from_port': '465', - 'to_port': '465', - }, - 'imaps': { - 'name': 'IMAPS', - 'ip_protocol': 'tcp', - 'from_port': '993', - 'to_port': '993', - }, - 'pop3s': { - 'name': 'POP3S', - 'ip_protocol': 'tcp', - 'from_port': '995', - 'to_port': '995', - }, - 'ms_sql': { - 'name': 'MS SQL', - 'ip_protocol': 'tcp', - 'from_port': '1433', - 'to_port': '1433', - }, - 'mysql': { - 'name': 'MYSQL', - 'ip_protocol': 'tcp', - 'from_port': '3306', - 'to_port': '3306', - }, - 'rdp': { - 'name': 'RDP', - 'ip_protocol': 'tcp', - 'from_port': '3389', - 'to_port': '3389', - }, -} - -# Deprecation Notice: -# -# The setting FLAVOR_EXTRA_KEYS has been deprecated. -# Please load extra spec metadata into the Glance Metadata Definition Catalog. -# -# The sample quota definitions can be found in: -# <glance_source>/etc/metadefs/compute-quota.json -# -# The metadata definition catalog supports CLI and API: -# $glance --os-image-api-version 2 help md-namespace-import -# $glance-manage db_load_metadefs <directory_with_definition_files> -# -# See Metadata Definitions on: http://docs.openstack.org/developer/glance/ - -# Indicate to the Sahara data processing service whether or not -# automatic floating IP allocation is in effect. If it is not -# in effect, the user will be prompted to choose a floating IP -# pool for use in their cluster. False by default. You would want -# to set this to True if you were running Nova Networking with -# auto_assign_floating_ip = True. -# SAHARA_AUTO_IP_ALLOCATION_ENABLED = False - -# The hash algorithm to use for authentication tokens. This must -# match the hash algorithm that the identity server and the -# auth_token middleware are using. Allowed values are the -# algorithms supported by Python's hashlib library. -# OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5' -LOGIN_URL='/horizon/auth/login/' -LOGOUT_URL='/horizon/auth/logout/' -LOGIN_REDIRECT_URL='/horizon/' diff --git a/install-files/openstack/etc/tempest/tempest.conf b/install-files/openstack/etc/tempest/tempest.conf index 05f0eca1..fcc8db9e 100644 --- a/install-files/openstack/etc/tempest/tempest.conf +++ b/install-files/openstack/etc/tempest/tempest.conf @@ -1,17 +1,7 @@ [DEFAULT] # -# From tempest.config -# - -# Whether to disable inter-process locks (boolean value) -#disable_process_locking = false - -# Directory to use for lock files. (string value) -lock_path = /run/lock - -# -# From tempest.config +# From oslo.log # # Print debugging output (set logging level to DEBUG instead of @@ -22,10 +12,6 @@ lock_path = /run/lock # default WARNING level). (boolean value) #verbose = false -# -# From tempest.config -# - # The name of a logging configuration file. This file is appended to # any existing logging configuration files. For details about logging # configuration files, see the Python logging module documentation. @@ -33,32 +19,29 @@ lock_path = /run/lock # Deprecated group/name - [DEFAULT]/log_config #log_config_append = <None> +# DEPRECATED. A logging.Formatter log message format string which may +# use any of the available logging.LogRecord attributes. This option +# is deprecated. Please use logging_context_format_string and +# logging_default_format_string instead. (string value) +#log_format = <None> + # Format string for %%(asctime)s in log records. Default: %(default)s # . (string value) #log_date_format = %Y-%m-%d %H:%M:%S -# (Optional) The base directory used for relative --log-file paths. -# (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = <None> - # (Optional) Name of log file to output to. If no default is set, # logging will go to stdout. (string value) # Deprecated group/name - [DEFAULT]/logfile #log_file = <None> -# DEPRECATED. A logging.Formatter log message format string which may -# use any of the available logging.LogRecord attributes. This option -# is deprecated. Please use logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format = <None> - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility = LOG_USER +# (Optional) The base directory used for relative --log-file paths. +# (string value) +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = <None> # Use syslog for logging. Existing syslog format is DEPRECATED during # I, and will change in J to honor RFC5424. (boolean value) -use_syslog = true +#use_syslog = false # (Optional) Enables or disables syslog rfc5424 format for logging. If # enabled, prefixes the MSG part of the syslog message with APP-NAME @@ -66,48 +49,43 @@ use_syslog = true # will be removed in J. (boolean value) #use_syslog_rfc_format = false -# -# From tempest.config -# +# Syslog facility to receive log lines. (string value) +#syslog_log_facility = LOG_USER # Log output to standard error. (boolean value) #use_stderr = true -# -# From tempest.config -# - -# List of logger=LEVEL pairs. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -# The format for an instance that is passed with the log message. -# (string value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. -# (string value) -#instance_uuid_format = "[instance: %(uuid)s] " - # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s -# Data to append to log format when level is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - # Format string to use for log messages without context. (string # value) #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + # Prefix each line of exception output with this format. (string # value) #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN + # Enables or disables publication of error events. (boolean value) #publish_errors = false +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false + +# The format for an instance that is passed with the log message. +# (string value) +#instance_format = "[instance: %(uuid)s] " + +# The format for an instance UUID that is passed with the log message. +# (string value) +#instance_uuid_format = "[instance: %(uuid)s] " + [auth] @@ -115,25 +93,29 @@ use_syslog = true # From tempest.config # +# Path to the yaml file that contains the list of credentials to use +# for running tests. If used when running in parallel you have to make +# sure sufficient credentials are provided in the accounts file. For +# example if no tests with roles are being run it requires at least `2 +# * CONC` distinct accounts configured in the `test_accounts_file`, +# with CONC == the number of concurrent test processes. (string value) +#test_accounts_file = <None> + # Allows test cases to create/destroy tenants and users. This option # requires that OpenStack Identity API admin credentials are known. If # false, isolated test cases and parallel execution, can still be # achieved configuring a list of test accounts (boolean value) # Deprecated group/name - [compute]/allow_tenant_isolation # Deprecated group/name - [orchestration]/allow_tenant_isolation -allow_tenant_isolation = true +#allow_tenant_isolation = true -# If set to True it enables the Accounts provider, which locks -# credentials to allow for parallel execution with pre-provisioned -# accounts. It can only be used to run tests that ensure credentials -# cleanup happens. It requires at least `2 * CONC` distinct accounts -# configured in `test_accounts_file`, with CONC == the number of -# concurrent test processes. (boolean value) -#locking_credentials_provider = false +# Roles to assign to all users created by tempest (list value) +#tempest_roles = -# Path to the yaml file that contains the list of credentials to use -# for running tests (string value) -#test_accounts_file = etc/accounts.yaml +# Only applicable when identity.auth_version is v3.Domain within which +# isolated credentials are provisioned.The default "None" means that +# the domain from theadmin user is used instead. (string value) +#tenant_isolation_domain_name = <None> [baremetal] @@ -142,26 +124,27 @@ allow_tenant_isolation = true # From tempest.config # -# Timeout for Ironic node to completely provision (integer value) -#active_timeout = 300 - -# Timeout for association of Nova instance and Ironic node (integer -# value) -#association_timeout = 30 - # Catalog type of the baremetal provisioning service (string value) #catalog_type = baremetal -# Driver name which Ironic uses (string value) -#driver = fake - # Whether the Ironic nova-compute driver is enabled (boolean value) #driver_enabled = false +# Driver name which Ironic uses (string value) +#driver = fake + # The endpoint type to use for the baremetal provisioning service # (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL #endpoint_type = publicURL +# Timeout for Ironic node to completely provision (integer value) +#active_timeout = 300 + +# Timeout for association of Nova instance and Ironic node (integer +# value) +#association_timeout = 30 + # Timeout for Ironic power transitions. (integer value) #power_timeout = 60 @@ -175,47 +158,47 @@ allow_tenant_isolation = true # From tempest.config # -# AKI Kernel Image manifest (string value) -#aki_manifest = cirros-0.3.0-x86_64-vmlinuz.manifest.xml +# EC2 URL (string value) +#ec2_url = http://localhost:8773/services/Cloud -# AMI Machine Image manifest (string value) -#ami_manifest = cirros-0.3.0-x86_64-blank.img.manifest.xml +# S3 URL (string value) +#s3_url = http://localhost:8080 -# ARI Ramdisk Image manifest (string value) -#ari_manifest = cirros-0.3.0-x86_64-initrd.manifest.xml +# AWS Secret Key (string value) +#aws_secret = <None> # AWS Access Key (string value) #aws_access = <None> -# AWS Secret Key (string value) -#aws_secret = <None> - # AWS Zone for EC2 tests (string value) #aws_zone = nova -# Status Change Test Interval (integer value) -#build_interval = 1 +# S3 Materials Path (string value) +#s3_materials_path = /opt/stack/devstack/files/images/s3-materials/cirros-0.3.0 -# Status Change Timeout (integer value) -#build_timeout = 60 +# ARI Ramdisk Image manifest (string value) +#ari_manifest = cirros-0.3.0-x86_64-initrd.manifest.xml -# EC2 URL (string value) -#ec2_url = http://localhost:8773/services/Cloud +# AMI Machine Image manifest (string value) +#ami_manifest = cirros-0.3.0-x86_64-blank.img.manifest.xml -# boto Http socket timeout (integer value) -#http_socket_timeout = 3 +# AKI Kernel Image manifest (string value) +#aki_manifest = cirros-0.3.0-x86_64-vmlinuz.manifest.xml # Instance type (string value) #instance_type = m1.tiny +# boto Http socket timeout (integer value) +#http_socket_timeout = 3 + # boto num_retries on error (integer value) #num_retries = 1 -# S3 Materials Path (string value) -#s3_materials_path = /opt/stack/devstack/files/images/s3-materials/cirros-0.3.0 +# Status Change Timeout (integer value) +#build_timeout = 60 -# S3 URL (string value) -#s3_url = http://localhost:8080 +# Status Change Test Interval (integer value) +#build_interval = 1 [cli] @@ -224,12 +207,12 @@ allow_tenant_isolation = true # From tempest.config # -# directory where python client binaries are located (string value) -cli_dir = /usr/bin - # enable cli tests (boolean value) #enabled = true +# directory where python client binaries are located (string value) +#cli_dir = /usr/local/bin + # Whether the tempest run location has access to the *-manage # commands. In a pure blackbox environment it will not. (boolean # value) @@ -245,23 +228,14 @@ cli_dir = /usr/bin # From tempest.config # -# Time in seconds between build status checks. (integer value) -#build_interval = 1 - -# Timeout in seconds to wait for an instance to build. (integer value) -#build_timeout = 300 - -# Catalog type of the Compute service. (string value) -#catalog_type = compute - -# Catalog type of the Compute v3 service. (string value) -#catalog_v3_type = computev3 - -# The endpoint type to use for the compute service. (string value) -#endpoint_type = publicURL +# Valid primary image reference to be used in tests. This is a +# required option (string value) +#image_ref = <None> -# Visible fixed network name (string value) -#fixed_network_name = private +# Valid secondary image reference to be used in tests. This is a +# required option, but if only one image is available duplicate the +# value of image_ref above (string value) +#image_ref_alt = <None> # Valid primary flavor to use in tests. (string value) #flavor_ref = 1 @@ -269,114 +243,108 @@ cli_dir = /usr/bin # Valid secondary flavor to be used in tests. (string value) #flavor_ref_alt = 2 -# Unallocated floating IP range, which will be used to test the -# floating IP bulk feature for CRUD operation. (string value) -#floating_ip_range = 10.0.0.0/29 +# User name used to authenticate to an instance. (string value) +#image_ssh_user = root -# Password used to authenticate to an instance using the alternate -# image. (string value) -#image_alt_ssh_password = password +# Password used to authenticate to an instance. (string value) +#image_ssh_password = password # User name used to authenticate to an instance using the alternate # image. (string value) #image_alt_ssh_user = root -# Valid primary image reference to be used in tests. This is a -# required option (string value) -#image_ref = <None> - -# Valid secondary image reference to be used in tests. This is a -# required option, but if only one image is available duplicate the -# value of image_ref above (string value) -#image_ref_alt = <None> +# Time in seconds between build status checks. (integer value) +#build_interval = 1 -# Password used to authenticate to an instance. (string value) -#image_ssh_password = password +# Timeout in seconds to wait for an instance to build. Other services +# that do not define build_timeout will inherit this value. (integer +# value) +#build_timeout = 300 -# User name used to authenticate to an instance. (string value) -#image_ssh_user = root +# Should the tests ssh to instances? (boolean value) +#run_ssh = false -# IP version used for SSH connections. (integer value) -#ip_version_for_ssh = 4 +# Auth method used for authenticate to the instance. Valid choices +# are: keypair, configured, adminpass and disabled. Keypair: start the +# servers with a ssh keypair. Configured: use the configured user and +# password. Adminpass: use the injected adminPass. Disabled: avoid +# using ssh when it is an option. (string value) +#ssh_auth_method = keypair -# Network used for SSH connections. (string value) -#network_for_ssh = public +# How to connect to the instance? fixed: using the first ip belongs +# the fixed network floating: creating and using a floating ip. +# (string value) +#ssh_connect_method = floating -# Path to a private key file for SSH access to remote hosts (string -# value) -#path_to_private_key = <None> +# User name used to authenticate to an instance. (string value) +#ssh_user = root # Timeout in seconds to wait for ping to succeed. (integer value) #ping_timeout = 120 -# Additional wait time for clean state, when there is no OS-EXT-STS -# extension available (integer value) -#ready_wait = 0 - -# The compute region name to use. If empty, the value of -# identity.region is used instead. If no such region is found in the -# service catalog, the first found one is used. (string value) -#region = +# The packet size for ping packets originating from remote linux hosts +# (integer value) +#ping_size = 56 -# Should the tests ssh to instances? (boolean value) -#run_ssh = false +# The number of ping packets originating from remote linux hosts +# (integer value) +#ping_count = 1 -# Time in seconds before a shelved instance is eligible for removing -# from a host. -1 never offload, 0 offload when shelved. This time -# should be the same as the time of nova.conf, and some tests will run -# for as long as the time. (integer value) -#shelved_offload_time = 0 +# Timeout in seconds to wait for authentication to succeed. (integer +# value) +#ssh_timeout = 300 -# Auth method used for authenticate to the instance. Valid choices -# are: keypair, configured, adminpass. keypair: start the servers with -# an ssh keypair. configured: use the configured user and password. -# adminpass: use the injected adminPass. disabled: avoid using ssh -# when it is an option. (string value) -#ssh_auth_method = keypair +# Additional wait time for clean state, when there is no OS-EXT-STS +# extension available (integer value) +#ready_wait = 0 # Timeout in seconds to wait for output from ssh channel. (integer # value) #ssh_channel_timeout = 60 -# How to connect to the instance? fixed: using the first ip belongs -# the fixed network floating: creating and using a floating ip (string -# value) -#ssh_connect_method = fixed +# Name of the fixed network that is visible to all test tenants. If +# multiple networks are available for a tenant this is the network +# which will be used for creating servers if tempest does not create a +# network or a network is not specified elsewhere. It may be used for +# ssh validation only if floating IPs are disabled. (string value) +#fixed_network_name = <None> -# Timeout in seconds to wait for authentication to succeed. (integer -# value) -#ssh_timeout = 300 +# Network used for SSH connections. Ignored if +# use_floatingip_for_ssh=true or run_ssh=false. (string value) +#network_for_ssh = public -# User name used to authenticate to an instance. (string value) -#ssh_user = root +# IP version used for SSH connections. (integer value) +#ip_version_for_ssh = 4 # Does SSH use Floating IPs? (boolean value) #use_floatingip_for_ssh = true -# Expected device name when a volume is attached to an instance -# (string value) -#volume_device_name = vdb - - -[compute-admin] +# Catalog type of the Compute service. (string value) +#catalog_type = compute -# -# From tempest.config -# +# The compute region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = -# Domain name for authentication as admin (Keystone V3).The same -# domain applies to user and project (string value) -#domain_name = <None> +# The endpoint type to use for the compute service. (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL +#endpoint_type = publicURL -# API key to use when authenticating as admin. (string value) -password = {{ NOVA_SERVICE_PASSWORD }} +# Expected device name when a volume is attached to an instance +# (string value) +#volume_device_name = vdb -# Administrative Tenant name to use for Nova API requests. (string -# value) -tenant_name = service +# Time in seconds before a shelved instance is eligible for removing +# from a host. -1 never offload, 0 offload when shelved. This time +# should be the same as the time of nova.conf, and some tests will run +# for as long as the time. (integer value) +#shelved_offload_time = 0 -# Administrative Username to use for Nova API requests. (string value) -username = {{ NOVA_SERVICE_USER }} +# Unallocated floating IP range, which will be used to test the +# floating IP bulk feature for CRUD operation. This block must not +# overlap an existing floating IP pool. (string value) +#floating_ip_range = 10.0.0.0/29 [compute-feature-enabled] @@ -385,29 +353,15 @@ username = {{ NOVA_SERVICE_USER }} # From tempest.config # +# If false, skip disk config tests (boolean value) +#disk_config = true + # A list of enabled compute extensions with a special entry all which # indicates every extension is enabled. Each extension should be # specified with alias name. Empty list indicates all extensions are # disabled (list value) #api_extensions = all -# If false, skip all nova v3 tests. (boolean value) -api_v3 = false - -# A list of enabled v3 extensions with a special entry all which -# indicates every extension is enabled. Each extension should be -# specified with alias name. Empty list indicates all extensions are -# disabled (list value) -#api_v3_extensions = all - -# Does the test environment block migration support cinder iSCSI -# volumes (boolean value) -#block_migrate_cinder_iscsi = false - -# Does the test environment use block devices for live migration -# (boolean value) -#block_migration_for_live_migration = false - # Does the test environment support changing the admin password? # (boolean value) #change_password = false @@ -416,23 +370,39 @@ api_v3 = false # output? (boolean value) #console_output = true -# If false, skip disk config tests (boolean value) -#disk_config = true +# Does the test environment support resizing? (boolean value) +#resize = false -# Enables returning of the instance password by the relevant server -# API calls such as create, rebuild or rescue. (boolean value) -#enable_instance_password = true +# Does the test environment support pausing? (boolean value) +#pause = true -# Does the test environment support dynamic network interface -# attachment? (boolean value) -#interface_attach = true +# Does the test environment support shelving/unshelving? (boolean +# value) +#shelve = true + +# Does the test environment support suspend/resume? (boolean value) +#suspend = true # Does the test environment support live migration available? (boolean # value) -#live_migration = false +#live_migration = true -# Does the test environment support pausing? (boolean value) -#pause = true +# Does the test environment use block devices for live migration +# (boolean value) +#block_migration_for_live_migration = false + +# Does the test environment block migration support cinder iSCSI +# volumes. Note, libvirt doesn't support this, see +# https://bugs.launchpad.net/nova/+bug/1398999 (boolean value) +#block_migrate_cinder_iscsi = false + +# Enable VNC console. This configuration value should be same as +# [nova.vnc]->vnc_enabled in nova.conf (boolean value) +#vnc_console = false + +# Enable Spice console. This configuration value should be same as +# [nova.spice]->enabled in nova.conf (boolean value) +#spice_console = false # Enable RDP console. This configuration value should be same as # [nova.rdp]->enabled in nova.conf (boolean value) @@ -442,30 +412,25 @@ api_v3 = false # value) #rescue = true -# Does the test environment support resizing? (boolean value) -#resize = false +# Enables returning of the instance password by the relevant server +# API calls such as create, rebuild or rescue. (boolean value) +#enable_instance_password = true -# Does the test environment support shelving/unshelving? (boolean -# value) -#shelve = true +# Does the test environment support dynamic network interface +# attachment? (boolean value) +#interface_attach = true # Does the test environment support creating snapshot images of # running instances? (boolean value) -snapshot = true +#snapshot = true -# Enable Spice console. This configuration value should be same as -# [nova.spice]->enabled in nova.conf (boolean value) -spice_console = false +# Does the test environment have the ec2 api running? (boolean value) +#ec2_api = true -# Does the test environment support suspend/resume? (boolean value) -#suspend = true - -# Enable VNC console. This configuration value should be same as -# [nova.vnc]->vnc_enabled in nova.conf (boolean value) -vnc_console = true - -# If false skip all v2 api tests with xml (boolean value) -#xml_api_v2 = true +# Does Nova preserve preexisting ports from Neutron when deleting an +# instance? This should be set to True if testing Kilo+ Nova. (boolean +# value) +#preserve_ports = false [dashboard] @@ -475,10 +440,10 @@ vnc_console = true # # Where the dashboard can be found (string value) -dashboard_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon +#dashboard_url = http://localhost/ # Login page for the dashboard (string value) -login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon/auth/login/ +#login_url = http://localhost/auth/login/ [data_processing] @@ -492,9 +457,20 @@ login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon/auth/login/ # The endpoint type to use for the data processing service. (string # value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL #endpoint_type = publicURL +[data_processing-feature-enabled] + +# +# From tempest.config +# + +# List of enabled data processing plugins (list value) +#plugins = vanilla,hdp + + [database] # @@ -504,12 +480,12 @@ login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon/auth/login/ # Catalog type of the Database service. (string value) #catalog_type = database -# Current database version to use in database tests. (string value) -#db_current_version = v1.0 - # Valid primary flavor to use in database tests. (string value) #db_flavor_ref = 1 +# Current database version to use in database tests. (string value) +#db_current_version = v1.0 + [debug] @@ -517,9 +493,6 @@ login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon/auth/login/ # From tempest.config # -# Enable diagnostic commands (boolean value) -#enable = true - # A regex to determine which requests should be traced. This is a # regex to match the caller for rest client requests to be able to # selectively trace calls out of specific classes and methods. It @@ -541,78 +514,81 @@ login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon/auth/login/ # From tempest.config # -# Admin domain name for authentication (Keystone V3).The same domain -# applies to user and project (string value) -#admin_domain_name = <None> - -# API key to use when authenticating as admin. (string value) -admin_password = {{ KEYSTONE_ADMIN_PASSWORD }} +# Catalog type of the Identity service. (string value) +#catalog_type = identity -# Role required to administrate keystone. (string value) -admin_role = admin +# Set to True if using self-signed SSL certificates. (boolean value) +#disable_ssl_certificate_validation = false -# Administrative Tenant name to use for Keystone API requests. (string -# value) -admin_tenant_name = admin +# Specify a CA bundle file to use in verifying a TLS (https) server +# certificate. (string value) +#ca_certificates_file = <None> -# Administrative Username to use for Keystone API requests. (string -# value) -admin_username = admin +# Full URI of the OpenStack Identity API (Keystone), v2 (string value) +#uri = <None> -# Alternate domain name for authentication (Keystone V3).The same -# domain applies to user and project (string value) -#alt_domain_name = <None> +# Full URI of the OpenStack Identity API (Keystone), v3 (string value) +#uri_v3 = <None> -# API key to use when authenticating as alternate user. (string value) -#alt_password = <None> +# Identity API version to be used for authentication for API tests. +# (string value) +#auth_version = v2 -# Alternate user's Tenant name to use for Nova API requests. (string +# The identity region name to use. Also used as the other services' +# region name unless they are set explicitly. If no such region is +# found in the service catalog, the first found one is used. (string # value) -#alt_tenant_name = <None> +#region = RegionOne -# Username of alternate user to use for Nova API requests. (string -# value) -#alt_username = <None> +# The endpoint type to use for the identity service. (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL +#endpoint_type = publicURL -# Identity API version to be used for authentication for API tests. -# (string value) -auth_version = v2 +# Username to use for Nova API requests. (string value) +#username = <None> -# Catalog type of the Identity service. (string value) -catalog_type = identity +# Tenant name to use for Nova API requests. (string value) +#tenant_name = <None> -# Set to True if using self-signed SSL certificates. (boolean value) -#disable_ssl_certificate_validation = false +# Role required to administrate keystone. (string value) +#admin_role = admin + +# API key to use when authenticating. (string value) +#password = <None> # Domain name for authentication (Keystone V3).The same domain applies # to user and project (string value) #domain_name = <None> -# The endpoint type to use for the identity service. (string value) -#endpoint_type = publicURL - -# API key to use when authenticating. (string value) -password = {{ NOVA_SERVICE_PASSWORD }} +# Username of alternate user to use for Nova API requests. (string +# value) +#alt_username = <None> -# The identity region name to use. Also used as the other services' -# region name unless they are set explicitly. If no such region is -# found in the service catalog, the first found one is used. (string +# Alternate user's Tenant name to use for Nova API requests. (string # value) -#region = RegionOne +#alt_tenant_name = <None> -# Tenant name to use for Nova API requests. (string value) -tenant_name = service +# API key to use when authenticating as alternate user. (string value) +#alt_password = <None> -# Full URI of the OpenStack Identity API (Keystone), v2 (string value) -uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0/ +# Alternate domain name for authentication (Keystone V3).The same +# domain applies to user and project (string value) +#alt_domain_name = <None> -# Full URI of the OpenStack Identity API (Keystone), v3 (string value) -# -# Tempest complains if we don't set any uri_v3, even if it's disabled. -uri_v3 = <None> +# Administrative Username to use for Keystone API requests. (string +# value) +#admin_username = <None> -# Username to use for Nova API requests. (string value) -username = {{ NOVA_SERVICE_USER }} +# Administrative Tenant name to use for Keystone API requests. (string +# value) +#admin_tenant_name = <None> + +# API key to use when authenticating as admin. (string value) +#admin_password = <None> + +# Admin domain name for authentication (Keystone V3).The same domain +# applies to user and project (string value) +#admin_domain_name = <None> [identity-feature-enabled] @@ -621,16 +597,16 @@ username = {{ NOVA_SERVICE_USER }} # From tempest.config # -# Is the v2 identity API enabled (boolean value) -api_v2 = true - -# Is the v3 identity API enabled (boolean value) -api_v3 = false - # Does the identity service have delegation and impersonation enabled # (boolean value) #trust = true +# Is the v2 identity API enabled (boolean value) +#api_v2 = true + +# Is the v3 identity API enabled (boolean value) +#api_v3 = true + [image] @@ -639,19 +615,28 @@ api_v3 = false # # Catalog type of the Image service. (string value) -catalog_type = image - -# The endpoint type to use for the image service. (string value) -endpoint_type = publicURL - -# http accessible image (string value) -http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.gz +#catalog_type = image # The image region name to use. If empty, the value of identity.region # is used instead. If no such region is found in the service catalog, # the first found one is used. (string value) #region = +# The endpoint type to use for the image service. (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL +#endpoint_type = publicURL + +# http accessible image (string value) +#http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.gz + +# Timeout in seconds to wait for an image to become available. +# (integer value) +#build_timeout = 300 + +# Time in seconds between image operation status checks. (integer +# value) +#build_interval = 1 + [image-feature-enabled] @@ -659,12 +644,12 @@ http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar. # From tempest.config # +# Is the v2 image API enabled (boolean value) +#api_v2 = true + # Is the v1 image API enabled (boolean value) #api_v1 = true -# Is the v2 image API enabled (boolean value) -api_v2 = true - [input-scenario] @@ -672,18 +657,18 @@ api_v2 = true # From tempest.config # -# Matching flavors become parameters for scenario tests (string value) -#flavor_regex = ^m1.nano$ - # Matching images become parameters for scenario tests (string value) #image_regex = ^cirros-0.3.1-x86_64-uec$ +# Matching flavors become parameters for scenario tests (string value) +#flavor_regex = ^m1.nano$ + # SSH verification in tests is skippedfor matching images (string # value) #non_ssh_image_regex = ^.*[Ww]in.*$ # List of user mapped to regex to matching image names. (string value) -#ssh_user_regex = [["^.*[Cc]irros.*$", "root"]] +#ssh_user_regex = [["^.*[Cc]irros.*$", "cirros"]] [messaging] @@ -695,31 +680,31 @@ api_v2 = true # Catalog type of the Messaging service. (string value) #catalog_type = messaging -# The maximum grace period for a claim (integer value) -#max_claim_grace = 43200 +# The maximum number of queue records per page when listing queues +# (integer value) +#max_queues_per_page = 20 -# The maximum ttl for a claim (integer value) -#max_claim_ttl = 43200 +# The maximum metadata size for a queue (integer value) +#max_queue_metadata = 65536 + +# The maximum number of queue message per page when listing (or) +# posting messages (integer value) +#max_messages_per_page = 20 # The maximum size of a message body (integer value) #max_message_size = 262144 -# The maximum ttl for a message (integer value) -#max_message_ttl = 1209600 - # The maximum number of messages per claim (integer value) #max_messages_per_claim = 20 -# The maximum number of queue message per page when listing (or) -# posting messages (integer value) -#max_messages_per_page = 20 +# The maximum ttl for a message (integer value) +#max_message_ttl = 1209600 -# The maximum metadata size for a queue (integer value) -#max_queue_metadata = 65536 +# The maximum ttl for a claim (integer value) +#max_claim_ttl = 43200 -# The maximum number of queue records per page when listing queues -# (integer value) -#max_queues_per_page = 20 +# The maximum grace period for a claim (integer value) +#max_claim_grace = 43200 [negative] @@ -738,37 +723,18 @@ api_v2 = true # From tempest.config # -# Time in seconds between network operation status checks. (integer -# value) -#build_interval = 1 - -# Timeout in seconds to wait for network operation to complete. -# (integer value) -#build_timeout = 300 - # Catalog type of the Neutron service. (string value) #catalog_type = network -# List of dns servers whichs hould be used for subnet creation (list -# value) -#dns_servers = 8.8.8.8,8.8.4.4 - -# The endpoint type to use for the network service. (string value) -#endpoint_type = publicURL - -# Id of the public network that provides external connectivity (string -# value) -#public_network_id = - -# Id of the public router that provides external connectivity (string -# value) -#public_router_id = - # The network region name to use. If empty, the value of # identity.region is used instead. If no such region is found in the # service catalog, the first found one is used. (string value) #region = +# The endpoint type to use for the network service. (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL +#endpoint_type = publicURL + # The cidr block to allocate tenant ipv4 subnets from (string value) #tenant_network_cidr = 10.100.0.0/16 @@ -781,10 +747,42 @@ api_v2 = true # The mask bits for tenant ipv6 subnets (integer value) #tenant_network_v6_mask_bits = 64 -# Whether tenant network connectivity should be evaluated directly -# (boolean value) +# Whether tenant networks can be reached directly from the test +# client. This must be set to True when the 'fixed' ssh_connect_method +# is selected. (boolean value) #tenant_networks_reachable = false +# Id of the public network that provides external connectivity (string +# value) +#public_network_id = + +# Default floating network name. Used to allocate floating IPs when +# neutron is enabled. (string value) +#floating_network_name = <None> + +# Id of the public router that provides external connectivity. This +# should only be used when Neutron's 'allow_overlapping_ips' is set to +# 'False' in neutron.conf. usually not needed past 'Grizzly' release +# (string value) +#public_router_id = + +# Timeout in seconds to wait for network operation to complete. +# (integer value) +#build_timeout = 300 + +# Time in seconds between network operation status checks. (integer +# value) +#build_interval = 1 + +# List of dns servers which should be used for subnet creation (list +# value) +#dns_servers = 8.8.8.8,8.8.4.4 + +# vnic_type to use when Launching instances with pre-configured ports. +# Supported ports are: ['normal','direct','macvtap'] (string value) +# Allowed values: <None>, normal, direct, macvtap +#port_vnic_type = <None> + [network-feature-enabled] @@ -792,18 +790,22 @@ api_v2 = true # From tempest.config # +# Allow the execution of IPv6 tests (boolean value) +#ipv6 = true + # A list of enabled network extensions with a special entry all which # indicates every extension is enabled. Empty list indicates all # extensions are disabled (list value) #api_extensions = all -# Allow the execution of IPv6 tests (boolean value) -#ipv6 = true - # Allow the execution of IPv6 subnet tests that use the extended IPv6 # attributes ipv6_ra_mode and ipv6_address_mode (boolean value) #ipv6_subnet_attributes = false +# Does the test environment support changing port admin state (boolean +# value) +#port_admin_state_change = true + [object-storage] @@ -814,30 +816,41 @@ api_v2 = true # Catalog type of the Object-Storage service. (string value) #catalog_type = object-store -# Number of seconds to wait while looping to check the status of a -# container to container synchronization (integer value) -#container_sync_interval = 5 - -# Number of seconds to time on waiting for a container to container -# synchronization complete. (integer value) -#container_sync_timeout = 120 +# The object-storage region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = # The endpoint type to use for the object-store service. (string # value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL #endpoint_type = publicURL +# Number of seconds to time on waiting for a container to container +# synchronization complete. (integer value) +#container_sync_timeout = 600 + +# Number of seconds to wait while looping to check the status of a +# container to container synchronization (integer value) +#container_sync_interval = 5 + # Role to add to users created for swift tests to enable creating # containers (string value) #operator_role = Member -# The object-storage region name to use. If empty, the value of -# identity.region is used instead. If no such region is found in the -# service catalog, the first found one is used. (string value) -#region = - # User role that has reseller admin (string value) #reseller_admin_role = ResellerAdmin +# Name of sync realm. A sync realm is a set of clusters that have +# agreed to allow container syncing with each other. Set the same +# realm name as Swift's container-sync-realms.conf (string value) +#realm_name = realm1 + +# One name of cluster which is set in the realm whose name is set in +# 'realm_name' item in this file. Set the same cluster name as Swift's +# container-sync-realms.conf (string value) +#cluster_name = name1 + [object-storage-feature-enabled] @@ -845,20 +858,20 @@ api_v2 = true # From tempest.config # -# Execute (old style) container-sync tests (boolean value) -#container_sync = true - -# Execute discoverability tests (boolean value) -#discoverability = true - # A list of the enabled optional discoverable apis. A single entry, # all, indicates that all of these features are expected to be enabled # (list value) #discoverable_apis = all +# Execute (old style) container-sync tests (boolean value) +#container_sync = true + # Execute object-versioning tests (boolean value) #object_versioning = true +# Execute discoverability tests (boolean value) +#discoverability = true + [orchestration] @@ -866,22 +879,27 @@ api_v2 = true # From tempest.config # -# Time in seconds between build status checks. (integer value) -#build_interval = 1 - -# Timeout in seconds to wait for a stack to build. (integer value) -#build_timeout = 1200 - # Catalog type of the Orchestration service. (string value) #catalog_type = orchestration +# The orchestration region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = + # The endpoint type to use for the orchestration service. (string # value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL #endpoint_type = publicURL -# Name of heat-cfntools enabled image to use when launching test -# instances. (string value) -#image_ref = <None> +# Role required for users to be able to manage stacks (string value) +#stack_owner_role = heat_stack_owner + +# Time in seconds between build status checks. (integer value) +#build_interval = 1 + +# Timeout in seconds to wait for a stack to build. (integer value) +#build_timeout = 1200 # Instance type for tests. Needs to be big enough for a full OS plus # the test workload (string value) @@ -892,16 +910,29 @@ api_v2 = true # Value must match heat configuration of the same name. (integer # value) -#max_resources_per_stack = 1000 +#max_template_size = 524288 # Value must match heat configuration of the same name. (integer # value) -#max_template_size = 524288 +#max_resources_per_stack = 1000 -# The orchestration region name to use. If empty, the value of -# identity.region is used instead. If no such region is found in the -# service catalog, the first found one is used. (string value) -#region = + +[oslo_concurrency] + +# +# From oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +# Deprecated group/name - [DEFAULT]/disable_process_locking +#disable_process_locking = false + +# Directory to use for lock files. For security, the specified +# directory should only be writable by the user running the processes +# that need locking. Defaults to environment variable OSLO_LOCK_PATH. +# If external locks are used, a lock path must be set. (string value) +# Deprecated group/name - [DEFAULT]/lock_path +#lock_path = <None> [scenario] @@ -910,34 +941,40 @@ api_v2 = true # From tempest.config # -# AKI image file name (string value) -#aki_img_file = cirros-0.3.1-x86_64-vmlinuz +# Directory containing image files (string value) +#img_dir = /opt/stack/new/devstack/files/images/cirros-0.3.1-x86_64-uec -# AMI image file name (string value) -#ami_img_file = cirros-0.3.1-x86_64-blank.img +# Image file name (string value) +# Deprecated group/name - [DEFAULT]/qcow2_img_file +#img_file = cirros-0.3.1-x86_64-disk.img -# ARI image file name (string value) -#ari_img_file = cirros-0.3.1-x86_64-initrd +# Image disk format (string value) +#img_disk_format = qcow2 # Image container format (string value) #img_container_format = bare -# Directory containing image files (string value) -#img_dir = /opt/stack/new/devstack/files/images/cirros-0.3.1-x86_64-uec +# AMI image file name (string value) +#ami_img_file = cirros-0.3.1-x86_64-blank.img -# Image disk format (string value) -#img_disk_format = qcow2 +# ARI image file name (string value) +#ari_img_file = cirros-0.3.1-x86_64-initrd -# Image file name (string value) -# Deprecated group/name - [DEFAULT]/qcow2_img_file -#img_file = cirros-0.3.1-x86_64-disk.img +# AKI image file name (string value) +#aki_img_file = cirros-0.3.1-x86_64-vmlinuz + +# ssh username for the image file (string value) +#ssh_user = cirros # specifies how many resources to request at once. Used for large # operations testing. (integer value) #large_ops_number = 0 -# ssh username for the image file (string value) -#ssh_user = cirros +# DHCP client used by images to renew DCHP lease. If left empty, +# update operation will be skipped. Supported clients: "udhcpc", +# "dhclient" (string value) +# Allowed values: udhcpc, dhclient +#dhcp_client = udhcpc [service_available] @@ -946,42 +983,42 @@ api_v2 = true # From tempest.config # -# Whether or not Ceilometer is expected to be available (boolean -# value) -ceilometer = false - # Whether or not cinder is expected to be available (boolean value) -cinder = true +#cinder = true + +# Whether or not neutron is expected to be available (boolean value) +#neutron = false # Whether or not glance is expected to be available (boolean value) -glance = true +#glance = true -# Whether or not Heat is expected to be available (boolean value) -heat = false +# Whether or not swift is expected to be available (boolean value) +#swift = true -# Whether or not Horizon is expected to be available (boolean value) -horizon = true +# Whether or not nova is expected to be available (boolean value) +#nova = true -# Whether or not Ironic is expected to be available (boolean value) -ironic = false +# Whether or not Heat is expected to be available (boolean value) +#heat = false -# Whether or not neutron is expected to be available (boolean value) -neutron = true +# Whether or not Ceilometer is expected to be available (boolean +# value) +#ceilometer = true -# Whether or not nova is expected to be available (boolean value) -nova = true +# Whether or not Horizon is expected to be available (boolean value) +#horizon = true # Whether or not Sahara is expected to be available (boolean value) -sahara = false +#sahara = false -# Whether or not swift is expected to be available (boolean value) -swift = false +# Whether or not Ironic is expected to be available (boolean value) +#ironic = false # Whether or not Trove is expected to be available (boolean value) -trove = false +#trove = false # Whether or not Zaqar is expected to be available (boolean value) -zaqar = false +#zaqar = false [stress] @@ -990,40 +1027,40 @@ zaqar = false # From tempest.config # -# Controller host. (string value) -#controller = <None> - -# The number of threads created while stress test. (integer value) -#default_thread_number_per_action = 4 - -# Allows a full cleaning process after a stress test. Caution : this -# cleanup will remove every objects of every tenant. (boolean value) -#full_clean_stack = false - -# Prevent the cleaning (tearDownClass()) between each stress test run -# if an exception occurs during this run. (boolean value) -#leave_dirty_stack = false - -# time (in seconds) between log file error checks. (integer value) -#log_check_interval = 60 +# Directory containing log files on the compute nodes (string value) +#nova_logdir = <None> # Maximum number of instances to create during test. (integer value) #max_instances = 16 -# Directory containing log files on the compute nodes (string value) -#nova_logdir = <None> +# Controller host. (string value) +#controller = <None> # Controller host. (string value) #target_controller = <None> -# regexp for list of log files. (string value) -#target_logfiles = <None> +# ssh user. (string value) +#target_ssh_user = <None> # Path to private key. (string value) #target_private_key_path = <None> -# ssh user. (string value) -#target_ssh_user = <None> +# regexp for list of log files. (string value) +#target_logfiles = <None> + +# time (in seconds) between log file error checks. (integer value) +#log_check_interval = 60 + +# The number of threads created while stress test. (integer value) +#default_thread_number_per_action = 4 + +# Prevent the cleaning (tearDownClass()) between each stress test run +# if an exception occurs during this run. (boolean value) +#leave_dirty_stack = false + +# Allows a full cleaning process after a stress test. Caution : this +# cleanup will remove every objects of every tenant. (boolean value) +#full_clean_stack = false [telemetry] @@ -1036,6 +1073,7 @@ zaqar = false #catalog_type = metering # The endpoint type to use for the telemetry service. (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL #endpoint_type = publicURL # This variable is used as flag to enable notification tests (boolean @@ -1043,19 +1081,43 @@ zaqar = false #too_slow_to_test = true -[volume] +[validation] # # From tempest.config # -# Name of the backend1 (must be declared in cinder.conf) (string -# value) -backend1_name = LVM_iSCSI +# Default IP type used for validation: -fixed: uses the first IP +# belonging to the fixed network -floating: creates and uses a +# floating IP (string value) +# Allowed values: fixed, floating +#connect_method = floating + +# Default authentication method to the instance. Only ssh via keypair +# is supported for now. Additional methods will be handled in a +# separate spec. (string value) +# Allowed values: keypair +#auth_method = keypair + +# Default IP version for ssh connections. (integer value) +#ip_version_for_ssh = 4 + +# Timeout in seconds to wait for ping to succeed. (integer value) +#ping_timeout = 120 + +# Timeout in seconds to wait for the TCP connection to be successful. +# (integer value) +#connect_timeout = 60 + +# Timeout in seconds to wait for the ssh banner. (integer value) +#ssh_timeout = 300 -# Name of the backend2 (must be declared in cinder.conf) (string -# value) -#backend2_name = BACKEND_2 + +[volume] + +# +# From tempest.config +# # Time in seconds between volume availability checks. (integer value) #build_interval = 1 @@ -1065,28 +1127,37 @@ backend1_name = LVM_iSCSI #build_timeout = 300 # Catalog type of the Volume Service (string value) -catalog_type = volume - -# Disk format to use when copying a volume to image (string value) -disk_format = raw - -# The endpoint type to use for the volume service. (string value) -endpoint_type = publicURL +#catalog_type = volume # The volume region name to use. If empty, the value of # identity.region is used instead. If no such region is found in the # service catalog, the first found one is used. (string value) #region = +# The endpoint type to use for the volume service. (string value) +# Allowed values: public, admin, internal, publicURL, adminURL, internalURL +#endpoint_type = publicURL + +# Name of the backend1 (must be declared in cinder.conf) (string +# value) +#backend1_name = BACKEND_1 + +# Name of the backend2 (must be declared in cinder.conf) (string +# value) +#backend2_name = BACKEND_2 + # Backend protocol to target when creating volume types (string value) -storage_protocol = iSCSI +#storage_protocol = iSCSI # Backend vendor to target when creating volume types (string value) #vendor_name = Open Source +# Disk format to use when copying a volume to image (string value) +#disk_format = raw + # Default size in GB for volumes created by volumes tests (integer # value) -volume_size = 1 +#volume_size = 1 [volume-feature-enabled] @@ -1095,22 +1166,23 @@ volume_size = 1 # From tempest.config # +# Runs Cinder multi-backend test (requires 2 backends) (boolean value) +#multi_backend = false + +# Runs Cinder volumes backup test (boolean value) +#backup = true + +# Runs Cinder volume snapshot test (boolean value) +#snapshot = true + # A list of enabled volume extensions with a special entry all which # indicates every extension is enabled. Empty list indicates all # extensions are disabled (list value) #api_extensions = all # Is the v1 volume API enabled (boolean value) -api_v1 = true +#api_v1 = true # Is the v2 volume API enabled (boolean value) -api_v2 = true +#api_v2 = true -# Runs Cinder volumes backup test (boolean value) -backup = true - -# Runs Cinder multi-backend test (requires 2 backends) (boolean value) -multi_backend = false - -# Runs Cinder volume snapshot test (boolean value) -snapshot = true diff --git a/install-files/openstack/manifest b/install-files/openstack/manifest index aa4d5430..0b17aa08 100644 --- a/install-files/openstack/manifest +++ b/install-files/openstack/manifest @@ -14,111 +14,37 @@ template 0100644 0 0 /etc/tempest/tempest.conf 0100644 0 0 /usr/share/openstack/cinder-db.yml 0100644 0 0 /usr/share/openstack/cinder-lvs.yml 0100644 0 0 /usr/share/openstack/cinder/cinder.conf -0100644 0 0 /usr/share/openstack/cinder/api-paste.ini -0100644 0 0 /usr/share/openstack/cinder/policy.json 0040755 0 0 /usr/share/openstack/extras 0100644 0 0 /usr/share/openstack/extras/00-disable-device.network 0100644 0 0 /usr/share/openstack/extras/60-device-dhcp.network 0100644 0 0 /usr/share/openstack/glance.yml 0040755 0 0 /usr/share/openstack/glance -0100644 0 0 /usr/share/openstack/glance/logging.conf 0100644 0 0 /usr/share/openstack/glance/glance-api.conf 0100644 0 0 /usr/share/openstack/glance/glance-registry.conf -0100644 0 0 /usr/share/openstack/glance/glance-scrubber.conf -0100644 0 0 /usr/share/openstack/glance/glance-cache.conf -0100644 0 0 /usr/share/openstack/glance/schema-image.json -0100644 0 0 /usr/share/openstack/glance/policy.json -0100644 0 0 /usr/share/openstack/glance/glance-api-paste.ini -0100644 0 0 /usr/share/openstack/glance/glance-registry-paste.ini 0100644 0 0 /usr/share/openstack/horizon.yml 0040755 0 0 /usr/share/openstack/ironic 0100644 0 0 /usr/share/openstack/ironic.yml 0100644 0 0 /usr/share/openstack/ironic/ironic.conf -0100644 0 0 /usr/share/openstack/ironic/policy.json 0100644 0 0 /usr/share/openstack/iscsi.yml 0100644 0 0 /usr/share/openstack/keystone.yml 0040755 0 0 /usr/share/openstack/keystone -0100644 0 0 /usr/share/openstack/keystone/logging.conf 0100644 0 0 /usr/share/openstack/keystone/keystone.conf -0100644 0 0 /usr/share/openstack/keystone/policy.json -0100644 0 0 /usr/share/openstack/keystone/keystone-paste.ini 0100644 0 0 /usr/share/openstack/network.yml 0040755 0 0 /usr/share/openstack/neutron 0100644 0 0 /usr/share/openstack/neutron-config.yml 0100644 0 0 /usr/share/openstack/neutron-db.yml -0100644 0 0 /usr/share/openstack/neutron/neutron.conf -0100644 0 0 /usr/share/openstack/neutron/api-paste.ini -0100644 0 0 /usr/share/openstack/neutron/policy.json -0100644 0 0 /usr/share/openstack/neutron/l3_agent.ini 0100644 0 0 /usr/share/openstack/neutron/dhcp_agent.ini -0100644 0 0 /usr/share/openstack/neutron/lbaas_agent.ini +0100644 0 0 /usr/share/openstack/neutron/l3_agent.ini +0100644 0 0 /usr/share/openstack/neutron/neutron.conf 0100644 0 0 /usr/share/openstack/neutron/metadata_agent.ini -0100644 0 0 /usr/share/openstack/neutron/fwaas_driver.ini -0100644 0 0 /usr/share/openstack/neutron/metering_agent.ini -0100644 0 0 /usr/share/openstack/neutron/vpn_agent.ini 0040755 0 0 /usr/share/openstack/neutron/plugins/ -0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch -0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl -0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs -0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs -0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README -0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README -0040755 0 0 /usr/share/openstack/neutron/plugins/brocade -0100644 0 0 /usr/share/openstack/neutron/plugins/brocade/brocade.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/cisco -0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/embrane -0100644 0 0 /usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/hyperv -0100644 0 0 /usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/ibm -0100644 0 0 /usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/linuxbridge -0100644 0 0 /usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/metaplugin -0100644 0 0 /usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/midonet -0100644 0 0 /usr/share/openstack/neutron/plugins/midonet/midonet.ini 0040755 0 0 /usr/share/openstack/neutron/plugins/ml2 0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini -0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/mlnx -0100644 0 0 /usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/nec -0100644 0 0 /usr/share/openstack/neutron/plugins/nec/nec.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/nuage -0100644 0 0 /usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/oneconvergence -0100644 0 0 /usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/opencontrail -0100644 0 0 /usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/openvswitch -0100644 0 0 /usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/plumgrid -0100644 0 0 /usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini -0040755 0 0 /usr/share/openstack/neutron/plugins/vmware -0100644 0 0 /usr/share/openstack/neutron/plugins/vmware/nsx.ini 0040755 0 0 /usr/share/openstack/nova 0100644 0 0 /usr/share/openstack/nova-config.yml 0100644 0 0 /usr/share/openstack/nova-db.yml -0100644 0 0 /usr/share/openstack/nova/logging.conf 0100644 0 0 /usr/share/openstack/nova/nova.conf 0100644 0 0 /usr/share/openstack/nova/nova-compute.conf -0100644 0 0 /usr/share/openstack/nova/policy.json -0100644 0 0 /usr/share/openstack/nova/cells.json -0100644 0 0 /usr/share/openstack/nova/api-paste.ini 0100644 0 0 /usr/share/openstack/openvswitch.yml 0040755 0 0 /usr/share/openstack/postgres 0100644 0 0 /usr/share/openstack/postgres.yml diff --git a/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf b/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf index b572d40f..66a1db14 100644 --- a/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf +++ b/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf @@ -1,1023 +1,1327 @@ [DEFAULT] - -# -# Options defined in ceilometer.middleware -# - -# Exchanges name to listen for notifications. (multi valued) -#http_control_exchanges=nova -#http_control_exchanges=glance -#http_control_exchanges=neutron -#http_control_exchanges=cinder - - -# -# Options defined in ceilometer.pipeline -# - -# Configuration file for pipeline definition. (string value) -#pipeline_cfg_file=pipeline.yaml - - -# -# Options defined in ceilometer.sample -# - -# Source for samples emitted on this instance. (string value) -# Deprecated group/name - [DEFAULT]/counter_source -#sample_source=openstack - - -# -# Options defined in ceilometer.service -# - -# Name of this node, which must be valid in an AMQP key. Can -# be an opaque identifier. For ZeroMQ only, must be a valid -# host name, FQDN, or IP address. (string value) -#host=ceilometer - -# Dispatcher to process data. (multi valued) -#dispatcher=database - -# Number of workers for collector service. A single -# collector is enabled by default. (integer value) -#collector_workers=1 - -# Number of workers for notification service. A single -# notification agent is enabled by default. (integer value) -#notification_workers=1 - - -# -# Options defined in ceilometer.api.app -# - -# The strategy to use for auth: noauth or keystone. (string -# value) -auth_strategy=keystone - -# Deploy the deprecated v1 API. (boolean value) -#enable_v1_api=true - - + # -# Options defined in ceilometer.compute.notifications +# From ceilometer # - + +# To reduce large requests at same time to Nova or other components +# from different compute agents, shuffle start time of polling task. +# (integer value) +#shuffle_time_before_polling_task = 0 + +# Configuration file for WSGI definition of API. (string value) +#api_paste_config = api_paste.ini + +# Number of workers for Ceilometer API server. (integer value) +#api_workers = 1 + +# Polling namespace(s) to be used while resource polling (unknown +# type) +#polling_namespaces = ['compute', 'central'] + +# List of pollsters (or wildcard templates) to be used while polling +# (unknown type) +#pollster_list = [] + # Exchange name for Nova notifications. (string value) -#nova_control_exchange=nova - - -# -# Options defined in ceilometer.compute.util -# - -# List of metadata prefixes reserved for metering use. (list -# value) -#reserved_metadata_namespace=metering. - +#nova_control_exchange = nova + +# List of metadata prefixes reserved for metering use. (list value) +#reserved_metadata_namespace = metering. + # Limit on length of reserved metadata values. (integer value) -#reserved_metadata_length=256 - - -# -# Options defined in ceilometer.compute.virt.inspector -# - -# Inspector to use for inspecting the hypervisor layer. -# (string value) -#hypervisor_inspector=libvirt - - -# -# Options defined in ceilometer.compute.virt.libvirt.inspector -# - -# Libvirt domain type (valid options are: kvm, lxc, qemu, uml, -# xen). (string value) -#libvirt_type=kvm - +#reserved_metadata_length = 256 + +# List of metadata keys reserved for metering use. And these keys are +# additional to the ones included in the namespace. (list value) +#reserved_metadata_keys = + +# Inspector to use for inspecting the hypervisor layer. (string value) +#hypervisor_inspector = libvirt + +# Libvirt domain type. (string value) +# Allowed values: kvm, lxc, qemu, uml, xen +#libvirt_type = kvm + # Override the default libvirt URI (which is dependent on # libvirt_type). (string value) -#libvirt_uri= - - -# -# Options defined in ceilometer.image.notifications -# - +#libvirt_uri = + +# Exchange name for Data Processing notifications. (string value) +#sahara_control_exchange = sahara + +# Dispatcher to process data. (multi valued) +# Deprecated group/name - [collector]/dispatcher +#dispatcher = database + +# Exchange name for Keystone notifications. (string value) +#keystone_control_exchange = keystone + +# Number of items to request in each paginated Glance API request +# (parameter used by glancecelient). If this is less than or equal to +# 0, page size is not specified (default value in glanceclient is +# used). (integer value) +#glance_page_size = 0 + # Exchange name for Glance notifications. (string value) -#glance_control_exchange=glance - - -# -# Options defined in ceilometer.network.notifications -# - +#glance_control_exchange = glance + +# Exchange name for Ironic notifications. (string value) +#ironic_exchange = ironic + +# Exchanges name to listen for notifications. (multi valued) +#http_control_exchanges = nova +#http_control_exchanges = glance +#http_control_exchanges = neutron +#http_control_exchanges = cinder + # Exchange name for Neutron notifications. (string value) # Deprecated group/name - [DEFAULT]/quantum_control_exchange -#neutron_control_exchange=neutron - - -# -# Options defined in ceilometer.objectstore.swift -# - -# Swift reseller prefix. Must be on par with reseller_prefix -# in proxy-server.conf. (string value) -#reseller_prefix=AUTH_ - - -# -# Options defined in ceilometer.openstack.common.db.sqlalchemy.session -# - -# The file name to use with SQLite (string value) -#sqlite_db=ceilometer.sqlite - -# If True, SQLite uses synchronous mode (boolean value) -#sqlite_synchronous=true - - -# -# Options defined in ceilometer.openstack.common.eventlet_backdoor -# - -# Enable eventlet backdoor. Acceptable values are 0, <port>, -# and <start>:<end>, where 0 results in listening on a random -# tcp port number; <port> results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port=<None> - - -# -# Options defined in ceilometer.openstack.common.lockutils -# - -# Whether to disable inter-process locks. (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. (string value) -#lock_path=<None> - - -# -# Options defined in ceilometer.openstack.common.log -# - -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error (boolean value) -#use_stderr=true - -# Format string to use for log messages with context (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format +#neutron_control_exchange = neutron + +# Allow novaclient's debug log output. (boolean value) +#nova_http_log_debug = false + +# Swift reseller prefix. Must be on par with reseller_prefix in proxy- +# server.conf. (string value) +#reseller_prefix = AUTH_ + +# Enable eventlet backdoor. Acceptable values are 0, <port>, and +# <start>:<end>, where 0 results in listening on a random tcp port +# number; <port> results in listening on the specified port number +# (and not enabling backdoor if that port is in use); and +# <start>:<end> results in listening on the smallest unused port +# number within the specified range of port numbers. The chosen port +# is displayed in the service's log file. (string value) +#backdoor_port = <None> + +# Print debugging output (set logging level to DEBUG instead of +# default WARNING level). (boolean value) +#debug = false + +# Print more verbose output (set logging level to INFO instead of +# default WARNING level). (boolean value) +#verbose = false + +# Log output to standard error. (boolean value) +#use_stderr = true + +# The name of a logging configuration file. This file is appended to +# any existing logging configuration files. For details about logging +# configuration files, see the Python logging module documentation. # (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN - -# Publish error events (boolean value) -#publish_errors=false - -# Make deprecations fatal (boolean value) -#fatal_deprecations=false - -# If an instance is passed with the log message, format it -# like this (string value) -#instance_format="[instance: %(uuid)s] " - -# If an instance UUID is passed with the log message, format -# it like this (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of logging configuration file. It does not disable -# existing loggers, but just appends specified logging -# configuration to any other existing logging options. Please -# see the Python logging module documentation for details on -# logging configuration files. (string value) # Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> - -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and +#log_config_append = <None> + +# DEPRECATED. A logging.Formatter log message format string which may +# use any of the available logging.LogRecord attributes. This option +# is deprecated. Please use logging_context_format_string and # logging_default_format_string instead. (string value) -#log_format=<None> - -# Format string for %%(asctime)s in log records. Default: -# %(default)s (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) +#log_format = <None> + +# Format string for %%(asctime)s in log records. Default: %(default)s +# . (string value) +#log_date_format = %Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to output to. If no default is set, +# logging will go to stdout. (string value) # Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> - -# (Optional) The base directory used for relative --log-file -# paths (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> - -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and then will be changed in J to honor RFC5424 -# (boolean value) -use_syslog=true - -# (Optional) Use syslog rfc5424 format for logging. If -# enabled, will add APP-NAME (RFC5424) before the MSG part of -# the syslog message. The old format without APP-NAME is -# deprecated in I, and will be removed in J. (boolean value) -#use_syslog_rfc_format=false - -# Syslog facility to receive log lines (string value) -#syslog_log_facility=LOG_USER - - -# -# Options defined in ceilometer.openstack.common.middleware.sizelimit -# - -# The maximum body size per request, in bytes (integer value) -# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size -#max_request_body_size=114688 - - -# -# Options defined in ceilometer.openstack.common.notifier.api -# - -# Driver or drivers to handle sending notifications (multi -# valued) -#notification_driver= - -# Default notification level for outgoing notifications +#log_file = <None> + +# (Optional) The base directory used for relative --log-file paths. # (string value) -#default_notification_level=INFO - -# Default publisher_id for outgoing notifications (string -# value) -#default_publisher_id=<None> - - -# -# Options defined in ceilometer.openstack.common.notifier.rpc_notifier -# - -# AMQP topic used for OpenStack notifications (list value) -#notification_topics=notifications - - -# -# Options defined in ceilometer.openstack.common.policy -# - -# JSON file containing policy (string value) -#policy_file=policy.json - -# Rule enforced when requested rule is not found (string +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = <None> + +# Use syslog for logging. Existing syslog format is DEPRECATED during +# I, and will change in J to honor RFC5424. (boolean value) +#use_syslog = false + +# (Optional) Enables or disables syslog rfc5424 format for logging. If +# enabled, prefixes the MSG part of the syslog message with APP-NAME +# (RFC5424). The format without the APP-NAME is deprecated in I, and +# will be removed in J. (boolean value) +#use_syslog_rfc_format = false + +# Syslog facility to receive log lines. (string value) +#syslog_log_facility = LOG_USER + +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Format string to use for log messages without context. (string # value) -#policy_default_rule=default - - -# -# Options defined in ceilometer.openstack.common.rpc -# - -# The messaging module to use, defaults to kombu. (string +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + +# Prefix each line of exception output with this format. (string # value) -rpc_backend=rabbit - -# Size of RPC thread pool (integer value) -#rpc_thread_pool_size=64 - -# Size of RPC connection pool (integer value) -#rpc_conn_pool_size=30 - -# Seconds to wait for a response from call or multicall -# (integer value) -#rpc_response_timeout=60 - -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 - -# Modules of exceptions that are permitted to be recreated -# upon receiving exception data from an rpc call. (list value) -#allowed_rpc_exception_modules=nova.exception,cinder.exception,exceptions - -# If passed, use a fake RabbitMQ provider (boolean value) -#fake_rabbit=false - -# AMQP exchange to connect to if using RabbitMQ or Qpid -# (string value) -#control_exchange=openstack - - -# -# Options defined in ceilometer.openstack.common.rpc.amqp -# - -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false - - -# -# Options defined in ceilometer.openstack.common.rpc.impl_kombu -# - -# If SSL is enabled, the SSL version to use. Valid values are -# TLSv1, SSLv23 and SSLv3. SSLv2 might be available on some -# distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled) (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled) (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL enabled) -# (string value) -#kombu_ssl_ca_certs= - -# The RabbitMQ broker address where a single node is used +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s + +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN + +# Enables or disables publication of error events. (boolean value) +#publish_errors = false + +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false + +# The format for an instance that is passed with the log message. # (string value) -rabbit_host = {{ RABBITMQ_HOST }} +#instance_format = "[instance: %(uuid)s] " - -# The RabbitMQ broker port where a single node is used -# (integer value) -rabbit_port= {{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ (boolean value) -rabbit_use_ssl=false - -# The RabbitMQ userid (string value) -rabbit_userid= {{ RABBITMQ_USER }} - -# The RabbitMQ password (string value) -rabbit_password = {{ RABBITMQ_PASSWORD }} - - -# The RabbitMQ virtual host (string value) -rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count) (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - - -# -# Options defined in ceilometer.openstack.common.rpc.impl_qpid -# - -# Qpid broker hostname (string value) -#qpid_hostname=localhost - -# Qpid broker port (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for qpid connection (string value) -#qpid_username= - -# Password for qpid connection (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth +# The format for an instance UUID that is passed with the log message. # (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl' (string value) -#qpid_protocol=tcp - -# Disable Nagle algorithm (boolean value) -#qpid_tcp_nodelay=true - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - - -# -# Options defined in ceilometer.openstack.common.rpc.impl_zmq -# - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* - -# MatchMaker driver (string value) -#rpc_zmq_matchmaker=ceilometer.openstack.common.rpc.matchmaker.MatchMakerLocalhost - -# ZeroMQ receiver listening port (integer value) -#rpc_zmq_port=9501 - -# Number of ZeroMQ contexts, defaults to 1 (integer value) -#rpc_zmq_contexts=1 - -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> - -# Directory for holding IPC sockets (string value) -#rpc_zmq_ipc_dir=/var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=ceilometer - - -# -# Options defined in ceilometer.openstack.common.rpc.matchmaker -# - -# Heartbeat frequency (integer value) -#matchmaker_heartbeat_freq=300 - -# Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 - - -# -# Options defined in ceilometer.orchestration.notifications -# - +#instance_uuid_format = "[instance: %(uuid)s] " + # Exchange name for Heat notifications (string value) -#heat_control_exchange=heat - - -# -# Options defined in ceilometer.storage -# - +#heat_control_exchange = heat + +# Configuration file for pipeline definition. (string value) +#pipeline_cfg_file = pipeline.yaml + +# Configuration file for event pipeline definition. (string value) +#event_pipeline_cfg_file = event_pipeline.yaml + +# Exchange name for DBaaS notifications. (string value) +#trove_control_exchange = trove + +# Exchange name for Messaging service notifications. (string value) +#zaqar_control_exchange = zaqar + +# Source for samples emitted on this instance. (string value) +# Deprecated group/name - [DEFAULT]/counter_source +#sample_source = openstack + +# Name of this node, which must be valid in an AMQP key. Can be an +# opaque identifier. For ZeroMQ only, must be a valid host name, FQDN, +# or IP address. (string value) +#host = noisecell + +# Number of workers for collector service. A single collector is +# enabled by default. (integer value) +#collector_workers = 1 + +# Number of workers for notification service. A single notification +# agent is enabled by default. (integer value) +#notification_workers = 1 + +# Timeout seconds for HTTP requests. Set it to None to disable +# timeout. (integer value) +#http_timeout = 600 + # DEPRECATED - Database connection string. (string value) -#database_connection=<None> - - -# -# Options defined in ceilometer.storage.sqlalchemy.models -# - -# MySQL engine to use. (string value) -#mysql_engine=InnoDB - - -# -# Options defined in ceilometer.volume.notifications -# - +#database_connection = <None> + +# Path to the rootwrap configuration file touse for running commands +# as root (string value) +#rootwrap_config = /etc/ceilometer/rootwrap.conf + # Exchange name for Cinder notifications. (string value) -cinder_control_exchange=cinder - - -[alarm] - +#cinder_control_exchange = cinder + # -# Options defined in ceilometer.cli +# From oslo.messaging # - -# Class to launch as alarm evaluation service. (string value) -#evaluation_service=ceilometer.alarm.service.SingletonAlarmService - - + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet +# interface, or IP. The "host" option should point or resolve to this +# address. (string value) +#rpc_zmq_bind_address = * + +# MatchMaker driver. (string value) +#rpc_zmq_matchmaker = local + +# ZeroMQ receiver listening port. (integer value) +#rpc_zmq_port = 9501 + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts = 1 + +# Maximum number of ingress messages to locally buffer per topic. +# Default is unlimited. (integer value) +#rpc_zmq_topic_backlog = <None> + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir = /var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP address. +# Must match "host" option, if running Nova. (string value) +#rpc_zmq_host = localhost + +# Seconds to wait before a cast expires (TTL). Only supported by +# impl_zmq. (integer value) +#rpc_cast_timeout = 30 + +# Heartbeat frequency. (integer value) +#matchmaker_heartbeat_freq = 300 + +# Heartbeat time-to-live. (integer value) +#matchmaker_heartbeat_ttl = 600 + +# Size of RPC thread pool. (integer value) +#rpc_thread_pool_size = 64 + +# Driver or drivers to handle sending notifications. (multi valued) +#notification_driver = + +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +#notification_topics = notifications + +# Seconds to wait for a response from a call. (integer value) +#rpc_response_timeout = 60 + +# A URL representing the messaging driver to use and its full +# configuration. If not set, we fall back to the rpc_backend option +# and driver specific configuration. (string value) +#transport_url = <None> + +# The messaging driver to use, defaults to rabbit. Other drivers +# include qpid and zmq. (string value) +#rpc_backend = rabbit + +# The default exchange under which topics are scoped. May be +# overridden by an exchange name specified in the transport_url +# option. (string value) +#control_exchange = openstack + + +[alarm] + # -# Options defined in ceilometer.alarm.notifier.rest +# From ceilometer # - + # SSL Client certificate for REST notifier. (string value) -#rest_notifier_certificate_file= - +#rest_notifier_certificate_file = + # SSL Client private key for REST notifier. (string value) -#rest_notifier_certificate_key= - -# Whether to verify the SSL Server certificate when calling -# alarm action. (boolean value) -#rest_notifier_ssl_verify=true - - -# -# Options defined in ceilometer.alarm.rpc -# - -# The topic that ceilometer uses for alarm notifier messages. -# (string value) -#notifier_rpc_topic=alarm_notifier - -# The topic that ceilometer uses for alarm partition -# coordination messages. (string value) -#partition_rpc_topic=alarm_partition_coordination - - -# -# Options defined in ceilometer.alarm.service -# - -# Period of evaluation cycle, should be >= than configured -# pipeline interval for collection of underlying metrics. -# (integer value) +#rest_notifier_certificate_key = + +# Whether to verify the SSL Server certificate when calling alarm +# action. (boolean value) +#rest_notifier_ssl_verify = true + +# Number of retries for REST notifier (integer value) +#rest_notifier_max_retries = 0 + +# Period of evaluation cycle, should be >= than configured pipeline +# interval for collection of underlying metrics. (integer value) # Deprecated group/name - [alarm]/threshold_evaluation_interval -#evaluation_interval=60 - - -# -# Options defined in ceilometer.api.controllers.v2 -# - +#evaluation_interval = 60 + +# The topic that ceilometer uses for alarm notifier messages. (string +# value) +#notifier_rpc_topic = alarm_notifier + +# The topic that ceilometer uses for alarm partition coordination +# messages. DEPRECATED: RPC-based partitionedalarm evaluation service +# will be removed in Kilo in favour of the default alarm evaluation +# service using tooz for partitioning. (string value) +#partition_rpc_topic = alarm_partition_coordination + +# URL to Gnocchi. (string value) +#gnocchi_url = http://localhost:8041 + # Record alarm change events. (boolean value) -#record_history=true - - +#record_history = true + +# Maximum number of alarms defined for a user. (integer value) +#user_alarm_quota = <None> + +# Maximum number of alarms defined for a project. (integer value) +#project_alarm_quota = <None> + +# Driver to use for alarm evaluation service. DEPRECATED: "singleton" +# and "partitioned" alarm evaluator services will be removed in Kilo +# in favour of the default alarm evaluation service using tooz for +# partitioning. (string value) +#evaluation_service = default + + [api] - + # -# Options defined in ceilometer.api +# From ceilometer # - + # The port for the ceilometer API server. (integer value) # Deprecated group/name - [DEFAULT]/metering_api_port -#port=8777 - +#port = 8777 + # The listen IP for the ceilometer API server. (string value) -#host=0.0.0.0 - - +#host = 0.0.0.0 + +# Toggle Pecan Debug Middleware. (boolean value) +#pecan_debug = false + + +[central] + +# +# From ceilometer +# + +# Work-load partitioning group prefix. Use only if you want to run +# multiple polling agents with different config files. For each sub- +# group of the agent pool with the same partitioning_group_prefix a +# disjoint subset of pollsters should be loaded. (string value) +# Deprecated group/name - [central]/partitioning_group_prefix +#partitioning_group_prefix = <None> + + [collector] - + # -# Options defined in ceilometer.collector +# From ceilometer # - -# Address to which the UDP socket is bound. Set to an empty -# string to disable. (string value) -#udp_address=0.0.0.0 - + +# Address to which the UDP socket is bound. Set to an empty string to +# disable. (string value) +#udp_address = 0.0.0.0 + # Port to which the UDP socket is bound. (integer value) -#udp_port=4952 - - +#udp_port = 4952 + +# Requeue the sample on the collector sample queue when the collector +# fails to dispatch it. This is only valid if the sample come from the +# notifier publisher. (boolean value) +#requeue_sample_on_dispatcher_error = false + +# Requeue the event on the collector event queue when the collector +# fails to dispatch it. (boolean value) +#requeue_event_on_dispatcher_error = false + + +[compute] + +# +# From ceilometer +# + +# Enable work-load partitioning, allowing multiple compute agents to +# be run simultaneously. (boolean value) +#workload_partitioning = false + + +[coordination] + +# +# From ceilometer +# + +# The backend URL to use for distributed coordination. If left empty, +# per-deployment central agent and per-host compute agent won't do +# workload partitioning and will only function correctly if a single +# instance of that service is running. (string value) +#backend_url = <None> + +# Number of seconds between heartbeats for distributed coordination. +# (floating point value) +#heartbeat = 1.0 + +# Number of seconds between checks to see if group membership has +# changed (floating point value) +#check_watchers = 10.0 + + [database] - + # -# Options defined in ceilometer.openstack.common.db.api +# From ceilometer # - -# The backend to use for db (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy - - + +# Number of seconds that samples are kept in the database for (<= 0 +# means forever). (integer value) +# Deprecated group/name - [database]/time_to_live +#metering_time_to_live = -1 + +# Number of seconds that events are kept in the database for (<= 0 +# means forever). (integer value) +#event_time_to_live = -1 + +# The connection string used to connect to the metering database. (if +# unset, connection is used) (string value) +#metering_connection = <None> + +# The connection string used to connect to the alarm database. (if +# unset, connection is used) (string value) +#alarm_connection = <None> + +# The connection string used to connect to the event database. (if +# unset, connection is used) (string value) +#event_connection = <None> + +# The name of the replica set which is used to connect to MongoDB +# database. If it is set, MongoReplicaSetClient will be used instead +# of MongoClient. (string value) +#mongodb_replica_set = + +# The max length of resources id in DB2 nosql, the value should be +# larger than len(hostname) * 2 as compute node's resource id is +# <hostname>_<nodename>. (integer value) +#db2nosql_resource_id_maxlen = 512 + # -# Options defined in ceilometer.openstack.common.db.sqlalchemy.session +# From oslo.db # - -# The SQLAlchemy connection string used to connect to the -# database (string value) + +# The file name to use with SQLite. (string value) +# Deprecated group/name - [DEFAULT]/sqlite_db +#sqlite_db = oslo.sqlite + +# If True, SQLite uses synchronous mode. (boolean value) +# Deprecated group/name - [DEFAULT]/sqlite_synchronous +#sqlite_synchronous = true + +# The back end to use for the database. (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend = sqlalchemy + +# The SQLAlchemy connection string to use to connect to the database. +# (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection -connection=postgresql://{{ CEILOMETER_DB_USER }}:{{ CEILOMETER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ceilometer +#connection = <None> -# The SQLAlchemy connection string used to connect to the -# slave database (string value) -#slave_connection= - -# Timeout before idle sql connections are reaped (integer -# value) +# The SQLAlchemy connection string to use to connect to the slave +# database. (string value) +#slave_connection = <None> + +# The SQL mode to be used for MySQL sessions. This option, including +# the default, overrides any server-set SQL mode. To use whatever SQL +# mode is set by the server configuration, set this to no value. +# Example: mysql_sql_mode= (string value) +#mysql_sql_mode = TRADITIONAL + +# Timeout before idle SQL connections are reaped. (integer value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool -# (integer value) +#idle_timeout = 3600 + +# Minimum number of SQL connections to keep open in a pool. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool -# (integer value) +#min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size=<None> - -# Maximum db connection retries during startup. (setting -1 -# implies an infinite retry count) (integer value) +#max_pool_size = <None> + +# Maximum number of database connection retries during startup. Set to +# -1 to specify an infinite retry count. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 - -# Interval between retries of opening a sql connection -# (integer value) +#max_retries = 10 + +# Interval between retries of opening a SQL connection. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 - -# If set, use this value for max_overflow with sqlalchemy -# (integer value) +#retry_interval = 10 + +# If set, use this value for max_overflow with SQLAlchemy. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow=<None> - -# Verbosity of SQL debugging information. 0=None, -# 100=Everything (integer value) +#max_overflow = <None> + +# Verbosity of SQL debugging information: 0=None, 100=Everything. +# (integer value) # Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 - -# Add python stack traces to SQL as comment strings (boolean -# value) +#connection_debug = 0 + +# Add Python stack traces to SQL as comment strings. (boolean value) # Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false - -# If set, use this value for pool_timeout with sqlalchemy -# (integer value) +#connection_trace = false + +# If set, use this value for pool_timeout with SQLAlchemy. (integer +# value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout=<None> - - -# -# Options defined in ceilometer.storage -# - -# Number of seconds that samples are kept in the database for -# (<= 0 means forever). (integer value) -#time_to_live=-1 - - +#pool_timeout = <None> + +# Enable the experimental use of database reconnect on connection +# lost. (boolean value) +#use_db_reconnect = false + +# Seconds between retries of a database transaction. (integer value) +#db_retry_interval = 1 + +# If True, increases the interval between retries of a database +# operation up to db_max_retry_interval. (boolean value) +#db_inc_retry_interval = true + +# If db_inc_retry_interval is set, the maximum seconds between retries +# of a database operation. (integer value) +#db_max_retry_interval = 10 + +# Maximum retries in case of connection error or deadlock error before +# error is raised. Set to -1 to specify an infinite retry count. +# (integer value) +#db_max_retries = 20 + + [dispatcher_file] - + # -# Options defined in ceilometer.dispatcher.file +# From ceilometer # - -# Name and the location of the file to record meters. (string -# value) -#file_path=<None> - + +# Name and the location of the file to record meters. (string value) +#file_path = <None> + # The max size of the file. (integer value) -#max_bytes=0 - +#max_bytes = 0 + # The max number of the files to keep. (integer value) -#backup_count=0 - - +#backup_count = 0 + + [event] - + # -# Options defined in ceilometer.event.converter +# From ceilometer # - + # Configuration file for event definitions. (string value) -#definitions_cfg_file=event_definitions.yaml - -# Drop notifications if no event definition matches. -# (Otherwise, we convert them with just the default traits) -# (boolean value) -#drop_unmatched_notifications=false - - +#definitions_cfg_file = event_definitions.yaml + +# Drop notifications if no event definition matches. (Otherwise, we +# convert them with just the default traits) (boolean value) +#drop_unmatched_notifications = false + +# Store the raw notification for select priority levels (info and/or +# error). By default, raw details are not captured. (multi valued) +#store_raw = + + +[hardware] + +# +# From ceilometer +# + +# URL scheme to use for hardware nodes. (string value) +#url_scheme = snmp:// + +# SNMPd user name of all nodes running in the cloud. (string value) +#readonly_user_name = ro_snmp_user + +# SNMPd password of all the nodes running in the cloud. (string value) +#readonly_user_password = password + + +[ipmi] + +# +# From ceilometer +# + +# Number of retries upon Intel Node Manager initialization failure +# (integer value) +#node_manager_init_retry = 3 + +# Tolerance of IPMI/NM polling failures before disable this pollster. +# Negative indicates retrying forever. (integer value) +#polling_retry = 3 + + [keystone_authtoken] - + # -# Options defined in keystoneclient.middleware.auth_token +# From keystonemiddleware.auth_token # - -# Prefix to prepend at the beginning of the path (string -# value) -#auth_admin_prefix= - -# Host providing the admin Identity API endpoint (string + +# Complete public Identity API endpoint. (string value) +#auth_uri = <None> + +# API version of the admin Identity API endpoint. (string value) +#auth_version = <None> + +# Do not handle authorization requests within the middleware, but +# delegate the authorization decision to downstream WSGI components. +# (boolean value) +#delay_auth_decision = false + +# Request timeout value for communicating with Identity API server. +# (integer value) +#http_connect_timeout = <None> + +# How many times are we trying to reconnect when communicating with +# Identity API Server. (integer value) +#http_request_max_retries = 3 + +# Env key for the swift cache. (string value) +#cache = <None> + +# Required if identity server requires client certificate (string # value) -#auth_host=127.0.0.1 - -# Port of the admin Identity API endpoint (integer value) -#auth_port=35357 - -# Protocol of the admin Identity API endpoint(http or https) -# (string value) -#auth_protocol=https - -# Complete public Identity API endpoint (string value) -auth_uri= http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 - - -# API version of the admin Identity API endpoint (string +#certfile = <None> + +# Required if identity server requires client certificate (string # value) -#auth_version=<None> - -# Do not handle authorization requests within the middleware, -# but delegate the authorization decision to downstream WSGI -# components (boolean value) -#delay_auth_decision=false - -# Request timeout value for communicating with Identity API -# server. (boolean value) -#http_connect_timeout=<None> - -# How many times are we trying to reconnect when communicating -# with Identity API Server. (integer value) -#http_request_max_retries=3 - -# Allows to pass in the name of a fake http_handler callback -# function used instead of httplib.HTTPConnection or -# httplib.HTTPSConnection. Useful for unit testing where -# network is not available. (string value) -#http_handler=<None> - -# Single shared secret with the Keystone configuration used -# for bootstrapping a Keystone installation, or otherwise -# bypassing the normal authentication process. (string value) -#admin_token=<None> - -# Keystone account username (string value) -admin_user = {{ CEILOMETER_SERVICE_USER }} - -# Keystone account password (string value) -admin_password = {{ CEILOMETER_SERVICE_PASSWORD }} - -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name = service - -# Env key for the swift cache (string value) -#cache=<None> - -# Required if Keystone server requires client certificate -# (string value) -#certfile=<None> - -# Required if Keystone server requires client certificate -# (string value) -#keyfile=<None> - -# A PEM encoded Certificate Authority to use when verifying -# HTTPS connections. Defaults to system CAs. (string value) -#cafile=<None> - +#keyfile = <None> + +# A PEM encoded Certificate Authority to use when verifying HTTPs +# connections. Defaults to system CAs. (string value) +#cafile = <None> + # Verify HTTPS connections. (boolean value) -#insecure=false - -# Directory used to cache files related to PKI tokens (string -# value) -#signing_dir=<None> - -# If defined, the memcache server(s) to use for caching (list +#insecure = false + +# Directory used to cache files related to PKI tokens. (string value) +#signing_dir = <None> + +# Optionally specify a list of memcached server(s) to use for caching. +# If left undefined, tokens will instead be cached in-process. (list # value) # Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers=<None> - -# In order to prevent excessive requests and validations, the -# middleware uses an in-memory cache for the tokens the -# Keystone API returns. This is only valid if memcache_servers -# is defined. Set to -1 to disable caching completely. -# (integer value) -#token_cache_time=300 - -# Value only used for unit testing (integer value) -#revocation_cache_time=1 - -# (optional) if defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable -# values are MAC or ENCRYPT. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token -# data is encrypted and authenticated in the cache. If the -# value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -#memcache_security_strategy=<None> - -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string +#memcached_servers = <None> + +# In order to prevent excessive effort spent validating tokens, the +# middleware caches previously-seen tokens for a configurable duration +# (in seconds). Set to -1 to disable caching completely. (integer # value) -#memcache_secret_key=<None> - -# (optional) indicate whether to set the X-Service-Catalog -# header. If False, middleware will not ask for service -# catalog on token validation and will not set the X-Service- -# Catalog header. (boolean value) -#include_service_catalog=true - -# Used to control the use and type of token binding. Can be -# set to: "disabled" to not check token binding. "permissive" -# (default) to validate binding information if the bind type -# is of a form known to the server and ignore it if not. -# "strict" like "permissive" but if the bind type is unknown -# the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string +#token_cache_time = 300 + +# Determines the frequency at which the list of revoked tokens is +# retrieved from the Identity service (in seconds). A high number of +# revocation events combined with a low cache duration may +# significantly reduce performance. (integer value) +#revocation_cache_time = 10 + +# (Optional) If defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable values are +# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in +# the cache. If ENCRYPT, token data is encrypted and authenticated in +# the cache. If the value is not one of these options or empty, +# auth_token will raise an exception on initialization. (string value) +#memcache_security_strategy = <None> + +# (Optional, mandatory if memcache_security_strategy is defined) This +# string is used for key derivation. (string value) +#memcache_secret_key = <None> + +# (Optional) Number of seconds memcached server is considered dead +# before it is tried again. (integer value) +#memcache_pool_dead_retry = 300 + +# (Optional) Maximum total number of open connections to every +# memcached server. (integer value) +#memcache_pool_maxsize = 10 + +# (Optional) Socket timeout in seconds for communicating with a +# memcache server. (integer value) +#memcache_pool_socket_timeout = 3 + +# (Optional) Number of seconds a connection to memcached is held +# unused in the pool before it is closed. (integer value) +#memcache_pool_unused_timeout = 60 + +# (Optional) Number of seconds that an operation will wait to get a +# memcache client connection from the pool. (integer value) +#memcache_pool_conn_get_timeout = 10 + +# (Optional) Use the advanced (eventlet safe) memcache client pool. +# The advanced pool will only work under python 2.x. (boolean value) +#memcache_use_advanced_pool = false + +# (Optional) Indicate whether to set the X-Service-Catalog header. If +# False, middleware will not ask for service catalog on token +# validation and will not set the X-Service-Catalog header. (boolean +# value) +#include_service_catalog = true + +# Used to control the use and type of token binding. Can be set to: +# "disabled" to not check token binding. "permissive" (default) to +# validate binding information if the bind type is of a form known to +# the server and ignore it if not. "strict" like "permissive" but if +# the bind type is unknown the token will be rejected. "required" any +# form of token binding is needed to be allowed. Finally the name of a +# binding method that must be present in tokens. (string value) +#enforce_token_bind = permissive + +# If true, the revocation list will be checked for cached tokens. This +# requires that PKI tokens are configured on the identity server. +# (boolean value) +#check_revocations_for_cached = false + +# Hash algorithms to use for hashing PKI tokens. This may be a single +# algorithm or multiple. The algorithms are those supported by Python +# standard hashlib.new(). The hashes will be tried in the order given, +# so put the preferred one first for performance. The result of the +# first hash will be stored in the cache. This will typically be set +# to multiple values only while migrating from a less secure algorithm +# to a more secure one. Once all the old tokens are expired this +# option should be set to a single value for better performance. (list +# value) +#hash_algorithms = md5 + +# Prefix to prepend at the beginning of the path. Deprecated, use +# identity_uri. (string value) +#auth_admin_prefix = + +# Host providing the admin Identity API endpoint. Deprecated, use +# identity_uri. (string value) +#auth_host = 127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +#auth_port = 35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +#auth_protocol = https + +# Complete admin Identity API endpoint. This should specify the +# unversioned root endpoint e.g. https://localhost:35357/ (string # value) -#enforce_token_bind=permissive - - +#identity_uri = <None> + +# This option is deprecated and may be removed in a future release. +# Single shared secret with the Keystone configuration used for +# bootstrapping a Keystone installation, or otherwise bypassing the +# normal authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token = <None> + +# Service username. (string value) +#admin_user = <None> + +# Service user password. (string value) +#admin_password = <None> + +# Service tenant name. (string value) +#admin_tenant_name = admin + + [matchmaker_redis] - + # -# Options defined in ceilometer.openstack.common.rpc.matchmaker_redis +# From oslo.messaging # - -# Host to locate redis (string value) -#host=127.0.0.1 - + +# Host to locate redis. (string value) +#host = 127.0.0.1 + # Use this port to connect to redis host. (integer value) -#port=6379 - -# Password for Redis server. (optional) (string value) -#password=<None> - - +#port = 6379 + +# Password for Redis server (optional). (string value) +#password = <None> + + [matchmaker_ring] - + # -# Options defined in ceilometer.openstack.common.rpc.matchmaker_ring +# From oslo.messaging # - -# Matchmaker ring file (JSON) (string value) + +# Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json - - +#ringfile = /etc/oslo/matchmaker_ring.json + + [notification] - + # -# Options defined in ceilometer.notification +# From ceilometer # - -# Acknowledge message when event persistence fails. (boolean -# value) -#ack_on_event_error=true - + +# Acknowledge message when event persistence fails. (boolean value) +# Deprecated group/name - [collector]/ack_on_event_error +#ack_on_event_error = true + # Save event details. (boolean value) -#store_events=false - - +# Deprecated group/name - [collector]/store_events +#store_events = false + +# WARNING: Ceilometer historically offered the ability to store events +# as meters. This usage is NOT advised as it can flood the metering +# database and cause performance degradation. This option disables the +# collection of non-metric meters and will be the default behavior in +# Liberty. (boolean value) +#disable_non_metric_meters = false + +# Enable workload partitioning, allowing multiple notification agents +# to be run simultaneously. (boolean value) +#workload_partitioning = false + +# Messaging URLs to listen for notifications. Example: +# transport://user:pass@host1:port[,hostN:portN]/virtual_host +# (DEFAULT/transport_url is used if empty) (multi valued) +#messaging_urls = + + +[oslo_concurrency] + +# +# From oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +# Deprecated group/name - [DEFAULT]/disable_process_locking +#disable_process_locking = false + +# Directory to use for lock files. For security, the specified +# directory should only be writable by the user running the processes +# that need locking. Defaults to environment variable OSLO_LOCK_PATH. +# If external locks are used, a lock path must be set. (string value) +# Deprecated group/name - [DEFAULT]/lock_path +#lock_path = <None> + + +[oslo_messaging_amqp] + +# +# From oslo.messaging +# + +# address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +#server_request_prefix = exclusive + +# address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +#broadcast_prefix = broadcast + +# address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +#group_request_prefix = unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +#container_name = <None> + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +#idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +#trace = false + +# CA certificate PEM file for verifing server certificate (string +# value) +# Deprecated group/name - [amqp1]/ssl_ca_file +#ssl_ca_file = + +# Identifying certificate PEM file to present to clients (string +# value) +# Deprecated group/name - [amqp1]/ssl_cert_file +#ssl_cert_file = + +# Private key PEM file used to sign cert_file certificate (string +# value) +# Deprecated group/name - [amqp1]/ssl_key_file +#ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +#ssl_key_password = <None> + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +#allow_insecure_clients = false + + +[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +#qpid_hostname = localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +#qpid_port = 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +#qpid_hosts = $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +#qpid_username = + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +#qpid_password = + +# Space separated list of SASL mechanisms to use for auth. (string +# value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +#qpid_sasl_mechanisms = + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +#qpid_heartbeat = 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +#qpid_protocol = tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +#qpid_tcp_nodelay = true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +#qpid_receiver_capacity = 1 + +# The qpid topology version to use. Version 1 is what was originally +# used by impl_qpid. Version 2 includes some backwards-incompatible +# changes that allow broker federation to work. Users should update +# to version 2 when they are able to take everything down, as it +# requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +#qpid_topology_version = 1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# SSL version to use (valid only if SSL enabled). Valid values are +# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be +# available on some distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +#kombu_ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +#kombu_ssl_keyfile = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +#kombu_ssl_certfile = + +# SSL certification authority file (valid only if SSL enabled). +# (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +#kombu_ssl_ca_certs = + +# How long to wait before reconnecting in response to an AMQP consumer +# cancel notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +#kombu_reconnect_delay = 1.0 + +# The RabbitMQ broker address where a single node is used. (string +# value) +# Deprecated group/name - [DEFAULT]/rabbit_host +#rabbit_host = localhost + +# The RabbitMQ broker port where a single node is used. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_port +#rabbit_port = 5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +#rabbit_hosts = $rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +#rabbit_use_ssl = false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +#rabbit_userid = guest + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +#rabbit_password = guest + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +#rabbit_login_method = AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +#rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +#rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. +# (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +#rabbit_retry_backoff = 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +#rabbit_max_retries = 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this +# option, you must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +#rabbit_ha_queues = false + +# Number of seconds after which the Rabbit broker is considered down +# if heartbeat's keep-alive fails (0 disables the heartbeat, >0 +# enables it. Enabling heartbeats requires kombu>=3.0.7 and +# amqp>=1.4.0). EXPERIMENTAL (integer value) +#heartbeat_timeout_threshold = 0 + +# How often times during the heartbeat_timeout_threshold we check the +# heartbeat. (integer value) +#heartbeat_rate = 2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +#fake_rabbit = false + + +[oslo_policy] + +# +# From oslo.policy +# + +# The JSON file that defines policies. (string value) +# Deprecated group/name - [DEFAULT]/policy_file +#policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. (string +# value) +# Deprecated group/name - [DEFAULT]/policy_default_rule +#policy_default_rule = default + +# Directories where policy configuration files are stored. They can be +# relative to any directory in the search path defined by the +# config_dir option, or absolute paths. The file defined by +# policy_file must exist for these directories to be searched. +# Missing or empty directories are ignored. (multi valued) +# Deprecated group/name - [DEFAULT]/policy_dirs +#policy_dirs = policy.d + + +[polling] + +# +# From ceilometer +# + +# Work-load partitioning group prefix. Use only if you want to run +# multiple polling agents with different config files. For each sub- +# group of the agent pool with the same partitioning_group_prefix a +# disjoint subset of pollsters should be loaded. (string value) +# Deprecated group/name - [central]/partitioning_group_prefix +#partitioning_group_prefix = <None> + + [publisher] - + # -# Options defined in ceilometer.publisher.utils +# From ceilometer # - -# Secret value for signing metering messages. (string value) + +# Secret value for signing messages. Set value empty if signing is not +# required to avoid computational overhead. (string value) # Deprecated group/name - [DEFAULT]/metering_secret # Deprecated group/name - [publisher_rpc]/metering_secret -# It should be set to some random value -metering_secret = {{ METERING_SECRET }} - +# Deprecated group/name - [publisher]/metering_secret +#telemetry_secret = change this for valid signing + + +[publisher_notifier] + +# +# From ceilometer +# + +# The topic that ceilometer uses for metering notifications. (string +# value) +#metering_topic = metering + +# The topic that ceilometer uses for event notifications. (string +# value) +#event_topic = event + +# The driver that ceilometer uses for metering notifications. (string +# value) +# Deprecated group/name - [DEFAULT]/metering_driver +#telemetry_driver = messagingv2 + + [publisher_rpc] - + # -# Options defined in ceilometer.publisher.rpc +# From ceilometer # - -# The topic that ceilometer uses for metering messages. -# (string value) -#metering_topic=metering - - -[rpc_notifier2] - -# -# Options defined in ceilometer.openstack.common.notifier.rpc_notifier2 -# - -# AMQP topic(s) used for OpenStack notifications (list value) -#topics=notifications - - + +# The topic that ceilometer uses for metering messages. (string value) +# Deprecated group/name - [DEFAULT]/metering_topic +#metering_topic = metering + + +[rgw_admin_credentials] + +# +# From ceilometer +# + +# Access key for Radosgw Admin. (string value) +#access_key = <None> + +# Secret key for Radosgw Admin. (string value) +#secret_key = <None> + + [service_credentials] - + # -# Options defined in ceilometer.service +# From ceilometer # - -# User name to use for OpenStack service access. (string -# value) -os_username = {{ CEILOMETER_SERVICE_USER }} - + +# User name to use for OpenStack service access. (string value) +# Deprecated group/name - [DEFAULT]/os_username +#os_username = ceilometer + # Password to use for OpenStack service access. (string value) -os_password = {{ CEILOMETER_SERVICE_PASSWORD }} - -# Tenant ID to use for OpenStack service access. (string -# value) -#os_tenant_id= - -# Tenant name to use for OpenStack service access. (string -# value) -os_tenant_name = service - +# Deprecated group/name - [DEFAULT]/os_password +#os_password = admin + +# Tenant ID to use for OpenStack service access. (string value) +# Deprecated group/name - [DEFAULT]/os_tenant_id +#os_tenant_id = + +# Tenant name to use for OpenStack service access. (string value) +# Deprecated group/name - [DEFAULT]/os_tenant_name +#os_tenant_name = admin + # Certificate chain for SSL validation. (string value) -#os_cacert=<None> - +#os_cacert = <None> + # Auth URL to use for OpenStack service access. (string value) -os_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +# Deprecated group/name - [DEFAULT]/os_auth_url +#os_auth_url = http://localhost:5000/v2.0 + +# Region name to use for OpenStack service endpoints. (string value) +# Deprecated group/name - [DEFAULT]/os_region_name +#os_region_name = <None> -# Region name to use for OpenStack service endpoints. (string -# value) -os_region_name=regionOne - # Type of endpoint in Identity service catalog to use for # communication with OpenStack services. (string value) -os_endpoint_type=internalURL - -# Disables X.509 certificate validation when an SSL connection -# to Identity Service is established. (boolean value) -#insecure=false - - -[ssl] - -# -# Options defined in ceilometer.openstack.common.sslutils -# - -# CA certificate file to use to verify connecting clients -# (string value) -#ca_file=<None> - -# Certificate file to use when starting the server securely -# (string value) -#cert_file=<None> - -# Private key file to use when starting the server securely -# (string value) -#key_file=<None> - - +#os_endpoint_type = publicURL + +# Disables X.509 certificate validation when an SSL connection to +# Identity Service is established. (boolean value) +#insecure = false + + +[service_types] + +# +# From ceilometer +# + +# Kwapi service type. (string value) +#kwapi = energy + +# Glance service type. (string value) +#glance = image + +# Neutron service type. (string value) +#neutron = network + +# Nova service type. (string value) +#nova = compute + +# Radosgw service type. (string value) +#radosgw = object-store + +# Swift service type. (string value) +#swift = object-store + + [vmware] - -# -# Options defined in ceilometer.compute.virt.vmware.inspector -# - -# IP address of the VMware Vsphere host (string value) -#host_ip= - -# Username of VMware Vsphere (string value) -#host_username= - -# Password of VMware Vsphere (string value) -#host_password= - -# Number of times a VMware Vsphere API must be retried -# (integer value) -#api_retry_count=10 - -# Sleep time in seconds for polling an ongoing async task -# (floating point value) -#task_poll_interval=0.5 + +# +# From ceilometer +# + +# IP address of the VMware Vsphere host. (string value) +#host_ip = + +# Port of the VMware Vsphere host. (integer value) +#host_port = 443 + +# Username of VMware Vsphere. (string value) +#host_username = + +# Password of VMware Vsphere. (string value) +#host_password = + +# Number of times a VMware Vsphere API may be retried. (integer value) +#api_retry_count = 10 + +# Sleep time in seconds for polling an ongoing async task. (floating +# point value) +#task_poll_interval = 0.5 + +# Optional vim service WSDL location e.g +# http://<server>/vimService.wsdl. Optional over-ride to default +# location for bug work-arounds. (string value) +#wsdl_location = <None> + + +[xenapi] + +# +# From ceilometer +# + +# URL for connection to XenServer/Xen Cloud Platform. (string value) +#connection_url = <None> + +# Username for connection to XenServer/Xen Cloud Platform. (string +# value) +#connection_username = root + +# Password for connection to XenServer/Xen Cloud Platform. (string +# value) +#connection_password = <None> + +# Timeout in seconds for XenAPI login. (integer value) +#login_timeout = 10 diff --git a/install-files/openstack/usr/share/openstack/cinder/api-paste.ini b/install-files/openstack/usr/share/openstack/cinder/api-paste.ini deleted file mode 100644 index ba922d5f..00000000 --- a/install-files/openstack/usr/share/openstack/cinder/api-paste.ini +++ /dev/null @@ -1,60 +0,0 @@ -############# -# OpenStack # -############# - -[composite:osapi_volume] -use = call:cinder.api:root_app_factory -/: apiversions -/v1: openstack_volume_api_v1 -/v2: openstack_volume_api_v2 - -[composite:openstack_volume_api_v1] -use = call:cinder.api.middleware.auth:pipeline_factory -noauth = request_id faultwrap sizelimit osprofiler noauth apiv1 -keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 -keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 - -[composite:openstack_volume_api_v2] -use = call:cinder.api.middleware.auth:pipeline_factory -noauth = request_id faultwrap sizelimit osprofiler noauth apiv2 -keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 -keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 - -[filter:request_id] -paste.filter_factory = cinder.openstack.common.middleware.request_id:RequestIdMiddleware.factory - -[filter:faultwrap] -paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes - -[filter:noauth] -paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory - -[filter:sizelimit] -paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory - -[app:apiv1] -paste.app_factory = cinder.api.v1.router:APIRouter.factory - -[app:apiv2] -paste.app_factory = cinder.api.v2.router:APIRouter.factory - -[pipeline:apiversions] -pipeline = faultwrap osvolumeversionapp - -[app:osvolumeversionapp] -paste.app_factory = cinder.api.versions:Versions.factory - -########## -# Shared # -########## - -[filter:keystonecontext] -paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/install-files/openstack/usr/share/openstack/cinder/cinder.conf b/install-files/openstack/usr/share/openstack/cinder/cinder.conf index a58004b5..8afdb941 100644 --- a/install-files/openstack/usr/share/openstack/cinder/cinder.conf +++ b/install-files/openstack/usr/share/openstack/cinder/cinder.conf @@ -4,130 +4,13 @@ # Options defined in oslo.messaging # -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in AMQP. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on -# some distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} - -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake -# (boolean value) -#fake_rabbit=false - # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) #rpc_zmq_bind_address=* # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker=local # ZeroMQ receiver listening port. (integer value) #rpc_zmq_port=9501 @@ -157,12 +40,12 @@ rabbit_password={{ RABBITMQ_PASSWORD }} # Heartbeat time-to-live. (integer value) #matchmaker_heartbeat_ttl=600 -# Size of RPC greenthread pool. (integer value) +# Size of RPC thread pool. (integer value) #rpc_thread_pool_size=64 # Driver or drivers to handle sending notifications. (multi # valued) -notification_driver=messagingv2 +#notification_driver= # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics @@ -178,12 +61,12 @@ notification_driver=messagingv2 # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) -rpc_backend=rabbit +#rpc_backend=rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the # transport_url option. (string value) -control_exchange=cinder +#control_exchange=openstack # @@ -306,6 +189,12 @@ control_exchange=cinder # with big service catalogs). (integer value) #max_header_line=16384 +# Timeout for client connections' socket operations. If an +# incoming connection is idle for this number of seconds it +# will be closed. A value of '0' means wait forever. (integer +# value) +#client_socket_timeout=900 + # If False, closes the client socket connection explicitly. # Setting it to True to maintain backward compatibility. # Recommended setting is set it to False. (boolean value) @@ -372,13 +261,41 @@ control_exchange=cinder # +# Options defined in cinder.api.views.versions +# + +# Public url to use for versions endpoint. The default is +# None, which will use the request's host_url attribute to +# populate the URL base. If Cinder is operating behind a +# proxy, you will want to change this to represent the proxy's +# URL. (string value) +#public_endpoint=<None> + + +# +# Options defined in cinder.backup.chunkeddriver +# + +# Compression algorithm (None to disable) (string value) +#backup_compression_algorithm=zlib + + +# # Options defined in cinder.backup.driver # # Backup metadata version to be used when backing up volume # metadata. If this number is bumped, make sure the service # doing the restore supports the new version. (integer value) -#backup_metadata_version=1 +#backup_metadata_version=2 + +# The number of chunks or objects, for which one Ceilometer +# notification will be sent (integer value) +#backup_object_number_per_notification=10 + +# Interval, in seconds, between two progress notifications +# reporting the backup status (integer value) +#backup_timer_interval=120 # @@ -415,6 +332,42 @@ control_exchange=cinder # +# Options defined in cinder.backup.drivers.nfs +# + +# The maximum size in bytes of the files used to hold backups. +# If the volume being backed up exceeds this size, then it +# will be backed up into multiple files. (integer value) +#backup_file_size=1999994880 + +# The size in bytes that changes are tracked for incremental +# backups. backup_swift_object_size has to be multiple of +# backup_swift_block_size. (integer value) +#backup_sha_block_size_bytes=32768 + +# Enable or Disable the timer to send the periodic progress +# notifications to Ceilometer when backing up the volume to +# the backend storage. The default value is True to enable the +# timer. (boolean value) +#backup_enable_progress_timer=true + +# Base dir containing mount point for NFS share. (string +# value) +#backup_mount_point_base=$state_path/backup_mount + +# NFS share in fqdn:path, ipv4addr:path, or "[ipv6addr]:path" +# format. (string value) +#backup_share=<None> + +# Mount options passed to the NFS client. See NFS man page for +# details. (string value) +#backup_mount_options=<None> + +# Custom container to use for backups. (string value) +#backup_container=<None> + + +# # Options defined in cinder.backup.drivers.swift # @@ -450,6 +403,11 @@ control_exchange=cinder # The size in bytes of Swift backup objects (integer value) #backup_swift_object_size=52428800 +# The size in bytes that changes are tracked for incremental +# backups. backup_swift_object_size has to be multiple of +# backup_swift_block_size. (integer value) +#backup_swift_block_size=32768 + # The number of retries to make for Swift operations (integer # value) #backup_swift_retry_attempts=3 @@ -458,8 +416,11 @@ control_exchange=cinder # value) #backup_swift_retry_backoff=2 -# Compression algorithm (None to disable) (string value) -#backup_compression_algorithm=zlib +# Enable or Disable the timer to send the periodic progress +# notifications to Ceilometer when backing up the volume to +# the Swift backend storage. The default value is True to +# enable the timer. (boolean value) +#backup_swift_enable_progress_timer=true # @@ -487,23 +448,51 @@ control_exchange=cinder # +# Options defined in cinder.cmd.volume +# + +# Backend override of host value. (string value) +# Deprecated group/name - [DEFAULT]/host +#backend_host=<None> + + +# +# Options defined in cinder.cmd.volume_usage_audit +# + +# If this option is specified then the start time specified is +# used instead of the start time of the last completed audit +# period. (string value) +#start_time=<None> + +# If this option is specified then the end time specified is +# used instead of the end time of the last completed audit +# period. (string value) +#end_time=<None> + +# Send the volume and snapshot create and delete notifications +# generated in the specified period. (boolean value) +#send_actions=false + + +# # Options defined in cinder.common.config # # File name for the paste.deploy config for cinder-api (string # value) -api_paste_config=api-paste.ini +#api_paste_config=api-paste.ini # Top-level directory for maintaining cinder's state (string # value) # Deprecated group/name - [DEFAULT]/pybasedir -state_path=/var/lib/cinder +#state_path=/var/lib/cinder # IP address of this host (string value) -my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +#my_ip=10.0.0.1 # Default glance host name or IP (string value) -glance_host={{ CONTROLLER_HOST_ADDRESS }} +#glance_host=$my_ip # Default glance port (integer value) #glance_port=9292 @@ -597,7 +586,7 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # Path to the rootwrap configuration file to use for running # commands as root (string value) -rootwrap_config=/etc/cinder/rootwrap.conf +#rootwrap_config=/etc/cinder/rootwrap.conf # Enable monkey patching (boolean value) #monkey_patch=false @@ -619,14 +608,14 @@ rootwrap_config=/etc/cinder/rootwrap.conf # The strategy to use for auth. Supports noauth, keystone, and # deprecated. (string value) -auth_strategy=keystone +#auth_strategy=noauth # A list of backend names to use. These backend names should # be backed by a unique [CONFIG] group with its options (list # value) #enabled_backends=<None> -# Whether snapshots count against GigaByte quota (boolean +# Whether snapshots count against gigabyte quota (boolean # value) #no_snapshot_gb_quota=false @@ -642,6 +631,19 @@ auth_strategy=keystone # (string value) #consistencygroup_api_class=cinder.consistencygroup.api.API +# OpenStack privileged account username. Used for requests to +# other services (such as Nova) that require an account with +# special rights. (string value) +#os_privileged_user_name=<None> + +# Password associated with the OpenStack privileged account. +# (string value) +#os_privileged_user_password=<None> + +# Tenant name associated with the OpenStack privileged +# account. (string value) +#os_privileged_user_tenant=<None> + # # Options defined in cinder.compute @@ -659,11 +661,11 @@ auth_strategy=keystone # Match this value when searching for nova in the service # catalog. Format is: separated values of the form: # <service_type>:<service_name>:<endpoint_type> (string value) -#nova_catalog_info=compute:nova:publicURL +#nova_catalog_info=compute:Compute Service:publicURL # Same as nova_catalog_info, but for admin endpoint. (string # value) -#nova_catalog_admin_info=compute:nova:adminURL +#nova_catalog_admin_info=compute:Compute Service:adminURL # Override service catalog lookup with template for nova # endpoint e.g. http://localhost:8774/v2/%(project_id)s @@ -690,16 +692,13 @@ auth_strategy=keystone # Options defined in cinder.db.api # -# The backend to use for db (string value) -#db_backend=sqlalchemy - # Services to be added to the available pool on create # (boolean value) #enable_new_services=true # Template string to be used to generate volume names (string # value) -volume_name_template=volume-%s +#volume_name_template=volume-%s # Template string to be used to generate snapshot names # (string value) @@ -756,112 +755,6 @@ volume_name_template=volume-%s # -# Options defined in cinder.openstack.common.lockutils -# - -# Whether to disable inter-process locks (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. Default to a temp directory -# (string value) -lock_path=/var/lock/cinder - - -# -# Options defined in cinder.openstack.common.log -# - -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> - -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format=<None> - -# Format string for %%(asctime)s in log records. Default: -# %(default)s . (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> - -# (Optional) The base directory used for relative --log-file -# paths. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> - -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and will change in J to honor RFC5424. (boolean -# value) -use_syslog = True - -# (Optional) Enables or disables syslog rfc5424 format for -# logging. If enabled, prefixes the MSG part of the syslog -# message with APP-NAME (RFC5424). The format without the APP- -# NAME is deprecated in I, and will be removed in J. (boolean -# value) -#use_syslog_rfc_format=false - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility=LOG_USER - - -# # Options defined in cinder.openstack.common.periodic_task # @@ -881,6 +774,23 @@ use_syslog = True # (string value) #policy_default_rule=default +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. The +# file defined by policy_file must exist for these directories +# to be searched. Missing or empty directories are ignored. +# (multi valued) +#policy_dirs=policy.d + + +# +# Options defined in cinder.openstack.common.versionutils +# + +# Enables or disables fatal status of deprecations. (boolean +# value) +#fatal_deprecations=false + # # Options defined in cinder.scheduler.driver @@ -995,12 +905,12 @@ use_syslog = True # volume (integer value) #num_iser_scan_tries=3 -# The maximum number of iSER target IDs per host (integer -# value) -#iser_num_targets=100 +# This option is deprecated and unused. It will be removed in +# the Liberty release. (integer value) +#iser_num_targets=<None> # Prefix for iSER volumes (string value) -#iser_target_prefix=iqn.2010-10.org.iser.openstack: +#iser_target_prefix=iqn.2010-10.org.openstack: # The IP address that the iSER daemon is listening on (string # value) @@ -1022,16 +932,20 @@ use_syslog = True # value) #reserved_percentage=0 -# The maximum number of iSCSI target IDs per host (integer -# value) -#iscsi_num_targets=100 +# This option is deprecated and unused. It will be removed in +# the Liberty release. (integer value) +#iscsi_num_targets=<None> # Prefix for iSCSI volumes (string value) #iscsi_target_prefix=iqn.2010-10.org.openstack: # The IP address that the iSCSI daemon is listening on (string # value) -iscsi_ip_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +#iscsi_ip_address=$my_ip + +# The list of secondary IP addresses of the iSCSI daemon (list +# value) +#iscsi_secondary_ip_addresses= # The port that the iSCSI daemon is listening on (integer # value) @@ -1044,15 +958,19 @@ iscsi_ip_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # The backend name for a given driver implementation (string # value) -volume_backend_name=LVM_iSCSI +#volume_backend_name=<None> # Do we attach/detach volumes in cinder using multipath for # volume to image and image to volume transfers? (boolean # value) #use_multipath_for_image_xfer=false -# Method used to wipe old volumes (valid options are: none, -# zero, shred) (string value) +# If this is set to True, attachment of volumes for image +# transfer will be aborted when multipathd is not running. +# Otherwise, it will fallback to single path. (boolean value) +#enforce_multipath_for_image_xfer=false + +# Method used to wipe old volumes (string value) #volume_clear=zero # Size in MiB to wipe at start of old volumes. 0 => all @@ -1065,18 +983,24 @@ volume_backend_name=LVM_iSCSI #volume_clear_ionice=<None> # iSCSI target user-land tool to use. tgtadm is default, use -# lioadm for LIO iSCSI support, iseradm for the ISER protocol, -# or fake for testing. (string value) -iscsi_helper=lioadm +# lioadm for LIO iSCSI support, scstadmin for SCST target +# support, iseradm for the ISER protocol, ietadm for iSCSI +# Enterprise Target, iscsictl for Chelsio iSCSI Target or fake +# for testing. (string value) +#iscsi_helper=tgtadm # Volume configuration file storage directory (string value) -volumes_dir=$state_path/volumes +#volumes_dir=$state_path/volumes # IET configuration file (string value) #iet_conf=/etc/iet/ietd.conf -# Comma-separated list of initiator IQNs allowed to connect to -# the iSCSI target. (From Nova compute nodes.) (string value) +# Chiscsi (CXT) global defaults configuration file (string +# value) +#chiscsi_conf=/etc/chelsio-iscsi/chiscsi.conf + +# This option is deprecated and unused. It will be removed in +# the next release. (string value) #lio_initiator_iqns= # Sets the behavior of the iSCSI target to either perform @@ -1102,6 +1026,13 @@ volumes_dir=$state_path/volumes # value) #iscsi_write_cache=on +# Determines the iSCSI protocol for new iSCSI volumes, created +# with tgtadm or lioadm target helpers. In order to enable +# RDMA, this parameter should be set with the value "iser". +# The supported iSCSI protocol values are "iscsi" and "iser". +# (string value) +#iscsi_protocol=iscsi + # The path to the client certificate key for verification, if # the driver supports it. (string value) #driver_client_cert_key=<None> @@ -1110,6 +1041,57 @@ volumes_dir=$state_path/volumes # driver supports it. (string value) #driver_client_cert=<None> +# Tell driver to use SSL for connection to backend storage if +# the driver supports it. (boolean value) +#driver_use_ssl=false + +# Float representation of the over subscription ratio when +# thin provisioning is involved. Default ratio is 20.0, +# meaning provisioned capacity can be 20 times of the total +# physical capacity. If the ratio is 10.5, it means +# provisioned capacity can be 10.5 times of the total physical +# capacity. A ratio of 1.0 means provisioned capacity cannot +# exceed the total physical capacity. A ratio lower than 1.0 +# will be ignored and the default value will be used instead. +# (floating point value) +#max_over_subscription_ratio=20.0 + +# Certain ISCSI targets have predefined target names, SCST +# target driver uses this name. (string value) +#scst_target_iqn_name=<None> + +# SCST target implementation can choose from multiple SCST +# target drivers. (string value) +#scst_target_driver=iscsi + +# Option to enable/disable CHAP authentication for targets. +# (boolean value) +# Deprecated group/name - [DEFAULT]/eqlx_use_chap +#use_chap_auth=false + +# CHAP user name. (string value) +# Deprecated group/name - [DEFAULT]/eqlx_chap_login +#chap_username= + +# Password for specified CHAP account name. (string value) +# Deprecated group/name - [DEFAULT]/eqlx_chap_password +#chap_password= + +# Namespace for driver private data values to be saved in. +# (string value) +#driver_data_namespace=<None> + +# String representation for an equation that will be used to +# filter hosts. Only used when the driver filter is set to be +# used by the Cinder scheduler. (string value) +#filter_function=<None> + +# String representation for an equation that will be used to +# determine the goodness of a host. Only used when using the +# goodness weigher is set to be used by the Cinder scheduler. +# (string value) +#goodness_function=<None> + # # Options defined in cinder.volume.drivers.block_device @@ -1120,31 +1102,47 @@ volumes_dir=$state_path/volumes # -# Options defined in cinder.volume.drivers.coraid +# Options defined in cinder.volume.drivers.cloudbyte.options # -# IP address of Coraid ESM (string value) -#coraid_esm_address= +# These values will be used for CloudByte storage's addQos API +# call. (dict value) +#cb_add_qosgroup=latency:15,iops:10,graceallowed:false,iopscontrol:true,memlimit:0,throughput:0,tpcontrol:false,networkspeed:0 + +# Driver will use this API key to authenticate against the +# CloudByte storage's management interface. (string value) +#cb_apikey=None -# User name to connect to Coraid ESM (string value) -#coraid_user=admin +# CloudByte storage specific account name. This maps to a +# project name in OpenStack. (string value) +#cb_account_name=None -# Name of group on Coraid ESM to which coraid_user belongs -# (must have admin privilege) (string value) -#coraid_group=admin +# This corresponds to the name of Tenant Storage Machine (TSM) +# in CloudByte storage. A volume will be created in this TSM. +# (string value) +#cb_tsm_name=None -# Password to connect to Coraid ESM (string value) -#coraid_password=password +# A retry value in seconds. Will be used by the driver to +# check if volume creation was successful in CloudByte +# storage. (integer value) +#cb_confirm_volume_create_retry_interval=5 -# Volume Type key name to store ESM Repository Name (string +# Will confirm a successful volume creation in CloudByte +# storage by making this many number of attempts. (integer # value) -#coraid_repository_key=coraid_repository +#cb_confirm_volume_create_retries=3 + +# These values will be used for CloudByte storage's +# createVolume API call. (dict value) +#cb_create_volume=compression:off,deduplication:off,blocklength:512B,sync:always,protocoltype:ISCSI,recordsize:16k # # Options defined in cinder.volume.drivers.datera # +# DEPRECATED: This will be removed in the Liberty release. Use +# san_login and san_password instead. This directly sets the # Datera API token. (string value) #datera_api_token=<None> @@ -1159,6 +1157,25 @@ volumes_dir=$state_path/volumes # +# Options defined in cinder.volume.drivers.dell.dell_storagecenter_common +# + +# Storage Center System Serial Number (integer value) +#dell_sc_ssn=64702 + +# Dell API port (integer value) +#dell_sc_api_port=3033 + +# Name of the server folder to use on the Storage Center +# (string value) +#dell_sc_server_folder=openstack + +# Name of the volume folder to use on the Storage Center +# (string value) +#dell_sc_volume_folder=openstack + + +# # Options defined in cinder.volume.drivers.emc.emc_vmax_common # @@ -1211,60 +1228,69 @@ volumes_dir=$state_path/volumes # False. (boolean value) #initiator_auto_registration=false +# Automatically deregister initiators after the related +# storage group is destroyed. By default, the value is False. +# (boolean value) +#initiator_auto_deregistration=false + +# Report free_capacity_gb as 0 when the limit to maximum +# number of pool LUNs is reached. By default, the value is +# False. (boolean value) +#check_max_pool_luns_threshold=false + +# Delete a LUN even if it is in Storage Groups. (boolean +# value) +#force_delete_lun_in_storagegroup=false + + +# +# Options defined in cinder.volume.drivers.emc.xtremio +# + +# XMS cluster id in multi-cluster environment (string value) +#xtremio_cluster_name= + # # Options defined in cinder.volume.drivers.eqlx # -# Group name to use for creating volumes (string value) +# Group name to use for creating volumes. Defaults to +# "group-0". (string value) #eqlx_group_name=group-0 -# Timeout for the Group Manager cli command execution (integer -# value) +# Timeout for the Group Manager cli command execution. Default +# is 30. (integer value) #eqlx_cli_timeout=30 -# Maximum retry count for reconnection (integer value) +# Maximum retry count for reconnection. Default is 5. (integer +# value) #eqlx_cli_max_retries=5 -# Use CHAP authentication for targets? (boolean value) +# Use CHAP authentication for targets. Note that this option +# is deprecated in favour of "use_chap_auth" as specified in +# cinder/volume/driver.py and will be removed in next release. +# (boolean value) #eqlx_use_chap=false -# Existing CHAP account name (string value) +# Existing CHAP account name. Note that this option is +# deprecated in favour of "chap_username" as specified in +# cinder/volume/driver.py and will be removed in next release. +# (string value) #eqlx_chap_login=admin -# Password for specified CHAP account name (string value) +# Password for specified CHAP account name. Note that this +# option is deprecated in favour of "chap_password" as +# specified in cinder/volume/driver.py and will be removed in +# the next release (string value) #eqlx_chap_password=password -# Pool in which volumes will be created (string value) +# Pool in which volumes will be created. Defaults to +# "default". (string value) #eqlx_pool=default # -# Options defined in cinder.volume.drivers.fujitsu_eternus_dx_common -# - -# The configuration file for the Cinder SMI-S driver (string -# value) -#cinder_smis_config_file=/etc/cinder/cinder_fujitsu_eternus_dx.xml - - -# -# Options defined in cinder.volume.drivers.fusionio.ioControl -# - -# amount of time wait for iSCSI target to come online (integer -# value) -#fusionio_iocontrol_targetdelay=5 - -# number of retries for GET operations (integer value) -#fusionio_iocontrol_retry=3 - -# verify the array certificate on each transaction (boolean -# value) -#fusionio_iocontrol_verify_cert=true - - -# # Options defined in cinder.volume.drivers.glusterfs # @@ -1407,6 +1433,20 @@ volumes_dir=$state_path/volumes # +# Options defined in cinder.volume.drivers.ibm.flashsystem +# + +# Connection protocol should be FC. (string value) +#flashsystem_connection_protocol=FC + +# Connect with multipath (FC only). (boolean value) +#flashsystem_multipath_enabled=false + +# Allows vdisk to multi host mapping. (boolean value) +#flashsystem_multihostmap_enabled=true + + +# # Options defined in cinder.volume.drivers.ibm.gpfs # @@ -1452,22 +1492,6 @@ volumes_dir=$state_path/volumes # Options defined in cinder.volume.drivers.ibm.ibmnas # -# IP address or Hostname of NAS system. (string value) -#nas_ip= - -# User name to connect to NAS system. (string value) -#nas_login=admin - -# Password to connect to NAS system. (string value) -#nas_password= - -# SSH port to use to connect to NAS system. (integer value) -#nas_ssh_port=22 - -# Filename of private key to use for SSH authentication. -# (string value) -#nas_private_key= - # IBMNAS platform type to be used as backend storage; valid # values are - v7ku : for using IBM Storwize V7000 Unified, # sonas : for using IBM Scale Out NAS, gpfs-nas : for using @@ -1550,8 +1574,7 @@ volumes_dir=$state_path/volumes # value) #xiv_ds8k_proxy=xiv_ds8k_openstack.nova_proxy.XIVDS8KNovaProxy -# Connection type to the IBM Storage Array -# (fibre_channel|iscsi) (string value) +# Connection type to the IBM Storage Array (string value) #xiv_ds8k_connection_type=iscsi # CHAP authentication mode, effective only for iscsi @@ -1565,17 +1588,22 @@ volumes_dir=$state_path/volumes # Name for the VG that will contain exported volumes (string # value) -volume_group=cinder-volumes +#volume_group=cinder-volumes # If >0, create LVs with multiple mirrors. Note that this # requires lvm_mirrors + 2 PVs with available space (integer # value) #lvm_mirrors=0 -# Type of LVM volumes to deploy; (default or thin) (string -# value) +# Type of LVM volumes to deploy (string value) #lvm_type=default +# LVM conf file to use for the LVM driver in Cinder; this +# setting is ignored if the specified file does not exist (You +# can also specify 'None' to not use a conf file even if one +# exists). (string value) +#lvm_conf_file=/etc/cinder/lvm.conf + # # Options defined in cinder.volume.drivers.netapp.options @@ -1584,11 +1612,18 @@ volume_group=cinder-volumes # The vFiler unit on which provisioning of block storage # volumes will be done. This option is only used by the driver # when connecting to an instance with a storage family of Data -# ONTAP operating in 7-Mode and the storage protocol selected -# is iSCSI. Only use this option when utilizing the MultiStore -# feature on the NetApp storage system. (string value) +# ONTAP operating in 7-Mode. Only use this option when +# utilizing the MultiStore feature on the NetApp storage +# system. (string value) #netapp_vfiler=<None> +# The name of the config.conf stanza for a Data ONTAP (7-mode) +# HA partner. This option is only used by the driver when +# connecting to an instance with a storage family of Data +# ONTAP operating in 7-Mode, and it is required if the storage +# protocol selected is FC. (string value) +#netapp_partner_backend_name=<None> + # Administrative user account name used to access the storage # system or proxy server. (string value) #netapp_login=<None> @@ -1599,14 +1634,7 @@ volume_group=cinder-volumes # This option specifies the virtual storage server (Vserver) # name on the storage cluster on which provisioning of block -# storage volumes should occur. If using the NFS storage -# protocol, this parameter is mandatory for storage service -# catalog support (utilized by Cinder volume type extra_specs -# support). If this option is specified, the exports belonging -# to the Vserver will only be used for provisioning in the -# future. Block storage volumes on exports not belonging to -# the Vserver specified by this option will continue to -# function normally. (string value) +# storage volumes should occur. (string value) #netapp_vserver=<None> # The hostname (or IP address) for the storage system or proxy @@ -1614,11 +1642,10 @@ volume_group=cinder-volumes #netapp_server_hostname=<None> # The TCP port to use for communication with the storage -# system or proxy server. Traditionally, port 80 is used for -# HTTP and port 443 is used for HTTPS; however, this value -# should be changed if an alternate port has been configured -# on the storage system or proxy server. (integer value) -#netapp_server_port=80 +# system or proxy server. If not specified, Data ONTAP drivers +# will use 80 for HTTP and 443 for HTTPS; E-Series will use +# 8080 for HTTP and 8443 for HTTPS. (integer value) +#netapp_server_port=<None> # This option is used to specify the path to the E-Series # proxy application on a proxy server. The value is combined @@ -1687,11 +1714,11 @@ volume_group=cinder-volumes #netapp_size_multiplier=1.2 # This option is only utilized when the storage protocol is -# configured to use iSCSI. This option is used to restrict -# provisioning to the specified controller volumes. Specify -# the value of this option to be a comma separated list of -# NetApp controller volume names to be used for provisioning. -# (string value) +# configured to use iSCSI or FC. This option is used to +# restrict provisioning to the specified controller volumes. +# Specify the value of this option to be a comma separated +# list of NetApp controller volume names to be used for +# provisioning. (string value) #netapp_volume_list=<None> # The storage family type used on the storage system; valid @@ -1701,89 +1728,15 @@ volume_group=cinder-volumes #netapp_storage_family=ontap_cluster # The storage protocol to be used on the data path with the -# storage system; valid values are iscsi or nfs. (string -# value) +# storage system. (string value) #netapp_storage_protocol=<None> # The transport protocol used when communicating with the -# storage system or proxy server. Valid values are http or -# https. (string value) +# storage system or proxy server. (string value) #netapp_transport_type=http # -# Options defined in cinder.volume.drivers.nexenta.options -# - -# IP address of Nexenta SA (string value) -#nexenta_host= - -# HTTP port to connect to Nexenta REST API server (integer -# value) -#nexenta_rest_port=2000 - -# Use http or https for REST connection (default auto) (string -# value) -#nexenta_rest_protocol=auto - -# User name to connect to Nexenta SA (string value) -#nexenta_user=admin - -# Password to connect to Nexenta SA (string value) -#nexenta_password=nexenta - -# Nexenta target portal port (integer value) -#nexenta_iscsi_target_portal_port=3260 - -# SA Pool that holds all volumes (string value) -#nexenta_volume=cinder - -# IQN prefix for iSCSI targets (string value) -#nexenta_target_prefix=iqn.1986-03.com.sun:02:cinder- - -# Prefix for iSCSI target groups on SA (string value) -#nexenta_target_group_prefix=cinder/ - -# File with the list of available nfs shares (string value) -#nexenta_shares_config=/etc/cinder/nfs_shares - -# Base directory that contains NFS share mount points (string -# value) -#nexenta_mount_point_base=$state_path/mnt - -# Enables or disables the creation of volumes as sparsed files -# that take no space. If disabled (False), volume is created -# as a regular file, which takes a long time. (boolean value) -#nexenta_sparsed_volumes=true - -# Default compression value for new ZFS folders. (string -# value) -#nexenta_volume_compression=on - -# If set True cache NexentaStor appliance volroot option -# value. (boolean value) -#nexenta_nms_cache_volroot=true - -# Enable stream compression, level 1..9. 