<%= node["openstack"]["orchestration"]["custom_template_banner"] %> [DEFAULT] # # Options defined in heat.api.middleware.ssl # # The HTTP Header that will be used to determine which the # original request protocol scheme was, even if it was removed # by an SSL terminator proxy. (string value) #secure_proxy_ssl_header=X-Forwarded-Proto # # Options defined in heat.common.config # # Name of the engine node. This can be an opaque identifier. # It is not necessarily a hostname, FQDN, or IP address. # (string value) #host=heat # # Options defined in heat.common.config # # The default user for new instances. This option is # deprecated and will be removed in the Juno release. If it's # empty, Heat will use the default user set up with your cloud # image (for OS::Nova::Server) or 'ec2-user' (for # AWS::EC2::Instance). (string value) #instance_user=ec2-user # List of directories to search for plug-ins. (list value) #plugin_dirs=/usr/lib64/heat,/usr/lib/heat,/usr/local/lib/heat,/usr/local/lib64/heat # The directory to search for environment files. (string # value) #environment_dir=/etc/heat/environment.d # Select deferred auth method, stored password or trusts. # (string value) <% if node['openstack']['orchestration']['deferred_auth_method'] -%> deferred_auth_method=<%= node['openstack']['orchestration']['deferred_auth_method'] %> <% end -%> # Subset of trustor roles to be delegated to heat. (list # value) #trusts_delegated_roles=heat_stack_owner # Maximum resources allowed per top-level stack. (integer # value) #max_resources_per_stack=1000 # Maximum number of stacks any one tenant may have active at # one time. (integer value) #max_stacks_per_tenant=100 # Number of times to retry to bring a resource to a non-error state. Set to 0 # to disable retries. (integer value) #action_retry_limit=5 # Controls how many events will be pruned whenever a stack's # events exceed max_events_per_stack. Set this lower to keep # more events at the expense of more frequent purges. (integer # value) #event_purge_batch_size=10 # Maximum events that will be available per stack. Older # events will be deleted when this is reached. Set to 0 for # unlimited events per stack. (integer value) #max_events_per_stack=1000 # Timeout in seconds for stack action (ie. create or update). # (integer value) #stack_action_timeout=3600 # Error wait time in seconds for stack action (ie. create or update). (integer # value) #error_wait_time=240 # RPC timeout for the engine liveness check that is used for # stack locking. (integer value) #engine_life_check_timeout=2 # Enable the legacy OS::Heat::CWLiteAlarm resource. (boolean value) #enable_cloud_watch_lite=true # Enable the preview Stack Abandon feature. (boolean value) #enable_stack_abandon=false # Enable the preview Stack Adopt feature. (boolean value) #enable_stack_adopt=false # Enables engine with convergence architecture. All stacks with this option # will be created using convergence engine . (boolean value) #convergence_engine=false # Template default for how the server should receive the metadata required for # software configuration. POLL_SERVER_CFN will allow calls to the cfn API # action DescribeStackResource authenticated with the provided keypair # (requires enabled heat-api-cfn). POLL_SERVER_HEAT will allow calls to the # Heat API resource-show using the provided keystone credentials (requires # keystone v3 API, and configured stack_user_* config options). POLL_TEMP_URL # will create and populate a Swift TempURL with metadata for polling (requires # object-store endpoint which supports TempURL). (string value) # Allowed values: POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL #default_software_config_transport=POLL_SERVER_CFN # Template default for how the server should signal to heat with the deployment # output values. CFN_SIGNAL will allow an HTTP POST to a CFN keypair signed URL # (requires enabled heat-api-cfn). TEMP_URL_SIGNAL will create a Swift TempURL # to be signaled via HTTP PUT (requires object-store endpoint which supports # TempURL). HEAT_SIGNAL will allow calls to the Heat API resource-signal using # the provided keystone credentials (string value) # Allowed values: CFN_SIGNAL, TEMP_URL_SIGNAL, HEAT_SIGNAL #default_deployment_signal_transport=CFN_SIGNAL # When this feature is enabled, scheduler hints identifying the heat stack # context of a server resource are passed to the configured schedulers in nova, # for server creates done using heat resource types OS::Nova::Server and # AWS::EC2::Instance. heat_root_stack_id will be set to the id of the root # stack of the resource, heat_stack_id will be set to the id of the resource's # parent stack, heat_stack_name will be set to the name of the resource's # parent stack, heat_path_in_stack will be set to a list of tuples, # (stackresourcename, stackname) with list[0] being (None, rootstackname), and # heat_resource_name will be set to the resource's name. (boolean value) stack_scheduler_hints=<%= node["openstack"]["orchestration"]["stack_scheduler_hints"] %> # # Options defined in heat.common.config # # Seconds between running periodic tasks. (integer value) #periodic_interval=60 # URL of the Heat metadata server. (string value) heat_metadata_server_url=<%= @heat_api_cfn_endpoint.scheme %>://<%= @heat_api_cfn_endpoint.host %>:<%= @heat_api_cfn_endpoint.port %> # URL of the Heat waitcondition server. (string value) heat_waitcondition_server_url=<%= @heat_api_cfn_endpoint.scheme %>://<%= @heat_api_cfn_endpoint.host %>:<%= @heat_api_cfn_endpoint.port %><%= @heat_api_cfn_endpoint.path %>/waitcondition # URL of the