neutron.conf
DEFAULT
-
rpc_conn_pool_size
-
Size of RPC connection pool.
Deprecated Variations
Group |
Name |
DEFAULT |
rpc_conn_pool_size |
-
conn_pool_min_size
-
The pool size limit for connections expiration policy
-
conn_pool_ttl
Type: | integer |
Default: | 1200 |
The time-to-live in sec of idle connections in the pool
-
executor_thread_pool_size
-
Size of executor thread pool when executor is threading or eventlet.
Deprecated Variations
Group |
Name |
DEFAULT |
rpc_thread_pool_size |
-
rpc_response_timeout
-
Seconds to wait for a response from a call.
-
transport_url
Type: | string |
Default: | rabbit:// |
The network address and optional user credentials for connecting to the messaging backend, in URL format. The expected format is:
driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
Example: rabbit://rabbitmq:password@127.0.0.1:5672//
For full details on the fields in the URL see the documentation of oslo_messaging.TransportURL at https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
-
control_exchange
Type: | string |
Default: | neutron |
The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
-
debug
Type: | boolean |
Default: | false |
Mutable: | This option can be changed without restarting. |
If set to true, the logging level will be set to DEBUG instead of the default INFO level.
-
log_config_append
Type: | string |
Default: | <None> |
Mutable: | This option can be changed without restarting. |
The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log-date-format).
Deprecated Variations
Group |
Name |
DEFAULT |
log-config |
DEFAULT |
log_config |
-
log_date_format
Type: | string |
Default: | %Y-%m-%d %H:%M:%S |
Defines the format string for %(asctime)s in log records. Default: the value above . This option is ignored if log_config_append is set.
-
log_file
Type: | string |
Default: | <None> |
(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.
Deprecated Variations
Group |
Name |
DEFAULT |
logfile |
-
log_dir
Type: | string |
Default: | <None> |
(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.
Deprecated Variations
Group |
Name |
DEFAULT |
logdir |
-
watch_log_file
Type: | boolean |
Default: | false |
Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.
-
use_syslog
Type: | boolean |
Default: | false |
Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.
-
use_journal
Type: | boolean |
Default: | false |
Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.
-
syslog_log_facility
Type: | string |
Default: | LOG_USER |
Syslog facility to receive log lines. This option is ignored if log_config_append is set.
-
use_json
Type: | boolean |
Default: | false |
Use JSON formatting for logging. This option is ignored if log_config_append is set.
-
use_stderr
Type: | boolean |
Default: | false |
Log output to standard error. This option is ignored if log_config_append is set.
-
use_eventlog
Type: | boolean |
Default: | false |
Log output to Windows Event Log.
-
log_rotate_interval
-
The amount of time before the log files are rotated. This option is ignored unless log_rotation_type is setto “interval”.
-
log_rotate_interval_type
Type: | string |
Default: | days |
Valid Values: | Seconds, Minutes, Hours, Days, Weekday, Midnight |
Rotation interval type. The time of the last file change (or the time when the service was started) is used when scheduling the next rotation.
-
max_logfile_count
-
Maximum number of rotated log files.
-
max_logfile_size_mb
-
Log file maximum size in MB. This option is ignored if “log_rotation_type” is not set to “size”.
-
log_rotation_type
Type: | string |
Default: | none |
Valid Values: | interval, size, none |
Log rotation type.
Possible values
- interval
- Rotate logs at predefined time intervals.
- size
- Rotate logs once they reach a predefined size.
- none
- Do not rotate log files.
-
logging_context_format_string
Type: | string |
Default: | %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s |
Format string to use for log messages with context. Used by oslo_log.formatters.ContextFormatter
-
logging_default_format_string
Type: | string |
Default: | %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s |
Format string to use for log messages when context is undefined. Used by oslo_log.formatters.ContextFormatter
-
logging_debug_format_suffix
Type: | string |
Default: | %(funcName)s %(pathname)s:%(lineno)d |
Additional data to append to log message when logging level for the message is DEBUG. Used by oslo_log.formatters.ContextFormatter
-
logging_exception_prefix
Type: | string |
Default: | %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s |
Prefix each line of exception output with this format. Used by oslo_log.formatters.ContextFormatter
-
logging_user_identity_format
Type: | string |
Default: | %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s |
Defines the format string for %(user_identity)s that is used in logging_context_format_string. Used by oslo_log.formatters.ContextFormatter
-
default_log_levels
Type: | list |
Default: | amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,oslo_policy=INFO,dogpile.core.dogpile=INFO |
List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.
-
publish_errors
Type: | boolean |
Default: | false |
Enables or disables publication of error events.
-
instance_format
Type: | string |
Default: | "[instance: %(uuid)s] " |
The format for an instance that is passed with the log message.
-
instance_uuid_format
Type: | string |
Default: | "[instance: %(uuid)s] " |
The format for an instance UUID that is passed with the log message.
-
rate_limit_interval
-
Interval, number of seconds, of log rate limiting.
-
rate_limit_burst
-
Maximum number of logged messages per rate_limit_interval.
-
rate_limit_except_level
Type: | string |
Default: | CRITICAL |
Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered.
-
fatal_deprecations
Type: | boolean |
Default: | false |
Enables or disables fatal status of deprecations.
-
api_paste_config
Type: | string |
Default: | api-paste.ini |
File name for the paste.deploy config for api service
-
wsgi_log_format
Type: | string |
Default: | %(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f |
A python format string that is used as the template to generate log lines. The following values can beformatted into it: client_ip, date_time, request_line, status_code, body_length, wall_seconds.
-
tcp_keepidle
-
Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not supported on OS X.
-
wsgi_default_pool_size
-
Size of the pool of greenthreads used by wsgi
Type: | integer |
Default: | 16384 |
Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated when keystone is configured to use PKI tokens with big service catalogs).
-
wsgi_keep_alive
Type: | boolean |
Default: | true |
If False, closes the client socket connection explicitly.
-
client_socket_timeout
-
Timeout for client connections’ socket operations. If an incoming connection is idle for this number of seconds it will be closed. A value of ‘0’ means wait forever.
