Configuration options for the Acceleration service
The following options can be set in the /etc/cyborg/cyborg.conf
config file
A sample configuration file is also available.
DEFAULT
-
run_external_periodic_tasks
Type: | boolean |
Default: | true |
Some periodic tasks can be run in a separate process. Should we run them here?
-
backdoor_port
Type: | string |
Default: | <None> |
Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number; <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service’s log file.
-
backdoor_socket
Type: | string |
Default: | <None> |
Enable eventlet backdoor, using the provided path as a unix socket that can receive connections. This option is mutually exclusive with ‘backdoor_port’ in that only one should be provided. If both are provided then the existence of this option overrides the usage of that option.
-
log_options
Type: | boolean |
Default: | true |
Enables or disables logging values of all registered options when starting a service (at DEBUG level).
-
graceful_shutdown_timeout
-
Specify a timeout after which a gracefully shutdown server will exit. Zero value means endless wait.
-
rpc_conn_pool_size
-
Size of RPC connection pool.
Deprecated Variations
Group |
Name |
DEFAULT |
rpc_conn_pool_size |
-
conn_pool_min_size
-
The pool size limit for connections expiration policy
-
conn_pool_ttl
Type: | integer |
Default: | 1200 |
The time-to-live in sec of idle connections in the pool
-
executor_thread_pool_size
-
Size of executor thread pool when executor is threading or eventlet.
Deprecated Variations
Group |
Name |
DEFAULT |
rpc_thread_pool_size |
-
rpc_response_timeout
-
Seconds to wait for a response from a call.
-
transport_url
Type: | string |
Default: | rabbit:// |
The network address and optional user credentials for connecting to the messaging backend, in URL format. The expected format is:
driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
Example: rabbit://rabbitmq:password@127.0.0.1:5672//
For full details on the fields in the URL see the documentation of oslo_messaging.TransportURL at https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
-
control_exchange
Type: | string |
Default: | openstack |
The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
-
debug
Type: | boolean |
Default: | false |
Mutable: | This option can be changed without restarting. |
If set to true, the logging level will be set to DEBUG instead of the default INFO level.
-
log_config_append
Type: | string |
Default: | <None> |
Mutable: | This option can be changed without restarting. |
The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log-date-format).
Deprecated Variations
Group |
Name |
DEFAULT |
log-config |
DEFAULT |
log_config |
-
log_date_format
Type: | string |
Default: | %Y-%m-%d %H:%M:%S |
Defines the format string for %(asctime)s in log records. Default: the value above . This option is ignored if log_config_append is set.
-
log_file
Type: | string |
Default: | <None> |
(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.
Deprecated Variations
Group |
Name |
DEFAULT |
logfile |
-
log_dir
Type: | string |
Default: | <None> |
(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.
Deprecated Variations
Group |
Name |
DEFAULT |
logdir |
-
watch_log_file
Type: | boolean |
Default: | false |
Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.
-
use_syslog
Type: | boolean |
Default: | false |
Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.
-
use_journal
Type: | boolean |
Default: | false |
Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.
-
syslog_log_facility
Type: | string |
Default: | LOG_USER |
Syslog facility to receive log lines. This option is ignored if log_config_append is set.
-
use_json
Type: | boolean |
Default: | false |
Use JSON formatting for logging. This option is ignored if log_config_append is set.
-
use_stderr
Type: | boolean |
Default: | false |
Log output to standard error. This option is ignored if log_config_append is set.
-
use_eventlog
Type: | boolean |
Default: | false |
Log output to Windows Event Log.
-
log_rotate_interval
-
The amount of time before the log files are rotated. This option is ignored unless log_rotation_type is setto “interval”.
-
log_rotate_interval_type
Type: | string |
Default: | days |
Valid Values: | Seconds, Minutes, Hours, Days, Weekday, Midnight |
Rotation interval type. The time of the last file change (or the time when the service was started) is used when scheduling the next rotation.
-
max_logfile_count
-
Maximum number of rotated log files.
-
max_logfile_size_mb
-
Log file maximum size in MB. This option is ignored if “log_rotation_type” is not set to “size”.
-
log_rotation_type
Type: | string |
Default: | none |
Valid Values: | interval, size, none |
Log rotation type.
Possible values
- interval
- Rotate logs at predefined time intervals.
- size
- Rotate logs once they reach a predefined size.
- none
- Do not rotate log files.
-
logging_context_format_string
Type: | string |
Default: | %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s |
Format string to use for log messages with context. Used by oslo_log.formatters.ContextFormatter
-
logging_default_format_string
Type: | string |
Default: | %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s |
Format string to use for log messages when context is undefined. Used by oslo_log.formatters.ContextFormatter
-
logging_debug_format_suffix
Type: | string |
Default: | %(funcName)s %(pathname)s:%(lineno)d |
Additional data to append to log message when logging level for the message is DEBUG. Used by oslo_log.formatters.ContextFormatter
-
logging_exception_prefix
Type: | string |
Default: | %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s |
Prefix each line of exception output with this format. Used by oslo_log.formatters.ContextFormatter
-
logging_user_identity_format
Type: | string |
Default: | %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s |
Defines the format string for %(user_identity)s that is used in logging_context_format_string. Used by oslo_log.formatters.ContextFormatter
-
default_log_levels
Type: | list |
Default: | amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,oslo_policy=INFO,dogpile.core.dogpile=INFO |
List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.
