· 7 years ago · Nov 15, 2018, 05:52 PM
1[DEFAULT]
2
3#
4# From magnum.conf
5#
6
7# Directory where the magnum python module is installed. (string value)
8#pybasedir = /var/lib/magnum/magnum/magnum
9
10# Directory where magnum binaries are installed. (string value)
11#bindir = $pybasedir/bin
12
13# Top-level directory for maintaining magnum's state. (string value)
14#state_path = $pybasedir
15
16# Enable periodic tasks. (boolean value)
17#periodic_enable = true
18
19# Max interval size between periodic tasks execution in seconds. (integer
20# value)
21#periodic_interval_max = 60
22
23# Name of this node. This can be an opaque identifier. It is not necessarily a
24# hostname, FQDN, or IP address. However, the node name must be valid within an
25# AMQP key, and if using ZeroMQ, a valid hostname, FQDN, or IP address. (host
26# address value)
27#host = <None>
28host = controller
29
30# Path to the rootwrap configuration file to use for running commands as root.
31# (string value)
32#rootwrap_config = /etc/magnum/rootwrap.conf
33
34# Explicitly specify the temporary working directory. (string value)
35#tempdir = <None>
36
37# Symbols to use for passwords (list value)
38#password_symbols = 23456789,ABCDEFGHJKLMNPQRSTUVWXYZ,abcdefghijkmnopqrstuvwxyz
39
40# Max interval size between periodic tasks execution in seconds. (integer
41# value)
42#service_down_time = 180
43
44# Maximum raw byte size of any manifest. (integer value)
45#max_manifest_size = 524288
46
47#
48# From oslo.log
49#
50
51# If set to true, the logging level will be set to DEBUG instead of the default
52# INFO level. (boolean value)
53# Note: This option can be changed without restarting.
54#debug = false
55
56# The name of a logging configuration file. This file is appended to any
57# existing logging configuration files. For details about logging configuration
58# files, see the Python logging module documentation. Note that when logging
59# configuration files are used then all logging configuration is set in the
60# configuration file and other logging configuration options are ignored (for
61# example, logging_context_format_string). (string value)
62# Note: This option can be changed without restarting.
63# Deprecated group/name - [DEFAULT]/log_config
64#log_config_append = <None>
65
66# Defines the format string for %%(asctime)s in log records. Default:
67# %(default)s . This option is ignored if log_config_append is set. (string
68# value)
69#log_date_format = %Y-%m-%d %H:%M:%S
70
71# (Optional) Name of log file to send logging output to. If no default is set,
72# logging will go to stderr as defined by use_stderr. This option is ignored if
73# log_config_append is set. (string value)
74# Deprecated group/name - [DEFAULT]/logfile
75#log_file = <None>
76
77# (Optional) The base directory used for relative log_file paths. This option
78# is ignored if log_config_append is set. (string value)
79# Deprecated group/name - [DEFAULT]/logdir
80#log_dir = <None>
81
82# Uses logging handler designed to watch file system. When log file is moved or
83# removed this handler will open a new log file with specified path
84# instantaneously. It makes sense only if log_file option is specified and
85# Linux platform is used. This option is ignored if log_config_append is set.
86# (boolean value)
87#watch_log_file = false
88
89# Use syslog for logging. Existing syslog format is DEPRECATED and will be
90# changed later to honor RFC5424. This option is ignored if log_config_append
91# is set. (boolean value)
92#use_syslog = false
93
94# Enable journald for logging. If running in a systemd environment you may wish
95# to enable journal support. Doing so will use the journal native protocol
96# which includes structured metadata in addition to log messages.This option is
97# ignored if log_config_append is set. (boolean value)
98#use_journal = false
99
100# Syslog facility to receive log lines. This option is ignored if
101# log_config_append is set. (string value)
102#syslog_log_facility = LOG_USER
103
104# Use JSON formatting for logging. This option is ignored if log_config_append
105# is set. (boolean value)
106#use_json = false
107
108# Log output to standard error. This option is ignored if log_config_append is
109# set. (boolean value)
110#use_stderr = false
111
112# Format string to use for log messages with context. (string value)
113#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
114
115# Format string to use for log messages when context is undefined. (string
116# value)
117#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
118
119# Additional data to append to log message when logging level for the message
120# is DEBUG. (string value)
121#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
122
123# Prefix each line of exception output with this format. (string value)
124#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
125
126# Defines the format string for %(user_identity)s that is used in
127# logging_context_format_string. (string value)
128#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
129
130# List of package logging levels in logger=LEVEL pairs. This option is ignored
131# if log_config_append is set. (list value)
132#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
133
134# Enables or disables publication of error events. (boolean value)
135#publish_errors = false
136
137# The format for an instance that is passed with the log message. (string
138# value)
139#instance_format = "[instance: %(uuid)s] "
140
141# The format for an instance UUID that is passed with the log message. (string
142# value)
143#instance_uuid_format = "[instance: %(uuid)s] "
144
145# Interval, number of seconds, of log rate limiting. (integer value)
146#rate_limit_interval = 0
147
148# Maximum number of logged messages per rate_limit_interval. (integer value)
149#rate_limit_burst = 0
150
151# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
152# or empty string. Logs with level greater or equal to rate_limit_except_level
153# are not filtered. An empty string means that all levels are filtered. (string
154# value)
155#rate_limit_except_level = CRITICAL
156
157# Enables or disables fatal status of deprecations. (boolean value)
158#fatal_deprecations = false
159
160#
161# From oslo.messaging
162#
163
164# Size of RPC connection pool. (integer value)
165#rpc_conn_pool_size = 30
166
167# The pool size limit for connections expiration policy (integer value)
168#conn_pool_min_size = 2
169
170# The time-to-live in sec of idle connections in the pool (integer value)
171#conn_pool_ttl = 1200
172
173# Size of executor thread pool when executor is threading or eventlet. (integer
174# value)
175# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
176#executor_thread_pool_size = 64
177
178# Seconds to wait for a response from a call. (integer value)
179#rpc_response_timeout = 60
180
181# The network address and optional user credentials for connecting to the
182# messaging backend, in URL format. The expected format is:
183#
184# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
185#
186# Example: rabbit://rabbitmq:password@127.0.0.1:5672//
187#
188# For full details on the fields in the URL see the documentation of
189# oslo_messaging.TransportURL at
190# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
191# (string value)
192#transport_url = rabbit://
193transport_url = rabbit://openstack:password@controller
194
195# The default exchange under which topics are scoped. May be overridden by an
196# exchange name specified in the transport_url option. (string value)
197#control_exchange = openstack
198
199#
200# From oslo.service.periodic_task
201#
202
203# Some periodic tasks can be run in a separate process. Should we run them
204# here? (boolean value)
205#run_external_periodic_tasks = true
206
207#
208# From oslo.service.service
209#
210
211# Enable eventlet backdoor. Acceptable values are 0, <port>, and
212# <start>:<end>, where 0 results in listening on a random tcp port number;
213# <port> results in listening on the specified port number (and not enabling
214# backdoor if that port is in use); and <start>:<end> results in listening on
215# the smallest unused port number within the specified range of port numbers.
