[DEFAULT] # # Options defined in heat.common.config # # Name of the engine node. This can be an opaque identifier. # It is not necessarily a hostname, FQDN, or IP address. # (string value) #host=heat # # Options defined in heat.common.config # # The default user for new instances. This option is # deprecated and will be removed in the Juno release. If it's # empty, Heat will use the default user set up with your cloud # image (for OS::Nova::Server) or 'ec2-user' (for # AWS::EC2::Instance). (string value) #instance_user=ec2-user # Driver to use for controlling instances. (string value) #instance_driver=heat.engine.nova # List of directories to search for plug-ins. (list value) #plugin_dirs=/usr/lib64/heat,/usr/lib/heat # The directory to search for environment files. (string # value) #environment_dir=/etc/heat/environment.d # Select deferred auth method, stored password or trusts. # (string value) #deferred_auth_method=password # Subset of trustor roles to be delegated to heat. If left # unset, all roles of a user will be delegated to heat when # creating a stack. (list value) #trusts_delegated_roles= # Maximum resources allowed per top-level stack. (integer # value) #max_resources_per_stack=1000 # Maximum number of stacks any one tenant may have active at # one time. (integer value) #max_stacks_per_tenant=100 # Number of times to retry to bring a resource to a non-error # state. Set to 0 to disable retries. (integer value) #action_retry_limit=5 # Controls how many events will be pruned whenever a stack's # events exceed max_events_per_stack. Set this lower to keep # more events at the expense of more frequent purges. (integer # value) #event_purge_batch_size=10 # Maximum events that will be available per stack. Older # events will be deleted when this is reached. Set to 0 for # unlimited events per stack. (integer value) #max_events_per_stack=1000 # Timeout in seconds for stack action (ie. create or update). # (integer value) #stack_action_timeout=3600 # Error wait time in seconds for stack action (ie. create or # update). (integer value) #error_wait_time=240 # RPC timeout for the engine liveness check that is used for # stack locking. (integer value) #engine_life_check_timeout=2 # Enable the legacy OS::Heat::CWLiteAlarm resource. (boolean # value) #enable_cloud_watch_lite=true # Enable the preview Stack Abandon feature. (boolean value) #enable_stack_abandon=false # Enable the preview Stack Adopt feature. (boolean value) #enable_stack_adopt=false # Deprecated. (string value) #onready= # # Options defined in heat.common.config # # Seconds between running periodic tasks. (integer value) #periodic_interval=60 # URL of the Heat metadata server. (string value) #heat_metadata_server_url= # URL of the Heat waitcondition server. (string value) #heat_waitcondition_server_url= # URL of the Heat CloudWatch server. (string value) #heat_watch_server_url= # Instance connection to CFN/CW API via https. (string value) #instance_connection_is_secure=0 # Instance connection to CFN/CW API validate certs if SSL is # used. (string value) #instance_connection_https_validate_certificates=1 # Default region name used to get services endpoints. (string # value) #region_name_for_services= # Keystone role for heat template-defined users. (string # value) #heat_stack_user_role=heat_stack_user # Keystone domain ID which contains heat template-defined # users. If this option is set, stack_user_domain_name option # will be ignored. (string value) # Deprecated group/name - [DEFAULT]/stack_user_domain #stack_user_domain_id= # Keystone domain name which contains heat template-defined # users. If `stack_user_domain_id` option is set, this option # is ignored. (string value) #stack_user_domain_name= # Keystone username, a user with roles sufficient to manage # users and projects in the stack_user_domain. (string value) #stack_domain_admin= # Keystone password for stack_domain_admin user. (string # value) #stack_domain_admin_password= # Maximum raw byte size of any template. (integer value) #max_template_size=524288 # Maximum depth allowed when using nested stacks. (integer # value) #max_nested_stack_depth=3 # Number of heat-engine processes to fork and run. (integer # value) #num_engine_workers=1 # # Options defined in heat.common.wsgi # # Maximum raw byte size of JSON request body. Should be larger # than max_template_size. (integer value) #max_json_body_size=1048576 # # Options defined in oslo.messaging # # Use durable queues in amqp. