Update conf file with icehouse release changes
Sync api-paste.ini with ssl support Sync heat.conf with comment changes and additional sections. Change-Id: Icff75c6737f37df8466cf2b9d591483d8f917509 Closes-Bug: 1300320
This commit is contained in:
parent
48db4ab1fc
commit
cd7f69d21b
|
@ -2,7 +2,7 @@
|
|||
|
||||
# heat-api pipeline
|
||||
[pipeline:heat-api]
|
||||
pipeline = faultwrap versionnegotiation authurl authtoken context apiv1app
|
||||
pipeline = faultwrap ssl versionnegotiation authurl authtoken context apiv1app
|
||||
|
||||
# heat-api pipeline for standalone heat
|
||||
# ie. uses alternative auth backend that authenticates users against keystone
|
||||
|
@ -13,7 +13,7 @@ pipeline = faultwrap versionnegotiation authurl authtoken context apiv1app
|
|||
# flavor = standalone
|
||||
#
|
||||
[pipeline:heat-api-standalone]
|
||||
pipeline = faultwrap versionnegotiation authpassword context apiv1app
|
||||
pipeline = faultwrap ssl versionnegotiation authurl authpassword context apiv1app
|
||||
|
||||
# heat-api pipeline for custom cloud backends
|
||||
# i.e. in heat.conf:
|
||||
|
@ -75,6 +75,10 @@ paste.filter_factory = heat.common.context:ContextMiddleware_filter_factory
|
|||
[filter:ec2authtoken]
|
||||
paste.filter_factory = heat.api.aws.ec2token:EC2Token_filter_factory
|
||||
|
||||
[filter:ssl]
|
||||
paste.filter_factory = heat.common.wsgi:filter_factory
|
||||
heat.filter_factory = heat.api.openstack:sslmiddleware_filter
|
||||
|
||||
# Middleware to set auth_url header appropriately
|
||||
[filter:authurl]
|
||||
paste.filter_factory = heat.common.auth_url:filter_factory
|
||||
|
|
|
@ -1,16 +1,30 @@
|
|||
<%= node["openstack"]["orchestration"]["custom_template_banner"] %>
|
||||
|
||||
[DEFAULT]
