(IntOpt) Period of evaluation cycle, should be >= than configured pipeline interval for collection of underlying metrics.
-
evaluation_service = default
+
= default
(StrOpt) Driver to use for alarm evaluation service. DEPRECATED: "singleton" and "partitioned" alarm evaluator services will be removed in Kilo in favour of the default alarm evaluation service using tooz for partitioning.
-
notifier_rpc_topic = alarm_notifier
+
= alarm_notifier
(StrOpt) The topic that ceilometer uses for alarm notifier messages.
(StrOpt) The topic that ceilometer uses for alarm partition coordination messages. DEPRECATED: RPC-based partitionedalarm evaluation service will be removed in Kilo in favour of the default alarm evaluation service using tooz for partitioning.
-
project_alarm_quota = None
+
= None
(IntOpt) Maximum number of alarms defined for a project.
-
record_history = True
+
= True
(BoolOpt) Record alarm change events.
-
rest_notifier_certificate_file =
+
=
(StrOpt) SSL Client certificate for REST notifier.
-
rest_notifier_certificate_key =
+
=
(StrOpt) SSL Client private key for REST notifier.
-
rest_notifier_max_retries = 0
+
= 0
(IntOpt) Number of retries for REST notifier
-
rest_notifier_ssl_verify = True
+
= True
(BoolOpt) Whether to verify the SSL Server certificate when calling alarm action.
-
user_alarm_quota = None
+
= None
(IntOpt) Maximum number of alarms defined for a user.
(StrOpt) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
-
notification_driver = []
+
= []
(MultiStrOpt) Driver or drivers to handle sending notifications.
-
notification_topics = notifications
+
= notifications
(ListOpt) AMQP topic used for OpenStack notifications.
-
transport_url = None
+
= None
(StrOpt) A URL representing the messaging driver to use and its full configuration. If not set, we fall back to the rpc_backend option and driver specific configuration.
(StrOpt) Configuration file for WSGI definition of API.
-
pipeline_cfg_file = pipeline.yaml
+
= pipeline.yaml
(StrOpt) Configuration file for pipeline definition.
-
policy_default_rule = default
+
= default
(StrOpt) Default rule. Enforced when a requested rule is not found.
-
policy_dirs = ['policy.d']
+
= ['policy.d']
(MultiStrOpt) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched.
-
policy_file = policy.json
+
= policy.json
(StrOpt) The JSON file that defines policies.
-
reserved_metadata_length = 256
+
= 256
(IntOpt) Limit on length of reserved metadata values.
-
reserved_metadata_namespace = metering.
+
= metering.
(ListOpt) List of metadata prefixes reserved for metering use.
[api]
-
enable_reverse_dns_lookup = False
+
= False
(BoolOpt) Set it to False if your environment does not need or have a DNS server, otherwise it will delay the response from the API.
-
host = 0.0.0.0
+
= 0.0.0.0
(StrOpt) The listen IP for the ceilometer API server.
-
pecan_debug = False
+
= False
(BoolOpt) Toggle Pecan Debug Middleware. Defaults to global debug value.
(StrOpt) Keystone service account tenant name to validate user tokens
-
admin_token = None
+
= None
(StrOpt) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
-
admin_user = None
+
= None
(StrOpt) Keystone account username
-
auth_admin_prefix =
+
=
(StrOpt) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
-
auth_host = 127.0.0.1
+
= 127.0.0.1
(StrOpt) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_port = 35357
+
= 35357
(IntOpt) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_protocol = https
+
= https
(StrOpt) Protocol of the admin Identity API endpoint (http or https). Deprecated, use identity_uri.
-
auth_uri = None
+
= None
(StrOpt) Complete public Identity API endpoint
-
auth_version = None
+
= None
(StrOpt) API version of the admin Identity API endpoint
-
cache = None
+
= None
(StrOpt) Env key for the swift cache
-
cafile = None
+
= None
(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
-
certfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
check_revocations_for_cached = False
+
= False
(BoolOpt) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the Keystone server.
-
delay_auth_decision = False
+
= False
(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components
-
enforce_token_bind = permissive
+
= permissive
(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
-
hash_algorithms = md5
+
= md5
(ListOpt) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
-
http_connect_timeout = None
+
= None
(BoolOpt) Request timeout value for communicating with Identity API server.
-
http_request_max_retries = 3
+
= 3
(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.
-
identity_uri = None
+
= None
(StrOpt) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
-
include_service_catalog = True
+
= True
(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
-
insecure = False
+
= False
(BoolOpt) Verify HTTPS connections.
-
keyfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
memcache_secret_key = None
+
= None
(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.
-
memcache_security_strategy = None
+
= None
(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
-
revocation_cache_time = 10
+
= 10
(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
-
signing_dir = None
+
= None
(StrOpt) Directory used to cache files related to PKI tokens
-
token_cache_time = 300
+
= 300
(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
(IntOpt) Number of workers for collector service. A single collector is enabled by default.
[collector]
-
requeue_sample_on_dispatcher_error = False
+
= False
(BoolOpt) Requeue the sample on the collector sample queue when the collector fails to dispatch it. This is only valid if the sample come from the notifier publisher.
-
udp_address = 0.0.0.0
+
= 0.0.0.0
(StrOpt) Address to which the UDP socket is bound. Set to an empty string to disable.
-
udp_port = 4952
+
= 4952
(IntOpt) Port to which the UDP socket is bound.
[dispatcher_file]
-
backup_count = 0
+
= 0
(IntOpt) The max number of the files to keep.
-
file_path = None
+
= None
(StrOpt) Name and the location of the file to record meters.
(StrOpt) Name of this node, which must be valid in an AMQP key. Can be an opaque identifier. For ZeroMQ only, must be a valid host name, FQDN, or IP address.
-
http_timeout = 600
+
= 600
(IntOpt) Timeout seconds for HTTP requests. Set it to None to disable timeout.
-
memcached_servers = None
+
= None
(ListOpt) Memcached servers or None for in process cache.
-
notification_workers = 1
+
= 1
(IntOpt) Number of workers for notification service. A single notification agent is enabled by default.
-
rootwrap_config = /etc/ceilometer/rootwrap.conf
+
= ['compute', 'central']
+
(MultiChoicesOpt) Polling namespace(s) to be used while resource polling
+
+
+
= []
+
(MultiChoicesOpt) List of pollsters (or wildcard templates) to be used while polling
+
+
+
= /etc/ceilometer/rootwrap.conf
(StrOpt) Path to the rootwrap configuration file touse for running commands as root
-
-
[central]
-
-
-
partitioning_group_prefix = None
-
(StrOpt) Work-load partitioning group prefix. Use only if you want to run multiple central agents with different config files. For each sub-group of the central agent pool with the same partitioning_group_prefix a disjoint subset of pollsters should be loaded.
-
[compute]
-
workload_partitioning = False
+
= False
(BoolOpt) Enable work-load partitioning, allowing multiple compute agents to be run simultaneously.
[coordination]
-
backend_url = None
+
= None
(StrOpt) The backend URL to use for distributed coordination. If left empty, per-deployment central agent and per-host compute agent won't do workload partitioning and will only function correctly if a single instance of that service is running.
-
heartbeat = 1.0
+
= 10.0
+
(FloatOpt) Number of seconds between checks to see if group membership has changed
+
+
+
= 1.0
(FloatOpt) Number of seconds between heartbeats for distributed coordination.
[keystone_authtoken]
-
memcached_servers = None
+
= None
(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
+
+
[polling]
+
+
+
= None
+
(StrOpt) Work-load partitioning group prefix. Use only if you want to run multiple polling agents with different config files. For each sub-group of the agent pool with the same partitioning_group_prefix a disjoint subset of pollsters should be loaded.
(StrOpt) The connection string used to connect to the alarm database. (if unset, connection is used)
-
backend = sqlalchemy
+
= sqlalchemy
(StrOpt) The back end to use for the database.
-
connection = None
+
= None
(StrOpt) The SQLAlchemy connection string to use to connect to the database.
-
connection_debug = 0
+
= 0
(IntOpt) Verbosity of SQL debugging information: 0=None, 100=Everything.
-
connection_trace = False
+
= False
(BoolOpt) Add Python stack traces to SQL as comment strings.
-
db2nosql_resource_id_maxlen = 512
+
= 512
(IntOpt) The max length of resources id in DB2 nosql, the value should be larger than len(hostname) * 2 as compute node's resource id is <hostname>_<nodename>.
-
db_inc_retry_interval = True
+
= True
(BoolOpt) If True, increases the interval between database connection retries up to db_max_retry_interval.
-
db_max_retries = 20
+
= 20
(IntOpt) Maximum database connection retries before error is raised. Set to -1 to specify an infinite retry count.
-
db_max_retry_interval = 10
+
= 10
(IntOpt) If db_inc_retry_interval is set, the maximum seconds between database connection retries.
-
db_retry_interval = 1
+
= 1
(IntOpt) Seconds between database connection retries.
-
event_connection = None
+
= None
(StrOpt) The connection string used to connect to the event database. (if unset, connection is used)
-
idle_timeout = 3600
+
= 3600
(IntOpt) Timeout before idle SQL connections are reaped.
-
max_overflow = None
+
= None
(IntOpt) If set, use this value for max_overflow with SQLAlchemy.
-
max_pool_size = None
+
= None
(IntOpt) Maximum number of SQL connections to keep open in a pool.
-
max_retries = 10
+
= 10
(IntOpt) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
-
metering_connection = None
+
= None
(StrOpt) The connection string used to connect to the metering database. (if unset, connection is used)
-
min_pool_size = 1
+
= 1
(IntOpt) Minimum number of SQL connections to keep open in a pool.
-
mongodb_replica_set =
+
=
(StrOpt) The name of the replica set which is used to connect to MongoDB database. If it is set, MongoReplicaSetClient will be used instead of MongoClient.
-
mysql_sql_mode = TRADITIONAL
+
= TRADITIONAL
(StrOpt) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
pool_timeout = None
+
= None
(IntOpt) If set, use this value for pool_timeout with SQLAlchemy.
-
retry_interval = 10
+
= 10
(IntOpt) Interval between retries of opening a SQL connection.
-
slave_connection = None
+
= None
(StrOpt) The SQLAlchemy connection string to use to connect to the slave database.
-
sqlite_db = oslo.sqlite
+
= oslo.sqlite
(StrOpt) The file name to use with SQLite.
-
sqlite_synchronous = True
+
= True
(BoolOpt) If True, SQLite uses synchronous mode.
-
time_to_live = -1
+
= -1
(IntOpt) Number of seconds that samples are kept in the database for (<= 0 means forever).
-
use_db_reconnect = False
+
= False
(BoolOpt) Enable the experimental use of database reconnect on connection lost.
(StrOpt) Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number; <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service's log file.
(BoolOpt) The flag which indicates if only cadf message should be posted. If false, all meters will be posted.
-
target =
+
=
(StrOpt) The target where the http request will be sent to. If this is not set, no data will be posted. For example: target = http://hostname:1234/path
-
timeout = 5
+
= 5
(IntOpt) The max time in second to wait for a request to timeout.
(IntOpt) Number of items to request in each paginated Glance API request (parameter used by glancecelient). If this is less than or equal to 0, page size is not specified (default value in glanceclient is used).
(BoolOpt) Enables or disables fatal status of deprecations.
-
instance_format = "[instance: %(uuid)s] "
+
= False
+
(BoolOpt) Make exception message format errors fatal
+
+
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance that is passed with the log message.
-
instance_uuid_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance UUID that is passed with the log message.
-
log_config_append = None
+
= None
(StrOpt) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation.
-
log_date_format = %Y-%m-%d %H:%M:%S
+
= %Y-%m-%d %H:%M:%S
(StrOpt) Format string for %%(asctime)s in log records. Default: %(default)s .
-
log_dir = None
+
= None
(StrOpt) (Optional) The base directory used for relative --log-file paths.
-
log_file = None
+
= None
(StrOpt) (Optional) Name of log file to output to. If no default is set, logging will go to stdout.
-
log_format = None
+
= None
(StrOpt) DEPRECATED. A logging.Formatter log message format string which may use any of the available logging.LogRecord attributes. This option is deprecated. Please use logging_context_format_string and logging_default_format_string instead.
(StrOpt) Prefix each line of exception output with this format.
-
publish_errors = False
+
= False
(BoolOpt) Enables or disables publication of error events.
-
syslog_log_facility = LOG_USER
+
= LOG_USER
(StrOpt) Syslog facility to receive log lines.
-
use_stderr = True
+
= True
(BoolOpt) Log output to standard error.
-
use_syslog = False
+
= False
(BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED during I, and will change in J to honor RFC5424.
-
use_syslog_rfc_format = False
+
= False
(BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in I, and will be removed in J.
-
verbose = False
+
= False
(BoolOpt) Print more verbose output (set logging level to INFO instead of default WARNING level).
(IntOpt) Seconds between connection keepalive heartbeats.
-
qpid_hostname = localhost
+
= localhost
(StrOpt) Qpid broker hostname.
-
qpid_hosts = $qpid_hostname:$qpid_port
+
= $qpid_hostname:$qpid_port
(ListOpt) Qpid HA cluster host:port pairs.
-
qpid_password =
+
=
(StrOpt) Password for Qpid connection.
-
qpid_port = 5672
+
= 5672
(IntOpt) Qpid broker port.
-
qpid_protocol = tcp
+
= tcp
(StrOpt) Transport to use, either 'tcp' or 'ssl'.
-
qpid_receiver_capacity = 1
+
= 1
(IntOpt) The number of prefetched messages held by receiver.
-
qpid_sasl_mechanisms =
+
=
(StrOpt) Space separated list of SASL mechanisms to use for auth.
-
qpid_tcp_nodelay = True
+
= True
(BoolOpt) Whether to disable the Nagle algorithm.
-
qpid_topology_version = 1
+
= 1
(IntOpt) The qpid topology version to use. Version 1 is what was originally used by impl_qpid. Version 2 includes some backwards-incompatible changes that allow broker federation to work. Users should update to version 2 when they are able to take everything down, as it requires a clean break.
List of directories to load filter definitions from (separated by ','). These directories MUST all be only writeable by root !
-
exec_dirs = /sbin,/usr/sbin,/bin,/usr/bin
+
= /sbin,/usr/sbin,/bin,/usr/bin
List of directories to search executables in, in case filters do not explicitely specify a full path (separated by ',') If not specified, defaults to system PATH environment variable. These directories MUST all be only writeable by root !
-
use_syslog = False
+
= False
Enable logging to syslog Default value is False
-
syslog_log_facility = syslog
+
= syslog
Which syslog facility to use. Valid values include auth, authpriv, syslog, user0, user1... Default value is 'syslog'
-
syslog_log_level = ERROR
+
= ERROR
Which messages to log. INFO means log all usage ERROR means only log unsuccessful attempts
(StrOpt) The messaging driver to use, defaults to rabbit. Other drivers include qpid and zmq.
-
rpc_cast_timeout = 30
+
= 30
(IntOpt) Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
-
rpc_conn_pool_size = 30
+
= 30
(IntOpt) Size of RPC connection pool.
-
rpc_response_timeout = 60
+
= 60
(IntOpt) Seconds to wait for a response from a call.
-
rpc_thread_pool_size = 64
+
= 64
(IntOpt) Size of RPC greenthread pool.
[notification]
-
messaging_urls = []
+
= []
(MultiStrOpt) Messaging URLs to listen for notifications. Example: transport://user:pass@host1:port[,hostN:portN]/virtual_host (DEFAULT/transport_url is used if empty)
+
+
[oslo_messaging_amqp]
+
+
+
= False
+
(BoolOpt) Accept clients using either SSL or plain TCP
+
+
+
= broadcast
+
(StrOpt) address prefix used when broadcasting to all servers
+
+
+
= None
+
(StrOpt) Name for the AMQP container
+
+
+
= unicast
+
(StrOpt) address prefix when sending to any server in group
+
+
+
= 0
+
(IntOpt) Timeout for inactive connections (in seconds)
+
+
+
= exclusive
+
(StrOpt) address prefix used when sending to a specific server
+
+
+
=
+
(StrOpt) CA certificate PEM file for verifing server certificate
+
+
+
=
+
(StrOpt) Identifying certificate PEM file to present to clients
+
+
+
=
+
(StrOpt) Private key PEM file used to sign cert_file certificate
+
+
+
= None
+
(StrOpt) Password for decrypting ssl_key_file (if encrypted)
+
+
+
= False
+
(BoolOpt) Debug: dump AMQP frames to stdout
+
[publisher]
-
metering_secret = change this or be hacked
+
= change this or be hacked
(StrOpt) Secret value for signing metering messages.
[publisher_notifier]
-
metering_driver = messagingv2
+
= messagingv2
(StrOpt) The driver that ceilometer uses for metering notifications.
-
metering_topic = metering
+
= metering
(StrOpt) The topic that ceilometer uses for metering notifications.
[publisher_rpc]
-
metering_topic = metering
+
= metering
(StrOpt) The topic that ceilometer uses for metering messages.
(StrOpt) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
-
notification_driver = []
+
= []
(MultiStrOpt) Driver or drivers to handle sending notifications.
-
notification_topics = notifications
+
= notifications
(ListOpt) AMQP topic used for OpenStack notifications.
-
transport_url = None
+
= None
(StrOpt) A URL representing the messaging driver to use and its full configuration. If not set, we fall back to the rpc_backend option and driver specific configuration.
(StrOpt) File name for the paste.deploy config for cinder-api
-
api_rate_limit = True
+
= True
(BoolOpt) Enables or disables rate limit of the API.
-
az_cache_duration = 3600
+
= 3600
(IntOpt) Cache volume availability zones in memory for the provided duration in seconds
-
default_timeout = 525600
+
= 525600
(IntOpt) Default timeout for CLI operations in minutes. For example, LUN migration is a typical long running operation, which depends on the LUN size and the load of the array. An upper bound in the specific deployment can be set to avoid unnecessary long wait. By default, it is 365 days long.
-
enable_v1_api = True
+
= True
(BoolOpt) DEPRECATED: Deploy v1 of the Cinder API.
-
enable_v2_api = True
+
= True
(BoolOpt) Deploy v2 of the Cinder API.
-
extra_capabilities = {}
-
(StrOpt) User defined capabilities, a JSON formatted string specifying key/value pairs.
+
= {}
+
(StrOpt) User defined capabilities, a JSON formatted string specifying key/value pairs. The key/value pairs can be used by the CapabilitiesFilter to select between backends when requests specify volume types. For example, specifying a service level or the geographical location of a backend, then creating a volume type to allow the user to select by these different properties.
-
max_header_line = 16384
+
= 16384
(IntOpt) Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs).
-
osapi_max_limit = 1000
+
= 1000
(IntOpt) The maximum number of items that a collection resource returns in a single response
-
osapi_max_request_body_size = 114688
+
= 114688
(IntOpt) Max size for body of a request
-
osapi_volume_base_URL = None
+
= None
(StrOpt) Base URL that will be presented to users in links to the OpenStack Volume API
-
osapi_volume_ext_list =
+
=
(ListOpt) Specify list of extensions to load when using osapi_volume_extension option with cinder.api.contrib.select_extensions
(StrOpt) Keystone service account tenant name to validate user tokens
-
admin_token = None
+
= None
(StrOpt) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
-
admin_user = None
+
= None
(StrOpt) Keystone account username
-
auth_admin_prefix =
+
=
(StrOpt) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
-
auth_host = 127.0.0.1
+
= 127.0.0.1
(StrOpt) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_port = 35357
+
= 35357
(IntOpt) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_protocol = https
+
= https
(StrOpt) Protocol of the admin Identity API endpoint (http or https). Deprecated, use identity_uri.
-
auth_uri = None
+
= None
(StrOpt) Complete public Identity API endpoint
-
auth_version = None
+
= None
(StrOpt) API version of the admin Identity API endpoint
-
cache = None
+
= None
(StrOpt) Env key for the swift cache
-
cafile = None
+
= None
(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
-
certfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
check_revocations_for_cached = False
+
= False
(BoolOpt) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the Keystone server.
-
delay_auth_decision = False
+
= False
(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components
-
enforce_token_bind = permissive
+
= permissive
(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
-
hash_algorithms = md5
+
= md5
(ListOpt) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
-
http_connect_timeout = None
+
= None
(BoolOpt) Request timeout value for communicating with Identity API server.
-
http_request_max_retries = 3
+
= 3
(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.
-
identity_uri = None
+
= None
(StrOpt) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
-
include_service_catalog = True
+
= True
(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
-
insecure = False
+
= False
(BoolOpt) Verify HTTPS connections.
-
keyfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
memcache_secret_key = None
+
= None
(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.
-
memcache_security_strategy = None
+
= None
(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
-
revocation_cache_time = 10
+
= 10
(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
-
signing_dir = None
+
= None
(StrOpt) Directory used to cache files related to PKI tokens
-
token_cache_time = 300
+
= 300
(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
(StrOpt) Full class name for the Manager for volume backup
-
backup_metadata_version = 1
+
= 2
(IntOpt) Backup metadata version to be used when backing up volume metadata. If this number is bumped, make sure the service doing the restore supports the new version.
-
backup_name_template = backup-%s
+
= backup-%s
(StrOpt) Template string to be used to generate backup names
-
backup_topic = cinder-backup
+
= 10
+
(IntOpt) The number of chunks or objects, for which one Ceilometer notification will be sent
+
+
+
= 120
+
(IntOpt) Interval, in seconds, between two progress notifications reporting the backup status
+
+
+
= cinder-backup
(StrOpt) The topic that volume backup nodes listen on
-
snapshot_name_template = snapshot-%s
+
= snapshot-%s
(StrOpt) Template string to be used to generate snapshot names
-
snapshot_same_host = True
+
= True
(BoolOpt) Create volume from snapshot at the host where snapshot resides
(BoolOpt) Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the Swift backend storage. The default value is True to enable the timer.
+
+
+
= None
(StrOpt) Swift key for authentication
-
backup_swift_object_size = 52428800
+
= 52428800
(IntOpt) The size in bytes of Swift backup objects
-
backup_swift_retry_attempts = 3
+
= 3
(IntOpt) The number of retries to make for Swift operations
-
backup_swift_retry_backoff = 2
+
= 2
(IntOpt) The backoff time in seconds between Swift retries
-
backup_swift_url = None
+
= None
(StrOpt) The URL of the Swift endpoint
-
backup_swift_user = None
+
= None
(StrOpt) Swift user name
-
swift_catalog_info = object-store:swift:publicURL
+
= object-store:swift:publicURL
(StrOpt) Info to match when looking for swift in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type> - Only used if backup_swift_url is unset
(IntOpt) Timeout for client connections' socket operations. If an incoming connection is idle for this number of seconds it will be closed. A value of '0' means wait forever.
+
+
+
= cinder.compute.nova.API
(StrOpt) The full class name of the compute API class to use
(StrOpt) The full class name of the consistencygroup API class
-
default_availability_zone = None
+
= None
(StrOpt) Default availability zone for new volumes. If not set, the storage_availability_zone option value is used as the default for new volumes.
-
default_volume_type = None
+
= None
(StrOpt) Default volume type to use
-
enable_new_services = True
+
= True
(BoolOpt) Services to be added to the available pool on create
-
host = localhost
+
= localhost
(StrOpt) Name of this node. This can be an opaque identifier. It is not necessarily a host name, FQDN, or IP address.
-
iet_conf = /etc/iet/ietd.conf
+
= /etc/iet/ietd.conf
(StrOpt) IET configuration file
-
lio_initiator_iqns =
-
(StrOpt) Comma-separated list of initiator IQNs allowed to connect to the iSCSI target. (From Nova compute nodes.)
+
=
+
(StrOpt) This option is deprecated and unused. It will be removed in the next release.
-
lock_path = None
-
(StrOpt) Directory to use for lock files. Default to a temp directory
-
-
-
memcached_servers = None
+
= None
(ListOpt) Memcached servers or None for in process cache.
-
monkey_patch = False
+
= False
(BoolOpt) Enable monkey patching
-
monkey_patch_modules =
+
=
(ListOpt) List of modules/decorators to monkey patch
-
my_ip = 10.0.0.1
+
= 10.0.0.1
(StrOpt) IP address of this host
-
no_snapshot_gb_quota = False
+
= False
(BoolOpt) Whether snapshots count against GigaByte quota
-
num_shell_tries = 3
+
= 3
(IntOpt) Number of times to attempt to run flakey shell commands
-
periodic_fuzzy_delay = 60
+
= None
+
(StrOpt) OpenStack privileged account username. Used for requests to other services (such as Nova) that require an account with special rights.
+
+
+
= None
+
(StrOpt) Password associated with the OpenStack privileged account.
+
+
+
= None
+
(StrOpt) Tenant name associated with the OpenStack privileged account.
+
+
+
= 60
(IntOpt) Range, in seconds, to randomly delay when starting the periodic task scheduler to reduce stampeding. (Disable by setting to 0)
-
periodic_interval = 60
+
= 60
(IntOpt) Interval, in seconds, between running periodic tasks
-
policy_default_rule = default
+
= default
(StrOpt) Default rule. Enforced when a requested rule is not found.
-
policy_file = policy.json
+
= ['policy.d']
+
(MultiStrOpt) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched.
(StrOpt) The full class name of the volume replication API class
-
report_interval = 10
+
= 10
(IntOpt) Interval, in seconds, between nodes reporting state to datastore
-
reserved_percentage = 0
+
= 300
+
(IntOpt) Global backend request timeout, in seconds
+
+
+
= 0
(IntOpt) The percentage of backend capacity is reserved
-
rootwrap_config = /etc/cinder/rootwrap.conf
+
= /etc/cinder/rootwrap.conf
(StrOpt) Path to the rootwrap configuration file to use for running commands as root
-
run_external_periodic_tasks = True
+
= True
(BoolOpt) Some periodic tasks can be run in a separate process. Should we run them here?
-
service_down_time = 60
+
= 60
(IntOpt) Maximum time since last check-in for a service to be considered up
-
ssh_hosts_key_file = $state_path/ssh_known_hosts
+
= $state_path/ssh_known_hosts
(StrOpt) File containing SSH host keys for the systems with which Cinder needs to communicate. OPTIONAL: Default=$state_path/ssh_known_hosts
-
state_path = /var/lib/cinder
+
= /var/lib/cinder
(StrOpt) Top-level directory for maintaining cinder's state
-
storage_availability_zone = nova
+
= nova
(StrOpt) Availability zone of this node
-
strict_ssh_host_key_policy = False
+
= False
(BoolOpt) Option to enable strict host key checking. When set to "True" Cinder will only connect to systems with a host key present in the configured "ssh_hosts_key_file". When set to "False" the host key will be saved upon first connection and used for subsequent connections. Default=False
-
tcp_keepalive = True
+
= True
(BoolOpt) Sets the value of TCP_KEEPALIVE (True/False) for each server socket.
-
tcp_keepalive_count = None
+
= None
(IntOpt) Sets the value of TCP_KEEPCNT for each server socket. Not supported on OS X.
-
tcp_keepalive_interval = None
+
= None
(IntOpt) Sets the value of TCP_KEEPINTVL in seconds for each server socket. Not supported on OS X.
-
tcp_keepidle = 600
+
= 600
(IntOpt) Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not supported on OS X.
-
until_refresh = 0
+
= 0
(IntOpt) Count of reservations until usage is refreshed
-
use_forwarded_for = False
+
= False
(BoolOpt) Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy.
+
+
= True
+
(BoolOpt) If False, closes the client socket connection explicitly. Setting it to True to maintain backward compatibility. Recommended setting is set it to False.
+
[keystone_authtoken]
-
memcached_servers = None
+
= None
(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
(BoolOpt) Allow to perform insecure SSL requests to nova
-
nova_ca_certificates_file = None
+
= None
(StrOpt) Location of ca certificates file to use for nova client requests.
-
nova_catalog_admin_info = compute:nova:adminURL
+
= compute:Compute Service:adminURL
(StrOpt) Same as nova_catalog_info, but for admin endpoint.
-
nova_catalog_info = compute:nova:publicURL
+
= compute:Compute Service:publicURL
(StrOpt) Match this value when searching for nova in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type>
-
nova_endpoint_admin_template = None
+
= None
(StrOpt) Same as nova_endpoint_template, but for admin endpoint.