-
publish_errors
Type: | boolean |
Default: | false |
Enables or disables publication of error events.
-
instance_format
Type: | string |
Default: | "[instance: %(uuid)s] " |
The format for an instance that is passed with the log message.
-
instance_uuid_format
Type: | string |
Default: | "[instance: %(uuid)s] " |
The format for an instance UUID that is passed with the log message.
-
rate_limit_interval
-
Interval, number of seconds, of log rate limiting.
-
rate_limit_burst
-
Maximum number of logged messages per rate_limit_interval.
-
rate_limit_except_level
Type: | string |
Default: | CRITICAL |
Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered.
-
fatal_deprecations
Type: | boolean |
Default: | false |
Enables or disables fatal status of deprecations.
-
fatal_exception_format_errors
Type: | boolean |
Default: | false |
Used if there is a formatting error when generating an exception message (a programming error). If True, raise an exception; if False, use the unformatted message.
-
host
Type: | host address |
Default: | localhost |
This option has a sample default set, which means that
its actual default value may vary from the one documented
above.
Name of this node. This can be an opaque identifier. It is not necessarily a hostname, FQDN, or IP address. However, the node name must be valid within an AMQP key, and if using ZeroMQ, a valid hostname, FQDN, or IP address.
-
periodic_interval
-
Default interval (in seconds) for running periodic tasks.
-
pybasedir
Type: | string |
Default: | /usr/lib/python/site-packages/cyborg/cyborg |
This option has a sample default set, which means that
its actual default value may vary from the one documented
above.
Directory where the cyborg python module is installed.
-
bindir
Type: | string |
Default: | $pybasedir/bin |
Directory where cyborg binaries are installed.
-
state_path
Type: | string |
Default: | $pybasedir |
Top-level directory for maintaining cyborg’s state.
agent
-
enabled_drivers
-
The accelerator drivers enabled on this agent. Such as intel_fpga_driver, nvidia_gpu_driver, etc.
api
-
host_ip
Type: | host address |
Default: | 0.0.0.0 |
The IP address on which cyborg-api listens.
-
port
Type: | port number |
Default: | 6666 |
Minimum Value: | 0 |
Maximum Value: | 65535 |
The TCP port on which cyborg-api listens.
-
api_workers
Type: | integer |
Default: | <None> |
Number of workers for OpenStack Cyborg API service. The default is equal to the number of CPUs available if that can be determined, else a default worker count of 1 is returned.
-
enable_ssl_api
Type: | boolean |
Default: | false |
Enable the integrated stand-alone API to service requests via HTTPS instead of HTTP. If there is a front-end service performing HTTPS offloading from the service, this option should be False; note, you will want to change public API endpoint to represent SSL termination URL with ‘public_endpoint’ option.
-
public_endpoint
Type: | string |
Default: | <None> |
Public URL to use when building the links to the API resources (for example, “https://cyborg.rocks:6666”). If None the links will be built using the request’s host URL. If the API is operating behind a proxy, you will want to change this to represent the proxy’s URL. Defaults to None.
-
api_paste_config
Type: | string |
Default: | api-paste.ini |
Configuration file for WSGI definition of API.
database
-
sqlite_synchronous
Type: | boolean |
Default: | true |
If True, SQLite uses synchronous mode.
Deprecated Variations
Group |
Name |
DEFAULT |
sqlite_synchronous |
-
backend
Type: | string |
Default: | sqlalchemy |
The back end to use for the database.
Deprecated Variations
Group |
Name |
DEFAULT |
db_backend |
-
connection
Type: | string |
Default: | <None> |
The SQLAlchemy connection string to use to connect to the database.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_connection |
DATABASE |
sql_connection |
sql |
connection |
-
slave_connection
Type: | string |
Default: | <None> |
The SQLAlchemy connection string to use to connect to the slave database.
-
mysql_sql_mode
Type: | string |
Default: | TRADITIONAL |
The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
mysql_enable_ndb
Type: | boolean |
Default: | false |
If True, transparently enables support for handling MySQL Cluster (NDB).
-
connection_recycle_time
Type: | integer |
Default: | 3600 |
Connections which have been present in the connection pool longer than this number of seconds will be replaced with a new one the next time they are checked out from the pool.
Deprecated Variations
Group |
Name |
DATABASE |
idle_timeout |
database |
idle_timeout |
DEFAULT |
sql_idle_timeout |
DATABASE |
sql_idle_timeout |
sql |
idle_timeout |
-
min_pool_size
-
Minimum number of SQL connections to keep open in a pool.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_min_pool_size |
DATABASE |
sql_min_pool_size |
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
Reason: | The option to set the minimum pool size is not supported by sqlalchemy. |
-
max_pool_size
-
Maximum number of SQL connections to keep open in a pool. Setting a value of 0 indicates no limit.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_max_pool_size |
DATABASE |
sql_max_pool_size |
-
max_retries
-
Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_max_retries |
DATABASE |
sql_max_retries |
-
retry_interval
-
Interval between retries of opening a SQL connection.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_retry_interval |
DATABASE |
reconnect_interval |
-
max_overflow
-
If set, use this value for max_overflow with SQLAlchemy.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_max_overflow |
DATABASE |
sqlalchemy_max_overflow |
-
connection_debug
Type: | integer |
Default: | 0 |
Minimum Value: | 0 |
Maximum Value: | 100 |
Verbosity of SQL debugging information: 0=None, 100=Everything.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_connection_debug |
-
connection_trace
Type: | boolean |
Default: | false |
Add Python stack traces to SQL as comment strings.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_connection_trace |
-
pool_timeout
Type: | integer |
Default: | <None> |
If set, use this value for pool_timeout with SQLAlchemy.
