diff --git a/doc/user-guide/pom.xml b/doc/user-guide/pom.xml
index 79e34c8b..bdedf839 100644
--- a/doc/user-guide/pom.xml
+++ b/doc/user-guide/pom.xml
@@ -9,6 +9,7 @@
     <modules>
         <module>zaqar-api-ref</module>
         <module>zaqar-get-started</module>
+        <module>zaqar-config-ref</module>
     </modules>
     <profiles>
         <profile>
diff --git a/doc/user-guide/zaqar-config-ref/autogen/zaqar.flagmappings b/doc/user-guide/zaqar-config-ref/autogen/zaqar.flagmappings
new file mode 100644
index 00000000..5c9da80c
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/autogen/zaqar.flagmappings
@@ -0,0 +1,86 @@
+admin_mode api
+auth_strategy authentication
+daemon api
+debug logging
+default_log_levels logging
+disable_process_locking api
+fatal_deprecations logging
+instance_format logging
+instance_uuid_format logging
+lock_path api
+log_config_append logging
+log_date_format logging
+log_dir logging
+log_file logging
+log_format logging
+logging_context_format_string logging
+logging_debug_format_suffix logging
+logging_default_format_string logging
+logging_exception_prefix logging
+memcached_servers auth_token
+pooling pooling
+publish_errors logging
+syslog_log_facility logging
+use_stderr logging
+use_syslog logging
+use_syslog_rfc_format logging
+verbose logging
+drivers/storage drivers
+drivers/transport drivers
+drivers:storage:mongodb/database mongodb
+drivers:storage:mongodb/max_attempts mongodb
+drivers:storage:mongodb/max_reconnect_attempts mongodb
+drivers:storage:mongodb/max_retry_jitter mongodb
+drivers:storage:mongodb/max_retry_sleep mongodb
+drivers:storage:mongodb/partitions mongodb
+drivers:storage:mongodb/reconnect_sleep mongodb
+drivers:storage:mongodb/ssl_ca_certs mongodb
+drivers:storage:mongodb/ssl_cert_reqs mongodb
+drivers:storage:mongodb/ssl_certfile mongodb
+drivers:storage:mongodb/ssl_keyfile mongodb
+drivers:storage:mongodb/uri mongodb
+drivers:transport:wsgi/bind wsgi
+drivers:transport:wsgi/port wsgi
+keystone_authtoken/admin_password auth_token
+keystone_authtoken/admin_tenant_name auth_token
+keystone_authtoken/admin_token auth_token
+keystone_authtoken/admin_user auth_token
+keystone_authtoken/auth_admin_prefix auth_token
+keystone_authtoken/auth_host auth_token
+keystone_authtoken/auth_port auth_token
+keystone_authtoken/auth_protocol auth_token
+keystone_authtoken/auth_uri auth_token
+keystone_authtoken/auth_version auth_token
+keystone_authtoken/cache auth_token
+keystone_authtoken/cafile auth_token
+keystone_authtoken/certfile auth_token
+keystone_authtoken/check_revocations_for_cached auth_token
+keystone_authtoken/delay_auth_decision auth_token
+keystone_authtoken/enforce_token_bind auth_token
+keystone_authtoken/hash_algorithms auth_token
+keystone_authtoken/http_connect_timeout auth_token
+keystone_authtoken/http_request_max_retries auth_token
+keystone_authtoken/identity_uri auth_token
+keystone_authtoken/include_service_catalog auth_token
+keystone_authtoken/insecure auth_token
+keystone_authtoken/keyfile auth_token
+keystone_authtoken/memcache_secret_key auth_token
+keystone_authtoken/memcache_security_strategy auth_token
+keystone_authtoken/memcached_servers auth_token
+keystone_authtoken/revocation_cache_time auth_token
+keystone_authtoken/signing_dir auth_token
+keystone_authtoken/token_cache_time auth_token
+storage/claim_pipeline storage
+storage/message_pipeline storage
+storage/queue_pipeline storage
+transport/default_claim_grace transport
+transport/default_claim_ttl transport
+transport/default_message_ttl transport
+transport/max_claim_grace transport
+transport/max_claim_ttl transport
+transport/max_message_size transport
+transport/max_message_ttl transport
+transport/max_messages_per_claim_or_pop transport
+transport/max_messages_per_page transport
+transport/max_queue_metadata transport
+transport/max_queues_per_page transport
diff --git a/doc/user-guide/zaqar-config-ref/autogen/zaqar.headers b/doc/user-guide/zaqar-config-ref/autogen/zaqar.headers
new file mode 100644
index 00000000..0224659c
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/autogen/zaqar.headers
@@ -0,0 +1,10 @@
+api API
+logging Logging
+drivers Drivers
+transport Transport
+storage Storage
+wsgi WSGI
+mongodb MongoDB
+pooling Pooling
+authentication Authentication
+auth_token Keystone authtoken
diff --git a/doc/user-guide/zaqar-config-ref/common/tables/zaqar-api.xml b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-api.xml
new file mode 100644
index 00000000..735062f6
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-api.xml
@@ -0,0 +1,38 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<para xmlns="http://docbook.org/ns/docbook" version="5.0">
+  <!-- Warning: Do not edit this file. It is automatically
+     generated and your changes will be overwritten.
+     The tool to do so lives in openstack-doc-tools repository. -->
+  <table rules="all" xml:id="config_table_zaqar_api">
+    <caption>Description of API configuration options</caption>
+    <col width="50%"/>
+    <col width="50%"/>
+    <thead>
+      <tr>
+        <th>Configuration option = Default value</th>
+        <th>Description</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <th colspan="2">[DEFAULT]</th>
+      </tr>
+      <tr>
+        <td>admin_mode = False</td>
+        <td>(BoolOpt) Activate privileged endpoints.</td>
+      </tr>
+      <tr>
+        <td>daemon = False</td>
+        <td>(BoolOpt) Run Zaqar server in the background.</td>
+      </tr>
+      <tr>
+        <td>disable_process_locking = False</td>
+        <td>(BoolOpt) Enables or disables inter-process locks.</td>
+      </tr>
+      <tr>
+        <td>lock_path = None</td>
+        <td>(StrOpt) Directory to use for lock files.</td>
+      </tr>
+    </tbody>
+  </table>
+</para>
diff --git a/doc/user-guide/zaqar-config-ref/common/tables/zaqar-auth_token.xml b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-auth_token.xml
new file mode 100644
index 00000000..a46a0494
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-auth_token.xml
@@ -0,0 +1,145 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<para xmlns="http://docbook.org/ns/docbook" version="5.0">
+  <!-- Warning: Do not edit this file. It is automatically
+     generated and your changes will be overwritten.