-
nova_endpoint_template = None
+
= None
(StrOpt) Override service catalog lookup with template for nova endpoint e.g. http://localhost:8774/v2/%(project_id)s
(StrOpt) The SQLAlchemy connection string to use to connect to the database.
-
connection_debug = 0
+
= 0
(IntOpt) Verbosity of SQL debugging information: 0=None, 100=Everything.
-
connection_trace = False
+
= False
(BoolOpt) Add Python stack traces to SQL as comment strings.
-
db_inc_retry_interval = True
+
= True
(BoolOpt) If True, increases the interval between database connection retries up to db_max_retry_interval.
-
db_max_retries = 20
+
= 20
(IntOpt) Maximum database connection retries before error is raised. Set to -1 to specify an infinite retry count.
-
db_max_retry_interval = 10
+
= 10
(IntOpt) If db_inc_retry_interval is set, the maximum seconds between database connection retries.
-
db_retry_interval = 1
+
= 1
(IntOpt) Seconds between database connection retries.
-
idle_timeout = 3600
+
= 3600
(IntOpt) Timeout before idle SQL connections are reaped.
-
max_overflow = None
+
= None
(IntOpt) If set, use this value for max_overflow with SQLAlchemy.
-
max_pool_size = None
+
= None
(IntOpt) Maximum number of SQL connections to keep open in a pool.
-
max_retries = 10
-
(IntOpt) Maximum db connection retries during startup. Set to -1 to specify an infinite retry count.
+
= 10
+
(IntOpt) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
-
min_pool_size = 1
+
= 1
(IntOpt) Minimum number of SQL connections to keep open in a pool.
-
mysql_sql_mode = TRADITIONAL
+
= TRADITIONAL
(StrOpt) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
pool_timeout = None
+
= None
(IntOpt) If set, use this value for pool_timeout with SQLAlchemy.
-
retry_interval = 10
+
= 10
(IntOpt) Interval between retries of opening a SQL connection.
-
slave_connection = None
+
= None
(StrOpt) The SQLAlchemy connection string to use to connect to the slave database.
-
sqlite_db = oslo.sqlite
+
= oslo.sqlite
(StrOpt) The file name to use with SQLite.
-
sqlite_synchronous = True
+
= True
(BoolOpt) If True, SQLite uses synchronous mode.
-
use_db_reconnect = False
+
= False
(BoolOpt) Enable the experimental use of database reconnect on connection lost.
-
use_tpool = False
+
= False
(BoolOpt) Enable the experimental use of thread pooling for all DB API calls
(StrOpt) Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number; <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service's log file.
(StrOpt) IBMNAS platform type to be used as backend storage; valid values are - v7ku : for using IBM Storwize V7000 Unified, sonas : for using IBM Scale Out NAS, gpfs-nas : for using NFS based IBM GPFS deployments.
(ListOpt) A list of url schemes that can be downloaded directly via the direct_url. Currently supported schemes: [file].
-
glance_api_insecure = False
+
= False
(BoolOpt) Allow to perform insecure SSL (https) requests to glance
-
glance_api_servers = $glance_host:$glance_port
+
= $glance_host:$glance_port
(ListOpt) A list of the glance API servers available to cinder ([hostname|ip]:port)
-
glance_api_ssl_compression = False
+
= False
(BoolOpt) Enables or disables negotiation of SSL layer compression. In some cases disabling compression can improve data throughput, such as when high network bandwidth is available and you use compressed image formats like qcow2.
-
glance_api_version = 1
+
= 1
(IntOpt) Version of the glance API to use
-
glance_ca_certificates_file = None
+
= None
(StrOpt) Location of ca certificates file to use for glance client requests.
(BoolOpt) Enables or disables fatal status of deprecations.
-
fatal_exception_format_errors = False
+
= False
(BoolOpt) Make exception message format errors fatal.
-
instance_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance that is passed with the log message.
-
instance_uuid_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance UUID that is passed with the log message.
-
log_config_append = None
+
= None
(StrOpt) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation.
-
log_date_format = %Y-%m-%d %H:%M:%S
+
= %Y-%m-%d %H:%M:%S
(StrOpt) Format string for %%(asctime)s in log records. Default: %(default)s .
-
log_dir = None
+
= None
(StrOpt) (Optional) The base directory used for relative --log-file paths.
-
log_file = None
+
= None
(StrOpt) (Optional) Name of log file to output to. If no default is set, logging will go to stdout.
-
log_format = None
+
= None
(StrOpt) DEPRECATED. A logging.Formatter log message format string which may use any of the available logging.LogRecord attributes. This option is deprecated. Please use logging_context_format_string and logging_default_format_string instead.
(StrOpt) Prefix each line of exception output with this format.
-
publish_errors = False
+
= False
(BoolOpt) Enables or disables publication of error events.
-
syslog_log_facility = LOG_USER
+
= LOG_USER
(StrOpt) Syslog facility to receive log lines.
-
use_stderr = True
+
= True
(BoolOpt) Log output to standard error.
-
use_syslog = False
+
= False
(BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED during I, and will change in J to honor RFC5424.
-
use_syslog_rfc_format = False
+
= False
(BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in I, and will be removed in J.
-
verbose = False
+
= False
(BoolOpt) Print more verbose output (set logging level to INFO instead of default WARNING level).
(StrOpt) Filename of private key to use for SSH authentication.
-
nas_ssh_port = 22
+
= auto
+
(StrOpt) Allow network-attached storage systems to operate in a secure environment where root level access is not permitted. If set to False, access is as the root user and insecure. If set to True, access is not as root. If set to auto, a check is done to determine if this is a new installation: True is used if so, otherwise False. Default is auto.
+
+
+
= auto
+
(StrOpt) Set more secure file permissions on network-attached storage volume files to restrict broad other/world access. If set to False, volumes are created with open permissions. If set to True, volumes are created with permissions for the cinder user and group (660). If set to auto, a check is done to determine if this is a new installation: True is used if so, otherwise False. Default is auto.
+
+
+
= 22
(IntOpt) SSH port to use to connect to NAS system.
(StrOpt) Administrative user account name used to access the storage system or proxy server.
-
netapp_password = None
+
= None
+
(StrOpt) The name of the config.conf stanza for a Data ONTAP (7-mode) HA partner. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode, and it is required if the storage protocol selected is FC.
+
+
+
= None
(StrOpt) Password for the administrative user account specified in the netapp_login option.
-
netapp_server_hostname = None
+
= None
(StrOpt) The hostname (or IP address) for the storage system or proxy server.
-
netapp_server_port = None
+
= None
(IntOpt) The TCP port to use for communication with the storage system or proxy server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for HTTPS; E-Series will use 8080 for HTTP and 8443 for HTTPS.
-
netapp_size_multiplier = 1.2
+
= 1.2
(FloatOpt) The quantity to be multiplied by the requested volume size to ensure enough space is available on the virtual storage server (Vserver) to fulfill the volume creation request.
-
netapp_storage_family = ontap_cluster
+
= ontap_cluster
(StrOpt) The storage family type used on the storage system; valid values are ontap_7mode for using Data ONTAP operating in 7-Mode, ontap_cluster for using clustered Data ONTAP, or eseries for using E-Series.
-
netapp_storage_protocol = None
-
(StrOpt) The storage protocol to be used on the data path with the storage system; valid values are iscsi or nfs.
+
= None
+
(StrOpt) The storage protocol to be used on the data path with the storage system; valid values are iscsi, fc, or nfs.
-
netapp_transport_type = http
+
= http
(StrOpt) The transport protocol used when communicating with the storage system or proxy server. Valid values are http or https.
-
netapp_vfiler = None
-
(StrOpt) The vFiler unit on which provisioning of block storage volumes will be done. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode and the storage protocol selected is iSCSI. Only use this option when utilizing the MultiStore feature on the NetApp storage system.
+
= None
+
(StrOpt) The vFiler unit on which provisioning of block storage volumes will be done. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode. Only use this option when utilizing the MultiStore feature on the NetApp storage system.
-
netapp_volume_list = None
-
(StrOpt) This option is only utilized when the storage protocol is configured to use iSCSI. This option is used to restrict provisioning to the specified controller volumes. Specify the value of this option to be a comma separated list of NetApp controller volume names to be used for provisioning.
+
= None
+
(StrOpt) This option is only utilized when the storage protocol is configured to use iSCSI or FC. This option is used to restrict provisioning to the specified controller volumes. Specify the value of this option to be a comma separated list of NetApp controller volume names to be used for provisioning.
(IntOpt) This option specifies the threshold for last access time for images in the NFS image cache. When a cache cleaning cycle begins, images in the cache that have not been accessed in the last M minutes, where M is the value of this parameter, will be deleted from the cache to create free space on the NFS share.
-
netapp_login = None
+
= None
(StrOpt) Administrative user account name used to access the storage system or proxy server.
-
netapp_password = None
+
= None
+
(StrOpt) The name of the config.conf stanza for a Data ONTAP (7-mode) HA partner. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode, and it is required if the storage protocol selected is FC.
+
+
+
= None
(StrOpt) Password for the administrative user account specified in the netapp_login option.
-
netapp_server_hostname = None
+
= None
(StrOpt) The hostname (or IP address) for the storage system or proxy server.
-
netapp_server_port = None
+
= None
(IntOpt) The TCP port to use for communication with the storage system or proxy server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for HTTPS; E-Series will use 8080 for HTTP and 8443 for HTTPS.
-
netapp_storage_family = ontap_cluster
+
= ontap_cluster
(StrOpt) The storage family type used on the storage system; valid values are ontap_7mode for using Data ONTAP operating in 7-Mode, ontap_cluster for using clustered Data ONTAP, or eseries for using E-Series.
-
netapp_storage_protocol = None
-
(StrOpt) The storage protocol to be used on the data path with the storage system; valid values are iscsi or nfs.
+
= None
+
(StrOpt) The storage protocol to be used on the data path with the storage system; valid values are iscsi, fc, or nfs.
-
netapp_transport_type = http
+
= http
(StrOpt) The transport protocol used when communicating with the storage system or proxy server. Valid values are http or https.
-
thres_avl_size_perc_start = 20
+
= 20
(IntOpt) If the percentage of available space for an NFS share has dropped below the value specified by this option, the NFS image cache will be cleaned.
-
thres_avl_size_perc_stop = 60
+
= 60
(IntOpt) When the percentage of available space on an NFS share has reached the percentage specified by this option, the driver will stop clearing files from the NFS image cache that have not been accessed in the last M minutes, where M is the value of the expiry_thres_minutes configuration option.
(StrOpt) Administrative user account name used to access the storage system or proxy server.
-
netapp_password = None
+
= None
+
(StrOpt) The name of the config.conf stanza for a Data ONTAP (7-mode) HA partner. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode, and it is required if the storage protocol selected is FC.
+
+
+
= None
(StrOpt) Password for the administrative user account specified in the netapp_login option.
-
netapp_server_hostname = None
+
= None
(StrOpt) The hostname (or IP address) for the storage system or proxy server.
-
netapp_server_port = None
+
= None
(IntOpt) The TCP port to use for communication with the storage system or proxy server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for HTTPS; E-Series will use 8080 for HTTP and 8443 for HTTPS.
-
netapp_size_multiplier = 1.2
+
= 1.2
(FloatOpt) The quantity to be multiplied by the requested volume size to ensure enough space is available on the virtual storage server (Vserver) to fulfill the volume creation request.
-
netapp_storage_family = ontap_cluster
+
= ontap_cluster
(StrOpt) The storage family type used on the storage system; valid values are ontap_7mode for using Data ONTAP operating in 7-Mode, ontap_cluster for using clustered Data ONTAP, or eseries for using E-Series.
-
netapp_storage_protocol = None
-
(StrOpt) The storage protocol to be used on the data path with the storage system; valid values are iscsi or nfs.
+
= None
+
(StrOpt) The storage protocol to be used on the data path with the storage system; valid values are iscsi, fc, or nfs.
-
netapp_transport_type = http
+
= http
(StrOpt) The transport protocol used when communicating with the storage system or proxy server. Valid values are http or https.
-
netapp_vserver = None
-
(StrOpt) This option specifies the virtual storage server (Vserver) name on the storage cluster on which provisioning of block storage volumes should occur. If using the NFS storage protocol, this parameter is mandatory for storage service catalog support (utilized by Cinder volume type extra_specs support). If this option is specified, the exports belonging to the Vserver will only be used for provisioning in the future. Block storage volumes on exports not belonging to the Vserver specified by this option will continue to function normally.
+
= None
+
(StrOpt) This option specifies the virtual storage server (Vserver) name on the storage cluster on which provisioning of block storage volumes should occur.
(IntOpt) This option specifies the threshold for last access time for images in the NFS image cache. When a cache cleaning cycle begins, images in the cache that have not been accessed in the last M minutes, where M is the value of this parameter, will be deleted from the cache to create free space on the NFS share.
-
netapp_copyoffload_tool_path = None
+
= None
(StrOpt) This option specifies the path of the NetApp copy offload tool binary. Ensure that the binary has execute permissions set which allow the effective user of the cinder-volume process to execute the file.
-
netapp_login = None
+
= None
(StrOpt) Administrative user account name used to access the storage system or proxy server.
-
netapp_password = None
+
= None
+
(StrOpt) The name of the config.conf stanza for a Data ONTAP (7-mode) HA partner. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode, and it is required if the storage protocol selected is FC.
+
+
+
= None
(StrOpt) Password for the administrative user account specified in the netapp_login option.
-
netapp_server_hostname = None
+
= None
(StrOpt) The hostname (or IP address) for the storage system or proxy server.
-
netapp_server_port = None
+
= None
(IntOpt) The TCP port to use for communication with the storage system or proxy server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for HTTPS; E-Series will use 8080 for HTTP and 8443 for HTTPS.
-
netapp_storage_family = ontap_cluster
+
= ontap_cluster
(StrOpt) The storage family type used on the storage system; valid values are ontap_7mode for using Data ONTAP operating in 7-Mode, ontap_cluster for using clustered Data ONTAP, or eseries for using E-Series.
-
netapp_storage_protocol = None
-
(StrOpt) The storage protocol to be used on the data path with the storage system; valid values are iscsi or nfs.
+
= None
+
(StrOpt) The storage protocol to be used on the data path with the storage system; valid values are iscsi, fc, or nfs.
-
netapp_transport_type = http
+
= http
(StrOpt) The transport protocol used when communicating with the storage system or proxy server. Valid values are http or https.
-
netapp_vserver = None
-
(StrOpt) This option specifies the virtual storage server (Vserver) name on the storage cluster on which provisioning of block storage volumes should occur. If using the NFS storage protocol, this parameter is mandatory for storage service catalog support (utilized by Cinder volume type extra_specs support). If this option is specified, the exports belonging to the Vserver will only be used for provisioning in the future. Block storage volumes on exports not belonging to the Vserver specified by this option will continue to function normally.
+
= None
+
(StrOpt) This option specifies the virtual storage server (Vserver) name on the storage cluster on which provisioning of block storage volumes should occur.
-
thres_avl_size_perc_start = 20
+
= 20
(IntOpt) If the percentage of available space for an NFS share has dropped below the value specified by this option, the NFS image cache will be cleaned.
-
thres_avl_size_perc_stop = 60
+
= 60
(IntOpt) When the percentage of available space on an NFS share has reached the percentage specified by this option, the driver will stop clearing files from the NFS image cache that have not been accessed in the last M minutes, where M is the value of the expiry_thres_minutes configuration option.
(StrOpt) This option is only utilized when the storage family is configured to eseries. This option is used to restrict provisioning to the specified controllers. Specify the value of this option to be a comma separated list of controller hostnames or IP addresses to be used for provisioning.
-
netapp_eseries_host_type = linux_dm_mp
+
= linux_dm_mp
(StrOpt) This option is used to define how the controllers in the E-Series storage array will work with the particular operating system on the hosts that are connected to it.
-
netapp_login = None
+
= None
(StrOpt) Administrative user account name used to access the storage system or proxy server.
-
netapp_password = None
+
= None
+
(StrOpt) The name of the config.conf stanza for a Data ONTAP (7-mode) HA partner. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode, and it is required if the storage protocol selected is FC.
+
+
+
= None
(StrOpt) Password for the administrative user account specified in the netapp_login option.
-
netapp_sa_password = None
+
= None
(StrOpt) Password for the NetApp E-Series storage array.
-
netapp_server_hostname = None
+
= None
(StrOpt) The hostname (or IP address) for the storage system or proxy server.
-
netapp_server_port = None
+
= None
(IntOpt) The TCP port to use for communication with the storage system or proxy server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for HTTPS; E-Series will use 8080 for HTTP and 8443 for HTTPS.
-
netapp_storage_family = ontap_cluster
+
= ontap_cluster
(StrOpt) The storage family type used on the storage system; valid values are ontap_7mode for using Data ONTAP operating in 7-Mode, ontap_cluster for using clustered Data ONTAP, or eseries for using E-Series.
-
netapp_storage_pools = None
+
= None
(StrOpt) This option is used to restrict provisioning to the specified storage pools. Only dynamic disk pools are currently supported. Specify the value of this option to be a comma separated list of disk pool names to be used for provisioning.
-
netapp_transport_type = http
+
= http
(StrOpt) The transport protocol used when communicating with the storage system or proxy server. Valid values are http or https.
-
netapp_webservice_path = /devmgr/v2
+
= /devmgr/v2
(StrOpt) This option is used to specify the path to the E-Series proxy application on a proxy server. The value is combined with the value of the netapp_transport_type, netapp_server_hostname, and netapp_server_port options to create the URL used by the driver to connect to the proxy application.
(StrOpt) Block size for volumes (default=blank means 8KB)
-
nexenta_host =
+
=
(StrOpt) IP address of Nexenta SA
-
nexenta_iscsi_target_portal_port = 3260
+
= 3260
(IntOpt) Nexenta target portal port
-
nexenta_password = nexenta
+
= nexenta
(StrOpt) Password to connect to Nexenta SA
-
nexenta_rest_port = 2000
+
= 2000
(IntOpt) HTTP port to connect to Nexenta REST API server
-
nexenta_rest_protocol = auto
+
= auto
(StrOpt) Use http or https for REST connection (default auto)
-
nexenta_rrmgr_compression = 0
+
= 0
(IntOpt) Enable stream compression, level 1..9. 1 - gives best speed; 9 - gives best compression.
-
nexenta_rrmgr_connections = 2
+
= 2
(IntOpt) Number of TCP connections.
-
nexenta_rrmgr_tcp_buf_size = 4096
+
= 4096
(IntOpt) TCP Buffer size in KiloBytes.
-
nexenta_sparse = False
+
= False
(BoolOpt) Enables or disables the creation of sparse volumes
-
nexenta_sparsed_volumes = True
+
= True
(BoolOpt) Enables or disables the creation of volumes as sparsed files that take no space. If disabled (False), volume is created as a regular file, which takes a long time.
(IntOpt) Seconds between connection keepalive heartbeats.
-
qpid_hostname = localhost
+
= localhost
(StrOpt) Qpid broker hostname.
-
qpid_hosts = $qpid_hostname:$qpid_port
+
= $qpid_hostname:$qpid_port
(ListOpt) Qpid HA cluster host:port pairs.
-
qpid_password =
+
=
(StrOpt) Password for Qpid connection.
-
qpid_port = 5672
+
= 5672
(IntOpt) Qpid broker port.
-
qpid_protocol = tcp
+
= tcp
(StrOpt) Transport to use, either 'tcp' or 'ssl'.
-
qpid_receiver_capacity = 1
+
= 1
(IntOpt) The number of prefetched messages held by receiver.
-
qpid_sasl_mechanisms =
+
=
(StrOpt) Space separated list of SASL mechanisms to use for auth.
-
qpid_tcp_nodelay = True
+
= True
(BoolOpt) Whether to disable the Nagle algorithm.
-
qpid_topology_version = 1
+
= 1
(IntOpt) The qpid topology version to use. Version 1 is what was originally used by impl_qpid. Version 2 includes some backwards-incompatible changes that allow broker federation to work. Users should update to version 2 when they are able to take everything down, as it requires a clean break.
(StrOpt) Path to a Quobyte Client configuration file.
+
+
+
= $state_path/mnt
+
(StrOpt) Base dir containing the mount point for the Quobyte volume.
+
+
+
= True
+
(BoolOpt) Create volumes as QCOW2 files rather than raw files.
+
+
+
= True
+
(BoolOpt) Create volumes as sparse files which take no space. If set to False, volume is created as regular file.In such case volume creation takes a lot of time.
+
+
+
= None
+
(StrOpt) URL to the Quobyte volume e.g., quobyte://<DIR host>/<volume name>
List of directories to load filter definitions from (separated by ','). These directories MUST all be only writeable by root !
-
exec_dirs = /sbin,/usr/sbin,/bin,/usr/bin
+
= /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin
List of directories to search executables in, in case filters do not explicitely specify a full path (separated by ',') If not specified, defaults to system PATH environment variable. These directories MUST all be only writeable by root !
-
use_syslog = False
+
= False
Enable logging to syslog Default value is False
-
syslog_log_facility = syslog
+
= syslog
Which syslog facility to use. Valid values include auth, authpriv, syslog, local0, local1... Default value is 'syslog'
-
syslog_log_level = ERROR
+
= ERROR
Which messages to log. INFO means log all usage ERROR means only log unsuccessful attempts
(StrOpt) Mount options passed to the smbfs client. See mount.cifs man page for details.
-
smbfs_mount_point_base = $state_path/mnt
+
= $state_path/mnt
(StrOpt) Base dir containing mount points for smbfs shares.
-
smbfs_oversub_ratio = 1.0
+
= 1.0
(FloatOpt) This will compare the allocated to available space on the volume destination. If the ratio exceeds this number, the destination will no longer be valid.
-
smbfs_shares_config = /etc/cinder/smbfs_shares
+
= /etc/cinder/smbfs_shares
(StrOpt) File with the list of available smbfs shares.
-
smbfs_sparsed_volumes = True
+
= True
(BoolOpt) Create volumes as sparsed files which take no space rather than regular files when using raw format, in which case volume creation takes lot of time.
-
smbfs_used_ratio = 0.95
+
= 0.95
(FloatOpt) Percent of ACTUAL usage of the underlying volume before no new volumes can be allocated to the volume destination.
(StrOpt) Create SolidFire accounts with this prefix. Any string can be used here, but the string "hostname" is special and will create a prefix using the cinder node hostsname (previous default behavior). The default is NO prefix.
-
sf_allow_tenant_qos = False
+
= False
(BoolOpt) Allow tenants to specify QOS on create
-
sf_api_port = 443
+
= 443
(IntOpt) SolidFire API port. Useful if the device api is behind a proxy on a different port.
-
sf_emulate_512 = True
+
= True
(BoolOpt) Set 512 byte emulation on volume creation;
(FloatOpt) Multiplier used for weighing volume capacity. Negative numbers mean to stack vs spread.
-
capacity_weight_multiplier = 1.0
+
= 1.0
(FloatOpt) Multiplier used for weighing volume capacity. Negative numbers mean to stack vs spread.
-
enabled_backends = None
+
= None
(ListOpt) A list of backend names to use. These backend names should be backed by a unique [CONFIG] group with its options
-
iscsi_helper = tgtadm
+
= tgtadm
(StrOpt) iSCSI target user-land tool to use. tgtadm is default, use lioadm for LIO iSCSI support, iseradm for the ISER protocol, or fake for testing.
-
iscsi_iotype = fileio
+
= fileio
(StrOpt) Sets the behavior of the iSCSI target to either perform blockio or fileio optionally, auto can be set and Cinder will autodetect type of backing device
-
iscsi_ip_address = $my_ip
+
= $my_ip
(StrOpt) The IP address that the iSCSI daemon is listening on
-
iscsi_num_targets = 100
+
= 100
(IntOpt) The maximum number of iSCSI target IDs per host
-
iscsi_port = 3260
+
= 3260
(IntOpt) The port that the iSCSI daemon is listening on
-
iscsi_target_prefix = iqn.2010-10.org.openstack:
+
= iqn.2010-10.org.openstack:
(StrOpt) Prefix for iSCSI volumes
-
iscsi_write_cache = on
+
= on
(StrOpt) Sets the behavior of the iSCSI target to either perform write-back(on) or write-through(off). This parameter is valid if iscsi_helper is set to tgtadm or iseradm.
-
iser_helper = tgtadm
+
= tgtadm
(StrOpt) The name of the iSER target user-land tool to use
-
iser_ip_address = $my_ip
+
= $my_ip
(StrOpt) The IP address that the iSER daemon is listening on
-
iser_num_targets = 100
+
= 100
(IntOpt) The maximum number of iSER target IDs per host
-
iser_port = 3260
+
= 3260
(IntOpt) The port that the iSER daemon is listening on
(IntOpt) This configure option has been deprecated along with the SimpleScheduler. New scheduler is able to gather capacity information for each host, thus setting the maximum number of volume gigabytes for host is no longer needed. It's safe to remove this configure from cinder.conf.
-
migration_create_volume_timeout_secs = 300
+
= 300
(IntOpt) Timeout for creating the volume to migrate to when performing volume migration (seconds)
-
num_iser_scan_tries = 3
+
= 3
(IntOpt) The maximum number of times to rescan iSER targetto find volume
-
num_volume_device_scan_tries = 3
+
= 3
(IntOpt) The maximum number of times to rescan targets to find volume
-
volume_backend_name = None
+
= None
(StrOpt) The backend name for a given driver implementation
-
volume_clear = zero
+
= zero
(StrOpt) Method used to wipe old volumes (valid options are: none, zero, shred)
-
volume_clear_ionice = None
+
= None
(StrOpt) The flag to pass to ionice to alter the i/o priority of the process used to zero a volume after deletion, for example "-c3" for idle only priority.
-
volume_clear_size = 0
+
= 0
(IntOpt) Size in MiB to wipe at start of old volumes. 0 => all
(IntOpt) Timeout value (in seconds) used when connecting to ceph cluster. If value < 0, no timeout is set and default librados value is used.
-
rbd_ceph_conf =
+
=
(StrOpt) Path to the ceph configuration file
-
rbd_flatten_volume_from_snapshot = False
+
= False
(BoolOpt) Flatten volumes created from snapshots to remove dependency from volume to snapshot
-
rbd_max_clone_depth = 5
+
= 5
(IntOpt) Maximum number of nested volume clones that are taken before a flatten occurs. Set to 0 to disable cloning.
-
rbd_pool = rbd
+
= rbd
(StrOpt) The RADOS pool where rbd volumes are stored
-
rbd_secret_uuid = None
+
= None
(StrOpt) The libvirt uuid of the secret for the rbd_user volumes
-
rbd_store_chunk_size = 4
+
= 4
(IntOpt) Volumes will be chunked into objects of this size (in megabytes).
-
rbd_user = None
+
= None
(StrOpt) The RADOS client name for accessing rbd volumes - only set when using cephx authentication
-
volume_tmp_dir = None
-
(StrOpt) Directory where temporary image files are stored when the volume driver does not write them directly to the volume.
+
= None
+
(StrOpt) Directory where temporary image files are stored when the volume driver does not write them directly to the volume. Warning: this option is now deprecated, please use image_conversion_dir instead.
(StrOpt) File with the list of available gluster shares
-
glusterfs_sparsed_volumes = True
+
= True
(BoolOpt) Create volumes as sparsed files which take no space.If set to False volume is created as regular file.In such case volume creation takes a lot of time.
(StrOpt) Specifies the path of the Image service repository in GPFS. Leave undefined if not storing images in GPFS.
-
gpfs_images_share_mode = None
+
= None
(StrOpt) Specifies the type of image copy to be used. Set this when the Image service repository also uses GPFS so that image files can be transferred efficiently from the Image service to the Block Storage service. There are two valid values: "copy" specifies that a full copy of the image is made; "copy_on_write" specifies that copy-on-write optimization strategy is used and unmodified blocks of the image file are shared efficiently.
