Configuration reference

Red Hat OpenStack Platform 17.1

Configure Red Hat OpenStack Platform environments

OpenStack Documentation Team

Abstract

This document is for system administrators who want to look up configuration options. It contains lists of configuration options available with OpenStack and uses auto-generation to generate options and the descriptions from the code for each project.

Preface

This document describes the options available in the configuration files for each of the major services in Red Hat OpenStack Platform. The content is automatically generated based on the values in the configuration files themselves, and is provided for reference purposes only.

Warning

Manually editing configuration files is not supported. All configuration changes must be made through the Director. Red Hat provides this guide as a technical reference only.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Providing feedback on Red Hat documentation

We appreciate your input on our documentation. Tell us how we can make it better.

Using the Direct Documentation Feedback (DDF) function

Use the Add Feedback DDF function for direct comments on specific sentences, paragraphs, or code blocks.

  1. View the documentation in the Multi-page HTML format.
  2. Ensure that you see the Feedback button in the upper right corner of the document.
  3. Highlight the part of text that you want to comment on.
  4. Click Add Feedback.
  5. Complete the Add Feedback field with your comments.
  6. Optional: Add your email address so that the documentation team can contact you for clarification on your issue.
  7. Click Submit.

Chapter 1. barbican

The following chapter contains information about the configuration options in the barbican service.

1.1. barbican.conf

This section contains options for the /etc/barbican/barbican.conf file.

1.1.1. DEFAULT

The following table outlines the options available under the [DEFAULT] group in the /etc/barbican/barbican.conf file.

.

Configuration option = Default valueTypeDescription

admin_role = admin

string value

Role used to identify an authenticated user as administrator.

allow_anonymous_access = False

boolean value

Allow unauthenticated users to access the API with read-only privileges. This only applies when using ContextMiddleware.

api_paste_config = api-paste.ini

string value

File name for the paste.deploy config for api service

backdoor_port = None

string value

Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number; <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service’s log file.

backdoor_socket = None

string value

Enable eventlet backdoor, using the provided path as a unix socket that can receive connections. This option is mutually exclusive with backdoor_port in that only one should be provided. If both are provided then the existence of this option overrides the usage of that option. Inside the path {pid} will be replaced with the PID of the current process.

client_socket_timeout = 900

integer value

Timeout for client connections' socket operations. If an incoming connection is idle for this number of seconds it will be closed. A value of 0 means wait forever.

conn_pool_min_size = 2

integer value

The pool size limit for connections expiration policy

conn_pool_ttl = 1200

integer value

The time-to-live in sec of idle connections in the pool

control_exchange = openstack

string value

The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.

db_auto_create = False

boolean value

Create the Barbican database on service startup.

debug = False

boolean value

If set to true, the logging level will be set to DEBUG instead of the default INFO level.

default_limit_paging = 10

integer value

Default page size for the limit paging URL parameter.

default_log_levels = ['amqp=WARN', 'amqplib=WARN', 'boto=WARN', 'qpid=WARN', 'sqlalchemy=WARN', 'suds=INFO', 'oslo.messaging=INFO', 'oslo_messaging=INFO', 'iso8601=WARN', 'requests.packages.urllib3.connectionpool=WARN', 'urllib3.connectionpool=WARN', 'websocket=WARN', 'requests.packages.urllib3.util.retry=WARN', 'urllib3.util.retry=WARN', 'keystonemiddleware=WARN', 'routes.middleware=WARN', 'stevedore=WARN', 'taskflow=WARN', 'keystoneauth=WARN', 'oslo.cache=INFO', 'oslo_policy=INFO', 'dogpile.core.dogpile=INFO']

list value

List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.

executor_thread_pool_size = 64

integer value

Size of executor thread pool when executor is threading or eventlet.

fatal_deprecations = False

boolean value

Enables or disables fatal status of deprecations.

host_href = http://localhost:9311

string value

Host name, for use in HATEOAS-style references Note: Typically this would be the load balanced endpoint that clients would use to communicate back with this service. If a deployment wants to derive host from wsgi request instead then make this blank. Blank is needed to override default config value which is http://localhost:9311

`instance_format = [instance: %(uuid)s] `

string value

The format for an instance that is passed with the log message.

`instance_uuid_format = [instance: %(uuid)s] `

string value

The format for an instance UUID that is passed with the log message.

log-config-append = None

string value

The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log-date-format).

log-date-format = %Y-%m-%d %H:%M:%S

string value

Defines the format string for %%(asctime)s in log records. Default: %(default)s . This option is ignored if log_config_append is set.

log-dir = None

string value

(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.

log-file = None

string value

(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.

log_rotate_interval = 1

integer value

The amount of time before the log files are rotated. This option is ignored unless log_rotation_type is setto "interval".

log_rotate_interval_type = days

string value

Rotation interval type. The time of the last file change (or the time when the service was started) is used when scheduling the next rotation.

log_rotation_type = none

string value

Log rotation type.

logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s

string value

Format string to use for log messages with context. Used by oslo_log.formatters.ContextFormatter

logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d

string value

Additional data to append to log message when logging level for the message is DEBUG. Used by oslo_log.formatters.ContextFormatter

logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

string value

Format string to use for log messages when context is undefined. Used by oslo_log.formatters.ContextFormatter

logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

string value

Prefix each line of exception output with this format. Used by oslo_log.formatters.ContextFormatter

logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s

string value

Defines the format string for %(user_identity)s that is used in logging_context_format_string. Used by oslo_log.formatters.ContextFormatter

max_allowed_request_size_in_bytes = 25000

integer value

Maximum allowed http request size against the barbican-api.

max_allowed_secret_in_bytes = 20000

integer value

Maximum allowed secret size in bytes.

max_header_line = 16384

integer value

Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated when keystone is configured to use PKI tokens with big service catalogs).

max_limit_paging = 100

integer value

Maximum page size for the limit paging URL parameter.

max_logfile_count = 30

integer value

Maximum number of rotated log files.

max_logfile_size_mb = 200

integer value

Log file maximum size in MB. This option is ignored if "log_rotation_type" is not set to "size".

publish_errors = False

boolean value

Enables or disables publication of error events.

rate_limit_burst = 0

integer value

Maximum number of logged messages per rate_limit_interval.

rate_limit_except_level = CRITICAL

string value

Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered.

rate_limit_interval = 0

integer value

Interval, number of seconds, of log rate limiting.

rpc_conn_pool_size = 30

integer value

Size of RPC connection pool.

rpc_ping_enabled = False

boolean value

Add an endpoint to answer to ping calls. Endpoint is named oslo_rpc_server_ping

rpc_response_timeout = 60

integer value

Seconds to wait for a response from a call.

run_external_periodic_tasks = True

boolean value

Some periodic tasks can be run in a separate process. Should we run them here?

sql_connection = sqlite:///barbican.sqlite

string value

SQLAlchemy connection string for the reference implementation registry server. Any valid SQLAlchemy connection string is fine. See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine. Note: For absolute addresses, use //// slashes after sqlite:.

sql_idle_timeout = 3600

integer value

Period in seconds after which SQLAlchemy should reestablish its connection to the database. MySQL uses a default wait_timeout of 8 hours, after which it will drop idle connections. This can result in MySQL Gone Away exceptions. If you notice this, you can lower this value to ensure that SQLAlchemy reconnects before MySQL can drop the connection.

sql_max_retries = 60

integer value

Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.

sql_pool_class = QueuePool

string value

Accepts a class imported from the sqlalchemy.pool module, and handles the details of building the pool for you. If commented out, SQLAlchemy will select based on the database dialect. Other options are QueuePool (for SQLAlchemy-managed connections) and NullPool (to disabled SQLAlchemy management of connections). See http://docs.sqlalchemy.org/en/latest/core/pooling.html for more details

sql_pool_logging = False

boolean value

Show SQLAlchemy pool-related debugging output in logs (sets DEBUG log level output) if specified.

sql_pool_max_overflow = 10

integer value

The maximum overflow size of the pool used by SQLAlchemy. When the number of checked-out connections reaches the size set in sql_pool_size, additional connections will be returned up to this limit. It follows then that the total number of simultaneous connections the pool will allow is sql_pool_size + sql_pool_max_overflow. Can be set to -1 to indicate no overflow limit, so no limit will be placed on the total number of concurrent connections. Comment out to allow SQLAlchemy to select the default.

sql_pool_size = 5

integer value

Size of pool used by SQLAlchemy. This is the largest number of connections that will be kept persistently in the pool. Can be set to 0 to indicate no size limit. To disable pooling, use a NullPool with sql_pool_class instead. Comment out to allow SQLAlchemy to select the default.

sql_retry_interval = 1

integer value

Interval between retries of opening a SQL connection.