+     The tool to do so lives in openstack-doc-tools repository. -->
+  <table rules="all" xml:id="config_table_zaqar_auth_token">
+    <caption>Description of Keystone authtoken configuration options</caption>
+    <col width="50%"/>
+    <col width="50%"/>
+    <thead>
+      <tr>
+        <th>Configuration option = Default value</th>
+        <th>Description</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <th colspan="2">[DEFAULT]</th>
+      </tr>
+      <tr>
+        <td>memcached_servers = None</td>
+        <td>(ListOpt) Memcached servers or None for in process cache.</td>
+      </tr>
+      <tr>
+        <th colspan="2">[keystone_authtoken]</th>
+      </tr>
+      <tr>
+        <td>admin_password = None</td>
+        <td>(StrOpt) Keystone account password</td>
+      </tr>
+      <tr>
+        <td>admin_tenant_name = admin</td>
+        <td>(StrOpt) Keystone service account tenant name to validate user tokens</td>
+      </tr>
+      <tr>
+        <td>admin_token = None</td>
+        <td>(StrOpt) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.</td>
+      </tr>
+      <tr>
+        <td>admin_user = None</td>
+        <td>(StrOpt) Keystone account username</td>
+      </tr>
+      <tr>
+        <td>auth_admin_prefix = </td>
+        <td>(StrOpt) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.</td>
+      </tr>
+      <tr>
+        <td>auth_host = 127.0.0.1</td>
+        <td>(StrOpt) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.</td>
+      </tr>
+      <tr>
+        <td>auth_port = 35357</td>
+        <td>(IntOpt) Port of the admin Identity API endpoint. Deprecated, use identity_uri.</td>
+      </tr>
+      <tr>
+        <td>auth_protocol = https</td>
+        <td>(StrOpt) Protocol of the admin Identity API endpoint (http or https). Deprecated, use identity_uri.</td>
+      </tr>
+      <tr>
+        <td>auth_uri = None</td>
+        <td>(StrOpt) Complete public Identity API endpoint</td>
+      </tr>
+      <tr>
+        <td>auth_version = None</td>
+        <td>(StrOpt) API version of the admin Identity API endpoint</td>
+      </tr>
+      <tr>
+        <td>cache = None</td>
+        <td>(StrOpt) Env key for the swift cache</td>
+      </tr>
+      <tr>
+        <td>cafile = None</td>
+        <td>(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.</td>
+      </tr>
+      <tr>
+        <td>certfile = None</td>
+        <td>(StrOpt) Required if Keystone server requires client certificate</td>
+      </tr>
+      <tr>
+        <td>check_revocations_for_cached = False</td>
+        <td>(BoolOpt) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the Keystone server.</td>
+      </tr>
+      <tr>
+        <td>delay_auth_decision = False</td>
+        <td>(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components</td>
+      </tr>
+      <tr>
+        <td>enforce_token_bind = permissive</td>
+        <td>(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.</td>
+      </tr>
+      <tr>
+        <td>hash_algorithms = md5</td>
+        <td>(ListOpt) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.</td>
+      </tr>
+      <tr>
+        <td>http_connect_timeout = None</td>
+        <td>(BoolOpt) Request timeout value for communicating with Identity API server.</td>
+      </tr>
+      <tr>
+        <td>http_request_max_retries = 3</td>
+        <td>(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.</td>
+      </tr>
+      <tr>
+        <td>identity_uri = None</td>
+        <td>(StrOpt) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/</td>
+      </tr>
+      <tr>
+        <td>include_service_catalog = True</td>
+        <td>(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.</td>
+      </tr>
+      <tr>
+        <td>insecure = False</td>
+        <td>(BoolOpt) Verify HTTPS connections.</td>
+      </tr>
+      <tr>
+        <td>keyfile = None</td>
+        <td>(StrOpt) Required if Keystone server requires client certificate</td>
+      </tr>
+      <tr>
+        <td>memcache_secret_key = None</td>
+        <td>(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.</td>
+      </tr>
+      <tr>
+        <td>memcache_security_strategy = None</td>
+        <td>(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT.  If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.</td>
+      </tr>
+      <tr>
+        <td>memcached_servers = None</td>
+        <td>(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.</td>
+      </tr>
+      <tr>
+        <td>revocation_cache_time = 10</td>
+        <td>(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.</td>
+      </tr>
+      <tr>
+        <td>signing_dir = None</td>
+        <td>(StrOpt) Directory used to cache files related to PKI tokens</td>
+      </tr>
+      <tr>
+        <td>token_cache_time = 300</td>
+        <td>(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.</td>
+      </tr>
+    </tbody>
+  </table>
+</para>
diff --git a/doc/user-guide/zaqar-config-ref/common/tables/zaqar-authentication.xml b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-authentication.xml
new file mode 100644
index 00000000..c962c0c4
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-authentication.xml
@@ -0,0 +1,26 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<para xmlns="http://docbook.org/ns/docbook" version="5.0">
+  <!-- Warning: Do not edit this file. It is automatically
+     generated and your changes will be overwritten.
+     The tool to do so lives in openstack-doc-tools repository. -->
+  <table rules="all" xml:id="config_table_zaqar_authentication">
+    <caption>Description of Authentication configuration options</caption>
+    <col width="50%"/>
+    <col width="50%"/>
+    <thead>
+      <tr>
+        <th>Configuration option = Default value</th>
+        <th>Description</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <th colspan="2">[DEFAULT]</th>
+      </tr>
+      <tr>
+        <td>auth_strategy = </td>
+        <td>(StrOpt) Backend to use for authentication. For no auth, keep it empty. Existing strategies: keystone. See also the keystone_authtoken section below</td>
+      </tr>
+    </tbody>
+  </table>
+</para>
diff --git a/doc/user-guide/zaqar-config-ref/common/tables/zaqar-drivers.xml b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-drivers.xml
new file mode 100644
index 00000000..a4e8dd5f
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-drivers.xml
@@ -0,0 +1,30 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<para xmlns="http://docbook.org/ns/docbook" version="5.0">
+  <!-- Warning: Do not edit this file. It is automatically
+     generated and your changes will be overwritten.
