[DEFAULT] # # From drydock_provisioner # # Polling interval in seconds for checking subtask or downstream status (integer # value) # Minimum value: 1 #poll_interval = 10 # How long a leader has to check-in before leadership can be usurped, in seconds # (integer value) #leader_grace_period = 300 # How often will an instance attempt to claim leadership, in seconds (integer # value) #leadership_claim_interval = 30 [database] # # From drydock_provisioner # # The URI database connect string. (string value) #database_connect_string = # The SQLalchemy database connection pool size. (integer value) #pool_size = 15 # Should DB connections be validated prior to use. (boolean value) #pool_pre_ping = true # How long a request for a connection should wait before one becomes available. # (integer value) #pool_timeout = 30 # How many connections above pool_size are allowed to be open during high usage. # (integer value) #pool_overflow = 10 # Time, in seconds, when a connection should be closed and re-established. -1 # for no recycling. (integer value) #connection_recycle = -1 [keystone_authtoken] # # From drydock_provisioner # # Authentication URL (string value) #auth_url = # Scope for system operations (string value) #system_scope = # Domain ID to scope to (string value) #domain_id = # Domain name to scope to (string value) #domain_name = # Project ID to scope to (string value) # Deprecated group/name - [keystone_authtoken]/tenant_id #project_id = # Project name to scope to (string value) # Deprecated group/name - [keystone_authtoken]/tenant_name #project_name = # Domain ID containing project (string value) #project_domain_id = # Domain name containing project (string value) #project_domain_name = # Trust ID (string value) #trust_id = # Optional domain ID to use with v3 and v2 parameters. It will be used for both # the user and project domain in v3 and ignored in v2 authentication. (string # value) #default_domain_id = # Optional domain name to use with v3 API and v2 parameters. It will be used for # both the user and project domain in v3 and ignored in v2 authentication. # (string value) #default_domain_name = # User id (string value) #user_id = # Username (string value) # Deprecated group/name - [keystone_authtoken]/user_name #username = # User's domain id (string value) #user_domain_id = # User's domain name (string value) #user_domain_name = # User's password (string value) #password = # # From keystonemiddleware.auth_token # # Complete "public" Identity API endpoint. This endpoint should not be an # "admin" endpoint, as it should be accessible by all end users. Unauthenticated # clients are redirected to this endpoint to authenticate. Although this # endpoint should ideally be unversioned, client support in the wild varies. # If you're using a versioned v2 endpoint here, then this should *not* be the # same endpoint the service user utilizes for validating tokens, because normal # end users may not be able to reach that endpoint. (string value) #auth_uri = # API version of the admin Identity API endpoint. (string value) #auth_version = # Do not handle authorization requests within the middleware, but delegate the # authorization decision to downstream WSGI components. (boolean value) #delay_auth_decision = false # Request timeout value for communicating with Identity API server. (integer # value) #http_connect_timeout = # How many times are we trying to reconnect when communicating with Identity API # Server. (integer value) #http_request_max_retries = 3 # Request environment key where the Swift cache object is stored. When # auth_token middleware is deployed with a Swift cache, use this option to have # the middleware share a caching backend with swift. Otherwise, use the # ``memcached_servers`` option instead. (string value) #cache = # Required if identity server requires client certificate (string value) #certfile = # Required if identity server requires client certificate (string value) #keyfile = # A PEM encoded Certificate Authority to use when verifying HTTPs connections. # Defaults to system CAs. (string value) #cafile = # Verify HTTPS connections. (boolean value) #insecure = false # The region in which the identity server can be found. (string value) #region_name = # Directory used to cache files related to PKI tokens. (string value) #signing_dir = # Optionally specify a list of memcached server(s) to use for caching. If left # undefined, tokens will instead be cached in-process. (list value) # Deprecated group/name - [keystone_authtoken]/memcache_servers #memcached_servers = # In order to prevent excessive effort spent validating tokens, the middleware # caches previously-seen tokens for a configurable duration (in seconds). Set to # -1 to disable caching completely. (integer value) #token_cache_time = 300 # Determines the frequency at which the list of revoked tokens is retrieved from # the Identity service (in seconds). A high number of revocation events combined # with a low cache duration may significantly reduce performance. Only valid for # PKI tokens. (integer value) #revocation_cache_time = 10 # (Optional) If defined, indicate whether token data should be authenticated or # authenticated and encrypted. If MAC, token data is authenticated (with HMAC) # in the cache. If ENCRYPT, token data is encrypted and authenticated in the # cache. If the value is not one of these options or empty, auth_token will # raise an exception on initialization. (string value) # Possible values: # None - # MAC - # ENCRYPT - #memcache_security_strategy = None # (Optional, mandatory if memcache_security_strategy is defined) This string is # used for key derivation. (string value) #memcache_secret_key = # (Optional) Number of seconds memcached server is considered dead before it is # tried again. (integer value) #memcache_pool_dead_retry = 300 # (Optional) Maximum total number of open connections to every memcached server. # (integer value) #memcache_pool_maxsize = 10 # (Optional) Socket timeout in seconds for communicating with a memcached # server. (integer value) #memcache_pool_socket_timeout = 3 # (Optional) Number of seconds a connection to memcached is held unused in the # pool before it is closed. (integer value) #memcache_pool_unused_timeout = 60 # (Optional) Number of seconds that an operation will wait to get a memcached # client connection from the pool. (integer value) #memcache_pool_conn_get_timeout = 10 # (Optional) Use the advanced (eventlet safe) memcached client pool. The # advanced pool will only work under python 2.x. (boolean