karbor.conf¶
DEFAULT¶
-
state_path
¶ - Type
string
- Default
/var/lib/karbor
Top-level directory for maintaining karbor’s state
¶ Group
Name
DEFAULT
pybasedir
-
service_down_time
¶ - Type
integer
- Default
60
Maximum time since last check-in for a service to be considered up
-
operationengine_topic
¶ - Type
string
- Default
karbor-operationengine
The topic that OperationEngine nodes listen on
-
operationengine_manager
¶ - Type
string
- Default
karbor.services.operationengine.manager.OperationEngineManager
Full class name for the Manager for OperationEngine
-
protection_topic
¶ - Type
string
- Default
karbor-protection
The topic that protection nodes listen on
-
protection_manager
¶ - Type
string
- Default
karbor.services.protection.manager.ProtectionManager
Full class name for the Manager for Protection
-
host
¶ - Type
host address
- Default
ubuntu-focal-rax-ord-0019851069
Name of this node. This can be an opaque identifier. It is not necessarily a host name, FQDN, or IP address.
-
auth_strategy
¶ - Type
string
- Default
keystone
- Valid Values
noauth, keystone
The strategy to use for auth. Supports noauth or keystone.
-
osapi_max_limit
¶ - Type
integer
- Default
1000
The maximum number of items that a collection resource returns in a single response
-
osapi_karbor_base_URL
¶ - Type
string
- Default
<None>
Base URL that will be presented to users in links to the OpenStack Karbor API
-
query_instance_filters
¶ - Type
list
- Default
['status']
Instance filter options which non-admin user could use to query instances. Default values are: [‘status’]
-
query_provider_filters
¶ - Type
list
- Default
['name', 'description']
Provider filter options which non-admin user could use to query providers. Default values are: [‘name’, ‘description’]
-
query_checkpoint_filters
¶ - Type
list
- Default
['project_id', 'plan_id', 'start_date', 'end_date']
Checkpoint filter options which non-admin user could use to query checkpoints. Default values are: [‘project_id’, ‘plan_id’, ‘start_date’, ‘end_date’]
-
enable_new_services
¶ - Type
boolean
- Default
True
Services to be added to the available pool on create
-
thread_count
¶ - Type
integer
- Default
10
The count of thread which executor will start
-
min_interval
¶ - Type
integer
- Default
3600
The minimum interval of two adjacent time points. min_interval >= (max_window_time * 2)
-
min_window_time
¶ - Type
integer
- Default
900
The minimum window time
-
max_window_time
¶ - Type
integer
- Default
1800
The maximum window time
-
time_format
¶ - Type
string
- Default
calendar
- Valid Values
crontab, calendar
The type of time format which is used to compute time
-
trigger_poll_interval
¶ - Type
integer
- Default
15
Interval, in seconds, in which Karbor will poll for trigger events
-
scheduling_strategy
¶ - Type
string
- Default
multi_node
Time trigger scheduling strategy
-
retained_operation_log_number
¶ - Type
integer
- Default
5
The number of retained operation log
-
sync_status_interval
¶ - Type
integer
- Default
20
update protection status interval
-
workflow_engine
¶ - Type
string
- Default
karbor.services.protection.flows.workflow.TaskFlowEngine
The workflow engine provides flow and task interface
-
provider_registry
¶ - Type
string
- Default
provider-registry
the provider registry
-
max_concurrent_operations
¶ - Type
integer
- Default
0
number of maximum concurrent operation (protect, restore, delete) flows. 0 means no hard limit
-
tcp_keepalive
¶ - Type
boolean
- Default
True
Sets the value of TCP_KEEPALIVE (True/False) for each server socket.
-
tcp_keepalive_interval
¶ - Type
integer
- Default
<None>
Sets the value of TCP_KEEPINTVL in seconds for each server socket. Not supported on OS X.
-
tcp_keepalive_count
¶ - Type
integer
- Default
<None>
Sets the value of TCP_KEEPCNT for each server socket. Not supported on OS X.