Deprecated Variations
Group |
Name |
DATABASE |
sqlalchemy_pool_timeout |
-
use_db_reconnect
Type: | boolean |
Default: | false |
Enable the experimental use of database reconnect on connection lost.
-
db_retry_interval
-
Seconds between retries of a database transaction.
-
db_inc_retry_interval
Type: | boolean |
Default: | true |
If True, increases the interval between retries of a database operation up to db_max_retry_interval.
-
db_max_retry_interval
-
If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.
-
db_max_retries
-
Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.
-
connection_parameters
-
Optional URL parameters to append onto the connection URL at connect time; specify as param1=value1¶m2=value2&…
-
mysql_engine
Type: | string |
Default: | InnoDB |
MySQL engine to use.
glance
Configuration options for the Image service
-
api_servers
-
List of glance api servers endpoints available to cyborg.
https is used for ssl-based glance api servers.
NOTE: The preferred mechanism for endpoint discovery is via keystoneauth1
loading options. Only use api_servers if you need multiple endpoints and are
unable to use a load balancer for some reason.
Possible values:
- A list of any fully qualified url of the form “scheme://hostname:port[/path]”
(i.e. “http://10.0.1.0:9292” or “https://my.glance.server/image”).
-
num_retries
Type: | integer |
Default: | 0 |
Minimum Value: | 0 |
Enable glance operation retries.
Specifies the number of retries when uploading / downloading
an image to / from glance. 0 means no retries.
-
allowed_direct_url_schemes
-
List of url schemes that can be directly accessed.
This option specifies a list of url schemes that can be downloaded
directly via the direct_url. This direct_URL can be fetched from
Image metadata which can be used by cyborg to get the
image more efficiently. cyborg-compute could benefit from this by
invoking a copy when it has access to the same file system as glance.
Possible values:
- [file], Empty list (default)
Warning
This option is deprecated for removal since 17.0.0.
Its value may be silently ignored
in the future.
Reason: | This was originally added for the ‘cyborg.image.download.file’ FileTransfer extension which was removed in the 16.0.0 Pike release. The ‘cyborg.image.download.modules’ extension point is not maintained and there is no indication of its use in production clouds. |
-
verify_glance_signatures
Type: | boolean |
Default: | false |
Enable image signature verification.
cyborg uses the image signature metadata from glance and verifies the signature
of a signed image while downloading that image. If the image signature cannot
be verified or if the image signature metadata is either incomplete or
unavailable, then cyborg will not boot the image and instead will place the
instance into an error state. This provides end users with stronger assurances
of the integrity of the image data they are using to create servers.
Related options:
- The options in the key_manager group, as the key_manager is used
for the signature validation.
- Both enable_certificate_validation and default_trusted_certificate_ids
below depend on this option being enabled.
-
enable_certificate_validation
Type: | boolean |
Default: | false |
Enable certificate validation for image signature verification.
During image signature verification cyborg will first verify the validity of
the image’s signing certificate using the set of trusted certificates
associated with the instance. If certificate validation fails, signature
verification will not be performed and the instance will be placed into an
error state. This provides end users with stronger assurances that the image
data is unmodified and trustworthy. If left disabled, image signature
verification can still occur but the end user will not have any assurance that
the signing certificate used to generate the image signature is still
trustworthy.
Related options:
- This option only takes effect if verify_glance_signatures is enabled.
- The value of default_trusted_certificate_ids may be used when this option
is enabled.
Warning
This option is deprecated for removal since 16.0.0.
Its value may be silently ignored
in the future.
Reason: | This option is intended to ease the transition for deployments leveraging image signature verification. The intended state long-term is for signature verification and certificate validation to always happen together. |
-
default_trusted_certificate_ids
-
List of certificate IDs for certificates that should be trusted.
May be used as a default list of trusted certificate IDs for certificate
validation. The value of this option will be ignored if the user provides a
list of trusted certificate IDs with an instance API request. The value of
this option will be persisted with the instance data if signature verification
and certificate validation are enabled and if the user did not provide an
alternative list. If left empty when certificate validation is enabled the
user must provide a list of trusted certificate IDs otherwise certificate
validation will fail.
Related options:
- The value of this option may be used if both verify_glance_signatures and
enable_certificate_validation are enabled.
-
debug
Type: | boolean |
Default: | false |
Enable or disable debug logging with glanceclient.
-
cafile
Type: | string |
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
certfile
Type: | string |
Default: | <None> |
PEM encoded client certificate cert file
-
keyfile
Type: | string |
Default: | <None> |
PEM encoded client certificate key file
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
timeout
Type: | integer |
Default: | <None> |
Timeout value for http requests
-
collect_timing
Type: | boolean |
Default: | false |
Collect per-API call timing information.
-
split_loggers
Type: | boolean |
Default: | false |
Log requests to multiple loggers.
-
service_type
Type: | string |
Default: | image |
The default service_type for endpoint URL discovery.
-
service_name
Type: | string |
Default: | <None> |
The default service_name for endpoint URL discovery.
-
valid_interfaces
Type: | list |
Default: | internal,public |
List of interfaces, in order of preference, for endpoint URL.