216# The chosen port is displayed in the service's log file. (string value)
217#backdoor_port = <None>
218
219# Enable eventlet backdoor, using the provided path as a unix socket that can
220# receive connections. This option is mutually exclusive with 'backdoor_port'
221# in that only one should be provided. If both are provided then the existence
222# of this option overrides the usage of that option. (string value)
223#backdoor_socket = <None>
224
225# Enables or disables logging values of all registered options when starting a
226# service (at DEBUG level). (boolean value)
227#log_options = true
228
229# Specify a timeout after which a gracefully shutdown server will exit. Zero
230# value means endless wait. (integer value)
231#graceful_shutdown_timeout = 60
232
233
234[api]
235host = 192.168.1.20
236
237#
238# From magnum.conf
239#
240
241# The port for the Magnum API server. (port value)
242# Minimum value: 0
243# Maximum value: 65535
244#port = 9511
245
246# The listen IP for the Magnum API server. (IP address value)
247#host = 127.0.0.1
248
249# The maximum number of items returned in a single response from a collection
250# resource. (integer value)
251#max_limit = 1000
252
253# Configuration file for WSGI definition of API. (string value)
254#api_paste_config = api-paste.ini
255
256# This option allows setting path to the SSL certificate of API server.
257# (string value)
258#ssl_cert_file = <None>
259
260# This option specifies the path to the file where SSL private key of API
261# server is stored when SSL is in effect. (string value)
262#ssl_key_file = <None>
263
264# Enable SSL Magnum API service (boolean value)
265#enabled_ssl = false
266
267# The maximum number of magnum-api processes to fork and run. Default to number
268# of CPUs on the host. (integer value)
269#workers = <None>
270
271
272[barbican_client]
273
274#
275# From magnum.conf
276#
277
278# Region in Identity service catalog to use for communication with the
279# OpenStack service. (string value)
280#region_name = <None>
281
282# Type of endpoint in Identity service catalog to use for communication with
283# the OpenStack service. (string value)
284#endpoint_type = publicURL
285
286
287[certificates]
288cert_manager_type = local
289storage_path = /var/lib/magnum/certificates/
290#
291# From magnum.conf
292#
293
294# Certificate Manager plugin. Defaults to barbican. (string value)
295#cert_manager_type = barbican
296
297# Absolute path of the certificate storage directory. Defaults to
298# /var/lib/magnum/certificates/. (string value)
299#storage_path = /var/lib/magnum/certificates/
300
301
302[cinder]
303
304#
305# From magnum.conf
306#
307
308# The default docker volume_type to use for volumes used for docker storage. To
309# use the cinder volumes for docker storage, you need to select a default
310# value. (string value)
311#default_docker_volume_type =
312
313
314[cinder_client]
315region_name = RegionOne
316
317#
318# From magnum.conf
319#
320
321# Region in Identity service catalog to use for communication with the
322# OpenStack service. (string value)
323#region_name = <None>
324
325
326[cluster]
327
328#
329# From magnum.conf
330#
331
332# Url for etcd public discovery endpoint. (string value)
333#etcd_discovery_service_endpoint_format = https://discovery.etcd.io/new?size=%(size)d
334
335# DEPRECATED: Enabled cluster definition entry points. (list value)
336# This option is deprecated for removal.
337# Its value may be silently ignored in the future.
338# Reason: This configuration option is no longer used. Installing a new driver
339# enables it for use automatically.
340#enabled_definitions = magnum_vm_atomic_k8s,magnum_bm_fedora_k8s,magnum_vm_coreos_k8s,magnum_vm_atomic_swarm,magnum_vm_ubuntu_mesos
341
342# Affinity policy for server group of cluster nodes.Possible values include
343# "affinity", "anti-affinity","soft-affinity" and "soft-anti-affinity". (string
344# value)
345#nodes_affinity_policy = soft-anti-affinity
346
347# Explicitly specify the temporary directory to hold cached TLS certs. (string
348# value)
349#temp_cache_dir = /var/lib/magnum/certificate-cache
350
351
352[cluster_heat]
353
354#
355# From magnum.conf
356#
357
358# Number of attempts to query the Heat stack for finding out the status of the
359# created stack and getting template outputs. This value is ignored during
360# cluster creation if timeout is set as the poll will continue until cluster
361# creation either ends or times out. (integer value)
362#max_attempts = 2000
363
364# Sleep time interval between two attempts of querying the Heat stack. This
365# interval is in seconds. (integer value)
366#wait_interval = 1
367
368# The length of time to let cluster creation continue. This interval is in
369# minutes. The default is 60 minutes. (integer value)
370# Deprecated group/name - [bay_heat]/bay_create_timeout
371#create_timeout = 60
372
373
374[cluster_template]
375
376#
377# From magnum.conf
378#
379
380# Allowed network drivers for kubernetes cluster-templates. Use 'all' keyword
381# to allow all drivers supported for kubernetes cluster-templates. Supported
382# network drivers include flannel. (list value)
383#kubernetes_allowed_network_drivers = all
384
385# Default network driver for kubernetes cluster-templates. (string value)
386#kubernetes_default_network_driver = flannel
387
388# Allowed network drivers for docker swarm cluster-templates. Use 'all' keyword
389# to allow all drivers supported for swarm cluster-templates. Supported network
390# drivers include docker and flannel. (list value)
391#swarm_allowed_network_drivers = all
392
393# Default network driver for docker swarm cluster-templates. (string value)
394#swarm_default_network_driver = docker
395
396# Allowed network drivers for mesos cluster-templates. Use 'all' keyword to
397# allow all drivers supported for mesos cluster-templates. Supported network
398# drivers include docker. (list value)
399#mesos_allowed_network_drivers = all
400
401# Default network driver for mesos cluster-templates. (string value)
402#mesos_default_network_driver = docker
403
404
405[conductor]
406
407#
408# From magnum.conf
409#
410
411# The queue to add conductor tasks to. (string value)
412#topic = magnum-conductor
413
414# RPC timeout for the conductor liveness check that is used for cluster
415# locking. (integer value)
416#conductor_life_check_timeout = 4
417
418# Number of magnum-conductor processes to fork and run. Default to number of
419# CPUs on the host. (integer value)
420#workers = <None>
421
422
423[cors]
424
425#
426# From oslo.middleware.cors
427#
428
429# Indicate whether this resource may be shared with the domain received in the
430# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
431# slash. Example: https://horizon.example.com (list value)
432#allowed_origin = <None>
433
434# Indicate that the actual request can include user credentials (boolean value)
435#allow_credentials = true
436
437# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
438# Headers. (list value)
439#expose_headers =
440
441# Maximum cache age of CORS preflight requests. (integer value)
442#max_age = 3600
443
444# Indicate which methods can be used during the actual request. (list value)
445#allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH
446
447# Indicate which header field names may be used during the actual request.