|
||||
|
||||
#
|
||||
# Options defined in heat.api.middleware.ssl
|
||||
#
|
||||
|
||||
# The HTTP Header that will be used to determine which the
|
||||
# original request protocol scheme was, even if it was removed
|
||||
# by an SSL terminator proxy. (string value)
|
||||
#secure_proxy_ssl_header=X-Forwarded-Proto
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
sql_connection=<%= @sql_connection %>
|
||||
|
||||
# The default user for new instances (string value)
|
||||
# The default user for new instances. This option is
|
||||
# deprecated and will be removed in the Juno release. If it's
|
||||
# empty, Heat will use the default user set up with your cloud
|
||||
# image (for OS::Nova::Server) or 'ec2-user' (for
|
||||
# AWS::EC2::Instance). (string value)
|
||||
#instance_user=ec2-user
|
||||
|
||||
# Driver to use for controlling instances (string value)
|
||||
# Driver to use for controlling instances. (string value)
|
||||
#instance_driver=heat.engine.nova
|
||||
|
||||
# Engine identifier for multi-engine distributed lock. If
|
||||
|
@ -18,17 +32,19 @@ sql_connection=<%= @sql_connection %>
|
|||
# (string value)
|
||||
#engine_id=generate_uuid
|
||||
|
||||
# List of directories to search for Plugins (list value)
|
||||
# List of directories to search for plug-ins. (list value)
|
||||
#plugin_dirs=/usr/lib64/heat,/usr/lib/heat
|
||||
|
||||
# The directory to search for environment files (string value)
|
||||
# The directory to search for environment files. (string
|
||||
# value)
|
||||
#environment_dir=/etc/heat/environment.d
|
||||
|
||||
# Select deferred auth method, stored password or trusts
|
||||
# Select deferred auth method, stored password or trusts.
|
||||
# (string value)
|
||||
#deferred_auth_method=password
|
||||
|
||||
# Subset of trustor roles to be delegated to heat (list value)
|
||||
# Subset of trustor roles to be delegated to heat. (list
|
||||
# value)
|
||||
#trusts_delegated_roles=heat_stack_owner
|
||||
|
||||
# Maximum resources allowed per top-level stack. (integer
|
||||
|
@ -50,33 +66,62 @@ sql_connection=<%= @sql_connection %>
|
|||
# unlimited events per stack. (integer value)
|
||||
#max_events_per_stack=1000
|
||||
|
||||
# Name of the engine node. This can be an opaque identifier.It
|
||||
# is not necessarily a hostname, FQDN, or IP address. (string
|
||||
# value)
|
||||
# RPC timeout for the engine liveness check that is used for
|
||||
# stack locking. (integer value)
|
||||
#engine_life_check_timeout=2
|
||||
|
||||
# onready allows you to send a notification when the heat
|
||||
# processes are ready to serve. This is either a module with
|
||||
# the notify() method or a shell command. To enable
|
||||
# notifications with systemd, one may use the 'systemd-notify
|
||||
# --ready' shell command or the 'heat.common.systemd'
|
||||
# notification module. (string value)
|
||||
#onready=<None>
|
||||
|
||||
# Name of the engine node. This can be an opaque identifier.
|
||||
# It is not necessarily a hostname, FQDN, or IP address.
|
||||
# (string value)
|
||||
#host=heat
|
||||
|
||||
# seconds between running periodic tasks (integer value)
|
||||
# Seconds between running periodic tasks. (integer value)
|
||||
#periodic_interval=60
|
||||
|
||||
# URL of the Heat metadata server (string value)
|
||||
# URL of the Heat metadata server. (string value)
|
||||
heat_metadata_server_url=http://<%= @heat_api_cfn_endpoint.host %>:<%= @heat_api_cfn_endpoint.port %>
|
||||
|
||||
# URL of the Heat waitcondition server (string value)
|
||||
# URL of the Heat waitcondition server. (string value)
|
||||
heat_waitcondition_server_url=http://<%= @heat_api_cfn_endpoint.host %>:<%= @heat_api_cfn_endpoint.port %><%= @heat_api_cfn_endpoint.path %>/waitcondition
|
||||
|
||||
# URL of the Heat cloudwatch server (string value)
|
||||
# URL of the Heat CloudWatch server. (string value)
|
||||
heat_watch_server_url=http://<%= @heat_api_cloudwatch_endpoint.host %>:<%= @heat_api_cloudwatch_endpoint.port %>
|
||||
|
||||
# Instance connection to cfn/cw API via https (string value)
|
||||
# Instance connection to CFN/CW API via https. (string value)
|
||||
#instance_connection_is_secure=0
|
||||
|
||||
# Instance connection to cfn/cw API validate certs if ssl
|
||||
# (string value)
|
||||
# Instance connection to CFN/CW API validate certs if SSL is
|
||||
# used. (string value)
|
||||
#instance_connection_https_validate_certificates=1
|
||||
|
||||
# Keystone role for heat template-defined users (string value)
|
||||
# Default region name used to get services endpoints. (string
|
||||
# value)
|
||||
#region_name_for_services=<None>
|
||||
|
||||
# Keystone role for heat template-defined users. (string
|
||||
# value)
|
||||
#heat_stack_user_role=heat_stack_user
|
||||
|
||||
# Keystone domain ID which contains heat template-defined
|
||||
# users. (string value)
|
||||
#stack_user_domain=<None>
|
||||
|
||||
# Keystone username, a user with roles sufficient to manage
|
||||
# users and projects in the stack_user_domain. (string value)
|
||||
#stack_domain_admin=<None>
|
||||
|
||||
# Keystone password for stack_domain_admin user. (string
|
||||
# value)
|
||||
#stack_domain_admin_password=<None>
|
||||
|
||||
# Maximum raw byte size of any template. (integer value)
|
||||
#max_template_size=524288
|
||||
|
||||
|
@ -89,11 +134,20 @@ heat_watch_server_url=http://<%= @heat_api_cloudwatch_endpoint.host %>:<%= @heat
|
|||
# Options defined in heat.common.crypt
|
||||
#
|
||||
|
||||
# Encryption key used for authentication info in database
|
||||
# Encryption key used for authentication info in database.
|
||||
# (string value)
|
||||
#auth_encryption_key=notgood but just long enough i think
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.common.heat_keystoneclient
|
||||
#
|
||||
|
||||
# Fully qualified class name to use as a keystone backend.
|
||||
# (string value)
|
||||
#keystone_backend=heat.common.heat_keystoneclient.KeystoneClientV3
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.common.wsgi
|
||||
#
|
||||
|
@ -107,7 +161,7 @@ heat_watch_server_url=http://<%= @heat_api_cloudwatch_endpoint.host %>:<%= @heat
|
|||
# Options defined in heat.db.api
|
||||
#
|
||||
|
||||
# The backend to use for db (string value)
|
||||
# The backend to use for db. (string value)
|
||||
#db_backend=sqlalchemy
|
||||
|
||||
|
||||
|
@ -120,6 +174,15 @@ heat_watch_server_url=http://<%= @heat_api_cloudwatch_endpoint.host %>:<%= @heat
|
|||
#cloud_backend=heat.engine.clients.OpenStackClients
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.engine.resources.loadbalancer