syslog-log-facility = LOG_USER

string value

Syslog facility to receive log lines. This option is ignored if log_config_append is set.

tcp_keepidle = 600

integer value

Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not supported on OS X.

transport_url = rabbit://

string value

The network address and optional user credentials for connecting to the messaging backend, in URL format. The expected format is:

driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query

Example: rabbit://rabbitmq:password@127.0.0.1:5672//

For full details on the fields in the URL see the documentation of oslo_messaging.TransportURL at https://docs.openstack.org/oslo.messaging/latest/reference/transport.html

use-journal = False

boolean value

Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.

use-json = False

boolean value

Use JSON formatting for logging. This option is ignored if log_config_append is set.

use-syslog = False

boolean value

Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.

use_eventlog = False

boolean value

Log output to Windows Event Log.

use_stderr = False

boolean value

Log output to standard error. This option is ignored if log_config_append is set.

watch-log-file = False

boolean value

Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.

wsgi_default_pool_size = 100

integer value

Size of the pool of greenthreads used by wsgi

wsgi_keep_alive = True

boolean value

If False, closes the client socket connection explicitly.

wsgi_log_format = %(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f

string value

A python format string that is used as the template to generate log lines. The following values can beformatted into it: client_ip, date_time, request_line, status_code, body_length, wall_seconds.

wsgi_server_debug = False

boolean value

True if the server should send exception tracebacks to the clients on 500 errors. If False, the server will respond with empty bodies.

1.1.2. certificate

The following table outlines the options available under the [certificate] group in the /etc/barbican/barbican.conf file.

Table 1.1. certificate

Configuration option = Default valueTypeDescription

enabled_certificate_plugins = ['simple_certificate']

multi valued

List of certificate plugins to load.

namespace = barbican.certificate.plugin

string value

Extension namespace to search for plugins.

1.1.3. certificate_event

The following table outlines the options available under the [certificate_event] group in the /etc/barbican/barbican.conf file.

Table 1.2. certificate_event

Configuration option = Default valueTypeDescription

enabled_certificate_event_plugins = ['simple_certificate_event']

multi valued

List of certificate plugins to load.

namespace = barbican.certificate.event.plugin

string value

Extension namespace to search for eventing plugins.

1.1.4. cors

The following table outlines the options available under the [cors] group in the /etc/barbican/barbican.conf file.

Table 1.3. cors

Configuration option = Default valueTypeDescription

allow_credentials = True

boolean value

Indicate that the actual request can include user credentials

allow_headers = ['X-Auth-Token', 'X-Openstack-Request-Id', 'X-Project-Id', 'X-Identity-Status', 'X-User-Id', 'X-Storage-Token', 'X-Domain-Id', 'X-User-Domain-Id', 'X-Project-Domain-Id', 'X-Roles']

list value

Indicate which header field names may be used during the actual request.

allow_methods = ['GET', 'PUT', 'POST', 'DELETE', 'PATCH']

list value

Indicate which methods can be used during the actual request.

allowed_origin = None

list value

Indicate whether this resource may be shared with the domain received in the requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing slash. Example: https://horizon.example.com

expose_headers = ['X-Auth-Token', 'X-Openstack-Request-Id', 'X-Project-Id', 'X-Identity-Status', 'X-User-Id', 'X-Storage-Token', 'X-Domain-Id', 'X-User-Domain-Id', 'X-Project-Domain-Id', 'X-Roles']

list value

Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.

max_age = 3600

integer value

Maximum cache age of CORS preflight requests.

1.1.5. crypto

The following table outlines the options available under the [crypto] group in the /etc/barbican/barbican.conf file.

Table 1.4. crypto

Configuration option = Default valueTypeDescription

enabled_crypto_plugins = ['simple_crypto']

multi valued

List of crypto plugins to load.

namespace = barbican.crypto.plugin

string value

Extension namespace to search for plugins.

1.1.6. dogtag_plugin

The following table outlines the options available under the [dogtag_plugin] group in the /etc/barbican/barbican.conf file.

Table 1.5. dogtag_plugin

Configuration option = Default valueTypeDescription

auto_approved_profiles = caServerCert

string value

List of automatically approved enrollment profiles

ca_expiration_time = 1

integer value

Time in days for CA entries to expire

dogtag_host = localhost

string value

Hostname for the Dogtag instance

dogtag_port = 8443

port value

Port for the Dogtag instance

nss_db_path = /etc/barbican/alias

string value

Path to the NSS certificate database

nss_password = None

string value

Password for the NSS certificate databases

pem_path = /etc/barbican/kra_admin_cert.pem

string value

Path to PEM file for authentication

plugin_name = Dogtag KRA

string value

User friendly plugin name

plugin_working_dir = /etc/barbican/dogtag

string value

Working directory for Dogtag plugin

retries = 3

integer value

Retries when storing or generating secrets

simple_cmc_profile = caOtherCert

string value

Profile for simple CMC requests

1.1.7. keystone_authtoken

The following table outlines the options available under the [keystone_authtoken] group in the /etc/barbican/barbican.conf file.

Table 1.6. keystone_authtoken

Configuration option = Default valueTypeDescription

auth_section = None

string value

Config Section from which to load plugin specific options

auth_type = None

string value

Authentication type to load

auth_uri = None

string value

Complete "public" Identity API endpoint. This endpoint should not be an "admin" endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint. This option is deprecated in favor of www_authenticate_uri and will be removed in the S release. Deprecated since: Queens

*Reason:*The auth_uri option is deprecated in favor of www_authenticate_uri and will be removed in the S release.

auth_version = None

string value

API version of the Identity API endpoint.

cache = None

string value

Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option to have the middleware share a caching backend with swift. Otherwise, use the memcached_servers option instead.

cafile = None

string value

A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.

certfile = None

string value

Required if identity server requires client certificate

delay_auth_decision = False

boolean value

Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.

enforce_token_bind = permissive

string value

Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.

http_connect_timeout = None

integer value

Request timeout value for communicating with Identity API server.

http_request_max_retries = 3

integer value

How many times are we trying to reconnect when communicating with Identity API Server.

include_service_catalog = True

boolean value

(Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.

insecure = False

boolean value

Verify HTTPS connections.

interface = internal

string value

Interface to use for the Identity API endpoint. Valid values are "public", "internal" (default) or "admin".

keyfile = None

string value

Required if identity server requires client certificate

memcache_pool_conn_get_timeout = 10

integer value

(Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.

memcache_pool_dead_retry = 300

integer value

(Optional) Number of seconds memcached server is considered dead before it is tried again.

memcache_pool_maxsize = 10

integer value

(Optional) Maximum total number of open connections to every memcached server.

memcache_pool_socket_timeout = 3

integer value

(Optional) Socket timeout in seconds for communicating with a memcached server.

memcache_pool_unused_timeout = 60

integer value

(Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.

memcache_secret_key = None

string value

(Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.

memcache_security_strategy = None

string value

(Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.

memcache_use_advanced_pool = False

boolean value

(Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.

memcached_servers = None

list value

Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.

region_name = None

string value

The region in which the identity server can be found.

service_token_roles = ['service']

list value

A choice of roles that must be present in a service token. Service tokens are allowed to request that an expired token can be used and so this check should tightly control that only actual services should be sending this token. Roles here are applied as an ANY check so any role in this list must be present. For backwards compatibility reasons this currently only affects the allow_expired check.

service_token_roles_required = False

boolean value

For backwards compatibility reasons we must let valid service tokens pass that don’t pass the service_token_roles check as valid. Setting this true will become the default in a future release and should be enabled if possible.

service_type = None

string value

The name or type of the service as it appears in the service catalog. This is used to validate tokens that have restricted access rules.

token_cache_time = 300

integer value

In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.

www_authenticate_uri = None

string value

Complete "public" Identity API endpoint. This endpoint should not be an "admin" endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint.

1.1.8. keystone_notifications

The following table outlines the options available under the [keystone_notifications] group in the /etc/barbican/barbican.conf file.

Table 1.7. keystone_notifications

Configuration option = Default valueTypeDescription

allow_requeue = False

boolean value

True enables requeue feature in case of notification processing error. Enable this only when underlying transport supports this feature.

control_exchange = keystone

string value

The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.

enable = False

boolean value

True enables keystone notification listener functionality.

pool_name = None

string value

Pool name for notifications listener. Setting this to a distinctive value will allow barbican notifications listener to receive its own copy of all messages from the topic without without interfering with other services listening on the same topic. This feature is supported only by some oslo.messaging backends (in particilar by rabbitmq) and for those it is preferrable to use it instead of separate notification topic for barbican.

thread_pool_size = 10

integer value

Define the number of max threads to be used for notification server processing functionality.

topic = notifications

string value

Keystone notification queue topic name. This name needs to match one of values mentioned in Keystone deployment’s notification_topics configuration e.g. notification_topics=notifications, barbican_notificationsMultiple servers may listen on a topic and messages will be dispatched to one of the servers in a round-robin fashion. That’s why Barbican service should have its own dedicated notification queue so that it receives all of Keystone notifications. Alternatively if the chosen oslo.messaging backend supports listener pooling (for example rabbitmq), setting a non-default pool_name option should be preferred.

version = 1.0

string value

Version of tasks invoked via notifications

1.1.9. kmip_plugin

The following table outlines the options available under the [kmip_plugin] group in the /etc/barbican/barbican.conf file.

