bc5bf5e34c
eventlet_backdoor was included in the original copy from Ironic and isn't used anymore. Change-Id: I392fba9688c8a1722bb5226ee8050315f3551fde
475 lines
13 KiB
Plaintext
475 lines
13 KiB
Plaintext
[DEFAULT]
|
|
|
|
#
|
|
# Options defined in tuskar.netconf
|
|
#
|
|
|
|
# ip address of this host (string value)
|
|
#my_ip=10.0.0.1
|
|
|
|
# use ipv6 (boolean value)
|
|
#use_ipv6=false
|
|
|
|
|
|
#
|
|
# Options defined in tuskar.api
|
|
#
|
|
|
|
# IP for the Tuskar API server to bind to (string value)
|
|
#tuskar_api_bind_ip=0.0.0.0
|
|
|
|
# The port for the Tuskar API server (integer value)
|
|
#tuskar_api_port=8585
|
|
|
|
# Local path holding tripleo-heat-templates (string value)
|
|
#tht_local_dir=/etc/tuskar/tripleo-heat-templates/
|
|
|
|
|
|
#
|
|
# Options defined in tuskar.api.app
|
|
#
|
|
|
|
# Method to use for auth: noauth or keystone. (string value)
|
|
#auth_strategy=noauth
|
|
|
|
|
|
#
|
|
# Options defined in tuskar.common.exception
|
|
#
|
|
|
|
# make exception message format errors fatal (boolean value)
|
|
#fatal_exception_format_errors=false
|
|
|
|
|
|
#
|
|
# Options defined in tuskar.common.paths
|
|
#
|
|
|
|
# Directory where the nova python module is installed (string
|
|
# value)
|
|
#pybasedir=/usr/lib/python/site-packages/tuskar
|
|
|
|
# Directory where nova binaries are installed (string value)
|
|
#bindir=$pybasedir/bin
|
|
|
|
# Top-level directory for maintaining nova's state (string
|
|
# value)
|
|
#state_path=$pybasedir
|
|
|
|
|
|
#
|
|
# Options defined in tuskar.db.sqlalchemy.models
|
|
#
|
|
|
|
# MySQL engine (string value)
|
|
#mysql_engine=InnoDB
|
|
|
|
|
|
#
|
|
# Options defined in tuskar.openstack.common.db.sqlalchemy.session
|
|
#
|
|
|
|
# the filename to use with sqlite (string value)
|
|
#sqlite_db=tuskar.sqlite
|
|
|
|
# If true, use synchronous mode for sqlite (boolean value)
|
|
#sqlite_synchronous=true
|
|
|
|
|
|
#
|
|
# Options defined in tuskar.openstack.common.lockutils
|
|
#
|
|
|
|
# Whether to disable inter-process locks (boolean value)
|
|
#disable_process_locking=false
|
|
|
|
# Directory to use for lock files. (string value)
|
|
#lock_path=<None>
|
|
|
|
|
|
#
|
|
# Options defined in tuskar.openstack.common.log
|
|
#
|
|
|
|
# Print debugging output (set logging level to DEBUG instead
|
|
# of default WARNING level). (boolean value)
|
|
#debug=false
|
|
|
|
# Print more verbose output (set logging level to INFO instead
|
|
# of default WARNING level). (boolean value)
|
|
#verbose=false
|
|
|
|
# Log output to standard error (boolean value)
|
|
#use_stderr=true
|
|
|
|
# Format string to use for log messages with context (string
|
|
# value)
|
|
#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
|
|
|
|
# Format string to use for log messages without context
|
|
# (string value)
|
|
#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
|
|
|
|
# Data to append to log format when level is DEBUG (string
|
|
# value)
|
|
#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d
|
|
|
|
# Prefix each line of exception output with this format
|
|
# (string value)
|
|
#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
|
|
|
|
# List of logger=LEVEL pairs (list value)
|
|
#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN
|
|
|
|
# Publish error events (boolean value)
|
|
#publish_errors=false
|
|
|
|
# Make deprecations fatal (boolean value)
|
|
#fatal_deprecations=false
|
|
|
|
# If an instance is passed with the log message, format it
|
|
# like this (string value)
|
|
#instance_format="[instance: %(uuid)s] "
|
|
|
|
# If an instance UUID is passed with the log message, format
|
|
# it like this (string value)
|
|
#instance_uuid_format="[instance: %(uuid)s] "
|
|
|
|
# The name of logging configuration file. It does not disable
|