|
||||
#
|
||||
|
||||
# Custom template for the built-in loadbalancer nested stack.
|
||||
# (string value)
|
||||
#loadbalancer_template=<None>
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.db.sqlalchemy.session
|
||||
#
|
||||
|
@ -189,7 +252,7 @@ verbose=<%= node["openstack"]["orchestration"]["verbose"] %>
|
|||
#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
|
||||
|
||||
# list of logger=LEVEL pairs (list value)
|
||||
#default_log_levels=amqplib=WARN,sqlalchemy=WARN,boto=WARN,suds=INFO,keystone=INFO,eventlet.wsgi.server=WARN
|
||||
#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,iso8601=WARN
|
||||
|
||||
# publish error events (boolean value)
|
||||
#publish_errors=false
|
||||
|
@ -205,20 +268,12 @@ verbose=<%= node["openstack"]["orchestration"]["verbose"] %>
|
|||
# it like this (string value)
|
||||
#instance_uuid_format="[instance: %(uuid)s] "
|
||||
|
||||
# (Optional) In addition to the system's default language log,
|
||||
# creates an additional log in the given language if such
|
||||
# language is present in the operating system. This option is
|
||||
# only enabled if the 'log-file' option is used, and the
|
||||
# additional log will be created in the same directory of the
|
||||
# main log, inside a directory named after the locale. This is
|
||||
# an OSEE-only property. (string value)
|
||||
#log_additional_locale=<None>
|
||||
|
||||
# If this option is specified, the logging configuration file
|
||||
# specified is used and overrides any other logging options
|
||||
# specified. Please see the Python logging module
|
||||
# documentation for details on logging configuration files.
|
||||
# (string value)
|
||||
# The name of logging configuration file. It does not disable
|
||||
# existing loggers, but just appends specified logging
|
||||
# configuration to any other existing logging options. Please
|
||||
# see the Python logging module documentation for details on
|
||||
# logging configuration files. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/log_config
|
||||
<% if node["openstack"]["orchestration"]["syslog"]["use"] %>
|
||||
log_config = /etc/openstack/logging.conf
|
||||
<% end %>
|
||||
|
@ -236,10 +291,12 @@ log_config = /etc/openstack/logging.conf
|
|||
|
||||
# (Optional) Name of log file to output to. If no default is
|
||||
# set, logging will go to stdout. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/logfile
|
||||
#log_file=<None>
|
||||
|
||||
# (Optional) The base directory used for relative --log-file
|
||||
# paths (string value)
|
||||
# Deprecated group/name - [DEFAULT]/logdir
|
||||
#log_dir=<None>
|
||||
|
||||
# Use syslog for logging. (boolean value)
|
||||
|
@ -278,7 +335,7 @@ log_config = /etc/openstack/logging.conf
|
|||
# Options defined in heat.openstack.common.notifier.rpc_notifier
|
||||
#
|
||||
|
||||
# AMQP topic used for openstack notifications (list value)
|
||||
# AMQP topic used for OpenStack notifications (list value)
|
||||
#notification_topics=notifications
|
||||
|
||||
|
||||
|
@ -300,7 +357,7 @@ log_config = /etc/openstack/logging.conf
|
|||
|
||||
# The messaging module to use, defaults to kombu. (string
|
||||
# value)
|
||||
#rpc_backend=
|
||||
#rpc_backend=heat.openstack.common.rpc.impl_kombu
|
||||
|
||||
# Size of RPC thread pool (integer value)
|
||||
rpc_thread_pool_size=<%= node["openstack"]["orchestration"]["rpc_thread_pool_size"] %>
|
||||
|
@ -316,16 +373,16 @@ rpc_response_timeout=<%= node["openstack"]["orchestration"]["rpc_response_timeou
|
|||
# by impl_zmq. (integer value)
|
||||
#rpc_cast_timeout=30
|
||||
|
||||
# Modules of exceptions that are permitted to be recreatedupon
|
||||
# receiving exception data from an rpc call. (list value)
|
||||
#allowed_rpc_exception_modules=heat.openstack.common.exception,heat.common.exception,nova.exception,cinder.exception,exceptions
|
||||
# Modules of exceptions that are permitted to be recreated
|
||||
# upon receiving exception data from an rpc call. (list value)
|
||||
#allowed_rpc_exception_modules=nova.exception,cinder.exception,exceptions
|
||||
|
||||
# If passed, use a fake RabbitMQ provider (boolean value)
|
||||
#fake_rabbit=false
|
||||
|
||||
# AMQP exchange to connect to if using RabbitMQ or Qpid
|
||||
# (string value)
|
||||
#control_exchange=openstack
|
||||
#control_exchange=heat
|
||||
|
||||
|
||||
#
|
||||
|
@ -333,6 +390,7 @@ rpc_response_timeout=<%= node["openstack"]["orchestration"]["rpc_response_timeou
|
|||
#
|
||||
|
||||
# Use durable queues in amqp. (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
|
||||
#amqp_durable_queues=false
|
||||
|
||||
# Auto-delete queues in amqp. (boolean value)
|
||||
|
@ -357,36 +415,33 @@ rpc_response_timeout=<%= node["openstack"]["orchestration"]["rpc_response_timeou