-
state_path
Type: | string |
Default: | /var/lib/neutron |
Where to store Neutron state files. This directory must be writable by the agent.
-
bind_host
Type: | host address |
Default: | 0.0.0.0 |
The host IP to bind to.
-
bind_port
Type: | port number |
Default: | 9696 |
Minimum Value: | 0 |
Maximum Value: | 65535 |
The port to bind to
-
api_extensions_path
-
The path for API extensions. Note that this can be a colon-separated list of paths. For example: api_extensions_path = extensions:/path/to/more/exts:/even/more/exts. The __path__ of neutron.extensions is appended to this, so if your extensions are in there you don’t need to specify them here.
-
auth_strategy
Type: | string |
Default: | keystone |
The type of authentication to use
-
core_plugin
Type: | string |
Default: | <None> |
The core plugin Neutron will use
-
service_plugins
-
The service plugins Neutron will use
-
base_mac
Type: | string |
Default: | fa:16:3e:00:00:00 |
The base MAC address Neutron will use for VIFs. The first 3 octets will remain unchanged. If the 4th octet is not 00, it will also be used. The others will be randomly generated.
-
allow_bulk
Type: | boolean |
Default: | true |
Allow the usage of the bulk API
-
The maximum number of items returned in a single response, value was ‘infinite’ or negative integer means no limit
-
default_availability_zones
-
Default value of availability zone hints. The availability zone aware schedulers use this when the resources availability_zone_hints is empty. Multiple availability zones can be specified by a comma separated string. This value can be empty. In this case, even if availability_zone_hints for a resource is empty, availability zone is considered for high availability while scheduling the resource.
-
max_dns_nameservers
-
Maximum number of DNS nameservers per subnet
-
max_subnet_host_routes
-
Maximum number of host routes per subnet
-
ipv6_pd_enabled
Type: | boolean |
Default: | false |
Enables IPv6 Prefix Delegation for automatic subnet CIDR allocation. Set to True to enable IPv6 Prefix Delegation for subnet allocation in a PD-capable environment. Users making subnet creation requests for IPv6 subnets without providing a CIDR or subnetpool ID will be given a CIDR via the Prefix Delegation mechanism. Note that enabling PD will override the behavior of the default IPv6 subnetpool.
-
dhcp_lease_duration
Type: | integer |
Default: | 86400 |
DHCP lease duration (in seconds). Use -1 to tell dnsmasq to use infinite lease times.
-
dns_domain
Type: | string |
Default: | openstacklocal |
Domain to use for building the hostnames
-
external_dns_driver
Type: | string |
Default: | <None> |
Driver for external DNS integration.
-
dhcp_agent_notification
Type: | boolean |
Default: | true |
Allow sending resource operation notification to DHCP agent
-
allow_overlapping_ips
Type: | boolean |
Default: | false |
Allow overlapping IP support in Neutron. Attention: the following parameter MUST be set to False if Neutron is being used in conjunction with Nova security groups.
-
host
Type: | host address |
Default: | example.domain |
This option has a sample default set, which means that
its actual default value may vary from the one documented
above.
Hostname to be used by the Neutron server, agents and services running on this machine. All the agents and services running on this machine must use the same host value.
-
network_link_prefix
Type: | string |
Default: | <None> |
This string is prepended to the normal URL that is returned in links to the OpenStack Network API. If it is empty (the default), the URLs are returned unchanged.
-
notify_nova_on_port_status_changes
Type: | boolean |
Default: | true |
Send notification to nova when port status changes
-
notify_nova_on_port_data_changes
Type: | boolean |
Default: | true |
Send notification to nova when port data (fixed_ips/floatingip) changes so nova can update its cache.
-
send_events_interval
-
Number of seconds between sending events to nova if there are any events to send.
-
setproctitle
-
Set process name to match child worker role. Available options are: ‘off’ - retains the previous behavior; ‘on’ - renames processes to ‘neutron-server: role (original string)’; ‘brief’ - renames the same as ‘on’, but without the original string, such as ‘neutron-server: role’.
-
ipam_driver
Type: | string |
Default: | internal |
Neutron IPAM (IP address management) driver to use. By default, the reference implementation of the Neutron IPAM driver is used.
-
vlan_transparent
Type: | boolean |
Default: | false |
If True, then allow plugins that support it to create VLAN transparent networks.
-
filter_validation
Type: | boolean |
Default: | true |
If True, then allow plugins to decide whether to perform validations on filter parameters. Filter validation is enabled if this config is turned on and it is supported by all plugins
-
global_physnet_mtu
Type: | integer |
Default: | 1500 |
MTU of the underlying physical network. Neutron uses this value to calculate MTU for all virtual network components. For flat and VLAN networks, neutron uses this value without modification. For overlay networks such as VXLAN, neutron automatically subtracts the overlay protocol overhead from this value. Defaults to 1500, the standard value for Ethernet.
Deprecated Variations
Group |
Name |
ml2 |
segment_mtu |
-
http_retries
Type: | integer |
Default: | 3 |
Minimum Value: | 0 |
Number of times client connections (nova, ironic) should be retried on a failed HTTP call. 0 (zero) meansconnection is attempted only once (not retried). Setting to any positive integer means that on failure the connection is retried that many times. For example, setting to 3 means total attempts to connect will be 4.
-
backlog
Type: | integer |
Default: | 4096 |
Number of backlog requests to configure the socket with
-
retry_until_window
-
Number of seconds to keep retrying to listen
-
use_ssl
Type: | boolean |
Default: | false |
Enable SSL on the API server
-
periodic_interval
-
Seconds between running periodic tasks.
-
api_workers
Type: | integer |
Default: | <None> |
Number of separate API worker processes for service. If not specified, the default is equal to the number of CPUs available for best performance, capped by potential RAM usage.
-
rpc_workers
Type: | integer |
Default: | <None> |
Number of RPC worker processes for service. If not specified, the default is equal to half the number of API workers.
