diff --git a/.gitignore b/.gitignore index ef0087f19..45ca7ac07 100644 --- a/.gitignore +++ b/.gitignore @@ -28,9 +28,11 @@ subunit.log .eggs/ .stestr/ SP1_res.yaml +etc/tacker/tacker.conf.sample etc/tacker/policy.yaml.sample releasenotes/build etc/tacker/tacker.conf.sample doc/source/contributor/api +doc/source/_static/tacker.conf.sample doc/source/_static/tacker.policy.yaml.sample diff --git a/doc/source/_extra/tacker.conf.sample b/doc/source/_extra/tacker.conf.sample deleted file mode 100644 index 77326a704..000000000 --- a/doc/source/_extra/tacker.conf.sample +++ /dev/null @@ -1,1822 +0,0 @@ -[DEFAULT] -auth_strategy = keystone -debug = True -logging_exception_prefix = %(color)s%(asctime)s.%(msecs)03d TRACE %(name)s %(instance)s -logging_debug_format_suffix = from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d -logging_default_format_string = %(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [-%(color)s] %(instance)s%(color)s%(message)s -logging_context_format_string = %(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [%(request_id)s %(project_name)s %(user_name)s%(color)s] %(instance)s%(color)s%(message)s -use_syslog = False -state_path = /opt/stack/data/tacker -transport_url = rabbit://stackrabbit:devstack@127.0.0.1:5672/ - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of the default -# INFO level. (boolean value) -# Note: This option can be changed without restarting. -#debug = false - -# The name of a logging configuration file. This file is appended to any -# existing logging configuration files. For details about logging configuration -# files, see the Python logging module documentation. Note that when logging -# configuration files are used then all logging configuration is set in the -# configuration file and other logging configuration options are ignored (for -# example, logging_context_format_string). (string value) -# Note: This option can be changed without restarting. -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. (string -# value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default is set, -# logging will go to stderr as defined by use_stderr. This option is ignored if -# log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = - -# (Optional) The base directory used for relative log_file paths. This option -# is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = - -# Uses logging handler designed to watch file system. When log file is moved or -# removed this handler will open a new log file with specified path -# instantaneously. It makes sense only if log_file option is specified and -# Linux platform is used. This option is ignored if log_config_append is set. -# (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and will be -# changed later to honor RFC5424. This option is ignored if log_config_append -# is set. (boolean value) -#use_syslog = false - -# Enable journald for logging. If running in a systemd environment you may wish -# to enable journal support. Doing so will use the journal native protocol -# which includes structured metadata in addition to log messages.This option is -# ignored if log_config_append is set. (boolean value) -#use_journal = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Use JSON formatting for logging. This option is ignored if log_config_append -# is set. (boolean value) -#use_json = false - -# Log output to standard error. This option is ignored if log_config_append is -# set. (boolean value) -#use_stderr = false - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. (string -# value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the message -# is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is ignored -# if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. (string -# value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. (string -# value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Interval, number of seconds, of log rate limiting. (integer value) -#rate_limit_interval = 0 - -# Maximum number of logged messages per rate_limit_interval. (integer value) -#rate_limit_burst = 0 - -# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG -# or empty string. Logs with level greater or equal to rate_limit_except_level -# are not filtered. An empty string means that all levels are filtered. (string -# value) -#rate_limit_except_level = CRITICAL - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -# -# From oslo.messaging -# - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size = 30 - -# The pool size limit for connections expiration policy (integer value) -#conn_pool_min_size = 2 - -# The time-to-live in sec of idle connections in the pool (integer value) -#conn_pool_ttl = 1200 - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. -# The "host" option should point or resolve to this address. (string value) -#rpc_zmq_bind_address = * - -# MatchMaker driver. (string value) -# Possible values: -# redis - -# sentinel - -# dummy - -#rpc_zmq_matchmaker = redis - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts = 1 - -# Maximum number of ingress messages to locally buffer per topic. Default is -# unlimited. (integer value) -#rpc_zmq_topic_backlog = - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir = /var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match -# "host" option, if running Nova. (string value) -#rpc_zmq_host = localhost - -# Number of seconds to wait before all pending messages will be sent after -# closing a socket. The default value of -1 specifies an infinite linger -# period. The value of 0 specifies no linger period. Pending messages shall be -# discarded immediately when the socket is closed. Positive values specify an -# upper bound for the linger period. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_cast_timeout -#zmq_linger = -1 - -# The default number of seconds that poll should wait. Poll raises timeout -# exception when timeout expired. (integer value) -#rpc_poll_timeout = 1 - -# Expiration timeout in seconds of a name service record about existing target -# ( < 0 means no timeout). (integer value) -#zmq_target_expire = 300 - -# Update period in seconds of a name service record about existing target. -# (integer value) -#zmq_target_update = 180 - -# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean -# value) -#use_pub_sub = false - -# Use ROUTER remote proxy. (boolean value) -#use_router_proxy = false - -# This option makes direct connections dynamic or static. It makes sense only -# with use_router_proxy=False which means to use direct connections for direct -# message types (ignored otherwise). (boolean value) -#use_dynamic_connections = false - -# How many additional connections to a host will be made for failover reasons. -# This option is actual only in dynamic connections mode. (integer value) -#zmq_failover_connections = 2 - -# Minimal port number for random ports range. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#rpc_zmq_min_port = 49153 - -# Maximal port number for random ports range. (integer value) -# Minimum value: 1 -# Maximum value: 65536 -#rpc_zmq_max_port = 65536 - -# Number of retries to find free port number before fail with ZMQBindError. -# (integer value) -#rpc_zmq_bind_port_retries = 100 - -# Default serialization mechanism for serializing/deserializing -# outgoing/incoming messages (string value) -# Possible values: -# json - -# msgpack - -#rpc_zmq_serialization = json - -# This option configures round-robin mode in zmq socket. True means not keeping -# a queue when server side disconnects. False means to keep queue and messages -# even if server is disconnected, when the server appears we send all -# accumulated messages to it. (boolean value) -#zmq_immediate = true - -# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any -# other negative value) means to skip any overrides and leave it to OS default; -# 0 and 1 (or any other positive value) mean to disable and enable the option -# respectively. (integer value) -#zmq_tcp_keepalive = -1 - -# The duration between two keepalive transmissions in idle condition. The unit -# is platform dependent, for example, seconds in Linux, milliseconds in Windows -# etc. The default value of -1 (or any other negative value and 0) means to -# skip any overrides and leave it to OS default. (integer value) -#zmq_tcp_keepalive_idle = -1 - -# The number of retransmissions to be carried out before declaring that