Update sample configuration file for Pike
The last time we updated the sample configuration file was for the Ocata release candidate. Let's generate a fresh version so that it is somewhat relevant. This change was generated using: $ tox -e genconfig; git commit -a Change-Id: I8c4fbce02946b87534da61a4e3e81fc375615d7d
This commit is contained in:
parent
d01c7f1b96
commit
a40c2f4917
@ -140,12 +140,6 @@
|
||||
# Note: This option can be changed without restarting.
|
||||
#debug = false
|
||||
|
||||
# DEPRECATED: If set to false, the logging level will be set to WARNING instead
|
||||
# of the default INFO level. (boolean value)
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
#verbose = true
|
||||
|
||||
# The name of a logging configuration file. This file is appended to any
|
||||
# existing logging configuration files. For details about logging configuration
|
||||
# files, see the Python logging module documentation. Note that when logging
|
||||
@ -184,6 +178,12 @@
|
||||
# is set. (boolean value)
|
||||
#use_syslog = false
|
||||
|
||||
# Enable journald for logging. If running in a systemd environment you may wish
|
||||
# to enable journal support. Doing so will use the journal native protocol
|
||||
# which includes structured metadata in addition to log messages.This option is
|
||||
# ignored if log_config_append is set. (boolean value)
|
||||
#use_journal = false
|
||||
|
||||
# Syslog facility to receive log lines. This option is ignored if
|
||||
# log_config_append is set. (string value)
|
||||
#syslog_log_facility = LOG_USER
|
||||
@ -212,7 +212,7 @@
|
||||
|
||||
# List of package logging levels in logger=LEVEL pairs. This option is ignored
|
||||
# if log_config_append is set. (list value)
|
||||
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
|
||||
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
|
||||
|
||||
# Enables or disables publication of error events. (boolean value)
|
||||
#publish_errors = false
|
||||
@ -245,7 +245,6 @@
|
||||
#
|
||||
|
||||
# Size of RPC connection pool. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
|
||||
#rpc_conn_pool_size = 30
|
||||
|
||||
# The pool size limit for connections expiration policy (integer value)
|
||||
@ -256,30 +255,24 @@
|
||||
|
||||
# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
|
||||
# The "host" option should point or resolve to this address. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
|
||||
#rpc_zmq_bind_address = *
|
||||
|
||||
# MatchMaker driver. (string value)
|
||||
# Allowed values: redis, sentinel, dummy
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
|
||||
#rpc_zmq_matchmaker = redis
|
||||
|
||||
# Number of ZeroMQ contexts, defaults to 1. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
|
||||
#rpc_zmq_contexts = 1
|
||||
|
||||
# Maximum number of ingress messages to locally buffer per topic. Default is
|
||||
# unlimited. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
|
||||
#rpc_zmq_topic_backlog = <None>
|
||||
|
||||
# Directory for holding IPC sockets. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
|
||||
#rpc_zmq_ipc_dir = /var/run/openstack
|
||||
|
||||
# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
|
||||
# "host" option, if running Nova. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_host
|
||||
#rpc_zmq_host = localhost
|
||||
|
||||
# Number of seconds to wait before all pending messages will be sent after
|
||||
@ -292,26 +285,21 @@
|
||||
|
||||
# The default number of seconds that poll should wait. Poll raises timeout
|
||||
# exception when timeout expired. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
|
||||
#rpc_poll_timeout = 1
|
||||
|
||||
# Expiration timeout in seconds of a name service record about existing target
|
||||
# ( < 0 means no timeout). (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/zmq_target_expire
|
||||
#zmq_target_expire = 300
|
||||
|
||||
# Update period in seconds of a name service record about existing target.
|
||||
# (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/zmq_target_update
|
||||
#zmq_target_update = 180
|
||||
|
||||
# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
|
||||
# value)
|
||||
# Deprecated group/name - [DEFAULT]/use_pub_sub
|
||||
#use_pub_sub = false
|
||||
|
||||
# Use ROUTER remote proxy. (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/use_router_proxy
|
||||
#use_router_proxy = false
|
