[DEFAULT] # # Options defined in heat.api.middleware.ssl # # The HTTP Header that will be used to determine which the # original request protocol scheme was, even if it was removed # by an SSL terminator proxy. (string value) #secure_proxy_ssl_header=X-Forwarded-Proto # # Options defined in heat.api.middleware.x_forwarded_for # # The HTTP header that will be used as remote address. (string # value) #forward_header_name=X-Forwarded-For # # Options defined in heat.common.config # # The default user for new instances. This option is # deprecated and will be removed in the Juno release. If it's # empty, Heat will use the default user set up with your cloud # image (for OS::Nova::Server) or 'ec2-user' (for # AWS::EC2::Instance). (string value) #instance_user=ec2-user # Driver to use for controlling instances. (string value) #instance_driver=heat.engine.nova # List of directories to search for plug-ins. (list value) #plugin_dirs=/usr/lib64/heat,/usr/lib/heat # The directory to search for environment files. (string # value) #environment_dir=/etc/heat/environment.d # Select deferred auth method, stored password or trusts. # (string value) #deferred_auth_method=password # Subset of trustor roles to be delegated to heat. (list # value) #trusts_delegated_roles=heat_stack_owner # Maximum resources allowed per top-level stack. (integer # value) #max_resources_per_stack=1000 # Maximum number of stacks any one tenant may have active at # one time. (integer value) #max_stacks_per_tenant=100 # Controls how many events will be pruned whenever a stack's # events exceed max_events_per_stack. Set this lower to keep # more events at the expense of more frequent purges. (integer # value) #event_purge_batch_size=10 # Maximum events that will be available per stack. Older # events will be deleted when this is reached. Set to 0 for # unlimited events per stack. (integer value) #max_events_per_stack=1000 # Timeout in seconds for stack action (ie. create or update). # (integer value) #stack_action_timeout=3600 # RPC timeout for the engine liveness check that is used for # stack locking. (integer value) #engine_life_check_timeout=2 # onready allows you to send a notification when the heat # processes are ready to serve. This is either a module with # the notify() method or a shell command. To enable # notifications with systemd, one may use the 'systemd-notify # --ready' shell command or the 'heat.common.systemd' # notification module. (string value) #onready= # Name of the engine node. This can be an opaque identifier. # It is not necessarily a hostname, FQDN, or IP address. # (string value) #host=heat # Seconds between running periodic tasks. (integer value) #periodic_interval=60 # URL of the Heat metadata server. (string value) #heat_metadata_server_url= # URL of the Heat waitcondition server. (string value) #heat_waitcondition_server_url= # URL of the Heat CloudWatch server. (string value) #heat_watch_server_url= # Instance connection to CFN/CW API via https. (string value) #instance_connection_is_secure=0 # Instance connection to CFN/CW API validate certs if SSL is # used. (string value) #instance_connection_https_validate_certificates=1 # Default region name used to get services endpoints. (string # value) #region_name_for_services= # Keystone role for heat template-defined users. (string # value) #heat_stack_user_role=heat_stack_user # Keystone domain ID which contains heat template-defined # users. (string value) #stack_user_domain= # Keystone username, a user with roles sufficient to manage # users and projects in the stack_user_domain. (string value) #stack_domain_admin= # Keystone password for stack_domain_admin user. (string # value) #stack_domain_admin_password= # Maximum raw byte size of any template. (integer value) #max_template_size=524288 # Maximum depth allowed when using nested stacks. (integer # value) #max_nested_stack_depth=3 # # Options defined in heat.common.crypt # # Encryption key used for authentication info in database. # (string value) #auth_encryption_key=notgood but just long enough i think # # Options defined in heat.common.heat_keystoneclient # # Fully qualified class name to use as a keystone backend. # (string value) #keystone_backend=heat.common.heat_keystoneclient.KeystoneClientV3 # # Options defined in heat.common.wsgi # # Maximum raw byte size of JSON request body. Should be larger # than max_template_size. (integer value) #max_json_body_size=1048576 # # Options defined in heat.engine.clients # # Fully qualified class name to use as a client backend. # (string value) #cloud_backend=heat.engine.clients.OpenStackClients # # Options defined in heat.engine.resources.loadbalancer # # Custom template for the built-in loadbalancer nested stack. # (string value) #loadbalancer_template= # # Options defined in heat.openstack.common.eventlet_backdoor # # Enable eventlet backdoor. Acceptable values are 0, , # and :, where 0 results in listening on a random # tcp port number; results in listening on the # specified port number (and not enabling backdoor if that # port is in use); and : results in listening on # the smallest unused port number within the specified range # of port numbers. The chosen port is displayed in the # service's log file. (string value) #backdoor_port= # # Options defined in heat.openstack.common.lockutils # # Whether to disable inter-process locks (boolean value) #disable_process_locking=false # Directory to use for lock files. (string value) #lock_path= # # Options defined in heat.openstack.common.log # # Print debugging output (set logging level to DEBUG instead # of default WARNING level). (boolean value) #debug=false # Print more verbose output (set logging level to INFO instead # of default WARNING level). (boolean value) #verbose=false # Log output to standard error (boolean value) #use_stderr=true # format string to use for log messages with context (string # value) #logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s # format string to use for log messages without context # (string value) #logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s # data to append to log format when level is DEBUG (string # value) #logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d # prefix each line of exception output with this format # (string value) #logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s # list of logger=LEVEL pairs (list value) #default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,iso8601=WARN # publish error events (boolean value) #publish_errors=false # make deprecations fatal (boolean value) #fatal_deprecations=false # If an instance is passed with the log message, format it # like this (string value) #instance_format="[instance: %(uuid)s] " # If an instance UUID is passed with the log message, format # it like this (string value) #instance_uuid_format="[instance: %(uuid)s] " # The name of logging configuration file. It does not disable # existing loggers, but just appends specified logging # configuration to any other existing logging options. Please # see the Python logging module documentation for details on # logging configuration files. (string value) # Deprecated group/name - [DEFAULT]/log_config #log_config_append= # DEPRECATED. A logging.Formatter log message format string # which may use any of the available logging.LogRecord # attributes. This option is deprecated. Please use # logging_context_format_string and # logging_default_format_string instead. (string value) #log_format= # Format string for %%(asctime)s in log records. Default: # %(default)s (string value) #log_date_format=%Y-%m-%d %H:%M:%S # (Optional) Name of log file to output to. If no default is # set, logging will go to stdout. (string value) # Deprecated group/name - [DEFAULT]/logfile #log_file= # (Optional) The base directory used for relative --log-file # paths (string value) # Deprecated group/name - [DEFAULT]/logdir #log_dir= # Use syslog for logging. (boolean value) #use_syslog=false # syslog facility to receive log lines (string value) #syslog_log_facility=LOG_USER # # Options defined in heat.openstack.common.notifier.api # # Driver or drivers to handle sending notifications (multi # valued) #notification_driver= # Default notification level for outgoing notifications # (string value) #default_notification_level=INFO # Default publisher_id for outgoing notifications (string # value) #default_publisher_id= # # Options defined in heat.openstack.common.notifier.list_notifier # # List of drivers to send notifications (multi valued) #list_notifier_drivers=heat.openstack.common.notifier.no_op_notifier # # Options defined in heat.openstack.common.notifier.rpc_notifier # # AMQP topic used for OpenStack notifications (list value) #notification_topics=notifications # # Options defined in heat.openstack.common.policy # # JSON file containing policy (string value) #policy_file=policy.json # Rule enforced when requested rule is not found (string # value) #policy_default_rule=default # # Options defined in heat.openstack.common.rpc # # The messaging module to use, defaults to kombu. (string # value) #rpc_backend=heat.openstack.common.rpc.impl_kombu # Size of RPC thread pool (integer value) #rpc_thread_pool_size=64 # Size of RPC connection pool (integer value) #rpc_conn_pool_size=30 # Seconds to wait for a response from call or multicall # (integer value) #rpc_response_timeout=60 # Seconds to wait before a cast expires (TTL). Only supported # by impl_zmq. (integer value) #rpc_cast_timeout=30 # Modules of exceptions that are permitted to be recreated # upon receiving exception data from an rpc call. (list value) #allowed_rpc_exception_modules=nova.exception,cinder.exception,exceptions # If passed, use a fake RabbitMQ provider (boolean value) #fake_rabbit=false # AMQP exchange to connect to if using RabbitMQ or Qpid # (string value) #control_exchange=heat # # Options defined in heat.openstack.common.rpc.amqp # # Use durable queues in amqp. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_durable_queues #amqp_durable_queues=false # Auto-delete queues in amqp. (boolean value) #amqp_auto_delete=false # # Options defined in heat.openstack.common.rpc.impl_kombu # # SSL version to use (valid only if SSL enabled). valid values # are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some # distributions (string value) #kombu_ssl_version= # SSL key file (valid only if SSL enabled) (string value) #kombu_ssl_keyfile= # SSL cert file (valid only if SSL enabled) (string value) #kombu_ssl_certfile= # SSL certification authority file (valid only if SSL enabled) # (string value) #kombu_ssl_ca_certs= # The RabbitMQ broker address where a single node is used # (string value) #rabbit_host=localhost # The RabbitMQ broker port where a single node is used # (integer value) #rabbit_port=5672 # RabbitMQ HA cluster host:port pairs (list value) #rabbit_hosts=$rabbit_host:$rabbit_port # connect over SSL for RabbitMQ (boolean value) #rabbit_use_ssl=false # the RabbitMQ userid (string value) #rabbit_userid=guest # the RabbitMQ password (string value) #rabbit_password=guest # the RabbitMQ virtual host (string value) #rabbit_virtual_host=/ # how frequently to retry connecting with RabbitMQ (integer # value) #rabbit_retry_interval=1 # how long to backoff for between retries when connecting to # RabbitMQ (integer value) #rabbit_retry_backoff=2 # maximum retries with trying to connect to RabbitMQ (the # default of 0 implies an infinite retry count) (integer # value) #rabbit_max_retries=0 # use H/A queues in RabbitMQ (x-ha-policy: all).You need to # wipe RabbitMQ database when changing this option. (boolean # value) #rabbit_ha_queues=false # # Options defined in heat.openstack.common.rpc.impl_qpid # # Qpid broker hostname (string value) #qpid_hostname=localhost # Qpid broker port (integer value) #qpid_port=5672 # Qpid HA cluster host:port pairs (list value) #qpid_hosts=$qpid_hostname:$qpid_port # Username for qpid connection (string value) #qpid_username= # Password for qpid connection (string value) #qpid_password= # Space separated list of SASL mechanisms to use for auth # (string value) #qpid_sasl_mechanisms= # Seconds between connection keepalive heartbeats (integer # value) #qpid_heartbeat=60 # Transport to use, either 'tcp' or 'ssl' (string value) #qpid_protocol=tcp # Disable Nagle algorithm (boolean value) #qpid_tcp_nodelay=true # The qpid topology version to use. Version 1 is what was # originally used by impl_qpid. Version 2 includes some # backwards-incompatible changes that allow broker federation # to work. Users should update to version 2 when they are # able to take everything down, as it requires a clean break. # (integer value) #qpid_topology_version=1 # # Options defined in heat.openstack.common.rpc.impl_zmq # # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) #rpc_zmq_bind_address=* # MatchMaker driver (string value) #rpc_zmq_matchmaker=heat.openstack.common.rpc.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port (integer value) #rpc_zmq_port=9501 # Number of ZeroMQ contexts, defaults to 1 (integer value) #rpc_zmq_contexts=1 # Maximum number of ingress messages to locally buffer per # topic. Default is unlimited. (integer value) #rpc_zmq_topic_backlog= # Directory for holding IPC sockets (string value) #rpc_zmq_ipc_dir=/var/run/openstack # Name of this node. Must be a valid hostname, FQDN, or IP # address. Must match "host" option, if running Nova. (string # value) #rpc_zmq_host=heat # # Options defined in heat.openstack.common.rpc.matchmaker # # Heartbeat frequency (integer value) #matchmaker_heartbeat_freq=300 # Heartbeat time-to-live. (integer value) #matchmaker_heartbeat_ttl=600 [auth_password] # # Options defined in heat.common.config # # Allow orchestration of multiple clouds. (boolean value) #multi_cloud=false # Allowed keystone endpoints for auth_uri when multi_cloud is # enabled. At least one endpoint needs to be specified. (list # value) #allowed_auth_uris= [clients] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false [clients_ceilometer] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false [clients_cinder] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false [clients_heat] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false # Optional heat url in format like # http://0.0.0.0:8004/v1/%(tenant_id)s. (string value) #url= [clients_keystone] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false [clients_neutron] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false [clients_nova] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false [clients_swift] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false [clients_trove] # # Options defined in heat.common.config # # Type of endpoint in Identity service catalog to use for # communication with the OpenStack service. (string value) #endpoint_type=publicURL # Optional CA cert file to use in SSL connections. (string # value) #ca_file= # Optional PEM-formatted certificate chain file. (string # value) #cert_file= # Optional PEM-formatted file that contains the private key. # (string value) #key_file= # If set, then the server's certificate will not be verified. # (boolean value) #insecure=false [database] # # Options defined in heat.openstack.common.db.options # # The file name to use with SQLite (string