Table 1.8. kmip_plugin

Configuration option = Default valueTypeDescription

ca_certs = None

string value

File path to concatenated "certification authority" certificates

certfile = None

string value

File path to local client certificate

host = localhost

string value

Address of the KMIP server

keyfile = None

string value

File path to local client certificate keyfile

password = None

string value

Password for authenticating with KMIP server

pkcs1_only = False

boolean value

Only support PKCS#1 encoding of asymmetric keys

plugin_name = KMIP HSM

string value

User friendly plugin name

port = 5696

port value

Port for the KMIP server

ssl_version = PROTOCOL_TLSv1_2

string value

SSL version, maps to the module ssl’s constants

username = None

string value

Username for authenticating with KMIP server

1.1.10. oslo_messaging_amqp

The following table outlines the options available under the [oslo_messaging_amqp] group in the /etc/barbican/barbican.conf file.

Table 1.9. oslo_messaging_amqp

Configuration option = Default valueTypeDescription

addressing_mode = dynamic

string value

Indicates the addressing mode used by the driver. Permitted values: legacy - use legacy non-routable addressing routable - use routable addresses dynamic - use legacy addresses if the message bus does not support routing otherwise use routable addressing

anycast_address = anycast

string value

Appended to the address prefix when sending to a group of consumers. Used by the message bus to identify messages that should be delivered in a round-robin fashion across consumers.

broadcast_prefix = broadcast

string value

address prefix used when broadcasting to all servers

connection_retry_backoff = 2

integer value

Increase the connection_retry_interval by this many seconds after each unsuccessful failover attempt.

connection_retry_interval = 1

integer value

Seconds to pause before attempting to re-connect.

connection_retry_interval_max = 30

integer value

Maximum limit for connection_retry_interval + connection_retry_backoff

container_name = None

string value

Name for the AMQP container. must be globally unique. Defaults to a generated UUID

default_notification_exchange = None

string value

Exchange name used in notification addresses. Exchange name resolution precedence: Target.exchange if set else default_notification_exchange if set else control_exchange if set else notify

default_notify_timeout = 30

integer value

The deadline for a sent notification message delivery. Only used when caller does not provide a timeout expiry.

default_reply_retry = 0

integer value

The maximum number of attempts to re-send a reply message which failed due to a recoverable error.

default_reply_timeout = 30

integer value

The deadline for an rpc reply message delivery.

default_rpc_exchange = None

string value

Exchange name used in RPC addresses. Exchange name resolution precedence: Target.exchange if set else default_rpc_exchange if set else control_exchange if set else rpc

default_send_timeout = 30

integer value

The deadline for an rpc cast or call message delivery. Only used when caller does not provide a timeout expiry.

default_sender_link_timeout = 600

integer value

The duration to schedule a purge of idle sender links. Detach link after expiry.

group_request_prefix = unicast

string value

address prefix when sending to any server in group

idle_timeout = 0

integer value

Timeout for inactive connections (in seconds)

link_retry_delay = 10

integer value

Time to pause between re-connecting an AMQP 1.0 link that failed due to a recoverable error.

multicast_address = multicast

string value

Appended to the address prefix when sending a fanout message. Used by the message bus to identify fanout messages.

notify_address_prefix = openstack.org/om/notify

string value

Address prefix for all generated Notification addresses

notify_server_credit = 100

integer value

Window size for incoming Notification messages

pre_settled = ['rpc-cast', 'rpc-reply']

multi valued

Send messages of this type pre-settled. Pre-settled messages will not receive acknowledgement from the peer. Note well: pre-settled messages may be silently discarded if the delivery fails. Permitted values: rpc-call - send RPC Calls pre-settled rpc-reply- send RPC Replies pre-settled rpc-cast - Send RPC Casts pre-settled notify - Send Notifications pre-settled

pseudo_vhost = True

boolean value

Enable virtual host support for those message buses that do not natively support virtual hosting (such as qpidd). When set to true the virtual host name will be added to all message bus addresses, effectively creating a private subnet per virtual host. Set to False if the message bus supports virtual hosting using the hostname field in the AMQP 1.0 Open performative as the name of the virtual host.

reply_link_credit = 200

integer value

Window size for incoming RPC Reply messages.

rpc_address_prefix = openstack.org/om/rpc

string value

Address prefix for all generated RPC addresses

rpc_server_credit = 100

integer value

Window size for incoming RPC Request messages

`sasl_config_dir = `

string value

Path to directory that contains the SASL configuration

`sasl_config_name = `

string value

Name of configuration file (without .conf suffix)

`sasl_default_realm = `

string value

SASL realm to use if no realm present in username

`sasl_mechanisms = `

string value

Space separated list of acceptable SASL mechanisms

server_request_prefix = exclusive

string value

address prefix used when sending to a specific server

ssl = False

boolean value

Attempt to connect via SSL. If no other ssl-related parameters are given, it will use the system’s CA-bundle to verify the server’s certificate.

`ssl_ca_file = `

string value

CA certificate PEM file used to verify the server’s certificate

`ssl_cert_file = `

string value

Self-identifying certificate PEM file for client authentication

`ssl_key_file = `

string value

Private key PEM file used to sign ssl_cert_file certificate (optional)

ssl_key_password = None

string value

Password for decrypting ssl_key_file (if encrypted)

ssl_verify_vhost = False

boolean value

By default SSL checks that the name in the server’s certificate matches the hostname in the transport_url. In some configurations it may be preferable to use the virtual hostname instead, for example if the server uses the Server Name Indication TLS extension (rfc6066) to provide a certificate per virtual host. Set ssl_verify_vhost to True if the server’s SSL certificate uses the virtual host name instead of the DNS name.

trace = False

boolean value

Debug: dump AMQP frames to stdout

unicast_address = unicast

string value

Appended to the address prefix when sending to a particular RPC/Notification server. Used by the message bus to identify messages sent to a single destination.

1.1.11. oslo_messaging_kafka

The following table outlines the options available under the [oslo_messaging_kafka] group in the /etc/barbican/barbican.conf file.

Table 1.10. oslo_messaging_kafka

Configuration option = Default valueTypeDescription

compression_codec = none

string value

The compression codec for all data generated by the producer. If not set, compression will not be used. Note that the allowed values of this depend on the kafka version

conn_pool_min_size = 2

integer value

The pool size limit for connections expiration policy

conn_pool_ttl = 1200

integer value

The time-to-live in sec of idle connections in the pool

consumer_group = oslo_messaging_consumer

string value

Group id for Kafka consumer. Consumers in one group will coordinate message consumption

enable_auto_commit = False

boolean value

Enable asynchronous consumer commits

kafka_consumer_timeout = 1.0

floating point value

Default timeout(s) for Kafka consumers

kafka_max_fetch_bytes = 1048576

integer value

Max fetch bytes of Kafka consumer

max_poll_records = 500

integer value

The maximum number of records returned in a poll call

pool_size = 10

integer value

Pool Size for Kafka Consumers

producer_batch_size = 16384

integer value

Size of batch for the producer async send

producer_batch_timeout = 0.0

floating point value

Upper bound on the delay for KafkaProducer batching in seconds

sasl_mechanism = PLAIN

string value

Mechanism when security protocol is SASL

security_protocol = PLAINTEXT

string value

Protocol used to communicate with brokers

`ssl_cafile = `

string value

CA certificate PEM file used to verify the server certificate

`ssl_client_cert_file = `

string value

Client certificate PEM file used for authentication.

`ssl_client_key_file = `

string value

Client key PEM file used for authentication.

`ssl_client_key_password = `

string value

Client key password file used for authentication.

1.1.12. oslo_messaging_notifications

The following table outlines the options available under the [oslo_messaging_notifications] group in the /etc/barbican/barbican.conf file.

Table 1.11. oslo_messaging_notifications

Configuration option = Default valueTypeDescription

driver = []

multi valued

The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop

retry = -1

integer value

The maximum number of attempts to re-send a notification message which failed to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite

topics = ['notifications']

list value

AMQP topic used for OpenStack notifications.

transport_url = None

string value

A URL representing the messaging driver to use for notifications. If not set, we fall back to the same configuration used for RPC.

