diff options
Diffstat (limited to 'install-files/openstack/usr/share')
41 files changed, 0 insertions, 15845 deletions
diff --git a/install-files/openstack/usr/share/openstack/ceilometer-config.yml b/install-files/openstack/usr/share/openstack/ceilometer-config.yml deleted file mode 100644 index 9850d84d..00000000 --- a/install-files/openstack/usr/share/openstack/ceilometer-config.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/ceilometer.conf" - tasks: -# Configure ceilometer - - name: Create the ceilometer user. - user: - name: ceilometer - comment: Openstack Ceilometer Daemons - shell: /sbin/nologin - home: /var/lib/ceilometer - - - name: Create the /var folders for ceilometer - file: - path: "{{ item }}" - state: directory - owner: ceilometer - group: ceilometer - with_items: - - /var/run/ceilometer - - /var/lock/ceilometer - - /var/log/ceilometer - - /var/lib/ceilometer - - - name: Create /etc/ceilometer directory - file: - path: /etc/ceilometer - state: directory - - - name: Add the configuration needed for ceilometer in /etc/ceilometer using templates - template: - src: /usr/share/openstack/ceilometer/{{ item }} - dest: /etc/ceilometer/{{ item }} - with_lines: - - cd /usr/share/openstack/ceilometer && find -type f diff --git a/install-files/openstack/usr/share/openstack/ceilometer-db.yml b/install-files/openstack/usr/share/openstack/ceilometer-db.yml deleted file mode 100644 index 46a929bc..00000000 --- a/install-files/openstack/usr/share/openstack/ceilometer-db.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/ceilometer.conf" - tasks: - - name: Create ceilometer service user in service tenant - keystone_user: - user: "{{ CEILOMETER_SERVICE_USER }}" - password: "{{ CEILOMETER_SERVICE_PASSWORD }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Assign admin role to ceilometers service user in the service tenant - keystone_user: - role: admin - user: "{{ CEILOMETER_SERVICE_USER }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Add ceilometer endpoint - keystone_service: - name: ceilometer - type: metering - description: Openstack Metering Service - publicurl: http://{{ ansible_hostname }}:8777 - internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:8777 - adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:8777 - region: regionOne - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Create postgresql user for ceilometer - postgresql_user: - name: "{{ CEILOMETER_DB_USER }}" - login_host: "{{ CONTROLLER_HOST_ADDRESS }}" - password: "{{ CEILOMETER_DB_PASSWORD }}" - sudo: yes - sudo_user: ceilometer - - - name: Create database for ceilometer services - postgresql_db: - name: ceilometer - owner: "{{ CEILOMETER_DB_USER }}" - login_host: "{{ CONTROLLER_HOST_ADDRESS }}" - sudo: yes - sudo_user: ceilometer - - - name: Initiate ceilometer database - command: ceilometer-dbsync - sudo: yes - sudo_user: ceilometer diff --git a/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf b/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf deleted file mode 100644 index b1ad2f47..00000000 --- a/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf +++ /dev/null @@ -1,1330 +0,0 @@ -[DEFAULT] - -# -# From ceilometer -# - -auth_strategy = keystone - -# To reduce large requests at same time to Nova or other components -# from different compute agents, shuffle start time of polling task. -# (integer value) -#shuffle_time_before_polling_task = 0 - -# Configuration file for WSGI definition of API. (string value) -api_paste_config = api_paste.ini - -# Number of workers for Ceilometer API server. (integer value) -#api_workers = 1 - -# Polling namespace(s) to be used while resource polling (unknown -# type) -#polling_namespaces = ['compute', 'central'] - -# List of pollsters (or wildcard templates) to be used while polling -# (unknown type) -#pollster_list = [] - -# Exchange name for Nova notifications. (string value) -nova_control_exchange = nova - -# List of metadata prefixes reserved for metering use. (list value) -reserved_metadata_namespace = metering. - -# Limit on length of reserved metadata values. (integer value) -#reserved_metadata_length = 256 - -# List of metadata keys reserved for metering use. And these keys are -# additional to the ones included in the namespace. (list value) -#reserved_metadata_keys = - -# Inspector to use for inspecting the hypervisor layer. (string value) -hypervisor_inspector = libvirt - -# Libvirt domain type. (string value) -# Allowed values: kvm, lxc, qemu, uml, xen -libvirt_type = {{ NOVA_VIRT_TYPE }} - -# Override the default libvirt URI (which is dependent on -# libvirt_type). (string value) -#libvirt_uri = - -# Exchange name for Data Processing notifications. (string value) -#sahara_control_exchange = sahara - -# Dispatcher to process data. (multi valued) -# Deprecated group/name - [collector]/dispatcher -#dispatcher = database - -# Exchange name for Keystone notifications. (string value) -keystone_control_exchange = keystone - -# Number of items to request in each paginated Glance API request -# (parameter used by glancecelient). If this is less than or equal to -# 0, page size is not specified (default value in glanceclient is -# used). (integer value) -#glance_page_size = 0 - -# Exchange name for Glance notifications. (string value) -glance_control_exchange = glance - -# Exchange name for Ironic notifications. (string value) -ironic_exchange = ironic - -# Exchanges name to listen for notifications. (multi valued) -#http_control_exchanges = nova -#http_control_exchanges = glance -#http_control_exchanges = neutron -#http_control_exchanges = cinder - -# Exchange name for Neutron notifications. (string value) -# Deprecated group/name - [DEFAULT]/quantum_control_exchange -neutron_control_exchange = neutron - -# Allow novaclient's debug log output. (boolean value) -#nova_http_log_debug = false - -# Swift reseller prefix. Must be on par with reseller_prefix in proxy- -# server.conf. (string value) -#reseller_prefix = AUTH_ - -# Enable eventlet backdoor. Acceptable values are 0, <port>, and -# <start>:<end>, where 0 results in listening on a random tcp port -# number; <port> results in listening on the specified port number -# (and not enabling backdoor if that port is in use); and -# <start>:<end> results in listening on the smallest unused port -# number within the specified range of port numbers. The chosen port -# is displayed in the service's log file. (string value) -#backdoor_port = <None> - -# Print debugging output (set logging level to DEBUG instead of -# default WARNING level). (boolean value) -#debug = false - -# Print more verbose output (set logging level to INFO instead of -# default WARNING level). (boolean value) -#verbose = false - -# Log output to standard error. (boolean value) -#use_stderr = true - -# The name of a logging configuration file. This file is appended to -# any existing logging configuration files. For details about logging -# configuration files, see the Python logging module documentation. -# (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = <None> - -# DEPRECATED. A logging.Formatter log message format string which may -# use any of the available logging.LogRecord attributes. This option -# is deprecated. Please use logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format = <None> - -# Format string for %%(asctime)s in log records. Default: %(default)s -# . (string value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is set, -# logging will go to stdout. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = <None> - -# (Optional) The base directory used for relative --log-file paths. -# (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = <None> - -# Use syslog for logging. Existing syslog format is DEPRECATED during -# I, and will change in J to honor RFC5424. (boolean value) -use_syslog = True - -# (Optional) Enables or disables syslog rfc5424 format for logging. If -# enabled, prefixes the MSG part of the syslog message with APP-NAME -# (RFC5424). The format without the APP-NAME is deprecated in I, and -# will be removed in J. (boolean value) -#use_syslog_rfc_format = false - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility = LOG_USER - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. (string -# value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string -# value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -# The format for an instance that is passed with the log message. -# (string value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. -# (string value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Exchange name for Heat notifications (string value) -#heat_control_exchange = heat - -# Configuration file for pipeline definition. (string value) -pipeline_cfg_file = pipeline.yaml - -# Configuration file for event pipeline definition. (string value) -event_pipeline_cfg_file = event_pipeline.yaml - -# Exchange name for DBaaS notifications. (string value) -#trove_control_exchange = trove - -# Exchange name for Messaging service notifications. (string value) -#zaqar_control_exchange = zaqar - -# Source for samples emitted on this instance. (string value) -# Deprecated group/name - [DEFAULT]/counter_source -#sample_source = openstack - -# Name of this node, which must be valid in an AMQP key. Can be an -# opaque identifier. For ZeroMQ only, must be a valid host name, FQDN, -# or IP address. (string value) -#host = noisecell - -# Number of workers for collector service. A single collector is -# enabled by default. (integer value) -#collector_workers = 1 - -# Number of workers for notification service. A single notification -# agent is enabled by default. (integer value) -#notification_workers = 1 - -# Timeout seconds for HTTP requests. Set it to None to disable -# timeout. (integer value) -#http_timeout = 600 - -# DEPRECATED - Database connection string. (string value) -#database_connection = <None> - -# Path to the rootwrap configuration file touse for running commands -# as root (string value) -rootwrap_config = /etc/ceilometer/rootwrap.conf - -# Exchange name for Cinder notifications. (string value) -cinder_control_exchange = cinder - -# -# From oslo.messaging -# - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve to this -# address. (string value) -#rpc_zmq_bind_address = * - -# MatchMaker driver. (string value) -#rpc_zmq_matchmaker = local - -# ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port = 9501 - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts = 1 - -# Maximum number of ingress messages to locally buffer per topic. -# Default is unlimited. (integer value) -#rpc_zmq_topic_backlog = <None> - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir = /var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP address. -# Must match "host" option, if running Nova. (string value) -#rpc_zmq_host = localhost - -# Seconds to wait before a cast expires (TTL). Only supported by -# impl_zmq. (integer value) -#rpc_cast_timeout = 30 - -# Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq = 300 - -# Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl = 600 - -# Size of RPC thread pool. (integer value) -#rpc_thread_pool_size = 64 - -# Driver or drivers to handle sending notifications. (multi valued) -#notification_driver = - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -#notification_topics = notifications - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout = 60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend option -# and driver specific configuration. (string value) -#transport_url = <None> - -# The messaging driver to use, defaults to rabbit. Other drivers -# include qpid and zmq. (string value) -rpc_backend = rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the transport_url -# option. (string value) -#control_exchange = openstack - - -[alarm] - -# -# From ceilometer -# - -# SSL Client certificate for REST notifier. (string value) -#rest_notifier_certificate_file = - -# SSL Client private key for REST notifier. (string value) -#rest_notifier_certificate_key = - -# Whether to verify the SSL Server certificate when calling alarm -# action. (boolean value) -#rest_notifier_ssl_verify = true - -# Number of retries for REST notifier (integer value) -#rest_notifier_max_retries = 0 - -# Period of evaluation cycle, should be >= than configured pipeline -# interval for collection of underlying metrics. (integer value) -# Deprecated group/name - [alarm]/threshold_evaluation_interval -#evaluation_interval = 60 - -# The topic that ceilometer uses for alarm notifier messages. (string -# value) -notifier_rpc_topic = alarm_notifier - -# The topic that ceilometer uses for alarm partition coordination -# messages. DEPRECATED: RPC-based partitionedalarm evaluation service -# will be removed in Kilo in favour of the default alarm evaluation -# service using tooz for partitioning. (string value) -#partition_rpc_topic = alarm_partition_coordination - -# URL to Gnocchi. (string value) -#gnocchi_url = http://localhost:8041 - -# Record alarm change events. (boolean value) -#record_history = true - -# Maximum number of alarms defined for a user. (integer value) -#user_alarm_quota = <None> - -# Maximum number of alarms defined for a project. (integer value) -#project_alarm_quota = <None> - -# Driver to use for alarm evaluation service. DEPRECATED: "singleton" -# and "partitioned" alarm evaluator services will be removed in Kilo -# in favour of the default alarm evaluation service using tooz for -# partitioning. (string value) -#evaluation_service = default - - -[api] - -# -# From ceilometer -# - -# The port for the ceilometer API server. (integer value) -# Deprecated group/name - [DEFAULT]/metering_api_port -port = 8777 - -# The listen IP for the ceilometer API server. (string value) -host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Toggle Pecan Debug Middleware. (boolean value) -#pecan_debug = false - - -[central] - -# -# From ceilometer -# - -# Work-load partitioning group prefix. Use only if you want to run -# multiple polling agents with different config files. For each sub- -# group of the agent pool with the same partitioning_group_prefix a -# disjoint subset of pollsters should be loaded. (string value) -# Deprecated group/name - [central]/partitioning_group_prefix -#partitioning_group_prefix = <None> - - -[collector] - -# -# From ceilometer -# - -# Address to which the UDP socket is bound. Set to an empty string to -# disable. (string value) -#udp_address = 0.0.0.0 - -# Port to which the UDP socket is bound. (integer value) -#udp_port = 4952 - -# Requeue the sample on the collector sample queue when the collector -# fails to dispatch it. This is only valid if the sample come from the -# notifier publisher. (boolean value) -#requeue_sample_on_dispatcher_error = false - -# Requeue the event on the collector event queue when the collector -# fails to dispatch it. (boolean value) -#requeue_event_on_dispatcher_error = false - - -[compute] - -# -# From ceilometer -# - -# Enable work-load partitioning, allowing multiple compute agents to -# be run simultaneously. (boolean value) -#workload_partitioning = false - - -[coordination] - -# -# From ceilometer -# - -# The backend URL to use for distributed coordination. If left empty, -# per-deployment central agent and per-host compute agent won't do -# workload partitioning and will only function correctly if a single -# instance of that service is running. (string value) -#backend_url = <None> - -# Number of seconds between heartbeats for distributed coordination. -# (floating point value) -#heartbeat = 1.0 - -# Number of seconds between checks to see if group membership has -# changed (floating point value) -#check_watchers = 10.0 - - -[database] - -# -# From ceilometer -# - -# Number of seconds that samples are kept in the database for (<= 0 -# means forever). (integer value) -# Deprecated group/name - [database]/time_to_live -#metering_time_to_live = -1 - -# Number of seconds that events are kept in the database for (<= 0 -# means forever). (integer value) -#event_time_to_live = -1 - -# The connection string used to connect to the metering database. (if -# unset, connection is used) (string value) -#metering_connection = <None> - -# The connection string used to connect to the alarm database. (if -# unset, connection is used) (string value) -#alarm_connection = <None> - -# The connection string used to connect to the event database. (if -# unset, connection is used) (string value) -#event_connection = <None> - -# The name of the replica set which is used to connect to MongoDB -# database. If it is set, MongoReplicaSetClient will be used instead -# of MongoClient. (string value) -#mongodb_replica_set = - -# The max length of resources id in DB2 nosql, the value should be -# larger than len(hostname) * 2 as compute node's resource id is -# <hostname>_<nodename>. (integer value) -#db2nosql_resource_id_maxlen = 512 - -# -# From oslo.db -# - -# The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -#sqlite_db = oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. -# (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = <None> -connection=postgresql://{{ CEILOMETER_DB_USER }}:{{ CEILOMETER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ceilometer - -# The SQLAlchemy connection string to use to connect to the slave -# database. (string value) -#slave_connection = <None> - -# The SQL mode to be used for MySQL sessions. This option, including -# the default, overrides any server-set SQL mode. To use whatever SQL -# mode is set by the server configuration, set this to no value. -# Example: mysql_sql_mode= (string value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = <None> - -# Maximum number of database connection retries during startup. Set to -# -1 to specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = <None> - -# Verbosity of SQL debugging information: 0=None, 100=Everything. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = <None> - -# Enable the experimental use of database reconnect on connection -# lost. (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database -# operation up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries -# of a database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before -# error is raised. Set to -1 to specify an infinite retry count. -# (integer value) -#db_max_retries = 20 - - -[dispatcher_file] - -# -# From ceilometer -# - -# Name and the location of the file to record meters. (string value) -#file_path = <None> - -# The max size of the file. (integer value) -#max_bytes = 0 - -# The max number of the files to keep. (integer value) -#backup_count = 0 - - -[event] - -# -# From ceilometer -# - -# Configuration file for event definitions. (string value) -definitions_cfg_file = event_definitions.yaml - -# Drop notifications if no event definition matches. (Otherwise, we -# convert them with just the default traits) (boolean value) -#drop_unmatched_notifications = false - -# Store the raw notification for select priority levels (info and/or -# error). By default, raw details are not captured. (multi valued) -#store_raw = - - -[hardware] - -# -# From ceilometer -# - -# URL scheme to use for hardware nodes. (string value) -#url_scheme = snmp:// - -# SNMPd user name of all nodes running in the cloud. (string value) -#readonly_user_name = ro_snmp_user - -# SNMPd password of all the nodes running in the cloud. (string value) -#readonly_user_password = password - - -[ipmi] - -# -# From ceilometer -# - -# Number of retries upon Intel Node Manager initialization failure -# (integer value) -#node_manager_init_retry = 3 - -# Tolerance of IPMI/NM polling failures before disable this pollster. -# Negative indicates retrying forever. (integer value) -#polling_retry = 3 - - -[keystone_authtoken] - -# -# From keystonemiddleware.auth_token -# - -# Complete public Identity API endpoint. (string value) -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 - -# API version of the admin Identity API endpoint. (string value) -#auth_version = <None> - -# Do not handle authorization requests within the middleware, but -# delegate the authorization decision to downstream WSGI components. -# (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. -# (integer value) -#http_connect_timeout = <None> - -# How many times are we trying to reconnect when communicating with -# Identity API Server. (integer value) -#http_request_max_retries = 3 - -# Env key for the swift cache. (string value) -#cache = <None> - -# Required if identity server requires client certificate (string -# value) -#certfile = <None> - -# Required if identity server requires client certificate (string -# value) -#keyfile = <None> - -# A PEM encoded Certificate Authority to use when verifying HTTPs -# connections. Defaults to system CAs. (string value) -#cafile = <None> - -# Verify HTTPS connections. (boolean value) -#insecure = false - -# Directory used to cache files related to PKI tokens. (string value) -#signing_dir = <None> - -# Optionally specify a list of memcached server(s) to use for caching. -# If left undefined, tokens will instead be cached in-process. (list -# value) -# Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers = <None> - -# In order to prevent excessive effort spent validating tokens, the -# middleware caches previously-seen tokens for a configurable duration -# (in seconds). Set to -1 to disable caching completely. (integer -# value) -#token_cache_time = 300 - -# Determines the frequency at which the list of revoked tokens is -# retrieved from the Identity service (in seconds). A high number of -# revocation events combined with a low cache duration may -# significantly reduce performance. (integer value) -#revocation_cache_time = 10 - -# (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable values are -# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in -# the cache. If ENCRYPT, token data is encrypted and authenticated in -# the cache. If the value is not one of these options or empty, -# auth_token will raise an exception on initialization. (string value) -#memcache_security_strategy = <None> - -# (Optional, mandatory if memcache_security_strategy is defined) This -# string is used for key derivation. (string value) -#memcache_secret_key = <None> - -# (Optional) Number of seconds memcached server is considered dead -# before it is tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a -# memcache server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held -# unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a -# memcache client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcache client pool. -# The advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If -# False, middleware will not ask for service catalog on token -# validation and will not set the X-Service-Catalog header. (boolean -# value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: -# "disabled" to not check token binding. "permissive" (default) to -# validate binding information if the bind type is of a form known to -# the server and ignore it if not. "strict" like "permissive" but if -# the bind type is unknown the token will be rejected. "required" any -# form of token binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string value) -#enforce_token_bind = permissive - -# If true, the revocation list will be checked for cached tokens. This -# requires that PKI tokens are configured on the identity server. -# (boolean value) -#check_revocations_for_cached = false - -# Hash algorithms to use for hashing PKI tokens. This may be a single -# algorithm or multiple. The algorithms are those supported by Python -# standard hashlib.new(). The hashes will be tried in the order given, -# so put the preferred one first for performance. The result of the -# first hash will be stored in the cache. This will typically be set -# to multiple values only while migrating from a less secure algorithm -# to a more secure one. Once all the old tokens are expired this -# option should be set to a single value for better performance. (list -# value) -#hash_algorithms = md5 - -# Prefix to prepend at the beginning of the path. Deprecated, use -# identity_uri. (string value) -#auth_admin_prefix = - -# Host providing the admin Identity API endpoint. Deprecated, use -# identity_uri. (string value) -#auth_host = 127.0.0.1 - -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -#auth_port = 35357 - -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -#auth_protocol = https - -# Complete admin Identity API endpoint. This should specify the -# unversioned root endpoint e.g. https://localhost:35357/ (string -# value) -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 - -# This option is deprecated and may be removed in a future release. -# Single shared secret with the Keystone configuration used for -# bootstrapping a Keystone installation, or otherwise bypassing the -# normal authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token = <None> - -# Service username. (string value) -admin_user = {{ CEILOMETER_SERVICE_USER }} - -# Service user password. (string value) -admin_password = {{ CEILOMETER_SERVICE_PASSWORD }} - -# Service tenant name. (string value) -admin_tenant_name = service - - -[matchmaker_redis] - -# -# From oslo.messaging -# - -# Host to locate redis. (string value) -#host = 127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port = 6379 - -# Password for Redis server (optional). (string value) -#password = <None> - - -[matchmaker_ring] - -# -# From oslo.messaging -# - -# Matchmaker ring file (JSON). (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile = /etc/oslo/matchmaker_ring.json - - -[notification] - -# -# From ceilometer -# - -# Acknowledge message when event persistence fails. (boolean value) -# Deprecated group/name - [collector]/ack_on_event_error -#ack_on_event_error = true - -# Save event details. (boolean value) -# Deprecated group/name - [collector]/store_events -#store_events = false - -# WARNING: Ceilometer historically offered the ability to store events -# as meters. This usage is NOT advised as it can flood the metering -# database and cause performance degradation. This option disables the -# collection of non-metric meters and will be the default behavior in -# Liberty. (boolean value) -#disable_non_metric_meters = false - -# Enable workload partitioning, allowing multiple notification agents -# to be run simultaneously. (boolean value) -#workload_partitioning = false - -# Messaging URLs to listen for notifications. Example: -# transport://user:pass@host1:port[,hostN:portN]/virtual_host -# (DEFAULT/transport_url is used if empty) (multi valued) -#messaging_urls = - - -[oslo_concurrency] - -# -# From oslo.concurrency -# - -# Enables or disables inter-process locks. (boolean value) -# Deprecated group/name - [DEFAULT]/disable_process_locking -#disable_process_locking = false - -# Directory to use for lock files. For security, the specified -# directory should only be writable by the user running the processes -# that need locking. Defaults to environment variable OSLO_LOCK_PATH. -# If external locks are used, a lock path must be set. (string value) -# Deprecated group/name - [DEFAULT]/lock_path -#lock_path = <None> - - -[oslo_messaging_amqp] - -# -# From oslo.messaging -# - -# address prefix used when sending to a specific server (string value) -# Deprecated group/name - [amqp1]/server_request_prefix -#server_request_prefix = exclusive - -# address prefix used when broadcasting to all servers (string value) -# Deprecated group/name - [amqp1]/broadcast_prefix -#broadcast_prefix = broadcast - -# address prefix when sending to any server in group (string value) -# Deprecated group/name - [amqp1]/group_request_prefix -#group_request_prefix = unicast - -# Name for the AMQP container (string value) -# Deprecated group/name - [amqp1]/container_name -#container_name = <None> - -# Timeout for inactive connections (in seconds) (integer value) -# Deprecated group/name - [amqp1]/idle_timeout -#idle_timeout = 0 - -# Debug: dump AMQP frames to stdout (boolean value) -# Deprecated group/name - [amqp1]/trace -#trace = false - -# CA certificate PEM file for verifing server certificate (string -# value) -# Deprecated group/name - [amqp1]/ssl_ca_file -#ssl_ca_file = - -# Identifying certificate PEM file to present to clients (string -# value) -# Deprecated group/name - [amqp1]/ssl_cert_file -#ssl_cert_file = - -# Private key PEM file used to sign cert_file certificate (string -# value) -# Deprecated group/name - [amqp1]/ssl_key_file -#ssl_key_file = - -# Password for decrypting ssl_key_file (if encrypted) (string value) -# Deprecated group/name - [amqp1]/ssl_key_password -#ssl_key_password = <None> - -# Accept clients using either SSL or plain TCP (boolean value) -# Deprecated group/name - [amqp1]/allow_insecure_clients -#allow_insecure_clients = false - - -[oslo_messaging_qpid] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete = false - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size = 30 - -# Qpid broker hostname. (string value) -# Deprecated group/name - [DEFAULT]/qpid_hostname -#qpid_hostname = localhost - -# Qpid broker port. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_port -#qpid_port = 5672 - -# Qpid HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/qpid_hosts -#qpid_hosts = $qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -# Deprecated group/name - [DEFAULT]/qpid_username -#qpid_username = - -# Password for Qpid connection. (string value) -# Deprecated group/name - [DEFAULT]/qpid_password -#qpid_password = - -# Space separated list of SASL mechanisms to use for auth. (string -# value) -# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms -#qpid_sasl_mechanisms = - -# Seconds between connection keepalive heartbeats. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_heartbeat -#qpid_heartbeat = 60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -# Deprecated group/name - [DEFAULT]/qpid_protocol -#qpid_protocol = tcp - -# Whether to disable the Nagle algorithm. (boolean value) -# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay -#qpid_tcp_nodelay = true - -# The number of prefetched messages held by receiver. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity -#qpid_receiver_capacity = 1 - -# The qpid topology version to use. Version 1 is what was originally -# used by impl_qpid. Version 2 includes some backwards-incompatible -# changes that allow broker federation to work. Users should update -# to version 2 when they are able to take everything down, as it -# requires a clean break. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_topology_version -#qpid_topology_version = 1 - - -[oslo_messaging_rabbit] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete = false - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size = 30 - -# SSL version to use (valid only if SSL enabled). Valid values are -# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be -# available on some distributions. (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_version -#kombu_ssl_version = - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile -#kombu_ssl_keyfile = - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile -#kombu_ssl_certfile = - -# SSL certification authority file (valid only if SSL enabled). -# (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs -#kombu_ssl_ca_certs = - -# How long to wait before reconnecting in response to an AMQP consumer -# cancel notification. (floating point value) -# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay -#kombu_reconnect_delay = 1.0 - -# The RabbitMQ broker address where a single node is used. (string -# value) -# Deprecated group/name - [DEFAULT]/rabbit_host -rabbit_host = {{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. (integer -# value) -# Deprecated group/name - [DEFAULT]/rabbit_port -rabbit_port = {{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/rabbit_hosts -#rabbit_hosts = $rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -rabbit_use_ssl = false - -# The RabbitMQ userid. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_userid -rabbit_userid = {{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_password -rabbit_password = {{ RABBITMQ_PASSWORD }} - -# The RabbitMQ login method. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_login_method -#rabbit_login_method = AMQPLAIN - -# The RabbitMQ virtual host. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_virtual_host -rabbit_virtual_host = / - -# How frequently to retry connecting with RabbitMQ. (integer value) -#rabbit_retry_interval = 1 - -# How long to backoff for between retries when connecting to RabbitMQ. -# (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff -#rabbit_retry_backoff = 2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_max_retries -#rabbit_max_retries = 0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this -# option, you must wipe the RabbitMQ database. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_ha_queues -#rabbit_ha_queues = false - -# Number of seconds after which the Rabbit broker is considered down -# if heartbeat's keep-alive fails (0 disables the heartbeat, >0 -# enables it. Enabling heartbeats requires kombu>=3.0.7 and -# amqp>=1.4.0). EXPERIMENTAL (integer value) -#heartbeat_timeout_threshold = 0 - -# How often times during the heartbeat_timeout_threshold we check the -# heartbeat. (integer value) -#heartbeat_rate = 2 - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake -# (boolean value) -# Deprecated group/name - [DEFAULT]/fake_rabbit -#fake_rabbit = false - - -[oslo_policy] - -# -# From oslo.policy -# - -# The JSON file that defines policies. (string value) -# Deprecated group/name - [DEFAULT]/policy_file -policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string -# value) -# Deprecated group/name - [DEFAULT]/policy_default_rule -policy_default_rule = default - -# Directories where policy configuration files are stored. They can be -# relative to any directory in the search path defined by the -# config_dir option, or absolute paths. The file defined by -# policy_file must exist for these directories to be searched. -# Missing or empty directories are ignored. (multi valued) -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs = policy.d - - -[polling] - -# -# From ceilometer -# - -# Work-load partitioning group prefix. Use only if you want to run -# multiple polling agents with different config files. For each sub- -# group of the agent pool with the same partitioning_group_prefix a -# disjoint subset of pollsters should be loaded. (string value) -# Deprecated group/name - [central]/partitioning_group_prefix -#partitioning_group_prefix = <None> - - -[publisher] - -# -# From ceilometer -# - -# Secret value for signing messages. Set value empty if signing is not -# required to avoid computational overhead. (string value) -# Deprecated group/name - [DEFAULT]/metering_secret -# Deprecated group/name - [publisher_rpc]/metering_secret -# Deprecated group/name - [publisher]/metering_secret -#telemetry_secret = change this for valid signing - - -[publisher_notifier] - -# -# From ceilometer -# - -# The topic that ceilometer uses for metering notifications. (string -# value) -#metering_topic = metering - -# The topic that ceilometer uses for event notifications. (string -# value) -#event_topic = event - -# The driver that ceilometer uses for metering notifications. (string -# value) -# Deprecated group/name - [DEFAULT]/metering_driver -#telemetry_driver = messagingv2 - - -[publisher_rpc] - -# -# From ceilometer -# - -# The topic that ceilometer uses for metering messages. (string value) -# Deprecated group/name - [DEFAULT]/metering_topic -#metering_topic = metering - - -[rgw_admin_credentials] - -# -# From ceilometer -# - -# Access key for Radosgw Admin. (string value) -#access_key = <None> - -# Secret key for Radosgw Admin. (string value) -#secret_key = <None> - - -[service_credentials] - -# -# From ceilometer -# - -# User name to use for OpenStack service access. (string value) -# Deprecated group/name - [DEFAULT]/os_username -os_username = {{ CEILOMETER_SERVICE_USER }} - -# Password to use for OpenStack service access. (string value) -# Deprecated group/name - [DEFAULT]/os_password -os_password = {{ CEILOMETER_SERVICE_PASSWORD }} - -# Tenant ID to use for OpenStack service access. (string value) -# Deprecated group/name - [DEFAULT]/os_tenant_id -#os_tenant_id = - -# Tenant name to use for OpenStack service access. (string value) -# Deprecated group/name - [DEFAULT]/os_tenant_name -os_tenant_name = service - -# Certificate chain for SSL validation. (string value) -#os_cacert = <None> - -# Auth URL to use for OpenStack service access. (string value) -# Deprecated group/name - [DEFAULT]/os_auth_url -os_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 - -# Region name to use for OpenStack service endpoints. (string value) -# Deprecated group/name - [DEFAULT]/os_region_name -os_region_name = regionOne - -# Type of endpoint in Identity service catalog to use for -# communication with OpenStack services. (string value) -os_endpoint_type = internalURL - -# Disables X.509 certificate validation when an SSL connection to -# Identity Service is established. (boolean value) -#insecure = false - - -[service_types] - -# -# From ceilometer -# - -# Kwapi service type. (string value) -#kwapi = energy - -# Glance service type. (string value) -glance = image - -# Neutron service type. (string value) -neutron = network - -# Nova service type. (string value) -nova = compute - -# Radosgw service type. (string value) -#radosgw = object-store - -# Swift service type. (string value) -#swift = object-store - - -[vmware] - -# -# From ceilometer -# - -# IP address of the VMware Vsphere host. (string value) -#host_ip = - -# Port of the VMware Vsphere host. (integer value) -#host_port = 443 - -# Username of VMware Vsphere. (string value) -#host_username = - -# Password of VMware Vsphere. (string value) -#host_password = - -# Number of times a VMware Vsphere API may be retried. (integer value) -#api_retry_count = 10 - -# Sleep time in seconds for polling an ongoing async task. (floating -# point value) -#task_poll_interval = 0.5 - -# Optional vim service WSDL location e.g -# http://<server>/vimService.wsdl. Optional over-ride to default -# location for bug work-arounds. (string value) -#wsdl_location = <None> - - -[xenapi] - -# -# From ceilometer -# - -# URL for connection to XenServer/Xen Cloud Platform. (string value) -#connection_url = <None> - -# Username for connection to XenServer/Xen Cloud Platform. (string -# value) -#connection_username = root - -# Password for connection to XenServer/Xen Cloud Platform. (string -# value) -#connection_password = <None> - -# Timeout in seconds for XenAPI login. (integer value) -#login_timeout = 10 diff --git a/install-files/openstack/usr/share/openstack/cinder-config.yml b/install-files/openstack/usr/share/openstack/cinder-config.yml deleted file mode 100644 index fd3e2cd0..00000000 --- a/install-files/openstack/usr/share/openstack/cinder-config.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/cinder.conf" - tasks: -# Configure cinder - - name: Create the cinder user. - user: - name: cinder - comment: Openstack Cinder Daemons - shell: /sbin/nologin - home: /var/lib/cinder - - - name: Create the /var folders for cinder - file: - path: "{{ item }}" - state: directory - owner: cinder - group: cinder - with_items: - - /var/run/cinder - - /var/lock/cinder - - /var/log/cinder - - /var/lib/cinder - - /var/lib/cinder/volumes - - - name: Create /etc/cinder directory - file: - path: /etc/cinder - state: directory - - - name: Add the configuration needed for cinder in /etc/cinder using templates - template: - src: /usr/share/openstack/cinder/{{ item }} - dest: /etc/cinder/{{ item }} - with_lines: - - cd /usr/share/openstack/cinder && find -type f diff --git a/install-files/openstack/usr/share/openstack/cinder-db.yml b/install-files/openstack/usr/share/openstack/cinder-db.yml deleted file mode 100644 index 24e4980f..00000000 --- a/install-files/openstack/usr/share/openstack/cinder-db.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/cinder.conf" - tasks: - - name: Create cinder service user in service tenant - keystone_user: - user: "{{ CINDER_SERVICE_USER }}" - password: "{{ CINDER_SERVICE_PASSWORD }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Assign admin role to cinder service user in the service tenant - keystone_user: - role: admin - user: "{{ CINDER_SERVICE_USER }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Add cinder endpoint - keystone_service: - name: cinder - type: volume - description: Openstack Block Storage - publicurl: 'http://{{ ansible_hostname }}:8776/v1/%(tenant_id)s' - internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8776/v1/%(tenant_id)s' - adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8776/v1/%(tenant_id)s' - region: regionOne - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Add cinderv2 endpoint - keystone_service: - name: cinderv2 - type: volumev2 - description: Openstack Block Storage - publicurl: 'http://{{ ansible_hostname }}:8776/v2/%(tenant_id)s' - internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8776/v2/%(tenant_id)s' - adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8776/v2/%(tenant_id)s' - region: regionOne - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Create postgresql user for cinder - postgresql_user: - name: "{{ CINDER_DB_USER }}" - password: "{{ CINDER_DB_PASSWORD }}" - sudo: yes - sudo_user: cinder - - - name: Create database for cinder services - postgresql_db: - name: cinder - owner: "{{ CINDER_DB_USER }}" - sudo: yes - sudo_user: cinder - - - name: Initiate cinder database - command: cinder-manage db sync - sudo: yes - sudo_user: cinder diff --git a/install-files/openstack/usr/share/openstack/cinder-lvs.yml b/install-files/openstack/usr/share/openstack/cinder-lvs.yml deleted file mode 100644 index 7a91a306..00000000 --- a/install-files/openstack/usr/share/openstack/cinder-lvs.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/cinder.conf" - tasks: - - name: Check that CINDER_DEVICE exists - stat: - path: "{{ CINDER_DEVICE }}" - register: cinder_device_stats - failed_when: cinder_device_stats.stat.exists == false - - - name: Configure LVM group for cinder - lvg: - vg: cinder-volumes - pvs: "{{ CINDER_DEVICE }}" - - - lineinfile: - dest: /etc/lvm/lvm.conf - regexp: '# filter = \[ \"a\/\.\*/\" \]' - line: ' filter = [ "a|{{ CINDER_DEVICE }}|", "r/.*/" ]' - backrefs: yes diff --git a/install-files/openstack/usr/share/openstack/cinder/cinder.conf b/install-files/openstack/usr/share/openstack/cinder/cinder.conf deleted file mode 100644 index f3e4f11c..00000000 --- a/install-files/openstack/usr/share/openstack/cinder/cinder.conf +++ /dev/null @@ -1,2991 +0,0 @@ -[DEFAULT] - -use_syslog = True - -# -# Options defined in oslo.messaging -# - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* - -# MatchMaker driver. (string value) -#rpc_zmq_matchmaker=local - -# ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 - -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=cinder - -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 - -# Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 - -# Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 - -# Size of RPC thread pool. (integer value) -#rpc_thread_pool_size=64 - -# Driver or drivers to handle sending notifications. (multi -# valued) -notification_driver=messagingv2 - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -#notification_topics=notifications - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -#transport_url=<None> - -# The messaging driver to use, defaults to rabbit. Other -# drivers include qpid and zmq. (string value) -rpc_backend=rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -control_exchange=cinder - - -# -# Options defined in cinder.exception -# - -# Make exception message format errors fatal. (boolean value) -#fatal_exception_format_errors=false - - -# -# Options defined in cinder.quota -# - -# Number of volumes allowed per project (integer value) -#quota_volumes=10 - -# Number of volume snapshots allowed per project (integer -# value) -#quota_snapshots=10 - -# Number of consistencygroups allowed per project (integer -# value) -#quota_consistencygroups=10 - -# Total amount of storage, in gigabytes, allowed for volumes -# and snapshots per project (integer value) -#quota_gigabytes=1000 - -# Number of volume backups allowed per project (integer value) -#quota_backups=10 - -# Total amount of storage, in gigabytes, allowed for backups -# per project (integer value) -#quota_backup_gigabytes=1000 - -# Number of seconds until a reservation expires (integer -# value) -#reservation_expire=86400 - -# Count of reservations until usage is refreshed (integer -# value) -#until_refresh=0 - -# Number of seconds between subsequent usage refreshes -# (integer value) -#max_age=0 - -# Default driver to use for quota checks (string value) -#quota_driver=cinder.quota.DbQuotaDriver - -# Enables or disables use of default quota class with default -# quota. (boolean value) -#use_default_quota_class=true - - -# -# Options defined in cinder.service -# - -# Interval, in seconds, between nodes reporting state to -# datastore (integer value) -#report_interval=10 - -# Interval, in seconds, between running periodic tasks -# (integer value) -#periodic_interval=60 - -# Range, in seconds, to randomly delay when starting the -# periodic task scheduler to reduce stampeding. (Disable by -# setting to 0) (integer value) -#periodic_fuzzy_delay=60 - -# IP address on which OpenStack Volume API listens (string -# value) -#osapi_volume_listen=0.0.0.0 - -# Port on which OpenStack Volume API listens (integer value) -#osapi_volume_listen_port=8776 - -# Number of workers for OpenStack Volume API service. The -# default is equal to the number of CPUs available. (integer -# value) -#osapi_volume_workers=<None> - - -# -# Options defined in cinder.ssh_utils -# - -# Option to enable strict host key checking. When set to -# "True" Cinder will only connect to systems with a host key -# present in the configured "ssh_hosts_key_file". When set to -# "False" the host key will be saved upon first connection and -# used for subsequent connections. Default=False (boolean -# value) -#strict_ssh_host_key_policy=false - -# File containing SSH host keys for the systems with which -# Cinder needs to communicate. OPTIONAL: -# Default=$state_path/ssh_known_hosts (string value) -#ssh_hosts_key_file=$state_path/ssh_known_hosts - - -# -# Options defined in cinder.test -# - -# File name of clean sqlite db (string value) -#sqlite_clean_db=clean.sqlite - - -# -# Options defined in cinder.wsgi -# - -# Maximum line size of message headers to be accepted. -# max_header_line may need to be increased when using large -# tokens (typically those generated by the Keystone v3 API -# with big service catalogs). (integer value) -#max_header_line=16384 - -# Timeout for client connections' socket operations. If an -# incoming connection is idle for this number of seconds it -# will be closed. A value of '0' means wait forever. (integer -# value) -#client_socket_timeout=900 - -# If False, closes the client socket connection explicitly. -# Setting it to True to maintain backward compatibility. -# Recommended setting is set it to False. (boolean value) -#wsgi_keep_alive=true - -# Sets the value of TCP_KEEPALIVE (True/False) for each server -# socket. (boolean value) -#tcp_keepalive=true - -# Sets the value of TCP_KEEPIDLE in seconds for each server -# socket. Not supported on OS X. (integer value) -#tcp_keepidle=600 - -# Sets the value of TCP_KEEPINTVL in seconds for each server -# socket. Not supported on OS X. (integer value) -#tcp_keepalive_interval=<None> - -# Sets the value of TCP_KEEPCNT for each server socket. Not -# supported on OS X. (integer value) -#tcp_keepalive_count=<None> - -# CA certificate file to use to verify connecting clients -# (string value) -#ssl_ca_file=<None> - -# Certificate file to use when starting the server securely -# (string value) -#ssl_cert_file=<None> - -# Private key file to use when starting the server securely -# (string value) -#ssl_key_file=<None> - - -# -# Options defined in cinder.api.common -# - -# The maximum number of items that a collection resource -# returns in a single response (integer value) -#osapi_max_limit=1000 - -# Base URL that will be presented to users in links to the -# OpenStack Volume API (string value) -# Deprecated group/name - [DEFAULT]/osapi_compute_link_prefix -#osapi_volume_base_URL=<None> - - -# -# Options defined in cinder.api.middleware.auth -# - -# Treat X-Forwarded-For as the canonical remote address. Only -# enable this if you have a sanitizing proxy. (boolean value) -#use_forwarded_for=false - - -# -# Options defined in cinder.api.middleware.sizelimit -# - -# Max size for body of a request (integer value) -#osapi_max_request_body_size=114688 - - -# -# Options defined in cinder.api.views.versions -# - -# Public url to use for versions endpoint. The default is -# None, which will use the request's host_url attribute to -# populate the URL base. If Cinder is operating behind a -# proxy, you will want to change this to represent the proxy's -# URL. (string value) -#public_endpoint=<None> - - -# -# Options defined in cinder.backup.chunkeddriver -# - -# Compression algorithm (None to disable) (string value) -#backup_compression_algorithm=zlib - - -# -# Options defined in cinder.backup.driver -# - -# Backup metadata version to be used when backing up volume -# metadata. If this number is bumped, make sure the service -# doing the restore supports the new version. (integer value) -#backup_metadata_version=2 - -# The number of chunks or objects, for which one Ceilometer -# notification will be sent (integer value) -#backup_object_number_per_notification=10 - -# Interval, in seconds, between two progress notifications -# reporting the backup status (integer value) -#backup_timer_interval=120 - - -# -# Options defined in cinder.backup.drivers.ceph -# - -# Ceph configuration file to use. (string value) -#backup_ceph_conf=/etc/ceph/ceph.conf - -# The Ceph user to connect with. Default here is to use the -# same user as for Cinder volumes. If not using cephx this -# should be set to None. (string value) -#backup_ceph_user=cinder - -# The chunk size, in bytes, that a backup is broken into -# before transfer to the Ceph object store. (integer value) -#backup_ceph_chunk_size=134217728 - -# The Ceph pool where volume backups are stored. (string -# value) -#backup_ceph_pool=backups - -# RBD stripe unit to use when creating a backup image. -# (integer value) -#backup_ceph_stripe_unit=0 - -# RBD stripe count to use when creating a backup image. -# (integer value) -#backup_ceph_stripe_count=0 - -# If True, always discard excess bytes when restoring volumes -# i.e. pad with zeroes. (boolean value) -#restore_discard_excess_bytes=true - - -# -# Options defined in cinder.backup.drivers.nfs -# - -# The maximum size in bytes of the files used to hold backups. -# If the volume being backed up exceeds this size, then it -# will be backed up into multiple files. (integer value) -#backup_file_size=1999994880 - -# The size in bytes that changes are tracked for incremental -# backups. backup_swift_object_size has to be multiple of -# backup_swift_block_size. (integer value) -#backup_sha_block_size_bytes=32768 - -# Enable or Disable the timer to send the periodic progress -# notifications to Ceilometer when backing up the volume to -# the backend storage. The default value is True to enable the -# timer. (boolean value) -#backup_enable_progress_timer=true - -# Base dir containing mount point for NFS share. (string -# value) -#backup_mount_point_base=$state_path/backup_mount - -# NFS share in fqdn:path, ipv4addr:path, or "[ipv6addr]:path" -# format. (string value) -#backup_share=<None> - -# Mount options passed to the NFS client. See NFS man page for -# details. (string value) -#backup_mount_options=<None> - -# Custom container to use for backups. (string value) -#backup_container=<None> - - -# -# Options defined in cinder.backup.drivers.swift -# - -# The URL of the Swift endpoint (string value) -#backup_swift_url=<None> - -# Info to match when looking for swift in the service catalog. -# Format is: separated values of the form: -# <service_type>:<service_name>:<endpoint_type> - Only used if -# backup_swift_url is unset (string value) -#swift_catalog_info=object-store:swift:publicURL - -# Swift authentication mechanism (string value) -#backup_swift_auth=per_user - -# Swift authentication version. Specify "1" for auth 1.0, or -# "2" for auth 2.0 (string value) -#backup_swift_auth_version=1 - -# Swift tenant/account name. Required when connecting to an -# auth 2.0 system (string value) -#backup_swift_tenant=<None> - -# Swift user name (string value) -#backup_swift_user=<None> - -# Swift key for authentication (string value) -#backup_swift_key=<None> - -# The default Swift container to use (string value) -#backup_swift_container=volumebackups - -# The size in bytes of Swift backup objects (integer value) -#backup_swift_object_size=52428800 - -# The size in bytes that changes are tracked for incremental -# backups. backup_swift_object_size has to be multiple of -# backup_swift_block_size. (integer value) -#backup_swift_block_size=32768 - -# The number of retries to make for Swift operations (integer -# value) -#backup_swift_retry_attempts=3 - -# The backoff time in seconds between Swift retries (integer -# value) -#backup_swift_retry_backoff=2 - -# Enable or Disable the timer to send the periodic progress -# notifications to Ceilometer when backing up the volume to -# the Swift backend storage. The default value is True to -# enable the timer. (boolean value) -#backup_swift_enable_progress_timer=true - - -# -# Options defined in cinder.backup.drivers.tsm -# - -# Volume prefix for the backup id when backing up to TSM -# (string value) -#backup_tsm_volume_prefix=backup - -# TSM password for the running username (string value) -#backup_tsm_password=password - -# Enable or Disable compression for backups (boolean value) -#backup_tsm_compression=true - - -# -# Options defined in cinder.backup.manager -# - -# Driver to use for backups. (string value) -# Deprecated group/name - [DEFAULT]/backup_service -#backup_driver=cinder.backup.drivers.swift - - -# -# Options defined in cinder.cmd.volume -# - -# Backend override of host value. (string value) -# Deprecated group/name - [DEFAULT]/host -#backend_host=<None> - - -# -# Options defined in cinder.cmd.volume_usage_audit -# - -# If this option is specified then the start time specified is -# used instead of the start time of the last completed audit -# period. (string value) -#start_time=<None> - -# If this option is specified then the end time specified is -# used instead of the end time of the last completed audit -# period. (string value) -#end_time=<None> - -# Send the volume and snapshot create and delete notifications -# generated in the specified period. (boolean value) -#send_actions=false - - -# -# Options defined in cinder.common.config -# - -# File name for the paste.deploy config for cinder-api (string -# value) -api_paste_config=api-paste.ini - -# Top-level directory for maintaining cinder's state (string -# value) -# Deprecated group/name - [DEFAULT]/pybasedir -state_path=/var/lib/cinder - -# IP address of this host (string value) -my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Default glance host name or IP (string value) -glance_host={{ CONTROLLER_HOST_ADDRESS }} - -# Default glance port (integer value) -#glance_port=9292 - -# A list of the glance API servers available to cinder -# ([hostname|ip]:port) (list value) -#glance_api_servers=$glance_host:$glance_port - -# Version of the glance API to use (integer value) -#glance_api_version=1 - -# Number retries when downloading an image from glance -# (integer value) -#glance_num_retries=0 - -# Allow to perform insecure SSL (https) requests to glance -# (boolean value) -#glance_api_insecure=false - -# Enables or disables negotiation of SSL layer compression. In -# some cases disabling compression can improve data -# throughput, such as when high network bandwidth is available -# and you use compressed image formats like qcow2. (boolean -# value) -#glance_api_ssl_compression=false - -# Location of ca certificates file to use for glance client -# requests. (string value) -#glance_ca_certificates_file=<None> - -# http/https timeout value for glance operations. If no value -# (None) is supplied here, the glanceclient default value is -# used. (integer value) -#glance_request_timeout=<None> - -# The topic that scheduler nodes listen on (string value) -#scheduler_topic=cinder-scheduler - -# The topic that volume nodes listen on (string value) -#volume_topic=cinder-volume - -# The topic that volume backup nodes listen on (string value) -#backup_topic=cinder-backup - -# DEPRECATED: Deploy v1 of the Cinder API. (boolean value) -#enable_v1_api=true - -# Deploy v2 of the Cinder API. (boolean value) -#enable_v2_api=true - -# Enables or disables rate limit of the API. (boolean value) -#api_rate_limit=true - -# Specify list of extensions to load when using -# osapi_volume_extension option with -# cinder.api.contrib.select_extensions (list value) -#osapi_volume_ext_list= - -# osapi volume extension to load (multi valued) -#osapi_volume_extension=cinder.api.contrib.standard_extensions - -# Full class name for the Manager for volume (string value) -#volume_manager=cinder.volume.manager.VolumeManager - -# Full class name for the Manager for volume backup (string -# value) -#backup_manager=cinder.backup.manager.BackupManager - -# Full class name for the Manager for scheduler (string value) -#scheduler_manager=cinder.scheduler.manager.SchedulerManager - -# Name of this node. This can be an opaque identifier. It is -# not necessarily a host name, FQDN, or IP address. (string -# value) -#host=cinder - -# Availability zone of this node (string value) -#storage_availability_zone=nova - -# Default availability zone for new volumes. If not set, the -# storage_availability_zone option value is used as the -# default for new volumes. (string value) -#default_availability_zone=<None> - -# Default volume type to use (string value) -#default_volume_type=<None> - -# Time period for which to generate volume usages. The options -# are hour, day, month, or year. (string value) -#volume_usage_audit_period=month - -# Path to the rootwrap configuration file to use for running -# commands as root (string value) -rootwrap_config=/etc/cinder/rootwrap.conf - -# Enable monkey patching (boolean value) -#monkey_patch=false - -# List of modules/decorators to monkey patch (list value) -#monkey_patch_modules= - -# Maximum time since last check-in for a service to be -# considered up (integer value) -#service_down_time=60 - -# The full class name of the volume API class to use (string -# value) -#volume_api_class=cinder.volume.api.API - -# The full class name of the volume backup API class (string -# value) -#backup_api_class=cinder.backup.api.API - -# The strategy to use for auth. Supports noauth, keystone, and -# deprecated. (string value) -auth_strategy=keystone - -# A list of backend names to use. These backend names should -# be backed by a unique [CONFIG] group with its options (list -# value) -#enabled_backends=<None> - -# Whether snapshots count against gigabyte quota (boolean -# value) -#no_snapshot_gb_quota=false - -# The full class name of the volume transfer API class (string -# value) -#transfer_api_class=cinder.transfer.api.API - -# The full class name of the volume replication API class -# (string value) -#replication_api_class=cinder.replication.api.API - -# The full class name of the consistencygroup API class -# (string value) -#consistencygroup_api_class=cinder.consistencygroup.api.API - -# OpenStack privileged account username. Used for requests to -# other services (such as Nova) that require an account with -# special rights. (string value) -#os_privileged_user_name=<None> - -# Password associated with the OpenStack privileged account. -# (string value) -#os_privileged_user_password=<None> - -# Tenant name associated with the OpenStack privileged -# account. (string value) -#os_privileged_user_tenant=<None> - - -# -# Options defined in cinder.compute -# - -# The full class name of the compute API class to use (string -# value) -#compute_api_class=cinder.compute.nova.API - - -# -# Options defined in cinder.compute.nova -# - -# Match this value when searching for nova in the service -# catalog. Format is: separated values of the form: -# <service_type>:<service_name>:<endpoint_type> (string value) -#nova_catalog_info=compute:Compute Service:publicURL - -# Same as nova_catalog_info, but for admin endpoint. (string -# value) -#nova_catalog_admin_info=compute:Compute Service:adminURL - -# Override service catalog lookup with template for nova -# endpoint e.g. http://localhost:8774/v2/%(project_id)s -# (string value) -#nova_endpoint_template=<None> - -# Same as nova_endpoint_template, but for admin endpoint. -# (string value) -#nova_endpoint_admin_template=<None> - -# Region name of this node (string value) -#os_region_name=<None> - -# Location of ca certificates file to use for nova client -# requests. (string value) -#nova_ca_certificates_file=<None> - -# Allow to perform insecure SSL requests to nova (boolean -# value) -#nova_api_insecure=false - - -# -# Options defined in cinder.db.api -# - -# Services to be added to the available pool on create -# (boolean value) -#enable_new_services=true - -# Template string to be used to generate volume names (string -# value) -volume_name_template=volume-%s - -# Template string to be used to generate snapshot names -# (string value) -snapshot_name_template=snapshot-%s - -# Template string to be used to generate backup names (string -# value) -backup_name_template=backup-%s - - -# -# Options defined in cinder.db.base -# - -# Driver to use for database access (string value) -#db_driver=cinder.db - - -# -# Options defined in cinder.image.glance -# - -# Default core properties of image (list value) -#glance_core_properties=checksum,container_format,disk_format,image_name,image_id,min_disk,min_ram,name,size - -# A list of url schemes that can be downloaded directly via -# the direct_url. Currently supported schemes: [file]. (list -# value) -#allowed_direct_url_schemes= - - -# -# Options defined in cinder.image.image_utils -# - -# Directory used for temporary storage during image conversion -# (string value) -#image_conversion_dir=$state_path/conversion - - -# -# Options defined in cinder.openstack.common.eventlet_backdoor -# - -# Enable eventlet backdoor. Acceptable values are 0, <port>, -# and <start>:<end>, where 0 results in listening on a random -# tcp port number; <port> results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port=<None> - - -# -# Options defined in cinder.openstack.common.periodic_task -# - -# Some periodic tasks can be run in a separate process. Should -# we run them here? (boolean value) -#run_external_periodic_tasks=true - - -# -# Options defined in cinder.openstack.common.policy -# - -# The JSON file that defines policies. (string value) -#policy_file=policy.json - -# Default rule. Enforced when a requested rule is not found. -# (string value) -#policy_default_rule=default - -# Directories where policy configuration files are stored. -# They can be relative to any directory in the search path -# defined by the config_dir option, or absolute paths. The -# file defined by policy_file must exist for these directories -# to be searched. Missing or empty directories are ignored. -# (multi valued) -#policy_dirs=policy.d - - -# -# Options defined in cinder.openstack.common.versionutils -# - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - - -# -# Options defined in cinder.scheduler.driver -# - -# The scheduler host manager class to use (string value) -#scheduler_host_manager=cinder.scheduler.host_manager.HostManager - -# Maximum number of attempts to schedule an volume (integer -# value) -#scheduler_max_attempts=3 - - -# -# Options defined in cinder.scheduler.host_manager -# - -# Which filter class names to use for filtering hosts when not -# specified in the request. (list value) -#scheduler_default_filters=AvailabilityZoneFilter,CapacityFilter,CapabilitiesFilter - -# Which weigher class names to use for weighing hosts. (list -# value) -#scheduler_default_weighers=CapacityWeigher - - -# -# Options defined in cinder.scheduler.manager -# - -# Default scheduler driver to use (string value) -#scheduler_driver=cinder.scheduler.filter_scheduler.FilterScheduler - - -# -# Options defined in cinder.scheduler.scheduler_options -# - -# Absolute path to scheduler configuration JSON file. (string -# value) -#scheduler_json_config_location= - - -# -# Options defined in cinder.scheduler.simple -# - -# This configure option has been deprecated along with the -# SimpleScheduler. New scheduler is able to gather capacity -# information for each host, thus setting the maximum number -# of volume gigabytes for host is no longer needed. It's safe -# to remove this configure from cinder.conf. (integer value) -#max_gigabytes=10000 - - -# -# Options defined in cinder.scheduler.weights.capacity -# - -# Multiplier used for weighing volume capacity. Negative -# numbers mean to stack vs spread. (floating point value) -#capacity_weight_multiplier=1.0 - -# Multiplier used for weighing volume capacity. Negative -# numbers mean to stack vs spread. (floating point value) -#allocated_capacity_weight_multiplier=-1.0 - - -# -# Options defined in cinder.scheduler.weights.volume_number -# - -# Multiplier used for weighing volume number. Negative numbers -# mean to spread vs stack. (floating point value) -#volume_number_multiplier=-1.0 - - -# -# Options defined in cinder.transfer.api -# - -# The number of characters in the salt. (integer value) -#volume_transfer_salt_length=8 - -# The number of characters in the autogenerated auth key. -# (integer value) -#volume_transfer_key_length=16 - - -# -# Options defined in cinder.volume.api -# - -# Cache volume availability zones in memory for the provided -# duration in seconds (integer value) -#az_cache_duration=3600 - -# Create volume from snapshot at the host where snapshot -# resides (boolean value) -#snapshot_same_host=true - -# Ensure that the new volumes are the same AZ as snapshot or -# source volume (boolean value) -#cloned_volume_same_az=true - - -# -# Options defined in cinder.volume.driver -# - -# The maximum number of times to rescan iSER targetto find -# volume (integer value) -#num_iser_scan_tries=3 - -# This option is deprecated and unused. It will be removed in -# the Liberty release. (integer value) -#iser_num_targets=<None> - -# Prefix for iSER volumes (string value) -#iser_target_prefix=iqn.2010-10.org.openstack: - -# The IP address that the iSER daemon is listening on (string -# value) -#iser_ip_address=$my_ip - -# The port that the iSER daemon is listening on (integer -# value) -#iser_port=3260 - -# The name of the iSER target user-land tool to use (string -# value) -#iser_helper=tgtadm - -# Number of times to attempt to run flakey shell commands -# (integer value) -#num_shell_tries=3 - -# The percentage of backend capacity is reserved (integer -# value) -#reserved_percentage=0 - -# This option is deprecated and unused. It will be removed in -# the Liberty release. (integer value) -#iscsi_num_targets=<None> - -# Prefix for iSCSI volumes (string value) -#iscsi_target_prefix=iqn.2010-10.org.openstack: - -# The IP address that the iSCSI daemon is listening on (string -# value) -iscsi_ip_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# The list of secondary IP addresses of the iSCSI daemon (list -# value) -#iscsi_secondary_ip_addresses= - -# The port that the iSCSI daemon is listening on (integer -# value) -iscsi_port=3260 - -# The maximum number of times to rescan targets to find volume -# (integer value) -# Deprecated group/name - [DEFAULT]/num_iscsi_scan_tries -#num_volume_device_scan_tries=3 - -# The backend name for a given driver implementation (string -# value) -volume_backend_name=LVM_iSCSI - -# Do we attach/detach volumes in cinder using multipath for -# volume to image and image to volume transfers? (boolean -# value) -#use_multipath_for_image_xfer=false - -# If this is set to True, attachment of volumes for image -# transfer will be aborted when multipathd is not running. -# Otherwise, it will fallback to single path. (boolean value) -#enforce_multipath_for_image_xfer=false - -# Method used to wipe old volumes (string value) -volume_clear=zero - -# Size in MiB to wipe at start of old volumes. 0 => all -# (integer value) -volume_clear_size=50 - -# The flag to pass to ionice to alter the i/o priority of the -# process used to zero a volume after deletion, for example -# "-c3" for idle only priority. (string value) -#volume_clear_ionice=<None> - -# iSCSI target user-land tool to use. tgtadm is default, use -# lioadm for LIO iSCSI support, scstadmin for SCST target -# support, iseradm for the ISER protocol, ietadm for iSCSI -# Enterprise Target, iscsictl for Chelsio iSCSI Target or fake -# for testing. (string value) -iscsi_helper=lioadm - -# Volume configuration file storage directory (string value) -volumes_dir=$state_path/volumes - -# IET configuration file (string value) -#iet_conf=/etc/iet/ietd.conf - -# Chiscsi (CXT) global defaults configuration file (string -# value) -#chiscsi_conf=/etc/chelsio-iscsi/chiscsi.conf - -# This option is deprecated and unused. It will be removed in -# the next release. (string value) -#lio_initiator_iqns= - -# Sets the behavior of the iSCSI target to either perform -# blockio or fileio optionally, auto can be set and Cinder -# will autodetect type of backing device (string value) -#iscsi_iotype=fileio - -# The default block size used when copying/clearing volumes -# (string value) -#volume_dd_blocksize=1M - -# The blkio cgroup name to be used to limit bandwidth of -# volume copy (string value) -#volume_copy_blkio_cgroup_name=cinder-volume-copy - -# The upper limit of bandwidth of volume copy. 0 => unlimited -# (integer value) -#volume_copy_bps_limit=0 - -# Sets the behavior of the iSCSI target to either perform -# write-back(on) or write-through(off). This parameter is -# valid if iscsi_helper is set to tgtadm or iseradm. (string -# value) -#iscsi_write_cache=on - -# Determines the iSCSI protocol for new iSCSI volumes, created -# with tgtadm or lioadm target helpers. In order to enable -# RDMA, this parameter should be set with the value "iser". -# The supported iSCSI protocol values are "iscsi" and "iser". -# (string value) -#iscsi_protocol=iscsi - -# The path to the client certificate key for verification, if -# the driver supports it. (string value) -#driver_client_cert_key=<None> - -# The path to the client certificate for verification, if the -# driver supports it. (string value) -#driver_client_cert=<None> - -# Tell driver to use SSL for connection to backend storage if -# the driver supports it. (boolean value) -#driver_use_ssl=false - -# Float representation of the over subscription ratio when -# thin provisioning is involved. Default ratio is 20.0, -# meaning provisioned capacity can be 20 times of the total -# physical capacity. If the ratio is 10.5, it means -# provisioned capacity can be 10.5 times of the total physical -# capacity. A ratio of 1.0 means provisioned capacity cannot -# exceed the total physical capacity. A ratio lower than 1.0 -# will be ignored and the default value will be used instead. -# (floating point value) -#max_over_subscription_ratio=20.0 - -# Certain ISCSI targets have predefined target names, SCST -# target driver uses this name. (string value) -#scst_target_iqn_name=<None> - -# SCST target implementation can choose from multiple SCST -# target drivers. (string value) -#scst_target_driver=iscsi - -# Option to enable/disable CHAP authentication for targets. -# (boolean value) -# Deprecated group/name - [DEFAULT]/eqlx_use_chap -#use_chap_auth=false - -# CHAP user name. (string value) -# Deprecated group/name - [DEFAULT]/eqlx_chap_login -#chap_username= - -# Password for specified CHAP account name. (string value) -# Deprecated group/name - [DEFAULT]/eqlx_chap_password -#chap_password= - -# Namespace for driver private data values to be saved in. -# (string value) -#driver_data_namespace=<None> - -# String representation for an equation that will be used to -# filter hosts. Only used when the driver filter is set to be -# used by the Cinder scheduler. (string value) -#filter_function=<None> - -# String representation for an equation that will be used to -# determine the goodness of a host. Only used when using the -# goodness weigher is set to be used by the Cinder scheduler. -# (string value) -#goodness_function=<None> - - -# -# Options defined in cinder.volume.drivers.block_device -# - -# List of all available devices (list value) -#available_devices= - - -# -# Options defined in cinder.volume.drivers.cloudbyte.options -# - -# These values will be used for CloudByte storage's addQos API -# call. (dict value) -#cb_add_qosgroup=latency:15,iops:10,graceallowed:false,iopscontrol:true,memlimit:0,throughput:0,tpcontrol:false,networkspeed:0 - -# Driver will use this API key to authenticate against the -# CloudByte storage's management interface. (string value) -#cb_apikey=None - -# CloudByte storage specific account name. This maps to a -# project name in OpenStack. (string value) -#cb_account_name=None - -# This corresponds to the name of Tenant Storage Machine (TSM) -# in CloudByte storage. A volume will be created in this TSM. -# (string value) -#cb_tsm_name=None - -# A retry value in seconds. Will be used by the driver to -# check if volume creation was successful in CloudByte -# storage. (integer value) -#cb_confirm_volume_create_retry_interval=5 - -# Will confirm a successful volume creation in CloudByte -# storage by making this many number of attempts. (integer -# value) -#cb_confirm_volume_create_retries=3 - -# These values will be used for CloudByte storage's -# createVolume API call. (dict value) -#cb_create_volume=compression:off,deduplication:off,blocklength:512B,sync:always,protocoltype:ISCSI,recordsize:16k - - -# -# Options defined in cinder.volume.drivers.datera -# - -# DEPRECATED: This will be removed in the Liberty release. Use -# san_login and san_password instead. This directly sets the -# Datera API token. (string value) -#datera_api_token=<None> - -# Datera API port. (string value) -#datera_api_port=7717 - -# Datera API version. (string value) -#datera_api_version=1 - -# Number of replicas to create of an inode. (string value) -#datera_num_replicas=3 - - -# -# Options defined in cinder.volume.drivers.dell.dell_storagecenter_common -# - -# Storage Center System Serial Number (integer value) -#dell_sc_ssn=64702 - -# Dell API port (integer value) -#dell_sc_api_port=3033 - -# Name of the server folder to use on the Storage Center -# (string value) -#dell_sc_server_folder=openstack - -# Name of the volume folder to use on the Storage Center -# (string value) -#dell_sc_volume_folder=openstack - - -# -# Options defined in cinder.volume.drivers.emc.emc_vmax_common -# - -# use this file for cinder emc plugin config data (string -# value) -#cinder_emc_config_file=/etc/cinder/cinder_emc_config.xml - - -# -# Options defined in cinder.volume.drivers.emc.emc_vnx_cli -# - -# VNX authentication scope type. (string value) -#storage_vnx_authentication_type=global - -# Directory path that contains the VNX security file. Make -# sure the security file is generated first. (string value) -#storage_vnx_security_file_dir=<None> - -# Naviseccli Path. (string value) -#naviseccli_path= - -# Storage pool name. (string value) -#storage_vnx_pool_name=<None> - -# VNX secondary SP IP Address. (string value) -#san_secondary_ip=<None> - -# Default timeout for CLI operations in minutes. For example, -# LUN migration is a typical long running operation, which -# depends on the LUN size and the load of the array. An upper -# bound in the specific deployment can be set to avoid -# unnecessary long wait. By default, it is 365 days long. -# (integer value) -#default_timeout=525600 - -# Default max number of LUNs in a storage group. By default, -# the value is 255. (integer value) -#max_luns_per_storage_group=255 - -# To destroy storage group when the last LUN is removed from -# it. By default, the value is False. (boolean value) -#destroy_empty_storage_group=false - -# Mapping between hostname and its iSCSI initiator IP -# addresses. (string value) -#iscsi_initiators= - -# Automatically register initiators. By default, the value is -# False. (boolean value) -#initiator_auto_registration=false - -# Automatically deregister initiators after the related -# storage group is destroyed. By default, the value is False. -# (boolean value) -#initiator_auto_deregistration=false - -# Report free_capacity_gb as 0 when the limit to maximum -# number of pool LUNs is reached. By default, the value is -# False. (boolean value) -#check_max_pool_luns_threshold=false - -# Delete a LUN even if it is in Storage Groups. (boolean -# value) -#force_delete_lun_in_storagegroup=false - - -# -# Options defined in cinder.volume.drivers.emc.xtremio -# - -# XMS cluster id in multi-cluster environment (string value) -#xtremio_cluster_name= - - -# -# Options defined in cinder.volume.drivers.eqlx -# - -# Group name to use for creating volumes. Defaults to -# "group-0". (string value) -#eqlx_group_name=group-0 - -# Timeout for the Group Manager cli command execution. Default -# is 30. (integer value) -#eqlx_cli_timeout=30 - -# Maximum retry count for reconnection. Default is 5. (integer -# value) -#eqlx_cli_max_retries=5 - -# Use CHAP authentication for targets. Note that this option -# is deprecated in favour of "use_chap_auth" as specified in -# cinder/volume/driver.py and will be removed in next release. -# (boolean value) -#eqlx_use_chap=false - -# Existing CHAP account name. Note that this option is -# deprecated in favour of "chap_username" as specified in -# cinder/volume/driver.py and will be removed in next release. -# (string value) -#eqlx_chap_login=admin - -# Password for specified CHAP account name. Note that this -# option is deprecated in favour of "chap_password" as -# specified in cinder/volume/driver.py and will be removed in -# the next release (string value) -#eqlx_chap_password=password - -# Pool in which volumes will be created. Defaults to -# "default". (string value) -#eqlx_pool=default - - -# -# Options defined in cinder.volume.drivers.glusterfs -# - -# File with the list of available gluster shares (string -# value) -#glusterfs_shares_config=/etc/cinder/glusterfs_shares - -# Create volumes as sparsed files which take no space.If set -# to False volume is created as regular file.In such case -# volume creation takes a lot of time. (boolean value) -#glusterfs_sparsed_volumes=true - -# Create volumes as QCOW2 files rather than raw files. -# (boolean value) -#glusterfs_qcow2_volumes=false - -# Base dir containing mount points for gluster shares. (string -# value) -#glusterfs_mount_point_base=$state_path/mnt - - -# -# Options defined in cinder.volume.drivers.hds.hds -# - -# The configuration file for the Cinder HDS driver for HUS -# (string value) -#hds_cinder_config_file=/opt/hds/hus/cinder_hus_conf.xml - - -# -# Options defined in cinder.volume.drivers.hds.iscsi -# - -# Configuration file for HDS iSCSI cinder plugin (string -# value) -#hds_hnas_iscsi_config_file=/opt/hds/hnas/cinder_iscsi_conf.xml - - -# -# Options defined in cinder.volume.drivers.hds.nfs -# - -# Configuration file for HDS NFS cinder plugin (string value) -#hds_hnas_nfs_config_file=/opt/hds/hnas/cinder_nfs_conf.xml - - -# -# Options defined in cinder.volume.drivers.hitachi.hbsd_common -# - -# Serial number of storage system (string value) -#hitachi_serial_number=<None> - -# Name of an array unit (string value) -#hitachi_unit_name=<None> - -# Pool ID of storage system (integer value) -#hitachi_pool_id=<None> - -# Thin pool ID of storage system (integer value) -#hitachi_thin_pool_id=<None> - -# Range of logical device of storage system (string value) -#hitachi_ldev_range=<None> - -# Default copy method of storage system (string value) -#hitachi_default_copy_method=FULL - -# Copy speed of storage system (integer value) -#hitachi_copy_speed=3 - -# Interval to check copy (integer value) -#hitachi_copy_check_interval=3 - -# Interval to check copy asynchronously (integer value) -#hitachi_async_copy_check_interval=10 - -# Control port names for HostGroup or iSCSI Target (string -# value) -#hitachi_target_ports=<None> - -# Range of group number (string value) -#hitachi_group_range=<None> - -# Request for creating HostGroup or iSCSI Target (boolean -# value) -#hitachi_group_request=false - - -# -# Options defined in cinder.volume.drivers.hitachi.hbsd_fc -# - -# Request for FC Zone creating HostGroup (boolean value) -#hitachi_zoning_request=false - - -# -# Options defined in cinder.volume.drivers.hitachi.hbsd_horcm -# - -# Instance numbers for HORCM (string value) -#hitachi_horcm_numbers=200,201 - -# Username of storage system for HORCM (string value) -#hitachi_horcm_user=<None> - -# Password of storage system for HORCM (string value) -#hitachi_horcm_password=<None> - -# Add to HORCM configuration (boolean value) -#hitachi_horcm_add_conf=true - - -# -# Options defined in cinder.volume.drivers.hitachi.hbsd_iscsi -# - -# Add CHAP user (boolean value) -#hitachi_add_chap_user=false - -# iSCSI authentication method (string value) -#hitachi_auth_method=<None> - -# iSCSI authentication username (string value) -#hitachi_auth_user=HBSD-CHAP-user - -# iSCSI authentication password (string value) -#hitachi_auth_password=HBSD-CHAP-password - - -# -# Options defined in cinder.volume.drivers.huawei -# - -# The configuration file for the Cinder Huawei driver (string -# value) -#cinder_huawei_conf_file=/etc/cinder/cinder_huawei_conf.xml - - -# -# Options defined in cinder.volume.drivers.ibm.flashsystem -# - -# Connection protocol should be FC. (string value) -#flashsystem_connection_protocol=FC - -# Connect with multipath (FC only). (boolean value) -#flashsystem_multipath_enabled=false - -# Allows vdisk to multi host mapping. (boolean value) -#flashsystem_multihostmap_enabled=true - - -# -# Options defined in cinder.volume.drivers.ibm.gpfs -# - -# Specifies the path of the GPFS directory where Block Storage -# volume and snapshot files are stored. (string value) -#gpfs_mount_point_base=<None> - -# Specifies the path of the Image service repository in GPFS. -# Leave undefined if not storing images in GPFS. (string -# value) -#gpfs_images_dir=<None> - -# Specifies the type of image copy to be used. Set this when -# the Image service repository also uses GPFS so that image -# files can be transferred efficiently from the Image service -# to the Block Storage service. There are two valid values: -# "copy" specifies that a full copy of the image is made; -# "copy_on_write" specifies that copy-on-write optimization -# strategy is used and unmodified blocks of the image file are -# shared efficiently. (string value) -#gpfs_images_share_mode=<None> - -# Specifies an upper limit on the number of indirections -# required to reach a specific block due to snapshots or -# clones. A lengthy chain of copy-on-write snapshots or -# clones can have a negative impact on performance, but -# improves space utilization. 0 indicates unlimited clone -# depth. (integer value) -#gpfs_max_clone_depth=0 - -# Specifies that volumes are created as sparse files which -# initially consume no space. If set to False, the volume is -# created as a fully allocated file, in which case, creation -# may take a significantly longer time. (boolean value) -#gpfs_sparse_volumes=true - -# Specifies the storage pool that volumes are assigned to. By -# default, the system storage pool is used. (string value) -#gpfs_storage_pool=system - - -# -# Options defined in cinder.volume.drivers.ibm.ibmnas -# - -# IBMNAS platform type to be used as backend storage; valid -# values are - v7ku : for using IBM Storwize V7000 Unified, -# sonas : for using IBM Scale Out NAS, gpfs-nas : for using -# NFS based IBM GPFS deployments. (string value) -#ibmnas_platform_type=v7ku - - -# -# Options defined in cinder.volume.drivers.ibm.storwize_svc -# - -# Storage system storage pool for volumes (string value) -#storwize_svc_volpool_name=volpool - -# Storage system space-efficiency parameter for volumes -# (percentage) (integer value) -#storwize_svc_vol_rsize=2 - -# Storage system threshold for volume capacity warnings -# (percentage) (integer value) -#storwize_svc_vol_warning=0 - -# Storage system autoexpand parameter for volumes (True/False) -# (boolean value) -#storwize_svc_vol_autoexpand=true - -# Storage system grain size parameter for volumes -# (32/64/128/256) (integer value) -#storwize_svc_vol_grainsize=256 - -# Storage system compression option for volumes (boolean -# value) -#storwize_svc_vol_compression=false - -# Enable Easy Tier for volumes (boolean value) -#storwize_svc_vol_easytier=true - -# The I/O group in which to allocate volumes (integer value) -#storwize_svc_vol_iogrp=0 - -# Maximum number of seconds to wait for FlashCopy to be -# prepared. Maximum value is 600 seconds (10 minutes) (integer -# value) -#storwize_svc_flashcopy_timeout=120 - -# Connection protocol (iSCSI/FC) (string value) -#storwize_svc_connection_protocol=iSCSI - -# Configure CHAP authentication for iSCSI connections -# (Default: Enabled) (boolean value) -#storwize_svc_iscsi_chap_enabled=true - -# Connect with multipath (FC only; iSCSI multipath is -# controlled by Nova) (boolean value) -#storwize_svc_multipath_enabled=false - -# Allows vdisk to multi host mapping (boolean value) -#storwize_svc_multihostmap_enabled=true - -# Indicate whether svc driver is compatible for NPIV setup. If -# it is compatible, it will allow no wwpns being returned on -# get_conn_fc_wwpns during initialize_connection (boolean -# value) -#storwize_svc_npiv_compatibility_mode=false - -# Allow tenants to specify QOS on create (boolean value) -#storwize_svc_allow_tenant_qos=false - -# If operating in stretched cluster mode, specify the name of -# the pool in which mirrored copies are stored.Example: -# "pool2" (string value) -#storwize_svc_stretched_cluster_partner=<None> - - -# -# Options defined in cinder.volume.drivers.ibm.xiv_ds8k -# - -# Proxy driver that connects to the IBM Storage Array (string -# value) -#xiv_ds8k_proxy=xiv_ds8k_openstack.nova_proxy.XIVDS8KNovaProxy - -# Connection type to the IBM Storage Array (string value) -#xiv_ds8k_connection_type=iscsi - -# CHAP authentication mode, effective only for iscsi -# (disabled|enabled) (string value) -#xiv_chap=disabled - - -# -# Options defined in cinder.volume.drivers.lvm -# - -# Name for the VG that will contain exported volumes (string -# value) -volume_group=cinder-volumes - -# If >0, create LVs with multiple mirrors. Note that this -# requires lvm_mirrors + 2 PVs with available space (integer -# value) -#lvm_mirrors=0 - -# Type of LVM volumes to deploy (string value) -#lvm_type=default - -# LVM conf file to use for the LVM driver in Cinder; this -# setting is ignored if the specified file does not exist (You -# can also specify 'None' to not use a conf file even if one -# exists). (string value) -#lvm_conf_file=/etc/cinder/lvm.conf - - -# -# Options defined in cinder.volume.drivers.netapp.options -# - -# The vFiler unit on which provisioning of block storage -# volumes will be done. This option is only used by the driver -# when connecting to an instance with a storage family of Data -# ONTAP operating in 7-Mode. Only use this option when -# utilizing the MultiStore feature on the NetApp storage -# system. (string value) -#netapp_vfiler=<None> - -# The name of the config.conf stanza for a Data ONTAP (7-mode) -# HA partner. This option is only used by the driver when -# connecting to an instance with a storage family of Data -# ONTAP operating in 7-Mode, and it is required if the storage -# protocol selected is FC. (string value) -#netapp_partner_backend_name=<None> - -# Administrative user account name used to access the storage -# system or proxy server. (string value) -#netapp_login=<None> - -# Password for the administrative user account specified in -# the netapp_login option. (string value) -#netapp_password=<None> - -# This option specifies the virtual storage server (Vserver) -# name on the storage cluster on which provisioning of block -# storage volumes should occur. (string value) -#netapp_vserver=<None> - -# The hostname (or IP address) for the storage system or proxy -# server. (string value) -#netapp_server_hostname=<None> - -# The TCP port to use for communication with the storage -# system or proxy server. If not specified, Data ONTAP drivers -# will use 80 for HTTP and 443 for HTTPS; E-Series will use -# 8080 for HTTP and 8443 for HTTPS. (integer value) -#netapp_server_port=<None> - -# This option is used to specify the path to the E-Series -# proxy application on a proxy server. The value is combined -# with the value of the netapp_transport_type, -# netapp_server_hostname, and netapp_server_port options to -# create the URL used by the driver to connect to the proxy -# application. (string value) -#netapp_webservice_path=/devmgr/v2 - -# This option is only utilized when the storage family is -# configured to eseries. This option is used to restrict -# provisioning to the specified controllers. Specify the value -# of this option to be a comma separated list of controller -# hostnames or IP addresses to be used for provisioning. -# (string value) -#netapp_controller_ips=<None> - -# Password for the NetApp E-Series storage array. (string -# value) -#netapp_sa_password=<None> - -# This option is used to restrict provisioning to the -# specified storage pools. Only dynamic disk pools are -# currently supported. Specify the value of this option to be -# a comma separated list of disk pool names to be used for -# provisioning. (string value) -#netapp_storage_pools=<None> - -# This option is used to define how the controllers in the -# E-Series storage array will work with the particular -# operating system on the hosts that are connected to it. -# (string value) -#netapp_eseries_host_type=linux_dm_mp - -# If the percentage of available space for an NFS share has -# dropped below the value specified by this option, the NFS -# image cache will be cleaned. (integer value) -#thres_avl_size_perc_start=20 - -# When the percentage of available space on an NFS share has -# reached the percentage specified by this option, the driver -# will stop clearing files from the NFS image cache that have -# not been accessed in the last M minutes, where M is the -# value of the expiry_thres_minutes configuration option. -# (integer value) -#thres_avl_size_perc_stop=60 - -# This option specifies the threshold for last access time for -# images in the NFS image cache. When a cache cleaning cycle -# begins, images in the cache that have not been accessed in -# the last M minutes, where M is the value of this parameter, -# will be deleted from the cache to create free space on the -# NFS share. (integer value) -#expiry_thres_minutes=720 - -# This option specifies the path of the NetApp copy offload -# tool binary. Ensure that the binary has execute permissions -# set which allow the effective user of the cinder-volume -# process to execute the file. (string value) -#netapp_copyoffload_tool_path=<None> - -# The quantity to be multiplied by the requested volume size -# to ensure enough space is available on the virtual storage -# server (Vserver) to fulfill the volume creation request. -# (floating point value) -#netapp_size_multiplier=1.2 - -# This option is only utilized when the storage protocol is -# configured to use iSCSI or FC. This option is used to -# restrict provisioning to the specified controller volumes. -# Specify the value of this option to be a comma separated -# list of NetApp controller volume names to be used for -# provisioning. (string value) -#netapp_volume_list=<None> - -# The storage family type used on the storage system; valid -# values are ontap_7mode for using Data ONTAP operating in -# 7-Mode, ontap_cluster for using clustered Data ONTAP, or -# eseries for using E-Series. (string value) -#netapp_storage_family=ontap_cluster - -# The storage protocol to be used on the data path with the -# storage system. (string value) -#netapp_storage_protocol=<None> - -# The transport protocol used when communicating with the -# storage system or proxy server. (string value) -#netapp_transport_type=http - - -# -# Options defined in cinder.volume.drivers.nfs -# - -# File with the list of available nfs shares (string value) -#nfs_shares_config=/etc/cinder/nfs_shares - -# Create volumes as sparsed files which take no space.If set -# to False volume is created as regular file.In such case -# volume creation takes a lot of time. (boolean value) -#nfs_sparsed_volumes=true - -# Percent of ACTUAL usage of the underlying volume before no -# new volumes can be allocated to the volume destination. -# (floating point value) -#nfs_used_ratio=0.95 - -# This will compare the allocated to available space on the -# volume destination. If the ratio exceeds this number, the -# destination will no longer be valid. (floating point value) -#nfs_oversub_ratio=1.0 - -# Base dir containing mount points for nfs shares. (string -# value) -#nfs_mount_point_base=$state_path/mnt - -# Mount options passed to the nfs client. See section of the -# nfs man page for details. (string value) -#nfs_mount_options=<None> - -# The number of attempts to mount nfs shares before raising an -# error. At least one attempt will be made to mount an nfs -# share, regardless of the value specified. (integer value) -#nfs_mount_attempts=3 - - -# -# Options defined in cinder.volume.drivers.nimble -# - -# Nimble Controller pool name (string value) -#nimble_pool_name=default - -# Nimble Subnet Label (string value) -#nimble_subnet_label=* - - -# -# Options defined in cinder.volume.drivers.openvstorage -# - -# Vpool to use for volumes - backend is defined by vpool not -# by us. (string value) -#vpool_name= - - -# -# Options defined in cinder.volume.drivers.prophetstor.options -# - -# DPL pool uuid in which DPL volumes are stored. (string -# value) -#dpl_pool= - -# DPL port number. (integer value) -#dpl_port=8357 - - -# -# Options defined in cinder.volume.drivers.pure -# - -# REST API authorization token. (string value) -#pure_api_token=<None> - - -# -# Options defined in cinder.volume.drivers.quobyte -# - -# URL to the Quobyte volume e.g., quobyte://<DIR host>/<volume -# name> (string value) -#quobyte_volume_url=<None> - -# Path to a Quobyte Client configuration file. (string value) -#quobyte_client_cfg=<None> - -# Create volumes as sparse files which take no space. If set -# to False, volume is created as regular file.In such case -# volume creation takes a lot of time. (boolean value) -#quobyte_sparsed_volumes=true - -# Create volumes as QCOW2 files rather than raw files. -# (boolean value) -#quobyte_qcow2_volumes=true - -# Base dir containing the mount point for the Quobyte volume. -# (string value) -#quobyte_mount_point_base=$state_path/mnt - - -# -# Options defined in cinder.volume.drivers.rbd -# - -# The RADOS pool where rbd volumes are stored (string value) -#rbd_pool=rbd - -# The RADOS client name for accessing rbd volumes - only set -# when using cephx authentication (string value) -#rbd_user=<None> - -# Path to the ceph configuration file (string value) -#rbd_ceph_conf= - -# Flatten volumes created from snapshots to remove dependency -# from volume to snapshot (boolean value) -#rbd_flatten_volume_from_snapshot=false - -# The libvirt uuid of the secret for the rbd_user volumes -# (string value) -#rbd_secret_uuid=<None> - -# Directory where temporary image files are stored when the -# volume driver does not write them directly to the volume. -# Warning: this option is now deprecated, please use -# image_conversion_dir instead. (string value) -#volume_tmp_dir=<None> - -# Maximum number of nested volume clones that are taken before -# a flatten occurs. Set to 0 to disable cloning. (integer -# value) -#rbd_max_clone_depth=5 - -# Volumes will be chunked into objects of this size (in -# megabytes). (integer value) -#rbd_store_chunk_size=4 - -# Timeout value (in seconds) used when connecting to ceph -# cluster. If value < 0, no timeout is set and default -# librados value is used. (integer value) -#rados_connect_timeout=-1 - - -# -# Options defined in cinder.volume.drivers.remotefs -# - -# IP address or Hostname of NAS system. (string value) -#nas_ip= - -# User name to connect to NAS system. (string value) -#nas_login=admin - -# Password to connect to NAS system. (string value) -#nas_password= - -# SSH port to use to connect to NAS system. (integer value) -#nas_ssh_port=22 - -# Filename of private key to use for SSH authentication. -# (string value) -#nas_private_key= - -# Allow network-attached storage systems to operate in a -# secure environment where root level access is not permitted. -# If set to False, access is as the root user and insecure. If -# set to True, access is not as root. If set to auto, a check -# is done to determine if this is a new installation: True is -# used if so, otherwise False. Default is auto. (string value) -#nas_secure_file_operations=auto - -# Set more secure file permissions on network-attached storage -# volume files to restrict broad other/world access. If set to -# False, volumes are created with open permissions. If set to -# True, volumes are created with permissions for the cinder -# user and group (660). If set to auto, a check is done to -# determine if this is a new installation: True is used if so, -# otherwise False. Default is auto. (string value) -#nas_secure_file_permissions=auto - -# Path to the share to use for storing Cinder volumes. For -# example: "/srv/export1" for an NFS server export available -# at 10.0.5.10:/srv/export1 . (string value) -#nas_share_path= - -# Options used to mount the storage backend file system where -# Cinder volumes are stored. (string value) -#nas_mount_options=<None> - - -# -# Options defined in cinder.volume.drivers.san.hp.hp_3par_common -# - -# 3PAR WSAPI Server Url like https://<3par ip>:8080/api/v1 -# (string value) -#hp3par_api_url= - -# 3PAR Super user username (string value) -#hp3par_username= - -# 3PAR Super user password (string value) -#hp3par_password= - -# List of the CPG(s) to use for volume creation (list value) -#hp3par_cpg=OpenStack - -# The CPG to use for Snapshots for volumes. If empty the -# userCPG will be used. (string value) -#hp3par_cpg_snap= - -# The time in hours to retain a snapshot. You can't delete it -# before this expires. (string value) -#hp3par_snapshot_retention= - -# The time in hours when a snapshot expires and is deleted. -# This must be larger than expiration (string value) -#hp3par_snapshot_expiration= - -# Enable HTTP debugging to 3PAR (boolean value) -#hp3par_debug=false - -# List of target iSCSI addresses to use. (list value) -#hp3par_iscsi_ips= - -# Enable CHAP authentication for iSCSI connections. (boolean -# value) -#hp3par_iscsi_chap_enabled=false - - -# -# Options defined in cinder.volume.drivers.san.hp.hp_lefthand_rest_proxy -# - -# HP LeftHand WSAPI Server Url like https://<LeftHand -# ip>:8081/lhos (string value) -#hplefthand_api_url=<None> - -# HP LeftHand Super user username (string value) -#hplefthand_username=<None> - -# HP LeftHand Super user password (string value) -#hplefthand_password=<None> - -# HP LeftHand cluster name (string value) -#hplefthand_clustername=<None> - -# Configure CHAP authentication for iSCSI connections -# (Default: Disabled) (boolean value) -#hplefthand_iscsi_chap_enabled=false - -# Enable HTTP debugging to LeftHand (boolean value) -#hplefthand_debug=false - - -# -# Options defined in cinder.volume.drivers.san.san -# - -# Use thin provisioning for SAN volumes? (boolean value) -#san_thin_provision=true - -# IP address of SAN controller (string value) -#san_ip= - -# Username for SAN controller (string value) -#san_login=admin - -# Password for SAN controller (string value) -#san_password= - -# Filename of private key to use for SSH authentication -# (string value) -#san_private_key= - -# Cluster name to use for creating volumes (string value) -#san_clustername= - -# SSH port to use with SAN (integer value) -#san_ssh_port=22 - -# Execute commands locally instead of over SSH; use if the -# volume service is running on the SAN device (boolean value) -#san_is_local=false - -# SSH connection timeout in seconds (integer value) -#ssh_conn_timeout=30 - -# Minimum ssh connections in the pool (integer value) -#ssh_min_pool_conn=1 - -# Maximum ssh connections in the pool (integer value) -#ssh_max_pool_conn=5 - - -# -# Options defined in cinder.volume.drivers.scality -# - -# Path or URL to Scality SOFS configuration file (string -# value) -#scality_sofs_config=<None> - -# Base dir where Scality SOFS shall be mounted (string value) -#scality_sofs_mount_point=$state_path/scality - -# Path from Scality SOFS root to volume dir (string value) -#scality_sofs_volume_dir=cinder/volumes - - -# -# Options defined in cinder.volume.drivers.smbfs -# - -# File with the list of available smbfs shares. (string value) -#smbfs_shares_config=/etc/cinder/smbfs_shares - -# Default format that will be used when creating volumes if no -# volume format is specified. (string value) -#smbfs_default_volume_format=qcow2 - -# Create volumes as sparsed files which take no space rather -# than regular files when using raw format, in which case -# volume creation takes lot of time. (boolean value) -#smbfs_sparsed_volumes=true - -# Percent of ACTUAL usage of the underlying volume before no -# new volumes can be allocated to the volume destination. -# (floating point value) -#smbfs_used_ratio=0.95 - -# This will compare the allocated to available space on the -# volume destination. If the ratio exceeds this number, the -# destination will no longer be valid. (floating point value) -#smbfs_oversub_ratio=1.0 - -# Base dir containing mount points for smbfs shares. (string -# value) -#smbfs_mount_point_base=$state_path/mnt - -# Mount options passed to the smbfs client. See mount.cifs man -# page for details. (string value) -#smbfs_mount_options=noperm,file_mode=0775,dir_mode=0775 - - -# -# Options defined in cinder.volume.drivers.solidfire -# - -# Set 512 byte emulation on volume creation; (boolean value) -#sf_emulate_512=true - -# Allow tenants to specify QOS on create (boolean value) -#sf_allow_tenant_qos=false - -# Create SolidFire accounts with this prefix. Any string can -# be used here, but the string "hostname" is special and will -# create a prefix using the cinder node hostsname (previous -# default behavior). The default is NO prefix. (string value) -#sf_account_prefix=<None> - -# Account name on the SolidFire Cluster to use as owner of -# template/cache volumes (created if does not exist). (string -# value) -#sf_template_account_name=openstack-vtemplate - -# Create an internal cache of copy of images when a bootable -# volume is created to eliminate fetch from glance and qemu- -# conversion on subsequent calls. (boolean value) -#sf_allow_template_caching=true - -# SolidFire API port. Useful if the device api is behind a -# proxy on a different port. (integer value) -#sf_api_port=443 - - -# -# Options defined in cinder.volume.drivers.srb -# - -# Comma-separated list of REST servers IP to connect to. (eg -# http://IP1/,http://IP2:81/path (string value) -#srb_base_urls=<None> - - -# -# Options defined in cinder.volume.drivers.violin.v6000_common -# - -# IP address or hostname of mg-a (string value) -#gateway_mga=<None> - -# IP address or hostname of mg-b (string value) -#gateway_mgb=<None> - -# Use igroups to manage targets and initiators (boolean value) -#use_igroups=false - -# Global backend request timeout, in seconds (integer value) -#request_timeout=300 - - -# -# Options defined in cinder.volume.drivers.vmware.vmdk -# - -# IP address for connecting to VMware ESX/VC server. (string -# value) -#vmware_host_ip=<None> - -# Username for authenticating with VMware ESX/VC server. -# (string value) -#vmware_host_username=<None> - -# Password for authenticating with VMware ESX/VC server. -# (string value) -#vmware_host_password=<None> - -# Optional VIM service WSDL Location e.g -# http://<server>/vimService.wsdl. Optional over-ride to -# default location for bug work-arounds. (string value) -#vmware_wsdl_location=<None> - -# Number of times VMware ESX/VC server API must be retried -# upon connection related issues. (integer value) -#vmware_api_retry_count=10 - -# The interval (in seconds) for polling remote tasks invoked -# on VMware ESX/VC server. (floating point value) -#vmware_task_poll_interval=0.5 - -# Name for the folder in the VC datacenter that will contain -# cinder volumes. (string value) -#vmware_volume_folder=cinder-volumes - -# Timeout in seconds for VMDK volume transfer between Cinder -# and Glance. (integer value) -#vmware_image_transfer_timeout_secs=7200 - -# Max number of objects to be retrieved per batch. Query -# results will be obtained in batches from the server and not -# in one shot. Server may still limit the count to something -# less than the configured value. (integer value) -#vmware_max_objects_retrieval=100 - -# Optional string specifying the VMware VC server version. The -# driver attempts to retrieve the version from VMware VC -# server. Set this configuration only if you want to override -# the VC server version. (string value) -#vmware_host_version=<None> - -# Directory where virtual disks are stored during volume -# backup and restore. (string value) -#vmware_tmp_dir=/tmp - - -# -# Options defined in cinder.volume.drivers.windows.windows -# - -# Path to store VHD backed volumes (string value) -#windows_iscsi_lun_path=C:\iSCSIVirtualDisks - - -# -# Options defined in cinder.volume.drivers.xio -# - -# Default storage pool for volumes. (integer value) -#ise_storage_pool=1 - -# Raid level for ISE volumes. (integer value) -#ise_raid=1 - -# Number of retries (per port) when establishing connection to -# ISE management port. (integer value) -#ise_connection_retries=5 - -# Interval (secs) between retries. (integer value) -#ise_retry_interval=1 - -# Number on retries to get completion status after issuing a -# command to ISE. (integer value) -#ise_completion_retries=30 - - -# -# Options defined in cinder.volume.drivers.zfssa.zfssanfs -# - -# Data path IP address (string value) -#zfssa_data_ip=<None> - -# HTTPS port number (string value) -#zfssa_https_port=443 - -# Options to be passed while mounting share over nfs (string -# value) -#zfssa_nfs_mount_options= - -# Storage pool name. (string value) -#zfssa_nfs_pool= - -# Project name. (string value) -#zfssa_nfs_project=NFSProject - -# Share name. (string value) -#zfssa_nfs_share=nfs_share - -# Data compression. (string value) -#zfssa_nfs_share_compression=off - -# Synchronous write bias-latency, throughput. (string value) -#zfssa_nfs_share_logbias=latency - -# REST connection timeout. (seconds) (integer value) -#zfssa_rest_timeout=<None> - - -# -# Options defined in cinder.volume.manager -# - -# Driver to use for volume creation (string value) -volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver - -# Timeout for creating the volume to migrate to when -# performing volume migration (seconds) (integer value) -#migration_create_volume_timeout_secs=300 - -# Offload pending volume delete during volume service startup -# (boolean value) -#volume_service_inithost_offload=false - -# FC Zoning mode configured (string value) -#zoning_mode=none - -# User defined capabilities, a JSON formatted string -# specifying key/value pairs. The key/value pairs can be used -# by the CapabilitiesFilter to select between backends when -# requests specify volume types. For example, specifying a -# service level or the geographical location of a backend, -# then creating a volume type to allow the user to select by -# these different properties. (string value) -#extra_capabilities={} - - -[BRCD_FABRIC_EXAMPLE] - -# -# Options defined in cinder.zonemanager.drivers.brocade.brcd_fabric_opts -# - -# Management IP of fabric (string value) -#fc_fabric_address= - -# Fabric user ID (string value) -#fc_fabric_user= - -# Password for user (string value) -#fc_fabric_password= - -# Connecting port (integer value) -#fc_fabric_port=22 - -# overridden zoning policy (string value) -#zoning_policy=initiator-target - -# overridden zoning activation state (boolean value) -#zone_activate=true - -# overridden zone name prefix (string value) -#zone_name_prefix=<None> - -# Principal switch WWN of the fabric (string value) -#principal_switch_wwn=<None> - - -[CISCO_FABRIC_EXAMPLE] - -# -# Options defined in cinder.zonemanager.drivers.cisco.cisco_fabric_opts -# - -# Management IP of fabric (string value) -#cisco_fc_fabric_address= - -# Fabric user ID (string value) -#cisco_fc_fabric_user= - -# Password for user (string value) -#cisco_fc_fabric_password= - -# Connecting port (integer value) -#cisco_fc_fabric_port=22 - -# overridden zoning policy (string value) -#cisco_zoning_policy=initiator-target - -# overridden zoning activation state (boolean value) -#cisco_zone_activate=true - -# overridden zone name prefix (string value) -#cisco_zone_name_prefix=<None> - -# VSAN of the Fabric (string value) -#cisco_zoning_vsan=<None> - - -[database] - -# -# Options defined in oslo.db.concurrency -# - -# Enable the experimental use of thread pooling for all DB API -# calls (boolean value) -# Deprecated group/name - [DEFAULT]/dbapi_use_tpool -#use_tpool=false - -# The SQLAlchemy connection string to use to connect to the -# database. (string value) -connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/cinder - - -[fc-zone-manager] - -# -# Options defined in cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver -# - -# Southbound connector for zoning operation (string value) -#brcd_sb_connector=cinder.zonemanager.drivers.brocade.brcd_fc_zone_client_cli.BrcdFCZoneClientCLI - - -# -# Options defined in cinder.zonemanager.drivers.cisco.cisco_fc_zone_driver -# - -# Southbound connector for zoning operation (string value) -#cisco_sb_connector=cinder.zonemanager.drivers.cisco.cisco_fc_zone_client_cli.CiscoFCZoneClientCLI - - -# -# Options defined in cinder.zonemanager.fc_zone_manager -# - -# FC Zone Driver responsible for zone management (string -# value) -#zone_driver=cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver.BrcdFCZoneDriver - -# Zoning policy configured by user; valid values include -# "initiator-target" or "initiator" (string value) -#zoning_policy=initiator-target - -# Comma separated list of Fibre Channel fabric names. This -# list of names is used to retrieve other SAN credentials for -# connecting to each SAN fabric (string value) -#fc_fabric_names=<None> - -# FC SAN Lookup Service (string value) -#fc_san_lookup_service=cinder.zonemanager.drivers.brocade.brcd_fc_san_lookup_service.BrcdFCSanLookupService - - -[keymgr] - -# -# Options defined in cinder.keymgr -# - -# The full class name of the key manager API class (string -# value) -#api_class=cinder.keymgr.conf_key_mgr.ConfKeyManager - - -# -# Options defined in cinder.keymgr.conf_key_mgr -# - -# Fixed key returned by key manager, specified in hex (string -# value) -#fixed_key=<None> - - -# -# Options defined in cinder.keymgr.key_mgr -# - -# Authentication url for encryption service. (string value) -#encryption_auth_url=http://localhost:5000/v3 - -# Url for encryption service. (string value) -#encryption_api_url=http://localhost:9311/v1 - - -[oslo_concurrency] - -lock_path = /var/lock/cinder - -[keystone_authtoken] - -# -# Options defined in keystonemiddleware.auth_token -# - -# Complete public Identity API endpoint. (string value) -auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 - -# API version of the admin Identity API endpoint. (string -# value) -#auth_version=<None> - -# Do not handle authorization requests within the middleware, -# but delegate the authorization decision to downstream WSGI -# components. (boolean value) -#delay_auth_decision=false - -# Request timeout value for communicating with Identity API -# server. (integer value) -#http_connect_timeout=<None> - -# How many times are we trying to reconnect when communicating -# with Identity API Server. (integer value) -#http_request_max_retries=3 - -# Env key for the swift cache. (string value) -#cache=<None> - -# Required if identity server requires client certificate -# (string value) -#certfile=<None> - -# Required if identity server requires client certificate -# (string value) -#keyfile=<None> - -# A PEM encoded Certificate Authority to use when verifying -# HTTPs connections. Defaults to system CAs. (string value) -#cafile=<None> - -# Verify HTTPS connections. (boolean value) -#insecure=false - -# Directory used to cache files related to PKI tokens. (string -# value) -#signing_dir=<None> - -# Optionally specify a list of memcached server(s) to use for -# caching. If left undefined, tokens will instead be cached -# in-process. (list value) -# Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers=<None> - -# In order to prevent excessive effort spent validating -# tokens, the middleware caches previously-seen tokens for a -# configurable duration (in seconds). Set to -1 to disable -# caching completely. (integer value) -#token_cache_time=300 - -# Determines the frequency at which the list of revoked tokens -# is retrieved from the Identity service (in seconds). A high -# number of revocation events combined with a low cache -# duration may significantly reduce performance. (integer -# value) -#revocation_cache_time=10 - -# (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable -# values are MAC or ENCRYPT. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token -# data is encrypted and authenticated in the cache. If the -# value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -#memcache_security_strategy=<None> - -# (Optional, mandatory if memcache_security_strategy is -# defined) This string is used for key derivation. (string -# value) -#memcache_secret_key=<None> - -# (Optional) Number of seconds memcached server is considered -# dead before it is tried again. (integer value) -#memcache_pool_dead_retry=300 - -# (Optional) Maximum total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize=10 - -# (Optional) Socket timeout in seconds for communicating with -# a memcache server. (integer value) -#memcache_pool_socket_timeout=3 - -# (Optional) Number of seconds a connection to memcached is -# held unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout=60 - -# (Optional) Number of seconds that an operation will wait to -# get a memcache client connection from the pool. (integer -# value) -#memcache_pool_conn_get_timeout=10 - -# (Optional) Use the advanced (eventlet safe) memcache client -# pool. The advanced pool will only work under python 2.x. -# (boolean value) -#memcache_use_advanced_pool=false - -# (Optional) Indicate whether to set the X-Service-Catalog -# header. If False, middleware will not ask for service -# catalog on token validation and will not set the X-Service- -# Catalog header. (boolean value) -#include_service_catalog=true - -# Used to control the use and type of token binding. Can be -# set to: "disabled" to not check token binding. "permissive" -# (default) to validate binding information if the bind type -# is of a form known to the server and ignore it if not. -# "strict" like "permissive" but if the bind type is unknown -# the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string -# value) -#enforce_token_bind=permissive - -# If true, the revocation list will be checked for cached -# tokens. This requires that PKI tokens are configured on the -# identity server. (boolean value) -#check_revocations_for_cached=false - -# Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those -# supported by Python standard hashlib.new(). The hashes will -# be tried in the order given, so put the preferred one first -# for performance. The result of the first hash will be stored -# in the cache. This will typically be set to multiple values -# only while migrating from a less secure algorithm to a more -# secure one. Once all the old tokens are expired this option -# should be set to a single value for better performance. -# (list value) -#hash_algorithms=md5 - - -[matchmaker_redis] - -# -# Options defined in oslo.messaging -# - -# Host to locate redis. (string value) -#host=127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port=6379 - -# Password for Redis server (optional). (string value) -#password=<None> - - -[matchmaker_ring] - -# -# Options defined in oslo.messaging -# - -# Matchmaker ring file (JSON). (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json - - -[oslo_messaging_amqp] - -# -# Options defined in oslo.messaging -# - -# address prefix used when sending to a specific server -# (string value) -#server_request_prefix=exclusive - -# address prefix used when broadcasting to all servers (string -# value) -#broadcast_prefix=broadcast - -# address prefix when sending to any server in group (string -# value) -#group_request_prefix=unicast - -# Name for the AMQP container (string value) -#container_name=<None> - -# Timeout for inactive connections (in seconds) (integer -# value) -#idle_timeout=0 - -# Debug: dump AMQP frames to stdout (boolean value) -#trace=false - -# CA certificate PEM file for verifing server certificate -# (string value) -#ssl_ca_file= - -# Identifying certificate PEM file to present to clients -# (string value) -#ssl_cert_file= - -# Private key PEM file used to sign cert_file certificate -# (string value) -#ssl_key_file= - -# Password for decrypting ssl_key_file (if encrypted) (string -# value) -#ssl_key_password=<None> - -# Accept clients using either SSL or plain TCP (boolean value) -#allow_insecure_clients=false - - -[oslo_messaging_qpid] - -# -# Options defined in oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in AMQP. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - - -[oslo_messaging_rabbit] - -# -# Options defined in oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in AMQP. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# SSL version to use (valid only if SSL enabled). Valid values -# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may -# be available on some distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} - -# The RabbitMQ login method. (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - -# Number of seconds after which the Rabbit broker is -# considered down if heartbeat's keep-alive fails (0 disables -# the heartbeat, >0 enables it. Enabling heartbeats requires -# kombu>=3.0.7 and amqp>=1.4.0). EXPERIMENTAL (integer value) -#heartbeat_timeout_threshold=0 - -# How often times during the heartbeat_timeout_threshold we -# check the heartbeat. (integer value) -#heartbeat_rate=2 - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake -# (boolean value) -#fake_rabbit=false - - -[profiler] - -# -# Options defined in cinder.service -# - -# If False fully disable profiling feature. (boolean value) -#profiler_enabled=false - -# If False doesn't trace SQL requests. (boolean value) -#trace_sqlalchemy=false - - -[DEFAULT] - - -[keystone_authtoken] - -# -# From keystonemiddleware.auth_token -# - -# Complete public Identity API endpoint. (string value) -#auth_uri = <None> - -# API version of the admin Identity API endpoint. (string value) -#auth_version = <None> - -# Do not handle authorization requests within the middleware, but -# delegate the authorization decision to downstream WSGI components. -# (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. -# (integer value) -#http_connect_timeout = <None> - -# How many times are we trying to reconnect when communicating with -# Identity API Server. (integer value) -#http_request_max_retries = 3 - -# Env key for the swift cache. (string value) -#cache = <None> - -# Required if identity server requires client certificate (string -# value) -#certfile = <None> - -# Required if identity server requires client certificate (string -# value) -#keyfile = <None> - -# A PEM encoded Certificate Authority to use when verifying HTTPs -# connections. Defaults to system CAs. (string value) -#cafile = <None> - -# Verify HTTPS connections. (boolean value) -#insecure = false - -# Directory used to cache files related to PKI tokens. (string value) -#signing_dir = <None> - -# Optionally specify a list of memcached server(s) to use for caching. -# If left undefined, tokens will instead be cached in-process. (list -# value) -# Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers = <None> - -# In order to prevent excessive effort spent validating tokens, the -# middleware caches previously-seen tokens for a configurable duration -# (in seconds). Set to -1 to disable caching completely. (integer -# value) -#token_cache_time = 300 - -# Determines the frequency at which the list of revoked tokens is -# retrieved from the Identity service (in seconds). A high number of -# revocation events combined with a low cache duration may -# significantly reduce performance. (integer value) -#revocation_cache_time = 10 - -# (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable values are -# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in -# the cache. If ENCRYPT, token data is encrypted and authenticated in -# the cache. If the value is not one of these options or empty, -# auth_token will raise an exception on initialization. (string value) -#memcache_security_strategy = <None> - -# (Optional, mandatory if memcache_security_strategy is defined) This -# string is used for key derivation. (string value) -#memcache_secret_key = <None> - -# (Optional) Number of seconds memcached server is considered dead -# before it is tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a -# memcache server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held -# unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a -# memcache client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcache client pool. -# The advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If -# False, middleware will not ask for service catalog on token -# validation and will not set the X-Service-Catalog header. (boolean -# value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: -# "disabled" to not check token binding. "permissive" (default) to -# validate binding information if the bind type is of a form known to -# the server and ignore it if not. "strict" like "permissive" but if -# the bind type is unknown the token will be rejected. "required" any -# form of token binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string value) -#enforce_token_bind = permissive - -# If true, the revocation list will be checked for cached tokens. This -# requires that PKI tokens are configured on the identity server. -# (boolean value) -#check_revocations_for_cached = false - -# Hash algorithms to use for hashing PKI tokens. This may be a single -# algorithm or multiple. The algorithms are those supported by Python -# standard hashlib.new(). The hashes will be tried in the order given, -# so put the preferred one first for performance. The result of the -# first hash will be stored in the cache. This will typically be set -# to multiple values only while migrating from a less secure algorithm -# to a more secure one. Once all the old tokens are expired this -# option should be set to a single value for better performance. (list -# value) -#hash_algorithms = md5 - -# Prefix to prepend at the beginning of the path. Deprecated, use -# identity_uri. (string value) -#auth_admin_prefix = - -# Host providing the admin Identity API endpoint. Deprecated, use -# identity_uri. (string value) -#auth_host = 127.0.0.1 - -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -#auth_port = 35357 - -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -#auth_protocol = https - -# Complete admin Identity API endpoint. This should specify the -# unversioned root endpoint e.g. https://localhost:35357/ (string -# value) -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 - -# This option is deprecated and may be removed in a future release. -# Single shared secret with the Keystone configuration used for -# bootstrapping a Keystone installation, or otherwise bypassing the -# normal authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token = <None> - -# Service username. (string value) -admin_user = {{ CINDER_SERVICE_USER }} - -# Service user password. (string value) -admin_password = {{ CINDER_SERVICE_PASSWORD }} - -# Service tenant name. (string value) -admin_tenant_name = service diff --git a/install-files/openstack/usr/share/openstack/extras/00-disable-device.network b/install-files/openstack/usr/share/openstack/extras/00-disable-device.network deleted file mode 100644 index 8e2532d0..00000000 --- a/install-files/openstack/usr/share/openstack/extras/00-disable-device.network +++ /dev/null @@ -1,2 +0,0 @@ -[Match] -Name={{ item }} diff --git a/install-files/openstack/usr/share/openstack/extras/60-device-dhcp.network b/install-files/openstack/usr/share/openstack/extras/60-device-dhcp.network deleted file mode 100644 index 6fdbfd8d..00000000 --- a/install-files/openstack/usr/share/openstack/extras/60-device-dhcp.network +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -Name={{ item }} - -[Network] -DHCP=yes diff --git a/install-files/openstack/usr/share/openstack/glance.yml b/install-files/openstack/usr/share/openstack/glance.yml deleted file mode 100644 index 4d642b6c..00000000 --- a/install-files/openstack/usr/share/openstack/glance.yml +++ /dev/null @@ -1,92 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/glance.conf" - tasks: - - name: Create the glance user. - user: - name: glance - comment: Openstack Glance Daemons - shell: /sbin/nologin - home: /var/lib/glance - - - name: Create the /var folders for glance - file: - path: "{{ item }}" - state: directory - owner: glance - group: glance - with_items: - - /var/run/glance - - /var/lock/glance - - /var/log/glance - - /var/lib/glance - - /var/lib/glance/images - - /var/lib/glance/image-cache - - - name: Create /etc/glance directory - file: - path: /etc/glance - state: directory - - - name: Add the configuration needed for glance in /etc/glance using templates - template: - src: /usr/share/openstack/glance/{{ item }} - dest: /etc/glance/{{ item }} - with_lines: - - cd /usr/share/openstack/glance && find -type f - - - name: Create glance service user in service tenant - keystone_user: - user: "{{ GLANCE_SERVICE_USER }}" - password: "{{ GLANCE_SERVICE_PASSWORD }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Assign admin role to glances service user in the service tenant - keystone_user: - role: admin - user: "{{ GLANCE_SERVICE_USER }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Add glance endpoint - keystone_service: - name: glance - type: image - description: Openstack Image Service - publicurl: http://{{ ansible_hostname }}:9292 - internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9292 - adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9292 - region: regionOne - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Create postgresql user for glance - postgresql_user: - name: "{{ GLANCE_DB_USER }}" - login_host: "{{ CONTROLLER_HOST_ADDRESS }}" - password: "{{ GLANCE_DB_PASSWORD }}" - sudo: yes - sudo_user: glance - - - name: Create database for glance services - postgresql_db: - name: glance - owner: "{{ GLANCE_DB_USER }}" - login_host: "{{ CONTROLLER_HOST_ADDRESS }}" - sudo: yes - sudo_user: glance - - - name: Initiate glance database - command: glance-manage db_sync - sudo: yes - sudo_user: glance - - - name: Enable and start openstack-glance services - service: - name: "{{ item }}" - enabled: yes - state: started - with_items: - - openstack-glance-api.service - - openstack-glance-registry.service diff --git a/install-files/openstack/usr/share/openstack/glance/glance-api.conf b/install-files/openstack/usr/share/openstack/glance/glance-api.conf deleted file mode 100644 index b6a4723d..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-api.conf +++ /dev/null @@ -1,813 +0,0 @@ -[DEFAULT] -# Show more verbose log output (sets INFO log level output) -#verbose = False - -# Show debugging output in logs (sets DEBUG log level output) -#debug = False - -# Maximum image size (in bytes) that may be uploaded through the -# Glance API server. Defaults to 1 TB. -# WARNING: this value should only be increased after careful consideration -# and must be set to a value under 8 EB (9223372036854775808). -#image_size_cap = 1099511627776 - -# Address to bind the API server -bind_host = 0.0.0.0 - -# Port the bind the API server to -bind_port = 9292 - -# Log to this file. Make sure you do not set the same log file for both the API -# and registry servers! -# -# If `log_file` is omitted and `use_syslog` is false, then log messages are -# sent to stdout as a fallback. -# log_file = /var/log/glance/api.log - -# Backlog requests when creating socket -backlog = 4096 - -# TCP_KEEPIDLE value in seconds when creating socket. -# Not supported on OS X. -#tcp_keepidle = 600 - -# API to use for accessing data. Default value points to sqlalchemy -# package, it is also possible to use: glance.db.registry.api -# data_api = glance.db.sqlalchemy.api - -# The number of child process workers that will be -# created to service API requests. The default will be -# equal to the number of CPUs available. (integer value) -#workers = 4 - -# Maximum line size of message headers to be accepted. -# max_header_line may need to be increased when using large tokens -# (typically those generated by the Keystone v3 API with big service -# catalogs) -# max_header_line = 16384 - -# Role used to identify an authenticated user as administrator -#admin_role = admin - -# Allow unauthenticated users to access the API with read-only -# privileges. This only applies when using ContextMiddleware. -#allow_anonymous_access = False - -# Allow access to version 1 of glance api -#enable_v1_api = True - -# Allow access to version 2 of glance api -#enable_v2_api = True - -# Return the URL that references where the data is stored on -# the backend storage system. For example, if using the -# file system store a URL of 'file:///path/to/image' will -# be returned to the user in the 'direct_url' meta-data field. -# The default value is false. -#show_image_direct_url = False - -# Send headers containing user and tenant information when making requests to -# the v1 glance registry. This allows the registry to function as if a user is -# authenticated without the need to authenticate a user itself using the -# auth_token middleware. -# The default value is false. -#send_identity_headers = False - -# Supported values for the 'container_format' image attribute -#container_formats=ami,ari,aki,bare,ovf,ova - -# Supported values for the 'disk_format' image attribute -#disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso - -# Property Protections config file -# This file contains the rules for property protections and the roles/policies -# associated with it. -# If this config value is not specified, by default, property protections -# won't be enforced. -# If a value is specified and the file is not found, then the glance-api -# service will not start. -#property_protection_file = - -# Specify whether 'roles' or 'policies' are used in the -# property_protection_file. -# The default value for property_protection_rule_format is 'roles'. -#property_protection_rule_format = roles - -# This value sets what strategy will be used to determine the image location -# order. Currently two strategies are packaged with Glance 'location_order' -# and 'store_type'. -#location_strategy = location_order - - -# Public url to use for versions endpoint. The default is None, -# which will use the request's host_url attribute to populate the URL base. -# If Glance is operating behind a proxy, you will want to change this to -# represent the proxy's URL. -#public_endpoint=<None> - -# http_keepalive option. If False, server will return the header -# "Connection: close", If True, server will return "Connection: Keep-Alive" -# in its responses. In order to close the client socket connection -# explicitly after the response is sent and read successfully by the client, -# you simply have to set this option to False when you create a wsgi server. -#http_keepalive = True - -# ================= Syslog Options ============================ - -# Send logs to syslog (/dev/log) instead of to file specified -# by `log_file` -use_syslog = True - -# Facility to use. If unset defaults to LOG_USER. -#syslog_log_facility = LOG_LOCAL0 - -# ================= SSL Options =============================== - -# Certificate file to use when starting API server securely -#cert_file = /path/to/certfile - -# Private key file to use when starting API server securely -#key_file = /path/to/keyfile - -# CA certificate file to use to verify connecting clients -#ca_file = /path/to/cafile - -# ================= Security Options ========================== - -# AES key for encrypting store 'location' metadata, including -# -- if used -- Swift or S3 credentials -# Should be set to a random string of length 16, 24 or 32 bytes -#metadata_encryption_key = <16, 24 or 32 char registry metadata key> - - -# Digest algorithm which will be used for digital signature, the default is -# sha1 in Kilo for a smooth upgrade process, and it will be updated with -# sha256 in next release(L). Use command -# "openssl list-message-digest-algorithms" to get the available algorithms -# supported by the version of OpenSSL on the platform. Examples are 'sha1', -# 'sha256', 'sha512', etc. -#digest_algorithm = sha1 - -# ============ Registry Options =============================== - -# Address to find the registry server -registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Port the registry server is listening on -registry_port = 9191 - -# What protocol to use when connecting to the registry server? -# Set to https for secure HTTP communication -registry_client_protocol = http - -# The path to the key file to use in SSL connections to the -# registry server, if any. Alternately, you may set the -# GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file -#registry_client_key_file = /path/to/key/file - -# The path to the cert file to use in SSL connections to the -# registry server, if any. Alternately, you may set the -# GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file -#registry_client_cert_file = /path/to/cert/file - -# The path to the certifying authority cert file to use in SSL connections -# to the registry server, if any. Alternately, you may set the -# GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file -#registry_client_ca_file = /path/to/ca/file - -# When using SSL in connections to the registry server, do not require -# validation via a certifying authority. This is the registry's equivalent of -# specifying --insecure on the command line using glanceclient for the API -# Default: False -#registry_client_insecure = False - -# The period of time, in seconds, that the API server will wait for a registry -# request to complete. A value of '0' implies no timeout. -# Default: 600 -#registry_client_timeout = 600 - -# Enable DEBUG log messages from sqlalchemy which prints every database -# query and response. -# Default: False -#sqlalchemy_debug = True - -# Pass the user's token through for API requests to the registry. -# Default: True -#use_user_token = True - -# If 'use_user_token' is not in effect then admin credentials -# can be specified. Requests to the registry on behalf of -# the API will use these credentials. -# Admin user name -#admin_user = None -# Admin password -#admin_password = None -# Admin tenant name -#admin_tenant_name = None -# Keystone endpoint -#auth_url = None -# Keystone region -#auth_region = None -# Auth strategy -#auth_strategy = keystone - -# ============ Notification System Options ===================== - -# Driver or drivers to handle sending notifications. Set to -# 'messaging' to send notifications to a message queue. -notification_driver = messagingv2 - -# Default publisher_id for outgoing notifications. -# default_publisher_id = image.localhost - -# List of disabled notifications. A notification can be given either as a -# notification type to disable a single event, or as a notification group -# prefix to disable all events within a group. -# Example: if this config option is set to -# ["image.create", "metadef_namespace"], then "image.create" notification will -# not be sent after image is created and none of the notifications for -# metadefinition namespaces will be sent. -# disabled_notifications = [] - -# Messaging driver used for 'messaging' notifications driver -rpc_backend = 'rabbit' - -# Configuration options if sending notifications via rabbitmq (these are -# the defaults) -rabbit_host = {{ RABBITMQ_HOST }} -rabbit_port = {{ RABBITMQ_PORT }} -rabbit_use_ssl = false -rabbit_userid = {{ RABBITMQ_USER }} -rabbit_password = {{ RABBITMQ_PASSWORD }} -rabbit_virtual_host = / -rabbit_notification_exchange = glance -rabbit_notification_topic = notifications -rabbit_durable_queues = False - -# Configuration options if sending notifications via Qpid (these are -# the defaults) -#qpid_notification_exchange = glance -#qpid_notification_topic = notifications -#qpid_hostname = localhost -#qpid_port = 5672 -#qpid_username = -#qpid_password = -#qpid_sasl_mechanisms = -#qpid_reconnect_timeout = 0 -#qpid_reconnect_limit = 0 -#qpid_reconnect_interval_min = 0 -#qpid_reconnect_interval_max = 0 -#qpid_reconnect_interval = 0 -#qpid_heartbeat = 5 -# Set to 'ssl' to enable SSL -#qpid_protocol = tcp -#qpid_tcp_nodelay = True - -# ============ Delayed Delete Options ============================= - -# Turn on/off delayed delete -delayed_delete = False - -# Delayed delete time in seconds -scrub_time = 43200 - -# Directory that the scrubber will use to remind itself of what to delete -# Make sure this is also set in glance-scrubber.conf -scrubber_datadir = /var/lib/glance/scrubber - -# =============== Quota Options ================================== - -# The maximum number of image members allowed per image -#image_member_quota = 128 - -# The maximum number of image properties allowed per image -#image_property_quota = 128 - -# The maximum number of tags allowed per image -#image_tag_quota = 128 - -# The maximum number of locations allowed per image -#image_location_quota = 10 - -# Set a system wide quota for every user. This value is the total number -# of bytes that a user can use across all storage systems. A value of -# 0 means unlimited. -#user_storage_quota = 0 - -# =============== Image Cache Options ============================= - -# Base directory that the Image Cache uses -image_cache_dir = /var/lib/glance/image-cache/ - -# =============== Policy Options ================================== - -[oslo_policy] -# The JSON file that defines policies. -# Deprecated group/name - [DEFAULT]/policy_file -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. -# Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule = default - -# Directories where policy configuration files are stored. -# They can be relative to any directory in the search path -# defined by the config_dir option, or absolute paths. -# The file defined by policy_file must exist for these -# directories to be searched. -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs = policy.d - -# =============== Database Options ================================= - -[database] -# The file name to use with SQLite (string value) -#sqlite_db = oslo.sqlite - -# If True, SQLite uses synchronous mode (boolean value) -#sqlite_synchronous = True - -# The backend to use for db (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string used to connect to the -# database (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = <None> -connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance - -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle sql connections are reaped (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = <None> - -# Maximum db connection retries during startup. (setting -1 -# implies an infinite retry count) (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a sql connection -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with sqlalchemy -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = <None> - -# Verbosity of SQL debugging information. 0=None, -# 100=Everything (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add python stack traces to SQL as comment strings (boolean -# value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = False - -# If set, use this value for pool_timeout with sqlalchemy -# (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = <None> - -# Enable the experimental use of database reconnect on -# connection lost (boolean value) -#use_db_reconnect = False - -# seconds between db connection retries (integer value) -#db_retry_interval = 1 - -# Whether to increase interval between db connection retries, -# up to db_max_retry_interval (boolean value) -#db_inc_retry_interval = True - -# max seconds between db connection retries, if -# db_inc_retry_interval is enabled (integer value) -#db_max_retry_interval = 10 - -# maximum db connection retries before error is raised. -# (setting -1 implies an infinite retry count) (integer value) -#db_max_retries = 20 - -[oslo_concurrency] - -# Enables or disables inter-process locks. (boolean value) -# Deprecated group/name - [DEFAULT]/disable_process_locking -#disable_process_locking = false - -# Directory to use for lock files. For security, the specified -# directory should only be writable by the user running the processes -# that need locking. It could be read from environment variable -# OSLO_LOCK_PATH. This setting needs to be the same for both -# glance-scrubber and glance-api service. Default to a temp directory. -# Deprecated group/name - [DEFAULT]/lock_path (string value) -#lock_path = /tmp - -[keystone_authtoken] -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 -admin_tenant_name = service -admin_user = {{ GLANCE_SERVICE_USER }} -admin_password = {{ GLANCE_SERVICE_PASSWORD }} -revocation_cache_time = 10 - -[paste_deploy] -# Name of the paste configuration file that defines the available pipelines -#config_file = glance-api-paste.ini - -# Partial name of a pipeline in your paste configuration file with the -# service name removed. For example, if your paste section name is -# [pipeline:glance-api-keystone], you would configure the flavor below -# as 'keystone'. -flavor=keystone - -[store_type_location_strategy] -# The scheme list to use to get store preference order. The scheme must be -# registered by one of the stores defined by the 'stores' config option. -# This option will be applied when you using 'store_type' option as image -# location strategy defined by the 'location_strategy' config option. -#store_type_preference = - -[profiler] -# If False fully disable profiling feature. -#enabled = False - -# If False doesn't trace SQL requests. -#trace_sqlalchemy = False - -[task] -# ================= Glance Tasks Options ============================ - -# Specifies how long (in hours) a task is supposed to live in the tasks DB -# after succeeding or failing before getting soft-deleted. -# The default value for task_time_to_live is 48 hours. -# task_time_to_live = 48 - -# Specifies which task executor to be used to run the task scripts. -# The default value for task_executor is taskflow. -# task_executor = taskflow - -# Work dir for asynchronous task operations. The directory set here -# will be used to operate over images - normally before they are -# imported in the destination store. When providing work dir, make sure -# enough space is provided for concurrent tasks to run efficiently -# without running out of space. A rough estimation can be done by -# multiplying the number of `max_workers` - or the N of workers running -# - by an average image size (e.g 500MB). The image size estimation -# should be done based on the average size in your deployment. Note that -# depending on the tasks running you may need to multiply this number by -# some factor depending on what the task does. For example, you may want -# to double the available size if image conversion is enabled. All this -# being said, remember these are just estimations and you should do them -# based on the worst case scenario and be prepared to act in case they -# were wrong. -# work_dir=None - -# Specifies the maximum number of eventlet threads which can be spun up by -# the eventlet based task executor to perform execution of Glance tasks. -# DEPRECATED: Use [taskflow_executor]/max_workers instead. -# eventlet_executor_pool_size = 1000 - -[taskflow_executor] -# The mode in which the engine will run. Can be 'default', 'serial', -# 'parallel' or 'worker-based' -#engine_mode = serial - -# The number of parallel activities executed at the same time by -# the engine. The value can be greater than one when the engine mode is -# 'parallel' or 'worker-based', otherwise this value will be ignored. -#max_workers = 10 - -[glance_store] -# List of which store classes and store class locations are -# currently known to glance at startup. -# Deprecated group/name - [DEFAULT]/known_stores -# Existing but disabled stores: -# glance.store.rbd.Store, -# glance.store.s3.Store, -# glance.store.swift.Store, -# glance.store.sheepdog.Store, -# glance.store.cinder.Store, -# glance.store.gridfs.Store, -# glance.store.vmware_datastore.Store, -#stores = glance.store.filesystem.Store, -# glance.store.http.Store - -# Which backend scheme should Glance use by default is not specified -# in a request to add a new image to Glance? Known schemes are determined -# by the stores option. -# Deprecated group/name - [DEFAULT]/default_store -# Default: 'file' -default_store = file - -# ============ Filesystem Store Options ======================== - -# Directory that the Filesystem backend store -# writes image data to -filesystem_store_datadir = /var/lib/glance/images/ - -# A list of directories where image data can be stored. -# This option may be specified multiple times for specifying multiple store -# directories. Either one of filesystem_store_datadirs or -# filesystem_store_datadir option is required. A priority number may be given -# after each directory entry, separated by a ":". -# When adding an image, the highest priority directory will be selected, unless -# there is not enough space available in cases where the image size is already -# known. If no priority is given, it is assumed to be zero and the directory -# will be considered for selection last. If multiple directories have the same -# priority, then the one with the most free space available is selected. -# If same store is specified multiple times then BadStoreConfiguration -# exception will be raised. -#filesystem_store_datadirs = /var/lib/glance/images/:1 - -# A path to a JSON file that contains metadata describing the storage -# system. When show_multiple_locations is True the information in this -# file will be returned with any location that is contained in this -# store. -#filesystem_store_metadata_file = None - -# ============ Swift Store Options ============================= - -# Version of the authentication service to use -# Valid versions are '2' for keystone and '1' for swauth and rackspace -swift_store_auth_version = 2 - -# Address where the Swift authentication service lives -# Valid schemes are 'http://' and 'https://' -# If no scheme specified, default to 'https://' -# For swauth, use something like '127.0.0.1:8080/v1.0/' -swift_store_auth_address = 127.0.0.1:5000/v2.0/ - -# User to authenticate against the Swift authentication service -# If you use Swift authentication service, set it to 'account':'user' -# where 'account' is a Swift storage account and 'user' -# is a user in that account -swift_store_user = jdoe:jdoe - -# Auth key for the user authenticating against the -# Swift authentication service -swift_store_key = a86850deb2742ec3cb41518e26aa2d89 - -# Container within the account that the account should use -# for storing images in Swift -swift_store_container = glance - -# Do we create the container if it does not exist? -swift_store_create_container_on_put = False - -# What size, in MB, should Glance start chunking image files -# and do a large object manifest in Swift? By default, this is -# the maximum object size in Swift, which is 5GB -swift_store_large_object_size = 5120 - -# swift_store_config_file = glance-swift.conf -# This file contains references for each of the configured -# Swift accounts/backing stores. If used, this option can prevent -# credentials being stored in the database. Using Swift references -# is disabled if this config is left blank. - -# The reference to the default Swift parameters to use for adding new images. -# default_swift_reference = 'ref1' - -# When doing a large object manifest, what size, in MB, should -# Glance write chunks to Swift? This amount of data is written -# to a temporary disk buffer during the process of chunking -# the image file, and the default is 200MB -swift_store_large_object_chunk_size = 200 - -# If set, the configured endpoint will be used. If None, the storage URL -# from the auth response will be used. The location of an object is -# obtained by appending the container and object to the configured URL. -# -# swift_store_endpoint = https://www.example.com/v1/not_a_container -#swift_store_endpoint = - -# If set to True enables multi-tenant storage mode which causes Glance images -# to be stored in tenant specific Swift accounts. -#swift_store_multi_tenant = False - -# If set to an integer value between 1 and 32, a single-tenant store will -# use multiple containers to store images. If set to the default value of 0, -# only a single container will be used. Multi-tenant stores are not affected -# by this option. The max number of containers that will be used to store -# images is approximately 16^N where N is the value of this option. Discuss -# the impact of this with your swift deployment team, as this option is only -# beneficial in the largest of deployments where swift rate limiting can lead -# to unwanted throttling on a single container. -#swift_store_multiple_containers_seed = 0 - -# A list of swift ACL strings that will be applied as both read and -# write ACLs to the containers created by Glance in multi-tenant -# mode. This grants the specified tenants/users read and write access -# to all newly created image objects. The standard swift ACL string -# formats are allowed, including: -# <tenant_id>:<username> -# <tenant_name>:<username> -# *:<username> -# Multiple ACLs can be combined using a comma separated list, for -# example: swift_store_admin_tenants = service:glance,*:admin -#swift_store_admin_tenants = - -# The region of the swift endpoint to be used for single tenant. This setting -# is only necessary if the tenant has multiple swift endpoints. -#swift_store_region = - -# If set to False, disables SSL layer compression of https swift requests. -# Setting to 'False' may improve performance for images which are already -# in a compressed format, eg qcow2. If set to True, enables SSL layer -# compression (provided it is supported by the target swift proxy). -#swift_store_ssl_compression = True - -# The number of times a Swift download will be retried before the -# request fails -#swift_store_retry_get_count = 0 - -# Bypass SSL verification for Swift -#swift_store_auth_insecure = False - -# The path to a CA certificate bundle file to use for SSL verification when -# communicating with Swift. -#swift_store_cacert = - -# ============ S3 Store Options ============================= - -# Address where the S3 authentication service lives -# Valid schemes are 'http://' and 'https://' -# If no scheme specified, default to 'http://' -s3_store_host = s3.amazonaws.com - -# User to authenticate against the S3 authentication service -s3_store_access_key = <20-char AWS access key> - -# Auth key for the user authenticating against the -# S3 authentication service -s3_store_secret_key = <40-char AWS secret key> - -# Container within the account that the account should use -# for storing images in S3. Note that S3 has a flat namespace, -# so you need a unique bucket name for your glance images. An -# easy way to do this is append your AWS access key to "glance". -# S3 buckets in AWS *must* be lowercased, so remember to lowercase -# your AWS access key if you use it in your bucket name below! -s3_store_bucket = <lowercased 20-char aws access key>glance - -# Do we create the bucket if it does not exist? -s3_store_create_bucket_on_put = False - -# When sending images to S3, the data will first be written to a -# temporary buffer on disk. By default the platform's temporary directory -# will be used. If required, an alternative directory can be specified here. -#s3_store_object_buffer_dir = /path/to/dir - -# When forming a bucket url, boto will either set the bucket name as the -# subdomain or as the first token of the path. Amazon's S3 service will -# accept it as the subdomain, but Swift's S3 middleware requires it be -# in the path. Set this to 'path' or 'subdomain' - defaults to 'subdomain'. -#s3_store_bucket_url_format = subdomain - -# Size, in MB, should S3 start chunking image files -# and do a multipart upload in S3. The default is 100MB. -#s3_store_large_object_size = 100 - -# Multipart upload part size, in MB, should S3 use when uploading -# parts. The size must be greater than or equal to -# 5MB. The default is 10MB. -#s3_store_large_object_chunk_size = 10 - -# The number of thread pools to perform a multipart upload -# in S3. The default is 10. -#s3_store_thread_pools = 10 - -# ============ RBD Store Options ============================= - -# Ceph configuration file path -# If using cephx authentication, this file should -# include a reference to the right keyring -# in a client.<USER> section -#rbd_store_ceph_conf = /etc/ceph/ceph.conf - -# RADOS user to authenticate as (only applicable if using cephx) -# If <None>, a default will be chosen based on the client. section -# in rbd_store_ceph_conf -#rbd_store_user = <None> - -# RADOS pool in which images are stored -#rbd_store_pool = images - -# RADOS images will be chunked into objects of this size (in megabytes). -# For best performance, this should be a power of two -#rbd_store_chunk_size = 8 - -# ============ Sheepdog Store Options ============================= - -sheepdog_store_address = localhost - -sheepdog_store_port = 7000 - -# Images will be chunked into objects of this size (in megabytes). -# For best performance, this should be a power of two -sheepdog_store_chunk_size = 64 - -# ============ Cinder Store Options =============================== - -# Info to match when looking for cinder in the service catalog -# Format is : separated values of the form: -# <service_type>:<service_name>:<endpoint_type> (string value) -#cinder_catalog_info = volume:cinder:publicURL - -# Override service catalog lookup with template for cinder endpoint -# e.g. http://localhost:8776/v1/%(project_id)s (string value) -#cinder_endpoint_template = <None> - -# Region name of this node (string value) -#os_region_name = <None> - -# Location of ca certicates file to use for cinder client requests -# (string value) -#cinder_ca_certificates_file = <None> - -# Number of cinderclient retries on failed http calls (integer value) -#cinder_http_retries = 3 - -# Allow to perform insecure SSL requests to cinder (boolean value) -#cinder_api_insecure = False - -# ============ VMware Datastore Store Options ===================== - -# ESX/ESXi or vCenter Server target system. -# The server value can be an IP address or a DNS name -# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com -#vmware_server_host = <None> - -# Server username (string value) -#vmware_server_username = <None> - -# Server password (string value) -#vmware_server_password = <None> - -# Inventory path to a datacenter (string value) -# Value optional when vmware_server_ip is an ESX/ESXi host: if specified -# should be `ha-datacenter`. -# Deprecated in favor of vmware_datastores. -#vmware_datacenter_path = <None> - -# Datastore associated with the datacenter (string value) -# Deprecated in favor of vmware_datastores. -#vmware_datastore_name = <None> - -# A list of datastores where the image can be stored. -# This option may be specified multiple times for specifying multiple -# datastores. Either one of vmware_datastore_name or vmware_datastores is -# required. The datastore name should be specified after its datacenter -# path, separated by ":". An optional weight may be given after the datastore -# name, separated again by ":". Thus, the required format becomes -# <datacenter_path>:<datastore_name>:<optional_weight>. -# When adding an image, the datastore with highest weight will be selected, -# unless there is not enough free space available in cases where the image size -# is already known. If no weight is given, it is assumed to be zero and the -# directory will be considered for selection last. If multiple datastores have -# the same weight, then the one with the most free space available is selected. -#vmware_datastores = <None> - -# The number of times we retry on failures -# e.g., socket error, etc (integer value) -#vmware_api_retry_count = 10 - -# The interval used for polling remote tasks -# invoked on VMware ESX/VC server in seconds (integer value) -#vmware_task_poll_interval = 5 - -# Absolute path of the folder containing the images in the datastore -# (string value) -#vmware_store_image_dir = /openstack_glance - -# Allow to perform insecure SSL requests to the target system (boolean value) -#vmware_api_insecure = False diff --git a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf deleted file mode 100644 index 40993d8d..00000000 --- a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf +++ /dev/null @@ -1,268 +0,0 @@ -[DEFAULT] -# Show more verbose log output (sets INFO log level output) -#verbose = False - -# Show debugging output in logs (sets DEBUG log level output) -#debug = False - -# Address to bind the registry server -bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Port the bind the registry server to -bind_port = 9191 - -# Log to this file. Make sure you do not set the same log file for both the API -# and registry servers! -# -# If `log_file` is omitted and `use_syslog` is false, then log messages are -# sent to stdout as a fallback. -# log_file = /var/log/glance/registry.log - -# Backlog requests when creating socket -backlog = 4096 - -# TCP_KEEPIDLE value in seconds when creating socket. -# Not supported on OS X. -#tcp_keepidle = 600 - -# API to use for accessing data. Default value points to sqlalchemy -# package. -#data_api = glance.db.sqlalchemy.api - -# The number of child process workers that will be -# created to service Registry requests. The default will be -# equal to the number of CPUs available. (integer value) -#workers = None - -# Enable Registry API versions individually or simultaneously -#enable_v1_registry = True -#enable_v2_registry = True - -# Limit the api to return `param_limit_max` items in a call to a container. If -# a larger `limit` query param is provided, it will be reduced to this value. -api_limit_max = 1000 - -# If a `limit` query param is not provided in an api request, it will -# default to `limit_param_default` -limit_param_default = 25 - -# Role used to identify an authenticated user as administrator -#admin_role = admin - -# Enable DEBUG log messages from sqlalchemy which prints every database -# query and response. -# Default: False -#sqlalchemy_debug = True - -# http_keepalive option. If False, server will return the header -# "Connection: close", If True, server will return "Connection: Keep-Alive" -# in its responses. In order to close the client socket connection -# explicitly after the response is sent and read successfully by the client, -# you simply have to set this option to False when you create a wsgi server. -#http_keepalive = True - -# ================= Syslog Options ============================ - -# Send logs to syslog (/dev/log) instead of to file specified -# by `log_file` -use_syslog = True - -# Facility to use. If unset defaults to LOG_USER. -#syslog_log_facility = LOG_LOCAL1 - -# ================= SSL Options =============================== - -# Certificate file to use when starting registry server securely -#cert_file = /path/to/certfile - -# Private key file to use when starting registry server securely -#key_file = /path/to/keyfile - -# CA certificate file to use to verify connecting clients -#ca_file = /path/to/cafile - -# ============ Notification System Options ===================== - -# Driver or drivers to handle sending notifications. Set to -# 'messaging' to send notifications to a message queue. -notification_driver = messagingv2 - -# Default publisher_id for outgoing notifications. -# default_publisher_id = image.localhost - -# Messaging driver used for 'messaging' notifications driver -rpc_backend = 'rabbit' - -# Configuration options if sending notifications via rabbitmq (these are -# the defaults) -rabbit_host = {{ RABBITMQ_HOST }} -rabbit_port = {{ RABBITMQ_PORT }} -rabbit_use_ssl = false -rabbit_userid = {{ RABBITMQ_USER }} -rabbit_password = {{ RABBITMQ_PASSWORD }} -rabbit_virtual_host = / -rabbit_notification_exchange = glance -rabbit_notification_topic = notifications -rabbit_durable_queues = False - -# Configuration options if sending notifications via Qpid (these are -# the defaults) -#qpid_notification_exchange = glance -#qpid_notification_topic = notifications -#qpid_hostname = localhost -#qpid_port = 5672 -#qpid_username = -#qpid_password = -#qpid_sasl_mechanisms = -#qpid_reconnect_timeout = 0 -#qpid_reconnect_limit = 0 -#qpid_reconnect_interval_min = 0 -#qpid_reconnect_interval_max = 0 -#qpid_reconnect_interval = 0 -#qpid_heartbeat = 5 -# Set to 'ssl' to enable SSL -#qpid_protocol = tcp -#qpid_tcp_nodelay = True - - -# =============== Policy Options ============================== - -[oslo_policy] -# The JSON file that defines policies. -# Deprecated group/name - [DEFAULT]/policy_file -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. -# Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule = default - -# Directories where policy configuration files are stored. -# They can be relative to any directory in the search path -# defined by the config_dir option, or absolute paths. -# The file defined by policy_file must exist for these -# directories to be searched. -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs = policy.d - -# ================= Database Options ========================== - -[database] -# The file name to use with SQLite (string value) -#sqlite_db = glance.sqlite - -# If True, SQLite uses synchronous mode (boolean value) -#sqlite_synchronous = True - -# The backend to use for db (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string used to connect to the -# database (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = <None> -connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance - -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle sql connections are reaped (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = <None> - -# Maximum db connection retries during startup. (setting -1 -# implies an infinite retry count) (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a sql connection -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with sqlalchemy -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = <None> - -# Verbosity of SQL debugging information. 0=None, -# 100=Everything (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add python stack traces to SQL as comment strings (boolean -# value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = False - -# If set, use this value for pool_timeout with sqlalchemy -# (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = <None> - -# Enable the experimental use of database reconnect on -# connection lost (boolean value) -#use_db_reconnect = False - -# seconds between db connection retries (integer value) -#db_retry_interval = 1 - -# Whether to increase interval between db connection retries, -# up to db_max_retry_interval (boolean value) -#db_inc_retry_interval = True - -# max seconds between db connection retries, if -# db_inc_retry_interval is enabled (integer value) -#db_max_retry_interval = 10 - -# maximum db connection retries before error is raised. -# (setting -1 implies an infinite retry count) (integer value) -#db_max_retries = 20 - -[keystone_authtoken] -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 -admin_tenant_name = service -admin_user = {{ GLANCE_SERVICE_USER }} -admin_password = {{ GLANCE_SERVICE_PASSWORD }} - -[paste_deploy] -# Name of the paste configuration file that defines the available pipelines -#config_file = glance-registry-paste.ini - -# Partial name of a pipeline in your paste configuration file with the -# service name removed. For example, if your paste section name is -# [pipeline:glance-registry-keystone], you would configure the flavor below -# as 'keystone'. -flavor=keystone - -[profiler] -# If False fully disable profiling feature. -#enabled = False - -# If False doesn't trace SQL requests. -#trace_sqlalchemy = False diff --git a/install-files/openstack/usr/share/openstack/horizon.yml b/install-files/openstack/usr/share/openstack/horizon.yml deleted file mode 100644 index 1fec4ab0..00000000 --- a/install-files/openstack/usr/share/openstack/horizon.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- hosts: localhost - tasks: - -# Setup apache, this may end up in apache.yml - - name: Create the apache user. - user: - name: apache - comment: Apache Server - shell: /sbin/nologin - home: /var/www - - - file: - path: /usr/sbin/suexec - group: apache - mode: 4750 - -# Setup horizon - - name: Create the horizon user. - user: - name: horizon - comment: Openstack Horizon User - shell: /sbin/nologin - home: /var/lib/horizon - - - name: Fix permissions in /var/lib/horizon - file: - path: /var/lib/horizon - state: directory - owner: horizon - group: horizon - recurse: yes - - - name: Link horizon apache configuration - file: - src: /etc/horizon/apache-horizon.conf - dest: /etc/httpd/conf.d/apache-horizon.conf - state: link - - - name: Enable and start apache services needed by horizon - service: - name: "{{ item }}" - enabled: yes - state: started - with_items: - - apache-httpd.service diff --git a/install-files/openstack/usr/share/openstack/hosts b/install-files/openstack/usr/share/openstack/hosts deleted file mode 100644 index 5b97818d..00000000 --- a/install-files/openstack/usr/share/openstack/hosts +++ /dev/null @@ -1 +0,0 @@ -localhost ansible_connection=local diff --git a/install-files/openstack/usr/share/openstack/ironic.yml b/install-files/openstack/usr/share/openstack/ironic.yml deleted file mode 100644 index 19906b04..00000000 --- a/install-files/openstack/usr/share/openstack/ironic.yml +++ /dev/null @@ -1,104 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/ironic.conf" - tasks: - - name: Create the ironic user - user: - name: ironic - comment: Openstack Ironic Daemons - shell: /sbin/nologin - home: /var/lib/ironic - - - name: Create the /var folders for Ironic - file: - path: "{{ item }}" - state: directory - owner: ironic - group: ironic - with_items: - - /var/run/ironic - - /var/lock/ironic - - /var/log/ironic - - /var/lib/ironic - - - file: path=/etc/ironic state=directory - - name: Add the configuration needed for ironic in /etc/ironic using templates - template: - src: /usr/share/openstack/ironic/{{ item }} - dest: /etc/ironic/{{ item }} - with_lines: - - cd /usr/share/openstack/ironic && find -type f - - - name: Create Ironic service user in service tenant - keystone_user: - user: "{{ IRONIC_SERVICE_USER }}" - password: "{{ IRONIC_SERVICE_PASSWORD }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Assign admin role to Ironic service user in the service tenant - keystone_user: - role: admin - user: "{{ IRONIC_SERVICE_USER }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Add Ironic endpoint - keystone_service: - name: ironic - type: baremetal - description: Openstack Ironic Service - publicurl: 'http://{{ ansible_hostname }}:6385' - internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:6385' - adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:6385' - region: 'regionOne' - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Create postgresql user for Ironic - postgresql_user: - name: "{{ IRONIC_DB_USER }}" - login_host: "{{ CONTROLLER_HOST_ADDRESS }}" - password: "{{ IRONIC_DB_PASSWORD }}" - sudo: yes - sudo_user: ironic - - - name: Create database for Ironic services - postgresql_db: - name: ironic - owner: "{{ IRONIC_DB_USER }}" - login_host: "{{ CONTROLLER_HOST_ADDRESS }}" - sudo: yes - sudo_user: ironic - - - name: Initiate Ironic database - # Use 'upgrade' instead of 'create_schema' to make the operation - # idempotent - shell: | - ironic-dbsync \ - --config-file /etc/ironic/ironic.conf upgrade - sudo: yes - sudo_user: ironic - - - name: Enable and start openstack-ironic services - service: - name: "{{ item }}" - enabled: yes - state: started - with_items: - - openstack-ironic-conductor.service - - openstack-ironic-api.service - - - name: Set owner and group for the tftp root directory - file: - path: "/srv/tftp_root/" - state: directory - owner: ironic - group: ironic - recurse: yes - - - name: Enable and start tftp-hpa - service: - name: tftp-hpa.socket - enabled: yes - state: started diff --git a/install-files/openstack/usr/share/openstack/ironic/ironic.conf b/install-files/openstack/usr/share/openstack/ironic/ironic.conf deleted file mode 100644 index a5b5d2e3..00000000 --- a/install-files/openstack/usr/share/openstack/ironic/ironic.conf +++ /dev/null @@ -1,1568 +0,0 @@ -[DEFAULT] - -# -# Options defined in oslo.messaging -# - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* - -# MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo_messaging._drivers.matchmaker.MatchMakerLocalhost - -# ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 - -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog=<None> - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=ironic - -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 - -# Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 - -# Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 - -# Size of RPC thread pool. (integer value) -#rpc_thread_pool_size=64 - -# Driver or drivers to handle sending notifications. (multi -# valued) -#notification_driver= - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -#notification_topics=notifications - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -#transport_url=<None> - -# The messaging driver to use, defaults to rabbit. Other -# drivers include qpid and zmq. (string value) -#rpc_backend=rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -#control_exchange=openstack - - -# -# Options defined in ironic.netconf -# - -# IP address of this host. (string value) -my_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - - -# -# Options defined in ironic.api.app -# - -# Method to use for authentication: noauth or keystone. -# (string value) -#auth_strategy=keystone - -# Enable pecan debug mode. WARNING: this is insecure and -# should not be used in production. (boolean value) -#pecan_debug=false - - -# -# Options defined in ironic.common.driver_factory -# - -# Specify the list of drivers to load during service -# initialization. Missing drivers, or drivers which fail to -# initialize, will prevent the conductor service from -# starting. The option default is a recommended set of -# production-oriented drivers. A complete list of drivers -# present on your system may be found by enumerating the -# "ironic.drivers" entrypoint. An example may be found in the -# developer documentation online. (list value) -enabled_drivers=pxe_ipmitool,pxe_ssh - - -# -# Options defined in ironic.common.exception -# - -# Make exception message format errors fatal. (boolean value) -#fatal_exception_format_errors=false - - -# -# Options defined in ironic.common.hash_ring -# - -# Exponent to determine number of hash partitions to use when -# distributing load across conductors. Larger values will -# result in more even distribution of load and less load when -# rebalancing the ring, but more memory usage. Number of -# partitions per conductor is (2^hash_partition_exponent). -# This determines the granularity of rebalancing: given 10 -# hosts, and an exponent of the 2, there are 40 partitions in -# the ring.A few thousand partitions should make rebalancing -# smooth in most cases. The default is suitable for up to a -# few hundred conductors. Too many partitions has a CPU -# impact. (integer value) -#hash_partition_exponent=5 - -# [Experimental Feature] Number of hosts to map onto each hash -# partition. Setting this to more than one will cause -# additional conductor services to prepare deployment -# environments and potentially allow the Ironic cluster to -# recover more quickly if a conductor instance is terminated. -# (integer value) -#hash_distribution_replicas=1 - - -# -# Options defined in ironic.common.images -# - -# Force backing images to raw format. (boolean value) -#force_raw_images=true - -# Path to isolinux binary file. (string value) -#isolinux_bin=/usr/lib/syslinux/isolinux.bin - -# Template file for isolinux configuration file. (string -# value) -#isolinux_config_template=$pybasedir/common/isolinux_config.template - -# Template file for grub configuration file. (string value) -#grub_config_template=$pybasedir/common/grub_conf.template - - -# -# Options defined in ironic.common.paths -# - -# Directory where the ironic python module is installed. -# (string value) -#pybasedir=/usr/lib/python/site-packages/ironic - -# Directory where ironic binaries are installed. (string -# value) -#bindir=$pybasedir/bin - -# Top-level directory for maintaining ironic's state. (string -# value) -#state_path=$pybasedir - - -# -# Options defined in ironic.common.service -# - -# Seconds between running periodic tasks. (integer value) -#periodic_interval=60 - -# Name of this node. This can be an opaque identifier. It is -# not necessarily a hostname, FQDN, or IP address. However, -# the node name must be valid within an AMQP key, and if using -# ZeroMQ, a valid hostname, FQDN, or IP address. (string -# value) -#host=ironic - - -# -# Options defined in ironic.common.utils -# - -# Path to the rootwrap configuration file to use for running -# commands as root. (string value) -#rootwrap_config=/etc/ironic/rootwrap.conf - -# Explicitly specify the temporary working directory. (string -# value) -#tempdir=<None> - - -# -# Options defined in ironic.drivers.modules.image_cache -# - -# Run image downloads and raw format conversions in parallel. -# (boolean value) -#parallel_image_downloads=false - - -# -# Options defined in ironic.openstack.common.eventlet_backdoor -# - -# Enable eventlet backdoor. Acceptable values are 0, <port>, -# and <start>:<end>, where 0 results in listening on a random -# tcp port number; <port> results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port=<None> - - -# -# Options defined in ironic.openstack.common.log -# - -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -#debug=false - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append=<None> - -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format=<None> - -# Format string for %%(asctime)s in log records. Default: -# %(default)s . (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file=<None> - -# (Optional) The base directory used for relative --log-file -# paths. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir=<None> - -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and will change in J to honor RFC5424. (boolean -# value) -use_syslog=true - -# (Optional) Enables or disables syslog rfc5424 format for -# logging. If enabled, prefixes the MSG part of the syslog -# message with APP-NAME (RFC5424). The format without the APP- -# NAME is deprecated in I, and will be removed in J. (boolean -# value) -#use_syslog_rfc_format=false - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility=LOG_USER - - -# -# Options defined in ironic.openstack.common.periodic_task -# - -# Some periodic tasks can be run in a separate process. Should -# we run them here? (boolean value) -#run_external_periodic_tasks=true - - -# -# Options defined in ironic.openstack.common.versionutils -# - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - - -[agent] - -# -# Options defined in ironic.drivers.modules.agent -# - -# Additional append parameters for baremetal PXE boot. (string -# value) -#agent_pxe_append_params=nofb nomodeset vga=normal - -# Template file for PXE configuration. (string value) -#agent_pxe_config_template=$pybasedir/drivers/modules/agent_config.template - -# Neutron bootfile DHCP parameter. (string value) -#agent_pxe_bootfile_name=pxelinux.0 - -# Priority to run in-band erase devices via the Ironic Python -# Agent ramdisk. If unset, will use the priority set in the -# ramdisk (defaults to 10 for the GenericHardwareManager). If -# set to 0, will not run during cleaning. (integer value) -#agent_erase_devices_priority=<None> - -# Whether Ironic will manage TFTP files for the deploy -# ramdisks. If set to False, you will need to configure your -# own TFTP server that allows booting the deploy ramdisks. -# (boolean value) -#manage_tftp=true - -# -# Options defined in ironic.drivers.modules.agent_base_vendor -# - -# Maximum interval (in seconds) for agent heartbeats. (integer -# value) -#heartbeat_timeout=300 - - -# -# Options defined in ironic.drivers.modules.agent_client -# - -# API version to use for communicating with the ramdisk agent. -# (string value) -#agent_api_version=v1 - - -[amt] - -# -# Options defined in ironic.drivers.modules.amt.common -# - -# Protocol used for AMT endpoint, support http/https (string -# value) -#protocol=http - - -# -# Options defined in ironic.drivers.modules.amt.power -# - -# Maximum number of times to attempt an AMT operation, before -# failing (integer value) -#max_attempts=3 - -# Amount of time (in seconds) to wait, before retrying an AMT -# operation (integer value) -#action_wait=10 - - -[api] - -# -# Options defined in ironic.api -# - -# The listen IP for the Ironic API server. (string value) -#host_ip=0.0.0.0 - -# The port for the Ironic API server. (integer value) -#port=6385 - -# The maximum number of items returned in a single response -# from a collection resource. (integer value) -#max_limit=1000 - - -[conductor] - -# -# Options defined in ironic.conductor.manager -# - -# URL of Ironic API service. If not set ironic can get the -# current value from the keystone service catalog. (string -# value) -api_url = http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 - -# Seconds between conductor heart beats. (integer value) -#heartbeat_interval=10 - -# Maximum time (in seconds) since the last check-in of a -# conductor. (integer value) -#heartbeat_timeout=60 - -# Interval between syncing the node power state to the -# database, in seconds. (integer value) -#sync_power_state_interval=60 - -# Interval between checks of provision timeouts, in seconds. -# (integer value) -#check_provision_state_interval=60 - -# Timeout (seconds) for waiting callback from deploy ramdisk. -# 0 - unlimited. (integer value) -#deploy_callback_timeout=1800 - -# During sync_power_state, should the hardware power state be -# set to the state recorded in the database (True) or should -# the database be updated based on the hardware state (False). -# (boolean value) -#force_power_state_during_sync=true - -# During sync_power_state failures, limit the number of times -# Ironic should try syncing the hardware node power state with -# the node power state in DB (integer value) -#power_state_sync_max_retries=3 - -# Maximum number of worker threads that can be started -# simultaneously by a periodic task. Should be less than RPC -# thread pool size. (integer value) -#periodic_max_workers=8 - -# The size of the workers greenthread pool. (integer value) -#workers_pool_size=100 - -# Number of attempts to grab a node lock. (integer value) -#node_locked_retry_attempts=3 - -# Seconds to sleep between node lock attempts. (integer value) -#node_locked_retry_interval=1 - -# Enable sending sensor data message via the notification bus -# (boolean value) -#send_sensor_data=false - -# Seconds between conductor sending sensor data message to -# ceilometer via the notification bus. (integer value) -#send_sensor_data_interval=600 - -# List of comma separated metric types which need to be sent -# to Ceilometer. The default value, "ALL", is a special value -# meaning send all the sensor data. (list value) -#send_sensor_data_types=ALL - -# When conductors join or leave the cluster, existing -# conductors may need to update any persistent local state as -# nodes are moved around the cluster. This option controls how -# often, in seconds, each conductor will check for nodes that -# it should "take over". Set it to a negative value to disable -# the check entirely. (integer value) -#sync_local_state_interval=180 - -# Whether to upload the config drive to Swift. (boolean value) -#configdrive_use_swift=false - -# Name of the Swift container to store config drive data. Used -# when configdrive_use_swift is True. (string value) -#configdrive_swift_container=ironic_configdrive_container - -# Timeout (seconds) for waiting for node inspection. 0 - -# unlimited. (integer value) -#inspect_timeout=1800 - -# Cleaning is a configurable set of steps, such as erasing -# disk drives, that are performed on the node to ensure it is -# in a baseline state and ready to be deployed to. This is -# done after instance deletion, and during the transition from -# a "managed" to "available" state. When enabled, the -# particular steps performed to clean a node depend on which -# driver that node is managed by; see the individual driver's -# documentation for details. NOTE: The introduction of the -# cleaning operation causes instance deletion to take -# significantly longer. In an environment where all tenants -# are trusted (eg, because there is only one tenant), this -# option could be safely disabled. (boolean value) -#clean_nodes=true - - -[console] - -# -# Options defined in ironic.drivers.modules.console_utils -# - -# Path to serial console terminal program (string value) -#terminal=shellinaboxd - -# Directory containing the terminal SSL cert(PEM) for serial -# console access (string value) -#terminal_cert_dir=<None> - -# Directory for holding terminal pid files. If not specified, -# the temporary directory will be used. (string value) -#terminal_pid_dir=<None> - -# Time interval (in seconds) for checking the status of -# console subprocess. (integer value) -#subprocess_checking_interval=1 - -# Time (in seconds) to wait for the console subprocess to -# start. (integer value) -#subprocess_timeout=10 - - -[database] - -# -# Options defined in oslo.db -# - -# The file name to use with SQLite. (string value) -#sqlite_db=oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous=true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy - -# The SQLAlchemy connection string to use to connect to the -# database. (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -connection = postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ironic - -# The SQLAlchemy connection string to use to connect to the -# slave database. (string value) -#slave_connection=<None> - -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode=TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size=<None> - -# Maximum number of database connection retries during -# startup. Set to -1 to specify an infinite retry count. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 - -# Interval between retries of opening a SQL connection. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 - -# If set, use this value for max_overflow with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow=<None> - -# Verbosity of SQL debugging information: 0=None, -# 100=Everything. (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 - -# Add Python stack traces to SQL as comment strings. (boolean -# value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false - -# If set, use this value for pool_timeout with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout=<None> - -# Enable the experimental use of database reconnect on -# connection lost. (boolean value) -#use_db_reconnect=false - -# Seconds between retries of a database transaction. (integer -# value) -#db_retry_interval=1 - -# If True, increases the interval between retries of a -# database operation up to db_max_retry_interval. (boolean -# value) -#db_inc_retry_interval=true - -# If db_inc_retry_interval is set, the maximum seconds between -# retries of a database operation. (integer value) -#db_max_retry_interval=10 - -# Maximum retries in case of connection error or deadlock -# error before error is raised. Set to -1 to specify an -# infinite retry count. (integer value) -#db_max_retries=20 - - -# -# Options defined in ironic.db.sqlalchemy.models -# - -# MySQL engine to use. (string value) -#mysql_engine=InnoDB - - -[deploy] - -# -# Options defined in ironic.drivers.modules.deploy_utils -# - -# Size of EFI system partition in MiB when configuring UEFI -# systems for local boot. (integer value) -#efi_system_partition_size=200 - -# Block size to use when writing to the nodes disk. (string -# value) -#dd_block_size=1M - -# Maximum attempts to verify an iSCSI connection is active, -# sleeping 1 second between attempts. (integer value) -#iscsi_verify_attempts=3 - - -[dhcp] - -# -# Options defined in ironic.common.dhcp_factory -# - -# DHCP provider to use. "neutron" uses Neutron, and "none" -# uses a no-op provider. (string value) -#dhcp_provider=neutron - - -[discoverd] - -# -# Options defined in ironic.drivers.modules.discoverd -# - -# whether to enable inspection using ironic-discoverd (boolean -# value) -#enabled=false - -# ironic-discoverd HTTP endpoint. If this is not set, the -# ironic-discoverd client default (http://127.0.0.1:5050) will -# be used. (string value) -#service_url=<None> - -# period (in seconds) to check status of nodes on inspection -# (integer value) -#status_check_period=60 - - -[disk_partitioner] - -# -# Options defined in ironic.common.disk_partitioner -# - -# After Ironic has completed creating the partition table, it -# continues to check for activity on the attached iSCSI device -# status at this interval prior to copying the image to the -# node, in seconds (integer value) -#check_device_interval=1 - -# The maximum number of times to check that the device is not -# accessed by another process. If the device is still busy -# after that, the disk partitioning will be treated as having -# failed. (integer value) -#check_device_max_retries=20 - - -[glance] - -# -# Options defined in ironic.common.glance_service.v2.image_service -# - -# A list of URL schemes that can be downloaded directly via -# the direct_url. Currently supported schemes: [file]. (list -# value) -#allowed_direct_url_schemes= - -# The secret token given to Swift to allow temporary URL -# downloads. Required for temporary URLs. (string value) -#swift_temp_url_key=<None> - -# The length of time in seconds that the temporary URL will be -# valid for. Defaults to 20 minutes. If some deploys get a 401 -# response code when trying to download from the temporary -# URL, try raising this duration. (integer value) -#swift_temp_url_duration=1200 - -# The "endpoint" (scheme, hostname, optional port) for the -# Swift URL of the form -# "endpoint_url/api_version/account/container/object_id". Do -# not include trailing "/". For example, use -# "https://swift.example.com". Required for temporary URLs. -# (string value) -#swift_endpoint_url=<None> - -# The Swift API version to create a temporary URL for. -# Defaults to "v1". Swift temporary URL format: -# "endpoint_url/api_version/account/container/object_id" -# (string value) -#swift_api_version=v1 - -# The account that Glance uses to communicate with Swift. The -# format is "AUTH_uuid". "uuid" is the UUID for the account -# configured in the glance-api.conf. Required for temporary -# URLs. For example: -# "AUTH_a422b2-91f3-2f46-74b7-d7c9e8958f5d30". Swift temporary -# URL format: -# "endpoint_url/api_version/account/container/object_id" -# (string value) -#swift_account=<None> - -# The Swift container Glance is configured to store its images -# in. Defaults to "glance", which is the default in glance- -# api.conf. Swift temporary URL format: -# "endpoint_url/api_version/account/container/object_id" -# (string value) -#swift_container=glance - -# This should match a config by the same name in the Glance -# configuration file. When set to 0, a single-tenant store -# will only use one container to store all images. When set to -# an integer value between 1 and 32, a single-tenant store -# will use multiple containers to store images, and this value -# will determine how many containers are created. (integer -# value) -#swift_store_multiple_containers_seed=0 - - -# -# Options defined in ironic.common.image_service -# - -# Default glance hostname or IP address. (string value) -glance_host = {{ CONTROLLER_HOST_ADDRESS }} - -# Default glance port. (integer value) -#glance_port=9292 - -# Default protocol to use when connecting to glance. Set to -# https for SSL. (string value) -#glance_protocol=http - -# A list of the glance api servers available to ironic. Prefix -# with https:// for SSL-based glance API servers. Format is -# [hostname|IP]:port. (list value) -#glance_api_servers=<None> - -# Allow to perform insecure SSL (https) requests to glance. -# (boolean value) -#glance_api_insecure=false - -# Number of retries when downloading an image from glance. -# (integer value) -#glance_num_retries=0 - -# Authentication strategy to use when connecting to glance. -# Only "keystone" and "noauth" are currently supported by -# ironic. (string value) -#auth_strategy=keystone - - -[ilo] - -# -# Options defined in ironic.drivers.modules.ilo.common -# - -# Timeout (in seconds) for iLO operations (integer value) -#client_timeout=60 - -# Port to be used for iLO operations (integer value) -#client_port=443 - -# The Swift iLO container to store data. (string value) -#swift_ilo_container=ironic_ilo_container - -# Amount of time in seconds for Swift objects to auto-expire. -# (integer value) -#swift_object_expiry_timeout=900 - - -# -# Options defined in ironic.drivers.modules.ilo.deploy -# - -# Priority for erase devices clean step. If unset, it defaults -# to 10. If set to 0, the step will be disabled and will not -# run during cleaning. (integer value) -#clean_priority_erase_devices=<None> - - -# -# Options defined in ironic.drivers.modules.ilo.management -# - -# Priority for reset_ilo clean step. (integer value) -#clean_priority_reset_ilo=1 - -# Priority for reset_bios_to_default clean step. (integer -# value) -#clean_priority_reset_bios_to_default=10 - -# Priority for reset_secure_boot_keys clean step. This step -# will reset the secure boot keys to manufacturing defaults. -# (integer value) -#clean_priority_reset_secure_boot_keys_to_default=20 - -# Priority for clear_secure_boot_keys clean step. This step is -# not enabled by default. It can be enabled to to clear all -# secure boot keys enrolled with iLO. (integer value) -#clean_priority_clear_secure_boot_keys=0 - -# Priority for reset_ilo_credential clean step. This step -# requires "ilo_change_password" parameter to be updated in -# nodes's driver_info with the new password. (integer value) -#clean_priority_reset_ilo_credential=30 - - -# -# Options defined in ironic.drivers.modules.ilo.power -# - -# Number of times a power operation needs to be retried -# (integer value) -#power_retry=6 - -# Amount of time in seconds to wait in between power -# operations (integer value) -#power_wait=2 - - -[ipmi] - -# -# Options defined in ironic.drivers.modules.ipminative -# - -# Maximum time in seconds to retry IPMI operations. There is a -# tradeoff when setting this value. Setting this too low may -# cause older BMCs to crash and require a hard reset. However, -# setting too high can cause the sync power state periodic -# task to hang when there are slow or unresponsive BMCs. -# (integer value) -#retry_timeout=60 - -# Minimum time, in seconds, between IPMI operations sent to a -# server. There is a risk with some hardware that setting this -# too low may cause the BMC to crash. Recommended setting is 5 -# seconds. (integer value) -#min_command_interval=5 - - -[irmc] - -# -# Options defined in ironic.drivers.modules.irmc.common -# - -# Port to be used for iRMC operations, either 80 or 443 -# (integer value) -#port=443 - -# Authentication method to be used for iRMC operations, either -# "basic" or "digest" (string value) -#auth_method=basic - -# Timeout (in seconds) for iRMC operations (integer value) -#client_timeout=60 - -# Sensor data retrieval method, either "ipmitool" or "scci" -# (string value) -#sensor_method=ipmitool - - -[keystone] - -# -# Options defined in ironic.common.keystone -# - -# The region used for getting endpoints of OpenStackservices. -# (string value) -#region_name=<None> - - -[keystone_authtoken] - -# -# Options defined in keystonemiddleware.auth_token -# - -# Complete public Identity API endpoint. (string value) -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 - -# API version of the admin Identity API endpoint. (string -# value) -#auth_version=<None> - -# Do not handle authorization requests within the middleware, -# but delegate the authorization decision to downstream WSGI -# components. (boolean value) -#delay_auth_decision=false - -# Request timeout value for communicating with Identity API -# server. (integer value) -#http_connect_timeout=<None> - -# How many times are we trying to reconnect when communicating -# with Identity API Server. (integer value) -#http_request_max_retries=3 - -# Env key for the swift cache. (string value) -#cache=<None> - -# Required if identity server requires client certificate -# (string value) -#certfile=<None> - -# Required if identity server requires client certificate -# (string value) -#keyfile=<None> - -# A PEM encoded Certificate Authority to use when verifying -# HTTPs connections. Defaults to system CAs. (string value) -#cafile=<None> - -# Verify HTTPS connections. (boolean value) -#insecure=false - -# Directory used to cache files related to PKI tokens. (string -# value) -#signing_dir=<None> - -# Optionally specify a list of memcached server(s) to use for -# caching. If left undefined, tokens will instead be cached -# in-process. (list value) -# Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers=<None> - -# In order to prevent excessive effort spent validating -# tokens, the middleware caches previously-seen tokens for a -# configurable duration (in seconds). Set to -1 to disable -# caching completely. (integer value) -#token_cache_time=300 - -# Determines the frequency at which the list of revoked tokens -# is retrieved from the Identity service (in seconds). A high -# number of revocation events combined with a low cache -# duration may significantly reduce performance. (integer -# value) -#revocation_cache_time=10 - -# (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable -# values are MAC or ENCRYPT. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token -# data is encrypted and authenticated in the cache. If the -# value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -#memcache_security_strategy=<None> - -# (Optional, mandatory if memcache_security_strategy is -# defined) This string is used for key derivation. (string -# value) -#memcache_secret_key=<None> - -# (Optional) Number of seconds memcached server is considered -# dead before it is tried again. (integer value) -#memcache_pool_dead_retry=300 - -# (Optional) Maximum total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize=10 - -# (Optional) Socket timeout in seconds for communicating with -# a memcache server. (integer value) -#memcache_pool_socket_timeout=3 - -# (Optional) Number of seconds a connection to memcached is -# held unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout=60 - -# (Optional) Number of seconds that an operation will wait to -# get a memcache client connection from the pool. (integer -# value) -#memcache_pool_conn_get_timeout=10 - -# (Optional) Use the advanced (eventlet safe) memcache client -# pool. The advanced pool will only work under python 2.x. -# (boolean value) -#memcache_use_advanced_pool=false - -# (Optional) Indicate whether to set the X-Service-Catalog -# header. If False, middleware will not ask for service -# catalog on token validation and will not set the X-Service- -# Catalog header. (boolean value) -#include_service_catalog=true - -# Used to control the use and type of token binding. Can be -# set to: "disabled" to not check token binding. "permissive" -# (default) to validate binding information if the bind type -# is of a form known to the server and ignore it if not. -# "strict" like "permissive" but if the bind type is unknown -# the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string -# value) -#enforce_token_bind=permissive - -# If true, the revocation list will be checked for cached -# tokens. This requires that PKI tokens are configured on the -# identity server. (boolean value) -#check_revocations_for_cached=false - -# Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those -# supported by Python standard hashlib.new(). The hashes will -# be tried in the order given, so put the preferred one first -# for performance. The result of the first hash will be stored -# in the cache. This will typically be set to multiple values -# only while migrating from a less secure algorithm to a more -# secure one. Once all the old tokens are expired this option -# should be set to a single value for better performance. -# (list value) -#hash_algorithms=md5 - -# Prefix to prepend at the beginning of the path. Deprecated, -# use identity_uri. (string value) -#auth_admin_prefix= - -# Host providing the admin Identity API endpoint. Deprecated, -# use identity_uri. (string value) -#auth_host=127.0.0.1 - -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -#auth_port=35357 - -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -#auth_protocol=https - -# Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint e.g. https://localhost:35357/ -# (string value) -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 - -# This option is deprecated and may be removed in a future -# release. Single shared secret with the Keystone -# configuration used for bootstrapping a Keystone -# installation, or otherwise bypassing the normal -# authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token=<None> - -# Service username. (string value) -admin_user = {{ IRONIC_SERVICE_USER }} - -# Service user password. (string value) -admin_password = {{ IRONIC_SERVICE_PASSWORD }} - -# Service tenant name. (string value) -admin_tenant_name=service - - -[matchmaker_redis] - -# -# Options defined in oslo.messaging -# - -# Host to locate redis. (string value) -#host=127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port=6379 - -# Password for Redis server (optional). (string value) -#password=<None> - - -[matchmaker_ring] - -# -# Options defined in oslo.messaging -# - -# Matchmaker ring file (JSON). (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json - - -[neutron] - -# -# Options defined in ironic.dhcp.neutron -# - -# URL for connecting to neutron. (string value) -url = http://{{ CONTROLLER_HOST_ADDRESS }}:9696 - -# Timeout value for connecting to neutron in seconds. (integer -# value) -#url_timeout=30 - -# Client retries in the case of a failed request. (integer -# value) -#retries=3 - -# Default authentication strategy to use when connecting to -# neutron. Can be either "keystone" or "noauth". Running -# neutron in noauth mode (related to but not affected by this -# setting) is insecure and should only be used for testing. -# (string value) -#auth_strategy=keystone - -# UUID of the network to create Neutron ports on when booting -# to a ramdisk for cleaning/zapping using Neutron DHCP (string -# value) -#cleaning_network_uuid=<None> - - -[oslo_concurrency] - -# -# Options defined in oslo.concurrency -# - -# Enables or disables inter-process locks. (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. For security, the -# specified directory should only be writable by the user -# running the processes that need locking. Defaults to -# environment variable OSLO_LOCK_PATH. If external locks are -# used, a lock path must be set. (string value) -#lock_path=<None> - - -[oslo_messaging_amqp] - -# -# Options defined in oslo.messaging -# - -# address prefix used when sending to a specific server -# (string value) -#server_request_prefix=exclusive - -# address prefix used when broadcasting to all servers (string -# value) -#broadcast_prefix=broadcast - -# address prefix when sending to any server in group (string -# value) -#group_request_prefix=unicast - -# Name for the AMQP container (string value) -#container_name=<None> - -# Timeout for inactive connections (in seconds) (integer -# value) -#idle_timeout=0 - -# Debug: dump AMQP frames to stdout (boolean value) -#trace=false - -# CA certificate PEM file for verifing server certificate -# (string value) -#ssl_ca_file= - -# Identifying certificate PEM file to present to clients -# (string value) -#ssl_cert_file= - -# Private key PEM file used to sign cert_file certificate -# (string value) -#ssl_key_file= - -# Password for decrypting ssl_key_file (if encrypted) (string -# value) -#ssl_key_password=<None> - -# Accept clients using either SSL or plain TCP (boolean value) -#allow_insecure_clients=false - - -[oslo_messaging_qpid] - -# -# Options defined in oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in AMQP. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - - -[oslo_messaging_rabbit] - -# -# Options defined in oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in AMQP. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# SSL version to use (valid only if SSL enabled). Valid values -# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may -# be available on some distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host = {{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port = {{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid = {{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -rabbit_password = {{ RABBITMQ_PASSWORD }} - -# The RabbitMQ login method. (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - -# Number of seconds after which the Rabbit broker is -# considered down if heartbeat's keep-alive fails (0 disable -# the heartbeat). (integer value) -#heartbeat_timeout_threshold=60 - -# How often times during the heartbeat_timeout_threshold we -# check the heartbeat. (integer value) -#heartbeat_rate=2 - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake -# (boolean value) -#fake_rabbit=false - - -[oslo_policy] - -# -# Options defined in oslo.policy -# - -# The JSON file that defines policies. (string value) -#policy_file=policy.json - -# Default rule. Enforced when a requested rule is not found. -# (string value) -#policy_default_rule=default - -# Directories where policy configuration files are stored. -# They can be relative to any directory in the search path -# defined by the config_dir option, or absolute paths. The -# file defined by policy_file must exist for these directories -# to be searched. Missing or empty directories are ignored. -# (multi valued) -#policy_dirs=policy.d - - -[pxe] - -# -# Options defined in ironic.drivers.modules.iscsi_deploy -# - -# Additional append parameters for baremetal PXE boot. (string -# value) -#pxe_append_params=nofb nomodeset vga=normal - -# Default file system format for ephemeral partition, if one -# is created. (string value) -#default_ephemeral_format=ext4 - -# Directory where images are stored on disk. (string value) -#images_path=/var/lib/ironic/images/ - -# Directory where master instance images are stored on disk. -# (string value) -#instance_master_path=/var/lib/ironic/master_images - -# Maximum size (in MiB) of cache for master images, including -# those in use. (integer value) -#image_cache_size=20480 - -# Maximum TTL (in minutes) for old master images in cache. -# (integer value) -#image_cache_ttl=10080 - -# The disk devices to scan while doing the deploy. (string -# value) -#disk_devices=cciss/c0d0,sda,hda,vda - - -# -# Options defined in ironic.drivers.modules.pxe -# - -# Template file for PXE configuration. (string value) -#pxe_config_template=$pybasedir/drivers/modules/pxe_config.template - -# Template file for PXE configuration for UEFI boot loader. -# (string value) -#uefi_pxe_config_template=$pybasedir/drivers/modules/elilo_efi_pxe_config.template - -# IP address of Ironic compute node's tftp server. (string -# value) -#tftp_server=$my_ip - -# Ironic compute node's tftp root path. (string value) -tftp_root=/srv/tftp_root/ - -# Directory where master tftp images are stored on disk. -# (string value) -tftp_master_path=/srv/tftp_root/master_images - -# Bootfile DHCP parameter. (string value) -#pxe_bootfile_name=pxelinux.0 - -# Bootfile DHCP parameter for UEFI boot mode. (string value) -#uefi_pxe_bootfile_name=elilo.efi - -# Ironic compute node's HTTP server URL. Example: -# http://192.1.2.3:8080 (string value) -#http_url=<None> - -# Ironic compute node's HTTP root path. (string value) -#http_root=/httpboot - -# Enable iPXE boot. (boolean value) -#ipxe_enabled=false - -# The path to the main iPXE script file. (string value) -#ipxe_boot_script=$pybasedir/drivers/modules/boot.ipxe - - -[seamicro] - -# -# Options defined in ironic.drivers.modules.seamicro -# - -# Maximum retries for SeaMicro operations (integer value) -#max_retry=3 - -# Seconds to wait for power action to be completed (integer -# value) -#action_timeout=10 - - -[snmp] - -# -# Options defined in ironic.drivers.modules.snmp -# - -# Seconds to wait for power action to be completed (integer -# value) -#power_timeout=10 - - -[ssh] - -# -# Options defined in ironic.drivers.modules.ssh -# - -# libvirt uri (string value) -#libvirt_uri=qemu:///system - - -[swift] - -# -# Options defined in ironic.common.swift -# - -# Maximum number of times to retry a Swift request, before -# failing. (integer value) -#swift_max_retries=2 - - -[virtualbox] - -# -# Options defined in ironic.drivers.modules.virtualbox -# - -# Port on which VirtualBox web service is listening. (integer -# value) -#port=18083 - - diff --git a/install-files/openstack/usr/share/openstack/iscsi.yml b/install-files/openstack/usr/share/openstack/iscsi.yml deleted file mode 100644 index b80377ae..00000000 --- a/install-files/openstack/usr/share/openstack/iscsi.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- hosts: localhost - tasks: - - name: Update kernel module dependencies - command: depmod -a - - - name: generate InitiatorName for iscsi - shell: iscsi-iname - register: initiator_name - - - lineinfile: - dest: /etc/iscsi/initiatorname.iscsi - regexp: '^InitiatorName=$' - line: 'InitiatorName={{ initiator_name.stdout }}' - backrefs: yes diff --git a/install-files/openstack/usr/share/openstack/keystone.yml b/install-files/openstack/usr/share/openstack/keystone.yml deleted file mode 100644 index 2fae4e98..00000000 --- a/install-files/openstack/usr/share/openstack/keystone.yml +++ /dev/null @@ -1,142 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/keystone.conf" - tasks: - - # RabbitMQ configuration, this may end up in a different playbook - - name: Create rabbitmq user - user: - name: rabbitmq - comment: Rabbitmq server daemon - shell: /sbin/nologin - home: /var/lib/rabbitmq - - - name: Create the rabbitmq directories - file: - path: "{{ item }}" - state: directory - owner: rabbitmq - group: rabbitmq - with_items: - - /var/run/rabbitmq - - /var/log/rabbitmq - - /etc/rabbitmq - - - name: Add the configuration needed for rabbitmq in /etc/rabbitmq using templates - template: - src: /usr/share/openstack/rabbitmq/{{ item }} - dest: /etc/rabbitmq/{{ item }} - owner: rabbitmq - group: rabbitmq - mode: 0644 - with_items: - - rabbitmq.config - - rabbitmq-env.conf - - - name: Enable and start rabbitmq services - service: - name: "{{ item }}" - enabled: yes - state: started - with_items: - - rabbitmq-server - - # Keystone configuration - - name: Create the keystone user. - user: - name: keystone - comment: Openstack Keystone Daemons - shell: /sbin/nologin - home: /var/lib/keystone - - - name: Create the /var folders for keystone - file: - path: "{{ item }}" - state: directory - owner: keystone - group: keystone - with_items: - - /var/run/keystone - - /var/lock/keystone - - /var/log/keystone - - /var/lib/keystone - - - name: Create /etc/keystone directory - file: - path: /etc/keystone - state: directory - - - name: Add the configuration needed for keystone in /etc using templates - template: - src: /usr/share/openstack/keystone/{{ item }} - dest: /etc/keystone/{{ item }} - with_lines: - - cd /usr/share/openstack/keystone && find -type f - - - name: Create postgresql user for keystone - postgresql_user: - name: "{{ KEYSTONE_DB_USER }}" - password: "{{ KEYSTONE_DB_PASSWORD }}" - sudo: yes - sudo_user: keystone - - - name: Create database for keystone services - postgresql_db: - name: keystone - owner: "{{ KEYSTONE_DB_USER }}" - sudo: yes - sudo_user: keystone - - - name: Initiate keystone database - command: keystone-manage db_sync - sudo: yes - sudo_user: keystone - - - name: Enable and start openstack-keystone service - service: - name: openstack-keystone.service - enabled: yes - state: started - - - name: Create admin tenant - keystone_user: - tenant: admin - tenant_description: Admin Tenant - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - - - name: Create admin user for the admin tenant - keystone_user: - user: admin - tenant: admin - password: "{{ KEYSTONE_ADMIN_PASSWORD }}" - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - - - name: Create admin role for admin user in the admin tenant - keystone_user: - role: admin - user: admin - tenant: admin - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - - - name: Create service tenant - keystone_user: - tenant: service - tenant_description: Service Tenant - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - - - name: Add keystone endpoint - keystone_service: - name: keystone - type: identity - description: Keystone Identity Service - publicurl: http://{{ ansible_hostname }}:5000/v2.0 - internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 - adminurl: http://{{ ansible_hostname }}:35357/v2.0 - region: regionOne - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 diff --git a/install-files/openstack/usr/share/openstack/keystone/keystone.conf b/install-files/openstack/usr/share/openstack/keystone/keystone.conf deleted file mode 100644 index 1a082601..00000000 --- a/install-files/openstack/usr/share/openstack/keystone/keystone.conf +++ /dev/null @@ -1,1733 +0,0 @@ -[DEFAULT] - -# -# From keystone -# - -# A "shared secret" that can be used to bootstrap Keystone. This "token" does -# not represent a user, and carries no explicit authorization. To disable in -# production (highly recommended), remove AdminTokenAuthMiddleware from your -# paste application pipelines (for example, in keystone-paste.ini). (string -# value) -admin_token = {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} - -# (Deprecated) The port which the OpenStack Compute service listens on. This -# option was only used for string replacement in the templated catalog backend. -# Templated catalogs should replace the "$(compute_port)s" substitution with -# the static port of the compute service. As of Juno, this option is deprecated -# and will be removed in the L release. (integer value) -#compute_port = 8774 - -# The base public endpoint URL for Keystone that is advertised to clients -# (NOTE: this does NOT affect how Keystone listens for connections). Defaults -# to the base host URL of the request. E.g. a request to -# http://server:5000/v3/users will default to http://server:5000. You should -# only need to set this value if the base URL contains a path (e.g. /prefix/v3) -# or the endpoint should be found on a different server. (string value) -#public_endpoint = <None> - -# The base admin endpoint URL for Keystone that is advertised to clients (NOTE: -# this does NOT affect how Keystone listens for connections). Defaults to the -# base host URL of the request. E.g. a request to http://server:35357/v3/users -# will default to http://server:35357. You should only need to set this value -# if the base URL contains a path (e.g. /prefix/v3) or the endpoint should be -# found on a different server. (string value) -#admin_endpoint = <None> - -# Maximum depth of the project hierarchy. WARNING: setting it to a large value -# may adversely impact performance. (integer value) -#max_project_tree_depth = 5 - -# Limit the sizes of user & project ID/names. (integer value) -#max_param_size = 64 - -# Similar to max_param_size, but provides an exception for token values. -# (integer value) -#max_token_size = 8192 - -# Similar to the member_role_name option, this represents the default role ID -# used to associate users with their default projects in the v2 API. This will -# be used as the explicit role where one is not specified by the v2 API. -# (string value) -#member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab - -# This is the role name used in combination with the member_role_id option; see -# that option for more detail. (string value) -#member_role_name = _member_ - -# The value passed as the keyword "rounds" to passlib's encrypt method. -# (integer value) -#crypt_strength = 40000 - -# The maximum number of entities that will be returned in a collection, with no -# limit set by default. This global limit may be then overridden for a specific -# driver, by specifying a list_limit in the appropriate section (e.g. -# [assignment]). (integer value) -#list_limit = <None> - -# Set this to false if you want to enable the ability for user, group and -# project entities to be moved between domains by updating their domain_id. -# Allowing such movement is not recommended if the scope of a domain admin is -# being restricted by use of an appropriate policy file (see -# policy.v3cloudsample as an example). (boolean value) -#domain_id_immutable = true - -# If set to true, strict password length checking is performed for password -# manipulation. If a password exceeds the maximum length, the operation will -# fail with an HTTP 403 Forbidden error. If set to false, passwords are -# automatically truncated to the maximum length. (boolean value) -#strict_password_check = false - -# The HTTP header used to determine the scheme for the original request, even -# if it was removed by an SSL terminating proxy. Typical value is -# "HTTP_X_FORWARDED_PROTO". (string value) -#secure_proxy_ssl_header = <None> - -# -# From keystone.notifications -# - -# Default publisher_id for outgoing notifications (string value) -#default_publisher_id = <None> - -# Define the notification format for Identity Service events. A "basic" -# notification has information about the resource being operated on. A "cadf" -# notification has the same information, as well as information about the -# initiator of the event. Valid options are: basic and cadf (string value) -#notification_format = basic - -# -# From keystone.openstack.common.eventlet_backdoor -# - -# Enable eventlet backdoor. Acceptable values are 0, <port>, and -# <start>:<end>, where 0 results in listening on a random tcp port number; -# <port> results in listening on the specified port number (and not enabling -# backdoor if that port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range of port numbers. -# The chosen port is displayed in the service's log file. (string value) -#backdoor_port = <None> - -# -# From oslo.log -# - -# Print debugging output (set logging level to DEBUG instead of default WARNING -# level). (boolean value) -#debug = false - -# Print more verbose output (set logging level to INFO instead of default -# WARNING level). (boolean value) -#verbose = false - -# The name of a logging configuration file. This file is appended to any -# existing logging configuration files. For details about logging configuration -# files, see the Python logging module documentation. (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = <None> - -# DEPRECATED. A logging.Formatter log message format string which may use any -# of the available logging.LogRecord attributes. This option is deprecated. -# Please use logging_context_format_string and logging_default_format_string -# instead. (string value) -#log_format = <None> - -# Format string for %%(asctime)s in log records. Default: %(default)s . (string -# value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is set, logging will -# go to stdout. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = <None> - -# (Optional) The base directory used for relative --log-file paths. (string -# value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = <None> - -# Use syslog for logging. Existing syslog format is DEPRECATED during I, and -# will change in J to honor RFC5424. (boolean value) -#use_syslog = false - -# (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, -# prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The -# format without the APP-NAME is deprecated in I, and will be removed in J. -# (boolean value) -#use_syslog_rfc_format = false - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility = LOG_USER - -# Log output to standard error. (boolean value) -#use_stderr = true - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. (string value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -# The format for an instance that is passed with the log message. (string -# value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. (string -# value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# -# From oslo.messaging -# - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. -# The "host" option should point or resolve to this address. (string value) -#rpc_zmq_bind_address = * - -# MatchMaker driver. (string value) -#rpc_zmq_matchmaker = oslo_messaging._drivers.matchmaker.MatchMakerLocalhost - -# ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port = 9501 - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts = 1 - -# Maximum number of ingress messages to locally buffer per topic. Default is -# unlimited. (integer value) -#rpc_zmq_topic_backlog = <None> - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir = /var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match -# "host" option, if running Nova. (string value) -#rpc_zmq_host = localhost - -# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. -# (integer value) -#rpc_cast_timeout = 30 - -# Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq = 300 - -# Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl = 600 - -# Size of RPC thread pool. (integer value) -#rpc_thread_pool_size = 64 - -# Driver or drivers to handle sending notifications. (multi valued) -#notification_driver = - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -#notification_topics = notifications - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout = 60 - -# A URL representing the messaging driver to use and its full configuration. If -# not set, we fall back to the rpc_backend option and driver specific -# configuration. (string value) -#transport_url = <None> - -# The messaging driver to use, defaults to rabbit. Other drivers include qpid -# and zmq. (string value) -rpc_backend = rabbit - -# The default exchange under which topics are scoped. May be overridden by an -# exchange name specified in the transport_url option. (string value) -#control_exchange = keystone - - -[assignment] - -# -# From keystone -# - -# Assignment backend driver. (string value) -#driver = <None> - - -[auth] - -# -# From keystone -# - -# Default auth methods. (list value) -#methods = external,password,token,oauth1 - -# The password auth plugin module. (string value) -#password = keystone.auth.plugins.password.Password - -# The token auth plugin module. (string value) -#token = keystone.auth.plugins.token.Token - -# The external (REMOTE_USER) auth plugin module. (string value) -#external = keystone.auth.plugins.external.DefaultDomain - -# The oAuth1.0 auth plugin module. (string value) -#oauth1 = keystone.auth.plugins.oauth1.OAuth - - -[cache] - -# -# From keystone -# - -# Prefix for building the configuration dictionary for the cache region. This -# should not need to be changed unless there is another dogpile.cache region -# with the same configuration name. (string value) -#config_prefix = cache.keystone - -# Default TTL, in seconds, for any cached item in the dogpile.cache region. -# This applies to any cached method that doesn't have an explicit cache -# expiration time defined for it. (integer value) -#expiration_time = 600 - -# Dogpile.cache backend module. It is recommended that Memcache with pooling -# (keystone.cache.memcache_pool) or Redis (dogpile.cache.redis) be used in -# production deployments. Small workloads (single process) like devstack can -# use the dogpile.cache.memory backend. (string value) -#backend = keystone.common.cache.noop - -# Arguments supplied to the backend module. Specify this option once per -# argument to be passed to the dogpile.cache backend. Example format: -# "<argname>:<value>". (multi valued) -#backend_argument = - -# Proxy classes to import that will affect the way the dogpile.cache backend -# functions. See the dogpile.cache documentation on changing-backend-behavior. -# (list value) -#proxies = - -# Global toggle for all caching using the should_cache_fn mechanism. (boolean -# value) -#enabled = false - -# Extra debugging from the cache backend (cache keys, get/set/delete/etc -# calls). This is only really useful if you need to see the specific cache- -# backend get/set/delete calls with the keys/values. Typically this should be -# left set to false. (boolean value) -#debug_cache_backend = false - -# Memcache servers in the format of "host:port". (dogpile.cache.memcache and -# keystone.cache.memcache_pool backends only). (list value) -#memcache_servers = localhost:11211 - -# Number of seconds memcached server is considered dead before it is tried -# again. (dogpile.cache.memcache and keystone.cache.memcache_pool backends -# only). (integer value) -#memcache_dead_retry = 300 - -# Timeout in seconds for every call to a server. (dogpile.cache.memcache and -# keystone.cache.memcache_pool backends only). (integer value) -#memcache_socket_timeout = 3 - -# Max total number of open connections to every memcached server. -# (keystone.cache.memcache_pool backend only). (integer value) -#memcache_pool_maxsize = 10 - -# Number of seconds a connection to memcached is held unused in the pool before -# it is closed. (keystone.cache.memcache_pool backend only). (integer value) -#memcache_pool_unused_timeout = 60 - -# Number of seconds that an operation will wait to get a memcache client -# connection. (integer value) -#memcache_pool_connection_get_timeout = 10 - - -[catalog] - -# -# From keystone -# - -# Catalog template file name for use with the template catalog backend. (string -# value) -#template_file = default_catalog.templates - -# Catalog backend driver. (string value) -#driver = keystone.catalog.backends.sql.Catalog - -# Toggle for catalog caching. This has no effect unless global caching is -# enabled. (boolean value) -#caching = true - -# Time to cache catalog data (in seconds). This has no effect unless global and -# catalog caching are enabled. (integer value) -#cache_time = <None> - -# Maximum number of entities that will be returned in a catalog collection. -# (integer value) -#list_limit = <None> - - -[credential] - -# -# From keystone -# - -# Credential backend driver. (string value) -#driver = keystone.credential.backends.sql.Credential - - -[database] - -# -# From oslo.db -# - -# The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -#sqlite_db = oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. (string -# value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -connection=postgresql://{{ KEYSTONE_DB_USER }}:{{ KEYSTONE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/keystone - -# The SQLAlchemy connection string to use to connect to the slave database. -# (string value) -#slave_connection = <None> - -# The SQL mode to be used for MySQL sessions. This option, including the -# default, overrides any server-set SQL mode. To use whatever SQL mode is set -# by the server configuration, set this to no value. Example: mysql_sql_mode= -# (string value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool. (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = <None> - -# Maximum number of database connection retries during startup. Set to -1 to -# specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = <None> - -# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = <None> - -# Enable the experimental use of database reconnect on connection lost. -# (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database operation up to -# db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries of a -# database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before error is -# raised. Set to -1 to specify an infinite retry count. (integer value) -#db_max_retries = 20 - - -[domain_config] - -# -# From keystone -# - -# Domain config backend driver. (string value) -#driver = keystone.resource.config_backends.sql.DomainConfig - -# Toggle for domain config caching. This has no effect unless global caching is -# enabled. (boolean value) -#caching = true - -# TTL (in seconds) to cache domain config data. This has no effect unless -# domain config caching is enabled. (integer value) -#cache_time = 300 - - -[endpoint_filter] - -# -# From keystone -# - -# Endpoint Filter backend driver (string value) -#driver = keystone.contrib.endpoint_filter.backends.sql.EndpointFilter - -# Toggle to return all active endpoints if no filter exists. (boolean value) -#return_all_endpoints_if_no_filter = true - - -[endpoint_policy] - -# -# From keystone -# - -# Endpoint policy backend driver (string value) -#driver = keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy - - -[eventlet_server] - -# -# From keystone -# - -# The number of worker processes to serve the public eventlet application. -# Defaults to number of CPUs (minimum of 2). (integer value) -# Deprecated group/name - [DEFAULT]/public_workers -#public_workers = <None> - -# The number of worker processes to serve the admin eventlet application. -# Defaults to number of CPUs (minimum of 2). (integer value) -# Deprecated group/name - [DEFAULT]/admin_workers -#admin_workers = <None> - -# The IP address of the network interface for the public service to listen on. -# (string value) -# Deprecated group/name - [DEFAULT]/bind_host -# Deprecated group/name - [DEFAULT]/public_bind_host -#public_bind_host = 0.0.0.0 - -# The port number which the public service listens on. (integer value) -# Deprecated group/name - [DEFAULT]/public_port -public_port = 5000 - -# The IP address of the network interface for the admin service to listen on. -# (string value) -# Deprecated group/name - [DEFAULT]/bind_host -# Deprecated group/name - [DEFAULT]/admin_bind_host -#admin_bind_host = 0.0.0.0 - -# The port number which the admin service listens on. (integer value) -# Deprecated group/name - [DEFAULT]/admin_port -admin_port = 35357 - -# Set this to true if you want to enable TCP_KEEPALIVE on server sockets, i.e. -# sockets used by the Keystone wsgi server for client connections. (boolean -# value) -# Deprecated group/name - [DEFAULT]/tcp_keepalive -#tcp_keepalive = false - -# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only -# applies if tcp_keepalive is true. (integer value) -# Deprecated group/name - [DEFAULT]/tcp_keepidle -#tcp_keepidle = 600 - - -[eventlet_server_ssl] - -# -# From keystone -# - -# Toggle for SSL support on the Keystone eventlet servers. (boolean value) -# Deprecated group/name - [ssl]/enable -#enable = false - -# Path of the certfile for SSL. For non-production environments, you may be -# interested in using `keystone-manage ssl_setup` to generate self-signed -# certificates. (string value) -# Deprecated group/name - [ssl]/certfile -#certfile = /etc/keystone/ssl/certs/keystone.pem - -# Path of the keyfile for SSL. (string value) -# Deprecated group/name - [ssl]/keyfile -#keyfile = /etc/keystone/ssl/private/keystonekey.pem - -# Path of the CA cert file for SSL. (string value) -# Deprecated group/name - [ssl]/ca_certs -#ca_certs = /etc/keystone/ssl/certs/ca.pem - -# Require client certificate. (boolean value) -# Deprecated group/name - [ssl]/cert_required -#cert_required = false - - -[federation] - -# -# From keystone -# - -# Federation backend driver. (string value) -#driver = keystone.contrib.federation.backends.sql.Federation - -# Value to be used when filtering assertion parameters from the environment. -# (string value) -#assertion_prefix = - -# Value to be used to obtain the entity ID of the Identity Provider from the -# environment (e.g. if using the mod_shib plugin this value is `Shib-Identity- -# Provider`). (string value) -#remote_id_attribute = <None> - -# A domain name that is reserved to allow federated ephemeral users to have a -# domain concept. Note that an admin will not be able to create a domain with -# this name or update an existing domain to this name. You are not advised to -# change this value unless you really have to. Changing this option to empty -# string or None will not have any impact and default name will be used. -# (string value) -#federated_domain_name = Federated - -# A list of trusted dashboard hosts. Before accepting a Single Sign-On request -# to return a token, the origin host must be a member of the trusted_dashboard -# list. This configuration option may be repeated for multiple values. For -# example: trusted_dashboard=http://acme.com trusted_dashboard=http://beta.com -# (multi valued) -#trusted_dashboard = - -# Location of Single Sign-On callback handler, will return a token to a trusted -# dashboard host. (string value) -#sso_callback_template = /etc/keystone/sso_callback_template.html - - -[fernet_tokens] - -# -# From keystone -# - -# Directory containing Fernet token keys. (string value) -#key_repository = /etc/keystone/fernet-keys/ - -# This controls how many keys are held in rotation by keystone-manage -# fernet_rotate before they are discarded. The default value of 3 means that -# keystone will maintain one staged key, one primary key, and one secondary -# key. Increasing this value means that additional secondary keys will be kept -# in the rotation. (integer value) -#max_active_keys = 3 - - -[identity] - -# -# From