||||
|
||||
# This option makes direct connections dynamic or static. It makes sense only
|
||||
@ -326,24 +314,20 @@
|
||||
# Minimal port number for random ports range. (port value)
|
||||
# Minimum value: 0
|
||||
# Maximum value: 65535
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
|
||||
#rpc_zmq_min_port = 49153
|
||||
|
||||
# Maximal port number for random ports range. (integer value)
|
||||
# Minimum value: 1
|
||||
# Maximum value: 65536
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
|
||||
#rpc_zmq_max_port = 65536
|
||||
|
||||
# Number of retries to find free port number before fail with ZMQBindError.
|
||||
# (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
|
||||
#rpc_zmq_bind_port_retries = 100
|
||||
|
||||
# Default serialization mechanism for serializing/deserializing
|
||||
# outgoing/incoming messages (string value)
|
||||
# Allowed values: json, msgpack
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
|
||||
#rpc_zmq_serialization = json
|
||||
|
||||
# This option configures round-robin mode in zmq socket. True means not keeping
|
||||
@ -408,7 +392,8 @@
|
||||
# value)
|
||||
#subscribe_on =
|
||||
|
||||
# Size of executor thread pool. (integer value)
|
||||
# Size of executor thread pool when executor is threading or eventlet. (integer
|
||||
# value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
|
||||
#executor_thread_pool_size = 64
|
||||
|
||||
@ -689,16 +674,7 @@
|
||||
# From oslo.db
|
||||
#
|
||||
|
||||
# DEPRECATED: The file name to use with SQLite. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/sqlite_db
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: Should use config option connection or slave_connection to connect
|
||||
# the database.
|
||||
#sqlite_db = oslo.sqlite
|
||||
|
||||
# If True, SQLite uses synchronous mode. (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/sqlite_synchronous
|
||||
#sqlite_synchronous = true
|
||||
|
||||
# The back end to use for the database. (string value)
|
||||
@ -851,7 +827,7 @@
|
||||
#
|
||||
|
||||
# DEPRECATED: The IP address of the network interface for the public service to
|
||||
# listen on. (string value)
|
||||
# listen on. (unknown value)
|
||||
# Deprecated group/name - [DEFAULT]/bind_host
|
||||
# Deprecated group/name - [DEFAULT]/public_bind_host
|
||||
# This option is deprecated for removal since K.
|
||||
@ -873,7 +849,7 @@
|
||||
#public_port = 5000
|
||||
|
||||
# DEPRECATED: The IP address of the network interface for the admin service to
|
||||
# listen on. (string value)
|
||||
# listen on. (unknown value)
|
||||
# Deprecated group/name - [DEFAULT]/bind_host
|
||||
# Deprecated group/name - [DEFAULT]/admin_bind_host
|
||||
# This option is deprecated for removal since K.
|
||||
@ -1114,57 +1090,6 @@
|
||||
#backward_compatible_ids = true
|
||||
|
||||
|
||||
[kvs]
|
||||
|
||||
#
|
||||
# From keystone
|
||||
#
|
||||
|
||||
# DEPRECATED: Extra `dogpile.cache` backend modules to register with the
|
||||
# `dogpile.cache` library. It is not necessary to set this value unless you are
|
||||
# providing a custom KVS backend beyond what `dogpile.cache` already supports.
|
||||
# (list value)
|
||||
# This option is deprecated for removal since O.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: This option has been deprecated in the O release and will be removed
|
||||
# in the P release. Use SQL backends instead.
|
||||
#backends =
|
||||
|
||||
# DEPRECATED: Prefix for building the configuration dictionary for the KVS
|
||||
# region. This should not need to be changed unless there is another
|
||||
# `dogpile.cache` region with the same configuration name. (string value)
|
||||
# This option is deprecated for removal since O.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: This option has been deprecated in the O release and will be removed
|
||||
# in the P release. Use SQL backends instead.
|
||||
#config_prefix = keystone.kvs
|
||||
|
||||
# DEPRECATED: Set to false to disable using a key-mangling function, which
|
||||
# ensures fixed-length keys are used in the KVS store. This is configurable for
|
||||
# debugging purposes, and it is therefore highly recommended to always leave
|
||||
# this set to true. (boolean value)
|
||||
# This option is deprecated for removal since O.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: This option has been deprecated in the O release and will be removed