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_durable_queues #amqp_durable_queues=false # Auto-delete queues in amqp. (boolean value) #amqp_auto_delete=false # Size of RPC connection pool. (integer value) #rpc_conn_pool_size=30 # Qpid broker hostname. (string value) #qpid_hostname=localhost # Qpid broker port. (integer value) #qpid_port=5672 # Qpid HA cluster host:port pairs. (list value) #qpid_hosts=$qpid_hostname:$qpid_port # Username for Qpid connection. (string value) #qpid_username= # Password for Qpid connection. (string value) #qpid_password= # Space separated list of SASL mechanisms to use for auth. # (string value) #qpid_sasl_mechanisms= # Seconds between connection keepalive heartbeats. (integer # value) #qpid_heartbeat=60 # Transport to use, either 'tcp' or 'ssl'. (string value) #qpid_protocol=tcp # Whether to disable the Nagle algorithm. (boolean value) #qpid_tcp_nodelay=true # The number of prefetched messages held by receiver. (integer # value) #qpid_receiver_capacity=1 # The qpid topology version to use. Version 1 is what was # originally used by impl_qpid. Version 2 includes some # backwards-incompatible changes that allow broker federation # to work. Users should update to version 2 when they are # able to take everything down, as it requires a clean break. # (integer value) #qpid_topology_version=1 # SSL version to use (valid only if SSL enabled). valid values # are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some # distributions. (string value) #kombu_ssl_version= # SSL key file (valid only if SSL enabled). (string value) #kombu_ssl_keyfile= # SSL cert file (valid only if SSL enabled). (string value) #kombu_ssl_certfile= # SSL certification authority file (valid only if SSL # enabled). (string value) #kombu_ssl_ca_certs= # How long to wait before reconnecting in response to an AMQP # consumer cancel notification. (floating point value) #kombu_reconnect_delay=1.0 # The RabbitMQ broker address where a single node is used. # (string value) #rabbit_host=localhost # The RabbitMQ broker port where a single node is used. # (integer value) #rabbit_port=5672 # RabbitMQ HA cluster host:port pairs. (list value) #rabbit_hosts=$rabbit_host:$rabbit_port # Connect over SSL for RabbitMQ. (boolean value) #rabbit_use_ssl=false # The RabbitMQ userid. (string value) #rabbit_userid=guest # The RabbitMQ password. (string value) #rabbit_password=guest # the RabbitMQ login method (string value) #rabbit_login_method=AMQPLAIN # The RabbitMQ virtual host. (string value) #rabbit_virtual_host=/ # How frequently to retry connecting with RabbitMQ. (integer # value) #rabbit_retry_interval=1 # How long to backoff for between retries when connecting to # RabbitMQ. (integer value) #rabbit_retry_backoff=2 # Maximum number of RabbitMQ connection retries. Default is 0 # (infinite retry count). (integer value) #rabbit_max_retries=0 # Use HA queues in RabbitMQ (x-ha-policy: all). If you change # this option, you must wipe the RabbitMQ database. (boolean # value) #rabbit_ha_queues=false # If passed, use a fake RabbitMQ provider. (boolean value) #fake_rabbit=false # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) #rpc_zmq_bind_address=* # MatchMaker driver. (string value) #rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) #rpc_zmq_port=9501 # Number of ZeroMQ contexts, defaults to 1. (integer value) #rpc_zmq_contexts=1 # Maximum number of ingress messages to locally buffer per # topic. Default is unlimited. (integer value) #rpc_zmq_topic_backlog= # Directory for holding IPC sockets. (string value) #rpc_zmq_ipc_dir=/var/run/openstack # Name of this node. Must be a valid hostname, FQDN, or IP # address. Must match "host" option, if running Nova. (string # value) #rpc_zmq_host=heat # Seconds to wait before a cast expires (TTL). Only supported # by impl_zmq. (integer value) #rpc_cast_timeout=30 # Heartbeat frequency. (integer value) #matchmaker_heartbeat_freq=300 # Heartbeat time-to-live. (integer value) #matchmaker_heartbeat_ttl=600 # Size of RPC greenthread pool. (integer value) #rpc_thread_pool_size=64 # Driver or drivers to handle sending notifications. (multi # valued) #notification_driver= # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics #notification_topics=notifications # Seconds to wait for a response from a call. (integer value) #rpc_response_timeout=60 # A URL representing the messaging driver to use and its full # configuration. If not set, we fall back to the rpc_backend # option and driver specific configuration. (string value) #transport_url= # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) #rpc_backend=rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the # transport_url option. (string value) #control_exchange=openstack # # Options defined in heat.api.middleware.ssl # # The HTTP Header that will be used to determine which the # original request protocol scheme was, even if it was removed # by an SSL terminator proxy. (string