-
region_name
Type: | string |
Default: | <None> |
The default region_name for endpoint URL discovery.
-
endpoint_override
Type: | string |
Default: | <None> |
Always use this endpoint URL for requests for this client. NOTE: The unversioned endpoint should be specified here; to request a particular API version, use the version, min-version, and/or max-version options.
keystone
Configuration options for the identity service
-
cafile
Type: | string |
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
certfile
Type: | string |
Default: | <None> |
PEM encoded client certificate cert file
-
keyfile
Type: | string |
Default: | <None> |
PEM encoded client certificate key file
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
timeout
Type: | integer |
Default: | <None> |
Timeout value for http requests
-
collect_timing
Type: | boolean |
Default: | false |
Collect per-API call timing information.
-
split_loggers
Type: | boolean |
Default: | false |
Log requests to multiple loggers.
-
service_type
Type: | string |
Default: | identity |
The default service_type for endpoint URL discovery.
-
service_name
Type: | string |
Default: | <None> |
The default service_name for endpoint URL discovery.
-
valid_interfaces
Type: | list |
Default: | internal,public |
List of interfaces, in order of preference, for endpoint URL.
-
region_name
Type: | string |
Default: | <None> |
The default region_name for endpoint URL discovery.
-
endpoint_override
Type: | string |
Default: | <None> |
Always use this endpoint URL for requests for this client. NOTE: The unversioned endpoint should be specified here; to request a particular API version, use the version, min-version, and/or max-version options.
keystone_authtoken
-
www_authenticate_uri
Type: | string |
Default: | <None> |
Complete “public” Identity API endpoint. This endpoint should not be an “admin” endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint.
Deprecated Variations
Group |
Name |
keystone_authtoken |
auth_uri |
-
auth_uri
Type: | string |
Default: | <None> |
Complete “public” Identity API endpoint. This endpoint should not be an “admin” endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint. This option is deprecated in favor of www_authenticate_uri and will be removed in the S release.
Warning
This option is deprecated for removal since Queens.
Its value may be silently ignored
in the future.
Reason: | The auth_uri option is deprecated in favor of www_authenticate_uri and will be removed in the S release. |
-
auth_version
Type: | string |
Default: | <None> |
API version of the admin Identity API endpoint.
-
delay_auth_decision
Type: | boolean |
Default: | false |
Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
-
http_connect_timeout
Type: | integer |
Default: | <None> |
Request timeout value for communicating with Identity API server.
-
http_request_max_retries
-
How many times are we trying to reconnect when communicating with Identity API Server.
-
cache
Type: | string |
Default: | <None> |
Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option to have the middleware share a caching backend with swift. Otherwise, use the memcached_servers
option instead.
-
certfile
Type: | string |
Default: | <None> |
Required if identity server requires client certificate
-
keyfile
Type: | string |
Default: | <None> |
Required if identity server requires client certificate
-
cafile
Type: | string |
Default: | <None> |
A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
region_name
Type: | string |
Default: | <None> |
The region in which the identity server can be found.
-
signing_dir
Type: | string |
Default: | <None> |
Directory used to cache files related to PKI tokens. This option has been deprecated in the Ocata release and will be removed in the P release.
Warning
This option is deprecated for removal since Ocata.
Its value may be silently ignored
in the future.
Reason: | PKI token format is no longer supported. |
-
memcached_servers
-
Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
Deprecated Variations
Group |
Name |
keystone_authtoken |
memcache_servers |
-
token_cache_time
-
In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
-
memcache_security_strategy
Type: | string |
Default: | None |
Valid Values: | None, MAC, ENCRYPT |
(Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
-
memcache_secret_key
Type: | string |
Default: | <None> |
(Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
-
memcache_pool_dead_retry
-
(Optional) Number of seconds memcached server is considered dead before it is tried again.
-
memcache_pool_maxsize
-
(Optional) Maximum total number of open connections to every memcached server.
-
memcache_pool_socket_timeout
-
(Optional) Socket timeout in seconds for communicating with a memcached server.
-
memcache_pool_unused_timeout
-
(Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
-
memcache_pool_conn_get_timeout
-
(Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
-
memcache_use_advanced_pool
Type: | boolean |
Default: | false |
(Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
-
include_service_catalog
Type: | boolean |
Default: | true |
(Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
-
enforce_token_bind
Type: | string |
Default: | permissive |
Used to control the use and type of token binding. Can be set to: “disabled” to not check token binding. “permissive” (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. “strict” like “permissive” but if the bind type is unknown the token will be rejected. “required” any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
-
hash_algorithms
-
Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
Warning
This option is deprecated for removal since Ocata.
Its value may be silently ignored
in the future.
Reason: | PKI token format is no longer supported. |
-
service_token_roles
Type: | list |
Default: | service |
A choice of roles that must be present in a service token. Service tokens are allowed to request that an expired token can be used and so this check should tightly control that only actual services should be sending this token. Roles here are applied as an ANY check so any role in this list must be present. For backwards compatibility reasons this currently only affects the allow_expired check.
-
service_token_roles_required
Type: | boolean |
Default: | false |
For backwards compatibility reasons we must let valid service tokens pass that don’t pass the service_token_roles check as valid. Setting this true will become the default in a future release and should be enabled if possible.