|
|||
# SSL certification authority file (valid only if SSL enabled)
|
||||
# (string value)
|
||||
#kombu_ssl_ca_certs=
|
||||
|
||||
<% if @mq_service_type == "rabbitmq" %>
|
||||
# RabbitMQ HA cluster host:port pairs (list value)
|
||||
<% if node["openstack"]["mq"]["orchestration"]["rabbit"]["ha"] -%>
|
||||
rabbit_hosts=<%= @rabbit_hosts %>
|
||||
#### (ListOpt) RabbitMQ HA cluster host:port pairs
|
||||
|
||||
# rabbit_durable_queues=false
|
||||
#### (BoolOpt) use durable queues in RabbitMQ
|
||||
|
||||
rabbit_ha_queues=True
|
||||
#### (BoolOpt) use H/A queues in RabbitMQ (x-ha-policy: all).You need to
|
||||
#### wipe RabbitMQ database when changing this option.
|
||||
<% else -%>
|
||||
# The RabbitMQ broker address where a single node is used
|
||||
# (string value)
|
||||
rabbit_host=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["host"] %>
|
||||
#### (StrOpt) The RabbitMQ broker address where a single node is used
|
||||
|
||||
# The RabbitMQ broker port where a single node is used
|
||||
# (integer value)
|
||||
rabbit_port=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["port"] %>
|
||||
#### (IntOpt) The RabbitMQ broker port where a single node is used
|
||||
<% end -%>
|
||||
|
||||
|
||||
# connect over SSL for RabbitMQ (boolean value)
|
||||
rabbit_use_ssl=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["use_ssl"] %>
|
||||
|
||||
# the RabbitMQ userid (string value)
|
||||
rabbit_userid=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["userid"] %>
|
||||
#### (StrOpt) the RabbitMQ userid
|
||||
|
||||
# the RabbitMQ password (string value)
|
||||
rabbit_password=<%= @mq_password %>
|
||||
#### (StrOpt) the RabbitMQ password
|
||||
|
||||
# the RabbitMQ virtual host (string value)
|
||||
rabbit_virtual_host=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["vhost"] %>
|
||||
#### (StrOpt) the RabbitMQ virtual host
|
||||
|
||||
# how frequently to retry connecting with RabbitMQ (integer
|
||||
# value)
|
||||
|
@ -500,24 +555,267 @@ qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["re
|
|||
#matchmaker_heartbeat_ttl=600
|
||||
|
||||
|
||||
[ssl]
|
||||
[auth_password]
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.sslutils
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# CA certificate file to use to verify connecting clients
|
||||
# (string value)
|
||||
# Allow orchestration of multiple clouds. (boolean value)
|
||||
#multi_cloud=false
|
||||
|
||||
# Allowed keystone endpoints for auth_uri when multi_cloud is
|
||||
# enabled. At least one endpoint needs to be specified. (list
|
||||
# value)
|
||||
#allowed_auth_uris=
|
||||
|
||||
|
||||
[clients]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# Type of endpoint in Identity service catalog to use for
|
||||
# communication with the OpenStack service. (string value)
|
||||
#endpoint_type=publicURL
|
||||
|
||||
# Optional CA cert file to use in SSL connections. (string
|
||||
# value)
|
||||
#ca_file=<None>
|
||||
|
||||
# Certificate file to use when starting the server securely
|
||||
# (string value)
|
||||
# Optional PEM-formatted certificate chain file. (string
|
||||
# value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Private key file to use when starting the server securely
|
||||
# Optional PEM-formatted file that contains the private key.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# If set, then the server's certificate will not be verified.
|
||||
# (boolean value)
|
||||
#insecure=false
|
||||
|
||||
|
||||
[clients_ceilometer]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# Type of endpoint in Identity service catalog to use for
|
||||
# communication with the OpenStack service. (string value)
|
||||
#endpoint_type=publicURL
|
||||
|
||||
# Optional CA cert file to use in SSL connections. (string
|
||||
# value)
|
||||
#ca_file=<None>
|
||||
|
||||
# Optional PEM-formatted certificate chain file. (string
|
||||
# value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Optional PEM-formatted file that contains the private key.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# If set, then the server's certificate will not be verified.
|
||||
# (boolean value)
|
||||
#insecure=false
|
||||
|
||||
|
||||
[clients_cinder]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# Type of endpoint in Identity service catalog to use for
|
||||
# communication with the OpenStack service. (string value)
|
||||
#endpoint_type=publicURL
|
||||
|
||||
# Optional CA cert file to use in SSL connections. (string
|
||||
# value)
|
||||
#ca_file=<None>
|
||||
|
||||
# Optional PEM-formatted certificate chain file. (string
|
||||
# value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Optional PEM-formatted file that contains the private key.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# If set, then the server's certificate will not be verified.
