Red Hat Enterprise Linux OpenStack
Platform 6
Configuration Reference
Configuring Red Hat Enterprise Linux OpenStack Platform environments
OpenStack Documentation TeamRed Hat
Red Hat Enterprise Linux OpenStack Platform 6 Configuration Reference
Configuring Red Hat Enterprise Linux OpenStack Platform environments
OpenStack Do cumentatio n Team
Red Hat Custo mer Co ntent Services
rho s-do cs@redhat.co m
Legal Notice
Co pyright © 20 15 Red Hat, Inc.
The text o f and illustratio ns in this do cument are licensed by Red Hat under a Creative
Co mmo ns Attributio n–Share Alike 3.0 Unpo rted license ("CC-BY-SA"). An explanatio n o f CCBY-SA is available at
http://creativeco mmo ns.o rg/licenses/by-sa/3.0 /
. In acco rdance with CC-BY-SA, if yo u distribute this do cument o r an adaptatio n o f it, yo u must
pro vide the URL fo r the o riginal versio n.
Red Hat, as the licenso r o f this do cument, waives the right to enfo rce, and agrees no t to assert,
Sectio n 4 d o f CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shado wman lo go , JBo ss, MetaMatrix, Fedo ra, the Infinity
Lo go , and RHCE are trademarks o f Red Hat, Inc., registered in the United States and o ther
co untries.
Linux ® is the registered trademark o f Linus To rvalds in the United States and o ther co untries.
Java ® is a registered trademark o f Oracle and/o r its affiliates.
XFS ® is a trademark o f Silico n Graphics Internatio nal Co rp. o r its subsidiaries in the United
States and/o r o ther co untries.
MySQL ® is a registered trademark o f MySQL AB in the United States, the Euro pean Unio n and
o ther co untries.
No de.js ® is an o fficial trademark o f Jo yent. Red Hat So ftware Co llectio ns is no t fo rmally
related to o r endo rsed by the o fficial Jo yent No de.js o pen so urce o r co mmercial pro ject.
The OpenStack ® Wo rd Mark and OpenStack Lo go are either registered trademarks/service
marks o r trademarks/service marks o f the OpenStack Fo undatio n, in the United States and o ther
co untries and are used with the OpenStack Fo undatio n's permissio n. We are no t affiliated with,
endo rsed o r spo nso red by the OpenStack Fo undatio n, o r the OpenStack co mmunity.
All o ther trademarks are the pro perty o f their respective o wners.
Abstract
This do cument is fo r system administrato rs who want to lo o k up co nfiguratio n o ptio ns. It
co ntains lists o f co nfiguratio n o ptio ns available with OpenStack and uses auto -generatio n to
generate o ptio ns and the descriptio ns fro m the co de fo r each pro ject. It includes sample
co nfiguratio n files.
T able of Cont ent s
T able of Contents
. .PENST
O
. . . . . . ACK
. . . . CO
. . .NFIG
. . . . URAT
. . . . . IO
. .N
. .O
. .VERVIEW
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4. . . . . . . . . .
1. CO NFIG URATIO N FILE FO RMAT
4
.CHAPT
. . . . . .ER
. . .1.. .BLO
. . . .CK
. . ST
. . .O. RAG
....E
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8. . . . . . . . . .
1.1. VO LUME DRIVERS
8
1.2. BACKUP DRIVERS
43
1.3. BLO CK STO RAG E SAMPLE CO NFIG URATIO N FILES
46
1.4. FIBRE CHANNEL ZO NE MANAG ER
10 1
1.5. ADDITIO NAL O PTIO NS
10 5
1.6 . NEW, UPDATED AND DEPRECATED O PTIO NS IN JUNO FO R O PENSTACK BLO CK
STO RAG E
135
.CHAPT
. . . . . .ER
. . .2.. .CO
. . MPUT
. . . . . .E. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. 4. 5. . . . . . . . . .
2.1. THE O SLO RPC MESSAG ING SYSTEM
145
2.2. CO MPUTE API RATE LIMITING
151
2.3. FIBRE CHANNEL SUPPO RT IN CO MPUTE
153
2.4. HYPERVISO RS
153
2.5. SCHEDULING
156
2.6 . CELLS
170
2.7. CO NDUCTO R
176
2.8 . EXAMPLE NO VA.CO NF CO NFIG URATIO N FILES
176
2.9 . CO MPUTE SAMPLE CO NFIG URATIO N FILES
179
2.10 . NEW, UPDATED AND DEPRECATED O PTIO NS IN JUNO FO R O PENSTACK CO MPUTE
249
.CHAPT
. . . . . .ER
. . .3.. .DASHBO
. . . . . . . ARD
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. 58
...........
3.1. SAMPLE CO NFIG URATIO N FILES
258
3.2. DASHBO ARD LO G FILES
270
.CHAPT
. . . . . .ER
. . .4.. .DAT
. . . .ABASE
. . . . . . SERVICE
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.7. 1. . . . . . . . . .
4.1. DATABASE CO NFIG URATIO N
28 8
4.2. CO NFIG URE THE RPC MESSAG ING SYSTEM
29 6
. . . . . . .ER
CHAPT
. . .5.. .IDENT
. . . . . IT
. . Y. .SERVICE
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
. . 1. . . . . . . . . .
5.1. CACHING LAYER
5.2. IDENTITY SERVICE CO NFIG URATIO N FILE
5.3. IDENTITY SERVICE SAMPLE CO NFIG URATIO N FILES
5.4. NEW, UPDATED AND DEPRECATED O PTIO NS IN JUNO FO R O PENSTACK IDENTITY
30 1
30 3
335
372
.CHAPT
. . . . . .ER
. . .6.. .IMAG
....E
. . SERVICE
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
. . 1. . . . . . . . . .
6 .1. API SETTING S
39 3
6 .2. CO NFIG URE THE RPC MESSAG ING SYSTEM
39 6
6 .3. CO NFIG URE BACK ENDS
40 0
6 .4. IMAG E SERVICE SAMPLE CO NFIG URATIO N FILES
40 9
6 .5. NEW, UPDATED AND DEPRECATED O PTIO NS IN JUNO FO R O PENSTACK IMAG E SERVICE
433
.CHAPT
. . . . . .ER
. . .7.. .NET
. . . .WO
. . .RKING
...............................................................
7.1. NETWO RKING CO NFIG URATIO N O PTIO NS
7.2. LO G FILES USED BY NETWO RKING
7.3. NETWO RKING SAMPLE CO NFIG URATIO N FILES
7.4. NEW, UPDATED AND DEPRECATED O PTIO NS IN JUNO FO R O PENSTACK NETWO RKING
.4. 37
...........
437
50 4
50 4
529
.CHAPT
. . . . . .ER
. . .8.. .O. BJECT
. . . . . . .ST
. .O
. .RAG
. . . .E. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
. . 5. . . . . . . . . .
8 .1. O BJECT STO RAG E G ENERAL SERVICE CO NFIG URATIO N
545
1
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
8 .1. O BJECT STO RAG E G ENERAL SERVICE CO NFIG URATIO N
545
8 .2. O BJECT SERVER CO NFIG URATIO N
8 .3. O BJECT EXPIRER CO NFIG URATIO N
547
56 2
8 .4. CO NTAINER SERVER CO NFIG URATIO N
56 7
8 .5. CO NTAINER SYNC REALMS CO NFIG URATIO N
578
8 .6 . CO NTAINER RECO NCILER CO NFIG URATIO N
8 .7. ACCO UNT SERVER CO NFIG URATIO N
8 .8 . PRO XY SERVER CO NFIG URATIO N
8 .9 . PRO XY SERVER MEMCACHE CO NFIG URATIO N
8 .10 . RSYNCD CO NFIG URATIO N
8 .11. CO NFIG URE O BJECT STO RAG E FEATURES
8 .12. NEW, UPDATED AND DEPRECATED O PTIO NS IN JUNO FO R O PENSTACK O BJECT
STO RAG E
58 0
58 4
59 4
6 19
6 19
6 20
6 40
.CHAPT
. . . . . .ER
. . .9.. .O. RCHEST
. . . . . . . .RAT
. . . .IO
. .N. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.4. 8. . . . . . . . . .
9 .1. CO NFIG URE APIS
6 57
9 .2. CO NFIG URE CLIENTS
662
9 .3. CO NFIG URE THE RPC MESSAG ING SYSTEM
667
9 .4. NEW, UPDATED AND DEPRECATED O PTIO NS IN JUNO FO R O RCHESTRATIO N
6 73
. . . . . . .ER
CHAPT
. . .1.0...T. ELEMET
. . . . . . . .RY
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.7. 7. . . . . . . . . .
10 .1. TELEMETRY SAMPLE CO NFIG URATIO N FILES
10 .2. NEW, UPDATED AND DEPRECATED O PTIO NS IN KILO FO R TELEMETRY
699
721
. . . . . . . . . .A.
APPENDIX
. . FIREWALLS
. . . . . . . . . . AND
. . . . .DEFAULT
. . . . . . . . .PO
. . RT
. . .S. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7. 2. 3. . . . . . . . . .
. . . . . . . .N. .HIST
REVISIO
. . . .O. RY
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7.2. 6. . . . . . . . . .
2
T able of Cont ent s
3
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
OPENSTACK CONFIGURATION OVERVIEW
OpenStack is a collection of open source project components that enable setting up cloud
services. Each component uses similar configuration techniques and a common framework
for INI file options.
This guide pulls together multiple references and configuration options for the following
OpenStack components:
OpenStack Block Storage
OpenStack Compute
OpenStack D ashboard
D atabase Service
OpenStack Identity
OpenStack Image Service
OpenStack Networking
OpenStack Object Storage
Telemetry
Orchestration
1. CONFIGURAT ION FILE FORMAT
OpenStack uses the INI file format for configuration files. An INI file is a simple text file that
specifies options as key= val ue pairs, grouped into sections. The D EFAULT section
contains most of the configuration options. Lines starting with a hash sign (#) are comment
lines. For example:
[DEFAULT]
# Print debugging output (set logging level to DEBUG instead
# of default WARNING level). (boolean value)
debug = true
# Print more verbose output (set logging level to INFO instead
# of default WARNING level). (boolean value)
verbose = true
4
O PENST ACK CO NFIG URAT IO N O VERVIEW
[database]
# The SQLAlchemy connection string used to connect to the
# database (string value)
connection = mysql://keystone:KEYSTONE_DBPASS@ controller/keystone
Options can have different types for values. The comments in the sample config files always
mention these. The following types are used by OpenStack:
b o o lean valu e
Enables or disables an option. The allowed values are true and fal se.
# Enable the experimental use of database reconnect on
# connection lost (boolean value)
use_db_reconnect = false
f lo at in g p o in t valu e
A floating point number like 0 . 25 or 10 0 0 .
# Sleep time in seconds for polling an ongoing async task
# (floating point value)
task_poll_interval = 0.5
in t eg er valu e
An integer number is a number without fractional components, like 0 or 4 2.
# The port which the OpenStack Compute service listens on.
# (integer value)
compute_port = 8774
list valu e
Represents values of other types, separated by commas. As an example, the
following sets al l o wed _rpc_excepti o n_mo d ul es to a list containing the four
elements o sl o . messag i ng . excepti o ns, no va. excepti o n,
ci nd er. excepti o n, and excepti o ns:
# Modules of exceptions that are permitted to be recreated
# upon receiving exception data from an rpc call. (list value)
allowed_rpc_exception_modules =
oslo.messaging.exceptions,nova.exception,cinder.exception,except
ions
mu lt i valu ed
A multi-valued option is a string value and can be given more than once, all values
will be used.
5
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Driver or drivers to handle sending notifications. (multi
# valued)
notification_driver =
nova.openstack.common.notifier.rpc_notifier
notification_driver = ceilometer.compute.nova_notifier
st rin g valu e
Strings can be optionally enclosed with single or double quotes.
# onready allows you to send a notification when the process
# is ready to serve. For example, to have it notify using
# systemd, one could set shell command: "onready = systemd# notify --ready" or a module with notify() method: "onready =
# keystone.common.systemd". (string value)
onready = systemd-notify --ready
# If an instance is passed with the log message, format it
# like this (string value)
instance_format = "[instance: %(uuid)s] "
1.1. Sect ions
Configuration options are grouped by section. Most configuration files support at least the
following sections:
[D EFAULT ]
Contains most configuration options. If the documentation for a configuration option
does not specify its section, assume that it appears in this section.
[d atabase]
Configuration options for the database that stores the state of the OpenStack service.
1.2. Subst it ut ion
The configuration file supports variable substitution. After you set a configuration option, it
can be referenced in later configuration values when you precede it with a $, like $O P T IO N.
The following example uses the values of rabbi t_ho st and rabbi t_po rt to define the
value of the rabbi t_ho sts option, in this case as co ntro l l er: 56 72.
# The RabbitMQ broker address where a single node is used.
# (string value)
rabbit_host = controller
# The RabbitMQ broker port where a single node is used.
# (integer value)
6
O PENST ACK CO NFIG URAT IO N O VERVIEW
rabbit_port = 5672
# RabbitMQ HA cluster host:port pairs. (list value)
rabbit_hosts = $rabbit_host:$rabbit_port
To avoid substitution, use $$, it is replaced by a single $. For example, if your LD AP D NS
password is $xkj4 32, specify it, as follows:
ldap_dns_password = $$xkj432
The code uses the Python stri ng . T empl ate. safe_substi tute() method to implement
variable substitution. For more details on how variable substitution is resolved, see
http://docs.python.org/2/library/string.html#template-strings and PEP 292.
1.3. Whit espace
To include whitespace in a configuration value, use a quoted string. For example:
ldap_dns_passsword='a password with spaces'
1.4 . Define an alt ernat e locat ion for a config file
Most services and the and the *-manag e command-line clients load the configuration file.
To define an alternate location for the configuration file, pass the --config-file
CONFIG_FILE parameter when you start a service or call a *-manag e command.
7
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
CHAPTER 1. BLOCK STORAGE
The OpenStack Block Storage service works with many different storage drivers that you can
configure by using these instructions.
1.1. VOLUME DRIVERS
To use different volume drivers for the ci nd er-vo l ume service, use the parameters
described in these sections.
The volume drivers are included in the Block Storage repository
(https://github.com/openstack/cinder). To set a volume driver, use the vo l ume_d ri ver flag.
The default is:
volume_driver = cinder.volume.drivers.lvm.LVMISCSIDriver
1.1.1. Ceph RADOS Block Device (RBD)
If you use KVM or QEMU as your hypervisor, you can configure the Compute service to use
Ceph RAD OS block devices (RBD ) for volumes.
Ceph is a massively scalable, open source, distributed storage system. It is comprised of an
object store, block store, and a POSIX-compliant distributed file system. The platform can
auto-scale to the exabyte level and beyond. It runs on commodity hardware, is self-healing
and self-managing, and has no single point of failure. Ceph is in the Linux kernel and is
integrated with the OpenStack cloud operating system. D ue to its open-source nature, you
can install and use this portable storage platform in public or private clouds.
T ab le 1.1. D escrip t io n o f C ep h st o rag e co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
rad o s_co nnect_ti meo ut = -1
(IntO p t) Timeo ut value (in s ec o nd s ) us ed
when c o nnec ting to c ep h c lus ter. If value < 0 ,
no timeo ut is s et and d efault lib rad o s value
is us ed .
rbd _ceph_co nf =
(StrO p t) Path to the c ep h c o nfig uratio n file
rbd _fl atten_vo l ume_fro m_snapsho t
(Bo o lO p t) Flatten vo lumes c reated fro m
s nap s ho ts to remo ve d ep end enc y fro m
vo lume to s nap s ho t
= False
8
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
rbd _max_cl o ne_d epth = 5
(IntO p t) Maximum numb er o f nes ted vo lume
c lo nes that are taken b efo re a flatten o c c urs .
Set to 0 to d is ab le c lo ning .
rbd _po o l = rbd
(StrO p t) The RADO S p o o l where rb d
vo lumes are s to red
rbd _secret_uui d = None
(StrO p t) The lib virt uuid o f the s ec ret fo r the
rb d _us er vo lumes
rbd _sto re_chunk_si ze = 4
(IntO p t) Vo lumes will b e c hunked into
o b jec ts o f this s iz e (in meg ab ytes ).
rbd _user = None
(StrO p t) The RADO S c lient name fo r
ac c es s ing rb d vo lumes - o nly s et when us ing
c ep hx authentic atio n
vo l ume_tmp_d i r = None
(StrO p t) Direc to ry where temp o rary imag e
files are s to red when the vo lume d river d o es
no t write them d irec tly to the vo lume.
Warning : this o p tio n is no w d ep rec ated ,
p leas e us e imag e_c o nvers io n_d ir ins tead .
1.1.2. Dell EqualLogic volume driver
The D ell EqualLogic volume driver interacts with configured EqualLogic arrays and supports
various operations.
Su p p o rt ed o p erat io n s
Create, delete, attach, and detach volumes.
Create, list, and delete volume snapshots.
Clone a volume.
The OpenStack Block Storage service supports:
Multiple instances of D ell EqualLogic Groups or D ell EqualLogic Group Storage Pools
and multiple pools on a single array.
Multiple instances of D ell EqualLogic Groups or D ell EqualLogic Group Storage Pools or
multiple pools on a single array.
9
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
The D ell EqualLogic volume driver's ability to access the EqualLogic Group is dependent
upon the generic block storage driver's SSH settings in the /etc/ci nd er/ci nd er. co nf
file (see Section 1.3, “ Block Storage sample configuration files” for reference).
T ab le 1.2. D escrip t io n o f D ell Eq u alLo g ic vo lu me d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
eq l x_chap_l o g i n = admin
(StrO p t) Exis ting CHAP ac c o unt name
eq l x_chap_passwo rd = password
(StrO p t) Pas s wo rd fo r s p ec ified CHAP
ac c o unt name
eq l x_cl i _max_retri es = 5
(IntO p t) Maximum retry c o unt fo r
rec o nnec tio n
eq l x_cl i _ti meo ut = 30
(IntO p t) Timeo ut fo r the G ro up Manag er c li
c o mmand exec utio n
eq l x_g ro up_name = group-0
(StrO p t) G ro up name to us e fo r c reating
vo lumes
eq l x_po o l = default
(StrO p t) Po o l in whic h vo lumes will b e
c reated
eq l x_use_chap = False
(Bo o lO p t) Us e CHAP authentic atio n fo r
targ ets ?
The following sample /etc/ci nd er/ci nd er. co nf configuration lists the relevant settings
for a typical Block Storage service using a single D ell EqualLogic Group:
Examp le 1.1. D ef au lt ( sin g le- in st an ce) co n f ig u rat io n
[DEFAULT]
#Required settings
volume_driver = cinder.volume.drivers.eqlx.DellEQLSanISCSIDriver
san_ip = IP_EQLX
san_login = SAN_UNAME
san_password = SAN_PW
eqlx_group_name = EQLX_GROUP
eqlx_pool = EQLX_POOL
#Optional settings
san_thin_provision = true|false
eqlx_use_chap = true|false
eqlx_chap_login = EQLX_UNAME
10
CHAPT ER 1 . BLO CK ST O RAG E
eqlx_chap_password = EQLX_PW
eqlx_cli_timeout = 30
eqlx_cli_max_retries = 5
san_ssh_port = 22
ssh_conn_timeout = 30
san_private_key = SAN_KEY_PATH
ssh_min_pool_conn = 1
ssh_max_pool_conn = 5
In this example, replace the following variables accordingly:
IP_EQ LX
The IP address used to reach the D ell EqualLogic Group through SSH. This field has
no default value.
SAN _U N AME
The user name to login to the Group manager via SSH at the san_ip. D efault user
name is g rpad mi n.
SAN _PW
The corresponding password of SAN_UNAME. Not used when san_private_key is
set. D efault password is passwo rd .
EQ LX_G R O U P
The group to be used for a pool where the Block Storage service will create volumes
and snapshots. D efault group is g ro up-0 .
EQ LX_PO O L
The pool where the Block Storage service will create volumes and snapshots. D efault
pool is d efaul t. This option cannot be used for multiple pools utilized by the Block
Storage service on a single D ell EqualLogic Group.
EQ LX_U N AME
The CHAP login account for each volume in a pool, if eqlx_use_chap is set to
true. D efault account name is chapad mi n.
EQ LX_PW
The corresponding password of EQLX_UNAME. The default password is randomly
generated in hexadecimal, so you must set this password manually.
SAN _K EY_PAT H ( o p t io n al)
11
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
The filename of the private key used for SSH authentication. This provides
password-less login to the EqualLogic Group. Not used when san_password is set.
There is no default value.
1.1.3. Glust erFS driver
GlusterFS is an open-source scalable distributed file system that is able to grow to petabytes
and beyond in size. More information can be found on Gluster's homepage.
This driver enables the use of GlusterFS in a similar fashion as NFS. It supports basic
volume operations, including snapshot/clone.
Note
You must use a Linux kernel of version 3.4 or greater (or version 2.6.32 or greater
in Red Hat Enterprise Linux/CentOS 6.3+) when working with Gluster-based
volumes. See Bug 1177103 for more information.
To use Block Storage with GlusterFS, first set the vo l ume_d ri ver in ci nd er. co nf:
volume_driver=cinder.volume.drivers.glusterfs.GlusterfsDriver
The following table contains the configuration options supported by the GlusterFS driver.
T ab le 1.3. D escrip t io n o f G lu st erFS st o rag e co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
g l usterfs_mo unt_po i nt_base =
$state_path/mnt
(StrO p t) Bas e d ir c o ntaining mo unt p o ints
fo r g lus ter s hares .
g l usterfs_q co w2_vo l umes = False
(Bo o lO p t) Create vo lumes as Q CO W2 files
rather than raw files .
g l usterfs_shares_co nfi g =
(StrO p t) File with the lis t o f availab le g lus ter
s hares
/etc/cinder/glusterfs_shares
g l usterfs_sparsed _vo l umes = True
(Bo o lO p t) Create vo lumes as s p ars ed files
whic h take no s p ac e.If s et to Fals e vo lume is
c reated as reg ular file.In s uc h c as e vo lume
c reatio n takes a lo t o f time.
1.1.4 . HP MSA Fibre Channel driver
The HP MSA fiber channel driver runs volume operations on the storage array over HTTP.
12
CHAPT ER 1 . BLO CK ST O RAG E
A VD isk must be created on the HP MSA array first. This can be done using the web interface
or the command-line interface of the array.
The following options must be defined in the ci nd er-vo l ume configuration file
(/etc/ci nd er/ci nd er. co nf):
Set the vo l ume_d ri ver option to
ci nd er. vo l ume. d ri vers. san. hp. hp_msa_fc. HP MSAFC D ri ver
Set the san_i p option to the hostname or IP address of your HP MSA array.
Set the san_l o g i n option to the login of an existing user of the HP MSA array.
Set the san_passwo rd option to the password for this user.
1.1.5. LVM
The default volume back-end uses local volumes managed by LVM.
This driver supports different transport protocols to attach volumes, currently iSCSI and
iSER.
Set the following in your ci nd er. co nf, and use the following options to configure for
iSCSI transport:
volume_driver = cinder.volume.drivers.lvm.LVMISCSIDriver
and for the iSER transport:
volume_driver = cinder.volume.drivers.lvm.LVMISERDriver
T ab le 1.4 . D escrip t io n o f LVM co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
l vm_mi rro rs = 0
(IntO p t) If > 0 , c reate LVs with multip le
mirro rs . No te that this req uires lvm_mirro rs +
2 PVs with availab le s p ac e
l vm_type = default
(StrO p t) Typ e o f LVM vo lumes to d ep lo y;
(d efault o r thin)
vo l ume_g ro up = cinder-volumes
(StrO p t) Name fo r the VG that will c o ntain
exp o rted vo lumes
13
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
1.1.6. Net App unified driver
The NetApp unified driver is a block storage driver that supports multiple storage families
and protocols. A storage family corresponds to storage systems built on different NetApp
technologies such as clustered D ata ONTAP, D ata ONTAP operating in 7-Mode, and ESeries. The storage protocol refers to the protocol used to initiate data storage and access
operations on those storage systems like iSCSI and NFS. The NetApp unified driver can be
configured to provision and manage OpenStack volumes on a given storage family using a
specified storage protocol. The OpenStack volumes can then be used for accessing and
storing data using the storage protocol on the storage family system. The NetApp unified
driver is an extensible interface that can support new storage families and protocols.
Note
With the Juno release of OpenStack, OpenStack Block Storage has introduced the
concept of " storage pools" , in which a single OpenStack Block Storage back end
may present one or more logical storage resource pools from which OpenStack
Block Storage will select as a storage location when provisioning volumes.
In releases prior to Juno, the NetApp unified driver contained some " scheduling"
logic that determined which NetApp storage container (namely, a FlexVol volume
for D ata ONTAP, or a dynamic disk pool for E-Series) that a new OpenStack Block
Storage volume would be placed into.
With the introduction of pools, all scheduling logic is performed completely within
the OpenStack Block Storage scheduler, as each NetApp storage container is
directly exposed to the OpenStack Block Storage scheduler as a storage pool;
whereas previously, the NetApp unified driver presented an aggregated view to the
scheduler and made a final placement decision as to which NetApp storage
container the OpenStack Block Storage volume would be provisioned into.
1 .1 .6 .1 . Ne t App clust e re d Dat a ONT AP st o rage fam ily
The NetApp clustered D ata ONTAP storage family represents a configuration group which
provides OpenStack compute instances access to clustered D ata ONTAP storage systems.
At present it can be configured in OpenStack Block Storage to work with iSCSI and NFS
storage protocols.
1.1.6 .1.1. N et Ap p iSC SI co n f ig u rat io n f o r clu st ered D at a O N T AP
The NetApp iSCSI configuration for clustered D ata ONTAP is an interface from OpenStack to
clustered D ata ONTAP storage systems for provisioning and managing the SAN block
storage entity; that is, a NetApp LUN which can be accessed using the iSCSI protocol.
The iSCSI configuration for clustered D ata ONTAP is a direct interface from OpenStack
Block Storage to the clustered D ata ONTAP instance and as such does not require
additional management software to achieve the desired functionality. It uses NetApp APIs to
interact with the clustered D ata ONTAP instance.
C o n f ig u rat io n o p t io n s f o r clu st ered D at a O N T AP f amily wit h iSC SI p ro t o co l
14
CHAPT ER 1 . BLO CK ST O RAG E
Configure the volume driver, storage family and storage protocol to the NetApp unified driver,
clustered D ata ONTAP, and iSCSI respectively by setting the vo l ume_d ri ver,
netapp_sto rag e_fami l y and netapp_sto rag e_pro to co l options in ci nd er. co nf
as follows:
volume_driver = cinder.volume.drivers.netapp.common.NetAppDriver
netapp_storage_family = ontap_cluster
netapp_storage_protocol = iscsi
netapp_vserver = openstack-vserver
netapp_server_hostname = myhostname
netapp_server_port = port
netapp_login = username
netapp_password = password
Note
To use the iSCSI protocol, you must override the default value of
netapp_sto rag e_pro to co l with i scsi .
T ab le 1.5. D escrip t io n o f N et Ap p cD O T iSC SI d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
netapp_l o g i n = None
(StrO p t) Ad minis trative us er ac c o unt name
us ed to ac c es s the s to rag e s ys tem o r p ro xy
s erver.
netapp_partner_backend _name = None
(StrO p t) The name o f the c o nfig .c o nf s tanz a
fo r a Data O NTAP (7-mo d e) HA p artner. This
o p tio n is o nly us ed b y the d river when
c o nnec ting to an ins tanc e with a s to rag e
family o f Data O NTAP o p erating in 7-Mo d e,
and it is req uired if the s to rag e p ro to c o l
s elec ted is FC.
netapp_passwo rd = None
(StrO p t) Pas s wo rd fo r the ad minis trative us er
ac c o unt s p ec ified in the netap p _lo g in
o p tio n.
netapp_server_ho stname = None
(StrO p t) The ho s tname (o r IP ad d res s ) fo r
the s to rag e s ys tem o r p ro xy s erver.
15
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
netapp_server_po rt = None
(IntO p t) The TCP p o rt to us e fo r
c o mmunic atio n with the s to rag e s ys tem o r
p ro xy s erver. If no t s p ec ified , Data O NTAP
d rivers will us e 8 0 fo r HTTP and 443 fo r
HTTPS; E-Series will us e 8 0 8 0 fo r HTTP and
8 443 fo r HTTPS.
netapp_si ze_mul ti pl i er = 1.2
(Flo atO p t) The q uantity to b e multip lied b y
the req ues ted vo lume s iz e to ens ure eno ug h
s p ac e is availab le o n the virtual s to rag e
s erver (Vs erver) to fulfill the vo lume c reatio n
req ues t.
netapp_sto rag e_fami l y = ontap_cluster
(StrO p t) The s to rag e family typ e us ed o n the
s to rag e s ys tem; valid values are
o ntap _7mo d e fo r us ing Data O NTAP
o p erating in 7-Mo d e, o ntap _c lus ter fo r us ing
c lus tered Data O NTAP, o r es eries fo r us ing
E-Series .
netapp_sto rag e_pro to co l = None
(StrO p t) The s to rag e p ro to c o l to b e us ed o n
the d ata p ath with the s to rag e s ys tem; valid
values are is c s i, fc , o r nfs .
netapp_transpo rt_type = http
(StrO p t) The trans p o rt p ro to c o l us ed when
c o mmunic ating with the s to rag e s ys tem o r
p ro xy s erver. Valid values are http o r http s .
netapp_vserver = None
(StrO p t) This o p tio n s p ec ifies the virtual
s to rag e s erver (Vs erver) name o n the
s to rag e c lus ter o n whic h p ro vis io ning o f
b lo c k s to rag e vo lumes s ho uld o c c ur.
Note
If you specify an account in the netapp_l o g i n that only has virtual storage
server (Vserver) administration privileges (rather than cluster-wide administration
privileges), some advanced features of the NetApp unified driver will not work and
you may see warnings in the OpenStack Block Storage logs.
T ip
For more information on these options and other deployment and operational scenarios,
visit the NetApp OpenStack D eployment and Operations Guide.
1.1.6 .1.2. N et Ap p N FS co n f ig u rat io n f o r clu st ered D at a O N T AP
16
CHAPT ER 1 . BLO CK ST O RAG E
The NetApp NFS configuration for clustered D ata ONTAP is an interface from OpenStack to
a clustered D ata ONTAP system for provisioning and managing OpenStack volumes on
NFS exports provided by the clustered D ata ONTAP system that are accessed using the NFS
protocol.
The NFS configuration for clustered D ata ONTAP is a direct interface from OpenStack Block
Storage to the clustered D ata ONTAP instance and as such does not require any additional
management software to achieve the desired functionality. It uses NetApp APIs to interact
with the clustered D ata ONTAP instance.
C o n f ig u rat io n o p t io n s f o r t h e clu st ered D at a O N T AP f amily wit h N FS p ro t o co l
Configure the volume driver, storage family, and storage protocol to NetApp unified driver,
clustered D ata ONTAP, and NFS respectively by setting the vo l ume_d ri ver,
netapp_sto rag e_fami l y and netapp_sto rag e_pro to co l options in ci nd er. co nf
as follows:
volume_driver = cinder.volume.drivers.netapp.common.NetAppDriver
netapp_storage_family = ontap_cluster
netapp_storage_protocol = nfs
netapp_vserver = openstack-vserver
netapp_server_hostname = myhostname
netapp_server_port = port
netapp_login = username
netapp_password = password
nfs_shares_config = /etc/cinder/nfs_shares
T ab le 1.6 . D escrip t io n o f N et Ap p cD O T N FS d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
expi ry_thres_mi nutes = 720
(IntO p t) This o p tio n s p ec ifies the thres ho ld
fo r las t ac c es s time fo r imag es in the NFS
imag e c ac he. When a c ac he c leaning c yc le
b eg ins , imag es in the c ac he that have no t
b een ac c es s ed in the las t M minutes , where
M is the value o f this p arameter, will b e
d eleted fro m the c ac he to c reate free s p ac e
o n the NFS s hare.
netapp_co pyo ffl o ad _to o l _path =
(StrO p t) This o p tio n s p ec ifies the p ath o f the
NetAp p c o p y o fflo ad to o l b inary. Ens ure that
the b inary has exec ute p ermis s io ns s et whic h
allo w the effec tive us er o f the c ind er-vo lume
p ro c es s to exec ute the file.
None
netapp_l o g i n = None
(StrO p t) Ad minis trative us er ac c o unt name
us ed to ac c es s the s to rag e s ys tem o r p ro xy
s erver.
17
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
18
Configurat ion opt ion = Default value
Descript ion
netapp_partner_backend _name = None
(StrO p t) The name o f the c o nfig .c o nf s tanz a
fo r a Data O NTAP (7-mo d e) HA p artner. This
o p tio n is o nly us ed b y the d river when
c o nnec ting to an ins tanc e with a s to rag e
family o f Data O NTAP o p erating in 7-Mo d e,
and it is req uired if the s to rag e p ro to c o l
s elec ted is FC.
netapp_passwo rd = None
(StrO p t) Pas s wo rd fo r the ad minis trative us er
ac c o unt s p ec ified in the netap p _lo g in
o p tio n.
netapp_server_ho stname = None
(StrO p t) The ho s tname (o r IP ad d res s ) fo r
the s to rag e s ys tem o r p ro xy s erver.
netapp_server_po rt = None
(IntO p t) The TCP p o rt to us e fo r
c o mmunic atio n with the s to rag e s ys tem o r
p ro xy s erver. If no t s p ec ified , Data O NTAP
d rivers will us e 8 0 fo r HTTP and 443 fo r
HTTPS; E-Series will us e 8 0 8 0 fo r HTTP and
8 443 fo r HTTPS.
netapp_sto rag e_fami l y = ontap_cluster
(StrO p t) The s to rag e family typ e us ed o n the
s to rag e s ys tem; valid values are
o ntap _7mo d e fo r us ing Data O NTAP
o p erating in 7-Mo d e, o ntap _c lus ter fo r us ing
c lus tered Data O NTAP, o r es eries fo r us ing
E-Series .
netapp_sto rag e_pro to co l = None
(StrO p t) The s to rag e p ro to c o l to b e us ed o n
the d ata p ath with the s to rag e s ys tem; valid
values are is c s i, fc , o r nfs .
netapp_transpo rt_type = http
(StrO p t) The trans p o rt p ro to c o l us ed when
c o mmunic ating with the s to rag e s ys tem o r
p ro xy s erver. Valid values are http o r http s .
netapp_vserver = None
(StrO p t) This o p tio n s p ec ifies the virtual
s to rag e s erver (Vs erver) name o n the
s to rag e c lus ter o n whic h p ro vis io ning o f
b lo c k s to rag e vo lumes s ho uld o c c ur.
thres_avl _si ze_perc_start = 20
(IntO p t) If the p erc entag e o f availab le s p ac e
fo r an NFS s hare has d ro p p ed b elo w the
value s p ec ified b y this o p tio n, the NFS imag e
c ac he will b e c leaned .
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
thres_avl _si ze_perc_sto p = 60
(IntO p t) When the p erc entag e o f availab le
s p ac e o n an NFS s hare has reac hed the
p erc entag e s p ec ified b y this o p tio n, the
d river will s to p c learing files fro m the NFS
imag e c ac he that have no t b een ac c es s ed in
the las t M minutes , where M is the value o f the
exp iry_thres _minutes c o nfig uratio n o p tio n.
Note
Additional NetApp NFS configuration options are shared with the generic NFS
driver. These options can be found here: Table 1.11, “ D escription of NFS storage
configuration options” .
Note
If you specify an account in the netapp_l o g i n that only has virtual storage
server (Vserver) administration privileges (rather than cluster-wide administration
privileges), some advanced features of the NetApp unified driver will not work and
you may see warnings in the OpenStack Block Storage logs.
N et Ap p N FS C o p y O f f lo ad clien t
A feature was added in the Icehouse release of the NetApp unified driver that enables Image
Service images to be efficiently copied to a destination Block Storage volume. When the
Block Storage and Image Service are configured to use the NetApp NFS Copy Offload client,
a controller-side copy will be attempted before reverting to downloading the image from the
Image Service. This improves image provisioning times while reducing the consumption of
bandwidth and CPU cycles on the host(s) running the Image and Block Storage services.
This is due to the copy operation being performed completely within the storage cluster.
The NetApp NFS Copy Offload client can be used in either of the following scenarios:
The Image Service is configured to store images in an NFS share that is exported from a
NetApp FlexVol volume and the destination for the new Block Storage volume will be on
an NFS share exported from a different FlexVol volume than the one used by the Image
Service. Both FlexVols must be located within the same cluster.
The source image from the Image Service has already been cached in an NFS image
cache within a Block Storage backend. The cached image resides on a different FlexVol
volume than the destination for the new Block Storage volume. Both FlexVols must be
located within the same cluster.
To use this feature, you must configure the Image Service, as follows:
Set the d efaul t_sto re configuration option to fi l e.
19
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Set the fi l esystem_sto re_d atad i r configuration option to the path to the Image
Service NFS export.
Set the sho w_i mag e_d i rect_url configuration option to T rue.
Set the sho w_mul ti pl e_l o cati o ns configuration option to T rue.
Set the fi l esystem_sto re_metad ata_fi l e configuration option to a metadata file.
The metadata file should contain a JSON object that contains the correct information
about the NFS export used by the Image Service, similar to:
{
"share_location": "nfs://192.168.0.1/myGlanceExport",
"mount_point": "/var/lib/glance/images",
"type": "nfs"
}
To use this feature, you must configure the Block Storage service, as follows:
Set the netapp_co pyo ffl o ad _to o l _path configuration option to the path to the
NetApp Copy Offload binary.
Set the g l ance_api _versi o n configuration option to 2.
Imp o rt an t
This feature requires that:
The storage system must have D ata ONTAP v8.2 or greater installed.
The vStorage feature must be enabled on each storage virtual machine (SVM,
also known as a Vserver) that is permitted to interact with the copy offload client.
To configure the copy offload workflow, enable NFS v4.0 or greater and export it
from the SVM.
T ip
To download the NetApp copy offload binary to be utilized in conjunction with the
netapp_co pyo ffl o ad _to o l _path configuration option, please visit the Utility
Toolchest page at the NetApp Support portal (login is required).
20
CHAPT ER 1 . BLO CK ST O RAG E
T ip
For more information on these options and other deployment and operational scenarios,
visit the NetApp OpenStack D eployment and Operations Guide.
1.1.6 .1.3. N et Ap p - su p p o rt ed ext ra sp ecs f o r clu st ered D at a O N T AP
Extra specs enable vendors to specify extra filter criteria that the Block Storage scheduler
uses when it determines which volume node should fulfill a volume provisioning request.
When you use the NetApp unified driver with a clustered D ata ONTAP storage system, you
can leverage extra specs with OpenStack Block Storage volume types to ensure that
OpenStack Block Storage volumes are created on storage back ends that have certain
properties. For example, when you configure QoS, mirroring, or compression for a storage
back end.
Extra specs are associated with OpenStack Block Storage volume types, so that when users
request volumes of a particular volume type, the volumes are created on storage back ends
that meet the list of requirements. For example, the back ends have the available space or
extra specs. You can use the specs in the following table when you define OpenStack Block
Storage volume types by using the ci nd er type-key command.
T ab le 1.7. D escrip t io n o f ext ra sp ecs o p t io n s f o r N et Ap p U n if ied D river wit h
C lu st ered D at a O N T AP
Ext ra spec
T ype
Descript ion
netapp_rai d _type
String
Limit the c and id ate vo lume lis t b as ed o n o ne o f
the fo llo wing raid typ es : rai d 4 , rai d _d p .
netapp_d i sk_type
String
Limit the c and id ate vo lume lis t b as ed o n o ne o f
the fo llo wing d is k typ es : AT A, BSAS, EAT A,
FC AL, FSAS, LUN, MSAT A, SAS, SAT A,
SC SI, XAT A, XSAS, o r SSD .
netapp: q o s_po l i cy
String
Sp ec ify the name o f a Q o S p o lic y g ro up , whic h
d efines meas urab le Servic e Level O b jec tives , that
s ho uld b e ap p lied to the O p enStac k Blo c k
Sto rag e vo lume at the time o f vo lume c reatio n.
Ens ure that the Q o S p o lic y g ro up o b jec t within
Data O NTAP s ho uld b e d efined b efo re an
O p enStac k Blo c k Sto rag e vo lume is c reated , and
that the Q o S p o lic y g ro up is no t as s o c iated with
the d es tinatio n FlexVo l vo lume.
netapp_mi rro red
Bo o lean
Limit the c and id ate vo lume lis t to o nly the o nes
that are mirro red o n the s to rag e c o ntro ller.
netapp_unmi rro red [
Bo o lean
Limit the c and id ate vo lume lis t to o nly the o nes
that are no t mirro red o n the s to rag e c o ntro ller.
_g ro up [a]
b]
21
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Ext ra spec
T ype
Descript ion
netapp_d ed up
Bo o lean
Limit the c and id ate vo lume lis t to o nly the o nes
that have d ed up lic atio n enab led o n the s to rag e
c o ntro ller.
netapp_no d ed up [b ]
Bo o lean
Limit the c and id ate vo lume lis t to o nly the o nes
that have d ed up lic atio n d is ab led o n the s to rag e
c o ntro ller.
netapp_co mpressi o n
Bo o lean
Limit the c and id ate vo lume lis t to o nly the o nes
that have c o mp res s io n enab led o n the s to rag e
c o ntro ller.
netapp_no co mpressi
Bo o lean
Limit the c and id ate vo lume lis t to o nly the o nes
that have c o mp res s io n d is ab led o n the s to rag e
c o ntro ller.
netapp_thi n_pro vi s
i o ned
Bo o lean
Limit the c and id ate vo lume lis t to o nly the o nes
that s up p o rt thin p ro vis io ning o n the s to rag e
c o ntro ller.
netapp_thi ck_pro vi
Bo o lean
Limit the c and id ate vo lume lis t to o nly the o nes
that s up p o rt thic k p ro vis io ning o n the s to rag e
c o ntro ller.
o n [b ]
si o ned [b ]
Please note that this extra spec has a colon (: ) in its name because it is
used by the driver to assign the QoS policy group to the OpenStack Block
Storage volume after it has been provisioned.
[a]
In the Juno release, these negative-assertion extra specs are formally
deprecated by the NetApp unified driver. Instead of using the deprecated
negative-assertion extra specs (for example, netapp_unmi rro red ) with a
value of true , use the corresponding positive-assertion extra spec (for
example, netapp_mi rro red ) with a value of fal se .
[b ]
1 .1 .6 .2 . Ne t App Dat a ONT AP o pe rat ing in 7 -Mo de st o rage fam ily
The NetApp D ata ONTAP operating in 7-Mode storage family represents a configuration
group which provides OpenStack compute instances access to 7-Mode storage systems. At
present it can be configured in OpenStack Block Storage to work with iSCSI and NFS
storage protocols.
1.1.6 .2.1. N et Ap p iSC SI co n f ig u rat io n f o r D at a O N T AP o p erat in g in 7- Mo d e
22
CHAPT ER 1 . BLO CK ST O RAG E
The NetApp iSCSI configuration for D ata ONTAP operating in 7-Mode is an interface from
OpenStack to D ata ONTAP operating in 7-Mode storage systems for provisioning and
managing the SAN block storage entity, that is, a LUN which can be accessed using iSCSI
protocol.
The iSCSI configuration for D ata ONTAP operating in 7-Mode is a direct interface from
OpenStack to D ata ONTAP operating in 7-Mode storage system and it does not require
additional management software to achieve the desired functionality. It uses NetApp ONTAPI
to interact with the D ata ONTAP operating in 7-Mode storage system.
C o n f ig u rat io n o p t io n s f o r t h e D at a O N T AP o p erat in g in 7- Mo d e st o rag e f amily
wit h iSC SI p ro t o co l
Configure the volume driver, storage family and storage protocol to the NetApp unified driver,
D ata ONTAP operating in 7-Mode, and iSCSI respectively by setting the vo l ume_d ri ver,
netapp_sto rag e_fami l y and netapp_sto rag e_pro to co l options in ci nd er. co nf
as follows:
volume_driver = cinder.volume.drivers.netapp.common.NetAppDriver
netapp_storage_family = ontap_7mode
netapp_storage_protocol = iscsi
netapp_server_hostname = myhostname
netapp_server_port = 80
netapp_login = username
netapp_password = password
Note
To use the iSCSI protocol, you must override the default value of
netapp_sto rag e_pro to co l with i scsi .
T ab le 1.8. D escrip t io n o f N et Ap p 7- Mo d e iSC SI d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
netapp_l o g i n = None
(StrO p t) Ad minis trative us er ac c o unt name
us ed to ac c es s the s to rag e s ys tem o r p ro xy
s erver.
netapp_partner_backend _name = None
(StrO p t) The name o f the c o nfig .c o nf s tanz a
fo r a Data O NTAP (7-mo d e) HA p artner. This
o p tio n is o nly us ed b y the d river when
c o nnec ting to an ins tanc e with a s to rag e
family o f Data O NTAP o p erating in 7-Mo d e,
and it is req uired if the s to rag e p ro to c o l
s elec ted is FC.
23
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
24
Configurat ion opt ion = Default value
Descript ion
netapp_passwo rd = None
(StrO p t) Pas s wo rd fo r the ad minis trative us er
ac c o unt s p ec ified in the netap p _lo g in
o p tio n.
netapp_server_ho stname = None
(StrO p t) The ho s tname (o r IP ad d res s ) fo r
the s to rag e s ys tem o r p ro xy s erver.
netapp_server_po rt = None
(IntO p t) The TCP p o rt to us e fo r
c o mmunic atio n with the s to rag e s ys tem o r
p ro xy s erver. If no t s p ec ified , Data O NTAP
d rivers will us e 8 0 fo r HTTP and 443 fo r
HTTPS; E-Series will us e 8 0 8 0 fo r HTTP and
8 443 fo r HTTPS.
netapp_si ze_mul ti pl i er = 1.2
(Flo atO p t) The q uantity to b e multip lied b y
the req ues ted vo lume s iz e to ens ure eno ug h
s p ac e is availab le o n the virtual s to rag e
s erver (Vs erver) to fulfill the vo lume c reatio n
req ues t.
netapp_sto rag e_fami l y = ontap_cluster
(StrO p t) The s to rag e family typ e us ed o n the
s to rag e s ys tem; valid values are
o ntap _7mo d e fo r us ing Data O NTAP
o p erating in 7-Mo d e, o ntap _c lus ter fo r us ing
c lus tered Data O NTAP, o r es eries fo r us ing
E-Series .
netapp_sto rag e_pro to co l = None
(StrO p t) The s to rag e p ro to c o l to b e us ed o n
the d ata p ath with the s to rag e s ys tem; valid
values are is c s i, fc , o r nfs .
netapp_transpo rt_type = http
(StrO p t) The trans p o rt p ro to c o l us ed when
c o mmunic ating with the s to rag e s ys tem o r
p ro xy s erver. Valid values are http o r http s .
netapp_vfi l er = None
(StrO p t) The vFiler unit o n whic h
p ro vis io ning o f b lo c k s to rag e vo lumes will
b e d o ne. This o p tio n is o nly us ed b y the
d river when c o nnec ting to an ins tanc e with a
s to rag e family o f Data O NTAP o p erating in 7Mo d e. O nly us e this o p tio n when utiliz ing the
MultiSto re feature o n the NetAp p s to rag e
s ys tem.
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
netapp_vo l ume_l i st = None
(StrO p t) This o p tio n is o nly utiliz ed when the
s to rag e p ro to c o l is c o nfig ured to us e iSCSI
o r FC. This o p tio n is us ed to res tric t
p ro vis io ning to the s p ec ified c o ntro ller
vo lumes . Sp ec ify the value o f this o p tio n to
b e a c o mma s ep arated lis t o f NetAp p
c o ntro ller vo lume names to b e us ed fo r
p ro vis io ning .
T ip
For more information on these options and other deployment and operational scenarios,
visit the NetApp OpenStack D eployment and Operations Guide.
1.1.6 .2.2. N et Ap p N FS co n f ig u rat io n f o r D at a O N T AP o p erat in g in 7- Mo d e
The NetApp NFS configuration for D ata ONTAP operating in 7-Mode is an interface from
OpenStack to D ata ONTAP operating in 7-Mode storage system for provisioning and
managing OpenStack volumes on NFS exports provided by the D ata ONTAP operating in 7Mode storage system which can then be accessed using NFS protocol.
The NFS configuration for D ata ONTAP operating in 7-Mode is a direct interface from
OpenStack Block Storage to the D ata ONTAP operating in 7-Mode instance and as such
does not require any additional management software to achieve the desired functionality. It
uses NetApp ONTAPI to interact with the D ata ONTAP operating in 7-Mode storage system.
C o n f ig u rat io n o p t io n s f o r t h e D at a O N T AP o p erat in g in 7- Mo d e f amily wit h N FS
p ro t o co l
Configure the volume driver, storage family, and storage protocol to the NetApp unified
driver, D ata ONTAP operating in 7-Mode, and NFS respectively by setting the
vo l ume_d ri ver, netapp_sto rag e_fami l y and netapp_sto rag e_pro to co l options
in ci nd er. co nf as follows:
volume_driver = cinder.volume.drivers.netapp.common.NetAppDriver
netapp_storage_family = ontap_7mode
netapp_storage_protocol = nfs
netapp_server_hostname = myhostname
netapp_server_port = 80
netapp_login = username
netapp_password = password
nfs_shares_config = /etc/cinder/nfs_shares
T ab le 1.9 . D escrip t io n o f N et Ap p 7- Mo d e N FS d river co n f ig u rat io n o p t io n s
25
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
26
expi ry_thres_mi nutes = 720
(IntO p t) This o p tio n s p ec ifies the thres ho ld
fo r las t ac c es s time fo r imag es in the NFS
imag e c ac he. When a c ac he c leaning c yc le
b eg ins , imag es in the c ac he that have no t
b een ac c es s ed in the las t M minutes , where
M is the value o f this p arameter, will b e
d eleted fro m the c ac he to c reate free s p ac e
o n the NFS s hare.
netapp_l o g i n = None
(StrO p t) Ad minis trative us er ac c o unt name
us ed to ac c es s the s to rag e s ys tem o r p ro xy
s erver.
netapp_partner_backend _name = None
(StrO p t) The name o f the c o nfig .c o nf s tanz a
fo r a Data O NTAP (7-mo d e) HA p artner. This
o p tio n is o nly us ed b y the d river when
c o nnec ting to an ins tanc e with a s to rag e
family o f Data O NTAP o p erating in 7-Mo d e,
and it is req uired if the s to rag e p ro to c o l
s elec ted is FC.
netapp_passwo rd = None
(StrO p t) Pas s wo rd fo r the ad minis trative us er
ac c o unt s p ec ified in the netap p _lo g in
o p tio n.
netapp_server_ho stname = None
(StrO p t) The ho s tname (o r IP ad d res s ) fo r
the s to rag e s ys tem o r p ro xy s erver.
netapp_server_po rt = None
(IntO p t) The TCP p o rt to us e fo r
c o mmunic atio n with the s to rag e s ys tem o r
p ro xy s erver. If no t s p ec ified , Data O NTAP
d rivers will us e 8 0 fo r HTTP and 443 fo r
HTTPS; E-Series will us e 8 0 8 0 fo r HTTP and
8 443 fo r HTTPS.
netapp_sto rag e_fami l y = ontap_cluster
(StrO p t) The s to rag e family typ e us ed o n the
s to rag e s ys tem; valid values are
o ntap _7mo d e fo r us ing Data O NTAP
o p erating in 7-Mo d e, o ntap _c lus ter fo r us ing
c lus tered Data O NTAP, o r es eries fo r us ing
E-Series .
netapp_sto rag e_pro to co l = None
(StrO p t) The s to rag e p ro to c o l to b e us ed o n
the d ata p ath with the s to rag e s ys tem; valid
values are is c s i, fc , o r nfs .
netapp_transpo rt_type = http
(StrO p t) The trans p o rt p ro to c o l us ed when
c o mmunic ating with the s to rag e s ys tem o r
p ro xy s erver. Valid values are http o r http s .
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
netapp_vfi l er = None
(StrO p t) The vFiler unit o n whic h
p ro vis io ning o f b lo c k s to rag e vo lumes will
b e d o ne. This o p tio n is o nly us ed b y the
d river when c o nnec ting to an ins tanc e with a
s to rag e family o f Data O NTAP o p erating in 7Mo d e. O nly us e this o p tio n when utiliz ing the
MultiSto re feature o n the NetAp p s to rag e
s ys tem.
thres_avl _si ze_perc_start = 20
(IntO p t) If the p erc entag e o f availab le s p ac e
fo r an NFS s hare has d ro p p ed b elo w the
value s p ec ified b y this o p tio n, the NFS imag e
c ac he will b e c leaned .
thres_avl _si ze_perc_sto p = 60
(IntO p t) When the p erc entag e o f availab le
s p ac e o n an NFS s hare has reac hed the
p erc entag e s p ec ified b y this o p tio n, the
d river will s to p c learing files fro m the NFS
imag e c ac he that have no t b een ac c es s ed in
the las t M minutes , where M is the value o f the
exp iry_thres _minutes c o nfig uratio n o p tio n.
Note
Additional NetApp NFS configuration options are shared with the generic NFS
driver. For a description of these, see Table 1.11, “ D escription of NFS storage
configuration options” .
T ip
For more information on these options and other deployment and operational scenarios,
visit the NetApp OpenStack D eployment and Operations Guide.
1 .1 .6 .3. Ne t App E-Se rie s st o rage fam ily
The NetApp E-Series storage family represents a configuration group which provides
OpenStack compute instances access to E-Series storage systems. At present it can be
configured in OpenStack Block Storage to work with the iSCSI storage protocol.
1.1.6 .3.1. N et Ap p iSC SI co n f ig u rat io n f o r E- Series
The NetApp iSCSI configuration for E-Series is an interface from OpenStack to E-Series
storage systems for provisioning and managing the SAN block storage entity; that is, a
NetApp LUN which can be accessed using the iSCSI protocol.
27
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
The iSCSI configuration for E-Series is an interface from OpenStack Block Storage to the ESeries proxy instance and as such requires the deployment of the proxy instance in order to
achieve the desired functionality. The driver uses REST APIs to interact with the E-Series
proxy instance, which in turn interacts directly with the E-Series controllers.
The use of multipath and D M-MP are required when using the OpenStack Block Storage
driver for E-Series. In order for OpenStack Block Storage and OpenStack Compute to take
advantage of multiple paths, the following configuration options must be correctly
configured:
The use_mul ti path_fo r_i mag e_xfer option should be set to T rue in the
ci nd er. co nf file within the driver-specific stanza (for example, [myDriver]).
The i scsi _use_mul ti path option should be set to T rue in the no va. co nf file within
the [l i bvi rt] stanza.
C o n f ig u rat io n o p t io n s f o r E- Series st o rag e f amily wit h iSC SI p ro t o co l
Configure the volume driver, storage family, and storage protocol to the NetApp unified
driver, E-Series, and iSCSI respectively by setting the vo l ume_d ri ver,
netapp_sto rag e_fami l y and netapp_sto rag e_pro to co l options in ci nd er. co nf
as follows:
volume_driver = cinder.volume.drivers.netapp.common.NetAppDriver
netapp_storage_family = eseries
netapp_storage_protocol = iscsi
netapp_server_hostname = myhostname
netapp_server_port = 80
netapp_login = username
netapp_password = password
netapp_controller_ips = 1.2.3.4,5.6.7.8
netapp_sa_password = arrayPassword
netapp_storage_pools = pool1,pool2
use_multipath_for_image_xfer = True
Note
To use the E-Series driver, you must override the default value of
netapp_sto rag e_fami l y with eseri es.
Note
To use the iSCSI protocol, you must override the default value of
netapp_sto rag e_pro to co l with i scsi .
T ab le 1.10. D escrip t io n o f N et Ap p E- Series d river co n f ig u rat io n o p t io n s
28
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
netapp_co ntro l l er_i ps = None
(StrO p t) This o p tio n is o nly utiliz ed when the
s to rag e family is c o nfig ured to es eries . This
o p tio n is us ed to res tric t p ro vis io ning to the
s p ec ified c o ntro llers . Sp ec ify the value o f
this o p tio n to b e a c o mma s ep arated lis t o f
c o ntro ller ho s tnames o r IP ad d res s es to b e
us ed fo r p ro vis io ning .
netapp_eseri es_ho st_type =
(StrO p t) This o p tio n is us ed to d efine ho w
the c o ntro llers in the E-Series s to rag e array
will wo rk with the p artic ular o p erating s ys tem
o n the ho s ts that are c o nnec ted to it.
linux_dm_mp
netapp_l o g i n = None
(StrO p t) Ad minis trative us er ac c o unt name
us ed to ac c es s the s to rag e s ys tem o r p ro xy
s erver.
netapp_partner_backend _name = None
(StrO p t) The name o f the c o nfig .c o nf s tanz a
fo r a Data O NTAP (7-mo d e) HA p artner. This
o p tio n is o nly us ed b y the d river when
c o nnec ting to an ins tanc e with a s to rag e
family o f Data O NTAP o p erating in 7-Mo d e,
and it is req uired if the s to rag e p ro to c o l
s elec ted is FC.
netapp_passwo rd = None
(StrO p t) Pas s wo rd fo r the ad minis trative us er
ac c o unt s p ec ified in the netap p _lo g in
o p tio n.
netapp_sa_passwo rd = None
(StrO p t) Pas s wo rd fo r the NetAp p E-Series
s to rag e array.
netapp_server_ho stname = None
(StrO p t) The ho s tname (o r IP ad d res s ) fo r
the s to rag e s ys tem o r p ro xy s erver.
netapp_server_po rt = None
(IntO p t) The TCP p o rt to us e fo r
c o mmunic atio n with the s to rag e s ys tem o r
p ro xy s erver. If no t s p ec ified , Data O NTAP
d rivers will us e 8 0 fo r HTTP and 443 fo r
HTTPS; E-Series will us e 8 0 8 0 fo r HTTP and
8 443 fo r HTTPS.
netapp_sto rag e_fami l y = ontap_cluster
(StrO p t) The s to rag e family typ e us ed o n the
s to rag e s ys tem; valid values are
o ntap _7mo d e fo r us ing Data O NTAP
o p erating in 7-Mo d e, o ntap _c lus ter fo r us ing
c lus tered Data O NTAP, o r es eries fo r us ing
E-Series .
29
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
netapp_sto rag e_po o l s = None
(StrO p t) This o p tio n is us ed to res tric t
p ro vis io ning to the s p ec ified s to rag e p o o ls .
O nly d ynamic d is k p o o ls are c urrently
s up p o rted . Sp ec ify the value o f this o p tio n to
b e a c o mma s ep arated lis t o f d is k p o o l
names to b e us ed fo r p ro vis io ning .
netapp_transpo rt_type = http
(StrO p t) The trans p o rt p ro to c o l us ed when
c o mmunic ating with the s to rag e s ys tem o r
p ro xy s erver. Valid values are http o r http s .
netapp_webservi ce_path = /devmgr/v2
(StrO p t) This o p tio n is us ed to s p ec ify the
p ath to the E-Series p ro xy ap p lic atio n o n a
p ro xy s erver. The value is c o mb ined with the
value o f the netap p _trans p o rt_typ e,
netap p _s erver_ho s tname, and
netap p _s erver_p o rt o p tio ns to c reate the
URL us ed b y the d river to c o nnec t to the
p ro xy ap p lic atio n.
T ip
For more information on these options and other deployment and operational scenarios,
visit the NetApp OpenStack D eployment and Operations Guide.
1 .1 .6 .4 . Upgrading prio r Ne t App drive rs t o t he Ne t App unifie d drive r
NetApp introduced a new unified block storage driver in Havana for configuring different
storage families and storage protocols. This requires defining upgrade path for NetApp
drivers which existed in releases prior to Havana. This section covers the upgrade
configuration for NetApp drivers to the new unified configuration and a list of deprecated
NetApp drivers.
1.1.6 .4 .1. U p g rad ed N et Ap p d rivers
This section describes how to update OpenStack Block Storage configuration from a preHavana release to the unified driver format.
D river u p g rad e co n f ig u rat io n
1. NetApp iSCSI direct driver for Clustered D ata ONTAP in Grizzly (or earlier).
volume_driver =
cinder.volume.drivers.netapp.iscsi.NetAppDirectCmodeISCSIDriver
NetApp unified driver configuration.
30
CHAPT ER 1 . BLO CK ST O RAG E
volume_driver = cinder.volume.drivers.netapp.common.NetAppDriver
netapp_storage_family = ontap_cluster
netapp_storage_protocol = iscsi
2. NetApp NFS direct driver for Clustered D ata ONTAP in Grizzly (or earlier).
volume_driver =
cinder.volume.drivers.netapp.nfs.NetAppDirectCmodeNfsDriver
NetApp unified driver configuration.
volume_driver = cinder.volume.drivers.netapp.common.NetAppDriver
netapp_storage_family = ontap_cluster
netapp_storage_protocol = nfs
3. NetApp iSCSI direct driver for D ata ONTAP operating in 7-Mode storage controller in
Grizzly (or earlier)
volume_driver =
cinder.volume.drivers.netapp.iscsi.NetAppDirect7modeISCSIDriver
NetApp unified driver configuration
volume_driver = cinder.volume.drivers.netapp.common.NetAppDriver
netapp_storage_family = ontap_7mode
netapp_storage_protocol = iscsi
4. NetApp NFS direct driver for D ata ONTAP operating in 7-Mode storage controller in
Grizzly (or earlier)
volume_driver =
cinder.volume.drivers.netapp.nfs.NetAppDirect7modeNfsDriver
NetApp unified driver configuration
volume_driver = cinder.volume.drivers.netapp.common.NetAppDriver
netapp_storage_family = ontap_7mode
netapp_storage_protocol = nfs
1.1.6 .4 .2. D ep recat ed N et Ap p d rivers
This section lists the NetApp drivers in earlier releases that are deprecated in Havana.
1. NetApp iSCSI driver for clustered D ata ONTAP.
volume_driver =
cinder.volume.drivers.netapp.iscsi.NetAppCmodeISCSIDriver
31
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
2. NetApp NFS driver for clustered D ata ONTAP.
volume_driver =
cinder.volume.drivers.netapp.nfs.NetAppCmodeNfsDriver
3. NetApp iSCSI driver for D ata ONTAP operating in 7-Mode storage controller.
volume_driver =
cinder.volume.drivers.netapp.iscsi.NetAppISCSIDriver
4. NetApp NFS driver for D ata ONTAP operating in 7-Mode storage controller.
volume_driver = cinder.volume.drivers.netapp.nfs.NetAppNFSDriver
Note
For support information on deprecated NetApp drivers in the Havana release, visit
the NetApp OpenStack D eployment and Operations Guide.
1.1.7. NFS driver
The Network File System (NFS) is a distributed file system protocol originally developed by
Sun Microsystems in 1984. An NFS server exports one or more of its file systems, known as
shares. An NFS client can mount these exported shares on its own file system. You can
perform file actions on this mounted remote file system as if the file system were local.
1 .1 .7 .1 . Ho w t he NFS drive r wo rks
The NFS driver, and other drivers based on it, work quite differently than a traditional block
storage driver.
The NFS driver does not actually allow an instance to access a storage device at the block
level. Instead, files are created on an NFS share and mapped to instances, which emulates a
block device. This works in a similar way to QEMU, which stores instances in the
/var/l i b/no va/i nstances directory.
1 .1 .7 .2 . Enable t he NFS drive r and re lat e d o pt io ns
To use Cinder with the NFS driver, first set the vo l ume_d ri ver in ci nd er. co nf:
volume_driver=cinder.volume.drivers.nfs.NfsDriver
The following table contains the options supported by the NFS driver.
T ab le 1.11. D escrip t io n o f N FS st o rag e co n f ig u rat io n o p t io n s
32
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
nfs_mo unt_attempts = 3
(IntO p t) The numb er o f attemp ts to mo unt nfs
s hares b efo re rais ing an erro r. At leas t o ne
attemp t will b e mad e to mo unt an nfs s hare,
reg ard les s o f the value s p ec ified .
nfs_mo unt_o pti o ns = None
(StrO p t) Mo unt o p tio ns p as s ed to the nfs
c lient. See s ec tio n o f the nfs man p ag e fo r
d etails .
nfs_mo unt_po i nt_base =
(StrO p t) Bas e d ir c o ntaining mo unt p o ints
fo r nfs s hares .
$state_path/mnt
nfs_o versub_rati o = 1.0
(Flo atO p t) This will c o mp are the allo c ated to
availab le s p ac e o n the vo lume d es tinatio n. If
the ratio exc eed s this numb er, the
d es tinatio n will no lo ng er b e valid .
nfs_shares_co nfi g =
(StrO p t) File with the lis t o f availab le nfs
s hares
/etc/cinder/nfs_shares
nfs_sparsed _vo l umes = True
(Bo o lO p t) Create vo lumes as s p ars ed files
whic h take no s p ac e.If s et to Fals e vo lume is
c reated as reg ular file.In s uc h c as e vo lume
c reatio n takes a lo t o f time.
nfs_used _rati o = 0.95
(Flo atO p t) Perc ent o f ACTUAL us ag e o f the
und erlying vo lume b efo re no new vo lumes
c an b e allo c ated to the vo lume d es tinatio n.
Note
As of the Icehouse release, the NFS driver (and other drivers based off it) will
attempt to mount shares using version 4.1 of the NFS protocol (including pNFS). If
the mount attempt is unsuccessful due to a lack of client or server support, a
subsequent mount attempt that requests the default behavior of the mo unt. nfs
command will be performed. On most distributions, the default behavior is to
attempt mounting first with NFS v4.0, then silently fall back to NFS v3.0 if
necessary. If the nfs_mo unt_o pti o ns configuration option contains a request for
a specific version of NFS to be used, or if specific options are specified in the
shares configuration file specified by the nfs_shares_co nfi g configuration
option, the mount will be attempted as requested with no subsequent attempts.
NFS drive r no t e s
ci nd er-vo l ume manages the mounting of the NFS shares as well as volume creation
on the shares. Keep this in mind when planning your OpenStack architecture. If you have
one master NFS server, it might make sense to only have one ci nd er-vo l ume service to
33
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
handle all requests to that NFS server. However, if that single server is unable to handle
all requests, more than one ci nd er-vo l ume service is needed as well as potentially
more than one NFS server.
Because data is stored in a file and not actually on a block storage device, you might not
see the same IO performance as you would with a traditional block storage driver. Please
test accordingly.
D espite possible IO performance loss, having volume data stored in a file might be
beneficial. For example, backing up volumes can be as easy as copying the volume files.
Note
Regular IO flushing and syncing still stands.
1.1.8. SolidFire
The SolidFire Cluster is a high performance all SSD iSCSI storage device that provides
massive scale out capability and extreme fault tolerance. A key feature of the SolidFire
cluster is the ability to set and modify during operation specific QoS levels on a volume for
volume basis. The SolidFire cluster offers this along with de-duplication, compression, and
an architecture that takes full advantage of SSD s.
To configure the use of a SolidFire cluster with Block Storage, modify your ci nd er. co nf
file as follows:
volume_driver = cinder.volume.drivers.solidfire.SolidFireDriver
san_ip = 172.17.1.182
# the address of your MVIP
san_login = sfadmin
# your cluster admin login
san_password = sfpassword
# your cluster admin password
sf_account_prefix = ''
# prefix for tenant account creation on
solidfire cluster (see warning below)
Warn in g
The SolidFire driver creates a unique account prefixed with $ci nd er-vo l umeservi ce-ho stname-$tenant-i d on the SolidFire cluster for each tenant that
accesses the cluster through the Volume API. Unfortunately, this account
formation results in issues for High Availability (HA) installations and
installations where the ci nd er-vo l ume service can move to a new node. HA
installations can return an Account Not Found error because the call to the
SolidFire cluster is not always going to be sent from the same node. In
installations where the ci nd er-vo l ume service moves to a new node, the same
issue can occur when you perform operations on existing volumes, such as
clone, extend, delete, and so on.
34
CHAPT ER 1 . BLO CK ST O RAG E
Note
Set the sf_acco unt_prefi x option to an empty string ('') in the ci nd er. co nf
file. This setting results in unique accounts being created on the SolidFire cluster,
but the accounts are prefixed with the tenant-i d or any unique identifier that you
choose and are independent of the host where the ci nd er-vo l ume service
resides.
T ab le 1.12. D escrip t io n o f So lid Fire d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
sf_acco unt_prefi x = None
(StrO p t) Create So lid Fire ac c o unts with this
p refix. Any s tring c an b e us ed here, b ut the
s tring " ho s tname" is s p ec ial and will c reate a
p refix us ing the c ind er no d e ho s ts name
(p revio us d efault b ehavio r). The d efault is
NO p refix.
sf_al l o w_tenant_q o s = False
(Bo o lO p t) Allo w tenants to s p ec ify Q O S o n
c reate
sf_api _po rt = 443
(IntO p t) So lid Fire API p o rt. Us eful if the
d evic e ap i is b ehind a p ro xy o n a d ifferent
p o rt.
sf_emul ate_512 = True
(Bo o lO p t) Set 512 b yte emulatio n o n vo lume
c reatio n;
1.1.9. VMware VMDK driver
Use the VMware VMD K driver to enable management of the OpenStack Block Storage
volumes on vCenter-managed data stores. Volumes are backed by VMD K files on data stores
that use any VMware-compatible storage technology such as NFS, iSCSI, FiberChannel,
and vSAN.
Warn in g
The VMware ESX VMD K driver is deprecated as of the Icehouse release and might
be removed in Juno or a subsequent release. The VMware vCenter VMD K driver
continues to be fully supported.
1 .1 .9 .1 . Funct io nal co nt e xt
35
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
The VMware VMD K driver connects to vCenter, through which it can dynamically access all
the data stores visible from the ESX hosts in the managed cluster.
When you create a volume, the VMD K driver creates a VMD K file on demand. The VMD K file
creation completes only when the volume is subsequently attached to an instance, because
the set of data stores visible to the instance determines where to place the volume.
The running vSphere VM is automatically reconfigured to attach the VMD K file as an extra
disk. Once attached, you can log in to the running vSphere VM to rescan and discover this
extra disk.
1 .1 .9 .2 . Co nfigurat io n
The recommended volume driver for OpenStack Block Storage is the VMware vCenter VMD K
driver. When you configure the driver, you must match it with the appropriate OpenStack
Compute driver from VMware and both drivers must point to the same server.
In the no va. co nf file, use this option to define the Compute driver:
compute_driver=vmwareapi.VMwareVCDriver
In the ci nd er. co nf file, use this option to define the volume driver:
volume_driver=cinder.volume.drivers.vmware.vmdk.VMwareVcVmdkDriver
The following table lists various options that the drivers support for the OpenStack Block
Storage configuration (ci nd er. co nf):
T ab le 1.13. D escrip t io n o f VMware co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
36
vmware_api _retry_co unt = 10
(IntO p t) Numb er o f times VMware ESX/VC
s erver API mus t b e retried up o n c o nnec tio n
related is s ues .
vmware_ho st_i p = None
(StrO p t) IP ad d res s fo r c o nnec ting to
VMware ESX/VC s erver.
vmware_ho st_passwo rd = None
(StrO p t) Pas s wo rd fo r authentic ating with
VMware ESX/VC s erver.
vmware_ho st_username = None
(StrO p t) Us ername fo r authentic ating with
VMware ESX/VC s erver.
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
vmware_ho st_versi o n = None
(StrO p t) O p tio nal s tring s p ec ifying the
VMware VC s erver vers io n. The d river
attemp ts to retrieve the vers io n fro m VMware
VC s erver. Set this c o nfig uratio n o nly if yo u
want to o verrid e the VC s erver vers io n.
vmware_i mag e_transfer_ti meo ut_se
cs = 7200
(IntO p t) Timeo ut in s ec o nd s fo r VMDK
vo lume trans fer b etween Cind er and G lanc e.
vmware_max_o bjects_retri eval = 100
(IntO p t) Max numb er o f o b jec ts to b e
retrieved p er b atc h. Q uery res ults will b e
o b tained in b atc hes fro m the s erver and no t
in o ne s ho t. Server may s till limit the c o unt to
s o mething les s than the c o nfig ured value.
vmware_task_po l l _i nterval = 0.5
(Flo atO p t) The interval (in s ec o nd s ) fo r
p o lling remo te tas ks invo ked o n VMware
ESX/VC s erver.
vmware_tmp_d i r = /tmp
(StrO p t) Direc to ry where virtual d is ks are
s to red d uring vo lume b ac kup and res to re.
vmware_vo l ume_fo l d er = cinder-volumes
(StrO p t) Name fo r the fo ld er in the VC
d atac enter that will c o ntain c ind er vo lumes .
vmware_wsd l _l o cati o n = None
(StrO p t) O p tio nal VIM s ervic e WSDL
Lo c atio n e.g http ://< s erver> /vimServic e.ws d l.
O p tio nal o ver-rid e to d efault lo c atio n fo r b ug
wo rk-aro und s .
1 .1 .9 .3. VMDK disk t ype
The VMware VMD K drivers support the creation of VMD K disk files of type thi n,
l azyZero ed T hi ck, or eag erZero ed T hi ck. Use the vmware: vmd k_type extra spec key
with the appropriate value to specify the VMD K disk file type. The following table captures the
mapping between the extra spec entry and the VMD K disk file type:
T ab le 1.14 . Ext ra sp ec en t ry t o VMD K d isk f ile t yp e map p in g
Dis k file typ e
Extra s p ec key
Extra s p ec value
thin
vmware:vmd k_typ e
thin
laz yZero ed Thic k
vmware:vmd k_typ e
thic k
eag erZero ed Thic k
vmware:vmd k_typ e
eag erZero ed Thic k
37
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
If you do not specify a vmd k_type extra spec entry, the default disk file type is thi n.
The following example shows how to create a l azyZero ed T hi ck VMD K volume by using
the appropriate vmd k_type:
$ cinder type-create thick_volume
$ cinder type-key thick_volume set vmware:vmdk_type=thick
$ cinder create --volume-type thick_volume --display-name volume1 1
1 .1 .9 .4 . Clo ne t ype
With the VMware VMD K drivers, you can create a volume from another source volume or a
snapshot point. The VMware vCenter VMD K driver supports the ful l and l i nked /fast
clone types. Use the vmware: cl o ne_type extra spec key to specify the clone type. The
following table captures the mapping for clone types:
T ab le 1.15. Ext ra sp ec en t ry t o clo n e t yp e map p in g
Clo ne typ e
Extra s p ec key
Extra s p ec value
full
vmware:c lo ne_typ e
full
linked /fas t
vmware:c lo ne_typ e
linked
If you do not specify the clone type, the default is ful l .
The following example shows linked cloning from another source volume:
$ cinder type-create fast_clone
$ cinder type-key fast_clone set vmware:clone_type=linked
$ cinder create --volume-type fast_clone --source-volid 25743b9d3605-462b-b9eb-71459fe2bb35 --display-name volume1 1
Note
The VMware ESX VMD K driver ignores the extra spec entry and always creates a
ful l clone.
1 .1 .9 .5 . Use vCe nt e r st o rage po licie s t o spe cify back-e nd dat a st o re s
This section describes how to configure back-end data stores using storage policies. In
vCenter, you can create one or more storage policies and expose them as a Block Storage
volume-type to a vmdk volume. The storage policies are exposed to the vmdk driver through
the extra spec property with the vmware: sto rag e_pro fi l e key.
38
CHAPT ER 1 . BLO CK ST O RAG E
For example, assume a storage policy in vCenter named g o l d _po l i cy. and a Block
Storage volume type named vo l 1 with the extra spec key vmware: sto rag e_pro fi l e set
to the value g o l d _po l i cy. Any Block Storage volume creation that uses the vo l 1 volume
type places the volume only in data stores that match the g o l d _po l i cy storage policy.
The Block Storage back-end configuration for vSphere data stores is automatically
determined based on the vCenter configuration. If you configure a connection to connect to
vCenter version 5.5 or later in the ci nd er. co nf file, the use of storage policies to configure
back-end data stores is automatically supported.
Note
You must configure any data stores that you configure for the Block Storage
service for the Compute service.
Pro ced u re 1.1. T o co n f ig u re b ack- en d d at a st o res b y u sin g st o rag e p o licies
1. In vCenter, tag the data stores to be used for the back end.
OpenStack also supports policies that are created by using vendor-specific
capabilities; for example vSAN-specific storage policies.
Note
The tag value serves as the policy. For details, see Section 1.1.9.7, “ Storage
policy-based configuration in vCenter” .
2. Set the extra spec key vmware: sto rag e_pro fi l e in the desired Block Storage
volume types to the policy name that you created in the previous step.
3. Optionally, for the vmware_host_version parameter, enter the version number of
your vSphere platform. For example, 5. 5.
This setting overrides the default location for the corresponding WSD L file. Among
other scenarios, you can use this setting to prevent WSD L error messages during the
development phase or to work with a newer version of vCenter.
4. Complete the other vCenter configuration parameters as appropriate.
39
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Note
The following considerations apply to configuring SPBM for the Block Storage
service:
Any volume that is created without an associated policy (that is to say, without
an associated volume type that specifies vmware: sto rag e_pro fi l e extra
spec), there is no policy-based placement for that volume.
1 .1 .9 .6 . Suppo rt e d o pe rat io ns
The VMware vCenter and ESX VMD K drivers support these operations:
Create, delete, attach, and detach volumes.
Note
When a volume is attached to an instance, a reconfigure operation is performed
on the instance to add the volume's VMD K to it. The user must manually rescan
and mount the device from within the guest operating system.
Create, list, and delete volume snapshots.
Note
Allowed only if volume is not attached to an instance.
Create a volume from a snapshot.
Copy an image to a volume.
Note
Only images in vmd k disk format with bare container format are supported. The
vmware_d i sktype property of the image can be preal l o cated , sparse,
streamO pti mi zed or thi n.
Copy a volume to an image.
40
CHAPT ER 1 . BLO CK ST O RAG E
Note
Allowed only if the volume is not attached to an instance.
This operation creates a streamO pti mi zed disk image.
Clone a volume.
Note
Supported only if the source volume is not attached to an instance.
Backup a volume.
Note
This operation creates a backup of the volume in streamO pti mi zed disk
format.
Restore backup to new or existing volume.
Note
Supported only if the existing volume doesn't contain snapshots.
Change the type of a volume.
Note
This operation is supported only if the volume state is avai l abl e.
Note
Although the VMware ESX VMD K driver supports these operations, it has not been
extensively tested.
1 .1 .9 .7 . St o rage po licy-base d co nfigurat io n in vCe nt e r
You can configure Storage Policy-Based Management (SPBM) profiles for vCenter data
stores supporting the Compute, Image Service, and Block Storage components of an
OpenStack implementation.
41
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
In a vSphere OpenStack deployment, SPBM enables you to delegate several data stores for
storage, which reduces the risk of running out of storage space. The policy logic selects the
data store based on accessibility and available storage space.
1 .1 .9 .8 . Pre re quisit e s
D etermine the data stores to be used by the SPBM policy.
D etermine the tag that identifies the data stores in the OpenStack component
configuration.
Create separate policies or sets of data stores for separate OpenStack components.
1 .1 .9 .9 . Cre at e st o rage po licie s in vCe nt e r
Pro ced u re 1.2. T o creat e st o rag e p o licies in vC en t er
1. In vCenter, create the tag that identifies the data stores:
a. From the Home screen, click T ag s.
b. Specify a name for the tag.
c. Specify a tag category. For example, spbm-ci nd er.
2. Apply the tag to the data stores to be used by the SPBM policy.
Note
For details about creating tags in vSphere, see the vSphere documentation.
3. In vCenter, create a tag-based storage policy that uses one or more tags to identify a
set of data stores.
Note
You use this tag name and category when you configure the *. co nf file for
the OpenStack component. For details about creating tags in vSphere, see
the vSphere documentation.
1 .1 .9 .1 0 . Dat a st o re se le ct io n
If storage policy is enabled, the driver initially selects all the data stores that match the
associated storage policy.
42
CHAPT ER 1 . BLO CK ST O RAG E
If two or more data stores match the storage policy, the driver chooses a data store that is
connected to the maximum number of hosts.
In case of ties, the driver chooses the data store with lowest space utilization, where space
utilization is defined by the (1-freespace/to tal space) metric.
These actions reduce the number of volume migrations while attaching the volume to
instances.
The volume must be migrated if the ESX host for the instance cannot access the data store
that contains the volume.
1.2. BACKUP DRIVERS
This section describes how to configure the ci nd er-backup service and its drivers.
The volume drivers are included with the Block Storage repository
(https://github.com/openstack/cinder). To set a backup driver, use the backup_d ri ver flag.
By default there is no backup driver enabled.
1.2.1. Ceph backup driver
The Ceph backup driver backs up volumes of any type to a Ceph back-end store. The driver
can also detect whether the volume to be backed up is a Ceph RBD volume, and if so, it tries
to perform incremental and differential backups.
For source Ceph RBD volumes, you can perform backups within the same Ceph pool (not
recommended). You can also perform backups between different Ceph pools and between
different Ceph clusters.
At the time of writing, differential backup support in Ceph/librbd was quite new. This driver
attempts a differential backup in the first instance. If the differential backup fails, the driver
falls back to full backup/copy.
If incremental backups are used, multiple backups of the same volume are stored as
snapshots so that minimal space is consumed in the backup store. It takes far less time to
restore a volume than to take a full copy.
Note
Block Storage enables you to:
Restore to a new volume, which is the default and recommended action.
Restore to the original volume from which the backup was taken. The restore
action takes a full copy because this is the safest action.
43
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
To enable the Ceph backup driver, include the following option in the ci nd er. co nf file:
backup_driver = cinder.backup.drivers.ceph
The following configuration options are available for the Ceph backup driver.
T ab le 1.16 . D escrip t io n o f C ep h b acku p d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
backup_ceph_chunk_si ze = 134217728
(IntO p t) The c hunk s iz e, in b ytes , that a
b ac kup is b ro ken into b efo re trans fer to the
Cep h o b jec t s to re.
backup_ceph_co nf = /etc/ceph/ceph.conf
(StrO p t) Cep h c o nfig uratio n file to us e.
backup_ceph_po o l = backups
(StrO p t) The Cep h p o o l where vo lume
b ac kup s are s to red .
backup_ceph_stri pe_co unt = 0
(IntO p t) RBD s trip e c o unt to us e when
c reating a b ac kup imag e.
backup_ceph_stri pe_uni t = 0
(IntO p t) RBD s trip e unit to us e when c reating
a b ac kup imag e.
backup_ceph_user = cinder
(StrO p t) The Cep h us er to c o nnec t with.
Default here is to us e the s ame us er as fo r
Cind er vo lumes . If no t us ing c ep hx this
s ho uld b e s et to No ne.
resto re_d i scard _excess_bytes =
(Bo o lO p t) If True, always d is c ard exc es s
b ytes when res to ring vo lumes i.e. p ad with
z ero es .
True
This example shows the default options for the Ceph backup driver.
backup_ceph_conf=/etc/ceph/ceph.conf
backup_ceph_user = cinder
backup_ceph_chunk_size = 134217728
backup_ceph_pool = backups
backup_ceph_stripe_unit = 0
backup_ceph_stripe_count = 0
1.2.2. IBM T ivoli St orage Manager backup driver
The IBM Tivoli Storage Manager (TSM) backup driver enables performing volume backups
to a TSM server.
44
CHAPT ER 1 . BLO CK ST O RAG E
The TSM client should be installed and configured on the machine running the ci nd erbackup service. See the IBM Tivoli Storage Manager Backup-Archive Client Installation and
User's Guide for details on installing the TSM client.
To enable the IBM TSM backup driver, include the following option in ci nd er. co nf:
backup_driver = cinder.backup.drivers.tsm
The following configuration options are available for the TSM backup driver.
T ab le 1.17. D escrip t io n o f IB M T ivo li St o rag e Man ag er b acku p d river
co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
backup_tsm_co mpressi o n = True
(Bo o lO p t) Enab le o r Dis ab le c o mp res s io n
fo r b ac kup s
backup_tsm_passwo rd = password
(StrO p t) TSM p as s wo rd fo r the running
us ername
backup_tsm_vo l ume_prefi x = backup
(StrO p t) Vo lume p refix fo r the b ac kup id
when b ac king up to TSM
This example shows the default options for the TSM backup driver.
backup_tsm_volume_prefix = backup
backup_tsm_password = password
backup_tsm_compression = True
1.2.3. Swift backup driver
The backup driver for Swift back-end performs a volume backup to a Swift object storage
system.
To enable the Swift backup driver, include the following option in the ci nd er. co nf file:
backup_driver = cinder.backup.drivers.swift
The following configuration options are available for the Swift back-end backup driver.
T ab le 1.18. D escrip t io n o f Swif t b acku p d river co n f ig u rat io n o p t io n s
45
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
backup_swi ft_auth = per_user
(StrO p t) Swift authentic atio n mec hanis m
backup_swi ft_co ntai ner =
(StrO p t) The d efault Swift c o ntainer to us e
volumebackups
backup_swi ft_enabl e_pro g ress_ti m
er = True
(Bo o lO p t) Enab le o r Dis ab le the timer to
s end the p erio d ic p ro g res s no tific atio ns to
Ceilo meter when b ac king up the vo lume to
the Swift b ac kend s to rag e. The d efault value
is True to enab le the timer.
backup_swi ft_key = None
(StrO p t) Swift key fo r authentic atio n
backup_swi ft_o bject_si ze =
(IntO p t) The s iz e in b ytes o f Swift b ac kup
o b jec ts
52428800
backup_swi ft_retry_attempts = 3
(IntO p t) The numb er o f retries to make fo r
Swift o p eratio ns
backup_swi ft_retry_backo ff = 2
(IntO p t) The b ac ko ff time in s ec o nd s
b etween Swift retries
backup_swi ft_url = None
(StrO p t) The URL o f the Swift end p o int
backup_swi ft_user = None
(StrO p t) Swift us er name
swi ft_catal o g _i nfo = object-
(StrO p t) Info to matc h when lo o king fo r s wift
in the s ervic e c atalo g . Fo rmat is : s ep arated
values o f the fo rm: < s ervic e_typ e> :
< s ervic e_name> :< end p o int_typ e> - O nly
us ed if b ac kup _s wift_url is uns et
store:swift:publicURL
This example shows the default options for the Swift back-end backup driver.
backup_swift_url = http://localhost:8080/v1/AUTH_
backup_swift_auth = per_user
backup_swift_user = <None>
backup_swift_key = <None>
backup_swift_container = volumebackups
backup_swift_object_size = 52428800
backup_swift_retry_attempts = 3
backup_swift_retry_backoff = 2
backup_compression_algorithm = zlib
1.3. BLOCK ST ORAGE SAMPLE CONFIGURAT ION FILES
46
CHAPT ER 1 . BLO CK ST O RAG E
All the files in this section can be found in /etc/ci nd er.
1.3.1. cinder.conf
The ci nd er. co nf file is installed in /etc/ci nd er by default. When you manually install
the Block Storage service, the options in the ci nd er. co nf file are set to default values.
The ci nd er. co nf file contains most of the options to configure the Block Storage service.
[DEFAULT]
#
# Options defined in oslo.messaging
#
# Use durable queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
#amqp_durable_queues=false
# Auto-delete queues in AMQP. (boolean value)
#amqp_auto_delete=false
# Size of RPC connection pool. (integer value)
#rpc_conn_pool_size=30
# Qpid broker hostname. (string value)
#qpid_hostname=localhost
# Qpid broker port. (integer value)
#qpid_port=5672
# Qpid HA cluster host:port pairs. (list value)
#qpid_hosts=$qpid_hostname:$qpid_port
# Username for Qpid connection. (string value)
#qpid_username=
# Password for Qpid connection. (string value)
#qpid_password=
# Space separated list of SASL mechanisms to use for auth.
# (string value)
#qpid_sasl_mechanisms=
# Seconds between connection keepalive heartbeats. (integer
# value)
#qpid_heartbeat=60
# Transport to use, either 'tcp' or 'ssl'. (string value)
#qpid_protocol=tcp
# Whether to disable the Nagle algorithm. (boolean value)
#qpid_tcp_nodelay=true
47
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# The number of prefetched messages held by receiver. (integer
# value)
#qpid_receiver_capacity=1
# The qpid topology version to use. Version 1 is what was
# originally used by impl_qpid. Version 2 includes some
# backwards-incompatible changes that allow broker federation
# to work. Users should update to version 2 when they are
# able to take everything down, as it requires a clean break.
# (integer value)
#qpid_topology_version=1
# SSL version to use (valid only if SSL enabled). valid values
# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on
# some distributions. (string value)
#kombu_ssl_version=
# SSL key file (valid only if SSL enabled). (string value)
#kombu_ssl_keyfile=
# SSL cert file (valid only if SSL enabled). (string value)
#kombu_ssl_certfile=
# SSL certification authority file (valid only if SSL
# enabled). (string value)
#kombu_ssl_ca_certs=
# How long to wait before reconnecting in response to an AMQP
# consumer cancel notification. (floating point value)
#kombu_reconnect_delay=1.0
# The RabbitMQ broker address where a single node is used.
# (string value)
#rabbit_host=localhost
# The RabbitMQ broker port where a single node is used.
# (integer value)
#rabbit_port=5672
# RabbitMQ HA cluster host:port pairs. (list value)
#rabbit_hosts=$rabbit_host:$rabbit_port
# Connect over SSL for RabbitMQ. (boolean value)
#rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
#rabbit_userid=guest
# The RabbitMQ password. (string value)
#rabbit_password=guest
# The RabbitMQ login method. (string value)
#rabbit_login_method=AMQPLAIN
# The RabbitMQ virtual host. (string value)
#rabbit_virtual_host=/
48
CHAPT ER 1 . BLO CK ST O RAG E
# How frequently to retry connecting with RabbitMQ. (integer
# value)
#rabbit_retry_interval=1
# How long to backoff for between retries when connecting to
# RabbitMQ. (integer value)
#rabbit_retry_backoff=2
# Maximum number of RabbitMQ connection retries. Default is 0
# (infinite retry count). (integer value)
#rabbit_max_retries=0
# Use HA queues in RabbitMQ (x-ha-policy: all). If you change
# this option, you must wipe the RabbitMQ database. (boolean
# value)
#rabbit_ha_queues=false
# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
# (boolean value)
#fake_rabbit=false
# ZeroMQ bind address. Should be a wildcard (*), an ethernet
# interface, or IP. The "host" option should point or resolve
# to this address. (string value)
#rpc_zmq_bind_address=*
# MatchMaker driver. (string value)
#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocal
host
# ZeroMQ receiver listening port. (integer value)
#rpc_zmq_port=9501
# Number of ZeroMQ contexts, defaults to 1. (integer value)
#rpc_zmq_contexts=1
# Maximum number of ingress messages to locally buffer per
# topic. Default is unlimited. (integer value)
#rpc_zmq_topic_backlog=<None>
# Directory for holding IPC sockets. (string value)
#rpc_zmq_ipc_dir=/var/run/openstack
# Name of this node. Must be a valid hostname, FQDN, or IP
# address. Must match "host" option, if running Nova. (string
# value)
#rpc_zmq_host=cinder
# Seconds to wait before a cast expires (TTL). Only supported
# by impl_zmq. (integer value)
#rpc_cast_timeout=30
# Heartbeat frequency. (integer value)
#matchmaker_heartbeat_freq=300
49
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Heartbeat time-to-live. (integer value)
#matchmaker_heartbeat_ttl=600
# Size of RPC greenthread pool. (integer value)
#rpc_thread_pool_size=64
# Driver or drivers to handle sending notifications. (multi
# valued)
#notification_driver=
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
#notification_topics=notifications
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout=60
# A URL representing the messaging driver to use and its full
# configuration. If not set, we fall back to the rpc_backend
# option and driver specific configuration. (string value)
#transport_url=<None>
# The messaging driver to use, defaults to rabbit. Other
# drivers include qpid and zmq. (string value)
#rpc_backend=rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the
# transport_url option. (string value)
#control_exchange=openstack
#
# Options defined in cinder.exception
#
# Make exception message format errors fatal. (boolean value)
#fatal_exception_format_errors=false
#
# Options defined in cinder.quota
#
# Number of volumes allowed per project (integer value)
#quota_volumes=10
# Number of volume snapshots allowed per project (integer
# value)
#quota_snapshots=10
# Number of consistencygroups allowed per project (integer
# value)
#quota_consistencygroups=10
# Total amount of storage, in gigabytes, allowed for volumes
50
CHAPT ER 1 . BLO CK ST O RAG E
# and snapshots per project (integer value)
#quota_gigabytes=1000
# Number of volume backups allowed per project (integer value)
#quota_backups=10
# Total amount of storage, in gigabytes, allowed for backups
# per project (integer value)
#quota_backup_gigabytes=1000
# Number of seconds until a reservation expires (integer
# value)
#reservation_expire=86400
# Count of reservations until usage is refreshed (integer
# value)
#until_refresh=0
# Number of seconds between subsequent usage refreshes
# (integer value)
#max_age=0
# Default driver to use for quota checks (string value)
#quota_driver=cinder.quota.DbQuotaDriver
# Enables or disables use of default quota class with default
# quota. (boolean value)
#use_default_quota_class=true
#
# Options defined in cinder.service
#
# Interval, in seconds, between nodes reporting state to
# datastore (integer value)
#report_interval=10
# Interval, in seconds, between running periodic tasks
# (integer value)
#periodic_interval=60
# Range, in seconds, to randomly delay when starting the
# periodic task scheduler to reduce stampeding. (Disable by
# setting to 0) (integer value)
#periodic_fuzzy_delay=60
# IP address on which OpenStack Volume API listens (string
# value)
#osapi_volume_listen=0.0.0.0
# Port on which OpenStack Volume API listens (integer value)
#osapi_volume_listen_port=8776
# Number of workers for OpenStack Volume API service. The
# default is equal to the number of CPUs available. (integer
51
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# value)
#osapi_volume_workers=<None>
#
# Options defined in cinder.ssh_utils
#
# Option to enable strict host key checking. When set to
# "True" Cinder will only connect to systems with a host key
# present in the configured "ssh_hosts_key_file". When set to
# "False" the host key will be saved upon first connection and
# used for subsequent connections. Default=False (boolean
# value)
#strict_ssh_host_key_policy=false
# File containing SSH host keys for the systems with which
# Cinder needs to communicate. OPTIONAL:
# Default=$state_path/ssh_known_hosts (string value)
#ssh_hosts_key_file=$state_path/ssh_known_hosts
#
# Options defined in cinder.test
#
# File name of clean sqlite db (string value)
#sqlite_clean_db=clean.sqlite
#
# Options defined in cinder.wsgi
#
# Maximum line size of message headers to be accepted.
# max_header_line may need to be increased when using large
# tokens (typically those generated by the Keystone v3 API
# with big service catalogs). (integer value)
#max_header_line=16384
# If False, closes the client socket connection explicitly.
# Setting it to True to maintain backward compatibility.
# Recommended setting is set it to False. (boolean value)
#wsgi_keep_alive=true
# Sets the value of TCP_KEEPALIVE (True/False) for each server
# socket. (boolean value)
#tcp_keepalive=true
# Sets the value of TCP_KEEPIDLE in seconds for each server
# socket. Not supported on OS X. (integer value)
#tcp_keepidle=600
# Sets the value of TCP_KEEPINTVL in seconds for each server
# socket. Not supported on OS X. (integer value)
#tcp_keepalive_interval=<None>
52
CHAPT ER 1 . BLO CK ST O RAG E
# Sets the value of TCP_KEEPCNT for each server socket. Not
# supported on OS X. (integer value)
#tcp_keepalive_count=<None>
# CA certificate file to use to verify connecting clients
# (string value)
#ssl_ca_file=<None>
# Certificate file to use when starting the server securely
# (string value)
#ssl_cert_file=<None>
# Private key file to use when starting the server securely
# (string value)
#ssl_key_file=<None>
#
# Options defined in cinder.api.common
#
# The maximum number of items that a collection resource
# returns in a single response (integer value)
#osapi_max_limit=1000
# Base URL that will be presented to users in links to the
# OpenStack Volume API (string value)
# Deprecated group/name - [DEFAULT]/osapi_compute_link_prefix
#osapi_volume_base_URL=<None>
#
# Options defined in cinder.api.middleware.auth
#
# Treat X-Forwarded-For as the canonical remote address. Only
# enable this if you have a sanitizing proxy. (boolean value)
#use_forwarded_for=false
#
# Options defined in cinder.api.middleware.sizelimit
#
# Max size for body of a request (integer value)
#osapi_max_request_body_size=114688
#
# Options defined in cinder.backup.driver
#
# Backup metadata version to be used when backing up volume
# metadata. If this number is bumped, make sure the service
# doing the restore supports the new version. (integer value)
53
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#backup_metadata_version=1
#
# Options defined in cinder.backup.drivers.ceph
#
# Ceph configuration file to use. (string value)
#backup_ceph_conf=/etc/ceph/ceph.conf
# The Ceph user to connect with. Default here is to use the
# same user as for Cinder volumes. If not using cephx this
# should be set to None. (string value)
#backup_ceph_user=cinder
# The chunk size, in bytes, that a backup is broken into
# before transfer to the Ceph object store. (integer value)
#backup_ceph_chunk_size=134217728
# The Ceph pool where volume backups are stored. (string
# value)
#backup_ceph_pool=backups
# RBD stripe unit to use when creating a backup image.
# (integer value)
#backup_ceph_stripe_unit=0
# RBD stripe count to use when creating a backup image.
# (integer value)
#backup_ceph_stripe_count=0
# If True, always discard excess bytes when restoring volumes
# i.e. pad with zeroes. (boolean value)
#restore_discard_excess_bytes=true
#
# Options defined in cinder.backup.drivers.swift
#
# The URL of the Swift endpoint (string value)
#backup_swift_url=<None>
# Info to match when looking for swift in the service catalog.
# Format is: separated values of the form:
# <service_type>:<service_name>:<endpoint_type> - Only used if
# backup_swift_url is unset (string value)
#swift_catalog_info=object-store:swift:publicURL
# Swift authentication mechanism (string value)
#backup_swift_auth=per_user
# Swift authentication version. Specify "1" for auth 1.0, or
# "2" for auth 2.0 (string value)
#backup_swift_auth_version=1
54
CHAPT ER 1 . BLO CK ST O RAG E
# Swift tenant/account name. Required when connecting to an
# auth 2.0 system (string value)
#backup_swift_tenant=<None>
# Swift user name (string value)
#backup_swift_user=<None>
# Swift key for authentication (string value)
#backup_swift_key=<None>
# The default Swift container to use (string value)
#backup_swift_container=volumebackups
# The size in bytes of Swift backup objects (integer value)
#backup_swift_object_size=52428800
# The number of retries to make for Swift operations (integer
# value)
#backup_swift_retry_attempts=3
# The backoff time in seconds between Swift retries (integer
# value)
#backup_swift_retry_backoff=2
# Compression algorithm (None to disable) (string value)
#backup_compression_algorithm=zlib
#
# Options defined in cinder.backup.drivers.tsm
#
# Volume prefix for the backup id when backing up to TSM
# (string value)
#backup_tsm_volume_prefix=backup
# TSM password for the running username (string value)
#backup_tsm_password=password
# Enable or Disable compression for backups (boolean value)
#backup_tsm_compression=true
#
# Options defined in cinder.backup.manager
#
# Driver to use for backups. (string value)
# Deprecated group/name - [DEFAULT]/backup_service
#backup_driver=cinder.backup.drivers.swift
#
# Options defined in cinder.common.config
#
55
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# File name for the paste.deploy config for cinder-api (string
# value)
#api_paste_config=api-paste.ini
# Top-level directory for maintaining cinder's state (string
# value)
# Deprecated group/name - [DEFAULT]/pybasedir
#state_path=/var/lib/cinder
# IP address of this host (string value)
#my_ip=10.0.0.1
# Default glance host name or IP (string value)
#glance_host=$my_ip
# Default glance port (integer value)
#glance_port=9292
# A list of the glance API servers available to cinder
# ([hostname|ip]:port) (list value)
#glance_api_servers=$glance_host:$glance_port
# Version of the glance API to use (integer value)
#glance_api_version=1
# Number retries when downloading an image from glance
# (integer value)
#glance_num_retries=0
# Allow to perform insecure SSL (https) requests to glance
# (boolean value)
#glance_api_insecure=false
# Enables or disables negotiation of SSL layer compression. In
# some cases disabling compression can improve data
# throughput, such as when high network bandwidth is available
# and you use compressed image formats like qcow2. (boolean
# value)
#glance_api_ssl_compression=false
# Location of ca certificates file to use for glance client
# requests. (string value)
#glance_ca_certificates_file=<None>
# http/https timeout value for glance operations. If no value
# (None) is supplied here, the glanceclient default value is
# used. (integer value)
#glance_request_timeout=<None>
# The topic that scheduler nodes listen on (string value)
#scheduler_topic=cinder-scheduler
# The topic that volume nodes listen on (string value)
#volume_topic=cinder-volume
# The topic that volume backup nodes listen on (string value)
56
CHAPT ER 1 . BLO CK ST O RAG E
#backup_topic=cinder-backup
# DEPRECATED: Deploy v1 of the Cinder API. (boolean value)
#enable_v1_api=true
# Deploy v2 of the Cinder API. (boolean value)
#enable_v2_api=true
# Enables or disables rate limit of the API. (boolean value)
#api_rate_limit=true
# Specify list of extensions to load when using
# osapi_volume_extension option with
# cinder.api.contrib.select_extensions (list value)
#osapi_volume_ext_list=
# osapi volume extension to load (multi valued)
#osapi_volume_extension=cinder.api.contrib.standard_extensions
# Full class name for the Manager for volume (string value)
#volume_manager=cinder.volume.manager.VolumeManager
# Full class name for the Manager for volume backup (string
# value)
#backup_manager=cinder.backup.manager.BackupManager
# Full class name for the Manager for scheduler (string value)
#scheduler_manager=cinder.scheduler.manager.SchedulerManager
# Name of this node. This can be an opaque identifier. It is
# not necessarily a host name, FQDN, or IP address. (string
# value)
#host=cinder
# Availability zone of this node (string value)
#storage_availability_zone=nova
# Default availability zone for new volumes. If not set, the
# storage_availability_zone option value is used as the
# default for new volumes. (string value)
#default_availability_zone=<None>
# Default volume type to use (string value)
#default_volume_type=<None>
# Time period for which to generate volume usages. The options
# are hour, day, month, or year. (string value)
#volume_usage_audit_period=month
# Path to the rootwrap configuration file to use for running
# commands as root (string value)
#rootwrap_config=/etc/cinder/rootwrap.conf
# Enable monkey patching (boolean value)
#monkey_patch=false
57
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# List of modules/decorators to monkey patch (list value)
#monkey_patch_modules=
# Maximum time since last check-in for a service to be
# considered up (integer value)
#service_down_time=60
# The full class name of the volume API class to use (string
# value)
#volume_api_class=cinder.volume.api.API
# The full class name of the volume backup API class (string
# value)
#backup_api_class=cinder.backup.api.API
# The strategy to use for auth. Supports noauth, keystone, and
# deprecated. (string value)
#auth_strategy=noauth
# A list of backend names to use. These backend names should
# be backed by a unique [CONFIG] group with its options (list
# value)
#enabled_backends=<None>
# Whether snapshots count against GigaByte quota (boolean
# value)
#no_snapshot_gb_quota=false
# The full class name of the volume transfer API class (string
# value)
#transfer_api_class=cinder.transfer.api.API
# The full class name of the volume replication API class
# (string value)
#replication_api_class=cinder.replication.api.API
# The full class name of the consistencygroup API class
# (string value)
#consistencygroup_api_class=cinder.consistencygroup.api.API
#
# Options defined in cinder.compute
#
# The full class name of the compute API class to use (string
# value)
#compute_api_class=cinder.compute.nova.API
#
# Options defined in cinder.compute.nova
#
# Match this value when searching for nova in the service
# catalog. Format is: separated values of the form:
58
CHAPT ER 1 . BLO CK ST O RAG E
# <service_type>:<service_name>:<endpoint_type> (string value)
#nova_catalog_info=compute:nova:publicURL
# Same as nova_catalog_info, but for admin endpoint. (string
# value)
#nova_catalog_admin_info=compute:nova:adminURL
# Override service catalog lookup with template for nova
# endpoint e.g. http://localhost:8774/v2/%(project_id)s
# (string value)
#nova_endpoint_template=<None>
# Same as nova_endpoint_template, but for admin endpoint.
# (string value)
#nova_endpoint_admin_template=<None>
# Region name of this node (string value)
#os_region_name=<None>
# Location of ca certificates file to use for nova client
# requests. (string value)
#nova_ca_certificates_file=<None>
# Allow to perform insecure SSL requests to nova (boolean
# value)
#nova_api_insecure=false
#
# Options defined in cinder.db.api
#
# The backend to use for db (string value)
#db_backend=sqlalchemy
# Services to be added to the available pool on create
# (boolean value)
#enable_new_services=true
# Template string to be used to generate volume names (string
# value)
#volume_name_template=volume-%s
# Template string to be used to generate snapshot names
# (string value)
#snapshot_name_template=snapshot-%s
# Template string to be used to generate backup names (string
# value)
#backup_name_template=backup-%s
#
# Options defined in cinder.db.base
#
59
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Driver to use for database access (string value)
#db_driver=cinder.db
#
# Options defined in cinder.image.glance
#
# Default core properties of image (list value)
#glance_core_properties=checksum,container_format,disk_format,image_na
me,image_id,min_disk,min_ram,name,size
# A list of url schemes that can be downloaded directly via
# the direct_url. Currently supported schemes: [file]. (list
# value)
#allowed_direct_url_schemes=
#
# Options defined in cinder.image.image_utils
#
# Directory used for temporary storage during image conversion
# (string value)
#image_conversion_dir=$state_path/conversion
#
# Options defined in cinder.openstack.common.eventlet_backdoor
#
# Enable eventlet backdoor. Acceptable values are 0, <port>,
# and <start>:<end>, where 0 results in listening on a random
# tcp port number; <port> results in listening on the
# specified port number (and not enabling backdoor if that
# port is in use); and <start>:<end> results in listening on
# the smallest unused port number within the specified range
# of port numbers. The chosen port is displayed in the
# service's log file. (string value)
#backdoor_port=<None>
#
# Options defined in cinder.openstack.common.lockutils
#
# Whether to disable inter-process locks (boolean value)
#disable_process_locking=false
# Directory to use for lock files. Default to a temp directory
# (string value)
#lock_path=<None>
#
# Options defined in cinder.openstack.common.log
60
CHAPT ER 1 . BLO CK ST O RAG E
#
# Print debugging output (set logging level to DEBUG instead
# of default WARNING level). (boolean value)
#debug=false
# Print more verbose output (set logging level to INFO instead
# of default WARNING level). (boolean value)
#verbose=false
# Log output to standard error. (boolean value)
#use_stderr=true
# Format string to use for log messages with context. (string
# value)
#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%
(message)s
# Format string to use for log messages without context.
# (string value)
#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [-] %(instance)s%(message)s
# Data to append to log format when level is DEBUG. (string
# value)
#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d
# Prefix each line of exception output with this format.
# (string value)
#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %
(name)s %(instance)s
# List of logger=LEVEL pairs. (list value)
#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalch
emy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.u
rllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN
,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
# Enables or disables publication of error events. (boolean
# value)
#publish_errors=false
# Enables or disables fatal status of deprecations. (boolean
# value)
#fatal_deprecations=false
# The format for an instance that is passed with the log
# message. (string value)
#instance_format="[instance: %(uuid)s] "
# The format for an instance UUID that is passed with the log
# message. (string value)
#instance_uuid_format="[instance: %(uuid)s] "
# The name of a logging configuration file. This file is
61
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# appended to any existing logging configuration files. For
# details about logging configuration files, see the Python
# logging module documentation. (string value)
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append=<None>
# DEPRECATED. A logging.Formatter log message format string
# which may use any of the available logging.LogRecord
# attributes. This option is deprecated. Please use
# logging_context_format_string and
# logging_default_format_string instead. (string value)
#log_format=<None>
# Format string for %%(asctime)s in log records. Default:
# %(default)s . (string value)
#log_date_format=%Y-%m-%d %H:%M:%S
# (Optional) Name of log file to output to. If no default is
# set, logging will go to stdout. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file=<None>
# (Optional) The base directory used for relative --log-file
# paths. (string value)
# Deprecated group/name - [DEFAULT]/logdir
#log_dir=<None>
# Use syslog for logging. Existing syslog format is DEPRECATED
# during I, and will change in J to honor RFC5424. (boolean
# value)
#use_syslog=false
# (Optional) Enables or disables syslog rfc5424 format for
# logging. If enabled, prefixes the MSG part of the syslog
# message with APP-NAME (RFC5424). The format without the APP# NAME is deprecated in I, and will be removed in J. (boolean
# value)
#use_syslog_rfc_format=false
# Syslog facility to receive log lines. (string value)
#syslog_log_facility=LOG_USER
#
# Options defined in cinder.openstack.common.periodic_task
#
# Some periodic tasks can be run in a separate process. Should
# we run them here? (boolean value)
#run_external_periodic_tasks=true
#
# Options defined in cinder.openstack.common.policy
#
62
CHAPT ER 1 . BLO CK ST O RAG E
# The JSON file that defines policies. (string value)
#policy_file=policy.json
# Default rule. Enforced when a requested rule is not found.
# (string value)
#policy_default_rule=default
#
# Options defined in cinder.scheduler.driver
#
# The scheduler host manager class to use (string value)
#scheduler_host_manager=cinder.scheduler.host_manager.HostManager
# Maximum number of attempts to schedule an volume (integer
# value)
#scheduler_max_attempts=3
#
# Options defined in cinder.scheduler.host_manager
#
# Which filter class names to use for filtering hosts when not
# specified in the request. (list value)
#scheduler_default_filters=AvailabilityZoneFilter,CapacityFilter,Capab
ilitiesFilter
# Which weigher class names to use for weighing hosts. (list
# value)
#scheduler_default_weighers=CapacityWeigher
#
# Options defined in cinder.scheduler.manager
#
# Default scheduler driver to use (string value)
#scheduler_driver=cinder.scheduler.filter_scheduler.FilterScheduler
#
# Options defined in cinder.scheduler.scheduler_options
#
# Absolute path to scheduler configuration JSON file. (string
# value)
#scheduler_json_config_location=
#
# Options defined in cinder.scheduler.simple
#
# This configure option has been deprecated along with the
63
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# SimpleScheduler. New scheduler is able to gather capacity
# information for each host, thus setting the maximum number
# of volume gigabytes for host is no longer needed. It's safe
# to remove this configure from cinder.conf. (integer value)
#max_gigabytes=10000
#
# Options defined in cinder.scheduler.weights.capacity
#
# Multiplier used for weighing volume capacity. Negative
# numbers mean to stack vs spread. (floating point value)
#capacity_weight_multiplier=1.0
# Multiplier used for weighing volume capacity. Negative
# numbers mean to stack vs spread. (floating point value)
#allocated_capacity_weight_multiplier=-1.0
#
# Options defined in cinder.scheduler.weights.volume_number
#
# Multiplier used for weighing volume number. Negative numbers
# mean to spread vs stack. (floating point value)
#volume_number_multiplier=-1.0
#
# Options defined in cinder.transfer.api
#
# The number of characters in the salt. (integer value)
#volume_transfer_salt_length=8
# The number of characters in the autogenerated auth key.
# (integer value)
#volume_transfer_key_length=16
#
# Options defined in cinder.volume.api
#
# Cache volume availability zones in memory for the provided
# duration in seconds (integer value)
#az_cache_duration=3600
# Create volume from snapshot at the host where snapshot
# resides (boolean value)
#snapshot_same_host=true
# Ensure that the new volumes are the same AZ as snapshot or
# source volume (boolean value)
#cloned_volume_same_az=true
64
CHAPT ER 1 . BLO CK ST O RAG E
#
# Options defined in cinder.volume.driver
#
# The maximum number of times to rescan iSER targetto find
# volume (integer value)
#num_iser_scan_tries=3
# The maximum number of iSER target IDs per host (integer
# value)
#iser_num_targets=100
# Prefix for iSER volumes (string value)
#iser_target_prefix=iqn.2010-10.org.iser.openstack:
# The IP address that the iSER daemon is listening on (string
# value)
#iser_ip_address=$my_ip
# The port that the iSER daemon is listening on (integer
# value)
#iser_port=3260
# The name of the iSER target user-land tool to use (string
# value)
#iser_helper=tgtadm
# Number of times to attempt to run flakey shell commands
# (integer value)
#num_shell_tries=3
# The percentage of backend capacity is reserved (integer
# value)
#reserved_percentage=0
# The maximum number of iSCSI target IDs per host (integer
# value)
#iscsi_num_targets=100
# Prefix for iSCSI volumes (string value)
#iscsi_target_prefix=iqn.2010-10.org.openstack:
# The IP address that the iSCSI daemon is listening on (string
# value)
#iscsi_ip_address=$my_ip
# The port that the iSCSI daemon is listening on (integer
# value)
#iscsi_port=3260
# The maximum number of times to rescan targets to find volume
# (integer value)
# Deprecated group/name - [DEFAULT]/num_iscsi_scan_tries
#num_volume_device_scan_tries=3
65
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# The backend name for a given driver implementation (string
# value)
#volume_backend_name=<None>
# Do we attach/detach volumes in cinder using multipath for
# volume to image and image to volume transfers? (boolean
# value)
#use_multipath_for_image_xfer=false
# Method used to wipe old volumes (valid options are: none,
# zero, shred) (string value)
#volume_clear=zero
# Size in MiB to wipe at start of old volumes. 0 => all
# (integer value)
#volume_clear_size=0
# The flag to pass to ionice to alter the i/o priority of the
# process used to zero a volume after deletion, for example
# "-c3" for idle only priority. (string value)
#volume_clear_ionice=<None>
# iSCSI target user-land tool to use. tgtadm is default, use
# lioadm for LIO iSCSI support, iseradm for the ISER protocol,
# or fake for testing. (string value)
#iscsi_helper=tgtadm
# Volume configuration file storage directory (string value)
#volumes_dir=$state_path/volumes
# IET configuration file (string value)
#iet_conf=/etc/iet/ietd.conf
# Comma-separated list of initiator IQNs allowed to connect to
# the iSCSI target. (From Nova compute nodes.) (string value)
#lio_initiator_iqns=
# Sets the behavior of the iSCSI target to either perform
# blockio or fileio optionally, auto can be set and Cinder
# will autodetect type of backing device (string value)
#iscsi_iotype=fileio
# The default block size used when copying/clearing volumes
# (string value)
#volume_dd_blocksize=1M
# The blkio cgroup name to be used to limit bandwidth of
# volume copy (string value)
#volume_copy_blkio_cgroup_name=cinder-volume-copy
# The upper limit of bandwidth of volume copy. 0 => unlimited
# (integer value)
#volume_copy_bps_limit=0
# Sets the behavior of the iSCSI target to either perform
66
CHAPT ER 1 . BLO CK ST O RAG E
# write-back(on) or write-through(off). This parameter is
# valid if iscsi_helper is set to tgtadm or iseradm. (string
# value)
#iscsi_write_cache=on
# The path to the client certificate key for verification, if
# the driver supports it. (string value)
#driver_client_cert_key=<None>
# The path to the client certificate for verification, if the
# driver supports it. (string value)
#driver_client_cert=<None>
#
# Options defined in cinder.volume.drivers.block_device
#
# List of all available devices (list value)
#available_devices=
#
# Options defined in cinder.volume.drivers.coraid
#
# IP address of Coraid ESM (string value)
#coraid_esm_address=
# User name to connect to Coraid ESM (string value)
#coraid_user=admin
# Name of group on Coraid ESM to which coraid_user belongs
# (must have admin privilege) (string value)
#coraid_group=admin
# Password to connect to Coraid ESM (string value)
#coraid_password=password
# Volume Type key name to store ESM Repository Name (string
# value)
#coraid_repository_key=coraid_repository
#
# Options defined in cinder.volume.drivers.datera
#
# Datera API token. (string value)
#datera_api_token=<None>
# Datera API port. (string value)
#datera_api_port=7717
# Datera API version. (string value)
#datera_api_version=1
67
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Number of replicas to create of an inode. (string value)
#datera_num_replicas=3
#
# Options defined in cinder.volume.drivers.emc.emc_vmax_common
#
# use this file for cinder emc plugin config data (string
# value)
#cinder_emc_config_file=/etc/cinder/cinder_emc_config.xml
#
# Options defined in cinder.volume.drivers.emc.emc_vnx_cli
#
# VNX authentication scope type. (string value)
#storage_vnx_authentication_type=global
# Directory path that contains the VNX security file. Make
# sure the security file is generated first. (string value)
#storage_vnx_security_file_dir=<None>
# Naviseccli Path. (string value)
#naviseccli_path=
# Storage pool name. (string value)
#storage_vnx_pool_name=<None>
# VNX secondary SP IP Address. (string value)
#san_secondary_ip=<None>
# Default timeout for CLI operations in minutes. For example,
# LUN migration is a typical long running operation, which
# depends on the LUN size and the load of the array. An upper
# bound in the specific deployment can be set to avoid
# unnecessary long wait. By default, it is 365 days long.
# (integer value)
#default_timeout=525600
# Default max number of LUNs in a storage group. By default,
# the value is 255. (integer value)
#max_luns_per_storage_group=255
# To destroy storage group when the last LUN is removed from
# it. By default, the value is False. (boolean value)
#destroy_empty_storage_group=false
# Mapping between hostname and its iSCSI initiator IP
# addresses. (string value)
#iscsi_initiators=
# Automatically register initiators. By default, the value is
# False. (boolean value)
68
CHAPT ER 1 . BLO CK ST O RAG E
#initiator_auto_registration=false
#
# Options defined in cinder.volume.drivers.eqlx
#
# Group name to use for creating volumes (string value)
#eqlx_group_name=group-0
# Timeout for the Group Manager cli command execution (integer
# value)
#eqlx_cli_timeout=30
# Maximum retry count for reconnection (integer value)
#eqlx_cli_max_retries=5
# Use CHAP authentication for targets? (boolean value)
#eqlx_use_chap=false
# Existing CHAP account name (string value)
#eqlx_chap_login=admin
# Password for specified CHAP account name (string value)
#eqlx_chap_password=password
# Pool in which volumes will be created (string value)
#eqlx_pool=default
#
# Options defined in cinder.volume.drivers.fujitsu_eternus_dx_common
#
# The configuration file for the Cinder SMI-S driver (string
# value)
#cinder_smis_config_file=/etc/cinder/cinder_fujitsu_eternus_dx.xml
#
# Options defined in cinder.volume.drivers.fusionio.ioControl
#
# amount of time wait for iSCSI target to come online (integer
# value)
#fusionio_iocontrol_targetdelay=5
# number of retries for GET operations (integer value)
#fusionio_iocontrol_retry=3
# verify the array certificate on each transaction (boolean
# value)
#fusionio_iocontrol_verify_cert=true
#
69
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Options defined in cinder.volume.drivers.glusterfs
#
# File with the list of available gluster shares (string
# value)
#glusterfs_shares_config=/etc/cinder/glusterfs_shares
# Create volumes as sparsed files which take no space.If set
# to False volume is created as regular file.In such case
# volume creation takes a lot of time. (boolean value)
#glusterfs_sparsed_volumes=true
# Create volumes as QCOW2 files rather than raw files.
# (boolean value)
#glusterfs_qcow2_volumes=false
# Base dir containing mount points for gluster shares. (string
# value)
#glusterfs_mount_point_base=$state_path/mnt
#
# Options defined in cinder.volume.drivers.hds.hds
#
# The configuration file for the Cinder HDS driver for HUS
# (string value)
#hds_cinder_config_file=/opt/hds/hus/cinder_hus_conf.xml
#
# Options defined in cinder.volume.drivers.hds.iscsi
#
# Configuration file for HDS iSCSI cinder plugin (string
# value)
#hds_hnas_iscsi_config_file=/opt/hds/hnas/cinder_iscsi_conf.xml
#
# Options defined in cinder.volume.drivers.hds.nfs
#
# Configuration file for HDS NFS cinder plugin (string value)
#hds_hnas_nfs_config_file=/opt/hds/hnas/cinder_nfs_conf.xml
#
# Options defined in cinder.volume.drivers.hitachi.hbsd_common
#
# Serial number of storage system (string value)
#hitachi_serial_number=<None>
# Name of an array unit (string value)
#hitachi_unit_name=<None>
70
CHAPT ER 1 . BLO CK ST O RAG E
# Pool ID of storage system (integer value)
#hitachi_pool_id=<None>
# Thin pool ID of storage system (integer value)
#hitachi_thin_pool_id=<None>
# Range of logical device of storage system (string value)
#hitachi_ldev_range=<None>
# Default copy method of storage system (string value)
#hitachi_default_copy_method=FULL
# Copy speed of storage system (integer value)
#hitachi_copy_speed=3
# Interval to check copy (integer value)
#hitachi_copy_check_interval=3
# Interval to check copy asynchronously (integer value)
#hitachi_async_copy_check_interval=10
# Control port names for HostGroup or iSCSI Target (string
# value)
#hitachi_target_ports=<None>
# Range of group number (string value)
#hitachi_group_range=<None>
# Request for creating HostGroup or iSCSI Target (boolean
# value)
#hitachi_group_request=false
#
# Options defined in cinder.volume.drivers.hitachi.hbsd_fc
#
# Request for FC Zone creating HostGroup (boolean value)
#hitachi_zoning_request=false
#
# Options defined in cinder.volume.drivers.hitachi.hbsd_horcm
#
# Instance numbers for HORCM (string value)
#hitachi_horcm_numbers=200,201
# Username of storage system for HORCM (string value)
#hitachi_horcm_user=<None>
# Password of storage system for HORCM (string value)
#hitachi_horcm_password=<None>
# Add to HORCM configuration (boolean value)
71
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#hitachi_horcm_add_conf=true
#
# Options defined in cinder.volume.drivers.hitachi.hbsd_iscsi
#
# Add CHAP user (boolean value)
#hitachi_add_chap_user=false
# iSCSI authentication method (string value)
#hitachi_auth_method=<None>
# iSCSI authentication username (string value)
#hitachi_auth_user=HBSD-CHAP-user
# iSCSI authentication password (string value)
#hitachi_auth_password=HBSD-CHAP-password
#
# Options defined in cinder.volume.drivers.huawei
#
# The configuration file for the Cinder Huawei driver (string
# value)
#cinder_huawei_conf_file=/etc/cinder/cinder_huawei_conf.xml
#
# Options defined in cinder.volume.drivers.ibm.gpfs
#
# Specifies the path of the GPFS directory where Block Storage
# volume and snapshot files are stored. (string value)
#gpfs_mount_point_base=<None>
# Specifies the path of the Image service repository in GPFS.
# Leave undefined if not storing images in GPFS. (string
# value)
#gpfs_images_dir=<None>
# Specifies the type of image copy to be used. Set this when
# the Image service repository also uses GPFS so that image
# files can be transferred efficiently from the Image service
# to the Block Storage service. There are two valid values:
# "copy" specifies that a full copy of the image is made;
# "copy_on_write" specifies that copy-on-write optimization
# strategy is used and unmodified blocks of the image file are
# shared efficiently. (string value)
#gpfs_images_share_mode=<None>
#
#
#
#
72
Specifies an upper limit on the number of indirections
required to reach a specific block due to snapshots or
clones. A lengthy chain of copy-on-write snapshots or
clones can have a negative impact on performance, but
CHAPT ER 1 . BLO CK ST O RAG E
# improves space utilization.
# depth. (integer value)
#gpfs_max_clone_depth=0
0 indicates unlimited clone
# Specifies that volumes are created as
# initially consume no space. If set to
# created as a fully allocated file, in
# may take a significantly longer time.
#gpfs_sparse_volumes=true
sparse files which
False, the volume is
which case, creation
(boolean value)
# Specifies the storage pool that volumes are assigned to. By
# default, the system storage pool is used. (string value)
#gpfs_storage_pool=system
#
# Options defined in cinder.volume.drivers.ibm.ibmnas
#
# IP address or Hostname of NAS system. (string value)
#nas_ip=
# User name to connect to NAS system. (string value)
#nas_login=admin
# Password to connect to NAS system. (string value)
#nas_password=
# SSH port to use to connect to NAS system. (integer value)
#nas_ssh_port=22
# Filename of private key to use for SSH authentication.
# (string value)
#nas_private_key=
# IBMNAS platform type to be used as backend storage; valid
# values are - v7ku : for using IBM Storwize V7000 Unified,
# sonas : for using IBM Scale Out NAS, gpfs-nas : for using
# NFS based IBM GPFS deployments. (string value)
#ibmnas_platform_type=v7ku
#
# Options defined in cinder.volume.drivers.ibm.storwize_svc
#
# Storage system storage pool for volumes (string value)
#storwize_svc_volpool_name=volpool
# Storage system space-efficiency parameter for volumes
# (percentage) (integer value)
#storwize_svc_vol_rsize=2
# Storage system threshold for volume capacity warnings
# (percentage) (integer value)
#storwize_svc_vol_warning=0
73
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Storage system autoexpand parameter for volumes (True/False)
# (boolean value)
#storwize_svc_vol_autoexpand=true
# Storage system grain size parameter for volumes
# (32/64/128/256) (integer value)
#storwize_svc_vol_grainsize=256
# Storage system compression option for volumes (boolean
# value)
#storwize_svc_vol_compression=false
# Enable Easy Tier for volumes (boolean value)
#storwize_svc_vol_easytier=true
# The I/O group in which to allocate volumes (integer value)
#storwize_svc_vol_iogrp=0
# Maximum number of seconds to wait for FlashCopy to be
# prepared. Maximum value is 600 seconds (10 minutes) (integer
# value)
#storwize_svc_flashcopy_timeout=120
# Connection protocol (iSCSI/FC) (string value)
#storwize_svc_connection_protocol=iSCSI
# Configure CHAP authentication for iSCSI connections
# (Default: Enabled) (boolean value)
#storwize_svc_iscsi_chap_enabled=true
# Connect with multipath (FC only; iSCSI multipath is
# controlled by Nova) (boolean value)
#storwize_svc_multipath_enabled=false
# Allows vdisk to multi host mapping (boolean value)
#storwize_svc_multihostmap_enabled=true
# Indicate whether svc driver is compatible for NPIV setup. If
# it is compatible, it will allow no wwpns being returned on
# get_conn_fc_wwpns during initialize_connection (boolean
# value)
#storwize_svc_npiv_compatibility_mode=false
# Allow tenants to specify QOS on create (boolean value)
#storwize_svc_allow_tenant_qos=false
# If operating in stretched cluster mode, specify the name of
# the pool in which mirrored copies are stored.Example:
# "pool2" (string value)
#storwize_svc_stretched_cluster_partner=<None>
#
# Options defined in cinder.volume.drivers.ibm.xiv_ds8k
#
74
CHAPT ER 1 . BLO CK ST O RAG E
# Proxy driver that connects to the IBM Storage Array (string
# value)
#xiv_ds8k_proxy=xiv_ds8k_openstack.nova_proxy.XIVDS8KNovaProxy
# Connection type to the IBM Storage Array
# (fibre_channel|iscsi) (string value)
#xiv_ds8k_connection_type=iscsi
# CHAP authentication mode, effective only for iscsi
# (disabled|enabled) (string value)
#xiv_chap=disabled
#
# Options defined in cinder.volume.drivers.lvm
#
# Name for the VG that will contain exported volumes (string
# value)
#volume_group=cinder-volumes
# If >0, create LVs with multiple mirrors. Note that this
# requires lvm_mirrors + 2 PVs with available space (integer
# value)
#lvm_mirrors=0
# Type of LVM volumes to deploy; (default or thin) (string
# value)
#lvm_type=default
#
# Options defined in cinder.volume.drivers.netapp.options
#
# The vFiler unit on which provisioning of block storage
# volumes will be done. This option is only used by the driver
# when connecting to an instance with a storage family of Data
# ONTAP operating in 7-Mode. Only use this option when
# utilizing the MultiStore feature on the NetApp storage
# system. (string value)
#netapp_vfiler=<None>
# Administrative user account name used to access the storage
# system or proxy server. (string value)
#netapp_login=<None>
# Password for the administrative user account specified in
# the netapp_login option. (string value)
#netapp_password=<None>
#
#
#
#
This option specifies the virtual storage server (Vserver)
name on the storage cluster on which provisioning of block
storage volumes should occur. If using the NFS storage
protocol, this parameter is mandatory for storage service
75
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# catalog support (utilized by Cinder volume type extra_specs
# support). If this option is specified, the exports belonging
# to the Vserver will only be used for provisioning in the
# future. Block storage volumes on exports not belonging to
# the Vserver specified by this option will continue to
# function normally. (string value)
#netapp_vserver=<None>
# The hostname (or IP address) for the storage system or proxy
# server. (string value)
#netapp_server_hostname=<None>
# The TCP port to use for communication with the storage
# system or proxy server. Traditionally, port 80 is used for
# HTTP and port 443 is used for HTTPS; however, this value
# should be changed if an alternate port has been configured
# on the storage system or proxy server. (integer value)
#netapp_server_port=80
# This option is used to specify the path to the E-Series
# proxy application on a proxy server. The value is combined
# with the value of the netapp_transport_type,
# netapp_server_hostname, and netapp_server_port options to
# create the URL used by the driver to connect to the proxy
# application. (string value)
#netapp_webservice_path=/devmgr/v2
# This option is only utilized when the storage family is
# configured to eseries. This option is used to restrict
# provisioning to the specified controllers. Specify the value
# of this option to be a comma separated list of controller
# hostnames or IP addresses to be used for provisioning.
# (string value)
#netapp_controller_ips=<None>
# Password for the NetApp E-Series storage array. (string
# value)
#netapp_sa_password=<None>
# This option is used to restrict provisioning to the
# specified storage pools. Only dynamic disk pools are
# currently supported. Specify the value of this option to be
# a comma separated list of disk pool names to be used for
# provisioning. (string value)
#netapp_storage_pools=<None>
# This option is used to define how the controllers in the
# E-Series storage array will work with the particular
# operating system on the hosts that are connected to it.
# (string value)
#netapp_eseries_host_type=linux_dm_mp
# If the percentage of available space for an NFS share has
# dropped below the value specified by this option, the NFS
# image cache will be cleaned. (integer value)
#thres_avl_size_perc_start=20
76
CHAPT ER 1 . BLO CK ST O RAG E
# When the percentage of available space on an NFS share has
# reached the percentage specified by this option, the driver
# will stop clearing files from the NFS image cache that have
# not been accessed in the last M minutes, where M is the
# value of the expiry_thres_minutes configuration option.
# (integer value)
#thres_avl_size_perc_stop=60
# This option specifies the threshold for last access time for
# images in the NFS image cache. When a cache cleaning cycle
# begins, images in the cache that have not been accessed in
# the last M minutes, where M is the value of this parameter,
# will be deleted from the cache to create free space on the
# NFS share. (integer value)
#expiry_thres_minutes=720
# This option specifies the path of the NetApp copy offload
# tool binary. Ensure that the binary has execute permissions
# set which allow the effective user of the cinder-volume
# process to execute the file. (string value)
#netapp_copyoffload_tool_path=<None>
# The quantity to be multiplied by the requested volume size
# to ensure enough space is available on the virtual storage
# server (Vserver) to fulfill the volume creation request.
# (floating point value)
#netapp_size_multiplier=1.2
# This option is only utilized when the storage protocol is
# configured to use iSCSI. This option is used to restrict
# provisioning to the specified controller volumes. Specify
# the value of this option to be a comma separated list of
# NetApp controller volume names to be used for provisioning.
# (string value)
#netapp_volume_list=<None>
# The storage family type used on the storage system; valid
# values are ontap_7mode for using Data ONTAP operating in
# 7-Mode, ontap_cluster for using clustered Data ONTAP, or
# eseries for using E-Series. (string value)
#netapp_storage_family=ontap_cluster
# The storage protocol to be used on the data path with the
# storage system; valid values are iscsi or nfs. (string
# value)
#netapp_storage_protocol=<None>
# The transport protocol used when communicating with the
# storage system or proxy server. Valid values are http or
# https. (string value)
#netapp_transport_type=http
#
# Options defined in cinder.volume.drivers.nexenta.options
77
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#
# IP address of Nexenta SA (string value)
#nexenta_host=
# HTTP port to connect to Nexenta REST API server (integer
# value)
#nexenta_rest_port=2000
# Use http or https for REST connection (default auto) (string
# value)
#nexenta_rest_protocol=auto
# User name to connect to Nexenta SA (string value)
#nexenta_user=admin
# Password to connect to Nexenta SA (string value)
#nexenta_password=nexenta
# Nexenta target portal port (integer value)
#nexenta_iscsi_target_portal_port=3260
# SA Pool that holds all volumes (string value)
#nexenta_volume=cinder
# IQN prefix for iSCSI targets (string value)
#nexenta_target_prefix=iqn.1986-03.com.sun:02:cinder# Prefix for iSCSI target groups on SA (string value)