+     The tool to do so lives in openstack-doc-tools repository. -->
+  <table rules="all" xml:id="config_table_zaqar_drivers">
+    <caption>Description of Drivers configuration options</caption>
+    <col width="50%"/>
+    <col width="50%"/>
+    <thead>
+      <tr>
+        <th>Configuration option = Default value</th>
+        <th>Description</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <th colspan="2">[drivers]</th>
+      </tr>
+      <tr>
+        <td>storage = sqlite</td>
+        <td>(StrOpt) Storage driver to use.</td>
+      </tr>
+      <tr>
+        <td>transport = wsgi</td>
+        <td>(StrOpt) Transport driver to use.</td>
+      </tr>
+    </tbody>
+  </table>
+</para>
diff --git a/doc/user-guide/zaqar-config-ref/common/tables/zaqar-logging.xml b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-logging.xml
new file mode 100644
index 00000000..d9cd081c
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-logging.xml
@@ -0,0 +1,102 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<para xmlns="http://docbook.org/ns/docbook" version="5.0">
+  <!-- Warning: Do not edit this file. It is automatically
+     generated and your changes will be overwritten.
+     The tool to do so lives in openstack-doc-tools repository. -->
+  <table rules="all" xml:id="config_table_zaqar_logging">
+    <caption>Description of Logging configuration options</caption>
+    <col width="50%"/>
+    <col width="50%"/>
+    <thead>
+      <tr>
+        <th>Configuration option = Default value</th>
+        <th>Description</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <th colspan="2">[DEFAULT]</th>
+      </tr>
+      <tr>
+        <td>debug = False</td>
+        <td>(BoolOpt) Print debugging output (set logging level to DEBUG instead of default WARNING level).</td>
+      </tr>
+      <tr>
+        <td>default_log_levels = amqp=WARN, amqplib=WARN, boto=WARN, qpid=WARN, sqlalchemy=WARN, suds=INFO, oslo.messaging=INFO, iso8601=WARN, requests.packages.urllib3.connectionpool=WARN, urllib3.connectionpool=WARN, websocket=WARN</td>
+        <td>(ListOpt) List of logger=LEVEL pairs.</td>
+      </tr>
+      <tr>
+        <td>fatal_deprecations = False</td>
+        <td>(BoolOpt) Enables or disables fatal status of deprecations.</td>
+      </tr>
+      <tr>
+        <td>instance_format = "[instance: %(uuid)s] "</td>
+        <td>(StrOpt) The format for an instance that is passed with the log message.</td>
+      </tr>
+      <tr>
+        <td>instance_uuid_format = "[instance: %(uuid)s] "</td>
+        <td>(StrOpt) The format for an instance UUID that is passed with the log message.</td>
+      </tr>
+      <tr>
+        <td>log_config_append = None</td>
+        <td>(StrOpt) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation.</td>
+      </tr>
+      <tr>
+        <td>log_date_format = %Y-%m-%d %H:%M:%S</td>
+        <td>(StrOpt) Format string for %%(asctime)s in log records. Default: %(default)s .</td>
+      </tr>
+      <tr>
+        <td>log_dir = None</td>
+        <td>(StrOpt) (Optional) The base directory used for relative --log-file paths.</td>
+      </tr>
+      <tr>
+        <td>log_file = None</td>
+        <td>(StrOpt) (Optional) Name of log file to output to. If no default is set, logging will go to stdout.</td>
+      </tr>
+      <tr>
+        <td>log_format = None</td>
+        <td>(StrOpt) DEPRECATED. A logging.Formatter log message format string which may use any of the available logging.LogRecord attributes. This option is deprecated.  Please use logging_context_format_string and logging_default_format_string instead.</td>
+      </tr>
+      <tr>
+        <td>logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s</td>
+        <td>(StrOpt) Format string to use for log messages with context.</td>
+      </tr>
+      <tr>
+        <td>logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d</td>
+        <td>(StrOpt) Data to append to log format when level is DEBUG.</td>
+      </tr>
+      <tr>
+        <td>logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s</td>
+        <td>(StrOpt) Format string to use for log messages without context.</td>
+      </tr>
+      <tr>
+        <td>logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s</td>
+        <td>(StrOpt) Prefix each line of exception output with this format.</td>
+      </tr>
+      <tr>
+        <td>publish_errors = False</td>
+        <td>(BoolOpt) Enables or disables publication of error events.</td>
+      </tr>
+      <tr>
+        <td>syslog_log_facility = LOG_USER</td>
+        <td>(StrOpt) Syslog facility to receive log lines.</td>
+      </tr>
+      <tr>
+        <td>use_stderr = True</td>
+        <td>(BoolOpt) Log output to standard error.</td>
+      </tr>
+      <tr>
+        <td>use_syslog = False</td>
+        <td>(BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED during I, and will change in J to honor RFC5424.</td>
+      </tr>
+      <tr>
+        <td>use_syslog_rfc_format = False</td>
+        <td>(BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in I, and will be removed in J.</td>
+      </tr>
+      <tr>
+        <td>verbose = False</td>
+        <td>(BoolOpt) Print more verbose output (set logging level to INFO instead of default WARNING level).</td>
+      </tr>
+    </tbody>
+  </table>
+</para>
diff --git a/doc/user-guide/zaqar-config-ref/common/tables/zaqar-mongodb.xml b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-mongodb.xml
new file mode 100644
index 00000000..f0121592
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-mongodb.xml
@@ -0,0 +1,70 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<para xmlns="http://docbook.org/ns/docbook" version="5.0">
+  <!-- Warning: Do not edit this file. It is automatically
+     generated and your changes will be overwritten.