remote -# end is not available. The default value of -1 (or any other negative value -# and 0) means to skip any overrides and leave it to OS default. (integer -# value) -#zmq_tcp_keepalive_cnt = -1 - -# The duration between two successive keepalive retransmissions, if -# acknowledgement to the previous keepalive transmission is not received. The -# unit is platform dependent, for example, seconds in Linux, milliseconds in -# Windows etc. The default value of -1 (or any other negative value and 0) -# means to skip any overrides and leave it to OS default. (integer value) -#zmq_tcp_keepalive_intvl = -1 - -# Maximum number of (green) threads to work concurrently. (integer value) -#rpc_thread_pool_size = 100 - -# Expiration timeout in seconds of a sent/received message after which it is -# not tracked anymore by a client/server. (integer value) -#rpc_message_ttl = 300 - -# Wait for message acknowledgements from receivers. This mechanism works only -# via proxy without PUB/SUB. (boolean value) -#rpc_use_acks = false - -# Number of seconds to wait for an ack from a cast/call. After each retry -# attempt this timeout is multiplied by some specified multiplier. (integer -# value) -#rpc_ack_timeout_base = 15 - -# Number to multiply base ack timeout by after each retry attempt. (integer -# value) -#rpc_ack_timeout_multiplier = 2 - -# Default number of message sending attempts in case of any problems occurred: -# positive value N means at most N retries, 0 means no retries, None or -1 (or -# any other negative values) mean to retry forever. This option is used only if -# acknowledgments are enabled. (integer value) -#rpc_retry_attempts = 3 - -# List of publisher hosts SubConsumer can subscribe on. This option has higher -# priority then the default publishers list taken from the matchmaker. (list -# value) -#subscribe_on = - -# Size of executor thread pool when executor is threading or eventlet. (integer -# value) -# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size -#executor_thread_pool_size = 64 - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout = 60 - -# The network address and optional user credentials for connecting to the -# messaging backend, in URL format. The expected format is: -# -# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query -# -# Example: rabbit://rabbitmq:password@127.0.0.1:5672// -# -# For full details on the fields in the URL see the documentation of -# oslo_messaging.TransportURL at -# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html -# (string value) -#transport_url = - -# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers -# include amqp and zmq. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rpc_backend = rabbit - -# The default exchange under which topics are scoped. May be overridden by an -# exchange name specified in the transport_url option. (string value) -#control_exchange = tacker - -# -# From oslo.service.service -# - -# Enable eventlet backdoor. Acceptable values are 0, , and -# :, where 0 results in listening on a random tcp port number; -# results in listening on the specified port number (and not enabling -# backdoor if that port is in use); and : results in listening on -# the smallest unused port number within the specified range of port numbers. -# The chosen port is displayed in the service's log file. (string value) -#backdoor_port = - -# Enable eventlet backdoor, using the provided path as a unix socket that can -# receive connections. This option is mutually exclusive with 'backdoor_port' -# in that only one should be provided. If both are provided then the existence -# of this option overrides the usage of that option. (string value) -#backdoor_socket = - -# Enables or disables logging values of all registered options when starting a -# service (at DEBUG level). (boolean value) -#log_options = true - -# Specify a timeout after which a gracefully shutdown server will exit. Zero -# value means endless wait. (integer value) -#graceful_shutdown_timeout = 60 - -# -# From tacker.common.config -# - -# The host IP to bind to (unknown value) -#bind_host = 0.0.0.0 - -# The port to bind to (integer value) -#bind_port = 9890 - -# The API paste config file to use (string value) -#api_paste_config = api-paste.ini - -# The path for API extensions (string value) -#api_extensions_path = - -# The service plugins Tacker will use (list value) -#service_plugins = nfvo,vnfm - -# The policy file to use (string value) -#policy_file = policy.json - -# The type of authentication to use (string value) -#auth_strategy = keystone - -# Allow the usage of the bulk API (boolean value) -#allow_bulk = true - -# Allow the usage of the pagination (boolean value) -#allow_pagination = false - -# Allow the usage of the sorting (boolean value) -#allow_sorting = false - -# The maximum number of items returned in a single response, value was -# 'infinite' or negative integer means no limit (string value) -#pagination_max_limit = -1 - -# The hostname Tacker is running on (unknown value) -#host = stack-desktop - -# Where to store Tacker state files. This directory must be writable by the -# agent. (string value) -#state_path = /var/lib/tacker - -# -# From tacker.service -# - -# Seconds between running components report states (integer value) -#report_interval = 10 - -# Seconds between running periodic tasks (integer value) -#periodic_interval = 40 - -# Number of separate worker processes for service (integer value) -#api_workers = 0 - -# Range of seconds to randomly delay when starting the periodic task scheduler -# to reduce stampeding. (Disable by setting to 0) (integer value) -#periodic_fuzzy_delay = 5 - -# -# From tacker.wsgi -# - -# Number of backlog requests to configure the socket with (integer value) -#backlog = 4096 - -# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not -# supported on OS X. (integer value) -#tcp_keepidle = 600 - -# Number of seconds to keep retrying to listen (integer value) -#retry_until_window = 30 - -# Max header line to accommodate large tokens (integer value) -#max_header_line = 16384 - -# Enable SSL on the API server (boolean value) -#use_ssl = false - -# CA certificate file to use to verify connecting clients (string value) -#ssl_ca_file = - -# Certificate file to use when starting the server securely (string value) -#ssl_cert_file = - -# Private key file to use when starting the server securely (string value) -#ssl_key_file = - - -[alarm_auth] -url = http://127.0.0.1:5000/v3 -project_name = admin -password = devstack -username = admin - -# -# From tacker.alarm_receiver -# - -# User name for alarm monitoring (string value) -#username = admin - -# Password for alarm monitoring (string value) -#password = devstack - -# Project name for alarm monitoring (string value) -#project_name = admin - - -[ceilometer] - -# -# From tacker.vnfm.monitor_drivers.ceilometer.ceilometer -# - -# Address which drivers use to trigger (unknown value) -#host = stack-desktop - -# port number which drivers use to trigger (port value) -# Minimum value: 0 -# Maximum value: 65535 -#port = 9890 - - -[cors] - -# -# From oslo.middleware -# - -# Indicate whether this resource may be shared with the domain received in the -# requests "origin" header. Format: "://[:]", no trailing -# slash. Example: https://horizon.example.com (list value) -#allowed_origin = - -# Indicate that the actual request can include user credentials (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple -# Headers. (list value) -#expose_headers = - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list value) -#allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH - -# Indicate which header field names may be used during the actual request. -# (list value) -#allow_headers = - - -[database] -connection = mysql+pymysql://root:devstack@127.0.0.1/tacker?charset=utf8 - -# -# From oslo.db -# - -# If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. (string -# value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = - -# The SQLAlchemy connection string to use to connect to the slave database. -# (string value) -#slave_connection = - -# The SQL mode to be used for MySQL sessions. This option, including the -# default, overrides any server-set SQL mode. To use whatever SQL mode is set -# by the server configuration, set this to no value. Example: mysql_sql_mode= -# (string value) -#mysql_sql_mode = TRADITIONAL - -# If True, transparently enables support for handling MySQL Cluster (NDB). -# (boolean value) -#mysql_enable_ndb = false - -# Connections which have been present in the connection pool longer than this -# number of seconds will be replaced with a new one the next time they are -# checked out from the pool. (integer value) -# Deprecated group/name - [DATABASE]/idle_timeout -# Deprecated group/name - [database]/idle_timeout -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#connection_recycle_time = 3600 - -# Minimum number of SQL connections to keep open in a pool. (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. Setting a value of -# 0 indicates no limit. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = 5 - -# Maximum number of database connection retries during startup. Set to -1 to -# specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = 50 - -# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer -# value) -# Minimum value: 0 -# Maximum value: 100 -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = - -# Enable the experimental use of database reconnect on connection lost. -# (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database operation up to -# db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries of a -# database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before error is -# raised. Set to -1 to specify an infinite retry count. (integer value) -#db_max_retries = 20 - - -[healthcheck] - -# -# From oslo.middleware -# - -# DEPRECATED: The path to respond to healtcheck requests on. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#path = /healthcheck - -# Show more detailed information as part of the response (boolean value) -#detailed = false - -# Additional backends that can perform health checks and report that -# information back as part of a request. (list value) -#backends = - -# Check the presence of a file to determine if an application is running on a -# port. Used by DisableByFileHealthcheck plugin. (string value) -#disable_by_file_path = - -# Check the presence of a file based on a port to determine if an application -# is running on a port. Expects a "port:path" list of strings. Used by -# DisableByFilesPortsHealthcheck plugin. (list value) -#disable_by_file_paths = - - -[k8s_vim] - -# -# From tacker.nfvo.drivers.vim.kubernetes_driver -# - -# Use barbican to encrypt vim password if True, save vim credentials in local -# file system if False (boolean value) -#use_barbican = true - - -[key_manager] - -# -# From tacker.keymgr -# - -# The full class name of the key manager API class (string value) -#api_class = tacker.keymgr.barbican_key_manager.BarbicanKeyManager - - -[keystone_authtoken] -memcached_servers = localhost:11211 -signing_dir = /var/cache/tacker -cafile = /opt/stack/data/ca-bundle.pem -project_domain_name = Default -project_name = service -user_domain_name = Default -password = devstack -username = tacker -auth_url = http://127.0.0.1/identity -auth_type = password - -# -# From keystonemiddleware.auth_token -# - -# Complete "public" Identity API endpoint. This endpoint should not be an -# "admin" endpoint, as it should be accessible by all end users. -# Unauthenticated clients are redirected to this endpoint to authenticate. -# Although this endpoint should ideally be unversioned, client support in the -# wild varies. If you're using a versioned v2 endpoint here, then this should -# *not* be the same endpoint the service user utilizes for validating tokens, -# because normal end users may not be able to reach that endpoint. (string -# value) -# Deprecated group/name - [keystone_authtoken]/auth_uri -#www_authenticate_uri = - -# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not -# be an "admin" endpoint, as it should be accessible by all end users. -# Unauthenticated clients are redirected to this endpoint to authenticate. -# Although this endpoint should ideally be unversioned, client support in the -# wild varies. If you're using a versioned v2 endpoint here, then this should -# *not* be the same endpoint the service user utilizes for validating tokens, -# because normal end users may not be able to reach that endpoint. This option -# is deprecated in favor of www_authenticate_uri and will be removed in the S -# release. (string value) -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri -# and will be removed in the S release. -#auth_uri = - -# API version of the admin Identity API endpoint. (string value) -#auth_version = - -# Do not handle authorization requests within the middleware, but delegate the -# authorization decision to downstream WSGI components. (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. (integer -# value) -#http_connect_timeout = - -# How many times are we trying to reconnect when communicating with Identity -# API Server. (integer value) -#http_request_max_retries = 3 - -# Request environment key where the Swift cache object is stored. When -# auth_token middleware is deployed with a Swift cache, use this option to have -# the middleware share a caching backend with swift. Otherwise, use the -# ``memcached_servers`` option instead. (string value) -#cache = - -# Required if identity server requires client certificate (string value) -#certfile = - -# Required if identity server requires client certificate (string value) -#keyfile = - -# A PEM encoded Certificate Authority to use when verifying HTTPs connections. -# Defaults to system CAs. (string value) -#cafile = - -# Verify HTTPS connections. (boolean value) -#insecure = false - -# The region in which the identity server can be found. (string value) -#region_name = - -# DEPRECATED: Directory used to cache files related to PKI tokens. This option -# has been deprecated in the Ocata release and will be removed in the P -# release. (string value) -# This option is deprecated for removal since Ocata. -# Its value may be silently ignored in the future. -# Reason: PKI token format is no longer supported. -#signing_dir = - -# Optionally specify a list of memcached server(s) to use for caching. If left -# undefined, tokens will instead be cached in-process. (list value) -# Deprecated group/name - [keystone_authtoken]/memcache_servers -#memcached_servers = - -# In order to prevent excessive effort spent validating tokens, the middleware -# caches previously-seen tokens for a configurable duration (in seconds). Set -# to -1 to disable caching completely. (integer value) -#token_cache_time = 300 - -# DEPRECATED: Determines the frequency at which the list of revoked tokens is -# retrieved from the Identity service (in seconds). A high number of revocation -# events combined with a low cache duration may significantly reduce -# performance. Only valid for PKI tokens. This option has been deprecated in -# the Ocata release and will be removed in the P release. (integer value) -# This option is deprecated for removal since Ocata. -# Its value may be silently ignored in the future. -# Reason: PKI token format is no longer supported. -#revocation_cache_time = 10 - -# (Optional) If defined, indicate whether token data should be authenticated or -# authenticated and encrypted. If MAC, token data is authenticated (with HMAC) -# in the cache. If ENCRYPT, token data is encrypted and authenticated in the -# cache. If the value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -# Possible values: -# None - -# MAC - -# ENCRYPT - -#memcache_security_strategy = None - -# (Optional, mandatory if memcache_security_strategy is defined) This string is -# used for key derivation. (string value) -#memcache_secret_key = - -# (Optional) Number of seconds memcached server is considered dead before it is -# tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every memcached -# server. (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a memcached -# server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held unused in the -# pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a memcached -# client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcached client pool. The -# advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If False, -# middleware will not ask for service catalog on token validation and will not -# set the X-Service-Catalog header. (boolean value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: "disabled" -# to not check token binding. "permissive" (default) to validate binding -# information if the bind type is