ironic.conf revision 6864
259N/A# Authentication strategy used by ironic-api. "noauth" should 259N/A# not be used in a production environment because all 259N/A# authentication will be disabled. (string value) 259N/A# Possible values: noauth, keystone 259N/A# Return server tracebacks in the API response for any error 259N/A# responses. WARNING: this is insecure and should not be used 259N/A# in a production environment. (boolean value) 259N/A#debug_tracebacks_in_api=false 259N/A# Enable pecan debug mode. WARNING: this is insecure and 259N/A# should not be used in a production environment. (boolean 259N/A# Specify the list of drivers to load during service 259N/A# initialization. Missing drivers, or drivers which fail to 618N/A# initialize, will prevent the conductor service from 817N/A# starting. The option default is a recommended set of 817N/A# production-oriented drivers. A complete list of drivers 618N/A# present on your system may be found by enumerating the 259N/A# developer documentation online. (list value) 259N/A# Used if there is a formatting error when generating an 259N/A# exception message (a programming error). If True, raise an 259N/A# exception; if False, use the unformatted message. (boolean 2669N/A#fatal_exception_format_errors=false 1467N/A# Exponent to determine number of hash partitions to use when 259N/A# distributing load across conductors. Larger values will 259N/A# result in more even distribution of load and less load when 1467N/A# rebalancing the ring, but more memory usage. Number of 1467N/A# partitions per conductor is (2^hash_partition_exponent). 1467N/A# This determines the granularity of rebalancing: given 10 259N/A# hosts, and an exponent of the 2, there are 40 partitions in 259N/A# the ring.A few thousand partitions should make rebalancing 259N/A# smooth in most cases. The default is suitable for up to a 259N/A# few hundred conductors. Too many partitions has a CPU 259N/A# impact. (integer value) 259N/A#hash_partition_exponent=5 259N/A# [Experimental Feature] Number of hosts to map onto each hash 259N/A# partition. Setting this to more than one will cause 259N/A# additional conductor services to prepare deployment 259N/A# environments and potentially allow the Ironic cluster to 259N/A# recover more quickly if a conductor instance is terminated. 259N/A#hash_distribution_replicas=1 259N/A# Interval (in seconds) between hash ring resets. (integer 259N/A#hash_ring_reset_interval=180 259N/A# If True, convert backing images to "raw" disk image format. 259N/A# Path to isolinux binary file. (string value) 259N/A# Template file for isolinux configuration file. (string 259N/A# Template file for grub configuration file. (string value) # Directory where the ironic python module is installed. # Directory where ironic binaries are installed. (string # Top-level directory for maintaining ironic's state. (string # Default interval (in seconds) for running driver periodic # This option is deprecated and planned for removal in a future release. # Name of this node. This can be an opaque identifier. It is # not necessarily a hostname, FQDN, or IP address. However, # the node name must be valid within an AMQP key, and if using # ZeroMQ, a valid hostname, FQDN, or IP address. (string # Path to the rootwrap configuration file to use for running # commands as root. (string value) # Temporary working directory, default is Python temp dir. # Run image downloads and raw format conversions in parallel. #parallel_image_downloads=false # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use "127.0.0.1". # If set to true, the logging level will be set to DEBUG # instead of the default INFO level. (boolean value) # If set to false, the logging level will be set to WARNING # instead of the default INFO level. (boolean value) # This option is deprecated and planned for removal in a future release. # The name of a logging configuration file. This file is # appended to any existing logging configuration files. For # details about logging configuration files, see the Python # logging module documentation. Note that when logging # configuration files are used then all logging configuration # is set in the configuration file and other logging # configuration options are ignored (for example, # logging_context_format_string). (string value) # Deprecated group/name - [DEFAULT]/log_config #log_config_append=<None> # Defines the format string for %%(asctime)s in log records. # Default: %(default)s . This option is ignored if # log_config_append is set. (string value) #log_date_format=%Y-%m-%d %H:%M:%S # (Optional) Name of log file to send logging output to. If no # default is set, logging will go to stderr as defined by # use_stderr. This option is ignored if log_config_append is # (Optional) The base directory used for relative log_file # paths. This option is ignored if log_config_append is set. # Uses logging handler designed to watch file system. When log # file is moved or removed this handler will open a new log # file with specified path instantaneously. It makes sense # only if log_file option is specified and Linux platform is # used. This option is ignored if log_config_append is set. # Use syslog for logging. Existing syslog format is DEPRECATED # and will be changed later to honor RFC5424. This option is # ignored if log_config_append is set. (boolean value) # Syslog facility to receive log lines. This option is ignored # if log_config_append is set. (string value) #syslog_log_facility=LOG_USER # Log output to standard error. This option is ignored if # log_config_append is set. (boolean value) # Format string to use for log messages with context. (string #logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s # Format string to use for log messages when context is # undefined. (string value) #logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s # Additional data to append to log message when logging level # for the message is DEBUG. (string value) #logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d # Prefix each line of exception output with this format. #logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s # Defines the format string for %(user_identity)s that is used # in logging_context_format_string. (string value) #logging_user_identity_format=%(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s # List of package logging levels in logger=LEVEL pairs. This # option is ignored if log_config_append is set. (list value) #default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO # Enables or disables publication of error events. (boolean # The format for an instance that is passed with the log # message. (string value) #instance_format="[instance: %(uuid)s] " # The format for an