-
auth_type
Type: | unknown type |
Default: | <None> |
Authentication type to load
Deprecated Variations
Group |
Name |
keystone_authtoken |
auth_plugin |
-
auth_section
Type: | unknown type |
Default: | <None> |
Config Section from which to load plugin specific options
oslo_messaging_amqp
-
container_name
Type: | string |
Default: | <None> |
Name for the AMQP container. must be globally unique. Defaults to a generated UUID
Deprecated Variations
Group |
Name |
amqp1 |
container_name |
-
idle_timeout
-
Timeout for inactive connections (in seconds)
Deprecated Variations
Group |
Name |
amqp1 |
idle_timeout |
-
trace
Type: | boolean |
Default: | false |
Debug: dump AMQP frames to stdout
Deprecated Variations
Group |
Name |
amqp1 |
trace |
-
ssl
Type: | boolean |
Default: | false |
Attempt to connect via SSL. If no other ssl-related parameters are given, it will use the system’s CA-bundle to verify the server’s certificate.
-
ssl_ca_file
-
CA certificate PEM file used to verify the server’s certificate
Deprecated Variations
Group |
Name |
amqp1 |
ssl_ca_file |
-
ssl_cert_file
-
Self-identifying certificate PEM file for client authentication
Deprecated Variations
Group |
Name |
amqp1 |
ssl_cert_file |
-
ssl_key_file
-
Private key PEM file used to sign ssl_cert_file certificate (optional)
Deprecated Variations
Group |
Name |
amqp1 |
ssl_key_file |
-
ssl_key_password
Type: | string |
Default: | <None> |
Password for decrypting ssl_key_file (if encrypted)
Deprecated Variations
Group |
Name |
amqp1 |
ssl_key_password |
-
ssl_verify_vhost
Type: | boolean |
Default: | false |
By default SSL checks that the name in the server’s certificate matches the hostname in the transport_url. In some configurations it may be preferable to use the virtual hostname instead, for example if the server uses the Server Name Indication TLS extension (rfc6066) to provide a certificate per virtual host. Set ssl_verify_vhost to True if the server’s SSL certificate uses the virtual host name instead of the DNS name.
-
sasl_mechanisms
-
Space separated list of acceptable SASL mechanisms
Deprecated Variations
Group |
Name |
amqp1 |
sasl_mechanisms |
-
sasl_config_dir
-
Path to directory that contains the SASL configuration
Deprecated Variations
Group |
Name |
amqp1 |
sasl_config_dir |
-
sasl_config_name
-
Name of configuration file (without .conf suffix)
Deprecated Variations
Group |
Name |
amqp1 |
sasl_config_name |
-
sasl_default_realm
-
SASL realm to use if no realm present in username
-
connection_retry_interval
Type: | integer |
Default: | 1 |
Minimum Value: | 1 |
Seconds to pause before attempting to re-connect.
-
connection_retry_backoff
Type: | integer |
Default: | 2 |
Minimum Value: | 0 |
Increase the connection_retry_interval by this many seconds after each unsuccessful failover attempt.
-
connection_retry_interval_max
Type: | integer |
Default: | 30 |
Minimum Value: | 1 |
Maximum limit for connection_retry_interval + connection_retry_backoff
-
link_retry_delay
Type: | integer |
Default: | 10 |
Minimum Value: | 1 |
Time to pause between re-connecting an AMQP 1.0 link that failed due to a recoverable error.
-
default_reply_retry
Type: | integer |
Default: | 0 |
Minimum Value: | -1 |
The maximum number of attempts to re-send a reply message which failed due to a recoverable error.
-
default_reply_timeout
Type: | integer |
Default: | 30 |
Minimum Value: | 5 |
The deadline for an rpc reply message delivery.
-
default_send_timeout
Type: | integer |
Default: | 30 |
Minimum Value: | 5 |
The deadline for an rpc cast or call message delivery. Only used when caller does not provide a timeout expiry.
-
default_notify_timeout
Type: | integer |
Default: | 30 |
Minimum Value: | 5 |
The deadline for a sent notification message delivery. Only used when caller does not provide a timeout expiry.
-
default_sender_link_timeout
Type: | integer |
Default: | 600 |
Minimum Value: | 1 |
The duration to schedule a purge of idle sender links. Detach link after expiry.
-
addressing_mode
Type: | string |
Default: | dynamic |
Indicates the addressing mode used by the driver.
Permitted values:
‘legacy’ - use legacy non-routable addressing
‘routable’ - use routable addresses
‘dynamic’ - use legacy addresses if the message bus does not support routing otherwise use routable addressing
-
pseudo_vhost
Type: | boolean |
Default: | true |
Enable virtual host support for those message buses that do not natively support virtual hosting (such as qpidd). When set to true the virtual host name will be added to all message bus addresses, effectively creating a private ‘subnet’ per virtual host. Set to False if the message bus supports virtual hosting using the ‘hostname’ field in the AMQP 1.0 Open performative as the name of the virtual host.
-
server_request_prefix
Type: | string |
Default: | exclusive |
address prefix used when sending to a specific server
Deprecated Variations
Group |
Name |
amqp1 |
server_request_prefix |
-
broadcast_prefix
Type: | string |
Default: | broadcast |
address prefix used when broadcasting to all servers
Deprecated Variations
Group |
Name |
amqp1 |
broadcast_prefix |
-
group_request_prefix
Type: | string |
Default: | unicast |
address prefix when sending to any server in group
Deprecated Variations
Group |
Name |
amqp1 |
group_request_prefix |
-
rpc_address_prefix
Type: | string |
Default: | openstack.org/om/rpc |
Address prefix for all generated RPC addresses
-
notify_address_prefix
Type: | string |
Default: | openstack.org/om/notify |
Address prefix for all generated Notification addresses
-
multicast_address
Type: | string |
Default: | multicast |
Appended to the address prefix when sending a fanout message. Used by the message bus to identify fanout messages.