|
# existing loggers, but just appends specified logging
|
|
# configuration to any other existing logging options. Please
|
|
# see the Python logging module documentation for details on
|
|
# logging configuration files. (string value)
|
|
# Deprecated group/name - [DEFAULT]/log_config
|
|
#log_config_append=<None>
|
|
|
|
# DEPRECATED. A logging.Formatter log message format string
|
|
# which may use any of the available logging.LogRecord
|
|
# attributes. This option is deprecated. Please use
|
|
# logging_context_format_string and
|
|
# logging_default_format_string instead. (string value)
|
|
#log_format=<None>
|
|
|
|
# Format string for %%(asctime)s in log records. Default:
|
|
# %(default)s (string value)
|
|
#log_date_format=%Y-%m-%d %H:%M:%S
|
|
|
|
# (Optional) Name of log file to output to. If no default is
|
|
# set, logging will go to stdout. (string value)
|
|
# Deprecated group/name - [DEFAULT]/logfile
|
|
#log_file=<None>
|
|
|
|
# (Optional) The base directory used for relative --log-file
|
|
# paths (string value)
|
|
# Deprecated group/name - [DEFAULT]/logdir
|
|
#log_dir=<None>
|
|
|
|
# Use syslog for logging. Existing syslog format is DEPRECATED
|
|
# during I, and then will be changed in J to honor RFC5424
|
|
# (boolean value)
|
|
#use_syslog=false
|
|
|
|
# (Optional) Use syslog rfc5424 format for logging. If
|
|
# enabled, will add APP-NAME (RFC5424) before the MSG part of
|
|
# the syslog message. The old format without APP-NAME is
|
|
# deprecated in I, and will be removed in J. (boolean value)
|
|
#use_syslog_rfc_format=false
|
|
|
|
# Syslog facility to receive log lines (string value)
|
|
#syslog_log_facility=LOG_USER
|
|
|
|
|
|
#
|
|
# Options defined in tuskar.openstack.common.policy
|
|
#
|
|
|
|
# The JSON file that defines policies. (string value)
|
|
#policy_file=policy.json
|
|
|
|
# Default rule. Enforced when a requested rule is not found.
|
|
# (string value)
|
|
#policy_default_rule=default
|
|
|
|
|
|
#
|
|
# Options defined in tuskar.storage.drivers.sqlalchemy
|
|
#
|
|
|
|
# MySQL engine (string value)
|
|
#mysql_engine=InnoDB
|
|
|
|
|
|
[database]
|
|
|
|
#
|
|
# Options defined in tuskar.openstack.common.db.api
|
|
#
|
|
|
|
# The backend to use for db (string value)
|
|
# Deprecated group/name - [DEFAULT]/db_backend
|
|
#backend=sqlalchemy
|
|
|
|
# Enable the experimental use of thread pooling for all DB API
|
|
# calls (boolean value)
|
|
# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
|
|
#use_tpool=false
|
|
|
|
|
|
#
|
|
# Options defined in tuskar.openstack.common.db.sqlalchemy.session
|
|
#
|
|
|
|
# The SQLAlchemy connection string used to connect to the
|
|
# database (string value)
|
|
# Deprecated group/name - [DEFAULT]/sql_connection
|
|
#connection=sqlite:////tuskar/openstack/common/db/$sqlite_db
|
|
|
|
# timeout before idle sql connections are reaped (integer
|
|
# value)
|
|
# Deprecated group/name - [DEFAULT]/sql_idle_timeout
|
|
#idle_timeout=3600
|
|
|
|
# Minimum number of SQL connections to keep open in a pool
|
|
# (integer value)
|
|
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
|
|
#min_pool_size=1
|
|
|
|
# Maximum number of SQL connections to keep open in a pool
|
|
# (integer value)
|
|
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
|
|
#max_pool_size=5
|
|
|
|
# maximum db connection retries during startup. (setting -1
|
|
# implies an infinite retry count) (integer value)
|
|
# Deprecated group/name - [DEFAULT]/sql_max_retries
|
|
#max_retries=10
|
|
|
|
# interval between retries of opening a sql connection
|
|
# (integer value)
|
|
# Deprecated group/name - [DEFAULT]/sql_retry_interval
|
|
#retry_interval=10
|
|
|
|
# If set, use this value for max_overflow with sqlalchemy
|
|
# (integer value)
|