value) #secure_proxy_ssl_header=X-Forwarded-Proto # # Options defined in heat.common.crypt # # Encryption key used for authentication info in database. # (string value) #auth_encryption_key=notgood but just long enough i think # # Options defined in heat.common.heat_keystoneclient # # Fully qualified class name to use as a keystone backend. # (string value) #keystone_backend=heat.common.heat_keystoneclient.KeystoneClientV3 # # Options defined in heat.engine.clients # # Fully qualified class name to use as a client backend. # (string value) #cloud_backend=heat.engine.clients.OpenStackClients # # Options defined in heat.engine.notification # # Default notification level for outgoing notifications. # (string value) #default_notification_level=INFO # Default publisher_id for outgoing notifications. (string # value) #default_publisher_id= # List of drivers to send notifications (DEPRECATED). (multi # valued) #list_notifier_drivers= # # Options defined in heat.engine.resources.loadbalancer # # Custom template for the built-in loadbalancer nested stack. # (string value) #loadbalancer_template= # # Options defined in heat.openstack.common.eventlet_backdoor # # Enable eventlet backdoor. Acceptable values are 0, , # and :, where 0 results in listening on a random # tcp port number; results in listening on the # specified port number (and not enabling backdoor if that # port is in use); and : results in listening on # the smallest unused port number within the specified range # of port numbers. The chosen port is displayed in the # service's log file. (string value) #backdoor_port= # # Options defined in heat.openstack.common.log # # Print debugging output (set logging level to DEBUG instead # of default WARNING level). (boolean value) #debug=false # Print more verbose output (set logging level to INFO instead # of default WARNING level). (boolean value) #verbose=false # Log output to standard error. (boolean value) #use_stderr=true # Format string to use for log messages with context. (string # value) #logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s # Format string to use for log messages without context. # (string value) #logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s # Data to append to log format when level is DEBUG. (string # value) #logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d # Prefix each line of exception output with this format. # (string value) #logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s # List of logger=LEVEL pairs. (list value) #default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN # Enables or disables publication of error events. (boolean # value) #publish_errors=false # Enables or disables fatal status of deprecations. (boolean # value) #fatal_deprecations=false # The format for an instance that is passed with the log # message. (string value) #instance_format="[instance: %(uuid)s] " # The format for an instance UUID that is passed with the log # message. (string value) #instance_uuid_format="[instance: %(uuid)s] " # The name of a logging configuration file. This file is # appended to any existing logging configuration files. For # details about logging configuration files, see the Python # logging module documentation. (string value) # Deprecated group/name - [DEFAULT]/log_config #log_config_append= # DEPRECATED. A logging.Formatter log message format string # which may use any of the available logging.LogRecord # attributes. This option is deprecated. Please use # logging_context_format_string and # logging_default_format_string instead. (string value) #log_format= # Format string for %%(asctime)s in log records. Default: # %(default)s . (string value) #log_date_format=%Y-%m-%d %H:%M:%S # (Optional) Name of log file to output to. If no default is # set, logging will go to stdout. (string value) # Deprecated group/name - [DEFAULT]/logfile #log_file= # (Optional) The base directory used for relative --log-file # paths. (string value) # Deprecated group/name - [DEFAULT]/logdir #log_dir= # Use syslog for logging. Existing syslog format is DEPRECATED # during I, and will change in J to honor RFC5424. (boolean # value) #use_syslog=false # (Optional) Enables or disables syslog rfc5424 format for # logging. If enabled, prefixes the MSG part of the syslog # message with APP-NAME (RFC5424). The format without the APP- # NAME is deprecated in I, and will be removed in J. (boolean # value) #use_syslog_rfc_format=false # Syslog facility to receive log lines. (string value) #syslog_log_facility=LOG_USER # # Options defined in heat.openstack.common.policy # # The JSON file that defines policies. (string value) #policy_file=policy.json # Default rule. Enforced when a requested