-
gpfs_max_clone_depth = 0
+
= 0
(IntOpt) Specifies an upper limit on the number of indirections required to reach a specific block due to snapshots or clones. A lengthy chain of copy-on-write snapshots or clones can have a negative impact on performance, but improves space utilization. 0 indicates unlimited clone depth.
-
gpfs_mount_point_base = None
+
= None
(StrOpt) Specifies the path of the GPFS directory where Block Storage volume and snapshot files are stored.
-
gpfs_sparse_volumes = True
+
= True
(BoolOpt) Specifies that volumes are created as sparse files which initially consume no space. If set to False, the volume is created as a fully allocated file, in which case, creation may take a significantly longer time.
-
gpfs_storage_pool = system
+
= system
(StrOpt) Specifies the storage pool that volumes are assigned to. By default, the system storage pool is used.
(IntOpt) The number of attempts to mount nfs shares before raising an error. At least one attempt will be made to mount an nfs share, regardless of the value specified.
+
+
+
= None
(StrOpt) Mount options passed to the nfs client. See section of the nfs man page for details.
-
nfs_mount_point_base = $state_path/mnt
+
= $state_path/mnt
(StrOpt) Base dir containing mount points for nfs shares.
-
nfs_oversub_ratio = 1.0
+
= 1.0
(FloatOpt) This will compare the allocated to available space on the volume destination. If the ratio exceeds this number, the destination will no longer be valid.
-
nfs_shares_config = /etc/cinder/nfs_shares
+
= /etc/cinder/nfs_shares
(StrOpt) File with the list of available nfs shares
-
nfs_sparsed_volumes = True
+
= True
(BoolOpt) Create volumes as sparsed files which take no space.If set to False volume is created as regular file.In such case volume creation takes a lot of time.
-
nfs_used_ratio = 0.95
+
= 0.95
(FloatOpt) Percent of ACTUAL usage of the underlying volume before no new volumes can be allocated to the volume destination.
(IntOpt) The default StorPool chain replication value. Used when creating a volume with no specified type if storpool_template is not set. Also used for calculating the apparent free space reported in the stats.
+
+
+
= None
+
(StrOpt) The StorPool template for volumes with no type.
(IntOpt) Maximum number of seconds to wait for FlashCopy to be prepared. Maximum value is 600 seconds (10 minutes)
-
storwize_svc_iscsi_chap_enabled = True
+
= True
(BoolOpt) Configure CHAP authentication for iSCSI connections (Default: Enabled)
-
storwize_svc_multihostmap_enabled = True
+
= True
(BoolOpt) Allows vdisk to multi host mapping
-
storwize_svc_multipath_enabled = False
+
= False
(BoolOpt) Connect with multipath (FC only; iSCSI multipath is controlled by Nova)
-
storwize_svc_npiv_compatibility_mode = False
+
= False
(BoolOpt) Indicate whether svc driver is compatible for NPIV setup. If it is compatible, it will allow no wwpns being returned on get_conn_fc_wwpns during initialize_connection
-
storwize_svc_stretched_cluster_partner = None
+
= None
(StrOpt) If operating in stretched cluster mode, specify the name of the pool in which mirrored copies are stored.Example: "pool2"
-
storwize_svc_vol_autoexpand = True
+
= True
(BoolOpt) Storage system autoexpand parameter for volumes (True/False)
-
storwize_svc_vol_compression = False
+
= False
(BoolOpt) Storage system compression option for volumes
-
storwize_svc_vol_easytier = True
+
= True
(BoolOpt) Enable Easy Tier for volumes
-
storwize_svc_vol_grainsize = 256
+
= 256
(IntOpt) Storage system grain size parameter for volumes (32/64/128/256)
-
storwize_svc_vol_iogrp = 0
+
= 0
(IntOpt) The I/O group in which to allocate volumes
-
storwize_svc_vol_rsize = 2
+
= 2
(IntOpt) Storage system space-efficiency parameter for volumes (percentage)
-
storwize_svc_vol_warning = 0
+
= 0
(IntOpt) Storage system threshold for volume capacity warnings (percentage)
(IntOpt) Number of times VMware ESX/VC server API must be retried upon connection related issues.
-
vmware_host_ip = None
+
= None
(StrOpt) IP address for connecting to VMware ESX/VC server.
-
vmware_host_password = None
+
= None
(StrOpt) Password for authenticating with VMware ESX/VC server.
-
vmware_host_username = None
+
= None
(StrOpt) Username for authenticating with VMware ESX/VC server.
-
vmware_host_version = None
+
= None
(StrOpt) Optional string specifying the VMware VC server version. The driver attempts to retrieve the version from VMware VC server. Set this configuration only if you want to override the VC server version.
-
vmware_image_transfer_timeout_secs = 7200
+
= 7200
(IntOpt) Timeout in seconds for VMDK volume transfer between Cinder and Glance.
-
vmware_max_objects_retrieval = 100
+
= 100
(IntOpt) Max number of objects to be retrieved per batch. Query results will be obtained in batches from the server and not in one shot. Server may still limit the count to something less than the configured value.
-
vmware_task_poll_interval = 0.5
+
= 0.5
(FloatOpt) The interval (in seconds) for polling remote tasks invoked on VMware ESX/VC server.
-
vmware_tmp_dir = /tmp
+
= /tmp
(StrOpt) Directory where virtual disks are stored during volume backup and restore.
-
vmware_volume_folder = cinder-volumes
+
= cinder-volumes
(StrOpt) Name for the folder in the VC datacenter that will contain cinder volumes.
-
vmware_wsdl_location = None
+
= None
(StrOpt) Optional VIM service WSDL Location e.g http://<server>/vimService.wsdl. Optional over-ride to default location for bug work-arounds.
(StrOpt) Comma separated list of fibre channel fabric names. This list of names is used to retrieve other SAN credentials for connecting to each SAN fabric
(StrOpt) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
-
default_publisher_id = image.localhost
+
= image.localhost
(StrOpt) Default publisher_id for outgoing notifications.
-
notification_driver = []
+
= []
(MultiStrOpt) Driver or drivers to handle sending notifications.
-
notification_topics = notifications
+
= notifications
(ListOpt) AMQP topic used for OpenStack notifications.
-
transport_url = None
+
= None
(StrOpt) A URL representing the messaging driver to use and its full configuration. If not set, we fall back to the rpc_backend option and driver specific configuration.
(StrOpt) Role used to identify an authenticated user as administrator.
-
allow_anonymous_access = False
+
= False
(BoolOpt) Allow unauthenticated users to access the API with read-only privileges. This only applies when using ContextMiddleware.
-
enable_v1_api = True
+
= True
(BoolOpt) Deploy the v1 OpenStack Images API.
-
enable_v1_registry = True
+
= True
(BoolOpt) Deploy the v1 OpenStack Registry API.
-
enable_v2_api = True
+
= True
(BoolOpt) Deploy the v2 OpenStack Images API.
-
enable_v2_registry = True
+
= True
(BoolOpt) Deploy the v2 OpenStack Registry API.
-
eventlet_hub = poll
-
(StrOpt) Name of eventlet hub to use. Traditionally, we have only supported 'poll', however 'selects' may be appropriate for some platforms. See http://eventlet.net/doc/hubs.html for more details.
-
-
-
image_size_cap = 1099511627776
+
= 1099511627776
(IntOpt) Maximum size of image a user can upload in bytes. Defaults to 1099511627776 bytes (1 TB).
-
location_strategy = location_order
+
= location_order
(StrOpt) This value sets what strategy will be used to determine the image location order. Currently two strategies are packaged with Glance 'location_order' and 'store_type'.
-
max_header_line = 16384
+
= 16384
(IntOpt) Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs
-
owner_is_tenant = True
+
= True
(BoolOpt) When true, this option sets the owner of an image to be the tenant. Otherwise, the owner of the image will be the authenticated user issuing the request.
-
send_identity_headers = False
+
= None
+
(StrOpt) Public url to use for versions endpoint. The default is None, which will use the request's host_url attribute to populate the URL base. If Glance is operating behind a proxy, you will want to change this to represent the proxy's URL.
+
+
+
= False
(BoolOpt) Whether to pass through headers containing user and tenant information when making requests to the registry. This allows the registry to use the context middleware without keystonemiddleware's auth_token middleware, removing calls to the keystone auth service. It is recommended that when using this option, secure communication between glance api and glance registry is ensured by means other than auth_token middleware.
-
show_multiple_locations = False
+
= False
(BoolOpt) Whether to include the backend image locations in image properties. Revealing storage location can be a security risk, so use this setting with caution! The overrides show_image_direct_url.
-
tcp_keepidle = 600
+
= 600
(IntOpt) The value for the socket option TCP_KEEPIDLE. This is the time in seconds that the connection must be idle before TCP starts sending keepalive probes.
-
use_user_token = True
+
= True
(BoolOpt) Whether to pass through the user token when making requests to the registry.
[glance_store]
-
default_store = file
+
= file
(StrOpt) Default scheme to use to store image data. The scheme must be registered by one of the stores defined by the 'stores' config option.
-
stores = file, http
+
= file, http
(ListOpt) List of stores enabled
[paste_deploy]
-
config_file = None
+
= None
(StrOpt) Name of the paste configuration file.
-
flavor = None
+
= None
(StrOpt) Partial name of a pipeline in your paste configuration file with the service name removed. For example, if your paste section name is [pipeline:glance-api-keystone] use the value "keystone"
[store_type_location_strategy]
-
store_type_preference =
+
=
(ListOpt) The store names to use to get store preference order. The name must be registered by one of the stores defined by the 'known_stores' config option. This option will be applied when you using 'store_type' option as image location strategy defined by the 'location_strategy' config option.
(StrOpt) Keystone service account tenant name to validate user tokens
-
admin_token = None
+
= None
(StrOpt) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
-
admin_user = None
+
= None
(StrOpt) Keystone account username
-
auth_admin_prefix =
+
=
(StrOpt) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
-
auth_host = 127.0.0.1
+
= 127.0.0.1
(StrOpt) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_port = 35357
+
= 35357
(IntOpt) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_protocol = https
+
= https
(StrOpt) Protocol of the admin Identity API endpoint (http or https). Deprecated, use identity_uri.
-
auth_uri = None
+
= None
(StrOpt) Complete public Identity API endpoint
-
auth_version = None
+
= None
(StrOpt) API version of the admin Identity API endpoint
-
cache = None
+
= None
(StrOpt) Env key for the swift cache
-
cafile = None
+
= None
(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
-
certfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
check_revocations_for_cached = False
+
= False
(BoolOpt) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the Keystone server.
-
delay_auth_decision = False
+
= False
(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components
-
enforce_token_bind = permissive
+
= permissive
(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
-
hash_algorithms = md5
+
= md5
(ListOpt) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
-
http_connect_timeout = None
+
= None
(BoolOpt) Request timeout value for communicating with Identity API server.
-
http_request_max_retries = 3
+
= 3
(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.
-
identity_uri = None
+
= None
(StrOpt) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
-
include_service_catalog = True
+
= True
(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
-
insecure = False
+
= False
(BoolOpt) Verify HTTPS connections.
-
keyfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
memcache_secret_key = None
+
= None
(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.
-
memcache_security_strategy = None
+
= None
(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
-
revocation_cache_time = 10
+
= 10
(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
-
signing_dir = None
+
= None
(StrOpt) Directory used to cache files related to PKI tokens
-
token_cache_time = 300
+
= 300
(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
(BoolOpt) Allow to perform insecure SSL requests to cinder
-
cinder_ca_certificates_file = None
+
= None
(StrOpt) Location of ca certicates file to use for cinder client requests.
-
cinder_catalog_info = volume:cinder:publicURL
+
= volume:cinder:publicURL
(StrOpt) Info to match when looking for cinder in the service catalog. Format is : separated values of the form: <service_type>:<service_name>:<endpoint_type>
-
cinder_endpoint_template = None
+
= None
(StrOpt) Override service catalog lookup with template for cinder endpoint e.g. http://localhost:8776/v1/%(project_id)s
-
cinder_http_retries = 3
+
= 3
(IntOpt) Number of cinderclient retries on failed http calls
(BoolOpt) Whether to allow users to specify image properties beyond what the image schema provides
-
api_limit_max = 1000
+
= 1000
(IntOpt) Maximum permissible number of items that could be returned by a request
-
backlog = 4096
+
= 4096
(IntOpt) The backlog value that will be used when creating the TCP listener socket.
-
bind_host = 0.0.0.0
+
= 0.0.0.0
(StrOpt) Address to bind the server. Useful when selecting a particular network interface.
-
bind_port = None
+
= None
(IntOpt) The port on which the server will listen.
-
data_api = glance.db.sqlalchemy.api
+
= glance.db.sqlalchemy.api
(StrOpt) Python module path of data access API
-
image_location_quota = 10
+
= 10
(IntOpt) Maximum number of locations allowed on an image. Negative values evaluate to unlimited.
-
image_member_quota = 128
+
= 128
(IntOpt) Maximum number of image members per image. Negative values evaluate to unlimited.
-
image_property_quota = 128
+
= 128
(IntOpt) Maximum number of properties allowed on an image. Negative values evaluate to unlimited.
-
image_tag_quota = 128
+
= 128
(IntOpt) Maximum number of tags allowed on an image. Negative values evaluate to unlimited.
-
limit_param_default = 25
+
= 25
(IntOpt) Default value for the number of items returned by a request if not specified explicitly in the request
-
lock_path = None
-
(StrOpt) Directory to use for lock files.
-
-
-
memcached_servers = None
+
= None
(ListOpt) Memcached servers or None for in process cache.
-
metadata_encryption_key = None
+
= None
(StrOpt) Key used for encrypting sensitive metadata while talking to the registry or database.
-
metadata_source_path = /etc/glance/metadefs/
+
= /etc/glance/metadefs/
(StrOpt) Path to the directory where json metadata files are stored
-
property_protection_file = None
+
= None
(StrOpt) The location of the property protection file.
-
property_protection_rule_format = roles
+
= roles
(StrOpt) This config value indicates whether "roles" or "policies" are used in the property protection file.
-
show_image_direct_url = False
+
= False
(BoolOpt) Whether to include the backend image storage location in image properties. Revealing storage location can be a security risk, so use this setting with caution!
-
user_storage_quota = 0
-
(StrOpt) Set a system wide quota for every user. This value is the total capacity that a user can use across all storage systems. A value of 0 means unlimited.Optional unit can be specified for the value. Accepted units are B, KB, MB, GB and TB representing Bytes, KiloBytes, MegaBytes, GigaBytes and TeraBytesrespectively. If no unit is specified then Bytes is assumed. Note that there should not be any space between value and unit and units are case sensitive.
+
= 0
+
(StrOpt) Set a system wide quota for every user. This value is the total capacity that a user can use across all storage systems. A value of 0 means unlimited.Optional unit can be specified for the value. Accepted units are B, KB, MB, GB and TB representing Bytes, KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no unit is specified then Bytes is assumed. Note that there should not be any space between value and unit and units are case sensitive.
-
workers = 4
+
= 8
(IntOpt) The number of child process workers that will be created to service requests. The default will be equal to the number of CPUs available.
[glance_store]
-
os_region_name = None
+
= None
(StrOpt) Region name of this node
[image_format]
-
container_formats = ami, ari, aki, bare, ovf, ova
+
= ami, ari, aki, bare, ovf, ova
(ListOpt) Supported values for the 'container_format' image attribute
(ListOpt) Supported values for the 'disk_format' image attribute
[keystone_authtoken]
-
memcached_servers = None
+
= None
(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
[task]
-
eventlet_executor_pool_size = 1000
+
= 1000
(IntOpt) Specifies the maximum number of eventlet threads which can be spun up by the eventlet based task executor to perform execution of Glance tasks.
-
task_executor = eventlet
+
= eventlet
(StrOpt) Specifies which task executor to be used to run the task scripts.
-
task_time_to_live = 48
+
= 48
(IntOpt) Time in hours for which a task lives after, either succeeding or failing
(BoolOpt) DEPRECATED. TO BE REMOVED IN THE JUNO RELEASE. Whether or not to enforce that all DB tables have charset utf8. If your database tables do not have charset utf8 you will need to convert before this option is removed. This option is only relevant if your database engine is MySQL.
[database]
-
backend = sqlalchemy
+
= sqlalchemy
(StrOpt) The back end to use for the database.
-
connection = None
+
= None
(StrOpt) The SQLAlchemy connection string to use to connect to the database.
-
connection_debug = 0
+
= 0
(IntOpt) Verbosity of SQL debugging information: 0=None, 100=Everything.
-
connection_trace = False
+
= False
(BoolOpt) Add Python stack traces to SQL as comment strings.
-
db_inc_retry_interval = True
+
= True
(BoolOpt) If True, increases the interval between database connection retries up to db_max_retry_interval.
-
db_max_retries = 20
+
= 20
(IntOpt) Maximum database connection retries before error is raised. Set to -1 to specify an infinite retry count.
-
db_max_retry_interval = 10
+
= 10
(IntOpt) If db_inc_retry_interval is set, the maximum seconds between database connection retries.
-
db_retry_interval = 1
+
= 1
(IntOpt) Seconds between database connection retries.
-
idle_timeout = 3600
+
= 3600
(IntOpt) Timeout before idle SQL connections are reaped.
-
max_overflow = None
+
= None
(IntOpt) If set, use this value for max_overflow with SQLAlchemy.
-
max_pool_size = None
+
= None
(IntOpt) Maximum number of SQL connections to keep open in a pool.
-
max_retries = 10
-
(IntOpt) Maximum db connection retries during startup. Set to -1 to specify an infinite retry count.
+
= 10
+
(IntOpt) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
-
min_pool_size = 1
+
= 1
(IntOpt) Minimum number of SQL connections to keep open in a pool.
-
mysql_sql_mode = TRADITIONAL
+
= TRADITIONAL
(StrOpt) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
pool_timeout = None
+
= None
(IntOpt) If set, use this value for pool_timeout with SQLAlchemy.
-
retry_interval = 10
+
= 10
(IntOpt) Interval between retries of opening a SQL connection.
-
slave_connection = None
+
= None
(StrOpt) The SQLAlchemy connection string to use to connect to the slave database.
-
sqlite_db = oslo.sqlite
+
= oslo.sqlite
(StrOpt) The file name to use with SQLite.
-
sqlite_synchronous = True
+
= True
(BoolOpt) If True, SQLite uses synchronous mode.
-
use_db_reconnect = False
+
= False
(BoolOpt) Enable the experimental use of database reconnect on connection lost.
(StrOpt) Directory to which the Filesystem backend store writes images.
-
filesystem_store_datadirs = None
+
= None
(MultiStrOpt) List of directories and its priorities to which the Filesystem backend store writes images.
-
filesystem_store_file_perm = 0
+
= 0
(IntOpt) The required permission for created image file. In this way the user other service used, e.g. Nova, who consumes the image could be the exclusive member of the group that owns the files created. Assigning it less then or equal to zero means don't change the default permission of the file. This value will be decoded as an octal digit.
-
filesystem_store_metadata_file = None
+
= None
(StrOpt) The path to a file which contains the metadata to be returned with any location associated with this store. The file must contain a valid JSON dict.
(StrOpt) Hostname or IP address of the instance to connect to, or a mongodb URI, or a list of hostnames / mongodb URIs. If host is an IPv6 literal it must be enclosed in '[' and ']' characters following the RFC2732 URL syntax (e.g. '[::1]' for localhost)
(BoolOpt) A boolean that determines if the scrubber should clean up the files it uses for taking data. Only one server in your deployment should be designated the cleanup host.
-
cleanup_scrubber_time = 86400
+
= 86400
(IntOpt) Items must have a modified time that is older than this value in order to be candidates for cleanup.
-
delayed_delete = False
+
= False
(BoolOpt) Turn on/off delayed delete.
-
image_cache_dir = None
+
= None
(StrOpt) Base directory that the Image Cache uses.
-
image_cache_driver = sqlite
+
= sqlite
(StrOpt) The driver to use for image cache management.
-
image_cache_max_size = 10737418240
+
= 10737418240
(IntOpt) The maximum size in bytes that the cache can use.
-
image_cache_sqlite_db = cache.db
+
= cache.db
(StrOpt) The path to the sqlite file database that will be used for image cache management.
-
image_cache_stall_time = 86400
+
= 86400
(IntOpt) The amount of time to let an image remain in the cache without being accessed.
-
scrub_time = 0
+
= 0
(IntOpt) The amount of time in seconds to delay before performing a delete.
-
scrubber_datadir = /var/lib/glance/scrubber
+
= /var/lib/glance/scrubber
(StrOpt) Directory that the scrubber will use to track information about what to delete. Make sure this is set in glance-api.conf and glance-scrubber.conf.
(BoolOpt) Enables or disables fatal status of deprecations.
-
instance_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance that is passed with the log message.
-
instance_uuid_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance UUID that is passed with the log message.
-
log_config_append = None
+
= None
(StrOpt) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation.
-
log_date_format = %Y-%m-%d %H:%M:%S
+
= %Y-%m-%d %H:%M:%S
(StrOpt) Format string for %%(asctime)s in log records. Default: %(default)s .
-
log_dir = None
+
= None
(StrOpt) (Optional) The base directory used for relative --log-file paths.
-
log_file = None
+
= None
(StrOpt) (Optional) Name of log file to output to. If no default is set, logging will go to stdout.
-
log_format = None
+
= None
(StrOpt) DEPRECATED. A logging.Formatter log message format string which may use any of the available logging.LogRecord attributes. This option is deprecated. Please use logging_context_format_string and logging_default_format_string instead.
(StrOpt) Prefix each line of exception output with this format.
-
publish_errors = False
+
= False
(BoolOpt) Enables or disables publication of error events.
-
syslog_log_facility = LOG_USER
+
= LOG_USER
(StrOpt) Syslog facility to receive log lines.
-
use_stderr = True
+
= True
(BoolOpt) Log output to standard error.
-
use_syslog = False
+
= False
(BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED during I, and will change in J to honor RFC5424.
-
use_syslog_rfc_format = False
+
= False
(BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in I, and will be removed in J.
-
verbose = False
+
= False
(BoolOpt) Print more verbose output (set logging level to INFO instead of default WARNING level).
(StrOpt) Default rule. Enforced when a requested rule is not found.
-
policy_file = policy.json
-
(StrOpt) The location of the policy file.
+
= ['policy.d']
+
(MultiStrOpt) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched.
(IntOpt) Seconds between connection keepalive heartbeats.
-
qpid_hostname = localhost
+
= localhost
(StrOpt) Qpid broker hostname.
-
qpid_hosts = $qpid_hostname:$qpid_port
+
= $qpid_hostname:$qpid_port
(ListOpt) Qpid HA cluster host:port pairs.
-
qpid_password =
+
=
(StrOpt) Password for Qpid connection.
-
qpid_port = 5672
+
= 5672
(IntOpt) Qpid broker port.
-
qpid_protocol = tcp
+
= tcp
(StrOpt) Transport to use, either 'tcp' or 'ssl'.
-
qpid_receiver_capacity = 1
+
= 1
(IntOpt) The number of prefetched messages held by receiver.
-
qpid_sasl_mechanisms =
+
=
(StrOpt) Space separated list of SASL mechanisms to use for auth.
-
qpid_tcp_nodelay = True
+
= True
(BoolOpt) Whether to disable the Nagle algorithm.
-
qpid_topology_version = 1
+
= 1
(IntOpt) The qpid topology version to use. Version 1 is what was originally used by impl_qpid. Version 2 includes some backwards-incompatible changes that allow broker federation to work. Users should update to version 2 when they are able to take everything down, as it requires a clean break.
(StrOpt) Ceph configuration file path. If <None>, librados will locate the default config. If using cephx authentication, this file should include a reference to the right keyring in a client.<USER> section
-
rbd_store_chunk_size = 8
+
= 8
(IntOpt) RADOS images will be chunked into objects of this size (in megabytes). For best performance, this should be a power of two.
-
rbd_store_pool = images
+
= images
(StrOpt) RADOS pool in which images are stored.
-
rbd_store_user = None
+
= None
(StrOpt) RADOS user to authenticate as (only applicable if using Cephx. If <None>, a default will be chosen based on the client. section in rbd_store_ceph_conf)
(StrOpt) The reference to the default swift account/backing store parameters to use for adding new images.
-
swift_store_auth_address = None
+
= None
(StrOpt) The address where the Swift authentication service is listening.(deprecated)
-
swift_store_config_file = None
+
= None
(StrOpt) The config file that has the swift account(s)configs.
-
swift_store_key = None
+
= None
(StrOpt) Auth key for the user authenticating against the Swift authentication service. (deprecated)
-
swift_store_user = None
+
= None
(StrOpt) The user to authenticate against the Swift authentication service (deprecated)
[glance_store]
-
default_swift_reference = ref1
+
= ref1
(StrOpt) The reference to the default swift account/backing store parameters to use for adding new images.
-
swift_enable_snet = False
+
= False
(BoolOpt) Whether to use ServiceNET to communicate with the Swift storage servers.
-
swift_store_admin_tenants =
+
=
(ListOpt) A list of tenants that will be granted read/write access on all Swift containers created by Glance in multi-tenant mode.
-
swift_store_auth_address = None
+
= None
(StrOpt) The address where the Swift authentication service is listening.(deprecated)
-
swift_store_auth_insecure = False
+
= False
(BoolOpt) If True, swiftclient won't check for a valid SSL certificate when authenticating.
-
swift_store_auth_version = 2
+
= 2
(StrOpt) Version of the authentication service to use. Valid versions are 2 for keystone and 1 for swauth and rackspace. (deprecated)
-
swift_store_config_file = None
+
= None
(StrOpt) The config file that has the swift account(s)configs.
-
swift_store_container = glance
+
= glance
(StrOpt) Container within the account that the account should use for storing images in Swift.
-
swift_store_create_container_on_put = False
+
= False
(BoolOpt) A boolean value that determines if we create the container if it does not exist.
-
swift_store_endpoint_type = publicURL
+
= publicURL
(StrOpt) A string giving the endpoint type of the swift service to use (publicURL, adminURL or internalURL). This setting is only used if swift_store_auth_version is 2.
-
swift_store_key = None
+
= None
(StrOpt) Auth key for the user authenticating against the Swift authentication service. (deprecated)
-
swift_store_large_object_chunk_size = 200
+
= 200
(IntOpt) The amount of data written to a temporary disk buffer during the process of chunking the image file.
-
swift_store_large_object_size = 5120
+
= 5120
(IntOpt) The size, in MB, that Glance will start chunking image files and do a large object manifest in Swift.
-
swift_store_multi_tenant = False
+
= False
(BoolOpt) If set to True, enables multi-tenant storage mode which causes Glance images to be stored in tenant specific Swift accounts.
-
swift_store_region = None
+
= None
(StrOpt) The region of the swift endpoint to be used for single tenant. This setting is only necessary if the tenant has multiple swift endpoints.
-
swift_store_retry_get_count = 0
+
= 0
(IntOpt) The number of times a Swift download will be retried before the request fails.
-
swift_store_service_type = object-store
+
= object-store
(StrOpt) A string giving the service type of the swift service to use. This setting is only used if swift_store_auth_version is 2.
-
swift_store_ssl_compression = True
+
= True
(BoolOpt) If set to False, disables SSL layer compression of https swift requests. Setting to False may improve performance for images which are already in a compressed format, eg qcow2.
-
swift_store_user = None
+
= None
(StrOpt) The user to authenticate against the Swift authentication service (deprecated)
(BoolOpt) Allow to perform insecure SSL requests to ESX/VC.
-
vmware_api_retry_count = 10
+
= 10
(IntOpt) Number of times VMware ESX/VC server API must be retried upon connection related issues.
-
vmware_datacenter_path = ha-datacenter
+
= ha-datacenter
(StrOpt) Inventory path to a datacenter. If the vmware_server_host specified is an ESX/ESXi, the vmware_datacenter_path is optional. If specified, it should be "ha-datacenter".
-
vmware_datastore_name = None
+
= None
(StrOpt) Datastore associated with the datacenter.
-
vmware_server_host = None
+
= None
(StrOpt) ESX/ESXi or vCenter Server target system. The server value can be an IP address or a DNS name.
-
vmware_server_password = None
+
= None
(StrOpt) Password for authenticating with VMware ESX/VC server.
