diff --git a/templates/kuryr-libnetwork.conf.j2 b/templates/kuryr-libnetwork.conf.j2 index 94c42c1..ceaf30a 100644 --- a/templates/kuryr-libnetwork.conf.j2 +++ b/templates/kuryr-libnetwork.conf.j2 @@ -1,268 +1,37 @@ [DEFAULT] -# -# From kuryr_libnetwork -# +debug = {{ debug | bool }} +use_stderr = false +use_journal = true -# Directory where Kuryr python module is installed. (string value) -pybasedir = {{ zun_bin }}/../lib/python2.7/site-packages/kuryr_libnetwork +# Directory for Kuryr vif binding executables. (string value) +bindir = {{ zun_bin | dirname }}/libexec/kuryr # Kuryr URL for accessing Kuryr through json rpc. (string value) -#kuryr_uri = http://127.0.0.1:23750 +kuryr_uri = http://{{ zun_kuryr_service_address }}:{{ zun_kuryr_service_port }} # Kuryr plugin scope reported to libnetwork. (string value) -# Possible values: -# local - -# global - capability_scope = global -# There is no address-space by default in neutron (string value) -#local_default_address_space = no_address_space - -# There is no address-space by default in neutron (string value) -#global_default_address_space = no_address_space - -# DEPRECATED: Default driver for the desired deployment model (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#port_driver = kuryr_libnetwork.port_driver.drivers.veth - -# Default driver for the desired deployment model (string value) -#default_port_driver = kuryr_libnetwork.port_driver.drivers.veth - -# Available port drivers (list value) -#enabled_port_drivers = kuryr_libnetwork.port_driver.drivers.veth - # Do processing external connectivity (boolean value) process_external_connectivity = false -# This option allows setting absolute pathto the SSL certificate (string value) -#ssl_cert_file = /var/lib/kuryr/certs/cert.pem - -# This option allows setting absolute pathto the SSL private key (string value) -#ssl_key_file = /var/lib/kuryr/certs/key.pem - -# Enable SSL for Kuryr (boolean value) -#enable_ssl = false - -# If set to true, the logging level will be set to DEBUG instead of the default -# INFO level. (boolean value) -# Note: This option can be changed without restarting. -#debug = false - -# The name of a logging configuration file. This file is appended to any -# existing logging configuration files. For details about logging configuration -# files, see the Python logging module documentation. Note that when logging -# configuration files are used then all logging configuration is set in the -# configuration file and other logging configuration options are ignored (for -# example, logging_context_format_string). (string value) -# Note: This option can be changed without restarting. -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. (string -# value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default is set, -# logging will go to stderr as defined by use_stderr. This option is ignored if -# log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = - -# (Optional) The base directory used for relative log_file paths. This option -# is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = - -# Uses logging handler designed to watch file system. When log file is moved or -# removed this handler will open a new log file with specified path -# instantaneously. It makes sense only if log_file option is specified and -# Linux platform is used. This option is ignored if log_config_append is set. -# (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and will be -# changed later to honor RFC5424. This option is ignored if log_config_append -# is set. (boolean value) -#use_syslog = false - -# Enable journald for logging. If running in a systemd environment you may wish -# to enable journal support. Doing so will use the journal native protocol -# which includes structured metadata in addition to log messages.This option is -# ignored if log_config_append is set. (boolean value) -#use_journal = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Use JSON formatting for logging. This option is ignored if log_config_append -# is set. (boolean value) -#use_json = false - -# Log output to standard error. This option is ignored if log_config_append is -# set. (boolean value) -#use_stderr = false - -# Directory for Kuryr vif binding executables. (string value) -bindir = {{ zun_bin }}/../libexec/kuryr - -# Neutron subnetpool name will be prefixed by this. (string value) -#subnetpool_name_prefix = kuryrPool - -# baremetal or nested-containers are the supported values. (string value) -#deployment_type = baremetal - [binding] -# Configuration options for container interface binding. - -# -# From kuryr_libnetwork -# - # The name prefix of the veth endpoint put inside the container. (string value) veth_dst_prefix = veth -# Driver to use for binding and unbinding ports. (string value) -# Deprecated group/name - [binding]/driver -#default_driver = kuryr.lib.binding.drivers.veth - -# Drivers to use for binding and unbinding ports. (list value) -#enabled_drivers = kuryr.lib.binding.drivers.veth - -# Specifies the name of the Nova instance interface to link the virtual devices -# to (only applicable to some binding drivers. (string value) -#link_iface = - [neutron] # Configuration options for OpenStack Neutron -# -# From kuryr_libnetwork -# - -# Authentication URL (string value) -#auth_url = auth_url = {{ keystone_service_adminurl }} - -# Authentication type to load (string value) -# Deprecated group/name - [neutron]/auth_plugin -#auth_type = auth_type = {{ zun_keystone_auth_plugin }} - -# PEM encoded Certificate Authority to use when verifying HTTPs connections. -# (string value) -#cafile = - -# PEM encoded client certificate cert file (string value) -#certfile = - -# Collect per-API call timing information. (boolean value) -#collect_timing = false - -# Optional domain ID to use with v3 and v2 parameters. It will be used for both -# the user and project domain in v3 and ignored in v2 authentication. (string -# value) -#default_domain_id = - -# Optional domain name to use with v3 API and v2 parameters. It will be used -# for both the user and project domain in v3 and ignored in v2 authentication. -# (string value) -#default_domain_name = - -# Name of default subnetpool version 4 (string value) -#default_subnetpool_v4 = kuryr - -# Name of default subnetpool version 6 (string value) -#default_subnetpool_v6 = kuryr6 - -# Domain ID to scope to (string value) -#domain_id = - -# Domain name to scope to (string value) -#domain_name = - -# Enable or Disable dhcp for neutron subnets. (string value) -#enable_dhcp = True - -# Type of the neutron endpoint to use. This endpoint will be looked up in the -# keystone catalog and should be one of public, internal or admin. (string -# value) -# Possible values: -# public - -# admin - -# internal - endpoint_type = internal - -# Verify HTTPS connections. (boolean value) insecure = {{ keystone_service_internaluri_insecure | bool }} - -# PEM encoded client certificate key file (string value) -#keyfile = - -# User's password (string value) -#password = -password = {{ zun_service_password }} - -# Domain ID containing project (string value) -#project_domain_id = +password = {{ zun_kuryr_service_password }} project_domain_id = {{ zun_service_project_domain_id }} - -# Domain name containing project (string value) -#project_domain_name = - -# Project ID to scope to (string value) -# Deprecated group/name - [neutron]/tenant_id -#project_id = - -# Project name to scope to (string value) -# Deprecated group/name - [neutron]/tenant_name -#project_name = project_name = {{ zun_service_project_name }} - -# Log requests to multiple loggers. (boolean value) -#split_loggers = false - -# Scope for system operations (string value) -#system_scope = - -# Tenant ID (string value) -#tenant_id = - -# Tenant Name (string value) -#tenant_name = - -# Timeout value for http requests (integer value) -#timeout = - -# Token (string value) -#token = - -# Trust ID (string value) -#trust_id = - -# User's domain id (string value) -#user_domain_id = user_domain_id = {{ zun_service_user_domain_id }} - -# User's domain name (string value) -#user_domain_name = - -# User id (string value) -#user_id = - -# Username (string value) -# Deprecated group/name - [neutron]/user_name -#username = username = {{ zun_kuryr_service_username }} - -# Whether a plugging operation is failed if the port to plug does not become -# active (boolean value) vif_plugging_is_fatal = true - -# Seconds to wait for port to become active (integer value) -#vif_plugging_timeout = 0 diff --git a/templates/zun.conf.j2 b/templates/zun.conf.j2 index b26eee2..88f95d0 100644 --- a/templates/zun.conf.j2 +++ b/templates/zun.conf.j2 @@ -1,1614 +1,89 @@ [DEFAULT] - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of the default -# INFO level. (boolean value) -# Note: This option can be changed without restarting. -#debug = false - -# The name of a logging configuration file. This file is appended to any -# existing logging configuration files. For details about logging configuration -# files, see the Python logging module documentation. Note that when logging -# configuration files are used then all logging configuration is set in the -# configuration file and other logging configuration options are ignored (for -# example, logging_context_format_string). (string value) -# Note: This option can be changed without restarting. -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. (string -# value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default is set, -# logging will go to stderr as defined by use_stderr. This option is ignored if -# log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = - -# (Optional) The base directory used for relative log_file paths. This option -# is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = - -# Uses logging handler designed to watch file system. When log file is moved or -# removed this handler will open a new log file with specified path -# instantaneously. It makes sense only if log_file option is specified and -# Linux platform is used. This option is ignored if log_config_append is set. -# (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and will be -# changed later to honor RFC5424. This option is ignored if log_config_append -# is set. (boolean value) -#use_syslog = false - -# Enable journald for logging. If running in a systemd environment you may wish -# to enable journal support. Doing so will use the journal native protocol -# which includes structured metadata in addition to log messages.This option is -# ignored