|
||||
# in the P release. Use SQL backends instead.
|
||||
#enable_key_mangler = true
|
||||
|
||||
# DEPRECATED: Number of seconds after acquiring a distributed lock that the
|
||||
# backend should consider the lock to be expired. This option should be tuned
|
||||
# relative to the longest amount of time that it takes to perform a successful
|
||||
# operation. If this value is set too low, then a cluster will end up
|
||||
# performing work redundantly. If this value is set too high, then a cluster
|
||||
# will not be able to efficiently recover and retry after a failed operation. A
|
||||
# non-zero value is recommended if the backend supports lock timeouts, as zero
|
||||
# prevents locks from expiring altogether. (integer value)
|
||||
# Minimum value: 0
|
||||
# This option is deprecated for removal since O.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: This option has been deprecated in the O release and will be removed
|
||||
# in the P release. Use SQL backends instead.
|
||||
#default_lock_timeout = 5
|
||||
|
||||
|
||||
[ldap]
|
||||
|
||||
#
|
||||
@ -1496,20 +1421,6 @@
|
||||
# From keystone
|
||||
#
|
||||
|
||||
# DEPRECATED: Comma-separated list of memcached servers in the format of
|
||||
# `host:port,host:port` that keystone should use for the `memcache` token
|
||||
# persistence provider and other memcache-backed KVS drivers. This
|
||||
# configuration value is NOT used for intermediary caching between keystone and
|
||||
# other backends, such as SQL and LDAP (for that, see the `[cache]` section).
|
||||
# Multiple keystone servers in the same deployment should use the same set of
|
||||
# memcached servers to ensure that data (such as UUID tokens) created by one
|
||||
# node is available to the others. (list value)
|
||||
# This option is deprecated for removal since O.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: This option has been deprecated in the O release and will be removed
|
||||
# in the P release. Use oslo.cache instead.
|
||||
#servers = localhost:11211
|
||||
|
||||
# Number of seconds memcached server is considered dead before it is tried
|
||||
# again. This is used by the key value store system. (integer value)
|
||||
#dead_retry = 300
|
||||
@ -1565,61 +1476,64 @@
|
||||
|
||||
# Name for the AMQP container. must be globally unique. Defaults to a generated
|
||||
# UUID (string value)
|
||||
# Deprecated group/name - [amqp1]/container_name
|
||||
#container_name = <None>
|
||||
|
||||
# Timeout for inactive connections (in seconds) (integer value)
|
||||
# Deprecated group/name - [amqp1]/idle_timeout
|
||||
#idle_timeout = 0
|
||||
|
||||
# Debug: dump AMQP frames to stdout (boolean value)
|
||||
# Deprecated group/name - [amqp1]/trace
|
||||
#trace = false
|
||||
|
||||
# Attempt to connect via SSL. If no other ssl-related parameters are given, it
|
||||
# will use the system's CA-bundle to verify the server's certificate. (boolean
|
||||
# value)
|
||||
#ssl = false
|
||||
|
||||
# CA certificate PEM file used to verify the server's certificate (string
|
||||
# value)
|
||||
# Deprecated group/name - [amqp1]/ssl_ca_file
|
||||
#ssl_ca_file =
|
||||
|
||||
# Self-identifying certificate PEM file for client authentication (string
|
||||
# value)
|
||||
# Deprecated group/name - [amqp1]/ssl_cert_file
|
||||
#ssl_cert_file =
|
||||
|
||||
# Private key PEM file used to sign ssl_cert_file certificate (optional)
|
||||
# (string value)
|
||||
# Deprecated group/name - [amqp1]/ssl_key_file
|
||||
#ssl_key_file =
|
||||
|
||||
# Password for decrypting ssl_key_file (if encrypted) (string value)
|
||||
# Deprecated group/name - [amqp1]/ssl_key_password
|
||||
#ssl_key_password = <None>
|
||||
|
||||
# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
|
||||
# Deprecated group/name - [amqp1]/allow_insecure_clients
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: Not applicable - not a SSL server
|
||||
#allow_insecure_clients = false
|
||||
|
||||
# Space separated list of acceptable SASL mechanisms (string value)
|
||||
# Deprecated group/name - [amqp1]/sasl_mechanisms
|
||||
#sasl_mechanisms =
|
||||
|
||||
# Path to directory that contains the SASL configuration (string value)
|
||||
# Deprecated group/name - [amqp1]/sasl_config_dir
|
||||
#sasl_config_dir =
|
||||
|
||||
# Name of configuration file (without .conf suffix) (string value)
|
||||
# Deprecated group/name - [amqp1]/sasl_config_name
|
||||
#sasl_config_name =
|
||||
|
||||
# User name for message broker authentication (string value)
|
||||
# Deprecated group/name - [amqp1]/username
|
||||
# SASL realm to use if no realm present in username (string value)
|
||||
#sasl_default_realm =
|
||||
|
||||
# DEPRECATED: User name for message broker authentication (string value)
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: Should use configuration option transport_url to provide the