-
fatal_exception_format_errors
¶ - Type
boolean
- Default
False
Make exception message format errors fatal.
-
report_interval
¶ - Type
integer
- Default
10
Interval, in seconds, between nodes reporting state to datastore
-
periodic_interval
¶ - Type
integer
- Default
60
Interval, in seconds, between running periodic tasks
-
periodic_fuzzy_delay
¶ - Type
integer
- Default
60
Range, in seconds, to randomly delay when starting the periodic task OperationEngine to reduce stampeding. (Disable by setting to 0)
-
osapi_karbor_listen
¶ - Type
host address
- Default
0.0.0.0
IP address on which OpenStack Karbor API listens
-
osapi_karbor_listen_port
¶ - Type
port number
- Default
8799
- Minimum Value
0
- Maximum Value
65535
Port on which OpenStack Karbor API listens
-
osapi_karbor_workers
¶ - Type
integer
- Default
<None>
Number of workers for OpenStack Karbor API service. The default is equal to the number of CPUs available.
-
debug
¶ - Type
boolean
- Default
False
- Mutable
This option can be changed without restarting.
If set to true, the logging level will be set to DEBUG instead of the default INFO level.
-
log_config_append
¶ - Type
string
- Default
<None>
- Mutable
This option can be changed without restarting.
The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log-date-format).
¶ Group
Name
DEFAULT
log-config
DEFAULT
log_config
-
log_date_format
¶ - Type
string
- Default
%Y-%m-%d %H:%M:%S
Defines the format string for %(asctime)s in log records. Default: the value above . This option is ignored if log_config_append is set.
-
log_file
¶ - Type
string
- Default
<None>
(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.
¶ Group
Name
DEFAULT
logfile
-
log_dir
¶ - Type
string
- Default
<None>
(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.
¶ Group
Name
DEFAULT
logdir
-
watch_log_file
¶ - Type
boolean
- Default
False
Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.
-
use_syslog
¶ - Type
boolean
- Default
False
Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.
-
use_journal
¶ - Type
boolean
- Default
False
Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.
-
syslog_log_facility
¶ - Type
string
- Default
LOG_USER
Syslog facility to receive log lines. This option is ignored if log_config_append is set.
-
use_json
¶ - Type
boolean
- Default
False
Use JSON formatting for logging. This option is ignored if log_config_append is set.
-
use_stderr
¶ - Type
boolean
- Default
False
Log output to standard error. This option is ignored if log_config_append is set.
-
use_eventlog
¶ - Type
boolean
- Default
False
Log output to Windows Event Log.
-
log_rotate_interval
¶ - Type
integer
- Default
1
The amount of time before the log files are rotated. This option is ignored unless log_rotation_type is setto “interval”.
-
log_rotate_interval_type
¶ - Type
string
- Default
days
- Valid Values
Seconds, Minutes, Hours, Days, Weekday, Midnight
Rotation interval type. The time of the last file change (or the time when the service was started) is used when scheduling the next rotation.
-
max_logfile_count
¶ - Type
integer
- Default
30
Maximum number of rotated log files.
-
max_logfile_size_mb
¶ - Type
integer
- Default
200
Log file maximum size in MB. This option is ignored if “log_rotation_type” is not set to “size”.
-
log_rotation_type
¶ - Type
string
- Default
none
- Valid Values
interval, size, none
Log rotation type.
Possible values
- interval
Rotate logs at predefined time intervals.
- size
Rotate logs once they reach a predefined size.
- none
Do not rotate log files.