-
rpc_state_report_workers
-
Number of RPC worker processes dedicated to state reports queue.
-
periodic_fuzzy_delay
-
Range of seconds to randomly delay when starting the periodic task scheduler to reduce stampeding. (Disable by setting to 0)
-
rpc_response_max_timeout
-
Maximum seconds to wait for a response from an RPC call.
-
interface_driver
Type: | string |
Default: | <None> |
The driver used to manage the virtual interface.
-
metadata_proxy_socket
Type: | string |
Default: | $state_path/metadata_proxy |
Location for Metadata Proxy UNIX domain socket.
-
metadata_proxy_user
-
User (uid or name) running metadata proxy after its initialization (if empty: agent effective user).
-
metadata_proxy_group
-
Group (gid or name) running metadata proxy after its initialization (if empty: agent effective group).
-
agent_down_time
-
Seconds to regard the agent is down; should be at least twice report_interval, to be sure the agent is down for good.
-
dhcp_load_type
Type: | string |
Default: | networks |
Valid Values: | networks, subnets, ports |
Representing the resource type whose load is being reported by the agent. This can be “networks”, “subnets” or “ports”. When specified (Default is networks), the server will extract particular load sent as part of its agent configuration object from the agent report state, which is the number of resources being consumed, at every report_interval.dhcp_load_type can be used in combination with network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.WeightScheduler When the network_scheduler_driver is WeightScheduler, dhcp_load_type can be configured to represent the choice for the resource being balanced. Example: dhcp_load_type=networks
-
enable_new_agents
Type: | boolean |
Default: | true |
Agent starts with admin_state_up=False when enable_new_agents=False. In the case, user’s resources will not be scheduled automatically to the agent until admin changes admin_state_up to True.
-
max_routes
-
Maximum number of routes per router
-
enable_snat_by_default
Type: | boolean |
Default: | true |
Define the default value of enable_snat if not provided in external_gateway_info.
-
network_scheduler_driver
Type: | string |
Default: | neutron.scheduler.dhcp_agent_scheduler.WeightScheduler |
Driver to use for scheduling network to DHCP agent
-
network_auto_schedule
Type: | boolean |
Default: | true |
Allow auto scheduling networks to DHCP agent.
-
allow_automatic_dhcp_failover
Type: | boolean |
Default: | true |
Automatically remove networks from offline DHCP agents.
-
dhcp_agents_per_network
-
Number of DHCP agents scheduled to host a tenant network. If this number is greater than 1, the scheduler automatically assigns multiple DHCP agents for a given tenant network, providing high availability for DHCP service.
-
enable_services_on_agents_with_admin_state_down
Type: | boolean |
Default: | false |
Enable services on an agent with admin_state_up False. If this option is False, when admin_state_up of an agent is turned False, services on it will be disabled. Agents with admin_state_up False are not selected for automatic scheduling regardless of this option. But manual scheduling to such agents is available if this option is True.
-
dvr_base_mac
Type: | string |
Default: | fa:16:3f:00:00:00 |
The base mac address used for unique DVR instances by Neutron. The first 3 octets will remain unchanged. If the 4th octet is not 00, it will also be used. The others will be randomly generated. The ‘dvr_base_mac’ must be different from ‘base_mac’ to avoid mixing them up with MAC’s allocated for tenant ports. A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00. The default is 3 octet
-
router_distributed
Type: | boolean |
Default: | false |
System-wide flag to determine the type of router that tenants can create. Only admin can override.
-
enable_dvr
Type: | boolean |
Default: | true |
Determine if setup is configured for DVR. If False, DVR API extension will be disabled.
-
host_dvr_for_dhcp
Type: | boolean |
Default: | true |
Flag to determine if hosting a DVR local router to the DHCP agent is desired. If False, any L3 function supported by the DHCP agent instance will not be possible, for instance: DNS.
-
router_scheduler_driver
Type: | string |
Default: | neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler |
Driver to use for scheduling router to a default L3 agent
-
router_auto_schedule
Type: | boolean |
Default: | true |
Allow auto scheduling of routers to L3 agent.
-
allow_automatic_l3agent_failover
Type: | boolean |
Default: | false |
Automatically reschedule routers from offline L3 agents to online L3 agents.
-
l3_ha
Type: | boolean |
Default: | false |
Enable HA mode for virtual routers.
-
max_l3_agents_per_router
-
Maximum number of L3 agents which a HA router will be scheduled on. If it is set to 0 then the router will be scheduled on every agent.
-
l3_ha_net_cidr
Type: | string |
Default: | 169.254.192.0/18 |
Subnet used for the l3 HA admin network.
-
l3_ha_network_type
-
The network type to use when creating the HA network for an HA router. By default or if empty, the first ‘tenant_network_types’ is used. This is helpful when the VRRP traffic should use a specific network which is not the default one.
-
l3_ha_network_physical_name
-
The physical network name with which the HA network can be created.
-
max_allowed_address_pair
-
Maximum number of allowed address pairs
agent
-
root_helper
-
Root helper application. Use ‘sudo neutron-rootwrap /etc/neutron/rootwrap.conf’ to use the real root filter facility. Change to ‘sudo’ to skip the filtering and just run the command directly.
-
use_helper_for_ns_read
Type: | boolean |
Default: | true |
Use the root helper when listing the namespaces on a system. This may not be required depending on the security configuration. If the root helper is not required, set this to False for a performance improvement.
-
root_helper_daemon
Type: | string |
Default: | <None> |
Root helper daemon application to use when possible.
Use ‘sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf’ to run rootwrap
in “daemon mode” which has been reported to improve performance at scale. For
more information on running rootwrap in “daemon mode”, see:
https://docs.openstack.org/oslo.rootwrap/latest/user/usage.html#daemon-mode
For the agent which needs to execute commands in Dom0 in the hypervisor of
XenServer, this option should be set to ‘xenapi_root_helper’, so that it will
keep a XenAPI session to pass commands to Dom0.
