Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

Configuration Reference

Red Hat OpenStack Platform 11

Configuring Red Hat OpenStack Platform environments

OpenStack Documentation Team

Abstract

This document is for system administrators who want to look up configuration options. It contains lists of configuration options available with OpenStack and uses auto-generation to generate options and the descriptions from the code for each project.

Chapter 1. Common Configurations

This chapter describes the common configurations for shared service and libraries.

1.1. Common Configuration Options

1.1.1. Description of Configuration Options

The following tables provide a comprehensive list of the common configuration options.

Table 1.1. Description of AMQP configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

control_exchange = openstack

(String) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.

default_publisher_id = None

(String) Default publisher_id for outgoing notifications

transport_url = None

(String) A URL representing the messaging driver to use and its full configuration. If not set, we fall back to the rpc_backend option and driver specific configuration.

Table 1.2. Description of authentication configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

auth_strategy = keystone

(String) This determines the strategy to use for authentication: keystone or noauth2. 'noauth2' is designed for testing only, as it does no actual credential checking. 'noauth2' provides administrative credentials only if 'admin' is specified as the username.

Table 1.3. Description of authorization token configuration options

Configuration option = Default valueDescription

[keystone_authtoken]

 

admin_password = None

(String) Service user password.

admin_tenant_name = admin

(String) Service tenant name.

admin_token = None

(String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use admin_user and admin_password instead.

admin_user = None

(String) Service username.

auth_admin_prefix =

(String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.

auth_host = 127.0.0.1

(String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.

auth_port = 35357

(Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.

auth_protocol = https

(String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.

auth_section = None

(Unknown) Config Section from which to load plugin specific options

auth_type = None

(Unknown) Authentication type to load

auth_uri = None

(String) Complete "public" Identity API endpoint. This endpoint should not be an "admin" endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint.

auth_version = None

(String) API version of the admin Identity API endpoint.

cache = None

(String) Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option to have the middleware share a caching backend with swift. Otherwise, use the memcached_servers option instead.

cafile = None

(String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.

certfile = None

(String) Required if identity server requires client certificate

check_revocations_for_cached = False

(Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.

delay_auth_decision = False

(Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.

enforce_token_bind = permissive

(String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.

hash_algorithms = md5

(List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.

http_connect_timeout = None

(Integer) Request timeout value for communicating with Identity API server.

http_request_max_retries = 3

(Integer) How many times are we trying to reconnect when communicating with Identity API Server.

identity_uri = None

(String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/

include_service_catalog = True

(Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.

insecure = False

(Boolean) Verify HTTPS connections.

keyfile = None

(String) Required if identity server requires client certificate

memcache_pool_conn_get_timeout = 10

(Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.

memcache_pool_dead_retry = 300

(Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.

memcache_pool_maxsize = 10

(Integer) (Optional) Maximum total number of open connections to every memcached server.

memcache_pool_socket_timeout = 3

(Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.

memcache_pool_unused_timeout = 60

(Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.

memcache_secret_key = None

(String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.

memcache_security_strategy = None

(String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.

memcache_use_advanced_pool = False

(Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.

memcached_servers = None

(List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.

region_name = None

(String) The region in which the identity server can be found.

revocation_cache_time = 10

(Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. Only valid for PKI tokens.

signing_dir = None

(String) Directory used to cache files related to PKI tokens.

token_cache_time = 300

(Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.

Table 1.4. Description of database configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

db_driver = SERVICE.db

(String) DEPRECATED: The driver to use for database access

[database]

 

backend = sqlalchemy

(String) The back end to use for the database.

connection = None

(String) The SQLAlchemy connection string to use to connect to the database.

connection_debug = 0

(Integer) Verbosity of SQL debugging information: 0=None, 100=Everything.

connection_trace = False

(Boolean) Add Python stack traces to SQL as comment strings.

db_inc_retry_interval = True

(Boolean) If True, increases the interval between retries of a database operation up to db_max_retry_interval.

db_max_retries = 20

(Integer) Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.

db_max_retry_interval = 10

(Integer) If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.

db_retry_interval = 1

(Integer) Seconds between retries of a database transaction.

idle_timeout = 3600

(Integer) Timeout before idle SQL connections are reaped.

max_overflow = 50

(Integer) If set, use this value for max_overflow with SQLAlchemy.

max_pool_size = None

(Integer) Maximum number of SQL connections to keep open in a pool.

max_retries = 10

(Integer) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.

min_pool_size = 1

(Integer) Minimum number of SQL connections to keep open in a pool.

mysql_sql_mode = TRADITIONAL

(String) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=

pool_timeout = None

(Integer) If set, use this value for pool_timeout with SQLAlchemy.

retry_interval = 10

(Integer) Interval between retries of opening a SQL connection.

slave_connection = None

(String) The SQLAlchemy connection string to use to connect to the slave database.

sqlite_db = oslo.sqlite

(String) The file name to use with SQLite.

sqlite_synchronous = True

(Boolean) If True, SQLite uses synchronous mode.

use_db_reconnect = False

(Boolean) Enable the experimental use of database reconnect on connection lost.

use_tpool = False

(Boolean) Enable the experimental use of thread pooling for all DB API calls

Table 1.5. Description of common logging configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

debug = False

(Boolean) If set to true, the logging level will be set to DEBUG instead of the default INFO level.

default_log_levels = amqp=WARN, amqplib=WARN, boto=WARN, qpid=WARN, sqlalchemy=WARN, suds=INFO, oslo.messaging=INFO, iso8601=WARN, requests.packages.urllib3.connectionpool=WARN, urllib3.connectionpool=WARN, websocket=WARN, requests.packages.urllib3.util.retry=WARN, urllib3.util.retry=WARN, keystonemiddleware=WARN, routes.middleware=WARN, stevedore=WARN, taskflow=WARN, keystoneauth=WARN, oslo.cache=INFO, dogpile.core.dogpile=INFO

(List) List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.

fatal_deprecations = False

(Boolean) Enables or disables fatal status of deprecations.

fatal_exception_format_errors = False

(Boolean) Make exception message format errors fatal

instance_format = "[instance: %(uuid)s] "

(String) The format for an instance that is passed with the log message.

instance_uuid_format = "[instance: %(uuid)s] "

(String) The format for an instance UUID that is passed with the log message.

log_config_append = None

(String) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, logging_context_format_string).

log_date_format = %Y-%m-%d %H:%M:%S

(String) Defines the format string for %%(asctime)s in log records. Default: %(default)s . This option is ignored if log_config_append is set.

log_dir = None

(String) (Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.

log_file = None

(String) (Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.

logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s

(String) Format string to use for log messages with context.

logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d

(String) Additional data to append to log message when logging level for the message is DEBUG.

logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

(String) Format string to use for log messages when context is undefined.

logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

(String) Prefix each line of exception output with this format.

logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s

(String) Defines the format string for %(user_identity)s that is used in logging_context_format_string.

publish_errors = False

(Boolean) Enables or disables publication of error events.

syslog_log_facility = LOG_USER

(String) Syslog facility to receive log lines. This option is ignored if log_config_append is set.

use_stderr = True

(Boolean) Log output to standard error. This option is ignored if log_config_append is set.

use_syslog = False

(Boolean) Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.

verbose = True

(Boolean) DEPRECATED: If set to false, the logging level will be set to WARNING instead of the default INFO level.

watch_log_file = False

(Boolean) Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.

Table 1.6. Description of policy configuration options

Configuration option = Default valueDescription

[oslo_policy]

 

policy_default_rule = default

(String) Default rule. Enforced when a requested rule is not found.

policy_dirs = ['policy.d']

(Multi-valued) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.

policy_file = policy.json

(String) The JSON file that defines policies.

Table 1.7. Description of RPC configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

notification_format = both

(String) Specifies which notification format shall be used by nova.

rpc_backend = rabbit

(String) The messaging driver to use, defaults to rabbit. Other drivers include amqp and zmq.

rpc_cast_timeout = -1

(Integer) Seconds to wait before a cast expires (TTL). The default value of -1 specifies an infinite linger period. The value of 0 specifies no linger period. Pending messages shall be discarded immediately when the socket is closed. Only supported by impl_zmq.

rpc_conn_pool_size = 30

(Integer) Size of RPC connection pool.

rpc_poll_timeout = 1

(Integer) The default number of seconds that poll should wait. Poll raises timeout exception when timeout expired.

rpc_response_timeout = 60

(Integer) Seconds to wait for a response from a call.

[cells]

 

rpc_driver_queue_base = cells.intercell

(String) RPC driver queue base When sending a message to another cell by JSON-ifying the message and making an RPC cast to 'process_message', a base queue is used. This option defines the base queue name to be used when communicating between cells. Various topics by message type will be appended to this.

Possible values: * The base queue name to be used when communicating between cells. Services which consume this: * nova-cells

Related options: * None

[oslo_concurrency]

 

disable_process_locking = False

(Boolean) Enables or disables inter-process locks.

lock_path = None

(String) Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set.

[oslo_messaging]

 

event_stream_topic = neutron_lbaas_event

(String) topic name for receiving events from a queue

[oslo_messaging_amqp]

 

allow_insecure_clients = False

(Boolean) Accept clients using either SSL or plain TCP

broadcast_prefix = broadcast

(String) address prefix used when broadcasting to all servers

container_name = None

(String) Name for the AMQP container

group_request_prefix = unicast

(String) address prefix when sending to any server in group

idle_timeout = 0

(Integer) Timeout for inactive connections (in seconds)

password =

(String) Password for message broker authentication

sasl_config_dir =

(String) Path to directory that contains the SASL configuration

sasl_config_name =

(String) Name of configuration file (without .conf suffix)

sasl_mechanisms =

(String) Space separated list of acceptable SASL mechanisms

server_request_prefix = exclusive

(String) address prefix used when sending to a specific server

ssl_ca_file =

(String) CA certificate PEM file to verify server certificate

ssl_cert_file =

(String) Identifying certificate PEM file to present to clients

ssl_key_file =

(String) Private key PEM file used to sign cert_file certificate

ssl_key_password = None

(String) Password for decrypting ssl_key_file (if encrypted)

trace = False

(Boolean) Debug: dump AMQP frames to stdout

username =

(String) User name for message broker authentication

[oslo_messaging_notifications]

 

driver = []

(Multi-valued) The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop

topics = notifications

(List) AMQP topic used for OpenStack notifications.

transport_url = None

(String) A URL representing the messaging driver to use for notifications. If not set, we fall back to the same configuration used for RPC.

[upgrade_levels]

 

baseapi = None

(String) Set a version cap for messages sent to the base api in any service

Chapter 2. Bare Metal

The Bare metal service is capable of managing and provisioning physical machines. The configuration file of this module is /etc/ironic/ironic.conf.

2.1. Bare Metal Configuration Options

Note

The common configurations for shared services and libraries, such as database connections and RPC messaging, are described at Common configurations.

2.1.1. Description of Configuration Options

The following tables provide a comprehensive list of the Bare metal service configuration options.

Table 2.1. Description of agent configuration options

Configuration option = Default valueDescription

[agent]

 

agent_api_version = v1

(String) API version to use for communicating with the ramdisk agent.

deploy_logs_collect = on_failure

(String) Whether Ironic should collect the deployment logs on deployment failure (on_failure), always or never.

deploy_logs_local_path = /var/log/ironic/deploy

(String) The path to the directory where the logs should be stored, used when the deploy_logs_storage_backend is configured to "local".

deploy_logs_storage_backend = local

(String) The name of the storage backend where the logs will be stored.

deploy_logs_swift_container = ironic_deploy_logs_container

(String) The name of the Swift container to store the logs, used when the deploy_logs_storage_backend is configured to "swift".

deploy_logs_swift_days_to_expire = 30

(Integer) Number of days before a log object is marked as expired in Swift. If None, the logs will be kept forever or until manually deleted. Used when the deploy_logs_storage_backend is configured to "swift".

manage_agent_boot = True

(Boolean) Whether Ironic will manage booting of the agent ramdisk. If set to False, you will need to configure your mechanism to allow booting the agent ramdisk.

memory_consumed_by_agent = 0

(Integer) The memory size in MiB consumed by agent when it is booted on a bare metal node. This is used for checking if the image can be downloaded and deployed on the bare metal node after booting agent ramdisk. This may be set according to the memory consumed by the agent ramdisk image.

post_deploy_get_power_state_retries = 6

(Integer) Number of times to retry getting power state to check if bare metal node has been powered off after a soft power off.

post_deploy_get_power_state_retry_interval = 5

(Integer) Amount of time (in seconds) to wait between polling power state after trigger soft poweroff.

stream_raw_images = True

(Boolean) Whether the agent ramdisk should stream raw images directly onto the disk or not. By streaming raw images directly onto the disk the agent ramdisk will not spend time copying the image to a tmpfs partition (therefore consuming less memory) prior to writing it to the disk. Unless the disk where the image will be copied to is really slow, this option should be set to True. Defaults to True.

Table 2.2. Description of AMT configuration options

Configuration option = Default valueDescription

[amt]

 

action_wait = 10

(Integer) Amount of time (in seconds) to wait, before retrying an AMT operation

awake_interval = 60

(Integer) Time interval (in seconds) for successive awake call to AMT interface, this depends on the IdleTimeout setting on AMT interface. AMT Interface will go to sleep after 60 seconds of inactivity by default. IdleTimeout=0 means AMT will not go to sleep at all. Setting awake_interval=0 will disable awake call.

max_attempts = 3

(Integer) Maximum number of times to attempt an AMT operation, before failing

protocol = http

(String) Protocol used for AMT endpoint

Table 2.3. Description of API configuration options

Configuration option = Default valueDescription

[api]

 

api_workers = None

(Integer) Number of workers for OpenStack Ironic API service. The default is equal to the number of CPUs available if that can be determined, else a default worker count of 1 is returned.

enable_ssl_api = False

(Boolean) Enable the integrated stand-alone API to service requests via HTTPS instead of HTTP. If there is a front-end service performing HTTPS offloading from the service, this option should be False; note, you will want to change public API endpoint to represent SSL termination URL with 'public_endpoint' option.

host_ip = 0.0.0.0

(String) The IP address on which ironic-api listens.

max_limit = 1000

(Integer) The maximum number of items returned in a single response from a collection resource.

port = 6385

(Port number) The TCP port on which ironic-api listens.

public_endpoint = None

(String) Public URL to use when building the links to the API resources (for example, "https://ironic.rocks:6384"). If None the links will be built using the request’s host URL. If the API is operating behind a proxy, you will want to change this to represent the proxy’s URL. Defaults to None.

ramdisk_heartbeat_timeout = 300

(Integer) Maximum interval (in seconds) for agent heartbeats.

restrict_lookup = True

(Boolean) Whether to restrict the lookup API to only nodes in certain states.

[oslo_middleware]

 

enable_proxy_headers_parsing = False

(Boolean) Whether the application is behind a proxy or not. This determines if the middleware should parse the headers or not.

max_request_body_size = 114688

(Integer) The maximum body size for each request, in bytes.

secure_proxy_ssl_header = X-Forwarded-Proto

(String) DEPRECATED: The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by a SSL termination proxy.

[oslo_versionedobjects]

 

fatal_exception_format_errors = False

(Boolean) Make exception message format errors fatal

Table 2.4. Description of audit configuration options

Configuration option = Default valueDescription

[audit]

 

audit_map_file = /etc/ironic/api_audit_map.conf

(String) Path to audit map file for ironic-api service. Used only when API audit is enabled.

enabled = False

(Boolean) Enable auditing of API requests (for ironic-api service).

ignore_req_list =

(String) Comma separated list of Ironic REST API HTTP methods to be ignored during audit logging. For example: auditing will not be done on any GET or POST requests if this is set to "GET,POST". It is used only when API audit is enabled.

namespace = openstack

(String) namespace prefix for generated id

[audit_middleware_notifications]

 

driver = None

(String) The Driver to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop. If not specified, then value from oslo_messaging_notifications conf section is used.

topics = None

(List) List of AMQP topics used for OpenStack notifications. If not specified, then value from oslo_messaging_notifications conf section is used.

transport_url = None

(String) A URL representing messaging driver to use for notification. If not specified, we fall back to the same configuration used for RPC.

Table 2.5. Description of Cisco UCS configuration options

Configuration option = Default valueDescription

[cimc]

 

action_interval = 10

(Integer) Amount of time in seconds to wait in between power operations

max_retry = 6

(Integer) Number of times a power operation needs to be retried

[cisco_ucs]

 

action_interval = 5

(Integer) Amount of time in seconds to wait in between power operations

max_retry = 6

(Integer) Number of times a power operation needs to be retried

Table 2.6. Description of common configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

bindir = /usr/local/bin

(String) Directory where ironic binaries are installed.

debug_tracebacks_in_api = False

(Boolean) Return server tracebacks in the API response for any error responses. WARNING: this is insecure and should not be used in a production environment.

default_boot_interface = None

(String) Default boot interface to be used for nodes that do not have boot_interface field set. A complete list of boot interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.boot" entrypoint.

default_console_interface = None

(String) Default console interface to be used for nodes that do not have console_interface field set. A complete list of console interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.console" entrypoint.

default_deploy_interface = None

(String) Default deploy interface to be used for nodes that do not have deploy_interface field set. A complete list of deploy interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.deploy" entrypoint.

default_inspect_interface = None

(String) Default inspect interface to be used for nodes that do not have inspect_interface field set. A complete list of inspect interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.inspect" entrypoint.

default_management_interface = None

(String) Default management interface to be used for nodes that do not have management_interface field set. A complete list of management interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.management" entrypoint.

default_network_interface = None

(String) Default network interface to be used for nodes that do not have network_interface field set. A complete list of network interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.network" entrypoint.

default_portgroup_mode = active-backup

(String) Default mode for portgroups. Allowed values can be found in the linux kernel documentation on bonding: https://www.kernel.org/doc/Documentation/networking/bonding.txt.

default_power_interface = None

(String) Default power interface to be used for nodes that do not have power_interface field set. A complete list of power interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.power" entrypoint.

default_raid_interface = None

(String) Default raid interface to be used for nodes that do not have raid_interface field set. A complete list of raid interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.raid" entrypoint.

default_vendor_interface = None

(String) Default vendor interface to be used for nodes that do not have vendor_interface field set. A complete list of vendor interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.vendor" entrypoint.

enabled_boot_interfaces = pxe

(List) Specify the list of boot interfaces to load during service initialization. Missing boot interfaces, or boot interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one boot interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented boot interfaces. A complete list of boot interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.boot" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled boot interfaces on every ironic-conductor service.

enabled_console_interfaces = no-console

(List) Specify the list of console interfaces to load during service initialization. Missing console interfaces, or console interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one console interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented console interfaces. A complete list of console interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.console" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled console interfaces on every ironic-conductor service.

enabled_deploy_interfaces = iscsi, direct

(List) Specify the list of deploy interfaces to load during service initialization. Missing deploy interfaces, or deploy interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one deploy interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented deploy interfaces. A complete list of deploy interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.deploy" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled deploy interfaces on every ironic-conductor service.

enabled_drivers = pxe_ipmitool

(List) Specify the list of drivers to load during service initialization. Missing drivers, or drivers which fail to initialize, will prevent the conductor service from starting. The option default is a recommended set of production-oriented drivers. A complete list of drivers present on your system may be found by enumerating the "ironic.drivers" entrypoint. An example may be found in the developer documentation online.

enabled_hardware_types = ipmi

(List) Specify the list of hardware types to load during service initialization. Missing hardware types, or hardware types which fail to initialize, will prevent the conductor service from starting. This option defaults to a recommended set of production-oriented hardware types. A complete list of hardware types present on your system may be found by enumerating the "ironic.hardware.types" entrypoint.

enabled_inspect_interfaces = no-inspect

(List) Specify the list of inspect interfaces to load during service initialization. Missing inspect interfaces, or inspect interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one inspect interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented inspect interfaces. A complete list of inspect interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.inspect" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled inspect interfaces on every ironic-conductor service.

enabled_management_interfaces = ipmitool

(List) Specify the list of management interfaces to load during service initialization. Missing management interfaces, or management interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one management interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented management interfaces. A complete list of management interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.management" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled management interfaces on every ironic-conductor service.

enabled_network_interfaces = flat, noop

(List) Specify the list of network interfaces to load during service initialization. Missing network interfaces, or network interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one network interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented network interfaces. A complete list of network interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.network" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled network interfaces on every ironic-conductor service.

enabled_power_interfaces = ipmitool

(List) Specify the list of power interfaces to load during service initialization. Missing power interfaces, or power interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one power interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented power interfaces. A complete list of power interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.power" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled power interfaces on every ironic-conductor service.

enabled_raid_interfaces = agent, no-raid

(List) Specify the list of raid interfaces to load during service initialization. Missing raid interfaces, or raid interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one raid interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented raid interfaces. A complete list of raid interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.raid" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled raid interfaces on every ironic-conductor service.

enabled_storage_interfaces = noop

(List) Specify the list of storage interfaces to load during service initialization. Missing storage interfaces, or storage interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one storage interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented storage interfaces. A complete list of storage interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.storage" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled storage interfaces on every ironic-conductor service.

enabled_vendor_interfaces = no-vendor

(List) Specify the list of vendor interfaces to load during service initialization. Missing vendor interfaces, or vendor interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one vendor interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented vendor interfaces. A complete list of vendor interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.vendor" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled vendor interfaces on every ironic-conductor service.

executor_thread_pool_size = 64

(Integer) Size of executor thread pool.

fatal_exception_format_errors = False

(Boolean) Used if there is a formatting error when generating an exception message (a programming error). If True, raise an exception; if False, use the unformatted message.

force_raw_images = True

(Boolean) If True, convert backing images to "raw" disk image format.

grub_config_template = $pybasedir/common/grub_conf.template

(String) Template file for grub configuration file.

hash_distribution_replicas = 1

(Integer) [Experimental Feature] Number of hosts to map onto each hash partition. Setting this to more than one will cause additional conductor services to prepare deployment environments and potentially allow the Ironic cluster to recover more quickly if a conductor instance is terminated.

hash_partition_exponent = 5

(Integer) Exponent to determine number of hash partitions to use when distributing load across conductors. Larger values will result in more even distribution of load and less load when rebalancing the ring, but more memory usage. Number of partitions per conductor is (2^hash_partition_exponent). This determines the granularity of rebalancing: given 10 hosts, and an exponent of the 2, there are 40 partitions in the ring.A few thousand partitions should make rebalancing smooth in most cases. The default is suitable for up to a few hundred conductors. Configuring for too many partitions has a negative impact on CPU usage.

hash_ring_reset_interval = 180

(Integer) Interval (in seconds) between hash ring resets.

host = localhost

(String) Name of this node. This can be an opaque identifier. It is not necessarily a hostname, FQDN, or IP address. However, the node name must be valid within an AMQP key, and if using ZeroMQ, a valid hostname, FQDN, or IP address.

isolinux_bin = /usr/lib/syslinux/isolinux.bin

(String) Path to isolinux binary file.

isolinux_config_template = $pybasedir/common/isolinux_config.template

(String) Template file for isolinux configuration file.

my_ip = 127.0.0.1

(String) IP address of this host. If unset, will determine the IP programmatically. If unable to do so, will use "127.0.0.1".

notification_level = None

(String) Specifies the minimum level for which to send notifications. If not set, no notifications will be sent. The default is for this option to be unset.

parallel_image_downloads = False

(Boolean) Run image downloads and raw format conversions in parallel.

pybasedir = /usr/lib/python/site-packages/ironic/ironic

(String) Directory where the ironic python module is installed.

rootwrap_config = /etc/ironic/rootwrap.conf

(String) Path to the rootwrap configuration file to use for running commands as root.

state_path = $pybasedir

(String) Top-level directory for maintaining ironic’s state.

tempdir = /tmp

(String) Temporary working directory, default is Python temp dir.

[healthcheck]

 

backends =

(List) Additional backends that can perform health checks and report that information back as part of a request.

detailed = False

(Boolean) Show more detailed information as part of the response

disable_by_file_path = None

(String) Check the presence of a file to determine if an application is running on a port. Used by DisableByFileHealthcheck plugin.

disable_by_file_paths =

(List) Check the presence of a file based on a port to determine if an application is running on a port. Expects a "port:path" list of strings. Used by DisableByFilesPortsHealthcheck plugin.

path = /healthcheck

(String) DEPRECATED: The path to respond to healtcheck requests on.

[ironic_lib]

 

fatal_exception_format_errors = False

(Boolean) Make exception message format errors fatal.

root_helper = sudo ironic-rootwrap /etc/ironic/rootwrap.conf

(String) Command that is prefixed to commands that are run as root. If not specified, no commands are run as root.

Table 2.7. Description of conductor configuration options

Configuration option = Default valueDescription

[conductor]

 

api_url = None

(String) URL of Ironic API service. If not set ironic can get the current value from the keystone service catalog. If set, the value must start with either http:// or https://.

automated_clean = True

(Boolean) Enables or disables automated cleaning. Automated cleaning is a configurable set of steps, such as erasing disk drives, that are performed on the node to ensure it is in a baseline state and ready to be deployed to. This is done after instance deletion as well as during the transition from a "manageable" to "available" state. When enabled, the particular steps performed to clean a node depend on which driver that node is managed by; see the individual driver’s documentation for details. NOTE: The introduction of the cleaning operation causes instance deletion to take significantly longer. In an environment where all tenants are trusted (eg, because there is only one tenant), this option could be safely disabled.

check_provision_state_interval = 60

(Integer) Interval between checks of provision timeouts, in seconds.

clean_callback_timeout = 1800

(Integer) Timeout (seconds) to wait for a callback from the ramdisk doing the cleaning. If the timeout is reached the node will be put in the "clean failed" provision state. Set to 0 to disable timeout.

configdrive_swift_container = ironic_configdrive_container

(String) Name of the Swift container to store config drive data. Used when configdrive_use_swift is True.

configdrive_use_swift = False

(Boolean) Whether to upload the config drive to Swift.

deploy_callback_timeout = 1800

(Integer) Timeout (seconds) to wait for a callback from a deploy ramdisk. Set to 0 to disable timeout.

force_power_state_during_sync = True

(Boolean) During sync_power_state, should the hardware power state be set to the state recorded in the database (True) or should the database be updated based on the hardware state (False).

heartbeat_interval = 10

(Integer) Seconds between conductor heart beats.

heartbeat_timeout = 60

(Integer) Maximum time (in seconds) since the last check-in of a conductor. A conductor is considered inactive when this time has been exceeded.

inspect_timeout = 1800

(Integer) Timeout (seconds) for waiting for node inspection. 0 - unlimited.

node_locked_retry_attempts = 3

(Integer) Number of attempts to grab a node lock.

node_locked_retry_interval = 1

(Integer) Seconds to sleep between node lock attempts.

periodic_max_workers = 8

(Integer) Maximum number of worker threads that can be started simultaneously by a periodic task. Should be less than RPC thread pool size.

power_state_sync_max_retries = 3

(Integer) During sync_power_state failures, limit the number of times Ironic should try syncing the hardware node power state with the node power state in DB

send_sensor_data = False

(Boolean) Enable sending sensor data message via the notification bus

send_sensor_data_interval = 600

(Integer) Seconds between conductor sending sensor data message to ceilometer via the notification bus.

send_sensor_data_types = ALL

(List) List of comma separated meter types which need to be sent to Ceilometer. The default value, "ALL", is a special value meaning send all the sensor data.

send_sensor_data_wait_timeout = 300

(Integer) The time in seconds to wait for send sensors data periodic task to be finished before allowing periodic call to happen again. Should be less than send_sensor_data_interval value.

send_sensor_data_workers = 4

(Integer) The maximum number of workers that can be started simultaneously for send data from sensors periodic task.

soft_power_off_timeout = 600

(Integer) Timeout (in seconds) of soft reboot and soft power off operation. This value always has to be positive.

sync_local_state_interval = 180

(Integer) When conductors join or leave the cluster, existing conductors may need to update any persistent local state as nodes are moved around the cluster. This option controls how often, in seconds, each conductor will check for nodes that it should "take over". Set it to a negative value to disable the check entirely.

sync_power_state_interval = 60

(Integer) Interval between syncing the node power state to the database, in seconds.

workers_pool_size = 100

(Integer) The size of the workers greenthread pool. Note that 2 threads will be reserved by the conductor itself for handling heart beats and periodic tasks.

Table 2.8. Description of console configuration options

Configuration option = Default valueDescription

[console]

 

subprocess_checking_interval = 1

(Integer) Time interval (in seconds) for checking the status of console subprocess.

subprocess_timeout = 10

(Integer) Time (in seconds) to wait for the console subprocess to start.

terminal = shellinaboxd

(String) Path to serial console terminal program. Used only by Shell In A Box console.

terminal_cert_dir = None

(String) Directory containing the terminal SSL cert (PEM) for serial console access. Used only by Shell In A Box console.

terminal_pid_dir = None

(String) Directory for holding terminal pid files. If not specified, the temporary directory will be used.

Table 2.9. Description of logging configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

pecan_debug = False

(Boolean) Enable pecan debug mode. WARNING: this is insecure and should not be used in a production environment.

Table 2.10. Description of deploy configuration options

Configuration option = Default valueDescription

[deploy]

 

continue_if_disk_secure_erase_fails = False

(Boolean) Defines what to do if an ATA secure erase operation fails during cleaning in the Ironic Python Agent. If False, the cleaning operation will fail and the node will be put in clean failed state. If True, shred will be invoked and cleaning will continue.

default_boot_option = None

(String) Default boot option to use when no boot option is requested in node’s driver_info. Currently the default is "netboot", but it will be changed to "local" in the future. It is recommended to set an explicit value for this option.

erase_devices_metadata_priority = None

(Integer) Priority to run in-band clean step that erases metadata from devices, via the Ironic Python Agent ramdisk. If unset, will use the priority set in the ramdisk (defaults to 99 for the GenericHardwareManager). If set to 0, will not run during cleaning.

erase_devices_priority = None

(Integer) Priority to run in-band erase devices via the Ironic Python Agent ramdisk. If unset, will use the priority set in the ramdisk (defaults to 10 for the GenericHardwareManager). If set to 0, will not run during cleaning.

http_root = /httpboot

(String) ironic-conductor node’s HTTP root path.

http_url = None

(String) ironic-conductor node’s HTTP server URL. Example: http://192.1.2.3:8080

power_off_after_deploy_failure = True

(Boolean) Whether to power off a node after deploy failure. Defaults to True.

shred_final_overwrite_with_zeros = True

(Boolean) Whether to write zeros to a node’s block devices after writing random data. This will write zeros to the device even when deploy.shred_random_overwrite_iterations is 0. This option is only used if a device could not be ATA Secure Erased. Defaults to True.

shred_random_overwrite_iterations = 1

(Integer) During shred, overwrite all block devices N times with random data. This is only used if a device could not be ATA Secure Erased. Defaults to 1.

Table 2.11. Description of DHCP configuration options

Configuration option = Default valueDescription

[dhcp]

 

dhcp_provider = neutron

(String) DHCP provider to use. "neutron" uses Neutron, and "none" uses a no-op provider.

Table 2.12. Description of disk partitioner configuration options

Configuration option = Default valueDescription

[disk_partitioner]

 

check_device_interval = 1

(Integer) After Ironic has completed creating the partition table, it continues to check for activity on the attached iSCSI device status at this interval prior to copying the image to the node, in seconds

check_device_max_retries = 20

(Integer) The maximum number of times to check that the device is not accessed by another process. If the device is still busy after that, the disk partitioning will be treated as having failed.

[disk_utils]

 

bios_boot_partition_size = 1

(Integer) Size of BIOS Boot partition in MiB when configuring GPT partitioned systems for local boot in BIOS.

dd_block_size = 1M

(String) Block size to use when writing to the nodes disk.

efi_system_partition_size = 200

(Integer) Size of EFI system partition in MiB when configuring UEFI systems for local boot.

iscsi_verify_attempts = 3

(Integer) Maximum attempts to verify an iSCSI connection is active, sleeping 1 second between attempts.

Table 2.13. Description of DRAC configuration options

Configuration option = Default valueDescription

[drac]

 

query_raid_config_job_status_interval = 120

(Integer) Interval (in seconds) between periodic RAID job status checks to determine whether the asynchronous RAID configuration was successfully finished or not.