-
vmware_server_username = None
+
= None
(StrOpt) Username for authenticating with VMware ESX/VC server.
-
vmware_store_image_dir = /openstack_glance
+
= /openstack_glance
(StrOpt) The name of the directory where the glance images will be stored in the VMware datastore.
-
vmware_task_poll_interval = 5
+
= 5
(IntOpt) The interval used for polling remote tasks invoked on VMware ESX/VC server.
(StrOpt) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
-
default_notification_level = INFO
+
= INFO
(StrOpt) Default notification level for outgoing notifications.
-
default_publisher_id = None
+
= None
(StrOpt) Default publisher_id for outgoing notifications.
-
list_notifier_drivers = None
+
= None
(MultiStrOpt) List of drivers to send notifications (DEPRECATED).
-
notification_driver = []
+
= []
(MultiStrOpt) Driver or drivers to handle sending notifications.
-
notification_topics = notifications
+
= notifications
(ListOpt) AMQP topic used for OpenStack notifications.
-
transport_url = None
+
= None
(StrOpt) A URL representing the messaging driver to use and its full configuration. If not set, we fall back to the rpc_backend option and driver specific configuration.
(IntOpt) Number of times to retry to bring a resource to a non-error state. Set to 0 to disable retries.
-
enable_stack_abandon = False
+
= False
(BoolOpt) Enable the preview Stack Abandon feature.
-
enable_stack_adopt = False
+
= False
(BoolOpt) Enable the preview Stack Adopt feature.
-
heat_metadata_server_url =
+
=
(StrOpt) URL of the Heat metadata server.
-
heat_stack_user_role = heat_stack_user
+
= heat_stack_user
(StrOpt) Keystone role for heat template-defined users.
-
heat_waitcondition_server_url =
+
=
(StrOpt) URL of the Heat waitcondition server.
-
heat_watch_server_url =
+
=
(StrOpt) URL of the Heat CloudWatch server.
-
max_json_body_size = 1048576
+
= 1048576
(IntOpt) Maximum raw byte size of JSON request body. Should be larger than max_template_size.
-
num_engine_workers = 1
+
= 1
(IntOpt) Number of heat-engine processes to fork and run.
-
policy_default_rule = default
+
= default
(StrOpt) Default rule. Enforced when a requested rule is not found.
-
policy_file = policy.json
+
= ['policy.d']
+
(MultiStrOpt) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched.
+
+
+
= policy.json
(StrOpt) The JSON file that defines policies.
-
secure_proxy_ssl_header = X-Forwarded-Proto
+
= X-Forwarded-Proto
(StrOpt) The HTTP Header that will be used to determine which the original request protocol scheme was, even if it was removed by an SSL terminator proxy.
-
stack_action_timeout = 3600
+
= 3600
(IntOpt) Timeout in seconds for stack action (ie. create or update).
-
stack_domain_admin = None
+
= None
(StrOpt) Keystone username, a user with roles sufficient to manage users and projects in the stack_user_domain.
-
stack_domain_admin_password = None
+
= None
(StrOpt) Keystone password for stack_domain_admin user.
-
stack_user_domain_id = None
+
= None
(StrOpt) Keystone domain ID which contains heat template-defined users. If this option is set, stack_user_domain_name option will be ignored.
-
stack_user_domain_name = None
+
= None
(StrOpt) Keystone domain name which contains heat template-defined users. If `stack_user_domain_id` option is set, this option is ignored.
-
trusts_delegated_roles = heat_stack_owner
-
(ListOpt) Subset of trustor roles to be delegated to heat.
+
=
+
(ListOpt) Subset of trustor roles to be delegated to heat. If left unset, all roles of a user will be delegated to heat when creating a stack.
[auth_password]
-
allowed_auth_uris =
+
=
(ListOpt) Allowed keystone endpoints for auth_uri when multi_cloud is enabled. At least one endpoint needs to be specified.
-
multi_cloud = False
+
= False
(BoolOpt) Allow orchestration of multiple clouds.
[ec2authtoken]
-
allowed_auth_uris =
+
=
(ListOpt) Allowed keystone endpoints for auth_uri when multi_cloud is enabled. At least one endpoint needs to be specified.
-
auth_uri = None
+
= None
(StrOpt) Authentication Endpoint URI.
-
multi_cloud = False
+
= False
(BoolOpt) Allow orchestration of multiple clouds.
[heat_api]
-
backlog = 4096
+
= 4096
(IntOpt) Number of backlog requests to configure the socket with.
-
bind_host = 0.0.0.0
+
= 0.0.0.0
(StrOpt) Address to bind the server. Useful when selecting a particular network interface.
-
bind_port = 8004
+
= 8004
(IntOpt) The port on which the server will listen.
-
cert_file = None
+
= None
(StrOpt) Location of the SSL certificate file to use for SSL mode.
-
key_file = None
+
= None
(StrOpt) Location of the SSL key file to use for enabling SSL mode.
-
max_header_line = 16384
+
= 16384
(IntOpt) Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs).
-
workers = 0
+
= 0
(IntOpt) Number of workers for Heat service.
[paste_deploy]
-
api_paste_config = api-paste.ini
+
= api-paste.ini
(StrOpt) The API paste config file to use.
-
flavor = None
+
= None
(StrOpt) The flavor to use.
-
-
[ssl]
-
-
-
ca_file = None
-
(StrOpt) CA certificate file to use to verify connecting clients.
-
-
-
cert_file = None
-
(StrOpt) Certificate file to use when starting the server securely.
-
-
-
key_file = None
-
(StrOpt) Private key file to use when starting the server securely.
(StrOpt) Keystone service account tenant name to validate user tokens
-
admin_token = None
+
= None
(StrOpt) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
-
admin_user = None
+
= None
(StrOpt) Keystone account username
-
auth_admin_prefix =
+
=
(StrOpt) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
-
auth_host = 127.0.0.1
+
= 127.0.0.1
(StrOpt) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_port = 35357
+
= 35357
(IntOpt) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_protocol = https
+
= https
(StrOpt) Protocol of the admin Identity API endpoint (http or https). Deprecated, use identity_uri.
-
auth_uri = None
+
= None
(StrOpt) Complete public Identity API endpoint
-
auth_version = None
+
= None
(StrOpt) API version of the admin Identity API endpoint
-
cache = None
+
= None
(StrOpt) Env key for the swift cache
-
cafile = None
+
= None
(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
-
certfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
check_revocations_for_cached = False
+
= False
(BoolOpt) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the Keystone server.
-
delay_auth_decision = False
+
= False
(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components
-
enforce_token_bind = permissive
+
= permissive
(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
-
hash_algorithms = md5
+
= md5
(ListOpt) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
-
http_connect_timeout = None
+
= None
(BoolOpt) Request timeout value for communicating with Identity API server.
-
http_request_max_retries = 3
+
= 3
(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.
-
identity_uri = None
+
= None
(StrOpt) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
-
include_service_catalog = True
+
= True
(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
-
insecure = False
+
= False
(BoolOpt) Verify HTTPS connections.
-
keyfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
memcache_secret_key = None
+
= None
(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.
-
memcache_security_strategy = None
+
= None
(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
-
revocation_cache_time = 10
+
= 10
(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
-
signing_dir = None
+
= None
(StrOpt) Directory used to cache files related to PKI tokens
-
token_cache_time = 300
+
= 300
(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
(StrOpt) Instance connection to CFN/CW API validate certs if SSL is used.
-
instance_connection_is_secure = 0
+
= 0
(StrOpt) Instance connection to CFN/CW API via https.
[heat_api_cfn]
-
backlog = 4096
+
= 4096
(IntOpt) Number of backlog requests to configure the socket with.
-
bind_host = 0.0.0.0
+
= 0.0.0.0
(StrOpt) Address to bind the server. Useful when selecting a particular network interface.
-
bind_port = 8000
+
= 8000
(IntOpt) The port on which the server will listen.
-
cert_file = None
+
= None
(StrOpt) Location of the SSL certificate file to use for SSL mode.
-
key_file = None
+
= None
(StrOpt) Location of the SSL key file to use for enabling SSL mode.
-
max_header_line = 16384
+
= 16384
(IntOpt) Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs).
-
workers = 0
+
= 0
(IntOpt) Number of workers for Heat service.
-
-
[ssl]
-
-
-
ca_file = None
-
(StrOpt) CA certificate file to use to verify connecting clients.
-
-
-
cert_file = None
-
(StrOpt) Certificate file to use when starting the server securely.
-
-
-
key_file = None
-
(StrOpt) Private key file to use when starting the server securely.
(BoolOpt) Enable the legacy OS::Heat::CWLiteAlarm resource.
-
heat_watch_server_url =
+
=
(StrOpt) URL of the Heat CloudWatch server.
[heat_api_cloudwatch]
-
backlog = 4096
+
= 4096
(IntOpt) Number of backlog requests to configure the socket with.
-
bind_host = 0.0.0.0
+
= 0.0.0.0
(StrOpt) Address to bind the server. Useful when selecting a particular network interface.
-
bind_port = 8003
+
= 8003
(IntOpt) The port on which the server will listen.
-
cert_file = None
+
= None
(StrOpt) Location of the SSL certificate file to use for SSL mode.
-
key_file = None
+
= None
(StrOpt) Location of the SSL key file to use for enabling SSL mode.
-
max_header_line = 16384
+
= 16384
(IntOpt) Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs.)
-
workers = 0
+
= 0
(IntOpt) Number of workers for Heat service.
-
-
[ssl]
-
-
-
ca_file = None
-
(StrOpt) CA certificate file to use to verify connecting clients.
-
-
-
cert_file = None
-
(StrOpt) Certificate file to use when starting the server securely.
-
-
-
key_file = None
-
(StrOpt) Private key file to use when starting the server securely.
(StrOpt) Select deferred auth method, stored password or trusts.
-
environment_dir = /etc/heat/environment.d
+
= /etc/heat/environment.d
(StrOpt) The directory to search for environment files.
-
event_purge_batch_size = 10
+
= 240
+
(IntOpt) Error wait time in seconds for stack action (ie. create or update).
+
+
+
= 10
(IntOpt) Controls how many events will be pruned whenever a stack's events exceed max_events_per_stack. Set this lower to keep more events at the expense of more frequent purges.
-
host = localhost
+
= localhost
(StrOpt) Name of the engine node. This can be an opaque identifier. It is not necessarily a hostname, FQDN, or IP address.
-
instance_driver = heat.engine.nova
+
= heat.engine.nova
(StrOpt) Driver to use for controlling instances.
-
instance_user = ec2-user
+
= ec2-user
(StrOpt) The default user for new instances. This option is deprecated and will be removed in the Juno release. If it's empty, Heat will use the default user set up with your cloud image (for OS::Nova::Server) or 'ec2-user' (for AWS::EC2::Instance).
(StrOpt) Fully qualified class name to use as a keystone backend.
-
lock_path = None
-
(StrOpt) Directory to use for lock files.
-
-
-
memcached_servers = None
+
= None
(ListOpt) Memcached servers or None for in process cache.
-
periodic_interval = 60
+
= 60
(IntOpt) Seconds between running periodic tasks.
-
plugin_dirs = /usr/lib64/heat, /usr/lib/heat
+
= /usr/lib64/heat, /usr/lib/heat
(ListOpt) List of directories to search for plug-ins.
[keystone_authtoken]
-
memcached_servers = None
+
= None
(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
[revision]
-
heat_revision = unknown
+
= unknown
(StrOpt) Heat build revision. If you would prefer to manage your build revision separately, you can move this section to a different file and add it as another config option.
(StrOpt) The SQLAlchemy connection string to use to connect to the database.
-
connection_debug = 0
+
= 0
(IntOpt) Verbosity of SQL debugging information: 0=None, 100=Everything.
-
connection_trace = False
+
= False
(BoolOpt) Add Python stack traces to SQL as comment strings.
-
db_inc_retry_interval = True
+
= True
(BoolOpt) If True, increases the interval between database connection retries up to db_max_retry_interval.
-
db_max_retries = 20
+
= 20
(IntOpt) Maximum database connection retries before error is raised. Set to -1 to specify an infinite retry count.
-
db_max_retry_interval = 10
+
= 10
(IntOpt) If db_inc_retry_interval is set, the maximum seconds between database connection retries.
-
db_retry_interval = 1
+
= 1
(IntOpt) Seconds between database connection retries.
-
idle_timeout = 3600
+
= 3600
(IntOpt) Timeout before idle SQL connections are reaped.
-
max_overflow = None
+
= None
(IntOpt) If set, use this value for max_overflow with SQLAlchemy.
-
max_pool_size = None
+
= None
(IntOpt) Maximum number of SQL connections to keep open in a pool.
-
max_retries = 10
-
(IntOpt) Maximum db connection retries during startup. Set to -1 to specify an infinite retry count.
+
= 10
+
(IntOpt) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
-
min_pool_size = 1
+
= 1
(IntOpt) Minimum number of SQL connections to keep open in a pool.
-
mysql_sql_mode = TRADITIONAL
+
= TRADITIONAL
(StrOpt) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
pool_timeout = None
+
= None
(IntOpt) If set, use this value for pool_timeout with SQLAlchemy.
-
retry_interval = 10
+
= 10
(IntOpt) Interval between retries of opening a SQL connection.
-
slave_connection = None
+
= None
(StrOpt) The SQLAlchemy connection string to use to connect to the slave database.
-
sqlite_db = oslo.sqlite
+
= oslo.sqlite
(StrOpt) The file name to use with SQLite.
-
sqlite_synchronous = True
+
= True
(BoolOpt) If True, SQLite uses synchronous mode.
-
use_db_reconnect = False
+
= False
(BoolOpt) Enable the experimental use of database reconnect on connection lost.
(StrOpt) Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number; <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service's log file.
-
-
disable_process_locking = False
-
(BoolOpt) Enables or disables inter-process locks.
(BoolOpt) Enables or disables fatal status of deprecations.
-
instance_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance that is passed with the log message.
-
instance_uuid_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance UUID that is passed with the log message.
-
log_config_append = None
+
= None
(StrOpt) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation.
-
log_date_format = %Y-%m-%d %H:%M:%S
+
= %Y-%m-%d %H:%M:%S
(StrOpt) Format string for %%(asctime)s in log records. Default: %(default)s .
-
log_dir = None
+
= None
(StrOpt) (Optional) The base directory used for relative --log-file paths.
-
log_file = None
+
= None
(StrOpt) (Optional) Name of log file to output to. If no default is set, logging will go to stdout.
-
log_format = None
+
= None
(StrOpt) DEPRECATED. A logging.Formatter log message format string which may use any of the available logging.LogRecord attributes. This option is deprecated. Please use logging_context_format_string and logging_default_format_string instead.
(StrOpt) Prefix each line of exception output with this format.
-
publish_errors = False
+
= False
(BoolOpt) Enables or disables publication of error events.
-
syslog_log_facility = LOG_USER
+
= LOG_USER
(StrOpt) Syslog facility to receive log lines.
-
use_stderr = True
+
= True
(BoolOpt) Log output to standard error.
-
use_syslog = False
+
= False
(BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED during I, and will change in J to honor RFC5424.
-
use_syslog_rfc_format = False
+
= False
(BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in I, and will be removed in J.
-
verbose = False
+
= False
(BoolOpt) Print more verbose output (set logging level to INFO instead of default WARNING level).
(IntOpt) Seconds between connection keepalive heartbeats.
-
qpid_hostname = localhost
+
= localhost
(StrOpt) Qpid broker hostname.
-
qpid_hosts = $qpid_hostname:$qpid_port
+
= $qpid_hostname:$qpid_port
(ListOpt) Qpid HA cluster host:port pairs.
-
qpid_password =
+
=
(StrOpt) Password for Qpid connection.
-
qpid_port = 5672
+
= 5672
(IntOpt) Qpid broker port.
-
qpid_protocol = tcp
+
= tcp
(StrOpt) Transport to use, either 'tcp' or 'ssl'.
-
qpid_receiver_capacity = 1
+
= 1
(IntOpt) The number of prefetched messages held by receiver.
-
qpid_sasl_mechanisms =
+
=
(StrOpt) Space separated list of SASL mechanisms to use for auth.
-
qpid_tcp_nodelay = True
+
= True
(BoolOpt) Whether to disable the Nagle algorithm.
-
qpid_topology_version = 1
+
= 1
(IntOpt) The qpid topology version to use. Version 1 is what was originally used by impl_qpid. Version 2 includes some backwards-incompatible changes that allow broker federation to work. Users should update to version 2 when they are able to take everything down, as it requires a clean break.
(StrOpt) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
-
default_publisher_id = None
+
= None
(StrOpt) Default publisher_id for outgoing notifications
-
notification_driver = []
+
= []
(MultiStrOpt) Driver or drivers to handle sending notifications.
-
notification_topics = notifications
+
= notifications
(ListOpt) AMQP topic used for OpenStack notifications.
-
transport_url = None
+
= None
(StrOpt) A URL representing the messaging driver to use and its full configuration. If not set, we fall back to the rpc_backend option and driver specific configuration.
(StrOpt) The IP address of the network interface for the admin service to listen on.
-
admin_endpoint = None
-
(StrOpt) The base admin endpoint URL for Keystone that is advertised to clients (NOTE: this does NOT affect how Keystone listens for connections). Defaults to the base host URL of the request. E.g. a request to http://server:35357/v2.0/users will default to http://server:35357. You should only need to set this value if the base URL contains a path (e.g. /prefix/v2.0) or the endpoint should be found on a different server.
+
= None
+
(StrOpt) The base admin endpoint URL for Keystone that is advertised to clients (NOTE: this does NOT affect how Keystone listens for connections). Defaults to the base host URL of the request. E.g. a request to http://server:35357/v3/users will default to http://server:35357. You should only need to set this value if the base URL contains a path (e.g. /prefix/v3) or the endpoint should be found on a different server.
-
admin_port = 35357
+
= 35357
(IntOpt) The port number which the admin service listens on.
-
admin_token = ADMIN
+
= ADMIN
(StrOpt) A "shared secret" that can be used to bootstrap Keystone. This "token" does not represent a user, and carries no explicit authorization. To disable in production (highly recommended), remove AdminTokenAuthMiddleware from your paste application pipelines (for example, in keystone-paste.ini).
-
admin_workers = None
+
= None
(IntOpt) The number of worker processes to serve the admin WSGI application. Defaults to number of CPUs (minimum of 2).
-
compute_port = 8774
+
= 8774
(IntOpt) (Deprecated) The port which the OpenStack Compute service listens on. This option was only used for string replacement in the templated catalog backend. Templated catalogs should replace the "$(compute_port)s" substitution with the static port of the compute service. As of Juno, this option is deprecated and will be removed in the L release.
-
domain_id_immutable = True
+
= True
(BoolOpt) Set this to false if you want to enable the ability for user, group and project entities to be moved between domains by updating their domain_id. Allowing such movement is not recommended if the scope of a domain admin is being restricted by use of an appropriate policy file (see policy.v3cloudsample as an example).
-
list_limit = None
+
= None
(IntOpt) The maximum number of entities that will be returned in a collection, with no limit set by default. This global limit may be then overridden for a specific driver, by specifying a list_limit in the appropriate section (e.g. [assignment]).
-
max_param_size = 64
+
= 64
(IntOpt) Limit the sizes of user & project ID/names.
-
max_request_body_size = 114688
+
= 5
+
(IntOpt) Maximum depth of the project hierarchy. WARNING: setting it to a large value may adversely impact performance.
+
+
+
= 114688
(IntOpt) Enforced by optional sizelimit middleware (keystone.middleware:RequestBodySizeLimiter).
-
max_token_size = 8192
+
= 8192
(IntOpt) Similar to max_param_size, but provides an exception for token values.
-
member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab
-
(StrOpt) During a SQL upgrade member_role_id will be used to create a new role that will replace records in the assignment table with explicit role grants. After migration, the member_role_id will be used in the API add_user_to_project.
+
= 9fe2ff9ee4384b1894a90878d3e92bab
+
(StrOpt) Similar to the member_role_name option, this represents the default role ID used to associate users with their default projects in the v2 API. This will be used as the explicit role where one is not specified by the v2 API.
-
member_role_name = _member_
-
(StrOpt) During a SQL upgrade member_role_name will be used to create a new role that will replace records in the assignment table with explicit role grants. After migration, member_role_name will be ignored.
+
= _member_
+
(StrOpt) This is the role name used in combination with the member_role_id option; see that option for more detail.
-
public_bind_host = 0.0.0.0
+
= 0.0.0.0
(StrOpt) The IP address of the network interface for the public service to listen on.
-
public_endpoint = None
-
(StrOpt) The base public endpoint URL for Keystone that is advertised to clients (NOTE: this does NOT affect how Keystone listens for connections). Defaults to the base host URL of the request. E.g. a request to http://server:5000/v2.0/users will default to http://server:5000. You should only need to set this value if the base URL contains a path (e.g. /prefix/v2.0) or the endpoint should be found on a different server.
+
= None
+
(StrOpt) The base public endpoint URL for Keystone that is advertised to clients (NOTE: this does NOT affect how Keystone listens for connections). Defaults to the base host URL of the request. E.g. a request to http://server:5000/v3/users will default to http://server:5000. You should only need to set this value if the base URL contains a path (e.g. /prefix/v3) or the endpoint should be found on a different server.
-
public_port = 5000
+
= 5000
(IntOpt) The port number which the public service listens on.
-
public_workers = None
+
= None
(IntOpt) The number of worker processes to serve the public WSGI application. Defaults to number of CPUs (minimum of 2).
-
strict_password_check = False
+
= False
(BoolOpt) If set to true, strict password length checking is performed for password manipulation. If a password exceeds the maximum length, the operation will fail with an HTTP 403 Forbidden error. If set to false, passwords are automatically truncated to the maximum length.
-
tcp_keepalive = False
+
= False
(BoolOpt) Set this to true if you want to enable TCP_KEEPALIVE on server sockets, i.e. sockets used by the Keystone wsgi server for client connections.
-
tcp_keepidle = 600
-
(IntOpt) Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only applies if tcp_keepalive is true. Not supported on OS X.
+
= 600
+
(IntOpt) Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only applies if tcp_keepalive is true.
(StrOpt) Keystone service account tenant name to validate user tokens
-
admin_token = None
+
= None
(StrOpt) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
-
admin_user = None
+
= None
(StrOpt) Keystone account username
-
auth_admin_prefix =
+
=
(StrOpt) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
-
auth_host = 127.0.0.1
+
= 127.0.0.1
(StrOpt) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_port = 35357
+
= 35357
(IntOpt) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_protocol = https
+
= https
(StrOpt) Protocol of the admin Identity API endpoint (http or https). Deprecated, use identity_uri.
-
auth_uri = None
+
= None
(StrOpt) Complete public Identity API endpoint
-
auth_version = None
+
= None
(StrOpt) API version of the admin Identity API endpoint
-
cache = None
+
= None
(StrOpt) Env key for the swift cache
-
cafile = None
+
= None
(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
-
certfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
check_revocations_for_cached = False
+
= False
(BoolOpt) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the Keystone server.
-
delay_auth_decision = False
+
= False
(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components
-
enforce_token_bind = permissive
+
= permissive
(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
-
hash_algorithms = md5
+
= md5
(ListOpt) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
-
http_connect_timeout = None
+
= None
(BoolOpt) Request timeout value for communicating with Identity API server.
-
http_request_max_retries = 3
+
= 3
(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.
-
identity_uri = None
+
= None
(StrOpt) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
-
include_service_catalog = True
+
= True
(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
-
insecure = False
+
= False
(BoolOpt) Verify HTTPS connections.
-
keyfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
memcache_secret_key = None
+
= None
(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.
-
memcache_security_strategy = None
+
= None
(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
-
revocation_cache_time = 10
+
= 10
(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
-
signing_dir = None
+
= None
(StrOpt) Directory used to cache files related to PKI tokens
-
token_cache_time = 300
+
= 300
(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
(StrOpt) Path of the certfile for token signing. For non-production environments, you may be interested in using `keystone-manage pki_setup` to generate self-signed certificates.
-
key_size = 2048
+
= 2048
(IntOpt) Key size (in bits) for token signing cert (auto generated certificate).
(StrOpt) Path of the certfile for SSL. For non-production environments, you may be interested in using `keystone-manage ssl_setup` to generate self-signed certificates.
-
enable = False
+
= False
(BoolOpt) Toggle for SSL support on the Keystone eventlet servers.
-
key_size = 1024
+
= 1024
(IntOpt) SSL key length (in bits) (auto generated certificate).
(StrOpt) Dogpile.cache backend module. It is recommended that Memcache with pooling (keystone.cache.memcache_pool) or Redis (dogpile.cache.redis) be used in production deployments. Small workloads (single process) like devstack can use the dogpile.cache.memory backend.
-
backend_argument = []
+
= []
(MultiStrOpt) Arguments supplied to the backend module. Specify this option once per argument to be passed to the dogpile.cache backend. Example format: "<argname>:<value>".
-
config_prefix = cache.keystone
+
= cache.keystone
(StrOpt) Prefix for building the configuration dictionary for the cache region. This should not need to be changed unless there is another dogpile.cache region with the same configuration name.
-
debug_cache_backend = False
+
= False
(BoolOpt) Extra debugging from the cache backend (cache keys, get/set/delete/etc calls). This is only really useful if you need to see the specific cache-backend get/set/delete calls with the keys/values. Typically this should be left set to false.
-
enabled = False
+
= False
(BoolOpt) Global toggle for all caching using the should_cache_fn mechanism.
-
expiration_time = 600
+
= 600
(IntOpt) Default TTL, in seconds, for any cached item in the dogpile.cache region. This applies to any cached method that doesn't have an explicit cache expiration time defined for it.
-
memcache_dead_retry = 300
-
(IntOpt) Number of seconds memcached server is considered dead before it is tried again. (dogpile.cache.memcache and keystone.cache.memcache_pool backends only)
+
= 300
+
(IntOpt) Number of seconds memcached server is considered dead before it is tried again. (dogpile.cache.memcache and keystone.cache.memcache_pool backends only).
-
memcache_pool_connection_get_timeout = 10
+
= 10
(IntOpt) Number of seconds that an operation will wait to get a memcache client connection.
-
memcache_pool_maxsize = 10
-
(IntOpt) Max total number of open connections to every memcached server. (keystone.cache.memcache_pool backend only)
+
= 10
+
(IntOpt) Max total number of open connections to every memcached server. (keystone.cache.memcache_pool backend only).
-
memcache_pool_unused_timeout = 60
-
(IntOpt) Number of seconds a connection to memcached is held unused in the pool before it is closed. (keystone.cache.memcache_pool backend only)
+
= 60
+
(IntOpt) Number of seconds a connection to memcached is held unused in the pool before it is closed. (keystone.cache.memcache_pool backend only).
-
memcache_servers = localhost:11211
-
(ListOpt) Memcache servers in the format of "host:port". (dogpile.cache.memcache and keystone.cache.memcache_pool backends only)
+
= localhost:11211
+
(ListOpt) Memcache servers in the format of "host:port". (dogpile.cache.memcache and keystone.cache.memcache_pool backends only).
-
memcache_socket_timeout = 3
-
(IntOpt) Timeout in seconds for every call to a server. (dogpile.cache.memcache and keystone.cache.memcache_pool backends only)
+
= 3
+
(IntOpt) Timeout in seconds for every call to a server. (dogpile.cache.memcache and keystone.cache.memcache_pool backends only).
-
proxies =
+
=
(ListOpt) Proxy classes to import that will affect the way the dogpile.cache backend functions. See the dogpile.cache documentation on changing-backend-behavior.
[memcache]
-
dead_retry = 300
+
= 300
(IntOpt) Number of seconds memcached server is considered dead before it is tried again. This is used by the key value store system (e.g. token pooled memcached persistence backend).
-
pool_connection_get_timeout = 10
+
= 10
(IntOpt) Number of seconds that an operation will wait to get a memcache client connection. This is used by the key value store system (e.g. token pooled memcached persistence backend).
-
pool_maxsize = 10
+
= 10
(IntOpt) Max total number of open connections to every memcached server. This is used by the key value store system (e.g. token pooled memcached persistence backend).