|
# Deprecated group/name - [DEFAULT]/sql_max_overflow
|
|
#max_overflow=<None>
|
|
|
|
# Verbosity of SQL debugging information. 0=None,
|
|
# 100=Everything (integer value)
|
|
# Deprecated group/name - [DEFAULT]/sql_connection_debug
|
|
#connection_debug=0
|
|
|
|
# Add python stack traces to SQL as comment strings (boolean
|
|
# value)
|
|
# Deprecated group/name - [DEFAULT]/sql_connection_trace
|
|
#connection_trace=false
|
|
|
|
|
|
[heat]
|
|
|
|
#
|
|
# Options defined in tuskar.heat.client
|
|
#
|
|
|
|
# Name of the overcloud Heat stack (string value)
|
|
#stack_name=overcloud
|
|
|
|
# Heat API service type registered in keystone (string value)
|
|
#service_type=orchestration
|
|
|
|
# Heat API service endpoint type in keystone (string value)
|
|
#endpoint_type=publicURL
|
|
|
|
|
|
[heat_keystone]
|
|
|
|
#
|
|
# Options defined in tuskar.heat.client
|
|
#
|
|
|
|
# The name of a user the overcloud is deployed on behalf of
|
|
# (string value)
|
|
#username=admin
|
|
|
|
# The pass of a user the overcloud is deployed on behalf of
|
|
# (string value)
|
|
#password=<None>
|
|
|
|
# The tenant name the overcloud is deployed on behalf of
|
|
# (string value)
|
|
#tenant_name=admin
|
|
|
|
# Keystone authentication URL (string value)
|
|
#auth_url=http://localhost:35357/v2.0
|
|
|
|
# Set to False when Heat API uses HTTPS (boolean value)
|
|
#insecure=true
|
|
|
|
|
|
[keystone_authtoken]
|
|
|
|
#
|
|
# Options defined in keystoneclient.middleware.auth_token
|
|
#
|
|
|
|
# Prefix to prepend at the beginning of the path. Deprecated,
|
|
# use identity_uri. (string value)
|
|
#auth_admin_prefix=
|
|
|
|
# Host providing the admin Identity API endpoint. Deprecated,
|
|
# use identity_uri. (string value)
|
|
#auth_host=127.0.0.1
|
|
|
|
# Port of the admin Identity API endpoint. Deprecated, use
|
|
# identity_uri. (integer value)
|
|
#auth_port=35357
|
|
|
|
# Protocol of the admin Identity API endpoint (http or https).
|
|
# Deprecated, use identity_uri. (string value)
|
|
#auth_protocol=https
|
|
|
|
# Complete public Identity API endpoint (string value)
|
|
#auth_uri=<None>
|
|
|
|
# Complete admin Identity API endpoint. This should specify
|
|
# the unversioned root endpoint e.g. https://localhost:35357/
|
|
# (string value)
|
|
#identity_uri=<None>
|
|
|
|
# API version of the admin Identity API endpoint (string
|
|
# value)
|
|
#auth_version=<None>
|
|
|
|
# Do not handle authorization requests within the middleware,
|
|
# but delegate the authorization decision to downstream WSGI
|
|
# components (boolean value)
|
|
#delay_auth_decision=false
|
|
|
|
# Request timeout value for communicating with Identity API
|
|
# server. (boolean value)
|
|
#http_connect_timeout=<None>
|
|
|
|
# How many times are we trying to reconnect when communicating
|
|
# with Identity API Server. (integer value)
|
|
#http_request_max_retries=3
|
|
|
|
# This option is deprecated and may be removed in a future
|
|
# release. Single shared secret with the Keystone
|
|
# configuration used for bootstrapping a Keystone
|
|
# installation, or otherwise bypassing the normal
|
|
# authentication process. This option should not be used, use
|
|
# `admin_user` and `admin_password` instead. (string value)
|
|
#admin_token=<None>
|
|
|
|
# Keystone account username (string value)
|
|
#admin_user=<None>
|
|
|
|
# Keystone account password (string value)
|
|
#admin_password=<None>
|
|
|
|
# Keystone service account tenant name to validate user tokens
|
|
# (string value)
|
|
#admin_tenant_name=admin
|
|
|
|
# Env key for the swift cache (string value)
|
|
#cache=<None>
|
|
|
|
# Required if Keystone server requires client certificate
|
|
# (string value)
|
|
#certfile=<None>
|
|
|
|
# Required if Keystone server requires client certificate
|