instance UUID that is passed with the log # message. (string value) #instance_uuid_format="[instance: %(uuid)s] " # Enables or disables fatal status of deprecations. (boolean #fatal_deprecations=false # Size of RPC connection pool. (integer value) # Deprecated group/name - [DEFAULT]/rpc_conn_pool_size # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) # MatchMaker driver. (string value) # Possible values: redis, dummy #rpc_zmq_matchmaker=redis # Type of concurrency used. Either "native" or "eventlet" #rpc_zmq_concurrency=eventlet # Number of ZeroMQ contexts, defaults to 1. (integer value) # Maximum number of ingress messages to locally buffer per # topic. Default is unlimited. (integer value) #rpc_zmq_topic_backlog=<None> # Directory for holding IPC sockets. (string value) # Name of this node. Must be a valid hostname, FQDN, or IP # address. Must match "host" option, if running Nova. (string # Seconds to wait before a cast expires (TTL). The default # value of -1 specifies an infinite linger period. The value # of 0 specifies no linger period. Pending messages shall be # discarded immediately when the socket is closed. Only # supported by impl_zmq. (integer value) # The default number of seconds that poll should wait. Poll # raises timeout exception when timeout expired. (integer # Expiration timeout in seconds of a name service record about # existing target ( < 0 means no timeout). (integer value) # Use PUB/SUB pattern for fanout methods. PUB/SUB always uses # Minimal port number for random ports range. (port value) # Possible values: 0-65535 # Maximal port number for random ports range. (integer value) # Possible values: 1-65536 # Number of retries to find free port number before fail with # ZMQBindError. (integer value) #rpc_zmq_bind_port_retries=100 # Size of executor thread pool. (integer value) # Deprecated group/name - [DEFAULT]/rpc_thread_pool_size #executor_thread_pool_size=64 # Seconds to wait for a response from a call. (integer value) # A URL representing the messaging driver to use and its full # configuration. If not set, we fall back to the rpc_backend # option and driver specific configuration. (string value) # The messaging driver to use, defaults to rabbit. Other # drivers include amqp and zmq. (string value) # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the # transport_url option. (string value) #control_exchange=openstack # Some periodic tasks can be run in a separate process. Should # we run them here? (boolean value) #run_external_periodic_tasks=true # Enable eventlet backdoor. Acceptable values are 0, <port>, # and <start>:<end>, where 0 results in listening on a random # tcp port number; <port> results in listening on the # specified port number (and not enabling backdoor if that # port is in use); and <start>:<end> results in listening on # the smallest unused port number within the specified range # of port numbers. The chosen port is displayed in the # service's log file. (string value) # Enable eventlet backdoor, using the provided path as a unix # socket that can receive connections. This option is mutually # exclusive with 'backdoor_port' in that only one should be # provided. If both are provided then the existence of this # option overrides the usage of that option. (string value) # Enables or disables logging values of all registered options # when starting a service (at DEBUG level). (boolean value) # Specify a timeout after which a gracefully shutdown server # will exit. Zero value means endless wait. (integer value) #graceful_shutdown_timeout=60 # A python format string that is used as the template to # generate log lines. The following values can beformatted # into it: client_ip, date_time, request_line, status_code, # body_length, wall_seconds. (string value) #wsgi_log_format=%(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f # Sets the value of TCP_KEEPIDLE in seconds for each server # socket. Not supported on OS X. (integer value) # Size of the pool of greenthreads used by wsgi (integer #wsgi_default_pool_size=100 # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large # tokens (typically those generated when keystone is # configured to use PKI tokens with big service catalogs). # If False, closes the client socket connection explicitly. # Timeout for client connections' socket operations. If an # incoming connection is idle for this number of seconds it # will be closed. A value of '0' means wait forever. (integer #client_socket_timeout=900 # DEPRECATED. Additional append parameters for baremetal PXE # boot. This option is deprecated and will be removed in # Mitaka release. Please use [pxe]pxe_append_params instead. #agent_pxe_append_params=nofb nomodeset vga=normal # DEPRECATED. Template file for PXE configuration. This option # is deprecated and will be removed in Mitaka release. Please # use [pxe]pxe_config_template instead. (string value) # Whether Ironic will manage booting of the agent ramdisk. If # set to False, you will need to configure your mechanism to # allow booting the agent ramdisk. (boolean value) # Deprecated group/name - [agent]/manage_tftp # The memory size in MiB consumed by agent when it is booted # on a bare metal node. This is used for checking if the image # can be downloaded and deployed on the bare metal node after # booting agent ramdisk. This may be set according to the # memory consumed by the agent ramdisk image. (integer value) #memory_consumed_by_agent=0 # Whether the agent ramdisk should stream raw images directly # onto the disk or not. By streaming raw images directly onto # the disk the agent ramdisk will not spend time copying the # image to a tmpfs partition (therefore consuming less memory) # prior to writing it to the disk. Unless the disk where the # image will be copied to is really slow, this option should # be set to True. Defaults to True. (boolean value) # Maximum interval (in seconds) for agent heartbeats. (integer # Number of times to retry getting power state to check if # bare metal node has been powered off after a soft power off. #post_deploy_get_power_state_retries=6 # Amount of time (in seconds) to wait between polling power # state after trigger soft poweroff. (integer value) #post_deploy_get_power_state_retry_interval=5 # API version to use for communicating with the ramdisk agent. # Host name for AI Server. (string value) # Username to ssh to AI Server. (string value) # Password for user to ssh to AI Server. If ssh_key_file or # ssh_key_contents are set, this config setting is used to # provide the passphrase if required. If an encrypted key is # used, set this to the passphrase. (string value) # SSH port to use. (string value) # SSH socket timeout value in seconds. (string value) # Interval in