Heat CloudWatch server. (string value) heat_watch_server_url=<%= @heat_api_cloudwatch_endpoint.scheme %>://<%= @heat_api_cloudwatch_endpoint.host %>:<%= @heat_api_cloudwatch_endpoint.port %> # Instance connection to CFN/CW API via https. (string value) #instance_connection_is_secure=0 # Instance connection to CFN/CW API validate certs if SSL is # used. (string value) #instance_connection_https_validate_certificates=1 # Default region name used to get services endpoints. (string # value) region_name_for_services=<%= node['openstack']['orchestration']['region'] %> # Keystone role for heat template-defined users. (string # value) <% if node['openstack']['orchestration']['heat_stack_user_role'] -%> heat_stack_user_role=<%= node['openstack']['orchestration']['heat_stack_user_role'] %> <% end -%> # Keystone domain ID which contains heat template-defined # users. If this option is set, stack_user_domain_name option # will be ignored. (string value) # Deprecated group/name - [DEFAULT]/stack_user_domain_id <% if node['openstack']['orchestration']['stack_user_domain_id'] -%> stack_user_domain_id=<%= node['openstack']['orchestration']['stack_user_domain_id'] %> <% end -%> # Keystone domain name which contains heat template-defined # users. If `stack_user_domain_id` option is set, this option # is ignored. (string value) <% if node['openstack']['orchestration']['stack_user_domain_name'] -%> stack_user_domain_name=<%= node['openstack']['orchestration']['stack_user_domain_name'] %> <% end -%> # Keystone username, a user with roles sufficient to manage # users and projects in the stack_user_domain. (string value) <% if node['openstack']['orchestration']['stack_domain_admin'] -%> stack_domain_admin=<%= node['openstack']['orchestration']['stack_domain_admin'] %> <% end -%> # Keystone password for stack_domain_admin user. (string # value) <% if @stack_domain_admin_password -%> stack_domain_admin_password=<%= @stack_domain_admin_password %> <% end -%> # Maximum raw byte size of any template. (integer value) #max_template_size=524288 # Maximum depth allowed when using nested stacks. (integer # value) #max_nested_stack_depth=5 # Number of heat-engine processes to fork and run. (integer # value) <% if node['openstack']['orchestration']['num_engine_workers'] -%> num_engine_workers=<%= node['openstack']['orchestration']['num_engine_workers'] %> <% end -%> # # Options defined in heat.common.crypt # # Encryption key used for authentication info in database. # (string value) auth_encryption_key=<%= @auth_encryption_key %> # # Options defined in heat.common.heat_keystoneclient # # Fully qualified class name to use as a keystone backend. # (string value) #keystone_backend=heat.common.heat_keystoneclient.KeystoneClientV3 # # Options defined in heat.common.wsgi # # Maximum raw byte size of JSON request body. Should be larger # than max_template_size. (integer value) #max_json_body_size=1048576 # # Options defined in heat.engine.clients # # Fully qualified class name to use as a client backend. # (string value) #cloud_backend=heat.engine.clients.OpenStackClients # # Options defined in oslo.messaging # # Use durable queues in amqp. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_durable_queues amqp_durable_queues=<%= node['openstack']['mq']['orchestration']['durable_queues'] %> # Auto-delete queues in amqp. (boolean value) amqp_auto_delete=<%= node['openstack']['mq']['orchestration']['auto_delete'] %> # Size of RPC connection pool. (integer value) rpc_conn_pool_size=<%= node["openstack"]["orchestration"]["rpc_conn_pool_size"] %> # Modules of exceptions that are permitted to be recreated # upon receiving exception data from an rpc call. (list value) #allowed_rpc_exception_modules=oslo.messaging.exceptions,nova.exception,cinder.exception,exceptions # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) #rpc_zmq_bind_address=* # MatchMaker driver. (string value) #rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) #rpc_zmq_port=9501 # Number of ZeroMQ contexts, defaults to 1. (integer value) #rpc_zmq_contexts=1 # Maximum number of ingress messages to locally buffer per # topic. Default is unlimited. (integer value) #rpc_zmq_topic_backlog= # Directory for holding IPC sockets. (string value) #rpc_zmq_ipc_dir=/var/run/openstack # Name of this node. Must be a valid hostname, FQDN, or IP # address. Must match "host" option, if running Nova. (string # value) #rpc_zmq_host=heat # Seconds to wait before a cast expires (TTL). Only supported # by impl_zmq. (integer value) #rpc_cast_timeout=30 # Heartbeat frequency. (integer value) #matchmaker_heartbeat_freq=300 # Heartbeat time-to-live. (integer value) #matchmaker_heartbeat_ttl=600 # Size of RPC greenthread pool. (integer value) rpc_thread_pool_size=<%= node["openstack"]["orchestration"]["rpc_thread_pool_size"] %> # Driver or drivers to handle sending notifications. (multi # valued) notification_driver = <%= node['openstack']['orchestration']['notification_driver'] %> # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics notification_topics = <%= node['openstack']['orchestration']['notification_topics'] %> # Seconds to wait for a response from a call. (integer value) rpc_response_timeout=<%= node["openstack"]["orchestration"]["rpc_response_timeout"] %> # A URL representing the messaging driver to use and its full # configuration. If not set, we fall back to the rpc_backend # option and driver specific configuration. (string value) #transport_url= # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) <% if @mq_service_type == "qpid" %> rpc_backend=heat.openstack.common.rpc.impl_qpid <% end -%> # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the # transport_url option. (string value) #control_exchange=openstack # # Options defined in heat.engine.notification # # Default notification level for outgoing notifications # (string value) default_notification_level = <%= node['openstack']['orchestration']['default_notification_level'] %> # Default publisher_id for outgoing notifications (string # value) default_publisher_id = <%= node['openstack']['orchestration']['default_publisher_id'] %> # List of drivers to send notifications (DEPRECATED) (multi # valued) list_notifier_drivers = <%= node['openstack']['orchestration']['list_notifier_drivers'] %> # # Options defined in heat.engine.resources.loadbalancer # # Custom template for the built-in loadbalancer nested stack. # (string value) #loadbalancer_template= # # Options defined in heat.openstack.common.eventlet_backdoor # # Enable eventlet backdoor. Acceptable values are 0, , # and :, where 0 results in listening on a random # tcp port number; results in listening on the # specified port number (and not enabling backdoor if that # port is in use); and : results in listening on # the smallest unused port number within the specified range # of port numbers. The chosen port is displayed in the # service's log file. (string value) #backdoor_port= # # Options defined in heat.openstack.common.lockutils # # Enables or disables inter-process locks. (boolean value) #disable_process_locking=false # Directory to use for lock files. (string value) #lock_path= # # Options defined in heat.openstack.common.log # # Print debugging output (set logging level to DEBUG instead # of default WARNING level). (boolean value) debug=<%= node["openstack"]["orchestration"]["debug"] %> # Print more verbose output (set logging level to INFO instead # of default WARNING level). (boolean value) verbose=<%= node["openstack"]["orchestration"]["verbose"] %> # Log output to standard error. (boolean value) #use_stderr=true # Format string to use for log messages with context. (string # value) #logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s # Format string to use for log messages without context. # (string value) #logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s # Data to append to log format when level is DEBUG. (string # value) #logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d # Prefix each line of exception output with this format. # (string value) #logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s # List of logger=LEVEL pairs. (list value) #default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN # Enables or disables publication of error events. (boolean # value) #publish_errors=false # Enables or disables fatal status of deprecations. (boolean # value) #fatal_deprecations=false # The format for an instance that is passed with the log # message. (string value) #instance_format="[instance: %(uuid)s] " # The format for an instance UUID that is passed with the log # message. (string value) #instance_uuid_format="[instance: %(uuid)s] " # The name of a logging configuration file. This file is # appended to any existing logging configuration files. For # details about logging configuration files, see the Python # logging module documentation. (string value) # Deprecated group/name - [DEFAULT]/log_config <% if node["openstack"]["orchestration"]["syslog"]["use"] %> log_config = /etc/openstack/logging.conf <% end %> # DEPRECATED. A logging.Formatter log message format string # which may use any of the available logging.LogRecord # attributes. This option is deprecated. Please use # logging_context_format_string and # logging_default_format_string instead. (string value) #log_format= # Format string for %%(asctime)s in log records. Default: # %(default)s . (string value) #log_date_format=%Y-%m-%d %H:%M:%S # (Optional) Name of log file to output to. If no default is # set, logging will go to stdout. (string value) # Deprecated group/name - [DEFAULT]/logfile #log_file= # (Optional) The base directory used for relative --log-file # paths. (string value) # Deprecated group/name - [DEFAULT]/logdir log_dir=<%= node["openstack"]["orchestration"]["log_dir"] %> # Use syslog for logging. Existing syslog format is DEPRECATED # during I, and will change in J to honor RFC5424. (boolean # value) #use_syslog=false # (Optional) Enables or disables syslog rfc5424 format for # logging. If enabled, prefixes the MSG part of the syslog # message with APP-NAME (RFC5424). The format without the APP- # NAME is deprecated in I, and will be removed in J. (boolean # value) #use_syslog_rfc_format=false # Syslog facility to receive log lines. (string value) #syslog_log_facility=LOG_USER # # Options defined in heat.openstack.common.policy # # The JSON file that defines policies. (string value) #policy_file=policy.json # Default rule. Enforced when a requested rule is not found. # (string value) #policy_default_rule=default <% if node["openstack"]["orchestration"]["misc_heat"] %> ##### THIRD PARTY ADDITIONS ##### <% node["openstack"]["orchestration"]["misc_heat"].each do |m| %> <%= m %> <% end %> <% end %> [auth_password] # # Options defined in heat.common.config # # Allow orchestration of multiple clouds. (boolean value) #multi_cloud=false # Allowed keystone endpoints for auth_uri when multi_cloud is # enabled. At least one endpoint needs to be specified. (list # value) #allowed_auth_uris= [clients] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) <% if node['openstack']['orchestration']['clients']['ca_file'] -%> ca_file=<%= node['openstack']['orchestration']['clients']['ca_file'] %> <% end -%> # Optional PEM-formatted certificate chain file. (string # value) <% if node['openstack']['orchestration']['clients']['cert_file'] -%> cert_file=<%= node['openstack']['orchestration']['clients']['cert_file'] %> <% end -%> # Optional PEM-formatted file that contains the private key. # (string value) <% if node['openstack']['orchestration']['clients']['key_file'] -%> key_file=<%= node['openstack']['orchestration']['clients']['key_file'] %> <% end -%> # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false insecure=<%= node['openstack']['orchestration']['clients']['insecure'] %> [clients_ceilometer] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) <% if node['openstack']['orchestration']['clients_ceilometer']['ca_file'] -%> ca_file=<%= node['openstack']['orchestration']['clients_ceilometer']['ca_file'] %> <% end -%> # Optional PEM-formatted certificate chain file. (string # value) <% if node['openstack']['orchestration']['clients_ceilometer']['cert_file'] -%> cert_file=<%= node['openstack']['orchestration']['clients_ceilometer']['cert_file'] %> <% end -%> # Optional PEM-formatted file that contains the private key. # (string value) <% if node['openstack']['orchestration']['clients_ceilometer']['key_file'] -%> key_file=<%= node['openstack']['orchestration']['clients_ceilometer']['key_file'] %> <% end -%> # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false insecure=<%= node['openstack']['orchestration']['clients_ceilometer']['insecure'] %> [clients_cinder] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) <% if node['openstack']['orchestration']['clients_cinder']['ca_file'] -%> ca_file=<%= node['openstack']['orchestration']['clients_cinder']['ca_file'] %> <% end -%> # Optional PEM-formatted certificate chain file. (string # value) <% if node['openstack']['orchestration']['clients_cinder']['cert_file'] -%> cert_file=<%= node['openstack']['orchestration']['clients_cinder']['cert_file'] %> <% end -%> # Optional PEM-formatted file that contains the private key. # (string value) <% if node['openstack']['orchestration']['clients_cinder']['key_file'] -%> key_file=<%= node['openstack']['orchestration']['clients_cinder']['key_file'] %> <% end -%> # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false insecure=<%= node['openstack']['orchestration']['clients_cinder']['insecure'] %> [clients_glance] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) <% if node['openstack']['orchestration']['clients_glance']['ca_file'] -%> ca_file=<%= node['openstack']['orchestration']['clients_glance']['ca_file'] %> <% end -%> # Optional PEM-formatted certificate chain file. (string # value) <% if node['openstack']['orchestration']['clients_glance']['cert_file'] -%> cert_file=<%= node['openstack']['orchestration']['clients_glance']['cert_file'] %> <% end -%> # Optional PEM-formatted file that contains the private key. # (string value) <% if node['openstack']['orchestration']['clients_glance']['key_file'] -%> key_file=<%= node['openstack']['orchestration']['clients_glance']['key_file'] %> <% end -%> # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false insecure=<%= node['openstack']['orchestration']['clients_glance']['insecure'] %> [clients_heat] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) <% if node['openstack']['orchestration']['clients_heat']['ca_file'] -%> ca_file=<%= node['openstack']['orchestration']['clients_heat']['ca_file'] %> <% end -%> # Optional PEM-formatted certificate chain file. (string # value) <% if node['openstack']['orchestration']['clients_heat']['cert_file'] -%> cert_file=<%= node['openstack']['orchestration']['clients_heat']['cert_file'] %> <% end -%> # Optional PEM-formatted file that contains the private key. # (string value) <% if node['openstack']['orchestration']['clients_heat']['key_file'] -%> key_file=<%= node['openstack']['orchestration']['clients_heat']['key_file'] %> <% end -%> # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false insecure=<%= node['openstack']['orchestration']['clients_heat']['insecure'] %> # # Options defined in heat.common.config # # Optional heat url in format like # http://0.0.0.0:8004/v1/%(tenant_id)s. (string value) #url= [clients_keystone] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) <% if node['openstack']['orchestration']['clients_keystone']['ca_file'] -%> ca_file=<%= node['openstack']['orchestration']['clients_keystone']['ca_file'] %> <% end -%> # Optional PEM-formatted certificate chain file. (string # value) <% if node['openstack']['orchestration']['clients_keystone']['cert_file'] -%> cert_file=<%= node['openstack']['orchestration']['clients_keystone']['cert_file'] %> <% end -%> # Optional PEM-formatted file that contains the private key. # (string value) <% if node['openstack']['orchestration']['clients_keystone']['key_file'] -%> key_file=<%= node['openstack']['orchestration']['clients_keystone']['key_file'] %> <% end -%> # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false insecure=<%= node['openstack']['orchestration']['clients_keystone']['insecure'] %> [clients_neutron] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) <% if node['openstack']['orchestration']['clients_neutron']['ca_file'] -%> ca_file=<%= node['openstack']['orchestration']['clients_neutron']['ca_file'] %> <% end -%> # Optional PEM-formatted certificate chain file. (string # value) <% if node['openstack']['orchestration']['clients_neutron']['cert_file'] -%> cert_file=<%= node['openstack']['orchestration']['clients_neutron']['cert_file'] %> <% end -%> # Optional PEM-formatted file