From 0aaa20863dc37295218fa40c2c3ffe8c4afb45fe Mon Sep 17 00:00:00 2001 From: Mark Vanderwiel Date: Tue, 5 Aug 2014 14:55:38 -0500 Subject: [PATCH] Update heat conf files for Juno * Update paste.ini * Update conf - Add in description comments - Put section in order Change-Id: Ie70594a5d12e76f4d30e07b5620dd4776995c4f8 Closes-Bug: #1353063 --- CHANGELOG.md | 1 + templates/default/api-paste.ini.erb | 10 +- templates/default/heat.conf.erb | 827 +++++++++++++++------------- 3 files changed, 449 insertions(+), 389 deletions(-) mode change 100755 => 100644 templates/default/heat.conf.erb diff --git a/CHANGELOG.md b/CHANGELOG.md index c4bc8da..cefd865 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ This file is used to list changes made in each version of cookbook-openstack-orc ## 10.0.0 * Upgrading to Juno +* Sync conf files with Juno ## 9.2.0 * python_packages database client attributes have been migrated to diff --git a/templates/default/api-paste.ini.erb b/templates/default/api-paste.ini.erb index c7dcd8e..1a00023 100644 --- a/templates/default/api-paste.ini.erb +++ b/templates/default/api-paste.ini.erb @@ -2,7 +2,7 @@ # heat-api pipeline [pipeline:heat-api] -pipeline = faultwrap ssl versionnegotiation authurl authtoken context apiv1app +pipeline = request_id faultwrap ssl versionnegotiation authurl authtoken context apiv1app # heat-api pipeline for standalone heat # ie. uses alternative auth backend that authenticates users against keystone @@ -13,7 +13,7 @@ pipeline = faultwrap ssl versionnegotiation authurl authtoken context apiv1app # flavor = standalone # [pipeline:heat-api-standalone] -pipeline = faultwrap ssl versionnegotiation authurl authpassword context apiv1app +pipeline = request_id faultwrap ssl versionnegotiation authurl authpassword context apiv1app # heat-api pipeline for custom cloud backends # i.e. in heat.conf: @@ -21,7 +21,7 @@ pipeline = faultwrap ssl versionnegotiation authurl authpassword context apiv1ap # flavor = custombackend # [pipeline:heat-api-custombackend] -pipeline = faultwrap versionnegotiation context custombackendauth apiv1app +pipeline = request_id faultwrap versionnegotiation context custombackendauth apiv1app # heat-api-cfn pipeline [pipeline:heat-api-cfn] @@ -94,3 +94,7 @@ paste.filter_factory = heat.common.auth_password:filter_factory # Auth middleware that validates against custom backend [filter:custombackendauth] paste.filter_factory = heat.common.custom_backend_auth:filter_factory + +# Middleware to set x-openstack-request-id in http response header +[filter:request_id] +paste.filter_factory = heat.openstack.common.middleware.request_id:RequestIdMiddleware.factory diff --git a/templates/default/heat.conf.erb b/templates/default/heat.conf.erb old mode 100755 new mode 100644 index 178fbca..f26539d --- a/templates/default/heat.conf.erb +++ b/templates/default/heat.conf.erb @@ -3,20 +3,19 @@ [DEFAULT] # -# Options defined in heat.api.middleware.ssl +# Options defined in heat.common.config # -# The HTTP Header that will be used to determine which the -# original request protocol scheme was, even if it was removed -# by an SSL terminator proxy. (string value) -#secure_proxy_ssl_header=X-Forwarded-Proto +# Name of the engine node. This can be an opaque identifier. +# It is not necessarily a hostname, FQDN, or IP address. +# (string value) +#host=heat + # # Options defined in heat.common.config # -sql_connection=<%= @sql_connection %> - # The default user for new instances. This option is # deprecated and will be removed in the Juno release. If it's # empty, Heat will use the default user set up with your cloud @@ -27,11 +26,6 @@ sql_connection=<%= @sql_connection %> # Driver to use for controlling instances. (string value) #instance_driver=heat.engine.nova -# Engine identifier for multi-engine distributed lock. If -# this is set to "generate_uuid", a UUID will be generated. -# (string value) -#engine_id=generate_uuid - # List of directories to search for plug-ins. (list value) #plugin_dirs=/usr/lib64/heat,/usr/lib/heat @@ -66,6 +60,10 @@ sql_connection=<%= @sql_connection %> # unlimited events per stack. (integer value) #max_events_per_stack=1000 +# Timeout in seconds for stack action (ie. create or update). +# (integer value) +#stack_action_timeout=3600 + # RPC timeout for the engine liveness check that is used for # stack locking. (integer value) #engine_life_check_timeout=2 @@ -78,10 +76,10 @@ sql_connection=<%= @sql_connection %> # notification module. (string value) #onready= -# Name of the engine node. This can be an opaque identifier. -# It is not necessarily a hostname, FQDN, or IP address. -# (string value) -#host=heat + +# +# Options defined in heat.common.config +# # Seconds between running periodic tasks. (integer value) #periodic_interval=60 @@ -111,8 +109,15 @@ region_name_for_services=<%= node['openstack']['orchestration']['region'] %> #heat_stack_user_role=heat_stack_user # Keystone domain ID which contains heat template-defined -# users. (string value) -#stack_user_domain= +# users. If this option is set, stack_user_domain_name option +# will be ignored. (string value) +# Deprecated group/name - [DEFAULT]/stack_user_domain +#stack_user_domain_id= + +# Keystone domain name which contains heat template-defined +# users. If `stack_user_domain_id` option is set, this option +# is ignored. (string value) +#stack_user_domain_name= # Keystone username, a user with roles sufficient to manage # users and projects in the stack_user_domain. (string value) @@ -129,6 +134,243 @@ region_name_for_services=<%= node['openstack']['orchestration']['region'] %> # value) #max_nested_stack_depth=3 +# Number of heat-engine processes to fork and run. (integer +# value) +#num_engine_workers=1 + + +# +# Options defined in heat.common.wsgi +# + +# Maximum raw byte size of JSON request body. Should be larger +# than max_template_size. (integer value) +#max_json_body_size=1048576 + + +# +# Options defined in oslo.messaging +# + +# Use durable queues in amqp. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +amqp_durable_queues=<%= node['openstack']['mq']['orchestration']['durable_queues'] %> + +# Auto-delete queues in amqp. (boolean value) +amqp_auto_delete=<%= node['openstack']['mq']['orchestration']['auto_delete'] %> + +# Size of RPC connection pool. (integer value) +rpc_conn_pool_size=<%= node["openstack"]["orchestration"]["rpc_conn_pool_size"] %> + +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. (list value) +#allowed_rpc_exception_modules=oslo.messaging.exceptions,nova.exception,cinder.exception,exceptions + +<% if @mq_service_type == "qpid" %> +rpc_backend=heat.openstack.common.rpc.impl_qpid + +# Qpid broker hostname. (string value) +qpid_hostname=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["host"] %> + +# Qpid broker port. (integer value) +qpid_port=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["port"] %> + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +qpid_username=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["username"] %> + +# Password for Qpid connection. (string value) +qpid_password=<%= @mq_password %> + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +qpid_sasl_mechanisms=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["sasl_mechanisms"] %> + +# Seconds between connection keepalive heartbeats. (integer +# value) +qpid_heartbeat=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["heartbeat"] %> + +# Transport to use, either 'tcp' or 'ssl'. (string value) +qpid_protocol=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["protocol"] %> + +# Whether to disable the Nagle algorithm. (boolean value) +qpid_tcp_nodelay=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["tcp_nodelay"] %> + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +qpid_topology_version=<%= node['openstack']['mq']['orchestration']['qpid']['topology_version'] %> + +qpid_reconnect_timeout=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_timeout"] %> +qpid_reconnect_limit=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_limit"] %> +qpid_reconnect_interval_min=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_interval_min"] %> +qpid_reconnect_interval_max=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_interval_max"] %> +qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_interval"] %> +<% end -%> + +# SSL version to use (valid only if SSL enabled). valid values +# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some +# distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +<% if @mq_service_type == "rabbitmq" %> + +# RabbitMQ HA cluster host:port pairs (list value) +<% if node["openstack"]["mq"]["orchestration"]["rabbit"]["ha"] -%> +rabbit_hosts=<%= @rabbit_hosts %> +<% else -%> +# The RabbitMQ broker address where a single node is used +# (string value) +# The RabbitMQ broker address where a single node is used. +# (string value) +rabbit_host=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["host"] %> + +# The RabbitMQ broker port where a single node is used. +# (integer value) +rabbit_port=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["port"] %> +<% end -%> + +# RabbitMQ HA cluster host:port pairs. (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +rabbit_use_ssl=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["use_ssl"] %> + +# The RabbitMQ userid. (string value) +rabbit_userid=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["userid"] %> + +# The RabbitMQ password. (string value) +rabbit_password=<%= @mq_password %> + +# the RabbitMQ login method (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +rabbit_virtual_host=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["vhost"] %> + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# If passed, use a fake RabbitMQ provider. (boolean value) +#fake_rabbit=false +<% end -%> + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet +# interface, or IP. The "host" option should point or resolve +# to this address. (string value) +#rpc_zmq_bind_address=* + +# MatchMaker driver. (string value) +#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost + +# ZeroMQ receiver listening port. (integer value) +#rpc_zmq_port=9501 + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts=1 + +# Maximum number of ingress messages to locally buffer per +# topic. Default is unlimited. (integer value) +#rpc_zmq_topic_backlog= + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir=/var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP +# address. Must match "host" option, if running Nova. (string +# value) +#rpc_zmq_host=heat + +# Seconds to wait before a cast expires (TTL). Only supported +# by impl_zmq. (integer value) +#rpc_cast_timeout=30 + +# Heartbeat frequency. (integer value) +#matchmaker_heartbeat_freq=300 + +# Heartbeat time-to-live. (integer value) +#matchmaker_heartbeat_ttl=600 + +# Host to locate redis. (string value) +#host=127.0.0.1 + +# Use this port to connect to redis host. (integer value) +#port=6379 + +# Password for Redis server (optional). (string value) +#password= + +# Size of RPC greenthread pool. (integer value) +rpc_thread_pool_size=<%= node["openstack"]["orchestration"]["rpc_thread_pool_size"] %> + +# Driver or drivers to handle sending notifications. (multi +# valued) +notification_driver = <%= node['openstack']['orchestration']['notification_driver'] %> + +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +notification_topics = <%= node['openstack']['orchestration']['notification_topics'] %> + +# Seconds to wait for a response from a call. (integer value) +rpc_response_timeout=<%= node["openstack"]["orchestration"]["rpc_response_timeout"] %> + +# A URL representing the messaging driver to use and its full +# configuration. If not set, we fall back to the rpc_backend +# option and driver specific configuration. (string value) +#transport_url= + +# The messaging driver to use, defaults to rabbit. Other +# drivers include qpid and zmq. (string value) +#rpc_backend=rabbit + +# The default exchange under which topics are scoped. May be +# overridden by an exchange name specified in the +# transport_url option. (string value) +#control_exchange=openstack + + +# +# Options defined in heat.api.middleware.ssl +# + +# The HTTP Header that will be used to determine which the +# original request protocol scheme was, even if it was removed +# by an SSL terminator proxy. (string value) +#secure_proxy_ssl_header=X-Forwarded-Proto + # # Options defined in heat.common.crypt @@ -148,23 +390,6 @@ region_name_for_services=<%= node['openstack']['orchestration']['region'] %> #keystone_backend=heat.common.heat_keystoneclient.KeystoneClientV3 -# -# Options defined in heat.common.wsgi -# - -# Maximum raw byte size of JSON request body. Should be larger -# than max_template_size. (integer value) -#max_json_body_size=1048576 - - -# -# Options defined in heat.db.api -# - -# The backend to use for db. (string value) -#db_backend=sqlalchemy - - # # Options defined in heat.engine.clients # @@ -174,6 +399,23 @@ region_name_for_services=<%= node['openstack']['orchestration']['region'] %> #cloud_backend=heat.engine.clients.OpenStackClients +# +# Options defined in heat.engine.notification +# + +# Default notification level for