seconds to check AI deployment status. (string # Derived Manifest used for deployment. (string value) # SSH Filename to use. (string value) # Actual SSH Key contents to use. (string value) # Protocol used for AMT endpoint (string value) # Possible values: http, https # Time interval (in seconds) for successive awake call to AMT # interface, this depends on the IdleTimeout setting on AMT # interface. AMT Interface will go to sleep after 60 seconds # of inactivity by default. IdleTimeout=0 means AMT will not # go to sleep at all. Setting awake_interval=0 will disable # awake call. (integer value) # Maximum number of times to attempt an AMT operation, before # failing (integer value) # Amount of time (in seconds) to wait, before retrying an AMT # operation (integer value) # The IP address on which ironic-api listens. (string value) # The TCP port on which ironic-api listens. (port value) # Possible values: 0-65535 # The maximum number of items returned in a single response # from a collection resource. (integer value) # Public URL to use when building the links to the API # None the links will be built using the request's host URL. # If the API is operating behind a proxy, you will want to # change this to represent the proxy's URL. Defaults to None. # Number of workers for OpenStack Ironic API service. The # default is equal to the number of CPUs available if that can # be determined, else a default worker count of 1 is returned. # Enable the integrated stand-alone API to service requests # via HTTPS instead of HTTP. If there is a front-end service # performing HTTPS offloading from the service, this option # should be False; note, you will want to change public API # endpoint to represent SSL termination URL with # 'public_endpoint' option. (boolean value) # Number of times a power operation needs to be retried # Amount of time in seconds to wait in between power # operations (integer value) # Number of times a power operation needs to be retried # Amount of time in seconds to wait in between power # operations (integer value) # The size of the workers greenthread pool. Note that 2 # threads will be reserved by the conductor itself for # handling heart beats and periodic tasks. (integer value) # Seconds between conductor heart beats. (integer value) # URL of Ironic API service. If not set ironic can get the # current value from the keystone service catalog. (string # Maximum time (in seconds) since the last check-in of a # conductor. A conductor is considered inactive when this time # has been exceeded. (integer value) # Interval between syncing the node power state to the # database, in seconds. (integer value) #sync_power_state_interval=60 # Interval between checks of provision timeouts, in seconds. #check_provision_state_interval=60 # Timeout (seconds) to wait for a callback from a deploy # ramdisk. Set to 0 to disable timeout. (integer value) #deploy_callback_timeout=1800 # During sync_power_state, should the hardware power state be # set to the state recorded in the database (True) or should # the database be updated based on the hardware state (False). #force_power_state_during_sync=true # During sync_power_state failures, limit the number of times # Ironic should try syncing the hardware node power state with # the node power state in DB (integer value) #power_state_sync_max_retries=3 # Maximum number of worker threads that can be started # simultaneously by a periodic task. Should be less than RPC # thread pool size. (integer value) # Number of attempts to grab a node lock. (integer value) #node_locked_retry_attempts=3 # Seconds to sleep between node lock attempts. (integer value) #node_locked_retry_interval=1 # Enable sending sensor data message via the notification bus # Seconds between conductor sending sensor data message to # ceilometer via the notification bus. (integer value) #send_sensor_data_interval=600 # List of comma separated meter types which need to be sent to # Ceilometer. The default value, "ALL", is a special value # meaning send all the sensor data. (list value) #send_sensor_data_types=ALL # When conductors join or leave the cluster, existing # conductors may need to update any persistent local state as # nodes are moved around the cluster. This option controls how # often, in seconds, each conductor will check for nodes that # it should "take over". Set it to a negative value to disable # the check entirely. (integer value) #sync_local_state_interval=180 # Whether to upload the config drive to Swift. (boolean value) #configdrive_use_swift=false # Name of the Swift container to store config drive data. Used # when configdrive_use_swift is True. (string value) #configdrive_swift_container=ironic_configdrive_container # Timeout (seconds) for waiting for node inspection. 0 - # unlimited. (integer value) # Enables or disables automated cleaning. Automated cleaning # is a configurable set of steps, such as erasing disk drives, # that are performed on the node to ensure it is in a baseline # state and ready to be deployed to. This is done after # instance deletion as well as during the transition from a # "manageable" to "available" state. When enabled, the # particular steps performed to clean a node depend on which # driver that node is managed by; see the individual driver's # documentation for details. NOTE: The introduction of the # cleaning operation causes instance deletion to take # significantly longer. In an environment where all tenants # are trusted (eg, because there is only one tenant), this # option could be safely disabled. (boolean value) # Deprecated group/name - [conductor]/clean_nodes # Timeout (seconds) to wait for a callback from the ramdisk # doing the cleaning. If the timeout is reached the node will # be put in the "clean failed" provision state. Set to 0 to # disable timeout. (integer value) #clean_callback_timeout=1800 # Path to serial console terminal program (string value) # Directory containing the terminal SSL cert(PEM) for serial # console access (string value) #terminal_cert_dir=<None> # Directory for holding terminal pid files. If not specified, # the temporary directory will be used. (string value) # Time interval (in seconds) for checking the status of # console subprocess. (integer value) #subprocess_checking_interval=1 # Time (in seconds) to wait for the console subprocess to # Indicate whether this resource may be shared with the domain # received in the requests "origin" header. (list value) # Indicate that the actual request can include user # credentials (boolean value) # Indicate which headers are safe to expose to the API. # Defaults to HTTP Simple Headers. (list value) #expose_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma # Maximum cache