448# (list value)
449#allow_headers =
450
451
452[database]
453connection = mysql+pymysql://magnum:password@192.168.1.20/magnum
454#
455# From magnum.conf
456#
457
458# MySQL engine to use. (string value)
459#mysql_engine = InnoDB
460
461#
462# From oslo.db
463#
464
465# If True, SQLite uses synchronous mode. (boolean value)
466#sqlite_synchronous = true
467
468# The back end to use for the database. (string value)
469# Deprecated group/name - [DEFAULT]/db_backend
470#backend = sqlalchemy
471
472# The SQLAlchemy connection string to use to connect to the database. (string
473# value)
474# Deprecated group/name - [DEFAULT]/sql_connection
475# Deprecated group/name - [DATABASE]/sql_connection
476# Deprecated group/name - [sql]/connection
477#connection = <None>
478
479# The SQLAlchemy connection string to use to connect to the slave database.
480# (string value)
481#slave_connection = <None>
482
483# The SQL mode to be used for MySQL sessions. This option, including the
484# default, overrides any server-set SQL mode. To use whatever SQL mode is set
485# by the server configuration, set this to no value. Example: mysql_sql_mode=
486# (string value)
487#mysql_sql_mode = TRADITIONAL
488
489# If True, transparently enables support for handling MySQL Cluster (NDB).
490# (boolean value)
491#mysql_enable_ndb = false
492
493# Connections which have been present in the connection pool longer than this
494# number of seconds will be replaced with a new one the next time they are
495# checked out from the pool. (integer value)
496# Deprecated group/name - [DATABASE]/idle_timeout
497# Deprecated group/name - [database]/idle_timeout
498# Deprecated group/name - [DEFAULT]/sql_idle_timeout
499# Deprecated group/name - [DATABASE]/sql_idle_timeout
500# Deprecated group/name - [sql]/idle_timeout
501#connection_recycle_time = 3600
502
503# DEPRECATED: Minimum number of SQL connections to keep open in a pool.
504# (integer value)
505# Deprecated group/name - [DEFAULT]/sql_min_pool_size
506# Deprecated group/name - [DATABASE]/sql_min_pool_size
507# This option is deprecated for removal.
508# Its value may be silently ignored in the future.
509# Reason: The option to set the minimum pool size is not supported by
510# sqlalchemy.
511#min_pool_size = 1
512
513# Maximum number of SQL connections to keep open in a pool. Setting a value of
514# 0 indicates no limit. (integer value)
515# Deprecated group/name - [DEFAULT]/sql_max_pool_size
516# Deprecated group/name - [DATABASE]/sql_max_pool_size
517#max_pool_size = 5
518
519# Maximum number of database connection retries during startup. Set to -1 to
520# specify an infinite retry count. (integer value)
521# Deprecated group/name - [DEFAULT]/sql_max_retries
522# Deprecated group/name - [DATABASE]/sql_max_retries
523#max_retries = 10
524
525# Interval between retries of opening a SQL connection. (integer value)
526# Deprecated group/name - [DEFAULT]/sql_retry_interval
527# Deprecated group/name - [DATABASE]/reconnect_interval
528#retry_interval = 10
529
530# If set, use this value for max_overflow with SQLAlchemy. (integer value)
531# Deprecated group/name - [DEFAULT]/sql_max_overflow
532# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
533#max_overflow = 50
534
535# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
536# value)
537# Minimum value: 0
538# Maximum value: 100
539# Deprecated group/name - [DEFAULT]/sql_connection_debug
540#connection_debug = 0
541
542# Add Python stack traces to SQL as comment strings. (boolean value)
543# Deprecated group/name - [DEFAULT]/sql_connection_trace
544#connection_trace = false
545
546# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
547# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
548#pool_timeout = <None>
549
550# Enable the experimental use of database reconnect on connection lost.
551# (boolean value)
552#use_db_reconnect = false
553
554# Seconds between retries of a database transaction. (integer value)
555#db_retry_interval = 1
556
557# If True, increases the interval between retries of a database operation up to
558# db_max_retry_interval. (boolean value)
559#db_inc_retry_interval = true
560
561# If db_inc_retry_interval is set, the maximum seconds between retries of a
562# database operation. (integer value)
563#db_max_retry_interval = 10
564
565# Maximum retries in case of connection error or deadlock error before error is
566# raised. Set to -1 to specify an infinite retry count. (integer value)
567#db_max_retries = 20
568
569# Optional URL parameters to append onto the connection URL at connect time;
570# specify as param1=value1¶m2=value2&... (string value)
571#connection_parameters =
572
573
574[docker]
575
576#
577# From magnum.conf
578#
579
580# Docker remote api version. Override it according to specific docker api
581# version in your environment. (string value)
582#docker_remote_api_version = 1.21
583
584# Default timeout in seconds for docker client operations. (integer value)
585#default_timeout = 60
586
587# If set, ignore any SSL validation issues (boolean value)
588#api_insecure = false
589
590# Location of CA certificates file for securing docker api requests
591# (tlscacert). (string value)
592#ca_file = <None>
593
594# Location of TLS certificate file for securing docker api requests (tlscert).
595# (string value)
596#cert_file = <None>
597
598# Location of TLS private key file for securing docker api requests (tlskey).
599# (string value)
600#key_file = <None>
601
602
603[docker_registry]
604
605#
606# From magnum.conf
607#
608
609# Region name of Swift (string value)
610#swift_region = <None>
611
612# Name of the container in Swift which docker registry stores images in (string
613# value)
614#swift_registry_container = docker_registry
615
616
617[drivers]
618
619#
620# From magnum.conf
621#
622
623# Indicates whether the cluster nodes validate the Certificate Authority when
624# making requests to the OpenStack APIs (Keystone, Magnum, Heat). If you have
625# self-signed certificates for the OpenStack APIs or you have your own
626# Certificate Authority and you have not installed the Certificate Authority to
627# all nodes, you may need to disable CA validation by setting this flag to
628# False. (boolean value)
629#verify_ca = true
630
631# Path to the OpenStack CA-bundle file to pass and install in all cluster
632# nodes. (string value)
633#openstack_ca_file =
634
635# DEPRECATED: Allow periodic tasks to pull COE data and send to ceilometer.
636# (boolean value)
637# This option is deprecated for removal.
638# Its value may be silently ignored in the future.
639# Reason: It does not make sense only collecting metrics from the "default"
640# namespcae.