keystone -# - -# This references the domain to use for all Identity API v2 requests (which are -# not aware of domains). A domain with this ID will be created for you by -# keystone-manage db_sync in migration 008. The domain referenced by this ID -# cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API. -# There is nothing special about this domain, other than the fact that it must -# exist to order to maintain support for your v2 clients. (string value) -#default_domain_id = default - -# A subset (or all) of domains can have their own identity driver, each with -# their own partial configuration options, stored in either the resource -# backend or in a file in a domain configuration directory (depending on the -# setting of domain_configurations_from_database). Only values specific to the -# domain need to be specified in this manner. This feature is disabled by -# default; set to true to enable. (boolean value) -#domain_specific_drivers_enabled = false - -# Extract the domain specific configuration options from the resource backend -# where they have been stored with the domain data. This feature is disabled by -# default (in which case the domain specific options will be loaded from files -# in the domain configuration directory); set to true to enable. (boolean -# value) -#domain_configurations_from_database = false - -# Path for Keystone to locate the domain specific identity configuration files -# if domain_specific_drivers_enabled is set to true. (string value) -#domain_config_dir = /etc/keystone/domains - -# Identity backend driver. (string value) -#driver = keystone.identity.backends.sql.Identity - -# Toggle for identity caching. This has no effect unless global caching is -# enabled. (boolean value) -#caching = true - -# Time to cache identity data (in seconds). This has no effect unless global -# and identity caching are enabled. (integer value) -#cache_time = 600 - -# Maximum supported length for user passwords; decrease to improve performance. -# (integer value) -#max_password_length = 4096 - -# Maximum number of entities that will be returned in an identity collection. -# (integer value) -#list_limit = <None> - - -[identity_mapping] - -# -# From keystone -# - -# Keystone Identity Mapping backend driver. (string value) -#driver = keystone.identity.mapping_backends.sql.Mapping - -# Public ID generator for user and group entities. The Keystone identity mapper -# only supports generators that produce no more than 64 characters. (string -# value) -#generator = keystone.identity.id_generators.sha256.Generator - -# The format of user and group IDs changed in Juno for backends that do not -# generate UUIDs (e.g. LDAP), with keystone providing a hash mapping to the -# underlying attribute in LDAP. By default this mapping is disabled, which -# ensures that existing IDs will not change. Even when the mapping is enabled -# by using domain specific drivers, any users and groups from the default -# domain being handled by LDAP will still not be mapped to ensure their IDs -# remain backward compatible. Setting this value to False will enable the -# mapping for even the default LDAP driver. It is only safe to do this if you -# do not already have assignments for users and groups from the default LDAP -# domain, and it is acceptable for Keystone to provide the different IDs to -# clients than it did previously. Typically this means that the only time you -# can set this value to False is when configuring a fresh installation. -# (boolean value) -#backward_compatible_ids = true - - -[kvs] - -# -# From keystone -# - -# Extra dogpile.cache backend modules to register with the dogpile.cache -# library. (list value) -#backends = - -# Prefix for building the configuration dictionary for the KVS region. This -# should not need to be changed unless there is another dogpile.cache region -# with the same configuration name. (string value) -#config_prefix = keystone.kvs - -# Toggle to disable using a key-mangling function to ensure fixed length keys. -# This is toggle-able for debugging purposes, it is highly recommended to -# always leave this set to true. (boolean value) -#enable_key_mangler = true - -# Default lock timeout (in seconds) for distributed locking. (integer value) -#default_lock_timeout = 5 - - -[ldap] - -# -# From keystone -# - -# URL for connecting to the LDAP server. (string value) -#url = ldap://localhost - -# User BindDN to query the LDAP server. (string value) -#user = <None> - -# Password for the BindDN to query the LDAP server. (string value) -#password = <None> - -# LDAP server suffix (string value) -#suffix = cn=example,cn=com - -# If true, will add a dummy member to groups. This is required if the -# objectclass for groups requires the "member" attribute. (boolean value) -#use_dumb_member = false - -# DN of the "dummy member" to use when "use_dumb_member" is enabled. (string -# value) -#dumb_member = cn=dumb,dc=nonexistent - -# Delete subtrees using the subtree delete control. Only enable this option if -# your LDAP server supports subtree deletion. (boolean value) -#allow_subtree_delete = false - -# The LDAP scope for queries, this can be either "one" (onelevel/singleLevel) -# or "sub" (subtree/wholeSubtree). (string value) -#query_scope = one - -# Maximum results per page; a value of zero ("0") disables paging. (integer -# value) -#page_size = 0 - -# The LDAP dereferencing option for queries. This can be either "never", -# "searching", "always", "finding" or "default". The "default" option falls -# back to using default dereferencing configured by your ldap.conf. (string -# value) -#alias_dereferencing = default - -# Sets the LDAP debugging level for LDAP calls. A value of 0 means that -# debugging is not enabled. This value is a bitmask, consult your LDAP -# documentation for possible values. (integer value) -#debug_level = <None> - -# Override the system's default referral chasing behavior for queries. (boolean -# value) -#chase_referrals = <None> - -# Search base for users. (string value) -#user_tree_dn = <None> - -# LDAP search filter for users. (string value) -#user_filter = <None> - -# LDAP objectclass for users. (string value) -#user_objectclass = inetOrgPerson - -# LDAP attribute mapped to user id. WARNING: must not be a multivalued -# attribute. (string value) -#user_id_attribute = cn - -# LDAP attribute mapped to user name. (string value) -#user_name_attribute = sn - -# LDAP attribute mapped to user email. (string value) -#user_mail_attribute = mail - -# LDAP attribute mapped to password. (string value) -#user_pass_attribute = userPassword - -# LDAP attribute mapped to user enabled flag. (string value) -#user_enabled_attribute = enabled - -# Invert the meaning of the boolean enabled values. Some LDAP servers use a -# boolean lock attribute where "true" means an account is disabled. Setting -# "user_enabled_invert = true" will allow these lock attributes to be used. -# This setting will have no effect if "user_enabled_mask" or -# "user_enabled_emulation" settings are in use. (boolean value) -#user_enabled_invert = false - -# Bitmask integer to indicate the bit that the enabled value is stored in if -# the LDAP server represents "enabled" as a bit on an integer rather than a -# boolean. A value of "0" indicates the mask is not used. If this is not set to -# "0" the typical value is "2". This is typically used when -# "user_enabled_attribute = userAccountControl". (integer value) -#user_enabled_mask = 0 - -# Default value to enable users. This should match an appropriate int value if -# the LDAP server uses non-boolean (bitmask) values to indicate if a user is -# enabled or disabled. If this is not set to "True" the typical value is "512". -# This is typically used when "user_enabled_attribute = userAccountControl". -# (string value) -#user_enabled_default = True - -# List of attributes stripped off the user on update. (list value) -#user_attribute_ignore = default_project_id,tenants - -# LDAP attribute mapped to default_project_id for users. (string value) -#user_default_project_id_attribute = <None> - -# Allow user creation in LDAP backend. (boolean value) -#user_allow_create = true - -# Allow user updates in LDAP backend. (boolean value) -#user_allow_update = true - -# Allow user deletion in LDAP backend. (boolean value) -#user_allow_delete = true - -# If true, Keystone uses an alternative method to determine if a user is -# enabled or not by checking if they are a member of the -# "user_enabled_emulation_dn" group. (boolean value) -#user_enabled_emulation = false - -# DN of the group entry to hold enabled users when using enabled emulation. -# (string value) -#user_enabled_emulation_dn = <None> - -# List of additional LDAP attributes used for mapping additional attribute -# mappings for users. Attribute mapping format is <ldap_attr>:<user_attr>, -# where ldap_attr is the attribute in the LDAP entry and user_attr is the -# Identity API attribute. (list value) -#user_additional_attribute_mapping = - -# Search base for projects (string value) -# Deprecated group/name - [ldap]/tenant_tree_dn -#project_tree_dn = <None> - -# LDAP search filter for projects. (string value) -# Deprecated group/name - [ldap]/tenant_filter -#project_filter = <None> - -# LDAP objectclass for projects. (string value) -# Deprecated group/name - [ldap]/tenant_objectclass -#project_objectclass = groupOfNames - -# LDAP attribute mapped to project id. (string value) -# Deprecated group/name - [ldap]/tenant_id_attribute -#project_id_attribute = cn - -# LDAP attribute mapped to project membership for user. (string value) -# Deprecated group/name - [ldap]/tenant_member_attribute -#project_member_attribute = member - -# LDAP attribute mapped to project name. (string value) -# Deprecated group/name - [ldap]/tenant_name_attribute -#project_name_attribute = ou - -# LDAP attribute mapped to project description. (string value) -# Deprecated group/name - [ldap]/tenant_desc_attribute -#project_desc_attribute = description - -# LDAP attribute mapped to project enabled. (string value) -# Deprecated group/name - [ldap]/tenant_enabled_attribute -#project_enabled_attribute = enabled - -# LDAP attribute mapped to project domain_id. (string value) -# Deprecated group/name - [ldap]/tenant_domain_id_attribute -#project_domain_id_attribute = businessCategory - -# List of attributes stripped off the project on update. (list value) -# Deprecated group/name - [ldap]/tenant_attribute_ignore -#project_attribute_ignore = - -# Allow project creation in LDAP backend. (boolean value) -# Deprecated group/name - [ldap]/tenant_allow_create -#project_allow_create = true - -# Allow project update in LDAP backend. (boolean value) -# Deprecated group/name - [ldap]/tenant_allow_update -#project_allow_update = true - -# Allow project deletion in LDAP backend. (boolean value) -# Deprecated group/name - [ldap]/tenant_allow_delete -#project_allow_delete = true - -# If true, Keystone uses an alternative method to determine if a project is -# enabled or not by checking if they are a member of the -# "project_enabled_emulation_dn" group. (boolean value) -# Deprecated group/name - [ldap]/tenant_enabled_emulation -#project_enabled_emulation = false - -# DN of the group entry to hold enabled projects when using enabled emulation. -# (string value) -# Deprecated group/name - [ldap]/tenant_enabled_emulation_dn -#project_enabled_emulation_dn = <None> - -# Additional attribute mappings for projects. Attribute mapping format is -# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry -# and user_attr is the Identity API attribute. (list value) -# Deprecated group/name - [ldap]/tenant_additional_attribute_mapping -#project_additional_attribute_mapping = - -# Search base for roles. (string value) -#role_tree_dn = <None> - -# LDAP search filter for roles. (string value) -#role_filter = <None> - -# LDAP objectclass for roles. (string value) -#role_objectclass = organizationalRole - -# LDAP attribute mapped to role id. (string value) -#role_id_attribute = cn - -# LDAP attribute mapped to role name. (string value) -#role_name_attribute = ou - -# LDAP attribute mapped to role membership. (string value) -#role_member_attribute = roleOccupant - -# List of attributes stripped off the role on update. (list value) -#role_attribute_ignore = - -# Allow role creation in LDAP backend. (boolean value) -#role_allow_create = true - -# Allow role update in LDAP backend. (boolean value) -#role_allow_update = true - -# Allow role deletion in LDAP backend. (boolean value) -#role_allow_delete = true - -# Additional attribute mappings for roles. Attribute mapping format is -# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry -# and user_attr is the Identity API attribute. (list value) -#role_additional_attribute_mapping = - -# Search base for groups. (string value) -#group_tree_dn = <None> - -# LDAP search filter for groups. (string value) -#group_filter = <None> - -# LDAP objectclass for groups. (string value) -#group_objectclass = groupOfNames - -# LDAP attribute mapped to group id. (string value) -#group_id_attribute = cn - -# LDAP attribute mapped to group name. (string value) -#group_name_attribute = ou - -# LDAP attribute mapped to show group membership. (string value) -#group_member_attribute = member - -# LDAP attribute mapped to group description. (string value) -#group_desc_attribute = description - -# List of attributes stripped off the group on update. (list value) -#group_attribute_ignore = - -# Allow group creation in LDAP backend. (boolean value) -#group_allow_create = true - -# Allow group update in LDAP backend. (boolean value) -#group_allow_update = true - -# Allow group deletion in LDAP backend. (boolean value) -#group_allow_delete = true - -# Additional attribute mappings for groups. Attribute mapping format is -# <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry -# and user_attr is the Identity API attribute. (list value) -#group_additional_attribute_mapping = - -# CA certificate file path for communicating with LDAP servers. (string value) -#tls_cacertfile = <None> - -# CA certificate directory path for communicating with LDAP servers. (string -# value) -#tls_cacertdir = <None> - -# Enable TLS for communicating with LDAP servers. (boolean value) -#use_tls = false - -# Valid options for tls_req_cert are demand, never, and allow. (string value) -#tls_req_cert = demand - -# Enable LDAP connection pooling. (boolean value) -#use_pool = false - -# Connection pool size. (integer value) -#pool_size = 10 - -# Maximum count of reconnect trials. (integer value) -#pool_retry_max = 3 - -# Time span in seconds to wait between two reconnect trials. (floating point -# value) -#pool_retry_delay = 0.1 - -# Connector timeout in seconds. Value -1 indicates indefinite wait for -# response. (integer value) -#pool_connection_timeout = -1 - -# Connection lifetime in seconds. (integer value) -#pool_connection_lifetime = 600 - -# Enable LDAP connection pooling for end user authentication. If use_pool is -# disabled, then this setting is meaningless and is not used at all. (boolean -# value) -#use_auth_pool = false - -# End user auth connection pool size. (integer value) -#auth_pool_size = 100 - -# End user auth connection lifetime in seconds. (integer value) -#auth_pool_connection_lifetime = 60 - - -[matchmaker_redis] - -# -# From oslo.messaging -# - -# Host to locate redis. (string value) -#host = 127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port = 6379 - -# Password for Redis server (optional). (string value) -#password = <None> - - -[matchmaker_ring] - -# -# From oslo.messaging -# - -# Matchmaker ring file (JSON). (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile = /etc/oslo/matchmaker_ring.json - - -[memcache] - -# -# From keystone -# - -# Memcache servers in the format of "host:port". (list value) -#servers = localhost:11211 - -# Number of seconds memcached server is considered dead before it is tried -# again. This is used by the key value store system (e.g. token pooled -# memcached persistence backend). (integer value) -#dead_retry = 300 - -# Timeout in seconds for every call to a server. This is used by the key value -# store system (e.g. token pooled memcached persistence backend). (integer -# value) -#socket_timeout = 3 - -# Max total number of open connections to every memcached server. This is used -# by the key value store system (e.g. token pooled memcached persistence -# backend). (integer value) -#pool_maxsize = 10 - -# Number of seconds a connection to memcached is held unused in the pool before -# it is closed. This is used by the key value store system (e.g. token pooled -# memcached persistence backend). (integer value) -#pool_unused_timeout = 60 - -# Number of seconds that an operation will wait to get a memcache client -# connection. This is used by the key value store system (e.g. token pooled -# memcached persistence backend). (integer value) -#pool_connection_get_timeout = 10 - - -[oauth1] - -# -# From keystone -# - -# Credential backend driver. (string value) -#driver = keystone.contrib.oauth1.backends.sql.OAuth1 - -# Duration (in seconds) for the OAuth Request Token. (integer value) -#request_token_duration = 28800 - -# Duration (in seconds) for the OAuth Access Token. (integer value) -#access_token_duration = 86400 - - -[os_inherit] - -# -# From keystone -# - -# role-assignment inheritance to projects from owning domain or from projects -# higher in the hierarchy can be optionally enabled. (boolean value) -#enabled = false - - -[oslo_messaging_amqp] - -# -# From oslo.messaging -# - -# address prefix used when sending to a specific server (string value) -# Deprecated group/name - [amqp1]/server_request_prefix -#server_request_prefix = exclusive - -# address prefix used when broadcasting to all servers (string value) -# Deprecated group/name - [amqp1]/broadcast_prefix -#broadcast_prefix = broadcast - -# address prefix when sending to any server in group (string value) -# Deprecated group/name - [amqp1]/group_request_prefix -#group_request_prefix = unicast - -# Name for the AMQP container (string value) -# Deprecated group/name - [amqp1]/container_name -#container_name = <None> - -# Timeout for inactive connections (in seconds) (integer value) -# Deprecated group/name - [amqp1]/idle_timeout -#idle_timeout = 0 - -# Debug: dump AMQP frames to stdout (boolean value) -# Deprecated group/name - [amqp1]/trace -#trace = false - -# CA certificate PEM file for verifing server certificate (string value) -# Deprecated group/name - [amqp1]/ssl_ca_file -#ssl_ca_file = - -# Identifying certificate PEM file to present to clients (string value) -# Deprecated group/name - [amqp1]/ssl_cert_file -#ssl_cert_file = - -# Private key PEM file used to sign cert_file certificate (string value) -# Deprecated group/name - [amqp1]/ssl_key_file -#ssl_key_file = - -# Password for decrypting ssl_key_file (if encrypted) (string value) -# Deprecated group/name - [amqp1]/ssl_key_password -#ssl_key_password = <None> - -# Accept clients using either SSL or plain TCP (boolean value) -# Deprecated group/name - [amqp1]/allow_insecure_clients -#allow_insecure_clients = false - - -[oslo_messaging_qpid] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete = false - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size = 30 - -# Qpid broker hostname. (string value) -# Deprecated group/name - [DEFAULT]/qpid_hostname -#qpid_hostname = localhost - -# Qpid broker port. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_port -#qpid_port = 5672 - -# Qpid HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/qpid_hosts -#qpid_hosts = $qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -# Deprecated group/name - [DEFAULT]/qpid_username -#qpid_username = - -# Password for Qpid connection. (string value) -# Deprecated group/name - [DEFAULT]/qpid_password -#qpid_password = - -# Space separated list of SASL mechanisms to use for auth. (string value) -# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms -#qpid_sasl_mechanisms = - -# Seconds between connection keepalive heartbeats. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_heartbeat -#qpid_heartbeat = 60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -# Deprecated group/name - [DEFAULT]/qpid_protocol -#qpid_protocol = tcp - -# Whether to disable the Nagle algorithm. (boolean value) -# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay -#qpid_tcp_nodelay = true - -# The number of prefetched messages held by receiver. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity -#qpid_receiver_capacity = 1 - -# The qpid topology version to use. Version 1 is what was originally used by -# impl_qpid. Version 2 includes some backwards-incompatible changes that allow -# broker federation to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_topology_version -#qpid_topology_version = 1 - - -[oslo_messaging_rabbit] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete = false - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size = 30 - -# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and -# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some -# distributions. (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_version -#kombu_ssl_version = - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile -#kombu_ssl_keyfile = - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile -#kombu_ssl_certfile = - -# SSL certification authority file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs -#kombu_ssl_ca_certs = - -# How long to wait before reconnecting in response to an AMQP consumer cancel -# notification. (floating point value) -# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay -#kombu_reconnect_delay = 1.0 - -# The RabbitMQ broker address where a single node is used. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_host -rabbit_host = {{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_port -rabbit_port = {{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/rabbit_hosts -rabbit_hosts = $rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -rabbit_use_ssl = false - -# The RabbitMQ userid. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_userid -rabbit_userid = {{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_password -rabbit_password = {{ RABBITMQ_PASSWORD }} - -# The RabbitMQ login method. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_login_method -#rabbit_login_method = AMQPLAIN - -# The RabbitMQ virtual host. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_virtual_host -#rabbit_virtual_host = / - -# How frequently to retry connecting with RabbitMQ. (integer value) -#rabbit_retry_interval = 1 - -# How long to backoff for between retries when connecting to RabbitMQ. (integer -# value) -# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff -#rabbit_retry_backoff = 2 - -# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry -# count). (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_max_retries -#rabbit_max_retries = 0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you -# must wipe the RabbitMQ database. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_ha_queues -#rabbit_ha_queues = false - -# Number of seconds after which the Rabbit broker is considered down if -# heartbeat's keep-alive fails (0 disable the heartbeat). (integer value) -#heartbeat_timeout_threshold = 60 - -# How often times during the heartbeat_timeout_threshold we check the -# heartbeat. (integer value) -#heartbeat_rate = 2 - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) -# Deprecated group/name - [DEFAULT]/fake_rabbit -#fake_rabbit = false - - -[oslo_middleware] - -# -# From oslo.middleware -# - -# The maximum body size for each request, in bytes. (integer value) -# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size -# Deprecated group/name - [DEFAULT]/max_request_body_size -#max_request_body_size = 114688 - - -[oslo_policy] - -# -# From oslo.policy -# - -# The JSON file that defines policies. (string value) -# Deprecated group/name - [DEFAULT]/policy_file -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string value) -# Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule = default - -# Directories where policy configuration files are stored. They can be relative -# to any directory in the search path defined by the config_dir option, or -# absolute paths. The file defined by policy_file must exist for these -# directories to be searched. Missing or empty directories are ignored. (multi -# valued) -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs = policy.d - - -[paste_deploy] - -# -# From keystone -# - -# Name of the paste configuration file that defines the available pipelines. -# (string value) -#config_file = keystone-paste.ini - - -[policy] - -# -# From keystone -# - -# Policy backend driver. (string value) -#driver = keystone.policy.backends.sql.Policy - -# Maximum number of entities that will be returned in a policy collection. -# (integer value) -#list_limit = <None> - - -[resource] - -# -# From keystone -# - -# Resource backend driver. If a resource driver is not specified, the -# assignment driver will choose the resource driver. (string value) -#driver = <None> - -# Toggle for resource caching. This has no effect unless global caching is -# enabled. (boolean value) -# Deprecated group/name - [assignment]/caching -#caching = true - -# TTL (in seconds) to cache resource data. This has no effect unless global -# caching is enabled. (integer value) -# Deprecated group/name - [assignment]/cache_time -#cache_time = <None> - -# Maximum number of entities that will be returned in a resource collection. -# (integer value) -# Deprecated group/name - [assignment]/list_limit -#list_limit = <None> - - -[revoke] - -# -# From keystone -# - -# An implementation of the backend for persisting revocation events. (string -# value) -#driver = keystone.contrib.revoke.backends.sql.Revoke - -# This value (calculated in seconds) is added to token expiration before a -# revocation event may be removed from the backend. (integer value) -#expiration_buffer = 1800 - -# Toggle for revocation event caching. This has no effect unless global caching -# is enabled. (boolean value) -#caching = true - -# Time to cache the revocation list and the revocation events (in seconds). -# This has no effect unless global and token caching are enabled. (integer -# value) -# Deprecated group/name - [token]/revocation_cache_time -#cache_time = 3600 - - -[role] - -# -# From keystone -# - -# Role backend driver. (string value) -#driver = <None> - -# Toggle for role caching. This has no effect unless global caching is enabled. -# (boolean value) -#caching = true - -# TTL (in seconds) to cache role data. This has no effect unless global caching -# is enabled. (integer value) -#cache_time = <None> - -# Maximum number of entities that will be returned in a role collection. -# (integer value) -#list_limit = <None> - - -[saml] - -# -# From keystone -# - -# Default TTL, in seconds, for any generated SAML assertion created by -# Keystone. (integer value) -#assertion_expiration_time = 3600 - -# Binary to be called for XML signing. Install the appropriate package, specify -# absolute path or adjust your PATH environment variable if the binary cannot -# be found. (string value) -#xmlsec1_binary = xmlsec1 - -# Path of the certfile for SAML signing. For non-production environments, you -# may be interested in using `keystone-manage pki_setup` to generate self- -# signed certificates. Note, the path cannot contain a comma. (string value) -#certfile = /etc/keystone/ssl/certs/signing_cert.pem - -# Path of the keyfile for SAML signing. Note, the path cannot contain a comma. -# (string value) -#keyfile = /etc/keystone/ssl/private/signing_key.pem - -# Entity ID value for unique Identity Provider identification. Usually FQDN is -# set with a suffix. A value is required to generate IDP Metadata. For example: -# https://keystone.example.com/v3/OS-FEDERATION/saml2/idp (string value) -#idp_entity_id = <None> - -# Identity Provider Single-Sign-On service value, required in the Identity -# Provider's metadata. A value is required to generate IDP Metadata. For -# example: https://keystone.example.com/v3/OS-FEDERATION/saml2/sso (string -# value) -#idp_sso_endpoint = <None> - -# Language used by the organization. (string value) -#idp_lang = en - -# Organization name the installation belongs to. (string value) -#idp_organization_name = <None> - -# Organization name to be displayed. (string value) -#idp_organization_display_name = <None> - -# URL of the organization. (string value) -#idp_organization_url = <None> - -# Company of contact person. (string value) -#idp_contact_company = <None> - -# Given name of contact person (string value) -#idp_contact_name = <None> - -# Surname of contact person. (string value) -#idp_contact_surname = <None> - -# Email address of contact person. (string value) -#idp_contact_email = <None> - -# Telephone number of contact person. (string value) -#idp_contact_telephone = <None> - -# Contact type. Allowed values are: technical, support, administrative billing, -# and other (string value) -#idp_contact_type = other - -# Path to the Identity Provider Metadata file. This file should be generated -# with the keystone-manage saml_idp_metadata command. (string value) -#idp_metadata_path = /etc/keystone/saml2_idp_metadata.xml - -# The prefix to use for the RelayState SAML attribute, used when generating ECP -# wrapped assertions. (string value) -#relay_state_prefix = ss:mem: - - -[signing] - -# -# From keystone -# - -# Path of the certfile for token signing. For non-production environments, you -# may be interested in using `keystone-manage pki_setup` to generate self- -# signed certificates. (string value) -#certfile = /etc/keystone/ssl/certs/signing_cert.pem - -# Path of the keyfile for token signing. (string value) -#keyfile = /etc/keystone/ssl/private/signing_key.pem - -# Path of the CA for token signing. (string value) -#ca_certs = /etc/keystone/ssl/certs/ca.pem - -# Path of the CA key for token signing. (string value) -#ca_key = /etc/keystone/ssl/private/cakey.pem - -# Key size (in bits) for token signing cert (auto generated certificate). -# (integer value) -#key_size = 2048 - -# Days the token signing cert is valid for (auto generated certificate). -# (integer value) -#valid_days = 3650 - -# Certificate subject (auto generated certificate) for token signing. (string -# value) -#cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com - - -[ssl] - -# -# From keystone -# - -# Path of the CA key file for SSL. (string value) -#ca_key = /etc/keystone/ssl/private/cakey.pem - -# SSL key length (in bits) (auto generated certificate). (integer value) -#key_size = 1024 - -# Days the certificate is valid for once signed (auto generated certificate). -# (integer value) -#valid_days = 3650 - -# SSL certificate subject (auto generated certificate). (string value) -#cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=localhost - - -[token] - -# -# From keystone -# - -# External auth mechanisms that should add bind information to token, e.g., -# kerberos,x509. (list value) -#bind = - -# Enforcement policy on tokens presented to Keystone with bind information. One -# of disabled, permissive, strict, required or a specifically required bind -# mode, e.g., kerberos or x509 to require binding to that authentication. -# (string value) -#enforce_token_bind = permissive - -# Amount of time a token should remain valid (in seconds). (integer value) -#expiration = 3600 - -# Controls the token construction, validation, and revocation operations. Core -# providers are "keystone.token.providers.[fernet|pkiz|pki|uuid].Provider". -# (string value) -provider = keystone.token.providers.uuid.Provider - -# Token persistence backend driver. (string value) -driver = keystone.token.persistence.backends.sql.Token - -# Toggle for token system caching. This has no effect unless global caching is -# enabled. (boolean value) -#caching = true - -# Time to cache tokens (in seconds). This has no effect unless global and token -# caching are enabled. (integer value) -#cache_time = <None> - -# Revoke token by token identifier. Setting revoke_by_id to true enables -# various forms of enumerating tokens, e.g. `list tokens for user`. These -# enumerations are processed to determine the list of tokens to revoke. Only -# disable if you are switching to using the Revoke extension with a backend -# other than KVS, which stores events in memory. (boolean value) -#revoke_by_id = true - -# Allow rescoping of scoped token. Setting allow_rescoped_scoped_token to false -# prevents a user from exchanging a scoped token for any other token. (boolean -# value) -#allow_rescope_scoped_token = true - -# The hash algorithm to use for PKI tokens. This can be set to any algorithm -# that hashlib supports. WARNING: Before changing this value, the auth_token -# middleware must be configured with the hash_algorithms, otherwise token -# revocation will not be processed correctly. (string value) -#hash_algorithm = md5 - - -[trust] - -# -# From keystone -# - -# Delegation and impersonation features can be optionally disabled. (boolean -# value) -#enabled = true - -# Enable redelegation feature. (boolean value) -#allow_redelegation = false - -# Maximum depth of trust redelegation. (integer value) -#max_redelegation_count = 3 - -# Trust backend driver. (string value) -#driver = keystone.trust.backends.sql.Trust diff --git a/install-files/openstack/usr/share/openstack/network.yml b/install-files/openstack/usr/share/openstack/network.yml deleted file mode 100644 index f99f7f1a..00000000 --- a/install-files/openstack/usr/share/openstack/network.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -- hosts: localhost - vars_files: - - /etc/openstack/network.conf - tasks: -# Create the bridges to use the External network mapped - -# Count number of network interfaces (interfaces starting with 'e') - - shell: ls /sys/class/net | grep ^e.* | wc -l - register: number_interfaces - -# Abort if there number of interfaces != 1 - - fail: - msg: More than one, or none network interfaces found. - when: EXTERNAL_INTERFACE is not defined and number_interfaces.stdout != "1" - - - shell: ls /sys/class/net | grep ^e.* - register: interface_name - when: EXTERNAL_INTERFACE is not defined - - - set_fact: - ETH_INTERFACE: "{{ interface_name.stdout }}" - when: EXTERNAL_INTERFACE is not defined - - - set_fact: - ETH_INTERFACE: "{{ EXTERNAL_INTERFACE }}" - when: EXTERNAL_INTERFACE is defined - - - set_fact: - ETH_MAC_ADDRESS: "{{ hostvars['localhost']['ansible_' + ETH_INTERFACE]['macaddress'] }}" - - - name: Create the /run/systemd/network - file: - path: /run/systemd/network - state: directory - - - name: Disable dhcp on the bound physical interface - template: - src: /usr/share/openstack/extras/00-disable-device.network - dest: /run/systemd/network/00-disable-{{ item }}-config.network - with_items: - - "{{ ETH_INTERFACE }}" - - - name: Disable dhcp on all the internal interfaces - template: - src: /usr/share/openstack/extras/00-disable-device.network - dest: /run/systemd/network/00-disable-{{ item }}-config.network - with_items: - - ovs-system - - - openvswitch_bridge: - bridge: br-ex - state: present - - - openvswitch_port: - bridge: br-ex - port: "{{ ETH_INTERFACE }}" - state: present - - - shell: ovs-vsctl set bridge br-ex other-config:hwaddr={{ ETH_MAC_ADDRESS }} - - - name: Enable dhcp on the Open vSwitch device that replaces our external interface - template: - src: /usr/share/openstack/extras/60-device-dhcp.network - dest: /run/systemd/network/60-{{ item }}-dhcp.network - with_items: - - br-ex diff --git a/install-files/openstack/usr/share/openstack/neutron-config.yml b/install-files/openstack/usr/share/openstack/neutron-config.yml deleted file mode 100644 index 5d594353..00000000 --- a/install-files/openstack/usr/share/openstack/neutron-config.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/neutron.conf" - tasks: - - - name: Create the neutron user. - user: - name: neutron - comment: Openstack Neutron Daemons - shell: /sbin/nologin - home: /var/lib/neutron - - - name: Create the /var folders for neutron - file: - path: "{{ item }}" - state: directory - owner: neutron - group: neutron - with_items: - - /var/run/neutron - - /var/lock/neutron - - /var/log/neutron - - - name: Create the directories needed for Neutron configuration files. - file: - path: /etc/{{ item }} - state: directory - with_lines: - - cd /usr/share/openstack && find neutron -type d - - - name: Add configuration needed for neutron using templates - template: - src: /usr/share/openstack/{{ item }} - dest: /etc/{{ item }} - with_lines: - - cd /usr/share/openstack && find neutron -type f diff --git a/install-files/openstack/usr/share/openstack/neutron-db.yml b/install-files/openstack/usr/share/openstack/neutron-db.yml deleted file mode 100644 index fee53315..00000000 --- a/install-files/openstack/usr/share/openstack/neutron-db.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/neutron.conf" - tasks: - - name: Create neutron service user in service tenant - keystone_user: - user: "{{ NEUTRON_SERVICE_USER }}" - password: "{{ NEUTRON_SERVICE_PASSWORD }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Add admin role to neutron service user in service tenant - keystone_user: - role: admin - user: "{{ NEUTRON_SERVICE_USER }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - keystone_service: - name: neutron - type: network - description: Openstack Compute Networking - publicurl: http://{{ ansible_hostname }}:9696 - internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9696 - adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9696 - region: regionOne - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Create postgresql user for neutron - postgresql_user: - name: "{{ NEUTRON_DB_USER }}" - password: "{{ NEUTRON_DB_PASSWORD }}" - sudo: yes - sudo_user: neutron - - - name: Create database for neutron services - postgresql_db: - name: neutron - owner: "{{ NEUTRON_DB_USER }}" - sudo: yes - sudo_user: neutron - - - name: Initiate neutron database - shell: | - neutron-db-manage \ - --config-file /etc/neutron/neutron.conf \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ - upgrade head - sudo: yes - sudo_user: neutron diff --git a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini deleted file mode 100644 index 1ab4c806..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini +++ /dev/null @@ -1,89 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = False - -# The DHCP agent will resync its state with Neutron to recover from any -# transient notification or rpc errors. The interval is number of -# seconds between attempts. -# resync_interval = 5 - -# The DHCP agent requires an interface driver be set. Choose the one that best -# matches your plugin. -# interface_driver = - -# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, -# BigSwitch/Floodlight) -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Name of Open vSwitch bridge to use -# ovs_integration_bridge = br-int - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -# ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires -# no additional setup of the DHCP server. -dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq - -# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). This option is deprecated and -# will be removed in a future release, at which point the old behavior of -# use_namespaces = True will be enforced. -# use_namespaces = True - -# The DHCP server can assist with providing metadata support on isolated -# networks. Setting this value to True will cause the DHCP server to append -# specific host routes to the DHCP request. The metadata service will only -# be activated when the subnet does not contain any router port. The guest -# instance must be configured to request host routes via DHCP (Option 121). -enable_isolated_metadata = True - -# Allows for serving metadata requests coming from a dedicated metadata -# access network whose cidr is 169.254.169.254/16 (or larger prefix), and -# is connected to a Neutron router from which the VMs send metadata -# request. In this case DHCP Option 121 will not be injected in VMs, as -# they will be able to reach 169.254.169.254 through a router. -# This option requires enable_isolated_metadata = True -# enable_metadata_network = False - -# Number of threads to use during sync process. Should not exceed connection -# pool size configured on server. -# num_sync_threads = 4 - -# Location to store DHCP server config files -# dhcp_confs = $state_path/dhcp - -# Domain to use for building the hostnames -# dhcp_domain = openstacklocal - -# Override the default dnsmasq settings with this file -dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf - -# Comma-separated list of DNS servers which will be used by dnsmasq -# as forwarders. -# dnsmasq_dns_servers = - -# Limit number of leases to prevent a denial-of-service. -# dnsmasq_lease_max = 16777216 - -# Location to DHCP lease relay UNIX domain socket -# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay - -# Use broadcast in DHCP replies -# dhcp_broadcast_reply = False - -# dhcp_delete_namespaces, which is True by default, can be set to False if -# namespaces can't be deleted cleanly on the host running the DHCP agent. -# Disable this if you hit the issue in -# https://bugs.launchpad.net/neutron/+bug/1052535 or if -# you are sure that your version of iproute suffers from the problem. -# dhcp_delete_namespaces = True - -# Timeout for ovs-vsctl commands. -# If the timeout expires, ovs commands will fail with ALARMCLOCK error. -# ovs_vsctl_timeout = 10 diff --git a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini deleted file mode 100644 index bc1321e4..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini +++ /dev/null @@ -1,121 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = False - -# L3 requires that an interface driver be set. Choose the one that best -# matches your plugin. -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) -# that supports L3 agent -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver - -# Use veth for an OVS interface or not. -# Support kernels with limited namespace support -# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. -# ovs_use_veth = False - -# Example of interface_driver option for LinuxBridge -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver - -# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and -# iproute2 package that supports namespaces). This option is deprecated and -# will be removed in a future release, at which point the old behavior of -# use_namespaces = True will be enforced. -# use_namespaces = True - -# If use_namespaces is set as False then the agent can only configure one router. - -# This is done by setting the specific router_id. -# router_id = - -# When external_network_bridge is set, each L3 agent can be associated -# with no more than one external network. This value should be set to the UUID -# of that external network. To allow L3 agent support multiple external -# networks, both the external_network_bridge and gateway_external_network_id -# must be left empty. -# gateway_external_network_id = - -# With IPv6, the network used for the external gateway does not need -# to have an associated subnet, since the automatically assigned -# link-local address (LLA) can be used. However, an IPv6 gateway address -# is needed for use as the next-hop for the default route. If no IPv6 -# gateway address is configured here, (and only then) the neutron router -# will be configured to get its default route from router advertisements (RAs) -# from the upstream router; in which case the upstream router must also be -# configured to send these RAs. -# The ipv6_gateway, when configured, should be the LLA of the interface -# on the upstream router. If a next-hop using a global unique address (GUA) -# is desired, it needs to be done via a subnet allocated to the network -# and not through this parameter. -# ipv6_gateway = - -# Indicates that this L3 agent should also handle routers that do not have -# an external network gateway configured. This option should be True only -# for a single agent in a Neutron deployment, and may be False for all agents -# if all routers must have an external network gateway -# handle_internal_only_routers = True - -# Name of bridge used for external network traffic. This should be set to -# empty value for the linux bridge. when this parameter is set, each L3 agent -# can be associated with no more than one external network. -external_network_bridge = br-ex - -# TCP Port used by Neutron metadata server -# metadata_port = 9697 - -# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 -# to disable this feature. -# send_arp_for_ha = 3 - -# seconds between re-sync routers' data if needed -# periodic_interval = 40 - -# seconds to start to sync routers' data after -# starting agent -# periodic_fuzzy_delay = 5 - -# enable_metadata_proxy, which is true by default, can be set to False -# if the Nova metadata server is not available -# enable_metadata_proxy = True - -# Iptables mangle mark used to mark metadata valid requests -# metadata_access_mark = 0x1 - -# Iptables mangle mark used to mark ingress from external network -# external_ingress_mark = 0x2 - -# router_delete_namespaces, which is True by default, can be set to False if -# namespaces can't be deleted cleanly on the host running the L3 agent. -# Disable this if you hit the issue in -# https://bugs.launchpad.net/neutron/+bug/1052535 or if -# you are sure that your version of iproute suffers from the problem. -# If True, namespaces will be deleted when a router is destroyed. -# router_delete_namespaces = True - -# Timeout for ovs-vsctl commands. -# If the timeout expires, ovs commands will fail with ALARMCLOCK error. -# ovs_vsctl_timeout = 10 - -# The working mode for the agent. Allowed values are: -# - legacy: this preserves the existing behavior where the L3 agent is -# deployed on a centralized networking node to provide L3 services -# like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. -# - dvr: this mode enables DVR functionality, and must be used for an L3 -# agent that runs on a compute host. -# - dvr_snat: this enables centralized SNAT support in conjunction with -# DVR. This mode must be used for an L3 agent running on a centralized -# node (or in single-host deployments, e.g. devstack). -# agent_mode = legacy - -# Location to store keepalived and all HA configurations -# ha_confs_path = $state_path/ha_confs - -# VRRP authentication type AH/PASS -# ha_vrrp_auth_type = PASS - -# VRRP authentication password -# ha_vrrp_auth_password = - -# The advertisement interval in seconds -# ha_vrrp_advert_int = 2 diff --git a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini deleted file mode 100644 index ee89c943..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini +++ /dev/null @@ -1,68 +0,0 @@ -[DEFAULT] -# Show debugging output in log (sets DEBUG log level output) -# debug = True - -# The Neutron user information for accessing the Neutron API. -auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -auth_region = regionOne -# Turn off verification of the certificate for ssl -# auth_insecure = False -# Certificate Authority public key (CA cert) file for ssl -# auth_ca_cert = -admin_tenant_name = service -admin_user = {{ NEUTRON_SERVICE_USER }} -admin_password = {{ NEUTRON_SERVICE_PASSWORD }} - -# Network service endpoint type to pull from the keystone catalog -# endpoint_type = adminURL - -# IP address used by Nova metadata server -nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }} - -# TCP Port used by Nova metadata server -# nova_metadata_port = 8775 - -# Which protocol to use for requests to Nova metadata server, http or https -# nova_metadata_protocol = http - -# Whether insecure SSL connection should be accepted for Nova metadata server -# requests -# nova_metadata_insecure = False - -# Client certificate for nova api, needed when nova api requires client -# certificates -# nova_client_cert = - -# Private key for nova client certificate -# nova_client_priv_key = - -# When proxying metadata requests, Neutron signs the Instance-ID header with a -# shared secret to prevent spoofing. You may select any string for a secret, -# but it must match here and in the configuration used by the Nova Metadata -# Server. NOTE: Nova uses the same config key, but in [neutron] section. -metadata_proxy_shared_secret = {{ METADATA_PROXY_SHARED_SECRET }} - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy - -# Metadata Proxy UNIX domain socket mode, 3 values allowed: -# 'deduce': deduce mode from metadata_proxy_user/group values, -# 'user': set metadata proxy socket mode to 0o644, to use when -# metadata_proxy_user is agent effective user or root, -# 'group': set metadata proxy socket mode to 0o664, to use when -# metadata_proxy_group is agent effective group, -# 'all': set metadata proxy socket mode to 0o666, to use otherwise. -# metadata_proxy_socket_mode = deduce - -# Number of separate worker processes for metadata server. Defaults to -# half the number of CPU cores -# metadata_workers = - -# Number of backlog requests to configure the metadata server socket with -# metadata_backlog = 4096 - -# URL to connect to the cache backend. -# default_ttl=0 parameter will cause cache entries to never expire. -# Otherwise default_ttl specifies time in seconds a cache entry is valid for. -# No cache is used in case no value is passed. -# cache_url = memory://?default_ttl=5 diff --git a/install-files/openstack/usr/share/openstack/neutron/neutron.conf b/install-files/openstack/usr/share/openstack/neutron/neutron.conf deleted file mode 100644 index 33c6398a..