-
unicast_address
Type: | string |
Default: | unicast |
Appended to the address prefix when sending to a particular RPC/Notification server. Used by the message bus to identify messages sent to a single destination.
-
anycast_address
Type: | string |
Default: | anycast |
Appended to the address prefix when sending to a group of consumers. Used by the message bus to identify messages that should be delivered in a round-robin fashion across consumers.
-
default_notification_exchange
Type: | string |
Default: | <None> |
Exchange name used in notification addresses.
Exchange name resolution precedence:
Target.exchange if set
else default_notification_exchange if set
else control_exchange if set
else ‘notify’
-
default_rpc_exchange
Type: | string |
Default: | <None> |
Exchange name used in RPC addresses.
Exchange name resolution precedence:
Target.exchange if set
else default_rpc_exchange if set
else control_exchange if set
else ‘rpc’
-
reply_link_credit
Type: | integer |
Default: | 200 |
Minimum Value: | 1 |
Window size for incoming RPC Reply messages.
-
rpc_server_credit
Type: | integer |
Default: | 100 |
Minimum Value: | 1 |
Window size for incoming RPC Request messages
-
notify_server_credit
Type: | integer |
Default: | 100 |
Minimum Value: | 1 |
Window size for incoming Notification messages
-
pre_settled
Type: | multi-valued |
Default: | rpc-cast |
Default: | rpc-reply |
Send messages of this type pre-settled.
Pre-settled messages will not receive acknowledgement
from the peer. Note well: pre-settled messages may be
silently discarded if the delivery fails.
Permitted values:
‘rpc-call’ - send RPC Calls pre-settled
‘rpc-reply’- send RPC Replies pre-settled
‘rpc-cast’ - Send RPC Casts pre-settled
‘notify’ - Send Notifications pre-settled
oslo_messaging_kafka
-
kafka_max_fetch_bytes
Type: | integer |
Default: | 1048576 |
Max fetch bytes of Kafka consumer
-
kafka_consumer_timeout
Type: | floating point |
Default: | 1.0 |
Default timeout(s) for Kafka consumers
-
pool_size
-
Pool Size for Kafka Consumers
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
Reason: | Driver no longer uses connection pool. |
-
conn_pool_min_size
-
The pool size limit for connections expiration policy
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
Reason: | Driver no longer uses connection pool. |
-
conn_pool_ttl
Type: | integer |
Default: | 1200 |
The time-to-live in sec of idle connections in the pool
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
Reason: | Driver no longer uses connection pool. |
-
consumer_group
Type: | string |
Default: | oslo_messaging_consumer |
Group id for Kafka consumer. Consumers in one group will coordinate message consumption
-
producer_batch_timeout
Type: | floating point |
Default: | 0.0 |
Upper bound on the delay for KafkaProducer batching in seconds
-
producer_batch_size
Type: | integer |
Default: | 16384 |
Size of batch for the producer async send
-
enable_auto_commit
Type: | boolean |
Default: | false |
Enable asynchronous consumer commits
-
max_poll_records
-
The maximum number of records returned in a poll call
-
security_protocol
Type: | string |
Default: | PLAINTEXT |
Valid Values: | PLAINTEXT, SASL_PLAINTEXT, SSL, SASL_SSL |
Protocol used to communicate with brokers
-
sasl_mechanism
Type: | string |
Default: | PLAIN |
Mechanism when security protocol is SASL
-
ssl_cafile
-
CA certificate PEM file used to verify the server certificate
oslo_messaging_notifications
-
driver
Type: | multi-valued |
Default: | '' |
The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop
Deprecated Variations
Group |
Name |
DEFAULT |
notification_driver |
-
transport_url
Type: | string |
Default: | <None> |
A URL representing the messaging driver to use for notifications. If not set, we fall back to the same configuration used for RPC.
Deprecated Variations
Group |
Name |
DEFAULT |
notification_transport_url |
-
topics
Type: | list |
Default: | notifications |
AMQP topic used for OpenStack notifications.
Deprecated Variations
Group |
Name |
rpc_notifier2 |
topics |
DEFAULT |
notification_topics |
-
retry
-
The maximum number of attempts to re-send a notification message which failed to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
oslo_messaging_rabbit
-
amqp_durable_queues
Type: | boolean |
Default: | false |
Use durable queues in AMQP.
-
amqp_auto_delete
Type: | boolean |
Default: | false |
Auto-delete queues in AMQP.
Deprecated Variations
Group |
Name |
DEFAULT |
amqp_auto_delete |
-
ssl
Type: | boolean |
Default: | false |
Connect over SSL.
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
rabbit_use_ssl |
-
ssl_version
-
SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_ssl_version |
-
ssl_key_file
-
SSL key file (valid only if SSL enabled).
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_ssl_keyfile |
-
ssl_cert_file
-
SSL cert file (valid only if SSL enabled).
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_ssl_certfile |
-
ssl_ca_file
-
SSL certification authority file (valid only if SSL enabled).
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_ssl_ca_certs |
-
kombu_reconnect_delay
Type: | floating point |
Default: | 1.0 |
How long to wait before reconnecting in response to an AMQP consumer cancel notification.