if log_config_append is set. (boolean value) +debug = {{ debug | bool }} use_journal = true - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Use JSON formatting for logging. This option is ignored if log_config_append -# is set. (boolean value) -#use_json = false - -# Log output to standard error. This option is ignored if log_config_append is -# set. (boolean value) -#use_stderr = false - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. (string -# value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the message -# is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is ignored -# if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. (string -# value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. (string -# value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Interval, number of seconds, of log rate limiting. (integer value) -#rate_limit_interval = 0 - -# Maximum number of logged messages per rate_limit_interval. (integer value) -#rate_limit_burst = 0 - -# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG -# or empty string. Logs with level greater or equal to rate_limit_except_level -# are not filtered. An empty string means that all levels are filtered. (string -# value) -#rate_limit_except_level = CRITICAL - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -# -# From oslo.messaging -# - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size = 30 rpc_conn_pool_size = {{ zun_rpc_conn_pool_size }} - -# The pool size limit for connections expiration policy (integer value) -#conn_pool_min_size = 2 - -# The time-to-live in sec of idle connections in the pool (integer value) -#conn_pool_ttl = 1200 - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. -# The "host" option should point or resolve to this address. (string value) -#rpc_zmq_bind_address = * - -# MatchMaker driver. (string value) -# Possible values: -# redis - -# sentinel - -# dummy - -#rpc_zmq_matchmaker = redis - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts = 1 - -# Maximum number of ingress messages to locally buffer per topic. Default is -# unlimited. (integer value) -#rpc_zmq_topic_backlog = - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir = /var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match -# "host" option, if running zun. (string value) -#rpc_zmq_host = localhost - -# Number of seconds to wait before all pending messages will be sent after -# closing a socket. The default value of -1 specifies an infinite linger -# period. The value of 0 specifies no linger period. Pending messages shall be -# discarded immediately when the socket is closed. Positive values specify an -# upper bound for the linger period. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_cast_timeout -#zmq_linger = -1 - -# The default number of seconds that poll should wait. Poll raises timeout -# exception when timeout expired. (integer value) -#rpc_poll_timeout = 1 - -# Expiration timeout in seconds of a name service record about existing target -# ( < 0 means no timeout). (integer value) -#zmq_target_expire = 300 - -# Update period in seconds of a name service record about existing target. -# (integer value) -#zmq_target_update = 180 - -# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean -# value) -#use_pub_sub = false - -# Use ROUTER remote proxy. (boolean value) -#use_router_proxy = false - -# This option makes direct connections dynamic or static. It makes sense only -# with use_router_proxy=False which means to use direct connections for direct -# message types (ignored otherwise). (boolean value) -#use_dynamic_connections = false - -# How many additional connections to a host will be made for failover reasons. -# This option is actual only in dynamic connections mode. (integer value) -#zmq_failover_connections = 2 - -# Minimal port number for random ports range. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#rpc_zmq_min_port = 49153 - -# Maximal port number for random ports range. (integer value) -# Minimum value: 1 -# Maximum value: 65536 -#rpc_zmq_max_port = 65536 - -# Number of retries to find free port number before fail with ZMQBindError. -# (integer value) -#rpc_zmq_bind_port_retries = 100 - -# Default serialization mechanism for serializing/deserializing -# outgoing/incoming messages (string value) -# Possible values: -# json - -# msgpack - -#rpc_zmq_serialization = json - -# This option configures round-robin mode in zmq socket. True means not keeping -# a queue when server side disconnects. False means to keep queue and messages -# even if server is disconnected, when the server appears we send all -# accumulated messages to it. (boolean value) -#zmq_immediate = true - -# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any -# other negative value) means to skip any overrides and leave it to OS default; -# 0 and 1 (or any other positive value) mean to disable and enable the option -# respectively. (integer value) -#zmq_tcp_keepalive = -1 - -# The duration between two keepalive transmissions in idle condition. The unit -# is platform dependent, for example, seconds in Linux, milliseconds in Windows -# etc. The default value of -1 (or any other negative value and 0) means to -# skip any overrides and leave it to OS default. (integer value) -#zmq_tcp_keepalive_idle = -1 - -# The number of retransmissions to be carried out before declaring that remote -# end is not available. The default value of -1 (or any other negative value -# and 0) means to skip any overrides and leave it to OS default. (integer -# value) -#zmq_tcp_keepalive_cnt = -1 - -# The duration between two successive keepalive retransmissions, if -# acknowledgement to the previous keepalive transmission is not received. The -# unit is platform dependent, for example, seconds in Linux, milliseconds in -# Windows etc. The default value of -1 (or any other negative value and 0) -# means to skip any overrides and leave it to OS default. (integer value) -#zmq_tcp_keepalive_intvl = -1 - -# Maximum number of (green) threads to work concurrently. (integer value) -#rpc_thread_pool_size = 100 - -# Expiration timeout in seconds of a sent/received message after which it is -# not tracked anymore by a client/server. (integer value) -#rpc_message_ttl = 300 - -# Wait for message acknowledgements from receivers. This mechanism works only -# via proxy without PUB/SUB. (boolean value) -#rpc_use_acks = false - -# Number of seconds to wait for an ack from a cast/call. After each retry -# attempt this timeout is multiplied by some specified multiplier. (integer -# value) -#rpc_ack_timeout_base = 15 - -# Number to multiply base ack timeout by after each retry attempt. (integer -# value) -#rpc_ack_timeout_multiplier = 2 - -# Default number of message sending attempts in case of any problems occurred: -# positive value N means at most N retries, 0 means no retries, None or -1 (or -# any other negative values) mean to retry forever. This option is used only if -# acknowledgments are enabled. (integer value) -#rpc_retry_attempts = 3 - -# List of publisher hosts SubConsumer can subscribe on. This option has higher -# priority then the default publishers list taken from the matchmaker. (list -# value) -#subscribe_on = - -# Size of executor thread pool when executor is threading or eventlet. (integer -# value) -# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size -#executor_thread_pool_size = 64 - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout = 60 - -# The network address and optional user credentials for connecting to the -# messaging backend, in URL format. The expected format is: -# -# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query -# -# Example: rabbit://rabbitmq:password@127.0.0.1:5672// -# -# For full details on the fields in the URL see the documentation of -# oslo_messaging.TransportURL at -# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html -# (string value) transport_url = {{ zun_oslomsg_rpc_transport }}://{% for host in zun_oslomsg_rpc_servers.split(',') %}{{ zun_oslomsg_rpc_userid }}:{{ zun_oslomsg_rpc_password }}@{{ host }}:{{ zun_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ zun_oslomsg_rpc_vhost }}{% if (zun_oslomsg_rpc_use_ssl | lower) | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} -# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers -# include amqp and zmq. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rpc_backend = rabbit - -# The default exchange under which topics are scoped. May be overridden by an -# exchange name specified in the transport_url option. (string value) -#control_exchange = openstack - -# -# From oslo.service.periodic_task -# - -# Some periodic tasks can be run in a separate process. Should we run them -# here? (boolean value) -#run_external_periodic_tasks = true - -# -# From oslo.service.service -# - -# Enable eventlet backdoor. Acceptable values are 0, , and -# :, where 0 results in listening on a random tcp port number; -# results in listening on the specified port number (and not enabling -# backdoor if that port is in use); and : results in listening on -# the smallest unused port number within the specified range of port numbers. -# The chosen port is displayed in the service's log file. (string value) -#backdoor_port = - -# Enable eventlet backdoor, using the provided path as a unix socket that can -# receive connections. This option is mutually exclusive with 'backdoor_port' -# in that only one should be provided. If both are provided then the existence -# of this option overrides the usage of that option. (string value) -#backdoor_socket = - -# Enables or disables logging values of all registered options when starting a -# service (at DEBUG level). (boolean value) -#log_options = true - -# Specify a timeout after which a gracefully shutdown server will exit. Zero -# value means endless wait. (integer value) -#graceful_shutdown_timeout = 60 - -# -# From zun.conf -# - -# -# Default availability zone for compute services. -# -# This option determines the default availability zone for 'zun-compute' -# services. -# -# Possible values: -# -# * Any string representing an existing availability zone name. -# (string value) -#default_availability_zone = zun - -# -# Default availability zone for containers. -# -# This option determines the default availability zone for containers, which -# will -# be used when a user does not specify one when creating a container. The -# container(s) will be bound to this availability zone for their lifetime. -# -# Possible values: -# -# * Any string representing an existing availability zone name. -# * None, which means that the container can move from one availability zone to -# another during its lifetime if it is moved from one compute node to -# another. -# (string value) -#default_schedule_zone = - -# Defines which driver to use for controlling container. -# Possible values: -# -# * ``docker.driver.DockerDriver`` -# -# Services which consume this: -# -# * ``zun-compute`` -# -# Interdependencies to other options: -# -# * None -# (string value) -#container_driver = docker.driver.DockerDriver - -# Time to sleep (in seconds) during waiting for an event. (integer value) -#default_sleep_time = 1 - -# Maximum time (in seconds) to wait for an event. (integer value) -#default_timeout = 600 - -# Define the cpusets to be excluded from pinning (string value) -#floating_cpu_set = - -# Whether to use infra container. If set to True, -# Zun will create an infra container that serves as a placeholder of a few -# Linux namespaces (i.e. network namespace). Then, one or multiple containers -# could join the namespaces of the infra container thus sharing resources -# inside -# the sandbox (i.e. the network interface). This is typically used to group -# a set of high-coupled containers into a unit. If set to False, infra -# container -# won't be created. -# (boolean value) use_sandbox = true - -# Define the runtime to create container with. Default value -# in Zun is ``runc``. (string value) -#container_runtime = runc - -# The default memory swap size in MB (default is -1 which enable unlimited -# swap). (integer value) -#default_memory_swap = -1 - -# The minimum memory size in MB allowed to set when run/create container. -# (integer value) -#minimum_memory = 4 - -# The maximum memory size in MB allowed to set when run/create container. -# (integer value) -#maximum_memory = 8192 - -# The minimum number of virtual cpus allowed to set when run/create container. -# (floating point value) -#minimum_cpus = 0.1 - -# The maximum number of virtual cpus allowed to set when run/create container. -# (floating point value) -#maximum_cpus = 16.0 - -# The minimum disk size in GB that user can set when run/create container. -# (integer value) -#minimum_disk = 1 - -# The maximum disk size in GB that user can set when run/create container. -# (integer value) -#maximum_disk = 160 - -# The default memory in MB a container can use (will be used if user do not -# specify container's memory). This value should be in range [minimum_memory, -# maximum_memory]. (integer value) -#default_memory = 2048 - -# The default number of cpus a container can use (will be used if user do not -# specify a container's cpus). This value should be in range [minimum_cpus, -# maximum_cpus] (floating point value) -#default_cpu = 1.0 - -# The default disk size a container can use (will be used if user do not -# specify container's disk). This value should be in range [minimum_disk, -# maximum_disk]. Default is 10 (GiB). (integer value) -#default_disk = 10 - -# MySQL engine to use. (string value) -#mysql_engine = InnoDB - -# Defines the list of image driver to use for downloading image. -# Possible values: -# * ``docker`` -# * ``glance`` -# Services which consume this: -# * ``zun-compute`` -# Interdependencies to other options: -# * None -# (list value) image_driver_list = glance,docker - -# The default container image driver to use. (string value) default_image_driver = glance -# Container image for sandbox container. (string value) -#sandbox_image = kubernetes/pause - -# Image driver for sandbox container. (string value) -#sandbox_image_driver = docker - -# Image pull policy for sandbox image. (string value) -#sandbox_image_pull_policy = ifnotpresent - -# -# The IP address which the host is using to connect to the management network. -# -# Possible values: -# -# * String with valid IP address. Default is IPv4 address of this host. -# -# Related options: -# -# * docker_remote_api_host -# * etcd_host -# * wsproxy_host -# * host_ip -# * my_block_storage_ip -# (string value) -#my_ip = - -# -# Hostname, FQDN or IP address of this host. This can be an opaque identifier. -# It is not necessarily a hostname, FQDN, or IP address. However, the node name -# must be valid within an AMQP key, and if using ZeroMQ, a valid hostname, -# FQDN, or IP address. -# -# Possible values: -# -# * String with hostname, FQDN or IP address. Default is hostname of this host. -# (string value) -#host = - -# -# The IP address which is used to connect to the block storage network. -# Possible values: -# * String with valid IP address. Default is IP address of this host. -# Related options: -# * my_ip - if my_block_storage_ip is not set, then my_ip value is used. -# (string value) -#my_block_storage_ip = $my_ip - -# Directory where the zun python module is installed. (string value) -#pybasedir = /openstack/venvs/zun/local/lib/python2.7/site-packages/zun - -# Directory where zun binaries are installed. (string value) -#bindir = $pybasedir/bin - -# Top-level directory for maintaining zun's state. (string value) -#state_path = $pybasedir - -# Max interval size between periodic tasks execution in seconds. (integer -# value) -#periodic_interval_max = 60 - -# Max interval size between periodic tasks execution in seconds. (integer -# value) -#service_down_time = 180 - -# -# Interval to sync container states between the database and the docker. -# -# The interval that Zun checks the actual container state and -# the state that Zun has recorded in its database. If they are inconsistent, -# Zun will update the database according to the actual container state. -# -# Possible values: -# * 0: Will run at the default periodic interval. -# * Any value < 0: Disables the option. -# * Any positive integer in seconds. -# -# (integer value) -#sync_container_state_interval = 60 - -# Path to the rootwrap configuration file to use for running commands as root. -# (string value) -#rootwrap_config = /etc/zun/rootwrap.conf - [api] - -# -# From zun.conf -# - -# The port for the zun API server. (port value) -# Minimum value: 0 -# Maximum value: 65535 port = {{ zun_service_port }} - -# The listen IP for the zun API server. The default is ``$my_ip``, the IP -# address of this host. (IP address value) host_ip = {{ ansible_host }} - -# Enable the integrated stand-alone API to service requests via HTTPS instead -# of HTTP. If there is a front-end service performing HTTPS offloading from the -# service, this option should be False; note, you will want to change public -# API endpoint to represent SSL termination URL with 'public_endpoint' option. -# (boolean value) -#enable_ssl_api = false - -# Number of workers for zun-api service. The default will be the number of CPUs -# available. (integer value) workers = {{ zun_api_threads }} -# The maximum number of items returned in a single response from a collection -# resource. (integer value) -#max_limit = 1000 - -# Configuration file for WSGI definition of API. (string value) -#api_paste_config = api-paste.ini - -# Enable image validation. (boolean value) -#enable_image_validation = true - [cinder_client] - -# -# From zun.conf -# - -# Type of endpoint in Identity service catalog to use for communication with -# the OpenStack service. (string value) endpoint_type = {{ zun_service_endpoint_type }} -# Version of Cinder API to use in cinderclient. (string value) -#api_version = 3 - -# Optional CA cert file to use in SSL connections. (string value) -#ca_file = - -# If set, then the server's certificate will not be verified. (boolean value) -#insecure = false - - -[compute] - -# -# From zun.conf -# - -# The queue to add compute tasks to. (string value) -#topic = zun-compute - -# -# Sets the scope of the check for unique container names. -# The default doesn't check for unique names. If a scope for the name check is -# set, a launch of a new container with a duplicate name will result in an -# ''ContainerAlreadyExists'' error. The uniqueness is case-insensitive. -# Setting this option can increase the usability for end users as they don't -# have to distinguish among containers with the same name by their IDs. -# Possible values: -# * '': An empty value means that no uniqueness check is done and duplicate -# names are possible. -# * "project": The container name check is done only for containers within the -# same project. -# * "global": The container name check is done for all containers regardless of -# the project. -# (string value) -# Possible values: -# '' - -# project - -# global - -#unique_container_name_scope = - -# restart the containers which are runningbefore the host reboots. (boolean -# value) -#resume_container_state = true - -# reserve disk for docker images (floating point value) -#reserve_disk_for_image = 0.2 - - -[cors] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain received in the -# requests "origin" header. Format: "://[:]", no trailing -# slash. Example: https://horizon.example.com (list value) -#allowed_origin = - -# Indicate that the actual request can include user credentials (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple -# Headers. (list value) -#expose_headers = - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list value) -#allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH - -# Indicate which header field names may be used during the actual request. -# (list value) -#allow_headers = - - {% if group_names | intersect(zun_services.keys() | difference('zun-compute') | map('extract', zun_services, 'group') | list) | count > 0 %} [database] - -# -# From oslo.db -# - -# If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. (string -# value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = connection = mysql+pymysql://{{ zun_galera_user }}:{{ zun_galera_password }}@{{ zun_galera_address }}/{{ zun_galera_database }}?charset=utf8{% if zun_galera_use_ssl | bool %}&ssl_ca={{ zun_galera_ssl_ca_cert }}{% endif %} -# The SQLAlchemy connection string to use to connect to the slave database. -# (string value) -#slave_connection = - -# The SQL mode to be used for MySQL sessions. This option, including the -# default, overrides any server-set SQL mode. To use whatever SQL mode is set -# by the server configuration, set this to no value. Example: mysql_sql_mode= -# (string value) -#mysql_sql_mode = TRADITIONAL - -# If True, transparently enables support for handling MySQL Cluster (NDB). -# (boolean value) -#mysql_enable_ndb = false - -# Connections which have been present in the connection pool longer than this -# number of seconds will be replaced with a new one the next time they are -# checked out from the pool. (integer value) -# Deprecated group/name - [DATABASE]/idle_timeout -# Deprecated group/name - [database]/idle_timeout -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#connection_recycle_time = 3600 - -# DEPRECATED: Minimum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: The option to set the minimum pool size is not supported by -# sqlalchemy. -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. Setting a value of -# 0 indicates no limit. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = 5 max_pool_size = {{ zun_db_max_pool_size }} - -# Maximum number of database connection retries during startup. Set to -1 to -# specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = 50 max_overflow = {{ zun_db_max_overflow }} - -# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer -# value) -# Minimum value: 0 -# Maximum value: 100 -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = pool_timeout = {{ zun_db_pool_timeout }} - -# Enable the experimental use of database reconnect on connection lost. -# (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database operation up to -# db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries of a -# database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before error is -# raised. Set to -1 to specify an infinite retry count. (integer value) -#db_max_retries = 20 - -# Optional URL parameters to append onto the connection URL at connect time; -# specify as param1=value1¶m2=value2&... (string value) -#connection_parameters = {% endif %} -[docker] - -# -# From zun.conf -# - {% if zun_docker_api_version != false %} -# Docker remote api version. Override it according to specific docker api -# version in your environment. (string value) +[docker] docker_remote_api_version = {{ zun_docker_api_version }} {% endif %} -# Default timeout in seconds for docker client operations. (integer value) -#default_timeout = 60 - -# API endpoint of docker daemon (string value) -#api_url = unix:///var/run/docker.sock - -# Remote API endpoint of docker daemon (string value) -#docker_remote_api_url = tcp://$docker_remote_api_host:$docker_remote_api_port - -# If set, ignore any SSL validation issues (boolean value) -#api_insecure = false - -# Location of CA certificates file for securing docker api requests -# (tlscacert). (string value) -#ca_file = - -# Location of TLS certificate file for securing docker api requests (tlscert). -# (string value) -#cert_file = - -# Location of TLS private key file for securing docker api requests (tlskey). -# (string value) -#key_file = - -# Defines the remote api host for the docker daemon. (string value) -#docker_remote_api_host = $my_ip - -# Defines the remote api port for the docker daemon. (string value) -#docker_remote_api_port = 2375 - -# Timeout in seconds for executing a command in a docker container. (integer -# value) -#execute_timeout = 5 - -# Root directory of persistent Docker state. (string value) -#docker_data_root = /var/lib/docker - - -[etcd] - -# -# From zun.conf -# - -# Host IP address on which etcd service running. The default is ``$my_ip``, the -# IP address of this host. (host address value) -#etcd_host = $my_ip - -# Port on which etcd listen client request. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#etcd_port = 2379 - - [glance] - -# -# From zun.conf -# - -# Shared directory where glance images located. If specified, docker will try -# to load the image from the shared directory by image ID. (string value) -#images_directory = $state_path/images +images_directory = /var/cache/zun/images [glance_client] - -# -# From zun.conf -# - -# Region in Identity service catalog to use for communication with the -# OpenStack service. (string value) -#region_name = - -# Type of endpoint in Identity service catalog to use for communication with -# the OpenStack service. (string value) endpoint_type = {{ zun_service_endpoint_type }} - -# Version of Glance API to use in glanceclient. (string value) -#api_version = 2 - -# Optional CA cert file to use in SSL connections. (string value) -#ca_file = - -# Optional PEM-formatted certificate chain file. (string value) -#cert_file = - -# Optional PEM-formatted file that contains the private key. (string value) -#key_file = - -# If set, then the server's certificate will not be verified. (boolean value) -#insecure = false insecure = {{ keystone_service_internaluri_insecure | bool }} [keystone_auth] - -# -# From zun.conf -# - -# Authentication type to load (string value) -# Deprecated group/name - [keystone_auth]/auth_plugin -#auth_type = auth_type = {{ zun_keystone_auth_plugin }} - -# Config Section from which to load plugin specific options (string value) -#auth_section = - -# Authentication URL (string value) -#auth_url = auth_url = {{ keystone_service_adminurl }} - -# Scope for system operations (string value) -#system_scope = - -# Domain ID to scope to (string value) -#domain_id = - -# Domain name to scope to (string value) -#domain_name = - -# Project ID to scope to (string value) -# Deprecated group/name - [keystone_auth]/tenant_id -#project_id = - -# Project name to scope to (string value) -# Deprecated group/name - [keystone_auth]/tenant_name -#project_name = project_name = {{ zun_service_project_name }} - -# Domain ID containing project (string value) -#project_domain_id = project_domain_id = {{ zun_service_project_domain_id }} - -# Domain name containing project (string value) -#project_domain_name = - -# Trust ID (string value) -#trust_id = - -# Optional domain ID to use with v3 and v2 parameters. It will be used for both -# the user and project domain in v3 and ignored in v2 authentication. (string -# value) -#default_domain_id = - -# Optional domain name to use with v3 API and v2 parameters. It will be used -# for both the user and project domain in v3 and ignored in v2 authentication. -# (string value) -#default_domain_name = - -# User id (string value) -#user_id = - -# Username (string value) -# Deprecated group/name - [keystone_auth]/user_name -#username = username = {{ zun_service_user_name }} - -# User's domain id (string value) -#user_domain_id = user_domain_id = {{ zun_service_user_domain_id }} - -# User's domain name (string value) -#user_domain_name = - -# User's password (string value) -#password = password = {{ zun_service_password }} [keystone_authtoken] - -# -# From keystonemiddleware.auth_token -# - -# Authentication URL (string value) -#auth_url = auth_url = {{ keystone_service_adminurl }} - -# Complete "public" Identity API endpoint. This endpoint should not be an -# "admin" endpoint, as it should be accessible by all end users. -# Unauthenticated clients are redirected to this endpoint to authenticate. -# Although this endpoint should ideally be unversioned, client support in the -# wild varies. If you're using a versioned v2 endpoint here, then this should -# *not* be the same endpoint the service user utilizes for validating tokens, -# because normal end users may not be able to reach that endpoint. (string -# value) -# Deprecated group/name - [keystone_authtoken]/auth_uri -#www_authenticate_uri = www_authenticate_uri = {{ keystone_service_internaluri }} - -# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not -# be an "admin" endpoint, as it should be accessible by all end users. -# Unauthenticated clients are redirected to this endpoint to authenticate. -# Although this endpoint should ideally be unversioned, client support in the -# wild varies. If you're using a versioned v2 endpoint here, then this should -# *not* be the same endpoint the service user utilizes for validating tokens, -# because normal end users may not be able to reach that endpoint. This option -# is deprecated in favor of www_authenticate_uri and will be removed in the S -# release. (string value) -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri -# and will be removed in the S release. -#auth_uri = - -# API version of the admin Identity API endpoint. (string value) auth_version = v3 - -# Do not handle authorization requests within the middleware, but delegate the -# authorization decision to downstream WSGI components. (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. (integer -# value) -#http_connect_timeout = - -# How many times are we trying to reconnect when communicating with Identity -# API Server. (integer value) -#http_request_max_retries = 3 - -# Request environment key where the Swift cache object is stored. When -# auth_token middleware is deployed with a Swift cache, use this option to have -# the middleware share a caching backend with swift. Otherwise, use the -# ``memcached_servers`` option instead. (string value) -#cache = - -# Required if identity server requires client certificate (string value) -#certfile = - -# Required if identity server requires client certificate (string value) -#keyfile = - -# A PEM encoded Certificate Authority to use when verifying HTTPs connections. -# Defaults to system CAs. (string value) -#cafile = - -# Verify HTTPS connections. (boolean value) -#insecure = false insecure = {{ keystone_service_internaluri_insecure | bool }} - -# The region in which the identity server can be found. (string value) -#region_name = region_name = {{ keystone_service_region }} - -# DEPRECATED: Directory used to cache files related to PKI tokens. This option -# has been deprecated in the Ocata release and will be removed in the P -# release. (string value) -# This option is deprecated for removal since Ocata. -# Its value may be silently ignored in the future. -# Reason: PKI token format is no longer supported. -#signing_dir = - -# Optionally specify a list of memcached server(s) to use for caching. If left -# undefined, tokens will instead be cached in-process. (list value) -# Deprecated group/name - [keystone_authtoken]/memcache_servers -#memcached_servers = memcached_servers = {{ zun_memcached_servers }} - -# In order to prevent excessive effort spent validating tokens, the middleware -# caches previously-seen tokens for a configurable duration (in seconds). Set -# to -1 to disable caching completely. (integer value) -#token_cache_time = 300 token_cache_time = 300 - -# DEPRECATED: Determines the frequency at which the list of revoked tokens is -# retrieved from the Identity service (in seconds). A high number of revocation -# events combined with a low cache duration may significantly reduce -# performance. Only valid for PKI tokens. This