|
||||
# (boolean value)
|
||||
#insecure=false
|
||||
|
||||
|
||||
[clients_heat]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# Type of endpoint in Identity service catalog to use for
|
||||
# communication with the OpenStack service. (string value)
|
||||
#endpoint_type=publicURL
|
||||
|
||||
# Optional CA cert file to use in SSL connections. (string
|
||||
# value)
|
||||
#ca_file=<None>
|
||||
|
||||
# Optional PEM-formatted certificate chain file. (string
|
||||
# value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Optional PEM-formatted file that contains the private key.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# If set, then the server's certificate will not be verified.
|
||||
# (boolean value)
|
||||
#insecure=false
|
||||
|
||||
# Optional heat url in format like
|
||||
# http://0.0.0.0:8004/v1/%(tenant_id)s. (string value)
|
||||
#url=<None>
|
||||
|
||||
|
||||
[clients_keystone]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# Type of endpoint in Identity service catalog to use for
|
||||
# communication with the OpenStack service. (string value)
|
||||
#endpoint_type=publicURL
|
||||
|
||||
# Optional CA cert file to use in SSL connections. (string
|
||||
# value)
|
||||
#ca_file=<None>
|
||||
|
||||
# Optional PEM-formatted certificate chain file. (string
|
||||
# value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Optional PEM-formatted file that contains the private key.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# If set, then the server's certificate will not be verified.
|
||||
# (boolean value)
|
||||
#insecure=false
|
||||
|
||||
|
||||
[clients_neutron]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# Type of endpoint in Identity service catalog to use for
|
||||
# communication with the OpenStack service. (string value)
|
||||
#endpoint_type=publicURL
|
||||
|
||||
# Optional CA cert file to use in SSL connections. (string
|
||||
# value)
|
||||
#ca_file=<None>
|
||||
|
||||
# Optional PEM-formatted certificate chain file. (string
|
||||
# value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Optional PEM-formatted file that contains the private key.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# If set, then the server's certificate will not be verified.
|
||||
# (boolean value)
|
||||
#insecure=false
|
||||
|
||||
|
||||
[clients_nova]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# Type of endpoint in Identity service catalog to use for
|
||||
# communication with the OpenStack service. (string value)
|
||||
#endpoint_type=publicURL
|
||||
|
||||
# Optional CA cert file to use in SSL connections. (string
|
||||
# value)
|
||||
#ca_file=<None>
|
||||
|
||||
# Optional PEM-formatted certificate chain file. (string
|
||||
# value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Optional PEM-formatted file that contains the private key.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# If set, then the server's certificate will not be verified.
|
||||
# (boolean value)
|
||||
#insecure=false
|
||||
|
||||
|
||||
[clients_swift]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# Type of endpoint in Identity service catalog to use for
|
||||
# communication with the OpenStack service. (string value)
|
||||
#endpoint_type=publicURL
|
||||
|
||||
# Optional CA cert file to use in SSL connections. (string
|
||||
# value)
|
||||
#ca_file=<None>
|
||||
|
||||
# Optional PEM-formatted certificate chain file. (string
|
||||
# value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Optional PEM-formatted file that contains the private key.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# If set, then the server's certificate will not be verified.
|
||||
# (boolean value)
|
||||
#insecure=false
|
||||
|
||||
|
||||
[clients_trove]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# Type of endpoint in Identity service catalog to use for
|
||||
# communication with the OpenStack service. (string value)
|
||||
#endpoint_type=publicURL
|
||||
|
||||
# Optional CA cert file to use in SSL connections. (string
|
||||
# value)
|
||||
#ca_file=<None>
|
||||
|
||||
# Optional PEM-formatted certificate chain file. (string
|
||||
# value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Optional PEM-formatted file that contains the private key.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# If set, then the server's certificate will not be verified.