641#send_cluster_metrics = false
642
643# Disabled driver entry points. The default value is []. Means if not
644# specified, then all available drivers are enabled. (list value)
645#disabled_drivers =
646
647
648[glance_client]
649
650#
651# From magnum.conf
652#
653
654# Region in Identity service catalog to use for communication with the
655# OpenStack service. (string value)
656#region_name = <None>
657
658# Type of endpoint in Identity service catalog to use for communication with
659# the OpenStack service. (string value)
660#endpoint_type = publicURL
661
662# Version of Glance API to use in glanceclient. (string value)
663#api_version = 2
664
665# Optional CA cert file to use in SSL connections. (string value)
666#ca_file = <None>
667
668# Optional PEM-formatted certificate chain file. (string value)
669#cert_file = <None>
670
671# Optional PEM-formatted file that contains the private key. (string value)
672#key_file = <None>
673
674# If set, then the server's certificate will not be verified. (boolean value)
675#insecure = false
676
677
678[heat_client]
679
680#
681# From magnum.conf
682#
683
684# Region in Identity service catalog to use for communication with the
685# OpenStack service. (string value)
686#region_name = <None>
687
688# Type of endpoint in Identity service catalog to use for communication with
689# the OpenStack service. (string value)
690#endpoint_type = publicURL
691
692# Version of Heat API to use in heatclient. (string value)
693#api_version = 1
694
695# Optional CA cert file to use in SSL connections. (string value)
696#ca_file = <None>
697
698# Optional PEM-formatted certificate chain file. (string value)
699#cert_file = <None>
700
701# Optional PEM-formatted file that contains the private key. (string value)
702#key_file = <None>
703
704# If set, then the server's certificate will not be verified. (boolean value)
705#insecure = false
706
707
708[keystone_auth]
709
710#
711# From magnum.conf
712#
713
714# Authentication type to load (string value)
715# Deprecated group/name - [keystone_auth]/auth_plugin
716#auth_type = <None>
717
718# Config Section from which to load plugin specific options (string value)
719#auth_section = <None>
720
721# Authentication URL (string value)
722#auth_url = <None>
723
724# Scope for system operations (string value)
725#system_scope = <None>
726
727# Domain ID to scope to (string value)
728#domain_id = <None>
729
730# Domain name to scope to (string value)
731#domain_name = <None>
732
733# Project ID to scope to (string value)
734# Deprecated group/name - [keystone_auth]/tenant_id
735#project_id = <None>
736
737# Project name to scope to (string value)
738# Deprecated group/name - [keystone_auth]/tenant_name
739#project_name = <None>
740
741# Domain ID containing project (string value)
742#project_domain_id = <None>
743
744# Domain name containing project (string value)
745#project_domain_name = <None>
746
747# Trust ID (string value)
748#trust_id = <None>
749
750# Optional domain ID to use with v3 and v2 parameters. It will be used for both
751# the user and project domain in v3 and ignored in v2 authentication. (string
752# value)
753#default_domain_id = <None>
754
755# Optional domain name to use with v3 API and v2 parameters. It will be used
756# for both the user and project domain in v3 and ignored in v2 authentication.
757# (string value)
758#default_domain_name = <None>
759
760# User id (string value)
761#user_id = <None>
762
763# Username (string value)
764# Deprecated group/name - [keystone_auth]/user_name
765#username = <None>
766
767# User's domain id (string value)
768#user_domain_id = <None>
769
770# User's domain name (string value)
771#user_domain_name = <None>
772
773# User's password (string value)
774#password = <None>
775
776
777[keystone_authtoken]
778memcached_servers = controller:11211
779auth_version = v3
780auth_uri = http://controller:5000/v3
781project_domain_name = default
782project_name = service
783user_domain_name = default
784password = servicepassword
785username = magnum
786auth_url = http://controller:35357
787auth_type = password
788admin_user = magnum
789admin_password = servicepasssword
790admin_tenant_name = service
791#
792# From keystonemiddleware.auth_token
793#
794
795# Complete "public" Identity API endpoint. This endpoint should not be an
796# "admin" endpoint, as it should be accessible by all end users.
797# Unauthenticated clients are redirected to this endpoint to authenticate.
798# Although this endpoint should ideally be unversioned, client support in the
799# wild varies. If you're using a versioned v2 endpoint here, then this should
800# *not* be the same endpoint the service user utilizes for validating tokens,
801# because normal end users may not be able to reach that endpoint. (string
802# value)
803# Deprecated group/name - [keystone_authtoken]/auth_uri
804#www_authenticate_uri = <None>
805
806# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not
807# be an "admin" endpoint, as it should be accessible by all end users.
808# Unauthenticated clients are redirected to this endpoint to authenticate.
809# Although this endpoint should ideally be unversioned, client support in the
810# wild varies. If you're using a versioned v2 endpoint here, then this should
811# *not* be the same endpoint the service user utilizes for validating tokens,
812# because normal end users may not be able to reach that endpoint. This option
813# is deprecated in favor of www_authenticate_uri and will be removed in the S
814# release. (string value)
815# This option is deprecated for removal since Queens.
816# Its value may be silently ignored in the future.
817# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri
818# and will be removed in the S release.
819#auth_uri = <None>
820
821# API version of the admin Identity API endpoint. (string value)
822#auth_version = <None>
823
824# Do not handle authorization requests within the middleware, but delegate the
825# authorization decision to downstream WSGI components. (boolean value)
826#delay_auth_decision = false
827
828# Request timeout value for communicating with Identity API server. (integer
829# value)
830#http_connect_timeout = <None>
831
832# How many times are we trying to reconnect when communicating with Identity
833# API Server. (integer value)
834#http_request_max_retries = 3
835
836# Request environment key where the Swift cache object is stored. When
837# auth_token middleware is deployed with a Swift cache, use this option to have
838# the middleware share a caching backend with swift. Otherwise, use the
839# ``memcached_servers`` option instead. (string value)
840#cache = <None>
841
842# Required if identity server requires client certificate (string value)
843#certfile = <None>
844
845# Required if identity server requires client certificate (string value)
846#keyfile = <None>
847
848# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
849# Defaults to system CAs. (string value)
850#cafile = <None>
851
852# Verify HTTPS connections. (boolean value)
853#insecure = false
854
855# The region in which the identity server can be found. (string value)
856#region_name = <None>
857
858# DEPRECATED: Directory used to cache files related to PKI tokens. This option
859# has been deprecated in the Ocata release and will be removed in the P
860# release. (string value)
861# This option is deprecated for removal since Ocata.
862# Its value may be silently ignored in the future.
863# Reason: PKI token format is no longer supported.
864#signing_dir = <None>
865
866# Optionally specify a list of memcached server(s) to use for caching. If left
867# undefined, tokens will instead be cached in-process. (list value)
868# Deprecated group/name - [keystone_authtoken]/memcache_servers
869#memcached_servers = <None>
870
871# In order to prevent excessive effort spent validating tokens, the middleware
872# caches previously-seen tokens for a configurable duration (in seconds). Set
873# to -1 to disable caching completely. (integer value)
874#token_cache_time = 300
875
876# DEPRECATED: Determines the frequency at which the list of revoked tokens is
877# retrieved from the Identity service (in seconds). A high number of revocation
878# events combined with a low cache duration may significantly reduce
879# performance. Only valid for PKI tokens. This option has been deprecated in
880# the Ocata release and will be removed in the P release. (integer value)
881# This option is deprecated for removal since Ocata.
882# Its value may be silently ignored in the future.
883# Reason: PKI token format is no longer supported.
