[DEFAULT] # # From ironic_inspector # # IP to listen on. (string value) # Deprecated group/name - [discoverd]/listen_address #listen_address = 0.0.0.0 # Port to listen on. (integer value) # Deprecated group/name - [discoverd]/listen_port #listen_port = 5050 # Whether to authenticate with Keystone on public HTTP endpoints. Note # that introspection ramdisk postback endpoint is never authenticated. # (boolean value) # Deprecated group/name - [discoverd]/authenticate #authenticate = true # SQLite3 database to store nodes under introspection, required. Do # not use :memory: here, it won't work. (string value) # Deprecated group/name - [discoverd]/database #database = # Debug mode enabled/disabled. (boolean value) # Deprecated group/name - [discoverd]/debug #debug = false # Timeout after which introspection is considered failed, set to 0 to # disable. (integer value) # Deprecated group/name - [discoverd]/timeout #timeout = 3600 # For how much time (in seconds) to keep status information about # nodes after introspection was finished for them. Default value is 1 # week. (integer value) # Deprecated group/name - [discoverd]/node_status_keep_time #node_status_keep_time = 604800 # Amount of time in seconds, after which repeat clean up of timed out # nodes and old nodes status information. (integer value) # Deprecated group/name - [discoverd]/clean_up_period #clean_up_period = 60 # SSL Enabled/Disabled (boolean value) #use_ssl = false # Path to SSL certificate (string value) #ssl_cert_path = # Path to SSL key (string value) #ssl_key_path = # The green thread pool size. (integer value) #max_concurrency = 1000 [firewall] # # From ironic_inspector # # Whether to manage firewall rules for PXE port. (boolean value) # Deprecated group/name - [discoverd]/manage_firewall #manage_firewall = true # Interface on which dnsmasq listens, the default is for VM's. (string # value) # Deprecated group/name - [discoverd]/dnsmasq_interface #dnsmasq_interface = br-ctlplane # Amount of time in seconds, after which repeat periodic update of # firewall. (integer value) # Deprecated group/name - [discoverd]/firewall_update_period #firewall_update_period = 15 # iptables chain name to use. (string value) #firewall_chain = ironic-inspector [ironic] # # From ironic_inspector # # Keystone authentication endpoint for accessing Ironic API. Use # [keystone_authtoken]/auth_uri for keystone authentication. (string # value) # Deprecated group/name - [discoverd]/os_auth_url #os_auth_url = # User name for accessing Ironic API. Use # [keystone_authtoken]/admin_user for keystone authentication. (string # value) # Deprecated group/name - [discoverd]/os_username #os_username = # Password for accessing Ironic API. Use # [keystone_authtoken]/admin_password for keystone authentication. # (string value) # Deprecated group/name - [discoverd]/os_password #os_password = # Tenant name for accessing Ironic API. Use # [keystone_authtoken]/admin_tenant_name for keystone authentication. # (string value) # Deprecated group/name - [discoverd]/os_tenant_name #os_tenant_name = # Keystone admin endpoint. DEPRECATED: use # [keystone_authtoken]/identity_uri. (string value) # Deprecated group/name - [discoverd]/identity_uri # This option is deprecated for removal. # Its value may be silently ignored in the future. #identity_uri = # Number of attempts to do when trying to connect to Ironic on start # up. (integer value) # Deprecated group/name - [discoverd]/ironic_retry_attempts #ironic_retry_attempts = 5 # Amount of time between attempts to connect to Ironic on start up. # (integer value) # Deprecated group/name - [discoverd]/ironic_retry_period #ironic_retry_period = 5 # Method to use for authentication: noauth or keystone. (string value) # Allowed values: keystone, noauth #auth_strategy = keystone # Ironic API URL, used to set Ironic API URL when auth_strategy option # is noauth to work with standalone Ironic without keystone. (string # value) #ironic_url = http://localhost:6385/ [keystone_authtoken] # # From keystonemiddleware.auth_token # # Complete public Identity API endpoint. (string value) #auth_uri = # API version of the admin Identity API endpoint. (string value) #auth_version = # Do not handle authorization requests within the middleware, but # delegate the authorization decision to downstream WSGI components. # (boolean value) #delay_auth_decision = false # Request timeout value for communicating with Identity API server. # (integer value) #http_connect_timeout = # How many times are we trying to reconnect when communicating with # Identity API Server. (integer value) #http_request_max_retries = 3 # Env key for the swift cache. (string value) #cache = # Required if identity server requires client certificate (string # value) #certfile = # Required if identity server requires client certificate (string # value) #keyfile = # A PEM encoded Certificate Authority to use when verifying HTTPs # connections. Defaults to system CAs. (string value) #cafile = # Verify HTTPS connections. (boolean value) #insecure = false # Directory used to cache files related to PKI tokens. (string value) #signing_dir = # Optionally specify a list of memcached server(s) to use for caching. # If left undefined, tokens will instead be cached in-process. (list # value) # Deprecated group/name - [DEFAULT]/memcache_servers #memcached_servers = # In order to prevent excessive effort spent validating tokens, the # middleware caches previously-seen tokens for a configurable duration # (in seconds). Set to -1 to disable caching completely. (integer # value) #token_cache_time = 300 # Determines the frequency at which the list of revoked tokens is # retrieved from the Identity service (in seconds). A high number of # revocation events combined with a low cache duration may # significantly reduce performance. (integer value) #revocation_cache_time = 10 # (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable values are # MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in # the cache. If ENCRYPT, token data is encrypted and authenticated in # the cache. If the value is not one of these options or empty, # auth_token will raise an exception on initialization. (string value) #memcache_security_strategy = # (Optional, mandatory if memcache_security_strategy is defined) This # string is used for key