that contains the private key. # (string value) <% if node['openstack']['orchestration']['clients_neutron']['key_file'] -%> key_file=<%= node['openstack']['orchestration']['clients_neutron']['key_file'] %> <% end -%> # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false insecure=<%= node['openstack']['orchestration']['clients_neutron']['insecure'] %> [clients_nova] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) <% if node['openstack']['orchestration']['clients_nova']['ca_file'] -%> ca_file=<%= node['openstack']['orchestration']['clients_nova']['ca_file'] %> <% end -%> # Optional PEM-formatted certificate chain file. (string # value) <% if node['openstack']['orchestration']['clients_nova']['cert_file'] -%> cert_file=<%= node['openstack']['orchestration']['clients_nova']['cert_file'] %> <% end -%> # Optional PEM-formatted file that contains the private key. # (string value) <% if node['openstack']['orchestration']['clients_nova']['key_file'] -%> key_file=<%= node['openstack']['orchestration']['clients_nova']['key_file'] %> <% end -%> # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false insecure=<%= node['openstack']['orchestration']['clients_nova']['insecure'] %> # # Options defined in heat.common.config # # Allow client's debug log output. (boolean value) #http_log_debug=false [clients_swift] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false [clients_trove] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false [database] # # Options defined in oslo.db # # The file name to use with SQLite. (string value) #sqlite_db=oslo.sqlite # If True, SQLite uses synchronous mode. (boolean value) #sqlite_synchronous=true # The back end to use for the database. (string value) # Deprecated group/name - [DEFAULT]/db_backend #backend=sqlalchemy # The SQLAlchemy connection string to use to connect to the # database. (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection connection=<%= @sql_connection %> # The SQLAlchemy connection string to use to connect to the # slave database. (string value) #slave_connection= # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To # use whatever SQL mode is set by the server configuration, # set this to no value. Example: mysql_sql_mode= (string # value) #mysql_sql_mode=TRADITIONAL # Timeout before idle SQL connections are reaped. (integer # value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout #idle_timeout=3600 # Minimum number of SQL connections to keep open in a pool. # (integer value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size #min_pool_size=1 # Maximum number of SQL connections to keep open in a pool. # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size= # Maximum db connection retries during startup. Set to -1 to # specify an infinite retry count. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries=10 # Interval between retries of opening a SQL connection. # (integer value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval #retry_interval=10 # If set, use this value for max_overflow with SQLAlchemy. # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow #max_overflow= # Verbosity of SQL debugging information: 0=None, # 100=Everything. (integer value) # Deprecated group/name - [DEFAULT]/sql_connection_debug #connection_debug=0 # Add Python stack traces to SQL as comment strings. (boolean # value) # Deprecated group/name - [DEFAULT]/sql_connection_trace #connection_trace=false # If set, use this value for pool_timeout with SQLAlchemy. # (integer value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout #pool_timeout= # Enable the experimental use of database reconnect on # connection lost. (boolean value) #use_db_reconnect=false # Seconds between database connection retries. (integer value) #db_retry_interval=1 # If True, increases the interval between database connection # retries up to db_max_retry_interval. (boolean value) #db_inc_retry_interval=true # If db_inc_retry_interval is set, the maximum seconds between # database connection retries. (integer value) #db_max_retry_interval=10 # Maximum database connection retries before error is raised. # Set to -1 to specify an infinite retry count. (integer # value) #db_max_retries=20 [ec2authtoken] # # Options defined in heat.api.aws.ec2token # # Authentication Endpoint URI. (string value) auth_uri=<%= @ec2_auth_uri %> # Allow orchestration of multiple clouds. (boolean value) #multi_cloud=false # Allowed keystone endpoints for auth_uri when multi_cloud is # enabled. At least one endpoint needs to be specified. (list # value) #allowed_auth_uris= [heat_api] # # Options defined in heat.common.wsgi # # Address to bind the server. Useful when selecting a # particular network interface. (string value) bind_host=<%= @heat_api_bind.host %> # The port on which the server will listen. (integer value) bind_port=<%= @heat_api_bind.port %> # Number of backlog requests to configure the socket with. # (integer value) #backlog=4096 # Location of the SSL certificate file to use for SSL mode. # (string value) #cert_file= # Location of the SSL key file to use for enabling SSL mode. # (string value) #key_file= # Number of workers for Heat service. (integer value) workers=<%= node['openstack']['orchestration']['api']['workers'] %> # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large # tokens (typically those generated by the Keystone v3 API # with big service catalogs). (integer value) #max_header_line=16384 [heat_api_cfn] # # Options defined in heat.common.wsgi # # Address to bind the server. Useful when selecting a # particular network interface. (string