-
logging_context_format_string
¶ - Type
string
- Default
%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
Format string to use for log messages with context. Used by oslo_log.formatters.ContextFormatter
-
logging_default_format_string
¶ - Type
string
- Default
%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
Format string to use for log messages when context is undefined. Used by oslo_log.formatters.ContextFormatter
-
logging_debug_format_suffix
¶ - Type
string
- Default
%(funcName)s %(pathname)s:%(lineno)d
Additional data to append to log message when logging level for the message is DEBUG. Used by oslo_log.formatters.ContextFormatter
-
logging_exception_prefix
¶ - Type
string
- Default
%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
Prefix each line of exception output with this format. Used by oslo_log.formatters.ContextFormatter
-
logging_user_identity_format
¶ - Type
string
- Default
%(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
Defines the format string for %(user_identity)s that is used in logging_context_format_string. Used by oslo_log.formatters.ContextFormatter
-
default_log_levels
¶ - Type
list
- Default
['amqp=WARN', 'amqplib=WARN', 'boto=WARN', 'qpid=WARN', 'sqlalchemy=WARN', 'suds=INFO', 'oslo.messaging=INFO', 'oslo_messaging=INFO', 'iso8601=WARN', 'requests.packages.urllib3.connectionpool=WARN', 'urllib3.connectionpool=WARN', 'websocket=WARN', 'requests.packages.urllib3.util.retry=WARN', 'urllib3.util.retry=WARN', 'keystonemiddleware=WARN', 'routes.middleware=WARN', 'stevedore=WARN', 'taskflow=WARN', 'keystoneauth=WARN', 'oslo.cache=INFO', 'oslo_policy=INFO', 'dogpile.core.dogpile=INFO']
List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.
-
publish_errors
¶ - Type
boolean
- Default
False
Enables or disables publication of error events.
-
instance_format
¶ - Type
string
- Default
"[instance: %(uuid)s] "
The format for an instance that is passed with the log message.
-
instance_uuid_format
¶ - Type
string
- Default
"[instance: %(uuid)s] "
The format for an instance UUID that is passed with the log message.
-
rate_limit_interval
¶ - Type
integer
- Default
0
Interval, number of seconds, of log rate limiting.
-
rate_limit_burst
¶ - Type
integer
- Default
0
Maximum number of logged messages per rate_limit_interval.
-
rate_limit_except_level
¶ - Type
string
- Default
CRITICAL
Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered.
-
fatal_deprecations
¶ - Type
boolean
- Default
False
Enables or disables fatal status of deprecations.
cinder_client¶
-
service_name
¶ - Type
string
- Default
<None>
The name of service registered in Keystone
-
service_type
¶ - Type
string
- Default
<None>
The type of service registered in Keystone
-
version
¶ - Type
string
- Default
<None>
The version of service client
-
region_id
¶ - Type
string
- Default
RegionOne
The region id which the service belongs to.
-
interface
¶ - Type
string
- Default
internal
The network interface of the endpoint. Valid values are: public, admin, internal.
-
ca_cert_file
¶ - Type
string
- Default
<None>
Location of the CA certificate file to use for client requests in SSL connections.
-
auth_insecure
¶ - Type
boolean
- Default
False
Bypass verification of server certificate when making SSL connection to service.
-
cinder_endpoint
¶ - Type
string
- Default
<None>
URL of the cinder endpoint.
-
cinder_catalog_info
¶ - Type
string
- Default
volumev3:cinderv3:publicURL
Info to match when looking for cinder in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type> - Only used if cinder_endpoint is unset
-
cinder_ca_cert_file
¶ - Type
string
- Default
<None>
Location of the CA certificate file to use for client requests in SSL connections.
-
cinder_auth_insecure
¶ - Type
boolean
- Default
False
Bypass verification of server certificate when making SSL connection to Cinder.
clients_keystone¶
-
auth_uri
¶ - Type
string
- Default
''
Unversioned keystone url in format like http://0.0.0.0:5000.
database¶
-
sqlite_synchronous
¶ - Type
boolean
- Default
True
If True, SQLite uses synchronous mode.
¶ Group
Name
DEFAULT
sqlite_synchronous
-
backend
¶ - Type
string
- Default
sqlalchemy
The back end to use for the database.