outgoing notifications +# (string value) +default_notification_level = <%= node['openstack']['orchestration']['default_notification_level'] %> + +# Default publisher_id for outgoing notifications (string +# value) +default_publisher_id = <%= node['openstack']['orchestration']['default_publisher_id'] %> + +# List of drivers to send notifications (DEPRECATED) (multi +# valued) +list_notifier_drivers = <%= node['openstack']['orchestration']['list_notifier_drivers'] %> + + # # Options defined in heat.engine.resources.loadbalancer # @@ -183,17 +425,6 @@ region_name_for_services=<%= node['openstack']['orchestration']['region'] %> #loadbalancer_template= -# -# Options defined in heat.openstack.common.db.sqlalchemy.session -# - -# the filename to use with sqlite (string value) -#sqlite_db=heat.sqlite - -# If true, use synchronous mode for sqlite (boolean value) -#sqlite_synchronous=true - - # # Options defined in heat.openstack.common.eventlet_backdoor # @@ -213,7 +444,7 @@ region_name_for_services=<%= node['openstack']['orchestration']['region'] %> # Options defined in heat.openstack.common.lockutils # -# Whether to disable inter-process locks (boolean value) +# Enables or disables inter-process locks. (boolean value) #disable_process_locking=false # Directory to use for lock files. (string value) @@ -232,47 +463,48 @@ debug=<%= node["openstack"]["orchestration"]["debug"] %> # of default WARNING level). (boolean value) verbose=<%= node["openstack"]["orchestration"]["verbose"] %> -# Log output to standard error (boolean value) +# Log output to standard error. (boolean value) #use_stderr=true -# format string to use for log messages with context (string +# Format string to use for log messages with context. (string # value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s +#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s -# format string to use for log messages without context +# Format string to use for log messages without context. # (string value) #logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s -# data to append to log format when level is DEBUG (string +# Data to append to log format when level is DEBUG. (string # value) #logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d -# prefix each line of exception output with this format +# Prefix each line of exception output with this format. # (string value) #logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s -# list of logger=LEVEL pairs (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,iso8601=WARN +# List of logger=LEVEL pairs. (list value) +#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN -# publish error events (boolean value) +# Enables or disables publication of error events. (boolean +# value) #publish_errors=false -# make deprecations fatal (boolean value) +# Enables or disables fatal status of deprecations. (boolean +# value) #fatal_deprecations=false -# If an instance is passed with the log message, format it -# like this (string value) +# The format for an instance that is passed with the log +# message. (string value) #instance_format="[instance: %(uuid)s] " -# If an instance UUID is passed with the log message, format -# it like this (string value) +# The format for an instance UUID that is passed with the log +# message. (string value) #instance_uuid_format="[instance: %(uuid)s] " -# The name of logging configuration file. It does not disable -# existing loggers, but just appends specified logging -# configuration to any other existing logging options. Please -# see the Python logging module documentation for details on -# logging configuration files. (string value) +# The name of a logging configuration file. This file is +# appended to any existing logging configuration files. For +# details about logging configuration files, see the Python +# logging module documentation. (string value) # Deprecated group/name - [DEFAULT]/log_config <% if node["openstack"]["orchestration"]["syslog"]["use"] %> log_config = /etc/openstack/logging.conf @@ -286,7 +518,7 @@ log_config = /etc/openstack/logging.conf #log_format= # Format string for %%(asctime)s in log records. Default: -# %(default)s (string value) +# %(default)s . (string value) #log_date_format=%Y-%m-%d %H:%M:%S # (Optional) Name of log file to output to. If no default is @@ -295,265 +527,38 @@ log_config = /etc/openstack/logging.conf #log_file= # (Optional) The base directory used for relative --log-file -# paths (string value) +# paths. (string value) # Deprecated group/name - [DEFAULT]/logdir #log_dir= -# Use syslog for logging. (boolean value) +# Use syslog for logging. Existing syslog format is DEPRECATED +# during I, and will change in J to honor RFC5424. (boolean +# value) #use_syslog=false -# syslog facility to receive log lines (string value) -#syslog_log_facility=LOG_USER - - -# -# Options defined in heat.openstack.common.notifier.api -# - -# Driver or drivers to handle sending notifications (multi -# valued) -notification_driver = <%= node['openstack']['orchestration']['notification_driver'] %> - -# Default notification level for outgoing notifications -# (string value) -default_notification_level = <%= node['openstack']['orchestration']['default_notification_level'] %> - -# Default publisher_id for outgoing notifications (string +# (Optional) Enables or disables syslog rfc5424 format for +# logging. If enabled, prefixes the MSG part of the syslog +# message with APP-NAME (RFC5424). The format without the APP- +# NAME is deprecated in I, and will be removed in J. (boolean # value) -default_publisher_id = <%= node['openstack']['orchestration']['default_publisher_id'] %> +#use_syslog_rfc_format=false - -# -# Options defined in heat.openstack.common.notifier.list_notifier -# - -# List of drivers to send notifications (multi valued) -list_notifier_drivers = <%= node['openstack']['orchestration']['list_notifier_drivers'] %> - -# -# Options defined in heat.openstack.common.notifier.rpc_notifier -# - -# AMQP topic used for OpenStack notifications (list value) -notification_topics = <%= node['openstack']['orchestration']['notification_topics'] %> +# Syslog facility to receive log lines. (string value) +#syslog_log_facility=LOG_USER # # Options defined in heat.openstack.common.policy # -# JSON file containing policy (string value) +# The JSON file that defines policies. (string value) #policy_file=policy.json -# Rule enforced when requested rule is not found (string -# value) +# Default rule. Enforced when a requested rule is not found. +# (string value) #policy_default_rule=default -# -# Options defined in heat.openstack.common.rpc -# - -# The messaging module to use, defaults to kombu. (string -# value) -#rpc_backend=heat.openstack.common.rpc.impl_kombu - -# Size of RPC thread pool (integer value) -rpc_thread_pool_size=<%= node["openstack"]["orchestration"]["rpc_thread_pool_size"] %> - -# Size of RPC connection pool (integer value) -rpc_conn_pool_size=<%= node["openstack"]["orchestration"]["rpc_conn_pool_size"] %> - -# Seconds to wait for a response from call or multicall -# (integer value) -rpc_response_timeout=<%= node["openstack"]["orchestration"]["rpc_response_timeout"] %> - -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 - -# Modules of exceptions that are permitted to be recreated -# upon receiving exception data from an rpc call. (list value) -#allowed_rpc_exception_modules=nova.exception,cinder.exception,exceptions - -# If passed, use a fake RabbitMQ provider (boolean value) -#fake_rabbit=false - -# AMQP exchange to connect to if using RabbitMQ or Qpid -# (string value) -#control_exchange=heat - - -# -# Options defined in heat.openstack.common.rpc.amqp -# - -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -amqp_durable_queues=<%= node['openstack']['mq']['orchestration']['durable_queues'] %> - -# Auto-delete queues in amqp. (boolean value) -amqp_auto_delete=<%= node['openstack']['mq']['orchestration']['auto_delete'] %> - - -# -# Options defined in heat.openstack.common.rpc.impl_kombu -# - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some -# distributions (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled) (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled) (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL enabled) -# (string value) -#kombu_ssl_ca_certs= - -<% if @mq_service_type == "rabbitmq" %> -# RabbitMQ HA cluster host:port pairs (list value) -<% if node["openstack"]["mq"]["orchestration"]["rabbit"]["ha"] -%> -rabbit_hosts=<%= @rabbit_hosts %> -<% else -%> -# The RabbitMQ broker address where a single node is used -# (string value) -rabbit_host=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["host"] %> - -# The RabbitMQ broker port where a single node is used -# (integer value) -rabbit_port=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["port"] %> -<% end -%> - - -# connect over SSL for RabbitMQ (boolean value) -rabbit_use_ssl=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["use_ssl"] %> - -# the RabbitMQ userid (string value) -rabbit_userid=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["userid"] %> - -# the RabbitMQ password (string value) -rabbit_password=<%= @mq_password %> - -# the RabbitMQ virtual host (string value) -rabbit_virtual_host=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["vhost"] %> - -# how frequently to retry connecting with RabbitMQ (integer -# value) -#rabbit_retry_interval=1 - -# how long to backoff for between retries when connecting to -# RabbitMQ (integer value) -#rabbit_retry_backoff=2 - -# maximum retries with trying to connect to RabbitMQ (the -# default of 0 implies an infinite retry count) (integer -# value) -#rabbit_max_retries=0 - -# use H/A queues in RabbitMQ (x-ha-policy: all).You need to -# wipe RabbitMQ database when changing this option. (boolean -# value) -#rabbit_ha_queues=false -<% end -%> - -# -# Options defined in heat.openstack.common.rpc.impl_qpid -# -<% if @mq_service_type == "qpid" %> - -rpc_backend=heat.openstack.common.rpc.impl_qpid - -# Qpid broker hostname (string value) -qpid_hostname=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["host"] %> - -# Qpid broker port (integer value) -qpid_port=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["port"] %> - -# Qpid HA cluster host:port pairs (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for qpid connection (string value) -qpid_username=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["username"] %> - -# Password for qpid connection (string value) -qpid_password=<%= @mq_password %> - -# Space separated list of SASL mechanisms to use for auth -# (string value) -qpid_sasl_mechanisms=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["sasl_mechanisms"] %> - -# Seconds between connection keepalive heartbeats (integer -# value) -qpid_heartbeat=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["heartbeat"] %> - -# Transport to use, either 'tcp' or 'ssl' (string value) -qpid_protocol=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["protocol"] %> - -# Disable Nagle algorithm (boolean value) -qpid_tcp_nodelay=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["tcp_nodelay"] %> - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -qpid_topology_version=<%= node['openstack']['mq']['orchestration']['qpid']['topology_version'] %> - -qpid_reconnect_timeout=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_timeout"] %> -qpid_reconnect_limit=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_limit"] %> -qpid_reconnect_interval_min=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_interval_min"] %> -qpid_reconnect_interval_max=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_interval_max"] %> -qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_interval"] %> -<% end -%> - -# -# Options defined in heat.openstack.common.rpc.impl_zmq -# - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* - -# MatchMaker driver (string value) -#rpc_zmq_matchmaker=heat.openstack.common.rpc.matchmaker.MatchMakerLocalhost - -# ZeroMQ receiver listening port (integer value) -#rpc_zmq_port=9501 - -# Number of ZeroMQ contexts, defaults to 1 (integer value) -#rpc_zmq_contexts=1 - -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog= - -# Directory for holding IPC sockets (string value) -#rpc_zmq_ipc_dir=/var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=heat - - -# -# Options defined in heat.openstack.common.rpc.matchmaker -# - -# Heartbeat frequency (integer value) -#matchmaker_heartbeat_freq=300 - -# Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 - - [auth_password] # @@ -650,6 +655,33 @@ qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["re #insecure=false +[clients_glance] + +# +# Options defined in heat.common.config +# + +# Type of endpoint in Identity service catalog to use for +# communication with the OpenStack service. (string value) +#endpoint_type=publicURL + +# Optional CA cert file to use in SSL connections. (string +# value) +#ca_file= + +# Optional PEM-formatted certificate chain file. (string +# value) +#cert_file= + +# Optional PEM-formatted file that contains the private key. +# (string value) +#key_file= + +# If set, then the server's certificate will not be verified. +# (boolean value) +#insecure=false + + [clients_heat] # @@ -676,6 +708,11 @@ qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["re # (boolean value) #insecure=false + +# +# Options defined in heat.common.config +# + # Optional heat url in format like # http://0.0.0.0:8004/v1/%(tenant_id)s. (string value) #url= @@ -762,6 +799,14 @@ qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["re #insecure=false +# +# Options defined in heat.common.config +# + +# Allow client's debug log output. (boolean value) +#http_log_debug=false + + [clients_swift] # @@ -819,81 +864,109 @@ qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["re [database] # -# Options defined in heat.openstack.common.db.api +# Options defined in oslo.db # -# The backend to use for db (string value) +# The file name to use with SQLite. (string value) +#sqlite_db=oslo.sqlite + +# If True, SQLite uses synchronous mode. (boolean value) +#sqlite_synchronous=true + +# The back end to use for the database. (string value) # Deprecated group/name - [DEFAULT]/db_backend #backend=sqlalchemy - -# -# Options defined in heat.openstack.common.db.sqlalchemy.session -# - -# The SQLAlchemy connection string used to connect to the -# database (string value) +# The SQLAlchemy connection string to use to connect to the +# database. (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection -#connection=sqlite:////heat/openstack/common/db/$sqlite_db +sql_connection=<%= @sql_connection %> -# The SQLAlchemy connection string used to connect to the -# slave database (string value) -#slave_connection= +# The SQLAlchemy connection string to use to connect to the +# slave database. (string value) +#slave_connection= -# timeout before idle sql connections are reaped (integer +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode=TRADITIONAL + +# Timeout before idle SQL connections are reaped. (integer # value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout #idle_timeout=3600 -# Minimum number of SQL connections to keep open in a pool +# Minimum number of SQL connections to keep open in a pool. # (integer value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size #min_pool_size=1 -# Maximum number of SQL connections to keep open in a pool +# Maximum number of SQL connections to keep open in a pool. # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size= -# maximum db connection retries during startup. (setting -1 -# implies an infinite retry count) (integer value) +# Maximum db connection retries during startup. Set to -1 to +# specify an infinite retry count. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries=10 -# interval between retries of opening a sql connection +# Interval between retries of opening a SQL connection. # (integer value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval #retry_interval=10 -# If set, use this value for max_overflow with sqlalchemy +# If set, use this value for max_overflow with SQLAlchemy. # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow #max_overflow= -# Verbosity of SQL debugging information. 0=None, -# 100=Everything (integer value) +# Verbosity of SQL debugging information: 0=None, +# 100=Everything. (integer value) # Deprecated group/name - [DEFAULT]/sql_connection_debug #connection_debug=0 -# Add python stack traces to SQL as comment strings (boolean +# Add Python stack traces to SQL as comment strings. (boolean # value) # Deprecated group/name - [DEFAULT]/sql_connection_trace #connection_trace=false -# If set, use this value for pool_timeout with sqlalchemy +# If set, use this value for pool_timeout with SQLAlchemy. # (integer value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout #pool_timeout= +# Enable the experimental use of database reconnect on +# connection lost. (boolean value) +#use_db_reconnect=false + +# Seconds between database connection retries. (integer value) +#db_retry_interval=1 + +# If True, increases the interval between database connection +# retries up to db_max_retry_interval. (boolean value) +#db_inc_retry_interval=true + +# If db_inc_retry_interval is set, the maximum seconds between +# database connection retries. (integer value) +#db_max_retry_interval=10 + +# Maximum database connection retries before error is raised. +# Set to -1 to specify an infinite retry count. (integer +# value) +#db_max_retries=20 + [ec2authtoken] @@ -1024,24 +1097,30 @@ bind_port=<%= @heat_api_cloudwatch_bind.port %> # Options defined in