-
report_interval
Type: | floating point |
Default: | 30 |
Seconds between nodes reporting state to server; should be less than agent_down_time, best if it is half or less than agent_down_time.
-
log_agent_heartbeats
Type: | boolean |
Default: | false |
Log agent heartbeats
Type: | boolean |
Default: | true |
Add comments to iptables rules. Set to false to disallow the addition of comments to generated iptables rules that describe each rule’s purpose. System must support the iptables comments module for addition of comments.
-
debug_iptables_rules
Type: | boolean |
Default: | false |
Duplicate every iptables difference calculation to ensure the format being generated matches the format of iptables-save. This option should not be turned on for production systems because it imposes a performance penalty.
-
check_child_processes_action
Type: | string |
Default: | respawn |
Valid Values: | respawn, exit |
Action to be executed when a child process dies
-
check_child_processes_interval
-
Interval between checks of child process liveness (seconds), use 0 to disable
-
kill_scripts_path
Type: | string |
Default: | /etc/neutron/kill_scripts/ |
Location of scripts used to kill external processes. Names of scripts here must follow the pattern: “<process-name>-kill” where <process-name> is name of the process which should be killed using this script. For example, kill script for dnsmasq process should be named “dnsmasq-kill”. If path is set to None, then default “kill” command will be used to stop processes.
-
availability_zone
-
Availability zone of this node
cors
-
allowed_origin
-
Indicate whether this resource may be shared with the domain received in the requests “origin” header. Format: “<protocol>://<host>[:<port>]”, no trailing slash. Example: https://horizon.example.com
-
allow_credentials
Type: | boolean |
Default: | true |
Indicate that the actual request can include user credentials
Type: | list |
Default: | X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID,OpenStack-Volume-microversion |
Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.
-
max_age
Type: | integer |
Default: | 3600 |
Maximum cache age of CORS preflight requests.
-
allow_methods
Type: | list |
Default: | GET,PUT,POST,DELETE,PATCH |
Indicate which methods can be used during the actual request.
Type: | list |
Default: | X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID |
Indicate which header field names may be used during the actual request.
database
-
sqlite_synchronous
Type: | boolean |
Default: | true |
If True, SQLite uses synchronous mode.
Deprecated Variations
Group |
Name |
DEFAULT |
sqlite_synchronous |
-
backend
Type: | string |
Default: | sqlalchemy |
The back end to use for the database.
Deprecated Variations
Group |
Name |
DEFAULT |
db_backend |
-
connection
Type: | string |
Default: | <None> |
The SQLAlchemy connection string to use to connect to the database.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_connection |
DATABASE |
sql_connection |
sql |
connection |
-
slave_connection
Type: | string |
Default: | <None> |
The SQLAlchemy connection string to use to connect to the slave database.
-
mysql_sql_mode
Type: | string |
Default: | TRADITIONAL |
The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
mysql_enable_ndb
Type: | boolean |
Default: | false |
If True, transparently enables support for handling MySQL Cluster (NDB).
-
connection_recycle_time
Type: | integer |
Default: | 3600 |
Connections which have been present in the connection pool longer than this number of seconds will be replaced with a new one the next time they are checked out from the pool.
Deprecated Variations
Group |
Name |
DATABASE |
idle_timeout |
database |
idle_timeout |
DEFAULT |
sql_idle_timeout |
DATABASE |
sql_idle_timeout |
sql |
idle_timeout |
-
min_pool_size
-
Minimum number of SQL connections to keep open in a pool.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_min_pool_size |
DATABASE |
sql_min_pool_size |
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
Reason: | The option to set the minimum pool size is not supported by sqlalchemy. |
-
max_pool_size
-
Maximum number of SQL connections to keep open in a pool. Setting a value of 0 indicates no limit.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_max_pool_size |
DATABASE |
sql_max_pool_size |
-
max_retries
-
Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_max_retries |
DATABASE |
sql_max_retries |
-
retry_interval
-
Interval between retries of opening a SQL connection.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_retry_interval |
DATABASE |
reconnect_interval |
-
max_overflow
-
If set, use this value for max_overflow with SQLAlchemy.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_max_overflow |
DATABASE |
sqlalchemy_max_overflow |
-
connection_debug
Type: | integer |
Default: | 0 |
Minimum Value: | 0 |
Maximum Value: | 100 |
Verbosity of SQL debugging information: 0=None, 100=Everything.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_connection_debug |
-
connection_trace
Type: | boolean |
Default: | false |
Add Python stack traces to SQL as comment strings.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_connection_trace |
-
pool_timeout
Type: | integer |
Default: | <None> |
If set, use this value for pool_timeout with SQLAlchemy.
Deprecated Variations
Group |
Name |
DATABASE |
sqlalchemy_pool_timeout |
-
use_db_reconnect
Type: | boolean |
Default: | false |
Enable the experimental use of database reconnect on connection lost.
-
db_retry_interval
-
Seconds between retries of a database transaction.
-
db_inc_retry_interval
Type: | boolean |
Default: | true |
If True, increases the interval between retries of a database operation up to db_max_retry_interval.
-
db_max_retry_interval
-
If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.
-
db_max_retries
-
Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.
-
connection_parameters
-
Optional URL parameters to append onto the connection URL at connect time; specify as param1=value1¶m2=value2&…
-
engine
-
Database engine for which script will be generated when using offline migration.
keystone_authtoken
-
www_authenticate_uri
Type: | string |
Default: | <None> |
Complete “public” Identity API endpoint. This endpoint should not be an “admin” endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint.
Deprecated Variations
Group |
Name |
keystone_authtoken |
auth_uri |
-
auth_uri
Type: | string |
Default: | <None> |
Complete “public” Identity API endpoint. This endpoint should not be an “admin” endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint. This option is deprecated in favor of www_authenticate_uri and will be removed in the S release.
Warning
This option is deprecated for removal since Queens.
Its value may be silently ignored
in the future.
Reason: | The auth_uri option is deprecated in favor of www_authenticate_uri and will be removed in the S release. |
-
auth_version
Type: | string |
Default: | <None> |
API version of the admin Identity API endpoint.