¶ Group
Name
DEFAULT
db_backend
-
connection
¶ - Type
string
- Default
<None>
The SQLAlchemy connection string to use to connect to the database.
¶ Group
Name
DEFAULT
sql_connection
DATABASE
sql_connection
sql
connection
-
slave_connection
¶ - Type
string
- Default
<None>
The SQLAlchemy connection string to use to connect to the slave database.
-
mysql_sql_mode
¶ - Type
string
- Default
TRADITIONAL
The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
mysql_enable_ndb
¶ - Type
boolean
- Default
False
If True, transparently enables support for handling MySQL Cluster (NDB).
-
connection_recycle_time
¶ - Type
integer
- Default
3600
Connections which have been present in the connection pool longer than this number of seconds will be replaced with a new one the next time they are checked out from the pool.
¶ Group
Name
DATABASE
idle_timeout
database
idle_timeout
DEFAULT
sql_idle_timeout
DATABASE
sql_idle_timeout
sql
idle_timeout
-
max_pool_size
¶ - Type
integer
- Default
5
Maximum number of SQL connections to keep open in a pool. Setting a value of 0 indicates no limit.
¶ Group
Name
DEFAULT
sql_max_pool_size
DATABASE
sql_max_pool_size
-
max_retries
¶ - Type
integer
- Default
10
Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
¶ Group
Name
DEFAULT
sql_max_retries
DATABASE
sql_max_retries
-
retry_interval
¶ - Type
integer
- Default
10
Interval between retries of opening a SQL connection.
¶ Group
Name
DEFAULT
sql_retry_interval
DATABASE
reconnect_interval
-
max_overflow
¶ - Type
integer
- Default
50
If set, use this value for max_overflow with SQLAlchemy.
¶ Group
Name
DEFAULT
sql_max_overflow
DATABASE
sqlalchemy_max_overflow
-
connection_debug
¶ - Type
integer
- Default
0
- Minimum Value
0
- Maximum Value
100
Verbosity of SQL debugging information: 0=None, 100=Everything.
¶ Group
Name
DEFAULT
sql_connection_debug
-
connection_trace
¶ - Type
boolean
- Default
False
Add Python stack traces to SQL as comment strings.
¶ Group
Name
DEFAULT
sql_connection_trace
-
pool_timeout
¶ - Type
integer
- Default
<None>
If set, use this value for pool_timeout with SQLAlchemy.
¶ Group
Name
DATABASE
sqlalchemy_pool_timeout
-
use_db_reconnect
¶ - Type
boolean
- Default
False
Enable the experimental use of database reconnect on connection lost.
-
db_retry_interval
¶ - Type
integer
- Default
1
Seconds between retries of a database transaction.
-
db_inc_retry_interval
¶ - Type
boolean
- Default
True
If True, increases the interval between retries of a database operation up to db_max_retry_interval.
-
db_max_retry_interval
¶ - Type
integer
- Default
10
If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.
-
db_max_retries
¶ - Type
integer
- Default
20
Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.
-
connection_parameters
¶ - Type
string
- Default
''
Optional URL parameters to append onto the connection URL at connect time; specify as param1=value1¶m2=value2&…
glance_client¶
-
service_name
¶ - Type
string
- Default
<None>
The name of service registered in Keystone
-
service_type
¶ - Type
string
- Default
<None>
The type of service registered in Keystone
-
version
¶ - Type
string
- Default
<None>
The version of service client
-
region_id
¶ - Type
string
- Default
RegionOne
The region id which the service belongs to.
-
interface
¶ - Type
string
- Default
internal
The network interface of the endpoint. Valid values are: public, admin, internal.
-
ca_cert_file
¶ - Type
string
- Default
<None>
Location of the CA certificate file to use for client requests in SSL connections.
-
auth_insecure
¶ - Type
boolean
- Default
False
Bypass verification of server certificate when making SSL connection to service.
-
glance_endpoint
¶ - Type
string
- Default
<None>
URL of the glance endpoint.