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/neutron.conf +++ /dev/null @@ -1,1027 +0,0 @@ -[DEFAULT] -# Print more verbose output (set logging level to INFO instead of default WARNING level). -# verbose = False - -# =========Start Global Config Option for Distributed L3 Router=============== -# Setting the "router_distributed" flag to "True" will default to the creation -# of distributed tenant routers. The admin can override this flag by specifying -# the type of the router on the create request (admin-only attribute). Default -# value is "False" to support legacy mode (centralized) routers. -# -# router_distributed = False -# -# ===========End Global Config Option for Distributed L3 Router=============== - -# Print debugging output (set logging level to DEBUG instead of default WARNING level). -# debug = False - -# Where to store Neutron state files. This directory must be writable by the -# user executing the agent. -# state_path = /var/lib/neutron - -# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s -# log_date_format = %Y-%m-%d %H:%M:%S - -# use_syslog -> syslog -# log_file and log_dir -> log_dir/log_file -# (not log_file) and log_dir -> log_dir/{binary_name}.log -# use_stderr -> stderr -# (not user_stderr) and (not log_file) -> stdout -# publish_errors -> notification system - -use_syslog = True -# syslog_log_facility = LOG_USER - -# use_stderr = True -# log_file = -# log_dir = - -# publish_errors = False - -# Address to bind the API server to -# bind_host = 0.0.0.0 - -# Port the bind the API server to -# bind_port = 9696 - -# Path to the extensions. Note that this can be a colon-separated list of -# paths. For example: -# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions -# The __path__ of neutron.extensions is appended to this, so if your -# extensions are in there you don't need to specify them here -# api_extensions_path = - -# (StrOpt) Neutron core plugin entrypoint to be loaded from the -# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the -# plugins included in the neutron source distribution. For compatibility with -# previous versions, the class name of a plugin can be specified instead of its -# entrypoint name. -# -core_plugin = ml2 -# Example: core_plugin = ml2 - -# (ListOpt) List of service plugin entrypoints to be loaded from the -# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of -# the plugins included in the neutron source distribution. For compatibility -# with previous versions, the class name of a plugin can be specified instead -# of its entrypoint name. -# -service_plugins = router -# Example: service_plugins = router,firewall,lbaas,vpnaas,metering - -# Paste configuration file -# api_paste_config = api-paste.ini - -# (StrOpt) Hostname to be used by the neutron server, agents and services -# running on this machine. All the agents and services running on this machine -# must use the same host value. -# The default value is hostname of the machine. -# -# host = - -# The strategy to be used for auth. -# Supported values are 'keystone'(default), 'noauth'. -auth_strategy = keystone - -# Base MAC address. The first 3 octets will remain unchanged. If the -# 4h octet is not 00, it will also be used. The others will be -# randomly generated. -# 3 octet -# base_mac = fa:16:3e:00:00:00 -# 4 octet -# base_mac = fa:16:3e:4f:00:00 - -# DVR Base MAC address. The first 3 octets will remain unchanged. If the -# 4th octet is not 00, it will also be used. The others will be randomly -# generated. The 'dvr_base_mac' *must* be different from 'base_mac' to -# avoid mixing them up with MAC's allocated for tenant ports. -# A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00 -# The default is 3 octet -# dvr_base_mac = fa:16:3f:00:00:00 - -# Maximum amount of retries to generate a unique MAC address -# mac_generation_retries = 16 - -# DHCP Lease duration (in seconds). Use -1 to -# tell dnsmasq to use infinite lease times. -# dhcp_lease_duration = 86400 - -# Allow sending resource operation notification to DHCP agent -# dhcp_agent_notification = True - -# Enable or disable bulk create/update/delete operations -# allow_bulk = True -# Enable or disable pagination -# allow_pagination = False -# Enable or disable sorting -# allow_sorting = False -# Enable or disable overlapping IPs for subnets -# Attention: the following parameter MUST be set to False if Neutron is -# being used in conjunction with nova security groups -allow_overlapping_ips = True -# Ensure that configured gateway is on subnet. For IPv6, validate only if -# gateway is not a link local address. Deprecated, to be removed during the -# K release, at which point the check will be mandatory. -# force_gateway_on_subnet = True - -# Default maximum number of items returned in a single response, -# value == infinite and value < 0 means no max limit, and value must -# be greater than 0. If the number of items requested is greater than -# pagination_max_limit, server will just return pagination_max_limit -# of number of items. -# pagination_max_limit = -1 - -# Maximum number of DNS nameservers per subnet -# max_dns_nameservers = 5 - -# Maximum number of host routes per subnet -# max_subnet_host_routes = 20 - -# Maximum number of fixed ips per port -# max_fixed_ips_per_port = 5 - -# Maximum number of routes per router -# max_routes = 30 - -# Default Subnet Pool to be used for IPv4 subnet-allocation. -# Specifies by UUID the pool to be used in case of subnet-create being called -# without a subnet-pool ID. The default of None means that no pool will be -# used unless passed explicitly to subnet create. If no pool is used, then a -# CIDR must be passed to create a subnet and that subnet will not be allocated -# from any pool; it will be considered part of the tenant's private address -# space. -# default_ipv4_subnet_pool = - -# Default Subnet Pool to be used for IPv6 subnet-allocation. -# Specifies by UUID the pool to be used in case of subnet-create being -# called without a subnet-pool ID. Set to "prefix_delegation" -# to enable IPv6 Prefix Delegation in a PD-capable environment. -# See the description for default_ipv4_subnet_pool for more information. -# default_ipv6_subnet_pool = - -# =========== items for MTU selection and advertisement ============= -# Advertise MTU. If True, effort is made to advertise MTU -# settings to VMs via network methods (ie. DHCP and RA MTU options) -# when the network's preferred MTU is known. -# advertise_mtu = False -# ======== end of items for MTU selection and advertisement ========= - -# =========== items for agent management extension ============= -# Seconds to regard the agent as down; should be at least twice -# report_interval, to be sure the agent is down for good -# agent_down_time = 75 -# =========== end of items for agent management extension ===== - -# =========== items for agent scheduler extension ============= -# Driver to use for scheduling network to DHCP agent -# network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler -# Driver to use for scheduling router to a default L3 agent -# router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler -# Driver to use for scheduling a loadbalancer pool to an lbaas agent -# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler - -# (StrOpt) Representing the resource type whose load is being reported by -# the agent. -# This can be 'networks','subnets' or 'ports'. When specified (Default is networks), -# the server will extract particular load sent as part of its agent configuration object -# from the agent report state, which is the number of resources being consumed, at -# every report_interval. -# dhcp_load_type can be used in combination with network_scheduler_driver = -# neutron.scheduler.dhcp_agent_scheduler.WeightScheduler -# When the network_scheduler_driver is WeightScheduler, dhcp_load_type can -# be configured to represent the choice for the resource being balanced. -# Example: dhcp_load_type = networks -# Values: -# networks - number of networks hosted on the agent -# subnets - number of subnets associated with the networks hosted on the agent -# ports - number of ports associated with the networks hosted on the agent -# dhcp_load_type = networks - -# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted -# networks to first DHCP agent which sends get_active_networks message to -# neutron server -# network_auto_schedule = True - -# Allow auto scheduling routers to L3 agent. It will schedule non-hosted -# routers to first L3 agent which sends sync_routers message to neutron server -# router_auto_schedule = True - -# Allow automatic rescheduling of routers from dead L3 agents with -# admin_state_up set to True to alive agents. -# allow_automatic_l3agent_failover = False - -# Allow automatic removal of networks from dead DHCP agents with -# admin_state_up set to True. -# Networks could then be rescheduled if network_auto_schedule is True -# allow_automatic_dhcp_failover = True - -# Number of DHCP agents scheduled to host a tenant network. -# If this number is greater than 1, the scheduler automatically -# assigns multiple DHCP agents for a given tenant network, -# providing high availability for DHCP service. -# dhcp_agents_per_network = 1 - -# Enable services on agents with admin_state_up False. -# If this option is False, when admin_state_up of an agent is turned to -# False, services on it will be disabled. If this option is True, services -# on agents with admin_state_up False keep available and manual scheduling -# to such agents is available. Agents with admin_state_up False are not -# selected for automatic scheduling regardless of this option. -# enable_services_on_agents_with_admin_state_down = False - -# =========== end of items for agent scheduler extension ===== - -# =========== items for l3 extension ============== -# Enable high availability for virtual routers. -# l3_ha = False -# -# Maximum number of l3 agents which a HA router will be scheduled on. If it -# is set to 0 the router will be scheduled on every agent. -# max_l3_agents_per_router = 3 -# -# Minimum number of l3 agents which a HA router will be scheduled on. The -# default value is 2. -# min_l3_agents_per_router = 2 -# -# CIDR of the administrative network if HA mode is enabled -# l3_ha_net_cidr = 169.254.192.0/18 -# -# Enable snat by default on external gateway when available -# enable_snat_by_default = True -# =========== end of items for l3 extension ======= - -# =========== items for metadata proxy configuration ============== -# User (uid or name) running metadata proxy after its initialization -# (if empty: agent effective user) -# metadata_proxy_user = - -# Group (gid or name) running metadata proxy after its initialization -# (if empty: agent effective group) -# metadata_proxy_group = - -# Enable/Disable log watch by metadata proxy, it should be disabled when -# metadata_proxy_user/group is not allowed to read/write its log file and -# 'copytruncate' logrotate option must be used if logrotate is enabled on -# metadata proxy log files. Option default value is deduced from -# metadata_proxy_user: watch log is enabled if metadata_proxy_user is agent -# effective user id/name. -# metadata_proxy_watch_log = - -# Location of Metadata Proxy UNIX domain socket -# metadata_proxy_socket = $state_path/metadata_proxy -# =========== end of items for metadata proxy configuration ============== - -# ========== items for VLAN trunking networks ========== -# Setting this flag to True will allow plugins that support it to -# create VLAN transparent networks. This flag has no effect for -# plugins that do not support VLAN transparent networks. -# vlan_transparent = False -# ========== end of items for VLAN trunking networks ========== - -# =========== WSGI parameters related to the API server ============== -# Number of separate worker processes to spawn. The default, 0, runs the -# worker thread in the current process. Greater than 0 launches that number of -# child processes as workers. The parent process manages them. -# api_workers = 0 - -# Number of separate RPC worker processes to spawn. The default, 0, runs the -# worker thread in the current process. Greater than 0 launches that number of -# child processes as RPC workers. The parent process manages them. -# This feature is experimental until issues are addressed and testing has been -# enabled for various plugins for compatibility. -# rpc_workers = 0 - -# Timeout for client connections socket operations. If an -# incoming connection is idle for this number of seconds it -# will be closed. A value of '0' means wait forever. (integer -# value) -# client_socket_timeout = 900 - -# wsgi keepalive option. Determines if connections are allowed to be held open -# by clients after a request is fulfilled. A value of False will ensure that -# the socket connection will be explicitly closed once a response has been -# sent to the client. -# wsgi_keep_alive = True - -# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when -# starting API server. Not supported on OS X. -# tcp_keepidle = 600 - -# Number of seconds to keep retrying to listen -# retry_until_window = 30 - -# Number of backlog requests to configure the socket with. -# backlog = 4096 - -# Max header line to accommodate large tokens -# max_header_line = 16384 - -# Enable SSL on the API server -# use_ssl = False - -# Certificate file to use when starting API server securely -# ssl_cert_file = /path/to/certfile - -# Private key file to use when starting API server securely -# ssl_key_file = /path/to/keyfile - -# CA certificate file to use when starting API server securely to -# verify connecting clients. This is an optional parameter only required if -# API clients need to authenticate to the API server using SSL certificates -# signed by a trusted CA -# ssl_ca_file = /path/to/cafile -# ======== end of WSGI parameters related to the API server ========== - -# ======== neutron nova interactions ========== -# Send notification to nova when port status is active. -notify_nova_on_port_status_changes = True - -# Send notifications to nova when port data (fixed_ips/floatingips) change -# so nova can update it's cache. -notify_nova_on_port_data_changes = True - -# URL for connection to nova (Only supports one nova region currently). -nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2 - -# Name of nova region to use. Useful if keystone manages more than one region -# nova_region_name = - -# Username for connection to nova in admin context -# nova_admin_username = - -# The uuid of the admin nova tenant -# nova_admin_tenant_id = - -# The name of the admin nova tenant. If the uuid of the admin nova tenant -# is set, this is optional. Useful for cases where the uuid of the admin -# nova tenant is not available when configuration is being done. -# nova_admin_tenant_name = - -# Password for connection to nova in admin context. -# nova_admin_password = - -# Authorization URL for connection to nova in admin context. -# nova_admin_auth_url = - -# CA file for novaclient to verify server certificates -# nova_ca_certificates_file = - -# Boolean to control ignoring SSL errors on the nova url -# nova_api_insecure = False - -# Number of seconds between sending events to nova if there are any events to send -# send_events_interval = 2 - -# ======== end of neutron nova interactions ========== - -# -# Options defined in oslo.messaging -# - -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -# amqp_durable_queues=false - -# Auto-delete queues in amqp. (boolean value) -# amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -# rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -# qpid_hostname=localhost - -# Qpid broker port. (integer value) -# qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -# qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -# qpid_username= - -# Password for Qpid connection. (string value) -# qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -# qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -# qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -# qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -# qpid_tcp_nodelay=true - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -# qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some -# distributions. (string value) -# kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -# kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -# kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -# kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -# kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -# rabbit_host=localhost - -# The RabbitMQ broker port where a single node is used. -# (integer value) -# rabbit_port =5672 - -# RabbitMQ HA cluster host:port pairs. (list value) -# rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -# rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -# rabbit_userid=guest - -# The RabbitMQ password. (string value) -# rabbit_password=guest - -# the RabbitMQ login method (string value) -# rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -# rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -# rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -# rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -# rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -# rabbit_ha_queues=false - -# If passed, use a fake RabbitMQ provider. (boolean value) -# fake_rabbit=false - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -# rpc_zmq_bind_address=* - -# MatchMaker driver. (string value) -# rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost - -# ZeroMQ receiver listening port. (integer value) -# rpc_zmq_port=9501 - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -# rpc_zmq_contexts=1 - -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -# rpc_zmq_topic_backlog= - -# Directory for holding IPC sockets. (string value) -# rpc_zmq_ipc_dir=/var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -# rpc_zmq_host=oslo - -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -# rpc_cast_timeout=30 - -# Heartbeat frequency. (integer value) -# matchmaker_heartbeat_freq=300 - -# Heartbeat time-to-live. (integer value) -# matchmaker_heartbeat_ttl=600 - -# Size of RPC greenthread pool. (integer value) -# rpc_thread_pool_size=64 - -# Driver or drivers to handle sending notifications. (multi -# valued) -notification_driver = neutron.openstack.common.notifier.rpc_notifier - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -# notification_topics=notifications - -# Seconds to wait for a response from a call. (integer value) -# rpc_response_timeout=60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -# transport_url= - -# The messaging driver to use, defaults to rabbit. Other -# drivers include qpid and zmq. (string value) -rpc_backend = rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -# control_exchange=openstack - - -[matchmaker_redis] - -# -# Options defined in oslo.messaging -# - -# Host to locate redis. (string value) -# host=127.0.0.1 - -# Use this port to connect to redis host. (integer value) -# port=6379 - -# Password for Redis server (optional). (string value) -# password= - - -[matchmaker_ring] - -# -# Options defined in oslo.messaging -# - -# Matchmaker ring file (JSON). (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -# ringfile=/etc/oslo/matchmaker_ring.json - -[quotas] -# Default driver to use for quota checks -# quota_driver = neutron.db.quota_db.DbQuotaDriver - -# Resource name(s) that are supported in quota features -# This option is deprecated for removal in the M release, please refrain from using it -# quota_items = network,subnet,port - -# Default number of resource allowed per tenant. A negative value means -# unlimited. -# default_quota = -1 - -# Number of networks allowed per tenant. A negative value means unlimited. -# quota_network = 10 - -# Number of subnets allowed per tenant. A negative value means unlimited. -# quota_subnet = 10 - -# Number of ports allowed per tenant. A negative value means unlimited. -# quota_port = 50 - -# Number of security groups allowed per tenant. A negative value means -# unlimited. -# quota_security_group = 10 - -# Number of security group rules allowed per tenant. A negative value means -# unlimited. -# quota_security_group_rule = 100 - -# Number of vips allowed per tenant. A negative value means unlimited. -# quota_vip = 10 - -# Number of pools allowed per tenant. A negative value means unlimited. -# quota_pool = 10 - -# Number of pool members allowed per tenant. A negative value means unlimited. -# The default is unlimited because a member is not a real resource consumer -# on Openstack. However, on back-end, a member is a resource consumer -# and that is the reason why quota is possible. -# quota_member = -1 - -# Number of health monitors allowed per tenant. A negative value means -# unlimited. -# The default is unlimited because a health monitor is not a real resource -# consumer on Openstack. However, on back-end, a member is a resource consumer -# and that is the reason why quota is possible. -# quota_health_monitor = -1 - -# Number of loadbalancers allowed per tenant. A negative value means unlimited. -# quota_loadbalancer = 10 - -# Number of listeners allowed per tenant. A negative value means unlimited. -# quota_listener = -1 - -# Number of v2 health monitors allowed per tenant. A negative value means -# unlimited. These health monitors exist under the lbaas v2 API -# quota_healthmonitor = -1 - -# Number of routers allowed per tenant. A negative value means unlimited. -# quota_router = 10 - -# Number of floating IPs allowed per tenant. A negative value means unlimited. -# quota_floatingip = 50 - -# Number of firewalls allowed per tenant. A negative value means unlimited. -# quota_firewall = 1 - -# Number of firewall policies allowed per tenant. A negative value means -# unlimited. -# quota_firewall_policy = 1 - -# Number of firewall rules allowed per tenant. A negative value means -# unlimited. -# quota_firewall_rule = 100 - -[agent] -# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real -# root filter facility. -# Change to "sudo" to skip the filtering and just run the command directly -root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf - -# Set to true to add comments to generated iptables rules that describe -# each rule's purpose. (System must support the iptables comments module.) -# comment_iptables_rules = True - -# Root helper daemon application to use when possible. -# root_helper_daemon = - -# Use the root helper when listing the namespaces on a system. This may not -# be required depending on the security configuration. If the root helper is -# not required, set this to False for a performance improvement. -# use_helper_for_ns_read = True - -# The interval to check external processes for failure in seconds (0=disabled) -# check_child_processes_interval = 60 - -# Action to take when an external process spawned by an agent dies -# Values: -# respawn - Respawns the external process -# exit - Exits the agent -# check_child_processes_action = respawn - -# =========== items for agent management extension ============= -# seconds between nodes reporting state to server; should be less than -# agent_down_time, best if it is half or less than agent_down_time -# report_interval = 30 - -# =========== end of items for agent management extension ===== - -[keystone_authtoken] -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 -admin_tenant_name = service -admin_user = {{ NEUTRON_SERVICE_USER }} -admin_password = {{ NEUTRON_SERVICE_PASSWORD }} - -[database] -# This line MUST be changed to actually run the plugin. -# Example: -# connection = mysql://root:pass@127.0.0.1:3306/neutron -# Replace 127.0.0.1 above with the IP address of the database used by the -# main neutron server. (Leave it as is if the database runs on this host.) -connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron - -# NOTE: In deployment the [database] section and its connection attribute may -# be set in the corresponding core plugin '.ini' file. However, it is suggested -# to put the [database] section and its connection attribute in this -# configuration file. - -# Database engine for which script will be generated when using offline -# migration -# engine = - -# The SQLAlchemy connection string used to connect to the slave database -# slave_connection = - -# Database reconnection retry times - in event connectivity is lost -# set to -1 implies an infinite retry count -# max_retries = 10 - -# Database reconnection interval in seconds - if the initial connection to the -# database fails -# retry_interval = 10 - -# Minimum number of SQL connections to keep open in a pool -# min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool -# max_pool_size = 10 - -# Timeout in seconds before idle sql connections are reaped -# idle_timeout = 3600 - -# If set, use this value for max_overflow with sqlalchemy -# max_overflow = 20 - -# Verbosity of SQL debugging information. 0=None, 100=Everything -# connection_debug = 0 - -# Add python stack traces to SQL as comment strings -# connection_trace = False - -# If set, use this value for pool_timeout with sqlalchemy -# pool_timeout = 10 - -[nova] -# Name of the plugin to load -auth_plugin = password - -# Config Section from which to load plugin specific options -# auth_section = - -# PEM encoded Certificate Authority to use when verifying HTTPs connections. -# cafile = - -# PEM encoded client certificate cert file -# certfile = - -# Verify HTTPS connections. -# insecure = False - -# PEM encoded client certificate key file -# keyfile = - -# Name of nova region to use. Useful if keystone manages more than one region. -region_name = regionOne - -# Timeout value for http requests -# timeout = - -# Authorization URL for connection to nova in admin context. -auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - -# Username for connection to nova in admin context -username = {{ NOVA_SERVICE_USER }} - -# Password for connection to nova in admin context. -password = {{ NOVA_SERVICE_PASSWORD }} - -# The uuid of the admin nova tenant -# tenant_id = - -# The name of the admin nova tenant. If the uuid of the admin nova tenant -# is set, this is optional. Useful for cases where the uuid of the admin -# nova tenant is not available when configuration is being done. -tenant_name = service - -[oslo_concurrency] - -# Directory to use for lock files. For security, the specified directory should -# only be writable by the user running the processes that need locking. -# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, -# a lock path must be set. -lock_path = $state_path/lock - -# Enables or disables inter-process locks. -# disable_process_locking = False - -[oslo_policy] - -# The JSON file that defines policies. -# policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. -# policy_default_rule = default - -# Directories where policy configuration files are stored. -# They can be relative to any directory in the search path defined by the -# config_dir option, or absolute paths. The file defined by policy_file -# must exist for these directories to be searched. Missing or empty -# directories are ignored. -# policy_dirs = policy.d - -[oslo_messaging_amqp] - -# -# From oslo.messaging -# - -# Address prefix used when sending to a specific server (string value) -# Deprecated group/name - [amqp1]/server_request_prefix -# server_request_prefix = exclusive - -# Address prefix used when broadcasting to all servers (string value) -# Deprecated group/name - [amqp1]/broadcast_prefix -# broadcast_prefix = broadcast - -# Address prefix when sending to any server in group (string value) -# Deprecated group/name - [amqp1]/group_request_prefix -# group_request_prefix = unicast - -# Name for the AMQP container (string value) -# Deprecated group/name - [amqp1]/container_name -# container_name = - -# Timeout for inactive connections (in seconds) (integer value) -# Deprecated group/name - [amqp1]/idle_timeout -# idle_timeout = 0 - -# Debug: dump AMQP frames to stdout (boolean value) -# Deprecated group/name - [amqp1]/trace -# trace = false - -# CA certificate PEM file for verifing server certificate (string value) -# Deprecated group/name - [amqp1]/ssl_ca_file -# ssl_ca_file = - -# Identifying certificate PEM file to present to clients (string value) -# Deprecated group/name - [amqp1]/ssl_cert_file -# ssl_cert_file = - -# Private key PEM file used to sign cert_file certificate (string value) -# Deprecated group/name - [amqp1]/ssl_key_file -# ssl_key_file = - -# Password for decrypting ssl_key_file (if encrypted) (string value) -# Deprecated group/name - [amqp1]/ssl_key_password -# ssl_key_password = - -# Accept clients using either SSL or plain TCP (boolean value) -# Deprecated group/name - [amqp1]/allow_insecure_clients -# allow_insecure_clients = false - - -[oslo_messaging_qpid] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -# amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -# amqp_auto_delete = false - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -# rpc_conn_pool_size = 30 - -# Qpid broker hostname. (string value) -# Deprecated group/name - [DEFAULT]/qpid_hostname -# qpid_hostname = localhost - -# Qpid broker port. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_port -# qpid_port = 5672 - -# Qpid HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/qpid_hosts -# qpid_hosts = $qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -# Deprecated group/name - [DEFAULT]/qpid_username -# qpid_username = - -# Password for Qpid connection. (string value) -# Deprecated group/name - [DEFAULT]/qpid_password -# qpid_password = - -# Space separated list of SASL mechanisms to use for auth. (string value) -# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms -# qpid_sasl_mechanisms = - -# Seconds between connection keepalive heartbeats. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_heartbeat -# qpid_heartbeat = 60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -# Deprecated group/name - [DEFAULT]/qpid_protocol -# qpid_protocol = tcp - -# Whether to disable the Nagle algorithm. (boolean value) -# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay -# qpid_tcp_nodelay = true - -# The number of prefetched messages held by receiver. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity -# qpid_receiver_capacity = 1 - -# The qpid topology version to use. Version 1 is what was originally used by -# impl_qpid. Version 2 includes some backwards-incompatible changes that allow -# broker federation to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_topology_version -# qpid_topology_version = 1 - - -[oslo_messaging_rabbit] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -# amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -# amqp_auto_delete = false - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -# rpc_conn_pool_size = 30 - -# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and -# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some -# distributions. (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_version -# kombu_ssl_version = - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile -# kombu_ssl_keyfile = - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile -# kombu_ssl_certfile = - -# SSL certification authority file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs -# kombu_ssl_ca_certs = - -# How long to wait before reconnecting in response to an AMQP consumer cancel -# notification. (floating point value) -# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay -# kombu_reconnect_delay = 1.0 - -# The RabbitMQ broker address where a single node is used. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_host -rabbit_host = {{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_port -rabbit_port = {{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/rabbit_hosts -# rabbit_hosts = $rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -# rabbit_use_ssl = false - -# The RabbitMQ userid. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_userid -rabbit_userid = {{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_password -rabbit_password = {{ RABBITMQ_PASSWORD }} - -# The RabbitMQ login method. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_login_method -# rabbit_login_method = AMQPLAIN - -# The RabbitMQ virtual host. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_virtual_host -# rabbit_virtual_host = / - -# How frequently to retry connecting with RabbitMQ. (integer value) -# rabbit_retry_interval = 1 - -# How long to backoff for between retries when connecting to RabbitMQ. (integer -# value) -# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff -# rabbit_retry_backoff = 2 - -# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry -# count). (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_max_retries -# rabbit_max_retries = 0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you -# must wipe the RabbitMQ database. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_ha_queues -# rabbit_ha_queues = false - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) -# Deprecated group/name - [DEFAULT]/fake_rabbit -# fake_rabbit = false diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini deleted file mode 100644 index 3258a40f..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini +++ /dev/null @@ -1,113 +0,0 @@ -[ml2] -# (ListOpt) List of network type driver entrypoints to be loaded from -# the neutron.ml2.type_drivers namespace. -# -type_drivers = flat,gre -# Example: type_drivers = flat,vlan,gre,vxlan - -# (ListOpt) Ordered list of network_types to allocate as tenant -# networks. The default value 'local' is useful for single-box testing -# but provides no connectivity between hosts. -# -tenant_network_types = gre -# Example: tenant_network_types = vlan,gre,vxlan - -# (ListOpt) Ordered list of networking mechanism driver entrypoints -# to be loaded from the neutron.ml2.mechanism_drivers namespace. -mechanism_drivers = openvswitch -# Example: mechanism_drivers = openvswitch,mlnx -# Example: mechanism_drivers = arista -# Example: mechanism_drivers = cisco,logger -# Example: mechanism_drivers = openvswitch,brocade -# Example: mechanism_drivers = linuxbridge,brocade - -# (ListOpt) Ordered list of extension driver entrypoints -# to be loaded from the neutron.ml2.extension_drivers namespace. -# extension_drivers = -# Example: extension_drivers = anewextensiondriver - -# =========== items for MTU selection and advertisement ============= -# (IntOpt) Path MTU. The maximum permissible size of an unfragmented -# packet travelling from and to addresses where encapsulated Neutron -# traffic is sent. Drivers calculate maximum viable MTU for -# validating tenant requests based on this value (typically, -# path_mtu - max encap header size). If <=0, the path MTU is -# indeterminate and no calculation takes place. -# path_mtu = 0 - -# (IntOpt) Segment MTU. The maximum permissible size of an -# unfragmented packet travelling a L2 network segment. If <=0, -# the segment MTU is indeterminate and no calculation takes place. -# segment_mtu = 0 - -# (ListOpt) Physical network MTUs. List of mappings of physical -# network to MTU value. The format of the mapping is -# <physnet>:<mtu val>. This mapping allows specifying a -# physical network MTU value that differs from the default -# segment_mtu value. -# physical_network_mtus = -# Example: physical_network_mtus = physnet1:1550, physnet2:1500 -# ======== end of items for MTU selection and advertisement ========= - -# (StrOpt) Default network type for external networks when no provider -# attributes are specified. By default it is None, which means that if -# provider attributes are not specified while creating external networks -# then they will have the same type as tenant networks. -# Allowed values for external_network_type config option depend on the -# network type values configured in type_drivers config option. -# external_network_type = -# Example: external_network_type = local - -[ml2_type_flat] -# (ListOpt) List of physical_network names with which flat networks -# can be created. Use * to allow flat networks with arbitrary -# physical_network names. -# -flat_networks = External -# Example:flat_networks = physnet1,physnet2 -# Example:flat_networks = * - -[ml2_type_vlan] -# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples -# specifying physical_network names usable for VLAN provider and -# tenant networks, as well as ranges of VLAN tags on each -# physical_network available for allocation as tenant networks. -# -# network_vlan_ranges = -# Example: network_vlan_ranges = physnet1:1000:2999,physnet2 - -[ml2_type_gre] -# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation -tunnel_id_ranges = 1:1000 - -[ml2_type_vxlan] -# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating -# ranges of VXLAN VNI IDs that are available for tenant network allocation. -# -# vni_ranges = - -# (StrOpt) Multicast group for the VXLAN interface. When configured, will -# enable sending all broadcast traffic to this multicast group. When left -# unconfigured, will disable multicast VXLAN mode. -# -# vxlan_group = -# Example: vxlan_group = 239.1.1.1 - -[securitygroup] -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -enable_security_group = True - -# Use ipset to speed-up the iptables security groups. Enabling ipset support -# requires that ipset is installed on L2 agent node. -enable_ipset = True - -firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -[ovs] -local_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} -enable_tunneling = True -bridge_mappings=External:br-ex - -[agent] -tunnel_types = gre diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ryu/ryu.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ryu/ryu.ini deleted file mode 100644 index 9d9cfa25..00000000 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ryu/ryu.ini +++ /dev/null @@ -1,44 +0,0 @@ -[ovs] -# integration_bridge = br-int - -# openflow_rest_api = <host IP address of ofp rest api service>:<port: 8080> -# openflow_rest_api = 127.0.0.1:8080 - -# tunnel key range: 0 < tunnel_key_min < tunnel_key_max -# VLAN: 12bits, GRE, VXLAN: 24bits -# tunnel_key_min = 1 -# tunnel_key_max = 0xffffff - -# tunnel_ip = <ip address for tunneling> -# tunnel_interface = interface for tunneling -# when tunnel_ip is NOT specified, ip address is read -# from this interface -# tunnel_ip = -# tunnel_interface = -tunnel_interface = eth0 - -# ovsdb_port = port number on which ovsdb is listening -# ryu-agent uses this parameter to setup ovsdb. -# ovs-vsctl set-manager ptcp:<ovsdb_port> -# See set-manager section of man ovs-vsctl for details. -# currently ptcp is only supported. -# ovsdb_ip = <host IP address on which ovsdb is listening> -# ovsdb_interface = interface for ovsdb -# when ovsdb_addr NOT specifiied, ip address is gotten -# from this interface -# ovsdb_port = 6634 -# ovsdb_ip = -# ovsdb_interface = -ovsdb_interface = eth0 - -[securitygroup] -# Firewall driver for realizing neutron security group function -# firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -# Controls if neutron security group is enabled or not. -# It should be false when you use nova security group. -# enable_security_group = True - -[agent] -# Agent's polling interval in seconds -# polling_interval = 2 diff --git a/install-files/openstack/usr/share/openstack/nova-config.yml b/install-files/openstack/usr/share/openstack/nova-config.yml deleted file mode 100644 index 4f43db39..00000000 --- a/install-files/openstack/usr/share/openstack/nova-config.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/nova.conf" - tasks: - - name: Create the nova user. - user: - name: nova - comment: Openstack Nova Daemons - shell: /sbin/nologin - home: /var/lib/nova - groups: libvirt - append: yes - - - name: Create the /var folders for nova - file: - path: "{{ item }}" - state: directory - owner: nova - group: nova - with_items: - - /var/run/nova - - /var/lock/nova - - /var/log/nova - - /var/lib/nova - - /var/lib/nova/instances - - - file: path=/etc/nova state=directory - - name: Add the configuration needed for nova in /etc/nova using templates - template: - src: /usr/share/openstack/nova/{{ item }} - dest: /etc/nova/{{ item }} - with_lines: - - cd /usr/share/openstack/nova && find -type f diff --git a/install-files/openstack/usr/share/openstack/nova-db.yml b/install-files/openstack/usr/share/openstack/nova-db.yml deleted file mode 100644 index 0e933ba8..00000000 --- a/install-files/openstack/usr/share/openstack/nova-db.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/nova.conf" - tasks: - - name: Create nova service user in service tenant - keystone_user: - user: "{{ NOVA_SERVICE_USER }}" - password: "{{ NOVA_SERVICE_PASSWORD }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Assign admin role to nova service user in the service tenant - keystone_user: - role: admin - user: "{{ NOVA_SERVICE_USER }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Add nova endpoint - keystone_service: - name: nova - type: compute - description: Openstack Compute Service - publicurl: 'http://{{ ansible_hostname }}:8774/v2/%(tenant_id)s' - internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' - adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' - region: 'regionOne' - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Create postgresql user for nova - postgresql_user: - name: "{{ NOVA_DB_USER }}" - login_host: "{{ CONTROLLER_HOST_ADDRESS }}" - password: "{{ NOVA_DB_PASSWORD }}" - sudo: yes - sudo_user: nova - - - name: Create database for nova services - postgresql_db: - name: nova - owner: "{{ NOVA_DB_USER }}" - login_host: "{{ CONTROLLER_HOST_ADDRESS }}" - sudo: yes - sudo_user: nova - - - name: Initiate nova database - command: nova-manage db sync - sudo: yes - sudo_user: nova diff --git a/install-files/openstack/usr/share/openstack/nova/nova-compute.conf b/install-files/openstack/usr/share/openstack/nova/nova-compute.conf deleted file mode 100644 index 8d186211..00000000 --- a/install-files/openstack/usr/share/openstack/nova/nova-compute.conf +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -compute_driver={{ COMPUTE_DRIVER }} -[libvirt] -virt_type={{ NOVA_VIRT_TYPE }} diff --git a/install-files/openstack/usr/share/openstack/nova/nova.conf b/install-files/openstack/usr/share/openstack/nova/nova.conf deleted file mode 100644 index f2db93fc..00000000 --- a/install-files/openstack/usr/share/openstack/nova/nova.conf +++ /dev/null @@ -1,4008 +0,0 @@ -[DEFAULT] - -# -# From oslo.messaging -# - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. -# The "host" option should point or resolve to this address. (string value) -#rpc_zmq_bind_address = * - -# MatchMaker driver. (string value) -#rpc_zmq_matchmaker = oslo_messaging._drivers.matchmaker.MatchMakerLocalhost - -# ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port = 9501 - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts = 1 - -# Maximum number of ingress messages to locally buffer per topic. Default is -# unlimited. (integer value) -#rpc_zmq_topic_backlog = <None> - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir = /var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match -# "host" option, if running Nova. (string value) -#rpc_zmq_host = localhost - -# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. -# (integer value) -#rpc_cast_timeout = 30 - -# Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq = 300 - -# Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl = 600 - -# Size of RPC thread pool. (integer value) -#rpc_thread_pool_size = 64 - -# Driver or drivers to handle sending notifications. (multi valued) -notification_driver = messagingv2 - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -#notification_topics = notifications - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout = 60 - -# A URL representing the messaging driver to use and its full configuration. If -# not set, we fall back to the rpc_backend option and driver specific -# configuration. (string value) -#transport_url = <None> - -# The messaging driver to use, defaults to rabbit. Other drivers include qpid -# and zmq. (string value) -rpc_backend = rabbit - -# The default exchange under which topics are scoped. May be overridden by an -# exchange name specified in the transport_url option. (string value) -#control_exchange = openstack - - -# -# Options defined in nova.availability_zones -# - -# The availability_zone to show internal services under -# (string value) -#internal_service_availability_zone=internal - -# Default compute node availability_zone (string value) -#default_availability_zone=nova - - -# -# Options defined in nova.crypto -# - -# Filename of root CA (string value) -#ca_file=cacert.pem - -# Filename of private key (string value) -#key_file=private/cakey.pem - -# Filename of root Certificate Revocation List (string value) -#crl_file=crl.pem - -# Where we keep our keys (string value) -#keys_path=$state_path/keys - -# Where we keep our root CA (string value) -#ca_path=$state_path/CA - -# Should we use a CA for each project? (boolean value) -#use_project_ca=false - -# Subject for certificate for users, %s for project, user, -# timestamp (string value) -#user_cert_subject=/C=US/ST=California/O=OpenStack/OU=NovaDev/CN=%.16s-%.16s-%s - -# Subject for certificate for projects, %s for project, -# timestamp (string value) -#project_cert_subject=/C=US/ST=California/O=OpenStack/OU=NovaDev/CN=project-ca-%.16s-%s - - -# -# Options defined in nova.exception -# - -# Make exception message format errors fatal (boolean value) -#fatal_exception_format_errors=false - - -# -# Options defined in nova.netconf -# - -# IP address of this host (string value) -my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Block storage IP address of this host (string value) -#my_block_storage_ip=$my_ip - -# Name of this node. This can be an opaque identifier. It is -# not necessarily a hostname, FQDN, or IP address. However, -# the node name must be valid within an AMQP key, and if using -# ZeroMQ, a valid hostname, FQDN, or IP address (string value) -#host=nova - -# Use IPv6 (boolean value) -#use_ipv6=false - - -# -# Options defined in nova.notifications -# - -# If set, send compute.instance.update notifications on -# instance state changes. Valid values are None for no -# notifications, "vm_state" for notifications on VM state -# changes, or "vm_and_task_state" for notifications on VM and -# task state changes. (string value) -notify_on_state_change=vm_and_task_state - -# If set, send api.fault notifications on caught exceptions in -# the API service. (boolean value) -#notify_api_faults=false - -# Default notification level for outgoing notifications -# (string value) -#default_notification_level=INFO - -# Default publisher_id for outgoing notifications (string -# value) -#default_publisher_id=<None> - - -# -# Options defined in nova.paths -# - -# Directory where the nova python module is installed (string -# value) -#pybasedir=/usr/lib/python/site-packages - -# Directory where nova binaries are installed (string value) -#bindir=/usr/local/bin - -# Top-level directory for maintaining nova's state (string -# value) -state_path=/var/lib/nova - - -# -# Options defined in nova.quota -# - -# Number of instances allowed per project (integer value) -#quota_instances=10 - -# Number of instance cores allowed per project (integer value) -#quota_cores=20 - -# Megabytes of instance RAM allowed per project (integer -# value) -#quota_ram=51200 - -# Number of floating IPs allowed per project (integer value) -#quota_floating_ips=10 - -# Number of fixed IPs allowed per project (this should be at -# least the number of instances allowed) (integer value) -#quota_fixed_ips=-1 - -# Number of metadata items allowed per instance (integer -# value) -#quota_metadata_items=128 - -# Number of injected files allowed (integer value) -#quota_injected_files=5 - -# Number of bytes allowed per injected file (integer value) -#quota_injected_file_content_bytes=10240 - -# Length of injected file path (integer value) -#quota_injected_file_path_length=255 - -# Number of security groups per project (integer value) -#quota_security_groups=10 - -# Number of security rules per security group (integer value) -#quota_security_group_rules=20 - -# Number of key pairs per user (integer value) -#quota_key_pairs=100 - -# Number of server groups per project (integer value) -#quota_server_groups=10 - -# Number of servers per server group (integer value) -#quota_server_group_members=10 - -# Number of seconds until a reservation expires (integer -# value) -#reservation_expire=86400 - -# Count of reservations until usage is refreshed. This -# defaults to 0(off) to avoid additional load but it is useful -# to turn on to help keep quota usage up to date and reduce -# the impact of out of sync usage issues. (integer value) -#until_refresh=0 - -# Number of seconds between subsequent usage refreshes. This -# defaults to 0(off) to avoid additional load but it is useful -# to turn on to help keep quota usage up to date and reduce -# the impact of out of sync usage issues. Note that quotas are -# not updated on a periodic task, they will update on a new -# reservation if max_age has passed since the last reservation -# (integer value) -#max_age=0 - -# Default driver to use for quota checks (string value) -#quota_driver=nova.quota.DbQuotaDriver - - -# -# Options defined in nova.service -# - -# Seconds between nodes reporting state to datastore (integer -# value) -#report_interval=10 - -# Enable periodic tasks (boolean value) -#periodic_enable=true - -# Range of seconds to randomly delay when starting the -# periodic task scheduler to reduce stampeding. (Disable by -# setting to 0) (integer value) -#periodic_fuzzy_delay=60 - -# A list of APIs to enable by default (list value) -enabled_apis=ec2,osapi_compute,metadata - -# A list of APIs with enabled SSL (list value) -#enabled_ssl_apis= - -# The IP address on which the EC2 API will listen. (string -# value) -#ec2_listen=0.0.0.0 - -# The port on which the EC2 API will listen. (integer value) -#ec2_listen_port=8773 - -# Number of workers for EC2 API service. The default will be -# equal to the number of CPUs available. (integer value) -#ec2_workers=<None> - -# The IP address on which the OpenStack API will listen. -# (string value) -#osapi_compute_listen=0.0.0.0 - -# The port on which the OpenStack API will listen. (integer -# value) -#osapi_compute_listen_port=8774 - -# Number of workers for OpenStack API service. The default -# will be the number of CPUs available. (integer value) -#osapi_compute_workers=<None> - -# OpenStack metadata service manager (string value) -#metadata_manager=nova.api.manager.MetadataManager - -# The IP address on which the metadata API will listen. -# (string value) -#metadata_listen=0.0.0.0 - -# The port on which the metadata API will listen. (integer -# value) -#metadata_listen_port=8775 - -# Number of workers for metadata service. The default will be -# the number of CPUs available. (integer value) -#metadata_workers=<None> - -# Full class name for the Manager for compute (string value) -compute_manager={{ COMPUTE_MANAGER }} - -# Full class name for the Manager for console proxy (string -# value) -#console_manager=nova.console.manager.ConsoleProxyManager - -# Manager for console auth (string value) -#consoleauth_manager=nova.consoleauth.manager.ConsoleAuthManager - -# Full class name for the Manager for cert (string value) -#cert_manager=nova.cert.manager.CertManager - -# Full class name for the Manager for network (string value) -#network_manager=nova.network.manager.VlanManager - -# Full class name for the Manager for scheduler (string value) -#scheduler_manager=nova.scheduler.manager.SchedulerManager - -# Maximum time since last check-in for up service (integer -# value) -#service_down_time=60 - - -# -# Options defined in nova.utils -# - -# Whether to log monkey patching (boolean value) -#monkey_patch=false - -# List of modules/decorators to monkey patch (list value) -#monkey_patch_modules=nova.api.ec2.cloud:nova.notifications.notify_decorator,nova.compute.api:nova.notifications.notify_decorator - -# Length of generated instance admin passwords (integer value) -#password_length=12 - -# Time period to generate instance usages for. Time period -# must be hour, day, month or year (string value) -instance_usage_audit_period=hour - -# Path to the rootwrap configuration file to use for running -# commands as root (string value) -rootwrap_config=/etc/nova/rootwrap.conf - -# Explicitly specify the temporary working directory (string -# value) -#tempdir=<None> - - -# -# Options defined in nova.wsgi -# - -# File name for the paste.deploy config for nova-api (string -# value) -api_paste_config=api-paste.ini - -# A python format string that is used as the template to -# generate log lines. The following values can be formatted -# into it: client_ip, date_time, request_line, status_code, -# body_length, wall_seconds. (string value) -#wsgi_log_format=%(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f - -# CA certificate file to use to verify connecting clients -# (string value) -#ssl_ca_file=<None> - -# SSL certificate of API server (string value) -#ssl_cert_file=<None> - -# SSL private key of API server (string value) -#ssl_key_file=<None> - -# Sets the value of TCP_KEEPIDLE in seconds for each server -# socket. Not supported on OS X. (integer value) -#tcp_keepidle=600 - -# Size of the pool of greenthreads used by wsgi (integer -# value) -#wsgi_default_pool_size=1000 - -# Maximum line size of message headers to be accepted. -# max_header_line may need to be increased when using large -# tokens (typically those generated by the Keystone v3 API -# with big service catalogs). (integer value) -#max_header_line=16384 - -# If False, closes the client socket connection explicitly. -# (boolean value) -#wsgi_keep_alive=true - -# Timeout for client connections' socket operations. If an -# incoming connection is idle for this number of seconds it -# will be closed. A value of '0' means wait forever. (integer -# value) -#client_socket_timeout=900 - - -# -# Options defined in nova.api.auth -# - -# Whether to use per-user rate limiting for the api. This -# option is only used by v2 api. Rate limiting is removed from -# v3 api. (boolean value) -#api_rate_limit=false - -# The strategy to use for auth: keystone, noauth -# (deprecated), or noauth2. Both noauth and noauth2 are -# designed for testing only, as they do no actual credential -# checking. noauth provides administrative credentials -# regardless of the passed in user, noauth2 only does if -# 'admin' is specified as the username. (string value) -auth_strategy=keystone - -# Treat X-Forwarded-For as the canonical remote address. Only -# enable this if you have a sanitizing proxy. (boolean value) -#use_forwarded_for=false - - -# -# Options defined in nova.api.ec2 -# - -# Number of failed auths before lockout. (integer value) -#lockout_attempts=5 - -# Number of minutes to lockout if triggered. (integer value) -#lockout_minutes=15 - -# Number of minutes for lockout window. (integer value) -#lockout_window=15 - -# URL to get token from ec2 request. (string value) -#keystone_ec2_url=http://localhost:5000/v2.0/ec2tokens - -# Return the IP address as private dns hostname in describe -# instances (boolean value) -#ec2_private_dns_show_ip=false - -# Validate security group names according to EC2 specification -# (boolean value) -#ec2_strict_validation=true - -# Time in seconds before ec2 timestamp expires (integer value) -#ec2_timestamp_expiry=300 - -# Disable SSL certificate verification. (boolean value) -#keystone_ec2_insecure=false - - -# -# Options defined in nova.api.ec2.cloud -# - -# The IP address of the EC2 API server (string value) -#ec2_host=$my_ip - -# The internal IP address of the EC2 API server (string value) -#ec2_dmz_host=$my_ip - -# The port of the EC2 API server (integer value) -#ec2_port=8773 - -# The protocol to use when connecting to the EC2 API server -# (http, https) (string value) -#ec2_scheme=http - -# The path prefix used to call the ec2 API server (string -# value) -#ec2_path=/ - -# List of region=fqdn pairs separated by commas (list value) -#region_list= - - -# -# Options defined in nova.api.metadata.base -# - -# List of metadata versions to skip placing into the config -# drive (string value) -#config_drive_skip_versions=1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 - -# Driver to use for vendor data (string value) -#vendordata_driver=nova.api.metadata.vendordata_json.JsonFileVendorData - - -# -# Options defined in nova.api.metadata.handler -# - -# Time in seconds to cache metadata; 0 to disable metadata -# caching entirely (not recommended). Increasingthis should -# improve response times of the metadata API when under heavy -# load. Higher values may increase memoryusage and result in -# longer times for host metadata changes to take effect. -# (integer value) -#metadata_cache_expiration=15 - - -# -# Options defined in nova.api.metadata.vendordata_json -# - -# File to load JSON formatted vendor data from (string value) -#vendordata_jsonfile_path=<None> - - -# -# Options defined in nova.api.openstack.common -# - -# The maximum number of items returned in a single response -# from a collection resource (integer value) -#osapi_max_limit=1000 - -# Base URL that will be presented to users in links to the -# OpenStack Compute API (string value) -#osapi_compute_link_prefix=<None> - -# Base URL that will be presented to users in links to glance -# resources (string value) -#osapi_glance_link_prefix=<None> - - -# -# Options defined in nova.api.openstack.compute -# - -# Permit instance snapshot operations. (boolean value) -#allow_instance_snapshots=true - - -# -# Options defined in nova.api.openstack.compute.contrib -# - -# Specify list of extensions to load when using -# osapi_compute_extension option with -# nova.api.openstack.compute.contrib.select_extensions (list -# value) -#osapi_compute_ext_list= - - -# -# Options defined in nova.api.openstack.compute.contrib.fping -# - -# Full path to fping. (string value) -#fping_path=/usr/sbin/fping - - -# -# Options defined in nova.api.openstack.compute.contrib.os_tenant_networks -# - -# Enables or disables quota checking for tenant networks -# (boolean value) -#enable_network_quota=false - -# Control for checking for default networks (string value) -#use_neutron_default_nets=False - -# Default tenant id when creating neutron networks (string -# value) -#neutron_default_tenant_id=default - -# Number of private networks allowed per project (integer -# value) -#quota_networks=3 - - -# -# Options defined in nova.api.openstack.compute.extensions -# - -# osapi compute extension to load (multi valued) -osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions - - -# -# Options defined in nova.api.openstack.compute.plugins.v3.hide_server_addresses -# - -# List of instance states that should hide network info (list -# value) -#osapi_hide_server_address_states=building - - -# -# Options defined in nova.api.openstack.compute.servers -# - -# Enables returning of the instance password by the relevant -# server API calls such as create, rebuild or rescue, If the -# hypervisor does not support password injection then the -# password returned will not be correct (boolean value) -#enable_instance_password=true - - -# -# Options defined in nova.cert.rpcapi -# - -# The topic cert nodes listen on (string value) -#cert_topic=cert - - -# -# Options defined in nova.cloudpipe.pipelib -# - -# Image ID used when starting up a cloudpipe vpn server -# (string value) -#vpn_image_id=0 - -# Flavor for vpn instances (string value) -#vpn_flavor=m1.tiny - -# Template for cloudpipe instance boot script (string value) -#boot_script_template=$pybasedir/nova/cloudpipe/bootscript.template - -# Network to push into openvpn config (string value) -#dmz_net=10.0.0.0 - -# Netmask to push into openvpn config (string value) -#dmz_mask=255.255.255.0 - -# Suffix to add to project name for vpn key and secgroups -# (string value) -#vpn_key_suffix=-vpn - - -# -# Options defined in nova.cmd.novnc -# - -# Record sessions to FILE.