Deprecated Variations
Group |
Name |
DEFAULT |
kombu_reconnect_delay |
-
kombu_compression
Type: | string |
Default: | <None> |
EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not be used. This option may not be available in future versions.
-
kombu_missing_consumer_retry_timeout
-
How long to wait a missing client before abandoning to send it its replies. This value should not be longer than rpc_response_timeout.
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_reconnect_timeout |
-
kombu_failover_strategy
Type: | string |
Default: | round-robin |
Valid Values: | round-robin, shuffle |
Determines how the next RabbitMQ node is chosen in case the one we are currently connected to becomes unavailable. Takes effect only if more than one RabbitMQ node is provided in config.
-
rabbit_login_method
Type: | string |
Default: | AMQPLAIN |
Valid Values: | PLAIN, AMQPLAIN, RABBIT-CR-DEMO |
The RabbitMQ login method.
Deprecated Variations
Group |
Name |
DEFAULT |
rabbit_login_method |
-
rabbit_retry_interval
-
How frequently to retry connecting with RabbitMQ.
-
rabbit_retry_backoff
-
How long to backoff for between retries when connecting to RabbitMQ.
Deprecated Variations
Group |
Name |
DEFAULT |
rabbit_retry_backoff |
-
rabbit_interval_max
-
Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
-
rabbit_ha_queues
Type: | boolean |
Default: | false |
Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring is no longer controlled by the x-ha-policy argument when declaring a queue. If you just want to make sure that all queues (except those with auto-generated names) are mirrored across all nodes, run: “rabbitmqctl set_policy HA ‘^(?!amq.).*’ ‘{“ha-mode”: “all”}’ “
Deprecated Variations
Group |
Name |
DEFAULT |
rabbit_ha_queues |
-
rabbit_transient_queues_ttl
Type: | integer |
Default: | 1800 |
Minimum Value: | 1 |
Positive integer representing duration in seconds for queue TTL (x-expires). Queues which are unused for the duration of the TTL are automatically deleted. The parameter affects only reply and fanout queues.
-
rabbit_qos_prefetch_count
-
Specifies the number of messages to prefetch. Setting to zero allows unlimited messages.
-
heartbeat_timeout_threshold
-
Number of seconds after which the Rabbit broker is considered down if heartbeat’s keep-alive fails (0 disable the heartbeat). EXPERIMENTAL
-
heartbeat_rate
-
How often times during the heartbeat_timeout_threshold we check the heartbeat.
oslo_policy
-
enforce_scope
Type: | boolean |
Default: | false |
This option controls whether or not to enforce scope when evaluating policies. If True
, the scope of the token used in the request is compared to the scope_types
of the policy being enforced. If the scopes do not match, an InvalidScope
exception will be raised. If False
, a message will be logged informing operators that policies are being invoked with mismatching scope.
-
policy_file
Type: | string |
Default: | policy.json |
The file that defines policies.
Deprecated Variations
Group |
Name |
DEFAULT |
policy_file |
-
policy_default_rule
Type: | string |
Default: | default |
Default rule. Enforced when a requested rule is not found.
Deprecated Variations
Group |
Name |
DEFAULT |
policy_default_rule |
-
policy_dirs
Type: | multi-valued |
Default: | policy.d |
Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.
Deprecated Variations
Group |
Name |
DEFAULT |
policy_dirs |
-
remote_content_type
Type: | string |
Default: | application/x-www-form-urlencoded |
Valid Values: | application/x-www-form-urlencoded, application/json |
Content Type to send and receive data for REST based policy check
-
remote_ssl_verify_server_crt
Type: | boolean |
Default: | false |
server identity verification for REST based policy check
-
remote_ssl_ca_crt_file
Type: | string |
Default: | <None> |
Absolute path to ca cert file for REST based policy check
-
remote_ssl_client_crt_file
Type: | string |
Default: | <None> |
Absolute path to client cert for REST based policy check
-
remote_ssl_client_key_file
Type: | string |
Default: | <None> |
Absolute path client key file REST based policy check
placement
-
endpoint_type
Type: | string |
Default: | public |
Valid Values: | public, admin, internal |
Type of the placement endpoint to use. This endpoint will be looked up in the keystone catalog and should be one of public, internal or admin.
-
randomize_allocation_candidates
Type: | boolean |
Default: | false |
If True, when limiting allocation candidate results, the results will be a random sampling of the full result set. If False, allocation candidates are returned in a deterministic but undefined order. That is, all things being equal, two requests for allocation candidates will return the same results in the same order; but no guarantees are made as to how that order is determined.
-
cafile
Type: | string |
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
certfile
Type: | string |
Default: | <None> |
PEM encoded client certificate cert file
-
keyfile
Type: | string |
Default: | <None> |
PEM encoded client certificate key file
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
timeout
Type: | integer |
Default: | <None> |
Timeout value for http requests
-
collect_timing
Type: | boolean |
Default: | false |
Collect per-API call timing information.
-
split_loggers
Type: | boolean |
Default: | false |
Log requests to multiple loggers.