Table 2.14. Description of glance configuration options

Configuration option = Default valueDescription

[glance]

 

allowed_direct_url_schemes =

(List) A list of URL schemes that can be downloaded directly via the direct_url. Currently supported schemes: [file].

auth_section = None

(Unknown) Config Section from which to load plugin specific options

auth_strategy = keystone

(String) Authentication strategy to use when connecting to glance.

auth_type = None

(Unknown) Authentication type to load

cafile = None

(String) PEM encoded Certificate Authority to use when verifying HTTPs connections.

certfile = None

(String) PEM encoded client certificate cert file

glance_api_insecure = False

(Boolean) Allow to perform insecure SSL (https) requests to glance.

glance_api_servers = None

(List) A list of the glance api servers available to ironic. Prefix with https:// for SSL-based glance API servers. Format is [hostname|IP]:port.

glance_api_version = 2

(Integer) Glance API version to use. Only version 2 is supported.

glance_cafile = None

(String) Optional path to a CA certificate bundle to be used to validate the SSL certificate served by glance. It is used when glance_api_insecure is set to False.

glance_host = $my_ip

(String) Default glance hostname or IP address.

glance_num_retries = 0

(Integer) Number of retries when downloading an image from glance.

glance_port = 9292

(Port number) Default glance port.

glance_protocol = http

(String) Default protocol to use when connecting to glance. Set to https for SSL.

insecure = False

(Boolean) Verify HTTPS connections.

keyfile = None

(String) PEM encoded client certificate key file

swift_account = None

(String) The account that Glance uses to communicate with Swift. The format is "AUTH_uuid". "uuid" is the UUID for the account configured in the glance-api.conf. Required for temporary URLs when Glance backend is Swift. For example: "AUTH_a422b2-91f3-2f46-74b7-d7c9e8958f5d30". Swift temporary URL format: "endpoint_url/api_version/[account/]container/object_id"

swift_api_version = v1

(String) The Swift API version to create a temporary URL for. Defaults to "v1". Swift temporary URL format: "endpoint_url/api_version/[account/]container/object_id"

swift_container = glance

(String) The Swift container Glance is configured to store its images in. Defaults to "glance", which is the default in glance-api.conf. Swift temporary URL format: "endpoint_url/api_version/[account/]container/object_id"

swift_endpoint_url = None

(String) The "endpoint" (scheme, hostname, optional port) for the Swift URL of the form "endpoint_url/api_version/[account/]container/object_id". Do not include trailing "/". For example, use "https://swift.example.com". If using RADOS Gateway, endpoint may also contain /swift path; if it does not, it will be appended. Required for temporary URLs.

swift_store_multiple_containers_seed = 0

(Integer) This should match a config by the same name in the Glance configuration file. When set to 0, a single-tenant store will only use one container to store all images. When set to an integer value between 1 and 32, a single-tenant store will use multiple containers to store images, and this value will determine how many containers are created.

swift_temp_url_cache_enabled = False

(Boolean) Whether to cache generated Swift temporary URLs. Setting it to true is only useful when an image caching proxy is used. Defaults to False.

swift_temp_url_duration = 1200

(Integer) The length of time in seconds that the temporary URL will be valid for. Defaults to 20 minutes. If some deploys get a 401 response code when trying to download from the temporary URL, try raising this duration. This value must be greater than or equal to the value for swift_temp_url_expected_download_start_delay

swift_temp_url_expected_download_start_delay = 0

(Integer) This is the delay (in seconds) from the time of the deploy request (when the Swift temporary URL is generated) to when the IPA ramdisk starts up and URL is used for the image download. This value is used to check if the Swift temporary URL duration is large enough to let the image download begin. Also if temporary URL caching is enabled this will determine if a cached entry will still be valid when the download starts. swift_temp_url_duration value must be greater than or equal to this option’s value. Defaults to 0.

swift_temp_url_key = None

(String) The secret token given to Swift to allow temporary URL downloads. Required for temporary URLs.

temp_url_endpoint_type = swift

(String) Type of endpoint to use for temporary URLs. If the Glance backend is Swift, use "swift"; if it is CEPH with RADOS gateway, use "radosgw".

timeout = None

(Integer) Timeout value for http requests

Table 2.15. Description of iBoot Web Power Switch configuration options

Configuration option = Default valueDescription

[iboot]

 

max_retry = 3

(Integer) Maximum retries for iBoot operations

reboot_delay = 5

(Integer) Time (in seconds) to sleep between when rebooting (powering off and on again).

retry_interval = 1

(Integer) Time (in seconds) between retry attempts for iBoot operations

Table 2.16. Description of iLO configuration options

Configuration option = Default valueDescription

[ilo]

 

ca_file = None

(String) CA certificate file to validate iLO.

clean_priority_clear_secure_boot_keys = 0

(Integer) Priority for clear_secure_boot_keys clean step. This step is not enabled by default. It can be enabled to clear all secure boot keys enrolled with iLO.

clean_priority_erase_devices = None

(Integer) DEPRECATED: Priority for erase devices clean step. If unset, it defaults to 10. If set to 0, the step will be disabled and will not run during cleaning. This configuration option is duplicated by [deploy] erase_devices_priority, please use that instead.

clean_priority_reset_bios_to_default = 10

(Integer) Priority for reset_bios_to_default clean step.

clean_priority_reset_ilo = 0

(Integer) Priority for reset_ilo clean step.

clean_priority_reset_ilo_credential = 30

(Integer) Priority for reset_ilo_credential clean step. This step requires "ilo_change_password" parameter to be updated in nodes’s driver_info with the new password.

clean_priority_reset_secure_boot_keys_to_default = 20

(Integer) Priority for reset_secure_boot_keys clean step. This step will reset the secure boot keys to manufacturing defaults.

client_port = 443

(Port number) Port to be used for iLO operations

client_timeout = 60

(Integer) Timeout (in seconds) for iLO operations

default_boot_mode = auto

(String) Default boot mode to be used in provisioning when "boot_mode" capability is not provided in the "properties/capabilities" of the node. The default is "auto" for backward compatibility. When "auto" is specified, default boot mode will be selected based on boot mode settings on the system.

power_retry = 6

(Integer) Number of times a power operation needs to be retried

power_wait = 2

(Integer) Amount of time in seconds to wait in between power operations

swift_ilo_container = ironic_ilo_container

(String) The Swift iLO container to store data.

swift_object_expiry_timeout = 900

(Integer) Amount of time in seconds for Swift objects to auto-expire.

use_web_server_for_images = False

(Boolean) Set this to True to use http web server to host floppy images and generated boot ISO. This requires http_root and http_url to be configured in the [deploy] section of the config file. If this is set to False, then Ironic will use Swift to host the floppy images and generated boot_iso.

Table 2.17. Description of inspector configuration options

Configuration option = Default valueDescription

[inspector]

 

auth_section = None

(Unknown) Config Section from which to load plugin specific options

auth_type = None

(Unknown) Authentication type to load

cafile = None

(String) PEM encoded Certificate Authority to use when verifying HTTPs connections.

certfile = None

(String) PEM encoded client certificate cert file

enabled = False

(Boolean) whether to enable inspection using ironic-inspector. This option does not affect new-style dynamic drivers and the fake_inspector driver.

insecure = False

(Boolean) Verify HTTPS connections.

keyfile = None

(String) PEM encoded client certificate key file

service_url = None

(String) ironic-inspector HTTP endpoint. If this is not set, the service catalog will be used.

status_check_period = 60

(Integer) period (in seconds) to check status of nodes on inspection

timeout = None

(Integer) Timeout value for http requests

Table 2.18. Description of IPMI configuration options

Configuration option = Default valueDescription

[ipmi]

 

min_command_interval = 5

(Integer) Minimum time, in seconds, between IPMI operations sent to a server. There is a risk with some hardware that setting this too low may cause the BMC to crash. Recommended setting is 5 seconds.

retry_timeout = 60

(Integer) Maximum time in seconds to retry IPMI operations. There is a tradeoff when setting this value. Setting this too low may cause older BMCs to crash and require a hard reset. However, setting too high can cause the sync power state periodic task to hang when there are slow or unresponsive BMCs.

Table 2.19. Description of iRMC configuration options

Configuration option = Default valueDescription

[irmc]

 

auth_method = basic

(String) Authentication method to be used for iRMC operations

client_timeout = 60

(Integer) Timeout (in seconds) for iRMC operations

port = 443

(Port number) Port to be used for iRMC operations

remote_image_server = None

(String) IP of remote image server

remote_image_share_name = share

(String) share name of remote_image_server

remote_image_share_root = /remote_image_share_root

(String) Ironic conductor node’s "NFS" or "CIFS" root path

remote_image_share_type = CIFS

(String) Share type of virtual media

remote_image_user_domain =

(String) Domain name of remote_image_user_name

remote_image_user_name = None

(String) User name of remote_image_server

remote_image_user_password = None

(String) Password of remote_image_user_name

sensor_method = ipmitool

(String) Sensor data retrieval method.

snmp_community = public

(String) SNMP community. Required for versions "v1" and "v2c"

snmp_polling_interval = 10

(Integer) SNMP polling interval in seconds

snmp_port = 161

(Port number) SNMP port

snmp_security = None

(String) SNMP security name. Required for version "v3"

snmp_version = v2c

(String) SNMP protocol version

Table 2.20. Description of iSCSI configuration options

Configuration option = Default valueDescription

[iscsi]

 

portal_port = 3260

(Port number) The port number on which the iSCSI portal listens for incoming connections.

Table 2.21. Description of keystone configuration options

Configuration option = Default valueDescription

[keystone]

 

region_name = None

(String) The region used for getting endpoints of OpenStack services.

Table 2.22. Description of metrics configuration options

Configuration option = Default valueDescription

[metrics]

 

agent_backend = noop

(String) Backend for the agent ramdisk to use for metrics. Default possible backends are "noop" and "statsd".

agent_global_prefix = None

(String) Prefix all metric names sent by the agent ramdisk with this value. The format of metric names is [global_prefix.][uuid.][host_name.]prefix.metric_name.

agent_prepend_host = False

(Boolean) Prepend the hostname to all metric names sent by the agent ramdisk. The format of metric names is [global_prefix.][uuid.][host_name.]prefix.metric_name.

agent_prepend_host_reverse = True

(Boolean) Split the prepended host value by "." and reverse it for metrics sent by the agent ramdisk (to better match the reverse hierarchical form of domain names).

agent_prepend_uuid = False

(Boolean) Prepend the node’s Ironic uuid to all metric names sent by the agent ramdisk. The format of metric names is [global_prefix.][uuid.][host_name.]prefix.metric_name.

backend = noop

(String) Backend to use for the metrics system.

global_prefix = None

(String) Prefix all metric names with this value. By default, there is no global prefix. The format of metric names is [global_prefix.][host_name.]prefix.metric_name.

prepend_host = False

(Boolean) Prepend the hostname to all metric names. The format of metric names is [global_prefix.][host_name.]prefix.metric_name.

prepend_host_reverse = True

(Boolean) Split the prepended host value by "." and reverse it (to better match the reverse hierarchical form of domain names).

Table 2.23. Description of metrics configuration options specific to statsd backend

Configuration option = Default valueDescription

[metrics_statsd]

 

agent_statsd_host = localhost

(String) Host for the agent ramdisk to use with the statsd backend. This must be accessible from networks the agent is booted on.

agent_statsd_port = 8125

(Port number) Port for the agent ramdisk to use with the statsd backend.

statsd_host = localhost

(String) Host for use with the statsd backend.

statsd_port = 8125

(Port number) Port to use with the statsd backend.

Table 2.24. Description of neutron configuration options

Configuration option = Default valueDescription

[neutron]

 

auth_section = None

(Unknown) Config Section from which to load plugin specific options

auth_strategy = keystone

(String) Authentication strategy to use when connecting to neutron. Running neutron in noauth mode (related to but not affected by this setting) is insecure and should only be used for testing.

auth_type = None

(Unknown) Authentication type to load

cafile = None

(String) PEM encoded Certificate Authority to use when verifying HTTPs connections.

certfile = None

(String) PEM encoded client certificate cert file

cleaning_network = None

(String) Neutron network UUID or name for the ramdisk to be booted into for cleaning nodes. Required for "neutron" network interface. It is also required if cleaning nodes when using "flat" network interface or "neutron" DHCP provider. If a name is provided, it must be unique among all networks or cleaning will fail.

cleaning_network_security_groups =

(List) List of Neutron Security Group UUIDs to be applied during cleaning of the nodes. Optional for the "neutron" network interface and not used for the "flat" or "noop" network interfaces. If not specified, default security group is used.

insecure = False

(Boolean) Verify HTTPS connections.

keyfile = None

(String) PEM encoded client certificate key file

port_setup_delay = 0

(Integer) Delay value to wait for Neutron agents to setup sufficient DHCP configuration for port.

provisioning_network = None

(String) Neutron network UUID or name for the ramdisk to be booted into for provisioning nodes. Required for "neutron" network interface. If a name is provided, it must be unique among all networks or deploy will fail.

provisioning_network_security_groups =

(List) List of Neutron Security Group UUIDs to be applied during provisioning of the nodes. Optional for the "neutron" network interface and not used for the "flat" or "noop" network interfaces. If not specified, default security group is used.

retries = 3

(Integer) Client retries in the case of a failed request.

timeout = None

(Integer) Timeout value for http requests

url = None

(String) URL for connecting to neutron. Default value translates to 'http://$my_ip:9696' when auth_strategy is 'noauth', and to discovery from Keystone catalog when auth_strategy is 'keystone'.

url_timeout = 30

(Integer) Timeout value for connecting to neutron in seconds.

Table 2.25. Description of OneView configuration options

Configuration option = Default valueDescription

[oneview]

 

allow_insecure_connections = False

(Boolean) Option to allow insecure connection with OneView.

enable_periodic_tasks = True

(Boolean) Whether to enable the periodic tasks for OneView driver be aware when OneView hardware resources are taken and released by Ironic or OneView users and proactively manage nodes in clean fail state according to Dynamic Allocation model of hardware resources allocation in OneView.

manager_url = None

(String) URL where OneView is available.

max_polling_attempts = 12

(Integer) Max connection retries to check changes on OneView.

password = None

(String) OneView password to be used.

periodic_check_interval = 300

(Integer) Period (in seconds) for periodic tasks to be executed when enable_periodic_tasks=True.

tls_cacert_file = None

(String) Path to CA certificate.

username = None

(String) OneView username to be used.

Table 2.26. Description of PXE configuration options

Configuration option = Default valueDescription

[pxe]

 

default_ephemeral_format = ext4

(String) Default file system format for ephemeral partition, if one is created.

image_cache_size = 20480

(Integer) Maximum size (in MiB) of cache for master images, including those in use.

image_cache_ttl = 10080

(Integer) Maximum TTL (in minutes) for old master images in cache.

images_path = /var/lib/ironic/images/

(String) On the ironic-conductor node, directory where images are stored on disk.

instance_master_path = /var/lib/ironic/master_images

(String) On the ironic-conductor node, directory where master instance images are stored on disk. Setting to <None> disables image caching.

ip_version = 4

(String) The IP version that will be used for PXE booting. Defaults to 4. EXPERIMENTAL

ipxe_boot_script = $pybasedir/drivers/modules/boot.ipxe

(String) On ironic-conductor node, the path to the main iPXE script file.

ipxe_enabled = False

(Boolean) Enable iPXE boot.

ipxe_timeout = 0

(Integer) Timeout value (in seconds) for downloading an image via iPXE. Defaults to 0 (no timeout)

ipxe_use_swift = False

(Boolean) Download deploy images directly from swift using temporary URLs. If set to false (default), images are downloaded to the ironic-conductor node and served over its local HTTP server. Applicable only when 'ipxe_enabled' option is set to true.

pxe_append_params = nofb nomodeset vga=normal

(String) Additional append parameters for baremetal PXE boot.

pxe_bootfile_name = pxelinux.0

(String) Bootfile DHCP parameter.

pxe_bootfile_name_by_arch = {}

(Dict) Bootfile DHCP parameter per node architecture. For example: aarch64:grubaa64.efi

pxe_config_template = $pybasedir/drivers/modules/pxe_config.template

(String) On ironic-conductor node, template file for PXE configuration.

pxe_config_template_by_arch = {}

(Dict) On ironic-conductor node, template file for PXE configuration per node architecture. For example: aarch64:/opt/share/grubaa64_pxe_config.template

tftp_master_path = /tftpboot/master_images

(String) On ironic-conductor node, directory where master TFTP images are stored on disk. Setting to <None> disables image caching.

tftp_root = /tftpboot

(String) ironic-conductor node’s TFTP root path. The ironic-conductor must have read/write access to this path.

tftp_server = $my_ip

(String) IP address of ironic-conductor node’s TFTP server.

uefi_pxe_bootfile_name = bootx64.efi

(String) Bootfile DHCP parameter for UEFI boot mode.

uefi_pxe_config_template = $pybasedir/drivers/modules/pxe_grub_config.template

(String) On ironic-conductor node, template file for PXE configuration for UEFI boot loader.

Table 2.27. Description of Redis configuration options

Configuration option = Default valueDescription

[matchmaker_redis]

 

check_timeout = 20000

(Integer) Time in ms to wait before the transaction is killed.

host = 127.0.0.1

(String) DEPRECATED: Host to locate redis. Replaced by [DEFAULT]/transport_url

password =

(String) DEPRECATED: Password for Redis server (optional). Replaced by [DEFAULT]/transport_url

port = 6379

(Port number) DEPRECATED: Use this port to connect to redis host. Replaced by [DEFAULT]/transport_url

sentinel_group_name = oslo-messaging-zeromq

(String) Redis replica set name.

sentinel_hosts =

(List) DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g., [host:port, host1:port …​ ] Replaced by [DEFAULT]/transport_url

socket_timeout = 10000

(Integer) Timeout in ms on blocking socket operations.

wait_timeout = 2000

(Integer) Time in ms to wait between connection attempts.

Table 2.28. Description of SeaMicro configuration options

Configuration option = Default valueDescription

[seamicro]

 

action_timeout = 10

(Integer) Seconds to wait for power action to be completed

max_retry = 3

(Integer) Maximum retries for SeaMicro operations

Table 2.29. Description of service catalog configuration options

Configuration option = Default valueDescription

[service_catalog]

 

auth_section = None

(Unknown) Config Section from which to load plugin specific options

auth_type = None

(Unknown) Authentication type to load

cafile = None

(String) PEM encoded Certificate Authority to use when verifying HTTPs connections.

certfile = None

(String) PEM encoded client certificate cert file

insecure = False

(Boolean) Verify HTTPS connections.

keyfile = None

(String) PEM encoded client certificate key file

timeout = None

(Integer) Timeout value for http requests

Table 2.30. Description of SNMP configuration options

Configuration option = Default valueDescription

[snmp]

 

power_timeout = 10

(Integer) Seconds to wait for power action to be completed

reboot_delay = 0

(Integer) Time (in seconds) to sleep between when rebooting (powering off and on again)

Table 2.31. Description of SSH configuration options

Configuration option = Default valueDescription

[ssh]

 

get_vm_name_attempts = 3

(Integer) Number of attempts to try to get VM name used by the host that corresponds to a node’s MAC address.

get_vm_name_retry_interval = 3

(Integer) Number of seconds to wait between attempts to get VM name used by the host that corresponds to a node’s MAC address.

libvirt_uri = qemu:///system

(String) libvirt URI.

Table 2.32. Description of swift configuration options

Configuration option = Default valueDescription

[swift]

 

auth_section = None

(Unknown) Config Section from which to load plugin specific options

auth_type = None

(Unknown) Authentication type to load

cafile = None

(String) PEM encoded Certificate Authority to use when verifying HTTPs connections.

certfile = None

(String) PEM encoded client certificate cert file

insecure = False

(Boolean) Verify HTTPS connections.

keyfile = None

(String) PEM encoded client certificate key file

swift_max_retries = 2

(Integer) Maximum number of times to retry a Swift request, before failing.

timeout = None

(Integer) Timeout value for http requests

Table 2.33. Description of VirtualBox configuration options

Configuration option = Default valueDescription

[virtualbox]

 

port = 18083

(Port number) Port on which VirtualBox web service is listening.

2.1.2. New, updated, and deprecated options in Ocata for Bare Metal service

Table 2.34. New options

Option = default value(Type) Help string

[DEFAULT] default_boot_interface = None

(StrOpt) Default boot interface to be used for nodes that do not have boot_interface field set. A complete list of boot interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.boot" entrypoint.

[DEFAULT] default_console_interface = None

(StrOpt) Default console interface to be used for nodes that do not have console_interface field set. A complete list of console interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.console" entrypoint.

[DEFAULT] default_deploy_interface = None

(StrOpt) Default deploy interface to be used for nodes that do not have deploy_interface field set. A complete list of deploy interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.deploy" entrypoint.

[DEFAULT] default_inspect_interface = None

(StrOpt) Default inspect interface to be used for nodes that do not have inspect_interface field set. A complete list of inspect interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.inspect" entrypoint.

[DEFAULT] default_management_interface = None

(StrOpt) Default management interface to be used for nodes that do not have management_interface field set. A complete list of management interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.management" entrypoint.

[DEFAULT] default_portgroup_mode = active-backup

(StrOpt) Default mode for portgroups. Allowed values can be found in the linux kernel documentation on bonding: https://www.kernel.org/doc/Documentation/networking/bonding.txt.

[DEFAULT] default_power_interface = None

(StrOpt) Default power interface to be used for nodes that do not have power_interface field set. A complete list of power interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.power" entrypoint.

[DEFAULT] default_raid_interface = None

(StrOpt) Default raid interface to be used for nodes that do not have raid_interface field set. A complete list of raid interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.raid" entrypoint.

[DEFAULT] default_vendor_interface = None

(StrOpt) Default vendor interface to be used for nodes that do not have vendor_interface field set. A complete list of vendor interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.vendor" entrypoint.

[DEFAULT] enabled_boot_interfaces = pxe

(ListOpt) Specify the list of boot interfaces to load during service initialization. Missing boot interfaces, or boot interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one boot interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented boot interfaces. A complete list of boot interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.boot" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled boot interfaces on every ironic-conductor service.

[DEFAULT] enabled_console_interfaces = no-console

(ListOpt) Specify the list of console interfaces to load during service initialization. Missing console interfaces, or console interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one console interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented console interfaces. A complete list of console interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.console" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled console interfaces on every ironic-conductor service.

[DEFAULT] enabled_deploy_interfaces = iscsi, direct

(ListOpt) Specify the list of deploy interfaces to load during service initialization. Missing deploy interfaces, or deploy interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one deploy interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented deploy interfaces. A complete list of deploy interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.deploy" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled deploy interfaces on every ironic-conductor service.

[DEFAULT] enabled_hardware_types = ipmi

(ListOpt) Specify the list of hardware types to load during service initialization. Missing hardware types, or hardware types which fail to initialize, will prevent the conductor service from starting. This option defaults to a recommended set of production-oriented hardware types. A complete list of hardware types present on your system may be found by enumerating the "ironic.hardware.types" entrypoint.

[DEFAULT] enabled_inspect_interfaces = no-inspect

(ListOpt) Specify the list of inspect interfaces to load during service initialization. Missing inspect interfaces, or inspect interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one inspect interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented inspect interfaces. A complete list of inspect interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.inspect" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled inspect interfaces on every ironic-conductor service.

[DEFAULT] enabled_management_interfaces = ipmitool

(ListOpt) Specify the list of management interfaces to load during service initialization. Missing management interfaces, or management interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one management interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented management interfaces. A complete list of management interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.management" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled management interfaces on every ironic-conductor service.

[DEFAULT] enabled_power_interfaces = ipmitool

(ListOpt) Specify the list of power interfaces to load during service initialization. Missing power interfaces, or power interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one power interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented power interfaces. A complete list of power interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.power" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled power interfaces on every ironic-conductor service.

[DEFAULT] enabled_raid_interfaces = agent, no-raid

(ListOpt) Specify the list of raid interfaces to load during service initialization. Missing raid interfaces, or raid interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one raid interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented raid interfaces. A complete list of raid interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.raid" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled raid interfaces on every ironic-conductor service.

[DEFAULT] enabled_storage_interfaces = noop

(ListOpt) Specify the list of storage interfaces to load during service initialization. Missing storage interfaces, or storage interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one storage interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented storage interfaces. A complete list of storage interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.storage" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled storage interfaces on every ironic-conductor service.

[DEFAULT] enabled_vendor_interfaces = no-vendor

(ListOpt) Specify the list of vendor interfaces to load during service initialization. Missing vendor interfaces, or vendor interfaces which fail to initialize, will prevent the ironic-conductor service from starting. At least one vendor interface that is supported by each enabled hardware type must be enabled here, or the ironic-conductor service will not start. Must not be an empty list. The default value is a recommended set of production-oriented vendor interfaces. A complete list of vendor interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.vendor" entrypoint. When setting this value, please make sure that every enabled hardware type will have the same set of enabled vendor interfaces on every ironic-conductor service.

[conductor] send_sensor_data_wait_timeout = 300

(IntOpt) The time in seconds to wait for send sensors data periodic task to be finished before allowing periodic call to happen again. Should be less than send_sensor_data_interval value.

[conductor] send_sensor_data_workers = 4

(IntOpt) The maximum number of workers that can be started simultaneously for send data from sensors periodic task.

[conductor] soft_power_off_timeout = 600

(IntOpt) Timeout (in seconds) of soft reboot and soft power off operation. This value always has to be positive.

[deploy] default_boot_option = None

(StrOpt) Default boot option to use when no boot option is requested in node’s driver_info. Currently the default is "netboot", but it will be changed to "local" in the future. It is recommended to set an explicit value for this option.

[glance] glance_api_version = 2

(IntOpt) Glance API version to use. Only version 2 is supported.

[irmc] snmp_polling_interval = 10

(IntOpt) SNMP polling interval in seconds

[neutron] cleaning_network = None

(StrOpt) Neutron network UUID or name for the ramdisk to be booted into for cleaning nodes. Required for "neutron" network interface. It is also required if cleaning nodes when using "flat" network interface or "neutron" DHCP provider. If a name is provided, it must be unique among all networks or cleaning will fail.

[neutron] cleaning_network_security_groups =

(ListOpt) List of Neutron Security Group UUIDs to be applied during cleaning of the nodes. Optional for the "neutron" network interface and not used for the "flat" or "noop" network interfaces. If not specified, default security group is used.

[neutron] provisioning_network = None

(StrOpt) Neutron network UUID or name for the ramdisk to be booted into for provisioning nodes. Required for "neutron" network interface. If a name is provided, it must be unique among all networks or deploy will fail.

[neutron] provisioning_network_security_groups =

(ListOpt) List of Neutron Security Group UUIDs to be applied during provisioning of the nodes. Optional for the "neutron" network interface and not used for the "flat" or "noop" network interfaces. If not specified, default security group is used.

[pxe] pxe_bootfile_name_by_arch = {}

(DictOpt) Bootfile DHCP parameter per node architecture. For example: aarch64:grubaa64.efi

[pxe] pxe_config_template_by_arch = {}

(DictOpt) On ironic-conductor node, template file for PXE configuration per node architecture. For example: aarch64:/opt/share/grubaa64_pxe_config.template

Table 2.35. New default values

OptionPrevious default valueNew default value

[audit] audit_map_file

/etc/ironic/ironic_api_audit_map.conf

/etc/ironic/api_audit_map.conf

[audit] ignore_req_list

None

 

Table 2.36. Deprecated options

Deprecated optionNew Option

[DEFAULT] rpc_thread_pool_size

[DEFAULT] executor_thread_pool_size

[DEFAULT] use_syslog

None

[keystone_authtoken] cafile

[glance] cafile

[keystone_authtoken] cafile

[swift] cafile

[keystone_authtoken] cafile

[neutron] cafile

[keystone_authtoken] cafile

[service_catalog] cafile

[keystone_authtoken] cafile

[inspector] cafile

[keystone_authtoken] certfile

[service_catalog] certfile

[keystone_authtoken] certfile

[neutron] certfile

[keystone_authtoken] certfile

[glance] certfile

[keystone_authtoken] certfile

[inspector] certfile

[keystone_authtoken] certfile

[swift] certfile

[keystone_authtoken] insecure

[glance] insecure

[keystone_authtoken] insecure

[inspector] insecure

[keystone_authtoken] insecure

[swift] insecure

[keystone_authtoken] insecure

[service_catalog] insecure

[keystone_authtoken] insecure

[neutron] insecure

[keystone_authtoken] keyfile

[inspector] keyfile

[keystone_authtoken] keyfile

[swift] keyfile

[keystone_authtoken] keyfile

[neutron] keyfile

[keystone_authtoken] keyfile

[glance] keyfile

[keystone_authtoken] keyfile

[service_catalog] keyfile

[neutron] cleaning_network_uuid

[neutron] cleaning_network

[neutron] provisioning_network_uuid

[neutron] provisioning_network

Chapter 3. Block Storage

The OpenStack Block Storage service provides persistent storage for Compute instances, working with many different storage drivers that you can configure.

3.1. Block Storage Configuration Options

Note

The common configurations for shared services and libraries, such as database connections and RPC messaging, are described at Common configurations.

3.1.1. Description of Configuration Options

The following tables provide a comprehensive list of the Block Storage configuration options.

Table 3.1. Description of API configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

api_rate_limit = True

(Boolean) Enables or disables rate limit of the API.

az_cache_duration = 3600

(Integer) Cache volume availability zones in memory for the provided duration in seconds

backend_host = None

(String) Backend override of host value.

default_timeout = 31536000

(Integer) Default timeout for CLI operations in minutes. For example, LUN migration is a typical long running operation, which depends on the LUN size and the load of the array. An upper bound in the specific deployment can be set to avoid unnecessary long wait. By default, it is 365 days long.

enable_v1_api = False

(Boolean) DEPRECATED: Deploy v1 of the Cinder API.

enable_v2_api = True

(Boolean) DEPRECATED: Deploy v2 of the Cinder API.

enable_v3_api = True

(Boolean) Deploy v3 of the Cinder API.

extra_capabilities = {}

(String) User defined capabilities, a JSON formatted string specifying key/value pairs. The key/value pairs can be used by the CapabilitiesFilter to select between backends when requests specify volume types. For example, specifying a service level or the geographical location of a backend, then creating a volume type to allow the user to select by these different properties.

ignore_pool_full_threshold = False

(Boolean) Force LUN creation even if the full threshold of pool is reached. By default, the value is False.

management_ips =

(String) List of Management IP addresses (separated by commas)

message_ttl = 2592000

(Integer) message minimum life in seconds.

osapi_max_limit = 1000

(Integer) The maximum number of items that a collection resource returns in a single response

osapi_volume_base_URL = None

(String) Base URL that will be presented to users in links to the OpenStack Volume API

osapi_volume_ext_list =

(List) Specify list of extensions to load when using osapi_volume_extension option with cinder.api.contrib.select_extensions

osapi_volume_extension = ['cinder.api.contrib.standard_extensions']

(Multi-valued) osapi volume extension to load

osapi_volume_listen = 0.0.0.0

(String) IP address on which OpenStack Volume API listens

osapi_volume_listen_port = 8776

(Port number) Port on which OpenStack Volume API listens

osapi_volume_use_ssl = False

(Boolean) Wraps the socket in a SSL context if True is set. A certificate file and key file must be specified.

osapi_volume_workers = None

(Integer) Number of workers for OpenStack Volume API service. The default is equal to the number of CPUs available.

per_volume_size_limit = -1

(Integer) Max size allowed per volume, in gigabytes

public_endpoint = None

(String) Public url to use for versions endpoint. The default is None, which will use the request’s host_url attribute to populate the URL base. If Cinder is operating behind a proxy, you will want to change this to represent the proxy’s URL.

query_volume_filters = name, status, metadata, availability_zone, bootable, group_id

(List) Volume filter options which non-admin user could use to query volumes. Default values are: ['name', 'status', 'metadata', 'availability_zone' ,'bootable', 'group_id']

transfer_api_class = cinder.transfer.api.API

(String) The full class name of the volume transfer API class

volume_api_class = cinder.volume.api.API

(String) The full class name of the volume API class to use

volume_name_prefix = openstack-

(String) Prefix before volume name to differentiate DISCO volume created through openstack and the other ones

volume_name_template = volume-%s

(String) Template string to be used to generate volume names

volume_number_multiplier = -1.0

(Floating point) Multiplier used for weighing volume number. Negative numbers mean to spread vs stack.

volume_transfer_key_length = 16

(Integer) The number of characters in the autogenerated auth key.

volume_transfer_salt_length = 8

(Integer) The number of characters in the salt.

[oslo_middleware]

 

enable_proxy_headers_parsing = False

(Boolean) Whether the application is behind a proxy or not. This determines if the middleware should parse the headers or not.

max_request_body_size = 114688

(Integer) The maximum body size for each request, in bytes.

secure_proxy_ssl_header = X-Forwarded-Proto

(String) DEPRECATED: The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by a SSL termination proxy.

[oslo_versionedobjects]

 

fatal_exception_format_errors = False

(Boolean) Make exception message format errors fatal

Table 3.2. Description of authorization configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

auth_strategy = keystone

(String) The strategy to use for auth. Supports noauth or keystone.

Table 3.3. Description of Ceph backup driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

backup_ceph_chunk_size = 134217728

(Integer) The chunk size, in bytes, that a backup is broken into before transfer to the Ceph object store.

backup_ceph_conf = /etc/ceph/ceph.conf

(String) Ceph configuration file to use.

backup_ceph_pool = backups

(String) The Ceph pool where volume backups are stored.

backup_ceph_stripe_count = 0

(Integer) RBD stripe count to use when creating a backup image.

backup_ceph_stripe_unit = 0

(Integer) RBD stripe unit to use when creating a backup image.

backup_ceph_user = cinder

(String) The Ceph user to connect with. Default here is to use the same user as for Cinder volumes. If not using cephx this should be set to None.

restore_discard_excess_bytes = True

(Boolean) If True, always discard excess bytes when restoring volumes i.e. pad with zeroes.