-
pool_unused_timeout = 60
+
= 60
(IntOpt) Number of seconds a connection to memcached is held unused in the pool before it is closed. This is used by the key value store system (e.g. token pooled memcached persistence backend).
(StrOpt) The SQLAlchemy connection string to use to connect to the database.
-
connection_debug = 0
+
= 0
(IntOpt) Verbosity of SQL debugging information: 0=None, 100=Everything.
-
connection_trace = False
+
= False
(BoolOpt) Add Python stack traces to SQL as comment strings.
-
db_inc_retry_interval = True
+
= True
(BoolOpt) If True, increases the interval between database connection retries up to db_max_retry_interval.
-
db_max_retries = 20
+
= 20
(IntOpt) Maximum database connection retries before error is raised. Set to -1 to specify an infinite retry count.
-
db_max_retry_interval = 10
+
= 10
(IntOpt) If db_inc_retry_interval is set, the maximum seconds between database connection retries.
-
db_retry_interval = 1
+
= 1
(IntOpt) Seconds between database connection retries.
-
idle_timeout = 3600
+
= 3600
(IntOpt) Timeout before idle SQL connections are reaped.
-
max_overflow = None
+
= None
(IntOpt) If set, use this value for max_overflow with SQLAlchemy.
-
max_pool_size = None
+
= None
(IntOpt) Maximum number of SQL connections to keep open in a pool.
-
max_retries = 10
-
(IntOpt) Maximum db connection retries during startup. Set to -1 to specify an infinite retry count.
+
= 10
+
(IntOpt) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
-
min_pool_size = 1
+
= 1
(IntOpt) Minimum number of SQL connections to keep open in a pool.
-
mysql_sql_mode = TRADITIONAL
+
= TRADITIONAL
(StrOpt) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
pool_timeout = None
+
= None
(IntOpt) If set, use this value for pool_timeout with SQLAlchemy.
-
retry_interval = 10
+
= 10
(IntOpt) Interval between retries of opening a SQL connection.
-
slave_connection = None
+
= None
(StrOpt) The SQLAlchemy connection string to use to connect to the slave database.
-
sqlite_db = oslo.sqlite
+
= oslo.sqlite
(StrOpt) The file name to use with SQLite.
-
sqlite_synchronous = True
+
= True
(BoolOpt) If True, SQLite uses synchronous mode.
-
use_db_reconnect = False
+
= False
(BoolOpt) Enable the experimental use of database reconnect on connection lost.
(StrOpt) Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number; <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service's log file.
-
pydev_debug_host = None
+
= None
(StrOpt) Host to connect to for remote debugger.
-
pydev_debug_port = None
+
= None
(IntOpt) Port to connect to for remote debugger.
-
standard_threads = False
+
= False
(BoolOpt) Do not monkey-patch threading system modules.
(StrOpt) This references the domain to use for all Identity API v2 requests (which are not aware of domains). A domain with this ID will be created for you by keystone-manage db_sync in migration 008. The domain referenced by this ID cannot be deleted on the v3 API, to prevent accidentally breaking the v2 API. There is nothing special about this domain, other than the fact that it must exist to order to maintain support for your v2 clients.
-
domain_config_dir = /etc/keystone/domains
+
= /etc/keystone/domains
(StrOpt) Path for Keystone to locate the domain specific identity configuration files if domain_specific_drivers_enabled is set to true.
-
domain_specific_drivers_enabled = False
+
= False
(BoolOpt) A subset (or all) of domains can have their own identity driver, each with their own partial configuration file in a domain configuration directory. Only values specific to the domain need to be placed in the domain specific configuration file. This feature is disabled by default; set to true to enable.
-
driver = keystone.identity.backends.sql.Identity
+
= keystone.identity.backends.sql.Identity
(StrOpt) Identity backend driver.
-
list_limit = None
+
= None
(IntOpt) Maximum number of entities that will be returned in an identity collection.
-
max_password_length = 4096
+
= 4096
(IntOpt) Maximum supported length for user passwords; decrease to improve performance.
(ListOpt) Extra dogpile.cache backend modules to register with the dogpile.cache library.
-
config_prefix = keystone.kvs
+
= keystone.kvs
(StrOpt) Prefix for building the configuration dictionary for the KVS region. This should not need to be changed unless there is another dogpile.cache region with the same configuration name.
-
default_lock_timeout = 5
+
= 5
(IntOpt) Default lock timeout for distributed locking.
-
enable_key_mangler = True
+
= True
(BoolOpt) Toggle to disable using a key-mangling function to ensure fixed length keys. This is toggle-able for debugging purposes, it is highly recommended to always leave this set to true.
(StrOpt) The LDAP dereferencing option for queries. This can be either "never", "searching", "always", "finding" or "default". The "default" option falls back to using default dereferencing configured by your ldap.conf.
-
allow_subtree_delete = False
+
= False
(BoolOpt) Delete subtrees using the subtree delete control. Only enable this option if your LDAP server supports subtree deletion.
-
auth_pool_connection_lifetime = 60
+
= 60
(IntOpt) End user auth connection lifetime in seconds.
-
auth_pool_size = 100
+
= 100
(IntOpt) End user auth connection pool size.
-
chase_referrals = None
+
= None
(BoolOpt) Override the system's default referral chasing behavior for queries.
-
debug_level = None
+
= None
(IntOpt) Sets the LDAP debugging level for LDAP calls. A value of 0 means that debugging is not enabled. This value is a bitmask, consult your LDAP documentation for possible values.
-
dumb_member = cn=dumb,dc=nonexistent
+
= cn=dumb,dc=nonexistent
(StrOpt) DN of the "dummy member" to use when "use_dumb_member" is enabled.
-
group_additional_attribute_mapping =
+
=
(ListOpt) Additional attribute mappings for groups. Attribute mapping format is <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry and user_attr is the Identity API attribute.
-
group_allow_create = True
+
= True
(BoolOpt) Allow group creation in LDAP backend.
-
group_allow_delete = True
+
= True
(BoolOpt) Allow group deletion in LDAP backend.
-
group_allow_update = True
+
= True
(BoolOpt) Allow group update in LDAP backend.
-
group_attribute_ignore =
+
=
(ListOpt) List of attributes stripped off the group on update.
-
group_desc_attribute = description
+
= description
(StrOpt) LDAP attribute mapped to group description.
-
group_filter = None
+
= None
(StrOpt) LDAP search filter for groups.
-
group_id_attribute = cn
+
= cn
(StrOpt) LDAP attribute mapped to group id.
-
group_member_attribute = member
+
= member
(StrOpt) LDAP attribute mapped to show group membership.
-
group_name_attribute = ou
+
= ou
(StrOpt) LDAP attribute mapped to group name.
-
group_objectclass = groupOfNames
+
= groupOfNames
(StrOpt) LDAP objectclass for groups.
-
group_tree_dn = None
+
= None
(StrOpt) Search base for groups.
-
page_size = 0
+
= 0
(IntOpt) Maximum results per page; a value of zero ("0") disables paging.
-
password = None
+
= None
(StrOpt) Password for the BindDN to query the LDAP server.
-
pool_connection_lifetime = 600
+
= 600
(IntOpt) Connection lifetime in seconds.
-
pool_connection_timeout = -1
+
= -1
(IntOpt) Connector timeout in seconds. Value -1 indicates indefinite wait for response.
-
pool_retry_delay = 0.1
+
= 0.1
(FloatOpt) Time span in seconds to wait between two reconnect trials.
-
pool_retry_max = 3
+
= 3
(IntOpt) Maximum count of reconnect trials.
-
pool_size = 10
+
= 10
(IntOpt) Connection pool size.
-
project_additional_attribute_mapping =
+
=
(ListOpt) Additional attribute mappings for projects. Attribute mapping format is <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry and user_attr is the Identity API attribute.
-
project_allow_create = True
+
= True
(BoolOpt) Allow project creation in LDAP backend.
-
project_allow_delete = True
+
= True
(BoolOpt) Allow project deletion in LDAP backend.
-
project_allow_update = True
+
= True
(BoolOpt) Allow project update in LDAP backend.
-
project_attribute_ignore =
+
=
(ListOpt) List of attributes stripped off the project on update.
-
project_desc_attribute = description
+
= description
(StrOpt) LDAP attribute mapped to project description.
-
project_domain_id_attribute = businessCategory
+
= businessCategory
(StrOpt) LDAP attribute mapped to project domain_id.
-
project_enabled_attribute = enabled
+
= enabled
(StrOpt) LDAP attribute mapped to project enabled.
-
project_enabled_emulation = False
+
= False
(BoolOpt) If true, Keystone uses an alternative method to determine if a project is enabled or not by checking if they are a member of the "project_enabled_emulation_dn" group.
-
project_enabled_emulation_dn = None
+
= None
(StrOpt) DN of the group entry to hold enabled projects when using enabled emulation.
-
project_filter = None
+
= None
(StrOpt) LDAP search filter for projects.
-
project_id_attribute = cn
+
= cn
(StrOpt) LDAP attribute mapped to project id.
-
project_member_attribute = member
+
= member
(StrOpt) LDAP attribute mapped to project membership for user.
-
project_name_attribute = ou
+
= ou
(StrOpt) LDAP attribute mapped to project name.
-
project_objectclass = groupOfNames
+
= groupOfNames
(StrOpt) LDAP objectclass for projects.
-
project_tree_dn = None
+
= None
(StrOpt) Search base for projects
-
query_scope = one
+
= one
(StrOpt) The LDAP scope for queries, this can be either "one" (onelevel/singleLevel) or "sub" (subtree/wholeSubtree).
-
role_additional_attribute_mapping =
+
=
(ListOpt) Additional attribute mappings for roles. Attribute mapping format is <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry and user_attr is the Identity API attribute.
-
role_allow_create = True
+
= True
(BoolOpt) Allow role creation in LDAP backend.
-
role_allow_delete = True
+
= True
(BoolOpt) Allow role deletion in LDAP backend.
-
role_allow_update = True
+
= True
(BoolOpt) Allow role update in LDAP backend.
-
role_attribute_ignore =
+
=
(ListOpt) List of attributes stripped off the role on update.
-
role_filter = None
+
= None
(StrOpt) LDAP search filter for roles.
-
role_id_attribute = cn
+
= cn
(StrOpt) LDAP attribute mapped to role id.
-
role_member_attribute = roleOccupant
+
= roleOccupant
(StrOpt) LDAP attribute mapped to role membership.
-
role_name_attribute = ou
+
= ou
(StrOpt) LDAP attribute mapped to role name.
-
role_objectclass = organizationalRole
+
= organizationalRole
(StrOpt) LDAP objectclass for roles.
-
role_tree_dn = None
+
= None
(StrOpt) Search base for roles.
-
suffix = cn=example,cn=com
+
= cn=example,cn=com
(StrOpt) LDAP server suffix
-
tls_cacertdir = None
+
= None
(StrOpt) CA certificate directory path for communicating with LDAP servers.
-
tls_cacertfile = None
+
= None
(StrOpt) CA certificate file path for communicating with LDAP servers.
-
tls_req_cert = demand
+
= demand
(StrOpt) Valid options for tls_req_cert are demand, never, and allow.
-
url = ldap://localhost
+
= ldap://localhost
(StrOpt) URL for connecting to the LDAP server.
-
use_auth_pool = False
+
= False
(BoolOpt) Enable LDAP connection pooling for end user authentication. If use_pool is disabled, then this setting is meaningless and is not used at all.
-
use_dumb_member = False
+
= False
(BoolOpt) If true, will add a dummy member to groups. This is required if the objectclass for groups requires the "member" attribute.
-
use_pool = False
+
= False
(BoolOpt) Enable LDAP connection pooling.
-
use_tls = False
+
= False
(BoolOpt) Enable TLS for communicating with LDAP servers.
-
user = None
+
= None
(StrOpt) User BindDN to query the LDAP server.
-
user_additional_attribute_mapping =
+
=
(ListOpt) List of additional LDAP attributes used for mapping additional attribute mappings for users. Attribute mapping format is <ldap_attr>:<user_attr>, where ldap_attr is the attribute in the LDAP entry and user_attr is the Identity API attribute.
(ListOpt) List of attributes stripped off the user on update.
-
user_default_project_id_attribute = None
+
= None
(StrOpt) LDAP attribute mapped to default_project_id for users.
-
user_enabled_attribute = enabled
+
= enabled
(StrOpt) LDAP attribute mapped to user enabled flag.
-
user_enabled_default = True
+
= True
(StrOpt) Default value to enable users. This should match an appropriate int value if the LDAP server uses non-boolean (bitmask) values to indicate if a user is enabled or disabled. If this is not set to "True" the typical value is "512". This is typically used when "user_enabled_attribute = userAccountControl".
-
user_enabled_emulation = False
+
= False
(BoolOpt) If true, Keystone uses an alternative method to determine if a user is enabled or not by checking if they are a member of the "user_enabled_emulation_dn" group.
-
user_enabled_emulation_dn = None
+
= None
(StrOpt) DN of the group entry to hold enabled users when using enabled emulation.
-
user_enabled_invert = False
+
= False
(BoolOpt) Invert the meaning of the boolean enabled values. Some LDAP servers use a boolean lock attribute where "true" means an account is disabled. Setting "user_enabled_invert = true" will allow these lock attributes to be used. This setting will have no effect if "user_enabled_mask" or "user_enabled_emulation" settings are in use.
-
user_enabled_mask = 0
+
= 0
(IntOpt) Bitmask integer to indicate the bit that the enabled value is stored in if the LDAP server represents "enabled" as a bit on an integer rather than a boolean. A value of "0" indicates the mask is not used. If this is not set to "0" the typical value is "2". This is typically used when "user_enabled_attribute = userAccountControl".
-
user_filter = None
+
= None
(StrOpt) LDAP search filter for users.
-
user_id_attribute = cn
+
= cn
(StrOpt) LDAP attribute mapped to user id. WARNING: must not be a multivalued attribute.
(BoolOpt) Enables or disables fatal status of deprecations.
-
instance_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance that is passed with the log message.
-
instance_uuid_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance UUID that is passed with the log message.
-
log_config_append = None
+
= None
(StrOpt) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation.
-
log_date_format = %Y-%m-%d %H:%M:%S
+
= %Y-%m-%d %H:%M:%S
(StrOpt) Format string for %%(asctime)s in log records. Default: %(default)s .
-
log_dir = None
+
= None
(StrOpt) (Optional) The base directory used for relative --log-file paths.
-
log_file = None
+
= None
(StrOpt) (Optional) Name of log file to output to. If no default is set, logging will go to stdout.
-
log_format = None
+
= None
(StrOpt) DEPRECATED. A logging.Formatter log message format string which may use any of the available logging.LogRecord attributes. This option is deprecated. Please use logging_context_format_string and logging_default_format_string instead.
(StrOpt) Prefix each line of exception output with this format.
-
publish_errors = False
+
= False
(BoolOpt) Enables or disables publication of error events.
-
syslog_log_facility = LOG_USER
+
= LOG_USER
(StrOpt) Syslog facility to receive log lines.
-
use_stderr = True
+
= True
(BoolOpt) Log output to standard error.
-
use_syslog = False
+
= False
(BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED during I, and will change in J to honor RFC5424.
-
use_syslog_rfc_format = False
+
= False
(BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in I, and will be removed in J.
-
verbose = False
+
= False
(BoolOpt) Print more verbose output (set logging level to INFO instead of default WARNING level).
(BoolOpt) The format of user and group IDs changed in Juno for backends that do not generate UUIDs (e.g. LDAP), with keystone providing a hash mapping to the underlying attribute in LDAP. By default this mapping is disabled, which ensures that existing IDs will not change. Even when the mapping is enabled by using domain specific drivers, any users and groups from the default domain being handled by LDAP will still not be mapped to ensure their IDs remain backward compatible. Setting this value to False will enable the mapping for even the default LDAP driver. It is only safe to do this if you do not already have assignments for users and groups from the default LDAP domain, and it is acceptable for Keystone to provide the different IDs to clients than it did previously. Typically this means that the only time you can set this value to False is when configuring a fresh installation.
(StrOpt) Public ID generator for user and group entities. The Keystone identity mapper only supports generators that produce no more than 64 characters.
(StrOpt) Default rule. Enforced when a requested rule is not found.
-
policy_file = policy.json
+
= ['policy.d']
+
(MultiStrOpt) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched.
+
+
+
= policy.json
(StrOpt) The JSON file that defines policies.
[policy]
-
driver = keystone.policy.backends.sql.Policy
+
= keystone.policy.backends.sql.Policy
(StrOpt) Policy backend driver.
-
list_limit = None
+
= None
(IntOpt) Maximum number of entities that will be returned in a policy collection.
(IntOpt) Seconds between connection keepalive heartbeats.
-
qpid_hostname = localhost
+
= localhost
(StrOpt) Qpid broker hostname.
-
qpid_hosts = $qpid_hostname:$qpid_port
+
= $qpid_hostname:$qpid_port
(ListOpt) Qpid HA cluster host:port pairs.
-
qpid_password =
+
=
(StrOpt) Password for Qpid connection.
-
qpid_port = 5672
+
= 5672
(IntOpt) Qpid broker port.
-
qpid_protocol = tcp
+
= tcp
(StrOpt) Transport to use, either 'tcp' or 'ssl'.
-
qpid_receiver_capacity = 1
+
= 1
(IntOpt) The number of prefetched messages held by receiver.
-
qpid_sasl_mechanisms =
+
=
(StrOpt) Space separated list of SASL mechanisms to use for auth.
-
qpid_tcp_nodelay = True
+
= True
(BoolOpt) Whether to disable the Nagle algorithm.
-
qpid_topology_version = 1
+
= 1
(IntOpt) The qpid topology version to use. Version 1 is what was originally used by impl_qpid. Version 2 includes some backwards-incompatible changes that allow broker federation to work. Users should update to version 2 when they are able to take everything down, as it requires a clean break.
(StrOpt) Path of the certfile for SAML signing. For non-production environments, you may be interested in using `keystone-manage pki_setup` to generate self-signed certificates. Note, the path cannot contain a comma.
-
idp_contact_company = None
+
= None
(StrOpt) Company of contact person.
-
idp_contact_email = None
+
= None
(StrOpt) Email address of contact person.
-
idp_contact_name = None
+
= None
(StrOpt) Given name of contact person
-
idp_contact_surname = None
+
= None
(StrOpt) Surname of contact person.
-
idp_contact_telephone = None
+
= None
(StrOpt) Telephone number of contact person.
-
idp_contact_type = other
+
= other
(StrOpt) Contact type. Allowed values are: technical, support, administrative billing, and other
-
idp_entity_id = None
+
= None
(StrOpt) Entity ID value for unique Identity Provider identification. Usually FQDN is set with a suffix. A value is required to generate IDP Metadata. For example: https://keystone.example.com/v3/OS-FEDERATION/saml2/idp
(StrOpt) Path to the Identity Provider Metadata file. This file should be generated with the keystone-manage saml_idp_metadata command.
-
idp_organization_display_name = None
+
= None
(StrOpt) Organization name to be displayed.
-
idp_organization_name = None
+
= None
(StrOpt) Organization name the installation belongs to.
-
idp_organization_url = None
+
= None
(StrOpt) URL of the organization.
-
idp_sso_endpoint = None
+
= None
(StrOpt) Identity Provider Single-Sign-On service value, required in the Identity Provider's metadata. A value is required to generate IDP Metadata. For example: https://keystone.example.com/v3/OS-FEDERATION/saml2/sso
(StrOpt) Path of the keyfile for SAML signing. Note, the path cannot contain a comma.
-
xmlsec1_binary = xmlsec1
+
= xmlsec1
(StrOpt) Binary to be called for XML signing. Install the appropriate package, specify absolute path or adjust your PATH environment variable if the binary cannot be found.
(StrOpt) Enforcement policy on tokens presented to Keystone with bind information. One of disabled, permissive, strict, required or a specifically required bind mode, e.g., kerberos or x509 to require binding to that authentication.
-
expiration = 3600
+
= 3600
(IntOpt) Amount of time a token should remain valid (in seconds).
-
hash_algorithm = md5
+
= md5
(StrOpt) The hash algorithm to use for PKI tokens. This can be set to any algorithm that hashlib supports. WARNING: Before changing this value, the auth_token middleware must be configured with the hash_algorithms, otherwise token revocation will not be processed correctly.
-
provider = None
+
= None
(StrOpt) Controls the token construction, validation, and revocation operations. Core providers are "keystone.token.providers.[pkiz|pki|uuid].Provider". The default provider is uuid.
-
revocation_cache_time = 3600
+
= 3600
(IntOpt) Time to cache the revocation list and the revocation events if revoke extension is enabled (in seconds). This has no effect unless global and token caching are enabled.
-
revoke_by_id = True
+
= True
(BoolOpt) Revoke token by token identifier. Setting revoke_by_id to true enables various forms of enumerating tokens, e.g. `list tokens for user`. These enumerations are processed to determine the list of tokens to revoke. Only disable if you are switching to using the Revoke extension with a backend other than KVS, which stores events in memory.
(StrOpt) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
-
notification_driver = []
+
= []
(MultiStrOpt) Driver or drivers to handle sending notifications.
-
notification_topics = notifications
+
= notifications
(ListOpt) AMQP topic used for OpenStack notifications.
-
transport_url = None
+
= None
(StrOpt) A URL representing the messaging driver to use and its full configuration. If not set, we fall back to the rpc_backend option and driver specific configuration.
(IntOpt) Number of backlog requests to configure the socket with
-
max_header_line = 16384
+
= 900
+
(IntOpt) Timeout for client connections socket operations. If an incoming connection is idle for this number of seconds it will be closed. A value of '0' means wait forever.
+
+
+
= 900
+
(IntOpt) Reconnect connection to nsx if not used within this amount of time.
+
+
+
= 16384
(IntOpt) Max header line to accommodate large tokens
-
max_request_body_size = 114688
-
(IntOpt) the maximum body size per each request(bytes)
-
-
-
pagination_max_limit = -1
+
= -1
(StrOpt) The maximum number of items returned in a single response, value was 'infinite' or negative integer means no limit
-
retry_until_window = 30
+
= 30
(IntOpt) Number of seconds to keep retrying to listen
-
run_external_periodic_tasks = True
+
= True
(BoolOpt) Some periodic tasks can be run in a separate process. Should we run them here?
-
service_plugins =
+
=
(ListOpt) The service plugins Neutron will use
-
tcp_keepidle = 600
+
= 600
(IntOpt) Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not supported on OS X.
+
+
= True
+
(BoolOpt) Determines if connections are allowed to be held open by clients after a request is fulfilled. A value of False will ensure that the socket connection will be explicitly closed once a response has been sent to the client.
+
[service_providers]
-
service_provider = []
+
= []
(MultiStrOpt) Defines providers for advanced services using the format: <service_type>:<name>:<driver>[:default]
(StrOpt) Keystone service account tenant name to validate user tokens
-
admin_token = None
+
= None
(StrOpt) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
-
admin_user = None
+
= None
(StrOpt) Keystone account username
-
auth_admin_prefix =
+
=
(StrOpt) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
-
auth_host = 127.0.0.1
+
= 127.0.0.1
(StrOpt) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_port = 35357
+
= 35357
(IntOpt) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_protocol = https
+
= https
(StrOpt) Protocol of the admin Identity API endpoint (http or https). Deprecated, use identity_uri.
-
auth_uri = None
+
= None
(StrOpt) Complete public Identity API endpoint
-
auth_version = None
+
= None
(StrOpt) API version of the admin Identity API endpoint
-
cache = None
+
= None
(StrOpt) Env key for the swift cache
-
cafile = None
+
= None
(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
-
certfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
check_revocations_for_cached = False
+
= False
(BoolOpt) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the Keystone server.
-
delay_auth_decision = False
+
= False
(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components
-
enforce_token_bind = permissive
+
= permissive
(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
-
hash_algorithms = md5
+
= md5
(ListOpt) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
-
http_connect_timeout = None
+
= None
(BoolOpt) Request timeout value for communicating with Identity API server.
-
http_request_max_retries = 3
+
= 3
(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.
-
identity_uri = None
+
= None
(StrOpt) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
-
include_service_catalog = True
+
= True
(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
-
insecure = False
+
= False
(BoolOpt) Verify HTTPS connections.
-
keyfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
memcache_secret_key = None
+
= None
(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.
-
memcache_security_strategy = None
+
= None
(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
-
revocation_cache_time = 10
+
= 10
(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
-
signing_dir = None
+
= None
(StrOpt) Directory used to cache files related to PKI tokens
-
token_cache_time = 300
+
= 300
(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
(BoolOpt) Flag to decide if a route to the metadata server should be injected into the VM
-
auto_sync_on_failure = True
+
= True
(BoolOpt) If neutron fails to create a resource because the backend controller doesn't know of a dependency, the plugin automatically triggers a full data synchronization to the controller.
-
cache_connections = True
+
= True
(BoolOpt) Re-use HTTP/HTTPS connections to the controller.
-
consistency_interval = 60
+
= 60
(IntOpt) Time between verifications that the backend controller database is consistent with Neutron. (0 to disable)
-
neutron_id = neutron-shock
+
= neutron-usagi
(StrOpt) User defined identifier for this Neutron deployment
-
no_ssl_validation = False
+
= False
(BoolOpt) Disables SSL certificate validation for controllers
-
server_auth = None
+
= None
(StrOpt) The username and password for authenticating against the Big Switch or Floodlight controller.
-
server_ssl = True
+
= True
(BoolOpt) If True, Use SSL when connecting to the Big Switch or Floodlight controller.
-
server_timeout = 10
+
= 10
(IntOpt) Maximum number of seconds to wait for proxy request to connect and complete.
-
servers = localhost:8800
+
= localhost:8800
(ListOpt) A comma separated list of Big Switch or Floodlight servers and port numbers. The plugin proxies the requests to the Big Switch/Floodlight server, which performs the networking configuration. Only oneserver is needed per deployment, but you may wish todeploy multiple servers to support failover.
(StrOpt) Directory containing ca_certs and host_certs certificate directories.
-
ssl_sticky = True
+
= True
(BoolOpt) Trust and store the first certificate received for each controller address and use it to validate future connections to that address.
-
sync_data = False
+
= False
(BoolOpt) Sync data on connect
-
thread_pool_size = 4
+
= 4
(IntOpt) Maximum number of threads to spawn to handle large volumes of port creations.
[RESTPROXYAGENT]
-
integration_bridge = br-int
+
= br-int
(StrOpt) Name of integration bridge on compute nodes used for security group insertion.
-
polling_interval = 5
+
= 5
(IntOpt) Seconds between agent checks for port changes
-
virtual_switch_type = ovs
+
= ovs
(StrOpt) Virtual switch type.
[ROUTER]
-
max_router_rules = 200
+
= 200
(IntOpt) Maximum number of router rules
-
tenant_default_router_rule = ['*:any:any:permit']
+
= ['*:any:any:permit']
(MultiStrOpt) The default router rules installed in new tenant routers. Repeat the config option for each rule. Format is <tenant>:<source>:<destination>:<action> Use an * to specify default for all tenants.
(IntOpt) Time in seconds for connecting to a hosting device
-
hosting_device_dead_timeout = 300
+
= 300
(IntOpt) The time in seconds until a backlogged hosting device is presumed dead. This value should be set up high enough to recover from a period of connectivity loss or high load when the device may not be responding.
(StrOpt) Path of the routing service helper class.
-
rpc_loop_interval = 10
+
= 10
(IntOpt) Interval when the process_services() loop executes in seconds. This is when the config agent lets each service helper to process its neutron resources.
(IntOpt) Seconds to regard the agent is down; should be at least twice report_interval, to be sure the agent is down for good.