#nexenta_target_group_prefix=cinder/
# File with the list of available nfs shares (string value)
#nexenta_shares_config=/etc/cinder/nfs_shares
# Base directory that contains NFS share mount points (string
# value)
#nexenta_mount_point_base=$state_path/mnt
# Enables or disables the creation of volumes as sparsed files
# that take no space. If disabled (False), volume is created
# as a regular file, which takes a long time. (boolean value)
#nexenta_sparsed_volumes=true
# Default compression value for new ZFS folders. (string
# value)
#nexenta_volume_compression=on
# If set True cache NexentaStor appliance volroot option
# value. (boolean value)
#nexenta_nms_cache_volroot=true
# Enable stream compression, level 1..9. 1 - gives best speed;
# 9 - gives best compression. (integer value)
#nexenta_rrmgr_compression=0
# TCP Buffer size in KiloBytes. (integer value)
78
CHAPT ER 1 . BLO CK ST O RAG E
#nexenta_rrmgr_tcp_buf_size=4096
# Number of TCP connections. (integer value)
#nexenta_rrmgr_connections=2
# Block size for volumes (default=blank means 8KB) (string
# value)
#nexenta_blocksize=
# Enables or disables the creation of sparse volumes (boolean
# value)
#nexenta_sparse=false
#
# Options defined in cinder.volume.drivers.nfs
#
# File with the list of available nfs shares (string value)
#nfs_shares_config=/etc/cinder/nfs_shares
# Create volumes as sparsed files which take no space.If set
# to False volume is created as regular file.In such case
# volume creation takes a lot of time. (boolean value)
#nfs_sparsed_volumes=true
# Percent of ACTUAL usage of the underlying volume before no
# new volumes can be allocated to the volume destination.
# (floating point value)
#nfs_used_ratio=0.95
# This will compare the allocated to available space on the
# volume destination. If the ratio exceeds this number, the
# destination will no longer be valid. (floating point value)
#nfs_oversub_ratio=1.0
# Base dir containing mount points for nfs shares. (string
# value)
#nfs_mount_point_base=$state_path/mnt
# Mount options passed to the nfs client. See section of the
# nfs man page for details. (string value)
#nfs_mount_options=<None>
#
# Options defined in cinder.volume.drivers.nimble
#
# Nimble Controller pool name (string value)
#nimble_pool_name=default
# Nimble Subnet Label (string value)
#nimble_subnet_label=*
79
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#
# Options defined in cinder.volume.drivers.prophetstor.options
#
# DPL pool uuid in which DPL volumes are stored. (string
# value)
#dpl_pool=
# DPL port number. (integer value)
#dpl_port=8357
#
# Options defined in cinder.volume.drivers.pure
#
# REST API authorization token. (string value)
#pure_api_token=<None>
#
# Options defined in cinder.volume.drivers.rbd
#
# The RADOS pool where rbd volumes are stored (string value)
#rbd_pool=rbd
# The RADOS client name for accessing rbd volumes - only set
# when using cephx authentication (string value)
#rbd_user=<None>
# Path to the ceph configuration file (string value)
#rbd_ceph_conf=
# Flatten volumes created from snapshots to remove dependency
# from volume to snapshot (boolean value)
#rbd_flatten_volume_from_snapshot=false
# The libvirt uuid of the secret for the rbd_user volumes
# (string value)
#rbd_secret_uuid=<None>
# Directory where temporary image files are stored when the
# volume driver does not write them directly to the volume.
# (string value)
#volume_tmp_dir=<None>
# Maximum number of nested volume clones that are taken before
# a flatten occurs. Set to 0 to disable cloning. (integer
# value)
#rbd_max_clone_depth=5
# Volumes will be chunked into objects of this size (in
# megabytes). (integer value)
#rbd_store_chunk_size=4
80
CHAPT ER 1 . BLO CK ST O RAG E
# Timeout value (in seconds) used when connecting to ceph
# cluster. If value < 0, no timeout is set and default
# librados value is used. (integer value)
#rados_connect_timeout=-1
#
# Options defined in cinder.volume.drivers.remotefs
#
# IP address or Hostname of NAS system. (string value)
#nas_ip=
# User name to connect to NAS system. (string value)
#nas_login=admin
# Password to connect to NAS system. (string value)
#nas_password=
# SSH port to use to connect to NAS system. (integer value)
#nas_ssh_port=22
# Filename of private key to use for SSH authentication.
# (string value)
#nas_private_key=
#
# Options defined in cinder.volume.drivers.san.hp.hp_3par_common
#
# 3PAR WSAPI Server Url like https://<3par ip>:8080/api/v1
# (string value)
#hp3par_api_url=
# 3PAR Super user username (string value)
#hp3par_username=
# 3PAR Super user password (string value)
#hp3par_password=
# The CPG to use for volume creation (string value)
#hp3par_cpg=OpenStack
# The CPG to use for Snapshots for volumes. If empty
# hp3par_cpg will be used (string value)
#hp3par_cpg_snap=
# The time in hours to retain a snapshot.
# before this expires. (string value)
#hp3par_snapshot_retention=
You can't delete it
# The time in hours when a snapshot expires and is deleted.
# This must be larger than expiration (string value)
#hp3par_snapshot_expiration=
81
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Enable HTTP debugging to 3PAR (boolean value)
#hp3par_debug=false
# List of target iSCSI addresses to use. (list value)
#hp3par_iscsi_ips=
# Enable CHAP authentication for iSCSI connections. (boolean
# value)
#hp3par_iscsi_chap_enabled=false
#
# Options defined in
cinder.volume.drivers.san.hp.hp_lefthand_rest_proxy
#
# HP LeftHand WSAPI Server Url like https://<LeftHand
# ip>:8081/lhos (string value)
#hplefthand_api_url=<None>
# HP LeftHand Super user username (string value)
#hplefthand_username=<None>
# HP LeftHand Super user password (string value)
#hplefthand_password=<None>
# HP LeftHand cluster name (string value)
#hplefthand_clustername=<None>
# Configure CHAP authentication for iSCSI connections
# (Default: Disabled) (boolean value)
#hplefthand_iscsi_chap_enabled=false
# Enable HTTP debugging to LeftHand (boolean value)
#hplefthand_debug=false
#
# Options defined in cinder.volume.drivers.san.hp.hp_msa_common
#
# The VDisk to use for volume creation. (string value)
#msa_vdisk=OpenStack
#
# Options defined in cinder.volume.drivers.san.san
#
# Use thin provisioning for SAN volumes? (boolean value)
#san_thin_provision=true
# IP address of SAN controller (string value)
#san_ip=
# Username for SAN controller (string value)
82
CHAPT ER 1 . BLO CK ST O RAG E
#san_login=admin
# Password for SAN controller (string value)
#san_password=
# Filename of private key to use for SSH authentication
# (string value)
#san_private_key=
# Cluster name to use for creating volumes (string value)
#san_clustername=
# SSH port to use with SAN (integer value)
#san_ssh_port=22
# Execute commands locally instead of over SSH; use if the
# volume service is running on the SAN device (boolean value)
#san_is_local=false
# SSH connection timeout in seconds (integer value)
#ssh_conn_timeout=30
# Minimum ssh connections in the pool (integer value)
#ssh_min_pool_conn=1
# Maximum ssh connections in the pool (integer value)
#ssh_max_pool_conn=5
#
# Options defined in cinder.volume.drivers.san.solaris
#
# The ZFS path under which to create zvols for volumes.
# (string value)
#san_zfs_volume_base=rpool/
#
# Options defined in cinder.volume.drivers.scality
#
# Path or URL to Scality SOFS configuration file (string
# value)
#scality_sofs_config=<None>
# Base dir where Scality SOFS shall be mounted (string value)
#scality_sofs_mount_point=$state_path/scality
# Path from Scality SOFS root to volume dir (string value)
#scality_sofs_volume_dir=cinder/volumes
#
# Options defined in cinder.volume.drivers.smbfs
#
83
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# File with the list of available smbfs shares. (string value)
#smbfs_shares_config=/etc/cinder/smbfs_shares
# Default format that will be used when creating volumes if no
# volume format is specified. Can be set to: raw, qcow2, vhd
# or vhdx. (string value)
#smbfs_default_volume_format=qcow2
# Create volumes as sparsed files which take no space rather
# than regular files when using raw format, in which case
# volume creation takes lot of time. (boolean value)
#smbfs_sparsed_volumes=true
# Percent of ACTUAL usage of the underlying volume before no
# new volumes can be allocated to the volume destination.
# (floating point value)
#smbfs_used_ratio=0.95
# This will compare the allocated to available space on the
# volume destination. If the ratio exceeds this number, the
# destination will no longer be valid. (floating point value)
#smbfs_oversub_ratio=1.0
# Base dir containing mount points for smbfs shares. (string
# value)
#smbfs_mount_point_base=$state_path/mnt
# Mount options passed to the smbfs client. See mount.cifs man
# page for details. (string value)
#smbfs_mount_options=noperm,file_mode=0775,dir_mode=0775
#
# Options defined in cinder.volume.drivers.solidfire
#
# Set 512 byte emulation on volume creation;
#sf_emulate_512=true
(boolean value)
# Allow tenants to specify QOS on create (boolean value)
#sf_allow_tenant_qos=false
# Create SolidFire accounts with this prefix. Any string can
# be used here, but the string "hostname" is special and will
# create a prefix using the cinder node hostsname (previous
# default behavior). The default is NO prefix. (string value)
#sf_account_prefix=<None>
# SolidFire API port. Useful if the device api is behind a
# proxy on a different port. (integer value)
#sf_api_port=443
#
# Options defined in cinder.volume.drivers.vmware.vmdk
84
CHAPT ER 1 . BLO CK ST O RAG E
#
# IP address for connecting to VMware ESX/VC server. (string
# value)
#vmware_host_ip=<None>
# Username for authenticating with VMware ESX/VC server.
# (string value)
#vmware_host_username=<None>
# Password for authenticating with VMware ESX/VC server.
# (string value)
#vmware_host_password=<None>
# Optional VIM service WSDL Location e.g
# http://<server>/vimService.wsdl. Optional over-ride to
# default location for bug work-arounds. (string value)
#vmware_wsdl_location=<None>
# Number of times VMware ESX/VC server API must be retried
# upon connection related issues. (integer value)
#vmware_api_retry_count=10
# The interval (in seconds) for polling remote tasks invoked
# on VMware ESX/VC server. (floating point value)
#vmware_task_poll_interval=0.5
# Name for the folder in the VC datacenter that will contain
# cinder volumes. (string value)
#vmware_volume_folder=cinder-volumes
# Timeout in seconds for VMDK volume transfer between Cinder
# and Glance. (integer value)
#vmware_image_transfer_timeout_secs=7200
# Max number of objects to be retrieved per batch. Query
# results will be obtained in batches from the server and not
# in one shot. Server may still limit the count to something
# less than the configured value. (integer value)
#vmware_max_objects_retrieval=100
# Optional string specifying the VMware VC server version. The
# driver attempts to retrieve the version from VMware VC
# server. Set this configuration only if you want to override
# the VC server version. (string value)
#vmware_host_version=<None>
# Directory where virtual disks are stored during volume
# backup and restore. (string value)
#vmware_tmp_dir=/tmp
#
# Options defined in cinder.volume.drivers.windows.windows
#
85
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Path to store VHD backed volumes (string value)
#windows_iscsi_lun_path=C:\iSCSIVirtualDisks
#
# Options defined in cinder.volume.drivers.zadara
#
# Management IP of Zadara VPSA (string value)
#zadara_vpsa_ip=<None>
# Zadara VPSA port number (string value)
#zadara_vpsa_port=<None>
# Use SSL connection (boolean value)
#zadara_vpsa_use_ssl=false
# User name for the VPSA (string value)
#zadara_user=<None>
# Password for the VPSA (string value)
#zadara_password=<None>
# Name of VPSA storage pool for volumes (string value)
#zadara_vpsa_poolname=<None>
# Default thin provisioning policy for volumes (boolean value)
#zadara_vol_thin=true
# Default encryption policy for volumes (boolean value)
#zadara_vol_encrypt=false
# Default template for VPSA volume names (string value)
#zadara_vol_name_template=OS_%s
# Automatically detach from servers on volume delete (boolean
# value)
#zadara_vpsa_auto_detach_on_delete=true
# Don't halt on deletion of non-existing volumes (boolean
# value)
#zadara_vpsa_allow_nonexistent_delete=true
#
# Options defined in cinder.volume.drivers.zfssa.zfssaiscsi
#
# Storage pool name. (string value)
#zfssa_pool=<None>
# Project name. (string value)
#zfssa_project=<None>
# Block size: 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k.
# (string value)
86
CHAPT ER 1 . BLO CK ST O RAG E
#zfssa_lun_volblocksize=8k
# Flag to enable sparse (thin-provisioned): True, False.
# (boolean value)
#zfssa_lun_sparse=false
# Data compression-off, lzjb, gzip-2, gzip, gzip-9. (string
# value)
#zfssa_lun_compression=
# Synchronous write bias-latency, throughput. (string value)
#zfssa_lun_logbias=
# iSCSI initiator group. (string value)
#zfssa_initiator_group=
# iSCSI initiator IQNs. (comma separated) (string value)
#zfssa_initiator=
# iSCSI initiator CHAP user. (string value)
#zfssa_initiator_user=
# iSCSI initiator CHAP password. (string value)
#zfssa_initiator_password=
# iSCSI target group name. (string value)
#zfssa_target_group=tgt-grp
# iSCSI target CHAP user. (string value)
#zfssa_target_user=
# iSCSI target CHAP password. (string value)
#zfssa_target_password=
# iSCSI target portal (Data-IP:Port, w.x.y.z:3260). (string
# value)
#zfssa_target_portal=<None>
# Network interfaces of iSCSI targets. (comma separated)
# (string value)
#zfssa_target_interfaces=<None>
# REST connection timeout. (seconds) (integer value)
#zfssa_rest_timeout=<None>
#
# Options defined in cinder.volume.manager
#
# Driver to use for volume creation (string value)
#volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver
# Timeout for creating the volume to migrate to when
# performing volume migration (seconds) (integer value)
#migration_create_volume_timeout_secs=300
87
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Offload pending volume delete during volume service startup
# (boolean value)
#volume_service_inithost_offload=false
# FC Zoning mode configured (string value)
#zoning_mode=none
# User defined capabilities, a JSON formatted string
# specifying key/value pairs. (string value)
#extra_capabilities={}
[BRCD_FABRIC_EXAMPLE]
#
# Options defined in
cinder.zonemanager.drivers.brocade.brcd_fabric_opts
#
# Management IP of fabric (string value)
#fc_fabric_address=
# Fabric user ID (string value)
#fc_fabric_user=
# Password for user (string value)
#fc_fabric_password=
# Connecting port (integer value)
#fc_fabric_port=22
# overridden zoning policy (string value)
#zoning_policy=initiator-target
# overridden zoning activation state (boolean value)
#zone_activate=true
# overridden zone name prefix (string value)
#zone_name_prefix=<None>
# Principal switch WWN of the fabric (string value)
#principal_switch_wwn=<None>
[CISCO_FABRIC_EXAMPLE]
#
# Options defined in
cinder.zonemanager.drivers.cisco.cisco_fabric_opts
#
# Management IP of fabric (string value)
#cisco_fc_fabric_address=
# Fabric user ID (string value)
88
CHAPT ER 1 . BLO CK ST O RAG E
#cisco_fc_fabric_user=
# Password for user (string value)
#cisco_fc_fabric_password=
# Connecting port (integer value)
#cisco_fc_fabric_port=22
# overridden zoning policy (string value)
#cisco_zoning_policy=initiator-target
# overridden zoning activation state (boolean value)
#cisco_zone_activate=true
# overridden zone name prefix (string value)
#cisco_zone_name_prefix=<None>
# VSAN of the Fabric (string value)
#cisco_zoning_vsan=<None>
[database]
#
# Options defined in oslo.db
#
# The file name to use with SQLite. (string value)
#sqlite_db=oslo.sqlite
# If True, SQLite uses synchronous mode. (boolean value)
#sqlite_synchronous=true
# The back end to use for the database. (string value)
# Deprecated group/name - [DEFAULT]/db_backend
#backend=sqlalchemy
# The SQLAlchemy connection string to use to connect to the
# database. (string value)
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection=<None>
# The SQLAlchemy connection string to use to connect to the
# slave database. (string value)
#slave_connection=<None>
# The SQL mode to be used for MySQL sessions. This option,
# including the default, overrides any server-set SQL mode. To
# use whatever SQL mode is set by the server configuration,
# set this to no value. Example: mysql_sql_mode= (string
# value)
#mysql_sql_mode=TRADITIONAL
# Timeout before idle SQL connections are reaped. (integer
89
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# value)
# Deprecated group/name - [DEFAULT]/sql_idle_timeout
# Deprecated group/name - [DATABASE]/sql_idle_timeout
# Deprecated group/name - [sql]/idle_timeout
#idle_timeout=3600
# Minimum number of SQL connections to keep open in a pool.
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
# Deprecated group/name - [DATABASE]/sql_min_pool_size
#min_pool_size=1
# Maximum number of SQL connections to keep open in a pool.
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size=<None>
# Maximum number of database connection retries during
# startup. Set to -1 to specify an infinite retry count.
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_retries
# Deprecated group/name - [DATABASE]/sql_max_retries
#max_retries=10
# Interval between retries of opening a SQL connection.
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_retry_interval
# Deprecated group/name - [DATABASE]/reconnect_interval
#retry_interval=10
# If set, use this value for max_overflow with SQLAlchemy.
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
#max_overflow=<None>
# Verbosity of SQL debugging information: 0=None,
# 100=Everything. (integer value)
# Deprecated group/name - [DEFAULT]/sql_connection_debug
#connection_debug=0
# Add Python stack traces to SQL as comment strings. (boolean
# value)
# Deprecated group/name - [DEFAULT]/sql_connection_trace
#connection_trace=false
# If set, use this value for pool_timeout with SQLAlchemy.
# (integer value)
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
#pool_timeout=<None>
# Enable the experimental use of database reconnect on
# connection lost. (boolean value)
#use_db_reconnect=false
90
CHAPT ER 1 . BLO CK ST O RAG E
# Seconds between database connection retries. (integer value)
#db_retry_interval=1
# If True, increases the interval between database connection
# retries up to db_max_retry_interval. (boolean value)
#db_inc_retry_interval=true
# If db_inc_retry_interval is set, the maximum seconds between
# database connection retries. (integer value)
#db_max_retry_interval=10
# Maximum database connection retries before error is raised.
# Set to -1 to specify an infinite retry count. (integer
# value)
#db_max_retries=20
#
# Options defined in oslo.db.concurrency
#
# Enable the experimental use of thread pooling for all DB API
# calls (boolean value)
# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
#use_tpool=false
[fc-zone-manager]
#
# Options defined in
cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver
#
# Southbound connector for zoning operation (string value)
#brcd_sb_connector=cinder.zonemanager.drivers.brocade.brcd_fc_zone_cli
ent_cli.BrcdFCZoneClientCLI
#
# Options defined in
cinder.zonemanager.drivers.cisco.cisco_fc_zone_driver
#
# Southbound connector for zoning operation (string value)
#cisco_sb_connector=cinder.zonemanager.drivers.cisco.cisco_fc_zone_cli
ent_cli.CiscoFCZoneClientCLI
#
# Options defined in cinder.zonemanager.fc_zone_manager
#
# FC Zone Driver responsible for zone management (string
# value)
#zone_driver=cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver.B
91
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
rcdFCZoneDriver
# Zoning policy configured by user (string value)
#zoning_policy=initiator-target
# Comma separated list of fibre channel fabric names. This
# list of names is used to retrieve other SAN credentials for
# connecting to each SAN fabric (string value)
#fc_fabric_names=<None>
# FC San Lookup Service (string value)
#fc_san_lookup_service=cinder.zonemanager.drivers.brocade.brcd_fc_san_
lookup_service.BrcdFCSanLookupService
[keymgr]
#
# Options defined in cinder.keymgr
#
# The full class name of the key manager API class (string
# value)
#api_class=cinder.keymgr.conf_key_mgr.ConfKeyManager
#
# Options defined in cinder.keymgr.conf_key_mgr
#
# Fixed key returned by key manager, specified in hex (string
# value)
#fixed_key=<None>
#
# Options defined in cinder.keymgr.key_mgr
#
# Authentication url for encryption service. (string value)
#encryption_auth_url=http://localhost:5000/v2.0
# Url for encryption service. (string value)
#encryption_api_url=http://localhost:9311/v1
[keystone_authtoken]
#
# Options defined in keystonemiddleware.auth_token
#
# Prefix to prepend at the beginning of the path. Deprecated,
# use identity_uri. (string value)
#auth_admin_prefix=
92
CHAPT ER 1 . BLO CK ST O RAG E
# Host providing the admin Identity API endpoint. Deprecated,
# use identity_uri. (string value)
#auth_host=127.0.0.1
# Port of the admin Identity API endpoint. Deprecated, use
# identity_uri. (integer value)
#auth_port=35357
# Protocol of the admin Identity API endpoint (http or https).
# Deprecated, use identity_uri. (string value)
#auth_protocol=https
# Complete public Identity API endpoint (string value)
#auth_uri=<None>
# Complete admin Identity API endpoint. This should specify
# the unversioned root endpoint e.g. https://localhost:35357/
# (string value)
#identity_uri=<None>
# API version of the admin Identity API endpoint (string
# value)
#auth_version=<None>
# Do not handle authorization requests within the middleware,
# but delegate the authorization decision to downstream WSGI
# components (boolean value)
#delay_auth_decision=false
# Request timeout value for communicating with Identity API
# server. (boolean value)
#http_connect_timeout=<None>
# How many times are we trying to reconnect when communicating
# with Identity API Server. (integer value)
#http_request_max_retries=3
# This option is deprecated and may be removed in a future
# release. Single shared secret with the Keystone
# configuration used for bootstrapping a Keystone
# installation, or otherwise bypassing the normal
# authentication process. This option should not be used, use
# `admin_user` and `admin_password` instead. (string value)
#admin_token=<None>
# Keystone account username (string value)
#admin_user=<None>
# Keystone account password (string value)
#admin_password=<None>
# Keystone service account tenant name to validate user tokens
# (string value)
#admin_tenant_name=admin
# Env key for the swift cache (string value)
93
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#cache=<None>
# Required if Keystone server requires client certificate
# (string value)
#certfile=<None>
# Required if Keystone server requires client certificate
# (string value)
#keyfile=<None>
# A PEM encoded Certificate Authority to use when verifying
# HTTPs connections. Defaults to system CAs. (string value)
#cafile=<None>
# Verify HTTPS connections. (boolean value)
#insecure=false
# Directory used to cache files related to PKI tokens (string
# value)
#signing_dir=<None>
# Optionally specify a list of memcached server(s) to use for
# caching. If left undefined, tokens will instead be cached
# in-process. (list value)
# Deprecated group/name - [DEFAULT]/memcache_servers
#memcached_servers=<None>
# In order to prevent excessive effort spent validating
# tokens, the middleware caches previously-seen tokens for a
# configurable duration (in seconds). Set to -1 to disable
# caching completely. (integer value)
#token_cache_time=300
# Determines the frequency at which the list of revoked tokens
# is retrieved from the Identity service (in seconds). A high
# number of revocation events combined with a low cache
# duration may significantly reduce performance. (integer
# value)
#revocation_cache_time=10
# (optional) if defined, indicate whether token data should be
# authenticated or authenticated and encrypted. Acceptable
# values are MAC or ENCRYPT. If MAC, token data is
# authenticated (with HMAC) in the cache. If ENCRYPT, token
# data is encrypted and authenticated in the cache. If the
# value is not one of these options or empty, auth_token will
# raise an exception on initialization. (string value)
#memcache_security_strategy=<None>
# (optional, mandatory if memcache_security_strategy is
# defined) this string is used for key derivation. (string
# value)
#memcache_secret_key=<None>
# (optional) number of seconds memcached server is considered
# dead before it is tried again. (integer value)
94
CHAPT ER 1 . BLO CK ST O RAG E
#memcache_pool_dead_retry=300
# (optional) max total number of open connections to every
# memcached server. (integer value)
#memcache_pool_maxsize=10
# (optional) socket timeout in seconds for communicating with
# a memcache server. (integer value)
#memcache_pool_socket_timeout=3
# (optional) number of seconds a connection to memcached is
# held unused in the pool before it is closed. (integer value)
#memcache_pool_unused_timeout=60
# (optional) number of seconds that an operation will wait to
# get a memcache client connection from the pool. (integer
# value)
#memcache_pool_conn_get_timeout=10
# (optional) use the advanced (eventlet safe) memcache client
# pool. The advanced pool will only work under python 2.x.
# (boolean value)
#memcache_use_advanced_pool=false
# (optional) indicate whether to set the X-Service-Catalog
# header. If False, middleware will not ask for service
# catalog on token validation and will not set the X-Service# Catalog header. (boolean value)
#include_service_catalog=true
# Used to control the use and type of token binding. Can be
# set to: "disabled" to not check token binding. "permissive"
# (default) to validate binding information if the bind type
# is of a form known to the server and ignore it if not.
# "strict" like "permissive" but if the bind type is unknown
# the token will be rejected. "required" any form of token
# binding is needed to be allowed. Finally the name of a
# binding method that must be present in tokens. (string
# value)
#enforce_token_bind=permissive
# If true, the revocation list will be checked for cached
# tokens. This requires that PKI tokens are configured on the
# Keystone server. (boolean value)
#check_revocations_for_cached=false
#
#
#
#
#
#
#
#
#
#
Hash algorithms to use for hashing PKI tokens. This may be a
single algorithm or multiple. The algorithms are those
supported by Python standard hashlib.new(). The hashes will
be tried in the order given, so put the preferred one first
for performance. The result of the first hash will be stored
in the cache. This will typically be set to multiple values
only while migrating from a less secure algorithm to a more
secure one. Once all the old tokens are expired this option
should be set to a single value for better performance.
(list value)
95
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#hash_algorithms=md5
[matchmaker_redis]
#
# Options defined in oslo.messaging
#
# Host to locate redis. (string value)
#host=127.0.0.1
# Use this port to connect to redis host. (integer value)
#port=6379
# Password for Redis server (optional). (string value)
#password=<None>
[matchmaker_ring]
#
# Options defined in oslo.messaging
#
# Matchmaker ring file (JSON). (string value)
# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
#ringfile=/etc/oslo/matchmaker_ring.json
[oslo_messaging_amqp]
#
# Options defined in oslo.messaging
#
# NOTE: Options in this group are supported when using oslo.messaging
>=1.5.0.
# address prefix used when sending to a specific server
# (string value)
#server_request_prefix=exclusive
# address prefix used when broadcasting to all servers (string
# value)
#broadcast_prefix=broadcast
# address prefix when sending to any server in group (string
# value)
#group_request_prefix=unicast
# Name for the AMQP container (string value)
#container_name=<None>
# Timeout for inactive connections (in seconds) (integer
# value)
#idle_timeout=0
96
CHAPT ER 1 . BLO CK ST O RAG E
# Debug: dump AMQP frames to stdout (boolean value)
#trace=false
# CA certificate PEM file for verifing server certificate
# (string value)
#ssl_ca_file=
# Identifying certificate PEM file to present to clients
# (string value)
#ssl_cert_file=
# Private key PEM file used to sign cert_file certificate
# (string value)
#ssl_key_file=
# Password for decrypting ssl_key_file (if encrypted) (string
# value)
#ssl_key_password=<None>
# Accept clients using either SSL or plain TCP (boolean value)
#allow_insecure_clients=false
[profiler]
#
# Options defined in cinder.service
#
# If False fully disable profiling feature. (boolean value)
#profiler_enabled=false
# If False doesn't trace SQL requests. (boolean value)
#trace_sqlalchemy=false
[ssl]
#
# Options defined in cinder.openstack.common.sslutils
#
# CA certificate file to use to verify connecting clients
# (string value)
#ca_file=<None>
# Certificate file to use when starting the server securely
# (string value)
#cert_file=<None>
# Private key file to use when starting the server securely
# (string value)
#key_file=<None>
97
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
1.3.2. api-past e.ini
Use the api -paste. i ni file to configure the Block Storage API service.
#############
# OpenStack #
#############
[composite:osapi_volume]
use = call:cinder.api:root_app_factory
/: apiversions
/v1: openstack_volume_api_v1
/v2: openstack_volume_api_v2
[composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = request_id faultwrap sizelimit osprofiler noauth apiv1
keystone = request_id faultwrap sizelimit osprofiler authtoken
keystonecontext apiv1
keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken
keystonecontext apiv1
[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = request_id faultwrap sizelimit osprofiler noauth apiv2
keystone = request_id faultwrap sizelimit osprofiler authtoken
keystonecontext apiv2
keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken
keystonecontext apiv2
[filter:request_id]
paste.filter_factory =
cinder.openstack.common.middleware.request_id:RequestIdMiddleware.fact
ory
[filter:faultwrap]
paste.filter_factory =
cinder.api.middleware.fault:FaultWrapper.factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = SECRET_KEY
enabled = yes
[filter:noauth]
paste.filter_factory =
cinder.api.middleware.auth:NoAuthMiddleware.factory
[filter:sizelimit]
98
CHAPT ER 1 . BLO CK ST O RAG E
paste.filter_factory =
cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory
[app:apiv1]
paste.app_factory = cinder.api.v1.router:APIRouter.factory
[app:apiv2]
paste.app_factory = cinder.api.v2.router:APIRouter.factory
[pipeline:apiversions]
pipeline = faultwrap osvolumeversionapp
[app:osvolumeversionapp]
paste.app_factory = cinder.api.versions:Versions.factory
##########
# Shared #
##########
[filter:keystonecontext]
paste.filter_factory =
cinder.api.middleware.auth:CinderKeystoneContext.factory
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
1.3.3. policy.json
The po l i cy. jso n file defines additional access controls that apply to the Block Storage
service.
{
"context_is_admin": "role:admin",
"admin_or_owner": "is_admin:True or project_id:%(project_id)s",
"default": "rule:admin_or_owner",
"admin_api": "is_admin:True",
"volume:create": "",
"volume:get_all": "",
"volume:get_volume_metadata": "",
"volume:get_volume_admin_metadata": "rule:admin_api",
"volume:delete_volume_admin_metadata": "rule:admin_api",
"volume:update_volume_admin_metadata": "rule:admin_api",
"volume:get_snapshot": "",
"volume:get_all_snapshots": "",
"volume:extend": "",
"volume:update_readonly_flag": "",
"volume:retype": "",
"volume_extension:types_manage": "rule:admin_api",
99
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
"volume_extension:types_extra_specs": "rule:admin_api",
"volume_extension:volume_type_encryption": "rule:admin_api",
"volume_extension:volume_encryption_metadata":
"rule:admin_or_owner",
"volume_extension:extended_snapshot_attributes": "",
"volume_extension:volume_image_metadata": "",
"volume_extension:quotas:show": "",
"volume_extension:quotas:update": "rule:admin_api",
"volume_extension:quota_classes": "",
"volume_extension:volume_admin_actions:reset_status":
"rule:admin_api",
"volume_extension:snapshot_admin_actions:reset_status":
"rule:admin_api",
"volume_extension:backup_admin_actions:reset_status":
"rule:admin_api",
"volume_extension:volume_admin_actions:force_delete":
"rule:admin_api",
"volume_extension:volume_admin_actions:force_detach":
"rule:admin_api",
"volume_extension:snapshot_admin_actions:force_delete":
"rule:admin_api",
"volume_extension:volume_admin_actions:migrate_volume":
"rule:admin_api",
"volume_extension:volume_admin_actions:migrate_volume_completion":
"rule:admin_api",
"volume_extension:volume_host_attribute": "rule:admin_api",
"volume_extension:volume_tenant_attribute":
"rule:admin_or_owner",
"volume_extension:volume_mig_status_attribute": "rule:admin_api",
"volume_extension:hosts": "rule:admin_api",
"volume_extension:services": "rule:admin_api",
"volume_extension:volume_manage": "rule:admin_api",
"volume_extension:volume_unmanage": "rule:admin_api",
"volume:services": "rule:admin_api",
"volume:create_transfer": "",
"volume:accept_transfer": "",
"volume:delete_transfer": "",
"volume:get_all_transfers": "",
"volume_extension:replication:promote": "rule:admin_api",
"volume_extension:replication:reenable": "rule:admin_api",
"backup:create" : "",
"backup:delete": "",
"backup:get": "",
"backup:get_all": "",
"backup:restore": "",
"backup:backup-import": "rule:admin_api",
"backup:backup-export": "rule:admin_api",
100
CHAPT ER 1 . BLO CK ST O RAG E
"snapshot_extension:snapshot_actions:update_snapshot_status": "",
"consistencygroup:create" : "group:nobody",
"consistencygroup:delete": "group:nobody",
"consistencygroup:get": "group:nobody",
"consistencygroup:get_all": "group:nobody",
"consistencygroup:create_cgsnapshot" : "",
"consistencygroup:delete_cgsnapshot": "",
"consistencygroup:get_cgsnapshot": "",
"consistencygroup:get_all_cgsnapshots": "",
"scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api"
}
1.3.4 . root wrap.conf
The ro o twrap. co nf file defines configuration values used by the ro o twrap script when
the Block Storage service must escalate its privileges to those of the root user.
# Configuration for cinder-rootwrap
# This file should be owned by (and only-writeable by) the root user
[DEFAULT]
# List of directories to load filter definitions from (separated by
',').
# These directories MUST all be only writeable by root !
filters_path=/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin
# Enable logging to syslog
# Default value is False
use_syslog=False
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility=syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=ERROR
1.4 . FIBRE CHANNEL ZONE MANAGER
101
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
The Fibre Channel Z one Manager allows FC SAN Z one/Access control management in
conjunction with Fibre Channel block storage. The configuration of Fibre Channel Z one
Manager and various zone drivers are described in this section.
1.4 .1. Configure Block St orage t o use Fibre Channel Zone Manager
If Block Storage is configured to use a Fibre Channel volume driver that supports Z one
Manager, update ci nd er. co nf to add the following configuration options to enable Fibre
Channel Z one Manager.
Make the following changes in the /etc/ci nd er/ci nd er. co nf file.
T ab le 1.19 . D escrip t io n o f z o n in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
zo ni ng _mo d e = none
(StrO p t) FC Zo ning mo d e c o nfig ured
[fc- z one- manager]
fc_fabri c_names = None
(StrO p t) Co mma s ep arated lis t o f fib re
c hannel fab ric names . This lis t o f names is
us ed to retrieve o ther SAN c red entials fo r
c o nnec ting to eac h SAN fab ric
fc_san_l o o kup_servi ce =
(StrO p t) FC San Lo o kup Servic e
cinder.zonemanager.drivers.brocade.brcd_fc_sa
n_lookup_service.BrcdFCSanLookupService
zo ne_d ri ver =
cinder.zonemanager.drivers.brocade.brcd_fc_zo
ne_driver.BrcdFCZoneDriver
zo ni ng _po l i cy = initiator-target
(StrO p t) FC Zo ne Driver res p o ns ib le fo r
z o ne manag ement
(StrO p t) Zo ning p o lic y c o nfig ured b y us er
To use different Fibre Channel Z one D rivers, use the parameters described in this section.
Note
When multi backend configuration is used, provide the zo ni ng _mo d e
configuration option as part of the volume driver configuration where
vo l ume_d ri ver option is specified.
102
CHAPT ER 1 . BLO CK ST O RAG E
Note
D efault value of zo ni ng _mo d e is No ne and this needs to be changed to fabri c
to allow fabric zoning.
Note
zo ni ng _po l i cy can be configured as i ni ti ato r-targ et or i ni ti ato r
1.4 .2. Brocade Fibre Channel Zone Driver
Brocade Fibre Channel Z one D river performs zoning operations via SSH. Configure
Brocade Z one D river and lookup service by specifying the following parameters:
T ab le 1.20. D escrip t io n o f z o n in g man ag er co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[fc- z one- manager]
brcd _sb_co nnecto r =
cinder.zonemanager.drivers.brocade.brcd_fc_zo
ne_client_cli.BrcdFCZoneClientCLI
(StrO p t) So uthb o und c o nnec to r fo r z o ning
o p eratio n
Configure SAN fabric parameters in the form of fabric groups as described in the example
below:
T ab le 1.21. D escrip t io n o f z o n in g f ab rics co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[BRCD_FABRIC_EXAMPLE]
fc_fabri c_ad d ress =
(StrO p t) Manag ement IP o f fab ric
fc_fabri c_passwo rd =
(StrO p t) Pas s wo rd fo r us er
fc_fabri c_po rt = 22
(IntO p t) Co nnec ting p o rt
fc_fabri c_user =
(StrO p t) Fab ric us er ID
pri nci pal _swi tch_wwn = None
(StrO p t) Princ ip al s witc h WWN o f the fab ric
zo ne_acti vate = True
(Bo o lO p t) o verrid d en z o ning ac tivatio n s tate
103
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
zo ne_name_prefi x = None
(StrO p t) o verrid d en z o ne name p refix
zo ni ng _po l i cy = initiator-target
(StrO p t) o verrid d en z o ning p o lic y
Note
D efine a fabric group for each fabric using the fabric names used in
fc_fabri c_names configuration option as group name.
1 .4 .2 .1 . Syst e m re quire m e nt s
Brocade Fibre Channel Z one D river requires firmware version FOS v6.4 or higher.
As a best practice for zone management, use a user account with zo nead mi n role. Users
with ad mi n role (including the default ad mi n user account) are limited to a maximum of two
concurrent SSH sessions.
For information about how to manage Brocade Fibre Channel switches, see the Brocade
Fabric OS user documentation.
1.4 .3. Cisco Fibre Channel Zone Driver
Cisco Fibre Channel Z one D river performs zoning operations via SSH. Configure Cisco
Z one D river and lookup service by specifying the following parameters:
T ab le 1.22. D escrip t io n o f cisco z o n in g man ag er co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[fc- z one- manager]
ci sco _sb_co nnecto r =
cinder.zonemanager.drivers.cisco.cisco_fc_zone
_client_cli.CiscoFCZoneClientCLI
(StrO p t) So uthb o und c o nnec to r fo r z o ning
o p eratio n
Configure SAN fabric parameters in the form of fabric groups as described in the example
below:
T ab le 1.23. D escrip t io n o f cisco z o n in g f ab rics co n f ig u rat io n o p t io n s
104
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
[CISCO _FABRIC_EXAMPLE]
ci sco _fc_fabri c_ad d ress =
(StrO p t) Manag ement IP o f fab ric
ci sco _fc_fabri c_passwo rd =
(StrO p t) Pas s wo rd fo r us er
ci sco _fc_fabri c_po rt = 22
(IntO p t) Co nnec ting p o rt
ci sco _fc_fabri c_user =
(StrO p t) Fab ric us er ID
ci sco _zo ne_acti vate = True
(Bo o lO p t) o verrid d en z o ning ac tivatio n s tate
ci sco _zo ne_name_prefi x = None
(StrO p t) o verrid d en z o ne name p refix
ci sco _zo ni ng _po l i cy = initiator-target
(StrO p t) o verrid d en z o ning p o lic y
ci sco _zo ni ng _vsan = None
(StrO p t) VSAN o f the Fab ric
Note
D efine a fabric group for each fabric using the fabric names used in
fc_fabri c_names configuration option as group name.
The Cisco Fibre Channel Z one D river supports basic and enhanced zoning
modes.The zoning VSAN must exist with an active zone set name which is same as
the fc_fabri c_names parameter.
1 .4 .3.1 . Syst e m re quire m e nt s
Cisco MD S 9000 Family Switches.
Cisco MD S NX-OS Release 6.2(9) or later.
For information about how to manage Cisco Fibre Channel switches, see the Cisco MD S
9000 user documentation.
1.5. ADDIT IONAL OPT IONS
These options can also be set in the ci nd er. co nf file.
T ab le 1.24 . D escrip t io n o f au t h o riz at io n t o ken co n f ig u rat io n o p t io n s
105
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[keyst one_aut ht oken]
106
ad mi n_passwo rd = None
(StrO p t) Keys to ne ac c o unt p as s wo rd
ad mi n_tenant_name = admin
(StrO p t) Keys to ne s ervic e ac c o unt tenant
name to valid ate us er to kens
ad mi n_to ken = None
(StrO p t) This o p tio n is d ep rec ated and may
b e remo ved in a future releas e. Sing le
s hared s ec ret with the Keys to ne
c o nfig uratio n us ed fo r b o o ts trap p ing a
Keys to ne ins tallatio n, o r o therwis e
b yp as s ing the no rmal authentic atio n
p ro c es s . This o p tio n s ho uld no t b e us ed ,
us e `ad min_us er` and `ad min_p as s wo rd `
ins tead .
ad mi n_user = None
(StrO p t) Keys to ne ac c o unt us ername
auth_ad mi n_prefi x =
(StrO p t) Prefix to p rep end at the b eg inning
o f the p ath. Dep rec ated , us e id entity_uri.
auth_ho st = 127.0.0.1
(StrO p t) Ho s t p ro vid ing the ad min Id entity
API end p o int. Dep rec ated , us e id entity_uri.
auth_po rt = 35357
(IntO p t) Po rt o f the ad min Id entity API
end p o int. Dep rec ated , us e id entity_uri.
auth_pro to co l = https
(StrO p t) Pro to c o l o f the ad min Id entity API
end p o int (http o r http s ). Dep rec ated , us e
id entity_uri.
auth_uri = None
(StrO p t) Co mp lete p ub lic Id entity API
end p o int
auth_versi o n = None
(StrO p t) API vers io n o f the ad min Id entity API
end p o int
cache = None
(StrO p t) Env key fo r the s wift c ac he
cafi l e = None
(StrO p t) A PEM enc o d ed Certific ate Autho rity
to us e when verifying HTTPs c o nnec tio ns .
Defaults to s ys tem CAs .
certfi l e = None
(StrO p t) Req uired if Keys to ne s erver
req uires c lient c ertific ate
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
check_revo cati o ns_fo r_cached =
(Bo o lO p t) If true, the revo c atio n lis t will b e
c hec ked fo r c ac hed to kens . This req uires
that PKI to kens are c o nfig ured o n the
Keys to ne s erver.
False
d el ay_auth_d eci si o n = False
(Bo o lO p t) Do no t hand le autho riz atio n
req ues ts within the mid d leware, b ut d eleg ate
the autho riz atio n d ec is io n to d o wns tream
WSG I c o mp o nents
enfo rce_to ken_bi nd = permissive
(StrO p t) Us ed to c o ntro l the us e and typ e o f
to ken b ind ing . Can b e s et to : " d is ab led " to
no t c hec k to ken b ind ing . " p ermis s ive"
(d efault) to valid ate b ind ing info rmatio n if the
b ind typ e is o f a fo rm kno wn to the s erver
and ig no re it if no t. " s tric t" like " p ermis s ive"
b ut if the b ind typ e is unkno wn the to ken will
b e rejec ted . " req uired " any fo rm o f to ken
b ind ing is need ed to b e allo wed . Finally the
name o f a b ind ing metho d that mus t b e
p res ent in to kens .
hash_al g o ri thms = md5
(Lis tO p t) Has h alg o rithms to us e fo r has hing
PKI to kens . This may b e a s ing le alg o rithm
o r multip le. The alg o rithms are tho s e
s up p o rted b y Pytho n s tand ard has hlib .new().
The has hes will b e tried in the o rd er g iven,
s o p ut the p referred o ne firs t fo r
p erfo rmanc e. The res ult o f the firs t has h will
b e s to red in the c ac he. This will typ ic ally b e
s et to multip le values o nly while mig rating
fro m a les s s ec ure alg o rithm to a mo re
s ec ure o ne. O nc e all the o ld to kens are
exp ired this o p tio n s ho uld b e s et to a s ing le
value fo r b etter p erfo rmanc e.
http_co nnect_ti meo ut = None
(Bo o lO p t) Req ues t timeo ut value fo r
c o mmunic ating with Id entity API s erver.
http_req uest_max_retri es = 3
(IntO p t) Ho w many times are we trying to
rec o nnec t when c o mmunic ating with Id entity
API Server.
i d enti ty_uri = None
(StrO p t) Co mp lete ad min Id entity API
end p o int. This s ho uld s p ec ify the
unvers io ned ro o t end p o int e.g .
http s ://lo c alho s t:35357/
107
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
i ncl ud e_servi ce_catal o g = True
(Bo o lO p t) (o p tio nal) ind ic ate whether to s et
the X-Servic e-Catalo g head er. If Fals e,
mid d leware will no t as k fo r s ervic e c atalo g
o n to ken valid atio n and will no t s et the XServic e-Catalo g head er.
i nsecure = False
(Bo o lO p t) Verify HTTPS c o nnec tio ns .
keyfi l e = None
(StrO p t) Req uired if Keys to ne s erver
req uires c lient c ertific ate
memcache_secret_key = None
(StrO p t) (o p tio nal, mand ato ry if
memc ac he_s ec urity_s trateg y is d efined ) this
s tring is us ed fo r key d erivatio n.
memcache_securi ty_strateg y = None
(StrO p t) (o p tio nal) if d efined , ind ic ate
whether to ken d ata s ho uld b e authentic ated
o r authentic ated and enc ryp ted . Ac c ep tab le
values are MAC o r ENCRYPT. If MAC, to ken
d ata is authentic ated (with HMAC) in the
c ac he. If ENCRYPT, to ken d ata is enc ryp ted
and authentic ated in the c ac he. If the value is
no t o ne o f thes e o p tio ns o r emp ty,
auth_to ken will rais e an exc ep tio n o n
initializ atio n.
revo cati o n_cache_ti me = 10
(IntO p t) Determines the freq uenc y at whic h
the lis t o f revo ked to kens is retrieved fro m
the Id entity s ervic e (in s ec o nd s ). A hig h
numb er o f revo c atio n events c o mb ined with a
lo w c ac he d uratio n may s ig nific antly red uc e
p erfo rmanc e.
si g ni ng _d i r = None
(StrO p t) Direc to ry us ed to c ac he files related
to PKI to kens
to ken_cache_ti me = 300
(IntO p t) In o rd er to p revent exc es s ive effo rt
s p ent valid ating to kens , the mid d leware
c ac hes p revio us ly-s een to kens fo r a
c o nfig urab le d uratio n (in s ec o nd s ). Set to -1
to d is ab le c ac hing c o mp letely.
T ab le 1.25. D escrip t io n o f N AS co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
[DEFAULT ]
108
Descript ion
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
nas_i p =
(StrO p t) IP ad d res s o r Ho s tname o f NAS
s ys tem.
nas_l o g i n = admin
(StrO p t) Us er name to c o nnec t to NAS
s ys tem.
nas_passwo rd =
(StrO p t) Pas s wo rd to c o nnec t to NAS
s ys tem.
nas_pri vate_key =
(StrO p t) Filename o f p rivate key to us e fo r
SSH authentic atio n.
nas_secure_fi l e_o perati o ns = auto
(StrO p t) Allo w netwo rk-attac hed s to rag e
s ys tems to o p erate in a s ec ure enviro nment
where ro o t level ac c es s is no t p ermitted . If
s et to Fals e, ac c es s is as the ro o t us er and
ins ec ure. If s et to True, ac c es s is no t as ro o t.
If s et to auto , a c hec k is d o ne to d etermine if
this is a new ins tallatio n: True is us ed if s o ,
o therwis e Fals e. Default is auto .
nas_secure_fi l e_permi ssi o ns = auto
(StrO p t) Set mo re s ec ure file p ermis s io ns o n
netwo rk-attac hed s to rag e vo lume files to
res tric t b ro ad o ther/wo rld ac c es s . If s et to
Fals e, vo lumes are c reated with o p en
p ermis s io ns . If s et to True, vo lumes are
c reated with p ermis s io ns fo r the c ind er us er
and g ro up (6 6 0 ). If s et to auto , a c hec k is
d o ne to d etermine if this is a new ins tallatio n:
True is us ed if s o , o therwis e Fals e. Default is
auto .
nas_ssh_po rt = 22
(IntO p t) SSH p o rt to us e to c o nnec t to NAS
s ys tem.
T ab le 1.26 . D escrip t io n o f H P MSA Fib er C h an n el d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
msa_vd i sk = OpenStack
(StrO p t) The VDis k to us e fo r vo lume
c reatio n.
T ab le 1.27. D escrip t io n o f N imb le d river co n f ig u rat io n o p t io n s
109
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ni mbl e_po o l _name = default
(StrO p t) Nimb le Co ntro ller p o o l name
ni mbl e_subnet_l abel = *
(StrO p t) Nimb le Sub net Lab el
T ab le 1.28. D escrip t io n o f Pu re St o rag e d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
pure_api _to ken = None
(StrO p t) REST API autho riz atio n to ken.
T ab le 1.29 . D escrip t io n o f d at ab ase co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d b_backend = sqlalchemy
(StrO p t) The b ac kend to us e fo r d b
d b_d ri ver = cinder.db
(StrO p t) Driver to us e fo r d atab as e ac c es s
[dat abase]
110
backend = sqlalchemy
(StrO p t) The b ac k end to us e fo r the
d atab as e.
co nnecti o n = None
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the d atab as e.
co nnecti o n_d ebug = 0
(IntO p t) Verb o s ity o f SQ L d eb ug g ing
info rmatio n: 0 =No ne, 10 0 =Everything .
co nnecti o n_trace = False
(Bo o lO p t) Ad d Pytho n s tac k trac es to SQ L
as c o mment s tring s .
d b_i nc_retry_i nterval = True
(Bo o lO p t) If True, inc reas es the interval
b etween d atab as e c o nnec tio n retries up to
d b _max_retry_interval.
d b_max_retri es = 20
(IntO p t) Maximum d atab as e c o nnec tio n
retries b efo re erro r is rais ed . Set to -1 to
s p ec ify an infinite retry c o unt.
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
d b_max_retry_i nterval = 10
(IntO p t) If d b _inc _retry_interval is s et, the
maximum s ec o nd s b etween d atab as e
c o nnec tio n retries .
d b_retry_i nterval = 1
(IntO p t) Sec o nd s b etween d atab as e
c o nnec tio n retries .
i d l e_ti meo ut = 3600
(IntO p t) Timeo ut b efo re id le SQ L
c o nnec tio ns are reap ed .
max_o verfl o w = None
(IntO p t) If s et, us e this value fo r
max_o verflo w with SQ LAlc hemy.
max_po o l _si ze = None
(IntO p t) Maximum numb er o f SQ L
c o nnec tio ns to keep o p en in a p o o l.
max_retri es = 10
(IntO p t) Maximum numb er o f d atab as e
c o nnec tio n retries d uring s tartup . Set to -1 to
s p ec ify an infinite retry c o unt.
mi n_po o l _si ze = 1
(IntO p t) Minimum numb er o f SQ L
c o nnec tio ns to keep o p en in a p o o l.
mysq l _sq l _mo d e = TRADITIONAL
(StrO p t) The SQ L mo d e to b e us ed fo r
MySQ L s es s io ns . This o p tio n, inc lud ing the
d efault, o verrid es any s erver-s et SQ L mo d e.
To us e whatever SQ L mo d e is s et b y the
s erver c o nfig uratio n, s et this to no value.
Examp le: mys q l_s q l_mo d e=
po o l _ti meo ut = None
(IntO p t) If s et, us e this value fo r p o o l_timeo ut
with SQ LAlc hemy.
retry_i nterval = 10
(IntO p t) Interval b etween retries o f o p ening a
SQ L c o nnec tio n.
sl ave_co nnecti o n = None
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the s lave d atab as e.
sq l i te_d b = oslo.sqlite
(StrO p t) The file name to us e with SQ Lite.
sq l i te_synchro no us = True
(Bo o lO p t) If True, SQ Lite us es s ync hro no us
mo d e.
use_d b_reco nnect = False
(Bo o lO p t) Enab le the exp erimental us e o f
d atab as e rec o nnec t o n c o nnec tio n lo s t.
use_tpo o l = False
(Bo o lO p t) Enab le the exp erimental us e o f
thread p o o ling fo r all DB API c alls
111
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
T ab le 1.30. D escrip t io n o f key man ag er co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[keymgr]
api _cl ass =
cinder.keymgr.conf_key_mgr.ConfKeyManager
(StrO p t) The full c las s name o f the key
manag er API c las s
encrypti o n_api _url =
(StrO p t) Url fo r enc ryp tio n s ervic e.
http://localhost:9311/v1
encrypti o n_auth_url =
http://localhost:5000/v3
fi xed _key = None
(StrO p t) Authentic atio n url fo r enc ryp tio n
s ervic e.
(StrO p t) Fixed key returned b y key manag er,
s p ec ified in hex
T ab le 1.31. D escrip t io n o f st o rag e co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
112
al l o cated _capaci ty_wei g ht_mul ti
pl i er = -1.0
(Flo atO p t) Multip lier us ed fo r weig hing
vo lume c ap ac ity. Neg ative numb ers mean to
s tac k vs s p read .
capaci ty_wei g ht_mul ti pl i er = 1.0
(Flo atO p t) Multip lier us ed fo r weig hing
vo lume c ap ac ity. Neg ative numb ers mean to
s tac k vs s p read .
enabl ed _backend s = None
(Lis tO p t) A lis t o f b ac kend names to us e.
Thes e b ac kend names s ho uld b e b ac ked b y
a uniq ue [CO NFIG ] g ro up with its o p tio ns
i scsi _hel per = tgtadm
(StrO p t) iSCSI targ et us er-land to o l to us e.
tg tad m is d efault, us e lio ad m fo r LIO iSCSI
s up p o rt, is erad m fo r the ISER p ro to c o l, o r
fake fo r tes ting .
i scsi _i o type = fileio
(StrO p t) Sets the b ehavio r o f the iSCSI targ et
to either p erfo rm b lo c kio o r fileio o p tio nally,
auto c an b e s et and Cind er will auto d etec t
typ e o f b ac king d evic e
i scsi _i p_ad d ress = $my_ip
(StrO p t) The IP ad d res s that the iSCSI
d aemo n is lis tening o n
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
i scsi _num_targ ets = 100
(IntO p t) The maximum numb er o f iSCSI
targ et IDs p er ho s t
i scsi _po rt = 3260
(IntO p t) The p o rt that the iSCSI d aemo n is
lis tening o n
i scsi _targ et_prefi x = iqn.2010-
(StrO p t) Prefix fo r iSCSI vo lumes
10.org.openstack:
i scsi _wri te_cache = on
(StrO p t) Sets the b ehavio r o f the iSCSI targ et
to either p erfo rm write-b ac k(o n) o r writethro ug h(o ff). This p arameter is valid if
is c s i_help er is s et to tg tad m o r is erad m.
i ser_hel per = tgtadm
(StrO p t) The name o f the iSER targ et us erland to o l to us e
i ser_i p_ad d ress = $my_ip
(StrO p t) The IP ad d res s that the iSER
d aemo n is lis tening o n
i ser_num_targ ets = 100
(IntO p t) The maximum numb er o f iSER targ et
IDs p er ho s t
i ser_po rt = 3260
(IntO p t) The p o rt that the iSER d aemo n is
lis tening o n
i ser_targ et_prefi x = iqn.2010-
(StrO p t) Prefix fo r iSER vo lumes
10.org.iser.openstack:
max_g i g abytes = 10000
(IntO p t) This c o nfig ure o p tio n has b een
d ep rec ated alo ng with the Simp leSc hed uler.
New s c hed uler is ab le to g ather c ap ac ity
info rmatio n fo r eac h ho s t, thus s etting the
maximum numb er o f vo lume g ig ab ytes fo r
ho s t is no lo ng er need ed . It' s s afe to remo ve
this c o nfig ure fro m c ind er.c o nf.
mi g rati o n_create_vo l ume_ti meo ut_
secs = 300
(IntO p t) Timeo ut fo r c reating the vo lume to
mig rate to when p erfo rming vo lume
mig ratio n (s ec o nd s )
num_i ser_scan_tri es = 3
(IntO p t) The maximum numb er o f times to
res c an iSER targ etto find vo lume
num_vo l ume_d evi ce_scan_tri es = 3
(IntO p t) The maximum numb er o f times to
res c an targ ets to find vo lume
vo l ume_backend _name = None
(StrO p t) The b ac kend name fo r a g iven d river
imp lementatio n
113
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
vo l ume_cl ear = zero
(StrO p t) Metho d us ed to wip e o ld vo lumes
(valid o p tio ns are: no ne, z ero , s hred )
vo l ume_cl ear_i o ni ce = None
(StrO p t) The flag to p as s to io nic e to alter
the i/o p rio rity o f the p ro c es s us ed to z ero a
vo lume after d eletio n, fo r examp le " -c 3" fo r
id le o nly p rio rity.
vo l ume_cl ear_si ze = 0
(IntO p t) Siz e in MiB to wip e at s tart o f o ld
vo lumes . 0 => all
vo l ume_co py_bl ki o _cg ro up_name =
(StrO p t) The b lkio c g ro up name to b e us ed
to limit b and wid th o f vo lume c o p y
cinder-volume-copy
vo l ume_co py_bps_l i mi t = 0
(IntO p t) The up p er limit o f b and wid th o f
vo lume c o p y. 0 => unlimited
vo l ume_d d _bl o cksi ze = 1M
(StrO p t) The d efault b lo c k s iz e us ed when
c o p ying /c learing vo lumes
vo l ume_d ri ver =
(StrO p t) Driver to us e fo r vo lume c reatio n
cinder.volume.drivers.lvm.LVMISCSIDriver
vo l ume_manag er =
cinder.volume.manager.VolumeManager
vo l ume_servi ce_i ni tho st_o ffl o ad
= False
(StrO p t) Full c las s name fo r the Manag er fo r
vo lume
(Bo o lO p t) O fflo ad p end ing vo lume d elete
d uring vo lume s ervic e s tartup
vo l ume_usag e_aud i t_peri o d = month
(StrO p t) Time p erio d fo r whic h to g enerate
vo lume us ag es . The o p tio ns are ho ur, d ay,
mo nth, o r year.
vo l umes_d i r = $state_path/volumes
(StrO p t) Vo lume c o nfig uratio n file s to rag e
d irec to ry
T ab le 1.32. D escrip t io n o f R PC co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
114
matchmaker_heartbeat_freq = 300
(IntO p t) Heartb eat freq uenc y.
matchmaker_heartbeat_ttl = 600
(IntO p t) Heartb eat time-to -live.
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
rpc_backend = rabbit
(StrO p t) The mes s ag ing d river to us e,
d efaults to rab b it. O ther d rivers inc lud e q p id
and z mq .
rpc_cast_ti meo ut = 30
(IntO p t) Sec o nd s to wait b efo re a c as t
exp ires (TTL). O nly s up p o rted b y imp l_z mq .
rpc_co nn_po o l _si ze = 30
(IntO p t) Siz e o f RPC c o nnec tio n p o o l.
rpc_respo nse_ti meo ut = 60
(IntO p t) Sec o nd s to wait fo r a res p o ns e fro m
a c all.
rpc_thread _po o l _si ze = 64
(IntO p t) Siz e o f RPC g reenthread p o o l.
vo l ume_to pi c = cinder-volume
(StrO p t) The to p ic that vo lume no d es lis ten
on
[oslo_messaging_amqp]
al l o w_i nsecure_cl i ents = False
(Bo o lO p t) Ac c ep t c lients us ing either SSL o r
p lain TCP
bro ad cast_prefi x = broadcast
(StrO p t) ad d res s p refix us ed when
b ro ad c as ting to all s ervers
co ntai ner_name = None
(StrO p t) Name fo r the AMQ P c o ntainer
g ro up_req uest_prefi x = unicast
(StrO p t) ad d res s p refix when s end ing to any
s erver in g ro up
i d l e_ti meo ut = 0
(IntO p t) Timeo ut fo r inac tive c o nnec tio ns (in
s ec o nd s )
server_req uest_prefi x = exclusive
(StrO p t) ad d res s p refix us ed when s end ing
to a s p ec ific s erver
ssl _ca_fi l e =
(StrO p t) CA c ertific ate PEM file fo r verifing
s erver c ertific ate
ssl _cert_fi l e =
(StrO p t) Id entifying c ertific ate PEM file to
p res ent to c lients
ssl _key_fi l e =
(StrO p t) Private key PEM file us ed to s ig n
c ert_file c ertific ate
ssl _key_passwo rd = None
(StrO p t) Pas s wo rd fo r d ec ryp ting
s s l_key_file (if enc ryp ted )
115
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
trace = False
(Bo o lO p t) Deb ug : d ump AMQ P frames to
s td o ut
T ab le 1.33. D escrip t io n o f AMQ P co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
amq p_auto _d el ete = False
(Bo o lO p t) Auto -d elete q ueues in AMQ P.
amq p_d urabl e_q ueues = False
(Bo o lO p t) Us e d urab le q ueues in AMQ P.
co ntro l _exchang e = openstack
(StrO p t) The d efault exc hang e und er whic h
to p ic s are s c o p ed . May b e o verrid d en b y an
exc hang e name s p ec ified in the trans p o rt_url
o p tio n.
no ti fi cati o n_d ri ver = []
(MultiStrO p t) Driver o r d rivers to hand le
s end ing no tific atio ns .
no ti fi cati o n_to pi cs = notifications
(Lis tO p t) AMQ P to p ic us ed fo r O p enStac k
no tific atio ns .
transpo rt_url = None
(StrO p t) A URL rep res enting the mes s ag ing
d river to us e and its full c o nfig uratio n. If no t
s et, we fall b ac k to the rp c _b ac kend o p tio n
and d river s p ec ific c o nfig uratio n.
T ab le 1.34 . D escrip t io n o f Q p id co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
116
q pi d _heartbeat = 60
(IntO p t) Sec o nd s b etween c o nnec tio n
keep alive heartb eats .
q pi d _ho stname = localhost
(StrO p t) Q p id b ro ker ho s tname.
q pi d _ho sts = $qpid_hostname:$qpid_port
(Lis tO p t) Q p id HA c lus ter ho s t:p o rt p airs .
q pi d _passwo rd =
(StrO p t) Pas s wo rd fo r Q p id c o nnec tio n.
q pi d _po rt = 5672
(IntO p t) Q p id b ro ker p o rt.
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
q pi d _pro to co l = tcp
(StrO p t) Trans p o rt to us e, either ' tc p ' o r
' s s l' .
q pi d _recei ver_capaci ty = 1
(IntO p t) The numb er o f p refetc hed mes s ag es
held b y rec eiver.
q pi d _sasl _mechani sms =
(StrO p t) Sp ac e s ep arated lis t o f SASL
mec hanis ms to us e fo r auth.
q pi d _tcp_no d el ay = True
(Bo o lO p t) Whether to d is ab le the Nag le
alg o rithm.
q pi d _to po l o g y_versi o n = 1
(IntO p t) The q p id to p o lo g y vers io n to us e.
Vers io n 1 is what was o rig inally us ed b y
imp l_q p id . Vers io n 2 inc lud es s o me
b ac kward s -inc o mp atib le c hang es that allo w
b ro ker fed eratio n to wo rk. Us ers s ho uld
up d ate to vers io n 2 when they are ab le to
take everything d o wn, as it req uires a c lean
b reak.
q pi d _username =
(StrO p t) Us ername fo r Q p id c o nnec tio n.
T ab le 1.35. D escrip t io n o f R ab b it MQ co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ko mbu_reco nnect_d el ay = 1.0
(Flo atO p t) Ho w lo ng to wait b efo re
rec o nnec ting in res p o ns e to an AMQ P
c o ns umer c anc el no tific atio n.
ko mbu_ssl _ca_certs =
(StrO p t) SSL c ertific atio n autho rity file (valid
o nly if SSL enab led ).
ko mbu_ssl _certfi l e =
(StrO p t) SSL c ert file (valid o nly if SSL
enab led ).
ko mbu_ssl _keyfi l e =
(StrO p t) SSL key file (valid o nly if SSL
enab led ).
ko mbu_ssl _versi o n =
(StrO p t) SSL vers io n to us e (valid o nly if SSL
enab led ). valid values are TLSv1 and SSLv23.
SSLv2 and SSLv3 may b e availab le o n s o me
d is trib utio ns .
117
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
rabbi t_ha_q ueues = False
(Bo o lO p t) Us e HA q ueues in Rab b itMQ (xha-p o lic y: all). If yo u c hang e this o p tio n, yo u
mus t wip e the Rab b itMQ d atab as e.
rabbi t_ho st = localhost
(StrO p t) The Rab b itMQ b ro ker ad d res s
where a s ing le no d e is us ed .
rabbi t_ho sts = $rabbit_host:$rabbit_port
(Lis tO p t) Rab b itMQ HA c lus ter ho s t:p o rt
p airs .
rabbi t_l o g i n_metho d = AMQPLAIN
(StrO p t) The Rab b itMQ lo g in metho d .
rabbi t_max_retri es = 0
(IntO p t) Maximum numb er o f Rab b itMQ
c o nnec tio n retries . Default is 0 (infinite retry
c o unt).
rabbi t_passwo rd = guest
(StrO p t) The Rab b itMQ p as s wo rd .
rabbi t_po rt = 5672
(IntO p t) The Rab b itMQ b ro ker p o rt where a
s ing le no d e is us ed .
rabbi t_retry_backo ff = 2
(IntO p t) Ho w lo ng to b ac ko ff fo r b etween
retries when c o nnec ting to Rab b itMQ .
rabbi t_retry_i nterval = 1
(IntO p t) Ho w freq uently to retry c o nnec ting
with Rab b itMQ .
rabbi t_use_ssl = False
(Bo o lO p t) Co nnec t o ver SSL fo r Rab b itMQ .
rabbi t_useri d = guest
(StrO p t) The Rab b itMQ us erid .
rabbi t_vi rtual _ho st = /
(StrO p t) The Rab b itMQ virtual ho s t.
T ab le 1.36 . D escrip t io n o f R ed is co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[mat chmaker_redis]
118
ho st = 127.0.0.1
(StrO p t) Ho s t to lo c ate red is .
passwo rd = None
(StrO p t) Pas s wo rd fo r Red is s erver
(o p tio nal).
po rt = 6379
(IntO p t) Us e this p o rt to c o nnec t to red is
ho s t.
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
[mat chmaker_ring]
ri ng fi l e = /etc/oslo/matchmaker_ring.json
(StrO p t) Matc hmaker ring file (JSO N).
T ab le 1.37. D escrip t io n o f So laris SAN co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
san_zfs_vo l ume_base = rpool/
(StrO p t) The ZFS p ath und er whic h to c reate
z vo ls fo r vo lumes .
T ab le 1.38. D escrip t io n o f ro o t wrap co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
fi l ters_path =
/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap
exec_d i rs =
/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin
Lis t o f d irec to ries to lo ad filter d efinitio ns
fro m (s ep arated b y ' ,' ). Thes e d irec to ries
MUST all b e o nly writeab le b y ro o t !
Lis t o f d irec to ries to s earc h exec utab les in,
in c as e filters d o no t exp lic itely s p ec ify a full
p ath (s ep arated b y ' ,' ) If no t s p ec ified ,
d efaults to s ys tem PATH enviro nment
variab le. Thes e d irec to ries MUST all b e o nly
writeab le b y ro o t !
use_sysl o g = False
Enab le lo g g ing to s ys lo g Default value is
Fals e
sysl o g _l o g _faci l i ty = syslog
Whic h s ys lo g fac ility to us e. Valid values
inc lud e auth, authp riv, s ys lo g , lo c al0 ,
lo c al1... Default value is ' s ys lo g '
sysl o g _l o g _l evel = ERROR
Whic h mes s ag es to lo g . INFO means lo g all
us ag e ERRO R means o nly lo g uns uc c es s ful
attemp ts
T ab le 1.39 . D escrip t io n o f C A an d SSL co n f ig u rat io n o p t io n s
119
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ssl _ca_fi l e = None
(StrO p t) CA c ertific ate file to us e to verify
c o nnec ting c lients
ssl _cert_fi l e = None
(StrO p t) Certific ate file to us e when s tarting
the s erver s ec urely
ssl _key_fi l e = None
(StrO p t) Private key file to us e when s tarting
the s erver s ec urely
T ab le 1.4 0. D escrip t io n o f imag es co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
al l o wed _d i rect_url _schemes =
(Lis tO p t) A lis t o f url s c hemes that c an b e
d o wnlo ad ed d irec tly via the d irec t_url.
Currently s up p o rted s c hemes : [file].
g l ance_api _i nsecure = False
(Bo o lO p t) Allo w to p erfo rm ins ec ure SSL
(http s ) req ues ts to g lanc e
g l ance_api _servers =
(Lis tO p t) A lis t o f the g lanc e API s ervers
availab le to c ind er ([ho s tname|ip ]:p o rt)
$glance_host:$glance_port
g l ance_api _ssl _co mpressi o n = False
(Bo o lO p t) Enab les o r d is ab les neg o tiatio n
o f SSL layer c o mp res s io n. In s o me c as es
d is ab ling c o mp res s io n c an imp ro ve d ata
thro ug hp ut, s uc h as when hig h netwo rk
b and wid th is availab le and yo u us e
c o mp res s ed imag e fo rmats like q c o w2.
g l ance_api _versi o n = 1
(IntO p t) Vers io n o f the g lanc e API to us e
g l ance_ca_certi fi cates_fi l e =
None
(StrO p t) Lo c atio n o f c a c ertific ates file to us e
fo r g lanc e c lient req ues ts .
g l ance_co re_pro perti es = checksum,
(Lis tO p t) Default c o re p ro p erties o f imag e
container_format, disk_format, image_name,
image_id, min_disk, min_ram, name, size
120
g l ance_ho st = $my_ip
(StrO p t) Default g lanc e ho s t name o r IP
g l ance_num_retri es = 0
(IntO p t) Numb er retries when d o wnlo ad ing
an imag e fro m g lanc e
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
g l ance_po rt = 9292
(IntO p t) Default g lanc e p o rt
g l ance_req uest_ti meo ut = None
(IntO p t) http /http s timeo ut value fo r g lanc e
o p eratio ns . If no value (No ne) is s up p lied
here, the g lanc ec lient d efault value is us ed .
i mag e_co nversi o n_d i r =
(StrO p t) Direc to ry us ed fo r temp o rary
s to rag e d uring imag e c o nvers io n
$state_path/conversion
use_mul ti path_fo r_i mag e_xfer =
False
(Bo o lO p t) Do we attac h/d etac h vo lumes in
c ind er us ing multip ath fo r vo lume to imag e
and imag e to vo lume trans fers ?
T ab le 1.4 1. D escrip t io n o f swif t co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
backup_swi ft_auth_versi o n = 1
(StrO p t) Swift authentic atio n vers io n. Sp ec ify
" 1" fo r auth 1.0 , o r " 2" fo r auth 2.0
backup_swi ft_tenant = None
(StrO p t) Swift tenant/ac c o unt name. Req uired
when c o nnec ting to an auth 2.0 s ys tem
T ab le 1.4 2. D escrip t io n o f b acku p s co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
backup_api _cl ass =
cinder.backup.api.API
backup_co mpressi o n_al g o ri thm =
(StrO p t) The full c las s name o f the vo lume
b ac kup API c las s
zlib
(StrO p t) Co mp res s io n alg o rithm (No ne to
d is ab le)
backup_d ri ver = cinder.backup.drivers.swift
(StrO p t) Driver to us e fo r b ac kup s .
backup_manag er =
(StrO p t) Full c las s name fo r the Manag er fo r
vo lume b ac kup
cinder.backup.manager.BackupManager
121
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
backup_metad ata_versi o n = 2
(IntO p t) Bac kup metad ata vers io n to b e us ed
when b ac king up vo lume metad ata. If this
numb er is b ump ed , make s ure the s ervic e
d o ing the res to re s up p o rts the new vers io n.
backup_name_templ ate = backup-%s
(StrO p t) Temp late s tring to b e us ed to
g enerate b ac kup names
backup_o bject_number_per_no ti fi c
ati o n = 10
(IntO p t) The numb er o f c hunks o r o b jec ts ,
fo r whic h o ne Ceilo meter no tific atio n will b e
s ent
backup_ti mer_i nterval = 120
(IntO p t) Interval, in s ec o nd s , b etween two
p ro g res s no tific atio ns rep o rting the b ac kup
s tatus
backup_to pi c = cinder-backup
(StrO p t) The to p ic that vo lume b ac kup no d es
lis ten o n
snapsho t_name_templ ate = snapshot-%s
(StrO p t) Temp late s tring to b e us ed to
g enerate s nap s ho t names
snapsho t_same_ho st = True
(Bo o lO p t) Create vo lume fro m s nap s ho t at
the ho s t where s nap s ho t res id es
T ab le 1.4 3. D escrip t io n o f API co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
122
api _paste_co nfi g = api-paste.ini
(StrO p t) File name fo r the p as te.d ep lo y
c o nfig fo r c ind er-ap i
api _rate_l i mi t = True
(Bo o lO p t) Enab les o r d is ab les rate limit o f
the API.
az_cache_d urati o n = 3600
(IntO p t) Cac he vo lume availab ility z o nes in
memo ry fo r the p ro vid ed d uratio n in
s ec o nd s
d efaul t_ti meo ut = 525600
(IntO p t) Default timeo ut fo r CLI o p eratio ns in
minutes . Fo r examp le, LUN mig ratio n is a
typ ic al lo ng running o p eratio n, whic h
d ep end s o n the LUN s iz e and the lo ad o f the
array. An up p er b o und in the s p ec ific
d ep lo yment c an b e s et to avo id unnec es s ary
lo ng wait. By d efault, it is 36 5 d ays lo ng .
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
enabl e_v1_api = True
(Bo o lO p t) DEPRECATED: Dep lo y v1 o f the
Cind er API.
enabl e_v2_api = True
(Bo o lO p t) Dep lo y v2 o f the Cind er API.
extra_capabi l i ti es = {}
(StrO p t) Us er d efined c ap ab ilities , a JSO N
fo rmatted s tring s p ec ifying key/value p airs .
The key/value p airs c an b e us ed b y the
Cap ab ilities Filter to s elec t b etween
b ac kend s when req ues ts s p ec ify vo lume
typ es . Fo r examp le, s p ec ifying a s ervic e level
o r the g eo g rap hic al lo c atio n o f a b ac kend ,
then c reating a vo lume typ e to allo w the us er
to s elec t b y thes e d ifferent p ro p erties .
max_head er_l i ne = 16384
(IntO p t) Maximum line s iz e o f mes s ag e
head ers to b e ac c ep ted . max_head er_line
may need to b e inc reas ed when us ing larg e
to kens (typ ic ally tho s e g enerated b y the
Keys to ne v3 API with b ig s ervic e c atalo g s ).
o sapi _max_l i mi t = 1000
(IntO p t) The maximum numb er o f items that a
c o llec tio n res o urc e returns in a s ing le
res p o ns e
o sapi _max_req uest_bo d y_si ze =
(IntO p t) Max s iz e fo r b o d y o f a req ues t
114688
o sapi _vo l ume_base_UR L = None
(StrO p t) Bas e URL that will b e p res ented to
us ers in links to the O p enStac k Vo lume API
o sapi _vo l ume_ext_l i st =
(Lis tO p t) Sp ec ify lis t o f extens io ns to lo ad
when us ing o s ap i_vo lume_extens io n o p tio n
with c ind er.ap i.c o ntrib .s elec t_extens io ns
o sapi _vo l ume_extensi o n =
(MultiStrO p t) o s ap i vo lume extens io n to lo ad
['cinder.api.contrib.standard_extensions']
o sapi _vo l ume_l i sten = 0.0.0.0
(StrO p t) IP ad d res s o n whic h O p enStac k
Vo lume API lis tens
o sapi _vo l ume_l i sten_po rt = 8776
(IntO p t) Po rt o n whic h O p enStac k Vo lume
API lis tens
o sapi _vo l ume_wo rkers = None
(IntO p t) Numb er o f wo rkers fo r O p enStac k
Vo lume API s ervic e. The d efault is eq ual to
the numb er o f CPUs availab le.
transfer_api _cl ass =
(StrO p t) The full c las s name o f the vo lume
trans fer API c las s
cinder.transfer.api.API
123
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
vo l ume_api _cl ass =
(StrO p t) The full c las s name o f the vo lume
API c las s to us e
cinder.volume.api.API
vo l ume_name_templ ate = volume-%s
(StrO p t) Temp late s tring to b e us ed to
g enerate vo lume names
vo l ume_number_mul ti pl i er = -1.0
(Flo atO p t) Multip lier us ed fo r weig hing
vo lume numb er. Neg ative numb ers mean to
s p read vs s tac k.
vo l ume_transfer_key_l eng th = 16
(IntO p t) The numb er o f c harac ters in the
auto g enerated auth key.
vo l ume_transfer_sal t_l eng th = 8
(IntO p t) The numb er o f c harac ters in the s alt.
T ab le 1.4 4 . D escrip t io n o f Scalit y SO FS vo lu me d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
scal i ty_so fs_co nfi g = None
(StrO p t) Path o r URL to Sc ality SO FS
c o nfig uratio n file
scal i ty_so fs_mo unt_po i nt =
(StrO p t) Bas e d ir where Sc ality SO FS s hall
b e mo unted
$state_path/scality
scal i ty_so fs_vo l ume_d i r =
cinder/volumes
(StrO p t) Path fro m Sc ality SO FS ro o t to
vo lume d ir
T ab le 1.4 5. D escrip t io n o f b lo ck d evice co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
avai l abl e_d evi ces =
(Lis tO p t) Lis t o f all availab le d evic es
T ab le 1.4 6 . D escrip t io n o f C o mp u t e co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
[DEFAULT ]
124
Descript ion
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
no va_api _i nsecure = False
(Bo o lO p t) Allo w to p erfo rm ins ec ure SSL
req ues ts to no va
no va_ca_certi fi cates_fi l e = None
(StrO p t) Lo c atio n o f c a c ertific ates file to us e
fo r no va c lient req ues ts .
no va_catal o g _ad mi n_i nfo =
(StrO p t) Same as no va_c atalo g _info , b ut fo r
ad min end p o int.
compute:Compute Service:adminURL
no va_catal o g _i nfo = compute:Compute
Service:publicURL
no va_end po i nt_ad mi n_templ ate =
None
(StrO p t) Matc h this value when s earc hing fo r
no va in the s ervic e c atalo g . Fo rmat is :
s ep arated values o f the fo rm:
< s ervic e_typ e> :< s ervic e_name> :
< end p o int_typ e>
(StrO p t) Same as no va_end p o int_temp late,
b ut fo r ad min end p o int.
no va_end po i nt_templ ate = None
(StrO p t) O verrid e s ervic e c atalo g lo o kup
with temp late fo r no va end p o int e.g .
http ://lo c alho s t:8 774/v2/% (p ro jec t_id )s
o s_reg i o n_name = None
(StrO p t) Reg io n name o f this no d e
T ab le 1.4 7. D escrip t io n o f SAN co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
san_cl ustername =
(StrO p t) Clus ter name to us e fo r c reating
vo lumes
san_i p =
(StrO p t) IP ad d res s o f SAN c o ntro ller
san_i s_l o cal = False
(Bo o lO p t) Exec ute c o mmand s lo c ally
ins tead o f o ver SSH; us e if the vo lume
s ervic e is running o n the SAN d evic e
san_l o g i n = admin
(StrO p t) Us ername fo r SAN c o ntro ller
san_passwo rd =
(StrO p t) Pas s wo rd fo r SAN c o ntro ller
san_pri vate_key =
(StrO p t) Filename o f p rivate key to us e fo r
SSH authentic atio n
san_seco nd ary_i p = None
(StrO p t) VNX s ec o nd ary SP IP Ad d res s .
125
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
san_ssh_po rt = 22
(IntO p t) SSH p o rt to us e with SAN
san_thi n_pro vi si o n = True
(Bo o lO p t) Us e thin p ro vis io ning fo r SAN
vo lumes ?
ssh_co nn_ti meo ut = 30
(IntO p t) SSH c o nnec tio n timeo ut in s ec o nd s
ssh_max_po o l _co nn = 5
(IntO p t) Maximum s s h c o nnec tio ns in the
pool
ssh_mi n_po o l _co nn = 1
(IntO p t) Minimum s s h c o nnec tio ns in the
pool
T ab le 1.4 8. D escrip t io n o f z o n es co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
cl o ned _vo l ume_same_az = True
(Bo o lO p t) Ens ure that the new vo lumes are
the s ame AZ as s nap s ho t o r s o urc e vo lume
T ab le 1.4 9 . D escrip t io n o f au t h o riz at io n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
auth_strateg y = noauth
(StrO p t) The s trateg y to us e fo r auth.
Sup p o rts no auth, keys to ne, and d ep rec ated .
T ab le 1.50. D escrip t io n o f sch ed u ler co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
sched ul er_d efaul t_fi l ters =
AvailabilityZoneFilter, CapacityFilter,
CapabilitiesFilter
sched ul er_d efaul t_wei g hers =
CapacityWeigher
126
(Lis tO p t) Whic h filter c las s names to us e fo r
filtering ho s ts when no t s p ec ified in the
req ues t.
(Lis tO p t) Whic h weig her c las s names to us e
fo r weig hing ho s ts .
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
sched ul er_d ri ver =
(StrO p t) Default s c hed uler d river to us e
cinder.scheduler.filter_scheduler.FilterScheduler
sched ul er_ho st_manag er =
cinder.scheduler.host_manager.HostManager
sched ul er_jso n_co nfi g _l o cati o n
=
sched ul er_manag er =
cinder.scheduler.manager.SchedulerManager
(StrO p t) The s c hed uler ho s t manag er c las s
to us e
(StrO p t) Ab s o lute p ath to s c hed uler
c o nfig uratio n JSO N file.
(StrO p t) Full c las s name fo r the Manag er fo r
s c hed uler
sched ul er_max_attempts = 3
(IntO p t) Maximum numb er o f attemp ts to
s c hed ule an vo lume
sched ul er_to pi c = cinder-scheduler
(StrO p t) The to p ic that s c hed uler no d es
lis ten o n
T ab le 1.51. D escrip t io n o f q u o t a co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
max_ag e = 0
(IntO p t) Numb er o f s ec o nd s b etween
s ub s eq uent us ag e refres hes
q uo ta_backup_g i g abytes = 1000
(IntO p t) To tal amo unt o f s to rag e, in
g ig ab ytes , allo wed fo r b ac kup s p er p ro jec t
q uo ta_backups = 10
(IntO p t) Numb er o f vo lume b ac kup s allo wed
p er p ro jec t
q uo ta_co nsi stencyg ro ups = 10
(IntO p t) Numb er o f c o ns is tenc yg ro up s
allo wed p er p ro jec t
q uo ta_d ri ver = cinder.quota.DbQuotaDriver
(StrO p t) Default d river to us e fo r q uo ta
c hec ks
q uo ta_g i g abytes = 1000
(IntO p t) To tal amo unt o f s to rag e, in
g ig ab ytes , allo wed fo r vo lumes and
s nap s ho ts p er p ro jec t
q uo ta_snapsho ts = 10
(IntO p t) Numb er o f vo lume s nap s ho ts
allo wed p er p ro jec t
127
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
q uo ta_vo l umes = 10
(IntO p t) Numb er o f vo lumes allo wed p er
p ro jec t
reservati o n_expi re = 86400
(IntO p t) Numb er o f s ec o nd s until a
res ervatio n exp ires
use_d efaul t_q uo ta_cl ass = True
(Bo o lO p t) Enab les o r d is ab les us e o f d efault
q uo ta c las s with d efault q uo ta.
T ab le 1.52. D escrip t io n o f co mmo n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
cl i ent_so cket_ti meo ut = 900
(IntO p t) Timeo ut fo r c lient c o nnec tio ns '
s o c ket o p eratio ns . If an inc o ming c o nnec tio n
is id le fo r this numb er o f s ec o nd s it will b e
c lo s ed . A value o f ' 0 ' means wait fo rever.
co mpute_api _cl ass =
(StrO p t) The full c las s name o f the c o mp ute
API c las s to us e
cinder.compute.nova.API
co nsi stencyg ro up_api _cl ass =
cinder.consistencygroup.api.API
128
(StrO p t) The full c las s name o f the
c o ns is tenc yg ro up API c las s
d efaul t_avai l abi l i ty_zo ne = None
(StrO p t) Default availab ility z o ne fo r new
vo lumes . If no t s et, the
s to rag e_availab ility_z o ne o p tio n value is
us ed as the d efault fo r new vo lumes .
d efaul t_vo l ume_type = None
(StrO p t) Default vo lume typ e to us e
enabl e_new_servi ces = True
(Bo o lO p t) Servic es to b e ad d ed to the
availab le p o o l o n c reate
ho st = localhost
(StrO p t) Name o f this no d e. This c an b e an
o p aq ue id entifier. It is no t nec es s arily a ho s t
name, FQ DN, o r IP ad d res s .
i et_co nf = /etc/iet/ietd.conf
(StrO p t) IET c o nfig uratio n file
l i o _i ni ti ato r_i q ns =
(StrO p t) This o p tio n is d ep rec ated and
unus ed . It will b e remo ved in the next releas e.
memcached _servers = None
(Lis tO p t) Memc ac hed s ervers o r No ne fo r in
p ro c es s c ac he.
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
mo nkey_patch = False
(Bo o lO p t) Enab le mo nkey p atc hing
mo nkey_patch_mo d ul es =
(Lis tO p t) Lis t o f mo d ules /d ec o rato rs to
mo nkey p atc h
my_i p = 10.0.0.1
(StrO p t) IP ad d res s o f this ho s t
no _snapsho t_g b_q uo ta = False
(Bo o lO p t) Whether s nap s ho ts c o unt ag ains t
G ig aByte q uo ta
num_shel l _tri es = 3
(IntO p t) Numb er o f times to attemp t to run
flakey s hell c o mmand s
o s_pri vi l eg ed _user_name = None
(StrO p t) O p enStac k p rivileg ed ac c o unt
us ername. Us ed fo r req ues ts to o ther
s ervic es (s uc h as No va) that req uire an
ac c o unt with s p ec ial rig hts .
o s_pri vi l eg ed _user_passwo rd =
(StrO p t) Pas s wo rd as s o c iated with the
O p enStac k p rivileg ed ac c o unt.
None
o s_pri vi l eg ed _user_tenant = None
(StrO p t) Tenant name as s o c iated with the
O p enStac k p rivileg ed ac c o unt.
peri o d i c_fuzzy_d el ay = 60
(IntO p t) Rang e, in s ec o nd s , to rand o mly
d elay when s tarting the p erio d ic tas k
s c hed uler to red uc e s tamp ed ing . (Dis ab le
b y s etting to 0 )
peri o d i c_i nterval = 60
(IntO p t) Interval, in s ec o nd s , b etween
running p erio d ic tas ks
po l i cy_d efaul t_rul e = default
(StrO p t) Default rule. Enfo rc ed when a
req ues ted rule is no t fo und .
po l i cy_d i rs = ['policy.d']
(MultiStrO p t) Direc to ries where p o lic y
c o nfig uratio n files are s to red . They c an b e
relative to any d irec to ry in the s earc h p ath
d efined b y the c o nfig _d ir o p tio n, o r ab s o lute
p aths . The file d efined b y p o lic y_file mus t
exis t fo r thes e d irec to ries to b e s earc hed .
po l i cy_fi l e = policy.json
(StrO p t) The JSO N file that d efines p o lic ies .
repl i cati o n_api _cl ass =
(StrO p t) The full c las s name o f the vo lume
rep lic atio n API c las s
cinder.replication.api.API
repo rt_i nterval = 10
(IntO p t) Interval, in s ec o nd s , b etween no d es
rep o rting s tate to d atas to re
129
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
req uest_ti meo ut = 300
(IntO p t) G lo b al b ac kend req ues t timeo ut, in
s ec o nd s
reserved _percentag e = 0
(IntO p t) The p erc entag e o f b ac kend c ap ac ity
is res erved
ro o twrap_co nfi g =
(StrO p t) Path to the ro o twrap c o nfig uratio n
file to us e fo r running c o mmand s as ro o t
/etc/cinder/rootwrap.conf
run_external _peri o d i c_tasks = True
(Bo o lO p t) So me p erio d ic tas ks c an b e run in
a s ep arate p ro c es s . Sho uld we run them
here?
servi ce_d o wn_ti me = 60
(IntO p t) Maximum time s inc e las t c hec k-in fo r
a s ervic e to b e c o ns id ered up
ssh_ho sts_key_fi l e =
(StrO p t) File c o ntaining SSH ho s t keys fo r
the s ys tems with whic h Cind er need s to
c o mmunic ate. O PTIO NAL:
Default=$ s tate_p ath/s s h_kno wn_ho s ts
$state_path/ssh_known_hosts
130
state_path = /var/lib/cinder
(StrO p t) To p -level d irec to ry fo r maintaining
c ind er' s s tate
sto rag e_avai l abi l i ty_zo ne = nova
(StrO p t) Availab ility z o ne o f this no d e
stri ct_ssh_ho st_key_po l i cy = False
(Bo o lO p t) O p tio n to enab le s tric t ho s t key
c hec king . When s et to " True" Cind er will o nly
c o nnec t to s ys tems with a ho s t key p res ent in
the c o nfig ured " s s h_ho s ts _key_file" . When
s et to " Fals e" the ho s t key will b e s aved up o n
firs t c o nnec tio n and us ed fo r s ub s eq uent
c o nnec tio ns . Default=Fals e
tcp_keepal i ve = True
(Bo o lO p t) Sets the value o f TCP_KEEPALIVE
(True/Fals e) fo r eac h s erver s o c ket.
tcp_keepal i ve_co unt = None
(IntO p t) Sets the value o f TCP_KEEPCNT fo r
eac h s erver s o c ket. No t s up p o rted o n O S X.
tcp_keepal i ve_i nterval = None
(IntO p t) Sets the value o f TCP_KEEPINTVL in
s ec o nd s fo r eac h s erver s o c ket. No t
s up p o rted o n O S X.
tcp_keepi d l e = 600
(IntO p t) Sets the value o f TCP_KEEPIDLE in
s ec o nd s fo r eac h s erver s o c ket. No t
s up p o rted o n O S X.
unti l _refresh = 0
(IntO p t) Co unt o f res ervatio ns until us ag e is
refres hed
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
use_fo rward ed _fo r = False
(Bo o lO p t) Treat X-Fo rward ed -Fo r as the
c ano nic al remo te ad d res s . O nly enab le this
if yo u have a s anitiz ing p ro xy.
wsg i _keep_al i ve = True
(Bo o lO p t) If Fals e, c lo s es the c lient s o c ket
c o nnec tio n exp lic itly. Setting it to True to
maintain b ac kward c o mp atib ility.
Rec o mmend ed s etting is s et it to Fals e.
[keyst one_aut ht oken]
memcached _servers = None
(Lis tO p t) O p tio nally s p ec ify a lis t o f
memc ac hed s erver(s ) to us e fo r c ac hing . If
left und efined , to kens will ins tead b e c ac hed
in-p ro c es s .
T ab le 1.53. D escrip t io n o f lo g g in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d ebug = False
(Bo o lO p t) Print d eb ug g ing o utp ut (s et
lo g g ing level to DEBUG ins tead o f d efault
WARNING level).
d efaul t_l o g _l evel s = amqp=WARN,
(Lis tO p t) Lis t o f lo g g er=LEVEL p airs .
amqplib=WARN, boto=WARN, qpid=WARN,
sqlalchemy=WARN, suds=INFO,
oslo.messaging=INFO, iso8601=WARN,
requests.packages.urllib3.connectionpool=WAR
N, urllib3.connectionpool=WARN,
websocket=WARN, keystonemiddleware=WARN,
routes.middleware=WARN, stevedore=WARN
fatal _d eprecati o ns = False
(Bo o lO p t) Enab les o r d is ab les fatal s tatus o f
d ep rec atio ns .
fatal _excepti o n_fo rmat_erro rs =
(Bo o lO p t) Make exc ep tio n mes s ag e fo rmat
erro rs fatal.
False
i nstance_fo rmat = "[instance: %(uuid)s] "
(StrO p t) The fo rmat fo r an ins tanc e that is
p as s ed with the lo g mes s ag e.
i nstance_uui d _fo rmat = "[instance: %
(StrO p t) The fo rmat fo r an ins tanc e UUID that
is p as s ed with the lo g mes s ag e.
(uuid)s] "
131
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
l o g _co nfi g _append = None
(StrO p t) The name o f a lo g g ing
c o nfig uratio n file. This file is ap p end ed to
any exis ting lo g g ing c o nfig uratio n files . Fo r
d etails ab o ut lo g g ing c o nfig uratio n files , s ee
the Pytho n lo g g ing mo d ule d o c umentatio n.
l o g _d ate_fo rmat = %Y-%m-%d
(StrO p t) Fo rmat s tring fo r % % (as c time)s in
lo g rec o rd s . Default: % (d efault)s .
%H:%M:%S
l o g _d i r = None
(StrO p t) (O p tio nal) The b as e d irec to ry us ed
fo r relative --lo g -file p aths .
l o g _fi l e = None
(StrO p t) (O p tio nal) Name o f lo g file to o utp ut
to . If no d efault is s et, lo g g ing will g o to
s td o ut.
l o g _fo rmat = None
(StrO p t) DEPRECATED. A lo g g ing .Fo rmatter
lo g mes s ag e fo rmat s tring whic h may us e
any o f the availab le lo g g ing .Lo g Rec o rd
attrib utes . This o p tio n is d ep rec ated . Pleas e
us e lo g g ing _c o ntext_fo rmat_s tring and
lo g g ing _d efault_fo rmat_s tring ins tead .
l o g g i ng _co ntext_fo rmat_stri ng =
(StrO p t) Fo rmat s tring to us e fo r lo g
mes s ag es with c o ntext.
%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [%(request_id)s %
(user_identity)s] %(instance)s%(message)s
l o g g i ng _d ebug _fo rmat_suffi x = %
(funcName)s %(pathname)s:%(lineno)d
l o g g i ng _d efaul t_fo rmat_stri ng =
%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [-] %(instance)s%
(message)s
l o g g i ng _excepti o n_prefi x = %
(asctime)s.%(msecs)03d %(process)d TRACE %
(name)s %(instance)s
132
(StrO p t) Data to ap p end to lo g fo rmat when
level is DEBUG .
(StrO p t) Fo rmat s tring to us e fo r lo g
mes s ag es witho ut c o ntext.
(StrO p t) Prefix eac h line o f exc ep tio n o utp ut
with this fo rmat.
publ i sh_erro rs = False
(Bo o lO p t) Enab les o r d is ab les p ub lic atio n
o f erro r events .
sysl o g _l o g _faci l i ty = LOG_USER
(StrO p t) Sys lo g fac ility to rec eive lo g lines .
use_std err = True
(Bo o lO p t) Lo g o utp ut to s tand ard erro r.
use_sysl o g = False
(Bo o lO p t) Us e s ys lo g fo r lo g g ing . Exis ting
s ys lo g fo rmat is DEPRECATED d uring I, and
will c hang e in J to ho no r RFC5424.
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
use_sysl o g _rfc_fo rmat = False
(Bo o lO p t) (O p tio nal) Enab les o r d is ab les
s ys lo g rfc 5424 fo rmat fo r lo g g ing . If
enab led , p refixes the MSG p art o f the s ys lo g
mes s ag e with APP-NAME (RFC5424). The
fo rmat witho ut the APP-NAME is d ep rec ated
in I, and will b e remo ved in J.
verbo se = False
(Bo o lO p t) Print mo re verb o s e o utp ut (s et
lo g g ing level to INFO ins tead o f d efault
WARNING level).
T ab le 1.54 . D escrip t io n o f lo g g in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
backd o o r_po rt = None
(StrO p t) Enab le eventlet b ac kd o o r.
Ac c ep tab le values are 0 , < p o rt> , and
< s tart> :< end > , where 0 res ults in lis tening
o n a rand o m tc p p o rt numb er; < p o rt> res ults
in lis tening o n the s p ec ified p o rt numb er
(and no t enab ling b ac kd o o r if that p o rt is in
us e); and < s tart> :< end > res ults in lis tening
o n the s malles t unus ed p o rt numb er within
the s p ec ified rang e o f p o rt numb ers . The
c ho s en p o rt is d is p layed in the s ervic e' s lo g
file.
T ab le 1.55. D escrip t io n o f t est in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
fake_rabbi t = False
(Bo o lO p t) Dep rec ated , us e
rp c _b ac kend =ko mb u+ memo ry o r
rp c _b ac kend =fake
T ab le 1.56 . D escrip t io n o f p ro f iler co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[profiler]
133
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
pro fi l er_enabl ed = False
(Bo o lO p t) If Fals e fully d is ab le p ro filing
feature.
trace_sq l al chemy = False
(Bo o lO p t) If Fals e d o es n' t trac e SQ L
req ues ts .
T ab le 1.57. D escrip t io n o f Fu sio n - io d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
fusi o ni o _i o co ntro l _retry = 3
(IntO p t) numb er o f retries fo r G ET
o p eratio ns
fusi o ni o _i o co ntro l _targ etd el ay =
(IntO p t) amo unt o f time wait fo r iSCSI targ et
to c o me o nline
5
fusi o ni o _i o co ntro l _veri fy_cert =
True
(Bo o lO p t) verify the array c ertific ate o n eac h
trans ac tio n
T ab le 1.58. D escrip t io n o f IB M N AS vo lu me d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
i bmnas_pl atfo rm_type = v7ku
(StrO p t) IBMNAS p latfo rm typ e to b e us ed as
b ac kend s to rag e; valid values are - v7ku : fo r
us ing IBM Sto rwiz e V70 0 0 Unified , s o nas :
fo r us ing IBM Sc ale O ut NAS, g p fs -nas : fo r
us ing NFS b as ed IBM G PFS d ep lo yments .
T ab le 1.59 . D escrip t io n o f D at era vo lu me d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
134
d atera_api _po rt = 7717
(StrO p t) Datera API p o rt.
d atera_api _to ken = None
(StrO p t) Datera API to ken.
CHAPT ER 1 . BLO CK ST O RAG E
Configurat ion opt ion = Default value
Descript ion
d atera_api _versi o n = 1
(StrO p t) Datera API vers io n.
d atera_num_repl i cas = 3
(StrO p t) Numb er o f rep lic as to c reate o f an
ino d e.
d ri ver_cl i ent_cert = None
(StrO p t) The p ath to the c lient c ertific ate fo r
verific atio n, if the d river s up p o rts it.
d ri ver_cl i ent_cert_key = None
(StrO p t) The p ath to the c lient c ertific ate key
fo r verific atio n, if the d river s up p o rts it.
1.6. NEW, UPDAT ED AND DEPRECAT ED OPT IONS IN JUNO FOR
OPENST ACK BLOCK ST ORAGE
T ab le 1.6 0. N ew o p t io n s
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] az _c ac he_d uratio n = 36 0 0
(IntO p t) Cac he vo lume availab ility z o nes in
memo ry fo r the p ro vid ed d uratio n in
s ec o nd s
[DEFAULT] b ac kup _s wift_auth_vers io n = 1
(StrO p t) Swift authentic atio n vers io n. Sp ec ify
" 1" fo r auth 1.0 , o r " 2" fo r auth 2.0
[DEFAULT] b ac kup _s wift_tenant = No ne
(StrO p t) Swift tenant/ac c o unt name. Req uired
when c o nnec ting to an auth 2.0 s ys tem
[DEFAULT] c ind er_s mis _c o nfig _file =
/etc /c ind er/c ind er_fujits u_eternus _d x.xml
(StrO p t) The c o nfig uratio n file fo r the Cind er
SMI-S d river
[DEFAULT] c o ns is tenc yg ro up _ap i_c las s =
c ind er.c o ns is tenc yg ro up .ap i.API
(StrO p t) The full c las s name o f the
c o ns is tenc yg ro up API c las s
[DEFAULT] d atera_ap i_p o rt = 7717
(StrO p t) Datera API p o rt.
[DEFAULT] d atera_ap i_to ken = No ne
(StrO p t) Datera API to ken.
[DEFAULT] d atera_ap i_vers io n = 1
(StrO p t) Datera API vers io n.
[DEFAULT] d atera_num_rep lic as = 3
(StrO p t) Numb er o f rep lic as to c reate o f an
ino d e.
[DEFAULT] d es tro y_emp ty_s to rag e_g ro up =
Fals e
(Bo o lO p t) To d es tro y s to rag e g ro up when
the las t LUN is remo ved fro m it. By d efault,
the value is Fals e.
135
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
136
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] d p l_p o o l =
(StrO p t) DPL p o o l uuid in whic h DPL
vo lumes are s to red .
[DEFAULT] d p l_p o rt = 8 357
(IntO p t) DPL p o rt numb er.
[DEFAULT] d river_c lient_c ert = No ne
(StrO p t) The p ath to the c lient c ertific ate fo r
verific atio n, if the d river s up p o rts it.
[DEFAULT] d river_c lient_c ert_key = No ne
(StrO p t) The p ath to the c lient c ertific ate key
fo r verific atio n, if the d river s up p o rts it.
[DEFAULT] fus io nio _io c o ntro l_retry = 3
(IntO p t) numb er o f retries fo r G ET
o p eratio ns
[DEFAULT] fus io nio _io c o ntro l_targ etd elay =
5
(IntO p t) amo unt o f time wait fo r iSCSI targ et
to c o me o nline
[DEFAULT] fus io nio _io c o ntro l_verify_c ert =
True
(Bo o lO p t) verify the array c ertific ate o n eac h
trans ac tio n
[DEFAULT] g lanc e_c a_c ertific ates _file =
No ne
(StrO p t) Lo c atio n o f c a c ertific ates file to us e
fo r g lanc e c lient req ues ts .
[DEFAULT] g lanc e_c o re_p ro p erties =
c hec ks um, c o ntainer_fo rmat, d is k_fo rmat,
imag e_name, imag e_id , min_d is k, min_ram,
name, s iz e
(Lis tO p t) Default c o re p ro p erties o f imag e
[DEFAULT] hd s _hnas _is c s i_c o nfig _file =
/o p t/hd s /hnas /c ind er_is c s i_c o nf.xml
(StrO p t) Co nfig uratio n file fo r HDS iSCSI
c ind er p lug in
[DEFAULT] hd s _hnas _nfs _c o nfig _file =
/o p t/hd s /hnas /c ind er_nfs _c o nf.xml
(StrO p t) Co nfig uratio n file fo r HDS NFS
c ind er p lug in
[DEFAULT] hitac hi_ad d _c hap _us er = Fals e
(Bo o lO p t) Ad d CHAP us er
[DEFAULT]
hitac hi_as ync _c o p y_c hec k_interval = 10
(IntO p t) Interval to c hec k c o p y
as ync hro no us ly
[DEFAULT] hitac hi_auth_metho d = No ne
(StrO p t) iSCSI authentic atio n metho d
[DEFAULT] hitac hi_auth_p as s wo rd = HBSDCHAP-p as s wo rd
(StrO p t) iSCSI authentic atio n p as s wo rd
[DEFAULT] hitac hi_auth_us er = HBSD-CHAPus er
(StrO p t) iSCSI authentic atio n us ername
[DEFAULT] hitac hi_c o p y_c hec k_interval = 3
(IntO p t) Interval to c hec k c o p y
CHAPT ER 1 . BLO CK ST O RAG E
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] hitac hi_c o p y_s p eed = 3
(IntO p t) Co p y s p eed o f s to rag e s ys tem
[DEFAULT] hitac hi_d efault_c o p y_metho d =
FULL
(StrO p t) Default c o p y metho d o f s to rag e
s ys tem
[DEFAULT] hitac hi_g ro up _rang e = No ne
(StrO p t) Rang e o f g ro up numb er
[DEFAULT] hitac hi_g ro up _req ues t = Fals e
(Bo o lO p t) Req ues t fo r c reating Ho s tG ro up
o r iSCSI Targ et
[DEFAULT] hitac hi_ho rc m_ad d _c o nf = True
(Bo o lO p t) Ad d to HO RCM c o nfig uratio n
[DEFAULT] hitac hi_ho rc m_numb ers =
20 0 ,20 1
(StrO p t) Ins tanc e numb ers fo r HO RCM
[DEFAULT] hitac hi_ho rc m_p as s wo rd = No ne
(StrO p t) Pas s wo rd o f s to rag e s ys tem fo r
HO RCM
[DEFAULT] hitac hi_ho rc m_us er = No ne
(StrO p t) Us ername o f s to rag e s ys tem fo r
HO RCM
[DEFAULT] hitac hi_ld ev_rang e = No ne
(StrO p t) Rang e o f lo g ic al d evic e o f s to rag e
s ys tem
[DEFAULT] hitac hi_p o o l_id = No ne
(IntO p t) Po o l ID o f s to rag e s ys tem
[DEFAULT] hitac hi_s erial_numb er = No ne
(StrO p t) Serial numb er o f s to rag e s ys tem
[DEFAULT] hitac hi_targ et_p o rts = No ne
(StrO p t) Co ntro l p o rt names fo r Ho s tG ro up
o r iSCSI Targ et
[DEFAULT] hitac hi_thin_p o o l_id = No ne
(IntO p t) Thin p o o l ID o f s to rag e s ys tem
[DEFAULT] hitac hi_unit_name = No ne
(StrO p t) Name o f an array unit
[DEFAULT] hitac hi_z o ning _req ues t = Fals e
(Bo o lO p t) Req ues t fo r FC Zo ne c reating
Ho s tG ro up
[DEFAULT] hp 3p ar_is c s i_c hap _enab led =
Fals e
(Bo o lO p t) Enab le CHAP authentic atio n fo r
iSCSI c o nnec tio ns .
[DEFAULT] ib mnas _p latfo rm_typ e = v7ku
(StrO p t) IBMNAS p latfo rm typ e to b e us ed as
b ac kend s to rag e; valid values are - v7ku : fo r
us ing IBM Sto rwiz e V70 0 0 Unified , s o nas :
fo r us ing IBM Sc ale O ut NAS, g p fs -nas : fo r
us ing NFS b as ed IBM G PFS d ep lo yments .
[DEFAULT] initiato r_auto _reg is tratio n =
Fals e
(Bo o lO p t) Auto matic ally reg is ter initiato rs .
By d efault, the value is Fals e.
137
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
138
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] is c s i_initiato rs =
(StrO p t) Map p ing b etween ho s tname and its
iSCSI initiato r IP ad d res s es .
[DEFAULT] is c s i_write_c ac he = o n
(StrO p t) Sets the b ehavio r o f the iSCSI targ et
to either p erfo rm write-b ac k(o n) o r writethro ug h(o ff). This p arameter is valid if
is c s i_help er is s et to tg tad m o r is erad m.
[DEFAULT] nimb le_p o o l_name = d efault
(StrO p t) Nimb le Co ntro ller p o o l name
[DEFAULT] nimb le_s ub net_lab el = *
(StrO p t) Nimb le Sub net Lab el
[DEFAULT] no va_ap i_ins ec ure = Fals e
(Bo o lO p t) Allo w to p erfo rm ins ec ure SSL
req ues ts to no va
[DEFAULT] no va_c a_c ertific ates _file = No ne
(StrO p t) Lo c atio n o f c a c ertific ates file to us e
fo r no va c lient req ues ts .
[DEFAULT] no va_c atalo g _ad min_info =
c o mp ute:no va:ad minURL
(StrO p t) Same as no va_c atalo g _info , b ut fo r
ad min end p o int.
[DEFAULT] no va_c atalo g _info =
c o mp ute:no va:p ub lic URL
(StrO p t) Matc h this value when s earc hing fo r
no va in the s ervic e c atalo g . Fo rmat is :
s ep arated values o f the fo rm:
< s ervic e_typ e> :< s ervic e_name> :
< end p o int_typ e>
[DEFAULT] no va_end p o int_ad min_temp late
= No ne
(StrO p t) Same as no va_end p o int_temp late,
b ut fo r ad min end p o int.
[DEFAULT] no va_end p o int_temp late = No ne
(StrO p t) O verrid e s ervic e c atalo g lo o kup
with temp late fo r no va end p o int e.g .
http ://lo c alho s t:8 774/v2/% (p ro jec t_id )s
[DEFAULT] o s _reg io n_name = No ne
(StrO p t) Reg io n name o f this no d e
[DEFAULT] p ure_ap i_to ken = No ne
(StrO p t) REST API autho riz atio n to ken.
[DEFAULT] q uo ta_b ac kup _g ig ab ytes = 10 0 0
(IntO p t) To tal amo unt o f s to rag e, in
g ig ab ytes , allo wed fo r b ac kup s p er p ro jec t
[DEFAULT] q uo ta_b ac kup s = 10
(IntO p t) Numb er o f vo lume b ac kup s allo wed
p er p ro jec t
[DEFAULT] q uo ta_c o ns is tenc yg ro up s = 10
(IntO p t) Numb er o f c o ns is tenc yg ro up s
allo wed p er p ro jec t
CHAPT ER 1 . BLO CK ST O RAG E
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] rad o s _c o nnec t_timeo ut = -1
(IntO p t) Timeo ut value (in s ec o nd s ) us ed
when c o nnec ting to c ep h c lus ter. If value < 0 ,
no timeo ut is s et and d efault lib rad o s value
is us ed .
[DEFAULT] rb d _s to re_c hunk_s iz e = 4
(IntO p t) Vo lumes will b e c hunked into
o b jec ts o f this s iz e (in meg ab ytes ).
[DEFAULT] rep lic atio n_ap i_c las s =
c ind er.rep lic atio n.ap i.API
(StrO p t) The full c las s name o f the vo lume
rep lic atio n API c las s
[DEFAULT] s an_s ec o nd ary_ip = No ne
(StrO p t) VNX s ec o nd ary SP IP Ad d res s .
[DEFAULT] s mb fs _d efault_vo lume_fo rmat =
q c o w2
(StrO p t) Default fo rmat that will b e us ed when
c reating vo lumes if no vo lume fo rmat is
s p ec ified . Can b e s et to : raw, q c o w2, vhd o r
vhd x.
[DEFAULT] s mb fs _mo unt_o p tio ns =
no p erm,file_mo d e=0 775,d ir_mo d e=0 775
(StrO p t) Mo unt o p tio ns p as s ed to the s mb fs
c lient. See mo unt.c ifs man p ag e fo r d etails .
[DEFAULT] s mb fs _mo unt_p o int_b as e =
$ s tate_p ath/mnt
(StrO p t) Bas e d ir c o ntaining mo unt p o ints
fo r s mb fs s hares .
[DEFAULT] s mb fs _o vers ub _ratio = 1.0
(Flo atO p t) This will c o mp are the allo c ated to
availab le s p ac e o n the vo lume d es tinatio n. If
the ratio exc eed s this numb er, the
d es tinatio n will no lo ng er b e valid .
[DEFAULT] s mb fs _s hares _c o nfig =
/etc /c ind er/s mb fs _s hares
(StrO p t) File with the lis t o f availab le s mb fs
s hares .
[DEFAULT] s mb fs _s p ars ed _vo lumes = True
(Bo o lO p t) Create vo lumes as s p ars ed files
whic h take no s p ac e rather than reg ular files
when us ing raw fo rmat, in whic h c as e vo lume
c reatio n takes lo t o f time.
[DEFAULT] s mb fs _us ed _ratio = 0 .9 5
(Flo atO p t) Perc ent o f ACTUAL us ag e o f the
und erlying vo lume b efo re no new vo lumes
c an b e allo c ated to the vo lume d es tinatio n.
[DEFAULT] s s h_ho s ts _key_file =
$ s tate_p ath/s s h_kno wn_ho s ts
(StrO p t) File c o ntaining SSH ho s t keys fo r
the s ys tems with whic h Cind er need s to
c o mmunic ate. O PTIO NAL:
Default=$ s tate_p ath/s s h_kno wn_ho s ts
[DEFAULT] s to rag e_vnx_authentic atio n_typ e
= g lo b al
(StrO p t) VNX authentic atio n s c o p e typ e.
139
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
14 0
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] s to rag e_vnx_s ec urity_file_d ir =
No ne
(StrO p t) Direc to ry p ath that c o ntains the VNX
s ec urity file. Make s ure the s ec urity file is
g enerated firs t.
[DEFAULT] s to rwiz e_s vc _allo w_tenant_q o s =
Fals e
(Bo o lO p t) Allo w tenants to s p ec ify Q O S o n
c reate
[DEFAULT]
s to rwiz e_s vc _np iv_c o mp atib ility_mo d e =
Fals e
(Bo o lO p t) Ind ic ate whether s vc d river is
c o mp atib le fo r NPIV s etup . If it is
c o mp atib le, it will allo w no wwp ns b eing
returned o n g et_c o nn_fc _wwp ns d uring
initializ e_c o nnec tio n
[DEFAULT]
s to rwiz e_s vc _s tretc hed _c lus ter_p artner =
No ne
(StrO p t) If o p erating in s tretc hed c lus ter
mo d e, s p ec ify the name o f the p o o l in whic h
mirro red c o p ies are s to red .Examp le:
" p o o l2"
[DEFAULT] s tric t_s s h_ho s t_key_p o lic y =
Fals e
(Bo o lO p t) O p tio n to enab le s tric t ho s t key
c hec king . When s et to " True" Cind er will o nly
c o nnec t to s ys tems with a ho s t key p res ent in
the c o nfig ured " s s h_ho s ts _key_file" . When
s et to " Fals e" the ho s t key will b e s aved up o n
firs t c o nnec tio n and us ed fo r s ub s eq uent
c o nnec tio ns . Default=Fals e
[DEFAULT] s wift_c atalo g _info = o b jec ts to re:s wift:p ub lic URL
(StrO p t) Info to matc h when lo o king fo r s wift
in the s ervic e c atalo g . Fo rmat is : s ep arated
values o f the fo rm: < s ervic e_typ e> :
< s ervic e_name> :< end p o int_typ e> - O nly
us ed if b ac kup _s wift_url is uns et
[DEFAULT] tc p _keep alive = True
(Bo o lO p t) Sets the value o f TCP_KEEPALIVE
(True/Fals e) fo r eac h s erver s o c ket.
[DEFAULT] tc p _keep alive_c o unt = No ne
(IntO p t) Sets the value o f TCP_KEEPCNT fo r
eac h s erver s o c ket. No t s up p o rted o n O S X.
[DEFAULT] tc p _keep alive_interval = No ne
(IntO p t) Sets the value o f TCP_KEEPINTVL in
s ec o nd s fo r eac h s erver s o c ket. No t
s up p o rted o n O S X.
[DEFAULT] vmware_tmp _d ir = /tmp
(StrO p t) Direc to ry where virtual d is ks are
s to red d uring vo lume b ac kup and res to re.
[DEFAULT]
vo lume_c o p y_b lkio _c g ro up _name = c ind ervo lume-c o p y
(StrO p t) The b lkio c g ro up name to b e us ed
to limit b and wid th o f vo lume c o p y
CHAPT ER 1 . BLO CK ST O RAG E
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] vo lume_c o p y_b p s _limit = 0
(IntO p t) The up p er limit o f b and wid th o f
vo lume c o p y. 0 => unlimited
[DEFAULT] vo lume_numb er_multip lier = -1.0
(Flo atO p t) Multip lier us ed fo r weig hing
vo lume numb er. Neg ative numb ers mean to
s p read vs s tac k.
[DEFAULT] z fs s a_initiato r =
(StrO p t) iSCSI initiato r IQ Ns . (c o mma
s ep arated )
[DEFAULT] z fs s a_initiato r_g ro up =
(StrO p t) iSCSI initiato r g ro up .
[DEFAULT] z fs s a_initiato r_p as s wo rd =
(StrO p t) iSCSI initiato r CHAP p as s wo rd .
[DEFAULT] z fs s a_initiato r_us er =
(StrO p t) iSCSI initiato r CHAP us er.
[DEFAULT] z fs s a_lun_c o mp res s io n =
(StrO p t) Data c o mp res s io n-o ff, lz jb , g z ip -2,
g z ip , g z ip -9 .
[DEFAULT] z fs s a_lun_lo g b ias =
(StrO p t) Sync hro no us write b ias -latenc y,
thro ug hp ut.
[DEFAULT] z fs s a_lun_s p ars e = Fals e
(Bo o lO p t) Flag to enab le s p ars e (thinp ro vis io ned ): True, Fals e.
[DEFAULT] z fs s a_lun_vo lb lo c ks iz e = 8 k
(StrO p t) Blo c k s iz e: 512, 1k, 2k, 4k, 8 k, 16 k,
32k, 6 4k, 128 k.
[DEFAULT] z fs s a_p o o l = No ne
(StrO p t) Sto rag e p o o l name.
[DEFAULT] z fs s a_p ro jec t = No ne
(StrO p t) Pro jec t name.
[DEFAULT] z fs s a_res t_timeo ut = No ne
(IntO p t) REST c o nnec tio n timeo ut.
(s ec o nd s )
[DEFAULT] z fs s a_targ et_g ro up = tg t-g rp
(StrO p t) iSCSI targ et g ro up name.
[DEFAULT] z fs s a_targ et_interfac es = No ne
(StrO p t) Netwo rk interfac es o f iSCSI targ ets .
(c o mma s ep arated )
[DEFAULT] z fs s a_targ et_p as s wo rd =
(StrO p t) iSCSI targ et CHAP p as s wo rd .
[DEFAULT] z fs s a_targ et_p o rtal = No ne
(StrO p t) iSCSI targ et p o rtal (Data-IP:Po rt,
w.x.y.z :326 0 ).
[DEFAULT] z fs s a_targ et_us er =
(StrO p t) iSCSI targ et CHAP us er.
[CISCO _FABRIC_EXAMPLE]
c is c o _fc _fab ric _ad d res s =
(StrO p t) Manag ement IP o f fab ric
14 1
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
14 2
O p tio n = d efault value
(Typ e) Help s tring
[CISCO _FABRIC_EXAMPLE]
c is c o _fc _fab ric _p as s wo rd =
(StrO p t) Pas s wo rd fo r us er
[CISCO _FABRIC_EXAMPLE]
c is c o _fc _fab ric _p o rt = 22
(IntO p t) Co nnec ting p o rt
[CISCO _FABRIC_EXAMPLE]
c is c o _fc _fab ric _us er =
(StrO p t) Fab ric us er ID
[CISCO _FABRIC_EXAMPLE]
c is c o _z o ne_ac tivate = True
(Bo o lO p t) o verrid d en z o ning ac tivatio n s tate
[CISCO _FABRIC_EXAMPLE]
c is c o _z o ne_name_p refix = No ne
(StrO p t) o verrid d en z o ne name p refix
[CISCO _FABRIC_EXAMPLE]
c is c o _z o ning _p o lic y = initiato r-targ et
(StrO p t) o verrid d en z o ning p o lic y
[CISCO _FABRIC_EXAMPLE]
c is c o _z o ning _vs an = No ne
(StrO p t) VSAN o f the Fab ric
[d atab as e] d b _inc _retry_interval = True
(Bo o lO p t) If True, inc reas es the interval
b etween d atab as e c o nnec tio n retries up to
d b _max_retry_interval.
[d atab as e] d b _max_retries = 20
(IntO p t) Maximum d atab as e c o nnec tio n
retries b efo re erro r is rais ed . Set to -1 to
s p ec ify an infinite retry c o unt.
[d atab as e] d b _max_retry_interval = 10
(IntO p t) If d b _inc _retry_interval is s et, the
maximum s ec o nd s b etween d atab as e
c o nnec tio n retries .
[d atab as e] d b _retry_interval = 1
(IntO p t) Sec o nd s b etween d atab as e
c o nnec tio n retries .
[d atab as e] mys q l_s q l_mo d e =
TRADITIO NAL
(StrO p t) The SQ L mo d e to b e us ed fo r
MySQ L s es s io ns . This o p tio n, inc lud ing the
d efault, o verrid es any s erver-s et SQ L mo d e.
To us e whatever SQ L mo d e is s et b y the
s erver c o nfig uratio n, s et this to no value.
Examp le: mys q l_s q l_mo d e=
[d atab as e] p o o l_timeo ut = No ne
(IntO p t) If s et, us e this value fo r p o o l_timeo ut
with SQ LAlc hemy.
[d atab as e] s lave_c o nnec tio n = No ne
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the s lave d atab as e.
[d atab as e] s q lite_d b = o s lo .s q lite
(StrO p t) The file name to us e with SQ Lite.
CHAPT ER 1 . BLO CK ST O RAG E
O p tio n = d efault value
(Typ e) Help s tring
[d atab as e] s q lite_s ync hro no us = True
(Bo o lO p t) If True, SQ Lite us es s ync hro no us
mo d e.
[d atab as e] us e_d b _rec o nnec t = Fals e
(Bo o lO p t) Enab le the exp erimental us e o f
d atab as e rec o nnec t o n c o nnec tio n lo s t.
[fc -z o ne-manag er] c is c o _s b _c o nnec to r =
c ind er.z o nemanag er.d rivers .c is c o .c is c o _fc _
z o ne_c lient_c li.Cis c o FCZo neClientCLI
(StrO p t) So uthb o und c o nnec to r fo r z o ning
o p eratio n
[keymg r] enc ryp tio n_ap i_url =
http ://lo c alho s t:9 311/v1
(StrO p t) Url fo r enc ryp tio n s ervic e.
[keymg r] enc ryp tio n_auth_url =
http ://lo c alho s t:50 0 0 /v2.0
(StrO p t) Authentic atio n url fo r enc ryp tio n
s ervic e.
[keys to ne_authto ken]
c hec k_revo c atio ns _fo r_c ac hed = Fals e
(Bo o lO p t) If true, the revo c atio n lis t will b e
c hec ked fo r c ac hed to kens . This req uires
that PKI to kens are c o nfig ured o n the
Keys to ne s erver.
[keys to ne_authto ken] has h_alg o rithms = md 5
(Lis tO p t) Has h alg o rithms to us e fo r has hing
PKI to kens . This may b e a s ing le alg o rithm
o r multip le. The alg o rithms are tho s e
s up p o rted b y Pytho n s tand ard has hlib .new().
The has hes will b e tried in the o rd er g iven,
s o p ut the p referred o ne firs t fo r
p erfo rmanc e. The res ult o f the firs t has h will
b e s to red in the c ac he. This will typ ic ally b e
s et to multip le values o nly while mig rating
fro m a les s s ec ure alg o rithm to a mo re
s ec ure o ne. O nc e all the o ld to kens are
exp ired this o p tio n s ho uld b e s et to a s ing le
value fo r b etter p erfo rmanc e.
[keys to ne_authto ken] id entity_uri = No ne
(StrO p t) Co mp lete ad min Id entity API
end p o int. This s ho uld s p ec ify the
unvers io ned ro o t end p o int e.g .
http s ://lo c alho s t:35357/
[p ro filer] p ro filer_enab led = Fals e
(Bo o lO p t) If Fals e fully d is ab le p ro filing
feature.
[p ro filer] trac e_s q lalc hemy = Fals e
(Bo o lO p t) If Fals e d o es n' t trac e SQ L
req ues ts .
T ab le 1.6 1. N ew d ef au lt valu es
14 3
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
O p tio n
Previo us d efault value
New d efault value
[DEFAULT] b ac kup _s wift_url
http ://lo c alho s t:8 0 8 0 /v1/AUT
H_
No ne
[DEFAULT]
d efault_lo g _levels
amq p =WARN,
amq p lib =WARN,
b o to =WARN, q p id =WARN,
s q lalc hemy=WARN,
s ud s =INFO ,
o s lo .mes s ag ing =INFO ,
is o 8 6 0 1=WARN,
req ues ts .p ac kag es .urllib 3.c
o nnec tio np o o l=WARN
amq p =WARN,
amq p lib =WARN,
b o to =WARN, q p id =WARN,
s q lalc hemy=WARN,
s ud s =INFO ,
o s lo .mes s ag ing =INFO ,
is o 8 6 0 1=WARN,
req ues ts .p ac kag es .urllib 3.c
o nnec tio np o o l=WARN,
urllib 3.c o nnec tio np o o l=WAR
N, web s o c ket=WARN,
keys to nemid d leware=WARN,
ro utes .mid d leware=WARN,
s teved o re=WARN
[DEFAULT] d efault_timeo ut
20
5256 0 0
[DEFAULT]
g p fs _s to rag e_p o o l
No ne
s ys tem
[DEFAULT]
max_luns _p er_s to rag e_g ro u
p
256
255
[DEFAULT]
vmware_tas k_p o ll_interval
5
0 .5
[d atab as e] c o nnec tio n
s q lite:///$ s tate_p ath/$ s q lite_
db
No ne
[d atab as e] max_p o o l_s iz e
5
No ne
[keys to ne_authto ken]
revo c atio n_c ac he_time
30 0
10
T ab le 1.6 2. D ep recat ed o p t io n s
14 4
Dep rec ated o p tio n
New O p tio n
[DEFAULT] d b _b ac kend
[d atab as e] b ac kend
CHAPT ER 2 . CO MPUT E
CHAPTER 2. COMPUTE
The OpenStack Compute service is a cloud computing fabric controller, which is the main
part of an IaaS system. You can use OpenStack Compute to host and manage cloud
computing systems. This section describes the OpenStack Compute configuration options.
Ep h emeral St o rag e D iscrep an cy wit h C ep h
When using Red Hat Ceph as a back end for ephemeral storage, the Compute service does
not calculate the amount of available storage correctly. Specifically, Compute simply adds
up the amount of available storage without factoring in replication. This results in grossly
overstated available storage, which in turn could cause unexpected storage
oversubscription.
To determine the correct ephemeral storage capacity, query the Ceph service directly instead.
For more information, see BZ #1236473.
2.1. T HE OSLO RPC MESSAGING SYST EM
OpenStack projects use AMQP, an open standard for messaging middleware. OpenStack
services that run on multiple servers to talk to each other. This version of OpenStack
supports R ab b it MQ
T ab le 2.1. D escrip t io n o f AMQ P co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
amq p_auto _d el ete = False
(Bo o lO p t) Auto -d elete q ueues in AMQ P.
amq p_d urabl e_q ueues = False
(Bo o lO p t) Us e d urab le q ueues in AMQ P.
co ntro l _exchang e = openstack
(StrO p t) The d efault exc hang e und er whic h
to p ic s are s c o p ed . May b e o verrid d en b y an
exc hang e name s p ec ified in the trans p o rt_url
o p tio n.
d efaul t_publ i sher_i d = None
(StrO p t) Default p ub lis her_id fo r o utg o ing
no tific atio ns
no ti fi cati o n_d ri ver = []
(MultiStrO p t) Driver o r d rivers to hand le
s end ing no tific atio ns .
no ti fi cati o n_to pi cs = notifications
(Lis tO p t) AMQ P to p ic us ed fo r O p enStac k
no tific atio ns .
14 5
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
transpo rt_url = None
(StrO p t) A URL rep res enting the mes s ag ing
d river to us e and its full c o nfig uratio n. If no t
s et, we fall b ac k to the rp c _b ac kend o p tio n
and d river s p ec ific c o nfig uratio n.
T ab le 2.2. D escrip t io n o f R PC co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
matchmaker_heartbeat_freq = 300
(IntO p t) Heartb eat freq uenc y.
matchmaker_heartbeat_ttl = 600
(IntO p t) Heartb eat time-to -live.
rpc_backend = rabbit
(StrO p t) The mes s ag ing d river to us e,
d efaults to rab b it. O ther d rivers inc lud e q p id
and z mq .
rpc_cast_ti meo ut = 30
(IntO p t) Sec o nd s to wait b efo re a c as t
exp ires (TTL). O nly s up p o rted b y imp l_z mq .
rpc_co nn_po o l _si ze = 30
(IntO p t) Siz e o f RPC c o nnec tio n p o o l.
rpc_respo nse_ti meo ut = 60
(IntO p t) Sec o nd s to wait fo r a res p o ns e fro m
a c all.
rpc_thread _po o l _si ze = 64
(IntO p t) Siz e o f RPC g reenthread p o o l.
[cells]
rpc_d ri ver_q ueue_base = cells.intercell
(StrO p t) Bas e q ueue name to us e when
c o mmunic ating b etween c ells . Vario us
to p ic s b y mes s ag e typ e will b e ap p end ed to
this .
[oslo_messaging_amqp]
14 6
al l o w_i nsecure_cl i ents = False
(Bo o lO p t) Ac c ep t c lients us ing either SSL o r
p lain TCP
bro ad cast_prefi x = broadcast
(StrO p t) ad d res s p refix us ed when
b ro ad c as ting to all s ervers
co ntai ner_name = None
(StrO p t) Name fo r the AMQ P c o ntainer
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
g ro up_req uest_prefi x = unicast
(StrO p t) ad d res s p refix when s end ing to any
s erver in g ro up
i d l e_ti meo ut = 0
(IntO p t) Timeo ut fo r inac tive c o nnec tio ns (in
s ec o nd s )
server_req uest_prefi x = exclusive
(StrO p t) ad d res s p refix us ed when s end ing
to a s p ec ific s erver
ssl _ca_fi l e =
(StrO p t) CA c ertific ate PEM file fo r verifing
s erver c ertific ate
ssl _cert_fi l e =
(StrO p t) Id entifying c ertific ate PEM file to
p res ent to c lients
ssl _key_fi l e =
(StrO p t) Private key PEM file us ed to s ig n
c ert_file c ertific ate
ssl _key_passwo rd = None
(StrO p t) Pas s wo rd fo r d ec ryp ting
s s l_key_file (if enc ryp ted )
trace = False
(Bo o lO p t) Deb ug : d ump AMQ P frames to
s td o ut
[upgrade_levels]
baseapi = None
(StrO p t) Set a vers io n c ap fo r mes s ag es s ent
to the b as e ap i in any s ervic e
2.1.1. Rabbit MQ
OpenStack Oslo RPC uses R ab b it MQ by default. Use these options to configure the
R ab b it MQ message system. The rpc_backend option is not required as long as
R ab b it MQ is the default messaging system. However, if it is included the configuration, you
must set it to no va. o penstack. co mmo n. rpc. i mpl _ko mbu.
rpc_backend=nova.openstack.common.rpc.impl_kombu
You can use these additional options to configure the R ab b it MQ messaging system. You
can configure messaging communication for different installation scenarios, tune retries for
RabbitMQ, and define the size of the RPC thread pool. To monitor notifications through
RabbitMQ, you must set the no ti fi cati o n_d ri ver option to
no va. o penstack. co mmo n. no ti fi er. rpc_no ti fi er in the no va. co nf file. The
default for sending usage data is sixty seconds plus a random number of seconds from zero
to sixty.
T ab le 2.3. D escrip t io n o f R ab b it MQ co n f ig u rat io n o p t io n s
14 7
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
14 8
ko mbu_reco nnect_d el ay = 1.0
(Flo atO p t) Ho w lo ng to wait b efo re
rec o nnec ting in res p o ns e to an AMQ P
c o ns umer c anc el no tific atio n.
ko mbu_ssl _ca_certs =
(StrO p t) SSL c ertific atio n autho rity file (valid
o nly if SSL enab led ).
ko mbu_ssl _certfi l e =
(StrO p t) SSL c ert file (valid o nly if SSL
enab led ).
ko mbu_ssl _keyfi l e =
(StrO p t) SSL key file (valid o nly if SSL
enab led ).
ko mbu_ssl _versi o n =
(StrO p t) SSL vers io n to us e (valid o nly if SSL
enab led ). valid values are TLSv1 and SSLv23.
SSLv2 and SSLv3 may b e availab le o n s o me
d is trib utio ns .
rabbi t_ha_q ueues = False
(Bo o lO p t) Us e HA q ueues in Rab b itMQ (xha-p o lic y: all). If yo u c hang e this o p tio n, yo u
mus t wip e the Rab b itMQ d atab as e.
rabbi t_ho st = localhost
(StrO p t) The Rab b itMQ b ro ker ad d res s
where a s ing le no d e is us ed .
rabbi t_ho sts = $rabbit_host:$rabbit_port
(Lis tO p t) Rab b itMQ HA c lus ter ho s t:p o rt
p airs .
rabbi t_l o g i n_metho d = AMQPLAIN
(StrO p t) The Rab b itMQ lo g in metho d .
rabbi t_max_retri es = 0
(IntO p t) Maximum numb er o f Rab b itMQ
c o nnec tio n retries . Default is 0 (infinite retry
c o unt).
rabbi t_passwo rd = guest
(StrO p t) The Rab b itMQ p as s wo rd .
rabbi t_po rt = 5672
(IntO p t) The Rab b itMQ b ro ker p o rt where a
s ing le no d e is us ed .
rabbi t_retry_backo ff = 2
(IntO p t) Ho w lo ng to b ac ko ff fo r b etween
retries when c o nnec ting to Rab b itMQ .
rabbi t_retry_i nterval = 1
(IntO p t) Ho w freq uently to retry c o nnec ting
with Rab b itMQ .
rabbi t_use_ssl = False
(Bo o lO p t) Co nnec t o ver SSL fo r Rab b itMQ .
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
rabbi t_useri d = guest
(StrO p t) The Rab b itMQ us erid .
rabbi t_vi rtual _ho st = /
(StrO p t) The Rab b itMQ virtual ho s t.
2.1.2. Configure messaging
Use these options to configure the R ab b it MQ and Q p id messaging drivers.
T ab le 2.4 . D escrip t io n o f AMQ P co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
amq p_auto _d el ete = False
(Bo o lO p t) Auto -d elete q ueues in AMQ P.
amq p_d urabl e_q ueues = False
(Bo o lO p t) Us e d urab le q ueues in AMQ P.
co ntro l _exchang e = openstack
(StrO p t) The d efault exc hang e und er whic h
to p ic s are s c o p ed . May b e o verrid d en b y an
exc hang e name s p ec ified in the trans p o rt_url
o p tio n.
d efaul t_publ i sher_i d = None
(StrO p t) Default p ub lis her_id fo r o utg o ing
no tific atio ns
no ti fi cati o n_d ri ver = []
(MultiStrO p t) Driver o r d rivers to hand le
s end ing no tific atio ns .
no ti fi cati o n_to pi cs = notifications
(Lis tO p t) AMQ P to p ic us ed fo r O p enStac k
no tific atio ns .
transpo rt_url = None
(StrO p t) A URL rep res enting the mes s ag ing
d river to us e and its full c o nfig uratio n. If no t
s et, we fall b ac k to the rp c _b ac kend o p tio n
and d river s p ec ific c o nfig uratio n.
T ab le 2.5. D escrip t io n o f R PC co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
matchmaker_heartbeat_freq = 300
(IntO p t) Heartb eat freq uenc y.
14 9
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
matchmaker_heartbeat_ttl = 600
(IntO p t) Heartb eat time-to -live.
rpc_backend = rabbit
(StrO p t) The mes s ag ing d river to us e,
d efaults to rab b it. O ther d rivers inc lud e q p id
and z mq .
rpc_cast_ti meo ut = 30
(IntO p t) Sec o nd s to wait b efo re a c as t
exp ires (TTL). O nly s up p o rted b y imp l_z mq .
rpc_co nn_po o l _si ze = 30
(IntO p t) Siz e o f RPC c o nnec tio n p o o l.
rpc_respo nse_ti meo ut = 60
(IntO p t) Sec o nd s to wait fo r a res p o ns e fro m
a c all.
rpc_thread _po o l _si ze = 64
(IntO p t) Siz e o f RPC g reenthread p o o l.
[cells]
rpc_d ri ver_q ueue_base = cells.intercell
(StrO p t) Bas e q ueue name to us e when
c o mmunic ating b etween c ells . Vario us
to p ic s b y mes s ag e typ e will b e ap p end ed to
this .
[oslo_messaging_amqp]
150
al l o w_i nsecure_cl i ents = False
(Bo o lO p t) Ac c ep t c lients us ing either SSL o r
p lain TCP
bro ad cast_prefi x = broadcast
(StrO p t) ad d res s p refix us ed when
b ro ad c as ting to all s ervers
co ntai ner_name = None
(StrO p t) Name fo r the AMQ P c o ntainer
g ro up_req uest_prefi x = unicast
(StrO p t) ad d res s p refix when s end ing to any
s erver in g ro up
i d l e_ti meo ut = 0
(IntO p t) Timeo ut fo r inac tive c o nnec tio ns (in
s ec o nd s )
server_req uest_prefi x = exclusive
(StrO p t) ad d res s p refix us ed when s end ing
to a s p ec ific s erver
ssl _ca_fi l e =
(StrO p t) CA c ertific ate PEM file fo r verifing
s erver c ertific ate
ssl _cert_fi l e =
(StrO p t) Id entifying c ertific ate PEM file to
p res ent to c lients
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
ssl _key_fi l e =
(StrO p t) Private key PEM file us ed to s ig n
c ert_file c ertific ate
ssl _key_passwo rd = None
(StrO p t) Pas s wo rd fo r d ec ryp ting
s s l_key_file (if enc ryp ted )
trace = False
(Bo o lO p t) Deb ug : d ump AMQ P frames to
s td o ut
[upgrade_levels]
baseapi = None
(StrO p t) Set a vers io n c ap fo r mes s ag es s ent
to the b as e ap i in any s ervic e
2.2. COMPUT E API RAT E LIMIT ING
OpenStack Compute supports API rate limiting for the OpenStack API. The rate limiting
allows an administrator to configure limits on the type and number of API calls that can be
made in a specific time interval.
When API rate limits are exceeded, HTTP requests return an error with a status code of 403
Forbidden.
Rate limiting is not available for the EC2 API.
Limit s
To define limits, set these values:
The H T T P met h o d used in the API call, typically one of GET, PUT, POST, or D ELETE.
A h u man read ab le U R I that is used as a friendly description of where the limit is
applied.
A reg u lar exp ressio n . The limit is applied to all URIs that match the regular expression
and HTTP method.
A limit valu e that specifies the maximum count of units before the limit takes effect.
An in t erval that specifies time frame to which the limit is applied. The interval can be
SECOND , MINUTE, HOUR, or D AY.
Rate limits are applied in relative order to the HTTP method, going from least to most specific.
Default limit s
151
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Default limit s
Normally, you install OpenStack Compute with the following limits enabled:
T ab le 2.6 . D ef au lt API rat e limit s
HT T P met hod
API URI
API regular
expression
Limit
PO ST
any URI (* )
.*
120 p er minute
PO ST
/s ervers
^/s ervers
120 p er minute
PUT
any URI (* )
.*
120 p er minute
G ET
* c hang es -s inc e*
.* c hang es -s inc e.*
120 p er minute
DELETE
any URI (* )
.*
120 p er minute
G ET
* /o s -fp ing
^/o s -fp ing
12 p er minute
Configure and change limit s
As part of the WSGI pipeline, the etc/no va/api -paste. i ni file defines the actual limits.
To enable limits, include the ratel i mi t' filter in the API pipeline specification. If the
ratel i mi t filter is removed from the pipeline, limiting is disabled. You must also define the
rate limit filter. The lines appear as follows:
[pipeline:openstack_compute_api_v2]
pipeline = faultwrap authtoken keystonecontext ratelimit
osapi_compute_app_v2
[pipeline:openstack_volume_api_v1]
pipeline = faultwrap authtoken keystonecontext ratelimit
osapi_volume_app_v1
[filter:ratelimit]
paste.filter_factory =
nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
To modify the limits, add a l i mi ts specification to the [fi l ter: ratel i mi t] section of
the file. Specify the limits in this order:
1. HTTP method
2. friendly URI
3. regex
152
CHAPT ER 2 . CO MPUT E
3. regex
4. limit
5. interval
The following example shows the default rate-limiting values:
[filter:ratelimit]
paste.filter_factory =
nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
limits =(POST, "*", .*, 120, MINUTE);(POST, "*/servers", ^/servers,
120, MINUTE);(PUT, "*", .*, 120, MINUTE);(GET, "*changes-since*",
.*changes-since.*, 120, MINUTE);(DELETE, "*", .*, 120, MINUTE);(GET,
"*/os-fping", ^/os-fping, 12, MINUTE)
2.3. FIBRE CHANNEL SUPPORT IN COMPUT E
Fibre Channel support in OpenStack Compute is remote block storage attached to compute
nodes for VMs.