1.1.13. oslo_messaging_rabbit

The following table outlines the options available under the [oslo_messaging_rabbit] group in the /etc/barbican/barbican.conf file.

Table 1.12. oslo_messaging_rabbit

Configuration option = Default valueTypeDescription

amqp_auto_delete = False

boolean value

Auto-delete queues in AMQP.

amqp_durable_queues = False

boolean value

Use durable queues in AMQP.

direct_mandatory_flag = True

boolean value

(DEPRECATED) Enable/Disable the RabbitMQ mandatory flag for direct send. The direct send is used as reply, so the MessageUndeliverable exception is raised in case the client queue does not exist.MessageUndeliverable exception will be used to loop for a timeout to lets a chance to sender to recover.This flag is deprecated and it will not be possible to deactivate this functionality anymore

enable_cancel_on_failover = False

boolean value

Enable x-cancel-on-ha-failover flag so that rabbitmq server will cancel and notify consumerswhen queue is down

heartbeat_in_pthread = True

boolean value

Run the health check heartbeat thread through a native python thread by default. If this option is equal to False then the health check heartbeat will inherit the execution model from the parent process. For example if the parent process has monkey patched the stdlib by using eventlet/greenlet then the heartbeat will be run through a green thread.

heartbeat_rate = 2

integer value

How often times during the heartbeat_timeout_threshold we check the heartbeat.

heartbeat_timeout_threshold = 60

integer value

Number of seconds after which the Rabbit broker is considered down if heartbeat’s keep-alive fails (0 disables heartbeat).

kombu_compression = None

string value

EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not be used. This option may not be available in future versions.

kombu_failover_strategy = round-robin

string value

Determines how the next RabbitMQ node is chosen in case the one we are currently connected to becomes unavailable. Takes effect only if more than one RabbitMQ node is provided in config.

kombu_missing_consumer_retry_timeout = 60

integer value

How long to wait a missing client before abandoning to send it its replies. This value should not be longer than rpc_response_timeout.

kombu_reconnect_delay = 1.0

floating point value

How long to wait before reconnecting in response to an AMQP consumer cancel notification.

rabbit_ha_queues = False

boolean value

Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring is no longer controlled by the x-ha-policy argument when declaring a queue. If you just want to make sure that all queues (except those with auto-generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA ^(?!amq\.).* {"ha-mode": "all"} "

rabbit_interval_max = 30

integer value

Maximum interval of RabbitMQ connection retries. Default is 30 seconds.

rabbit_login_method = AMQPLAIN

string value

The RabbitMQ login method.

rabbit_qos_prefetch_count = 0

integer value

Specifies the number of messages to prefetch. Setting to zero allows unlimited messages.

rabbit_retry_backoff = 2

integer value

How long to backoff for between retries when connecting to RabbitMQ.

rabbit_retry_interval = 1

integer value

How frequently to retry connecting with RabbitMQ.

rabbit_transient_queues_ttl = 1800

integer value

Positive integer representing duration in seconds for queue TTL (x-expires). Queues which are unused for the duration of the TTL are automatically deleted. The parameter affects only reply and fanout queues.

ssl = False

boolean value

Connect over SSL.

`ssl_ca_file = `

string value

SSL certification authority file (valid only if SSL enabled).

`ssl_cert_file = `

string value

SSL cert file (valid only if SSL enabled).

`ssl_key_file = `

string value

SSL key file (valid only if SSL enabled).

`ssl_version = `

string value

SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.

1.1.14. oslo_middleware

The following table outlines the options available under the [oslo_middleware] group in the /etc/barbican/barbican.conf file.

Table 1.13. oslo_middleware

Configuration option = Default valueTypeDescription

enable_proxy_headers_parsing = False

boolean value

Whether the application is behind a proxy or not. This determines if the middleware should parse the headers or not.

1.1.15. oslo_policy

The following table outlines the options available under the [oslo_policy] group in the /etc/barbican/barbican.conf file.

Table 1.14. oslo_policy

Configuration option = Default valueTypeDescription

enforce_new_defaults = False

boolean value

This option controls whether or not to use old deprecated defaults when evaluating policies. If True, the old deprecated defaults are not going to be evaluated. This means if any existing token is allowed for old defaults but is disallowed for new defaults, it will be disallowed. It is encouraged to enable this flag along with the enforce_scope flag so that you can get the benefits of new defaults and scope_type together

enforce_scope = False

boolean value

This option controls whether or not to enforce scope when evaluating policies. If True, the scope of the token used in the request is compared to the scope_types of the policy being enforced. If the scopes do not match, an InvalidScope exception will be raised. If False, a message will be logged informing operators that policies are being invoked with mismatching scope.

policy_default_rule = default

string value

Default rule. Enforced when a requested rule is not found.

policy_dirs = ['policy.d']

multi valued

Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.

policy_file = policy.yaml

string value

The relative or absolute path of a file that maps roles to permissions for a given service. Relative paths must be specified in relation to the configuration file setting this option.

remote_content_type = application/x-www-form-urlencoded

string value

Content Type to send and receive data for REST based policy check

remote_ssl_ca_crt_file = None

string value

Absolute path to ca cert file for REST based policy check

remote_ssl_client_crt_file = None

string value

Absolute path to client cert for REST based policy check

remote_ssl_client_key_file = None

string value

Absolute path client key file REST based policy check

remote_ssl_verify_server_crt = False

boolean value

server identity verification for REST based policy check

1.1.16. p11_crypto_plugin

The following table outlines the options available under the [p11_crypto_plugin] group in the /etc/barbican/barbican.conf file.

Table 1.15. p11_crypto_plugin

Configuration option = Default valueTypeDescription

aes_gcm_generate_iv = True

boolean value

Generate IVs for CKM_AES_GCM mechanism.

always_set_cka_sensitive = True

boolean value

Always set CKA_SENSITIVE=CK_TRUE including CKA_EXTRACTABLE=CK_TRUE keys.

encryption_mechanism = CKM_AES_CBC

string value

Secret encryption mechanism

hmac_key_type = CKK_AES

string value

HMAC Key Type

hmac_keygen_mechanism = CKM_AES_KEY_GEN

string value

HMAC Key Generation Algorithm

hmac_keywrap_mechanism = CKM_SHA256_HMAC

string value

HMAC key wrap mechanism

hmac_label = None

string value

Master HMAC Key label (as stored in the HSM)

library_path = None

string value

Path to vendor PKCS11 library

login = None

string value

Password to login to PKCS11 session

mkek_label = None

string value

Master KEK label (as stored in the HSM)

mkek_length = None

integer value

Master KEK length in bytes.

os_locking_ok = False

boolean value

Enable CKF_OS_LOCKING_OK flag when initializing the PKCS#11 client library.

pkek_cache_limit = 100

integer value

Project KEK Cache Item Limit

pkek_cache_ttl = 900

integer value

Project KEK Cache Time To Live, in seconds

pkek_length = 32

integer value

Project KEK length in bytes.

plugin_name = PKCS11 HSM

string value

User friendly plugin name

rw_session = True

boolean value

Flag for Read/Write Sessions

`seed_file = `

string value

File to pull entropy for seeding RNG

seed_length = 32

integer value

Amount of data to read from file for seed

slot_id = 1

integer value

(Optional) HSM Slot ID that contains the token device to be used.

token_label = None

string value

DEPRECATED: Use token_labels instead. Token label used to identify the token to be used.

token_labels = None

list value

List of labels for one or more tokens to be used. Typically this is a single label, but some HSM devices may require more than one label for Load Balancing or High Availability configurations.

token_serial_number = None

string value

Token serial number used to identify the token to be used.

1.1.17. queue

The following table outlines the options available under the [queue] group in the /etc/barbican/barbican.conf file.

Table 1.16. queue

Configuration option = Default valueTypeDescription

asynchronous_workers = 1

integer value

Number of asynchronous worker processes

enable = False

boolean value

True enables queuing, False invokes workers synchronously

namespace = barbican

string value

Queue namespace

server_name = barbican.queue

string value

Server name for RPC task processing server

topic = barbican.workers

string value

Queue topic name

version = 1.1

string value

Version of tasks invoked via queue

1.1.18. quotas

The following table outlines the options available under the [quotas] group in the /etc/barbican/barbican.conf file.

Table 1.17. quotas

Configuration option = Default valueTypeDescription

quota_cas = -1

integer value

Number of CAs allowed per project

quota_consumers = -1

integer value

Number of consumers allowed per project

quota_containers = -1

integer value

Number of containers allowed per project

quota_orders = -1

integer value

Number of orders allowed per project

quota_secrets = -1

integer value

Number of secrets allowed per project

1.1.19. retry_scheduler

The following table outlines the options available under the [retry_scheduler] group in the /etc/barbican/barbican.conf file.