keystoneclient.middleware.auth_token # -# Prefix to prepend at the beginning of the path (string -# value) +# Prefix to prepend at the beginning of the path. Deprecated, +# use identity_uri. (string value) #auth_admin_prefix= -# Host providing the admin Identity API endpoint (string -# value) +# Host providing the admin Identity API endpoint. Deprecated, +# use identity_uri. (string value) auth_host=<%= @identity_admin_endpoint.host %> -# Port of the admin Identity API endpoint (integer value) +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) auth_port=<%= @identity_admin_endpoint.port %> -# Protocol of the admin Identity API endpoint(http or https) -# (string value) +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) auth_protocol=<%= @identity_admin_endpoint.scheme %> # Complete public Identity API endpoint (string value) auth_uri=<%= @auth_uri %> +# Complete admin Identity API endpoint. This should specify +# the unversioned root endpoint e.g. https://localhost:35357/ +# (string value) +#identity_uri= + # API version of the admin Identity API endpoint (string # value) auth_version=<%= node["openstack"]["orchestration"]["api"]["auth"]["version"] %> @@ -1059,9 +1138,12 @@ auth_version=<%= node["openstack"]["orchestration"]["api"]["auth"]["version"] %> # with Identity API Server. (integer value) #http_request_max_retries=3 -# Single shared secret with the Keystone configuration used -# for bootstrapping a Keystone installation, or otherwise -# bypassing the normal authentication process. (string value) +# This option is deprecated and may be removed in a future +# release. Single shared secret with the Keystone +# configuration used for bootstrapping a Keystone +# installation, or otherwise bypassing the normal +# authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) #admin_token= # Keystone account username (string value) @@ -1113,7 +1195,7 @@ signing_dir=<%= node['openstack']['orchestration']['api']['auth']['cache_dir'] # number of revocation events combined with a low cache # duration may significantly reduce performance. (integer # value) -#revocation_cache_time=300 +#revocation_cache_time=10 # (optional) if defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable @@ -1146,22 +1228,22 @@ signing_dir=<%= node['openstack']['orchestration']['api']['auth']['cache_dir'] # value) #enforce_token_bind=permissive +# If true, the revocation list will be checked for cached +# tokens. This requires that PKI tokens are configured on the +# Keystone server. (boolean value) +#check_revocations_for_cached=false -[matchmaker_redis] - -# -# Options defined in heat.openstack.common.rpc.matchmaker_redis -# - -# Host to locate redis (string value) -#host=127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port=6379 - -# Password for Redis server. (optional) (string value) -#password= - +# Hash algorithms to use for hashing PKI tokens. This may be a +# single algorithm or multiple. The algorithms are those +# supported by Python standard hashlib.new(). The hashes will +# be tried in the order given, so put the preferred one first +# for performance. The result of the first hash will be stored +# in the cache. This will typically be set to multiple values +# only while migrating from a less secure algorithm to a more +# secure one. Once all the old tokens are expired this option +# should be set to a single value for better performance. +# (list value) +#hash_algorithms=md5 [matchmaker_ring] @@ -1169,7 +1251,7 @@ signing_dir=<%= node['openstack']['orchestration']['api']['auth']['cache_dir'] # Options defined in heat.openstack.common.rpc.matchmaker_ring # -# Matchmaker ring file (JSON) (string value) +# Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile #ringfile=/etc/oslo/matchmaker_ring.json @@ -1200,30 +1282,3 @@ signing_dir=<%= node['openstack']['orchestration']['api']['auth']['cache_dir'] #heat_revision=unknown -[rpc_notifier2] - -# -# Options defined in heat.openstack.common.notifier.rpc_notifier2 -# - -# AMQP topic(s) used for OpenStack notifications (list value) -#topics=notifications - - -[ssl] - -# -# Options defined in heat.openstack.common.sslutils -# - -# CA certificate file to use to verify connecting clients -# (string value) -#ca_file= - -# Certificate file to use when starting the server securely -# (string value) -#cert_file= - -# Private key file to use when starting the server securely -# (string value) -#key_file=