-
delay_auth_decision
Type: | boolean |
Default: | false |
Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
-
http_connect_timeout
Type: | integer |
Default: | <None> |
Request timeout value for communicating with Identity API server.
-
http_request_max_retries
-
How many times are we trying to reconnect when communicating with Identity API Server.
-
cache
Type: | string |
Default: | <None> |
Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option to have the middleware share a caching backend with swift. Otherwise, use the memcached_servers
option instead.
-
certfile
Type: | string |
Default: | <None> |
Required if identity server requires client certificate
-
keyfile
Type: | string |
Default: | <None> |
Required if identity server requires client certificate
-
cafile
Type: | string |
Default: | <None> |
A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
region_name
Type: | string |
Default: | <None> |
The region in which the identity server can be found.
-
signing_dir
Type: | string |
Default: | <None> |
Directory used to cache files related to PKI tokens. This option has been deprecated in the Ocata release and will be removed in the P release.
Warning
This option is deprecated for removal since Ocata.
Its value may be silently ignored
in the future.
Reason: | PKI token format is no longer supported. |
-
memcached_servers
-
Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
Deprecated Variations
Group |
Name |
keystone_authtoken |
memcache_servers |
-
token_cache_time
-
In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
-
memcache_security_strategy
Type: | string |
Default: | None |
Valid Values: | None, MAC, ENCRYPT |
(Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
-
memcache_secret_key
Type: | string |
Default: | <None> |
(Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
-
memcache_pool_dead_retry
-
(Optional) Number of seconds memcached server is considered dead before it is tried again.
-
memcache_pool_maxsize
-
(Optional) Maximum total number of open connections to every memcached server.
-
memcache_pool_socket_timeout
-
(Optional) Socket timeout in seconds for communicating with a memcached server.
-
memcache_pool_unused_timeout
-
(Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
-
memcache_pool_conn_get_timeout
-
(Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
-
memcache_use_advanced_pool
Type: | boolean |
Default: | false |
(Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
-
include_service_catalog
Type: | boolean |
Default: | true |
(Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
-
enforce_token_bind
Type: | string |
Default: | permissive |
Used to control the use and type of token binding. Can be set to: “disabled” to not check token binding. “permissive” (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. “strict” like “permissive” but if the bind type is unknown the token will be rejected. “required” any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
-
hash_algorithms
-
Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
Warning
This option is deprecated for removal since Ocata.
Its value may be silently ignored
in the future.
Reason: | PKI token format is no longer supported. |
-
service_token_roles
Type: | list |
Default: | service |
A choice of roles that must be present in a service token. Service tokens are allowed to request that an expired token can be used and so this check should tightly control that only actual services should be sending this token. Roles here are applied as an ANY check so any role in this list must be present. For backwards compatibility reasons this currently only affects the allow_expired check.
-
service_token_roles_required
Type: | boolean |
Default: | false |
For backwards compatibility reasons we must let valid service tokens pass that don’t pass the service_token_roles check as valid. Setting this true will become the default in a future release and should be enabled if possible.
-
auth_type
Type: | unknown type |
Default: | <None> |
Authentication type to load
Deprecated Variations
Group |
Name |
keystone_authtoken |
auth_plugin |
-
auth_section
Type: | unknown type |
Default: | <None> |
Config Section from which to load plugin specific options
nova
-
region_name
Type: | string |
Default: | <None> |
Name of nova region to use. Useful if keystone manages more than one region.
-
endpoint_type
Type: | string |
Default: | public |
Valid Values: | public, admin, internal |
Type of the nova endpoint to use. This endpoint will be looked up in the keystone catalog and should be one of public, internal or admin.
-
auth_url
Type: | unknown type |
Default: | <None> |
Authentication URL
-
auth_type
Type: | unknown type |
Default: | <None> |
Authentication type to load
Deprecated Variations
Group |
Name |
nova |
auth_plugin |
-
cafile
Type: | string |
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
certfile
Type: | string |
Default: | <None> |
PEM encoded client certificate cert file
-
collect_timing
Type: | boolean |
Default: | false |
Collect per-API call timing information.
-
default_domain_id
Type: | unknown type |
Default: | <None> |
Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
-
default_domain_name
Type: | unknown type |
Default: | <None> |
Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
-
domain_id
Type: | unknown type |
Default: | <None> |
Domain ID to scope to
-
domain_name
Type: | unknown type |
Default: | <None> |
Domain name to scope to
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
keyfile
Type: | string |
Default: | <None> |
PEM encoded client certificate key file
-
password
Type: | unknown type |
Default: | <None> |
User’s password
-
project_domain_id
Type: | unknown type |
Default: | <None> |
Domain ID containing project
-
project_domain_name
Type: | unknown type |
Default: | <None> |
Domain name containing project
-
project_id
Type: | unknown type |
Default: | <None> |
Project ID to scope to
Deprecated Variations
Group |
Name |
nova |
tenant-id |
nova |
tenant_id |
-
project_name
Type: | unknown type |
Default: | <None> |
Project name to scope to
Deprecated Variations
Group |
Name |
nova |
tenant-name |
nova |
tenant_name |
-
split_loggers
Type: | boolean |
Default: | false |
Log requests to multiple loggers.
-
system_scope
Type: | unknown type |
Default: | <None> |
Scope for system operations
-
tenant_id
Type: | unknown type |
Default: | <None> |
Tenant ID
-
tenant_name
Type: | unknown type |
Default: | <None> |
Tenant Name
-
timeout
Type: | integer |
Default: | <None> |
Timeout value for http requests
-
trust_id
Type: | unknown type |
Default: | <None> |
Trust ID
-
user_domain_id
Type: | unknown type |
Default: | <None> |
User’s domain id
-
user_domain_name
Type: | unknown type |
Default: | <None> |
User’s domain name
-
user_id
Type: | unknown type |
Default: | <None> |
User id
-
username
Type: | unknown type |
Default: | <None> |
Username
Deprecated Variations
Group |
Name |
nova |
user-name |
nova |
user_name |
oslo_concurrency
-
disable_process_locking
Type: | boolean |
Default: | false |
Enables or disables inter-process locks.