age of CORS preflight requests. (integer # Indicate which methods can be used during the actual #allow_methods=GET,POST,PUT,DELETE,OPTIONS # Indicate which header field names may be used during the # actual request. (list value) #allow_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma # Indicate whether this resource may be shared with the domain # received in the requests "origin" header. (list value) # Indicate that the actual request can include user # credentials (boolean value) # Indicate which headers are safe to expose to the API. # Defaults to HTTP Simple Headers. (list value) #expose_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma # Maximum cache age of CORS preflight requests. (integer # Indicate which methods can be used during the actual #allow_methods=GET,POST,PUT,DELETE,OPTIONS # Indicate which header field names may be used during the # actual request. (list value) #allow_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma # MySQL engine to use. (string value) # The file name to use with SQLite. (string value) # Deprecated group/name - [DEFAULT]/sqlite_db # If True, SQLite uses synchronous mode. (boolean value) # Deprecated group/name - [DEFAULT]/sqlite_synchronous # The back end to use for the database. (string value) # Deprecated group/name - [DEFAULT]/db_backend # The SQLAlchemy connection string to use to connect to the # database. (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # The SQLAlchemy connection string to use to connect to the # slave database. (string value) # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To # use whatever SQL mode is set by the server configuration, # set this to no value. Example: mysql_sql_mode= (string #mysql_sql_mode=TRADITIONAL # This configures the MySQL storage engine. This allows for OpenStack to # support different storage engines such as InnoDB, NDB, etc. By Default, # this value will be set to InnoDB. For MySQL Cluster, set to NDBCLUSTER. # Example: mysql_storage_engine=(string value) #mysql_storage_engine = InnoDB # Timeout before idle SQL connections are reaped. (integer # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Minimum number of SQL connections to keep open in a pool. # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size # Maximum number of SQL connections to keep open in a pool. # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size # Maximum number of database connection retries during # startup. Set to -1 to specify an infinite retry count. # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries # Interval between retries of opening a SQL connection. # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval # If set, use this value for max_overflow with SQLAlchemy. # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow # Verbosity of SQL debugging information: 0=None, # 100=Everything. (integer value) # Deprecated group/name - [DEFAULT]/sql_connection_debug # Add Python stack traces to SQL as comment strings. (boolean # Deprecated group/name - [DEFAULT]/sql_connection_trace # If set, use this value for pool_timeout with SQLAlchemy. # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout # Enable the experimental use of database reconnect on # connection lost. (boolean value) # Seconds between retries of a database transaction. (integer # If True, increases the interval between retries of a # database operation up to db_max_retry_interval. (boolean #db_inc_retry_interval=true # If db_inc_retry_interval is set, the maximum seconds between # retries of a database operation. (integer value) #db_max_retry_interval=10 # Maximum retries in case of connection error or deadlock # error before error is raised. Set to -1 to specify an # infinite retry count. (integer value) # ironic-conductor node's HTTP server URL. Example: # ironic-conductor node's HTTP root path. (string value) # Priority to run in-band erase devices via the Ironic Python # Agent ramdisk. If unset, will use the priority set in the # ramdisk (defaults to 10 for the GenericHardwareManager). If # set to 0, will not run during cleaning. (integer value) # Deprecated group/name - [agent]/agent_erase_devices_priority #erase_devices_priority=<None> # Number of iterations to be run for erasing devices. (integer # Deprecated group/name - [agent]/agent_erase_devices_iterations #erase_devices_iterations=1 # DHCP provider to use. "neutron" uses Neutron, and "none" # uses a no-op provider. (string value) # After Ironic has completed creating the partition table, it # continues to check for activity on the attached iSCSI device # status at this interval prior to copying the image to the # node, in seconds (integer value) # The maximum number of times to check that the device is not # accessed by another process. If the device is still busy # after that, the disk partitioning will be treated as having # failed. (integer value) #check_device_max_retries=20 # Size of EFI system partition in MiB when configuring UEFI # systems for local boot. (integer value) # Deprecated group/name - [deploy]/efi_system_partition_size #efi_system_partition_size=200 # Block size to use when writing to the nodes disk. (string # Deprecated group/name - [deploy]/dd_block_size # Maximum attempts to verify an iSCSI connection is active, # sleeping 1 second between attempts. (integer value) # Deprecated group/name - [deploy]/iscsi_verify_attempts # A list of URL schemes that can be downloaded directly via # the direct_url. Currently supported schemes: [file]. (list #allowed_direct_url_schemes= # The secret token given to Swift to allow temporary URL # downloads. Required for temporary URLs. (string value) #swift_temp_url_key=<None> # The length of time in seconds that the temporary URL will be # valid for. Defaults to 20 minutes. If some deploys get a 401 # response code when trying to download from the temporary # URL, try raising this duration. This value must be greater # than or equal to the value for # swift_temp_url_expected_download_start_delay (integer value) #swift_temp_url_duration=1200 # Whether to cache generated Swift temporary URLs. Setting it # to true is only useful when an image caching proxy is used. # Defaults to False. (boolean value) #swift_temp_url_cache_enabled=false # This is the delay (in seconds) from the time of the deploy # request (when the Swift temporary URL is generated) to when # the IPA ramdisk starts up and URL is used for the image # download. This value is used to check if the Swift temporary # URL duration is large enough to let the image download # begin. Also if temporary URL caching is enabled this will # determine if a cached entry will still be valid when the # download starts. swift_temp_url_duration value must be # greater than or