-
api_workers = 0
+
= 0
(IntOpt) Number of separate API worker processes for service
-
auth_ca_cert = None
+
= None
(StrOpt) Certificate Authority public key (CA cert) file for ssl
-
auth_insecure = False
+
= False
(BoolOpt) Turn off verification of the certificate for ssl
-
auth_region = None
+
= None
(StrOpt) Authentication region
-
auth_strategy = keystone
+
= keystone
(StrOpt) The type of authentication to use
-
auth_url = None
+
= None
(StrOpt) Authentication URL
-
base_mac = fa:16:3e:00:00:00
+
= fa:16:3e:00:00:00
(StrOpt) The base MAC address Neutron will use for VIFs
-
bind_host = 0.0.0.0
+
= 0.0.0.0
(StrOpt) The host IP to bind to
-
bind_port = 9696
+
= 9696
(IntOpt) The port to bind to
-
ca_certs = None
+
= None
(StrOpt) CA certificates
-
check_child_processes = False
-
(BoolOpt) Periodically check child processes
-
-
-
check_child_processes_action = respawn
+
= respawn
(StrOpt) Action to be executed when a child process dies
-
check_child_processes_interval = 60
-
(IntOpt) Interval between checks of child process liveness (seconds)
+
= 0
+
(IntOpt) Interval between checks of child process liveness (seconds), use 0 to disable
-
core_plugin = None
+
= None
(StrOpt) The core plugin Neutron will use
-
ctl_cert = None
+
= None
(StrOpt) controller certificate
-
ctl_privkey = None
+
= None
(StrOpt) controller private key
-
dhcp_agent_notification = True
+
= True
(BoolOpt) Allow sending resource operation notification to DHCP agent
-
dhcp_agents_per_network = 1
+
= 1
(IntOpt) Number of DHCP agents scheduled to host a network.
-
dhcp_confs = $state_path/dhcp
+
= False
+
(BoolOpt) Use broadcast in DHCP replies
+
+
+
= $state_path/dhcp
(StrOpt) Location to store DHCP server config files
-
dhcp_delete_namespaces = False
+
= False
(BoolOpt) Delete namespace after removing a dhcp server.
-
dhcp_domain = openstacklocal
+
= openstacklocal
(StrOpt) Domain to use for building the hostnames
-
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+
= neutron.agent.linux.dhcp.Dnsmasq
(StrOpt) The driver used to manage the DHCP server.
-
dhcp_lease_duration = 86400
+
= 86400
(IntOpt) DHCP lease duration (in seconds). Use -1 to tell dnsmasq to use infinite lease times.
-
endpoint_type = publicURL
+
= publicURL
(StrOpt) Network service endpoint type to pull from the keystone catalog
-
force_gateway_on_subnet = True
+
= True
(BoolOpt) Ensure that configured gateway is on subnet. For IPv6, validate only if gateway is not a link local address. Deprecated, to be removed during the K release, at which point the check will be mandatory.
-
host = localhost
+
= localhost
(StrOpt) The hostname Neutron is running on
-
interface_driver = None
+
= None
(StrOpt) The driver used to manage the virtual interface.
-
ip_lib_force_root = False
+
= False
(BoolOpt) Force ip_lib calls to use the root helper
-
lock_path = None
+
= None
(StrOpt) Directory to use for lock files.
-
mac_generation_retries = 16
+
= 16
(IntOpt) How many times Neutron will retry MAC generation
-
max_allowed_address_pair = 10
+
= 10
(IntOpt) Maximum number of allowed address pairs
-
max_dns_nameservers = 5
+
= 5
(IntOpt) Maximum number of DNS nameservers
-
max_fixed_ips_per_port = 5
+
= 5
(IntOpt) Maximum number of fixed ips per port
-
max_subnet_host_routes = 20
+
= 20
(IntOpt) Maximum number of host routes per subnet
-
memcached_servers = None
+
= None
(ListOpt) Memcached servers or None for in process cache.
-
periodic_fuzzy_delay = 5
+
= 5
(IntOpt) Range of seconds to randomly delay when starting the periodic task scheduler to reduce stampeding. (Disable by setting to 0)
-
periodic_interval = 40
+
= 40
(IntOpt) Seconds between running periodic tasks
-
report_interval = 300
+
= 300
(IntOpt) Interval between two metering reports
-
root_helper = sudo
+
= sudo
(StrOpt) Root helper application.
-
state_path = /var/lib/neutron
+
= /var/lib/neutron
(StrOpt) Where to store Neutron state files. This directory must be writable by the agent.
[AGENT]
-
root_helper = sudo
+
= sudo
(StrOpt) Root helper application.
[PROXY]
-
admin_password = None
+
= None
(StrOpt) Admin password
-
admin_tenant_name = None
+
= None
(StrOpt) Admin tenant name
-
admin_user = None
+
= None
(StrOpt) Admin user
-
auth_region = None
+
= None
(StrOpt) Authentication region
-
auth_strategy = keystone
+
= keystone
(StrOpt) The type of authentication to use
-
auth_url = None
+
= None
(StrOpt) Authentication URL
[heleos]
-
admin_password = None
+
= None
(StrOpt) ESM admin password.
[keystone_authtoken]
-
memcached_servers = None
+
= None
(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
(StrOpt) The SQLAlchemy connection string to use to connect to the database.
-
connection_debug = 0
+
= 0
(IntOpt) Verbosity of SQL debugging information: 0=None, 100=Everything.
-
connection_trace = False
+
= False
(BoolOpt) Add Python stack traces to SQL as comment strings.
-
db_inc_retry_interval = True
+
= True
(BoolOpt) If True, increases the interval between database connection retries up to db_max_retry_interval.
-
db_max_retries = 20
+
= 20
(IntOpt) Maximum database connection retries before error is raised. Set to -1 to specify an infinite retry count.
-
db_max_retry_interval = 10
+
= 10
(IntOpt) If db_inc_retry_interval is set, the maximum seconds between database connection retries.
-
db_retry_interval = 1
+
= 1
(IntOpt) Seconds between database connection retries.
-
idle_timeout = 3600
+
= 3600
(IntOpt) Timeout before idle SQL connections are reaped.
-
max_overflow = None
+
= None
(IntOpt) If set, use this value for max_overflow with SQLAlchemy.
-
max_pool_size = None
+
= None
(IntOpt) Maximum number of SQL connections to keep open in a pool.
-
max_retries = 10
-
(IntOpt) Maximum db connection retries during startup. Set to -1 to specify an infinite retry count.
+
= 10
+
(IntOpt) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
-
min_pool_size = 1
+
= 1
(IntOpt) Minimum number of SQL connections to keep open in a pool.
-
mysql_sql_mode = TRADITIONAL
+
= TRADITIONAL
(StrOpt) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
pool_timeout = None
+
= None
(IntOpt) If set, use this value for pool_timeout with SQLAlchemy.
-
retry_interval = 10
+
= 10
(IntOpt) Interval between retries of opening a SQL connection.
-
slave_connection = None
+
= None
(StrOpt) The SQLAlchemy connection string to use to connect to the slave database.
-
sqlite_db = oslo.sqlite
+
= oslo.sqlite
(StrOpt) The file name to use with SQLite.
-
sqlite_synchronous = True
+
= True
(BoolOpt) If True, SQLite uses synchronous mode.
-
use_db_reconnect = False
+
= False
(BoolOpt) Enable the experimental use of database reconnect on connection lost.
(StrOpt) Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number; <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service's log file.
-
disable_process_locking = False
-
(BoolOpt) Whether to disable inter-process locks
+
= False
+
(BoolOpt) Enables or disables inter-process locks.
(BoolOpt) Enables metrics collections for switch ports by using Hyper-V's metric APIs. Collected data can by retrieved by other apps and services, e.g.: Ceilometer. Requires Hyper-V / Windows Server 2012 and above
-
local_network_vswitch = private
+
= private
(StrOpt) Private vswitch name used for local networks
-
metrics_max_retries = 100
+
= 100
(IntOpt) Specifies the maximum number of retries to enable Hyper-V's port metrics collection. The agent will try to enable the feature once every polling_interval period for at most metrics_max_retries or until it succeedes.
-
physical_network_vswitch_mappings =
+
=
(ListOpt) List of <physical_network>:<vswitch> where the physical networks can be expressed with wildcards, e.g.: ."*:external"
-
polling_interval = 2
+
= 2
(IntOpt) The number of seconds the agent will wait between polling for local device changes.
[HYPERV]
-
network_vlan_ranges =
+
=
(ListOpt) List of <physical_network>:<vlan_min>:<vlan_max> or <physical_network>
-
tenant_network_type = local
+
= local
(StrOpt) Network type for tenant networks (local, flat, vlan or none)
(StrOpt) The working mode for the agent. Allowed modes are: 'legacy' - this preserves the existing behavior where the L3 agent is deployed on a centralized networking node to provide L3 services like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. 'dvr' - this mode enables DVR functionality and must be used for an L3 agent that runs on a compute host. 'dvr_snat' - this enables centralized SNAT support in conjunction with DVR. This mode must be used for an L3 agent running on a centralized node (or in single-host deployments, e.g. devstack)
-
allow_automatic_l3agent_failover = False
+
= False
(BoolOpt) Automatically reschedule routers from offline L3 agents to online L3 agents.
-
enable_metadata_proxy = True
+
= True
(BoolOpt) Allow running metadata proxy.
-
external_network_bridge = br-ex
+
= br-ex
(StrOpt) Name of bridge used for external network traffic.
-
gateway_external_network_id =
+
=
(StrOpt) UUID of external network for routers implemented by the agents.
-
ha_confs_path = $state_path/ha_confs
+
= $state_path/ha_confs
(StrOpt) Location to store keepalived/conntrackd config files
-
ha_vrrp_advert_int = 2
+
= 2
(IntOpt) The advertisement interval in seconds
-
ha_vrrp_auth_password = None
+
= None
(StrOpt) VRRP authentication password
-
ha_vrrp_auth_type = PASS
+
= PASS
(StrOpt) VRRP authentication type AH/PASS
-
handle_internal_only_routers = True
+
= True
(BoolOpt) Agent should implement routers with no gateway
-
l3_ha = False
+
= False
(BoolOpt) Enable HA mode for virtual routers.
-
l3_ha_net_cidr = 169.254.192.0/18
+
= 169.254.192.0/18
(StrOpt) Subnet used for the l3 HA admin network.
-
max_l3_agents_per_router = 3
+
= 3
(IntOpt) Maximum number of agents on which a router will be scheduled.
-
min_l3_agents_per_router = 2
+
= 2
(IntOpt) Minimum number of agents on which a router will be scheduled.
-
router_id =
+
=
(StrOpt) If namespaces is disabled, the l3 agent can only configure a router that has the matching router ID.
-
send_arp_for_ha = 3
+
= 3
(IntOpt) Send this many gratuitous ARPs for HA setup, if less than or equal to 0, the feature is disabled
+
+
= True
+
(BoolOpt) Use the root helper to read the namespaces from the operating system.
+
+
+
[AGENT]
+
+
+
= True
+
(BoolOpt) Add comments to iptables rules.
+
+
+
= True
+
(BoolOpt) Use the root helper to read the namespaces from the operating system.
(IntOpt) Sync interval in seconds between L3 Service plugin and EOS. This interval defines how often the synchronization is performed. This is an optional field. If not set, a value of 180 seconds is assumed
-
mlag_config = False
+
= False
(BoolOpt) This flag is used indicate if Arista Switches are configured in MLAG mode. If yes, all L3 config is pushed to both the switches automatically. If this flag is set to True, ensure to specify IP addresses of both switches. This is optional. If not set, a value of "False" is assumed.
-
primary_l3_host =
+
=
(StrOpt) Arista EOS IP address. This is required field. If not set, all communications to Arista EOS will fail
-
primary_l3_host_password =
+
=
(StrOpt) Password for Arista EOS. This is required field. If not set, all communications to Arista EOS will fail
-
primary_l3_host_username =
+
=
(StrOpt) Username for Arista EOS. This is required field. If not set, all communications to Arista EOS will fail
-
secondary_l3_host =
+
=
(StrOpt) Arista EOS IP address for second Switch MLAGed with the first one. This an optional field, however, if mlag_config flag is set, then this is required. If not set, all communications to Arista EOS will fail
-
use_vrf = False
+
= False
(BoolOpt) A "True" value for this flag indicates to create a router in VRF. If not set, all routers are created in default VRF.This is optional. If not set, a value of "False" is assumed.
(BoolOpt) Enables or disables fatal status of deprecations.
-
instance_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance that is passed with the log message.
-
instance_uuid_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance UUID that is passed with the log message.
-
log_config_append = None
+
= None
(StrOpt) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation.
-
log_date_format = %Y-%m-%d %H:%M:%S
+
= %Y-%m-%d %H:%M:%S
(StrOpt) Format string for %%(asctime)s in log records. Default: %(default)s .
-
log_dir = None
+
= None
(StrOpt) (Optional) The base directory used for relative --log-file paths.
-
log_file = None
+
= None
(StrOpt) (Optional) Name of log file to output to. If no default is set, logging will go to stdout.
-
log_format = None
+
= None
(StrOpt) DEPRECATED. A logging.Formatter log message format string which may use any of the available logging.LogRecord attributes. This option is deprecated. Please use logging_context_format_string and logging_default_format_string instead.
(StrOpt) Prefix each line of exception output with this format.
-
publish_errors = False
+
= False
(BoolOpt) Enables or disables publication of error events.
-
syslog_log_facility = LOG_USER
+
= LOG_USER
(StrOpt) Syslog facility to receive log lines.
-
use_ssl = False
+
= False
(BoolOpt) Enable SSL on the API server
-
use_stderr = True
+
= True
(BoolOpt) Log output to standard error.
-
use_syslog = False
+
= False
(BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED during I, and will change in J to honor RFC5424.
-
use_syslog_rfc_format = False
+
= False
(BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in I, and will be removed in J.
-
verbose = False
+
= False
(BoolOpt) Print more verbose output (set logging level to INFO instead of default WARNING level).
(StrOpt) Default flavor to use, when flavor:network is not specified at network creation.
-
default_l3_flavor =
+
=
(StrOpt) Default L3 flavor to use, when flavor:router is not specified at router creation. Ignored if 'l3_plugin_list' is blank.
-
extension_map =
+
=
(StrOpt) Comma separated list of method:flavor to select specific plugin for a method. This has priority over method search order based on 'plugin_list'.
-
l3_plugin_list =
+
=
(StrOpt) Comma separated list of flavor:neutron_plugin for L3 service plugins to load. This is intended for specifying L2 plugins which support L3 functions. If you use a router service plugin, set this blank.
-
plugin_list =
+
=
(StrOpt) Comma separated list of flavor:neutron_plugin for plugins to load. Extension method is searched in the list order and the first one is used.
-
rpc_flavor =
+
=
(StrOpt) Specifies flavor for plugin to handle 'q-plugin' RPC requests.
-
supported_extension_aliases =
+
=
(StrOpt) Comma separated list of supported extension aliases.
(StrOpt) Mapping between flavor and LinuxInterfaceDriver. It is specific to MetaInterfaceDriver used with admin_user, admin_password, admin_tenant_name, admin_url, auth_strategy, auth_region and endpoint_type.
-
metadata_backlog = 4096
+
= 4096
(IntOpt) Number of backlog requests to configure the metadata server socket with
-
metadata_port = 9697
+
= 9697
(IntOpt) TCP Port used by Neutron metadata namespace proxy.
-
metadata_proxy_shared_secret =
+
=
(StrOpt) Shared secret to sign instance-id request
(StrOpt) Arista EOS IP address. This is required field. If not set, all communications to Arista EOSwill fail.
-
eapi_password =
+
=
(StrOpt) Password for Arista EOS. This is required field. If not set, all communications to Arista EOS will fail.
-
eapi_username =
+
=
(StrOpt) Username for Arista EOS. This is required field. If not set, all communications to Arista EOSwill fail.
-
region_name = RegionOne
+
= RegionOne
(StrOpt) Defines Region Name that is assigned to this OpenStack Controller. This is useful when multiple OpenStack/Neutron controllers are managing the same Arista HW clusters. Note that this name must match with the region name registered (or known) to keystone service. Authentication with Keysotne is performed by EOS. This is optional. If not set, a value of "RegionOne" is assumed.
-
sync_interval = 180
+
= 180
(IntOpt) Sync interval in seconds between Neutron plugin and EOS. This interval defines how often the synchronization is performed. This is an optional field. If not set, a value of 180 seconds is assumed.
-
use_fqdn = True
+
= True
(BoolOpt) Defines if hostnames are sent to Arista EOS as FQDNs ("node1.domain.com") or as short names ("node1"). This is optional. If not set, a value of "True" is assumed.
(BoolOpt) Flag to decide if a route to the metadata server should be injected into the VM
-
auto_sync_on_failure = True
+
= True
(BoolOpt) If neutron fails to create a resource because the backend controller doesn't know of a dependency, the plugin automatically triggers a full data synchronization to the controller.
-
cache_connections = True
+
= True
(BoolOpt) Re-use HTTP/HTTPS connections to the controller.
-
consistency_interval = 60
+
= 60
(IntOpt) Time between verifications that the backend controller database is consistent with Neutron. (0 to disable)
-
neutron_id = neutron-shock
+
= neutron-usagi
(StrOpt) User defined identifier for this Neutron deployment
-
no_ssl_validation = False
+
= False
(BoolOpt) Disables SSL certificate validation for controllers
-
server_auth = None
+
= None
(StrOpt) The username and password for authenticating against the Big Switch or Floodlight controller.
-
server_ssl = True
+
= True
(BoolOpt) If True, Use SSL when connecting to the Big Switch or Floodlight controller.
-
server_timeout = 10
+
= 10
(IntOpt) Maximum number of seconds to wait for proxy request to connect and complete.
-
servers = localhost:8800
+
= localhost:8800
(ListOpt) A comma separated list of Big Switch or Floodlight servers and port numbers. The plugin proxies the requests to the Big Switch/Floodlight server, which performs the networking configuration. Only oneserver is needed per deployment, but you may wish todeploy multiple servers to support failover.
(StrOpt) Directory containing ca_certs and host_certs certificate directories.
-
ssl_sticky = True
+
= True
(BoolOpt) Trust and store the first certificate received for each controller address and use it to validate future connections to that address.
-
sync_data = False
+
= False
(BoolOpt) Sync data on connect
-
thread_pool_size = 4
+
= 4
(IntOpt) Maximum number of threads to spawn to handle large volumes of port creations.
[RESTPROXYAGENT]
-
integration_bridge = br-int
+
= br-int
(StrOpt) Name of integration bridge on compute nodes used for security group insertion.
-
polling_interval = 5
+
= 5
(IntOpt) Seconds between agent checks for port changes
-
virtual_switch_type = ovs
+
= ovs
(StrOpt) Virtual switch type.
[ROUTER]
-
max_router_rules = 200
+
= 200
(IntOpt) Maximum number of router rules
-
tenant_default_router_rule = ['*:any:any:permit']
+
= ['*:any:any:permit']
(MultiStrOpt) The default router rules installed in new tenant routers. Repeat the config option for each rule. Format is <tenant>:<source>:<destination>:<action> Use an * to specify default for all tenants.
(BoolOpt) SRIOV neutron agent is required for port binding
-
supported_pci_vendor_devs = 15b3:1004, 8086:10c9
+
= 15b3:1004, 8086:10ca
(ListOpt) Supported PCI vendor devices, defined by vendor_id:product_id according to the PCI ID Repository. Default enables support for Intel and Mellanox SR-IOV capable NICs
(ListOpt) List of <physical_network>:<vlan_min>:<vlan_max> or <physical_network> specifying physical_network names usable for VLAN provider and tenant networks, as well as ranges of VLAN tags on each available for allocation to tenant networks.
(IntOpt) Maximum attempts per OFC API request. NEC plugin retries API request to OFC when OFC returns ServiceUnavailable (503). The value must be greater than 0.
-
cert_file = None
+
= None
(StrOpt) Location of certificate file.
-
driver = trema
+
= trema
(StrOpt) Driver to use.
-
enable_packet_filter = True
+
= True
(BoolOpt) Enable packet filter.
-
host = 127.0.0.1
+
= 127.0.0.1
(StrOpt) Host to connect to.
-
insecure_ssl = False
+
= False
(BoolOpt) Disable SSL certificate verification.
-
key_file = None
+
= None
(StrOpt) Location of key file.
-
path_prefix =
+
=
(StrOpt) Base URL of OFC REST API. It is prepended to each API request.
-
port = 8888
+
= 8888
(StrOpt) Port to connect to.
-
use_ssl = False
+
= True
+
(BoolOpt) Support packet filter on OFC router interface.
(StrOpt) Default Network partition in which VSD will orchestrate network resources using openstack
-
organization = system
+
= system
(StrOpt) Organization name in which VSD will orchestrate network resources using openstack
-
server = localhost:8800
+
= localhost:8800
(StrOpt) IP Address and Port of Nuage's VSD server
-
serverauth = username:password
+
= username:password
(StrOpt) Username and password for authentication
-
serverssl = False
+
= False
(BoolOpt) Boolean for SSL connection with VSD server
[SYNCMANAGER]
-
enable_sync = False
+
= False
(BoolOpt) Nuage plugin will sync resources between openstack and VSD
-
sync_interval = 0
+
= 0
(IntOpt) Sync interval in seconds between openstack and VSD. It defines how often the synchronization is done. If not set, value of 0 is assumed and sync will be performed only once, at the Neutron startup time.
(IntOpt) Timeout in seconds for ovs-vsctl commands
[AGENT]
-
arp_responder = False
+
= False
(BoolOpt) Enable local ARP responder if it is supported. Requires OVS 2.1 and ML2 l2population driver. Allows the switch (when supporting an overlay) to respond to an ARP request locally without performing a costly ARP broadcast into the overlay.
-
dont_fragment = True
+
= True
(BoolOpt) Set or un-set the don't fragment (DF) bit on outgoing IP packet carrying GRE/VXLAN tunnel.
-
enable_distributed_routing = False
+
= False
(BoolOpt) Make the l2 agent run in DVR mode.
-
l2_population = False
+
= False
(BoolOpt) Use ML2 l2population mechanism driver to learn remote MAC and IPs and improve tunnel scalability.
-
minimize_polling = True
+
= True
(BoolOpt) Minimize polling by monitoring ovsdb for interface changes.
-
ovsdb_monitor_respawn_interval = 30
+
= 30
(IntOpt) The number of seconds to wait before respawning the ovsdb monitor after losing communication with it.
-
tunnel_types =
+
=
(ListOpt) Network types supported by the agent (gre and/or vxlan).
-
veth_mtu = None
+
= None
(IntOpt) MTU size of veth interfaces
-
vxlan_udp_port = 4789
+
= 4789
(IntOpt) The UDP port to use for VXLAN tunnels.
[CISCO_N1K]
-
local_ip = 10.0.0.3
+
= 10.0.0.3
(StrOpt) N1K Local IP
[OVS]
-
bridge_mappings =
+
=
(ListOpt) List of <physical_network>:<bridge>. Deprecated for ofagent.
-
enable_tunneling = False
-
(BoolOpt) Enable tunneling support.
-
-
-
int_peer_patch_port = patch-tun
+
= patch-tun
(StrOpt) Peer patch port in integration bridge for tunnel bridge.
-
integration_bridge = br-int
+
= br-int
(StrOpt) Integration bridge to use.
-
local_ip =
-
(StrOpt) Local IP address of GRE tunnel endpoints.
+
= None
+
(IPOpt) Local IP address of tunnel endpoint.
-
network_vlan_ranges =
-
(ListOpt) List of <physical_network>:<vlan_min>:<vlan_max> or <physical_network>.
-
-
-
tenant_network_type = local
-
(StrOpt) Network type for tenant networks (local, vlan, gre, vxlan, or none).
-
-
-
tun_peer_patch_port = patch-int
+
= patch-int
(StrOpt) Peer patch port in tunnel bridge for integration bridge.
-
tunnel_bridge = br-tun
+
= br-tun
(StrOpt) Tunnel bridge to use.
-
tunnel_id_ranges =
-
(ListOpt) List of <tun_min>:<tun_max>.
-
-
-
tunnel_type =
-
(StrOpt) The type of tunnels to use when utilizing tunnels, either 'gre' or 'vxlan'.
-
-
-
use_veth_interconnection = False
+
= False
(BoolOpt) Use veths instead of patch ports to interconnect the integration bridge to physical bridges.
(IntOpt) Seconds between connection keepalive heartbeats.
-
qpid_hostname = localhost
+
= localhost
(StrOpt) Qpid broker hostname.
-
qpid_hosts = $qpid_hostname:$qpid_port
+
= $qpid_hostname:$qpid_port
(ListOpt) Qpid HA cluster host:port pairs.
-
qpid_password =
+
=
(StrOpt) Password for Qpid connection.
-
qpid_port = 5672
+
= 5672
(IntOpt) Qpid broker port.
-
qpid_protocol = tcp
+
= tcp
(StrOpt) Transport to use, either 'tcp' or 'ssl'.
-
qpid_receiver_capacity = 1
+
= 1
(IntOpt) The number of prefetched messages held by receiver.
-
qpid_sasl_mechanisms =
+
=
(StrOpt) Space separated list of SASL mechanisms to use for auth.
-
qpid_tcp_nodelay = True
+
= True
(BoolOpt) Whether to disable the Nagle algorithm.
-
qpid_topology_version = 1
+
= 1
(IntOpt) The qpid topology version to use. Version 1 is what was originally used by impl_qpid. Version 2 includes some backwards-incompatible changes that allow broker federation to work. Users should update to version 2 when they are able to take everything down, as it requires a clean break.
List of directories to load filter definitions from (separated by ','). These directories MUST all be only writeable by root !
-
exec_dirs = /sbin,/usr/sbin,/bin,/usr/bin
+
= /sbin,/usr/sbin,/bin,/usr/bin
List of directories to search executables in, in case filters do not explicitely specify a full path (separated by ',') If not specified, defaults to system PATH environment variable. These directories MUST all be only writeable by root !
-
use_syslog = False
+
= False
Enable logging to syslog Default value is False
-
syslog_log_facility = syslog
+
= syslog
Which syslog facility to use. Valid values include auth, authpriv, syslog, local0, local1... Default value is 'syslog'
-
syslog_log_level = ERROR
+
= ERROR
Which messages to log. INFO means log all usage ERROR means only log unsuccessful attempts
[xenapi]
-
xenapi_connection_url = <None>
+
= <None>
XenAPI configuration is only required by the L2 agent if it is to target a XenServer/XCP compute host's dom0.
(BoolOpt) Use ipset to speed-up the iptables based security groups.
-
enable_security_group = True
+
= True
(BoolOpt) Controls whether the neutron security group API is enabled in the server. It should be false when using no security groups or using the nova security group API.
-
firewall_driver = None
+
= None
(StrOpt) Driver for security groups firewall in the L2 agent
(ListOpt) List of <network_device>:<excluded_devices> mapping network_device to the agent's node-specific list of virtual functions that should not be used for virtual networking. excluded_devices is a semicolon separated list of virtual functions (BDF format).to exclude from network_device. The network_device in the mapping should appear in the physical_device_mappings list.
-
physical_device_mappings =
+
=
(ListOpt) List of <physical_network>:<network_device> mapping physical network names to the agent's node-specific physical network device of SR-IOV physical function to be used for VLAN networks. All physical networks listed in network_vlan_ranges on the server should have mappings to appropriate interfaces on each agent
(StrOpt) Name of the interface on a L2 Gateway transport nodewhich should be used by default when setting up a network connection
-
default_l2_gw_service_uuid = None
+
= None
(StrOpt) Unique identifier of the NSX L2 Gateway service which will be used by default for network gateways
-
default_l3_gw_service_uuid = None
+
= None
(StrOpt) Unique identifier of the NSX L3 Gateway service which will be used for implementing routers and floating IPs
-
default_service_cluster_uuid = None
+
= None
(StrOpt) Unique identifier of the Service Cluster which will be used by logical services like dhcp and metadata
-
default_tz_uuid = None
+
= None
(StrOpt) This is uuid of the default NSX Transport zone that will be used for creating tunneled isolated "Neutron" networks. It needs to be created in NSX before starting Neutron with the nsx plugin.