|
# (string value)
|
|
#keyfile=<None>
|
|
|
|
# A PEM encoded Certificate Authority to use when verifying
|
|
# HTTPs connections. Defaults to system CAs. (string value)
|
|
#cafile=<None>
|
|
|
|
# Verify HTTPS connections. (boolean value)
|
|
#insecure=false
|
|
|
|
# Directory used to cache files related to PKI tokens (string
|
|
# value)
|
|
#signing_dir=<None>
|
|
|
|
# Optionally specify a list of memcached server(s) to use for
|
|
# caching. If left undefined, tokens will instead be cached
|
|
# in-process. (list value)
|
|
# Deprecated group/name - [DEFAULT]/memcache_servers
|
|
#memcached_servers=<None>
|
|
|
|
# In order to prevent excessive effort spent validating
|
|
# tokens, the middleware caches previously-seen tokens for a
|
|
# configurable duration (in seconds). Set to -1 to disable
|
|
# caching completely. (integer value)
|
|
#token_cache_time=300
|
|
|
|
# Determines the frequency at which the list of revoked tokens
|
|
# is retrieved from the Identity service (in seconds). A high
|
|
# number of revocation events combined with a low cache
|
|
# duration may significantly reduce performance. (integer
|
|
# value)
|
|
#revocation_cache_time=10
|
|
|
|
# (optional) if defined, indicate whether token data should be
|
|
# authenticated or authenticated and encrypted. Acceptable
|
|
# values are MAC or ENCRYPT. If MAC, token data is
|
|
# authenticated (with HMAC) in the cache. If ENCRYPT, token
|
|
# data is encrypted and authenticated in the cache. If the
|
|
# value is not one of these options or empty, auth_token will
|
|
# raise an exception on initialization. (string value)
|
|
#memcache_security_strategy=<None>
|
|
|
|
# (optional, mandatory if memcache_security_strategy is
|
|
# defined) this string is used for key derivation. (string
|
|
# value)
|
|
#memcache_secret_key=<None>
|
|
|
|
# (optional) indicate whether to set the X-Service-Catalog
|
|
# header. If False, middleware will not ask for service
|
|
# catalog on token validation and will not set the X-Service-
|
|
# Catalog header. (boolean value)
|
|
#include_service_catalog=true
|
|
|
|
# Used to control the use and type of token binding. Can be
|
|
# set to: "disabled" to not check token binding. "permissive"
|
|
# (default) to validate binding information if the bind type
|
|
# is of a form known to the server and ignore it if not.
|
|
# "strict" like "permissive" but if the bind type is unknown
|
|
# the token will be rejected. "required" any form of token
|
|
# binding is needed to be allowed. Finally the name of a
|
|
# binding method that must be present in tokens. (string
|
|
# value)
|
|
#enforce_token_bind=permissive
|
|
|
|
# If true, the revocation list will be checked for cached
|
|
# tokens. This requires that PKI tokens are configured on the
|
|
# Keystone server. (boolean value)
|
|
#check_revocations_for_cached=false
|
|
|
|
# Hash algorithms to use for hashing PKI tokens. This may be a
|
|
# single algorithm or multiple. The algorithms are those
|
|
# supported by Python standard hashlib.new(). The hashes will
|
|
# be tried in the order given, so put the preferred one first
|
|
# for performance. The result of the first hash will be stored
|
|
# in the cache. This will typically be set to multiple values
|
|
# only while migrating from a less secure algorithm to a more
|
|
# secure one. Once all the old tokens are expired this option
|
|
# should be set to a single value for better performance.
|
|
# (list value)
|
|
#hash_algorithms=md5
|
|
|
|
|
|
[storage]
|
|
|
|
#
|
|
# Options defined in tuskar.storage
|
|
#
|
|
|
|
# Storage driver to store Deployment Plans and Heat
|
|
# Orchestration Templates (string value)
|
|
#driver=tuskar.storage.drivers.sqlalchemy.SQLAlchemyDriver
|
|
|
|
|