Table 3.4. Description of GCS backup driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

backup_gcs_block_size = 32768

(Integer) The size in bytes that changes are tracked for incremental backups. backup_gcs_object_size has to be multiple of backup_gcs_block_size.

backup_gcs_bucket = None

(String) The GCS bucket to use.

backup_gcs_bucket_location = US

(String) Location of GCS bucket.

backup_gcs_credential_file = None

(String) Absolute path of GCS service account credential file.

backup_gcs_enable_progress_timer = True

(Boolean) Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the GCS backend storage. The default value is True to enable the timer.

backup_gcs_num_retries = 3

(Integer) Number of times to retry.

backup_gcs_object_size = 52428800

(Integer) The size in bytes of GCS backup objects.

backup_gcs_project_id = None

(String) Owner project id for GCS bucket.

backup_gcs_proxy_url = None

(URI) URL for http proxy access.

backup_gcs_reader_chunk_size = 2097152

(Integer) GCS object will be downloaded in chunks of bytes.

backup_gcs_retry_error_codes = 429

(List) List of GCS error codes.

backup_gcs_storage_class = NEARLINE

(String) Storage class of GCS bucket.

backup_gcs_user_agent = gcscinder

(String) Http user-agent string for gcs api.

backup_gcs_writer_chunk_size = 2097152

(Integer) GCS object will be uploaded in chunks of bytes. Pass in a value of -1 if the file is to be uploaded as a single chunk.

Table 3.5. Description of NFS backup driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

backup_container = None

(String) Custom directory to use for backups.

backup_enable_progress_timer = True

(Boolean) Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the backend storage. The default value is True to enable the timer.

backup_file_size = 1999994880

(Integer) The maximum size in bytes of the files used to hold backups. If the volume being backed up exceeds this size, then it will be backed up into multiple files.backup_file_size must be a multiple of backup_sha_block_size_bytes.

backup_mount_options = None

(String) Mount options passed to the NFS client. See NFS man page for details.

backup_mount_point_base = $state_path/backup_mount

(String) Base dir containing mount point for NFS share.

backup_sha_block_size_bytes = 32768

(Integer) The size in bytes that changes are tracked for incremental backups. backup_file_size has to be multiple of backup_sha_block_size_bytes.

backup_share = None

(String) NFS share in hostname:path, ipv4addr:path, or "[ipv6addr]:path" format.

Table 3.6. Description of POSIX backup driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

backup_container = None

(String) Custom directory to use for backups.

backup_enable_progress_timer = True

(Boolean) Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the backend storage. The default value is True to enable the timer.

backup_file_size = 1999994880

(Integer) The maximum size in bytes of the files used to hold backups. If the volume being backed up exceeds this size, then it will be backed up into multiple files.backup_file_size must be a multiple of backup_sha_block_size_bytes.

backup_posix_path = $state_path/backup

(String) Path specifying where to store backups.

backup_sha_block_size_bytes = 32768

(Integer) The size in bytes that changes are tracked for incremental backups. backup_file_size has to be multiple of backup_sha_block_size_bytes.

Table 3.7. Description of backups configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

backup_api_class = cinder.backup.api.API

(String) The full class name of the volume backup API class

backup_compression_algorithm = zlib

(String) Compression algorithm (None to disable)

backup_driver = cinder.backup.drivers.swift

(String) Driver to use for backups.

backup_manager = cinder.backup.manager.BackupManager

(String) Full class name for the Manager for volume backup

backup_metadata_version = 2

(Integer) Backup metadata version to be used when backing up volume metadata. If this number is bumped, make sure the service doing the restore supports the new version.

backup_name_template = backup-%s

(String) Template string to be used to generate backup names

backup_object_number_per_notification = 10

(Integer) The number of chunks or objects, for which one Ceilometer notification will be sent

backup_service_inithost_offload = True

(Boolean) Offload pending backup delete during backup service startup. If false, the backup service will remain down until all pending backups are deleted.

backup_timer_interval = 120

(Integer) Interval, in seconds, between two progress notifications reporting the backup status

backup_use_same_host = False

(Boolean) Backup services use same backend.

backup_use_temp_snapshot = False

(Boolean) If this is set to True, the backup_use_temp_snapshot path will be used during the backup. Otherwise, it will use backup_use_temp_volume path.

snapshot_check_timeout = 3600

(Integer) How long we check whether a snapshot is finished before we give up

snapshot_name_template = snapshot-%s

(String) Template string to be used to generate snapshot names

snapshot_same_host = True

(Boolean) Create volume from snapshot at the host where snapshot resides

Table 3.8. Description of Swift backup driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

backup_swift_auth = per_user

(String) Swift authentication mechanism

backup_swift_auth_version = 1

(String) Swift authentication version. Specify "1" for auth 1.0, or "2" for auth 2.0 or "3" for auth 3.0

backup_swift_block_size = 32768

(Integer) The size in bytes that changes are tracked for incremental backups. backup_swift_object_size has to be multiple of backup_swift_block_size.

backup_swift_ca_cert_file = None

(String) Location of the CA certificate file to use for swift client requests.

backup_swift_container = volumebackups

(String) The default Swift container to use

backup_swift_enable_progress_timer = True

(Boolean) Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the Swift backend storage. The default value is True to enable the timer.

backup_swift_key = None

(String) Swift key for authentication

backup_swift_object_size = 52428800

(Integer) The size in bytes of Swift backup objects

backup_swift_project = None

(String) Swift project/account name. Required when connecting to an auth 3.0 system

backup_swift_project_domain = None

(String) Swift project domain name. Required when connecting to an auth 3.0 system

backup_swift_retry_attempts = 3

(Integer) The number of retries to make for Swift operations

backup_swift_retry_backoff = 2

(Integer) The backoff time in seconds between Swift retries

backup_swift_tenant = None

(String) Swift tenant/account name. Required when connecting to an auth 2.0 system

backup_swift_url = None

(URI) The URL of the Swift endpoint

backup_swift_user = None

(String) Swift user name

backup_swift_user_domain = None

(String) Swift user domain name. Required when connecting to an auth 3.0 system

keystone_catalog_info = identity:Identity Service:publicURL

(String) Info to match when looking for keystone in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type> - Only used if backup_swift_auth_url is unset

swift_catalog_info = object-store:swift:publicURL

(String) Info to match when looking for swift in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type> - Only used if backup_swift_url is unset

Table 3.9. Description of IBM Tivoli Storage Manager backup driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

backup_tsm_compression = True

(Boolean) Enable or Disable compression for backups

backup_tsm_password = password

(String) TSM password for the running username

backup_tsm_volume_prefix = backup

(String) Volume prefix for the backup id when backing up to TSM

Table 3.10. Description of block device configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

available_devices =

(List) List of all available devices

Table 3.11. Description of CloudByte volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

cb_account_name = None

(String) CloudByte storage specific account name. This maps to a project name in OpenStack.

cb_add_qosgroup = {'latency': '15', 'iops': '10', 'graceallowed': 'false', 'iopscontrol': 'true', 'memlimit': '0', 'throughput': '0', 'tpcontrol': 'false', 'networkspeed': '0'}

(Dict) These values will be used for CloudByte storage’s addQos API call.

cb_apikey = None

(String) Driver will use this API key to authenticate against the CloudByte storage’s management interface.

cb_auth_group = None

(String) This corresponds to the discovery authentication group in CloudByte storage. Chap users are added to this group. Driver uses the first user found for this group. Default value is None.

cb_confirm_volume_create_retries = 3

(Integer) Will confirm a successful volume creation in CloudByte storage by making this many number of attempts.

cb_confirm_volume_create_retry_interval = 5

(Integer) A retry value in seconds. Will be used by the driver to check if volume creation was successful in CloudByte storage.

cb_confirm_volume_delete_retries = 3

(Integer) Will confirm a successful volume deletion in CloudByte storage by making this many number of attempts.

cb_confirm_volume_delete_retry_interval = 5

(Integer) A retry value in seconds. Will be used by the driver to check if volume deletion was successful in CloudByte storage.

cb_create_volume = {'compression': 'off', 'deduplication': 'off', 'blocklength': '512B', 'sync': 'always', 'protocoltype': 'ISCSI', 'recordsize': '16k'}

(Dict) These values will be used for CloudByte storage’s createVolume API call.

cb_tsm_name = None

(String) This corresponds to the name of Tenant Storage Machine (TSM) in CloudByte storage. A volume will be created in this TSM.

cb_update_file_system = compression, sync, noofcopies, readonly

(List) These values will be used for CloudByte storage’s updateFileSystem API call.

cb_update_qos_group = iops, latency, graceallowed

(List) These values will be used for CloudByte storage’s updateQosGroup API call.

Table 3.12. Description of Coho volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

coho_rpc_port = 2049

(Integer) RPC port to connect to Coho Data MicroArray

Table 3.13. Description of common configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

allow_availability_zone_fallback = False

(Boolean) If the requested Cinder availability zone is unavailable, fall back to the value of default_availability_zone, then storage_availability_zone, instead of failing.

chap = disabled

(String) CHAP authentication mode, effective only for iscsi (disabled|enabled)

chap_password =

(String) Password for specified CHAP account name.

chap_username =

(String) CHAP user name.

chiscsi_conf = /etc/chelsio-iscsi/chiscsi.conf

(String) Chiscsi (CXT) global defaults configuration file

cinder_internal_tenant_project_id = None

(String) ID of the project which will be used as the Cinder internal tenant.

cinder_internal_tenant_user_id = None

(String) ID of the user to be used in volume operations as the Cinder internal tenant.

cluster = None

(String) Name of this cluster. Used to group volume hosts that share the same backend configurations to work in HA Active-Active mode. Active-Active is not yet supported.

compute_api_class = cinder.compute.nova.API

(String) The full class name of the compute API class to use

connection_type = iscsi

(String) Connection type to the IBM Storage Array

consistencygroup_api_class = cinder.consistencygroup.api.API

(String) The full class name of the consistencygroup API class

default_availability_zone = None

(String) Default availability zone for new volumes. If not set, the storage_availability_zone option value is used as the default for new volumes.

default_group_type = None

(String) Default group type to use

default_volume_type = None

(String) Default volume type to use

driver_client_cert = None

(String) The path to the client certificate for verification, if the driver supports it.

driver_client_cert_key = None

(String) The path to the client certificate key for verification, if the driver supports it.

driver_data_namespace = None

(String) Namespace for driver private data values to be saved in.

driver_ssl_cert_path = None

(String) Can be used to specify a non default path to a CA_BUNDLE file or directory with certificates of trusted CAs, which will be used to validate the backend

driver_ssl_cert_verify = False

(Boolean) If set to True the http client will validate the SSL certificate of the backend endpoint.

enable_force_upload = False

(Boolean) Enables the Force option on upload_to_image. This enables running upload_volume on in-use volumes for backends that support it.

enable_new_services = True

(Boolean) Services to be added to the available pool on create

enable_unsupported_driver = False

(Boolean) Set this to True when you want to allow an unsupported driver to start. Drivers that haven’t maintained a working CI system and testing are marked as unsupported until CI is working again. This also marks a driver as deprecated and may be removed in the next release.

end_time = None

(String) If this option is specified then the end time specified is used instead of the end time of the last completed audit period.

enforce_multipath_for_image_xfer = False

(Boolean) If this is set to True, attachment of volumes for image transfer will be aborted when multipathd is not running. Otherwise, it will fallback to single path.

executor_thread_pool_size = 64

(Integer) Size of executor thread pool.

fatal_exception_format_errors = False

(Boolean) Make exception message format errors fatal.

group_api_class = cinder.group.api.API

(String) The full class name of the group API class

host = localhost

(String) Name of this node. This can be an opaque identifier. It is not necessarily a host name, FQDN, or IP address.

iet_conf = /etc/iet/ietd.conf

(String) IET configuration file

iscsi_secondary_ip_addresses =

(List) The list of secondary IP addresses of the iSCSI daemon

max_over_subscription_ratio = 20.0

(Floating point) Float representation of the over subscription ratio when thin provisioning is involved. Default ratio is 20.0, meaning provisioned capacity can be 20 times of the total physical capacity. If the ratio is 10.5, it means provisioned capacity can be 10.5 times of the total physical capacity. A ratio of 1.0 means provisioned capacity cannot exceed the total physical capacity. The ratio has to be a minimum of 1.0.

monkey_patch = False

(Boolean) Enable monkey patching

monkey_patch_modules =

(List) List of modules/decorators to monkey patch

my_ip = 10.0.0.1

(String) IP address of this host

no_snapshot_gb_quota = False

(Boolean) Whether snapshots count against gigabyte quota

num_shell_tries = 3

(Integer) Number of times to attempt to run flakey shell commands

os_privileged_user_auth_url = None

(URI) Auth URL associated with the OpenStack privileged account.

os_privileged_user_name = None

(String) OpenStack privileged account username. Used for requests to other services (such as Nova) that require an account with special rights.

os_privileged_user_password = None

(String) Password associated with the OpenStack privileged account.

os_privileged_user_tenant = None

(String) Tenant name associated with the OpenStack privileged account.

periodic_fuzzy_delay = 60

(Integer) Range, in seconds, to randomly delay when starting the periodic task scheduler to reduce stampeding. (Disable by setting to 0)

periodic_interval = 60

(Integer) Interval, in seconds, between running periodic tasks

replication_device = None

(Unknown) Multi opt of dictionaries to represent a replication target device. This option may be specified multiple times in a single config section to specify multiple replication target devices. Each entry takes the standard dict config form: replication_device = target_device_id:<required>,key1:value1,key2:value2…​

report_discard_supported = False

(Boolean) Report to clients of Cinder that the backend supports discard (aka. trim/unmap). This will not actually change the behavior of the backend or the client directly, it will only notify that it can be used.

report_interval = 10

(Integer) Interval, in seconds, between nodes reporting state to datastore

reserved_percentage = 0

(Integer) The percentage of backend capacity is reserved

rootwrap_config = /etc/cinder/rootwrap.conf

(String) Path to the rootwrap configuration file to use for running commands as root

send_actions = False

(Boolean) Send the volume and snapshot create and delete notifications generated in the specified period.

service_down_time = 60

(Integer) Maximum time since last check-in for a service to be considered up

ssh_hosts_key_file = $state_path/ssh_known_hosts

(String) File containing SSH host keys for the systems with which Cinder needs to communicate. OPTIONAL: Default=$state_path/ssh_known_hosts

start_time = None

(String) If this option is specified then the start time specified is used instead of the start time of the last completed audit period.

state_path = /var/lib/cinder

(String) Top-level directory for maintaining cinder’s state

storage_availability_zone = nova

(String) Availability zone of this node

storage_protocol = iscsi

(String) Protocol for transferring data between host and storage back-end.

strict_ssh_host_key_policy = False

(Boolean) Option to enable strict host key checking. When set to "True" Cinder will only connect to systems with a host key present in the configured "ssh_hosts_key_file". When set to "False" the host key will be saved upon first connection and used for subsequent connections. Default=False

suppress_requests_ssl_warnings = False

(Boolean) Suppress requests library SSL certificate warnings.

tcp_keepalive = True

(Boolean) Sets the value of TCP_KEEPALIVE (True/False) for each server socket.

tcp_keepalive_count = None

(Integer) Sets the value of TCP_KEEPCNT for each server socket. Not supported on OS X.

tcp_keepalive_interval = None

(Integer) Sets the value of TCP_KEEPINTVL in seconds for each server socket. Not supported on OS X.

until_refresh = 0

(Integer) Count of reservations until usage is refreshed

use_chap_auth = False

(Boolean) Option to enable/disable CHAP authentication for targets.

use_forwarded_for = False

(Boolean) Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy.

[healthcheck]

 

backends =

(List) Additional backends that can perform health checks and report that information back as part of a request.

detailed = False

(Boolean) Show more detailed information as part of the response

disable_by_file_path = None

(String) Check the presence of a file to determine if an application is running on a port. Used by DisableByFileHealthcheck plugin.

disable_by_file_paths =

(List) Check the presence of a file based on a port to determine if an application is running on a port. Expects a "port:path" list of strings. Used by DisableByFilesPortsHealthcheck plugin.

path = /healthcheck

(String) DEPRECATED: The path to respond to healtcheck requests on.

[key_manager]

 

api_class = castellan.key_manager.barbican_key_manager.BarbicanKeyManager

(String) The full class name of the key manager API class

fixed_key = None

(String) Fixed key returned by key manager, specified in hex

Table 3.14. Description of Compute configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

nova_api_insecure = False

(Boolean) Allow to perform insecure SSL requests to nova

nova_ca_certificates_file = None

(String) Location of ca certificates file to use for nova client requests.

nova_catalog_admin_info = compute:Compute Service:adminURL

(String) Same as nova_catalog_info, but for admin endpoint.

nova_catalog_info = compute:Compute Service:publicURL

(String) Match this value when searching for nova in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type>

nova_endpoint_admin_template = None

(String) Same as nova_endpoint_template, but for admin endpoint.

nova_endpoint_template = None

(String) Override service catalog lookup with template for nova endpoint e.g. http://localhost:8774/v2/%(project_id)s

os_region_name = None

(String) Region name of this node

Table 3.15. Description of Coordination configuration options

Configuration option = Default valueDescription

[coordination]

 

backend_url = file://$state_path

(String) The backend URL to use for distributed coordination.

heartbeat = 1.0

(Floating point) Number of seconds between heartbeats for distributed coordination.

initial_reconnect_backoff = 0.1

(Floating point) Initial number of seconds to wait after failed reconnection.

max_reconnect_backoff = 60.0

(Floating point) Maximum number of seconds between sequential reconnection retries.

Table 3.16. Description of logging configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

trace_flags = None

(List) List of options that control which trace info is written to the DEBUG log level to assist developers. Valid values are method and api.

Table 3.17. Description of Dell Storage Center volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

dell_sc_api_port = 3033

(Port number) Dell API port

dell_sc_server_folder = openstack

(String) Name of the server folder to use on the Storage Center

dell_sc_ssn = 64702

(Integer) Storage Center System Serial Number

dell_sc_verify_cert = False

(Boolean) Enable HTTPS SC certificate verification

dell_sc_volume_folder = openstack

(String) Name of the volume folder to use on the Storage Center

dell_server_os = Red Hat Linux 6.x

(String) Server OS type to use when creating a new server on the Storage Center.

excluded_domain_ip = None

(Unknown) Domain IP to be excluded from iSCSI returns.

secondary_san_ip =

(String) IP address of secondary DSM controller

secondary_san_login = Admin

(String) Secondary DSM user name

secondary_san_password =

(String) Secondary DSM user password name

secondary_sc_api_port = 3033

(Port number) Secondary Dell API port

Table 3.18. Description of EMC configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

check_max_pool_luns_threshold = False

(Boolean) Report free_capacity_gb as 0 when the limit to maximum number of pool LUNs is reached. By default, the value is False.

cinder_emc_config_file = /etc/cinder/cinder_emc_config.xml

(String) Use this file for cinder emc plugin config data

destroy_empty_storage_group = False

(Boolean) To destroy storage group when the last LUN is removed from it. By default, the value is False.

force_delete_lun_in_storagegroup = False

(Boolean) Delete a LUN even if it is in Storage Groups. By default, the value is False.

initiator_auto_deregistration = False

(Boolean) Automatically deregister initiators after the related storage group is destroyed. By default, the value is False.

initiator_auto_registration = False

(Boolean) Automatically register initiators. By default, the value is False.

io_port_list = None

(List) Comma separated iSCSI or FC ports to be used in Nova or Cinder.

iscsi_initiators = None

(String) Mapping between hostname and its iSCSI initiator IP addresses.

max_luns_per_storage_group = 255

(Integer) Default max number of LUNs in a storage group. By default, the value is 255.

multi_pool_support = False

(String) Use this value to specify multi-pool support for VMAX3

naviseccli_path = None

(String) Naviseccli Path.

storage_vnx_authentication_type = global

(String) VNX authentication scope type. By default, the value is global.

storage_vnx_pool_names = None

(List) Comma-separated list of storage pool names to be used.

storage_vnx_security_file_dir = None

(String) Directory path that contains the VNX security file. Make sure the security file is generated first.

Table 3.19. Description of EMC SIO volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

sio_max_over_subscription_ratio = 10.0

(Floating point) max_over_subscription_ratio setting for the ScaleIO driver. This replaces the general max_over_subscription_ratio which has no effect in this driver.Maximum value allowed for ScaleIO is 10.0.

sio_protection_domain_id = None

(String) Protection Domain ID.

sio_protection_domain_name = None

(String) Protection Domain name.

sio_rest_server_port = 443

(String) REST server port.

sio_round_volume_capacity = True

(Boolean) Round up volume capacity.

sio_server_certificate_path = None

(String) Server certificate path.

sio_storage_pool_id = None

(String) Storage Pool ID.

sio_storage_pool_name = None

(String) Storage Pool name.

sio_storage_pools = None

(String) Storage Pools.

sio_unmap_volume_before_deletion = False

(Boolean) Unmap volume before deletion.

sio_verify_server_certificate = False

(Boolean) Verify server certificate.

Table 3.20. Description of EMC XtremIO volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

xtremio_array_busy_retry_count = 5

(Integer) Number of retries in case array is busy

xtremio_array_busy_retry_interval = 5

(Integer) Interval between retries in case array is busy

xtremio_cluster_name =

(String) XMS cluster id in multi-cluster environment

xtremio_volumes_per_glance_cache = 100

(Integer) Number of volumes created from each cached glance image

Table 3.21. Description of Dell EqualLogic volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

eqlx_cli_max_retries = 5

(Integer) Maximum retry count for reconnection. Default is 5.

eqlx_group_name = group-0

(String) Group name to use for creating volumes. Defaults to "group-0".

eqlx_pool = default

(String) Pool in which volumes will be created. Defaults to "default".

Table 3.22. Description of Eternus volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

cinder_eternus_config_file = /etc/cinder/cinder_fujitsu_eternus_dx.xml

(String) config file for cinder eternus_dx volume driver

Table 3.23. Description of IBM FlashSystem volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

flashsystem_connection_protocol = FC

(String) Connection protocol should be FC. (Default is FC.)

flashsystem_iscsi_portid = 0

(Integer) Default iSCSI Port ID of FlashSystem. (Default port is 0.)

flashsystem_multihostmap_enabled = True

(Boolean) Allows vdisk to multi host mapping. (Default is True)

flashsystem_multipath_enabled = False

(Boolean) DEPRECATED: This option no longer has any affect. It is deprecated and will be removed in the next release.

Table 3.24. Description of Hitachi storage volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

hitachi_add_chap_user = False

(Boolean) Add CHAP user

hitachi_async_copy_check_interval = 10

(Integer) Interval to check copy asynchronously

hitachi_auth_method = None

(String) iSCSI authentication method

hitachi_auth_password = HBSD-CHAP-password

(String) iSCSI authentication password

hitachi_auth_user = HBSD-CHAP-user

(String) iSCSI authentication username

hitachi_copy_check_interval = 3

(Integer) Interval to check copy

hitachi_copy_speed = 3

(Integer) Copy speed of storage system

hitachi_default_copy_method = FULL

(String) Default copy method of storage system

hitachi_group_range = None

(String) Range of group number

hitachi_group_request = False

(Boolean) Request for creating HostGroup or iSCSI Target

hitachi_horcm_add_conf = True

(Boolean) Add to HORCM configuration

hitachi_horcm_numbers = 200,201

(String) Instance numbers for HORCM

hitachi_horcm_password = None

(String) Password of storage system for HORCM

hitachi_horcm_resource_lock_timeout = 600

(Integer) Timeout until a resource lock is released, in seconds. The value must be between 0 and 7200.

hitachi_horcm_user = None

(String) Username of storage system for HORCM

hitachi_ldev_range = None

(String) Range of logical device of storage system

hitachi_pool_id = None

(Integer) Pool ID of storage system

hitachi_serial_number = None

(String) Serial number of storage system

hitachi_target_ports = None

(String) Control port names for HostGroup or iSCSI Target

hitachi_thin_pool_id = None

(Integer) Thin pool ID of storage system

hitachi_unit_name = None

(String) Name of an array unit

hitachi_zoning_request = False

(Boolean) Request for FC Zone creating HostGroup

Table 3.25. Description of Hitachi HNAS iSCSI and NFS driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

hds_hnas_iscsi_config_file = /opt/hds/hnas/cinder_iscsi_conf.xml

(String) DEPRECATED: Legacy configuration file for HNAS iSCSI Cinder plugin. This is not needed if you fill all configuration on cinder.conf

hds_hnas_nfs_config_file = /opt/hds/hnas/cinder_nfs_conf.xml

(String) DEPRECATED: Legacy configuration file for HNAS NFS Cinder plugin. This is not needed if you fill all configuration on cinder.conf

hnas_chap_enabled = True

(Boolean) Whether the chap authentication is enabled in the iSCSI target or not.

hnas_cluster_admin_ip0 = None

(String) The IP of the HNAS cluster admin. Required only for HNAS multi-cluster setups.

hnas_mgmt_ip0 = None

(IP) Management IP address of HNAS. This can be any IP in the admin address on HNAS or the SMU IP.

hnas_password = None

(String) HNAS password.

hnas_ssc_cmd = ssc

(String) Command to communicate to HNAS.

hnas_ssh_port = 22

(Port number) Port to be used for SSH authentication.

hnas_ssh_private_key = None

(String) Path to the SSH private key used to authenticate in HNAS SMU.

hnas_svc0_hdp = None

(String) Service 0 HDP

hnas_svc0_iscsi_ip = None

(IP) Service 0 iSCSI IP

hnas_svc0_pool_name = None

(String) Service 0 pool name

hnas_svc1_hdp = None

(String) Service 1 HDP

hnas_svc1_iscsi_ip = None

(IP) Service 1 iSCSI IP

hnas_svc1_pool_name = None

(String) Service 1 pool name

hnas_svc2_hdp = None

(String) Service 2 HDP

hnas_svc2_iscsi_ip = None

(IP) Service 2 iSCSI IP

hnas_svc2_pool_name = None

(String) Service 2 pool name

hnas_svc3_hdp = None

(String) Service 3 HDP

hnas_svc3_iscsi_ip = None

(IP) Service 3 iSCSI IP

hnas_svc3_pool_name = None

(String) Service 3 pool name:

hnas_username = None

(String) HNAS username.

Table 3.26. Description of HORCM interface module for Hitachi VSP driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

vsp_async_copy_check_interval = 10

(Integer) Interval in seconds at which volume pair synchronization status is checked when volume pairs are deleted.

vsp_auth_password = None

(String) Password corresponding to vsp_auth_user.

vsp_auth_user = None

(String) Name of the user used for CHAP authentication performed in communication between hosts and iSCSI targets on the storage ports.

vsp_compute_target_ports = None

(List) IDs of the storage ports used to attach volumes to compute nodes. To specify multiple ports, connect them by commas (e.g. CL1-A,CL2-A).

vsp_copy_check_interval = 3

(Integer) Interval in seconds at which volume pair synchronization status is checked when volume pairs are created.

vsp_copy_speed = 3

(Integer) Speed at which data is copied by Shadow Image. 1 or 2 indicates low speed, 3 indicates middle speed, and a value between 4 and 15 indicates high speed.

vsp_default_copy_method = FULL

(String) Method of volume copy. FULL indicates full data copy by Shadow Image and THIN indicates differential data copy by Thin Image.

vsp_group_request = False

(Boolean) If True, the driver will create host groups or iSCSI targets on storage ports as needed.

vsp_horcm_add_conf = True

(Boolean) If True, the driver will create or update the Command Control Interface configuration file as needed.

vsp_horcm_numbers = 200, 201

(List) Command Control Interface instance numbers in the format of 'xxx,yyy'. The second one is for Shadow Image operation and the first one is for other purposes.

vsp_horcm_pair_target_ports = None

(List) IDs of the storage ports used to copy volumes by Shadow Image or Thin Image. To specify multiple ports, connect them by commas (e.g. CL1-A,CL2-A).

vsp_horcm_password = None

(String) Password corresponding to vsp_horcm_user.

vsp_horcm_user = None

(String) Name of the user on the storage system.

vsp_ldev_range = None

(String) Range of the LDEV numbers in the format of 'xxxx-yyyy' that can be used by the driver. Values can be in decimal format (e.g. 1000) or in colon-separated hexadecimal format (e.g. 00:03:E8).

vsp_pool = None

(String) Pool number or pool name of the DP pool.

vsp_storage_id = None

(String) Product number of the storage system.

vsp_target_ports = None

(List) IDs of the storage ports used to attach volumes to the controller node. To specify multiple ports, connect them by commas (e.g. CL1-A,CL2-A).

vsp_thin_pool = None

(String) Pool number or pool name of the Thin Image pool.

vsp_use_chap_auth = False

(Boolean) If True, CHAP authentication will be applied to communication between hosts and any of the iSCSI targets on the storage ports.

vsp_zoning_request = False

(Boolean) If True, the driver will configure FC zoning between the server and the storage system provided that FC zoning manager is enabled.

Table 3.27. Description of HPE 3PAR Fibre Channel and iSCSI drivers configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

hpe3par_api_url =

(String) 3PAR WSAPI Server Url like https://<3par ip>:8080/api/v1

hpe3par_cpg = OpenStack

(List) List of the CPG(s) to use for volume creation

hpe3par_cpg_snap =

(String) The CPG to use for Snapshots for volumes. If empty the userCPG will be used.

hpe3par_debug = False

(Boolean) Enable HTTP debugging to 3PAR

hpe3par_iscsi_chap_enabled = False

(Boolean) Enable CHAP authentication for iSCSI connections.

hpe3par_iscsi_ips =

(List) List of target iSCSI addresses to use.

hpe3par_password =

(String) 3PAR password for the user specified in hpe3par_username

hpe3par_snapshot_expiration =

(String) The time in hours when a snapshot expires and is deleted. This must be larger than expiration

hpe3par_snapshot_retention =

(String) The time in hours to retain a snapshot. You can’t delete it before this expires.

hpe3par_username =

(String) 3PAR username with the 'edit' role

Table 3.28. Description of HPE LeftHand/StoreVirtual driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

hpelefthand_api_url = None

(URI) HPE LeftHand WSAPI Server Url like https://<LeftHand ip>:8081/lhos

hpelefthand_clustername = None

(String) HPE LeftHand cluster name

hpelefthand_debug = False

(Boolean) Enable HTTP debugging to LeftHand

hpelefthand_iscsi_chap_enabled = False

(Boolean) Configure CHAP authentication for iSCSI connections (Default: Disabled)

hpelefthand_password = None

(String) HPE LeftHand Super user password

hpelefthand_ssh_port = 16022

(Port number) Port number of SSH service.

hpelefthand_username = None

(String) HPE LeftHand Super user username

Table 3.29. Description of Huawei storage driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

cinder_huawei_conf_file = /etc/cinder/cinder_huawei_conf.xml

(String) The configuration file for the Cinder Huawei driver.

hypermetro_devices = None

(String) The remote device hypermetro will use.

metro_domain_name = None

(String) The remote metro device domain name.

metro_san_address = None

(String) The remote metro device request url.

metro_san_password = None

(String) The remote metro device san password.

metro_san_user = None

(String) The remote metro device san user.

metro_storage_pools = None

(String) The remote metro device pool names.

Table 3.30. Description of IBM Storage driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

ds8k_devadd_unitadd_mapping =

(String) Mapping between IODevice address and unit address.

ds8k_host_type = auto

(String) Set to zLinux if your OpenStack version is prior to Liberty and you’re connecting to zLinux systems. Otherwise set to auto. Valid values for this parameter are: 'auto', 'AMDLinuxRHEL', 'AMDLinuxSuse', 'AppleOSX', 'Fujitsu', 'Hp', 'HpTru64', 'HpVms', 'LinuxDT', 'LinuxRF', 'LinuxRHEL', 'LinuxSuse', 'Novell', 'SGI', 'SVC', 'SanFsAIX', 'SanFsLinux', 'Sun', 'VMWare', 'Win2000', 'Win2003', 'Win2008', 'Win2012', 'iLinux', 'nSeries', 'pLinux', 'pSeries', 'pSeriesPowerswap', 'zLinux', 'iSeries'.

ds8k_ssid_prefix = FF

(String) Set the first two digits of SSID

proxy = cinder.volume.drivers.ibm.ibm_storage.proxy.IBMStorageProxy

(String) Proxy driver that connects to the IBM Storage Array

san_clustername =

(String) Cluster name to use for creating volumes

san_ip =

(String) IP address of SAN controller

san_login = admin

(String) Username for SAN controller

san_password =

(String) Password for SAN controller

Table 3.31. Description of images configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

allowed_direct_url_schemes =

(List) A list of url schemes that can be downloaded directly via the direct_url. Currently supported schemes: [file, cinder].

glance_api_insecure = False

(Boolean) Allow to perform insecure SSL (https) requests to glance (https will be used but cert validation will not be performed).

glance_api_servers = None

(List) A list of the URLs of glance API servers available to cinder ([http[s]://][hostname|ip]:port). If protocol is not specified it defaults to http.

glance_api_ssl_compression = False

(Boolean) Enables or disables negotiation of SSL layer compression. In some cases disabling compression can improve data throughput, such as when high network bandwidth is available and you use compressed image formats like qcow2.

glance_api_version = 2

(Integer) Version of the glance API to use

glance_ca_certificates_file = None

(String) Location of ca certificates file to use for glance client requests.

glance_catalog_info = image:glance:publicURL

(String) Info to match when looking for glance in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type> - Only used if glance_api_servers are not provided.

glance_core_properties = checksum, container_format, disk_format, image_name, image_id, min_disk, min_ram, name, size

(List) Default core properties of image

glance_num_retries = 0

(Integer) Number retries when downloading an image from glance

glance_request_timeout = None

(Integer) http/https timeout value for glance operations. If no value (None) is supplied here, the glanceclient default value is used.

image_conversion_dir = $state_path/conversion

(String) Directory used for temporary storage during image conversion

image_upload_use_cinder_backend = False

(Boolean) If set to True, upload-to-image in raw format will create a cloned volume and register its location to the image service, instead of uploading the volume content. The cinder backend and locations support must be enabled in the image service, and glance_api_version must be set to 2.

image_upload_use_internal_tenant = False

(Boolean) If set to True, the image volume created by upload-to-image will be placed in the internal tenant. Otherwise, the image volume is created in the current context’s tenant.

image_volume_cache_enabled = False

(Boolean) Enable the image volume cache for this backend.

image_volume_cache_max_count = 0

(Integer) Max number of entries allowed in the image volume cache. 0 ⇒ unlimited.

image_volume_cache_max_size_gb = 0

(Integer) Max size of the image volume cache for this backend in GB. 0 ⇒ unlimited.

use_multipath_for_image_xfer = False

(Boolean) Do we attach/detach volumes in cinder using multipath for volume to image and image to volume transfers?