of a form known to the server and ignore it -# if not. "strict" like "permissive" but if the bind type is unknown the token -# will be rejected. "required" any form of token binding is needed to be -# allowed. Finally the name of a binding method that must be present in tokens. -# (string value) -#enforce_token_bind = permissive - -# DEPRECATED: If true, the revocation list will be checked for cached tokens. -# This requires that PKI tokens are configured on the identity server. (boolean -# value) -# This option is deprecated for removal since Ocata. -# Its value may be silently ignored in the future. -# Reason: PKI token format is no longer supported. -#check_revocations_for_cached = false - -# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those supported by Python -# standard hashlib.new(). The hashes will be tried in the order given, so put -# the preferred one first for performance. The result of the first hash will be -# stored in the cache. This will typically be set to multiple values only while -# migrating from a less secure algorithm to a more secure one. Once all the old -# tokens are expired this option should be set to a single value for better -# performance. (list value) -# This option is deprecated for removal since Ocata. -# Its value may be silently ignored in the future. -# Reason: PKI token format is no longer supported. -#hash_algorithms = md5 - -# A choice of roles that must be present in a service token. Service tokens are -# allowed to request that an expired token can be used and so this check should -# tightly control that only actual services should be sending this token. Roles -# here are applied as an ANY check so any role in this list must be present. -# For backwards compatibility reasons this currently only affects the -# allow_expired check. (list value) -#service_token_roles = service - -# For backwards compatibility reasons we must let valid service tokens pass -# that don't pass the service_token_roles check as valid. Setting this true -# will become the default in a future release and should be enabled if -# possible. (boolean value) -#service_token_roles_required = false - -# Authentication type to load (string value) -# Deprecated group/name - [keystone_authtoken]/auth_plugin -#auth_type = - -# Config Section from which to load plugin specific options (string value) -#auth_section = - - -[matchmaker_redis] - -# -# From oslo.messaging -# - -# DEPRECATED: Host to locate redis. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#host = 127.0.0.1 - -# DEPRECATED: Use this port to connect to redis host. (port value) -# Minimum value: 0 -# Maximum value: 65535 -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#port = 6379 - -# DEPRECATED: Password for Redis server (optional). (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#password = - -# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g., -# [host:port, host1:port ... ] (list value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#sentinel_hosts = - -# Redis replica set name. (string value) -#sentinel_group_name = oslo-messaging-zeromq - -# Time in ms to wait between connection attempts. (integer value) -#wait_timeout = 2000 - -# Time in ms to wait before the transaction is killed. (integer value) -#check_timeout = 20000 - -# Timeout in ms on blocking socket operations. (integer value) -#socket_timeout = 10000 - - -[monitor] - -# -# From tacker.vnfm.monitor -# - -# check interval for monitor (integer value) -#check_intvl = 10 - - -[monitor_http_ping] - -# -# From tacker.vnfm.monitor_drivers.http_ping.http_ping -# - -# Number of times to retry (integer value) -#retry = 5 - -# Number of seconds to wait for a response (integer value) -#timeout = 1 - -# HTTP port number to send request (integer value) -#port = 80 - - -[monitor_ping] - -# -# From tacker.vnfm.monitor_drivers.ping.ping -# - -# Number of ICMP packets to send (string value) -#count = 1 - -# Number of seconds to wait for a response (string value) -#timeout = 1 - -# Number of seconds to wait between packets (string value) -#interval = 1 - - -[nfvo_vim] - -# -# From tacker.nfvo.nfvo_plugin -# - -# VIM driver for launching VNFs (list value) -#vim_drivers = openstack,kubernetes - -# Interval to check for VIM health (integer value) -#monitor_interval = 30 - - -[openstack_vim] - -# -# From tacker.vnfm.infra_drivers.openstack.openstack -# - -# Number of attempts to retry for stack creation/deletion (integer value) -#stack_retries = 60 - -# Wait time (in seconds) between consecutive stack create/delete retries -# (integer value) -#stack_retry_wait = 10 - - -[openwrt] - -# -# From tacker.vnfm.mgmt_drivers.openwrt.openwrt -# - -# User name to login openwrt (string value) -#user = root - -# Password to login openwrt (string value) -#password = - - -[oslo_messaging_amqp] - -# -# From oslo.messaging -# - -# Name for the AMQP container. must be globally unique. Defaults to a generated -# UUID (string value) -#container_name = - -# Timeout for inactive connections (in seconds) (integer value) -#idle_timeout = 0 - -# Debug: dump AMQP frames to stdout (boolean value) -#trace = false - -# Attempt to connect via SSL. If no other ssl-related parameters are given, it -# will use the system's CA-bundle to verify the server's certificate. (boolean -# value) -#ssl = false - -# CA certificate PEM file used to verify the server's certificate (string -# value) -#ssl_ca_file = - -# Self-identifying certificate PEM file for client authentication (string -# value) -#ssl_cert_file = - -# Private key PEM file used to sign ssl_cert_file certificate (optional) -# (string value) -#ssl_key_file = - -# Password for decrypting ssl_key_file (if encrypted) (string value) -#ssl_key_password = - -# By default SSL checks that the name in the server's certificate matches the -# hostname in the transport_url. In some configurations it may be preferable to -# use the virtual hostname instead, for example if the server uses the Server -# Name Indication TLS extension (rfc6066) to provide a certificate per virtual -# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the -# virtual host name instead of the DNS name. (boolean value) -#ssl_verify_vhost = false - -# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Not applicable - not a SSL server -#allow_insecure_clients = false - -# Space separated list of acceptable SASL mechanisms (string value) -#sasl_mechanisms = - -# Path to directory that contains the SASL configuration (string value) -#sasl_config_dir = - -# Name of configuration file (without .conf suffix) (string value) -#sasl_config_name = - -# SASL realm to use if no realm present in username (string value) -#sasl_default_realm = - -# DEPRECATED: User name for message broker authentication (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Should use configuration option transport_url to provide the -# username. -#username = - -# DEPRECATED: Password for message broker authentication (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Should use configuration option transport_url to provide the -# password. -#password = - -# Seconds to pause before attempting to re-connect. (integer value) -# Minimum value: 1 -#connection_retry_interval = 1 - -# Increase the connection_retry_interval by this many seconds after each -# unsuccessful failover attempt. (integer value) -# Minimum value: 0 -#connection_retry_backoff = 2 - -# Maximum limit for connection_retry_interval + connection_retry_backoff -# (integer value) -# Minimum value: 1 -#connection_retry_interval_max = 30 - -# Time to pause between re-connecting an AMQP 1.0 link that failed due to a -# recoverable error. (integer value) -# Minimum value: 1 -#link_retry_delay = 10 - -# The maximum number of attempts to re-send a reply message which failed due to -# a recoverable error. (integer value) -# Minimum value: -1 -#default_reply_retry = 0 - -# The deadline for an rpc reply message delivery. (integer value) -# Minimum value: 5 -#default_reply_timeout = 30 - -# The deadline for an rpc cast or call message delivery. Only used when caller -# does not provide a timeout expiry. (integer value) -# Minimum value: 5 -#default_send_timeout = 30 - -# The deadline for a sent notification message delivery. Only used when caller -# does not provide a timeout expiry. (integer value) -# Minimum value: 5 -#default_notify_timeout = 30 - -# The duration to schedule a purge of idle sender