-
http_timeout = 75
+
= 75
(IntOpt) Time before aborting a request
-
nsx_controllers = None
+
= None
(ListOpt) Lists the NSX controllers in this cluster
-
nsx_password = admin
+
= admin
(StrOpt) Password for NSX controllers in this cluster
-
nsx_user = admin
+
= admin
(StrOpt) User name for NSX controllers in this cluster
-
redirects = 2
+
= 2
(IntOpt) Number of times a redirect should be followed
-
retries = 2
+
= 2
(IntOpt) Number of time a request should be retried
[ESWITCH]
-
retries = 3
+
= 3
(IntOpt) The number of retries the agent will send request to daemon before giving up
[NSX]
-
agent_mode = agent
+
= agent
(StrOpt) The mode used to implement DHCP/metadata services.
-
concurrent_connections = 10
+
= 10
(IntOpt) Maximum concurrent connections to each NSX controller.
-
default_transport_type = stt
+
= stt
(StrOpt) The default network tranport type to use (stt, gre, bridge, ipsec_gre, or ipsec_stt)
-
max_lp_per_bridged_ls = 5000
+
= 5000
(IntOpt) Maximum number of ports of a logical switch on a bridged transport zone (default 5000)
-
max_lp_per_overlay_ls = 256
+
= 256
(IntOpt) Maximum number of ports of a logical switch on an overlay transport zone (default 256)
-
metadata_mode = access_network
+
= access_network
(StrOpt) If set to access_network this enables a dedicated connection to the metadata proxy for metadata server access via Neutron router. If set to dhcp_host_route this enables host route injection via the dhcp agent. This option is only useful if running on a host that does not support namespaces otherwise access_network should be used.
-
nsx_gen_timeout = -1
+
= -1
(IntOpt) Number of seconds a generation id should be valid for (default -1 meaning do not time out)
-
replication_mode = service
+
= service
(StrOpt) The default option leverages service nodes to perform packet replication though one could set to this to 'source' to perform replication locally. This is useful if one does not want to deploy a service node(s). It must be set to 'service' for leveraging distributed routers.
[NSX_DHCP]
-
default_lease_time = 43200
+
= 43200
(IntOpt) Default DHCP lease time
-
domain_name = openstacklocal
+
= openstacklocal
(StrOpt) Domain to use for building the hostnames
-
extra_domain_name_servers =
+
=
(ListOpt) Comma separated list of additional domain name servers
[NSX_LSN]
-
sync_on_missing_data = False
+
= False
(BoolOpt) Pull LSN information from NSX in case it is missing from the local data store. This is useful to rebuild the local store in case of server recovery.
[NSX_METADATA]
-
metadata_server_address = 127.0.0.1
+
= 127.0.0.1
(StrOpt) IP address used by Metadata server.
-
metadata_server_port = 8775
+
= 8775
(IntOpt) TCP Port used by Metadata server.
-
metadata_shared_secret =
+
=
(StrOpt) Shared secret to sign instance-id request
[NSX_SYNC]
-
always_read_status = False
+
= False
(BoolOpt) Always read operational status from backend on show operations. Enabling this option might slow down the system.
-
max_random_sync_delay = 0
+
= 0
(IntOpt) Maximum value for the additional random delay in seconds between runs of the state synchronization task
-
min_chunk_size = 500
+
= 500
(IntOpt) Minimum number of resources to be retrieved from NSX during state synchronization
-
min_sync_req_delay = 1
+
= 1
(IntOpt) Minimum delay, in seconds, between two state synchronization queries to NSX. It must not exceed state_sync_interval
-
state_sync_interval = 10
+
= 10
(IntOpt) Interval in seconds between runs of the state synchronization task. Set it to 0 to disable it
[vcns]
-
datacenter_moid = None
+
= None
(StrOpt) Optional parameter identifying the ID of datacenter to deploy NSX Edges
-
datastore_id = None
+
= None
(StrOpt) Optional parameter identifying the ID of datastore to deploy NSX Edges
-
deployment_container_id = None
+
= None
(StrOpt) Optional parameter identifying the ID of datastore to deploy NSX Edges
-
external_network = None
+
= None
(StrOpt) Network ID for physical network connectivity
-
manager_uri = None
+
= None
(StrOpt) uri for vsm
-
password = default
+
= default
(StrOpt) Password for vsm
-
resource_pool_id = None
+
= None
(StrOpt) Optional parameter identifying the ID of resource to deploy NSX Edges
(StrOpt) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
-
default_publisher_id = None
+
= None
(StrOpt) Default publisher_id for outgoing notifications
-
notification_driver = []
+
= []
(MultiStrOpt) Driver or drivers to handle sending notifications.
-
notification_topics = notifications
+
= notifications
(ListOpt) AMQP topic used for OpenStack notifications.
-
transport_url = None
+
= None
(StrOpt) A URL representing the messaging driver to use and its full configuration. If not set, we fall back to the rpc_backend option and driver specific configuration.
(StrOpt) File name for the paste.deploy config for nova-api
-
api_rate_limit = False
+
= False
(BoolOpt) Whether to use per-user rate limiting for the api. This option is only used by v2 api. Rate limiting is removed from v3 api.
-
enable_new_services = True
+
= 900
+
(IntOpt) Timeout for client connections' socket operations. If an incoming connection is idle for this number of seconds it will be closed. A value of '0' means wait forever.
+
+
+
= True
(BoolOpt) Services to be added to the available pool on create
-
enabled_apis = ec2, osapi_compute, metadata
+
= ec2, osapi_compute, metadata
(ListOpt) A list of APIs to enable by default
-
enabled_ssl_apis =
+
=
(ListOpt) A list of APIs with enabled SSL
-
instance_name_template = instance-%08x
+
= instance-%08x
(StrOpt) Template string to be used to generate instance names
-
max_header_line = 16384
+
= 16384
(IntOpt) Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs).
(StrOpt) When creating multiple instances with a single request using the os-multiple-create API extension, this template will be used to build the display name for each instance. The benefit is that the instances end up with different hostnames. To restore legacy behavior of every instance having the same name, set this option to "%(name)s". Valid keys for the template are: name, uuid, count.
(StrOpt) A python format string that is used as the template to generate log lines. The following values can be formatted into it: client_ip, date_time, request_line, status_code, body_length, wall_seconds.
(StrOpt) Keystone service account tenant name to validate user tokens
-
admin_token = None
+
= None
(StrOpt) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead.
-
admin_user = None
+
= None
(StrOpt) Keystone account username
-
auth_admin_prefix =
+
=
(StrOpt) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
-
auth_host = 127.0.0.1
+
= 127.0.0.1
(StrOpt) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_port = 35357
+
= 35357
(IntOpt) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_protocol = https
+
= https
(StrOpt) Protocol of the admin Identity API endpoint (http or https). Deprecated, use identity_uri.
-
auth_uri = None
+
= None
(StrOpt) Complete public Identity API endpoint
-
auth_version = None
+
= None
(StrOpt) API version of the admin Identity API endpoint
-
cache = None
+
= None
(StrOpt) Env key for the swift cache
-
cafile = None
+
= None
(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
-
certfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
check_revocations_for_cached = False
+
= False
(BoolOpt) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the Keystone server.
-
delay_auth_decision = False
+
= False
(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components
-
enforce_token_bind = permissive
+
= permissive
(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
-
hash_algorithms = md5
+
= md5
(ListOpt) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
-
http_connect_timeout = None
+
= None
(BoolOpt) Request timeout value for communicating with Identity API server.
-
http_request_max_retries = 3
+
= 3
(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server.
-
identity_uri = None
+
= None
(StrOpt) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
-
include_service_catalog = True
+
= True
(BoolOpt) (optional) indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
-
insecure = False
+
= False
(BoolOpt) Verify HTTPS connections.
-
keyfile = None
+
= None
(StrOpt) Required if Keystone server requires client certificate
-
memcache_secret_key = None
+
= None
(StrOpt) (optional, mandatory if memcache_security_strategy is defined) this string is used for key derivation.
-
memcache_security_strategy = None
+
= None
(StrOpt) (optional) if defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
-
revocation_cache_time = 10
+
= 10
(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
-
signing_dir = None
+
= None
(StrOpt) Directory used to cache files related to PKI tokens
-
token_cache_time = 300
+
= 300
(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
(StrOpt) Availability zone to use when user doesn't specify one
-
internal_service_availability_zone = internal
+
= internal
(StrOpt) The availability_zone to show internal services under
diff --git a/doc/common/tables/nova-ca.xml b/doc/common/tables/nova-ca.xml
index 30f4db5173..1884024e35 100644
--- a/doc/common/tables/nova-ca.xml
+++ b/doc/common/tables/nova-ca.xml
@@ -4,7 +4,7 @@
generated and your changes will be overwritten.
The tool to do so lives in openstack-doc-tools repository. -->
-
Description of CA configuration options
+
Description of CA and SSL configuration options
@@ -18,70 +18,70 @@
[DEFAULT]
-
ca_file = cacert.pem
+
= cacert.pem
(StrOpt) Filename of root CA
-
ca_path = $state_path/CA
+
= $state_path/CA
(StrOpt) Where we keep our root CA
-
cert_manager = nova.cert.manager.CertManager
+
= nova.cert.manager.CertManager
(StrOpt) Full class name for the Manager for cert
-
cert_topic = cert
+
= cert
(StrOpt) The topic cert nodes listen on
-
crl_file = crl.pem
+
= crl.pem
(StrOpt) Filename of root Certificate Revocation List
(StrOpt) Directory where nova binaries are installed
-
compute_topic = compute
+
= compute
(StrOpt) The topic compute nodes listen on
-
console_topic = console
+
= console
(StrOpt) The topic console proxy nodes listen on
-
consoleauth_topic = consoleauth
+
= consoleauth
(StrOpt) The topic console auth proxy nodes listen on
-
host = localhost
+
= localhost
(StrOpt) Name of this node. This can be an opaque identifier. It is not necessarily a hostname, FQDN, or IP address. However, the node name must be valid within an AMQP key, and if using ZeroMQ, a valid hostname, FQDN, or IP address
-
lock_path = None
-
(StrOpt) Directory to use for lock files.
-
-
-
memcached_servers = None
+
= None
(ListOpt) Memcached servers or None for in process cache.
-
my_ip = 10.0.0.1
+
= 10.0.0.1
(StrOpt) IP address of this host
-
notify_api_faults = False
+
= False
(BoolOpt) If set, send api.fault notifications on caught exceptions in the API service.
-
notify_on_state_change = None
+
= None
(StrOpt) If set, send compute.instance.update notifications on instance state changes. Valid values are None for no notifications, "vm_state" for notifications on VM state changes, or "vm_and_task_state" for notifications on VM and task state changes.
-
pybasedir = /usr/lib/python/site-packages/nova
+
= /usr/lib/python/site-packages/nova
(StrOpt) Directory where the nova python module is installed
-
report_interval = 10
+
= 10
(IntOpt) Seconds between nodes reporting state to datastore
-
rootwrap_config = /etc/nova/rootwrap.conf
+
= /etc/nova/rootwrap.conf
(StrOpt) Path to the rootwrap configuration file to use for running commands as root
-
service_down_time = 60
+
= 60
(IntOpt) Maximum time since last check-in for up service
-
state_path = $pybasedir
+
= $pybasedir
(StrOpt) Top-level directory for maintaining nova's state
-
tempdir = None
+
= None
(StrOpt) Explicitly specify the temporary working directory
[keystone_authtoken]
-
memcached_servers = None
+
= None
(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
(MultiStrOpt) Monitor classes available to the compute which may be specified more than once.
-
compute_driver = None
+
= None
(StrOpt) Driver to use for controlling virtualization. Options include: libvirt.LibvirtDriver, xenapi.XenAPIDriver, fake.FakeDriver, baremetal.BareMetalDriver, vmwareapi.VMwareVCDriver, hyperv.HyperVDriver
(StrOpt) Full class name for the Manager for console proxy
-
default_flavor = m1.small
+
= m1.small
(StrOpt) Default flavor to use for the EC2 API only. The Nova API does not support a default flavor.
-
default_notification_level = INFO
+
= INFO
(StrOpt) Default notification level for outgoing notifications
-
enable_instance_password = True
+
= True
(BoolOpt) Enables returning of the instance password by the relevant server API calls such as create, rebuild or rescue, If the hypervisor does not support password injection then the password returned will not be correct
-
heal_instance_info_cache_interval = 60
+
= 60
(IntOpt) Number of seconds between instance info_cache self healing updates
-
image_cache_manager_interval = 2400
-
(IntOpt) Number of seconds to wait between runs of the image cache manager. Set to -1 to disable. Setting this to 0 will disable, but this will change in the K release to mean "run at the default rate".
+
= 2400
+
(IntOpt) Number of seconds to wait between runs of the image cache manager. Set to -1 to disable. Setting this to 0 will run at the default rate.
-
image_cache_subdirectory_name = _base
+
= _base
(StrOpt) Where cached images are stored under $instances_path. This is NOT the full path - just a folder name. For per-compute-host cached images, set to _base_$my_ip
-
instance_build_timeout = 0
-
(IntOpt) Amount of time in seconds an instance can be in BUILD before going into ERROR status.Set to 0 to disable.
+
= 0
+
(IntOpt) Amount of time in seconds an instance can be in BUILD before going into ERROR status. Set to 0 to disable.
-
instance_delete_interval = 300
-
(IntOpt) Interval in seconds for retrying failed instance file deletes
+
= 300
+
(IntOpt) Interval in seconds for retrying failed instance file deletes. Set to -1 to disable. Setting this to 0 will run at the default rate.
(StrOpt) Time period to generate instance usages for. Time period must be hour, day, month or year
-
instances_path = $state_path/instances
+
= $state_path/instances
(StrOpt) Where instances are stored on disk
-
maximum_instance_delete_attempts = 5
+
= 5
(IntOpt) The number of times to attempt to reap an instance's files.
-
reboot_timeout = 0
+
= 0
(IntOpt) Automatically hard reboot an instance if it has been stuck in a rebooting state longer than N seconds. Set to 0 to disable.
-
reclaim_instance_interval = 0
+
= 0
(IntOpt) Interval in seconds for reclaiming deleted instances
-
rescue_timeout = 0
+
= 0
(IntOpt) Automatically unrescue an instance after N seconds. Set to 0 to disable.
-
resize_confirm_window = 0
+
= 0
(IntOpt) Automatically confirm resizes after N seconds. Set to 0 to disable.
-
resume_guests_state_on_host_boot = False
+
= False
(BoolOpt) Whether to start guests that were running before the host rebooted
-
running_deleted_instance_action = reap
-
(StrOpt) Action to take if a running deleted instance is detected.Valid options are 'noop', 'log', 'shutdown', or 'reap'. Set to 'noop' to take no action.
+
= reap
+
(StrOpt) Action to take if a running deleted instance is detected. Valid options are 'noop', 'log', 'shutdown', or 'reap'. Set to 'noop' to take no action.
-
running_deleted_instance_poll_interval = 1800
+
= 1800
(IntOpt) Number of seconds to wait between runs of the cleanup task.
-
running_deleted_instance_timeout = 0
+
= 0
(IntOpt) Number of seconds after being deleted when a running instance should be considered eligible for cleanup.
-
shelved_offload_time = 0
+
= 0
(IntOpt) Time in seconds before a shelved instance is eligible for removing from a host. -1 never offload, 0 offload when shelved
-
shelved_poll_interval = 3600
-
(IntOpt) Interval in seconds for polling shelved instances to offload. Set to -1 to disable.Setting this to 0 will disable, but this will change in Juno to mean "run at the default rate".
+
= 3600
+
(IntOpt) Interval in seconds for polling shelved instances to offload. Set to -1 to disable.Setting this to 0 will run at the default rate.
-
shutdown_timeout = 60
+
= 60
(IntOpt) Total amount of time to wait in seconds for an instance to perform a clean shutdown.
-
sync_power_state_interval = 600
-
(IntOpt) Interval to sync power states between the database and the hypervisor. Set to -1 to disable. Setting this to 0 will disable, but this will change in Juno to mean "run at the default rate".
+
= 600
+
(IntOpt) Interval to sync power states between the database and the hypervisor. Set to -1 to disable. Setting this to 0 will run at the default rate.
-
vif_plugging_is_fatal = True
+
= True
(BoolOpt) Fail instance boot if vif plugging fails
-
vif_plugging_timeout = 300
+
= 300
(IntOpt) Number of seconds to wait for neutron vif plugging events to arrive before continuing or failing (see vif_plugging_is_fatal). If this is set to zero and vif_plugging_is_fatal is False, events should not be expected to arrive at all.
(StrOpt) The SQLAlchemy connection string to use to connect to the database.
-
connection_debug = 0
+
= 0
(IntOpt) Verbosity of SQL debugging information: 0=None, 100=Everything.
-
connection_trace = False
+
= False
(BoolOpt) Add Python stack traces to SQL as comment strings.
-
db_inc_retry_interval = True
+
= True
(BoolOpt) If True, increases the interval between database connection retries up to db_max_retry_interval.
-
db_max_retries = 20
+
= 20
(IntOpt) Maximum database connection retries before error is raised. Set to -1 to specify an infinite retry count.
-
db_max_retry_interval = 10
+
= 10
(IntOpt) If db_inc_retry_interval is set, the maximum seconds between database connection retries.
-
db_retry_interval = 1
+
= 1
(IntOpt) Seconds between database connection retries.
-
idle_timeout = 3600
+
= 3600
(IntOpt) Timeout before idle SQL connections are reaped.
-
max_overflow = None
+
= None
(IntOpt) If set, use this value for max_overflow with SQLAlchemy.
-
max_pool_size = None
+
= None
(IntOpt) Maximum number of SQL connections to keep open in a pool.
-
max_retries = 10
-
(IntOpt) Maximum db connection retries during startup. Set to -1 to specify an infinite retry count.
+
= 10
+
(IntOpt) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
-
min_pool_size = 1
+
= 1
(IntOpt) Minimum number of SQL connections to keep open in a pool.
-
mysql_sql_mode = TRADITIONAL
+
= TRADITIONAL
(StrOpt) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
pool_timeout = None
+
= None
(IntOpt) If set, use this value for pool_timeout with SQLAlchemy.
-
retry_interval = 10
+
= 10
(IntOpt) Interval between retries of opening a SQL connection.
-
slave_connection = None
+
= None
(StrOpt) The SQLAlchemy connection string to use to connect to the slave database.
-
sqlite_db = oslo.sqlite
+
= oslo.sqlite
(StrOpt) The file name to use with SQLite.
-
sqlite_synchronous = True
+
= True
(BoolOpt) If True, SQLite uses synchronous mode.
-
use_db_reconnect = False
+
= False
(BoolOpt) Enable the experimental use of database reconnect on connection lost.
-
use_tpool = False
+
= False
(BoolOpt) Enable the experimental use of thread pooling for all DB API calls
(StrOpt) Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number; <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service's log file.
-
disable_process_locking = False
-
(BoolOpt) Enables or disables inter-process locks.
(StrOpt) The cipher and mode to be used to encrypt ephemeral storage. Which ciphers are available ciphers depends on kernel support. See /proc/crypto for the list of available options.
-
enabled = False
+
= False
(BoolOpt) Whether to encrypt ephemeral storage
-
key_size = 512
+
= 512
(IntOpt) The bit length of the encryption key to be used to encrypt ephemeral storage (in XTS mode only half of the bits are used for encryption key)
(FloatOpt) Enables dynamic memory allocation (ballooning) when set to a value greater than 1. The value expresses the ratio between the total RAM assigned to an instance and its startup RAM amount. For example a ratio of 2.0 for an instance with 1024MB of RAM implies 512MB of RAM allocated at startup
-
enable_instance_metrics_collection = False
+
= False
(BoolOpt) Enables metrics collections for an instance by using Hyper-V's metric APIs. Collected data can by retrieved by other apps and services, e.g.: Ceilometer. Requires Hyper-V / Windows Server 2012 and above
-
force_hyperv_utils_v1 = False
+
= False
(BoolOpt) Force V1 WMI utility classes
-
instances_path_share =
+
=
(StrOpt) The name of a Windows share name mapped to the "instances_path" dir and used by the resize feature to copy files to the target host. If left blank, an administrative share will be used, looking for the same "instances_path" used locally
-
limit_cpu_features = False
+
= False
(BoolOpt) Required for live migration among hosts with different CPU features
-
mounted_disk_query_retry_count = 10
+
= 10
(IntOpt) The number of times to retry checking for a disk mounted via iSCSI.
-
mounted_disk_query_retry_interval = 5
+
= 5
(IntOpt) Interval between checks for a mounted iSCSI disk, in seconds.
-
qemu_img_cmd = qemu-img.exe
+
= qemu-img.exe
(StrOpt) Path of qemu-img command which is used to convert between different image types
-
vswitch_name = None
+
= None
(StrOpt) External virtual switch Name, if not provided, the first external virtual switch is used
-
wait_soft_reboot_seconds = 60
+
= 60
(IntOpt) Number of seconds to wait for instance to shut down after soft reboot request is made. We fall back to hard reboot if instance does not shutdown within this window.
(StrOpt) Migration flags to be set for block migration
-
checksum_base_images = False
+
= False
(BoolOpt) Write a checksum for files in _base to disk
-
checksum_interval_seconds = 3600
+
= 3600
(IntOpt) How frequently to checksum base images
-
connection_uri =
+
=
(StrOpt) Override the default libvirt URI (which is dependent on virt_type)
-
cpu_mode = None
+
= None
(StrOpt) Set to "host-model" to clone the host CPU feature flags; to "host-passthrough" to use the host CPU model exactly; to "custom" to use a named CPU model; to "none" to not set any CPU model. If virt_type="kvm|qemu", it will default to "host-model", otherwise it will default to "none"
-
cpu_model = None
+
= None
(StrOpt) Set to a named libvirt CPU model (see names listed in /usr/share/libvirt/cpu_map.xml). Only has effect if cpu_mode="custom" and virt_type="kvm|qemu"
-
disk_cachemodes =
+
=
(ListOpt) Specific cachemodes to use for different disk types e.g: file=directsync,block=none
-
disk_prefix = None
+
= None
(StrOpt) Override the default disk prefix for the devices attached to a server, which is dependent on virt_type. (valid options are: sd, xvd, uvd, vd)
-
gid_maps =
+
=
(ListOpt) List of guid targets and ranges.Syntax is guest-gid:host-gid:countMaximum of 5 allowed.
-
hw_disk_discard = None
+
= None
(StrOpt) Discard option for nova managed disks (valid options are: ignore, unmap). Need Libvirt(1.0.6) Qemu1.5 (raw format) Qemu1.6(qcow2 format)
-
hw_machine_type = None
+
= None
(ListOpt) For qemu or KVM guests, set this option to specify a default machine type per host architecture. You can find a list of supported machine types in your environment by checking the output of the "virsh capabilities"command. The format of the value for this config option is host-arch=machine-type. For example: x86_64=machinetype1,armv7l=machinetype2
(StrOpt) Allows image information files to be stored in non-standard locations
-
images_rbd_ceph_conf =
+
=
(StrOpt) Path to the ceph configuration file to use
-
images_rbd_pool = rbd
+
= rbd
(StrOpt) The RADOS pool in which rbd volumes are stored
-
images_type = default
+
= default
(StrOpt) VM Images format. Acceptable values are: raw, qcow2, lvm, rbd, default. If default is specified, then use_cow_images flag is used instead of this one.
-
images_volume_group = None
+
= None
(StrOpt) LVM Volume Group that is used for VM images, when you specify images_type=lvm.
-
inject_key = False
+
= False
(BoolOpt) Inject the ssh public key at boot time
-
inject_partition = -2
+
= -2
(IntOpt) The partition to inject to : -2 => disable, -1 => inspect (libguestfs only), 0 => not partitioned, >0 => partition number
-
inject_password = False
+
= False
(BoolOpt) Inject the admin password at boot time, without an agent.
-
iscsi_use_multipath = False
+
= False
(BoolOpt) Use multipath connection of the iSCSI volume
-
iser_use_multipath = False
+
= False
(BoolOpt) Use multipath connection of the iSER volume
-
mem_stats_period_seconds = 10
+
= 10
(IntOpt) A number of seconds to memory usage statistics period. Zero or negative value mean to disable memory usage statistics.
-
remove_unused_kernels = False
+
= False
(BoolOpt) Should unused kernel images be removed? This is only safe to enable if all compute nodes have been updated to support this option. This will be enabled by default in future.
-
remove_unused_resized_minimum_age_seconds = 3600
+
= 3600
(IntOpt) Unused resized base images younger than this will not be removed
-
rescue_image_id = None
+
= None
(StrOpt) Rescue ami image. This will not be used if an image id is provided by the user.
-
rescue_kernel_id = None
+
= None
(StrOpt) Rescue aki image
-
rescue_ramdisk_id = None
+
= None
(StrOpt) Rescue ari image
-
rng_dev_path = None
+
= None
(StrOpt) A path to a device that will be used as source of entropy on the host. Permitted options are: /dev/random or /dev/hwrng
-
snapshot_compression = False
+
= False
(BoolOpt) Compress snapshot images when possible. This currently applies exclusively to qcow2 images
-
snapshot_image_format = None
+
= None
(StrOpt) Snapshot image format (valid options are : raw, qcow2, vmdk, vdi). Defaults to same as source image
-
snapshots_directory = $instances_path/snapshots
+
= $instances_path/snapshots
(StrOpt) Location where libvirt driver will store snapshots before uploading them to image service
-
sparse_logical_volumes = False
+
= False
(BoolOpt) Create sparse logical volumes (with virtualsize) if this flag is set to True.
-
sysinfo_serial = auto
+
= auto
(StrOpt) The data source used to the populate the host "serial" UUID exposed to guest in the virtual BIOS. Permitted options are "hardware", "os", "none" or "auto" (default).
-
uid_maps =
+
=
(ListOpt) List of uid targets and ranges.Syntax is guest-uid:host-uid:countMaximum of 5 allowed.
-
use_usb_tablet = True
+
= True
(BoolOpt) Sync virtual and real mouse cursors in Windows VMs
-
use_virtio_for_bridges = True
+
= True
(BoolOpt) Use virtio for bridge interfaces with KVM/QEMU
(ListOpt) DEPRECATED. Libvirt handlers for remote volumes. This option is deprecated and will be removed in the Kilo release.
-
wait_soft_reboot_seconds = 120
+
= 120
(IntOpt) Number of seconds to wait for instance to shut down after soft reboot request is made. We fall back to hard reboot if instance does not shutdown within this window.
(BoolOpt) Enables or disables fatal status of deprecations.
-
fatal_exception_format_errors = False
+
= False
(BoolOpt) Make exception message format errors fatal
-
instance_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance that is passed with the log message.
-
instance_uuid_format = "[instance: %(uuid)s] "
+
= "[instance: %(uuid)s] "
(StrOpt) The format for an instance UUID that is passed with the log message.
-
log_config_append = None
+
= None
(StrOpt) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation.
-
log_date_format = %Y-%m-%d %H:%M:%S
+
= %Y-%m-%d %H:%M:%S
(StrOpt) Format string for %%(asctime)s in log records. Default: %(default)s .
-
log_dir = None
+
= None
(StrOpt) (Optional) The base directory used for relative --log-file paths.
-
log_file = None
+
= None
(StrOpt) (Optional) Name of log file to output to. If no default is set, logging will go to stdout.
-
log_format = None
+
= None
(StrOpt) DEPRECATED. A logging.Formatter log message format string which may use any of the available logging.LogRecord attributes. This option is deprecated. Please use logging_context_format_string and logging_default_format_string instead.
(StrOpt) Prefix each line of exception output with this format.
-
publish_errors = False
+
= False
(BoolOpt) Enables or disables publication of error events.
-
syslog_log_facility = LOG_USER
+
= LOG_USER
(StrOpt) Syslog facility to receive log lines.
-
use_stderr = True
+
= True
(BoolOpt) Log output to standard error.
-
use_syslog = False
+
= False
(BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED during I, and will change in J to honor RFC5424.
-
use_syslog_rfc_format = False
+
= False
(BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in I, and will be removed in J.
-
verbose = False
+
= False
(BoolOpt) Print more verbose output (set logging level to INFO instead of default WARNING level).
(StrOpt) Full class name for the DNS Manager for floating IPs
-
force_dhcp_release = True
+
= True
(BoolOpt) If True, send a dhcp release on instance termination
-
force_snat_range = []
+
= []
(MultiStrOpt) Traffic to this range will always be snatted to the fallback ip, even if it would normally be bridged out of the node. Can be specified multiple times.