Table 3.32. Description of INFINIDAT InfiniBox volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

infinidat_pool_name = None

(String) Name of the pool from which volumes are allocated

Table 3.33. Description of Kaminario volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

auto_calc_max_oversubscription_ratio = False

(Boolean) K2 driver will calculate max_oversubscription_ratio on setting this option as True.

Table 3.34. Description of LVM configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

lvm_conf_file = /etc/cinder/lvm.conf

(String) LVM conf file to use for the LVM driver in Cinder; this setting is ignored if the specified file does not exist (You can also specify 'None' to not use a conf file even if one exists).

lvm_max_over_subscription_ratio = 1.0

(Floating point) max_over_subscription_ratio setting for the LVM driver. If set, this takes precedence over the general max_over_subscription_ratio option. If None, the general option is used.

lvm_mirrors = 0

(Integer) If >0, create LVs with multiple mirrors. Note that this requires lvm_mirrors + 2 PVs with available space

lvm_suppress_fd_warnings = False

(Boolean) Suppress leaked file descriptor warnings in LVM commands.

lvm_type = default

(String) Type of LVM volumes to deploy; (default, thin, or auto). Auto defaults to thin if thin is supported.

volume_group = cinder-volumes

(String) Name for the VG that will contain exported volumes

Table 3.35. Description of NAS configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

nas_host =

(String) IP address or Hostname of NAS system.

nas_login = admin

(String) User name to connect to NAS system.

nas_mount_options = None

(String) Options used to mount the storage backend file system where Cinder volumes are stored.

nas_password =

(String) Password to connect to NAS system.

nas_private_key =

(String) Filename of private key to use for SSH authentication.

nas_secure_file_operations = auto

(String) Allow network-attached storage systems to operate in a secure environment where root level access is not permitted. If set to False, access is as the root user and insecure. If set to True, access is not as root. If set to auto, a check is done to determine if this is a new installation: True is used if so, otherwise False. Default is auto.

nas_secure_file_permissions = auto

(String) Set more secure file permissions on network-attached storage volume files to restrict broad other/world access. If set to False, volumes are created with open permissions. If set to True, volumes are created with permissions for the cinder user and group (660). If set to auto, a check is done to determine if this is a new installation: True is used if so, otherwise False. Default is auto.

nas_share_path =

(String) Path to the share to use for storing Cinder volumes. For example: "/srv/export1" for an NFS server export available at 10.0.5.10:/srv/export1 .

nas_ssh_port = 22

(Port number) SSH port to use to connect to NAS system.

Table 3.36. Description of NEC Storage M series driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

nec_actual_free_capacity = False

(Boolean) Return actual free capacity.

nec_backend_max_ld_count = 1024

(Integer) Maximum number of managing sessions.

nec_backup_ldname_format = LX:%s

(String) M-Series Storage LD name format for snapshots.

nec_backup_pools =

(List) M-Series Storage backup pool number to be used.

nec_diskarray_name =

(String) Diskarray name of M-Series Storage.

nec_iscsi_portals_per_cont = 1

(Integer) Number of iSCSI portals.

nec_ismcli_fip = None

(IP) FIP address of M-Series Storage iSMCLI.

nec_ismcli_password =

(String) Password for M-Series Storage iSMCLI.

nec_ismcli_privkey =

(String) Filename of RSA private key for M-Series Storage iSMCLI.

nec_ismcli_user =

(String) User name for M-Series Storage iSMCLI.

nec_ismview_alloptimize = False

(Boolean) Use legacy iSMCLI command with optimization.

nec_ismview_dir = /tmp/nec/cinder

(String) Output path of iSMview file.

nec_ldname_format = LX:%s

(String) M-Series Storage LD name format for volumes.

nec_ldset =

(String) M-Series Storage LD Set name for Compute Node.

nec_ldset_for_controller_node =

(String) M-Series Storage LD Set name for Controller Node.

nec_pools =

(List) M-Series Storage pool numbers list to be used.

nec_queryconfig_view = False

(Boolean) Use legacy iSMCLI command.

nec_ssh_pool_port_number = 22

(Integer) Port number of ssh pool.

nec_unpairthread_timeout = 3600

(Integer) Timeout value of Unpairthread.

Table 3.37. Description of NetApp 7-Mode iSCSI driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

netapp_login = None

(String) Administrative user account name used to access the storage system or proxy server.

netapp_partner_backend_name = None

(String) The name of the config.conf stanza for a Data ONTAP (7-mode) HA partner. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode, and it is required if the storage protocol selected is FC.

netapp_password = None

(String) Password for the administrative user account specified in the netapp_login option.

netapp_pool_name_search_pattern = (.+)

(String) This option is used to restrict provisioning to the specified pools. Specify the value of this option to be a regular expression which will be applied to the names of objects from the storage backend which represent pools in Cinder. This option is only utilized when the storage protocol is configured to use iSCSI or FC.

netapp_replication_aggregate_map = None

(Unknown) Multi opt of dictionaries to represent the aggregate mapping between source and destination back ends when using whole back end replication. For every source aggregate associated with a cinder pool (NetApp FlexVol), you would need to specify the destination aggregate on the replication target device. A replication target device is configured with the configuration option replication_device. Specify this option as many times as you have replication devices. Each entry takes the standard dict config form: netapp_replication_aggregate_map = backend_id:<name_of_replication_device_section>,src_aggr_name1:dest_aggr_name1,src_aggr_name2:dest_aggr_name2,…​

netapp_server_hostname = None

(String) The hostname (or IP address) for the storage system or proxy server.

netapp_server_port = None

(Integer) The TCP port to use for communication with the storage system or proxy server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for HTTPS; E-Series will use 8080 for HTTP and 8443 for HTTPS.

netapp_size_multiplier = 1.2

(Floating point) The quantity to be multiplied by the requested volume size to ensure enough space is available on the virtual storage server (Vserver) to fulfill the volume creation request. Note: this option is deprecated and will be removed in favor of "reserved_percentage" in the Mitaka release.

netapp_snapmirror_quiesce_timeout = 3600

(Integer) The maximum time in seconds to wait for existing SnapMirror transfers to complete before aborting during a failover.

netapp_storage_family = ontap_cluster

(String) The storage family type used on the storage system; valid values are ontap_7mode for using Data ONTAP operating in 7-Mode, ontap_cluster for using clustered Data ONTAP, or eseries for using E-Series.

netapp_storage_protocol = None

(String) The storage protocol to be used on the data path with the storage system.

netapp_transport_type = http

(String) The transport protocol used when communicating with the storage system or proxy server.

netapp_vfiler = None

(String) The vFiler unit on which provisioning of block storage volumes will be done. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode. Only use this option when utilizing the MultiStore feature on the NetApp storage system.

Table 3.38. Description of NetApp 7-Mode NFS driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

expiry_thres_minutes = 720

(Integer) This option specifies the threshold for last access time for images in the NFS image cache. When a cache cleaning cycle begins, images in the cache that have not been accessed in the last M minutes, where M is the value of this parameter, will be deleted from the cache to create free space on the NFS share.

netapp_login = None

(String) Administrative user account name used to access the storage system or proxy server.

netapp_partner_backend_name = None

(String) The name of the config.conf stanza for a Data ONTAP (7-mode) HA partner. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode, and it is required if the storage protocol selected is FC.

netapp_password = None

(String) Password for the administrative user account specified in the netapp_login option.

netapp_pool_name_search_pattern = (.+)

(String) This option is used to restrict provisioning to the specified pools. Specify the value of this option to be a regular expression which will be applied to the names of objects from the storage backend which represent pools in Cinder. This option is only utilized when the storage protocol is configured to use iSCSI or FC.

netapp_replication_aggregate_map = None

(Unknown) Multi opt of dictionaries to represent the aggregate mapping between source and destination back ends when using whole back end replication. For every source aggregate associated with a cinder pool (NetApp FlexVol), you would need to specify the destination aggregate on the replication target device. A replication target device is configured with the configuration option replication_device. Specify this option as many times as you have replication devices. Each entry takes the standard dict config form: netapp_replication_aggregate_map = backend_id:<name_of_replication_device_section>,src_aggr_name1:dest_aggr_name1,src_aggr_name2:dest_aggr_name2,…​

netapp_server_hostname = None

(String) The hostname (or IP address) for the storage system or proxy server.

netapp_server_port = None

(Integer) The TCP port to use for communication with the storage system or proxy server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for HTTPS; E-Series will use 8080 for HTTP and 8443 for HTTPS.

netapp_snapmirror_quiesce_timeout = 3600

(Integer) The maximum time in seconds to wait for existing SnapMirror transfers to complete before aborting during a failover.

netapp_storage_family = ontap_cluster

(String) The storage family type used on the storage system; valid values are ontap_7mode for using Data ONTAP operating in 7-Mode, ontap_cluster for using clustered Data ONTAP, or eseries for using E-Series.

netapp_storage_protocol = None

(String) The storage protocol to be used on the data path with the storage system.

netapp_transport_type = http

(String) The transport protocol used when communicating with the storage system or proxy server.

netapp_vfiler = None

(String) The vFiler unit on which provisioning of block storage volumes will be done. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode. Only use this option when utilizing the MultiStore feature on the NetApp storage system.

thres_avl_size_perc_start = 20

(Integer) If the percentage of available space for an NFS share has dropped below the value specified by this option, the NFS image cache will be cleaned.

thres_avl_size_perc_stop = 60

(Integer) When the percentage of available space on an NFS share has reached the percentage specified by this option, the driver will stop clearing files from the NFS image cache that have not been accessed in the last M minutes, where M is the value of the expiry_thres_minutes configuration option.

Table 3.39. Description of NetApp cDOT iSCSI driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

netapp_login = None

(String) Administrative user account name used to access the storage system or proxy server.

netapp_lun_ostype = None

(String) This option defines the type of operating system that will access a LUN exported from Data ONTAP; it is assigned to the LUN at the time it is created.

netapp_lun_space_reservation = enabled

(String) This option determines if storage space is reserved for LUN allocation. If enabled, LUNs are thick provisioned. If space reservation is disabled, storage space is allocated on demand.

netapp_partner_backend_name = None

(String) The name of the config.conf stanza for a Data ONTAP (7-mode) HA partner. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode, and it is required if the storage protocol selected is FC.

netapp_password = None

(String) Password for the administrative user account specified in the netapp_login option.

netapp_pool_name_search_pattern = (.+)

(String) This option is used to restrict provisioning to the specified pools. Specify the value of this option to be a regular expression which will be applied to the names of objects from the storage backend which represent pools in Cinder. This option is only utilized when the storage protocol is configured to use iSCSI or FC.

netapp_replication_aggregate_map = None

(Unknown) Multi opt of dictionaries to represent the aggregate mapping between source and destination back ends when using whole back end replication. For every source aggregate associated with a cinder pool (NetApp FlexVol), you would need to specify the destination aggregate on the replication target device. A replication target device is configured with the configuration option replication_device. Specify this option as many times as you have replication devices. Each entry takes the standard dict config form: netapp_replication_aggregate_map = backend_id:<name_of_replication_device_section>,src_aggr_name1:dest_aggr_name1,src_aggr_name2:dest_aggr_name2,…​

netapp_server_hostname = None

(String) The hostname (or IP address) for the storage system or proxy server.

netapp_server_port = None

(Integer) The TCP port to use for communication with the storage system or proxy server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for HTTPS; E-Series will use 8080 for HTTP and 8443 for HTTPS.

netapp_size_multiplier = 1.2

(Floating point) The quantity to be multiplied by the requested volume size to ensure enough space is available on the virtual storage server (Vserver) to fulfill the volume creation request. Note: this option is deprecated and will be removed in favor of "reserved_percentage" in the Mitaka release.

netapp_snapmirror_quiesce_timeout = 3600

(Integer) The maximum time in seconds to wait for existing SnapMirror transfers to complete before aborting during a failover.

netapp_storage_family = ontap_cluster

(String) The storage family type used on the storage system; valid values are ontap_7mode for using Data ONTAP operating in 7-Mode, ontap_cluster for using clustered Data ONTAP, or eseries for using E-Series.

netapp_storage_protocol = None

(String) The storage protocol to be used on the data path with the storage system.

netapp_transport_type = http

(String) The transport protocol used when communicating with the storage system or proxy server.

netapp_vserver = None

(String) This option specifies the virtual storage server (Vserver) name on the storage cluster on which provisioning of block storage volumes should occur.

Table 3.40. Description of NetApp cDOT NFS driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

expiry_thres_minutes = 720

(Integer) This option specifies the threshold for last access time for images in the NFS image cache. When a cache cleaning cycle begins, images in the cache that have not been accessed in the last M minutes, where M is the value of this parameter, will be deleted from the cache to create free space on the NFS share.

netapp_copyoffload_tool_path = None

(String) This option specifies the path of the NetApp copy offload tool binary. Ensure that the binary has execute permissions set which allow the effective user of the cinder-volume process to execute the file.

netapp_host_type = None

(String) This option defines the type of operating system for all initiators that can access a LUN. This information is used when mapping LUNs to individual hosts or groups of hosts.

netapp_host_type = None

(String) This option defines the type of operating system for all initiators that can access a LUN. This information is used when mapping LUNs to individual hosts or groups of hosts.

netapp_login = None

(String) Administrative user account name used to access the storage system or proxy server.

netapp_lun_ostype = None

(String) This option defines the type of operating system that will access a LUN exported from Data ONTAP; it is assigned to the LUN at the time it is created.

netapp_partner_backend_name = None

(String) The name of the config.conf stanza for a Data ONTAP (7-mode) HA partner. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode, and it is required if the storage protocol selected is FC.

netapp_password = None

(String) Password for the administrative user account specified in the netapp_login option.

netapp_pool_name_search_pattern = (.+)

(String) This option is used to restrict provisioning to the specified pools. Specify the value of this option to be a regular expression which will be applied to the names of objects from the storage backend which represent pools in Cinder. This option is only utilized when the storage protocol is configured to use iSCSI or FC.

netapp_replication_aggregate_map = None

(Unknown) Multi opt of dictionaries to represent the aggregate mapping between source and destination back ends when using whole back end replication. For every source aggregate associated with a cinder pool (NetApp FlexVol), you would need to specify the destination aggregate on the replication target device. A replication target device is configured with the configuration option replication_device. Specify this option as many times as you have replication devices. Each entry takes the standard dict config form: netapp_replication_aggregate_map = backend_id:<name_of_replication_device_section>,src_aggr_name1:dest_aggr_name1,src_aggr_name2:dest_aggr_name2,…​

netapp_server_hostname = None

(String) The hostname (or IP address) for the storage system or proxy server.

netapp_server_port = None

(Integer) The TCP port to use for communication with the storage system or proxy server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for HTTPS; E-Series will use 8080 for HTTP and 8443 for HTTPS.

netapp_snapmirror_quiesce_timeout = 3600

(Integer) The maximum time in seconds to wait for existing SnapMirror transfers to complete before aborting during a failover.

netapp_storage_family = ontap_cluster

(String) The storage family type used on the storage system; valid values are ontap_7mode for using Data ONTAP operating in 7-Mode, ontap_cluster for using clustered Data ONTAP, or eseries for using E-Series.

netapp_storage_protocol = None

(String) The storage protocol to be used on the data path with the storage system.

netapp_transport_type = http

(String) The transport protocol used when communicating with the storage system or proxy server.

netapp_vserver = None

(String) This option specifies the virtual storage server (Vserver) name on the storage cluster on which provisioning of block storage volumes should occur.

thres_avl_size_perc_start = 20

(Integer) If the percentage of available space for an NFS share has dropped below the value specified by this option, the NFS image cache will be cleaned.

thres_avl_size_perc_stop = 60

(Integer) When the percentage of available space on an NFS share has reached the percentage specified by this option, the driver will stop clearing files from the NFS image cache that have not been accessed in the last M minutes, where M is the value of the expiry_thres_minutes configuration option.

Table 3.41. Description of NetApp E-Series driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

netapp_controller_ips = None

(String) This option is only utilized when the storage family is configured to eseries. This option is used to restrict provisioning to the specified controllers. Specify the value of this option to be a comma separated list of controller hostnames or IP addresses to be used for provisioning.

netapp_enable_multiattach = False

(Boolean) This option specifies whether the driver should allow operations that require multiple attachments to a volume. An example would be live migration of servers that have volumes attached. When enabled, this backend is limited to 256 total volumes in order to guarantee volumes can be accessed by more than one host.

netapp_host_type = None

(String) This option defines the type of operating system for all initiators that can access a LUN. This information is used when mapping LUNs to individual hosts or groups of hosts.

netapp_login = None

(String) Administrative user account name used to access the storage system or proxy server.

netapp_partner_backend_name = None

(String) The name of the config.conf stanza for a Data ONTAP (7-mode) HA partner. This option is only used by the driver when connecting to an instance with a storage family of Data ONTAP operating in 7-Mode, and it is required if the storage protocol selected is FC.

netapp_password = None

(String) Password for the administrative user account specified in the netapp_login option.

netapp_pool_name_search_pattern = (.+)

(String) This option is used to restrict provisioning to the specified pools. Specify the value of this option to be a regular expression which will be applied to the names of objects from the storage backend which represent pools in Cinder. This option is only utilized when the storage protocol is configured to use iSCSI or FC.

netapp_replication_aggregate_map = None

(Unknown) Multi opt of dictionaries to represent the aggregate mapping between source and destination back ends when using whole back end replication. For every source aggregate associated with a cinder pool (NetApp FlexVol), you would need to specify the destination aggregate on the replication target device. A replication target device is configured with the configuration option replication_device. Specify this option as many times as you have replication devices. Each entry takes the standard dict config form: netapp_replication_aggregate_map = backend_id:<name_of_replication_device_section>,src_aggr_name1:dest_aggr_name1,src_aggr_name2:dest_aggr_name2,…​

netapp_sa_password = None

(String) Password for the NetApp E-Series storage array.

netapp_server_hostname = None

(String) The hostname (or IP address) for the storage system or proxy server.

netapp_server_port = None

(Integer) The TCP port to use for communication with the storage system or proxy server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for HTTPS; E-Series will use 8080 for HTTP and 8443 for HTTPS.

netapp_snapmirror_quiesce_timeout = 3600

(Integer) The maximum time in seconds to wait for existing SnapMirror transfers to complete before aborting during a failover.

netapp_storage_family = ontap_cluster

(String) The storage family type used on the storage system; valid values are ontap_7mode for using Data ONTAP operating in 7-Mode, ontap_cluster for using clustered Data ONTAP, or eseries for using E-Series.

netapp_transport_type = http

(String) The transport protocol used when communicating with the storage system or proxy server.

netapp_webservice_path = /devmgr/v2

(String) This option is used to specify the path to the E-Series proxy application on a proxy server. The value is combined with the value of the netapp_transport_type, netapp_server_hostname, and netapp_server_port options to create the URL used by the driver to connect to the proxy application.

Table 3.42. Description of os-brick configuration options

Configuration option = Default valueDescription

[privsep_osbrick]

 

capabilities = []

(Unknown) List of Linux capabilities retained by the privsep daemon.

group = None

(String) Group that the privsep daemon should run as.

helper_command = None

(String) Command to invoke to start the privsep daemon if not using the "fork" method. If not specified, a default is generated using "sudo privsep-helper" and arguments designed to recreate the current configuration. This command must accept suitable --privsep_context and --privsep_sock_path arguments.

user = None

(String) User that the privsep daemon should run as.

Table 3.43. Description of profiler configuration options

Configuration option = Default valueDescription

[profiler]

 

connection_string = messaging://

(String) Connection string for a notifier backend. Default value is messaging:// which sets the notifier to oslo_messaging. Examples of possible values:

  • messaging://: use oslo_messaging driver for sending notifications.
  • mongodb://127.0.0.1:27017 : use mongodb driver for sending notifications.
  • elasticsearch://127.0.0.1:9200 : use elasticsearch driver for sending notifications.

enabled = False

(Boolean) Enables the profiling for all services on this node. Default value is False (fully disable the profiling feature). Possible values:

  • True: Enables the feature
  • False: Disables the feature. The profiling cannot be started via this project operations. If the profiling is triggered by another project, this project part will be empty.

es_doc_type = notification

(String) Document type for notification indexing in elasticsearch.

es_scroll_size = 10000

(Integer) Elasticsearch splits large requests in batches. This parameter defines maximum size of each batch (for example: es_scroll_size=10000).

es_scroll_time = 2m

(String) This parameter is a time value parameter (for example: es_scroll_time=2m), indicating for how long the nodes that participate in the search will maintain relevant resources in order to continue and support it.

hmac_keys = SECRET_KEY

(String) Secret key(s) to use for encrypting context data for performance profiling. This string value should have the following format: <key1>[,<key2>,…​<keyn>], where each key is some random string. A user who triggers the profiling via the REST API has to set one of these keys in the headers of the REST API call to include profiling results of this node for this particular project. Both "enabled" flag and "hmac_keys" config options should be set to enable profiling. Also, to generate correct profiling information across all services at least one key needs to be consistent between OpenStack projects. This ensures it can be used from client side to generate the trace, containing information from all possible resources.

sentinel_service_name = mymaster

(String) Redissentinel uses a service name to identify a master redis service. This parameter defines the name (for example: sentinal_service_name=mymaster).

socket_timeout = 0.1

(Floating point) Redissentinel provides a timeout option on the connections. This parameter defines that timeout (for example: socket_timeout=0.1).

trace_sqlalchemy = False

(Boolean) Enables SQL requests profiling in services. Default value is False (SQL requests won’t be traced). Possible values:

  • True: Enables SQL requests profiling. Each SQL query will be part of the trace and can the be analyzed by how much time was spent for that.
  • False: Disables SQL requests profiling. The spent time is only shown on a higher level of operations. Single SQL queries cannot be analyzed this way.

Table 3.44. Description of Pure Storage driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

pure_api_token = None

(String) REST API authorization token.

pure_automatic_max_oversubscription_ratio = True

(Boolean) Automatically determine an oversubscription ratio based on the current total data reduction values. If used this calculated value will override the max_over_subscription_ratio config option.

pure_eradicate_on_delete = False

(Boolean) When enabled, all Pure volumes, snapshots, and protection groups will be eradicated at the time of deletion in Cinder. Data will NOT be recoverable after a delete with this set to True! When disabled, volumes and snapshots will go into pending eradication state and can be recovered.

pure_replica_interval_default = 900

(Integer) Snapshot replication interval in seconds.

pure_replica_retention_long_term_default = 7

(Integer) Retain snapshots per day on target for this time (in days.)

pure_replica_retention_long_term_per_day_default = 3

(Integer) Retain how many snapshots for each day.

pure_replica_retention_short_term_default = 14400

(Integer) Retain all snapshots on target for this time (in seconds.)

Table 3.45. Description of Quobyte USP volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

quobyte_client_cfg = None

(String) Path to a Quobyte Client configuration file.

quobyte_mount_point_base = $state_path/mnt

(String) Base dir containing the mount point for the Quobyte volume.

quobyte_qcow2_volumes = True

(Boolean) Create volumes as QCOW2 files rather than raw files.

quobyte_sparsed_volumes = True

(Boolean) Create volumes as sparse files which take no space. If set to False, volume is created as regular file.In such case volume creation takes a lot of time.

quobyte_volume_url = None

(URI) URL to the Quobyte volume e.g., quobyte://<DIR host>/<volume name>

Table 3.46. Description of quota configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

max_age = 0

(Integer) Number of seconds between subsequent usage refreshes

quota_backup_gigabytes = 1000

(Integer) Total amount of storage, in gigabytes, allowed for backups per project

quota_backups = 10

(Integer) Number of volume backups allowed per project

quota_consistencygroups = 10

(Integer) Number of consistencygroups allowed per project

quota_driver = cinder.quota.DbQuotaDriver

(String) Default driver to use for quota checks

quota_gigabytes = 1000

(Integer) Total amount of storage, in gigabytes, allowed for volumes and snapshots per project

quota_groups = 10

(Integer) Number of groups allowed per project

quota_snapshots = 10

(Integer) Number of volume snapshots allowed per project

quota_volumes = 10

(Integer) Number of volumes allowed per project

reservation_expire = 86400

(Integer) Number of seconds until a reservation expires

use_default_quota_class = True

(Boolean) Enables or disables use of default quota class with default quota.

Table 3.47. Description of Redis configuration options

Configuration option = Default valueDescription

[matchmaker_redis]

 

check_timeout = 20000

(Integer) Time in ms to wait before the transaction is killed.

host = 127.0.0.1

(String) DEPRECATED: Host to locate redis. Replaced by [DEFAULT]/transport_url

password =

(String) DEPRECATED: Password for Redis server (optional). Replaced by [DEFAULT]/transport_url

port = 6379

(Port number) DEPRECATED: Use this port to connect to redis host. Replaced by [DEFAULT]/transport_url

sentinel_group_name = oslo-messaging-zeromq

(String) Redis replica set name.

sentinel_hosts =

(List) DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g., [host:port, host1:port …​ ] Replaced by [DEFAULT]/transport_url

socket_timeout = 10000

(Integer) Timeout in ms on blocking socket operations.

wait_timeout = 2000

(Integer) Time in ms to wait between connection attempts.

Table 3.48. Description of SAN configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

san_clustername =

(String) Cluster name to use for creating volumes

san_ip =

(String) IP address of SAN controller

san_is_local = False

(Boolean) Execute commands locally instead of over SSH; use if the volume service is running on the SAN device

san_login = admin

(String) Username for SAN controller

san_password =

(String) Password for SAN controller

san_private_key =

(String) Filename of private key to use for SSH authentication

san_ssh_port = 22

(Port number) SSH port to use with SAN

san_thin_provision = True

(Boolean) Use thin provisioning for SAN volumes?

ssh_conn_timeout = 30

(Integer) SSH connection timeout in seconds

ssh_max_pool_conn = 5

(Integer) Maximum ssh connections in the pool

ssh_min_pool_conn = 1

(Integer) Minimum ssh connections in the pool

Table 3.49. Description of Scality SOFS volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

scality_sofs_config = None

(String) Path or URL to Scality SOFS configuration file

scality_sofs_mount_point = $state_path/scality

(String) Base dir where Scality SOFS shall be mounted

scality_sofs_volume_dir = cinder/volumes

(String) Path from Scality SOFS root to volume dir

Table 3.50. Description of scheduler configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

filter_function = None

(String) String representation for an equation that will be used to filter hosts. Only used when the driver filter is set to be used by the Cinder scheduler.

goodness_function = None

(String) String representation for an equation that will be used to determine the goodness of a host. Only used when using the goodness weigher is set to be used by the Cinder scheduler.

scheduler_default_filters = AvailabilityZoneFilter, CapacityFilter, CapabilitiesFilter

(List) Which filter class names to use for filtering hosts when not specified in the request.

scheduler_default_weighers = CapacityWeigher

(List) Which weigher class names to use for weighing hosts.

scheduler_driver = cinder.scheduler.filter_scheduler.FilterScheduler

(String) Default scheduler driver to use

scheduler_host_manager = cinder.scheduler.host_manager.HostManager

(String) The scheduler host manager class to use

scheduler_json_config_location =

(String) Absolute path to scheduler configuration JSON file.

scheduler_manager = cinder.scheduler.manager.SchedulerManager

(String) Full class name for the Manager for scheduler

scheduler_max_attempts = 3

(Integer) Maximum number of attempts to schedule a volume

scheduler_weight_handler = cinder.scheduler.weights.OrderedHostWeightHandler

(String) Which handler to use for selecting the host/pool after weighing

Table 3.51. Description of SCST volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

scst_target_driver = iscsi

(String) SCST target implementation can choose from multiple SCST target drivers.

scst_target_iqn_name = None

(String) Certain ISCSI targets have predefined target names, SCST target driver uses this name.

Table 3.52. Description of Sheepdog driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

sheepdog_store_address = 127.0.0.1

(String) IP address of sheep daemon.

sheepdog_store_port = 7000

(Port number) Port of sheep daemon.

Table 3.53. Description of Samba volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

smbfs_allocation_info_file_path = $state_path/allocation_data

(String) The path of the automatically generated file containing information about volume disk space allocation.

smbfs_default_volume_format = qcow2

(String) Default format that will be used when creating volumes if no volume format is specified.

smbfs_mount_options = noperm,file_mode=0775,dir_mode=0775

(String) Mount options passed to the smbfs client. See mount.cifs man page for details.

smbfs_mount_point_base = $state_path/mnt

(String) Base dir containing mount points for smbfs shares.

smbfs_oversub_ratio = 1.0

(Floating point) This will compare the allocated to available space on the volume destination. If the ratio exceeds this number, the destination will no longer be valid.

smbfs_shares_config = /etc/cinder/smbfs_shares

(String) File with the list of available smbfs shares.

smbfs_sparsed_volumes = True

(Boolean) Create volumes as sparsed files which take no space rather than regular files when using raw format, in which case volume creation takes lot of time.

smbfs_used_ratio = 0.95

(Floating point) Percent of ACTUAL usage of the underlying volume before no new volumes can be allocated to the volume destination.

Table 3.54. Description of SolidFire driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

sf_account_prefix = None

(String) Create SolidFire accounts with this prefix. Any string can be used here, but the string "hostname" is special and will create a prefix using the cinder node hostname (previous default behavior). The default is NO prefix.

sf_allow_template_caching = True

(Boolean) Create an internal cache of copy of images when a bootable volume is created to eliminate fetch from glance and qemu-conversion on subsequent calls.

sf_allow_tenant_qos = False

(Boolean) Allow tenants to specify QOS on create

sf_api_port = 443

(Port number) SolidFire API port. Useful if the device api is behind a proxy on a different port.

sf_emulate_512 = True

(Boolean) Set 512 byte emulation on volume creation;

sf_enable_vag = False

(Boolean) Utilize volume access groups on a per-tenant basis.

sf_enable_volume_mapping = True

(Boolean) Create an internal mapping of volume IDs and account. Optimizes lookups and performance at the expense of memory, very large deployments may want to consider setting to False.

sf_svip = None

(String) Overrides default cluster SVIP with the one specified. This is required or deployments that have implemented the use of VLANs for iSCSI networks in their cloud.

sf_template_account_name = openstack-vtemplate

(String) Account name on the SolidFire Cluster to use as owner of template/cache volumes (created if does not exist).

sf_volume_prefix = UUID-

(String) Create SolidFire volumes with this prefix. Volume names are of the form <sf_volume_prefix><cinder-volume-id>. The default is to use a prefix of 'UUID-'.

Table 3.55. Description of Ceph storage configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

rados_connect_timeout = -1

(Integer) Timeout value (in seconds) used when connecting to ceph cluster. If value < 0, no timeout is set and default librados value is used.

rados_connection_interval = 5

(Integer) Interval value (in seconds) between connection retries to ceph cluster.

rados_connection_retries = 3

(Integer) Number of retries if connection to ceph cluster failed.

rbd_ceph_conf =

(String) Path to the ceph configuration file

rbd_cluster_name = ceph

(String) The name of ceph cluster

rbd_flatten_volume_from_snapshot = False

(Boolean) Flatten volumes created from snapshots to remove dependency from volume to snapshot

rbd_max_clone_depth = 5

(Integer) Maximum number of nested volume clones that are taken before a flatten occurs. Set to 0 to disable cloning.

rbd_pool = rbd

(String) The RADOS pool where rbd volumes are stored

rbd_secret_uuid = None

(String) The libvirt uuid of the secret for the rbd_user volumes

rbd_store_chunk_size = 4

(Integer) Volumes will be chunked into objects of this size (in megabytes).

rbd_user = None

(String) The RADOS client name for accessing rbd volumes - only set when using cephx authentication

replication_connect_timeout = 5

(Integer) Timeout value (in seconds) used when connecting to ceph cluster to do a demotion/promotion of volumes. If value < 0, no timeout is set and default librados value is used.