1 - gives best speed; -# 9 - gives best compression. (integer value) -#nexenta_rrmgr_compression=0 - -# TCP Buffer size in KiloBytes. (integer value) -#nexenta_rrmgr_tcp_buf_size=4096 - -# Number of TCP connections. (integer value) -#nexenta_rrmgr_connections=2 - -# Block size for volumes (default=blank means 8KB) (string -# value) -#nexenta_blocksize= - -# Enables or disables the creation of sparse volumes (boolean -# value) -#nexenta_sparse=false - - -# # Options defined in cinder.volume.drivers.nfs # @@ -1813,6 +1766,11 @@ volume_group=cinder-volumes # nfs man page for details. (string value) #nfs_mount_options=<None> +# The number of attempts to mount nfs shares before raising an +# error. At least one attempt will be made to mount an nfs +# share, regardless of the value specified. (integer value) +#nfs_mount_attempts=3 + # # Options defined in cinder.volume.drivers.nimble @@ -1826,6 +1784,15 @@ volume_group=cinder-volumes # +# Options defined in cinder.volume.drivers.openvstorage +# + +# Vpool to use for volumes - backend is defined by vpool not +# by us. (string value) +#vpool_name= + + +# # Options defined in cinder.volume.drivers.prophetstor.options # @@ -1846,6 +1813,31 @@ volume_group=cinder-volumes # +# Options defined in cinder.volume.drivers.quobyte +# + +# URL to the Quobyte volume e.g., quobyte://<DIR host>/<volume +# name> (string value) +#quobyte_volume_url=<None> + +# Path to a Quobyte Client configuration file. (string value) +#quobyte_client_cfg=<None> + +# Create volumes as sparse files which take no space. If set +# to False, volume is created as regular file.In such case +# volume creation takes a lot of time. (boolean value) +#quobyte_sparsed_volumes=true + +# Create volumes as QCOW2 files rather than raw files. +# (boolean value) +#quobyte_qcow2_volumes=true + +# Base dir containing the mount point for the Quobyte volume. +# (string value) +#quobyte_mount_point_base=$state_path/mnt + + +# # Options defined in cinder.volume.drivers.rbd # @@ -1869,7 +1861,8 @@ volume_group=cinder-volumes # Directory where temporary image files are stored when the # volume driver does not write them directly to the volume. -# (string value) +# Warning: this option is now deprecated, please use +# image_conversion_dir instead. (string value) #volume_tmp_dir=<None> # Maximum number of nested volume clones that are taken before @@ -1907,6 +1900,32 @@ volume_group=cinder-volumes # (string value) #nas_private_key= +# Allow network-attached storage systems to operate in a +# secure environment where root level access is not permitted. +# If set to False, access is as the root user and insecure. If +# set to True, access is not as root. If set to auto, a check +# is done to determine if this is a new installation: True is +# used if so, otherwise False. Default is auto. (string value) +#nas_secure_file_operations=auto + +# Set more secure file permissions on network-attached storage +# volume files to restrict broad other/world access. If set to +# False, volumes are created with open permissions. If set to +# True, volumes are created with permissions for the cinder +# user and group (660). If set to auto, a check is done to +# determine if this is a new installation: True is used if so, +# otherwise False. Default is auto. (string value) +#nas_secure_file_permissions=auto + +# Path to the share to use for storing Cinder volumes. For +# example: "/srv/export1" for an NFS server export available +# at 10.0.5.10:/srv/export1 . (string value) +#nas_share_path= + +# Options used to mount the storage backend file system where +# Cinder volumes are stored. (string value) +#nas_mount_options=<None> + # # Options defined in cinder.volume.drivers.san.hp.hp_3par_common @@ -1922,11 +1941,11 @@ volume_group=cinder-volumes # 3PAR Super user password (string value) #hp3par_password= -# The CPG to use for volume creation (string value) +# List of the CPG(s) to use for volume creation (list value) #hp3par_cpg=OpenStack -# The CPG to use for Snapshots for volumes. If empty -# hp3par_cpg will be used (string value) +# The CPG to use for Snapshots for volumes. If empty the +# userCPG will be used. (string value) #hp3par_cpg_snap= # The time in hours to retain a snapshot. You can't delete it @@ -1974,14 +1993,6 @@ volume_group=cinder-volumes # -# Options defined in cinder.volume.drivers.san.hp.hp_msa_common -# - -# The VDisk to use for volume creation. (string value) -#msa_vdisk=OpenStack - - -# # Options defined in cinder.volume.drivers.san.san # @@ -2022,15 +2033,6 @@ volume_group=cinder-volumes # -# Options defined in cinder.volume.drivers.san.solaris -# - -# The ZFS path under which to create zvols for volumes. -# (string value) -#san_zfs_volume_base=rpool/ - - -# # Options defined in cinder.volume.drivers.scality # @@ -2053,8 +2055,7 @@ volume_group=cinder-volumes #smbfs_shares_config=/etc/cinder/smbfs_shares # Default format that will be used when creating volumes if no -# volume format is specified. Can be set to: raw, qcow2, vhd -# or vhdx. (string value) +# volume format is specified. (string value) #smbfs_default_volume_format=qcow2 # Create volumes as sparsed files which take no space rather @@ -2097,12 +2098,48 @@ volume_group=cinder-volumes # default behavior). The default is NO prefix. (string value) #sf_account_prefix=<None> +# Account name on the SolidFire Cluster to use as owner of +# template/cache volumes (created if does not exist). (string +# value) +#sf_template_account_name=openstack-vtemplate + +# Create an internal cache of copy of images when a bootable +# volume is created to eliminate fetch from glance and qemu- +# conversion on subsequent calls. (boolean value) +#sf_allow_template_caching=true + # SolidFire API port. Useful if the device api is behind a # proxy on a different port. (integer value) #sf_api_port=443 # +# Options defined in cinder.volume.drivers.srb +# + +# Comma-separated list of REST servers IP to connect to. (eg +# http://IP1/,http://IP2:81/path (string value) +#srb_base_urls=<None> + + +# +# Options defined in cinder.volume.drivers.violin.v6000_common +# + +# IP address or hostname of mg-a (string value) +#gateway_mga=<None> + +# IP address or hostname of mg-b (string value) +#gateway_mgb=<None> + +# Use igroups to manage targets and initiators (boolean value) +#use_igroups=false + +# Global backend request timeout, in seconds (integer value) +#request_timeout=300 + + +# # Options defined in cinder.volume.drivers.vmware.vmdk # @@ -2165,98 +2202,55 @@ volume_group=cinder-volumes # -# Options defined in cinder.volume.drivers.zadara +# Options defined in cinder.volume.drivers.xio # -# Management IP of Zadara VPSA (string value) -#zadara_vpsa_ip=<None> +# Default storage pool for volumes. (integer value) +#ise_storage_pool=1 -# Zadara VPSA port number (string value) -#zadara_vpsa_port=<None> +# Raid level for ISE volumes. (integer value) +#ise_raid=1 -# Use SSL connection (boolean value) -#zadara_vpsa_use_ssl=false +# Number of retries (per port) when establishing connection to +# ISE management port. (integer value) +#ise_connection_retries=5 -# User name for the VPSA (string value) -#zadara_user=<None> +# Interval (secs) between retries. (integer value) +#ise_retry_interval=1 -# Password for the VPSA (string value) -#zadara_password=<None> +# Number on retries to get completion status after issuing a +# command to ISE. (integer value) +#ise_completion_retries=30 -# Name of VPSA storage pool for volumes (string value) -#zadara_vpsa_poolname=<None> -# Default thin provisioning policy for volumes (boolean value) -#zadara_vol_thin=true - -# Default encryption policy for volumes (boolean value) -#zadara_vol_encrypt=false +# +# Options defined in cinder.volume.drivers.zfssa.zfssanfs +# -# Default template for VPSA volume names (string value) -#zadara_vol_name_template=OS_%s +# Data path IP address (string value) +#zfssa_data_ip=<None> -# Automatically detach from servers on volume delete (boolean -# value) -#zadara_vpsa_auto_detach_on_delete=true +# HTTPS port number (string value) +#zfssa_https_port=443 -# Don't halt on deletion of non-existing volumes (boolean +# Options to be passed while mounting share over nfs (string # value) -#zadara_vpsa_allow_nonexistent_delete=true - - -# -# Options defined in cinder.volume.drivers.zfssa.zfssaiscsi -# +#zfssa_nfs_mount_options= # Storage pool name. (string value) -#zfssa_pool=<None> +#zfssa_nfs_pool= # Project name. (string value) -#zfssa_project=<None> +#zfssa_nfs_project=NFSProject -# Block size: 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k. -# (string value) -#zfssa_lun_volblocksize=8k +# Share name. (string value) +#zfssa_nfs_share=nfs_share -# Flag to enable sparse (thin-provisioned): True, False. -# (boolean value) -#zfssa_lun_sparse=false - -# Data compression-off, lzjb, gzip-2, gzip, gzip-9. (string -# value) -#zfssa_lun_compression= +# Data compression. (string value) +#zfssa_nfs_share_compression=off # Synchronous write bias-latency, throughput. (string value) -#zfssa_lun_logbias= - -# iSCSI initiator group. (string value) -#zfssa_initiator_group= - -# iSCSI initiator IQNs. (comma separated) (string value) -#zfssa_initiator= - -# iSCSI initiator CHAP user. (string value) -#zfssa_initiator_user= - -# iSCSI initiator CHAP password. (string value) -#zfssa_initiator_password= - -# iSCSI target group name. (string value) -#zfssa_target_group=tgt-grp - -# iSCSI target CHAP user. (string value) -#zfssa_target_user= - -# iSCSI target CHAP password. (string value) -#zfssa_target_password= - -# iSCSI target portal (Data-IP:Port, w.x.y.z:3260). (string -# value) -#zfssa_target_portal=<None> - -# Network interfaces of iSCSI targets. (comma separated) -# (string value) -#zfssa_target_interfaces=<None> +#zfssa_nfs_share_logbias=latency # REST connection timeout. (seconds) (integer value) #zfssa_rest_timeout=<None> @@ -2267,7 +2261,7 @@ volume_group=cinder-volumes # # Driver to use for volume creation (string value) -volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver +#volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver # Timeout for creating the volume to migrate to when # performing volume migration (seconds) (integer value) @@ -2281,7 +2275,12 @@ volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver #zoning_mode=none # User defined capabilities, a JSON formatted string -# specifying key/value pairs. (string value) +# specifying key/value pairs. The key/value pairs can be used +# by the CapabilitiesFilter to select between backends when +# requests specify volume types. For example, specifying a +# service level or the geographical location of a backend, +# then creating a volume type to allow the user to select by +# these different properties. (string value) #extra_capabilities={} @@ -2350,112 +2349,6 @@ volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver [database] # -# Options defined in oslo.db -# - -# The file name to use with SQLite. (string value) -#sqlite_db=oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous=true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy - -# The SQLAlchemy connection string to use to connect to the -# database. (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/cinder - -# The SQLAlchemy connection string to use to connect to the -# slave database. (string value) -#slave_connection=<None> - -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode=TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size=<None> - -# Maximum number of database connection retries during -# startup. Set to -1 to specify an infinite retry count. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 - -# Interval between retries of opening a SQL connection. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 - -# If set, use this value for max_overflow with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow=<None> - -# Verbosity of SQL debugging information: 0=None, -# 100=Everything. (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 - -# Add Python stack traces to SQL as comment strings. (boolean -# value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false - -# If set, use this value for pool_timeout with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout=<None> - -# Enable the experimental use of database reconnect on -# connection lost. (boolean value) -#use_db_reconnect=false - -# Seconds between database connection retries. (integer value) -#db_retry_interval=1 - -# If True, increases the interval between database connection -# retries up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval=true - -# If db_inc_retry_interval is set, the maximum seconds between -# database connection retries. (integer value) -#db_max_retry_interval=10 - -# Maximum database connection retries before error is raised. -# Set to -1 to specify an infinite retry count. (integer -# value) -#db_max_retries=20 - - -# # Options defined in oslo.db.concurrency # @@ -2491,15 +2384,16 @@ connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROL # value) #zone_driver=cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver.BrcdFCZoneDriver -# Zoning policy configured by user (string value) +# Zoning policy configured by user; valid values include +# "initiator-target" or "initiator" (string value) #zoning_policy=initiator-target -# Comma separated list of fibre channel fabric names. This +# Comma separated list of Fibre Channel fabric names. This # list of names is used to retrieve other SAN credentials for # connecting to each SAN fabric (string value) #fc_fabric_names=<None> -# FC San Lookup Service (string value) +# FC SAN Lookup Service (string value) #fc_san_lookup_service=cinder.zonemanager.drivers.brocade.brcd_fc_san_lookup_service.BrcdFCSanLookupService @@ -2528,7 +2422,7 @@ connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROL # # Authentication url for encryption service. (string value) -#encryption_auth_url=http://localhost:5000/v2.0 +#encryption_auth_url=http://localhost:5000/v3 # Url for encryption service. (string value) #encryption_api_url=http://localhost:9311/v1 @@ -2540,73 +2434,34 @@ connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROL # Options defined in keystonemiddleware.auth_token # -# Prefix to prepend at the beginning of the path. Deprecated, -# use identity_uri. (string value) -#auth_admin_prefix= - -# Host providing the admin Identity API endpoint. Deprecated, -# use identity_uri. (string value) -#auth_host=127.0.0.1 +# Complete public Identity API endpoint. (string value) +#auth_uri=<None> -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -#auth_port=35357 - -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -#auth_protocol=https - -# Complete public Identity API endpoint (string value) -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 - -# Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint e.g. https://localhost:35357/ -# (string value) -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 - -# API version of the admin Identity API endpoint (string +# API version of the admin Identity API endpoint. (string # value) #auth_version=<None> # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI -# components (boolean value) +# components. (boolean value) #delay_auth_decision=false # Request timeout value for communicating with Identity API -# server. (boolean value) +# server. (integer value) #http_connect_timeout=<None> # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries=3 -# This option is deprecated and may be removed in a future -# release. Single shared secret with the Keystone -# configuration used for bootstrapping a Keystone -# installation, or otherwise bypassing the normal -# authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token=<None> - -# Keystone account username (string value) -admin_user={{ CINDER_SERVICE_USER }} - -# Keystone account password (string value) -admin_password={{ CINDER_SERVICE_PASSWORD }} - -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name=service - -# Env key for the swift cache (string value) +# Env key for the swift cache. (string value) #cache=<None> -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #certfile=<None> -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #keyfile=<None> @@ -2617,7 +2472,7 @@ admin_tenant_name=service # Verify HTTPS connections. (boolean value) #insecure=false -# Directory used to cache files related to PKI tokens (string +# Directory used to cache files related to PKI tokens. (string # value) #signing_dir=<None> @@ -2640,7 +2495,7 @@ admin_tenant_name=service # value) #revocation_cache_time=10 -# (optional) if defined, indicate whether token data should be +# (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable # values are MAC or ENCRYPT. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token @@ -2649,38 +2504,38 @@ admin_tenant_name=service # raise an exception on initialization. (string value) #memcache_security_strategy=<None> -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string +# (Optional, mandatory if memcache_security_strategy is +# defined) This string is used for key derivation. (string # value) #memcache_secret_key=<None> -# (optional) number of seconds memcached server is considered +# (Optional) Number of seconds memcached server is considered # dead before it is tried again. (integer value) #memcache_pool_dead_retry=300 -# (optional) max total number of open connections to every +# (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize=10 -# (optional) socket timeout in seconds for communicating with +# (Optional) Socket timeout in seconds for communicating with # a memcache server. (integer value) #memcache_pool_socket_timeout=3 -# (optional) number of seconds a connection to memcached is +# (Optional) Number of seconds a connection to memcached is # held unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout=60 -# (optional) number of seconds that an operation will wait to +# (Optional) Number of seconds that an operation will wait to # get a memcache client connection from the pool. (integer # value) #memcache_pool_conn_get_timeout=10 -# (optional) use the advanced (eventlet safe) memcache client +# (Optional) Use the advanced (eventlet safe) memcache client # pool. The advanced pool will only work under python 2.x. # (boolean value) #memcache_use_advanced_pool=false -# (optional) indicate whether to set the X-Service-Catalog +# (Optional) Indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) @@ -2699,7 +2554,7 @@ admin_tenant_name=service # If true, the revocation list will be checked for cached # tokens. This requires that PKI tokens are configured on the -# Keystone server. (boolean value) +# identity server. (boolean value) #check_revocations_for_cached=false # Hash algorithms to use for hashing PKI tokens. This may be a @@ -2747,7 +2602,6 @@ admin_tenant_name=service # # Options defined in oslo.messaging # -# NOTE: Options in this group are supported when using oslo.messaging >=1.5.0. # address prefix used when sending to a specific server # (string value) @@ -2791,6 +2645,157 @@ admin_tenant_name=service #allow_insecure_clients=false +[oslo_messaging_qpid] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The number of prefetched messages held by receiver. (integer +# value) +#qpid_receiver_capacity=1 + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + + +[oslo_messaging_rabbit] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# SSL version to use (valid only if SSL enabled). Valid values +# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may +# be available on some distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +#rabbit_host=localhost + +# The RabbitMQ broker port where a single node is used. +# (integer value) +#rabbit_port=5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +#rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +#rabbit_userid=guest + +# The RabbitMQ password. (string value) +#rabbit_password=guest + +# The RabbitMQ login method. (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# Number of seconds after which the Rabbit broker is +# considered down if heartbeat's keep-alive fails (0 disables +# the heartbeat, >0 enables it. Enabling heartbeats requires +# kombu>=3.0.7 and amqp>=1.4.0). EXPERIMENTAL (integer value) +#heartbeat_timeout_threshold=0 + +# How often times during the heartbeat_timeout_threshold we +# check the heartbeat. (integer value) +#heartbeat_rate=2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +#fake_rabbit=false + + [profiler] # @@ -2804,22 +2809,173 @@ admin_tenant_name=service #trace_sqlalchemy=false -[ssl] +[DEFAULT] + + +[keystone_authtoken] # -# Options defined in cinder.openstack.common.sslutils +# From keystonemiddleware.auth_token # -# CA certificate file to use to verify connecting clients -# (string value) -#ca_file=<None> +# Complete public Identity API endpoint. (string value) +#auth_uri = <None> -# Certificate file to use when starting the server securely -# (string value) -#cert_file=<None> +# API version of the admin Identity API endpoint. (string value) +#auth_version = <None> -# Private key file to use when starting the server securely -# (string value) -#key_file=<None> +# Do not handle authorization requests within the middleware, but +# delegate the authorization decision to downstream WSGI components. +# (boolean value) +#delay_auth_decision = false + +# Request timeout value for communicating with Identity API server. +# (integer value) +#http_connect_timeout = <None> + +# How many times are we trying to reconnect when communicating with +# Identity API Server. (integer value) +#http_request_max_retries = 3 + +# Env key for the swift cache. (string value) +#cache = <None> + +# Required if identity server requires client certificate (string +# value) +#certfile = <None> + +# Required if identity server requires client certificate (string +# value) +#keyfile = <None> + +# A PEM encoded Certificate Authority to use when verifying HTTPs +# connections. Defaults to system CAs. (string value) +#cafile = <None> + +# Verify HTTPS connections. (boolean value) +#insecure = false + +# Directory used to cache files related to PKI tokens. (string value) +#signing_dir = <None> + +# Optionally specify a list of memcached server(s) to use for caching. +# If left undefined, tokens will instead be cached in-process. (list +# value) +# Deprecated group/name - [DEFAULT]/memcache_servers +#memcached_servers = <None> + +# In order to prevent excessive effort spent validating tokens, the +# middleware caches previously-seen tokens for a configurable duration +# (in seconds). Set to -1 to disable caching completely. (integer +# value) +#token_cache_time = 300 + +# Determines the frequency at which the list of revoked tokens is +# retrieved from the Identity service (in seconds). A high number of +# revocation events combined with a low cache duration may +# significantly reduce performance. (integer value) +#revocation_cache_time = 10 + +# (Optional) If defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable values are +# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in +# the cache. If ENCRYPT, token data is encrypted and authenticated in +# the cache. If the value is not one of these options or empty, +# auth_token will raise an exception on initialization. (string value) +#memcache_security_strategy = <None> + +# (Optional, mandatory if memcache_security_strategy is defined) This +# string is used for key derivation. (string value) +#memcache_secret_key = <None> + +# (Optional) Number of seconds memcached server is considered dead +# before it is tried again. (integer value) +#memcache_pool_dead_retry = 300 + +# (Optional) Maximum total number of open connections to every +# memcached server. (integer value) +#memcache_pool_maxsize = 10 + +# (Optional) Socket timeout in seconds for communicating with a +# memcache server. (integer value) +#memcache_pool_socket_timeout = 3 + +# (Optional) Number of seconds a connection to memcached is held +# unused in the pool before it is closed. (integer value) +#memcache_pool_unused_timeout = 60 + +# (Optional) Number of seconds that an operation will wait to get a +# memcache client connection from the pool. (integer value) +#memcache_pool_conn_get_timeout = 10 + +# (Optional) Use the advanced (eventlet safe) memcache client pool. +# The advanced pool will only work under python 2.x. (boolean value) +#memcache_use_advanced_pool = false + +# (Optional) Indicate whether to set the X-Service-Catalog header. If +# False, middleware will not ask for service catalog on token +# validation and will not set the X-Service-Catalog header. (boolean +# value) +#include_service_catalog = true + +# Used to control the use and type of token binding. Can be set to: +# "disabled" to not check token binding. "permissive" (default) to +# validate binding information if the bind type is of a form known to +# the server and ignore it if not. "strict" like "permissive" but if +# the bind type is unknown the token will be rejected. "required" any +# form of token binding is needed to be allowed. Finally the name of a +# binding method that must be present in tokens. (string value) +#enforce_token_bind = permissive + +# If true, the revocation list will be checked for cached tokens. This +# requires that PKI tokens are configured on the identity server. +# (boolean value) +#check_revocations_for_cached = false + +# Hash algorithms to use for hashing PKI tokens. This may be a single +# algorithm or multiple. The algorithms are those supported by Python +# standard hashlib.new(). The hashes will be tried in the order given, +# so put the preferred one first for performance. The result of the +# first hash will be stored in the cache. This will typically be set +# to multiple values only while migrating from a less secure algorithm +# to a more secure one. Once all the old tokens are expired this +# option should be set to a single value for better performance. (list +# value) +#hash_algorithms = md5 + +# Prefix to prepend at the beginning of the path. Deprecated, use +# identity_uri. (string value) +#auth_admin_prefix = + +# Host providing the admin Identity API endpoint. Deprecated, use +# identity_uri. (string value) +#auth_host = 127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +#auth_port = 35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +#auth_protocol = https + +# Complete admin Identity API endpoint. This should specify the +# unversioned root endpoint e.g. https://localhost:35357/ (string +# value) +#identity_uri = <None> + +# This option is deprecated and may be removed in a future release. +# Single shared secret with the Keystone configuration used for +# bootstrapping a Keystone installation, or otherwise bypassing the +# normal authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token = <None> + +# Service username. (string value) +#admin_user = <None> +# Service user password. (string value) +#admin_password = <None> +# Service tenant name. (string value) +#admin_tenant_name = admin diff --git a/install-files/openstack/usr/share/openstack/cinder/policy.json b/install-files/openstack/usr/share/openstack/cinder/policy.json deleted file mode 100644 index 8f3a7b2f..00000000 --- a/install-files/openstack/usr/share/openstack/cinder/policy.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "context_is_admin": "role:admin", - "admin_or_owner": "is_admin:True or project_id:%(project_id)s", - "default": "rule:admin_or_owner", - - "admin_api": "is_admin:True", - - "volume:create": "", - "volume:get_all": "", - "volume:get_volume_metadata": "", - "volume:get_volume_admin_metadata": "rule:admin_api", - "volume:delete_volume_admin_metadata": "rule:admin_api", - "volume:update_volume_admin_metadata": "rule:admin_api", - "volume:get_snapshot": "", - "volume:get_all_snapshots": "", - "volume:extend": "", - "volume:update_readonly_flag": "", - "volume:retype": "", - - "volume_extension:types_manage": "rule:admin_api", - "volume_extension:types_extra_specs": "rule:admin_api", - "volume_extension:volume_type_encryption": "rule:admin_api", - "volume_extension:volume_encryption_metadata": "rule:admin_or_owner", - "volume_extension:extended_snapshot_attributes": "", - "volume_extension:volume_image_metadata": "", - - "volume_extension:quotas:show": "", - "volume_extension:quotas:update": "rule:admin_api", - "volume_extension:quota_classes": "", - - "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", - "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", - "volume_extension:backup_admin_actions:reset_status": "rule:admin_api", - "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", - "volume_extension:volume_admin_actions:force_detach": "rule:admin_api", - "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api", - "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api", - "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api", - - "volume_extension:volume_host_attribute": "rule:admin_api", - "volume_extension:volume_tenant_attribute": "rule:admin_or_owner", - "volume_extension:volume_mig_status_attribute": "rule:admin_api", - "volume_extension:hosts": "rule:admin_api", - "volume_extension:services": "rule:admin_api", - - "volume_extension:volume_manage": "rule:admin_api", - "volume_extension:volume_unmanage": "rule:admin_api", - - "volume:services": "rule:admin_api", - - "volume:create_transfer": "", - "volume:accept_transfer": "", - "volume:delete_transfer": "", - "volume:get_all_transfers": "", - - "volume_extension:replication:promote": "rule:admin_api", - "volume_extension:replication:reenable": "rule:admin_api", - - "backup:create" : "", - "backup:delete": "", - "backup:get": "", - "backup:get_all": "", - "backup:restore": "", - "backup:backup-import": "rule:admin_api", - "backup:backup-export": "rule:admin_api", - - "snapshot_extension:snapshot_actions:update_snapshot_status": "", - - "consistencygroup:create" : "group:nobody", - "consistencygroup:delete": "group:nobody", - "consistencygroup:get": "group:nobody", - "consistencygroup:get_all": "group:nobody", - - "consistencygroup:create_cgsnapshot" : "", - "consistencygroup:delete_cgsnapshot": "", - "consistencygroup:get_cgsnapshot": "", - "consistencygroup:get_all_cgsnapshots": "", - - "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api" -} diff --git a/install-files/openstack/usr/share/openstack/glance/glance-api-paste.ini b/install-files/openstack/usr/share/openstack/glance/glance-api-paste.ini deleted file mode 100644 index 86a4cdb1..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-api-paste.ini +++ /dev/null @@ -1,77 +0,0 @@ -# Use this pipeline for no auth or image caching - DEFAULT -[pipeline:glance-api] -pipeline = versionnegotiation osprofiler unauthenticated-context rootapp - -# Use this pipeline for image caching and no auth -[pipeline:glance-api-caching] -pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp - -# Use this pipeline for caching w/ management interface but no auth -[pipeline:glance-api-cachemanagement] -pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp - -# Use this pipeline for keystone auth -[pipeline:glance-api-keystone] -pipeline = versionnegotiation osprofiler authtoken context rootapp - -# Use this pipeline for keystone auth with image caching -[pipeline:glance-api-keystone+caching] -pipeline = versionnegotiation osprofiler authtoken context cache rootapp - -# Use this pipeline for keystone auth with caching and cache management -[pipeline:glance-api-keystone+cachemanagement] -pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user. -[pipeline:glance-api-trusted-auth] -pipeline = versionnegotiation osprofiler context rootapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user and uses cache management -[pipeline:glance-api-trusted-auth+cachemanagement] -pipeline = versionnegotiation osprofiler context cache cachemanage rootapp - -[composite:rootapp] -paste.composite_factory = glance.api:root_app_factory -/: apiversions -/v1: apiv1app -/v2: apiv2app - -[app:apiversions] -paste.app_factory = glance.api.versions:create_resource - -[app:apiv1app] -paste.app_factory = glance.api.v1.router:API.factory - -[app:apiv2app] -paste.app_factory = glance.api.v2.router:API.factory - -[filter:versionnegotiation] -paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory - -[filter:cache] -paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory - -[filter:cachemanage] -paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory - -[filter:context] -paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory - -[filter:unauthenticated-context] -paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory -delay_auth_decision = true - -[filter:gzip] -paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes diff --git a/install-files/openstack/usr/share/openstack/glance/glance-api.conf b/install-files/openstack/usr/share/openstack/glance/glance-api.conf index 39257a6d..6e85cbb5 100644 --- a/install-files/openstack/usr/share/openstack/glance/glance-api.conf +++ b/install-files/openstack/usr/share/openstack/glance/glance-api.conf @@ -5,12 +5,6 @@ # Show debugging output in logs (sets DEBUG log level output) #debug = False -# Which backend scheme should Glance use by default is not specified -# in a request to add a new image to Glance? Known schemes are determined -# by the known_stores option below. -# Default: 'file' -default_store = file - # Maximum image size (in bytes) that may be uploaded through the # Glance API server. Defaults to 1 TB. # WARNING: this value should only be increased after careful consideration @@ -18,7 +12,7 @@ default_store = file #image_size_cap = 1099511627776 # Address to bind the API server -bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +bind_host = 0.0.0.0 # Port the bind the API server to bind_port = 9292 @@ -28,7 +22,7 @@ bind_port = 9292 # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. -# log_file = /var/log/glance/api.log +log_file = /var/log/glance/api.log # Backlog requests when creating socket backlog = 4096 @@ -85,11 +79,6 @@ backlog = 4096 # Supported values for the 'disk_format' image attribute #disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso -# Directory to use for lock files. Default to a temp directory -# (string value). This setting needs to be the same for both -# glance-scrubber and glance-api. -#lock_path=<None> - # Property Protections config file # This file contains the rules for property protections and the roles/policies # associated with it. @@ -109,11 +98,25 @@ backlog = 4096 # and 'store_type'. #location_strategy = location_order + +# Public url to use for versions endpoint. The default is None, +# which will use the request's host_url attribute to populate the URL base. +# If Glance is operating behind a proxy, you will want to change this to +# represent the proxy's URL. +#public_endpoint=<None> + +# http_keepalive option. If False, server will return the header +# "Connection: close", If True, server will return "Connection: Keep-Alive" +# in its responses. In order to close the client socket connection +# explicitly after the response is sent and read successfully by the client, +# you simply have to set this option to False when you create a wsgi server. +#http_keepalive = True + # ================= Syslog Options ============================ # Send logs to syslog (/dev/log) instead of to file specified # by `log_file` -use_syslog = True +#use_syslog = False # Facility to use. If unset defaults to LOG_USER. #syslog_log_facility = LOG_LOCAL0 @@ -136,10 +139,19 @@ use_syslog = True # Should be set to a random string of length 16, 24 or 32 bytes #metadata_encryption_key = <16, 24 or 32 char registry metadata key> + +# Digest algorithm which will be used for digital signature, the default is +# sha1 in Kilo for a smooth upgrade process, and it will be updated with +# sha256 in next release(L). Use command +# "openssl list-message-digest-algorithms" to get the available algorithms +# supported by the version of OpenSSL on the platform. Examples are 'sha1', +# 'sha256', 'sha512', etc. +#digest_algorithm = sha1 + # ============ Registry Options =============================== # Address to find the registry server -registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +registry_host = 0.0.0.0 # Port the registry server is listening on registry_port = 9191 @@ -174,10 +186,6 @@ registry_client_protocol = http # Default: 600 #registry_client_timeout = 600 -# Whether to automatically create the database tables. -# Default: False -#db_auto_create = False - # Enable DEBUG log messages from sqlalchemy which prints every database # query and response. # Default: False @@ -207,20 +215,30 @@ registry_client_protocol = http # Driver or drivers to handle sending notifications. Set to # 'messaging' to send notifications to a message queue. -notification_driver = messagingv2 +# notification_driver = noop # Default publisher_id for outgoing notifications. # default_publisher_id = image.localhost +# List of disabled notifications. A notification can be given either as a +# notification type to disable a single event, or as a notification group +# prefix to disable all events within a group. +# Example: if this config option is set to +# ["image.create", "metadef_namespace"], then "image.create" notification will +# not be sent after image is created and none of the notifications for +# metadefinition namespaces will be sent. +# disabled_notifications = [] + # Messaging driver used for 'messaging' notifications driver -rpc_backend=rabbit +# rpc_backend = 'rabbit' -# Configuration options if sending notifications via rabbitmq -rabbit_host = {{ RABBITMQ_HOST }} -rabbit_port = {{ RABBITMQ_PORT }} +# Configuration options if sending notifications via rabbitmq (these are +# the defaults) +rabbit_host = localhost +rabbit_port = 5672 rabbit_use_ssl = false -rabbit_userid = {{ RABBITMQ_USER }} -rabbit_password = {{ RABBITMQ_PASSWORD }} +rabbit_userid = guest +rabbit_password = guest rabbit_virtual_host = / rabbit_notification_exchange = glance rabbit_notification_topic = notifications @@ -228,22 +246,22 @@ rabbit_durable_queues = False # Configuration options if sending notifications via Qpid (these are # the defaults) -#qpid_notification_exchange = glance -#qpid_notification_topic = notifications -#qpid_hostname = localhost -#qpid_port = 5672 -#qpid_username = -#qpid_password = -#qpid_sasl_mechanisms = -#qpid_reconnect_timeout = 0 -#qpid_reconnect_limit = 0 -#qpid_reconnect_interval_min = 0 -#qpid_reconnect_interval_max = 0 -#qpid_reconnect_interval = 0 -#qpid_heartbeat = 5 +qpid_notification_exchange = glance +qpid_notification_topic = notifications +qpid_hostname = localhost +qpid_port = 5672 +qpid_username = +qpid_password = +qpid_sasl_mechanisms = +qpid_reconnect_timeout = 0 +qpid_reconnect_limit = 0 +qpid_reconnect_interval_min = 0 +qpid_reconnect_interval_max = 0 +qpid_reconnect_interval = 0 +qpid_heartbeat = 5 # Set to 'ssl' to enable SSL -#qpid_protocol = tcp -#qpid_tcp_nodelay = True +qpid_protocol = tcp +qpid_tcp_nodelay = True # ============ Delayed Delete Options ============================= @@ -281,6 +299,25 @@ scrubber_datadir = /var/lib/glance/scrubber # Base directory that the Image Cache uses image_cache_dir = /var/lib/glance/image-cache/ +# =============== Policy Options ================================== + +[oslo_policy] +# The JSON file that defines policies. +# Deprecated group/name - [DEFAULT]/policy_file +#policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. +# Deprecated group/name - [DEFAULT]/policy_default_rule +#policy_default_rule = default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. +# The file defined by policy_file must exist for these +# directories to be searched. +# Deprecated group/name - [DEFAULT]/policy_dirs +#policy_dirs = policy.d + # =============== Database Options ================================= [database] @@ -300,8 +337,6 @@ image_cache_dir = /var/lib/glance/image-cache/ # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = <None> -connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance - # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To @@ -381,12 +416,25 @@ connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROL # (setting -1 implies an infinite retry count) (integer value) #db_max_retries = 20 +[oslo_concurrency] + +# Enables or disables inter-process locks. (boolean value) +# Deprecated group/name - [DEFAULT]/disable_process_locking +#disable_process_locking = false + +# Directory to use for lock files. For security, the specified +# directory should only be writable by the user running the processes +# that need locking. It could be read from environment variable +# OSLO_LOCK_PATH. This setting needs to be the same for both +# glance-scrubber and glance-api service. Default to a temp directory. +# Deprecated group/name - [DEFAULT]/lock_path (string value) +#lock_path = /tmp + [keystone_authtoken] -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 -admin_tenant_name = service -admin_user = {{ GLANCE_SERVICE_USER }} -admin_password = {{ GLANCE_SERVICE_PASSWORD }} +identity_uri = http://127.0.0.1:35357 +admin_tenant_name = %SERVICE_TENANT_NAME% +admin_user = %SERVICE_USER% +admin_password = %SERVICE_PASSWORD% revocation_cache_time = 10 [paste_deploy] @@ -397,11 +445,11 @@ revocation_cache_time = 10 # service name removed. For example, if your paste section name is # [pipeline:glance-api-keystone], you would configure the flavor below # as 'keystone'. -flavor=keystone +#flavor= [store_type_location_strategy] # The scheme list to use to get store preference order. The scheme must be -# registered by one of the stores defined by the 'known_stores' config option. +# registered by one of the stores defined by the 'stores' config option. # This option will be applied when you using 'store_type' option as image # location strategy defined by the 'location_strategy' config option. #store_type_preference = @@ -422,16 +470,44 @@ flavor=keystone # task_time_to_live = 48 # Specifies which task executor to be used to run the task scripts. -# The default value for task_executor is eventlet. -# task_executor = eventlet +# The default value for task_executor is taskflow. +# task_executor = taskflow + +# Work dir for asynchronous task operations. The directory set here +# will be used to operate over images - normally before they are +# imported in the destination store. When providing work dir, make sure +# enough space is provided for concurrent tasks to run efficiently +# without running out of space. A rough estimation can be done by +# multiplying the number of `max_workers` - or the N of workers running +# - by an average image size (e.g 500MB). The image size estimation +# should be done based on the average size in your deployment. Note that +# depending on the tasks running you may need to multiply this number by +# some factor depending on what the task does. For example, you may want +# to double the available size if image conversion is enabled. All this +# being said, remember these are just estimations and you should do them +# based on the worst case scenario and be prepared to act in case they +# were wrong. +# work_dir=None # Specifies the maximum number of eventlet threads which can be spun up by # the eventlet based task executor to perform execution of Glance tasks. +# DEPRECATED: Use [taskflow_executor]/max_workers instead. # eventlet_executor_pool_size = 1000 +[taskflow_executor] +# The mode in which the engine will run. Can be 'default', 'serial', +# 'parallel' or 'worker-based' +#engine_mode = serial + +# The number of parallel activities executed at the same time by +# the engine. The value can be greater than one when the engine mode is +# 'parallel' or 'worker-based', otherwise this value will be ignored. +#max_workers = 10 + [glance_store] # List of which store classes and store class locations are # currently known to glance at startup. +# Deprecated group/name - [DEFAULT]/known_stores # Existing but disabled stores: # glance.store.rbd.Store, # glance.store.s3.Store, @@ -443,6 +519,13 @@ flavor=keystone #stores = glance.store.filesystem.Store, # glance.store.http.Store +# Which backend scheme should Glance use by default is not specified +# in a request to add a new image to Glance? Known schemes are determined +# by the stores option. +# Deprecated group/name - [DEFAULT]/default_store +# Default: 'file' +default_store = file + # ============ Filesystem Store Options ======================== # Directory that the Filesystem backend store @@ -518,18 +601,27 @@ swift_store_large_object_size = 5120 # the image file, and the default is 200MB swift_store_large_object_chunk_size = 200 -# Whether to use ServiceNET to communicate with the Swift storage servers. -# (If you aren't RACKSPACE, leave this False!) +# If set, the configured endpoint will be used. If None, the storage URL +# from the auth response will be used. The location of an object is +# obtained by appending the container and object to the configured URL. # -# To use ServiceNET for authentication, prefix hostname of -# `swift_store_auth_address` with 'snet-'. -# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ -swift_enable_snet = False +# swift_store_endpoint = https://www.example.com/v1/not_a_container +#swift_store_endpoint = # If set to True enables multi-tenant storage mode which causes Glance images # to be stored in tenant specific Swift accounts. #swift_store_multi_tenant = False +# If set to an integer value between 1 and 32, a single-tenant store will +# use multiple containers to store images. If set to the default value of 0, +# only a single container will be used. Multi-tenant stores are not affected +# by this option. The max number of containers that will be used to store +# images is approximately 16^N where N is the value of this option. Discuss +# the impact of this with your swift deployment team, as this option is only +# beneficial in the largest of deployments where swift rate limiting can lead +# to unwanted throttling on a single container. +#swift_store_multiple_containers_seed = 0 + # A list of swift ACL strings that will be applied as both read and # write ACLs to the containers created by Glance in multi-tenant # mode. This grants the specified tenants/users read and write access @@ -559,12 +651,16 @@ swift_enable_snet = False # Bypass SSL verification for Swift #swift_store_auth_insecure = False +# The path to a CA certificate bundle file to use for SSL verification when +# communicating with Swift. +#swift_store_cacert = + # ============ S3 Store Options ============================= # Address where the S3 authentication service lives # Valid schemes are 'http://' and 'https://' # If no scheme specified, default to 'http://' -s3_store_host = 127.0.0.1:8080/v1.0/ +s3_store_host = s3.amazonaws.com # User to authenticate against the S3 authentication service s3_store_access_key = <20-char AWS access key> @@ -678,11 +774,27 @@ sheepdog_store_chunk_size = 64 # Inventory path to a datacenter (string value) # Value optional when vmware_server_ip is an ESX/ESXi host: if specified # should be `ha-datacenter`. +# Deprecated in favor of vmware_datastores. #vmware_datacenter_path = <None> # Datastore associated with the datacenter (string value) +# Deprecated in favor of vmware_datastores. #vmware_datastore_name = <None> +# A list of datastores where the image can be stored. +# This option may be specified multiple times for specifying multiple +# datastores. Either one of vmware_datastore_name or vmware_datastores is +# required. The datastore name should be specified after its datacenter +# path, separated by ":". An optional weight may be given after the datastore +# name, separated again by ":". Thus, the required format becomes +# <datacenter_path>:<datastore_name>:<optional_weight>. +# When adding an image, the datastore with highest weight will be selected, +# unless there is not enough free space available in cases where the image size +# is already known. If no weight is given, it is assumed to be zero and the +# directory will be considered for selection last. If multiple datastores have +# the same weight, then the one with the most free space available is selected. +#vmware_datastores = <None> + # The number of times we retry on failures # e.g., socket error, etc (integer value) #vmware_api_retry_count = 10 diff --git a/install-files/openstack/usr/share/openstack/glance/glance-cache.conf b/install-files/openstack/usr/share/openstack/glance/glance-cache.conf deleted file mode 100644 index 3f2d4603..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-cache.conf +++ /dev/null @@ -1,200 +0,0 @@ -[DEFAULT] -# Show more verbose log output (sets INFO log level output) -#verbose = False - -# Show debugging output in logs (sets DEBUG log level output) -#debug = False - -# Log to this file. Make sure you do not set the same log file for both the API -# and registry servers! -# -# If `log_file` is omitted and `use_syslog` is false, then log messages are -# sent to stdout as a fallback. -# log_file = /var/log/glance/image-cache.log - -# Send logs to syslog (/dev/log) instead of to file specified by `log_file` -use_syslog = True - -# Directory that the Image Cache writes data to -image_cache_dir = /var/lib/glance/image-cache/ - -# Number of seconds after which we should consider an incomplete image to be -# stalled and eligible for reaping -image_cache_stall_time = 86400 - -# Max cache size in bytes -image_cache_max_size = 10737418240 - -# Address to find the registry server -registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Port the registry server is listening on -registry_port = 9191 - -# Auth settings if using Keystone -# auth_url = http://127.0.0.1:5000/v2.0/ -# admin_tenant_name = %SERVICE_TENANT_NAME% -# admin_user = %SERVICE_USER% -# admin_password = %SERVICE_PASSWORD% - -# List of which store classes and store class locations are -# currently known to glance at startup. -# known_stores = glance.store.filesystem.Store, -# glance.store.http.Store, -# glance.store.rbd.Store, -# glance.store.s3.Store, -# glance.store.swift.Store, -# glance.store.sheepdog.Store, -# glance.store.cinder.Store, -# glance.store.vmware_datastore.Store, - -# ============ Filesystem Store Options ======================== - -# Directory that the Filesystem backend store -# writes image data to -filesystem_store_datadir = /var/lib/glance/images/ - -# ============ Swift Store Options ============================= - -# Version of the authentication service to use -# Valid versions are '2' for keystone and '1' for swauth and rackspace -swift_store_auth_version = 2 - -# Address where the Swift authentication service lives -# Valid schemes are 'http://' and 'https://' -# If no scheme specified, default to 'https://' -# For swauth, use something like '127.0.0.1:8080/v1.0/' -swift_store_auth_address = 127.0.0.1:5000/v2.0/ - -# User to authenticate against the Swift authentication service -# If you use Swift authentication service, set it to 'account':'user' -# where 'account' is a Swift storage account and 'user' -# is a user in that account -swift_store_user = jdoe:jdoe - -# Auth key for the user authenticating against the -# Swift authentication service -swift_store_key = a86850deb2742ec3cb41518e26aa2d89 - -# Container within the account that the account should use -# for storing images in Swift -swift_store_container = glance - -# Do we create the container if it does not exist? -swift_store_create_container_on_put = False - -# What size, in MB, should Glance start chunking image files -# and do a large object manifest in Swift? By default, this is -# the maximum object size in Swift, which is 5GB -swift_store_large_object_size = 5120 - -# When doing a large object manifest, what size, in MB, should -# Glance write chunks to Swift? This amount of data is written -# to a temporary disk buffer during the process of chunking -# the image file, and the default is 200MB -swift_store_large_object_chunk_size = 200 - -# Whether to use ServiceNET to communicate with the Swift storage servers. -# (If you aren't RACKSPACE, leave this False!) -# -# To use ServiceNET for authentication, prefix hostname of -# `swift_store_auth_address` with 'snet-'. -# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ -swift_enable_snet = False - -# ============ S3 Store Options ============================= - -# Address where the S3 authentication service lives -# Valid schemes are 'http://' and 'https://' -# If no scheme specified, default to 'http://' -s3_store_host = 127.0.0.1:8080/v1.0/ - -# User to authenticate against the S3 authentication service -s3_store_access_key = <20-char AWS access key> - -# Auth key for the user authenticating against the -# S3 authentication service -s3_store_secret_key = <40-char AWS secret key> - -# Container within the account that the account should use -# for storing images in S3. Note that S3 has a flat namespace, -# so you need a unique bucket name for your glance images. An -# easy way to do this is append your AWS access key to "glance". -# S3 buckets in AWS *must* be lowercased, so remember to lowercase -# your AWS access key if you use it in your bucket name below! -s3_store_bucket = <lowercased 20-char aws access key>glance - -# Do we create the bucket if it does not exist? -s3_store_create_bucket_on_put = False - -# When sending images to S3, the data will first be written to a -# temporary buffer on disk. By default the platform's temporary directory -# will be used. If required, an alternative directory can be specified here. -# s3_store_object_buffer_dir = /path/to/dir - -# ============ Cinder Store Options =========================== - -# Info to match when looking for cinder in the service catalog -# Format is : separated values of the form: -# <service_type>:<service_name>:<endpoint_type> (string value) -#cinder_catalog_info = volume:cinder:publicURL - -# Override service catalog lookup with template for cinder endpoint -# e.g. http://localhost:8776/v1/%(project_id)s (string value) -#cinder_endpoint_template = <None> - -# Region name of this node (string value) -#os_region_name = <None> - -# Location of ca certicates file to use for cinder client requests -# (string value) -#cinder_ca_certificates_file = <None> - -# Number of cinderclient retries on failed http calls (integer value) -#cinder_http_retries = 3 - -# Allow to perform insecure SSL requests to cinder (boolean value) -#cinder_api_insecure = False - -# ============ VMware Datastore Store Options ===================== - -# ESX/ESXi or vCenter Server target system. -# The server value can be an IP address or a DNS name -# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com -#vmware_server_host = <None> - -# Server username (string value) -#vmware_server_username = <None> - -# Server password (string value) -#vmware_server_password = <None> - -# Inventory path to a datacenter (string value) -# Value optional when vmware_server_ip is an ESX/ESXi host: if specified -# should be `ha-datacenter`. -#vmware_datacenter_path = <None> - -# Datastore associated with the datacenter (string value) -#vmware_datastore_name = <None> - -# The number of times we retry on failures -# e.g., socket error, etc (integer value) -#vmware_api_retry_count = 10 - -# The interval used for polling remote tasks -# invoked on VMware ESX/VC server in seconds (integer value) -#vmware_task_poll_interval = 5 - -# Absolute path of the folder containing the images in the datastore -# (string value) -#vmware_store_image_dir = /openstack_glance - -# Allow to perform insecure SSL requests to the target system (boolean value) -#vmware_api_insecure = False - -# ================= Security Options ========================== - -# AES key for encrypting store 'location' metadata, including -# -- if used -- Swift or S3 credentials -# Should be set to a random string of length 16, 24 or 32 bytes -# metadata_encryption_key = <16, 24 or 32 char registry metadata key> diff --git a/install-files/openstack/usr/share/openstack/glance/glance-registry-paste.ini b/install-files/openstack/usr/share/openstack/glance/glance-registry-paste.ini deleted file mode 100644 index df403f6e..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-registry-paste.ini +++ /dev/null @@ -1,30 +0,0 @@ -# Use this pipeline for no auth - DEFAULT -[pipeline:glance-registry] -pipeline = osprofiler unauthenticated-context registryapp - -# Use this pipeline for keystone auth -[pipeline:glance-registry-keystone] -pipeline = osprofiler authtoken context registryapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user. -[pipeline:glance-registry-trusted-auth] -pipeline = osprofiler context registryapp - -[app:registryapp] -paste.app_factory = glance.registry.api:API.factory - -[filter:context] -paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory - -[filter:unauthenticated-context] -paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes diff --git a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf index 302f4138..f7ce7956 100644 --- a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf +++ b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf @@ -6,7 +6,7 @@ #debug = False # Address to bind the registry server -bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +bind_host = 0.0.0.0 # Port the bind the registry server to bind_port = 9191 @@ -16,7 +16,7 @@ bind_port = 9191 # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. -# log_file = /var/log/glance/registry.log +log_file = /var/log/glance/registry.log # Backlog requests when creating socket backlog = 4096 @@ -49,20 +49,23 @@ limit_param_default = 25 # Role used to identify an authenticated user as administrator #admin_role = admin -# Whether to automatically create the database tables. -# Default: False -#db_auto_create = False - # Enable DEBUG log messages from sqlalchemy which prints every database # query and response. # Default: False #sqlalchemy_debug = True +# http_keepalive option. If False, server will return the header +# "Connection: close", If True, server will return "Connection: Keep-Alive" +# in its responses. In order to close the client socket connection +# explicitly after the response is sent and read successfully by the client, +# you simply have to set this option to False when you create a wsgi server. +#http_keepalive = True + # ================= Syslog Options ============================ # Send logs to syslog (/dev/log) instead of to file specified # by `log_file` -use_syslog = True +#use_syslog = False # Facility to use. If unset defaults to LOG_USER. #syslog_log_facility = LOG_LOCAL1 @@ -82,20 +85,21 @@ use_syslog = True # Driver or drivers to handle sending notifications. Set to # 'messaging' to send notifications to a message queue. -notification_driver = messagingv2 +# notification_driver = noop # Default publisher_id for outgoing notifications. # default_publisher_id = image.localhost # Messaging driver used for 'messaging' notifications driver -rpc_backend=rabbit +# rpc_backend = 'rabbit' -# Configuration options if sending notifications via rabbitmq -rabbit_host = {{ RABBITMQ_HOST }} -rabbit_port = {{ RABBITMQ_PORT }} +# Configuration options if sending notifications via rabbitmq (these are +# the defaults) +rabbit_host = localhost +rabbit_port = 5672 rabbit_use_ssl = false -rabbit_userid = {{ RABBITMQ_USER }} -rabbit_password = {{ RABBITMQ_PASSWORD }} +rabbit_userid = guest +rabbit_password = guest rabbit_virtual_host = / rabbit_notification_exchange = glance rabbit_notification_topic = notifications @@ -121,6 +125,25 @@ qpid_protocol = tcp qpid_tcp_nodelay = True +# =============== Policy Options ============================== + +[oslo_policy] +# The JSON file that defines policies. +# Deprecated group/name - [DEFAULT]/policy_file +#policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. +# Deprecated group/name - [DEFAULT]/policy_default_rule +#policy_default_rule = default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. +# The file defined by policy_file must exist for these +# directories to be searched. +# Deprecated group/name - [DEFAULT]/policy_dirs +#policy_dirs = policy.d + # ================= Database Options ========================== [database] @@ -140,7 +163,6 @@ qpid_tcp_nodelay = True # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = <None> -connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To @@ -221,11 +243,10 @@ connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROL #db_max_retries = 20 [keystone_authtoken] -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 -admin_tenant_name = service -admin_user = {{ GLANCE_SERVICE_USER }} -admin_password = {{ GLANCE_SERVICE_PASSWORD }} +identity_uri = http://127.0.0.1:35357 +admin_tenant_name = %SERVICE_TENANT_NAME% +admin_user = %SERVICE_USER% +admin_password = %SERVICE_PASSWORD% [paste_deploy] # Name of the paste configuration file that defines the available pipelines @@ -235,7 +256,7 @@ admin_password = {{ GLANCE_SERVICE_PASSWORD }} # service name removed. For example, if your paste section name is # [pipeline:glance-registry-keystone], you would configure the flavor below # as 'keystone'. -flavor=keystone +#flavor= [profiler] # If False fully disable profiling feature. diff --git a/install-files/openstack/usr/share/openstack/glance/glance-scrubber.conf b/install-files/openstack/usr/share/openstack/glance/glance-scrubber.conf deleted file mode 100644 index cdbfda71..