[session_number] (boolean value) -#record=false - -# Become a daemon (background process) (boolean value) -#daemon=false - -# Disallow non-encrypted connections (boolean value) -#ssl_only=false - -# Source is ipv6 (boolean value) -#source_is_ipv6=false - -# SSL certificate file (string value) -#cert=self.pem - -# SSL key file (if separate from cert) (string value) -#key=<None> - -# Run webserver on same port. Serve files from DIR. (string -# value) -#web=/usr/share/spice-html5 - - -# -# Options defined in nova.cmd.novncproxy -# - -# Host on which to listen for incoming requests (string value) -#novncproxy_host=0.0.0.0 - -# Port on which to listen for incoming requests (integer -# value) -#novncproxy_port=6080 - - -# -# Options defined in nova.compute.api -# - -# Allow destination machine to match source for resize. Useful -# when testing in single-host environments. (boolean value) -#allow_resize_to_same_host=false - -# Allow migrate machine to the same host. Useful when testing -# in single-host environments. (boolean value) -#allow_migrate_to_same_host=false - -# Availability zone to use when user doesn't specify one -# (string value) -#default_schedule_zone=<None> - -# These are image properties which a snapshot should not -# inherit from an instance (list value) -#non_inheritable_image_properties=cache_in_nova,bittorrent - -# Kernel image that indicates not to use a kernel, but to use -# a raw disk image instead (string value) -#null_kernel=nokernel - -# When creating multiple instances with a single request using -# the os-multiple-create API extension, this template will be -# used to build the display name for each instance. The -# benefit is that the instances end up with different -# hostnames. To restore legacy behavior of every instance -# having the same name, set this option to "%(name)s". Valid -# keys for the template are: name, uuid, count. (string value) -#multi_instance_display_name_template=%(name)s-%(count)d - -# Maximum number of devices that will result in a local image -# being created on the hypervisor node. Setting this to 0 -# means nova will allow only boot from volume. A negative -# number means unlimited. (integer value) -#max_local_block_devices=3 - - -# -# Options defined in nova.compute.flavors -# - -# Default flavor to use for the EC2 API only. The Nova API -# does not support a default flavor. (string value) -#default_flavor=m1.small - - -# -# Options defined in nova.compute.manager -# - -# Console proxy host to use to connect to instances on this -# host. (string value) -#console_host=nova - -# Name of network to use to set access IPs for instances -# (string value) -#default_access_ip_network_name=<None> - -# Whether to batch up the application of IPTables rules during -# a host restart and apply all at the end of the init phase -# (boolean value) -#defer_iptables_apply=false - -# Where instances are stored on disk (string value) -#instances_path=$state_path/instances - -# Generate periodic compute.instance.exists notifications -# (boolean value) -instance_usage_audit= True - -# Number of 1 second retries needed in live_migration (integer -# value) -#live_migration_retry_count=30 - -# Whether to start guests that were running before the host -# rebooted (boolean value) -#resume_guests_state_on_host_boot=false - -# Number of times to retry network allocation on failures -# (integer value) -#network_allocate_retries=0 - -# Maximum number of instance builds to run concurrently -# (integer value) -#max_concurrent_builds=10 - -# Number of times to retry block device allocation on failures -# (integer value) -#block_device_allocate_retries=60 - -# The number of times to attempt to reap an instance's files. -# (integer value) -#maximum_instance_delete_attempts=5 - -# Interval to pull network bandwidth usage info. Not supported -# on all hypervisors. Set to -1 to disable. Setting this to 0 -# will run at the default rate. (integer value) -#bandwidth_poll_interval=600 - -# Interval to sync power states between the database and the -# hypervisor. Set to -1 to disable. Setting this to 0 will run -# at the default rate. (integer value) -#sync_power_state_interval=600 - -# Number of seconds between instance network information cache -# updates (integer value) -#heal_instance_info_cache_interval=60 - -# Interval in seconds for reclaiming deleted instances -# (integer value) -#reclaim_instance_interval=0 - -# Interval in seconds for gathering volume usages (integer -# value) -#volume_usage_poll_interval=0 - -# Interval in seconds for polling shelved instances to -# offload. Set to -1 to disable.Setting this to 0 will run at -# the default rate. (integer value) -#shelved_poll_interval=3600 - -# Time in seconds before a shelved instance is eligible for -# removing from a host. -1 never offload, 0 offload when -# shelved (integer value) -#shelved_offload_time=0 - -# Interval in seconds for retrying failed instance file -# deletes. Set to -1 to disable. Setting this to 0 will run at -# the default rate. (integer value) -#instance_delete_interval=300 - -# Waiting time interval (seconds) between block device -# allocation retries on failures (integer value) -#block_device_allocate_retries_interval=3 - -# Waiting time interval (seconds) between sending the -# scheduler a list of current instance UUIDs to verify that -# its view of instances is in sync with nova. If the CONF -# option `scheduler_tracks_instance_changes` is False, -# changing this option will have no effect. (integer value) -#scheduler_instance_sync_interval=120 - -# Action to take if a running deleted instance is detected. -# Valid options are 'noop', 'log', 'shutdown', or 'reap'. Set -# to 'noop' to take no action. (string value) -#running_deleted_instance_action=reap - -# Number of seconds to wait between runs of the cleanup task. -# (integer value) -#running_deleted_instance_poll_interval=1800 - -# Number of seconds after being deleted when a running -# instance should be considered eligible for cleanup. (integer -# value) -#running_deleted_instance_timeout=0 - -# Automatically hard reboot an instance if it has been stuck -# in a rebooting state longer than N seconds. Set to 0 to -# disable. (integer value) -#reboot_timeout=0 - -# Amount of time in seconds an instance can be in BUILD before -# going into ERROR status. Set to 0 to disable. (integer -# value) -#instance_build_timeout=0 - -# Automatically unrescue an instance after N seconds. Set to 0 -# to disable. (integer value) -#rescue_timeout=0 - -# Automatically confirm resizes after N seconds. Set to 0 to -# disable. (integer value) -#resize_confirm_window=0 - -# Total amount of time to wait in seconds for an instance to -# perform a clean shutdown. (integer value) -#shutdown_timeout=60 - - -# -# Options defined in nova.compute.monitors -# - -# Monitor classes available to the compute which may be -# specified more than once. (multi valued) -#compute_available_monitors=nova.compute.monitors.all_monitors - -# A list of monitors that can be used for getting compute -# metrics. (list value) -#compute_monitors= - - -# -# Options defined in nova.compute.resource_tracker -# - -# Amount of disk in MB to reserve for the host (integer value) -#reserved_host_disk_mb=0 - -# Amount of memory in MB to reserve for the host (integer -# value) -reserved_host_memory_mb={{ RESERVED_HOST_MEMORY_MB }} - -# Class that will manage stats for the local compute host -# (string value) -#compute_stats_class=nova.compute.stats.Stats - -# The names of the extra resources to track. (list value) -#compute_resources=vcpu - - -# -# Options defined in nova.compute.rpcapi -# - -# The topic compute nodes listen on (string value) -#compute_topic=compute - - -# -# Options defined in nova.conductor.tasks.live_migrate -# - -# Number of times to retry live-migration before failing. If -# == -1, try until out of hosts. If == 0, only try once, no -# retries. (integer value) -#migrate_max_retries=-1 - - -# -# Options defined in nova.console.manager -# - -# Driver to use for the console proxy (string value) -#console_driver=nova.console.xvp.XVPConsoleProxy - -# Stub calls to compute worker for tests (boolean value) -#stub_compute=false - -# Publicly visible name for this console host (string value) -#console_public_hostname=nova - - -# -# Options defined in nova.console.rpcapi -# - -# The topic console proxy nodes listen on (string value) -#console_topic=console - - -# -# Options defined in nova.console.xvp -# - -# XVP conf template (string value) -#console_xvp_conf_template=$pybasedir/nova/console/xvp.conf.template - -# Generated XVP conf file (string value) -#console_xvp_conf=/etc/xvp.conf - -# XVP master process pid file (string value) -#console_xvp_pid=/var/run/xvp.pid - -# XVP log file (string value) -#console_xvp_log=/var/log/xvp.log - -# Port for XVP to multiplex VNC connections on (integer value) -#console_xvp_multiplex_port=5900 - - -# -# Options defined in nova.consoleauth -# - -# The topic console auth proxy nodes listen on (string value) -#consoleauth_topic=consoleauth - - -# -# Options defined in nova.consoleauth.manager -# - -# How many seconds before deleting tokens (integer value) -#console_token_ttl=600 - - -# -# Options defined in nova.db.api -# - -# Services to be added to the available pool on create -# (boolean value) -#enable_new_services=true - -# Template string to be used to generate instance names -# (string value) -instance_name_template=instance-%08x - -# Template string to be used to generate snapshot names -# (string value) -snapshot_name_template=snapshot-%s - - -# -# Options defined in nova.db.base -# - -# The driver to use for database access (string value) -#db_driver=nova.db - - -# -# Options defined in nova.db.sqlalchemy.api -# - -# When set, compute API will consider duplicate hostnames -# invalid within the specified scope, regardless of case. -# Should be empty, "project" or "global". (string value) -#osapi_compute_unique_server_name_scope= - - -# -# Options defined in nova.image.s3 -# - -# Parent directory for tempdir used for image decryption -# (string value) -#image_decryption_dir=/tmp - -# Hostname or IP for OpenStack to use when accessing the S3 -# api (string value) -#s3_host=$my_ip - -# Port used when accessing the S3 api (integer value) -#s3_port=3333 - -# Access key to use for S3 server for images (string value) -#s3_access_key=notchecked - -# Secret key to use for S3 server for images (string value) -#s3_secret_key=notchecked - -# Whether to use SSL when talking to S3 (boolean value) -#s3_use_ssl=false - -# Whether to affix the tenant id to the access key when -# downloading from S3 (boolean value) -#s3_affix_tenant=false - - -# -# Options defined in nova.ipv6.api -# - -# Backend to use for IPv6 generation (string value) -#ipv6_backend=rfc2462 - - -# -# Options defined in nova.network -# - -# The full class name of the network API class to use (string -# value) -network_api_class=nova.network.neutronv2.api.API - - -# -# Options defined in nova.network.driver -# - -# Driver to use for network creation (string value) -#network_driver=nova.network.linux_net - - -# -# Options defined in nova.network.floating_ips -# - -# Default pool for floating IPs (string value) -#default_floating_pool=nova - -# Autoassigning floating IP to VM (boolean value) -#auto_assign_floating_ip=false - -# Full class name for the DNS Manager for floating IPs (string -# value) -#floating_ip_dns_manager=nova.network.noop_dns_driver.NoopDNSDriver - -# Full class name for the DNS Manager for instance IPs (string -# value) -#instance_dns_manager=nova.network.noop_dns_driver.NoopDNSDriver - -# Full class name for the DNS Zone for instance IPs (string -# value) -#instance_dns_domain= - - -# -# Options defined in nova.network.ldapdns -# - -# URL for LDAP server which will store DNS entries (string -# value) -#ldap_dns_url=ldap://ldap.example.com:389 - -# User for LDAP DNS (string value) -#ldap_dns_user=uid=admin,ou=people,dc=example,dc=org - -# Password for LDAP DNS (string value) -#ldap_dns_password=password - -# Hostmaster for LDAP DNS driver Statement of Authority -# (string value) -#ldap_dns_soa_hostmaster=hostmaster@example.org - -# DNS Servers for LDAP DNS driver (multi valued) -#ldap_dns_servers=dns.example.org - -# Base DN for DNS entries in LDAP (string value) -#ldap_dns_base_dn=ou=hosts,dc=example,dc=org - -# Refresh interval (in seconds) for LDAP DNS driver Statement -# of Authority (string value) -#ldap_dns_soa_refresh=1800 - -# Retry interval (in seconds) for LDAP DNS driver Statement of -# Authority (string value) -#ldap_dns_soa_retry=3600 - -# Expiry interval (in seconds) for LDAP DNS driver Statement -# of Authority (string value) -#ldap_dns_soa_expiry=86400 - -# Minimum interval (in seconds) for LDAP DNS driver Statement -# of Authority (string value) -#ldap_dns_soa_minimum=7200 - - -# -# Options defined in nova.network.linux_net -# - -# Location of flagfiles for dhcpbridge (multi valued) -#dhcpbridge_flagfile=/etc/nova/nova-dhcpbridge.conf - -# Location to keep network config files (string value) -#networks_path=$state_path/networks - -# Interface for public IP addresses (string value) -#public_interface=eth0 - -# Location of nova-dhcpbridge (string value) -#dhcpbridge=$bindir/nova-dhcpbridge - -# Public IP of network host (string value) -#routing_source_ip=$my_ip - -# Lifetime of a DHCP lease in seconds (integer value) -#dhcp_lease_time=86400 - -# If set, uses specific DNS server for dnsmasq. Can be -# specified multiple times. (multi valued) -#dns_server= - -# If set, uses the dns1 and dns2 from the network ref. as dns -# servers. (boolean value) -#use_network_dns_servers=false - -# A list of dmz ranges that should be accepted (list value) -#dmz_cidr= - -# Traffic to this range will always be snatted to the fallback -# ip, even if it would normally be bridged out of the node. -# Can be specified multiple times. (multi valued) -#force_snat_range= - -# Override the default dnsmasq settings with this file (string -# value) -#dnsmasq_config_file= - -# Driver used to create ethernet devices. (string value) -linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver - -# Name of Open vSwitch bridge used with linuxnet (string -# value) -#linuxnet_ovs_integration_bridge=br-int - -# Send gratuitous ARPs for HA setup (boolean value) -#send_arp_for_ha=false - -# Send this many gratuitous ARPs for HA setup (integer value) -#send_arp_for_ha_count=3 - -# Use single default gateway. Only first nic of vm will get -# default gateway from dhcp server (boolean value) -#use_single_default_gateway=false - -# An interface that bridges can forward to. If this is set to -# all then all traffic will be forwarded. Can be specified -# multiple times. (multi valued) -#forward_bridge_interface=all - -# The IP address for the metadata API server (string value) -#metadata_host=$my_ip - -# The port for the metadata API port (integer value) -#metadata_port=8775 - -# Regular expression to match the iptables rule that should -# always be on the top. (string value) -#iptables_top_regex= - -# Regular expression to match the iptables rule that should -# always be on the bottom. (string value) -#iptables_bottom_regex= - -# The table that iptables to jump to when a packet is to be -# dropped. (string value) -#iptables_drop_action=DROP - -# Amount of time, in seconds, that ovs_vsctl should wait for a -# response from the database. 0 is to wait forever. (integer -# value) -#ovs_vsctl_timeout=120 - -# If passed, use fake network devices and addresses (boolean -# value) -#fake_network=false - -# Number of times to retry ebtables commands on failure. -# (integer value) -#ebtables_exec_attempts=3 - -# Number of seconds to wait between ebtables retries. -# (floating point value) -#ebtables_retry_interval=1.0 - - -# -# Options defined in nova.network.manager -# - -# Bridge for simple network instances (string value) -#flat_network_bridge=<None> - -# DNS server for simple network (string value) -#flat_network_dns=8.8.4.4 - -# Whether to attempt to inject network setup into guest -# (boolean value) -#flat_injected=false - -# FlatDhcp will bridge into this interface if set (string -# value) -#flat_interface=<None> - -# First VLAN for private networks (integer value) -#vlan_start=100 - -# VLANs will bridge into this interface if set (string value) -#vlan_interface=<None> - -# Number of networks to support (integer value) -#num_networks=1 - -# Public IP for the cloudpipe VPN servers (string value) -#vpn_ip=$my_ip - -# First Vpn port for private networks (integer value) -#vpn_start=1000 - -# Number of addresses in each private subnet (integer value) -#network_size=256 - -# Fixed IPv6 address block (string value) -#fixed_range_v6=fd00::/48 - -# Default IPv4 gateway (string value) -#gateway=<None> - -# Default IPv6 gateway (string value) -#gateway_v6=<None> - -# Number of addresses reserved for vpn clients (integer value) -#cnt_vpn_clients=0 - -# Seconds after which a deallocated IP is disassociated -# (integer value) -#fixed_ip_disassociate_timeout=600 - -# Number of attempts to create unique mac address (integer -# value) -#create_unique_mac_address_attempts=5 - -# If True, skip using the queue and make local calls (boolean -# value) -#fake_call=false - -# If True, unused gateway devices (VLAN and bridge) are -# deleted in VLAN network mode with multi hosted networks -# (boolean value) -#teardown_unused_network_gateway=false - -# If True, send a dhcp release on instance termination -# (boolean value) -#force_dhcp_release=true - -# If True, when a DNS entry must be updated, it sends a fanout -# cast to all network hosts to update their DNS entries in -# multi host mode (boolean value) -#update_dns_entries=false - -# Number of seconds to wait between runs of updates to DNS -# entries. (integer value) -#dns_update_periodic_interval=-1 - -# Domain to use for building the hostnames (string value) -#dhcp_domain=novalocal - -# Indicates underlying L3 management library (string value) -#l3_lib=nova.network.l3.LinuxNetL3 - - -# -# Options defined in nova.network.rpcapi -# - -# The topic network nodes listen on (string value) -#network_topic=network - -# Default value for multi_host in networks. Also, if set, some -# rpc network calls will be sent directly to host. (boolean -# value) -#multi_host=false - - -# -# Options defined in nova.network.security_group.openstack_driver -# - -# The full class name of the security API class (string value) -security_group_api=neutron - - -# -# Options defined in nova.objects.network -# - -# DEPRECATED: THIS VALUE SHOULD BE SET WHEN CREATING THE -# NETWORK. If True in multi_host mode, all compute hosts share -# the same dhcp address. The same IP address used for DHCP -# will be added on each nova-network node which is only -# visible to the vms on the same host. (boolean value) -#share_dhcp_address=false - -# DEPRECATED: THIS VALUE SHOULD BE SET WHEN CREATING THE -# NETWORK. MTU setting for network interface. (integer value) -#network_device_mtu=<None> - - -# -# Options defined in nova.objectstore.s3server -# - -# Path to S3 buckets (string value) -#buckets_path=$state_path/buckets - -# IP address for S3 API to listen (string value) -#s3_listen=0.0.0.0 - -# Port for S3 API to listen (integer value) -#s3_listen_port=3333 - - -# -# From oslo.log -# - -# Print debugging output (set logging level to DEBUG instead of default WARNING -# level). (boolean value) -#debug = false - -# Print more verbose output (set logging level to INFO instead of default -# WARNING level). (boolean value) -#verbose = false - -# The name of a logging configuration file. This file is appended to any -# existing logging configuration files. For details about logging configuration -# files, see the Python logging module documentation. (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = <None> - -# DEPRECATED. A logging.Formatter log message format string which may use any -# of the available logging.LogRecord attributes. This option is deprecated. -# Please use logging_context_format_string and logging_default_format_string -# instead. (string value) -#log_format = <None> - -# Format string for %%(asctime)s in log records. Default: %(default)s . (string -# value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is set, logging will -# go to stdout. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = <None> - -# (Optional) The base directory used for relative --log-file paths. (string -# value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = <None> - -# Use syslog for logging. Existing syslog format is DEPRECATED during I, and -# will change in J to honor RFC5424. (boolean value) -use_syslog = True - -# (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, -# prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The -# format without the APP-NAME is deprecated in I, and will be removed in J. -# (boolean value) -#use_syslog_rfc_format = false - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility = LOG_USER - -# Log output to standard error. (boolean value) -#use_stderr = true - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. (string value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -# The format for an instance that is passed with the log message. (string -# value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. (string -# value) -#instance_uuid_format = "[instance: %(uuid)s] " - - -# -# Options defined in nova.pci.request -# - -# An alias for a PCI passthrough device requirement. This -# allows users to specify the alias in the extra_spec for a -# flavor, without needing to repeat all the PCI property -# requirements. For example: pci_alias = { "name": -# "QuicAssist", "product_id": "0443", "vendor_id": "8086", -# "device_type": "ACCEL" } defines an alias for the Intel -# QuickAssist card. (multi valued) (multi valued) -#pci_alias= - - -# -# Options defined in nova.pci.whitelist -# - -# White list of PCI devices available to VMs. For example: -# pci_passthrough_whitelist = [{"vendor_id": "8086", -# "product_id": "0443"}] (multi valued) -#pci_passthrough_whitelist= - - -# -# Options defined in nova.scheduler.driver -# - -# The scheduler host manager class to use (string value) -scheduler_host_manager={{ SCHEDULER_HOST_MANAGER }} - - -# -# Options defined in nova.scheduler.filter_scheduler -# - -# New instances will be scheduled on a host chosen randomly -# from a subset of the N best hosts. This property defines the -# subset size that a host is chosen from. A value of 1 chooses -# the first host returned by the weighing functions. This -# value must be at least 1. Any value less than 1 will be -# ignored, and 1 will be used instead (integer value) -#scheduler_host_subset_size=1 - - -# -# Options defined in nova.scheduler.filters.aggregate_image_properties_isolation -# - -# Force the filter to consider only keys matching the given -# namespace. (string value) -#aggregate_image_properties_isolation_namespace=<None> - -# The separator used between the namespace and keys (string -# value) -#aggregate_image_properties_isolation_separator=. - - -# -# Options defined in nova.scheduler.filters.core_filter -# - -# Virtual CPU to physical CPU allocation ratio which affects -# all CPU filters. This configuration specifies a global ratio -# for CoreFilter. For AggregateCoreFilter, it will fall back -# to this configuration value if no per-aggregate setting -# found. (floating point value) -#cpu_allocation_ratio=16.0 - - -# -# Options defined in nova.scheduler.filters.disk_filter -# - -# Virtual disk to physical disk allocation ratio (floating -# point value) -#disk_allocation_ratio=1.0 - - -# -# Options defined in nova.scheduler.filters.io_ops_filter -# - -# Tells filters to ignore hosts that have this many or more -# instances currently in build, resize, snapshot, migrate, -# rescue or unshelve task states (integer value) -#max_io_ops_per_host=8 - - -# -# Options defined in nova.scheduler.filters.isolated_hosts_filter -# - -# Images to run on isolated host (list value) -#isolated_images= - -# Host reserved for specific images (list value) -#isolated_hosts= - -# Whether to force isolated hosts to run only isolated images -# (boolean value) -#restrict_isolated_hosts_to_isolated_images=true - - -# -# Options defined in nova.scheduler.filters.num_instances_filter -# - -# Ignore hosts that have too many instances (integer value) -#max_instances_per_host=50 - - -# -# Options defined in nova.scheduler.filters.ram_filter -# - -# Virtual ram to physical ram allocation ratio which affects -# all ram filters. This configuration specifies a global ratio -# for RamFilter. For AggregateRamFilter, it will fall back to -# this configuration value if no per-aggregate setting found. -# (floating point value) -ram_allocation_ratio={{ RAM_ALLOCATION_RATIO }} - - -# -# Options defined in nova.scheduler.host_manager -# - -# Filter classes available to the scheduler which may be -# specified more than once. An entry of -# "nova.scheduler.filters.all_filters" maps to all filters -# included with nova. (multi valued) -#scheduler_available_filters=nova.scheduler.filters.all_filters - -# Which filter class names to use for filtering hosts when not -# specified in the request. (list value) -scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter - -# Which weight class names to use for weighing hosts (list -# value) -#scheduler_weight_classes=nova.scheduler.weights.all_weighers - -# Determines if the Scheduler tracks changes to instances to -# help with its filtering decisions. (boolean value) -#scheduler_tracks_instance_changes=true - - -# -# Options defined in nova.scheduler.ironic_host_manager -# - -# Which filter class names to use for filtering baremetal -# hosts when not specified in the request. (list value) -#baremetal_scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ExactRamFilter,ExactDiskFilter,ExactCoreFilter - -# Flag to decide whether to use -# baremetal_scheduler_default_filters or not. (boolean value) -scheduler_use_baremetal_filters={{ SCHEDULER_USE_BAREMETAL_FILTERS }} - - -# -# Options defined in nova.scheduler.manager -# - -# Default driver to use for the scheduler (string value) -scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler - -# How often (in seconds) to run periodic tasks in the -# scheduler driver of your choice. Please note this is likely -# to interact with the value of service_down_time, but exactly -# how they interact will depend on your choice of scheduler -# driver. (integer value) -#scheduler_driver_task_period=60 - - -# -# Options defined in nova.scheduler.rpcapi -# - -# The topic scheduler nodes listen on (string value) -#scheduler_topic=scheduler - - -# -# Options defined in nova.scheduler.scheduler_options -# - -# Absolute path to scheduler configuration JSON file. (string -# value) -#scheduler_json_config_location= - - -# -# Options defined in nova.scheduler.utils -# - -# Maximum number of attempts to schedule an instance (integer -# value) -#scheduler_max_attempts=3 - - -# -# Options defined in nova.scheduler.weights.io_ops -# - -# Multiplier used for weighing host io ops. Negative numbers -# mean a preference to choose light workload compute hosts. -# (floating point value) -#io_ops_weight_multiplier=-1.0 - - -# -# Options defined in nova.scheduler.weights.ram -# - -# Multiplier used for weighing ram. Negative numbers mean to -# stack vs spread. (floating point value) -#ram_weight_multiplier=1.0 - - -# -# Options defined in nova.servicegroup.api -# - -# The driver for servicegroup service (valid options are: db, -# zk, mc) (string value) -#servicegroup_driver=db - - -# -# Options defined in nova.virt.configdrive -# - -# Config drive format. One of iso9660 (default) or vfat -# (string value) -#config_drive_format=iso9660 - -# Set to "always" to force injection to take place on a config -# drive. NOTE: The "always" will be deprecated in the Liberty -# release cycle. (string value) -#force_config_drive=<None> - -# Name and optionally path of the tool used for ISO image -# creation (string value) -#mkisofs_cmd=genisoimage - - -# -# Options defined in nova.virt.disk.api -# - -# Name of the mkfs commands for ephemeral device. The format -# is <os_type>=<mkfs command> (multi valued) -#virt_mkfs= - -# Attempt to resize the filesystem by accessing the image over -# a block device. This is done by the host and may not be -# necessary if the image contains a recent version of cloud- -# init. Possible mechanisms require the nbd driver (for qcow -# and raw), or loop (for raw). (boolean value) -#resize_fs_using_block_device=false - - -# -# Options defined in nova.virt.disk.mount.nbd -# - -# Amount of time, in seconds, to wait for NBD device start up. -# (integer value) -#timeout_nbd=10 - - -# -# Options defined in nova.virt.driver -# - -# Driver to use for controlling virtualization. Options -# include: libvirt.LibvirtDriver, xenapi.XenAPIDriver, -# fake.FakeDriver, baremetal.BareMetalDriver, -# vmwareapi.VMwareVCDriver, hyperv.HyperVDriver (string value) -compute_driver={{ COMPUTE_DRIVER }} - -# The default format an ephemeral_volume will be formatted -# with on creation. (string value) -#default_ephemeral_format=<None> - -# VM image preallocation mode: "none" => no storage -# provisioning is done up front, "space" => storage is fully -# allocated at instance start (string value) -#preallocate_images=none - -# Whether to use cow images (boolean value) -#use_cow_images=true - -# Fail instance boot if vif plugging fails (boolean value) -#vif_plugging_is_fatal=true - -# Number of seconds to wait for neutron vif plugging events to -# arrive before continuing or failing (see -# vif_plugging_is_fatal). If this is set to zero and -# vif_plugging_is_fatal is False, events should not be -# expected to arrive at all. (integer value) -#vif_plugging_timeout=300 - - -# -# Options defined in nova.virt.firewall -# - -# Firewall driver (defaults to hypervisor specific iptables -# driver) (string value) -firewall_driver=nova.virt.firewall.NoopFirewallDriver - -# Whether to allow network traffic from same network (boolean -# value) -#allow_same_net_traffic=true - - -# -# Options defined in nova.virt.hardware -# - -# Defines which pcpus that instance vcpus can use. For -# example, "4-12,^8,15" (string value) -#vcpu_pin_set=<None> - - -# -# Options defined in nova.virt.imagecache -# - -# Number of seconds to wait between runs of the image cache -# manager. Set to -1 to disable. Setting this to 0 will run at -# the default rate. (integer value) -#image_cache_manager_interval=2400 - -# Where cached images are stored under $instances_path. This -# is NOT the full path - just a folder name. For per-compute- -# host cached images, set to _base_$my_ip (string value) -#image_cache_subdirectory_name=_base - -# Should unused base images be removed? (boolean value) -#remove_unused_base_images=true - -# Unused unresized base images younger than this will not be -# removed (integer value) -#remove_unused_original_minimum_age_seconds=86400 - - -# -# Options defined in nova.virt.images -# - -# Force backing images to raw format (boolean value) -#force_raw_images=true - - -# -# Options defined in nova.virt.netutils -# - -# Template file for injected network (string value) -#injected_network_template=$pybasedir/nova/virt/interfaces.template - - -# -# Options defined in nova.vnc -# - -# Location of VNC console proxy, in the form -# "http://127.0.0.1:6080/vnc_auto.html" (string value) -novncproxy_base_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6080/vnc_auto.html - -# Location of nova xvp VNC console proxy, in the form -# "http://127.0.0.1:6081/console" (string value) -#xvpvncproxy_base_url=http://127.0.0.1:6081/console - -# IP address on which instance vncservers should listen -# (string value) -vncserver_listen=0.0.0.0 - -# The address to which proxy clients (like nova-xvpvncproxy) -# should connect (string value) -vncserver_proxyclient_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Enable VNC related features (boolean value) -vnc_enabled=true - -# Keymap for VNC (string value) -vnc_keymap=en-us - - -# -# Options defined in nova.vnc.xvp_proxy -# - -# Port that the XCP VNC proxy should bind to (integer value) -#xvpvncproxy_port=6081 - -# Address that the XCP VNC proxy should bind to (string value) -#xvpvncproxy_host=0.0.0.0 - - -# -# Options defined in nova.volume -# - -# The full class name of the volume API class to use (string -# value) -#volume_api_class=nova.volume.cinder.API - - -# -# Options defined in nova.openstack.common.eventlet_backdoor -# - -# Enable eventlet backdoor. Acceptable values are 0, <port>, -# and <start>:<end>, where 0 results in listening on a random -# tcp port number; <port> results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and <start>:<end> results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port=<None> - - -# -# Options defined in nova.openstack.common.memorycache -# - -# Memcached servers or None for in process cache. (list value) -#memcached_servers=<None> - - -# -# Options defined in nova.openstack.common.periodic_task -# - -# Some periodic tasks can be run in a separate process. Should -# we run them here? (boolean value) -#run_external_periodic_tasks=true - - -# -# Options defined in nova.openstack.common.policy -# - -# The JSON file that defines policies. (string value) -#policy_file=policy.json - -# Default rule. Enforced when a requested rule is not found. -# (string value) -#policy_default_rule=default - -# Directories where policy configuration files are stored. -# They can be relative to any directory in the search path -# defined by the config_dir option, or absolute paths. The -# file defined by policy_file must exist for these directories -# to be searched. Missing or empty directories are ignored. -# (multi valued) -#policy_dirs=policy.d - - -# -# Options defined in nova.openstack.common.versionutils -# - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - - -[api_database] - -# -# Options defined in nova.db.sqlalchemy.api -# - -# The SQLAlchemy connection string to use to connect to the -# Nova API database. (string value) -#connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova - -# If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous=true - -# Timeout before idle SQL connections are reaped. (integer -# value) -#idle_timeout=3600 - -# Maximum number of SQL connections to keep open in a pool. -# (integer value) -#max_pool_size=<None> - -# Maximum number of database connection retries during -# startup. Set to -1 to specify an infinite retry count. -# (integer value) -#max_retries=10 - -# Interval between retries of opening a SQL connection. -# (integer value) -#retry_interval=10 - -# If set, use this value for max_overflow with SQLAlchemy. -# (integer value) -#max_overflow=<None> - -# Verbosity of SQL debugging information: 0=None, -# 100=Everything. (integer value) -#connection_debug=0 - -# Add Python stack traces to SQL as comment strings. (boolean -# value) -#connection_trace=false - -# If set, use this value for pool_timeout with SQLAlchemy. -# (integer value) -#pool_timeout=<None> - - -[barbican] - -# -# Options defined in nova.keymgr.barbican -# - -# Info to match when looking for barbican in the service -# catalog. Format is: separated values of the form: -# <service_type>:<service_name>:<endpoint_type> (string value) -#catalog_info=key-manager:barbican:public - -# Override service catalog lookup with template for barbican -# endpoint e.g. http://localhost:9311/v1/%(project_id)s -# (string value) -#endpoint_template=<None> - -# Region name of this node (string value) -#os_region_name=<None> - - -# -# Options defined in nova.volume.cinder -# - -# Region name of this node (string value) -#os_region_name=<None> - - -[cells] - -# -# Options defined in nova.cells.manager -# - -# Cells communication driver to use (string value) -#driver=nova.cells.rpc_driver.CellsRPCDriver - -# Number of seconds after an instance was updated or deleted -# to continue to update cells (integer value) -#instance_updated_at_threshold=3600 - -# Number of instances to update per periodic task run (integer -# value) -#instance_update_num_instances=1 - - -# -# Options defined in nova.cells.messaging -# - -# Maximum number of hops for cells routing. (integer value) -#max_hop_count=10 - -# Cells scheduler to use (string value) -#scheduler=nova.cells.scheduler.CellsScheduler - - -# -# Options defined in nova.cells.opts -# - -# Enable cell functionality (boolean value) -#enable=false - -# The topic cells nodes listen on (string value) -#topic=cells - -# Manager for cells (string value) -#manager=nova.cells.manager.CellsManager - -# Name of this cell (string value) -#name=nova - -# Key/Multi-value list with the capabilities of the cell (list -# value) -#capabilities=hypervisor=xenserver;kvm,os=linux;windows - -# Seconds to wait for response from a call to a cell. (integer -# value) -#call_timeout=60 - -# Percentage of cell capacity to hold in reserve. Affects both -# memory and disk utilization (floating point value) -#reserve_percent=10.0 - -# Type of cell: api or compute (string value) -#cell_type=compute - -# Number of seconds after which a lack of capability and -# capacity updates signals the child cell is to be treated as -# a mute. (integer value) -#mute_child_interval=300 - -# Seconds between bandwidth updates for cells. (integer value) -#bandwidth_update_interval=600 - - -# -# Options defined in nova.cells.rpc_driver -# - -# Base queue name to use when communicating between cells. -# Various topics by message type will be appended to this. -# (string value) -#rpc_driver_queue_base=cells.intercell - - -# -# Options defined in nova.cells.scheduler -# - -# Filter classes the cells scheduler should use. An entry of -# "nova.cells.filters.all_filters" maps to all cells filters -# included with nova. (list value) -#scheduler_filter_classes=nova.cells.filters.all_filters - -# Weigher classes the cells scheduler should use. An entry of -# "nova.cells.weights.all_weighers" maps to all cell weighers -# included with nova. (list value) -#scheduler_weight_classes=nova.cells.weights.all_weighers - -# How many retries when no cells are available. (integer -# value) -#scheduler_retries=10 - -# How often to retry in seconds when no cells are available. -# (integer value) -#scheduler_retry_delay=2 - - -# -# Options defined in nova.cells.state -# - -# Interval, in seconds, for getting fresh cell information -# from the database. (integer value) -#db_check_interval=60 - -# Configuration file from which to read cells configuration. -# If given, overrides reading cells from the database. (string -# value) -#cells_config=<None> - - -# -# Options defined in nova.cells.weights.mute_child -# - -# Multiplier used to weigh mute children. (The value should be -# negative.) (floating point value) -#mute_weight_multiplier=-10.0 - -# Weight value assigned to mute children. (The value should be -# positive.) (floating point value) -#mute_weight_value=1000.0 - - -# -# Options defined in nova.cells.weights.ram_by_instance_type -# - -# Multiplier used for weighing ram. Negative numbers mean to -# stack vs spread. (floating point value) -#ram_weight_multiplier=10.0 - - -# -# Options defined in nova.cells.weights.weight_offset -# - -# Multiplier used to weigh offset weigher. (floating point -# value) -#offset_weight_multiplier=1.0 - - -[cinder] - -# -# Options defined in nova.volume.cinder -# - -# Info to match when looking for cinder in the service -# catalog. Format is: separated values of the form: -# <service_type>:<service_name>:<endpoint_type> (string value) -#catalog_info=volumev2:cinderv2:publicURL - -# Override service catalog lookup with template for cinder -# endpoint e.g. http://localhost:8776/v1/%(project_id)s -# (string value) -#endpoint_template=<None> - -# Number of cinderclient retries on failed http calls (integer -# value) -#http_retries=3 - -# Allow attach between instance and volume in different -# availability zones. (boolean value) -#cross_az_attach=true - - -[conductor] - -# -# Options defined in nova.conductor.api -# - -# Perform nova-conductor operations locally (boolean value) -use_local=true - -# The topic on which conductor nodes listen (string value) -#topic=conductor - -# Full class name for the Manager for conductor (string value) -#manager=nova.conductor.manager.ConductorManager - -# Number of workers for OpenStack Conductor service. The -# default will be the number of CPUs available. (integer -# value) -#workers=<None> - - -[database] - -# -# From oslo.db -# - -# The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -#sqlite_db = oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. (string -# value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = <None> -connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova - -# The SQLAlchemy connection string to use to connect to the slave database. -# (string value) -#slave_connection = <None> - -# The SQL mode to be used for MySQL sessions. This option, including the -# default, overrides any server-set SQL mode. To use whatever SQL mode is set -# by the server configuration, set this to no value. Example: mysql_sql_mode= -# (string value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool. (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = <None> - -# Maximum number of database connection retries during startup. Set to -1 to -# specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = <None> - -# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = <None> - -# Enable the experimental use of database reconnect on connection lost. -# (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database operation up to -# db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries of a -# database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before error is -# raised. Set to -1 to specify an infinite retry count. (integer value) -#db_max_retries = 20 - - -# -# Options defined in nova.db.sqlalchemy.api -# - -# The SQLAlchemy connection string to use to connect to the -# slave database. (string value) -#slave_connection=<None> - -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode=TRADITIONAL - - -[ephemeral_storage_encryption] - -# -# Options defined in nova.compute.api -# - -# Whether to encrypt ephemeral storage (boolean value) -#enabled=false - -# The cipher and mode to be used to encrypt ephemeral storage. -# Which ciphers are available ciphers depends on kernel -# support. See /proc/crypto for the list of available options. -# (string value) -#cipher=aes-xts-plain64 - -# The bit length of the encryption key to be used to encrypt -# ephemeral storage (in XTS mode only half of the bits are -# used for encryption key) (integer value) -#key_size=512 - - -[glance] - -# -# Options defined in nova.image.glance -# - -# Default glance hostname or IP address (string value) -host={{ CONTROLLER_HOST_ADDRESS }} - -# Default glance port (integer value) -port=9292 - -# Default protocol to use when connecting to glance. Set to -# https for SSL. (string value) -protocol=http - -# A list of the glance api servers available to nova. Prefix -# with https:// for ssl-based glance api servers. -# ([hostname|ip]:port) (list value) -api_servers=$host:$port - -# Allow to perform insecure SSL (https) requests to glance -# (boolean value) -#api_insecure=false - -# Number of retries when uploading / downloading an image to / -# from glance. (integer value) -#num_retries=0 - -# A list of url scheme that can be downloaded directly via the -# direct_url. Currently supported schemes: [file]. (list -# value) -#allowed_direct_url_schemes= - - -[guestfs] - -# -# Options defined in nova.virt.disk.vfs.guestfs -# - -# Enable guestfs debug (boolean value) -#debug=false - - -[hyperv] - -# -# Options defined in nova.virt.hyperv.pathutils -# - -# The name of a Windows share name mapped to the -# "instances_path" dir and used by the resize feature to copy -# files to the target host. If left blank, an administrative -# share will be used, looking for the same "instances_path" -# used locally (string value) -#instances_path_share= - - -# -# Options defined in nova.virt.hyperv.utilsfactory -# - -# Force V1 WMI utility classes (boolean value) -#force_hyperv_utils_v1=false - -# Force V1 volume utility class (boolean value) -#force_volumeutils_v1=false - - -# -# Options defined in nova.virt.hyperv.vif -# - -# External virtual switch Name, if not provided, the first -# external virtual switch is used (string value) -#vswitch_name=<None> - - -# -# Options defined in nova.virt.hyperv.vmops -# - -# Required for live migration among hosts with different CPU -# features (boolean value) -#limit_cpu_features=false - -# Sets the admin password in the config drive image (boolean -# value) -#config_drive_inject_password=false - -# Path of qemu-img command which is used to convert between -# different image types (string value) -#qemu_img_cmd=qemu-img.exe - -# Attaches the Config Drive image as a cdrom drive instead of -# a disk drive (boolean value) -#config_drive_cdrom=false - -# Enables metrics collections for an instance by using -# Hyper-V's metric APIs. Collected data can by retrieved by -# other apps and services, e.g.: Ceilometer. Requires Hyper-V -# / Windows Server 2012 and above (boolean value) -#enable_instance_metrics_collection=false - -# Enables dynamic memory allocation (ballooning) when set to a -# value greater than 1. The value expresses the ratio between -# the total RAM assigned to an instance and its startup RAM -# amount. For example a ratio of 2.0 for an instance with -# 1024MB of RAM implies 512MB of RAM allocated at startup -# (floating point value) -#dynamic_memory_ratio=1.0 - -# Number of seconds to wait for instance to shut down after -# soft reboot request is made. We fall back to hard reboot if -# instance does not shutdown within this window. (integer -# value) -#wait_soft_reboot_seconds=60 - - -# -# Options defined in nova.virt.hyperv.volumeops -# - -# The number of times to retry to attach a volume (integer -# value) -#volume_attach_retry_count=10 - -# Interval between volume attachment attempts, in seconds -# (integer value) -#volume_attach_retry_interval=5 - -# The number of times to retry checking for a disk mounted via -# iSCSI. (integer value) -#mounted_disk_query_retry_count=10 - -# Interval between checks for a mounted iSCSI disk, in -# seconds. (integer value) -#mounted_disk_query_retry_interval=5 - - -[image_file_url] - -# -# Options defined in nova.image.download.file -# - -# List of file systems that are configured in this file in the -# image_file_url:<list entry name> sections (list value) -#filesystems= - - -[ironic] - -# -# Options defined in nova.virt.ironic.driver -# - -# Version of Ironic API service endpoint. (integer value) -#api_version=1 - -# URL for Ironic API endpoint. (string value) -api_endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:6385/v1 - -# Ironic keystone admin name (string value) -admin_username={{ IRONIC_SERVICE_USER }} - -# Ironic keystone admin password. (string value) -admin_password={{ IRONIC_SERVICE_PASSWORD }} - -# Ironic keystone auth token. (string value) -#admin_auth_token=<None> - -# Keystone public API endpoint. (string value) -admin_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - -# Log level override for ironicclient. Set this in order to -# override the global "default_log_levels", "verbose", and -# "debug" settings. DEPRECATED: use standard logging -# configuration. (string value) -#client_log_level=<None> - -# Ironic keystone tenant name. (string value) -admin_tenant_name=service - -# How many retries when a request does conflict. (integer -# value) -#api_max_retries=60 - -# How often to retry in seconds when a request does conflict -# (integer value) -#api_retry_interval=2 - - -[keymgr] - -# -# Options defined in nova.keymgr -# - -# The full class name of the key manager API class (string -# value) -#api_class=nova.keymgr.conf_key_mgr.ConfKeyManager - - -# -# Options defined in nova.keymgr.conf_key_mgr -# - -# Fixed key returned by key manager, specified in hex (string -# value) -#fixed_key=<None> - - -[keystone_authtoken] - -# -# From keystonemiddleware.auth_token -# - -# Complete public Identity API endpoint. (string value) -auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 - -# API version of the admin Identity API endpoint. (string value) -auth_version = v2.0 - -# Do not handle authorization requests within the middleware, but delegate the -# authorization decision to downstream WSGI components. (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. (integer -# value) -#http_connect_timeout = <None> - -# How many times are we trying to reconnect when communicating with Identity -# API Server. (integer value) -#http_request_max_retries = 3 - -# Env key for the swift cache. (string value) -#cache = <None> - -# Required if identity server requires client certificate (string value) -#certfile = <None> - -# Required if identity server requires client certificate (string value) -#keyfile = <None> - -# A PEM encoded Certificate Authority to use when verifying HTTPs connections. -# Defaults to system CAs. (string value) -#cafile = <None> - -# Verify HTTPS connections. (boolean value) -#insecure = false - -# Directory used to cache files related to PKI tokens. (string value) -#signing_dir = <None> - -# Optionally specify a list of memcached server(s) to use for caching. If left -# undefined, tokens will instead be cached in-process. (list value) -# Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers = <None> - -# In order to prevent excessive effort spent validating tokens, the middleware -# caches previously-seen tokens for a configurable duration (in seconds). Set -# to -1 to disable caching completely. (integer value) -#token_cache_time = 300 - -# Determines the frequency at which the list of revoked tokens is retrieved -# from the Identity service (in seconds). A high number of revocation events -# combined with a low cache duration may significantly reduce performance. -# (integer value) -#revocation_cache_time = 10 - -# (Optional) If defined, indicate whether token data should be authenticated or -# authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, -# token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data -# is encrypted and authenticated in the cache. If the value is not one of these -# options or empty, auth_token will raise an exception on initialization. -# (string value) -#memcache_security_strategy = <None> - -# (Optional, mandatory if memcache_security_strategy is defined) This string is -# used for key derivation. (string value) -#memcache_secret_key = <None> - -# (Optional) Number of seconds memcached server is considered dead before it is -# tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every memcached -# server. (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a memcache -# server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held unused in the -# pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a memcache -# client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcache client pool. The -# advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If False, -# middleware will not ask for service catalog on token validation and will not -# set the X-Service-Catalog header. (boolean value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: "disabled" -# to not check token binding. "permissive" (default) to validate binding -# information if the bind type is of a form known to the server and ignore it -# if not. "strict" like "permissive" but if the bind type is unknown the token -# will be rejected. "required" any form of token binding is needed to be -# allowed. Finally the name of a binding method that must be present in tokens. -# (string value) -#enforce_token_bind = permissive - -# If true, the revocation list will be checked for cached tokens. This requires -# that PKI tokens are configured on the identity server. (boolean value) -#check_revocations_for_cached = false - -# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm -# or multiple. The algorithms are those supported by Python standard -# hashlib.new(). The hashes will be tried in the order given, so put the -# preferred one first for performance. The result of the first hash will be -# stored in the cache. This will typically be set to multiple values only while -# migrating from a less secure algorithm to a more secure one. Once all the old -# tokens are expired this option should be set to a single value for better -# performance. (list value) -#hash_algorithms = md5 - -# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. -# (string value) -#auth_admin_prefix = - -# Host providing the admin Identity API endpoint. Deprecated, use identity_uri. -# (string value) -#auth_host = 127.0.0.1 - -# Port of the admin Identity API endpoint. Deprecated, use identity_uri. -# (integer value) -#auth_port = 35357 - -# Protocol of the admin Identity API endpoint (http or https). Deprecated, use -# identity_uri. (string value) -#auth_protocol = https - -# Complete admin Identity API endpoint. This should specify the unversioned -# root endpoint e.g. https://localhost:35357/ (string value) -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 - -# This option is deprecated and may be removed in a future release. Single -# shared secret with the Keystone configuration used for bootstrapping a -# Keystone installation, or otherwise bypassing the normal authentication -# process. This option should not be used, use `admin_user` and -# `admin_password` instead. (string value) -#admin_token = <None> - -# Service username. (string value) -admin_user = {{ NOVA_SERVICE_USER }} - -# Service user password. (string value) -admin_password = {{ NOVA_SERVICE_PASSWORD }} - -# Service tenant name. (string value) -admin_tenant_name = service - - -[libvirt] - -# -# Options defined in nova.virt.libvirt.driver -# - -# Rescue ami image. This will not be used if an image id is -# provided by the user. (string value) -#rescue_image_id=<None> - -# Rescue aki image (string value) -#rescue_kernel_id=<None> - -# Rescue ari image (string value) -#rescue_ramdisk_id=<None> - -# Libvirt domain type (valid options are: kvm, lxc, qemu, uml, -# xen and parallels) (string value) -virt_type={{ NOVA_VIRT_TYPE }} - -# Override the default libvirt URI (which is dependent on -# virt_type) (string value) -#connection_uri= - -# Inject the admin password at boot time, without an agent. -# (boolean value) -#inject_password=false - -# Inject the ssh public key at boot time (boolean value) -#inject_key=false - -# The partition to inject to : -2 => disable, -1 => inspect -# (libguestfs only), 0 => not partitioned, >0 => partition -# number (integer value) -#inject_partition=-2 - -# Sync virtual and real mouse cursors in Windows VMs (boolean -# value) -#use_usb_tablet=true - -# Migration target URI (any included "%s" is replaced with the -# migration target hostname) (string value) -#live_migration_uri=qemu+tcp://%s/system - -# Migration flags to be set for live migration (string value) -#live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED - -# Migration flags to be set for block migration (string value) -#block_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED, VIR_MIGRATE_NON_SHARED_INC - -# Maximum bandwidth to be used during migration, in Mbps -# (integer value) -#live_migration_bandwidth=0 - -# Snapshot image format (valid options are : raw, qcow2, vmdk, -# vdi). Defaults to same as source image (string value) -#snapshot_image_format=<None> - -# Override the default disk prefix for the devices attached to -# a server, which is dependent on virt_type. (valid options -# are: sd, xvd, uvd, vd) (string value) -#disk_prefix=<None> - -# Number of seconds to wait for instance to shut down after -# soft reboot request is made. We fall back to hard reboot if -# instance does not shutdown within this window. (integer -# value) -#wait_soft_reboot_seconds=120 - -# Set to "host-model" to clone the host CPU feature flags; to -# "host-passthrough" to use the host CPU model exactly; to -# "custom" to use a named CPU model; to "none" to not set any -# CPU model. If virt_type="kvm|qemu", it will default to -# "host-model", otherwise it will default to "none" (string -# value) -#cpu_mode=<None> - -# Set to a named libvirt CPU model (see names listed in -# /usr/share/libvirt/cpu_map.xml). Only has effect if -# cpu_mode="custom" and virt_type="kvm|qemu" (string value) -#cpu_model=<None> - -# Location where libvirt driver will store snapshots before -# uploading them to image service (string value) -#snapshots_directory=$instances_path/snapshots - -# Location where the Xen hvmloader is kept (string value) -#xen_hvmloader_path=/usr/lib/xen/boot/hvmloader - -# Specific cachemodes to use for different disk types e.g: -# file=directsync,block=none (list value) -#disk_cachemodes= - -# A path to a device that will be used as source of entropy on -# the host. Permitted options are: /dev/random or /dev/hwrng -# (string value) -#rng_dev_path=<None> - -# For qemu or KVM guests, set this option to specify a default -# machine type per host architecture. You can find a list of -# supported machine types in your environment by checking the -# output of the "virsh capabilities"command. The format of the -# value for this config option is host-arch=machine-type. For -# example: x86_64=machinetype1,armv7l=machinetype2 (list -# value) -#hw_machine_type=<None> - -# The data source used to the populate the host "serial" UUID -# exposed to guest in the virtual BIOS. Permitted options are -# "hardware", "os", "none" or "auto" (default). (string value) -#sysinfo_serial=auto - -# A number of seconds to memory usage statistics period. Zero -# or negative value mean to disable memory usage statistics. -# (integer value) -#mem_stats_period_seconds=10 - -# List of uid targets and ranges.Syntax is guest-uid:host- -# uid:countMaximum of 5 allowed. (list value) -#uid_maps= - -# List of guid targets and ranges.Syntax is guest-gid:host- -# gid:countMaximum of 5 allowed. (list value) -#gid_maps= - - -# -# Options defined in nova.virt.libvirt.imagebackend -# - -# VM Images format. Acceptable values are: raw, qcow2, lvm, -# rbd, default. If default is specified, then use_cow_images -# flag is used instead of this one. (string value) -#images_type=default - -# LVM Volume Group that is used for VM images, when you -# specify images_type=lvm. (string value) -#images_volume_group=<None> - -# Create sparse logical volumes (with virtualsize) if this -# flag is set to True. (boolean value) -#sparse_logical_volumes=false - -# The RADOS pool in which rbd volumes are stored (string -# value) -#images_rbd_pool=rbd - -# Path to the ceph configuration file to use (string value) -#images_rbd_ceph_conf= - -# Discard option for nova managed disks (valid options are: -# ignore, unmap). Need Libvirt(1.0.6) Qemu1.5 (raw format) -# Qemu1.6(qcow2 format) (string value) -#hw_disk_discard=<None> - - -# -# Options defined in nova.virt.libvirt.imagecache -# - -# Allows image information files to be stored in non-standard -# locations (string value) -#image_info_filename_pattern=$instances_path/$image_cache_subdirectory_name/%(image)s.info - -# Should unused kernel images be removed? This is only safe to -# enable if all compute nodes have been updated to support -# this option. This will be enabled by default in future. -# (boolean value) -#remove_unused_kernels=false - -# Unused resized base images younger than this will not be -# removed (integer value) -#remove_unused_resized_minimum_age_seconds=3600 - -# Write a checksum for files in _base to disk (boolean value) -#checksum_base_images=false - -# How frequently to checksum base images (integer value) -#checksum_interval_seconds=3600 - - -# -# Options defined in nova.virt.libvirt.lvm -# - -# Method used to wipe old volumes (valid options are: none, -# zero, shred) (string value) -#volume_clear=zero - -# Size in MiB to wipe at start of old volumes. 