Table 3.56. Description of GPFS storage configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

gpfs_images_dir = None

(String) Specifies the path of the Image service repository in GPFS. Leave undefined if not storing images in GPFS.

gpfs_images_share_mode = None

(String) Specifies the type of image copy to be used. Set this when the Image service repository also uses GPFS so that image files can be transferred efficiently from the Image service to the Block Storage service. There are two valid values: "copy" specifies that a full copy of the image is made; "copy_on_write" specifies that copy-on-write optimization strategy is used and unmodified blocks of the image file are shared efficiently.

gpfs_max_clone_depth = 0

(Integer) Specifies an upper limit on the number of indirections required to reach a specific block due to snapshots or clones. A lengthy chain of copy-on-write snapshots or clones can have a negative impact on performance, but improves space utilization. 0 indicates unlimited clone depth.

gpfs_mount_point_base = None

(String) Specifies the path of the GPFS directory where Block Storage volume and snapshot files are stored.

gpfs_sparse_volumes = True

(Boolean) Specifies that volumes are created as sparse files which initially consume no space. If set to False, the volume is created as a fully allocated file, in which case, creation may take a significantly longer time.

gpfs_storage_pool = system

(String) Specifies the storage pool that volumes are assigned to. By default, the system storage pool is used.

nas_host =

(String) IP address or Hostname of NAS system.

nas_login = admin

(String) User name to connect to NAS system.

nas_password =

(String) Password to connect to NAS system.

nas_private_key =

(String) Filename of private key to use for SSH authentication.

nas_ssh_port = 22

(Port number) SSH port to use to connect to NAS system.

Table 3.57. Description of NFS storage configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

nfs_mount_attempts = 3

(Integer) The number of attempts to mount NFS shares before raising an error. At least one attempt will be made to mount an NFS share, regardless of the value specified.

nfs_mount_options = None

(String) Mount options passed to the NFS client. See section of the NFS man page for details.

nfs_mount_point_base = $state_path/mnt

(String) Base dir containing mount points for NFS shares.

nfs_qcow2_volumes = False

(Boolean) Create volumes as QCOW2 files rather than raw files.

nfs_shares_config = /etc/cinder/nfs_shares

(String) File with the list of available NFS shares.

nfs_snapshot_support = False

(Boolean) Enable support for snapshots on the NFS driver. Platforms using libvirt <1.2.7 will encounter issues with this feature.

nfs_sparsed_volumes = True

(Boolean) Create volumes as sparsed files which take no space. If set to False volume is created as regular file. In such case volume creation takes a lot of time.

Table 3.58. Description of storage configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

allocated_capacity_weight_multiplier = -1.0

(Floating point) Multiplier used for weighing allocated capacity. Positive numbers mean to stack vs spread.

capacity_weight_multiplier = 1.0

(Floating point) Multiplier used for weighing free capacity. Negative numbers mean to stack vs spread.

enabled_backends = None

(List) A list of backend names to use. These backend names should be backed by a unique [CONFIG] group with its options

iscsi_helper = tgtadm

(String) iSCSI target user-land tool to use. tgtadm is default, use lioadm for LIO iSCSI support, scstadmin for SCST target support, ietadm for iSCSI Enterprise Target, iscsictl for Chelsio iSCSI Target or fake for testing.

iscsi_iotype = fileio

(String) Sets the behavior of the iSCSI target to either perform blockio or fileio optionally, auto can be set and Cinder will autodetect type of backing device

iscsi_ip_address = $my_ip

(String) The IP address that the iSCSI daemon is listening on

iscsi_port = 3260

(Port number) The port that the iSCSI daemon is listening on

iscsi_protocol = iscsi

(String) Determines the iSCSI protocol for new iSCSI volumes, created with tgtadm or lioadm target helpers. In order to enable RDMA, this parameter should be set with the value "iser". The supported iSCSI protocol values are "iscsi" and "iser".

iscsi_target_flags =

(String) Sets the target-specific flags for the iSCSI target. Only used for tgtadm to specify backing device flags using bsoflags option. The specified string is passed as is to the underlying tool.

iscsi_target_prefix = iqn.2010-10.org.openstack:

(String) Prefix for iSCSI volumes

iscsi_write_cache = on

(String) Sets the behavior of the iSCSI target to either perform write-back(on) or write-through(off). This parameter is valid if iscsi_helper is set to tgtadm.

iser_helper = tgtadm

(String) The name of the iSER target user-land tool to use

iser_ip_address = $my_ip

(String) The IP address that the iSER daemon is listening on

iser_port = 3260

(Port number) The port that the iSER daemon is listening on

iser_target_prefix = iqn.2010-10.org.openstack:

(String) Prefix for iSER volumes

migration_create_volume_timeout_secs = 300

(Integer) Timeout for creating the volume to migrate to when performing volume migration (seconds)

num_iser_scan_tries = 3

(Integer) The maximum number of times to rescan iSER targetto find volume

num_volume_device_scan_tries = 3

(Integer) The maximum number of times to rescan targets to find volume

volume_backend_name = None

(String) The backend name for a given driver implementation

volume_clear = zero

(String) Method used to wipe old volumes

volume_clear_ionice = None

(String) The flag to pass to ionice to alter the i/o priority of the process used to zero a volume after deletion, for example "-c3" for idle only priority.

volume_clear_size = 0

(Integer) Size in MiB to wipe at start of old volumes. 1024 MiBat max. 0 ⇒ all

volume_copy_blkio_cgroup_name = cinder-volume-copy

(String) The blkio cgroup name to be used to limit bandwidth of volume copy

volume_copy_bps_limit = 0

(Integer) The upper limit of bandwidth of volume copy. 0 ⇒ unlimited

volume_dd_blocksize = 1M

(String) The default block size used when copying/clearing volumes

volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver

(String) Driver to use for volume creation

volume_manager = cinder.volume.manager.VolumeManager

(String) Full class name for the Manager for volume

volume_service_inithost_offload = False

(Boolean) Offload pending volume delete during volume service startup

volume_usage_audit_period = month

(String) Time period for which to generate volume usages. The options are hour, day, month, or year.

volumes_dir = $state_path/volumes

(String) Volume configuration file storage directory

Table 3.59. Description of IBM Storwise driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

san_ip =

(String) IP address of SAN controller

san_login = admin

(String) Username for SAN controller

san_password =

(String) Password for SAN controller

san_private_key =

(String) Filename of private key to use for SSH authentication

san_ssh_port = 22

(Port number) SSH port to use with SAN

storwize_san_secondary_ip = None

(String) Specifies secondary management IP or hostname to be used if san_ip is invalid or becomes inaccessible.

storwize_svc_allow_tenant_qos = False

(Boolean) Allow tenants to specify QOS on create

storwize_svc_flashcopy_rate = 50

(Integer) Specifies the Storwize FlashCopy copy rate to be used when creating a full volume copy. The default is rate is 50, and the valid rates are 1-100.

storwize_svc_flashcopy_timeout = 120

(Integer) Maximum number of seconds to wait for FlashCopy to be prepared.

storwize_svc_iscsi_chap_enabled = True

(Boolean) Configure CHAP authentication for iSCSI connections (Default: Enabled)

storwize_svc_multihostmap_enabled = True

(Boolean) DEPRECATED: This option no longer has any affect. It is deprecated and will be removed in the next release.

storwize_svc_multipath_enabled = False

(Boolean) Connect with multipath (FC only; iSCSI multipath is controlled by Nova)

storwize_svc_stretched_cluster_partner = None

(String) If operating in stretched cluster mode, specify the name of the pool in which mirrored copies are stored.Example: "pool2"

storwize_svc_vol_autoexpand = True

(Boolean) Storage system autoexpand parameter for volumes (True/False)

storwize_svc_vol_compression = False

(Boolean) Storage system compression option for volumes

storwize_svc_vol_easytier = True

(Boolean) Enable Easy Tier for volumes

storwize_svc_vol_grainsize = 256

(Integer) Storage system grain size parameter for volumes (32/64/128/256)

storwize_svc_vol_iogrp = 0

(Integer) The I/O group in which to allocate volumes

storwize_svc_vol_nofmtdisk = False

(Boolean) Specifies that the volume not be formatted during creation.

storwize_svc_vol_rsize = 2

(Integer) Storage system space-efficiency parameter for volumes (percentage)

storwize_svc_vol_warning = 0

(Integer) Storage system threshold for volume capacity warnings (percentage)

storwize_svc_volpool_name = volpool

(List) Comma separated list of storage system storage pools for volumes.

Table 3.60. Description of swift configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

backup_swift_auth_insecure = False

(Boolean) Bypass verification of server certificate when making SSL connection to Swift.

backup_swift_auth_url = None

(URI) The URL of the Keystone endpoint

Table 3.61. Description of Tintri volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

tintri_api_version = v310

(String) API version for the storage system

tintri_image_cache_expiry_days = 30

(Integer) Delete unused image snapshots older than mentioned days

tintri_image_shares_config = None

(String) Path to image nfs shares file

tintri_server_hostname = None

(String) The hostname (or IP address) for the storage system

tintri_server_password = None

(String) Password for the storage system

tintri_server_username = None

(String) User name for the storage system

Table 3.62. Description of Violin volume driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

violin_dedup_capable_pools =

(List) Storage pools capable of dedup and other luns.(Comma separated list)

violin_dedup_only_pools =

(List) Storage pools to be used to setup dedup luns only.(Comma separated list)

violin_iscsi_target_ips =

(List) Target iSCSI addresses to use.(Comma separated list)

violin_pool_allocation_method = random

(String) Method of choosing a storage pool for a lun.

violin_request_timeout = 300

(Integer) Global backend request timeout, in seconds.

Table 3.63. Description of Windows configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

windows_iscsi_lun_path = C:\iSCSIVirtualDisks

(String) Path to store VHD backed volumes

Table 3.64. Description of ZFS Storage Appliance NFS driver configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

zfssa_cache_directory = os-cinder-cache

(String) Name of directory inside zfssa_nfs_share where cache volumes are stored.

zfssa_cache_project = os-cinder-cache

(String) Name of ZFSSA project where cache volumes are stored.

zfssa_data_ip = None

(String) Data path IP address

zfssa_enable_local_cache = True

(Boolean) Flag to enable local caching: True, False.

zfssa_https_port = 443

(String) HTTPS port number

zfssa_manage_policy = loose

(String) Driver policy for volume manage.

zfssa_nfs_mount_options =

(String) Options to be passed while mounting share over nfs

zfssa_nfs_pool =

(String) Storage pool name.

zfssa_nfs_project = NFSProject

(String) Project name.

zfssa_nfs_share = nfs_share

(String) Share name.

zfssa_nfs_share_compression = off

(String) Data compression.

zfssa_nfs_share_logbias = latency

(String) Synchronous write bias-latency, throughput.

zfssa_rest_timeout = None

(Integer) REST connection timeout. (seconds)

Table 3.65. Description of zones configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

cloned_volume_same_az = True

(Boolean) Ensure that the new volumes are the same AZ as snapshot or source volume

Table 3.66. Description of brocade zoning fabrics configuration options

Configuration option = Default valueDescription

[BRCD_FABRIC_EXAMPLE]

 

fc_fabric_address =

(String) Management IP of fabric.

fc_fabric_password =

(String) Password for user.

fc_fabric_port = 22

(Port number) Connecting port

fc_fabric_ssh_cert_path =

(String) Local SSH certificate Path.

fc_fabric_user =

(String) Fabric user ID.

fc_southbound_protocol = HTTP

(String) South bound connector for the fabric.

fc_virtual_fabric_id = None

(String) Virtual Fabric ID.

principal_switch_wwn = None

(String) DEPRECATED: Principal switch WWN of the fabric. This option is not used anymore.

zone_activate = True

(Boolean) Overridden zoning activation state.

zone_name_prefix = openstack

(String) Overridden zone name prefix.

zoning_policy = initiator-target

(String) Overridden zoning policy.

Table 3.67. Description of cisco zoning fabrics configuration options

Configuration option = Default valueDescription

[CISCO_FABRIC_EXAMPLE]

 

cisco_fc_fabric_address =

(String) Management IP of fabric

cisco_fc_fabric_password =

(String) Password for user

cisco_fc_fabric_port = 22

(Port number) Connecting port

cisco_fc_fabric_user =

(String) Fabric user ID

cisco_zone_activate = True

(Boolean) overridden zoning activation state

cisco_zone_name_prefix = None

(String) overridden zone name prefix

cisco_zoning_policy = initiator-target

(String) overridden zoning policy

cisco_zoning_vsan = None

(String) VSAN of the Fabric

Table 3.68. Description of brocade zoning manager configuration options

Configuration option = Default valueDescription

[fc-zone-manager]

 

brcd_sb_connector = HTTP

(String) South bound connector for zoning operation

Table 3.69. Description of cisco zoning manager configuration options

Configuration option = Default valueDescription

[fc-zone-manager]

 

cisco_sb_connector = cinder.zonemanager.drivers.cisco.cisco_fc_zone_client_cli.CiscoFCZoneClientCLI

(String) Southbound connector for zoning operation

Table 3.70. Description of zoning configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

zoning_mode = None

(String) FC Zoning mode configured

[fc-zone-manager]

 

enable_unsupported_driver = False

(Boolean) Set this to True when you want to allow an unsupported zone manager driver to start. Drivers that haven’t maintained a working CI system and testing are marked as unsupported until CI is working again. This also marks a driver as deprecated and may be removed in the next release.

fc_fabric_names = None

(String) Comma separated list of Fibre Channel fabric names. This list of names is used to retrieve other SAN credentials for connecting to each SAN fabric

fc_san_lookup_service = cinder.zonemanager.drivers.brocade.brcd_fc_san_lookup_service.BrcdFCSanLookupService

(String) FC SAN Lookup Service

zone_driver = cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver.BrcdFCZoneDriver

(String) FC Zone Driver responsible for zone management

zoning_policy = initiator-target

(String) Zoning policy configured by user; valid values include "initiator-target" or "initiator"

3.1.2. New, updated, and deprecated options in Ocata for Block Storage

Table 3.71. New options

Option = default value(Type) Help string

[DEFAULT] auto_calc_max_oversubscription_ratio = False

(BoolOpt) K2 driver will calculate max_oversubscription_ratio on setting this option as True.

[DEFAULT] ds8k_devadd_unitadd_mapping =

(StrOpt) Mapping between IODevice address and unit address.

[DEFAULT] ds8k_host_type = auto

(StrOpt) Set to zLinux if your OpenStack version is prior to Liberty and you’re connecting to zLinux systems. Otherwise set to auto. Valid values for this parameter are: 'auto', 'AMDLinuxRHEL', 'AMDLinuxSuse', 'AppleOSX', 'Fujitsu', 'Hp', 'HpTru64', 'HpVms', 'LinuxDT', 'LinuxRF', 'LinuxRHEL', 'LinuxSuse', 'Novell', 'SGI', 'SVC', 'SanFsAIX', 'SanFsLinux', 'Sun', 'VMWare', 'Win2000', 'Win2003', 'Win2008', 'Win2012', 'iLinux', 'nSeries', 'pLinux', 'pSeries', 'pSeriesPowerswap', 'zLinux', 'iSeries'.

[DEFAULT] ds8k_ssid_prefix = FF

(StrOpt) Set the first two digits of SSID

[DEFAULT] fss_san_secondary_ip =

(StrOpt) Specifies FSS secondary management IP to be used if san_ip is invalid or becomes inaccessible.

[DEFAULT] hnas_svc0_pool_name = None

(StrOpt) Service 0 pool name

[DEFAULT] hnas_svc1_pool_name = None

(StrOpt) Service 1 pool name

[DEFAULT] hnas_svc2_pool_name = None

(StrOpt) Service 2 pool name

[DEFAULT] hnas_svc3_pool_name = None

(StrOpt) Service 3 pool name:

[DEFAULT] infinidat_pool_name = None

(StrOpt) Name of the pool from which volumes are allocated

[DEFAULT] multi_pool_support = False

(StrOpt) Use this value to specify multi-pool support for VMAX3

[DEFAULT] nec_actual_free_capacity = False

(BoolOpt) Return actual free capacity.

[DEFAULT] nec_backend_max_ld_count = 1024

(IntOpt) Maximum number of managing sessions.

[DEFAULT] nec_backup_ldname_format = LX:%s

(StrOpt) M-Series Storage LD name format for snapshots.

[DEFAULT] nec_backup_pools =

(ListOpt) M-Series Storage backup pool number to be used.

[DEFAULT] nec_diskarray_name =

(StrOpt) Diskarray name of M-Series Storage.

[DEFAULT] nec_iscsi_portals_per_cont = 1

(IntOpt) Number of iSCSI portals.

[DEFAULT] nec_ismcli_fip = None

(IPOpt) FIP address of M-Series Storage iSMCLI.

[DEFAULT] nec_ismcli_password =

(StrOpt) Password for M-Series Storage iSMCLI.

[DEFAULT] nec_ismcli_privkey =

(StrOpt) Filename of RSA private key for M-Series Storage iSMCLI.

[DEFAULT] nec_ismcli_user =

(StrOpt) User name for M-Series Storage iSMCLI.

[DEFAULT] nec_ismview_alloptimize = False

(BoolOpt) Use legacy iSMCLI command with optimization.

[DEFAULT] nec_ismview_dir = /tmp/nec/cinder

(StrOpt) Output path of iSMview file.

[DEFAULT] nec_ldname_format = LX:%s

(StrOpt) M-Series Storage LD name format for volumes.

[DEFAULT] nec_ldset =

(StrOpt) M-Series Storage LD Set name for Compute Node.

[DEFAULT] nec_ldset_for_controller_node =

(StrOpt) M-Series Storage LD Set name for Controller Node.

[DEFAULT] nec_pools =

(ListOpt) M-Series Storage pool numbers list to be used.

[DEFAULT] nec_queryconfig_view = False

(BoolOpt) Use legacy iSMCLI command.

[DEFAULT] nec_ssh_pool_port_number = 22

(IntOpt) Port number of ssh pool.

[DEFAULT] nec_unpairthread_timeout = 3600

(IntOpt) Timeout value of Unpairthread.

[DEFAULT] nfs_qcow2_volumes = False

(BoolOpt) Create volumes as QCOW2 files rather than raw files.

[DEFAULT] nfs_snapshot_support = False

(BoolOpt) Enable support for snapshots on the NFS driver. Platforms using libvirt <1.2.7 will encounter issues with this feature.

[DEFAULT] nova_api_insecure = False

(BoolOpt) Allow to perform insecure SSL requests to nova

[DEFAULT] nova_ca_certificates_file = None

(StrOpt) Location of ca certificates file to use for nova client requests.

[DEFAULT] nova_catalog_admin_info = compute:Compute Service:adminURL

(StrOpt) Same as nova_catalog_info, but for admin endpoint.

[DEFAULT] nova_catalog_info = compute:Compute Service:publicURL

(StrOpt) Match this value when searching for nova in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type>

[DEFAULT] nova_endpoint_admin_template = None

(StrOpt) Same as nova_endpoint_template, but for admin endpoint.

[DEFAULT] nova_endpoint_template = None

(StrOpt) Override service catalog lookup with template for nova endpoint e.g. http://localhost:8774/v2/%(project_id)s

[DEFAULT] os_region_name = None

(StrOpt) Region name of this node

[DEFAULT] replication_connect_timeout = 5

(IntOpt) Timeout value (in seconds) used when connecting to ceph cluster to do a demotion/promotion of volumes. If value < 0, no timeout is set and default librados value is used.

[DEFAULT] rest_ip = None

(IPOpt) The IP address of the REST server

[DEFAULT] unity_io_ports = None

(ListOpt) A comma-separated list of iSCSI or FC ports to be used. Each port can be Unix-style glob expressions.

[DEFAULT] unity_storage_pool_names = None

(ListOpt) A comma-separated list of storage pool names to be used.

[DEFAULT] vmware_connection_pool_size = 10

(IntOpt) Maximum number of connections in http connection pool.

[DEFAULT] vsp_async_copy_check_interval = 10

(IntOpt) Interval in seconds at which volume pair synchronization status is checked when volume pairs are deleted.

[DEFAULT] vsp_auth_password = None

(StrOpt) Password corresponding to vsp_auth_user.

[DEFAULT] vsp_auth_user = None

(StrOpt) Name of the user used for CHAP authentication performed in communication between hosts and iSCSI targets on the storage ports.

[DEFAULT] vsp_compute_target_ports = None

(ListOpt) IDs of the storage ports used to attach volumes to compute nodes. To specify multiple ports, connect them by commas (e.g. CL1-A,CL2-A).

[DEFAULT] vsp_copy_check_interval = 3

(IntOpt) Interval in seconds at which volume pair synchronization status is checked when volume pairs are created.

[DEFAULT] vsp_copy_speed = 3

(IntOpt) Speed at which data is copied by Shadow Image. 1 or 2 indicates low speed, 3 indicates middle speed, and a value between 4 and 15 indicates high speed.

[DEFAULT] vsp_default_copy_method = FULL

(StrOpt) Method of volume copy. FULL indicates full data copy by Shadow Image and THIN indicates differential data copy by Thin Image.

[DEFAULT] vsp_group_request = False

(BoolOpt) If True, the driver will create host groups or iSCSI targets on storage ports as needed.

[DEFAULT] vsp_horcm_add_conf = True

(BoolOpt) If True, the driver will create or update the Command Control Interface configuration file as needed.

[DEFAULT] vsp_horcm_numbers = 200, 201

(ListOpt) Command Control Interface instance numbers in the format of 'xxx,yyy'. The second one is for Shadow Image operation and the first one is for other purposes.

[DEFAULT] vsp_horcm_pair_target_ports = None

(ListOpt) IDs of the storage ports used to copy volumes by Shadow Image or Thin Image. To specify multiple ports, connect them by commas (e.g. CL1-A,CL2-A).

[DEFAULT] vsp_horcm_password = None

(StrOpt) Password corresponding to vsp_horcm_user.

[DEFAULT] vsp_horcm_user = None

(StrOpt) Name of the user on the storage system.

[DEFAULT] vsp_ldev_range = None

(StrOpt) Range of the LDEV numbers in the format of 'xxxx-yyyy' that can be used by the driver. Values can be in decimal format (e.g. 1000) or in colon-separated hexadecimal format (e.g. 00:03:E8).

[DEFAULT] vsp_pool = None

(StrOpt) Pool number or pool name of the DP pool.

[DEFAULT] vsp_storage_id = None

(StrOpt) Product number of the storage system.

[DEFAULT] vsp_target_ports = None

(ListOpt) IDs of the storage ports used to attach volumes to the controller node. To specify multiple ports, connect them by commas (e.g. CL1-A,CL2-A).

[DEFAULT] vsp_thin_pool = None

(StrOpt) Pool number or pool name of the Thin Image pool.

[DEFAULT] vsp_use_chap_auth = False

(BoolOpt) If True, CHAP authentication will be applied to communication between hosts and any of the iSCSI targets on the storage ports.

[DEFAULT] vsp_zoning_request = False

(BoolOpt) If True, the driver will configure FC zoning between the server and the storage system provided that FC zoning manager is enabled.

Table 3.72. New default values

OptionPrevious default valueNew default value

[DEFAULT] enable_v1_api

True

False

[DEFAULT] proxy

storage.proxy.IBMStorageProxy

cinder.volume.drivers.ibm.ibm_storage.proxy.IBMStorageProxy

Table 3.73. Deprecated options

Deprecated optionNew Option

[DEFAULT] enable_v1_api

None

[DEFAULT] enable_v2_api

None

[DEFAULT] hnas_svc0_volume_type

[DEFAULT] hnas_svc0_pool_name

[DEFAULT] hnas_svc1_volume_type

[DEFAULT] hnas_svc1_pool_name

[DEFAULT] hnas_svc2_volume_type

[DEFAULT] hnas_svc2_pool_name

[DEFAULT] hnas_svc3_volume_type

[DEFAULT] hnas_svc3_pool_name

[DEFAULT] host

[DEFAULT] backend_host

[DEFAULT] osapi_max_request_body_size

[oslo_middleware] max_request_body_size

[DEFAULT] rpc_thread_pool_size

[DEFAULT] executor_thread_pool_size

[DEFAULT] use_syslog

None

Chapter 4. Compute

The OpenStack Compute service is a cloud computing fabric controller, which is the main part of an IaaS system. You can use OpenStack Compute to host and manage cloud computing systems.

4.1. Compute Configuration Options

Note

The common configurations for shared services and libraries, such as database connections and RPC messaging, are described at Common configurations.

This section describes the OpenStack Compute configuration options.

To configure your Compute installation, you must define configuration options in these files:

  • nova.conf. Contains most of the Compute configuration options. Resides in the /etc/nova/ directory.
  • api-paste.ini. Defines Compute limits. Resides in the /etc/nova/ directory.
  • Related Image service and Identity service management configuration files.
Ephemeral Storage Discrepancy with Ceph

When using Red Hat Ceph as a back end for ephemeral storage, the Compute service does not calculate the amount of available storage correctly. Specifically, Compute simply adds up the amount of available storage without factoring in replication. This results in grossly overstated available storage, which in turn could cause unexpected storage oversubscription.

To determine the correct ephemeral storage capacity, query the Ceph service directly instead. For more information, see BZ#1236473.

4.1.1. Description of Configuration Options

The following tables provide a comprehensive list of the Compute configuration options.

Table 4.1. Description of api_database configuration options

Configuration option = Default valueDescription

max_retries = 10

(Integer) No help text available for this option.

max_pool_size = None

(Integer) No help text available for this option.

max_overflow = None

(Integer) No help text available for this option.

slave_connection = None

(String) No help text available for this option.

idle_timeout = 3600

(Integer) No help text available for this option.

retry_interval = 10

(Integer) No help text available for this option.

connection = None

(String) No help text available for this option.

pool_timeout = None

(Integer) No help text available for this option.

mysql_sql_mode = TRADITIONAL

(String) No help text available for this option.

connection_debug = 0

(Integer) No help text available for this option.

connection_trace = False

(Boolean) No help text available for this option.

sqlite_synchronous = True

(Boolean) No help text available for this option.

Table 4.2. Description of api configuration options

Configuration option = Default valueDescription

max_limit = 1000

(Integer) As a query can potentially return many thousands of items, you can limit the maximum number of items in a single response by setting this option.

vendordata_dynamic_read_timeout = 5

(Integer) Maximum wait time for an external REST service to return data once connected.

Possible values:

* Any integer. Note that instance start is blocked during this wait time, so this value should be kept small.

Related options:

* vendordata_providers

* vendordata_dynamic_targets

* vendordata_dynamic_ssl_certfile

* vendordata_dynamic_connect_timeout

* vendordata_dynamic_failure_fatal

vendordata_dynamic_ssl_certfile =

(String) Path to an optional certificate file or CA bundle to verify dynamic vendordata REST services ssl certificates against.

Possible values:

* An empty string, or a path to a valid certificate file

Related options:

* vendordata_providers

* vendordata_dynamic_targets

* vendordata_dynamic_connect_timeout

* vendordata_dynamic_read_timeout

* vendordata_dynamic_failure_fatal

neutron_default_tenant_id = default

(String) Tenant ID for getting the default network from Neutron API (also referred in some places as the 'project ID') to use.

Related options:

* use_neutron_default_nets

config_drive_skip_versions = 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01

(String) When gathering the existing metadata for a config drive, the EC2-style metadata is returned for all versions that don’t appear in this option. As of the Liberty release, the available versions are:

* 1.0

* 2007-01-19

* 2007-03-01

* 2007-08-29

* 2007-10-10

* 2007-12-15

* 2008-02-01

* 2008-09-01

* 2009-04-04

The option is in the format of a single string, with each version separated by a space.

Possible values:

* Any string that represents zero or more versions, separated by spaces.

hide_server_address_states = building

(List) This option is a list of all instance states for which network address information should not be returned from the API.

Possible values:

A list of strings, where each string is a valid VM state, as defined in nova/compute/vm_states.py. As of the Newton release, they are:

* "active"

* "building"

* "paused"

* "suspended"

* "stopped"

* "rescued"

* "resized"

* "soft-delete"

* "deleted"

* "error"

* "shelved"

* "shelved_offloaded"

vendordata_dynamic_connect_timeout = 5

(Integer) Maximum wait time for an external REST service to connect.

Possible values:

* Any integer with a value greater than three (the TCP packet retransmission timeout). Note that instance start may be blocked during this wait time, so this value should be kept small.

Related options:

* vendordata_providers

* vendordata_dynamic_targets

* vendordata_dynamic_ssl_certfile

* vendordata_dynamic_read_timeout

* vendordata_dynamic_failure_fatal

fping_path = /usr/sbin/fping

(String) The full path to the fping binary.

allow_instance_snapshots = True

(Boolean) Operators can turn off the ability for a user to take snapshots of their instances by setting this option to False. When disabled, any attempt to take a snapshot will result in a HTTP 400 response ("Bad Request").

* Deprecated

This option disables the createImage server action API in a non-discoverable way and is thus a barrier to interoperability. Also, it is not used for other APIs that create snapshots like shelve or createBackup. Disabling snapshots should be done via policy if so desired.

compute_link_prefix = None

(String) This string is prepended to the normal URL that is returned in links to the OpenStack Compute API. If it is empty (the default), the URLs are returned unchanged.

Possible values:

* Any string, including an empty string (the default).

vendordata_jsonfile_path = None

(String) Cloud providers may store custom data in vendor data file that will then be available to the instances via the metadata service, and to the rendering of config-drive. The default class for this, JsonFileVendorData, loads this information from a JSON file, whose path is configured by this option. If there is no path set by this option, the class returns an empty dictionary.

Possible values:

* Any string representing the path to the data file, or an empty string (default).

glance_link_prefix = None

(String) This string is prepended to the normal URL that is returned in links to Glance resources. If it is empty (the default), the URLs are returned unchanged.

Possible values:

* Any string, including an empty string (the default).

enable_instance_password = True

(Boolean) Enables returning of the instance password by the relevant server API calls such as create, rebuild, evacuate, or rescue. If the hypervisor does not support password injection, then the password returned will not be correct, so if your hypervisor does not support password injection, set this to False.

vendordata_dynamic_targets =

(List) A list of targets for the dynamic vendordata provider. These targets are of the form <name>@<url>.

The dynamic vendordata provider collects metadata by contacting external REST services and querying them for information about the instance. This behaviour is documented in the vendordata.rst file in the nova developer reference.

use_forwarded_for = False

(Boolean) When True, the 'X-Forwarded-For' header is treated as the canonical remote address. When False (the default), the 'remote_address' header is used.

You should only enable this if you have an HTML sanitizing proxy.

use_neutron_default_nets = False

(Boolean) When True, the TenantNetworkController will query the Neutron API to get the default networks to use.

Related options:

* neutron_default_tenant_id

vendordata_dynamic_failure_fatal = False

(Boolean) Should failures to fetch dynamic vendordata be fatal to instance boot?

Related options:

* vendordata_providers

* vendordata_dynamic_targets

* vendordata_dynamic_ssl_certfile

* vendordata_dynamic_connect_timeout

* vendordata_dynamic_read_timeout

vendordata_providers =

(List) A list of vendordata providers.

vendordata providers are how deployers can provide metadata via configdrive and metadata that is specific to their deployment. There are currently two supported providers: StaticJSON and DynamicJSON.

StaticJSON reads a JSON file configured by the flag vendordata_jsonfile_path and places the JSON from that file into vendor_data.json and vendor_data2.json.

DynamicJSON is configured via the vendordata_dynamic_targets flag, which is documented separately. For each of the endpoints specified in that flag, a section is added to the vendor_data2.json.

For more information on the requirements for implementing a vendordata dynamic endpoint, please see the vendordata.rst file in the nova developer reference.

Possible values:

* A list of vendordata providers, with StaticJSON and DynamicJSON being current options.

Related options:

* vendordata_dynamic_targets

* vendordata_dynamic_ssl_certfile

* vendordata_dynamic_connect_timeout

* vendordata_dynamic_read_timeout

* vendordata_dynamic_failure_fatal

metadata_cache_expiration = 15

(Integer) This option is the time (in seconds) to cache metadata. When set to 0, metadata caching is disabled entirely; this is generally not recommended for performance reasons. Increasing this setting should improve response times of the metadata API when under heavy load. Higher values may increase memory usage, and result in longer times for host metadata changes to take effect.

auth_strategy = keystone

(String) This determines the strategy to use for authentication: keystone or noauth2. 'noauth2' is designed for testing only, as it does no actual credential checking. 'noauth2' provides administrative credentials only if 'admin' is specified as the username.