884#revocation_cache_time = 10
885
886# (Optional) If defined, indicate whether token data should be authenticated or
887# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
888# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
889# cache. If the value is not one of these options or empty, auth_token will
890# raise an exception on initialization. (string value)
891# Possible values:
892# None - <No description provided>
893# MAC - <No description provided>
894# ENCRYPT - <No description provided>
895#memcache_security_strategy = None
896
897# (Optional, mandatory if memcache_security_strategy is defined) This string is
898# used for key derivation. (string value)
899#memcache_secret_key = <None>
900
901# (Optional) Number of seconds memcached server is considered dead before it is
902# tried again. (integer value)
903#memcache_pool_dead_retry = 300
904
905# (Optional) Maximum total number of open connections to every memcached
906# server. (integer value)
907#memcache_pool_maxsize = 10
908
909# (Optional) Socket timeout in seconds for communicating with a memcached
910# server. (integer value)
911#memcache_pool_socket_timeout = 3
912
913# (Optional) Number of seconds a connection to memcached is held unused in the
914# pool before it is closed. (integer value)
915#memcache_pool_unused_timeout = 60
916
917# (Optional) Number of seconds that an operation will wait to get a memcached
918# client connection from the pool. (integer value)
919#memcache_pool_conn_get_timeout = 10
920
921# (Optional) Use the advanced (eventlet safe) memcached client pool. The
922# advanced pool will only work under python 2.x. (boolean value)
923#memcache_use_advanced_pool = false
924
925# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
926# middleware will not ask for service catalog on token validation and will not
927# set the X-Service-Catalog header. (boolean value)
928#include_service_catalog = true
929
930# Used to control the use and type of token binding. Can be set to: "disabled"
931# to not check token binding. "permissive" (default) to validate binding
932# information if the bind type is of a form known to the server and ignore it
933# if not. "strict" like "permissive" but if the bind type is unknown the token
934# will be rejected. "required" any form of token binding is needed to be
935# allowed. Finally the name of a binding method that must be present in tokens.
936# (string value)
937#enforce_token_bind = permissive
938
939# DEPRECATED: If true, the revocation list will be checked for cached tokens.
940# This requires that PKI tokens are configured on the identity server. (boolean
941# value)
942# This option is deprecated for removal since Ocata.
943# Its value may be silently ignored in the future.
944# Reason: PKI token format is no longer supported.
945#check_revocations_for_cached = false
946
947# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
948# single algorithm or multiple. The algorithms are those supported by Python
949# standard hashlib.new(). The hashes will be tried in the order given, so put
950# the preferred one first for performance. The result of the first hash will be
951# stored in the cache. This will typically be set to multiple values only while
952# migrating from a less secure algorithm to a more secure one. Once all the old
953# tokens are expired this option should be set to a single value for better
954# performance. (list value)
955# This option is deprecated for removal since Ocata.
956# Its value may be silently ignored in the future.
957# Reason: PKI token format is no longer supported.
958#hash_algorithms = md5
959
960# A choice of roles that must be present in a service token. Service tokens are
961# allowed to request that an expired token can be used and so this check should
962# tightly control that only actual services should be sending this token. Roles
963# here are applied as an ANY check so any role in this list must be present.
964# For backwards compatibility reasons this currently only affects the
965# allow_expired check. (list value)
966#service_token_roles = service
967
968# For backwards compatibility reasons we must let valid service tokens pass
969# that don't pass the service_token_roles check as valid. Setting this true
970# will become the default in a future release and should be enabled if
971# possible. (boolean value)
972#service_token_roles_required = false
973
974# Authentication type to load (string value)
975# Deprecated group/name - [keystone_authtoken]/auth_plugin
976#auth_type = <None>
977
978# Config Section from which to load plugin specific options (string value)
979#auth_section = <None>
980
981
982[magnum_client]
983
984#
985# From magnum.conf
986#
987
988# Region in Identity service catalog to use for communication with the
989# OpenStack service. (string value)
990#region_name = <None>
991
992# Type of endpoint in Identity service catalog to use for communication with
993# the OpenStack service. (string value)
994#endpoint_type = publicURL
995
996
997[neutron_client]
998
999#
1000# From magnum.conf
1001#
1002
1003# Region in Identity service catalog to use for communication with the
1004# OpenStack service. (string value)
1005#region_name = <None>
1006
1007# Type of endpoint in Identity service catalog to use for communication with
1008# the OpenStack service. (string value)
1009#endpoint_type = publicURL
1010
1011# Optional CA cert file to use in SSL connections. (string value)
1012#ca_file = <None>
1013
1014# Optional PEM-formatted certificate chain file. (string value)
1015#cert_file = <None>
1016
1017# Optional PEM-formatted file that contains the private key. (string value)
1018#key_file = <None>
1019
1020# If set, then the server's certificate will not be verified. (boolean value)
1021#insecure = false
1022
1023
1024[nova_client]
1025
1026#
1027# From magnum.conf
1028#
1029
1030# Region in Identity service catalog to use for communication with the
1031# OpenStack service. (string value)
1032#region_name = <None>
1033
1034# Type of endpoint in Identity service catalog to use for communication with
1035# the OpenStack service. (string value)
1036#endpoint_type = publicURL
1037
1038# Version of Nova API to use in novaclient. (string value)
1039#api_version = 2
1040
1041# Optional CA cert file to use in SSL connections. (string value)
1042#ca_file = <None>
1043
1044# Optional PEM-formatted certificate chain file. (string value)
1045#cert_file = <None>
1046
1047# Optional PEM-formatted file that contains the private key. (string value)
1048#key_file = <None>
1049
1050# If set, then the server's certificate will not be verified. (boolean value)
1051#insecure = false
1052
1053
1054[oslo_concurrency]
1055lock_path = /var/lib/magnum/tmp
1056
1057#
1058# From oslo.concurrency
1059#
1060
1061# Enables or disables inter-process locks. (boolean value)
1062#disable_process_locking = false
1063
1064# Directory to use for lock files. For security, the specified directory
1065# should only be writable by the user running the processes that need locking.