Deprecated Variations
Group |
Name |
DEFAULT |
disable_process_locking |
-
lock_path
Type: | string |
Default: | <None> |
Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set.
Deprecated Variations
Group |
Name |
DEFAULT |
lock_path |
oslo_messaging_amqp
-
container_name
Type: | string |
Default: | <None> |
Name for the AMQP container. must be globally unique. Defaults to a generated UUID
Deprecated Variations
Group |
Name |
amqp1 |
container_name |
-
idle_timeout
-
Timeout for inactive connections (in seconds)
Deprecated Variations
Group |
Name |
amqp1 |
idle_timeout |
-
trace
Type: | boolean |
Default: | false |
Debug: dump AMQP frames to stdout
Deprecated Variations
Group |
Name |
amqp1 |
trace |
-
ssl
Type: | boolean |
Default: | false |
Attempt to connect via SSL. If no other ssl-related parameters are given, it will use the system’s CA-bundle to verify the server’s certificate.
-
ssl_ca_file
-
CA certificate PEM file used to verify the server’s certificate
Deprecated Variations
Group |
Name |
amqp1 |
ssl_ca_file |
-
ssl_cert_file
-
Self-identifying certificate PEM file for client authentication
Deprecated Variations
Group |
Name |
amqp1 |
ssl_cert_file |
-
ssl_key_file
-
Private key PEM file used to sign ssl_cert_file certificate (optional)
Deprecated Variations
Group |
Name |
amqp1 |
ssl_key_file |
-
ssl_key_password
Type: | string |
Default: | <None> |
Password for decrypting ssl_key_file (if encrypted)
Deprecated Variations
Group |
Name |
amqp1 |
ssl_key_password |
-
ssl_verify_vhost
Type: | boolean |
Default: | false |
By default SSL checks that the name in the server’s certificate matches the hostname in the transport_url. In some configurations it may be preferable to use the virtual hostname instead, for example if the server uses the Server Name Indication TLS extension (rfc6066) to provide a certificate per virtual host. Set ssl_verify_vhost to True if the server’s SSL certificate uses the virtual host name instead of the DNS name.
-
sasl_mechanisms
-
Space separated list of acceptable SASL mechanisms
Deprecated Variations
Group |
Name |
amqp1 |
sasl_mechanisms |
-
sasl_config_dir
-
Path to directory that contains the SASL configuration
Deprecated Variations
Group |
Name |
amqp1 |
sasl_config_dir |
-
sasl_config_name
-
Name of configuration file (without .conf suffix)
Deprecated Variations
Group |
Name |
amqp1 |
sasl_config_name |
-
sasl_default_realm
-
SASL realm to use if no realm present in username
-
connection_retry_interval
Type: | integer |
Default: | 1 |
Minimum Value: | 1 |
Seconds to pause before attempting to re-connect.
-
connection_retry_backoff
Type: | integer |
Default: | 2 |
Minimum Value: | 0 |
Increase the connection_retry_interval by this many seconds after each unsuccessful failover attempt.
-
connection_retry_interval_max
Type: | integer |
Default: | 30 |
Minimum Value: | 1 |
Maximum limit for connection_retry_interval + connection_retry_backoff
-
link_retry_delay
Type: | integer |
Default: | 10 |
Minimum Value: | 1 |
Time to pause between re-connecting an AMQP 1.0 link that failed due to a recoverable error.
-
default_reply_retry
Type: | integer |
Default: | 0 |
Minimum Value: | -1 |
The maximum number of attempts to re-send a reply message which failed due to a recoverable error.
-
default_reply_timeout
Type: | integer |
Default: | 30 |
Minimum Value: | 5 |
The deadline for an rpc reply message delivery.
-
default_send_timeout
Type: | integer |
Default: | 30 |
Minimum Value: | 5 |
The deadline for an rpc cast or call message delivery. Only used when caller does not provide a timeout expiry.
-
default_notify_timeout
Type: | integer |
Default: | 30 |
Minimum Value: | 5 |
The deadline for a sent notification message delivery. Only used when caller does not provide a timeout expiry.
-
default_sender_link_timeout
Type: | integer |
Default: | 600 |
Minimum Value: | 1 |
The duration to schedule a purge of idle sender links. Detach link after expiry.
-
addressing_mode
Type: | string |
Default: | dynamic |
Indicates the addressing mode used by the driver.
Permitted values:
‘legacy’ - use legacy non-routable addressing
‘routable’ - use routable addresses
‘dynamic’ - use legacy addresses if the message bus does not support routing otherwise use routable addressing
-
pseudo_vhost
Type: | boolean |
Default: | true |
Enable virtual host support for those message buses that do not natively support virtual hosting (such as qpidd). When set to true the virtual host name will be added to all message bus addresses, effectively creating a private ‘subnet’ per virtual host. Set to False if the message bus supports virtual hosting using the ‘hostname’ field in the AMQP 1.0 Open performative as the name of the virtual host.
-
server_request_prefix
Type: | string |
Default: | exclusive |
address prefix used when sending to a specific server
Deprecated Variations
Group |
Name |
amqp1 |
server_request_prefix |
-
broadcast_prefix
Type: | string |
Default: | broadcast |
address prefix used when broadcasting to all servers
Deprecated Variations
Group |
Name |
amqp1 |
broadcast_prefix |
-
group_request_prefix
Type: | string |
Default: | unicast |
address prefix when sending to any server in group
Deprecated Variations
Group |
Name |
amqp1 |
group_request_prefix |
-
rpc_address_prefix
Type: | string |
Default: | openstack.org/om/rpc |
Address prefix for all generated RPC addresses
-
notify_address_prefix
Type: | string |
Default: | openstack.org/om/notify |
Address prefix for all generated Notification addresses
-
multicast_address
Type: | string |
Default: | multicast |
Appended to the address prefix when sending a fanout message. Used by the message bus to identify fanout messages.