|
||||
# username.
|
||||
#username =
|
||||
|
||||
# Password for message broker authentication (string value)
|
||||
# Deprecated group/name - [amqp1]/password
|
||||
# DEPRECATED: Password for message broker authentication (string value)
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: Should use configuration option transport_url to provide the
|
||||
# password.
|
||||
#password =
|
||||
|
||||
# Seconds to pause before attempting to re-connect. (integer value)
|
||||
@ -1674,15 +1588,12 @@
|
||||
#addressing_mode = dynamic
|
||||
|
||||
# address prefix used when sending to a specific server (string value)
|
||||
# Deprecated group/name - [amqp1]/server_request_prefix
|
||||
#server_request_prefix = exclusive
|
||||
|
||||
# address prefix used when broadcasting to all servers (string value)
|
||||
# Deprecated group/name - [amqp1]/broadcast_prefix
|
||||
#broadcast_prefix = broadcast
|
||||
|
||||
# address prefix when sending to any server in group (string value)
|
||||
# Deprecated group/name - [amqp1]/group_request_prefix
|
||||
#group_request_prefix = unicast
|
||||
|
||||
# Address prefix for all generated RPC addresses (string value)
|
||||
@ -1770,7 +1681,7 @@
|
||||
# Max fetch bytes of Kafka consumer (integer value)
|
||||
#kafka_max_fetch_bytes = 1048576
|
||||
|
||||
# Default timeout(s) for Kafka consumers (integer value)
|
||||
# Default timeout(s) for Kafka consumers (floating point value)
|
||||
#kafka_consumer_timeout = 1.0
|
||||
|
||||
# Pool Size for Kafka Consumers (integer value)
|
||||
@ -1815,6 +1726,11 @@
|
||||
# Deprecated group/name - [DEFAULT]/notification_topics
|
||||
#topics = notifications
|
||||
|
||||
# The maximum number of attempts to re-send a notification message which failed
|
||||
# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
|
||||
# (integer value)
|
||||
#retry = -1
|
||||
|
||||
|
||||
[oslo_messaging_rabbit]
|
||||
|
||||
@ -1828,30 +1744,31 @@
|
||||
#amqp_durable_queues = false
|
||||
|
||||
# Auto-delete queues in AMQP. (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/amqp_auto_delete
|
||||
#amqp_auto_delete = false
|
||||
|
||||
# Enable SSL (boolean value)
|
||||
#ssl = <None>
|
||||
|
||||
# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
|
||||
# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
|
||||
# distributions. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/kombu_ssl_version
|
||||
#kombu_ssl_version =
|
||||
# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version
|
||||
#ssl_version =
|
||||
|
||||
# SSL key file (valid only if SSL enabled). (string value)
|
||||
# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
|
||||
#kombu_ssl_keyfile =
|
||||
# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile
|
||||
#ssl_key_file =
|
||||
|
||||
# SSL cert file (valid only if SSL enabled). (string value)
|
||||
# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
|
||||
#kombu_ssl_certfile =
|
||||
# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile
|
||||
#ssl_cert_file =
|
||||
|
||||
# SSL certification authority file (valid only if SSL enabled). (string value)
|
||||
# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
|
||||
#kombu_ssl_ca_certs =
|
||||
# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
|
||||
#ssl_ca_file =
|
||||
|
||||
# How long to wait before reconnecting in response to an AMQP consumer cancel
|
||||
# notification. (floating point value)
|
||||
# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
|
||||
#kombu_reconnect_delay = 1.0
|
||||
|
||||
# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
|
||||
@ -1871,7 +1788,6 @@
|
||||
|
||||
# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
|
||||
# value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_host
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: Replaced by [DEFAULT]/transport_url
|
||||
@ -1881,32 +1797,24 @@
|
||||
# value)
|
||||
# Minimum value: 0
|
||||
# Maximum value: 65535
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_port
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: Replaced by [DEFAULT]/transport_url
|
||||
#rabbit_port = 5672
|
||||
|
||||
# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_hosts
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: Replaced by [DEFAULT]/transport_url
|
||||
#rabbit_hosts = $rabbit_host:$rabbit_port
|
||||
|
||||
# Connect over SSL for RabbitMQ. (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
|
||||
#rabbit_use_ssl = false
|
||||
|
||||
# DEPRECATED: The RabbitMQ userid. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_userid
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: Replaced by [DEFAULT]/transport_url
|
||||
#rabbit_userid = guest
|
||||
|
||||
# DEPRECATED: The RabbitMQ password. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_password
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: Replaced by [DEFAULT]/transport_url
|
||||
@ -1914,11 +1822,9 @@
|
||||
|
||||
# The RabbitMQ login method. (string value)
|
||||
# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_login_method
|
||||
#rabbit_login_method = AMQPLAIN
|
||||
|
||||
# DEPRECATED: The RabbitMQ virtual host. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: Replaced by [DEFAULT]/transport_url