|
||||
# (boolean value)
|
||||
#insecure=false
|
||||
|
||||
|
||||
[database]
|
||||
|
||||
|
@ -526,12 +824,9 @@ qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["re
|
|||
#
|
||||
|
||||
# The backend to use for db (string value)
|
||||
# Deprecated group/name - [DEFAULT]/db_backend
|
||||
#backend=sqlalchemy
|
||||
|
||||
# Enable the experimental use of thread pooling for all DB API
|
||||
# calls (boolean value)
|
||||
#use_tpool=false
|
||||
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.db.sqlalchemy.session
|
||||
|
@ -539,6 +834,9 @@ qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["re
|
|||
|
||||
# The SQLAlchemy connection string used to connect to the
|
||||
# database (string value)
|
||||
# Deprecated group/name - [DEFAULT]/sql_connection
|
||||
# Deprecated group/name - [DATABASE]/sql_connection
|
||||
# Deprecated group/name - [sql]/connection
|
||||
#connection=sqlite:////heat/openstack/common/db/$sqlite_db
|
||||
|
||||
# The SQLAlchemy connection string used to connect to the
|
||||
|
@ -547,74 +845,67 @@ qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["re
|
|||
|
||||
# timeout before idle sql connections are reaped (integer
|
||||
# value)
|
||||
# Deprecated group/name - [DEFAULT]/sql_idle_timeout
|
||||
# Deprecated group/name - [DATABASE]/sql_idle_timeout
|
||||
# Deprecated group/name - [sql]/idle_timeout
|
||||
#idle_timeout=3600
|
||||
|
||||
# Minimum number of SQL connections to keep open in a pool
|
||||
# (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
|
||||
# Deprecated group/name - [DATABASE]/sql_min_pool_size
|
||||
#min_pool_size=1
|
||||
|
||||
# Maximum number of SQL connections to keep open in a pool
|
||||
# (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
|
||||
# Deprecated group/name - [DATABASE]/sql_max_pool_size
|
||||
#max_pool_size=<None>
|
||||
|
||||
# maximum db connection retries during startup. (setting -1
|
||||
# implies an infinite retry count) (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/sql_max_retries
|
||||
# Deprecated group/name - [DATABASE]/sql_max_retries
|
||||
#max_retries=10
|
||||
|
||||
# interval between retries of opening a sql connection
|
||||
# (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/sql_retry_interval
|
||||
# Deprecated group/name - [DATABASE]/reconnect_interval
|
||||
#retry_interval=10
|
||||
|
||||
# If set, use this value for max_overflow with sqlalchemy
|
||||
# (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/sql_max_overflow
|
||||
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
|
||||
#max_overflow=<None>
|
||||
|
||||
# Verbosity of SQL debugging information. 0=None,
|
||||
# 100=Everything (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/sql_connection_debug
|
||||
#connection_debug=0
|
||||
|
||||
# Add python stack traces to SQL as comment strings (boolean
|
||||
# value)
|
||||
# Deprecated group/name - [DEFAULT]/sql_connection_trace
|
||||
#connection_trace=false
|
||||
|
||||
# If set, use this value for pool_timeout with sqlalchemy
|
||||
# (integer value)
|
||||
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
|
||||
#pool_timeout=<None>
|
||||
|
||||
|
||||
[paste_deploy]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# The flavor to use (string value)
|
||||
#flavor=<None>
|
||||
|
||||
# The API paste config file to use (string value)
|
||||
#api_paste_config=api-paste.ini
|
||||
|
||||
|
||||
[rpc_notifier2]
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.notifier.rpc_notifier2
|
||||
#
|
||||
|
||||
# AMQP topic(s) used for openstack notifications (list value)
|
||||
#topics=notifications
|
||||
|
||||
|
||||
[ec2authtoken]
|
||||
|
||||
#
|
||||
# Options defined in heat.api.aws.ec2token
|
||||
#
|
||||
|
||||
# Authentication Endpoint URI (string value)
|
||||
# Authentication Endpoint URI. (string value)
|
||||
#auth_uri=<None>
|
||||
|
||||
# Allow orchestration of multiple clouds (boolean value)
|
||||
# Allow orchestration of multiple clouds. (boolean value)
|
||||
#multi_cloud=false
|
||||
|
||||
# Allowed keystone endpoints for auth_uri when multi_cloud is
|
||||
|
@ -623,35 +914,8 @@ qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["re
|
|||
#allowed_auth_uris=
|
||||
|
||||
|
||||
[heat_api_cloudwatch]
|
||||
#
|
||||
# Options defined in heat.common.wsgi
|
||||
#
|
||||
|
||||
# Address to bind the server. Useful when selecting a
|
||||
# particular network interface. (string value)
|
||||
bind_host=<%= @heat_api_cloudwatch_endpoint.host %>
|
||||
|
||||
# The port on which the server will listen. (integer value)
|
||||
bind_port=<%= @heat_api_cloudwatch_endpoint.port %>
|
||||
|
||||
# Number of backlog requests to configure the socket with
|
||||
# (integer value)
|
||||
#backlog=4096
|
||||
|
||||
# Location of the SSL Certificate File to use for SSL mode
|
||||
# (string value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Location of the SSL Key File to use for enabling SSL mode
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# Number of workers for Heat service (integer value)