-
auth_type
Type: | unknown type |
Default: | <None> |
Authentication type to load
Deprecated Variations
Group |
Name |
placement |
auth_plugin |
-
auth_section
Type: | unknown type |
Default: | <None> |
Config Section from which to load plugin specific options
-
auth_url
Type: | unknown type |
Default: | <None> |
Authentication URL
-
system_scope
Type: | unknown type |
Default: | <None> |
Scope for system operations
-
domain_id
Type: | unknown type |
Default: | <None> |
Domain ID to scope to
-
domain_name
Type: | unknown type |
Default: | <None> |
Domain name to scope to
-
project_id
Type: | unknown type |
Default: | <None> |
Project ID to scope to
-
project_name
Type: | unknown type |
Default: | <None> |
Project name to scope to
-
project_domain_id
Type: | unknown type |
Default: | <None> |
Domain ID containing project
-
project_domain_name
Type: | unknown type |
Default: | <None> |
Domain name containing project
-
trust_id
Type: | unknown type |
Default: | <None> |
Trust ID
-
default_domain_id
Type: | unknown type |
Default: | <None> |
Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
-
default_domain_name
Type: | unknown type |
Default: | <None> |
Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
-
user_id
Type: | unknown type |
Default: | <None> |
User ID
-
username
Type: | unknown type |
Default: | <None> |
Username
Deprecated Variations
Group |
Name |
placement |
user-name |
placement |
user_name |
-
user_domain_id
Type: | unknown type |
Default: | <None> |
User’s domain id
-
user_domain_name
Type: | unknown type |
Default: | <None> |
User’s domain name
-
password
Type: | unknown type |
Default: | <None> |
User’s password
-
tenant_id
Type: | unknown type |
Default: | <None> |
Tenant ID
-
tenant_name
Type: | unknown type |
Default: | <None> |
Tenant Name
-
service_type
Type: | string |
Default: | placement |
The default service_type for endpoint URL discovery.
-
service_name
Type: | string |
Default: | <None> |
The default service_name for endpoint URL discovery.
-
valid_interfaces
Type: | list |
Default: | internal,public |
List of interfaces, in order of preference, for endpoint URL.
-
region_name
Type: | string |
Default: | <None> |
The default region_name for endpoint URL discovery.
-
endpoint_override
Type: | string |
Default: | <None> |
Always use this endpoint URL for requests for this client. NOTE: The unversioned endpoint should be specified here; to request a particular API version, use the version, min-version, and/or max-version options.
service_user
Configuration options for service to service authentication using a service
token. These options allow sending a service token along with the user’s token
when contacting external REST APIs.
-
send_service_user_token
Type: | boolean |
Default: | false |
When True, if sending a user token to a REST API, also send a service token.
-
cafile
Type: | string |
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
certfile
Type: | string |
Default: | <None> |
PEM encoded client certificate cert file
-
keyfile
Type: | string |
Default: | <None> |
PEM encoded client certificate key file
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
timeout
Type: | integer |
Default: | <None> |
Timeout value for http requests
-
collect_timing
Type: | boolean |
Default: | false |
Collect per-API call timing information.
-
split_loggers
Type: | boolean |
Default: | false |
Log requests to multiple loggers.
-
auth_type
Type: | unknown type |
Default: | <None> |
Authentication type to load
Deprecated Variations
Group |
Name |
service_user |
auth_plugin |
-
auth_section
Type: | unknown type |
Default: | <None> |
Config Section from which to load plugin specific options
-
auth_url
Type: | unknown type |
Default: | <None> |
Authentication URL
-
system_scope
Type: | unknown type |
Default: | <None> |
Scope for system operations
-
domain_id
Type: | unknown type |
Default: | <None> |
Domain ID to scope to
-
domain_name
Type: | unknown type |
Default: | <None> |
Domain name to scope to
-
project_id
Type: | unknown type |
Default: | <None> |
Project ID to scope to
-
project_name
Type: | unknown type |
Default: | <None> |
Project name to scope to
-
project_domain_id
Type: | unknown type |
Default: | <None> |
Domain ID containing project
-
project_domain_name
Type: | unknown type |
Default: | <None> |
Domain name containing project
-
trust_id
Type: | unknown type |
Default: | <None> |
Trust ID
-
default_domain_id
Type: | unknown type |
Default: | <None> |
Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
-
default_domain_name
Type: | unknown type |
Default: | <None> |
Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
-
user_id
Type: | unknown type |
Default: | <None> |
User ID
-
username
Type: | unknown type |
Default: | <None> |
Username
Deprecated Variations
Group |
Name |
service_user |
user-name |
service_user |
user_name |
-
user_domain_id
Type: | unknown type |
Default: | <None> |
User’s domain id
-
user_domain_name
Type: | unknown type |
Default: | <None> |
User’s domain name
-
password
Type: | unknown type |
Default: | <None> |
User’s password
-
tenant_id
Type: | unknown type |
Default: | <None> |
Tenant ID
-
tenant_name
Type: | unknown type |
Default: | <None> |
Tenant Name
ssl
-
ca_file
Type: | string |
Default: | <None> |
CA certificate file to use to verify connecting clients.
Deprecated Variations
Group |
Name |
DEFAULT |
ssl_ca_file |
-
cert_file
Type: | string |
Default: | <None> |
Certificate file to use when starting the server securely.
Deprecated Variations
Group |
Name |
DEFAULT |
ssl_cert_file |
-
key_file
Type: | string |
Default: | <None> |
Private key file to use when starting the server securely.
Deprecated Variations
Group |
Name |
DEFAULT |
ssl_key_file |
-
version
Type: | string |
Default: | <None> |
SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.
-
ciphers
Type: | string |
Default: | <None> |
Sets the list of available ciphers. value should be a string in the OpenSSL cipher list format.