+     The tool to do so lives in openstack-doc-tools repository. -->
+  <table rules="all" xml:id="config_table_zaqar_mongodb">
+    <caption>Description of MongoDB configuration options</caption>
+    <col width="50%"/>
+    <col width="50%"/>
+    <thead>
+      <tr>
+        <th>Configuration option = Default value</th>
+        <th>Description</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <th colspan="2">[drivers:storage:mongodb]</th>
+      </tr>
+      <tr>
+        <td>database = zaqar</td>
+        <td>(StrOpt) Database name.</td>
+      </tr>
+      <tr>
+        <td>max_attempts = 1000</td>
+        <td>(IntOpt) Maximum number of times to retry a failed operation. Currently only used for retrying a message post.</td>
+      </tr>
+      <tr>
+        <td>max_reconnect_attempts = 10</td>
+        <td>(IntOpt) Maximum number of times to retry an operation that failed due to a primary node failover.</td>
+      </tr>
+      <tr>
+        <td>max_retry_jitter = 0.005</td>
+        <td>(FloatOpt) Maximum jitter interval, to be added to the sleep interval, in order to decrease probability that parallel requests will retry at the same instant.</td>
+      </tr>
+      <tr>
+        <td>max_retry_sleep = 0.1</td>
+        <td>(FloatOpt) Maximum sleep interval between retries (actual sleep time increases linearly according to number of attempts performed).</td>
+      </tr>
+      <tr>
+        <td>partitions = 2</td>
+        <td>(IntOpt) Number of databases across which to partition message data, in order to reduce writer lock %. DO NOT change this setting after initial deployment. It MUST remain static. Also, you should not need a large number of partitions to improve performance, esp. if deploying MongoDB on SSD storage.</td>
+      </tr>
+      <tr>
+        <td>reconnect_sleep = 0.02</td>
+        <td>(FloatOpt) Base sleep interval between attempts to reconnect after a primary node failover. The actual sleep time increases exponentially (power of 2) each time the operation is retried.</td>
+      </tr>
+      <tr>
+        <td>ssl_ca_certs = None</td>
+        <td>(StrOpt) The ca_certs file contains a set of concatenated "certification authority" certificates, which are used to validate certificates passed from the other end of the connection.</td>
+      </tr>
+      <tr>
+        <td>ssl_cert_reqs = CERT_REQUIRED</td>
+        <td>(StrOpt) Specifies whether a certificate is required from the other side of the connection, and whether it will be validated if provided. It must be one of the three values ``CERT_NONE``(certificates ignored), ``CERT_OPTIONAL``(not required, but validated if provided), or ``CERT_REQUIRED``(required and validated). If the value of this parameter is not ``CERT_NONE``, then the ``ssl_ca_cert`` parameter must point to a file of CA certificates.</td>
+      </tr>
+      <tr>
+        <td>ssl_certfile = None</td>
+        <td>(StrOpt) The certificate file used to identify the local connection against mongod.</td>
+      </tr>
+      <tr>
+        <td>ssl_keyfile = None</td>
+        <td>(StrOpt) The private keyfile used to identify the local connection against mongod. If included with the ``certifle`` then only the ``ssl_certfile`` is needed.</td>
+      </tr>
+      <tr>
+        <td>uri = None</td>
+        <td>(StrOpt) Mongodb Connection URI. If ssl connection enabled, then ``ssl_keyfile``, ``ssl_certfile``, ``ssl_cert_reqs``, ``ssl_ca_certs`` need to be set accordingly.</td>
+      </tr>
+    </tbody>
+  </table>
+</para>
diff --git a/doc/user-guide/zaqar-config-ref/common/tables/zaqar-pooling.xml b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-pooling.xml
new file mode 100644
index 00000000..7b5abaa6
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-pooling.xml
@@ -0,0 +1,26 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<para xmlns="http://docbook.org/ns/docbook" version="5.0">
+  <!-- Warning: Do not edit this file. It is automatically
+     generated and your changes will be overwritten.
+     The tool to do so lives in openstack-doc-tools repository. -->
+  <table rules="all" xml:id="config_table_zaqar_pooling">
+    <caption>Description of Pooling configuration options</caption>
+    <col width="50%"/>
+    <col width="50%"/>
+    <thead>
+      <tr>
+        <th>Configuration option = Default value</th>
+        <th>Description</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <th colspan="2">[DEFAULT]</th>
+      </tr>
+      <tr>
+        <td>pooling = False</td>
+        <td>(BoolOpt) ('Enable pooling across multiple storage backends. ', 'If pooling is enabled, the storage driver ', 'configuration is used to determine where the ', 'catalogue/control plane data is kept.')</td>
+      </tr>
+    </tbody>
+  </table>
+</para>
diff --git a/doc/user-guide/zaqar-config-ref/common/tables/zaqar-storage.xml b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-storage.xml
new file mode 100644
index 00000000..aa9f95c5
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-storage.xml
@@ -0,0 +1,34 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<para xmlns="http://docbook.org/ns/docbook" version="5.0">
+  <!-- Warning: Do not edit this file. It is automatically
+     generated and your changes will be overwritten.
+     The tool to do so lives in openstack-doc-tools repository. -->
+  <table rules="all" xml:id="config_table_zaqar_storage">
+    <caption>Description of Storage configuration options</caption>
+    <col width="50%"/>
+    <col width="50%"/>
+    <thead>
+      <tr>
+        <th>Configuration option = Default value</th>
+        <th>Description</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <th colspan="2">[storage]</th>
+      </tr>
+      <tr>
+        <td>claim_pipeline = </td>
+        <td>(ListOpt) Pipeline to use for processing claim operations. This pipeline will be consumed before calling the storage driver's controller methods.</td>
+      </tr>
+      <tr>
+        <td>message_pipeline = </td>
+        <td>(ListOpt) Pipeline to use for processing message operations. This pipeline will be consumed before calling the storage driver's controller methods.</td>
+      </tr>
+      <tr>
+        <td>queue_pipeline = </td>
+        <td>(ListOpt) Pipeline to use for processing queue operations. This pipeline will be consumed before calling the storage driver's controller methods.</td>
+      </tr>
+    </tbody>
+  </table>
+</para>
diff --git a/doc/user-guide/zaqar-config-ref/common/tables/zaqar-transport.xml b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-transport.xml
new file mode 100644
index 00000000..27a766a9
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-transport.xml
@@ -0,0 +1,66 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<para xmlns="http://docbook.org/ns/docbook" version="5.0">
+  <!-- Warning: Do not edit this file. It is automatically
+     generated and your changes will be overwritten.