|
||||
@ -1929,7 +1835,6 @@
|
||||
|
||||
# How long to backoff for between retries when connecting to RabbitMQ. (integer
|
||||
# value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
|
||||
#rabbit_retry_backoff = 2
|
||||
|
||||
# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
|
||||
@ -1938,7 +1843,6 @@
|
||||
|
||||
# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
|
||||
# (infinite retry count). (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_max_retries
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
#rabbit_max_retries = 0
|
||||
@ -1949,7 +1853,6 @@
|
||||
# If you just want to make sure that all queues (except those with auto-
|
||||
# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
|
||||
# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
|
||||
#rabbit_ha_queues = false
|
||||
|
||||
# Positive integer representing duration in seconds for queue TTL (x-expires).
|
||||
@ -1972,7 +1875,6 @@
|
||||
#heartbeat_rate = 2
|
||||
|
||||
# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/fake_rabbit
|
||||
#fake_rabbit = false
|
||||
|
||||
# Maximum number of channels to allow (integer value)
|
||||
@ -1984,9 +1886,6 @@
|
||||
# How often to send heartbeats for consumer's connections (integer value)
|
||||
#heartbeat_interval = 3
|
||||
|
||||
# Enable SSL (boolean value)
|
||||
#ssl = <None>
|
||||
|
||||
# Arguments passed to ssl.wrap_socket (dict value)
|
||||
#ssl_options = <None>
|
||||
|
||||
@ -2091,30 +1990,24 @@
|
||||
|
||||
# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
|
||||
# The "host" option should point or resolve to this address. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
|
||||
#rpc_zmq_bind_address = *
|
||||
|
||||
# MatchMaker driver. (string value)
|
||||
# Allowed values: redis, sentinel, dummy
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
|
||||
#rpc_zmq_matchmaker = redis
|
||||
|
||||
# Number of ZeroMQ contexts, defaults to 1. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
|
||||
#rpc_zmq_contexts = 1
|
||||
|
||||
# Maximum number of ingress messages to locally buffer per topic. Default is
|
||||
# unlimited. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
|
||||
#rpc_zmq_topic_backlog = <None>
|
||||
|
||||
# Directory for holding IPC sockets. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
|
||||
#rpc_zmq_ipc_dir = /var/run/openstack
|
||||
|
||||
# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
|
||||
# "host" option, if running Nova. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_host
|
||||
#rpc_zmq_host = localhost
|
||||
|
||||
# Number of seconds to wait before all pending messages will be sent after
|
||||
@ -2127,26 +2020,21 @@
|
||||
|
||||
# The default number of seconds that poll should wait. Poll raises timeout
|
||||
# exception when timeout expired. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
|
||||
#rpc_poll_timeout = 1
|
||||
|
||||
# Expiration timeout in seconds of a name service record about existing target
|
||||
# ( < 0 means no timeout). (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/zmq_target_expire
|
||||
#zmq_target_expire = 300
|
||||
|
||||
# Update period in seconds of a name service record about existing target.
|
||||
# (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/zmq_target_update
|
||||
#zmq_target_update = 180
|
||||
|
||||
# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
|
||||
# value)
|
||||
# Deprecated group/name - [DEFAULT]/use_pub_sub
|
||||
#use_pub_sub = false
|
||||
|
||||
# Use ROUTER remote proxy. (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/use_router_proxy
|
||||
#use_router_proxy = false
|
||||
|
||||
# This option makes direct connections dynamic or static. It makes sense only
|
||||
@ -2161,24 +2049,20 @@
|
||||
# Minimal port number for random ports range. (port value)
|
||||