Table 1.18. retry_scheduler

Configuration option = Default valueTypeDescription

initial_delay_seconds = 10.0

floating point value

Seconds (float) to wait before starting retry scheduler

periodic_interval_max_seconds = 10.0

floating point value

Seconds (float) to wait between periodic schedule events

1.1.20. secretstore

The following table outlines the options available under the [secretstore] group in the /etc/barbican/barbican.conf file.

Table 1.19. secretstore

Configuration option = Default valueTypeDescription

enable_multiple_secret_stores = False

boolean value

Flag to enable multiple secret store plugin backend support. Default is False

enabled_secretstore_plugins = ['store_crypto']

multi valued

List of secret store plugins to load.

namespace = barbican.secretstore.plugin

string value

Extension namespace to search for plugins.

stores_lookup_suffix = None

list value

List of suffix to use for looking up plugins which are supported with multiple backend support.

1.1.21. simple_crypto_plugin

The following table outlines the options available under the [simple_crypto_plugin] group in the /etc/barbican/barbican.conf file.

Table 1.20. simple_crypto_plugin

Configuration option = Default valueTypeDescription

kek = dGhpcnR5X3R3b19ieXRlX2tleWJsYWhibGFoYmxhaGg=

string value

Key encryption key to be used by Simple Crypto Plugin

plugin_name = Software Only Crypto

string value

User friendly plugin name

1.1.22. snakeoil_ca_plugin

The following table outlines the options available under the [snakeoil_ca_plugin] group in the /etc/barbican/barbican.conf file.

Table 1.21. snakeoil_ca_plugin

Configuration option = Default valueTypeDescription

ca_cert_chain_path = None

string value

Path to CA certificate chain file

ca_cert_key_path = None

string value

Path to CA certificate key file

ca_cert_path = None

string value

Path to CA certificate file

ca_cert_pkcs7_path = None

string value

Path to CA chain pkcs7 file

subca_cert_key_directory = /etc/barbican/snakeoil-cas

string value

Directory in which to store certs/keys for subcas

1.1.23. ssl

The following table outlines the options available under the [ssl] group in the /etc/barbican/barbican.conf file.

Table 1.22. ssl

Configuration option = Default valueTypeDescription

ca_file = None

string value

CA certificate file to use to verify connecting clients.

cert_file = None

string value

Certificate file to use when starting the server securely.

ciphers = None

string value

Sets the list of available ciphers. value should be a string in the OpenSSL cipher list format.

key_file = None

string value

Private key file to use when starting the server securely.

version = None

string value

SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.

Chapter 2. cinder

The following chapter contains information about the configuration options in the cinder service.

2.1. cinder.conf

This section contains options for the /etc/cinder/cinder.conf file.

2.1.1. DEFAULT

The following table outlines the options available under the [DEFAULT] group in the /etc/cinder/cinder.conf file.

.

Configuration option = Default valueTypeDescription

acs5000_copy_interval = 5

integer value

When volume copy task is going on,refresh volume status interval

acs5000_volpool_name = ['pool01']

list value

Comma separated list of storage system storage pools for volumes.

allocated_capacity_weight_multiplier = -1.0

floating point value

Multiplier used for weighing allocated capacity. Positive numbers mean to stack vs spread.

allow_availability_zone_fallback = False

boolean value

If the requested Cinder availability zone is unavailable, fall back to the value of default_availability_zone, then storage_availability_zone, instead of failing.

allow_compression_on_image_upload = False

boolean value

The strategy to use for image compression on upload. Default is disallow compression.

allowed_direct_url_schemes = []

list value

A list of url schemes that can be downloaded directly via the direct_url. Currently supported schemes: [file, cinder].

api_paste_config = api-paste.ini

string value

File name for the paste.deploy config for api service

api_rate_limit = True

boolean value

Enables or disables rate limit of the API.

as13000_ipsan_pools = ['Pool0']

list value

The Storage Pools Cinder should use, a comma separated list.

as13000_meta_pool = None

string value

The pool which is used as a meta pool when creating a volume, and it should be a replication pool at present. If not set, the driver will choose a replication pool from the value of as13000_ipsan_pools.

as13000_token_available_time = 3300

integer value

The effective time of token validity in seconds.

auth_strategy = keystone

string value

The strategy to use for auth. Supports noauth or keystone.

az_cache_duration = 3600

integer value

Cache volume availability zones in memory for the provided duration in seconds

backdoor_port = None

string value

Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number; <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service’s log file.

backdoor_socket = None

string value

Enable eventlet backdoor, using the provided path as a unix socket that can receive connections. This option is mutually exclusive with backdoor_port in that only one should be provided. If both are provided then the existence of this option overrides the usage of that option. Inside the path {pid} will be replaced with the PID of the current process.

backend_availability_zone = None

string value

Availability zone for this volume backend. If not set, the storage_availability_zone option value is used as the default for all backends.

backend_stats_polling_interval = 60

integer value

Time in seconds between requests for usage statistics from the backend. Be aware that generating usage statistics is expensive for some backends, so setting this value too low may adversely affect performance.

backup_api_class = cinder.backup.api.API

string value

The full class name of the volume backup API class

backup_ceph_chunk_size = 134217728

integer value

The chunk size, in bytes, that a backup is broken into before transfer to the Ceph object store.

backup_ceph_conf = /etc/ceph/ceph.conf

string value

Ceph configuration file to use.

backup_ceph_image_journals = False

boolean value

If True, apply JOURNALING and EXCLUSIVE_LOCK feature bits to the backup RBD objects to allow mirroring

backup_ceph_pool = backups

string value

The Ceph pool where volume backups are stored.

backup_ceph_stripe_count = 0

integer value

RBD stripe count to use when creating a backup image.

backup_ceph_stripe_unit = 0

integer value

RBD stripe unit to use when creating a backup image.

backup_ceph_user = cinder

string value

The Ceph user to connect with. Default here is to use the same user as for Cinder volumes. If not using cephx this should be set to None.

backup_compression_algorithm = zlib

string value

Compression algorithm ("none" to disable)

backup_container = None

string value

Custom directory to use for backups.

backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver

string value

Driver to use for backups.

backup_driver_init_check_interval = 60

integer value

Time in seconds between checks to see if the backup driver has been successfully initialized, any time the driver is restarted.

backup_driver_stats_polling_interval = 60

integer value

Time in seconds between checks of the backup driver status. If does not report as working, it is restarted.

backup_enable_progress_timer = True

boolean value

Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the backend storage. The default value is True to enable the timer.

backup_file_size = 1999994880

integer value

The maximum size in bytes of the files used to hold backups. If the volume being backed up exceeds this size, then it will be backed up into multiple files.backup_file_size must be a multiple of backup_sha_block_size_bytes.

backup_manager = cinder.backup.manager.BackupManager

string value

Full class name for the Manager for volume backup

backup_max_operations = 15

integer value

Maximum number of concurrent memory heavy operations: backup and restore. Value of 0 means unlimited

backup_metadata_version = 2

integer value

Backup metadata version to be used when backing up volume metadata. If this number is bumped, make sure the service doing the restore supports the new version.

backup_mount_attempts = 3

integer value

The number of attempts to mount NFS shares before raising an error.

backup_mount_options = None

string value

Mount options passed to the NFS client. See NFS man page for details.

backup_mount_point_base = $state_path/backup_mount

string value

Base dir containing mount point for NFS share.

backup_name_template = backup-%s

string value

Template string to be used to generate backup names

backup_native_threads_pool_size = 60

integer value

Size of the native threads pool for the backups. Most backup drivers rely heavily on this, it can be decreased for specific drivers that don’t.

backup_object_number_per_notification = 10

integer value

The number of chunks or objects, for which one Ceilometer notification will be sent

backup_posix_path = $state_path/backup

string value

Path specifying where to store backups.

backup_s3_block_size = 32768

integer value

The size in bytes that changes are tracked for incremental backups. backup_s3_object_size has to be multiple of backup_s3_block_size.

backup_s3_ca_cert_file = None

string value

path/to/cert/bundle.pem - A filename of the CA cert bundle to use.

backup_s3_enable_progress_timer = True

boolean value

Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the S3 backend storage. The default value is True to enable the timer.

backup_s3_endpoint_url = None

string value

The url where the S3 server is listening.

`backup_s3_http_proxy = `

string value

Address or host for the http proxy server.