In the Grizzly release, Fibre Channel supported only the KVM hypervisor.
Compute and Block Storage for Fibre Channel do not support automatic zoning. Fibre
Channel arrays must be pre-zoned or directly attached to the KVM hosts.
2.3.1. KVM host requirement s
You must install these packages on the KVM host:
sysfsutils - Nova uses the systool application in this package.
sg3-utils or sg3_utils - Nova uses the sg_scan and sginfo applications.
Installing the multipath-tools package is optional.
2.4 . HYPERVISORS
Red Hat Enterprise Linux OpenStack Platform is only supported for use with the l i bvi rt
driver (using KVM as the hypervisor on Compute nodes) or the VMware vCenter hypervisor
driver. Refer to https://access.redhat.com/knowledge/articles/744153 for more information
regarding the configuration of the VMware vCenter driver.
153
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
This release also includes Ironic as a technology preview. Ironic allows for the provision of
bare-metal machines using common technologies (such as PXE boot and IPMI) to cover a
wide range of hardware, while supporting pluggable drivers to allow the addition of vendorspecific functionality. For more information about Ironic, refer to Introduction to Ironic.
Red Hat does not provide support for other Compute virtualization drivers such as the
deprecated VMware " direct-to-ESX" hypervisor, and non-KVM libvirt hypervisors.
2.4 .1. KVM
KVM is configured as the default hypervisor for Compute.
Note
This document contains several sections about hypervisor selection. If you are
reading this document linearly, you do not want to load the KVM module before you
install no va-co mpute. The no va-co mpute service depends on qemu-kvm, which
installs /l i b/ud ev/rul es. d /4 5-q emu-kvm. rul es, which sets the correct
permissions on the /dev/kvm device node.
To enable KVM explicitly, add the following configuration options to the
/etc/no va/no va. co nf file:
compute_driver = libvirt.LibvirtDriver
[libvirt]
virt_type = kvm
The KVM hypervisor supports the following virtual machine image formats:
Raw
QEMU Copy-on-write (qcow2)
QED Qemu Enhanced D isk
VMware virtual machine disk format (vmdk)
2 .4 .1 .1 . Spe cify t he CPU m o de l o f KVM gue st s
The Compute service enables you to control the guest CPU model that is exposed to KVM
virtual machines. Use cases include:
To maximize performance of virtual machines by exposing new host CPU features to the
guest
154
CHAPT ER 2 . CO MPUT E
To ensure a consistent default CPU across all machines, removing reliance of variable
QEMU defaults
In libvirt, the CPU is specified by providing a base CPU model name (which is a shorthand
for a set of feature flags), a set of additional feature flags, and the topology
(sockets/cores/threads). The libvirt KVM driver provides a number of standard CPU model
names. These models are defined in the /usr/share/l i bvi rt/cpu_map. xml file. Check
this file to determine which models are supported by your local installation.
Two Compute configuration options in the [l i bvi rt] group of no va. co nf define which
type of CPU model is exposed to the hypervisor when using KVM: cpu_mo d e and
cpu_mo d el .
The cpu_mo d e option can take one of the following values: no ne, ho st-passthro ug h,
ho st-mo d el , and custo m.
H o st mo d el ( d ef au lt f o r K VM & Q EMU )
If your no va. co nf file contains cpu_mo d e= ho st-mo d el , libvirt identifies the CPU model
in /usr/share/l i bvi rt/cpu_map. xml file that most closely matches the host, and
requests additional CPU flags to complete the match. This configuration provides the
maximum functionality and performance and maintains good reliability and compatibility if
the guest is migrated to another host with slightly different host CPUs.
H o st p ass t h ro u g h
If your no va. co nf file contains cpu_mo d e= ho st-passthro ug h, libvirt tells KVM to pass
through the host CPU with no modifications. The difference to host-model, instead of just
matching feature flags, every last detail of the host CPU is matched. This gives the best
performance, and can be important to some apps which check low level CPU details, but it
comes at a cost with respect to migration. The guest can only be migrated to a matching host
CPU.
C u st o m
If your no va. co nf file contains cpu_mo d e= custo m, you can explicitly specify one of the
supported named models using the cpu_model configuration option. For example, to
configure the KVM guests to expose Nehalem CPUs, your no va. co nf file should contain:
[libvirt]
cpu_mode = custom
cpu_model = Nehalem
N o n e ( d ef au lt f o r all lib virt - d riven h yp erviso rs o t h er t h an K VM & Q EMU )
If your no va. co nf file contains cpu_mo d e= no ne, libvirt does not specify a CPU model.
Instead, the hypervisor chooses the default model.
2 .4 .1 .2 . Gue st age nt suppo rt
155
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Use guest agents to enable optional access between compute nodes and guests through a
socket, using the QMP protocol.
To enable this feature, you must set hw_q emu_g uest_ag ent= yes as a metadata parameter
on the image you wish to use to create the guest-agent-capable instances from. You can
explicitly disable the feature by setting hw_q emu_g uest_ag ent= no in the image metadata.
2 .4 .1 .3. KVM pe rfo rm ance t we aks
The VHostNet kernel module improves network performance. To load the kernel module, run
the following command as root:
# modprobe vhost_net
2 .4 .1 .4 . T ro uble sho o t KVM
Trying to launch a new virtual machine instance fails with the ER R O R state, and the following
error appears in the /var/l o g /no va/no va-co mpute. l o g file:
libvirtError: internal error no supported architecture for os type
'hvm'
This message indicates that the KVM kernel modules were not loaded.
If you cannot start VMs after installation without rebooting, the permissions might not be set
correctly. This can happen if you load the KVM module before you install no va-co mpute.
To check whether the group is set to kvm, run:
# ls -l /dev/kvm
If it is not set to kvm, run:
# udevadm trigger
2.5. SCHEDULING
Compute uses the no va-sched ul er service to determine how to dispatch compute and
volume requests. For example, the no va-sched ul er service determines on which host a
VM should launch. In the context of filters, the term host means a physical node that has a
no va-co mpute service running on it. You can configure the scheduler through a variety of
options.
Compute is configured with the following default scheduler options in the
/etc/no va/no va. co nf file:
scheduler_driver=nova.scheduler.multi.MultiScheduler
scheduler_driver_task_period = 60
156
CHAPT ER 2 . CO MPUT E
scheduler_driver = nova.scheduler.filter_scheduler.FilterScheduler
scheduler_available_filters = nova.scheduler.filters.all_filters
scheduler_default_filters = RetryFilter, AvailabilityZoneFilter,
RamFilter, ComputeFilter, ComputeCapabilitiesFilter,
ImagePropertiesFilter, ServerGroupAntiAffinityFilter,
ServerGroupAffinityFilter
By default, the scheduler_driver is configured as a filter scheduler, as described in the
next section. In the default configuration, this scheduler considers hosts that meet all the
following criteria:
Have not been attempted for scheduling purposes (R etryFi l ter).
Are in the requested availability zone (Avai l abi l i tyZo neFi l ter).
Have sufficient RAM available (R amFi l ter).
Can service the request (C o mputeFi l ter).
Satisfy the extra specs associated with the instance type
(C o mputeC apabi l i ti esFi l ter).
Satisfy any architecture, hypervisor type, or virtual machine mode properties specified on
the instance's image properties (Imag eP ro perti esFi l ter).
Are on a different host than other instances of a group (if requested)
(ServerG ro upAnti Affi ni tyFi l ter).
Are in a set of group hosts (if requested) (ServerG ro upAffi ni tyFi l ter).
The scheduler caches its list of available hosts; use the
sched ul er_d ri ver_task_peri o d option to specify how often the list is updated.
Note
D o not configure servi ce_d o wn_ti me to be much smaller than
sched ul er_d ri ver_task_peri o d ; otherwise, hosts appear to be dead while the
host list is being cached.
For information about the volume scheduler, see the Block Storage section of OpenStack
Cloud Administrator Guide.
The scheduler chooses a new host when an instance is migrated.
157
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
When evacuating instances from a host, the scheduler service does not pick the next host.
Instances are evacuated to the host explicitly defined by the administrator. For information
about instance evacuation, see Evacuate instances section of the OpenStack Cloud
Administrator Guide.
2.5.1. Filt er scheduler
The filter scheduler (no va. sched ul er. fi l ter_sched ul er. Fi l terSched ul er) is the
default scheduler for scheduling virtual machine instances. It supports filtering and
weighting to make informed decisions on where a new instance should be created.
2.5.2. Filt ers
When the filter scheduler receives a request for a resource, it first applies filters to determine
which hosts are eligible for consideration when dispatching a resource. Filters are binary:
either a host is accepted by the filter, or it is rejected. Hosts that are accepted by the filter are
then processed by a different algorithm to decide which hosts to use for that request,
described in the Weights section.
The sched ul er_avai l abl e_fi l ters configuration option in no va. co nf provides the
Compute service with the list of the filters that are used by the scheduler. The default setting
specifies all of the filter that are included with the Compute service:
scheduler_available_filters = nova.scheduler.filters.all_filters
This configuration option can be specified multiple times. For example, if you implemented
your own custom filter in Python called myfi l ter. MyFi l ter and you wanted to use both
the built-in filters and your custom filter, your no va. co nf file would contain:
scheduler_available_filters = nova.scheduler.filters.all_filters
scheduler_available_filters = myfilter.MyFilter
The sched ul er_d efaul t_fi l ters configuration option in no va. co nf defines the list of
filters that are applied by the no va-sched ul er service. The default filters are:
scheduler_default_filters = RetryFilter, AvailabilityZoneFilter,
RamFilter, ComputeFilter, ComputeCapabilitiesFilter,
ImagePropertiesFilter, ServerGroupAntiAffinityFilter,
ServerGroupAffinityFilter
The following sections describe the available filters.
2 .5 .2 .1 . Aggre gat e Co re Filt e r
Filters host by CPU core numbers with a per-aggregate cpu_al l o cati o n_rati o value. If
the per-aggregate value is not found, the value falls back to the global setting. If the host is
in more than one aggregate and more than one value is found, the minimum value will be
used. See also Section 2.5.2.14, “ CoreFilter” .
158
CHAPT ER 2 . CO MPUT E
2 .5 .2 .2 . Aggre gat e DiskFilt e r
Filters host by disk allocation with a per-aggregate d i sk_al l o cati o n_rati o value. If the
per-aggregate value is not found, the value falls back to the global setting. If the host is in
more than one aggregate and more than one value is found, the minimum value will be used.
See also Section 2.5.2.16, “ D iskFilter” .
2 .5 .2 .3. Aggre gat e Im age Pro pe rt ie sIso lat io n
Matches properties defined in an image's metadata against those of aggregates to determine
host matches:
If a host belongs to an aggregate and the aggregate defines one or more metadata that
matches an image's properties, that host is a candidate to boot the image's instance.
If a host does not belong to any aggregate, it can boot instances from all images.
For example, the following aggregate myWi nAg g has the Windows operating system as
metadata (named 'windows'):
$ nova aggregate-details MyWinAgg
+----+----------+-------------------+------------+---------------+
| Id | Name
| Availability Zone | Hosts
| Metadata
|
+----+----------+-------------------+------------+---------------+
| 1 | MyWinAgg | None
| 'sf-devel' | 'os=windows' |
+----+----------+-------------------+------------+---------------+
In this example, because the following Win-2012 image has the windows property, it boots
on the sf-d evel host (all other filters being equal):
$ glance image-show Win-2012
+------------------+--------------------------------------+
| Property
| Value
|
+------------------+--------------------------------------+
| Property 'os'
| windows
|
| checksum
| f8a2eeee2dc65b3d9b6e63678955bd83
|
| container_format | ami
|
| created_at
| 2013-11-14T13:24:25
|
| ...
You can configure the Ag g reg ateImag eP ro perti esIso l ati o n filter by using the
following options in the no va. co nf file:
# Considers only keys matching the given namespace (string).
aggregate_image_properties_isolation_namespace = <None>
# Separator used between the namespace and keys (string).
aggregate_image_properties_isolation_separator = .
159
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
2 .5 .2 .4 . Aggre gat e Inst ance Ext raSpe csFilt e r
Matches properties defined in extra specs for an instance type against admin-defined
properties on a host aggregate. Works with specifications that are scoped with
ag g reg ate_i nstance_extra_specs. For backward compatibility, also works with nonscoped specifications; this action is highly discouraged because it conflicts with
ComputeCapabilitiesFilter filter when you enable both filters.
2 .5 .2 .5 . Aggre gat e Io OpsFilt e r
Filters host by disk allocation with a per-aggregate max_i o _o ps_per_ho st value. If the
per-aggregate value is not found, the value falls back to the global setting. If the host is in
more than one aggregate and more than one value is found, the minimum value will be used.
See also Section 2.5.2.21, “ IoOpsFilter” .
2 .5 .2 .6 . Aggre gat e Mult iT e nancyIso lat io n
Isolates tenants to specific host aggregates. If a host is in an aggregate that has the
fi l ter_tenant_i d metadata key, the host creates instances from only that tenant or list of
tenants. A host can be in different aggregates. If a host does not belong to an aggregate with
the metadata key, the host can create instances from all tenants.
2 .5 .2 .7 . Aggre gat e Num Inst ance sFilt e r
Filters host by number of instances with a per-aggregate max_i nstances_per_ho st value.
If the per-aggregate value is not found, the value falls back to the global setting. If the host is
in more than one aggregate and thus more than one value is found, the minimum value will
be used. See also Section 2.5.2.24, “ NumInstancesFilter” .
2 .5 .2 .8 . Aggre gat e Ram Filt e r
Filters host by RAM allocation of instances with a per-aggregate ram_al l o cati o n_rati o
value. If the per-aggregate value is not found, the value falls back to the global setting. If the
host is in more than one aggregate and thus more than one value is found, the minimum
value will be used. See also Section 2.5.2.26, “ RamFilter” .
2 .5 .2 .9 . Aggre gat e T ype Affinit yFilt e r
Filters host by per-aggregate i nstance_type value. See also Section 2.5.2.33,
“ TypeAffinityFilter” .
2 .5 .2 .1 0 . AllHo st sFilt e r
This is a no-op filter. It does not eliminate any of the available hosts.
2 .5 .2 .1 1 . Availabilit yZo ne Filt e r
160
CHAPT ER 2 . CO MPUT E
Filters hosts by availability zone. You must enable this filter for the scheduler to respect
availability zones in requests.
2 .5 .2 .1 2 . Co m put e Capabilit ie sFilt e r
Matches properties defined in extra specs for an instance type against compute capabilities.
If an extra specs key contains a colon (: ), anything before the colon is treated as a
namespace and anything after the colon is treated as the key to be matched. If a namespace
is present and is not capabi l i ti es, the filter ignores the namespace. For backward
compatibility, also treats the extra specs key as the key to be matched if no namespace is
present; this action is highly discouraged because it conflicts with
AggregateInstanceExtraSpecsFilter filter when you enable both filters.
2 .5 .2 .1 3. Co m put e Filt e r
Passes all hosts that are operational and enabled.
In general, you should always enable this filter.
2 .5 .2 .1 4 . Co re Filt e r
Only schedules instances on hosts if sufficient CPU cores are available. If this filter is not set,
the scheduler might over-provision a host based on cores. For example, the virtual cores
running on an instance may exceed the physical cores.
You can configure this filter to enable a fixed amount of vCPU overcommitment by using the
cpu_al l o cati o n_rati o configuration option in no va. co nf. The default setting is:
cpu_allocation_ratio = 16.0
With this setting, if 8 vCPUs are on a node, the scheduler allows instances up to 128 vCPU
to be run on that node.
To disallow vCPU overcommitment set:
cpu_allocation_ratio = 1.0
Note
The Compute API always returns the actual number of CPU cores available on a
compute node regardless of the value of the cpu_al l o cati o n_rati o
configuration key. As a result changes to the cpu_al l o cati o n_rati o are not
reflected via the command line clients or the dashboard. Changes to this
configuration key are only taken into account internally in the scheduler.
2 .5 .2 .1 5 . Diffe re nt Ho st Filt e r
161
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Schedules the instance on a different host from a set of instances. To take advantage of this
filter, the requester must pass a scheduler hint, using d i fferent_ho st as the key and a list
of instance UUID s as the value. This filter is the opposite of the SameHo stFi l ter. Using the
no va command-line tool, use the --hi nt flag. For example:
$ nova boot --image cedef40a-ed67-4d10-800e-17455edce175 --flavor 1
\ --hint different_host=a0cf03a5-d921-4877-bb5c-86d26cf818e1 \ -hint different_host=8c19174f-4220-44f0-824a-cd1eeef10287 server-1
With the API, use the o s: sched ul er_hi nts key. For example:
{
"server": {
"name": "server-1",
"imageRef": "cedef40a-ed67-4d10-800e-17455edce175",
"flavorRef": "1"
},
"os:scheduler_hints": {
"different_host": [
"a0cf03a5-d921-4877-bb5c-86d26cf818e1",
"8c19174f-4220-44f0-824a-cd1eeef10287"
]
}
}
2 .5 .2 .1 6 . DiskFilt e r
Only schedules instances on hosts if there is sufficient disk space available for root and
ephemeral storage.
You can configure this filter to enable a fixed amount of disk overcommitment by using the
d i sk_al l o cati o n_rati o configuration option in no va. co nf. The default setting is:
disk_allocation_ratio = 1.0
Adjusting this value to greater than 1.0 enables scheduling instances while over committing
disk resources on the node. This might be desirable if you use an image format that is
sparse or copy on write so that each virtual instance does not require a 1:1 allocation of
virtual disk to physical storage.
2 .5 .2 .1 7 . Gro upAffinit yFilt e r
Note
This filter is deprecated in favor of ServerGroupAffinityFilter.
162
CHAPT ER 2 . CO MPUT E
The GroupAffinityFilter ensures that an instance is scheduled on to a host from a set of
group hosts. To take advantage of this filter, the requester must pass a scheduler hint, using
g ro up as the key and an arbitrary name as the value. Using the no va command-line tool,
use the --hi nt flag. For example:
$ nova boot --image IMAGE_ID --flavor 1 --hint group=foo server-1
This filter should not be enabled at the same time as GroupAntiAffinityFilter or neither filter
will work properly.
2 .5 .2 .1 8 . Gro upAnt iAffinit yFilt e r
Note
This filter is deprecated in favor of ServerGroupAntiAffinityFilter.
The GroupAntiAffinityFilter ensures that each instance in a group is on a different host. To
take advantage of this filter, the requester must pass a scheduler hint, using g ro up as the
key and an arbitrary name as the value. Using the no va command-line tool, use the --hi nt
flag. For example:
$ nova boot --image IMAGE_ID --flavor 1 --hint group=foo server-1
This filter should not be enabled at the same time as GroupAffinityFilter or neither filter will
work properly.
2 .5 .2 .1 9 . Im age Pro pe rt ie sFilt e r
Filters hosts based on properties defined on the instance's image. It passes hosts that can
support the specified image properties contained in the instance. Properties include the
architecture, hypervisor type, and virtual machine mode. for example, an instance might
require a host that runs an ARM-based processor and QEMU as the hypervisor. An image
can be decorated with these properties by using:
$ glance image-update img-uuid --property architecture=arm -property hypervisor_type=qemu
The image properties that the filter checks for are:
archi tecture: Architecture describes the machine architecture required by the image.
Examples are i686, x86_64, arm, and ppc64.
hypervi so r_type: Hypervisor type describes the hypervisor required by the image.
Examples are xen, qemu, and xenapi. Note that qemu is used for both QEMU and KVM
hypervisor types.
vm_mo d e: Virtual machine mode describes the hypervisor application binary interface
(ABI) required by the image. Examples are 'xen' for Xen 3.0 paravirtual ABI, 'hvm' for
163
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
native ABI, 'uml' for User Mode Linux paravirtual ABI, exe for container virt executable
ABI.
2 .5 .2 .2 0 . Iso lat e dHo st sFilt e r
Allows the admin to define a special (isolated) set of images and a special (isolated) set of
hosts, such that the isolated images can only run on the isolated hosts, and the isolated
hosts can only run isolated images. The flag
restri ct_i so l ated _ho sts_to _i so l ated _i mag es can be used to force isolated hosts
to only run isolated images.
The admin must specify the isolated set of images and hosts in the no va. co nf file using the
i so l ated _ho sts and i so l ated _i mag es configuration options. For example:
isolated_hosts = server1, server2
isolated_images = 342b492c-128f-4a42-8d3a-c5088cf27d13, ebd267a6-ca864d6c-9a0e-bd132d6b7d09
2 .5 .2 .2 1 . Io OpsFilt e r
The IoOpsFilter filters hosts by concurrent I/O operations on it. Hosts with too many
concurrent I/O operations will be filtered out. The max_i o _o ps_per_ho st option specifies
the maximum number of I/O intensive instances allowed to run on a host. A host will be
ignored by the scheduler if more than max_i o _o ps_per_ho st instances in build, resize,
snapshot, migrate, rescue or unshelve task states are running on it.
2 .5 .2 .2 2 . Jso nFilt e r
The JsonFilter allows a user to construct a custom filter by passing a scheduler hint in JSON
format. The following operators are supported:
=
<
>
in
<=
>=
not
or
164
CHAPT ER 2 . CO MPUT E
and
The filter supports the following variables:
$free_ram_mb
$free_d i sk_mb
$to tal _usabl e_ram_mb
$vcpus_to tal
$vcpus_used
Using the no va command-line tool, use the --hi nt flag:
$ nova boot --image 827d564a-e636-4fc4-a376-d36f7ebe1747 \ --flavor
1 --hint query='[">=","$free_ram_mb",1024]' server1
With the API, use the o s: sched ul er_hi nts key:
{
"server": {
"name": "server-1",
"imageRef": "cedef40a-ed67-4d10-800e-17455edce175",
"flavorRef": "1"
},
"os:scheduler_hints": {
"query": "[>=,$free_ram_mb,1024]"
}
}
2 .5 .2 .2 3. Me t ricsFilt e r
Filters hosts based on metrics wei g ht_setti ng . Only hosts with the available metrics are
passed so that the metrics weigher will not fail due to these hosts.
2 .5 .2 .2 4 . Num Inst ance sFilt e r
Hosts that have more instances running than specified by the max_i nstances_per_ho st
option are filtered out when this filter is in place.
2 .5 .2 .2 5 . PciPasst hro ughFilt e r
The filter schedules instances on a host if the host has devices that meet the device requests
in the extra_specs attribute for the flavor.
2 .5 .2 .2 6 . Ram Filt e r
165
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Only schedules instances on hosts that have sufficient RAM available. If this filter is not set,
the scheduler may over provision a host based on RAM (for example, the RAM allocated by
virtual machine instances may exceed the physical RAM).
You can configure this filter to enable a fixed amount of RAM overcommitment by using the
ram_al l o cati o n_rati o configuration option in no va. co nf. The default setting is:
ram_allocation_ratio = 1.5
This setting enables 1.5 GB instances to run on any compute node with 1 GB of free RAM.
Warn in g
Overcommitting is not an ideal solution for all memory issues. Rather, the
recommended methods to deal with memory shortage are to allocate less memory
per guest, add more physical memory to the host, or utilize swap space. If you
decide to leave memory overcommitment enabled, ensure sufficient testing is
performed. Contact Red Hat's support services for assistance with
overcommitting.
To disable RAM overcommitment, set ram_al l o cati o n_rati o to 1. 0 .
2 .5 .2 .2 7 . Re t ryFilt e r
Filters out hosts that have already been attempted for scheduling purposes. If the scheduler
selects a host to respond to a service request, and the host fails to respond to the request,
this filter prevents the scheduler from retrying that host for the service request.
This filter is only useful if the sched ul er_max_attempts configuration option is set to a
value greater than zero.
2 .5 .2 .2 8 . Sam e Ho st Filt e r
Schedules the instance on the same host as another instance in a set of instances. To take
advantage of this filter, the requester must pass a scheduler hint, using same_ho st as the
key and a list of instance UUID s as the value. This filter is the opposite of the
D i fferentHo stFi l ter. Using the no va command-line tool, use the --hi nt flag:
$ nova boot --image cedef40a-ed67-4d10-800e-17455edce175 --flavor 1
\ --hint same_host=a0cf03a5-d921-4877-bb5c-86d26cf818e1 \ --hint
same_host=8c19174f-4220-44f0-824a-cd1eeef10287 server-1
With the API, use the o s: sched ul er_hi nts key:
{
"server": {
"name": "server-1",
166
CHAPT ER 2 . CO MPUT E
"imageRef": "cedef40a-ed67-4d10-800e-17455edce175",
"flavorRef": "1"
},
"os:scheduler_hints": {
"same_host": [
"a0cf03a5-d921-4877-bb5c-86d26cf818e1",
"8c19174f-4220-44f0-824a-cd1eeef10287"
]
}
}
2 .5 .2 .2 9 . Se rve rGro upAffinit yFilt e r
The ServerGroupAffinityFilter ensures that an instance is scheduled on to a host from a set
of group hosts. To take advantage of this filter, the requester must create a server group with
an affi ni ty policy, and pass a scheduler hint, using g ro up as the key and the server
group UUID as the value. Using the no va command-line tool, use the --hi nt flag. For
example:
$ nova server-group-create --policy affinity group-1
$ nova boot --image IMAGE_ID --flavor 1 --hint
group=SERVER_GROUP_UUID server-1
2 .5 .2 .30 . Se rve rGro upAnt iAffinit yFilt e r
The ServerGroupAntiAffinityFilter ensures that each instance in a group is on a different
host. To take advantage of this filter, the requester must create a server group with an anti affi ni ty policy, and pass a scheduler hint, using g ro up as the key and the server group
UUID as the value. Using the no va command-line tool, use the --hi nt flag. For example:
$ nova server-group-create --policy anti-affinity group-1
$ nova boot --image IMAGE_ID --flavor 1 --hint
group=SERVER_GROUP_UUID server-1
2 .5 .2 .31 . Sim ple CIDRAffinit yFilt e r
Schedules the instance based on host IP subnet range. To take advantage of this filter, the
requester must specify a range of valid IP address in CID R format, by passing two scheduler
hints:
bui l d _near_ho st_i p
The first IP address in the subnet (for example, 19 2. 16 8. 1. 1)
ci d r
The CID R that corresponds to the subnet (for example, /24 )
167
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Using the no va command-line tool, use the --hi nt flag. For example, to specify the IP
subnet 19 2. 16 8. 1. 1/24
$ nova boot --image cedef40a-ed67-4d10-800e-17455edce175 --flavor 1
\ --hint build_near_host_ip=192.168.1.1 --hint cidr=/24 server-1
With the API, use the o s: sched ul er_hi nts key:
{
"server": {
"name": "server-1",
"imageRef": "cedef40a-ed67-4d10-800e-17455edce175",
"flavorRef": "1"
},
"os:scheduler_hints": {
"build_near_host_ip": "192.168.1.1",
"cidr": "24"
}
}
2 .5 .2 .32 . T rust e dFilt e r
Filters hosts based on their trust. Only passes hosts that meet the trust requirements
specified in the instance properties.
2 .5 .2 .33. T ype Affinit yFilt e r
D ynamically limits hosts to one instance type. An instance can only be launched on a host,
if no instance with different instances types are running on it, or if the host has no running
instances at all.
2.5.3. Weight s
When resourcing instances, the filter scheduler filters and weights each host in the list of
acceptable hosts. Each time the scheduler selects a host, it virtually consumes resources on
it, and subsequent selections are adjusted accordingly. This process is useful when the
customer asks for the same large amount of instances, because weight is computed for each
requested instance.
All weights are normalized before being summed up; the host with the largest weight is given
the highest priority.
If cells are used, cells are weighted by the scheduler in the same manner as hosts.
Hosts and cells are weighted based on the following options in the
/etc/no va/no va. co nf file:
T ab le 2.7. H o st weig h t in g o p t io n s
168
CHAPT ER 2 . CO MPUT E
Sect io
n
O pt ion
Descript ion
[DEFA
ULT]
ram_wei g ht_mul t
i pl i er
By d efault, the s c hed uler s p read s ins tanc es ac ro s s all
ho s ts evenly. Set the ram_wei g ht_mul ti pl i er o p tio n
to a neg ative numb er if yo u p refer s tac king ins tead o f
s p read ing . Us e a flo ating -p o int value.
[DEFA
ULT]
sched ul er_ho st_
subset_si ze
New ins tanc es are s c hed uled o n a ho s t that is c ho s en
rand o mly fro m a s ub s et o f the N b es t ho s ts . This
p ro p erty d efines the s ub s et s iz e fro m whic h a ho s t is
c ho s en. A value o f 1 c ho o s es the firs t ho s t returned b y the
weig hting func tio ns . This value mus t b e at leas t 1. A value
les s than 1 is ig no red , and 1 is us ed ins tead . Us e an
integ er value.
[DEFA
ULT]
sched ul er_wei g h
t_cl asses
Defaults to
no va. sched ul er. wei g hts. al l _wei g hers , whic h
s elec ts the RamWeig her. Ho s ts are then weig hted and
s o rted with the larg es t weig ht winning .
[metric
s]
wei g ht_mul ti pl i
er
Multip lier fo r weig hting metric s . Us e a flo ating -p o int
value.
[metric
s]
wei g ht_setti ng
Determines ho w metric s are weig hted . Us e a c o mmas ep arated lis t o f metric Name=ratio . Fo r examp le:
" name1=1.0 , name2=-1.0 " res ults in: name1. val ue *
1. 0 + name2. val ue * -1. 0
[metric
s]
req ui red
Sp ec ifies ho w to treat unavailab le metric s :
True—Rais es an exc ep tio n. To avo id the rais ed
exc ep tio n, yo u s ho uld us e the s c hed uler filter
Metri cFi l ter to filter o ut ho s ts with unavailab le
metric s .
Fals e—Treated as a neg ative fac to r in the weig hting
p ro c es s (us es the wei g ht_o f_unavai l abl e
o p tio n).
[metric
s]
wei g ht_o f_unava
i l abl e
If req ui red is s et to Fals e, and any o ne o f the metric s
s et b y wei g ht_setti ng is unavailab le, the
wei g ht_o f_unavai l abl e value is returned to the
s c hed uler.
For example:
[DEFAULT]
scheduler_host_subset_size = 1
scheduler_weight_classes = nova.scheduler.weights.all_weighers
ram_weight_multiplier = 1.0
169
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
[metrics]
weight_multiplier = 1.0
weight_setting = name1=1.0, name2=-1.0
required = false
weight_of_unavailable = -10000.0
T ab le 2.8. C ell weig h t in g o p t io n s
Sect io
n
O pt ion
Descript ion
[c ells ]
mute_wei g ht_mul t
i pl i er
Multip lier to weig ht mute c hild ren (ho s ts whic h have no t
s ent c ap ac ity o r c ap ac ity up d ates fo r s o me time). Us e a
neg ative, flo ating -p o int value.
[c ells ]
mute_wei g ht_val
ue
Weig ht value as s ig ned to mute c hild ren. Us e a p o s itive,
flo ating -p o int value with a maximum o f ' 1.0 ' .
[c ells ]
o ffset_wei g ht_m
ul ti pl i er
Multip lier to weig ht c ells , s o yo u c an s p ec ify a p referred
c ell. Us e a flo ating p o int value.
[c ells ]
ram_wei g ht_mul t
i pl i er
By d efault, the s c hed uler s p read s ins tanc es ac ro s s all
c ells evenly. Set the ram_wei g ht_mul ti pl i er o p tio n
to a neg ative numb er if yo u p refer s tac king ins tead o f
s p read ing . Us e a flo ating -p o int value.
[c ells ]
sched ul er_wei g h
t_cl asses
Defaults to no va. cel l s. wei g hts. al l _wei g hers ,
whic h map s to all c ell weig hters inc lud ed with Co mp ute.
Cells are then weig hted and s o rted with the larg es t weig ht
winning .
For example:
[cells]
scheduler_weight_classes = nova.cells.weights.all_weighers
mute_weight_multiplier = -10.0
mute_weight_value = 1000.0
ram_weight_multiplier = 1.0
offset_weight_multiplier = 1.0
2.5.4 . Chance scheduler
As an administrator, you work with the filter scheduler. However, the Compute service also
uses the Chance Scheduler, no va. sched ul er. chance. C hanceSched ul er, which
randomly selects from lists of filtered hosts.
2.6. CELLS
Cells functionality enables you to scale an OpenStack Compute cloud in a more distributed
170
CHAPT ER 2 . CO MPUT E
fashion without having to use complicated technologies like database and message queue
clustering. It supports very large deployments.
When this functionality is enabled, the hosts in an OpenStack Compute cloud are partitioned
into groups called cells. Cells are configured as a tree. The top-level cell should have a host
that runs a no va-api service, but no no va-co mpute services. Each child cell should run
all of the typical no va-* services in a regular Compute cloud except for no va-api . You can
think of cells as a normal Compute deployment in that each cell has its own database server
and message queue broker.
The no va-cel l s service handles communication between cells and selects cells for new
instances. This service is required for every cell. Communication between cells is pluggable,
and currently the only option is communication through RPC.
Cells scheduling is separate from host scheduling. no va-cel l s first picks a cell. Once a
cell is selected and the new build request reaches its no va-cel l s service, it is sent over to
the host scheduler in that cell and the build proceeds as it would have without cells.
Warn in g
Cell functionality is currently considered experimental.
2.6.1. Cell configurat ion opt ions
Cells are disabled by default. All cell-related configuration options appear in the [cel l s]
section in no va. co nf. The following cell-related options are currently supported:
enabl e
Set to T rue to turn on cell functionality. D efault is fal se.
name
Name of the current cell. Must be unique for each cell.
capabi l i ti es
List of arbitrary key= value pairs defining capabilities of the current cell. Values
include hypervi so r= xenserver;kvm,o s= l i nux;wi nd o ws.
cal l _ti meo ut
How long in seconds to wait for replies from calls between cells.
sched ul er_fi l ter_cl asses
171
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Filter classes that the cells scheduler should use. By default, uses
" no va. cel l s. fi l ters. al l _fi l ters" to map to all cells filters included with
Compute.
sched ul er_wei g ht_cl asses
Weight classes that the scheduler for cells uses. By default, uses
no va. cel l s. wei g hts. al l _wei g hers to map to all cells weight algorithms
included with Compute.
ram_wei g ht_mul ti pl i er
Multiplier used to weight RAM. Negative numbers indicate that Compute should stack
VMs on one host instead of spreading out new VMs to more hosts in the cell. The
default value is 10.0.
2.6.2. API (t op-level) cell
The cell type must be changed in the API cell so that requests can be proxied through novacells down to the correct cell properly. Edit the no va. co nf file in the API cell, and specify
api in the cel l _type key:
[DEFAULT]
compute_api_class=nova.compute.cells_api.ComputeCellsAPI
...
[cells]
cell_type= api
2.6.3. Child cells
Edit the no va. co nf file in the child cells, and specify co mpute in the cel l _type key:
[DEFAULT]
# Disable quota checking in child cells. Let API cell do it
exclusively.
quota_driver=nova.quota.NoopQuotaDriver
[cells]
cell_type = compute
2.6.4 . Dat abase in each cell
Before bringing the services online, the database in each cell needs to be configured with
information about related cells. In particular, the API cell needs to know about its immediate
children, and the child cells must know about their immediate agents. The information
needed is the R ab b it MQ server credentials for the particular cell.
172
CHAPT ER 2 . CO MPUT E
Use the no va-manag e cel l create command to add this information to the database in
each cell:
# nova-manage cell create -h
Options:
-h, --help
show this help message and exit
--name=<name>
Name for the new cell
--cell_type=<parent|child>
Whether the cell is a parent or child
--username=<username>
Username for the message broker in this cell
--password=<password>
Password for the message broker in this cell
--hostname=<hostname>
Address of the message broker in this cell
--port=<number>
Port number of the message broker in this
cell
--virtual_host=<virtual_host>
The virtual host of the message broker in
this cell
--woffset=<float>
(weight offset) It might be used by some
cell scheduling code in the future
--wscale=<float>
(weight scale) It might be used by some
cell scheduling code in the future
As an example, assume an API cell named api and a child cell named cel l 1.
Within the api cell, specify the following RabbitMQ server information:
rabbit_host=10.0.0.10
rabbit_port=5672
rabbit_username=api_user
rabbit_password=api_passwd
rabbit_virtual_host=api_vhost
Within the cel l 1 child cell, specify the following RabbitMQ server information:
rabbit_host=10.0.1.10
rabbit_port=5673
rabbit_username=cell1_user
rabbit_password=cell1_passwd
rabbit_virtual_host=cell1_vhost
You can run this in the API cell as root:
# nova-manage cell create --name cell1 --cell_type child \ -username cell1_user --password cell1_passwd --hostname 10.0.1.10 \ -port 5673 --virtual_host cell1_vhost --woffset 1.0 --wscale 1.0
173
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Repeat the previous steps for all child cells.
In the child cell, run the following, as root:
# nova-manage cell create --name api --cell_type parent \ -username api_user --password api_passwd --hostname 10.0.0.10 \ -port 5672 --virtual_host api_vhost --woffset 1.0 --wscale 1.0
To customize the Compute cells, use the configuration option settings documented in
Table 2.16, “ D escription of cell configuration options” .
2.6.5. Cell scheduling
To determine the best cell to use to launch a new instance, Compute uses a set of filters and
weights defined in the /etc/no va/no va. co nf file. The following options are available to
prioritize cells for scheduling:
sched ul er_fi l ter_cl asses
List of filter classes. By default no va. cel l s. fi l ters. al l _fi l ters is specified,
which maps to all cells filters included with Compute (see Section 2.5.2, “ Filters” ).
sched ul er_wei g ht_cl asses
List of weight classes. By default no va. cel l s. wei g hts. al l _wei g hers is
specified, which maps to all cell weight algorithms included with Compute. The
following modules are available:
mute_chi l d . D owngrades the likelihood of child cells being chosen for
scheduling requests, which haven't sent capacity or capability updates in a while.
Options include mute_wei g ht_mul ti pl i er (multiplier for mute children; value
should be negative) and mute_wei g ht_val ue (assigned to mute children;
should be a positive value).
ram_by_i nstance_type. Select cells with the most RAM capacity for the
instance type being requested. Because higher weights win, Compute returns the
number of available units for the instance type requested. The
ram_wei g ht_mul ti pl i er option defaults to 10.0 that adds to the weight by a
factor of 10. Use a negative number to stack VMs on one host instead of
spreading out new VMs to more hosts in the cell.
wei g ht_o ffset. Allows modifying the database to weight a particular cell. You
can use this when you want to disable a cell (for example, '0'), or to set a default
cell by making its weight_offset very high (for example, '999999999999999'). The
highest weight will be the first cell to be scheduled for launching an instance.
Additionally, the following options are available for the cell scheduler:
sched ul er_retri es
174
CHAPT ER 2 . CO MPUT E
Specifies how many times the scheduler tries to launch a new instance when no cells
are available (default=10).
sched ul er_retry_d el ay
Specifies the delay (in seconds) between retries (default=2).
As an admin user, you can also add a filter that directs builds to a particular cell. The
po l i cy. jso n file must have a line with
"cel l s_sched ul er_fi l ter: T arg etC el l Fi l ter" : "i s_ad mi n: T rue" to let an
admin user specify a scheduler hint to direct a build to a particular cell.
2.6.6. Opt ional cell configurat ion
Cells store all inter-cell communication data, including user names and passwords, in the
database. Because the cells data is not updated very frequently, use the
[cel l s]cel l s_co nfi g option to specify a JSON file to store cells data. With this
configuration, the database is no longer consulted when reloading the cells data. The file
must have columns present in the Cell model (excluding common database fields and the i d
column). You must specify the queue connection information through a transpo rt_url
field, instead of username, passwo rd , and so on. The transpo rt_url has the following
form:
rabbit://USERNAME:PASSWORD@ HOSTNAME:PORT/VIRTUAL_HOST
The scheme can be either q pi d or rabbi t, as shown previously. The following sample
shows this optional configuration:
{
"parent": {
"name": "parent",
"api_url": "http://api.example.com:8774",
"transport_url": "rabbit://rabbit.example.com",
"weight_offset": 0.0,
"weight_scale": 1.0,
"is_parent": true
},
"cell1": {
"name": "cell1",
"api_url": "http://api.example.com:8774",
"transport_url": "rabbit://rabbit1.example.com",
"weight_offset": 0.0,
"weight_scale": 1.0,
"is_parent": false
},
"cell2": {
"name": "cell2",
"api_url": "http://api.example.com:8774",
"transport_url": "rabbit://rabbit2.example.com",
"weight_offset": 0.0,
175
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
"weight_scale": 1.0,
"is_parent": false
}
}
2.7. CONDUCT OR
The no va-co nd ucto r service enables OpenStack to function without compute nodes
accessing the database. Conceptually, it implements a new layer on top of no va-co mpute.
It should not be deployed on compute nodes, or else the security benefits of removing
database access from no va-co mpute are negated. Just like other nova services such as
no va-api or nova-scheduler, it can be scaled horizontally. You can run multiple instances
of no va-co nd ucto r on different machines as needed for scaling purposes.
The methods exposed by no va-co nd ucto r are relatively simple methods used by no vaco mpute to offload its database operations. Places where no va-co mpute previously
performed database access are now talking to no va-co nd ucto r. However, we have plans
in the medium to long term to move more and more of what is currently in no va-co mpute up
to the no va-co nd ucto r layer. The Compute service will start to look like a less intelligent
slave service to no va-co nd ucto r. The conductor service will implement long running
complex operations, ensuring forward progress and graceful error handling. This will be
especially beneficial for operations that cross multiple compute nodes, such as migrations
or resizes.
To customize the Conductor, use the configuration option settings documented in
Table 2.19, “ D escription of conductor configuration options” .
2.8. EXAMPLE NO VA. C O NF CONFIGURAT ION FILES
The following sections describe the configuration options in the no va. co nf file. You must
copy the no va. co nf file to each compute node. The sample no va. co nf files show
examples of specific configurations.
Small, privat e cloud
This example no va. co nf file configures a small private cloud with cloud controller
services, database server, and messaging server on the same server. In this case,
CONTROLLER_IP represents the IP address of a central server, BRID GE_INTERFACE
represents the bridge such as br100, the NETWORK_INTERFACE represents an interface to
your VLAN setup, and passwords are represented as D B_PASSWORD _COMPUTE for your
Compute (nova) database password, and RABBIT PASSWORD represents the password to
your message queue installation.
[DEFAULT]
# LOGS/STATE
verbose=True
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
176
CHAPT ER 2 . CO MPUT E
rootwrap_config=/etc/nova/rootwrap.conf
# SCHEDULER
compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterSchedul
er
# VOLUMES
# configured in cinder.conf
# COMPUTE
compute_driver=libvirt.LibvirtDriver
instance_name_template=instance-%08x
api_paste_config=/etc/nova/api-paste.ini
# COMPUTE/APIS: if you have separate configs for separate services
# this flag is required for both nova-api and nova-compute
allow_resize_to_same_host=True
# APIS
osapi_compute_extension=nova.api.openstack.compute.contrib.standard_ex
tensions
ec2_dmz_host=192.168.206.130
s3_host=192.168.206.130
# RABBITMQ
rabbit_host=192.168.206.130
# GLANCE
image_service=nova.image.glance.GlanceImageService
# NETWORK
network_manager=nova.network.manager.FlatDHCPManager
force_dhcp_release=True
dhcpbridge_flagfile=/etc/nova/nova.conf
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
# Change my_ip to match each host
my_ip=192.168.206.130
public_interface=eth0
vlan_interface=eth0
flat_network_bridge=br100
flat_interface=eth0
# NOVNC CONSOLE
novncproxy_base_url=http://192.168.206.130:6080/vnc_auto.html
# Change vncserver_proxyclient_address and vncserver_listen to match
each compute host
vncserver_proxyclient_address=192.168.206.130
vncserver_listen=192.168.206.130
# AUTHENTICATION
auth_strategy=keystone
[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
177
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
admin_user = nova
admin_password = nova
signing_dirname = /tmp/keystone-signing-nova
# GLANCE
[glance]
api_servers=192.168.206.130:9292
# DATABASE
[database]
connection=mysql://nova:yourpassword@ 192.168.206.130/nova
# LIBVIRT
[libvirt]
virt_type=qemu
KVM, Flat , MySQL, and Glance, OpenSt ack or EC2 API
This example no va. co nf file, from an internal Rackspace test system, is used for
demonstrations.
[DEFAULT]
# LOGS/STATE
verbose=True
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
rootwrap_config=/etc/nova/rootwrap.conf
# SCHEDULER
compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterSchedul
er
# VOLUMES
# configured in cinder.conf
# COMPUTE
compute_driver=libvirt.LibvirtDriver
instance_name_template=instance-%08x
api_paste_config=/etc/nova/api-paste.ini
# COMPUTE/APIS: if you have separate configs for separate services
# this flag is required for both nova-api and nova-compute
allow_resize_to_same_host=True
# APIS
osapi_compute_extension=nova.api.openstack.compute.contrib.standard_ex
tensions
ec2_dmz_host=192.168.206.130
s3_host=192.168.206.130
# RABBITMQ
rabbit_host=192.168.206.130
178
CHAPT ER 2 . CO MPUT E
# GLANCE
image_service=nova.image.glance.GlanceImageService
# NETWORK
network_manager=nova.network.manager.FlatDHCPManager
force_dhcp_release=True
dhcpbridge_flagfile=/etc/nova/nova.conf
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
# Change my_ip to match each host
my_ip=192.168.206.130
public_interface=eth0
vlan_interface=eth0
flat_network_bridge=br100
flat_interface=eth0
# NOVNC CONSOLE
novncproxy_base_url=http://192.168.206.130:6080/vnc_auto.html
# Change vncserver_proxyclient_address and vncserver_listen to match
each compute host
vncserver_proxyclient_address=192.168.206.130
vncserver_listen=192.168.206.130
# AUTHENTICATION
auth_strategy=keystone
[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = nova
signing_dirname = /tmp/keystone-signing-nova
# GLANCE
[glance]
api_servers=192.168.206.130:9292
# DATABASE
[database]
connection=mysql://nova:yourpassword@ 192.168.206.130/nova
# LIBVIRT
[libvirt]
virt_type=qemu
2.9. COMPUT E SAMPLE CONFIGURAT ION FILES
2.9.1. nova.conf - configurat ion opt ions
For a complete list of all available configuration options for each OpenStack Compute
service, run bin/nova-<servicename> --help.
179
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
T ab le 2.9 . D escrip t io n o f API co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
api _paste_co nfi g = api-paste.ini
(StrO p t) File name fo r the p as te.d ep lo y
c o nfig fo r no va-ap i
api _rate_l i mi t = False
(Bo o lO p t) Whether to us e p er-us er rate
limiting fo r the ap i. This o p tio n is o nly us ed
b y v2 ap i. Rate limiting is remo ved fro m v3
ap i.
cl i ent_so cket_ti meo ut = 900
(IntO p t) Timeo ut fo r c lient c o nnec tio ns '
s o c ket o p eratio ns . If an inc o ming c o nnec tio n
is id le fo r this numb er o f s ec o nd s it will b e
c lo s ed . A value o f ' 0 ' means wait fo rever.
enabl e_new_servi ces = True
(Bo o lO p t) Servic es to b e ad d ed to the
availab le p o o l o n c reate
enabl ed _api s = ec2, osapi_compute,
(Lis tO p t) A lis t o f APIs to enab le b y d efault
metadata
enabl ed _ssl _api s =
(Lis tO p t) A lis t o f APIs with enab led SSL
i nstance_name_templ ate = instance-
(StrO p t) Temp late s tring to b e us ed to
g enerate ins tanc e names
%08x
180
max_head er_l i ne = 16384
(IntO p t) Maximum line s iz e o f mes s ag e
head ers to b e ac c ep ted . max_head er_line
may need to b e inc reas ed when us ing larg e
to kens (typ ic ally tho s e g enerated b y the
Keys to ne v3 API with b ig s ervic e c atalo g s ).
mul ti _i nstance_d i spl ay_name_tem
pl ate = %(name)s-%(uuid)s
(StrO p t) When c reating multip le ins tanc es
with a s ing le req ues t us ing the o s -multip lec reate API extens io n, this temp late will b e
us ed to b uild the d is p lay name fo r eac h
ins tanc e. The b enefit is that the ins tanc es
end up with d ifferent ho s tnames . To res to re
leg ac y b ehavio r o f every ins tanc e having the
s ame name, s et this o p tio n to " % (name)s " .
Valid keys fo r the temp late are: name, uuid ,
c o unt.
no n_i nheri tabl e_i mag e_pro perti e
s = cache_in_nova, bittorrent
(Lis tO p t) Thes e are imag e p ro p erties whic h
a s nap s ho t s ho uld no t inherit fro m an
ins tanc e
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
nul l _kernel = nokernel
(StrO p t) Kernel imag e that ind ic ates no t to
us e a kernel, b ut to us e a raw d is k imag e
ins tead
o sapi _co mpute_ext_l i st =
(Lis tO p t) Sp ec ify lis t o f extens io ns to lo ad
when us ing o s ap i_c o mp ute_extens io n
o p tio n with
no va.ap i.o p ens tac k.c o mp ute.c o ntrib .s elec t_
extens io ns
o sapi _co mpute_extensi o n =
(MultiStrO p t) o s ap i c o mp ute extens io n to
lo ad
['nova.api.openstack.compute.contrib.standard_
extensions']
o sapi _co mpute_l i nk_prefi x = None
(StrO p t) Bas e URL that will b e p res ented to
us ers in links to the O p enStac k Co mp ute API
o sapi _co mpute_l i sten = 0.0.0.0
(StrO p t) The IP ad d res s o n whic h the
O p enStac k API will lis ten.
o sapi _co mpute_l i sten_po rt = 8774
(IntO p t) The p o rt o n whic h the O p enStac k
API will lis ten.
o sapi _co mpute_wo rkers = None
(IntO p t) Numb er o f wo rkers fo r O p enStac k
API s ervic e. The d efault will b e the numb er o f
CPUs availab le.
o sapi _hi d e_server_ad d ress_states
(Lis tO p t) Lis t o f ins tanc e s tates that s ho uld
hid e netwo rk info
= building
servi ceg ro up_d ri ver = db
(StrO p t) The d river fo r s ervic eg ro up s ervic e
(valid o p tio ns are: d b , z k, mc )
snapsho t_name_templ ate = snapshot-%s
(StrO p t) Temp late s tring to b e us ed to
g enerate s nap s ho t names
tcp_keepi d l e = 600
(IntO p t) Sets the value o f TCP_KEEPIDLE in
s ec o nd s fo r eac h s erver s o c ket. No t
s up p o rted o n O S X.
use_fo rward ed _fo r = False
(Bo o lO p t) Treat X-Fo rward ed -Fo r as the
c ano nic al remo te ad d res s . O nly enab le this
if yo u have a s anitiz ing p ro xy.
wsg i _d efaul t_po o l _si ze = 1000
(IntO p t) Siz e o f the p o o l o f g reenthread s
us ed b y ws g i
wsg i _keep_al i ve = True
(Bo o lO p t) If Fals e, c lo s es the c lient s o c ket
c o nnec tio n exp lic itly.
181
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
wsg i _l o g _fo rmat = %(client_ip)s "%
(StrO p t) A p ytho n fo rmat s tring that is us ed
as the temp late to g enerate lo g lines . The
fo llo wing values c an b e fo rmatted into it:
c lient_ip , d ate_time, req ues t_line,
s tatus _c o d e, b o d y_leng th, wall_s ec o nd s .
(request_line)s" status: %(status_code)s len: %
(body_length)s time: %(wall_seconds).7f
T ab le 2.10. D escrip t io n o f API v3 co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[osapi_v3]
enabl ed = False
(Bo o lO p t) Whether the V3 API is enab led o r
no t
extensi o ns_bl ackl i st =
(Lis tO p t) A lis t o f v3 API extens io ns to never
lo ad . Sp ec ify the extens io n alias es here.
extensi o ns_whi tel i st =
(Lis tO p t) If the lis t is no t emp ty then a v3 API
extens io n will o nly b e lo ad ed if it exis ts in
this lis t. Sp ec ify the extens io n alias es here.
T ab le 2.11. D escrip t io n o f au t h en t icat io n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
auth_strateg y = keystone
(StrO p t) The s trateg y to us e fo r auth: no auth
o r keys to ne.
T ab le 2.12. D escrip t io n o f au t h o riz at io n t o ken co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[keyst one_aut ht oken]
182
ad mi n_passwo rd = None
(StrO p t) Keys to ne ac c o unt p as s wo rd
ad mi n_tenant_name = admin
(StrO p t) Keys to ne s ervic e ac c o unt tenant
name to valid ate us er to kens
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
ad mi n_to ken = None
(StrO p t) This o p tio n is d ep rec ated and may
b e remo ved in a future releas e. Sing le
s hared s ec ret with the Keys to ne
c o nfig uratio n us ed fo r b o o ts trap p ing a
Keys to ne ins tallatio n, o r o therwis e
b yp as s ing the no rmal authentic atio n
p ro c es s . This o p tio n s ho uld no t b e us ed ,
us e `ad min_us er` and `ad min_p as s wo rd `
ins tead .
ad mi n_user = None
(StrO p t) Keys to ne ac c o unt us ername
auth_ad mi n_prefi x =
(StrO p t) Prefix to p rep end at the b eg inning
o f the p ath. Dep rec ated , us e id entity_uri.
auth_ho st = 127.0.0.1
(StrO p t) Ho s t p ro vid ing the ad min Id entity
API end p o int. Dep rec ated , us e id entity_uri.
auth_po rt = 35357
(IntO p t) Po rt o f the ad min Id entity API
end p o int. Dep rec ated , us e id entity_uri.
auth_pro to co l = https
(StrO p t) Pro to c o l o f the ad min Id entity API
end p o int (http o r http s ). Dep rec ated , us e
id entity_uri.
auth_uri = None
(StrO p t) Co mp lete p ub lic Id entity API
end p o int
auth_versi o n = None
(StrO p t) API vers io n o f the ad min Id entity API
end p o int
cache = None
(StrO p t) Env key fo r the s wift c ac he
cafi l e = None
(StrO p t) A PEM enc o d ed Certific ate Autho rity
to us e when verifying HTTPs c o nnec tio ns .
Defaults to s ys tem CAs .
certfi l e = None
(StrO p t) Req uired if Keys to ne s erver
req uires c lient c ertific ate
check_revo cati o ns_fo r_cached =
(Bo o lO p t) If true, the revo c atio n lis t will b e
c hec ked fo r c ac hed to kens . This req uires
that PKI to kens are c o nfig ured o n the
Keys to ne s erver.
False
d el ay_auth_d eci si o n = False
(Bo o lO p t) Do no t hand le autho riz atio n
req ues ts within the mid d leware, b ut d eleg ate
the autho riz atio n d ec is io n to d o wns tream
WSG I c o mp o nents
183
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
184
Configurat ion opt ion = Default value
Descript ion
enfo rce_to ken_bi nd = permissive
(StrO p t) Us ed to c o ntro l the us e and typ e o f
to ken b ind ing . Can b e s et to : " d is ab led " to
no t c hec k to ken b ind ing . " p ermis s ive"
(d efault) to valid ate b ind ing info rmatio n if the
b ind typ e is o f a fo rm kno wn to the s erver
and ig no re it if no t. " s tric t" like " p ermis s ive"
b ut if the b ind typ e is unkno wn the to ken will
b e rejec ted . " req uired " any fo rm o f to ken
b ind ing is need ed to b e allo wed . Finally the
name o f a b ind ing metho d that mus t b e
p res ent in to kens .
hash_al g o ri thms = md5
(Lis tO p t) Has h alg o rithms to us e fo r has hing
PKI to kens . This may b e a s ing le alg o rithm
o r multip le. The alg o rithms are tho s e
s up p o rted b y Pytho n s tand ard has hlib .new().
The has hes will b e tried in the o rd er g iven,
s o p ut the p referred o ne firs t fo r
p erfo rmanc e. The res ult o f the firs t has h will
b e s to red in the c ac he. This will typ ic ally b e
s et to multip le values o nly while mig rating
fro m a les s s ec ure alg o rithm to a mo re
s ec ure o ne. O nc e all the o ld to kens are
exp ired this o p tio n s ho uld b e s et to a s ing le
value fo r b etter p erfo rmanc e.
http_co nnect_ti meo ut = None
(Bo o lO p t) Req ues t timeo ut value fo r
c o mmunic ating with Id entity API s erver.
http_req uest_max_retri es = 3
(IntO p t) Ho w many times are we trying to
rec o nnec t when c o mmunic ating with Id entity
API Server.
i d enti ty_uri = None
(StrO p t) Co mp lete ad min Id entity API
end p o int. This s ho uld s p ec ify the
unvers io ned ro o t end p o int e.g .
http s ://lo c alho s t:35357/
i ncl ud e_servi ce_catal o g = True
(Bo o lO p t) (o p tio nal) ind ic ate whether to s et
the X-Servic e-Catalo g head er. If Fals e,
mid d leware will no t as k fo r s ervic e c atalo g
o n to ken valid atio n and will no t s et the XServic e-Catalo g head er.
i nsecure = False
(Bo o lO p t) Verify HTTPS c o nnec tio ns .
keyfi l e = None
(StrO p t) Req uired if Keys to ne s erver
req uires c lient c ertific ate
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
memcache_secret_key = None
(StrO p t) (o p tio nal, mand ato ry if
memc ac he_s ec urity_s trateg y is d efined ) this
s tring is us ed fo r key d erivatio n.
memcache_securi ty_strateg y = None
(StrO p t) (o p tio nal) if d efined , ind ic ate
whether to ken d ata s ho uld b e authentic ated
o r authentic ated and enc ryp ted . Ac c ep tab le
values are MAC o r ENCRYPT. If MAC, to ken
d ata is authentic ated (with HMAC) in the
c ac he. If ENCRYPT, to ken d ata is enc ryp ted
and authentic ated in the c ac he. If the value is
no t o ne o f thes e o p tio ns o r emp ty,
auth_to ken will rais e an exc ep tio n o n
initializ atio n.
revo cati o n_cache_ti me = 10
(IntO p t) Determines the freq uenc y at whic h
the lis t o f revo ked to kens is retrieved fro m
the Id entity s ervic e (in s ec o nd s ). A hig h
numb er o f revo c atio n events c o mb ined with a
lo w c ac he d uratio n may s ig nific antly red uc e
p erfo rmanc e.
si g ni ng _d i r = None
(StrO p t) Direc to ry us ed to c ac he files related
to PKI to kens
to ken_cache_ti me = 300
(IntO p t) In o rd er to p revent exc es s ive effo rt
s p ent valid ating to kens , the mid d leware
c ac hes p revio us ly-s een to kens fo r a
c o nfig urab le d uratio n (in s ec o nd s ). Set to -1
to d is ab le c ac hing c o mp letely.
T ab le 2.13. D escrip t io n o f availab ilit y z o n es co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d efaul t_avai l abi l i ty_zo ne = nova
(StrO p t) Default c o mp ute no d e
availab ility_z o ne
d efaul t_sched ul e_zo ne = None
(StrO p t) Availab ility z o ne to us e when us er
d o es n' t s p ec ify o ne
i nternal _servi ce_avai l abi l i ty_z
o ne = internal
(StrO p t) The availab ility_z o ne to s ho w
internal s ervic es und er
T ab le 2.14 . D escrip t io n o f b aremet al co n f ig u rat io n o p t io n s
185
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[baremet al]
186
d b _b ac kend = s q lalc hemy
(StrO p t) The b ac kend to us e fo r b are-metal
d atab as e
d ep lo y_kernel = No ne
(StrO p t) Default kernel imag e ID us ed in
d ep lo yment p has e
d ep lo y_ramd is k = No ne
(StrO p t) Default ramd is k imag e ID us ed in
d ep lo yment p has e
d river = no va.virt.b aremetal.p xe.PXE
(StrO p t) Baremetal d river b ac k-end (p xe o r
tilera)
flavo r_extra_s p ec s =
(Lis tO p t) A lis t o f ad d itio nal c ap ab ilities
c o rres p o nd ing to flavo r_extra_s p ec s fo r this
c o mp ute ho s t to ad vertis e. Valid entries are
name=value, p airs Fo r examp le, " key1:val1,
key2:val2"
ip mi_p o wer_retry = 10
(IntO p t) Maximal numb er o f retries fo r IPMI
o p eratio ns
net_c o nfig _temp late =
$ p yb as ed ir/no va/virt/b aremetal/netd hc p .ub untu.temp late
(StrO p t) Temp late file fo r injec ted netwo rk
c o nfig
p o wer_manag er =
no va.virt.b aremetal.ip mi.IPMI
(StrO p t) Baremetal p o wer manag ement
metho d
p xe_ap p end _p arams = no fb no mo d es et
vg a=no rmal
(StrO p t) Ad d itio nal ap p end p arameters fo r
b aremetal PXE b o o t
p xe_b o o tfile_name = p xelinux.0
(StrO p t) This g ets p as s ed to Neutro n as the
b o o tfile d hc p p arameter.
p xe_c o nfig _temp late =
$ p yb as ed ir/no va/virt/b aremetal/p xe_c o nfig .t
emp late
(StrO p t) Temp late file fo r PXE c o nfig uratio n
p xe_d ep lo y_timeo ut = 0
(IntO p t) Timeo ut fo r PXE d ep lo yments .
Default: 0 (unlimited )
p xe_netwo rk_c o nfig = Fals e
(Bo o lO p t) If s et, p as s the netwo rk
c o nfig uratio n d etails to the initramfs via
c md line.
s q l_c o nnec tio n =
s q lite:///$ s tate_p ath/b aremetal_no va.s q lite
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
us ed to c o nnec t to the b are-metal d atab as e
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
terminal = s hellinab o xd
(StrO p t) Path to b aremetal terminal p ro g ram
terminal_c ert_d ir = No ne
(StrO p t) Path to b aremetal terminal SSL
c ert(PEM)
terminal_p id _d ir =
$ s tate_p ath/b aremetal/c o ns o le
(StrO p t) Path to d irec to ry s to res p id files o f
b aremetal_terminal
tftp _ro o t = /tftp b o o t
(StrO p t) Baremetal c o mp ute no d e' s tftp ro o t
p ath
us e_file_injec tio n = Fals e
(Bo o lO p t) If True, enab le file injec tio n fo r
netwo rk info , files and ad min p as s wo rd
us e_uns afe_is c s i = Fals e
(Bo o lO p t) Do no t s et this o ut o f d ev/tes t
enviro nments . If a no d e d o es no t have a fixed
PXE IP ad d res s , vo lumes are exp o rted with
g lo b ally o p ened ACL
vif_d river =
no va.virt.b aremetal.vif_d river.BareMetalVIFDr
iver
(StrO p t) Baremetal VIF d river.
virtual_p o wer_ho s t_key = No ne
(StrO p t) The s s h key fo r virtual p o wer
ho s t_us er
virtual_p o wer_ho s t_p as s =
(StrO p t) Pas s wo rd fo r virtual p o wer
ho s t_us er
virtual_p o wer_ho s t_us er =
(StrO p t) Us er to exec ute virtual p o wer
c o mmand s as
virtual_p o wer_s s h_ho s t =
(StrO p t) IP o r name to virtual p o wer ho s t
virtual_p o wer_s s h_p o rt = 22
(IntO p t) Po rt to us e fo r s s h to virtual p o wer
ho s t
virtual_p o wer_typ e = virs h
(StrO p t) Bas e c o mmand to us e fo r virtual
p o wer(vb o x, virs h)
T ab le 2.15. D escrip t io n o f C A an d SSL co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ca_fi l e = cacert.pem
(StrO p t) Filename o f ro o t CA
187
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
ca_path = $state_path/CA
(StrO p t) Where we keep o ur ro o t CA
cert_manag er =
nova.cert.manager.CertManager
(StrO p t) Full c las s name fo r the Manag er fo r
c ert
cert_to pi c = cert
(StrO p t) The to p ic c ert no d es lis ten o n
crl _fi l e = crl.pem
(StrO p t) Filename o f ro o t Certific ate
Revo c atio n Lis t
key_fi l e = private/cakey.pem
(StrO p t) Filename o f p rivate key
keys_path = $state_path/keys
(StrO p t) Where we keep o ur keys
pro ject_cert_subject =
(StrO p t) Sub jec t fo r c ertific ate fo r p ro jec ts ,
% s fo r p ro jec t, times tamp
/C=US/ST=California/O=OpenStack/OU=NovaDe
v/CN=project-ca-%.16s-%s
ssl _ca_fi l e = None
(StrO p t) CA c ertific ate file to us e to verify
c o nnec ting c lients
ssl _cert_fi l e = None
(StrO p t) SSL c ertific ate o f API s erver
ssl _key_fi l e = None
(StrO p t) SSL p rivate key o f API s erver
use_pro ject_ca = False
(Bo o lO p t) Sho uld we us e a CA fo r eac h
p ro jec t?
user_cert_subject =
(StrO p t) Sub jec t fo r c ertific ate fo r us ers , % s
fo r p ro jec t, us er, times tamp
/C=US/ST=California/O=OpenStack/OU=NovaDe
v/CN=%.16s-%.16s-%s
[ssl]
ca_fi l e = None
(StrO p t) CA c ertific ate file to us e to verify
c o nnec ting c lients .
cert_fi l e = None
(StrO p t) Certific ate file to us e when s tarting
the s erver s ec urely.
key_fi l e = None
(StrO p t) Private key file to us e when s tarting
the s erver s ec urely.
T ab le 2.16 . D escrip t io n o f cell co n f ig u rat io n o p t io n s
188
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
[cells]
cal l _ti meo ut = 60
(IntO p t) Sec o nd s to wait fo r res p o ns e fro m a
c all to a c ell.
capabi l i ti es = hypervisor=xenserver;kvm,
os=linux;windows
(Lis tO p t) Key/Multi-value lis t with the
c ap ab ilities o f the c ell
cel l _type = compute
(StrO p t) Typ e o f c ell: ap i o r c o mp ute
cel l s_co nfi g = None
(StrO p t) Co nfig uratio n file fro m whic h to read
c ells c o nfig uratio n. If g iven, o verrid es
read ing c ells fro m the d atab as e.
d b_check_i nterval = 60
(IntO p t) Interval, in s ec o nd s , fo r g etting fres h
c ell info rmatio n fro m the d atab as e.
d ri ver = nova.cells.rpc_driver.CellsRPCDriver
(StrO p t) Cells c o mmunic atio n d river to us e
enabl e = False
(Bo o lO p t) Enab le c ell func tio nality
i nstance_upd ate_num_i nstances = 1
(IntO p t) Numb er o f ins tanc es to up d ate p er
p erio d ic tas k run
i nstance_upd ated _at_thresho l d =
3600
(IntO p t) Numb er o f s ec o nd s after an ins tanc e
was up d ated o r d eleted to c o ntinue to
up d ate c ells
manag er = nova.cells.manager.CellsManager
(StrO p t) Manag er fo r c ells
max_ho p_co unt = 10
(IntO p t) Maximum numb er o f ho p s fo r c ells
ro uting .
mute_chi l d _i nterval = 300
(IntO p t) Numb er o f s ec o nd s after whic h a
lac k o f c ap ab ility and c ap ac ity up d ates
s ig nals the c hild c ell is to b e treated as a
mute.
mute_wei g ht_mul ti pl i er = -10.0
(Flo atO p t) Multip lier us ed to weig h mute
c hild ren. (The value s ho uld b e neg ative.)
mute_wei g ht_val ue = 1000.0
(Flo atO p t) Weig ht value as s ig ned to mute
c hild ren. (The value s ho uld b e p o s itive.)
name = nova
(StrO p t) Name o f this c ell
o ffset_wei g ht_mul ti pl i er = 1.0
(Flo atO p t) Multip lier us ed to weig h o ffs et
weig her.
189
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
reserve_percent = 10.0
(Flo atO p t) Perc entag e o f c ell c ap ac ity to
ho ld in res erve. Affec ts b o th memo ry and
d is k utiliz atio n
to pi c = cells
(StrO p t) The to p ic c ells no d es lis ten o n
T ab le 2.17. D escrip t io n o f co mmo n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
bi nd i r = /usr/local/bin
(StrO p t) Direc to ry where no va b inaries are
ins talled
co mpute_to pi c = compute
(StrO p t) The to p ic c o mp ute no d es lis ten o n
co nso l e_to pi c = console
(StrO p t) The to p ic c o ns o le p ro xy no d es
lis ten o n
co nso l eauth_to pi c = consoleauth
(StrO p t) The to p ic c o ns o le auth p ro xy no d es
lis ten o n
ho st = localhost
(StrO p t) Name o f this no d e. This c an b e an
o p aq ue id entifier. It is no t nec es s arily a
ho s tname, FQ DN, o r IP ad d res s . Ho wever,
the no d e name mus t b e valid within an AMQ P
key, and if us ing Zero MQ , a valid ho s tname,
FQ DN, o r IP ad d res s
memcached _servers = None
(Lis tO p t) Memc ac hed s ervers o r No ne fo r in
p ro c es s c ac he.
my_i p = 10.0.0.1
(StrO p t) IP ad d res s o f this ho s t
no ti fy_api _faul ts = False
(Bo o lO p t) If s et, s end ap i.fault no tific atio ns
o n c aug ht exc ep tio ns in the API s ervic e.
no ti fy_o n_state_chang e = None
(StrO p t) If s et, s end
c o mp ute.ins tanc e.up d ate no tific atio ns o n
ins tanc e s tate c hang es . Valid values are
No ne fo r no no tific atio ns , " vm_s tate" fo r
no tific atio ns o n VM s tate c hang es , o r
" vm_and _tas k_s tate" fo r no tific atio ns o n VM
and tas k s tate c hang es .
pybased i r = /usr/lib/python/site-
(StrO p t) Direc to ry where the no va p ytho n
mo d ule is ins talled
packages/nova
190
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
repo rt_i nterval = 10
(IntO p t) Sec o nd s b etween no d es rep o rting
s tate to d atas to re
ro o twrap_co nfi g =
(StrO p t) Path to the ro o twrap c o nfig uratio n
file to us e fo r running c o mmand s as ro o t
/etc/nova/rootwrap.conf
servi ce_d o wn_ti me = 60
(IntO p t) Maximum time s inc e las t c hec k-in fo r
up s ervic e
state_path = $pybasedir
(StrO p t) To p -level d irec to ry fo r maintaining
no va' s s tate
tempd i r = None
(StrO p t) Exp lic itly s p ec ify the temp o rary
wo rking d irec to ry
[keyst one_aut ht oken]
memcached _servers = None
(Lis tO p t) O p tio nally s p ec ify a lis t o f
memc ac hed s erver(s ) to us e fo r c ac hing . If
left und efined , to kens will ins tead b e c ac hed
in-p ro c es s .
T ab le 2.18. D escrip t io n o f C o mp u t e co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
co mpute_avai l abl e_mo ni to rs =
['nova.compute.monitors.all_monitors']
(MultiStrO p t) Mo nito r c las s es availab le to
the c o mp ute whic h may b e s p ec ified mo re
than o nc e.
co mpute_d ri ver = None
(StrO p t) Driver to us e fo r c o ntro lling
virtualiz atio n. O p tio ns inc lud e:
lib virt.Lib virtDriver, xenap i.XenAPIDriver,
fake.FakeDriver, b aremetal.BareMetalDriver,
vmwareap i.VMwareVCDriver,
hyp erv.Hyp erVDriver
co mpute_manag er =
(StrO p t) Full c las s name fo r the Manag er fo r
c o mp ute
nova.compute.manager.ComputeManager
co mpute_mo ni to rs =
(Lis tO p t) A lis t o f mo nito rs that c an b e us ed
fo r g etting c o mp ute metric s .
co mpute_reso urces = vcpu
(Lis tO p t) The names o f the extra res o urc es
to trac k.
191
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
co mpute_stats_cl ass =
(StrO p t) Clas s that will manag e s tats fo r the
lo c al c o mp ute ho s t
nova.compute.stats.Stats
co nso l e_ho st = localhost
(StrO p t) Co ns o le p ro xy ho s t to us e to
c o nnec t to ins tanc es o n this ho s t.
co nso l e_manag er =
(StrO p t) Full c las s name fo r the Manag er fo r
c o ns o le p ro xy
nova.console.manager.ConsoleProxyManager
d efaul t_fl avo r = m1.small
(StrO p t) Default flavo r to us e fo r the EC2 API
o nly. The No va API d o es no t s up p o rt a
d efault flavo r.
d efaul t_no ti fi cati o n_l evel = INFO
(StrO p t) Default no tific atio n level fo r
o utg o ing no tific atio ns
enabl e_i nstance_passwo rd = True
(Bo o lO p t) Enab les returning o f the ins tanc e
p as s wo rd b y the relevant s erver API c alls
s uc h as c reate, reb uild o r res c ue, If the
hyp ervis o r d o es no t s up p o rt p as s wo rd
injec tio n then the p as s wo rd returned will no t
b e c o rrec t
heal _i nstance_i nfo _cache_i nterva
l = 60
(IntO p t) Numb er o f s ec o nd s b etween
ins tanc e info _c ac he s elf healing up d ates
i mag e_cache_manag er_i nterval =
(IntO p t) Numb er o f s ec o nd s to wait b etween
runs o f the imag e c ac he manag er. Set to -1 to
d is ab le. Setting this to 0 will run at the
d efault rate.
2400
i mag e_cache_subd i recto ry_name =
_base
i nstance_bui l d _ti meo ut = 0
(IntO p t) Amo unt o f time in s ec o nd s an
ins tanc e c an b e in BUILD b efo re g o ing into
ERRO R s tatus . Set to 0 to d is ab le.
i nstance_d el ete_i nterval = 300
(IntO p t) Interval in s ec o nd s fo r retrying failed
ins tanc e file d eletes . Set to -1 to d is ab le.
Setting this to 0 will run at the d efault rate.
i nstance_usag e_aud i t = False
(Bo o lO p t) G enerate p erio d ic
c o mp ute.ins tanc e.exis ts no tific atio ns
i nstance_usag e_aud i t_peri o d =
(StrO p t) Time p erio d to g enerate ins tanc e
us ag es fo r. Time p erio d mus t b e ho ur, d ay,
mo nth o r year
month
192
(StrO p t) Where c ac hed imag es are s to red
und er $ ins tanc es _p ath. This is NO T the full
p ath - jus t a fo ld er name. Fo r p er-c o mp uteho s t c ac hed imag es , s et to _b as e_$ my_ip
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
i nstances_path = $state_path/instances
(StrO p t) Where ins tanc es are s to red o n d is k
maxi mum_i nstance_d el ete_attempts
(IntO p t) The numb er o f times to attemp t to
reap an ins tanc e' s files .
=5
rebo o t_ti meo ut = 0
(IntO p t) Auto matic ally hard reb o o t an
ins tanc e if it has b een s tuc k in a reb o o ting
s tate lo ng er than N s ec o nd s . Set to 0 to
d is ab le.
recl ai m_i nstance_i nterval = 0
(IntO p t) Interval in s ec o nd s fo r rec laiming
d eleted ins tanc es
rescue_ti meo ut = 0
(IntO p t) Auto matic ally unres c ue an ins tanc e
after N s ec o nd s . Set to 0 to d is ab le.
resi ze_co nfi rm_wi nd o w = 0
(IntO p t) Auto matic ally c o nfirm res iz es after N
s ec o nd s . Set to 0 to d is ab le.
resume_g uests_state_o n_ho st_bo o t
(Bo o lO p t) Whether to s tart g ues ts that were
running b efo re the ho s t reb o o ted
= False
runni ng _d el eted _i nstance_acti o n
= reap
(StrO p t) Ac tio n to take if a running d eleted
ins tanc e is d etec ted . Valid o p tio ns are
' no o p ' , ' lo g ' , ' s hutd o wn' , o r ' reap ' . Set to
' no o p ' to take no ac tio n.
runni ng _d el eted _i nstance_po l l _i
nterval = 1800
(IntO p t) Numb er o f s ec o nd s to wait b etween
runs o f the c leanup tas k.
runni ng _d el eted _i nstance_ti meo u
t= 0
(IntO p t) Numb er o f s ec o nd s after b eing
d eleted when a running ins tanc e s ho uld b e
c o ns id ered elig ib le fo r c leanup .
shel ved _o ffl o ad _ti me = 0
(IntO p t) Time in s ec o nd s b efo re a s helved
ins tanc e is elig ib le fo r remo ving fro m a ho s t.
-1 never o fflo ad , 0 o fflo ad when s helved
shel ved _po l l _i nterval = 3600
(IntO p t) Interval in s ec o nd s fo r p o lling
s helved ins tanc es to o fflo ad . Set to -1 to
d is ab le.Setting this to 0 will run at the d efault
rate.
shutd o wn_ti meo ut = 60
(IntO p t) To tal amo unt o f time to wait in
s ec o nd s fo r an ins tanc e to p erfo rm a c lean
s hutd o wn.
193
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
sync_po wer_state_i nterval = 600
(IntO p t) Interval to s ync p o wer s tates
b etween the d atab as e and the hyp ervis o r. Set
to -1 to d is ab le. Setting this to 0 will run at
the d efault rate.
vi f_pl ug g i ng _i s_fatal = True
(Bo o lO p t) Fail ins tanc e b o o t if vif p lug g ing
fails
vi f_pl ug g i ng _ti meo ut = 300
(IntO p t) Numb er o f s ec o nd s to wait fo r
neutro n vif p lug g ing events to arrive b efo re
c o ntinuing o r failing (s ee
vif_p lug g ing _is _fatal). If this is s et to z ero
and vif_p lug g ing _is _fatal is Fals e, events
s ho uld no t b e exp ec ted to arrive at all.
T ab le 2.19 . D escrip t io n o f co n d u ct o r co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
mi g rate_max_retri es = -1
(IntO p t) Numb er o f times to retry livemig ratio n b efo re failing . If == -1, try until o ut
o f ho s ts . If == 0 , o nly try o nc e, no retries .
[conduct or]
manag er =
nova.conductor.manager.ConductorManager
(StrO p t) Full c las s name fo r the Manag er fo r
c o nd uc to r
to pi c = conductor
(StrO p t) The to p ic o n whic h c o nd uc to r
no d es lis ten
use_l o cal = False
(Bo o lO p t) Perfo rm no va-c o nd uc to r
o p eratio ns lo c ally
wo rkers = None
(IntO p t) Numb er o f wo rkers fo r O p enStac k
Co nd uc to r s ervic e. The d efault will b e the
numb er o f CPUs availab le.
T ab le 2.20. D escrip t io n o f co n f ig d rive co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
[DEFAULT ]
194
Descript ion
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
co nfi g _d ri ve_fo rmat = iso9660
(StrO p t) Co nfig d rive fo rmat. O ne o f
is o 9 6 6 0 (d efault) o r vfat
co nfi g _d ri ve_ski p_versi o ns = 1.0
(StrO p t) Lis t o f metad ata vers io ns to s kip
p lac ing into the c o nfig d rive
2007-01-19 2007-03-01 2007-08-29 2007-10-10
2007-12-15 2008-02-01 2008-09-01
fo rce_co nfi g _d ri ve = None
(StrO p t) Set to fo rc e injec tio n to take p lac e
o n a c o nfig d rive (if s et, valid o p tio ns are:
always )
mki so fs_cmd = genisoimage
(StrO p t) Name and o p tio nally p ath o f the to o l
us ed fo r ISO imag e c reatio n
[hyperv]
co nfi g _d ri ve_cd ro m = False
(Bo o lO p t) Attac hes the Co nfig Drive imag e
as a c d ro m d rive ins tead o f a d is k d rive
co nfi g _d ri ve_i nject_passwo rd =
(Bo o lO p t) Sets the ad min p as s wo rd in the
c o nfig d rive imag e
False
T ab le 2.21. D escrip t io n o f co n so le co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
co nso l e_publ i c_ho stname = localhost
(StrO p t) Pub lic ly vis ib le name fo r this
c o ns o le ho s t
co nso l e_to ken_ttl = 600
(IntO p t) Ho w many s ec o nd s b efo re d eleting
to kens
co nso l eauth_manag er =
(StrO p t) Manag er fo r c o ns o le auth
nova.consoleauth.manager.ConsoleAuthManag
er
T ab le 2.22. D escrip t io n o f d at ab ase co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
195
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
d b_d ri ver = nova.db
(StrO p t) The d river to us e fo r d atab as e
ac c es s
[dat abase]
196
backend = sqlalchemy
(StrO p t) The b ac k end to us e fo r the
d atab as e.
co nnecti o n = None
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the d atab as e.
co nnecti o n_d ebug = 0
(IntO p t) Verb o s ity o f SQ L d eb ug g ing
info rmatio n: 0 =No ne, 10 0 =Everything .
co nnecti o n_trace = False
(Bo o lO p t) Ad d Pytho n s tac k trac es to SQ L
as c o mment s tring s .
d b_i nc_retry_i nterval = True
(Bo o lO p t) If True, inc reas es the interval
b etween d atab as e c o nnec tio n retries up to
d b _max_retry_interval.
d b_max_retri es = 20
(IntO p t) Maximum d atab as e c o nnec tio n
retries b efo re erro r is rais ed . Set to -1 to
s p ec ify an infinite retry c o unt.
d b_max_retry_i nterval = 10
(IntO p t) If d b _inc _retry_interval is s et, the
maximum s ec o nd s b etween d atab as e
c o nnec tio n retries .
d b_retry_i nterval = 1
(IntO p t) Sec o nd s b etween d atab as e
c o nnec tio n retries .
i d l e_ti meo ut = 3600
(IntO p t) Timeo ut b efo re id le SQ L
c o nnec tio ns are reap ed .
max_o verfl o w = None
(IntO p t) If s et, us e this value fo r
max_o verflo w with SQ LAlc hemy.
max_po o l _si ze = None
(IntO p t) Maximum numb er o f SQ L
c o nnec tio ns to keep o p en in a p o o l.
max_retri es = 10
(IntO p t) Maximum numb er o f d atab as e
c o nnec tio n retries d uring s tartup . Set to -1 to
s p ec ify an infinite retry c o unt.
mi n_po o l _si ze = 1
(IntO p t) Minimum numb er o f SQ L
c o nnec tio ns to keep o p en in a p o o l.
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
mysq l _sq l _mo d e = TRADITIONAL
(StrO p t) The SQ L mo d e to b e us ed fo r
MySQ L s es s io ns . This o p tio n, inc lud ing the
d efault, o verrid es any s erver-s et SQ L mo d e.
To us e whatever SQ L mo d e is s et b y the
s erver c o nfig uratio n, s et this to no value.
Examp le: mys q l_s q l_mo d e=
po o l _ti meo ut = None
(IntO p t) If s et, us e this value fo r p o o l_timeo ut
with SQ LAlc hemy.
retry_i nterval = 10
(IntO p t) Interval b etween retries o f o p ening a
SQ L c o nnec tio n.
sl ave_co nnecti o n = None
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the s lave d atab as e.
sq l i te_d b = oslo.sqlite
(StrO p t) The file name to us e with SQ Lite.
sq l i te_synchro no us = True
(Bo o lO p t) If True, SQ Lite us es s ync hro no us
mo d e.
use_d b_reco nnect = False
(Bo o lO p t) Enab le the exp erimental us e o f
d atab as e rec o nnec t o n c o nnec tio n lo s t.
use_tpo o l = False
(Bo o lO p t) Enab le the exp erimental us e o f
thread p o o ling fo r all DB API c alls
T ab le 2.23. D escrip t io n o f lo g g in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
backd o o r_po rt = None
(StrO p t) Enab le eventlet b ac kd o o r.
Ac c ep tab le values are 0 , < p o rt> , and
< s tart> :< end > , where 0 res ults in lis tening
o n a rand o m tc p p o rt numb er; < p o rt> res ults
in lis tening o n the s p ec ified p o rt numb er
(and no t enab ling b ac kd o o r if that p o rt is in
us e); and < s tart> :< end > res ults in lis tening
o n the s malles t unus ed p o rt numb er within
the s p ec ified rang e o f p o rt numb ers . The
c ho s en p o rt is d is p layed in the s ervic e' s lo g
file.
[guest fs]
d ebug = False
(Bo o lO p t) Enab le g ues tfs d eb ug
197
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
T ab le 2.24 . D escrip t io n o f EC 2 co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ec2_d mz_ho st = $my_ip
(StrO p t) The internal IP ad d res s o f the EC2
API s erver
ec2_ho st = $my_ip
(StrO p t) The IP ad d res s o f the EC2 API
s erver
ec2_l i sten = 0.0.0.0
(StrO p t) The IP ad d res s o n whic h the EC2
API will lis ten.
ec2_l i sten_po rt = 8773
(IntO p t) The p o rt o n whic h the EC2 API will
lis ten.
ec2_path = /services/Cloud
(StrO p t) The p ath p refix us ed to c all the ec 2
API s erver
ec2_po rt = 8773
(IntO p t) The p o rt o f the EC2 API s erver
ec2_pri vate_d ns_sho w_i p = False
(Bo o lO p t) Return the IP ad d res s as p rivate
d ns ho s tname in d es c rib e ins tanc es
ec2_scheme = http
(StrO p t) The p ro to c o l to us e when
c o nnec ting to the EC2 API s erver (http , http s )
ec2_stri ct_val i d ati o n = True
(Bo o lO p t) Valid ate s ec urity g ro up names
ac c o rd ing to EC2 s p ec ific atio n
ec2_ti mestamp_expi ry = 300
(IntO p t) Time in s ec o nd s b efo re ec 2
times tamp exp ires
ec2_wo rkers = None
(IntO p t) Numb er o f wo rkers fo r EC2 API
s ervic e. The d efault will b e eq ual to the
numb er o f CPUs availab le.
keysto ne_ec2_i nsecure = False
(Bo o lO p t) Dis ab le SSL c ertific ate
verific atio n.
keysto ne_ec2_url =
(StrO p t) URL to g et to ken fro m ec 2 req ues t.
http://localhost:5000/v2.0/ec2tokens
198
l o cko ut_attempts = 5
(IntO p t) Numb er o f failed auths b efo re
lo c ko ut.
l o cko ut_mi nutes = 15
(IntO p t) Numb er o f minutes to lo c ko ut if
trig g ered .
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
l o cko ut_wi nd o w = 15
(IntO p t) Numb er o f minutes fo r lo c ko ut
wind o w.
reg i o n_l i st =
(Lis tO p t) Lis t o f reg io n=fq d n p airs s ep arated
b y c o mmas
T ab le 2.25. D escrip t io n o f ep h emeral st o rag e en cryp t io n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[ephemeral_st orage_encrypt ion]
ci pher = aes-xts-plain64
(StrO p t) The c ip her and mo d e to b e us ed to
enc ryp t ep hemeral s to rag e. Whic h c ip hers
are availab le c ip hers d ep end s o n kernel
s up p o rt. See /p ro c /c ryp to fo r the lis t o f
availab le o p tio ns .
enabl ed = False
(Bo o lO p t) Whether to enc ryp t ep hemeral
s to rag e
key_si ze = 512
(IntO p t) The b it leng th o f the enc ryp tio n key
to b e us ed to enc ryp t ep hemeral s to rag e (in
XTS mo d e o nly half o f the b its are us ed fo r
enc ryp tio n key)
T ab le 2.26 . D escrip t io n o f f p in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
fpi ng _path = /usr/sbin/fping
(StrO p t) Full p ath to fp ing .
T ab le 2.27. D escrip t io n o f g lan ce co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
o sapi _g l ance_l i nk_prefi x = None
(StrO p t) Bas e URL that will b e p res ented to
us ers in links to g lanc e res o urc es
199
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[glance]
al l o wed _d i rect_url _schemes =
(Lis tO p t) A lis t o f url s c heme that c an b e
d o wnlo ad ed d irec tly via the d irec t_url.
Currently s up p o rted s c hemes : [file].
api _i nsecure = False
(Bo o lO p t) Allo w to p erfo rm ins ec ure SSL
(http s ) req ues ts to g lanc e
api _servers = None
(Lis tO p t) A lis t o f the g lanc e ap i s ervers
availab le to no va. Prefix with http s :// fo r s s lb as ed g lanc e ap i s ervers .
([ho s tname|ip ]:p o rt)
ho st = $my_ip
(StrO p t) Default g lanc e ho s tname o r IP
ad d res s
num_retri es = 0
(IntO p t) Numb er o f retries when up lo ad ing /
d o wnlo ad ing an imag e to / fro m g lanc e.
po rt = 9292
(IntO p t) Default g lanc e p o rt
pro to co l = http
(StrO p t) Default p ro to c o l to us e when
c o nnec ting to g lanc e. Set to http s fo r SSL.
[image_file_url]
fi l esystems =
(Lis tO p t) Lis t o f file s ys tems that are
c o nfig ured in this file in the imag e_file_url:
< lis t entry name> s ec tio ns
T ab le 2.28. D escrip t io n o f H yp erV co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[hyperv]
d ynami c_memo ry_rati o = 1.0
200
(Flo atO p t) Enab les d ynamic memo ry
allo c atio n (b allo o ning ) when s et to a value
g reater than 1. The value exp res s es the ratio
b etween the to tal RAM as s ig ned to an
ins tanc e and its s tartup RAM amo unt. Fo r
examp le a ratio o f 2.0 fo r an ins tanc e with
10 24MB o f RAM imp lies 512MB o f RAM
allo c ated at s tartup
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
enabl e_i nstance_metri cs_co l l ect
i o n = False
(Bo o lO p t) Enab les metric s c o llec tio ns fo r an
ins tanc e b y us ing Hyp er-V' s metric APIs .
Co llec ted d ata c an b y retrieved b y o ther
ap p s and s ervic es , e.g .: Ceilo meter.
Req uires Hyp er-V / Wind o ws Server 20 12 and
ab o ve
fo rce_hyperv_uti l s_v1 = False
(Bo o lO p t) Fo rc e V1 WMI utility c las s es
i nstances_path_share =
(StrO p t) The name o f a Wind o ws s hare name
map p ed to the " ins tanc es _p ath" d ir and
us ed b y the res iz e feature to c o p y files to the
targ et ho s t. If left b lank, an ad minis trative
s hare will b e us ed , lo o king fo r the s ame
" ins tanc es _p ath" us ed lo c ally
l i mi t_cpu_features = False
(Bo o lO p t) Req uired fo r live mig ratio n amo ng
ho s ts with d ifferent CPU features
mo unted _d i sk_q uery_retry_co unt =
10
(IntO p t) The numb er o f times to retry
c hec king fo r a d is k mo unted via iSCSI.
mo unted _d i sk_q uery_retry_i nterva
l =5
(IntO p t) Interval b etween c hec ks fo r a
mo unted iSCSI d is k, in s ec o nd s .
q emu_i mg _cmd = qemu-img.exe
(StrO p t) Path o f q emu-img c o mmand whic h
is us ed to c o nvert b etween d ifferent imag e
typ es
vswi tch_name = None
(StrO p t) External virtual s witc h Name, if no t
p ro vid ed , the firs t external virtual s witc h is
us ed
wai t_so ft_rebo o t_seco nd s = 60
(IntO p t) Numb er o f s ec o nd s to wait fo r
ins tanc e to s hut d o wn after s o ft reb o o t
req ues t is mad e. We fall b ac k to hard reb o o t
if ins tanc e d o es no t s hutd o wn within this
wind o w.
T ab le 2.29 . D escrip t io n o f h yp erviso r co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d efaul t_ephemeral _fo rmat = None
(StrO p t) The d efault fo rmat an
ep hemeral_vo lume will b e fo rmatted with o n
c reatio n.
201
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
fo rce_raw_i mag es = True
(Bo o lO p t) Fo rc e b ac king imag es to raw
fo rmat
preal l o cate_i mag es = none
(StrO p t) VM imag e p reallo c atio n mo d e:
" no ne" => no s to rag e p ro vis io ning is d o ne
up fro nt, " s p ac e" => s to rag e is fully
allo c ated at ins tanc e s tart
ti meo ut_nbd = 10
(IntO p t) Amo unt o f time, in s ec o nd s , to wait
fo r NBD d evic e s tart up .
use_co w_i mag es = True
(Bo o lO p t) Whether to us e c o w imag es
vcpu_pi n_set = None
(StrO p t) Defines whic h p c p us that ins tanc e
vc p us c an us e. Fo r examp le, " 4-12,^8 ,15"
vi rt_mkfs = []
(MultiStrO p t) Name o f the mkfs c o mmand s
fo r ep hemeral d evic e. The fo rmat is
< o s _typ e> =< mkfs c o mmand >
T ab le 2.30. D escrip t io n o f b are met al co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[ironic]
202
ad mi n_auth_to ken = None
(StrO p t) Iro nic keys to ne auth to ken.
ad mi n_passwo rd = None
(StrO p t) Iro nic keys to ne ad min p as s wo rd .
ad mi n_tenant_name = None
(StrO p t) Iro nic keys to ne tenant name.
ad mi n_url = None
(StrO p t) Keys to ne p ub lic API end p o int.
ad mi n_username = None
(StrO p t) Iro nic keys to ne ad min name
api _end po i nt = None
(StrO p t) URL fo r Iro nic API end p o int.
api _max_retri es = 60
(IntO p t) Ho w many retries when a req ues t
d o es c o nflic t.
api _retry_i nterval = 2
(IntO p t) Ho w o ften to retry in s ec o nd s when a
req ues t d o es c o nflic t
api _versi o n = 1
(IntO p t) Vers io n o f Iro nic API s ervic e
end p o int.
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
cl i ent_l o g _l evel = None
(StrO p t) Lo g level o verrid e fo r iro nic c lient.
Set this in o rd er to o verrid e the g lo b al
" d efault_lo g _levels " , " verb o s e" , and
" d eb ug " s etting s .
T ab le 2.31. D escrip t io n o f IPv6 co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
fi xed _rang e_v6 = fd00::/48
(StrO p t) Fixed IPv6 ad d res s b lo c k
g ateway_v6 = None
(StrO p t) Default IPv6 g ateway
i pv6 _backend = rfc2462
(StrO p t) Bac kend to us e fo r IPv6 g eneratio n
use_i pv6 = False
(Bo o lO p t) Us e IPv6
T ab le 2.32. D escrip t io n o f key man ag er co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[keymgr]
api _cl ass =
nova.keymgr.conf_key_mgr.ConfKeyManager
fi xed _key = None
(StrO p t) The full c las s name o f the key
manag er API c las s
(StrO p t) Fixed key returned b y key manag er,
s p ec ified in hex
T ab le 2.33. D escrip t io n o f LD AP co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
l d ap_d ns_base_d n =
(StrO p t) Bas e DN fo r DNS entries in LDAP
ou=hosts,dc=example,dc=org
l d ap_d ns_passwo rd = password
(StrO p t) Pas s wo rd fo r LDAP DNS
203
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
l d ap_d ns_servers = ['dns.example.org']
(MultiStrO p t) DNS Servers fo r LDAP DNS
d river
l d ap_d ns_so a_expi ry = 86400
(StrO p t) Exp iry interval (in s ec o nd s ) fo r
LDAP DNS d river Statement o f Autho rity
l d ap_d ns_so a_ho stmaster =
(StrO p t) Ho s tmas ter fo r LDAP DNS d river
Statement o f Autho rity
hostmaster@example.org
l d ap_d ns_so a_mi ni mum = 7200
(StrO p t) Minimum interval (in s ec o nd s ) fo r
LDAP DNS d river Statement o f Autho rity
l d ap_d ns_so a_refresh = 1800
(StrO p t) Refres h interval (in s ec o nd s ) fo r
LDAP DNS d river Statement o f Autho rity
l d ap_d ns_so a_retry = 3600
(StrO p t) Retry interval (in s ec o nd s ) fo r LDAP
DNS d river Statement o f Autho rity
l d ap_d ns_url =
ldap://ldap.example.com:389
(StrO p t) URL fo r LDAP s erver whic h will s to re
DNS entries
l d ap_d ns_user =
(StrO p t) Us er fo r LDAP DNS
uid=admin,ou=people,dc=example,dc=org
T ab le 2.34 . D escrip t io n o f Lib virt co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
remo ve_unused _base_i mag es = True
(Bo o lO p t) Sho uld unus ed b as e imag es b e
remo ved ?
remo ve_unused _o ri g i nal _mi ni mum_
ag e_seco nd s = 86400
(IntO p t) Unus ed unres iz ed b as e imag es
yo ung er than this will no t b e remo ved
[libvirt ]
bl o ck_mi g rati o n_fl ag =
VIR_MIGRATE_UNDEFINE_SOURCE,
VIR_MIGRATE_PEER2PEER,
VIR_MIGRATE_LIVE,
VIR_MIGRATE_TUNNELLED,
VIR_MIGRATE_NON_SHARED_INC
checksum_base_i mag es = False
204
(StrO p t) Mig ratio n flag s to b e s et fo r b lo c k
mig ratio n
(Bo o lO p t) Write a c hec ks um fo r files in
_b as e to d is k
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
checksum_i nterval _seco nd s = 3600
(IntO p t) Ho w freq uently to c hec ks um b as e
imag es
co nnecti o n_uri =
(StrO p t) O verrid e the d efault lib virt URI
(whic h is d ep end ent o n virt_typ e)
cpu_mo d e = None
(StrO p t) Set to " ho s t-mo d el" to c lo ne the
ho s t CPU feature flag s ; to " ho s tp as s thro ug h" to us e the ho s t CPU mo d el
exac tly; to " c us to m" to us e a named CPU
mo d el; to " no ne" to no t s et any CPU mo d el.
If virt_typ e=" kvm|q emu" , it will d efault to
" ho s t-mo d el" , o therwis e it will d efault to
" no ne"
cpu_mo d el = None
(StrO p t) Set to a named lib virt CPU mo d el
(s ee names lis ted in
/us r/s hare/lib virt/c p u_map .xml). O nly has
effec t if c p u_mo d e=" c us to m" and
virt_typ e=" kvm|q emu"
d i sk_cachemo d es =
(Lis tO p t) Sp ec ific c ac hemo d es to us e fo r
d ifferent d is k typ es e.g :
file=d irec ts ync ,b lo c k=no ne
d i sk_prefi x = None
(StrO p t) O verrid e the d efault d is k p refix fo r
the d evic es attac hed to a s erver, whic h is
d ep end ent o n virt_typ e. (valid o p tio ns are:
s d , xvd , uvd , vd )
g i d _maps =
(Lis tO p t) Lis t o f g uid targ ets and
rang es .Syntax is g ues t-g id :ho s tg id :c o untMaximum o f 5 allo wed .
hw_d i sk_d i scard = None
(StrO p t) Dis c ard o p tio n fo r no va manag ed
d is ks (valid o p tio ns are: ig no re, unmap ).
Need Lib virt(1.0 .6 ) Q emu1.5 (raw fo rmat)
Q emu1.6 (q c o w2 fo rmat)
hw_machi ne_type = None
(Lis tO p t) Fo r q emu o r KVM g ues ts , s et this
o p tio n to s p ec ify a d efault mac hine typ e p er
ho s t arc hitec ture. Yo u c an find a lis t o f
s up p o rted mac hine typ es in yo ur
enviro nment b y c hec king the o utp ut o f the
" virs h c ap ab ilities " c o mmand . The fo rmat o f
the value fo r this c o nfig o p tio n is ho s tarc h=mac hine-typ e. Fo r examp le:
x8 6 _6 4=mac hinetyp e1,armv7l=mac hinetyp e2
205
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
i mag e_i nfo _fi l ename_pattern =
(StrO p t) Allo ws imag e info rmatio n files to b e
s to red in no n-s tand ard lo c atio ns
$instances_path/$image_cache_subdirectory_n
ame/%(image)s.info
206
i mag es_rbd _ceph_co nf =
(StrO p t) Path to the c ep h c o nfig uratio n file to
us e
i mag es_rbd _po o l = rbd
(StrO p t) The RADO S p o o l in whic h rb d
vo lumes are s to red
i mag es_type = default
(StrO p t) VM Imag es fo rmat. Ac c ep tab le
values are: raw, q c o w2, lvm, rb d , d efault. If
d efault is s p ec ified , then us e_c o w_imag es
flag is us ed ins tead o f this o ne.
i mag es_vo l ume_g ro up = None
(StrO p t) LVM Vo lume G ro up that is us ed fo r
VM imag es , when yo u s p ec ify
imag es _typ e=lvm.
i nject_key = False
(Bo o lO p t) Injec t the s s h p ub lic key at b o o t
time
i nject_parti ti o n = -2
(IntO p t) The p artitio n to injec t to : -2 =>
d is ab le, -1 => ins p ec t (lib g ues tfs o nly), 0 =>
no t p artitio ned , > 0 => p artitio n numb er
i nject_passwo rd = False
(Bo o lO p t) Injec t the ad min p as s wo rd at b o o t
time, witho ut an ag ent.
i scsi _use_mul ti path = False
(Bo o lO p t) Us e multip ath c o nnec tio n o f the
iSCSI vo lume
i ser_use_mul ti path = False
(Bo o lO p t) Us e multip ath c o nnec tio n o f the
iSER vo lume
mem_stats_peri o d _seco nd s = 10
(IntO p t) A numb er o f s ec o nd s to memo ry
us ag e s tatis tic s p erio d . Zero o r neg ative
value mean to d is ab le memo ry us ag e
s tatis tic s .
remo ve_unused _kernel s = False
(Bo o lO p t) Sho uld unus ed kernel imag es b e
remo ved ? This is o nly s afe to enab le if all
c o mp ute no d es have b een up d ated to
s up p o rt this o p tio n. This will b e enab led b y
d efault in future.
remo ve_unused _resi zed _mi ni mum_a
g e_seco nd s = 3600
(IntO p t) Unus ed res iz ed b as e imag es
yo ung er than this will no t b e remo ved
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
rescue_i mag e_i d = None
(StrO p t) Res c ue ami imag e. This will no t b e
us ed if an imag e id is p ro vid ed b y the us er.
rescue_kernel _i d = None
(StrO p t) Res c ue aki imag e
rescue_ramd i sk_i d = None
(StrO p t) Res c ue ari imag e
rng _d ev_path = None
(StrO p t) A p ath to a d evic e that will b e us ed
as s o urc e o f entro p y o n the ho s t. Permitted
o p tio ns are: /d ev/rand o m o r /d ev/hwrng
snapsho t_co mpressi o n = False
(Bo o lO p t) Co mp res s s nap s ho t imag es when
p o s s ib le. This c urrently ap p lies exc lus ively
to q c o w2 imag es
snapsho t_i mag e_fo rmat = None
(StrO p t) Snap s ho t imag e fo rmat (valid
o p tio ns are : raw, q c o w2, vmd k, vd i). Defaults
to s ame as s o urc e imag e
snapsho ts_d i recto ry =
(StrO p t) Lo c atio n where lib virt d river will
s to re s nap s ho ts b efo re up lo ad ing them to
imag e s ervic e
$instances_path/snapshots
sparse_l o g i cal _vo l umes = False
(Bo o lO p t) Create s p ars e lo g ic al vo lumes
(with virtuals iz e) if this flag is s et to True.
sysi nfo _seri al = auto
(StrO p t) The d ata s o urc e us ed to the
p o p ulate the ho s t " s erial" UUID exp o s ed to
g ues t in the virtual BIO S. Permitted o p tio ns
are " hard ware" , " o s " , " no ne" o r " auto "
(d efault).
ui d _maps =
(Lis tO p t) Lis t o f uid targ ets and
rang es .Syntax is g ues t-uid :ho s tuid :c o untMaximum o f 5 allo wed .
use_usb_tabl et = True
(Bo o lO p t) Sync virtual and real mo us e
c urs o rs in Wind o ws VMs
use_vi rti o _fo r_bri d g es = True
(Bo o lO p t) Us e virtio fo r b rid g e interfac es
with KVM/Q EMU
vi rt_type = kvm
(StrO p t) Lib virt d o main typ e (valid o p tio ns
are: kvm, lxc , q emu, uml, xen)
vo l ume_cl ear = zero
(StrO p t) Metho d us ed to wip e o ld vo lumes
(valid o p tio ns are: no ne, z ero , s hred )
vo l ume_cl ear_si ze = 0
(IntO p t) Siz e in MiB to wip e at s tart o f o ld
vo lumes . 0 => all
207
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
vo l ume_d ri vers =
(Lis tO p t) DEPRECATED. Lib virt hand lers fo r
remo te vo lumes . This o p tio n is d ep rec ated
and will b e remo ved in the Kilo releas e.
iscsi=nova.virt.libvirt.volume.LibvirtISCSIVolumeD
river,
iser=nova.virt.libvirt.volume.LibvirtISERVolumeDri
ver,
local=nova.virt.libvirt.volume.LibvirtVolumeDriver,
fake=nova.virt.libvirt.volume.LibvirtFakeVolumeDr
iver,
rbd=nova.virt.libvirt.volume.LibvirtNetVolumeDrive
r,
sheepdog=nova.virt.libvirt.volume.LibvirtNetVolu
meDriver,
nfs=nova.virt.libvirt.volume.LibvirtNFSVolumeDriv
er,
smbfs=nova.virt.libvirt.volume.LibvirtSMBFSVolu
meDriver,
aoe=nova.virt.libvirt.volume.LibvirtAOEVolumeDri
ver,
glusterfs=nova.virt.libvirt.volume.LibvirtGlusterfsV
olumeDriver,
fibre_channel=nova.virt.libvirt.volume.LibvirtFibre
ChannelVolumeDriver,
scality=nova.virt.libvirt.volume.LibvirtScalityVolum
eDriver
wai t_so ft_rebo o t_seco nd s = 120
(IntO p t) Numb er o f s ec o nd s to wait fo r
ins tanc e to s hut d o wn after s o ft reb o o t
req ues t is mad e. We fall b ac k to hard reb o o t
if ins tanc e d o es no t s hutd o wn within this
wind o w.
T ab le 2.35. D escrip t io n o f live mig rat io n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
l i ve_mi g rati o n_retry_co unt = 30
(IntO p t) Numb er o f 1 s ec o nd retries need ed
in live_mig ratio n
[libvirt ]
l i ve_mi g rati o n_band wi d th = 0
208
(IntO p t) Maximum b and wid th to b e us ed
d uring mig ratio n, in Mb p s
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
l i ve_mi g rati o n_fl ag =
(StrO p t) Mig ratio n flag s to b e s et fo r live
mig ratio n
VIR_MIGRATE_UNDEFINE_SOURCE,
VIR_MIGRATE_PEER2PEER,
VIR_MIGRATE_LIVE,
VIR_MIGRATE_TUNNELLED
l i ve_mi g rati o n_uri =
qemu+tcp://%s/system
(StrO p t) Mig ratio n targ et URI (any inc lud ed
" % s " is rep lac ed with the mig ratio n targ et
ho s tname)
T ab le 2.36 . D escrip t io n o f lo g g in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d ebug = False
(Bo o lO p t) Print d eb ug g ing o utp ut (s et
lo g g ing level to DEBUG ins tead o f d efault
WARNING level).
d efaul t_l o g _l evel s = amqp=WARN,
(Lis tO p t) Lis t o f lo g g er=LEVEL p airs .
amqplib=WARN, boto=WARN, qpid=WARN,
sqlalchemy=WARN, suds=INFO,
oslo.messaging=INFO, iso8601=WARN,
requests.packages.urllib3.connectionpool=WAR
N, urllib3.connectionpool=WARN,
websocket=WARN, keystonemiddleware=WARN,
routes.middleware=WARN, stevedore=WARN
fatal _d eprecati o ns = False
(Bo o lO p t) Enab les o r d is ab les fatal s tatus o f
d ep rec atio ns .
fatal _excepti o n_fo rmat_erro rs =
(Bo o lO p t) Make exc ep tio n mes s ag e fo rmat
erro rs fatal
False
i nstance_fo rmat = "[instance: %(uuid)s] "
(StrO p t) The fo rmat fo r an ins tanc e that is
p as s ed with the lo g mes s ag e.
i nstance_uui d _fo rmat = "[instance: %
(StrO p t) The fo rmat fo r an ins tanc e UUID that
is p as s ed with the lo g mes s ag e.
(uuid)s] "
l o g _co nfi g _append = None
(StrO p t) The name o f a lo g g ing
c o nfig uratio n file. This file is ap p end ed to
any exis ting lo g g ing c o nfig uratio n files . Fo r
d etails ab o ut lo g g ing c o nfig uratio n files , s ee
the Pytho n lo g g ing mo d ule d o c umentatio n.
209
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
l o g _d ate_fo rmat = %Y-%m-%d
(StrO p t) Fo rmat s tring fo r % % (as c time)s in
lo g rec o rd s . Default: % (d efault)s .
%H:%M:%S
l o g _d i r = None
(StrO p t) (O p tio nal) The b as e d irec to ry us ed
fo r relative --lo g -file p aths .
l o g _fi l e = None
(StrO p t) (O p tio nal) Name o f lo g file to o utp ut
to . If no d efault is s et, lo g g ing will g o to
s td o ut.
l o g _fo rmat = None
(StrO p t) DEPRECATED. A lo g g ing .Fo rmatter
lo g mes s ag e fo rmat s tring whic h may us e
any o f the availab le lo g g ing .Lo g Rec o rd
attrib utes . This o p tio n is d ep rec ated . Pleas e
us e lo g g ing _c o ntext_fo rmat_s tring and
lo g g ing _d efault_fo rmat_s tring ins tead .
l o g g i ng _co ntext_fo rmat_stri ng =
(StrO p t) Fo rmat s tring to us e fo r lo g
mes s ag es with c o ntext.
%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [%(request_id)s %
(user_identity)s] %(instance)s%(message)s
l o g g i ng _d ebug _fo rmat_suffi x = %
(funcName)s %(pathname)s:%(lineno)d
l o g g i ng _d efaul t_fo rmat_stri ng =
%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [-] %(instance)s%
(message)s
l o g g i ng _excepti o n_prefi x = %
(asctime)s.%(msecs)03d %(process)d TRACE %
(name)s %(instance)s
210
(StrO p t) Data to ap p end to lo g fo rmat when
level is DEBUG .
(StrO p t) Fo rmat s tring to us e fo r lo g
mes s ag es witho ut c o ntext.
(StrO p t) Prefix eac h line o f exc ep tio n o utp ut
with this fo rmat.
publ i sh_erro rs = False
(Bo o lO p t) Enab les o r d is ab les p ub lic atio n
o f erro r events .
sysl o g _l o g _faci l i ty = LOG_USER
(StrO p t) Sys lo g fac ility to rec eive lo g lines .
use_std err = True
(Bo o lO p t) Lo g o utp ut to s tand ard erro r.
use_sysl o g = False
(Bo o lO p t) Us e s ys lo g fo r lo g g ing . Exis ting
s ys lo g fo rmat is DEPRECATED d uring I, and
will c hang e in J to ho no r RFC5424.
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
use_sysl o g _rfc_fo rmat = False
(Bo o lO p t) (O p tio nal) Enab les o r d is ab les
s ys lo g rfc 5424 fo rmat fo r lo g g ing . If
enab led , p refixes the MSG p art o f the s ys lo g
mes s ag e with APP-NAME (RFC5424). The
fo rmat witho ut the APP-NAME is d ep rec ated
in I, and will b e remo ved in J.
verbo se = False
(Bo o lO p t) Print mo re verb o s e o utp ut (s et
lo g g ing level to INFO ins tead o f d efault
WARNING level).
T ab le 2.37. D escrip t io n o f met ad at a co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
metad ata_ho st = $my_ip
(StrO p t) The IP ad d res s fo r the metad ata API
s erver
metad ata_l i sten = 0.0.0.0
(StrO p t) The IP ad d res s o n whic h the
metad ata API will lis ten.
metad ata_l i sten_po rt = 8775
(IntO p t) The p o rt o n whic h the metad ata API
will lis ten.
metad ata_manag er =
nova.api.manager.MetadataManager
(StrO p t) O p enStac k metad ata s ervic e
manag er
metad ata_po rt = 8775
(IntO p t) The p o rt fo r the metad ata API p o rt
metad ata_wo rkers = None
(IntO p t) Numb er o f wo rkers fo r metad ata
s ervic e. The d efault will b e the numb er o f
CPUs availab le.
vend o rd ata_d ri ver =
(StrO p t) Driver to us e fo r vend o r d ata
nova.api.metadata.vendordata_json.JsonFileVe
ndorData
vend o rd ata_jso nfi l e_path = None
(StrO p t) File to lo ad JSO N fo rmatted vend o r
d ata fro m
T ab le 2.38. D escrip t io n o f n et wo rk co n f ig u rat io n o p t io n s
211
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
al l o w_same_net_traffi c = True
(Bo o lO p t) Whether to allo w netwo rk traffic
fro m s ame netwo rk
auto _assi g n_fl o ati ng _i p = False
(Bo o lO p t) Auto as s ig ning flo ating IP to VM
cnt_vpn_cl i ents = 0
(IntO p t) Numb er o f ad d res s es res erved fo r
vp n c lients
create_uni q ue_mac_ad d ress_attemp
ts = 5
(IntO p t) Numb er o f attemp ts to c reate uniq ue
mac ad d res s
d efaul t_access_i p_netwo rk_name =
None
(StrO p t) Name o f netwo rk to us e to s et
ac c es s IPs fo r ins tanc es
d efaul t_fl o ati ng _po o l = nova
(StrO p t) Default p o o l fo r flo ating IPs
d efer_i ptabl es_appl y = False
(Bo o lO p t) Whether to b atc h up the
ap p lic atio n o f IPTab les rules d uring a ho s t
res tart and ap p ly all at the end o f the init
p has e
d hcp_d o mai n = novalocal
(StrO p t) Do main to us e fo r b uild ing the
ho s tnames
d hcp_l ease_ti me = 86400
(IntO p t) Lifetime o f a DHCP leas e in s ec o nd s
d hcpbri d g e = $bindir/nova-dhcpbridge
(StrO p t) Lo c atio n o f no va-d hc p b rid g e
d hcpbri d g e_fl ag fi l e =
(MultiStrO p t) Lo c atio n o f flag files fo r
d hc p b rid g e
['/etc/nova/nova-dhcpbridge.conf']
212
d ns_server = []
(MultiStrO p t) If s et, us es s p ec ific DNS s erver
fo r d ns mas q . Can b e s p ec ified multip le
times .
d ns_upd ate_peri o d i c_i nterval = -1
(IntO p t) Numb er o f s ec o nd s to wait b etween
runs o f up d ates to DNS entries .
d nsmasq _co nfi g _fi l e =
(StrO p t) O verrid e the d efault d ns mas q
s etting s with this file
ebtabl es_exec_attempts = 3
(IntO p t) Numb er o f times to retry eb tab les
c o mmand s o n failure.
ebtabl es_retry_i nterval = 1.0
(Flo atO p t) Numb er o f s ec o nd s to wait
b etween eb tab les retries .
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
fi rewal l _d ri ver = None
(StrO p t) Firewall d river (d efaults to
hyp ervis o r s p ec ific ip tab les d river)
fi xed _i p_d i sasso ci ate_ti meo ut =
(IntO p t) Sec o nd s after whic h a d eallo c ated
IP is d is as s o c iated
600
fl at_i njected = False
(Bo o lO p t) Whether to attemp t to injec t
netwo rk s etup into g ues t
fl at_i nterface = None
(StrO p t) FlatDhc p will b rid g e into this
interfac e if s et
fl at_netwo rk_bri d g e = None
(StrO p t) Brid g e fo r s imp le netwo rk ins tanc es
fl at_netwo rk_d ns = 8.8.4.4
(StrO p t) DNS s erver fo r s imp le netwo rk
fl o ati ng _i p_d ns_manag er =
(StrO p t) Full c las s name fo r the DNS
Manag er fo r flo ating IPs
nova.network.noop_dns_driver.NoopDNSDriver
fo rce_d hcp_rel ease = True
(Bo o lO p t) If True, s end a d hc p releas e o n
ins tanc e terminatio n
fo rce_snat_rang e = []
(MultiStrO p t) Traffic to this rang e will always
b e s natted to the fallb ac k ip , even if it wo uld
no rmally b e b rid g ed o ut o f the no d e. Can b e
s p ec ified multip le times .
fo rward _bri d g e_i nterface = ['all']
(MultiStrO p t) An interfac e that b rid g es c an
fo rward to . If this is s et to all then all traffic
will b e fo rward ed . Can b e s p ec ified multip le
times .
g ateway = None
(StrO p t) Default IPv4 g ateway
i njected _netwo rk_templ ate =
(StrO p t) Temp late file fo r injec ted netwo rk
$pybasedir/nova/virt/interfaces.template
i nstance_d ns_d o mai n =
(StrO p t) Full c las s name fo r the DNS Zo ne
fo r ins tanc e IPs
i nstance_d ns_manag er =
(StrO p t) Full c las s name fo r the DNS
Manag er fo r ins tanc e IPs
nova.network.noop_dns_driver.NoopDNSDriver
i ptabl es_bo tto m_reg ex =
(StrO p t) Reg ular exp res s io n to matc h
ip tab les rule that s ho uld always b e o n the
b o tto m.
i ptabl es_d ro p_acti o n = DROP
(StrO p t) The tab le that ip tab les to jump to
when a p ac ket is to b e d ro p p ed .
213
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
i ptabl es_to p_reg ex =
(StrO p t) Reg ular exp res s io n to matc h
ip tab les rule that s ho uld always b e o n the
to p .
l 3_l i b = nova.network.l3.LinuxNetL3
(StrO p t) Ind ic ates und erlying L3
manag ement lib rary
l i nuxnet_i nterface_d ri ver =
(StrO p t) Driver us ed to c reate ethernet
d evic es .
nova.network.linux_net.LinuxBridgeInterfaceDriv
er
l i nuxnet_o vs_i nteg rati o n_bri d g e
= br-int
mul ti _ho st = False
(Bo o lO p t) Default value fo r multi_ho s t in
netwo rks . Als o , if s et, s o me rp c netwo rk c alls
will b e s ent d irec tly to ho s t.
netwo rk_al l o cate_retri es = 0
(IntO p t) Numb er o f times to retry netwo rk
allo c atio n o n failures
netwo rk_api _cl ass =
(StrO p t) The full c las s name o f the netwo rk
API c las s to us e
nova.network.api.API
netwo rk_d evi ce_mtu = None
(IntO p t) DEPRECATED: THIS VALUE
SHO ULD BE SET WHEN CREATING THE
NETWO RK. MTU s etting fo r netwo rk
interfac e.
netwo rk_d ri ver = nova.network.linux_net
(StrO p t) Driver to us e fo r netwo rk c reatio n
netwo rk_manag er =
(StrO p t) Full c las s name fo r the Manag er fo r
netwo rk
nova.network.manager.VlanManager
214
(StrO p t) Name o f O p en vSwitc h b rid g e us ed
with linuxnet
netwo rk_si ze = 256
(IntO p t) Numb er o f ad d res s es in eac h
p rivate s ub net
netwo rk_to pi c = network
(StrO p t) The to p ic netwo rk no d es lis ten o n
netwo rks_path = $state_path/networks
(StrO p t) Lo c atio n to keep netwo rk c o nfig
files
num_netwo rks = 1
(IntO p t) Numb er o f netwo rks to s up p o rt
o vs_vsctl _ti meo ut = 120
(IntO p t) Amo unt o f time, in s ec o nd s , that
o vs _vs c tl s ho uld wait fo r a res p o ns e fro m
the d atab as e. 0 is to wait fo rever.
publ i c_i nterface = eth0
(StrO p t) Interfac e fo r p ub lic IP ad d res s es
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
ro uti ng _so urce_i p = $my_ip
(StrO p t) Pub lic IP o f netwo rk ho s t
securi ty_g ro up_api = nova
(StrO p t) The full c las s name o f the s ec urity
API c las s
send _arp_fo r_ha = False
(Bo o lO p t) Send g ratuito us ARPs fo r HA
s etup
send _arp_fo r_ha_co unt = 3
(IntO p t) Send this many g ratuito us ARPs fo r
HA s etup
share_d hcp_ad d ress = False
(Bo o lO p t) DEPRECATED: THIS VALUE
SHO ULD BE SET WHEN CREATING THE
NETWO RK. If True in multi_ho s t mo d e, all
c o mp ute ho s ts s hare the s ame d hc p
ad d res s . The s ame IP ad d res s us ed fo r
DHCP will b e ad d ed o n eac h no va-netwo rk
no d e whic h is o nly vis ib le to the vms o n the
s ame ho s t.
teard o wn_unused _netwo rk_g ateway =
(Bo o lO p t) If True, unus ed g ateway d evic es
(VLAN and b rid g e) are d eleted in VLAN
netwo rk mo d e with multi ho s ted netwo rks
False
upd ate_d ns_entri es = False
(Bo o lO p t) If True, when a DNS entry mus t b e
up d ated , it s end s a fano ut c as t to all netwo rk
ho s ts to up d ate their DNS entries in multi
ho s t mo d e
use_netwo rk_d ns_servers = False
(Bo o lO p t) If s et, us es the d ns 1 and d ns 2
fro m the netwo rk ref. as d ns s ervers .
use_neutro n_d efaul t_nets = False
(StrO p t) Co ntro l fo r c hec king fo r d efault
netwo rks
use_si ng l e_d efaul t_g ateway = False
(Bo o lO p t) Us e s ing le d efault g ateway. O nly
firs t nic o f vm will g et d efault g ateway fro m
d hc p s erver
vl an_i nterface = None
(StrO p t) VLANs will b rid g e into this interfac e
if s et
vl an_start = 100
(IntO p t) Firs t VLAN fo r p rivate netwo rks
[vmware]
vl an_i nterface = vmnic0
(StrO p t) Phys ic al ethernet ad ap ter name fo r
vlan netwo rking
215
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
T ab le 2.39 . D escrip t io n o f n eu t ro n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
neutro n_d efaul t_tenant_i d = default
(StrO p t) Default tenant id when c reating
neutro n netwo rks
[neut ron]
ad mi n_auth_url =
http://localhost:5000/v2.0
216
(StrO p t) Autho riz atio n URL fo r c o nnec ting to
neutro n in ad min c o ntext
ad mi n_passwo rd = None
(StrO p t) Pas s wo rd fo r c o nnec ting to neutro n
in ad min c o ntext
ad mi n_tenant_i d = None
(StrO p t) Tenant id fo r c o nnec ting to neutro n
in ad min c o ntext
ad mi n_tenant_name = None
(StrO p t) Tenant name fo r c o nnec ting to
neutro n in ad min c o ntext. This o p tio n will b e
ig no red if neutro n_ad min_tenant_id is s et.
No te that with Keys to ne V3 tenant names are
o nly uniq ue within a d o main.
ad mi n_user_i d = None
(StrO p t) Us er id fo r c o nnec ting to neutro n in
ad min c o ntext
ad mi n_username = None
(StrO p t) Us ername fo r c o nnec ting to neutro n
in ad min c o ntext
al l o w_d upl i cate_netwo rks = False
(Bo o lO p t) Allo w an ins tanc e to have multip le
vNICs attac hed to the s ame Neutro n netwo rk.
api _i nsecure = False
(Bo o lO p t) If s et, ig no re any SSL valid atio n
is s ues
auth_strateg y = keystone
(StrO p t) Autho riz atio n s trateg y fo r
c o nnec ting to neutro n in ad min c o ntext
ca_certi fi cates_fi l e = None
(StrO p t) Lo c atio n o f CA c ertific ates file to
us e fo r neutro n c lient req ues ts .
extensi o n_sync_i nterval = 600
(IntO p t) Numb er o f s ec o nd s b efo re q uerying
neutro n fo r extens io ns
metad ata_pro xy_shared _secret =
(StrO p t) Shared s ec ret to valid ate p ro xies
Neutro n metad ata req ues ts
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
o vs_bri d g e = br-int
(StrO p t) Name o f Integ ratio n Brid g e us ed b y
O p en vSwitc h
reg i o n_name = None
(StrO p t) Reg io n name fo r c o nnec ting to
neutro n in ad min c o ntext
servi ce_metad ata_pro xy = False
(Bo o lO p t) Set flag to ind ic ate Neutro n will
p ro xy metad ata req ues ts and res o lve
ins tanc e id s .
url = http://127.0.0.1:9696
(StrO p t) URL fo r c o nnec ting to neutro n
url _ti meo ut = 30
(IntO p t) Timeo ut value fo r c o nnec ting to
neutro n in s ec o nd s
T ab le 2.4 0. D escrip t io n o f PC I co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
pci _al i as = []
(MultiStrO p t) An alias fo r a PCI p as s thro ug h
d evic e req uirement. This allo ws us ers to
s p ec ify the alias in the extra_s p ec fo r a
flavo r, witho ut need ing to rep eat all the PCI
p ro p erty req uirements . Fo r examp le:
p c i_alias = { " name" : " Q uic As s is t" ,
" p ro d uc t_id " : " 0 443" , " vend o r_id " : " 8 0 8 6 " ,
" d evic e_typ e" : " ACCEL" } d efines an alias fo r
the Intel Q uic kAs s is t c ard . (multi valued )
pci _passthro ug h_whi tel i st = []
(MultiStrO p t) White lis t o f PCI d evic es
availab le to VMs . Fo r examp le:
p c i_p as s thro ug h_whitelis t = [{" vend o r_id " :
" 8 0 8 6 " , " p ro d uc t_id " : " 0 443" }]
T ab le 2.4 1. D escrip t io n o f p erio d ic co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
peri o d i c_enabl e = True
(Bo o lO p t) Enab le p erio d ic tas ks
217
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
peri o d i c_fuzzy_d el ay = 60
(IntO p t) Rang e o f s ec o nd s to rand o mly
d elay when s tarting the p erio d ic tas k
s c hed uler to red uc e s tamp ed ing . (Dis ab le
b y s etting to 0 )
run_external _peri o d i c_tasks = True
(Bo o lO p t) So me p erio d ic tas ks c an b e run in
a s ep arate p ro c es s . Sho uld we run them
here?
T ab le 2.4 2. D escrip t io n o f p o licy co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
218
al l o w_i nstance_snapsho ts = True
(Bo o lO p t) Permit ins tanc e s nap s ho t
o p eratio ns .
al l o w_mi g rate_to _same_ho st = False
(Bo o lO p t) Allo w mig rate mac hine to the
s ame ho s t. Us eful when tes ting in s ing le-ho s t
enviro nments .
al l o w_resi ze_to _same_ho st = False
(Bo o lO p t) Allo w d es tinatio n mac hine to
matc h s o urc e fo r res iz e. Us eful when tes ting
in s ing le-ho s t enviro nments .
max_ag e = 0
(IntO p t) Numb er o f s ec o nd s b etween
s ub s eq uent us ag e refres hes
max_l o cal _bl o ck_d evi ces = 3
(IntO p t) Maximum numb er o f d evic es that will
res ult in a lo c al imag e b eing c reated o n the
hyp ervis o r no d e. Setting this to 0 means
no va will allo w o nly b o o t fro m vo lume. A
neg ative numb er means unlimited .
o sapi _co mpute_uni q ue_server_name
_sco pe =
(StrO p t) When s et, c o mp ute API will c o ns id er
d up lic ate ho s tnames invalid within the
s p ec ified s c o p e, reg ard les s o f c as e. Sho uld
b e emp ty, " p ro jec t" o r " g lo b al" .
o sapi _max_l i mi t = 1000
(IntO p t) The maximum numb er o f items
returned in a s ing le res p o ns e fro m a
c o llec tio n res o urc e
passwo rd _l eng th = 12
(IntO p t) Leng th o f g enerated ins tanc e ad min
p as s wo rd s
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
po l i cy_d efaul t_rul e = default
(StrO p t) Default rule. Enfo rc ed when a
req ues ted rule is no t fo und .
po l i cy_d i rs = ['policy.d']
(MultiStrO p t) Direc to ries where p o lic y
c o nfig uratio n files are s to red .
po l i cy_fi l e = policy.json
(StrO p t) The JSO N file that d efines p o lic ies .
reservati o n_expi re = 86400
(IntO p t) Numb er o f s ec o nd s until a
res ervatio n exp ires
resi ze_fs_usi ng _bl o ck_d evi ce =
(Bo o lO p t) Attemp t to res iz e the files ys tem b y
ac c es s ing the imag e o ver a b lo c k d evic e.
This is d o ne b y the ho s t and may no t b e
nec es s ary if the imag e c o ntains a rec ent
vers io n o f c lo ud -init. Po s s ib le mec hanis ms
req uire the nb d d river (fo r q c o w and raw), o r
lo o p (fo r raw).
False
unti l _refresh = 0
(IntO p t) Co unt o f res ervatio ns until us ag e is
refres hed
T ab le 2.4 3. D escrip t io n o f q u o t a co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
band wi d th_po l l _i nterval = 600
(IntO p t) Interval to p ull netwo rk b and wid th
us ag e info . No t s up p o rted o n all
hyp ervis o rs . Set to -1 to d is ab le. Setting this
to 0 will run at the d efault rate.
enabl e_netwo rk_q uo ta = False
(Bo o lO p t) Enab les o r d is ab les q uo ta
c hec king fo r tenant netwo rks
q uo ta_co res = 20
(IntO p t) Numb er o f ins tanc e c o res allo wed
p er p ro jec t
q uo ta_d ri ver = nova.quota.DbQuotaDriver
(StrO p t) Default d river to us e fo r q uo ta
c hec ks
q uo ta_fi xed _i ps = -1
(IntO p t) Numb er o f fixed IPs allo wed p er
p ro jec t (this s ho uld b e at leas t the numb er o f
ins tanc es allo wed )
q uo ta_fl o ati ng _i ps = 10
(IntO p t) Numb er o f flo ating IPs allo wed p er
p ro jec t
219
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
q uo ta_i njected _fi l e_co ntent_byte
s = 10240
(IntO p t) Numb er o f b ytes allo wed p er
injec ted file
q uo ta_i njected _fi l e_path_l eng th
(IntO p t) Leng th o f injec ted file p ath
= 255
q uo ta_i njected _fi l es = 5
(IntO p t) Numb er o f injec ted files allo wed
q uo ta_i nstances = 10
(IntO p t) Numb er o f ins tanc es allo wed p er
p ro jec t
q uo ta_key_pai rs = 100
(IntO p t) Numb er o f key p airs p er us er
q uo ta_metad ata_i tems = 128
(IntO p t) Numb er o f metad ata items allo wed
p er ins tanc e
q uo ta_netwo rks = 3
(IntO p t) Numb er o f p rivate netwo rks allo wed
p er p ro jec t
q uo ta_ram = 51200
(IntO p t) Meg ab ytes o f ins tanc e RAM allo wed
p er p ro jec t
q uo ta_securi ty_g ro up_rul es = 20
(IntO p t) Numb er o f s ec urity rules p er s ec urity
g ro up
q uo ta_securi ty_g ro ups = 10
(IntO p t) Numb er o f s ec urity g ro up s p er
p ro jec t
q uo ta_server_g ro up_members = 10
(IntO p t) Numb er o f s ervers p er s erver g ro up
q uo ta_server_g ro ups = 10
(IntO p t) Numb er o f s erver g ro up s p er
p ro jec t
[cells]
band wi d th_upd ate_i nterval = 600
(IntO p t) Sec o nd s b etween b and wid th
up d ates fo r c ells .
T ab le 2.4 4 . D escrip t io n o f R D P co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[rdp]
enabl ed = False
220
(Bo o lO p t) Enab le RDP related features
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
html 5_pro xy_base_url =
(StrO p t) Lo c atio n o f RDP html5 c o ns o le
p ro xy, in the fo rm " http ://127.0 .0 .1:6 0 8 3/"
http://127.0.0.1:6083/
T ab le 2.4 5. D escrip t io n o f R ed is co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[mat chmaker_redis]
ho st = 127.0.0.1
(StrO p t) Ho s t to lo c ate red is .
passwo rd = None
(StrO p t) Pas s wo rd fo r Red is s erver
(o p tio nal).
po rt = 6379
(IntO p t) Us e this p o rt to c o nnec t to red is
ho s t.
[mat chmaker_ring]
ri ng fi l e = /etc/oslo/matchmaker_ring.json
(StrO p t) Matc hmaker ring file (JSO N).
T ab le 2.4 6 . D escrip t io n o f ro o t wrap co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
fi l ters_path =
/etc/nova/rootwrap.d,/usr/share/nova/rootwrap
Lis t o f d irec to ries to lo ad filter d efinitio ns
fro m (s ep arated b y ' ,' ). Thes e d irec to ries
MUST all b e o nly writeab le b y ro o t !
exec_d i rs = /sbin,/usr/sbin,/bin,/usr/bin
Lis t o f d irec to ries to s earc h exec utab les in,
in c as e filters d o no t exp lic itely s p ec ify a full
p ath (s ep arated b y ' ,' ) If no t s p ec ified ,
d efaults to s ys tem PATH enviro nment
variab le. Thes e d irec to ries MUST all b e o nly
writeab le b y ro o t !
use_sysl o g = False
Enab le lo g g ing to s ys lo g Default value is
Fals e
sysl o g _l o g _faci l i ty = syslog
Whic h s ys lo g fac ility to us e. Valid values
inc lud e auth, authp riv, s ys lo g , lo c al0 ,
lo c al1... Default value is ' s ys lo g '
221
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
sysl o g _l o g _l evel = ERROR
Whic h mes s ag es to lo g . INFO means lo g all
us ag e ERRO R means o nly lo g uns uc c es s ful
attemp ts
T ab le 2.4 7. D escrip t io n o f S3 co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
buckets_path = $state_path/buckets
(StrO p t) Path to S3 b uc kets
i mag e_d ecrypti o n_d i r = /tmp
(StrO p t) Parent d irec to ry fo r temp d ir us ed
fo r imag e d ec ryp tio n
s3_access_key = notchecked
(StrO p t) Ac c es s key to us e fo r S3 s erver fo r
imag es
s3_affi x_tenant = False
(Bo o lO p t) Whether to affix the tenant id to the
ac c es s key when d o wnlo ad ing fro m S3
s3_ho st = $my_ip
(StrO p t) Ho s tname o r IP fo r O p enStac k to
us e when ac c es s ing the S3 ap i
s3_l i sten = 0.0.0.0
(StrO p t) IP ad d res s fo r S3 API to lis ten
s3_l i sten_po rt = 3333
(IntO p t) Po rt fo r S3 API to lis ten
s3_po rt = 3333
(IntO p t) Po rt us ed when ac c es s ing the S3 ap i
s3_secret_key = notchecked
(StrO p t) Sec ret key to us e fo r S3 s erver fo r
imag es
s3_use_ssl = False
(Bo o lO p t) Whether to us e SSL when talking
to S3
T ab le 2.4 8. D escrip t io n o f sch ed u ler co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ag g reg ate_i mag e_pro perti es_i so l
ati o n_namespace = None
222
(StrO p t) Fo rc e the filter to c o ns id er o nly keys
matc hing the g iven names p ac e.
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
ag g reg ate_i mag e_pro perti es_i so l
ati o n_separato r = .
(StrO p t) The s ep arato r us ed b etween the
names p ac e and keys
baremetal _sched ul er_d efaul t_fi l t
ers = RetryFilter, AvailabilityZoneFilter,
(Lis tO p t) Whic h filter c las s names to us e fo r
filtering b aremetal ho s ts when no t s p ec ified
in the req ues t.
ComputeFilter, ComputeCapabilitiesFilter,
ImagePropertiesFilter, ExactRamFilter,
ExactDiskFilter, ExactCoreFilter
cpu_al l o cati o n_rati o = 16.0
(Flo atO p t) Virtual CPU to p hys ic al CPU
allo c atio n ratio whic h affec ts all CPU filters .