# Minimum value: 0
|
||||
# Maximum value: 65535
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
|
||||
#rpc_zmq_min_port = 49153
|
||||
|
||||
# Maximal port number for random ports range. (integer value)
|
||||
# Minimum value: 1
|
||||
# Maximum value: 65536
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
|
||||
#rpc_zmq_max_port = 65536
|
||||
|
||||
# Number of retries to find free port number before fail with ZMQBindError.
|
||||
# (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
|
||||
#rpc_zmq_bind_port_retries = 100
|
||||
|
||||
# Default serialization mechanism for serializing/deserializing
|
||||
# outgoing/incoming messages (string value)
|
||||
# Allowed values: json, msgpack
|
||||
# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
|
||||
#rpc_zmq_serialization = json
|
||||
|
||||
# This option configures round-robin mode in zmq socket. True means not keeping
|
||||
@ -2274,11 +2158,9 @@
|
||||
#
|
||||
|
||||
# The file that defines policies. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/policy_file
|
||||
#policy_file = policy.json
|
||||
|
||||
# Default rule. Enforced when a requested rule is not found. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/policy_default_rule
|
||||
#policy_default_rule = default
|
||||
|
||||
# Directories where policy configuration files are stored. They can be relative
|
||||
@ -2286,7 +2168,6 @@
|
||||
# absolute paths. The file defined by policy_file must exist for these
|
||||
# directories to be searched. Missing or empty directories are ignored. (multi
|
||||
# valued)
|
||||
# Deprecated group/name - [DEFAULT]/policy_dirs
|
||||
#policy_dirs = policy.d
|
||||
|
||||
|
||||
@ -2661,20 +2542,6 @@
|
||||
# Minimum value: 1
|
||||
#password_expires_days = <None>
|
||||
|
||||
# DEPRECATED: Comma separated list of user IDs to be ignored when checking if a
|
||||
# password is expired. Passwords for users in this list will not expire. This
|
||||
# feature will only be enabled if `[security_compliance] password_expires_days`
|
||||
# is set. (list value)
|
||||
# This option is deprecated for removal since O.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: Functionality added as a per-user option "ignore_password_expiry" in
|
||||
# Ocata. Each user that should ignore password expiry should have the value set
|
||||
# to "true" in the user's `options` attribute (e.g.
|
||||
# `user['options']['ignore_password_expiry'] = True`) with an "update_user"
|
||||
# call. This avoids the need to restart keystone to adjust the users that
|
||||
# ignore password expiry. This option will be removed in the Pike release.
|
||||
#password_expires_ignore_user_ids =
|
||||
|
||||
# This controls the number of previous user password iterations to keep in
|
||||
# history, in order to enforce that newly created passwords are unique. Setting
|
||||
# the value to one (the default) disables this feature. Thus, to enable this
|
||||
@ -2739,51 +2606,82 @@
|
||||
# From keystone
|
||||
#
|
||||
|
||||
# Absolute path to the public certificate file to use for signing responses to
|
||||
# revocation lists requests. Set this together with `[signing] keyfile`. For
|
||||
# non-production environments, you may be interested in using `keystone-manage
|
||||
# pki_setup` to generate self-signed certificates. (string value)
|
||||
# DEPRECATED: Absolute path to the public certificate file to use for signing
|
||||
# responses to revocation lists requests. Set this together with `[signing]
|
||||
# keyfile`. For non-production environments, you may be interested in using
|
||||
# `keystone-manage pki_setup` to generate self-signed certificates. (string
|
||||
# value)
|
||||
# This option is deprecated for removal since P.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: `keystone-manage pki_setup` was deprecated in Mitaka and removed in