-
forward_bridge_interface = ['all']
+
= ['all']
(MultiStrOpt) An interface that bridges can forward to. If this is set to all then all traffic will be forwarded. Can be specified multiple times.
(StrOpt) Full class name for the Manager for network
-
network_size = 256
+
= 256
(IntOpt) Number of addresses in each private subnet
-
network_topic = network
+
= network
(StrOpt) The topic network nodes listen on
-
networks_path = $state_path/networks
+
= $state_path/networks
(StrOpt) Location to keep network config files
-
num_networks = 1
+
= 1
(IntOpt) Number of networks to support
-
ovs_vsctl_timeout = 120
+
= 120
(IntOpt) Amount of time, in seconds, that ovs_vsctl should wait for a response from the database. 0 is to wait forever.
-
public_interface = eth0
+
= eth0
(StrOpt) Interface for public IP addresses
-
routing_source_ip = $my_ip
+
= $my_ip
(StrOpt) Public IP of network host
-
security_group_api = nova
+
= nova
(StrOpt) The full class name of the security API class
-
send_arp_for_ha = False
+
= False
(BoolOpt) Send gratuitous ARPs for HA setup
-
send_arp_for_ha_count = 3
+
= 3
(IntOpt) Send this many gratuitous ARPs for HA setup
-
share_dhcp_address = False
+
= False
(BoolOpt) DEPRECATED: THIS VALUE SHOULD BE SET WHEN CREATING THE NETWORK. If True in multi_host mode, all compute hosts share the same dhcp address. The same IP address used for DHCP will be added on each nova-network node which is only visible to the vms on the same host.
-
teardown_unused_network_gateway = False
+
= False
(BoolOpt) If True, unused gateway devices (VLAN and bridge) are deleted in VLAN network mode with multi hosted networks
-
update_dns_entries = False
+
= False
(BoolOpt) If True, when a DNS entry must be updated, it sends a fanout cast to all network hosts to update their DNS entries in multi host mode
-
use_network_dns_servers = False
+
= False
(BoolOpt) If set, uses the dns1 and dns2 from the network ref. as dns servers.
-
use_neutron_default_nets = False
+
= False
(StrOpt) Control for checking for default networks
-
use_single_default_gateway = False
+
= False
(BoolOpt) Use single default gateway. Only first nic of vm will get default gateway from dhcp server
-
vlan_interface = None
+
= None
(StrOpt) VLANs will bridge into this interface if set
-
vlan_start = 100
+
= 100
(IntOpt) First VLAN for private networks
[vmware]
-
vlan_interface = vmnic0
+
= vmnic0
(StrOpt) Physical ethernet adapter name for vlan networking
(StrOpt) Default tenant id when creating neutron networks
[neutron]
-
admin_auth_url = http://localhost:5000/v2.0
+
= http://localhost:5000/v2.0
(StrOpt) Authorization URL for connecting to neutron in admin context
-
admin_password = None
+
= None
(StrOpt) Password for connecting to neutron in admin context
-
admin_tenant_id = None
+
= None
(StrOpt) Tenant id for connecting to neutron in admin context
-
admin_tenant_name = None
+
= None
(StrOpt) Tenant name for connecting to neutron in admin context. This option will be ignored if neutron_admin_tenant_id is set. Note that with Keystone V3 tenant names are only unique within a domain.
-
admin_user_id = None
+
= None
(StrOpt) User id for connecting to neutron in admin context
-
admin_username = None
+
= None
(StrOpt) Username for connecting to neutron in admin context
-
allow_duplicate_networks = False
+
= False
(BoolOpt) Allow an instance to have multiple vNICs attached to the same Neutron network.
-
api_insecure = False
+
= False
(BoolOpt) If set, ignore any SSL validation issues
-
auth_strategy = keystone
+
= keystone
(StrOpt) Authorization strategy for connecting to neutron in admin context
-
ca_certificates_file = None
+
= None
(StrOpt) Location of CA certificates file to use for neutron client requests.
-
extension_sync_interval = 600
+
= 600
(IntOpt) Number of seconds before querying neutron for extensions
-
metadata_proxy_shared_secret =
+
=
(StrOpt) Shared secret to validate proxies Neutron metadata requests
-
ovs_bridge = br-int
+
= br-int
(StrOpt) Name of Integration Bridge used by Open vSwitch
-
region_name = None
+
= None
(StrOpt) Region name for connecting to neutron in admin context
-
service_metadata_proxy = False
+
= False
(BoolOpt) Set flag to indicate Neutron will proxy metadata requests and resolve instance ids.
-
url = http://127.0.0.1:9696
+
= http://127.0.0.1:9696
(StrOpt) URL for connecting to neutron
-
url_timeout = 30
+
= 30
(IntOpt) Timeout value for connecting to neutron in seconds
(MultiStrOpt) An alias for a PCI passthrough device requirement. This allows users to specify the alias in the extra_spec for a flavor, without needing to repeat all the PCI property requirements. For example: pci_alias = { "name": "QuicAssist", "product_id": "0443", "vendor_id": "8086", "device_type": "ACCEL" } defines an alias for the Intel QuickAssist card. (multi valued)
-
pci_passthrough_whitelist = []
+
= []
(MultiStrOpt) White list of PCI devices available to VMs. For example: pci_passthrough_whitelist = [{"vendor_id": "8086", "product_id": "0443"}]
(BoolOpt) Allow migrate machine to the same host. Useful when testing in single-host environments.
-
allow_resize_to_same_host = False
+
= False
(BoolOpt) Allow destination machine to match source for resize. Useful when testing in single-host environments.
-
max_age = 0
+
= 0
(IntOpt) Number of seconds between subsequent usage refreshes
-
max_local_block_devices = 3
+
= 3
(IntOpt) Maximum number of devices that will result in a local image being created on the hypervisor node. Setting this to 0 means nova will allow only boot from volume. A negative number means unlimited.
-
osapi_compute_unique_server_name_scope =
+
=
(StrOpt) When set, compute API will consider duplicate hostnames invalid within the specified scope, regardless of case. Should be empty, "project" or "global".
-
osapi_max_limit = 1000
+
= 1000
(IntOpt) The maximum number of items returned in a single response from a collection resource
-
osapi_max_request_body_size = 114688
-
(IntOpt) The maximum body size per each osapi request(bytes)
-
-
-
password_length = 12
+
= 12
(IntOpt) Length of generated instance admin passwords
-
policy_default_rule = default
+
= default
(StrOpt) Default rule. Enforced when a requested rule is not found.
-
policy_file = policy.json
+
= ['policy.d']
+
(MultiStrOpt) Directories where policy configuration files are stored.
+
+
+
= policy.json
(StrOpt) The JSON file that defines policies.
-
reservation_expire = 86400
+
= 86400
(IntOpt) Number of seconds until a reservation expires
-
resize_fs_using_block_device = False
+
= False
(BoolOpt) Attempt to resize the filesystem by accessing the image over a block device. This is done by the host and may not be necessary if the image contains a recent version of cloud-init. Possible mechanisms require the nbd driver (for qcow and raw), or loop (for raw).
-
until_refresh = 0
+
= 0
(IntOpt) Count of reservations until usage is refreshed
(IntOpt) Seconds between connection keepalive heartbeats.
-
qpid_hostname = localhost
+
= localhost
(StrOpt) Qpid broker hostname.
-
qpid_hosts = $qpid_hostname:$qpid_port
+
= $qpid_hostname:$qpid_port
(ListOpt) Qpid HA cluster host:port pairs.
-
qpid_password =
+
=
(StrOpt) Password for Qpid connection.
-
qpid_port = 5672
+
= 5672
(IntOpt) Qpid broker port.
-
qpid_protocol = tcp
+
= tcp
(StrOpt) Transport to use, either 'tcp' or 'ssl'.
-
qpid_receiver_capacity = 1
+
= 1
(IntOpt) The number of prefetched messages held by receiver.
-
qpid_sasl_mechanisms =
+
=
(StrOpt) Space separated list of SASL mechanisms to use for auth.
-
qpid_tcp_nodelay = True
+
= True
(BoolOpt) Whether to disable the Nagle algorithm.
-
qpid_topology_version = 1
+
= 1
(IntOpt) The qpid topology version to use. Version 1 is what was originally used by impl_qpid. Version 2 includes some backwards-incompatible changes that allow broker federation to work. Users should update to version 2 when they are able to take everything down, as it requires a clean break.
(IntOpt) Interval to pull network bandwidth usage info. Not supported on all hypervisors. Set to -1 to disable. Setting this to 0 will disable, but this will change in the K release to mean "run at the default rate".
+
= 600
+
(IntOpt) Interval to pull network bandwidth usage info. Not supported on all hypervisors. Set to -1 to disable. Setting this to 0 will run at the default rate.
-
enable_network_quota = False
+
= False
(BoolOpt) Enables or disables quota checking for tenant networks
-
quota_cores = 20
+
= 20
(IntOpt) Number of instance cores allowed per project
-
quota_driver = nova.quota.DbQuotaDriver
+
= nova.quota.DbQuotaDriver
(StrOpt) Default driver to use for quota checks
-
quota_fixed_ips = -1
+
= -1
(IntOpt) Number of fixed IPs allowed per project (this should be at least the number of instances allowed)
-
quota_floating_ips = 10
+
= 10
(IntOpt) Number of floating IPs allowed per project
-
quota_injected_file_content_bytes = 10240
+
= 10240
(IntOpt) Number of bytes allowed per injected file
-
quota_injected_file_path_length = 255
+
= 255
(IntOpt) Length of injected file path
-
quota_injected_files = 5
+
= 5
(IntOpt) Number of injected files allowed
-
quota_instances = 10
+
= 10
(IntOpt) Number of instances allowed per project
-
quota_key_pairs = 100
+
= 100
(IntOpt) Number of key pairs per user
-
quota_metadata_items = 128
+
= 128
(IntOpt) Number of metadata items allowed per instance
-
quota_ram = 51200
+
= 3
+
(IntOpt) Number of private networks allowed per project
+
+
+
= 51200
(IntOpt) Megabytes of instance RAM allowed per project
-
quota_security_group_rules = 20
+
= 20
(IntOpt) Number of security rules per security group
-
quota_security_groups = 10
+
= 10
(IntOpt) Number of security groups per project
-
quota_server_group_members = 10
+
= 10
(IntOpt) Number of servers per server group
-
quota_server_groups = 10
+
= 10
(IntOpt) Number of server groups per project
[cells]
-
bandwidth_update_interval = 600
+
= 600
(IntOpt) Seconds between bandwidth updates for cells.
List of directories to load filter definitions from (separated by ','). These directories MUST all be only writeable by root !
-
exec_dirs = /sbin,/usr/sbin,/bin,/usr/bin
+
= /sbin,/usr/sbin,/bin,/usr/bin
List of directories to search executables in, in case filters do not explicitely specify a full path (separated by ',') If not specified, defaults to system PATH environment variable. These directories MUST all be only writeable by root !
-
use_syslog = False
+
= False
Enable logging to syslog Default value is False
-
syslog_log_facility = syslog
+
= syslog
Which syslog facility to use. Valid values include auth, authpriv, syslog, local0, local1... Default value is 'syslog'
-
syslog_log_level = ERROR
+
= ERROR
Which messages to log. INFO means log all usage ERROR means only log unsuccessful attempts
(ListOpt) Which filter class names to use for filtering baremetal hosts when not specified in the request.
-
cpu_allocation_ratio = 16.0
+
= 16.0
(FloatOpt) Virtual CPU to physical CPU allocation ratio which affects all CPU filters. This configuration specifies a global ratio for CoreFilter. For AggregateCoreFilter, it will fall back to this configuration value if no per-aggregate setting found.
-
disk_allocation_ratio = 1.0
+
= 1.0
(FloatOpt) Virtual disk to physical disk allocation ratio
-
isolated_hosts =
+
= -1.0
+
(FloatOpt) Multiplier used for weighing host io ops. Negative numbers mean a preference to choose light workload compute hosts.
+
+
+
=
(ListOpt) Host reserved for specific images
-
isolated_images =
+
=
(ListOpt) Images to run on isolated host
-
max_instances_per_host = 50
+
= 50
(IntOpt) Ignore hosts that have too many instances
-
max_io_ops_per_host = 8
+
= 8
(IntOpt) Tells filters to ignore hosts that have this many or more instances currently in build, resize, snapshot, migrate, rescue or unshelve task states
-
ram_allocation_ratio = 1.5
+
= 1.5
(FloatOpt) Virtual ram to physical ram allocation ratio which affects all ram filters. This configuration specifies a global ratio for RamFilter. For AggregateRamFilter, it will fall back to this configuration value if no per-aggregate setting found.
-
ram_weight_multiplier = 1.0
+
= 1.0
(FloatOpt) Multiplier used for weighing ram. Negative numbers mean to stack vs spread.
-
reserved_host_disk_mb = 0
+
= 0
(IntOpt) Amount of disk in MB to reserve for the host
-
reserved_host_memory_mb = 512
+
= 512
(IntOpt) Amount of memory in MB to reserve for the host
-
restrict_isolated_hosts_to_isolated_images = True
+
= True
(BoolOpt) Whether to force isolated hosts to run only isolated images
(MultiStrOpt) Filter classes available to the scheduler which may be specified more than once. An entry of "nova.scheduler.filters.standard_filters" maps to all filters included with nova.
+
= ['nova.scheduler.filters.all_filters']
+
(MultiStrOpt) Filter classes available to the scheduler which may be specified more than once. An entry of "nova.scheduler.filters.all_filters" maps to all filters included with nova.
(IntOpt) How often (in seconds) to run periodic tasks in the scheduler driver of your choice. Please note this is likely to interact with the value of service_down_time, but exactly how they interact will depend on your choice of scheduler driver.
(IntOpt) New instances will be scheduled on a host chosen randomly from a subset of the N best hosts. This property defines the subset size that a host is chosen from. A value of 1 chooses the first host returned by the weighing functions. This value must be at least 1. Any value less than 1 will be ignored, and 1 will be used instead
-
scheduler_json_config_location =
+
=
(StrOpt) Absolute path to scheduler configuration JSON file.
(ListOpt) Weigher classes the cells scheduler should use. An entry of "nova.cells.weights.all_weighers" maps to all cell weighers included with nova.
[metrics]
-
required = True
+
= True
(BoolOpt) How to treat the unavailable metrics. When a metric is NOT available for a host, if it is set to be True, it would raise an exception, so it is recommended to use the scheduler filter MetricFilter to filter out those hosts. If it is set to be False, the unavailable metric would be treated as a negative factor in weighing process, the returned value would be set by the option weight_of_unavailable.
-
weight_multiplier = 1.0
+
= 1.0
(FloatOpt) Multiplier used for weighing metrics.
-
weight_of_unavailable = -10000.0
+
= -10000.0
(FloatOpt) The final weight value to be returned if required is set to False and any one of the metrics set by weight_setting is unavailable.
-
weight_setting =
+
=
(ListOpt) How the metrics are going to be weighed. This should be in the form of "<name1>=<ratio1>, <name2>=<ratio2>, ...", where <nameX> is one of the metrics to be weighed, and <ratioX> is the corresponding ratio. So for "name1=1.0, name2=-1.0" The final weight would be name1.value * 1.0 + name2.value * -1.0.
(StrOpt) Set a version cap for messages sent to local cells services
-
cert = None
+
= None
(StrOpt) Set a version cap for messages sent to cert services
-
compute = None
+
= None
(StrOpt) Set a version cap for messages sent to compute services. If you plan to do a live upgrade from havana to icehouse, you should set this option to "icehouse-compat" before beginning the live upgrade procedure.
-
conductor = None
+
= None
(StrOpt) Set a version cap for messages sent to conductor services
-
console = None
+
= None
(StrOpt) Set a version cap for messages sent to console services
-
consoleauth = None
+
= None
(StrOpt) Set a version cap for messages sent to consoleauth services
-
intercell = None
+
= None
(StrOpt) Set a version cap for messages sent between cells services
-
network = None
+
= None
(StrOpt) Set a version cap for messages sent to network services
-
scheduler = None
+
= None
(StrOpt) Set a version cap for messages sent to scheduler services
(IntOpt) The number of times we retry on failures, e.g., socket error, etc.
-
cluster_name = None
+
= None
(MultiStrOpt) Name of a VMware Cluster ComputeResource.
-
datastore_regex = None
+
= None
(StrOpt) Regex to match the name of a datastore.
-
host_ip = None
+
= None
(StrOpt) Hostname or IP address for connection to VMware VC host.
-
host_password = None
+
= None
(StrOpt) Password for connection to VMware VC host.
-
host_port = 443
+
= 443
(IntOpt) Port for connection to VMware VC host.
-
host_username = None
+
= None
(StrOpt) Username for connection to VMware VC host.
-
integration_bridge = br-int
+
= br-int
(StrOpt) Name of Integration Bridge
-
maximum_objects = 100
+
= 100
(IntOpt) The maximum number of ObjectContent data objects that should be returned in a single result. A positive value will cause the operation to suspend the retrieval when the count of objects reaches the specified maximum. The server may still limit the count to something less than the configured value. Any remaining objects may be retrieved with additional requests.
-
task_poll_interval = 0.5
+
= None
+
(StrOpt) The PBM default policy. If pbm_wsdl_location is set and there is no defined storage policy for the specific request then this policy will be used.
+
+
+
= False
+
(BoolOpt) The PBM status.
+
+
+
= None
+
(StrOpt) PBM service WSDL file location URL. e.g. file:///opt/SDK/spbm/wsdl/pbmService.wsdl Not setting this will disable storage policy based placement of instances.
+
+
+
= 0.5
(FloatOpt) The interval used for polling of remote tasks.
-
use_linked_clone = True
+
= True
(BoolOpt) Whether to use linked clone
-
wsdl_location = None
+
= None
(StrOpt) Optional VIM Service WSDL Location e.g http://<server>/vimService.wsdl. Optional over-ride to default location for bug work-arounds
(BoolOpt) Allow to perform insecure SSL requests to cinder
+
= None
+
(StrOpt) PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
ca_certificates_file = None
-
(StrOpt) Location of ca certificates file to use for cinder client requests.
-
-
-
catalog_info = volume:cinder:publicURL
+
= volumev2:cinderv2:publicURL
(StrOpt) Info to match when looking for cinder in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type>
-
cross_az_attach = True
+
= None
+
(StrOpt) PEM encoded client certificate cert file
+
+
+
= True
(BoolOpt) Allow attach between instance and volume in different availability zones.
-
endpoint_template = None
+
= None
(StrOpt) Override service catalog lookup with template for cinder endpoint e.g. http://localhost:8776/v1/%(project_id)s
-
http_retries = 3
+
= 3
(IntOpt) Number of cinderclient retries on failed http calls
-
http_timeout = None
-
(IntOpt) HTTP inactivity timeout (in seconds)
+
= False
+
(BoolOpt) Verify HTTPS connections.
-
os_region_name = None
+
= None
+
(StrOpt) PEM encoded client certificate key file
+
+
+
= None
(StrOpt) Region name of this node
+
+
= None
+
(IntOpt) Timeout value for http requests
+
[hyperv]
-
force_volumeutils_v1 = False
+
= False
(BoolOpt) Force V1 volume utility class
-
volume_attach_retry_count = 10
+
= 10
(IntOpt) The number of times to retry to attach a volume
-
volume_attach_retry_interval = 5
+
= 5
(IntOpt) Interval between volume attachment attempts, in seconds
[libvirt]
-
glusterfs_mount_point_base = $state_path/mnt
+
= $state_path/mnt
(StrOpt) Directory where the glusterfs volume is mounted on the compute node
-
nfs_mount_options = None
+
= None
(StrOpt) Mount options passedf to the NFS client. See section of the nfs man page for details
-
nfs_mount_point_base = $state_path/mnt
+
= $state_path/mnt
(StrOpt) Directory where the NFS volume is mounted on the compute node
-
num_aoe_discover_tries = 3
+
= 3
(IntOpt) Number of times to rediscover AoE target to find volume
-
num_iscsi_scan_tries = 5
+
= 5
(IntOpt) Number of times to rescan iSCSI target to find volume
-
num_iser_scan_tries = 5
+
= 5
(IntOpt) Number of times to rescan iSER target to find volume
-
qemu_allowed_storage_drivers =
+
=
(ListOpt) Protocols listed here will be accessed directly from QEMU. Currently supported protocols: [gluster]
-
rbd_secret_uuid = None
+
= None
(StrOpt) The libvirt UUID of the secret for the rbd_uservolumes
-
rbd_user = None
+
= None
(StrOpt) The RADOS client name for accessing rbd volumes
-
scality_sofs_config = None
+
= None
(StrOpt) Path or URL to Scality SOFS configuration file
-
scality_sofs_mount_point = $state_path/scality
+
= $state_path/scality
(StrOpt) Base dir where Scality SOFS shall be mounted
+
+
=
+
(StrOpt) Mount options passed to the SMBFS client. See mount.cifs man page for details. Note that the libvirt-qemu uid and gid must be specified.
+
+
+
= $state_path/mnt
+
(StrOpt) Directory where the SMBFS shares are mounted on the compute node
+
[xenserver]
-
block_device_creation_timeout = 10
+
= 10
(IntOpt) Time to wait for a block device to be created
(IntOpt) Port for XVP to multiplex VNC connections on
-
console_xvp_pid = /var/run/xvp.pid
+
= /var/run/xvp.pid
(StrOpt) XVP master process pid file
-
stub_compute = False
+
= False
(BoolOpt) Stub calls to compute worker for tests
[libvirt]
-
xen_hvmloader_path = /usr/lib/xen/boot/hvmloader
+
= /usr/lib/xen/boot/hvmloader
(StrOpt) Location where the Xen hvmloader is kept
[xenserver]
-
agent_path = usr/sbin/xe-update-networking
+
= usr/sbin/xe-update-networking
(StrOpt) Specifies the path in which the XenAPI guest agent should be located. If the agent is present, network configuration is not injected into the image. Used if compute_driver=xenapi.XenAPIDriver and flat_injected=True
-
agent_resetnetwork_timeout = 60
+
= 60
(IntOpt) Number of seconds to wait for agent reply to resetnetwork request
-
agent_timeout = 30
+
= 30
(IntOpt) Number of seconds to wait for agent reply
-
agent_version_timeout = 300
+
= 300
(IntOpt) Number of seconds to wait for agent to be fully operational
-
cache_images = all
+
= all
(StrOpt) Cache glance images locally. `all` will cache all images, `some` will only cache images that have the image_property `cache_in_nova=True`, and `none` turns off caching entirely
-
check_host = True
+
= True
(BoolOpt) Ensure compute service is running on host XenAPI connects to.
-
connection_concurrent = 5
+
= 5
(IntOpt) Maximum number of concurrent XenAPI connections. Used only if compute_driver=xenapi.XenAPIDriver
-
connection_password = None
+
= None
(StrOpt) Password for connection to XenServer/Xen Cloud Platform. Used only if compute_driver=xenapi.XenAPIDriver
-
connection_url = None
+
= None
(StrOpt) URL for connection to XenServer/Xen Cloud Platform. A special value of unix://local can be used to connect to the local unix socket. Required if compute_driver=xenapi.XenAPIDriver
-
connection_username = root
+
= root
(StrOpt) Username for connection to XenServer/Xen Cloud Platform. Used only if compute_driver=xenapi.XenAPIDriver
-
default_os_type = linux
+
= linux
(StrOpt) Default OS type
-
disable_agent = False
+
= False
(BoolOpt) Disables the use of the XenAPI agent in any image regardless of what image properties are present.
-
image_compression_level = None
+
= None
(IntOpt) Compression level for images, e.g., 9 for gzip -9. Range is 1-9, 9 being most compressed but most CPU intensive on dom0.
(StrOpt) Dom0 plugin driver used to handle image uploads.
-
introduce_vdi_retry_wait = 20
+
= 20
(IntOpt) Number of seconds to wait for an SR to settle if the VDI does not exist when first introduced
-
ipxe_boot_menu_url = None
+
= None
(StrOpt) URL to the iPXE boot menu
-
ipxe_mkisofs_cmd = mkisofs
+
= mkisofs
(StrOpt) Name and optionally path of the tool used for ISO image creation
-
ipxe_network_name = None
+
= None
(StrOpt) Name of network to use for booting iPXE ISOs
-
iqn_prefix = iqn.2010-10.org.openstack
+
= iqn.2010-10.org.openstack
(StrOpt) IQN Prefix
-
login_timeout = 10
+
= 10
(IntOpt) Timeout in seconds for XenAPI login.
-
max_kernel_ramdisk_size = 16777216
+
= 16777216
(IntOpt) Maximum size in bytes of kernel or ramdisk images
-
num_vbd_unplug_retries = 10
+
= 10
(IntOpt) Maximum number of retries to unplug VBD
-
ovs_integration_bridge = xapi1
+
= xapi1
(StrOpt) Name of Integration Bridge used by Open vSwitch
-
remap_vbd_dev = False
+
= False
(BoolOpt) Used to enable the remapping of VBD dev (Works around an issue in Ubuntu Maverick)
-
remap_vbd_dev_prefix = sd
+
= sd
(StrOpt) Specify prefix to remap VBD dev to (ex. /dev/xvdb -> /dev/sdb)
-
running_timeout = 60
+
= 60
(IntOpt) Number of seconds to wait for instance to go to running state
-
sparse_copy = True
+
= True
(BoolOpt) Whether to use sparse_copy for copying data on a resize down (False will use standard dd). This speeds up resizes down considerably since large runs of zeros won't have to be rsynced
-
sr_base_path = /var/run/sr-mount
+
= /var/run/sr-mount
(StrOpt) Base path to the storage repository
-
sr_matching_filter = default-sr:true
+
= default-sr:true
(StrOpt) Filter for finding the SR to be used to install guest instances on. To use the Local Storage in default XenServer/XCP installations set this flag to other-config:i18n-key=local-storage. To select an SR with a different matching criteria, you could set it to other-config:my_favorite_sr=true. On the other hand, to fall back on the Default SR, as displayed by XenCenter, set this flag to: default-sr:true
-
target_host = None
+
= None
(StrOpt) The iSCSI Target Host
-
target_port = 3260
+
= 3260
(StrOpt) The iSCSI Target Port, default is port 3260
-
torrent_base_url = None
+
= None
(StrOpt) Base URL for torrent files.
-
torrent_download_stall_cutoff = 600
+
= 600
(IntOpt) Number of seconds a download can remain at the same progress percentage w/o being considered a stall
-
torrent_images = none
+
= none
(StrOpt) Whether or not to download images via Bit Torrent (all|some|none).
-
torrent_listen_port_end = 6891
+
= 6891
(IntOpt) End of port range to listen on
-
torrent_listen_port_start = 6881
+
= 6881
(IntOpt) Beginning of port range to listen on
-
torrent_max_last_accessed = 86400
+
= 86400
(IntOpt) Cached torrent files not accessed within this number of seconds can be reaped
-
torrent_max_seeder_processes_per_host = 1
+
= 1
(IntOpt) Maximum number of seeder processes to run concurrently within a given dom0. (-1 = no limit)
-
torrent_seed_chance = 1.0
+
= 1.0
(FloatOpt) Probability that peer will become a seeder. (1.0 = 100%)
-
torrent_seed_duration = 3600
+
= 3600
(IntOpt) Number of seconds after downloading an image via BitTorrent that it should be seeded for other peers.
-
use_agent_default = False
+
= False
(BoolOpt) Determines if the XenAPI agent should be used when the image used does not contain a hint to declare if the agent is present or not. The hint is a glance property "xenapi_use_agent" that has the value "True" or "False". Note that waiting for the agent when it is not present will significantly increase server boot times.
-
use_join_force = True
+
= True
(BoolOpt) To use for hosts with different CPUs
-
vhd_coalesce_max_attempts = 20
+
= 20
(IntOpt) Max number of times to poll for VHD to coalesce. Used only if compute_driver=xenapi.XenAPIDriver
-
vhd_coalesce_poll_interval = 5.0
+
= 5.0
(FloatOpt) The interval used for polling of coalescing vhds. Used only if compute_driver=xenapi.XenAPIDriver