equal to this option's value. Defaults to 0. #swift_temp_url_expected_download_start_delay=0 # The "endpoint" (scheme, hostname, optional port) for the # not include trailing "/". For example, use # endpoint may also contain /swift path; if it does not, it # will be appended. Required for temporary URLs. (string #swift_endpoint_url=<None> # The Swift API version to create a temporary URL for. # Defaults to "v1". Swift temporary URL format: # The account that Glance uses to communicate with Swift. The # format is "AUTH_uuid". "uuid" is the UUID for the account # URLs when Glance backend is Swift. For example: # "AUTH_a422b2-91f3-2f46-74b7-d7c9e8958f5d30". Swift temporary # The Swift container Glance is configured to store its images # in. Defaults to "glance", which is the default in glance- # This should match a config by the same name in the Glance # configuration file. When set to 0, a single-tenant store # will only use one container to store all images. When set to # an integer value between 1 and 32, a single-tenant store # will use multiple containers to store images, and this value # will determine how many containers are created. (integer #swift_store_multiple_containers_seed=0 # Type of endpoint to use for temporary URLs. If the Glance # backend is Swift, use "swift"; if it is CEPH with RADOS # gateway, use "radosgw". (string value) # Possible values: swift, radosgw #temp_url_endpoint_type=swift # Default glance hostname or IP address. (string value) # Default glance port. (port value) # Possible values: 0-65535 # Default protocol to use when connecting to glance. Set to # https for SSL. (string value) # Possible values: http, https # A list of the glance api servers available to ironic. Prefix # with https:// for SSL-based glance API servers. Format is # [hostname|IP]:port. (list value) #glance_api_servers=<None> # Allow to perform insecure SSL (https) requests to glance. #glance_api_insecure=false # Number of retries when downloading an image from glance. # Authentication strategy to use when connecting to glance. # Possible values: keystone, noauth # Optional path to a CA certificate bundle to be used to # validate the SSL certificate served by glance. It is used # when glance_api_insecure is set to False. (string value) # Maximum retries for iBoot operations (integer value) # Time (in seconds) between retry attempts for iBoot # operations (integer value) # Time (in seconds) to sleep between when rebooting (powering # off and on again). (integer value) # Timeout (in seconds) for iLO operations (integer value) # Port to be used for iLO operations (port value) # Possible values: 0-65535 # The Swift iLO container to store data. (string value) #swift_ilo_container=ironic_ilo_container # Amount of time in seconds for Swift objects to auto-expire. #swift_object_expiry_timeout=900 # Set this to True to use http web server to host floppy # images and generated boot ISO. This requires http_root and # http_url to be configured in the [deploy] section of the # config file. If this is set to False, then Ironic will use # Swift to host the floppy images and generated boot_iso. #use_web_server_for_images=false # Priority for erase devices clean step. If unset, it defaults # to 10. If set to 0, the step will be disabled and will not # run during cleaning. (integer value) #clean_priority_erase_devices=<None> # Priority for reset_ilo clean step. (integer value) #clean_priority_reset_ilo=0 # Priority for reset_bios_to_default clean step. (integer #clean_priority_reset_bios_to_default=10 # Priority for reset_secure_boot_keys clean step. This step # will reset the secure boot keys to manufacturing defaults. #clean_priority_reset_secure_boot_keys_to_default=20 # Priority for clear_secure_boot_keys clean step. This step is # not enabled by default. It can be enabled to clear all # secure boot keys enrolled with iLO. (integer value) #clean_priority_clear_secure_boot_keys=0 # Priority for reset_ilo_credential clean step. This step # requires "ilo_change_password" parameter to be updated in # nodes's driver_info with the new password. (integer value) #clean_priority_reset_ilo_credential=30 # Number of times a power operation needs to be retried # Amount of time in seconds to wait in between power # operations (integer value) # whether to enable inspection using ironic-inspector (boolean # Deprecated group/name - [discoverd]/enabled # ironic-inspector HTTP endpoint. If this is not set, the # be used. (string value) # Deprecated group/name - [discoverd]/service_url # period (in seconds) to check status of nodes on inspection # Deprecated group/name - [discoverd]/status_check_period # Maximum time in seconds to retry IPMI operations. There is a # tradeoff when setting this value. Setting this too low may # cause older BMCs to crash and require a hard reset. However, # setting too high can cause the sync power state periodic # task to hang when there are slow or unresponsive BMCs. # Minimum time, in seconds, between IPMI operations sent to a # server. There is a risk with some hardware that setting this # too low may cause the BMC to crash. Recommended setting is 5 # seconds. (integer value) # Ironic conductor node's "NFS" or "CIFS" root path (string #remote_image_share_root=/remote_image_share_root # IP of remote image server (string value) #remote_image_server=<None> # Share type of virtual media (string value) # Possible values: CIFS, NFS #remote_image_share_type=CIFS # share name of remote_image_server (string value) #remote_image_share_name=share # User name of remote_image_server (string value) #remote_image_user_name=<None> # Password of remote_image_user_name (string value) #remote_image_user_password=<None> # Domain name of remote_image_user_name (string value) #remote_image_user_domain= # Port to be used for iRMC operations (port value) # Possible values: 443, 80 # Authentication method to be used for iRMC operations (string # Possible values: basic, digest # Timeout (in seconds) for iRMC operations (integer value) # Sensor data retrieval method. (string value) # Possible values: ipmitool, scci # SNMP protocol version (string value) # Possible values: v1, v2c, v3 # Possible values: 0-65535 # SNMP community. Required for versions "v1" and "v2c" (string # SNMP security name. Required for version "v3" (string value) # Command that is prefixed to commands that are run as root. # If not specified, no commands are run as root. (string # The region used for getting endpoints of OpenStack services. # Complete public Identity API endpoint. (string value) # API version of the admin Identity API endpoint. (string # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI # components. (boolean value) #delay_auth_decision=false # Request