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-scrubber.conf +++ /dev/null @@ -1,108 +0,0 @@ -[DEFAULT] -# Show more verbose log output (sets INFO log level output) -#verbose = False - -# Show debugging output in logs (sets DEBUG log level output) -#debug = False - -# Log to this file. Make sure you do not set the same log file for both the API -# and registry servers! -# -# If `log_file` is omitted and `use_syslog` is false, then log messages are -# sent to stdout as a fallback. -# log_file = /var/log/glance/scrubber.log - -# Send logs to syslog (/dev/log) instead of to file specified by `log_file` -use_syslog = True - -# Should we run our own loop or rely on cron/scheduler to run us -daemon = False - -# Loop time between checking for new items to schedule for delete -wakeup_time = 300 - -# Directory that the scrubber will use to remind itself of what to delete -# Make sure this is also set in glance-api.conf -scrubber_datadir = /var/lib/glance/scrubber - -# Only one server in your deployment should be designated the cleanup host -cleanup_scrubber = False - -# pending_delete items older than this time are candidates for cleanup -cleanup_scrubber_time = 86400 - -# Address to find the registry server for cleanups -registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Port the registry server is listening on -registry_port = 9191 - -# Auth settings if using Keystone -# auth_url = http://127.0.0.1:5000/v2.0/ -# admin_tenant_name = %SERVICE_TENANT_NAME% -# admin_user = %SERVICE_USER% -# admin_password = %SERVICE_PASSWORD% - -# Directory to use for lock files. Default to a temp directory -# (string value). This setting needs to be the same for both -# glance-scrubber and glance-api. -#lock_path=<None> - -# API to use for accessing data. Default value points to sqlalchemy -# package, it is also possible to use: glance.db.registry.api -#data_api = glance.db.sqlalchemy.api - -# ================= Security Options ========================== - -# AES key for encrypting store 'location' metadata, including -# -- if used -- Swift or S3 credentials -# Should be set to a random string of length 16, 24 or 32 bytes -#metadata_encryption_key = <16, 24 or 32 char registry metadata key> - -# ================= Database Options ===============+========== - -[database] - -# The SQLAlchemy connection string used to connect to the -# database (string value) -#connection=sqlite:////glance/openstack/common/db/$sqlite_db - -# The SQLAlchemy connection string used to connect to the -# slave database (string value) -#slave_connection= - -# timeout before idle sql connections are reaped (integer -# value) -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool -# (integer value) -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool -# (integer value) -#max_pool_size=<None> - -# maximum db connection retries during startup. (setting -1 -# implies an infinite retry count) (integer value) -#max_retries=10 - -# interval between retries of opening a sql connection -# (integer value) -#retry_interval=10 - -# If set, use this value for max_overflow with sqlalchemy -# (integer value) -#max_overflow=<None> - -# Verbosity of SQL debugging information. 0=None, -# 100=Everything (integer value) -#connection_debug=0 - -# Add python stack traces to SQL as comment strings (boolean -# value) -#connection_trace=false - -# If set, use this value for pool_timeout with sqlalchemy -# (integer value) -#pool_timeout=<None> diff --git a/install-files/openstack/usr/share/openstack/glance/logging.conf b/install-files/openstack/usr/share/openstack/glance/logging.conf deleted file mode 100644 index 7e7f31f0..00000000 --- a/install-files/openstack/usr/share/openstack/glance/logging.conf +++ /dev/null @@ -1,54 +0,0 @@ -[loggers] -keys=root,api,registry,combined - -[formatters] -keys=normal,normal_with_name,debug - -[handlers] -keys=production,file,devel - -[logger_root] -level=NOTSET -handlers=devel - -[logger_api] -level=DEBUG -handlers=devel -qualname=glance-api - -[logger_registry] -level=DEBUG -handlers=devel -qualname=glance-registry - -[logger_combined] -level=DEBUG -handlers=devel -qualname=glance-combined - -[handler_production] -class=handlers.SysLogHandler -level=ERROR -formatter=normal_with_name -args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) - -[handler_file] -class=FileHandler -level=DEBUG -formatter=normal_with_name -args=('glance.log', 'w') - -[handler_devel] -class=StreamHandler -level=NOTSET -formatter=debug -args=(sys.stdout,) - -[formatter_normal] -format=%(asctime)s %(levelname)s %(message)s - -[formatter_normal_with_name] -format=(%(name)s): %(asctime)s %(levelname)s %(message)s - -[formatter_debug] -format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s diff --git a/install-files/openstack/usr/share/openstack/glance/policy.json b/install-files/openstack/usr/share/openstack/glance/policy.json deleted file mode 100644 index 325f00b2..00000000 --- a/install-files/openstack/usr/share/openstack/glance/policy.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "context_is_admin": "role:admin", - "default": "", - - "add_image": "", - "delete_image": "", - "get_image": "", - "get_images": "", - "modify_image": "", - "publicize_image": "role:admin", - "copy_from": "", - - "download_image": "", - "upload_image": "", - - "delete_image_location": "", - "get_image_location": "", - "set_image_location": "", - - "add_member": "", - "delete_member": "", - "get_member": "", - "get_members": "", - "modify_member": "", - - "manage_image_cache": "role:admin", - - "get_task": "", - "get_tasks": "", - "add_task": "", - "modify_task": "", - - "get_metadef_namespace": "", - "get_metadef_namespaces":"", - "modify_metadef_namespace":"", - "add_metadef_namespace":"", - - "get_metadef_object":"", - "get_metadef_objects":"", - "modify_metadef_object":"", - "add_metadef_object":"", - - "list_metadef_resource_types":"", - "get_metadef_resource_type":"", - "add_metadef_resource_type_association":"", - - "get_metadef_property":"", - "get_metadef_properties":"", - "modify_metadef_property":"", - "add_metadef_property":"" - -} diff --git a/install-files/openstack/usr/share/openstack/glance/schema-image.json b/install-files/openstack/usr/share/openstack/glance/schema-image.json deleted file mode 100644 index 5aafd6b3..00000000 --- a/install-files/openstack/usr/share/openstack/glance/schema-image.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "kernel_id": { - "type": "string", - "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", - "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image." - }, - "ramdisk_id": { - "type": "string", - "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", - "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image." - }, - "instance_uuid": { - "type": "string", - "description": "ID of instance used to create this image." - }, - "architecture": { - "description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", - "type": "string" - }, - "os_distro": { - "description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", - "type": "string" - }, - "os_version": { - "description": "Operating system version as specified by the distributor", - "type": "string" - } -} diff --git a/install-files/openstack/usr/share/openstack/ironic/ironic.conf b/install-files/openstack/usr/share/openstack/ironic/ironic.conf index 75c62b8e..ccf368f0 100644 --- a/install-files/openstack/usr/share/openstack/ironic/ironic.conf +++ b/install-files/openstack/usr/share/openstack/ironic/ironic.conf @@ -4,129 +4,13 @@ # Options defined in oslo.messaging # -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some -# distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} - -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - -# If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false - # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) #rpc_zmq_bind_address=* # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker=oslo_messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) #rpc_zmq_port=9501 @@ -156,7 +40,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }} # Heartbeat time-to-live. (integer value) #matchmaker_heartbeat_ttl=600 -# Size of RPC greenthread pool. (integer value) +# Size of RPC thread pool. (integer value) #rpc_thread_pool_size=64 # Driver or drivers to handle sending notifications. (multi @@ -190,10 +74,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }} # # IP address of this host. (string value) -my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Use IPv6. (boolean value) -#use_ipv6=false +#my_ip=10.0.0.1 # @@ -204,6 +85,10 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # (string value) #auth_strategy=keystone +# Enable pecan debug mode. WARNING: this is insecure and +# should not be used in production. (boolean value) +#pecan_debug=false + # # Options defined in ironic.common.driver_factory @@ -217,7 +102,7 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # present on your system may be found by enumerating the # "ironic.drivers" entrypoint. An example may be found in the # developer documentation online. (list value) -enabled_drivers=pxe_ipmitool,pxe_ssh +#enabled_drivers=pxe_ipmitool # @@ -268,6 +153,9 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # value) #isolinux_config_template=$pybasedir/common/isolinux_config.template +# Template file for grub configuration file. (string value) +#grub_config_template=$pybasedir/common/grub_conf.template + # # Options defined in ironic.common.paths @@ -287,18 +175,6 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # -# Options defined in ironic.common.policy -# - -# JSON file representing policy. (string value) -#policy_file=policy.json - -# Rule checked when requested rule is not found. (string -# value) -#policy_default_rule=default - - -# # Options defined in ironic.common.service # @@ -351,17 +227,6 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # -# Options defined in ironic.openstack.common.lockutils -# - -# Enables or disables inter-process locks. (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. (string value) -#lock_path=<None> - - -# # Options defined in ironic.openstack.common.log # @@ -393,7 +258,7 @@ enabled_drivers=pxe_ipmitool,pxe_ssh #logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s # List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN +#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN # Enables or disables publication of error events. (boolean # value) @@ -442,7 +307,7 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # Use syslog for logging. Existing syslog format is DEPRECATED # during I, and will change in J to honor RFC5424. (boolean # value) -use_syslog=True +#use_syslog=false # (Optional) Enables or disables syslog rfc5424 format for # logging. If enabled, prefixes the MSG part of the syslog @@ -464,6 +329,15 @@ use_syslog=True #run_external_periodic_tasks=true +# +# Options defined in ironic.openstack.common.versionutils +# + +# Enables or disables fatal status of deprecations. (boolean +# value) +#fatal_deprecations=false + + [agent] # @@ -480,6 +354,22 @@ use_syslog=True # Neutron bootfile DHCP parameter. (string value) #agent_pxe_bootfile_name=pxelinux.0 +# Priority to run in-band erase devices via the Ironic Python +# Agent ramdisk. If unset, will use the priority set in the +# ramdisk (defaults to 10 for the GenericHardwareManager). If +# set to 0, will not run during cleaning. (integer value) +#agent_erase_devices_priority=<None> + +# Whether Ironic will manage TFTP files for the deploy +# ramdisks. If set to False, you will need to configure your +# own TFTP server that allows booting the deploy ramdisks. +# (boolean value) +#manage_tftp=true + +# +# Options defined in ironic.drivers.modules.agent_base_vendor +# + # Maximum interval (in seconds) for agent heartbeats. (integer # value) #heartbeat_timeout=300 @@ -494,6 +384,30 @@ use_syslog=True #agent_api_version=v1 +[amt] + +# +# Options defined in ironic.drivers.modules.amt.common +# + +# Protocol used for AMT endpoint, support http/https (string +# value) +#protocol=http + + +# +# Options defined in ironic.drivers.modules.amt.power +# + +# Maximum number of times to attempt an AMT operation, before +# failing (integer value) +#max_attempts=3 + +# Amount of time (in seconds) to wait, before retrying an AMT +# operation (integer value) +#action_wait=10 + + [api] # @@ -520,7 +434,7 @@ use_syslog=True # URL of Ironic API service. If not set ironic can get the # current value from the keystone service catalog. (string # value) -api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 +#api_url=<None> # Seconds between conductor heart beats. (integer value) #heartbeat_interval=10 @@ -587,6 +501,31 @@ api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 # the check entirely. (integer value) #sync_local_state_interval=180 +# Whether to upload the config drive to Swift. (boolean value) +#configdrive_use_swift=false + +# Name of the Swift container to store config drive data. Used +# when configdrive_use_swift is True. (string value) +#configdrive_swift_container=ironic_configdrive_container + +# Timeout (seconds) for waiting for node inspection. 0 - +# unlimited. (integer value) +#inspect_timeout=1800 + +# Cleaning is a configurable set of steps, such as erasing +# disk drives, that are performed on the node to ensure it is +# in a baseline state and ready to be deployed to. This is +# done after instance deletion, and during the transition from +# a "managed" to "available" state. When enabled, the +# particular steps performed to clean a node depend on which +# driver that node is managed by; see the individual driver's +# documentation for details. NOTE: The introduction of the +# cleaning operation causes instance deletion to take +# significantly longer. In an environment where all tenants +# are trusted (eg, because there is only one tenant), this +# option could be safely disabled. (boolean value) +#clean_nodes=true + [console] @@ -635,7 +574,7 @@ api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection -connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ironic +#connection=<None> # The SQLAlchemy connection string to use to connect to the # slave database. (string value) @@ -667,8 +606,9 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size=<None> -# Maximum db connection retries during startup. Set to -1 to -# specify an infinite retry count. (integer value) +# Maximum number of database connection retries during +# startup. Set to -1 to specify an infinite retry count. +# (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries=10 @@ -704,20 +644,22 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL # connection lost. (boolean value) #use_db_reconnect=false -# Seconds between database connection retries. (integer value) +# Seconds between retries of a database transaction. (integer +# value) #db_retry_interval=1 -# If True, increases the interval between database connection -# retries up to db_max_retry_interval. (boolean value) +# If True, increases the interval between retries of a +# database operation up to db_max_retry_interval. (boolean +# value) #db_inc_retry_interval=true # If db_inc_retry_interval is set, the maximum seconds between -# database connection retries. (integer value) +# retries of a database operation. (integer value) #db_max_retry_interval=10 -# Maximum database connection retries before error is raised. -# Set to -1 to specify an infinite retry count. (integer -# value) +# Maximum retries in case of connection error or deadlock +# error before error is raised. Set to -1 to specify an +# infinite retry count. (integer value) #db_max_retries=20 @@ -729,6 +671,25 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL #mysql_engine=InnoDB +[deploy] + +# +# Options defined in ironic.drivers.modules.deploy_utils +# + +# Size of EFI system partition in MiB when configuring UEFI +# systems for local boot. (integer value) +#efi_system_partition_size=200 + +# Block size to use when writing to the nodes disk. (string +# value) +#dd_block_size=1M + +# Maximum attempts to verify an iSCSI connection is active, +# sleeping 1 second between attempts. (integer value) +#iscsi_verify_attempts=3 + + [dhcp] # @@ -740,6 +701,26 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL #dhcp_provider=neutron +[discoverd] + +# +# Options defined in ironic.drivers.modules.discoverd +# + +# whether to enable inspection using ironic-discoverd (boolean +# value) +#enabled=false + +# ironic-discoverd HTTP endpoint. If this is not set, the +# ironic-discoverd client default (http://127.0.0.1:5050) will +# be used. (string value) +#service_url=<None> + +# period (in seconds) to check status of nodes on inspection +# (integer value) +#status_check_period=60 + + [disk_partitioner] # @@ -811,13 +792,22 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL # (string value) #swift_container=glance +# This should match a config by the same name in the Glance +# configuration file. When set to 0, a single-tenant store +# will only use one container to store all images. When set to +# an integer value between 1 and 32, a single-tenant store +# will use multiple containers to store images, and this value +# will determine how many containers are created. (integer +# value) +#swift_store_multiple_containers_seed=0 + # # Options defined in ironic.common.image_service # # Default glance hostname or IP address. (string value) -glance_host={{ CONTROLLER_HOST_ADDRESS }} +#glance_host=$my_ip # Default glance port. (integer value) #glance_port=9292 @@ -828,7 +818,7 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # A list of the glance api servers available to ironic. Prefix # with https:// for SSL-based glance API servers. Format is -# [hostname|IP]:port. (string value) +# [hostname|IP]:port. (list value) #glance_api_servers=<None> # Allow to perform insecure SSL (https) requests to glance. @@ -839,8 +829,9 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # (integer value) #glance_num_retries=0 -# Default protocol to use when connecting to glance. Set to -# https for SSL. (string value) +# Authentication strategy to use when connecting to glance. +# Only "keystone" and "noauth" are currently supported by +# ironic. (string value) #auth_strategy=keystone @@ -865,6 +856,43 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # +# Options defined in ironic.drivers.modules.ilo.deploy +# + +# Priority for erase devices clean step. If unset, it defaults +# to 10. If set to 0, the step will be disabled and will not +# run during cleaning. (integer value) +#clean_priority_erase_devices=<None> + + +# +# Options defined in ironic.drivers.modules.ilo.management +# + +# Priority for reset_ilo clean step. (integer value) +#clean_priority_reset_ilo=1 + +# Priority for reset_bios_to_default clean step. (integer +# value) +#clean_priority_reset_bios_to_default=10 + +# Priority for reset_secure_boot_keys clean step. This step +# will reset the secure boot keys to manufacturing defaults. +# (integer value) +#clean_priority_reset_secure_boot_keys_to_default=20 + +# Priority for clear_secure_boot_keys clean step. This step is +# not enabled by default. It can be enabled to to clear all +# secure boot keys enrolled with iLO. (integer value) +#clean_priority_clear_secure_boot_keys=0 + +# Priority for reset_ilo_credential clean step. This step +# requires "ilo_change_password" parameter to be updated in +# nodes's driver_info with the new password. (integer value) +#clean_priority_reset_ilo_credential=30 + + +# # Options defined in ironic.drivers.modules.ilo.power # @@ -883,8 +911,12 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # Options defined in ironic.drivers.modules.ipminative # -# Maximum time in seconds to retry IPMI operations. (integer -# value) +# Maximum time in seconds to retry IPMI operations. There is a +# tradeoff when setting this value. Setting this too low may +# cause older BMCs to crash and require a hard reset. However, +# setting too high can cause the sync power state periodic +# task to hang when there are slow or unresponsive BMCs. +# (integer value) #retry_timeout=60 # Minimum time, in seconds, between IPMI operations sent to a @@ -894,79 +926,73 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} #min_command_interval=5 -[keystone_authtoken] +[irmc] # -# Options defined in keystonemiddleware.auth_token +# Options defined in ironic.drivers.modules.irmc.common # -# Prefix to prepend at the beginning of the path. Deprecated, -# use identity_uri. (string value) -#auth_admin_prefix= +# Port to be used for iRMC operations, either 80 or 443 +# (integer value) +#port=443 -# Host providing the admin Identity API endpoint. Deprecated, -# use identity_uri. (string value) -#auth_host=127.0.0.1 +# Authentication method to be used for iRMC operations, either +# "basic" or "digest" (string value) +#auth_method=basic -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -#auth_port=35357 +# Timeout (in seconds) for iRMC operations (integer value) +#client_timeout=60 -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -#auth_protocol=https +# Sensor data retrieval method, either "ipmitool" or "scci" +# (string value) +#sensor_method=ipmitool -# Complete public Identity API endpoint (string value) -auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -# Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint e.g. https://localhost:35357/ +[keystone] + +# +# Options defined in ironic.common.keystone +# + +# The region used for getting endpoints of OpenStackservices. # (string value) -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +#region_name=<None> + + +[keystone_authtoken] -# API version of the admin Identity API endpoint (string +# +# Options defined in keystonemiddleware.auth_token +# + +# Complete public Identity API endpoint. (string value) +#auth_uri=<None> + +# API version of the admin Identity API endpoint. (string # value) #auth_version=<None> # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI -# components (boolean value) +# components. (boolean value) #delay_auth_decision=false # Request timeout value for communicating with Identity API -# server. (boolean value) +# server. (integer value) #http_connect_timeout=<None> # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries=3 -# This option is deprecated and may be removed in a future -# release. Single shared secret with the Keystone -# configuration used for bootstrapping a Keystone -# installation, or otherwise bypassing the normal -# authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token=<None> - -# Keystone account username (string value) -admin_user={{ IRONIC_SERVICE_USER }} - -# Keystone account password (string value) -admin_password={{ IRONIC_SERVICE_PASSWORD }} - -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name=service - -# Env key for the swift cache (string value) +# Env key for the swift cache. (string value) #cache=<None> -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #certfile=<None> -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #keyfile=<None> @@ -977,7 +1003,7 @@ admin_tenant_name=service # Verify HTTPS connections. (boolean value) #insecure=false -# Directory used to cache files related to PKI tokens (string +# Directory used to cache files related to PKI tokens. (string # value) #signing_dir=<None> @@ -1000,7 +1026,7 @@ admin_tenant_name=service # value) #revocation_cache_time=10 -# (optional) if defined, indicate whether token data should be +# (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable # values are MAC or ENCRYPT. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token @@ -1009,38 +1035,38 @@ admin_tenant_name=service # raise an exception on initialization. (string value) #memcache_security_strategy=<None> -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string +# (Optional, mandatory if memcache_security_strategy is +# defined) This string is used for key derivation. (string # value) #memcache_secret_key=<None> -# (optional) number of seconds memcached server is considered +# (Optional) Number of seconds memcached server is considered # dead before it is tried again. (integer value) #memcache_pool_dead_retry=300 -# (optional) max total number of open connections to every +# (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize=10 -# (optional) socket timeout in seconds for communicating with +# (Optional) Socket timeout in seconds for communicating with # a memcache server. (integer value) #memcache_pool_socket_timeout=3 -# (optional) number of seconds a connection to memcached is +# (Optional) Number of seconds a connection to memcached is # held unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout=60 -# (optional) number of seconds that an operation will wait to +# (Optional) Number of seconds that an operation will wait to # get a memcache client connection from the pool. (integer # value) #memcache_pool_conn_get_timeout=10 -# (optional) use the advanced (eventlet safe) memcache client +# (Optional) Use the advanced (eventlet safe) memcache client # pool. The advanced pool will only work under python 2.x. # (boolean value) #memcache_use_advanced_pool=false -# (optional) indicate whether to set the X-Service-Catalog +# (Optional) Indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) @@ -1059,7 +1085,7 @@ admin_tenant_name=service # If true, the revocation list will be checked for cached # tokens. This requires that PKI tokens are configured on the -# Keystone server. (boolean value) +# identity server. (boolean value) #check_revocations_for_cached=false # Hash algorithms to use for hashing PKI tokens. This may be a @@ -1074,6 +1100,44 @@ admin_tenant_name=service # (list value) #hash_algorithms=md5 +# Prefix to prepend at the beginning of the path. Deprecated, +# use identity_uri. (string value) +#auth_admin_prefix= + +# Host providing the admin Identity API endpoint. Deprecated, +# use identity_uri. (string value) +#auth_host=127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +#auth_port=35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +#auth_protocol=https + +# Complete admin Identity API endpoint. This should specify +# the unversioned root endpoint e.g. https://localhost:35357/ +# (string value) +#identity_uri=<None> + +# This option is deprecated and may be removed in a future +# release. Single shared secret with the Keystone +# configuration used for bootstrapping a Keystone +# installation, or otherwise bypassing the normal +# authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token=<None> + +# Service username. (string value) +#admin_user=<None> + +# Service user password. (string value) +#admin_password=<None> + +# Service tenant name. (string value) +#admin_tenant_name=admin + [matchmaker_redis] @@ -1109,12 +1173,16 @@ admin_tenant_name=service # # URL for connecting to neutron. (string value) -url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 +#url=http://$my_ip:9696 # Timeout value for connecting to neutron in seconds. (integer # value) #url_timeout=30 +# Client retries in the case of a failed request. (integer +# value) +#retries=3 + # Default authentication strategy to use when connecting to # neutron. Can be either "keystone" or "noauth". Running # neutron in noauth mode (related to but not affected by this @@ -1122,6 +1190,248 @@ url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 # (string value) #auth_strategy=keystone +# UUID of the network to create Neutron ports on when booting +# to a ramdisk for cleaning/zapping using Neutron DHCP (string +# value) +#cleaning_network_uuid=<None> + + +[oslo_concurrency] + +# +# Options defined in oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +#disable_process_locking=false + +# Directory to use for lock files. For security, the +# specified directory should only be writable by the user +# running the processes that need locking. Defaults to +# environment variable OSLO_LOCK_PATH. If external locks are +# used, a lock path must be set. (string value) +#lock_path=<None> + + +[oslo_messaging_amqp] + +# +# Options defined in oslo.messaging +# + +# address prefix used when sending to a specific server +# (string value) +#server_request_prefix=exclusive + +# address prefix used when broadcasting to all servers (string +# value) +#broadcast_prefix=broadcast + +# address prefix when sending to any server in group (string +# value) +#group_request_prefix=unicast + +# Name for the AMQP container (string value) +#container_name=<None> + +# Timeout for inactive connections (in seconds) (integer +# value) +#idle_timeout=0 + +# Debug: dump AMQP frames to stdout (boolean value) +#trace=false + +# CA certificate PEM file for verifing server certificate +# (string value) +#ssl_ca_file= + +# Identifying certificate PEM file to present to clients +# (string value) +#ssl_cert_file= + +# Private key PEM file used to sign cert_file certificate +# (string value) +#ssl_key_file= + +# Password for decrypting ssl_key_file (if encrypted) (string +# value) +#ssl_key_password=<None> + +# Accept clients using either SSL or plain TCP (boolean value) +#allow_insecure_clients=false + + +[oslo_messaging_qpid] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The number of prefetched messages held by receiver. (integer +# value) +#qpid_receiver_capacity=1 + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + + +[oslo_messaging_rabbit] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# SSL version to use (valid only if SSL enabled). Valid values +# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may +# be available on some distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +#rabbit_host=localhost + +# The RabbitMQ broker port where a single node is used. +# (integer value) +#rabbit_port=5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +#rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +#rabbit_userid=guest + +# The RabbitMQ password. (string value) +#rabbit_password=guest + +# The RabbitMQ login method. (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# Number of seconds after which the Rabbit broker is +# considered down if heartbeat's keep-alive fails (0 disable +# the heartbeat). (integer value) +#heartbeat_timeout_threshold=60 + +# How often times during the heartbeat_timeout_threshold we +# check the heartbeat. (integer value) +#heartbeat_rate=2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +#fake_rabbit=false + + +[oslo_policy] + +# +# Options defined in oslo.policy +# + +# The JSON file that defines policies. (string value) +#policy_file=policy.json + +# Default rule. Enforced when a requested rule is not found. +# (string value) +#policy_default_rule=default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. The +# file defined by policy_file must exist for these directories +# to be searched. Missing or empty directories are ignored. +# (multi valued) +#policy_dirs=policy.d + [pxe] @@ -1173,11 +1483,11 @@ url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 #tftp_server=$my_ip # Ironic compute node's tftp root path. (string value) -tftp_root=/srv/tftp_root/ +#tftp_root=/tftpboot # Directory where master tftp images are stored on disk. # (string value) -tftp_master_path=/srv/tftp_root/master_images +#tftp_master_path=/tftpboot/master_images # Bootfile DHCP parameter. (string value) #pxe_bootfile_name=pxelinux.0 @@ -1245,3 +1555,14 @@ tftp_master_path=/srv/tftp_root/master_images #swift_max_retries=2 +[virtualbox] + +# +# Options defined in ironic.drivers.modules.virtualbox +# + +# Port on which VirtualBox web service is listening. (integer +# value) +#port=18083 + + diff --git a/install-files/openstack/usr/share/openstack/ironic/policy.json b/install-files/openstack/usr/share/openstack/ironic/policy.json deleted file mode 100644 index 94ac3a5b..00000000 --- a/install-files/openstack/usr/share/openstack/ironic/policy.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "admin": "role:admin or role:administrator", - "admin_api": "is_admin:True", - "default": "rule:admin_api" -} diff --git a/install-files/openstack/usr/share/openstack/keystone/keystone-paste.ini b/install-files/openstack/usr/share/openstack/keystone/keystone-paste.ini deleted file mode 100644 index 46f994c3..00000000 --- a/install-files/openstack/usr/share/openstack/keystone/keystone-paste.ini +++ /dev/null @@ -1,121 +0,0 @@ -# Keystone PasteDeploy configuration file. - -[filter:debug] -paste.filter_factory = keystone.common.wsgi:Debug.factory - -[filter:build_auth_context] -paste.filter_factory = keystone.middleware:AuthContextMiddleware.factory - -[filter:token_auth] -paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory - -[filter:admin_token_auth] -paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory - -[filter:xml_body] -paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory - -[filter:xml_body_v2] -paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV2.factory - -[filter:xml_body_v3] -paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV3.factory - -[filter:json_body] -paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory - -[filter:user_crud_extension] -paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory - -[filter:crud_extension] -paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory - -[filter:ec2_extension] -paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory - -[filter:ec2_extension_v3] -paste.filter_factory = keystone.contrib.ec2:Ec2ExtensionV3.factory - -[filter:federation_extension] -paste.filter_factory = keystone.contrib.federation.routers:FederationExtension.factory - -[filter:oauth1_extension] -paste.filter_factory = keystone.contrib.oauth1.routers:OAuth1Extension.factory - -[filter:s3_extension] -paste.filter_factory = keystone.contrib.s3:S3Extension.factory - -[filter:endpoint_filter_extension] -paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory - -[filter:endpoint_policy_extension] -paste.filter_factory = keystone.contrib.endpoint_policy.routers:EndpointPolicyExtension.factory - -[filter:simple_cert_extension] -paste.filter_factory = keystone.contrib.simple_cert:SimpleCertExtension.factory - -[filter:revoke_extension] -paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory - -[filter:url_normalize] -paste.filter_factory = keystone.middleware:NormalizingFilter.factory - -[filter:sizelimit] -paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory - -[filter:stats_monitoring] -paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory - -[filter:stats_reporting] -paste.filter_factory = keystone.contrib.stats:StatsExtension.factory - -[filter:access_log] -paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory - -[app:public_service] -paste.app_factory = keystone.service:public_app_factory - -[app:service_v3] -paste.app_factory = keystone.service:v3_app_factory - -[app:admin_service] -paste.app_factory = keystone.service:admin_app_factory - -[pipeline:public_api] -# The last item in this pipeline must be public_service or an equivalent -# application. It cannot be a filter. -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service - -[pipeline:admin_api] -# The last item in this pipeline must be admin_service or an equivalent -# application. It cannot be a filter. -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service - -[pipeline:api_v3] -# The last item in this pipeline must be service_v3 or an equivalent -# application. It cannot be a filter. -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3 - -[app:public_version_service] -paste.app_factory = keystone.service:public_version_app_factory - -[app:admin_version_service] -paste.app_factory = keystone.service:admin_version_app_factory - -[pipeline:public_version_api] -pipeline = sizelimit url_normalize xml_body public_version_service - -[pipeline:admin_version_api] -pipeline = sizelimit url_normalize xml_body admin_version_service - -[composite:main] -use = egg:Paste#urlmap -/v2.0 = public_api -/v3 = api_v3 -/ = public_version_api - -[composite:admin] -use = egg:Paste#urlmap -/v2.0 = admin_api -/v3 = api_v3 -/ = admin_version_api diff --git a/install-files/openstack/usr/share/openstack/keystone/keystone.conf b/install-files/openstack/usr/share/openstack/keystone/keystone.conf index 4e04c81b..1c2298bf 100644 --- a/install-files/openstack/usr/share/openstack/keystone/keystone.conf +++ b/install-files/openstack/usr/share/openstack/keystone/keystone.conf @@ -1,1588 +1,1733 @@ [DEFAULT] # -# Options defined in keystone +# From keystone # -# A "shared secret" that can be used to bootstrap Keystone. -# This "token" does not represent a user, and carries no -# explicit authorization. To disable in production (highly -# recommended), remove AdminTokenAuthMiddleware from your -# paste application pipelines (for example, in keystone- -# paste.ini). (string value) -admin_token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} - -# The IP address of the network interface for the public -# service to listen on. (string value) -# Deprecated group/name - [DEFAULT]/bind_host -#public_bind_host=0.0.0.0 - -# The IP address of the network interface for the admin -# service to listen on. (string value) -# Deprecated group/name - [DEFAULT]/bind_host -#admin_bind_host=0.0.0.0 - -# (Deprecated) The port which the OpenStack Compute service -# listens on. This option was only used for string replacement -# in the templated catalog backend. Templated catalogs should -# replace the "$(compute_port)s" substitution with the static -# port of the compute service. As of Juno, this option is -# deprecated and will be removed in the L release. (integer +# A "shared secret" that can be used to bootstrap Keystone. This "token" does +# not represent a user, and carries no explicit authorization. To disable in +# production (highly recommended), remove AdminTokenAuthMiddleware from your +# paste application pipelines (for example, in keystone-paste.ini). (string # value) -#compute_port=8774 +#admin_token = ADMIN + +# (Deprecated) The port which the OpenStack Compute service listens on. This +# option was only used for string replacement in the templated catalog backend. +# Templated catalogs should replace the "$(compute_port)s" substitution with +# the static port of the compute service. As of Juno, this option is deprecated +# and will be removed in the L release. (integer value) +#compute_port = 8774 + +# The base public endpoint URL for Keystone that is advertised to clients +# (NOTE: this does NOT affect how Keystone listens for connections). Defaults +# to the base host URL of the request. E.g. a request to +# http://server:5000/v3/users will default to http://server:5000. You should +# only need to set this value if the base URL contains a path (e.g. /prefix/v3) +# or the endpoint should be found on a different server. (string value) +#public_endpoint = <None> + +# The base admin endpoint URL for Keystone that is advertised to clients (NOTE: +# this does NOT affect how Keystone listens for connections). Defaults to the +# base host URL of the request. E.g. a request to http://server:35357/v3/users +# will default to http://server:35357. You should only need to set this value +# if the base URL contains a path (e.g. /prefix/v3) or the endpoint should be +# found on a different server. (string value) +#admin_endpoint = <None> + +# Maximum depth of the project hierarchy. WARNING: setting it to a large value +# may adversely impact performance. (integer value) +#max_project_tree_depth = 5 -# The port number which the admin service listens on. (integer -# value) -admin_port=35357 - -# The port number which the public service listens on. -# (integer value) -public_port=5000 - -# The base public endpoint URL for Keystone that is advertised -# to clients (NOTE: this does NOT affect how Keystone listens -# for connections). Defaults to the base host URL of the -# request. E.g. a request to http://server:5000/v2.0/users -# will default to http://server:5000. You should only need to -# set this value if the base URL contains a path (e.g. -# /prefix/v2.0) or the endpoint should be found on a different -# server. (string value) -#public_endpoint=<None> - -# The base admin endpoint URL for Keystone that is advertised -# to clients (NOTE: this does NOT affect how Keystone listens -# for connections). Defaults to the base host URL of the -# request. E.g. a request to http://server:35357/v2.0/users -# will default to http://server:35357. You should only need to -# set this value if the base URL contains a path (e.g. -# /prefix/v2.0) or the endpoint should be found on a different -# server. (string value) -#admin_endpoint=<None> - -# The number of worker processes to serve the public WSGI -# application. Defaults to number of CPUs (minimum of 2). -# (integer value) -#public_workers=<None> +# Limit the sizes of user & project ID/names. (integer value) +#max_param_size = 64 -# The number of worker processes to serve the admin WSGI -# application. Defaults to number of CPUs (minimum of 2). +# Similar to max_param_size, but provides an exception for token values. # (integer value) -#admin_workers=<None> - -# Enforced by optional sizelimit middleware -# (keystone.middleware:RequestBodySizeLimiter). (integer -# value) -#max_request_body_size=114688 +#max_token_size = 8192 -# Limit the sizes of user & project ID/names. (integer value) -#max_param_size=64 +# Similar to the member_role_name option, this represents the default role ID +# used to associate users with their default projects in the v2 API. This will +# be used as the explicit role where one is not specified by the v2 API. +# (string value) +#member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab -# Similar to max_param_size, but provides an exception for -# token values. (integer value) -#max_token_size=8192 +# This is the role name used in combination with the member_role_id option; see +# that option for more detail. (string value) +#member_role_name = _member_ -# During a SQL upgrade member_role_id will be used to create a -# new role that will replace records in the assignment table -# with explicit role grants. After migration, the -# member_role_id will be used in the API add_user_to_project. -# (string value) -#member_role_id=9fe2ff9ee4384b1894a90878d3e92bab - -# During a SQL upgrade member_role_name will be used to create -# a new role that will replace records in the assignment table -# with explicit role grants. After migration, member_role_name -# will be ignored. (string value) -#member_role_name=_member_ - -# The value passed as the keyword "rounds" to passlib's -# encrypt method. (integer value) -#crypt_strength=40000 - -# Set this to true if you want to enable TCP_KEEPALIVE on -# server sockets, i.e. sockets used by the Keystone wsgi -# server for client connections. (boolean value) -#tcp_keepalive=false - -# Sets the value of TCP_KEEPIDLE in seconds for each server -# socket. Only applies if tcp_keepalive is true. Not supported -# on OS X. (integer value) -#tcp_keepidle=600 - -# The maximum number of entities that will be returned in a -# collection, with no limit set by default. This global limit -# may be then overridden for a specific driver, by specifying -# a list_limit in the appropriate section (e.g. [assignment]). +# The value passed as the keyword "rounds" to passlib's encrypt method. # (integer value) -#list_limit=<None> - -# Set this to false if you want to enable the ability for -# user, group and project entities to be moved between domains -# by updating their domain_id. Allowing such movement is not -# recommended if the scope of a domain admin is being -# restricted by use of an appropriate policy file (see +#crypt_strength = 40000 + +# The maximum number of entities that will be returned in a collection, with no +# limit set by default. This global limit may be then overridden for a specific +# driver, by specifying a list_limit in the appropriate section (e.g. +# [assignment]). (integer value) +#list_limit = <None> + +# Set this to false if you want to enable the ability for user, group and +# project entities to be moved between domains by updating their domain_id. +# Allowing such movement is not recommended if the scope of a domain admin is +# being restricted by use of an appropriate policy file (see # policy.v3cloudsample as an example). (boolean value) -#domain_id_immutable=true +#domain_id_immutable = true -# If set to true, strict password length checking is performed -# for password manipulation. If a password exceeds the maximum -# length, the operation will fail with an HTTP 403 Forbidden -# error. If set to false, passwords are automatically -# truncated to the maximum length. (boolean value) -#strict_password_check=false +# If set to true, strict password length checking is performed for password +# manipulation. If a password exceeds the maximum length, the operation will +# fail with an HTTP 403 Forbidden error. If set to false, passwords are +# automatically truncated to the maximum length. (boolean value) +#strict_password_check = false +# The HTTP header used to determine the scheme for the original request, even +# if it was removed by an SSL terminating proxy. Typical value is +# "HTTP_X_FORWARDED_PROTO". (string value) +#secure_proxy_ssl_header = <None> # -# Options defined in oslo.messaging +# From keystone.notifications # -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false +# Default publisher_id for outgoing notifications (string value) +#default_publisher_id = <None> -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false +# Define the notification format for Identity Service events. A "basic" +# notification has information about the resource being operated on. A "cadf" +# notification has the same information, as well as information about the +# initiator of the event. Valid options are: basic and cadf (string value) +#notification_format = basic -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 +# +# From keystone.openstack.common.eventlet_backdoor +# -# Qpid broker hostname. (string value) -#qpid_hostname=localhost +# Enable eventlet backdoor. Acceptable values are 0, <port>, and +# <start>:<end>, where 0 results in listening on a random tcp port number; +# <port> results in listening on the specified port number (and not enabling +# backdoor if that port is in use); and <start>:<end> results in listening on +# the smallest unused port number within the specified range of port numbers. +# The chosen port is displayed in the service's log file. (string value) +#backdoor_port = <None> -# Qpid broker port. (integer value) -#qpid_port=5672 +# +# From oslo.log +# -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port +# Print debugging output (set logging level to DEBUG instead of default WARNING +# level). (boolean value) +#debug = false -# Username for Qpid connection. (string value) -#qpid_username= +# Print more verbose output (set logging level to INFO instead of default +# WARNING level). (boolean value) +#verbose = false -# Password for Qpid connection. (string value) -#qpid_password= +# The name of a logging configuration file. This file is appended to any +# existing logging configuration files. For details about logging configuration +# files, see the Python logging module documentation. (string value) +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append = <None> -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= +# DEPRECATED. A logging.Formatter log message format string which may use any +# of the available logging.LogRecord attributes. This option is deprecated. +# Please use logging_context_format_string and logging_default_format_string +# instead. (string value) +#log_format = <None> -# Seconds between connection keepalive heartbeats. (integer +# Format string for %%(asctime)s in log records. Default: %(default)s . (string # value) -#qpid_heartbeat=60 +#log_date_format = %Y-%m-%d %H:%M:%S -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true +# (Optional) Name of log file to output to. If no default is set, logging will +# go to stdout. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file = <None> -# The number of prefetched messages held by receiver. (integer +# (Optional) The base directory used for relative --log-file paths. (string # value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some -# distributions. (string value) -#kombu_ssl_version= +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = <None> -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= +# Use syslog for logging. Existing syslog format is DEPRECATED during I, and +# will change in J to honor RFC5424. (boolean value) +#use_syslog = false -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= +# (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, +# prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The +# format without the APP-NAME is deprecated in I, and will be removed in J. +# (boolean value) +#use_syslog_rfc_format = false -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= +# Syslog facility to receive log lines. (string value) +#syslog_log_facility = LOG_USER -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 +# Log output to standard error. (boolean value) +#use_stderr = true -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} +# Format string to use for log messages without context. (string value) +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s -# RabbitMQ HA cluster host:port pairs. (list value) -rabbit_hosts=$rabbit_host:$rabbit_port +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d -# Connect over SSL for RabbitMQ. (boolean value) -rabbit_use_ssl=false +# Prefix each line of exception output with this format. (string value) +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} +# Enables or disables publication of error events. (boolean value) +#publish_errors = false -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer +# The format for an instance that is passed with the log message. (string # value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 +#instance_format = "[instance: %(uuid)s] " -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean +# The format for an instance UUID that is passed with the log message. (string # value) -#rabbit_ha_queues=false +#instance_uuid_format = "[instance: %(uuid)s] " -# If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false +# +# From oslo.messaging +# -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. (string value) +#rpc_zmq_bind_address = * # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker = oslo_messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 +#rpc_zmq_port = 9501 # Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 +#rpc_zmq_contexts = 1 -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> +# Maximum number of ingress messages to locally buffer per topic. Default is +# unlimited. (integer value) +#rpc_zmq_topic_backlog = <None> # Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack +#rpc_zmq_ipc_dir = /var/run/openstack -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=keystone +# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match +# "host" option, if running Nova. (string value) +#rpc_zmq_host = localhost -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +# (integer value) +#rpc_cast_timeout = 30 # Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 +#matchmaker_heartbeat_freq = 300 # Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 +#matchmaker_heartbeat_ttl = 600 -# Size of RPC greenthread pool. (integer value) -#rpc_thread_pool_size=64 +# Size of RPC thread pool. (integer value) +#rpc_thread_pool_size = 64 -# Driver or drivers to handle sending notifications. (multi -# valued) -#notification_driver= +# Driver or drivers to handle sending notifications. (multi valued) +#notification_driver = # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics -#notification_topics=notifications +#notification_topics = notifications # Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -#transport_url=<None> - -# The messaging driver to use, defaults to rabbit. Other -# drivers include qpid and zmq. (string value) -rpc_backend=rabbit +#rpc_response_timeout = 60 -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -#control_exchange=keystone +# A URL representing the messaging driver to use and its full configuration. If +# not set, we fall back to the rpc_backend option and driver specific +# configuration. (string value) +#transport_url = <None> +# The messaging driver to use, defaults to rabbit. Other drivers include qpid +# and zmq. (string value) +#rpc_backend = rabbit -# -# Options defined in keystone.notifications -# +# The default exchange under which topics are scoped. May be overridden by an +# exchange name specified in the transport_url option. (string value) +#control_exchange = keystone -# Default publisher_id for outgoing notifications (string -# value) -#default_publisher_id=<None> +[assignment] # -# Options defined in keystone.openstack.common.eventlet_backdoor +# From keystone # -# Enable eventlet backdoor. Acceptable values are 0, <port>, -# and <start>:<end>, where 0 results in listening on a random -# tcp port number; <port> results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port=<None> +# Assignment backend driver. (string value) +#driver = <None> + +[auth] # -# Options defined in keystone.openstack.common.log +# From keystone # -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> - -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format=<None> - -# Format string for %%(asctime)s in log records. Default: -# %(default)s . (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> - -# (Optional) The base directory used for relative --log-file -# paths. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> - -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and will change in J to honor RFC5424. (boolean -# value) -use_syslog=True - -# (Optional) Enables or disables syslog rfc5424 format for -# logging. If enabled, prefixes the MSG part of the syslog -# message with APP-NAME (RFC5424). The format without the APP- -# NAME is deprecated in I, and will be removed in J. (boolean -# value) -#use_syslog_rfc_format=false - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility=LOG_USER +# Default auth methods. (list value) +#methods = external,password,token,oauth1 +# The password auth plugin module. (string value) +#password = keystone.auth.plugins.password.Password -# -# Options defined in keystone.openstack.common.policy -# +# The token auth plugin module. (string value) +#token = keystone.auth.plugins.token.Token -# The JSON file that defines policies. (string value) -#policy_file=policy.json +# The external (REMOTE_USER) auth plugin module. (string value) +#external = keystone.auth.plugins.external.DefaultDomain -# Default rule. Enforced when a requested rule is not found. -# (string value) -#policy_default_rule=default +# The oAuth1.0 auth plugin module. (string value) +#oauth1 = keystone.auth.plugins.oauth1.OAuth -[assignment] +[cache] # -# Options defined in keystone +# From keystone # -# Assignment backend driver. (string value) -#driver=<None> - -# Toggle for assignment caching. This has no effect unless -# global caching is enabled. (boolean value) -#caching=true +# Prefix for building the configuration dictionary for the cache region. This +# should not need to be changed unless there is another dogpile.cache region +# with the same configuration name. (string value) +#config_prefix = cache.keystone -# TTL (in seconds) to cache assignment data. This has no -# effect unless global caching is enabled. (integer value) -#cache_time=<None> +# Default TTL, in seconds, for any cached item in the dogpile.cache region. +# This applies to any cached method that doesn't have an explicit cache +# expiration time defined for it. (integer value) +#expiration_time = 600 -# Maximum number of entities that will be returned in an -# assignment collection. (integer value) -#list_limit=<None> +# Dogpile.cache backend module. It is recommended that Memcache with pooling +# (keystone.cache.memcache_pool) or Redis (dogpile.cache.redis) be used in +# production deployments. Small workloads (single process) like devstack can +# use the dogpile.cache.memory backend. (string value) +#backend = keystone.common.cache.noop +# Arguments supplied to the backend module. Specify this option once per +# argument to be passed to the dogpile.cache backend. Example format: +# "<argname>:<value>". (multi valued) +#backend_argument = -[auth] +# Proxy classes to import that will affect the way the dogpile.cache backend +# functions. See the dogpile.cache documentation on changing-backend-behavior. +# (list value) +#proxies = -# -# Options defined in keystone -# - -# Default auth methods. (list value) -#methods=external,password,token - -# The password auth plugin module. (string value) -#password=keystone.auth.plugins.password.Password +# Global toggle for all caching using the should_cache_fn mechanism. (boolean +# value) +#enabled = false -# The token auth plugin module. (string value) -#token=keystone.auth.plugins.token.Token +# Extra debugging from the cache backend (cache keys, get/set/delete/etc +# calls). This is only really useful if you need to see the specific cache- +# backend get/set/delete calls with the keys/values. Typically this should be +# left set to false. (boolean value) +#debug_cache_backend = false -# The external (REMOTE_USER) auth plugin module. (string -# value) -#external=keystone.auth.plugins.external.DefaultDomain +# Memcache servers in the format of "host:port". (dogpile.cache.memcache and +# keystone.cache.memcache_pool backends only). (list value) +#memcache_servers = localhost:11211 +# Number of seconds memcached server is considered dead before it is tried +# again. (dogpile.cache.memcache and keystone.cache.memcache_pool backends +# only). (integer value) +#memcache_dead_retry = 300 -[cache] +# Timeout in seconds for every call to a server. (dogpile.cache.memcache and +# keystone.cache.memcache_pool backends only). (integer value) +#memcache_socket_timeout = 3 -# -# Options defined in keystone -# - -# Prefix for building the configuration dictionary for the -# cache region. This should not need to be changed unless -# there is another dogpile.cache region with the same -# configuration name. (string value) -#config_prefix=cache.keystone - -# Default TTL, in seconds, for any cached item in the -# dogpile.cache region. This applies to any cached method that -# doesn't have an explicit cache expiration time defined for -# it. (integer value) -#expiration_time=600 - -# Dogpile.cache backend module. It is recommended that -# Memcache with pooling (keystone.cache.memcache_pool) or -# Redis (dogpile.cache.redis) be used in production -# deployments. Small workloads (single process) like devstack -# can use the dogpile.cache.memory backend. (string value) -#backend=keystone.common.cache.noop - -# Arguments supplied to the backend module. Specify this -# option once per argument to be passed to the dogpile.cache -# backend. Example format: "<argname>:<value>". (multi valued) -#backend_argument= - -# Proxy classes to import that will affect the way the -# dogpile.cache backend functions. See the dogpile.cache -# documentation on changing-backend-behavior. (list value) -#proxies= - -# Global toggle for all caching using the should_cache_fn -# mechanism. (boolean value) -#enabled=false - -# Extra debugging from the cache backend (cache keys, -# get/set/delete/etc calls). This is only really useful if you -# need to see the specific cache-backend get/set/delete calls -# with the keys/values. Typically this should be left set to -# false. (boolean value) -#debug_cache_backend=false - -# Memcache servers in the format of "host:port". -# (dogpile.cache.memcache and keystone.cache.memcache_pool -# backends only) (list value) -#memcache_servers=localhost:11211 - -# Number of seconds memcached server is considered dead before -# it is tried again. (dogpile.cache.memcache and -# keystone.cache.memcache_pool backends only) (integer value) -#memcache_dead_retry=300 - -# Timeout in seconds for every call to a server. -# (dogpile.cache.memcache and keystone.cache.memcache_pool -# backends only) (integer value) -#memcache_socket_timeout=3 - -# Max total number of open connections to every memcached -# server. (keystone.cache.memcache_pool backend only) (integer -# value) -#memcache_pool_maxsize=10 +# Max total number of open connections to every memcached server. +# (keystone.cache.memcache_pool backend only). (integer value) +#memcache_pool_maxsize = 10 -# Number of seconds a connection to memcached is held unused -# in the pool before it is closed. -# (keystone.cache.memcache_pool backend only) (integer value) -#memcache_pool_unused_timeout=60 +# Number of seconds a connection to memcached is held unused in the pool before +# it is closed. (keystone.cache.memcache_pool backend only). (integer value) +#memcache_pool_unused_timeout = 60 -# Number of seconds that an operation will wait to get a -# memcache client connection. (integer value) -#memcache_pool_connection_get_timeout=10 +# Number of seconds that an operation will wait to get a memcache client +# connection. (integer value) +#memcache_pool_connection_get_timeout = 10 [catalog] # -# Options defined in keystone +# From keystone # -# Catalog template file name for use with the template catalog -# backend. (string value) -#template_file=default_catalog.templates +# Catalog template file name for use with the template catalog backend. (string +# value) +#template_file = default_catalog.templates # Catalog backend driver. (string value) -#driver=keystone.catalog.backends.sql.Catalog - -# Toggle for catalog caching. This has no effect unless global -# caching is enabled. (boolean value) -#caching=true +#driver = keystone.catalog.backends.sql.Catalog -# Time to cache catalog data (in seconds). This has no effect -# unless global and catalog caching are enabled. (integer -# value) -#cache_time=<None> +# Toggle for catalog caching. This has no effect unless global caching is +# enabled. (boolean value) +#caching = true -# Maximum number of entities that will be returned in a -# catalog collection. (integer value) -#list_limit=<None> +# Time to cache catalog data (in seconds). This has no effect unless global and +# catalog caching are enabled. (integer value) +#cache_time = <None> -# (Deprecated) List of possible substitutions for use in -# formatting endpoints. Use caution when modifying this list. -# It will give users with permission to create endpoints the -# ability to see those values in your configuration file. This -# option will be removed in Juno. (list value) -#endpoint_substitution_whitelist=tenant_id,user_id,public_bind_host,admin_bind_host,compute_host,compute_port,admin_port,public_port,public_endpoint,admin_endpoint +# Maximum number of entities that will be returned in a catalog collection. +# (integer value) +#list_limit = <None> [credential] # -# Options defined in keystone +# From keystone # # Credential backend driver. (string value) -#driver=keystone.credential.backends.sql.Credential +#driver = keystone.credential.backends.sql.Credential [database] # -# Options defined in oslo.db +# From oslo.db # # The file name to use with SQLite. (string value) -#sqlite_db=oslo.sqlite +# Deprecated group/name - [DEFAULT]/sqlite_db +#sqlite_db = oslo.sqlite # If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous=true +# Deprecated group/name - [DEFAULT]/sqlite_synchronous +#sqlite_synchronous = true # The back end to use for the database. (string value) # Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy +#backend = sqlalchemy -# The SQLAlchemy connection string to use to connect to the -# database. (string value) +# The SQLAlchemy connection string to use to connect to the database. (string +# value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection -#connection=<None> -connection=postgresql://{{ KEYSTONE_DB_USER }}:{{ KEYSTONE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/keystone +#connection = <None> -# The SQLAlchemy connection string to use to connect to the -# slave database. (string value) -#slave_connection=<None> +# The SQLAlchemy connection string to use to connect to the slave database. +# (string value) +#slave_connection = <None> -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode=TRADITIONAL +# The SQL mode to be used for MySQL sessions. This option, including the +# default, overrides any server-set SQL mode. To use whatever SQL mode is set +# by the server configuration, set this to no value. Example: mysql_sql_mode= +# (string value) +#mysql_sql_mode = TRADITIONAL -# Timeout before idle SQL connections are reaped. (integer -# value) +# Timeout before idle SQL connections are reaped. (integer value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 +#idle_timeout = 3600 -# Minimum number of SQL connections to keep open in a pool. -# (integer value) +# Minimum number of SQL connections to keep open in a pool. (integer value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 +#min_pool_size = 1 -# Maximum number of SQL connections to keep open in a pool. -# (integer value) +# Maximum number of SQL connections to keep open in a pool. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size=<None> +#max_pool_size = <None> -# Maximum db connection retries during startup. Set to -1 to +# Maximum number of database connection retries during startup. Set to -1 to # specify an infinite retry count. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 +#max_retries = 10 -# Interval between retries of opening a SQL connection. -# (integer value) +# Interval between retries of opening a SQL connection. (integer value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 +#retry_interval = 10 -# If set, use this value for max_overflow with SQLAlchemy. -# (integer value) +# If set, use this value for max_overflow with SQLAlchemy. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow=<None> +#max_overflow = <None> -# Verbosity of SQL debugging information: 0=None, -# 100=Everything. (integer value) +# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer +# value) # Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 +#connection_debug = 0 -# Add Python stack traces to SQL as comment strings. (boolean -# value) +# Add Python stack traces to SQL as comment strings. (boolean value) # Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false +#connection_trace = false -# If set, use this value for pool_timeout with SQLAlchemy. -# (integer value) +# If set, use this value for pool_timeout with SQLAlchemy. (integer value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout=<None> +#pool_timeout = <None> -# Enable the experimental use of database reconnect on -# connection lost. (boolean value) -#use_db_reconnect=false +# Enable the experimental use of database reconnect on connection lost. +# (boolean value) +#use_db_reconnect = false -# Seconds between database connection retries. (integer value) -#db_retry_interval=1 +# Seconds between retries of a database transaction. (integer value) +#db_retry_interval = 1 -# If True, increases the interval between database connection -# retries up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval=true +# If True, increases the interval between retries of a database operation up to +# db_max_retry_interval. (boolean value) +#db_inc_retry_interval = true -# If db_inc_retry_interval is set, the maximum seconds between -# database connection retries. (integer value) -#db_max_retry_interval=10 +# If db_inc_retry_interval is set, the maximum seconds between retries of a +# database operation. (integer value) +#db_max_retry_interval = 10 -# Maximum database connection retries before error is raised. -# Set to -1 to specify an infinite retry count. (integer -# value) -#db_max_retries=20 +# Maximum retries in case of connection error or deadlock error before error is +# raised. Set to -1 to specify an infinite retry count. (integer value) +#db_max_retries = 20 -[ec2] +[domain_config] # -# Options defined in keystone +# From keystone # -# EC2Credential backend driver. (string value) -#driver=keystone.contrib.ec2.backends.kvs.Ec2 +# Domain config backend driver. (string value) +#driver = keystone.resource.config_backends.sql.DomainConfig + +# Toggle for domain config caching. This has no effect unless global caching is +# enabled. (boolean value) +#caching = true + +# TTL (in seconds) to cache domain config data. This has no effect unless +# domain config caching is enabled. (integer value) +#cache_time = 300 [endpoint_filter] # -# Options defined in keystone +# From keystone # # Endpoint Filter backend driver (string value) -#driver=keystone.contrib.endpoint_filter.backends.sql.EndpointFilter +#driver = keystone.contrib.endpoint_filter.backends.sql.EndpointFilter -# Toggle to return all active endpoints if no filter exists. -# (boolean value) -#return_all_endpoints_if_no_filter=true +# Toggle to return all active endpoints if no filter exists. (boolean value) +#return_all_endpoints_if_no_filter = true [endpoint_policy] # -# Options defined in keystone +# From keystone # # Endpoint policy backend driver (string value) -#driver=keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy +#driver = keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy + + +[eventlet_server] + +# +# From keystone +# + +# The number of worker processes to serve the public eventlet application. +# Defaults to number of CPUs (minimum of 2). (integer value) +# Deprecated group/name - [DEFAULT]/public_workers +#public_workers = <None> + +# The number of worker processes to serve the admin eventlet application. +# Defaults to number of CPUs (minimum of 2). (integer value) +# Deprecated group/name - [DEFAULT]/admin_workers +#admin_workers = <None> + +# The IP address of the network interface for the public service to listen on. +# (string value) +# Deprecated group/name - [DEFAULT]/bind_host +# Deprecated group/name - [DEFAULT]/public_bind_host +#public_bind_host = 0.0.0.0 + +# The port number which the public service listens on. (integer value) +# Deprecated group/name - [DEFAULT]/public_port +#public_port = 5000 + +# The IP address of the network interface for the admin service to listen on. +# (string value) +# Deprecated group/name - [DEFAULT]/bind_host +# Deprecated group/name - [DEFAULT]/admin_bind_host +#admin_bind_host = 0.0.0.0 + +# The port number which the admin service listens on. (integer value) +# Deprecated group/name - [DEFAULT]/admin_port +#admin_port = 35357 + +# Set this to true if you want to enable TCP_KEEPALIVE on server sockets, i.e. +# sockets used by the Keystone wsgi server for client connections. (boolean +# value) +# Deprecated group/name - [DEFAULT]/tcp_keepalive +#tcp_keepalive = false + +# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only +# applies if tcp_keepalive is true. (integer value) +# Deprecated group/name - [DEFAULT]/tcp_keepidle +#tcp_keepidle = 600 + + +[eventlet_server_ssl] + +# +# From keystone +# + +# Toggle for SSL support on the Keystone eventlet servers. (boolean value) +# Deprecated group/name - [ssl]/enable +#enable = false + +# Path of the certfile for SSL. For non-production environments, you may be +# interested in using `keystone-manage ssl_setup` to generate self-signed +# certificates. (string value) +# Deprecated group/name - [ssl]/certfile +#certfile = /etc/keystone/ssl/certs/keystone.pem + +# Path of the keyfile for SSL. (string value) +# Deprecated group/name - [ssl]/keyfile +#keyfile = /etc/keystone/ssl/private/keystonekey.pem + +# Path of the CA cert file for SSL. (string value) +# Deprecated group/name - [ssl]/ca_certs +#ca_certs = /etc/keystone/ssl/certs/ca.pem + +# Require client certificate. (boolean value) +# Deprecated group/name - [ssl]/cert_required +#cert_required = false [federation] # -# Options defined in keystone +# From keystone # # Federation backend driver. (string value) -#driver=keystone.contrib.federation.backends.sql.Federation +#driver = keystone.contrib.federation.backends.sql.Federation + +# Value to be used when filtering assertion parameters from the environment. +# (string value) +#assertion_prefix = + +# Value to be used to obtain the entity ID of the Identity Provider from the +# environment (e.g. if using the mod_shib plugin this value is `Shib-Identity- +# Provider`). (string value) +#remote_id_attribute = <None> + +# A domain name that is reserved to allow federated ephemeral users to have a +# domain concept. Note that an admin will not be able to create a domain with +# this name or update an existing domain to this name. You are not advised to +# change this value unless you really have to. Changing this option to empty +# string or None will not have any impact and default name will be used. +# (string value) +#federated_domain_name = Federated + +# A list of trusted dashboard hosts. Before accepting a Single Sign-On request +# to return a token, the origin host must be a member of the trusted_dashboard +# list. This configuration option may be repeated for multiple values. For +# example: trusted_dashboard=http://acme.com trusted_dashboard=http://beta.com +# (multi valued) +#trusted_dashboard = + +# Location of Single Sign-On callback handler, will return a token to a trusted +# dashboard host. (string value) +#sso_callback_template = /etc/keystone/sso_callback_template.html + + +[fernet_tokens] + +# +# From keystone +# -# Value to be used when filtering assertion parameters from -# the environment. (string value) -#assertion_prefix= +# Directory containing Fernet token keys. (string value) +#key_repository = /etc/keystone/fernet-keys/ + +# This controls how many keys are held in rotation by keystone-manage +# fernet_rotate before they are discarded. The default value of 3 means that +# keystone will maintain one staged key, one primary key, and one secondary +# key. Increasing this value means that additional secondary keys will be kept +# in the rotation. (integer value) +#max_active_keys = 3 [identity] # -# Options defined in keystone +# From keystone # -# This references the domain to use for all Identity API v2 -# requests (which are not aware of domains). A domain with -# this ID will be created for you by keystone-manage db_sync -# in migration 008. The domain referenced by this ID cannot be -# deleted on the v3 API, to prevent accidentally breaking the -# v2 API. There is nothing special about this domain, other -# than the fact that it must exist to order to maintain -# support for your v2 clients. (string value) -#default_domain_id=default +# This references the domain to use for all Identity API v2 requests (which are +# not aware of domains). A domain with this ID will be created for you by +# keystone-manage db_sync in migration 008. The domain referenced by this ID +# cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API. +# There is nothing special about this domain, other than the fact that it must +# exist to order to maintain support for your v2 clients. (string value) +#default_domain_id = default + +# A subset (or all) of domains can have their own identity driver, each with +# their own partial configuration options, stored in either the resource +# backend or in a file in a domain configuration directory (depending on the +# setting of domain_configurations_from_database). Only values specific to the +# domain need to be specified in this manner. This feature is disabled by +# default; set to true to enable. (boolean value) +#domain_specific_drivers_enabled = false -# A subset (or all) of domains can have their own identity -# driver, each with their own partial configuration file in a -# domain configuration directory. Only values specific to the -# domain need to be placed in the domain specific -# configuration file. This feature is disabled by default; set -# to true to enable. (boolean value) -#domain_specific_drivers_enabled=false +# Extract the domain specific configuration options from the resource backend +# where they have been stored with the domain data. This feature is disabled by +# default (in which case the domain specific options will be loaded from files +# in the domain configuration directory); set to true to enable. (boolean +# value) +#domain_configurations_from_database = false -# Path for Keystone to locate the domain specific identity -# configuration files if domain_specific_drivers_enabled is -# set to true. (string value) -#domain_config_dir=/etc/keystone/domains +# Path for Keystone to locate the domain specific identity configuration files +# if domain_specific_drivers_enabled is set to true. (string value) +#domain_config_dir = /etc/keystone/domains # Identity backend driver. (string value) -#driver=keystone.identity.backends.sql.Identity +#driver = keystone.identity.backends.sql.Identity -# Maximum supported length for user passwords; decrease to -# improve performance. (integer value) -#max_password_length=4096 +# Toggle for identity caching. This has no effect unless global caching is +# enabled. (boolean value) +#caching = true + +# Time to cache identity data (in seconds). This has no effect unless global +# and identity caching are enabled. (integer value) +#cache_time = 600 + +# Maximum supported length for user passwords; decrease to improve performance. +# (integer value) +#max_password_length = 4096 -# Maximum number of entities that will be returned in an -# identity collection. (integer value) -#list_limit=<None> +# Maximum number of entities that will be returned in an identity collection. +# (integer value) +#list_limit = <None> [identity_mapping] # -# Options defined in keystone +# From keystone # # Keystone Identity Mapping backend driver. (string value) -#driver=keystone.identity.mapping_backends.sql.Mapping - -# Public ID generator for user and group entities. The -# Keystone identity mapper only supports generators that -# produce no more than 64 characters. (string value) -#generator=keystone.identity.id_generators.sha256.Generator - -# The format of user and group IDs changed in Juno for -# backends that do not generate UUIDs (e.g. LDAP), with -# keystone providing a hash mapping to the underlying -# attribute in LDAP. By default this mapping is disabled, -# which ensures that existing IDs will not change. Even when -# the mapping is enabled by using domain specific drivers, any -# users and groups from the default domain being handled by -# LDAP will still not be mapped to ensure their IDs remain -# backward compatible. Setting this value to False will enable -# the mapping for even the default LDAP driver. It is only -# safe to do this if you do not already have assignments for -# users and groups from the default LDAP domain, and it is -# acceptable for Keystone to provide the different IDs to -# clients than it did previously. Typically this means that -# the only time you can set this value to False is when -# configuring a fresh installation. (boolean value) -#backward_compatible_ids=true +#driver = keystone.identity.mapping_backends.sql.Mapping + +# Public ID generator for user and group entities. The Keystone identity mapper +# only supports generators that produce no more than 64 characters. (string +# value) +#generator = keystone.identity.id_generators.sha256.Generator + +# The format of user and group IDs changed in Juno for backends that do not +# generate UUIDs (e.g. LDAP), with keystone providing a hash mapping to the +# underlying attribute in LDAP. By default this mapping is disabled, which +# ensures that existing IDs will not change. Even when the mapping is enabled +# by using domain specific drivers, any users and groups from the default +# domain being handled by LDAP will still not be mapped to ensure their IDs +# remain backward compatible. Setting this value to False will enable the +# mapping for even the default LDAP driver. It is only safe to do this if you +# do not already have assignments for users and groups from the default LDAP +# domain, and it is acceptable for Keystone to provide the different IDs to +# clients than it did previously. Typically this means that the only time you +# can set this value to False is when configuring a fresh installation. +# (boolean value) +#backward_compatible_ids = true [kvs] # -# Options defined in keystone +# From keystone # -# Extra dogpile.cache backend modules to register with the -# dogpile.cache library. (list value) -#backends= +# Extra dogpile.cache backend modules to register with the dogpile.cache +# library. (list value) +#backends = -# Prefix for building the configuration dictionary for the KVS -# region. This should not need to be changed unless there is -# another dogpile.cache region with the same configuration -# name. (string value) -#config_prefix=keystone.kvs +# Prefix for building the configuration dictionary for the KVS region. This +# should not need to be changed unless there is another dogpile.cache region +# with the same configuration name. (string value) +#config_prefix = keystone.kvs -# Toggle to disable using a key-mangling function to ensure -# fixed length keys. This is toggle-able for debugging -# purposes, it is highly recommended to always leave this set -# to true. (boolean value) -#enable_key_mangler=true +# Toggle to disable using a key-mangling function to ensure fixed length keys. +# This is toggle-able for debugging purposes, it is highly recommended to +# always leave this set to true. (boolean value) +#enable_key_mangler = true -# Default lock timeout for distributed locking. (integer -# value) -#default_lock_timeout=5 +# Default lock timeout (in seconds) for distributed locking. (integer value) +#default_lock_timeout = 5 [ldap] # -# Options defined in keystone +# From keystone # # URL for connecting to the LDAP server. (string value) -#url=ldap://localhost +#url = ldap://localhost # User BindDN to query the LDAP server. (string value) -#user=<None> +#user = <None> -# Password for the BindDN to query the LDAP server. (string -# value) -#password=<None> +# Password for the BindDN to query the LDAP server. (string value) +#password = <None> # LDAP server suffix (string value) -#suffix=cn=example,cn=com +#suffix = cn=example,cn=com -# If true, will add a dummy member to groups. This is required -# if the objectclass for groups requires the "member" -# attribute. (boolean value) -#use_dumb_member=false +# If true, will add a dummy member to groups. This is required if the +# objectclass for groups requires the "member" attribute. (boolean value) +#use_dumb_member = false -# DN of the "dummy member" to use when "use_dumb_member" is -# enabled. (string value) -#dumb_member=cn=dumb,dc=nonexistent +# DN of the "dummy member" to use when "use_dumb_member" is enabled. (string +# value) +#dumb_member = cn=dumb,dc=nonexistent -# Delete subtrees using the subtree delete control. Only -# enable this option if your LDAP server supports subtree -# deletion. (boolean value) -#allow_subtree_delete=false +# Delete subtrees using the subtree delete control. Only enable this option if +# your LDAP server supports subtree deletion. (boolean value) +#allow_subtree_delete = false -# The LDAP scope for queries, this can be either "one" -# (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). -# (string value) -#query_scope=one +# The LDAP scope for queries, this can be either "one" (onelevel/singleLevel) +# or "sub" (subtree/wholeSubtree). (string value) +#query_scope = one -# Maximum results per page; a value of zero ("0") disables -# paging. (integer value) -#page_size=0 +# Maximum results per page; a value of zero ("0") disables paging. (integer +# value) +#page_size = 0 -# The LDAP dereferencing option for queries. This can be -# either "never", "searching", "always", "finding" or -# "default". The "default" option falls back to using default -# dereferencing configured by your ldap.conf. (string value) -#alias_dereferencing=default +# The LDAP dereferencing option for queries. This can be either "never", +# "searching", "always", "finding" or "default". The "default" option falls +# back to using default dereferencing configured by your ldap.conf. (string +# value) +#alias_dereferencing = default -# Sets the LDAP debugging level for LDAP calls. A value of 0 -# means that debugging is not enabled. This value is a -# bitmask, consult your LDAP documentation for possible -# values. (integer value) -#debug_level=<None> +# Sets the LDAP debugging level for LDAP calls. A value of 0 means that +# debugging is not enabled. This value is a bitmask, consult your LDAP +# documentation for possible values. (integer value) +#debug_level = <None> -# Override the system's default referral chasing behavior for -# queries. (boolean value) -#chase_referrals=<None> +# Override the system's default referral chasing behavior for queries. (boolean +# value) +#chase_referrals = <None> # Search base for users. (string value) -#user_tree_dn=<None> +#user_tree_dn = <None> # LDAP search filter for users. (string value) -#user_filter=<None> +#user_filter = <None> # LDAP objectclass for users. (string value) -#user_objectclass=inetOrgPerson +#user_objectclass = inetOrgPerson -# LDAP attribute mapped to user id. WARNING: must not be a -# multivalued attribute. (string value) -#user_id_attribute=cn +# LDAP attribute mapped to user id. WARNING: must not be a multivalued +# attribute. (string value) +#user_id_attribute = cn # LDAP attribute mapped to user name. (string value) -#user_name_attribute=sn +#user_name_attribute = sn # LDAP attribute mapped to user email. (string value) -#user_mail_attribute=mail +#user_mail_attribute = mail # LDAP attribute mapped to password. (string value) -#user_pass_attribute=userPassword +#user_pass_attribute = userPassword # LDAP attribute mapped to user enabled flag. (string value) -#user_enabled_attribute=enabled - -# Invert the meaning of the boolean enabled values. Some LDAP -# servers use a boolean lock attribute where "true" means an -# account is disabled. Setting "user_enabled_invert = true" -# will allow these lock attributes to be used. This setting -# will have no effect if "user_enabled_mask" or -# "user_enabled_emulation" settings are in use. (boolean -# value) -#user_enabled_invert=false - -# Bitmask integer to indicate the bit that the enabled value -# is stored in if the LDAP server represents "enabled" as a -# bit on an integer rather than a boolean. A value of "0" -# indicates the mask is not used. If this is not set to "0" -# the typical value is "2". This is typically used when -# "user_enabled_attribute = userAccountControl". (integer -# value) -#user_enabled_mask=0 - -# Default value to enable users. This should match an -# appropriate int value if the LDAP server uses non-boolean -# (bitmask) values to indicate if a user is enabled or -# disabled. If this is not set to "True" the typical value is -# "512". This is typically used when "user_enabled_attribute = -# userAccountControl". (string value) -#user_enabled_default=True +#user_enabled_attribute = enabled + +# Invert the meaning of the boolean enabled values. Some LDAP servers use a +# boolean lock attribute where "true" means an account is disabled. Setting +# "user_enabled_invert = true" will allow these lock attributes to be used. +# This setting will have no effect if "user_enabled_mask" or +# "user_enabled_emulation" settings are in use. (boolean value) +#user_enabled_invert = false + +# Bitmask integer to indicate the bit that the enabled value is stored in if +# the LDAP server represents "enabled" as a bit on an integer rather than a +# boolean. A value of "0" indicates the mask is not used. If this is not set to +# "0" the typical value is "2". This is typically used when +# "user_enabled_attribute = userAccountControl". (integer value) +#user_enabled_mask = 0 + +# Default value to enable users. This should match an appropriate int value if +# the LDAP server uses non-boolean (bitmask) values to indicate if a user is +# enabled or disabled. If this is not set to "True" the typical value is "512". +# This is typically used when "user_enabled_attribute = userAccountControl". +# (string value) +#user_enabled_default = True -# List of attributes stripped off the user on update. (list -# value) -#user_attribute_ignore=default_project_id,tenants +# List of attributes stripped off the user on update. (list value) +#user_attribute_ignore = default_project_id,tenants -# LDAP attribute mapped to default_project_id for users. -# (string value) -#user_default_project_id_attribute=<None> +# LDAP attribute mapped to default_project_id for users. (string value) +#user_default_project_id_attribute = <None> # Allow user creation in LDAP backend. (boolean value) -#user_allow_create=true +#user_allow_create = true # Allow user updates in LDAP backend. (boolean value) -#user_allow_update=true +#user_allow_update = true # Allow user deletion in LDAP backend. (boolean value) -#user_allow_delete=true +#user_allow_delete = true -# If true, Keystone uses an alternative method to determine if -# a user is enabled or not by checking if they are a member of -# the "user_enabled_emulation_dn" group. (boolean value) -#user_enabled_emulation=false +# If true, Keystone uses an alternative method to determine if a user is +# enabled or not by checking if they are a member of the +# "user_enabled_emulation_dn" group. (boolean value) +#user_enabled_emulation = false -# DN of the group entry to hold enabled users when using -# enabled emulation. (string value) -#user_enabled_emulation_dn=<None> +# DN of the group entry to hold enabled users when using enabled emulation. +# (string value) +#user_enabled_emulation_dn = <None> -# List of additional LDAP attributes used for mapping -# additional attribute mappings for users. Attribute mapping -# format is <ldap_attr>:<user_attr>, where ldap_attr is the -# attribute in the LDAP entry and user_attr is the Identity -# API attribute. (list value) -#user_additional_attribute_mapping= +# List of additional LDAP attributes used for mapping additional attribute +# mappings for users. Attribute mapping format is <ldap_attr>:<user_attr>, +# where ldap_attr is the attribute in the LDAP entry and user_attr is the +# Identity API attribute. (list value) +#user_additional_attribute_mapping = # Search base for projects (string value) # Deprecated group/name - [ldap]/tenant_tree_dn -#project_tree_dn=<None> +#project_tree_dn = <None> # LDAP search filter for projects. (string value) # Deprecated group/name - [ldap]/tenant_filter -#project_filter=<None> +#project_filter = <None> # LDAP objectclass for projects. (string value) # Deprecated group/name - [ldap]/tenant_objectclass -#project_objectclass=groupOfNames +#project_objectclass = groupOfNames # LDAP attribute mapped to project id. (string value) # Deprecated group/name - [ldap]/tenant_id_attribute -#project_id_attribute=cn +#project_id_attribute = cn -# LDAP attribute mapped to project membership for user. -# (string value) +# LDAP attribute mapped to project membership for user. (string value) # Deprecated group/name - [ldap]/tenant_member_attribute -#project_member_attribute=member +#project_member_attribute = member # LDAP attribute mapped to project name. (string value) # Deprecated group/name - [ldap]/tenant_name_attribute -#project_name_attribute=ou +#project_name_attribute = ou # LDAP attribute mapped to project description. (string value) # Deprecated group/name - [ldap]/tenant_desc_attribute -#project_desc_attribute=description +#project_desc_attribute = description # LDAP attribute mapped to project enabled. (string value) # Deprecated group/name - [ldap]/tenant_enabled_attribute -#project_enabled_attribute=enabled +#project_enabled_attribute = enabled # LDAP attribute mapped to project domain_id. (string value) # Deprecated group/name - [ldap]/tenant_domain_id_attribute -#project_domain_id_attribute=businessCategory +#project_domain_id_attribute = businessCategory -# List of attributes stripped off the project on update. (list -# value) +# List of attributes stripped off the project on update. (list value) # Deprecated group/name - [ldap]/tenant_attribute_ignore -#project_attribute_ignore= +#project_attribute_ignore = # Allow project creation in LDAP backend. (boolean value) # Deprecated group/name - [ldap]/tenant_allow_create -#project_allow_create=true +#project_allow_create = true # Allow project update in LDAP backend. (boolean value) # Deprecated group/name - [ldap]/tenant_allow_update -#project_allow_update=true +#project_allow_update = true # Allow project deletion in LDAP backend. (boolean value) # Deprecated group/name - [ldap]/tenant_allow_delete -#project_allow_delete=true +#project_allow_delete = true -# If true, Keystone uses an alternative method to determine if -# a project is enabled or not by checking if they are a member -# of the "project_enabled_emulation_dn" group. (boolean value) +# If true, Keystone uses an alternative method to determine if a project is +# enabled or not by checking if they are a member of the +# "project_enabled_emulation_dn" group. (boolean value) # Deprecated group/name - [ldap]/tenant_enabled_emulation -#project_enabled_emulation=false +#project_enabled_emulation = false -# DN of the group entry to hold enabled projects when using -# enabled emulation. (string value) +# DN of the group entry to hold enabled projects when using enabled emulation. +# (string value) # Deprecated group/name - [ldap]/tenant_enabled_emulation_dn -#project_enabled_emulation_dn=<None> +#project_enabled_emulation_dn = <None> -# Additional attribute mappings for projects. Attribute -# mapping format is <ldap_attr>:<user_attr>, where ldap_attr -# is the attribute in the LDAP entry and user_attr is the -# Identity API attribute. (list value) +# Additional attribute mappings for projects. Attribute mapping format is +# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry +# and user_attr is the Identity API attribute. (list value) # Deprecated group/name - [ldap]/tenant_additional_attribute_mapping -#project_additional_attribute_mapping= +#project_additional_attribute_mapping = # Search base for roles. (string value) -#role_tree_dn=<None> +#role_tree_dn = <None> # LDAP search filter for roles. (string value) -#role_filter=<None> +#role_filter = <None> # LDAP objectclass for roles. (string value) -#role_objectclass=organizationalRole +#role_objectclass = organizationalRole # LDAP attribute mapped to role id. (string value) -#role_id_attribute=cn +#role_id_attribute = cn # LDAP attribute mapped to role name. (string value) -#role_name_attribute=ou +#role_name_attribute = ou # LDAP attribute mapped to role membership. (string value) -#role_member_attribute=roleOccupant +#role_member_attribute = roleOccupant -# List of attributes stripped off the role on update. (list -# value) -#role_attribute_ignore= +# List of attributes stripped off the role on update. (list value) +#role_attribute_ignore = # Allow role creation in LDAP backend. (boolean value) -#role_allow_create=true +#role_allow_create = true # Allow role update in LDAP backend. (boolean value) -#role_allow_update=true +#role_allow_update = true # Allow role deletion in LDAP backend. (boolean value) -#role_allow_delete=true +#role_allow_delete = true -# Additional attribute mappings for roles. Attribute mapping -# format is <ldap_attr>:<user_attr>, where ldap_attr is the -# attribute in the LDAP entry and user_attr is the Identity -# API attribute. (list value) -#role_additional_attribute_mapping= +# Additional attribute mappings for roles. Attribute mapping format is +# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry +# and user_attr is the Identity API attribute. (list value) +#role_additional_attribute_mapping = # Search base for groups. (string value) -#group_tree_dn=<None> +#group_tree_dn = <None> # LDAP search filter for groups. (string value) -#group_filter=<None> +#group_filter = <None> # LDAP objectclass for groups. (string value) -#group_objectclass=groupOfNames +#group_objectclass = groupOfNames # LDAP attribute mapped to group id. (string value) -#group_id_attribute=cn +#group_id_attribute = cn # LDAP attribute mapped to group name. (string value) -#group_name_attribute=ou +#group_name_attribute = ou -# LDAP attribute mapped to show group membership. (string -# value) -#group_member_attribute=member +# LDAP attribute mapped to show group membership. (string value) +#group_member_attribute = member # LDAP attribute mapped to group description. (string value) -#group_desc_attribute=description +#group_desc_attribute = description -# List of attributes stripped off the group on update. (list -# value) -#group_attribute_ignore= +# List of attributes stripped off the group on update. (list value) +#group_attribute_ignore = # Allow group creation in LDAP backend. (boolean value) -#group_allow_create=true +#group_allow_create = true # Allow group update in LDAP backend. (boolean value) -#group_allow_update=true +#group_allow_update = true # Allow group deletion in LDAP backend. (boolean value) -#group_allow_delete=true - -# Additional attribute mappings for groups. Attribute mapping -# format is <ldap_attr>:<user_attr>, where ldap_attr is the -# attribute in the LDAP entry and user_attr is the Identity -# API attribute. (list value) -#group_additional_attribute_mapping= +#group_allow_delete = true -# CA certificate file path for communicating with LDAP -# servers. (string value) -#tls_cacertfile=<None> +# Additional attribute mappings for groups. Attribute mapping format is +# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry +# and user_attr is the Identity API attribute. (list value) +#group_additional_attribute_mapping = -# CA certificate directory path for communicating with LDAP -# servers. (string value) -#tls_cacertdir=<None> +# CA certificate file path for communicating with LDAP servers. (string value) +#tls_cacertfile = <None> -# Enable TLS for communicating with LDAP servers. (boolean +# CA certificate directory path for communicating with LDAP servers. (string # value) -#use_tls=false +#tls_cacertdir = <None> -# Valid options for tls_req_cert are demand, never, and allow. -# (string value) -#tls_req_cert=demand +# Enable TLS for communicating with LDAP servers. (boolean value) +#use_tls = false + +# Valid options for tls_req_cert are demand, never, and allow. (string value) +#tls_req_cert = demand # Enable LDAP connection pooling. (boolean value) -#use_pool=false +#use_pool = false # Connection pool size. (integer value) -#pool_size=10 +#pool_size = 10 # Maximum count of reconnect trials. (integer value) -#pool_retry_max=3 +#pool_retry_max = 3 -# Time span in seconds to wait between two reconnect trials. -# (floating point value) -#pool_retry_delay=0.1 +# Time span in seconds to wait between two reconnect trials. (floating point +# value) +#pool_retry_delay = 0.1 -# Connector timeout in seconds. Value -1 indicates indefinite -# wait for response. (integer value) -#pool_connection_timeout=-1 +# Connector timeout in seconds. Value -1 indicates indefinite wait for +# response. (integer value) +#pool_connection_timeout = -1 # Connection lifetime in seconds. (integer value) -#pool_connection_lifetime=600 +#pool_connection_lifetime = 600 -# Enable LDAP connection pooling for end user authentication. -# If use_pool is disabled, then this setting is meaningless -# and is not used at all. (boolean value) -#use_auth_pool=false +# Enable LDAP connection pooling for end user authentication. If use_pool is +# disabled, then this setting is meaningless and is not used at all. (boolean +# value) +#use_auth_pool = false # End user auth connection pool size. (integer value) -#auth_pool_size=100 +#auth_pool_size = 100 -# End user auth connection lifetime in seconds. (integer -# value) -#auth_pool_connection_lifetime=60 +# End user auth connection lifetime in seconds. (integer value) +#auth_pool_connection_lifetime = 60 [matchmaker_redis] # -# Options defined in oslo.messaging +# From oslo.messaging # # Host to locate redis. (string value) -#host=127.0.0.1 +#host = 127.0.0.1 # Use this port to connect to redis host. (integer value) -#port=6379 +#port = 6379 # Password for Redis server (optional). (string value) -#password=<None> +#password = <None> [matchmaker_ring] # -# Options defined in oslo.messaging +# From oslo.messaging # # Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json +#ringfile = /etc/oslo/matchmaker_ring.json [memcache] # -# Options defined in keystone +# From keystone # # Memcache servers in the format of "host:port". (list value) -#servers=localhost:11211 - -# Number of seconds memcached server is considered dead before -# it is tried again. This is used by the key value store -# system (e.g. token pooled memcached persistence backend). -# (integer value) -#dead_retry=300 +#servers = localhost:11211 -# Timeout in seconds for every call to a server. This is used -# by the key value store system (e.g. token pooled memcached -# persistence backend). (integer value) -#socket_timeout=3 +# Number of seconds memcached server is considered dead before it is tried +# again. This is used by the key value store system (e.g. token pooled +# memcached persistence backend). (integer value) +#dead_retry = 300 -# Max total number of open connections to every memcached -# server. This is used by the key value store system (e.g. -# token pooled memcached persistence backend). (integer value) -#pool_maxsize=10 +# Timeout in seconds for every call to a server. This is used by the key value +# store system (e.g. token pooled memcached persistence backend). (integer +# value) +#socket_timeout = 3 -# Number of seconds a connection to memcached is held unused -# in the pool before it is closed. This is used by the key -# value store system (e.g. token pooled memcached persistence +# Max total number of open connections to every memcached server. This is used +# by the key value store system (e.g. token pooled memcached persistence # backend). (integer value) -#pool_unused_timeout=60 +#pool_maxsize = 10 -# Number of seconds that an operation will wait to get a -# memcache client connection. This is used by the key value -# store system (e.g. token pooled memcached persistence -# backend). (integer value) -#pool_connection_get_timeout=10 +# Number of seconds a connection to memcached is held unused in the pool before +# it is closed. This is used by the key value store system (e.g. token pooled +# memcached persistence backend). (integer value) +#pool_unused_timeout = 60 + +# Number of seconds that an operation will wait to get a memcache client +# connection. This is used by the key value store system (e.g. token pooled +# memcached persistence backend). (integer value) +#pool_connection_get_timeout = 10 [oauth1] # -# Options defined in keystone +# From keystone # # Credential backend driver. (string value) -#driver=keystone.contrib.oauth1.backends.sql.OAuth1 +#driver = keystone.contrib.oauth1.backends.sql.OAuth1 -# Duration (in seconds) for the OAuth Request Token. (integer -# value) -#request_token_duration=28800 +# Duration (in seconds) for the OAuth Request Token. (integer value) +#request_token_duration = 28800 -# Duration (in seconds) for the OAuth Access Token. (integer -# value) -#access_token_duration=86400 +# Duration (in seconds) for the OAuth Access Token. (integer value) +#access_token_duration = 86400 [os_inherit] # -# Options defined in keystone +# From keystone +# + +# role-assignment inheritance to projects from owning domain or from projects +# higher in the hierarchy can be optionally enabled. (boolean value) +#enabled = false + + +[oslo_messaging_amqp] + # +# From oslo.messaging +# + +# address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +#server_request_prefix = exclusive + +# address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +#broadcast_prefix = broadcast + +# address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +#group_request_prefix = unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +#container_name = <None> + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +#idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +#trace = false + +# CA certificate PEM file for verifing server certificate (string value) +# Deprecated group/name - [amqp1]/ssl_ca_file +#ssl_ca_file = + +# Identifying certificate PEM file to present to clients (string value) +# Deprecated group/name - [amqp1]/ssl_cert_file +#ssl_cert_file = + +# Private key PEM file used to sign cert_file certificate (string value) +# Deprecated group/name - [amqp1]/ssl_key_file +#ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +#ssl_key_password = <None> + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +#allow_insecure_clients = false -# role-assignment inheritance to projects from owning domain -# can be optionally enabled. (boolean value) -#enabled=false + +[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +#qpid_hostname = localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +#qpid_port = 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +#qpid_hosts = $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +#qpid_username = + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +#qpid_password = + +# Space separated list of SASL mechanisms to use for auth. (string value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +#qpid_sasl_mechanisms = + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +#qpid_heartbeat = 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +#qpid_protocol = tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +#qpid_tcp_nodelay = true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +#qpid_receiver_capacity = 1 + +# The qpid topology version to use. Version 1 is what was originally used by +# impl_qpid. Version 2 includes some backwards-incompatible changes that allow +# broker federation to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +#qpid_topology_version = 1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and +# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some +# distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +#kombu_ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +#kombu_ssl_keyfile = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +#kombu_ssl_certfile = + +# SSL certification authority file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +#kombu_ssl_ca_certs = + +# How long to wait before reconnecting in response to an AMQP consumer cancel +# notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +#kombu_reconnect_delay = 1.0 + +# The RabbitMQ broker address where a single node is used. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_host +#rabbit_host = localhost + +# The RabbitMQ broker port where a single node is used. (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_port +#rabbit_port = 5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +#rabbit_hosts = $rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +#rabbit_use_ssl = false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +#rabbit_userid = guest + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +#rabbit_password = guest + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +#rabbit_login_method = AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +#rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +#rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +#rabbit_retry_backoff = 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry +# count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +#rabbit_max_retries = 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you +# must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +#rabbit_ha_queues = false + +# Number of seconds after which the Rabbit broker is considered down if +# heartbeat's keep-alive fails (0 disable the heartbeat). (integer value) +#heartbeat_timeout_threshold = 60 + +# How often times during the heartbeat_timeout_threshold we check the +# heartbeat. (integer value) +#heartbeat_rate = 2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +#fake_rabbit = false + + +[oslo_middleware] + +# +# From oslo.middleware +# + +# The maximum body size for each request, in bytes. (integer value) +# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size +# Deprecated group/name - [DEFAULT]/max_request_body_size +#max_request_body_size = 114688 + + +[oslo_policy] + +# +# From oslo.policy +# + +# The JSON file that defines policies. (string value) +# Deprecated group/name - [DEFAULT]/policy_file +#policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. (string value) +# Deprecated group/name - [DEFAULT]/policy_default_rule +#policy_default_rule = default + +# Directories where policy configuration files are stored. They can be relative +# to any directory in the search path defined by the config_dir option, or +# absolute paths. The file defined by policy_file must exist for these +# directories to be searched. Missing or empty directories are ignored. (multi +# valued) +# Deprecated group/name - [DEFAULT]/policy_dirs +#policy_dirs = policy.d [paste_deploy] # -# Options defined in keystone +# From keystone # -# Name of the paste configuration file that defines the -# available pipelines. (string value) -#config_file=keystone-paste.ini +# Name of the paste configuration file that defines the available pipelines. +# (string value) +#config_file = keystone-paste.ini [policy] # -# Options defined in keystone +# From keystone # # Policy backend driver. (string value) -#driver=keystone.policy.backends.sql.Policy +#driver = keystone.policy.backends.sql.Policy + +# Maximum number of entities that will be returned in a policy collection. +# (integer value) +#list_limit = <None> + -# Maximum number of entities that will be returned in a policy -# collection. (integer value) -#list_limit=<None> +[resource] + +# +# From keystone +# + +# Resource backend driver. If a resource driver is not specified, the +# assignment driver will choose the resource driver. (string value) +#driver = <None> + +# Toggle for resource caching. This has no effect unless global caching is +# enabled. (boolean value) +# Deprecated group/name - [assignment]/caching +#caching = true + +# TTL (in seconds) to cache resource data. This has no effect unless global +# caching is enabled. (integer value) +# Deprecated group/name - [assignment]/cache_time +#cache_time = <None> + +# Maximum number of entities that will be returned in a resource collection. +# (integer value) +# Deprecated group/name - [assignment]/list_limit +#list_limit = <None> [revoke] # -# Options defined in keystone +# From keystone +# + +# An implementation of the backend for persisting revocation events. (string +# value) +#driver = keystone.contrib.revoke.backends.sql.Revoke + +# This value (calculated in seconds) is added to token expiration before a +# revocation event may be removed from the backend. (integer value) +#expiration_buffer = 1800 + +# Toggle for revocation event caching. This has no effect unless global caching +# is enabled. (boolean value) +#caching = true + +# Time to cache the revocation list and the revocation events (in seconds). +# This has no effect unless global and token caching are enabled. (integer +# value) +# Deprecated group/name - [token]/revocation_cache_time +#cache_time = 3600 + + +[role] + +# +# From keystone # -# An implementation of the backend for persisting revocation -# events. (string value) -#driver=keystone.contrib.revoke.backends.kvs.Revoke +# Role backend driver. (string value) +#driver = <None> -# This value (calculated in seconds) is added to token -# expiration before a revocation event may be removed from the -# backend. (integer value) -#expiration_buffer=1800 +# Toggle for role caching. This has no effect unless global caching is enabled. +# (boolean value) +#caching = true + +# TTL (in seconds) to cache role data. This has no effect unless global caching +# is enabled. (integer value) +#cache_time = <None> -# Toggle for revocation event caching. This has no effect -# unless global caching is enabled. (boolean value) -#caching=true +# Maximum number of entities that will be returned in a role collection. +# (integer value) +#list_limit = <None> [saml] # -# Options defined in keystone +# From keystone # -# Default TTL, in seconds, for any generated SAML assertion -# created by Keystone. (integer value) -#assertion_expiration_time=3600 +# Default TTL, in seconds, for any generated SAML assertion created by +# Keystone. (integer value) +#assertion_expiration_time = 3600 -# Binary to be called for XML signing. Install the appropriate -# package, specify absolute path or adjust your PATH -# environment variable if the binary cannot be found. (string -# value) -#xmlsec1_binary=xmlsec1 - -# Path of the certfile for SAML signing. For non-production -# environments, you may be interested in using `keystone- -# manage pki_setup` to generate self-signed certificates. -# Note, the path cannot contain a comma. (string value) -#certfile=/etc/keystone/ssl/certs/signing_cert.pem - -# Path of the keyfile for SAML signing. Note, the path cannot -# contain a comma. (string value) -#keyfile=/etc/keystone/ssl/private/signing_key.pem - -# Entity ID value for unique Identity Provider identification. -# Usually FQDN is set with a suffix. A value is required to -# generate IDP Metadata. For example: -# https://keystone.example.com/v3/OS-FEDERATION/saml2/idp -# (string value) -#idp_entity_id=<None> +# Binary to be called for XML signing. Install the appropriate package, specify +# absolute path or adjust your PATH environment variable if the binary cannot +# be found. (string value) +#xmlsec1_binary = xmlsec1 + +# Path of the certfile for SAML signing. For non-production environments, you +# may be interested in using `keystone-manage pki_setup` to generate self- +# signed certificates. Note, the path cannot contain a comma. (string value) +#certfile = /etc/keystone/ssl/certs/signing_cert.pem -# Identity Provider Single-Sign-On service value, required in -# the Identity Provider's metadata. A value is required to -# generate IDP Metadata. For example: -# https://keystone.example.com/v3/OS-FEDERATION/saml2/sso +# Path of the keyfile for SAML signing. Note, the path cannot contain a comma. # (string value) -#idp_sso_endpoint=<None> +#keyfile = /etc/keystone/ssl/private/signing_key.pem -# Language used by the organization. (string value) -#idp_lang=en +# Entity ID value for unique Identity Provider identification. Usually FQDN is +# set with a suffix. A value is required to generate IDP Metadata. For example: +# https://keystone.example.com/v3/OS-FEDERATION/saml2/idp (string value) +#idp_entity_id = <None> -# Organization name the installation belongs to. (string +# Identity Provider Single-Sign-On service value, required in the Identity +# Provider's metadata. A value is required to generate IDP Metadata. For +# example: https://keystone.example.com/v3/OS-FEDERATION/saml2/sso (string # value) -#idp_organization_name=<None> +#idp_sso_endpoint = <None> + +# Language used by the organization. (string value) +#idp_lang = en + +# Organization name the installation belongs to. (string value) +#idp_organization_name = <None> # Organization name to be displayed. (string value) -#idp_organization_display_name=<None> +#idp_organization_display_name = <None> # URL of the organization. (string value) -#idp_organization_url=<None> +#idp_organization_url = <None> # Company of contact person. (string value) -#idp_contact_company=<None> +#idp_contact_company = <None> # Given name of contact person (string value) -#idp_contact_name=<None> +#idp_contact_name = <None> # Surname of contact person. (string value) -#idp_contact_surname=<None> +#idp_contact_surname = <None> # Email address of contact person. (string value) -#idp_contact_email=<None> +#idp_contact_email = <None> # Telephone number of contact person. (string value) -#idp_contact_telephone=<None> +#idp_contact_telephone = <None> + +# Contact type. Allowed values are: technical, support, administrative billing, +# and other (string value) +#idp_contact_type = other -# Contact type. Allowed values are: technical, support, -# administrative billing, and other (string value) -#idp_contact_type=other +# Path to the Identity Provider Metadata file. This file should be generated +# with the keystone-manage saml_idp_metadata command. (string value) +#idp_metadata_path = /etc/keystone/saml2_idp_metadata.xml -# Path to the Identity Provider Metadata file. This file -# should be generated with the keystone-manage -# saml_idp_metadata command. (string value) -#idp_metadata_path=/etc/keystone/saml2_idp_metadata.xml +# The prefix to use for the RelayState SAML attribute, used when generating ECP +# wrapped assertions. (string value) +#relay_state_prefix = ss:mem: [signing] # -# Options defined in keystone +# From keystone # -# Deprecated in favor of provider in the [token] section. -# (string value) -#token_format=<None> - -# Path of the certfile for token signing. For non-production -# environments, you may be interested in using `keystone- -# manage pki_setup` to generate self-signed certificates. -# (string value) -#certfile=/etc/keystone/ssl/certs/signing_cert.pem +# Path of the certfile for token signing. For non-production environments, you +# may be interested in using `keystone-manage pki_setup` to generate self- +# signed certificates. (string value) +#certfile = /etc/keystone/ssl/certs/signing_cert.pem # Path of the keyfile for token signing. (string value) -#keyfile=/etc/keystone/ssl/private/signing_key.pem +#keyfile = /etc/keystone/ssl/private/signing_key.pem # Path of the CA for token signing. (string value) -#ca_certs=/etc/keystone/ssl/certs/ca.pem +#ca_certs = /etc/keystone/ssl/certs/ca.pem # Path of the CA key for token signing. (string value) -#ca_key=/etc/keystone/ssl/private/cakey.pem +#ca_key = /etc/keystone/ssl/private/cakey.pem -# Key size (in bits) for token signing cert (auto generated -# certificate). (integer value) -#key_size=2048 +# Key size (in bits) for token signing cert (auto generated certificate). +# (integer value) +#key_size = 2048 -# Days the token signing cert is valid for (auto generated -# certificate). (integer value) -#valid_days=3650 +# Days the token signing cert is valid for (auto generated certificate). +# (integer value) +#valid_days = 3650 -# Certificate subject (auto generated certificate) for token -# signing. (string value) -#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com +# Certificate subject (auto generated certificate) for token signing. (string +# value) +#cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com [ssl] # -# Options defined in keystone +# From keystone # -# Toggle for SSL support on the Keystone eventlet servers. -# (boolean value) -#enable=false - -# Path of the certfile for SSL. For non-production -# environments, you may be interested in using `keystone- -# manage ssl_setup` to generate self-signed certificates. -# (string value) -#certfile=/etc/keystone/ssl/certs/keystone.pem - -# Path of the keyfile for SSL. (string value) -#keyfile=/etc/keystone/ssl/private/keystonekey.pem - -# Path of the ca cert file for SSL. (string value) -#ca_certs=/etc/keystone/ssl/certs/ca.pem - # Path of the CA key file for SSL. (string value) -#ca_key=/etc/keystone/ssl/private/cakey.pem +#ca_key = /etc/keystone/ssl/private/cakey.pem -# Require client certificate. (boolean value) -#cert_required=false +# SSL key length (in bits) (auto generated certificate). (integer value) +#key_size = 1024 -# SSL key length (in bits) (auto generated certificate). +# Days the certificate is valid for once signed (auto generated certificate). # (integer value) -#key_size=1024 - -# Days the certificate is valid for once signed (auto -# generated certificate). (integer value) -#valid_days=3650 - -# SSL certificate subject (auto generated certificate). -# (string value) -#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost - - -[stats] +#valid_days = 3650 -# -# Options defined in keystone -# - -# Stats backend driver. (string value) -#driver=keystone.contrib.stats.backends.kvs.Stats +# SSL certificate subject (auto generated certificate). (string value) +#cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=localhost [token] # -# Options defined in keystone +# From keystone # -# External auth mechanisms that should add bind information to -# token, e.g., kerberos,x509. (list value) -#bind= +# External auth mechanisms that should add bind information to token, e.g., +# kerberos,x509. (list value) +#bind = -# Enforcement policy on tokens presented to Keystone with bind -# information. One of disabled, permissive, strict, required -# or a specifically required bind mode, e.g., kerberos or x509 -# to require binding to that authentication. (string value) -#enforce_token_bind=permissive +# Enforcement policy on tokens presented to Keystone with bind information. One +# of disabled, permissive, strict, required or a specifically required bind +# mode, e.g., kerberos or x509 to require binding to that authentication. +# (string value) +#enforce_token_bind = permissive -# Amount of time a token should remain valid (in seconds). -# (integer value) -#expiration=3600 +# Amount of time a token should remain valid (in seconds). (integer value) +#expiration = 3600 -# Controls the token construction, validation, and revocation -# operations. Core providers are -# "keystone.token.providers.[pkiz|pki|uuid].Provider". The -# default provider is pkiz. (string value) -provider=keystone.token.providers.uuid.Provider +# Controls the token construction, validation, and revocation operations. Core +# providers are "keystone.token.providers.[fernet|pkiz|pki|uuid].Provider". +# (string value) +#provider = keystone.token.providers.uuid.Provider # Token persistence backend driver. (string value) -driver=keystone.token.backends.sql.Token +#driver = keystone.token.persistence.backends.sql.Token -# Toggle for token system caching. This has no effect unless -# global caching is enabled. (boolean value) -#caching=true +# Toggle for token system caching. This has no effect unless global caching is +# enabled. (boolean value) +#caching = true -# Time to cache the revocation list and the revocation events -# if revoke extension is enabled (in seconds). This has no -# effect unless global and token caching are enabled. (integer -# value) -#revocation_cache_time=3600 - -# Time to cache tokens (in seconds). This has no effect unless -# global and token caching are enabled. (integer value) -#cache_time=<None> - -# Revoke token by token identifier. Setting revoke_by_id to -# true enables various forms of enumerating tokens, e.g. `list -# tokens for user`. These enumerations are processed to -# determine the list of tokens to revoke. Only disable if you -# are switching to using the Revoke extension with a backend -# other than KVS, which stores events in memory. (boolean +# Time to cache tokens (in seconds). This has no effect unless global and token +# caching are enabled. (integer value) +#cache_time = <None> + +# Revoke token by token identifier. Setting revoke_by_id to true enables +# various forms of enumerating tokens, e.g. `list tokens for user`. These +# enumerations are processed to determine the list of tokens to revoke. Only +# disable if you are switching to using the Revoke extension with a backend +# other than KVS, which stores events in memory. (boolean value) +#revoke_by_id = true + +# Allow rescoping of scoped token. Setting allow_rescoped_scoped_token to false +# prevents a user from exchanging a scoped token for any other token. (boolean # value) -#revoke_by_id=true +#allow_rescope_scoped_token = true -# The hash algorithm to use for PKI tokens. This can be set to -# any algorithm that hashlib supports. WARNING: Before -# changing this value, the auth_token middleware must be -# configured with the hash_algorithms, otherwise token +# The hash algorithm to use for PKI tokens. This can be set to any algorithm +# that hashlib supports. WARNING: Before changing this value, the auth_token +# middleware must be configured with the hash_algorithms, otherwise token # revocation will not be processed correctly. (string value) -#hash_algorithm=md5 +#hash_algorithm = md5 [trust] # -# Options defined in keystone +# From keystone # -# Delegation and impersonation features can be optionally -# disabled. (boolean value) -#enabled=true +# Delegation and impersonation features can be optionally disabled. (boolean +# value) +#enabled = true -# Trust backend driver. (string value) -#driver=keystone.trust.backends.sql.Trust +# Enable redelegation feature. (boolean value) +#allow_redelegation = false +# Maximum depth of trust redelegation. (integer value) +#max_redelegation_count = 3 +# Trust backend driver. (string value) +#driver = keystone.trust.backends.sql.Trust diff --git a/install-files/openstack/usr/share/openstack/keystone/logging.conf b/install-files/openstack/usr/share/openstack/keystone/logging.conf deleted file mode 100644 index 6cb8c425..00000000 --- a/install-files/openstack/usr/share/openstack/keystone/logging.conf +++ /dev/null @@ -1,65 +0,0 @@ -[loggers] -keys=root,access - -[handlers] -keys=production,file,access_file,devel - -[formatters] -keys=minimal,normal,debug - - -########### -# Loggers # -########### - -[logger_root] -level=WARNING -handlers=file - -[logger_access] -level=INFO -qualname=access -handlers=access_file - - -################ -# Log Handlers # -################ - -[handler_production] -class=handlers.SysLogHandler -level=ERROR -formatter=normal -args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) - -[handler_file] -class=handlers.WatchedFileHandler -level=WARNING -formatter=normal -args=('error.log',) - -[handler_access_file] -class=handlers.WatchedFileHandler -level=INFO -formatter=minimal -args=('access.log',) - -[handler_devel] -class=StreamHandler -level=NOTSET -formatter=debug -args=(sys.stdout,) - - -################## -# Log Formatters # -################## - -[formatter_minimal] -format=%(message)s - -[formatter_normal] -format=(%(name)s): %(asctime)s %(levelname)s %(message)s - -[formatter_debug] -format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s diff --git a/install-files/openstack/usr/share/openstack/keystone/policy.json b/install-files/openstack/usr/share/openstack/keystone/policy.json deleted file mode 100644 index af65205e..00000000 --- a/install-files/openstack/usr/share/openstack/keystone/policy.json +++ /dev/null @@ -1,171 +0,0 @@ -{ - "admin_required": "role:admin or is_admin:1", - "service_role": "role:service", - "service_or_admin": "rule:admin_required or rule:service_role", - "owner" : "user_id:%(user_id)s", - "admin_or_owner": "rule:admin_required or rule:owner", - - "default": "rule:admin_required", - - "identity:get_region": "", - "identity:list_regions": "", - "identity:create_region": "rule:admin_required", - "identity:update_region": "rule:admin_required", - "identity:delete_region": "rule:admin_required", - - "identity:get_service": "rule:admin_required", - "identity:list_services": "rule:admin_required", - "identity:create_service": "rule:admin_required", - "identity:update_service": "rule:admin_required", - "identity:delete_service": "rule:admin_required", - - "identity:get_endpoint": "rule:admin_required", - "identity:list_endpoints": "rule:admin_required", - "identity:create_endpoint": "rule:admin_required", - "identity:update_endpoint": "rule:admin_required", - "identity:delete_endpoint": "rule:admin_required", - - "identity:get_domain": "rule:admin_required", - "identity:list_domains": "rule:admin_required", - "identity:create_domain": "rule:admin_required", - "identity:update_domain": "rule:admin_required", - "identity:delete_domain": "rule:admin_required", - - "identity:get_project": "rule:admin_required", - "identity:list_projects": "rule:admin_required", - "identity:list_user_projects": "rule:admin_or_owner", - "identity:create_project": "rule:admin_required", - "identity:update_project": "rule:admin_required", - "identity:delete_project": "rule:admin_required", - - "identity:get_user": "rule:admin_required", - "identity:list_users": "rule:admin_required", - "identity:create_user": "rule:admin_required", - "identity:update_user": "rule:admin_required", - "identity:delete_user": "rule:admin_required", - "identity:change_password": "rule:admin_or_owner", - - "identity:get_group": "rule:admin_required", - "identity:list_groups": "rule:admin_required", - "identity:list_groups_for_user": "rule:admin_or_owner", - "identity:create_group": "rule:admin_required", - "identity:update_group": "rule:admin_required", - "identity:delete_group": "rule:admin_required", - "identity:list_users_in_group": "rule:admin_required", - "identity:remove_user_from_group": "rule:admin_required", - "identity:check_user_in_group": "rule:admin_required", - "identity:add_user_to_group": "rule:admin_required", - - "identity:get_credential": "rule:admin_required", - "identity:list_credentials": "rule:admin_required", - "identity:create_credential": "rule:admin_required", - "identity:update_credential": "rule:admin_required", - "identity:delete_credential": "rule:admin_required", - - "identity:ec2_get_credential": "rule:admin_or_owner", - "identity:ec2_list_credentials": "rule:admin_or_owner", - "identity:ec2_create_credential": "rule:admin_or_owner", - "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)", - - "identity:get_role": "rule:admin_required", - "identity:list_roles": "rule:admin_required", - "identity:create_role": "rule:admin_required", - "identity:update_role": "rule:admin_required", - "identity:delete_role": "rule:admin_required", - - "identity:check_grant": "rule:admin_required", - "identity:list_grants": "rule:admin_required", - "identity:create_grant": "rule:admin_required", - "identity:revoke_grant": "rule:admin_required", - - "identity:list_role_assignments": "rule:admin_required", - - "identity:get_policy": "rule:admin_required", - "identity:list_policies": "rule:admin_required", - "identity:create_policy": "rule:admin_required", - "identity:update_policy": "rule:admin_required", - "identity:delete_policy": "rule:admin_required", - - "identity:check_token": "rule:admin_required", - "identity:validate_token": "rule:service_or_admin", - "identity:validate_token_head": "rule:service_or_admin", - "identity:revocation_list": "rule:service_or_admin", - "identity:revoke_token": "rule:admin_or_owner", - - "identity:create_trust": "user_id:%(trust.trustor_user_id)s", - "identity:get_trust": "rule:admin_or_owner", - "identity:list_trusts": "", - "identity:list_roles_for_trust": "", - "identity:check_role_for_trust": "", - "identity:get_role_for_trust": "", - "identity:delete_trust": "", - - "identity:create_consumer": "rule:admin_required", - "identity:get_consumer": "rule:admin_required", - "identity:list_consumers": "rule:admin_required", - "identity:delete_consumer": "rule:admin_required", - "identity:update_consumer": "rule:admin_required", - - "identity:authorize_request_token": "rule:admin_required", - "identity:list_access_token_roles": "rule:admin_required", - "identity:get_access_token_role": "rule:admin_required", - "identity:list_access_tokens": "rule:admin_required", - "identity:get_access_token": "rule:admin_required", - "identity:delete_access_token": "rule:admin_required", - - "identity:list_projects_for_endpoint": "rule:admin_required", - "identity:add_endpoint_to_project": "rule:admin_required", - "identity:check_endpoint_in_project": "rule:admin_required", - "identity:list_endpoints_for_project": "rule:admin_required", - "identity:remove_endpoint_from_project": "rule:admin_required", - - "identity:create_endpoint_group": "rule:admin_required", - "identity:list_endpoint_groups": "rule:admin_required", - "identity:get_endpoint_group": "rule:admin_required", - "identity:update_endpoint_group": "rule:admin_required", - "identity:delete_endpoint_group": "rule:admin_required", - "identity:list_projects_associated_with_endpoint_group": "rule:admin_required", - "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required", - "identity:list_endpoint_groups_for_project": "rule:admin_required", - "identity:add_endpoint_group_to_project": "rule:admin_required", - "identity:remove_endpoint_group_from_project": "rule:admin_required", - - "identity:create_identity_provider": "rule:admin_required", - "identity:list_identity_providers": "rule:admin_required", - "identity:get_identity_providers": "rule:admin_required", - "identity:update_identity_provider": "rule:admin_required", - "identity:delete_identity_provider": "rule:admin_required", - - "identity:create_protocol": "rule:admin_required", - "identity:update_protocol": "rule:admin_required", - "identity:get_protocol": "rule:admin_required", - "identity:list_protocols": "rule:admin_required", - "identity:delete_protocol": "rule:admin_required", - - "identity:create_mapping": "rule:admin_required", - "identity:get_mapping": "rule:admin_required", - "identity:list_mappings": "rule:admin_required", - "identity:delete_mapping": "rule:admin_required", - "identity:update_mapping": "rule:admin_required", - - "identity:get_auth_catalog": "", - "identity:get_auth_projects": "", - "identity:get_auth_domains": "", - - "identity:list_projects_for_groups": "", - "identity:list_domains_for_groups": "", - - "identity:list_revoke_events": "", - - "identity:create_policy_association_for_endpoint": "rule:admin_required", - "identity:check_policy_association_for_endpoint": "rule:admin_required", - "identity:delete_policy_association_for_endpoint": "rule:admin_required", - "identity:create_policy_association_for_service": "rule:admin_required", - "identity:check_policy_association_for_service": "rule:admin_required", - "identity:delete_policy_association_for_service": "rule:admin_required", - "identity:create_policy_association_for_region_and_service": "rule:admin_required", - "identity:check_policy_association_for_region_and_service": "rule:admin_required", - "identity:delete_policy_association_for_region_and_service": "rule:admin_required", - "identity:get_policy_for_endpoint": "rule:admin_required", - "identity:list_endpoints_for_policy": "rule:admin_required" -} diff --git a/install-files/openstack/usr/share/openstack/neutron/api-paste.ini b/install-files/openstack/usr/share/openstack/neutron/api-paste.ini deleted file mode 100644 index bbcd4152..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/api-paste.ini +++ /dev/null @@ -1,30 +0,0 @@ -[composite:neutron] -use = egg:Paste#urlmap -/: neutronversions -/v2.0: neutronapi_v2_0 - -[composite:neutronapi_v2_0] -use = call:neutron.auth:pipeline_factory -noauth = request_id catch_errors extensions neutronapiapp_v2_0 -keystone = request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0 - -[filter:request_id] -paste.filter_factory = neutron.openstack.common.middleware.request_id:RequestIdMiddleware.factory - -[filter:catch_errors] -paste.filter_factory = neutron.openstack.common.middleware.catch_errors:CatchErrorsMiddleware.factory - -[filter:keystonecontext] -paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:extensions] -paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory - -[app:neutronversions] -paste.app_factory = neutron.api.versions:Versions.factory - -[app:neutronapiapp_v2_0] -paste.app_factory = neutron.api.v2.router:APIRouter.factory diff --git a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini index c6c2b9a7..a0adccaa 100644 --- a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini +++ b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini @@ -1,7 +1,6 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = False -use_syslog = True # The DHCP agent will resync its state with Neutron to recover from any # transient notification or rpc errors. The interval is number of @@ -14,7 +13,7 @@ use_syslog = True # Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, # BigSwitch/Floodlight) -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Name of Open vSwitch bridge to use # ovs_integration_bridge = br-int @@ -29,18 +28,20 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # The agent can use other DHCP drivers. Dnsmasq is the simplest and requires # no additional setup of the DHCP server. -dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq +# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True +# iproute2 package that supports namespaces). This option is deprecated and +# will be removed in a future release, at which point the old behavior of +# use_namespaces = True will be enforced. +# use_namespaces = True # The DHCP server can assist with providing metadata support on isolated # networks. Setting this value to True will cause the DHCP server to append # specific host routes to the DHCP request. The metadata service will only # be activated when the subnet does not contain any router port. The guest # instance must be configured to request host routes via DHCP (Option 121). -enable_isolated_metadata = True +# enable_isolated_metadata = False # Allows for serving metadata requests coming from a dedicated metadata # access network whose cidr is 169.254.169.254/16 (or larger prefix), and @@ -73,16 +74,15 @@ enable_isolated_metadata = True # Location to DHCP lease relay UNIX domain socket # dhcp_lease_relay_socket = $state_path/dhcp/lease_relay -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy +# Use broadcast in DHCP replies +# dhcp_broadcast_reply = False -# dhcp_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the dhcp agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. -# If True, namespaces will be deleted when a dhcp server is disabled. -# dhcp_delete_namespaces = False +# dhcp_delete_namespaces, which is True by default, can be set to False if +# namespaces can't be deleted cleanly on the host running the DHCP agent. +# Disable this if you hit the issue in +# https://bugs.launchpad.net/neutron/+bug/1052535 or if +# you are sure that your version of iproute suffers from the problem. +# dhcp_delete_namespaces = True # Timeout for ovs-vsctl commands. # If the timeout expires, ovs commands will fail with ALARMCLOCK error. diff --git a/install-files/openstack/usr/share/openstack/neutron/fwaas_driver.ini b/install-files/openstack/usr/share/openstack/neutron/fwaas_driver.ini deleted file mode 100644 index 41f761ab..