+     The tool to do so lives in openstack-doc-tools repository. -->
+  <table rules="all" xml:id="config_table_zaqar_transport">
+    <caption>Description of Transport configuration options</caption>
+    <col width="50%"/>
+    <col width="50%"/>
+    <thead>
+      <tr>
+        <th>Configuration option = Default value</th>
+        <th>Description</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <th colspan="2">[transport]</th>
+      </tr>
+      <tr>
+        <td>default_claim_grace = 60</td>
+        <td>(IntOpt) No help text available for this option.</td>
+      </tr>
+      <tr>
+        <td>default_claim_ttl = 300</td>
+        <td>(IntOpt) No help text available for this option.</td>
+      </tr>
+      <tr>
+        <td>default_message_ttl = 3600</td>
+        <td>(IntOpt) No help text available for this option.</td>
+      </tr>
+      <tr>
+        <td>max_claim_grace = 43200</td>
+        <td>(IntOpt) No help text available for this option.</td>
+      </tr>
+      <tr>
+        <td>max_claim_ttl = 43200</td>
+        <td>(IntOpt) No help text available for this option.</td>
+      </tr>
+      <tr>
+        <td>max_message_size = 262144</td>
+        <td>(IntOpt) No help text available for this option.</td>
+      </tr>
+      <tr>
+        <td>max_message_ttl = 1209600</td>
+        <td>(IntOpt) No help text available for this option.</td>
+      </tr>
+      <tr>
+        <td>max_messages_per_claim_or_pop = 20</td>
+        <td>(IntOpt) The maximum number of messages that can be claimed (OR) popped in a single request</td>
+      </tr>
+      <tr>
+        <td>max_messages_per_page = 20</td>
+        <td>(IntOpt) No help text available for this option.</td>
+      </tr>
+      <tr>
+        <td>max_queue_metadata = 65536</td>
+        <td>(IntOpt) No help text available for this option.</td>
+      </tr>
+      <tr>
+        <td>max_queues_per_page = 20</td>
+        <td>(IntOpt) No help text available for this option.</td>
+      </tr>
+    </tbody>
+  </table>
+</para>
diff --git a/doc/user-guide/zaqar-config-ref/common/tables/zaqar-wsgi.xml b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-wsgi.xml
new file mode 100644
index 00000000..31977bc6
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/common/tables/zaqar-wsgi.xml
@@ -0,0 +1,30 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<para xmlns="http://docbook.org/ns/docbook" version="5.0">
+  <!-- Warning: Do not edit this file. It is automatically
+     generated and your changes will be overwritten.
+     The tool to do so lives in openstack-doc-tools repository. -->
+  <table rules="all" xml:id="config_table_zaqar_wsgi">
+    <caption>Description of WSGI configuration options</caption>
+    <col width="50%"/>
+    <col width="50%"/>
+    <thead>
+      <tr>
+        <th>Configuration option = Default value</th>
+        <th>Description</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <th colspan="2">[drivers:transport:wsgi]</th>
+      </tr>
+      <tr>
+        <td>bind = 127.0.0.1</td>
+        <td>(StrOpt) Address on which the self-hosting server will listen.</td>
+      </tr>
+      <tr>
+        <td>port = 8888</td>
+        <td>(IntOpt) Port on which the self-hosting server will listen.</td>
+      </tr>
+    </tbody>
+  </table>
+</para>
diff --git a/doc/user-guide/zaqar-config-ref/os-zaqar-configRef.xml b/doc/user-guide/zaqar-config-ref/os-zaqar-configRef.xml
new file mode 100644
index 00000000..998654af
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/os-zaqar-configRef.xml
@@ -0,0 +1,257 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<book xmlns="http://docbook.org/ns/docbook"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      version="5.0" xml:id="os-zaqar-configRef">
+    <title>Messaging and Notifications API v1 Configuration Reference</title>
+    <titleabbrev>Messaging and Notifications Configuration Reference</titleabbrev>
+    <info>
+        <!-- <copyright>
+          <year>2013</year>
+          <year>2014</year>
+          <holder>OpenStack Foundation</holder>
+        </copyright> -->
+        <releaseinfo>API v1</releaseinfo>
+        <productname>Messaging and Notifications</productname>
+        <pubdate>2014-08-20</pubdate>
+        <!--Note that the <productname> text matches the first few words of the title. The build system splits the title into productname + rest of title on the pdf cover.-->
+        <!--If you leave the <pubdate> element empty, the build system inserts today's date automatically.   -->
+        <legalnotice role="apache2">
+            <annotation>
+                <remark>Copyright details are filled in by the build
+                    system.
+                </remark>
+            </annotation>
+        </legalnotice>
+        <abstract>
+            <para>This document is intended for software developers interested in deploying
+                the Messaging and Notifications service.
+            </para>
+        </abstract>
+        <revhistory>
+            <revision>
+                <date>2014-08-10</date>
+                <revdescription>
+                    <para>Initial document for OpenStack incubation.</para>
+                </revdescription>
+            </revision>
+        </revhistory>
+    </info>
+    <chapter xml:id="introduction">
+        <title>Introduction to the Messaging and Notifications service</title>
+        <para>Zaqar is a multi-tenant, fast, reliable, scalable cloud messaging and notification service.
+              It allows developers to share data between distributed application components performing different tasks,
+              without losing messages or requiring each component to be always available.</para>
+        <para>The service features a ReST API, which developers can use to send messages between various
+              components of their SaaS and mobile applications, by using a variety of communication patterns.</para>
+        <para>Underlying this API is an efficient messaging engine designed with scalability and security in mind.</para>
+        <simplesect>
+            <title>Key features</title>
+            <para>The Messaging and Notifications service provides the following key features:</para>
+            <itemizedlist>
+                <listitem>
+                    <para>Firewall-friendly, HTTP-based API with Keystone support</para>
+                </listitem>
+                <listitem>
+                    <para>Multi-tenant queues based on Keystone project IDs</para>
+                </listitem>
+                <listitem>
+                    <para>Support for several common patterns including event broadcasting, task distribution, and point-to-point messaging</para>
+                </listitem>
+                <listitem>
+                    <para>Component-based architecture with support for custom backends and message filters</para>
+                </listitem>
+                <listitem>
+                    <para>Efficient reference implementation with an eye toward low latency and high throughput (dependent on backend)</para>
+                </listitem>
+                <listitem>
+                    <para>Highly-available and horizontally scalable</para>
+                </listitem>
+            </itemizedlist>
+        </simplesect>
+        <simplesect>
+            <title>Components</title>
+            <para>The Messaging and Notifications service contains the following components:</para>
+            <itemizedlist>
+                <listitem>
+                    <para><emphasis role="bold">Transport backend</emphasis>. The Messaging and Notifications
+                          service requires the selection of a transport specification responsible of the communication
+                          between the endpoints. In addition to the base driver implementation, the Messaging
+                          and Notifications service also provides the means to add support for other transport mechanisms.