|
||||
# Pike. These options remain for backwards compatibility.
|
||||
#certfile = /etc/keystone/ssl/certs/signing_cert.pem
|
||||
|
||||
# Absolute path to the private key file to use for signing responses to
|
||||
# revocation lists requests. Set this together with `[signing] certfile`.
|
||||
# (string value)
|
||||
# DEPRECATED: Absolute path to the private key file to use for signing
|
||||
# responses to revocation lists requests. Set this together with `[signing]
|
||||
# certfile`. (string value)
|
||||
# This option is deprecated for removal since P.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: `keystone-manage pki_setup` was deprecated in Mitaka and removed in
|
||||
# Pike. These options remain for backwards compatibility.
|
||||
#keyfile = /etc/keystone/ssl/private/signing_key.pem
|
||||
|
||||
# Absolute path to the public certificate authority (CA) file to use when
|
||||
# creating self-signed certificates with `keystone-manage pki_setup`. Set this
|
||||
# together with `[signing] ca_key`. There is no reason to set this option
|
||||
# unless you are requesting revocation lists in a non-production environment.
|
||||
# Use a `[signing] certfile` issued from a trusted certificate authority
|
||||
# instead. (string value)
|
||||
# DEPRECATED: Absolute path to the public certificate authority (CA) file to
|
||||
# use when creating self-signed certificates with `keystone-manage pki_setup`.
|
||||
# Set this together with `[signing] ca_key`. There is no reason to set this
|
||||
# option unless you are requesting revocation lists in a non-production
|
||||
# environment. Use a `[signing] certfile` issued from a trusted certificate
|
||||
# authority instead. (string value)
|
||||
# This option is deprecated for removal since P.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: `keystone-manage pki_setup` was deprecated in Mitaka and removed in
|
||||
# Pike. These options remain for backwards compatibility.
|
||||
#ca_certs = /etc/keystone/ssl/certs/ca.pem
|
||||
|
||||
# Absolute path to the private certificate authority (CA) key file to use when
|
||||
# creating self-signed certificates with `keystone-manage pki_setup`. Set this
|
||||
# together with `[signing] ca_certs`. There is no reason to set this option
|
||||
# unless you are requesting revocation lists in a non-production environment.
|
||||
# Use a `[signing] certfile` issued from a trusted certificate authority
|
||||
# instead. (string value)
|
||||
# DEPRECATED: Absolute path to the private certificate authority (CA) key file
|
||||
# to use when creating self-signed certificates with `keystone-manage
|
||||
# pki_setup`. Set this together with `[signing] ca_certs`. There is no reason
|
||||
# to set this option unless you are requesting revocation lists in a non-
|
||||
# production environment. Use a `[signing] certfile` issued from a trusted
|
||||
# certificate authority instead. (string value)
|
||||
# This option is deprecated for removal since P.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: `keystone-manage pki_setup` was deprecated in Mitaka and removed in
|
||||
# Pike. These options remain for backwards compatibility.
|
||||
#ca_key = /etc/keystone/ssl/private/cakey.pem
|
||||
|
||||
# Key size (in bits) to use when generating a self-signed token signing
|
||||
# certificate. There is no reason to set this option unless you are requesting
|
||||
# revocation lists in a non-production environment. Use a `[signing] certfile`
|
||||
# issued from a trusted certificate authority instead. (integer value)
|
||||
# Minimum value: 1024
|
||||
#key_size = 2048
|
||||
|
||||
# The validity period (in days) to use when generating a self-signed token
|
||||
# DEPRECATED: Key size (in bits) to use when generating a self-signed token
|
||||
# signing certificate. There is no reason to set this option unless you are
|
||||
# requesting revocation lists in a non-production environment. Use a `[signing]
|
||||
# certfile` issued from a trusted certificate authority instead. (integer
|
||||
# value)
|
||||
# Minimum value: 1024
|
||||
# This option is deprecated for removal since P.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: `keystone-manage pki_setup` was deprecated in Mitaka and removed in
|
||||
# Pike. These options remain for backwards compatibility.
|
||||
#key_size = 2048
|
||||
|
||||
# DEPRECATED: The validity period (in days) to use when generating a self-
|
||||
# signed token signing certificate. There is no reason to set this option
|
||||
# unless you are requesting revocation lists in a non-production environment.
|
||||
# Use a `[signing] certfile` issued from a trusted certificate authority
|
||||
# instead. (integer value)
|
||||
# This option is deprecated for removal since P.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: `keystone-manage pki_setup` was deprecated in Mitaka and removed in