value) #sqlite_db=heat.sqlite # If True, SQLite uses synchronous mode (boolean value) #sqlite_synchronous=true # The backend to use for db (string value) # Deprecated group/name - [DEFAULT]/db_backend #backend=sqlalchemy # The SQLAlchemy connection string used to connect to the # database (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection= # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To # use whatever SQL mode is set by the server configuration, # set this to no value. Example: mysql_sql_mode= (string # value) #mysql_sql_mode=TRADITIONAL # Timeout before idle sql connections are reaped (integer # value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout #idle_timeout=3600 # Minimum number of SQL connections to keep open in a pool # (integer value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size #min_pool_size=1 # Maximum number of SQL connections to keep open in a pool # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size= # Maximum db connection retries during startup. (setting -1 # implies an infinite retry count) (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries=10 # Interval between retries of opening a sql connection # (integer value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval #retry_interval=10 # If set, use this value for max_overflow with sqlalchemy # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow #max_overflow= # Verbosity of SQL debugging information. 0=None, # 100=Everything (integer value) # Deprecated group/name - [DEFAULT]/sql_connection_debug #connection_debug=0 # Add python stack traces to SQL as comment strings (boolean # value) # Deprecated group/name - [DEFAULT]/sql_connection_trace #connection_trace=false # If set, use this value for pool_timeout with sqlalchemy # (integer value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout #pool_timeout= # Enable the experimental use of database reconnect on # connection lost (boolean value) #use_db_reconnect=false # seconds between db connection retries (integer value) #db_retry_interval=1 # Whether to increase interval between db connection retries, # up to db_max_retry_interval (boolean value) #db_inc_retry_interval=true # max seconds between db connection retries, if # db_inc_retry_interval is enabled (integer value) #db_max_retry_interval=10 # maximum db connection retries before error is raised. # (setting -1 implies an infinite retry count) (integer value) #db_max_retries=20 [ec2authtoken] # # Options defined in heat.api.aws.ec2token # # Authentication Endpoint URI. (string value) #auth_uri= # Allow orchestration of multiple clouds. (boolean value) #multi_cloud=false # Allowed keystone endpoints for auth_uri when multi_cloud is # enabled. At least one endpoint needs to be specified. (list # value) #allowed_auth_uris= [heat_api] # # Options defined in heat.common.wsgi # # Address to bind the server. Useful when selecting a # particular network interface. (string value) #bind_host=0.0.0.0 # The port on which the server will listen. (integer value) #bind_port=8004 # Number of backlog requests to configure the socket with. # (integer value) #backlog=4096 # Location of the SSL certificate file to use for SSL mode. # (string value) #cert_file= # Location of the SSL key file to use for enabling SSL mode. # (string value) #key_file= # Number of workers for Heat service. (integer value) #workers=0 # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large # tokens (typically those generated by the Keystone v3 API # with big service catalogs). (integer value) #max_header_line=16384 [heat_api_cfn] # # Options defined in heat.common.wsgi # # Address to bind the server. Useful when selecting a # particular network interface. (string value) #bind_host=0.0.0.0 # The port on which the server will listen. (integer value) #bind_port=8000 # Number of backlog requests to configure the socket with. # (integer value) #backlog=4096 # Location of the SSL certificate file to use for SSL mode. # (string value) #cert_file= # Location of the SSL key file to use for enabling SSL mode. # (string value) #key_file= # Number of workers for Heat service. (integer value) #workers=0 # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large # tokens (typically those generated by the Keystone v3 API # with big service catalogs). (integer value) #max_header_line=16384 [heat_api_cloudwatch] # # Options defined in heat.common.wsgi # # Address to bind the server. Useful when selecting a # particular network interface. (string value) #bind_host=0.0.0.0 # The port on which the server will listen. (integer value) #bind_port=8003 # Number of backlog requests to configure the socket with. # (integer value) #backlog=4096 # Location of the SSL certificate file to use for SSL mode. # (string value) #cert_file= # Location of the SSL key file to use for enabling SSL mode. # (string value) #key_file= # Number of workers for Heat service. (integer value) #workers=0 # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large # tokens (typically those generated by the Keystone v3 API # with big service catalogs.) (integer