links. Detach link after -# expiry. (integer value) -# Minimum value: 1 -#default_sender_link_timeout = 600 - -# Indicates the addressing mode used by the driver. -# Permitted values: -# 'legacy' - use legacy non-routable addressing -# 'routable' - use routable addresses -# 'dynamic' - use legacy addresses if the message bus does not support routing -# otherwise use routable addressing (string value) -#addressing_mode = dynamic - -# Enable virtual host support for those message buses that do not natively -# support virtual hosting (such as qpidd). When set to true the virtual host -# name will be added to all message bus addresses, effectively creating a -# private 'subnet' per virtual host. Set to False if the message bus supports -# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative -# as the name of the virtual host. (boolean value) -#pseudo_vhost = true - -# address prefix used when sending to a specific server (string value) -#server_request_prefix = exclusive - -# address prefix used when broadcasting to all servers (string value) -#broadcast_prefix = broadcast - -# address prefix when sending to any server in group (string value) -#group_request_prefix = unicast - -# Address prefix for all generated RPC addresses (string value) -#rpc_address_prefix = openstack.org/om/rpc - -# Address prefix for all generated Notification addresses (string value) -#notify_address_prefix = openstack.org/om/notify - -# Appended to the address prefix when sending a fanout message. Used by the -# message bus to identify fanout messages. (string value) -#multicast_address = multicast - -# Appended to the address prefix when sending to a particular RPC/Notification -# server. Used by the message bus to identify messages sent to a single -# destination. (string value) -#unicast_address = unicast - -# Appended to the address prefix when sending to a group of consumers. Used by -# the message bus to identify messages that should be delivered in a round- -# robin fashion across consumers. (string value) -#anycast_address = anycast - -# Exchange name used in notification addresses. -# Exchange name resolution precedence: -# Target.exchange if set -# else default_notification_exchange if set -# else control_exchange if set -# else 'notify' (string value) -#default_notification_exchange = - -# Exchange name used in RPC addresses. -# Exchange name resolution precedence: -# Target.exchange if set -# else default_rpc_exchange if set -# else control_exchange if set -# else 'rpc' (string value) -#default_rpc_exchange = - -# Window size for incoming RPC Reply messages. (integer value) -# Minimum value: 1 -#reply_link_credit = 200 - -# Window size for incoming RPC Request messages (integer value) -# Minimum value: 1 -#rpc_server_credit = 100 - -# Window size for incoming Notification messages (integer value) -# Minimum value: 1 -#notify_server_credit = 100 - -# Send messages of this type pre-settled. -# Pre-settled messages will not receive acknowledgement -# from the peer. Note well: pre-settled messages may be -# silently discarded if the delivery fails. -# Permitted values: -# 'rpc-call' - send RPC Calls pre-settled -# 'rpc-reply'- send RPC Replies pre-settled -# 'rpc-cast' - Send RPC Casts pre-settled -# 'notify' - Send Notifications pre-settled -# (multi valued) -#pre_settled = rpc-cast -#pre_settled = rpc-reply - - -[oslo_messaging_kafka] - -# -# From oslo.messaging -# - -# DEPRECATED: Default Kafka broker Host (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#kafka_default_host = localhost - -# DEPRECATED: Default Kafka broker Port (port value) -# Minimum value: 0 -# Maximum value: 65535 -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#kafka_default_port = 9092 - -# Max fetch bytes of Kafka consumer (integer value) -#kafka_max_fetch_bytes = 1048576 - -# Default timeout(s) for Kafka consumers (floating point value) -#kafka_consumer_timeout = 1.0 - -# DEPRECATED: Pool Size for Kafka Consumers (integer value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Driver no longer uses connection pool. -#pool_size = 10 - -# DEPRECATED: The pool size limit for connections expiration policy (integer -# value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Driver no longer uses connection pool. -#conn_pool_min_size = 2 - -# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer -# value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Driver no longer uses connection pool. -#conn_pool_ttl = 1200 - -# Group id for Kafka consumer. Consumers in one group will coordinate message -# consumption (string value) -#consumer_group = oslo_messaging_consumer - -# Upper bound on the delay for KafkaProducer batching in seconds (floating -# point value) -#producer_batch_timeout = 0.0 - -# Size of batch for the producer async send (integer value) -#producer_batch_size = 16384 - - -[oslo_messaging_notifications] - -# -# From oslo.messaging -# - -# The Drivers(s) to handle sending notifications. Possible values are -# messaging, messagingv2, routing, log, test, noop (multi valued) -# Deprecated group/name - [DEFAULT]/notification_driver -#driver = - -# A URL representing the messaging driver to use for notifications. If not set, -# we fall back to the same configuration used for RPC. (string value) -# Deprecated group/name - [DEFAULT]/notification_transport_url -#transport_url = - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -# Deprecated group/name - [DEFAULT]/notification_topics -#topics = notifications - -# The maximum number of attempts to re-send a notification message which failed -# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite -# (integer value) -#retry = -1 - - -[oslo_messaging_rabbit] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_durable_queues -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -#amqp_auto_delete = false - -# Enable SSL (boolean value) -#ssl = - -# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and -# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some -# distributions. (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version -#ssl_version = - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile -#ssl_key_file = - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile -#ssl_cert_file = - -# SSL certification authority file (valid only if SSL enabled). (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs -#ssl_ca_file = - -# How long to wait before reconnecting in response to an AMQP consumer cancel -# notification. (floating point value) -#kombu_reconnect_delay = 1.0 - -# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not -# be used. This option may not be available in future versions. (string value) -#kombu_compression = - -# How long to wait a missing client before abandoning to send it its replies. -# This value should not be longer than rpc_response_timeout. (integer value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout -#kombu_missing_consumer_retry_timeout = 60 - -# Determines how the next RabbitMQ node is chosen in case the one we are -# currently connected to becomes unavailable. Takes effect only if more than -# one RabbitMQ node is provided in config. (string value) -# Possible values: -# round-robin - -# shuffle - -#kombu_failover_strategy = round-robin - -# DEPRECATED: The RabbitMQ broker address where a single node is used. (string -# value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rabbit_host = localhost - -# DEPRECATED: The RabbitMQ broker port where a single node is used. (port -# value) -# Minimum value: 0 -# Maximum value: 65535 -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rabbit_port = 5672 - -# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rabbit_hosts = $rabbit_host:$rabbit_port - -# DEPRECATED: The RabbitMQ userid. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rabbit_userid = guest - -# DEPRECATED: The RabbitMQ password. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rabbit_password = guest - -# The RabbitMQ login method. (string value) -# Possible values: -# PLAIN - -# AMQPLAIN - -# RABBIT-CR-DEMO - -#rabbit_login_method = AMQPLAIN - -# DEPRECATED: The RabbitMQ virtual host. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rabbit_virtual_host = / - -# How frequently to retry connecting with RabbitMQ. (integer value) -#rabbit_retry_interval = 1 - -# How long to backoff for between retries when connecting to RabbitMQ. (integer -# value) -#rabbit_retry_backoff = 2 - -# Maximum interval of RabbitMQ connection retries. Default is 30 seconds. -# (integer value) -#rabbit_interval_max = 30 - -# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#rabbit_max_retries = 0 - -# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this -# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring -# is no longer controlled by the x-ha-policy argument when declaring a queue. -# If you just want to make sure that all queues (except those with auto- -# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy -# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value) -#rabbit_ha_queues = false - -# Positive integer representing duration in seconds for queue TTL (x-expires). -# Queues which are unused for the duration of the TTL are automatically -# deleted. The parameter affects only reply and fanout queues. (integer value) -# Minimum value: 1 -#rabbit_transient_queues_ttl = 1800 - -# Specifies the number of messages to prefetch. Setting to zero allows -# unlimited messages. (integer value) -#rabbit_qos_prefetch_count = 0 - -# Number of seconds after which the Rabbit broker is considered down if -# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer -# value) -#heartbeat_timeout_threshold = 60 - -# How often times during the heartbeat_timeout_threshold we check the -# heartbeat. (integer value) -#heartbeat_rate = 2 - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) -#fake_rabbit = false - -# Maximum number of channels to allow (integer value) -#channel_max = - -# The maximum byte size for an AMQP frame (integer value) -#frame_max = - -# How often to send heartbeats for consumer's connections (integer value) -#heartbeat_interval = 3 - -# Arguments passed to ssl.wrap_socket (dict value) -#ssl_options = - -# Set socket timeout in seconds for connection's socket (floating point value) -#socket_timeout = 0.25 - -# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating point -# value) -#tcp_user_timeout = 0.25 - -# Set delay for reconnection to some host which has connection error (floating -# point value) -#host_connection_reconnect_delay = 0.25 - -# Connection factory implementation (string value) -# Possible values: -# new - -# single - -# read_write - -#connection_factory = single - -# Maximum number of connections to keep queued. (integer value) -#pool_max_size = 30 - -# Maximum number of connections to create above `pool_max_size`. (integer -# value) -#pool_max_overflow = 0 - -# Default number of seconds to wait for a connections to available (integer -# value) -#pool_timeout = 30 - -# Lifetime of a connection (since creation) in seconds or None for no -# recycling. Expired connections are closed on acquire. (integer value) -#pool_recycle = 600 - -# Threshold at which inactive (since release) connections are considered stale -# in seconds or None for no staleness. Stale connections are closed on acquire. -# (integer value) -#pool_stale = 60 - -# Default serialization mechanism for serializing/deserializing -# outgoing/incoming messages (string value) -# Possible values: -# json - -# msgpack - -#default_serializer_type = json - -# Persist notification messages. (boolean value) -#notification_persistence = false - -# Exchange name for sending notifications (string value) -#default_notification_exchange = ${control_exchange}_notification - -# Max number of not acknowledged message which RabbitMQ can send to -# notification listener. (integer value) -#notification_listener_prefetch_count = 100 - -# Reconnecting retry count in case of connectivity problem during sending -# notification, -1 means infinite retry. (integer value) -#default_notification_retry_attempts = -1 - -# Reconnecting retry delay in case of connectivity problem during sending -# notification message (floating point value) -#notification_retry_delay = 0.25 - -# Time to live for rpc queues without consumers in seconds. (integer value) -#rpc_queue_expiration = 60 - -# Exchange name for sending RPC messages (string value) -#default_rpc_exchange = ${control_exchange}_rpc - -# Exchange name for receiving RPC replies (string value) -#rpc_reply_exchange = ${control_exchange}_rpc_reply - -# Max number of not acknowledged message which RabbitMQ can send to rpc -# listener. (integer value) -#rpc_listener_prefetch_count = 100 - -# Max number of not acknowledged message which RabbitMQ can send to rpc reply -# listener. (integer value) -#rpc_reply_listener_prefetch_count = 100 - -# Reconnecting retry count in case of connectivity problem during sending -# reply. -1 means infinite retry during rpc_timeout (integer value) -#rpc_reply_retry_attempts = -1 - -# Reconnecting retry delay in case of connectivity problem during sending -# reply. (floating point value) -#rpc_reply_retry_delay = 0.25 - -# Reconnecting retry count in case of connectivity problem during sending RPC -# message, -1 means infinite retry. If actual retry attempts in not 0 the rpc -# request could be processed more than one time (integer value) -#default_rpc_retry_attempts = -1 - -# Reconnecting retry delay in case of connectivity problem during sending RPC -# message (floating point value) -#rpc_retry_delay = 0.25 - - -[oslo_messaging_zmq] - -# -# From oslo.messaging -# - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. -# The "host" option should point or resolve to this address. (string value) -#rpc_zmq_bind_address = * - -# MatchMaker driver. (string value) -# Possible values: -# redis - -# sentinel - -# dummy - -#rpc_zmq_matchmaker = redis - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts = 1 - -# Maximum number of ingress messages to locally buffer per topic. Default is -# unlimited. (integer value) -#rpc_zmq_topic_backlog = - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir = /var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match -# "host" option, if running Nova. (string value) -#rpc_zmq_host = localhost - -# Number of seconds to wait before all pending messages will be sent after -# closing a socket. The default value of -1 specifies an infinite linger -# period. The value of 0 specifies no linger period. Pending messages shall be -# discarded immediately when the socket is closed. Positive values specify an -# upper bound for the linger period. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_cast_timeout -#zmq_linger = -1 - -# The default number of seconds that poll should wait. Poll raises timeout -# exception when timeout expired. (integer value) -#rpc_poll_timeout = 1 - -# Expiration timeout in seconds of a name service record about existing target -# ( < 0 means no timeout). (integer value) -#zmq_target_expire = 300 - -# Update period in seconds of a name service record about existing target. -# (integer value) -#zmq_target_update = 180 - -# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean -# value) -#use_pub_sub = false - -# Use ROUTER remote proxy. (boolean value) -#use_router_proxy = false - -# This option makes direct connections dynamic or static. It makes sense only -# with use_router_proxy=False which means to use direct connections for direct -# message types (ignored otherwise). (boolean value) -#use_dynamic_connections = false - -# How many additional connections to a host will be made for failover reasons. -# This option is actual only in dynamic connections mode. (integer value) -#zmq_failover_connections = 2 - -# Minimal port number for random ports range. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#rpc_zmq_min_port = 49153 - -# Maximal port number for random ports range. (integer value) -# Minimum value: 1 -# Maximum value: 65536 -#rpc_zmq_max_port = 65536 - -# Number of retries to find free port number before fail with ZMQBindError. -# (integer value) -#rpc_zmq_bind_port_retries = 100 - -# Default serialization mechanism for serializing/deserializing -# outgoing/incoming messages (string value) -# Possible values: -# json - -# msgpack - -#rpc_zmq_serialization = json - -# This option configures round-robin mode in zmq socket. True means not keeping -# a queue when server side disconnects. False means to keep queue and messages -# even if server is disconnected, when the server appears we send all -# accumulated messages to it. (boolean value) -#zmq_immediate = true - -# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any -# other negative value) means to skip any overrides and leave it to OS default; -# 0 and 1 (or any other positive value) mean to disable and enable the option -# respectively. (integer value) -#zmq_tcp_keepalive = -1 - -# The duration between two keepalive transmissions in idle condition. The unit -# is platform dependent, for example, seconds in Linux, milliseconds in Windows -# etc. The default value of -1 (or any other negative value and 0) means to -# skip any overrides and leave it to OS default. (integer value) -#zmq_tcp_keepalive_idle = -1 - -# The number of retransmissions to be carried out before declaring that remote -# end is not available. The default value of -1 (or any other negative value -# and 0) means to skip any overrides and leave it to OS default. (integer -# value) -#zmq_tcp_keepalive_cnt = -1 - -# The duration between two successive keepalive retransmissions, if -# acknowledgement to the previous keepalive transmission is not received. The -# unit is platform dependent, for example, seconds in Linux, milliseconds in -# Windows etc. The default value of -1 (or any other negative value and 0) -# means to skip any overrides and leave it to OS default. (integer value) -#zmq_tcp_keepalive_intvl = -1 - -# Maximum number of (green) threads to work concurrently. (integer value) -#rpc_thread_pool_size = 100 - -# Expiration timeout in seconds of a sent/received message after which it is -# not tracked anymore by a client/server. (integer value) -#rpc_message_ttl = 300 - -# Wait for message acknowledgements from receivers. This mechanism works only -# via proxy without PUB/SUB. (boolean value) -#rpc_use_acks = false - -# Number of seconds to wait for an ack from a cast/call. After each retry -# attempt this timeout is multiplied by some specified multiplier. (integer -# value) -#rpc_ack_timeout_base = 15 - -# Number to multiply base ack timeout by after each retry attempt. (integer -# value) -#rpc_ack_timeout_multiplier = 2 - -# Default number of message sending attempts in case of any problems occurred: -# positive value N means at most N retries, 0 means no retries, None or -1 (or -# any other negative values) mean to retry forever. This option is used only if -# acknowledgments are enabled. (integer value) -#rpc_retry_attempts = 3 - -# List of publisher hosts SubConsumer can subscribe on. This option has higher -# priority then the default publishers list taken from the matchmaker. (list -# value) -#subscribe_on = - - -[oslo_middleware] - -# -# From oslo.middleware -# - -# The maximum body size for each request, in bytes. (integer value) -# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size -# Deprecated group/name - [DEFAULT]/max_request_body_size -#max_request_body_size = 114688 - -# DEPRECATED: The HTTP Header that will be used to determine what the original -# request protocol scheme was, even if it was hidden by a SSL termination -# proxy. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#secure_proxy_ssl_header = X-Forwarded-Proto - -# Whether the application is behind a proxy or not. This determines if the -# middleware should parse the headers or not. (boolean value) -#enable_proxy_headers_parsing = false - - -[oslo_policy] - -# -# From oslo.policy -# - -# This option controls whether or not to enforce scope when evaluating -# policies. If ``True``, the scope of the token used in the request is compared -# to the ``scope_types`` of the policy being enforced. If the scopes do not -# match, an ``InvalidScope`` exception will be raised. If ``False``, a message -# will be logged informing operators that policies are being invoked with -# mismatching scope. (boolean value) -#enforce_scope = false - -# The file that defines policies. (string value) -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string value) -#policy_default_rule = default - -# Directories where policy configuration files are stored. They can be relative -# to any directory in the search path defined by the config_dir option, or -# absolute paths. The file defined by policy_file must exist for these -# directories to be searched. Missing or empty directories are ignored. (multi -# valued) -#policy_dirs = policy.d - -# Content Type to send and receive data for REST based policy check (string -# value) -# Possible values: -# application/x-www-form-urlencoded - -# application/json - -#remote_content_type = application/x-www-form-urlencoded - -# server identity verification for REST based policy check (boolean value) -#remote_ssl_verify_server_crt = false - -# Absolute path to ca cert file for REST based policy check (string value) -#remote_ssl_ca_crt_file = - -# Absolute path to client cert for REST based policy check (string value) -#remote_ssl_client_crt_file = - -# Absolute path client key file REST based policy check (string value) -#remote_ssl_client_key_file = - - -[tacker] - -# -# From tacker.vnfm.monitor -# - -# Monitor driver to communicate with Hosting VNF/logical service instance -# tacker plugin will use (list value) -#monitor_driver = ping,http_ping - -# Alarm monitoring driver to communicate with Hosting VNF/logical service -# instance tacker plugin will use (list value) -#alarm_monitor_driver = ceilometer - -# App monitoring driver to communicate with Hosting VNF/logical service -# instance tacker plugin will use (list value) -#app_monitor_driver = zabbix - -# -# From tacker.vnfm.plugin -# - -# MGMT driver to communicate with Hosting VNF/logical service instance tacker -# plugin will use (list value) -#mgmt_driver = noop,openwrt - -# Time interval to wait for VM to boot (integer value) -#boot_wait = 30 - -# Hosting vnf drivers tacker plugin will use (list value) -#infra_driver = noop,openstack,kubernetes - -# Hosting vnf drivers tacker plugin will use (list value) -#policy_action = autoscaling,respawn,log,log_and_kill - - -[vim_keys] -use_barbican = True - -# -# From tacker.nfvo.drivers.vim.openstack_driver -# - -# Dir.path to store fernet keys. (string value) -#openstack = /etc/tacker/vim/fernet_keys - -# Use barbican to encrypt vim password if True, save vim credentials in local -# file system if False (boolean value) -#use_barbican = false - - -[vim_monitor] - -# -# From tacker.nfvo.drivers.vim.openstack_driver -# - -# Number of ICMP packets to send (string value) -#count = 1 - -# Number of seconds to wait for a response (string value) -#timeout = 1 - -# Number of seconds to wait between packets (string value) -#interval = 1 - -[agent] -root_helper = sudo /usr/local/bin/tacker-rootwrap /etc/tacker/rootwrap.conf diff --git a/doc/source/admin/index.rst b/doc/source/admin/index.rst index fa2f05e4a..7746336b2 100644 --- a/doc/source/admin/index.rst +++ b/doc/source/admin/index.rst @@ -70,5 +70,3 @@ of individual command can be referred by **openstack help **. openstack vnf network forwarding path show Show information of a given NFP. openstack nfv event show Show event given the event id. openstack nfv event list List events of resources. - - diff --git a/doc/source/conf.py b/doc/source/conf.py index ca9e2f8a8..2d83a9acc 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -23,10 +23,15 @@ extensions = [ 'sphinxcontrib.apidoc', 'stevedore.sphinxext', 'openstackdocstheme', + 'oslo_config.sphinxext', + 'oslo_config.sphinxconfiggen', 'oslo_policy.sphinxext', 'oslo_policy.sphinxpolicygen', ] +config_generator_config_file = '../../etc/config-generator.conf' +sample_config_basename = '_static/tacker' + policy_generator_config_file = [ ('../../etc/tacker-policy-generator.conf', '_static/tacker'), ] diff --git a/doc/source/configuration/api-paste.ini.rst b/doc/source/configuration/api-paste.ini.rst new file mode 100644 index 000000000..c83233e6e --- /dev/null +++ b/doc/source/configuration/api-paste.ini.rst @@ -0,0 +1,8 @@ +============= +api-paste.ini +============= + +The Tacker service stores its API configuration settings in the +``api-paste.ini`` file. + +.. literalinclude:: /../../etc/tacker/api-paste.ini diff --git a/doc/source/configuration/config.rst b/doc/source/configuration/config.rst new file mode 100644 index 000000000..4f686182f --- /dev/null +++ b/doc/source/configuration/config.rst @@ -0,0 +1,9 @@ +===================== +Configuration Options +===================== + +The following is an overview of all available configuration options in Tacker. +For a sample configuration file, refer to :doc:`/configuration/sample_config`. + +.. show-options:: + :config-file: etc/config-generator.conf diff --git a/doc/source/configuration/index.rst