rule is not found. # (string value) #policy_default_rule=default [auth_password] # # Options defined in heat.common.config # # Allow orchestration of multiple clouds. (boolean value) #multi_cloud=false # Allowed keystone endpoints for auth_uri when multi_cloud is # enabled. At least one endpoint needs to be specified. (list # value) #allowed_auth_uris= [clients] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false [clients_ceilometer] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type= # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure= [clients_cinder] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type= # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure= # # Options defined in heat.common.config # # Allow client's debug log output. (boolean value) #http_log_debug=false [clients_glance] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type= # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure= [clients_heat] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type= # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure= # # Options defined in heat.common.config # # Optional heat url in format like # http://0.0.0.0:8004/v1/%(tenant_id)s. (string value) #url= [clients_keystone] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type= # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure= [clients_neutron] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type= # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure= [clients_nova] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type= # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure= # # Options defined in heat.common.config # # Allow client's debug log output. (boolean value) #http_log_debug=false [clients_swift] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type= # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure= [clients_trove] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type= # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure= [database] # # Options defined in oslo.db # # The file name to use with SQLite. (string value) #sqlite_db=oslo.sqlite # If True, SQLite uses synchronous mode. (boolean value) #sqlite_synchronous=true # The back end to use for the database. (string value) # Deprecated group/name - [DEFAULT]/db_backend #backend=sqlalchemy # The SQLAlchemy connection string to use to connect to the # database. (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection= # The SQLAlchemy connection string to use to connect to the # slave database. (string value) #slave_connection= # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To # use whatever SQL mode is set by the server configuration, # set this to no value. Example: mysql_sql_mode= (string # value) #mysql_sql_mode=TRADITIONAL # Timeout before idle SQL connections are reaped. (integer # value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout #idle_timeout=3600 # Minimum number of SQL connections to keep open in a pool. # (integer value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size #min_pool_size=1 # Maximum number of SQL connections to keep open in a pool. # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size= # Maximum number of database connection retries during # startup. Set to -1 to specify an infinite retry count. # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries=10 # Interval between retries of opening a SQL connection. # (integer value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval #retry_interval=10 # If set, use this value for max_overflow with SQLAlchemy. # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow #max_overflow= # Verbosity of SQL debugging information: 0=None, # 100=Everything. (integer value) # Deprecated group/name - [DEFAULT]/sql_connection_debug #connection_debug=0 # Add Python stack traces to SQL as comment strings. (boolean # value) # Deprecated group/name - [DEFAULT]/sql_connection_trace #connection_trace=false # If set, use this value for pool_timeout with SQLAlchemy. # (integer value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout #pool_timeout= # Enable the experimental use of database reconnect on # connection lost. (boolean value) #use_db_reconnect=false # Seconds between database connection retries. (integer value) #db_retry_interval=1 # If True, increases the interval between database connection # retries up to db_max_retry_interval. (boolean value) #db_inc_retry_interval=true # If db_inc_retry_interval is set, the maximum seconds between # database connection retries. (integer value) #db_max_retry_interval=10 # Maximum database connection retries before error is raised. # Set to -1 to specify an infinite retry count. (integer # value) #db_max_retries=20 [ec2authtoken] # # Options defined in heat.api.aws.ec2token # # Authentication Endpoint URI. (string value) #auth_uri= # Allow orchestration of multiple clouds. (boolean value) #multi_cloud=false # Allowed keystone endpoints for auth_uri when multi_cloud is # enabled. At least one endpoint needs to be specified. (list # value) #allowed_auth_uris= [heat_api] # # Options defined in heat.common.wsgi # # Address to bind the server. Useful when selecting a # particular network interface. (string value) #bind_host=0.0.0.0 # The port on which the server will listen. (integer value) #bind_port=8004 # Number of backlog requests to configure the socket with. # (integer value) #backlog=4096 # Location of the SSL certificate file to use for SSL mode. # (string value) #cert_file= # Location of the SSL key file to use for enabling SSL mode. # (string value) #key_file= # Number of workers for Heat service. (integer value) #workers=0 # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large # tokens (typically those generated by the Keystone v3 API # with big service catalogs). (integer value) #max_header_line=16384 [heat_api_cfn] # # Options defined in heat.common.wsgi # # Address to bind the server. Useful when selecting a # particular network interface. (string value) #bind_host=0.0.0.0 # The port on which the server will listen. (integer value) #bind_port=8000 # Number of backlog requests to configure the socket with. # (integer value) #backlog=4096 # Location of the SSL certificate file to use for SSL mode. # (string value) #cert_file= # Location of the SSL key file to use for enabling SSL mode. # (string value) #key_file= # Number of workers for Heat service. (integer value) #workers=0 # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large # tokens (typically those generated by the Keystone v3 API # with big service catalogs). (integer value) #max_header_line=16384 [heat_api_cloudwatch] # # Options defined in heat.common.wsgi # # Address to bind the server. Useful when selecting a # particular network interface. (string value) #bind_host=0.0.0.0 # The port on which the server will listen. (integer value) #bind_port=8003 # Number of backlog requests to configure the socket with. # (integer value) #backlog=4096 # Location of the SSL certificate file to use for SSL mode. # (string value) #cert_file= # Location of the SSL key file to use for enabling SSL mode. # (string value) #key_file= # Number of workers for Heat service. (integer value) #workers=0 # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large # tokens (typically those generated by the Keystone v3 API # with big service catalogs.) (integer value) #max_header_line=16384 [keystone_authtoken] # # Options defined in keystonemiddleware.auth_token # # Prefix to prepend at the beginning of the path. Deprecated, # use identity_uri. (string value) #auth_admin_prefix= # Host providing the admin Identity API endpoint. Deprecated, # use identity_uri. (string value) #auth_host=127.0.0.1 # Port of the admin Identity API endpoint. Deprecated, use # identity_uri. (integer value) #auth_port=35357 # Protocol of the admin Identity API endpoint (http or https). # Deprecated, use identity_uri. (string value) #auth_protocol=https # Complete public Identity API endpoint (string value) #auth_uri= # Complete admin Identity API endpoint. This should specify # the unversioned root endpoint e.g. https://localhost:35357/ # (string value) #identity_uri= # API version of the admin Identity API endpoint (string # value) #auth_version= # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI # components (boolean value) #delay_auth_decision=false # Request timeout value for communicating with Identity API # server. (boolean value) #http_connect_timeout= # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries=3 # This option is deprecated and may be removed in a future # release. Single shared secret with the Keystone # configuration used for bootstrapping a Keystone # installation, or otherwise bypassing the normal # authentication process. This option should not be used, use # `admin_user` and `admin_password` instead. (string value) #admin_token= # Keystone account username (string value) #admin_user= # Keystone account password (string value) #admin_password= # Keystone service account tenant name to validate user tokens # (string value) #admin_tenant_name=admin # Env key for the swift cache (string value) #cache= # Required if Keystone server requires client certificate # (string value) #certfile= # Required if Keystone server requires client certificate # (string value) #keyfile= # A PEM encoded Certificate Authority to use when verifying # HTTPs connections. Defaults to