timeout value for communicating with Identity API # server. (integer value) #http_connect_timeout=<None> # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries=3 # Env key for the swift cache. (string value) # Required if identity server requires client certificate # Required if identity server requires client certificate # A PEM encoded Certificate Authority to use when verifying # HTTPs connections. Defaults to system CAs. (string value) # Verify HTTPS connections. (boolean value) # The region in which the identity server can be found. # Directory used to cache files related to PKI tokens. (string # Optionally specify a list of memcached server(s) to use for # caching. If left undefined, tokens will instead be cached # in-process. (list value) # Deprecated group/name - [keystone_authtoken]/memcache_servers #memcached_servers=<None> # In order to prevent excessive effort spent validating # tokens, the middleware caches previously-seen tokens for a # configurable duration (in seconds). Set to -1 to disable # caching completely. (integer value) # Determines the frequency at which the list of revoked tokens # is retrieved from the Identity service (in seconds). A high # number of revocation events combined with a low cache # duration may significantly reduce performance. (integer #revocation_cache_time=10 # (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. If MAC, token # data is authenticated (with HMAC) in the cache. If ENCRYPT, # token data is encrypted and authenticated in the cache. If # the value is not one of these options or empty, auth_token # will raise an exception on initialization. (string value) # Possible values: None, MAC, ENCRYPT #memcache_security_strategy=None # (Optional, mandatory if memcache_security_strategy is # defined) This string is used for key derivation. (string #memcache_secret_key=<None> # (Optional) Number of seconds memcached server is considered # dead before it is tried again. (integer value) #memcache_pool_dead_retry=300 # (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize=10 # (Optional) Socket timeout in seconds for communicating with # a memcached server. (integer value) #memcache_pool_socket_timeout=3 # (Optional) Number of seconds a connection to memcached is # held unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout=60 # (Optional) Number of seconds that an operation will wait to # get a memcached client connection from the pool. (integer #memcache_pool_conn_get_timeout=10 # (Optional) Use the advanced (eventlet safe) memcached client # pool. The advanced pool will only work under python 2.x. #memcache_use_advanced_pool=false # (Optional) Indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) #include_service_catalog=true # Used to control the use and type of token binding. Can be # set to: "disabled" to not check token binding. "permissive" # (default) to validate binding information if the bind type # is of a form known to the server and ignore it if not. # "strict" like "permissive" but if the bind type is unknown # the token will be rejected. "required" any form of token # binding is needed to be allowed. Finally the name of a # binding method that must be present in tokens. (string #enforce_token_bind=permissive # If true, the revocation list will be checked for cached # tokens. This requires that PKI tokens are configured on the # identity server. (boolean value) #check_revocations_for_cached=false # Hash algorithms to use for hashing PKI tokens. This may be a # single algorithm or multiple. The algorithms are those # supported by Python standard hashlib.new(). The hashes will # be tried in the order given, so put the preferred one first # for performance. The result of the first hash will be stored # in the cache. This will typically be set to multiple values # only while migrating from a less secure algorithm to a more # secure one. Once all the old tokens are expired this option # should be set to a single value for better performance. # Authentication type to load (type of value is unknown) # Deprecated group/name - [keystone_authtoken]/auth_plugin # Config Section from which to load plugin specific options # (type of value is unknown) # Complete admin Identity API endpoint. This should specify the unversioned # Service username. (string value) # Service user password. (string value) # Service tenant name. (string value) # Host to locate redis. (string value) # Use this port to connect to redis host. (port value) # Possible values: 0-65535 # Password for Redis server (optional). (string value) # List of Redis Sentinel hosts (fault tolerance mode) e.g. # [host:port, host1:port ... ] (list value) # Redis replica set name. (string value) #sentinel_group_name=oslo-messaging-zeromq # Time in ms to wait between connection attempts. (integer # Time in ms to wait before the transaction is killed. # Timeout in ms on blocking socket operations (integer value) # URL for connecting to neutron. (string value) # Timeout value for connecting to neutron in seconds. (integer # Client retries in the case of a failed request. (integer # Default authentication strategy to use when connecting to # neutron. Running neutron in noauth mode (related to but not # affected by this setting) is insecure and should only be # used for testing. (string value) # Possible values: keystone, noauth # UUID of the network to create Neutron ports on, when booting # to a ramdisk for cleaning using Neutron DHCP. (string value) #cleaning_network_uuid=<None> # URL where OneView is available (string value) # OneView username to be used (string value) # OneView password to be used (string value) # Option to allow insecure connection with OneView (boolean #allow_insecure_connections=false # Path to CA certificate (string value) # Max connection retries to check changes on OneView (integer # Enables or disables inter-process locks. (boolean value) # Deprecated group/name - [DEFAULT]/disable_process_locking #disable_process_locking=false # Directory to use for lock files. For security, the # specified directory should only be writable by the user # running the processes that need locking. Defaults to # environment variable OSLO_LOCK_PATH. If external locks are # used, a lock path must be set. (string value) # Deprecated group/name - [DEFAULT]/lock_path # address prefix used when sending to a specific server # Deprecated group/name - [amqp1]/server_request_prefix #server_request_prefix=exclusive # address prefix used when broadcasting to all servers (string # Deprecated group/name - [amqp1]/broadcast_prefix #broadcast_prefix=broadcast # address prefix when sending to any server in group (string # Deprecated group/name - [amqp1]/group_request_prefix #group_request_prefix=unicast # Name