# {{ ansible_managed }}

[DEFAULT]
# Disable stderr logging
use_stderr = False
debug = {{ debug }}
fatal_deprecations = {{ heat_fatal_deprecations }}

use_journal = True

stack_domain_admin_password = {{ heat_stack_domain_admin_password }}
stack_domain_admin = {{ heat_stack_domain_admin }}
stack_user_domain_name = {{ heat_stack_user_domain_name }}
max_nested_stack_depth = {{ heat_max_nested_stack_depth }}
heat_waitcondition_server_url = {{ heat_waitcondition_server_url }}
heat_metadata_server_url = {{ heat_metadata_server_url }}
server_keystone_endpoint_type = public

trusts_delegated_roles = {{ heat_trusts_delegated_roles | join(',') }}

auth_encryption_key = {{ heat_auth_encryption_key }}

num_engine_workers = {{ heat_engine_workers | default(heat_api_threads) }}

## RPC Backend
transport_url = {{ heat_oslomsg_rpc_transport }}://{% for host in heat_oslomsg_rpc_servers.split(',') %}{{ heat_oslomsg_rpc_userid }}:{{ heat_oslomsg_rpc_password }}@{{ host }}:{{ heat_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _heat_oslomsg_rpc_vhost_conf }}{% if heat_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ heat_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ heat_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}

## Plugin dirs
plugin_dirs = {{ heat_plugin_dirs | join(',') }}

# Default region name used to get services endpoints.
region_name_for_services = {{ heat_service_region }}

default_software_config_transport = POLL_SERVER_HEAT
default_deployment_signal_transport = HEAT_SIGNAL

[clients]
endpoint_type = {{ heat_clients_endpoint }}

[clients_heat]
endpoint_type = {{ heat_clients_heat_endpoint }}

[clients_keystone]
insecure = {{ keystone_service_internaluri_insecure | bool }}
endpoint_type = {{ heat_clients_endpoint }}
auth_uri = {{ keystone_service_internaluri }}

[database]
connection = mysql+pymysql://{{ heat_galera_user }}:{{ heat_container_mysql_password }}@{{ heat_galera_address }}:{{ heat_galera_port }}/{{ heat_galera_database }}?charset=utf8{% if heat_galera_use_ssl | bool %}&ssl_verify_cert=true{% if heat_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ heat_galera_ssl_ca_cert }}{% endif %}{% endif +%}
max_overflow = {{ heat_db_max_overflow }}
max_pool_size = {{ heat_db_max_pool_size }}
pool_timeout = {{ heat_db_pool_timeout }}
connection_recycle_time = {{ heat_db_connection_recycle_time }}

[ec2authtoken]
auth_uri = {{ keystone_service_internaluri }}

[heat_api]
bind_port = {{ heat_service_port }}
workers = {{ heat_api_workers | default(heat_api_threads) }}

[heat_api_cfn]
bind_port = {{ heat_cfn_service_port }}

[oslo_messaging_rabbit]
ssl = {{ heat_oslomsg_rpc_use_ssl }}
rabbit_quorum_queue = {{ heat_oslomsg_rabbit_quorum_queues }}
rabbit_transient_quorum_queue = {{ heat_oslomsg_rabbit_transient_quorum_queues }}
rabbit_qos_prefetch_count = {{ heat_oslomsg_rabbit_qos_prefetch_count }}
use_queue_manager = {{ heat_oslomsg_rabbit_queue_manager }}
{% if heat_oslomsg_rabbit_queue_manager %}
hostname = {{ [ansible_facts['hostname'], heat_service_name] | join('-') }}
{% endif %}
rabbit_stream_fanout = {{ heat_oslomsg_rabbit_stream_fanout }}
rabbit_quorum_delivery_limit = {{ heat_oslomsg_rabbit_quorum_delivery_limit }}
rabbit_quorum_max_memory_bytes = {{ heat_oslomsg_rabbit_quorum_max_memory_bytes }}

{% if heat_service_publicuri_proto != heat_service_internaluri_proto %}
[oslo_middleware]
enable_proxy_headers_parsing = True
{% endif %}

# Ceilometer options
[oslo_messaging_notifications]
driver = {{ (heat_oslomsg_notify_configure | bool) | ternary('messagingv2', 'noop') }}
transport_url = {{ heat_oslomsg_notify_transport }}://{% for host in heat_oslomsg_notify_servers.split(',') %}{{ heat_oslomsg_notify_userid }}:{{ heat_oslomsg_notify_password }}@{{ host }}:{{ heat_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _heat_oslomsg_notify_vhost_conf }}{% if heat_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ heat_oslomsg_notify_ssl_version }}&ssl_ca_file={{ heat_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}


[profiler]
enabled = {{ heat_profiler_enabled }}
trace_sqlalchemy = {{ heat_profiler_trace_sqlalchemy }}


[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ heat_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminurl }}
www_authenticate_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ heat_service_project_domain_id }}
user_domain_id = {{ heat_service_user_domain_id }}
project_name = {{ heat_service_project_name }}
username = {{ heat_service_user_name }}
password = {{ heat_service_password }}
region_name = {{ keystone_service_region }}

service_token_roles_required = {{ heat_service_token_roles_required | bool }}
service_token_roles = {{ heat_service_token_roles | join(',') }}
service_type = {{ heat_service_type }}

memcached_servers = {{ heat_memcached_servers }}

token_cache_time = 300

# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}

[trustee]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ heat_keystone_trustee_auth_plugin }}
auth_url = {{ keystone_service_adminurl }}
user_domain_id = {{ heat_service_trustee_user_domain_id }}
username = {{ heat_service_trustee_user_name }}
password = {{ heat_service_trustee_password }}

[volumes]
# Indicate if cinder-backup service is enabled. This is a temporary workaround
# until cinder-backup service becomes discoverable, see LP#1334856. (boolean
# value)
backups_enabled = {{ heat_cinder_backups_enabled }}