`backup_s3_https_proxy = `

string value

Address or host for the https proxy server.

backup_s3_max_pool_connections = 10

integer value

The maximum number of connections to keep in a connection pool.

backup_s3_md5_validation = True

boolean value

Enable or Disable md5 validation in the s3 backend.

backup_s3_object_size = 52428800

integer value

The size in bytes of S3 backup objects

backup_s3_retry_max_attempts = 4

integer value

An integer representing the maximum number of retry attempts that will be made on a single request.

backup_s3_retry_mode = legacy

string value

A string representing the type of retry mode. e.g: legacy, standard, adaptive

backup_s3_sse_customer_algorithm = None

string value

The SSECustomerAlgorithm. backup_s3_sse_customer_key must be set at the same time to enable SSE.

backup_s3_sse_customer_key = None

string value

The SSECustomerKey. backup_s3_sse_customer_algorithm must be set at the same time to enable SSE.

backup_s3_store_access_key = None

string value

The S3 query token access key.

backup_s3_store_bucket = volumebackups

string value

The S3 bucket to be used to store the Cinder backup data.

backup_s3_store_secret_key = None

string value

The S3 query token secret key.

backup_s3_timeout = 60

floating point value

The time in seconds till a timeout exception is thrown.

backup_s3_verify_ssl = True

boolean value

Enable or Disable ssl verify.

backup_service_inithost_offload = True

boolean value

Offload pending backup delete during backup service startup. If false, the backup service will remain down until all pending backups are deleted.

backup_sha_block_size_bytes = 32768

integer value

The size in bytes that changes are tracked for incremental backups. backup_file_size has to be multiple of backup_sha_block_size_bytes.

backup_share = None

string value

NFS share in hostname:path, ipv4addr:path, or "[ipv6addr]:path" format.

backup_swift_auth = per_user

string value

Swift authentication mechanism (per_user or single_user).

backup_swift_auth_insecure = False

boolean value

Bypass verification of server certificate when making SSL connection to Swift.

backup_swift_auth_url = None

uri value

The URL of the Keystone endpoint

backup_swift_auth_version = 1

string value

Swift authentication version. Specify "1" for auth 1.0, or "2" for auth 2.0 or "3" for auth 3.0

backup_swift_block_size = 32768

integer value

The size in bytes that changes are tracked for incremental backups. backup_swift_object_size has to be multiple of backup_swift_block_size.

backup_swift_ca_cert_file = None

string value

Location of the CA certificate file to use for swift client requests.

backup_swift_container = volumebackups

string value

The default Swift container to use

backup_swift_enable_progress_timer = True

boolean value

Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the Swift backend storage. The default value is True to enable the timer.

backup_swift_key = None

string value

Swift key for authentication

backup_swift_object_size = 52428800

integer value

The size in bytes of Swift backup objects

backup_swift_project = None

string value

Swift project/account name. Required when connecting to an auth 3.0 system

backup_swift_project_domain = None

string value

Swift project domain name. Required when connecting to an auth 3.0 system

backup_swift_retry_attempts = 3

integer value

The number of retries to make for Swift operations

backup_swift_retry_backoff = 2

integer value

The backoff time in seconds between Swift retries

backup_swift_tenant = None

string value

Swift tenant/account name. Required when connecting to an auth 2.0 system

backup_swift_url = None

uri value

The URL of the Swift endpoint

backup_swift_user = None

string value

Swift user name

backup_swift_user_domain = None

string value

Swift user domain name. Required when connecting to an auth 3.0 system

backup_timer_interval = 120

integer value

Interval, in seconds, between two progress notifications reporting the backup status

backup_use_same_host = False

boolean value

Backup services use same backend.

backup_use_temp_snapshot = False

boolean value

If this is set to True, a temporary snapshot will be created for performing non-disruptive backups. Otherwise a temporary volume will be cloned in order to perform a backup.

backup_workers = 1

integer value

Number of backup processes to launch. Improves performance with concurrent backups.

capacity_weight_multiplier = 1.0

floating point value

Multiplier used for weighing free capacity. Negative numbers mean to stack vs spread.

`chap_password = `

string value

Password for specified CHAP account name.

chap_password_len = 12

integer value

Length of the random string for CHAP password.

`chap_username = `

string value

CHAP user name.

chiscsi_conf = /etc/chelsio-iscsi/chiscsi.conf

string value

Chiscsi (CXT) global defaults configuration file

cinder_internal_tenant_project_id = None

string value

ID of the project which will be used as the Cinder internal tenant.

cinder_internal_tenant_user_id = None

string value

ID of the user to be used in volume operations as the Cinder internal tenant.

client_socket_timeout = 900

integer value

Timeout for client connections' socket operations. If an incoming connection is idle for this number of seconds it will be closed. A value of 0 means wait forever.

clone_volume_timeout = 680

integer value

Create clone volume timeout Deprecated since: 14.0.0

*Reason:*FusionStorage cinder driver refactored the code with Restful method and the old CLI mode has been abandon. So those configuration items are no longer used.

cloned_volume_same_az = True

boolean value

Ensure that the new volumes are the same AZ as snapshot or source volume

cluster = None

string value

Name of this cluster. Used to group volume hosts that share the same backend configurations to work in HA Active-Active mode.

compression_format = gzip

string value

Image compression format on image upload

compute_api_class = cinder.compute.nova.API

string value

The full class name of the compute API class to use

config-dir = ['~/.project/project.conf.d/', '~/project.conf.d/', '/etc/project/project.conf.d/', '/etc/project.conf.d/']

list value

Path to a config directory to pull *.conf files from. This file set is sorted, so as to provide a predictable parse order if individual options are over-ridden. The set is parsed after the file(s) specified via previous --config-file, arguments hence over-ridden options in the directory take precedence. This option must be set from the command-line.

config-file = ['~/.project/project.conf', '~/project.conf', '/etc/project/project.conf', '/etc/project.conf']

unknown value

Path to a config file to use. Multiple config files can be specified, with values in later files taking precedence. Defaults to %(default)s. This option must be set from the command-line.

config_source = []

list value

Lists configuration groups that provide more details for accessing configuration settings from locations other than local files.

conn_pool_min_size = 2

integer value

The pool size limit for connections expiration policy

conn_pool_ttl = 1200

integer value

The time-to-live in sec of idle connections in the pool

consistencygroup_api_class = cinder.consistencygroup.api.API

string value

The full class name of the consistencygroup API class

control_exchange = openstack

string value

The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.

datera_503_interval = 5

integer value

Interval between 503 retries

datera_503_timeout = 120

integer value

Timeout for HTTP 503 retry messages

datera_api_port = 7717

string value

Datera API port.

datera_api_version = 2.2

string value

Datera API version.

datera_debug = False

boolean value

True to set function arg and return logging

datera_debug_replica_count_override = False

boolean value

ONLY FOR DEBUG/TESTING PURPOSES True to set replica_count to 1

datera_disable_extended_metadata = False

boolean value

Set to True to disable sending additional metadata to the Datera backend

datera_disable_profiler = False

boolean value

Set to True to disable profiling in the Datera driver

datera_disable_template_override = False

boolean value

Set to True to disable automatic template override of the size attribute when creating from a template

datera_enable_image_cache = False

boolean value

Set to True to enable Datera backend image caching

datera_image_cache_volume_type_id = None

string value

Cinder volume type id to use for cached volumes

datera_ldap_server = None

string value

LDAP authentication server

datera_tenant_id = None

string value

If set to Map -→ OpenStack project ID will be mapped implicitly to Datera tenant ID If set to None -→ Datera tenant ID will not be used during volume provisioning If set to anything else -→ Datera tenant ID will be the provided value

datera_volume_type_defaults = {}

dict value

Settings here will be used as volume-type defaults if the volume-type setting is not provided. This can be used, for example, to set a very low total_iops_max value if none is specified in the volume-type to prevent accidental overusage. Options are specified via the following format, WITHOUT ANY DF: PREFIX: datera_volume_type_defaults=iops_per_gb:100,bandwidth_per_gb:200…​etc.

db_driver = cinder.db

string value

Driver to use for database access

debug = False

boolean value

If set to true, the logging level will be set to DEBUG instead of the default INFO level.

default_availability_zone = None

string value

Default availability zone for new volumes. If not set, the storage_availability_zone option value is used as the default for new volumes.

default_group_type = None

string value

Default group type to use

default_log_levels = ['amqp=WARN', 'amqplib=WARN', 'boto=WARN', 'qpid=WARN', 'sqlalchemy=WARN', 'suds=INFO', 'oslo.messaging=INFO', 'oslo_messaging=INFO', 'iso8601=WARN', 'requests.packages.urllib3.connectionpool=WARN', 'urllib3.connectionpool=WARN', 'websocket=WARN', 'requests.packages.urllib3.util.retry=WARN', 'urllib3.util.retry=WARN', 'keystonemiddleware=WARN', 'routes.middleware=WARN', 'stevedore=WARN', 'taskflow=WARN', 'keystoneauth=WARN', 'oslo.cache=INFO', 'oslo_policy=INFO', 'dogpile.core.dogpile=INFO']

list value

List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.

default_sandstone_target_ips = []

list value

SandStone default target ip.

default_volume_type = __DEFAULT__

string value

Default volume type to use

driver_client_cert = None

string value

The path to the client certificate for verification, if the driver supports it.

driver_client_cert_key = None

string value

The path to the client certificate key for verification, if the driver supports it.

driver_data_namespace = None

string value

Namespace for driver private data values to be saved in.

driver_ssl_cert_path = None

string value

Can be used to specify a non default path to a CA_BUNDLE file or directory with certificates of trusted CAs, which will be used to validate the backend

driver_ssl_cert_verify = False

boolean value

If set to True the http client will validate the SSL certificate of the backend endpoint.

driver_use_ssl = False

boolean value

Tell driver to use SSL for connection to backend storage if the driver supports it.

dsware_isthin = False

boolean value

The flag of thin storage allocation. Deprecated since: 14.0.0

*Reason:*FusionStorage cinder driver refactored the code with Restful method and the old CLI mode has been abandon. So those configuration items are no longer used.