option has been deprecated in -# the Ocata release and will be removed in the P release. (integer value) -# This option is deprecated for removal since Ocata. -# Its value may be silently ignored in the future. -# Reason: PKI token format is no longer supported. -#revocation_cache_time = 10 - -# (Optional) If defined, indicate whether token data should be authenticated or -# authenticated and encrypted. If MAC, token data is authenticated (with HMAC) -# in the cache. If ENCRYPT, token data is encrypted and authenticated in the -# cache. If the value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -# Possible values: -# None - -# MAC - -# ENCRYPT - -#memcache_security_strategy = None memcache_security_strategy = ENCRYPT - -# (Optional, mandatory if memcache_security_strategy is defined) This string is -# used for key derivation. (string value) -#memcache_secret_key = memcache_secret_key = {{ memcached_encryption_key }} - -# (Optional) Number of seconds memcached server is considered dead before it is -# tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every memcached -# server. (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a memcached -# server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held unused in the -# pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a memcached -# client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcached client pool. The -# advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If False, -# middleware will not ask for service catalog on token validation and will not -# set the X-Service-Catalog header. (boolean value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: "disabled" -# to not check token binding. "permissive" (default) to validate binding -# information if the bind type is of a form known to the server and ignore it -# if not. "strict" like "permissive" but if the bind type is unknown the token -# will be rejected. "required" any form of token binding is needed to be -# allowed. Finally the name of a binding method that must be present in tokens. -# (string value) -#enforce_token_bind = permissive - -# DEPRECATED: If true, the revocation list will be checked for cached tokens. -# This requires that PKI tokens are configured on the identity server. (boolean -# value) -# This option is deprecated for removal since Ocata. -# Its value may be silently ignored in the future. -# Reason: PKI token format is no longer supported. -#check_revocations_for_cached = false - -# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those supported by Python -# standard hashlib.new(). The hashes will be tried in the order given, so put -# the preferred one first for performance. The result of the first hash will be -# stored in the cache. This will typically be set to multiple values only while -# migrating from a less secure algorithm to a more secure one. Once all the old -# tokens are expired this option should be set to a single value for better -# performance. (list value) -# This option is deprecated for removal since Ocata. -# Its value may be silently ignored in the future. -# Reason: PKI token format is no longer supported. -#hash_algorithms = md5 - -# A choice of roles that must be present in a service token. Service tokens are -# allowed to request that an expired token can be used and so this check should -# tightly control that only actual services should be sending this token. Roles -# here are applied as an ANY check so any role in this list must be present. -# For backwards compatibility reasons this currently only affects the -# allow_expired check. (list value) -#service_token_roles = service - -# For backwards compatibility reasons we must let valid service tokens pass -# that don't pass the service_token_roles check as valid. Setting this true -# will become the default in a future release and should be enabled if -# possible. (boolean value) service_token_roles_required = true - -# Authentication type to load (string value) -# Deprecated group/name - [keystone_authtoken]/auth_plugin -#auth_type = auth_type = {{ zun_keystone_auth_plugin }} - -# Config Section from which to load plugin specific options (string value) -#auth_section = - -# Username (string value) -# Deprecated group/name - [keystone_auth]/user_name -#username = username = {{ zun_service_user_name }} - -# User's domain id (string value) -#user_domain_id = user_domain_id = {{ zun_service_user_domain_id }} - -# User's domain name (string value) -#user_domain_name = - -# User's password (string value) -#password = password = {{ zun_service_password }} - -[matchmaker_redis] - -# -# From oslo.messaging -# - -# DEPRECATED: Host to locate redis. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#host = 127.0.0.1 - -# DEPRECATED: Use this port to connect to redis host. (port value) -# Minimum value: 0 -# Maximum value: 65535 -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#port = 6379 - -# DEPRECATED: Password for Redis server (optional). (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#password = - -# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g., -# [host:port, host1:port ... ] (list value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#sentinel_hosts = - -# Redis replica set name. (string value) -#sentinel_group_name = oslo-messaging-zeromq - -# Time in ms to wait between connection attempts. (integer value) -#wait_timeout = 2000 - -# Time in ms to wait before the transaction is killed. (integer value) -#check_timeout = 20000 - -# Timeout in ms on blocking socket operations. (integer value) -#socket_timeout = 10000 - - [network] - -# -# From zun.conf -# - -# Defines which driver to use for container network. (string value) -#driver = kuryr - -# The network plugin driver name, you can find it by docker plugin list. -# (string value) -#driver_name = kuryr - +driver = kuryr +driver_name = kuryr [neutron_client] - -# -# From zun.conf -# - -# Type of endpoint in Identity service catalog to use for communication with -# the OpenStack service. (string value) endpoint_type = {{ zun_service_endpoint_type }} - -# Optional CA cert file to use in SSL connections. (string value) -#ca_file = - -# Optional PEM-formatted certificate chain file. (string value) -#cert_file = - -# Optional PEM-formatted file that contains the private key. (string value) -#key_file = - -# If set, then the server's certificate will not be verified. (boolean value) -#insecure = false insecure = {{ keystone_service_adminuri_insecure | bool }} [oslo_concurrency] - -# -# From oslo.concurrency -# - -# Enables or disables inter-process locks. (boolean value) -#disable_process_locking = false - -# Directory to use for lock files. For security, the specified directory -# should only be writable by the user running the processes that need locking. -# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, -# a lock path must be set. (string value) lock_path = /var/lib/zun/tmp -[oslo_messaging_amqp] - -# -# From oslo.messaging -# - -# Name for the AMQP container. must be globally unique. Defaults to a generated -# UUID (string value) -#container_name = - -# Timeout for inactive connections (in seconds) (integer value) -#idle_timeout = 0 - -# Debug: dump AMQP frames to stdout (boolean value) -#trace = false - -# Attempt to connect via SSL. If no other ssl-related parameters are given, it -# will use the system's CA-bundle to verify the server's certificate. (boolean -# value) -#ssl = false - -# CA certificate PEM file used to verify the server's certificate (string -# value) -#ssl_ca_file = - -# Self-identifying certificate PEM file for client authentication (string -# value) -#ssl_cert_file = - -# Private key PEM file used to sign ssl_cert_file certificate (optional) -# (string value) -#ssl_key_file = - -# Password for decrypting ssl_key_file (if encrypted) (string value) -#ssl_key_password = - -# By default SSL checks that the name in the server's certificate matches the -# hostname in the transport_url. In some configurations it may be preferable to -# use the virtual hostname instead, for example if the server uses the Server -# Name Indication TLS extension (rfc6066) to provide a certificate per virtual -# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the -# virtual host name instead of the DNS name. (boolean value) -#ssl_verify_vhost = false - -# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Not applicable - not a SSL server -#allow_insecure_clients = false - -# Space separated list of acceptable SASL mechanisms (string value) -#sasl_mechanisms = - -# Path to directory that contains the SASL configuration (string value) -#sasl_config_dir = - -# Name of configuration file (without .conf suffix) (string value) -#sasl_config_name = - -# SASL realm to use if no realm present in username (string value) -#sasl_default_realm = - -# DEPRECATED: User name for message broker authentication (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Should use configuration option transport_url to provide the -# username. -#username = - -# DEPRECATED: Password for message broker authentication (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Should use configuration option transport_url to provide the -# password. -#password = - -# Seconds to pause before attempting to re-connect. (integer value) -# Minimum value: 1 -#connection_retry_interval = 1 - -# Increase the connection_retry_interval by this many seconds after each -# unsuccessful failover attempt. (integer value) -# Minimum value: 0 -#connection_retry_backoff = 2 - -# Maximum limit for connection_retry_interval + connection_retry_backoff -# (integer value) -# Minimum value: 1 -#connection_retry_interval_max = 30 - -# Time to pause between re-connecting an AMQP 1.0 link that failed due to a -# recoverable error. (integer value) -# Minimum value: 1 -#link_retry_delay = 10 - -# The maximum number of attempts to re-send a reply message which failed due to -# a recoverable error. (integer value) -# Minimum value: -1 -#default_reply_retry = 0 - -# The deadline for an rpc reply message delivery. (integer value) -# Minimum value: 5 -#default_reply_timeout = 30 - -# The deadline for an rpc cast or call message delivery. Only used when caller -# does not provide a timeout expiry. (integer value) -# Minimum value: 5 -#default_send_timeout = 30 - -# The deadline for a sent notification message delivery. Only used when caller -# does not provide a timeout expiry. (integer value) -# Minimum value: 5 -#default_notify_timeout = 30 - -# The duration to schedule a purge of idle