1066# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used,
1067# a lock path must be set. (string value)
1068#lock_path = <None>
1069
1070
1071[oslo_messaging_amqp]
1072
1073#
1074# From oslo.messaging
1075#
1076
1077# Name for the AMQP container. must be globally unique. Defaults to a generated
1078# UUID (string value)
1079#container_name = <None>
1080
1081# Timeout for inactive connections (in seconds) (integer value)
1082#idle_timeout = 0
1083
1084# Debug: dump AMQP frames to stdout (boolean value)
1085#trace = false
1086
1087# Attempt to connect via SSL. If no other ssl-related parameters are given, it
1088# will use the system's CA-bundle to verify the server's certificate. (boolean
1089# value)
1090#ssl = false
1091
1092# CA certificate PEM file used to verify the server's certificate (string
1093# value)
1094#ssl_ca_file =
1095
1096# Self-identifying certificate PEM file for client authentication (string
1097# value)
1098#ssl_cert_file =
1099
1100# Private key PEM file used to sign ssl_cert_file certificate (optional)
1101# (string value)
1102#ssl_key_file =
1103
1104# Password for decrypting ssl_key_file (if encrypted) (string value)
1105#ssl_key_password = <None>
1106
1107# By default SSL checks that the name in the server's certificate matches the
1108# hostname in the transport_url. In some configurations it may be preferable to
1109# use the virtual hostname instead, for example if the server uses the Server
1110# Name Indication TLS extension (rfc6066) to provide a certificate per virtual
1111# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the
1112# virtual host name instead of the DNS name. (boolean value)
1113#ssl_verify_vhost = false
1114
1115# Space separated list of acceptable SASL mechanisms (string value)
1116#sasl_mechanisms =
1117
1118# Path to directory that contains the SASL configuration (string value)
1119#sasl_config_dir =
1120
1121# Name of configuration file (without .conf suffix) (string value)
1122#sasl_config_name =
1123
1124# SASL realm to use if no realm present in username (string value)
1125#sasl_default_realm =
1126
1127# Seconds to pause before attempting to re-connect. (integer value)
1128# Minimum value: 1
1129#connection_retry_interval = 1
1130
1131# Increase the connection_retry_interval by this many seconds after each
1132# unsuccessful failover attempt. (integer value)
1133# Minimum value: 0
1134#connection_retry_backoff = 2
1135
1136# Maximum limit for connection_retry_interval + connection_retry_backoff
1137# (integer value)
1138# Minimum value: 1
1139#connection_retry_interval_max = 30
1140
1141# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
1142# recoverable error. (integer value)
1143# Minimum value: 1
1144#link_retry_delay = 10
1145
1146# The maximum number of attempts to re-send a reply message which failed due to
1147# a recoverable error. (integer value)
1148# Minimum value: -1
1149#default_reply_retry = 0
1150
1151# The deadline for an rpc reply message delivery. (integer value)
1152# Minimum value: 5
1153#default_reply_timeout = 30
1154
1155# The deadline for an rpc cast or call message delivery. Only used when caller
1156# does not provide a timeout expiry. (integer value)
1157# Minimum value: 5
1158#default_send_timeout = 30
1159
1160# The deadline for a sent notification message delivery. Only used when caller
1161# does not provide a timeout expiry. (integer value)
1162# Minimum value: 5
1163#default_notify_timeout = 30
1164
1165# The duration to schedule a purge of idle sender links. Detach link after
1166# expiry. (integer value)
1167# Minimum value: 1
1168#default_sender_link_timeout = 600
1169
1170# Indicates the addressing mode used by the driver.
1171# Permitted values:
1172# 'legacy' - use legacy non-routable addressing
1173# 'routable' - use routable addresses
1174# 'dynamic' - use legacy addresses if the message bus does not support routing
1175# otherwise use routable addressing (string value)
1176#addressing_mode = dynamic
1177
1178# Enable virtual host support for those message buses that do not natively
1179# support virtual hosting (such as qpidd). When set to true the virtual host
1180# name will be added to all message bus addresses, effectively creating a
1181# private 'subnet' per virtual host. Set to False if the message bus supports
1182# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative
1183# as the name of the virtual host. (boolean value)
1184#pseudo_vhost = true
1185
1186# address prefix used when sending to a specific server (string value)
1187#server_request_prefix = exclusive
1188
1189# address prefix used when broadcasting to all servers (string value)
1190#broadcast_prefix = broadcast
1191
1192# address prefix when sending to any server in group (string value)
1193#group_request_prefix = unicast
1194
1195# Address prefix for all generated RPC addresses (string value)
1196#rpc_address_prefix = openstack.org/om/rpc
1197
1198# Address prefix for all generated Notification addresses (string value)
1199#notify_address_prefix = openstack.org/om/notify
1200
1201# Appended to the address prefix when sending a fanout message. Used by the
1202# message bus to identify fanout messages. (string value)
1203#multicast_address = multicast
1204
1205# Appended to the address prefix when sending to a particular RPC/Notification
1206# server. Used by the message bus to identify messages sent to a single
1207# destination. (string value)
1208#unicast_address = unicast
1209
1210# Appended to the address prefix when sending to a group of consumers. Used by
1211# the message bus to identify messages that should be delivered in a round-
1212# robin fashion across consumers. (string value)
1213#anycast_address = anycast
1214
1215# Exchange name used in notification addresses.
1216# Exchange name resolution precedence:
1217# Target.exchange if set
1218# else default_notification_exchange if set
1219# else control_exchange if set
1220# else 'notify' (string value)
1221#default_notification_exchange = <None>
1222
1223# Exchange name used in RPC addresses.
1224# Exchange name resolution precedence:
1225# Target.exchange if set
1226# else default_rpc_exchange if set
1227# else control_exchange if set
1228# else 'rpc' (string value)
1229#default_rpc_exchange = <None>
1230
1231# Window size for incoming RPC Reply messages. (integer value)
1232# Minimum value: 1
1233#reply_link_credit = 200
1234
1235# Window size for incoming RPC Request messages (integer value)
1236# Minimum value: 1
1237#rpc_server_credit = 100
1238
1239# Window size for incoming Notification messages (integer value)
1240# Minimum value: 1
1241#notify_server_credit = 100
1242
1243# Send messages of this type pre-settled.
1244# Pre-settled messages will not receive acknowledgement
1245# from the peer. Note well: pre-settled messages may be
1246# silently discarded if the delivery fails.
1247# Permitted values:
1248# 'rpc-call' - send RPC Calls pre-settled
1249# 'rpc-reply'- send RPC Replies pre-settled
1250# 'rpc-cast' - Send RPC Casts pre-settled
1251# 'notify' - Send Notifications pre-settled
1252# (multi valued)
1253#pre_settled = rpc-cast
1254#pre_settled = rpc-reply
1255
1256
1257[oslo_messaging_kafka]
1258
1259#
1260# From oslo.messaging
1261#
1262
1263# Max fetch bytes of Kafka consumer (integer value)
1264#kafka_max_fetch_bytes = 1048576
1265
1266# Default timeout(s) for Kafka consumers (floating point value)
1267#kafka_consumer_timeout = 1.0
1268
1269# DEPRECATED: Pool Size for Kafka Consumers (integer value)
1270# This option is deprecated for removal.
1271# Its value may be silently ignored in the future.
1272# Reason: Driver no longer uses connection pool.
1273#pool_size = 10
1274
1275# DEPRECATED: The pool size limit for connections expiration policy (integer
1276# value)
1277# This option is deprecated for removal.
1278# Its value may be silently ignored in the future.
1279# Reason: Driver no longer uses connection pool.
1280#conn_pool_min_size = 2
1281
1282# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer
1283# value)
1284# This option is deprecated for removal.
1285# Its value may be silently ignored in the future.
1286# Reason: Driver no longer uses connection pool.
