openstack/openstack-ansible
Code Issues Proposed changes
Files
de6f3a21e04daff5ea583653bef6ed62de624635
openstack-ansible/playbooks/roles/os_heat/templates/heat.conf.j2
Major Hayden d930a7b55c Enable encryption for all RabbitMQ connections 
This change enables encryption between OpenStack services and RabbitMQ by
default.

Closes-bug: 1509086

Change-Id: Ic95a556e001f66df935ea7db613b497b47062851
2015-10-27 14:42:59 +00:00

111 lines
3.4 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
[DEFAULT]
verbose = {{ verbose }}
debug = {{ debug }}
fatal_deprecations = {{ heat_fatal_deprecations }}
log_file = /var/log/heat/heat.log
stack_domain_admin_password = {{ heat_stack_domain_admin_password }}
stack_domain_admin = {{ heat_stack_domain_admin }}
stack_user_domain_name = {{ heat_stack_user_domain_name }}
max_nested_stack_depth = {{ heat_max_nested_stack_depth }}
heat_watch_server_url = {{ heat_watch_server_url }}
heat_waitcondition_server_url = {{ heat_waitcondition_server_url }}
heat_metadata_server_url = {{ heat_metadata_server_url }}
deferred_auth_method = {{ heat_deferred_auth_method }}
trusts_delegated_roles = {{ heat_trusts_delegated_roles | join(',') }}
auth_encryption_key = {{ heat_auth_encryption_key }}
## RPC Backend
rpc_backend = {{ heat_rpc_backend }}
## Plugin dirs
plugin_dirs = {{ heat_plugin_dirs | join(',') }}
# Ceilometer options
{% if heat_ceilometer_enabled %}
notification_driver = heat.openstack.common.notifier.rpc_notifier
{% endif %}
[clients]
endpoint_type = {{ heat_clients_endpoint }}
[clients_heat]
endpoint_type = {{ heat_clients_heat_endpoint }}
[clients_keystone]
insecure = {{ keystone_service_internaluri_insecure | bool }}
endpoint_type = {{ heat_clients_endpoint }}
auth_uri = {{ keystone_service_internaluri }}
[database]
connection = mysql+pymysql://{{ heat_galera_user }}:{{ heat_container_mysql_password }}@{{ heat_galera_address }}/{{ heat_galera_database }}?charset=utf8
[ec2authtoken]
auth_uri = {{ keystone_service_internalurl }}
[heat_api]
bind_port = {{ heat_service_port }}
[heat_api_cfn]
bind_port = {{ heat_cfn_service_port }}
[heat_api_cloudwatch]
bind_port = {{ heat_watch_port }}
[oslo_messaging_rabbit]
rabbit_port = {{ rabbitmq_port }}
rabbit_userid = {{ heat_rabbitmq_userid }}
rabbit_password = {{ heat_rabbitmq_password }}
rabbit_virtual_host = {{ heat_rabbitmq_vhost }}
rabbit_hosts = {{ rabbitmq_servers }}
rabbit_use_ssl = {{ rabbitmq_use_ssl }}
[profiler]
profiler_enabled = {{ heat_profiler_enabled }}
trace_sqlalchemy = {{ heat_profiler_trace_sqlalchemy }}
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ heat_keystone_auth_plugin }}
signing_dir = {{ heat_system_home_folder }}/cache/heat
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ heat_service_project_domain_id }}
user_domain_id = {{ heat_service_user_domain_id }}
project_name = {{ heat_service_project_name }}
username = {{ heat_service_user_name }}
password = {{ heat_service_password }}
memcached_servers = {{ memcached_servers }}
token_cache_time = 300
revocation_cache_time = 60
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
# if your keystone deployment uses PKI, and you value security over performance:
check_revocations_for_cached = False
[trustee]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ heat_keystone_trustee_auth_plugin }}
signing_dir = {{ heat_system_home_folder }}/cache/heat
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ heat_service_trustee_project_domain_id }}
user_domain_id = {{ heat_service_trustee_user_domain_id }}
project_name = {{ heat_service_trustee_project_name }}
username = {{ heat_service_trustee_user_name }}
password = {{ heat_service_trustee_password }}
View Git Blame Copy Permalink