sender links. Detach link after -# expiry. (integer value) -# Minimum value: 1 -#default_sender_link_timeout = 600 - -# Indicates the addressing mode used by the driver. -# Permitted values: -# 'legacy' - use legacy non-routable addressing -# 'routable' - use routable addresses -# 'dynamic' - use legacy addresses if the message bus does not support routing -# otherwise use routable addressing (string value) -#addressing_mode = dynamic - -# Enable virtual host support for those message buses that do not natively -# support virtual hosting (such as qpidd). When set to true the virtual host -# name will be added to all message bus addresses, effectively creating a -# private 'subnet' per virtual host. Set to False if the message bus supports -# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative -# as the name of the virtual host. (boolean value) -#pseudo_vhost = true - -# address prefix used when sending to a specific server (string value) -#server_request_prefix = exclusive - -# address prefix used when broadcasting to all servers (string value) -#broadcast_prefix = broadcast - -# address prefix when sending to any server in group (string value) -#group_request_prefix = unicast - -# Address prefix for all generated RPC addresses (string value) -#rpc_address_prefix = openstack.org/om/rpc - -# Address prefix for all generated Notification addresses (string value) -#notify_address_prefix = openstack.org/om/notify - -# Appended to the address prefix when sending a fanout message. Used by the -# message bus to identify fanout messages. (string value) -#multicast_address = multicast - -# Appended to the address prefix when sending to a particular RPC/Notification -# server. Used by the message bus to identify messages sent to a single -# destination. (string value) -#unicast_address = unicast - -# Appended to the address prefix when sending to a group of consumers. Used by -# the message bus to identify messages that should be delivered in a round- -# robin fashion across consumers. (string value) -#anycast_address = anycast - -# Exchange name used in notification addresses. -# Exchange name resolution precedence: -# Target.exchange if set -# else default_notification_exchange if set -# else control_exchange if set -# else 'notify' (string value) -#default_notification_exchange = - -# Exchange name used in RPC addresses. -# Exchange name resolution precedence: -# Target.exchange if set -# else default_rpc_exchange if set -# else control_exchange if set -# else 'rpc' (string value) -#default_rpc_exchange = - -# Window size for incoming RPC Reply messages. (integer value) -# Minimum value: 1 -#reply_link_credit = 200 - -# Window size for incoming RPC Request messages (integer value) -# Minimum value: 1 -#rpc_server_credit = 100 - -# Window size for incoming Notification messages (integer value) -# Minimum value: 1 -#notify_server_credit = 100 - -# Send messages of this type pre-settled. -# Pre-settled messages will not receive acknowledgement -# from the peer. Note well: pre-settled messages may be -# silently discarded if the delivery fails. -# Permitted values: -# 'rpc-call' - send RPC Calls pre-settled -# 'rpc-reply'- send RPC Replies pre-settled -# 'rpc-cast' - Send RPC Casts pre-settled -# 'notify' - Send Notifications pre-settled -# (multi valued) -#pre_settled = rpc-cast -#pre_settled = rpc-reply - - -[oslo_messaging_kafka] - -# -# From oslo.messaging -# - -# DEPRECATED: Default Kafka broker Host (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#kafka_default_host = localhost - -# DEPRECATED: Default Kafka broker Port (port value) -# Minimum value: 0 -# Maximum value: 65535 -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#kafka_default_port = 9092 - -# Max fetch bytes of Kafka consumer (integer value) -#kafka_max_fetch_bytes = 1048576 - -# Default timeout(s) for Kafka consumers (floating point value) -#kafka_consumer_timeout = 1.0 - -# DEPRECATED: Pool Size for Kafka Consumers (integer value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Driver no longer uses connection pool. -#pool_size = 10 - -# DEPRECATED: The pool size limit for connections expiration policy (integer -# value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Driver no longer uses connection pool. -#conn_pool_min_size = 2 - -# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer -# value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Driver no longer uses connection pool. -#conn_pool_ttl = 1200 - -# Group id for Kafka consumer. Consumers in one group will coordinate message -# consumption (string value) -#consumer_group = oslo_messaging_consumer - -# Upper bound on the delay for KafkaProducer batching in seconds (floating -# point value) -#producer_batch_timeout = 0.0 - -# Size of batch for the producer async send (integer value) -#producer_batch_size = 16384 - -# Enable asynchronous consumer commits (boolean value) -#enable_auto_commit = false - -# The maximum number of records returned in a poll call (integer value) -#max_poll_records = 500 - -# Protocol used to communicate with brokers (string value) -# Possible values: -# PLAINTEXT - -# SASL_PLAINTEXT - -# SSL - -# SASL_SSL - -#security_protocol = PLAINTEXT - -# Mechanism when security protocol is SASL (string value) -#sasl_mechanism = PLAIN - -# CA certificate PEM file used to verify the server certificate (string value) -#ssl_cafile = - - [oslo_messaging_notifications] - -# -# From oslo.messaging -# - -# The Drivers(s) to handle sending notifications. Possible values are -# messaging, messagingv2, routing, log, test, noop (multi valued) -# Deprecated group/name - [DEFAULT]/notification_driver -driver = messagingv2 - -# A URL representing the messaging driver to use for notifications. If not set, -# we fall back to the same configuration used for RPC. (string value) -# Deprecated group/name - [DEFAULT]/notification_transport_url -#transport_url = +driver = {{ (zun_ceilometer_enabled | bool) | ternary('messagingv2', 'noop') }} transport_url = {{ zun_oslomsg_notify_transport }}://{% for host in zun_oslomsg_notify_servers.split(',') %}{{ zun_oslomsg_notify_userid }}:{{ zun_oslomsg_notify_password }}@{{ host }}:{{ zun_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ zun_oslomsg_notify_vhost }}{% if (zun_oslomsg_notify_use_ssl | lower) | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -# Deprecated group/name - [DEFAULT]/notification_topics -#topics = notifications {% if zun_ceilometer_enabled or zun_designate_enabled %} {% set notification_topics = [] %} {% if neutron_ceilometer_enabled %} @@ -1620,793 +95,26 @@ transport_url = {{ zun_oslomsg_notify_transport }}://{% for host in zun_oslomsg_ topics = {{ notification_topics | join(',') }} {% endif %} -# The maximum number of attempts to re-send a notification message which failed -# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite -# (integer value) -#retry = -1 - [oslo_messaging_rabbit] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_durable_queues -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -#amqp_auto_delete = false - -# Connect over SSL. (boolean value) -# Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl -#ssl = false ssl = {{ zun_oslomsg_notify_use_ssl | bool }} -# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and -# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some -# distributions. (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version -#ssl_version = - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile -#ssl_key_file = - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile -#ssl_cert_file = - -# SSL certification authority file (valid only if SSL enabled). (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs -#ssl_ca_file = - -# How long to wait before reconnecting in response to an AMQP consumer cancel -# notification. (floating point value) -#kombu_reconnect_delay = 1.0 - -# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not -# be used. This option may not be available in future versions. (string value) -#kombu_compression = - -# How long to wait a missing client before abandoning to send it its replies. -# This value should not be longer than rpc_response_timeout. (integer value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout -#kombu_missing_consumer_retry_timeout = 60 - -# Determines how the next RabbitMQ node is chosen in case the one we are -# currently connected to becomes unavailable. Takes effect only if more than -# one RabbitMQ node is provided in config. (string value) -# Possible values: -# round-robin - -# shuffle - -#kombu_failover_strategy = round-robin - -# DEPRECATED: The RabbitMQ broker address where a single node is used. (string -# value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rabbit_host = localhost - -# DEPRECATED: The RabbitMQ broker port where a single node is used. (port -# value) -# Minimum value: 0 -# Maximum value: 65535 -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rabbit_port = 5672 - -# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rabbit_hosts = $rabbit_host:$rabbit_port - -# DEPRECATED: The RabbitMQ userid. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rabbit_userid = guest - -# DEPRECATED: The RabbitMQ password. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rabbit_password = guest - -# The RabbitMQ login method. (string value) -# Possible values: -# PLAIN - -# AMQPLAIN - -# RABBIT-CR-DEMO - -#rabbit_login_method = AMQPLAIN - -# DEPRECATED: The RabbitMQ virtual host. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Replaced by [DEFAULT]/transport_url -#rabbit_virtual_host = / - -# How frequently to retry connecting with RabbitMQ. (integer value) -#rabbit_retry_interval = 1 - -# How long to backoff for between retries when connecting to RabbitMQ. (integer -# value) -#rabbit_retry_backoff = 2 - -# Maximum interval of RabbitMQ connection retries. Default is 30 seconds. -# (integer value) -#rabbit_interval_max = 30 - -# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this -# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring -# is no longer controlled by the x-ha-policy argument when declaring a queue. -# If you just want to make sure that all queues (except those with auto- -# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy -# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value) -#rabbit_ha_queues = false - -# Positive integer representing duration in seconds for queue TTL (x-expires). -# Queues which are unused for the duration of the TTL are automatically -# deleted. The parameter affects only reply and fanout queues. (integer value) -# Minimum value: 1 -#rabbit_transient_queues_ttl = 1800 - -# Specifies the number of messages to prefetch. Setting to zero allows -# unlimited messages. (integer value) -#rabbit_qos_prefetch_count = 0 - -# Number of seconds after which the Rabbit broker is considered down if -# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer -# value) -#heartbeat_timeout_threshold = 60 - -# How often times during the heartbeat_timeout_threshold we check the -# heartbeat. (integer value) -#heartbeat_rate = 2 - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) -#fake_rabbit = false - - -[oslo_messaging_zmq] - -# -# From oslo.messaging -# - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. -# The "host" option should point or resolve to this address. (string value) -#rpc_zmq_bind_address = * - -# MatchMaker driver. (string value) -# Possible values: -# redis - -# sentinel - -# dummy - -#rpc_zmq_matchmaker = redis - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts = 1 - -# Maximum number of ingress messages to locally buffer per topic. Default is -# unlimited. (integer value) -#rpc_zmq_topic_backlog = - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir = /var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match -# "host" option, if running zun. (string value) -#rpc_zmq_host = localhost - -# Number of seconds to wait before all pending messages will be sent after -# closing a socket. The default value of -1 specifies an infinite linger -# period. The value of 0 specifies no linger period. Pending messages shall be -# discarded immediately when the socket is closed. Positive values specify an -# upper bound for the linger period. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_cast_timeout -#zmq_linger = -1 - -# The default number of seconds that poll should wait. Poll raises timeout -# exception when timeout expired. (integer value) -#rpc_poll_timeout = 1 - -# Expiration timeout in seconds of a name service record about existing target -# ( < 0 means no timeout). (integer value) -#zmq_target_expire = 300 - -# Update period in seconds of a name service record about existing target. -# (integer value) -#zmq_target_update = 180 - -# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean -# value) -#use_pub_sub = false - -# Use ROUTER remote proxy. (boolean value) -#use_router_proxy = false - -# This option makes direct connections dynamic or static. It makes sense only -# with use_router_proxy=False which means to use direct connections for direct -# message types (ignored otherwise). (boolean value) -#use_dynamic_connections = false - -# How many additional connections to a host will be made for failover reasons. -# This option is actual only in dynamic connections mode. (integer value) -#zmq_failover_connections = 2 - -# Minimal port number for random ports range. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#rpc_zmq_min_port = 49153 - -# Maximal port number for random ports range. (integer value) -# Minimum value: 1 -# Maximum value: 65536 -#rpc_zmq_max_port = 65536 - -# Number of retries to find free port number before fail with ZMQBindError. -# (integer value) -#rpc_zmq_bind_port_retries = 100 - -# Default serialization mechanism for serializing/deserializing -# outgoing/incoming messages (string value) -# Possible values: -# json - -# msgpack - -#rpc_zmq_serialization = json - -# This option configures round-robin mode in zmq socket. True means not keeping -# a queue when server side disconnects. False means to keep queue and messages -# even if server is disconnected, when the server appears we send all -# accumulated messages to it. (boolean value) -#zmq_immediate = true - -# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any -# other negative value) means to skip any overrides and leave it to OS default; -# 0 and 1 (or any other positive value) mean to disable and enable the option -# respectively. (integer value) -#zmq_tcp_keepalive = -1 - -# The duration between two keepalive transmissions in idle condition. The unit -# is platform dependent, for example, seconds in Linux, milliseconds in Windows -# etc. The default value of -1 (or any other negative value and 0) means to -# skip any overrides and leave it to OS default. (integer value) -#zmq_tcp_keepalive_idle = -1 - -# The number of retransmissions to be carried out before declaring that remote -# end is not available. The default value of -1 (or any other negative value -# and 0) means to skip any overrides and leave it to OS default. (integer -# value) -#zmq_tcp_keepalive_cnt = -1 - -# The duration between two successive keepalive retransmissions, if -# acknowledgement to the previous keepalive transmission is not received. The -# unit is platform dependent, for example, seconds in Linux, milliseconds in -# Windows etc. The default value of -1 (or any other negative value and 0) -# means to skip any overrides and leave it to OS default. (integer value) -#zmq_tcp_keepalive_intvl = -1 - -# Maximum number of (green) threads to work concurrently. (integer value) -#rpc_thread_pool_size = 100 - -# Expiration timeout in seconds of a sent/received message after which it is -# not tracked anymore by a client/server. (integer value) -#rpc_message_ttl = 300 - -# Wait for message acknowledgements from receivers. This mechanism works only -# via proxy without PUB/SUB. (boolean value) -#rpc_use_acks = false - -# Number of seconds to wait for an ack from a cast/call. After each retry -# attempt this timeout is multiplied by some specified multiplier. (integer -# value) -#rpc_ack_timeout_base = 15 - -# Number to multiply base ack timeout by after each retry attempt. (integer -# value) -#rpc_ack_timeout_multiplier = 2 - -# Default number of message sending attempts in case of any problems occurred: -# positive value N means at most N retries, 0 means no retries, None or -1 (or -# any other negative values) mean to retry forever. This option is used only if -# acknowledgments are enabled. (integer value) -#rpc_retry_attempts = 3 - -# List of publisher hosts SubConsumer can subscribe on. This option has higher -# priority then the default publishers list taken from the matchmaker. (list -# value) -#subscribe_on = - - -[oslo_policy] - -# -# From oslo.policy -# - -# This option controls whether or not to enforce scope when evaluating -# policies. If ``True``, the scope of the token used in the request is compared -# to the ``scope_types`` of the policy being enforced. If the scopes do not -# match, an ``InvalidScope`` exception will be raised. If ``False``, a message -# will be logged informing operators that policies are being invoked with -# mismatching scope. (boolean value) -#enforce_scope = false - -# The file that defines policies. (string value) -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string value) -#policy_default_rule = default - -# Directories where policy configuration files are stored. They can be relative -# to any directory in the search path defined by the config_dir option, or -# absolute paths. The file defined by policy_file must exist for these -# directories to be searched. Missing or empty directories are ignored. (multi -# valued) -#policy_dirs = policy.d - -# Content Type to send and receive data for REST based policy check (string -# value) -# Possible values: -# application/x-www-form-urlencoded - -# application/json - -#remote_content_type = application/x-www-form-urlencoded - -# server identity verification for REST based policy check (boolean value) -#remote_ssl_verify_server_crt = false - -# Absolute path to ca cert file for REST based policy check (string value) -#remote_ssl_ca_crt_file = - -# Absolute path to client cert for REST based policy check (string value) -#remote_ssl_client_crt_file = - -# Absolute path client key file REST based policy check (string value) -#remote_ssl_client_key_file = - - -[pci] - -# -# From zun.conf -# - -# -# An alias for a PCI passthrough device requirement. -# -# Possible Values: -# -# * A list of JSON values which describe the aliases. For example: -# -# alias = { -# "name": "QuickAssist", -# "product_id": "0443", -# "vendor_id": "8086", -# "device_type": "PCI" -# } -# -# defines an alias for the Intel QuickAssist card. (multi valued). Valid key -# values are : -# -# * "name": Name of the PCI alias. -# * "product_id": Product ID of the device in hexadecimal. -# * "vendor_id": Vendor ID of the device in hexadecimal. -# * "device_type": Type of PCI device. Valid values are: "type-PCI", -# "PF" and "VF". -# (multi valued) -#alias = - -# -# White list of PCI devices available to VMs. -# -# Possible values: -# -# * A JSON dictionary which describe a whitelisted PCI device. It should take -# the following format: -# -# ["vendor_id": "",] ["product_id": "",] -# ["address": "[[[[]:]]:][][.[]]" | -# "devname": "",] -# {"": "",} -# -# Where '[' indicates zero or one occurrences, '{' indicates zero or multiple -# occurrences, and '|' mutually exclusive options. Note that any missing -# fields are automatically wildcarded. -# -# Valid key values are : -# -# * "vendor_id": Vendor ID of the device in hexadecimal. -# * "product_id": Product ID of the device in hexadecimal. -# * "address": PCI address of the device. -# * "devname": Device name of the device (for e.g. interface name). Not all -# PCI devices have a name. -# * "": Additional and used for matching PCI devices. -# Supported : "physical_network". -# -# The address key supports traditional glob style and regular expression -# syntax. Valid examples are: -# -# passthrough_whitelist = {"devname":"eth0", -# "physical_network":"physnet"} -# passthrough_whitelist = {"address":"*:0a:00.*"} -# passthrough_whitelist = {"address":":0a:00.", -# "physical_network":"physnet1"} -# passthrough_whitelist = {"vendor_id":"1137", -# "product_id":"0071"} -# passthrough_whitelist = {"vendor_id":"1137", -# "product_id":"0071", -# "address": "0000:0a:00.1", -# "physical_network":"physnet1"} -# passthrough_whitelist = {"address":{"domain": ".*", -# "bus": "02", "slot": "01", -# "function": "[2-7]"}, -# "physical_network":"physnet1"} -# passthrough_whitelist = {"address":{"domain": ".*", -# "bus": "02", "slot": "0[1-2]", -# "function": ".*"}, -# "physical_network":"physnet1"} -# -# The following are invalid, as they specify mutually exclusive options: -# -# passthrough_whitelist = {"devname":"eth0", -# "physical_network":"physnet", -# "address":"*:0a:00.