-
glance_catalog_info
¶ - Type
string
- Default
image:glance:publicURL
Info to match when looking for glance in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type> - Only used if glance_endpoint is unset
-
glance_ca_cert_file
¶ - Type
string
- Default
<None>
Location of the CA certificate file to use for client requests in SSL connections.
-
glance_auth_insecure
¶ - Type
boolean
- Default
False
Bypass verification of server certificate when making SSL connection to Glance.
karbor_client¶
-
service_name
¶ - Type
string
- Default
<None>
The name of service registered in Keystone
-
service_type
¶ - Type
string
- Default
<None>
The type of service registered in Keystone
-
version
¶ - Type
string
- Default
<None>
The version of service client
-
region_id
¶ - Type
string
- Default
RegionOne
The region id which the service belongs to.
-
interface
¶ - Type
string
- Default
internal
The network interface of the endpoint. Valid values are: public, admin, internal.
-
ca_cert_file
¶ - Type
string
- Default
<None>
Location of the CA certificate file to use for client requests in SSL connections.
-
auth_insecure
¶ - Type
boolean
- Default
False
Bypass verification of server certificate when making SSL connection to service.
keystone_authtoken¶
-
www_authenticate_uri
¶ - Type
string
- Default
<None>
Complete “public” Identity API endpoint. This endpoint should not be an “admin” endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint.
¶ Group
Name
keystone_authtoken
auth_uri
-
auth_uri
¶ - Type
string
- Default
<None>
Complete “public” Identity API endpoint. This endpoint should not be an “admin” endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint. This option is deprecated in favor of www_authenticate_uri and will be removed in the S release.
Warning
This option is deprecated for removal since Queens. Its value may be silently ignored in the future.
- Reason
The auth_uri option is deprecated in favor of www_authenticate_uri and will be removed in the S release.
-
auth_version
¶ - Type
string
- Default
<None>
API version of the Identity API endpoint.
-
interface
¶ - Type
string
- Default
internal
Interface to use for the Identity API endpoint. Valid values are “public”, “internal” (default) or “admin”.
-
delay_auth_decision
¶ - Type
boolean
- Default
False
Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
-
http_connect_timeout
¶ - Type
integer
- Default
<None>
Request timeout value for communicating with Identity API server.
-
http_request_max_retries
¶ - Type
integer
- Default
3
How many times are we trying to reconnect when communicating with Identity API Server.
-
cache
¶ - Type
string
- Default
<None>
Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option to have the middleware share a caching backend with swift. Otherwise, use the
memcached_servers
option instead.
-
certfile
¶ - Type
string
- Default
<None>
Required if identity server requires client certificate
-
keyfile
¶ - Type
string
- Default
<None>
Required if identity server requires client certificate
-
cafile
¶ - Type
string
- Default
<None>
A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
-
insecure
¶ - Type
boolean
- Default
False
Verify HTTPS connections.
-
region_name
¶ - Type
string
- Default
<None>
The region in which the identity server can be found.
-
memcached_servers
¶ - Type
list
- Default
<None>
Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
¶ Group
Name
keystone_authtoken
memcache_servers
-
token_cache_time
¶ - Type
integer
- Default
300
In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
-
memcache_security_strategy
¶ - Type
string
- Default
None
- Valid Values
None, MAC, ENCRYPT
(Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
-
memcache_secret_key
¶ - Type
string
- Default
<None>
(Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
-
memcache_pool_dead_retry
¶ - Type
integer
- Default
300
(Optional) Number of seconds memcached server is considered dead before it is tried again.
-
memcache_pool_maxsize
¶ - Type
integer
- Default
10
(Optional) Maximum total number of open connections to every memcached server.
-
memcache_pool_socket_timeout
¶ - Type
integer
- Default
3
(Optional) Socket timeout in seconds for communicating with a memcached server.