This c o nfig uratio n s p ec ifies a g lo b al ratio
fo r Co reFilter. Fo r Ag g reg ateCo reFilter, it will
fall b ac k to this c o nfig uratio n value if no p erag g reg ate s etting fo und .
d i sk_al l o cati o n_rati o = 1.0
(Flo atO p t) Virtual d is k to p hys ic al d is k
allo c atio n ratio
i o _o ps_wei g ht_mul ti pl i er = -1.0
(Flo atO p t) Multip lier us ed fo r weig hing ho s t
io o p s . Neg ative numb ers mean a p referenc e
to c ho o s e lig ht wo rklo ad c o mp ute ho s ts .
i so l ated _ho sts =
(Lis tO p t) Ho s t res erved fo r s p ec ific imag es
i so l ated _i mag es =
(Lis tO p t) Imag es to run o n is o lated ho s t
max_i nstances_per_ho st = 50
(IntO p t) Ig no re ho s ts that have to o many
ins tanc es
max_i o _o ps_per_ho st = 8
(IntO p t) Tells filters to ig no re ho s ts that have
this many o r mo re ins tanc es c urrently in
b uild , res iz e, s nap s ho t, mig rate, res c ue o r
uns helve tas k s tates
ram_al l o cati o n_rati o = 1.5
(Flo atO p t) Virtual ram to p hys ic al ram
allo c atio n ratio whic h affec ts all ram filters .
This c o nfig uratio n s p ec ifies a g lo b al ratio
fo r RamFilter. Fo r Ag g reg ateRamFilter, it will
fall b ac k to this c o nfig uratio n value if no p erag g reg ate s etting fo und .
ram_wei g ht_mul ti pl i er = 1.0
(Flo atO p t) Multip lier us ed fo r weig hing ram.
Neg ative numb ers mean to s tac k vs s p read .
reserved _ho st_d i sk_mb = 0
(IntO p t) Amo unt o f d is k in MB to res erve fo r
the ho s t
reserved _ho st_memo ry_mb = 512
(IntO p t) Amo unt o f memo ry in MB to res erve
fo r the ho s t
223
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
restri ct_i so l ated _ho sts_to _i so l
ated _i mag es = True
(Bo o lO p t) Whether to fo rc e is o lated ho s ts to
run o nly is o lated imag es
sched ul er_avai l abl e_fi l ters =
(MultiStrO p t) Filter c las s es availab le to the
s c hed uler whic h may b e s p ec ified mo re than
o nc e. An entry o f
" no va.s c hed uler.filters .all_filters " map s to all
filters inc lud ed with no va.
['nova.scheduler.filters.all_filters']
sched ul er_d efaul t_fi l ters =
RetryFilter, AvailabilityZoneFilter, RamFilter,
ComputeFilter, ComputeCapabilitiesFilter,
ImagePropertiesFilter,
ServerGroupAntiAffinityFilter,
ServerGroupAffinityFilter
sched ul er_d ri ver =
nova.scheduler.filter_scheduler.FilterScheduler
(StrO p t) Default d river to us e fo r the
s c hed uler
sched ul er_d ri ver_task_peri o d = 60
(IntO p t) Ho w o ften (in s ec o nd s ) to run
p erio d ic tas ks in the s c hed uler d river o f yo ur
c ho ic e. Pleas e no te this is likely to interac t
with the value o f s ervic e_d o wn_time, b ut
exac tly ho w they interac t will d ep end o n yo ur
c ho ic e o f s c hed uler d river.
sched ul er_ho st_manag er =
(StrO p t) The s c hed uler ho s t manag er c las s
to us e
nova.scheduler.host_manager.HostManager
sched ul er_ho st_subset_si ze = 1
(IntO p t) New ins tanc es will b e s c hed uled o n
a ho s t c ho s en rand o mly fro m a s ub s et o f the
N b es t ho s ts . This p ro p erty d efines the
s ub s et s iz e that a ho s t is c ho s en fro m. A
value o f 1 c ho o s es the firs t ho s t returned b y
the weig hing func tio ns . This value mus t b e at
leas t 1. Any value les s than 1 will b e ig no red ,
and 1 will b e us ed ins tead
sched ul er_jso n_co nfi g _l o cati o n
(StrO p t) Ab s o lute p ath to s c hed uler
c o nfig uratio n JSO N file.
=
sched ul er_manag er =
nova.scheduler.manager.SchedulerManager
224
(Lis tO p t) Whic h filter c las s names to us e fo r
filtering ho s ts when no t s p ec ified in the
req ues t.
(StrO p t) Full c las s name fo r the Manag er fo r
s c hed uler
sched ul er_max_attempts = 3
(IntO p t) Maximum numb er o f attemp ts to
s c hed ule an ins tanc e
sched ul er_to pi c = scheduler
(StrO p t) The to p ic s c hed uler no d es lis ten o n
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
sched ul er_use_baremetal _fi l ters =
(Bo o lO p t) Flag to d ec id e whether to us e
b aremetal_s c hed uler_d efault_filters o r no t.
False
sched ul er_wei g ht_cl asses =
nova.scheduler.weights.all_weighers
(Lis tO p t) Whic h weig ht c las s names to us e
fo r weig hing ho s ts
[cells]
ram_wei g ht_mul ti pl i er = 10.0
(Flo atO p t) Multip lier us ed fo r weig hing ram.
Neg ative numb ers mean to s tac k vs s p read .
sched ul er_fi l ter_cl asses =
(Lis tO p t) Filter c las s es the c ells s c hed uler
s ho uld us e. An entry o f
" no va.c ells .filters .all_filters " map s to all c ells
filters inc lud ed with no va.
nova.cells.filters.all_filters
sched ul er_retri es = 10
(IntO p t) Ho w many retries when no c ells are
availab le.
sched ul er_retry_d el ay = 2
(IntO p t) Ho w o ften to retry in s ec o nd s when
no c ells are availab le.
sched ul er_wei g ht_cl asses =
(Lis tO p t) Weig her c las s es the c ells
s c hed uler s ho uld us e. An entry o f
" no va.c ells .weig hts .all_weig hers " map s to all
c ell weig hers inc lud ed with no va.
nova.cells.weights.all_weighers
[met rics]
req ui red = True
(Bo o lO p t) Ho w to treat the unavailab le
metric s . When a metric is NO T availab le fo r a
ho s t, if it is s et to b e True, it wo uld rais e an
exc ep tio n, s o it is rec o mmend ed to us e the
s c hed uler filter Metric Filter to filter o ut tho s e
ho s ts . If it is s et to b e Fals e, the unavailab le
metric wo uld b e treated as a neg ative fac to r
in weig hing p ro c es s , the returned value
wo uld b e s et b y the o p tio n
weig ht_o f_unavailab le.
wei g ht_mul ti pl i er = 1.0
(Flo atO p t) Multip lier us ed fo r weig hing
metric s .
wei g ht_o f_unavai l abl e = -10000.0
(Flo atO p t) The final weig ht value to b e
returned if req uired is s et to Fals e and any
o ne o f the metric s s et b y weig ht_s etting is
unavailab le.
225
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
wei g ht_setti ng =
(Lis tO p t) Ho w the metric s are g o ing to b e
weig hed . This s ho uld b e in the fo rm o f "
< name1> =< ratio 1> , < name2> =< ratio 2> , ..." ,
where < nameX> is o ne o f the metric s to b e
weig hed , and < ratio X> is the c o rres p o nd ing
ratio . So fo r " name1=1.0 , name2=-1.0 " The
final weig ht wo uld b e name1.value * 1.0 +
name2.value * -1.0 .
T ab le 2.4 9 . D escrip t io n o f serial co n so le co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[serial_console]
base_url = ws://127.0.0.1:6083/
(StrO p t) Lo c atio n o f s erial c o ns o le p ro xy.
enabl ed = False
(Bo o lO p t) Enab le s erial c o ns o le related
features
l i sten = 127.0.0.1
(StrO p t) IP ad d res s o n whic h ins tanc e s erial
c o ns o le s ho uld lis ten
po rt_rang e = 10000:20000
(StrO p t) Rang e o f TCP p o rts to us e fo r s erial
p o rts o n c o mp ute ho s ts
pro xycl i ent_ad d ress = 127.0.0.1
(StrO p t) The ad d res s to whic h p ro xy c lients
(like no va-s erialp ro xy) s ho uld c o nnec t
T ab le 2.50. D escrip t io n o f SPIC E co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[spice]
226
ag ent_enabl ed = True
(Bo o lO p t) Enab le s p ic e g ues t ag ent s up p o rt
enabl ed = False
(Bo o lO p t) Enab le s p ic e related features
html 5pro xy_base_url =
http://127.0.0.1:6082/spice_auto.html
(StrO p t) Lo c atio n o f s p ic e HTML5 c o ns o le
p ro xy, in the fo rm
" http ://127.0 .0 .1:6 0 8 2/s p ic e_auto .html"
keymap = en-us
(StrO p t) Keymap fo r s p ic e
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
server_l i sten = 127.0.0.1
(StrO p t) IP ad d res s o n whic h ins tanc e s p ic e
s erver s ho uld lis ten
server_pro xycl i ent_ad d ress =
(StrO p t) The ad d res s to whic h p ro xy c lients
(like no va-s p ic ehtml5p ro xy) s ho uld c o nnec t
127.0.0.1
T ab le 2.51. D escrip t io n o f t est in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
fake_cal l = False
(Bo o lO p t) If True, s kip us ing the q ueue and
make lo c al c alls
fake_netwo rk = False
(Bo o lO p t) If p as s ed , us e fake netwo rk
d evic es and ad d res s es
fake_rabbi t = False
(Bo o lO p t) Dep rec ated , us e
rp c _b ac kend =ko mb u+ memo ry o r
rp c _b ac kend =fake
mo nkey_patch = False
(Bo o lO p t) Whether to lo g mo nkey p atc hing
mo nkey_patch_mo d ul es =
(Lis tO p t) Lis t o f mo d ules /d ec o rato rs to
mo nkey p atc h
nova.api.ec2.cloud:nova.notifications.notify_dec
orator,
nova.compute.api:nova.notifications.notify_deco
rator
T ab le 2.52. D escrip t io n o f T ilera co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[baremet al]
tile_p d u_ip = 10 .0 .10 0 .1
(StrO p t) IP ad d res s o f tilera p d u
tile_p d u_mg r = /tftp b o o t/p d u_mg r
(StrO p t) Manag ement s c rip t fo r tilera p d u
tile_p d u_o ff = 2
(IntO p t) Po wer s tatus o f tilera PDU is O FF
tile_p d u_o n = 1
(IntO p t) Po wer s tatus o f tilera PDU is O N
tile_p d u_s tatus = 9
(IntO p t) Po wer s tatus o f tilera PDU
227
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
tile_p o wer_wait = 9
(IntO p t) Wait time in s ec o nd s until c hec k the
res ult after tilera p o wer o p eratio ns
T ab le 2.53. D escrip t io n o f t ru st ed co mp u t in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[t rust ed_comput ing]
attestati o n_api _url =
(StrO p t) Attes tatio n web API URL
/OpenAttestationWebServices/V1.0
attestati o n_auth_bl o b = None
(StrO p t) Attes tatio n autho riz atio n b lo b - mus t
c hang e
attestati o n_auth_ti meo ut = 60
(IntO p t) Attes tatio n s tatus c ac he valid p erio d
leng th
attestati o n_i nsecure_ssl = False
(Bo o lO p t) Dis ab le SSL c ert verific atio n fo r
Attes tatio n s ervic e
attestati o n_po rt = 8443
(StrO p t) Attes tatio n s erver p o rt
attestati o n_server = None
(StrO p t) Attes tatio n s erver HTTP
attestati o n_server_ca_fi l e = None
(StrO p t) Attes tatio n s erver Cert file fo r
Id entity verific atio n
T ab le 2.54 . D escrip t io n o f u p g rad e levels co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[cells]
sched ul er =
(StrO p t) Cells s c hed uler to us e
nova.cells.scheduler.CellsScheduler
[upgrade_levels]
228
cel l s = None
(StrO p t) Set a vers io n c ap fo r mes s ag es s ent
to lo c al c ells s ervic es
cert = None
(StrO p t) Set a vers io n c ap fo r mes s ag es s ent
to c ert s ervic es
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
co mpute = None
(StrO p t) Set a vers io n c ap fo r mes s ag es s ent
to c o mp ute s ervic es . If yo u p lan to d o a live
up g rad e fro m havana to ic eho us e, yo u
s ho uld s et this o p tio n to " ic eho us e-c o mp at"
b efo re b eg inning the live up g rad e
p ro c ed ure.
co nd ucto r = None
(StrO p t) Set a vers io n c ap fo r mes s ag es s ent
to c o nd uc to r s ervic es
co nso l e = None
(StrO p t) Set a vers io n c ap fo r mes s ag es s ent
to c o ns o le s ervic es
co nso l eauth = None
(StrO p t) Set a vers io n c ap fo r mes s ag es s ent
to c o ns o leauth s ervic es
i ntercel l = None
(StrO p t) Set a vers io n c ap fo r mes s ag es s ent
b etween c ells s ervic es
netwo rk = None
(StrO p t) Set a vers io n c ap fo r mes s ag es s ent
to netwo rk s ervic es
sched ul er = None
(StrO p t) Set a vers io n c ap fo r mes s ag es s ent
to s c hed uler s ervic es
T ab le 2.55. D escrip t io n o f VMware co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[vmware]
api _retry_co unt = 10
(IntO p t) The numb er o f times we retry o n
failures , e.g ., s o c ket erro r, etc .
cl uster_name = None
(MultiStrO p t) Name o f a VMware Clus ter
Co mp uteRes o urc e.
d atasto re_reg ex = None
(StrO p t) Reg ex to matc h the name o f a
d atas to re.
ho st_i p = None
(StrO p t) Ho s tname o r IP ad d res s fo r
c o nnec tio n to VMware VC ho s t.
ho st_passwo rd = None
(StrO p t) Pas s wo rd fo r c o nnec tio n to VMware
VC ho s t.
ho st_po rt = 443
(IntO p t) Po rt fo r c o nnec tio n to VMware VC
ho s t.
229
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
ho st_username = None
(StrO p t) Us ername fo r c o nnec tio n to VMware
VC ho s t.
i nteg rati o n_bri d g e = br-int
(StrO p t) Name o f Integ ratio n Brid g e
maxi mum_o bjects = 100
(IntO p t) The maximum numb er o f
O b jec tCo ntent d ata o b jec ts that s ho uld b e
returned in a s ing le res ult. A p o s itive value
will c aus e the o p eratio n to s us p end the
retrieval when the c o unt o f o b jec ts reac hes
the s p ec ified maximum. The s erver may s till
limit the c o unt to s o mething les s than the
c o nfig ured value. Any remaining o b jec ts may
b e retrieved with ad d itio nal req ues ts .
pbm_d efaul t_po l i cy = None
(StrO p t) The PBM d efault p o lic y. If
p b m_ws d l_lo c atio n is s et and there is no
d efined s to rag e p o lic y fo r the s p ec ific
req ues t then this p o lic y will b e us ed .
pbm_enabl ed = False
(Bo o lO p t) The PBM s tatus .
pbm_wsd l _l o cati o n = None
(StrO p t) PBM s ervic e WSDL file lo c atio n
URL. e.g .
file:///o p t/SDK/s p b m/ws d l/p b mServic e.ws d l
No t s etting this will d is ab le s to rag e p o lic y
b as ed p lac ement o f ins tanc es .
task_po l l _i nterval = 0.5
(Flo atO p t) The interval us ed fo r p o lling o f
remo te tas ks .
use_l i nked _cl o ne = True
(Bo o lO p t) Whether to us e linked c lo ne
wsd l _l o cati o n = None
(StrO p t) O p tio nal VIM Servic e WSDL
Lo c atio n e.g http ://< s erver> /vimServic e.ws d l.
O p tio nal o ver-rid e to d efault lo c atio n fo r b ug
wo rk-aro und s
T ab le 2.56 . D escrip t io n o f VN C co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
no vncpro xy_base_url =
http://127.0.0.1:6080/vnc_auto.html
230
(StrO p t) Lo c atio n o f VNC c o ns o le p ro xy, in
the fo rm
" http ://127.0 .0 .1:6 0 8 0 /vnc _auto .html"
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
vnc_enabl ed = True
(Bo o lO p t) Enab le VNC related features
vnc_keymap = en-us
(StrO p t) Keymap fo r VNC
vncserver_l i sten = 127.0.0.1
(StrO p t) IP ad d res s o n whic h ins tanc e
vnc s ervers s ho uld lis ten
vncserver_pro xycl i ent_ad d ress =
(StrO p t) The ad d res s to whic h p ro xy c lients
(like no va-xvp vnc p ro xy) s ho uld c o nnec t
127.0.0.1
[vmware]
vnc_po rt = 5900
(IntO p t) VNC s tarting p o rt
vnc_po rt_to tal = 10000
(IntO p t) To tal numb er o f VNC p o rts
T ab le 2.57. D escrip t io n o f vo lu mes co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
bl o ck_d evi ce_al l o cate_retri es =
60
(IntO p t) Numb er o f times to retry b lo c k
d evic e allo c atio n o n failures
bl o ck_d evi ce_al l o cate_retri es_i
nterval = 3
(IntO p t) Waiting time interval (s ec o nd s )
b etween b lo c k d evic e allo c atio n retries o n
failures
my_bl o ck_sto rag e_i p = $my_ip
(StrO p t) Blo c k s to rag e IP ad d res s o f this
ho s t
vo l ume_api _cl ass =
(StrO p t) The full c las s name o f the vo lume
API c las s to us e
nova.volume.cinder.API
vo l ume_usag e_po l l _i nterval = 0
(IntO p t) Interval in s ec o nd s fo r g athering
vo lume us ag es
[cinder]
cafi l e = None
(StrO p t) PEM enc o d ed Certific ate Autho rity
to us e when verifying HTTPs c o nnec tio ns .
231
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
catal o g _i nfo =
(StrO p t) Info to matc h when lo o king fo r
c ind er in the s ervic e c atalo g . Fo rmat is :
s ep arated values o f the fo rm:
< s ervic e_typ e> :< s ervic e_name> :
< end p o int_typ e>
volumev2:cinderv2:publicURL
certfi l e = None
(StrO p t) PEM enc o d ed c lient c ertific ate c ert
file
cro ss_az_attach = True
(Bo o lO p t) Allo w attac h b etween ins tanc e and
vo lume in d ifferent availab ility z o nes .
end po i nt_templ ate = None
(StrO p t) O verrid e s ervic e c atalo g lo o kup
with temp late fo r c ind er end p o int e.g .
http ://lo c alho s t:8 776 /v1/% (p ro jec t_id )s
http_retri es = 3
(IntO p t) Numb er o f c ind erc lient retries o n
failed http c alls
i nsecure = False
(Bo o lO p t) Verify HTTPS c o nnec tio ns .
keyfi l e = None
(StrO p t) PEM enc o d ed c lient c ertific ate key
file
o s_reg i o n_name = None
(StrO p t) Reg io n name o f this no d e
ti meo ut = None
(IntO p t) Timeo ut value fo r http req ues ts
[hyperv]
fo rce_vo l umeuti l s_v1 = False
(Bo o lO p t) Fo rc e V1 vo lume utility c las s
vo l ume_attach_retry_co unt = 10
(IntO p t) The numb er o f times to retry to
attac h a vo lume
vo l ume_attach_retry_i nterval = 5
(IntO p t) Interval b etween vo lume attac hment
attemp ts , in s ec o nd s
[libvirt ]
g l usterfs_mo unt_po i nt_base =
$state_path/mnt
nfs_mo unt_o pti o ns = None
(StrO p t) Mo unt o p tio ns p as s ed f to the NFS
c lient. See s ec tio n o f the nfs man p ag e fo r
d etails
nfs_mo unt_po i nt_base =
(StrO p t) Direc to ry where the NFS vo lume is
mo unted o n the c o mp ute no d e
$state_path/mnt
232
(StrO p t) Direc to ry where the g lus terfs vo lume
is mo unted o n the c o mp ute no d e
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
num_ao e_d i sco ver_tri es = 3
(IntO p t) Numb er o f times to red is c o ver Ao E
targ et to find vo lume
num_i scsi _scan_tri es = 5
(IntO p t) Numb er o f times to res c an iSCSI
targ et to find vo lume
num_i ser_scan_tri es = 5
(IntO p t) Numb er o f times to res c an iSER
targ et to find vo lume
q emu_al l o wed _sto rag e_d ri vers =
(Lis tO p t) Pro to c o ls lis ted here will b e
ac c es s ed d irec tly fro m Q EMU. Currently
s up p o rted p ro to c o ls : [g lus ter]
rbd _secret_uui d = None
(StrO p t) The lib virt UUID o f the s ec ret fo r the
rb d _us ervo lumes
rbd _user = None
(StrO p t) The RADO S c lient name fo r
ac c es s ing rb d vo lumes
scal i ty_so fs_co nfi g = None
(StrO p t) Path o r URL to Sc ality SO FS
c o nfig uratio n file
scal i ty_so fs_mo unt_po i nt =
(StrO p t) Bas e d ir where Sc ality SO FS s hall
b e mo unted
$state_path/scality
smbfs_mo unt_o pti o ns =
(StrO p t) Mo unt o p tio ns p as s ed to the
SMBFS c lient. See mo unt.c ifs man p ag e fo r
d etails . No te that the lib virt-q emu uid and g id
mus t b e s p ec ified .
smbfs_mo unt_po i nt_base =
(StrO p t) Direc to ry where the SMBFS s hares
are mo unted o n the c o mp ute no d e
$state_path/mnt
[xenserver]
bl o ck_d evi ce_creati o n_ti meo ut =
10
(IntO p t) Time to wait fo r a b lo c k d evic e to b e
c reated
T ab le 2.58. D escrip t io n o f VPN co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
bo o t_scri pt_templ ate =
$pybasedir/nova/cloudpipe/bootscript.template
(StrO p t) Temp late fo r c lo ud p ip e ins tanc e
b o o t s c rip t
233
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
d mz_ci d r =
(Lis tO p t) A lis t o f d mz rang e that s ho uld b e
ac c ep ted
d mz_mask = 255.255.255.0
(StrO p t) Netmas k to p us h into o p envp n
c o nfig
d mz_net = 10.0.0.0
(StrO p t) Netwo rk to p us h into o p envp n
c o nfig
vpn_fl avo r = m1.tiny
(StrO p t) Flavo r fo r vp n ins tanc es
vpn_i mag e_i d = 0
(StrO p t) Imag e ID us ed when s tarting up a
c lo ud p ip e vp n s erver
vpn_i p = $my_ip
(StrO p t) Pub lic IP fo r the c lo ud p ip e VPN
s ervers
vpn_key_suffi x = -vpn
(StrO p t) Suffix to ad d to p ro jec t name fo r vp n
key and s ec g ro up s
vpn_start = 1000
(IntO p t) Firs t Vp n p o rt fo r p rivate netwo rks
T ab le 2.59 . D escrip t io n o f Xen co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
co nso l e_d ri ver =
(StrO p t) Driver to us e fo r the c o ns o le p ro xy
nova.console.xvp.XVPConsoleProxy
co nso l e_xvp_co nf = /etc/xvp.conf
(StrO p t) G enerated XVP c o nf file
co nso l e_xvp_co nf_templ ate =
(StrO p t) XVP c o nf temp late
$pybasedir/nova/console/xvp.conf.template
co nso l e_xvp_l o g = /var/log/xvp.log
(StrO p t) XVP lo g file
co nso l e_xvp_mul ti pl ex_po rt = 5900
(IntO p t) Po rt fo r XVP to multip lex VNC
c o nnec tio ns o n
co nso l e_xvp_pi d = /var/run/xvp.pid
(StrO p t) XVP mas ter p ro c es s p id file
stub_co mpute = False
(Bo o lO p t) Stub c alls to c o mp ute wo rker fo r
tes ts
[libvirt ]
234
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
xen_hvml o ad er_path =
(StrO p t) Lo c atio n where the Xen hvmlo ad er
is kep t
/usr/lib/xen/boot/hvmloader
[xenserver]
ag ent_path = usr/sbin/xe-update-networking
(StrO p t) Sp ec ifies the p ath in whic h the
XenAPI g ues t ag ent s ho uld b e lo c ated . If the
ag ent is p res ent, netwo rk c o nfig uratio n is no t
injec ted into the imag e. Us ed if
c o mp ute_d river=xenap i.XenAPIDriver and
flat_injec ted =True
ag ent_resetnetwo rk_ti meo ut = 60
(IntO p t) Numb er o f s ec o nd s to wait fo r ag ent
rep ly to res etnetwo rk req ues t
ag ent_ti meo ut = 30
(IntO p t) Numb er o f s ec o nd s to wait fo r ag ent
rep ly
ag ent_versi o n_ti meo ut = 300
(IntO p t) Numb er o f s ec o nd s to wait fo r ag ent
to b e fully o p eratio nal
cache_i mag es = all
(StrO p t) Cac he g lanc e imag es lo c ally. `all`
will c ac he all imag es , `s o me` will o nly c ac he
imag es that have the imag e_p ro p erty
`c ac he_in_no va=True`, and `no ne` turns o ff
c ac hing entirely
check_ho st = True
(Bo o lO p t) Ens ure c o mp ute s ervic e is
running o n ho s t XenAPI c o nnec ts to .
co nnecti o n_co ncurrent = 5
(IntO p t) Maximum numb er o f c o nc urrent
XenAPI c o nnec tio ns . Us ed o nly if
c o mp ute_d river=xenap i.XenAPIDriver
co nnecti o n_passwo rd = None
(StrO p t) Pas s wo rd fo r c o nnec tio n to
XenServer/Xen Clo ud Platfo rm. Us ed o nly if
c o mp ute_d river=xenap i.XenAPIDriver
co nnecti o n_url = None
(StrO p t) URL fo r c o nnec tio n to
XenServer/Xen Clo ud Platfo rm. A s p ec ial
value o f unix://lo c al c an b e us ed to c o nnec t
to the lo c al unix s o c ket. Req uired if
c o mp ute_d river=xenap i.XenAPIDriver
co nnecti o n_username = root
(StrO p t) Us ername fo r c o nnec tio n to
XenServer/Xen Clo ud Platfo rm. Us ed o nly if
c o mp ute_d river=xenap i.XenAPIDriver
d efaul t_o s_type = linux
(StrO p t) Default O S typ e
235
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
d i sabl e_ag ent = False
(Bo o lO p t) Dis ab les the us e o f the XenAPI
ag ent in any imag e reg ard les s o f what imag e
p ro p erties are p res ent.
i mag e_co mpressi o n_l evel = None
(IntO p t) Co mp res s io n level fo r imag es , e.g .,
9 fo r g z ip -9 . Rang e is 1-9 , 9 b eing mo s t
c o mp res s ed b ut mo s t CPU intens ive o n
d o m0 .
i mag e_upl o ad _hand l er =
(StrO p t) Do m0 p lug in d river us ed to hand le
imag e up lo ad s .
nova.virt.xenapi.image.glance.GlanceStore
236
i ntro d uce_vd i _retry_wai t = 20
(IntO p t) Numb er o f s ec o nd s to wait fo r an SR
to s ettle if the VDI d o es no t exis t when firs t
intro d uc ed
i pxe_bo o t_menu_url = None
(StrO p t) URL to the iPXE b o o t menu
i pxe_mki so fs_cmd = mkisofs
(StrO p t) Name and o p tio nally p ath o f the to o l
us ed fo r ISO imag e c reatio n
i pxe_netwo rk_name = None
(StrO p t) Name o f netwo rk to us e fo r b o o ting
iPXE ISO s
i q n_prefi x = iqn.2010-10.org.openstack
(StrO p t) IQ N Prefix
l o g i n_ti meo ut = 10
(IntO p t) Timeo ut in s ec o nd s fo r XenAPI
lo g in.
max_kernel _ramd i sk_si ze = 16777216
(IntO p t) Maximum s iz e in b ytes o f kernel o r
ramd is k imag es
num_vbd _unpl ug _retri es = 10
(IntO p t) Maximum numb er o f retries to
unp lug VBD
o vs_i nteg rati o n_bri d g e = xapi1
(StrO p t) Name o f Integ ratio n Brid g e us ed b y
O p en vSwitc h
remap_vbd _d ev = False
(Bo o lO p t) Us ed to enab le the remap p ing o f
VBD d ev (Wo rks aro und an is s ue in Ub untu
Maveric k)
remap_vbd _d ev_prefi x = sd
(StrO p t) Sp ec ify p refix to remap VBD d ev to
(ex. /d ev/xvd b -> /d ev/s d b )
runni ng _ti meo ut = 60
(IntO p t) Numb er o f s ec o nd s to wait fo r
ins tanc e to g o to running s tate
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
sparse_co py = True
(Bo o lO p t) Whether to us e s p ars e_c o p y fo r
c o p ying d ata o n a res iz e d o wn (Fals e will
us e s tand ard d d ). This s p eed s up res iz es
d o wn c o ns id erab ly s inc e larg e runs o f z ero s
wo n' t have to b e rs ync ed
sr_base_path = /var/run/sr-mount
(StrO p t) Bas e p ath to the s to rag e rep o s ito ry
sr_matchi ng _fi l ter = default-sr:true
(StrO p t) Filter fo r find ing the SR to b e us ed
to ins tall g ues t ins tanc es o n. To us e the
Lo c al Sto rag e in d efault XenServer/XCP
ins tallatio ns s et this flag to o ther-c o nfig :i18 nkey=lo c al-s to rag e. To s elec t an SR with a
d ifferent matc hing c riteria, yo u c o uld s et it to
o ther-c o nfig :my_favo rite_s r=true. O n the
o ther hand , to fall b ac k o n the Default SR, as
d is p layed b y XenCenter, s et this flag to :
d efault-s r:true
targ et_ho st = None
(StrO p t) The iSCSI Targ et Ho s t
targ et_po rt = 3260
(StrO p t) The iSCSI Targ et Po rt, d efault is
p o rt 326 0
to rrent_base_url = None
(StrO p t) Bas e URL fo r to rrent files .
to rrent_d o wnl o ad _stal l _cuto ff =
(IntO p t) Numb er o f s ec o nd s a d o wnlo ad c an
remain at the s ame p ro g res s p erc entag e w/o
b eing c o ns id ered a s tall
600
to rrent_i mag es = none
(StrO p t) Whether o r no t to d o wnlo ad imag es
via Bit To rrent (all|s o me|no ne).
to rrent_l i sten_po rt_end = 6891
(IntO p t) End o f p o rt rang e to lis ten o n
to rrent_l i sten_po rt_start = 6881
(IntO p t) Beg inning o f p o rt rang e to lis ten o n
to rrent_max_l ast_accessed = 86400
(IntO p t) Cac hed to rrent files no t ac c es s ed
within this numb er o f s ec o nd s c an b e reap ed
to rrent_max_seed er_pro cesses_per
_ho st = 1
(IntO p t) Maximum numb er o f s eed er
p ro c es s es to run c o nc urrently within a g iven
d o m0 . (-1 = no limit)
to rrent_seed _chance = 1.0
(Flo atO p t) Pro b ab ility that p eer will b ec o me
a s eed er. (1.0 = 10 0 % )
to rrent_seed _d urati o n = 3600
(IntO p t) Numb er o f s ec o nd s after
d o wnlo ad ing an imag e via BitTo rrent that it
s ho uld b e s eed ed fo r o ther p eers .
237
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
use_ag ent_d efaul t = False
(Bo o lO p t) Determines if the XenAPI ag ent
s ho uld b e us ed when the imag e us ed d o es
no t c o ntain a hint to d ec lare if the ag ent is
p res ent o r no t. The hint is a g lanc e p ro p erty
" xenap i_us e_ag ent" that has the value " True"
o r " Fals e" . No te that waiting fo r the ag ent
when it is no t p res ent will s ig nific antly
inc reas e s erver b o o t times .
use_jo i n_fo rce = True
(Bo o lO p t) To us e fo r ho s ts with d ifferent
CPUs
vhd _co al esce_max_attempts = 20
(IntO p t) Max numb er o f times to p o ll fo r VHD
to c o ales c e. Us ed o nly if
c o mp ute_d river=xenap i.XenAPIDriver
vhd _co al esce_po l l _i nterval = 5.0
(Flo atO p t) The interval us ed fo r p o lling o f
c o ales c ing vhd s . Us ed o nly if
c o mp ute_d river=xenap i.XenAPIDriver
vi f_d ri ver =
(StrO p t) The XenAPI VIF d river us ing
XenServer Netwo rk APIs .
nova.virt.xenapi.vif.XenAPIBridgeDriver
T ab le 2.6 0. D escrip t io n o f XC P VN C p ro xy co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
xvpvncpro xy_base_url =
http://127.0.0.1:6081/console
(StrO p t) Lo c atio n o f no va xvp VNC c o ns o le
p ro xy, in the fo rm
" http ://127.0 .0 .1:6 0 8 1/c o ns o le"
xvpvncpro xy_ho st = 0.0.0.0
(StrO p t) Ad d res s that the XCP VNC p ro xy
s ho uld b ind to
xvpvncpro xy_po rt = 6081
(IntO p t) Po rt that the XCP VNC p ro xy s ho uld
b ind to
T ab le 2.6 1. D escrip t io n o f Z o o keep er co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
[z ookeeper]
238
Descript ion
CHAPT ER 2 . CO MPUT E
Configurat ion opt ion = Default value
Descript ion
ad d ress = None
(StrO p t) The Zo o Keep er ad d res s es fo r
s ervic eg ro up s ervic e in the fo rmat o f
ho s t1:p o rt,ho s t2:p o rt,ho s t3:p o rt
recv_ti meo ut = 4000
(IntO p t) The rec v_timeo ut p arameter fo r the
z k s es s io n
sg _prefi x = /servicegroups
(StrO p t) The p refix us ed in Zo o Keep er to
s to re ep hemeral no d es
sg _retry_i nterval = 5
(IntO p t) Numb er o f s ec o nd s to wait until
retrying to jo in the s es s io n
2.9.2. Addit ional sample configurat ion files
Files in this section can be found in /etc/no va.
2 .9 .2 .1 . api-past e .ini
The Compute service stores its API configuration settings in the api -paste. i ni file.
############
# Metadata #
############
[composite:metadata]
use = egg:Paste#urlmap
/: meta
[pipeline:meta]
pipeline = ec2faultwrap logrequest metaapp
[app:metaapp]
paste.app_factory =
nova.api.metadata.handler:MetadataRequestHandler.factory
#######
# EC2 #
#######
[composite:ec2]
use = egg:Paste#urlmap
/services/Cloud: ec2cloud
[composite:ec2cloud]
use = call:nova.api.auth:pipeline_factory
noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator
ec2executor
keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest
validator ec2executor
239
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
[filter:ec2faultwrap]
paste.filter_factory = nova.api.ec2:FaultWrapper.factory
[filter:logrequest]
paste.filter_factory = nova.api.ec2:RequestLogging.factory
[filter:ec2lockout]
paste.filter_factory = nova.api.ec2:Lockout.factory
[filter:ec2keystoneauth]
paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory
[filter:ec2noauth]
paste.filter_factory = nova.api.ec2:NoAuth.factory
[filter:cloudrequest]
controller = nova.api.ec2.cloud.CloudController
paste.filter_factory = nova.api.ec2:Requestify.factory
[filter:authorizer]
paste.filter_factory = nova.api.ec2:Authorizer.factory
[filter:validator]
paste.filter_factory = nova.api.ec2:Validator.factory
[app:ec2executor]
paste.app_factory = nova.api.ec2:Executor.factory
#############
# OpenStack #
#############
[composite:osapi_compute]
use = call:nova.api.openstack.urlmap:urlmap_factory
/: oscomputeversions
/v1.1: openstack_compute_api_v2
/v2: openstack_compute_api_v2
/v2.1: openstack_compute_api_v21
/v3: openstack_compute_api_v3
[composite:openstack_compute_api_v2]
use = call:nova.api.auth:pipeline_factory
noauth = compute_req_id faultwrap sizelimit noauth ratelimit
osapi_compute_app_v2
keystone = compute_req_id faultwrap sizelimit authtoken
keystonecontext ratelimit osapi_compute_app_v2
keystone_nolimit = compute_req_id faultwrap sizelimit authtoken
keystonecontext osapi_compute_app_v2
[composite:openstack_compute_api_v21]
use = call:nova.api.auth:pipeline_factory_v21
noauth = request_id faultwrap sizelimit noauth osapi_compute_app_v21
keystone = request_id faultwrap sizelimit authtoken keystonecontext
osapi_compute_app_v21
24 0
CHAPT ER 2 . CO MPUT E
[composite:openstack_compute_api_v3]
use = call:nova.api.auth:pipeline_factory_v21
noauth = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3
keystone = request_id faultwrap sizelimit authtoken keystonecontext
osapi_compute_app_v3
[filter:request_id]
paste.filter_factory =
nova.openstack.common.middleware.request_id:RequestIdMiddleware.factor
y
[filter:compute_req_id]
paste.filter_factory =
nova.api.compute_req_id:ComputeReqIdMiddleware.factory
[filter:faultwrap]
paste.filter_factory = nova.api.openstack:FaultWrapper.factory
[filter:noauth]
paste.filter_factory =
nova.api.openstack.auth:NoAuthMiddleware.factory
[filter:noauth_v3]
paste.filter_factory =
nova.api.openstack.auth:NoAuthMiddlewareV3.factory
[filter:ratelimit]
paste.filter_factory =
nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
[filter:sizelimit]
paste.filter_factory =
nova.api.sizelimit:RequestBodySizeLimiter.factory
[app:osapi_compute_app_v2]
paste.app_factory = nova.api.openstack.compute:APIRouter.factory
[app:osapi_compute_app_v21]
paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory
[app:osapi_compute_app_v3]
paste.app_factory = nova.api.openstack.compute:APIRouterV3.factory
[pipeline:oscomputeversions]
pipeline = faultwrap oscomputeversionapp
[app:oscomputeversionapp]
paste.app_factory =
nova.api.openstack.compute.versions:Versions.factory
##########
# Shared #
##########
[filter:keystonecontext]
paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
24 1
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
2 .9 .2 .2 . po licy.jso n
The po l i cy. jso n file defines additional access controls that apply to the Compute
service.
{
"context_is_admin": "role:admin",
"admin_or_owner": "is_admin:True or project_id:%(project_id)s",
"default": "rule:admin_or_owner",
"cells_scheduler_filter:TargetCellFilter": "is_admin:True",
"compute:create": "",
"compute:create:attach_network": "",
"compute:create:attach_volume": "",
"compute:create:forced_host": "is_admin:True",
"compute:get_all": "",
"compute:get_all_tenants": "",
"compute:start": "rule:admin_or_owner",
"compute:stop": "rule:admin_or_owner",
"compute:unlock_override": "rule:admin_api",
"compute:shelve": "",
"compute:shelve_offload": "",
"compute:unshelve": "",
"compute:volume_snapshot_create": "",
"compute:volume_snapshot_delete": "",
"admin_api": "is_admin:True",
"compute:v3:servers:start": "rule:admin_or_owner",
"compute:v3:servers:stop": "rule:admin_or_owner",
"compute_extension:v3:os-access-ips:discoverable": "",
"compute_extension:v3:os-access-ips": "",
"compute_extension:accounts": "rule:admin_api",
"compute_extension:admin_actions": "rule:admin_api",
"compute_extension:admin_actions:pause": "rule:admin_or_owner",
"compute_extension:admin_actions:unpause": "rule:admin_or_owner",
"compute_extension:admin_actions:suspend": "rule:admin_or_owner",
"compute_extension:admin_actions:resume": "rule:admin_or_owner",
"compute_extension:admin_actions:lock": "rule:admin_or_owner",
"compute_extension:admin_actions:unlock": "rule:admin_or_owner",
"compute_extension:admin_actions:resetNetwork": "rule:admin_api",
"compute_extension:admin_actions:injectNetworkInfo":
"rule:admin_api",
"compute_extension:admin_actions:createBackup":
"rule:admin_or_owner",
"compute_extension:admin_actions:migrateLive": "rule:admin_api",
24 2
CHAPT ER 2 . CO MPUT E
"compute_extension:admin_actions:resetState": "rule:admin_api",
"compute_extension:admin_actions:migrate": "rule:admin_api",
"compute_extension:v3:os-admin-actions": "rule:admin_api",
"compute_extension:v3:os-admin-actions:discoverable": "",
"compute_extension:v3:os-admin-actions:reset_network":
"rule:admin_api",
"compute_extension:v3:os-admin-actions:inject_network_info":
"rule:admin_api",
"compute_extension:v3:os-admin-actions:reset_state":
"rule:admin_api",
"compute_extension:v3:os-admin-password": "",
"compute_extension:v3:os-admin-password:discoverable": "",
"compute_extension:aggregates": "rule:admin_api",
"compute_extension:v3:os-aggregates:discoverable": "",
"compute_extension:v3:os-aggregates:index": "rule:admin_api",
"compute_extension:v3:os-aggregates:create": "rule:admin_api",
"compute_extension:v3:os-aggregates:show": "rule:admin_api",
"compute_extension:v3:os-aggregates:update": "rule:admin_api",
"compute_extension:v3:os-aggregates:delete": "rule:admin_api",
"compute_extension:v3:os-aggregates:add_host": "rule:admin_api",
"compute_extension:v3:os-aggregates:remove_host":
"rule:admin_api",
"compute_extension:v3:os-aggregates:set_metadata":
"rule:admin_api",
"compute_extension:agents": "rule:admin_api",
"compute_extension:v3:os-agents": "rule:admin_api",
"compute_extension:v3:os-agents:discoverable": "",
"compute_extension:attach_interfaces": "",
"compute_extension:v3:os-attach-interfaces": "",
"compute_extension:v3:os-attach-interfaces:discoverable": "",
"compute_extension:baremetal_nodes": "rule:admin_api",
"compute_extension:v3:os-block-device-mapping-v1:discoverable":
"",
"compute_extension:cells": "rule:admin_api",
"compute_extension:cells:create": "rule:admin_api",
"compute_extension:cells:delete": "rule:admin_api",
"compute_extension:cells:update": "rule:admin_api",
"compute_extension:cells:sync_instances": "rule:admin_api",
"compute_extension:v3:os-cells": "rule:admin_api",
"compute_extension:v3:os-cells:create": "rule:admin_api",
"compute_extension:v3:os-cells:delete": "rule:admin_api",
"compute_extension:v3:os-cells:update": "rule:admin_api",
"compute_extension:v3:os-cells:sync_instances": "rule:admin_api",
"compute_extension:v3:os-cells:discoverable": "",
"compute_extension:certificates": "",
"compute_extension:v3:os-certificates:create": "",
"compute_extension:v3:os-certificates:show": "",
"compute_extension:v3:os-certificates:discoverable": "",
"compute_extension:cloudpipe": "rule:admin_api",
"compute_extension:cloudpipe_update": "rule:admin_api",
"compute_extension:console_output": "",
"compute_extension:v3:consoles:discoverable": "",
"compute_extension:v3:os-console-output:discoverable": "",
"compute_extension:v3:os-console-output": "",
"compute_extension:consoles": "",
"compute_extension:v3:os-remote-consoles": "",
24 3
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
"compute_extension:v3:os-remote-consoles:discoverable": "",
"compute_extension:createserverext": "",
"compute_extension:v3:os-create-backup:discoverable": "",
"compute_extension:v3:os-create-backup": "rule:admin_or_owner",
"compute_extension:deferred_delete": "",
"compute_extension:v3:os-deferred-delete": "",
"compute_extension:v3:os-deferred-delete:discoverable": "",
"compute_extension:disk_config": "",
"compute_extension:evacuate": "rule:admin_api",
"compute_extension:v3:os-evacuate": "rule:admin_api",
"compute_extension:v3:os-evacuate:discoverable": "",
"compute_extension:extended_server_attributes": "rule:admin_api",
"compute_extension:v3:os-extended-server-attributes":
"rule:admin_api",
"compute_extension:v3:os-extended-server-attributes:discoverable":
"",
"compute_extension:extended_status": "",
"compute_extension:v3:os-extended-status": "",
"compute_extension:v3:os-extended-status:discoverable": "",
"compute_extension:extended_availability_zone": "",
"compute_extension:v3:os-extended-availability-zone": "",
"compute_extension:v3:os-extended-availability-zone:discoverable":
"",
"compute_extension:extended_ips": "",
"compute_extension:extended_ips_mac": "",
"compute_extension:extended_vif_net": "",
"compute_extension:v3:extension_info:discoverable": "",
"compute_extension:extended_volumes": "",
"compute_extension:v3:os-extended-volumes": "",
"compute_extension:v3:os-extended-volumes:swap": "",
"compute_extension:v3:os-extended-volumes:discoverable": "",
"compute_extension:v3:os-extended-volumes:attach": "",
"compute_extension:v3:os-extended-volumes:detach": "",
"compute_extension:fixed_ips": "rule:admin_api",
"compute_extension:flavor_access": "",
"compute_extension:flavor_access:addTenantAccess":
"rule:admin_api",
"compute_extension:flavor_access:removeTenantAccess":
"rule:admin_api",
"compute_extension:v3:os-flavor-access": "",
"compute_extension:v3:os-flavor-access:discoverable": "",
"compute_extension:v3:os-flavor-access:remove_tenant_access":
"rule:admin_api",
"compute_extension:v3:os-flavor-access:add_tenant_access":
"rule:admin_api",
"compute_extension:flavor_disabled": "",
"compute_extension:flavor_rxtx": "",
"compute_extension:v3:os-flavor-rxtx": "",
"compute_extension:v3:os-flavor-rxtx:discoverable": "",
"compute_extension:flavor_swap": "",
"compute_extension:flavorextradata": "",
"compute_extension:flavorextraspecs:index": "",
"compute_extension:flavorextraspecs:show": "",
"compute_extension:flavorextraspecs:create": "rule:admin_api",
"compute_extension:flavorextraspecs:update": "rule:admin_api",
"compute_extension:flavorextraspecs:delete": "rule:admin_api",
24 4
CHAPT ER 2 . CO MPUT E
"compute_extension:v3:flavors:discoverable": "",
"compute_extension:v3:flavor-extra-specs:discoverable": "",
"compute_extension:v3:flavor-extra-specs:index": "",
"compute_extension:v3:flavor-extra-specs:show": "",
"compute_extension:v3:flavor-extra-specs:create":
"rule:admin_api",
"compute_extension:v3:flavor-extra-specs:update":
"rule:admin_api",
"compute_extension:v3:flavor-extra-specs:delete":
"rule:admin_api",
"compute_extension:flavormanage": "rule:admin_api",
"compute_extension:v3:flavor-manage:discoverable": "",
"compute_extension:v3:flavor-manage": "rule:admin_api",
"compute_extension:floating_ip_dns": "",
"compute_extension:floating_ip_pools": "",
"compute_extension:floating_ips": "",
"compute_extension:floating_ips_bulk": "rule:admin_api",
"compute_extension:fping": "",
"compute_extension:fping:all_tenants": "rule:admin_api",
"compute_extension:hide_server_addresses": "is_admin:False",
"compute_extension:v3:os-hide-server-addresses": "is_admin:False",
"compute_extension:v3:os-hide-server-addresses:discoverable": "",
"compute_extension:hosts": "rule:admin_api",
"compute_extension:v3:os-hosts": "rule:admin_api",
"compute_extension:v3:os-hosts:discoverable": "",
"compute_extension:hypervisors": "rule:admin_api",
"compute_extension:v3:os-hypervisors": "rule:admin_api",
"compute_extension:v3:os-hypervisors:discoverable": "",
"compute_extension:image_size": "",
"compute_extension:v3:images:discoverable": "",
"compute_extension:v3:image-size": "",
"compute_extension:v3:image-size:discoverable": "",
"compute_extension:instance_actions": "",
"compute_extension:v3:os-instance-actions": "",
"compute_extension:v3:os-instance-actions:discoverable": "",
"compute_extension:instance_actions:events": "rule:admin_api",
"compute_extension:v3:os-instance-actions:events":
"rule:admin_api",
"compute_extension:instance_usage_audit_log": "rule:admin_api",
"compute_extension:v3:ips:discoverable": "",
"compute_extension:keypairs": "",
"compute_extension:keypairs:index": "",
"compute_extension:keypairs:show": "",
"compute_extension:keypairs:create": "",
"compute_extension:keypairs:delete": "",
"compute_extension:v3:os-keypairs:discoverable": "",
"compute_extension:v3:os-keypairs": "",
"compute_extension:v3:os-keypairs:index": "",
"compute_extension:v3:os-keypairs:show": "",
"compute_extension:v3:os-keypairs:create": "",
"compute_extension:v3:os-keypairs:delete": "",
"compute_extension:v3:limits:discoverable": "",
"compute_extension:v3:os-lock-server:discoverable": "",
"compute_extension:v3:os-lock-server:lock": "rule:admin_or_owner",
"compute_extension:v3:os-lock-server:unlock":
"rule:admin_or_owner",
24 5
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
"compute_extension:v3:os-migrate-server:discoverable": "",
"compute_extension:v3:os-migrate-server:migrate":
"rule:admin_api",
"compute_extension:v3:os-migrate-server:migrate_live":
"rule:admin_api",
"compute_extension:multinic": "",
"compute_extension:v3:os-multinic": "",
"compute_extension:v3:os-multinic:discoverable": "",
"compute_extension:networks": "rule:admin_api",
"compute_extension:networks:view": "",
"compute_extension:networks_associate": "rule:admin_api",
"compute_extension:v3:os-pause-server:discoverable": "",
"compute_extension:v3:os-pause-server:pause":
"rule:admin_or_owner",
"compute_extension:v3:os-pause-server:unpause":
"rule:admin_or_owner",
"compute_extension:v3:os-pci:pci_servers": "",
"compute_extension:v3:os-pci:discoverable": "",
"compute_extension:v3:os-pci:index": "rule:admin_api",
"compute_extension:v3:os-pci:detail": "rule:admin_api",
"compute_extension:v3:os-pci:show": "rule:admin_api",
"compute_extension:quotas:show": "",
"compute_extension:quotas:update": "rule:admin_api",
"compute_extension:quotas:delete": "rule:admin_api",
"compute_extension:v3:os-quota-sets:discoverable": "",
"compute_extension:v3:os-quota-sets:show": "",
"compute_extension:v3:os-quota-sets:update": "rule:admin_api",
"compute_extension:v3:os-quota-sets:delete": "rule:admin_api",
"compute_extension:v3:os-quota-sets:detail": "rule:admin_api",
"compute_extension:quota_classes": "",
"compute_extension:rescue": "",
"compute_extension:v3:os-rescue": "",
"compute_extension:v3:os-rescue:discoverable": "",
"compute_extension:v3:os-scheduler-hints:discoverable": "",
"compute_extension:security_group_default_rules":
"rule:admin_api",
"compute_extension:security_groups": "",
"compute_extension:v3:os-security-groups": "",
"compute_extension:v3:os-security-groups:discoverable": "",
"compute_extension:server_diagnostics": "rule:admin_api",
"compute_extension:v3:os-server-diagnostics": "rule:admin_api",
"compute_extension:v3:os-server-diagnostics:discoverable": "",
"compute_extension:server_groups": "",
"compute_extension:server_password": "",
"compute_extension:v3:os-server-password": "",
"compute_extension:v3:os-server-password:discoverable": "",
"compute_extension:server_usage": "",
"compute_extension:v3:os-server-usage": "",
"compute_extension:v3:os-server-usage:discoverable": "",
"compute_extension:v3:os-server-groups": "",
"compute_extension:v3:os-server-groups:discoverable": "",
"compute_extension:services": "rule:admin_api",
"compute_extension:v3:os-services": "rule:admin_api",
"compute_extension:v3:os-services:discoverable": "",
"compute_extension:v3:server-metadata:discoverable": "",
"compute_extension:v3:servers:discoverable": "",
24 6
CHAPT ER 2 . CO MPUT E
"compute_extension:shelve": "",
"compute_extension:shelveOffload": "rule:admin_api",
"compute_extension:v3:os-shelve:shelve": "",
"compute_extension:v3:os-shelve:shelve:discoverable": "",
"compute_extension:v3:os-shelve:shelve_offload": "rule:admin_api",
"compute_extension:simple_tenant_usage:show":
"rule:admin_or_owner",
"compute_extension::v3:os-simple-tenant-usage:discoverable": "",
"compute_extension::v3:os-simple-tenant-usage:show":
"rule:admin_or_owner",
"compute_extension::v3:os-simple-tenant-usage:list":
"rule:admin_api",
"compute_extension:v3:os-suspend-server:discoverable": "",
"compute_extension:v3:os-suspend-server:suspend":
"rule:admin_or_owner",
"compute_extension:v3:os-suspend-server:resume":
"rule:admin_or_owner",
"compute_extension:simple_tenant_usage:list": "rule:admin_api",
"compute_extension:unshelve": "",
"compute_extension:v3:os-shelve:unshelve": "",
"compute_extension:users": "rule:admin_api",
"compute_extension:v3:os-user-data:discoverable": "",
"compute_extension:virtual_interfaces": "",
"compute_extension:virtual_storage_arrays": "",
"compute_extension:volumes": "",
"compute_extension:volume_attachments:index": "",
"compute_extension:volume_attachments:show": "",
"compute_extension:volume_attachments:create": "",
"compute_extension:volume_attachments:update": "",
"compute_extension:volume_attachments:delete": "",
"compute_extension:v3:os-volumes": "",
"compute_extension:v3:os-volumes:discoverable": "",
"compute_extension:volumetypes": "",
"compute_extension:availability_zone:list": "",
"compute_extension:v3:os-availability-zone:list": "",
"compute_extension:v3:os-availability-zone:discoverable": "",
"compute_extension:availability_zone:detail": "rule:admin_api",
"compute_extension:v3:os-availability-zone:detail":
"rule:admin_api",
"compute_extension:used_limits_for_admin": "rule:admin_api",
"compute_extension:v3:os-used-limits": "rule:admin_api",
"compute_extension:v3:os-used-limits:discoverable": "",
"compute_extension:migrations:index": "rule:admin_api",
"compute_extension:v3:os-migrations:index": "rule:admin_api",
"compute_extension:v3:os-migrations:discoverable": "",
"compute_extension:os-assisted-volume-snapshots:create":
"rule:admin_api",
"compute_extension:os-assisted-volume-snapshots:delete":
"rule:admin_api",
"compute_extension:console_auth_tokens": "rule:admin_api",
"compute_extension:v3:os-console-auth-tokens": "rule:admin_api",
"compute_extension:os-server-external-events:create":
"rule:admin_api",
"compute_extension:v3:os-server-external-events:create":
"rule:admin_api",
24 7
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
"volume:create": "",
"volume:get_all": "",
"volume:get_volume_metadata": "",
"volume:get_snapshot": "",
"volume:get_all_snapshots": "",
"volume_extension:types_manage": "rule:admin_api",
"volume_extension:types_extra_specs": "rule:admin_api",
"volume_extension:volume_admin_actions:reset_status":
"rule:admin_api",
"volume_extension:snapshot_admin_actions:reset_status":
"rule:admin_api",
"volume_extension:volume_admin_actions:force_delete":
"rule:admin_api",
"network:get_all": "",
"network:get": "",
"network:create": "",
"network:delete": "",
"network:associate": "",
"network:disassociate": "",
"network:get_vifs_by_instance": "",
"network:allocate_for_instance": "",
"network:deallocate_for_instance": "",
"network:validate_networks": "",
"network:get_instance_uuids_by_ip_filter": "",
"network:get_instance_id_by_floating_address": "",
"network:setup_networks_on_host": "",
"network:get_backdoor_port": "",
"network:get_floating_ip": "",
"network:get_floating_ip_pools": "",
"network:get_floating_ip_by_address": "",
"network:get_floating_ips_by_project": "",
"network:get_floating_ips_by_fixed_address": "",
"network:allocate_floating_ip": "",
"network:deallocate_floating_ip": "",
"network:associate_floating_ip": "",
"network:disassociate_floating_ip": "",
"network:release_floating_ip": "",
"network:migrate_instance_start": "",
"network:migrate_instance_finish": "",
"network:get_fixed_ip": "",
"network:get_fixed_ip_by_address": "",
"network:add_fixed_ip_to_instance": "",
"network:remove_fixed_ip_from_instance": "",
"network:add_network_to_project": "",
"network:get_instance_nw_info": "",
"network:get_dns_domains": "",
"network:add_dns_entry": "",
"network:modify_dns_entry": "",
"network:delete_dns_entry": "",
24 8
CHAPT ER 2 . CO MPUT E
"network:get_dns_entries_by_address": "",
"network:get_dns_entries_by_name": "",
"network:create_private_dns_domain": "",
"network:create_public_dns_domain": "",
"network:delete_dns_domain": "",
"network:attach_external_network": "rule:admin_api"
}
2 .9 .2 .3. ro o t wrap.co nf
The ro o twrap. co nf file defines configuration values used by the rootwrap script when the
Compute service needs to escalate its privileges to those of the root user.
# Configuration for nova-rootwrap
# This file should be owned by (and only-writeable by) the root user
[DEFAULT]
# List of directories to load filter definitions from (separated by
',').
# These directories MUST all be only writeable by root !
filters_path=/etc/nova/rootwrap.d,/usr/share/nova/rootwrap
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin
# Enable logging to syslog
# Default value is False
use_syslog=False
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility=syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=ERROR
2.10. NEW, UPDAT ED AND DEPRECAT ED OPT IONS IN JUNO FOR
OPENST ACK COMPUT E
T ab le 2.6 2. N ew o p t io n s
24 9
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
250
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT]
b aremetal_s c hed uler_d efault_filters =
RetryFilter, Availab ilityZo neFilter,
Co mp uteFilter, Co mp uteCap ab ilities Filter,
Imag ePro p erties Filter, Exac tRamFilter,
Exac tDis kFilter, Exac tCo reFilter
(Lis tO p t) Whic h filter c las s names to us e fo r
filtering b aremetal ho s ts when no t s p ec ified
in the req ues t.
[DEFAULT] b lo c k_d evic e_allo c ate_retries =
60
(IntO p t) Numb er o f times to retry b lo c k
d evic e allo c atio n o n failures
[DEFAULT]
b lo c k_d evic e_allo c ate_retries _interval = 3
(IntO p t) Waiting time interval (s ec o nd s )
b etween b lo c k d evic e allo c atio n retries o n
failures
[DEFAULT] c o mp ute_res o urc es = vc p u
(Lis tO p t) The names o f the extra res o urc es
to trac k.
[DEFAULT] q uo ta_injec ted _file_p ath_leng th
= 255
(IntO p t) Leng th o f injec ted file p ath
[DEFAULT] q uo ta_s erver_g ro up _memb ers =
10
(IntO p t) Numb er o f s ervers p er s erver g ro up
[DEFAULT] q uo ta_s erver_g ro up s = 10
(IntO p t) Numb er o f s erver g ro up s p er
p ro jec t
[DEFAULT] s c hed uler_us e_b aremetal_filters
= Fals e
(Bo o lO p t) Flag to d ec id e whether to us e
b aremetal_s c hed uler_d efault_filters o r no t.
[DEFAULT] s hutd o wn_timeo ut = 6 0
(IntO p t) To tal amo unt o f time to wait in
s ec o nd s fo r an ins tanc e to p erfo rm a c lean
s hutd o wn.
[c ind er] ap i_ins ec ure = Fals e
(Bo o lO p t) Allo w to p erfo rm ins ec ure SSL
req ues ts to c ind er
[c ind er] c a_c ertific ates _file = No ne
(StrO p t) Lo c atio n o f c a c ertific ates file to us e
fo r c ind er c lient req ues ts .
[c ind er] c atalo g _info =
vo lume:c ind er:p ub lic URL
(StrO p t) Info to matc h when lo o king fo r
c ind er in the s ervic e c atalo g . Fo rmat is :
s ep arated values o f the fo rm:
< s ervic e_typ e> :< s ervic e_name> :
< end p o int_typ e>
[c ind er] c ro s s _az _attac h = True
(Bo o lO p t) Allo w attac h b etween ins tanc e and
vo lume in d ifferent availab ility z o nes .
CHAPT ER 2 . CO MPUT E
O p tio n = d efault value
(Typ e) Help s tring
[c ind er] end p o int_temp late = No ne
(StrO p t) O verrid e s ervic e c atalo g lo o kup
with temp late fo r c ind er end p o int e.g .
http ://lo c alho s t:8 776 /v1/% (p ro jec t_id )s
[c ind er] http _retries = 3
(IntO p t) Numb er o f c ind erc lient retries o n
failed http c alls
[c ind er] http _timeo ut = No ne
(IntO p t) HTTP inac tivity timeo ut (in s ec o nd s )
[c ind er] o s _reg io n_name = No ne
(StrO p t) Reg io n name o f this no d e
[d atab as e] us e_tp o o l = Fals e
(Bo o lO p t) Enab le the exp erimental us e o f
thread p o o ling fo r all DB API c alls
[ep hemeral_s to rag e_enc ryp tio n] c ip her =
aes -xts -p lain6 4
(StrO p t) The c ip her and mo d e to b e us ed to
enc ryp t ep hemeral s to rag e. Whic h c ip hers
are availab le c ip hers d ep end s o n kernel
s up p o rt. See /p ro c /c ryp to fo r the lis t o f
availab le o p tio ns .
[ep hemeral_s to rag e_enc ryp tio n] enab led =
Fals e
(Bo o lO p t) Whether to enc ryp t ep hemeral
s to rag e
[ep hemeral_s to rag e_enc ryp tio n] key_s iz e =
512
(IntO p t) The b it leng th o f the enc ryp tio n key
to b e us ed to enc ryp t ep hemeral s to rag e (in
XTS mo d e o nly half o f the b its are us ed fo r
enc ryp tio n key)
[g lanc e] allo wed _d irec t_url_s c hemes =
(Lis tO p t) A lis t o f url s c heme that c an b e
d o wnlo ad ed d irec tly via the d irec t_url.
Currently s up p o rted s c hemes : [file].
[g lanc e] ap i_ins ec ure = Fals e
(Bo o lO p t) Allo w to p erfo rm ins ec ure SSL
(http s ) req ues ts to g lanc e
[g lanc e] ap i_s ervers = No ne
(Lis tO p t) A lis t o f the g lanc e ap i s ervers
availab le to no va. Prefix with http s :// fo r s s lb as ed g lanc e ap i s ervers .
([ho s tname|ip ]:p o rt)
[g lanc e] ho s t = $ my_ip
(StrO p t) Default g lanc e ho s tname o r IP
ad d res s
[g lanc e] num_retries = 0
(IntO p t) Numb er o f retries when d o wnlo ad ing
an imag e fro m g lanc e
[g lanc e] p o rt = 9 29 2
(IntO p t) Default g lanc e p o rt
[g lanc e] p ro to c o l = http
(StrO p t) Default p ro to c o l to us e when
c o nnec ting to g lanc e. Set to http s fo r SSL.
251
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
252
O p tio n = d efault value
(Typ e) Help s tring
[hyp erv] wait_s o ft_reb o o t_s ec o nd s = 6 0
(IntO p t) Numb er o f s ec o nd s to wait fo r
ins tanc e to s hut d o wn after s o ft reb o o t
req ues t is mad e. We fall b ac k to hard reb o o t
if ins tanc e d o es no t s hutd o wn within this
wind o w.
[iro nic ] ad min_auth_to ken = No ne
(StrO p t) Iro nic keys to ne auth to ken.
[iro nic ] ad min_p as s wo rd = No ne
(StrO p t) Iro nic keys to ne ad min p as s wo rd .
[iro nic ] ad min_tenant_name = No ne
(StrO p t) Iro nic keys to ne tenant name.
[iro nic ] ad min_url = No ne
(StrO p t) Keys to ne p ub lic API end p o int.
[iro nic ] ad min_us ername = No ne
(StrO p t) Iro nic keys to ne ad min name
[iro nic ] ap i_end p o int = No ne
(StrO p t) URL fo r Iro nic API end p o int.
[iro nic ] ap i_max_retries = 6 0
(IntO p t) Ho w many retries when a req ues t
d o es c o nflic t.
[iro nic ] ap i_retry_interval = 2
(IntO p t) Ho w o ften to retry in s ec o nd s when a
req ues t d o es c o nflic t
[iro nic ] ap i_vers io n = 1
(IntO p t) Vers io n o f Iro nic API s ervic e
end p o int.
[iro nic ] c lient_lo g _level = No ne
(StrO p t) Lo g level o verrid e fo r iro nic c lient.
Set this in o rd er to o verrid e the g lo b al
" d efault_lo g _levels " , " verb o s e" , and
" d eb ug " s etting s .
[keys to ne_authto ken]
c hec k_revo c atio ns _fo r_c ac hed = Fals e
(Bo o lO p t) If true, the revo c atio n lis t will b e
c hec ked fo r c ac hed to kens . This req uires
that PKI to kens are c o nfig ured o n the
Keys to ne s erver.
[keys to ne_authto ken] has h_alg o rithms = md 5
(Lis tO p t) Has h alg o rithms to us e fo r has hing
PKI to kens . This may b e a s ing le alg o rithm
o r multip le. The alg o rithms are tho s e
s up p o rted b y Pytho n s tand ard has hlib .new().
The has hes will b e tried in the o rd er g iven,
s o p ut the p referred o ne firs t fo r
p erfo rmanc e. The res ult o f the firs t has h will
b e s to red in the c ac he. This will typ ic ally b e
s et to multip le values o nly while mig rating
fro m a les s s ec ure alg o rithm to a mo re
s ec ure o ne. O nc e all the o ld to kens are
exp ired this o p tio n s ho uld b e s et to a s ing le
value fo r b etter p erfo rmanc e.
CHAPT ER 2 . CO MPUT E
O p tio n = d efault value
(Typ e) Help s tring
[keys to ne_authto ken] id entity_uri = No ne
(StrO p t) Co mp lete ad min Id entity API
end p o int. This s ho uld s p ec ify the
unvers io ned ro o t end p o int e.g .
http s ://lo c alho s t:35357/
[lib virt] g id _map s =
(Lis tO p t) Lis t o f g uid targ ets and
rang es .Syntax is g ues t-g id :ho s tg id :c o untMaximum o f 5 allo wed .
[lib virt] hw_d is k_d is c ard = No ne
(StrO p t) Dis c ard o p tio n fo r no va manag ed
d is ks (valid o p tio ns are: ig no re, unmap ).
Need Lib virt(1.0 .6 ) Q emu1.5 (raw fo rmat)
Q emu1.6 (q c o w2 fo rmat)
[lib virt] hw_mac hine_typ e = No ne
(Lis tO p t) Fo r q emu o r KVM g ues ts , s et this
o p tio n to s p ec ify a d efault mac hine typ e p er
ho s t arc hitec ture. Yo u c an find a lis t o f
s up p o rted mac hine typ es in yo ur
enviro nment b y c hec king the o utp ut o f the
" virs h c ap ab ilities " c o mmand . The fo rmat o f
the value fo r this c o nfig o p tio n is ho s tarc h=mac hine-typ e. Fo r examp le:
x8 6 _6 4=mac hinetyp e1,armv7l=mac hinetyp e2
[lib virt] mem_s tats _p erio d _s ec o nd s = 10
(IntO p t) A numb er o f s ec o nd s to memo ry
us ag e s tatis tic s p erio d . Zero o r neg ative
value mean to d is ab le memo ry us ag e
s tatis tic s .
[lib virt] s ys info _s erial = auto
(StrO p t) The d ata s o urc e us ed to the
p o p ulate the ho s t " s erial" UUID exp o s ed to
g ues t in the virtual BIO S. Permitted o p tio ns
are " hard ware" , " o s " , " no ne" o r " auto "
(d efault).
[lib virt] uid _map s =
(Lis tO p t) Lis t o f uid targ ets and
rang es .Syntax is g ues t-uid :ho s tuid :c o untMaximum o f 5 allo wed .
[neutro n] ad min_auth_url =
http ://lo c alho s t:50 0 0 /v2.0
(StrO p t) Autho riz atio n URL fo r c o nnec ting to
neutro n in ad min c o ntext
[neutro n] ad min_p as s wo rd = No ne
(StrO p t) Pas s wo rd fo r c o nnec ting to neutro n
in ad min c o ntext
[neutro n] ad min_tenant_id = No ne
(StrO p t) Tenant id fo r c o nnec ting to neutro n
in ad min c o ntext
253
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
254
O p tio n = d efault value
(Typ e) Help s tring
[neutro n] ad min_tenant_name = No ne
(StrO p t) Tenant name fo r c o nnec ting to
neutro n in ad min c o ntext. This o p tio n will b e
ig no red if neutro n_ad min_tenant_id is s et.
No te that with Keys to ne V3 tenant names are
o nly uniq ue within a d o main.
[neutro n] ad min_us er_id = No ne
(StrO p t) Us er id fo r c o nnec ting to neutro n in
ad min c o ntext
[neutro n] ad min_us ername = No ne
(StrO p t) Us ername fo r c o nnec ting to neutro n
in ad min c o ntext
[neutro n] allo w_d up lic ate_netwo rks = Fals e
(Bo o lO p t) Allo w an ins tanc e to have multip le
vNICs attac hed to the s ame Neutro n netwo rk.
[neutro n] ap i_ins ec ure = Fals e
(Bo o lO p t) If s et, ig no re any SSL valid atio n
is s ues
[neutro n] auth_s trateg y = keys to ne
(StrO p t) Autho riz atio n s trateg y fo r
c o nnec ting to neutro n in ad min c o ntext
[neutro n] c a_c ertific ates _file = No ne
(StrO p t) Lo c atio n o f CA c ertific ates file to
us e fo r neutro n c lient req ues ts .
[neutro n] extens io n_s ync _interval = 6 0 0
(IntO p t) Numb er o f s ec o nd s b efo re q uerying
neutro n fo r extens io ns
[neutro n] metad ata_p ro xy_s hared _s ec ret =
(StrO p t) Shared s ec ret to valid ate p ro xies
Neutro n metad ata req ues ts
[neutro n] o vs _b rid g e = b r-int
(StrO p t) Name o f Integ ratio n Brid g e us ed b y
O p en vSwitc h
[neutro n] reg io n_name = No ne
(StrO p t) Reg io n name fo r c o nnec ting to
neutro n in ad min c o ntext
[neutro n] s ervic e_metad ata_p ro xy = Fals e
(Bo o lO p t) Set flag to ind ic ate Neutro n will
p ro xy metad ata req ues ts and res o lve
ins tanc e id s .
[neutro n] url = http ://127.0 .0 .1:9 6 9 6
(StrO p t) URL fo r c o nnec ting to neutro n
[neutro n] url_timeo ut = 30
(IntO p t) Timeo ut value fo r c o nnec ting to
neutro n in s ec o nd s
[s erial_c o ns o le] b as e_url =
ws ://127.0 .0 .1:6 0 8 3/
(StrO p t) Lo c atio n o f s erial c o ns o le p ro xy.
[s erial_c o ns o le] enab led = Fals e
(Bo o lO p t) Enab le s erial c o ns o le related
features
CHAPT ER 2 . CO MPUT E
O p tio n = d efault value
(Typ e) Help s tring
[s erial_c o ns o le] lis ten = 127.0 .0 .1
(StrO p t) IP ad d res s o n whic h ins tanc e s erial
c o ns o le s ho uld lis ten
[s erial_c o ns o le] p o rt_rang e = 10 0 0 0 :20 0 0 0
(StrO p t) Rang e o f TCP p o rts to us e fo r s erial
p o rts o n c o mp ute ho s ts
[s erial_c o ns o le] p ro xyc lient_ad d res s =
127.0 .0 .1
(StrO p t) The ad d res s to whic h p ro xy c lients
(like no va-s erialp ro xy) s ho uld c o nnec t
[trus ted _c o mp uting ] attes tatio n_ins ec ure_s s l
= Fals e
(Bo o lO p t) Dis ab le SSL c ert verific atio n fo r
Attes tatio n s ervic e
[vmware] ho s t_p o rt = 443
(IntO p t) Po rt fo r c o nnec tio n to VMware VC
ho s t.
T ab le 2.6 3. N ew d ef au lt valu es
O p tio n
Previo us d efault value
New d efault value
[DEFAULT] auth_s trateg y
no auth
keys to ne
[DEFAULT]
d efault_lo g _levels
amq p =WARN,
amq p lib =WARN,
b o to =WARN, q p id =WARN,
s q lalc hemy=WARN,
s ud s =INFO ,
o s lo .mes s ag ing =INFO ,
is o 8 6 0 1=WARN
amq p =WARN,
amq p lib =WARN,
b o to =WARN, q p id =WARN,
s q lalc hemy=WARN,
s ud s =INFO ,
o s lo .mes s ag ing =INFO ,
is o 8 6 0 1=WARN,
req ues ts .p ac kag es .urllib 3.c
o nnec tio np o o l=WARN,
urllib 3.c o nnec tio np o o l=WAR
N, web s o c ket=WARN,
keys to nemid d leware=WARN,
ro utes .mid d leware=WARN,
s teved o re=WARN
[DEFAULT] d hc p _leas e_time
120
8 6 40 0
[DEFAULT]
lo g g ing _c o ntext_fo rmat_s tri
ng
% (as c time)s .% (ms ec s )0 3d
% (p ro c es s )d % (levelname)s
% (name)s [% (req ues t_id )s
% (us er)s % (tenant)s ] %
(ins tanc e)s % (mes s ag e)s
% (as c time)s .% (ms ec s )0 3d
% (p ro c es s )d % (levelname)s
% (name)s [% (req ues t_id )s
% (us er_id entity)s ] %
(ins tanc e)s % (mes s ag e)s
[d atab as e] mys q l_s q l_mo d e
No ne
TRADITIO NAL
[d atab as e] s q lite_d b
no va.s q lite
o s lo .s q lite
255
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
O p tio n
Previo us d efault value
New d efault value
[keys to ne_authto ken]
revo c atio n_c ac he_time
30 0
10
[lib virt] b lo c k_mig ratio n_flag
VIR_MIG RATE_UNDEFINE_
SO URCE,
VIR_MIG RATE_PEER2PEER
,
VIR_MIG RATE_NO N_SHAR
ED_INC
VIR_MIG RATE_UNDEFINE_
SO URCE,
VIR_MIG RATE_PEER2PEER
, VIR_MIG RATE_LIVE,
VIR_MIG RATE_TUNNELLED
,
VIR_MIG RATE_NO N_SHAR
ED_INC
[lib virt] live_mig ratio n_flag
VIR_MIG RATE_UNDEFINE_
SO URCE,
VIR_MIG RATE_PEER2PEER
VIR_MIG RATE_UNDEFINE_
SO URCE,
VIR_MIG RATE_PEER2PEER
, VIR_MIG RATE_LIVE,
VIR_MIG RATE_TUNNELLED
T ab le 2.6 4 . D ep recat ed o p t io n s
256
Dep rec ated o p tio n
New O p tio n
[DEFAULT] q uo ta_injec ted _file_p ath_b ytes
[DEFAULT] q uo ta_injec ted _file_p ath_leng th
[DEFAULT] neutro n_url
[neutro n] url
[DEFAULT] neutro n_c a_c ertific ates _file
[neutro n] c a_c ertific ates _file
[DEFAULT] neutro n_ap i_ins ec ure
[neutro n] ap i_ins ec ure
[DEFAULT] neutro n_ad min_us ername
[neutro n] ad min_us ername
[DEFAULT] neutro n_auth_s trateg y
[neutro n] auth_s trateg y
[DEFAULT] g lanc e_ap i_s ervers
[g lanc e] ap i_s ervers
[DEFAULT] neutro n_ad min_tenant_id
[neutro n] ad min_tenant_id
[DEFAULT] neutro n_ad min_tenant_name
[neutro n] ad min_tenant_name
[DEFAULT]
neutro n_metad ata_p ro xy_s hared _s ec ret
[neutro n] metad ata_p ro xy_s hared _s ec ret
[DEFAULT] g lanc e_p o rt
[g lanc e] p o rt
[DEFAULT] neutro n_reg io n_name
[neutro n] reg io n_name
CHAPT ER 2 . CO MPUT E
Dep rec ated o p tio n
New O p tio n
[DEFAULT] neutro n_ad min_p as s wo rd
[neutro n] ad min_p as s wo rd
[DEFAULT] g lanc e_num_retries
[g lanc e] num_retries
[DEFAULT] s ervic e_neutro n_metad ata_p ro xy
[neutro n] s ervic e_metad ata_p ro xy
[DEFAULT] g lanc e_p ro to c o l
[g lanc e] p ro to c o l
[DEFAULT] neutro n_o vs _b rid g e
[neutro n] o vs _b rid g e
[DEFAULT] g lanc e_ap i_ins ec ure
[g lanc e] ap i_ins ec ure
[DEFAULT] g lanc e_ho s t
[g lanc e] ho s t
[DEFAULT] neutro n_ad min_auth_url
[neutro n] ad min_auth_url
[DEFAULT] neutro n_extens io n_s ync _interval
[neutro n] extens io n_s ync _interval
[DEFAULT] neutro n_url_timeo ut
[neutro n] url_timeo ut
257
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
CHAPTER 3. DASHBOARD
This chapter describes how to configure the OpenStack dashboard with Apache web server.
3.1. SAMPLE CONFIGURAT ION FILES
Find the following files in /etc/o penstack-d ashbo ard .
3.1.1. keyst one_policy.json
The keysto ne_po l i cy. jso n file defines additional access controls for the dashboard
that apply to the Identity service.
Note
The keysto ne_po l i cy. jso n file must match the Identity service
/etc/keysto ne/po l i cy. jso n policy file.
{
"admin_required": [
[
"role:admin"
],
[
"is_admin:1"
]
],
"service_role": [
[
"role:service"
]
],
"service_or_admin": [
[
"rule:admin_required"
],
[
"rule:service_role"
]
],
"owner": [
[
"user_id:%(user_id)s"
]
],
"admin_or_owner": [
[
"rule:admin_required"
],
[
258
CHAPT ER 3. DASHBO ARD
"rule:owner"
]
],
"default": [
[
"rule:admin_required"
]
],
"identity:get_service": [
[
"rule:admin_required"
]
],
"identity:list_services": [
[
"rule:admin_required"
]
],
"identity:create_service": [
[
"rule:admin_required"
]
],
"identity:update_service": [
[
"rule:admin_required"
]
],
"identity:delete_service": [
[
"rule:admin_required"
]
],
"identity:get_endpoint": [
[
"rule:admin_required"
]
],
"identity:list_endpoints": [
[
"rule:admin_required"
]
],
"identity:create_endpoint": [
[
"rule:admin_required"
]
],
"identity:update_endpoint": [
[
"rule:admin_required"
]
],
"identity:delete_endpoint": [
[
"rule:admin_required"
259
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
]
],
"identity:get_domain": [
[
"rule:admin_required"
]
],
"identity:list_domains": [
[
"rule:admin_required"
]
],
"identity:create_domain": [
[
"rule:admin_required"
]
],
"identity:update_domain": [
[
"rule:admin_required"
]
],
"identity:delete_domain": [
[
"rule:admin_required"
]
],
"identity:get_project": [
[
"rule:admin_required"
]
],
"identity:list_projects": [
[
"rule:admin_required"
]
],
"identity:list_user_projects": [
[
"rule:admin_or_owner"
]
],
"identity:create_project": [
[
"rule:admin_required"
]
],
"identity:update_project": [
[
"rule:admin_required"
]
],
"identity:delete_project": [
[
"rule:admin_required"
]
260
CHAPT ER 3. DASHBO ARD
],
"identity:get_user": [
[
"rule:admin_required"
]
],
"identity:list_users": [
[
"rule:admin_required"
]
],
"identity:create_user": [
[
"rule:admin_required"
]
],
"identity:update_user": [
[
"rule:admin_or_owner"
]
],
"identity:delete_user": [
[
"rule:admin_required"
]
],
"identity:get_group": [
[
"rule:admin_required"
]
],
"identity:list_groups": [
[
"rule:admin_required"
]
],
"identity:list_groups_for_user": [
[
"rule:admin_or_owner"
]
],
"identity:create_group": [
[
"rule:admin_required"
]
],
"identity:update_group": [
[
"rule:admin_required"
]
],
"identity:delete_group": [
[
"rule:admin_required"
]
],
261
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
"identity:list_users_in_group": [
[
"rule:admin_required"
]
],
"identity:remove_user_from_group": [
[
"rule:admin_required"
]
],
"identity:check_user_in_group": [
[
"rule:admin_required"
]
],
"identity:add_user_to_group": [
[
"rule:admin_required"
]
],
"identity:get_credential": [
[
"rule:admin_required"
]
],
"identity:list_credentials": [
[
"rule:admin_required"
]
],
"identity:create_credential": [
[
"rule:admin_required"
]
],
"identity:update_credential": [
[
"rule:admin_required"
]
],
"identity:delete_credential": [
[
"rule:admin_required"
]
],
"identity:get_role": [
[
"rule:admin_required"
]
],
"identity:list_roles": [
[
"rule:admin_required"
]
],
"identity:create_role": [
262
CHAPT ER 3. DASHBO ARD
[
"rule:admin_required"
]
],
"identity:update_role": [
[
"rule:admin_required"
]
],
"identity:delete_role": [
[
"rule:admin_required"
]
],
"identity:check_grant": [
[
"rule:admin_required"
]
],
"identity:list_grants": [
[
"rule:admin_required"
]
],
"identity:create_grant": [
[
"rule:admin_required"
]
],
"identity:revoke_grant": [
[
"rule:admin_required"
]
],
"identity:list_role_assignments": [
[
"rule:admin_required"
]
],
"identity:get_policy": [
[
"rule:admin_required"
]
],
"identity:list_policies": [
[
"rule:admin_required"
]
],
"identity:create_policy": [
[
"rule:admin_required"
]
],
"identity:update_policy": [
[
263
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
"rule:admin_required"
]
],
"identity:delete_policy": [
[
"rule:admin_required"
]
],
"identity:check_token": [
[
"rule:admin_required"
]
],
"identity:validate_token": [
[
"rule:service_or_admin"
]
],
"identity:validate_token_head": [
[
"rule:service_or_admin"
]
],
"identity:revocation_list": [
[
"rule:service_or_admin"
]
],
"identity:revoke_token": [
[
"rule:admin_or_owner"
]
],
"identity:create_trust": [
[
"user_id:%(trust.trustor_user_id)s"
]
],
"identity:get_trust": [
[
"rule:admin_or_owner"
]
],
"identity:list_trusts": [
[
"@ "
]
],
"identity:list_roles_for_trust": [
[
"@ "
]
],
"identity:check_role_for_trust": [
[
"@ "
264
CHAPT ER 3. DASHBO ARD
]
],
"identity:get_role_for_trust": [
[
"@ "
]
],
"identity:delete_trust": [
[
"@ "
]
]
}
3.1.2. nova_policy.json
The no va_po l i cy. jso n file defines additional access controls for the dashboard that
apply to the Compute service.
Note
The no va_po l i cy. jso n file must match the Compute
/etc/no va/po l i cy. jso n policy file.
{
"context_is_admin": "role:admin",
"admin_or_owner": "is_admin:True or project_id:%(project_id)s",
"default": "rule:admin_or_owner",
"cells_scheduler_filter:TargetCellFilter": "is_admin:True",
"compute:create": "",
"compute:create:attach_network": "",
"compute:create:attach_volume": "",
"compute:create:forced_host": "is_admin:True",
"compute:get_all": "",
"compute:get_all_tenants": "",
"compute:unlock_override": "rule:admin_api",
"compute:shelve": "",
"compute:shelve_offload": "",
"compute:unshelve": "",
"admin_api": "is_admin:True",
"compute_extension:accounts": "rule:admin_api",
"compute_extension:admin_actions": "rule:admin_api",
"compute_extension:admin_actions:pause": "rule:admin_or_owner",
"compute_extension:admin_actions:unpause": "rule:admin_or_owner",
"compute_extension:admin_actions:suspend": "rule:admin_or_owner",
"compute_extension:admin_actions:resume": "rule:admin_or_owner",
"compute_extension:admin_actions:lock": "rule:admin_or_owner",
"compute_extension:admin_actions:unlock": "rule:admin_or_owner",
"compute_extension:admin_actions:resetNetwork": "rule:admin_api",
"compute_extension:admin_actions:injectNetworkInfo":
"rule:admin_api",
"compute_extension:admin_actions:createBackup":
265
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
"rule:admin_or_owner",
"compute_extension:admin_actions:migrateLive": "rule:admin_api",
"compute_extension:admin_actions:resetState": "rule:admin_api",
"compute_extension:admin_actions:migrate": "rule:admin_api",
"compute_extension:v3:os-admin-actions": "rule:admin_api",
"compute_extension:v3:os-admin-actions:pause":
"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:unpause":
"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:suspend":
"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:resume":
"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:lock":
"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:unlock":
"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:reset_network":
"rule:admin_api",
"compute_extension:v3:os-admin-actions:inject_network_info":
"rule:admin_api",
"compute_extension:v3:os-admin-actions:create_backup":
"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:migrate_live":
"rule:admin_api",
"compute_extension:v3:os-admin-actions:reset_state":
"rule:admin_api",
"compute_extension:v3:os-admin-actions:migrate": "rule:admin_api",
"compute_extension:v3:os-admin-password": "",
"compute_extension:aggregates": "rule:admin_api",
"compute_extension:v3:os-aggregates": "rule:admin_api",
"compute_extension:agents": "rule:admin_api",
"compute_extension:v3:os-agents": "rule:admin_api",
"compute_extension:attach_interfaces": "",
"compute_extension:v3:os-attach-interfaces": "",
"compute_extension:baremetal_nodes": "rule:admin_api",
"compute_extension:v3:os-baremetal-nodes": "rule:admin_api",
"compute_extension:cells": "rule:admin_api",
"compute_extension:v3:os-cells": "rule:admin_api",
"compute_extension:certificates": "",
"compute_extension:v3:os-certificates": "",
"compute_extension:cloudpipe": "rule:admin_api",
"compute_extension:cloudpipe_update": "rule:admin_api",
"compute_extension:console_output": "",
"compute_extension:v3:consoles:discoverable": "",
"compute_extension:v3:os-console-output": "",
"compute_extension:consoles": "",
"compute_extension:v3:os-remote-consoles": "",
"compute_extension:coverage_ext": "rule:admin_api",
"compute_extension:v3:os-coverage": "rule:admin_api",
"compute_extension:createserverext": "",
"compute_extension:deferred_delete": "",
"compute_extension:v3:os-deferred-delete": "",
"compute_extension:disk_config": "",
"compute_extension:evacuate": "rule:admin_api",
"compute_extension:v3:os-evacuate": "rule:admin_api",
266
CHAPT ER 3. DASHBO ARD
"compute_extension:extended_server_attributes": "rule:admin_api",
"compute_extension:v3:os-extended-server-attributes":
"rule:admin_api",
"compute_extension:extended_status": "",
"compute_extension:v3:os-extended-status": "",
"compute_extension:extended_availability_zone": "",
"compute_extension:v3:os-extended-availability-zone": "",
"compute_extension:extended_ips": "",
"compute_extension:extended_ips_mac": "",
"compute_extension:extended_vif_net": "",
"compute_extension:v3:extension_info:discoverable": "",
"compute_extension:extended_volumes": "",
"compute_extension:v3:os-extended-volumes": "",
"compute_extension:v3:os-extended-volumes:attach": "",
"compute_extension:v3:os-extended-volumes:detach": "",
"compute_extension:fixed_ips": "rule:admin_api",
"compute_extension:v3:os-fixed-ips:discoverable": "",
"compute_extension:v3:os-fixed-ips": "rule:admin_api",
"compute_extension:flavor_access": "",
"compute_extension:v3:os-flavor-access": "",
"compute_extension:flavor_disabled": "",
"compute_extension:v3:os-flavor-disabled": "",
"compute_extension:flavor_rxtx": "",
"compute_extension:v3:os-flavor-rxtx": "",
"compute_extension:flavor_swap": "",
"compute_extension:flavorextradata": "",
"compute_extension:flavorextraspecs:index": "",
"compute_extension:flavorextraspecs:show": "",
"compute_extension:flavorextraspecs:create": "rule:admin_api",
"compute_extension:flavorextraspecs:update": "rule:admin_api",
"compute_extension:flavorextraspecs:delete": "rule:admin_api",
"compute_extension:v3:flavor-extra-specs:index": "",
"compute_extension:v3:flavor-extra-specs:show": "",
"compute_extension:v3:flavor-extra-specs:create":
"rule:admin_api",
"compute_extension:v3:flavor-extra-specs:update":
"rule:admin_api",
"compute_extension:v3:flavor-extra-specs:delete":
"rule:admin_api",
"compute_extension:flavormanage": "rule:admin_api",
"compute_extension:floating_ip_dns": "",
"compute_extension:floating_ip_pools": "",
"compute_extension:floating_ips": "",
"compute_extension:floating_ips_bulk": "rule:admin_api",
"compute_extension:fping": "",
"compute_extension:fping:all_tenants": "rule:admin_api",
"compute_extension:hide_server_addresses": "is_admin:False",
"compute_extension:v3:os-hide-server-addresses": "is_admin:False",
"compute_extension:hosts": "rule:admin_api",
"compute_extension:v3:os-hosts": "rule:admin_api",
"compute_extension:hypervisors": "rule:admin_api",
"compute_extension:v3:os-hypervisors": "rule:admin_api",
"compute_extension:image_size": "",
"compute_extension:v3:os-image-metadata": "",
"compute_extension:v3:os-images": "",
"compute_extension:instance_actions": "",
267
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
"compute_extension:v3:os-instance-actions": "",
"compute_extension:instance_actions:events": "rule:admin_api",
"compute_extension:v3:os-instance-actions:events":
"rule:admin_api",
"compute_extension:instance_usage_audit_log": "rule:admin_api",
"compute_extension:v3:os-instance-usage-audit-log":
"rule:admin_api",
"compute_extension:v3:ips:discoverable": "",
"compute_extension:keypairs": "",
"compute_extension:keypairs:index": "",
"compute_extension:keypairs:show": "",
"compute_extension:keypairs:create": "",
"compute_extension:keypairs:delete": "",
"compute_extension:v3:os-keypairs:discoverable": "",
"compute_extension:v3:os-keypairs": "",
"compute_extension:v3:os-keypairs:index": "",
"compute_extension:v3:os-keypairs:show": "",
"compute_extension:v3:os-keypairs:create": "",
"compute_extension:v3:os-keypairs:delete": "",
"compute_extension:multinic": "",
"compute_extension:v3:os-multinic": "",
"compute_extension:networks": "rule:admin_api",
"compute_extension:networks:view": "",
"compute_extension:networks_associate": "rule:admin_api",
"compute_extension:quotas:show": "",
"compute_extension:quotas:update": "rule:admin_api",
"compute_extension:quotas:delete": "rule:admin_api",
"compute_extension:v3:os-quota-sets:show": "",
"compute_extension:v3:os-quota-sets:update": "rule:admin_api",
"compute_extension:v3:os-quota-sets:delete": "rule:admin_api",
"compute_extension:quota_classes": "",
"compute_extension:v3:os-quota-class-sets": "",
"compute_extension:rescue": "",
"compute_extension:v3:os-rescue": "",
"compute_extension:security_group_default_rules":
"rule:admin_api",
"compute_extension:security_groups": "",
"compute_extension:v3:os-security-groups": "",
"compute_extension:server_diagnostics": "rule:admin_api",
"compute_extension:v3:os-server-diagnostics": "rule:admin_api",
"compute_extension:server_password": "",
"compute_extension:v3:os-server-password": "",
"compute_extension:server_usage": "",
"compute_extension:v3:os-server-usage": "",
"compute_extension:services": "rule:admin_api",
"compute_extension:v3:os-services": "rule:admin_api",
"compute_extension:v3:servers:discoverable": "",
"compute_extension:shelve": "",
"compute_extension:shelveOffload": "rule:admin_api",
"compute_extension:v3:os-shelve:shelve": "",
"compute_extension:v3:os-shelve:shelve_offload": "rule:admin_api",
"compute_extension:simple_tenant_usage:show":
"rule:admin_or_owner",
"compute_extension:v3:os-simple-tenant-usage:show":
"rule:admin_or_owner",
"compute_extension:simple_tenant_usage:list": "rule:admin_api",
268
CHAPT ER 3. DASHBO ARD
"compute_extension:v3:os-simple-tenant-usage:list":
"rule:admin_api",
"compute_extension:unshelve": "",
"compute_extension:v3:os-shelve:unshelve": "",
"compute_extension:users": "rule:admin_api",
"compute_extension:virtual_interfaces": "",
"compute_extension:virtual_storage_arrays": "",
"compute_extension:volumes": "",
"compute_extension:volume_attachments:index": "",
"compute_extension:volume_attachments:show": "",
"compute_extension:volume_attachments:create": "",
"compute_extension:volume_attachments:update": "",
"compute_extension:volume_attachments:delete": "",
"compute_extension:volumetypes": "",
"compute_extension:availability_zone:list": "",
"compute_extension:v3:os-availability-zone:list": "",
"compute_extension:availability_zone:detail": "rule:admin_api",
"compute_extension:v3:os-availability-zone:detail":
"rule:admin_api",
"compute_extension:used_limits_for_admin": "rule:admin_api",
"compute_extension:v3:os-used-limits": "",
"compute_extension:v3:os-used-limits:tenant": "rule:admin_api",
"compute_extension:migrations:index": "rule:admin_api",
"compute_extension:v3:os-migrations:index": "rule:admin_api",
"volume:create": "",
"volume:get_all": "",
"volume:get_volume_metadata": "",
"volume:get_snapshot": "",
"volume:get_all_snapshots": "",
"volume_extension:types_manage": "rule:admin_api",
"volume_extension:types_extra_specs": "rule:admin_api",
"volume_extension:volume_admin_actions:reset_status":
"rule:admin_api",
"volume_extension:snapshot_admin_actions:reset_status":
"rule:admin_api",
"volume_extension:volume_admin_actions:force_delete":
"rule:admin_api",
"network:get_all": "",
"network:get": "",
"network:create": "",
"network:delete": "",
"network:associate": "",
"network:disassociate": "",
"network:get_vifs_by_instance": "",
"network:allocate_for_instance": "",
"network:deallocate_for_instance": "",
"network:validate_networks": "",
"network:get_instance_uuids_by_ip_filter": "",
"network:get_instance_id_by_floating_address": "",
"network:setup_networks_on_host": "",
"network:get_backdoor_port": "",
"network:get_floating_ip": "",
"network:get_floating_ip_pools": "",
"network:get_floating_ip_by_address": "",
"network:get_floating_ips_by_project": "",
"network:get_floating_ips_by_fixed_address": "",
269
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
"network:allocate_floating_ip": "",
"network:deallocate_floating_ip": "",
"network:associate_floating_ip": "",
"network:disassociate_floating_ip": "",
"network:release_floating_ip": "",
"network:migrate_instance_start": "",
"network:migrate_instance_finish": "",
"network:get_fixed_ip": "",
"network:get_fixed_ip_by_address": "",
"network:add_fixed_ip_to_instance": "",
"network:remove_fixed_ip_from_instance": "",
"network:add_network_to_project": "",
"network:get_instance_nw_info": "",
"network:get_dns_domains": "",
"network:add_dns_entry": "",
"network:modify_dns_entry": "",
"network:delete_dns_entry": "",
"network:get_dns_entries_by_address": "",
"network:get_dns_entries_by_name": "",
"network:create_private_dns_domain": "",
"network:create_public_dns_domain": "",
"network:delete_dns_domain": ""
}
3.2. DASHBOARD LOG FILES
The dashboard is served to users through the Apache web server (httpd ).
As a result, dashboard-related logs appear in files in the /var/l o g /httpd or
/var/l o g /apache2 directory on the system where the dashboard is hosted. The following
table describes these files:
T ab le 3.1. D ash b o ard /h t t p d lo g f iles
270
Lo g file
Des c rip tio n
access_l o g
Lo g s all attemp ts to ac c es s the web s erver.
erro r_l o g
Lo g s all uns uc c es s ful attemp ts to ac c es s the web s erver, alo ng with
the reas o n that eac h attemp t failed .
CHAPT ER 4 . DAT ABASE SERVICE
CHAPTER 4. DATABASE SERVICE
The D atabase Service provides a scalable and reliable Cloud D atabase-as-a-Service
functionality for both relational and non-relational database engines.
The following tables provide a comprehensive list of the D atabase Service configuration
options.
T ab le 4 .1. D escrip t io n o f API co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ad min_ro les = ad min
(Lis tO p t) Ro les to ad d to an ad min us er.
ap i_p as te_c o nfig = ap i-p as te.ini
(StrO p t) File name fo r the p as te.d ep lo y
c o nfig fo r tro ve-ap i.
b ind _ho s t = 0 .0 .0 .0
(StrO p t) IP ad d res s the API s erver will lis ten
o n.
b ind _p o rt = 8 779
(IntO p t) Po rt the API s erver will lis ten o n.
b lac k_lis t_reg ex = No ne
(StrO p t) Exc lud e IP ad d res s es that matc h
this reg ular exp res s io n.
d b _ap i_imp lementatio n =
tro ve.d b .s q lalc hemy.ap i
(StrO p t) API Imp lementatio n fo r Tro ve
d atab as e ac c es s .
ho s tname_req uire_valid _ip = True
(Bo o lO p t) Req uire us er ho s tnames to b e
valid IP ad d res s es .
http _d elete_rate = 20 0
(IntO p t) Maximum numb er o f HTTP ' DELETE'
req ues ts (p er minute).
http _g et_rate = 20 0
(IntO p t) Maximum numb er o f HTTP ' G ET'
req ues ts (p er minute).
http _mg mt_p o s t_rate = 20 0
(IntO p t) Maximum numb er o f manag ement
HTTP ' PO ST' req ues ts (p er minute).
http _p o s t_rate = 20 0
(IntO p t) Maximum numb er o f HTTP ' PO ST'
req ues ts (p er minute).
http _p ut_rate = 20 0
(IntO p t) Maximum numb er o f HTTP ' PUT'
req ues ts (p er minute).
ins tanc es _p ag e_s iz e = 20
(IntO p t) Pag e s iz e fo r lis ting ins tanc es .
271
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
max_head er_line = 16 38 4
(IntO p t) Maximum line s iz e o f mes s ag e
head ers to b e ac c ep ted . max_head er_line
may need to b e inc reas ed when us ing larg e
to kens (typ ic ally tho s e g enerated b y the
Keys to ne v3 API with b ig s ervic e c atalo g s ).
o s _reg io n_name = No ne
(StrO p t) Reg io n name o f this no d e. Us ed
when s earc hing c atalo g .
reg io n = LO CAL_DEV
(StrO p t) The reg io n this s ervic e is lo c ated .
tc p _keep id le = 6 0 0
(IntO p t) Sets the value o f TCP_KEEPIDLE in
s ec o nd s fo r eac h s erver s o c ket. No t
s up p o rted o n O S X.
tro ve_ap i_wo rkers = No ne
(IntO p t) Numb er o f wo rkers fo r the API
s ervic e. The d efault will b e the numb er o f
CPUs availab le.
tro ve_auth_url = http ://0 .0 .0 .0 :50 0 0 /v2.0
(StrO p t) Tro ve authentic atio n URL.
tro ve_c o nd uc to r_wo rkers = No ne
(IntO p t) Numb er o f wo rkers fo r the
Co nd uc to r s ervic e. The d efault will b e the
numb er o f CPUs availab le.
tro ve_s ec urity_g ro up _name_p refix =
Sec G ro up
(StrO p t) Prefix to us e when c reating Sec urity
G ro up s .
tro ve_s ec urity_g ro up _rule_c id r = 0 .0 .0 .0 /0
(StrO p t) CIDR to us e when c reating Sec urity
G ro up Rules .
tro ve_s ec urity_g ro up s _s up p o rt = True
(Bo o lO p t) Whether Tro ve s ho uld ad d
Sec urity G ro up s o n c reate.
us ers _p ag e_s iz e = 20
(IntO p t) Pag e s iz e fo r lis ting us ers .
T ab le 4 .2. D escrip t io n o f au t h o riz at io n t o ken co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[keyst one_aut ht oken]
272
ad min_p as s wo rd = No ne
(StrO p t) Keys to ne ac c o unt p as s wo rd
ad min_tenant_name = ad min
(StrO p t) Keys to ne s ervic e ac c o unt tenant
name to valid ate us er to kens
CHAPT ER 4 . DAT ABASE SERVICE
Configurat ion opt ion = Default value
Descript ion
ad min_to ken = No ne
(StrO p t) This o p tio n is d ep rec ated and may
b e remo ved in a future releas e. Sing le
s hared s ec ret with the Keys to ne
c o nfig uratio n us ed fo r b o o ts trap p ing a
Keys to ne ins tallatio n, o r o therwis e
b yp as s ing the no rmal authentic atio n
p ro c es s . This o p tio n s ho uld no t b e us ed ,
us e `ad min_us er` and `ad min_p as s wo rd `
ins tead .
ad min_us er = No ne
(StrO p t) Keys to ne ac c o unt us ername
auth_ad min_p refix =
(StrO p t) Prefix to p rep end at the b eg inning
o f the p ath. Dep rec ated , us e id entity_uri.
auth_ho s t = 127.0 .0 .1
(StrO p t) Ho s t p ro vid ing the ad min Id entity
API end p o int. Dep rec ated , us e id entity_uri.
auth_p o rt = 35357
(IntO p t) Po rt o f the ad min Id entity API
end p o int. Dep rec ated , us e id entity_uri.
auth_p ro to c o l = http s
(StrO p t) Pro to c o l o f the ad min Id entity API
end p o int (http o r http s ). Dep rec ated , us e
id entity_uri.
auth_uri = No ne
(StrO p t) Co mp lete p ub lic Id entity API
end p o int
auth_vers io n = No ne
(StrO p t) API vers io n o f the ad min Id entity API
end p o int
c ac he = No ne
(StrO p t) Env key fo r the s wift c ac he
c afile = No ne
(StrO p t) A PEM enc o d ed Certific ate Autho rity
to us e when verifying HTTPs c o nnec tio ns .
Defaults to s ys tem CAs .
c ertfile = No ne
(StrO p t) Req uired if Keys to ne s erver
req uires c lient c ertific ate
c hec k_revo c atio ns _fo r_c ac hed = Fals e
(Bo o lO p t) If true, the revo c atio n lis t will b e
c hec ked fo r c ac hed to kens . This req uires
that PKI to kens are c o nfig ured o n the
Keys to ne s erver.
d elay_auth_d ec is io n = Fals e
(Bo o lO p t) Do no t hand le autho riz atio n
req ues ts within the mid d leware, b ut d eleg ate
the autho riz atio n d ec is io n to d o wns tream
WSG I c o mp o nents
273
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
274
Configurat ion opt ion = Default value
Descript ion
enfo rc e_to ken_b ind = p ermis s ive
(StrO p t) Us ed to c o ntro l the us e and typ e o f
to ken b ind ing . Can b e s et to : " d is ab led " to
no t c hec k to ken b ind ing . " p ermis s ive"
(d efault) to valid ate b ind ing info rmatio n if the
b ind typ e is o f a fo rm kno wn to the s erver
and ig no re it if no t. " s tric t" like " p ermis s ive"
b ut if the b ind typ e is unkno wn the to ken will
b e rejec ted . " req uired " any fo rm o f to ken
b ind ing is need ed to b e allo wed . Finally the
name o f a b ind ing metho d that mus t b e
p res ent in to kens .
has h_alg o rithms = md 5
(Lis tO p t) Has h alg o rithms to us e fo r has hing
PKI to kens . This may b e a s ing le alg o rithm
o r multip le. The alg o rithms are tho s e
s up p o rted b y Pytho n s tand ard has hlib .new().
The has hes will b e tried in the o rd er g iven,
s o p ut the p referred o ne firs t fo r
p erfo rmanc e. The res ult o f the firs t has h will
b e s to red in the c ac he. This will typ ic ally b e
s et to multip le values o nly while mig rating
fro m a les s s ec ure alg o rithm to a mo re
s ec ure o ne. O nc e all the o ld to kens are
exp ired this o p tio n s ho uld b e s et to a s ing le
value fo r b etter p erfo rmanc e.
http _c o nnec t_timeo ut = No ne
(Bo o lO p t) Req ues t timeo ut value fo r
c o mmunic ating with Id entity API s erver.
http _req ues t_max_retries = 3
(IntO p t) Ho w many times are we trying to
rec o nnec t when c o mmunic ating with Id entity
API Server.
id entity_uri = No ne
(StrO p t) Co mp lete ad min Id entity API
end p o int. This s ho uld s p ec ify the
unvers io ned ro o t end p o int e.g .
http s ://lo c alho s t:35357/
inc lud e_s ervic e_c atalo g = True
(Bo o lO p t) (o p tio nal) ind ic ate whether to s et
the X-Servic e-Catalo g head er. If Fals e,
mid d leware will no t as k fo r s ervic e c atalo g
o n to ken valid atio n and will no t s et the XServic e-Catalo g head er.
ins ec ure = Fals e
(Bo o lO p t) Verify HTTPS c o nnec tio ns .
keyfile = No ne
(StrO p t) Req uired if Keys to ne s erver
req uires c lient c ertific ate
CHAPT ER 4 . DAT ABASE SERVICE
Configurat ion opt ion = Default value
Descript ion
memc ac he_s ec ret_key = No ne
(StrO p t) (o p tio nal, mand ato ry if
memc ac he_s ec urity_s trateg y is d efined ) this
s tring is us ed fo r key d erivatio n.
memc ac he_s ec urity_s trateg y = No ne
(StrO p t) (o p tio nal) if d efined , ind ic ate
whether to ken d ata s ho uld b e authentic ated
o r authentic ated and enc ryp ted . Ac c ep tab le
values are MAC o r ENCRYPT. If MAC, to ken
d ata is authentic ated (with HMAC) in the
c ac he. If ENCRYPT, to ken d ata is enc ryp ted
and authentic ated in the c ac he. If the value is
no t o ne o f thes e o p tio ns o r emp ty,
auth_to ken will rais e an exc ep tio n o n
initializ atio n.
revo c atio n_c ac he_time = 10
(IntO p t) Determines the freq uenc y at whic h
the lis t o f revo ked to kens is retrieved fro m
the Id entity s ervic e (in s ec o nd s ). A hig h
numb er o f revo c atio n events c o mb ined with a
lo w c ac he d uratio n may s ig nific antly red uc e
p erfo rmanc e.
s ig ning _d ir = No ne
(StrO p t) Direc to ry us ed to c ac he files related
to PKI to kens
to ken_c ac he_time = 30 0
(IntO p t) In o rd er to p revent exc es s ive effo rt
s p ent valid ating to kens , the mid d leware
c ac hes p revio us ly-s een to kens fo r a
c o nfig urab le d uratio n (in s ec o nd s ). Set to -1
to d is ab le c ac hing c o mp letely.
T ab le 4 .3. D escrip t io n o f b acku p co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
b ac kup _aes _c b c _key = d efault_aes _c b c _key
(StrO p t) Default O p enSSL aes _c b c key.
b ac kup _c hunk_s iz e = 6 5536
(IntO p t) Chunk s iz e (in b ytes ) to s tream to
the Swift c o ntainer. This s ho uld b e in
multip les o f 128 b ytes , s inc e this is the s iz e
o f an md 5 d ig es t b lo c k allo wing the p ro c es s
to up d ate the file c hec ks um d uring
s treaming . See:
http ://s tac ko verflo w.c o m/q ues tio ns /1131220 /
275
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
b ac kup _runner =
tro ve.g ues tag ent.b ac kup .b ac kup _typ es .Inno
Bac kup Ex
(StrO p t) Runner to us e fo r b ac kup s .
b ac kup _runner_o p tio ns = {}
(Dic tO p t) Ad d itio nal o p tio ns to b e p as s ed to
the b ac kup runner.
b ac kup _s eg ment_max_s iz e = 214748 36 48
(IntO p t) Maximum s iz e (in b ytes ) o f eac h
s eg ment o f the b ac kup file.
b ac kup _s wift_c o ntainer = d atab as e_b ac kup s
(StrO p t) Swift c o ntainer to p ut b ac kup s in.
b ac kup _us e_g z ip _c o mp res s io n = True
(Bo o lO p t) Co mp res s b ac kup s us ing g z ip .
b ac kup _us e_o p ens s l_enc ryp tio n = True
(Bo o lO p t) Enc ryp t b ac kup s us ing O p enSSL.
b ac kup _us e_s net = Fals e
(Bo o lO p t) Send b ac kup files o ver s net.
b ac kup s _p ag e_s iz e = 20
(IntO p t) Pag e s iz e fo r lis ting b ac kup s .
T ab le 4 .4 . D escrip t io n o f C A an d SSL co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[ssl]
c a_file = No ne
(StrO p t) CA c ertific ate file to us e to verify
c o nnec ting c lients
c ert_file = No ne
(StrO p t) Certific ate file to us e when s tarting
the s erver s ec urely
key_file = No ne
(StrO p t) Private key file to us e when s tarting
the s erver s ec urely
T ab le 4 .5. D escrip t io n o f clien t s co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
remo te_c ind er_c lient =
tro ve.c o mmo n.remo te.c ind er_c lient
276
(StrO p t) Client to s end Cind er c alls to .
CHAPT ER 4 . DAT ABASE SERVICE
Configurat ion opt ion = Default value
Descript ion
remo te_d ns _c lient =
tro ve.c o mmo n.remo te.d ns _c lient
(StrO p t) Client to s end DNS c alls to .
remo te_g ues t_c lient =
tro ve.c o mmo n.remo te.g ues t_c lient
(StrO p t) Client to s end G ues t Ag ent c alls to .
remo te_heat_c lient =
tro ve.c o mmo n.remo te.heat_c lient
(StrO p t) Client to s end Heat c alls to .
remo te_neutro n_c lient =
tro ve.c o mmo n.remo te.neutro n_c lient
(StrO p t) Client to s end Neutro n c alls to .
remo te_no va_c lient =
tro ve.c o mmo n.remo te.no va_c lient
(StrO p t) Client to s end No va c alls to .
remo te_s wift_c lient =
tro ve.c o mmo n.remo te.s wift_c lient
(StrO p t) Client to s end Swift c alls to .
T ab le 4 .6 . D escrip t io n o f clu st er co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
c lus ter_d elete_time_o ut = 18 0
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a c lus ter d elete.
c lus ter_us ag e_timeo ut = 6 75
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a c lus ter to b ec o me ac tive.
c lus ters _p ag e_s iz e = 20
(IntO p t) Pag e s iz e fo r lis ting c lus ters .
T ab le 4 .7. D escrip t io n o f co mmo n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
c o nfig uratio ns _p ag e_s iz e = 20
(IntO p t) Pag e s iz e fo r lis ting c o nfig uratio ns .
d atab as es _p ag e_s iz e = 20
(IntO p t) Pag e s iz e fo r lis ting d atab as es .
277
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
d efault_d atas to re = No ne
(StrO p t) The d efault d atas to re id o r name to
us e if o ne is no t p ro vid ed b y the us er. If the
d efault value is No ne, the field b ec o mes
req uired in the ins tanc e c reate req ues t.
d efault_neutro n_netwo rks =
(Lis tO p t) Lis t o f IDs fo r manag ement
netwo rks whic h s ho uld b e attac hed to the
ins tanc e reg ard les s o f what NICs are
s p ec ified in the c reate API c all.
d efault_no tific atio n_level = INFO
(StrO p t) Default no tific atio n level fo r
o utg o ing no tific atio ns
d efault_p as s wo rd _leng th = 36
(IntO p t) Charac ter leng th o f g enerated
p as s wo rd s .
exp ec ted _filetyp e_s uffixes = js o n
(Lis tO p t) Filetyp e end ing s no t to b e
reattac hed to an ID b y the utils metho d
c o rrec t_id _with_req .
ho s t = 0 .0 .0 .0
(StrO p t) Ho s t to lis ten fo r RPC mes s ag es .
lo c k_p ath = No ne
(StrO p t) Direc to ry to us e fo r lo c k files .
memc ac hed _s ervers = No ne
(Lis tO p t) Memc ac hed s ervers o r No ne fo r in
p ro c es s c ac he.
p yb as ed ir = /us r/lib /p ytho n/s itep ac kag es /tro ve/tro ve
(StrO p t) Direc to ry where the Tro ve p ytho n
mo d ule is ins talled .
p yd ev_p ath = No ne
(StrO p t) Set p ath to p yd evd lib rary, us ed if
p yd evd is no t fo und in p ytho n s ys .p ath.
tas kmanag er_q ueue = tas kmanag er
(StrO p t) Mes s ag e q ueue name the
Tas kmanag er will lis ten to .
temp late_p ath = /etc /tro ve/temp lates /
(StrO p t) Path whic h lead s to d atas to re
temp lates .
us ag e_timeo ut = 6 0 0
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a G ues t to b ec o me ac tive.
[keyst one_aut ht oken]
memc ac hed _s ervers = No ne
278
(Lis tO p t) O p tio nally s p ec ify a lis t o f
memc ac hed s erver(s ) to us e fo r c ac hing . If
left und efined , to kens will ins tead b e c ac hed
in-p ro c es s .
CHAPT ER 4 . DAT ABASE SERVICE
T ab le 4 .8. D escrip t io n o f C o mp u t e co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ip _reg ex = No ne
(StrO p t) Lis t IP ad d res s es that matc h this
reg ular exp res s io n.
no va_c o mp ute_s ervic e_typ e = c o mp ute
(StrO p t) Servic e typ e to us e when s earc hing
c atalo g .
no va_c o mp ute_url = No ne
(StrO p t) URL witho ut the tenant s eg ment.
ro o t_g rant = ALL
(Lis tO p t) Permis s io ns to g rant to the ' ro o t'
us er.
ro o t_g rant_o p tio n = True
(Bo o lO p t) As s ig n the ' ro o t' us er G RANT
p ermis s io ns .
T ab le 4 .9 . D escrip t io n o f lo g g in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
b ac kd o o r_p o rt = No ne
(StrO p t) Enab le eventlet b ac kd o o r.
Ac c ep tab le values are 0 , < p o rt> , and
< s tart> :< end > , where 0 res ults in lis tening
o n a rand o m tc p p o rt numb er; < p o rt> res ults
in lis tening o n the s p ec ified p o rt numb er
(and no t enab ling b ac kd o o r if that p o rt is in
us e); and < s tart> :< end > res ults in lis tening
o n the s malles t unus ed p o rt numb er within
the s p ec ified rang e o f p o rt numb ers . The
c ho s en p o rt is d is p layed in the s ervic e' s lo g
file.
b ac klo g = 40 9 6
(IntO p t) Numb er o f b ac klo g req ues ts to
c o nfig ure the s o c ket with
d is ab le_p ro c es s _lo c king = Fals e
(Bo o lO p t) Whether to d is ab le inter-p ro c es s
lo c ks
p yd ev_d eb ug = d is ab led
(StrO p t) Enab le o r d is ab le p yd ev remo te
d eb ug g ing . If value is ' auto ' tries to c o nnec t
to remo te d eb ug g er s erver, b ut in c as e o f
erro r c o ntinues running with d eb ug g ing
d is ab led .
279
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
p yd ev_d eb ug _ho s t = No ne
(StrO p t) Pyd ev d eb ug s erver ho s t (lo c alho s t
b y d efault).
p yd ev_d eb ug _p o rt = No ne
(IntO p t) Pyd ev d eb ug s erver p o rt (56 78 b y
d efault).
T ab le 4 .10. D escrip t io n o f D N S co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
280
d ns _ac c o unt_id =
(StrO p t) Tenant ID fo r DNSaaS.
d ns _auth_url =
(StrO p t) Authentic atio n URL fo r DNSaaS.
d ns _d o main_id =
(StrO p t) Do main ID us ed fo r ad d ing DNS
entries .
d ns _d o main_name =
(StrO p t) Do main name us ed fo r ad d ing DNS
entries .
d ns _d river = tro ve.d ns .d river.Dns Driver
(StrO p t) Driver fo r DNSaaS.
d ns _end p o int_url = 0 .0 .0 .0
(StrO p t) End p o int URL fo r DNSaaS.
d ns _ho s tname =
(StrO p t) Ho s tname us ed fo r ad d ing DNS
entries .
d ns _ins tanc e_entry_fac to ry =
tro ve.d ns .d river.Dns Ins tanc eEntryFac to ry
(StrO p t) Fac to ry fo r ad d ing DNS entries .
d ns _manag ement_b as e_url =
(StrO p t) Manag ement URL fo r DNSaaS.
d ns _p as s key =
(StrO p t) Pas s key fo r DNSaaS.
d ns _reg io n =
(StrO p t) Reg io n name fo r DNSaaS.
d ns _s ervic e_typ e =
(StrO p t) Servic e Typ e fo r DNSaaS.
d ns _time_o ut = 120
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a DNS entry ad d .
d ns _ttl = 30 0
(IntO p t) Time (in s ec o nd s ) b efo re a refres h
o f DNS info rmatio n o c c urs .
d ns _us ername =
(StrO p t) Us ername fo r DNSaaS.
CHAPT ER 4 . DAT ABASE SERVICE
Configurat ion opt ion = Default value
Descript ion
tro ve_d ns _s up p o rt = Fals e
(Bo o lO p t) Whether Tro ve s ho uld ad d DNS
entries o n c reate (us ing Des ig nate DNSaaS).
T ab le 4 .11. D escrip t io n o f g u est ag en t co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ag ent_c all_hig h_timeo ut = 6 0
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r G ues t Ag ent ' s lo w' req ues ts (s uc h as
res tarting the d atab as e).
ag ent_c all_lo w_timeo ut = 5
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r G ues t Ag ent ' q uic k' req ues ts (s uc h as
retrieving a lis t o f us ers o r d atab as es ).
ag ent_heartb eat_time = 10
(IntO p t) Maximum time (in s ec o nd s ) fo r the
G ues t Ag ent to rep ly to a heartb eat req ues t.
ag ent_rep lic atio n_s nap s ho t_timeo ut =
36 0 0 0
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r taking a G ues t Ag ent rep lic atio n
s nap s ho t.
g ues t_c o nfig = $ p yb as ed ir/etc /tro ve/tro veg ues tag ent.c o nf.s amp le
(StrO p t) Path to the G ues t Ag ent c o nfig file.
g ues t_id = No ne
(StrO p t) ID o f the G ues t Ins tanc e.
ig no re_d b s = lo s t+ fo und , mys q l,
info rmatio n_s c hema
(Lis tO p t) Datab as es to exc lud e when lis ting
d atab as es .
ig no re_us ers = o s _ad min, ro o t
(Lis tO p t) Us ers to exc lud e when lis ting
us ers .
mo unt_o p tio ns = d efaults ,no atime
(StrO p t) O p tio ns to us e when mo unting a
vo lume.
s to rag e_names p ac e =
tro ve.g ues tag ent.s trateg ies .s to rag e.s wift
(StrO p t) Names p ac e to lo ad the d efault
s to rag e s trateg y fro m.
s to rag e_s trateg y = SwiftSto rag e
(StrO p t) Default s trateg y to s to re b ac kup s .
us ag e_s leep _time = 5
(IntO p t) Time to s leep d uring the c hec k fo r
an ac tive G ues t.
T ab le 4 .12. D escrip t io n o f O rch est rat io n mo d u le co n f ig u rat io n o p t io n s
281
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
heat_s ervic e_typ e = o rc hes tratio n
(StrO p t) Servic e typ e to us e when s earc hing
c atalo g .
heat_time_o ut = 6 0
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a Heat req ues t to c o mp lete.
heat_url = No ne
(StrO p t) URL witho ut the tenant s eg ment.
T ab le 4 .13. D escrip t io n o f lo g g in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
282
d eb ug = Fals e
(Bo o lO p t) Print d eb ug g ing o utp ut (s et
lo g g ing level to DEBUG ins tead o f d efault
WARNING level).
d efault_lo g _levels = amq p =WARN,
amq p lib =WARN, b o to =WARN, q p id =WARN,
s q lalc hemy=WARN, s ud s =INFO ,
o s lo .mes s ag ing =INFO , is o 8 6 0 1=WARN,
req ues ts .p ac kag es .urllib 3.c o nnec tio np o o l=
WARN, urllib 3.c o nnec tio np o o l=WARN,
web s o c ket=WARN
(Lis tO p t) Lis t o f lo g g er=LEVEL p airs .
fatal_d ep rec atio ns = Fals e
(Bo o lO p t) Enab les o r d is ab les fatal s tatus o f
d ep rec atio ns .
fo rmat_o p tio ns = -m 5
(StrO p t) O p tio ns to us e when fo rmatting a
vo lume.
ins tanc e_fo rmat = " [ins tanc e: % (uuid )s ] "
(StrO p t) The fo rmat fo r an ins tanc e that is
p as s ed with the lo g mes s ag e.
ins tanc e_uuid _fo rmat = " [ins tanc e: % (uuid )s ]
"
(StrO p t) The fo rmat fo r an ins tanc e UUID that
is p as s ed with the lo g mes s ag e.
lo g _c o nfig _ap p end = No ne
(StrO p t) The name o f a lo g g ing
c o nfig uratio n file. This file is ap p end ed to
any exis ting lo g g ing c o nfig uratio n files . Fo r
d etails ab o ut lo g g ing c o nfig uratio n files , s ee
the Pytho n lo g g ing mo d ule d o c umentatio n.
lo g _d ate_fo rmat = % Y-% m-% d % H:% M:% S
(StrO p t) Fo rmat s tring fo r % % (as c time)s in
lo g rec o rd s . Default: % (d efault)s .
CHAPT ER 4 . DAT ABASE SERVICE
Configurat ion opt ion = Default value
Descript ion
lo g _d ir = No ne
(StrO p t) (O p tio nal) The b as e d irec to ry us ed
fo r relative --lo g -file p aths .
lo g _file = No ne
(StrO p t) (O p tio nal) Name o f lo g file to o utp ut
to . If no d efault is s et, lo g g ing will g o to
s td o ut.
lo g _fo rmat = No ne
(StrO p t) DEPRECATED. A lo g g ing .Fo rmatter
lo g mes s ag e fo rmat s tring whic h may us e
any o f the availab le lo g g ing .Lo g Rec o rd
attrib utes . This o p tio n is d ep rec ated . Pleas e
us e lo g g ing _c o ntext_fo rmat_s tring and
lo g g ing _d efault_fo rmat_s tring ins tead .
lo g g ing _c o ntext_fo rmat_s tring = %
(as c time)s .% (ms ec s )0 3d % (p ro c es s )d %
(levelname)s % (name)s [% (req ues t_id )s %
(us er_id entity)s ] % (ins tanc e)s % (mes s ag e)s
(StrO p t) Fo rmat s tring to us e fo r lo g
mes s ag es with c o ntext.
lo g g ing _d eb ug _fo rmat_s uffix = %
(func Name)s % (p athname)s :% (lineno )d
(StrO p t) Data to ap p end to lo g fo rmat when
level is DEBUG .
lo g g ing _d efault_fo rmat_s tring = %
(as c time)s .% (ms ec s )0 3d % (p ro c es s )d %
(levelname)s % (name)s [-] % (ins tanc e)s %
(mes s ag e)s
(StrO p t) Fo rmat s tring to us e fo r lo g
mes s ag es witho ut c o ntext.
lo g g ing _exc ep tio n_p refix = % (as c time)s .%
(ms ec s )0 3d % (p ro c es s )d TRACE % (name)s
% (ins tanc e)s
(StrO p t) Prefix eac h line o f exc ep tio n o utp ut
with this fo rmat.
netwo rk_lab el_reg ex = ^p rivate$
(StrO p t) Reg ular exp res s io n to matc h Tro ve
netwo rk lab els .
p ub lis h_erro rs = Fals e
(Bo o lO p t) Enab les o r d is ab les p ub lic atio n
o f erro r events .
s ys lo g _lo g _fac ility = LO G _USER
(StrO p t) Sys lo g fac ility to rec eive lo g lines .
us e_s td err = True
(Bo o lO p t) Lo g o utp ut to s tand ard erro r.
us e_s ys lo g = Fals e
(Bo o lO p t) Us e s ys lo g fo r lo g g ing . Exis ting
s ys lo g fo rmat is DEPRECATED d uring I, and
will c hang e in J to ho no r RFC5424.
283
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
us e_s ys lo g _rfc _fo rmat = Fals e
(Bo o lO p t) (O p tio nal) Enab les o r d is ab les
s ys lo g rfc 5424 fo rmat fo r lo g g ing . If
enab led , p refixes the MSG p art o f the s ys lo g
mes s ag e with APP-NAME (RFC5424). The
fo rmat witho ut the APP-NAME is d ep rec ated
in I, and will b e remo ved in J.
verb o s e = Fals e
(Bo o lO p t) Print mo re verb o s e o utp ut (s et
lo g g ing level to INFO ins tead o f d efault
WARNING level).
T ab le 4 .14 . D escrip t io n o f n et wo rk co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
netwo rk_d river =
tro ve.netwo rk.no va.No vaNetwo rk
(StrO p t) Des c rib es the ac tual netwo rk
manag er us ed fo r the manag ement o f
netwo rk attrib utes (s ec urity g ro up s , flo ating
IPs , etc .).
neutro n_s ervic e_typ e = netwo rk
(StrO p t) Servic e typ e to us e when s earc hing
c atalo g .
neutro n_url = No ne
(StrO p t) URL witho ut the tenant s eg ment.
T ab le 4 .15. D escrip t io n o f n o va co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
no va_p ro xy_ad min_p as s =
(StrO p t) Ad min p as s wo rd us ed to c o nnec t to
No va.
no va_p ro xy_ad min_tenant_name =
(StrO p t) Ad min tenant us ed to c o nnec t to
No va.
no va_p ro xy_ad min_us er =
(StrO p t) Ad min us ername us ed to c o nnec t to
No va.
T ab le 4 .16 . D escrip t io n o f q u o t a co n f ig u rat io n o p t io n s
284
CHAPT ER 4 . DAT ABASE SERVICE
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
max_ac c ep ted _vo lume_s iz e = 5
(IntO p t) Default maximum vo lume s iz e (in
G B) fo r an ins tanc e.
max_b ac kup s _p er_us er = 50
(IntO p t) Default maximum numb er o f b ac kup s
c reated b y a tenant.
max_ins tanc es _p er_us er = 5
(IntO p t) Default maximum numb er o f
ins tanc es p er tenant.
max_vo lumes _p er_us er = 20
(IntO p t) Default maximum vo lume c ap ac ity (in
G B) s p anning ac ro s s all Tro ve vo lumes p er
tenant.
q uo ta_d river =
tro ve.q uo ta.q uo ta.Db Q uo taDriver
(StrO p t) Default d river to us e fo r q uo ta
c hec ks .
T ab le 4 .17. D escrip t io n o f R ed is co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[mat chmaker_redis]
ho s t = 127.0 .0 .1
(StrO p t) Ho s t to lo c ate red is
p as s wo rd = No ne
(StrO p t) Pas s wo rd fo r Red is s erver.
(o p tio nal)
p o rt = 6 379
(IntO p t) Us e this p o rt to c o nnec t to red is
ho s t.
[mat chmaker_ring]
ring file = /etc /o s lo /matc hmaker_ring .js o n
(StrO p t) Matc hmaker ring file (JSO N)
T ab le 4 .18. D escrip t io n o f t est in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
fake_rab b it = Fals e
(Bo o lO p t) If p as s ed , us e a fake Rab b itMQ
p ro vid er
285
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
T ab le 4 .19 . D escrip t io n o f swif t co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
s wift_s ervic e_typ e = o b jec t-s to re
(StrO p t) Servic e typ e to us e when s earc hing
c atalo g .
s wift_url = No ne
(StrO p t) URL end ing in AUTH_.
T ab le 4 .20. D escrip t io n o f t askman ag er co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
286
c lo ud init_lo c atio n = /etc /tro ve/c lo ud init
(StrO p t) Path to fo ld er with c lo ud init s c rip ts .
d atas to re_manag er = No ne
(StrO p t) Manag er c las s in the G ues t Ag ent,
s et up b y the Tas kmanag er o n ins tanc e
p ro vis io n.
d atas to re_reg is try_ext = {}
(Dic tO p t) Extens io n fo r d efault d atas to re
manag ers . Allo ws the us e o f c us to m
manag ers fo r eac h o f the d atas to res
s up p o rted b y Tro ve.
exis ts _no tific atio n_tic ks = 36 0
(IntO p t) Numb er o f rep o rt_intervals to wait
b etween p us hing events (s ee
rep o rt_interval).
exis ts _no tific atio n_trans fo rmer = No ne
(StrO p t) Trans fo rmer fo r exis ts no tific atio ns .
reb o o t_time_o ut = 120
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a s erver reb o o t.
res iz e_time_o ut = 6 0 0
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a s erver res iz e.
res to re_us ag e_timeo ut = 36 0 0 0
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a G ues t ins tanc e res to red fro m a b ac kup
to b ec o me ac tive.
revert_time_o ut = 6 0 0
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a s erver res iz e revert.
s erver_d elete_time_o ut = 6 0
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a s erver d elete.
CHAPT ER 4 . DAT ABASE SERVICE
Configurat ion opt ion = Default value
Descript ion
s tate_c hang e_wait_time = 18 0
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a s tate c hang e.
up d ate_s tatus _o n_fail = True
(Bo o lO p t) Set the s ervic e and ins tanc e tas k
s tatus es to ERRO R when an ins tanc e fails to
b ec o me ac tive within the c o nfig ured
us ag e_timeo ut.
us ag e_s leep _time = 5
(IntO p t) Time to s leep d uring the c hec k fo r
an ac tive G ues t.
us e_heat = Fals e
(Bo o lO p t) Us e Heat fo r p ro vis io ning .
us e_no va_s erver_c o nfig _d rive = Fals e
(Bo o lO p t) Us e c o nfig d rive fo r file injec tio n
when b o o ting ins tanc e.
us e_no va_s erver_vo lume = Fals e
(Bo o lO p t) Whether to p ro vis io n a Cind er
vo lume fo r the No va ins tanc e.
verify_s wift_c hec ks um_o n_res to re = True
(Bo o lO p t) Enab le verific atio n o f Swift
c hec ks um b efo re s tarting res to re. Makes
s ure the c hec ks um o f o rig inal b ac kup
matc hes the c hec ks um o f the Swift b ac kup
file.
T ab le 4 .21. D escrip t io n o f vo lu me co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
b lo c k_d evic e_map p ing = vd b
(StrO p t) Blo c k d evic e to map o nto the
c reated ins tanc e.
c ind er_s ervic e_typ e = vo lumev2
(StrO p t) Servic e typ e to us e when s earc hing
c atalo g .
c ind er_url = No ne
(StrO p t) URL witho ut the tenant s eg ment.
c ind er_vo lume_typ e = No ne
(StrO p t) Vo lume typ e to us e when
p ro vis io ning a Cind er vo lume.
d evic e_p ath = /d ev/vd b
(StrO p t) Devic e p ath fo r vo lume if vo lume
s up p o rt is enab led .
tro ve_vo lume_s up p o rt = True
(Bo o lO p t) Whether to p ro vis io n a Cind er
vo lume fo r d atad ir.
287
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
vo lume_fo rmat_timeo ut = 120
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a vo lume fo rmat.
vo lume_fs typ e = ext3
(StrO p t) File s ys tem typ e us ed to fo rmat a
vo lume.
vo lume_time_o ut = 6 0
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a vo lume attac h.
4 .1. DAT ABASE CONFIGURAT ION
Use the options to configure the used databases:
T ab le 4 .22. D escrip t io n o f d at ab ase co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
s q l_c o nnec tio n = s q lite:///tro ve_tes t.s q lite
(StrO p t) SQ L Co nnec tio n.
s q l_id le_timeo ut = 36 0 0
(IntO p t) Id le time (in s ec o nd s ) after whic h the
c o nnec tio n to the d atab as e is rees tab lis hed .
So me d atab as es will d ro p c o nnec tio ns after
a s p ec ific amo unt o f id le time. Setting
s q l_id le_timeo ut to a lo wer value than this
will ens ure that a rec o nnec t o c c urs b efo re
the d atab as e c an d ro p the c o nnec tio n.
s q l_q uery_lo g = Fals e
(Bo o lO p t) Write all SQ L q ueries to a lo g .
s q l_q uery_lo g g ing = Fals e
(Bo o lO p t) Allo w ins ec ure lo g g ing while
exec uting q ueries thro ug h SQ LAlc hemy.
T ab le 4 .23. D escrip t io n o f C assan d ra d at ab ase co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[cassandra]
b ac kup _inc remental_s trateg y = {}
288
(Dic tO p t) Inc remental Bac kup Runner b as ed
o n the d efault s trateg y. Fo r s trateg ies that d o
no t imp lement an inc remental, the runner will
us e the d efault full b ac kup .
CHAPT ER 4 . DAT ABASE SERVICE
Configurat ion opt ion = Default value
Descript ion
b ac kup _names p ac e = No ne
(StrO p t) Names p ac e to lo ad b ac kup
s trateg ies fro m.
b ac kup _s trateg y = No ne
(StrO p t) Default s trateg y to p erfo rm b ac kup s .
d evic e_p ath = /d ev/vd b
(StrO p t) Devic e p ath fo r vo lume if vo lume
s up p o rt is enab led .
mo unt_p o int = /var/lib /c as s and ra
(StrO p t) Files ys tem p ath fo r mo unting
vo lumes if vo lume s up p o rt is enab led .
rep lic atio n_s trateg y = No ne
(StrO p t) Default s trateg y fo r rep lic atio n.
res to re_names p ac e = No ne
(StrO p t) Names p ac e to lo ad res to re
s trateg ies fro m.
tc p _p o rts = 70 0 0 , 70 0 1, 9 0 42, 9 16 0
(Lis tO p t) Lis t o f TCP p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
ud p _p o rts =
(Lis tO p t) Lis t o f UDP p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
vo lume_s up p o rt = True
(Bo o lO p t) Whether to p ro vis io n a Cind er
vo lume fo r d atad ir.
T ab le 4 .24 . D escrip t io n o f C o u ch b ase d at ab ase co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[couchbase]
b ac kup _inc remental_s trateg y = {}
(Dic tO p t) Inc remental Bac kup Runner b as ed
o n the d efault s trateg y. Fo r s trateg ies that d o
no t imp lement an inc remental, the runner will
us e the d efault full b ac kup .
b ac kup _names p ac e =
tro ve.g ues tag ent.s trateg ies .b ac kup .c o uc hb a
s e_imp l
(StrO p t) Names p ac e to lo ad b ac kup
s trateg ies fro m.
b ac kup _s trateg y = Cb Bac kup
(StrO p t) Default s trateg y to p erfo rm b ac kup s .
d evic e_p ath = /d ev/vd b
(StrO p t) Devic e p ath fo r vo lume if vo lume
s up p o rt is enab led .
289
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
mo unt_p o int = /var/lib /c o uc hb as e
(StrO p t) Files ys tem p ath fo r mo unting
vo lumes if vo lume s up p o rt is enab led .
rep lic atio n_s trateg y = No ne
(StrO p t) Default s trateg y fo r rep lic atio n.
res to re_names p ac e =
tro ve.g ues tag ent.s trateg ies .res to re.c o uc hb a
s e_imp l
(StrO p t) Names p ac e to lo ad res to re
s trateg ies fro m.
ro o t_o n_c reate = True
(Bo o lO p t) Enab le the auto matic c reatio n o f
the ro o t us er fo r the s ervic e d uring ins tanc ec reate. The g enerated p as s wo rd fo r the ro o t
us er is immed iately returned in the res p o ns e
o f ins tanc e-c reate as the ' p as s wo rd ' field .
tc p _p o rts = 8 0 9 1, 8 0 9 2, 436 9 , 1120 9 -11211,
2110 0 -2119 9
(Lis tO p t) Lis t o f TCP p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
ud p _p o rts =
(Lis tO p t) Lis t o f UDP p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
vo lume_s up p o rt = True
(Bo o lO p t) Whether to p ro vis io n a Cind er
vo lume fo r d atad ir.
T ab le 4 .25. D escrip t io n o f Mo n g o D B d at ab ase co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[mongodb]
290
ap i_s trateg y =
tro ve.c o mmo n.s trateg ies .mo ng o d b .ap i.Mo n
g o Db APIStrateg y
(StrO p t) Clas s that imp lements d atas to res p ec ific API lo g ic .
b ac kup _inc remental_s trateg y = {}
(Dic tO p t) Inc remental Bac kup Runner b as ed
o n the d efault s trateg y. Fo r s trateg ies that d o
no t imp lement an inc remental, the runner will
us e the d efault full b ac kup .
b ac kup _names p ac e = No ne
(StrO p t) Names p ac e to lo ad b ac kup
s trateg ies fro m.
b ac kup _s trateg y = No ne
(StrO p t) Default s trateg y to p erfo rm b ac kup s .