value) #memcache_use_advanced_pool = false # (Optional) Indicate whether to set the X-Service-Catalog header. If False, # middleware will not ask for service catalog on token validation and will not # set the X-Service-Catalog header. (boolean value) #include_service_catalog = true # Used to control the use and type of token binding. Can be set to: "disabled" # to not check token binding. "permissive" (default) to validate binding # information if the bind type is of a form known to the server and ignore it if # not. "strict" like "permissive" but if the bind type is unknown the token will # be rejected. "required" any form of token binding is needed to be allowed. # Finally the name of a binding method that must be present in tokens. (string # value) #enforce_token_bind = permissive # If true, the revocation list will be checked for cached tokens. This requires # that PKI tokens are configured on the identity server. (boolean value) #check_revocations_for_cached = false # Hash algorithms to use for hashing PKI tokens. This may be a single algorithm # or multiple. The algorithms are those supported by Python standard # hashlib.new(). The hashes will be tried in the order given, so put the # preferred one first for performance. The result of the first hash will be # stored in the cache. This will typically be set to multiple values only while # migrating from a less secure algorithm to a more secure one. Once all the old # tokens are expired this option should be set to a single value for better # performance. (list value) #hash_algorithms = md5 # Authentication type to load (string value) # Deprecated group/name - [keystone_authtoken]/auth_plugin #auth_type = # Config Section from which to load plugin specific options (string value) #auth_section = [libvirt_driver] # # From drydock_provisioner # # Polling interval in seconds for querying libvirt status (integer value) #poll_interval = 10 [logging] # # From drydock_provisioner # # Global log level for Drydock (string value) #log_level = INFO # Logger name for the top-level logger (string value) #global_logger_name = drydock_provisioner # Logger name for OOB driver logging (string value) #oobdriver_logger_name = ${global_logger_name}.oobdriver # Logger name for Node driver logging (string value) #nodedriver_logger_name = ${global_logger_name}.nodedriver # Logger name for Kubernetes driver logging (string value) #kubernetesdriver_logger_name = ${global_logger_name}.kubernetesdriver # Logger name for API server logging (string value) #control_logger_name = ${global_logger_name}.control [maasdriver] # # From drydock_provisioner # # The API key for accessing MaaS (string value) #maas_api_key = # The URL for accessing MaaS API (string value) #maas_api_url = # Update MAAS to use the provided Node OOB params, overwriting discovered values # (boolean value) #use_node_oob_params = false # Skip BMC reconfiguration during commissioning (requires MAAS 2.7+) (boolean # value) #skip_bmc_config = false # Polling interval for querying MaaS status in seconds (integer value) #poll_interval = 10 [network] # # From drydock_provisioner # # Timeout for initial read of outgoing HTTP calls from Drydock in seconds. # (integer value) #http_client_connect_timeout = 16 # Timeout for initial read of outgoing HTTP calls from Drydock in seconds. # (integer value) #http_client_read_timeout = 300 # Number of retries for transient errors of outgoing HTTP calls from Drydock. # (integer value) #http_client_retries = 3 [oslo_policy] # # From oslo.policy # # The file that defines policies. (string value) #policy_file = policy.json # Default rule. Enforced when a requested rule is not found. (string value) #policy_default_rule = default # Directories where policy configuration files are stored. They can be relative # to any directory in the search path defined by the config_dir option, or # absolute paths. The file defined by policy_file must exist for these # directories to be searched. Missing or empty directories are ignored. (multi # valued) #policy_dirs = policy.d [plugins] # # From drydock_provisioner # # Module path string of a input ingester to enable (string value) #ingester = drydock_provisioner.ingester.plugins.yaml.YamlIngester # List of module path strings of OOB drivers to enable (list value) #oob_driver = drydock_provisioner.drivers.oob.pyghmi_driver.PyghmiDriver # Module path string of the Node driver to enable (string value) #node_driver = drydock_provisioner.drivers.node.maasdriver.driver.MaasNodeDriver # Module path string of the Kubernetes driver to enable (string value) #kubernetes_driver = drydock_provisioner.drivers.kubernetes.promenade_driver.driver.PromenadeDriver # Module path string of the Network driver enable (string value) #network_driver = [pyghmi_driver] # # From drydock_provisioner # # Polling interval in seconds for querying IPMI status (integer value) #poll_interval = 10 [redfish_driver] # # From drydock_provisioner # # Maximum number of connection retries to Redfish server (integer value) # Minimum value: 1 #max_retries = 10 # Maximum reties to wait for power state change (integer value) # Minimum value: 1 #power_state_change_max_retries = 18 # Polling interval in seconds between retries for power state change (integer # value) #power_state_change_retry_interval = 10 # Use SSL to communicate with Redfish API server (boolean value) #use_ssl = true [timeouts] # # From drydock_provisioner # # Fallback timeout when a specific one is not configured (integer value) #drydock_timeout = 5 # Timeout in minutes for creating site network templates (integer value) #create_network_template = 2 # Timeout in minutes for creating user credentials (integer value) #configure_user_credentials = 2 # Timeout in minutes for initial node identification (integer value) #identify_node = 10 # Timeout in minutes for node commissioning and hardware configuration (integer # value) #configure_hardware = 30 # Timeout in minutes for configuring node networking (integer value) #apply_node_networking = 5 # Timeout in minutes for configuring node storage (integer value) #apply_node_storage = 5 # Timeout in minutes for configuring node platform (integer value) #apply_node_platform = 5 # Timeout in minutes for deploying a node (integer value) #deploy_node = 45 # Timeout in minutes between deployment completion and the all boot actions # reporting status (integer value) #bootaction_final_status = 15 # Timeout in minutes for releasing a node (integer value) #destroy_node = 30 # Timeout in minutes for relabeling a node (integer value) #relabel_node = 5