value) bind_host=<%= @heat_api_cfn_bind.host %> # The port on which the server will listen. (integer value) bind_port=<%= @heat_api_cfn_bind.port %> # Number of backlog requests to configure the socket with. # (integer value) #backlog=4096 # Location of the SSL certificate file to use for SSL mode. # (string value) #cert_file= # Location of the SSL key file to use for enabling SSL mode. # (string value) #key_file= # Number of workers for Heat service. (integer value) workers=<%= node['openstack']['orchestration']['api_cfn']['workers'] %> # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large # tokens (typically those generated by the Keystone v3 API # with big service catalogs). (integer value) #max_header_line=16384 [heat_api_cloudwatch] # # Options defined in heat.common.wsgi # # Address to bind the server. Useful when selecting a # particular network interface. (string value) bind_host=<%= @heat_api_cloudwatch_bind.host %> # The port on which the server will listen. (integer value) bind_port=<%= @heat_api_cloudwatch_bind.port %> # Number of backlog requests to configure the socket with. # (integer value) #backlog=4096 # Location of the SSL certificate file to use for SSL mode. # (string value) #cert_file= # Location of the SSL key file to use for enabling SSL mode. # (string value) #key_file= # Number of workers for Heat service. (integer value) workers=<%= node['openstack']['orchestration']['api_cloudwatch']['workers'] %> # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large # tokens (typically those generated by the Keystone v3 API # with big service catalogs.) (integer value) #max_header_line=16384 [keystone_authtoken] # # Options defined in keystoneclient.middleware.auth_token # # Complete public Identity API endpoint (string value) auth_uri=<%= @auth_uri %> # Complete admin Identity API endpoint. This should specify # the unversioned root endpoint e.g. https://localhost:35357/ # (string value) identity_uri=<%= @identity_uri %> # API version of the admin Identity API endpoint (string # value) auth_version=<%= node["openstack"]["orchestration"]["api"]["auth"]["version"] %> # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI # components (boolean value) #delay_auth_decision=false # Request timeout value for communicating with Identity API # server. (boolean value) #http_connect_timeout= # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries=3 # This option is deprecated and may be removed in a future # release. Single shared secret with the Keystone # configuration used for bootstrapping a Keystone # installation, or otherwise bypassing the normal # authentication process. This option should not be used, use # `admin_user` and `admin_password` instead. (string value) #admin_token= # Keystone account username (string value) admin_user=<%= node["openstack"]["orchestration"]["service_user"] %> # Keystone account password (string value) admin_password=<%= @service_pass %> # Keystone service account tenant name to validate user tokens # (string value) admin_tenant_name=<%= node["openstack"]["orchestration"]["service_tenant_name"] %> # Env key for the swift cache (string value) #cache= # Required if Keystone server requires client certificate # (string value) #certfile= # Required if Keystone server requires client certificate # (string value) #keyfile= # A PEM encoded Certificate Authority to use when verifying # HTTPs connections. Defaults to system CAs. (string value) #cafile= <% unless node['openstack']['orchestration']['api']['auth']['cafile'].nil? %> cafile=<%= node['openstack']['orchestration']['api']['auth']['cafile'] %> <% end %> # Verify HTTPS connections. (boolean value) #insecure=false insecure=<%= node['openstack']['orchestration']['api']['auth']['insecure'] %> # Directory used to cache files related to PKI tokens (string # value) signing_dir=<%= node['openstack']['orchestration']['api']['auth']['cache_dir'] %> # Optionally specify a list of memcached server(s) to use for # caching. If left undefined, tokens will instead be cached # in-process. (list value) # Deprecated group/name - [DEFAULT]/memcache_servers #memcached_servers= <% unless node['openstack']['orchestration']['api']['auth']['memcached_servers'].nil? %> memcached_servers=<%= node['openstack']['orchestration']['api']['auth']['memcached_servers'] %> <% end %> # In order to prevent excessive effort spent validating # tokens, the middleware caches previously-seen tokens for a # configurable duration (in seconds). Set to -1 to disable # caching completely. (integer value) #token_cache_time=300 # Determines the frequency at which the list of revoked tokens # is retrieved from the Identity service (in seconds). A high # number of revocation events combined with a low cache # duration may significantly reduce performance. (integer # value) #revocation_cache_time=10 # (optional) if defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable # values are MAC or ENCRYPT. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token # data is encrypted and authenticated in the cache. If the # value is not one of these options or empty, auth_token will # raise an exception on initialization. (string value) #memcache_security_strategy= <% unless node['openstack']['orchestration']['api']['auth']['memcache_security_strategy'].nil? %> memcache_security_strategy=<%= node['openstack']['orchestration']['api']['auth']['memcache_security_strategy'] %> <% end %> # (optional, mandatory if memcache_security_strategy is # defined) this string is used for key derivation. (string # value) #memcache_secret_key= <% unless node['openstack']['orchestration']['api']['auth']['memcache_secret_key'].nil? %> memcache_secret_key=<%= node['openstack']['orchestration']['api']['auth']['memcache_secret_key'] %> <% end %> # (optional) indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) #include_service_catalog=true # Used to control the use and type of token binding. Can be # set to: "disabled" to not check token binding. "permissive" # (default) to validate binding information if the bind type # is of a form known to the server and ignore it if not. # "strict" like "permissive" but if the bind type is unknown # the token will be rejected. "required" any form of token # binding is needed to be allowed. Finally the name of a # binding method that must be present in tokens. (string # value) #enforce_token_bind=permissive # If true, the revocation list will be checked for cached # tokens. This requires that PKI tokens are configured on the # Keystone server. (boolean value) #check_revocations_for_cached=false # Hash algorithms to use for hashing PKI tokens. This may be a # single algorithm or multiple. The algorithms are those # supported by Python standard hashlib.new(). The hashes will # be tried in the order given, so put the preferred one first # for performance. The result of the first hash will be stored # in the cache. This will typically be set to multiple values # only while migrating from a less secure algorithm to a more # secure one. Once all the old tokens are expired this option # should be set to a single value for better performance. # (list value) #hash_algorithms=md5 hash_algorithms=<%= node['openstack']['orchestration']['api']['auth']['hash_algorithms'] %> [oslo_messaging_amqp] # # From oslo.messaging # # address prefix used when sending to a specific server (string value) # Deprecated group/name - [amqp1]/server_request_prefix #server_request_prefix = exclusive # address prefix used when broadcasting to all servers (string value) # Deprecated group/name - [amqp1]/broadcast_prefix #broadcast_prefix = broadcast # address prefix when sending to any server in group (string value) # Deprecated group/name - [amqp1]/group_request_prefix #group_request_prefix = unicast # Name for the AMQP container (string value) # Deprecated group/name - [amqp1]/container_name #container_name = # Timeout for inactive connections (in seconds) (integer value) # Deprecated group/name - [amqp1]/idle_timeout #idle_timeout = 0 # Debug: dump AMQP frames to stdout (boolean value) # Deprecated group/name - [amqp1]/trace #trace = false # CA certificate PEM file for verifing server certificate (string value) # Deprecated group/name - [amqp1]/ssl_ca_file #ssl_ca_file = # Identifying certificate PEM file to present to clients (string value) # Deprecated group/name - [amqp1]/ssl_cert_file #ssl_cert_file = # Private key PEM file used to sign cert_file certificate (string value) # Deprecated group/name - [amqp1]/ssl_key_file #ssl_key_file = # Password for decrypting ssl_key_file (if encrypted) (string value) # Deprecated group/name - [amqp1]/ssl_key_password #ssl_key_password = # Accept clients using either SSL or plain TCP (boolean value) # Deprecated group/name - [amqp1]/allow_insecure_clients #allow_insecure_clients = false <% if @mq_service_type == "qpid" %> [oslo_messaging_qpid] # Use durable queues in amqp. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_durable_queues amqp_durable_queues=<%= node['openstack']['mq']['orchestration']['durable_queues'] %> # Auto-delete queues in amqp. (boolean value) amqp_auto_delete=<%= node['openstack']['mq']['orchestration']['auto_delete'] %> # Size of RPC connection pool. (integer value) rpc_conn_pool_size=<%= node["openstack"]["orchestration"]["rpc_conn_pool_size"] %> # Qpid broker hostname. (string value) qpid_hostname=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["host"] %> # Qpid broker port. (integer value) qpid_port=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["port"] %> # Qpid HA cluster host:port pairs. (list value) #qpid_hosts=$qpid_hostname:$qpid_port # Username for Qpid connection. (string value) qpid_username=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["username"] %> # Password for Qpid connection. (string value) qpid_password=<%= @mq_password %> # Space separated list of SASL mechanisms to use for auth. # (string value) qpid_sasl_mechanisms=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["sasl_mechanisms"] %> # Seconds between connection keepalive heartbeats. (integer # value) qpid_heartbeat=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["heartbeat"] %> # Transport to use, either 'tcp' or 'ssl'. (string value) qpid_protocol=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["protocol"] %> # Whether to disable the Nagle algorithm. (boolean value) qpid_tcp_nodelay=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["tcp_nodelay"] %> # The qpid topology version to use. Version 1 is what was # originally used by impl_qpid. Version 2 includes some # backwards-incompatible changes that allow broker federation # to work. Users should update to version 2 when they are # able to take everything down, as it requires a clean break. # (integer value) qpid_topology_version=<%= node['openstack']['mq']['orchestration']['qpid']['topology_version'] %> qpid_reconnect_timeout=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_timeout"] %> qpid_reconnect_limit=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_limit"] %> qpid_reconnect_interval_min=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_interval_min"] %> qpid_reconnect_interval_max=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_interval_max"] %> qpid_reconnect_interval=<%= node["openstack"]["mq"]["orchestration"]["qpid"]["reconnect_interval"] %> <% end -%> <% if @mq_service_type == "rabbitmq" %> [oslo_messaging_rabbit] # Number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat) heartbeat_timeout_threshold=<%= node['openstack']['mq']['orchestration']['rabbit']['heartbeat_timeout_threshold'] %> # How often times during the heartbeat_timeout_threshold we check the heartbeat heartbeat_rate=<%= node['openstack']['mq']['orchestration']['rabbit']['heartbeat_rate'] %> # Use durable queues in amqp. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_durable_queues amqp_durable_queues=<%= node['openstack']['mq']['orchestration']['durable_queues'] %> # Auto-delete queues in amqp. (boolean value) amqp_auto_delete=<%= node['openstack']['mq']['orchestration']['auto_delete'] %> # Size of RPC connection pool. (integer value) rpc_conn_pool_size=<%= node["openstack"]["orchestration"]["rpc_conn_pool_size"] %> <% if node['openstack']['mq']['orchestration']['rabbit']['use_ssl'] -%> # Connect over SSL for RabbitMQ. (boolean value) rabbit_use_ssl=true <% if node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_version'] -%> # SSL version to use (valid only if SSL enabled). valid values # are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on # some distributions. (string value) kombu_ssl_version=<%= node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_version'] %> <% end -%> <% if node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_keyfile'] -%> # SSL key file (valid only if SSL enabled) kombu_ssl_keyfile=<%= node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_keyfile'] %> <% end -%> <% if node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_certfile'] -%> # SSL cert file (valid only if SSL enabled) kombu_ssl_certfile=<%= node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_certfile'] %> <% end -%> <% if node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_ca_certs'] -%> # SSL certification authority file (valid only if SSL enabled) kombu_ssl_ca_certs=<%= node['openstack']['mq']['orchestration']['rabbit']['kombu_ssl_ca_certs'] %> <% end -%> # How long to wait before reconnecting in response to an AMQP consumer cancel notification kombu_reconnect_delay=<%= node['openstack']['mq']['orchestration']['rabbit']['kombu_reconnect_delay'] %> # How long to wait before considering a reconnect attempt to have failed. # This value should not be longer than rpc_response_timeout kombu_reconnect_timeout=<%= node['openstack']['mq']['orchestration']['rabbit']['kombu_reconnect_timeout'] %> <% end -%> # RabbitMQ HA cluster host:port pairs (list value) <% if node["openstack"]["mq"]["orchestration"]["rabbit"]["ha"] -%> rabbit_hosts=<%= @rabbit_hosts %> # Use HA queues in RabbitMQ (x-ha-policy: all). If you change # this option, you must wipe the RabbitMQ database. (boolean # value) rabbit_ha_queues=True <% else -%> # The RabbitMQ broker address where a single node is used. # (string value) rabbit_host=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["host"] %> # The RabbitMQ broker port where a single node is used. # (integer value) rabbit_port=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["port"] %> # Use HA queues in RabbitMQ (x-ha-policy: all). If you change # this option, you must wipe the RabbitMQ database. (boolean # value) rabbit_ha_queues=False <% end -%> # The RabbitMQ userid. (string value) rabbit_userid=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["userid"] %> # The RabbitMQ password. (string value) rabbit_password=<%= @mq_password %> # the RabbitMQ login method (string value) #rabbit_login_method=AMQPLAIN # The RabbitMQ virtual host. (string value) rabbit_virtual_host=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["vhost"] %> # How frequently to retry connecting with RabbitMQ. (integer # value) rabbit_retry_interval=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["rabbit_retry_interval"] %> # How long to backoff for between retries when connecting to # RabbitMQ. (integer value) #rabbit_retry_backoff=2 # Maximum number of RabbitMQ connection retries. Default is 0 # (infinite retry count). (integer value) rabbit_max_retries=<%= node["openstack"]["mq"]["orchestration"]["rabbit"]["rabbit_max_retries"] %> # Number of seconds after which the Rabbit broker is considered down if # heartbeat's keep-alive fails (0 disable the heartbeat). (integer value) #heartbeat_timeout_threshold = 60 # How often times during the heartbeat_timeout_threshold we check the # heartbeat. (integer value) #heartbeat_rate = 2 # If passed, use a fake RabbitMQ provider. (boolean value) #fake_rabbit=false <% end -%> [matchmaker_redis] # # From oslo.messaging # # Host to locate redis. (string value) #host = 127.0.0.1 # Use this port to connect to redis host. (integer value) #port = 6379 # Password for Redis server (optional). (string value) #password = [matchmaker_ring] # # Options defined in heat.openstack.common.rpc.matchmaker_ring # # Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile #ringfile=/etc/oslo/matchmaker_ring.json [paste_deploy] # # Options defined in heat.common.config # # The flavor to use. (string value) #flavor= # The API paste config file to use. (string value) #api_paste_config=api-paste.ini [revision] # # Options defined in heat.common.config # # Heat build revision. If you would prefer to manage your # build revision separately, you can move this section to a # different file and add it as another config option. (string # value) #heat_revision=unknown