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/fwaas_driver.ini +++ /dev/null @@ -1,3 +0,0 @@ -[fwaas] -#driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver -#enabled = True diff --git a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini index 000cd997..0d56436b 100644 --- a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini +++ b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini @@ -1,7 +1,6 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = False -use_syslog = True # L3 requires that an interface driver be set. Choose the one that best # matches your plugin. @@ -9,7 +8,7 @@ use_syslog = True # Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) # that supports L3 agent -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Use veth for an OVS interface or not. # Support kernels with limited namespace support @@ -20,8 +19,10 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). -use_namespaces = True +# iproute2 package that supports namespaces). This option is deprecated and +# will be removed in a future release, at which point the old behavior of +# use_namespaces = True will be enforced. +# use_namespaces = True # If use_namespaces is set as False then the agent can only configure one router. @@ -35,6 +36,20 @@ use_namespaces = True # must be left empty. # gateway_external_network_id = +# With IPv6, the network used for the external gateway does not need +# to have an associated subnet, since the automatically assigned +# link-local address (LLA) can be used. However, an IPv6 gateway address +# is needed for use as the next-hop for the default route. If no IPv6 +# gateway address is configured here, (and only then) the neutron router +# will be configured to get its default route from router advertisements (RAs) +# from the upstream router; in which case the upstream router must also be +# configured to send these RAs. +# The ipv6_gateway, when configured, should be the LLA of the interface +# on the upstream router. If a next-hop using a global unique address (GUA) +# is desired, it needs to be done via a subnet allocated to the network +# and not through this parameter. +# ipv6_gateway = + # Indicates that this L3 agent should also handle routers that do not have # an external network gateway configured. This option should be True only # for a single agent in a Neutron deployment, and may be False for all agents @@ -44,7 +59,7 @@ use_namespaces = True # Name of bridge used for external network traffic. This should be set to # empty value for the linux bridge. when this parameter is set, each L3 agent # can be associated with no more than one external network. -external_network_bridge = br-ex +# external_network_bridge = br-ex # TCP Port used by Neutron metadata server # metadata_port = 9697 @@ -64,16 +79,19 @@ external_network_bridge = br-ex # if the Nova metadata server is not available # enable_metadata_proxy = True -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy +# Iptables mangle mark used to mark metadata valid requests +# metadata_access_mark = 0x1 + +# Iptables mangle mark used to mark ingress from external network +# external_ingress_mark = 0x2 -# router_delete_namespaces, which is false by default, can be set to True if -# namespaces can be deleted cleanly on the host running the L3 agent. -# Do not enable this until you understand the problem with the Linux iproute -# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and -# you are sure that your version of iproute does not suffer from the problem. +# router_delete_namespaces, which is True by default, can be set to False if +# namespaces can't be deleted cleanly on the host running the L3 agent. +# Disable this if you hit the issue in +# https://bugs.launchpad.net/neutron/+bug/1052535 or if +# you are sure that your version of iproute suffers from the problem. # If True, namespaces will be deleted when a router is destroyed. -# router_delete_namespaces = False +# router_delete_namespaces = True # Timeout for ovs-vsctl commands. # If the timeout expires, ovs commands will fail with ALARMCLOCK error. diff --git a/install-files/openstack/usr/share/openstack/neutron/lbaas_agent.ini b/install-files/openstack/usr/share/openstack/neutron/lbaas_agent.ini deleted file mode 100644 index 68a2759e..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/lbaas_agent.ini +++ /dev/null @@ -1,42 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output). -# debug = False - -# The LBaaS agent will resync its state with Neutron to recover from any -# transient notification or rpc errors. The interval is number of -# seconds between attempts. -# periodic_interval = 10 - -# LBaas requires an interface driver be set. Choose the one that best -# matches your plugin. -# interface_driver = - -# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC, NVP, -# BigSwitch/Floodlight) -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -# ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# The agent requires drivers to manage the loadbalancer. HAProxy is the opensource version. -# Multiple device drivers reflecting different service providers could be specified: -# device_driver = path.to.provider1.driver.Driver -# device_driver = path.to.provider2.driver.Driver -# Default is: -# device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver - -[haproxy] -# Location to store config and state files -# loadbalancer_state_path = $state_path/lbaas - -# The user group -# user_group = nogroup - -# When delete and re-add the same vip, send this many gratuitous ARPs to flush -# the ARP cache in the Router. Set it below or equal to 0 to disable this feature. -# send_gratuitous_arp = 3 diff --git a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini index ed238770..4a0331ee 100644 --- a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini +++ b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini @@ -1,24 +1,23 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) # debug = True -use_syslog = True # The Neutron user information for accessing the Neutron API. -auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -auth_region = regionOne +auth_url = http://localhost:5000/v2.0 +auth_region = RegionOne # Turn off verification of the certificate for ssl # auth_insecure = False # Certificate Authority public key (CA cert) file for ssl # auth_ca_cert = -admin_tenant_name = service -admin_user = {{ NEUTRON_SERVICE_USER }} -admin_password = {{ NEUTRON_SERVICE_PASSWORD }} +admin_tenant_name = %SERVICE_TENANT_NAME% +admin_user = %SERVICE_USER% +admin_password = %SERVICE_PASSWORD% # Network service endpoint type to pull from the keystone catalog # endpoint_type = adminURL # IP address used by Nova metadata server -nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }} +# nova_metadata_ip = 127.0.0.1 # TCP Port used by Nova metadata server # nova_metadata_port = 8775 @@ -40,12 +39,21 @@ nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }} # When proxying metadata requests, Neutron signs the Instance-ID header with a # shared secret to prevent spoofing. You may select any string for a secret, # but it must match here and in the configuration used by the Nova Metadata -# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret -metadata_proxy_shared_secret = {{ METADATA_PROXY_SHARED_SECRET }} +# Server. NOTE: Nova uses the same config key, but in [neutron] section. +# metadata_proxy_shared_secret = # Location of Metadata Proxy UNIX domain socket # metadata_proxy_socket = $state_path/metadata_proxy +# Metadata Proxy UNIX domain socket mode, 3 values allowed: +# 'deduce': deduce mode from metadata_proxy_user/group values, +# 'user': set metadata proxy socket mode to 0o644, to use when +# metadata_proxy_user is agent effective user or root, +# 'group': set metadata proxy socket mode to 0o664, to use when +# metadata_proxy_group is agent effective group, +# 'all': set metadata proxy socket mode to 0o666, to use otherwise. +# metadata_proxy_socket_mode = deduce + # Number of separate worker processes for metadata server. Defaults to # half the number of CPU cores # metadata_workers = diff --git a/install-files/openstack/usr/share/openstack/neutron/metering_agent.ini b/install-files/openstack/usr/share/openstack/neutron/metering_agent.ini deleted file mode 100644 index 88826ce7..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/metering_agent.ini +++ /dev/null @@ -1,18 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = True - -# Default driver: -# driver = neutron.services.metering.drivers.noop.noop_driver.NoopMeteringDriver -# Example of non-default driver -# driver = neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver - -# Interval between two metering measures -# measure_interval = 30 - -# Interval between two metering reports -# report_interval = 300 - -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# use_namespaces = True diff --git a/install-files/openstack/usr/share/openstack/neutron/neutron.conf b/install-files/openstack/usr/share/openstack/neutron/neutron.conf index 51de7464..ee42954b 100644 --- a/install-files/openstack/usr/share/openstack/neutron/neutron.conf +++ b/install-files/openstack/usr/share/openstack/neutron/neutron.conf @@ -17,10 +17,7 @@ # Where to store Neutron state files. This directory must be writable by the # user executing the agent. -state_path = /var/lib/neutron - -# Where to store lock files -lock_path = $state_path/lock +# state_path = /var/lib/neutron # log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s # log_date_format = %Y-%m-%d %H:%M:%S @@ -32,8 +29,7 @@ lock_path = $state_path/lock # (not user_stderr) and (not log_file) -> stdout # publish_errors -> notification system -use_syslog = True - +# use_syslog = False # syslog_log_facility = LOG_USER # use_stderr = True @@ -61,7 +57,7 @@ use_syslog = True # previous versions, the class name of a plugin can be specified instead of its # entrypoint name. # -core_plugin = ml2 +# core_plugin = # Example: core_plugin = ml2 # (ListOpt) List of service plugin entrypoints to be loaded from the @@ -70,15 +66,22 @@ core_plugin = ml2 # with previous versions, the class name of a plugin can be specified instead # of its entrypoint name. # -service_plugins = router +# service_plugins = # Example: service_plugins = router,firewall,lbaas,vpnaas,metering # Paste configuration file -api_paste_config = api-paste.ini +# api_paste_config = api-paste.ini + +# (StrOpt) Hostname to be used by the neutron server, agents and services +# running on this machine. All the agents and services running on this machine +# must use the same host value. +# The default value is hostname of the machine. +# +# host = # The strategy to be used for auth. # Supported values are 'keystone'(default), 'noauth'. -auth_strategy = keystone +# auth_strategy = keystone # Base MAC address. The first 3 octets will remain unchanged. If the # 4h octet is not 00, it will also be used. The others will be @@ -115,7 +118,7 @@ auth_strategy = keystone # Enable or disable overlapping IPs for subnets # Attention: the following parameter MUST be set to False if Neutron is # being used in conjunction with nova security groups -allow_overlapping_ips = True +# allow_overlapping_ips = False # Ensure that configured gateway is on subnet. For IPv6, validate only if # gateway is not a link local address. Deprecated, to be removed during the # K release, at which point the check will be mandatory. @@ -140,6 +143,29 @@ allow_overlapping_ips = True # Maximum number of routes per router # max_routes = 30 +# Default Subnet Pool to be used for IPv4 subnet-allocation. +# Specifies by UUID the pool to be used in case of subnet-create being called +# without a subnet-pool ID. The default of None means that no pool will be +# used unless passed explicitly to subnet create. If no pool is used, then a +# CIDR must be passed to create a subnet and that subnet will not be allocated +# from any pool; it will be considered part of the tenant's private address +# space. +# default_ipv4_subnet_pool = + +# Default Subnet Pool to be used for IPv6 subnet-allocation. +# Specifies by UUID the pool to be used in case of subnet-create being +# called without a subnet-pool ID. Set to "prefix_delegation" +# to enable IPv6 Prefix Delegation in a PD-capable environment. +# See the description for default_ipv4_subnet_pool for more information. +# default_ipv6_subnet_pool = + +# =========== items for MTU selection and advertisement ============= +# Advertise MTU. If True, effort is made to advertise MTU +# settings to VMs via network methods (ie. DHCP and RA MTU options) +# when the network's preferred MTU is known. +# advertise_mtu = False +# ======== end of items for MTU selection and advertisement ========= + # =========== items for agent management extension ============= # Seconds to regard the agent as down; should be at least twice # report_interval, to be sure the agent is down for good @@ -154,6 +180,23 @@ allow_overlapping_ips = True # Driver to use for scheduling a loadbalancer pool to an lbaas agent # loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler +# (StrOpt) Representing the resource type whose load is being reported by +# the agent. +# This can be 'networks','subnets' or 'ports'. When specified (Default is networks), +# the server will extract particular load sent as part of its agent configuration object +# from the agent report state, which is the number of resources being consumed, at +# every report_interval. +# dhcp_load_type can be used in combination with network_scheduler_driver = +# neutron.scheduler.dhcp_agent_scheduler.WeightScheduler +# When the network_scheduler_driver is WeightScheduler, dhcp_load_type can +# be configured to represent the choice for the resource being balanced. +# Example: dhcp_load_type = networks +# Values: +# networks - number of networks hosted on the agent +# subnets - number of subnets associated with the networks hosted on the agent +# ports - number of ports associated with the networks hosted on the agent +# dhcp_load_type = networks + # Allow auto scheduling networks to DHCP agent. It will schedule non-hosted # networks to first DHCP agent which sends get_active_networks message to # neutron server @@ -167,10 +210,25 @@ allow_overlapping_ips = True # admin_state_up set to True to alive agents. # allow_automatic_l3agent_failover = False -# Number of DHCP agents scheduled to host a network. This enables redundant -# DHCP agents for configured networks. +# Allow automatic removal of networks from dead DHCP agents with +# admin_state_up set to True. +# Networks could then be rescheduled if network_auto_schedule is True +# allow_automatic_dhcp_failover = True + +# Number of DHCP agents scheduled to host a tenant network. +# If this number is greater than 1, the scheduler automatically +# assigns multiple DHCP agents for a given tenant network, +# providing high availability for DHCP service. # dhcp_agents_per_network = 1 +# Enable services on agents with admin_state_up False. +# If this option is False, when admin_state_up of an agent is turned to +# False, services on it will be disabled. If this option is True, services +# on agents with admin_state_up False keep available and manual scheduling +# to such agents is available. Agents with admin_state_up False are not +# selected for automatic scheduling regardless of this option. +# enable_services_on_agents_with_admin_state_down = False + # =========== end of items for agent scheduler extension ===== # =========== items for l3 extension ============== @@ -187,8 +245,39 @@ allow_overlapping_ips = True # # CIDR of the administrative network if HA mode is enabled # l3_ha_net_cidr = 169.254.192.0/18 +# +# Enable snat by default on external gateway when available +# enable_snat_by_default = True # =========== end of items for l3 extension ======= +# =========== items for metadata proxy configuration ============== +# User (uid or name) running metadata proxy after its initialization +# (if empty: agent effective user) +# metadata_proxy_user = + +# Group (gid or name) running metadata proxy after its initialization +# (if empty: agent effective group) +# metadata_proxy_group = + +# Enable/Disable log watch by metadata proxy, it should be disabled when +# metadata_proxy_user/group is not allowed to read/write its log file and +# 'copytruncate' logrotate option must be used if logrotate is enabled on +# metadata proxy log files. Option default value is deduced from +# metadata_proxy_user: watch log is enabled if metadata_proxy_user is agent +# effective user id/name. +# metadata_proxy_watch_log = + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy +# =========== end of items for metadata proxy configuration ============== + +# ========== items for VLAN trunking networks ========== +# Setting this flag to True will allow plugins that support it to +# create VLAN transparent networks. This flag has no effect for +# plugins that do not support VLAN transparent networks. +# vlan_transparent = False +# ========== end of items for VLAN trunking networks ========== + # =========== WSGI parameters related to the API server ============== # Number of separate worker processes to spawn. The default, 0, runs the # worker thread in the current process. Greater than 0 launches that number of @@ -202,6 +291,18 @@ allow_overlapping_ips = True # enabled for various plugins for compatibility. # rpc_workers = 0 +# Timeout for client connections socket operations. If an +# incoming connection is idle for this number of seconds it +# will be closed. A value of '0' means wait forever. (integer +# value) +# client_socket_timeout = 900 + +# wsgi keepalive option. Determines if connections are allowed to be held open +# by clients after a request is fulfilled. A value of False will ensure that +# the socket connection will be explicitly closed once a response has been +# sent to the client. +# wsgi_keep_alive = True + # Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when # starting API server. Not supported on OS X. # tcp_keepidle = 600 @@ -231,32 +332,36 @@ allow_overlapping_ips = True # ssl_ca_file = /path/to/cafile # ======== end of WSGI parameters related to the API server ========== - # ======== neutron nova interactions ========== # Send notification to nova when port status is active. -notify_nova_on_port_status_changes = True +# notify_nova_on_port_status_changes = True # Send notifications to nova when port data (fixed_ips/floatingips) change # so nova can update it's cache. -notify_nova_on_port_data_changes = True +# notify_nova_on_port_data_changes = True # URL for connection to nova (Only supports one nova region currently). -nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2 +# nova_url = http://127.0.0.1:8774/v2 # Name of nova region to use. Useful if keystone manages more than one region -nova_region_name = regionOne +# nova_region_name = # Username for connection to nova in admin context -nova_admin_username = {{ NOVA_SERVICE_USER }} +# nova_admin_username = # The uuid of the admin nova tenant -nova_admin_tenant_id = {{ SERVICE_TENANT_ID }} +# nova_admin_tenant_id = + +# The name of the admin nova tenant. If the uuid of the admin nova tenant +# is set, this is optional. Useful for cases where the uuid of the admin +# nova tenant is not available when configuration is being done. +# nova_admin_tenant_name = # Password for connection to nova in admin context. -nova_admin_password = {{ NOVA_SERVICE_PASSWORD }} +# nova_admin_password = # Authorization URL for connection to nova in admin context. -nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 +# nova_admin_auth_url = # CA file for novaclient to verify server certificates # nova_ca_certificates_file = @@ -275,42 +380,42 @@ nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 # Use durable queues in amqp. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false +# amqp_durable_queues=false # Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false +# amqp_auto_delete=false # Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 +# rpc_conn_pool_size=30 # Qpid broker hostname. (string value) -#qpid_hostname=localhost +# qpid_hostname=localhost # Qpid broker port. (integer value) -#qpid_port=5672 +# qpid_port=5672 # Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port +# qpid_hosts=$qpid_hostname:$qpid_port # Username for Qpid connection. (string value) -#qpid_username= +# qpid_username= # Password for Qpid connection. (string value) -#qpid_password= +# qpid_password= # Space separated list of SASL mechanisms to use for auth. # (string value) -#qpid_sasl_mechanisms= +# qpid_sasl_mechanisms= # Seconds between connection keepalive heartbeats. (integer # value) -#qpid_heartbeat=60 +# qpid_heartbeat=60 # Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp +# qpid_protocol=tcp # Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true +# qpid_tcp_nodelay=true # The qpid topology version to use. Version 1 is what was # originally used by impl_qpid. Version 2 includes some @@ -318,136 +423,136 @@ nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 # to work. Users should update to version 2 when they are # able to take everything down, as it requires a clean break. # (integer value) -#qpid_topology_version=1 +# qpid_topology_version=1 # SSL version to use (valid only if SSL enabled). valid values # are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some # distributions. (string value) -#kombu_ssl_version= +# kombu_ssl_version= # SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= +# kombu_ssl_keyfile= # SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= +# kombu_ssl_certfile= # SSL certification authority file (valid only if SSL # enabled). (string value) -#kombu_ssl_ca_certs= +# kombu_ssl_ca_certs= # How long to wait before reconnecting in response to an AMQP # consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 +# kombu_reconnect_delay=1.0 # The RabbitMQ broker address where a single node is used. # (string value) -rabbit_host={{ RABBITMQ_HOST }} +# rabbit_host=localhost # The RabbitMQ broker port where a single node is used. # (integer value) -rabbit_port={{ RABBITMQ_PORT }} +# rabbit_port=5672 # RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port +# rabbit_hosts=$rabbit_host:$rabbit_port # Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false +# rabbit_use_ssl=false # The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} +# rabbit_userid=guest # The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} +# rabbit_password=guest # the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN +# rabbit_login_method=AMQPLAIN # The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ +# rabbit_virtual_host=/ # How frequently to retry connecting with RabbitMQ. (integer # value) -#rabbit_retry_interval=1 +# rabbit_retry_interval=1 # How long to backoff for between retries when connecting to # RabbitMQ. (integer value) -#rabbit_retry_backoff=2 +# rabbit_retry_backoff=2 # Maximum number of RabbitMQ connection retries. Default is 0 # (infinite retry count). (integer value) -#rabbit_max_retries=0 +# rabbit_max_retries=0 # Use HA queues in RabbitMQ (x-ha-policy: all). If you change # this option, you must wipe the RabbitMQ database. (boolean # value) -#rabbit_ha_queues=false +# rabbit_ha_queues=false # If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false +# fake_rabbit=false # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) -#rpc_zmq_bind_address=* +# rpc_zmq_bind_address=* # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +# rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 +# rpc_zmq_port=9501 # Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 +# rpc_zmq_contexts=1 # Maximum number of ingress messages to locally buffer per # topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> +# rpc_zmq_topic_backlog= # Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack +# rpc_zmq_ipc_dir=/var/run/openstack # Name of this node. Must be a valid hostname, FQDN, or IP # address. Must match "host" option, if running Nova. (string # value) -#rpc_zmq_host=oslo +# rpc_zmq_host=oslo # Seconds to wait before a cast expires (TTL). Only supported # by impl_zmq. (integer value) -#rpc_cast_timeout=30 +# rpc_cast_timeout=30 # Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 +# matchmaker_heartbeat_freq=300 # Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 +# matchmaker_heartbeat_ttl=600 # Size of RPC greenthread pool. (integer value) -#rpc_thread_pool_size=64 +# rpc_thread_pool_size=64 # Driver or drivers to handle sending notifications. (multi # valued) -notification_driver=neutron.openstack.common.notifier.rpc_notifier +# notification_driver= # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics -#notification_topics=notifications +# notification_topics=notifications # Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 +# rpc_response_timeout=60 # A URL representing the messaging driver to use and its full # configuration. If not set, we fall back to the rpc_backend # option and driver specific configuration. (string value) -#transport_url=<None> +# transport_url= # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) -rpc_backend=rabbit +# rpc_backend=rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the # transport_url option. (string value) -#control_exchange=openstack +# control_exchange=openstack [matchmaker_redis] @@ -457,13 +562,13 @@ rpc_backend=rabbit # # Host to locate redis. (string value) -#host=127.0.0.1 +# host=127.0.0.1 # Use this port to connect to redis host. (integer value) -#port=6379 +# port=6379 # Password for Redis server (optional). (string value) -#password=<None> +# password= [matchmaker_ring] @@ -474,13 +579,14 @@ rpc_backend=rabbit # Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json +# ringfile=/etc/oslo/matchmaker_ring.json [quotas] # Default driver to use for quota checks # quota_driver = neutron.db.quota_db.DbQuotaDriver # Resource name(s) that are supported in quota features +# This option is deprecated for removal in the M release, please refrain from using it # quota_items = network,subnet,port # Default number of resource allowed per tenant. A negative value means @@ -523,6 +629,16 @@ rpc_backend=rabbit # and that is the reason why quota is possible. # quota_health_monitor = -1 +# Number of loadbalancers allowed per tenant. A negative value means unlimited. +# quota_loadbalancer = 10 + +# Number of listeners allowed per tenant. A negative value means unlimited. +# quota_listener = -1 + +# Number of v2 health monitors allowed per tenant. A negative value means +# unlimited. These health monitors exist under the lbaas v2 API +# quota_healthmonitor = -1 + # Number of routers allowed per tenant. A negative value means unlimited. # quota_router = 10 @@ -543,9 +659,29 @@ rpc_backend=rabbit [agent] # Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real # root filter facility. -# Change to "sudo" to skip the filtering and just run the comand directly +# Change to "sudo" to skip the filtering and just run the command directly # root_helper = sudo -root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf + +# Set to true to add comments to generated iptables rules that describe +# each rule's purpose. (System must support the iptables comments module.) +# comment_iptables_rules = True + +# Root helper daemon application to use when possible. +# root_helper_daemon = + +# Use the root helper when listing the namespaces on a system. This may not +# be required depending on the security configuration. If the root helper is +# not required, set this to False for a performance improvement. +# use_helper_for_ns_read = True + +# The interval to check external processes for failure in seconds (0=disabled) +# check_child_processes_interval = 60 + +# Action to take when an external process spawned by an agent dies +# Values: +# respawn - Respawns the external process +# exit - Exits the agent +# check_child_processes_action = respawn # =========== items for agent management extension ============= # seconds between nodes reporting state to server; should be less than @@ -555,11 +691,11 @@ root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf # =========== end of items for agent management extension ===== [keystone_authtoken] -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 -admin_tenant_name = service -admin_user = {{ NEUTRON_SERVICE_USER }} -admin_password = {{ NEUTRON_SERVICE_PASSWORD }} +auth_uri = http://127.0.0.1:35357/v2.0/ +identity_uri = http://127.0.0.1:5000 +admin_tenant_name = %SERVICE_TENANT_NAME% +admin_user = %SERVICE_USER% +admin_password = %SERVICE_PASSWORD% [database] # This line MUST be changed to actually run the plugin. @@ -572,8 +708,6 @@ admin_password = {{ NEUTRON_SERVICE_PASSWORD }} # be set in the corresponding core plugin '.ini' file. However, it is suggested # to put the [database] section and its connection attribute in this # configuration file. -#connection=sqlite:////var/lib/neutron/neutron.sqlite -connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron # Database engine for which script will be generated when using offline # migration @@ -611,30 +745,265 @@ connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTR # If set, use this value for pool_timeout with sqlalchemy # pool_timeout = 10 -[service_providers] -# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. -# Must be in form: -# service_provider=<service_type>:<name>:<driver>[:default] -# List of allowed service types includes LOADBALANCER, FIREWALL, VPN -# Combination of <service type> and <name> must be unique; <driver> must also be unique -# This is multiline option, example for default provider: -# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default -# example of non-default provider: -# service_provider=FIREWALL:name2:firewall_driver_path -# --- Reference implementations --- -service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default -service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default -# In order to activate Radware's lbaas driver you need to uncomment the next line. -# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. -# Otherwise comment the HA Proxy line -# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default -# uncomment the following line to make the 'netscaler' LBaaS provider available. -# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver -# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. -# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default -# Uncomment the line below to use Embrane heleos as Load Balancer service provider. -# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default -# Uncomment the line below to use the A10 Networks LBaaS driver. Requires 'pip install a10-neutron-lbaas'. -#service_provider = LOADBALANCER:A10Networks:neutron.services.loadbalancer.drivers.a10networks.driver_v1.ThunderDriver:default -# Uncomment the following line to test the LBaaS v2 API _WITHOUT_ a real backend -# service_provider = LOADBALANCER:LoggingNoop:neutron.services.loadbalancer.drivers.logging_noop.driver.LoggingNoopLoadBalancerDriver:default +[nova] +# Name of the plugin to load +# auth_plugin = + +# Config Section from which to load plugin specific options +# auth_section = + +# PEM encoded Certificate Authority to use when verifying HTTPs connections. +# cafile = + +# PEM encoded client certificate cert file +# certfile = + +# Verify HTTPS connections. +# insecure = False + +# PEM encoded client certificate key file +# keyfile = + +# Name of nova region to use. Useful if keystone manages more than one region. +# region_name = + +# Timeout value for http requests +# timeout = + +[oslo_concurrency] + +# Directory to use for lock files. For security, the specified directory should +# only be writable by the user running the processes that need locking. +# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, +# a lock path must be set. +lock_path = $state_path/lock + +# Enables or disables inter-process locks. +# disable_process_locking = False + +[oslo_policy] + +# The JSON file that defines policies. +# policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. +# policy_default_rule = default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path defined by the +# config_dir option, or absolute paths. The file defined by policy_file +# must exist for these directories to be searched. Missing or empty +# directories are ignored. +# policy_dirs = policy.d + +[oslo_messaging_amqp] + +# +# From oslo.messaging +# + +# Address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +# server_request_prefix = exclusive + +# Address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +# broadcast_prefix = broadcast + +# Address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +# group_request_prefix = unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +# container_name = + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +# idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +# trace = false + +# CA certificate PEM file for verifing server certificate (string value) +# Deprecated group/name - [amqp1]/ssl_ca_file +# ssl_ca_file = + +# Identifying certificate PEM file to present to clients (string value) +# Deprecated group/name - [amqp1]/ssl_cert_file +# ssl_cert_file = + +# Private key PEM file used to sign cert_file certificate (string value) +# Deprecated group/name - [amqp1]/ssl_key_file +# ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +# ssl_key_password = + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +# allow_insecure_clients = false + + +[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +# amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +# amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +# rpc_conn_pool_size = 30 + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +# qpid_hostname = localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +# qpid_port = 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +# qpid_hosts = $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +# qpid_username = + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +# qpid_password = + +# Space separated list of SASL mechanisms to use for auth. (string value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +# qpid_sasl_mechanisms = + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +# qpid_heartbeat = 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +# qpid_protocol = tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +# qpid_tcp_nodelay = true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +# qpid_receiver_capacity = 1 + +# The qpid topology version to use. Version 1 is what was originally used by +# impl_qpid. Version 2 includes some backwards-incompatible changes that allow +# broker federation to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +# qpid_topology_version = 1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +# amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +# amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +# rpc_conn_pool_size = 30 + +# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and +# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some +# distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +# kombu_ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +# kombu_ssl_keyfile = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +# kombu_ssl_certfile = + +# SSL certification authority file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +# kombu_ssl_ca_certs = + +# How long to wait before reconnecting in response to an AMQP consumer cancel +# notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +# kombu_reconnect_delay = 1.0 + +# The RabbitMQ broker address where a single node is used. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_host +# rabbit_host = localhost + +# The RabbitMQ broker port where a single node is used. (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_port +# rabbit_port = 5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +# rabbit_hosts = $rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +# rabbit_use_ssl = false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +# rabbit_userid = guest + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +# rabbit_password = guest + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +# rabbit_login_method = AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +# rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +# rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +# rabbit_retry_backoff = 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry +# count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +# rabbit_max_retries = 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you +# must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +# rabbit_ha_queues = false + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +# fake_rabbit = false diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini deleted file mode 100644 index 256f7855..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini +++ /dev/null @@ -1,114 +0,0 @@ -# Config file for neutron-proxy-plugin. - -[restproxy] -# All configuration for this plugin is in section '[restproxy]' -# -# The following parameters are supported: -# servers : <host:port>[,<host:port>]* (Error if not set) -# server_auth : <username:password> (default: no auth) -# server_ssl : True | False (default: True) -# ssl_cert_directory : <path> (default: /etc/neutron/plugins/bigswitch/ssl) -# no_ssl_validation : True | False (default: False) -# ssl_sticky : True | False (default: True) -# sync_data : True | False (default: False) -# auto_sync_on_failure : True | False (default: True) -# consistency_interval : <integer> (default: 60 seconds) -# server_timeout : <integer> (default: 10 seconds) -# neutron_id : <string> (default: neutron-<hostname>) -# add_meta_server_route : True | False (default: True) -# thread_pool_size : <int> (default: 4) - -# A comma separated list of BigSwitch or Floodlight servers and port numbers. The plugin proxies the requests to the BigSwitch/Floodlight server, which performs the networking configuration. Note that only one server is needed per deployment, but you may wish to deploy multiple servers to support failover. -servers=localhost:8080 - -# The username and password for authenticating against the BigSwitch or Floodlight controller. -# server_auth=username:password - -# Use SSL when connecting to the BigSwitch or Floodlight controller. -# server_ssl=True - -# Directory which contains the ca_certs and host_certs to be used to validate -# controller certificates. -# ssl_cert_directory=/etc/neutron/plugins/bigswitch/ssl/ - -# If a certificate does not exist for a controller, trust and store the first -# certificate received for that controller and use it to validate future -# connections to that controller. -# ssl_sticky=True - -# Do not validate the controller certificates for SSL -# Warning: This will not provide protection against man-in-the-middle attacks -# no_ssl_validation=False - -# Sync data on connect -# sync_data=False - -# If neutron fails to create a resource because the backend controller -# doesn't know of a dependency, automatically trigger a full data -# synchronization to the controller. -# auto_sync_on_failure=True - -# Time between verifications that the backend controller -# database is consistent with Neutron. (0 to disable) -# consistency_interval = 60 - -# Maximum number of seconds to wait for proxy request to connect and complete. -# server_timeout=10 - -# User defined identifier for this Neutron deployment -# neutron_id = - -# Flag to decide if a route to the metadata server should be injected into the VM -# add_meta_server_route = True - -# Number of threads to use to handle large volumes of port creation requests -# thread_pool_size = 4 - -[nova] -# Specify the VIF_TYPE that will be controlled on the Nova compute instances -# options: ivs or ovs -# default: ovs -# vif_type = ovs - -# Overrides for vif types based on nova compute node host IDs -# Comma separated list of host IDs to fix to a specific VIF type -# The VIF type is taken from the end of the configuration item -# node_override_vif_<vif_type> -# For example, the following would set the VIF type to IVS for -# host-id1 and host-id2 -# node_overrride_vif_ivs=host-id1,host-id2 - -[router] -# Specify the default router rules installed in newly created tenant routers -# Specify multiple times for multiple rules -# Format is <tenant>:<source>:<destination>:<action> -# Optionally, a comma-separated list of nexthops may be included after <action> -# Use an * to specify default for all tenants -# Default is any any allow for all tenants -# tenant_default_router_rule=*:any:any:permit - -# Maximum number of rules that a single router may have -# Default is 200 -# max_router_rules=200 - -[restproxyagent] - -# Specify the name of the bridge used on compute nodes -# for attachment. -# Default: br-int -# integration_bridge=br-int - -# Change the frequency of polling by the restproxy agent. -# Value is seconds -# Default: 5 -# polling_interval=5 - -# Virtual switch type on the compute node. -# Options: ovs or ivs -# Default: ovs -# virtual_switch_type = ovs - -[securitygroup] -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README b/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README deleted file mode 100644 index e7e47a27..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README +++ /dev/null @@ -1,3 +0,0 @@ -Certificates in this folder will be used to -verify signatures for any controllers the plugin -connects to. diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README b/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README deleted file mode 100644 index 8f5f5e77..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README +++ /dev/null @@ -1,6 +0,0 @@ -Certificates in this folder must match the name -of the controller they should be used to authenticate -with a .pem extension. - -For example, the certificate for the controller -"192.168.0.1" should be named "192.168.0.1.pem". diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/brocade/brocade.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/brocade/brocade.ini deleted file mode 100644 index 916e9e5d..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/brocade/brocade.ini +++ /dev/null @@ -1,29 +0,0 @@ -[switch] -# username = The SSH username to use -# password = The SSH password to use -# address = The address of the host to SSH to -# ostype = Should be NOS, but is unused otherwise -# -# Example: -# username = admin -# password = password -# address = 10.24.84.38 -# ostype = NOS - -[physical_interface] -# physical_interface = The network interface to use when creating a port -# -# Example: -# physical_interface = physnet1 - -[vlans] -# network_vlan_ranges = <physical network name>:nnnn:mmmm -# -# Example: -# network_vlan_ranges = physnet1:1000:2999 - -[linux_bridge] -# physical_interface_mappings = <physical network name>:<local interface> -# -# Example: -# physical_interface_mappings = physnet1:em1 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini deleted file mode 100644 index d99e8382..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini +++ /dev/null @@ -1,15 +0,0 @@ -[cfg_agent] -# (IntOpt) Interval in seconds for processing of service updates. -# That is when the config agent's process_services() loop executes -# and it lets each service helper to process its service resources. -# rpc_loop_interval = 10 - -# (StrOpt) Period-separated module path to the routing service helper class. -# routing_svc_helper_class = neutron.plugins.cisco.cfg_agent.service_helpers.routing_svc_helper.RoutingServiceHelper - -# (IntOpt) Timeout value in seconds for connecting to a hosting device. -# device_connection_timeout = 30 - -# (IntOpt) The time in seconds until a backlogged hosting device is -# presumed dead or booted to an error state. -# hosting_device_dead_timeout = 300 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini deleted file mode 100644 index 17eae737..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini +++ /dev/null @@ -1,100 +0,0 @@ -[cisco] - -# (StrOpt) A short prefix to prepend to the VLAN number when creating a -# VLAN interface. For example, if an interface is being created for -# VLAN 2001 it will be named 'q-2001' using the default prefix. -# -# vlan_name_prefix = q- -# Example: vlan_name_prefix = vnet- - -# (StrOpt) A short prefix to prepend to the VLAN number when creating a -# provider VLAN interface. For example, if an interface is being created -# for provider VLAN 3003 it will be named 'p-3003' using the default prefix. -# -# provider_vlan_name_prefix = p- -# Example: provider_vlan_name_prefix = PV- - -# (BoolOpt) A flag indicating whether Openstack networking should manage the -# creation and removal of VLAN interfaces for provider networks on the Nexus -# switches. If the flag is set to False then Openstack will not create or -# remove VLAN interfaces for provider networks, and the administrator needs -# to manage these interfaces manually or by external orchestration. -# -# provider_vlan_auto_create = True - -# (BoolOpt) A flag indicating whether Openstack networking should manage -# the adding and removing of provider VLANs from trunk ports on the Nexus -# switches. If the flag is set to False then Openstack will not add or -# remove provider VLANs from trunk ports, and the administrator needs to -# manage these operations manually or by external orchestration. -# -# provider_vlan_auto_trunk = True - -# (StrOpt) Period-separated module path to the model class to use for -# the Cisco neutron plugin. -# -# model_class = neutron.plugins.cisco.models.virt_phy_sw_v2.VirtualPhysicalSwitchModelV2 - -# (BoolOpt) A flag to enable Layer 3 support on the Nexus switches. -# Note: This feature is not supported on all models/versions of Cisco -# Nexus switches. To use this feature, all of the Nexus switches in the -# deployment must support it. -# nexus_l3_enable = False - -# (BoolOpt) A flag to enable round robin scheduling of routers for SVI. -# svi_round_robin = False - -# Cisco Nexus Switch configurations. -# Each switch to be managed by Openstack Neutron must be configured here. -# -# N1KV Format. -# [N1KV:<IP address of VSM>] -# username=<credential username> -# password=<credential password> -# -# Example: -# [N1KV:2.2.2.2] -# username=admin -# password=mySecretPassword - -[cisco_n1k] - -# (StrOpt) Specify the name of the integration bridge to which the VIFs are -# attached. -# Default value: br-int -# integration_bridge = br-int - -# (StrOpt) Name of the policy profile to be associated with a port when no -# policy profile is specified during port creates. -# Default value: service_profile -# default_policy_profile = service_profile - -# (StrOpt) Name of the policy profile to be associated with a port owned by -# network node (dhcp, router). -# Default value: dhcp_pp -# network_node_policy_profile = dhcp_pp - -# (StrOpt) Name of the network profile to be associated with a network when no -# network profile is specified during network creates. Admin should pre-create -# a network profile with this name. -# Default value: default_network_profile -# default_network_profile = network_pool - -# (IntOpt) Time in seconds for which the plugin polls the VSM for updates in -# policy profiles. -# Default value: 60 -# poll_duration = 60 - -# (BoolOpt) Specify whether tenants are restricted from accessing all the -# policy profiles. -# Default value: False, indicating all tenants can access all policy profiles. -# -# restrict_policy_profiles = False - -# (IntOpt) Number of threads to use to make HTTP requests to the VSM. -# Default value: 4 -# http_pool_size = 4 - -# (IntOpt) Timeout duration in seconds for the http request -# Default value: 15 -# http_timeout = 15 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini deleted file mode 100644 index 3ef271d2..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini +++ /dev/null @@ -1,76 +0,0 @@ -[general] -#(IntOpt) Time in seconds between renewed scheduling attempts of non-scheduled routers -# backlog_processing_interval = 10 - -#(StrOpt) Name of the L3 admin tenant -# l3_admin_tenant = L3AdminTenant - -#(StrOpt) Name of management network for hosting device configuration -# management_network = osn_mgmt_nw - -#(StrOpt) Default security group applied on management port -# default_security_group = mgmt_sec_grp - -#(IntOpt) Seconds of no status update until a cfg agent is considered down -# cfg_agent_down_time = 60 - -#(StrOpt) Path to templates for hosting devices -# templates_path = /opt/stack/data/neutron/cisco/templates - -#(StrOpt) Path to config drive files for service VM instances -# service_vm_config_path = /opt/stack/data/neutron/cisco/config_drive - -#(BoolOpt) Ensure that Nova is running before attempting to create any VM -# ensure_nova_running = True - -[hosting_devices] -# Settings coupled to CSR1kv VM devices -# ------------------------------------- -#(StrOpt) Name of Glance image for CSR1kv -# csr1kv_image = csr1kv_openstack_img - -#(StrOpt) UUID of Nova flavor for CSR1kv -# csr1kv_flavor = 621 - -#(StrOpt) Plugging driver for CSR1kv -# csr1kv_plugging_driver = neutron.plugins.cisco.l3.plugging_drivers.n1kv_trunking_driver.N1kvTrunkingPlugDriver - -#(StrOpt) Hosting device driver for CSR1kv -# csr1kv_device_driver = neutron.plugins.cisco.l3.hosting_device_drivers.csr1kv_hd_driver.CSR1kvHostingDeviceDriver - -#(StrOpt) Config agent router service driver for CSR1kv -# csr1kv_cfgagent_router_driver = neutron.plugins.cisco.cfg_agent.device_drivers.csr1kv.csr1kv_routing_driver.CSR1kvRoutingDriver - -#(StrOpt) Configdrive template file for CSR1kv -# csr1kv_configdrive_template = csr1kv_cfg_template - -#(IntOpt) Booting time in seconds before a CSR1kv becomes operational -# csr1kv_booting_time = 420 - -#(StrOpt) Username to use for CSR1kv configurations -# csr1kv_username = stack - -#(StrOpt) Password to use for CSR1kv configurations -# csr1kv_password = cisco - -[n1kv] -# Settings coupled to inter-working with N1kv plugin -# -------------------------------------------------- -#(StrOpt) Name of N1kv port profile for management ports -# management_port_profile = osn_mgmt_pp - -#(StrOpt) Name of N1kv port profile for T1 ports (i.e., ports carrying traffic -# from VXLAN segmented networks). -# t1_port_profile = osn_t1_pp - -#(StrOpt) Name of N1kv port profile for T2 ports (i.e., ports carrying traffic -# from VLAN segmented networks). -# t2_port_profile = osn_t2_pp - -#(StrOpt) Name of N1kv network profile for T1 networks (i.e., trunk networks -# for VXLAN segmented traffic). -# t1_network_profile = osn_t1_np - -#(StrOpt) Name of N1kv network profile for T2 networks (i.e., trunk networks -# for VLAN segmented traffic). -# t2_network_profile = osn_t2_np diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini deleted file mode 100644 index 0aee17eb..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini +++ /dev/null @@ -1,26 +0,0 @@ -[cisco_csr_ipsec] -# Status check interval in seconds, for VPNaaS IPSec connections used on CSR -# status_check_interval = 60 - -# Cisco CSR management port information for REST access used by VPNaaS -# TODO(pcm): Remove once CSR is integrated in as a Neutron router. -# -# Format is: -# [cisco_csr_rest:<public IP>] -# rest_mgmt = <mgmt port IP> -# tunnel_ip = <tunnel IP> -# username = <user> -# password = <password> -# timeout = <timeout> -# host = <hostname> -# tunnel_if = <tunnel I/F> -# -# where: -# public IP ----- Public IP address of router used with a VPN service (1:1 with CSR) -# tunnel IP ----- Public IP address of the CSR used for the IPSec tunnel -# mgmt port IP -- IP address of CSR for REST API access -# user ---------- Username for REST management port access to Cisco CSR -# password ------ Password for REST management port access to Cisco CSR -# timeout ------- REST request timeout to Cisco CSR (optional) -# hostname ------ Name of host where CSR is running as a VM -# tunnel I/F ---- CSR port name used for tunnels' IP address diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini deleted file mode 100644 index 0ca9b46f..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini +++ /dev/null @@ -1,41 +0,0 @@ -[heleos] -#configure the ESM management address -#in the first version of this plugin, only one ESM can be specified -#Example: -#esm_mgmt= - -#configure admin username and password -#admin_username= -#admin_password= - -#router image id -#Example: -#router_image=932ce713-e210-3d54-a0a5-518b0b5ee1b0 - -#mgmt shared security zone id -#defines the shared management security zone. Each tenant can have a private one configured through the ESM -#Example: -#mgmt_id=c0bc9b6c-f110-46cf-bb01-733bfe4b5a1a - -#in-band shared security zone id -#defines the shared in-band security zone. Each tenant can have a private one configured through the ESM -#Example: -#inband_id=a6b7999d-3806-4b04-81f6-e0c5c8271afc - -#oob-band shared security zone id -#defines the shared out-of-band security zone. Each tenant can have a private one configured through the ESM -#Example: -#oob_id=e7eda5cc-b977-46cb-9c14-cab43c1b7871 - -#dummy security zone id -#defines the dummy security zone ID. this security zone will be used by the DVAs with no neutron interfaces -#Example: -#dummy_utif_id=d9911310-25fc-4733-a2e0-c0eda024ef08 - -#resource pool id -#define the shared resource pool. Each tenant can have a private one configured through the ESM -#Example -#resource_pool_id= - -#define if the requests have to be executed asynchronously by the plugin or not -#async_requests= diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini deleted file mode 100644 index 5eeec570..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini +++ /dev/null @@ -1,63 +0,0 @@ -[hyperv] -# (StrOpt) Type of network to allocate for tenant networks. The -# default value 'local' is useful only for single-box testing and -# provides no connectivity between hosts. You MUST either change this -# to 'vlan' and configure network_vlan_ranges below or to 'flat'. -# Set to 'none' to disable creation of tenant networks. -# -# tenant_network_type = local -# Example: tenant_network_type = vlan - -# (ListOpt) Comma-separated list of -# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges -# of VLAN IDs on named physical networks that are available for -# allocation. All physical networks listed are available for flat and -# VLAN provider network creation. Specified ranges of VLAN IDs are -# available for tenant network allocation if tenant_network_type is -# 'vlan'. If empty, only gre and local networks may be created. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = physnet1:1000:2999 - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -# (ListOpt) Comma separated list of <physical_network>:<vswitch> -# where the physical networks can be expressed with wildcards, -# e.g.: ."*:external". -# The referred external virtual switches need to be already present on -# the Hyper-V server. -# If a given physical network name will not match any value in the list -# the plugin will look for a virtual switch with the same name. -# -# physical_network_vswitch_mappings = *:external -# Example: physical_network_vswitch_mappings = net1:external1,net2:external2 - -# (StrOpt) Private virtual switch name used for local networking. -# -# local_network_vswitch = private -# Example: local_network_vswitch = custom_vswitch - -# (BoolOpt) Enables metrics collections for switch ports by using Hyper-V's -# metric APIs. Collected data can by retrieved by other apps and services, -# e.g.: Ceilometer. Requires Hyper-V / Windows Server 2012 and above. -# -# enable_metrics_collection = False - -#----------------------------------------------------------------------------- -# Sample Configurations. -#----------------------------------------------------------------------------- -# -# Neutron server: -# -# [HYPERV] -# tenant_network_type = vlan -# network_vlan_ranges = default:2000:3999 -# -# Agent running on Hyper-V node: -# -# [AGENT] -# polling_interval = 2 -# physical_network_vswitch_mappings = *:external -# local_network_vswitch = private diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini deleted file mode 100644 index 0fab5070..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini +++ /dev/null @@ -1,50 +0,0 @@ -[sdnve] -# (ListOpt) The IP address of one (or more) SDN-VE controllers -# Default value is: controller_ips = 127.0.0.1 -# Example: controller_ips = 127.0.0.1,127.0.0.2 -# (StrOpt) The integration bridge for OF based implementation -# The default value for integration_bridge is None -# Example: integration_bridge = br-int -# (ListOpt) The interface mapping connecting the integration -# bridge to external network as a list of physical network names and -# interfaces: <physical_network_name>:<interface_name> -# Example: interface_mappings = default:eth2 -# (BoolOpt) Used to reset the integration bridge, if exists -# The default value for reset_bridge is True -# Example: reset_bridge = False -# (BoolOpt) Used to set the OVS controller as out-of-band -# The default value for out_of_band is True -# Example: out_of_band = False -# -# (BoolOpt) The fake controller for testing purposes -# Default value is: use_fake_controller = False -# (StrOpt) The port number for use with controller -# The default value for the port is 8443 -# Example: port = 8443 -# (StrOpt) The userid for use with controller -# The default value for the userid is admin -# Example: userid = sdnve_user -# (StrOpt) The password for use with controller -# The default value for the password is admin -# Example: password = sdnve_password -# -# (StrOpt) The default type of tenants (and associated resources) -# Available choices are: OVERLAY or OF -# The default value for tenant type is OVERLAY -# Example: default_tenant_type = OVERLAY -# (StrOpt) The string in tenant description that indicates -# Default value for OF tenants: of_signature = SDNVE-OF -# (StrOpt) The string in tenant description that indicates -# Default value for OVERLAY tenants: overlay_signature = SDNVE-OVERLAY - -[sdnve_agent] -# (IntOpt) Agent's polling interval in seconds -# polling_interval = 2 -# (StrOpt) What to use for root helper -# The default value: root_helper = 'sudo' -# (BoolOpt) Whether to use rpc or not -# The default value: rpc = True - -[securitygroup] -# The security group is not supported: -# firewall_driver = neutron.agent.firewall.NoopFirewallDriver diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini deleted file mode 100644 index 94fe9803..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini +++ /dev/null @@ -1,78 +0,0 @@ -[vlans] -# (StrOpt) Type of network to allocate for tenant networks. The -# default value 'local' is useful only for single-box testing and -# provides no connectivity between hosts. You MUST change this to -# 'vlan' and configure network_vlan_ranges below in order for tenant -# networks to provide connectivity between hosts. Set to 'none' to -# disable creation of tenant networks. -# -# tenant_network_type = local -# Example: tenant_network_type = vlan - -# (ListOpt) Comma-separated list of -# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges -# of VLAN IDs on named physical networks that are available for -# allocation. All physical networks listed are available for flat and -# VLAN provider network creation. Specified ranges of VLAN IDs are -# available for tenant network allocation if tenant_network_type is -# 'vlan'. If empty, only local networks may be created. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = physnet1:1000:2999 - -[linux_bridge] -# (ListOpt) Comma-separated list of -# <physical_network>:<physical_interface> tuples mapping physical -# network names to the agent's node-specific physical network -# interfaces to be used for flat and VLAN networks. All physical -# networks listed in network_vlan_ranges on the server should have -# mappings to appropriate interfaces on each agent. -# -# physical_interface_mappings = -# Example: physical_interface_mappings = physnet1:eth1 - -[vxlan] -# (BoolOpt) enable VXLAN on the agent -# VXLAN support can be enabled when agent is managed by ml2 plugin using -# linuxbridge mechanism driver. Useless if set while using linuxbridge plugin. -# enable_vxlan = False -# -# (IntOpt) use specific TTL for vxlan interface protocol packets -# ttl = -# -# (IntOpt) use specific TOS for vxlan interface protocol packets -# tos = -# -# (StrOpt) multicast group to use for broadcast emulation. -# This group must be the same on all the agents. -# vxlan_group = 224.0.0.1 -# -# (StrOpt) Local IP address to use for VXLAN endpoints (required) -# local_ip = -# -# (BoolOpt) Flag to enable l2population extension. This option should be used -# in conjunction with ml2 plugin l2population mechanism driver (in that case, -# both linuxbridge and l2population mechanism drivers should be loaded). -# It enables plugin to populate VXLAN forwarding table, in order to limit -# the use of broadcast emulation (multicast will be turned off if kernel and -# iproute2 supports unicast flooding - requires 3.11 kernel and iproute2 3.10) -# l2_population = False - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -# (BoolOpt) Enable server RPC compatibility with old (pre-havana) -# agents. -# -# rpc_support_old_agents = False -# Example: rpc_support_old_agents = True - -[securitygroup] -# Firewall driver for realizing neutron security group function -# firewall_driver = neutron.agent.firewall.NoopFirewallDriver -# Example: firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini deleted file mode 100644 index 2b9bfa5e..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini +++ /dev/null @@ -1,31 +0,0 @@ -# Config file for Metaplugin - -[meta] -# Comma separated list of flavor:neutron_plugin for plugins to load. -# Extension method is searched in the list order and the first one is used. -plugin_list = 'ml2:neutron.plugins.ml2.plugin.Ml2Plugin,nvp:neutron.plugins.vmware.plugin.NsxPluginV2' - -# Comma separated list of flavor:neutron_plugin for L3 service plugins -# to load. -# This is intended for specifying L2 plugins which support L3 functions. -# If you use a router service plugin, set this blank. -l3_plugin_list = - -# Default flavor to use, when flavor:network is not specified at network -# creation. -default_flavor = 'nvp' - -# Default L3 flavor to use, when flavor:router is not specified at router -# creation. -# Ignored if 'l3_plugin_list' is blank. -default_l3_flavor = - -# Comma separated list of supported extension aliases. -supported_extension_aliases = 'provider,binding,agent,dhcp_agent_scheduler' - -# Comma separated list of method:flavor to select specific plugin for a method. -# This has priority over method search order based on 'plugin_list'. -extension_map = 'get_port_stats:nvp' - -# Specifies flavor for plugin to handle 'q-plugin' RPC requests. -rpc_flavor = 'ml2' diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/midonet/midonet.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/midonet/midonet.ini deleted file mode 100644 index f2e94052..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/midonet/midonet.ini +++ /dev/null @@ -1,19 +0,0 @@ - -[midonet] -# MidoNet API server URI -# midonet_uri = http://localhost:8080/midonet-api - -# MidoNet admin username -# username = admin - -# MidoNet admin password -# password = passw0rd - -# ID of the project that MidoNet admin user belongs to -# project_id = 77777777-7777-7777-7777-777777777777 - -# Virtual provider router ID -# provider_router_id = 00112233-0011-0011-0011-001122334455 - -# Path to midonet host uuid file -# midonet_host_uuid_path = /etc/midolman/host_uuid.properties diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini index b8097ce2..ac9a3d0d 100644 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini +++ b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini @@ -4,7 +4,6 @@ # # type_drivers = local,flat,vlan,gre,vxlan # Example: type_drivers = flat,vlan,gre,vxlan -type_drivers = flat,gre # (ListOpt) Ordered list of network_types to allocate as tenant # networks. The default value 'local' is useful for single-box testing @@ -12,7 +11,6 @@ type_drivers = flat,gre # # tenant_network_types = local # Example: tenant_network_types = vlan,gre,vxlan -tenant_network_types = gre # (ListOpt) Ordered list of networking mechanism driver entrypoints # to be loaded from the neutron.ml2.mechanism_drivers namespace. @@ -22,13 +20,44 @@ tenant_network_types = gre # Example: mechanism_drivers = cisco,logger # Example: mechanism_drivers = openvswitch,brocade # Example: mechanism_drivers = linuxbridge,brocade -mechanism_drivers = openvswitch # (ListOpt) Ordered list of extension driver entrypoints # to be loaded from the neutron.ml2.extension_drivers namespace. # extension_drivers = # Example: extension_drivers = anewextensiondriver +# =========== items for MTU selection and advertisement ============= +# (IntOpt) Path MTU. The maximum permissible size of an unfragmented +# packet travelling from and to addresses where encapsulated Neutron +# traffic is sent. Drivers calculate maximum viable MTU for +# validating tenant requests based on this value (typically, +# path_mtu - max encap header size). If <=0, the path MTU is +# indeterminate and no calculation takes place. +# path_mtu = 0 + +# (IntOpt) Segment MTU. The maximum permissible size of an +# unfragmented packet travelling a L2 network segment. If <=0, +# the segment MTU is indeterminate and no calculation takes place. +# segment_mtu = 0 + +# (ListOpt) Physical network MTUs. List of mappings of physical +# network to MTU value. The format of the mapping is +# <physnet>:<mtu val>. This mapping allows specifying a +# physical network MTU value that differs from the default +# segment_mtu value. +# physical_network_mtus = +# Example: physical_network_mtus = physnet1:1550, physnet2:1500 +# ======== end of items for MTU selection and advertisement ========= + +# (StrOpt) Default network type for external networks when no provider +# attributes are specified. By default it is None, which means that if +# provider attributes are not specified while creating external networks +# then they will have the same type as tenant networks. +# Allowed values for external_network_type config option depend on the +# network type values configured in type_drivers config option. +# external_network_type = +# Example: external_network_type = local + [ml2_type_flat] # (ListOpt) List of physical_network names with which flat networks # can be created. Use * to allow flat networks with arbitrary @@ -37,7 +66,6 @@ mechanism_drivers = openvswitch # flat_networks = # Example:flat_networks = physnet1,physnet2 # Example:flat_networks = * -flat_networks = External [ml2_type_vlan] # (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples @@ -47,11 +75,10 @@ flat_networks = External # # network_vlan_ranges = # Example: network_vlan_ranges = physnet1:1000:2999,physnet2 -#network_vlan_ranges = Physnet1:100:200 [ml2_type_gre] # (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation -tunnel_id_ranges = 1:1000 +# tunnel_id_ranges = [ml2_type_vxlan] # (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating @@ -69,18 +96,8 @@ tunnel_id_ranges = 1:1000 [securitygroup] # Controls if neutron security group is enabled or not. # It should be false when you use nova security group. -enable_security_group = True +# enable_security_group = True # Use ipset to speed-up the iptables security groups. Enabling ipset support # requires that ipset is installed on L2 agent node. -enable_ipset = True - -firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -[ovs] -local_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} -enable_tunneling = True -bridge_mappings=External:br-ex - -[agent] -tunnel_types = gre +# enable_ipset = True diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini deleted file mode 100644 index abaf5bc7..