Table 4.3. Description of barbican configuration options

Configuration option = Default valueDescription

barbican_endpoint = None

(String) Use this endpoint to connect to Barbican, for example: "http://localhost:9311/"

number_of_retries = 60

(Integer) Number of times to retry poll for key creation completion

barbican_api_version = None

(String) Version of the Barbican API, for example: "v1"

verify_ssl = True

(Boolean) Specifies if insecure TLS (https) requests. If False, the server’s certificate will not be validated

retry_delay = 1

(Integer) Number of seconds to wait before retrying poll for key creation completion

auth_endpoint = http://localhost/identity/v3

(String) Use this endpoint to connect to Keystone

Table 4.4. Description of cache configuration options

Configuration option = Default valueDescription

config_prefix = cache.oslo

(String) Prefix for building the configuration dictionary for the cache region. This should not need to be changed unless there is another dogpile.cache region with the same configuration name.

backend_argument = []

(Multi-valued) Arguments supplied to the backend module. Specify this option once per argument to be passed to the dogpile.cache backend. Example format: "<argname>:<value>".

memcache_dead_retry = 300

(Integer) Number of seconds memcached server is considered dead before it is tried again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).

enabled = False

(Boolean) Global toggle for caching.

memcache_socket_timeout = 3

(Integer) Timeout in seconds for every call to a server. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).

memcache_servers = localhost:11211

(List) Memcache servers in the format of "host:port". (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).

memcache_pool_unused_timeout = 60

(Integer) Number of seconds a connection to memcached is held unused in the pool before it is closed. (oslo_cache.memcache_pool backend only).

debug_cache_backend = False

(Boolean) Extra debugging from the cache backend (cache keys, get/set/delete/etc calls). This is only really useful if you need to see the specific cache-backend get/set/delete calls with the keys/values. Typically this should be left set to false.

expiration_time = 600

(Integer) Default TTL, in seconds, for any cached item in the dogpile.cache region. This applies to any cached method that doesn’t have an explicit cache expiration time defined for it.

proxies =

(List) Proxy classes to import that will affect the way the dogpile.cache backend functions. See the dogpile.cache documentation on changing-backend-behavior.

memcache_pool_maxsize = 10

(Integer) Max total number of open connections to every memcached server. (oslo_cache.memcache_pool backend only).

memcache_pool_connection_get_timeout = 10

(Integer) Number of seconds that an operation will wait to get a memcache client connection.

backend = dogpile.cache.null

(String) Dogpile.cache backend module. It is recommended that Memcache or Redis (dogpile.cache.redis) be used in production deployments. For eventlet-based or highly threaded servers, Memcache with pooling (oslo_cache.memcache_pool) is recommended. For low thread servers, dogpile.cache.memcached is recommended. Test environments with a single instance of the server can use the dogpile.cache.memory backend.

Table 4.5. Description of cinder configuration options

Configuration option = Default valueDescription

certfile = None

(String) PEM encoded client certificate cert file

catalog_info = volumev3:cinderv3:publicURL

(String) Info to match when looking for cinder in the service catalog.

Possible values:

* Format is separated values of the form: <service_type>:<service_name>:<endpoint_type>

Note: Nova does not support the Cinder v1 API since the Nova 15.0.0 Ocata release.

Related options:

* endpoint_template - Setting this option will override catalog_info

cross_az_attach = True

(Boolean) Allow attach between instance and volume in different availability zones.

If False, volumes attached to an instance must be in the same availability zone in Cinder as the instance availability zone in Nova. This also means care should be taken when booting an instance from a volume where source is not "volume" because Nova will attempt to create a volume using the same availability zone as what is assigned to the instance. If that AZ is not in Cinder (or allow_availability_zone_fallback=False in cinder.conf), the volume create request will fail and the instance will fail the build request. By default there is no availability zone restriction on volume attach.

insecure = False

(Boolean) Verify HTTPS connections.

http_retries = 3

(Integer) Number of times cinderclient should retry on any failed http call. 0 means connection is attempted only once. Setting it to any positive integer means that on failure connection is retried that many times e.g. setting it to 3 means total attempts to connect will be 4.

Possible values:

* Any integer value. 0 means connection is attempted only once

endpoint_template = None

(String) If this option is set then it will override service catalog lookup with this template for cinder endpoint

Possible values:

* URL for cinder endpoint API e.g. http://localhost:8776/v2/%(project_id)s

Note: Nova does not support the Cinder v1 API since the Nova 15.0.0 Ocata release.

Related options:

* catalog_info - If endpoint_template is not set, catalog_info will be used.

timeout = None

(Integer) Timeout value for http requests

os_region_name = None

(String) Region name of this node. This is used when picking the URL in the service catalog.

Possible values:

* Any string representing region name

cafile = None

(String) PEM encoded Certificate Authority to use when verifying HTTPs connections.

keyfile = None

(String) PEM encoded client certificate key file

Table 4.6. Description of conductor configuration options

Configuration option = Default valueDescription

topic = conductor

(String) Topic exchange name on which conductor nodes listen.

* Deprecated

There is no need to let users choose the RPC topic for all services - there is little gain from this. Furthermore, it makes it really easy to break Nova by using this option.

workers = None

(Integer) Number of workers for OpenStack Conductor service. The default will be the number of CPUs available.

Table 4.7. Description of consoleauth configuration options

Configuration option = Default valueDescription

token_ttl = 600

(Integer) The lifetime of a console auth token.

A console auth token is used in authorizing console access for a user. Once the auth token time to live count has elapsed, the token is considered expired. Expired tokens are then deleted.

Table 4.8. Description of console configuration options

Configuration option = Default valueDescription

allowed_origins =

(List) Adds list of allowed origins to the console websocket proxy to allow connections from other origin hostnames. Websocket proxy matches the host header with the origin header to prevent cross-site requests. This list specifies if any there are values other than host are allowed in the origin header.

Possible values:

* A list where each element is an allowed origin hostnames, else an empty list

Table 4.9. Description of cors configuration options

Configuration option = Default valueDescription

allow_methods = OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, PATCH

(List) Indicate which methods can be used during the actual request.

allowed_origin = None

(List) Indicate whether this resource may be shared with the domain received in the requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing slash. Example: https://horizon.example.com

allow_headers =

(List) Indicate which header field names may be used during the actual request.

max_age = 3600

(Integer) Maximum cache age of CORS preflight requests.

expose_headers =

(List) Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.

allow_credentials = True

(Boolean) Indicate that the actual request can include user credentials

Table 4.10. Description of cors.subdomain configuration options

Configuration option = Default valueDescription

allowed_origin = None

(List) Indicate whether this resource may be shared with the domain received in the requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing slash. Example: https://horizon.example.com

allow_credentials = True

(Boolean) Indicate that the actual request can include user credentials

expose_headers =

(List) Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.

max_age = 3600

(Integer) Maximum cache age of CORS preflight requests.

allow_methods = OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, PATCH

(List) Indicate which methods can be used during the actual request.

allow_headers =

(List) Indicate which header field names may be used during the actual request.

Table 4.11. Description of crypto configuration options

Configuration option = Default valueDescription

user_cert_subject = /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=%.16s-%.16s-%s

(String) Subject for certificate for users, %s for project, user, timestamp

project_cert_subject = /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=project-ca-%.16s-%s

(String) Subject for certificate for projects, %s for project, timestamp

crl_file = crl.pem

(String) Filename of root Certificate Revocation List (CRL). This is a list of certificates that have been revoked, and therefore, entities presenting those (revoked) certificates should no longer be trusted.

Related options:

* ca_path

ca_path = $state_path/CA

(String) Directory path where root CA is located.

Related options:

* ca_file

ca_file = cacert.pem

(String) Filename of root CA (Certificate Authority). This is a container format and includes root certificates.

Possible values:

* Any file name containing root CA, cacert.pem is default

Related options:

* ca_path

keys_path = $state_path/keys

(String) Directory path where keys are located.

Related options:

* key_file

key_file = private/cakey.pem

(String) Filename of a private key.

Related options:

* keys_path

use_project_ca = False

(Boolean) Option to enable/disable use of CA for each project.

Table 4.12. Description of database configuration options

Configuration option = Default valueDescription

max_retries = 10

(Integer) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.

db_inc_retry_interval = True

(Boolean) If True, increases the interval between retries of a database operation up to db_max_retry_interval.

pool_timeout = None

(Integer) If set, use this value for pool_timeout with SQLAlchemy.

db_retry_interval = 1

(Integer) Seconds between retries of a database transaction.

mysql_sql_mode = TRADITIONAL

(String) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=

max_pool_size = 5

(Integer) Maximum number of SQL connections to keep open in a pool. Setting a value of 0 indicates no limit.

slave_connection = None

(String) The SQLAlchemy connection string to use to connect to the slave database.

idle_timeout = 3600

(Integer) Timeout before idle SQL connections are reaped.

retry_interval = 10

(Integer) Interval between retries of opening a SQL connection.

use_db_reconnect = False

(Boolean) Enable the experimental use of database reconnect on connection lost.

connection = None

(String) The SQLAlchemy connection string to use to connect to the database.

use_tpool = False

(Boolean) Enable the experimental use of thread pooling for all DB API calls

min_pool_size = 1

(Integer) Minimum number of SQL connections to keep open in a pool.

max_overflow = 50

(Integer) If set, use this value for max_overflow with SQLAlchemy.

connection_debug = 0

(Integer) Verbosity of SQL debugging information: 0=None, 100=Everything.

db_max_retries = 20

(Integer) Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.

connection_trace = False

(Boolean) Add Python stack traces to SQL as comment strings.

db_max_retry_interval = 10

(Integer) If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.

sqlite_synchronous = True

(Boolean) If True, SQLite uses synchronous mode.

backend = sqlalchemy

(String) The back end to use for the database.

Table 4.13. Description of DEFAULT configuration options

Configuration option = Default valueDescription

bandwidth_poll_interval = 600

(Integer) Interval to pull network bandwidth usage info.

Not supported on all hypervisors. If a hypervisor doesn’t support bandwidth usage, it will not get the info in the usage events.

Possible values:

* 0: Will run at the default periodic interval.

* Any value < 0: Disables the option.

* Any positive integer in seconds.

default_floating_pool = nova

(String) Default pool for floating IPs.

This option specifies the default floating IP pool for allocating floating IPs.

While allocating a floating ip, users can optionally pass in the name of the pool they want to allocate from, otherwise it will be pulled from the default pool.

If this option is not set, then 'nova' is used as default floating pool.

Possible values:

* Any string representing a floating IP pool name

* Deprecated

This option was used for two purposes: to set the floating IP pool name for nova-network and to do the same for neutron. nova-network is deprecated, as are any related configuration options. Users of neutron, meanwhile, should use the 'default_floating_pool' option in the '[neutron]' group.

translation_lazy_load = True

(Boolean) Specifies whether to Lazy-Load Translation

compute_topic = compute

(String) This is the message queue topic that the compute service 'listens' on. It is used when the compute service is started up to configure the queue, and whenever an RPC call to the compute service is made.

Possible values:

* Any string, but there is almost never any reason to ever change this value from its default of 'compute'.

* Deprecated

There is no need to let users choose the RPC topic for all services - there is little gain from this. Furthermore, it makes it really easy to break Nova by using this option.

remove_unused_base_images = True

(Boolean) Should unused base images be removed?

live_migration_retry_count = 30

(Integer) Maximum number of 1 second retries in live_migration. It specifies number of retries to iptables when it complains. It happens when an user continuously sends live-migration request to same host leading to concurrent request to iptables.

Possible values:

* Any positive integer representing retry count.

flat_interface = None

(String) This option is the name of the virtual interface of the VM on which the bridge will be built. While it was originally designed to be used only by nova-network, it is also used by libvirt for the bridge interface name.

Possible values:

* Any valid virtual interface name, such as 'eth0'

* Deprecated

nova-network is deprecated, as are any related configuration options.

osapi_compute_listen_port = 8774

(Port number) Port on which the OpenStack API will listen.

The OpenStack API service listens on this port number for incoming requests.

ldap_dns_soa_expiry = 86400

(Integer) Expiry interval (in seconds) for LDAP DNS driver Start of Authority

Time interval, a secondary/slave DNS server holds the information before it is no longer considered authoritative.

* Deprecated

nova-network is deprecated, as are any related configuration options.

block_device_allocate_retries = 60

(Integer) Number of times to retry block device allocation on failures. Starting with Liberty, Cinder can use image volume cache. This may help with block device allocation performance. Look at the cinder image_volume_cache_enabled configuration option.

Possible values:

* 60 (default)

* If value is 0, then one attempt is made.

* Any negative value is treated as 0.

* For any value > 0, total attempts are (value + 1)

shutdown_timeout = 60

(Integer) Total time to wait in seconds for an instance toperform a clean shutdown.

It determines the overall period (in seconds) a VM is allowed to perform a clean shutdown. While performing stop, rescue and shelve, rebuild operations, configuring this option gives the VM a chance to perform a controlled shutdown before the instance is powered off. The default timeout is 60 seconds.

The timeout value can be overridden on a per image basis by means of os_shutdown_timeout that is an image metadata setting allowing different types of operating systems to specify how much time they need to shut down cleanly.

Possible values:

* Any positive integer in seconds (default value is 60).

sync_power_state_pool_size = 1000

(Integer) Number of greenthreads available for use to sync power states.

This option can be used to reduce the number of concurrent requests made to the hypervisor or system with real instance power states for performance reasons, for example, with Ironic.

Possible values:

* Any positive integer representing greenthreads count.

teardown_unused_network_gateway = False

(Boolean) Determines whether unused gateway devices, both VLAN and bridge, are deleted if the network is in nova-network VLAN mode and is multi-hosted.

Related options:

* use_neutron

* vpn_ip

* fake_network

* Deprecated

nova-network is deprecated, as are any related configuration options.

osapi_compute_listen = 0.0.0.0

(String) IP address on which the OpenStack API will listen.

The OpenStack API service listens on this IP address for incoming requests.

public_interface = eth0

(String) This is the name of the network interface for public IP addresses. The default is 'eth0'.

Possible values:

* Any string representing a network interface name

* Deprecated

nova-network is deprecated, as are any related configuration options.

ldap_dns_password = password

(String) Bind user’s password for LDAP server

* Deprecated

nova-network is deprecated, as are any related configuration options.

network_size = 256

(Integer) This option determines the number of addresses in each private subnet.

Please note that this option is only used when using nova-network instead of Neutron in your deployment.

Possible values:

* Any positive integer that is less than or equal to the available network size. Note that if you are creating multiple networks, they must all fit in the available IP address space. The default is 256.

Related options:

* use_neutron

* num_networks

* Deprecated

nova-network is deprecated, as are any related configuration options.

virt_mkfs = []

(Multi-valued) Name of the mkfs commands for ephemeral device.

The format is <os_type>=<mkfs command>

enable_new_services = True

(Boolean) Enable new services on this host automatically.

When a new service (for example "nova-compute") starts up, it gets registered in the database as an enabled service. Sometimes it can be useful to register new services in disabled state and then enabled them at a later point in time. This option can set this behavior for all services per host.

Possible values:

* True: Each new service is enabled as soon as it registers itself.

* False: Services must be enabled via a REST API call or with the CLI with nova service-enable <hostname> <binary>, otherwise they are not ready to use.

my_ip = 10.0.0.1

(String) The IP address which the host is using to connect to the management network.

Possible values:

* String with valid IP address. Default is IPv4 address of this host.

Related options:

* metadata_host

* my_block_storage_ip

* routing_source_ip

* vpn_ip

ldap_dns_soa_hostmaster = hostmaster@example.org

(String) Hostmaster for LDAP DNS driver Statement of Authority

Possible values:

* Any valid string representing LDAP DNS hostmaster.

* Deprecated

nova-network is deprecated, as are any related configuration options.

password_length = 12

(Integer) Length of generated instance admin passwords.

reserved_huge_pages = None

(Unknown) Number of huge/large memory pages to reserved per NUMA host cell.

Possible values:

* A list of valid key=value which reflect NUMA node ID, page size (Default unit is KiB) and number of pages to be reserved.

reserved_huge_pages = node:0,size:2048,count:64 reserved_huge_pages = node:1,size:1GB,count:1

In this example we are reserving on NUMA node 0 64 pages of 2MiB and on NUMA node 1 1 page of 1GiB.

default_schedule_zone = None

(String) Availability zone to use when user doesn’t specify one.

This option is used by the scheduler to determine which availability zone to place a new VM instance into if the user did not specify one at the time of VM boot request.

Possible values:

* Any string representing an availability zone name

* Default value is None.

use_neutron = True

(Boolean) Enable neutron as the backend for networking.

Determine whether to use Neutron or Nova Network as the back end. Set to true to use neutron.

* Deprecated

nova-network is deprecated, as are any related configuration options.

quota_networks = 3

(Integer) This option controls the number of private networks that can be created per project (or per tenant).

Related options:

* enable_network_quota

* Deprecated

CRUD operations on tenant networks are only available when using nova-network and nova-network is itself deprecated.

allow_resize_to_same_host = False

(Boolean) Allow destination machine to match source for resize. Useful when testing in single-host environments. By default it is not allowed to resize to the same host. Setting this option to true will add the same host to the destination options. Also set to true if you allow the ServerGroupAffinityFilter and need to resize.

reclaim_instance_interval = 0

(Integer) Interval for reclaiming deleted instances.

A value greater than 0 will enable SOFT_DELETE of instances. This option decides whether the server to be deleted will be put into the SOFT_DELETED state. If this value is greater than 0, the deleted server will not be deleted immediately, instead it will be put into a queue until it’s too old (deleted time greater than the value of reclaim_instance_interval). The server can be recovered from the delete queue by using the restore action. If the deleted server remains longer than the value of reclaim_instance_interval, it will be deleted by a periodic task in the compute service automatically.

Note that this option is read from both the API and compute nodes, and must be set globally otherwise servers could be put into a soft deleted state in the API and never actually reclaimed (deleted) on the compute node.

Possible values:

* Any positive integer(in seconds) greater than 0 will enable this option.

* Any value ⇐0 will disable the option.

rootwrap_config = /etc/nova/rootwrap.conf

(String) Path to the rootwrap configuration file.

Goal of the root wrapper is to allow a service-specific unprivileged user to run a number of actions as the root user in the safest manner possible. The configuration file used here must match the one defined in the sudoers entry.

reserved_host_cpus = 0

(Integer) Number of physical CPUs to reserve for the host. The host resources usage is reported back to the scheduler continuously from nova-compute running on the compute node. To prevent the host CPU from being considered as available, this option is used to reserve random pCPU(s) for the host.

Possible values:

* Any positive integer representing number of physical CPUs to reserve for the host.

metadata_listen = 0.0.0.0

(String) IP address on which the metadata API will listen.

The metadata API service listens on this IP address for incoming requests.

syslog_log_facility = LOG_USER

(String) Syslog facility to receive log lines. This option is ignored if log_config_append is set.

force_config_drive = False

(Boolean) Force injection to take place on a config drive

When this option is set to true configuration drive functionality will be forced enabled by default, otherwise user can still enable configuration drives via the REST API or image metadata properties.

Possible values:

* True: Force to use of configuration drive regardless the user’s input in the REST API call.

* False: Do not force use of configuration drive. Config drives can still be enabled via the REST API or image metadata properties.

Related options:

* Use the 'mkisofs_cmd' flag to set the path where you install the genisoimage program. If genisoimage is in same path as the nova-compute service, you do not need to set this flag.

fixed_range_v6 = fd00::/48

(String) This option determines the fixed IPv6 address block when creating a network.

Please note that this option is only used when using nova-network instead of Neutron in your deployment.

Possible values:

* Any valid IPv6 CIDR

Related options:

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

auto_assign_floating_ip = False

(Boolean) Autoassigning floating IP to VM

When set to True, floating IP is auto allocated and associated to the VM upon creation.

Related options:

* use_neutron: this options only works with nova-network.

* Deprecated

nova-network is deprecated, as are any related configuration options.

default_access_ip_network_name = None

(String) Name of the network to be used to set access IPs for instances. If there are multiple IPs to choose from, an arbitrary one will be chosen.

Possible values:

* None (default)

* Any string representing network name.

instance_dns_domain =

(String) If specified, Nova checks if the availability_zone of every instance matches what the database says the availability_zone should be for the specified dns_domain.

Related options:

* use_neutron: this options only works with nova-network.

* Deprecated

nova-network is deprecated, as are any related configuration options.

resume_guests_state_on_host_boot = False

(Boolean) This option specifies whether to start guests that were running before the host rebooted. It ensures that all of the instances on a Nova compute node resume their state each time the compute node boots or restarts.

dhcp_lease_time = 86400

(Integer) The lifetime of a DHCP lease, in seconds. The default is 86400 (one day).

Possible values:

* Any positive integer value.

* Deprecated

nova-network is deprecated, as are any related configuration options.

floating_ip_dns_manager = nova.network.noop_dns_driver.NoopDNSDriver

(String) Full class name for the DNS Manager for floating IPs.

This option specifies the class of the driver that provides functionality to manage DNS entries associated with floating IPs.

When a user adds a DNS entry for a specified domain to a floating IP, nova will add a DNS entry using the specified floating DNS driver. When a floating IP is deallocated, its DNS entry will automatically be deleted.

Possible values:

* Full Python path to the class to be used

Related options:

* use_neutron: this options only works with nova-network.

* Deprecated

nova-network is deprecated, as are any related configuration options.

state_path = $pybasedir

(String) The top-level directory for maintaining Nova’s state.

This directory is used to store Nova’s internal state. It is used by a variety of other config options which derive from this. In some scenarios (for example migrations) it makes sense to use a storage location which is shared between multiple compute hosts (for example via NFS). Unless the option instances_path gets overwritten, this directory can grow very large.

Possible values:

* The full path to a directory. Defaults to value provided in pybasedir.

injected_network_template = $pybasedir/nova/virt/interfaces.template

(String) Path to '/etc/network/interfaces' template.

The path to a template file for the '/etc/network/interfaces'-style file, which will be populated by nova and subsequently used by cloudinit. This provides a method to configure network connectivity in environments without a DHCP server.

The template will be rendered using Jinja2 template engine, and receive a top-level key called interfaces. This key will contain a list of dictionaries, one for each interface.

Refer to the cloudinit documentaion for more information:

https://cloudinit.readthedocs.io/en/latest/topics/datasources.html

Possible values:

* A path to a Jinja2-formatted template for a Debian '/etc/network/interfaces' file. This applies even if using a non Debian-derived guest.

Related options:

* flat_inject: This must be set to True to ensure nova embeds network configuration information in the metadata provided through the config drive.

daemon = False

(Boolean) Run as a background process.

rate_limit_except_level = CRITICAL

(String) Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered.

heal_instance_info_cache_interval = 60

(Integer) Interval between instance network information cache updates.

Number of seconds after which each compute node runs the task of querying Neutron for all of its instances networking information, then updates the Nova db with that information. Nova will never update it’s cache if this option is set to 0. If we don’t update the cache, the metadata service and nova-api endpoints will be proxying incorrect network data about the instance. So, it is not recommended to set this option to 0.

Possible values:

* Any positive integer in seconds.

* Any value ⇐0 will disable the sync. This is not recommended.

resize_confirm_window = 0

(Integer) Automatically confirm resizes after N seconds.

Resize functionality will save the existing server before resizing. After the resize completes, user is requested to confirm the resize. The user has the opportunity to either confirm or revert all changes. Confirm resize removes the original server and changes server status from resized to active. Setting this option to a time period (in seconds) will automatically confirm the resize if the server is in resized state longer than that time.

Possible values:

* 0: Disables the option (default)

* Any positive integer in seconds: Enables the option.

metadata_host = $my_ip

(String) This option determines the IP address for the network metadata API server.

This is really the client side of the metadata host equation that allows nova-network to find the metadata server when doing a default multi host networking.

Possible values:

* Any valid IP address. The default is the address of the Nova API server.

Related options:

* metadata_port

debug = False

(Boolean) If set to true, the logging level will be set to DEBUG instead of the default INFO level.

* Mutable

This option can be changed without restarting.

logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s

(String) Defines the format string for %(user_identity)s that is used in logging_context_format_string.

routing_source_ip = $my_ip

(String) The public IP address of the network host.

This is used when creating an SNAT rule.

Possible values:

* Any valid IP address

Related options:

* force_snat_range

* Deprecated

nova-network is deprecated, as are any related configuration options.

firewall_driver = nova.virt.firewall.NoopFirewallDriver

(String) Firewall driver to use with nova-network service.

This option only applies when using the nova-network service. When using another networking services, such as Neutron, this should be to set to the nova.virt.firewall.NoopFirewallDriver.

Possible values:

  • nova.virt.firewall.IptablesFirewallDriver
  • nova.virt.firewall.NoopFirewallDriver
  • nova.virt.libvirt.firewall.IptablesFirewallDriver
  • […​]

Related options:

  • use_neutron: This must be set to False to enable nova-network networking
  • Deprecated

    nova-network is deprecated, as are any related configuration options.

ldap_dns_user = uid=admin,ou=people,dc=example,dc=org

(String) Bind user for LDAP server

* Deprecated

nova-network is deprecated, as are any related configuration options.

config_drive_format = iso9660

(String) Configuration drive format

Configuration drive format that will contain metadata attached to the instance when it boots.

Possible values:

* iso9660: A file system image standard that is widely supported across operating systems. NOTE: Mind the libvirt bug (https://bugs.launchpad.net/nova/+bug/1246201) - If your hypervisor driver is libvirt, and you want live migrate to work without shared storage, then use VFAT.

* vfat: For legacy reasons, you can configure the configuration drive to use VFAT format instead of ISO 9660.

Related options:

* This option is meaningful when one of the following alternatives occur: 1. force_config_drive option set to 'true' 2. the REST API call to create the instance contains an enable flag for config drive option 3. the image used to create the instance requires a config drive, this is defined by img_config_drive property for that image.

block_device_allocate_retries_interval = 3

(Integer) Interval (in seconds) between block device allocation retries on failures.

This option allows the user to specify the time interval between consecutive retries. 'block_device_allocate_retries' option specifies the maximum number of retries.

Possible values:

* 0: Disables the option.

* Any positive integer in seconds enables the option.

Related options:

* block_device_allocate_retries in compute_manager_opts group.

shelved_offload_time = 0

(Integer) Time before a shelved instance is eligible for removal from a host.

By default this option is set to 0 and the shelved instance will be removed from the hypervisor immediately after shelve operation. Otherwise, the instance will be kept for the value of shelved_offload_time(in seconds) so that during the time period the unshelve action will be faster, then the periodic task will remove the instance from hypervisor after shelved_offload_time passes.

Possible values:

* 0: Instance will be immediately offloaded after being shelved.

* Any value < 0: An instance will never offload.

* Any positive integer in seconds: The instance will exist for the specified number of seconds before being offloaded.

instance_dns_manager = nova.network.noop_dns_driver.NoopDNSDriver

(String) Full class name for the DNS Manager for instance IPs.

This option specifies the class of the driver that provides functionality to manage DNS entries for instances.

On instance creation, nova will add DNS entries for the instance name and id, using the specified instance DNS driver and domain. On instance deletion, nova will remove the DNS entries.

Possible values:

* Full Python path to the class to be used

Related options:

* use_neutron: this options only works with nova-network.

* Deprecated

nova-network is deprecated, as are any related configuration options.

pointer_model = usbtablet

(String) Generic property to specify the pointer type.

Input devices allow interaction with a graphical framebuffer. For example to provide a graphic tablet for absolute cursor movement.

If set, the 'hw_pointer_model' image property takes precedence over this configuration option.

Possible values:

* None: Uses default behavior provided by drivers (mouse on PS2 for libvirt x86)

* ps2mouse: Uses relative movement. Mouse connected by PS2

* usbtablet: Uses absolute movement. Tablet connect by USB

Related options:

* usbtablet must be configured with VNC enabled or SPICE enabled and SPICE agent disabled. When used with libvirt the instance mode should be configured as HVM.

ebtables_retry_interval = 1.0

(Floating point) This option determines the time, in seconds, that the system will sleep in between ebtables retries. Note that each successive retry waits a multiple of this value, so for example, if this is set to the default of 1.0 seconds, and ebtables_exec_attempts is 4, after the first failure, the system will sleep for 1 * 1.0 seconds, after the second failure it will sleep 2 * 1.0 seconds, and after the third failure it will sleep 3 * 1.0 seconds.

Possible values:

* Any non-negative float or integer. Setting this to zero will result in no waiting between attempts.

Related options:

* ebtables_exec_attempts

* Deprecated

nova-network is deprecated, as are any related configuration options.

disk_allocation_ratio = 0.0

(Floating point) This option helps you specify virtual disk to physical disk allocation ratio.

From Ocata (15.0.0) this is used to influence the hosts selected by the Placement API. Note that when Placement is used, the DiskFilter is redundant, because the Placement API will have already filtered out hosts that would have failed the DiskFilter.

A ratio greater than 1.0 will result in over-subscription of the available physical disk, which can be useful for more efficiently packing instances created with images that do not use the entire virtual disk, such as sparse or compressed images. It can be set to a value between 0.0 and 1.0 in order to preserve a percentage of the disk for uses other than instances.

Note

This can be set per-compute, or if set to 0.0, the value set on the scheduler node(s) or compute node(s) will be used and defaulted to 1.0.

Note

As of the 16.0.0 Pike release, this configuration option is ignored for the ironic.IronicDriver compute driver and is hardcoded to 1.0.

Possible values:

* Any valid positive integer or float value

vif_plugging_timeout = 300

(Integer) Timeout for Neutron VIF plugging event message arrival.

Number of seconds to wait for Neutron vif plugging events to arrive before continuing or failing (see 'vif_plugging_is_fatal').

Related options:

* vif_plugging_is_fatal - If vif_plugging_timeout is set to zero and vif_plugging_is_fatal is False, events should not be expected to arrive at all.

flat_network_dns = 8.8.4.4

(String) This is the address of the DNS server for a simple network. If this option is not specified, the default of '8.8.4.4' is used.

Please note that this option is only used when using nova-network instead of Neutron in your deployment.

Possible values:

* Any valid IP address.

Related options:

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

use_journal = False

(Boolean) Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.

use_stderr = False

(Boolean) Log output to standard error. This option is ignored if log_config_append is set.

default_ephemeral_format = None

(String) The default format an ephemeral_volume will be formatted with on creation.

Possible values:

* ext2

* ext3

* ext4

* xfs

* ntfs (only for Windows guests)

remove_unused_original_minimum_age_seconds = 86400

(Integer) Unused unresized base images younger than this will not be removed.

ldap_dns_url = ldap://ldap.example.com:389

(URI) URL for LDAP server which will store DNS entries

Possible values:

* A valid LDAP URL representing the server

* Deprecated

nova-network is deprecated, as are any related configuration options.

metadata_listen_port = 8775

(Port number) Port on which the metadata API will listen.

The metadata API service listens on this port number for incoming requests.

periodic_enable = True

(Boolean) Enable periodic tasks.

If set to true, this option allows services to periodically run tasks on the manager.

In case of running multiple schedulers or conductors you may want to run periodic tasks on only one host - in this case disable this option for all hosts but one.

iptables_drop_action = DROP

(String) By default, packets that do not pass the firewall are DROPped. In many cases, though, an operator may find it more useful to change this from DROP to REJECT, so that the user issuing those packets may have a better idea as to what’s going on, or LOGDROP in order to record the blocked traffic before DROPping.

Possible values:

* A string representing an iptables chain. The default is DROP.

* Deprecated

nova-network is deprecated, as are any related configuration options.

gateway = None

(String) This is the default IPv4 gateway. It is used only in the testing suite.

Please note that this option is only used when using nova-network instead of Neutron in your deployment.

Possible values:

* Any valid IP address.

Related options:

* use_neutron

* gateway_v6

* Deprecated

nova-network is deprecated, as are any related configuration options.

instance_name_template = instance-%08x

(String) Template string to be used to generate instance names.

This template controls the creation of the database name of an instance. This is not the display name you enter when creating an instance (via Horizon or CLI). For a new deployment it is advisable to change the default value (which uses the database autoincrement) to another value which makes use of the attributes of an instance, like instance-%(uuid)s. If you already have instances in your deployment when you change this, your deployment will break.

Possible values:

* A string which either uses the instance database ID (like the default)

* A string with a list of named database columns, for example %(id)d or %(uuid)s or %(hostname)s.

Related options:

* not to be confused with: multi_instance_display_name_template

web = /usr/share/spice-html5

(String) Path to directory with content which will be served by a web server.

instance_usage_audit_period = month

(String) Time period to generate instance usages for. It is possible to define optional offset to given period by appending @ character followed by a number defining offset.

Possible values:

* period, example: hour, day, month or `year

* period with offset, example: month@15 will result in monthly audits starting on 15th day of month.

log_dir = None

(String) (Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.

logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d

(String) Additional data to append to log message when logging level for the message is DEBUG.

ldap_dns_base_dn = ou=hosts,dc=example,dc=org

(String) Base distinguished name for the LDAP search query

This option helps to decide where to look up the host in LDAP.

* Deprecated

nova-network is deprecated, as are any related configuration options.

default_log_levels = amqp=WARN, amqplib=WARN, boto=WARN, qpid=WARN, sqlalchemy=WARN, suds=INFO, oslo.messaging=INFO, oslo_messaging=INFO, iso8601=WARN, requests.packages.urllib3.connectionpool=WARN, urllib3.connectionpool=WARN, websocket=WARN, requests.packages.urllib3.util.retry=WARN, urllib3.util.retry=WARN, keystonemiddleware=WARN, routes.middleware=WARN, stevedore=WARN, taskflow=WARN, keystoneauth=WARN, oslo.cache=INFO, dogpile.core.dogpile=INFO

(List) List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.

running_deleted_instance_poll_interval = 1800

(Integer) Time interval in seconds to wait between runs for the clean up action. If set to 0, above check will be disabled. If "running_deleted_instance _action" is set to "log" or "reap", a value greater than 0 must be set.