system CAs. (string value) #cafile= # Verify HTTPS connections. (boolean value) #insecure=false # Directory used to cache files related to PKI tokens (string # value) #signing_dir= # Optionally specify a list of memcached server(s) to use for # caching. If left undefined, tokens will instead be cached # in-process. (list value) # Deprecated group/name - [DEFAULT]/memcache_servers #memcached_servers= # In order to prevent excessive effort spent validating # tokens, the middleware caches previously-seen tokens for a # configurable duration (in seconds). Set to -1 to disable # caching completely. (integer value) #token_cache_time=300 # Determines the frequency at which the list of revoked tokens # is retrieved from the Identity service (in seconds). A high # number of revocation events combined with a low cache # duration may significantly reduce performance. (integer # value) #revocation_cache_time=10 # (optional) if defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable # values are MAC or ENCRYPT. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token # data is encrypted and authenticated in the cache. If the # value is not one of these options or empty, auth_token will # raise an exception on initialization. (string value) #memcache_security_strategy= # (optional, mandatory if memcache_security_strategy is # defined) this string is used for key derivation. (string # value) #memcache_secret_key= # (optional) number of seconds memcached server is considered # dead before it is tried again. (integer value) #memcache_pool_dead_retry=300 # (optional) max total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize=10 # (optional) socket timeout in seconds for communicating with # a memcache server. (integer value) #memcache_pool_socket_timeout=3 # (optional) number of seconds a connection to memcached is # held unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout=60 # (optional) number of seconds that an operation will wait to # get a memcache client connection from the pool. (integer # value) #memcache_pool_conn_get_timeout=10 # (optional) use the advanced (eventlet safe) memcache client # pool. The advanced pool will only work under python 2.x. # (boolean value) #memcache_use_advanced_pool=false # (optional) indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) #include_service_catalog=true # Used to control the use and type of token binding. Can be # set to: "disabled" to not check token binding. "permissive" # (default) to validate binding information if the bind type # is of a form known to the server and ignore it if not. # "strict" like "permissive" but if the bind type is unknown # the token will be rejected. "required" any form of token # binding is needed to be allowed. Finally the name of a # binding method that must be present in tokens. (string # value) #enforce_token_bind=permissive # If true, the revocation list will be checked for cached # tokens. This requires that PKI tokens are configured on the # Keystone server. (boolean value) #check_revocations_for_cached=false # Hash algorithms to use for hashing PKI tokens. This may be a # single algorithm or multiple. The algorithms are those # supported by Python standard hashlib.new(). The hashes will # be tried in the order given, so put the preferred one first # for performance. The result of the first hash will be stored # in the cache. This will typically be set to multiple values # only while migrating from a less secure algorithm to a more # secure one. Once all the old tokens are expired this option # should be set to a single value for better performance. # (list value) #hash_algorithms=md5 [matchmaker_redis] # # Options defined in oslo.messaging # # Host to locate redis. (string value) #host=127.0.0.1 # Use this port to connect to redis host. (integer value) #port=6379 # Password for Redis server (optional). (string value) #password= [matchmaker_ring] # # Options defined in oslo.messaging # # Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile #ringfile=/etc/oslo/matchmaker_ring.json [paste_deploy] # # Options defined in heat.common.config # # The flavor to use. (string value) #flavor= # The API paste config file to use. (string value) #api_paste_config=api-paste.ini [profiler] # # Options defined in heat.common.config # # If False fully disable profiling feature. (boolean value) #profiler_enabled=false # If False do not trace SQL requests. (boolean value) #trace_sqlalchemy=false [revision] # # Options defined in heat.common.config # # Heat build revision. If you would prefer to manage your # build revision separately, you can move this section to a # different file and add it as another config option. (string # value) #heat_revision=unknown