Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

Chapter 1. Common Configurations

This chapter describes the common configurations for shared service and libraries.

1.1. Common Configuration Options

1.1.1. Description of Configuration Options

The following tables provide a comprehensive list of the common configuration options.

Table 1.1. Description of AMQP configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

control_exchange = openstack

(String) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.

default_publisher_id = None

(String) Default publisher_id for outgoing notifications

transport_url = None

(String) A URL representing the messaging driver to use and its full configuration. If not set, we fall back to the rpc_backend option and driver specific configuration.

Table 1.2. Description of authentication configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

auth_strategy = keystone

(String) This determines the strategy to use for authentication: keystone or noauth2. 'noauth2' is designed for testing only, as it does no actual credential checking. 'noauth2' provides administrative credentials only if 'admin' is specified as the username.

Table 1.3. Description of authorization token configuration options

Configuration option = Default valueDescription

[keystone_authtoken]

 

admin_password = None

(String) Service user password.

admin_tenant_name = admin

(String) Service tenant name.

admin_token = None

(String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use admin_user and admin_password instead.

admin_user = None

(String) Service username.

auth_admin_prefix =

(String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.

auth_host = 127.0.0.1

(String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.

auth_port = 35357

(Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.

auth_protocol = https

(String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.

auth_section = None

(Unknown) Config Section from which to load plugin specific options

auth_type = None

(Unknown) Authentication type to load

auth_uri = None

(String) Complete "public" Identity API endpoint. This endpoint should not be an "admin" endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint.

auth_version = None

(String) API version of the admin Identity API endpoint.

cache = None

(String) Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option to have the middleware share a caching backend with swift. Otherwise, use the memcached_servers option instead.

cafile = None

(String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.

certfile = None

(String) Required if identity server requires client certificate

check_revocations_for_cached = False

(Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.

delay_auth_decision = False

(Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.

enforce_token_bind = permissive

(String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.

hash_algorithms = md5

(List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.

http_connect_timeout = None

(Integer) Request timeout value for communicating with Identity API server.

http_request_max_retries = 3

(Integer) How many times are we trying to reconnect when communicating with Identity API Server.

identity_uri = None

(String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/

include_service_catalog = True

(Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.

insecure = False

(Boolean) Verify HTTPS connections.

keyfile = None

(String) Required if identity server requires client certificate

memcache_pool_conn_get_timeout = 10

(Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.

memcache_pool_dead_retry = 300

(Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.

memcache_pool_maxsize = 10

(Integer) (Optional) Maximum total number of open connections to every memcached server.

memcache_pool_socket_timeout = 3

(Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.

memcache_pool_unused_timeout = 60

(Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.

memcache_secret_key = None

(String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.

memcache_security_strategy = None

(String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.

memcache_use_advanced_pool = False

(Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.

memcached_servers = None

(List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.

region_name = None

(String) The region in which the identity server can be found.

revocation_cache_time = 10

(Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. Only valid for PKI tokens.

signing_dir = None

(String) Directory used to cache files related to PKI tokens.

token_cache_time = 300

(Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.

Table 1.4. Description of database configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

db_driver = SERVICE.db

(String) DEPRECATED: The driver to use for database access

[database]

 

backend = sqlalchemy

(String) The back end to use for the database.

connection = None

(String) The SQLAlchemy connection string to use to connect to the database.

connection_debug = 0

(Integer) Verbosity of SQL debugging information: 0=None, 100=Everything.

connection_trace = False

(Boolean) Add Python stack traces to SQL as comment strings.

db_inc_retry_interval = True

(Boolean) If True, increases the interval between retries of a database operation up to db_max_retry_interval.

db_max_retries = 20

(Integer) Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.

db_max_retry_interval = 10

(Integer) If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.

db_retry_interval = 1

(Integer) Seconds between retries of a database transaction.

idle_timeout = 3600

(Integer) Timeout before idle SQL connections are reaped.

max_overflow = 50

(Integer) If set, use this value for max_overflow with SQLAlchemy.

max_pool_size = None

(Integer) Maximum number of SQL connections to keep open in a pool.

max_retries = 10

(Integer) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.

min_pool_size = 1

(Integer) Minimum number of SQL connections to keep open in a pool.

mysql_sql_mode = TRADITIONAL

(String) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=

pool_timeout = None

(Integer) If set, use this value for pool_timeout with SQLAlchemy.

retry_interval = 10

(Integer) Interval between retries of opening a SQL connection.

slave_connection = None

(String) The SQLAlchemy connection string to use to connect to the slave database.

sqlite_db = oslo.sqlite

(String) The file name to use with SQLite.

sqlite_synchronous = True

(Boolean) If True, SQLite uses synchronous mode.

use_db_reconnect = False

(Boolean) Enable the experimental use of database reconnect on connection lost.

use_tpool = False

(Boolean) Enable the experimental use of thread pooling for all DB API calls

Table 1.5. Description of common logging configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

debug = False

(Boolean) If set to true, the logging level will be set to DEBUG instead of the default INFO level.