|
||||
#workers=0
|
||||
|
||||
|
||||
[heat_api]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.wsgi
|
||||
#
|
||||
|
@ -663,23 +927,30 @@ bind_host=<%= @heat_api_endpoint.host %>
|
|||
# The port on which the server will listen. (integer value)
|
||||
bind_port=<%= @heat_api_endpoint.port %>
|
||||
|
||||
# Number of backlog requests to configure the socket with
|
||||
# Number of backlog requests to configure the socket with.
|
||||
# (integer value)
|
||||
#backlog=4096
|
||||
|
||||
# Location of the SSL Certificate File to use for SSL mode
|
||||
# Location of the SSL certificate file to use for SSL mode.
|
||||
# (string value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Location of the SSL Key File to use for enabling SSL mode
|
||||
# Location of the SSL key file to use for enabling SSL mode.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# Number of workers for Heat service (integer value)
|
||||
# Number of workers for Heat service. (integer value)
|
||||
#workers=0
|
||||
|
||||
# Maximum line size of message headers to be accepted.
|
||||
# max_header_line may need to be increased when using large
|
||||
# tokens (typically those generated by the Keystone v3 API
|
||||
# with big service catalogs). (integer value)
|
||||
#max_header_line=16384
|
||||
|
||||
|
||||
[heat_api_cfn]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.wsgi
|
||||
#
|
||||
|
@ -691,23 +962,65 @@ bind_host=<%= @heat_api_cfn_endpoint.host %>
|
|||
# The port on which the server will listen. (integer value)
|
||||
bind_port=<%= @heat_api_cfn_endpoint.port %>
|
||||
|
||||
# Number of backlog requests to configure the socket with
|
||||
# Number of backlog requests to configure the socket with.
|
||||
# (integer value)
|
||||
#backlog=4096
|
||||
|
||||
# Location of the SSL Certificate File to use for SSL mode
|
||||
# Location of the SSL certificate file to use for SSL mode.
|
||||
# (string value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Location of the SSL Key File to use for enabling SSL mode
|
||||
# Location of the SSL key file to use for enabling SSL mode.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# Number of workers for Heat service (integer value)
|
||||
# Number of workers for Heat service. (integer value)
|
||||
#workers=0
|
||||
|
||||
# Maximum line size of message headers to be accepted.
|
||||
# max_header_line may need to be increased when using large
|
||||
# tokens (typically those generated by the Keystone v3 API
|
||||
# with big service catalogs). (integer value)
|
||||
#max_header_line=16384
|
||||
|
||||
|
||||
[heat_api_cloudwatch]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.wsgi
|
||||
#
|
||||
|
||||
# Address to bind the server. Useful when selecting a
|
||||
# particular network interface. (string value)
|
||||
bind_host=<%= @heat_api_cloudwatch_endpoint.host %>
|
||||
|
||||
# The port on which the server will listen. (integer value)
|
||||
bind_port=<%= @heat_api_cloudwatch_endpoint.port %>
|
||||
|
||||
# Number of backlog requests to configure the socket with.
|
||||
# (integer value)
|
||||
#backlog=4096
|
||||
|
||||
# Location of the SSL certificate file to use for SSL mode.
|
||||
# (string value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Location of the SSL key file to use for enabling SSL mode.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
# Number of workers for Heat service. (integer value)
|
||||
#workers=0
|
||||
|
||||
# Maximum line size of message headers to be accepted.
|
||||
# max_header_line may need to be increased when using large
|
||||
# tokens (typically those generated by the Keystone v3 API
|
||||
# with big service catalogs.) (integer value)
|
||||
#max_header_line=16384
|
||||
|
||||
|
||||
[keystone_authtoken]
|
||||
|
||||
#
|
||||
# Options defined in keystoneclient.middleware.auth_token
|
||||
#
|
||||
|
@ -747,12 +1060,6 @@ auth_version=<%= node["openstack"]["orchestration"]["api"]["auth"]["version"] %>
|
|||
# with Identity API Server. (integer value)
|
||||
#http_request_max_retries=3
|
||||
|
||||
# Allows to pass in the name of a fake http_handler callback
|
||||
# function used instead of httplib.HTTPConnection or
|
||||
# httplib.HTTPSConnection. Useful for unit testing where
|
||||
# network is not available. (string value)
|
||||
#http_handler=<None>
|
||||
|
||||
# Single shared secret with the Keystone configuration used
|
||||
# for bootstrapping a Keystone installation, or otherwise
|
||||
# bypassing the normal authentication process. (string value)
|
||||
|
@ -788,21 +1095,26 @@ admin_tenant_name=<%= node["openstack"]["orchestration"]["service_tenant_name"]
|
|||
|
||||
# Directory used to cache files related to PKI tokens (string
|
||||
# value)
|
||||
signing_dir=<%= node["openstack"]["orchestration"]["api"]["auth"]["cache_dir"] %>