value) #max_header_line=16384 [keystone_authtoken] # # Options defined in keystoneclient.middleware.auth_token # # Prefix to prepend at the beginning of the path (string # value) #auth_admin_prefix= # Host providing the admin Identity API endpoint (string # value) #auth_host=127.0.0.1 # Port of the admin Identity API endpoint (integer value) #auth_port=35357 # Protocol of the admin Identity API endpoint(http or https) # (string value) #auth_protocol=https # Complete public Identity API endpoint (string value) #auth_uri= # API version of the admin Identity API endpoint (string # value) #auth_version= # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI # components (boolean value) #delay_auth_decision=false # Request timeout value for communicating with Identity API # server. (boolean value) #http_connect_timeout= # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries=3 # Single shared secret with the Keystone configuration used # for bootstrapping a Keystone installation, or otherwise # bypassing the normal authentication process. (string value) #admin_token= # Keystone account username (string value) #admin_user= # Keystone account password (string value) #admin_password= # Keystone service account tenant name to validate user tokens # (string value) #admin_tenant_name=admin # Env key for the swift cache (string value) #cache= # Required if Keystone server requires client certificate # (string value) #certfile= # Required if Keystone server requires client certificate # (string value) #keyfile= # A PEM encoded Certificate Authority to use when verifying # HTTPs connections. Defaults to system CAs. (string value) #cafile= # Verify HTTPS connections. (boolean value) #insecure=false # Directory used to cache files related to PKI tokens (string # value) #signing_dir= # Optionally specify a list of memcached server(s) to use for # caching. If left undefined, tokens will instead be cached # in-process. (list value) # Deprecated group/name - [DEFAULT]/memcache_servers #memcached_servers= # In order to prevent excessive effort spent validating # tokens, the middleware caches previously-seen tokens for a # configurable duration (in seconds). Set to -1 to disable # caching completely. (integer value) #token_cache_time=300 # Determines the frequency at which the list of revoked tokens # is retrieved from the Identity service (in seconds). A high # number of revocation events combined with a low cache # duration may significantly reduce performance. (integer # value) #revocation_cache_time=300 # (optional) if defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable # values are MAC or ENCRYPT. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token # data is encrypted and authenticated in the cache. If the # value is not one of these options or empty, auth_token will # raise an exception on initialization. (string value) #memcache_security_strategy= # (optional, mandatory if memcache_security_strategy is # defined) this string is used for key derivation. (string # value) #memcache_secret_key= # (optional) indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) #include_service_catalog=true # Used to control the use and type of token binding. Can be # set to: "disabled" to not check token binding. "permissive" # (default) to validate binding information if the bind type # is of a form known to the server and ignore it if not. # "strict" like "permissive" but if the bind type is unknown # the token will be rejected. "required" any form of token # binding is needed to be allowed. Finally the name of a # binding method that must be present in tokens. (string # value) #enforce_token_bind=permissive [matchmaker_redis] # # Options defined in heat.openstack.common.rpc.matchmaker_redis # # Host to locate redis (string value) #host=127.0.0.1 # Use this port to connect to redis host. (integer value) #port=6379 # Password for Redis server. (optional) (string value) #password= [matchmaker_ring] # # Options defined in heat.openstack.common.rpc.matchmaker_ring # # Matchmaker ring file (JSON) (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile #ringfile=/etc/oslo/matchmaker_ring.json [paste_deploy] # # Options defined in heat.common.config # # The flavor to use. (string value) #flavor= # The API paste config file to use. (string value) #api_paste_config=api-paste.ini [revision] # # Options defined in heat.common.config # # Heat build revision. If you would prefer to manage your # build revision separately, you can move this section to a # different file and add it as another config option. (string # value) #heat_revision=unknown [rpc_notifier2] # # Options defined in heat.openstack.common.notifier.rpc_notifier2 # # AMQP topic(s) used for OpenStack notifications (list value) #topics=notifications [ssl] # # Options defined in heat.openstack.common.sslutils # # CA certificate file to use to verify connecting clients # (string value) #ca_file= # Certificate file to use when starting the server securely # (string value) #cert_file= # Private key file to use when starting the server securely # (string value) #key_file=