CHAPT ER 4 . DAT ABASE SERVICE
Configurat ion opt ion = Default value
Descript ion
c lus ter_s up p o rt = True
(Bo o lO p t) Enab le c lus ters to b e c reated and
manag ed .
d evic e_p ath = /d ev/vd b
(StrO p t) Devic e p ath fo r vo lume if vo lume
s up p o rt is enab led .
g ues tag ent_s trateg y =
tro ve.c o mmo n.s trateg ies .mo ng o d b .g ues tag
ent.Mo ng o Db G ues tAg entStrateg y
(StrO p t) Clas s that imp lements d atas to res p ec ific G ues t Ag ent API lo g ic .
mo unt_p o int = /var/lib /mo ng o d b
(StrO p t) Files ys tem p ath fo r mo unting
vo lumes if vo lume s up p o rt is enab led .
num_c o nfig _s ervers _p er_c lus ter = 3
(IntO p t) The numb er o f c o nfig s ervers to
c reate p er c lus ter.
num_q uery_ro uters _p er_c lus ter = 1
(IntO p t) The numb er o f q uery ro uters
(mo ng o s ) to c reate p er c lus ter.
rep lic atio n_s trateg y = No ne
(StrO p t) Default s trateg y fo r rep lic atio n.
res to re_names p ac e = No ne
(StrO p t) Names p ac e to lo ad res to re
s trateg ies fro m.
tas kmanag er_s trateg y =
tro ve.c o mmo n.s trateg ies .mo ng o d b .tas kman
ag er.Mo ng o Db Tas kManag erStrateg y
(StrO p t) Clas s that imp lements d atas to res p ec ific tas k manag er lo g ic .
tc p _p o rts = 250 0 , 270 17
(Lis tO p t) Lis t o f TCP p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
ud p _p o rts =
(Lis tO p t) Lis t o f UPD p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
vo lume_s up p o rt = True
(Bo o lO p t) Whether to p ro vis io n a Cind er
vo lume fo r d atad ir.
T ab le 4 .26 . D escrip t io n o f MySQ L d at ab ase co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[mysql]
291
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
292
Configurat ion opt ion = Default value
Descript ion
b ac kup _inc remental_s trateg y =
{' Inno Bac kup Ex' : ' Inno Bac kup ExInc remental' }
(Dic tO p t) Inc remental Bac kup Runner b as ed
o n the d efault s trateg y. Fo r s trateg ies that d o
no t imp lement an inc remental b ac kup , the
runner will us e the d efault full b ac kup .
b ac kup _names p ac e =
tro ve.g ues tag ent.s trateg ies .b ac kup .mys q l_i
mp l
(StrO p t) Names p ac e to lo ad b ac kup
s trateg ies fro m.
b ac kup _s trateg y = Inno Bac kup Ex
(StrO p t) Default s trateg y to p erfo rm b ac kup s .
d evic e_p ath = /d ev/vd b
(StrO p t) Devic e p ath fo r vo lume if vo lume
s up p o rt is enab led .
mo unt_p o int = /var/lib /mys q l
(StrO p t) Files ys tem p ath fo r mo unting
vo lumes if vo lume s up p o rt is enab led .
rep lic atio n_names p ac e =
tro ve.g ues tag ent.s trateg ies .rep lic atio n.mys q
l_b inlo g
(StrO p t) Names p ac e to lo ad rep lic atio n
s trateg ies fro m.
rep lic atio n_s trateg y =
Mys q lBinlo g Rep lic atio n
(StrO p t) Default s trateg y fo r rep lic atio n.
res to re_names p ac e =
tro ve.g ues tag ent.s trateg ies .res to re.mys q l_i
mp l
(StrO p t) Names p ac e to lo ad res to re
s trateg ies fro m.
ro o t_o n_c reate = Fals e
(Bo o lO p t) Enab le the auto matic c reatio n o f
the ro o t us er fo r the s ervic e d uring ins tanc ec reate. The g enerated p as s wo rd fo r the ro o t
us er is immed iately returned in the res p o ns e
o f ins tanc e-c reate as the ' p as s wo rd ' field .
tc p _p o rts = 330 6
(Lis tO p t) Lis t o f TCP p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
ud p _p o rts =
(Lis tO p t) Lis t o f UDP p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
us ag e_timeo ut = 40 0
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a G ues t to b ec o me ac tive.
vo lume_s up p o rt = True
(Bo o lO p t) Whether to p ro vis io n a Cind er
vo lume fo r d atad ir.
CHAPT ER 4 . DAT ABASE SERVICE
T ab le 4 .27. D escrip t io n o f Perco n a d at ab ase co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[percona]
b ac kup _inc remental_s trateg y =
{' Inno Bac kup Ex' : ' Inno Bac kup ExInc remental' }
(Dic tO p t) Inc remental Bac kup Runner b as ed
o n the d efault s trateg y. Fo r s trateg ies that d o
no t imp lement an inc remental b ac kup , the
runner will us e the d efault full b ac kup .
b ac kup _names p ac e =
tro ve.g ues tag ent.s trateg ies .b ac kup .mys q l_i
mp l
(StrO p t) Names p ac e to lo ad b ac kup
s trateg ies fro m.
b ac kup _s trateg y = Inno Bac kup Ex
(StrO p t) Default s trateg y to p erfo rm b ac kup s .
d evic e_p ath = /d ev/vd b
(StrO p t) Devic e p ath fo r vo lume if vo lume
s up p o rt is enab led .
mo unt_p o int = /var/lib /mys q l
(StrO p t) Files ys tem p ath fo r mo unting
vo lumes if vo lume s up p o rt is enab led .
rep lic atio n_names p ac e =
tro ve.g ues tag ent.s trateg ies .rep lic atio n.mys q
l_b inlo g
(StrO p t) Names p ac e to lo ad rep lic atio n
s trateg ies fro m.
rep lic atio n_p as s wo rd = NETO U78 9 7NNLO U
(StrO p t) Pas s wo rd fo r rep lic atio n s lave us er.
rep lic atio n_s trateg y =
Mys q lBinlo g Rep lic atio n
(StrO p t) Default s trateg y fo r rep lic atio n.
rep lic atio n_us er = s lave_us er
(StrO p t) Us erid fo r rep lic atio n s lave.
res to re_names p ac e =
tro ve.g ues tag ent.s trateg ies .res to re.mys q l_i
mp l
(StrO p t) Names p ac e to lo ad res to re
s trateg ies fro m.
ro o t_o n_c reate = Fals e
(Bo o lO p t) Enab le the auto matic c reatio n o f
the ro o t us er fo r the s ervic e d uring ins tanc ec reate. The g enerated p as s wo rd fo r the ro o t
us er is immed iately returned in the res p o ns e
o f ins tanc e-c reate as the ' p as s wo rd ' field .
tc p _p o rts = 330 6
(Lis tO p t) Lis t o f TCP p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
293
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
ud p _p o rts =
(Lis tO p t) Lis t o f UDP p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
us ag e_timeo ut = 450
(IntO p t) Maximum time (in s ec o nd s ) to wait
fo r a G ues t to b ec o me ac tive.
vo lume_s up p o rt = True
(Bo o lO p t) Whether to p ro vis io n a Cind er
vo lume fo r d atad ir.
T ab le 4 .28. D escrip t io n o f Po st g reSQ L d at ab ase co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[post gresql]
294
b ac kup _inc remental_s trateg y = {}
(Dic tO p t) Inc remental Bac kup Runner b as ed
o n the d efault s trateg y. Fo r s trateg ies that d o
no t imp lement an inc remental, the runner will
us e the d efault full b ac kup .
b ac kup _names p ac e =
tro ve.g ues tag ent.s trateg ies .b ac kup .p o s tg res
q l_imp l
(StrO p t) Names p ac e to lo ad b ac kup
s trateg ies fro m.
b ac kup _s trateg y = Pg Dump
(StrO p t) Default s trateg y to p erfo rm b ac kup s .
d evic e_p ath = /d ev/vd b
(StrO p t) No help text availab le fo r this
o p tio n.
ig no re_d b s = p o s tg res
(Lis tO p t) No help text availab le fo r this
o p tio n.
ig no re_us ers = o s _ad min, p o s tg res , ro o t
(Lis tO p t) No help text availab le fo r this
o p tio n.
mo unt_p o int = /var/lib /p o s tg res q l
(StrO p t) Files ys tem p ath fo r mo unting
vo lumes if vo lume s up p o rt is enab led .
res to re_names p ac e =
tro ve.g ues tag ent.s trateg ies .res to re.p o s tg res
q l_imp l
(StrO p t) Names p ac e to lo ad res to re
s trateg ies fro m.
CHAPT ER 4 . DAT ABASE SERVICE
Configurat ion opt ion = Default value
Descript ion
ro o t_o n_c reate = Fals e
(Bo o lO p t) Enab le the auto matic c reatio n o f
the ro o t us er fo r the s ervic e d uring ins tanc ec reate. The g enerated p as s wo rd fo r the ro o t
us er is immed iately returned in the res p o ns e
o f ins tanc e-c reate as the ' p as s wo rd ' field .
tc p _p o rts = 5432
(Lis tO p t) Lis t o f TCP p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
ud p _p o rts =
(Lis tO p t) Lis t o f UPD p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
vo lume_s up p o rt = True
(Bo o lO p t) Whether to p ro vis io n a Cind er
vo lume fo r d atad ir.
T ab le 4 .29 . D escrip t io n o f R ed is d at ab ase co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[redis]
b ac kup _inc remental_s trateg y = {}
(Dic tO p t) Inc remental Bac kup Runner b as ed
o n the d efault s trateg y. Fo r s trateg ies that d o
no t imp lement an inc remental, the runner will
us e the d efault full b ac kup .
b ac kup _names p ac e = No ne
(StrO p t) Names p ac e to lo ad b ac kup
s trateg ies fro m.
b ac kup _s trateg y = No ne
(StrO p t) Default s trateg y to p erfo rm b ac kup s .
d evic e_p ath = No ne
(StrO p t) Devic e p ath fo r vo lume if vo lume
s up p o rt is enab led .
mo unt_p o int = /var/lib /red is
(StrO p t) Files ys tem p ath fo r mo unting
vo lumes if vo lume s up p o rt is enab led .
rep lic atio n_s trateg y = No ne
(StrO p t) Default s trateg y fo r rep lic atio n.
res to re_names p ac e = No ne
(StrO p t) Names p ac e to lo ad res to re
s trateg ies fro m.
295
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
tc p _p o rts = 6 379
(Lis tO p t) Lis t o f TCP p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
ud p _p o rts =
(Lis tO p t) Lis t o f UDP p o rts and /o r p o rt
rang es to o p en in the s ec urity g ro up (o nly
ap p lic ab le if tro ve_s ec urity_g ro up s _s up p o rt
is True).
vo lume_s up p o rt = Fals e
(Bo o lO p t) Whether to p ro vis io n a Cind er
vo lume fo r d atad ir.
4 .2. CONFIGURE T HE RPC MESSAGING SYST EM
OpenStack projects use an open standard for messaging middleware known as AMQP. This
messaging middleware enables the OpenStack services that run on multiple servers to talk to
each other. OpenStack Trove RPC can use either the R ab b it MQ or Q p id implementation of
AMQP.
4 .2.1. Configure Rabbit MQ
Use these options to configure the R ab b it MQ messaging system:
T ab le 4 .30. D escrip t io n o f R ab b it MQ co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
296
ko mb u_s s l_c a_c erts =
(StrO p t) SSL c ertific atio n autho rity file (valid
o nly if SSL enab led )
ko mb u_s s l_c ertfile =
(StrO p t) SSL c ert file (valid o nly if SSL
enab led )
ko mb u_s s l_keyfile =
(StrO p t) SSL key file (valid o nly if SSL
enab led )
ko mb u_s s l_vers io n =
(StrO p t) SSL vers io n to us e (valid o nly if SSL
enab led ). valid values are TLSv1, SSLv23 and
SSLv3. SSLv2 may b e availab le o n s o me
d is trib utio ns
CHAPT ER 4 . DAT ABASE SERVICE
Configurat ion opt ion = Default value
Descript ion
rab b it_ha_q ueues = Fals e
(Bo o lO p t) us e H/A q ueues in Rab b itMQ (xha-p o lic y: all).Yo u need to wip e Rab b itMQ
d atab as e when c hang ing this o p tio n.
rab b it_ho s t = lo c alho s t
(StrO p t) The Rab b itMQ b ro ker ad d res s
where a s ing le no d e is us ed
rab b it_ho s ts = $ rab b it_ho s t:$ rab b it_p o rt
(Lis tO p t) Rab b itMQ HA c lus ter ho s t:p o rt
p airs
rab b it_max_retries = 0
(IntO p t) maximum retries with trying to
c o nnec t to Rab b itMQ (the d efault o f 0
imp lies an infinite retry c o unt)
rab b it_p as s wo rd = g ues t
(StrO p t) the Rab b itMQ p as s wo rd
rab b it_p o rt = 56 72
(IntO p t) The Rab b itMQ b ro ker p o rt where a
s ing le no d e is us ed
rab b it_retry_b ac ko ff = 2
(IntO p t) ho w lo ng to b ac ko ff fo r b etween
retries when c o nnec ting to Rab b itMQ
rab b it_retry_interval = 1
(IntO p t) ho w freq uently to retry c o nnec ting
with Rab b itMQ
rab b it_us e_s s l = Fals e
(Bo o lO p t) c o nnec t o ver SSL fo r Rab b itMQ
rab b it_us erid = g ues t
(StrO p t) the Rab b itMQ us erid
rab b it_virtual_ho s t = /
(StrO p t) the Rab b itMQ virtual ho s t
4 .2.2. Configure Qpid
Use these options to configure the Q p id messaging system:
T ab le 4 .31. D escrip t io n o f Q p id co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
q p id _heartb eat = 6 0
(IntO p t) Sec o nd s b etween c o nnec tio n
keep alive heartb eats
q p id _ho s tname = lo c alho s t
(StrO p t) Q p id b ro ker ho s tname
297
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
q p id _ho s ts = $ q p id _ho s tname:$ q p id _p o rt
(Lis tO p t) Q p id HA c lus ter ho s t:p o rt p airs
q p id _p as s wo rd =
(StrO p t) Pas s wo rd fo r q p id c o nnec tio n
q p id _p o rt = 56 72
(IntO p t) Q p id b ro ker p o rt
q p id _p ro to c o l = tc p
(StrO p t) Trans p o rt to us e, either ' tc p ' o r ' s s l'
q p id _s as l_mec hanis ms =
(StrO p t) Sp ac e s ep arated lis t o f SASL
mec hanis ms to us e fo r auth
q p id _tc p _no d elay = True
(Bo o lO p t) Dis ab le Nag le alg o rithm
q p id _us ername =
(StrO p t) Us ername fo r q p id c o nnec tio n
4 .2.3. Common messaging set t ings
Use these common options to configure the R ab b it MQ and Q p id messaging drivers:
T ab le 4 .32. D escrip t io n o f AMQ P co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
298
amq p _auto _d elete = Fals e
(Bo o lO p t) Auto -d elete q ueues in amq p .
amq p _d urab le_q ueues = Fals e
(Bo o lO p t) Us e d urab le q ueues in amq p .
c o nd uc to r_manag er =
tro ve.c o nd uc to r.manag er.Manag er
(StrO p t) Q ualified c las s name to us e fo r
c o nd uc to r manag er.
c o nd uc to r_q ueue = tro ve-c o nd uc to r
(StrO p t) Mes s ag e q ueue name the
Co nd uc to r will lis ten o n.
c o ntro l_exc hang e = o p ens tac k
(StrO p t) AMQ P exc hang e to c o nnec t to if
us ing Rab b itMQ o r Q p id
d efault_p ub lis her_id = $ ho s t
(StrO p t) Default p ub lis her_id fo r o utg o ing
no tific atio ns
no tific atio n_d river = []
(MultiStrO p t) Driver o r d rivers to hand le
s end ing no tific atio ns
CHAPT ER 4 . DAT ABASE SERVICE
Configurat ion opt ion = Default value
Descript ion
no tific atio n_s ervic e_id = {' p o s tg res q l' :
' ac 277e0 d -4f21-40 aa-b 347-1ea31e571720 ' ,
' c o uc hb as e' : ' fa6 2fe6 8 -74d 9 -4779 -a24e36 f19 6 0 2c 415' , ' mo ng o d b ' : ' c 8 c 9 0 7af-7375456 f-b 9 29 -b 6 37ff9 20 9 ee' , ' red is ' : ' b 216 ffc 519 47-456 c -a4c f-70 f9 4c 0 5f7d 0 ' , ' mys q l' :
' 2f3ff0 6 8 -2b fb -4f70 -9 a9 d -a6 b b 6 5b c 0 8 4b ' ,
' c as s and ra' : ' 459 a230 d -4e9 7-4344-9 0 6 72a54a310 b 0 ed ' }
(Dic tO p t) Uniq ue ID to tag no tific atio n
events .
no tific atio n_to p ic s = no tific atio ns
(Lis tO p t) AMQ P to p ic us ed fo r o p ens tac k
no tific atio ns
T ab le 4 .33. D escrip t io n o f R PC co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
allo wed _rp c _exc ep tio n_mo d ules =
no va.exc ep tio n, c ind er.exc ep tio n,
exc ep tio ns
(Lis tO p t) Mo d ules o f exc ep tio ns that are
p ermitted to b e rec reated up o n rec eiving
exc ep tio n d ata fro m an rp c c all.
matc hmaker_heartb eat_freq = 30 0
(IntO p t) Heartb eat freq uenc y
matc hmaker_heartb eat_ttl = 6 0 0
(IntO p t) Heartb eat time-to -live.
num_tries = 3
(IntO p t) Numb er o f times to c hec k if a vo lume
exis ts .
rep o rt_interval = 10
(IntO p t) The interval (in s ec o nd s ) whic h
p erio d ic tas ks are run.
rp c _b ac kend =
tro ve.o p ens tac k.c o mmo n.rp c .imp l_ko mb u
(StrO p t) The mes s ag ing mo d ule to us e,
d efaults to ko mb u.
rp c _c as t_timeo ut = 30
(IntO p t) Sec o nd s to wait b efo re a c as t
exp ires (TTL). O nly s up p o rted b y imp l_z mq .
rp c _c o nn_p o o l_s iz e = 30
(IntO p t) Siz e o f RPC c o nnec tio n p o o l
rp c _res p o ns e_timeo ut = 6 0
(IntO p t) Sec o nd s to wait fo r a res p o ns e fro m
c all o r multic all
rp c _thread _p o o l_s iz e = 6 4
(IntO p t) Siz e o f RPC thread p o o l
[rpc_not ifier2 ]
299
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
to p ic s = no tific atio ns
(Lis tO p t) AMQ P to p ic (s ) us ed fo r o p ens tac k
no tific atio ns
[secure_messages]
300
enab led = True
(Bo o lO p t) Whether Sec ure Mes s ag ing
(Sig ning ) is enab led , d efaults to enab led
enc ryp t = Fals e
(Bo o lO p t) Whether Sec ure Mes s ag ing
(Enc ryp tio n) is enab led , d efaults to no t
enab led
enfo rc ed = Fals e
(Bo o lO p t) Whether Sec ure Mes s ag ing
(Sig ning ) is enfo rc ed , d efaults to no t
enfo rc ed
kd s _end p o int = No ne
(StrO p t) KDS end p o int (ex:
http ://kd s .examp le.c o m:35357/v3)
s ec ret_key = No ne
(MultiStrO p t) A lis t o f keys : (ex: name:
< b as e6 4 enc o d ed key> ), ig no red if
s ec ret_keys _file is s et
s ec ret_keys _file = No ne
(StrO p t) Path to the file c o ntaining the keys ,
takes p rec ed enc e o ver s ec ret_key
CHAPT ER 5. IDENT IT Y SERVICE
CHAPTER 5. IDENTITY SERVICE
This chapter details the OpenStack Identity service configuration options. For installation
prerequisites and step-by-step walkthroughs, see the OpenStack Installation Guide for your
distribution (docs.openstack.org) and Cloud Administrator Guide.
5.1. CACHING LAYER
Identity supports a caching layer that is above the configurable subsystems, such as token
or assignment. The majority of the caching configuration options are set in the [cache]
section. However, each section that has the capability to be cached usually has a cachi ng
option that will toggle caching for that specific section. By default, caching is globally
disabled. Options are as follows:
T ab le 5.1. D escrip t io n o f cach e co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[cache]
backend = keystone.common.cache.noop
(StrO p t) Do g p ile.c ac he b ac kend mo d ule. It
is rec o mmend ed that Memc ac he with
p o o ling (keys to ne.c ac he.memc ac he_p o o l)
o r Red is (d o g p ile.c ac he.red is ) b e us ed in
p ro d uc tio n d ep lo yments . Small wo rklo ad s
(s ing le p ro c es s ) like d evs tac k c an us e the
d o g p ile.c ac he.memo ry b ac kend .
backend _arg ument = []
(MultiStrO p t) Arg uments s up p lied to the
b ac kend mo d ule. Sp ec ify this o p tio n o nc e
p er arg ument to b e p as s ed to the
d o g p ile.c ac he b ac kend . Examp le fo rmat: "
< arg name> :< value> " .
co nfi g _prefi x = cache.keystone
(StrO p t) Prefix fo r b uild ing the c o nfig uratio n
d ic tio nary fo r the c ac he reg io n. This s ho uld
no t need to b e c hang ed unles s there is
ano ther d o g p ile.c ac he reg io n with the s ame
c o nfig uratio n name.
d ebug _cache_backend = False
(Bo o lO p t) Extra d eb ug g ing fro m the c ac he
b ac kend (c ac he keys , g et/s et/d elete/etc
c alls ). This is o nly really us eful if yo u need to
s ee the s p ec ific c ac he-b ac kend
g et/s et/d elete c alls with the keys /values .
Typ ic ally this s ho uld b e left s et to fals e.
enabl ed = False
(Bo o lO p t) G lo b al to g g le fo r all c ac hing
us ing the s ho uld _c ac he_fn mec hanis m.
301
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
expi rati o n_ti me = 600
(IntO p t) Default TTL, in s ec o nd s , fo r any
c ac hed item in the d o g p ile.c ac he reg io n.
This ap p lies to any c ac hed metho d that
d o es n' t have an exp lic it c ac he exp iratio n
time d efined fo r it.
memcache_d ead _retry = 300
(IntO p t) Numb er o f s ec o nd s memc ac hed
s erver is c o ns id ered d ead b efo re it is tried
ag ain. (d o g p ile.c ac he.memc ac he and
keys to ne.c ac he.memc ac he_p o o l b ac kend s
o nly).
memcache_po o l _co nnecti o n_g et_ti
meo ut = 10
(IntO p t) Numb er o f s ec o nd s that an
o p eratio n will wait to g et a memc ac he c lient
c o nnec tio n.
memcache_po o l _maxsi ze = 10
(IntO p t) Max to tal numb er o f o p en
c o nnec tio ns to every memc ac hed s erver.
(keys to ne.c ac he.memc ac he_p o o l b ac kend
o nly).
memcache_po o l _unused _ti meo ut = 60
(IntO p t) Numb er o f s ec o nd s a c o nnec tio n to
memc ac hed is held unus ed in the p o o l
b efo re it is c lo s ed .
(keys to ne.c ac he.memc ac he_p o o l b ac kend
o nly).
memcache_servers = localhost:11211
(Lis tO p t) Memc ac he s ervers in the fo rmat o f
" ho s t:p o rt" . (d o g p ile.c ac he.memc ac he and
keys to ne.c ac he.memc ac he_p o o l b ac kend s
o nly).
memcache_so cket_ti meo ut = 3
(IntO p t) Timeo ut in s ec o nd s fo r every c all to
a s erver. (d o g p ile.c ac he.memc ac he and
keys to ne.c ac he.memc ac he_p o o l b ac kend s
o nly).
pro xi es =
(Lis tO p t) Pro xy c las s es to imp o rt that will
affec t the way the d o g p ile.c ac he b ac kend
func tio ns . See the d o g p ile.c ac he
d o c umentatio n o n c hang ing -b ac kend b ehavio r.
[memcache]
d ead _retry = 300
302
(IntO p t) Numb er o f s ec o nd s memc ac hed
s erver is c o ns id ered d ead b efo re it is tried
ag ain. This is us ed b y the key value s to re
s ys tem (e.g . to ken p o o led memc ac hed
p ers is tenc e b ac kend ).
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
po o l _co nnecti o n_g et_ti meo ut = 10
(IntO p t) Numb er o f s ec o nd s that an
o p eratio n will wait to g et a memc ac he c lient
c o nnec tio n. This is us ed b y the key value
s to re s ys tem (e.g . to ken p o o led memc ac hed
p ers is tenc e b ac kend ).
po o l _maxsi ze = 10
(IntO p t) Max to tal numb er o f o p en
c o nnec tio ns to every memc ac hed s erver.
This is us ed b y the key value s to re s ys tem
(e.g . to ken p o o led memc ac hed p ers is tenc e
b ac kend ).
po o l _unused _ti meo ut = 60
(IntO p t) Numb er o f s ec o nd s a c o nnec tio n to
memc ac hed is held unus ed in the p o o l
b efo re it is c lo s ed . This is us ed b y the key
value s to re s ys tem (e.g . to ken p o o led
memc ac hed p ers is tenc e b ac kend ).
Current functional backends are:
d o g pi l e. cache. memcached - Memcached backend using the standard pythonmemcached library
d o g pi l e. cache. pyl i bmc - Memcached backend using the pylibmc library
d o g pi l e. cache. bmemcached - Memcached using python-binary-memcached library.
d o g pi l e. cache. red i s - Redis backend
d o g pi l e. cache. d bm - Local D BM file backend
d o g pi l e. cache. memo ry - In-memory cache, not suitable for use outside of testing as
it does not cleanup it's internal cache on cache expiration and does not share cache
between processes. This means that caching and cache invalidation will not be
consistent or reliable.
d o g pi l e. cache. mo ng o - MongoD B as caching backend.
5.2. IDENT IT Y SERVICE CONFIGURAT ION FILE
The Identity service is configured in the /etc/keysto ne/keysto ne. co nf file.
The following tables provide a comprehensive list of the Identity service options.
T ab le 5.2. D escrip t io n o f API co n f ig u rat io n o p t io n s
303
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
304
ad mi n_bi nd _ho st = 0.0.0.0
(StrO p t) The IP ad d res s o f the netwo rk
interfac e fo r the ad min s ervic e to lis ten o n.
ad mi n_end po i nt = None
(StrO p t) The b as e ad min end p o int URL fo r
Keys to ne that is ad vertis ed to c lients (NO TE:
this d o es NO T affec t ho w Keys to ne lis tens
fo r c o nnec tio ns ). Defaults to the b as e ho s t
URL o f the req ues t. E.g . a req ues t to
http ://s erver:35357/v3/us ers will d efault to
http ://s erver:35357. Yo u s ho uld o nly need to
s et this value if the b as e URL c o ntains a p ath
(e.g . /p refix/v3) o r the end p o int s ho uld b e
fo und o n a d ifferent s erver.
ad mi n_po rt = 35357
(IntO p t) The p o rt numb er whic h the ad min
s ervic e lis tens o n.
ad mi n_to ken = ADMIN
(StrO p t) A " s hared s ec ret" that c an b e us ed
to b o o ts trap Keys to ne. This " to ken" d o es
no t rep res ent a us er, and c arries no exp lic it
autho riz atio n. To d is ab le in p ro d uc tio n
(hig hly rec o mmend ed ), remo ve
Ad minTo kenAuthMid d leware fro m yo ur p as te
ap p lic atio n p ip elines (fo r examp le, in
keys to ne-p as te.ini).
ad mi n_wo rkers = None
(IntO p t) The numb er o f wo rker p ro c es s es to
s erve the ad min WSG I ap p lic atio n. Defaults
to numb er o f CPUs (minimum o f 2).
co mpute_po rt = 8774
(IntO p t) (Dep rec ated ) The p o rt whic h the
O p enStac k Co mp ute s ervic e lis tens o n. This
o p tio n was o nly us ed fo r s tring rep lac ement
in the temp lated c atalo g b ac kend . Temp lated
c atalo g s s ho uld rep lac e the
" $ (c o mp ute_p o rt)s " s ub s titutio n with the
s tatic p o rt o f the c o mp ute s ervic e. As o f
Juno , this o p tio n is d ep rec ated and will b e
remo ved in the L releas e.
d o mai n_i d _i mmutabl e = True
(Bo o lO p t) Set this to fals e if yo u want to
enab le the ab ility fo r us er, g ro up and p ro jec t
entities to b e mo ved b etween d o mains b y
up d ating their d o main_id . Allo wing s uc h
mo vement is no t rec o mmend ed if the s c o p e
o f a d o main ad min is b eing res tric ted b y us e
o f an ap p ro p riate p o lic y file (s ee
p o lic y.v3c lo ud s amp le as an examp le).
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
l i st_l i mi t = None
(IntO p t) The maximum numb er o f entities that
will b e returned in a c o llec tio n, with no limit
s et b y d efault. This g lo b al limit may b e then
o verrid d en fo r a s p ec ific d river, b y
s p ec ifying a lis t_limit in the ap p ro p riate
s ec tio n (e.g . [as s ig nment]).
max_param_si ze = 64
(IntO p t) Limit the s iz es o f us er & p ro jec t
ID/names .
max_pro ject_tree_d epth = 5
(IntO p t) Maximum d ep th o f the p ro jec t
hierarc hy. WARNING : s etting it to a larg e
value may ad vers ely imp ac t p erfo rmanc e.
max_req uest_bo d y_si ze = 114688
(IntO p t) Enfo rc ed b y o p tio nal s iz elimit
mid d leware
(keys to ne.mid d leware:Req ues tBo d ySiz eLimit
er).
max_to ken_si ze = 8192
(IntO p t) Similar to max_p aram_s iz e, b ut
p ro vid es an exc ep tio n fo r to ken values .
member_ro l e_i d =
(StrO p t) Similar to the memb er_ro le_name
o p tio n, this rep res ents the d efault ro le ID
us ed to as s o c iate us ers with their d efault
p ro jec ts in the v2 API. This will b e us ed as
the exp lic it ro le where o ne is no t s p ec ified b y
the v2 API.
9fe2ff9ee4384b1894a90878d3e92bab
member_ro l e_name = _member_
(StrO p t) This is the ro le name us ed in
c o mb inatio n with the memb er_ro le_id
o p tio n; s ee that o p tio n fo r mo re d etail.
publ i c_bi nd _ho st = 0.0.0.0
(StrO p t) The IP ad d res s o f the netwo rk
interfac e fo r the p ub lic s ervic e to lis ten o n.
publ i c_end po i nt = None
(StrO p t) The b as e p ub lic end p o int URL fo r
Keys to ne that is ad vertis ed to c lients (NO TE:
this d o es NO T affec t ho w Keys to ne lis tens
fo r c o nnec tio ns ). Defaults to the b as e ho s t
URL o f the req ues t. E.g . a req ues t to
http ://s erver:50 0 0 /v3/us ers will d efault to
http ://s erver:50 0 0 . Yo u s ho uld o nly need to
s et this value if the b as e URL c o ntains a p ath
(e.g . /p refix/v3) o r the end p o int s ho uld b e
fo und o n a d ifferent s erver.
publ i c_po rt = 5000
(IntO p t) The p o rt numb er whic h the p ub lic
s ervic e lis tens o n.
305
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
publ i c_wo rkers = None
(IntO p t) The numb er o f wo rker p ro c es s es to
s erve the p ub lic WSG I ap p lic atio n. Defaults
to numb er o f CPUs (minimum o f 2).
stri ct_passwo rd _check = False
(Bo o lO p t) If s et to true, s tric t p as s wo rd
leng th c hec king is p erfo rmed fo r p as s wo rd
manip ulatio n. If a p as s wo rd exc eed s the
maximum leng th, the o p eratio n will fail with
an HTTP 40 3 Fo rb id d en erro r. If s et to fals e,
p as s wo rd s are auto matic ally trunc ated to the
maximum leng th.
tcp_keepal i ve = False
(Bo o lO p t) Set this to true if yo u want to
enab le TCP_KEEPALIVE o n s erver s o c kets ,
i.e. s o c kets us ed b y the Keys to ne ws g i s erver
fo r c lient c o nnec tio ns .
tcp_keepi d l e = 600
(IntO p t) Sets the value o f TCP_KEEPIDLE in
s ec o nd s fo r eac h s erver s o c ket. O nly
ap p lies if tc p _keep alive is true.
[endpoint _filt er]
d ri ver =
(StrO p t) End p o int Filter b ac kend d river
keystone.contrib.endpoint_filter.backends.sql.En
dpointFilter
return_al l _end po i nts_i f_no _fi l t
er = True
(Bo o lO p t) To g g le to return all ac tive
end p o ints if no filter exis ts .
[endpoint _policy]
d ri ver =
(StrO p t) End p o int p o lic y b ac kend d river
keystone.contrib.endpoint_policy.backends.sql.E
ndpointPolicy
[past e_deploy]
co nfi g _fi l e = keystone-paste.ini
(StrO p t) Name o f the p as te c o nfig uratio n file
that d efines the availab le p ip elines .
T ab le 5.3. D escrip t io n o f assig n men t co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
[assignment ]
306
Descript ion
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
cache_ti me = None
(IntO p t) TTL (in s ec o nd s ) to c ac he
as s ig nment d ata. This has no effec t unles s
g lo b al c ac hing is enab led .
cachi ng = True
(Bo o lO p t) To g g le fo r as s ig nment c ac hing .
This has no effec t unles s g lo b al c ac hing is
enab led .
d ri ver = None
(StrO p t) As s ig nment b ac kend d river.
l i st_l i mi t = None
(IntO p t) Maximum numb er o f entities that will
b e returned in an as s ig nment c o llec tio n.
T ab le 5.4 . D escrip t io n o f au t h o riz at io n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[aut h]
external =
keystone.auth.plugins.external.DefaultDomain
(StrO p t) The external (REMO TE_USER) auth
p lug in mo d ule.
metho d s = external, password, token
(Lis tO p t) Default auth metho d s .
passwo rd =
(StrO p t) The p as s wo rd auth p lug in mo d ule.
keystone.auth.plugins.password.Password
to ken = keystone.auth.plugins.token.Token
(StrO p t) The to ken auth p lug in mo d ule.
T ab le 5.5. D escrip t io n o f au t h o riz at io n t o ken co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[keyst one_aut ht oken]
ad mi n_passwo rd = None
(StrO p t) Keys to ne ac c o unt p as s wo rd
ad mi n_tenant_name = admin
(StrO p t) Keys to ne s ervic e ac c o unt tenant
name to valid ate us er to kens
307
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
ad mi n_to ken = None
(StrO p t) This o p tio n is d ep rec ated and may
b e remo ved in a future releas e. Sing le
s hared s ec ret with the Keys to ne
c o nfig uratio n us ed fo r b o o ts trap p ing a
Keys to ne ins tallatio n, o r o therwis e
b yp as s ing the no rmal authentic atio n
p ro c es s . This o p tio n s ho uld no t b e us ed ,
us e `ad min_us er` and `ad min_p as s wo rd `
ins tead .
ad mi n_user = None
(StrO p t) Keys to ne ac c o unt us ername
auth_ad mi n_prefi x =
(StrO p t) Prefix to p rep end at the b eg inning
o f the p ath. Dep rec ated , us e id entity_uri.
auth_ho st = 127.0.0.1
(StrO p t) Ho s t p ro vid ing the ad min Id entity
API end p o int. Dep rec ated , us e id entity_uri.
auth_po rt = 35357
(IntO p t) Po rt o f the ad min Id entity API
end p o int. Dep rec ated , us e id entity_uri.
auth_pro to co l = https
(StrO p t) Pro to c o l o f the ad min Id entity API
end p o int (http o r http s ). Dep rec ated , us e
id entity_uri.
auth_uri = None
(StrO p t) Co mp lete p ub lic Id entity API
end p o int
auth_versi o n = None
(StrO p t) API vers io n o f the ad min Id entity API
end p o int
cache = None
(StrO p t) Env key fo r the s wift c ac he
cafi l e = None
(StrO p t) A PEM enc o d ed Certific ate Autho rity
to us e when verifying HTTPs c o nnec tio ns .
Defaults to s ys tem CAs .
certfi l e = None
(StrO p t) Req uired if Keys to ne s erver
req uires c lient c ertific ate
check_revo cati o ns_fo r_cached =
(Bo o lO p t) If true, the revo c atio n lis t will b e
c hec ked fo r c ac hed to kens . This req uires
that PKI to kens are c o nfig ured o n the
Keys to ne s erver.
False
d el ay_auth_d eci si o n = False
308
(Bo o lO p t) Do no t hand le autho riz atio n
req ues ts within the mid d leware, b ut d eleg ate
the autho riz atio n d ec is io n to d o wns tream
WSG I c o mp o nents
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
enfo rce_to ken_bi nd = permissive
(StrO p t) Us ed to c o ntro l the us e and typ e o f
to ken b ind ing . Can b e s et to : " d is ab led " to
no t c hec k to ken b ind ing . " p ermis s ive"
(d efault) to valid ate b ind ing info rmatio n if the
b ind typ e is o f a fo rm kno wn to the s erver
and ig no re it if no t. " s tric t" like " p ermis s ive"
b ut if the b ind typ e is unkno wn the to ken will
b e rejec ted . " req uired " any fo rm o f to ken
b ind ing is need ed to b e allo wed . Finally the
name o f a b ind ing metho d that mus t b e
p res ent in to kens .
hash_al g o ri thms = md5
(Lis tO p t) Has h alg o rithms to us e fo r has hing
PKI to kens . This may b e a s ing le alg o rithm
o r multip le. The alg o rithms are tho s e
s up p o rted b y Pytho n s tand ard has hlib .new().
The has hes will b e tried in the o rd er g iven,
s o p ut the p referred o ne firs t fo r
p erfo rmanc e. The res ult o f the firs t has h will
b e s to red in the c ac he. This will typ ic ally b e
s et to multip le values o nly while mig rating
fro m a les s s ec ure alg o rithm to a mo re
s ec ure o ne. O nc e all the o ld to kens are
exp ired this o p tio n s ho uld b e s et to a s ing le
value fo r b etter p erfo rmanc e.
http_co nnect_ti meo ut = None
(Bo o lO p t) Req ues t timeo ut value fo r
c o mmunic ating with Id entity API s erver.
http_req uest_max_retri es = 3
(IntO p t) Ho w many times are we trying to
rec o nnec t when c o mmunic ating with Id entity
API Server.
i d enti ty_uri = None
(StrO p t) Co mp lete ad min Id entity API
end p o int. This s ho uld s p ec ify the
unvers io ned ro o t end p o int e.g .
http s ://lo c alho s t:35357/
i ncl ud e_servi ce_catal o g = True
(Bo o lO p t) (o p tio nal) ind ic ate whether to s et
the X-Servic e-Catalo g head er. If Fals e,
mid d leware will no t as k fo r s ervic e c atalo g
o n to ken valid atio n and will no t s et the XServic e-Catalo g head er.
i nsecure = False
(Bo o lO p t) Verify HTTPS c o nnec tio ns .
keyfi l e = None
(StrO p t) Req uired if Keys to ne s erver
req uires c lient c ertific ate
309
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
memcache_secret_key = None
(StrO p t) (o p tio nal, mand ato ry if
memc ac he_s ec urity_s trateg y is d efined ) this
s tring is us ed fo r key d erivatio n.
memcache_securi ty_strateg y = None
(StrO p t) (o p tio nal) if d efined , ind ic ate
whether to ken d ata s ho uld b e authentic ated
o r authentic ated and enc ryp ted . Ac c ep tab le
values are MAC o r ENCRYPT. If MAC, to ken
d ata is authentic ated (with HMAC) in the
c ac he. If ENCRYPT, to ken d ata is enc ryp ted
and authentic ated in the c ac he. If the value is
no t o ne o f thes e o p tio ns o r emp ty,
auth_to ken will rais e an exc ep tio n o n
initializ atio n.
revo cati o n_cache_ti me = 10
(IntO p t) Determines the freq uenc y at whic h
the lis t o f revo ked to kens is retrieved fro m
the Id entity s ervic e (in s ec o nd s ). A hig h
numb er o f revo c atio n events c o mb ined with a
lo w c ac he d uratio n may s ig nific antly red uc e
p erfo rmanc e.
si g ni ng _d i r = None
(StrO p t) Direc to ry us ed to c ac he files related
to PKI to kens
to ken_cache_ti me = 300
(IntO p t) In o rd er to p revent exc es s ive effo rt
s p ent valid ating to kens , the mid d leware
c ac hes p revio us ly-s een to kens fo r a
c o nfig urab le d uratio n (in s ec o nd s ). Set to -1
to d is ab le c ac hing c o mp letely.
T ab le 5.6 . D escrip t io n o f C A an d SSL co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[signing]
ca_certs = /etc/keystone/ssl/certs/ca.pem
(StrO p t) Path o f the CA fo r to ken s ig ning .
ca_key = /etc/keystone/ssl/private/cakey.pem
(StrO p t) Path o f the CA key fo r to ken s ig ning .
cert_subject =
(StrO p t) Certific ate s ub jec t (auto g enerated
c ertific ate) fo r to ken s ig ning .
/C=US/ST=Unset/L=Unset/O=Unset/CN=www.ex
ample.com
310
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
certfi l e =
(StrO p t) Path o f the c ertfile fo r to ken s ig ning .
Fo r no n-p ro d uc tio n enviro nments , yo u may
b e interes ted in us ing `keys to ne-manag e
p ki_s etup ` to g enerate s elf-s ig ned
c ertific ates .
/etc/keystone/ssl/certs/signing_cert.pem
key_si ze = 2048
(IntO p t) Key s iz e (in b its ) fo r to ken s ig ning
c ert (auto g enerated c ertific ate).
keyfi l e =
(StrO p t) Path o f the keyfile fo r to ken s ig ning .
/etc/keystone/ssl/private/signing_key.pem
to ken_fo rmat = None
(StrO p t) Dep rec ated in favo r o f p ro vid er in
the [to ken] s ec tio n.
val i d _d ays = 3650
(IntO p t) Days the to ken s ig ning c ert is valid
fo r (auto g enerated c ertific ate).
[ssl]
ca_certs = /etc/keystone/ssl/certs/ca.pem
(StrO p t) Path o f the CA c ert file fo r SSL.
ca_key = /etc/keystone/ssl/private/cakey.pem
(StrO p t) Path o f the CA key file fo r SSL.
cert_req ui red = False
(Bo o lO p t) Req uire c lient c ertific ate.
cert_subject =
(StrO p t) SSL c ertific ate s ub jec t (auto
g enerated c ertific ate).
/C=US/ST=Unset/L=Unset/O=Unset/CN=localhos
t
certfi l e =
/etc/keystone/ssl/certs/keystone.pem
(StrO p t) Path o f the c ertfile fo r SSL. Fo r no np ro d uc tio n enviro nments , yo u may b e
interes ted in us ing `keys to ne-manag e
s s l_s etup ` to g enerate s elf-s ig ned
c ertific ates .
enabl e = False
(Bo o lO p t) To g g le fo r SSL s up p o rt o n the
Keys to ne eventlet s ervers .
key_si ze = 1024
(IntO p t) SSL key leng th (in b its ) (auto
g enerated c ertific ate).
keyfi l e =
(StrO p t) Path o f the keyfile fo r SSL.
/etc/keystone/ssl/private/keystonekey.pem
val i d _d ays = 3650
(IntO p t) Days the c ertific ate is valid fo r o nc e
s ig ned (auto g enerated c ertific ate).
T ab le 5.7. D escrip t io n o f cat alo g co n f ig u rat io n o p t io n s
311
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[cat alog]
cache_ti me = None
(IntO p t) Time to c ac he c atalo g d ata (in
s ec o nd s ). This has no effec t unles s g lo b al
and c atalo g c ac hing are enab led .
cachi ng = True
(Bo o lO p t) To g g le fo r c atalo g c ac hing . This
has no effec t unles s g lo b al c ac hing is
enab led .
d ri ver =
(StrO p t) Catalo g b ac kend d river.
keystone.catalog.backends.sql.Catalog
l i st_l i mi t = None
(IntO p t) Maximum numb er o f entities that will
b e returned in a c atalo g c o llec tio n.
templ ate_fi l e = default_catalog.templates
(StrO p t) Catalo g temp late file name fo r us e
with the temp late c atalo g b ac kend .
T ab le 5.8. D escrip t io n o f co mmo n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
memcached _servers = None
(Lis tO p t) Memc ac hed s ervers o r No ne fo r in
p ro c es s c ac he.
[keyst one_aut ht oken]
memcached _servers = None
(Lis tO p t) O p tio nally s p ec ify a lis t o f
memc ac hed s erver(s ) to us e fo r c ac hing . If
left und efined , to kens will ins tead b e c ac hed
in-p ro c es s .
T ab le 5.9 . D escrip t io n o f cred en t ial co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[credent ial]
d ri ver =
(StrO p t) Cred ential b ac kend d river.
keystone.credential.backends.sql.Credential
T ab le 5.10. D escrip t io n o f d at ab ase co n f ig u rat io n o p t io n s
312
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
[dat abase]
backend = sqlalchemy
(StrO p t) The b ac k end to us e fo r the
d atab as e.
co nnecti o n = None
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the d atab as e.
co nnecti o n_d ebug = 0
(IntO p t) Verb o s ity o f SQ L d eb ug g ing
info rmatio n: 0 =No ne, 10 0 =Everything .
co nnecti o n_trace = False
(Bo o lO p t) Ad d Pytho n s tac k trac es to SQ L
as c o mment s tring s .
d b_i nc_retry_i nterval = True
(Bo o lO p t) If True, inc reas es the interval
b etween d atab as e c o nnec tio n retries up to
d b _max_retry_interval.
d b_max_retri es = 20
(IntO p t) Maximum d atab as e c o nnec tio n
retries b efo re erro r is rais ed . Set to -1 to
s p ec ify an infinite retry c o unt.
d b_max_retry_i nterval = 10
(IntO p t) If d b _inc _retry_interval is s et, the
maximum s ec o nd s b etween d atab as e
c o nnec tio n retries .
d b_retry_i nterval = 1
(IntO p t) Sec o nd s b etween d atab as e
c o nnec tio n retries .
i d l e_ti meo ut = 3600
(IntO p t) Timeo ut b efo re id le SQ L
c o nnec tio ns are reap ed .
max_o verfl o w = None
(IntO p t) If s et, us e this value fo r
max_o verflo w with SQ LAlc hemy.
max_po o l _si ze = None
(IntO p t) Maximum numb er o f SQ L
c o nnec tio ns to keep o p en in a p o o l.
max_retri es = 10
(IntO p t) Maximum numb er o f d atab as e
c o nnec tio n retries d uring s tartup . Set to -1 to
s p ec ify an infinite retry c o unt.
mi n_po o l _si ze = 1
(IntO p t) Minimum numb er o f SQ L
c o nnec tio ns to keep o p en in a p o o l.
313
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
mysq l _sq l _mo d e = TRADITIONAL
(StrO p t) The SQ L mo d e to b e us ed fo r
MySQ L s es s io ns . This o p tio n, inc lud ing the
d efault, o verrid es any s erver-s et SQ L mo d e.
To us e whatever SQ L mo d e is s et b y the
s erver c o nfig uratio n, s et this to no value.
Examp le: mys q l_s q l_mo d e=
po o l _ti meo ut = None
(IntO p t) If s et, us e this value fo r p o o l_timeo ut
with SQ LAlc hemy.
retry_i nterval = 10
(IntO p t) Interval b etween retries o f o p ening a
SQ L c o nnec tio n.
sl ave_co nnecti o n = None
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the s lave d atab as e.
sq l i te_d b = oslo.sqlite
(StrO p t) The file name to us e with SQ Lite.
sq l i te_synchro no us = True
(Bo o lO p t) If True, SQ Lite us es s ync hro no us
mo d e.
use_d b_reco nnect = False
(Bo o lO p t) Enab le the exp erimental us e o f
d atab as e rec o nnec t o n c o nnec tio n lo s t.
T ab le 5.11. D escrip t io n o f lo g g in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
314
backd o o r_po rt = None
(StrO p t) Enab le eventlet b ac kd o o r.
Ac c ep tab le values are 0 , < p o rt> , and
< s tart> :< end > , where 0 res ults in lis tening
o n a rand o m tc p p o rt numb er; < p o rt> res ults
in lis tening o n the s p ec ified p o rt numb er
(and no t enab ling b ac kd o o r if that p o rt is in
us e); and < s tart> :< end > res ults in lis tening
o n the s malles t unus ed p o rt numb er within
the s p ec ified rang e o f p o rt numb ers . The
c ho s en p o rt is d is p layed in the s ervic e' s lo g
file.
pyd ev_d ebug _ho st = None
(StrO p t) Ho s t to c o nnec t to fo r remo te
d eb ug g er.
pyd ev_d ebug _po rt = None
(IntO p t) Po rt to c o nnec t to fo r remo te
d eb ug g er.
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
stand ard _thread s = False
(Bo o lO p t) Do no t mo nkey-p atc h thread ing
s ys tem mo d ules .
[audit ]
namespace = openstack
(StrO p t) names p ac e p refix fo r g enerated id
T ab le 5.12. D escrip t io n o f EC 2 co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[keyst one_ec2 _t oken]
cafi l e = None
(StrO p t) A PEM enc o d ed c ertific ate autho rity
to us e when verifying HTTPS c o nnec tio ns .
Defaults to the s ys tem CAs .
certfi l e = None
(StrO p t) Client c ertific ate key filename.
Req uired if EC2 s erver req uires c lient
c ertific ate.
i nsecure = False
(Bo o lO p t) Dis ab le SSL c ertific ate
verific atio n.
keyfi l e = None
(StrO p t) Req uired if EC2 s erver req uires
c lient c ertific ate.
url = http://localhost:5000/v2.0/ec2tokens
(StrO p t) URL to g et to ken fro m ec 2 req ues t.
T ab le 5.13. D escrip t io n o f f ed erat io n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[federat ion]
asserti o n_prefi x =
(StrO p t) Value to b e us ed when filtering
as s ertio n p arameters fro m the enviro nment.
d ri ver =
(StrO p t) Fed eratio n b ac kend d river.
keystone.contrib.federation.backends.sql.Federa
tion
T ab le 5.14 . D escrip t io n o f id en t it y co n f ig u rat io n o p t io n s
315
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[ident it y]
d efaul t_d o mai n_i d = default
(StrO p t) This referenc es the d o main to us e
fo r all Id entity API v2 req ues ts (whic h are no t
aware o f d o mains ). A d o main with this ID will
b e c reated fo r yo u b y keys to ne-manag e
d b _s ync in mig ratio n 0 0 8 . The d o main
referenc ed b y this ID c anno t b e d eleted o n
the v3 API, to p revent ac c id entally b reaking
the v2 API. There is no thing s p ec ial ab o ut
this d o main, o ther than the fac t that it mus t
exis t to o rd er to maintain s up p o rt fo r yo ur v2
c lients .
d o mai n_co nfi g _d i r =
(StrO p t) Path fo r Keys to ne to lo c ate the
d o main s p ec ific id entity c o nfig uratio n files if
d o main_s p ec ific _d rivers _enab led is s et to
true.
/etc/keystone/domains
d o mai n_speci fi c_d ri vers_enabl ed
= False
d ri ver =
(Bo o lO p t) A s ub s et (o r all) o f d o mains c an
have their o wn id entity d river, eac h with their
o wn p artial c o nfig uratio n file in a d o main
c o nfig uratio n d irec to ry. O nly values s p ec ific
to the d o main need to b e p lac ed in the
d o main s p ec ific c o nfig uratio n file. This
feature is d is ab led b y d efault; s et to true to
enab le.
(StrO p t) Id entity b ac kend d river.
keystone.identity.backends.sql.Identity
l i st_l i mi t = None
(IntO p t) Maximum numb er o f entities that will
b e returned in an id entity c o llec tio n.
max_passwo rd _l eng th = 4096
(IntO p t) Maximum s up p o rted leng th fo r us er
p as s wo rd s ; d ec reas e to imp ro ve
p erfo rmanc e.
T ab le 5.15. D escrip t io n o f K VS co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[kvs]
backend s =
316
(Lis tO p t) Extra d o g p ile.c ac he b ac kend
mo d ules to reg is ter with the d o g p ile.c ac he
lib rary.
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
co nfi g _prefi x = keystone.kvs
(StrO p t) Prefix fo r b uild ing the c o nfig uratio n
d ic tio nary fo r the KVS reg io n. This s ho uld
no t need to b e c hang ed unles s there is
ano ther d o g p ile.c ac he reg io n with the s ame
c o nfig uratio n name.
d efaul t_l o ck_ti meo ut = 5
(IntO p t) Default lo c k timeo ut fo r d is trib uted
lo c king .
enabl e_key_mang l er = True
(Bo o lO p t) To g g le to d is ab le us ing a keymang ling func tio n to ens ure fixed leng th
keys . This is to g g le-ab le fo r d eb ug g ing
p urp o s es , it is hig hly rec o mmend ed to
always leave this s et to true.
T ab le 5.16 . D escrip t io n o f LD AP co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[ldap]
al i as_d ereferenci ng = default
(StrO p t) The LDAP d ereferenc ing o p tio n fo r
q ueries . This c an b e either " never" ,
" s earc hing " , " always " , " find ing " o r " d efault" .
The " d efault" o p tio n falls b ac k to us ing
d efault d ereferenc ing c o nfig ured b y yo ur
ld ap .c o nf.
al l o w_subtree_d el ete = False
(Bo o lO p t) Delete s ub trees us ing the s ub tree
d elete c o ntro l. O nly enab le this o p tio n if yo ur
LDAP s erver s up p o rts s ub tree d eletio n.
auth_po o l _co nnecti o n_l i feti me =
60
(IntO p t) End us er auth c o nnec tio n lifetime in
s ec o nd s .
auth_po o l _si ze = 100
(IntO p t) End us er auth c o nnec tio n p o o l s iz e.
chase_referral s = None
(Bo o lO p t) O verrid e the s ys tem' s d efault
referral c has ing b ehavio r fo r q ueries .
d ebug _l evel = None
(IntO p t) Sets the LDAP d eb ug g ing level fo r
LDAP c alls . A value o f 0 means that
d eb ug g ing is no t enab led . This value is a
b itmas k, c o ns ult yo ur LDAP d o c umentatio n
fo r p o s s ib le values .
d umb_member = cn=dumb,dc=nonexistent
(StrO p t) DN o f the " d ummy memb er" to us e
when " us e_d umb _memb er" is enab led .
317
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
318
Configurat ion opt ion = Default value
Descript ion
g ro up_ad d i ti o nal _attri bute_mapp
i ng =
(Lis tO p t) Ad d itio nal attrib ute map p ing s fo r
g ro up s . Attrib ute map p ing fo rmat is
< ld ap _attr> :< us er_attr> , where ld ap _attr is
the attrib ute in the LDAP entry and us er_attr
is the Id entity API attrib ute.
g ro up_al l o w_create = True
(Bo o lO p t) Allo w g ro up c reatio n in LDAP
b ac kend .
g ro up_al l o w_d el ete = True
(Bo o lO p t) Allo w g ro up d eletio n in LDAP
b ac kend .
g ro up_al l o w_upd ate = True
(Bo o lO p t) Allo w g ro up up d ate in LDAP
b ac kend .
g ro up_attri bute_i g no re =
(Lis tO p t) Lis t o f attrib utes s trip p ed o ff the
g ro up o n up d ate.
g ro up_d esc_attri bute = description
(StrO p t) LDAP attrib ute map p ed to g ro up
d es c rip tio n.
g ro up_fi l ter = None
(StrO p t) LDAP s earc h filter fo r g ro up s .
g ro up_i d _attri bute = cn
(StrO p t) LDAP attrib ute map p ed to g ro up id .
g ro up_member_attri bute = member
(StrO p t) LDAP attrib ute map p ed to s ho w
g ro up memb ers hip .
g ro up_name_attri bute = ou
(StrO p t) LDAP attrib ute map p ed to g ro up
name.
g ro up_o bjectcl ass = groupOfNames
(StrO p t) LDAP o b jec tc las s fo r g ro up s .
g ro up_tree_d n = None
(StrO p t) Searc h b as e fo r g ro up s .
pag e_si ze = 0
(IntO p t) Maximum res ults p er p ag e; a value
o f z ero (" 0 " ) d is ab les p ag ing .
passwo rd = None
(StrO p t) Pas s wo rd fo r the Bind DN to q uery
the LDAP s erver.
po o l _co nnecti o n_l i feti me = 600
(IntO p t) Co nnec tio n lifetime in s ec o nd s .
po o l _co nnecti o n_ti meo ut = -1
(IntO p t) Co nnec to r timeo ut in s ec o nd s .
Value -1 ind ic ates ind efinite wait fo r
res p o ns e.
po o l _retry_d el ay = 0.1
(Flo atO p t) Time s p an in s ec o nd s to wait
b etween two rec o nnec t trials .
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
po o l _retry_max = 3
(IntO p t) Maximum c o unt o f rec o nnec t trials .
po o l _si ze = 10
(IntO p t) Co nnec tio n p o o l s iz e.
pro ject_ad d i ti o nal _attri bute_map
pi ng =
(Lis tO p t) Ad d itio nal attrib ute map p ing s fo r
p ro jec ts . Attrib ute map p ing fo rmat is
< ld ap _attr> :< us er_attr> , where ld ap _attr is
the attrib ute in the LDAP entry and us er_attr
is the Id entity API attrib ute.
pro ject_al l o w_create = True
(Bo o lO p t) Allo w p ro jec t c reatio n in LDAP
b ac kend .
pro ject_al l o w_d el ete = True
(Bo o lO p t) Allo w p ro jec t d eletio n in LDAP
b ac kend .
pro ject_al l o w_upd ate = True
(Bo o lO p t) Allo w p ro jec t up d ate in LDAP
b ac kend .
pro ject_attri bute_i g no re =
(Lis tO p t) Lis t o f attrib utes s trip p ed o ff the
p ro jec t o n up d ate.
pro ject_d esc_attri bute = description
(StrO p t) LDAP attrib ute map p ed to p ro jec t
d es c rip tio n.
pro ject_d o mai n_i d _attri bute =
(StrO p t) LDAP attrib ute map p ed to p ro jec t
d o main_id .
businessCategory
pro ject_enabl ed _attri bute = enabled
(StrO p t) LDAP attrib ute map p ed to p ro jec t
enab led .
pro ject_enabl ed _emul ati o n = False
(Bo o lO p t) If true, Keys to ne us es an
alternative metho d to d etermine if a p ro jec t is
enab led o r no t b y c hec king if they are a
memb er o f the
" p ro jec t_enab led _emulatio n_d n" g ro up .
pro ject_enabl ed _emul ati o n_d n =
None
(StrO p t) DN o f the g ro up entry to ho ld
enab led p ro jec ts when us ing enab led
emulatio n.
pro ject_fi l ter = None
(StrO p t) LDAP s earc h filter fo r p ro jec ts .
pro ject_i d _attri bute = cn
(StrO p t) LDAP attrib ute map p ed to p ro jec t
id .
pro ject_member_attri bute = member
(StrO p t) LDAP attrib ute map p ed to p ro jec t
memb ers hip fo r us er.
319
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
320
Configurat ion opt ion = Default value
Descript ion
pro ject_name_attri bute = ou
(StrO p t) LDAP attrib ute map p ed to p ro jec t
name.
pro ject_o bjectcl ass = groupOfNames
(StrO p t) LDAP o b jec tc las s fo r p ro jec ts .
pro ject_tree_d n = None
(StrO p t) Searc h b as e fo r p ro jec ts
q uery_sco pe = one
(StrO p t) The LDAP s c o p e fo r q ueries , this
c an b e either " o ne" (o nelevel/s ing leLevel) o r
" s ub " (s ub tree/who leSub tree).
ro l e_ad d i ti o nal _attri bute_mappi
ng =
(Lis tO p t) Ad d itio nal attrib ute map p ing s fo r
ro les . Attrib ute map p ing fo rmat is
< ld ap _attr> :< us er_attr> , where ld ap _attr is
the attrib ute in the LDAP entry and us er_attr
is the Id entity API attrib ute.
ro l e_al l o w_create = True
(Bo o lO p t) Allo w ro le c reatio n in LDAP
b ac kend .
ro l e_al l o w_d el ete = True
(Bo o lO p t) Allo w ro le d eletio n in LDAP
b ac kend .
ro l e_al l o w_upd ate = True
(Bo o lO p t) Allo w ro le up d ate in LDAP
b ac kend .
ro l e_attri bute_i g no re =
(Lis tO p t) Lis t o f attrib utes s trip p ed o ff the
ro le o n up d ate.
ro l e_fi l ter = None
(StrO p t) LDAP s earc h filter fo r ro les .
ro l e_i d _attri bute = cn
(StrO p t) LDAP attrib ute map p ed to ro le id .
ro l e_member_attri bute = roleOccupant
(StrO p t) LDAP attrib ute map p ed to ro le
memb ers hip .
ro l e_name_attri bute = ou
(StrO p t) LDAP attrib ute map p ed to ro le
name.
ro l e_o bjectcl ass = organizationalRole
(StrO p t) LDAP o b jec tc las s fo r ro les .
ro l e_tree_d n = None
(StrO p t) Searc h b as e fo r ro les .
suffi x = cn=example,cn=com
(StrO p t) LDAP s erver s uffix
tl s_cacertd i r = None
(StrO p t) CA c ertific ate d irec to ry p ath fo r
c o mmunic ating with LDAP s ervers .
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
tl s_cacertfi l e = None
(StrO p t) CA c ertific ate file p ath fo r
c o mmunic ating with LDAP s ervers .
tl s_req _cert = demand
(StrO p t) Valid o p tio ns fo r tls _req _c ert are
d emand , never, and allo w.
url = ldap://localhost
(StrO p t) URL fo r c o nnec ting to the LDAP
s erver.
use_auth_po o l = False
(Bo o lO p t) Enab le LDAP c o nnec tio n p o o ling
fo r end us er authentic atio n. If us e_p o o l is
d is ab led , then this s etting is meaning les s
and is no t us ed at all.
use_d umb_member = False
(Bo o lO p t) If true, will ad d a d ummy memb er
to g ro up s . This is req uired if the o b jec tc las s
fo r g ro up s req uires the " memb er" attrib ute.
use_po o l = False
(Bo o lO p t) Enab le LDAP c o nnec tio n p o o ling .
use_tl s = False
(Bo o lO p t) Enab le TLS fo r c o mmunic ating
with LDAP s ervers .
user = None
(StrO p t) Us er Bind DN to q uery the LDAP
s erver.
user_ad d i ti o nal _attri bute_mappi n
g =
(Lis tO p t) Lis t o f ad d itio nal LDAP attrib utes
us ed fo r map p ing ad d itio nal attrib ute
map p ing s fo r us ers . Attrib ute map p ing
fo rmat is < ld ap _attr> :< us er_attr> , where
ld ap _attr is the attrib ute in the LDAP entry
and us er_attr is the Id entity API attrib ute.
user_al l o w_create = True
(Bo o lO p t) Allo w us er c reatio n in LDAP
b ac kend .
user_al l o w_d el ete = True
(Bo o lO p t) Allo w us er d eletio n in LDAP
b ac kend .
user_al l o w_upd ate = True
(Bo o lO p t) Allo w us er up d ates in LDAP
b ac kend .
user_attri bute_i g no re =
default_project_id, tenants
(Lis tO p t) Lis t o f attrib utes s trip p ed o ff the
us er o n up d ate.
user_d efaul t_pro ject_i d _attri but
e = None
(StrO p t) LDAP attrib ute map p ed to
d efault_p ro jec t_id fo r us ers .
user_enabl ed _attri bute = enabled
(StrO p t) LDAP attrib ute map p ed to us er
enab led flag .
321
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
322
Configurat ion opt ion = Default value
Descript ion
user_enabl ed _d efaul t = True
(StrO p t) Default value to enab le us ers . This
s ho uld matc h an ap p ro p riate int value if the
LDAP s erver us es no n-b o o lean (b itmas k)
values to ind ic ate if a us er is enab led o r
d is ab led . If this is no t s et to " True" the
typ ic al value is " 512" . This is typ ic ally us ed
when " us er_enab led _attrib ute =
us erAc c o untCo ntro l" .
user_enabl ed _emul ati o n = False
(Bo o lO p t) If true, Keys to ne us es an
alternative metho d to d etermine if a us er is
enab led o r no t b y c hec king if they are a
memb er o f the
" us er_enab led _emulatio n_d n" g ro up .
user_enabl ed _emul ati o n_d n = None
(StrO p t) DN o f the g ro up entry to ho ld
enab led us ers when us ing enab led
emulatio n.
user_enabl ed _i nvert = False
(Bo o lO p t) Invert the meaning o f the b o o lean
enab led values . So me LDAP s ervers us e a
b o o lean lo c k attrib ute where " true" means an
ac c o unt is d is ab led . Setting
" us er_enab led _invert = true" will allo w thes e
lo c k attrib utes to b e us ed . This s etting will
have no effec t if " us er_enab led _mas k" o r
" us er_enab led _emulatio n" s etting s are in
us e.
user_enabl ed _mask = 0
(IntO p t) Bitmas k integ er to ind ic ate the b it
that the enab led value is s to red in if the LDAP
s erver rep res ents " enab led " as a b it o n an
integ er rather than a b o o lean. A value o f " 0 "
ind ic ates the mas k is no t us ed . If this is no t
s et to " 0 " the typ ic al value is " 2" . This is
typ ic ally us ed when " us er_enab led _attrib ute
= us erAc c o untCo ntro l" .
user_fi l ter = None
(StrO p t) LDAP s earc h filter fo r us ers .
user_i d _attri bute = cn
(StrO p t) LDAP attrib ute map p ed to us er id .
WARNING : mus t no t b e a multivalued
attrib ute.
user_mai l _attri bute = mail
(StrO p t) LDAP attrib ute map p ed to us er
email.
user_name_attri bute = sn
(StrO p t) LDAP attrib ute map p ed to us er
name.
user_o bjectcl ass = inetOrgPerson
(StrO p t) LDAP o b jec tc las s fo r us ers .
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
user_pass_attri bute = userPassword
(StrO p t) LDAP attrib ute map p ed to
p as s wo rd .
user_tree_d n = None
(StrO p t) Searc h b as e fo r us ers .
T ab le 5.17. D escrip t io n o f lo g g in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d ebug = False
(Bo o lO p t) Print d eb ug g ing o utp ut (s et
lo g g ing level to DEBUG ins tead o f d efault
WARNING level).
d efaul t_l o g _l evel s = amqp=WARN,
(Lis tO p t) Lis t o f lo g g er=LEVEL p airs .
amqplib=WARN, boto=WARN, qpid=WARN,
sqlalchemy=WARN, suds=INFO,
oslo.messaging=INFO, iso8601=WARN,
requests.packages.urllib3.connectionpool=WAR
N, urllib3.connectionpool=WARN,
websocket=WARN, keystonemiddleware=WARN,
routes.middleware=WARN, stevedore=WARN
fatal _d eprecati o ns = False
(Bo o lO p t) Enab les o r d is ab les fatal s tatus o f
d ep rec atio ns .
i nstance_fo rmat = "[instance: %(uuid)s] "
(StrO p t) The fo rmat fo r an ins tanc e that is
p as s ed with the lo g mes s ag e.
i nstance_uui d _fo rmat = "[instance: %
(StrO p t) The fo rmat fo r an ins tanc e UUID that
is p as s ed with the lo g mes s ag e.
(uuid)s] "
l o g _co nfi g _append = None
(StrO p t) The name o f a lo g g ing
c o nfig uratio n file. This file is ap p end ed to
any exis ting lo g g ing c o nfig uratio n files . Fo r
d etails ab o ut lo g g ing c o nfig uratio n files , s ee
the Pytho n lo g g ing mo d ule d o c umentatio n.
l o g _d ate_fo rmat = %Y-%m-%d
(StrO p t) Fo rmat s tring fo r % % (as c time)s in
lo g rec o rd s . Default: % (d efault)s .
%H:%M:%S
l o g _d i r = None
(StrO p t) (O p tio nal) The b as e d irec to ry us ed
fo r relative --lo g -file p aths .
l o g _fi l e = None
(StrO p t) (O p tio nal) Name o f lo g file to o utp ut
to . If no d efault is s et, lo g g ing will g o to
s td o ut.
323
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
l o g _fo rmat = None
(StrO p t) DEPRECATED. A lo g g ing .Fo rmatter
lo g mes s ag e fo rmat s tring whic h may us e
any o f the availab le lo g g ing .Lo g Rec o rd
attrib utes . This o p tio n is d ep rec ated . Pleas e
us e lo g g ing _c o ntext_fo rmat_s tring and
lo g g ing _d efault_fo rmat_s tring ins tead .
l o g g i ng _co ntext_fo rmat_stri ng =
(StrO p t) Fo rmat s tring to us e fo r lo g
mes s ag es with c o ntext.
%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [%(request_id)s %
(user_identity)s] %(instance)s%(message)s
l o g g i ng _d ebug _fo rmat_suffi x = %
(funcName)s %(pathname)s:%(lineno)d
l o g g i ng _d efaul t_fo rmat_stri ng =
%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [-] %(instance)s%
(message)s
l o g g i ng _excepti o n_prefi x = %
(asctime)s.%(msecs)03d %(process)d TRACE %
(name)s %(instance)s
(StrO p t) Data to ap p end to lo g fo rmat when
level is DEBUG .
(StrO p t) Fo rmat s tring to us e fo r lo g
mes s ag es witho ut c o ntext.
(StrO p t) Prefix eac h line o f exc ep tio n o utp ut
with this fo rmat.
publ i sh_erro rs = False
(Bo o lO p t) Enab les o r d is ab les p ub lic atio n
o f erro r events .
sysl o g _l o g _faci l i ty = LOG_USER
(StrO p t) Sys lo g fac ility to rec eive lo g lines .
use_std err = True
(Bo o lO p t) Lo g o utp ut to s tand ard erro r.
use_sysl o g = False
(Bo o lO p t) Us e s ys lo g fo r lo g g ing . Exis ting
s ys lo g fo rmat is DEPRECATED d uring I, and
will c hang e in J to ho no r RFC5424.
use_sysl o g _rfc_fo rmat = False
(Bo o lO p t) (O p tio nal) Enab les o r d is ab les
s ys lo g rfc 5424 fo rmat fo r lo g g ing . If
enab led , p refixes the MSG p art o f the s ys lo g
mes s ag e with APP-NAME (RFC5424). The
fo rmat witho ut the APP-NAME is d ep rec ated
in I, and will b e remo ved in J.
verbo se = False
(Bo o lO p t) Print mo re verb o s e o utp ut (s et
lo g g ing level to INFO ins tead o f d efault
WARNING level).
T ab le 5.18. D escrip t io n o f map p in g co n f ig u rat io n o p t io n s
324
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
[ident it y_mapping]
backward _co mpati bl e_i d s = True
(Bo o lO p t) The fo rmat o f us er and g ro up IDs
c hang ed in Juno fo r b ac kend s that d o no t
g enerate UUIDs (e.g . LDAP), with keys to ne
p ro vid ing a has h map p ing to the und erlying
attrib ute in LDAP. By d efault this map p ing is
d is ab led , whic h ens ures that exis ting IDs will
no t c hang e. Even when the map p ing is
enab led b y us ing d o main s p ec ific d rivers ,
any us ers and g ro up s fro m the d efault
d o main b eing hand led b y LDAP will s till no t
b e map p ed to ens ure their IDs remain
b ac kward c o mp atib le. Setting this value to
Fals e will enab le the map p ing fo r even the
d efault LDAP d river. It is o nly s afe to d o this
if yo u d o no t alread y have as s ig nments fo r
us ers and g ro up s fro m the d efault LDAP
d o main, and it is ac c ep tab le fo r Keys to ne to
p ro vid e the d ifferent IDs to c lients than it d id
p revio us ly. Typ ic ally this means that the o nly
time yo u c an s et this value to Fals e is when
c o nfig uring a fres h ins tallatio n.
d ri ver =
(StrO p t) Keys to ne Id entity Map p ing b ac kend
d river.
keystone.identity.mapping_backends.sql.Mappin
g
g enerato r =
keystone.identity.id_generators.sha256.Generat
or
(StrO p t) Pub lic ID g enerato r fo r us er and
g ro up entities . The Keys to ne id entity map p er
o nly s up p o rts g enerato rs that p ro d uc e no
mo re than 6 4 c harac ters .
T ab le 5.19 . D escrip t io n o f memcach e co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[memcache]
servers = localhost:11211
(Lis tO p t) Memc ac he s ervers in the fo rmat o f
" ho s t:p o rt" .
so cket_ti meo ut = 3
(IntO p t) Timeo ut in s ec o nd s fo r every c all to
a s erver. This is us ed b y the key value s to re
s ys tem (e.g . to ken p o o led memc ac hed
p ers is tenc e b ac kend ).
T ab le 5.20. D escrip t io n o f O Au t h co n f ig u rat io n o p t io n s
325
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[oaut h1 ]
access_to ken_d urati o n = 86400
(IntO p t) Duratio n (in s ec o nd s ) fo r the O Auth
Ac c es s To ken.
d ri ver =
(StrO p t) Cred ential b ac kend d river.
keystone.contrib.oauth1.backends.sql.OAuth1
req uest_to ken_d urati o n = 28800
(IntO p t) Duratio n (in s ec o nd s ) fo r the O Auth
Req ues t To ken.
T ab le 5.21. D escrip t io n o f o s_in h erit co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[os_inherit ]
enabl ed = False
(Bo o lO p t) ro le-as s ig nment inheritanc e to
p ro jec ts fro m o wning d o main c an b e
o p tio nally enab led .
T ab le 5.22. D escrip t io n o f p o licy co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
po l i cy_d efaul t_rul e = default
(StrO p t) Default rule. Enfo rc ed when a
req ues ted rule is no t fo und .
po l i cy_d i rs = ['policy.d']
(MultiStrO p t) Direc to ries where p o lic y
c o nfig uratio n files are s to red . They c an b e
relative to any d irec to ry in the s earc h p ath
d efined b y the c o nfig _d ir o p tio n, o r ab s o lute
p aths . The file d efined b y p o lic y_file mus t
exis t fo r thes e d irec to ries to b e s earc hed .
po l i cy_fi l e = policy.json
(StrO p t) The JSO N file that d efines p o lic ies .
[policy]
326
d ri ver = keystone.policy.backends.sql.Policy
(StrO p t) Po lic y b ac kend d river.
l i st_l i mi t = None
(IntO p t) Maximum numb er o f entities that will
b e returned in a p o lic y c o llec tio n.
CHAPT ER 5. IDENT IT Y SERVICE
T ab le 5.23. D escrip t io n o f revo ke co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[revoke]
cachi ng = True
(Bo o lO p t) To g g le fo r revo c atio n event
c ac hing . This has no effec t unles s g lo b al
c ac hing is enab led .
d ri ver =
(StrO p t) An imp lementatio n o f the b ac kend
fo r p ers is ting revo c atio n events .
keystone.contrib.revoke.backends.sql.Revoke
expi rati o n_buffer = 1800
(IntO p t) This value (c alc ulated in s ec o nd s ) is
ad d ed to to ken exp iratio n b efo re a
revo c atio n event may b e remo ved fro m the
b ac kend .
T ab le 5.24 . D escrip t io n o f SAML co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[saml]
asserti o n_expi rati o n_ti me = 3600
(IntO p t) Default TTL, in s ec o nd s , fo r any
g enerated SAML as s ertio n c reated b y
Keys to ne.
certfi l e =
(StrO p t) Path o f the c ertfile fo r SAML s ig ning .
Fo r no n-p ro d uc tio n enviro nments , yo u may
b e interes ted in us ing `keys to ne-manag e
p ki_s etup ` to g enerate s elf-s ig ned
c ertific ates . No te, the p ath c anno t c o ntain a
c o mma.
/etc/keystone/ssl/certs/signing_cert.pem
i d p_co ntact_co mpany = None
(StrO p t) Co mp any o f c o ntac t p ers o n.
i d p_co ntact_emai l = None
(StrO p t) Email ad d res s o f c o ntac t p ers o n.
i d p_co ntact_name = None
(StrO p t) G iven name o f c o ntac t p ers o n
i d p_co ntact_surname = None
(StrO p t) Surname o f c o ntac t p ers o n.
i d p_co ntact_tel epho ne = None
(StrO p t) Telep ho ne numb er o f c o ntac t
p ers o n.
i d p_co ntact_type = other
(StrO p t) Co ntac t typ e. Allo wed values are:
tec hnic al, s up p o rt, ad minis trative b illing , and
o ther
327
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
i d p_enti ty_i d = None
(StrO p t) Entity ID value fo r uniq ue Id entity
Pro vid er id entific atio n. Us ually FQ DN is s et
with a s uffix. A value is req uired to g enerate
IDP Metad ata. Fo r examp le:
http s ://keys to ne.examp le.c o m/v3/O SFEDERATIO N/s aml2/id p
i d p_l ang = en
(StrO p t) Lang uag e us ed b y the o rg aniz atio n.
i d p_metad ata_path =
(StrO p t) Path to the Id entity Pro vid er
Metad ata file. This file s ho uld b e g enerated
with the keys to ne-manag e
s aml_id p _metad ata c o mmand .
/etc/keystone/saml2_idp_metadata.xml
i d p_o rg ani zati o n_d i spl ay_name =
(StrO p t) O rg aniz atio n name to b e d is p layed .
None
i d p_o rg ani zati o n_name = None
(StrO p t) O rg aniz atio n name the ins tallatio n
b elo ng s to .
i d p_o rg ani zati o n_url = None
(StrO p t) URL o f the o rg aniz atio n.
i d p_sso _end po i nt = None
(StrO p t) Id entity Pro vid er Sing le-Sig n-O n
s ervic e value, req uired in the Id entity
Pro vid er' s metad ata. A value is req uired to
g enerate IDP Metad ata. Fo r examp le:
http s ://keys to ne.examp le.c o m/v3/O SFEDERATIO N/s aml2/s s o
keyfi l e =
(StrO p t) Path o f the keyfile fo r SAML s ig ning .
No te, the p ath c anno t c o ntain a c o mma.
/etc/keystone/ssl/private/signing_key.pem
xml sec1_bi nary = xmlsec1
(StrO p t) Binary to b e c alled fo r XML s ig ning .
Ins tall the ap p ro p riate p ac kag e, s p ec ify
ab s o lute p ath o r ad jus t yo ur PATH
enviro nment variab le if the b inary c anno t b e
fo und .
T ab le 5.25. D escrip t io n o f secu rit y co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
crypt_streng th = 40000
(IntO p t) The value p as s ed as the keywo rd
" ro und s " to p as s lib ' s enc ryp t metho d .
T ab le 5.26 . D escrip t io n o f st at s co n f ig u rat io n o p t io n s
328
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
[st at s]
d river =
keys to ne.c o ntrib .s tats .b ac kend s .kvs .Stats
(StrO p t) Stats b ac kend d river.
T ab le 5.27. D escrip t io n o f t est in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
fake_rabbi t = False
(Bo o lO p t) Dep rec ated , us e
rp c _b ac kend =ko mb u+ memo ry o r
rp c _b ac kend =fake
T ab le 5.28. D escrip t io n o f t o ken co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[t oken]
bi nd =
(Lis tO p t) External auth mec hanis ms that
s ho uld ad d b ind info rmatio n to to ken, e.g .,
kerb ero s ,x50 9 .
cache_ti me = None
(IntO p t) Time to c ac he to kens (in s ec o nd s ).
This has no effec t unles s g lo b al and to ken
c ac hing are enab led .
cachi ng = True
(Bo o lO p t) To g g le fo r to ken s ys tem c ac hing .
This has no effec t unles s g lo b al c ac hing is
enab led .
d ri ver =
(StrO p t) To ken p ers is tenc e b ac kend d river.
keystone.token.persistence.backends.sql.Token
enfo rce_to ken_bi nd = permissive
(StrO p t) Enfo rc ement p o lic y o n to kens
p res ented to Keys to ne with b ind info rmatio n.
O ne o f d is ab led , p ermis s ive, s tric t, req uired
o r a s p ec ific ally req uired b ind mo d e, e.g .,
kerb ero s o r x50 9 to req uire b ind ing to that
authentic atio n.
expi rati o n = 3600
(IntO p t) Amo unt o f time a to ken s ho uld
remain valid (in s ec o nd s ).
329
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
hash_al g o ri thm = md5
(StrO p t) The has h alg o rithm to us e fo r PKI
to kens . This c an b e s et to any alg o rithm that
has hlib s up p o rts . WARNING : Befo re
c hang ing this value, the auth_to ken
mid d leware mus t b e c o nfig ured with the
has h_alg o rithms , o therwis e to ken revo c atio n
will no t b e p ro c es s ed c o rrec tly.
pro vi d er = None
(StrO p t) Co ntro ls the to ken c o ns truc tio n,
valid atio n, and revo c atio n o p eratio ns . Co re
p ro vid ers are " keys to ne.to ken.p ro vid ers .
[p kiz |p ki|uuid ].Pro vid er" . The d efault
p ro vid er is uuid .
revo cati o n_cache_ti me = 3600
(IntO p t) Time to c ac he the revo c atio n lis t and
the revo c atio n events if revo ke extens io n is
enab led (in s ec o nd s ). This has no effec t
unles s g lo b al and to ken c ac hing are
enab led .
revo ke_by_i d = True
(Bo o lO p t) Revo ke to ken b y to ken id entifier.
Setting revo ke_b y_id to true enab les vario us
fo rms o f enumerating to kens , e.g . `lis t to kens
fo r us er`. Thes e enumeratio ns are p ro c es s ed
to d etermine the lis t o f to kens to revo ke. O nly
d is ab le if yo u are s witc hing to us ing the
Revo ke extens io n with a b ac kend o ther than
KVS, whic h s to res events in memo ry.
T ab le 5.29 . D escrip t io n o f t ru st co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[t rust ]
d ri ver = keystone.trust.backends.sql.Trust
(StrO p t) Trus t b ac kend d river.
enabl ed = True
(Bo o lO p t) Deleg atio n and imp ers o natio n
features c an b e o p tio nally d is ab led .
T ab le 5.30. D escrip t io n o f R PC co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
[DEFAULT ]
330
Descript ion
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
matchmaker_heartbeat_freq = 300
(IntO p t) Heartb eat freq uenc y.
matchmaker_heartbeat_ttl = 600
(IntO p t) Heartb eat time-to -live.
rpc_backend = rabbit
(StrO p t) The mes s ag ing d river to us e,
d efaults to rab b it. O ther d rivers inc lud e q p id
and z mq .
rpc_cast_ti meo ut = 30
(IntO p t) Sec o nd s to wait b efo re a c as t
exp ires (TTL). O nly s up p o rted b y imp l_z mq .
rpc_co nn_po o l _si ze = 30
(IntO p t) Siz e o f RPC c o nnec tio n p o o l.
rpc_respo nse_ti meo ut = 60
(IntO p t) Sec o nd s to wait fo r a res p o ns e fro m
a c all.
rpc_thread _po o l _si ze = 64
(IntO p t) Siz e o f RPC g reenthread p o o l.
[oslo_messaging_amqp]
al l o w_i nsecure_cl i ents = False
(Bo o lO p t) Ac c ep t c lients us ing either SSL o r
p lain TCP
bro ad cast_prefi x = broadcast
(StrO p t) ad d res s p refix us ed when
b ro ad c as ting to all s ervers
co ntai ner_name = None
(StrO p t) Name fo r the AMQ P c o ntainer
g ro up_req uest_prefi x = unicast
(StrO p t) ad d res s p refix when s end ing to any
s erver in g ro up
i d l e_ti meo ut = 0
(IntO p t) Timeo ut fo r inac tive c o nnec tio ns (in
s ec o nd s )
server_req uest_prefi x = exclusive
(StrO p t) ad d res s p refix us ed when s end ing
to a s p ec ific s erver
ssl _ca_fi l e =
(StrO p t) CA c ertific ate PEM file fo r verifing
s erver c ertific ate
ssl _cert_fi l e =
(StrO p t) Id entifying c ertific ate PEM file to
p res ent to c lients
ssl _key_fi l e =
(StrO p t) Private key PEM file us ed to s ig n
c ert_file c ertific ate
ssl _key_passwo rd = None
(StrO p t) Pas s wo rd fo r d ec ryp ting
s s l_key_file (if enc ryp ted )
331
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
trace = False
(Bo o lO p t) Deb ug : d ump AMQ P frames to
s td o ut
T ab le 5.31. D escrip t io n o f AMQ P co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
amq p_auto _d el ete = False
(Bo o lO p t) Auto -d elete q ueues in AMQ P.
amq p_d urabl e_q ueues = False
(Bo o lO p t) Us e d urab le q ueues in AMQ P.
co ntro l _exchang e = keystone
(StrO p t) The d efault exc hang e und er whic h
to p ic s are s c o p ed . May b e o verrid d en b y an
exc hang e name s p ec ified in the trans p o rt_url
o p tio n.
d efaul t_publ i sher_i d = None
(StrO p t) Default p ub lis her_id fo r o utg o ing
no tific atio ns
no ti fi cati o n_d ri ver = []
(MultiStrO p t) Driver o r d rivers to hand le
s end ing no tific atio ns .
no ti fi cati o n_to pi cs = notifications
(Lis tO p t) AMQ P to p ic us ed fo r O p enStac k
no tific atio ns .
transpo rt_url = None
(StrO p t) A URL rep res enting the mes s ag ing
d river to us e and its full c o nfig uratio n. If no t
s et, we fall b ac k to the rp c _b ac kend o p tio n
and d river s p ec ific c o nfig uratio n.
T ab le 5.32. D escrip t io n o f Q p id co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
332
q pi d _heartbeat = 60
(IntO p t) Sec o nd s b etween c o nnec tio n
keep alive heartb eats .
q pi d _ho stname = localhost
(StrO p t) Q p id b ro ker ho s tname.
q pi d _ho sts = $qpid_hostname:$qpid_port
(Lis tO p t) Q p id HA c lus ter ho s t:p o rt p airs .
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
q pi d _passwo rd =
(StrO p t) Pas s wo rd fo r Q p id c o nnec tio n.
q pi d _po rt = 5672
(IntO p t) Q p id b ro ker p o rt.
q pi d _pro to co l = tcp
(StrO p t) Trans p o rt to us e, either ' tc p ' o r
' s s l' .
q pi d _recei ver_capaci ty = 1
(IntO p t) The numb er o f p refetc hed mes s ag es
held b y rec eiver.
q pi d _sasl _mechani sms =
(StrO p t) Sp ac e s ep arated lis t o f SASL
mec hanis ms to us e fo r auth.
q pi d _tcp_no d el ay = True
(Bo o lO p t) Whether to d is ab le the Nag le
alg o rithm.
q pi d _to po l o g y_versi o n = 1
(IntO p t) The q p id to p o lo g y vers io n to us e.
Vers io n 1 is what was o rig inally us ed b y
imp l_q p id . Vers io n 2 inc lud es s o me
b ac kward s -inc o mp atib le c hang es that allo w
b ro ker fed eratio n to wo rk. Us ers s ho uld
up d ate to vers io n 2 when they are ab le to
take everything d o wn, as it req uires a c lean
b reak.
q pi d _username =
(StrO p t) Us ername fo r Q p id c o nnec tio n.
T ab le 5.33. D escrip t io n o f R ab b it MQ co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ko mbu_reco nnect_d el ay = 1.0
(Flo atO p t) Ho w lo ng to wait b efo re
rec o nnec ting in res p o ns e to an AMQ P
c o ns umer c anc el no tific atio n.
ko mbu_ssl _ca_certs =
(StrO p t) SSL c ertific atio n autho rity file (valid
o nly if SSL enab led ).
ko mbu_ssl _certfi l e =
(StrO p t) SSL c ert file (valid o nly if SSL
enab led ).
ko mbu_ssl _keyfi l e =
(StrO p t) SSL key file (valid o nly if SSL
enab led ).
333
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
ko mbu_ssl _versi o n =
(StrO p t) SSL vers io n to us e (valid o nly if SSL
enab led ). valid values are TLSv1 and SSLv23.
SSLv2 and SSLv3 may b e availab le o n s o me
d is trib utio ns .
rabbi t_ha_q ueues = False
(Bo o lO p t) Us e HA q ueues in Rab b itMQ (xha-p o lic y: all). If yo u c hang e this o p tio n, yo u
mus t wip e the Rab b itMQ d atab as e.
rabbi t_ho st = localhost
(StrO p t) The Rab b itMQ b ro ker ad d res s
where a s ing le no d e is us ed .
rabbi t_ho sts = $rabbit_host:$rabbit_port
(Lis tO p t) Rab b itMQ HA c lus ter ho s t:p o rt
p airs .
rabbi t_l o g i n_metho d = AMQPLAIN
(StrO p t) The Rab b itMQ lo g in metho d .
rabbi t_max_retri es = 0
(IntO p t) Maximum numb er o f Rab b itMQ
c o nnec tio n retries . Default is 0 (infinite retry
c o unt).
rabbi t_passwo rd = guest
(StrO p t) The Rab b itMQ p as s wo rd .
rabbi t_po rt = 5672
(IntO p t) The Rab b itMQ b ro ker p o rt where a
s ing le no d e is us ed .
rabbi t_retry_backo ff = 2
(IntO p t) Ho w lo ng to b ac ko ff fo r b etween
retries when c o nnec ting to Rab b itMQ .
rabbi t_retry_i nterval = 1
(IntO p t) Ho w freq uently to retry c o nnec ting
with Rab b itMQ .
rabbi t_use_ssl = False
(Bo o lO p t) Co nnec t o ver SSL fo r Rab b itMQ .
rabbi t_useri d = guest
(StrO p t) The Rab b itMQ us erid .
rabbi t_vi rtual _ho st = /
(StrO p t) The Rab b itMQ virtual ho s t.
T ab le 5.34 . D escrip t io n o f R ed is co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[mat chmaker_redis]
ho st = 127.0.0.1
334
(StrO p t) Ho s t to lo c ate red is .
CHAPT ER 5. IDENT IT Y SERVICE
Configurat ion opt ion = Default value
Descript ion
passwo rd = None
(StrO p t) Pas s wo rd fo r Red is s erver
(o p tio nal).
po rt = 6379
(IntO p t) Us e this p o rt to c o nnec t to red is
ho s t.
[mat chmaker_ring]
ri ng fi l e = /etc/oslo/matchmaker_ring.json
(StrO p t) Matc hmaker ring file (JSO N).
5.3. IDENT IT Y SERVICE SAMPLE CONFIGURAT ION FILES
You can find the files described in this section in the /etc/keysto ne directory.
5.3.1. keyst one.conf
Use the keysto ne. co nf file to configure most Identity service options:
[DEFAULT]
#
# Options defined in keystone
#
# A "shared secret" that can be used to bootstrap Keystone.
# This "token" does not represent a user, and carries no
# explicit authorization. To disable in production (highly
# recommended), remove AdminTokenAuthMiddleware from your
# paste application pipelines (for example, in keystone# paste.ini). (string value)
#admin_token=ADMIN
# The IP address of the network interface for the public
# service to listen on. (string value)
# Deprecated group/name - [DEFAULT]/bind_host
#public_bind_host=0.0.0.0
# The IP address of the network interface for the admin
# service to listen on. (string value)
# Deprecated group/name - [DEFAULT]/bind_host
#admin_bind_host=0.0.0.0
#
#
#
#
#
#
#
(Deprecated) The port which the OpenStack Compute service
listens on. This option was only used for string replacement
in the templated catalog backend. Templated catalogs should
replace the "$(compute_port)s" substitution with the static
port of the compute service. As of Juno, this option is
deprecated and will be removed in the L release. (integer
value)
335
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#compute_port=8774
# The port number which the admin service listens on. (integer
# value)
#admin_port=35357
# The port number which the public service listens on.
# (integer value)
#public_port=5000
# The base public endpoint URL for Keystone that is advertised
# to clients (NOTE: this does NOT affect how Keystone listens
# for connections). Defaults to the base host URL of the
# request. E.g. a request to http://server:5000/v2.0/users
# will default to http://server:5000. You should only need to
# set this value if the base URL contains a path (e.g.
# /prefix/v2.0) or the endpoint should be found on a different
# server. (string value)
#public_endpoint=<None>
# The base admin endpoint URL for Keystone that is advertised
# to clients (NOTE: this does NOT affect how Keystone listens
# for connections). Defaults to the base host URL of the
# request. E.g. a request to http://server:35357/v2.0/users
# will default to http://server:35357. You should only need to
# set this value if the base URL contains a path (e.g.
# /prefix/v2.0) or the endpoint should be found on a different
# server. (string value)
#admin_endpoint=<None>
# The number of worker processes to serve the public WSGI
# application. Defaults to number of CPUs (minimum of 2).
# (integer value)
#public_workers=<None>
# The number of worker processes to serve the admin WSGI
# application. Defaults to number of CPUs (minimum of 2).
# (integer value)
#admin_workers=<None>
# Enforced by optional sizelimit middleware
# (keystone.middleware:RequestBodySizeLimiter). (integer
# value)
#max_request_body_size=114688
# Limit the sizes of user & project ID/names. (integer value)
#max_param_size=64
# Similar to max_param_size, but provides an exception for
# token values. (integer value)
#max_token_size=8192
#
#
#
#
336
During a SQL upgrade member_role_id will be used to create a
new role that will replace records in the assignment table
with explicit role grants. After migration, the
member_role_id will be used in the API add_user_to_project.
CHAPT ER 5. IDENT IT Y SERVICE
# (string value)
#member_role_id=9fe2ff9ee4384b1894a90878d3e92bab
# During a SQL upgrade member_role_name will be used to create
# a new role that will replace records in the assignment table
# with explicit role grants. After migration, member_role_name
# will be ignored. (string value)
#member_role_name=_member_
# The value passed as the keyword "rounds" to passlib's
# encrypt method. (integer value)
#crypt_strength=40000
# Set this to true if you want to enable TCP_KEEPALIVE on
# server sockets, i.e. sockets used by the Keystone wsgi
# server for client connections. (boolean value)
#tcp_keepalive=false
# Sets the value of TCP_KEEPIDLE in seconds for each server
# socket. Only applies if tcp_keepalive is true. Not supported
# on OS X. (integer value)
#tcp_keepidle=600
# The maximum number of entities that will be returned in a
# collection, with no limit set by default. This global limit
# may be then overridden for a specific driver, by specifying
# a list_limit in the appropriate section (e.g. [assignment]).
# (integer value)
#list_limit=<None>
# Set this to false if you want to enable the ability for
# user, group and project entities to be moved between domains
# by updating their domain_id. Allowing such movement is not
# recommended if the scope of a domain admin is being
# restricted by use of an appropriate policy file (see
# policy.v3cloudsample as an example). (boolean value)
#domain_id_immutable=true
# If set to true, strict password length checking is performed
# for password manipulation. If a password exceeds the maximum
# length, the operation will fail with an HTTP 403 Forbidden
# error. If set to false, passwords are automatically
# truncated to the maximum length. (boolean value)
#strict_password_check=false
#
# Options defined in oslo.messaging
#
# Use durable queues in amqp. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
#amqp_durable_queues=false
# Auto-delete queues in amqp. (boolean value)
#amqp_auto_delete=false
337
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Size of RPC connection pool. (integer value)
#rpc_conn_pool_size=30
# Qpid broker hostname. (string value)
#qpid_hostname=localhost
# Qpid broker port. (integer value)
#qpid_port=5672
# Qpid HA cluster host:port pairs. (list value)
#qpid_hosts=$qpid_hostname:$qpid_port
# Username for Qpid connection. (string value)
#qpid_username=
# Password for Qpid connection. (string value)
#qpid_password=
# Space separated list of SASL mechanisms to use for auth.
# (string value)
#qpid_sasl_mechanisms=
# Seconds between connection keepalive heartbeats. (integer
# value)
#qpid_heartbeat=60
# Transport to use, either 'tcp' or 'ssl'. (string value)
#qpid_protocol=tcp
# Whether to disable the Nagle algorithm. (boolean value)
#qpid_tcp_nodelay=true
# The number of prefetched messages held by receiver. (integer
# value)
#qpid_receiver_capacity=1
# The qpid topology version to use. Version 1 is what was
# originally used by impl_qpid. Version 2 includes some
# backwards-incompatible changes that allow broker federation
# to work. Users should update to version 2 when they are
# able to take everything down, as it requires a clean break.
# (integer value)
#qpid_topology_version=1
# SSL version to use (valid only if SSL enabled). valid values
# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some
# distributions. (string value)
#kombu_ssl_version=
# SSL key file (valid only if SSL enabled). (string value)
#kombu_ssl_keyfile=
# SSL cert file (valid only if SSL enabled). (string value)
#kombu_ssl_certfile=
338
CHAPT ER 5. IDENT IT Y SERVICE
# SSL certification authority file (valid only if SSL
# enabled). (string value)
#kombu_ssl_ca_certs=
# How long to wait before reconnecting in response to an AMQP
# consumer cancel notification. (floating point value)
#kombu_reconnect_delay=1.0
# The RabbitMQ broker address where a single node is used.
# (string value)
#rabbit_host=localhost
# The RabbitMQ broker port where a single node is used.
# (integer value)
#rabbit_port=5672
# RabbitMQ HA cluster host:port pairs. (list value)
#rabbit_hosts=$rabbit_host:$rabbit_port
# Connect over SSL for RabbitMQ. (boolean value)
#rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
#rabbit_userid=guest
# The RabbitMQ password. (string value)
#rabbit_password=guest
# the RabbitMQ login method (string value)
#rabbit_login_method=AMQPLAIN
# The RabbitMQ virtual host. (string value)
#rabbit_virtual_host=/
# How frequently to retry connecting with RabbitMQ. (integer
# value)
#rabbit_retry_interval=1
# How long to backoff for between retries when connecting to
# RabbitMQ. (integer value)
#rabbit_retry_backoff=2
# Maximum number of RabbitMQ connection retries. Default is 0
# (infinite retry count). (integer value)
#rabbit_max_retries=0
# Use HA queues in RabbitMQ (x-ha-policy: all). If you change
# this option, you must wipe the RabbitMQ database. (boolean
# value)
#rabbit_ha_queues=false
# If passed, use a fake RabbitMQ provider. (boolean value)
#fake_rabbit=false
# ZeroMQ bind address. Should be a wildcard (*), an ethernet
# interface, or IP. The "host" option should point or resolve
339
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# to this address. (string value)
#rpc_zmq_bind_address=*
# MatchMaker driver. (string value)
#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocal
host
# ZeroMQ receiver listening port. (integer value)
#rpc_zmq_port=9501
# Number of ZeroMQ contexts, defaults to 1. (integer value)
#rpc_zmq_contexts=1
# Maximum number of ingress messages to locally buffer per
# topic. Default is unlimited. (integer value)
#rpc_zmq_topic_backlog=<None>
# Directory for holding IPC sockets. (string value)
#rpc_zmq_ipc_dir=/var/run/openstack
# Name of this node. Must be a valid hostname, FQDN, or IP
# address. Must match "host" option, if running Nova. (string
# value)
#rpc_zmq_host=keystone
# Seconds to wait before a cast expires (TTL). Only supported
# by impl_zmq. (integer value)
#rpc_cast_timeout=30
# Heartbeat frequency. (integer value)
#matchmaker_heartbeat_freq=300
# Heartbeat time-to-live. (integer value)
#matchmaker_heartbeat_ttl=600
# Size of RPC greenthread pool. (integer value)
#rpc_thread_pool_size=64
# Driver or drivers to handle sending notifications. (multi
# valued)
#notification_driver=
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
#notification_topics=notifications
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout=60
# A URL representing the messaging driver to use and its full
# configuration. If not set, we fall back to the rpc_backend
# option and driver specific configuration. (string value)
#transport_url=<None>
# The messaging driver to use, defaults to rabbit. Other
# drivers include qpid and zmq. (string value)
34 0
CHAPT ER 5. IDENT IT Y SERVICE
#rpc_backend=rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the
# transport_url option. (string value)
#control_exchange=keystone
#
# Options defined in keystone.notifications
#
# Default publisher_id for outgoing notifications (string
# value)
#default_publisher_id=<None>
#
# Options defined in keystone.openstack.common.eventlet_backdoor
#
# Enable eventlet backdoor. Acceptable values are 0, <port>,
# and <start>:<end>, where 0 results in listening on a random
# tcp port number; <port> results in listening on the
# specified port number (and not enabling backdoor if that
# port is in use); and <start>:<end> results in listening on
# the smallest unused port number within the specified range
# of port numbers. The chosen port is displayed in the
# service's log file. (string value)
#backdoor_port=<None>
#
# Options defined in keystone.openstack.common.log
#
# Print debugging output (set logging level to DEBUG instead
# of default WARNING level). (boolean value)
#debug=false
# Print more verbose output (set logging level to INFO instead
# of default WARNING level). (boolean value)
#verbose=false
# Log output to standard error. (boolean value)
#use_stderr=true
# Format string to use for log messages with context. (string
# value)
#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%
(message)s
# Format string to use for log messages without context.
# (string value)
#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %
34 1
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
(levelname)s %(name)s [-] %(instance)s%(message)s
# Data to append to log format when level is DEBUG. (string
# value)
#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d
# Prefix each line of exception output with this format.
# (string value)
#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %
(name)s %(instance)s
# List of logger=LEVEL pairs. (list value)
#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalch
emy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.u
rllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN
,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
# Enables or disables publication of error events. (boolean
# value)
#publish_errors=false
# Enables or disables fatal status of deprecations. (boolean
# value)
#fatal_deprecations=false
# The format for an instance that is passed with the log
# message. (string value)
#instance_format="[instance: %(uuid)s] "
# The format for an instance UUID that is passed with the log
# message. (string value)
#instance_uuid_format="[instance: %(uuid)s] "
# The name of a logging configuration file. This file is
# appended to any existing logging configuration files. For
# details about logging configuration files, see the Python
# logging module documentation. (string value)
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append=<None>
# DEPRECATED. A logging.Formatter log message format string
# which may use any of the available logging.LogRecord
# attributes. This option is deprecated. Please use
# logging_context_format_string and
# logging_default_format_string instead. (string value)
#log_format=<None>
# Format string for %%(asctime)s in log records. Default:
# %(default)s . (string value)
#log_date_format=%Y-%m-%d %H:%M:%S
# (Optional) Name of log file to output to. If no default is
# set, logging will go to stdout. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file=<None>
34 2
CHAPT ER 5. IDENT IT Y SERVICE
# (Optional) The base directory used for relative --log-file
# paths. (string value)
# Deprecated group/name - [DEFAULT]/logdir
#log_dir=<None>
# Use syslog for logging. Existing syslog format is DEPRECATED
# during I, and will change in J to honor RFC5424. (boolean
# value)
#use_syslog=false
# (Optional) Enables or disables syslog rfc5424 format for
# logging. If enabled, prefixes the MSG part of the syslog
# message with APP-NAME (RFC5424). The format without the APP# NAME is deprecated in I, and will be removed in J. (boolean
# value)
#use_syslog_rfc_format=false
# Syslog facility to receive log lines. (string value)
#syslog_log_facility=LOG_USER
#
# Options defined in keystone.openstack.common.policy
#
# The JSON file that defines policies. (string value)
#policy_file=policy.json
# Default rule. Enforced when a requested rule is not found.
# (string value)
#policy_default_rule=default
[assignment]
#
# Options defined in keystone
#
# Assignment backend driver. (string value)
#driver=<None>
# Toggle for assignment caching. This has no effect unless
# global caching is enabled. (boolean value)
#caching=true
# TTL (in seconds) to cache assignment data. This has no
# effect unless global caching is enabled. (integer value)
#cache_time=<None>
# Maximum number of entities that will be returned in an
# assignment collection. (integer value)
#list_limit=<None>
[auth]
34 3
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#
# Options defined in keystone
#
# Default auth methods. (list value)
#methods=external,password,token
# The password auth plugin module. (string value)
#password=keystone.auth.plugins.password.Password
# The token auth plugin module. (string value)
#token=keystone.auth.plugins.token.Token
# The external (REMOTE_USER) auth plugin module. (string
# value)
#external=keystone.auth.plugins.external.DefaultDomain
[cache]
#
# Options defined in keystone
#
# Prefix for building the configuration dictionary for the
# cache region. This should not need to be changed unless
# there is another dogpile.cache region with the same
# configuration name. (string value)
#config_prefix=cache.keystone
# Default TTL, in seconds, for any cached item in the
# dogpile.cache region. This applies to any cached method that
# doesn't have an explicit cache expiration time defined for
# it. (integer value)
#expiration_time=600
# Dogpile.cache backend module. It is recommended that
# Memcache with pooling (keystone.cache.memcache_pool) or
# Redis (dogpile.cache.redis) be used in production
# deployments. Small workloads (single process) like devstack
# can use the dogpile.cache.memory backend. (string value)
#backend=keystone.common.cache.noop
# Arguments supplied to the backend module. Specify this
# option once per argument to be passed to the dogpile.cache
# backend. Example format: "<argname>:<value>". (multi valued)
#backend_argument=
# Proxy classes to import that will affect the way the
# dogpile.cache backend functions. See the dogpile.cache
# documentation on changing-backend-behavior. (list value)
#proxies=
# Global toggle for all caching using the should_cache_fn
# mechanism. (boolean value)
34 4
CHAPT ER 5. IDENT IT Y SERVICE
#enabled=false
# Extra debugging from the cache backend (cache keys,
# get/set/delete/etc calls). This is only really useful if you
# need to see the specific cache-backend get/set/delete calls
# with the keys/values. Typically this should be left set to
# false. (boolean value)
#debug_cache_backend=false
# Memcache servers in the format of "host:port".
# (dogpile.cache.memcache and keystone.cache.memcache_pool
# backends only) (list value)
#memcache_servers=localhost:11211
# Number of seconds memcached server is considered dead before
# it is tried again. (dogpile.cache.memcache and
# keystone.cache.memcache_pool backends only) (integer value)
#memcache_dead_retry=300
# Timeout in seconds for every call to a server.
# (dogpile.cache.memcache and keystone.cache.memcache_pool
# backends only) (integer value)
#memcache_socket_timeout=3
# Max total number of open connections to every memcached
# server. (keystone.cache.memcache_pool backend only) (integer
# value)
#memcache_pool_maxsize=10
# Number of seconds a connection to memcached is held unused
# in the pool before it is closed.
# (keystone.cache.memcache_pool backend only) (integer value)
#memcache_pool_unused_timeout=60
# Number of seconds that an operation will wait to get a
# memcache client connection. (integer value)
#memcache_pool_connection_get_timeout=10
[catalog]
#
# Options defined in keystone
#
# Catalog template file name for use with the template catalog
# backend. (string value)
#template_file=default_catalog.templates
# Catalog backend driver. (string value)
#driver=keystone.catalog.backends.sql.Catalog
# Toggle for catalog caching. This has no effect unless global
# caching is enabled. (boolean value)
#caching=true
34 5
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Time to cache catalog data (in seconds). This has no effect
# unless global and catalog caching are enabled. (integer
# value)
#cache_time=<None>
# Maximum number of entities that will be returned in a
# catalog collection. (integer value)
#list_limit=<None>
# (Deprecated) List of possible substitutions for use in
# formatting endpoints. Use caution when modifying this list.
# It will give users with permission to create endpoints the
# ability to see those values in your configuration file. This
# option will be removed in Juno. (list value)
#endpoint_substitution_whitelist=tenant_id,user_id,public_bind_host,ad
min_bind_host,compute_host,compute_port,admin_port,public_port,public
_endpoint,admin_endpoint
[credential]
#
# Options defined in keystone
#
# Credential backend driver. (string value)
#driver=keystone.credential.backends.sql.Credential
[database]
#
# Options defined in oslo.db
#
# The file name to use with SQLite. (string value)
#sqlite_db=oslo.sqlite
# If True, SQLite uses synchronous mode. (boolean value)
#sqlite_synchronous=true
# The back end to use for the database. (string value)
# Deprecated group/name - [DEFAULT]/db_backend
#backend=sqlalchemy
# The SQLAlchemy connection string to use to connect to the
# database. (string value)
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection=<None>
# The SQLAlchemy connection string to use to connect to the
# slave database. (string value)
#slave_connection=<None>
34 6
CHAPT ER 5. IDENT IT Y SERVICE
# The SQL mode to be used for MySQL sessions. This option,
# including the default, overrides any server-set SQL mode. To
# use whatever SQL mode is set by the server configuration,
# set this to no value. Example: mysql_sql_mode= (string
# value)
#mysql_sql_mode=TRADITIONAL
# Timeout before idle SQL
# value)
# Deprecated group/name # Deprecated group/name # Deprecated group/name #idle_timeout=3600
connections are reaped. (integer
[DEFAULT]/sql_idle_timeout
[DATABASE]/sql_idle_timeout
[sql]/idle_timeout
# Minimum number of SQL connections to keep open in a pool.
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
# Deprecated group/name - [DATABASE]/sql_min_pool_size
#min_pool_size=1
# Maximum number of SQL connections to keep open in a pool.
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size=<None>
# Maximum db connection retries during startup. Set to -1 to
# specify an infinite retry count. (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_retries
# Deprecated group/name - [DATABASE]/sql_max_retries
#max_retries=10
# Interval between retries of opening a SQL connection.
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_retry_interval
# Deprecated group/name - [DATABASE]/reconnect_interval
#retry_interval=10
# If set, use this value for max_overflow with SQLAlchemy.
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
#max_overflow=<None>
# Verbosity of SQL debugging information: 0=None,
# 100=Everything. (integer value)
# Deprecated group/name - [DEFAULT]/sql_connection_debug
#connection_debug=0
# Add Python stack traces to SQL as comment strings. (boolean
# value)
# Deprecated group/name - [DEFAULT]/sql_connection_trace
#connection_trace=false
# If set, use this value for pool_timeout with SQLAlchemy.
# (integer value)
34 7
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
#pool_timeout=<None>
# Enable the experimental use of database reconnect on
# connection lost. (boolean value)
#use_db_reconnect=false
# Seconds between database connection retries. (integer value)
#db_retry_interval=1
# If True, increases the interval between database connection
# retries up to db_max_retry_interval. (boolean value)
#db_inc_retry_interval=true
# If db_inc_retry_interval is set, the maximum seconds between
# database connection retries. (integer value)
#db_max_retry_interval=10
# Maximum database connection retries before error is raised.
# Set to -1 to specify an infinite retry count. (integer
# value)
#db_max_retries=20
[ec2]
#
# Options defined in keystone
#
# EC2Credential backend driver. (string value)
#driver=keystone.contrib.ec2.backends.kvs.Ec2
[endpoint_filter]
#
# Options defined in keystone
#
# Endpoint Filter backend driver (string value)
#driver=keystone.contrib.endpoint_filter.backends.sql.EndpointFilter
# Toggle to return all active endpoints if no filter exists.
# (boolean value)
#return_all_endpoints_if_no_filter=true
[endpoint_policy]
#
# Options defined in keystone
#
# Endpoint policy backend driver (string value)
#driver=keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy
34 8
CHAPT ER 5. IDENT IT Y SERVICE
[federation]
#
# Options defined in keystone
#
# Federation backend driver. (string value)
#driver=keystone.contrib.federation.backends.sql.Federation
# Value to be used when filtering assertion parameters from
# the environment. (string value)
#assertion_prefix=
[identity]
#
# Options defined in keystone
#
# This references the domain to use for all Identity API v2
# requests (which are not aware of domains). A domain with
# this ID will be created for you by keystone-manage db_sync
# in migration 008. The domain referenced by this ID cannot be
# deleted on the v3 API, to prevent accidentally breaking the
# v2 API. There is nothing special about this domain, other
# than the fact that it must exist to order to maintain
# support for your v2 clients. (string value)
#default_domain_id=default
# A subset (or all) of domains can have their own identity
# driver, each with their own partial configuration file in a
# domain configuration directory. Only values specific to the
# domain need to be placed in the domain specific
# configuration file. This feature is disabled by default; set
# to true to enable. (boolean value)
#domain_specific_drivers_enabled=false
# Path for Keystone to locate the domain specific identity
# configuration files if domain_specific_drivers_enabled is
# set to true. (string value)
#domain_config_dir=/etc/keystone/domains
# Identity backend driver. (string value)
#driver=keystone.identity.backends.sql.Identity
# Maximum supported length for user passwords; decrease to
# improve performance. (integer value)
#max_password_length=4096
# Maximum number of entities that will be returned in an
# identity collection. (integer value)
#list_limit=<None>
34 9
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
[identity_mapping]
#
# Options defined in keystone
#
# Keystone Identity Mapping backend driver. (string value)
#driver=keystone.identity.mapping_backends.sql.Mapping
# Public ID generator for user and group entities. The
# Keystone identity mapper only supports generators that
# produce no more than 64 characters. (string value)
#generator=keystone.identity.id_generators.sha256.Generator
# The format of user and group IDs changed in Juno for
# backends that do not generate UUIDs (e.g. LDAP), with
# keystone providing a hash mapping to the underlying
# attribute in LDAP. By default this mapping is disabled,
# which ensures that existing IDs will not change. Even when
# the mapping is enabled by using domain specific drivers, any
# users and groups from the default domain being handled by
# LDAP will still not be mapped to ensure their IDs remain
# backward compatible. Setting this value to False will enable
# the mapping for even the default LDAP driver. It is only
# safe to do this if you do not already have assignments for
# users and groups from the default LDAP domain, and it is
# acceptable for Keystone to provide the different IDs to
# clients than it did previously. Typically this means that
# the only time you can set this value to False is when
# configuring a fresh installation. (boolean value)
#backward_compatible_ids=true
[kvs]
#
# Options defined in keystone
#
# Extra dogpile.cache backend modules to register with the
# dogpile.cache library. (list value)
#backends=
# Prefix for building the configuration dictionary for the KVS
# region. This should not need to be changed unless there is
# another dogpile.cache region with the same configuration
# name. (string value)
#config_prefix=keystone.kvs
# Toggle to disable using a key-mangling function to ensure
# fixed length keys. This is toggle-able for debugging
# purposes, it is highly recommended to always leave this set
# to true. (boolean value)
#enable_key_mangler=true
350
CHAPT ER 5. IDENT IT Y SERVICE
# Default lock timeout for distributed locking. (integer
# value)
#default_lock_timeout=5
[ldap]
#
# Options defined in keystone
#
# URL for connecting to the LDAP server. (string value)
#url=ldap://localhost
# User BindDN to query the LDAP server. (string value)
#user=<None>
# Password for the BindDN to query the LDAP server. (string
# value)
#password=<None>
# LDAP server suffix (string value)
#suffix=cn=example,cn=com
# If true, will add a dummy member to groups. This is required
# if the objectclass for groups requires the "member"
# attribute. (boolean value)
#use_dumb_member=false
# DN of the "dummy member" to use when "use_dumb_member" is
# enabled. (string value)
#dumb_member=cn=dumb,dc=nonexistent
# Delete subtrees using the subtree delete control. Only
# enable this option if your LDAP server supports subtree
# deletion. (boolean value)
#allow_subtree_delete=false
# The LDAP scope for queries, this can be either "one"
# (onelevel/singleLevel) or "sub" (subtree/wholeSubtree).
# (string value)
#query_scope=one
# Maximum results per page; a value of zero ("0") disables
# paging. (integer value)
#page_size=0
# The LDAP dereferencing option for queries. This can be
# either "never", "searching", "always", "finding" or
# "default". The "default" option falls back to using default
# dereferencing configured by your ldap.conf. (string value)
#alias_dereferencing=default
# Sets the LDAP debugging level for LDAP calls. A value of 0
# means that debugging is not enabled. This value is a
# bitmask, consult your LDAP documentation for possible
351
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# values. (integer value)
#debug_level=<None>
# Override the system's default referral chasing behavior for
# queries. (boolean value)
#chase_referrals=<None>
# Search base for users. (string value)
#user_tree_dn=<None>
# LDAP search filter for users. (string value)
#user_filter=<None>
# LDAP objectclass for users. (string value)
#user_objectclass=inetOrgPerson
# LDAP attribute mapped to user id. WARNING: must not be a
# multivalued attribute. (string value)
#user_id_attribute=cn
# LDAP attribute mapped to user name. (string value)
#user_name_attribute=sn
# LDAP attribute mapped to user email. (string value)
#user_mail_attribute=mail
# LDAP attribute mapped to password. (string value)
#user_pass_attribute=userPassword
# LDAP attribute mapped to user enabled flag. (string value)
#user_enabled_attribute=enabled
# Invert the meaning of the boolean enabled values. Some LDAP
# servers use a boolean lock attribute where "true" means an
# account is disabled. Setting "user_enabled_invert = true"
# will allow these lock attributes to be used. This setting
# will have no effect if "user_enabled_mask" or
# "user_enabled_emulation" settings are in use. (boolean
# value)
#user_enabled_invert=false
# Bitmask integer to indicate the bit that the enabled value
# is stored in if the LDAP server represents "enabled" as a
# bit on an integer rather than a boolean. A value of "0"
# indicates the mask is not used. If this is not set to "0"
# the typical value is "2". This is typically used when
# "user_enabled_attribute = userAccountControl". (integer
# value)
#user_enabled_mask=0
#
#
#
#
#
#
352
Default value to enable users. This should match an
appropriate int value if the LDAP server uses non-boolean
(bitmask) values to indicate if a user is enabled or
disabled. If this is not set to "True" the typical value is
"512". This is typically used when "user_enabled_attribute =
userAccountControl". (string value)
CHAPT ER 5. IDENT IT Y SERVICE
#user_enabled_default=True
# List of attributes stripped off the user on update. (list
# value)
#user_attribute_ignore=default_project_id,tenants
# LDAP attribute mapped to default_project_id for users.
# (string value)
#user_default_project_id_attribute=<None>
# Allow user creation in LDAP backend. (boolean value)
#user_allow_create=true
# Allow user updates in LDAP backend. (boolean value)
#user_allow_update=true
# Allow user deletion in LDAP backend. (boolean value)
#user_allow_delete=true
# If true, Keystone uses an alternative method to determine if
# a user is enabled or not by checking if they are a member of
# the "user_enabled_emulation_dn" group. (boolean value)
#user_enabled_emulation=false
# DN of the group entry to hold enabled users when using
# enabled emulation. (string value)
#user_enabled_emulation_dn=<None>
# List of additional LDAP attributes used for mapping
# additional attribute mappings for users. Attribute mapping
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
# attribute in the LDAP entry and user_attr is the Identity
# API attribute. (list value)
#user_additional_attribute_mapping=
# Search base for projects (string value)
# Deprecated group/name - [ldap]/tenant_tree_dn
#project_tree_dn=<None>
# LDAP search filter for projects. (string value)
# Deprecated group/name - [ldap]/tenant_filter
#project_filter=<None>
# LDAP objectclass for projects. (string value)
# Deprecated group/name - [ldap]/tenant_objectclass
#project_objectclass=groupOfNames
# LDAP attribute mapped to project id. (string value)
# Deprecated group/name - [ldap]/tenant_id_attribute
#project_id_attribute=cn
# LDAP attribute mapped to project membership for user.
# (string value)
# Deprecated group/name - [ldap]/tenant_member_attribute
#project_member_attribute=member
353
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# LDAP attribute mapped to project name. (string value)
# Deprecated group/name - [ldap]/tenant_name_attribute
#project_name_attribute=ou
# LDAP attribute mapped to project description. (string value)
# Deprecated group/name - [ldap]/tenant_desc_attribute
#project_desc_attribute=description
# LDAP attribute mapped to project enabled. (string value)
# Deprecated group/name - [ldap]/tenant_enabled_attribute
#project_enabled_attribute=enabled
# LDAP attribute mapped to project domain_id. (string value)
# Deprecated group/name - [ldap]/tenant_domain_id_attribute
#project_domain_id_attribute=businessCategory
# List of attributes stripped off the project on update. (list
# value)
# Deprecated group/name - [ldap]/tenant_attribute_ignore
#project_attribute_ignore=
# Allow project creation in LDAP backend. (boolean value)
# Deprecated group/name - [ldap]/tenant_allow_create
#project_allow_create=true
# Allow project update in LDAP backend. (boolean value)
# Deprecated group/name - [ldap]/tenant_allow_update
#project_allow_update=true
# Allow project deletion in LDAP backend. (boolean value)
# Deprecated group/name - [ldap]/tenant_allow_delete
#project_allow_delete=true
# If true, Keystone uses an alternative method to determine if
# a project is enabled or not by checking if they are a member
# of the "project_enabled_emulation_dn" group. (boolean value)
# Deprecated group/name - [ldap]/tenant_enabled_emulation
#project_enabled_emulation=false
# DN of the group entry to hold enabled projects when using
# enabled emulation. (string value)
# Deprecated group/name - [ldap]/tenant_enabled_emulation_dn
#project_enabled_emulation_dn=<None>
# Additional attribute mappings for projects. Attribute
# mapping format is <ldap_attr>:<user_attr>, where ldap_attr
# is the attribute in the LDAP entry and user_attr is the
# Identity API attribute. (list value)
# Deprecated group/name - [ldap]/tenant_additional_attribute_mapping
#project_additional_attribute_mapping=
# Search base for roles. (string value)
#role_tree_dn=<None>
# LDAP search filter for roles. (string value)
#role_filter=<None>
354
CHAPT ER 5. IDENT IT Y SERVICE
# LDAP objectclass for roles. (string value)
#role_objectclass=organizationalRole
# LDAP attribute mapped to role id. (string value)
#role_id_attribute=cn
# LDAP attribute mapped to role name. (string value)
#role_name_attribute=ou
# LDAP attribute mapped to role membership. (string value)
#role_member_attribute=roleOccupant
# List of attributes stripped off the role on update. (list
# value)
#role_attribute_ignore=
# Allow role creation in LDAP backend. (boolean value)
#role_allow_create=true
# Allow role update in LDAP backend. (boolean value)
#role_allow_update=true
# Allow role deletion in LDAP backend. (boolean value)
#role_allow_delete=true
# Additional attribute mappings for roles. Attribute mapping
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
# attribute in the LDAP entry and user_attr is the Identity
# API attribute. (list value)
#role_additional_attribute_mapping=
# Search base for groups. (string value)
#group_tree_dn=<None>
# LDAP search filter for groups. (string value)
#group_filter=<None>
# LDAP objectclass for groups. (string value)
#group_objectclass=groupOfNames
# LDAP attribute mapped to group id. (string value)
#group_id_attribute=cn
# LDAP attribute mapped to group name. (string value)
#group_name_attribute=ou
# LDAP attribute mapped to show group membership. (string
# value)
#group_member_attribute=member
# LDAP attribute mapped to group description. (string value)
#group_desc_attribute=description
# List of attributes stripped off the group on update. (list
# value)
355
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#group_attribute_ignore=
# Allow group creation in LDAP backend. (boolean value)
#group_allow_create=true
# Allow group update in LDAP backend. (boolean value)
#group_allow_update=true
# Allow group deletion in LDAP backend. (boolean value)
#group_allow_delete=true
# Additional attribute mappings for groups. Attribute mapping
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
# attribute in the LDAP entry and user_attr is the Identity
# API attribute. (list value)
#group_additional_attribute_mapping=
# CA certificate file path for communicating with LDAP
# servers. (string value)
#tls_cacertfile=<None>
# CA certificate directory path for communicating with LDAP
# servers. (string value)
#tls_cacertdir=<None>
# Enable TLS for communicating with LDAP servers. (boolean
# value)
#use_tls=false
# Valid options for tls_req_cert are demand, never, and allow.
# (string value)
#tls_req_cert=demand
# Enable LDAP connection pooling. (boolean value)
#use_pool=false
# Connection pool size. (integer value)
#pool_size=10
# Maximum count of reconnect trials. (integer value)
#pool_retry_max=3
# Time span in seconds to wait between two reconnect trials.
# (floating point value)
#pool_retry_delay=0.1
# Connector timeout in seconds. Value -1 indicates indefinite
# wait for response. (integer value)
#pool_connection_timeout=-1
# Connection lifetime in seconds. (integer value)
#pool_connection_lifetime=600
# Enable LDAP connection pooling for end user authentication.
# If use_pool is disabled, then this setting is meaningless
# and is not used at all. (boolean value)
356
CHAPT ER 5. IDENT IT Y SERVICE
#use_auth_pool=false
# End user auth connection pool size. (integer value)
#auth_pool_size=100
# End user auth connection lifetime in seconds. (integer
# value)
#auth_pool_connection_lifetime=60
[matchmaker_redis]
#
# Options defined in oslo.messaging
#
# Host to locate redis. (string value)
#host=127.0.0.1
# Use this port to connect to redis host. (integer value)
#port=6379
# Password for Redis server (optional). (string value)
#password=<None>
[matchmaker_ring]
#
# Options defined in oslo.messaging
#
# Matchmaker ring file (JSON). (string value)
# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
#ringfile=/etc/oslo/matchmaker_ring.json
[memcache]
#
# Options defined in keystone
#
# Memcache servers in the format of "host:port". (list value)
#servers=localhost:11211
# Number of seconds memcached server is considered dead before
# it is tried again. This is used by the key value store
# system (e.g. token pooled memcached persistence backend).
# (integer value)
#dead_retry=300
# Timeout in seconds for every call to a server. This is used
# by the key value store system (e.g. token pooled memcached
# persistence backend). (integer value)
#socket_timeout=3
357
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Max total number of open connections to every memcached
# server. This is used by the key value store system (e.g.
# token pooled memcached persistence backend). (integer value)
#pool_maxsize=10
# Number of seconds a connection to memcached is held unused
# in the pool before it is closed. This is used by the key
# value store system (e.g. token pooled memcached persistence
# backend). (integer value)
#pool_unused_timeout=60
# Number of seconds that an operation will wait to get a
# memcache client connection. This is used by the key value
# store system (e.g. token pooled memcached persistence
# backend). (integer value)
#pool_connection_get_timeout=10
[oauth1]
#
# Options defined in keystone
#
# Credential backend driver. (string value)
#driver=keystone.contrib.oauth1.backends.sql.OAuth1
# Duration (in seconds) for the OAuth Request Token. (integer
# value)
#request_token_duration=28800
# Duration (in seconds) for the OAuth Access Token. (integer
# value)
#access_token_duration=86400
[os_inherit]
#
# Options defined in keystone
#
# role-assignment inheritance to projects from owning domain
# can be optionally enabled. (boolean value)
#enabled=false
[paste_deploy]
#
# Options defined in keystone
#
# Name of the paste configuration file that defines the
# available pipelines. (string value)
358
CHAPT ER 5. IDENT IT Y SERVICE
#config_file=keystone-paste.ini
[policy]
#
# Options defined in keystone
#
# Policy backend driver. (string value)
#driver=keystone.policy.backends.sql.Policy
# Maximum number of entities that will be returned in a policy
# collection. (integer value)
#list_limit=<None>
[revoke]
#
# Options defined in keystone
#
# An implementation of the backend for persisting revocation
# events. (string value)
#driver=keystone.contrib.revoke.backends.kvs.Revoke
# This value (calculated in seconds) is added to token
# expiration before a revocation event may be removed from the
# backend. (integer value)
#expiration_buffer=1800
# Toggle for revocation event caching. This has no effect
# unless global caching is enabled. (boolean value)
#caching=true
[saml]
#
# Options defined in keystone
#
# Default TTL, in seconds, for any generated SAML assertion
# created by Keystone. (integer value)
#assertion_expiration_time=3600
# Binary to be called for XML signing. Install the appropriate
# package, specify absolute path or adjust your PATH
# environment variable if the binary cannot be found. (string
# value)
#xmlsec1_binary=xmlsec1
# Path of the certfile for SAML signing. For non-production
# environments, you may be interested in using `keystone# manage pki_setup` to generate self-signed certificates.
359
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Note, the path cannot contain a comma. (string value)
#certfile=/etc/keystone/ssl/certs/signing_cert.pem
# Path of the keyfile for SAML signing. Note, the path cannot
# contain a comma. (string value)
#keyfile=/etc/keystone/ssl/private/signing_key.pem
# Entity ID value for unique Identity Provider identification.
# Usually FQDN is set with a suffix. A value is required to
# generate IDP Metadata. For example:
# https://keystone.example.com/v3/OS-FEDERATION/saml2/idp
# (string value)
#idp_entity_id=<None>
# Identity Provider Single-Sign-On service value, required in
# the Identity Provider's metadata. A value is required to
# generate IDP Metadata. For example:
# https://keystone.example.com/v3/OS-FEDERATION/saml2/sso
# (string value)
#idp_sso_endpoint=<None>
# Language used by the organization. (string value)
#idp_lang=en
# Organization name the installation belongs to. (string
# value)
#idp_organization_name=<None>
# Organization name to be displayed. (string value)
#idp_organization_display_name=<None>
# URL of the organization. (string value)
#idp_organization_url=<None>
# Company of contact person. (string value)
#idp_contact_company=<None>
# Given name of contact person (string value)
#idp_contact_name=<None>
# Surname of contact person. (string value)
#idp_contact_surname=<None>
# Email address of contact person. (string value)
#idp_contact_email=<None>
# Telephone number of contact person. (string value)
#idp_contact_telephone=<None>
# Contact type. Allowed values are: technical, support,
# administrative billing, and other (string value)
#idp_contact_type=other
# Path to the Identity Provider Metadata file. This file
# should be generated with the keystone-manage
# saml_idp_metadata command. (string value)
360
CHAPT ER 5. IDENT IT Y SERVICE
#idp_metadata_path=/etc/keystone/saml2_idp_metadata.xml
[signing]
#
# Options defined in keystone
#
# Deprecated in favor of provider in the [token] section.
# (string value)
#token_format=<None>
# Path of the certfile for token signing. For non-production
# environments, you may be interested in using `keystone# manage pki_setup` to generate self-signed certificates.
# (string value)
#certfile=/etc/keystone/ssl/certs/signing_cert.pem
# Path of the keyfile for token signing. (string value)
#keyfile=/etc/keystone/ssl/private/signing_key.pem
# Path of the CA for token signing. (string value)
#ca_certs=/etc/keystone/ssl/certs/ca.pem
# Path of the CA key for token signing. (string value)
#ca_key=/etc/keystone/ssl/private/cakey.pem
# Key size (in bits) for token signing cert (auto generated
# certificate). (integer value)
#key_size=2048
# Days the token signing cert is valid for (auto generated
# certificate). (integer value)
#valid_days=3650
# Certificate subject (auto generated certificate) for token
# signing. (string value)
#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com
[ssl]
#
# Options defined in keystone
#
# Toggle for SSL support on the Keystone eventlet servers.
# (boolean value)
#enable=false
# Path of the certfile for SSL. For non-production
# environments, you may be interested in using `keystone# manage ssl_setup` to generate self-signed certificates.
# (string value)
#certfile=/etc/keystone/ssl/certs/keystone.pem
361
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Path of the keyfile for SSL. (string value)
#keyfile=/etc/keystone/ssl/private/keystonekey.pem
# Path of the ca cert file for SSL. (string value)
#ca_certs=/etc/keystone/ssl/certs/ca.pem
# Path of the CA key file for SSL. (string value)
#ca_key=/etc/keystone/ssl/private/cakey.pem
# Require client certificate. (boolean value)
#cert_required=false
# SSL key length (in bits) (auto generated certificate).
# (integer value)
#key_size=1024
# Days the certificate is valid for once signed (auto
# generated certificate). (integer value)
#valid_days=3650
# SSL certificate subject (auto generated certificate).
# (string value)
#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost
[stats]
#
# Options defined in keystone
#
# Stats backend driver. (string value)
#driver=keystone.contrib.stats.backends.kvs.Stats
[token]
#
# Options defined in keystone
#
# External auth mechanisms that should add bind information to
# token, e.g., kerberos,x509. (list value)
#bind=
# Enforcement policy on tokens presented to Keystone with bind
# information. One of disabled, permissive, strict, required
# or a specifically required bind mode, e.g., kerberos or x509
# to require binding to that authentication. (string value)
#enforce_token_bind=permissive
# Amount of time a token should remain valid (in seconds).
# (integer value)
#expiration=3600
362
CHAPT ER 5. IDENT IT Y SERVICE
# Controls the token construction, validation, and revocation
# operations. Core providers are
# "keystone.token.providers.[pkiz|pki|uuid].Provider". The
# default provider is uuid. (string value)
#provider=<None>
# Token persistence backend driver. (string value)
#driver=keystone.token.persistence.backends.sql.Token
# Toggle for token system caching. This has no effect unless
# global caching is enabled. (boolean value)
#caching=true
# Time to cache the revocation list and the revocation events
# if revoke extension is enabled (in seconds). This has no
# effect unless global and token caching are enabled. (integer
# value)
#revocation_cache_time=3600
# Time to cache tokens (in seconds). This has no effect unless
# global and token caching are enabled. (integer value)
#cache_time=<None>
# Revoke token by token identifier. Setting revoke_by_id to
# true enables various forms of enumerating tokens, e.g. `list
# tokens for user`. These enumerations are processed to
# determine the list of tokens to revoke. Only disable if you
# are switching to using the Revoke extension with a backend
# other than KVS, which stores events in memory. (boolean
# value)
#revoke_by_id=true
# The hash algorithm to use for PKI tokens. This can be set to
# any algorithm that hashlib supports. WARNING: Before
# changing this value, the auth_token middleware must be
# configured with the hash_algorithms, otherwise token
# revocation will not be processed correctly. (string value)
#hash_algorithm=md5
[trust]
#
# Options defined in keystone
#
# Delegation and impersonation features can be optionally
# disabled. (boolean value)
#enabled=true
# Trust backend driver. (string value)
#driver=keystone.trust.backends.sql.Trust
363
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
5.3.2. keyst one-past e.ini
Use the keysto ne-paste. i ni file to configure the Web Service Gateway Interface (WSGI)
middleware pipeline for the Identity service.
# Keystone PasteDeploy configuration file.
[filter:debug]
paste.filter_factory = keystone.common.wsgi:Debug.factory
[filter:build_auth_context]
paste.filter_factory =
keystone.middleware:AuthContextMiddleware.factory
[filter:token_auth]
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
[filter:admin_token_auth]
paste.filter_factory =
keystone.middleware:AdminTokenAuthMiddleware.factory
[filter:xml_body]
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
[filter:xml_body_v2]
paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV2.factory
[filter:xml_body_v3]
paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV3.factory
[filter:json_body]
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
[filter:user_crud_extension]
paste.filter_factory =
keystone.contrib.user_crud:CrudExtension.factory
[filter:crud_extension]
paste.filter_factory =
keystone.contrib.admin_crud:CrudExtension.factory
[filter:ec2_extension]
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
[filter:ec2_extension_v3]
paste.filter_factory = keystone.contrib.ec2:Ec2ExtensionV3.factory
[filter:federation_extension]
paste.filter_factory =
364
CHAPT ER 5. IDENT IT Y SERVICE
keystone.contrib.federation.routers:FederationExtension.factory
[filter:oauth1_extension]
paste.filter_factory =
keystone.contrib.oauth1.routers:OAuth1Extension.factory
[filter:s3_extension]
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
[filter:endpoint_filter_extension]
paste.filter_factory =
keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.facto
ry
[filter:endpoint_policy_extension]
paste.filter_factory =
keystone.contrib.endpoint_policy.routers:EndpointPolicyExtension.facto
ry
[filter:simple_cert_extension]
paste.filter_factory =
keystone.contrib.simple_cert:SimpleCertExtension.factory
[filter:revoke_extension]
paste.filter_factory =
keystone.contrib.revoke.routers:RevokeExtension.factory
[filter:url_normalize]
paste.filter_factory = keystone.middleware:NormalizingFilter.factory
[filter:sizelimit]
paste.filter_factory =
keystone.middleware:RequestBodySizeLimiter.factory
[filter:stats_monitoring]
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
[filter:stats_reporting]
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
[filter:access_log]
paste.filter_factory =
keystone.contrib.access:AccessLogMiddleware.factory
[app:public_service]
paste.app_factory = keystone.service:public_app_factory
[app:service_v3]
paste.app_factory = keystone.service:v3_app_factory
[app:admin_service]
paste.app_factory = keystone.service:admin_app_factory
[pipeline:public_api]
# The last item in this pipeline must be public_service or an
equivalent
365
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# application. It cannot be a filter.
pipeline = sizelimit url_normalize build_auth_context token_auth
admin_token_auth xml_body_v2 json_body ec2_extension
user_crud_extension public_service
[pipeline:admin_api]
# The last item in this pipeline must be admin_service or an
equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize build_auth_context token_auth
admin_token_auth xml_body_v2 json_body ec2_extension s3_extension
crud_extension admin_service
[pipeline:api_v3]
# The last item in this pipeline must be service_v3 or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize build_auth_context token_auth
admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension
simple_cert_extension revoke_extension service_v3
[app:public_version_service]
paste.app_factory = keystone.service:public_version_app_factory
[app:admin_version_service]
paste.app_factory = keystone.service:admin_version_app_factory
[pipeline:public_version_api]
pipeline = sizelimit url_normalize xml_body public_version_service
[pipeline:admin_version_api]
pipeline = sizelimit url_normalize xml_body admin_version_service
[composite:main]
use = egg:Paste#urlmap
/v2.0 = public_api
/v3 = api_v3
/ = public_version_api
[composite:admin]
use = egg:Paste#urlmap
/v2.0 = admin_api
/v3 = api_v3
/ = admin_version_api
5.3.3. logging.conf
You can specify a special logging configuration file in the keysto ne. co nf configuration
file. For example, /etc/keysto ne/l o g g i ng . co nf.