Possible values:

* Any positive integer in seconds enables the option.

* 0: Disables the option.

* 1800: Default value.

Related options:

* running_deleted_instance_action

dhcp_domain = novalocal

(String) This option allows you to specify the domain for the DHCP server.

Possible values:

* Any string that is a valid domain name.

Related options:

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

forward_bridge_interface = ['all']

(Multi-valued) One or more interfaces that bridges can forward traffic to. If any of the items in this list is the special keyword 'all', then all traffic will be forwarded.

Possible values:

* A list of zero or more interface names, or the word 'all'.

* Deprecated

nova-network is deprecated, as are any related configuration options.

console_topic = console

(String) Represents the message queue topic name used by nova-console service when communicating via the AMQP server. The Nova API uses a message queue to communicate with nova-console to retrieve a console URL for that host.

Possible values:

* A string representing topic exchange name

* Deprecated

There is no need to let users choose the RPC topic for all services - there is little gain from this. Furthermore, it makes it really easy to break Nova by using this option.

instances_path = $state_path/instances

(String) Specifies where instances are stored on the hypervisor’s disk. It can point to locally attached storage or a directory on NFS.

Possible values:

* $state_path/instances where state_path is a config option that specifies the top-level directory for maintaining nova’s state. (default) or Any string representing directory path.

flat_injected = False

(Boolean) This option determines whether the network setup information is injected into the VM before it is booted. While it was originally designed to be used only by nova-network, it is also used by the vmware and xenapi virt drivers to control whether network information is injected into a VM.

host = localhost

(String) Hostname, FQDN or IP address of this host. Must be valid within AMQP key.

Possible values:

* String with hostname, FQDN or IP address. Default is hostname of this host.

instance_delete_interval = 300

(Integer) Interval for retrying failed instance file deletes.

This option depends on 'maximum_instance_delete_attempts'. This option specifies how often to retry deletes whereas 'maximum_instance_delete_attempts' specifies the maximum number of retry attempts that can be made.

Possible values:

* 0: Will run at the default periodic interval.

* Any value < 0: Disables the option.

* Any positive integer in seconds.

Related options:

* maximum_instance_delete_attempts from instance_cleaning_opts group.

vpn_ip = $my_ip

(String) This option is no longer used since the /os-cloudpipe API was removed in the 16.0.0 Pike release. This is the public IP address for the cloudpipe VPN servers. It defaults to the IP address of the host.

Please note that this option is only used when using nova-network instead of Neutron in your deployment. It also will be ignored if the configuration option for network_manager is not set to the default of 'nova.network.manager.VlanManager'.

Possible values:

* Any valid IP address. The default is $my_ip, the IP address of the VM.

Related options:

* network_manager

* use_neutron

* vpn_start

* Deprecated

nova-network is deprecated, as are any related configuration options.

non_inheritable_image_properties = cache_in_nova, bittorrent

(List) Image properties that should not be inherited from the instance when taking a snapshot.

This option gives an opportunity to select which image-properties should not be inherited by newly created snapshots.

Possible values:

* A list whose item is an image property. Usually only the image properties that are only needed by base images can be included here, since the snapshots that are created from the base images doesn’t need them.

* Default list: ['cache_in_nova', 'bittorrent']

fixed_ip_disassociate_timeout = 600

(Integer) This is the number of seconds to wait before disassociating a deallocated fixed IP address. This is only used with the nova-network service, and has no effect when using neutron for networking.

Possible values:

* Any integer, zero or greater.

Related options:

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

running_deleted_instance_action = reap

(String) The compute service periodically checks for instances that have been deleted in the database but remain running on the compute node. The above option enables action to be taken when such instances are identified.

Possible values:

* reap: Powers down the instances and deletes them(default)

* log: Logs warning message about deletion of the resource

* shutdown: Powers down instances and marks them as non- bootable which can be later used for debugging/analysis

* noop: Takes no action

Related options:

* running_deleted_instance_poll_interval

* running_deleted_instance_timeout

console_host = <current_hostname>

(String) Console proxy host to be used to connect to instances on this host. It is the publicly visible name for the console host.

Possible values:

* Current hostname (default) or any string representing hostname.

preallocate_images = none

(String) The image preallocation mode to use.

Image preallocation allows storage for instance images to be allocated up front when the instance is initially provisioned. This ensures immediate feedback is given if enough space isn’t available. In addition, it should significantly improve performance on writes to new blocks and may even improve I/O performance to prewritten blocks due to reduced fragmentation.

Possible values:

* "none" ⇒ no storage provisioning is done up front

* "space" ⇒ storage is fully allocated at instance start

reboot_timeout = 0

(Integer) Time interval after which an instance is hard rebooted automatically.

When doing a soft reboot, it is possible that a guest kernel is completely hung in a way that causes the soft reboot task to not ever finish. Setting this option to a time period in seconds will automatically hard reboot an instance if it has been stuck in a rebooting state longer than N seconds.

Possible values:

* 0: Disables the option (default).

* Any positive integer in seconds: Enables the option.

multi_host = False

(Boolean) Default value for multi_host in networks.

nova-network service can operate in a multi-host or single-host mode. In multi-host mode each compute node runs a copy of nova-network and the instances on that compute node use the compute node as a gateway to the Internet. Where as in single-host mode, a central server runs the nova-network service. All compute nodes forward traffic from the instances to the cloud controller which then forwards traffic to the Internet.

If this options is set to true, some rpc network calls will be sent directly to host.

Note that this option is only used when using nova-network instead of Neutron in your deployment.

Related options:

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

fake_network = False

(Boolean) This option is used mainly in testing to avoid calls to the underlying network utilities.

* Deprecated

nova-network is deprecated, as are any related configuration options.

vpn_start = 1000

(Port number) This is the port number to use as the first VPN port for private networks.

Please note that this option is only used when using nova-network instead of Neutron in your deployment. It also will be ignored if the configuration option for network_manager is not set to the default of 'nova.network.manager.VlanManager', or if you specify a value the 'vpn_start' parameter when creating a network.

Possible values:

* Any integer representing a valid port number. The default is 1000.

Related options:

* use_neutron

* vpn_ip

* network_manager

* Deprecated

nova-network is deprecated, as are any related configuration options.

networks_path = $state_path/networks

(String) The location where the network configuration files will be kept. The default is the 'networks' directory off of the location where nova’s Python module is installed.

Possible values

* A string containing the full path to the desired configuration directory

* Deprecated

nova-network is deprecated, as are any related configuration options.

rate_limit_burst = 0

(Integer) Maximum number of logged messages per rate_limit_interval.

dmz_cidr =

(List) This option is a list of zero or more IP address ranges in your network’s DMZ that should be accepted.

Possible values:

* A list of strings, each of which should be a valid CIDR.

* Deprecated

nova-network is deprecated, as are any related configuration options.

send_arp_for_ha_count = 3

(Integer) When arp messages are configured to be sent, they will be sent with the count set to the value of this option. Of course, if this is set to zero, no arp messages will be sent.

Possible values:

* Any integer greater than or equal to 0

Related options:

* send_arp_for_ha

migrate_max_retries = -1

(Integer) Number of times to retry live-migration before failing.

Possible values:

* If == -1, try until out of hosts (default)

* If == 0, only try once, no retries

* Integer greater than 0

servicegroup_driver = db

(String) This option specifies the driver to be used for the servicegroup service.

ServiceGroup API in nova enables checking status of a compute node. When a compute worker running the nova-compute daemon starts, it calls the join API to join the compute group. Services like nova scheduler can query the ServiceGroup API to check if a node is alive. Internally, the ServiceGroup client driver automatically updates the compute worker status. There are multiple backend implementations for this service: Database ServiceGroup driver and Memcache ServiceGroup driver.

Possible Values:

* db : Database ServiceGroup driver

* mc : Memcache ServiceGroup driver

Related Options:

* service_down_time (maximum time since last check-in for up service)

shelved_poll_interval = 3600

(Integer) Interval for polling shelved instances to offload.

The periodic task runs for every shelved_poll_interval number of seconds and checks if there are any shelved instances. If it finds a shelved instance, based on the 'shelved_offload_time' config value it offloads the shelved instances. Check 'shelved_offload_time' config option description for details.

Possible values:

* Any value ⇐ 0: Disables the option.

* Any positive integer in seconds.

Related options:

* shelved_offload_time

compute_monitors =

(List) A list of monitors that can be used for getting compute metrics. You can use the alias/name from the setuptools entry points for nova.compute.monitors.* namespaces. If no namespace is supplied, the "cpu." namespace is assumed for backwards-compatibility.

Possible values:

* An empty list will disable the feature(Default).

* An example value that would enable both the CPU and NUMA memory bandwidth monitors that used the virt driver variant: ["cpu.virt_driver", "numa_mem_bw.virt_driver"]

ssl_only = False

(Boolean) Disallow non-encrypted connections.

ram_allocation_ratio = 0.0

(Floating point) This option helps you specify virtual RAM to physical RAM allocation ratio.

From Ocata (15.0.0) this is used to influence the hosts selected by the Placement API. Note that when Placement is used, the RamFilter is redundant, because the Placement API will have already filtered out hosts that would have failed the RamFilter.

This configuration specifies ratio for RamFilter which can be set per compute node. For AggregateRamFilter, it will fall back to this configuration value if no per-aggregate setting found.

Note

This can be set per-compute, or if set to 0.0, the value set on the scheduler node(s) or compute node(s) will be used and defaulted to 1.5.

Note

As of the 16.0.0 Pike release, this configuration option is ignored for the ironic.IronicDriver compute driver and is hardcoded to 1.0.

Possible values:

* Any valid positive integer or float value

resize_fs_using_block_device = False

(Boolean) Enable resizing of filesystems via a block device.

If enabled, attempt to resize the filesystem by accessing the image over a block device. This is done by the host and may not be necessary if the image contains a recent version of cloud-init. Possible mechanisms require the nbd driver (for qcow and raw), or loop (for raw).

key = None

(String) SSL key file (if separate from cert).

vlan_interface = None

(String) This option is the name of the virtual interface of the VM on which the VLAN bridge will be built. While it was originally designed to be used only by nova-network, it is also used by libvirt and xenapi for the bridge interface name.

Please note that this setting will be ignored in nova-network if the configuration option for network_manager is not set to the default of 'nova.network.manager.VlanManager'.

Possible values:

* Any valid virtual interface name, such as 'eth0'

* Deprecated

nova-network is deprecated, as are any related configuration options. While this option has an effect when using neutron, it incorrectly override the value provided by neutron and should therefore not be used.

linuxnet_ovs_integration_bridge = br-int

(String) The name of the Open vSwitch bridge that is used with linuxnet when connecting with Open vSwitch."

Possible values:

* Any string representing a valid bridge name.

* Deprecated

nova-network is deprecated, as are any related configuration options.

scheduler_topic = scheduler

(String) Scheduler message queue topic.

This is the message queue topic that the scheduler 'listens' on. It is used when the scheduler service is started up to configure the queue, and whenever an RPC call to the scheduler is made. There is almost never any reason to ever change this value.

Possible values:

* A valid AMQP topic name

* Deprecated

There is no need to let users choose the RPC topic for all services - there is little gain from this. Furthermore, it makes it really easy to break Nova by using this option.

send_arp_for_ha = False

(Boolean) When True, when a device starts up, and upon binding floating IP addresses, arp messages will be sent to ensure that the arp caches on the compute hosts are up-to-date.

Related options:

* send_arp_for_ha_count

network_allocate_retries = 0

(Integer) Number of times to retry network allocation. It is required to attempt network allocation retries if the virtual interface plug fails.

Possible values:

* Any positive integer representing retry count.

use_rootwrap_daemon = False

(Boolean) Start and use a daemon that can run the commands that need to be run with root privileges. This option is usually enabled on nodes that run nova compute processes.

periodic_fuzzy_delay = 60

(Integer) Number of seconds to randomly delay when starting the periodic task scheduler to reduce stampeding.

When compute workers are restarted in unison across a cluster, they all end up running the periodic tasks at the same time causing problems for the external services. To mitigate this behavior, periodic_fuzzy_delay option allows you to introduce a random initial delay when starting the periodic task scheduler.

Possible Values:

* Any positive integer (in seconds)

* 0 : disable the random delay

metadata_workers = None

(Integer) Number of workers for metadata service. If not specified the number of available CPUs will be used.

The metadata service can be configured to run as multi-process (workers). This overcomes the problem of reduction in throughput when API request concurrency increases. The metadata service will run in the specified number of processes.

Possible Values:

* Any positive integer

* None (default value)

dnsmasq_config_file =

(String) The path to the custom dnsmasq configuration file, if any.

Possible values:

* The full path to the configuration file, or an empty string if there is no custom dnsmasq configuration file.

* Deprecated

nova-network is deprecated, as are any related configuration options.

pypowervm_update_collision_retries = 5

(Integer) Number of retries if an update operation failed due to collision

ebtables_exec_attempts = 3

(Integer) This option determines the number of times to retry ebtables commands before giving up. The minimum number of retries is 1.

Possible values:

* Any positive integer

Related options:

* ebtables_retry_interval

* Deprecated

nova-network is deprecated, as are any related configuration options.

null_kernel = nokernel

(String) This option is used to decide when an image should have no external ramdisk or kernel. By default this is set to 'nokernel', so when an image is booted with the property 'kernel_id' with the value 'nokernel', Nova assumes the image doesn’t require an external kernel and ramdisk.

* Deprecated

When an image is booted with the property 'kernel_id' with the value 'nokernel', Nova assumes the image doesn’t require an external kernel and ramdisk. This option allows user to change the API behaviour which should not be allowed and this value "nokernel" should be hard coded.

mkisofs_cmd = genisoimage

(String) Name or path of the tool used for ISO image creation

Use the mkisofs_cmd flag to set the path where you install the genisoimage program. If genisoimage is on the system path, you do not need to change the default value.

Possible values:

* Name of the ISO image creator program, in case it is in the same directory as the nova-compute service

* Path to ISO image creator program

Related options:

* This option is meaningful when config drives are enabled.

force_raw_images = True

(Boolean) Force conversion of backing images to raw format.

Possible values:

* True: Backing image files will be converted to raw image format

* False: Backing image files will not be converted

Related options:

* compute_driver: Only the libvirt driver uses this option.

cert = self.pem

(String) Path to SSL certificate file.

instance_format = "[instance: %(uuid)s] "

(String) The format for an instance that is passed with the log message.

source_is_ipv6 = False

(Boolean) Set to True if source host is addressed with IPv6.

service_down_time = 60

(Integer) Maximum time in seconds since last check-in for up service

Each compute node periodically updates their database status based on the specified report interval. If the compute node hasn’t updated the status for more than service_down_time, then the compute node is considered down.

Related Options:

* report_interval (service_down_time should not be less than report_interval)

defer_iptables_apply = False

(Boolean) Whether to batch up the application of IPTables rules during a host restart and apply all at the end of the init phase.

publish_errors = False

(Boolean) Enables or disables publication of error events.

consoleauth_topic = consoleauth

(String) This option allows you to change the message topic used by nova-consoleauth service when communicating via the AMQP server. Nova Console Authentication server authenticates nova consoles. Users can then access their instances through VNC clients. The Nova API service uses a message queue to communicate with nova-consoleauth to get a VNC console.

Possible Values:

* 'consoleauth' (default) or Any string representing topic exchange name.

* Deprecated

There is no need to let users choose the RPC topic for all services - there is little gain from this. Furthermore, it makes it really easy to break Nova by using this option.

update_resources_interval = 0

(Integer) Interval for updating compute resources.

This option specifies how often the update_available_resources periodic task should run. A number less than 0 means to disable the task completely. Leaving this at the default of 0 will cause this to run at the default periodic interval. Setting it to any positive value will cause it to run at approximately that number of seconds.

Possible values:

* 0: Will run at the default periodic interval.

* Any value < 0: Disables the option.

* Any positive integer in seconds.

logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

(String) Prefix each line of exception output with this format.

enabled_apis = osapi_compute, metadata

(List) List of APIs to be enabled by default.

report_interval = 10

(Integer) Number of seconds indicating how frequently the state of services on a given hypervisor is reported. Nova needs to know this to determine the overall health of the deployment.

Related Options:

* service_down_time report_interval should be less than service_down_time. If service_down_time is less than report_interval, services will routinely be considered down, because they report in too rarely.

monkey_patch_modules = nova.compute.api:nova.notifications.notify_decorator

(List) List of modules/decorators to monkey patch.

This option allows you to patch a decorator for all functions in specified modules.

Possible values:

* nova.compute.api:nova.notifications.notify_decorator

* nova.api.ec2.cloud:nova.notifications.notify_decorator

*

Related options:

* monkey_patch: This must be set to True for this option to have any effect

vif_plugging_is_fatal = True

(Boolean) Determine if instance should boot or fail on VIF plugging timeout.

Nova sends a port update to Neutron after an instance has been scheduled, providing Neutron with the necessary information to finish setup of the port. Once completed, Neutron notifies Nova that it has finished setting up the port, at which point Nova resumes the boot of the instance since network connectivity is now supposed to be present. A timeout will occur if the reply is not received after a given interval.

This option determines what Nova does when the VIF plugging timeout event happens. When enabled, the instance will error out. When disabled, the instance will continue to boot on the assumption that the port is ready.

Possible values:

* True: Instances should fail after VIF plugging timeout

* False: Instances should continue booting after VIF plugging timeout

iptables_bottom_regex =

(String) This expression, if defined, will select any matching iptables rules and place them at the bottom when applying metadata changes to the rules.

Possible values:

* Any string representing a valid regular expression, or an empty string

Related options:

* iptables_top_regex

* Deprecated

nova-network is deprecated, as are any related configuration options.

update_dns_entries = False

(Boolean) When this option is True, whenever a DNS entry must be updated, a fanout cast message is sent to all network hosts to update their DNS entries in multi-host mode.

Related options:

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

vendordata_driver = nova.api.metadata.vendordata_json.JsonFileVendorData

(String) When returning instance metadata, this is the class that is used for getting vendor metadata when that class isn’t specified in the individual request. The value should be the full dot-separated path to the class to use.

Possible values:

* Any valid dot-separated class path that can be imported.

* Deprecated

No deprecation reason provided for this option.

instance_usage_audit = False

(Boolean) This option enables periodic compute.instance.exists notifications. Each compute node must be configured to generate system usage data. These notifications are consumed by OpenStack Telemetry service.

maximum_instance_delete_attempts = 5

(Integer) The number of times to attempt to reap an instance’s files.

This option specifies the maximum number of retry attempts that can be made.

Possible values:

* Any positive integer defines how many attempts are made.

* Any value ⇐0 means no delete attempts occur, but you should use instance_delete_interval to disable the delete attempts.

Related options:

* instance_delete_interval in interval_opts group can be used to disable this option.

console_driver = nova.console.xvp.XVPConsoleProxy

(String) nova-console-proxy is used to set up multi-tenant VM console access. This option allows pluggable driver program for the console session and represents driver to use for the console proxy.

Possible values:

* A string representing fully classified class name of console driver.

* Deprecated

This option no longer does anything. Previously this option had only two valid, in-tree values: nova.console.xvp.XVPConsoleProxy and nova.console.fake.FakeConsoleProxy. The latter of these was only used in tests and has since been replaced.

dns_server = []

(Multi-valued) Despite the singular form of the name of this option, it is actually a list of zero or more server addresses that dnsmasq will use for DNS nameservers. If this is not empty, dnsmasq will not read /etc/resolv.conf, but will only use the servers specified in this option. If the option use_network_dns_servers is True, the dns1 and dns2 servers from the network will be appended to this list, and will be used as DNS servers, too.

Possible values:

* A list of strings, where each string is either an IP address or a FQDN.

Related options:

* use_network_dns_servers

* Deprecated

nova-network is deprecated, as are any related configuration options.

allow_same_net_traffic = True

(Boolean) Determine whether to allow network traffic from same network.

When set to true, hosts on the same subnet are not filtered and are allowed to pass all types of traffic between them. On a flat network, this allows all instances from all projects unfiltered communication. With VLAN networking, this allows access between instances within the same project.

This option only applies when using the nova-network service. When using another networking services, such as Neutron, security groups or other approaches should be used.

Possible values:

* True: Network traffic should be allowed pass between all instances on the same network, regardless of their tenant and security policies

* False: Network traffic should not be allowed pass between instances unless it is unblocked in a security group

Related options:

* use_neutron: This must be set to False to enable nova-network networking

* firewall_driver: This must be set to nova.virt.libvirt.firewall.IptablesFirewallDriver to ensure the libvirt firewall driver is enabled.

* Deprecated

nova-network is deprecated, as are any related configuration options.

watch_log_file = False

(Boolean) Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.

l3_lib = nova.network.l3.LinuxNetL3

(String) This option allows you to specify the L3 management library to be used.

Possible values:

* Any dot-separated string that represents the import path to an L3 networking library.

Related options:

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

force_snat_range = []

(Multi-valued) This is a list of zero or more IP ranges that traffic from the routing_source_ip will be SNATted to. If the list is empty, then no SNAT rules are created.

Possible values:

* A list of strings, each of which should be a valid CIDR.

Related options:

* routing_source_ip

* Deprecated

nova-network is deprecated, as are any related configuration options.

enable_network_quota = False

(Boolean) This option is used to enable or disable quota checking for tenant networks.

Related options:

* quota_networks

* Deprecated

CRUD operations on tenant networks are only available when using nova-network and nova-network is itself deprecated.

volume_usage_poll_interval = 0

(Integer) Interval for gathering volume usages.

This option updates the volume usage cache for every volume_usage_poll_interval number of seconds.

Possible values:

* Any positive integer(in seconds) greater than 0 will enable this option.

* Any value ⇐0 will disable the option.

record = None

(String) Filename that will be used for storing websocket frames received and sent by a proxy service (like VNC, spice, serial) running on this host. If this is not set, no recording will be done.

reserved_host_disk_mb = 0

(Integer) Amount of disk resources in MB to make them always available to host. The disk usage gets reported back to the scheduler from nova-compute running on the compute nodes. To prevent the disk resources from being considered as available, this option can be used to reserve disk space for that host.

Possible values:

* Any positive integer representing amount of disk in MB to reserve for the host.

use_ipv6 = False

(Boolean) Assign IPv6 and IPv4 addresses when creating instances.

Related options:

* use_neutron: this only works with nova-network.

* Deprecated

nova-network is deprecated, as are any related configuration options.

image_cache_subdirectory_name = _base

(String) Location of cached images.

This is NOT the full path - just a folder name relative to '$instances_path'. For per-compute-host cached images, set to 'base$my_ip'

image_cache_manager_interval = 2400

(Integer) Number of seconds to wait between runs of the image cache manager.

Possible values:

* 0: run at the default rate.

* -1: disable

* Any other value

my_block_storage_ip = $my_ip

(String) The IP address which is used to connect to the block storage network.

Possible values:

* String with valid IP address. Default is IP address of this host.

Related options:

* my_ip - if my_block_storage_ip is not set, then my_ip value is used.

metadata_port = 8775

(Port number) This option determines the port used for the metadata API server.

Related options:

* metadata_host

* Deprecated

nova-network is deprecated, as are any related configuration options.

dns_update_periodic_interval = -1

(Integer) This option determines the time, in seconds, to wait between refreshing DNS entries for the network.

Possible values:

* A positive integer

* -1 to disable updates

Related options:

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

force_dhcp_release = True

(Boolean) When this option is True, a call is made to release the DHCP for the instance when that instance is terminated.

Related options:

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

dhcpbridge_flagfile = ['/etc/nova/nova-dhcpbridge.conf']

(Multi-valued) This option is a list of full paths to one or more configuration files for dhcpbridge. In most cases the default path of '/etc/nova/nova-dhcpbridge.conf' should be sufficient, but if you have special needs for configuring dhcpbridge, you can change or add to this list.

Possible values

* A list of strings, where each string is the full path to a dhcpbridge configuration file.

* Deprecated

nova-network is deprecated, as are any related configuration options.

use_cow_images = True

(Boolean) Enable use of copy-on-write (cow) images.

QEMU/KVM allow the use of qcow2 as backing files. By disabling this, backing files will not be used.

dhcpbridge = $bindir/nova-dhcpbridge

(String) The location of the binary nova-dhcpbridge. By default it is the binary named 'nova-dhcpbridge' that is installed with all the other nova binaries.

Possible values:

* Any string representing the full path to the binary for dhcpbridge

* Deprecated

nova-network is deprecated, as are any related configuration options.

num_networks = 1

(Integer) This option represents the number of networks to create if not explicitly specified when the network is created. The only time this is used is if a CIDR is specified, but an explicit network_size is not. In that case, the subnets are created by diving the IP address space of the CIDR by num_networks. The resulting subnet sizes cannot be larger than the configuration option network_size; in that event, they are reduced to network_size, and a warning is logged.

Please note that this option is only used when using nova-network instead of Neutron in your deployment.

Possible values:

* Any positive integer is technically valid, although there are practical limits based upon available IP address space and virtual interfaces.

Related options:

* use_neutron

* network_size

* Deprecated

nova-network is deprecated, as are any related configuration options.

running_deleted_instance_timeout = 0

(Integer) Time interval in seconds to wait for the instances that have been marked as deleted in database to be eligible for cleanup.

Possible values:

* Any positive integer in seconds(default is 0).

Related options:

* "running_deleted_instance_action"

ldap_dns_soa_retry = 3600

(Integer) Retry interval (in seconds) for LDAP DNS driver Start of Authority

Time interval, a secondary/slave DNS server should wait, if an attempt to transfer zone failed during the previous refresh interval.

* Deprecated

nova-network is deprecated, as are any related configuration options.

network_manager = nova.network.manager.VlanManager

(String) Full class name for the Manager for network

reserved_host_memory_mb = 512

(Integer) Amount of memory in MB to reserve for the host so that it is always available to host processes. The host resources usage is reported back to the scheduler continuously from nova-compute running on the compute node. To prevent the host memory from being considered as available, this option is used to reserve memory for the host.

Possible values:

* Any positive integer representing amount of memory in MB to reserve for the host.

share_dhcp_address = False

(Boolean) THIS VALUE SHOULD BE SET WHEN CREATING THE NETWORK.

If True in multi_host mode, all compute hosts share the same dhcp address. The same IP address used for DHCP will be added on each nova-network node which is only visible to the VMs on the same host.

The use of this configuration has been deprecated and may be removed in any release after Mitaka. It is recommended that instead of relying on this option, an explicit value should be passed to 'create_networks()' as a keyword argument with the name 'share_address'.

* Deprecated

No deprecation reason provided for this option.

compute_driver = None

(String) Defines which driver to use for controlling virtualization.

Possible values:

* libvirt.LibvirtDriver

* xenapi.XenAPIDriver

* fake.FakeDriver

* ironic.IronicDriver

* vmwareapi.VMwareVCDriver

* hyperv.HyperVDriver

timeout_nbd = 10

(Integer) Amount of time, in seconds, to wait for NBD device start up.

logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

(String) Format string to use for log messages when context is undefined.

pybasedir = /usr/lib/python/site-packages/nova

(String) The directory where the Nova python modules are installed.

This directory is used to store template files for networking and remote console access. It is also the default path for other config options which need to persist Nova internal data. It is very unlikely that you need to change this option from its default value.

Possible values:

* The full path to a directory.

Related options:

* state_path

use_network_dns_servers = False

(Boolean) When this option is set to True, the dns1 and dns2 servers for the network specified by the user on boot will be used for DNS, as well as any specified in the dns_server option.

Related options:

* dns_server

* Deprecated

nova-network is deprecated, as are any related configuration options.

enabled_ssl_apis =

(List) List of APIs with enabled SSL.

Nova provides SSL support for the API servers. enabled_ssl_apis option allows configuring the SSL support.

log_date_format = %Y-%m-%d %H:%M:%S

(String) Defines the format string for %%(asctime)s in log records. Default: %(default)s . This option is ignored if log_config_append is set.

rate_limit_interval = 0

(Integer) Interval, number of seconds, of log rate limiting.

pypowervm_job_request_timeout = 1800

(Integer) Default timeout in seconds for PowerVM Job requests.

rescue_timeout = 0

(Integer) Interval to wait before un-rescuing an instance stuck in RESCUE.

Possible values:

* 0: Disables the option (default)

* Any positive integer in seconds: Enables the option.

max_local_block_devices = 3

(Integer) Maximum number of devices that will result in a local image being created on the hypervisor node.

A negative number means unlimited. Setting max_local_block_devices to 0 means that any request that attempts to create a local disk will fail. This option is meant to limit the number of local discs (so root local disc that is the result of --image being used, and any other ephemeral and swap disks). 0 does not mean that images will be automatically converted to volumes and boot instances from volumes - it just means that all requests that attempt to create a local disk will fail.

Possible values:

* 0: Creating a local disk is not allowed.

* Negative number: Allows unlimited number of local discs.

* Positive number: Allows only these many number of local discs. (Default value is 3).

ovs_vsctl_timeout = 120

(Integer) This option represents the period of time, in seconds, that the ovs_vsctl calls will wait for a response from the database before timing out. A setting of 0 means that the utility should wait forever for a response.

Possible values:

* Any positive integer if a limited timeout is desired, or zero if the calls should wait forever for a response.

* Deprecated

nova-network is deprecated, as are any related configuration options.

max_concurrent_live_migrations = 1

(Integer) Maximum number of live migrations to run concurrently. This limit is enforced to avoid outbound live migrations overwhelming the host/network and causing failures. It is not recommended that you change this unless you are very sure that doing so is safe and stable in your environment.

Possible values:

* 0 : treated as unlimited.

* Negative value defaults to 0.

* Any positive integer representing maximum number of live migrations to run concurrently.

use_syslog = False

(Boolean) Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.

gateway_v6 = None

(String) This is the default IPv6 gateway. It is used only in the testing suite.

Please note that this option is only used when using nova-network instead of Neutron in your deployment.

Possible values:

* Any valid IP address.

Related options:

* use_neutron

* gateway

* Deprecated

nova-network is deprecated, as are any related configuration options.

osapi_compute_workers = None

(Integer) Number of workers for OpenStack API service. The default will be the number of CPUs available.

OpenStack API services can be configured to run as multi-process (workers). This overcomes the problem of reduction in throughput when API request concurrency increases. OpenStack API service will run in the specified number of processes.

Possible Values:

* Any positive integer

* None (default value)

max_concurrent_builds = 10

(Integer) Limits the maximum number of instance builds to run concurrently by nova-compute. Compute service can attempt to build an infinite number of instances, if asked to do so. This limit is enforced to avoid building unlimited instance concurrently on a compute node. This value can be set per compute node.

Possible Values:

* 0 : treated as unlimited.

* Any positive integer representing maximum concurrent builds.

tempdir = None

(String) Explicitly specify the temporary working directory.

monkey_patch = False

(Boolean) Determine if monkey patching should be applied.

Related options:

* monkey_patch_modules: This must have values set for this option to have any effect

linuxnet_interface_driver = nova.network.linux_net.LinuxBridgeInterfaceDriver

(String) This is the class used as the ethernet device driver for linuxnet bridge operations. The default value should be all you need for most cases, but if you wish to use a customized class, set this option to the full dot-separated import path for that class.

Possible values:

* Any string representing a dot-separated class path that Nova can import.

* Deprecated

nova-network is deprecated, as are any related configuration options.

bindir = /usr/local/bin

(String) The directory where the Nova binaries are installed.

This option is only relevant if the networking capabilities from Nova are used (see services below). Nova’s networking capabilities are targeted to be fully replaced by Neutron in the future. It is very unlikely that you need to change this option from its default value.

Possible values:

* The full path to a directory.

default_flavor = m1.small

(String) Default flavor to use for the EC2 API only. The Nova API does not support a default flavor.

* Deprecated

The EC2 API is deprecated.

vcpu_pin_set = None

(String) Defines which physical CPUs (pCPUs) can be used by instance virtual CPUs (vCPUs).

Possible values:

* A comma-separated list of physical CPU numbers that virtual CPUs can be allocated to by default. Each element should be either a single CPU number, a range of CPU numbers, or a caret followed by a CPU number to be excluded from a previous range. For example:

vcpu_pin_set = "4-12,^8,15"

cpu_allocation_ratio = 0.0

(Floating point) This option helps you specify virtual CPU to physical CPU allocation ratio.

From Ocata (15.0.0) this is used to influence the hosts selected by the Placement API. Note that when Placement is used, the CoreFilter is redundant, because the Placement API will have already filtered out hosts that would have failed the CoreFilter.

This configuration specifies ratio for CoreFilter which can be set per compute node. For AggregateCoreFilter, it will fall back to this configuration value if no per-aggregate setting is found.

Note

This can be set per-compute, or if set to 0.0, the value set on the scheduler node(s) or compute node(s) will be used and defaulted to 16.0.

Note

As of the 16.0.0 Pike release, this configuration option is ignored for the ironic.IronicDriver compute driver and is hardcoded to 1.0.