|
||||
# Pike. These options remain for backwards compatibility.
|
||||
#valid_days = 3650
|
||||
|
||||
# The certificate subject to use when generating a self-signed token signing
|
||||
# certificate. There is no reason to set this option unless you are requesting
|
||||
# revocation lists in a non-production environment. Use a `[signing] certfile`
|
||||
# issued from a trusted certificate authority instead. (string value)
|
||||
# DEPRECATED: The certificate subject to use when generating a self-signed
|
||||
# token signing certificate. There is no reason to set this option unless you
|
||||
# are requesting revocation lists in a non-production environment. Use a
|
||||
# `[signing] certfile` issued from a trusted certificate authority instead.
|
||||
# (string value)
|
||||
# This option is deprecated for removal since P.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: `keystone-manage pki_setup` was deprecated in Mitaka and removed in
|
||||
# Pike. These options remain for backwards compatibility.
|
||||
#cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com
|
||||
|
||||
|
||||
@ -2798,16 +2696,18 @@
|
||||
# enforced according to the `[token] enforce_token_bind` option. (list value)
|
||||
#bind =
|
||||
|
||||
# This controls the token binding enforcement policy on tokens presented to
|
||||
# keystone with token binding metadata (as specified by the `[token] bind`
|
||||
# option). `disabled` completely bypasses token binding validation.
|
||||
# `permissive` and `strict` do not require tokens to have binding metadata (but
|
||||
# will validate it if present), whereas `required` will always demand tokens to
|
||||
# having binding metadata. `permissive` will allow unsupported binding metadata
|
||||
# to pass through without validation (usually to be validated at another time
|
||||
# by another component), whereas `strict` and `required` will demand that the
|
||||
# included binding metadata be supported by keystone. (string value)
|
||||
# Allowed values: disabled, permissive, strict, required
|
||||
# DEPRECATED: This controls the token binding enforcement policy on tokens
|
||||
# presented to keystone with token binding metadata (as specified by the
|
||||
# `[token] bind` option). `disabled` completely bypasses token binding
|
||||
# validation. `permissive` and `strict` do not require tokens to have binding
|
||||
# metadata (but will validate it if present), whereas `required` will always
|
||||
# demand tokens to having binding metadata. `permissive` will allow unsupported
|
||||
# binding metadata to pass through without validation (usually to be validated
|
||||
# at another time by another component), whereas `strict` and `required` will
|
||||
# demand that the included binding metadata be supported by keystone. (string
|
||||
# value)
|
||||
# This option is deprecated for removal since P.
|
||||
# Its value may be silently ignored in the future.
|
||||
#enforce_token_bind = permissive
|
||||
|
||||
# The amount of time that a token should remain valid (in seconds). Drastically
|
||||
@ -2831,12 +2731,13 @@
|
||||
# fernet_rotate` command). (string value)
|
||||
#provider = fernet
|
||||
|
||||
# Entry point for the token persistence backend driver in the
|
||||
# `keystone.token.persistence` namespace. Keystone provides `kvs` and `sql`
|
||||
# drivers. The `kvs` backend depends on the configuration in the `[kvs]`
|
||||
# section. The `sql` option (default) depends on the options in your
|
||||
# `[database]` section. If you're using the `fernet` `[token] provider`, this
|
||||
# backend will not be utilized to persist tokens at all. (string value)
|
||||
# DEPRECATED: Entry point for the token persistence backend driver in the
|
||||
# `keystone.token.persistence` namespace. Keystone provides the `sql` driver.
|
||||
# The `sql` option (default) depends on the options in your `[database]`
|
||||
# section. If you're using the `fernet` `[token] provider`, this backend will
|
||||
# not be utilized to persist tokens at all. (string value)
|
||||
# This option is deprecated for removal since P.
|
||||
# Its value may be silently ignored in the future.
|
||||
#driver = sql
|
||||
|
||||
# Toggle for caching token creation and validation data. This has no effect
|
||||
@ -2857,7 +2758,7 @@
|
||||
# `kvs` `[revoke] driver`. (boolean value)
|
||||
#revoke_by_id = true
|
||||
|
||||
# This toggles whether scoped tokens may be be re-scoped to a new project or
|
||||
# This toggles whether scoped tokens may be re-scoped to a new project or
|
||||
# domain, thereby preventing users from exchanging a scoped token (including
|
||||
# those with a default project scope) for any other token. This forces users to
|
||||
# either authenticate for unscoped tokens (and later exchange that unscoped
|
||||
|
Loading…
x
Reference in New Issue
Block a user