For details, see the (Python logging module documentation).
366
CHAPT ER 5. IDENT IT Y SERVICE
[loggers]
keys=root,access
[handlers]
keys=production,file,access_file,devel
[formatters]
keys=minimal,normal,debug
###########
# Loggers #
###########
[logger_root]
level=WARNING
handlers=file
[logger_access]
level=INFO
qualname=access
handlers=access_file
################
# Log Handlers #
################
[handler_production]
class=handlers.SysLogHandler
level=ERROR
formatter=normal
args=(('localhost', handlers.SYSLOG_UDP_PORT),
handlers.SysLogHandler.LOG_USER)
[handler_file]
class=handlers.WatchedFileHandler
level=WARNING
formatter=normal
args=('error.log',)
[handler_access_file]
class=handlers.WatchedFileHandler
level=INFO
formatter=minimal
args=('access.log',)
[handler_devel]
class=StreamHandler
level=NOTSET
formatter=debug
args=(sys.stdout,)
##################
# Log Formatters #
367
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
##################
[formatter_minimal]
format=%(message)s
[formatter_normal]
format=(%(name)s): %(asctime)s %(levelname)s %(message)s
[formatter_debug]
format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %
(message)s
5.3.4 . policy.json
Use the po l i cy. jso n file to define additional access controls that apply to the Identity
service.
{
"admin_required": "role:admin or is_admin:1",
"service_role": "role:service",
"service_or_admin": "rule:admin_required or rule:service_role",
"owner" : "user_id:%(user_id)s",
"admin_or_owner": "rule:admin_required or rule:owner",
"default": "rule:admin_required",
"identity:get_region": "",
"identity:list_regions": "",
"identity:create_region": "rule:admin_required",
"identity:update_region": "rule:admin_required",
"identity:delete_region": "rule:admin_required",
"identity:get_service": "rule:admin_required",
"identity:list_services": "rule:admin_required",
"identity:create_service": "rule:admin_required",
"identity:update_service": "rule:admin_required",
"identity:delete_service": "rule:admin_required",
"identity:get_endpoint": "rule:admin_required",
"identity:list_endpoints": "rule:admin_required",
"identity:create_endpoint": "rule:admin_required",
"identity:update_endpoint": "rule:admin_required",
"identity:delete_endpoint": "rule:admin_required",
"identity:get_domain": "rule:admin_required",
"identity:list_domains": "rule:admin_required",
"identity:create_domain": "rule:admin_required",
"identity:update_domain": "rule:admin_required",
"identity:delete_domain": "rule:admin_required",
"identity:get_project": "rule:admin_required",
368
CHAPT ER 5. IDENT IT Y SERVICE
"identity:list_projects": "rule:admin_required",
"identity:list_user_projects": "rule:admin_or_owner",
"identity:create_project": "rule:admin_required",
"identity:update_project": "rule:admin_required",
"identity:delete_project": "rule:admin_required",
"identity:get_user": "rule:admin_required",
"identity:list_users": "rule:admin_required",
"identity:create_user": "rule:admin_required",
"identity:update_user": "rule:admin_required",
"identity:delete_user": "rule:admin_required",
"identity:change_password": "rule:admin_or_owner",
"identity:get_group": "rule:admin_required",
"identity:list_groups": "rule:admin_required",
"identity:list_groups_for_user": "rule:admin_or_owner",
"identity:create_group": "rule:admin_required",
"identity:update_group": "rule:admin_required",
"identity:delete_group": "rule:admin_required",
"identity:list_users_in_group": "rule:admin_required",
"identity:remove_user_from_group": "rule:admin_required",
"identity:check_user_in_group": "rule:admin_required",
"identity:add_user_to_group": "rule:admin_required",
"identity:get_credential": "rule:admin_required",
"identity:list_credentials": "rule:admin_required",
"identity:create_credential": "rule:admin_required",
"identity:update_credential": "rule:admin_required",
"identity:delete_credential": "rule:admin_required",
"identity:ec2_get_credential": "rule:admin_or_owner",
"identity:ec2_list_credentials": "rule:admin_or_owner",
"identity:ec2_create_credential": "rule:admin_or_owner",
"identity:ec2_delete_credential": "rule:admin_required or
(rule:owner and user_id:%(target.credential.user_id)s)",
"identity:get_role": "rule:admin_required",
"identity:list_roles": "rule:admin_required",
"identity:create_role": "rule:admin_required",
"identity:update_role": "rule:admin_required",
"identity:delete_role": "rule:admin_required",
"identity:check_grant": "rule:admin_required",
"identity:list_grants": "rule:admin_required",
"identity:create_grant": "rule:admin_required",
"identity:revoke_grant": "rule:admin_required",
"identity:list_role_assignments": "rule:admin_required",
"identity:get_policy": "rule:admin_required",
"identity:list_policies": "rule:admin_required",
"identity:create_policy": "rule:admin_required",
"identity:update_policy": "rule:admin_required",
"identity:delete_policy": "rule:admin_required",
"identity:check_token": "rule:admin_required",
369
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
"identity:validate_token": "rule:service_or_admin",
"identity:validate_token_head": "rule:service_or_admin",
"identity:revocation_list": "rule:service_or_admin",
"identity:revoke_token": "rule:admin_or_owner",
"identity:create_trust": "user_id:%(trust.trustor_user_id)s",
"identity:get_trust": "rule:admin_or_owner",
"identity:list_trusts": "",
"identity:list_roles_for_trust": "",
"identity:check_role_for_trust": "",
"identity:get_role_for_trust": "",
"identity:delete_trust": "",
"identity:create_consumer": "rule:admin_required",
"identity:get_consumer": "rule:admin_required",
"identity:list_consumers": "rule:admin_required",
"identity:delete_consumer": "rule:admin_required",
"identity:update_consumer": "rule:admin_required",
"identity:authorize_request_token": "rule:admin_required",
"identity:list_access_token_roles": "rule:admin_required",
"identity:get_access_token_role": "rule:admin_required",
"identity:list_access_tokens": "rule:admin_required",
"identity:get_access_token": "rule:admin_required",
"identity:delete_access_token": "rule:admin_required",
"identity:list_projects_for_endpoint": "rule:admin_required",
"identity:add_endpoint_to_project": "rule:admin_required",
"identity:check_endpoint_in_project": "rule:admin_required",
"identity:list_endpoints_for_project": "rule:admin_required",
"identity:remove_endpoint_from_project": "rule:admin_required",
"identity:create_endpoint_group": "rule:admin_required",
"identity:list_endpoint_groups": "rule:admin_required",
"identity:get_endpoint_group": "rule:admin_required",
"identity:update_endpoint_group": "rule:admin_required",
"identity:delete_endpoint_group": "rule:admin_required",
"identity:list_projects_associated_with_endpoint_group":
"rule:admin_required",
"identity:list_endpoints_associated_with_endpoint_group":
"rule:admin_required",
"identity:list_endpoint_groups_for_project":
"rule:admin_required",
"identity:add_endpoint_group_to_project": "rule:admin_required",
"identity:remove_endpoint_group_from_project":
"rule:admin_required",
"identity:create_identity_provider": "rule:admin_required",
"identity:list_identity_providers": "rule:admin_required",
"identity:get_identity_providers": "rule:admin_required",
"identity:update_identity_provider": "rule:admin_required",
"identity:delete_identity_provider": "rule:admin_required",
"identity:create_protocol": "rule:admin_required",
"identity:update_protocol": "rule:admin_required",
"identity:get_protocol": "rule:admin_required",
370
CHAPT ER 5. IDENT IT Y SERVICE
"identity:list_protocols": "rule:admin_required",
"identity:delete_protocol": "rule:admin_required",
"identity:create_mapping": "rule:admin_required",
"identity:get_mapping": "rule:admin_required",
"identity:list_mappings": "rule:admin_required",
"identity:delete_mapping": "rule:admin_required",
"identity:update_mapping": "rule:admin_required",
"identity:get_auth_catalog": "",
"identity:get_auth_projects": "",
"identity:get_auth_domains": "",
"identity:list_projects_for_groups": "",
"identity:list_domains_for_groups": "",
"identity:list_revoke_events": "",
"identity:create_policy_association_for_endpoint":
"rule:admin_required",
"identity:check_policy_association_for_endpoint":
"rule:admin_required",
"identity:delete_policy_association_for_endpoint":
"rule:admin_required",
"identity:create_policy_association_for_service":
"rule:admin_required",
"identity:check_policy_association_for_service":
"rule:admin_required",
"identity:delete_policy_association_for_service":
"rule:admin_required",
"identity:create_policy_association_for_region_and_service":
"rule:admin_required",
"identity:check_policy_association_for_region_and_service":
"rule:admin_required",
"identity:delete_policy_association_for_region_and_service":
"rule:admin_required",
"identity:get_policy_for_endpoint": "rule:admin_required",
"identity:list_endpoints_for_policy": "rule:admin_required"
}
5.3.5. Domain-specific configurat ion
Identity enables you to configure domain-specific authentication drivers. For example, you
can configure a domain to have its own LD AP or SQL server.
By default, the option to configure domain-specific drivers is disabled.
To enable domain-specific drivers, set these options in [i d enti ty] section in the
keysto ne. co nf file:
[identity]
domain_specific_drivers_enabled = True
domain_config_dir = /etc/keystone/domains
371
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
When you enable domain-specific drivers, Identity looks in the d o mai n_co nfi g _d i r
directory for configuration files that are named as follows: keysto ne. DOMAIN_NAME. co nf,
where DOMAIN_NAME is the domain name.
Any options that you define in the domain-specific configuration file override options in the
primary configuration file for the specified domain. Any domain without a domain-specific
configuration file uses only the options in the primary configuration file.
5.4 . NEW, UPDAT ED AND DEPRECAT ED OPT IONS IN JUNO FOR
OPENST ACK IDENT IT Y
T ab le 5.35. N ew o p t io n s
372
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] ad min_wo rkers = No ne
(IntO p t) The numb er o f wo rker p ro c es s es to
s erve the ad min WSG I ap p lic atio n. Defaults
to numb er o f CPUs (minimum o f 2).
[DEFAULT] p ub lic _wo rkers = No ne
(IntO p t) The numb er o f wo rker p ro c es s es to
s erve the p ub lic WSG I ap p lic atio n. Defaults
to numb er o f CPUs (minimum o f 2).
[DEFAULT] s tric t_p as s wo rd _c hec k = Fals e
(Bo o lO p t) If s et to true, s tric t p as s wo rd
leng th c hec king is p erfo rmed fo r p as s wo rd
manip ulatio n. If a p as s wo rd exc eed s the
maximum leng th, the o p eratio n will fail with
an HTTP 40 3 Fo rb id d en erro r. If s et to fals e,
p as s wo rd s are auto matic ally trunc ated to the
maximum leng th.
[c ac he] memc ac he_d ead _retry = 30 0
(IntO p t) Numb er o f s ec o nd s memc ac hed
s erver is c o ns id ered d ead b efo re it is tried
ag ain. (d o g p ile.c ac he.memc ac he and
keys to ne.c ac he.memc ac he_p o o l b ac kend s
o nly)
[c ac he]
memc ac he_p o o l_c o nnec tio n_g et_timeo ut =
10
(IntO p t) Numb er o f s ec o nd s that an
o p eratio n will wait to g et a memc ac he c lient
c o nnec tio n.
[c ac he] memc ac he_p o o l_maxs iz e = 10
(IntO p t) Max to tal numb er o f o p en
c o nnec tio ns to every memc ac hed s erver.
(keys to ne.c ac he.memc ac he_p o o l b ac kend
o nly)
[c ac he] memc ac he_p o o l_unus ed _timeo ut =
60
(IntO p t) Numb er o f s ec o nd s a c o nnec tio n to
memc ac hed is held unus ed in the p o o l
b efo re it is c lo s ed .
(keys to ne.c ac he.memc ac he_p o o l b ac kend
o nly)
CHAPT ER 5. IDENT IT Y SERVICE
O p tio n = d efault value
(Typ e) Help s tring
[c ac he] memc ac he_s ervers = lo c alho s t:11211
(Lis tO p t) Memc ac he s ervers in the fo rmat o f
" ho s t:p o rt" . (d o g p ile.c ac he.memc ac he and
keys to ne.c ac he.memc ac he_p o o l b ac kend s
o nly)
[c ac he] memc ac he_s o c ket_timeo ut = 3
(IntO p t) Timeo ut in s ec o nd s fo r every c all to
a s erver. (d o g p ile.c ac he.memc ac he and
keys to ne.c ac he.memc ac he_p o o l b ac kend s
o nly)
[c atalo g ] c ac he_time = No ne
(IntO p t) Time to c ac he c atalo g d ata (in
s ec o nd s ). This has no effec t unles s g lo b al
and c atalo g c ac hing are enab led .
[c atalo g ] c ac hing = True
(Bo o lO p t) To g g le fo r c atalo g c ac hing . This
has no effec t unles s g lo b al c ac hing is
enab led .
[d atab as e] s lave_c o nnec tio n = No ne
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the s lave d atab as e.
[end p o int_p o lic y] d river =
keys to ne.c o ntrib .end p o int_p o lic y.b ac kend s .
s q l.End p o intPo lic y
(StrO p t) End p o int p o lic y b ac kend d river
373
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
374
O p tio n = d efault value
(Typ e) Help s tring
[id entity_map p ing ]
b ac kward _c o mp atib le_id s = True
(Bo o lO p t) The fo rmat o f us er and g ro up IDs
c hang ed in Juno fo r b ac kend s that d o no t
g enerate UUIDs (e.g . LDAP), with keys to ne
p ro vid ing a has h map p ing to the und erlying
attrib ute in LDAP. By d efault this map p ing is
d is ab led , whic h ens ures that exis ting IDs will
no t c hang e. Even when the map p ing is
enab led b y us ing d o main s p ec ific d rivers ,
any us ers and g ro up s fro m the d efault
d o main b eing hand led b y LDAP will s till no t
b e map p ed to ens ure their IDs remain
b ac kward c o mp atib le. Setting this value to
Fals e will enab le the map p ing fo r even the
d efault LDAP d river. It is o nly s afe to d o this
if yo u d o no t alread y have as s ig nments fo r
us ers and g ro up s fro m the d efault LDAP
d o main, and it is ac c ep tab le fo r Keys to ne to
p ro vid e the d ifferent IDs to c lients than it d id
p revio us ly. Typ ic ally this means that the o nly
time yo u c an s et this value to Fals e is when
c o nfig uring a fres h ins tallatio n.
[id entity_map p ing ] d river =
keys to ne.id entity.map p ing _b ac kend s .s q l.Ma
p p ing
(StrO p t) Keys to ne Id entity Map p ing b ac kend
d river.
[id entity_map p ing ] g enerato r =
keys to ne.id entity.id _g enerato rs .s ha256 .G en
erato r
(StrO p t) Pub lic ID g enerato r fo r us er and
g ro up entities . The Keys to ne id entity map p er
o nly s up p o rts g enerato rs that p ro d uc e no
mo re than 6 4 c harac ters .
[keys to ne_authto ken]
c hec k_revo c atio ns _fo r_c ac hed = Fals e
(Bo o lO p t) If true, the revo c atio n lis t will b e
c hec ked fo r c ac hed to kens . This req uires
that PKI to kens are c o nfig ured o n the
Keys to ne s erver.
[keys to ne_authto ken] has h_alg o rithms = md 5
(Lis tO p t) Has h alg o rithms to us e fo r has hing
PKI to kens . This may b e a s ing le alg o rithm
o r multip le. The alg o rithms are tho s e
s up p o rted b y Pytho n s tand ard has hlib .new().
The has hes will b e tried in the o rd er g iven,
s o p ut the p referred o ne firs t fo r
p erfo rmanc e. The res ult o f the firs t has h will
b e s to red in the c ac he. This will typ ic ally b e
s et to multip le values o nly while mig rating
fro m a les s s ec ure alg o rithm to a mo re
s ec ure o ne. O nc e all the o ld to kens are
exp ired this o p tio n s ho uld b e s et to a s ing le
value fo r b etter p erfo rmanc e.
CHAPT ER 5. IDENT IT Y SERVICE
O p tio n = d efault value
(Typ e) Help s tring
[keys to ne_authto ken] id entity_uri = No ne
(StrO p t) Co mp lete ad min Id entity API
end p o int. This s ho uld s p ec ify the
unvers io ned ro o t end p o int e.g .
http s ://lo c alho s t:35357/
[keys to ne_ec 2_to ken] c afile = No ne
(StrO p t) A PEM enc o d ed c ertific ate autho rity
to us e when verifying HTTPS c o nnec tio ns .
Defaults to the s ys tem CAs .
[keys to ne_ec 2_to ken] c ertfile = No ne
(StrO p t) Client c ertific ate key filename.
Req uired if EC2 s erver req uires c lient
c ertific ate.
[keys to ne_ec 2_to ken] ins ec ure = Fals e
(Bo o lO p t) Dis ab le SSL c ertific ate
verific atio n.
[keys to ne_ec 2_to ken] keyfile = No ne
(StrO p t) Req uired if EC2 s erver req uires
c lient c ertific ate.
[keys to ne_ec 2_to ken] url =
http ://lo c alho s t:50 0 0 /v2.0 /ec 2to kens
(StrO p t) URL to g et to ken fro m ec 2 req ues t.
[ld ap ] auth_p o o l_c o nnec tio n_lifetime = 6 0
(IntO p t) End us er auth c o nnec tio n lifetime in
s ec o nd s .
[ld ap ] auth_p o o l_s iz e = 10 0
(IntO p t) End us er auth c o nnec tio n p o o l s iz e.
[ld ap ] d eb ug _level = No ne
(IntO p t) Sets the LDAP d eb ug g ing level fo r
LDAP c alls . A value o f 0 means that
d eb ug g ing is no t enab led . This value is a
b itmas k, c o ns ult yo ur LDAP d o c umentatio n
fo r p o s s ib le values .
[ld ap ] p o o l_c o nnec tio n_lifetime = 6 0 0
(IntO p t) Co nnec tio n lifetime in s ec o nd s .
[ld ap ] p o o l_c o nnec tio n_timeo ut = -1
(IntO p t) Co nnec to r timeo ut in s ec o nd s .
Value -1 ind ic ates ind efinite wait fo r
res p o ns e.
[ld ap ] p o o l_retry_d elay = 0 .1
(Flo atO p t) Time s p an in s ec o nd s to wait
b etween two rec o nnec t trials .
[ld ap ] p o o l_retry_max = 3
(IntO p t) Maximum c o unt o f rec o nnec t trials .
[ld ap ] p o o l_s iz e = 10
(IntO p t) Co nnec tio n p o o l s iz e.
375
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
376
O p tio n = d efault value
(Typ e) Help s tring
[ld ap ] p ro jec t_ad d itio nal_attrib ute_map p ing
=
(Lis tO p t) Ad d itio nal attrib ute map p ing s fo r
p ro jec ts . Attrib ute map p ing fo rmat is
< ld ap _attr> :< us er_attr> , where ld ap _attr is
the attrib ute in the LDAP entry and us er_attr
is the Id entity API attrib ute.
[ld ap ] p ro jec t_allo w_c reate = True
(Bo o lO p t) Allo w p ro jec t c reatio n in LDAP
b ac kend .
[ld ap ] p ro jec t_allo w_d elete = True
(Bo o lO p t) Allo w p ro jec t d eletio n in LDAP
b ac kend .
[ld ap ] p ro jec t_allo w_up d ate = True
(Bo o lO p t) Allo w p ro jec t up d ate in LDAP
b ac kend .
[ld ap ] p ro jec t_attrib ute_ig no re =
(Lis tO p t) Lis t o f attrib utes s trip p ed o ff the
p ro jec t o n up d ate.
[ld ap ] p ro jec t_d es c _attrib ute = d es c rip tio n
(StrO p t) LDAP attrib ute map p ed to p ro jec t
d es c rip tio n.
[ld ap ] p ro jec t_d o main_id _attrib ute =
b us ines s Categ o ry
(StrO p t) LDAP attrib ute map p ed to p ro jec t
d o main_id .
[ld ap ] p ro jec t_enab led _attrib ute = enab led
(StrO p t) LDAP attrib ute map p ed to p ro jec t
enab led .
[ld ap ] p ro jec t_enab led _emulatio n = Fals e
(Bo o lO p t) If true, Keys to ne us es an
alternative metho d to d etermine if a p ro jec t is
enab led o r no t b y c hec king if they are a
memb er o f the
" p ro jec t_enab led _emulatio n_d n" g ro up .
[ld ap ] p ro jec t_enab led _emulatio n_d n =
No ne
(StrO p t) DN o f the g ro up entry to ho ld
enab led p ro jec ts when us ing enab led
emulatio n.
[ld ap ] p ro jec t_filter = No ne
(StrO p t) LDAP s earc h filter fo r p ro jec ts .
[ld ap ] p ro jec t_id _attrib ute = c n
(StrO p t) LDAP attrib ute map p ed to p ro jec t
id .
[ld ap ] p ro jec t_memb er_attrib ute = memb er
(StrO p t) LDAP attrib ute map p ed to p ro jec t
memb ers hip fo r us er.
[ld ap ] p ro jec t_name_attrib ute = o u
(StrO p t) LDAP attrib ute map p ed to p ro jec t
name.
[ld ap ] p ro jec t_o b jec tc las s = g ro up O fNames
(StrO p t) LDAP o b jec tc las s fo r p ro jec ts .
CHAPT ER 5. IDENT IT Y SERVICE
O p tio n = d efault value
(Typ e) Help s tring
[ld ap ] p ro jec t_tree_d n = No ne
(StrO p t) Searc h b as e fo r p ro jec ts
[ld ap ] us e_auth_p o o l = Fals e
(Bo o lO p t) Enab le LDAP c o nnec tio n p o o ling
fo r end us er authentic atio n. If us e_p o o l is
d is ab led , then this s etting is meaning les s
and is no t us ed at all.
[ld ap ] us e_p o o l = Fals e
(Bo o lO p t) Enab le LDAP c o nnec tio n p o o ling .
[ld ap ] us er_enab led _invert = Fals e
(Bo o lO p t) Invert the meaning o f the b o o lean
enab led values . So me LDAP s ervers us e a
b o o lean lo c k attrib ute where " true" means an
ac c o unt is d is ab led . Setting
" us er_enab led _invert = true" will allo w thes e
lo c k attrib utes to b e us ed . This s etting will
have no effec t if " us er_enab led _mas k" o r
" us er_enab led _emulatio n" s etting s are in
us e.
[memc ac he] d ead _retry = 30 0
(IntO p t) Numb er o f s ec o nd s memc ac hed
s erver is c o ns id ered d ead b efo re it is tried
ag ain. This is us ed b y the key value s to re
s ys tem (e.g . to ken p o o led memc ac hed
p ers is tenc e b ac kend ).
[memc ac he] p o o l_c o nnec tio n_g et_timeo ut =
10
(IntO p t) Numb er o f s ec o nd s that an
o p eratio n will wait to g et a memc ac he c lient
c o nnec tio n. This is us ed b y the key value
s to re s ys tem (e.g . to ken p o o led memc ac hed
p ers is tenc e b ac kend ).
[memc ac he] p o o l_maxs iz e = 10
(IntO p t) Max to tal numb er o f o p en
c o nnec tio ns to every memc ac hed s erver.
This is us ed b y the key value s to re s ys tem
(e.g . to ken p o o led memc ac hed p ers is tenc e
b ac kend ).
[memc ac he] p o o l_unus ed _timeo ut = 6 0
(IntO p t) Numb er o f s ec o nd s a c o nnec tio n to
memc ac hed is held unus ed in the p o o l
b efo re it is c lo s ed . This is us ed b y the key
value s to re s ys tem (e.g . to ken p o o led
memc ac hed p ers is tenc e b ac kend ).
[memc ac he] s o c ket_timeo ut = 3
(IntO p t) Timeo ut in s ec o nd s fo r every c all to
a s erver. This is us ed b y the key value s to re
s ys tem (e.g . to ken p o o led memc ac hed
p ers is tenc e b ac kend ).
[s aml] as s ertio n_exp iratio n_time = 36 0 0
(IntO p t) Default TTL, in s ec o nd s , fo r any
g enerated SAML as s ertio n c reated b y
Keys to ne.
377
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
378
O p tio n = d efault value
(Typ e) Help s tring
[s aml] c ertfile =
/etc /keys to ne/s s l/c erts /s ig ning _c ert.p em
(StrO p t) Path o f the c ertfile fo r SAML s ig ning .
Fo r no n-p ro d uc tio n enviro nments , yo u may
b e interes ted in us ing `keys to ne-manag e
p ki_s etup ` to g enerate s elf-s ig ned
c ertific ates . No te, the p ath c anno t c o ntain a
c o mma.
[s aml] id p _c o ntac t_c o mp any = No ne
(StrO p t) Co mp any o f c o ntac t p ers o n.
[s aml] id p _c o ntac t_email = No ne
(StrO p t) Email ad d res s o f c o ntac t p ers o n.
[s aml] id p _c o ntac t_name = No ne
(StrO p t) G iven name o f c o ntac t p ers o n
[s aml] id p _c o ntac t_s urname = No ne
(StrO p t) Surname o f c o ntac t p ers o n.
[s aml] id p _c o ntac t_telep ho ne = No ne
(StrO p t) Telep ho ne numb er o f c o ntac t
p ers o n.
[s aml] id p _c o ntac t_typ e = o ther
(StrO p t) Co ntac t typ e. Allo wed values are:
tec hnic al, s up p o rt, ad minis trative b illing , and
o ther
[s aml] id p _entity_id = No ne
(StrO p t) Entity ID value fo r uniq ue Id entity
Pro vid er id entific atio n. Us ually FQ DN is s et
with a s uffix. A value is req uired to g enerate
IDP Metad ata. Fo r examp le:
http s ://keys to ne.examp le.c o m/v3/O SFEDERATIO N/s aml2/id p
[s aml] id p _lang = en
(StrO p t) Lang uag e us ed b y the o rg aniz atio n.
[s aml] id p _metad ata_p ath =
/etc /keys to ne/s aml2_id p _metad ata.xml
(StrO p t) Path to the Id entity Pro vid er
Metad ata file. This file s ho uld b e g enerated
with the keys to ne-manag e
s aml_id p _metad ata c o mmand .
[s aml] id p _o rg aniz atio n_d is p lay_name =
No ne
(StrO p t) O rg aniz atio n name to b e d is p layed .
[s aml] id p _o rg aniz atio n_name = No ne
(StrO p t) O rg aniz atio n name the ins tallatio n
b elo ng s to .
[s aml] id p _o rg aniz atio n_url = No ne
(StrO p t) URL o f the o rg aniz atio n.
[s aml] id p _s s o _end p o int = No ne
(StrO p t) Id entity Pro vid er Sing le-Sig n-O n
s ervic e value, req uired in the Id entity
Pro vid er' s metad ata. A value is req uired to
g enerate IDP Metad ata. Fo r examp le:
http s ://keys to ne.examp le.c o m/v3/O SFEDERATIO N/s aml2/s s o
CHAPT ER 5. IDENT IT Y SERVICE
O p tio n = d efault value
(Typ e) Help s tring
[s aml] keyfile =
/etc /keys to ne/s s l/p rivate/s ig ning _key.p em
(StrO p t) Path o f the keyfile fo r SAML s ig ning .
No te, the p ath c anno t c o ntain a c o mma.
[s aml] xmls ec 1_b inary = xmls ec 1
(StrO p t) Binary to b e c alled fo r XML s ig ning .
Ins tall the ap p ro p riate p ac kag e, s p ec ify
ab s o lute p ath o r ad jus t yo ur PATH
enviro nment variab le if the b inary c anno t b e
fo und .
[to ken] has h_alg o rithm = md 5
(StrO p t) The has h alg o rithm to us e fo r PKI
to kens . This c an b e s et to any alg o rithm that
has hlib s up p o rts . WARNING : Befo re
c hang ing this value, the auth_to ken
mid d leware mus t b e c o nfig ured with the
has h_alg o rithms , o therwis e to ken revo c atio n
will no t b e p ro c es s ed c o rrec tly.
T ab le 5.36 . N ew d ef au lt valu es
O p tio n
Previo us d efault value
New d efault value
[DEFAULT]
c o ntro l_exc hang e
o p ens tac k
keys to ne
[DEFAULT]
d efault_lo g _levels
amq p =WARN,
amq p lib =WARN,
b o to =WARN, q p id =WARN,
s q lalc hemy=WARN,
s ud s =INFO , is o 8 6 0 1=WARN,
req ues ts .p ac kag es .urllib 3.c
o nnec tio np o o l=WARN
amq p =WARN,
amq p lib =WARN,
b o to =WARN, q p id =WARN,
s q lalc hemy=WARN,
s ud s =INFO ,
o s lo .mes s ag ing =INFO ,
is o 8 6 0 1=WARN,
req ues ts .p ac kag es .urllib 3.c
o nnec tio np o o l=WARN,
urllib 3.c o nnec tio np o o l=WAR
N, web s o c ket=WARN,
keys to nemid d leware=WARN,
ro utes .mid d leware=WARN,
s teved o re=WARN
[d atab as e] s q lite_d b
keys to ne.s q lite
o s lo .s q lite
[keys to ne_authto ken]
revo c atio n_c ac he_time
30 0
10
[ld ap ] us er_mail_attrib ute
email
mail
[to ken] d river
keys to ne.to ken.b ac kend s .s q l
.To ken
keys to ne.to ken.p ers is tenc e.b
ac kend s .s q l.To ken
379
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
T ab le 5.37. D ep recat ed o p t io n s
380
Dep rec ated o p tio n
New O p tio n
[ld ap ] tenant_allo w_d elete
[ld ap ] p ro jec t_allo w_d elete
[ld ap ] tenant_allo w_c reate
[ld ap ] p ro jec t_allo w_c reate
[ld ap ] tenant_o b jec tc las s
[ld ap ] p ro jec t_o b jec tc las s
[ld ap ] tenant_filter
[ld ap ] p ro jec t_filter
[ld ap ] tenant_memb er_attrib ute
[ld ap ] p ro jec t_memb er_attrib ute
[ld ap ] tenant_ad d itio nal_attrib ute_map p ing
[ld ap ] p ro jec t_ad d itio nal_attrib ute_map p ing
[ld ap ] tenant_allo w_up d ate
[ld ap ] p ro jec t_allo w_up d ate
[ld ap ] tenant_d es c _attrib ute
[ld ap ] p ro jec t_d es c _attrib ute
[ld ap ] tenant_enab led _emulatio n
[ld ap ] p ro jec t_enab led _emulatio n
[ld ap ] tenant_name_attrib ute
[ld ap ] p ro jec t_name_attrib ute
[ld ap ] tenant_attrib ute_ig no re
[ld ap ] p ro jec t_attrib ute_ig no re
[ld ap ] tenant_enab led _attrib ute
[ld ap ] p ro jec t_enab led _attrib ute
[ld ap ] tenant_id _attrib ute
[ld ap ] p ro jec t_id _attrib ute
[ld ap ] tenant_d o main_id _attrib ute
[ld ap ] p ro jec t_d o main_id _attrib ute
[ld ap ] tenant_tree_d n
[ld ap ] p ro jec t_tree_d n
[ld ap ] tenant_enab led _emulatio n_d n
[ld ap ] p ro jec t_enab led _emulatio n_d n
CHAPT ER 6 . IMAG E SERVICE
CHAPTER 6. IMAGE SERVICE
Compute relies on an external image service to store virtual machine images and maintain a
catalog of available images. By default, Compute is configured to use the OpenStack Image
Service (Glance), which is currently the only supported image service.
If your installation requires euca2ools to register new images, you must run the no vao bjectsto re service. This service provides an Amazon S3 front-end for Glance, which is
required by euca2ools.
To customize the Compute Service, use the configuration option settings documented in
Table 2.27, “ D escription of glance configuration options” and Table 2.47, “ D escription of S3
configuration options” .
You can modify many options in the OpenStack Image Service. The following tables provide
a comprehensive list.
T ab le 6 .1. D escrip t io n o f au t h o riz at io n t o ken co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[keyst one_aut ht oken]
ad mi n_passwo rd = None
(StrO p t) Keys to ne ac c o unt p as s wo rd
ad mi n_tenant_name = admin
(StrO p t) Keys to ne s ervic e ac c o unt tenant
name to valid ate us er to kens
ad mi n_to ken = None
(StrO p t) This o p tio n is d ep rec ated and may
b e remo ved in a future releas e. Sing le
s hared s ec ret with the Keys to ne
c o nfig uratio n us ed fo r b o o ts trap p ing a
Keys to ne ins tallatio n, o r o therwis e
b yp as s ing the no rmal authentic atio n
p ro c es s . This o p tio n s ho uld no t b e us ed ,
us e `ad min_us er` and `ad min_p as s wo rd `
ins tead .
ad mi n_user = None
(StrO p t) Keys to ne ac c o unt us ername
auth_ad mi n_prefi x =
(StrO p t) Prefix to p rep end at the b eg inning
o f the p ath. Dep rec ated , us e id entity_uri.
auth_ho st = 127.0.0.1
(StrO p t) Ho s t p ro vid ing the ad min Id entity
API end p o int. Dep rec ated , us e id entity_uri.
auth_po rt = 35357
(IntO p t) Po rt o f the ad min Id entity API
end p o int. Dep rec ated , us e id entity_uri.
381
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
auth_pro to co l = https
(StrO p t) Pro to c o l o f the ad min Id entity API
end p o int (http o r http s ). Dep rec ated , us e
id entity_uri.
auth_uri = None
(StrO p t) Co mp lete p ub lic Id entity API
end p o int
auth_versi o n = None
(StrO p t) API vers io n o f the ad min Id entity API
end p o int
cache = None
(StrO p t) Env key fo r the s wift c ac he
cafi l e = None
(StrO p t) A PEM enc o d ed Certific ate Autho rity
to us e when verifying HTTPs c o nnec tio ns .
Defaults to s ys tem CAs .
certfi l e = None
(StrO p t) Req uired if Keys to ne s erver
req uires c lient c ertific ate
check_revo cati o ns_fo r_cached =
(Bo o lO p t) If true, the revo c atio n lis t will b e
c hec ked fo r c ac hed to kens . This req uires
that PKI to kens are c o nfig ured o n the
Keys to ne s erver.
False
382
d el ay_auth_d eci si o n = False
(Bo o lO p t) Do no t hand le autho riz atio n
req ues ts within the mid d leware, b ut d eleg ate
the autho riz atio n d ec is io n to d o wns tream
WSG I c o mp o nents
enfo rce_to ken_bi nd = permissive
(StrO p t) Us ed to c o ntro l the us e and typ e o f
to ken b ind ing . Can b e s et to : " d is ab led " to
no t c hec k to ken b ind ing . " p ermis s ive"
(d efault) to valid ate b ind ing info rmatio n if the
b ind typ e is o f a fo rm kno wn to the s erver
and ig no re it if no t. " s tric t" like " p ermis s ive"
b ut if the b ind typ e is unkno wn the to ken will
b e rejec ted . " req uired " any fo rm o f to ken
b ind ing is need ed to b e allo wed . Finally the
name o f a b ind ing metho d that mus t b e
p res ent in to kens .
CHAPT ER 6 . IMAG E SERVICE
Configurat ion opt ion = Default value
Descript ion
hash_al g o ri thms = md5
(Lis tO p t) Has h alg o rithms to us e fo r has hing
PKI to kens . This may b e a s ing le alg o rithm
o r multip le. The alg o rithms are tho s e
s up p o rted b y Pytho n s tand ard has hlib .new().
The has hes will b e tried in the o rd er g iven,
s o p ut the p referred o ne firs t fo r
p erfo rmanc e. The res ult o f the firs t has h will
b e s to red in the c ac he. This will typ ic ally b e
s et to multip le values o nly while mig rating
fro m a les s s ec ure alg o rithm to a mo re
s ec ure o ne. O nc e all the o ld to kens are
exp ired this o p tio n s ho uld b e s et to a s ing le
value fo r b etter p erfo rmanc e.
http_co nnect_ti meo ut = None
(Bo o lO p t) Req ues t timeo ut value fo r
c o mmunic ating with Id entity API s erver.
http_req uest_max_retri es = 3
(IntO p t) Ho w many times are we trying to
rec o nnec t when c o mmunic ating with Id entity
API Server.
i d enti ty_uri = None
(StrO p t) Co mp lete ad min Id entity API
end p o int. This s ho uld s p ec ify the
unvers io ned ro o t end p o int e.g .
http s ://lo c alho s t:35357/
i ncl ud e_servi ce_catal o g = True
(Bo o lO p t) (o p tio nal) ind ic ate whether to s et
the X-Servic e-Catalo g head er. If Fals e,
mid d leware will no t as k fo r s ervic e c atalo g
o n to ken valid atio n and will no t s et the XServic e-Catalo g head er.
i nsecure = False
(Bo o lO p t) Verify HTTPS c o nnec tio ns .
keyfi l e = None
(StrO p t) Req uired if Keys to ne s erver
req uires c lient c ertific ate
memcache_secret_key = None
(StrO p t) (o p tio nal, mand ato ry if
memc ac he_s ec urity_s trateg y is d efined ) this
s tring is us ed fo r key d erivatio n.
memcache_securi ty_strateg y = None
(StrO p t) (o p tio nal) if d efined , ind ic ate
whether to ken d ata s ho uld b e authentic ated
o r authentic ated and enc ryp ted . Ac c ep tab le
values are MAC o r ENCRYPT. If MAC, to ken
d ata is authentic ated (with HMAC) in the
c ac he. If ENCRYPT, to ken d ata is enc ryp ted
and authentic ated in the c ac he. If the value is
no t o ne o f thes e o p tio ns o r emp ty,
auth_to ken will rais e an exc ep tio n o n
initializ atio n.
383
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
revo cati o n_cache_ti me = 10
(IntO p t) Determines the freq uenc y at whic h
the lis t o f revo ked to kens is retrieved fro m
the Id entity s ervic e (in s ec o nd s ). A hig h
numb er o f revo c atio n events c o mb ined with a
lo w c ac he d uratio n may s ig nific antly red uc e
p erfo rmanc e.
si g ni ng _d i r = None
(StrO p t) Direc to ry us ed to c ac he files related
to PKI to kens
to ken_cache_ti me = 300
(IntO p t) In o rd er to p revent exc es s ive effo rt
s p ent valid ating to kens , the mid d leware
c ac hes p revio us ly-s een to kens fo r a
c o nfig urab le d uratio n (in s ec o nd s ). Set to -1
to d is ab le c ac hing c o mp letely.
T ab le 6 .2. D escrip t io n o f co mmo n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
384
al l o w_ad d i ti o nal _i mag e_pro perti
es = True
(Bo o lO p t) Whether to allo w us ers to s p ec ify
imag e p ro p erties b eyo nd what the imag e
s c hema p ro vid es
api _l i mi t_max = 1000
(IntO p t) Maximum p ermis s ib le numb er o f
items that c o uld b e returned b y a req ues t
backl o g = 4096
(IntO p t) The b ac klo g value that will b e us ed
when c reating the TCP lis tener s o c ket.
bi nd _ho st = 0.0.0.0
(StrO p t) Ad d res s to b ind the s erver. Us eful
when s elec ting a p artic ular netwo rk interfac e.
bi nd _po rt = None
(IntO p t) The p o rt o n whic h the s erver will
lis ten.
d ata_api = glance.db.sqlalchemy.api
(StrO p t) Pytho n mo d ule p ath o f d ata ac c es s
API
i mag e_l o cati o n_q uo ta = 10
(IntO p t) Maximum numb er o f lo c atio ns
allo wed o n an imag e. Neg ative values
evaluate to unlimited .
i mag e_member_q uo ta = 128
(IntO p t) Maximum numb er o f imag e memb ers
p er imag e. Neg ative values evaluate to
unlimited .
CHAPT ER 6 . IMAG E SERVICE
Configurat ion opt ion = Default value
Descript ion
i mag e_pro perty_q uo ta = 128
(IntO p t) Maximum numb er o f p ro p erties
allo wed o n an imag e. Neg ative values
evaluate to unlimited .
i mag e_tag _q uo ta = 128
(IntO p t) Maximum numb er o f tag s allo wed o n
an imag e. Neg ative values evaluate to
unlimited .
l i mi t_param_d efaul t = 25
(IntO p t) Default value fo r the numb er o f items
returned b y a req ues t if no t s p ec ified
exp lic itly in the req ues t
memcached _servers = None
(Lis tO p t) Memc ac hed s ervers o r No ne fo r in
p ro c es s c ac he.
metad ata_encrypti o n_key = None
(StrO p t) Key us ed fo r enc ryp ting s ens itive
metad ata while talking to the reg is try o r
d atab as e.
metad ata_so urce_path =
(StrO p t) Path to the d irec to ry where js o n
metad ata files are s to red
/etc/glance/metadefs/
pro perty_pro tecti o n_fi l e = None
(StrO p t) The lo c atio n o f the p ro p erty
p ro tec tio n file.
pro perty_pro tecti o n_rul e_fo rmat =
(StrO p t) This c o nfig value ind ic ates whether
" ro les " o r " p o lic ies " are us ed in the p ro p erty
p ro tec tio n file.
roles
sho w_i mag e_d i rect_url = False
(Bo o lO p t) Whether to inc lud e the b ac kend
imag e s to rag e lo c atio n in imag e p ro p erties .
Revealing s to rag e lo c atio n c an b e a s ec urity
ris k, s o us e this s etting with c autio n!
user_sto rag e_q uo ta = 0
(StrO p t) Set a s ys tem wid e q uo ta fo r every
us er. This value is the to tal c ap ac ity that a
us er c an us e ac ro s s all s to rag e s ys tems . A
value o f 0 means unlimited .O p tio nal unit c an
b e s p ec ified fo r the value. Ac c ep ted units are
B, KB, MB, G B and TB rep res enting Bytes ,
Kilo Bytes , Meg aBytes , G ig aBytes and
TeraBytes res p ec tively. If no unit is s p ec ified
then Bytes is as s umed . No te that there
s ho uld no t b e any s p ac e b etween value and
unit and units are c as e s ens itive.
wo rkers = 8
(IntO p t) The numb er o f c hild p ro c es s
wo rkers that will b e c reated to s ervic e
req ues ts . The d efault will b e eq ual to the
numb er o f CPUs availab le.
385
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[glance_st ore]
o s_reg i o n_name = None
(StrO p t) Reg io n name o f this no d e
[image_format ]
co ntai ner_fo rmats = ami, ari, aki, bare,
ovf, ova
d i sk_fo rmats = ami, ari, aki, vhd, vmdk,
raw, qcow2, vdi, iso
(Lis tO p t) Sup p o rted values fo r the
' c o ntainer_fo rmat' imag e attrib ute
(Lis tO p t) Sup p o rted values fo r the
' d is k_fo rmat' imag e attrib ute
[keyst one_aut ht oken]
memcached _servers = None
(Lis tO p t) O p tio nally s p ec ify a lis t o f
memc ac hed s erver(s ) to us e fo r c ac hing . If
left und efined , to kens will ins tead b e c ac hed
in-p ro c es s .
[t ask]
eventl et_executo r_po o l _si ze =
1000
(IntO p t) Sp ec ifies the maximum numb er o f
eventlet thread s whic h c an b e s p un up b y the
eventlet b as ed tas k exec uto r to p erfo rm
exec utio n o f G lanc e tas ks .
task_executo r = eventlet
(StrO p t) Sp ec ifies whic h tas k exec uto r to b e
us ed to run the tas k s c rip ts .
task_ti me_to _l i ve = 48
(IntO p t) Time in ho urs fo r whic h a tas k lives
after, either s uc c eed ing o r failing
T ab le 6 .3. D escrip t io n o f d at ab ase co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d b_enfo rce_mysq l _charset = True
[dat abase]
386
(Bo o lO p t) DEPRECATED. TO BE REMO VED
IN THE JUNO RELEASE. Whether o r no t to
enfo rc e that all DB tab les have c hars et utf8 . If
yo ur d atab as e tab les d o no t have c hars et
utf8 yo u will need to c o nvert b efo re this
o p tio n is remo ved . This o p tio n is o nly
relevant if yo ur d atab as e eng ine is MySQ L.
CHAPT ER 6 . IMAG E SERVICE
Configurat ion opt ion = Default value
Descript ion
backend = sqlalchemy
(StrO p t) The b ac k end to us e fo r the
d atab as e.
co nnecti o n = None
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the d atab as e.
co nnecti o n_d ebug = 0
(IntO p t) Verb o s ity o f SQ L d eb ug g ing
info rmatio n: 0 =No ne, 10 0 =Everything .
co nnecti o n_trace = False
(Bo o lO p t) Ad d Pytho n s tac k trac es to SQ L
as c o mment s tring s .
d b_i nc_retry_i nterval = True
(Bo o lO p t) If True, inc reas es the interval
b etween d atab as e c o nnec tio n retries up to
d b _max_retry_interval.
d b_max_retri es = 20
(IntO p t) Maximum d atab as e c o nnec tio n
retries b efo re erro r is rais ed . Set to -1 to
s p ec ify an infinite retry c o unt.
d b_max_retry_i nterval = 10
(IntO p t) If d b _inc _retry_interval is s et, the
maximum s ec o nd s b etween d atab as e
c o nnec tio n retries .
d b_retry_i nterval = 1
(IntO p t) Sec o nd s b etween d atab as e
c o nnec tio n retries .
i d l e_ti meo ut = 3600
(IntO p t) Timeo ut b efo re id le SQ L
c o nnec tio ns are reap ed .
max_o verfl o w = None
(IntO p t) If s et, us e this value fo r
max_o verflo w with SQ LAlc hemy.
max_po o l _si ze = None
(IntO p t) Maximum numb er o f SQ L
c o nnec tio ns to keep o p en in a p o o l.
max_retri es = 10
(IntO p t) Maximum numb er o f d atab as e
c o nnec tio n retries d uring s tartup . Set to -1 to
s p ec ify an infinite retry c o unt.
mi n_po o l _si ze = 1
(IntO p t) Minimum numb er o f SQ L
c o nnec tio ns to keep o p en in a p o o l.
mysq l _sq l _mo d e = TRADITIONAL
(StrO p t) The SQ L mo d e to b e us ed fo r
MySQ L s es s io ns . This o p tio n, inc lud ing the
d efault, o verrid es any s erver-s et SQ L mo d e.
To us e whatever SQ L mo d e is s et b y the
s erver c o nfig uratio n, s et this to no value.
Examp le: mys q l_s q l_mo d e=
387
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
po o l _ti meo ut = None
(IntO p t) If s et, us e this value fo r p o o l_timeo ut
with SQ LAlc hemy.
retry_i nterval = 10
(IntO p t) Interval b etween retries o f o p ening a
SQ L c o nnec tio n.
sl ave_co nnecti o n = None
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the s lave d atab as e.
sq l i te_d b = oslo.sqlite
(StrO p t) The file name to us e with SQ Lite.
sq l i te_synchro no us = True
(Bo o lO p t) If True, SQ Lite us es s ync hro no us
mo d e.
use_d b_reco nnect = False
(Bo o lO p t) Enab le the exp erimental us e o f
d atab as e rec o nnec t o n c o nnec tio n lo s t.
T ab le 6 .4 . D escrip t io n o f f lag map p in g s co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
388
cl eanup_scrubber = False
(Bo o lO p t) A b o o lean that d etermines if the
s c rub b er s ho uld c lean up the files it us es fo r
taking d ata. O nly o ne s erver in yo ur
d ep lo yment s ho uld b e d es ig nated the
c leanup ho s t.
cl eanup_scrubber_ti me = 86400
(IntO p t) Items mus t have a mo d ified time that
is o ld er than this value in o rd er to b e
c and id ates fo r c leanup .
d el ayed _d el ete = False
(Bo o lO p t) Turn o n/o ff d elayed d elete.
i mag e_cache_d i r = None
(StrO p t) Bas e d irec to ry that the Imag e Cac he
us es .
i mag e_cache_d ri ver = sqlite
(StrO p t) The d river to us e fo r imag e c ac he
manag ement.
i mag e_cache_max_si ze = 10737418240
(IntO p t) The maximum s iz e in b ytes that the
c ac he c an us e.
i mag e_cache_sq l i te_d b = cache.db
(StrO p t) The p ath to the s q lite file d atab as e
that will b e us ed fo r imag e c ac he
manag ement.
CHAPT ER 6 . IMAG E SERVICE
Configurat ion opt ion = Default value
Descript ion
i mag e_cache_stal l _ti me = 86400
(IntO p t) The amo unt o f time to let an imag e
remain in the c ac he witho ut b eing ac c es s ed .
scrub_ti me = 0
(IntO p t) The amo unt o f time in s ec o nd s to
d elay b efo re p erfo rming a d elete.
scrubber_d atad i r =
(StrO p t) Direc to ry that the s c rub b er will us e
to trac k info rmatio n ab o ut what to d elete.
Make s ure this is s et in g lanc e-ap i.c o nf and
g lanc e-s c rub b er.c o nf.
/var/lib/glance/scrubber
T ab le 6 .5. D escrip t io n o f lo g g in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d ebug = False
(Bo o lO p t) Print d eb ug g ing o utp ut (s et
lo g g ing level to DEBUG ins tead o f d efault
WARNING level).
d efaul t_l o g _l evel s = amqp=WARN,
(Lis tO p t) Lis t o f lo g g er=LEVEL p airs .
amqplib=WARN, boto=WARN, qpid=WARN,
sqlalchemy=WARN, suds=INFO,
oslo.messaging=INFO, iso8601=WARN,
requests.packages.urllib3.connectionpool=WAR
N, urllib3.connectionpool=WARN,
websocket=WARN, keystonemiddleware=WARN,
routes.middleware=WARN, stevedore=WARN
fatal _d eprecati o ns = False
(Bo o lO p t) Enab les o r d is ab les fatal s tatus o f
d ep rec atio ns .
i nstance_fo rmat = "[instance: %(uuid)s] "
(StrO p t) The fo rmat fo r an ins tanc e that is
p as s ed with the lo g mes s ag e.
i nstance_uui d _fo rmat = "[instance: %
(StrO p t) The fo rmat fo r an ins tanc e UUID that
is p as s ed with the lo g mes s ag e.
(uuid)s] "
l o g _co nfi g _append = None
(StrO p t) The name o f a lo g g ing
c o nfig uratio n file. This file is ap p end ed to
any exis ting lo g g ing c o nfig uratio n files . Fo r
d etails ab o ut lo g g ing c o nfig uratio n files , s ee
the Pytho n lo g g ing mo d ule d o c umentatio n.
l o g _d ate_fo rmat = %Y-%m-%d
(StrO p t) Fo rmat s tring fo r % % (as c time)s in
lo g rec o rd s . Default: % (d efault)s .
%H:%M:%S
389
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
l o g _d i r = None
(StrO p t) (O p tio nal) The b as e d irec to ry us ed
fo r relative --lo g -file p aths .
l o g _fi l e = None
(StrO p t) (O p tio nal) Name o f lo g file to o utp ut
to . If no d efault is s et, lo g g ing will g o to
s td o ut.
l o g _fo rmat = None
(StrO p t) DEPRECATED. A lo g g ing .Fo rmatter
lo g mes s ag e fo rmat s tring whic h may us e
any o f the availab le lo g g ing .Lo g Rec o rd
attrib utes . This o p tio n is d ep rec ated . Pleas e
us e lo g g ing _c o ntext_fo rmat_s tring and
lo g g ing _d efault_fo rmat_s tring ins tead .
l o g g i ng _co ntext_fo rmat_stri ng =
(StrO p t) Fo rmat s tring to us e fo r lo g
mes s ag es with c o ntext.
%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [%(request_id)s %
(user_identity)s] %(instance)s%(message)s
l o g g i ng _d ebug _fo rmat_suffi x = %
(funcName)s %(pathname)s:%(lineno)d
l o g g i ng _d efaul t_fo rmat_stri ng =
%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [-] %(instance)s%
(message)s
l o g g i ng _excepti o n_prefi x = %
(asctime)s.%(msecs)03d %(process)d TRACE %
(name)s %(instance)s
390
(StrO p t) Data to ap p end to lo g fo rmat when
level is DEBUG .
(StrO p t) Fo rmat s tring to us e fo r lo g
mes s ag es witho ut c o ntext.
(StrO p t) Prefix eac h line o f exc ep tio n o utp ut
with this fo rmat.
publ i sh_erro rs = False
(Bo o lO p t) Enab les o r d is ab les p ub lic atio n
o f erro r events .
sysl o g _l o g _faci l i ty = LOG_USER
(StrO p t) Sys lo g fac ility to rec eive lo g lines .
use_std err = True
(Bo o lO p t) Lo g o utp ut to s tand ard erro r.
use_sysl o g = False
(Bo o lO p t) Us e s ys lo g fo r lo g g ing . Exis ting
s ys lo g fo rmat is DEPRECATED d uring I, and
will c hang e in J to ho no r RFC5424.
use_sysl o g _rfc_fo rmat = False
(Bo o lO p t) (O p tio nal) Enab les o r d is ab les
s ys lo g rfc 5424 fo rmat fo r lo g g ing . If
enab led , p refixes the MSG p art o f the s ys lo g
mes s ag e with APP-NAME (RFC5424). The
fo rmat witho ut the APP-NAME is d ep rec ated
in I, and will b e remo ved in J.
CHAPT ER 6 . IMAG E SERVICE
Configurat ion opt ion = Default value
Descript ion
verbo se = False
(Bo o lO p t) Print mo re verb o s e o utp ut (s et
lo g g ing level to INFO ins tead o f d efault
WARNING level).
T ab le 6 .6 . D escrip t io n o f p o licy co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
po l i cy_d efaul t_rul e = default
(StrO p t) Default rule. Enfo rc ed when a
req ues ted rule is no t fo und .
po l i cy_d i rs = ['policy.d']
(MultiStrO p t) Direc to ries where p o lic y
c o nfig uratio n files are s to red . They c an b e
relative to any d irec to ry in the s earc h p ath
d efined b y the c o nfig _d ir o p tio n, o r ab s o lute
p aths . The file d efined b y p o lic y_file mus t
exis t fo r thes e d irec to ries to b e s earc hed .
po l i cy_fi l e = policy.json
(StrO p t) The JSO N file that d efines p o lic ies .
T ab le 6 .7. D escrip t io n o f p ro f iler co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[profiler]
enabl ed = False
(Bo o lO p t) If Fals e fully d is ab le p ro filing
feature.
trace_sq l al chemy = False
(Bo o lO p t) If Fals e d o es n' t trac e SQ L
req ues ts .
T ab le 6 .8. D escrip t io n o f R ed is co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[mat chmaker_redis]
ho st = 127.0.0.1
(StrO p t) Ho s t to lo c ate red is .
391
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
passwo rd = None
(StrO p t) Pas s wo rd fo r Red is s erver
(o p tio nal).
po rt = 6379
(IntO p t) Us e this p o rt to c o nnec t to red is
ho s t.
[mat chmaker_ring]
ri ng fi l e = /etc/oslo/matchmaker_ring.json
(StrO p t) Matc hmaker ring file (JSO N).
T ab le 6 .9 . D escrip t io n o f reg ist ry co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
392
ad mi n_passwo rd = None
(StrO p t) The ad minis trato rs p as s wo rd . If
" us e_us er_to ken" is no t in effec t, then ad min
c red entials c an b e s p ec ified .
ad mi n_tenant_name = None
(StrO p t) The tenant name o f the
ad minis trative us er. If " us e_us er_to ken" is
no t in effec t, then ad min tenant name c an b e
s p ec ified .
ad mi n_user = None
(StrO p t) The ad minis trato rs us er name. If
" us e_us er_to ken" is no t in effec t, then ad min
c red entials c an b e s p ec ified .
auth_reg i o n = None
(StrO p t) The reg io n fo r the authentic atio n
s ervic e. If " us e_us er_to ken" is no t in effec t
and us ing keys to ne auth, then reg io n name
c an b e s p ec ified .
auth_strateg y = noauth
(StrO p t) The s trateg y to us e fo r
authentic atio n. If " us e_us er_to ken" is no t in
effec t, then auth s trateg y c an b e s p ec ified .
auth_url = None
(StrO p t) The URL to the keys to ne s ervic e. If
" us e_us er_to ken" is no t in effec t and us ing
keys to ne auth, then URL o f keys to ne c an b e
s p ec ified .
reg i stry_cl i ent_ca_fi l e = None
(StrO p t) The p ath to the c ertifying autho rity
c ert file to us e in SSL c o nnec tio ns to the
reg is try s erver.
CHAPT ER 6 . IMAG E SERVICE
Configurat ion opt ion = Default value
Descript ion
reg i stry_cl i ent_cert_fi l e = None
(StrO p t) The p ath to the c ert file to us e in
SSL c o nnec tio ns to the reg is try s erver.
reg i stry_cl i ent_i nsecure = False
(Bo o lO p t) When us ing SSL in c o nnec tio ns to
the reg is try s erver, d o no t req uire valid atio n
via a c ertifying autho rity.
reg i stry_cl i ent_key_fi l e = None
(StrO p t) The p ath to the key file to us e in SSL
c o nnec tio ns to the reg is try s erver.
reg i stry_cl i ent_pro to co l = http
(StrO p t) The p ro to c o l to us e fo r
c o mmunic atio n with the reg is try s erver. Either
http o r http s .
reg i stry_cl i ent_ti meo ut = 600
(IntO p t) The p erio d o f time, in s ec o nd s , that
the API s erver will wait fo r a reg is try req ues t
to c o mp lete. A value o f 0 imp lies no timeo ut.
reg i stry_ho st = 0.0.0.0
(StrO p t) Ad d res s to find the reg is try s erver.
reg i stry_po rt = 9191
(IntO p t) Po rt the reg is try s erver is lis tening
o n.
T ab le 6 .10. D escrip t io n o f t est in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
fake_rabbi t = False
(Bo o lO p t) Dep rec ated , us e
rp c _b ac kend =ko mb u+ memo ry o r
rp c _b ac kend =fake
pyd ev_wo rker_d ebug _ho st = None
(StrO p t) The ho s tname/IP o f the p yd ev
p ro c es s lis tening fo r d eb ug c o nnec tio ns
pyd ev_wo rker_d ebug _po rt = 5678
(IntO p t) The p o rt o n whic h a p yd ev p ro c es s
is lis tening fo r c o nnec tio ns .
6.1. API SET T INGS
The Image Service has two APIs: the user-facing API, and the registry API, which is for
internal requests that require access to the database.
393
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Both of the APIs currently have two major versions, v1 and v2. It is possible to run either or
both versions, by setting appropriate values of enabl e_v1_api , enabl e_v2_api ,
enabl e_v1_reg i stry and enabl e_v2_reg i stry. If the v2 API is used, running
g l ance-reg i stry is optional, as v2 of g l ance-api can connect directly to the database.
Tables of all the options used to configure the APIs, including enabling SSL and modifying
WSGI settings are found below.
T ab le 6 .11. D escrip t io n o f API co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
394
ad mi n_ro l e = admin
(StrO p t) Ro le us ed to id entify an
authentic ated us er as ad minis trato r.
al l o w_ano nymo us_access = False
(Bo o lO p t) Allo w unauthentic ated us ers to
ac c es s the API with read -o nly p rivileg es . This
o nly ap p lies when us ing Co ntextMid d leware.
enabl e_v1_api = True
(Bo o lO p t) Dep lo y the v1 O p enStac k Imag es
API.
enabl e_v1_reg i stry = True
(Bo o lO p t) Dep lo y the v1 O p enStac k Reg is try
API.
enabl e_v2_api = True
(Bo o lO p t) Dep lo y the v2 O p enStac k Imag es
API.
enabl e_v2_reg i stry = True
(Bo o lO p t) Dep lo y the v2 O p enStac k Reg is try
API.
i mag e_si ze_cap = 1099511627776
(IntO p t) Maximum s iz e o f imag e a us er c an
up lo ad in b ytes . Defaults to 10 9 9 5116 27776
b ytes (1 TB).
l o cati o n_strateg y = location_order
(StrO p t) This value s ets what s trateg y will b e
us ed to d etermine the imag e lo c atio n o rd er.
Currently two s trateg ies are p ac kag ed with
G lanc e ' lo c atio n_o rd er' and ' s to re_typ e' .
max_head er_l i ne = 16384
(IntO p t) Maximum line s iz e o f mes s ag e
head ers to b e ac c ep ted . max_head er_line
may need to b e inc reas ed when us ing larg e
to kens (typ ic ally tho s e g enerated b y the
Keys to ne v3 API with b ig s ervic e c atalo g s
CHAPT ER 6 . IMAG E SERVICE
Configurat ion opt ion = Default value
Descript ion
o wner_i s_tenant = True
(Bo o lO p t) When true, this o p tio n s ets the
o wner o f an imag e to b e the tenant.
O therwis e, the o wner o f the imag e will b e the
authentic ated us er is s uing the req ues t.
publ i c_end po i nt = None
(StrO p t) Pub lic url to us e fo r vers io ns
end p o int. The d efault is No ne, whic h will us e
the req ues t' s ho s t_url attrib ute to p o p ulate
the URL b as e. If G lanc e is o p erating b ehind
a p ro xy, yo u will want to c hang e this to
rep res ent the p ro xy' s URL.
send _i d enti ty_head ers = False
(Bo o lO p t) Whether to p as s thro ug h head ers
c o ntaining us er and tenant info rmatio n when
making req ues ts to the reg is try. This allo ws
the reg is try to us e the c o ntext mid d leware
witho ut keys to nemid d leware' s auth_to ken
mid d leware, remo ving c alls to the keys to ne
auth s ervic e. It is rec o mmend ed that when
us ing this o p tio n, s ec ure c o mmunic atio n
b etween g lanc e ap i and g lanc e reg is try is
ens ured b y means o ther than auth_to ken
mid d leware.
sho w_mul ti pl e_l o cati o ns = False
(Bo o lO p t) Whether to inc lud e the b ac kend
imag e lo c atio ns in imag e p ro p erties .
Revealing s to rag e lo c atio n c an b e a s ec urity
ris k, s o us e this s etting with c autio n! The
o verrid es s ho w_imag e_d irec t_url.
tcp_keepi d l e = 600
(IntO p t) The value fo r the s o c ket o p tio n
TCP_KEEPIDLE. This is the time in s ec o nd s
that the c o nnec tio n mus t b e id le b efo re TCP
s tarts s end ing keep alive p ro b es .
use_user_to ken = True
(Bo o lO p t) Whether to p as s thro ug h the us er
to ken when making req ues ts to the reg is try.
[glance_st ore]
d efaul t_sto re = file
(StrO p t) Default s c heme to us e to s to re
imag e d ata. The s c heme mus t b e reg is tered
b y o ne o f the s to res d efined b y the ' s to res '
c o nfig o p tio n.
sto res = file, http
(Lis tO p t) Lis t o f s to res enab led
[past e_deploy]
co nfi g _fi l e = None
(StrO p t) Name o f the p as te c o nfig uratio n file.
395
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
fl avo r = None
(StrO p t) Partial name o f a p ip eline in yo ur
p as te c o nfig uratio n file with the s ervic e name
remo ved . Fo r examp le, if yo ur p as te s ec tio n
name is [p ip eline:g lanc e-ap i-keys to ne] us e
the value " keys to ne"
[st ore_t ype_locat ion_st rat egy]
sto re_type_preference =
(Lis tO p t) The s to re names to us e to g et s to re
p referenc e o rd er. The name mus t b e
reg is tered b y o ne o f the s to res d efined b y
the ' kno wn_s to res ' c o nfig o p tio n. This
o p tio n will b e ap p lied when yo u us ing
' s to re_typ e' o p tio n as imag e lo c atio n
s trateg y d efined b y the ' lo c atio n_s trateg y'
c o nfig o p tio n.
T ab le 6 .12. D escrip t io n o f C A an d SSL co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ca_fi l e = None
(StrO p t) CA c ertific ate file to us e to verify
c o nnec ting c lients .
cert_fi l e = None
(StrO p t) Certific ate file to us e when s tarting
API s erver s ec urely.
key_fi l e = None
(StrO p t) Private key file to us e when s tarting
API s erver s ec urely.
6.2. CONFIGURE T HE RPC MESSAGING SYST EM
OpenStack projects use an open standard for messaging middleware known as AMQP. This
messaging middleware enables the OpenStack services that run on multiple servers to talk to
each other. The OpenStack common library project, oslo, supports two implementations of
AMQP, namely R ab b it MQ and Q p id .
The following tables contain settings to configure the messaging middleware for the Image
Service:
T ab le 6 .13. D escrip t io n o f R ab b it MQ co n f ig u rat io n o p t io n s
396
CHAPT ER 6 . IMAG E SERVICE
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ko mbu_reco nnect_d el ay = 1.0
(Flo atO p t) Ho w lo ng to wait b efo re
rec o nnec ting in res p o ns e to an AMQ P
c o ns umer c anc el no tific atio n.
ko mbu_ssl _ca_certs =
(StrO p t) SSL c ertific atio n autho rity file (valid
o nly if SSL enab led ).
ko mbu_ssl _certfi l e =
(StrO p t) SSL c ert file (valid o nly if SSL
enab led ).
ko mbu_ssl _keyfi l e =
(StrO p t) SSL key file (valid o nly if SSL
enab led ).
ko mbu_ssl _versi o n =
(StrO p t) SSL vers io n to us e (valid o nly if SSL
enab led ). valid values are TLSv1 and SSLv23.
SSLv2 and SSLv3 may b e availab le o n s o me
d is trib utio ns .
rabbi t_ha_q ueues = False
(Bo o lO p t) Us e HA q ueues in Rab b itMQ (xha-p o lic y: all). If yo u c hang e this o p tio n, yo u
mus t wip e the Rab b itMQ d atab as e.
rabbi t_ho st = localhost
(StrO p t) The Rab b itMQ b ro ker ad d res s
where a s ing le no d e is us ed .
rabbi t_ho sts = $rabbit_host:$rabbit_port
(Lis tO p t) Rab b itMQ HA c lus ter ho s t:p o rt
p airs .
rabbi t_l o g i n_metho d = AMQPLAIN
(StrO p t) The Rab b itMQ lo g in metho d .
rabbi t_max_retri es = 0
(IntO p t) Maximum numb er o f Rab b itMQ
c o nnec tio n retries . Default is 0 (infinite retry
c o unt).
rabbi t_passwo rd = guest
(StrO p t) The Rab b itMQ p as s wo rd .
rabbi t_po rt = 5672
(IntO p t) The Rab b itMQ b ro ker p o rt where a
s ing le no d e is us ed .
rabbi t_retry_backo ff = 2
(IntO p t) Ho w lo ng to b ac ko ff fo r b etween
retries when c o nnec ting to Rab b itMQ .
rabbi t_retry_i nterval = 1
(IntO p t) Ho w freq uently to retry c o nnec ting
with Rab b itMQ .
rabbi t_use_ssl = False
(Bo o lO p t) Co nnec t o ver SSL fo r Rab b itMQ .
397
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
rabbi t_useri d = guest
(StrO p t) The Rab b itMQ us erid .
rabbi t_vi rtual _ho st = /
(StrO p t) The Rab b itMQ virtual ho s t.
T ab le 6 .14 . D escrip t io n o f Q p id co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
q pi d _heartbeat = 60
(IntO p t) Sec o nd s b etween c o nnec tio n
keep alive heartb eats .
q pi d _ho stname = localhost
(StrO p t) Q p id b ro ker ho s tname.
q pi d _ho sts = $qpid_hostname:$qpid_port
(Lis tO p t) Q p id HA c lus ter ho s t:p o rt p airs .
q pi d _passwo rd =
(StrO p t) Pas s wo rd fo r Q p id c o nnec tio n.
q pi d _po rt = 5672
(IntO p t) Q p id b ro ker p o rt.
q pi d _pro to co l = tcp
(StrO p t) Trans p o rt to us e, either ' tc p ' o r
' s s l' .
q pi d _recei ver_capaci ty = 1
(IntO p t) The numb er o f p refetc hed mes s ag es
held b y rec eiver.
q pi d _sasl _mechani sms =
(StrO p t) Sp ac e s ep arated lis t o f SASL
mec hanis ms to us e fo r auth.
q pi d _tcp_no d el ay = True
(Bo o lO p t) Whether to d is ab le the Nag le
alg o rithm.
q pi d _to po l o g y_versi o n = 1
(IntO p t) The q p id to p o lo g y vers io n to us e.
Vers io n 1 is what was o rig inally us ed b y
imp l_q p id . Vers io n 2 inc lud es s o me
b ac kward s -inc o mp atib le c hang es that allo w
b ro ker fed eratio n to wo rk. Us ers s ho uld
up d ate to vers io n 2 when they are ab le to
take everything d o wn, as it req uires a c lean
b reak.
q pi d _username =
(StrO p t) Us ername fo r Q p id c o nnec tio n.
T ab le 6 .15. D escrip t io n o f AMQ P co n f ig u rat io n o p t io n s
398
CHAPT ER 6 . IMAG E SERVICE
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
amq p_auto _d el ete = False
(Bo o lO p t) Auto -d elete q ueues in AMQ P.
amq p_d urabl e_q ueues = False
(Bo o lO p t) Us e d urab le q ueues in AMQ P.
co ntro l _exchang e = openstack
(StrO p t) The d efault exc hang e und er whic h
to p ic s are s c o p ed . May b e o verrid d en b y an
exc hang e name s p ec ified in the trans p o rt_url
o p tio n.
d efaul t_publ i sher_i d =
(StrO p t) Default p ub lis her_id fo r o utg o ing
no tific atio ns .
image.localhost
no ti fi cati o n_d ri ver = []
(MultiStrO p t) Driver o r d rivers to hand le
s end ing no tific atio ns .
no ti fi cati o n_to pi cs = notifications
(Lis tO p t) AMQ P to p ic us ed fo r O p enStac k
no tific atio ns .
transpo rt_url = None
(StrO p t) A URL rep res enting the mes s ag ing
d river to us e and its full c o nfig uratio n. If no t
s et, we fall b ac k to the rp c _b ac kend o p tio n
and d river s p ec ific c o nfig uratio n.
T ab le 6 .16 . D escrip t io n o f R PC co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
al l o wed _rpc_excepti o n_mo d ul es =
openstack.common.exception,
glance.common.exception, exceptions
(Lis tO p t) Mo d ules o f exc ep tio ns that are
p ermitted to b e rec reated up o n rec eiving
exc ep tio n d ata fro m an rp c c all.
matchmaker_heartbeat_freq = 300
(IntO p t) Heartb eat freq uenc y.
matchmaker_heartbeat_ttl = 600
(IntO p t) Heartb eat time-to -live.
rpc_backend = rabbit
(StrO p t) The mes s ag ing d river to us e,
d efaults to rab b it. O ther d rivers inc lud e q p id
and z mq .
rpc_cast_ti meo ut = 30
(IntO p t) Sec o nd s to wait b efo re a c as t
exp ires (TTL). O nly s up p o rted b y imp l_z mq .
rpc_co nn_po o l _si ze = 30
(IntO p t) Siz e o f RPC c o nnec tio n p o o l.
399
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
rpc_respo nse_ti meo ut = 60
(IntO p t) Sec o nd s to wait fo r a res p o ns e fro m
a c all.
rpc_thread _po o l _si ze = 64
(IntO p t) Siz e o f RPC g reenthread p o o l.
[oslo_messaging_amqp]
al l o w_i nsecure_cl i ents = False
(Bo o lO p t) Ac c ep t c lients us ing either SSL o r
p lain TCP
bro ad cast_prefi x = broadcast
(StrO p t) ad d res s p refix us ed when
b ro ad c as ting to all s ervers
co ntai ner_name = None
(StrO p t) Name fo r the AMQ P c o ntainer
g ro up_req uest_prefi x = unicast
(StrO p t) ad d res s p refix when s end ing to any
s erver in g ro up
i d l e_ti meo ut = 0
(IntO p t) Timeo ut fo r inac tive c o nnec tio ns (in
s ec o nd s )
server_req uest_prefi x = exclusive
(StrO p t) ad d res s p refix us ed when s end ing
to a s p ec ific s erver
ssl _ca_fi l e =
(StrO p t) CA c ertific ate PEM file fo r verifing
s erver c ertific ate
ssl _cert_fi l e =
(StrO p t) Id entifying c ertific ate PEM file to
p res ent to c lients
ssl _key_fi l e =
(StrO p t) Private key PEM file us ed to s ig n
c ert_file c ertific ate
ssl _key_passwo rd = None
(StrO p t) Pas s wo rd fo r d ec ryp ting
s s l_key_file (if enc ryp ted )
trace = False
(Bo o lO p t) Deb ug : d ump AMQ P frames to
s td o ut
6.3. CONFIGURE BACK ENDS
The Image Service supports several back ends for storing virtual machine images:
OpenStack Block Storage (cinder)
A directory on a local file system
4 00
CHAPT ER 6 . IMAG E SERVICE
GridFS
Ceph RBD
Amazon S3
Sheepdog
OpenStack Object Storage (swift)
VMware ESX
The following tables detail the options available for each.
T ab le 6 .17. D escrip t io n o f cin d er co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[glance_st ore]
ci nd er_api _i nsecure = False
(Bo o lO p t) Allo w to p erfo rm ins ec ure SSL
req ues ts to c ind er
ci nd er_ca_certi fi cates_fi l e =
(StrO p t) Lo c atio n o f c a c ertic ates file to us e
fo r c ind er c lient req ues ts .
None
ci nd er_catal o g _i nfo =
volume:cinder:publicURL
(StrO p t) Info to matc h when lo o king fo r
c ind er in the s ervic e c atalo g . Fo rmat is :
s ep arated values o f the fo rm:
< s ervic e_typ e> :< s ervic e_name> :
< end p o int_typ e>
ci nd er_end po i nt_templ ate = None
(StrO p t) O verrid e s ervic e c atalo g lo o kup
with temp late fo r c ind er end p o int e.g .
http ://lo c alho s t:8 776 /v1/% (p ro jec t_id )s
ci nd er_http_retri es = 3
(IntO p t) Numb er o f c ind erc lient retries o n
failed http c alls
T ab le 6 .18. D escrip t io n o f f ilesyst em co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[glance_st ore]
fi l esystem_sto re_d atad i r = None
(StrO p t) Direc to ry to whic h the Files ys tem
b ac kend s to re writes imag es .
4 01
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
fi l esystem_sto re_d atad i rs = None
(MultiStrO p t) Lis t o f d irec to ries and its
p rio rities to whic h the Files ys tem b ac kend
s to re writes imag es .
fi l esystem_sto re_fi l e_perm = 0
(IntO p t) The req uired p ermis s io n fo r c reated
imag e file. In this way the us er o ther s ervic e
us ed , e.g . No va, who c o ns umes the imag e
c o uld b e the exc lus ive memb er o f the g ro up
that o wns the files c reated . As s ig ning it les s
then o r eq ual to z ero means d o n' t c hang e
the d efault p ermis s io n o f the file. This value
will b e d ec o d ed as an o c tal d ig it.
fi l esystem_sto re_metad ata_fi l e =
(StrO p t) The p ath to a file whic h c o ntains the
metad ata to b e returned with any lo c atio n
as s o c iated with this s to re. The file mus t
c o ntain a valid JSO N d ic t.
None
T ab le 6 .19 . D escrip t io n o f G rid FS co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[glance_st ore]
mo ng o d b_sto re_d b = None
(StrO p t) Datab as e to us e
mo ng o d b_sto re_uri = None
(StrO p t) Ho s tname o r IP ad d res s o f the
ins tanc e to c o nnec t to , o r a mo ng o d b URI,
o r a lis t o f ho s tnames / mo ng o d b URIs . If
ho s t is an IPv6 literal it mus t b e enc lo s ed in
' [' and ' ]' c harac ters fo llo wing the RFC2732
URL s yntax (e.g . ' [::1]' fo r lo c alho s t)
T ab le 6 .20. D escrip t io n o f R B D co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[glance_st ore]
rbd _sto re_ceph_co nf =
/etc/ceph/ceph.conf
4 02
(StrO p t) Cep h c o nfig uratio n file p ath. If
< No ne> , lib rad o s will lo c ate the d efault
c o nfig . If us ing c ep hx authentic atio n, this file
s ho uld inc lud e a referenc e to the rig ht
keyring in a c lient.< USER> s ec tio n
CHAPT ER 6 . IMAG E SERVICE
Configurat ion opt ion = Default value
Descript ion
rbd _sto re_chunk_si ze = 8
(IntO p t) RADO S imag es will b e c hunked into
o b jec ts o f this s iz e (in meg ab ytes ). Fo r b es t
p erfo rmanc e, this s ho uld b e a p o wer o f two .
rbd _sto re_po o l = images
(StrO p t) RADO S p o o l in whic h imag es are
s to red .
rbd _sto re_user = None
(StrO p t) RADO S us er to authentic ate as (o nly
ap p lic ab le if us ing Cep hx. If < No ne> , a
d efault will b e c ho s en b as ed o n the c lient.
s ec tio n in rb d _s to re_c ep h_c o nf)
T ab le 6 .21. D escrip t io n o f S3 co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[glance_st ore]
s3_sto re_access_key = None
(StrO p t) The S3 q uery to ken ac c es s key.
s3_sto re_bucket = None
(StrO p t) The S3 b uc ket to b e us ed to s to re
the G lanc e d ata.
s3_sto re_bucket_url _fo rmat =
(StrO p t) The S3 c alling fo rmat us ed to
d etermine the b uc ket. Either s ub d o main o r
p ath c an b e us ed .
subdomain
s3_sto re_create_bucket_o n_put =
False
(Bo o lO p t) A b o o lean to d etermine if the S3
b uc ket s ho uld b e c reated o n up lo ad if it
d o es no t exis t o r if an erro r s ho uld b e
returned to the us er.
s3_sto re_ho st = None
(StrO p t) The ho s t where the S3 s erver is
lis tening .
s3_sto re_l arg e_o bject_chunk_si ze
(IntO p t) What multip art up lo ad p art s iz e, in
MB, s ho uld S3 us e when up lo ad ing p arts .
The s iz e mus t b e g reater than o r eq ual to
5M.
= 10
s3_sto re_l arg e_o bject_si ze = 100
(IntO p t) What s iz e, in MB, s ho uld S3 s tart
c hunking imag e files and d o a multip art
up lo ad in S3.
s3_sto re_o bject_buffer_d i r = None
(StrO p t) The lo c al d irec to ry where up lo ad s
will b e s tag ed b efo re they are trans ferred
into S3.
4 03
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
s3_sto re_secret_key = None
(StrO p t) The S3 q uery to ken s ec ret key.
s3_sto re_thread _po o l s = 10
(IntO p t) The numb er o f thread p o o ls to
p erfo rm a multip art up lo ad in S3.
T ab le 6 .22. D escrip t io n o f Sh eep d o g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[glance_st ore]
sheepd o g _sto re_ad d ress = localhost
(StrO p t) IP ad d res s o f s heep d aemo n.
sheepd o g _sto re_chunk_si ze = 64
(IntO p t) Imag es will b e c hunked into o b jec ts
o f this s iz e (in meg ab ytes ). Fo r b es t
p erfo rmanc e, this s ho uld b e a p o wer o f two .
sheepd o g _sto re_po rt = 7000
(IntO p t) Po rt o f s heep d aemo n.
T ab le 6 .23. D escrip t io n o f swif t co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d efaul t_swi ft_reference = ref1
(StrO p t) The referenc e to the d efault s wift
ac c o unt/b ac king s to re p arameters to us e fo r
ad d ing new imag es .
swi ft_sto re_auth_ad d ress = None
(StrO p t) The ad d res s where the Swift
authentic atio n s ervic e is lis tening .
(d ep rec ated )
swi ft_sto re_co nfi g _fi l e = None
(StrO p t) The c o nfig file that has the s wift
ac c o unt(s )c o nfig s .
swi ft_sto re_key = None
(StrO p t) Auth key fo r the us er authentic ating
ag ains t the Swift authentic atio n s ervic e.
(d ep rec ated )
swi ft_sto re_user = None
(StrO p t) The us er to authentic ate ag ains t the
Swift authentic atio n s ervic e (d ep rec ated )
[glance_st ore]
4 04
CHAPT ER 6 . IMAG E SERVICE
Configurat ion opt ion = Default value
Descript ion
d efaul t_swi ft_reference = ref1
(StrO p t) The referenc e to the d efault s wift
ac c o unt/b ac king s to re p arameters to us e fo r
ad d ing new imag es .
swi ft_enabl e_snet = False
(Bo o lO p t) Whether to us e Servic eNET to
c o mmunic ate with the Swift s to rag e s ervers .
swi ft_sto re_ad mi n_tenants =
(Lis tO p t) A lis t o f tenants that will b e g ranted
read /write ac c es s o n all Swift c o ntainers
c reated b y G lanc e in multi-tenant mo d e.
swi ft_sto re_auth_ad d ress = None
(StrO p t) The ad d res s where the Swift
authentic atio n s ervic e is lis tening .
(d ep rec ated )
swi ft_sto re_auth_i nsecure = False
(Bo o lO p t) If True, s wiftc lient wo n' t c hec k fo r
a valid SSL c ertific ate when authentic ating .
swi ft_sto re_auth_versi o n = 2
(StrO p t) Vers io n o f the authentic atio n s ervic e
to us e. Valid vers io ns are 2 fo r keys to ne and
1 fo r s wauth and rac ks p ac e. (d ep rec ated )
swi ft_sto re_co nfi g _fi l e = None
(StrO p t) The c o nfig file that has the s wift
ac c o unt(s )c o nfig s .
swi ft_sto re_co ntai ner = glance
(StrO p t) Co ntainer within the ac c o unt that the
ac c o unt s ho uld us e fo r s to ring imag es in
Swift.
swi ft_sto re_create_co ntai ner_o n_
put = False
(Bo o lO p t) A b o o lean value that d etermines if
we c reate the c o ntainer if it d o es no t exis t.
swi ft_sto re_end po i nt_type =
(StrO p t) A s tring g iving the end p o int typ e o f
the s wift s ervic e to us e (p ub lic URL,
ad minURL o r internalURL). This s etting is
o nly us ed if s wift_s to re_auth_vers io n is 2.
publicURL
swi ft_sto re_key = None
(StrO p t) Auth key fo r the us er authentic ating
ag ains t the Swift authentic atio n s ervic e.
(d ep rec ated )
swi ft_sto re_l arg e_o bject_chunk_s
i ze = 200
(IntO p t) The amo unt o f d ata written to a
temp o rary d is k b uffer d uring the p ro c es s o f
c hunking the imag e file.
swi ft_sto re_l arg e_o bject_si ze =
(IntO p t) The s iz e, in MB, that G lanc e will s tart
c hunking imag e files and d o a larg e o b jec t
manifes t in Swift.
5120
4 05
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
swi ft_sto re_mul ti _tenant = False
(Bo o lO p t) If s et to True, enab les multi-tenant
s to rag e mo d e whic h c aus es G lanc e imag es
to b e s to red in tenant s p ec ific Swift
ac c o unts .
swi ft_sto re_reg i o n = None
(StrO p t) The reg io n o f the s wift end p o int to
b e us ed fo r s ing le tenant. This s etting is o nly
nec es s ary if the tenant has multip le s wift
end p o ints .
swi ft_sto re_retry_g et_co unt = 0
(IntO p t) The numb er o f times a Swift
d o wnlo ad will b e retried b efo re the req ues t
fails .
swi ft_sto re_servi ce_type = object-
(StrO p t) A s tring g iving the s ervic e typ e o f
the s wift s ervic e to us e. This s etting is o nly
us ed if s wift_s to re_auth_vers io n is 2.
store
swi ft_sto re_ssl _co mpressi o n = True
(Bo o lO p t) If s et to Fals e, d is ab les SSL layer
c o mp res s io n o f http s s wift req ues ts . Setting
to Fals e may imp ro ve p erfo rmanc e fo r
imag es whic h are alread y in a c o mp res s ed
fo rmat, eg q c o w2.
swi ft_sto re_user = None
(StrO p t) The us er to authentic ate ag ains t the
Swift authentic atio n s ervic e (d ep rec ated )
6.3.1. Configure vCent er dat a st ores for t he Image Service back end
To use vCenter data stores for the Image Service back end, you must update the g l anceapi . co nf file, as follows:
Add data store parameters to the VMware D atasto re Sto re O pti o ns section.
Specify vSphere as the back end.
Note
You must configure any configured Image Service data stores for the Compute
service.
You can specify vCenter data stores directly by using the data store name or Storage Policy
Based Management (SPBM), which requires vCenter Server 5.5 or later.
4 06
CHAPT ER 6 . IMAG E SERVICE
Note
If you intend to use multiple data stores for the back end, use the SPBM feature.
In the D EFAULT section, set the default_store parameter to vsphere, as shown in this
code sample:
[DEFAULT]
# Which back end scheme should Glance use by default is not specified
# in a request to add a new image to Glance? Known schemes are
determined
# by the known_stores option below.
# Default: 'file'
default_store = vsphere
The following table describes the parameters in the VMware D atasto re Sto re O pti o ns
section:
T ab le 6 .24 . D escrip t io n o f VMware co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[glance_st ore]
vmware_api _i nsecure = False
(Bo o lO p t) Allo w to p erfo rm ins ec ure SSL
req ues ts to ESX/VC.
vmware_api _retry_co unt = 10
(IntO p t) Numb er o f times VMware ESX/VC
s erver API mus t b e retried up o n c o nnec tio n
related is s ues .
vmware_d atacenter_path = ha-
(StrO p t) Invento ry p ath to a d atac enter. If the
vmware_s erver_ho s t s p ec ified is an
ESX/ESXi, the vmware_d atac enter_p ath is
o p tio nal. If s p ec ified , it s ho uld b e " had atac enter" .
datacenter
vmware_d atasto re_name = None
(StrO p t) Datas to re as s o c iated with the
d atac enter.
vmware_server_ho st = None
(StrO p t) ESX/ESXi o r vCenter Server targ et
s ys tem. The s erver value c an b e an IP
ad d res s o r a DNS name.
vmware_server_passwo rd = None
(StrO p t) Pas s wo rd fo r authentic ating with
VMware ESX/VC s erver.
vmware_server_username = None
(StrO p t) Us ername fo r authentic ating with
VMware ESX/VC s erver.
4 07
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
vmware_sto re_i mag e_d i r =
(StrO p t) The name o f the d irec to ry where the
g lanc e imag es will b e s to red in the VMware
d atas to re.
/openstack_glance
vmware_task_po l l _i nterval = 5
(IntO p t) The interval us ed fo r p o lling remo te
tas ks invo ked o n VMware ESX/VC s erver.
The following block of text shows a sample configuration:
# ============ VMware Datastore Store Options =====================
# ESX/ESXi or vCenter Server target system.
# The server value can be an IP address or a DNS name
# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com
vmware_server_host = 192.168.0.10
# Server username (string value)
vmware_server_username = ADMINISTRATOR
# Server password (string value)
vmware_server_password = password
# Inventory path to a datacenter (string value)
# Value optional when vmware_server_ip is an ESX/ESXi host: if
specified
# should be `ha-datacenter`.
vmware_datacenter_path = DATACENTER
# Datastore associated with the datacenter (string value)
vmware_datastore_name = datastore1
# PBM service WSDL file location URL. e.g.
# file:///opt/SDK/spbm/wsdl/pbmService.wsdl Not setting this
# will disable storage policy based placement of images.
# (string value)
#vmware_pbm_wsdl_location =
# The PBM policy. If `pbm_wsdl_location` is set, a PBM policy needs
# to be specified. This policy will be used to select the datastore
# in which the images will be stored.
#vmware_pbm_policy =
# The interval used for polling remote tasks
# invoked on VMware ESX/VC server in seconds (integer value)
vmware_task_poll_interval = 5
# Absolute path of the folder containing the images in the datastore
# (string value)
vmware_store_image_dir = /openstack_glance
# Allow to perform insecure SSL requests to the target system (boolean
value)
vmware_api_insecure = False
4 08
CHAPT ER 6 . IMAG E SERVICE
6.4 . IMAGE SERVICE SAMPLE CONFIGURAT ION FILES
You can find the files that are described in this section in the /etc/g l ance/ directory.
6.4 .1. glance-api.conf
The configuration file for the Image Service API is found in the g l ance-api . co nf file.
This file must be modified after installation.
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
#verbose = False
# Show debugging output in logs (sets DEBUG log level output)
#debug = False
# Which backend scheme should Glance use by default is not specified
# in a request to add a new image to Glance? Known schemes are
determined
# by the known_stores option below.
# Default: 'file'
default_store = file
# Maximum image size (in bytes) that may be uploaded through the
# Glance API server. Defaults to 1 TB.
# WARNING: this value should only be increased after careful
consideration
# and must be set to a value under 8 EB (9223372036854775808).
#image_size_cap = 1099511627776
# Address to bind the API server
bind_host = 0.0.0.0
# Port the bind the API server to
bind_port = 9292
# Log to this file. Make sure you do not set the same log file for
both the API
# and registry servers!
#
# If `log_file` is omitted and `use_syslog` is false, then log messages
are
# sent to stdout as a fallback.
log_file = /var/log/glance/api.log
# Backlog requests when creating socket
backlog = 4096
# TCP_KEEPIDLE value in seconds when creating socket.
# Not supported on OS X.
#tcp_keepidle = 600
4 09
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# API to use for accessing data. Default value points to sqlalchemy
# package, it is also possible to use: glance.db.registry.api
# data_api = glance.db.sqlalchemy.api
# The number of child process workers that will be
# created to service API requests. The default will be
# equal to the number of CPUs available. (integer value)
#workers = 4
#
#
#
#
#
Maximum line size of message headers to be accepted.
max_header_line may need to be increased when using large tokens
(typically those generated by the Keystone v3 API with big service
catalogs)
max_header_line = 16384
# Role used to identify an authenticated user as administrator
#admin_role = admin
# Allow unauthenticated users to access the API with read-only
# privileges. This only applies when using ContextMiddleware.
#allow_anonymous_access = False
# Allow access to version 1 of glance api
#enable_v1_api = True
# Allow access to version 2 of glance api
#enable_v2_api = True
# Return the URL that references where the data is stored on
# the backend storage system. For example, if using the
# file system store a URL of 'file:///path/to/image' will
# be returned to the user in the 'direct_url' meta-data field.
# The default value is false.
#show_image_direct_url = False
# Send headers containing user and tenant information when making
requests to
# the v1 glance registry. This allows the registry to function as if a
user is
# authenticated without the need to authenticate a user itself using
the
# auth_token middleware.
# The default value is false.
#send_identity_headers = False
# Supported values for the 'container_format' image attribute
#container_formats=ami,ari,aki,bare,ovf,ova
# Supported values for the 'disk_format' image attribute
#disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso
# Directory to use for lock files. Default to a temp directory
# (string value). This setting needs to be the same for both
# glance-scrubber and glance-api.
#lock_path=<None>
4 10
CHAPT ER 6 . IMAG E SERVICE
# Property Protections config file
# This file contains the rules for property protections and the
roles/policies
# associated with it.
# If this config value is not specified, by default, property
protections
# won't be enforced.
# If a value is specified and the file is not found, then the glanceapi
# service will not start.
#property_protection_file =
# Specify whether 'roles' or 'policies' are used in the
# property_protection_file.
# The default value for property_protection_rule_format is 'roles'.
#property_protection_rule_format = roles
# This value sets what strategy will be used to determine the image
location
# order. Currently two strategies are packaged with Glance
'location_order'
# and 'store_type'.
#location_strategy = location_order
# ================= Syslog Options ============================
# Send logs to syslog (/dev/log) instead of to file specified
# by `log_file`
#use_syslog = False
# Facility to use. If unset defaults to LOG_USER.
#syslog_log_facility = LOG_LOCAL0
# ================= SSL Options ===============================
# Certificate file to use when starting API server securely
#cert_file = /path/to/certfile
# Private key file to use when starting API server securely
#key_file = /path/to/keyfile
# CA certificate file to use to verify connecting clients
#ca_file = /path/to/cafile
# ================= Security Options ==========================
# AES key for encrypting store 'location' metadata, including
# -- if used -- Swift or S3 credentials
# Should be set to a random string of length 16, 24 or 32 bytes
#metadata_encryption_key = <16, 24 or 32 char registry metadata key>
# ============ Registry Options ===============================
# Address to find the registry server
registry_host = 0.0.0.0
4 11
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Port the registry server is listening on
registry_port = 9191
# What protocol to use when connecting to the registry server?
# Set to https for secure HTTP communication
registry_client_protocol = http
# The path to the key file to use in SSL connections to the
# registry server, if any. Alternately, you may set the
# GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key
file
#registry_client_key_file = /path/to/key/file
# The path to the cert file to use in SSL connections to the
# registry server, if any. Alternately, you may set the
# GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert
file
#registry_client_cert_file = /path/to/cert/file
# The path to the certifying authority cert file to use in SSL
connections
# to the registry server, if any. Alternately, you may set the
# GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert
file
#registry_client_ca_file = /path/to/ca/file
# When using SSL in connections to the registry server, do not require
# validation via a certifying authority. This is the registry's
equivalent of
# specifying --insecure on the command line using glanceclient for the
API
# Default: False
#registry_client_insecure = False
# The period of time, in seconds, that the API server will wait for a
registry
# request to complete. A value of '0' implies no timeout.
# Default: 600
#registry_client_timeout = 600
# Whether to automatically create the database tables.
# Default: False
#db_auto_create = False
# Enable DEBUG log messages from sqlalchemy which prints every
database
# query and response.
# Default: False
#sqlalchemy_debug = True
# Pass the user's token through for API requests to the registry.
# Default: True
#use_user_token = True
# If 'use_user_token' is not in effect then admin credentials
4 12
CHAPT ER 6 . IMAG E SERVICE
# can be specified. Requests to the registry on behalf of
# the API will use these credentials.
# Admin user name
#admin_user = None
# Admin password
#admin_password = None
# Admin tenant name
#admin_tenant_name = None
# Keystone endpoint
#auth_url = None
# Keystone region
#auth_region = None
# Auth strategy
#auth_strategy = keystone
# ============ Notification System Options =====================
# Driver or drivers to handle sending notifications. Set to
# 'messaging' to send notifications to a message queue.
# notification_driver = noop
# Default publisher_id for outgoing notifications.
# default_publisher_id = image.localhost
# Messaging driver used for 'messaging' notifications driver
# rpc_backend = 'rabbit'
# Configuration options if sending notifications via rabbitmq (these
are
# the defaults)
rabbit_host = localhost
rabbit_port = 5672
rabbit_use_ssl = false
rabbit_userid = guest
rabbit_password = guest
rabbit_virtual_host = /
rabbit_notification_exchange = glance
rabbit_notification_topic = notifications
rabbit_durable_queues = False
# Configuration options if sending notifications via Qpid (these are
# the defaults)
qpid_notification_exchange = glance
qpid_notification_topic = notifications
qpid_hostname = localhost
qpid_port = 5672
qpid_username =
qpid_password =
qpid_sasl_mechanisms =
qpid_reconnect_timeout = 0
qpid_reconnect_limit = 0
qpid_reconnect_interval_min = 0
qpid_reconnect_interval_max = 0
qpid_reconnect_interval = 0
qpid_heartbeat = 5
# Set to 'ssl' to enable SSL
4 13
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
qpid_protocol = tcp
qpid_tcp_nodelay = True
# ============ Delayed Delete Options =============================
# Turn on/off delayed delete
delayed_delete = False
# Delayed delete time in seconds
scrub_time = 43200
# Directory that the scrubber will use to remind itself of what to
delete
# Make sure this is also set in glance-scrubber.conf
scrubber_datadir = /var/lib/glance/scrubber
# =============== Quota Options ==================================
# The maximum number of image members allowed per image
#image_member_quota = 128
# The maximum number of image properties allowed per image
#image_property_quota = 128
# The maximum number of tags allowed per image
#image_tag_quota = 128
# The maximum number of locations allowed per image
#image_location_quota = 10
# Set a system wide quota for every user. This value is the total
number
# of bytes that a user can use across all storage systems. A value of
# 0 means unlimited.
#user_storage_quota = 0
# =============== Image Cache Options =============================
# Base directory that the Image Cache uses
image_cache_dir = /var/lib/glance/image-cache/
# =============== Database Options =================================
[database]
# The file name to use with SQLite (string value)
#sqlite_db = oslo.sqlite
# If True, SQLite uses synchronous mode (boolean value)
#sqlite_synchronous = True
# The backend to use for db (string value)
# Deprecated group/name - [DEFAULT]/db_backend
#backend = sqlalchemy
# The SQLAlchemy connection string used to connect to the
# database (string value)
4 14
CHAPT ER 6 . IMAG E SERVICE
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
# The SQL mode to be used for MySQL sessions. This option,
# including the default, overrides any server-set SQL mode. To
# use whatever SQL mode is set by the server configuration,
# set this to no value. Example: mysql_sql_mode= (string
# value)
#mysql_sql_mode = TRADITIONAL
# Timeout before idle sql
# value)
# Deprecated group/name # Deprecated group/name # Deprecated group/name #idle_timeout = 3600
connections are reaped (integer
[DEFAULT]/sql_idle_timeout
[DATABASE]/sql_idle_timeout
[sql]/idle_timeout
# Minimum number of SQL connections to keep open in a pool
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
# Deprecated group/name - [DATABASE]/sql_min_pool_size
#min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size = <None>
# Maximum db
# implies an
# Deprecated
# Deprecated
#max_retries
connection retries during startup. (setting -1
infinite retry count) (integer value)
group/name - [DEFAULT]/sql_max_retries
group/name - [DATABASE]/sql_max_retries
= 10
# Interval between retries of opening a sql connection
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_retry_interval
# Deprecated group/name - [DATABASE]/reconnect_interval
#retry_interval = 10
# If set, use this value for max_overflow with sqlalchemy
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
#max_overflow = <None>
# Verbosity of SQL debugging information. 0=None,
# 100=Everything (integer value)
# Deprecated group/name - [DEFAULT]/sql_connection_debug
#connection_debug = 0
# Add python stack traces to SQL as comment strings (boolean
# value)
4 15
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Deprecated group/name - [DEFAULT]/sql_connection_trace
#connection_trace = False
# If set, use this value for pool_timeout with sqlalchemy
# (integer value)
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
#pool_timeout = <None>
# Enable the experimental use of database reconnect on
# connection lost (boolean value)
#use_db_reconnect = False
# seconds between db connection retries (integer value)
#db_retry_interval = 1
# Whether to increase interval between db connection retries,
# up to db_max_retry_interval (boolean value)
#db_inc_retry_interval = True
# max seconds between db connection retries, if
# db_inc_retry_interval is enabled (integer value)
#db_max_retry_interval = 10
# maximum db connection retries before error is raised.
# (setting -1 implies an infinite retry count) (integer value)
#db_max_retries = 20
[keystone_authtoken]
identity_uri = http://127.0.0.1:35357
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
revocation_cache_time = 10
[paste_deploy]
# Name of the paste configuration file that defines the available
pipelines
#config_file = glance-api-paste.ini
# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-api-keystone], you would configure the flavor below
# as 'keystone'.
#flavor=
[store_type_location_strategy]
# The scheme list to use to get store preference order. The scheme
must be
# registered by one of the stores defined by the 'known_stores' config
option.
# This option will be applied when you using 'store_type' option as
image
# location strategy defined by the 'location_strategy' config option.
#store_type_preference =
[profiler]
4 16
CHAPT ER 6 . IMAG E SERVICE
# If False fully disable profiling feature.
#enabled = False
# If False doesn't trace SQL requests.
#trace_sqlalchemy = False
[task]
# ================= Glance Tasks Options ============================
# Specifies how long (in hours) a task is supposed to live in the tasks
DB
# after succeeding or failing before getting soft-deleted.
# The default value for task_time_to_live is 48 hours.
# task_time_to_live = 48
# Specifies which task executor to be used to run the task scripts.
# The default value for task_executor is eventlet.
# task_executor = eventlet
# Specifies the maximum number of eventlet threads which can be spun
up by
# the eventlet based task executor to perform execution of Glance
tasks.
# eventlet_executor_pool_size = 1000
[glance_store]
# List of which store classes and store class locations are
# currently known to glance at startup.
# Existing but disabled stores:
#
glance.store.rbd.Store,
#
glance.store.s3.Store,
#
glance.store.swift.Store,
#
glance.store.sheepdog.Store,
#
glance.store.cinder.Store,
#
glance.store.gridfs.Store,
#
glance.store.vmware_datastore.Store,
#stores = glance.store.filesystem.Store,
#
glance.store.http.Store
# ============ Filesystem Store Options ========================
# Directory that the Filesystem backend store
# writes image data to
filesystem_store_datadir = /var/lib/glance/images/
# A list of directories where image data can be stored.
# This option may be specified multiple times for specifying multiple
store
# directories. Either one of filesystem_store_datadirs or
# filesystem_store_datadir option is required. A priority number may
be given
# after each directory entry, separated by a ":".
# When adding an image, the highest priority directory will be
selected, unless
# there is not enough space available in cases where the image size is
already
4 17
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# known. If no priority is given, it is assumed to be zero and the
directory
# will be considered for selection last. If multiple directories have
the same
# priority, then the one with the most free space available is
selected.
# If same store is specified multiple times then BadStoreConfiguration
# exception will be raised.
#filesystem_store_datadirs = /var/lib/glance/images/:1
# A path to a JSON file that contains metadata describing the storage
# system. When show_multiple_locations is True the information in
this
# file will be returned with any location that is contained in this
# store.
#filesystem_store_metadata_file = None
# ============ Swift Store Options =============================
# Version of the authentication service to use
# Valid versions are '2' for keystone and '1' for swauth and rackspace
swift_store_auth_version = 2
# Address where the Swift authentication service lives
# Valid schemes are 'http://' and 'https://'
# If no scheme specified, default to 'https://'
# For swauth, use something like '127.0.0.1:8080/v1.0/'
swift_store_auth_address = 127.0.0.1:5000/v2.0/
# User to authenticate against the Swift authentication service
# If you use Swift authentication service, set it to 'account':'user'
# where 'account' is a Swift storage account and 'user'
# is a user in that account
swift_store_user = jdoe:jdoe
# Auth key for the user authenticating against the
# Swift authentication service
swift_store_key = a86850deb2742ec3cb41518e26aa2d89
# Container within the account that the account should use
# for storing images in Swift
swift_store_container = glance
# Do we create the container if it does not exist?
swift_store_create_container_on_put = False
# What size, in MB, should Glance start chunking image files
# and do a large object manifest in Swift? By default, this is
# the maximum object size in Swift, which is 5GB
swift_store_large_object_size = 5120
#
#
#
#
#
4 18
swift_store_config_file = glance-swift.conf
This file contains references for each of the configured
Swift accounts/backing stores. If used, this option can prevent
credentials being stored in the database. Using Swift references
is disabled if this config is left blank.
CHAPT ER 6 . IMAG E SERVICE
# The reference to the default Swift parameters to use for adding new
images.
# default_swift_reference = 'ref1'
# When doing a large object manifest, what size, in MB, should
# Glance write chunks to Swift? This amount of data is written
# to a temporary disk buffer during the process of chunking
# the image file, and the default is 200MB
swift_store_large_object_chunk_size = 200
# Whether to use ServiceNET to communicate with the Swift storage
servers.
# (If you aren't RACKSPACE, leave this False!)
#
# To use ServiceNET for authentication, prefix hostname of
# `swift_store_auth_address` with 'snet-'.
# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
swift_enable_snet = False
# If set to True enables multi-tenant storage mode which causes Glance
images
# to be stored in tenant specific Swift accounts.
#swift_store_multi_tenant = False
# A list of swift ACL strings that will be applied as both read and
# write ACLs to the containers created by Glance in multi-tenant
# mode. This grants the specified tenants/users read and write access
# to all newly created image objects. The standard swift ACL string
# formats are allowed, including:
# <tenant_id>:<username>
# <tenant_name>:<username>
# *:<username>
# Multiple ACLs can be combined using a comma separated list, for
# example: swift_store_admin_tenants = service:glance,*:admin
#swift_store_admin_tenants =
# The region of the swift endpoint to be used for single tenant. This
setting
# is only necessary if the tenant has multiple swift endpoints.
#swift_store_region =
# If set to False, disables SSL layer compression of https swift
requests.
# Setting to 'False' may improve performance for images which are
already
# in a compressed format, eg qcow2. If set to True, enables SSL layer
# compression (provided it is supported by the target swift proxy).
#swift_store_ssl_compression = True
# The number of times a Swift download will be retried before the
# request fails
#swift_store_retry_get_count = 0
# Bypass SSL verification for Swift
#swift_store_auth_insecure = False
4 19
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# ============ S3 Store Options =============================
# Address where the S3 authentication service lives
# Valid schemes are 'http://' and 'https://'
# If no scheme specified, default to 'http://'
s3_store_host = 127.0.0.1:8080/v1.0/
# User to authenticate against the S3 authentication service
s3_store_access_key = <20-char AWS access key>
# Auth key for the user authenticating against the
# S3 authentication service
s3_store_secret_key = <40-char AWS secret key>
# Container within the account that the account should use
# for storing images in S3. Note that S3 has a flat namespace,
# so you need a unique bucket name for your glance images. An
# easy way to do this is append your AWS access key to "glance".
# S3 buckets in AWS *must* be lowercased, so remember to lowercase
# your AWS access key if you use it in your bucket name below!
s3_store_bucket = <lowercased 20-char aws access key>glance
# Do we create the bucket if it does not exist?
s3_store_create_bucket_on_put = False
# When sending images to S3, the data will first be written to a
# temporary buffer on disk. By default the platform's temporary
directory
# will be used. If required, an alternative directory can be specified
here.
#s3_store_object_buffer_dir = /path/to/dir
# When forming a bucket url, boto will either set the bucket name as
the
# subdomain or as the first token of the path. Amazon's S3 service
will
# accept it as the subdomain, but Swift's S3 middleware requires it be
# in the path. Set this to 'path' or 'subdomain' - defaults to
'subdomain'.
#s3_store_bucket_url_format = subdomain
# Size, in MB, should S3 start chunking image files
# and do a multipart upload in S3. The default is 100MB.
#s3_store_large_object_size = 100
# Multipart upload part size, in MB, should S3 use when uploading
# parts. The size must be greater than or equal to
# 5MB. The default is 10MB.
#s3_store_large_object_chunk_size = 10
# The number of thread pools to perform a multipart upload
# in S3. The default is 10.
#s3_store_thread_pools = 10
# ============ RBD Store Options =============================
4 20
CHAPT ER 6 . IMAG E SERVICE
# Ceph configuration file path
# If using cephx authentication, this file should
# include a reference to the right keyring
# in a client.<USER> section
#rbd_store_ceph_conf = /etc/ceph/ceph.conf
# RADOS user to authenticate as (only applicable if using cephx)
# If <None>, a default will be chosen based on the client. section
# in rbd_store_ceph_conf
#rbd_store_user = <None>
# RADOS pool in which images are stored
#rbd_store_pool = images
# RADOS images will be chunked into objects of this size (in
megabytes).
# For best performance, this should be a power of two
#rbd_store_chunk_size = 8
# ============ Sheepdog Store Options =============================
sheepdog_store_address = localhost
sheepdog_store_port = 7000
# Images will be chunked into objects of this size (in megabytes).
# For best performance, this should be a power of two
sheepdog_store_chunk_size = 64
# ============ Cinder Store Options ===============================
# Info to match when looking for cinder in the service catalog
# Format is : separated values of the form:
# <service_type>:<service_name>:<endpoint_type> (string value)
#cinder_catalog_info = volume:cinder:publicURL
# Override service catalog lookup with template for cinder endpoint
# e.g. http://localhost:8776/v1/%(project_id)s (string value)
#cinder_endpoint_template = <None>
# Region name of this node (string value)
#os_region_name = <None>
# Location of ca certicates file to use for cinder client requests
# (string value)
#cinder_ca_certificates_file = <None>
# Number of cinderclient retries on failed http calls (integer value)
#cinder_http_retries = 3
# Allow to perform insecure SSL requests to cinder (boolean value)
#cinder_api_insecure = False
# ============ VMware Datastore Store Options =====================
4 21
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# ESX/ESXi or vCenter Server target system.
# The server value can be an IP address or a DNS name
# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com
#vmware_server_host = <None>
# Server username (string value)
#vmware_server_username = <None>
# Server password (string value)
#vmware_server_password = <None>
# Inventory path to a datacenter (string value)
# Value optional when vmware_server_ip is an ESX/ESXi host: if
specified
# should be `ha-datacenter`.
#vmware_datacenter_path = <None>
# Datastore associated with the datacenter (string value)
#vmware_datastore_name = <None>
# The number of times we retry on failures
# e.g., socket error, etc (integer value)
#vmware_api_retry_count = 10
# The interval used for polling remote tasks
# invoked on VMware ESX/VC server in seconds (integer value)
#vmware_task_poll_interval = 5
# Absolute path of the folder containing the images in the datastore
# (string value)
#vmware_store_image_dir = /openstack_glance
# Allow to perform insecure SSL requests to the target system (boolean
value)
#vmware_api_insecure = False
6.4 .2. glance-regist ry.conf
Configuration for the Image Service's registry, which stores the metadata about images, is
found in the g l ance-reg i stry. co nf file.
This file must be modified after installation.
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
#verbose = False
# Show debugging output in logs (sets DEBUG log level output)
#debug = False
# Address to bind the registry server
bind_host = 0.0.0.0
# Port the bind the registry server to
4 22
CHAPT ER 6 . IMAG E SERVICE
bind_port = 9191
# Log to this file. Make sure you do not set the same log file for
both the API
# and registry servers!
#
# If `log_file` is omitted and `use_syslog` is false, then log messages
are
# sent to stdout as a fallback.
log_file = /var/log/glance/registry.log
# Backlog requests when creating socket
backlog = 4096
# TCP_KEEPIDLE value in seconds when creating socket.
# Not supported on OS X.
#tcp_keepidle = 600
# API to use for accessing data. Default value points to sqlalchemy
# package.
#data_api = glance.db.sqlalchemy.api
# The number of child process workers that will be
# created to service Registry requests. The default will be
# equal to the number of CPUs available. (integer value)
#workers = None
# Enable Registry API versions individually or simultaneously
#enable_v1_registry = True
#enable_v2_registry = True
# Limit the api to return `param_limit_max` items in a call to a
container. If
# a larger `limit` query param is provided, it will be reduced to
this value.
api_limit_max = 1000
# If a `limit` query param is not provided in an api request, it will
# default to `limit_param_default`
limit_param_default = 25
# Role used to identify an authenticated user as administrator
#admin_role = admin
# Whether to automatically create the database tables.
# Default: False
#db_auto_create = False
# Enable DEBUG log messages from sqlalchemy which prints every
database
# query and response.
# Default: False
#sqlalchemy_debug = True
# ================= Syslog Options ============================
4 23
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Send logs to syslog (/dev/log) instead of to file specified
# by `log_file`
#use_syslog = False
# Facility to use. If unset defaults to LOG_USER.
#syslog_log_facility = LOG_LOCAL1
# ================= SSL Options ===============================
# Certificate file to use when starting registry server securely
#cert_file = /path/to/certfile
# Private key file to use when starting registry server securely
#key_file = /path/to/keyfile
# CA certificate file to use to verify connecting clients
#ca_file = /path/to/cafile
# ============ Notification System Options =====================
# Driver or drivers to handle sending notifications. Set to
# 'messaging' to send notifications to a message queue.
# notification_driver = noop
# Default publisher_id for outgoing notifications.
# default_publisher_id = image.localhost
# Messaging driver used for 'messaging' notifications driver
# rpc_backend = 'rabbit'
# Configuration options if sending notifications via rabbitmq (these
are
# the defaults)
rabbit_host = localhost
rabbit_port = 5672
rabbit_use_ssl = false
rabbit_userid = guest
rabbit_password = guest
rabbit_virtual_host = /
rabbit_notification_exchange = glance
rabbit_notification_topic = notifications
rabbit_durable_queues = False
# Configuration options if sending notifications via Qpid (these are
# the defaults)
qpid_notification_exchange = glance
qpid_notification_topic = notifications
qpid_hostname = localhost
qpid_port = 5672
qpid_username =
qpid_password =
qpid_sasl_mechanisms =
qpid_reconnect_timeout = 0
qpid_reconnect_limit = 0
qpid_reconnect_interval_min = 0
qpid_reconnect_interval_max = 0
4 24
CHAPT ER 6 . IMAG E SERVICE
qpid_reconnect_interval = 0
qpid_heartbeat = 5
# Set to 'ssl' to enable SSL
qpid_protocol = tcp
qpid_tcp_nodelay = True
# ================= Database Options ==========================
[database]
# The file name to use with SQLite (string value)
#sqlite_db = glance.sqlite
# If True, SQLite uses synchronous mode (boolean value)
#sqlite_synchronous = True
# The backend to use for db (string value)
# Deprecated group/name - [DEFAULT]/db_backend
#backend = sqlalchemy
# The SQLAlchemy connection string used to connect to the
# database (string value)
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
# The SQL mode to be used for MySQL sessions. This option,
# including the default, overrides any server-set SQL mode. To
# use whatever SQL mode is set by the server configuration,
# set this to no value. Example: mysql_sql_mode= (string
# value)
#mysql_sql_mode = TRADITIONAL
# Timeout before idle sql
# value)
# Deprecated group/name # Deprecated group/name # Deprecated group/name #idle_timeout = 3600
connections are reaped (integer
[DEFAULT]/sql_idle_timeout
[DATABASE]/sql_idle_timeout
[sql]/idle_timeout
# Minimum number of SQL connections to keep open in a pool
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
# Deprecated group/name - [DATABASE]/sql_min_pool_size
#min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size = <None>
# Maximum db connection retries during startup. (setting -1
# implies an infinite retry count) (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_retries
4 25
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Deprecated group/name - [DATABASE]/sql_max_retries
#max_retries = 10
# Interval between retries of opening a sql connection
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_retry_interval
# Deprecated group/name - [DATABASE]/reconnect_interval
#retry_interval = 10
# If set, use this value for max_overflow with sqlalchemy
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
#max_overflow = <None>
# Verbosity of SQL debugging information. 0=None,
# 100=Everything (integer value)
# Deprecated group/name - [DEFAULT]/sql_connection_debug
#connection_debug = 0
# Add python stack traces to SQL as comment strings (boolean
# value)
# Deprecated group/name - [DEFAULT]/sql_connection_trace
#connection_trace = False
# If set, use this value for pool_timeout with sqlalchemy
# (integer value)
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
#pool_timeout = <None>
# Enable the experimental use of database reconnect on
# connection lost (boolean value)
#use_db_reconnect = False
# seconds between db connection retries (integer value)
#db_retry_interval = 1
# Whether to increase interval between db connection retries,
# up to db_max_retry_interval (boolean value)
#db_inc_retry_interval = True
# max seconds between db connection retries, if
# db_inc_retry_interval is enabled (integer value)
#db_max_retry_interval = 10
# maximum db connection retries before error is raised.
# (setting -1 implies an infinite retry count) (integer value)
#db_max_retries = 20
[keystone_authtoken]
identity_uri = http://127.0.0.1:35357
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
[paste_deploy]
4 26
CHAPT ER 6 . IMAG E SERVICE
# Name of the paste configuration file that defines the available
pipelines
#config_file = glance-registry-paste.ini
# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-registry-keystone], you would configure the flavor
below
# as 'keystone'.
#flavor=
[profiler]
# If False fully disable profiling feature.
#enabled = False
# If False doesn't trace SQL requests.
#trace_sqlalchemy = False
6.4 .3. glance-api-past e.ini
Configuration for the Image Service's API middleware pipeline is found in the g l ance-api paste. i ni file.
You should not need to modify this file.
# Use this pipeline for no auth or image caching - DEFAULT
[pipeline:glance-api]
pipeline = versionnegotiation osprofiler unauthenticated-context
rootapp
# Use this pipeline for image caching and no auth
[pipeline:glance-api-caching]
pipeline = versionnegotiation osprofiler unauthenticated-context cache
rootapp
# Use this pipeline for caching w/ management interface but no auth
[pipeline:glance-api-cachemanagement]
pipeline = versionnegotiation osprofiler unauthenticated-context cache
cachemanage rootapp
# Use this pipeline for keystone auth
[pipeline:glance-api-keystone]
pipeline = versionnegotiation osprofiler authtoken context
rootapp
# Use this pipeline for keystone auth with image caching
[pipeline:glance-api-keystone+caching]
pipeline = versionnegotiation osprofiler authtoken context cache
rootapp
# Use this pipeline for keystone auth with caching and cache
management
[pipeline:glance-api-keystone+cachemanagement]
pipeline = versionnegotiation osprofiler authtoken context cache
cachemanage rootapp
4 27
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Use this pipeline for authZ only. This means that the registry will
treat a
# user as authenticated without making requests to keystone to
reauthenticate
# the user.
[pipeline:glance-api-trusted-auth]
pipeline = versionnegotiation osprofiler context rootapp
# Use this pipeline for authZ only. This means that the registry will
treat a
# user as authenticated without making requests to keystone to
reauthenticate
# the user and uses cache management
[pipeline:glance-api-trusted-auth+cachemanagement]
pipeline = versionnegotiation osprofiler context cache cachemanage
rootapp
[composite:rootapp]
paste.composite_factory = glance.api:root_app_factory
/: apiversions
/v1: apiv1app
/v2: apiv2app
[app:apiversions]
paste.app_factory = glance.api.versions:create_resource
[app:apiv1app]
paste.app_factory = glance.api.v1.router:API.factory
[app:apiv2app]
paste.app_factory = glance.api.v2.router:API.factory
[filter:versionnegotiation]
paste.filter_factory =
glance.api.middleware.version_negotiation:VersionNegotiationFilter.fac
tory
[filter:cache]
paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
[filter:cachemanage]
paste.filter_factory =
glance.api.middleware.cache_manage:CacheManageFilter.factory
[filter:context]
paste.filter_factory =
glance.api.middleware.context:ContextMiddleware.factory
[filter:unauthenticated-context]
paste.filter_factory =
glance.api.middleware.context:UnauthenticatedContextMiddleware.factor
y
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
4 28
CHAPT ER 6 . IMAG E SERVICE
delay_auth_decision = true
[filter:gzip]
paste.filter_factory =
glance.api.middleware.gzip:GzipMiddleware.factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = SECRET_KEY
enabled = yes
6.4 .4 . glance-regist ry-past e.ini
The Image Service's middleware pipeline for its registry is found in the g l ance-reg i strypaste. i ni file.
# Use this pipeline for no auth - DEFAULT
[pipeline:glance-registry]
pipeline = osprofiler unauthenticated-context registryapp
# Use this pipeline for keystone auth
[pipeline:glance-registry-keystone]
pipeline = osprofiler authtoken context registryapp
# Use this pipeline for authZ only. This means that the registry will
treat a
# user as authenticated without making requests to keystone to
reauthenticate
# the user.
[pipeline:glance-registry-trusted-auth]
pipeline = osprofiler context registryapp
[app:registryapp]
paste.app_factory = glance.registry.api:API.factory
[filter:context]
paste.filter_factory =
glance.api.middleware.context:ContextMiddleware.factory
[filter:unauthenticated-context]
paste.filter_factory =
glance.api.middleware.context:UnauthenticatedContextMiddleware.factor
y
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = SECRET_KEY
enabled = yes
6.4 .5. glance-scrubber.conf
4 29
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
g l ance-scrubber is a utility for the Image Service that cleans up images that have been
deleted; its configuration is stored in the g l ance-scrubber. co nf file.
Multiple instances of g l ance-scrubber can be run in a single deployment, but only one of
them can be designated as the cl eanup_scrubber in the g l ance-scrubber. co nf file.
The cl eanup_scrubber coordinates other g l ance-scrubber instances by maintaining
the master queue of images that need to be removed.
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
#verbose = False
# Show debugging output in logs (sets DEBUG log level output)
#debug = False
# Log to this file. Make sure you do not set the same log file for
both the API
# and registry servers!
#
# If `log_file` is omitted and `use_syslog` is false, then log messages
are
# sent to stdout as a fallback.
log_file = /var/log/glance/scrubber.log
# Send logs to syslog (/dev/log) instead of to file specified by
`log_file`
#use_syslog = False
# Should we run our own loop or rely on cron/scheduler to run us
daemon = False
# Loop time between checking for new items to schedule for delete
wakeup_time = 300
# Directory that the scrubber will use to remind itself of what to
delete
# Make sure this is also set in glance-api.conf
scrubber_datadir = /var/lib/glance/scrubber
# Only one server in your deployment should be designated the cleanup
host
cleanup_scrubber = False
# pending_delete items older than this time are candidates for cleanup
cleanup_scrubber_time = 86400
# Address to find the registry server for cleanups
registry_host = 0.0.0.0
# Port the registry server is listening on
registry_port = 9191
#
#
#
#
4 30
Auth settings if using Keystone
auth_url = http://127.0.0.1:5000/v2.0/
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
CHAPT ER 6 . IMAG E SERVICE
# admin_password = %SERVICE_PASSWORD%
# Directory to use for lock files. Default to a temp directory
# (string value). This setting needs to be the same for both
# glance-scrubber and glance-api.
#lock_path=<None>
# API to use for accessing data. Default value points to sqlalchemy
# package, it is also possible to use: glance.db.registry.api
#data_api = glance.db.sqlalchemy.api
# ================= Security Options ==========================
# AES key for encrypting store 'location' metadata, including
# -- if used -- Swift or S3 credentials
# Should be set to a random string of length 16, 24 or 32 bytes
#metadata_encryption_key = <16, 24 or 32 char registry metadata key>
# ================= Database Options ===============+==========
[database]
# The SQLAlchemy connection string used to connect to the
# database (string value)
#connection=sqlite:////glance/openstack/common/db/$sqlite_db
# The SQLAlchemy connection string used to connect to the
# slave database (string value)
#slave_connection=
# timeout before idle sql connections are reaped (integer
# value)
#idle_timeout=3600
# Minimum number of SQL connections to keep open in a pool
# (integer value)
#min_pool_size=1
# Maximum number of SQL connections to keep open in a pool
# (integer value)
#max_pool_size=<None>
# maximum db connection retries during startup. (setting -1
# implies an infinite retry count) (integer value)
#max_retries=10
# interval between retries of opening a sql connection
# (integer value)
#retry_interval=10
# If set, use this value for max_overflow with sqlalchemy
# (integer value)
#max_overflow=<None>
# Verbosity of SQL debugging information. 0=None,
# 100=Everything (integer value)
4 31
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#connection_debug=0
# Add python stack traces to SQL as comment strings (boolean
# value)
#connection_trace=false
# If set, use this value for pool_timeout with sqlalchemy
# (integer value)
#pool_timeout=<None>
6.4 .6. policy.json
The /etc/g l ance/po l i cy. jso n file defines additional access controls that apply to the
Image Service.
{
"context_is_admin":
"default": "",
"role:admin",
"add_image": "",
"delete_image": "",
"get_image": "",
"get_images": "",
"modify_image": "",
"publicize_image": "role:admin",
"copy_from": "",
"download_image": "",
"upload_image": "",
"delete_image_location": "",
"get_image_location": "",
"set_image_location": "",
"add_member": "",
"delete_member": "",
"get_member": "",
"get_members": "",
"modify_member": "",
"manage_image_cache": "role:admin",
"get_task": "",
"get_tasks": "",
"add_task": "",
"modify_task": "",
"get_metadef_namespace": "",
"get_metadef_namespaces":"",
"modify_metadef_namespace":"",
"add_metadef_namespace":"",
"get_metadef_object":"",
"get_metadef_objects":"",
4 32
CHAPT ER 6 . IMAG E SERVICE
"modify_metadef_object":"",
"add_metadef_object":"",
"list_metadef_resource_types":"",
"get_metadef_resource_type":"",
"add_metadef_resource_type_association":"",
"get_metadef_property":"",
"get_metadef_properties":"",
"modify_metadef_property":"",
"add_metadef_property":""
}
6.5. NEW, UPDAT ED AND DEPRECAT ED OPT IONS IN JUNO FOR
OPENST ACK IMAGE SERVICE
T ab le 6 .25. N ew o p t io n s
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] d b _enfo rc e_mys q l_c hars et =
True
(Bo o lO p t) DEPRECATED. TO BE REMO VED
IN THE JUNO RELEASE. Whether o r no t to
enfo rc e that all DB tab les have c hars et utf8 . If
yo ur d atab as e tab les d o no t have c hars et
utf8 yo u will need to c o nvert b efo re this
o p tio n is remo ved . This o p tio n is o nly
relevant if yo ur d atab as e eng ine is MySQ L.
[DEFAULT] d efault_s wift_referenc e = ref1
(StrO p t) The referenc e to the d efault s wift
ac c o unt/b ac king s to re p arameters to us e fo r
ad d ing new imag es .
[DEFAULT] metad ata_s o urc e_p ath =
/etc /g lanc e/metad efs /
(StrO p t) Path to the d irec to ry where js o n
metad ata files are s to red
[DEFAULT] s wift_s to re_c o nfig _file = No ne
(StrO p t) The c o nfig file that has the s wift
ac c o unt(s )c o nfig s .
[d atab as e] s lave_c o nnec tio n = No ne
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the s lave d atab as e.
[g lanc e_s to re] d efault_s to re = file
(StrO p t) Default s c heme to us e to s to re
imag e d ata. The s c heme mus t b e reg is tered
b y o ne o f the s to res d efined b y the ' s to res '
c o nfig o p tio n.
[g lanc e_s to re] d efault_s wift_referenc e = ref1
(StrO p t) The referenc e to the d efault s wift
ac c o unt/b ac king s to re p arameters to us e fo r
ad d ing new imag es .
4 33
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
4 34
O p tio n = d efault value
(Typ e) Help s tring
[g lanc e_s to re] files ys tem_s to re_d atad ir =
No ne
(StrO p t) Direc to ry to whic h the Files ys tem
b ac kend s to re writes imag es .
[g lanc e_s to re] files ys tem_s to re_d atad irs =
No ne
(MultiStrO p t) Lis t o f d irec to ries and its
p rio rities to whic h the Files ys tem b ac kend
s to re writes imag es .
[g lanc e_s to re]
files ys tem_s to re_metad ata_file = No ne
(StrO p t) The p ath to a file whic h c o ntains the
metad ata to b e returned with any lo c atio n
as s o c iated with this s to re. The file mus t
c o ntain a valid JSO N d ic t.
[g lanc e_s to re] s to res = file, http
(Lis tO p t) Lis t o f s to res enab led
[g lanc e_s to re] s wift_s to re_auth_ad d res s =
No ne
(StrO p t) The ad d res s where the Swift
authentic atio n s ervic e is lis tening .
(d ep rec ated )
[g lanc e_s to re] s wift_s to re_c o nfig _file =
No ne
(StrO p t) The c o nfig file that has the s wift
ac c o unt(s )c o nfig s .
[g lanc e_s to re] s wift_s to re_key = No ne
(StrO p t) Auth key fo r the us er authentic ating
ag ains t the Swift authentic atio n s ervic e.
(d ep rec ated )
[g lanc e_s to re] s wift_s to re_us er = No ne
(StrO p t) The us er to authentic ate ag ains t the
Swift authentic atio n s ervic e (d ep rec ated )
[keys to ne_authto ken]
c hec k_revo c atio ns _fo r_c ac hed = Fals e
(Bo o lO p t) If true, the revo c atio n lis t will b e
c hec ked fo r c ac hed to kens . This req uires
that PKI to kens are c o nfig ured o n the
Keys to ne s erver.
[keys to ne_authto ken] has h_alg o rithms = md 5
(Lis tO p t) Has h alg o rithms to us e fo r has hing
PKI to kens . This may b e a s ing le alg o rithm
o r multip le. The alg o rithms are tho s e
s up p o rted b y Pytho n s tand ard has hlib .new().
The has hes will b e tried in the o rd er g iven,
s o p ut the p referred o ne firs t fo r
p erfo rmanc e. The res ult o f the firs t has h will
b e s to red in the c ac he. This will typ ic ally b e
s et to multip le values o nly while mig rating
fro m a les s s ec ure alg o rithm to a mo re
s ec ure o ne. O nc e all the o ld to kens are
exp ired this o p tio n s ho uld b e s et to a s ing le
value fo r b etter p erfo rmanc e.
[keys to ne_authto ken] id entity_uri = No ne
(StrO p t) Co mp lete ad min Id entity API
end p o int. This s ho uld s p ec ify the
unvers io ned ro o t end p o int e.g .
http s ://lo c alho s t:35357/
CHAPT ER 6 . IMAG E SERVICE
O p tio n = d efault value
(Typ e) Help s tring
[p ro filer] enab led = True
(Bo o lO p t) If Fals e fully d is ab le p ro filing
feature.
[p ro filer] trac e_s q lalc hemy = True
(Bo o lO p t) If Fals e d o es n' t trac e SQ L
req ues ts .
[tas k] eventlet_exec uto r_p o o l_s iz e = 10 0 0
(IntO p t) Sp ec ifies the maximum numb er o f
eventlet thread s whic h c an b e s p un up b y the
eventlet b as ed tas k exec uto r to p erfo rm
exec utio n o f G lanc e tas ks .
[tas k] tas k_exec uto r = eventlet
(StrO p t) Sp ec ifies whic h tas k exec uto r to b e
us ed to run the tas k s c rip ts .
T ab le 6 .26 . N ew d ef au lt valu es
O p tio n
Previo us d efault value
New d efault value
[DEFAULT]
d efault_lo g _levels
amq p =WARN,
amq p lib =WARN,
b o to =WARN, q p id =WARN,
s q lalc hemy=WARN,
s ud s =INFO , is o 8 6 0 1=WARN,
req ues ts .p ac kag es .urllib 3.c
o nnec tio np o o l=WARN
amq p =WARN,
amq p lib =WARN,
b o to =WARN, q p id =WARN,
s q lalc hemy=WARN,
s ud s =INFO ,
o s lo .mes s ag ing =INFO ,
is o 8 6 0 1=WARN,
req ues ts .p ac kag es .urllib 3.c
o nnec tio np o o l=WARN
[DEFAULT] wo rkers
1
4
[d atab as e] s q lite_d b
g lanc e.s q lite
o s lo .s q lite
[keys to ne_authto ken]
revo c atio n_c ac he_time
30 0
10
T ab le 6 .27. D ep recat ed o p t io n s
Dep rec ated o p tio n
New O p tio n
[DEFAULT] s wift_s to re_auth_ad d res s
[g lanc e_s to re] s wift_s to re_auth_ad d res s
[DEFAULT] files ys tem_s to re_metad ata_file
[g lanc e_s to re]
files ys tem_s to re_metad ata_file
[DEFAULT] s wift_s to re_key
[g lanc e_s to re] s wift_s to re_key
4 35
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
4 36
Dep rec ated o p tio n
New O p tio n
[DEFAULT] files ys tem_s to re_d atad ir
[g lanc e_s to re] files ys tem_s to re_d atad ir
[DEFAULT] kno wn_s to res
[g lanc e_s to re] s to res
[DEFAULT] d efault_s to re
[g lanc e_s to re] d efault_s to re
[DEFAULT] s wift_s to re_us er
[g lanc e_s to re] s wift_s to re_us er
[DEFAULT] files ys tem_s to re_d atad irs
[g lanc e_s to re] files ys tem_s to re_d atad irs
CHAPT ER 7 . NET WO RKING
CHAPTER 7. NETWORKING
This chapter explains the OpenStack Networking configuration options. For installation
prerequisites, steps, and use cases, see the OpenStack Installation Guide for your distribution
(docs.openstack.org) and Cloud Administrator Guide.
7.1. NET WORKING CONFIGURAT ION OPT IONS
The options and descriptions listed in this introduction are auto generated from the code in
the Networking service project, which provides software-defined networking between VMs run
in Compute. The list contains common options, while the subsections list the options for the
various networking plug-ins.
T ab le 7.1. D escrip t io n o f co mmo n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ad mi n_passwo rd = None
(StrO p t) Ad min p as s wo rd
ad mi n_tenant_name = None
(StrO p t) Ad min tenant name
ad mi n_user = None
(StrO p t) Ad min us ername
ag ent_d o wn_ti me = 75
(IntO p t) Sec o nd s to reg ard the ag ent is
d o wn; s ho uld b e at leas t twic e
rep o rt_interval, to b e s ure the ag ent is d o wn
fo r g o o d .
api _wo rkers = 0
(IntO p t) Numb er o f s ep arate API wo rker
p ro c es s es fo r s ervic e
auth_ca_cert = None
(StrO p t) Certific ate Autho rity p ub lic key (CA
c ert) file fo r s s l
auth_i nsecure = False
(Bo o lO p t) Turn o ff verific atio n o f the
c ertific ate fo r s s l
auth_reg i o n = None
(StrO p t) Authentic atio n reg io n
auth_strateg y = keystone
(StrO p t) The typ e o f authentic atio n to us e
auth_url = None
(StrO p t) Authentic atio n URL
base_mac = fa:16:3e:00:00:00
(StrO p t) The b as e MAC ad d res s Neutro n will
us e fo r VIFs
4 37
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
bi nd _ho st = 0.0.0.0
(StrO p t) The ho s t IP to b ind to
bi nd _po rt = 9696
(IntO p t) The p o rt to b ind to
ca_certs = None
(StrO p t) CA c ertific ates
check_chi l d _pro cesses_acti o n =
(StrO p t) Ac tio n to b e exec uted when a c hild
p ro c es s d ies
respawn
check_chi l d _pro cesses_i nterval =
0
(IntO p t) Interval b etween c hec ks o f c hild
p ro c es s livenes s (s ec o nd s ), us e 0 to
d is ab le
co re_pl ug i n = None
(StrO p t) The c o re p lug in Neutro n will us e
ctl _cert = None
(StrO p t) c o ntro ller c ertific ate
ctl _pri vkey = None
(StrO p t) c o ntro ller p rivate key
d hcp_ag ent_no ti fi cati o n = True
(Bo o lO p t) Allo w s end ing res o urc e o p eratio n
no tific atio n to DHCP ag ent
d hcp_ag ents_per_netwo rk = 1
(IntO p t) Numb er o f DHCP ag ents s c hed uled
to ho s t a netwo rk.
d hcp_bro ad cast_repl y = False
(Bo o lO p t) Us e b ro ad c as t in DHCP rep lies
d hcp_co nfs = $state_path/dhcp
(StrO p t) Lo c atio n to s to re DHCP s erver
c o nfig files
d hcp_d el ete_namespaces = False
(Bo o lO p t) Delete names p ac e after remo ving
a d hc p s erver.
d hcp_d o mai n = openstacklocal
(StrO p t) Do main to us e fo r b uild ing the
ho s tnames
d hcp_d ri ver =
(StrO p t) The d river us ed to manag e the
DHCP s erver.
neutron.agent.linux.dhcp.Dnsmasq
4 38
d hcp_l ease_d urati o n = 86400
(IntO p t) DHCP leas e d uratio n (in s ec o nd s ).