+                          The default option is WSGI.
+                    </para>
+                </listitem>
+                <listitem>
+                    <para><emphasis role="bold">Storage backend</emphasis>. The Messaging and Notifications service
+                          depends on a storage engine for message persistence. In addition to the base driver implementation,
+                          the Messaging and Notifications service also provides the means to add support for other
+                          storage solutions. The default storage option is MongoDB.
+                    </para>
+                </listitem>
+            </itemizedlist>
+        </simplesect>
+    </chapter>
+    <chapter xml:id="configuration">
+        <title>Configure the Messaging and Notifications service</title>
+        <section xml:id="configuration-overview">
+        <title>Overview of zaqar.conf</title>
+        <para>The <filename>zaqar.conf</filename>
+            configuration file uses an <link xlink:href="https://en.wikipedia.org/wiki/INI_file">INI file format</link>
+            as explained in the
+            <link xlink:href="http://docs.openstack.org/trunk/config-reference/content/config_format.html">"Configuration file format"</link>
+            section of the <link xlink:href="http://docs.openstack.org/trunk/config-reference">OpenStack Configuration Reference</link>.
+        </para>
+        <para>This file is located in <literal>/etc/zaqar</literal> within the Zaqar folder.
+              When you manually install the Messaging and Notifications service,
+              you must generate the zaqar.conf file using the config samples
+              generator located in <literal>tools/config/generate_sample.sh</literal>
+              and customize it according to your preferences.</para>
+        <para>Example usage of the sample generator script:
+            <programlisting>
+                $ generate_sample.sh -b /opt/stack/zaqar -p zaqar -o /etc/zaqar
+            </programlisting>
+        </para>
+        <simplesect>
+            <title>Sections</title>
+            <para>Configuration options are grouped by section. The
+                Message Queueing configuration file supports the following sections:
+                <variablelist>
+                    <varlistentry>
+                        <term>
+                            <literal>[DEFAULT]</literal>
+                        </term>
+                        <listitem>
+                            <para>Contains most configuration options. If
+                                the documentation for a configuration
+                                option does not specify its section,
+                                assume that it appears in this
+                                section.
+                            </para>
+                        </listitem>
+                    </varlistentry>
+                    <varlistentry>
+                        <term>
+                            <literal>[drivers]</literal>
+                        </term>
+                        <listitem>
+                            <para>Select drivers.</para>
+                        </listitem>
+                    </varlistentry>
+                    <varlistentry>
+                        <term>
+                            <literal>[transport]</literal>
+                        </term>
+                        <listitem>
+                            <para>Configures general transport options.</para>
+                        </listitem>
+                    </varlistentry>
+                    <varlistentry>
+                        <term>
+                            <literal>[drivers:transport:wsgi]</literal>
+                        </term>
+                        <listitem>
+                            <para>Configures the WSGI driver.</para>
+                        </listitem>
+                    </varlistentry>
+                    <varlistentry>
+                        <term>
+                            <literal>[storage]</literal>
+                        </term>
+                        <listitem>
+                            <para>Configures general storage options.</para>
+                        </listitem>
+                    </varlistentry>
+                    <varlistentry>
+                        <term>
+                            <literal>[drivers:storage:mongodb]</literal>
+                        </term>
+                        <listitem>
+                            <para>Configures the MongoDB driver.</para>
+                        </listitem>
+                    </varlistentry>
+                    <varlistentry>
+                        <term>
+                            <literal>[keystone_authtoken]</literal>
+                        </term>
+                        <listitem>
+                            <para>Configures the Keystone Identity Service endpoint.</para>
+                        </listitem>
+                    </varlistentry>
+                </variablelist>
+            </para>
+            </simplesect>
+        </section>
+        <section xml:id="config-api">
+            <title>API options</title>
+            <para>The Messaging and Notifications service can be configured by changing the following
+                  parameters:
+            </para>
+            <xi:include href="common/tables/zaqar-api.xml"/>
+        </section>
+        <section xml:id="config-logging">
+            <title>Configure logging</title>
+            <para>You can use the zaqar.conf file to configure where the Messaging and Notifications service logs events,
+                  the logging levels and log formats.</para>
+            <para>To customize logging for the Messaging and Notifications service, use the following configuration
+                  settings in the [DEFAULT] section:</para>
+            <xi:include href="common/tables/zaqar-logging.xml"/>
+        </section>
+        <section xml:id="config-drivers">
+            <title>Configure drivers</title>
+            <para>The transport and storage drivers used by the Messaging and Notifications service
+                  are determined by the following options:</para>
+            <xi:include href="common/tables/zaqar-drivers.xml"/>
+        </section>
+        <section xml:id="config-storage">
+            <title>Configure general storage driver options</title>
+            <para>The Messaging and Notifications service supports several different backends for storing
+                  messages and their metadata. The recommended storage backend is MongoDB.
+                  The following tables detail the available options:</para>
+            <xi:include href="common/tables/zaqar-storage.xml"/>
+            <xi:include href="common/tables/zaqar-mongodb.xml"/>
+        </section>
+        <section xml:id="config-transport">
+            <title>Configure general transport driver options</title>
+            <para>The Messaging and Notifications service uses WSGI as the default transport mechanism.
+                  The following tables detail the available options:</para>
+            <xi:include href="common/tables/zaqar-transport.xml"/>
+            <xi:include href="common/tables/zaqar-wsgi.xml"/>
+        </section>
+        <section xml:id="config-auth">
+            <title>Configure authentication and authorization</title>
+            <para>All requests to the API may only be performed by an authenticated agent.</para>
+            <para>The preferred authentication system is the OpenStack Identity service, code-named Keystone.</para>
+            <para>To authenticate, an agent issues an authentication request to a Keystone Identity Service endpoint.