`dsware_manager = `

string value

Fusionstorage manager ip addr for cinder-volume. Deprecated since: 14.0.0

*Reason:*FusionStorage cinder driver refactored the code with Restful method and the old CLI mode has been abandon. So those configuration items are no longer used.

`dsware_rest_url = `

string value

The address of FusionStorage array. For example, "dsware_rest_url=xxx"

`dsware_storage_pools = `

string value

The list of pools on the FusionStorage array, the semicolon(;) was used to split the storage pools, "dsware_storage_pools = xxx1; xxx2; xxx3"

enable_force_upload = False

boolean value

Enables the Force option on upload_to_image. This enables running upload_volume on in-use volumes for backends that support it.

enable_new_services = True

boolean value

Services to be added to the available pool on create

enable_unsupported_driver = False

boolean value

Set this to True when you want to allow an unsupported driver to start. Drivers that haven’t maintained a working CI system and testing are marked as unsupported until CI is working again. This also marks a driver as deprecated and may be removed in the next release.

enable_v2_api = True

boolean value

DEPRECATED: Deploy v2 of the Cinder API.

enable_v3_api = True

boolean value

Deploy v3 of the Cinder API.

enabled_backends = None

list value

A list of backend names to use. These backend names should be backed by a unique [CONFIG] group with its options

enforce_multipath_for_image_xfer = False

boolean value

If this is set to True, attachment of volumes for image transfer will be aborted when multipathd is not running. Otherwise, it will fallback to single path. This parameter needs to be configured for each backend section or in [backend_defaults] section as a common configuration for all backends.

executor_thread_pool_size = 64

integer value

Size of executor thread pool when executor is threading or eventlet.

fatal_deprecations = False

boolean value

Enables or disables fatal status of deprecations.

filter_function = None

string value

String representation for an equation that will be used to filter hosts. Only used when the driver filter is set to be used by the Cinder scheduler.

`fusionstorageagent = `

string value

Fusionstorage agent ip addr range Deprecated since: 14.0.0

*Reason:*FusionStorage cinder driver refactored the code with Restful method and the old CLI mode has been abandon. So those configuration items are no longer used.

glance_api_insecure = False

boolean value

Allow to perform insecure SSL (https) requests to glance (https will be used but cert validation will not be performed).

glance_api_servers = None

list value

A list of the URLs of glance API servers available to cinder ([http[s]://][hostname|ip]:port). If protocol is not specified it defaults to http.

glance_api_ssl_compression = False

boolean value

Enables or disables negotiation of SSL layer compression. In some cases disabling compression can improve data throughput, such as when high network bandwidth is available and you use compressed image formats like qcow2.

glance_ca_certificates_file = None

string value

Location of ca certificates file to use for glance client requests.

glance_catalog_info = image:glance:publicURL

string value

Info to match when looking for glance in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type> - Only used if glance_api_servers are not provided.

glance_certfile = None

string value

Location of certificate file to use for glance client requests.

glance_core_properties = ['checksum', 'container_format', 'disk_format', 'image_name', 'image_id', 'min_disk', 'min_ram', 'name', 'size']

list value

Default core properties of image

glance_keyfile = None

string value

Location of certificate key file to use for glance client requests.

glance_num_retries = 3

integer value

Number retries when downloading an image from glance

glance_request_timeout = None

integer value

http/https timeout value for glance operations. If no value (None) is supplied here, the glanceclient default value is used.

glusterfs_backup_mount_point = $state_path/backup_mount

string value

Base dir containing mount point for gluster share.

glusterfs_backup_share = None

string value

GlusterFS share in <hostname|ipv4addr|ipv6addr>:<gluster_vol_name> format. Eg: 1.2.3.4:backup_vol

goodness_function = None

string value

String representation for an equation that will be used to determine the goodness of a host. Only used when using the goodness weigher is set to be used by the Cinder scheduler.

graceful_shutdown_timeout = 60

integer value

Specify a timeout after which a gracefully shutdown server will exit. Zero value means endless wait.

group_api_class = cinder.group.api.API

string value

The full class name of the group API class

host = <based on operating system>

string value

Name of this node. This can be an opaque identifier. It is not necessarily a host name, FQDN, or IP address.

iet_conf = /etc/iet/ietd.conf

string value

DEPRECATED: IET configuration file

image_compress_on_upload = True

boolean value

When possible, compress images uploaded to the image service

image_conversion_address_space_limit = 1

integer value

Address space limit in gigabytes to convert the image

image_conversion_cpu_limit = 60

integer value

CPU time limit in seconds to convert the image

image_conversion_dir = $state_path/conversion

string value

Directory used for temporary storage during image conversion

image_upload_use_cinder_backend = False

boolean value

If set to True, upload-to-image in raw format will create a cloned volume and register its location to the image service, instead of uploading the volume content. The cinder backend and locations support must be enabled in the image service.

image_upload_use_internal_tenant = False

boolean value

If set to True, the image volume created by upload-to-image will be placed in the internal tenant. Otherwise, the image volume is created in the current context’s tenant.

image_volume_cache_enabled = False

boolean value

Enable the image volume cache for this backend.

image_volume_cache_max_count = 0

integer value

Max number of entries allowed in the image volume cache. 0 ⇒ unlimited.

image_volume_cache_max_size_gb = 0

integer value

Max size of the image volume cache for this backend in GB. 0 ⇒ unlimited.

infortrend_cli_cache = False

boolean value

The Infortrend CLI cache. While set True, the RAID status report will use cache stored in the CLI. Never enable this unless the RAID is managed only by Openstack and only by one infortrend cinder-volume backend. Otherwise, CLI might report out-dated status to cinder and thus there might be some race condition among all backend/CLIs.

infortrend_cli_max_retries = 5

integer value

The maximum retry times if a command fails.

infortrend_cli_path = /opt/bin/Infortrend/raidcmd_ESDS10.jar

string value

The Infortrend CLI absolute path.

infortrend_cli_timeout = 60

integer value

The timeout for CLI in seconds.

infortrend_iqn_prefix = iqn.2002-10.com.infortrend

string value

Infortrend iqn prefix for iSCSI.

`infortrend_pools_name = `

list value

The Infortrend logical volumes name list. It is separated with comma.

`infortrend_slots_a_channels_id = `

list value

Infortrend raid channel ID list on Slot A for OpenStack usage. It is separated with comma.

`infortrend_slots_b_channels_id = `

list value

Infortrend raid channel ID list on Slot B for OpenStack usage. It is separated with comma.

init_host_max_objects_retrieval = 0

integer value

Max number of volumes and snapshots to be retrieved per batch during volume manager host initialization. Query results will be obtained in batches from the database and not in one shot to avoid extreme memory usage. Set 0 to turn off this functionality.

initiator_assign_sandstone_target_ip = {}

dict value

Support initiator assign target with assign ip.

`instance_format = [instance: %(uuid)s] `

string value

The format for an instance that is passed with the log message.