Us e -1 to tell d ns mas q to us e infinite leas e
times .
end po i nt_type = publicURL
(StrO p t) Netwo rk s ervic e end p o int typ e to
p ull fro m the keys to ne c atalo g
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
fo rce_g ateway_o n_subnet = True
(Bo o lO p t) Ens ure that c o nfig ured g ateway is
o n s ub net. Fo r IPv6 , valid ate o nly if g ateway
is no t a link lo c al ad d res s . Dep rec ated , to b e
remo ved d uring the K releas e, at whic h p o int
the c hec k will b e mand ato ry.
ho st = localhost
(StrO p t) The ho s tname Neutro n is running o n
i nterface_d ri ver = None
(StrO p t) The d river us ed to manag e the
virtual interfac e.
i p_l i b_fo rce_ro o t = False
(Bo o lO p t) Fo rc e ip _lib c alls to us e the ro o t
help er
l o ck_path = None
(StrO p t) Direc to ry to us e fo r lo c k files .
mac_g enerati o n_retri es = 16
(IntO p t) Ho w many times Neutro n will retry
MAC g eneratio n
max_al l o wed _ad d ress_pai r = 10
(IntO p t) Maximum numb er o f allo wed
ad d res s p airs
max_d ns_nameservers = 5
(IntO p t) Maximum numb er o f DNS
names ervers
max_fi xed _i ps_per_po rt = 5
(IntO p t) Maximum numb er o f fixed ip s p er
p o rt
max_subnet_ho st_ro utes = 20
(IntO p t) Maximum numb er o f ho s t ro utes p er
s ub net
memcached _servers = None
(Lis tO p t) Memc ac hed s ervers o r No ne fo r in
p ro c es s c ac he.
peri o d i c_fuzzy_d el ay = 5
(IntO p t) Rang e o f s ec o nd s to rand o mly
d elay when s tarting the p erio d ic tas k
s c hed uler to red uc e s tamp ed ing . (Dis ab le
b y s etting to 0 )
peri o d i c_i nterval = 40
(IntO p t) Sec o nd s b etween running p erio d ic
tas ks
repo rt_i nterval = 300
(IntO p t) Interval b etween two metering
rep o rts
ro o t_hel per = sudo
(StrO p t) Ro o t help er ap p lic atio n.
state_path = /var/lib/neutron
(StrO p t) Where to s to re Neutro n s tate files .
This d irec to ry mus t b e writab le b y the ag ent.
4 39
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[AG ENT ]
ro o t_hel per = sudo
(StrO p t) Ro o t help er ap p lic atio n.
[PRO XY]
ad mi n_passwo rd = None
(StrO p t) Ad min p as s wo rd
ad mi n_tenant_name = None
(StrO p t) Ad min tenant name
ad mi n_user = None
(StrO p t) Ad min us er
auth_reg i o n = None
(StrO p t) Authentic atio n reg io n
auth_strateg y = keystone
(StrO p t) The typ e o f authentic atio n to us e
auth_url = None
(StrO p t) Authentic atio n URL
[heleos]
ad mi n_passwo rd = None
(StrO p t) ESM ad min p as s wo rd .
[keyst one_aut ht oken]
memcached _servers = None
(Lis tO p t) O p tio nally s p ec ify a lis t o f
memc ac hed s erver(s ) to us e fo r c ac hing . If
left und efined , to kens will ins tead b e c ac hed
in-p ro c es s .
7.1.1. Net working plug-ins
OpenStack Networking introduces the concept of a plug-in, which is a back-end
implementation of the OpenStack Networking API. A plug-in can use a variety of
technologies to implement the logical API requests. Some OpenStack Networking plug-ins
might use basic Linux VLANs and IP tables, while others might use more advanced
technologies, such as L2-in-L3 tunneling or OpenFlow. These sections detail the
configuration options for the various plug-ins.
440
CHAPT ER 7 . NET WO RKING
Note
The following plugins have been removed in Kilo:
Ryu plugin. The Ryu team recommends that you migrate to the ML2 plugin with
ofagent mechanism driver. However, note that the functionality is not the same.
There is no upgrade procedure currently available.
Mellanox plugin.
7 .1 .1 .1 . BigSwit ch co nfigurat io n o pt io ns
T ab le 7.2. D escrip t io n o f B ig Swit ch co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[NO VA]
no d e_o verri d e_vi f_80 2. 1q bg =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to 8 0 2.1q b g
no d e_o verri d e_vi f_80 2. 1q bh =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to 8 0 2.1q b h
no d e_o verri d e_vi f_bi nd i ng _fai l
ed =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to b ind ing _failed
no d e_o verri d e_vi f_bri d g e =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to b rid g e
no d e_o verri d e_vi f_d i stri buted =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to d is trib uted
no d e_o verri d e_vi f_d vs =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to d vs
no d e_o verri d e_vi f_ho std ev =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to ho s td ev
no d e_o verri d e_vi f_hw_veb =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to hw_veb
no d e_o verri d e_vi f_hyperv =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to hyp erv
no d e_o verri d e_vi f_i vs =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to ivs
441
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
no d e_o verri d e_vi f_mi d o net =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to mid o net
no d e_o verri d e_vi f_ml nx_d i rect =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to mlnx_d irec t
no d e_o verri d e_vi f_o ther =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to o ther
no d e_o verri d e_vi f_o vs =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to o vs
no d e_o verri d e_vi f_unbo und =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to unb o und
no d e_o verri d e_vi f_vro uter =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to vro uter
vi f_type = ovs
(StrO p t) Virtual interfac e typ e to c o nfig ure o n
No va c o mp ute no d es
vi f_types = unbound, binding_failed, ovs,
(Lis tO p t) Lis t o f allo wed vif_typ e values .
ivs, bridge, 802.1qbg, 802.1qbh, hyperv,
midonet, mlnx_direct, hostdev, hw_veb, dvs,
other, distributed, vrouter
[REST PRO XY]
442
ad d _meta_server_ro ute = True
(Bo o lO p t) Flag to d ec id e if a ro ute to the
metad ata s erver s ho uld b e injec ted into the
VM
auto _sync_o n_fai l ure = True
(Bo o lO p t) If neutro n fails to c reate a
res o urc e b ec aus e the b ac kend c o ntro ller
d o es n' t kno w o f a d ep end enc y, the p lug in
auto matic ally trig g ers a full d ata
s ync hro niz atio n to the c o ntro ller.
cache_co nnecti o ns = True
(Bo o lO p t) Re-us e HTTP/HTTPS c o nnec tio ns
to the c o ntro ller.
co nsi stency_i nterval = 60
(IntO p t) Time b etween verific atio ns that the
b ac kend c o ntro ller d atab as e is c o ns is tent
with Neutro n. (0 to d is ab le)
neutro n_i d = neutron-usagi
(StrO p t) Us er d efined id entifier fo r this
Neutro n d ep lo yment
no _ssl _val i d ati o n = False
(Bo o lO p t) Dis ab les SSL c ertific ate valid atio n
fo r c o ntro llers
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
server_auth = None
(StrO p t) The us ername and p as s wo rd fo r
authentic ating ag ains t the Big Switc h o r
Flo o d lig ht c o ntro ller.
server_ssl = True
(Bo o lO p t) If True, Us e SSL when c o nnec ting
to the Big Switc h o r Flo o d lig ht c o ntro ller.
server_ti meo ut = 10
(IntO p t) Maximum numb er o f s ec o nd s to wait
fo r p ro xy req ues t to c o nnec t and c o mp lete.
servers = localhost:8800
(Lis tO p t) A c o mma s ep arated lis t o f Big
Switc h o r Flo o d lig ht s ervers and p o rt
numb ers . The p lug in p ro xies the req ues ts to
the Big Switc h/Flo o d lig ht s erver, whic h
p erfo rms the netwo rking c o nfig uratio n. O nly
o nes erver is need ed p er d ep lo yment, b ut
yo u may wis h to d ep lo y multip le s ervers to
s up p o rt failo ver.
ssl _cert_d i recto ry =
(StrO p t) Direc to ry c o ntaining c a_c erts and
ho s t_c erts c ertific ate d irec to ries .
/etc/neutron/plugins/bigswitch/ssl
ssl _sti cky = True
(Bo o lO p t) Trus t and s to re the firs t c ertific ate
rec eived fo r eac h c o ntro ller ad d res s and us e
it to valid ate future c o nnec tio ns to that
ad d res s .
sync_d ata = False
(Bo o lO p t) Sync d ata o n c o nnec t
thread _po o l _si ze = 4
(IntO p t) Maximum numb er o f thread s to
s p awn to hand le larg e vo lumes o f p o rt
c reatio ns .
[REST PRO XYAG ENT ]
i nteg rati o n_bri d g e = br-int
(StrO p t) Name o f integ ratio n b rid g e o n
c o mp ute no d es us ed fo r s ec urity g ro up
ins ertio n.
po l l i ng _i nterval = 5
(IntO p t) Sec o nd s b etween ag ent c hec ks fo r
p o rt c hang es
vi rtual _swi tch_type = ovs
(StrO p t) Virtual s witc h typ e.
[RO UT ER]
max_ro uter_rul es = 200
(IntO p t) Maximum numb er o f ro uter rules
443
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
tenant_d efaul t_ro uter_rul e =
(MultiStrO p t) The d efault ro uter rules
ins talled in new tenant ro uters . Rep eat the
c o nfig o p tio n fo r eac h rule. Fo rmat is
< tenant> :< s o urc e> :< d es tinatio n> :< ac tio n>
Us e an * to s p ec ify d efault fo r all tenants .
['*:any:any:permit']
7 .1 .1 .2 . Bro cade co nfigurat io n o pt io ns
T ab le 7.3. D escrip t io n o f B ro cad e co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[PHYSICAL_INT ERFACE]
physi cal _i nterface = eth0
(StrO p t) The netwo rk interfac e to us e when
c reating a p o rt
[SWIT CH]
ad d ress =
(StrO p t) The ad d res s o f the ho s t to SSH to
o stype = NOS
(StrO p t) Currently unus ed
passwo rd =
(StrO p t) The SSH p as s wo rd to us e
username =
(StrO p t) The SSH us ername to us e
7 .1 .1 .3. CISCO co nfigurat io n o pt io ns
T ab le 7.4 . D escrip t io n o f C isco co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[CISCO ]
mo d el _cl ass =
(StrO p t) Mo d el Clas s
neutron.plugins.cisco.models.virt_phy_sw_v2.Virt
ualPhysicalSwitchModelV2
444
nexus_l 3_enabl e = False
(Bo o lO p t) Enab le L3 s up p o rt o n the Nexus
s witc hes
pro vi d er_vl an_auto _create = True
(Bo o lO p t) Pro vid er VLANs are auto matic ally
c reated as need ed o n the Nexus s witc h
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
pro vi d er_vl an_auto _trunk = True
(Bo o lO p t) Pro vid er VLANs are auto matic ally
trunked as need ed o n the p o rts o f the Nexus
s witc h
pro vi d er_vl an_name_prefi x = p-
(StrO p t) VLAN Name p refix fo r p ro vid er vlans
svi _ro und _ro bi n = False
(Bo o lO p t) Dis trib ute SVI interfac es o ver all
s witc hes
vl an_name_prefi x = q-
(StrO p t) VLAN Name p refix
[CISCO _N1 K]
bri d g e_mappi ng s =
(StrO p t) N1K Brid g e Map p ing s
d efaul t_netwo rk_pro fi l e =
(StrO p t) N1K d efault netwo rk p ro file
default_network_profile
d efaul t_po l i cy_pro fi l e =
(StrO p t) N1K d efault p o lic y p ro file
service_profile
enabl e_tunnel i ng = True
(Bo o lO p t) N1K Enab le Tunneling
http_po o l _si ze = 4
(IntO p t) Numb er o f thread s to us e to make
HTTP req ues ts
http_ti meo ut = 15
(IntO p t) N1K http timeo ut d uratio n in
s ec o nd s
i nteg rati o n_bri d g e = br-int
(StrO p t) N1K Integ ratio n Brid g e
netwo rk_no d e_po l i cy_pro fi l e =
(StrO p t) N1K p o lic y p ro file fo r netwo rk no d e
dhcp_pp
netwo rk_vl an_rang es = vlan:1:4095
(StrO p t) N1K Netwo rk VLAN Rang es
po l l _d urati o n = 60
(IntO p t) N1K Po lic y p ro file p o lling d uratio n
in s ec o nd s
restri ct_netwo rk_pro fi l es = True
(Bo o lO p t) Res tric t tenants fro m ac c es s ing
netwo rk p ro files b elo ng ing to s o me o ther
tenant
restri ct_po l i cy_pro fi l es = False
(Bo o lO p t) Res tric t the vis ib ility o f p o lic y
p ro files to the tenants
tenant_netwo rk_type = local
(StrO p t) N1K Tenant Netwo rk Typ e
tunnel _bri d g e = br-tun
(StrO p t) N1K Tunnel Brid g e
445
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
vxl an_i d _rang es = 5000:10000
(StrO p t) N1K VXLAN ID Rang es
[general]
backl o g _pro cessi ng _i nterval = 10
(IntO p t) Time in s ec o nd s b etween renewed
s c hed uling attemp ts o f no n-s c hed uled
ro uters .
cfg _ag ent_d o wn_ti me = 60
(IntO p t) Sec o nd s o f no s tatus up d ate until a
c fg ag ent is c o ns id ered d o wn.
d efaul t_securi ty_g ro up =
(StrO p t) Default s ec urity g ro up ap p lied o n
manag ement p o rt. Default value is
mg mt_s ec _g rp .
mgmt_sec_grp
ensure_no va_runni ng = True
(Bo o lO p t) Ens ure that No va is running
b efo re attemp ting to c reate any VM.
l 3_ad mi n_tenant = L3AdminTenant
(StrO p t) Name o f the L3 ad min tenant.
manag ement_netwo rk = osn_mgmt_nw
(StrO p t) Name o f manag ement netwo rk fo r
d evic e c o nfig uratio n. Default value is
o s n_mg mt_nw
servi ce_vm_co nfi g _path =
(StrO p t) Path to c o nfig d rive files fo r s ervic e
VM ins tanc es .
/opt/stack/data/neutron/cisco/config_drive
templ ates_path =
/opt/stack/data/neutron/cisco/templates
(StrO p t) Path to temp lates fo r ho s ting
d evic es .
[host ing_devices]
csr1kv_bo o ti ng _ti me = 420
(IntO p t) Bo o ting time in s ec o nd s b efo re a
CSR1kv b ec o mes o p eratio nal.
csr1kv_cfg ag ent_ro uter_d ri ver =
(StrO p t) Co nfig ag ent d river fo r CSR1kv.
neutron.plugins.cisco.cfg_agent.device_drivers.c
sr1kv.csr1kv_routing_driver.CSR1kvRoutingDrive
r
csr1kv_co nfi g d ri ve_templ ate =
(StrO p t) CSR1kv c o nfig d rive temp late file.
csr1kv_cfg_template
csr1kv_d evi ce_d ri ver =
(StrO p t) Ho s ting d evic e d river fo r CSR1kv.
neutron.plugins.cisco.l3.hosting_device_drivers.c
sr1kv_hd_driver.CSR1kvHostingDeviceDriver
csr1kv_fl avo r = 621
446
(StrO p t) UUID o f No va flavo r fo r CSR1kv.
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
csr1kv_i mag e = csr1kv_openstack_img
(StrO p t) Name o f G lanc e imag e fo r CSR1kv.
csr1kv_passwo rd = cisco
(StrO p t) Pas s wo rd to us e fo r CSR1kv
c o nfig uratio ns .
csr1kv_pl ug g i ng _d ri ver =
(StrO p t) Plug g ing d river fo r CSR1kv.
neutron.plugins.cisco.l3.plugging_drivers.n1kv_tr
unking_driver.N1kvTrunkingPlugDriver
csr1kv_username = stack
(StrO p t) Us ername to us e fo r CSR1kv
c o nfig uratio ns .
[ml2 _cisco]
svi _ro und _ro bi n = False
(Bo o lO p t) Dis trib ute SVI interfac es o ver all
s witc hes
vl an_name_prefi x = q-
(StrO p t) VLAN Name p refix
[n1 kv]
manag ement_po rt_pro fi l e =
osn_mgmt_pp
(StrO p t) Name o f N1kv p o rt p ro file fo r
manag ement p o rts .
t1_netwo rk_pro fi l e = osn_t1_np
(StrO p t) Name o f N1kv netwo rk p ro file fo r T1
netwo rks (i.e., trunk netwo rks fo r VXLAN
s eg mented traffic ).
t1_po rt_pro fi l e = osn_t1_pp
(StrO p t) Name o f N1kv p o rt p ro file fo r T1
p o rts (i.e., p o rts c arrying traffic fro m VXLAN
s eg mented netwo rks ).
t2_netwo rk_pro fi l e = osn_t2_np
(StrO p t) Name o f N1kv netwo rk p ro file fo r T2
netwo rks (i.e., trunk netwo rks fo r VLAN
s eg mented traffic ).
t2_po rt_pro fi l e = osn_t2_pp
(StrO p t) Name o f N1kv p o rt p ro file fo r T2
p o rts (i.e., p o rts c arrying traffic fro m VLAN
s eg mented netwo rks ).
T ab le 7.5. D escrip t io n o f cf g ag en t co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[cfg_agent ]
447
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
d evi ce_co nnecti o n_ti meo ut = 30
(IntO p t) Time in s ec o nd s fo r c o nnec ting to a
ho s ting d evic e
ho sti ng _d evi ce_d ead _ti meo ut = 300
(IntO p t) The time in s ec o nd s until a
b ac klo g g ed ho s ting d evic e is p res umed
d ead . This value s ho uld b e s et up hig h
eno ug h to rec o ver fro m a p erio d o f
c o nnec tivity lo s s o r hig h lo ad when the
d evic e may no t b e res p o nd ing .
ro uti ng _svc_hel per_cl ass =
(StrO p t) Path o f the ro uting s ervic e help er
c las s .
neutron.plugins.cisco.cfg_agent.service_helpers.
routing_svc_helper.RoutingServiceHelper
rpc_l o o p_i nterval = 10
(IntO p t) Interval when the p ro c es s _s ervic es ()
lo o p exec utes in s ec o nd s . This is when the
c o nfig ag ent lets eac h s ervic e help er to
p ro c es s its neutro n res o urc es .
7 .1 .1 .4 . Clo udBase Hype r-V Age nt co nfigurat io n o pt io ns
T ab le 7.6 . D escrip t io n o f H yp erV ag en t co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[AG ENT ]
448
enabl e_metri cs_co l l ecti o n = False
(Bo o lO p t) Enab les metric s c o llec tio ns fo r
s witc h p o rts b y us ing Hyp er-V' s metric APIs .
Co llec ted d ata c an b y retrieved b y o ther
ap p s and s ervic es , e.g .: Ceilo meter.
Req uires Hyp er-V / Wind o ws Server 20 12 and
ab o ve
l o cal _netwo rk_vswi tch = private
(StrO p t) Private vs witc h name us ed fo r lo c al
netwo rks
metri cs_max_retri es = 100
(IntO p t) Sp ec ifies the maximum numb er o f
retries to enab le Hyp er-V' s p o rt metric s
c o llec tio n. The ag ent will try to enab le the
feature o nc e every p o lling _interval p erio d fo r
at mo s t metric s _max_retries o r until it
s uc c eed es .
physi cal _netwo rk_vswi tch_mappi n
gs =
(Lis tO p t) Lis t o f < p hys ic al_netwo rk> :
< vs witc h> where the p hys ic al netwo rks c an
b e exp res s ed with wild c ard s , e.g .:
." * :external"
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
po l l i ng _i nterval = 2
(IntO p t) The numb er o f s ec o nd s the ag ent
will wait b etween p o lling fo r lo c al d evic e
c hang es .
[HYPERV]
netwo rk_vl an_rang es =
(Lis tO p t) Lis t o f < p hys ic al_netwo rk> :
< vlan_min> :< vlan_max> o r
< p hys ic al_netwo rk>
tenant_netwo rk_type = local
(StrO p t) Netwo rk typ e fo r tenant netwo rks
(lo c al, flat, vlan o r no ne)
[hyperv]
fo rce_hyperv_uti l s_v1 = False
(Bo o lO p t) Fo rc e V1 WMI utility c las s es
7 .1 .1 .5 . Em brane co nfigurat io n o pt io ns
T ab le 7.7. D escrip t io n o f Emb ran e co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[heleos]
ad mi n_username = admin
(StrO p t) ESM ad min us ername.
async_req uests = True
(Bo o lO p t) Define if the req ues ts have run
as ync hro no us ly o r no t
d ummy_uti f_i d = None
(StrO p t) Dummy us er traffic Sec urity Zo ne id
esm_mg mt = None
(StrO p t) ESM manag ement ro o t ad d res s
i nband _i d = None
(StrO p t) In b and Sec urity Zo ne id
mg mt_i d = None
(StrO p t) Manag ement Sec urity Zo ne id
o o b_i d = None
(StrO p t) O ut o f b and Sec urity Zo ne id
reso urce_po o l _i d = default
(StrO p t) Shared res o urc e p o o l id
ro uter_i mag e = None
(StrO p t) Ro uter imag e id (Emb rane FW/VPN)
7 .1 .1 .6 . IBM SDN-VE co nfigurat io n o pt io ns
449
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
T ab le 7.8. D escrip t io n o f SD N - VE co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[SDNVE]
base_url = /one/nb/v2/
(StrO p t) Bas e URL fo r SDN-VE c o ntro ller
REST API.
co ntro l l er_i ps = 127.0.0.1
(Lis tO p t) Lis t o f IP ad d res s es o f SDN-VE
c o ntro ller(s ).
d efaul t_tenant_type = OVERLAY
(StrO p t) Tenant typ e: O VERLAY (d efault) o r
O F.
fo rmat = json
(StrO p t) SDN-VE req ues t/res p o ns e fo rmat.
i nfo = sdnve_info_string
(StrO p t) SDN-VE RPC s ub jec t.
i nteg rati o n_bri d g e = None
(StrO p t) Integ ratio n b rid g e to us e.
i nterface_mappi ng s =
(Lis tO p t) Lis t o f < p hys ic al_netwo rk_name> :
< interfac e_name> map p ing s .
o f_si g nature = SDNVE-OF
(StrO p t) The s tring in tenant d es c rip tio n that
ind ic ates the tenant is a O F tenant.
o ut_o f_band = True
(Bo o lO p t) Ind ic ating if c o ntro ller is o ut o f
b and o r no t.
o verl ay_si g nature = SDNVE-OVERLAY
(StrO p t) The s tring in tenant d es c rip tio n that
ind ic ates the tenant is a O VERLAY tenant.
passwo rd = admin
(StrO p t) SDN-VE ad minis trato r p as s wo rd .
po rt = 8443
(StrO p t) SDN-VE c o ntro ller p o rt numb er.
reset_bri d g e = True
(Bo o lO p t) Whether to res et the integ ratio n
b rid g e b efo re us e.
use_fake_co ntro l l er = False
(Bo o lO p t) Whether to us e a fake c o ntro ller.
useri d = admin
(StrO p t) SDN-VE ad minis trato r us er ID.
[SDNVE_AG ENT ]
4 50
po l l i ng _i nterval = 2
(IntO p t) Ag ent p o lling interval if nec es s ary.
ro o t_hel per = sudo
(StrO p t) Us ing ro o t help er.
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
rpc = True
(Bo o lO p t) Whether to us e rp c .
7 .1 .1 .7 . Linux bridge Age nt co nfigurat io n o pt io ns
T ab le 7.9 . D escrip t io n o f Lin u x B rid g e ag en t co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[LINUX_BRIDG E]
physi cal _i nterface_mappi ng s =
(Lis tO p t) Lis t o f < p hys ic al_netwo rk> :
< p hys ic al_interfac e>
[VLANS]
netwo rk_vl an_rang es =
(Lis tO p t) Lis t o f < p hys ic al_netwo rk> :
< vlan_min> :< vlan_max> o r
< p hys ic al_netwo rk>
tenant_netwo rk_type = local
(StrO p t) Netwo rk typ e fo r tenant netwo rks
(lo c al, vlan, o r no ne)
[VXLAN]
enabl e_vxl an = False
(Bo o lO p t) Enab le VXLAN o n the ag ent. Can
b e enab led when ag ent is manag ed b y ml2
p lug in us ing linuxb rid g e mec hanis m d river
l 2_po pul ati o n = False
(Bo o lO p t) Extens io n to us e alo ng s id e ml2
p lug in' s l2p o p ulatio n mec hanis m d river. It
enab les the p lug in to p o p ulate VXLAN
fo rward ing tab le.
l o cal _i p =
(StrO p t) Lo c al IP ad d res s o f the VXLAN
end p o ints .
to s = None
(IntO p t) TO S fo r vxlan interfac e p ro to c o l
p ac kets .
ttl = None
(IntO p t) TTL fo r vxlan interfac e p ro to c o l
p ac kets .
vxl an_g ro up = 224.0.0.1
(StrO p t) Multic as t g ro up fo r vxlan interfac e.
7 .1 .1 .8 . Me t a Plug-in co nfigurat io n o pt io ns
4 51
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
The Meta Plug-in allows you to use multiple plug-ins at the same time.
T ab le 7.10. D escrip t io n o f met a co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[MET A]
d efaul t_fl avo r =
(StrO p t) Default flavo r to us e, when
flavo r:netwo rk is no t s p ec ified at netwo rk
c reatio n.
d efaul t_l 3_fl avo r =
(StrO p t) Default L3 flavo r to us e, when
flavo r:ro uter is no t s p ec ified at ro uter
c reatio n. Ig no red if ' l3_p lug in_lis t' is b lank.
extensi o n_map =
(StrO p t) Co mma s ep arated lis t o f
metho d :flavo r to s elec t s p ec ific p lug in fo r a
metho d . This has p rio rity o ver metho d
s earc h o rd er b as ed o n ' p lug in_lis t' .
l 3_pl ug i n_l i st =
(StrO p t) Co mma s ep arated lis t o f
flavo r:neutro n_p lug in fo r L3 s ervic e p lug ins
to lo ad . This is intend ed fo r s p ec ifying L2
p lug ins whic h s up p o rt L3 func tio ns . If yo u
us e a ro uter s ervic e p lug in, s et this b lank.
pl ug i n_l i st =
(StrO p t) Co mma s ep arated lis t o f
flavo r:neutro n_p lug in fo r p lug ins to lo ad .
Extens io n metho d is s earc hed in the lis t
o rd er and the firs t o ne is us ed .
rpc_fl avo r =
(StrO p t) Sp ec ifies flavo r fo r p lug in to hand le
' q -p lug in' RPC req ues ts .
suppo rted _extensi o n_al i ases =
(StrO p t) Co mma s ep arated lis t o f s up p o rted
extens io n alias es .
7 .1 .1 .9 . Mo dular Laye r 2 (m l2 ) co nfigurat io n o pt io ns
The Modular Layer 2 (ml2) plug-in has two components: network types and mechanisms.
You can configure these components separately. This section describes these configuration
options.
4 52
CHAPT ER 7 . NET WO RKING
C o n f ig u re MT U f o r VXLAN t u n n ellin g
Specific MTU configuration is necessary for VXLAN to function as expected:
One option is to increase the MTU value of the physical interface and physical
switch fabric by at least 50 bytes. For example, increase the MTU value to 1550.
This value enables an automatic 50-byte MTU difference between the physical
interface (1500) and the VXLAN interface (automatically 1500-50 = 1450). An
MTU value of 1450 causes issues when virtual machine taps are configured at
an MTU value of 1500.
Another option is to decrease the virtual ethernet devices' MTU. Set the
netwo rk_d evi ce_mtu option to 1450 in the neutro n. co nf file, and set all
guest virtual machines' MTU to the same value by using a D HCP option. For
information about how to use this option, see Configure OVS plug-in.
T ab le 7.11. D escrip t io n o f ML2 co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[ml2 ]
extensi o n_d ri vers =
(Lis tO p t) An o rd ered lis t o f extens io n d river
entryp o ints to b e lo ad ed fro m the
neutro n.ml2.extens io n_d rivers names p ac e.
mechani sm_d ri vers =
(Lis tO p t) An o rd ered lis t o f netwo rking
mec hanis m d river entryp o ints to b e lo ad ed
fro m the neutro n.ml2.mec hanis m_d rivers
names p ac e.
tenant_netwo rk_types = local
(Lis tO p t) O rd ered lis t o f netwo rk_typ es to
allo c ate as tenant netwo rks .
type_d ri vers = local, flat, vlan, gre, vxlan
(Lis tO p t) Lis t o f netwo rk typ e d river
entryp o ints to b e lo ad ed fro m the
neutro n.ml2.typ e_d rivers names p ac e.
7.1.1.9 .1. Mo d u lar Layer 2 ( ml2) Flat T yp e co n f ig u rat io n o p t io n s
T ab le 7.12. D escrip t io n o f ML2 Flat mech an ism d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[ml2 _t ype_flat ]
4 53
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
fl at_netwo rks =
(Lis tO p t) Lis t o f p hys ic al_netwo rk names with
whic h flat netwo rks c an b e c reated . Us e * to
allo w flat netwo rks with arb itrary
p hys ic al_netwo rk names .
7.1.1.9 .2. Mo d u lar Layer 2 ( ml2) G R E T yp e co n f ig u rat io n o p t io n s
T ab le 7.13. D escrip t io n o f ML2 G R E co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[ml2 _t ype_gre]
tunnel _i d _rang es =
(Lis tO p t) Co mma-s ep arated lis t o f
< tun_min> :< tun_max> tup les enumerating
rang es o f G RE tunnel IDs that are availab le
fo r tenant netwo rk allo c atio n
7.1.1.9 .3. Mo d u lar Layer 2 ( ml2) VLAN T yp e co n f ig u rat io n o p t io n s
T ab le 7.14 . D escrip t io n o f ML2 VLAN co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[ml2 _t ype_vlan]
netwo rk_vl an_rang es =
(Lis tO p t) Lis t o f < p hys ic al_netwo rk> :
< vlan_min> :< vlan_max> o r
< p hys ic al_netwo rk> s p ec ifying
p hys ic al_netwo rk names us ab le fo r VLAN
p ro vid er and tenant netwo rks , as well as
rang es o f VLAN tag s o n eac h availab le fo r
allo c atio n to tenant netwo rks .
7.1.1.9 .4 . Mo d u lar Layer 2 ( ml2) VXLAN T yp e co n f ig u rat io n o p t io n s
T ab le 7.15. D escrip t io n o f ML2 VXLN co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
[ml2 _t ype_vxlan]
4 54
Descript ion
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
vni _rang es =
(Lis tO p t) Co mma-s ep arated lis t o f
< vni_min> :< vni_max> tup les enumerating
rang es o f VXLAN VNI IDs that are availab le
fo r tenant netwo rk allo c atio n
vxl an_g ro up = None
(StrO p t) Multic as t g ro up fo r VXLAN. If uns et,
d is ab les VXLAN multic as t mo d e.
7.1.1.9 .5. Mo d u lar Layer 2 ( ml2) Arist a Mech an ism co n f ig u rat io n o p t io n s
T ab le 7.16 . D escrip t io n o f ML2 Arist a mech an ism d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[ml2 _arist a]
eapi _ho st =
(StrO p t) Aris ta EO S IP ad d res s . This is
req uired field . If no t s et, all c o mmunic atio ns
to Aris ta EO Swill fail.
eapi _passwo rd =
(StrO p t) Pas s wo rd fo r Aris ta EO S. This is
req uired field . If no t s et, all c o mmunic atio ns
to Aris ta EO S will fail.
eapi _username =
(StrO p t) Us ername fo r Aris ta EO S. This is
req uired field . If no t s et, all c o mmunic atio ns
to Aris ta EO Swill fail.
reg i o n_name = RegionOne
(StrO p t) Defines Reg io n Name that is
as s ig ned to this O p enStac k Co ntro ller. This
is us eful when multip le O p enStac k/Neutro n
c o ntro llers are manag ing the s ame Aris ta HW
c lus ters . No te that this name mus t matc h with
the reg io n name reg is tered (o r kno wn) to
keys to ne s ervic e. Authentic atio n with
Keys o tne is p erfo rmed b y EO S. This is
o p tio nal. If no t s et, a value o f " Reg io nO ne"
is as s umed .
sync_i nterval = 180
(IntO p t) Sync interval in s ec o nd s b etween
Neutro n p lug in and EO S. This interval
d efines ho w o ften the s ync hro niz atio n is
p erfo rmed . This is an o p tio nal field . If no t
s et, a value o f 18 0 s ec o nd s is as s umed .
4 55
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
use_fq d n = True
(Bo o lO p t) Defines if ho s tnames are s ent to
Aris ta EO S as FQ DNs
(" no d e1.d o main.c o m" ) o r as s ho rt names
(" no d e1" ). This is o p tio nal. If no t s et, a value
o f " True" is as s umed .
T ab le 7.17. D escrip t io n o f Arist a layer- 3 service p lu g - in co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[l3_arist a]
4 56
l 3_sync_i nterval = 180
(IntO p t) Sync interval in s ec o nd s b etween L3
Servic e p lug in and EO S. This interval d efines
ho w o ften the s ync hro niz atio n is p erfo rmed .
This is an o p tio nal field . If no t s et, a value o f
18 0 s ec o nd s is as s umed
ml ag _co nfi g = False
(Bo o lO p t) This flag is us ed ind ic ate if Aris ta
Switc hes are c o nfig ured in MLAG mo d e. If
yes , all L3 c o nfig is p us hed to b o th the
s witc hes auto matic ally. If this flag is s et to
True, ens ure to s p ec ify IP ad d res s es o f b o th
s witc hes . This is o p tio nal. If no t s et, a value
o f " Fals e" is as s umed .
pri mary_l 3_ho st =
(StrO p t) Aris ta EO S IP ad d res s . This is
req uired field . If no t s et, all c o mmunic atio ns
to Aris ta EO S will fail
pri mary_l 3_ho st_passwo rd =
(StrO p t) Pas s wo rd fo r Aris ta EO S. This is
req uired field . If no t s et, all c o mmunic atio ns
to Aris ta EO S will fail
pri mary_l 3_ho st_username =
(StrO p t) Us ername fo r Aris ta EO S. This is
req uired field . If no t s et, all c o mmunic atio ns
to Aris ta EO S will fail
seco nd ary_l 3_ho st =
(StrO p t) Aris ta EO S IP ad d res s fo r s ec o nd
Switc h MLAG ed with the firs t o ne. This an
o p tio nal field , ho wever, if mlag _c o nfig flag is
s et, then this is req uired . If no t s et, all
c o mmunic atio ns to Aris ta EO S will fail
use_vrf = False
(Bo o lO p t) A " True" value fo r this flag
ind ic ates to c reate a ro uter in VRF. If no t s et,
all ro uters are c reated in d efault VRF.This is
o p tio nal. If no t s et, a value o f " Fals e" is
as s umed .
CHAPT ER 7 . NET WO RKING
7.1.1.9 .6 . Mo d u lar Layer 2 ( ml2) B ig Swit ch Mech an ism co n f ig u rat io n o p t io n s
T ab le 7.18. D escrip t io n o f ML2 B ig Swit ch mech an ism d river co n f ig u rat io n
o p t io n s
Configurat ion opt ion = Default value
Descript ion
[NO VA]
no d e_o verri d e_vi f_80 2. 1q bg =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to 8 0 2.1q b g
no d e_o verri d e_vi f_80 2. 1q bh =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to 8 0 2.1q b h
no d e_o verri d e_vi f_bi nd i ng _fai l
ed =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to b ind ing _failed
no d e_o verri d e_vi f_bri d g e =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to b rid g e
no d e_o verri d e_vi f_d i stri buted =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to d is trib uted
no d e_o verri d e_vi f_d vs =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to d vs
no d e_o verri d e_vi f_ho std ev =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to ho s td ev
no d e_o verri d e_vi f_hw_veb =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to hw_veb
no d e_o verri d e_vi f_hyperv =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to hyp erv
no d e_o verri d e_vi f_i vs =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to ivs
no d e_o verri d e_vi f_mi d o net =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to mid o net
no d e_o verri d e_vi f_ml nx_d i rect =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to mlnx_d irec t
no d e_o verri d e_vi f_o ther =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to o ther
no d e_o verri d e_vi f_o vs =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to o vs
4 57
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
no d e_o verri d e_vi f_unbo und =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to unb o und
no d e_o verri d e_vi f_vro uter =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to vro uter
vi f_type = ovs
(StrO p t) Virtual interfac e typ e to c o nfig ure o n
No va c o mp ute no d es
vi f_types = unbound, binding_failed, ovs,
(Lis tO p t) Lis t o f allo wed vif_typ e values .
ivs, bridge, 802.1qbg, 802.1qbh, hyperv,
midonet, mlnx_direct, hostdev, hw_veb, dvs,
other, distributed, vrouter
[REST PRO XY]
4 58
ad d _meta_server_ro ute = True
(Bo o lO p t) Flag to d ec id e if a ro ute to the
metad ata s erver s ho uld b e injec ted into the
VM
auto _sync_o n_fai l ure = True
(Bo o lO p t) If neutro n fails to c reate a
res o urc e b ec aus e the b ac kend c o ntro ller
d o es n' t kno w o f a d ep end enc y, the p lug in
auto matic ally trig g ers a full d ata
s ync hro niz atio n to the c o ntro ller.
cache_co nnecti o ns = True
(Bo o lO p t) Re-us e HTTP/HTTPS c o nnec tio ns
to the c o ntro ller.
co nsi stency_i nterval = 60
(IntO p t) Time b etween verific atio ns that the
b ac kend c o ntro ller d atab as e is c o ns is tent
with Neutro n. (0 to d is ab le)
neutro n_i d = neutron-usagi
(StrO p t) Us er d efined id entifier fo r this
Neutro n d ep lo yment
no _ssl _val i d ati o n = False
(Bo o lO p t) Dis ab les SSL c ertific ate valid atio n
fo r c o ntro llers
server_auth = None
(StrO p t) The us ername and p as s wo rd fo r
authentic ating ag ains t the Big Switc h o r
Flo o d lig ht c o ntro ller.
server_ssl = True
(Bo o lO p t) If True, Us e SSL when c o nnec ting
to the Big Switc h o r Flo o d lig ht c o ntro ller.
server_ti meo ut = 10
(IntO p t) Maximum numb er o f s ec o nd s to wait
fo r p ro xy req ues t to c o nnec t and c o mp lete.
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
servers = localhost:8800
(Lis tO p t) A c o mma s ep arated lis t o f Big
Switc h o r Flo o d lig ht s ervers and p o rt
numb ers . The p lug in p ro xies the req ues ts to
the Big Switc h/Flo o d lig ht s erver, whic h
p erfo rms the netwo rking c o nfig uratio n. O nly
o nes erver is need ed p er d ep lo yment, b ut
yo u may wis h to d ep lo y multip le s ervers to
s up p o rt failo ver.
ssl _cert_d i recto ry =
(StrO p t) Direc to ry c o ntaining c a_c erts and
ho s t_c erts c ertific ate d irec to ries .
/etc/neutron/plugins/bigswitch/ssl
ssl _sti cky = True
(Bo o lO p t) Trus t and s to re the firs t c ertific ate
rec eived fo r eac h c o ntro ller ad d res s and us e
it to valid ate future c o nnec tio ns to that
ad d res s .
sync_d ata = False
(Bo o lO p t) Sync d ata o n c o nnec t
thread _po o l _si ze = 4
(IntO p t) Maximum numb er o f thread s to
s p awn to hand le larg e vo lumes o f p o rt
c reatio ns .
[REST PRO XYAG ENT ]
i nteg rati o n_bri d g e = br-int
(StrO p t) Name o f integ ratio n b rid g e o n
c o mp ute no d es us ed fo r s ec urity g ro up
ins ertio n.
po l l i ng _i nterval = 5
(IntO p t) Sec o nd s b etween ag ent c hec ks fo r
p o rt c hang es
vi rtual _swi tch_type = ovs
(StrO p t) Virtual s witc h typ e.
[RO UT ER]
max_ro uter_rul es = 200
(IntO p t) Maximum numb er o f ro uter rules
tenant_d efaul t_ro uter_rul e =
(MultiStrO p t) The d efault ro uter rules
ins talled in new tenant ro uters . Rep eat the
c o nfig o p tio n fo r eac h rule. Fo rmat is
< tenant> :< s o urc e> :< d es tinatio n> :< ac tio n>
Us e an * to s p ec ify d efault fo r all tenants .
['*:any:any:permit']
7.1.1.9 .7. Mo d u lar Layer 2 ( ml2) B ro cad e Mech an ism co n f ig u rat io n o p t io n s
T ab le 7.19 . D escrip t io n o f ML2 B ro cad e mech an ism d river co n f ig u rat io n o p t io n s
4 59
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[ml2 _brocade]
ad d ress =
(StrO p t) The ad d res s o f the ho s t to SSH to
o stype = NOS
(StrO p t) O S Typ e o f the s witc h
o sversi o n = 4.0.0
(StrO p t) O S Vers io n numb er
passwo rd = password
(StrO p t) The SSH p as s wo rd to us e
physi cal _netwo rks =
(StrO p t) Allo wed p hys ic al netwo rks
rbri d g e_i d = 1
(StrO p t) Rb rid g e id o f p ro vid er ed g e
ro uter(s )
username = admin
(StrO p t) The SSH us ername to us e
7.1.1.9 .8. Mo d u lar Layer 2 ( ml2) C isco Mech an ism co n f ig u rat io n o p t io n s
T ab le 7.20. D escrip t io n o f ML2 C isco mech an ism d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
api c_system_i d = openstack
(StrO p t) Prefix fo r APIC
d o main/names /p ro files c reated
[ml2 _cisco]
manag ed _physi cal _netwo rk = None
(StrO p t) The p hys ic al netwo rk manag ed b y
the s witc hes .
[ml2 _cisco_apic]
api c_ag ent_po l l _i nterval = 2
(Flo atO p t) Interval b etween ag ent p o ll fo r
to p o lo g y (in s ec )
api c_ag ent_repo rt_i nterval = 30
(Flo atO p t) Interval b etween ag ent s tatus
up d ates (in s ec )
api c_app_pro fi l e_name =
(StrO p t) Name fo r the ap p p ro file us ed fo r
O p ens tac k
${apic_system_id}_app
api c_d o mai n_name = ${apic_system_id}
4 60
(StrO p t) Name fo r the d o main c reated o n
APIC
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
api c_enti ty_pro fi l e =
(StrO p t) Name o f the entity p ro file to b e
c reated
${apic_system_id}_entity_profile
api c_functi o n_pro fi l e =
${apic_system_id}_function_profile
(StrO p t) Name o f the func tio n p ro file to b e
c reated
api c_ho st_upl i nk_po rts =
(Lis tO p t) The up link p o rts to c hec k fo r ACI
c o nnec tivity
api c_ho sts =
(Lis tO p t) An o rd ered lis t o f ho s t names o r IP
ad d res s es o f the APIC c o ntro ller(s ).
api c_l acp_pro fi l e =
(StrO p t) Name o f the LACP p ro file to b e
c reated
${apic_system_id}_lacp_profile
api c_name_mappi ng = use_name
(StrO p t) Name map p ing s trateg y to us e:
us e_uuid | us e_name
api c_no d e_pro fi l e =
${apic_system_id}_node_profile
(StrO p t) Name o f the no d e p ro file to b e
c reated
api c_passwo rd = None
(StrO p t) Pas s wo rd fo r the APIC c o ntro ller
api c_sync_i nterval = 0
(IntO p t) Sync hro niz atio n interval in s ec o nd s
api c_use_ssl = True
(Bo o lO p t) Us e SSL to c o nnec t to the APIC
c o ntro ller
api c_username = None
(StrO p t) Us ername fo r the APIC c o ntro ller
api c_vl an_ns_name =
(StrO p t) Name fo r the vlan names p ac e to b e
us ed fo r O p ens tac k
${apic_system_id}_vlan_ns
api c_vl an_rang e = 2:4093
(StrO p t) Rang e o f VLAN' s to b e us ed fo r
O p ens tac k
api c_vpc_pai rs =
(Lis tO p t) The s witc h p airs fo r VPC
c o nnec tivity
ro o t_hel per = sudo /usr/local/bin/neutron-
(StrO p t) Setup ro o t help er as ro o twrap o r
s ud o
rootwrap /etc/neutron/rootwrap.conf
7.1.1.9 .9 . Mo d u lar Layer 2 ( ml2) Freescale SD N Mech an ism co n f ig u rat io n
o p t io n s
T ab le 7.21. D escrip t io n o f ML2 Freescale SD N mech an ism d river co n f ig u rat io n
o p t io n s
4 61
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[ml2 _fslsdn]
crd _api _i nsecure = False
(Bo o lO p t) If s et, ig no re any SSL valid atio n
is s ues .
crd _auth_strateg y = keystone
(StrO p t) Auth s trateg y fo r c o nnec ting to
neutro n in ad min c o ntext.
crd _auth_url = http://127.0.0.1:5000/v2.0/
(StrO p t) CRD Auth URL.
crd _ca_certi fi cates_fi l e = None
(StrO p t) Lo c atio n o f c a c ertific ates file to us e
fo r CRD c lient req ues ts .
crd _passwo rd = password
(StrO p t) CRD Servic e Pas s wo rd .
crd _reg i o n_name = RegionOne
(StrO p t) Reg io n name fo r c o nnec ting to CRD
Servic e in ad min c o ntext.
crd _tenant_name = service
(StrO p t) CRD Tenant Name.
crd _url = http://127.0.0.1:9797
(StrO p t) URL fo r c o nnec ting to CRD s ervic e.
crd _url _ti meo ut = 30
(IntO p t) Timeo ut value fo r c o nnec ting to
CRD s ervic e in s ec o nd s .
crd _user_name = crd
(StrO p t) CRD s ervic e Us ername.
7.1.1.9 .10. Mo d u lar Layer 2 ( ml2) O p en D aylig h t Mech an ism co n f ig u rat io n
o p t io n s
T ab le 7.22. D escrip t io n o f ML2 O p en D aylig h t mech an ism d river co n f ig u rat io n
o p t io n s
Configurat ion opt ion = Default value
Descript ion
[ml2 _odl]
4 62
passwo rd = None
(StrO p t) HTTP p as s wo rd fo r authentic atio n
sessi o n_ti meo ut = 30
(IntO p t) To mc at s es s io n timeo ut in minutes .
ti meo ut = 10
(IntO p t) HTTP timeo ut in s ec o nd s .
url = None
(StrO p t) HTTP URL o f O p enDaylig ht REST
interfac e.
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
username = None
(StrO p t) HTTP us ername fo r authentic atio n
7.1.1.9 .11. Mo d u lar Layer 2 ( ml2) O p en Flo w Ag en t ( o f ag en t ) Mech an ism
co n f ig u rat io n o p t io n s
T ab le 7.23. D escrip t io n o f ML2 o f ag en t mech an ism d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
o fp_l i sten_ho st =
(StrO p t) o p enflo w lis ten ho s t
o fp_ssl _l i sten_po rt = 6633
(IntO p t) o p enflo w s s l lis ten p o rt
o fp_tcp_l i sten_po rt = 6633
(IntO p t) o p enflo w tc p lis ten p o rt
[AG ENT ]
d o nt_frag ment = True
(Bo o lO p t) Set o r un-s et the d o n' t frag ment
(DF) b it o n o utg o ing IP p ac ket c arrying
G RE/VXLAN tunnel.
g et_d atapath_retry_ti mes = 60
(IntO p t) Numb er o f s ec o nd s to retry
ac q uiring an O p en vSwitc h d atap ath
physi cal _i nterface_mappi ng s =
(Lis tO p t) Lis t o f < p hys ic al_netwo rk> :
< p hys ic al_interfac e>
7.1.1.9 .12. Mo d u lar Layer 2 ( ml2) L2 Po p u lat io n Mech an ism co n f ig u rat io n
o p t io n s
T ab le 7.24 . D escrip t io n o f ML2 L2 p o p u lat io n co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[l2 pop]
ag ent_bo o t_ti me = 180
(IntO p t) Delay within whic h ag ent is exp ec ted
to up d ate exis ting p o rts whent it res tarts
7.1.1.9 .13. Mo d u lar Layer 2 ( ml2) T ail- f N C S Mech an ism co n f ig u rat io n o p t io n s
T ab le 7.25. D escrip t io n o f ML2 N C S mech an ism d river co n f ig u rat io n o p t io n s
4 63
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[ml2 _ncs]
passwo rd = None
(StrO p t) HTTP p as s wo rd fo r authentic atio n
ti meo ut = 10
(IntO p t) HTTP timeo ut in s ec o nd s .
url = None
(StrO p t) HTTP URL o f Tail-f NCS REST
interfac e.
username = None
(StrO p t) HTTP us ername fo r authentic atio n
7.1.1.9 .14 . Mo d u lar Layer 2 ( ml2) SR - IO V Mech an ism co n f ig u rat io n o p t io n s
T ab le 7.26 . D escrip t io n o f ML2 ML2 SR - IO V d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[ml2 _sriov]
ag ent_req ui red = False
(Bo o lO p t) SRIO V neutro n ag ent is req uired
fo r p o rt b ind ing
suppo rted _pci _vend o r_d evs =
(Lis tO p t) Sup p o rted PCI vend o r d evic es ,
d efined b y vend o r_id :p ro d uc t_id ac c o rd ing
to the PCI ID Rep o s ito ry. Default enab les
s up p o rt fo r Intel and Mellano x SR-IO V
c ap ab le NICs
15b3:1004, 8086:10ca
7 .1 .1 .1 0 . Mido Ne t co nfigurat io n o pt io ns
T ab le 7.27. D escrip t io n o f Mid o n et co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[MIDO NET ]
mi d o net_ho st_uui d _path =
(StrO p t) Path to mid o net ho s t uuid file
/etc/midolman/host_uuid.properties
mi d o net_uri =
http://localhost:8080/midonet-api
4 64
(StrO p t) Mid o Net API s erver URI.
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
mo d e = dev
(StrO p t) O p eratio nal mo d e. Internal d ev us e
o nly.
passwo rd = passw0rd
(StrO p t) Mid o Net ad min p as s wo rd .
pro ject_i d = 77777777-7777-7777-7777777777777777
(StrO p t) ID o f the p ro jec t that Mid o Net ad min
us erb elo ng s to .
pro vi d er_ro uter_i d = None
(StrO p t) Virtual p ro vid er ro uter ID.
username = admin
(StrO p t) Mid o Net ad min us ername.
7 .1 .1 .1 1 . NEC co nfigurat io n o pt io ns
T ab le 7.28. D escrip t io n o f N ec co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[O FC]
api _max_attempts = 3
(IntO p t) Maximum attemp ts p er O FC API
req ues t. NEC p lug in retries API req ues t to
O FC when O FC returns Servic eUnavailab le
(50 3). The value mus t b e g reater than 0 .
cert_fi l e = None
(StrO p t) Lo c atio n o f c ertific ate file.
d ri ver = trema
(StrO p t) Driver to us e.
enabl e_packet_fi l ter = True
(Bo o lO p t) Enab le p ac ket filter.
ho st = 127.0.0.1
(StrO p t) Ho s t to c o nnec t to .
i nsecure_ssl = False
(Bo o lO p t) Dis ab le SSL c ertific ate
verific atio n.
key_fi l e = None
(StrO p t) Lo c atio n o f key file.
path_prefi x =
(StrO p t) Bas e URL o f O FC REST API. It is
p rep end ed to eac h API req ues t.
po rt = 8888
(StrO p t) Po rt to c o nnec t to .
suppo rt_packet_fi l ter_o n_o fc_ro u
ter = True
(Bo o lO p t) Sup p o rt p ac ket filter o n O FC
ro uter interfac e.
4 65
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
use_ssl = False
(Bo o lO p t) Us e SSL to c o nnec t.
[PRO VIDER]
d efaul t_ro uter_pro vi d er = l3-agent
(StrO p t) Default ro uter p ro vid er to us e.
ro uter_pro vi d ers = l3-agent, openflow
(Lis tO p t) Lis t o f enab led ro uter p ro vid ers .
[fwaas]
d ri ver =
(StrO p t) Name o f the FWaaS Driver
7 .1 .1 .1 2 . Nuage co nfigurat io n o pt io ns
T ab le 7.29 . D escrip t io n o f N u ag e co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[REST PRO XY]
auth_reso urce =
(StrO p t) Nuag e p ro vid ed uri fo r initial
autho riz atio n to ac c es s VSD
base_uri = /
(StrO p t) Nuag e p ro vid ed b as e uri to reac h
o ut to VSD
d efaul t_fl o ati ng i p_q uo ta = 254
(IntO p t) Per Net Partitio n q uo ta o f flo ating
ip s
d efaul t_net_parti ti o n_name =
(StrO p t) Default Netwo rk p artitio n in whic h
VSD will o rc hes trate netwo rk res o urc es us ing
o p ens tac k
OpenStackDefaultNetPartition
o rg ani zati o n = system
(StrO p t) O rg aniz atio n name in whic h VSD will
o rc hes trate netwo rk res o urc es us ing
o p ens tac k
server = localhost:8800
(StrO p t) IP Ad d res s and Po rt o f Nuag e' s
VSD s erver
serverauth = username:password
(StrO p t) Us ername and p as s wo rd fo r
authentic atio n
serverssl = False
(Bo o lO p t) Bo o lean fo r SSL c o nnec tio n with
VSD s erver
[SYNCMANAG ER]
4 66
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
enabl e_sync = False
(Bo o lO p t) Nuag e p lug in will s ync res o urc es
b etween o p ens tac k and VSD
sync_i nterval = 0
(IntO p t) Sync interval in s ec o nd s b etween
o p ens tac k and VSD. It d efines ho w o ften the
s ync hro niz atio n is d o ne. If no t s et, value o f 0
is as s umed and s ync will b e p erfo rmed o nly
o nc e, at the Neutro n s tartup time.
7 .1 .1 .1 3. One Co nve rge nce NVSD co nfigurat io n o pt io ns
T ab le 7.30. D escrip t io n o f N VSD d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[AG ENT ]
i nteg rati o n_bri d g e = br-int
(StrO p t) integ ratio n b rid g e
[nvsd]
nvsd _i p = 127.0.0.1
(StrO p t) NVSD Co ntro ller IP ad d res s
nvsd _passwd = oc123
(StrO p t) NVSD Co ntro ller p as s wo rd
nvsd _po rt = 8082
(IntO p t) NVSD Co ntro ller Po rt numb er
nvsd _retri es = 0
(IntO p t) Numb er o f lo g in retries to NVSD
c o ntro ller
nvsd _user = ocplugin
(StrO p t) NVSD Co ntro ller us ername
req uest_ti meo ut = 30
(IntO p t) NVSD c o ntro ller REST API req ues t
timeo ut in s ec o nd s
7 .1 .1 .1 4 . Ope nCo nt rail co nfigurat io n o pt io ns
T ab le 7.31. D escrip t io n o f O p en C o n t rail co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[CO NT RAIL]
4 67
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
api _server_i p = 127.0.0.1
(StrO p t) IP ad d res s to c o nnec t to
o p enc o ntrail c o ntro ller
api _server_po rt = 8082
(IntO p t) Po rt to c o nnec t to o p enc o ntrail
c o ntro ller
7 .1 .1 .1 5 . Ope n vSwit ch Age nt co nfigurat io n o pt io ns
T ab le 7.32. D escrip t io n o f O p en vSwit ch ag en t co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
o vs_i nteg rati o n_bri d g e = br-int
(StrO p t) Name o f O p en vSwitc h b rid g e to
us e
o vs_use_veth = False
(Bo o lO p t) Us es veth fo r an interfac e o r no t
o vs_vsctl _ti meo ut = 10
(IntO p t) Timeo ut in s ec o nd s fo r o vs -vs c tl
c o mmand s
[AG ENT ]
4 68
arp_respo nd er = False
(Bo o lO p t) Enab le lo c al ARP res p o nd er if it
is s up p o rted . Req uires O VS 2.1 and ML2
l2p o p ulatio n d river. Allo ws the s witc h (when
s up p o rting an o verlay) to res p o nd to an ARP
req ues t lo c ally witho ut p erfo rming a c o s tly
ARP b ro ad c as t into the o verlay.
d o nt_frag ment = True
(Bo o lO p t) Set o r un-s et the d o n' t frag ment
(DF) b it o n o utg o ing IP p ac ket c arrying
G RE/VXLAN tunnel.
enabl e_d i stri buted _ro uti ng = False
(Bo o lO p t) Make the l2 ag ent run in DVR
mo d e.
l 2_po pul ati o n = False
(Bo o lO p t) Us e ML2 l2p o p ulatio n mec hanis m
d river to learn remo te MAC and IPs and
imp ro ve tunnel s c alab ility.
mi ni mi ze_po l l i ng = True
(Bo o lO p t) Minimiz e p o lling b y mo nito ring
o vs d b fo r interfac e c hang es .
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
o vsd b_mo ni to r_respawn_i nterval =
(IntO p t) The numb er o f s ec o nd s to wait
b efo re res p awning the o vs d b mo nito r after
lo s ing c o mmunic atio n with it.
30
tunnel _types =
(Lis tO p t) Netwo rk typ es s up p o rted b y the
ag ent (g re and /o r vxlan).
veth_mtu = None
(IntO p t) MTU s iz e o f veth interfac es
vxl an_ud p_po rt = 4789
(IntO p t) The UDP p o rt to us e fo r VXLAN
tunnels .
[CISCO _N1 K]
l o cal _i p = 10.0.0.3
(StrO p t) N1K Lo c al IP
[O VS]
bri d g e_mappi ng s =
(Lis tO p t) Lis t o f < p hys ic al_netwo rk> :
< b rid g e> . Dep rec ated fo r o fag ent.
i nt_peer_patch_po rt = patch-tun
(StrO p t) Peer p atc h p o rt in integ ratio n
b rid g e fo r tunnel b rid g e.
i nteg rati o n_bri d g e = br-int
(StrO p t) Integ ratio n b rid g e to us e.
l o cal _i p = None
(IPO p t) Lo c al IP ad d res s o f tunnel end p o int.
tun_peer_patch_po rt = patch-int
(StrO p t) Peer p atc h p o rt in tunnel b rid g e fo r
integ ratio n b rid g e.
tunnel _bri d g e = br-tun
(StrO p t) Tunnel b rid g e to us e.
use_veth_i nterco nnecti o n = False
(Bo o lO p t) Us e veths ins tead o f p atc h p o rts
to interc o nnec t the integ ratio n b rid g e to
p hys ic al b rid g es .
7 .1 .1 .1 6 . PLUMgrid co nfigurat io n o pt io ns
T ab le 7.33. D escrip t io n o f PLU Mg rid co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[plumgriddirect or]
d i recto r_server = localhost
(StrO p t) PLUMg rid Direc to r s erver to
c o nnec t to
4 69
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
d i recto r_server_po rt = 8080
(StrO p t) PLUMg rid Direc to r s erver p o rt to
c o nnec t to
d ri ver =
(StrO p t) PLUMg rid Driver
neutron.plugins.plumgrid.drivers.plumlib.Plumlib
passwo rd = password
(StrO p t) PLUMg rid Direc to r ad min p as s wo rd
serverti meo ut = 5
(IntO p t) PLUMg rid Direc to r s erver timeo ut
username = username
(StrO p t) PLUMg rid Direc to r ad min us ername
7 .1 .1 .1 7 . SR-IOV co nfigurat io n o pt io ns
T ab le 7.34 . D escrip t io n o f SR - IO V co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[SRIO V_NIC]
excl ud e_d evi ces =
(Lis tO p t) Lis t o f < netwo rk_d evic e> :
< exc lud ed _d evic es > map p ing
netwo rk_d evic e to the ag ent' s no d e-s p ec ific
lis t o f virtual func tio ns that s ho uld no t b e
us ed fo r virtual netwo rking .
exc lud ed _d evic es is a s emic o lo n s ep arated
lis t o f virtual func tio ns (BDF fo rmat).to
exc lud e fro m netwo rk_d evic e. The
netwo rk_d evic e in the map p ing s ho uld
ap p ear in the p hys ic al_d evic e_map p ing s
lis t.
physi cal _d evi ce_mappi ng s =
(Lis tO p t) Lis t o f < p hys ic al_netwo rk> :
< netwo rk_d evic e> map p ing p hys ic al netwo rk
names to the ag ent' s no d e-s p ec ific p hys ic al
netwo rk d evic e o f SR-IO V p hys ic al func tio n
to b e us ed fo r VLAN netwo rks . All p hys ic al
netwo rks lis ted in netwo rk_vlan_rang es o n
the s erver s ho uld have map p ing s to
ap p ro p riate interfac es o n eac h ag ent
7 .1 .1 .1 8 . VMware NSX co nfigurat io n o pt io ns
T ab le 7.35. D escrip t io n o f VMware co n f ig u rat io n o p t io n s
4 70
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d efaul t_i nterface_name = breth0
(StrO p t) Name o f the interfac e o n a L2
G ateway trans p o rt no d ewhic h s ho uld b e
us ed b y d efault when s etting up a netwo rk
c o nnec tio n
d efaul t_l 2_g w_servi ce_uui d = None
(StrO p t) Uniq ue id entifier o f the NSX L2
G ateway s ervic e whic h will b e us ed b y d efault
fo r netwo rk g ateways
d efaul t_l 3_g w_servi ce_uui d = None
(StrO p t) Uniq ue id entifier o f the NSX L3
G ateway s ervic e whic h will b e us ed fo r
imp lementing ro uters and flo ating IPs
d efaul t_servi ce_cl uster_uui d =
(StrO p t) Uniq ue id entifier o f the Servic e
Clus ter whic h will b e us ed b y lo g ic al
s ervic es like d hc p and metad ata
None
d efaul t_tz_uui d = None
(StrO p t) This is uuid o f the d efault NSX
Trans p o rt z o ne that will b e us ed fo r c reating
tunneled is o lated " Neutro n" netwo rks . It
need s to b e c reated in NSX b efo re s tarting
Neutro n with the ns x p lug in.
http_ti meo ut = 75
(IntO p t) Time b efo re ab o rting a req ues t
nsx_co ntro l l ers = None
(Lis tO p t) Lis ts the NSX c o ntro llers in this
c lus ter
nsx_passwo rd = admin
(StrO p t) Pas s wo rd fo r NSX c o ntro llers in this
c lus ter
nsx_user = admin
(StrO p t) Us er name fo r NSX c o ntro llers in
this c lus ter
red i rects = 2
(IntO p t) Numb er o f times a red irec t s ho uld
b e fo llo wed
retri es = 2
(IntO p t) Numb er o f time a req ues t s ho uld b e
retried
[ESWIT CH]
retri es = 3
(IntO p t) The numb er o f retries the ag ent will
s end req ues t to d aemo n b efo re g iving up
[NSX]
4 71
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
ag ent_mo d e = agent
(StrO p t) The mo d e us ed to imp lement
DHCP/metad ata s ervic es .
co ncurrent_co nnecti o ns = 10
(IntO p t) Maximum c o nc urrent c o nnec tio ns to
eac h NSX c o ntro ller.
d efaul t_transpo rt_type = stt
(StrO p t) The d efault netwo rk tranp o rt typ e to
us e (s tt, g re, b rid g e, ip s ec _g re, o r ip s ec _s tt)
max_l p_per_bri d g ed _l s = 5000
(IntO p t) Maximum numb er o f p o rts o f a
lo g ic al s witc h o n a b rid g ed trans p o rt z o ne
(d efault 50 0 0 )
max_l p_per_o verl ay_l s = 256
(IntO p t) Maximum numb er o f p o rts o f a
lo g ic al s witc h o n an o verlay trans p o rt z o ne
(d efault 256 )
metad ata_mo d e = access_network
(StrO p t) If s et to ac c es s _netwo rk this
enab les a d ed ic ated c o nnec tio n to the
metad ata p ro xy fo r metad ata s erver ac c es s
via Neutro n ro uter. If s et to d hc p _ho s t_ro ute
this enab les ho s t ro ute injec tio n via the d hc p
ag ent. This o p tio n is o nly us eful if running o n
a ho s t that d o es no t s up p o rt names p ac es
o therwis e ac c es s _netwo rk s ho uld b e us ed .
nsx_g en_ti meo ut = -1
(IntO p t) Numb er o f s ec o nd s a g eneratio n id
s ho uld b e valid fo r (d efault -1 meaning d o
no t time o ut)
repl i cati o n_mo d e = service
(StrO p t) The d efault o p tio n leverag es s ervic e
no d es to p erfo rm p ac ket rep lic atio n tho ug h
o ne c o uld s et to this to ' s o urc e' to p erfo rm
rep lic atio n lo c ally. This is us eful if o ne d o es
no t want to d ep lo y a s ervic e no d e(s ). It mus t
b e s et to ' s ervic e' fo r leverag ing d is trib uted
ro uters .
[NSX_DHCP]
d efaul t_l ease_ti me = 43200
(IntO p t) Default DHCP leas e time
d o mai n_name = openstacklocal
(StrO p t) Do main to us e fo r b uild ing the
ho s tnames
extra_d o mai n_name_servers =
(Lis tO p t) Co mma s ep arated lis t o f ad d itio nal
d o main name s ervers
[NSX_LSN]
4 72
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
sync_o n_mi ssi ng _d ata = False
(Bo o lO p t) Pull LSN info rmatio n fro m NSX in
c as e it is mis s ing fro m the lo c al d ata s to re.
This is us eful to reb uild the lo c al s to re in
c as e o f s erver rec o very.
[NSX_MET ADAT A]
metad ata_server_ad d ress = 127.0.0.1
(StrO p t) IP ad d res s us ed b y Metad ata
s erver.
metad ata_server_po rt = 8775
(IntO p t) TCP Po rt us ed b y Metad ata s erver.
metad ata_shared _secret =
(StrO p t) Shared s ec ret to s ig n ins tanc e-id
req ues t
[NSX_SYNC]
al ways_read _status = False
(Bo o lO p t) Always read o p eratio nal s tatus
fro m b ac kend o n s ho w o p eratio ns . Enab ling
this o p tio n mig ht s lo w d o wn the s ys tem.
max_rand o m_sync_d el ay = 0
(IntO p t) Maximum value fo r the ad d itio nal
rand o m d elay in s ec o nd s b etween runs o f
the s tate s ync hro niz atio n tas k
mi n_chunk_si ze = 500
(IntO p t) Minimum numb er o f res o urc es to b e
retrieved fro m NSX d uring s tate
s ync hro niz atio n
mi n_sync_req _d el ay = 1
(IntO p t) Minimum d elay, in s ec o nd s , b etween
two s tate s ync hro niz atio n q ueries to NSX. It
mus t no t exc eed s tate_s ync _interval
state_sync_i nterval = 10
(IntO p t) Interval in s ec o nd s b etween runs o f
the s tate s ync hro niz atio n tas k. Set it to 0 to
d is ab le it
[vcns]
d atacenter_mo i d = None
(StrO p t) O p tio nal p arameter id entifying the
ID o f d atac enter to d ep lo y NSX Ed g es
d atasto re_i d = None
(StrO p t) O p tio nal p arameter id entifying the
ID o f d atas to re to d ep lo y NSX Ed g es
d epl o yment_co ntai ner_i d = None
(StrO p t) O p tio nal p arameter id entifying the
ID o f d atas to re to d ep lo y NSX Ed g es
external _netwo rk = None
(StrO p t) Netwo rk ID fo r p hys ic al netwo rk
c o nnec tivity
4 73
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
manag er_uri = None
(StrO p t) uri fo r vs m
passwo rd = default
(StrO p t) Pas s wo rd fo r vs m
reso urce_po o l _i d = None
(StrO p t) O p tio nal p arameter id entifying the
ID o f res o urc e to d ep lo y NSX Ed g es
task_status_check_i nterval = 2000
(IntO p t) Tas k s tatus c hec k interval
user = admin
(StrO p t) Us er name fo r vs m
7.1.2. Configure t he Oslo RPC messaging syst em
OpenStack projects use an open standard for messaging middleware known as AMQP. This
messaging middleware enables the OpenStack services that run on multiple servers to talk to
each other. OpenStack Oslo RPC supports two implementations of AMQP, namely
R ab b it MQ and Q p id .
7 .1 .2 .1 . Co nfigure Rabbit MQ
OpenStack Oslo RPC uses R ab b it MQ by default. Use these options to configure the
R ab b it MQ message system. The rpc_backend option is optional as long as R ab b it MQ is
the default messaging system. However, if it is included the configuration, you must set it to
neutro n. o penstack. co mmo n. rpc. i mpl _ko mbu.
rpc_backend=neutron.openstack.common.rpc.impl_kombu
Use these options to configure the R ab b it MQ messaging system. You can configure
messaging communication for different installation scenarios, tune retries for RabbitMQ, and
define the size of the RPC thread pool. To monitor notifications through RabbitMQ, you must
set the no ti fi cati o n_d ri ver option to
neutro n. o penstack. co mmo n. no ti fi er. rpc_no ti fi er in the neutro n. co nf file:
T ab le 7.36 . D escrip t io n o f R ab b it MQ co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
4 74
ko mbu_reco nnect_d el ay = 1.0
(Flo atO p t) Ho w lo ng to wait b efo re
rec o nnec ting in res p o ns e to an AMQ P
c o ns umer c anc el no tific atio n.
ko mbu_ssl _ca_certs =
(StrO p t) SSL c ertific atio n autho rity file (valid
o nly if SSL enab led ).
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
ko mbu_ssl _certfi l e =
(StrO p t) SSL c ert file (valid o nly if SSL
enab led ).
ko mbu_ssl _keyfi l e =
(StrO p t) SSL key file (valid o nly if SSL
enab led ).
ko mbu_ssl _versi o n =
(StrO p t) SSL vers io n to us e (valid o nly if SSL
enab led ). valid values are TLSv1 and SSLv23.
SSLv2 and SSLv3 may b e availab le o n s o me
d is trib utio ns .
rabbi t_ha_q ueues = False
(Bo o lO p t) Us e HA q ueues in Rab b itMQ (xha-p o lic y: all). If yo u c hang e this o p tio n, yo u
mus t wip e the Rab b itMQ d atab as e.
rabbi t_ho st = localhost
(StrO p t) The Rab b itMQ b ro ker ad d res s
where a s ing le no d e is us ed .
rabbi t_ho sts = $rabbit_host:$rabbit_port
(Lis tO p t) Rab b itMQ HA c lus ter ho s t:p o rt
p airs .
rabbi t_l o g i n_metho d = AMQPLAIN
(StrO p t) The Rab b itMQ lo g in metho d .
rabbi t_max_retri es = 0
(IntO p t) Maximum numb er o f Rab b itMQ
c o nnec tio n retries . Default is 0 (infinite retry
c o unt).
rabbi t_passwo rd = guest
(StrO p t) The Rab b itMQ p as s wo rd .
rabbi t_po rt = 5672
(IntO p t) The Rab b itMQ b ro ker p o rt where a
s ing le no d e is us ed .
rabbi t_retry_backo ff = 2
(IntO p t) Ho w lo ng to b ac ko ff fo r b etween
retries when c o nnec ting to Rab b itMQ .
rabbi t_retry_i nterval = 1
(IntO p t) Ho w freq uently to retry c o nnec ting
with Rab b itMQ .
rabbi t_use_ssl = False
(Bo o lO p t) Co nnec t o ver SSL fo r Rab b itMQ .
rabbi t_useri d = guest
(StrO p t) The Rab b itMQ us erid .
rabbi t_vi rtual _ho st = /
(StrO p t) The Rab b itMQ virtual ho s t.
7 .1 .2 .2 . Co nfigure Qpid
Use these options to configure the Q p id messaging system for OpenStack Oslo RPC. Q p id
is not the default messaging system, so you must enable it by setting the rpc_backend
option in the neutro n. co nf file:
4 75
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
rpc_backend=neutron.openstack.common.rpc.impl_qpid
This critical option points the compute nodes to the Q p id broker (server). Set the
q pi d _ho stname option to the host name where the broker runs in the neutro n. co nf file.
Note
The --qpid_hostname option accepts a host name or IP address value.
qpid_hostname=hostname.example.com
If the Q p id broker listens on a port other than the AMQP default of 56 72, you must set the
q pi d _po rt option to that value:
qpid_port=12345
If you configure the Q p id broker to require authentication, you must add a user name and
password to the configuration:
qpid_username=username
qpid_password=password
By default, TCP is used as the transport. To enable SSL, set the q pi d _pro to co l option:
qpid_protocol=ssl
Use these additional options to configure the Qpid messaging driver for OpenStack Oslo
RPC. These options are used infrequently.
T ab le 7.37. D escrip t io n o f Q p id co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
4 76
q pi d _heartbeat = 60
(IntO p t) Sec o nd s b etween c o nnec tio n
keep alive heartb eats .
q pi d _ho stname = localhost
(StrO p t) Q p id b ro ker ho s tname.
q pi d _ho sts = $qpid_hostname:$qpid_port
(Lis tO p t) Q p id HA c lus ter ho s t:p o rt p airs .
q pi d _passwo rd =
(StrO p t) Pas s wo rd fo r Q p id c o nnec tio n.
q pi d _po rt = 5672
(IntO p t) Q p id b ro ker p o rt.
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
q pi d _pro to co l = tcp
(StrO p t) Trans p o rt to us e, either ' tc p ' o r
' s s l' .
q pi d _recei ver_capaci ty = 1
(IntO p t) The numb er o f p refetc hed mes s ag es
held b y rec eiver.
q pi d _sasl _mechani sms =
(StrO p t) Sp ac e s ep arated lis t o f SASL
mec hanis ms to us e fo r auth.
q pi d _tcp_no d el ay = True
(Bo o lO p t) Whether to d is ab le the Nag le
alg o rithm.
q pi d _to po l o g y_versi o n = 1
(IntO p t) The q p id to p o lo g y vers io n to us e.
Vers io n 1 is what was o rig inally us ed b y
imp l_q p id . Vers io n 2 inc lud es s o me
b ac kward s -inc o mp atib le c hang es that allo w
b ro ker fed eratio n to wo rk. Us ers s ho uld
up d ate to vers io n 2 when they are ab le to
take everything d o wn, as it req uires a c lean
b reak.
q pi d _username =
(StrO p t) Us ername fo r Q p id c o nnec tio n.
7 .1 .2 .3. Co nfigure m e ssaging
Use these common options to configure the R ab b it MQ and Q p id messaging drivers:
T ab le 7.38. D escrip t io n o f R PC co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
matchmaker_heartbeat_freq = 300
(IntO p t) Heartb eat freq uenc y.
matchmaker_heartbeat_ttl = 600
(IntO p t) Heartb eat time-to -live.
rpc_backend = rabbit
(StrO p t) The mes s ag ing d river to us e,
d efaults to rab b it. O ther d rivers inc lud e q p id
and z mq .
rpc_cast_ti meo ut = 30
(IntO p t) Sec o nd s to wait b efo re a c as t
exp ires (TTL). O nly s up p o rted b y imp l_z mq .
rpc_co nn_po o l _si ze = 30
(IntO p t) Siz e o f RPC c o nnec tio n p o o l.
4 77
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
rpc_respo nse_ti meo ut = 60
(IntO p t) Sec o nd s to wait fo r a res p o ns e fro m
a c all.
rpc_thread _po o l _si ze = 64
(IntO p t) Siz e o f RPC g reenthread p o o l.
rpc_wo rkers = 0
(IntO p t) Numb er o f RPC wo rker p ro c es s es
fo r s ervic e
[AG ENT ]
rpc_suppo rt_o l d _ag ents = False
(Bo o lO p t) Enab le s erver RPC c o mp atib ility
with o ld ag ents
[oslo_messaging_amqp]
al l o w_i nsecure_cl i ents = False
(Bo o lO p t) Ac c ep t c lients us ing either SSL o r
p lain TCP
bro ad cast_prefi x = broadcast
(StrO p t) ad d res s p refix us ed when
b ro ad c as ting to all s ervers
co ntai ner_name = None
(StrO p t) Name fo r the AMQ P c o ntainer
g ro up_req uest_prefi x = unicast
(StrO p t) ad d res s p refix when s end ing to any
s erver in g ro up
i d l e_ti meo ut = 0
(IntO p t) Timeo ut fo r inac tive c o nnec tio ns (in
s ec o nd s )
server_req uest_prefi x = exclusive
(StrO p t) ad d res s p refix us ed when s end ing
to a s p ec ific s erver
ssl _ca_fi l e =
(StrO p t) CA c ertific ate PEM file fo r verifing
s erver c ertific ate
ssl _cert_fi l e =
(StrO p t) Id entifying c ertific ate PEM file to
p res ent to c lients
ssl _key_fi l e =
(StrO p t) Private key PEM file us ed to s ig n
c ert_file c ertific ate
ssl _key_passwo rd = None
(StrO p t) Pas s wo rd fo r d ec ryp ting
s s l_key_file (if enc ryp ted )
trace = False
(Bo o lO p t) Deb ug : d ump AMQ P frames to
s td o ut
T ab le 7.39 . D escrip t io n o f R ed is co n f ig u rat io n o p t io n s
4 78
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
[mat chmaker_redis]
ho st = 127.0.0.1
(StrO p t) Ho s t to lo c ate red is .
passwo rd = None
(StrO p t) Pas s wo rd fo r Red is s erver
(o p tio nal).
po rt = 6379
(IntO p t) Us e this p o rt to c o nnec t to red is
ho s t.
[mat chmaker_ring]
ri ng fi l e = /etc/oslo/matchmaker_ring.json
(StrO p t) Matc hmaker ring file (JSO N).
T ab le 7.4 0. D escrip t io n o f AMQ P co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
amq p_auto _d el ete = False
(Bo o lO p t) Auto -d elete q ueues in AMQ P.
amq p_d urabl e_q ueues = False
(Bo o lO p t) Us e d urab le q ueues in AMQ P.
co ntro l _exchang e = neutron
(StrO p t) The d efault exc hang e und er whic h
to p ic s are s c o p ed . May b e o verrid d en b y an
exc hang e name s p ec ified in the trans p o rt_url
o p tio n.
no ti fi cati o n_d ri ver = []
(MultiStrO p t) Driver o r d rivers to hand le
s end ing no tific atio ns .
no ti fi cati o n_to pi cs = notifications
(Lis tO p t) AMQ P to p ic us ed fo r O p enStac k
no tific atio ns .
transpo rt_url = None
(StrO p t) A URL rep res enting the mes s ag ing
d river to us e and its full c o nfig uratio n. If no t
s et, we fall b ac k to the rp c _b ac kend o p tio n
and d river s p ec ific c o nfig uratio n.
7.1.3. Agent
Use the following options to alter agent-related settings.
T ab le 7.4 1. D escrip t io n o f ag en t co n f ig u rat io n o p t io n s
4 79
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
external _pi d s = $state_path/external/pids
(StrO p t) Lo c atio n to s to re c hild p id files
netwo rk_d evi ce_mtu = None
(IntO p t) MTU s etting fo r d evic e.
7.1.4 . API
Use the following options to alter API-related settings.
T ab le 7.4 2. D escrip t io n o f API co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
4 80
al l o w_bul k = True
(Bo o lO p t) Allo w the us ag e o f the b ulk API
al l o w_pag i nati o n = False
(Bo o lO p t) Allo w the us ag e o f the p ag inatio n
al l o w_so rti ng = False
(Bo o lO p t) Allo w the us ag e o f the s o rting
api _extensi o ns_path =
(StrO p t) The p ath fo r API extens io ns
api _paste_co nfi g = api-paste.ini
(StrO p t) The API p as te c o nfig file to us e
backl o g = 4096
(IntO p t) Numb er o f b ac klo g req ues ts to
c o nfig ure the s o c ket with
cl i ent_so cket_ti meo ut = 900
(IntO p t) Timeo ut fo r c lient c o nnec tio ns
s o c ket o p eratio ns . If an inc o ming c o nnec tio n
is id le fo r this numb er o f s ec o nd s it will b e
c lo s ed . A value o f ' 0 ' means wait fo rever.
co nn_i d l e_ti meo ut = 900
(IntO p t) Rec o nnec t c o nnec tio n to ns x if no t
us ed within this amo unt o f time.
max_head er_l i ne = 16384
(IntO p t) Max head er line to ac c o mmo d ate
larg e to kens
pag i nati o n_max_l i mi t = -1
(StrO p t) The maximum numb er o f items
returned in a s ing le res p o ns e, value was
' infinite' o r neg ative integ er means no limit
retry_unti l _wi nd o w = 30
(IntO p t) Numb er o f s ec o nd s to keep retrying
to lis ten
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
run_external _peri o d i c_tasks = True
(Bo o lO p t) So me p erio d ic tas ks c an b e run in
a s ep arate p ro c es s . Sho uld we run them
here?
servi ce_pl ug i ns =
(Lis tO p t) The s ervic e p lug ins Neutro n will
us e
tcp_keepi d l e = 600
(IntO p t) Sets the value o f TCP_KEEPIDLE in
s ec o nd s fo r eac h s erver s o c ket. No t
s up p o rted o n O S X.
wsg i _keep_al i ve = True
(Bo o lO p t) Determines if c o nnec tio ns are
allo wed to b e held o p en b y c lients after a
req ues t is fulfilled . A value o f Fals e will
ens ure that the s o c ket c o nnec tio n will b e
exp lic itly c lo s ed o nc e a res p o ns e has b een
s ent to the c lient.
[service_providers]
servi ce_pro vi d er = []
(MultiStrO p t) Defines p ro vid ers fo r ad vanc ed
s ervic es us ing the fo rmat: < s ervic e_typ e> :
< name> :< d river> [:d efault]
7.1.5. T oken aut hent icat ion
Use the following options to alter token authentication settings.
T ab le 7.4 3. D escrip t io n o f au t h o riz at io n t o ken co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[keyst one_aut ht oken]
ad mi n_passwo rd = None
(StrO p t) Keys to ne ac c o unt p as s wo rd
ad mi n_tenant_name = admin
(StrO p t) Keys to ne s ervic e ac c o unt tenant
name to valid ate us er to kens
4 81
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
ad mi n_to ken = None
(StrO p t) This o p tio n is d ep rec ated and may
b e remo ved in a future releas e. Sing le
s hared s ec ret with the Keys to ne
c o nfig uratio n us ed fo r b o o ts trap p ing a
Keys to ne ins tallatio n, o r o therwis e
b yp as s ing the no rmal authentic atio n
p ro c es s . This o p tio n s ho uld no t b e us ed ,
us e `ad min_us er` and `ad min_p as s wo rd `
ins tead .
ad mi n_user = None
(StrO p t) Keys to ne ac c o unt us ername
auth_ad mi n_prefi x =
(StrO p t) Prefix to p rep end at the b eg inning
o f the p ath. Dep rec ated , us e id entity_uri.
auth_ho st = 127.0.0.1
(StrO p t) Ho s t p ro vid ing the ad min Id entity
API end p o int. Dep rec ated , us e id entity_uri.
auth_po rt = 35357
(IntO p t) Po rt o f the ad min Id entity API
end p o int. Dep rec ated , us e id entity_uri.
auth_pro to co l = https
(StrO p t) Pro to c o l o f the ad min Id entity API
end p o int (http o r http s ). Dep rec ated , us e
id entity_uri.
auth_uri = None
(StrO p t) Co mp lete p ub lic Id entity API
end p o int
auth_versi o n = None
(StrO p t) API vers io n o f the ad min Id entity API
end p o int
cache = None
(StrO p t) Env key fo r the s wift c ac he
cafi l e = None
(StrO p t) A PEM enc o d ed Certific ate Autho rity
to us e when verifying HTTPs c o nnec tio ns .
Defaults to s ys tem CAs .
certfi l e = None
(StrO p t) Req uired if Keys to ne s erver
req uires c lient c ertific ate
check_revo cati o ns_fo r_cached =
(Bo o lO p t) If true, the revo c atio n lis t will b e
c hec ked fo r c ac hed to kens . This req uires
that PKI to kens are c o nfig ured o n the
Keys to ne s erver.
False
d el ay_auth_d eci si o n = False
4 82
(Bo o lO p t) Do no t hand le autho riz atio n
req ues ts within the mid d leware, b ut d eleg ate
the autho riz atio n d ec is io n to d o wns tream
WSG I c o mp o nents
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
enfo rce_to ken_bi nd = permissive
(StrO p t) Us ed to c o ntro l the us e and typ e o f
to ken b ind ing . Can b e s et to : " d is ab led " to
no t c hec k to ken b ind ing . " p ermis s ive"
(d efault) to valid ate b ind ing info rmatio n if the
b ind typ e is o f a fo rm kno wn to the s erver
and ig no re it if no t. " s tric t" like " p ermis s ive"
b ut if the b ind typ e is unkno wn the to ken will
b e rejec ted . " req uired " any fo rm o f to ken
b ind ing is need ed to b e allo wed . Finally the
name o f a b ind ing metho d that mus t b e
p res ent in to kens .
hash_al g o ri thms = md5
(Lis tO p t) Has h alg o rithms to us e fo r has hing
PKI to kens . This may b e a s ing le alg o rithm
o r multip le. The alg o rithms are tho s e
s up p o rted b y Pytho n s tand ard has hlib .new().
The has hes will b e tried in the o rd er g iven,
s o p ut the p referred o ne firs t fo r
p erfo rmanc e. The res ult o f the firs t has h will
b e s to red in the c ac he. This will typ ic ally b e
s et to multip le values o nly while mig rating
fro m a les s s ec ure alg o rithm to a mo re
s ec ure o ne. O nc e all the o ld to kens are
exp ired this o p tio n s ho uld b e s et to a s ing le
value fo r b etter p erfo rmanc e.
http_co nnect_ti meo ut = None
(Bo o lO p t) Req ues t timeo ut value fo r
c o mmunic ating with Id entity API s erver.
http_req uest_max_retri es = 3
(IntO p t) Ho w many times are we trying to
rec o nnec t when c o mmunic ating with Id entity
API Server.
i d enti ty_uri = None
(StrO p t) Co mp lete ad min Id entity API
end p o int. This s ho uld s p ec ify the
unvers io ned ro o t end p o int e.g .
http s ://lo c alho s t:35357/
i ncl ud e_servi ce_catal o g = True
(Bo o lO p t) (o p tio nal) ind ic ate whether to s et
the X-Servic e-Catalo g head er. If Fals e,
mid d leware will no t as k fo r s ervic e c atalo g
o n to ken valid atio n and will no t s et the XServic e-Catalo g head er.
i nsecure = False
(Bo o lO p t) Verify HTTPS c o nnec tio ns .
keyfi l e = None
(StrO p t) Req uired if Keys to ne s erver
req uires c lient c ertific ate
4 83
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
memcache_secret_key = None
(StrO p t) (o p tio nal, mand ato ry if
memc ac he_s ec urity_s trateg y is d efined ) this
s tring is us ed fo r key d erivatio n.
memcache_securi ty_strateg y = None
(StrO p t) (o p tio nal) if d efined , ind ic ate
whether to ken d ata s ho uld b e authentic ated
o r authentic ated and enc ryp ted . Ac c ep tab le
values are MAC o r ENCRYPT. If MAC, to ken
d ata is authentic ated (with HMAC) in the
c ac he. If ENCRYPT, to ken d ata is enc ryp ted
and authentic ated in the c ac he. If the value is
no t o ne o f thes e o p tio ns o r emp ty,
auth_to ken will rais e an exc ep tio n o n
initializ atio n.
revo cati o n_cache_ti me = 10
(IntO p t) Determines the freq uenc y at whic h
the lis t o f revo ked to kens is retrieved fro m
the Id entity s ervic e (in s ec o nd s ). A hig h
numb er o f revo c atio n events c o mb ined with a
lo w c ac he d uratio n may s ig nific antly red uc e
p erfo rmanc e.
si g ni ng _d i r = None
(StrO p t) Direc to ry us ed to c ac he files related
to PKI to kens
to ken_cache_ti me = 300
(IntO p t) In o rd er to p revent exc es s ive effo rt
s p ent valid ating to kens , the mid d leware
c ac hes p revio us ly-s een to kens fo r a
c o nfig urab le d uratio n (in s ec o nd s ). Set to -1
to d is ab le c ac hing c o mp letely.
7.1.6. Comput e
Use the following options to alter Compute-related settings.
T ab le 7.4 4 . D escrip t io n o f C o mp u t e co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
4 84
no ti fy_no va_o n_po rt_d ata_chang e
s = True
(Bo o lO p t) Send no tific atio n to no va when
p o rt d ata (fixed _ip s /flo ating ip ) c hang es s o
no va c an up d ate its c ac he.
no ti fy_no va_o n_po rt_status_chang
es = True
(Bo o lO p t) Send no tific atio n to no va when
p o rt s tatus c hang es
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
no va_ad mi n_auth_url =
(StrO p t) Autho riz atio n URL fo r c o nnec ting to
no va in ad min c o ntext
http://localhost:5000/v2.0
no va_ad mi n_passwo rd = None
(StrO p t) Pas s wo rd fo r c o nnec tio n to no va in
ad min c o ntext
no va_ad mi n_tenant_i d = None
(StrO p t) The uuid o f the ad min no va tenant
no va_ad mi n_tenant_name = None
(StrO p t) The name o f the ad min no va tenant
no va_ad mi n_username = None
(StrO p t) Us ername fo r c o nnec ting to no va in
ad min c o ntext
no va_api _i nsecure = False
(Bo o lO p t) If True, ig no re any SSL valid atio n
is s ues
no va_ca_certi fi cates_fi l e = None
(StrO p t) CA file fo r no vac lient to verify s erver
c ertific ates
no va_cl i ent_cert =
(StrO p t) Client c ertific ate fo r no va metad ata
ap i s erver.
no va_cl i ent_pri v_key =
(StrO p t) Private key o f c lient c ertific ate.
no va_reg i o n_name = None
(StrO p t) Name o f no va reg io n to us e. Us eful
if keys to ne manag es mo re than o ne reg io n.
no va_url = http://127.0.0.1:8774/v2
(StrO p t) URL fo r c o nnec tio n to no va
send _events_i nterval = 2
(IntO p t) Numb er o f s ec o nd s b etween
s end ing events to no va if there are any events
to s end .
7.1.7. Dat abase
Use the following options to alter D atabase-related settings.
T ab le 7.4 5. D escrip t io n o f d at ab ase co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[dat abase]
backend = sqlalchemy
(StrO p t) The b ac k end to us e fo r the
d atab as e.
4 85
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
4 86
Configurat ion opt ion = Default value
Descript ion
co nnecti o n = None
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the d atab as e.
co nnecti o n_d ebug = 0
(IntO p t) Verb o s ity o f SQ L d eb ug g ing
info rmatio n: 0 =No ne, 10 0 =Everything .
co nnecti o n_trace = False
(Bo o lO p t) Ad d Pytho n s tac k trac es to SQ L
as c o mment s tring s .
d b_i nc_retry_i nterval = True
(Bo o lO p t) If True, inc reas es the interval
b etween d atab as e c o nnec tio n retries up to
d b _max_retry_interval.
d b_max_retri es = 20
(IntO p t) Maximum d atab as e c o nnec tio n
retries b efo re erro r is rais ed . Set to -1 to
s p ec ify an infinite retry c o unt.
d b_max_retry_i nterval = 10
(IntO p t) If d b _inc _retry_interval is s et, the
maximum s ec o nd s b etween d atab as e
c o nnec tio n retries .
d b_retry_i nterval = 1
(IntO p t) Sec o nd s b etween d atab as e
c o nnec tio n retries .
i d l e_ti meo ut = 3600
(IntO p t) Timeo ut b efo re id le SQ L
c o nnec tio ns are reap ed .
max_o verfl o w = None
(IntO p t) If s et, us e this value fo r
max_o verflo w with SQ LAlc hemy.
max_po o l _si ze = None
(IntO p t) Maximum numb er o f SQ L
c o nnec tio ns to keep o p en in a p o o l.
max_retri es = 10
(IntO p t) Maximum numb er o f d atab as e
c o nnec tio n retries d uring s tartup . Set to -1 to
s p ec ify an infinite retry c o unt.
mi n_po o l _si ze = 1
(IntO p t) Minimum numb er o f SQ L
c o nnec tio ns to keep o p en in a p o o l.
mysq l _sq l _mo d e = TRADITIONAL
(StrO p t) The SQ L mo d e to b e us ed fo r
MySQ L s es s io ns . This o p tio n, inc lud ing the
d efault, o verrid es any s erver-s et SQ L mo d e.
To us e whatever SQ L mo d e is s et b y the
s erver c o nfig uratio n, s et this to no value.
Examp le: mys q l_s q l_mo d e=
po o l _ti meo ut = None
(IntO p t) If s et, us e this value fo r p o o l_timeo ut
with SQ LAlc hemy.
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
retry_i nterval = 10
(IntO p t) Interval b etween retries o f o p ening a
SQ L c o nnec tio n.
sl ave_co nnecti o n = None
(StrO p t) The SQ LAlc hemy c o nnec tio n s tring
to us e to c o nnec t to the s lave d atab as e.
sq l i te_d b = oslo.sqlite
(StrO p t) The file name to us e with SQ Lite.
sq l i te_synchro no us = True
(Bo o lO p t) If True, SQ Lite us es s ync hro no us
mo d e.
use_d b_reco nnect = False
(Bo o lO p t) Enab le the exp erimental us e o f
d atab as e rec o nnec t o n c o nnec tio n lo s t.
7.1.8. Logging
Use the following options to alter debug settings.
T ab le 7.4 6 . D escrip t io n o f lo g g in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
backd o o r_po rt = None
(StrO p t) Enab le eventlet b ac kd o o r.
Ac c ep tab le values are 0 , < p o rt> , and
< s tart> :< end > , where 0 res ults in lis tening
o n a rand o m tc p p o rt numb er; < p o rt> res ults
in lis tening o n the s p ec ified p o rt numb er
(and no t enab ling b ac kd o o r if that p o rt is in
us e); and < s tart> :< end > res ults in lis tening
o n the s malles t unus ed p o rt numb er within
the s p ec ified rang e o f p o rt numb ers . The
c ho s en p o rt is d is p layed in the s ervic e' s lo g
file.
d i sabl e_pro cess_l o cki ng = False
(Bo o lO p t) Enab les o r d is ab les inter-p ro c es s
lo c ks .
7.1.9. DHCP agent
Use the following options to alter D atabase-related settings.
T ab le 7.4 7. D escrip t io n o f D H C P ag en t co n f ig u rat io n o p t io n s
4 87
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d nsmasq _co nfi g _fi l e =
(StrO p t) O verrid e the d efault d ns mas q
s etting s with this file
d nsmasq _d ns_servers = None
(Lis tO p t) Co mma-s ep arated lis t o f the DNS
s ervers whic h will b e us ed as fo rward ers .
d nsmasq _l ease_max = 16777216
(IntO p t) Limit numb er o f leas es to p revent a
d enial-o f-s ervic e.
enabl e_i so l ated _metad ata = False
(Bo o lO p t) Sup p o rt Metad ata req ues ts o n
is o lated netwo rks .
enabl e_metad ata_netwo rk = False
(Bo o lO p t) Allo ws fo r s erving metad ata
req ues ts fro m a d ed ic ated netwo rk. Req uires
enab le_is o lated _metad ata = True
num_sync_thread s = 4
(IntO p t) Numb er o f thread s to us e d uring
s ync p ro c es s .
resync_i nterval = 5
(IntO p t) Interval to res ync .
use_namespaces = True
(Bo o lO p t) Allo w o verlap p ing IP.
7.1.10. Dist ribut ed virt ual rout er
Use the following options to alter D VR-related settings.
T ab le 7.4 8. D escrip t io n o f D VR co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d vr_base_mac = fa:16:3f:00:00:00
(StrO p t) The b as e mac ad d res s us ed fo r
uniq ue DVR ins tanc es b y Neutro n
ro uter_d i stri buted = False
(Bo o lO p t) Sys tem-wid e flag to d etermine the
typ e o f ro uter that tenants c an c reate. O nly
ad min c an o verrid e.
7.1.11. Embrane LBaaS driver
Use the following options to alter Embrane Load-Balancer-as-a-Service related settings.
4 88
CHAPT ER 7 . NET WO RKING
T ab le 7.4 9 . D escrip t io n o f Emb ran e LB aaS d river co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[heleoslb]
ad min_p as s wo rd = No ne
(StrO p t) ESM ad min p as s wo rd .
ad min_us ername = No ne
(StrO p t) ESM ad min us ername.
as ync _req ues ts = No ne
(Bo o lO p t) Define if the req ues ts have run
as ync hro no us ly o r no t
d ummy_utif_id = No ne
(StrO p t) Dummy us er traffic Sec urity Zo ne id
fo r LBs
es m_mg mt = No ne
(StrO p t) ESM manag ement ro o t ad d res s
inb and _id = No ne
(StrO p t) In b and Sec urity Zo ne id fo r LBs
lb _flavo r = s mall
(StrO p t) c ho o s e LB imag e flavo r to us e,
ac c ep ted values : s mall, med ium
lb _imag e = No ne
(StrO p t) Lo ad Balanc er imag e id (Emb rane
LB)
mg mt_id = No ne
(StrO p t) Manag ement Sec urity Zo ne id fo r
LBs
o o b _id = No ne
(StrO p t) O ut o f b and Sec urity Zo ne id fo r
LBs
res o urc e_p o o l_id = No ne
(StrO p t) Shared res o urc e p o o l id
s ync _interval = 6 0
(IntO p t) res o urc e s ync hro niz atio n interval in
s ec o nd s
7.1.12. Firewall-as-a-Service driver
Use the following options in the fwaas_d ri ver. i ni file for the FWaaS driver.
T ab le 7.50. D escrip t io n o f FwaaS co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[fwaas]
enabl ed = False
(Bo o lO p t) Enab le FWaaS
4 89
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
7.1.13. IPv6 rout er advert isement
Use the following options to alter IPv6 RA settings.
T ab le 7.51. D escrip t io n o f IPv6 ro u t er ad vert isemen t co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ra_co nfs = $state_path/ra
(StrO p t) Lo c atio n to s to re IPv6 RA c o nfig
files
7.1.14 . L3 agent
Use the following options in the l 3_ag ent. i ni file for the L3 agent.
T ab le 7.52. D escrip t io n o f L3 ag en t co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
4 90
ag ent_mo d e = legacy
(StrO p t) The wo rking mo d e fo r the ag ent.
Allo wed mo d es are: ' leg ac y' - this p res erves
the exis ting b ehavio r where the L3 ag ent is
d ep lo yed o n a c entraliz ed netwo rking no d e
to p ro vid e L3 s ervic es like DNAT, and SNAT.
Us e this mo d e if yo u d o no t want to ad o p t
DVR. ' d vr' - this mo d e enab les DVR
func tio nality and mus t b e us ed fo r an L3
ag ent that runs o n a c o mp ute ho s t. ' d vr_s nat'
- this enab les c entraliz ed SNAT s up p o rt in
c o njunc tio n with DVR. This mo d e mus t b e
us ed fo r an L3 ag ent running o n a
c entraliz ed no d e (o r in s ing le-ho s t
d ep lo yments , e.g . d evs tac k)
al l o w_auto mati c_l 3ag ent_fai l o ve
r = False
(Bo o lO p t) Auto matic ally res c hed ule ro uters
fro m o ffline L3 ag ents to o nline L3 ag ents .
enabl e_metad ata_pro xy = True
(Bo o lO p t) Allo w running metad ata p ro xy.
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
external _netwo rk_bri d g e = br-ex
(StrO p t) Name o f b rid g e us ed fo r external
netwo rk traffic .
g ateway_external _netwo rk_i d =
(StrO p t) UUID o f external netwo rk fo r ro uters
imp lemented b y the ag ents .
ha_co nfs_path = $state_path/ha_confs
(StrO p t) Lo c atio n to s to re
keep alived /c o nntrac kd c o nfig files
ha_vrrp_ad vert_i nt = 2
(IntO p t) The ad vertis ement interval in
s ec o nd s
ha_vrrp_auth_passwo rd = None
(StrO p t) VRRP authentic atio n p as s wo rd
ha_vrrp_auth_type = PASS
(StrO p t) VRRP authentic atio n typ e AH/PASS
hand l e_i nternal _o nl y_ro uters =
(Bo o lO p t) Ag ent s ho uld imp lement ro uters
with no g ateway
True
l 3_ha = False
(Bo o lO p t) Enab le HA mo d e fo r virtual
ro uters .
l 3_ha_net_ci d r = 169.254.192.0/18
(StrO p t) Sub net us ed fo r the l3 HA ad min
netwo rk.
max_l 3_ag ents_per_ro uter = 3
(IntO p t) Maximum numb er o f ag ents o n whic h
a ro uter will b e s c hed uled .
mi n_l 3_ag ents_per_ro uter = 2
(IntO p t) Minimum numb er o f ag ents o n whic h
a ro uter will b e s c hed uled .
ro uter_i d =
(StrO p t) If names p ac es is d is ab led , the l3
ag ent c an o nly c o nfig ure a ro uter that has the
matc hing ro uter ID.
send _arp_fo r_ha = 3
(IntO p t) Send this many g ratuito us ARPs fo r
HA s etup , if les s than o r eq ual to 0 , the
feature is d is ab led
use_hel per_fo r_ns_read = True
(Bo o lO p t) Us e the ro o t help er to read the
names p ac es fro m the o p erating s ys tem.
[AG ENT ]
co mment_i ptabl es_rul es = True
(Bo o lO p t) Ad d c o mments to ip tab les rules .
use_hel per_fo r_ns_read = True
(Bo o lO p t) Us e the ro o t help er to read the
names p ac es fro m the o p erating s ys tem.
4 91
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
7.1.15. Load-Balancer-as-a-Service agent
Use the following options in the l baas_ag ent. i ni file for the LBaaS agent.
T ab le 7.53. D escrip t io n o f LB aaS co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d evic e_d river =
[' neutro n.s ervic es .lo ad b alanc er.d rivers .hap r
o xy.names p ac e_d river.Hap ro xyNSDriver' ]
(MultiStrO p t) Drivers us ed to manag e
lo ad b alanc ing d evic es
lo ad b alanc er_p o o l_s c hed uler_d river =
neutro n.s ervic es .lo ad b alanc er.ag ent_s c hed
uler.Chanc eSc hed uler
(StrO p t) Driver to us e fo r s c hed uling p o o l to
a d efault lo ad b alanc er ag ent
T ab le 7.54 . D escrip t io n o f LB aaS h ap ro xy co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[haproxy]
lo ad b alanc er_s tate_p ath =
$ s tate_p ath/lb aas
(StrO p t) Lo c atio n to s to re c o nfig and s tate
files
s end _g ratuito us _arp = 3
(IntO p t) When d elete and re-ad d the s ame
vip , s end this many g ratuito us ARPs to flus h
the ARP c ac he in the Ro uter. Set it b elo w o r
eq ual to 0 to d is ab le this feature.
us er_g ro up = no g ro up
(StrO p t) The us er g ro up
T ab le 7.55. D escrip t io n o f LB aaS N et scaler co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[net scaler_driver]
4 92
nets c aler_nc c _p as s wo rd = No ne
(StrO p t) Pas s wo rd to lo g in to the NetSc aler
Co ntro l Center Server.
nets c aler_nc c _uri = No ne
(StrO p t) The URL to reac h the NetSc aler
Co ntro l Center Server.
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
nets c aler_nc c _us ername = No ne
(StrO p t) Us ername to lo g in to the NetSc aler
Co ntro l Center Server.
T ab le 7.56 . D escrip t io n o f LB aaS R ad ware co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[radware]
ac tio ns _to _s kip = s etup _l2_l3
(Lis tO p t) Lis t o f ac tio ns that are no t p us hed
to the c o mp letio n q ueue.
ha_s ec o nd ary_ad d res s = No ne
(StrO p t) IP ad d res s o f s ec o nd ary vDirec t
s erver.
l2_l3_c to r_p arams = {' ha_netwo rk_name' :
' HA-Netwo rk' , ' s ervic e' : ' _REPLACE_' ,
' ha_ip _p o o l_name' : ' d efault' ,
' two leg _enab led ' : ' _REPLACE_' ,
' allo c ate_ha_ip s ' : True, ' allo c ate_ha_vrrp ' :
True}
(Dic tO p t) Parameter fo r l2_l3 wo rkflo w
c o ns truc to r.
l2_l3_s etup _p arams = {' d ata_ip _ad d res s ' :
' 19 2.16 8 .20 0 .9 9 ' , ' d ata_p o rt' : 1, ' g ateway' :
' 19 2.16 8 .20 0 .1' , ' ha_p o rt' : 2, ' d ata_ip _mas k' :
' 255.255.255.0 ' }
(Dic tO p t) Parameter fo r l2_l3 wo rkflo w s etup .
l2_l3_wo rkflo w_name = o p ens tac k_l2_l3
(StrO p t) Name o f l2_l3 wo rkflo w. Default:
o p ens tac k_l2_l3.
l4_ac tio n_name = Bas eCreate
(StrO p t) Name o f the l4 wo rkflo w ac tio n.
Default: Bas eCreate.
l4_wo rkflo w_name = o p ens tac k_l4
(StrO p t) Name o f l4 wo rkflo w. Default:
o p ens tac k_l4.
s ervic e_ad c _typ e = VA
(StrO p t) Servic e ADC typ e. Default: VA.
s ervic e_ad c _vers io n =
(StrO p t) Servic e ADC vers io n.
s ervic e_c ac he = 20
(IntO p t) Siz e o f s ervic e c ac he. Default: 20 .
s ervic e_c o mp res s io n_thro ug hp ut = 10 0
(IntO p t) Servic e c o mp res s io n thro ug hp ut.
Default: 10 0 .
s ervic e_ha_p air = Fals e
(Bo o lO p t) Enab les o r d is ab les the Servic e
HA p air. Default: Fals e.
4 93
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
s ervic e_is l_vlan = -1
(IntO p t) A req uired VLAN fo r the inters witc h
link to us e.
s ervic e_res o urc e_p o o l_id s =
(Lis tO p t) Res o urc e p o o l IDs .
s ervic e_s es s io n_mirro ring _enab led = Fals e
(Bo o lO p t) Enab le o r d is ab le Alteo n
inters witc h link fo r s tateful s es s io n failo ver.
Default: Fals e.
s ervic e_s s l_thro ug hp ut = 10 0
(IntO p t) Servic e SSL thro ug hp ut. Default:
10 0 .
s ervic e_thro ug hp ut = 10 0 0
(IntO p t) Servic e thro ug hp ut. Default: 10 0 0 .
vd irec t_ad d res s = No ne
(StrO p t) IP ad d res s o f vDirec t s erver.
vd irec t_p as s wo rd = rad ware
(StrO p t) vDirec t us er p as s wo rd .
vd irec t_us er = vDirec t
(StrO p t) vDirec t us er name.
7.1.16. Logging
Use the following options to alter logging settings.
T ab le 7.57. D escrip t io n o f lo g g in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d ebug = False
(Bo o lO p t) Print d eb ug g ing o utp ut (s et
lo g g ing level to DEBUG ins tead o f d efault
WARNING level).
d efaul t_l o g _l evel s = amqp=WARN,
(Lis tO p t) Lis t o f lo g g er=LEVEL p airs .
amqplib=WARN, boto=WARN, qpid=WARN,
sqlalchemy=WARN, suds=INFO,
oslo.messaging=INFO, iso8601=WARN,
requests.packages.urllib3.connectionpool=WAR
N, urllib3.connectionpool=WARN,
websocket=WARN, keystonemiddleware=WARN,
routes.middleware=WARN, stevedore=WARN
fatal _d eprecati o ns = False
4 94
(Bo o lO p t) Enab les o r d is ab les fatal s tatus o f
d ep rec atio ns .
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
i nstance_fo rmat = "[instance: %(uuid)s] "
(StrO p t) The fo rmat fo r an ins tanc e that is
p as s ed with the lo g mes s ag e.
i nstance_uui d _fo rmat = "[instance: %
(StrO p t) The fo rmat fo r an ins tanc e UUID that
is p as s ed with the lo g mes s ag e.
(uuid)s] "
l o g _co nfi g _append = None
(StrO p t) The name o f a lo g g ing
c o nfig uratio n file. This file is ap p end ed to
any exis ting lo g g ing c o nfig uratio n files . Fo r
d etails ab o ut lo g g ing c o nfig uratio n files , s ee
the Pytho n lo g g ing mo d ule d o c umentatio n.
l o g _d ate_fo rmat = %Y-%m-%d
(StrO p t) Fo rmat s tring fo r % % (as c time)s in
lo g rec o rd s . Default: % (d efault)s .
%H:%M:%S
l o g _d i r = None
(StrO p t) (O p tio nal) The b as e d irec to ry us ed
fo r relative --lo g -file p aths .
l o g _fi l e = None
(StrO p t) (O p tio nal) Name o f lo g file to o utp ut
to . If no d efault is s et, lo g g ing will g o to
s td o ut.
l o g _fo rmat = None
(StrO p t) DEPRECATED. A lo g g ing .Fo rmatter
lo g mes s ag e fo rmat s tring whic h may us e
any o f the availab le lo g g ing .Lo g Rec o rd
attrib utes . This o p tio n is d ep rec ated . Pleas e
us e lo g g ing _c o ntext_fo rmat_s tring and
lo g g ing _d efault_fo rmat_s tring ins tead .
l o g g i ng _co ntext_fo rmat_stri ng =
(StrO p t) Fo rmat s tring to us e fo r lo g
mes s ag es with c o ntext.
%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [%(request_id)s %
(user_identity)s] %(instance)s%(message)s
l o g g i ng _d ebug _fo rmat_suffi x = %
(funcName)s %(pathname)s:%(lineno)d
l o g g i ng _d efaul t_fo rmat_stri ng =
%(asctime)s.%(msecs)03d %(process)d %
(levelname)s %(name)s [-] %(instance)s%
(message)s
l o g g i ng _excepti o n_prefi x = %
(asctime)s.%(msecs)03d %(process)d TRACE %
(name)s %(instance)s
(StrO p t) Data to ap p end to lo g fo rmat when
level is DEBUG .
(StrO p t) Fo rmat s tring to us e fo r lo g
mes s ag es witho ut c o ntext.
(StrO p t) Prefix eac h line o f exc ep tio n o utp ut
with this fo rmat.
publ i sh_erro rs = False
(Bo o lO p t) Enab les o r d is ab les p ub lic atio n
o f erro r events .
sysl o g _l o g _faci l i ty = LOG_USER
(StrO p t) Sys lo g fac ility to rec eive lo g lines .
4 95
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
use_ssl = False
(Bo o lO p t) Enab le SSL o n the API s erver
use_std err = True
(Bo o lO p t) Lo g o utp ut to s tand ard erro r.
use_sysl o g = False
(Bo o lO p t) Us e s ys lo g fo r lo g g ing . Exis ting
s ys lo g fo rmat is DEPRECATED d uring I, and
will c hang e in J to ho no r RFC5424.
use_sysl o g _rfc_fo rmat = False
(Bo o lO p t) (O p tio nal) Enab les o r d is ab les
s ys lo g rfc 5424 fo rmat fo r lo g g ing . If
enab led , p refixes the MSG p art o f the s ys lo g
mes s ag e with APP-NAME (RFC5424). The
fo rmat witho ut the APP-NAME is d ep rec ated
in I, and will b e remo ved in J.
verbo se = False
(Bo o lO p t) Print mo re verb o s e o utp ut (s et
lo g g ing level to INFO ins tead o f d efault
WARNING level).
7.1.17. Met adat a Agent
Use the following options in the metad ata_ag ent. i ni file for the Metadata agent.
T ab le 7.58. D escrip t io n o f met ad at a co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
meta_fl avo r_d ri ver_mappi ng s =
None
metad ata_backl o g = 4096
(IntO p t) Numb er o f b ac klo g req ues ts to
c o nfig ure the metad ata s erver s o c ket with
metad ata_po rt = 9697
(IntO p t) TCP Po rt us ed b y Neutro n metad ata
names p ac e p ro xy.
metad ata_pro xy_shared _secret =
(StrO p t) Shared s ec ret to s ig n ins tanc e-id
req ues t
metad ata_pro xy_so cket =
(StrO p t) Lo c atio n o f Metad ata Pro xy UNIX
d o main s o c ket
$state_path/metadata_proxy
4 96
(StrO p t) Map p ing b etween flavo r and
LinuxInterfac eDriver. It is s p ec ific to
MetaInterfac eDriver us ed with ad min_us er,
ad min_p as s wo rd , ad min_tenant_name,
ad min_url, auth_s trateg y, auth_reg io n and
end p o int_typ e.
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
metad ata_wo rkers = 4
(IntO p t) Numb er o f s ep arate wo rker
p ro c es s es fo r metad ata s erver
no va_metad ata_i nsecure = False
(Bo o lO p t) Allo w to p erfo rm ins ec ure SSL
(http s ) req ues ts to no va metad ata
no va_metad ata_i p = 127.0.0.1
(StrO p t) IP ad d res s us ed b y No va metad ata
s erver.
no va_metad ata_po rt = 8775
(IntO p t) TCP Po rt us ed b y No va metad ata
s erver.
no va_metad ata_pro to co l = http
(StrO p t) Pro to c o l to ac c es s no va metad ata,
http o r http s
Note
Previously, neutron metadata agent connected to a neutron server via REST API
using a neutron client. This is ineffective because keystone is then fully involved
into the authentication process and gets overloaded.
The neutron metadata agent has been reworked to use RPC by default to connect
to a server since Kilo release. This is a typical way of interacting between neutron
server and its agents. If neutron server does not support metadata RPC then
neutron client will be used.
7.1.18. Met ering Agent
Use the following options in the meteri ng _ag ent. i ni file for the Metering agent.
T ab le 7.59 . D escrip t io n o f met erin g ag en t co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
d ri ver =
(StrO p t) Metering d river
neutron.services.metering.drivers.noop.noop_dri
ver.NoopMeteringDriver
measure_i nterval = 30
(IntO p t) Interval b etween two metering
meas ures
[AG ENT ]
4 97
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
repo rt_i nterval = 30
(Flo atO p t) Sec o nd s b etween no d es
rep o rting s tate to s erver; s ho uld b e les s than
ag ent_d o wn_time, b es t if it is half o r les s
than ag ent_d o wn_time.
7.1.19. Policy
Use the following options in the neutro n. co nf file to change policy settings.
T ab le 7.6 0. D escrip t io n o f p o licy co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
al l o w_o verl appi ng _i ps = False
(Bo o lO p t) Allo w o verlap p ing IP s up p o rt in
Neutro n
po l i cy_d efaul t_rul e = default
(StrO p t) Default rule. Enfo rc ed when a
req ues ted rule is no t fo und .
po l i cy_d i rs = ['policy.d']
(MultiStrO p t) Direc to ries where p o lic y
c o nfig uratio n files are s to red .
po l i cy_fi l e = policy.json
(StrO p t) The JSO N file that d efines p o lic ies .
7.1.20. Quot as
Use the following options in the neutro n. co nf file for the quota system.
T ab le 7.6 1. D escrip t io n o f q u o t as co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
max_ro utes = 30
(IntO p t) Maximum numb er o f ro utes
[Q UO T AS]
d efaul t_q uo ta = -1
4 98
(IntO p t) Default numb er o f res o urc e allo wed
p er tenant. A neg ative value means unlimited .
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
q uo ta_d ri ver =
(StrO p t) Default d river to us e fo r q uo ta
c hec ks
neutron.db.quota_db.DbQuotaDriver
q uo ta_fi rewal l = 1
(IntO p t) Numb er o f firewalls allo wed p er
tenant. A neg ative value means unlimited .
q uo ta_fi rewal l _po l i cy = 1
(IntO p t) Numb er o f firewall p o lic ies allo wed
p er tenant. A neg ative value means unlimited .
q uo ta_fi rewal l _rul e = 100
(IntO p t) Numb er o f firewall rules allo wed p er
tenant. A neg ative value means unlimited .
q uo ta_fl o ati ng i p = 50
(IntO p t) Numb er o f flo ating IPs allo wed p er
tenant. A neg ative value means unlimited .
q uo ta_heal th_mo ni to r = -1
(IntO p t) Numb er o f health mo nito rs allo wed
p er tenant. A neg ative value means unlimited .
q uo ta_heal thmo ni to r = -1
(IntO p t) Numb er o f health mo nito rs allo wed
p er tenant. A neg ative value means unlimited .
q uo ta_i tems = network, subnet, port
(Lis tO p t) Res o urc e name(s ) that are
s up p o rted in q uo ta features
q uo ta_l i stener = -1
(IntO p t) Numb er o f Lo ad b alanc er Lis teners
allo wed p er tenant. A neg ative value means
unlimited .
q uo ta_l o ad bal ancer = 10
(IntO p t) Numb er o f Lo ad Balanc ers allo wed
p er tenant. A neg ative value means unlimited .
q uo ta_member = -1
(IntO p t) Numb er o f p o o l memb ers allo wed
p er tenant. A neg ative value means unlimited .
q uo ta_netwo rk = 10
(IntO p t) Numb er o f netwo rks allo wed p er
tenant.A neg ative value means unlimited .
q uo ta_netwo rk_g ateway = 5
(IntO p t) Numb er o f netwo rk g ateways allo wed
p er tenant, -1 fo r unlimited
q uo ta_packet_fi l ter = 100
(IntO p t) Numb er o f p ac ket_filters allo wed p er
tenant, -1 fo r unlimited
q uo ta_po o l = 10
(IntO p t) Numb er o f p o o ls allo wed p er tenant.
A neg ative value means unlimited .
q uo ta_po rt = 50
(IntO p t) Numb er o f p o rts allo wed p er tenant.
A neg ative value means unlimited .
4 99
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
q uo ta_ro uter = 10
(IntO p t) Numb er o f ro uters allo wed p er
tenant. A neg ative value means unlimited .
q uo ta_securi ty_g ro up = 10
(IntO p t) Numb er o f s ec urity g ro up s allo wed
p er tenant. A neg ative value means unlimited .
q uo ta_securi ty_g ro up_rul e = 100
(IntO p t) Numb er o f s ec urity rules allo wed p er
tenant. A neg ative value means unlimited .
q uo ta_subnet = 10
(IntO p t) Numb er o f s ub nets allo wed p er
tenant, A neg ative value means unlimited .
q uo ta_vi p = 10
(IntO p t) Numb er o f vip s allo wed p er tenant. A
neg ative value means unlimited .
7.1.21. Root wrap
Use the following options in the neutro n. co nf file for the rootwrap settings
T ab le 7.6 2. D escrip t io n o f ro o t wrap co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
fi l ters_path =
/etc/neutron/rootwrap.d,/usr/share/neutron/rootw
rap
500
Lis t o f d irec to ries to lo ad filter d efinitio ns
fro m (s ep arated b y ' ,' ). Thes e d irec to ries
MUST all b e o nly writeab le b y ro o t !
exec_d i rs = /sbin,/usr/sbin,/bin,/usr/bin
Lis t o f d irec to ries to s earc h exec utab les in,
in c as e filters d o no t exp lic itely s p ec ify a full
p ath (s ep arated b y ' ,' ) If no t s p ec ified ,
d efaults to s ys tem PATH enviro nment
variab le. Thes e d irec to ries MUST all b e o nly
writeab le b y ro o t !
use_sysl o g = False
Enab le lo g g ing to s ys lo g Default value is
Fals e
sysl o g _l o g _faci l i ty = syslog
Whic h s ys lo g fac ility to us e. Valid values
inc lud e auth, authp riv, s ys lo g , lo c al0 ,
lo c al1... Default value is ' s ys lo g '
sysl o g _l o g _l evel = ERROR
Whic h mes s ag es to lo g . INFO means lo g all
us ag e ERRO R means o nly lo g uns uc c es s ful
attemp ts
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
[xenapi]
xenapi _co nnecti o n_url = <None>
XenAPI c o nfig uratio n is o nly req uired b y the
L2 ag ent if it is to targ et a XenServer/XCP
c o mp ute ho s t' s d o m0 .
xenapi _co nnecti o n_username = root
No help text availab le fo r this o p tio n.
xenapi _co nnecti o n_passwo rd =
No help text availab le fo r this o p tio n.
<None>
7.1.22. Scheduler
Use the following options in the neutro n. co nf file to change scheduler settings.
T ab le 7.6 3. D escrip t io n o f sch ed u ler co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
netwo rk_auto _sched ul e = True
(Bo o lO p t) Allo w auto s c hed uling netwo rks to
DHCP ag ent.
netwo rk_sched ul er_d ri ver =
(StrO p t) Driver to us e fo r s c hed uling netwo rk
to DHCP ag ent
neutron.scheduler.dhcp_agent_scheduler.Chan
ceScheduler
ro uter_auto _sched ul e = True
(Bo o lO p t) Allo w auto s c hed uling o f ro uters
to L3 ag ent.
ro uter_d el ete_namespaces = False
(Bo o lO p t) Delete names p ac e after remo ving
a ro uter.
ro uter_sched ul er_d ri ver =
(StrO p t) Driver to us e fo r s c hed uling ro uter
to a d efault L3 ag ent
neutron.scheduler.l3_agent_scheduler.ChanceS
cheduler
7.1.23. Securit y Groups
Use the following options in the configuration file for your driver to change security group
settings.
T ab le 7.6 4 . D escrip t io n o f secu rit y g ro u p s co n f ig u rat io n o p t io n s
501
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
[SECURIT YG RO UP]
enabl e_i pset = True
(Bo o lO p t) Us e ip s et to s p eed -up the
ip tab les b as ed s ec urity g ro up s .
enabl e_securi ty_g ro up = True
(Bo o lO p t) Co ntro ls whether the neutro n
s ec urity g ro up API is enab led in the s erver. It
s ho uld b e fals e when us ing no s ec urity
g ro up s o r us ing the no va s ec urity g ro up API.
fi rewal l _d ri ver = None
(StrO p t) Driver fo r s ec urity g ro up s firewall in
the L2 ag ent
7.1.24 . SSL and Cert ificat ion Aut horit y
Use the following options in the neutro n. co nf file to enable SSL.
T ab le 7.6 5. D escrip t io n o f C A an d SSL co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[DEFAULT ]
ssl _ca_fi l e = None
(StrO p t) CA c ertific ate file to us e to verify
c o nnec ting c lients
ssl _cert_fi l e = None
(StrO p t) Certific ate file to us e when s tarting
the s erver s ec urely
ssl _key_fi l e = None
(StrO p t) Private key file to us e when s tarting
the s erver s ec urely
7.1.25. T est ing
Use the following options to alter testing-related features.
T ab le 7.6 6 . D escrip t io n o f t est in g co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
[DEFAULT ]
502
Descript ion
CHAPT ER 7 . NET WO RKING
Configurat ion opt ion = Default value
Descript ion
fake_rabbi t = False
(Bo o lO p t) Dep rec ated , us e
rp c _b ac kend =ko mb u+ memo ry o r
rp c _b ac kend =fake
7.1.26. vArmour Firewall-as-a-Service driver
Use the following options in the l 3_ag ent. i ni file for the vArmour FWaaS driver.
T ab le 7.6 7. D escrip t io n o f vArmo u r co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[vArmour]
d irec to r = lo c alho s t
(StrO p t) vArmo ur d irec to r ip
d irec to r_p o rt = 443
(StrO p t) vArmo ur d irec to r p o rt
p as s wo rd = varmo ur
(StrO p t) vArmo ur d irec to r p as s wo rd
us ername = varmo ur
(StrO p t) vArmo ur d irec to r us ername
7.1.27. VPN
Use the following options in the vpn_ag ent. i ni file for the VPN agent.
T ab le 7.6 8. D escrip t io n o f VPN co n f ig u rat io n o p t io n s
Configurat ion opt ion = Default value
Descript ion
[ipsec]
c o nfig _b as e_d ir = $ s tate_p ath/ip s ec
(StrO p t) Lo c atio n to s to re ip s ec s erver
c o nfig files
ip s ec _s tatus _c hec k_interval = 6 0
(IntO p t) Interval fo r c hec king ip s ec s tatus
[openswan]
ip s ec _c o nfig _temp late = /us r/lib /p ytho n/s itep ac kag es /neutro n/s ervic es /vp n/d evic e_d rive
rs /temp late/o p ens wan/ip s ec .c o nf.temp late
(StrO p t) Temp late file fo r ip s ec c o nfig uratio n
503
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
ip s ec _s ec ret_temp late = /us r/lib /p ytho n/s itep ac kag es /neutro n/s ervic es /vp n/d evic e_d rive
rs /temp late/o p ens wan/ip s ec .s ec ret.temp late
(StrO p t) Temp late file fo r ip s ec s ec ret
c o nfig uratio n
[vpnagent ]
vp n_d evic e_d river =
[' neutro n.s ervic es .vp n.d evic e_d rivers .ip s ec .
O p enSwanDriver' ]
(MultiStrO p t) The vp n d evic e d rivers Neutro n
will us e
7.2. LOG FILES USED BY NET WORKING
The corresponding log file of each Networking service is stored in the /var/l o g /neutro n/
directory of the host on which each service runs.
T ab le 7.6 9 . Lo g f iles u sed b y N et wo rkin g services
Lo g file
Servic e/interfac e
d hcp-ag ent. l o g
neutro n-d hcp-ag ent
l 3-ag ent. l o g
neutro n-l 3-ag ent
l baas-ag ent. l o g
neutro n-l baas-ag ent [a]
l i nuxbri d g e-ag ent. l o g
neutro n-l i nuxbri d g e-ag ent
metad ata-ag ent. l o g
neutro n-metad ata-ag ent
meteri ng -ag ent. l o g
neutro n-meteri ng -ag ent
o penvswi tch-ag ent. l o g
neutro n-o penvswi tch-ag ent
server. l o g
neutro n-server
The neutro n-l baas-ag ent service only runs when Load-Balancer-as-aService is enabled.
[a]
7.3. NET WORKING SAMPLE CONFIGURAT ION FILES
All the files in this section can be found in /etc/neutro n/.
7.3.1. neut ron.conf
504
CHAPT ER 7 . NET WO RKING
7.3.1. neut ron.conf
Use the neutro n. co nf file to configure the majority of the OpenStack Networking options.
[DEFAULT]
# Print more verbose output (set logging level to INFO instead of
default WARNING level).
# verbose = False
# =========Start Global Config Option for Distributed L3
Router===============
# Setting the "router_distributed" flag to "True" will default to the
creation
# of distributed tenant routers. The admin can override this flag by
specifying
# the type of the router on the create request (admin-only
attribute). Default
# value is "False" to support legacy mode (centralized) routers.
#
# router_distributed = False
#
# ===========End Global Config Option for Distributed L3
Router===============
# Print debugging output (set logging level to DEBUG instead of
default WARNING level).
# debug = False
# Where to store Neutron state files.
by the
# user executing the agent.
# state_path = /var/lib/neutron
This directory must be writable
# Where to store lock files
lock_path = $state_path/lock
# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
# log_date_format = %Y-%m-%d %H:%M:%S
#
#
#
#
#
#
use_syslog
->
log_file and log_dir
->
(not log_file) and log_dir
->
use_stderr
->
(not user_stderr) and (not log_file) ->
publish_errors
->
syslog
log_dir/log_file
log_dir/{binary_name}.log
stderr
stdout
notification system
# use_syslog = False
# syslog_log_facility = LOG_USER
# use_stderr = True
# log_file =
# log_dir =
# publish_errors = False
# Address to bind the API server to
505
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# bind_host = 0.0.0.0
# Port the bind the API server to
# bind_port = 9696
# Path to the extensions. Note that this can be a colon-separated
list of
# paths. For example:
# api_extensions_path =
extensions:/path/to/more/extensions:/even/more/extensions
# The __path__ of neutron.extensions is appended to this, so if your
# extensions are in there you don't need to specify them here
# api_extensions_path =
# (StrOpt) Neutron core plugin entrypoint to be loaded from the
# neutron.core_plugins namespace. See setup.cfg for the entrypoint
names of the
# plugins included in the neutron source distribution. For
compatibility with
# previous versions, the class name of a plugin can be specified
instead of its
# entrypoint name.
#
# core_plugin =
# Example: core_plugin = ml2
# (ListOpt) List of service plugin entrypoints to be loaded from the
# neutron.service_plugins namespace. See setup.cfg for the entrypoint
names of
# the plugins included in the neutron source distribution. For
compatibility
# with previous versions, the class name of a plugin can be specified
instead
# of its entrypoint name.
#
# service_plugins =
# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
# Paste configuration file
# api_paste_config = api-paste.ini
# The strategy to be used for auth.
# Supported values are 'keystone'(default), 'noauth'.
# auth_strategy = keystone
#
#
#
#
#
#
#
Base MAC
4h octet
randomly
3 octet
base_mac
4 octet
base_mac
address. The first 3 octets will remain unchanged. If the
is not 00, it will also be used. The others will be
generated.
= fa:16:3e:00:00:00
= fa:16:3e:4f:00:00
# DVR Base MAC address. The first 3 octets will remain unchanged. If
the
# 4th octet is not 00, it will also be used. The others will be
506
CHAPT ER 7 . NET WO RKING
randomly
# generated. The 'dvr_base_mac' *must* be different from 'base_mac' to
# avoid mixing them up with MAC's allocated for tenant ports.
# A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00
# The default is 3 octet
# dvr_base_mac = fa:16:3f:00:00:00
# Maximum amount of retries to generate a unique MAC address
# mac_generation_retries = 16
# DHCP Lease duration (in seconds). Use -1 to
# tell dnsmasq to use infinite lease times.
# dhcp_lease_duration = 86400
# Allow sending resource operation notification to DHCP agent
# dhcp_agent_notification = True
# Enable or disable bulk create/update/delete operations
# allow_bulk = True
# Enable or disable pagination
# allow_pagination = False
# Enable or disable sorting
# allow_sorting = False
# Enable or disable overlapping IPs for subnets
# Attention: the following parameter MUST be set to False if Neutron
is
# being used in conjunction with nova security groups
# allow_overlapping_ips = False
# Ensure that configured gateway is on subnet. For IPv6, validate only
if
# gateway is not a link local address. Deprecated, to be removed
during the
# K release, at which point the check will be mandatory.
# force_gateway_on_subnet = True
#
#
#
#
#
#
Default maximum number of items returned in a single response,
value == infinite and value < 0 means no max limit, and value must
be greater than 0. If the number of items requested is greater than
pagination_max_limit, server will just return pagination_max_limit
of number of items.
pagination_max_limit = -1
# Maximum number of DNS nameservers per subnet
# max_dns_nameservers = 5
# Maximum number of host routes per subnet
# max_subnet_host_routes = 20
# Maximum number of fixed ips per port
# max_fixed_ips_per_port = 5
# Maximum number of routes per router
# max_routes = 30
# =========== items for agent management extension =============
# Seconds to regard the agent as down; should be at least twice
507
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# report_interval, to be sure the agent is down for good
# agent_down_time = 75
# =========== end of items for agent management extension =====
# =========== items for agent scheduler extension =============
# Driver to use for scheduling network to DHCP agent
# network_scheduler_driver =
neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
# Driver to use for scheduling router to a default L3 agent
# router_scheduler_driver =
neutron.scheduler.l3_agent_scheduler.ChanceScheduler
# Driver to use for scheduling a loadbalancer pool to an lbaas agent
# loadbalancer_pool_scheduler_driver =
neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
# Allow auto scheduling networks to DHCP agent. It will schedule nonhosted
# networks to first DHCP agent which sends get_active_networks message
to
# neutron server
# network_auto_schedule = True
# Allow auto scheduling routers to L3 agent. It will schedule nonhosted
# routers to first L3 agent which sends sync_routers message to neutron
server
# router_auto_schedule = True
# Allow automatic rescheduling of routers from dead L3 agents with
# admin_state_up set to True to alive agents.
# allow_automatic_l3agent_failover = False
# Number of DHCP agents scheduled to host a network. This enables
redundant
# DHCP agents for configured networks.
# dhcp_agents_per_network = 1
# ===========
end of items for agent scheduler extension =====
# =========== items for l3 extension ==============
# Enable high availability for virtual routers.
# l3_ha = False
#
# Maximum number of l3 agents which a HA router will be scheduled on.
If it
# is set to 0 the router will be scheduled on every agent.
# max_l3_agents_per_router = 3
#
# Minimum number of l3 agents which a HA router will be scheduled on.
The
# default value is 2.
# min_l3_agents_per_router = 2
#
# CIDR of the administrative network if HA mode is enabled
# l3_ha_net_cidr = 169.254.192.0/18
# =========== end of items for l3 extension =======
508
CHAPT ER 7 . NET WO RKING
# =========== WSGI parameters related to the API server
==============
# Number of separate worker processes to spawn. The default, 0, runs
the
# worker thread in the current process. Greater than 0 launches that
number of
# child processes as workers. The parent process manages them.
# api_workers = 0
# Number of separate RPC worker processes to spawn. The default, 0,
runs the
# worker thread in the current process. Greater than 0 launches that
number of
# child processes as RPC workers. The parent process manages them.
# This feature is experimental until issues are addressed and testing
has been
# enabled for various plugins for compatibility.
# rpc_workers = 0
# Sets the value of TCP_KEEPIDLE in seconds to use for each server
socket when
# starting API server. Not supported on OS X.
# tcp_keepidle = 600
# Number of seconds to keep retrying to listen
# retry_until_window = 30
# Number of backlog requests to configure the socket with.
# backlog = 4096
# Max header line to accommodate large tokens
# max_header_line = 16384
# Enable SSL on the API server
# use_ssl = False
# Certificate file to use when starting API server securely
# ssl_cert_file = /path/to/certfile
# Private key file to use when starting API server securely
# ssl_key_file = /path/to/keyfile
# CA certificate file to use when starting API server securely to
# verify connecting clients. This is an optional parameter only
required if
# API clients need to authenticate to the API server using SSL
certificates
# signed by a trusted CA
# ssl_ca_file = /path/to/cafile
# ======== end of WSGI parameters related to the API server ==========
# ======== neutron nova interactions ==========
# Send notification to nova when port status is active.
# notify_nova_on_port_status_changes = True
509
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# Send notifications to nova when port data (fixed_ips/floatingips)
change
# so nova can update it's cache.
# notify_nova_on_port_data_changes = True
# URL for connection to nova (Only supports one nova region
currently).
# nova_url = http://127.0.0.1:8774/v2
# Name of nova region to use. Useful if keystone manages more than one
region
# nova_region_name =
# Username for connection to nova in admin context
# nova_admin_username =
# The uuid of the admin nova tenant
# nova_admin_tenant_id =
# Password for connection to nova in admin context.
# nova_admin_password =
# Authorization URL for connection to nova in admin context.
# nova_admin_auth_url =
# CA file for novaclient to verify server certificates
# nova_ca_certificates_file =
# Boolean to control ignoring SSL errors on the nova url
# nova_api_insecure = False
# Number of seconds between sending events to nova if there are any
events to send
# send_events_interval = 2
# ======== end of neutron nova interactions ==========
#
# Options defined in oslo.messaging
#
# Use durable queues in amqp. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
#amqp_durable_queues=false
# Auto-delete queues in amqp. (boolean value)
#amqp_auto_delete=false
# Size of RPC connection pool. (integer value)
#rpc_conn_pool_size=30
# Qpid broker hostname. (string value)
#qpid_hostname=localhost
# Qpid broker port. (integer value)
510
CHAPT ER 7 . NET WO RKING
#qpid_port=5672
# Qpid HA cluster host:port pairs. (list value)
#qpid_hosts=$qpid_hostname:$qpid_port
# Username for Qpid connection. (string value)
#qpid_username=
# Password for Qpid connection. (string value)
#qpid_password=
# Space separated list of SASL mechanisms to use for auth.
# (string value)
#qpid_sasl_mechanisms=
# Seconds between connection keepalive heartbeats. (integer
# value)
#qpid_heartbeat=60
# Transport to use, either 'tcp' or 'ssl'. (string value)
#qpid_protocol=tcp
# Whether to disable the Nagle algorithm. (boolean value)
#qpid_tcp_nodelay=true
# The qpid topology version to use. Version 1 is what was
# originally used by impl_qpid. Version 2 includes some
# backwards-incompatible changes that allow broker federation
# to work. Users should update to version 2 when they are
# able to take everything down, as it requires a clean break.
# (integer value)
#qpid_topology_version=1
# SSL version to use (valid only if SSL enabled). valid values
# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some
# distributions. (string value)
#kombu_ssl_version=
# SSL key file (valid only if SSL enabled). (string value)
#kombu_ssl_keyfile=
# SSL cert file (valid only if SSL enabled). (string value)
#kombu_ssl_certfile=
# SSL certification authority file (valid only if SSL
# enabled). (string value)
#kombu_ssl_ca_certs=
# How long to wait before reconnecting in response to an AMQP
# consumer cancel notification. (floating point value)
#kombu_reconnect_delay=1.0
# The RabbitMQ broker address where a single node is used.
# (string value)
#rabbit_host=localhost
511
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# The RabbitMQ broker port where a single node is used.