+                  In response to valid credentials, Keystone responds with an auth token and a service catalog that
+                  contains a list of all services and endpoints available for the given token.</para>
+            <para>Multiple endpoints may be returned for Zaqar according to physical locations
+                  and performance/availability characteristics of different deployments.</para>
+            <para>Normally, Keystone middleware provides the <literal>X-Project-Id</literal> header based on the
+                  auth token submitted by the Zaqar client.</para>
+            <para>For this to work, clients must specify a valid auth token in the <literal>X-Auth-Token</literal>
+                  header for each request to the Zaqar API. The API validates auth tokens against Keystone before
+                  servicing each request</para>
+            <para>If auth is not enabled, clients must provide the <literal>X-Project-Id</literal> header themselves.</para>
+            <para>Configure the authentication and authorization strategy through these options:</para>
+            <xi:include href="common/tables/zaqar-authentication.xml"/>
+            <xi:include href="common/tables/zaqar-auth_token.xml"/>
+        </section>
+        <section xml:id="config-pooling">
+            <title>Configure pooling</title>
+            <para>The Messaging and Notifications service supports pooling.</para>
+            <para>
+                Pooling aims to make Zaqar highly scalable without losing any of its flexibility
+                by allowing users to use multiple-backends.
+            </para>
+            <para>You can enable and configure pooling with the following options:</para>
+            <xi:include href="common/tables/zaqar-pooling.xml"/>
+        </section>
+        <section xml:id="config-samples">
+            <title>Messaging and Notifications Service configuration files samples</title>
+            <para>This example shows the default zaqar.conf file:</para>
+            <programlisting language="ini">
+                <xi:include parse="text" href="http://git.openstack.org/cgit/openstack/zaqar/plain/etc/zaqar.conf.sample"/>
+            </programlisting>
+        </section>
+    </chapter>
+</book>
\ No newline at end of file
diff --git a/doc/user-guide/zaqar-config-ref/pom.xml b/doc/user-guide/zaqar-config-ref/pom.xml
new file mode 100644
index 00000000..947eb130
--- /dev/null
+++ b/doc/user-guide/zaqar-config-ref/pom.xml
@@ -0,0 +1,67 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <parent>
+        <groupId>org.openstack.docs</groupId>
+        <artifactId>parent-pom</artifactId>
+        <version>1.0.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>zaqar-config-ref</artifactId>
+    <packaging>jar</packaging>
+    <name>OpenStack Messaging and Notifications API v1 Configuration Reference</name>
+    <properties>
+        <!-- This is set by Jenkins according to the branch. -->
+        <release.path.name>local</release.path.name>
+        <comments.enabled>1</comments.enabled>
+    </properties>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>com.rackspace.cloud.api</groupId>
+                <artifactId>clouddocs-maven-plugin</artifactId>
+                <executions>
+                    <!-- Configuration for OpenStack Message Queuing API v1 -->
+                    <execution>
+                        <id>generate-webhelp</id>
+                        <goals>
+                            <goal>generate-webhelp</goal>
+                        </goals>
+                        <phase>generate-sources</phase>
+                        <configuration>
+                            <includes> os-zaqar-configRef.xml </includes>
+                            <generateToc> appendix toc,title
+                                article/appendix nop
+                                article toc,title
+                                book toc,title,figure,table,example,equation
+                                chapter toc,title
+                                section toc
+                                part toc,title
+                                qandadiv toc
+                                qandaset toc
+                                reference toc,title
+                                set toc,title </generateToc>
+                            <webhelpDirname>zaqar-config-ref</webhelpDirname>
+                            <pdfFilenameBase>zaqar-config-ref</pdfFilenameBase>
+                        </configuration>
+                    </execution>
+                </executions>
+                <configuration>
+                    <enableDisqus>1</enableDisqus>
+                    <enableGoogleAnalytics>0</enableGoogleAnalytics>
+                    <branding>builtforOpenStack</branding>
+                    <showXslMessages>true</showXslMessages>
+                    <chapterAutolabel>1</chapterAutolabel>
+                    <sectionAutolabel>0</sectionAutolabel>
+                    <tocSectionDepth>1</tocSectionDepth>
+                    <formalProcedures>0</formalProcedures>
+                    <highlightSource>false</highlightSource>
+                    <xincludeSupported>true</xincludeSupported>
+                    <sourceDirectory>.</sourceDirectory>
+                    <canonicalUrlBase>http://docs.openstack.org/zaqar-config-ref/content/</canonicalUrlBase>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>
\ No newline at end of file

Configuration option = Default value	Description
[DEFAULT]
admin_mode = False	(BoolOpt) Activate privileged endpoints.
daemon = False	(BoolOpt) Run Zaqar server in the background.
disable_process_locking = False	(BoolOpt) Enables or disables inter-process locks.
lock_path = None	(StrOpt) Directory to use for lock files.
Configuration option = Default value	Description
[DEFAULT]
memcached_servers = None	(ListOpt) Memcached servers or None for in process cache.
[keystone_authtoken]
admin_password = None	(StrOpt) Keystone account password
admin_tenant_name = admin	(StrOpt) Keystone service account tenant name to validate user tokens
admin_token = None	(StrOpt) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
admin_user = None	(StrOpt) Keystone account username
auth_admin_prefix =	(StrOpt) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
auth_host = 127.0.0.1	(StrOpt) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
auth_port = 35357	(IntOpt) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
auth_protocol = https	(StrOpt) Protocol of the admin Identity API endpoint (http or https). Deprecated, use identity_uri.
auth_uri = None	(StrOpt) Complete public Identity API endpoint
auth_version = None	(StrOpt) API version of the admin Identity API endpoint
cache = None	(StrOpt) Env key for the swift cache
cafile = None	(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
certfile = None	(StrOpt) Required if Keystone server requires client certificate
check_revocations_for_cached = False	(BoolOpt) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the Keystone server.
delay_auth_decision = False	(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components
enforce_token_bind = permissive	(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
hash_algorithms = md5	(ListOpt) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
http_connect_timeout = None	(BoolOpt) Request timeout value for communicating with Identity API server.
http_request_max_retries = 3	(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.
identity_uri = None	(StrOpt) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
include_service_catalog = True	(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
insecure = False	(BoolOpt) Verify HTTPS connections.
keyfile = None	(StrOpt) Required if Keystone server requires client certificate
memcache_secret_key = None	(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.
memcache_security_strategy = None	(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
memcached_servers = None	(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
revocation_cache_time = 10	(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
signing_dir = None	(StrOpt) Directory used to cache files related to PKI tokens
token_cache_time = 300	(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
Configuration option = Default value	Description
[DEFAULT]
auth_strategy =	(StrOpt) Backend to use for authentication. For no auth, keep it empty. Existing strategies: keystone. See also the keystone_authtoken section below
Configuration option = Default value	Description
[drivers]
storage = sqlite	(StrOpt) Storage driver to use.
transport = wsgi	(StrOpt) Transport driver to use.