|
||||
#signing_dir=<None>
|
||||
|
||||
# If defined, the memcache server(s) to use for caching (list
|
||||
# value)
|
||||
# Optionally specify a list of memcached server(s) to use for
|
||||
# caching. If left undefined, tokens will instead be cached
|
||||
# in-process. (list value)
|
||||
# Deprecated group/name - [DEFAULT]/memcache_servers
|
||||
#memcached_servers=<None>
|
||||
|
||||
# In order to prevent excessive requests and validations, the
|
||||
# middleware uses an in-memory cache for the tokens the
|
||||
# Keystone API returns. This is only valid if memcache_servers
|
||||
# is defined. Set to -1 to disable caching completely.
|
||||
# (integer value)
|
||||
# In order to prevent excessive effort spent validating
|
||||
# tokens, the middleware caches previously-seen tokens for a
|
||||
# configurable duration (in seconds). Set to -1 to disable
|
||||
# caching completely. (integer value)
|
||||
#token_cache_time=300
|
||||
|
||||
# Value only used for unit testing (integer value)
|
||||
#revocation_cache_time=1
|
||||
# Determines the frequency at which the list of revoked tokens
|
||||
# is retrieved from the Identity service (in seconds). A high
|
||||
# number of revocation events combined with a low cache
|
||||
# duration may significantly reduce performance. (integer
|
||||
# value)
|
||||
#revocation_cache_time=300
|
||||
|
||||
# (optional) if defined, indicate whether token data should be
|
||||
# authenticated or authenticated and encrypted. Acceptable
|
||||
|
@ -818,30 +1130,22 @@ signing_dir=<%= node["openstack"]["orchestration"]["api"]["auth"]["cache_dir"] %
|
|||
# value)
|
||||
#memcache_secret_key=<None>
|
||||
|
||||
# (optional) indicate whether to set the X-Service-Catalog
|
||||
# header. If False, middleware will not ask for service
|
||||
# catalog on token validation and will not set the X-Service-
|
||||
# Catalog header. (boolean value)
|
||||
#include_service_catalog=true
|
||||
|
||||
[auth_password]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# Allow orchestration of multiple clouds (boolean value)
|
||||
#multi_cloud=false
|
||||
|
||||
# Allowed keystone endpoints for auth_uri when multi_cloud is
|
||||
# enabled. At least one endpoint needs to be specified. (list
|
||||
# Used to control the use and type of token binding. Can be
|
||||
# set to: "disabled" to not check token binding. "permissive"
|
||||
# (default) to validate binding information if the bind type
|
||||
# is of a form known to the server and ignore it if not.
|
||||
# "strict" like "permissive" but if the bind type is unknown
|
||||
# the token will be rejected. "required" any form of token
|
||||
# binding is needed to be allowed. Finally the name of a
|
||||
# binding method that must be present in tokens. (string
|
||||
# value)
|
||||
#allowed_auth_uris=
|
||||
|
||||
|
||||
[matchmaker_ring]
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.rpc.matchmaker_ring
|
||||
#
|
||||
|
||||
# Matchmaker ring file (JSON) (string value)
|
||||
#ringfile=/etc/oslo/matchmaker_ring.json
|
||||
#enforce_token_bind=permissive
|
||||
|
||||
|
||||
[matchmaker_redis]
|
||||
|
@ -860,3 +1164,67 @@ signing_dir=<%= node["openstack"]["orchestration"]["api"]["auth"]["cache_dir"] %
|
|||
#password=<None>
|
||||
|
||||
|
||||
[matchmaker_ring]
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.rpc.matchmaker_ring
|
||||
#
|
||||
|
||||
# Matchmaker ring file (JSON) (string value)
|
||||
# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
|
||||
#ringfile=/etc/oslo/matchmaker_ring.json
|
||||
|
||||
|
||||
[paste_deploy]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# The flavor to use. (string value)
|
||||
#flavor=<None>
|
||||
|
||||
# The API paste config file to use. (string value)
|
||||
#api_paste_config=api-paste.ini
|
||||
|
||||
|
||||
[revision]
|
||||
|
||||
#
|
||||
# Options defined in heat.common.config
|
||||
#
|
||||
|
||||
# Heat build revision. If you would prefer to manage your
|
||||
# build revision separately, you can move this section to a
|
||||
# different file and add it as another config option. (string
|
||||
# value)
|
||||
#heat_revision=unknown
|
||||
|
||||
|
||||
[rpc_notifier2]
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.notifier.rpc_notifier2
|
||||
#
|
||||
|
||||
# AMQP topic(s) used for OpenStack notifications (list value)
|
||||
#topics=notifications
|
||||
|
||||
|
||||
[ssl]
|
||||
|
||||
#
|
||||
# Options defined in heat.openstack.common.sslutils
|
||||
#
|
||||
|
||||
# CA certificate file to use to verify connecting clients
|
||||
# (string value)
|
||||
#ca_file=<None>
|
||||
|
||||
# Certificate file to use when starting the server securely
|
||||
# (string value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Private key file to use when starting the server securely
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
|
Loading…
Reference in New Issue