-
unicast_address
Type: | string |
Default: | unicast |
Appended to the address prefix when sending to a particular RPC/Notification server. Used by the message bus to identify messages sent to a single destination.
-
anycast_address
Type: | string |
Default: | anycast |
Appended to the address prefix when sending to a group of consumers. Used by the message bus to identify messages that should be delivered in a round-robin fashion across consumers.
-
default_notification_exchange
Type: | string |
Default: | <None> |
Exchange name used in notification addresses.
Exchange name resolution precedence:
Target.exchange if set
else default_notification_exchange if set
else control_exchange if set
else ‘notify’
-
default_rpc_exchange
Type: | string |
Default: | <None> |
Exchange name used in RPC addresses.
Exchange name resolution precedence:
Target.exchange if set
else default_rpc_exchange if set
else control_exchange if set
else ‘rpc’
-
reply_link_credit
Type: | integer |
Default: | 200 |
Minimum Value: | 1 |
Window size for incoming RPC Reply messages.
-
rpc_server_credit
Type: | integer |
Default: | 100 |
Minimum Value: | 1 |
Window size for incoming RPC Request messages
-
notify_server_credit
Type: | integer |
Default: | 100 |
Minimum Value: | 1 |
Window size for incoming Notification messages
-
pre_settled
Type: | multi-valued |
Default: | rpc-cast |
Default: | rpc-reply |
Send messages of this type pre-settled.
Pre-settled messages will not receive acknowledgement
from the peer. Note well: pre-settled messages may be
silently discarded if the delivery fails.
Permitted values:
‘rpc-call’ - send RPC Calls pre-settled
‘rpc-reply’- send RPC Replies pre-settled
‘rpc-cast’ - Send RPC Casts pre-settled
‘notify’ - Send Notifications pre-settled
oslo_messaging_kafka
-
kafka_max_fetch_bytes
Type: | integer |
Default: | 1048576 |
Max fetch bytes of Kafka consumer
-
kafka_consumer_timeout
Type: | floating point |
Default: | 1.0 |
Default timeout(s) for Kafka consumers
-
pool_size
-
Pool Size for Kafka Consumers
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
Reason: | Driver no longer uses connection pool. |
-
conn_pool_min_size
-
The pool size limit for connections expiration policy
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
Reason: | Driver no longer uses connection pool. |
-
conn_pool_ttl
Type: | integer |
Default: | 1200 |
The time-to-live in sec of idle connections in the pool
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
Reason: | Driver no longer uses connection pool. |
-
consumer_group
Type: | string |
Default: | oslo_messaging_consumer |
Group id for Kafka consumer. Consumers in one group will coordinate message consumption
-
producer_batch_timeout
Type: | floating point |
Default: | 0.0 |
Upper bound on the delay for KafkaProducer batching in seconds
-
producer_batch_size
Type: | integer |
Default: | 16384 |
Size of batch for the producer async send
-
enable_auto_commit
Type: | boolean |
Default: | false |
Enable asynchronous consumer commits
-
max_poll_records
-
The maximum number of records returned in a poll call
-
security_protocol
Type: | string |
Default: | PLAINTEXT |
Valid Values: | PLAINTEXT, SASL_PLAINTEXT, SSL, SASL_SSL |
Protocol used to communicate with brokers
-
sasl_mechanism
Type: | string |
Default: | PLAIN |
Mechanism when security protocol is SASL
-
ssl_cafile
-
CA certificate PEM file used to verify the server certificate
oslo_messaging_notifications
-
driver
Type: | multi-valued |
Default: | '' |
The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop
Deprecated Variations
Group |
Name |
DEFAULT |
notification_driver |
-
transport_url
Type: | string |
Default: | <None> |
A URL representing the messaging driver to use for notifications. If not set, we fall back to the same configuration used for RPC.
Deprecated Variations
Group |
Name |
DEFAULT |
notification_transport_url |
-
topics
Type: | list |
Default: | notifications |
AMQP topic used for OpenStack notifications.
Deprecated Variations
Group |
Name |
rpc_notifier2 |
topics |
DEFAULT |
notification_topics |
-
retry
-
The maximum number of attempts to re-send a notification message which failed to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
oslo_messaging_rabbit
-
amqp_durable_queues
Type: | boolean |
Default: | false |
Use durable queues in AMQP.
-
amqp_auto_delete
Type: | boolean |
Default: | false |
Auto-delete queues in AMQP.
Deprecated Variations
Group |
Name |
DEFAULT |
amqp_auto_delete |
-
ssl
Type: | boolean |
Default: | false |
Connect over SSL.
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
rabbit_use_ssl |
-
ssl_version
-
SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_ssl_version |
-
ssl_key_file
-
SSL key file (valid only if SSL enabled).
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_ssl_keyfile |
-
ssl_cert_file
-
SSL cert file (valid only if SSL enabled).
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_ssl_certfile |
-
ssl_ca_file
-
SSL certification authority file (valid only if SSL enabled).
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_ssl_ca_certs |
-
kombu_reconnect_delay
Type: | floating point |
Default: | 1.0 |
How long to wait before reconnecting in response to an AMQP consumer cancel notification.
Deprecated Variations
Group |
Name |
DEFAULT |
kombu_reconnect_delay |
-
kombu_compression
Type: | string |
Default: | <None> |
EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not be used. This option may not be available in future versions.
-
kombu_missing_consumer_retry_timeout
-
How long to wait a missing client before abandoning to send it its replies. This value should not be longer than rpc_response_timeout.
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_reconnect_timeout |
-
kombu_failover_strategy
Type: | string |
Default: | round-robin |
Valid Values: | round-robin, shuffle |
Determines how the next RabbitMQ node is chosen in case the one we are currently connected to becomes unavailable. Takes effect only if more than one RabbitMQ node is provided in config.
-
rabbit_login_method
Type: | string |
Default: | AMQPLAIN |
Valid Values: | PLAIN, AMQPLAIN, RABBIT-CR-DEMO |
The RabbitMQ login method.