*"} -# -# * A JSON list of JSON dictionaries corresponding to the above format. For -# example: -# -# passthrough_whitelist = [{"product_id":"0001", "vendor_id":"8086"}, -# {"product_id":"0002", "vendor_id":"8086"}] -# (multi valued) -#passthrough_whitelist = - - -[profiler] -# -# OSprofiler library allows to trace requests going through various OpenStack -# services and create the accumulated report of what time was spent on each -# request processing step. - -# -# From zun.conf -# - -# -# Enables the profiling for all services on this node. Default value is False -# (fully disable the profiling feature). -# -# Possible values: -# -# * True: Enables the feature -# * False: Disables the feature. The profiling cannot be started via this -# project -# operations. If the profiling is triggered by another project, this project -# part -# will be empty. -# (boolean value) -# Deprecated group/name - [profiler]/profiler_enabled -#enabled = false - -# -# Enables SQL requests profiling in services. Default value is False (SQL -# requests won't be traced). -# -# Possible values: -# -# * True: Enables SQL requests profiling. Each SQL query will be part of the -# trace and can the be analyzed by how much time was spent for that. -# * False: Disables SQL requests profiling. The spent time is only shown on a -# higher level of operations. Single SQL queries cannot be analyzed this -# way. -# (boolean value) -#trace_sqlalchemy = false - -# -# Secret key(s) to use for encrypting context data for performance profiling. -# This string value should have the following format: -# [,,...], -# where each key is some random string. A user who triggers the profiling via -# the REST API has to set one of these keys in the headers of the REST API call -# to include profiling results of this node for this particular project. -# -# Both "enabled" flag and "hmac_keys" config options should be set to enable -# profiling. Also, to generate correct profiling information across all -# services -# at least one key needs to be consistent between OpenStack projects. This -# ensures it can be used from client side to generate the trace, containing -# information from all possible resources. (string value) -#hmac_keys = SECRET_KEY - -# -# Connection string for a notifier backend. Default value is messaging:// which -# sets the notifier to oslo_messaging. -# -# Examples of possible values: -# -# * messaging://: use oslo_messaging driver for sending notifications. -# * mongodb://127.0.0.1:27017 : use mongodb driver for sending notifications. -# * elasticsearch://127.0.0.1:9200 : use elasticsearch driver for sending -# notifications. -# (string value) -#connection_string = messaging:// - -# -# Document type for notification indexing in elasticsearch. -# (string value) -#es_doc_type = notification - -# -# This parameter is a time value parameter (for example: es_scroll_time=2m), -# indicating for how long the nodes that participate in the search will -# maintain -# relevant resources in order to continue and support it. -# (string value) -#es_scroll_time = 2m - -# -# Elasticsearch splits large requests in batches. This parameter defines -# maximum size of each batch (for example: es_scroll_size=10000). -# (integer value) -#es_scroll_size = 10000 - -# -# Redissentinel provides a timeout option on the connections. -# This parameter defines that timeout (for example: socket_timeout=0.1). -# (floating point value) -#socket_timeout = 0.1 - -# -# Redissentinel uses a service name to identify a master redis service. -# This parameter defines the name (for example: -# sentinal_service_name=mymaster). -# (string value) -#sentinel_service_name = mymaster - -# -# Enable filter traces that contain error/exception to a separated place. -# Default value is set to False. -# -# Possible values: -# -# * True: Enable filter traces that contain error/exception. -# * False: Disable the filter. -# (boolean value) -#filter_error_trace = false - [scheduler] - -# -# From zun.conf -# - -# -# The class of the driver used by the scheduler. -# -# The options are chosen from the entry points under the namespace -# 'zun.scheduler.driver' in 'setup.cfg'. -# -# Possible values: -# -# * A string, where the string corresponds to the class name of a scheduler -# driver. There are a number of options available: -# ** 'chance_scheduler', which simply picks a host at random -# ** A custom scheduler driver. In this case, you will be responsible for -# creating and maintaining the entry point in your 'setup.cfg' file -# (string value) -# Possible values: -# chance_scheduler - -# fake_scheduler - -# filter_scheduler - -#driver = filter_scheduler driver = {{ zun_scheduler_driver }} - -# -# Filters that the scheduler can use. -# -# An unordered list of the filter classes the zun scheduler may apply. Only -# the -# filters specified in the 'scheduler_enabled_filters' option will be used, but -# any filter appearing in that option must also be included in this list. -# -# By default, this is set to all filters that are included with zun. -# -# This option is only used by the FilterScheduler and its subclasses; if you -# use -# a different scheduler, this option has no effect. -# -# Possible values: -# -# * A list of zero or more strings, where each string corresponds to the name -# of -# a filter that may be used for selecting a host -# -# Related options: -# -# * scheduler_enabled_filters -# (multi valued) -#available_filters = zun.scheduler.filters.all_filters available_filters = {{ zun_scheduler_available_filters }} - -# -# Filters that the scheduler will use. -# -# An ordered list of filter class names that will be used for filtering -# hosts. Ignore the word 'default' in the name of this option: these filters -# will -# *always* be applied, and they will be applied in the order they are listed so -# place your most restrictive filters first to make the filtering process more -# efficient. -# -# This option is only used by the FilterScheduler and its subclasses; if you -# use -# a different scheduler, this option has no effect. -# -# Possible values: -# -# * A list of zero or more strings, where each string corresponds to the name -# of -# a filter to be used for selecting a host -# -# Related options: -# -# * All of the filters in this option *must* be present in the -# 'scheduler_available_filters' option, or a SchedulerHostFilterNotFound -# exception will be raised. -# (list value) -#enabled_filters = AvailabilityZoneFilter,CPUFilter,ComputeFilter enabled_filters = {{ zun_scheduler_default_filters }} -[ssl] - -# -# From zun.conf -# - -# CA certificate file to use to verify connecting clients. (string value) -# Deprecated group/name - [DEFAULT]/ssl_ca_file -#ca_file = - -# Certificate file to use when starting the server securely. (string value) -# Deprecated group/name - [DEFAULT]/ssl_cert_file -#cert_file = - -# Private key file to use when starting the server securely. (string value) -# Deprecated group/name - [DEFAULT]/ssl_key_file -#key_file = - -# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and -# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some -# distributions. (string value) -#version = - -# Sets the list of available ciphers. value should be a string in the OpenSSL -# cipher list format. (string value) -#ciphers = - [volume] - -# -# From zun.conf -# - -# Defines which driver to use for container volume. (string value) -#driver = cinder - -# At which the docker volume will create. (string value) -#volume_dir = $state_path/mnt - -# Default filesystem type for volume. (string value) -#fstype = ext4 - -# -# Use multipath connection of volume -# -# Volumes can be connected as multipath devices. This will provide high -# availability and fault tolerance. -# (boolean value) use_multipath = true +driver_list = cinder [websocket_proxy] -# -# Users use the websocket proxy to connect to containers, instead of -# connecting to containers directly, hence protects the socket daemon. - -# -# From zun.conf -# - -# -# The URL an end user would use to connect to the ``zun-wsproxy`` service. -# -# The ``zun-wsproxy`` service is called with this token enriched URL -# and establishes the connection to the proper instance. -# -# Related options: -# -# * The IP address must be the same as the address to which the -# ``zun-wsproxy`` service is listening (see option ``wsproxy_host`` -# in this section). -# * The port must be the same as ``wsproxy_port``in this section. -# (uri value) -#base_url = ws://$wsproxy_host:$wsproxy_port/ - -# -# The IP address which is used by the ``zun-wsproxy`` service to listen -# for incoming requests. -# -# The ``zun-wsproxy`` service listens on this IP address for incoming -# connection requests. -# -# Related options: -# -# * Ensure that this is the same IP address which is defined in the option -# ``base_url`` of this section or use ``0.0.0.0`` to listen on all addresses. -# (string value) wsproxy_host = 0.0.0.0 - -# -# The port number which is used by the ``zun-wsproxy`` service to listen -# for incoming requests. -# -# The ``zun-wsproxy`` service listens on this port number for incoming -# connection requests. -# -# Related options: -# -# * Ensure that this is the same port number as that defined in the option -# ``base_url`` of this section. -# (port value) -# Minimum value: 0 -# Maximum value: 65535 wsproxy_port = 6784 -# -# Adds list of allowed origins to the console websocket proxy to allow -# connections from other origin hostnames. -# Websocket proxy matches the host header with the origin header to -# prevent cross-site requests. This list specifies if any there are -# values other than host are allowed in the origin header. -# -# Possible values: -# -# * A list where each element is an allowed origin hostnames, else an empty -# list -# (list value) -#allowed_origins = - - [zun_client] - -# -# From zun.conf -# - -# Region in Identity service catalog to use for communication with the -# OpenStack service. (string value) -#region_name = - -# Type of endpoint in Identity service catalog to use for communication with -# the OpenStack service. (string value) endpoint_type = {{ zun_service_endpoint_type }} - -# Optional CA cert file to use in SSL connections. (string value) -#ca_file = - -# Optional PEM-formatted certificate chain file. (string value) -#cert_file = - -# Optional PEM-formatted file that contains the private key. (string value) -#key_file = - -# If set, then the server's certificate will not be verified. (boolean value) -#insecure = false insecure = {{ keystone_service_internaluri_insecure | bool }}