derivation. (string value) #memcache_secret_key = # (Optional) Number of seconds memcached server is considered dead # before it is tried again. (integer value) #memcache_pool_dead_retry = 300 # (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize = 10 # (Optional) Socket timeout in seconds for communicating with a # memcached server. (integer value) #memcache_pool_socket_timeout = 3 # (Optional) Number of seconds a connection to memcached is held # unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout = 60 # (Optional) Number of seconds that an operation will wait to get a # memcached client connection from the pool. (integer value) #memcache_pool_conn_get_timeout = 10 # (Optional) Use the advanced (eventlet safe) memcached client pool. # The advanced pool will only work under python 2.x. (boolean value) #memcache_use_advanced_pool = false # (Optional) Indicate whether to set the X-Service-Catalog header. If # False, middleware will not ask for service catalog on token # validation and will not set the X-Service-Catalog header. (boolean # value) #include_service_catalog = true # Used to control the use and type of token binding. Can be set to: # "disabled" to not check token binding. "permissive" (default) to # validate binding information if the bind type is of a form known to # the server and ignore it if not. "strict" like "permissive" but if # the bind type is unknown the token will be rejected. "required" any # form of token binding is needed to be allowed. Finally the name of a # binding method that must be present in tokens. (string value) #enforce_token_bind = permissive # If true, the revocation list will be checked for cached tokens. This # requires that PKI tokens are configured on the identity server. # (boolean value) #check_revocations_for_cached = false # Hash algorithms to use for hashing PKI tokens. This may be a single # algorithm or multiple. The algorithms are those supported by Python # standard hashlib.new(). The hashes will be tried in the order given, # so put the preferred one first for performance. The result of the # first hash will be stored in the cache. This will typically be set # to multiple values only while migrating from a less secure algorithm # to a more secure one. Once all the old tokens are expired this # option should be set to a single value for better performance. (list # value) #hash_algorithms = md5 # Prefix to prepend at the beginning of the path. Deprecated, use # identity_uri. (string value) #auth_admin_prefix = # Host providing the admin Identity API endpoint. Deprecated, use # identity_uri. (string value) #auth_host = 127.0.0.1 # Port of the admin Identity API endpoint. Deprecated, use # identity_uri. (integer value) #auth_port = 35357 # Protocol of the admin Identity API endpoint (http or https). # Deprecated, use identity_uri. (string value) #auth_protocol = https # Complete admin Identity API endpoint. This should specify the # unversioned root endpoint e.g. https://localhost:35357/ (string # value) #identity_uri = # This option is deprecated and may be removed in a future release. # Single shared secret with the Keystone configuration used for # bootstrapping a Keystone installation, or otherwise bypassing the # normal authentication process. This option should not be used, use # `admin_user` and `admin_password` instead. (string value) #admin_token = # Service username. (string value) #admin_user = # Service user password. (string value) #admin_password = # Service tenant name. (string value) #admin_tenant_name = admin [processing] # # From ironic_inspector # # Which MAC addresses to add as ports during introspection. Possible # values: all (all MAC addresses), active (MAC addresses of NIC with # IP addresses), pxe (only MAC address of NIC node PXE booted from, # falls back to "active" if PXE MAC is not supplied by the ramdisk). # (string value) # Allowed values: all, active, pxe # Deprecated group/name - [discoverd]/add_ports #add_ports = pxe # Which ports (already present on a node) to keep after introspection. # Possible values: all (do not delete anything), present (keep ports # which MACs were present in introspection data), added (keep only # MACs that we added during introspection). (string value) # Allowed values: all, present, added # Deprecated group/name - [discoverd]/keep_ports #keep_ports = all # Whether to overwrite existing values in node database. Disable this # option to make introspection a non-destructive operation. (boolean # value) # Deprecated group/name - [discoverd]/overwrite_existing #overwrite_existing = true # Whether to enable setting IPMI credentials during introspection. # This is an experimental and not well tested feature, use at your own # risk. (boolean value) # Deprecated group/name - [discoverd]/enable_setting_ipmi_credentials #enable_setting_ipmi_credentials = false # Comma-separated list of enabled hooks for processing pipeline. Hook # 'scheduler' updates the node with the minimum properties required by # the Nova scheduler. Hook 'validate_interfaces' ensures that valid # NIC data was provided by the ramdisk.Do not exclude these two unless # you really know what you're doing. (string value) # Deprecated group/name - [discoverd]/processing_hooks #processing_hooks = ramdisk_error,scheduler,validate_interfaces # If set, logs from ramdisk will be stored in this directory. (string # value) # Deprecated group/name - [discoverd]/ramdisk_logs_dir #ramdisk_logs_dir = # Whether to store ramdisk logs even if it did not return an error # message (dependent upon "ramdisk_logs_dir" option being set). # (boolean value) # Deprecated group/name - [discoverd]/always_store_ramdisk_logs #always_store_ramdisk_logs = false [swift] # # From ironic_inspector.common.swift # # Maximum number of times to retry a Swift request, before failing. # (integer value) #max_retries = 2 # Number of seconds that the Swift object will last before being # deleted. (set to 0 to never delete the object). (integer value) #delete_after = 0 # User name for accessing Swift API. (string value) #username = # Password for accessing Swift API. (string value) #password = # Tenant name for accessing Swift API. (string value) #tenant_name = # Keystone authentication API version (string value) #os_auth_version = 2 # Keystone authentication URL (string value) #os_auth_url =