-
memcache_pool_unused_timeout
¶ - Type
integer
- Default
60
(Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
-
memcache_pool_conn_get_timeout
¶ - Type
integer
- Default
10
(Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
-
memcache_use_advanced_pool
¶ - Type
boolean
- Default
False
(Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
-
include_service_catalog
¶ - Type
boolean
- Default
True
(Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
-
enforce_token_bind
¶ - Type
string
- Default
permissive
Used to control the use and type of token binding. Can be set to: “disabled” to not check token binding. “permissive” (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. “strict” like “permissive” but if the bind type is unknown the token will be rejected. “required” any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
-
service_token_roles
¶ - Type
list
- Default
['service']
A choice of roles that must be present in a service token. Service tokens are allowed to request that an expired token can be used and so this check should tightly control that only actual services should be sending this token. Roles here are applied as an ANY check so any role in this list must be present. For backwards compatibility reasons this currently only affects the allow_expired check.
-
service_token_roles_required
¶ - Type
boolean
- Default
False
For backwards compatibility reasons we must let valid service tokens pass that don’t pass the service_token_roles check as valid. Setting this true will become the default in a future release and should be enabled if possible.
-
service_type
¶ - Type
string
- Default
<None>
The name or type of the service as it appears in the service catalog. This is used to validate tokens that have restricted access rules.
-
auth_type
¶ - Type
unknown type
- Default
<None>
Authentication type to load
¶ Group
Name
keystone_authtoken
auth_plugin
-
auth_section
¶ - Type
unknown type
- Default
<None>
Config Section from which to load plugin specific options
manila_client¶
-
service_name
¶ - Type
string
- Default
<None>
The name of service registered in Keystone
-
service_type
¶ - Type
string
- Default
<None>
The type of service registered in Keystone
-
version
¶ - Type
string
- Default
<None>
The version of service client
-
region_id
¶ - Type
string
- Default
RegionOne
The region id which the service belongs to.
-
interface
¶ - Type
string
- Default
internal
The network interface of the endpoint. Valid values are: public, admin, internal.
-
ca_cert_file
¶ - Type
string
- Default
<None>
Location of the CA certificate file to use for client requests in SSL connections.
-
auth_insecure
¶ - Type
boolean
- Default
False
Bypass verification of server certificate when making SSL connection to service.
-
manila_endpoint
¶ - Type
string
- Default
<None>
URL of the manila endpoint.
-
manila_catalog_info
¶ - Type
string
- Default
sharev2:manilav2:publicURL
Info to match when looking for manila in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type> - Only used if manila_endpoint is unset
-
manila_ca_cert_file
¶ - Type
string
- Default
<None>
Location of the CA certificate file to use for client requests in SSL connections.
-
manila_auth_insecure
¶ - Type
boolean
- Default
False
Bypass verification of server certificate when making SSL connection to manila.
neutron_client¶
-
service_name
¶ - Type
string
- Default
<None>
The name of service registered in Keystone
-
service_type
¶ - Type
string
- Default
<None>
The type of service registered in Keystone
-
version
¶ - Type
string
- Default
<None>
The version of service client
-
region_id
¶ - Type
string
- Default
RegionOne
The region id which the service belongs to.
-
interface
¶ - Type
string
- Default
internal
The network interface of the endpoint. Valid values are: public, admin, internal.
-
ca_cert_file
¶ - Type
string
- Default
<None>
Location of the CA certificate file to use for client requests in SSL connections.
-
auth_insecure
¶ - Type
boolean
- Default
False
Bypass verification of server certificate when making SSL connection to service.
-
neutron_endpoint
¶ - Type
string
- Default
<None>
URL of the neutron endpoint.
-
neutron_catalog_info
¶ - Type
string
- Default
network:neutron:publicURL
Info to match when looking for neutron in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type> - Only used if neutron_endpoint is unset
-
neutron_ca_cert_file
¶ - Type
string
- Default
<None>
Location of the CA certificate file to use for client requests in SSL connections.