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini +++ /dev/null @@ -1,100 +0,0 @@ -# Defines configuration options specific for Arista ML2 Mechanism driver - -[ml2_arista] -# (StrOpt) EOS IP address. This is required field. If not set, all -# communications to Arista EOS will fail -# -# eapi_host = -# Example: eapi_host = 192.168.0.1 -# -# (StrOpt) EOS command API username. This is required field. -# if not set, all communications to Arista EOS will fail. -# -# eapi_username = -# Example: arista_eapi_username = admin -# -# (StrOpt) EOS command API password. This is required field. -# if not set, all communications to Arista EOS will fail. -# -# eapi_password = -# Example: eapi_password = my_password -# -# (StrOpt) Defines if hostnames are sent to Arista EOS as FQDNs -# ("node1.domain.com") or as short names ("node1"). This is -# optional. If not set, a value of "True" is assumed. -# -# use_fqdn = -# Example: use_fqdn = True -# -# (IntOpt) Sync interval in seconds between Neutron plugin and EOS. -# This field defines how often the synchronization is performed. -# This is an optional field. If not set, a value of 180 seconds -# is assumed. -# -# sync_interval = -# Example: sync_interval = 60 -# -# (StrOpt) Defines Region Name that is assigned to this OpenStack Controller. -# This is useful when multiple OpenStack/Neutron controllers are -# managing the same Arista HW clusters. Note that this name must -# match with the region name registered (or known) to keystone -# service. Authentication with Keysotne is performed by EOS. -# This is optional. If not set, a value of "RegionOne" is assumed. -# -# region_name = -# Example: region_name = RegionOne - - -[l3_arista] - -# (StrOpt) primary host IP address. This is required field. If not set, all -# communications to Arista EOS will fail. This is the host where -# primary router is created. -# -# primary_l3_host = -# Example: primary_l3_host = 192.168.10.10 -# -# (StrOpt) Primary host username. This is required field. -# if not set, all communications to Arista EOS will fail. -# -# primary_l3_host_username = -# Example: arista_primary_l3_username = admin -# -# (StrOpt) Primary host password. This is required field. -# if not set, all communications to Arista EOS will fail. -# -# primary_l3_host_password = -# Example: primary_l3_password = my_password -# -# (StrOpt) IP address of the second Arista switch paired as -# MLAG (Multi-chassis Link Aggregation) with the first. -# This is optional field, however, if mlag_config flag is set, -# then this is a required field. If not set, all -# communications to Arista EOS will fail. If mlag_config is set -# to False, then this field is ignored -# -# seconadary_l3_host = -# Example: seconadary_l3_host = 192.168.10.20 -# -# (BoolOpt) Defines if Arista switches are configured in MLAG mode -# If yes, all L3 configuration is pushed to both switches -# automatically. If this flag is set, ensure that secondary_l3_host -# is set to the second switch's IP. -# This flag is Optional. If not set, a value of "False" is assumed. -# -# mlag_config = -# Example: mlag_config = True -# -# (BoolOpt) Defines if the router is created in default VRF or a -# a specific VRF. This is optional. -# If not set, a value of "False" is assumed. -# -# Example: use_vrf = True -# -# (IntOpt) Sync interval in seconds between Neutron plugin and EOS. -# This field defines how often the synchronization is performed. -# This is an optional field. If not set, a value of 180 seconds -# is assumed. -# -# l3_sync_interval = -# Example: l3_sync_interval = 60 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini deleted file mode 100644 index 67574110..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini +++ /dev/null @@ -1,15 +0,0 @@ -[ml2_brocade] -# username = <mgmt admin username> -# password = <mgmt admin password> -# address = <switch mgmt ip address> -# ostype = NOS -# osversion = autodetect | n.n.n -# physical_networks = physnet1,physnet2 -# -# Example: -# username = admin -# password = password -# address = 10.24.84.38 -# ostype = NOS -# osversion = 4.1.1 -# physical_networks = physnet1,physnet2 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini deleted file mode 100644 index 1b69100e..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini +++ /dev/null @@ -1,118 +0,0 @@ -[ml2_cisco] - -# (StrOpt) A short prefix to prepend to the VLAN number when creating a -# VLAN interface. For example, if an interface is being created for -# VLAN 2001 it will be named 'q-2001' using the default prefix. -# -# vlan_name_prefix = q- -# Example: vlan_name_prefix = vnet- - -# (BoolOpt) A flag to enable round robin scheduling of routers for SVI. -# svi_round_robin = False - -# -# (StrOpt) The name of the physical_network managed via the Cisco Nexus Switch. -# This string value must be present in the ml2_conf.ini network_vlan_ranges -# variable. -# -# managed_physical_network = -# Example: managed_physical_network = physnet1 - -# Cisco Nexus Switch configurations. -# Each switch to be managed by Openstack Neutron must be configured here. -# -# Cisco Nexus Switch Format. -# [ml2_mech_cisco_nexus:<IP address of switch>] -# <hostname>=<intf_type:port> (1) -# ssh_port=<ssh port> (2) -# username=<credential username> (3) -# password=<credential password> (4) -# -# (1) For each host connected to a port on the switch, specify the hostname -# and the Nexus physical port (interface) it is connected to. -# Valid intf_type's are 'ethernet' and 'port-channel'. -# The default setting for <intf_type:> is 'ethernet' and need not be -# added to this setting. -# (2) The TCP port for connecting via SSH to manage the switch. This is -# port number 22 unless the switch has been configured otherwise. -# (3) The username for logging into the switch to manage it. -# (4) The password for logging into the switch to manage it. -# -# Example: -# [ml2_mech_cisco_nexus:1.1.1.1] -# compute1=1/1 -# compute2=ethernet:1/2 -# compute3=port-channel:1 -# ssh_port=22 -# username=admin -# password=mySecretPassword - -[ml2_cisco_apic] - -# Hostname:port list of APIC controllers -# apic_hosts = 1.1.1.1:80, 1.1.1.2:8080, 1.1.1.3:80 - -# Username for the APIC controller -# apic_username = user - -# Password for the APIC controller -# apic_password = password - -# Whether use SSl for connecting to the APIC controller or not -# apic_use_ssl = True - -# How to map names to APIC: use_uuid or use_name -# apic_name_mapping = use_name - -# Names for APIC objects used by Neutron -# Note: When deploying multiple clouds against one APIC, -# these names must be unique between the clouds. -# apic_vmm_domain = openstack -# apic_vlan_ns_name = openstack_ns -# apic_node_profile = openstack_profile -# apic_entity_profile = openstack_entity -# apic_function_profile = openstack_function -# apic_app_profile_name = openstack_app -# Agent timers for State reporting and topology discovery -# apic_sync_interval = 30 -# apic_agent_report_interval = 30 -# apic_agent_poll_interval = 2 - -# Specify your network topology. -# This section indicates how your compute nodes are connected to the fabric's -# switches and ports. The format is as follows: -# -# [apic_switch:<swich_id_from_the_apic>] -# <compute_host>,<compute_host> = <switchport_the_host(s)_are_connected_to> -# -# You can have multiple sections, one for each switch in your fabric that is -# participating in Openstack. e.g. -# -# [apic_switch:17] -# ubuntu,ubuntu1 = 1/10 -# ubuntu2,ubuntu3 = 1/11 -# -# [apic_switch:18] -# ubuntu5,ubuntu6 = 1/1 -# ubuntu7,ubuntu8 = 1/2 - -# Describe external connectivity. -# In this section you can specify the external network configuration in order -# for the plugin to be able to teach the fabric how to route the internal -# traffic to the outside world. The external connectivity configuration -# format is as follows: -# -# [apic_external_network:<externalNetworkName>] -# switch = <switch_id_from_the_apic> -# port = <switchport_the_external_router_is_connected_to> -# encap = <encapsulation> -# cidr_exposed = <cidr_exposed_to_the_external_router> -# gateway_ip = <ip_of_the_external_gateway> -# -# An example follows: -# [apic_external_network:network_ext] -# switch=203 -# port=1/34 -# encap=vlan-100 -# cidr_exposed=10.10.40.2/16 -# gateway_ip=10.10.40.1 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini deleted file mode 100644 index 6ee4a4e0..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini +++ /dev/null @@ -1,52 +0,0 @@ -# Defines Configuration options for FSL SDN OS Mechanism Driver -# Cloud Resource Discovery (CRD) authorization credentials -[ml2_fslsdn] -#(StrOpt) User name for authentication to CRD. -# e.g.: user12 -# -# crd_user_name = - -#(StrOpt) Password for authentication to CRD. -# e.g.: secret -# -# crd_password = - -#(StrOpt) Tenant name for CRD service. -# e.g.: service -# -# crd_tenant_name = - -#(StrOpt) CRD auth URL. -# e.g.: http://127.0.0.1:5000/v2.0/ -# -# crd_auth_url = - -#(StrOpt) URL for connecting to CRD Service. -# e.g.: http://127.0.0.1:9797 -# -# crd_url= - -#(IntOpt) Timeout value for connecting to CRD service -# in seconds, e.g.: 30 -# -# crd_url_timeout= - -#(StrOpt) Region name for connecting to CRD in -# admin context, e.g.: RegionOne -# -# crd_region_name= - -#(BoolOpt)If set, ignore any SSL validation issues (boolean value) -# e.g.: False -# -# crd_api_insecure= - -#(StrOpt)Authorization strategy for connecting to CRD in admin -# context, e.g.: keystone -# -# crd_auth_strategy= - -#(StrOpt)Location of CA certificates file to use for CRD client -# requests. -# -# crd_ca_certificates_file= diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini deleted file mode 100644 index 46139aed..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini +++ /dev/null @@ -1,4 +0,0 @@ -[eswitch] -# (StrOpt) Type of Network Interface to allocate for VM: -# mlnx_direct or hostdev according to libvirt terminology -# vnic_type = mlnx_direct diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini deleted file mode 100644 index dbbfcbd2..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini +++ /dev/null @@ -1,28 +0,0 @@ -# Defines configuration options specific to the Tail-f NCS Mechanism Driver - -[ml2_ncs] -# (StrOpt) Tail-f NCS HTTP endpoint for REST access to the OpenStack -# subtree. -# If this is not set then no HTTP requests will be made. -# -# url = -# Example: url = http://ncs/api/running/services/openstack - -# (StrOpt) Username for HTTP basic authentication to NCS. -# This is an optional parameter. If unspecified then no authentication is used. -# -# username = -# Example: username = admin - -# (StrOpt) Password for HTTP basic authentication to NCS. -# This is an optional parameter. If unspecified then no authentication is used. -# -# password = -# Example: password = admin - -# (IntOpt) Timeout in seconds to wait for NCS HTTP request completion. -# This is an optional parameter, default value is 10 seconds. -# -# timeout = -# Example: timeout = 15 - diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini deleted file mode 100644 index 9e88c1bb..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini +++ /dev/null @@ -1,30 +0,0 @@ -# Configuration for the OpenDaylight MechanismDriver - -[ml2_odl] -# (StrOpt) OpenDaylight REST URL -# If this is not set then no HTTP requests will be made. -# -# url = -# Example: url = http://192.168.56.1:8080/controller/nb/v2/neutron - -# (StrOpt) Username for HTTP basic authentication to ODL. -# -# username = -# Example: username = admin - -# (StrOpt) Password for HTTP basic authentication to ODL. -# -# password = -# Example: password = admin - -# (IntOpt) Timeout in seconds to wait for ODL HTTP request completion. -# This is an optional parameter, default value is 10 seconds. -# -# timeout = 10 -# Example: timeout = 15 - -# (IntOpt) Timeout in minutes to wait for a Tomcat session timeout. -# This is an optional parameter, default value is 30 minutes. -# -# session_timeout = 30 -# Example: session_timeout = 60 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini deleted file mode 100644 index 4a94b987..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini +++ /dev/null @@ -1,13 +0,0 @@ -# Defines configuration options specific to the OpenFlow Agent Mechanism Driver - -[ovs] -# Please refer to configuration options to the OpenvSwitch - -[agent] -# (IntOpt) Number of seconds to retry acquiring an Open vSwitch datapath. -# This is an optional parameter, default value is 60 seconds. -# -# get_datapath_retry_times = -# Example: get_datapath_retry_times = 30 - -# Please refer to configuration options to the OpenvSwitch else the above. diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini deleted file mode 100644 index 9566f54c..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini +++ /dev/null @@ -1,31 +0,0 @@ -# Defines configuration options for SRIOV NIC Switch MechanismDriver -# and Agent - -[ml2_sriov] -# (ListOpt) Comma-separated list of -# supported Vendor PCI Devices, in format vendor_id:product_id -# -# supported_pci_vendor_devs = 15b3:1004, 8086:10c9 -# Example: supported_pci_vendor_devs = 15b3:1004 -# -# (BoolOpt) Requires running SRIOV neutron agent for port binding -# agent_required = True - -[sriov_nic] -# (ListOpt) Comma-separated list of <physical_network>:<network_device> -# tuples mapping physical network names to the agent's node-specific -# physical network device interfaces of SR-IOV physical function to be used -# for VLAN networks. All physical networks listed in network_vlan_ranges on -# the server should have mappings to appropriate interfaces on each agent. -# -# physical_device_mappings = -# Example: physical_device_mappings = physnet1:eth1 -# -# (ListOpt) Comma-separated list of <network_device>:<vfs__to_exclude> -# tuples, mapping network_device to the agent's node-specific list of virtual -# functions that should not be used for virtual networking. -# vfs_to_exclude is a semicolon-separated list of virtual -# functions to exclude from network_device. The network_device in the -# mapping should appear in the physical_device_mappings list. -# exclude_devices = -# Example: exclude_devices = eth1:0000:07:00.2; 0000:07:00.3 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini deleted file mode 100644 index b1225111..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini +++ /dev/null @@ -1,79 +0,0 @@ -[mlnx] -# (StrOpt) Type of network to allocate for tenant networks. The -# default value is 'vlan' You MUST configure network_vlan_ranges below -# in order for tenant networks to provide connectivity between hosts. -# Set to 'none' to disable creation of tenant networks. -# -# tenant_network_type = vlan -# Example: tenant_network_type = vlan - -# (ListOpt) Comma-separated list of -# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges -# of VLAN IDs on named physical networks that are available for -# allocation. All physical networks listed are available for flat and -# VLAN provider network creation. Specified ranges of VLAN IDs are -# available for tenant network allocation if tenant_network_type is -# 'vlan'. If empty, only local networks may be created. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = default:1:100 - -# (ListOpt) Comma-separated list of -# <physical_network>:<physical_network_type> tuples mapping physical -# network names to physical network types. All physical -# networks listed in network_vlan_ranges should have -# mappings to appropriate physical network type. -# Type of the physical network can be either eth (Ethernet) or -# ib (InfiniBand). If empty, physical network eth type is assumed. -# -# physical_network_type_mappings = -# Example: physical_network_type_mappings = default:eth - -# (StrOpt) Type of the physical network, can be either 'eth' or 'ib' -# The default value is 'eth' -# physical_network_type = eth - -[eswitch] -# (ListOpt) Comma-separated list of -# <physical_network>:<physical_interface> tuples mapping physical -# network names to the agent's node-specific physical network -# interfaces to be used for flat and VLAN networks. All physical -# networks listed in network_vlan_ranges on the server should have -# mappings to appropriate interfaces on each agent. -# -# physical_interface_mappings = -# Example: physical_interface_mappings = default:eth2 - -# (StrOpt) Type of Network Interface to allocate for VM: -# direct or hosdev according to libvirt terminology -# vnic_type = mlnx_direct - -# (StrOpt) Eswitch daemon end point connection url -# daemon_endpoint = 'tcp://127.0.0.1:60001' - -# The number of milliseconds the agent will wait for -# response on request to daemon -# request_timeout = 3000 - -# The number of retries the agent will send request -# to daemon before giving up -# retries = 3 - -# The backoff rate multiplier for waiting period between retries -# on request to daemon, i.e. value of 2 will double -# the request timeout each retry -# backoff_rate = 2 - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -# (BoolOpt) Enable server RPC compatibility with old (pre-havana) -# agents. -# -# rpc_support_old_agents = False - -[securitygroup] -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/nec/nec.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/nec/nec.ini deleted file mode 100644 index aa4171da..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/nec/nec.ini +++ /dev/null @@ -1,60 +0,0 @@ -# Sample Configurations - -[ovs] -# Do not change this parameter unless you have a good reason to. -# This is the name of the OVS integration bridge. There is one per hypervisor. -# The integration bridge acts as a virtual "patch port". All VM VIFs are -# attached to this bridge and then "patched" according to their network -# connectivity. -# integration_bridge = br-int - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -[securitygroup] -# Firewall driver for realizing neutron security group function -firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True - -[ofc] -# Specify OpenFlow Controller Host, Port and Driver to connect. -# host = 127.0.0.1 -# port = 8888 - -# Base URL of OpenFlow Controller REST API. -# It is prepended to a path of each API request. -# path_prefix = - -# Drivers are in neutron/plugins/nec/drivers/ . -# driver = trema - -# PacketFilter is available when it's enabled in this configuration -# and supported by the driver. -# enable_packet_filter = true - -# Use SSL to connect -# use_ssl = false - -# Key file -# key_file = - -# Certificate file -# cert_file = - -# Disable SSL certificate verification -# insecure_ssl = false - -# Maximum attempts per OFC API request. NEC plugin retries -# API request to OFC when OFC returns ServiceUnavailable (503). -# The value must be greater than 0. -# api_max_attempts = 3 - -[provider] -# Default router provider to use. -# default_router_provider = l3-agent -# List of enabled router providers. -# router_providers = l3-agent,openflow diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini deleted file mode 100644 index aad37bd5..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini +++ /dev/null @@ -1,41 +0,0 @@ -# Please fill in the correct data for all the keys below and uncomment key-value pairs -[restproxy] -# (StrOpt) Default Network partition in which VSD will -# orchestrate network resources using openstack -# -#default_net_partition_name = <default-net-partition-name> - -# (StrOpt) Nuage provided uri for initial authorization to -# access VSD -# -#auth_resource = /auth - -# (StrOpt) IP Address and Port of VSD -# -#server = ip:port - -# (StrOpt) Organization name in which VSD will orchestrate -# network resources using openstack -# -#organization = org - -# (StrOpt) Username and password of VSD for authentication -# -#serverauth = uname:pass - -# (BoolOpt) Boolean for SSL connection with VSD server -# -#serverssl = True - -# (StrOpt) Nuage provided base uri to reach out to VSD -# -#base_uri = /base - -[syncmanager] -# (BoolOpt) Boolean to enable sync between openstack and VSD -# -#enable_sync = False - -# (IntOpt) Sync interval in seconds between openstack and VSD -# -#sync_interval = 0
\ No newline at end of file diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini deleted file mode 100644 index a1c05d97..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini +++ /dev/null @@ -1,35 +0,0 @@ -[nvsd] -# Configure the NVSD controller. The plugin proxies the api calls using -# to NVSD controller which implements the required functionality. - -# IP address of NVSD controller api server -# nvsd_ip = <ip address of nvsd controller> - -# Port number of NVSD controller api server -# nvsd_port = 8082 - -# Authentication credentials to access the api server -# nvsd_user = <nvsd controller username> -# nvsd_passwd = <password> - -# API request timeout in seconds -# request_timeout = <default request timeout> - -# Maximum number of retry attempts to login to the NVSD controller -# Specify 0 to retry until success (default) -# nvsd_retries = 0 - -[securitygroup] -# Specify firewall_driver option, if neutron security groups are disabled, -# then NoopFirewallDriver otherwise OVSHybridIptablesFirewallDriver. -# firewall_driver = neutron.agent.firewall.NoopFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True - -[agent] -# root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf - -[database] -# connection = mysql://root:<passwd>@127.0.0.1/<neutron_db>?charset=utf8 diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini deleted file mode 100644 index 629f1fc4..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini +++ /dev/null @@ -1,26 +0,0 @@ -# OpenContrail is an Apache 2.0-licensed project that is built using -# standards-based protocols and provides all the necessary components for -# network virtualization–SDN controller, virtual router, analytics engine, -# and published northbound APIs -# For more information visit: http://opencontrail.org - -# Opencontrail plugin specific configuration -[CONTRAIL] -# (StrOpt) IP address to connect to opencontrail controller. -# Uncomment this line for specifying the IP address of the opencontrail -# Api-Server. -# Default value is local host(127.0.0.1). -# api_server_ip='127.0.0.1' - -# (IntOpt) port to connect to opencontrail controller. -# Uncomment this line for the specifying the Port of the opencontrail -# Api-Server. -# Default value is 8082 -# api_server_port=8082 - -# (DictOpt) enable opencontrail extensions -# Opencontrail in future would support extension such as ipam, policy, -# these extensions can be configured as shown below. Plugin will then -# load the specified extensions. -# Default value is None, it wont load any extension -# contrail_extensions=ipam:<classpath>,policy:<classpath> diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini deleted file mode 100644 index 9c8e6b58..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini +++ /dev/null @@ -1,190 +0,0 @@ -[ovs] -# (StrOpt) Type of network to allocate for tenant networks. The -# default value 'local' is useful only for single-box testing and -# provides no connectivity between hosts. You MUST either change this -# to 'vlan' and configure network_vlan_ranges below or change this to -# 'gre' or 'vxlan' and configure tunnel_id_ranges below in order for -# tenant networks to provide connectivity between hosts. Set to 'none' -# to disable creation of tenant networks. -# -# tenant_network_type = local -# Example: tenant_network_type = gre -# Example: tenant_network_type = vxlan - -# (ListOpt) Comma-separated list of -# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges -# of VLAN IDs on named physical networks that are available for -# allocation. All physical networks listed are available for flat and -# VLAN provider network creation. Specified ranges of VLAN IDs are -# available for tenant network allocation if tenant_network_type is -# 'vlan'. If empty, only gre, vxlan and local networks may be created. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = physnet1:1000:2999 - -# (BoolOpt) Set to True in the server and the agents to enable support -# for GRE or VXLAN networks. Requires kernel support for OVS patch ports and -# GRE or VXLAN tunneling. -# -# WARNING: This option will be deprecated in the Icehouse release, at which -# point setting tunnel_type below will be required to enable -# tunneling. -# -# enable_tunneling = False - -# (StrOpt) The type of tunnel network, if any, supported by the plugin. If -# this is set, it will cause tunneling to be enabled. If this is not set and -# the option enable_tunneling is set, this will default to 'gre'. -# -# tunnel_type = -# Example: tunnel_type = gre -# Example: tunnel_type = vxlan - -# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples -# enumerating ranges of GRE or VXLAN tunnel IDs that are available for -# tenant network allocation if tenant_network_type is 'gre' or 'vxlan'. -# -# tunnel_id_ranges = -# Example: tunnel_id_ranges = 1:1000 - -# Do not change this parameter unless you have a good reason to. -# This is the name of the OVS integration bridge. There is one per hypervisor. -# The integration bridge acts as a virtual "patch bay". All VM VIFs are -# attached to this bridge and then "patched" according to their network -# connectivity. -# -# integration_bridge = br-int - -# Only used for the agent if tunnel_id_ranges (above) is not empty for -# the server. In most cases, the default value should be fine. -# -# tunnel_bridge = br-tun - -# Peer patch port in integration bridge for tunnel bridge -# int_peer_patch_port = patch-tun - -# Peer patch port in tunnel bridge for integration bridge -# tun_peer_patch_port = patch-int - -# Uncomment this line for the agent if tunnel_id_ranges (above) is not -# empty for the server. Set local-ip to be the local IP address of -# this hypervisor. -# -# local_ip = - -# (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples -# mapping physical network names to the agent's node-specific OVS -# bridge names to be used for flat and VLAN networks. The length of -# bridge names should be no more than 11. Each bridge must -# exist, and should have a physical network interface configured as a -# port. All physical networks listed in network_vlan_ranges on the -# server should have mappings to appropriate bridges on each agent. -# -# bridge_mappings = -# Example: bridge_mappings = physnet1:br-eth1 - -# (BoolOpt) Use veths instead of patch ports to interconnect the integration -# bridge to physical networks. Support kernel without ovs patch port support -# so long as it is set to True. -# use_veth_interconnection = False - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 - -# Minimize polling by monitoring ovsdb for interface changes -# minimize_polling = True - -# When minimize_polling = True, the number of seconds to wait before -# respawning the ovsdb monitor after losing communication with it -# ovsdb_monitor_respawn_interval = 30 - -# (ListOpt) The types of tenant network tunnels supported by the agent. -# Setting this will enable tunneling support in the agent. This can be set to -# either 'gre' or 'vxlan'. If this is unset, it will default to [] and -# disable tunneling support in the agent. When running the agent with the OVS -# plugin, this value must be the same as "tunnel_type" in the "[ovs]" section. -# When running the agent with ML2, you can specify as many values here as -# your compute hosts supports. -# -# tunnel_types = -# Example: tunnel_types = gre -# Example: tunnel_types = vxlan -# Example: tunnel_types = vxlan, gre - -# (IntOpt) The port number to utilize if tunnel_types includes 'vxlan'. By -# default, this will make use of the Open vSwitch default value of '4789' if -# not specified. -# -# vxlan_udp_port = -# Example: vxlan_udp_port = 8472 - -# (IntOpt) This is the MTU size of veth interfaces. -# Do not change unless you have a good reason to. -# The default MTU size of veth interfaces is 1500. -# This option has no effect if use_veth_interconnection is False -# veth_mtu = -# Example: veth_mtu = 1504 - -# (BoolOpt) Flag to enable l2-population extension. This option should only be -# used in conjunction with ml2 plugin and l2population mechanism driver. It'll -# enable plugin to populate remote ports macs and IPs (using fdb_add/remove -# RPC calbbacks instead of tunnel_sync/update) on OVS agents in order to -# optimize tunnel management. -# -# l2_population = False - -# Enable local ARP responder. Requires OVS 2.1. This is only used by the l2 -# population ML2 MechanismDriver. -# -# arp_responder = False - -# (BoolOpt) Set or un-set the don't fragment (DF) bit on outgoing IP packet -# carrying GRE/VXLAN tunnel. The default value is True. -# -# dont_fragment = True - -# (BoolOpt) Set to True on L2 agents to enable support -# for distributed virtual routing. -# -# enable_distributed_routing = False - -[securitygroup] -# Firewall driver for realizing neutron security group function. -# firewall_driver = neutron.agent.firewall.NoopFirewallDriver -# Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True - -#----------------------------------------------------------------------------- -# Sample Configurations. -#----------------------------------------------------------------------------- -# -# 1. With VLANs on eth1. -# [ovs] -# network_vlan_ranges = default:2000:3999 -# tunnel_id_ranges = -# integration_bridge = br-int -# bridge_mappings = default:br-eth1 -# -# 2. With GRE tunneling. -# [ovs] -# network_vlan_ranges = -# tunnel_id_ranges = 1:1000 -# integration_bridge = br-int -# tunnel_bridge = br-tun -# local_ip = 10.0.0.3 -# -# 3. With VXLAN tunneling. -# [ovs] -# network_vlan_ranges = -# tenant_network_type = vxlan -# tunnel_type = vxlan -# tunnel_id_ranges = 1:1000 -# integration_bridge = br-int -# tunnel_bridge = br-tun -# local_ip = 10.0.0.3 -# [agent] -# tunnel_types = vxlan diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini deleted file mode 100644 index bfe8062a..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini +++ /dev/null @@ -1,14 +0,0 @@ -# Config file for Neutron PLUMgrid Plugin - -[plumgriddirector] -# This line should be pointing to the PLUMgrid Director, -# for the PLUMgrid platform. -# director_server=<director-ip-address> -# director_server_port=<director-port> -# Authentification parameters for the Director. -# These are the admin credentials to manage and control -# the PLUMgrid Director server. -# username=<director-admin-username> -# password=<director-admin-password> -# servertimeout=5 -# driver=<plugin-driver> diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/vmware/nsx.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/vmware/nsx.ini deleted file mode 100644 index baca73b8..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/vmware/nsx.ini +++ /dev/null @@ -1,200 +0,0 @@ -[DEFAULT] -# User name for NSX controller -# nsx_user = admin - -# Password for NSX controller -# nsx_password = admin - -# Time before aborting a request on an unresponsive controller (Seconds) -# http_timeout = 75 - -# Maximum number of times a particular request should be retried -# retries = 2 - -# Maximum number of times a redirect response should be followed -# redirects = 2 - -# Comma-separated list of NSX controller endpoints (<ip>:<port>). When port -# is omitted, 443 is assumed. This option MUST be specified, e.g.: -# nsx_controllers = xx.yy.zz.ww:443, aa.bb.cc.dd, ee.ff.gg.hh.ee:80 - -# UUID of the pre-existing default NSX Transport zone to be used for creating -# tunneled isolated "Neutron" networks. This option MUST be specified, e.g.: -# default_tz_uuid = 1e8e52cf-fa7f-46b0-a14a-f99835a9cb53 - -# (Optional) UUID for the default l3 gateway service to use with this cluster. -# To be specified if planning to use logical routers with external gateways. -# default_l3_gw_service_uuid = - -# (Optional) UUID for the default l2 gateway service to use with this cluster. -# To be specified for providing a predefined gateway tenant for connecting their networks. -# default_l2_gw_service_uuid = - -# (Optional) UUID for the default service cluster. A service cluster is introduced to -# represent a group of gateways and it is needed in order to use Logical Services like -# dhcp and metadata in the logical space. NOTE: If agent_mode is set to 'agentless' this -# config parameter *MUST BE* set to a valid pre-existent service cluster uuid. -# default_service_cluster_uuid = - -# Name of the default interface name to be used on network-gateway. This value -# will be used for any device associated with a network gateway for which an -# interface name was not specified -# default_interface_name = breth0 - -[quotas] -# number of network gateways allowed per tenant, -1 means unlimited -# quota_network_gateway = 5 - -[vcns] -# URL for VCNS manager -# manager_uri = https://management_ip - -# User name for VCNS manager -# user = admin - -# Password for VCNS manager -# password = default - -# (Optional) Datacenter ID for Edge deployment -# datacenter_moid = - -# (Optional) Deployment Container ID for NSX Edge deployment -# If not specified, either a default global container will be used, or -# the resource pool and datastore specified below will be used -# deployment_container_id = - -# (Optional) Resource pool ID for NSX Edge deployment -# resource_pool_id = - -# (Optional) Datastore ID for NSX Edge deployment -# datastore_id = - -# (Required) UUID of logic switch for physical network connectivity -# external_network = - -# (Optional) Asynchronous task status check interval -# default is 2000 (millisecond) -# task_status_check_interval = 2000 - -[nsx] -# Maximum number of ports for each bridged logical switch -# The recommended value for this parameter varies with NSX version -# Please use: -# NSX 2.x -> 64 -# NSX 3.0, 3.1 -> 5000 -# NSX 3.2 -> 10000 -# max_lp_per_bridged_ls = 5000 - -# Maximum number of ports for each overlay (stt, gre) logical switch -# max_lp_per_overlay_ls = 256 - -# Number of connections to each controller node. -# default is 10 -# concurrent_connections = 10 - -# Number of seconds a generation id should be valid for (default -1 meaning do not time out) -# nsx_gen_timeout = -1 - -# Acceptable values for 'metadata_mode' are: -# - 'access_network': this enables a dedicated connection to the metadata -# proxy for metadata server access via Neutron router. -# - 'dhcp_host_route': this enables host route injection via the dhcp agent. -# This option is only useful if running on a host that does not support -# namespaces otherwise access_network should be used. -# metadata_mode = access_network - -# The default network transport type to use (stt, gre, bridge, ipsec_gre, or ipsec_stt) -# default_transport_type = stt - -# Specifies in which mode the plugin needs to operate in order to provide DHCP and -# metadata proxy services to tenant instances. If 'agent' is chosen (default) -# the NSX plugin relies on external RPC agents (i.e. dhcp and metadata agents) to -# provide such services. In this mode, the plugin supports API extensions 'agent' -# and 'dhcp_agent_scheduler'. If 'agentless' is chosen (experimental in Icehouse), -# the plugin will use NSX logical services for DHCP and metadata proxy. This -# simplifies the deployment model for Neutron, in that the plugin no longer requires -# the RPC agents to operate. When 'agentless' is chosen, the config option metadata_mode -# becomes ineffective. The 'agentless' mode is supported from NSX 4.2 or above. -# Furthermore, a 'combined' mode is also provided and is used to support existing -# deployments that want to adopt the agentless mode going forward. With this mode, -# existing networks keep being served by the existing infrastructure (thus preserving -# backward compatibility, whereas new networks will be served by the new infrastructure. -# Migration tools are provided to 'move' one network from one model to another; with -# agent_mode set to 'combined', option 'network_auto_schedule' in neutron.conf is -# ignored, as new networks will no longer be scheduled to existing dhcp agents. -# agent_mode = agent - -# Specifies which mode packet replication should be done in. If set to service -# a service node is required in order to perform packet replication. This can -# also be set to source if one wants replication to be performed locally (NOTE: -# usually only useful for testing if one does not want to deploy a service node). -# In order to leverage distributed routers, replication_mode should be set to -# "service". -# replication_mode = service - -[nsx_sync] -# Interval in seconds between runs of the status synchronization task. -# The plugin will aim at resynchronizing operational status for all -# resources in this interval, and it should be therefore large enough -# to ensure the task is feasible. Otherwise the plugin will be -# constantly synchronizing resource status, ie: a new task is started -# as soon as the previous is completed. -# If this value is set to 0, the state synchronization thread for this -# Neutron instance will be disabled. -# state_sync_interval = 10 - -# Random additional delay between two runs of the state synchronization task. -# An additional wait time between 0 and max_random_sync_delay seconds -# will be added on top of state_sync_interval. -# max_random_sync_delay = 0 - -# Minimum delay, in seconds, between two status synchronization requests for NSX. -# Depending on chunk size, controller load, and other factors, state -# synchronization requests might be pretty heavy. This means the -# controller might take time to respond, and its load might be quite -# increased by them. This parameter allows to specify a minimum -# interval between two subsequent requests. -# The value for this parameter must never exceed state_sync_interval. -# If this does, an error will be raised at startup. -# min_sync_req_delay = 1 - -# Minimum number of resources to be retrieved from NSX in a single status -# synchronization request. -# The actual size of the chunk will increase if the number of resources is such -# that using the minimum chunk size will cause the interval between two -# requests to be less than min_sync_req_delay -# min_chunk_size = 500 - -# Enable this option to allow punctual state synchronization on show -# operations. In this way, show operations will always fetch the operational -# status of the resource from the NSX backend, and this might have -# a considerable impact on overall performance. -# always_read_status = False - -[nsx_lsn] -# Pull LSN information from NSX in case it is missing from the local -# data store. This is useful to rebuild the local store in case of -# server recovery -# sync_on_missing_data = False - -[nsx_dhcp] -# (Optional) Comma separated list of additional dns servers. Default is an empty list -# extra_domain_name_servers = - -# Domain to use for building the hostnames -# domain_name = openstacklocal - -# Default DHCP lease time -# default_lease_time = 43200 - -[nsx_metadata] -# IP address used by Metadata server -# metadata_server_address = 127.0.0.1 - -# TCP Port used by Metadata server -# metadata_server_port = 8775 - -# When proxying metadata requests, Neutron signs the Instance-ID header with a -# shared secret to prevent spoofing. You may select any string for a secret, -# but it MUST match with the configuration used by the Metadata server -# metadata_shared_secret = diff --git a/install-files/openstack/usr/share/openstack/neutron/policy.json b/install-files/openstack/usr/share/openstack/neutron/policy.json deleted file mode 100644 index e7db4357..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/policy.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "context_is_admin": "role:admin", - "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s", - "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s", - "admin_only": "rule:context_is_admin", - "regular_user": "", - "shared": "field:networks:shared=True", - "shared_firewalls": "field:firewalls:shared=True", - "external": "field:networks:router:external=True", - "default": "rule:admin_or_owner", - - "create_subnet": "rule:admin_or_network_owner", - "get_subnet": "rule:admin_or_owner or rule:shared", - "update_subnet": "rule:admin_or_network_owner", - "delete_subnet": "rule:admin_or_network_owner", - - "create_network": "", - "get_network": "rule:admin_or_owner or rule:shared or rule:external", - "get_network:router:external": "rule:regular_user", - "get_network:segments": "rule:admin_only", - "get_network:provider:network_type": "rule:admin_only", - "get_network:provider:physical_network": "rule:admin_only", - "get_network:provider:segmentation_id": "rule:admin_only", - "get_network:queue_id": "rule:admin_only", - "create_network:shared": "rule:admin_only", - "create_network:router:external": "rule:admin_only", - "create_network:segments": "rule:admin_only", - "create_network:provider:network_type": "rule:admin_only", - "create_network:provider:physical_network": "rule:admin_only", - "create_network:provider:segmentation_id": "rule:admin_only", - "update_network": "rule:admin_or_owner", - "update_network:segments": "rule:admin_only", - "update_network:shared": "rule:admin_only", - "update_network:provider:network_type": "rule:admin_only", - "update_network:provider:physical_network": "rule:admin_only", - "update_network:provider:segmentation_id": "rule:admin_only", - "update_network:router:external": "rule:admin_only", - "delete_network": "rule:admin_or_owner", - - "create_port": "", - "create_port:mac_address": "rule:admin_or_network_owner", - "create_port:fixed_ips": "rule:admin_or_network_owner", - "create_port:port_security_enabled": "rule:admin_or_network_owner", - "create_port:binding:host_id": "rule:admin_only", - "create_port:binding:profile": "rule:admin_only", - "create_port:mac_learning_enabled": "rule:admin_or_network_owner", - "get_port": "rule:admin_or_owner", - "get_port:queue_id": "rule:admin_only", - "get_port:binding:vif_type": "rule:admin_only", - "get_port:binding:vif_details": "rule:admin_only", - "get_port:binding:host_id": "rule:admin_only", - "get_port:binding:profile": "rule:admin_only", - "update_port": "rule:admin_or_owner", - "update_port:fixed_ips": "rule:admin_or_network_owner", - "update_port:port_security_enabled": "rule:admin_or_network_owner", - "update_port:binding:host_id": "rule:admin_only", - "update_port:binding:profile": "rule:admin_only", - "update_port:mac_learning_enabled": "rule:admin_or_network_owner", - "delete_port": "rule:admin_or_owner", - - "get_router:ha": "rule:admin_only", - "create_router": "rule:regular_user", - "create_router:external_gateway_info:enable_snat": "rule:admin_only", - "create_router:distributed": "rule:admin_only", - "create_router:ha": "rule:admin_only", - "get_router": "rule:admin_or_owner", - "get_router:distributed": "rule:admin_only", - "update_router:external_gateway_info:enable_snat": "rule:admin_only", - "update_router:distributed": "rule:admin_only", - "update_router:ha": "rule:admin_only", - "delete_router": "rule:admin_or_owner", - - "add_router_interface": "rule:admin_or_owner", - "remove_router_interface": "rule:admin_or_owner", - - "create_firewall": "", - "get_firewall": "rule:admin_or_owner", - "create_firewall:shared": "rule:admin_only", - "get_firewall:shared": "rule:admin_only", - "update_firewall": "rule:admin_or_owner", - "update_firewall:shared": "rule:admin_only", - "delete_firewall": "rule:admin_or_owner", - - "create_firewall_policy": "", - "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls", - "create_firewall_policy:shared": "rule:admin_or_owner", - "update_firewall_policy": "rule:admin_or_owner", - "delete_firewall_policy": "rule:admin_or_owner", - - "create_firewall_rule": "", - "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls", - "update_firewall_rule": "rule:admin_or_owner", - "delete_firewall_rule": "rule:admin_or_owner", - - "create_qos_queue": "rule:admin_only", - "get_qos_queue": "rule:admin_only", - - "update_agent": "rule:admin_only", - "delete_agent": "rule:admin_only", - "get_agent": "rule:admin_only", - - "create_dhcp-network": "rule:admin_only", - "delete_dhcp-network": "rule:admin_only", - "get_dhcp-networks": "rule:admin_only", - "create_l3-router": "rule:admin_only", - "delete_l3-router": "rule:admin_only", - "get_l3-routers": "rule:admin_only", - "get_dhcp-agents": "rule:admin_only", - "get_l3-agents": "rule:admin_only", - "get_loadbalancer-agent": "rule:admin_only", - "get_loadbalancer-pools": "rule:admin_only", - - "create_floatingip": "rule:regular_user", - "update_floatingip": "rule:admin_or_owner", - "delete_floatingip": "rule:admin_or_owner", - "get_floatingip": "rule:admin_or_owner", - - "create_network_profile": "rule:admin_only", - "update_network_profile": "rule:admin_only", - "delete_network_profile": "rule:admin_only", - "get_network_profiles": "", - "get_network_profile": "", - "update_policy_profiles": "rule:admin_only", - "get_policy_profiles": "", - "get_policy_profile": "", - - "create_metering_label": "rule:admin_only", - "delete_metering_label": "rule:admin_only", - "get_metering_label": "rule:admin_only", - - "create_metering_label_rule": "rule:admin_only", - "delete_metering_label_rule": "rule:admin_only", - "get_metering_label_rule": "rule:admin_only", - - "get_service_provider": "rule:regular_user", - "get_lsn": "rule:admin_only", - "create_lsn": "rule:admin_only" -} diff --git a/install-files/openstack/usr/share/openstack/neutron/vpn_agent.ini b/install-files/openstack/usr/share/openstack/neutron/vpn_agent.ini deleted file mode 100644 index c3089df9..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/vpn_agent.ini +++ /dev/null @@ -1,14 +0,0 @@ -[DEFAULT] -# VPN-Agent configuration file -# Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also - -[vpnagent] -# vpn device drivers which vpn agent will use -# If we want to use multiple drivers, we need to define this option multiple times. -# vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver -# vpn_device_driver=neutron.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver -# vpn_device_driver=another_driver - -[ipsec] -# Status check interval -# ipsec_status_check_interval=60 diff --git a/install-files/openstack/usr/share/openstack/nova/api-paste.ini b/install-files/openstack/usr/share/openstack/nova/api-paste.ini deleted file mode 100644 index 2a825a5b..00000000 --- a/install-files/openstack/usr/share/openstack/nova/api-paste.ini +++ /dev/null @@ -1,118 +0,0 @@ -############ -# Metadata # -############ -[composite:metadata] -use = egg:Paste#urlmap -/: meta - -[pipeline:meta] -pipeline = ec2faultwrap logrequest metaapp - -[app:metaapp] -paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory - -####### -# EC2 # -####### - -[composite:ec2] -use = egg:Paste#urlmap -/services/Cloud: ec2cloud - -[composite:ec2cloud] -use = call:nova.api.auth:pipeline_factory -noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor -keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor - -[filter:ec2faultwrap] -paste.filter_factory = nova.api.ec2:FaultWrapper.factory - -[filter:logrequest] -paste.filter_factory = nova.api.ec2:RequestLogging.factory - -[filter:ec2lockout] -paste.filter_factory = nova.api.ec2:Lockout.factory - -[filter:ec2keystoneauth] -paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory - -[filter:ec2noauth] -paste.filter_factory = nova.api.ec2:NoAuth.factory - -[filter:cloudrequest] -controller = nova.api.ec2.cloud.CloudController -paste.filter_factory = nova.api.ec2:Requestify.factory - -[filter:authorizer] -paste.filter_factory = nova.api.ec2:Authorizer.factory - -[filter:validator] -paste.filter_factory = nova.api.ec2:Validator.factory - -[app:ec2executor] -paste.app_factory = nova.api.ec2:Executor.factory - -############# -# OpenStack # -############# - -[composite:osapi_compute] -use = call:nova.api.openstack.urlmap:urlmap_factory -/: oscomputeversions -/v1.1: openstack_compute_api_v2 -/v2: openstack_compute_api_v2 -/v3: openstack_compute_api_v3 - -[composite:openstack_compute_api_v2] -use = call:nova.api.auth:pipeline_factory -noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2 -keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2 -keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2 - -[composite:openstack_compute_api_v3] -use = call:nova.api.auth:pipeline_factory_v3 -noauth = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3 -keystone = request_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v3 - -[filter:request_id] -paste.filter_factory = nova.openstack.common.middleware.request_id:RequestIdMiddleware.factory - -[filter:compute_req_id] -paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory - -[filter:faultwrap] -paste.filter_factory = nova.api.openstack:FaultWrapper.factory - -[filter:noauth] -paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory - -[filter:noauth_v3] -paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareV3.factory - -[filter:ratelimit] -paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory - -[filter:sizelimit] -paste.filter_factory = nova.api.sizelimit:RequestBodySizeLimiter.factory - -[app:osapi_compute_app_v2] -paste.app_factory = nova.api.openstack.compute:APIRouter.factory - -[app:osapi_compute_app_v3] -paste.app_factory = nova.api.openstack.compute:APIRouterV3.factory - -[pipeline:oscomputeversions] -pipeline = faultwrap oscomputeversionapp - -[app:oscomputeversionapp] -paste.app_factory = nova.api.openstack.compute.versions:Versions.factory - -########## -# Shared # -########## - -[filter:keystonecontext] -paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/install-files/openstack/usr/share/openstack/nova/cells.json b/install-files/openstack/usr/share/openstack/nova/cells.json deleted file mode 100644 index cc74930d..00000000 --- a/install-files/openstack/usr/share/openstack/nova/cells.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parent": { - "name": "parent", - "api_url": "http://api.example.com:8774", - "transport_url": "rabbit://rabbit.example.com", - "weight_offset": 0.0, - "weight_scale": 1.0, - "is_parent": true - }, - "cell1": { - "name": "cell1", - "api_url": "http://api.example.com:8774", - "transport_url": "rabbit://rabbit1.example.com", - "weight_offset": 0.0, - "weight_scale": 1.0, - "is_parent": false - }, - "cell2": { - "name": "cell2", - "api_url": "http://api.example.com:8774", - "transport_url": "rabbit://rabbit2.example.com", - "weight_offset": 0.0, - "weight_scale": 1.0, - "is_parent": false - } -} diff --git a/install-files/openstack/usr/share/openstack/nova/logging.conf b/install-files/openstack/usr/share/openstack/nova/logging.conf deleted file mode 100644 index 5482a040..00000000 --- a/install-files/openstack/usr/share/openstack/nova/logging.conf +++ /dev/null @@ -1,81 +0,0 @@ -[loggers] -keys = root, nova - -[handlers] -keys = stderr, stdout, watchedfile, syslog, null - -[formatters] -keys = context, default - -[logger_root] -level = WARNING -handlers = null - -[logger_nova] -level = INFO -handlers = stderr -qualname = nova - -[logger_amqp] -level = WARNING -handlers = stderr -qualname = amqp - -[logger_amqplib] -level = WARNING -handlers = stderr -qualname = amqplib - -[logger_sqlalchemy] -level = WARNING -handlers = stderr -qualname = sqlalchemy -# "level = INFO" logs SQL queries. -# "level = DEBUG" logs SQL queries and results. -# "level = WARNING" logs neither. (Recommended for production systems.) - -[logger_boto] -level = WARNING -handlers = stderr -qualname = boto - -[logger_suds] -level = INFO -handlers = stderr -qualname = suds - -[logger_eventletwsgi] -level = WARNING -handlers = stderr -qualname = eventlet.wsgi.server - -[handler_stderr] -class = StreamHandler -args = (sys.stderr,) -formatter = context - -[handler_stdout] -class = StreamHandler -args = (sys.stdout,) -formatter = context - -[handler_watchedfile] -class = handlers.WatchedFileHandler -args = ('nova.log',) -formatter = context - -[handler_syslog] -class = handlers.SysLogHandler -args = ('/dev/log', handlers.SysLogHandler.LOG_USER) -formatter = context - -[handler_null] -class = nova.openstack.common.log.NullHandler -formatter = default -args = () - -[formatter_context] -class = nova.openstack.common.log.ContextFormatter - -[formatter_default] -format = %(message)s diff --git a/install-files/openstack/usr/share/openstack/nova/nova.conf b/install-files/openstack/usr/share/openstack/nova/nova.conf index 43343cdd..b49f9522 100644 --- a/install-files/openstack/usr/share/openstack/nova/nova.conf +++ b/install-files/openstack/usr/share/openstack/nova/nova.conf @@ -1,188 +1,68 @@ [DEFAULT] # -# Options defined in oslo.messaging +# From oslo.messaging # -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some -# distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} - -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - -# If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. (string value) +#rpc_zmq_bind_address = * # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker = oslo_messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 +#rpc_zmq_port = 9501 # Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 +#rpc_zmq_contexts = 1 -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> +# Maximum number of ingress messages to locally buffer per topic. Default is +# unlimited. (integer value) +#rpc_zmq_topic_backlog = <None> # Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack +#rpc_zmq_ipc_dir = /var/run/openstack -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=nova +# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match +# "host" option, if running Nova. (string value) +#rpc_zmq_host = localhost -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +# (integer value) +#rpc_cast_timeout = 30 # Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 +#matchmaker_heartbeat_freq = 300 # Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 +#matchmaker_heartbeat_ttl = 600 -# Size of RPC greenthread pool. (integer value) -#rpc_thread_pool_size=64 +# Size of RPC thread pool. (integer value) +#rpc_thread_pool_size = 64 -# Driver or drivers to handle sending notifications. (multi -# valued) -notification_driver=messagingv2 +# Driver or drivers to handle sending notifications. (multi valued) +#notification_driver = # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics -#notification_topics=notifications +#notification_topics = notifications # Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 +#rpc_response_timeout = 60 -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -#transport_url=<None> +# A URL representing the messaging driver to use and its full configuration. If +# not set, we fall back to the rpc_backend option and driver specific +# configuration. (string value) +#transport_url = <None> -# The messaging driver to use, defaults to rabbit. Other -# drivers include qpid and zmq. (string value) -rpc_backend=rabbit +# The messaging driver to use, defaults to rabbit. Other drivers include qpid +# and zmq. (string value) +#rpc_backend = rabbit -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -#control_exchange=openstack +# The default exchange under which topics are scoped. May be overridden by an +# exchange name specified in the transport_url option. (string value) +#control_exchange = openstack # @@ -241,7 +121,10 @@ rpc_backend=rabbit # # IP address of this host (string value) -my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +#my_ip=10.0.0.1 + +# Block storage IP address of this host (string value) +#my_block_storage_ip=$my_ip # Name of this node. This can be an opaque identifier. It is # not necessarily a hostname, FQDN, or IP address. However, @@ -262,7 +145,7 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # notifications, "vm_state" for notifications on VM state # changes, or "vm_and_task_state" for notifications on VM and # task state changes. (string value) -notify_on_state_change=vm_and_task_state +#notify_on_state_change=<None> # If set, send api.fault notifications on caught exceptions in # the API service. (boolean value) @@ -290,7 +173,7 @@ notify_on_state_change=vm_and_task_state # Top-level directory for maintaining nova's state (string # value) -state_path=/var/lib/nova +#state_path=$pybasedir # @@ -325,7 +208,6 @@ state_path=/var/lib/nova #quota_injected_file_content_bytes=10240 # Length of injected file path (integer value) -# Deprecated group/name - [DEFAULT]/quota_injected_file_path_bytes #quota_injected_file_path_length=255 # Number of security groups per project (integer value) @@ -347,11 +229,18 @@ state_path=/var/lib/nova # value) #reservation_expire=86400 -# Count of reservations until usage is refreshed (integer -# value) +# Count of reservations until usage is refreshed. This +# defaults to 0(off) to avoid additional load but it is useful +# to turn on to help keep quota usage up to date and reduce +# the impact of out of sync usage issues. (integer value) #until_refresh=0 -# Number of seconds between subsequent usage refreshes +# Number of seconds between subsequent usage refreshes. This +# defaults to 0(off) to avoid additional load but it is useful +# to turn on to help keep quota usage up to date and reduce +# the impact of out of sync usage issues. Note that quotas are +# not updated on a periodic task, they will update on a new +# reservation if max_age has passed since the last reservation # (integer value) #max_age=0 @@ -376,7 +265,7 @@ state_path=/var/lib/nova #periodic_fuzzy_delay=60 # A list of APIs to enable by default (list value) -enabled_apis=ec2,osapi_compute,metadata +#enabled_apis=ec2,osapi_compute,metadata # A list of APIs with enabled SSL (list value) #enabled_ssl_apis= @@ -420,7 +309,7 @@ enabled_apis=ec2,osapi_compute,metadata #metadata_workers=<None> # Full class name for the Manager for compute (string value) -compute_manager={{ COMPUTE_MANAGER }} +#compute_manager=nova.compute.manager.ComputeManager # Full class name for the Manager for console proxy (string # value) @@ -444,14 +333,6 @@ compute_manager={{ COMPUTE_MANAGER }} # -# Options defined in nova.test -# - -# File name of clean sqlite db (string value) -#sqlite_clean_db=clean.sqlite - - -# # Options defined in nova.utils # @@ -466,11 +347,11 @@ compute_manager={{ COMPUTE_MANAGER }} # Time period to generate instance usages for. Time period # must be hour, day, month or year (string value) -instance_usage_audit_period=hour +#instance_usage_audit_period=month # Path to the rootwrap configuration file to use for running # commands as root (string value) -rootwrap_config=/etc/nova/rootwrap.conf +#rootwrap_config=/etc/nova/rootwrap.conf # Explicitly specify the temporary working directory (string # value) @@ -483,7 +364,7 @@ rootwrap_config=/etc/nova/rootwrap.conf # File name for the paste.deploy config for nova-api (string # value) -api_paste_config=api-paste.ini +#api_paste_config=api-paste.ini # A python format string that is used as the template to # generate log lines. The following values can be formatted @@ -515,6 +396,16 @@ api_paste_config=api-paste.ini # with big service catalogs). (integer value) #max_header_line=16384 +# If False, closes the client socket connection explicitly. +# (boolean value) +#wsgi_keep_alive=true + +# Timeout for client connections' socket operations. If an +# incoming connection is idle for this number of seconds it +# will be closed. A value of '0' means wait forever. (integer +# value) +#client_socket_timeout=900 + # # Options defined in nova.api.auth @@ -525,9 +416,13 @@ api_paste_config=api-paste.ini # v3 api. (boolean value) #api_rate_limit=false -# The strategy to use for auth: noauth or keystone. (string -# value) -auth_strategy=keystone +# The strategy to use for auth: keystone, noauth +# (deprecated), or noauth2. Both noauth and noauth2 are +# designed for testing only, as they do no actual credential +# checking. noauth provides administrative credentials +# regardless of the passed in user, noauth2 only does if +# 'admin' is specified as the username. (string value) +#auth_strategy=keystone # Treat X-Forwarded-For as the canonical remote address. Only # enable this if you have a sanitizing proxy. (boolean value) @@ -561,6 +456,9 @@ auth_strategy=keystone # Time in seconds before ec2 timestamp expires (integer value) #ec2_timestamp_expiry=300 +# Disable SSL certificate verification. (boolean value) +#keystone_ec2_insecure=false + # # Options defined in nova.api.ec2.cloud @@ -581,7 +479,7 @@ auth_strategy=keystone # The path prefix used to call the ec2 API server (string # value) -#ec2_path=/services/Cloud +#ec2_path=/ # List of region=fqdn pairs separated by commas (list value) #region_list= @@ -600,6 +498,19 @@ auth_strategy=keystone # +# Options defined in nova.api.metadata.handler +# + +# Time in seconds to cache metadata; 0 to disable metadata +# caching entirely (not recommended). Increasingthis should +# improve response times of the metadata API when under heavy +# load. Higher values may increase memoryusage and result in +# longer times for host metadata changes to take effect. +# (integer value) +#metadata_cache_expiration=15 + + +# # Options defined in nova.api.metadata.vendordata_json # @@ -640,7 +551,7 @@ auth_strategy=keystone # osapi_compute_extension option with # nova.api.openstack.compute.contrib.select_extensions (list # value) -osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions +#osapi_compute_ext_list= # @@ -666,6 +577,10 @@ osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # value) #neutron_default_tenant_id=default +# Number of private networks allowed per project (integer +# value) +#quota_networks=3 + # # Options defined in nova.api.openstack.compute.extensions @@ -696,15 +611,6 @@ osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # -# Options defined in nova.api.sizelimit -# - -# The maximum body size per each osapi request(bytes) (integer -# value) -#osapi_max_request_body_size=114688 - - -# # Options defined in nova.cert.rpcapi # @@ -807,7 +713,7 @@ osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # hostnames. To restore legacy behavior of every instance # having the same name, set this option to "%(name)s". Valid # keys for the template are: name, uuid, count. (string value) -#multi_instance_display_name_template=%(name)s-%(uuid)s +#multi_instance_display_name_template=%(name)s-%(count)d # Maximum number of devices that will result in a local image # being created on the hypervisor node. Setting this to 0 @@ -847,7 +753,7 @@ osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # Generate periodic compute.instance.exists notifications # (boolean value) -instance_usage_audit=True +#instance_usage_audit=false # Number of 1 second retries needed in live_migration (integer # value) @@ -861,6 +767,10 @@ instance_usage_audit=True # (integer value) #network_allocate_retries=0 +# Maximum number of instance builds to run concurrently +# (integer value) +#max_concurrent_builds=10 + # Number of times to retry block device allocation on failures # (integer value) #block_device_allocate_retries=60 @@ -871,17 +781,15 @@ instance_usage_audit=True # Interval to pull network bandwidth usage info. Not supported # on all hypervisors. Set to -1 to disable. Setting this to 0 -# will disable, but this will change in the K release to mean -# "run at the default rate". (integer value) +# will run at the default rate. (integer value) #bandwidth_poll_interval=600 # Interval to sync power states between the database and the -# hypervisor. Set to -1 to disable. Setting this to 0 will -# disable, but this will change in Juno to mean "run at the -# default rate". (integer value) +# hypervisor. Set to -1 to disable. Setting this to 0 will run +# at the default rate. (integer value) #sync_power_state_interval=600 -# Number of seconds between instance info_cache self healing +# Number of seconds between instance network information cache # updates (integer value) #heal_instance_info_cache_interval=60 @@ -894,9 +802,8 @@ instance_usage_audit=True #volume_usage_poll_interval=0 # Interval in seconds for polling shelved instances to -# offload. Set to -1 to disable.Setting this to 0 will -# disable, but this will change in Juno to mean "run at the -# default rate". (integer value) +# offload. Set to -1 to disable.Setting this to 0 will run at +# the default rate. (integer value) #shelved_poll_interval=3600 # Time in seconds before a shelved instance is eligible for @@ -905,16 +812,24 @@ instance_usage_audit=True #shelved_offload_time=0 # Interval in seconds for retrying failed instance file -# deletes (integer value) +# deletes. Set to -1 to disable. Setting this to 0 will run at +# the default rate. (integer value) #instance_delete_interval=300 # Waiting time interval (seconds) between block device # allocation retries on failures (integer value) #block_device_allocate_retries_interval=3 -# Action to take if a running deleted instance is -# detected.Valid options are 'noop', 'log', 'shutdown', or -# 'reap'. Set to 'noop' to take no action. (string value) +# Waiting time interval (seconds) between sending the +# scheduler a list of current instance UUIDs to verify that +# its view of instances is in sync with nova. If the CONF +# option `scheduler_tracks_instance_changes` is False, +# changing this option will have no effect. (integer value) +#scheduler_instance_sync_interval=120 + +# Action to take if a running deleted instance is detected. +# Valid options are 'noop', 'log', 'shutdown', or 'reap'. Set +# to 'noop' to take no action. (string value) #running_deleted_instance_action=reap # Number of seconds to wait between runs of the cleanup task. @@ -932,7 +847,8 @@ instance_usage_audit=True #reboot_timeout=0 # Amount of time in seconds an instance can be in BUILD before -# going into ERROR status.Set to 0 to disable. (integer value) +# going into ERROR status. Set to 0 to disable. (integer +# value) #instance_build_timeout=0 # Automatically unrescue an instance after N seconds. Set to 0 @@ -970,7 +886,7 @@ instance_usage_audit=True # Amount of memory in MB to reserve for the host (integer # value) -reserved_host_memory_mb={{ RESERVED_HOST_MEMORY_MB }} +#reserved_host_memory_mb=512 # Class that will manage stats for the local compute host # (string value) @@ -1021,18 +937,6 @@ reserved_host_memory_mb={{ RESERVED_HOST_MEMORY_MB }} # -# Options defined in nova.console.vmrc -# - -# DEPRECATED. Port for VMware VMRC connections (integer value) -#console_vmrc_port=443 - -# DEPRECATED. Number of retries for retrieving VMRC -# information (integer value) -#console_vmrc_error_retries=10 - - -# # Options defined in nova.console.xvp # @@ -1078,11 +982,11 @@ reserved_host_memory_mb={{ RESERVED_HOST_MEMORY_MB }} # Template string to be used to generate instance names # (string value) -instance_name_template=instance-%08x +#instance_name_template=instance-%08x # Template string to be used to generate snapshot names # (string value) -snapshot_name_template=snapshot-%s +#snapshot_name_template=snapshot-%s # @@ -1146,7 +1050,7 @@ snapshot_name_template=snapshot-%s # The full class name of the network API class to use (string # value) -network_api_class=nova.network.neutronv2.api.API +#network_api_class=nova.network.api.API # @@ -1251,7 +1155,7 @@ network_api_class=nova.network.neutronv2.api.API # servers. (boolean value) #use_network_dns_servers=false -# A list of dmz range that should be accepted (list value) +# A list of dmz ranges that should be accepted (list value) #dmz_cidr= # Traffic to this range will always be snatted to the fallback @@ -1264,7 +1168,7 @@ network_api_class=nova.network.neutronv2.api.API #dnsmasq_config_file= # Driver used to create ethernet devices. (string value) -linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver +#linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver # Name of Open vSwitch bridge used with linuxnet (string # value) @@ -1291,12 +1195,12 @@ linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver # The port for the metadata API port (integer value) #metadata_port=8775 -# Regular expression to match iptables rule that should always -# be on the top. (string value) +# Regular expression to match the iptables rule that should +# always be on the top. (string value) #iptables_top_regex= -# Regular expression to match iptables rule that should always -# be on the bottom. (string value) +# Regular expression to match the iptables rule that should +# always be on the bottom. (string value) #iptables_bottom_regex= # The table that iptables to jump to when a packet is to be @@ -1312,6 +1216,14 @@ linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver # value) #fake_network=false +# Number of times to retry ebtables commands on failure. +# (integer value) +#ebtables_exec_attempts=3 + +# Number of seconds to wait between ebtables retries. +# (floating point value) +#ebtables_retry_interval=1.0 + # # Options defined in nova.network.manager @@ -1416,7 +1328,7 @@ linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver # # The full class name of the security API class (string value) -security_group_api=neutron +#security_group_api=nova # @@ -1450,156 +1362,91 @@ security_group_api=neutron # -# Options defined in nova.openstack.common.eventlet_backdoor +# From oslo.log # -# Enable eventlet backdoor. Acceptable values are 0, <port>, -# and <start>:<end>, where 0 results in listening on a random -# tcp port number; <port> results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port=<None> - - -# -# Options defined in nova.openstack.common.lockutils -# - -# Enables or disables inter-process locks. (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. (string value) -lock_path=/var/lock/nova - - -# -# Options defined in nova.openstack.common.log -# - -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " +# Print debugging output (set logging level to DEBUG instead of default WARNING +# level). (boolean value) +#debug = false -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " +# Print more verbose output (set logging level to INFO instead of default +# WARNING level). (boolean value) +#verbose = false -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. (string value) +# The name of a logging configuration file. This file is appended to any +# existing logging configuration files. For details about logging configuration +# files, see the Python logging module documentation. (string value) # Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> +#log_config_append = <None> -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format=<None> +# DEPRECATED. A logging.Formatter log message format string which may use any +# of the available logging.LogRecord attributes. This option is deprecated. +# Please use logging_context_format_string and logging_default_format_string +# instead. (string