0 => all -# (integer value) -#volume_clear_size=0 - - -# -# Options defined in nova.virt.libvirt.utils -# - -# Compress snapshot images when possible. This currently -# applies exclusively to qcow2 images (boolean value) -#snapshot_compression=false - - -# -# Options defined in nova.virt.libvirt.vif -# - -# Use virtio for bridge interfaces with KVM/QEMU (boolean -# value) -#use_virtio_for_bridges=true - - -# -# Options defined in nova.virt.libvirt.volume -# - -# Number of times to rescan iSCSI target to find volume -# (integer value) -#num_iscsi_scan_tries=5 - -# Number of times to rescan iSER target to find volume -# (integer value) -#num_iser_scan_tries=5 - -# The RADOS client name for accessing rbd volumes (string -# value) -#rbd_user=<None> - -# The libvirt UUID of the secret for the rbd_uservolumes -# (string value) -#rbd_secret_uuid=<None> - -# Directory where the NFS volume is mounted on the compute -# node (string value) -#nfs_mount_point_base=$state_path/mnt - -# Mount options passed to the NFS client. See section of the -# nfs man page for details (string value) -#nfs_mount_options=<None> - -# Directory where the SMBFS shares are mounted on the compute -# node (string value) -#smbfs_mount_point_base=$state_path/mnt - -# Mount options passed to the SMBFS client. See mount.cifs man -# page for details. Note that the libvirt-qemu uid and gid -# must be specified. (string value) -#smbfs_mount_options= - -# Number of times to rediscover AoE target to find volume -# (integer value) -#num_aoe_discover_tries=3 - -# Directory where the glusterfs volume is mounted on the -# compute node (string value) -#glusterfs_mount_point_base=$state_path/mnt - -# Use multipath connection of the iSCSI volume (boolean value) -#iscsi_use_multipath=false - -# Use multipath connection of the iSER volume (boolean value) -#iser_use_multipath=false - -# Path or URL to Scality SOFS configuration file (string -# value) -#scality_sofs_config=<None> - -# Base dir where Scality SOFS shall be mounted (string value) -#scality_sofs_mount_point=$state_path/scality - -# Protocols listed here will be accessed directly from QEMU. -# Currently supported protocols: [gluster] (list value) -#qemu_allowed_storage_drivers= - -# Directory where the Quobyte volume is mounted on the compute -# node (string value) -#quobyte_mount_point_base=$state_path/mnt - -# Path to a Quobyte Client configuration file. (string value) -#quobyte_client_cfg=<None> - -# The iSCSI transport iface to use to connect to target in -# case offload support is desired. Supported transports are -# be2iscsi, bnx2i, cxgb3i, cxgb4i, qla4xxx and ocs. Default -# format is transport_name.hwaddress and can be generated -# manually or via iscsiadm -m iface (string value) -# Deprecated group/name - [DEFAULT]/iscsi_transport -#iscsi_iface=<None> - - -[metrics] - -# -# Options defined in nova.scheduler.weights.metrics -# - -# Multiplier used for weighing metrics. (floating point value) -#weight_multiplier=1.0 - -# How the metrics are going to be weighed. This should be in -# the form of "<name1>=<ratio1>, <name2>=<ratio2>, ...", where -# <nameX> is one of the metrics to be weighed, and <ratioX> is -# the corresponding ratio. So for "name1=1.0, name2=-1.0" The -# final weight would be name1.value * 1.0 + name2.value * -# -1.0. (list value) -#weight_setting= - -# How to treat the unavailable metrics. When a metric is NOT -# available for a host, if it is set to be True, it would -# raise an exception, so it is recommended to use the -# scheduler filter MetricFilter to filter out those hosts. If -# it is set to be False, the unavailable metric would be -# treated as a negative factor in weighing process, the -# returned value would be set by the option -# weight_of_unavailable. (boolean value) -#required=true - -# The final weight value to be returned if required is set to -# False and any one of the metrics set by weight_setting is -# unavailable. (floating point value) -#weight_of_unavailable=-10000.0 - - -[neutron] - -# -# Options defined in nova.api.metadata.handler -# - -# Set flag to indicate Neutron will proxy metadata requests -# and resolve instance ids. (boolean value) -service_metadata_proxy=True - -# Shared secret to validate proxies Neutron metadata requests -# (string value) -metadata_proxy_shared_secret={{ METADATA_PROXY_SHARED_SECRET }} - - -# -# Options defined in nova.network.neutronv2.api -# - -# URL for connecting to neutron (string value) -url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 - -# User id for connecting to neutron in admin context. -# DEPRECATED: specify an auth_plugin and appropriate -# credentials instead. (string value) -#admin_user_id=<None> - -# Username for connecting to neutron in admin context -# DEPRECATED: specify an auth_plugin and appropriate -# credentials instead. (string value) -admin_username={{ NEUTRON_SERVICE_USER }} - -# Password for connecting to neutron in admin context -# DEPRECATED: specify an auth_plugin and appropriate -# credentials instead. (string value) -admin_password={{ NEUTRON_SERVICE_PASSWORD }} - -# Tenant id for connecting to neutron in admin context -# DEPRECATED: specify an auth_plugin and appropriate -# credentials instead. (string value) -#admin_tenant_id=<None> - -# Tenant name for connecting to neutron in admin context. This -# option will be ignored if neutron_admin_tenant_id is set. -# Note that with Keystone V3 tenant names are only unique -# within a domain. DEPRECATED: specify an auth_plugin and -# appropriate credentials instead. (string value) -admin_tenant_name=service - -# Region name for connecting to neutron in admin context -# (string value) -#region_name=<None> - -# Authorization URL for connecting to neutron in admin -# context. DEPRECATED: specify an auth_plugin and appropriate -# credentials instead. (string value) -admin_auth_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - -# Authorization strategy for connecting to neutron in admin -# context. DEPRECATED: specify an auth_plugin and appropriate -# credentials instead. If an auth_plugin is specified strategy -# will be ignored. (string value) -auth_strategy=keystone - -# Name of Integration Bridge used by Open vSwitch (string -# value) -#ovs_bridge=br-int - -# Number of seconds before querying neutron for extensions -# (integer value) -#extension_sync_interval=600 - -# DEPRECATED: Allow an instance to have multiple vNICs -# attached to the same Neutron network. This option is -# deprecated in the 2015.1 release and will be removed in the -# 2015.2 release where the default behavior will be to always -# allow multiple ports from the same network to be attached to -# an instance. (boolean value) -#allow_duplicate_networks=false - - -[osapi_v3] - -# -# Options defined in nova.api.openstack -# - -# Whether the V3 API is enabled or not (boolean value) -#enabled=false - -# A list of v3 API extensions to never load. Specify the -# extension aliases here. (list value) -#extensions_blacklist= - -# If the list is not empty then a v3 API extension will only -# be loaded if it exists in this list. Specify the extension -# aliases here. (list value) -#extensions_whitelist= - - -[rdp] - -# -# Options defined in nova.rdp -# - -# Location of RDP html5 console proxy, in the form -# "http://127.0.0.1:6083/" (string value) -#html5_proxy_base_url=http://127.0.0.1:6083/ - -# Enable RDP related features (boolean value) -#enabled=false - - -[serial_console] - -# -# Options defined in nova.cmd.serialproxy -# - -# Host on which to listen for incoming requests (string value) -serialproxy_host=127.0.0.1 - -# Port on which to listen for incoming requests (integer -# value) -#serialproxy_port=6083 - - -# -# Options defined in nova.console.serial -# - -# Enable serial console related features (boolean value) -enabled=false - -# Range of TCP ports to use for serial ports on compute hosts -# (string value) -#port_range=10000:20000 - -# Location of serial console proxy. (string value) -#base_url=ws://127.0.0.1:6083/ - -# IP address on which instance serial console should listen -# (string value) -#listen=127.0.0.1 - -# The address to which proxy clients (like nova-serialproxy) -# should connect (string value) -#proxyclient_address=127.0.0.1 - - -[spice] - -# -# Options defined in nova.cmd.spicehtml5proxy -# - -# Host on which to listen for incoming requests (string value) -#html5proxy_host=0.0.0.0 - -# Port on which to listen for incoming requests (integer -# value) -#html5proxy_port=6082 - - -# -# Options defined in nova.spice -# - -# Location of spice HTML5 console proxy, in the form -# "http://127.0.0.1:6082/spice_auto.html" (string value) -#html5proxy_base_url=http://127.0.0.1:6082/spice_auto.html - -# IP address on which instance spice server should listen -# (string value) -#server_listen=127.0.0.1 - -# The address to which proxy clients (like nova- -# spicehtml5proxy) should connect (string value) -#server_proxyclient_address=127.0.0.1 - -# Enable spice related features (boolean value) -enabled=false - -# Enable spice guest agent support (boolean value) -#agent_enabled=true - -# Keymap for spice (string value) -#keymap=en-us - - -[ssl] - -# -# Options defined in nova.openstack.common.sslutils -# - -# CA certificate file to use to verify connecting clients. -# (string value) -#ca_file=<None> - -# Certificate file to use when starting the server securely. -# (string value) -#cert_file=<None> - -# Private key file to use when starting the server securely. -# (string value) -#key_file=<None> - - -[trusted_computing] - -# -# Options defined in nova.scheduler.filters.trusted_filter -# - -# Attestation server HTTP (string value) -#attestation_server=<None> - -# Attestation server Cert file for Identity verification -# (string value) -#attestation_server_ca_file=<None> - -# Attestation server port (string value) -#attestation_port=8443 - -# Attestation web API URL (string value) -#attestation_api_url=/OpenAttestationWebServices/V1.0 - -# Attestation authorization blob - must change (string value) -#attestation_auth_blob=<None> - -# Attestation status cache valid period length (integer value) -#attestation_auth_timeout=60 - -# Disable SSL cert verification for Attestation service -# (boolean value) -#attestation_insecure_ssl=false - - -[upgrade_levels] - -# -# Options defined in nova.baserpc -# - -# Set a version cap for messages sent to the base api in any -# service (string value) -#baseapi=<None> - - -# -# Options defined in nova.cells.rpc_driver -# - -# Set a version cap for messages sent between cells services -# (string value) -#intercell=<None> - - -# -# Options defined in nova.cells.rpcapi -# - -# Set a version cap for messages sent to local cells services -# (string value) -#cells=<None> - - -# -# Options defined in nova.cert.rpcapi -# - -# Set a version cap for messages sent to cert services (string -# value) -#cert=<None> - - -# -# Options defined in nova.compute.rpcapi -# - -# Set a version cap for messages sent to compute services. If -# you plan to do a live upgrade from havana to icehouse, you -# should set this option to "icehouse-compat" before beginning -# the live upgrade procedure. (string value) -#compute=<None> - - -# -# Options defined in nova.conductor.rpcapi -# - -# Set a version cap for messages sent to conductor services -# (string value) -#conductor=<None> - - -# -# Options defined in nova.console.rpcapi -# - -# Set a version cap for messages sent to console services -# (string value) -#console=<None> - - -# -# Options defined in nova.consoleauth.rpcapi -# - -# Set a version cap for messages sent to consoleauth services -# (string value) -#consoleauth=<None> - - -# -# Options defined in nova.network.rpcapi -# - -# Set a version cap for messages sent to network services -# (string value) -#network=<None> - - -# -# Options defined in nova.scheduler.rpcapi -# - -# Set a version cap for messages sent to scheduler services -# (string value) -#scheduler=<None> - - -[vmware] - -# -# Options defined in nova.virt.vmwareapi.driver -# - -# The PBM status. (boolean value) -#pbm_enabled=false - -# PBM service WSDL file location URL. e.g. -# file:///opt/SDK/spbm/wsdl/pbmService.wsdl Not setting this -# will disable storage policy based placement of instances. -# (string value) -#pbm_wsdl_location=<None> - -# The PBM default policy. If pbm_wsdl_location is set and -# there is no defined storage policy for the specific request -# then this policy will be used. (string value) -#pbm_default_policy=<None> - -# Hostname or IP address for connection to VMware VC host. -# (string value) -#host_ip=<None> - -# Port for connection to VMware VC host. (integer value) -#host_port=443 - -# Username for connection to VMware VC host. (string value) -#host_username=<None> - -# Password for connection to VMware VC host. (string value) -#host_password=<None> - -# Name of a VMware Cluster ComputeResource. (multi valued) -#cluster_name=<None> - -# Regex to match the name of a datastore. (string value) -#datastore_regex=<None> - -# The interval used for polling of remote tasks. (floating -# point value) -#task_poll_interval=0.5 - -# The number of times we retry on failures, e.g., socket -# error, etc. (integer value) -#api_retry_count=10 - -# VNC starting port (integer value) -#vnc_port=5900 - -# Total number of VNC ports (integer value) -#vnc_port_total=10000 - -# Whether to use linked clone (boolean value) -#use_linked_clone=true - -# Optional VIM Service WSDL Location e.g -# http://<server>/vimService.wsdl. Optional over-ride to -# default location for bug work-arounds (string value) -#wsdl_location=<None> - - -# -# Options defined in nova.virt.vmwareapi.vif -# - -# Physical ethernet adapter name for vlan networking (string -# value) -#vlan_interface=vmnic0 - -# Name of Integration Bridge (string value) -#integration_bridge=br-int - - -# -# Options defined in nova.virt.vmwareapi.vim_util -# - -# The maximum number of ObjectContent data objects that should -# be returned in a single result. A positive value will cause -# the operation to suspend the retrieval when the count of -# objects reaches the specified maximum. The server may still -# limit the count to something less than the configured value. -# Any remaining objects may be retrieved with additional -# requests. (integer value) -#maximum_objects=100 - - -# -# Options defined in nova.virt.vmwareapi.vmops -# - -# The prefix for Where cached images are stored. This is NOT -# the full path - just a folder prefix. This should only be -# used when a datastore cache should be shared between compute -# nodes. Note: this should only be used when the compute nodes -# have a shared file system. (string value) -#cache_prefix=<None> - - -[workarounds] - -# -# Options defined in nova.utils -# - -# This option allows a fallback to sudo for performance -# reasons. For example see -# https://bugs.launchpad.net/nova/+bug/1415106 (boolean value) -#disable_rootwrap=false - -# When using libvirt 1.2.2 fails live snapshots intermittently -# under load. This config option provides mechanism to -# disable livesnapshot while this is resolved. See -# https://bugs.launchpad.net/nova/+bug/1334398 (boolean value) -#disable_libvirt_livesnapshot=true - -# Whether to destroy instances on startup when we suspect they -# have previously been evacuated. This can result in data loss -# if undesired. See https://launchpad.net/bugs/1419785 -# (boolean value) -#destroy_after_evacuate=true - - -[xenserver] - -# -# Options defined in nova.virt.xenapi.agent -# - -# Number of seconds to wait for agent reply (integer value) -#agent_timeout=30 - -# Number of seconds to wait for agent to be fully operational -# (integer value) -#agent_version_timeout=300 - -# Number of seconds to wait for agent reply to resetnetwork -# request (integer value) -#agent_resetnetwork_timeout=60 - -# Specifies the path in which the XenAPI guest agent should be -# located. If the agent is present, network configuration is -# not injected into the image. Used if -# compute_driver=xenapi.XenAPIDriver and flat_injected=True -# (string value) -#agent_path=usr/sbin/xe-update-networking - -# Disables the use of the XenAPI agent in any image regardless -# of what image properties are present. (boolean value) -#disable_agent=false - -# Determines if the XenAPI agent should be used when the image -# used does not contain a hint to declare if the agent is -# present or not. The hint is a glance property -# "xenapi_use_agent" that has the value "True" or "False". -# Note that waiting for the agent when it is not present will -# significantly increase server boot times. (boolean value) -#use_agent_default=false - - -# -# Options defined in nova.virt.xenapi.client.session -# - -# Timeout in seconds for XenAPI login. (integer value) -#login_timeout=10 - -# Maximum number of concurrent XenAPI connections. Used only -# if compute_driver=xenapi.XenAPIDriver (integer value) -#connection_concurrent=5 - - -# -# Options defined in nova.virt.xenapi.driver -# - -# URL for connection to XenServer/Xen Cloud Platform. A -# special value of unix://local can be used to connect to the -# local unix socket. Required if -# compute_driver=xenapi.XenAPIDriver (string value) -#connection_url=<None> - -# Username for connection to XenServer/Xen Cloud Platform. -# Used only if compute_driver=xenapi.XenAPIDriver (string -# value) -#connection_username=root - -# Password for connection to XenServer/Xen Cloud Platform. -# Used only if compute_driver=xenapi.XenAPIDriver (string -# value) -#connection_password=<None> - -# The interval used for polling of coalescing vhds. Used only -# if compute_driver=xenapi.XenAPIDriver (floating point value) -#vhd_coalesce_poll_interval=5.0 - -# Ensure compute service is running on host XenAPI connects -# to. (boolean value) -#check_host=true - -# Max number of times to poll for VHD to coalesce. Used only -# if compute_driver=xenapi.XenAPIDriver (integer value) -#vhd_coalesce_max_attempts=20 - -# Base path to the storage repository (string value) -#sr_base_path=/var/run/sr-mount - -# The iSCSI Target Host (string value) -#target_host=<None> - -# The iSCSI Target Port, default is port 3260 (string value) -#target_port=3260 - -# IQN Prefix (string value) -#iqn_prefix=iqn.2010-10.org.openstack - -# Used to enable the remapping of VBD dev (Works around an -# issue in Ubuntu Maverick) (boolean value) -#remap_vbd_dev=false - -# Specify prefix to remap VBD dev to (ex. /dev/xvdb -> -# /dev/sdb) (string value) -#remap_vbd_dev_prefix=sd - - -# -# Options defined in nova.virt.xenapi.image.bittorrent -# - -# Base URL for torrent files. (string value) -#torrent_base_url=<None> - -# Probability that peer will become a seeder. (1.0 = 100%) -# (floating point value) -#torrent_seed_chance=1.0 - -# Number of seconds after downloading an image via BitTorrent -# that it should be seeded for other peers. (integer value) -#torrent_seed_duration=3600 - -# Cached torrent files not accessed within this number of -# seconds can be reaped (integer value) -#torrent_max_last_accessed=86400 - -# Beginning of port range to listen on (integer value) -#torrent_listen_port_start=6881 - -# End of port range to listen on (integer value) -#torrent_listen_port_end=6891 - -# Number of seconds a download can remain at the same progress -# percentage w/o being considered a stall (integer value) -#torrent_download_stall_cutoff=600 - -# Maximum number of seeder processes to run concurrently -# within a given dom0. (-1 = no limit) (integer value) -#torrent_max_seeder_processes_per_host=1 - - -# -# Options defined in nova.virt.xenapi.pool -# - -# To use for hosts with different CPUs (boolean value) -#use_join_force=true - - -# -# Options defined in nova.virt.xenapi.vif -# - -# Name of Integration Bridge used by Open vSwitch (string -# value) -#ovs_integration_bridge=xapi1 - - -# -# Options defined in nova.virt.xenapi.vm_utils -# - -# Cache glance images locally. `all` will cache all images, -# `some` will only cache images that have the image_property -# `cache_in_nova=True`, and `none` turns off caching entirely -# (string value) -#cache_images=all - -# Compression level for images, e.g., 9 for gzip -9. Range is -# 1-9, 9 being most compressed but most CPU intensive on dom0. -# (integer value) -#image_compression_level=<None> - -# Default OS type (string value) -#default_os_type=linux - -# Time to wait for a block device to be created (integer -# value) -#block_device_creation_timeout=10 - -# Maximum size in bytes of kernel or ramdisk images (integer -# value) -#max_kernel_ramdisk_size=16777216 - -# Filter for finding the SR to be used to install guest -# instances on. To use the Local Storage in default -# XenServer/XCP installations set this flag to other-config -# :i18n-key=local-storage. To select an SR with a different -# matching criteria, you could set it to other- -# config:my_favorite_sr=true. On the other hand, to fall back -# on the Default SR, as displayed by XenCenter, set this flag -# to: default-sr:true (string value) -#sr_matching_filter=default-sr:true - -# Whether to use sparse_copy for copying data on a resize down -# (False will use standard dd). This speeds up resizes down -# considerably since large runs of zeros won't have to be -# rsynced (boolean value) -#sparse_copy=true - -# Maximum number of retries to unplug VBD. if <=0, should try -# once and no retry (integer value) -#num_vbd_unplug_retries=10 - -# Whether or not to download images via Bit Torrent -# (all|some|none). (string value) -#torrent_images=none - -# Name of network to use for booting iPXE ISOs (string value) -#ipxe_network_name=<None> - -# URL to the iPXE boot menu (string value) -#ipxe_boot_menu_url=<None> - -# Name and optionally path of the tool used for ISO image -# creation (string value) -#ipxe_mkisofs_cmd=mkisofs - - -# -# Options defined in nova.virt.xenapi.vmops -# - -# Number of seconds to wait for instance to go to running -# state (integer value) -#running_timeout=60 - -# The XenAPI VIF driver using XenServer Network APIs. (string -# value) -#vif_driver=nova.virt.xenapi.vif.XenAPIBridgeDriver - -# Dom0 plugin driver used to handle image uploads. (string -# value) -#image_upload_handler=nova.virt.xenapi.image.glance.GlanceStore - - -# -# Options defined in nova.virt.xenapi.volume_utils -# - -# Number of seconds to wait for an SR to settle if the VDI -# does not exist when first introduced (integer value) -#introduce_vdi_retry_wait=20 - - -[zookeeper] - -# -# Options defined in nova.servicegroup.drivers.zk -# - -# The ZooKeeper addresses for servicegroup service in the -# format of host1:port,host2:port,host3:port (string value) -#address=<None> - -# The recv_timeout parameter for the zk session (integer -# value) -#recv_timeout=4000 - -# The prefix used in ZooKeeper to store ephemeral nodes -# (string value) -#sg_prefix=/servicegroups - -# Number of seconds to wait until retrying to join the session -# (integer value) -#sg_retry_interval=5 - - -[matchmaker_redis] - -# -# From oslo.messaging -# - -# Host to locate redis. (string value) -#host = 127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port = 6379 - -# Password for Redis server (optional). (string value) -#password = <None> - - -[matchmaker_ring] - -# -# From oslo.messaging -# - -# Matchmaker ring file (JSON). (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile = /etc/oslo/matchmaker_ring.json - - -[oslo_concurrency] - -# -# From oslo.concurrency -# - -# Enables or disables inter-process locks. (boolean value) -# Deprecated group/name - [DEFAULT]/disable_process_locking -#disable_process_locking = false - -# Directory to use for lock files. For security, the specified directory -# should only be writable by the user running the processes that need locking. -# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, -# a lock path must be set. (string value) -# Deprecated group/name - [DEFAULT]/lock_path -lock_path = /var/lock/nova - - -[oslo_messaging_amqp] - -# -# From oslo.messaging -# - -# address prefix used when sending to a specific server (string value) -# Deprecated group/name - [amqp1]/server_request_prefix -#server_request_prefix = exclusive - -# address prefix used when broadcasting to all servers (string value) -# Deprecated group/name - [amqp1]/broadcast_prefix -#broadcast_prefix = broadcast - -# address prefix when sending to any server in group (string value) -# Deprecated group/name - [amqp1]/group_request_prefix -#group_request_prefix = unicast - -# Name for the AMQP container (string value) -# Deprecated group/name - [amqp1]/container_name -#container_name = <None> - -# Timeout for inactive connections (in seconds) (integer value) -# Deprecated group/name - [amqp1]/idle_timeout -#idle_timeout = 0 - -# Debug: dump AMQP frames to stdout (boolean value) -# Deprecated group/name - [amqp1]/trace -#trace = false - -# CA certificate PEM file for verifing server certificate (string value) -# Deprecated group/name - [amqp1]/ssl_ca_file -#ssl_ca_file = - -# Identifying certificate PEM file to present to clients (string value) -# Deprecated group/name - [amqp1]/ssl_cert_file -#ssl_cert_file = - -# Private key PEM file used to sign cert_file certificate (string value) -# Deprecated group/name - [amqp1]/ssl_key_file -#ssl_key_file = - -# Password for decrypting ssl_key_file (if encrypted) (string value) -# Deprecated group/name - [amqp1]/ssl_key_password -#ssl_key_password = <None> - -# Accept clients using either SSL or plain TCP (boolean value) -# Deprecated group/name - [amqp1]/allow_insecure_clients -#allow_insecure_clients = false - - -[oslo_messaging_qpid] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete = false - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size = 30 - -# Qpid broker hostname. (string value) -# Deprecated group/name - [DEFAULT]/qpid_hostname -#qpid_hostname = localhost - -# Qpid broker port. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_port -#qpid_port = 5672 - -# Qpid HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/qpid_hosts -#qpid_hosts = $qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -# Deprecated group/name - [DEFAULT]/qpid_username -#qpid_username = - -# Password for Qpid connection. (string value) -# Deprecated group/name - [DEFAULT]/qpid_password -#qpid_password = - -# Space separated list of SASL mechanisms to use for auth. (string value) -# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms -#qpid_sasl_mechanisms = - -# Seconds between connection keepalive heartbeats. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_heartbeat -#qpid_heartbeat = 60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -# Deprecated group/name - [DEFAULT]/qpid_protocol -#qpid_protocol = tcp - -# Whether to disable the Nagle algorithm. (boolean value) -# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay -#qpid_tcp_nodelay = true - -# The number of prefetched messages held by receiver. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity -#qpid_receiver_capacity = 1 - -# The qpid topology version to use. Version 1 is what was originally used by -# impl_qpid. Version 2 includes some backwards-incompatible changes that allow -# broker federation to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_topology_version -#qpid_topology_version = 1 - - -[oslo_messaging_rabbit] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete = false - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size = 30 - -# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and -# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some -# distributions. (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_version -#kombu_ssl_version = - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile -#kombu_ssl_keyfile = - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile -#kombu_ssl_certfile = - -# SSL certification authority file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs -#kombu_ssl_ca_certs = - -# How long to wait before reconnecting in response to an AMQP consumer cancel -# notification. (floating point value) -# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay -#kombu_reconnect_delay = 1.0 - -# The RabbitMQ broker address where a single node is used. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_host -rabbit_host = {{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_port -rabbit_port = {{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/rabbit_hosts -#rabbit_hosts = $rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -rabbit_use_ssl = false - -# The RabbitMQ userid. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_userid -rabbit_userid = {{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_password -rabbit_password = {{ RABBITMQ_PASSWORD }} - -# The RabbitMQ login method. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_login_method -#rabbit_login_method = AMQPLAIN - -# The RabbitMQ virtual host. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_virtual_host -#rabbit_virtual_host = / - -# How frequently to retry connecting with RabbitMQ. (integer value) -#rabbit_retry_interval = 1 - -# How long to backoff for between retries when connecting to RabbitMQ. (integer -# value) -# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff -#rabbit_retry_backoff = 2 - -# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry -# count). (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_max_retries -#rabbit_max_retries = 0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you -# must wipe the RabbitMQ database. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_ha_queues -#rabbit_ha_queues = false - -# Number of seconds after which the Rabbit broker is considered down if -# heartbeat's keep-alive fails (0 disable the heartbeat). (integer value) -#heartbeat_timeout_threshold = 60 - -# How often times during the heartbeat_timeout_threshold we check the -# heartbeat. (integer value) -#heartbeat_rate = 2 - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) -# Deprecated group/name - [DEFAULT]/fake_rabbit -#fake_rabbit = false diff --git a/install-files/openstack/usr/share/openstack/openvswitch.yml b/install-files/openstack/usr/share/openstack/openvswitch.yml deleted file mode 100644 index 47257f7f..00000000 --- a/install-files/openstack/usr/share/openstack/openvswitch.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- hosts: localhost - tasks: - - - name: Create openvswitch directories - file: path={{ item }} state=directory - with_items: - - /etc/openvswitch - - /var/run/openvswitch - - - shell: > - ovsdb-tool create /etc/openvswitch/conf.db /usr/share/openvswitch/vswitch.ovsschema - creates=/etc/openvswitch/conf.db - - # We enable the openvswitch-db-server in a different task to identify - # the first time we run this script by identifying when we enable the - # unit. - # - # We need to identify this to initialise the database. - - name: Enable openvswitch database service - service: name={{ item }} enabled=yes - with_items: - - openvswitch-db-server.service - register: openvswitch_db_enable - - - name: Start openvswitch database service - service: name={{ item }} state=started - with_items: - - openvswitch-db-server.service - - - name: initialise openvswitch-db - shell: ovs-vsctl --no-wait init - when: openvswitch_db_enable|changed - - - name: Enable and start Open vSwitch service - service: name={{ item }} enabled=yes state=started - with_items: - - openvswitch.service diff --git a/install-files/openstack/usr/share/openstack/postgres.yml b/install-files/openstack/usr/share/openstack/postgres.yml deleted file mode 100644 index 5ff9355e..00000000 --- a/install-files/openstack/usr/share/openstack/postgres.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/postgres.conf" - tasks: - - - name: Create postgres user - user: - name: postgres - comment: PostgreSQL Server - shell: /sbin/nologin - home: /var/lib/pgsql - - - name: Create the postgres directories - file: - path: "{{ item }}" - state: directory - owner: postgres - group: postgres - with_items: - - /var/run/postgresql - - /var/lib/pgsql/data - - - name: Initialise postgres database - command: pg_ctl -D /var/lib/pgsql/data initdb - args: - creates: /var/lib/pgsql/data/base - sudo: yes - sudo_user: postgres - - - name: Add the configuration needed for postgres for Openstack - template: - src: /usr/share/openstack/postgres/{{ item }} - dest: /var/lib/pgsql/data/{{ item }} - owner: postgres - group: postgres - mode: 0600 - with_items: - - postgresql.conf - - pg_hba.conf - - - name: Enable and start postgres services - service: - name: "{{ item }}" - enabled: yes - state: started - with_items: - - postgres-server diff --git a/install-files/openstack/usr/share/openstack/postgres/pg_hba.conf b/install-files/openstack/usr/share/openstack/postgres/pg_hba.conf deleted file mode 100644 index 78186924..00000000 --- a/install-files/openstack/usr/share/openstack/postgres/pg_hba.conf +++ /dev/null @@ -1,5 +0,0 @@ -local all all trust -host all all 127.0.0.0/8 trust -host all all ::1/128 trust -host all all {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}/32 trust -host all all 0.0.0.0/0 md5 diff --git a/install-files/openstack/usr/share/openstack/postgres/postgresql.conf b/install-files/openstack/usr/share/openstack/postgres/postgresql.conf deleted file mode 100644 index 9c8094ea..00000000 --- a/install-files/openstack/usr/share/openstack/postgres/postgresql.conf +++ /dev/null @@ -1,11 +0,0 @@ -listen_addresses = '{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}' -max_connections = 300 -shared_buffers = 128MB -log_timezone = 'UTC' -datestyle = 'iso, mdy' -timezone = 'UTC' -lc_messages = 'C' -lc_monetary = 'C' -lc_numeric = 'C' -lc_time = 'C' -default_text_search_config = 'pg_catalog.english' diff --git a/install-files/openstack/usr/share/openstack/rabbitmq/rabbitmq-env.conf b/install-files/openstack/usr/share/openstack/rabbitmq/rabbitmq-env.conf deleted file mode 100644 index d4c58dae..00000000 --- a/install-files/openstack/usr/share/openstack/rabbitmq/rabbitmq-env.conf +++ /dev/null @@ -1,3 +0,0 @@ -# Configure port node where rabbitmq-server will listen from. -NODE_PORT={{ RABBITMQ_PORT }} -CONFIG_FILE=/etc/rabbitmq/rabbitmq diff --git a/install-files/openstack/usr/share/openstack/rabbitmq/rabbitmq.config b/install-files/openstack/usr/share/openstack/rabbitmq/rabbitmq.config deleted file mode 100644 index 9b93881e..00000000 --- a/install-files/openstack/usr/share/openstack/rabbitmq/rabbitmq.config +++ /dev/null @@ -1,9 +0,0 @@ -%% -*- Rabbit configuration for Openstack in Baserock -[ - {rabbit, - [ - {default_user, <<"{{ RABBITMQ_USER }}">>}, - {default_pass, <<"{{ RABBITMQ_PASSWORD }}">>}, - {tcp_listeners, [{{ RABBITMQ_PORT }}]} - ]} -]. diff --git a/install-files/openstack/usr/share/openstack/swift-controller.yml b/install-files/openstack/usr/share/openstack/swift-controller.yml deleted file mode 100644 index 690de087..00000000 --- a/install-files/openstack/usr/share/openstack/swift-controller.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- hosts: localhost - vars_files: - - swift-controller-vars.yml - vars: - - ring_name_port_map: - account: - port: 6002 - container: - port: 6001 - object: - port: 6000 - remote_user: root - tasks: - - user: - name: swift - comment: Swift user - - - file: - path: /etc/swift - owner: swift - group: swift - state: directory - - - template: - src: /usr/share/swift/etc/swift/proxy-server.j2 - dest: /etc/swift/proxy-server.conf - mode: 0644 - owner: swift - group: swift - - - keystone_user: - user: swift - password: "{{ SWIFT_ADMIN_PASSWORD }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - keystone_user: - role: admin - user: swift - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - keystone_service: - name: swift - type: object-store - description: OpenStack Object Storage - publicurl: http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:8080/v1/AUTH_%(tenant_id)s - internalurl: http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:8080/v1/AUTH_%(tenant_id)s - adminurl: http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:8080 - region: regionOne - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" diff --git a/install-files/openstack/usr/share/swift/etc/rsyncd.j2 b/install-files/openstack/usr/share/swift/etc/rsyncd.j2 deleted file mode 100644 index c0657665..00000000 --- a/install-files/openstack/usr/share/swift/etc/rsyncd.j2 +++ /dev/null @@ -1,23 +0,0 @@ -uid = swift -gid = swift -log file = /var/log/rsyncd.log -pid file = /var/run/rsyncd.pid -address = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -[account] -max connections = 2 -path = /srv/node/ -read only = false -lock file = /var/lock/account.lock - -[container] -max connections = 2 -path = /srv/node/ -read only = false -lock file = /var/lock/container.lock - -[object] -max connections = 2 -path = /srv/node/ -read only = false -lock file = /var/lock/object.lock diff --git a/install-files/openstack/usr/share/swift/etc/swift/proxy-server.j2 b/install-files/openstack/usr/share/swift/etc/swift/proxy-server.j2 deleted file mode 100644 index dda82d5a..00000000 --- a/install-files/openstack/usr/share/swift/etc/swift/proxy-server.j2 +++ /dev/null @@ -1,630 +0,0 @@ -[DEFAULT] -# bind_ip = 0.0.0.0 -bind_port = 8080 -# bind_timeout = 30 -# backlog = 4096 -swift_dir = /etc/swift -user = swift - -# Enables exposing configuration settings via HTTP GET /info. -# expose_info = true - -# Key to use for admin calls that are HMAC signed. Default is empty, -# which will disable admin calls to /info. -# admin_key = secret_admin_key -# -# Allows the ability to withhold sections from showing up in the public calls -# to /info. You can withhold subsections by separating the dict level with a -# ".". The following would cause the sections 'container_quotas' and 'tempurl' -# to not be listed, and the key max_failed_deletes would be removed from -# bulk_delete. Default is empty, allowing all registered fetures to be listed -# via HTTP GET /info. -# disallowed_sections = container_quotas, tempurl, bulk_delete.max_failed_deletes - -# Use an integer to override the number of pre-forked processes that will -# accept connections. Should default to the number of effective cpu -# cores in the system. It's worth noting that individual workers will -# use many eventlet co-routines to service multiple concurrent requests. -# workers = auto -# -# Maximum concurrent requests per worker -# max_clients = 1024 -# -# Set the following two lines to enable SSL. This is for testing only. -# cert_file = /etc/swift/proxy.crt -# key_file = /etc/swift/proxy.key -# -# expiring_objects_container_divisor = 86400 -# expiring_objects_account_name = expiring_objects -# -# You can specify default log routing here if you want: -# log_name = swift -# log_facility = LOG_LOCAL0 -# log_level = INFO -# log_headers = false -# log_address = /dev/log -# The following caps the length of log lines to the value given; no limit if -# set to 0, the default. -# log_max_line_length = 0 -# -# This optional suffix (default is empty) that would be appended to the swift transaction -# id allows one to easily figure out from which cluster that X-Trans-Id belongs to. -# This is very useful when one is managing more than one swift cluster. -# trans_id_suffix = -# -# comma separated list of functions to call to setup custom log handlers. -# functions get passed: conf, name, log_to_console, log_route, fmt, logger, -# adapted_logger -# log_custom_handlers = -# -# If set, log_udp_host will override log_address -# log_udp_host = -# log_udp_port = 514 -# -# You can enable StatsD logging here: -# log_statsd_host = localhost -# log_statsd_port = 8125 -# log_statsd_default_sample_rate = 1.0 -# log_statsd_sample_rate_factor = 1.0 -# log_statsd_metric_prefix = -# -# Use a comma separated list of full url (http://foo.bar:1234,https://foo.bar) -# cors_allow_origin = -# strict_cors_mode = True -# -# client_timeout = 60 -# eventlet_debug = false - -[pipeline:main] -#pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit tempauth container-quotas account-quotas slo dlo proxy-logging proxy-server -pipeline = authtoken cache healthcheck keystoneauth proxy-logging proxy-server - -[app:proxy-server] -use = egg:swift#proxy -# You can override the default log routing for this app here: -# set log_name = proxy-server -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_address = /dev/log -# -# log_handoffs = true -# recheck_account_existence = 60 -# recheck_container_existence = 60 -# object_chunk_size = 65536 -# client_chunk_size = 65536 -# -# How long the proxy server will wait on responses from the a/c/o servers. -# node_timeout = 10 -# -# How long the proxy server will wait for an initial response and to read a -# chunk of data from the object servers while serving GET / HEAD requests. -# Timeouts from these requests can be recovered from so setting this to -# something lower than node_timeout would provide quicker error recovery -# while allowing for a longer timeout for non-recoverable requests (PUTs). -# Defaults to node_timeout, should be overriden if node_timeout is set to a -# high number to prevent client timeouts from firing before the proxy server -# has a chance to retry. -# recoverable_node_timeout = node_timeout -# -# conn_timeout = 0.5 -# -# How long to wait for requests to finish after a quorum has been established. -# post_quorum_timeout = 0.5 -# -# How long without an error before a node's error count is reset. This will -# also be how long before a node is reenabled after suppression is triggered. -# error_suppression_interval = 60 -# -# How many errors can accumulate before a node is temporarily ignored. -# error_suppression_limit = 10 -# -# If set to 'true' any authorized user may create and delete accounts; if -# 'false' no one, even authorized, can. -allow_account_management = true -# -# Set object_post_as_copy = false to turn on fast posts where only the metadata -# changes are stored anew and the original data file is kept in place. This -# makes for quicker posts; but since the container metadata isn't updated in -# this mode, features like container sync won't be able to sync posts. -# object_post_as_copy = true -# -# If set to 'true' authorized accounts that do not yet exist within the Swift -# cluster will be automatically created. -account_autocreate = true -# -# If set to a positive value, trying to create a container when the account -# already has at least this maximum containers will result in a 403 Forbidden. -# Note: This is a soft limit, meaning a user might exceed the cap for -# recheck_account_existence before the 403s kick in. -# max_containers_per_account = 0 -# -# This is a comma separated list of account hashes that ignore the -# max_containers_per_account cap. -# max_containers_whitelist = -# -# Comma separated list of Host headers to which the proxy will deny requests. -# deny_host_headers = -# -# Prefix used when automatically creating accounts. -# auto_create_account_prefix = . -# -# Depth of the proxy put queue. -# put_queue_depth = 10 -# -# Storage nodes can be chosen at random (shuffle), by using timing -# measurements (timing), or by using an explicit match (affinity). -# Using timing measurements may allow for lower overall latency, while -# using affinity allows for finer control. In both the timing and -# affinity cases, equally-sorting nodes are still randomly chosen to -# spread load. -# The valid values for sorting_method are "affinity", "shuffle", and "timing". -# sorting_method = shuffle -# -# If the "timing" sorting_method is used, the timings will only be valid for -# the number of seconds configured by timing_expiry. -# timing_expiry = 300 -# -# The maximum time (seconds) that a large object connection is allowed to last. -# max_large_object_get_time = 86400 -# -# Set to the number of nodes to contact for a normal request. You can use -# '* replicas' at the end to have it use the number given times the number of -# replicas for the ring being used for the request. -# request_node_count = 2 * replicas -# -# Which backend servers to prefer on reads. Format is r<N> for region -# N or r<N>z<M> for region N, zone M. The value after the equals is -# the priority; lower numbers are higher priority. -# -# Example: first read from region 1 zone 1, then region 1 zone 2, then -# anything in region 2, then everything else: -# read_affinity = r1z1=100, r1z2=200, r2=300 -# Default is empty, meaning no preference. -# read_affinity = -# -# Which backend servers to prefer on writes. Format is r<N> for region -# N or r<N>z<M> for region N, zone M. If this is set, then when -# handling an object PUT request, some number (see setting -# write_affinity_node_count) of local backend servers will be tried -# before any nonlocal ones. -# -# Example: try to write to regions 1 and 2 before writing to any other -# nodes: -# write_affinity = r1, r2 -# Default is empty, meaning no preference. -# write_affinity = -# -# The number of local (as governed by the write_affinity setting) -# nodes to attempt to contact first, before any non-local ones. You -# can use '* replicas' at the end to have it use the number given -# times the number of replicas for the ring being used for the -# request. -# write_affinity_node_count = 2 * replicas -# -# These are the headers whose values will only be shown to swift_owners. The -# exact definition of a swift_owner is up to the auth system in use, but -# usually indicates administrative responsibilities. -# swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-account-access-control - -[filter:tempauth] -use = egg:swift#tempauth -# You can override the default log routing for this filter here: -# set log_name = tempauth -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# The reseller prefix will verify a token begins with this prefix before even -# attempting to validate it. Also, with authorization, only Swift storage -# accounts with this prefix will be authorized by this middleware. Useful if -# multiple auth systems are in use for one Swift cluster. -# reseller_prefix = AUTH -# -# The auth prefix will cause requests beginning with this prefix to be routed -# to the auth subsystem, for granting tokens, etc. -# auth_prefix = /auth/ -# token_life = 86400 -# -# This allows middleware higher in the WSGI pipeline to override auth -# processing, useful for middleware such as tempurl and formpost. If you know -# you're not going to use such middleware and you want a bit of extra security, -# you can set this to false. -# allow_overrides = true -# -# This specifies what scheme to return with storage urls: -# http, https, or default (chooses based on what the server is running as) -# This can be useful with an SSL load balancer in front of a non-SSL server. -# storage_url_scheme = default -# -# Lastly, you need to list all the accounts/users you want here. The format is: -# user_<account>_<user> = <key> [group] [group] [...] [storage_url] -# or if you want underscores in <account> or <user>, you can base64 encode them -# (with no equal signs) and use this format: -# user64_<account_b64>_<user_b64> = <key> [group] [group] [...] [storage_url] -# There are special groups of: -# .reseller_admin = can do anything to any account for this auth -# .admin = can do anything within the account -# If neither of these groups are specified, the user can only access containers -# that have been explicitly allowed for them by a .admin or .reseller_admin. -# The trailing optional storage_url allows you to specify an alternate url to -# hand back to the user upon authentication. If not specified, this defaults to -# $HOST/v1/<reseller_prefix>_<account> where $HOST will do its best to resolve -# to what the requester would need to use to reach this host. -# Here are example entries, required for running the tests: -user_admin_admin = admin .admin .reseller_admin -user_test_tester = testing .admin -user_test2_tester2 = testing2 .admin -user_test_tester3 = testing3 - -# To enable Keystone authentication you need to have the auth token -# middleware first to be configured. Here is an example below, please -# refer to the keystone's documentation for details about the -# different settings. -# -# You'll need to have as well the keystoneauth middleware enabled -# and have it in your main pipeline so instead of having tempauth in -# there you can change it to: authtoken keystoneauth -# -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory -# auth_host = keystonehost -# auth_port = 35357 -# auth_protocol = http -# auth_uri = http://keystonehost:5000/ -#auth_uri = http://controller:5000/v2.0 -auth_uri = http://127.0.0.1:5000/v2.0 -identity_uri = http://127.0.0.1:35357 -admin_tenant_name = service -admin_user = swift -admin_password = {{ SWIFT_ADMIN_PASSWORD }} -delay_auth_decision = 1 -# cache = swift.cache -# include_service_catalog = False -# -[filter:keystoneauth] -use = egg:swift#keystoneauth -# Operator roles is the role which user would be allowed to manage a -# tenant and be able to create container or give ACL to others. -# operator_roles = admin, swiftoperator -operator_roles = admin, _member_ -# The reseller admin role has the ability to create and delete accounts -# reseller_admin_role = ResellerAdmin -# For backwards compatibility, keystoneauth will match names in cross-tenant -# access control lists (ACLs) when both the requesting user and the tenant -# are in the default domain i.e the domain to which existing tenants are -# migrated. The default_domain_id value configured here should be the same as -# the value used during migration of tenants to keystone domains. -# default_domain_id = default -# For a new installation, or an installation in which keystone projects may -# move between domains, you should disable backwards compatible name matching -# in ACLs by setting allow_names_in_acls to false: -# allow_names_in_acls = true - -[filter:healthcheck] -use = egg:swift#healthcheck -# An optional filesystem path, which if present, will cause the healthcheck -# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE". -# This facility may be used to temporarily remove a Swift node from a load -# balancer pool during maintenance or upgrade (remove the file to allow the -# node back into the load balancer pool). -# disable_path = - -[filter:cache] -use = egg:swift#memcache -# You can override the default log routing for this filter here: -# set log_name = cache -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# If not set here, the value for memcache_servers will be read from -# memcache.conf (see memcache.conf-sample) or lacking that file, it will -# default to the value below. You can specify multiple servers separated with -# commas, as in: 10.1.2.3:11211,10.1.2.4:11211 -memcache_servers = 127.0.0.1:11211 -# -# Sets how memcache values are serialized and deserialized: -# 0 = older, insecure pickle serialization -# 1 = json serialization but pickles can still be read (still insecure) -# 2 = json serialization only (secure and the default) -# If not set here, the value for memcache_serialization_support will be read -# from /etc/swift/memcache.conf (see memcache.conf-sample). -# To avoid an instant full cache flush, existing installations should -# upgrade with 0, then set to 1 and reload, then after some time (24 hours) -# set to 2 and reload. -# In the future, the ability to use pickle serialization will be removed. -# memcache_serialization_support = 2 -# -# Sets the maximum number of connections to each memcached server per worker -# memcache_max_connections = 2 - -[filter:ratelimit] -use = egg:swift#ratelimit -# You can override the default log routing for this filter here: -# set log_name = ratelimit -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# clock_accuracy should represent how accurate the proxy servers' system clocks -# are with each other. 1000 means that all the proxies' clock are accurate to -# each other within 1 millisecond. No ratelimit should be higher than the -# clock accuracy. -# clock_accuracy = 1000 -# -# max_sleep_time_seconds = 60 -# -# log_sleep_time_seconds of 0 means disabled -# log_sleep_time_seconds = 0 -# -# allows for slow rates (e.g. running up to 5 sec's behind) to catch up. -# rate_buffer_seconds = 5 -# -# account_ratelimit of 0 means disabled -# account_ratelimit = 0 - -# these are comma separated lists of account names -# account_whitelist = a,b -# account_blacklist = c,d - -# with container_limit_x = r -# for containers of size x limit write requests per second to r. The container -# rate will be linearly interpolated from the values given. With the values -# below, a container of size 5 will get a rate of 75. -# container_ratelimit_0 = 100 -# container_ratelimit_10 = 50 -# container_ratelimit_50 = 20 - -# Similarly to the above container-level write limits, the following will limit -# container GET (listing) requests. -# container_listing_ratelimit_0 = 100 -# container_listing_ratelimit_10 = 50 -# container_listing_ratelimit_50 = 20 - -[filter:domain_remap] -use = egg:swift#domain_remap -# You can override the default log routing for this filter here: -# set log_name = domain_remap -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# storage_domain = example.com -# path_root = v1 -# reseller_prefixes = AUTH - -[filter:catch_errors] -use = egg:swift#catch_errors -# You can override the default log routing for this filter here: -# set log_name = catch_errors -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log - -[filter:cname_lookup] -# Note: this middleware requires python-dnspython -use = egg:swift#cname_lookup -# You can override the default log routing for this filter here: -# set log_name = cname_lookup -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# Specify the storage_domain that match your cloud, multiple domains -# can be specified separated by a comma -# storage_domain = example.com -# -# lookup_depth = 1 - -# Note: Put staticweb just after your auth filter(s) in the pipeline -[filter:staticweb] -use = egg:swift#staticweb - -# Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline -[filter:tempurl] -use = egg:swift#tempurl -# The methods allowed with Temp URLs. -# methods = GET HEAD PUT POST DELETE -# -# The headers to remove from incoming requests. Simply a whitespace delimited -# list of header names and names can optionally end with '*' to indicate a -# prefix match. incoming_allow_headers is a list of exceptions to these -# removals. -# incoming_remove_headers = x-timestamp -# -# The headers allowed as exceptions to incoming_remove_headers. Simply a -# whitespace delimited list of header names and names can optionally end with -# '*' to indicate a prefix match. -# incoming_allow_headers = -# -# The headers to remove from outgoing responses. Simply a whitespace delimited -# list of header names and names can optionally end with '*' to indicate a -# prefix match. outgoing_allow_headers is a list of exceptions to these -# removals. -# outgoing_remove_headers = x-object-meta-* -# -# The headers allowed as exceptions to outgoing_remove_headers. Simply a -# whitespace delimited list of header names and names can optionally end with -# '*' to indicate a prefix match. -# outgoing_allow_headers = x-object-meta-public-* - -# Note: Put formpost just before your auth filter(s) in the pipeline -[filter:formpost] -use = egg:swift#formpost - -# Note: Just needs to be placed before the proxy-server in the pipeline. -[filter:name_check] -use = egg:swift#name_check -# forbidden_chars = '"`<> -# maximum_length = 255 -# forbidden_regexp = /\./|/\.\./|/\.$|/\.\.$ - -[filter:list-endpoints] -use = egg:swift#list_endpoints -# list_endpoints_path = /endpoints/ - -[filter:proxy-logging] -use = egg:swift#proxy_logging -# If not set, logging directives from [DEFAULT] without "access_" will be used -# access_log_name = swift -# access_log_facility = LOG_LOCAL0 -# access_log_level = INFO -# access_log_address = /dev/log -# -# If set, access_log_udp_host will override access_log_address -# access_log_udp_host = -# access_log_udp_port = 514 -# -# You can use log_statsd_* from [DEFAULT] or override them here: -# access_log_statsd_host = localhost -# access_log_statsd_port = 8125 -# access_log_statsd_default_sample_rate = 1.0 -# access_log_statsd_sample_rate_factor = 1.0 -# access_log_statsd_metric_prefix = -# access_log_headers = false -# -# If access_log_headers is True and access_log_headers_only is set only -# these headers are logged. Multiple headers can be defined as comma separated -# list like this: access_log_headers_only = Host, X-Object-Meta-Mtime -# access_log_headers_only = -# -# By default, the X-Auth-Token is logged. To obscure the value, -# set reveal_sensitive_prefix to the number of characters to log. -# For example, if set to 12, only the first 12 characters of the -# token appear in the log. An unauthorized access of the log file -# won't allow unauthorized usage of the token. However, the first -# 12 or so characters is unique enough that you can trace/debug -# token usage. Set to 0 to suppress the token completely (replaced -# by '...' in the log). -# Note: reveal_sensitive_prefix will not affect the value -# logged with access_log_headers=True. -# reveal_sensitive_prefix = 16 -# -# What HTTP methods are allowed for StatsD logging (comma-sep); request methods -# not in this list will have "BAD_METHOD" for the <verb> portion of the metric. -# log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS -# -# Note: The double proxy-logging in the pipeline is not a mistake. The -# left-most proxy-logging is there to log requests that were handled in -# middleware and never made it through to the right-most middleware (and -# proxy server). Double logging is prevented for normal requests. See -# proxy-logging docs. - -# Note: Put before both ratelimit and auth in the pipeline. -[filter:bulk] -use = egg:swift#bulk -# max_containers_per_extraction = 10000 -# max_failed_extractions = 1000 -# max_deletes_per_request = 10000 -# max_failed_deletes = 1000 - -# In order to keep a connection active during a potentially long bulk request, -# Swift may return whitespace prepended to the actual response body. This -# whitespace will be yielded no more than every yield_frequency seconds. -# yield_frequency = 10 - -# Note: The following parameter is used during a bulk delete of objects and -# their container. This would frequently fail because it is very likely -# that all replicated objects have not been deleted by the time the middleware got a -# successful response. It can be configured the number of retries. And the -# number of seconds to wait between each retry will be 1.5**retry - -# delete_container_retry_count = 0 - -# Note: Put after auth in the pipeline. -[filter:container-quotas] -use = egg:swift#container_quotas - -# Note: Put after auth and staticweb in the pipeline. -[filter:slo] -use = egg:swift#slo -# max_manifest_segments = 1000 -# max_manifest_size = 2097152 -# min_segment_size = 1048576 -# Start rate-limiting SLO segment serving after the Nth segment of a -# segmented object. -# rate_limit_after_segment = 10 -# -# Once segment rate-limiting kicks in for an object, limit segments served -# to N per second. 0 means no rate-limiting. -# rate_limit_segments_per_sec = 0 -# -# Time limit on GET requests (seconds) -# max_get_time = 86400 - -# Note: Put after auth and staticweb in the pipeline. -# If you don't put it in the pipeline, it will be inserted for you. -[filter:dlo] -use = egg:swift#dlo -# Start rate-limiting DLO segment serving after the Nth segment of a -# segmented object. -# rate_limit_after_segment = 10 -# -# Once segment rate-limiting kicks in for an object, limit segments served -# to N per second. 0 means no rate-limiting. -# rate_limit_segments_per_sec = 1 -# -# Time limit on GET requests (seconds) -# max_get_time = 86400 - -[filter:account-quotas] -use = egg:swift#account_quotas - -[filter:gatekeeper] -use = egg:swift#gatekeeper -# You can override the default log routing for this filter here: -# set log_name = gatekeeper -# set log_facility = LOG_LOCAL0 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log - -[filter:container_sync] -use = egg:swift#container_sync -# Set this to false if you want to disallow any full url values to be set for -# any new X-Container-Sync-To headers. This will keep any new full urls from -# coming in, but won't change any existing values already in the cluster. -# Updating those will have to be done manually, as knowing what the true realm -# endpoint should be cannot always be guessed. -# allow_full_urls = true -# Set this to specify this clusters //realm/cluster as "current" in /info -# current = //REALM/CLUSTER - -# Note: Put it at the beginning of the pipleline to profile all middleware. But -# it is safer to put this after catch_errors, gatekeeper and healthcheck. -[filter:xprofile] -use = egg:swift#xprofile -# This option enable you to switch profilers which should inherit from python -# standard profiler. Currently the supported value can be 'cProfile', -# 'eventlet.green.profile' etc. -# profile_module = eventlet.green.profile -# -# This prefix will be used to combine process ID and timestamp to name the -# profile data file. Make sure the executing user has permission to write -# into this path (missing path segments will be created, if necessary). -# If you enable profiling in more than one type of daemon, you must override -# it with an unique value like: /var/log/swift/profile/proxy.profile -# log_filename_prefix = /tmp/log/swift/profile/default.profile -# -# the profile data will be dumped to local disk based on above naming rule -# in this interval. -# dump_interval = 5.0 -# -# Be careful, this option will enable profiler to dump data into the file with -# time stamp which means there will be lots of files piled up in the directory. -# dump_timestamp = false -# -# This is the path of the URL to access the mini web UI. -# path = /__profile__ -# -# Clear the data when the wsgi server shutdown. -# flush_at_shutdown = false -# -# unwind the iterator of applications -# unwind = false |