-
neutron_auth_insecure
¶ - Type
boolean
- Default
False
Bypass verification of server certificate when making SSL connection to Neutron.
nova_client¶
-
service_name
¶ - Type
string
- Default
<None>
The name of service registered in Keystone
-
service_type
¶ - Type
string
- Default
<None>
The type of service registered in Keystone
-
version
¶ - Type
string
- Default
<None>
The version of service client
-
region_id
¶ - Type
string
- Default
RegionOne
The region id which the service belongs to.
-
interface
¶ - Type
string
- Default
internal
The network interface of the endpoint. Valid values are: public, admin, internal.
-
ca_cert_file
¶ - Type
string
- Default
<None>
Location of the CA certificate file to use for client requests in SSL connections.
-
auth_insecure
¶ - Type
boolean
- Default
False
Bypass verification of server certificate when making SSL connection to service.
-
nova_endpoint
¶ - Type
string
- Default
<None>
URL of the nova endpoint. <endpoint_url>
-
nova_catalog_info
¶ - Type
string
- Default
compute:nova:publicURL
Info to match when looking for nova in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type> - Only used if nova_endpoint is unset
-
nova_ca_cert_file
¶ - Type
string
- Default
<None>
Location of the CA certificate file to use for client requests in SSL connections.
-
nova_auth_insecure
¶ - Type
boolean
- Default
False
Bypass verification of server certificate when making SSL connection to Nova.
operationengine¶
-
max_concurrent_operations
¶ - Type
integer
- Default
0
number of maximum concurrent running operations,0 means no hard limit
-
executor
¶ - Type
string
- Default
green_thread
- Valid Values
thread_pool, green_thread
The name of executor which is used to run operations
oslo_concurrency¶
-
disable_process_locking
¶ - Type
boolean
- Default
False
Enables or disables inter-process locks.
¶ Group
Name
DEFAULT
disable_process_locking
-
lock_path
¶ - Type
string
- Default
<None>
Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set.
¶ Group
Name
DEFAULT
lock_path
oslo_policy¶
-
enforce_scope
¶ - Type
boolean
- Default
False
This option controls whether or not to enforce scope when evaluating policies. If
True
, the scope of the token used in the request is compared to thescope_types
of the policy being enforced. If the scopes do not match, anInvalidScope
exception will be raised. IfFalse
, a message will be logged informing operators that policies are being invoked with mismatching scope.
-
enforce_new_defaults
¶ - Type
boolean
- Default
False
This option controls whether or not to use old deprecated defaults when evaluating policies. If
True
, the old deprecated defaults are not going to be evaluated. This means if any existing token is allowed for old defaults but is disallowed for new defaults, it will be disallowed. It is encouraged to enable this flag along with theenforce_scope
flag so that you can get the benefits of new defaults andscope_type
together
-
policy_file
¶ - Type
string
- Default
policy.json
The relative or absolute path of a file that maps roles to permissions for a given service. Relative paths must be specified in relation to the configuration file setting this option.
¶ Group
Name
DEFAULT
policy_file
-
policy_default_rule
¶ - Type
string
- Default
default
Default rule. Enforced when a requested rule is not found.
¶ Group
Name
DEFAULT
policy_default_rule
-
policy_dirs
¶ - Type
multi-valued
- Default
policy.d
Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.
¶ Group
Name
DEFAULT
policy_dirs
-
remote_content_type
¶ - Type
string
- Default
application/x-www-form-urlencoded
- Valid Values
application/x-www-form-urlencoded, application/json
Content Type to send and receive data for REST based policy check
-
remote_ssl_verify_server_crt
¶ - Type
boolean
- Default
False
server identity verification for REST based policy check
-
remote_ssl_ca_crt_file
¶ - Type
string
- Default
<None>
Absolute path to ca cert file for REST based policy check
-
remote_ssl_client_crt_file
¶ - Type
string
- Default
<None>
Absolute path to client cert for REST based policy check
-
remote_ssl_client_key_file
¶ - Type
string
- Default
<None>
Absolute path client key file REST based policy check