default_log_levels = amqp=WARN, amqplib=WARN, boto=WARN, qpid=WARN, sqlalchemy=WARN, suds=INFO, oslo.messaging=INFO, iso8601=WARN, requests.packages.urllib3.connectionpool=WARN, urllib3.connectionpool=WARN, websocket=WARN, requests.packages.urllib3.util.retry=WARN, urllib3.util.retry=WARN, keystonemiddleware=WARN, routes.middleware=WARN, stevedore=WARN, taskflow=WARN, keystoneauth=WARN, oslo.cache=INFO, dogpile.core.dogpile=INFO

(List) List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.

fatal_deprecations = False

(Boolean) Enables or disables fatal status of deprecations.

fatal_exception_format_errors = False

(Boolean) Make exception message format errors fatal

instance_format = "[instance: %(uuid)s] "

(String) The format for an instance that is passed with the log message.

instance_uuid_format = "[instance: %(uuid)s] "

(String) The format for an instance UUID that is passed with the log message.

log_config_append = None

(String) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, logging_context_format_string).

log_date_format = %Y-%m-%d %H:%M:%S

(String) Defines the format string for %%(asctime)s in log records. Default: %(default)s . This option is ignored if log_config_append is set.

log_dir = None

(String) (Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.

log_file = None

(String) (Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.

logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s

(String) Format string to use for log messages with context.

logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d

(String) Additional data to append to log message when logging level for the message is DEBUG.

logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

(String) Format string to use for log messages when context is undefined.

logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

(String) Prefix each line of exception output with this format.

logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s

(String) Defines the format string for %(user_identity)s that is used in logging_context_format_string.

publish_errors = False

(Boolean) Enables or disables publication of error events.

syslog_log_facility = LOG_USER

(String) Syslog facility to receive log lines. This option is ignored if log_config_append is set.

use_stderr = True

(Boolean) Log output to standard error. This option is ignored if log_config_append is set.

use_syslog = False

(Boolean) Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.

verbose = True

(Boolean) DEPRECATED: If set to false, the logging level will be set to WARNING instead of the default INFO level.

watch_log_file = False

(Boolean) Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.

Table 1.6. Description of policy configuration options

Configuration option = Default valueDescription

[oslo_policy]

 

policy_default_rule = default

(String) Default rule. Enforced when a requested rule is not found.

policy_dirs = ['policy.d']

(Multi-valued) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.

policy_file = policy.json

(String) The JSON file that defines policies.

Table 1.7. Description of RPC configuration options

Configuration option = Default valueDescription

[DEFAULT]

 

notification_format = both

(String) Specifies which notification format shall be used by nova.

rpc_backend = rabbit

(String) The messaging driver to use, defaults to rabbit. Other drivers include amqp and zmq.

rpc_cast_timeout = -1

(Integer) Seconds to wait before a cast expires (TTL). The default value of -1 specifies an infinite linger period. The value of 0 specifies no linger period. Pending messages shall be discarded immediately when the socket is closed. Only supported by impl_zmq.

rpc_conn_pool_size = 30

(Integer) Size of RPC connection pool.

rpc_poll_timeout = 1

(Integer) The default number of seconds that poll should wait. Poll raises timeout exception when timeout expired.

rpc_response_timeout = 60

(Integer) Seconds to wait for a response from a call.

[cells]

 

rpc_driver_queue_base = cells.intercell

(String) RPC driver queue base When sending a message to another cell by JSON-ifying the message and making an RPC cast to 'process_message', a base queue is used. This option defines the base queue name to be used when communicating between cells. Various topics by message type will be appended to this.

Possible values: * The base queue name to be used when communicating between cells. Services which consume this: * nova-cells

Related options: * None

[oslo_concurrency]

 

disable_process_locking = False

(Boolean) Enables or disables inter-process locks.

lock_path = None

(String) Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set.

[oslo_messaging]

 

event_stream_topic = neutron_lbaas_event

(String) topic name for receiving events from a queue

[oslo_messaging_amqp]

 

allow_insecure_clients = False

(Boolean) Accept clients using either SSL or plain TCP

broadcast_prefix = broadcast

(String) address prefix used when broadcasting to all servers

container_name = None

(String) Name for the AMQP container

group_request_prefix = unicast

(String) address prefix when sending to any server in group

idle_timeout = 0

(Integer) Timeout for inactive connections (in seconds)

password =

(String) Password for message broker authentication

sasl_config_dir =

(String) Path to directory that contains the SASL configuration

sasl_config_name =

(String) Name of configuration file (without .conf suffix)

sasl_mechanisms =

(String) Space separated list of acceptable SASL mechanisms

server_request_prefix = exclusive

(String) address prefix used when sending to a specific server

ssl_ca_file =

(String) CA certificate PEM file to verify server certificate

ssl_cert_file =

(String) Identifying certificate PEM file to present to clients

ssl_key_file =

(String) Private key PEM file used to sign cert_file certificate

ssl_key_password = None

(String) Password for decrypting ssl_key_file (if encrypted)

trace = False

(Boolean) Debug: dump AMQP frames to stdout

username =

(String) User name for message broker authentication

[oslo_messaging_notifications]

 

driver = []

(Multi-valued) The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop

topics = notifications

(List) AMQP topic used for OpenStack notifications.

transport_url = None

(String) A URL representing the messaging driver to use for notifications. If not set, we fall back to the same configuration used for RPC.

[upgrade_levels]

 

baseapi = None

(String) Set a version cap for messages sent to the base api in any service