value) +#log_format = <None> -# Format string for %%(asctime)s in log records. Default: -# %(default)s . (string value) -#log_date_format=%Y-%m-%d %H:%M:%S +# Format string for %%(asctime)s in log records. Default: %(default)s . (string +# value) +#log_date_format = %Y-%m-%d %H:%M:%S -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) +# (Optional) Name of log file to output to. If no default is set, logging will +# go to stdout. (string value) # Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> +#log_file = <None> -# (Optional) The base directory used for relative --log-file -# paths. (string value) +# (Optional) The base directory used for relative --log-file paths. (string +# value) # Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> +#log_dir = <None> -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and will change in J to honor RFC5424. (boolean -# value) -use_syslog=True +# Use syslog for logging. Existing syslog format is DEPRECATED during I, and +# will change in J to honor RFC5424. (boolean value) +#use_syslog = false -# (Optional) Enables or disables syslog rfc5424 format for -# logging. If enabled, prefixes the MSG part of the syslog -# message with APP-NAME (RFC5424). The format without the APP- -# NAME is deprecated in I, and will be removed in J. (boolean -# value) -#use_syslog_rfc_format=false +# (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, +# prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The +# format without the APP-NAME is deprecated in I, and will be removed in J. +# (boolean value) +#use_syslog_rfc_format = false # Syslog facility to receive log lines. (string value) -#syslog_log_facility=LOG_USER +#syslog_log_facility = LOG_USER +# Log output to standard error. (boolean value) +#use_stderr = true -# -# Options defined in nova.openstack.common.memorycache -# +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s -# Memcached servers or None for in process cache. (list value) -#memcached_servers=<None> +# Format string to use for log messages without context. (string value) +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d -# -# Options defined in nova.openstack.common.periodic_task -# +# Prefix each line of exception output with this format. (string value) +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s -# Some periodic tasks can be run in a separate process. Should -# we run them here? (boolean value) -#run_external_periodic_tasks=true +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN +# Enables or disables publication of error events. (boolean value) +#publish_errors = false -# -# Options defined in nova.openstack.common.policy -# +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false -# The JSON file that defines policies. (string value) -#policy_file=policy.json +# The format for an instance that is passed with the log message. (string +# value) +#instance_format = "[instance: %(uuid)s] " -# Default rule. Enforced when a requested rule is not found. -# (string value) -#policy_default_rule=default +# The format for an instance UUID that is passed with the log message. (string +# value) +#instance_uuid_format = "[instance: %(uuid)s] " # -# Options defined in nova.pci.pci_request +# Options defined in nova.pci.request # # An alias for a PCI passthrough device requirement. This @@ -1613,7 +1460,7 @@ use_syslog=True # -# Options defined in nova.pci.pci_whitelist +# Options defined in nova.pci.whitelist # # White list of PCI devices available to VMs. For example: @@ -1627,7 +1474,7 @@ use_syslog=True # # The scheduler host manager class to use (string value) -scheduler_host_manager={{ SCHEDULER_HOST_MANAGER }} +#scheduler_host_manager=nova.scheduler.host_manager.HostManager # @@ -1719,7 +1566,7 @@ scheduler_host_manager={{ SCHEDULER_HOST_MANAGER }} # for RamFilter. For AggregateRamFilter, it will fall back to # this configuration value if no per-aggregate setting found. # (floating point value) -ram_allocation_ratio={{ RAM_ALLOCATION_RATIO }} +#ram_allocation_ratio=1.5 # @@ -1728,18 +1575,22 @@ ram_allocation_ratio={{ RAM_ALLOCATION_RATIO }} # Filter classes available to the scheduler which may be # specified more than once. An entry of -# "nova.scheduler.filters.standard_filters" maps to all -# filters included with nova. (multi valued) +# "nova.scheduler.filters.all_filters" maps to all filters +# included with nova. (multi valued) #scheduler_available_filters=nova.scheduler.filters.all_filters # Which filter class names to use for filtering hosts when not # specified in the request. (list value) -scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter +#scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter # Which weight class names to use for weighing hosts (list # value) #scheduler_weight_classes=nova.scheduler.weights.all_weighers +# Determines if the Scheduler tracks changes to instances to +# help with its filtering decisions. (boolean value) +#scheduler_tracks_instance_changes=true + # # Options defined in nova.scheduler.ironic_host_manager @@ -1759,7 +1610,7 @@ scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFi # # Default driver to use for the scheduler (string value) -scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler +#scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # How often (in seconds) to run periodic tasks in the # scheduler driver of your choice. Please note this is likely @@ -1796,6 +1647,16 @@ scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # +# Options defined in nova.scheduler.weights.io_ops +# + +# Multiplier used for weighing host io ops. Negative numbers +# mean a preference to choose light workload compute hosts. +# (floating point value) +#io_ops_weight_multiplier=-1.0 + + +# # Options defined in nova.scheduler.weights.ram # @@ -1821,12 +1682,9 @@ scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # (string value) #config_drive_format=iso9660 -# DEPRECATED (not needed any more): Where to put temporary -# files associated with config drive creation (string value) -#config_drive_tempdir=<None> - -# Set to force injection to take place on a config drive (if -# set, valid options are: always) (string value) +# Set to "always" to force injection to take place on a config +# drive. NOTE: The "always" will be deprecated in the Liberty +# release cycle. (string value) #force_config_drive=<None> # Name and optionally path of the tool used for ISO image @@ -1867,7 +1725,7 @@ scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # include: libvirt.LibvirtDriver, xenapi.XenAPIDriver, # fake.FakeDriver, baremetal.BareMetalDriver, # vmwareapi.VMwareVCDriver, hyperv.HyperVDriver (string value) -compute_driver={{ COMPUTE_DRIVER }} +#compute_driver=<None> # The default format an ephemeral_volume will be formatted # with on creation. (string value) @@ -1898,7 +1756,7 @@ compute_driver={{ COMPUTE_DRIVER }} # Firewall driver (defaults to hypervisor specific iptables # driver) (string value) -firewall_driver=nova.virt.firewall.NoopFirewallDriver +#firewall_driver=<None> # Whether to allow network traffic from same network (boolean # value) @@ -1919,9 +1777,8 @@ firewall_driver=nova.virt.firewall.NoopFirewallDriver # # Number of seconds to wait between runs of the image cache -# manager. Set to -1 to disable. Setting this to 0 will -# disable, but this will change in the K release to mean "run -# at the default rate". (integer value) +# manager. Set to -1 to disable. Setting this to 0 will run at +# the default rate. (integer value) #image_cache_manager_interval=2400 # Where cached images are stored under $instances_path. This @@ -1959,7 +1816,7 @@ firewall_driver=nova.virt.firewall.NoopFirewallDriver # Location of VNC console proxy, in the form # "http://127.0.0.1:6080/vnc_auto.html" (string value) -novncproxy_base_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6080/vnc_auto.html +#novncproxy_base_url=http://127.0.0.1:6080/vnc_auto.html # Location of nova xvp VNC console proxy, in the form # "http://127.0.0.1:6081/console" (string value) @@ -1967,17 +1824,17 @@ novncproxy_base_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6080/vnc_auto.h # IP address on which instance vncservers should listen # (string value) -vncserver_listen=0.0.0.0 +#vncserver_listen=127.0.0.1 # The address to which proxy clients (like nova-xvpvncproxy) # should connect (string value) -vncserver_proxyclient_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +#vncserver_proxyclient_address=127.0.0.1 # Enable VNC related features (boolean value) -vnc_enabled=true +#vnc_enabled=true # Keymap for VNC (string value) -vnc_keymap=en-us +#vnc_keymap=en-us # @@ -2000,169 +1857,140 @@ vnc_keymap=en-us #volume_api_class=nova.volume.cinder.API -[baremetal] - # -# Options defined in nova.virt.baremetal.db.api +# Options defined in nova.openstack.common.eventlet_backdoor # -# The backend to use for bare-metal database (string value) -#db_backend=sqlalchemy +# Enable eventlet backdoor. Acceptable values are 0, <port>, +# and <start>:<end>, where 0 results in listening on a random +# tcp port number; <port> results in listening on the +# specified port number (and not enabling backdoor if that +# port is in use); and <start>:<end> results in listening on +# the smallest unused port number within the specified range +# of port numbers. The chosen port is displayed in the +# service's log file. (string value) +#backdoor_port=<None> # -# Options defined in nova.virt.baremetal.db.sqlalchemy.session +# Options defined in nova.openstack.common.memorycache # -# The SQLAlchemy connection string used to connect to the -# bare-metal database (string value) -#sql_connection=sqlite:///$state_path/baremetal_nova.sqlite +# Memcached servers or None for in process cache. (list value) +#memcached_servers=<None> # -# Options defined in nova.virt.baremetal.driver +# Options defined in nova.openstack.common.periodic_task # -# Baremetal VIF driver. (string value) -#vif_driver=nova.virt.baremetal.vif_driver.BareMetalVIFDriver - -# Baremetal volume driver. (string value) -#volume_driver=nova.virt.baremetal.volume_driver.LibvirtVolumeDriver - -# A list of additional capabilities corresponding to -# flavor_extra_specs for this compute host to advertise. Valid -# entries are name=value, pairs For example, "key1:val1, -# key2:val2" (list value) -#flavor_extra_specs= - -# Baremetal driver back-end (pxe or tilera) (string value) -#driver=nova.virt.baremetal.pxe.PXE - -# Baremetal power management method (string value) -#power_manager=nova.virt.baremetal.ipmi.IPMI - -# Baremetal compute node's tftp root path (string value) -#tftp_root=/tftpboot +# Some periodic tasks can be run in a separate process. Should +# we run them here? (boolean value) +#run_external_periodic_tasks=true # -# Options defined in nova.virt.baremetal.ipmi +# Options defined in nova.openstack.common.policy # -# Path to baremetal terminal program (string value) -#terminal=shellinaboxd - -# Path to baremetal terminal SSL cert(PEM) (string value) -#terminal_cert_dir=<None> +# The JSON file that defines policies. (string value) +#policy_file=policy.json -# Path to directory stores pidfiles of baremetal_terminal +# Default rule. Enforced when a requested rule is not found. # (string value) -#terminal_pid_dir=$state_path/baremetal/console +#policy_default_rule=default -# Maximal number of retries for IPMI operations (integer -# value) -#ipmi_power_retry=10 +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. The +# file defined by policy_file must exist for these directories +# to be searched. Missing or empty directories are ignored. +# (multi valued) +#policy_dirs=policy.d # -# Options defined in nova.virt.baremetal.pxe +# Options defined in nova.openstack.common.versionutils # -# Default kernel image ID used in deployment phase (string +# Enables or disables fatal status of deprecations. (boolean # value) -#deploy_kernel=<None> +#fatal_deprecations=false -# Default ramdisk image ID used in deployment phase (string -# value) -#deploy_ramdisk=<None> -# Template file for injected network config (string value) -#net_config_template=$pybasedir/nova/virt/baremetal/net-dhcp.ubuntu.template +[api_database] -# Additional append parameters for baremetal PXE boot (string -# value) -#pxe_append_params=nofb nomodeset vga=normal +# +# Options defined in nova.db.sqlalchemy.api +# -# Template file for PXE configuration (string value) -#pxe_config_template=$pybasedir/nova/virt/baremetal/pxe_config.template +# The SQLAlchemy connection string to use to connect to the +# Nova API database. (string value) +#connection=<None> -# If True, enable file injection for network info, files and -# admin password (boolean value) -#use_file_injection=false +# If True, SQLite uses synchronous mode. (boolean value) +#sqlite_synchronous=true -# Timeout for PXE deployments. Default: 0 (unlimited) (integer +# Timeout before idle SQL connections are reaped. (integer # value) -#pxe_deploy_timeout=0 - -# If set, pass the network configuration details to the -# initramfs via cmdline. (boolean value) -#pxe_network_config=false - -# This gets passed to Neutron as the bootfile dhcp parameter. -# (string value) -#pxe_bootfile_name=pxelinux.0 +#idle_timeout=3600 +# Maximum number of SQL connections to keep open in a pool. +# (integer value) +#max_pool_size=<None> -# -# Options defined in nova.virt.baremetal.tilera_pdu -# +# Maximum number of database connection retries during +# startup. Set to -1 to specify an infinite retry count. +# (integer value) +#max_retries=10 -# IP address of tilera pdu (string value) -#tile_pdu_ip=10.0.100.1 +# Interval between retries of opening a SQL connection. +# (integer value) +#retry_interval=10 -# Management script for tilera pdu (string value) -#tile_pdu_mgr=/tftpboot/pdu_mgr +# If set, use this value for max_overflow with SQLAlchemy. +# (integer value) +#max_overflow=<None> -# Power status of tilera PDU is OFF (integer value) -#tile_pdu_off=2 +# Verbosity of SQL debugging information: 0=None, +# 100=Everything. (integer value) +#connection_debug=0 -# Power status of tilera PDU is ON (integer value) -#tile_pdu_on=1 +# Add Python stack traces to SQL as comment strings. (boolean +# value) +#connection_trace=false -# Power status of tilera PDU (integer value) -#tile_pdu_status=9 +# If set, use this value for pool_timeout with SQLAlchemy. +# (integer value) +#pool_timeout=<None> -# Wait time in seconds until check the result after tilera -# power operations (integer value) -#tile_power_wait=9 +[barbican] # -# Options defined in nova.virt.baremetal.virtual_power_driver +# Options defined in nova.keymgr.barbican # -# IP or name to virtual power host (string value) -#virtual_power_ssh_host= - -# Port to use for ssh to virtual power host (integer value) -#virtual_power_ssh_port=22 - -# Base command to use for virtual power(vbox, virsh) (string -# value) -#virtual_power_type=virsh - -# User to execute virtual power commands as (string value) -#virtual_power_host_user= +# Info to match when looking for barbican in the service +# catalog. Format is: separated values of the form: +# <service_type>:<service_name>:<endpoint_type> (string value) +#catalog_info=key-manager:barbican:public -# Password for virtual power host_user (string value) -#virtual_power_host_pass= +# Override service catalog lookup with template for barbican +# endpoint e.g. http://localhost:9311/v1/%(project_id)s +# (string value) +#endpoint_template=<None> -# The ssh key for virtual power host_user (string value) -#virtual_power_host_key=<None> +# Region name of this node (string value) +#os_region_name=<None> # -# Options defined in nova.virt.baremetal.volume_driver +# Options defined in nova.volume.cinder # -# Do not set this out of dev/test environments. If a node does -# not have a fixed PXE IP address, volumes are exported with -# globally opened ACL (boolean value) -#use_unsafe_iscsi=false - -# The iSCSI IQN prefix used in baremetal volume connections. -# (string value) -#iscsi_iqn_prefix=iqn.2010-10.org.openstack.baremetal +# Region name of this node (string value) +#os_region_name=<None> [cells] @@ -2321,41 +2149,19 @@ vnc_keymap=en-us # Info to match when looking for cinder in the service # catalog. Format is: separated values of the form: # <service_type>:<service_name>:<endpoint_type> (string value) -# Deprecated group/name - [DEFAULT]/cinder_catalog_info -#catalog_info=volume:cinder:publicURL +#catalog_info=volumev2:cinderv2:publicURL # Override service catalog lookup with template for cinder # endpoint e.g. http://localhost:8776/v1/%(project_id)s # (string value) -# Deprecated group/name - [DEFAULT]/cinder_endpoint_template #endpoint_template=<None> -# Region name of this node (string value) -# Deprecated group/name - [DEFAULT]/os_region_name -#os_region_name=<None> - -# Location of ca certificates file to use for cinder client -# requests. (string value) -# Deprecated group/name - [DEFAULT]/cinder_ca_certificates_file -#ca_certificates_file=<None> - # Number of cinderclient retries on failed http calls (integer # value) -# Deprecated group/name - [DEFAULT]/cinder_http_retries #http_retries=3 -# HTTP inactivity timeout (in seconds) (integer value) -# Deprecated group/name - [DEFAULT]/cinder_http_timeout -#http_timeout=<None> - -# Allow to perform insecure SSL requests to cinder (boolean -# value) -# Deprecated group/name - [DEFAULT]/cinder_api_insecure -#api_insecure=false - # Allow attach between instance and volume in different # availability zones. (boolean value) -# Deprecated group/name - [DEFAULT]/cinder_cross_az_attach #cross_az_attach=true @@ -2366,7 +2172,7 @@ vnc_keymap=en-us # # Perform nova-conductor operations locally (boolean value) -use_local=true +#use_local=false # The topic on which conductor nodes listen (string value) #topic=conductor @@ -2380,6 +2186,122 @@ use_local=true #workers=<None> +[database] + +# +# From oslo.db +# + +# The file name to use with SQLite. (string value) +# Deprecated group/name - [DEFAULT]/sqlite_db +#sqlite_db = oslo.sqlite + +# If True, SQLite uses synchronous mode. (boolean value) +# Deprecated group/name - [DEFAULT]/sqlite_synchronous +#sqlite_synchronous = true + +# The back end to use for the database. (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend = sqlalchemy + +# The SQLAlchemy connection string to use to connect to the database. (string +# value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +#connection = <None> + +# The SQLAlchemy connection string to use to connect to the slave database. +# (string value) +#slave_connection = <None> + +# The SQL mode to be used for MySQL sessions. This option, including the +# default, overrides any server-set SQL mode. To use whatever SQL mode is set +# by the server configuration, set this to no value. Example: mysql_sql_mode= +# (string value) +#mysql_sql_mode = TRADITIONAL + +# Timeout before idle SQL connections are reaped. (integer value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout = 3600 + +# Minimum number of SQL connections to keep open in a pool. (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size = <None> + +# Maximum number of database connection retries during startup. Set to -1 to +# specify an infinite retry count. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries = 10 + +# Interval between retries of opening a SQL connection. (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval = 10 + +# If set, use this value for max_overflow with SQLAlchemy. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow = <None> + +# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug = 0 + +# Add Python stack traces to SQL as comment strings. (boolean value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace = false + +# If set, use this value for pool_timeout with SQLAlchemy. (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout = <None> + +# Enable the experimental use of database reconnect on connection lost. +# (boolean value) +#use_db_reconnect = false + +# Seconds between retries of a database transaction. (integer value) +#db_retry_interval = 1 + +# If True, increases the interval between retries of a database operation up to +# db_max_retry_interval. (boolean value) +#db_inc_retry_interval = true + +# If db_inc_retry_interval is set, the maximum seconds between retries of a +# database operation. (integer value) +#db_max_retry_interval = 10 + +# Maximum retries in case of connection error or deadlock error before error is +# raised. Set to -1 to specify an infinite retry count. (integer value) +#db_max_retries = 20 + + +# +# Options defined in nova.db.sqlalchemy.api +# + +# The SQLAlchemy connection string to use to connect to the +# slave database. (string value) +#slave_connection=<None> + +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode=TRADITIONAL + + [ephemeral_storage_encryption] # @@ -2408,32 +2330,26 @@ use_local=true # # Default glance hostname or IP address (string value) -# Deprecated group/name - [DEFAULT]/glance_host -host={{ CONTROLLER_HOST_ADDRESS }} +#host=$my_ip # Default glance port (integer value) -# Deprecated group/name - [DEFAULT]/glance_port -port=9292 +#port=9292 # Default protocol to use when connecting to glance. Set to # https for SSL. (string value) -# Deprecated group/name - [DEFAULT]/glance_protocol -protocol=http +#protocol=http # A list of the glance api servers available to nova. Prefix # with https:// for ssl-based glance api servers. # ([hostname|ip]:port) (list value) -# Deprecated group/name - [DEFAULT]/glance_api_servers -api_servers=$host:$port +#api_servers=<None> # Allow to perform insecure SSL (https) requests to glance # (boolean value) -# Deprecated group/name - [DEFAULT]/glance_api_insecure #api_insecure=false -# Number of retries when downloading an image from glance -# (integer value) -# Deprecated group/name - [DEFAULT]/glance_num_retries +# Number of retries when uploading / downloading an image to / +# from glance. (integer value) #num_retries=0 # A list of url scheme that can be downloaded directly via the @@ -2442,6 +2358,16 @@ api_servers=$host:$port #allowed_direct_url_schemes= +[guestfs] + +# +# Options defined in nova.virt.disk.vfs.guestfs +# + +# Enable guestfs debug (boolean value) +#debug=false + + [hyperv] # @@ -2559,27 +2485,28 @@ api_servers=$host:$port #api_version=1 # URL for Ironic API endpoint. (string value) -api_endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:6385/v1 +#api_endpoint=<None> # Ironic keystone admin name (string value) -admin_username={{ IRONIC_SERVICE_USER }} +#admin_username=<None> # Ironic keystone admin password. (string value) -admin_password={{ IRONIC_SERVICE_PASSWORD }} +#admin_password=<None> # Ironic keystone auth token. (string value) #admin_auth_token=<None> # Keystone public API endpoint. (string value) -admin_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 +#admin_url=<None> # Log level override for ironicclient. Set this in order to # override the global "default_log_levels", "verbose", and -# "debug" settings. (string value) +# "debug" settings. DEPRECATED: use standard logging +# configuration. (string value) #client_log_level=<None> # Ironic keystone tenant name. (string value) -admin_tenant_name=service +#admin_tenant_name=<None> # How many retries when a request does conflict. (integer # value) @@ -2613,182 +2540,161 @@ admin_tenant_name=service [keystone_authtoken] # -# Options defined in keystonemiddleware.auth_token +# From keystonemiddleware.auth_token # -# Prefix to prepend at the beginning of the path. Deprecated, -# use identity_uri. (string value) -#auth_admin_prefix= - -# Host providing the admin Identity API endpoint. Deprecated, -# use identity_uri. (string value) -#auth_host=127.0.0.1 - -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -auth_port=35357 - -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -auth_protocol=http +# Complete public Identity API endpoint. (string value) +#auth_uri = <None> -# Complete public Identity API endpoint (string value) -auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +# API version of the admin Identity API endpoint. (string value) +#auth_version = <None> -# Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint e.g. https://localhost:35357/ -# (string value) -identity_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +# Do not handle authorization requests within the middleware, but delegate the +# authorization decision to downstream WSGI components. (boolean value) +#delay_auth_decision = false -# API version of the admin Identity API endpoint (string +# Request timeout value for communicating with Identity API server. (integer # value) -auth_version=v2.0 - -# Do not handle authorization requests within the middleware, -# but delegate the authorization decision to downstream WSGI -# components (boolean value) -#delay_auth_decision=false - -# Request timeout value for communicating with Identity API -# server. (boolean value) -#http_connect_timeout=<None> - -# How many times are we trying to reconnect when communicating -# with Identity API Server. (integer value) -#http_request_max_retries=3 +#http_connect_timeout = <None> -# This option is deprecated and may be removed in a future -# release. Single shared secret with the Keystone -# configuration used for bootstrapping a Keystone -# installation, or otherwise bypassing the normal -# authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token=<None> +# How many times are we trying to reconnect when communicating with Identity +# API Server. (integer value) +#http_request_max_retries = 3 -# Keystone account username (string value) -admin_user={{ NOVA_SERVICE_USER }} +# Env key for the swift cache. (string value) +#cache = <None> -# Keystone account password (string value) -admin_password={{ NOVA_SERVICE_PASSWORD }} +# Required if identity server requires client certificate (string value) +#certfile = <None> -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name=service - -# Env key for the swift cache (string value) -#cache=<None> +# Required if identity server requires client certificate (string value) +#keyfile = <None> -# Required if Keystone server requires client certificate -# (string value) -#certfile=<None> - -# Required if Keystone server requires client certificate -# (string value) -#keyfile=<None> - -# A PEM encoded Certificate Authority to use when verifying -# HTTPs connections. Defaults to system CAs. (string value) -#cafile=<None> +# A PEM encoded Certificate Authority to use when verifying HTTPs connections. +# Defaults to system CAs. (string value) +#cafile = <None> # Verify HTTPS connections. (boolean value) -#insecure=false +#insecure = false -# Directory used to cache files related to PKI tokens (string -# value) -#signing_dir=<None> +# Directory used to cache files related to PKI tokens. (string value) +#signing_dir = <None> -# Optionally specify a list of memcached server(s) to use for -# caching. If left undefined, tokens will instead be cached -# in-process. (list value) +# Optionally specify a list of memcached server(s) to use for caching. If left +# undefined, tokens will instead be cached in-process. (list value) # Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers=<None> +#memcached_servers = <None> -# In order to prevent excessive effort spent validating -# tokens, the middleware caches previously-seen tokens for a -# configurable duration (in seconds). Set to -1 to disable -# caching completely. (integer value) -#token_cache_time=300 +# In order to prevent excessive effort spent validating tokens, the middleware +# caches previously-seen tokens for a configurable duration (in seconds). Set +# to -1 to disable caching completely. (integer value) +#token_cache_time = 300 -# Determines the frequency at which the list of revoked tokens -# is retrieved from the Identity service (in seconds). A high -# number of revocation events combined with a low cache -# duration may significantly reduce performance. (integer -# value) -#revocation_cache_time=10 +# Determines the frequency at which the list of revoked tokens is retrieved +# from the Identity service (in seconds). A high number of revocation events +# combined with a low cache duration may significantly reduce performance. +# (integer value) +#revocation_cache_time = 10 -# (optional) if defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable -# values are MAC or ENCRYPT. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token -# data is encrypted and authenticated in the cache. If the -# value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -#memcache_security_strategy=<None> +# (Optional) If defined, indicate whether token data should be authenticated or +# authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, +# token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data +# is encrypted and authenticated in the cache. If the value is not one of these +# options or empty, auth_token will raise an exception on initialization. +# (string value) +#memcache_security_strategy = <None> + +# (Optional, mandatory if memcache_security_strategy is defined) This string is +# used for key derivation. (string value) +#memcache_secret_key = <None> + +# (Optional) Number of seconds memcached server is considered dead before it is +# tried again. (integer value) +#memcache_pool_dead_retry = 300 + +# (Optional) Maximum total number of open connections to every memcached +# server. (integer value) +#memcache_pool_maxsize = 10 + +# (Optional) Socket timeout in seconds for communicating with a memcache +# server. (integer value) +#memcache_pool_socket_timeout = 3 + +# (Optional) Number of seconds a connection to memcached is held unused in the +# pool before it is closed. (integer value) +#memcache_pool_unused_timeout = 60 + +# (Optional) Number of seconds that an operation will wait to get a memcache +# client connection from the pool. (integer value) +#memcache_pool_conn_get_timeout = 10 + +# (Optional) Use the advanced (eventlet safe) memcache client pool. The +# advanced pool will only work under python 2.x. (boolean value) +#memcache_use_advanced_pool = false + +# (Optional) Indicate whether to set the X-Service-Catalog header. If False, +# middleware will not ask for service catalog on token validation and will not +# set the X-Service-Catalog header. (boolean value) +#include_service_catalog = true + +# Used to control the use and type of token binding. Can be set to: "disabled" +# to not check token binding. "permissive" (default) to validate binding +# information if the bind type is of a form known to the server and ignore it +# if not. "strict" like "permissive" but if the bind type is unknown the token +# will be rejected. "required" any form of token binding is needed to be +# allowed. Finally the name of a binding method that must be present in tokens. +# (string value) +#enforce_token_bind = permissive + +# If true, the revocation list will be checked for cached tokens. This requires +# that PKI tokens are configured on the identity server. (boolean value) +#check_revocations_for_cached = false + +# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm +# or multiple. The algorithms are those supported by Python standard +# hashlib.new(). The hashes will be tried in the order given, so put the +# preferred one first for performance. The result of the first hash will be +# stored in the cache. This will typically be set to multiple values only while +# migrating from a less secure algorithm to a more secure one. Once all the old +# tokens are expired this option should be set to a single value for better +# performance. (list value) +#hash_algorithms = md5 + +# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. +# (string value) +#auth_admin_prefix = -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string -# value) -#memcache_secret_key=<None> +# Host providing the admin Identity API endpoint. Deprecated, use identity_uri. +# (string value) +#auth_host = 127.0.0.1 -# (optional) number of seconds memcached server is considered -# dead before it is tried again. (integer value) -#memcache_pool_dead_retry=300 +# Port of the admin Identity API endpoint. Deprecated, use identity_uri. +# (integer value) +#auth_port = 35357 -# (optional) max total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize=10 +# Protocol of the admin Identity API endpoint (http or https). Deprecated, use +# identity_uri. (string value) +#auth_protocol = https -# (optional) socket timeout in seconds for communicating with -# a memcache server. (integer value) -#memcache_pool_socket_timeout=3 +# Complete admin Identity API endpoint. This should specify the unversioned +# root endpoint e.g. https://localhost:35357/ (string value) +#identity_uri = <None> -# (optional) number of seconds a connection to memcached is -# held unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout=60 +# This option is deprecated and may be removed in a future release. Single +# shared secret with the Keystone configuration used for bootstrapping a +# Keystone installation, or otherwise bypassing the normal authentication +# process. This option should not be used, use `admin_user` and +# `admin_password` instead. (string value) +#admin_token = <None> -# (optional) number of seconds that an operation will wait to -# get a memcache client connection from the pool. (integer -# value) -#memcache_pool_conn_get_timeout=10 +# Service username. (string value) +#admin_user = <None> -# (optional) use the advanced (eventlet safe) memcache client -# pool. The advanced pool will only work under python 2.x. -# (boolean value) -#memcache_use_advanced_pool=false - -# (optional) indicate whether to set the X-Service-Catalog -# header. If False, middleware will not ask for service -# catalog on token validation and will not set the X-Service- -# Catalog header. (boolean value) -#include_service_catalog=true - -# Used to control the use and type of token binding. Can be -# set to: "disabled" to not check token binding. "permissive" -# (default) to validate binding information if the bind type -# is of a form known to the server and ignore it if not. -# "strict" like "permissive" but if the bind type is unknown -# the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string -# value) -#enforce_token_bind=permissive - -# If true, the revocation list will be checked for cached -# tokens. This requires that PKI tokens are configured on the -# Keystone server. (boolean value) -#check_revocations_for_cached=false - -# Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those -# supported by Python standard hashlib.new(). The hashes will -# be tried in the order given, so put the preferred one first -# for performance. The result of the first hash will be stored -# in the cache. This will typically be set to multiple values -# only while migrating from a less secure algorithm to a more -# secure one. Once all the old tokens are expired this option -# should be set to a single value for better performance. -# (list value) -#hash_algorithms=md5 +# Service user password. (string value) +#admin_password = <None> + +# Service tenant name. (string value) +#admin_tenant_name = admin [libvirt] @@ -2808,8 +2714,8 @@ admin_tenant_name=service #rescue_ramdisk_id=<None> # Libvirt domain type (valid options are: kvm, lxc, qemu, uml, -# xen) (string value) -virt_type={{ NOVA_VIRT_TYPE }} +# xen and parallels) (string value) +#virt_type=kvm # Override the default libvirt URI (which is dependent on # virt_type) (string value) @@ -2849,11 +2755,6 @@ virt_type={{ NOVA_VIRT_TYPE }} # vdi). Defaults to same as source image (string value) #snapshot_image_format=<None> -# DEPRECATED. Libvirt handlers for remote volumes. This option -# is deprecated and will be removed in the Kilo release. (list -# value) -#volume_drivers=iscsi=nova.virt.libvirt.volume.LibvirtISCSIVolumeDriver,iser=nova.virt.libvirt.volume.LibvirtISERVolumeDriver,local=nova.virt.libvirt.volume.LibvirtVolumeDriver,fake=nova.virt.libvirt.volume.LibvirtFakeVolumeDriver,rbd=nova.virt.libvirt.volume.LibvirtNetVolumeDriver,sheepdog=nova.virt.libvirt.volume.LibvirtNetVolumeDriver,nfs=nova.virt.libvirt.volume.LibvirtNFSVolumeDriver,aoe=nova.virt.libvirt.volume.LibvirtAOEVolumeDriver,glusterfs=nova.virt.libvirt.volume.LibvirtGlusterfsVolumeDriver,fibre_channel=nova.virt.libvirt.volume.LibvirtFibreChannelVolumeDriver,scality=nova.virt.libvirt.volume.LibvirtScalityVolumeDriver - # Override the default disk prefix for the devices attached to # a server, which is dependent on virt_type. (valid options # are: sd, xvd, uvd, vd) (string value) @@ -2939,14 +2840,6 @@ virt_type={{ NOVA_VIRT_TYPE }} # flag is set to True. (boolean value) #sparse_logical_volumes=false -# Method used to wipe old volumes (valid options are: none, -# zero, shred) (string value) -#volume_clear=zero - -# Size in MiB to wipe at start of old volumes. 0 => all -# (integer value) -#volume_clear_size=0 - # The RADOS pool in which rbd volumes are stored (string # value) #images_rbd_pool=rbd @@ -2986,6 +2879,19 @@ virt_type={{ NOVA_VIRT_TYPE }} # +# Options defined in nova.virt.libvirt.lvm +# + +# Method used to wipe old volumes (valid options are: none, +# zero, shred) (string value) +#volume_clear=zero + +# Size in MiB to wipe at start of old volumes. 0 => all +# (integer value) +#volume_clear_size=0 + + +# # Options defined in nova.virt.libvirt.utils # @@ -3027,10 +2933,19 @@ virt_type={{ NOVA_VIRT_TYPE }} # node (string value) #nfs_mount_point_base=$state_path/mnt -# Mount options passedf to the NFS client. See section of the +# Mount options passed to the NFS client. See section of the # nfs man page for details (string value) #nfs_mount_options=<None> +# Directory where the SMBFS shares are mounted on the compute +# node (string value) +#smbfs_mount_point_base=$state_path/mnt + +# Mount options passed to the SMBFS client. See mount.cifs man +# page for details. Note that the libvirt-qemu uid and gid +# must be specified. (string value) +#smbfs_mount_options= + # Number of times to rediscover AoE target to find volume # (integer value) #num_aoe_discover_tries=3 @@ -3056,32 +2971,20 @@ virt_type={{ NOVA_VIRT_TYPE }} # Currently supported protocols: [gluster] (list value) #qemu_allowed_storage_drivers= +# Directory where the Quobyte volume is mounted on the compute +# node (string value) +#quobyte_mount_point_base=$state_path/mnt -[matchmaker_redis] - -# -# Options defined in oslo.messaging -# - -# Host to locate redis. (string value) -#host=127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port=6379 - -# Password for Redis server (optional). (string value) -#password=<None> - - -[matchmaker_ring] - -# -# Options defined in oslo.messaging -# +# Path to a Quobyte Client configuration file. (string value) +#quobyte_client_cfg=<None> -# Matchmaker ring file (JSON). (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json +# The iSCSI transport iface to use to connect to target in +# case offload support is desired. Supported transports are +# be2iscsi, bnx2i, cxgb3i, cxgb4i, qla4xxx and ocs. Default +# format is transport_name.hwaddress and can be generated +# manually or via iscsiadm -m iface (string value) +# Deprecated group/name - [DEFAULT]/iscsi_transport +#iscsi_iface=<None> [metrics] @@ -3125,13 +3028,11 @@ virt_type={{ NOVA_VIRT_TYPE }} # Set flag to indicate Neutron will proxy metadata requests # and resolve instance ids. (boolean value) -# Deprecated group/name - [DEFAULT]/service_neutron_metadata_proxy -service_metadata_proxy=True +#service_metadata_proxy=false # Shared secret to validate proxies Neutron metadata requests # (string value) -# Deprecated group/name - [DEFAULT]/neutron_metadata_proxy_shared_secret -metadata_proxy_shared_secret={{ METADATA_PROXY_SHARED_SECRET }} +#metadata_proxy_shared_secret= # @@ -3139,76 +3040,64 @@ metadata_proxy_shared_secret={{ METADATA_PROXY_SHARED_SECRET }} # # URL for connecting to neutron (string value) -# Deprecated group/name - [DEFAULT]/neutron_url -url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 +#url=http://127.0.0.1:9696 -# Timeout value for connecting to neutron in seconds (integer -# value) -# Deprecated group/name - [DEFAULT]/neutron_url_timeout -#url_timeout=30 - -# User id for connecting to neutron in admin context (string -# value) +# User id for connecting to neutron in admin context. +# DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) #admin_user_id=<None> -# Username for connecting to neutron in admin context (string -# value) -# Deprecated group/name - [DEFAULT]/neutron_admin_username -admin_username={{ NEUTRON_SERVICE_USER }} +# Username for connecting to neutron in admin context +# DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) +#admin_username=<None> -# Password for connecting to neutron in admin context (string -# value) -# Deprecated group/name - [DEFAULT]/neutron_admin_password -admin_password={{ NEUTRON_SERVICE_PASSWORD }} +# Password for connecting to neutron in admin context +# DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) +#admin_password=<None> -# Tenant id for connecting to neutron in admin context (string -# value) -# Deprecated group/name - [DEFAULT]/neutron_admin_tenant_id +# Tenant id for connecting to neutron in admin context +# DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) #admin_tenant_id=<None> # Tenant name for connecting to neutron in admin context. This # option will be ignored if neutron_admin_tenant_id is set. # Note that with Keystone V3 tenant names are only unique -# within a domain. (string value) -# Deprecated group/name - [DEFAULT]/neutron_admin_tenant_name -admin_tenant_name=service +# within a domain. DEPRECATED: specify an auth_plugin and +# appropriate credentials instead. (string value) +#admin_tenant_name=<None> # Region name for connecting to neutron in admin context # (string value) -# Deprecated group/name - [DEFAULT]/neutron_region_name #region_name=<None> -# Authorization URL for connecting to neutron in admin context -# (string value) -# Deprecated group/name - [DEFAULT]/neutron_admin_auth_url -admin_auth_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - -# If set, ignore any SSL validation issues (boolean value) -# Deprecated group/name - [DEFAULT]/neutron_api_insecure -#api_insecure=false +# Authorization URL for connecting to neutron in admin +# context. DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. (string value) +#admin_auth_url=http://localhost:5000/v2.0 # Authorization strategy for connecting to neutron in admin -# context (string value) -# Deprecated group/name - [DEFAULT]/neutron_auth_strategy -auth_strategy=keystone +# context. DEPRECATED: specify an auth_plugin and appropriate +# credentials instead. If an auth_plugin is specified strategy +# will be ignored. (string value) +#auth_strategy=keystone # Name of Integration Bridge used by Open vSwitch (string # value) -# Deprecated group/name - [DEFAULT]/neutron_ovs_bridge #ovs_bridge=br-int # Number of seconds before querying neutron for extensions # (integer value) -# Deprecated group/name - [DEFAULT]/neutron_extension_sync_interval #extension_sync_interval=600 -# Location of CA certificates file to use for neutron client -# requests. (string value) -# Deprecated group/name - [DEFAULT]/neutron_ca_certificates_file -#ca_certificates_file=<None> - -# Allow an instance to have multiple vNICs attached to the -# same Neutron network. (boolean value) +# DEPRECATED: Allow an instance to have multiple vNICs +# attached to the same Neutron network. This option is +# deprecated in the 2015.1 release and will be removed in the +# 2015.2 release where the default behavior will be to always +# allow multiple ports from the same network to be attached to +# an instance. (boolean value) #allow_duplicate_networks=false @@ -3252,7 +3141,7 @@ auth_strategy=keystone # # Host on which to listen for incoming requests (string value) -serialproxy_host=127.0.0.1 +#serialproxy_host=0.0.0.0 # Port on which to listen for incoming requests (integer # value) @@ -3264,7 +3153,7 @@ serialproxy_host=127.0.0.1 # # Enable serial console related features (boolean value) -enabled=false +#enabled=false # Range of TCP ports to use for serial ports on compute hosts # (string value) @@ -3289,12 +3178,10 @@ enabled=false # # Host on which to listen for incoming requests (string value) -# Deprecated group/name - [DEFAULT]/spicehtml5proxy_host #html5proxy_host=0.0.0.0 # Port on which to listen for incoming requests (integer # value) -# Deprecated group/name - [DEFAULT]/spicehtml5proxy_port #html5proxy_port=6082 @@ -3315,7 +3202,7 @@ enabled=false #server_proxyclient_address=127.0.0.1 # Enable spice related features (boolean value) -enabled=false +#enabled=false # Enable spice guest agent support (boolean value) #agent_enabled=true @@ -3473,6 +3360,20 @@ enabled=false # Options defined in nova.virt.vmwareapi.driver # +# The PBM status. (boolean value) +#pbm_enabled=false + +# PBM service WSDL file location URL. e.g. +# file:///opt/SDK/spbm/wsdl/pbmService.wsdl Not setting this +# will disable storage policy based placement of instances. +# (string value) +#pbm_wsdl_location=<None> + +# The PBM default policy. If pbm_wsdl_location is set and +# there is no defined storage policy for the specific request +# then this policy will be used. (string value) +#pbm_default_policy=<None> + # Hostname or IP address for connection to VMware VC host. # (string value) #host_ip=<None> @@ -3541,6 +3442,42 @@ enabled=false #maximum_objects=100 +# +# Options defined in nova.virt.vmwareapi.vmops +# + +# The prefix for Where cached images are stored. This is NOT +# the full path - just a folder prefix. This should only be +# used when a datastore cache should be shared between compute +# nodes. Note: this should only be used when the compute nodes +# have a shared file system. (string value) +#cache_prefix=<None> + + +[workarounds] + +# +# Options defined in nova.utils +# + +# This option allows a fallback to sudo for performance +# reasons. For example see +# https://bugs.launchpad.net/nova/+bug/1415106 (boolean value) +#disable_rootwrap=false + +# When using libvirt 1.2.2 fails live snapshots intermittently +# under load. This config option provides mechanism to +# disable livesnapshot while this is resolved. See +# https://bugs.launchpad.net/nova/+bug/1334398 (boolean value) +#disable_libvirt_livesnapshot=true + +# Whether to destroy instances on startup when we suspect they +# have previously been evacuated. This can result in data loss +# if undesired. See https://launchpad.net/bugs/1419785 +# (boolean value) +#destroy_after_evacuate=true + + [xenserver] # @@ -3736,7 +3673,8 @@ enabled=false # rsynced (boolean value) #sparse_copy=true -# Maximum number of retries to unplug VBD (integer value) +# Maximum number of retries to unplug VBD. if <=0, should try +# once and no retry (integer value) #num_vbd_unplug_retries=10 # Whether or not to download images via Bit Torrent @@ -3802,8 +3740,269 @@ enabled=false # (integer value) #sg_retry_interval=5 -[database] -# The SQLAlchemy connection string to use to connect to the -# database. (string value) -connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova +[matchmaker_redis] + +# +# From oslo.messaging +# + +# Host to locate redis. (string value) +#host = 127.0.0.1 + +# Use this port to connect to redis host. (integer value) +#port = 6379 + +# Password for Redis server (optional). (string value) +#password = <None> + + +[matchmaker_ring] + +# +# From oslo.messaging +# + +# Matchmaker ring file (JSON). (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +#ringfile = /etc/oslo/matchmaker_ring.json + + +[oslo_concurrency] + +# +# From oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +# Deprecated group/name - [DEFAULT]/disable_process_locking +#disable_process_locking = false + +# Directory to use for lock files. For security, the specified directory +# should only be writable by the user running the processes that need locking. +# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, +# a lock path must be set. (string value) +# Deprecated group/name - [DEFAULT]/lock_path +#lock_path = <None> + + +[oslo_messaging_amqp] + +# +# From oslo.messaging +# + +# address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +#server_request_prefix = exclusive + +# address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +#broadcast_prefix = broadcast + +# address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +#group_request_prefix = unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +#container_name = <None> + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +#idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +#trace = false + +# CA certificate PEM file for verifing server certificate (string value) +# Deprecated group/name - [amqp1]/ssl_ca_file +#ssl_ca_file = + +# Identifying certificate PEM file to present to clients (string value) +# Deprecated group/name - [amqp1]/ssl_cert_file +#ssl_cert_file = + +# Private key PEM file used to sign cert_file certificate (string value) +# Deprecated group/name - [amqp1]/ssl_key_file +#ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +#ssl_key_password = <None> + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +#allow_insecure_clients = false + + +[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +#qpid_hostname = localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +#qpid_port = 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +#qpid_hosts = $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +#qpid_username = + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +#qpid_password = + +# Space separated list of SASL mechanisms to use for auth. (string value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +#qpid_sasl_mechanisms = + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +#qpid_heartbeat = 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +#qpid_protocol = tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +#qpid_tcp_nodelay = true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +#qpid_receiver_capacity = 1 + +# The qpid topology version to use. Version 1 is what was originally used by +# impl_qpid. Version 2 includes some backwards-incompatible changes that allow +# broker federation to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +#qpid_topology_version = 1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +#amqp_auto_delete = false + +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + +# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and +# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some +# distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +#kombu_ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +#kombu_ssl_keyfile = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +#kombu_ssl_certfile = + +# SSL certification authority file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +#kombu_ssl_ca_certs = + +# How long to wait before reconnecting in response to an AMQP consumer cancel +# notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +#kombu_reconnect_delay = 1.0 + +# The RabbitMQ broker address where a single node is used. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_host +#rabbit_host = localhost + +# The RabbitMQ broker port where a single node is used. (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_port +#rabbit_port = 5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +#rabbit_hosts = $rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +#rabbit_use_ssl = false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +#rabbit_userid = guest + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +#rabbit_password = guest + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +#rabbit_login_method = AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +#rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +#rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +#rabbit_retry_backoff = 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry +# count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +#rabbit_max_retries = 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you +# must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +#rabbit_ha_queues = false + +# Number of seconds after which the Rabbit broker is considered down if +# heartbeat's keep-alive fails (0 disable the heartbeat). (integer value) +#heartbeat_timeout_threshold = 60 + +# How often times during the heartbeat_timeout_threshold we check the +# heartbeat. (integer value) +#heartbeat_rate = 2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +#fake_rabbit = false + diff --git a/install-files/openstack/usr/share/openstack/nova/policy.json b/install-files/openstack/usr/share/openstack/nova/policy.json deleted file mode 100644 index cc5b8ea4..00000000 --- a/install-files/openstack/usr/share/openstack/nova/policy.json +++ /dev/null @@ -1,324 +0,0 @@ -{ - "context_is_admin": "role:admin", - "admin_or_owner": "is_admin:True or project_id:%(project_id)s", - "default": "rule:admin_or_owner", - - "cells_scheduler_filter:TargetCellFilter": "is_admin:True", - - "compute:create": "", - "compute:create:attach_network": "", - "compute:create:attach_volume": "", - "compute:create:forced_host": "is_admin:True", - "compute:get_all": "", - "compute:get_all_tenants": "", - "compute:start": "rule:admin_or_owner", - "compute:stop": "rule:admin_or_owner", - "compute:unlock_override": "rule:admin_api", - - "compute:shelve": "", - "compute:shelve_offload": "", - "compute:unshelve": "", - - "compute:volume_snapshot_create": "", - "compute:volume_snapshot_delete": "", - - "admin_api": "is_admin:True", - "compute:v3:servers:start": "rule:admin_or_owner", - "compute:v3:servers:stop": "rule:admin_or_owner", - "compute_extension:v3:os-access-ips:discoverable": "", - "compute_extension:v3:os-access-ips": "", - "compute_extension:accounts": "rule:admin_api", - "compute_extension:admin_actions": "rule:admin_api", - "compute_extension:admin_actions:pause": "rule:admin_or_owner", - "compute_extension:admin_actions:unpause": "rule:admin_or_owner", - "compute_extension:admin_actions:suspend": "rule:admin_or_owner", - "compute_extension:admin_actions:resume": "rule:admin_or_owner", - "compute_extension:admin_actions:lock": "rule:admin_or_owner", - "compute_extension:admin_actions:unlock": "rule:admin_or_owner", - "compute_extension:admin_actions:resetNetwork": "rule:admin_api", - "compute_extension:admin_actions:injectNetworkInfo": "rule:admin_api", - "compute_extension:admin_actions:createBackup": "rule:admin_or_owner", - "compute_extension:admin_actions:migrateLive": "rule:admin_api", - "compute_extension:admin_actions:resetState": "rule:admin_api", - "compute_extension:admin_actions:migrate": "rule:admin_api", - "compute_extension:v3:os-admin-actions": "rule:admin_api", - "compute_extension:v3:os-admin-actions:discoverable": "", - "compute_extension:v3:os-admin-actions:reset_network": "rule:admin_api", - "compute_extension:v3:os-admin-actions:inject_network_info": "rule:admin_api", - "compute_extension:v3:os-admin-actions:reset_state": "rule:admin_api", - "compute_extension:v3:os-admin-password": "", - "compute_extension:v3:os-admin-password:discoverable": "", - "compute_extension:aggregates": "rule:admin_api", - "compute_extension:v3:os-aggregates:discoverable": "", - "compute_extension:v3:os-aggregates:index": "rule:admin_api", - "compute_extension:v3:os-aggregates:create": "rule:admin_api", - "compute_extension:v3:os-aggregates:show": "rule:admin_api", - "compute_extension:v3:os-aggregates:update": "rule:admin_api", - "compute_extension:v3:os-aggregates:delete": "rule:admin_api", - "compute_extension:v3:os-aggregates:add_host": "rule:admin_api", - "compute_extension:v3:os-aggregates:remove_host": "rule:admin_api", - "compute_extension:v3:os-aggregates:set_metadata": "rule:admin_api", - "compute_extension:agents": "rule:admin_api", - "compute_extension:v3:os-agents": "rule:admin_api", - "compute_extension:v3:os-agents:discoverable": "", - "compute_extension:attach_interfaces": "", - "compute_extension:v3:os-attach-interfaces": "", - "compute_extension:v3:os-attach-interfaces:discoverable": "", - "compute_extension:baremetal_nodes": "rule:admin_api", - "compute_extension:cells": "rule:admin_api", - "compute_extension:v3:os-cells": "rule:admin_api", - "compute_extension:v3:os-cells:discoverable": "", - "compute_extension:certificates": "", - "compute_extension:v3:os-certificates:create": "", - "compute_extension:v3:os-certificates:show": "", - "compute_extension:v3:os-certificates:discoverable": "", - "compute_extension:cloudpipe": "rule:admin_api", - "compute_extension:cloudpipe_update": "rule:admin_api", - "compute_extension:console_output": "", - "compute_extension:v3:consoles:discoverable": "", - "compute_extension:v3:os-console-output:discoverable": "", - "compute_extension:v3:os-console-output": "", - "compute_extension:consoles": "", - "compute_extension:v3:os-remote-consoles": "", - "compute_extension:v3:os-remote-consoles:discoverable": "", - "compute_extension:createserverext": "", - "compute_extension:v3:os-create-backup:discoverable": "", - "compute_extension:v3:os-create-backup": "rule:admin_or_owner", - "compute_extension:deferred_delete": "", - "compute_extension:v3:os-deferred-delete": "", - "compute_extension:v3:os-deferred-delete:discoverable": "", - "compute_extension:disk_config": "", - "compute_extension:evacuate": "rule:admin_api", - "compute_extension:v3:os-evacuate": "rule:admin_api", - "compute_extension:v3:os-evacuate:discoverable": "", - "compute_extension:extended_server_attributes": "rule:admin_api", - "compute_extension:v3:os-extended-server-attributes": "rule:admin_api", - "compute_extension:v3:os-extended-server-attributes:discoverable": "", - "compute_extension:extended_status": "", - "compute_extension:v3:os-extended-status": "", - "compute_extension:v3:os-extended-status:discoverable": "", - "compute_extension:extended_availability_zone": "", - "compute_extension:v3:os-extended-availability-zone": "", - "compute_extension:v3:os-extended-availability-zone:discoverable": "", - "compute_extension:extended_ips": "", - "compute_extension:extended_ips_mac": "", - "compute_extension:extended_vif_net": "", - "compute_extension:v3:extension_info:discoverable": "", - "compute_extension:extended_volumes": "", - "compute_extension:v3:os-extended-volumes": "", - "compute_extension:v3:os-extended-volumes:swap": "", - "compute_extension:v3:os-extended-volumes:discoverable": "", - "compute_extension:v3:os-extended-volumes:attach": "", - "compute_extension:v3:os-extended-volumes:detach": "", - "compute_extension:fixed_ips": "rule:admin_api", - "compute_extension:flavor_access": "", - "compute_extension:flavor_access:addTenantAccess": "rule:admin_api", - "compute_extension:flavor_access:removeTenantAccess": "rule:admin_api", - "compute_extension:v3:flavor-access": "", - "compute_extension:v3:flavor-access:discoverable": "", - "compute_extension:v3:flavor-access:remove_tenant_access": "rule:admin_api", - "compute_extension:v3:flavor-access:add_tenant_access": "rule:admin_api", - "compute_extension:flavor_disabled": "", - "compute_extension:flavor_rxtx": "", - "compute_extension:v3:os-flavor-rxtx": "", - "compute_extension:v3:os-flavor-rxtx:discoverable": "", - "compute_extension:flavor_swap": "", - "compute_extension:flavorextradata": "", - "compute_extension:flavorextraspecs:index": "", - "compute_extension:flavorextraspecs:show": "", - "compute_extension:flavorextraspecs:create": "rule:admin_api", - "compute_extension:flavorextraspecs:update": "rule:admin_api", - "compute_extension:flavorextraspecs:delete": "rule:admin_api", - "compute_extension:v3:flavors:discoverable": "", - "compute_extension:v3:flavor-extra-specs:discoverable": "", - "compute_extension:v3:flavor-extra-specs:index": "", - "compute_extension:v3:flavor-extra-specs:show": "", - "compute_extension:v3:flavor-extra-specs:create": "rule:admin_api", - "compute_extension:v3:flavor-extra-specs:update": "rule:admin_api", - "compute_extension:v3:flavor-extra-specs:delete": "rule:admin_api", - "compute_extension:flavormanage": "rule:admin_api", - "compute_extension:v3:flavor-manage": "rule:admin_api", - "compute_extension:floating_ip_dns": "", - "compute_extension:floating_ip_pools": "", - "compute_extension:floating_ips": "", - "compute_extension:floating_ips_bulk": "rule:admin_api", - "compute_extension:fping": "", - "compute_extension:fping:all_tenants": "rule:admin_api", - "compute_extension:hide_server_addresses": "is_admin:False", - "compute_extension:v3:os-hide-server-addresses": "is_admin:False", - "compute_extension:v3:os-hide-server-addresses:discoverable": "", - "compute_extension:hosts": "rule:admin_api", - "compute_extension:v3:os-hosts": "rule:admin_api", - "compute_extension:v3:os-hosts:discoverable": "", - "compute_extension:hypervisors": "rule:admin_api", - "compute_extension:v3:os-hypervisors": "rule:admin_api", - "compute_extension:v3:os-hypervisors:discoverable": "", - "compute_extension:image_size": "", - "compute_extension:instance_actions": "", - "compute_extension:v3:os-server-actions": "", - "compute_extension:v3:os-server-actions:discoverable": "", - "compute_extension:instance_actions:events": "rule:admin_api", - "compute_extension:v3:os-server-actions:events": "rule:admin_api", - "compute_extension:instance_usage_audit_log": "rule:admin_api", - "compute_extension:v3:ips:discoverable": "", - "compute_extension:keypairs": "", - "compute_extension:keypairs:index": "", - "compute_extension:keypairs:show": "", - "compute_extension:keypairs:create": "", - "compute_extension:keypairs:delete": "", - "compute_extension:v3:keypairs:discoverable": "", - "compute_extension:v3:keypairs": "", - "compute_extension:v3:keypairs:index": "", - "compute_extension:v3:keypairs:show": "", - "compute_extension:v3:keypairs:create": "", - "compute_extension:v3:keypairs:delete": "", - "compute_extension:v3:os-lock-server:discoverable": "", - "compute_extension:v3:os-lock-server:lock": "rule:admin_or_owner", - "compute_extension:v3:os-lock-server:unlock": "rule:admin_or_owner", - "compute_extension:v3:os-migrate-server:discoverable": "", - "compute_extension:v3:os-migrate-server:migrate": "rule:admin_api", - "compute_extension:v3:os-migrate-server:migrate_live": "rule:admin_api", - "compute_extension:multinic": "", - "compute_extension:v3:os-multinic": "", - "compute_extension:v3:os-multinic:discoverable": "", - "compute_extension:networks": "rule:admin_api", - "compute_extension:networks:view": "", - "compute_extension:networks_associate": "rule:admin_api", - "compute_extension:v3:os-pause-server:discoverable": "", - "compute_extension:v3:os-pause-server:pause": "rule:admin_or_owner", - "compute_extension:v3:os-pause-server:unpause": "rule:admin_or_owner", - "compute_extension:v3:os-pci:pci_servers": "", - "compute_extension:v3:os-pci:discoverable": "", - "compute_extension:v3:os-pci:index": "rule:admin_api", - "compute_extension:v3:os-pci:detail": "rule:admin_api", - "compute_extension:v3:os-pci:show": "rule:admin_api", - "compute_extension:quotas:show": "", - "compute_extension:quotas:update": "rule:admin_api", - "compute_extension:quotas:delete": "rule:admin_api", - "compute_extension:v3:os-quota-sets:discoverable": "", - "compute_extension:v3:os-quota-sets:show": "", - "compute_extension:v3:os-quota-sets:update": "rule:admin_api", - "compute_extension:v3:os-quota-sets:delete": "rule:admin_api", - "compute_extension:v3:os-quota-sets:detail": "rule:admin_api", - "compute_extension:quota_classes": "", - "compute_extension:rescue": "", - "compute_extension:v3:os-rescue": "", - "compute_extension:v3:os-rescue:discoverable": "", - "compute_extension:v3:os-scheduler-hints:discoverable": "", - "compute_extension:security_group_default_rules": "rule:admin_api", - "compute_extension:security_groups": "", - "compute_extension:v3:os-security-groups": "", - "compute_extension:v3:os-security-groups:discoverable": "", - "compute_extension:server_diagnostics": "rule:admin_api", - "compute_extension:v3:os-server-diagnostics": "rule:admin_api", - "compute_extension:v3:os-server-diagnostics:discoverable": "", - "compute_extension:server_groups": "", - "compute_extension:server_password": "", - "compute_extension:v3:os-server-password": "", - "compute_extension:v3:os-server-password:discoverable": "", - "compute_extension:server_usage": "", - "compute_extension:v3:os-server-usage": "", - "compute_extension:v3:os-server-usage:discoverable": "", - "compute_extension:services": "rule:admin_api", - "compute_extension:v3:os-services": "rule:admin_api", - "compute_extension:v3:os-services:discoverable": "", - "compute_extension:v3:server-metadata:discoverable": "", - "compute_extension:v3:servers:discoverable": "", - "compute_extension:shelve": "", - "compute_extension:shelveOffload": "rule:admin_api", - "compute_extension:v3:os-shelve:shelve": "", - "compute_extension:v3:os-shelve:shelve:discoverable": "", - "compute_extension:v3:os-shelve:shelve_offload": "rule:admin_api", - "compute_extension:simple_tenant_usage:show": "rule:admin_or_owner", - "compute_extension:v3:os-suspend-server:discoverable": "", - "compute_extension:v3:os-suspend-server:suspend": "rule:admin_or_owner", - "compute_extension:v3:os-suspend-server:resume": "rule:admin_or_owner", - "compute_extension:simple_tenant_usage:list": "rule:admin_api", - "compute_extension:unshelve": "", - "compute_extension:v3:os-shelve:unshelve": "", - "compute_extension:users": "rule:admin_api", - "compute_extension:v3:os-user-data:discoverable": "", - "compute_extension:virtual_interfaces": "", - "compute_extension:virtual_storage_arrays": "", - "compute_extension:volumes": "", - "compute_extension:volume_attachments:index": "", - "compute_extension:volume_attachments:show": "", - "compute_extension:volume_attachments:create": "", - "compute_extension:volume_attachments:update": "", - "compute_extension:volume_attachments:delete": "", - "compute_extension:volumetypes": "", - "compute_extension:availability_zone:list": "", - "compute_extension:v3:os-availability-zone:list": "", - "compute_extension:v3:os-availability-zone:discoverable": "", - "compute_extension:availability_zone:detail": "rule:admin_api", - "compute_extension:v3:os-availability-zone:detail": "rule:admin_api", - "compute_extension:used_limits_for_admin": "rule:admin_api", - "compute_extension:migrations:index": "rule:admin_api", - "compute_extension:v3:os-migrations:index": "rule:admin_api", - "compute_extension:v3:os-migrations:discoverable": "", - "compute_extension:os-assisted-volume-snapshots:create": "rule:admin_api", - "compute_extension:os-assisted-volume-snapshots:delete": "rule:admin_api", - "compute_extension:console_auth_tokens": "rule:admin_api", - "compute_extension:v3:os-console-auth-tokens": "rule:admin_api", - "compute_extension:os-server-external-events:create": "rule:admin_api", - "compute_extension:v3:os-server-external-events:create": "rule:admin_api", - - "volume:create": "", - "volume:get_all": "", - "volume:get_volume_metadata": "", - "volume:get_snapshot": "", - "volume:get_all_snapshots": "", - - - "volume_extension:types_manage": "rule:admin_api", - "volume_extension:types_extra_specs": "rule:admin_api", - "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", - "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", - "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", - - - "network:get_all": "", - "network:get": "", - "network:create": "", - "network:delete": "", - "network:associate": "", - "network:disassociate": "", - "network:get_vifs_by_instance": "", - "network:allocate_for_instance": "", - "network:deallocate_for_instance": "", - "network:validate_networks": "", - "network:get_instance_uuids_by_ip_filter": "", - "network:get_instance_id_by_floating_address": "", - "network:setup_networks_on_host": "", - "network:get_backdoor_port": "", - - "network:get_floating_ip": "", - "network:get_floating_ip_pools": "", - "network:get_floating_ip_by_address": "", - "network:get_floating_ips_by_project": "", - "network:get_floating_ips_by_fixed_address": "", - "network:allocate_floating_ip": "", - "network:deallocate_floating_ip": "", - "network:associate_floating_ip": "", - "network:disassociate_floating_ip": "", - "network:release_floating_ip": "", - "network:migrate_instance_start": "", - "network:migrate_instance_finish": "", - - "network:get_fixed_ip": "", - "network:get_fixed_ip_by_address": "", - "network:add_fixed_ip_to_instance": "", - "network:remove_fixed_ip_from_instance": "", - "network:add_network_to_project": "", - "network:get_instance_nw_info": "", - - "network:get_dns_domains": "", - "network:add_dns_entry": "", - "network:modify_dns_entry": "", - "network:delete_dns_entry": "", - "network:get_dns_entries_by_address": "", - "network:get_dns_entries_by_name": "", - "network:create_private_dns_domain": "", - "network:create_public_dns_domain": "", - "network:delete_dns_domain": "" -} |