1287#conn_pool_ttl = 1200
1288
1289# Group id for Kafka consumer. Consumers in one group will coordinate message
1290# consumption (string value)
1291#consumer_group = oslo_messaging_consumer
1292
1293# Upper bound on the delay for KafkaProducer batching in seconds (floating
1294# point value)
1295#producer_batch_timeout = 0.0
1296
1297# Size of batch for the producer async send (integer value)
1298#producer_batch_size = 16384
1299
1300# Enable asynchronous consumer commits (boolean value)
1301#enable_auto_commit = false
1302
1303# The maximum number of records returned in a poll call (integer value)
1304#max_poll_records = 500
1305
1306# Protocol used to communicate with brokers (string value)
1307# Possible values:
1308# PLAINTEXT - <No description provided>
1309# SASL_PLAINTEXT - <No description provided>
1310# SSL - <No description provided>
1311# SASL_SSL - <No description provided>
1312#security_protocol = PLAINTEXT
1313
1314# Mechanism when security protocol is SASL (string value)
1315#sasl_mechanism = PLAIN
1316
1317# CA certificate PEM file used to verify the server certificate (string value)
1318#ssl_cafile =
1319
1320
1321[oslo_messaging_notifications]
1322driver = messaging
1323
1324#
1325# From oslo.messaging
1326#
1327
1328# The Drivers(s) to handle sending notifications. Possible values are
1329# messaging, messagingv2, routing, log, test, noop (multi valued)
1330# Deprecated group/name - [DEFAULT]/notification_driver
1331#driver =
1332
1333# A URL representing the messaging driver to use for notifications. If not set,
1334# we fall back to the same configuration used for RPC. (string value)
1335# Deprecated group/name - [DEFAULT]/notification_transport_url
1336#transport_url = <None>
1337
1338# AMQP topic used for OpenStack notifications. (list value)
1339# Deprecated group/name - [rpc_notifier2]/topics
1340# Deprecated group/name - [DEFAULT]/notification_topics
1341#topics = notifications
1342
1343# The maximum number of attempts to re-send a notification message which failed
1344# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
1345# (integer value)
1346#retry = -1
1347
1348
1349[oslo_messaging_rabbit]
1350
1351#
1352# From oslo.messaging
1353#
1354
1355# Use durable queues in AMQP. (boolean value)
1356#amqp_durable_queues = false
1357
1358# Auto-delete queues in AMQP. (boolean value)
1359#amqp_auto_delete = false
1360
1361# Connect over SSL. (boolean value)
1362# Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl
1363#ssl = false
1364
1365# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
1366# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
1367# distributions. (string value)
1368# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version
1369#ssl_version =
1370
1371# SSL key file (valid only if SSL enabled). (string value)
1372# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile
1373#ssl_key_file =
1374
1375# SSL cert file (valid only if SSL enabled). (string value)
1376# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile
1377#ssl_cert_file =
1378
1379# SSL certification authority file (valid only if SSL enabled). (string value)
1380# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
1381#ssl_ca_file =
1382
1383# How long to wait before reconnecting in response to an AMQP consumer cancel
1384# notification. (floating point value)
1385#kombu_reconnect_delay = 1.0
1386
1387# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
1388# be used. This option may not be available in future versions. (string value)
1389#kombu_compression = <None>
1390
1391# How long to wait a missing client before abandoning to send it its replies.
1392# This value should not be longer than rpc_response_timeout. (integer value)
1393# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
1394#kombu_missing_consumer_retry_timeout = 60
1395
1396# Determines how the next RabbitMQ node is chosen in case the one we are
1397# currently connected to becomes unavailable. Takes effect only if more than
1398# one RabbitMQ node is provided in config. (string value)
1399# Possible values:
1400# round-robin - <No description provided>
1401# shuffle - <No description provided>
1402#kombu_failover_strategy = round-robin
1403
1404# The RabbitMQ login method. (string value)
1405# Possible values:
1406# PLAIN - <No description provided>
1407# AMQPLAIN - <No description provided>
1408# RABBIT-CR-DEMO - <No description provided>
1409#rabbit_login_method = AMQPLAIN
1410
1411# How frequently to retry connecting with RabbitMQ. (integer value)
1412#rabbit_retry_interval = 1
1413
1414# How long to backoff for between retries when connecting to RabbitMQ. (integer
1415# value)
1416#rabbit_retry_backoff = 2
1417
1418# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
1419# (integer value)
1420#rabbit_interval_max = 30
1421
1422# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
1423# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
1424# is no longer controlled by the x-ha-policy argument when declaring a queue.
1425# If you just want to make sure that all queues (except those with auto-
1426# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
1427# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
1428#rabbit_ha_queues = false
1429
1430# Positive integer representing duration in seconds for queue TTL (x-expires).
1431# Queues which are unused for the duration of the TTL are automatically
1432# deleted. The parameter affects only reply and fanout queues. (integer value)
1433# Minimum value: 1
1434#rabbit_transient_queues_ttl = 1800
1435
1436# Specifies the number of messages to prefetch. Setting to zero allows
1437# unlimited messages. (integer value)
1438#rabbit_qos_prefetch_count = 0
1439
1440# Number of seconds after which the Rabbit broker is considered down if
1441# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
1442# value)
1443#heartbeat_timeout_threshold = 60
1444
1445# How often times during the heartbeat_timeout_threshold we check the
1446# heartbeat. (integer value)
1447#heartbeat_rate = 2
1448
1449
1450[oslo_policy]
1451
1452#
1453# From oslo.policy
1454#
1455
1456# This option controls whether or not to enforce scope when evaluating
1457# policies. If ``True``, the scope of the token used in the request is compared
1458# to the ``scope_types`` of the policy being enforced. If the scopes do not
1459# match, an ``InvalidScope`` exception will be raised. If ``False``, a message
1460# will be logged informing operators that policies are being invoked with
1461# mismatching scope. (boolean value)
1462#enforce_scope = false
1463
1464# The file that defines policies. (string value)
1465#policy_file = policy.json
1466
1467# Default rule. Enforced when a requested rule is not found. (string value)
1468#policy_default_rule = default
1469
1470# Directories where policy configuration files are stored. They can be relative
1471# to any directory in the search path defined by the config_dir option, or
1472# absolute paths. The file defined by policy_file must exist for these
1473# directories to be searched. Missing or empty directories are ignored. (multi
1474# valued)
1475#policy_dirs = policy.d
1476
1477# Content Type to send and receive data for REST based policy check (string
1478# value)
1479# Possible values:
1480# application/x-www-form-urlencoded - <No description provided>
1481# application/json - <No description provided>
1482#remote_content_type = application/x-www-form-urlencoded
1483
1484# server identity verification for REST based policy check (boolean value)
1485#remote_ssl_verify_server_crt = false
1486
1487# Absolute path to ca cert file for REST based policy check (string value)
1488#remote_ssl_ca_crt_file = <None>
1489
1490# Absolute path to client cert for REST based policy check (string value)
1491#remote_ssl_client_crt_file = <None>
1492
1493# Absolute path client key file REST based policy check (string value)
1494#remote_ssl_client_key_file = <None>
1495
1496
1497[profiler]
1498#
1499# OSprofiler library allows to trace requests going through various OpenStack
1500# services and create the accumulated report of what time was spent on each
1501# request processing step.
1502
1503#
1504# From magnum.conf
1505#
1506
1507#
1508# Enable the profiling for all services on this node.
1509#
1510# Default value is False (fully disable the profiling feature).