Configuration option = Default value	Description
[DEFAULT]
debug = False	(BoolOpt) Print debugging output (set logging level to DEBUG instead of default WARNING level).
default_log_levels = amqp=WARN, amqplib=WARN, boto=WARN, qpid=WARN, sqlalchemy=WARN, suds=INFO, oslo.messaging=INFO, iso8601=WARN, requests.packages.urllib3.connectionpool=WARN, urllib3.connectionpool=WARN, websocket=WARN	(ListOpt) List of logger=LEVEL pairs.
fatal_deprecations = False	(BoolOpt) Enables or disables fatal status of deprecations.
instance_format = "[instance: %(uuid)s] "	(StrOpt) The format for an instance that is passed with the log message.
instance_uuid_format = "[instance: %(uuid)s] "	(StrOpt) The format for an instance UUID that is passed with the log message.
log_config_append = None	(StrOpt) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation.
log_date_format = %Y-%m-%d %H:%M:%S	(StrOpt) Format string for %%(asctime)s in log records. Default: %(default)s .
log_dir = None	(StrOpt) (Optional) The base directory used for relative --log-file paths.
log_file = None	(StrOpt) (Optional) Name of log file to output to. If no default is set, logging will go to stdout.
log_format = None	(StrOpt) DEPRECATED. A logging.Formatter log message format string which may use any of the available logging.LogRecord attributes. This option is deprecated. Please use logging_context_format_string and logging_default_format_string instead.
logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s	(StrOpt) Format string to use for log messages with context.
logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d	(StrOpt) Data to append to log format when level is DEBUG.
logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s	(StrOpt) Format string to use for log messages without context.
logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s	(StrOpt) Prefix each line of exception output with this format.
publish_errors = False	(BoolOpt) Enables or disables publication of error events.
syslog_log_facility = LOG_USER	(StrOpt) Syslog facility to receive log lines.
use_stderr = True	(BoolOpt) Log output to standard error.
use_syslog = False	(BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED during I, and will change in J to honor RFC5424.
use_syslog_rfc_format = False	(BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in I, and will be removed in J.
verbose = False	(BoolOpt) Print more verbose output (set logging level to INFO instead of default WARNING level).
Configuration option = Default value	Description
[drivers:storage:mongodb]
database = zaqar	(StrOpt) Database name.
max_attempts = 1000	(IntOpt) Maximum number of times to retry a failed operation. Currently only used for retrying a message post.
max_reconnect_attempts = 10	(IntOpt) Maximum number of times to retry an operation that failed due to a primary node failover.
max_retry_jitter = 0.005	(FloatOpt) Maximum jitter interval, to be added to the sleep interval, in order to decrease probability that parallel requests will retry at the same instant.
max_retry_sleep = 0.1	(FloatOpt) Maximum sleep interval between retries (actual sleep time increases linearly according to number of attempts performed).
partitions = 2	(IntOpt) Number of databases across which to partition message data, in order to reduce writer lock %. DO NOT change this setting after initial deployment. It MUST remain static. Also, you should not need a large number of partitions to improve performance, esp. if deploying MongoDB on SSD storage.
reconnect_sleep = 0.02	(FloatOpt) Base sleep interval between attempts to reconnect after a primary node failover. The actual sleep time increases exponentially (power of 2) each time the operation is retried.
ssl_ca_certs = None	(StrOpt) The ca_certs file contains a set of concatenated "certification authority" certificates, which are used to validate certificates passed from the other end of the connection.
ssl_cert_reqs = CERT_REQUIRED	(StrOpt) Specifies whether a certificate is required from the other side of the connection, and whether it will be validated if provided. It must be one of the three values ``CERT_NONE``(certificates ignored), ``CERT_OPTIONAL``(not required, but validated if provided), or ``CERT_REQUIRED``(required and validated). If the value of this parameter is not ``CERT_NONE``, then the ``ssl_ca_cert`` parameter must point to a file of CA certificates.
ssl_certfile = None	(StrOpt) The certificate file used to identify the local connection against mongod.
ssl_keyfile = None	(StrOpt) The private keyfile used to identify the local connection against mongod. If included with the ``certifle`` then only the ``ssl_certfile`` is needed.
uri = None	(StrOpt) Mongodb Connection URI. If ssl connection enabled, then ``ssl_keyfile``, ``ssl_certfile``, ``ssl_cert_reqs``, ``ssl_ca_certs`` need to be set accordingly.
Configuration option = Default value	Description
[DEFAULT]
pooling = False	(BoolOpt) ('Enable pooling across multiple storage backends. ', 'If pooling is enabled, the storage driver ', 'configuration is used to determine where the ', 'catalogue/control plane data is kept.')
Configuration option = Default value	Description
[storage]
claim_pipeline =	(ListOpt) Pipeline to use for processing claim operations. This pipeline will be consumed before calling the storage driver's controller methods.
message_pipeline =	(ListOpt) Pipeline to use for processing message operations. This pipeline will be consumed before calling the storage driver's controller methods.
queue_pipeline =	(ListOpt) Pipeline to use for processing queue operations. This pipeline will be consumed before calling the storage driver's controller methods.
Configuration option = Default value	Description
[transport]
default_claim_grace = 60	(IntOpt) No help text available for this option.
default_claim_ttl = 300	(IntOpt) No help text available for this option.
default_message_ttl = 3600	(IntOpt) No help text available for this option.
max_claim_grace = 43200	(IntOpt) No help text available for this option.
max_claim_ttl = 43200	(IntOpt) No help text available for this option.
max_message_size = 262144	(IntOpt) No help text available for this option.
max_message_ttl = 1209600	(IntOpt) No help text available for this option.
max_messages_per_claim_or_pop = 20	(IntOpt) The maximum number of messages that can be claimed (OR) popped in a single request
max_messages_per_page = 20	(IntOpt) No help text available for this option.
max_queue_metadata = 65536	(IntOpt) No help text available for this option.
max_queues_per_page = 20	(IntOpt) No help text available for this option.
Configuration option = Default value	Description
[drivers:transport:wsgi]
bind = 127.0.0.1	(StrOpt) Address on which the self-hosting server will listen.
port = 8888	(IntOpt) Port on which the self-hosting server will listen.