Possible values:

* Any valid positive integer or float value

instance_uuid_format = "[instance: %(uuid)s] "

(String) The format for an instance UUID that is passed with the log message.

db_driver = nova.db

(String) The driver to use for database access

* Deprecated

No deprecation reason provided for this option.

create_unique_mac_address_attempts = 5

(Integer) This option determines how many times nova-network will attempt to create a unique MAC address before giving up and raising a VirtualInterfaceMacAddressException error.

Possible values:

* Any positive integer. The default is 5.

Related options:

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

scheduler_instance_sync_interval = 120

(Integer) Interval between sending the scheduler a list of current instance UUIDs to verify that its view of instances is in sync with nova.

If the CONF option 'scheduler_tracks_instance_changes' is False, the sync calls will not be made. So, changing this option will have no effect.

If the out of sync situations are not very common, this interval can be increased to lower the number of RPC messages being sent. Likewise, if sync issues turn out to be a problem, the interval can be lowered to check more frequently.

Possible values:

* 0: Will run at the default periodic interval.

* Any value < 0: Disables the option.

* Any positive integer in seconds.

Related options:

* This option has no impact if scheduler_tracks_instance_changes is set to False.

iptables_top_regex =

(String) This expression, if defined, will select any matching iptables rules and place them at the top when applying metadata changes to the rules.

Possible values:

* Any string representing a valid regular expression, or an empty string

Related options:

* iptables_bottom_regex

* Deprecated

nova-network is deprecated, as are any related configuration options.

vlan_start = 100

(Integer) This is the VLAN number used for private networks. Note that the when creating the networks, if the specified number has already been assigned, nova-network will increment this number until it finds an available VLAN.

Please note that this option is only used when using nova-network instead of Neutron in your deployment. It also will be ignored if the configuration option for network_manager is not set to the default of 'nova.network.manager.VlanManager'.

Possible values:

* Any integer between 1 and 4094. Values outside of that range will raise a ValueError exception.

Related options:

* network_manager

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

osapi_compute_unique_server_name_scope =

(String) Sets the scope of the check for unique instance names.

The default doesn’t check for unique names. If a scope for the name check is set, a launch of a new instance or an update of an existing instance with a duplicate name will result in an ''InstanceExists'' error. The uniqueness is case-insensitive. Setting this option can increase the usability for end users as they don’t have to distinguish among instances with the same name by their IDs.

Possible values:

* '': An empty value means that no uniqueness check is done and duplicate names are possible.

* "project": The instance name check is done only for instances within the same project.

* "global": The instance name check is done for all instances regardless of the project.

ldap_dns_servers = ['dns.example.org']

(Multi-valued) DNS Servers for LDAP DNS driver

Possible values:

* A valid URL representing a DNS server

* Deprecated

nova-network is deprecated, as are any related configuration options.

log_config_append = None

(String) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, logging_context_format_string).

* Mutable

This option can be changed without restarting.

internal_service_availability_zone = internal

(String) This option specifies the name of the availability zone for the internal services. Services like nova-scheduler, nova-network, nova-conductor are internal services. These services will appear in their own internal availability_zone.

Possible values:

* Any string representing an availability zone name

* 'internal' is the default value

ipv6_backend = rfc2462

(String) Abstracts out IPv6 address generation to pluggable backends.

nova-network can be put into dual-stack mode, so that it uses both IPv4 and IPv6 addresses. In dual-stack mode, by default, instances acquire IPv6 global unicast addresses with the help of stateless address auto-configuration mechanism.

Related options:

* use_neutron: this option only works with nova-network.

* use_ipv6: this option only works if ipv6 is enabled for nova-network.

* Deprecated

nova-network is deprecated, as are any related configuration options.

log_file = None

(String) (Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.

ldap_dns_soa_minimum = 7200

(Integer) Minimum interval (in seconds) for LDAP DNS driver Start of Authority

It is Minimum time-to-live applies for all resource records in the zone file. This value is supplied to other servers how long they should keep the data in cache.

* Deprecated

nova-network is deprecated, as are any related configuration options.

network_driver = nova.network.linux_net

(String) Driver to use for network creation.

Network driver initializes (creates bridges and so on) only when the first VM lands on a host node. All network managers configure the network using network drivers. The driver is not tied to any particular network manager.

The default Linux driver implements vlans, bridges, and iptables rules using linux utilities.

Note that this option is only used when using nova-network instead of Neutron in your deployment.

Related options:

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

sync_power_state_interval = 600

(Integer) Interval to sync power states between the database and the hypervisor.

The interval that Nova checks the actual virtual machine power state and the power state that Nova has in its database. If a user powers down their VM, Nova updates the API to report the VM has been powered down. Should something turn on the VM unexpectedly, Nova will turn the VM back off to keep the system in the expected state.

Possible values:

* 0: Will run at the default periodic interval.

* Any value < 0: Disables the option.

* Any positive integer in seconds.

Related options:

* If handle_virt_lifecycle_events in workarounds_group is false and this option is negative, then instances that get out of sync between the hypervisor and the Nova database will have to be synchronized manually.

default_availability_zone = nova

(String) Default compute node availability_zone.

This option determines the availability zone to be used when it is not specified in the VM creation request. If this option is not set, the default availability zone 'nova' is used.

Possible values:

* Any string representing an availability zone name

* 'nova' is the default value

logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s

(String) Format string to use for log messages with context.

use_single_default_gateway = False

(Boolean) When set to True, only the firt nic of a VM will get its default gateway from the DHCP server.

* Deprecated

nova-network is deprecated, as are any related configuration options.

cnt_vpn_clients = 0

(Integer) This option represents the number of IP addresses to reserve at the top of the address range for VPN clients. It also will be ignored if the configuration option for network_manager is not set to the default of 'nova.network.manager.VlanManager'.

Possible values:

* Any integer, 0 or greater.

Related options:

* use_neutron

* network_manager

* Deprecated

nova-network is deprecated, as are any related configuration options.

multi_instance_display_name_template = %(name)s-%(count)d

(String) When creating multiple instances with a single request using the os-multiple-create API extension, this template will be used to build the display name for each instance. The benefit is that the instances end up with different hostnames. Example display names when creating two VM’s: name-1, name-2.

Possible values:

* Valid keys for the template are: name, uuid, count.

* Deprecated

This config changes API behaviour. All changes in API behaviour should be discoverable.

ldap_dns_soa_refresh = 1800

(Integer) Refresh interval (in seconds) for LDAP DNS driver Start of Authority

Time interval, a secondary/slave DNS server waits before requesting for primary DNS server’s current SOA record. If the records are different, secondary DNS server will request a zone transfer from primary.

Note

Lower values would cause more traffic.

* Deprecated

nova-network is deprecated, as are any related configuration options.

instance_build_timeout = 0

(Integer) Maximum time in seconds that an instance can take to build.

If this timer expires, instance status will be changed to ERROR. Enabling this option will make sure an instance will not be stuck in BUILD state for a longer period.

Possible values:

* 0: Disables the option (default)

* Any positive integer in seconds: Enables the option.

network_topic = network

(String) The topic network nodes listen on

* Deprecated

There is no need to let users choose the RPC topic for all services - there is little gain from this. Furthermore, it makes it really easy to break Nova by using this option.

flat_network_bridge = None

(String) This option determines the bridge used for simple network interfaces when no bridge is specified in the VM creation request.

Please note that this option is only used when using nova-network instead of Neutron in your deployment.

Possible values:

* Any string representing a valid network bridge, such as 'br100'

Related options:

* use_neutron

* Deprecated

nova-network is deprecated, as are any related configuration options.

fatal_deprecations = False

(Boolean) Enables or disables fatal status of deprecations.

rpc_conn_pool_size = 30

(Integer) Size of RPC connection pool.

conn_pool_min_size = 2

(Integer) The pool size limit for connections expiration policy

conn_pool_ttl = 1200

(Integer) The time-to-live in sec of idle connections in the pool

rpc_poll_timeout = 1

(Integer) The default number of seconds that poll should wait. Poll raises timeout exception when timeout expired.

use_pub_sub = False

(Boolean) Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.

use_router_proxy = False

(Boolean) Use ROUTER remote proxy.

use_dynamic_connections = False

(Boolean) This option makes direct connections dynamic or static. It makes sense only with use_router_proxy=False which means to use direct connections for direct message types (ignored otherwise).

rpc_thread_pool_size = 100

(Integer) Maximum number of (green) threads to work concurrently.

rpc_message_ttl = 300

(Integer) Expiration timeout in seconds of a sent/received message after which it is not tracked anymore by a client/server.

rpc_use_acks = False

(Boolean) Wait for message acknowledgements from receivers. This mechanism works only via proxy without PUB/SUB.

rpc_ack_timeout_base = 15

(Integer) Number of seconds to wait for an ack from a cast/call. After each retry attempt this timeout is multiplied by some specified multiplier.

rpc_ack_timeout_multiplier = 2

(Integer) Number to multiply base ack timeout by after each retry attempt.

rpc_retry_attempts = 3

(Integer) Default number of message sending attempts in case of any problems occurred: positive value N means at most N retries, 0 means no retries, None or -1 (or any other negative values) mean to retry forever. This option is used only if acknowledgments are enabled.

subscribe_on =

(List) List of publisher hosts SubConsumer can subscribe on. This option has higher priority then the default publishers list taken from the matchmaker.

executor_thread_pool_size = 64

(Integer) Size of executor thread pool when executor is threading or eventlet.

rpc_response_timeout = 60

(Integer) Seconds to wait for a response from a call.

transport_url = None

(String) A URL representing the messaging driver to use and its full configuration.

rpc_backend = rabbit

(String) The messaging driver to use, defaults to rabbit. Another driver is amqp.

* Deprecated

Replaced by [DEFAULT]/transport_url

control_exchange = openstack

(String) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.

Table 4.14. Description of ephemeral_storage_encryption configuration options

Configuration option = Default valueDescription

cipher = aes-xts-plain64

(String) Cipher-mode string to be used.

The cipher and mode to be used to encrypt ephemeral storage. The set of cipher-mode combinations available depends on kernel support. According to the dm-crypt documentation, the cipher is expected to be in the format: "<cipher>-<chainmode>-<ivmode>".

Possible values:

* Any crypto option listed in /proc/crypto.

enabled = False

(Boolean) Enables/disables LVM ephemeral storage encryption.

key_size = 512

(Integer) Encryption key length in bits.

The bit length of the encryption key to be used to encrypt ephemeral storage. In XTS mode only half of the bits are used for encryption key.

Table 4.15. Description of filter_scheduler configuration options

Configuration option = Default valueDescription

restrict_isolated_hosts_to_isolated_images = True

(Boolean) Prevent non-isolated images from being built on isolated hosts.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'IsolatedHostsFilter' filter is enabled. Even then, this option doesn’t affect the behavior of requests for isolated images, which will always be restricted to isolated hosts.

Related options:

* scheduler/isolated_images

* scheduler/isolated_hosts

soft_anti_affinity_weight_multiplier = 1.0

(Floating point) Multiplier used for weighing hosts for group soft-anti-affinity.

Possible values:

* An integer or float value, where the value corresponds to weight multiplier for hosts with group soft anti-affinity. Only a positive value are meaningful, as negative values would make this behave as a soft affinity weigher.

max_io_ops_per_host = 8

(Integer) The number of instances that can be actively performing IO on a host.

Instances performing IO includes those in the following states: build, resize, snapshot, migrate, rescue, unshelve.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'io_ops_filter' filter is enabled.

Possible values:

* An integer, where the integer corresponds to the max number of instances that can be actively performing IO on any given host.

aggregate_image_properties_isolation_separator = .

(String) Separator character(s) for image property namespace and name.

When using the aggregate_image_properties_isolation filter, the relevant metadata keys are prefixed with the namespace defined in the aggregate_image_properties_isolation_namespace configuration option plus a separator. This option defines the separator to be used.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'aggregate_image_properties_isolation' filter is enabled.

Possible values:

* A string, where the string corresponds to an image property namespace separator character

Related options:

* aggregate_image_properties_isolation_namespace

isolated_images =

(List) List of UUIDs for images that can only be run on certain hosts.

If there is a need to restrict some images to only run on certain designated hosts, list those image UUIDs here.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'IsolatedHostsFilter' filter is enabled.

Possible values:

* A list of UUID strings, where each string corresponds to the UUID of an image

Related options:

* scheduler/isolated_hosts

* scheduler/restrict_isolated_hosts_to_isolated_images

host_subset_size = 1

(Integer) Size of subset of best hosts selected by scheduler.

New instances will be scheduled on a host chosen randomly from a subset of the N best hosts, where N is the value set by this option.

Setting this to a value greater than 1 will reduce the chance that multiple scheduler processes handling similar requests will select the same host, creating a potential race condition. By selecting a host randomly from the N hosts that best fit the request, the chance of a conflict is reduced. However, the higher you set this value, the less optimal the chosen host may be for a given request.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.

Possible values:

* An integer, where the integer corresponds to the size of a host subset. Any integer is valid, although any value less than 1 will be treated as 1

max_instances_per_host = 50

(Integer) Maximum number of instances that be active on a host.

If you need to limit the number of instances on any given host, set this option to the maximum number of instances you want to allow. The num_instances_filter will reject any host that has at least as many instances as this option’s value.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'num_instances_filter' filter is enabled.

Possible values:

* An integer, where the integer corresponds to the max instances that can be scheduled on a host.

weight_classes = nova.scheduler.weights.all_weighers

(List) Weighers that the scheduler will use.

Only hosts which pass the filters are weighed. The weight for any host starts at 0, and the weighers order these hosts by adding to or subtracting from the weight assigned by the previous weigher. Weights may become negative. An instance will be scheduled to one of the N most-weighted hosts, where N is 'scheduler_host_subset_size'.

By default, this is set to all weighers that are included with Nova.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.

Possible values:

* A list of zero or more strings, where each string corresponds to the name of a weigher that will be used for selecting a host

io_ops_weight_multiplier = -1.0

(Floating point) IO operations weight multipler ratio.

This option determines how hosts with differing workloads are weighed. Negative values, such as the default, will result in the scheduler preferring hosts with lighter workloads whereas positive values will prefer hosts with heavier workloads. Another way to look at it is that positive values for this option will tend to schedule instances onto hosts that are already busy, while negative values will tend to distribute the workload across more hosts. The absolute value, whether positive or negative, controls how strong the io_ops weigher is relative to other weighers.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'io_ops' weigher is enabled.

Possible values:

* An integer or float value, where the value corresponds to the multipler ratio for this weigher.

disk_weight_multiplier = 1.0

(Floating point) Disk weight multipler ratio.

Multiplier used for weighing free disk space. Negative numbers mean to stack vs spread.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'disk' weigher is enabled.

Possible values:

* An integer or float value, where the value corresponds to the multipler ratio for this weigher.

isolated_hosts =

(List) List of hosts that can only run certain images.

If there is a need to restrict some images to only run on certain designated hosts, list those host names here.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'IsolatedHostsFilter' filter is enabled.

Possible values:

* A list of strings, where each string corresponds to the name of a host

Related options:

* scheduler/isolated_images

* scheduler/restrict_isolated_hosts_to_isolated_images

track_instance_changes = True

(Boolean) Enable querying of individual hosts for instance information.

The scheduler may need information about the instances on a host in order to evaluate its filters and weighers. The most common need for this information is for the (anti-)affinity filters, which need to choose a host based on the instances already running on a host.

If the configured filters and weighers do not need this information, disabling this option will improve performance. It may also be disabled when the tracking overhead proves too heavy, although this will cause classes requiring host usage data to query the database on each request instead.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.

Note

In a multi-cell (v2) setup where the cell MQ is separated from the top-level, computes cannot directly communicate with the scheduler. Thus, this option cannot be enabled in that scenario. See also the [workarounds]/disable_group_policy_check_upcall option.

ram_weight_multiplier = 1.0

(Floating point) Ram weight multipler ratio.

This option determines how hosts with more or less available RAM are weighed. A positive value will result in the scheduler preferring hosts with more available RAM, and a negative number will result in the scheduler preferring hosts with less available RAM. Another way to look at it is that positive values for this option will tend to spread instances across many hosts, while negative values will tend to fill up (stack) hosts as much as possible before scheduling to a less-used host. The absolute value, whether positive or negative, controls how strong the RAM weigher is relative to other weighers.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'ram' weigher is enabled.

Possible values:

* An integer or float value, where the value corresponds to the multipler ratio for this weigher.

soft_affinity_weight_multiplier = 1.0

(Floating point) Multiplier used for weighing hosts for group soft-affinity.

Possible values:

* An integer or float value, where the value corresponds to weight multiplier for hosts with group soft affinity. Only a positive value are meaningful, as negative values would make this behave as a soft anti-affinity weigher.

use_baremetal_filters = False

(Boolean) Enable baremetal filters.

Set this to True to tell the nova scheduler that it should use the filters specified in the 'baremetal_scheduler_enabled_filters' option. If you are not scheduling baremetal nodes, leave this at the default setting of False.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.

Related options:

* If this option is set to True, then the filters specified in the 'baremetal_scheduler_enabled_filters' are used instead of the filters specified in 'scheduler_enabled_filters'.

aggregate_image_properties_isolation_namespace = None

(String) Image property namespace for use in the host aggregate.

Images and hosts can be configured so that certain images can only be scheduled to hosts in a particular aggregate. This is done with metadata values set on the host aggregate that are identified by beginning with the value of this option. If the host is part of an aggregate with such a metadata key, the image in the request spec must have the value of that metadata in its properties in order for the scheduler to consider the host as acceptable.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'aggregate_image_properties_isolation' filter is enabled.

Possible values:

* A string, where the string corresponds to an image property namespace

Related options:

* aggregate_image_properties_isolation_separator

enabled_filters = RetryFilter, AvailabilityZoneFilter, RamFilter, DiskFilter, ComputeFilter, ComputeCapabilitiesFilter, ImagePropertiesFilter, ServerGroupAntiAffinityFilter, ServerGroupAffinityFilter

(List) Filters that the scheduler will use.

An ordered list of filter class names that will be used for filtering hosts. Ignore the word 'default' in the name of this option: these filters will always be applied, and they will be applied in the order they are listed so place your most restrictive filters first to make the filtering process more efficient.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.

Possible values:

* A list of zero or more strings, where each string corresponds to the name of a filter to be used for selecting a host

Related options:

* All of the filters in this option must be present in the 'scheduler_available_filters' option, or a SchedulerHostFilterNotFound exception will be raised.

available_filters = ['nova.scheduler.filters.all_filters']

(Multi-valued) Filters that the scheduler can use.

An unordered list of the filter classes the nova scheduler may apply. Only the filters specified in the 'scheduler_enabled_filters' option will be used, but any filter appearing in that option must also be included in this list.

By default, this is set to all filters that are included with nova.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.

Possible values:

* A list of zero or more strings, where each string corresponds to the name of a filter that may be used for selecting a host

Related options:

* scheduler_enabled_filters

baremetal_enabled_filters = RetryFilter, AvailabilityZoneFilter, ComputeFilter, ComputeCapabilitiesFilter, ImagePropertiesFilter, ExactRamFilter, ExactDiskFilter, ExactCoreFilter

(List) Filters used for filtering baremetal hosts.

Filters are applied in order, so place your most restrictive filters first to make the filtering process more efficient.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect.

Possible values:

* A list of zero or more strings, where each string corresponds to the name of a filter to be used for selecting a baremetal host

Related options:

* If the 'scheduler_use_baremetal_filters' option is False, this option has no effect.

Table 4.16. Description of glance configuration options

Configuration option = Default valueDescription

num_retries = 0

(Integer) Enable glance operation retries.

Specifies the number of retries when uploading / downloading an image to / from glance. 0 means no retries.

api_insecure = False

(Boolean) Enable insecure SSL (https) requests to glance.

This setting can be used to turn off verification of the glance server certificate against the certificate authorities.

allowed_direct_url_schemes =

(List) List of url schemes that can be directly accessed.

This option specifies a list of url schemes that can be downloaded directly via the direct_url. This direct_URL can be fetched from Image metadata which can be used by nova to get the image more efficiently. nova-compute could benefit from this by invoking a copy when it has access to the same file system as glance.

Possible values:

* [file], Empty list (default)

api_servers = None

(List) List of glance api servers endpoints available to nova.

https is used for ssl-based glance api servers.

Possible values:

* A list of any fully qualified url of the form "scheme://hostname:port[/path]" (i.e. "http://10.0.1.0:9292" or "https://my.glance.server/image").

verify_glance_signatures = False

(Boolean) Enable image signature verification.

nova uses the image signature metadata from glance and verifies the signature of a signed image while downloading that image. If the image signature cannot be verified or if the image signature metadata is either incomplete or unavailable, then nova will not boot the image and instead will place the instance into an error state. This provides end users with stronger assurances of the integrity of the image data they are using to create servers.

Related options:

* The options in the key_manager group, as the key_manager is used for the signature validation.

debug = False

(Boolean) Enable or disable debug logging with glanceclient.

Table 4.17. Description of guestfs configuration options

Configuration option = Default valueDescription

debug = False

(Boolean) Enable/disables guestfs logging.

This configures guestfs to debug messages and push them to Openstack logging system. When set to True, it traces libguestfs API calls and enable verbose debug messages. In order to use the above feature, "libguestfs" package must be installed.

Related options: Since libguestfs access and modifies VM’s managed by libvirt, below options should be set to give access to those VM’s.

* libvirt.inject_key

* libvirt.inject_partition

* libvirt.inject_password

Table 4.18. Description of ironic configuration options

Configuration option = Default valueDescription

auth_type = None

(Unknown) Authentication type to load

serial_console_state_timeout = 10

(Integer) Timeout (seconds) to wait for node serial console state changed. Set to 0 to disable timeout.

certfile = None

(String) PEM encoded client certificate cert file

api_retry_interval = 2

(Integer) The number of seconds to wait before retrying the request.

Related options:

* api_max_retries

keyfile = None

(String) PEM encoded client certificate key file

insecure = False

(Boolean) Verify HTTPS connections.

api_max_retries = 60

(Integer) The number of times to retry when a request conflicts. If set to 0, only try once, no retries.

Related options:

* api_retry_interval

api_endpoint = http://ironic.example.org:6385/

(String) URL override for the Ironic API endpoint.

timeout = None

(Integer) Timeout value for http requests

cafile = None

(String) PEM encoded Certificate Authority to use when verifying HTTPs connections.

auth_section = None

(Unknown) Config Section from which to load plugin specific options

Table 4.19. Description of key_manager configuration options

Configuration option = Default valueDescription

fixed_key = None

(String) Fixed key returned by key manager, specified in hex.

Possible values:

* Empty string or a key in hex value

api_class = castellan.key_manager.barbican_key_manager.BarbicanKeyManager

(String) The full class name of the key manager API class

Table 4.20. Description of keystone_authtoken configuration options

Configuration option = Default valueDescription

memcache_pool_socket_timeout = 3

(Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.

auth_type = None

(Unknown) Authentication type to load

cache = None

(String) Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option to have the middleware share a caching backend with swift. Otherwise, use the memcached_servers option instead.

admin_token = None

(String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use admin_user and admin_password instead.

signing_dir = None

(String) Directory used to cache files related to PKI tokens. This option has been deprecated in the Ocata release and will be removed in the P release.

* Deprecated

PKI token format is no longer supported.

check_revocations_for_cached = False

(Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.

* Deprecated

PKI token format is no longer supported.

auth_port = 35357

(Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.

auth_protocol = https

(String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.

auth_uri = None

(String) Complete "public" Identity API endpoint. This endpoint should not be an "admin" endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint.

auth_version = None

(String) API version of the admin Identity API endpoint.

include_service_catalog = True

(Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.

memcached_servers = None

(List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.

cafile = None

(String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.

hash_algorithms = md5

(List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.

* Deprecated

PKI token format is no longer supported.

certfile = None

(String) Required if identity server requires client certificate

memcache_pool_dead_retry = 300

(Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.

admin_tenant_name = admin

(String) Service tenant name.

token_cache_time = 300

(Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.

memcache_pool_conn_get_timeout = 10

(Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.

admin_password = None

(String) Service user password.

http_request_max_retries = 3

(Integer) How many times are we trying to reconnect when communicating with Identity API Server.

service_token_roles = service

(List) A choice of roles that must be present in a service token. Service tokens are allowed to request that an expired token can be used and so this check should tightly control that only actual services should be sending this token. Roles here are applied as an ANY check so any role in this list must be present. For backwards compatibility reasons this currently only affects the allow_expired check.

memcache_secret_key = None

(String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.

admin_user = None

(String) Service username.

region_name = None

(String) The region in which the identity server can be found.

auth_admin_prefix =

(String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.

insecure = False

(Boolean) Verify HTTPS connections.

service_token_roles_required = False

(Boolean) For backwards compatibility reasons we must let valid service tokens pass that don’t pass the service_token_roles check as valid. Setting this true will become the default in a future release and should be enabled if possible.

delay_auth_decision = False

(Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.

auth_host = 127.0.0.1

(String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.

memcache_use_advanced_pool = False

(Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.

identity_uri = None

(String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/

revocation_cache_time = 10

(Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. Only valid for PKI tokens. This option has been deprecated in the Ocata release and will be removed in the P release.

* Deprecated

PKI token format is no longer supported.

memcache_pool_maxsize = 10

(Integer) (Optional) Maximum total number of open connections to every memcached server.

auth_section = None

(Unknown) Config Section from which to load plugin specific options

enforce_token_bind = permissive

(String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.

memcache_security_strategy = None

(String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.

memcache_pool_unused_timeout = 60

(Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.

http_connect_timeout = None

(Integer) Request timeout value for communicating with Identity API server.

keyfile = None

(String) Required if identity server requires client certificate

Table 4.21. Description of libvirt configuration options

Configuration option = Default valueDescription

sysinfo_serial = auto

(String) The data source used to the populate the host "serial" UUID exposed to guest in the virtual BIOS.

images_rbd_pool = rbd

(String) The RADOS pool in which rbd volumes are stored

smbfs_mount_options =

(String) Mount options passed to the SMBFS client.

Provide SMBFS options as a single string containing all parameters. See mount.cifs man page for details. Note that the libvirt-qemu uid and gid must be specified.

enabled_perf_events =

(List) This is a performance event list which could be used as monitor. These events will be passed to libvirt domain xml while creating a new instances. Then event statistics data can be collected from libvirt. The minimum libvirt version is 2.0.0. For more information about Performance monitoring events, refer https://libvirt.org/formatdomain.html#elementsPerf .

Possible values:

* A string list. For example: enabled_perf_events = cmt, mbml, mbmt The supported events list can be found in https://libvirt.org/html/libvirt-libvirt-domain.html , which you may need to search key words VIR_PERF_PARAM_*

live_migration_uri = None

(String) Live migration target URI to use.

Override the default libvirt live migration target URI (which is dependent on virt_type). Any included "%s" is replaced with the migration target hostname.

If this option is set to None (which is the default), Nova will automatically generate the live_migration_uri value based on only 3 supported virt_type in following list:

* 'kvm': 'qemu+tcp://%s/system'

* 'qemu': 'qemu+tcp://%s/system'

* 'xen': 'xenmigr://%s/system'

Related options:

* live_migration_inbound_addr: If live_migration_inbound_addr value is not None, the ip/hostname address of target compute node is used instead of live_migration_uri as the uri for live migration.

* live_migration_scheme: If live_migration_uri is not set, the scheme used for live migration is taken from live_migration_scheme instead.

* Deprecated

live_migration_uri is deprecated for removal in favor of two other options that allow to change live migration scheme and target URI: live_migration_scheme and live_migration_inbound_addr respectively.

realtime_scheduler_priority = 1

(Integer) In a realtime host context vCPUs for guest will run in that scheduling priority. Priority depends on the host kernel (usually 1-99)

checksum_base_images = False

(Boolean) Write a checksum for files in _base to disk

* Deprecated

The image cache no longer periodically calculates checksums of stored images. Data integrity can be checked at the block or filesystem level.

live_migration_tunnelled = False

(Boolean) Enable tunnelled migration.

This option enables the tunnelled migration feature, where migration data is transported over the libvirtd connection. If enabled, we use the VIR_MIGRATE_TUNNELLED migration flag, avoiding the need to configure the network to allow direct hypervisor to hypervisor communication. If False, use the native transport. If not set, Nova will choose a sensible default based on, for example the availability of native encryption support in the hypervisor. Enable this option will definitely impact performance massively.

Note that this option is NOT compatible with use of block migration.

Possible values:

* Supersedes and (if set) overrides the deprecated 'live_migration_flag' and 'block_migration_flag' to enable tunneled migration.

checksum_interval_seconds = 3600

(Integer) How frequently to checksum base images

* Deprecated

The image cache no longer periodically calculates checksums of stored images. Data integrity can be checked at the block or filesystem level.

rescue_image_id = None

(String) The ID of the image to boot from to rescue data from a corrupted instance.

If the rescue REST API operation doesn’t provide an ID of an image to use, the image which is referenced by this ID is used. If this option is not set, the image from the instance is used.

Possible values:

* An ID of an image or nothing. If it points to an Amazon Machine Image (AMI), consider to set the config options rescue_kernel_id and rescue_ramdisk_id too. If nothing is set, the image of the instance is used.

Related options:

* rescue_kernel_id: If the chosen rescue image allows the separate definition of its kernel disk, the value of this option is used, if specified. This is the case when Amazon's AMI/AKI/ARI image format is used for the rescue image.

* rescue_ramdisk_id: If the chosen rescue image allows the separate definition of its RAM disk, the value of this option is used if, specified. This is the case when Amazon's AMI/AKI/ARI image format is used for the rescue image.

inject_key = False

(Boolean) Allow the injection of an SSH key at boot time.

There is no agent needed within the image to do this. If libguestfs is available on the host, it will be used. Otherwise nbd is used. The file system of the image will be mounted and the SSH key, which is provided in the REST API call will be injected as SSH key for the root user and appended to the authorized_keys of that user. The SELinux context will be set if necessary. Be aware that the injection is not possible when the instance gets launched from a volume.

This config option will enable directly modifying the instance disk and does not affect what cloud-init may do using data from config_drive option or the metadata service.

Related options:

* inject_partition: That option will decide about the discovery and usage of the file system. It also can disable the injection at all.

uid_maps =

(List) List of uid targets and ranges.Syntax is guest-uid:host-uid:countMaximum of 5 allowed.

hw_disk_discard = None

(String) Discard option for nova managed disks.

Requires:

* Libvirt >= 1.0.6

* Qemu >= 1.5 (raw format)

* Qemu >= 1.6 (qcow2 format)

live_migration_downtime = 500

(Integer) Maximum permitted downtime, in milliseconds, for live migration switchover.

Will be rounded up to a minimum of 100ms. You can increase this value if you want to allow live-migrations to complete faster, or avoid live-migration timeout errors by allowing the guest to be paused for longer during the live-migration switch over.

Related options:

* live_migration_completion_timeout

vzstorage_mount_group = qemu

(String) Mount owner group name.

This option defines the owner group of Vzstorage cluster mountpoint.

Related options:

* vzstorage_mount_* group of parameters

inject_partition = -2

(Integer) Determines the way how the file system is chosen to inject data into it.

_libguestfs_ will be used a first solution to inject data. If that's not available on the host, the image will be locally mounted on the host as a fallback solution. If libguestfs is not able to determine the root partition (because there are more or less than one root partition) or cannot mount the file system it will result in an error and the instance won't be boot.

Possible values:

* -2 ⇒ disable the injection of data.

* -1 ⇒ find the root partition with the file system to mount with libguestfs

* 0 ⇒ The image is not partitioned

* >0 ⇒ The number of the partition to use for the injection

Related options:

* inject_key: If this option allows the injection of a SSH key it depends on value greater or equal to -1 for inject_partition.

* inject_password: If this option allows the injection of an admin password it depends on value greater or equal to -1 for inject_partition.

* guestfs You can enable the debug log level of libguestfs with this config option. A more verbose output will help in debugging issues.

* virt_type: If you use lxc as virt_type it will be treated as a single partition image

connection_uri =

(String) Overrides the default libvirt URI of the chosen virtualization type.

If set, Nova will use this URI to connect to libvirt.

Possible values:

* An URI like qemu:///system or xen+ssh://oirase/ for example. This is only necessary if the URI differs to the commonly known URIs for the chosen virtualization type.

Related options:

* virt_type: Influences what is used as default value here.

num_aoe_discover_tries = 3

(Integer) Number of times to rediscover AoE target to find volume.

Nova provides support for block storage attaching to hosts via AOE (ATA over Ethernet). This option allows the user to specify the maximum number of retry attempts that can be made to discover the AoE device.

volume_clear = zero

(String) Method used to wipe ephemeral disks when they are deleted. Only takes effect if LVM is set as backing storage.

Possible values:

* none - do not wipe deleted volumes

* zero - overwrite volumes with zeroes

* shred - overwrite volume repeatedly

Related options:

* images_type - must be set to lvm

* volume_clear_size

snapshots_directory = $instances_path/snapshots

(String) Location where libvirt driver will store snapshots before uploading them to image service

wait_soft_reboot_seconds = 120

(Integer) Number of seconds to wait for instance to shut down after soft reboot request is made. We fall back to hard reboot if instance does not shutdown within this window.