1511#
1512# Possible values:
1513#
1514# * True: Enables the feature
1515# * False: Disables the feature. The profiling cannot be started via this
1516# project
1517# operations. If the profiling is triggered by another project, this project
1518# part will be empty.
1519# (boolean value)
1520# Deprecated group/name - [profiler]/profiler_enabled
1521#enabled = false
1522
1523#
1524# Enable SQL requests profiling in services.
1525#
1526# Default value is False (SQL requests won't be traced).
1527#
1528# Possible values:
1529#
1530# * True: Enables SQL requests profiling. Each SQL query will be part of the
1531# trace and can the be analyzed by how much time was spent for that.
1532# * False: Disables SQL requests profiling. The spent time is only shown on a
1533# higher level of operations. Single SQL queries cannot be analyzed this way.
1534# (boolean value)
1535#trace_sqlalchemy = false
1536
1537#
1538# Secret key(s) to use for encrypting context data for performance profiling.
1539#
1540# This string value should have the following format:
1541# <key1>[,<key2>,...<keyn>],
1542# where each key is some random string. A user who triggers the profiling via
1543# the REST API has to set one of these keys in the headers of the REST API call
1544# to include profiling results of this node for this particular project.
1545#
1546# Both "enabled" flag and "hmac_keys" config options should be set to enable
1547# profiling. Also, to generate correct profiling information across all
1548# services
1549# at least one key needs to be consistent between OpenStack projects. This
1550# ensures it can be used from client side to generate the trace, containing
1551# information from all possible resources.
1552# (string value)
1553#hmac_keys = SECRET_KEY
1554
1555#
1556# Connection string for a notifier backend.
1557#
1558# Default value is ``messaging://`` which sets the notifier to oslo_messaging.
1559#
1560# Examples of possible values:
1561#
1562# * ``messaging://`` - use oslo_messaging driver for sending spans.
1563# * ``redis://127.0.0.1:6379`` - use redis driver for sending spans.
1564# * ``mongodb://127.0.0.1:27017`` - use mongodb driver for sending spans.
1565# * ``elasticsearch://127.0.0.1:9200`` - use elasticsearch driver for sending
1566# spans.
1567# * ``jaeger://127.0.0.1:6831`` - use jaeger tracing as driver for sending
1568# spans.
1569# (string value)
1570#connection_string = messaging://
1571
1572#
1573# Document type for notification indexing in elasticsearch.
1574# (string value)
1575#es_doc_type = notification
1576
1577#
1578# This parameter is a time value parameter (for example: es_scroll_time=2m),
1579# indicating for how long the nodes that participate in the search will
1580# maintain
1581# relevant resources in order to continue and support it.
1582# (string value)
1583#es_scroll_time = 2m
1584
1585#
1586# Elasticsearch splits large requests in batches. This parameter defines
1587# maximum size of each batch (for example: es_scroll_size=10000).
1588# (integer value)
1589#es_scroll_size = 10000
1590
1591#
1592# Redissentinel provides a timeout option on the connections.
1593# This parameter defines that timeout (for example: socket_timeout=0.1).
1594# (floating point value)
1595#socket_timeout = 0.1
1596
1597#
1598# Redissentinel uses a service name to identify a master redis service.
1599# This parameter defines the name (for example:
1600# ``sentinal_service_name=mymaster``).
1601# (string value)
1602#sentinel_service_name = mymaster
1603
1604#
1605# Enable filter traces that contain error/exception to a separated place.
1606#
1607# Default value is set to False.
1608#
1609# Possible values:
1610#
1611# * True: Enable filter traces that contain error/exception.
1612# * False: Disable the filter.
1613# (boolean value)
1614#filter_error_trace = false
1615
1616
1617[quotas]
1618
1619#
1620# From magnum.conf
1621#
1622
1623# Max number of clusters allowed per project. Admin can override this default
1624# quota for a project by setting explicit limit in quotas DB table (using
1625# /quotas REST API endpoint). (integer value)
1626#max_clusters_per_project = 20
1627
1628
1629[trust]
1630trustee_domain_name = magnum
1631trustee_domain_admin_name = magnum_domain_admin
1632trustee_domain_admin_password = servicepassword
1633#
1634# From magnum.conf
1635#
1636
1637# This setting controls whether to assign a trust to the cluster user or not.
1638# You will need to set it to True for clusters with volume_driver=cinder or
1639# registry_enabled=true in the underlying cluster template to work. This is a
1640# potential security risk since the trust gives instances OpenStack API access
1641# to the cluster's project. Note that this setting does not affect per-cluster
1642# trusts assigned to theMagnum service user. (boolean value)
1643#cluster_user_trust = false
1644
1645# Id of the domain to create trustee for clusters (string value)
1646#trustee_domain_id = <None>
1647
1648# Name of the domain to create trustee for s (string value)
1649#trustee_domain_name = <None>
1650
1651# Id of the admin with roles sufficient to manage users in the trustee_domain
1652# (string value)
1653#trustee_domain_admin_id = <None>
1654
1655# Name of the admin with roles sufficient to manage users in the trustee_domain
1656# (string value)
1657#trustee_domain_admin_name = <None>
1658
1659# Id of the domain admin user's domain. trustee_domain_id is used by default
1660# (string value)
1661#trustee_domain_admin_domain_id = <None>
1662
1663# Name of the domain admin user's domain. trustee_domain_name is used by
1664# default (string value)
1665#trustee_domain_admin_domain_name = <None>
1666
1667# Password of trustee_domain_admin (string value)
1668#trustee_domain_admin_password = <None>
1669
1670# The roles which are delegated to the trustee by the trustor (list value)
1671#roles =
1672
1673# Auth interface used by instances/trustee (string value)
1674#trustee_keystone_interface = public
1675
1676# Region in Identity service catalog to use for communication with the
1677# OpenStack service. (string value)
1678#trustee_keystone_region_name = <None>
1679
1680
1681[x509]
1682
1683#
1684# From magnum.conf
1685#
1686
1687# Certificate can get the CA flag in x509 extensions. (boolean value)
1688#allow_ca = false
1689
1690# List of allowed x509 extensions. Available values: "authorityKeyIdentifier",
1691# "subjectKeyIdentifier", "authorityInfoAccess", "basicConstraints",
1692# "cRLDistributionPoints", "certificatePolicies", "extendedKeyUsage",
1693# "OCSPNoCheck", "inhibitAnyPolicy", "keyUsage", "nameConstraints",
1694# "subjectAltName", "issuerAltName" (list value)
1695#allowed_extensions = keyUsage,extendedKeyUsage,subjectAltName,basicConstraints,subjectKeyIdentifier
1696
1697# List of allowed x509 key usage. Available values: "Digital Signature", "Non
1698# Repudiation", "Key Encipherment", "Data Encipherment", "Key Agreement",
1699# "Certificate Sign", "CRL Sign", "Encipher Only", "Decipher Only" (list value)
1700#allowed_key_usage = Digital Signature,Key Encipherment,Non Repudiation
1701
1702# Number of days for which a certificate is valid. (integer value)
1703#term_of_validity = 1825
1704
1705# Size of generated private key. (integer value)
1706#rsa_key_size = 2048