b/doc/source/configuration/index.rst index d9c3752d4..fa7863e54 100644 --- a/doc/source/configuration/index.rst +++ b/doc/source/configuration/index.rst @@ -18,19 +18,22 @@ Tacker Configuration Guide ========================== -The Tacker service is configured in the ``/etc/tacker/tacker.conf`` file. -These are described below. +The static configuration for tacker lives in three main files: +``api-paste.ini``, ``tacker.conf`` and ``policy.json``. +These are described below. For a bigger picture view on configuring +tacker to solve specific problems. -The sample configuration can also be viewed in :download:`file form -`. +Configuration +------------- -.. important:: +* :doc:`API Paste ini `: A complete reference of + api-paste.ini available in the ``api-paste.ini`` file. - The sample configuration file is auto-generated from tacker when this - documentation is built. You must ensure your version of tacker matches the - version of this documentation. +* :doc:`Config Reference `: A complete reference of all + configuration options available in the ``tacker.conf`` file. -.. literalinclude:: /_extra/tacker.conf.sample +* :doc:`Sample Config File `: A sample config + file with inline documentation. Policy ------ @@ -50,5 +53,8 @@ permissions on REST API actions. .. toctree:: :hidden: + api-paste.ini policy sample_policy + config + sample_config diff --git a/doc/source/configuration/sample_config.rst b/doc/source/configuration/sample_config.rst new file mode 100644 index 000000000..4f5e71a86 --- /dev/null +++ b/doc/source/configuration/sample_config.rst @@ -0,0 +1,18 @@ +========================= +Sample Configuration File +========================= + +The following is a sample tacker configuration for adaptation and use. For a +detailed overview of all available configuration options, refer to +:doc:`/configuration/config`. + +The sample configuration can also be viewed in :download:`file form +`. + +.. important:: + + The sample configuration file is auto-generated from tacker when this + documentation is built. You must ensure your version of tacker matches the + version of this documentation. + +.. literalinclude:: /_static/tacker.conf.sample diff --git a/etc/config-generator.conf b/etc/config-generator.conf index e0fd39568..d67670de6 100644 --- a/etc/config-generator.conf +++ b/etc/config-generator.conf @@ -2,6 +2,7 @@ output_file = etc/tacker/tacker.conf.sample wrap_width = 79 namespace = tacker.common.config +namespace = tacker.conf namespace = tacker.wsgi namespace = tacker.service namespace = tacker.nfvo.nfvo_plugin diff --git a/setup.cfg b/setup.cfg index a30dca7c1..5b3b2ecf6 100644 --- a/setup.cfg +++ b/setup.cfg @@ -76,6 +76,7 @@ tacker.tacker.policy.actions = vdu_autoheal = tacker.vnfm.policy_actions.vdu_autoheal.vdu_autoheal:VNFActionVduAutoheal oslo.config.opts = tacker.common.config = tacker.common.config:config_opts + tacker.conf = tacker.conf.opts:list_opts tacker.wsgi = tacker.wsgi:config_opts tacker.service = tacker.service:config_opts tacker.nfvo.nfvo_plugin = tacker.nfvo.nfvo_plugin:config_opts diff --git a/tacker/conf/__init__.py b/tacker/conf/__init__.py new file mode 100644 index 000000000..072466c27 --- /dev/null +++ b/tacker/conf/__init__.py @@ -0,0 +1,25 @@ +# Copyright (C) 2019 NTT DATA +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_config import cfg + +from tacker.conf import conductor +from tacker.conf import vnf_package + + +CONF = cfg.CONF + +vnf_package.register_opts(CONF) +conductor.register_opts(CONF) diff --git a/tacker/conf/conductor.py b/tacker/conf/conductor.py new file mode 100644 index 000000000..f581a8a3c --- /dev/null +++ b/tacker/conf/conductor.py @@ -0,0 +1,34 @@ +# Copyright (C) 2019 NTT DATA +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_config import cfg + + +CONF = cfg.CONF + +interval_opts = [ + cfg.IntOpt('vnf_package_delete_interval', + default=1800, + help=_('Seconds between running periodic tasks ' + 'to cleanup residues of deleted vnf packages')), +] + + +def register_opts(conf): + conf.register_opts(interval_opts) + + +def list_opts(): + return {'DEFAULT': interval_opts} diff --git a/tacker/conf/opts.py b/tacker/conf/opts.py new file mode 100644 index 000000000..f4612f086 --- /dev/null +++ b/tacker/conf/opts.py @@ -0,0 +1,83 @@ +# Copyright 2015 OpenStack Foundation +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# TODO(nirajsingh): Most of the config options are scattered all through +# out the code. In future, move all these config options in new modules +# under conf/ folder. + +""" +This is the single point of entry to generate the sample configuration +file for tacker. It collects all the necessary info from the other modules +in this package. It is assumed that: + +* every other module in this package has a 'list_opts' function which + return a dict where + * the keys are strings which are the group names + * the value of each key is a list of config options for that group +* the tacker.conf package doesn't have further packages with config options +* this module is only used in the context of sample file generation +""" + +import collections +import os +from oslo_utils import importutils +import pkgutil + +LIST_OPTS_FUNC_NAME = "list_opts" + + +def _tupleize(dct): + """Take the dict of options and convert to the 2-tuple format.""" + return [(key, val) for key, val in dct.items()] + + +def list_opts(): + opts = collections.defaultdict(list) + module_names = _list_module_names() + imported_modules = _import_modules(module_names) + _append_config_options(imported_modules, opts) + return _tupleize(opts) + + +def _list_module_names(): + module_names = [] + package_path = os.path.dirname(os.path.abspath(__file__)) + for _, modname, ispkg in pkgutil.iter_modules(path=[package_path]): + if modname == "opts" or ispkg: + continue + else: + module_names.append(modname) + return module_names + + +def _import_modules(module_names): + imported_modules = [] + for modname in module_names: + mod = importutils.import_module("tacker.conf." + modname) + if not hasattr(mod, LIST_OPTS_FUNC_NAME): + msg = "The module 'tacker.conf.%s' should have a '%s' "\ + "function which returns the config options." % \ + (modname, LIST_OPTS_FUNC_NAME) + raise Exception(msg) + else: + imported_modules.append(mod) + return imported_modules + + +def _append_config_options(imported_modules, config_options): + for mod in imported_modules: + configs = mod.list_opts() + for key, val in configs.items(): + config_options[key].extend(val) diff --git a/tacker/conf/vnf_package.py b/tacker/conf/vnf_package.py new file mode 100644 index 000000000..40c8e115c --- /dev/null +++ b/tacker/conf/vnf_package.py @@ -0,0 +1,74 @@ +# Copyright (C) 2019 NTT DATA +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_config import cfg + + +CONF = cfg.CONF + +OPTS = [ + cfg.StrOpt('vnf_package_csar_path', + default='/var/lib/tacker/vnfpackages/', + help="Path to store extracted CSAR file"), + + cfg.FloatOpt('csar_file_size_cap', default=1024, min=0.000001, + max=9223372036, + help=_(""" +Maximum size of CSAR file a user can upload in GB. + +An CSAR file upload greater than the size mentioned here would result +in an CSAR upload failure. This configuration option defaults to +1024 GB (1 TiB). + +NOTES: + * This value should only be increased after careful + consideration and must be set less than or equal to + 8 EiB (~9223372036). + * This value must be set with careful consideration of the + backend storage capacity. Setting this to a very low value + may result in a large number of image failures. And, setting + this to a very large value may result in faster consumption + of storage. Hence, this must be set according to the nature of + images created and storage capacity available. + +Possible values: + * Any positive number less than or equal to 9223372036854775808 +""")), + cfg.StrOpt('hashing_algorithm', + default='sha512', + help=_(""" +Secure hashing algorithm used for computing the 'hash' property. + +Possible values: + * sha256, sha512 + +Related options: + * None +"""))] + +vnf_package_group = cfg.OptGroup('vnf_package', + title='vnf_package options', + help=""" +Options under this group are used to store vnf packages in glance store. +""") + + +def register_opts(conf): + conf.register_group(vnf_package_group) + conf.register_opts(OPTS, group=vnf_package_group) + + +def list_opts(): + return {vnf_package_group: OPTS}