for the AMQP container (string value) # Deprecated group/name - [amqp1]/container_name # Timeout for inactive connections (in seconds) (integer # Deprecated group/name - [amqp1]/idle_timeout # Debug: dump AMQP frames to stdout (boolean value) # CA certificate PEM file to verify server certificate (string # Deprecated group/name - [amqp1]/ssl_ca_file # Identifying certificate PEM file to present to clients # Deprecated group/name - [amqp1]/ssl_cert_file # Private key PEM file used to sign cert_file certificate # Deprecated group/name - [amqp1]/ssl_key_file # Password for decrypting ssl_key_file (if encrypted) (string # Deprecated group/name - [amqp1]/ssl_key_password # Accept clients using either SSL or plain TCP (boolean value) # Deprecated group/name - [amqp1]/allow_insecure_clients #allow_insecure_clients=false # Space separated list of acceptable SASL mechanisms (string # Deprecated group/name - [amqp1]/sasl_mechanisms # Path to directory that contains the SASL configuration # Deprecated group/name - [amqp1]/sasl_config_dir # Name of configuration file (without .conf suffix) (string # Deprecated group/name - [amqp1]/sasl_config_name # User name for message broker authentication (string value) # Password for message broker authentication (string value) # The Drivers(s) to handle sending notifications. Possible # values are messaging, messagingv2, routing, log, test, noop # Deprecated group/name - [DEFAULT]/notification_driver # A URL representing the messaging driver to use for # notifications. If not set, we fall back to the same # configuration used for RPC. (string value) # Deprecated group/name - [DEFAULT]/notification_transport_url # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics # Deprecated group/name - [DEFAULT]/notification_topics # Use durable queues in AMQP. (boolean value) # Deprecated group/name - [DEFAULT]/amqp_durable_queues # Deprecated group/name - [DEFAULT]/rabbit_durable_queues #amqp_durable_queues=false # Auto-delete queues in AMQP. (boolean value) # Deprecated group/name - [DEFAULT]/amqp_auto_delete # SSL version to use (valid only if SSL enabled). Valid values # are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may # be available on some distributions. (string value) # Deprecated group/name - [DEFAULT]/kombu_ssl_version # SSL key file (valid only if SSL enabled). (string value) # Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile # SSL cert file (valid only if SSL enabled). (string value) # Deprecated group/name - [DEFAULT]/kombu_ssl_certfile # SSL certification authority file (valid only if SSL # enabled). (string value) # Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs # How long to wait before reconnecting in response to an AMQP # consumer cancel notification. (floating point value) # Deprecated group/name - [DEFAULT]/kombu_reconnect_delay #kombu_reconnect_delay=1.0 # EXPERIMENTAL: Possible values are: gzip, bz2. If not set # compression will not be used. This option may notbe # available in future versions. (string value) #kombu_compression=<None> # How long to wait a missing client beforce abandoning to send # it its replies. This value should not be longer than # rpc_response_timeout. (integer value) # Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout #kombu_missing_consumer_retry_timeout=60 # Determines how the next RabbitMQ node is chosen in case the # one we are currently connected to becomes unavailable. Takes # effect only if more than one RabbitMQ node is provided in # Possible values: round-robin, shuffle #kombu_failover_strategy=round-robin # The RabbitMQ broker address where a single node is used. # Deprecated group/name - [DEFAULT]/rabbit_host # The RabbitMQ broker port where a single node is used. (port # Possible values: 0-65535 # Deprecated group/name - [DEFAULT]/rabbit_port # RabbitMQ HA cluster host:port pairs. (list value) # Deprecated group/name - [DEFAULT]/rabbit_hosts #rabbit_hosts=$rabbit_host:$rabbit_port # Connect over SSL for RabbitMQ. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_use_ssl # The RabbitMQ userid. (string value) # Deprecated group/name - [DEFAULT]/rabbit_userid # The RabbitMQ password. (string value) # Deprecated group/name - [DEFAULT]/rabbit_password # The RabbitMQ login method. (string value) # Deprecated group/name - [DEFAULT]/rabbit_login_method #rabbit_login_method=AMQPLAIN # The RabbitMQ virtual host. (string value) # Deprecated group/name - [DEFAULT]/rabbit_virtual_host # How frequently to retry connecting with RabbitMQ. (integer # How long to backoff for between retries when connecting to # RabbitMQ. (integer value) # Deprecated group/name - [DEFAULT]/rabbit_retry_backoff # Maximum interval of RabbitMQ connection retries. Default is # 30 seconds. (integer value) # Maximum number of RabbitMQ connection retries. Default is 0 # (infinite retry count). (integer value) # Deprecated group/name - [DEFAULT]/rabbit_max_retries # Try to use HA queues in RabbitMQ (x-ha-policy: all). If you # change this option, you must wipe the RabbitMQ database. In # RabbitMQ 3.0, queue mirroring is no longer controlled by the # x-ha-policy argument when declaring a queue. If you just # want to make sure that all queues (except those with auto- # generated names) are mirrored across all nodes, run: # "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-mode": # "all"}' " (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_ha_queues # Positive integer representing duration in seconds for queue # TTL (x-expires). Queues which are unused for the duration of # the TTL are automatically deleted. The parameter affects # only reply and fanout queues. (integer value) #rabbit_transient_queues_ttl=1800 # Specifies the number of messages to prefetch. Setting to # zero allows unlimited messages. (integer value) #rabbit_qos_prefetch_count=0 # Number of seconds after which the Rabbit broker is # considered down if heartbeat's keep-alive fails (0 disable # the heartbeat). EXPERIMENTAL (integer value) #heartbeat_timeout_threshold=60 # How often times during the heartbeat_timeout_threshold we # check the heartbeat. (integer value) # Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake # Deprecated group/name - [DEFAULT]/fake_rabbit # Maximum number of channels to allow (integer value) # The maximum byte size for an AMQP frame (integer value) # How often to send heartbeats for consumer's connections # Enable SSL (boolean value) # Arguments passed to ssl.wrap_socket (dict value) # Set socket timeout in seconds for connection's socket # Set TCP_USER_TIMEOUT in seconds for connection's socket # Set delay for reconnection to some host which has connection # error (floating point value) #host_connection_reconnect_delay=0.25 # Maximum number