Deprecated Variations
Group |
Name |
DEFAULT |
rabbit_login_method |
-
rabbit_retry_interval
-
How frequently to retry connecting with RabbitMQ.
-
rabbit_retry_backoff
-
How long to backoff for between retries when connecting to RabbitMQ.
Deprecated Variations
Group |
Name |
DEFAULT |
rabbit_retry_backoff |
-
rabbit_interval_max
-
Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
-
rabbit_ha_queues
Type: | boolean |
Default: | false |
Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring is no longer controlled by the x-ha-policy argument when declaring a queue. If you just want to make sure that all queues (except those with auto-generated names) are mirrored across all nodes, run: “rabbitmqctl set_policy HA ‘^(?!amq.).*’ ‘{“ha-mode”: “all”}’ “
Deprecated Variations
Group |
Name |
DEFAULT |
rabbit_ha_queues |
-
rabbit_transient_queues_ttl
Type: | integer |
Default: | 1800 |
Minimum Value: | 1 |
Positive integer representing duration in seconds for queue TTL (x-expires). Queues which are unused for the duration of the TTL are automatically deleted. The parameter affects only reply and fanout queues.
-
rabbit_qos_prefetch_count
-
Specifies the number of messages to prefetch. Setting to zero allows unlimited messages.
-
heartbeat_timeout_threshold
-
Number of seconds after which the Rabbit broker is considered down if heartbeat’s keep-alive fails (0 disable the heartbeat). EXPERIMENTAL
-
heartbeat_rate
-
How often times during the heartbeat_timeout_threshold we check the heartbeat.
oslo_middleware
Type: | boolean |
Default: | false |
Whether the application is behind a proxy or not. This determines if the middleware should parse the headers or not.
oslo_policy
-
enforce_scope
Type: | boolean |
Default: | false |
This option controls whether or not to enforce scope when evaluating policies. If True
, the scope of the token used in the request is compared to the scope_types
of the policy being enforced. If the scopes do not match, an InvalidScope
exception will be raised. If False
, a message will be logged informing operators that policies are being invoked with mismatching scope.
-
policy_file
Type: | string |
Default: | policy.json |
The file that defines policies.
Deprecated Variations
Group |
Name |
DEFAULT |
policy_file |
-
policy_default_rule
Type: | string |
Default: | default |
Default rule. Enforced when a requested rule is not found.
Deprecated Variations
Group |
Name |
DEFAULT |
policy_default_rule |
-
policy_dirs
Type: | multi-valued |
Default: | policy.d |
Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.
Deprecated Variations
Group |
Name |
DEFAULT |
policy_dirs |
-
remote_content_type
Type: | string |
Default: | application/x-www-form-urlencoded |
Valid Values: | application/x-www-form-urlencoded, application/json |
Content Type to send and receive data for REST based policy check
-
remote_ssl_verify_server_crt
Type: | boolean |
Default: | false |
server identity verification for REST based policy check
-
remote_ssl_ca_crt_file
Type: | string |
Default: | <None> |
Absolute path to ca cert file for REST based policy check
-
remote_ssl_client_crt_file
Type: | string |
Default: | <None> |
Absolute path to client cert for REST based policy check
-
remote_ssl_client_key_file
Type: | string |
Default: | <None> |
Absolute path client key file REST based policy check
privsep
Configuration options for the oslo.privsep daemon. Note that this group name can be changed by the consuming service. Check the service’s docs to see if this is the case.
-
user
Type: | string |
Default: | <None> |
User that the privsep daemon should run as.
-
group
Type: | string |
Default: | <None> |
Group that the privsep daemon should run as.
-
capabilities
Type: | unknown type |
Default: | [] |
List of Linux capabilities retained by the privsep daemon.
-
thread_pool_size
Type: | integer |
Default: | 8 |
Minimum Value: | 1 |
The number of threads available for privsep to concurrently run processes. Defaults to the number of CPU cores in the system.
-
helper_command
Type: | string |
Default: | <None> |
Command to invoke to start the privsep daemon if not using the “fork” method. If not specified, a default is generated using “sudo privsep-helper” and arguments designed to recreate the current configuration. This command must accept suitable –privsep_context and –privsep_sock_path arguments.
quotas
-
default_quota
-
Default number of resource allowed per tenant. A negative value means unlimited.
-
quota_network
-
Number of networks allowed per tenant. A negative value means unlimited.
-
quota_subnet
-
Number of subnets allowed per tenant, A negative value means unlimited.
-
quota_port
-
Number of ports allowed per tenant. A negative value means unlimited.
-
quota_driver
Type: | string |
Default: | neutron.db.quota.driver.DbQuotaDriver |
Default driver to use for quota checks.
-
track_quota_usage
Type: | boolean |
Default: | true |
Keep in track in the database of current resource quota usage. Plugins which do not leverage the neutron database should set this flag to False.
-
quota_router
-
Number of routers allowed per tenant. A negative value means unlimited.
-
quota_floatingip
-
Number of floating IPs allowed per tenant. A negative value means unlimited.
-
quota_security_group
-
Number of security groups allowed per tenant. A negative value means unlimited.
-
quota_security_group_rule
-
Number of security rules allowed per tenant. A negative value means unlimited.
ssl
-
ca_file
Type: | string |
Default: | <None> |
CA certificate file to use to verify connecting clients.
Deprecated Variations
Group |
Name |
DEFAULT |
ssl_ca_file |
-
cert_file
Type: | string |
Default: | <None> |
Certificate file to use when starting the server securely.
Deprecated Variations
Group |
Name |
DEFAULT |
ssl_cert_file |
-
key_file
Type: | string |
Default: | <None> |
Private key file to use when starting the server securely.
Deprecated Variations
Group |
Name |
DEFAULT |
ssl_key_file |
-
version
Type: | string |
Default: | <None> |
SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.
-
ciphers
Type: | string |
Default: | <None> |
Sets the list of available ciphers. value should be a string in the OpenSSL cipher list format.