# (integer value)
#rabbit_port=5672
# RabbitMQ HA cluster host:port pairs. (list value)
#rabbit_hosts=$rabbit_host:$rabbit_port
# Connect over SSL for RabbitMQ. (boolean value)
#rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
#rabbit_userid=guest
# The RabbitMQ password. (string value)
#rabbit_password=guest
# the RabbitMQ login method (string value)
#rabbit_login_method=AMQPLAIN
# The RabbitMQ virtual host. (string value)
#rabbit_virtual_host=/
# How frequently to retry connecting with RabbitMQ. (integer
# value)
#rabbit_retry_interval=1
# How long to backoff for between retries when connecting to
# RabbitMQ. (integer value)
#rabbit_retry_backoff=2
# Maximum number of RabbitMQ connection retries. Default is 0
# (infinite retry count). (integer value)
#rabbit_max_retries=0
# Use HA queues in RabbitMQ (x-ha-policy: all). If you change
# this option, you must wipe the RabbitMQ database. (boolean
# value)
#rabbit_ha_queues=false
# If passed, use a fake RabbitMQ provider. (boolean value)
#fake_rabbit=false
# ZeroMQ bind address. Should be a wildcard (*), an ethernet
# interface, or IP. The "host" option should point or resolve
# to this address. (string value)
#rpc_zmq_bind_address=*
# MatchMaker driver. (string value)
#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocal
host
# ZeroMQ receiver listening port. (integer value)
#rpc_zmq_port=9501
# Number of ZeroMQ contexts, defaults to 1. (integer value)
#rpc_zmq_contexts=1
512
CHAPT ER 7 . NET WO RKING
# Maximum number of ingress messages to locally buffer per
# topic. Default is unlimited. (integer value)
#rpc_zmq_topic_backlog=<None>
# Directory for holding IPC sockets. (string value)
#rpc_zmq_ipc_dir=/var/run/openstack
# Name of this node. Must be a valid hostname, FQDN, or IP
# address. Must match "host" option, if running Nova. (string
# value)
#rpc_zmq_host=oslo
# Seconds to wait before a cast expires (TTL). Only supported
# by impl_zmq. (integer value)
#rpc_cast_timeout=30
# Heartbeat frequency. (integer value)
#matchmaker_heartbeat_freq=300
# Heartbeat time-to-live. (integer value)
#matchmaker_heartbeat_ttl=600
# Size of RPC greenthread pool. (integer value)
#rpc_thread_pool_size=64
# Driver or drivers to handle sending notifications. (multi
# valued)
#notification_driver=
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
#notification_topics=notifications
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout=60
# A URL representing the messaging driver to use and its full
# configuration. If not set, we fall back to the rpc_backend
# option and driver specific configuration. (string value)
#transport_url=<None>
# The messaging driver to use, defaults to rabbit. Other
# drivers include qpid and zmq. (string value)
#rpc_backend=rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the
# transport_url option. (string value)
#control_exchange=openstack
[matchmaker_redis]
#
# Options defined in oslo.messaging
513
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#
# Host to locate redis. (string value)
#host=127.0.0.1
# Use this port to connect to redis host. (integer value)
#port=6379
# Password for Redis server (optional). (string value)
#password=<None>
[matchmaker_ring]
#
# Options defined in oslo.messaging
#
# Matchmaker ring file (JSON). (string value)
# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
#ringfile=/etc/oslo/matchmaker_ring.json
[quotas]
# Default driver to use for quota checks
# quota_driver = neutron.db.quota_db.DbQuotaDriver
# Resource name(s) that are supported in quota features
# quota_items = network,subnet,port
# Default number of resource allowed per tenant. A negative value
means
# unlimited.
# default_quota = -1
# Number of networks allowed per tenant. A negative value means
unlimited.
# quota_network = 10
# Number of subnets allowed per tenant. A negative value means
unlimited.
# quota_subnet = 10
# Number of ports allowed per tenant. A negative value means
unlimited.
# quota_port = 50
# Number of security groups allowed per tenant. A negative value means
# unlimited.
# quota_security_group = 10
# Number of security group rules allowed per tenant. A negative value
means
# unlimited.
# quota_security_group_rule = 100
# Number of vips allowed per tenant. A negative value means unlimited.
514
CHAPT ER 7 . NET WO RKING
# quota_vip = 10
# Number of pools allowed per tenant. A negative value means
unlimited.
# quota_pool = 10
# Number of pool members allowed per tenant. A negative value means
unlimited.
# The default is unlimited because a member is not a real resource
consumer
# on Openstack. However, on back-end, a member is a resource consumer
# and that is the reason why quota is possible.
# quota_member = -1
# Number of health monitors allowed per tenant. A negative value means
# unlimited.
# The default is unlimited because a health monitor is not a real
resource
# consumer on Openstack. However, on back-end, a member is a resource
consumer
# and that is the reason why quota is possible.
# quota_health_monitor = -1
# Number of routers allowed per tenant. A negative value means
unlimited.
# quota_router = 10
# Number of floating IPs allowed per tenant. A negative value means
unlimited.
# quota_floatingip = 50
# Number of firewalls allowed per tenant. A negative value means
unlimited.
# quota_firewall = 1
# Number of firewall policies allowed per tenant. A negative value
means
# unlimited.
# quota_firewall_policy = 1
# Number of firewall rules allowed per tenant. A negative value means
# unlimited.
# quota_firewall_rule = 100
[agent]
# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the
real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand
directly
# root_helper = sudo
#
#
#
#
=========== items for agent management extension =============
seconds between nodes reporting state to server; should be less than
agent_down_time, best if it is half or less than agent_down_time
report_interval = 30
515
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# ===========
end of items for agent management extension =====
[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
[database]
# This line MUST be changed to actually run the plugin.
# Example:
# connection = mysql://root:pass@ 127.0.0.1:3306/neutron
# Replace 127.0.0.1 above with the IP address of the database used by
the
# main neutron server. (Leave it as is if the database runs on this
host.)
# connection = sqlite://
# NOTE: In deployment the [database] section and its connection
attribute may
# be set in the corresponding core plugin '.ini' file. However, it is
suggested
# to put the [database] section and its connection attribute in this
# configuration file.
# Database engine for which script will be generated when using
offline
# migration
# engine =
# The SQLAlchemy connection string used to connect to the slave
database
# slave_connection =
# Database reconnection retry times - in event connectivity is lost
# set to -1 implies an infinite retry count
# max_retries = 10
# Database reconnection interval in seconds - if the initial
connection to the
# database fails
# retry_interval = 10
# Minimum number of SQL connections to keep open in a pool
# min_pool_size = 1
# Maximum number of SQL connections to keep open in a pool
# max_pool_size = 10
# Timeout in seconds before idle sql connections are reaped
# idle_timeout = 3600
# If set, use this value for max_overflow with sqlalchemy
# max_overflow = 20
516
CHAPT ER 7 . NET WO RKING
# Verbosity of SQL debugging information. 0=None, 100=Everything
# connection_debug = 0
# Add python stack traces to SQL as comment strings
# connection_trace = False
# If set, use this value for pool_timeout with sqlalchemy
# pool_timeout = 10
[service_providers]
# Specify service providers (drivers) for advanced services like
loadbalancer, VPN, Firewall.
# Must be in form:
# service_provider=<service_type>:<name>:<driver>[:default]
# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
# Combination of <service type> and <name> must be unique; <driver>
must also be unique
# This is multiline option, example for default provider:
# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
# example of non-default provider:
# service_provider=FIREWALL:name2:firewall_driver_path
# --- Reference implementations --service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.dr
ivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ips
ec.IPsecVPNDriver:default
# In order to activate Radware's lbaas driver you need to uncomment
the next line.
# If you want to keep the HA Proxy as the default lbaas driver, remove
the attribute default from the line below.
# Otherwise comment the HA Proxy line
# service_provider =
LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.dri
ver.LoadBalancerDriver:default
# uncomment the following line to make the 'netscaler' LBaaS provider
available.
#
service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.
drivers.netscaler.netscaler_driver.NetScalerPluginDriver
# Uncomment the following line (and comment out the OpenSwan VPN
line) to enable Cisco's VPN driver.
#
service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_
ipsec.CiscoCsrIPsecVPNDriver:default
# Uncomment the line below to use Embrane heleos as Load Balancer
service provider.
#
service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.dr
ivers.embrane.driver.EmbraneLbaas:default
# Uncomment the line below to use the A10 Networks LBaaS driver.
Requires 'pip install a10-neutron-lbaas'.
#service_provider =
LOADBALANCER:A10Networks:neutron.services.loadbalancer.drivers.a10netw
orks.driver_v1.ThunderDriver:default
# Uncomment the following line to test the LBaaS v2 API _WITHOUT_ a
517
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
real backend
# service_provider =
LOADBALANCER:LoggingNoop:neutron.services.loadbalancer.drivers.logging
_noop.driver.LoggingNoopLoadBalancerDriver:default
7.3.2. api-past e.ini
Use the api -paste. i ni to configure the OpenStack Networking API.
[composite:neutron]
use = egg:Paste#urlmap
/: neutronversions
/v2.0: neutronapi_v2_0
[composite:neutronapi_v2_0]
use = call:neutron.auth:pipeline_factory
noauth = request_id catch_errors extensions neutronapiapp_v2_0
keystone = request_id catch_errors authtoken keystonecontext
extensions neutronapiapp_v2_0
[filter:request_id]
paste.filter_factory =
neutron.openstack.common.middleware.request_id:RequestIdMiddleware.fac
tory
[filter:catch_errors]
paste.filter_factory =
neutron.openstack.common.middleware.catch_errors:CatchErrorsMiddleware
.factory
[filter:keystonecontext]
paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
[filter:extensions]
paste.filter_factory =
neutron.api.extensions:plugin_aware_extension_middleware_factory
[app:neutronversions]
paste.app_factory = neutron.api.versions:Versions.factory
[app:neutronapiapp_v2_0]
paste.app_factory = neutron.api.v2.router:APIRouter.factory
7.3.3. policy.json
518
CHAPT ER 7 . NET WO RKING
Use the po l i cy. jso n file to define additional access controls that apply to the OpenStack
Networking service.
{
"context_is_admin": "role:admin",
"admin_or_owner": "rule:context_is_admin or tenant_id:%
(tenant_id)s",
"admin_or_network_owner": "rule:context_is_admin or tenant_id:%
(network:tenant_id)s",
"admin_only": "rule:context_is_admin",
"regular_user": "",
"shared": "field:networks:shared=True",
"shared_firewalls": "field:firewalls:shared=True",
"external": "field:networks:router:external=True",
"default": "rule:admin_or_owner",
"create_subnet": "rule:admin_or_network_owner",
"get_subnet": "rule:admin_or_owner or rule:shared",
"update_subnet": "rule:admin_or_network_owner",
"delete_subnet": "rule:admin_or_network_owner",
"create_network": "",
"get_network": "rule:admin_or_owner or rule:shared or
rule:external",
"get_network:router:external": "rule:regular_user",
"get_network:segments": "rule:admin_only",
"get_network:provider:network_type": "rule:admin_only",
"get_network:provider:physical_network": "rule:admin_only",
"get_network:provider:segmentation_id": "rule:admin_only",
"get_network:queue_id": "rule:admin_only",
"create_network:shared": "rule:admin_only",
"create_network:router:external": "rule:admin_only",
"create_network:segments": "rule:admin_only",
"create_network:provider:network_type": "rule:admin_only",
"create_network:provider:physical_network": "rule:admin_only",
"create_network:provider:segmentation_id": "rule:admin_only",
"update_network": "rule:admin_or_owner",
"update_network:segments": "rule:admin_only",
"update_network:shared": "rule:admin_only",
"update_network:provider:network_type": "rule:admin_only",
"update_network:provider:physical_network": "rule:admin_only",
"update_network:provider:segmentation_id": "rule:admin_only",
"update_network:router:external": "rule:admin_only",
"delete_network": "rule:admin_or_owner",
"create_port": "",
"create_port:mac_address": "rule:admin_or_network_owner",
"create_port:fixed_ips": "rule:admin_or_network_owner",
"create_port:port_security_enabled":
"rule:admin_or_network_owner",
"create_port:binding:host_id": "rule:admin_only",
"create_port:binding:profile": "rule:admin_only",
"create_port:mac_learning_enabled":
"rule:admin_or_network_owner",
"get_port": "rule:admin_or_owner",
"get_port:queue_id": "rule:admin_only",
519
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
"get_port:binding:vif_type": "rule:admin_only",
"get_port:binding:vif_details": "rule:admin_only",
"get_port:binding:host_id": "rule:admin_only",
"get_port:binding:profile": "rule:admin_only",
"update_port": "rule:admin_or_owner",
"update_port:fixed_ips": "rule:admin_or_network_owner",
"update_port:port_security_enabled":
"rule:admin_or_network_owner",
"update_port:binding:host_id": "rule:admin_only",
"update_port:binding:profile": "rule:admin_only",
"update_port:mac_learning_enabled":
"rule:admin_or_network_owner",
"delete_port": "rule:admin_or_owner",
"get_router:ha": "rule:admin_only",
"create_router": "rule:regular_user",
"create_router:external_gateway_info:enable_snat":
"rule:admin_only",
"create_router:distributed": "rule:admin_only",
"create_router:ha": "rule:admin_only",
"get_router": "rule:admin_or_owner",
"get_router:distributed": "rule:admin_only",
"update_router:external_gateway_info:enable_snat":
"rule:admin_only",
"update_router:distributed": "rule:admin_only",
"update_router:ha": "rule:admin_only",
"delete_router": "rule:admin_or_owner",
"add_router_interface": "rule:admin_or_owner",
"remove_router_interface": "rule:admin_or_owner",
"create_firewall": "",
"get_firewall": "rule:admin_or_owner",
"create_firewall:shared": "rule:admin_only",
"get_firewall:shared": "rule:admin_only",
"update_firewall": "rule:admin_or_owner",
"update_firewall:shared": "rule:admin_only",
"delete_firewall": "rule:admin_or_owner",
"create_firewall_policy": "",
"get_firewall_policy": "rule:admin_or_owner or
rule:shared_firewalls",
"create_firewall_policy:shared": "rule:admin_or_owner",
"update_firewall_policy": "rule:admin_or_owner",
"delete_firewall_policy": "rule:admin_or_owner",
"create_firewall_rule": "",
"get_firewall_rule": "rule:admin_or_owner or
rule:shared_firewalls",
"update_firewall_rule": "rule:admin_or_owner",
"delete_firewall_rule": "rule:admin_or_owner",
"create_qos_queue": "rule:admin_only",
"get_qos_queue": "rule:admin_only",
"update_agent": "rule:admin_only",
520
CHAPT ER 7 . NET WO RKING
"delete_agent": "rule:admin_only",
"get_agent": "rule:admin_only",
"create_dhcp-network": "rule:admin_only",
"delete_dhcp-network": "rule:admin_only",
"get_dhcp-networks": "rule:admin_only",
"create_l3-router": "rule:admin_only",
"delete_l3-router": "rule:admin_only",
"get_l3-routers": "rule:admin_only",
"get_dhcp-agents": "rule:admin_only",
"get_l3-agents": "rule:admin_only",
"get_loadbalancer-agent": "rule:admin_only",
"get_loadbalancer-pools": "rule:admin_only",
"create_floatingip": "rule:regular_user",
"update_floatingip": "rule:admin_or_owner",
"delete_floatingip": "rule:admin_or_owner",
"get_floatingip": "rule:admin_or_owner",
"create_network_profile": "rule:admin_only",
"update_network_profile": "rule:admin_only",
"delete_network_profile": "rule:admin_only",
"get_network_profiles": "",
"get_network_profile": "",
"update_policy_profiles": "rule:admin_only",
"get_policy_profiles": "",
"get_policy_profile": "",
"create_metering_label": "rule:admin_only",
"delete_metering_label": "rule:admin_only",
"get_metering_label": "rule:admin_only",
"create_metering_label_rule": "rule:admin_only",
"delete_metering_label_rule": "rule:admin_only",
"get_metering_label_rule": "rule:admin_only",
"get_service_provider": "rule:regular_user",
"get_lsn": "rule:admin_only",
"create_lsn": "rule:admin_only"
}
7.3.4 . root wrap.conf
Use the ro o twrap. co nf file to define configuration values used by the ro o twrap script
when the OpenStack Networking service must escalate its privileges to those of the root user.
# Configuration for neutron-rootwrap
# This file should be owned by (and only-writeable by) the root user
[DEFAULT]
# List of directories to load filter definitions from (separated by
521
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
',').
# These directories MUST all be only writeable by root !
filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin
# Enable logging to syslog
# Default value is False
use_syslog=False
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility=syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=ERROR
[xenapi]
# XenAPI configuration is only required by the L2 agent if it is to
# target a XenServer/XCP compute host's dom0.
xenapi_connection_url=<None>
xenapi_connection_username=root
xenapi_connection_password=<None>
7.3.5. Configurat ion files for plug-in agent s
Each plug-in agent that runs on an OpenStack Networking node, to perform local
networking configuration for the node's VMs and networking services, has its own
configuration file.
7 .3.5 .1 . dhcp_age nt .ini
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
# debug = False
# The DHCP agent will resync its state with Neutron to recover from
any
# transient notification or rpc errors. The interval is number of
# seconds between attempts.
# resync_interval = 5
# The DHCP agent requires an interface driver be set. Choose the one
that best
522
CHAPT ER 7 . NET WO RKING
# matches your plugin.
# interface_driver =
# Example of interface_driver option for OVS based plugins(OVS, Ryu,
NEC, NVP,
# BigSwitch/Floodlight)
# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# Name of Open vSwitch bridge to use
# ovs_integration_bridge = br-int
#
#
#
#
Use veth for an OVS interface or not.
Support kernels with limited namespace support
(e.g. RHEL 6.5) so long as ovs_use_veth is set to True.
ovs_use_veth = False
# Example of interface_driver option for LinuxBridge
# interface_driver =
neutron.agent.linux.interface.BridgeInterfaceDriver
# The agent can use other DHCP drivers. Dnsmasq is the simplest and
requires
# no additional setup of the DHCP server.
# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y
and
# iproute2 package that supports namespaces).
# use_namespaces = True
# The DHCP server can assist with providing metadata support on
isolated
# networks. Setting this value to True will cause the DHCP server to
append
# specific host routes to the DHCP request. The metadata service will
only
# be activated when the subnet does not contain any router port. The
guest
# instance must be configured to request host routes via DHCP (Option
121).
# enable_isolated_metadata = False
# Allows for serving metadata requests coming from a dedicated
metadata
# access network whose cidr is 169.254.169.254/16 (or larger prefix),
and
# is connected to a Neutron router from which the VMs send metadata
# request. In this case DHCP Option 121 will not be injected in VMs,
as
# they will be able to reach 169.254.169.254 through a router.
# This option requires enable_isolated_metadata = True
# enable_metadata_network = False
# Number of threads to use during sync process. Should not exceed
connection
# pool size configured on server.
523
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# num_sync_threads = 4
# Location to store DHCP server config files
# dhcp_confs = $state_path/dhcp
# Domain to use for building the hostnames
# dhcp_domain = openstacklocal
# Override the default dnsmasq settings with this file
# dnsmasq_config_file =
# Comma-separated list of DNS servers which will be used by dnsmasq
# as forwarders.
# dnsmasq_dns_servers =
# Limit number of leases to prevent a denial-of-service.
# dnsmasq_lease_max = 16777216
# Location to DHCP lease relay UNIX domain socket
# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay
# Location of Metadata Proxy UNIX domain socket
# metadata_proxy_socket = $state_path/metadata_proxy
# dhcp_delete_namespaces, which is false by default, can be set to
True if
# namespaces can be deleted cleanly on the host running the dhcp
agent.
# Do not enable this until you understand the problem with the Linux
iproute
# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535
and
# you are sure that your version of iproute does not suffer from the
problem.
# If True, namespaces will be deleted when a dhcp server is disabled.
# dhcp_delete_namespaces = False
# Timeout for ovs-vsctl commands.
# If the timeout expires, ovs commands will fail with ALARMCLOCK
error.
# ovs_vsctl_timeout = 10
7 .3.5 .2 . l3_age nt .ini
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
# debug = False
# L3 requires that an interface driver be set. Choose the one that
best
# matches your plugin.
# interface_driver =
524
CHAPT ER 7 . NET WO RKING
# Example of interface_driver option for OVS based plugins (OVS, Ryu,
NEC)
# that supports L3 agent
# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
#
#
#
#
Use veth for an OVS interface or not.
Support kernels with limited namespace support
(e.g. RHEL 6.5) so long as ovs_use_veth is set to True.
ovs_use_veth = False
# Example of interface_driver option for LinuxBridge
# interface_driver =
neutron.agent.linux.interface.BridgeInterfaceDriver
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y
and
# iproute2 package that supports namespaces).
# use_namespaces = True
# If use_namespaces is set as False then the agent can only configure
one router.
# This is done by setting the specific router_id.
# router_id =
# When external_network_bridge is set, each L3 agent can be associated
# with no more than one external network. This value should be set to
the UUID
# of that external network. To allow L3 agent support multiple
external
# networks, both the external_network_bridge and
gateway_external_network_id
# must be left empty.
# gateway_external_network_id =
# Indicates that this L3 agent should also handle routers that do not
have
# an external network gateway configured. This option should be True
only
# for a single agent in a Neutron deployment, and may be False for all
agents
# if all routers must have an external network gateway
# handle_internal_only_routers = True
# Name of bridge used for external network traffic. This should be set
to
# empty value for the linux bridge. when this parameter is set, each
L3 agent
# can be associated with no more than one external network.
# external_network_bridge = br-ex
# TCP Port used by Neutron metadata server
# metadata_port = 9697
# Send this many gratuitous ARPs for HA setup. Set it below or equal
525
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
to 0
# to disable this feature.
# send_arp_for_ha = 3
# seconds between re-sync routers' data if needed
# periodic_interval = 40
# seconds to start to sync routers' data after
# starting agent
# periodic_fuzzy_delay = 5
# enable_metadata_proxy, which is true by default, can be set to False
# if the Nova metadata server is not available
# enable_metadata_proxy = True
# Location of Metadata Proxy UNIX domain socket
# metadata_proxy_socket = $state_path/metadata_proxy
# router_delete_namespaces, which is false by default, can be set to
True if
# namespaces can be deleted cleanly on the host running the L3 agent.
# Do not enable this until you understand the problem with the Linux
iproute
# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535
and
# you are sure that your version of iproute does not suffer from the
problem.
# If True, namespaces will be deleted when a router is destroyed.
# router_delete_namespaces = False
# Timeout for ovs-vsctl commands.
# If the timeout expires, ovs commands will fail with ALARMCLOCK
error.
# ovs_vsctl_timeout = 10
# The working mode for the agent. Allowed values are:
# - legacy: this preserves the existing behavior where the L3 agent is
#
deployed on a centralized networking node to provide L3 services
#
like DNAT, and SNAT. Use this mode if you do not want to adopt
DVR.
# - dvr: this mode enables DVR functionality, and must be used for an
L3
#
agent that runs on a compute host.
# - dvr_snat: this enables centralized SNAT support in conjunction
with
#
DVR. This mode must be used for an L3 agent running on a
centralized
#
node (or in single-host deployments, e.g. devstack).
# agent_mode = legacy
# Location to store keepalived and all HA configurations
# ha_confs_path = $state_path/ha_confs
# VRRP authentication type AH/PASS
# ha_vrrp_auth_type = PASS
526
CHAPT ER 7 . NET WO RKING
# VRRP authentication password
# ha_vrrp_auth_password =
# The advertisement interval in seconds
# ha_vrrp_advert_int = 2
7 .3.5 .3. lbaas_age nt .ini
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output).
# debug = False
# The LBaaS agent will resync its state with Neutron to recover from
any
# transient notification or rpc errors. The interval is number of
# seconds between attempts.
# periodic_interval = 10
# LBaas requires an interface driver be set. Choose the one that best
# matches your plugin.
# interface_driver =
# Example of interface_driver option for OVS based plugins (OVS, Ryu,
NEC, NVP,
# BigSwitch/Floodlight)
# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
#
#
#
#
Use veth for an OVS interface or not.
Support kernels with limited namespace support
(e.g. RHEL 6.5) so long as ovs_use_veth is set to True.
ovs_use_veth = False
# Example of interface_driver option for LinuxBridge
# interface_driver =
neutron.agent.linux.interface.BridgeInterfaceDriver
# The agent requires drivers to manage the loadbalancer. HAProxy is
the opensource version.
# Multiple device drivers reflecting different service providers could
be specified:
# device_driver = path.to.provider1.driver.Driver
# device_driver = path.to.provider2.driver.Driver
# Default is:
# device_driver =
neutron.services.loadbalancer.drivers.haproxy.namespace_driver.Haproxy
NSDriver
[haproxy]
# Location to store config and state files
# loadbalancer_state_path = $state_path/lbaas
# The user group
527
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# user_group = nogroup
# When delete and re-add the same vip, send this many gratuitous ARPs
to flush
# the ARP cache in the Router. Set it below or equal to 0 to disable
this feature.
# send_gratuitous_arp = 3
7 .3.5 .4 . m e t adat a_age nt .ini
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
# debug = True
# The Neutron user information for accessing the Neutron API.
auth_url = http://localhost:5000/v2.0
auth_region = RegionOne
# Turn off verification of the certificate for ssl
# auth_insecure = False
# Certificate Authority public key (CA cert) file for ssl
# auth_ca_cert =
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
# Network service endpoint type to pull from the keystone catalog
# endpoint_type = adminURL
# IP address used by Nova metadata server
# nova_metadata_ip = 127.0.0.1
# TCP Port used by Nova metadata server
# nova_metadata_port = 8775
# Which protocol to use for requests to Nova metadata server, http or
https
# nova_metadata_protocol = http
# Whether insecure SSL connection should be accepted for Nova metadata
server
# requests
# nova_metadata_insecure = False
# Client certificate for nova api, needed when nova api requires
client
# certificates
# nova_client_cert =
# Private key for nova client certificate
# nova_client_priv_key =
# When proxying metadata requests, Neutron signs the Instance-ID
528
CHAPT ER 7 . NET WO RKING
header with a
# shared secret to prevent spoofing. You may select any string for a
secret,
# but it must match here and in the configuration used by the Nova
Metadata
# Server. NOTE: Nova uses a different key:
neutron_metadata_proxy_shared_secret
# metadata_proxy_shared_secret =
# Location of Metadata Proxy UNIX domain socket
# metadata_proxy_socket = $state_path/metadata_proxy
# Number of separate worker processes for metadata server. Defaults to
# half the number of CPU cores
# metadata_workers =
# Number of backlog requests to configure the metadata server socket
with
# metadata_backlog = 4096
# URL to connect to the cache backend.
# default_ttl=0 parameter will cause cache entries to never expire.
# Otherwise default_ttl specifies time in seconds a cache entry is
valid for.
# No cache is used in case no value is passed.
# cache_url = memory://?default_ttl=5
7.4 . NEW, UPDAT ED AND DEPRECAT ED OPT IONS IN JUNO FOR
OPENST ACK NET WORKING
T ab le 7.70. N ew o p t io n s
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] ag ent_d o wn_time = 75
(IntO p t) Sec o nd s to reg ard the ag ent is
d o wn; s ho uld b e at leas t twic e
rep o rt_interval, to b e s ure the ag ent is d o wn
fo r g o o d .
529
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
530
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] ag ent_mo d e = leg ac y
(StrO p t) The wo rking mo d e fo r the ag ent.
Allo wed mo d es are: ' leg ac y' - this p res erves
the exis ting b ehavio r where the L3 ag ent is
d ep lo yed o n a c entraliz ed netwo rking no d e
to p ro vid e L3 s ervic es like DNAT, and SNAT.
Us e this mo d e if yo u d o no t want to ad o p t
DVR. ' d vr' - this mo d e enab les DVR
func tio nality and mus t b e us ed fo r an L3
ag ent that runs o n a c o mp ute ho s t. ' d vr_s nat'
- this enab les c entraliz ed SNAT s up p o rt in
c o njunc tio n with DVR. This mo d e mus t b e
us ed fo r an L3 ag ent running o n a
c entraliz ed no d e (o r in s ing le-ho s t
d ep lo yments , e.g . d evs tac k)
[DEFAULT] allo w_auto matic _l3ag ent_failo ver
= Fals e
(Bo o lO p t) Auto matic ally res c hed ule ro uters
fro m o ffline L3 ag ents to o nline L3 ag ents .
[DEFAULT] ap ic _s ys tem_id = o p ens tac k
(StrO p t) Prefix fo r APIC
d o main/names /p ro files c reated
[DEFAULT] c hec k_c hild _p ro c es s es = Fals e
(Bo o lO p t) Perio d ic ally c hec k c hild
p ro c es s es
[DEFAULT] c hec k_c hild _p ro c es s es _ac tio n =
res p awn
(StrO p t) Ac tio n to b e exec uted when a c hild
p ro c es s d ies
[DEFAULT] c hec k_c hild _p ro c es s es _interval
= 60
(IntO p t) Interval b etween c hec ks o f c hild
p ro c es s livenes s (s ec o nd s )
[DEFAULT] d hc p _ag ents _p er_netwo rk = 1
(IntO p t) Numb er o f DHCP ag ents s c hed uled
to ho s t a netwo rk.
[DEFAULT] d vr_b as e_mac =
fa:16 :3f:0 0 :0 0 :0 0
(StrO p t) The b as e mac ad d res s us ed fo r
uniq ue DVR ins tanc es b y Neutro n
[DEFAULT] enab le_metad ata_p ro xy = True
(Bo o lO p t) Allo w running metad ata p ro xy.
[DEFAULT] g ateway_external_netwo rk_id =
(StrO p t) UUID o f external netwo rk fo r ro uters
imp lemented b y the ag ents .
[DEFAULT] ha_c o nfs _p ath =
$ s tate_p ath/ha_c o nfs
(StrO p t) Lo c atio n to s to re
keep alived /c o nntrac kd c o nfig files
[DEFAULT] ha_vrrp _ad vert_int = 2
(IntO p t) The ad vertis ement interval in
s ec o nd s
[DEFAULT] ha_vrrp _auth_p as s wo rd = No ne
(StrO p t) VRRP authentic atio n p as s wo rd
[DEFAULT] ha_vrrp _auth_typ e = PASS
(StrO p t) VRRP authentic atio n typ e AH/PASS
CHAPT ER 7 . NET WO RKING
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] hand le_internal_o nly_ro uters =
True
(Bo o lO p t) Ag ent s ho uld imp lement ro uters
with no g ateway
[DEFAULT] ko mb u_rec o nnec t_d elay = 1.0
(Flo atO p t) Ho w lo ng to wait b efo re
rec o nnec ting in res p o ns e to an AMQ P
c o ns umer c anc el no tific atio n.
[DEFAULT] l3_ha = Fals e
(Bo o lO p t) Enab le HA mo d e fo r virtual
ro uters .
[DEFAULT] l3_ha_net_c id r =
16 9 .254.19 2.0 /18
(StrO p t) Sub net us ed fo r the l3 HA ad min
netwo rk.
[DEFAULT]
lo ad b alanc er_p o o l_s c hed uler_d river =
neutro n.s ervic es .lo ad b alanc er.ag ent_s c hed
uler.Chanc eSc hed uler
(StrO p t) Driver to us e fo r s c hed uling p o o l to
a d efault lo ad b alanc er ag ent
[DEFAULT] max_l3_ag ents _p er_ro uter = 3
(IntO p t) Maximum numb er o f ag ents o n whic h
a ro uter will b e s c hed uled .
[DEFAULT] max_ro utes = 30
(IntO p t) Maximum numb er o f ro utes
[DEFAULT] metad ata_p o rt = 9 6 9 7
(IntO p t) TCP Po rt us ed b y Neutro n metad ata
names p ac e p ro xy.
[DEFAULT] min_l3_ag ents _p er_ro uter = 2
(IntO p t) Minimum numb er o f ag ents o n whic h
a ro uter will b e s c hed uled .
[DEFAULT] netwo rk_auto _s c hed ule = True
(Bo o lO p t) Allo w auto s c hed uling netwo rks to
DHCP ag ent.
[DEFAULT] netwo rk_s c hed uler_d river =
neutro n.s c hed uler.d hc p _ag ent_s c hed uler.C
hanc eSc hed uler
(StrO p t) Driver to us e fo r s c hed uling netwo rk
to DHCP ag ent
[DEFAULT] no va_ap i_ins ec ure = Fals e
(Bo o lO p t) If True, ig no re any SSL valid atio n
is s ues
[DEFAULT] no va_c a_c ertific ates _file = No ne
(StrO p t) CA file fo r no vac lient to verify s erver
c ertific ates
[DEFAULT] no va_c lient_c ert =
(StrO p t) Client c ertific ate fo r no va metad ata
ap i s erver.
[DEFAULT] no va_c lient_p riv_key =
(StrO p t) Private key o f c lient c ertific ate.
[DEFAULT] no va_metad ata_ins ec ure = Fals e
(Bo o lO p t) Allo w to p erfo rm ins ec ure SSL
(http s ) req ues ts to no va metad ata
531
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
532
O p tio n = d efault value
(Typ e) Help s tring
[DEFAULT] no va_metad ata_p ro to c o l = http
(StrO p t) Pro to c o l to ac c es s no va metad ata,
http o r http s
[DEFAULT] q p id _rec eiver_c ap ac ity = 1
(IntO p t) The numb er o f p refetc hed mes s ag es
held b y rec eiver.
[DEFAULT] ra_c o nfs = $ s tate_p ath/ra
(StrO p t) Lo c atio n to s to re IPv6 RA c o nfig
files
[DEFAULT] rab b it_lo g in_metho d =
AMQ PLAIN
(StrO p t) the Rab b itMQ lo g in metho d
[DEFAULT] ro uter_auto _s c hed ule = True
(Bo o lO p t) Allo w auto s c hed uling o f ro uters
to L3 ag ent.
[DEFAULT] ro uter_d elete_names p ac es =
Fals e
(Bo o lO p t) Delete names p ac e after remo ving
a ro uter.
[DEFAULT] ro uter_d is trib uted = Fals e
(Bo o lO p t) Sys tem-wid e flag to d etermine the
typ e o f ro uter that tenants c an c reate. O nly
ad min c an o verrid e.
[DEFAULT] ro uter_id =
(StrO p t) If names p ac es is d is ab led , the l3
ag ent c an o nly c o nfig ure a ro uter that has the
matc hing ro uter ID.
[DEFAULT] ro uter_s c hed uler_d river =
neutro n.s c hed uler.l3_ag ent_s c hed uler.Chan
c eSc hed uler
(StrO p t) Driver to us e fo r s c hed uling ro uter
to a d efault L3 ag ent
[DEFAULT] s end _arp _fo r_ha = 3
(IntO p t) Send this many g ratuito us ARPs fo r
HA s etup , if les s than o r eq ual to 0 , the
feature is d is ab led
[DEFAULT] trans p o rt_url = No ne
(StrO p t) A URL rep res enting the mes s ag ing
d river to us e and its full c o nfig uratio n. If no t
s et, we fall b ac k to the rp c _b ac kend o p tio n
and d river s p ec ific c o nfig uratio n.
[DEFAULT] us e_s ys lo g _rfc _fo rmat = Fals e
(Bo o lO p t) (O p tio nal) Enab les o r d is ab les
s ys lo g rfc 5424 fo rmat fo r lo g g ing . If
enab led , p refixes the MSG p art o f the s ys lo g
mes s ag e with APP-NAME (RFC5424). The
fo rmat witho ut the APP-NAME is d ep rec ated
in I, and will b e remo ved in J.
CHAPT ER 7 . NET WO RKING
O p tio n = d efault value
(Typ e) Help s tring
[AG ENT] arp _res p o nd er = Fals e
(Bo o lO p t) Enab le lo c al ARP res p o nd er if it
is s up p o rted . Req uires O VS 2.1 and ML2
l2p o p ulatio n d river. Allo ws the s witc h (when
s up p o rting an o verlay) to res p o nd to an ARP
req ues t lo c ally witho ut p erfo rming a c o s tly
ARP b ro ad c as t into the o verlay.
[AG ENT] d o nt_frag ment = True
(Bo o lO p t) Set o r un-s et the d o n' t frag ment
(DF) b it o n o utg o ing IP p ac ket c arrying
G RE/VXLAN tunnel.
[AG ENT] enab le_d is trib uted _ro uting = Fals e
(Bo o lO p t) Make the l2 ag ent run in DVR
mo d e.
[AG ENT] p hys ic al_interfac e_map p ing s =
(Lis tO p t) Lis t o f < p hys ic al_netwo rk> :
< p hys ic al_interfac e>
[CISCO _N1K] http _p o o l_s iz e = 4
(IntO p t) Numb er o f thread s to us e to make
HTTP req ues ts
[CISCO _N1K] res tric t_p o lic y_p ro files = Fals e
(Bo o lO p t) Res tric t the vis ib ility o f p o lic y
p ro files to the tenants
[CO NTRAIL] ap i_s erver_ip = 127.0 .0 .1
(StrO p t) IP ad d res s to c o nnec t to
o p enc o ntrail c o ntro ller
[CO NTRAIL] ap i_s erver_p o rt = 8 0 8 2
(IntO p t) Po rt to c o nnec t to o p enc o ntrail
c o ntro ller
[HYPERV] netwo rk_vlan_rang es =
(Lis tO p t) Lis t o f < p hys ic al_netwo rk> :
< vlan_min> :< vlan_max> o r
< p hys ic al_netwo rk>
[HYPERV] tenant_netwo rk_typ e = lo c al
(StrO p t) Netwo rk typ e fo r tenant netwo rks
(lo c al, flat, vlan o r no ne)
[NO VA] no d e_o verrid e_vif_d is trib uted =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to d is trib uted
[NO VA] no d e_o verrid e_vif_d vs =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to d vs
[NO VA] no d e_o verrid e_vif_hw_veb =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to hw_veb
[NO VA] no d e_o verrid e_vif_vro uter =
(Lis tO p t) No va c o mp ute no d es to manually
s et VIF typ e to vro uter
[NSX_DHCP] d efault_leas e_time = 4320 0
(IntO p t) Default DHCP leas e time
533
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
534
O p tio n = d efault value
(Typ e) Help s tring
[NSX_DHCP] d o main_name =
o p ens tac klo c al
(StrO p t) Do main to us e fo r b uild ing the
ho s tnames
[NSX_DHCP] extra_d o main_name_s ervers =
(Lis tO p t) Co mma s ep arated lis t o f ad d itio nal
d o main name s ervers
[NSX_LSN] s ync _o n_mis s ing _d ata = Fals e
(Bo o lO p t) Pull LSN info rmatio n fro m NSX in
c as e it is mis s ing fro m the lo c al d ata s to re.
This is us eful to reb uild the lo c al s to re in
c as e o f s erver rec o very.
[NSX_METADATA]
metad ata_s erver_ad d res s = 127.0 .0 .1
(StrO p t) IP ad d res s us ed b y Metad ata
s erver.
[NSX_METADATA] metad ata_s erver_p o rt =
8 775
(IntO p t) TCP Po rt us ed b y Metad ata s erver.
[NSX_METADATA] metad ata_s hared _s ec ret
=
(StrO p t) Shared s ec ret to s ig n ins tanc e-id
req ues t
[O VS] us e_veth_interc o nnec tio n = Fals e
(Bo o lO p t) Us e veths ins tead o f p atc h p o rts
to interc o nnec t the integ ratio n b rid g e to
p hys ic al b rid g es .
[PHYSICAL_INTERFACE] p hys ic al_interfac e
= eth0
(StrO p t) The netwo rk interfac e to us e when
c reating a p o rt
[Q UO TAS] q uo ta_firewall = 1
(IntO p t) Numb er o f firewalls allo wed p er
tenant. A neg ative value means unlimited .
[Q UO TAS] q uo ta_firewall_p o lic y = 1
(IntO p t) Numb er o f firewall p o lic ies allo wed
p er tenant. A neg ative value means unlimited .
[Q UO TAS] q uo ta_firewall_rule = 10 0
(IntO p t) Numb er o f firewall rules allo wed p er
tenant. A neg ative value means unlimited .
[Q UO TAS] q uo ta_flo ating ip = 50
(IntO p t) Numb er o f flo ating IPs allo wed p er
tenant. A neg ative value means unlimited .
[Q UO TAS] q uo ta_health_mo nito r = -1
(IntO p t) Numb er o f health mo nito rs allo wed
p er tenant. A neg ative value means unlimited .
[Q UO TAS] q uo ta_memb er = -1
(IntO p t) Numb er o f p o o l memb ers allo wed
p er tenant. A neg ative value means unlimited .
[Q UO TAS] q uo ta_netwo rk_g ateway = 5
(IntO p t) Numb er o f netwo rk g ateways allo wed
p er tenant, -1 fo r unlimited
[Q UO TAS] q uo ta_p ac ket_filter = 10 0
(IntO p t) Numb er o f p ac ket_filters allo wed p er
tenant, -1 fo r unlimited
CHAPT ER 7 . NET WO RKING
O p tio n = d efault value
(Typ e) Help s tring
[Q UO TAS] q uo ta_p o o l = 10
(IntO p t) Numb er o f p o o ls allo wed p er tenant.
A neg ative value means unlimited .
[Q UO TAS] q uo ta_ro uter = 10
(IntO p t) Numb er o f ro uters allo wed p er
tenant. A neg ative value means unlimited .
[Q UO TAS] q uo ta_s ec urity_g ro up = 10
(IntO p t) Numb er o f s ec urity g ro up s allo wed
p er tenant. A neg ative value means unlimited .
[Q UO TAS] q uo ta_s ec urity_g ro up _rule = 10 0
(IntO p t) Numb er o f s ec urity rules allo wed p er
tenant. A neg ative value means unlimited .
[Q UO TAS] q uo ta_vip = 10
(IntO p t) Numb er o f vip s allo wed p er tenant. A
neg ative value means unlimited .
[SECURITYG RO UP] enab le_ip s et = True
(Bo o lO p t) Us e ip s et to s p eed -up the
ip tab les b as ed s ec urity g ro up s .
[SRIO V_NIC] exc lud e_d evic es =
(Lis tO p t) Lis t o f < netwo rk_d evic e> :
< exc lud ed _d evic es > map p ing
netwo rk_d evic e to the ag ent' s no d e-s p ec ific
lis t o f virtual func tio ns that s ho uld no t b e
us ed fo r virtual netwo rking .
exc lud ed _d evic es is a s emic o lo n s ep arated
lis t o f virtual func tio ns (BDF fo rmat).to
exc lud e fro m netwo rk_d evic e. The
netwo rk_d evic e in the map p ing s ho uld
ap p ear in the p hys ic al_d evic e_map p ing s
lis t.
[SRIO V_NIC] p hys ic al_d evic e_map p ing s =
(Lis tO p t) Lis t o f < p hys ic al_netwo rk> :
< netwo rk_d evic e> map p ing p hys ic al netwo rk
names to the ag ent' s no d e-s p ec ific p hys ic al
netwo rk d evic e o f SR-IO V p hys ic al func tio n
to b e us ed fo r VLAN netwo rks . All p hys ic al
netwo rks lis ted in netwo rk_vlan_rang es o n
the s erver s ho uld have map p ing s to
ap p ro p riate interfac es o n eac h ag ent
[SWITCH] ad d res s =
(StrO p t) The ad d res s o f the ho s t to SSH to
[SWITCH] o s typ e = NO S
(StrO p t) Currently unus ed
[SWITCH] p as s wo rd =
(StrO p t) The SSH p as s wo rd to us e
[SWITCH] us ername =
(StrO p t) The SSH us ername to us e
[SYNCMANAG ER] enab le_s ync = Fals e
(Bo o lO p t) Nuag e p lug in will s ync res o urc es
b etween o p ens tac k and VSD
535
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
536
O p tio n = d efault value
(Typ e) Help s tring
[SYNCMANAG ER] s ync _interval = 0
(IntO p t) Sync interval in s ec o nd s b etween
o p ens tac k and VSD. It d efines ho w o ften the
s ync hro niz atio n is d o ne. If no t s et, value o f 0
is as s umed and s ync will b e p erfo rmed o nly
o nc e, at the Neutro n s tartup time.
[c fg _ag ent] d evic e_c o nnec tio n_timeo ut = 30
(IntO p t) Time in s ec o nd s fo r c o nnec ting to a
ho s ting d evic e
[c fg _ag ent] ho s ting _d evic e_d ead _timeo ut =
30 0
(IntO p t) The time in s ec o nd s until a
b ac klo g g ed ho s ting d evic e is p res umed
d ead . This value s ho uld b e s et up hig h
eno ug h to rec o ver fro m a p erio d o f
c o nnec tivity lo s s o r hig h lo ad when the
d evic e may no t b e res p o nd ing .
[c fg _ag ent] ro uting _s vc _help er_c las s =
neutro n.p lug ins .c is c o .c fg _ag ent.s ervic e_hel
p ers .ro uting _s vc _help er.Ro uting Servic eHel
p er
(StrO p t) Path o f the ro uting s ervic e help er
c las s .
[c fg _ag ent] rp c _lo o p _interval = 10
(IntO p t) Interval when the p ro c es s _s ervic es ()
lo o p exec utes in s ec o nd s . This is when the
c o nfig ag ent lets eac h s ervic e help er to
p ro c es s its neutro n res o urc es .
[d atab as e] mys q l_s q l_mo d e =
TRADITIO NAL
(StrO p t) The SQ L mo d e to b e us ed fo r
MySQ L s es s io ns . This o p tio n, inc lud ing the
d efault, o verrid es any s erver-s et SQ L mo d e.
To us e whatever SQ L mo d e is s et b y the
s erver c o nfig uratio n, s et this to no value.
Examp le: mys q l_s q l_mo d e=
[d atab as e] s q lite_d b = o s lo .s q lite
(StrO p t) The file name to us e with SQ Lite.
[d atab as e] s q lite_s ync hro no us = True
(Bo o lO p t) If True, SQ Lite us es s ync hro no us
mo d e.
[g eneral] b ac klo g _p ro c es s ing _interval = 10
(IntO p t) Time in s ec o nd s b etween renewed
s c hed uling attemp ts o f no n-s c hed uled
ro uters .
[g eneral] c fg _ag ent_d o wn_time = 6 0
(IntO p t) Sec o nd s o f no s tatus up d ate until a
c fg ag ent is c o ns id ered d o wn.
[g eneral] d efault_s ec urity_g ro up =
mg mt_s ec _g rp
(StrO p t) Default s ec urity g ro up ap p lied o n
manag ement p o rt. Default value is
mg mt_s ec _g rp .
CHAPT ER 7 . NET WO RKING
O p tio n = d efault value
(Typ e) Help s tring
[g eneral] ens ure_no va_running = True
(Bo o lO p t) Ens ure that No va is running
b efo re attemp ting to c reate any VM.
[g eneral] l3_ad min_tenant = L3Ad minTenant
(StrO p t) Name o f the L3 ad min tenant.
[g eneral] manag ement_netwo rk =
o s n_mg mt_nw
(StrO p t) Name o f manag ement netwo rk fo r
d evic e c o nfig uratio n. Default value is
o s n_mg mt_nw
[g eneral] s ervic e_vm_c o nfig _p ath =
/o p t/s tac k/d ata/neutro n/c is c o /c o nfig _d rive
(StrO p t) Path to c o nfig d rive files fo r s ervic e
VM ins tanc es .
[g eneral] temp lates _p ath =
/o p t/s tac k/d ata/neutro n/c is c o /temp lates
(StrO p t) Path to temp lates fo r ho s ting
d evic es .
[hap ro xy] s end _g ratuito us _arp = 3
(IntO p t) When d elete and re-ad d the s ame
vip , s end this many g ratuito us ARPs to flus h
the ARP c ac he in the Ro uter. Set it b elo w o r
eq ual to 0 to d is ab le this feature.
[ho s ting _d evic es ] c s r1kv_b o o ting _time =
420
(IntO p t) Bo o ting time in s ec o nd s b efo re a
CSR1kv b ec o mes o p eratio nal.
[ho s ting _d evic es ]
c s r1kv_c fg ag ent_ro uter_d river =
neutro n.p lug ins .c is c o .c fg _ag ent.d evic e_d riv
ers .c s r1kv.c s r1kv_ro uting _d river.CSR1kvRo ut
ing Driver
(StrO p t) Co nfig ag ent d river fo r CSR1kv.
[ho s ting _d evic es ]
c s r1kv_c o nfig d rive_temp late =
c s r1kv_c fg _temp late
(StrO p t) CSR1kv c o nfig d rive temp late file.
[ho s ting _d evic es ] c s r1kv_d evic e_d river =
neutro n.p lug ins .c is c o .l3.ho s ting _d evic e_d ri
vers .c s r1kv_hd _d river.CSR1kvHo s ting Devic e
Driver
(StrO p t) Ho s ting d evic e d river fo r CSR1kv.
[ho s ting _d evic es ] c s r1kv_flavo r = 6 21
(StrO p t) UUID o f No va flavo r fo r CSR1kv.
[ho s ting _d evic es ] c s r1kv_imag e =
c s r1kv_o p ens tac k_img
(StrO p t) Name o f G lanc e imag e fo r CSR1kv.
[ho s ting _d evic es ] c s r1kv_p as s wo rd = c is c o
(StrO p t) Pas s wo rd to us e fo r CSR1kv
c o nfig uratio ns .
[ho s ting _d evic es ] c s r1kv_p lug g ing _d river =
neutro n.p lug ins .c is c o .l3.p lug g ing _d rivers .n1
kv_trunking _d river.N1kvTrunking Plug Driver
(StrO p t) Plug g ing d river fo r CSR1kv.
537
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
538
O p tio n = d efault value
(Typ e) Help s tring
[ho s ting _d evic es ] c s r1kv_us ername = s tac k
(StrO p t) Us ername to us e fo r CSR1kv
c o nfig uratio ns .
[keys to ne_authto ken]
c hec k_revo c atio ns _fo r_c ac hed = Fals e
(Bo o lO p t) If true, the revo c atio n lis t will b e
c hec ked fo r c ac hed to kens . This req uires
that PKI to kens are c o nfig ured o n the
Keys to ne s erver.
[keys to ne_authto ken] has h_alg o rithms = md 5
(Lis tO p t) Has h alg o rithms to us e fo r has hing
PKI to kens . This may b e a s ing le alg o rithm
o r multip le. The alg o rithms are tho s e
s up p o rted b y Pytho n s tand ard has hlib .new().
The has hes will b e tried in the o rd er g iven,
s o p ut the p referred o ne firs t fo r
p erfo rmanc e. The res ult o f the firs t has h will
b e s to red in the c ac he. This will typ ic ally b e
s et to multip le values o nly while mig rating
fro m a les s s ec ure alg o rithm to a mo re
s ec ure o ne. O nc e all the o ld to kens are
exp ired this o p tio n s ho uld b e s et to a s ing le
value fo r b etter p erfo rmanc e.
[keys to ne_authto ken] id entity_uri = No ne
(StrO p t) Co mp lete ad min Id entity API
end p o int. This s ho uld s p ec ify the
unvers io ned ro o t end p o int e.g .
http s ://lo c alho s t:35357/
[l3_aris ta] l3_s ync _interval = 18 0
(IntO p t) Sync interval in s ec o nd s b etween L3
Servic e p lug in and EO S. This interval d efines
ho w o ften the s ync hro niz atio n is p erfo rmed .
This is an o p tio nal field . If no t s et, a value o f
18 0 s ec o nd s is as s umed
[l3_aris ta] mlag _c o nfig = Fals e
(Bo o lO p t) This flag is us ed ind ic ate if Aris ta
Switc hes are c o nfig ured in MLAG mo d e. If
yes , all L3 c o nfig is p us hed to b o th the
s witc hes auto matic ally. If this flag is s et to
True, ens ure to s p ec ify IP ad d res s es o f b o th
s witc hes . This is o p tio nal. If no t s et, a value
o f " Fals e" is as s umed .
[l3_aris ta] p rimary_l3_ho s t =
(StrO p t) Aris ta EO S IP ad d res s . This is
req uired field . If no t s et, all c o mmunic atio ns
to Aris ta EO S will fail
[l3_aris ta] p rimary_l3_ho s t_p as s wo rd =
(StrO p t) Pas s wo rd fo r Aris ta EO S. This is
req uired field . If no t s et, all c o mmunic atio ns
to Aris ta EO S will fail
CHAPT ER 7 . NET WO RKING
O p tio n = d efault value
(Typ e) Help s tring
[l3_aris ta] p rimary_l3_ho s t_us ername =
(StrO p t) Us ername fo r Aris ta EO S. This is
req uired field . If no t s et, all c o mmunic atio ns
to Aris ta EO S will fail
[l3_aris ta] s ec o nd ary_l3_ho s t =
(StrO p t) Aris ta EO S IP ad d res s fo r s ec o nd
Switc h MLAG ed with the firs t o ne. This an
o p tio nal field , ho wever, if mlag _c o nfig flag is
s et, then this is req uired . If no t s et, all
c o mmunic atio ns to Aris ta EO S will fail
[l3_aris ta] us e_vrf = Fals e
(Bo o lO p t) A " True" value fo r this flag
ind ic ates to c reate a ro uter in VRF. If no t s et,
all ro uters are c reated in d efault VRF.This is
o p tio nal. If no t s et, a value o f " Fals e" is
as s umed .
[ml2] extens io n_d rivers =
(Lis tO p t) An o rd ered lis t o f extens io n d river
entryp o ints to b e lo ad ed fro m the
neutro n.ml2.extens io n_d rivers names p ac e.
[ml2_b ro c ad e] rb rid g e_id = 1
(StrO p t) Rb rid g e id o f p ro vid er ed g e
ro uter(s )
[ml2_c is c o _ap ic ] ap ic _ag ent_p o ll_interval =
2
(Flo atO p t) Interval b etween ag ent p o ll fo r
to p o lo g y (in s ec )
[ml2_c is c o _ap ic ] ap ic _ag ent_rep o rt_interval
= 30
(Flo atO p t) Interval b etween ag ent s tatus
up d ates (in s ec )
[ml2_c is c o _ap ic ] ap ic _ap p _p ro file_name =
$ {ap ic _s ys tem_id }_ap p
(StrO p t) Name fo r the ap p p ro file us ed fo r
O p ens tac k
[ml2_c is c o _ap ic ] ap ic _d o main_name =
$ {ap ic _s ys tem_id }
(StrO p t) Name fo r the d o main c reated o n
APIC
[ml2_c is c o _ap ic ] ap ic _entity_p ro file =
$ {ap ic _s ys tem_id }_entity_p ro file
(StrO p t) Name o f the entity p ro file to b e
c reated
[ml2_c is c o _ap ic ] ap ic _func tio n_p ro file =
$ {ap ic _s ys tem_id }_func tio n_p ro file
(StrO p t) Name o f the func tio n p ro file to b e
c reated
[ml2_c is c o _ap ic ] ap ic _ho s t_up link_p o rts =
(Lis tO p t) The up link p o rts to c hec k fo r ACI
c o nnec tivity
[ml2_c is c o _ap ic ] ap ic _ho s ts =
(Lis tO p t) An o rd ered lis t o f ho s t names o r IP
ad d res s es o f the APIC c o ntro ller(s ).
[ml2_c is c o _ap ic ] ap ic _lac p _p ro file =
$ {ap ic _s ys tem_id }_lac p _p ro file
(StrO p t) Name o f the LACP p ro file to b e
c reated
539
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
54 0
O p tio n = d efault value
(Typ e) Help s tring
[ml2_c is c o _ap ic ] ap ic _name_map p ing =
us e_name
(StrO p t) Name map p ing s trateg y to us e:
us e_uuid | us e_name
[ml2_c is c o _ap ic ] ap ic _no d e_p ro file =
$ {ap ic _s ys tem_id }_no d e_p ro file
(StrO p t) Name o f the no d e p ro file to b e
c reated
[ml2_c is c o _ap ic ] ap ic _p as s wo rd = No ne
(StrO p t) Pas s wo rd fo r the APIC c o ntro ller
[ml2_c is c o _ap ic ] ap ic _s ync _interval = 0
(IntO p t) Sync hro niz atio n interval in s ec o nd s
[ml2_c is c o _ap ic ] ap ic _us e_s s l = True
(Bo o lO p t) Us e SSL to c o nnec t to the APIC
c o ntro ller
[ml2_c is c o _ap ic ] ap ic _us ername = No ne
(StrO p t) Us ername fo r the APIC c o ntro ller
[ml2_c is c o _ap ic ] ap ic _vlan_ns _name =
$ {ap ic _s ys tem_id }_vlan_ns
(StrO p t) Name fo r the vlan names p ac e to b e
us ed fo r O p ens tac k
[ml2_c is c o _ap ic ] ap ic _vlan_rang e = 2:40 9 3
(StrO p t) Rang e o f VLAN' s to b e us ed fo r
O p ens tac k
[ml2_c is c o _ap ic ] ap ic _vp c _p airs =
(Lis tO p t) The s witc h p airs fo r VPC
c o nnec tivity
[ml2_c is c o _ap ic ] ro o t_help er = s ud o
/us r/lo c al/b in/neutro n-ro o twrap
/etc /neutro n/ro o twrap .c o nf
(StrO p t) Setup ro o t help er as ro o twrap o r
s ud o
[ml2_fs ls d n] c rd _ap i_ins ec ure = Fals e
(Bo o lO p t) If s et, ig no re any SSL valid atio n
is s ues .
[ml2_fs ls d n] c rd _auth_s trateg y = keys to ne
(StrO p t) Auth s trateg y fo r c o nnec ting to
neutro n in ad min c o ntext.
[ml2_fs ls d n] c rd _auth_url =
http ://127.0 .0 .1:50 0 0 /v2.0 /
(StrO p t) CRD Auth URL.
[ml2_fs ls d n] c rd _c a_c ertific ates _file = No ne
(StrO p t) Lo c atio n o f c a c ertific ates file to us e
fo r CRD c lient req ues ts .
[ml2_fs ls d n] c rd _p as s wo rd = p as s wo rd
(StrO p t) CRD Servic e Pas s wo rd .
[ml2_fs ls d n] c rd _reg io n_name = Reg io nO ne
(StrO p t) Reg io n name fo r c o nnec ting to CRD
Servic e in ad min c o ntext.
[ml2_fs ls d n] c rd _tenant_name = s ervic e
(StrO p t) CRD Tenant Name.
[ml2_fs ls d n] c rd _url = http ://127.0 .0 .1:9 79 7
(StrO p t) URL fo r c o nnec ting to CRD s ervic e.
CHAPT ER 7 . NET WO RKING
O p tio n = d efault value
(Typ e) Help s tring
[ml2_fs ls d n] c rd _url_timeo ut = 30
(IntO p t) Timeo ut value fo r c o nnec ting to
CRD s ervic e in s ec o nd s .
[ml2_fs ls d n] c rd _us er_name = c rd
(StrO p t) CRD s ervic e Us ername.
[ml2_s rio v] ag ent_req uired = Fals e
(Bo o lO p t) SRIO V neutro n ag ent is req uired
fo r p o rt b ind ing
[ml2_s rio v] s up p o rted _p c i_vend o r_d evs =
15b 3:10 0 4, 8 0 8 6 :10 c 9
(Lis tO p t) Sup p o rted PCI vend o r d evic es ,
d efined b y vend o r_id :p ro d uc t_id ac c o rd ing
to the PCI ID Rep o s ito ry. Default enab les
s up p o rt fo r Intel and Mellano x SR-IO V
c ap ab le NICs
[n1kv] manag ement_p o rt_p ro file =
o s n_mg mt_p p
(StrO p t) Name o f N1kv p o rt p ro file fo r
manag ement p o rts .
[n1kv] t1_netwo rk_p ro file = o s n_t1_np
(StrO p t) Name o f N1kv netwo rk p ro file fo r T1
netwo rks (i.e., trunk netwo rks fo r VXLAN
s eg mented traffic ).
[n1kv] t1_p o rt_p ro file = o s n_t1_p p
(StrO p t) Name o f N1kv p o rt p ro file fo r T1
p o rts (i.e., p o rts c arrying traffic fro m VXLAN
s eg mented netwo rks ).
[n1kv] t2_netwo rk_p ro file = o s n_t2_np
(StrO p t) Name o f N1kv netwo rk p ro file fo r T2
netwo rks (i.e., trunk netwo rks fo r VLAN
s eg mented traffic ).
[n1kv] t2_p o rt_p ro file = o s n_t2_p p
(StrO p t) Name o f N1kv p o rt p ro file fo r T2
p o rts (i.e., p o rts c arrying traffic fro m VLAN
s eg mented netwo rks ).
[nets c aler_d river] nets c aler_nc c _p as s wo rd =
No ne
(StrO p t) Pas s wo rd to lo g in to the NetSc aler
Co ntro l Center Server.
[nets c aler_d river] nets c aler_nc c _uri = No ne
(StrO p t) The URL to reac h the NetSc aler
Co ntro l Center Server.
[nets c aler_d river] nets c aler_nc c _us ername =
No ne
(StrO p t) Us ername to lo g in to the NetSc aler
Co ntro l Center Server.
[p lumg rid d irec to r] d irec to r_s erver =
lo c alho s t
(StrO p t) PLUMg rid Direc to r s erver to
c o nnec t to
[p lumg rid d irec to r] d irec to r_s erver_p o rt =
8080
(StrO p t) PLUMg rid Direc to r s erver p o rt to
c o nnec t to
54 1
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
54 2
O p tio n = d efault value
(Typ e) Help s tring
[p lumg rid d irec to r] d river =
neutro n.p lug ins .p lumg rid .d rivers .p lumlib .Plu
mlib
(StrO p t) PLUMg rid Driver
[p lumg rid d irec to r] p as s wo rd = p as s wo rd
(StrO p t) PLUMg rid Direc to r ad min p as s wo rd
[p lumg rid d irec to r] s ervertimeo ut = 5
(IntO p t) PLUMg rid Direc to r s erver timeo ut
[p lumg rid d irec to r] us ername = us ername
(StrO p t) PLUMg rid Direc to r ad min us ername
[rad ware] ac tio ns _to _s kip = s etup _l2_l3
(Lis tO p t) Lis t o f ac tio ns that are no t p us hed
to the c o mp letio n q ueue.
[rad ware] ha_s ec o nd ary_ad d res s = No ne
(StrO p t) IP ad d res s o f s ec o nd ary vDirec t
s erver.
[rad ware] l2_l3_c to r_p arams =
{' ha_netwo rk_name' : ' HA-Netwo rk' , ' s ervic e' :
' _REPLACE_' , ' ha_ip _p o o l_name' : ' d efault' ,
' two leg _enab led ' : ' _REPLACE_' ,
' allo c ate_ha_ip s ' : True, ' allo c ate_ha_vrrp ' :
True}
(Dic tO p t) Parameter fo r l2_l3 wo rkflo w
c o ns truc to r.
[rad ware] l2_l3_s etup _p arams =
{' d ata_ip _ad d res s ' : ' 19 2.16 8 .20 0 .9 9 ' ,
' d ata_p o rt' : 1, ' g ateway' : ' 19 2.16 8 .20 0 .1' ,
' ha_p o rt' : 2, ' d ata_ip _mas k' : ' 255.255.255.0 ' }
(Dic tO p t) Parameter fo r l2_l3 wo rkflo w s etup .
[rad ware] l2_l3_wo rkflo w_name =
o p ens tac k_l2_l3
(StrO p t) Name o f l2_l3 wo rkflo w. Default:
o p ens tac k_l2_l3.
[rad ware] l4_ac tio n_name = Bas eCreate
(StrO p t) Name o f the l4 wo rkflo w ac tio n.
Default: Bas eCreate.
[rad ware] l4_wo rkflo w_name = o p ens tac k_l4
(StrO p t) Name o f l4 wo rkflo w. Default:
o p ens tac k_l4.
[rad ware] s ervic e_ad c _typ e = VA
(StrO p t) Servic e ADC typ e. Default: VA.
[rad ware] s ervic e_ad c _vers io n =
(StrO p t) Servic e ADC vers io n.
[rad ware] s ervic e_c ac he = 20
(IntO p t) Siz e o f s ervic e c ac he. Default: 20 .
[rad ware] s ervic e_c o mp res s io n_thro ug hp ut
= 10 0
(IntO p t) Servic e c o mp res s io n thro ug hp ut.
Default: 10 0 .
[rad ware] s ervic e_ha_p air = Fals e
(Bo o lO p t) Enab les o r d is ab les the Servic e
HA p air. Default: Fals e.
CHAPT ER 7 . NET WO RKING
O p tio n = d efault value
(Typ e) Help s tring
[rad ware] s ervic e_is l_vlan = -1
(IntO p t) A req uired VLAN fo r the inters witc h
link to us e.
[rad ware] s ervic e_res o urc e_p o o l_id s =
(Lis tO p t) Res o urc e p o o l IDs .
[rad ware]
s ervic e_s es s io n_mirro ring _enab led = Fals e
(Bo o lO p t) Enab le o r d is ab le Alteo n
inters witc h link fo r s tateful s es s io n failo ver.
Default: Fals e.
[rad ware] s ervic e_s s l_thro ug hp ut = 10 0
(IntO p t) Servic e SSL thro ug hp ut. Default:
10 0 .
[rad ware] s ervic e_thro ug hp ut = 10 0 0
(IntO p t) Servic e thro ug hp ut. Default: 10 0 0 .
[rad ware] vd irec t_ad d res s = No ne
(StrO p t) IP ad d res s o f vDirec t s erver.
[rad ware] vd irec t_p as s wo rd = rad ware
(StrO p t) vDirec t us er p as s wo rd .
[rad ware] vd irec t_us er = vDirec t
(StrO p t) vDirec t us er name.
[vp nag ent] vp n_d evic e_d river =
[' neutro n.s ervic es .vp n.d evic e_d rivers .ip s ec .
O p enSwanDriver' ]
(MultiStrO p t) The vp n d evic e d rivers Neutro n
will us e
T ab le 7.71. N ew d ef au lt valu es
O p tio n
Previo us d efault value
New d efault value
[DEFAULT]
c o ntro l_exc hang e
neutro n
o p ens tac k
[DEFAULT]
d efault_lo g _levels
amq p =WARN,
amq p lib =WARN,
b o to =WARN, q p id =WARN,
s q lalc hemy=WARN,
s ud s =INFO , is o 8 6 0 1=WARN
amq p =WARN,
amq p lib =WARN,
b o to =WARN, q p id =WARN,
s q lalc hemy=WARN,
s ud s =INFO ,
o s lo .mes s ag ing =INFO ,
is o 8 6 0 1=WARN,
req ues ts .p ac kag es .urllib 3.c
o nnec tio np o o l=WARN
[DEFAULT] end p o int_typ e
ad minURL
p ub lic URL
[DEFAULT]
fo rc e_g ateway_o n_s ub net
Fals e
True
[DEFAULT] http _timeo ut
10
75
54 3
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
O p tio n
Previo us d efault value
New d efault value
[DEFAULT]
metad ata_b ac klo g
128
40 9 6
[DEFAULT]
metad ata_wo rkers
0
2
[DEFAULT]
rp c _z mq _matc hmaker
neutro n.o p ens tac k.c o mmo n.
rp c .matc hmaker.Matc hMaker
Lo c alho s t
o s lo .mes s ag ing ._d rivers .ma
tc hmaker.Matc hMakerLo c alh
o st
[CISCO _N1K] p o ll_d uratio n
10
60
[NO VA] vif_typ es
unb o und , b ind ing _failed ,
o vs , ivs , b rid g e, 8 0 2.1q b g ,
8 0 2.1q b h, hyp erv, mid o net,
mlnx_d irec t, ho s td ev, o ther
unb o und , b ind ing _failed ,
o vs , ivs , b rid g e, 8 0 2.1q b g ,
8 0 2.1q b h, hyp erv, mid o net,
mlnx_d irec t, ho s td ev,
hw_veb , d vs , o ther,
d is trib uted , vro uter
[SDNVE] d efault_tenant_typ e
OF
O VERLAY
[d atab as e] c o nnec tio n
s q lite://
No ne
[d atab as e] max_o verflo w
20
No ne
[d atab as e] max_p o o l_s iz e
10
No ne
[d atab as e] p o o l_timeo ut
10
No ne
[d atab as e] s lave_c o nnec tio n
[keys to ne_authto ken]
revo c atio n_c ac he_time
No ne
30 0
10
T ab le 7.72. D ep recat ed o p t io n s
54 4
Dep rec ated o p tio n
New O p tio n
[rp c _no tifier2] to p ic s
[DEFAULT] no tific atio n_to p ic s
CHAPT ER 8 . O BJECT ST O RAG E
CHAPTER 8. OBJECT STORAGE
OpenStack Object Storage uses multiple configuration files for multiple services and
background daemons, and paste. d epl o y to manage server configurations. D efault
configuration options appear in the [D EFAULT ] section. You can override the default
values by setting values in the other sections.
8.1. OBJECT ST ORAGE GENERAL SERVICE CONFIGURAT ION
Most Object Storage services fall into two categories, Object Storage's WSGI servers and
background daemons.
Object Storage uses paste.deploy to manage server configurations. Read more at
http://pythonpaste.org/deploy/.
D efault configuration options are set in the `[D EFAULT]` section, and any options specified
there can be overridden in any of the other sections when the syntax set o pti o n_name =
val ue is in place.
Configuration for servers and daemons can be expressed together in the same file for each
type of server, or separately. If a required section for the service trying to start is missing,
there will be an error. Sections not used by the service are ignored.
Consider the example of an Object Storage node. By convention configuration for the
o bject-server, o bject-upd ater, o bject-repl i cato r, and o bject-aud i to r exist in
a single file /etc/swi ft/o bject-server. co nf:
[DEFAULT]
[pipeline:main]
pipeline = object-server
[app:object-server]
use = egg:swift#object
[object-replicator]
reclaim_age = 259200
[object-updater]
[object-auditor]
Object Storage services expect a configuration path as the first argument:
$ swift-object-auditor
Usage: swift-object-auditor CONFIG [options]
Error: missing config path argument
54 5
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
If you omit the object-auditor section, this file cannot be used as the configuration path when
starting the swi ft-o bject-aud i to r daemon:
$ swift-object-auditor /etc/swift/object-server.conf
Unable to find object-auditor config section in /etc/swift/objectserver.conf
If the configuration path is a directory instead of a file, all of the files in the directory with the
file extension " .conf" will be combined to generate the configuration object which is delivered
to the Object Storage service. This is referred to generally as " directory-based
configuration" .
D irectory-based configuration leverages ConfigParser's native multi-file support. Files
ending in " .conf" in the given directory are parsed in lexicographical order. File names
starting with '.' are ignored. A mixture of file and directory configuration paths is not
supported - if the configuration path is a file, only that file will be parsed.
The Object Storage service management tool swi ft-i ni t has adopted the convention of
looking for /etc/swi ft/{type}-server. co nf. d / if the file /etc/swi ft/{type}server. co nf file does not exist.
When using directory-based configuration, if the same option under the same section
appears more than once in different files, the last value parsed is said to override previous
occurrences. You can ensure proper override precedence by prefixing the files in the
configuration directory with numerical values, as in the following example file layout:
/etc/swift/
default.base
object-server.conf.d/
000_default.conf -> ../default.base
001_default-override.conf
010_server.conf
020_replicator.conf
030_updater.conf
040_auditor.conf
You can inspect the resulting combined configuration object using the swi ft-co nfi g
command-line tool.
All the services of an Object Store deployment share a common configuration in the
[swi ft-hash] section of the /etc/swi ft/swi ft. co nf file. The
swi ft_hash_path_suffi x and swi ft_hash_path_prefi x values must be identical on
all the nodes.
T ab le 8.1. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [swi ft-hash] in swi ft. co nf
Configurat ion opt ion = Default value
54 6
Descript ion
CHAPT ER 8 . O BJECT ST O RAG E
Configurat ion opt ion = Default value
Descript ion
s wift_has h_p ath_p refix = c hang eme
A p refix us ed b y has h_p ath to o ffer a b it
mo re s ec urity when g enerating has hes fo r
p aths . It s imp ly ap p end s this value to all
p aths ; if s o meo ne kno ws this s uffix, it' s
eas ier fo r them to g ues s the has h a p ath will
end up with. New ins tallatio ns are ad vis ed to
s et this p arameter to a rand o m s ec ret, whic h
wo uld no t b e d is c lo s ed o us id e the
o rg aniz atio n. The s ame s ec ret need s to b e
us ed b y all s wift s ervers o f the s ame c lus ter.
Exis ting ins tallatio ns s ho uld s et this
p arameter to an emp ty s tring .
s wift_has h_p ath_s uffix = c hang eme
A s uffix us ed b y has h_p ath to o ffer a b it mo re
s ec urity when g enerating has hes fo r p aths . It
s imp ly ap p end s this value to all p aths ; if
s o meo ne kno ws this s uffix, it' s eas ier fo r
them to g ues s the has h a p ath will end up
with. New ins tallatio ns are ad vis ed to s et this
p arameter to a rand o m s ec ret, whic h wo uld
no t b e d is c lo s ed o us id e the o rg aniz atio n.
The s ame s ec ret need s to b e us ed b y all
s wift s ervers o f the s ame c lus ter. Exis ting
ins tallatio ns s ho uld s et this p arameter to an
emp ty s tring .
8.2. OBJECT SERVER CONFIGURAT ION
Find an example object server configuration at etc/o bject-server. co nf-sampl e in the
source code repository.
The available configuration options are:
T ab le 8.2. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [D EFAULT ] in o bjectserver. co nf
Configurat ion opt ion = Default value
Descript ion
b ac klo g = 40 9 6
Maximum numb er o f allo wed p end ing TCP
c o nnec tio ns
b ind _ip = 0 .0 .0 .0
IP Ad d res s fo r s erver to b ind to
b ind _p o rt = 6 0 0 0
Po rt fo r s erver to b ind to
b ind _timeo ut = 30
Sec o nd s to attemp t b ind b efo re g iving up
54 7
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
54 8
Configurat ion opt ion = Default value
Descript ion
c lient_timeo ut = 6 0
Timeo ut to read o ne c hunk fro m a c lient
external s ervic es
c o nn_timeo ut = 0 .5
Co nnec tio n timeo ut to external s ervic es
d evic es = /s rv/no d e
Parent d irec to ry o f where d evic es are
mo unted
d is ab le_fallo c ate = fals e
Dis ab le " fas t fail" fallo c ate c hec ks if the
und erlying files ys tem d o es no t s up p o rt it.
d is k_c hunk_s iz e = 6 5536
Siz e o f c hunks to read /write to d is k
eventlet_d eb ug = fals e
If true, turn o n d eb ug lo g g ing fo r eventlet
exp iring _o b jec ts _ac c o unt_name =
exp iring _o b jec ts
No help text availab le fo r this o p tio n.
exp iring _o b jec ts _c o ntainer_d ivis o r = 8 6 40 0
No help text availab le fo r this o p tio n.
fallo c ate_res erve = 0
Yo u c an s et fallo c ate_res erve to the numb er
o f b ytes yo u' d like fallo c ate to res erve,
whether there is s p ac e fo r the g iven file s iz e
o r no t. This is us eful fo r s ys tems that b ehave
b ad ly when they c o mp letely run o ut o f s p ac e;
yo u c an make the s ervic es p retend they' re
o ut o f s p ac e early. s erver. Fo r mo s t c as es ,
this s ho uld b e `eg g :s wift#o b jec t`.
lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
lo g _c us to m_hand lers =
Co mma-s ep arated lis t o f func tio ns to c all to
s etup c us to m lo g hand lers .
lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
lo g _level = INFO
Lo g g ing level
lo g _max_line_leng th = 0
Cap s the leng th o f lo g lines to the value
g iven; no limit if s et to 0 , the d efault.
lo g _name = s wift
Lab el us ed when lo g g ing
lo g _s tats d _d efault_s amp le_rate = 1.0
Defines the p ro b ab ility o f s end ing a s amp le
fo r any g iven event o r timing meas urement.
lo g _s tats d _ho s t = lo c alho s t
If no t s et, the Stats D feature is d is ab led .
CHAPT ER 8 . O BJECT ST O RAG E
Configurat ion opt ion = Default value
Descript ion
lo g _s tats d _metric _p refix =
Value will b e p rep end ed to every metric s ent
to the Stats D s erver.
lo g _s tats d _p o rt = 8 125
Po rt value fo r the Stats D s erver.
lo g _s tats d _s amp le_rate_fac to r = 1.0
No t rec o mmend ed to s et this to a value les s
than 1.0 , if freq uenc y o f lo g g ing is to o hig h,
tune the lo g _s tats d _d efault_s amp le_rate
ins tead .
lo g _ud p _ho s t =
If no t s et, the UDP rec eiver fo r s ys lo g is
d is ab led .
lo g _ud p _p o rt = 514
Po rt value fo r UDP rec eiver, if enab led .
max_c lients = 10 24
Maximum numb er o f c lients o ne wo rker c an
p ro c es s s imultaneo us ly Lo wering the
numb er o f c lients hand led p er wo rker, and
rais ing the numb er o f wo rkers c an les s en the
imp ac t that a CPU intens ive, o r b lo c king ,
req ues t c an have o n o ther req ues ts s erved
b y the s ame wo rker. If the maximum numb er
o f c lients is s et to o ne, then a g iven wo rker
will no t p erfo rm ano ther c all while
p ro c es s ing , allo wing o ther wo rkers a c hanc e
to p ro c es s it.
mo unt_c hec k = true
Whether o r no t c hec k if the d evic es are
mo unted to p revent ac c id entally writing to the
ro o t d evic e
netwo rk_c hunk_s iz e = 6 5536
Siz e o f c hunks to read /write o ver the netwo rk
no d e_timeo ut = 3
Req ues t timeo ut to external s ervic es
s wift_d ir = /etc /s wift
Swift c o nfig uratio n d irec to ry
us er = s wift
Us er to run as
wo rkers = auto
a muc h hig her value, o ne c an red uc e the
imp ac t o f s lo w file s ys tem o p eratio ns in o ne
req ues t fro m neg atively imp ac ting o ther
req ues ts .
T ab le 8.3. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [app-o bject-server] in
o bject-server. co nf
54 9
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
550
Configurat ion opt ion = Default value
Descript ion
allo wed _head ers = Co ntent-Dis p o s itio n,
Co ntent-Enc o d ing , X-Delete-At, X-O b jec tManifes t, X-Static -Larg e-O b jec t
Co mma-s ep arated lis t o f head ers that c an b e
s et in metad ata o f an o b jec t
auto _c reate_ac c o unt_p refix = .
Prefix to us e when auto matic ally c reating
ac c o unts
keep _c ac he_p rivate = fals e
Allo w no n-p ub lic o b jec ts to s tay in kernel' s
b uffer c ac he
keep _c ac he_s iz e = 54248 8 0
Larg es t o b jec t s iz e to keep in b uffer c ac he
max_up lo ad _time = 8 6 40 0
Maximum time allo wed to up lo ad an o b jec t
mb _p er_s ync = 512
O n PUT req ues ts , s ync file every n MB
rep lic atio n_c o nc urrenc y = 4
Set to res tric t the numb er o f c o nc urrent
inc o ming REPLICATIO N req ues ts ; s et to 0
fo r unlimited
rep lic atio n_failure_ratio = 1.0
If the value o f failures / s uc c es s es o f
REPLICATIO N s ub req ues ts exc eed s this
ratio , the o verall REPLICATIO N req ues t will
b e ab o rted
rep lic atio n_failure_thres ho ld = 10 0
The numb er o f s ub req ues t failures b efo re the
rep lic atio n_failure_ratio is c hec ked
rep lic atio n_lo c k_timeo ut = 15
Numb er o f s ec o nd s to wait fo r an exis ting
rep lic atio n d evic e lo c k b efo re g iving up .
rep lic atio n_o ne_p er_d evic e = True
Res tric ts inc o ming REPLICATIO N req ues ts
to o ne p er d evic e, rep lic atio n_c urrenc y
ab o ve allo wing . This c an help c o ntro l I/O to
eac h d evic e, b ut yo u may wis h to s et this to
Fals e to allo w multip le REPLICATIO N
req ues ts (up to the ab o ve
rep lic atio n_c o nc urrenc y s etting ) p er d evic e.
rep lic atio n_s erver = fals e
If d efined , tells s erver ho w to hand le
rep lic atio n verb s in req ues ts . When s et to
True (o r 1), o nly rep lic atio n verb s will b e
ac c ep ted . When s et to Fals e, rep lic atio n
verb s will b e rejec ted . When und efined ,
s erver will ac c ep t any verb in the req ues t.
s et lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
s et lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
CHAPT ER 8 . O BJECT ST O RAG E
Configurat ion opt ion = Default value
Descript ion
s et lo g _level = INFO
Lo g level
s et lo g _name = o b jec t-s erver
Lab el to us e when lo g g ing
s et lo g _req ues ts = true
Whether o r no t to lo g req ues ts
s lo w = 0
If > 0 , Minimum time in s ec o nd s fo r a PUT o r
DELETE req ues t to c o mp lete
s p lic e = no
No help text availab le fo r this o p tio n.
thread s _p er_d is k = 0
Siz e o f the p er-d is k thread p o o l us ed fo r
p erfo rming d is k I/O . The d efault o f 0 means
to no t us e a p er-d is k thread p o o l. It is
rec o mmend ed to keep this value s mall, as
larg e values c an res ult in hig h read latenc ies
d ue to larg e q ueue d ep ths . A g o o d s tarting
p o int is 4 thread s p er d is k.
us e = eg g :s wift#o b jec t
Entry p o int o f p as te.d ep lo y in the s erver
T ab le 8.4 . D escrip t io n o f co n f ig u rat io n o p t io n s f o r [pi pel i ne-mai n] in
o bject-server. co nf
Configurat ion opt ion = Default value
Descript ion
p ip eline = healthc hec k rec o n o b jec t-s erver
No help text availab le fo r this o p tio n.
T ab le 8.5. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [o bject-repl i cato r] in
o bject-server. co nf
Configurat ion opt ion = Default value
Descript ion
c o nc urrenc y = 1
Numb er o f rep lic atio n wo rkers to s p awn
d aemo niz e = o n
Whether o r no t to run rep lic atio n as a
d aemo n
551
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
552
Configurat ion opt ion = Default value
Descript ion
hand o ff_d elete = auto
By d efault hand o ff p artitio ns will b e remo ved
when it has s uc c es s fully rep lic ated to all the
c ano nic al no d es . If s et to an integ er n, it will
remo ve the p artitio n if it is s uc c es s fully
rep lic ated to n no d es . The d efault s etting
s ho uld no t b e c hang ed , exc ep t fo r extremem
s ituatio ns . This us es what' s s et here, o r
what' s s et in the DEFAULT s ec tio n, o r 10
(tho ug h o ther s ec tio ns us e 3 as the final
d efault).
hand o ffs _firs t = Fals e
If s et to True, p artitio ns that are no t
s up p o s ed to b e o n the no d e will b e
rep lic ated firs t. The d efault s etting s ho uld
no t b e c hang ed , exc ep t fo r extreme
s ituatio ns .
http _timeo ut = 6 0
Maximum d uratio n fo r an HTTP req ues t
lo c kup _timeo ut = 18 0 0
Attemp ts to kill all wo rkers if no thing
rep lic atio ns fo r lo c kup _timeo ut s ec o nd s
lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
lo g _level = INFO
Lo g g ing level
lo g _name = o b jec t-rep lic ato r
Lab el us ed when lo g g ing
no d e_timeo ut = < whatever' s in the DEFAULT
s ec tio n o r 10 >
Req ues t timeo ut to external s ervic es
rec laim_ag e = 6 0 48 0 0
Time elap s ed in s ec o nd s b efo re an o b jec t
c an b e rec laimed
rec o n_c ac he_p ath = /var/c ac he/s wift
Direc to ry where s tats fo r a few items will b e
s to red
ring _c hec k_interval = 15
Ho w o ften (in s ec o nd s ) to c hec k the ring
rs ync _b wlimit = 0
No help text availab le fo r this o p tio n.
rs ync _erro r_lo g _line_leng th = 0
No help text availab le fo r this o p tio n.
rs ync _io _timeo ut = 30
Pas s ed to rs ync fo r a max d uratio n
(s ec o nd s ) o f an I/O o p
rs ync _timeo ut = 9 0 0
Max d uratio n (s ec o nd s ) o f a p artitio n rs ync
CHAPT ER 8 . O BJECT ST O RAG E
Configurat ion opt ion = Default value
Descript ion
run_p aus e = 30
Time in s ec o nd s to wait b etween rep lic atio n
p as s es
s tats _interval = 30 0
Interval in s ec o nd s b etween lo g g ing
rep lic atio n s tatis tic s
s ync _metho d = rs ync
No help text availab le fo r this o p tio n.
vm_tes t_mo d e = no
Ind ic ates that yo u are us ing a VM
enviro nment
T ab le 8.6 . D escrip t io n o f co n f ig u rat io n o p t io n s f o r [o bject-upd ater] in
o bject-server. co nf
Configurat ion opt ion = Default value
Descript ion
c o nc urrenc y = 1
Numb er o f rep lic atio n wo rkers to s p awn
interval = 30 0
Minimum time fo r a p as s to take
lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
lo g _level = INFO
Lo g g ing level
lo g _name = o b jec t-up d ater
Lab el us ed when lo g g ing
no d e_timeo ut = < whatever' s in the DEFAULT
s ec tio n o r 10 >
Req ues t timeo ut to external s ervic es
rec o n_c ac he_p ath = /var/c ac he/s wift
Direc to ry where s tats fo r a few items will b e
s to red
s lo wd o wn = 0 .0 1
Time in s ec o nd s to wait b etween o b jec ts
T ab le 8.7. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [o bject-aud i to r] in
o bject-server. co nf
Configurat ion opt ion = Default value
Descript ion
553
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
b ytes _p er_s ec o nd = 10 0 0 0 0 0 0
Maximum b ytes aud ited p er s ec o nd . Sho uld
b e tuned ac c o rd ing to ind ivid ual s ys tem
s p ec s . 0 is unlimited . mo unted to p revent
ac c id entally writing to the ro o t d evic e
p ro c es s s imultaneo us ly (it will ac tually
ac c ep t(2) N + 1). Setting this to o ne (1) will
o nly hand le o ne req ues t at a time, witho ut
ac c ep ting ano ther req ues t c o nc urrently. By
inc reas ing the numb er o f wo rkers to a muc h
hig her value, o ne c an red uc e the imp ac t o f
s lo w file s ys tem o p eratio ns in o ne req ues t
fro m neg atively imp ac ting o ther req ues ts .
und erlying files ys tem d o es no t s up p o rt it. to
s etup c us to m lo g hand lers . b ytes yo u' d like
fallo c ate to res erve, whether there is s p ac e
fo r the g iven file s iz e o r no t. This is us eful fo r
s ys tems that b ehave b ad ly when they
c o mp letely run o ut o f s p ac e; yo u c an make
the s ervic es p retend they' re o ut o f s p ac e
early. c o ntainer s erver. Fo r mo s t c as es , this
s ho uld b e `eg g :s wift#c o ntainer`.
c o nc urrenc y = 1
Numb er o f rep lic atio n wo rkers to s p awn
d is k_c hunk_s iz e = 6 5536
Siz e o f c hunks to read /write to d is k
files _p er_s ec o nd = 20
Maximum files aud ited p er s ec o nd . Sho uld
b e tuned ac c o rd ing to ind ivid ual s ys tem
s p ec s . 0 is unlimited .
lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
lo g _level = INFO
Lo g g ing level
lo g _name = o b jec t-aud ito r
Lab el us ed when lo g g ing
lo g _time = 36 0 0
Freq uenc y o f s tatus lo g s in s ec o nd s .
o b jec t_s iz e_s tats =
No help text availab le fo r this o p tio n.
rec o n_c ac he_p ath = /var/c ac he/s wift
Direc to ry where s tats fo r a few items will b e
s to red
z ero _b yte_files _p er_s ec o nd = 50
Maximum z ero b yte files aud ited p er s ec o nd .
T ab le 8.8. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [fi l ter-heal thcheck] in
o bject-server. co nf
554
CHAPT ER 8 . O BJECT ST O RAG E
Configurat ion opt ion = Default value
Descript ion
d is ab le_p ath =
No help text availab le fo r this o p tio n.
us e = eg g :s wift#healthc hec k
Entry p o int o f p as te.d ep lo y in the s erver
T ab le 8.9 . D escrip t io n o f co n f ig u rat io n o p t io n s f o r [fi l ter-reco n] in o bjectserver. co nf
Configurat ion opt ion = Default value
Descript ion
rec o n_c ac he_p ath = /var/c ac he/s wift
Direc to ry where s tats fo r a few items will b e
s to red
rec o n_lo c k_p ath = /var/lo c k
No help text availab le fo r this o p tio n.
us e = eg g :s wift#rec o n
Entry p o int o f p as te.d ep lo y in the s erver
T ab le 8.10. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [fi l ter-xpro fi l e] in
o bject-server. co nf
Configurat ion opt ion = Default value
Descript ion
d ump _interval = 5.0
No help text availab le fo r this o p tio n.
d ump _times tamp = fals e
No help text availab le fo r this o p tio n.
flus h_at_s hutd o wn = fals e
No help text availab le fo r this o p tio n.
lo g _filename_p refix =
/tmp /lo g /s wift/p ro file/d efault.p ro file
No help text availab le fo r this o p tio n.
p ath = /__p ro file__
No help text availab le fo r this o p tio n.
p ro file_mo d ule = eventlet.g reen.p ro file
No help text availab le fo r this o p tio n.
unwind = fals e
No help text availab le fo r this o p tio n.
us e = eg g :s wift#xp ro file
Entry p o int o f p as te.d ep lo y in the s erver
8.2.1. Sample object server configurat ion file
[DEFAULT]
# bind_ip = 0.0.0.0
bind_port = 6000
# bind_timeout = 30
555
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# backlog = 4096
# user = swift
# swift_dir = /etc/swift
# devices = /srv/node
# mount_check = true
# disable_fallocate = false
# expiring_objects_container_divisor = 86400
# expiring_objects_account_name = expiring_objects
#
# Use an integer to override the number of pre-forked processes that
will
# accept connections.
# workers = auto
#
# Maximum concurrent requests per worker
# max_clients = 1024
#
# You can specify default log routing here if you want:
# log_name = swift
# log_facility = LOG_LOCAL0
# log_level = INFO
# log_address = /dev/log
# The following caps the length of log lines to the value given; no
limit if
# set to 0, the default.
# log_max_line_length = 0
#
# comma separated list of functions to call to setup custom log
handlers.
# functions get passed: conf, name, log_to_console, log_route, fmt,
logger,
# adapted_logger
# log_custom_handlers =
#
# If set, log_udp_host will override log_address
# log_udp_host =
# log_udp_port = 514
#
# You can enable StatsD logging here:
# log_statsd_host = localhost
# log_statsd_port = 8125
# log_statsd_default_sample_rate = 1.0
# log_statsd_sample_rate_factor = 1.0
# log_statsd_metric_prefix =
#
# eventlet_debug = false
#
# You can set fallocate_reserve to the number of bytes you'd like
fallocate to
# reserve, whether there is space for the given file size or not.
# fallocate_reserve = 0
#
# Time to wait while attempting to connect to another backend node.
# conn_timeout = 0.5
# Time to wait while sending each chunk of data to another backend
node.
556
CHAPT ER 8 . O BJECT ST O RAG E
# node_timeout = 3
# Time to wait while receiving each chunk of data from a client or
another
# backend node.
# client_timeout = 60
#
# network_chunk_size = 65536
# disk_chunk_size = 65536
[pipeline:main]
pipeline = healthcheck recon object-server
[app:object-server]
use = egg:swift#object
# You can override the default log routing for this app here:
# set log_name = object-server
# set log_facility = LOG_LOCAL0
# set log_level = INFO
# set log_requests = true
# set log_address = /dev/log
#
# max_upload_time = 86400
# slow = 0
#
# Objects smaller than this are not evicted from the buffercache once
read
# keep_cache_size = 5424880
#
# If true, objects for authenticated GET requests may be kept in
buffer cache
# if small enough
# keep_cache_private = false
#
# on PUTs, sync data every n MB
# mb_per_sync = 512
#
# Comma separated list of headers that can be set in metadata on an
object.
# This list is in addition to X-Object-Meta-* headers and cannot
include
# Content-Type, etag, Content-Length, or deleted
# allowed_headers = Content-Disposition, Content-Encoding, X-DeleteAt, X-Object-Manifest, X-Static-Large-Object
#
# auto_create_account_prefix = .
#
# A value of 0 means "don't use thread pools". A reasonable starting
point is
# 4.
# threads_per_disk = 0
#
# Configure parameter for creating specific server
# To handle all verbs, including replication verbs, do not specify
# "replication_server" (this is the default). To only handle
replication,
# set to a True value (e.g. "True" or "1"). To handle only non-
557
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
replication
# verbs, set to "False". Unless you have a separate replication
network, you
# should not specify any value for "replication_server".
# replication_server = false
#
# Set to restrict the number of concurrent incoming REPLICATION
requests
# Set to 0 for unlimited
# Note that REPLICATION is currently an ssync only item
# replication_concurrency = 4
#
# Restricts incoming REPLICATION requests to one per device,
# replication_currency above allowing. This can help control I/O to
each
# device, but you may wish to set this to False to allow multiple
REPLICATION
# requests (up to the above replication_concurrency setting) per
device.
# replication_one_per_device = True
#
# Number of seconds to wait for an existing replication device lock
before
# giving up.
# replication_lock_timeout = 15
#
# These next two settings control when the REPLICATION subrequest
handler will
# abort an incoming REPLICATION attempt. An abort will occur if there
are at
# least threshold number of failures and the value of failures /
successes
# exceeds the ratio. The defaults of 100 and 1.0 means that at least
100
# failures have to occur and there have to be more failures than
successes for
# an abort to occur.
# replication_failure_threshold = 100
# replication_failure_ratio = 1.0
#
# Use splice() for zero-copy object GETs. This requires Linux kernel
# version 3.0 or greater. If you set "splice = yes" but the kernel
# does not support it, error messages will appear in the object server
# logs at startup, but your object servers should continue to
function.
#
# splice = no
[filter:healthcheck]
use = egg:swift#healthcheck
# An optional filesystem path, which if present, will cause the
healthcheck
# URL to return "503 Service Unavailable" with a body of "DISABLED BY
FILE"
# disable_path =
558
CHAPT ER 8 . O BJECT ST O RAG E
[filter:recon]
use = egg:swift#recon
#recon_cache_path = /var/cache/swift
#recon_lock_path = /var/lock
[object-replicator]
# You can override the default log routing for this app here (don't
use set!):
# log_name = object-replicator
# log_facility = LOG_LOCAL0
# log_level = INFO
# log_address = /dev/log
#
# vm_test_mode = no
# daemonize = on
# run_pause = 30
# concurrency = 1
# stats_interval = 300
#
# The sync method to use; default is rsync but you can use ssync to
try the
# EXPERIMENTAL all-swift-code-no-rsync-callouts method. Once ssync is
verified
# as having performance comparable to, or better than, rsync, we plan
to
# deprecate rsync so we can move on with more features for
replication.
# sync_method = rsync
#
# max duration of a partition rsync
# rsync_timeout = 900
#
# bandwidth limit for rsync in kB/s. 0 means unlimited
# rsync_bwlimit = 0
#
# passed to rsync for io op timeout
# rsync_io_timeout = 30
#
# node_timeout = <whatever's in the DEFAULT section or 10>
# max duration of an http request; this is for REPLICATE finalization
calls and
# so should be longer than node_timeout
# http_timeout = 60
#
# attempts to kill all workers if nothing replicates for
lockup_timeout seconds
# lockup_timeout = 1800
#
# The replicator also performs reclamation
# reclaim_age = 604800
#
# ring_check_interval = 15
# recon_cache_path = /var/cache/swift
#
# limits how long rsync error log lines are
# 0 means to log the entire line
559
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
# rsync_error_log_line_length = 0
#
# handoffs_first and handoff_delete are options for a special case
# such as disk full in the cluster. These two options SHOULD NOT BE
# CHANGED, except for such an extreme situations. (e.g. disks filled
up
# or are about to fill up. Anyway, DO NOT let your drives fill up)
# handoffs_first is the flag to replicate handoffs prior to canonical
# partitions. It allows to force syncing and deleting handoffs
quickly.
# If set to a True value(e.g. "True" or "1"), partitions
# that are not supposed to be on the node will be replicated first.
# handoffs_first = False
#
# handoff_delete is the number of replicas which are ensured in swift.
# If the number less than the number of replicas is set, objectreplicator
# could delete local handoffs even if all replicas are not ensured in
the
# cluster. Object-replicator would remove local handoff partition
directories
# after syncing partition when the number of successful responses is
greater
# than or equal to this number. By default(auto), handoff partitions
will be
# removed when it has successfully replicated to all the canonical
nodes.
# handoff_delete = auto
[object-updater]
# You can override the default log routing for this app here (don't
use set!):
# log_name = object-updater
# log_facility = LOG_LOCAL0
# log_level = INFO
# log_address = /dev/log
#
# interval = 300
# concurrency = 1
# node_timeout = <whatever's in the DEFAULT section or 10>
# slowdown will sleep that amount between objects
# slowdown = 0.01
#
# recon_cache_path = /var/cache/swift
[object-auditor]
# You can override the default log routing for this app here (don't
use set!):
# log_name = object-auditor
# log_facility = LOG_LOCAL0
# log_level = INFO
# log_address = /dev/log
#
# You can set the disk chunk size that the auditor uses making it
larger if
# you like for more efficient local auditing of larger objects
560
CHAPT ER 8 . O BJECT ST O RAG E
#
#
#
#
#
#
#
disk_chunk_size = 65536
files_per_second = 20
concurrency = 1
bytes_per_second = 10000000
log_time = 3600
zero_byte_files_per_second = 50
recon_cache_path = /var/cache/swift
# Takes a comma separated list of ints. If set, the object auditor
will
# increment a counter for every object whose size is <= to the given
break
# points and report the result after a full scan.
# object_size_stats =
# Note: Put it at the beginning of the pipleline to profile all
middleware. But
# it is safer to put this after healthcheck.
[filter:xprofile]
use = egg:swift#xprofile
# This option enable you to switch profilers which should inherit from
python
# standard profiler. Currently the supported value can be 'cProfile',
# 'eventlet.green.profile' etc.
# profile_module = eventlet.green.profile
#
# This prefix will be used to combine process ID and timestamp to name
the
# profile data file. Make sure the executing user has permission to
write
# into this path (missing path segments will be created, if
necessary).
# If you enable profiling in more than one type of daemon, you must
override
# it with an unique value like: /var/log/swift/profile/object.profile
# log_filename_prefix = /tmp/log/swift/profile/default.profile
#
# the profile data will be dumped to local disk based on above naming
rule
# in this interval.
# dump_interval = 5.0
#
# Be careful, this option will enable profiler to dump data into the
file with
# time stamp which means there will be lots of files piled up in the
directory.
# dump_timestamp = false
#
# This is the path of the URL to access the mini web UI.
# path = /__profile__
#
# Clear the data when the wsgi server shutdown.
# flush_at_shutdown = false
#
# unwind the iterator of applications
# unwind = false
561
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
8.3. OBJECT EXPIRER CONFIGURAT ION
Find an example object expirer configuration at etc/o bject-expi rer. co nf-sampl e in
the source code repository.
The available configuration options are:
T ab le 8.11. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [D EFAULT ] in o bjectexpi rer. co nf
562
Configurat ion opt ion = Default value
Descript ion
lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
lo g _c us to m_hand lers =
Co mma-s ep arated lis t o f func tio ns to c all to
s etup c us to m lo g hand lers .
lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
lo g _level = INFO
Lo g g ing level
lo g _max_line_leng th = 0
Cap s the leng th o f lo g lines to the value
g iven; no limit if s et to 0 , the d efault.
lo g _name = s wift
Lab el us ed when lo g g ing
lo g _s tats d _d efault_s amp le_rate = 1.0
Defines the p ro b ab ility o f s end ing a s amp le
fo r any g iven event o r timing meas urement.
lo g _s tats d _ho s t = lo c alho s t
If no t s et, the Stats D feature is d is ab led .
lo g _s tats d _metric _p refix =
Value will b e p rep end ed to every metric s ent
to the Stats D s erver.
lo g _s tats d _p o rt = 8 125
Po rt value fo r the Stats D s erver.
lo g _s tats d _s amp le_rate_fac to r = 1.0
No t rec o mmend ed to s et this to a value les s
than 1.0 , if freq uenc y o f lo g g ing is to o hig h,
tune the lo g _s tats d _d efault_s amp le_rate
ins tead .
lo g _ud p _ho s t =
If no t s et, the UDP rec eiver fo r s ys lo g is
d is ab led .
lo g _ud p _p o rt = 514
Po rt value fo r UDP rec eiver, if enab led .
s wift_d ir = /etc /s wift
Swift c o nfig uratio n d irec to ry
us er = s wift
Us er to run as
CHAPT ER 8 . O BJECT ST O RAG E
T ab le 8.12. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [app-pro xy-server] in
o bject-expi rer. co nf
Configurat ion opt ion = Default value
Descript ion
us e = eg g :s wift#p ro xy
Entry p o int o f p as te.d ep lo y in the s erver
T ab le 8.13. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [fi l ter-cache] in o bjectexpi rer. co nf
Configurat ion opt ion = Default value
Descript ion
us e = eg g :s wift#memc ac he
Entry p o int o f p as te.d ep lo y in the s erver
T ab le 8.14 . D escrip t io n o f co n f ig u rat io n o p t io n s f o r [fi l ter-catch_erro rs] in
o bject-expi rer. co nf
Configurat ion opt ion = Default value
Descript ion
us e = eg g :s wift#c atc h_erro rs
Entry p o int o f p as te.d ep lo y in the s erver
T ab le 8.15. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [fi l ter-pro xy-l o g g i ng ]
in o bject-expi rer. co nf
Configurat ion opt ion = Default value
Descript ion
ac c es s _lo g _ad d res s = /d ev/lo g
No help text availab le fo r this o p tio n.
ac c es s _lo g _fac ility = LO G _LO CAL0
No help text availab le fo r this o p tio n.
ac c es s _lo g _head ers = fals e
No help text availab le fo r this o p tio n.
ac c es s _lo g _head ers _o nly =
If ac c es s _lo g _head ers is True and
ac c es s _lo g _head ers _o nly is s et o nly thes e
head ers are lo g g ed . Multip le head ers c an b e
d efined as c o mma s ep arated lis t like this :
ac c es s _lo g _head ers _o nly = Ho s t, X-O b jec tMeta-Mtime
ac c es s _lo g _level = INFO
No help text availab le fo r this o p tio n.
ac c es s _lo g _name = s wift
No help text availab le fo r this o p tio n.
ac c es s _lo g _s tats d _d efault_s amp le_rate =
1.0
No help text availab le fo r this o p tio n.
563
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
ac c es s _lo g _s tats d _ho s t = lo c alho s t
No help text availab le fo r this o p tio n.
ac c es s _lo g _s tats d _metric _p refix =
No help text availab le fo r this o p tio n.
ac c es s _lo g _s tats d _p o rt = 8 125
No help text availab le fo r this o p tio n.
ac c es s _lo g _s tats d _s amp le_rate_fac to r = 1.0
No help text availab le fo r this o p tio n.
ac c es s _lo g _ud p _ho s t =
No help text availab le fo r this o p tio n.
ac c es s _lo g _ud p _p o rt = 514
No help text availab le fo r this o p tio n.
lo g _s tats d _valid _http _metho d s =
G ET,HEAD,PO ST,PUT,DELETE,CO PY,O PTI
O NS
No help text availab le fo r this o p tio n.
lo g g ed with ac c es s _lo g _head ers = True.
No help text availab le fo r this o p tio n.
reveal_s ens itive_p refix = 16
The X-Auth-To ken is s ens itive d ata. If
revealed to an unautho ris ed p ers o n, they c an
no w make req ues ts ag ains t an ac c o unt until
the to ken exp ires . Set reveal_s ens itive_p refix
to the numb er o f c harac ters o f the to ken that
are lo g g ed . Fo r examp le
reveal_s ens itive_p refix = 12 s o o nly firs t 12
c harac ters o f the to ken are lo g g ed . O r, s et to
0 to c o mp letely remo ve the to ken.
us e = eg g :s wift#p ro xy_lo g g ing
Entry p o int o f p as te.d ep lo y in the s erver
T ab le 8.16 . D escrip t io n o f co n f ig u rat io n o p t io n s f o r [o bject-expi rer] in
o bject-expi rer. co nf
564
Configurat ion opt ion = Default value
Descript ion
auto _c reate_ac c o unt_p refix = .
Prefix to us e when auto matic ally c reating
ac c o unts
c o nc urrenc y = 1
Numb er o f rep lic atio n wo rkers to s p awn
exp iring _o b jec ts _ac c o unt_name =
exp iring _o b jec ts
No help text availab le fo r this o p tio n.
interval = 30 0
Minimum time fo r a p as s to take
CHAPT ER 8 . O BJECT ST O RAG E
Configurat ion opt ion = Default value
Descript ion
p ro c es s = 0
(it will ac tually ac c ep t(2) N + 1). Setting this
to o ne (1) will o nly hand le o ne req ues t at a
time, witho ut ac c ep ting ano ther req ues t
c o nc urrently.
p ro c es s es = 0
No help text availab le fo r this o p tio n.
rec laim_ag e = 6 0 48 0 0
Time elap s ed in s ec o nd s b efo re an o b jec t
c an b e rec laimed
rec o n_c ac he_p ath = /var/c ac he/s wift
Direc to ry where s tats fo r a few items will b e
s to red
rep o rt_interval = 30 0
No help text availab le fo r this o p tio n.
T ab le 8.17. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [pi pel i ne-mai n] in
o bject-expi rer. co nf
Configurat ion opt ion = Default value
Descript ion
p ip eline = c atc h_erro rs p ro xy-lo g g ing c ac he
p ro xy-s erver
No help text availab le fo r this o p tio n.
8.3.1. Sample object expirer configurat ion file
[DEFAULT]
# swift_dir = /etc/swift
# user = swift
# You can specify default log routing here if you want:
# log_name = swift
# log_facility = LOG_LOCAL0
# log_level = INFO
# log_address = /dev/log
# The following caps the length of log lines to the value given; no
limit if
# set to 0, the default.
# log_max_line_length = 0
#
# comma separated list of functions to call to setup custom log
handlers.
# functions get passed: conf, name, log_to_console, log_route, fmt,
logger,
# adapted_logger
# log_custom_handlers =
#
# If set, log_udp_host will override log_address
# log_udp_host =
# log_udp_port = 514
565
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#
#
#
#
#
#
#
You can enable StatsD logging here:
log_statsd_host = localhost
log_statsd_port = 8125
log_statsd_default_sample_rate = 1.0
log_statsd_sample_rate_factor = 1.0
log_statsd_metric_prefix =
[object-expirer]
# interval = 300
# auto_create_account_prefix = .
# expiring_objects_account_name = expiring_objects
# report_interval = 300
# concurrency is the level of concurrency o use to do the work, this
value
# must be set to at least 1
# concurrency = 1
# processes is how many parts to divide the work into, one part per
process
#
that will be doing the work
# processes set 0 means that a single process will be doing all the
work
# processes can also be specified on the command line and will
override the
#
config value
# processes = 0
# process is which of the parts a particular process will work on
# process can also be specified on the command line and will overide
the config
#
value
# process is "zero based", if you want to use 3 processes, you should
run
# processes with process set to 0, 1, and 2
# process = 0
# The expirer will re-attempt expiring if the source object is not
available
# up to reclaim_age seconds before it gives up and deletes the entry
in the
# queue.
# reclaim_age = 604800
# recon_cache_path = /var/cache/swift
[pipeline:main]
pipeline = catch_errors proxy-logging cache proxy-server
[app:proxy-server]
use = egg:swift#proxy
# See proxy-server.conf-sample for options
[filter:cache]
use = egg:swift#memcache
# See proxy-server.conf-sample for options
[filter:catch_errors]
use = egg:swift#catch_errors
# See proxy-server.conf-sample for options
566
CHAPT ER 8 . O BJECT ST O RAG E
[filter:proxy-logging]
use = egg:swift#proxy_logging
# If not set, logging directives from [DEFAULT] without "access_" will
be used
# access_log_name = swift
# access_log_facility = LOG_LOCAL0
# access_log_level = INFO
# access_log_address = /dev/log
#
# If set, access_log_udp_host will override access_log_address
# access_log_udp_host =
# access_log_udp_port = 514
#
# You can use log_statsd_* from [DEFAULT] or override them here:
# access_log_statsd_host = localhost
# access_log_statsd_port = 8125
# access_log_statsd_default_sample_rate = 1.0
# access_log_statsd_sample_rate_factor = 1.0
# access_log_statsd_metric_prefix =
# access_log_headers = false
#
# If access_log_headers is True and access_log_headers_only is set only
# these headers are logged. Multiple headers can be defined as comma
separated
# list like this: access_log_headers_only = Host, X-Object-Meta-Mtime
# access_log_headers_only =
#
# By default, the X-Auth-Token is logged. To obscure the value,
# set reveal_sensitive_prefix to the number of characters to log.
# For example, if set to 12, only the first 12 characters of the
# token appear in the log. An unauthorized access of the log file
# won't allow unauthorized usage of the token. However, the first
# 12 or so characters is unique enough that you can trace/debug
# token usage. Set to 0 to suppress the token completely (replaced
# by '...' in the log).
# Note: reveal_sensitive_prefix will not affect the value
# logged with access_log_headers=True.
# reveal_sensitive_prefix = 16
#
# What HTTP methods are allowed for StatsD logging (comma-sep);
request methods
# not in this list will have "BAD_METHOD" for the <verb> portion of
the metric.
# log_statsd_valid_http_methods =
GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS
8.4 . CONT AINER SERVER CONFIGURAT ION
Find an example container server configuration at etc/co ntai ner-server. co nfsampl e in the source code repository.
The available configuration options are:
567
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
T ab le 8.18. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [D EFAULT ] in co ntai nerserver. co nf
568
Configurat ion opt ion = Default value
Descript ion
allo wed _s ync _ho s ts = 127.0 .0 .1
No help text availab le fo r this o p tio n.
b ac klo g = 40 9 6
Maximum numb er o f allo wed p end ing TCP
c o nnec tio ns
b ind _ip = 0 .0 .0 .0
IP Ad d res s fo r s erver to b ind to
b ind _p o rt = 6 0 0 1
Po rt fo r s erver to b ind to
b ind _timeo ut = 30
Sec o nd s to attemp t b ind b efo re g iving up
d b _p reallo c atio n = o ff
If yo u d o n' t mind the extra d is k s p ac e us ag e
in o verhead , yo u c an turn this o n to
p reallo c ate d is k s p ac e with SQ Lite
d atab as es to d ec reas e frag mentatio n.
und erlying files ys tem d o es no t s up p o rt it. to
s etup c us to m lo g hand lers . b ytes yo u' d like
fallo c ate to res erve, whether there is s p ac e
fo r the g iven file s iz e o r no t. This is us eful fo r
s ys tems that b ehave b ad ly when they
c o mp letely run o ut o f s p ac e; yo u c an make
the s ervic es p retend they' re o ut o f s p ac e
early. s erver. Fo r mo s t c as es , this s ho uld b e
`eg g :s wift#ac c o unt`. rep lic atio n p as s es
ac c o unt c an b e rec laimed
d evic es = /s rv/no d e
Parent d irec to ry o f where d evic es are
mo unted
d is ab le_fallo c ate = fals e
Dis ab le " fas t fail" fallo c ate c hec ks if the
und erlying files ys tem d o es no t s up p o rt it.
eventlet_d eb ug = fals e
If true, turn o n d eb ug lo g g ing fo r eventlet
fallo c ate_res erve = 0
Yo u c an s et fallo c ate_res erve to the numb er
o f b ytes yo u' d like fallo c ate to res erve,
whether there is s p ac e fo r the g iven file s iz e
o r no t. This is us eful fo r s ys tems that b ehave
b ad ly when they c o mp letely run o ut o f s p ac e;
yo u c an make the s ervic es p retend they' re
o ut o f s p ac e early. s erver. Fo r mo s t c as es ,
this s ho uld b e `eg g :s wift#o b jec t`.
lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
lo g _c us to m_hand lers =
Co mma-s ep arated lis t o f func tio ns to c all to
s etup c us to m lo g hand lers .
CHAPT ER 8 . O BJECT ST O RAG E
Configurat ion opt ion = Default value
Descript ion
lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
lo g _level = INFO
Lo g g ing level
lo g _max_line_leng th = 0
Cap s the leng th o f lo g lines to the value
g iven; no limit if s et to 0 , the d efault.
lo g _name = s wift
Lab el us ed when lo g g ing
lo g _s tats d _d efault_s amp le_rate = 1.0
Defines the p ro b ab ility o f s end ing a s amp le
fo r any g iven event o r timing meas urement.
lo g _s tats d _ho s t = lo c alho s t
If no t s et, the Stats D feature is d is ab led .
lo g _s tats d _metric _p refix =
Value will b e p rep end ed to every metric s ent
to the Stats D s erver.
lo g _s tats d _p o rt = 8 125
Po rt value fo r the Stats D s erver.
lo g _s tats d _s amp le_rate_fac to r = 1.0
No t rec o mmend ed to s et this to a value les s
than 1.0 , if freq uenc y o f lo g g ing is to o hig h,
tune the lo g _s tats d _d efault_s amp le_rate
ins tead .
lo g _ud p _ho s t =
If no t s et, the UDP rec eiver fo r s ys lo g is
d is ab led .
lo g _ud p _p o rt = 514
Po rt value fo r UDP rec eiver, if enab led .
max_c lients = 10 24
Maximum numb er o f c lients o ne wo rker c an
p ro c es s s imultaneo us ly Lo wering the
numb er o f c lients hand led p er wo rker, and
rais ing the numb er o f wo rkers c an les s en the
imp ac t that a CPU intens ive, o r b lo c king ,
req ues t c an have o n o ther req ues ts s erved
b y the s ame wo rker. If the maximum numb er
o f c lients is s et to o ne, then a g iven wo rker
will no t p erfo rm ano ther c all while
p ro c es s ing , allo wing o ther wo rkers a c hanc e
to p ro c es s it.
mo unt_c hec k = true
Whether o r no t c hec k if the d evic es are
mo unted to p revent ac c id entally writing to the
ro o t d evic e
s wift_d ir = /etc /s wift
Swift c o nfig uratio n d irec to ry
us er = s wift
Us er to run as
569
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
wo rkers = auto
a muc h hig her value, o ne c an red uc e the
imp ac t o f s lo w file s ys tem o p eratio ns in o ne
req ues t fro m neg atively imp ac ting o ther
req ues ts .
T ab le 8.19 . D escrip t io n o f co n f ig u rat io n o p t io n s f o r [app-co ntai ner-server]
in co ntai ner-server. co nf
Configurat ion opt ion = Default value
Descript ion
allo w_vers io ns = fals e
Enab le/Dis ab le o b jec t vers io ning feature
auto _c reate_ac c o unt_p refix = .
Prefix to us e when auto matic ally c reating
ac c o unts
c o nn_timeo ut = 0 .5
Co nnec tio n timeo ut to external s ervic es
no d e_timeo ut = 3
Req ues t timeo ut to external s ervic es
rep lic atio n_s erver = fals e
If d efined , tells s erver ho w to hand le
rep lic atio n verb s in req ues ts . When s et to
True (o r 1), o nly rep lic atio n verb s will b e
ac c ep ted . When s et to Fals e, rep lic atio n
verb s will b e rejec ted . When und efined ,
s erver will ac c ep t any verb in the req ues t.
s et lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
s et lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
s et lo g _level = INFO
Lo g level
s et lo g _name = c o ntainer-s erver
Lab el to us e when lo g g ing
s et lo g _req ues ts = true
Whether o r no t to lo g req ues ts
us e = eg g :s wift#c o ntainer
Entry p o int o f p as te.d ep lo y in the s erver
T ab le 8.20. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [pi pel i ne-mai n] in
co ntai ner-server. co nf
570
Configurat ion opt ion = Default value
Descript ion
p ip eline = healthc hec k rec o n c o ntainers erver
No help text availab le fo r this o p tio n.
CHAPT ER 8 . O BJECT ST O RAG E
T ab le 8.21. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [co ntai ner-repl i cato r]
in co ntai ner-server. co nf
Configurat ion opt ion = Default value
Descript ion
c o nc urrenc y = 8
Numb er o f rep lic atio n wo rkers to s p awn
c o nn_timeo ut = 0 .5
Co nnec tio n timeo ut to external s ervic es
interval = 30
Minimum time fo r a p as s to take
lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
lo g _level = INFO
Lo g g ing level
lo g _name = c o ntainer-rep lic ato r
Lab el us ed when lo g g ing
max_d iffs = 10 0
Cap s ho w lo ng the rep lic ato r s p end s trying
to s ync a d atab as e p er p as s
no d e_timeo ut = 10
Req ues t timeo ut to external s ervic es
p er_d iff = 10 0 0
Limit numb er o f items to g et p er d iff
rec laim_ag e = 6 0 48 0 0
Time elap s ed in s ec o nd s b efo re an o b jec t
c an b e rec laimed
rec o n_c ac he_p ath = /var/c ac he/s wift
Direc to ry where s tats fo r a few items will b e
s to red
run_p aus e = 30
Time in s ec o nd s to wait b etween rep lic atio n
p as s es
vm_tes t_mo d e = no
Ind ic ates that yo u are us ing a VM
enviro nment
T ab le 8.22. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [co ntai ner-upd ater] in
co ntai ner-server. co nf
Configurat ion opt ion = Default value
Descript ion
ac c o unt_s up p res s io n_time = 6 0
Sec o nd s to s up p res s up d ating an ac c o unt
that has g enerated an erro r (timeo ut, no t yet
fo und , etc .)
c o nc urrenc y = 4
Numb er o f rep lic atio n wo rkers to s p awn
571
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
Configurat ion opt ion = Default value
Descript ion
c o nn_timeo ut = 0 .5
Co nnec tio n timeo ut to external s ervic es
interval = 30 0
Minimum time fo r a p as s to take
lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
lo g _level = INFO
Lo g g ing level
lo g _name = c o ntainer-up d ater
Lab el us ed when lo g g ing
no d e_timeo ut = 3
Req ues t timeo ut to external s ervic es
rec o n_c ac he_p ath = /var/c ac he/s wift
Direc to ry where s tats fo r a few items will b e
s to red
s lo wd o wn = 0 .0 1
Time in s ec o nd s to wait b etween o b jec ts
T ab le 8.23. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [co ntai ner-aud i to r] in
co ntai ner-server. co nf
572
Configurat ion opt ion = Default value
Descript ion
c o ntainers _p er_s ec o nd = 20 0
Maximum c o ntainers aud ited p er s ec o nd .
Sho uld b e tuned ac c o rd ing to ind ivid ual
s ys tem s p ec s . 0 is unlimited . mo unted to
p revent ac c id entally writing to the ro o t d evic e
p ro c es s s imultaneo us ly (it will ac tually
ac c ep t(2) N + 1). Setting this to o ne (1) will
o nly hand le o ne req ues t at a time, witho ut
ac c ep ting ano ther req ues t c o nc urrently. By
inc reas ing the numb er o f wo rkers to a muc h
hig her value, o ne c an red uc e the imp ac t o f
s lo w file s ys tem o p eratio ns in o ne req ues t
fro m neg atively imp ac ting o ther req ues ts .
interval = 18 0 0
Minimum time fo r a p as s to take
lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
lo g _level = INFO
Lo g g ing level
lo g _name = c o ntainer-aud ito r
Lab el us ed when lo g g ing
CHAPT ER 8 . O BJECT ST O RAG E
Configurat ion opt ion = Default value
Descript ion
rec o n_c ac he_p ath = /var/c ac he/s wift
Direc to ry where s tats fo r a few items will b e
s to red
T ab le 8.24 . D escrip t io n o f co n f ig u rat io n o p t io n s f o r [co ntai ner-sync] in
co ntai ner-server. co nf
Configurat ion opt ion = Default value
Descript ion
c o ntainer_time = 6 0
Maximum amo unt o f time to s p end s ync ing
eac h c o ntainer
interval = 30 0
Minimum time fo r a p as s to take
lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
lo g _level = INFO
Lo g g ing level
lo g _name = c o ntainer-s ync
Lab el us ed when lo g g ing
s ync _p ro xy =
http ://10 .1.1.1:8 8 8 8 ,http ://10 .1.1.2:8 8 8 8
If yo u need to us e an HTTP p ro xy, s et it here.
Defaults to no p ro xy.
T ab le 8.25. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [fi l ter-heal thcheck] in
co ntai ner-server. co nf
Configurat ion opt ion = Default value
Descript ion
d is ab le_p ath =
No help text availab le fo r this o p tio n.
us e = eg g :s wift#healthc hec k
Entry p o int o f p as te.d ep lo y in the s erver
T ab le 8.26 . D escrip t io n o f co n f ig u rat io n o p t io n s f o r [fi l ter-reco n] in
co ntai ner-server. co nf
Configurat ion opt ion = Default value
Descript ion
rec o n_c ac he_p ath = /var/c ac he/s wift
Direc to ry where s tats fo r a few items will b e
s to red
us e = eg g :s wift#rec o n
Entry p o int o f p as te.d ep lo y in the s erver
573
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
T ab le 8.27. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [fi l ter-xpro fi l e] in
co ntai ner-server. co nf
Configurat ion opt ion = Default value
Descript ion
d ump _interval = 5.0
No help text availab le fo r this o p tio n.
d ump _times tamp = fals e
No help text availab le fo r this o p tio n.
flus h_at_s hutd o wn = fals e
No help text availab le fo r this o p tio n.
lo g _filename_p refix =
/tmp /lo g /s wift/p ro file/d efault.p ro file
No help text availab le fo r this o p tio n.
p ath = /__p ro file__
No help text availab le fo r this o p tio n.
p ro file_mo d ule = eventlet.g reen.p ro file
No help text availab le fo r this o p tio n.
unwind = fals e
No help text availab le fo r this o p tio n.
us e = eg g :s wift#xp ro file
Entry p o int o f p as te.d ep lo y in the s erver
8.4 .1. Sample cont ainer server configurat ion file
[DEFAULT]
# bind_ip = 0.0.0.0
bind_port = 6001
# bind_timeout = 30
# backlog = 4096
# user = swift
# swift_dir = /etc/swift
# devices = /srv/node
# mount_check = true
# disable_fallocate = false
#
# Use an integer to override the number of pre-forked processes that
will
# accept connections.
# workers = auto
#
# Maximum concurrent requests per worker
# max_clients = 1024
#
# This is a comma separated list of hosts allowed in the X-ContainerSync-To
# field for containers. This is the old-style of using container sync.
It is
# strongly recommended to use the new style of a separate
# container-sync-realms.conf -- see container-sync-realms.conf-sample
# allowed_sync_hosts = 127.0.0.1
#
# You can specify default log routing here if you want:
574
CHAPT ER 8 . O BJECT ST O RAG E
# log_name = swift
# log_facility = LOG_LOCAL0
# log_level = INFO
# log_address = /dev/log
# The following caps the length of log lines to the value given; no
limit if
# set to 0, the default.
# log_max_line_length = 0
#
# comma separated list of functions to call to setup custom log
handlers.
# functions get passed: conf, name, log_to_console, log_route, fmt,
logger,
# adapted_logger
# log_custom_handlers =
#
# If set, log_udp_host will override log_address
# log_udp_host =
# log_udp_port = 514
#
# You can enable StatsD logging here:
# log_statsd_host = localhost
# log_statsd_port = 8125
# log_statsd_default_sample_rate = 1.0
# log_statsd_sample_rate_factor = 1.0
# log_statsd_metric_prefix =
#
# If you don't mind the extra disk space usage in overhead, you can
turn this
# on to preallocate disk space with SQLite databases to decrease
fragmentation.
# db_preallocation = off
#
# eventlet_debug = false
#
# You can set fallocate_reserve to the number of bytes you'd like
fallocate to
# reserve, whether there is space for the given file size or not.
# fallocate_reserve = 0
[pipeline:main]
pipeline = healthcheck recon container-server
[app:container-server]
use = egg:swift#container
# You can override the default log routing for this app here:
# set log_name = container-server
# set log_facility = LOG_LOCAL0
# set log_level = INFO
# set log_requests = true
# set log_address = /dev/log
#
# node_timeout = 3
# conn_timeout = 0.5
# allow_versions = false
# auto_create_account_prefix = .
575
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
#
# Configure parameter for creating specific server
# To handle all verbs, including replication verbs, do not specify
# "replication_server" (this is the default). To only handle
replication,
# set to a True value (e.g. "True" or "1"). To handle only nonreplication
# verbs, set to "False". Unless you have a separate replication
network, you
# should not specify any value for "replication_server".
# replication_server = false
[filter:healthcheck]
use = egg:swift#healthcheck
# An optional filesystem path, which if present, will cause the
healthcheck
# URL to return "503 Service Unavailable" with a body of "DISABLED BY
FILE"
# disable_path =
[filter:recon]
use = egg:swift#recon
#recon_cache_path = /var/cache/swift
[container-replicator]
# You can override the default log routing for this app here (don't
use set!):
# log_name = container-replicator
# log_facility = LOG_LOCAL0
# log_level = INFO
# log_address = /dev/log
#
# vm_test_mode = no
# per_diff = 1000
# max_diffs = 100
# concurrency = 8
# interval = 30
# node_timeout = 10
# conn_timeout = 0.5
#
# The replicator also performs reclamation
# reclaim_age = 604800
#
# Time in seconds to wait between replication passes
# Note: if the parameter 'interval' is defined then it will be used in
place
# of run_pause.
# run_pause = 30
#
# recon_cache_path = /var/cache/swift
[container-updater]
# You can override the default log routing for this app here (don't
use set!):
# log_name = container-updater
# log_facility = LOG_LOCAL0
576
CHAPT ER 8 . O BJECT ST O RAG E
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
log_level = INFO
log_address = /dev/log
interval = 300
concurrency = 4
node_timeout = 3
conn_timeout = 0.5
slowdown will sleep that amount between containers
slowdown = 0.01
Seconds to suppress updating an account that has generated an error
account_suppression_time = 60
recon_cache_path = /var/cache/swift
[container-auditor]
# You can override the default log routing for this app here (don't
use set!):
# log_name = container-auditor
# log_facility = LOG_LOCAL0
# log_level = INFO
# log_address = /dev/log
#
# Will audit each container at most once per interval
# interval = 1800
#
# containers_per_second = 200
# recon_cache_path = /var/cache/swift
[container-sync]
# You can override the default log routing for this app here (don't
use set!):
# log_name = container-sync
# log_facility = LOG_LOCAL0
# log_level = INFO
# log_address = /dev/log
#
# If you need to use an HTTP Proxy, set it here; defaults to no proxy.
# You can also set this to a comma separated list of HTTP Proxies and
they will
# be randomly used (simple load balancing).
# sync_proxy = http://10.1.1.1:8888,http://10.1.1.2:8888
#
# Will sync each container at most once per interval
# interval = 300
#
# Maximum amount of time to spend syncing each container per pass
# container_time = 60
# Note: Put it at the beginning of the pipeline to profile all
middleware. But
# it is safer to put this after healthcheck.
[filter:xprofile]
use = egg:swift#xprofile
# This option enable you to switch profilers which should inherit from
577
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
python
# standard profiler. Currently the supported value can be 'cProfile',
# 'eventlet.green.profile' etc.
# profile_module = eventlet.green.profile
#
# This prefix will be used to combine process ID and timestamp to name
the
# profile data file. Make sure the executing user has permission to
write
# into this path (missing path segments will be created, if
necessary).
# If you enable profiling in more than one type of daemon, you must
override
# it with an unique value like:
/var/log/swift/profile/container.profile
# log_filename_prefix = /tmp/log/swift/profile/default.profile
#
# the profile data will be dumped to local disk based on above naming
rule
# in this interval.
# dump_interval = 5.0
#
# Be careful, this option will enable profiler to dump data into the
file with
# time stamp which means there will be lots of files piled up in the
directory.
# dump_timestamp = false
#
# This is the path of the URL to access the mini web UI.
# path = /__profile__
#
# Clear the data when the wsgi server shutdown.
# flush_at_shutdown = false
#
# unwind the iterator of applications
# unwind = false
8.5. CONT AINER SYNC REALMS CONFIGURAT ION
Find an example container sync realms configuration at etc/co ntai ner-syncreal ms. co nf-sampl e in the source code repository.
The available configuration options are:
T ab le 8.28. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [D EFAULT ] in co ntai nersync-real ms. co nf
578
Configurat ion opt ion = Default value
Descript ion
mtime_c hec k_interval = 30 0
No help text availab le fo r this o p tio n.
CHAPT ER 8 . O BJECT ST O RAG E
T ab le 8.29 . D escrip t io n o f co n f ig u rat io n o p t io n s f o r [real m1] in co ntai nersync-real ms. co nf
Configurat ion opt ion = Default value
Descript ion
c lus ter_name1 = http s ://ho s t1/v1/
No help text availab le fo r this o p tio n.
c lus ter_name2 = http s ://ho s t2/v1/
No help text availab le fo r this o p tio n.
key = realm1key
No help text availab le fo r this o p tio n.
key2 = realm1key2
No help text availab le fo r this o p tio n.
T ab le 8.30. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [real m2] in co ntai nersync-real ms. co nf
Configurat ion opt ion = Default value
Descript ion
c lus ter_name3 = http s ://ho s t3/v1/
No help text availab le fo r this o p tio n.
c lus ter_name4 = http s ://ho s t4/v1/
No help text availab le fo r this o p tio n.
key = realm2key
No help text availab le fo r this o p tio n.
key2 = realm2key2
No help text availab le fo r this o p tio n.
8.5.1. Sample cont ainer sync realms configurat ion file
# [DEFAULT]
# The number of seconds between checking the modified time of this
config file
# for changes and therefore reloading it.
# mtime_check_interval = 300
#
#
#
#
#
#
#
#
#
#
#
[realm1]
key = realm1key
key2 = realm1key2
cluster_name1 = https://host1/v1/
cluster_name2 = https://host2/v1/
[realm2]
key = realm2key
key2 = realm2key2
cluster_name3 = https://host3/v1/
cluster_name4 = https://host4/v1/
# Each section name is the name of a sync realm. A sync realm is a set
579
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
of
# clusters that have agreed to allow container syncing with each
other. Realm
# names will be considered case insensitive.
#
# The key is the overall cluster-to-cluster key used in combination
with the
# external users' key that they set on their containers' X-ContainerSync-Key
# metadata header values. These keys will be used to sign each request
the
# container sync daemon makes and used to validate each incoming
container sync
# request.
#
# The key2 is optional and is an additional key incoming requests will
be
# checked against. This is so you can rotate keys if you wish; you
move the
# existing key to key2 and make a new key value.
#
# Any values in the realm section whose names begin with cluster_ will
indicate
# the name and endpoint of a cluster and will be used by external
users in
# their containers' X-Container-Sync-To metadata header values with
the format
# "realm_name/cluster_name/container_name". Realm and cluster names
are
# considered case insensitive.
#
# The endpoint is what the container sync daemon will use when sending
out
# requests to that cluster. Keep in mind this endpoint must be
reachable by all
# container servers, since that is where the container sync daemon
runs. Note
# the the endpoint ends with /v1/ and that the container sync daemon
will then
# add the account/container/obj name after that.
#
# Distribute this container-sync-realms.conf file to all your proxy
servers
# and container servers.
8.6. CONT AINER RECONCILER CONFIGURAT ION
Find an example container sync realms configuration at etc/co ntai nerreco nci l er. co nf-sampl e in the source code repository.
The available configuration options are:
580
CHAPT ER 8 . O BJECT ST O RAG E
T ab le 8.31. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [D EFAULT ] in co ntai nerreco nci l er. co nf
Configurat ion opt ion = Default value
Descript ion
lo g _ad d res s = /d ev/lo g
Lo c atio n where s ys lo g s end s the lo g s to
lo g _c us to m_hand lers =
Co mma-s ep arated lis t o f func tio ns to c all to
s etup c us to m lo g hand lers .
lo g _fac ility = LO G _LO CAL0
Sys lo g lo g fac ility
lo g _level = INFO
Lo g g ing level
lo g _name = s wift
Lab el us ed when lo g g ing
lo g _s tats d _d efault_s amp le_rate = 1.0
Defines the p ro b ab ility o f s end ing a s amp le
fo r any g iven event o r timing meas urement.
lo g _s tats d _ho s t = lo c alho s t
If no t s et, the Stats D feature is d is ab led .
lo g _s tats d _metric _p refix =
Value will b e p rep end ed to every metric s ent
to the Stats D s erver.
lo g _s tats d _p o rt = 8 125
Po rt value fo r the Stats D s erver.
lo g _s tats d _s amp le_rate_fac to r = 1.0
No t rec o mmend ed to s et this to a value les s
than 1.0 , if freq uenc y o f lo g g ing is to o hig h,
tune the lo g _s tats d _d efault_s amp le_rate
ins tead .
lo g _ud p _ho s t =
If no t s et, the UDP rec eiver fo r s ys lo g is
d is ab led .
lo g _ud p _p o rt = 514
Po rt value fo r UDP rec eiver, if enab led .
s wift_d ir = /etc /s wift
Swift c o nfig uratio n d irec to ry
us er = s wift
Us er to run as
T ab le 8.32. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [app-pro xy-server] in
co ntai ner-reco nci l er. co nf
Configurat ion opt ion = Default value
Descript ion
us e = eg g :s wift#p ro xy
Entry p o int o f p as te.d ep lo y in the s erver
581
Red Hat Ent erprise Linux O penSt ack Plat form 6 Configurat ion Reference
T ab le 8.33. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [co ntai ner-reco nci l er]
in co ntai ner-reco nci l er. co nf
Configurat ion opt ion = Default value
Descript ion
interval = 30
Minimum time fo r a p as s to take
rec laim_ag e = 6 0 48 0 0
Time elap s ed in s ec o nd s b efo re an o b jec t
c an b e rec laimed
req ues t_tries = 3
No help text availab le fo r this o p tio n.
T ab le 8.34 . D escrip t io n o f co n f ig u rat io n o p t io n s f o r [fi l ter-cache] in
co ntai ner-reco nci l er. co nf
Configurat ion opt ion = Default value
Descript ion
us e = eg g :s wift#memc ac he
Entry p o int o f p as te.d ep lo y in the s erver
T ab le 8.35. D escrip t io n o f co n f ig u rat io n o p t io n s f o r [fi l ter-catch_erro rs] in
co ntai ner-reco nci l er. co nf
Configurat ion opt ion = Default value
Descript ion
us e = eg g :s wift#c atc h_erro rs
Entry p o int o f p as te.d ep lo y in the s erver
T ab le 8.36 . D escrip t io n o f co n f ig u rat io n o p t io n s f o r [fi l ter-pro xy-l o g g i ng ]
in co ntai ner-reco nci l er. co nf
Configurat ion opt ion = Default value
Descript ion
us e = eg g :s wift#p ro xy_lo g g ing
Entry p o int o f p as te.d ep lo y in the