of connections to keep queued. (integer # Maximum number of connections to create above # `pool_max_size`. (integer value) # Default number of seconds to wait for a connections to # available (integer value) # Lifetime of a connection (since creation) in seconds or None # for no recycling. Expired connections are closed on acquire. # Threshold at which inactive (since release) connections are # considered stale in seconds or None for no staleness. Stale # connections are closed on acquire. (integer value) # Persist notification messages. (boolean value) #notification_persistence=false # Exchange name for for sending notifications (string value) #default_notification_exchange=${control_exchange}_notification # Max number of not acknowledged message which RabbitMQ can # send to notification listener. (integer value) #notification_listener_prefetch_count=100 # Reconnecting retry count in case of connectivity problem # during sending notification, -1 means infinite retry. #default_notification_retry_attempts=-1 # Reconnecting retry delay in case of connectivity problem # during sending notification message (floating point value) #notification_retry_delay=0.25 # Time to live for rpc queues without consumers in seconds. # Exchange name for sending RPC messages (string value) #default_rpc_exchange=${control_exchange}_rpc # Exchange name for receiving RPC replies (string value) #rpc_reply_exchange=${control_exchange}_rpc_reply # Max number of not acknowledged message which RabbitMQ can # send to rpc listener. (integer value) #rpc_listener_prefetch_count=100 # Max number of not acknowledged message which RabbitMQ can # send to rpc reply listener. (integer value) #rpc_reply_listener_prefetch_count=100 # Reconnecting retry count in case of connectivity problem # during sending reply. -1 means infinite retry during # rpc_timeout (integer value) #rpc_reply_retry_attempts=-1 # Reconnecting retry delay in case of connectivity problem # during sending reply. (floating point value) #rpc_reply_retry_delay=0.25 # Reconnecting retry count in case of connectivity problem # during sending RPC message, -1 means infinite retry. If # actual retry attempts in not 0 the rpc request could be # processed more then one time (integer value) #default_rpc_retry_attempts=-1 # Reconnecting retry delay in case of connectivity problem # during sending RPC message (floating point value) # The maximum body size for each request, in bytes. (integer # Deprecated group/name - [DEFAULT]/osapi_max_request_body_size # Deprecated group/name - [DEFAULT]/max_request_body_size #max_request_body_size=114688 # The HTTP Header that will be used to determine what the # original request protocol scheme was, even if it was hidden # by an SSL termination proxy. (string value) # This option is deprecated and planned for removal in a future release. #secure_proxy_ssl_header=X-Forwarded-Proto # The JSON file that defines policies. (string value) # Deprecated group/name - [DEFAULT]/policy_file # Default rule. Enforced when a requested rule is not found. # Deprecated group/name - [DEFAULT]/policy_default_rule #policy_default_rule=default # Directories where policy configuration files are stored. # They can be relative to any directory in the search path # defined by the config_dir option, or absolute paths. The # file defined by policy_file must exist for these directories # to be searched. Missing or empty directories are ignored. # Deprecated group/name - [DEFAULT]/policy_dirs # Make exception message format errors fatal (boolean value) #fatal_exception_format_errors=false # Additional append parameters for baremetal PXE boot. (string #pxe_append_params=nofb nomodeset vga=normal # Default file system format for ephemeral partition, if one # is created. (string value) #default_ephemeral_format=ext4 # On the ironic-conductor node, directory where images are # stored on disk. (string value) # On the ironic-conductor node, directory where master # instance images are stored on disk. Setting to <None> # disables image caching. (string value) # Maximum size (in MiB) of cache for master images, including # those in use. (integer value) # Maximum TTL (in minutes) for old master images in cache. # The disk devices to scan while doing the deploy. (string # On ironic-conductor node, template file for PXE # configuration. (string value) # On ironic-conductor node, template file for PXE # configuration for UEFI boot loader. (string value) # IP address of ironic-conductor node's TFTP server. (string # ironic-conductor node's TFTP root path. The ironic-conductor # must have read/write access to this path. (string value) # On ironic-conductor node, directory where master TFTP images # are stored on disk. Setting to <None> disables image # caching. (string value) # Bootfile DHCP parameter. (string value) #pxe_bootfile_name=pxelinux.0 # Bootfile DHCP parameter for UEFI boot mode. (string value) # Enable iPXE boot. (boolean value) # On ironic-conductor node, the path to the main iPXE script # Timeout value (in seconds) for downloading an image via # iPXE. Defaults to 0 (no timeout) (integer value) # The IP version that will be used for PXE booting. Defaults # to 4. EXPERIMENTAL (string value) # Maximum retries for SeaMicro operations (integer value) # Seconds to wait for power action to be completed (integer # Seconds to wait for power action to be completed (integer # Time (in seconds) to sleep between when rebooting (powering # off and on again) (integer value) # Default path to image cache. (string value) # Timeout to wait when attempting to lock refcount file. #imagecache_lock_timeout=60 # libvirt URI. (string value) #libvirt_uri=qemu:///system # Number of attempts to try to get VM name used by the host # that corresponds to a node's MAC address. (integer value) # Number of seconds to wait between attempts to get VM name # used by the host that corresponds to a node's MAC address. #get_vm_name_retry_interval=3 # CA certificate file to use to verify connecting clients. # Deprecated group/name - [DEFAULT]/ssl_ca_file # Certificate file to use when starting the server securely. # Deprecated group/name - [DEFAULT]/ssl_cert_file # Private key file to use when starting the server securely. # Deprecated group/name - [DEFAULT]/ssl_key_file # SSL version to use (valid only if SSL enabled). Valid values # are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may # be available on some distributions. (string value) # Sets the list of available ciphers. value should be a string # in the OpenSSL cipher list format. (string value) # Maximum number of times to retry a Swift request, before # failing. (integer value) # Port on which VirtualBox web service is listening. (port # Possible values: 0-65535