`instance_uuid_format = [instance: %(uuid)s] `

string value

The format for an instance UUID that is passed with the log message.

instorage_mcs_allow_tenant_qos = False

boolean value

Allow tenants to specify QOS on create

instorage_mcs_iscsi_chap_enabled = True

boolean value

Configure CHAP authentication for iSCSI connections (Default: Enabled)

instorage_mcs_localcopy_rate = 50

integer value

Specifies the InStorage LocalCopy copy rate to be used when creating a full volume copy. The default rate is 50, and the valid rates are 1-100.

instorage_mcs_localcopy_timeout = 120

integer value

Maximum number of seconds to wait for LocalCopy to be prepared.

instorage_mcs_vol_autoexpand = True

boolean value

Storage system autoexpand parameter for volumes (True/False)

instorage_mcs_vol_compression = False

boolean value

Storage system compression option for volumes

instorage_mcs_vol_grainsize = 256

integer value

Storage system grain size parameter for volumes (32/64/128/256)

instorage_mcs_vol_intier = True

boolean value

Enable InTier for volumes

instorage_mcs_vol_iogrp = 0

string value

The I/O group in which to allocate volumes. It can be a comma-separated list in which case the driver will select an io_group based on least number of volumes associated with the io_group.

instorage_mcs_vol_rsize = 2

integer value

Storage system space-efficiency parameter for volumes (percentage)

instorage_mcs_vol_warning = 0

integer value

Storage system threshold for volume capacity warnings (percentage)

instorage_mcs_volpool_name = ['volpool']

list value

Comma separated list of storage system storage pools for volumes.

instorage_san_secondary_ip = None

string value

Specifies secondary management IP or hostname to be used if san_ip is invalid or becomes inaccessible.

iscsi_iotype = fileio

string value

Sets the behavior of the iSCSI target to either perform blockio or fileio optionally, auto can be set and Cinder will autodetect type of backing device

iscsi_secondary_ip_addresses = []

list value

The list of secondary IP addresses of the iSCSI daemon

`iscsi_target_flags = `

string value

Sets the target-specific flags for the iSCSI target. Only used for tgtadm to specify backing device flags using bsoflags option. The specified string is passed as is to the underlying tool.

iscsi_write_cache = on

string value

Sets the behavior of the iSCSI target to either perform write-back(on) or write-through(off). This parameter is valid if target_helper is set to tgtadm.

iser_helper = tgtadm

string value

The name of the iSER target user-land tool to use

iser_ip_address = $my_ip

string value

The IP address that the iSER daemon is listening on

iser_port = 3260

port value

The port that the iSER daemon is listening on

iser_target_prefix = iqn.2010-10.org.openstack:

string value

Prefix for iSER volumes

java_path = /usr/bin/java

string value

The Java absolute path.

jovian_block_size = 64K

string value

Block size can be: 32K, 64K, 128K, 256K, 512K, 1M

jovian_ignore_tpath = []

list value

List of multipath ip addresses to ignore.

jovian_pool = Pool-0

string value

JovianDSS pool that holds all cinder volumes

jovian_recovery_delay = 60

integer value

Time before HA cluster failure.

keystone_catalog_info = identity:Identity Service:publicURL

string value

Info to match when looking for keystone in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type> - Only used if backup_swift_auth_url is unset

kioxia_block_size = 4096

integer value

Volume block size in bytes - 512 or 4096 (Default).

kioxia_cafile = None

string value

Cert for provisioner REST API SSL

kioxia_desired_bw_per_gb = 0

integer value

Desired bandwidth in B/s per GB.

kioxia_desired_iops_per_gb = 0

integer value

Desired IOPS/GB.

kioxia_max_bw_per_gb = 0

integer value

Upper limit for bandwidth in B/s per GB.

kioxia_max_iops_per_gb = 0

integer value

Upper limit for IOPS/GB.

kioxia_max_replica_down_time = 0

integer value

Replicated volume max downtime for replica in minutes.

kioxia_num_replicas = 1

integer value

Number of volume replicas.

kioxia_provisioning_type = THICK

string value

Thin or thick volume, Default thick.

kioxia_same_rack_allowed = False

boolean value

Can more than one replica be allocated to same rack.

kioxia_snap_reserved_space_percentage = 0

integer value

Percentage of the parent volume to be used for log.

kioxia_snap_vol_reserved_space_percentage = 0

integer value

Writable snapshot percentage of parent volume used for log.

kioxia_snap_vol_span_allowed = True

boolean value

Allow span in snapshot volume - Default True.

kioxia_span_allowed = True

boolean value

Allow span - Default True.

kioxia_token = None

string value

KumoScale Provisioner auth token.

kioxia_url = None

string value

KumoScale provisioner REST API URL

kioxia_vol_reserved_space_percentage = 0

integer value

Thin volume reserved capacity allocation percentage.

kioxia_writable = False

boolean value

Volumes from snapshot writeable or not.

log-config-append = None

string value

The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log-date-format).

log-date-format = %Y-%m-%d %H:%M:%S

string value

Defines the format string for %%(asctime)s in log records. Default: %(default)s . This option is ignored if log_config_append is set.

log-dir = None

string value

(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.

log-file = None

string value

(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.

log_options = True

boolean value

Enables or disables logging values of all registered options when starting a service (at DEBUG level).

log_rotate_interval = 1

integer value

The amount of time before the log files are rotated. This option is ignored unless log_rotation_type is setto "interval".

log_rotate_interval_type = days

string value

Rotation interval type. The time of the last file change (or the time when the service was started) is used when scheduling the next rotation.

log_rotation_type = none

string value

Log rotation type.

logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s

string value

Format string to use for log messages with context. Used by oslo_log.formatters.ContextFormatter

logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d

string value

Additional data to append to log message when logging level for the message is DEBUG. Used by oslo_log.formatters.ContextFormatter

logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

string value

Format string to use for log messages when context is undefined. Used by oslo_log.formatters.ContextFormatter

logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

string value

Prefix each line of exception output with this format. Used by oslo_log.formatters.ContextFormatter

logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s

string value

Defines the format string for %(user_identity)s that is used in logging_context_format_string. Used by oslo_log.formatters.ContextFormatter

manager_ips = {}

dict value

This option is to support the FSA to mount across the different nodes. The parameters takes the standard dict config form, manager_ips = host1:ip1, host2:ip2…​

max_age = 0

integer value

Number of seconds between subsequent usage refreshes

max_header_line = 16384

integer value

Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated when keystone is configured to use PKI tokens with big service catalogs).

max_logfile_count = 30

integer value

Maximum number of rotated log files.

max_logfile_size_mb = 200

integer value

Log file maximum size in MB. This option is ignored if "log_rotation_type" is not set to "size".

max_over_subscription_ratio = 20.0

string value

Representation of the over subscription ratio when thin provisioning is enabled. Default ratio is 20.0, meaning provisioned capacity can be 20 times of the total physical capacity. If the ratio is 10.5, it means provisioned capacity can be 10.5 times of the total physical capacity. A ratio of 1.0 means provisioned capacity cannot exceed the total physical capacity. If ratio is auto, Cinder will automatically calculate the ratio based on the provisioned capacity and the used space. If not set to auto, the ratio has to be a minimum of 1.0.

message_reap_interval = 86400

integer value

interval between periodic task runs to clean expired messages in seconds.

message_ttl = 2592000

integer value

message minimum life in seconds.

migration_create_volume_timeout_secs = 300

integer value

Timeout for creating the volume to migrate to when performing volume migration (seconds)

monkey_patch = False

boolean value

Enable monkey patching

monkey_patch_modules = []

list value

List of modules/decorators to monkey patch

my_ip = <based on operating system>

host address value

IP address of this host

no_snapshot_gb_quota = False

boolean value

Whether snapshots count against gigabyte quota

num_iser_scan_tries = 3

integer value

The maximum number of times to rescan iSER target to find volume

num_shell_tries = 3

integer value

Number of times to attempt to run flakey shell commands

num_volume_device_scan_tries = 3

integer value

The maximum number of times to rescan targets to find volume

nvmet_ns_id = 10

integer value

The namespace id associated with the subsystem that will be created with the path for the LVM volume.

nvmet_port_id = 1

port value

The port that the NVMe target is listening on.

osapi_max_limit = 1000

integer value

The maximum number of items that a collection resource returns in a single response

osapi_volume_ext_list = []

list value

Specify list of extensions to load when using osapi_volume_extension option with cinder.api.contrib.select_extensions

osapi_volume_extension = ['cinder.api.contrib.standard_extensions']

multi valued

osapi volume extension to load

osapi_volume_listen = 0.0.0.0

string value

IP address on which OpenStack Volume API listens

osapi_volume_listen_port = 8776

port value

Port on which OpenStack Volume API listens

osapi_volume_use_ssl = False

boolean value

Wraps the socket in a SSL context if True is set. A certificate file and key file must be specified.

osapi_volume_workers = None

integer value

Number of workers for OpenStack Volume API service. The default is equal to the number of CPUs available.

per_volume_size_limit = -1

integer value

Max size allowed per volume, in gigabytes

periodic_fuzzy_delay = 60

integer value

Range, in seconds, to randomly delay when starting the periodic task scheduler to reduce stampeding. (Disable by setting to 0)

periodic_interval = 60

integer value

Interval, in seconds, between running periodic tasks

pool_id_filter = []

list value

Pool id permit to use Deprecated since: 14.0.0

*Reason:*FusionStorage cinder driver refactored the code with Restful method and the old CLI mode has been abandon. So those configuration items are no longer used.

pool_type = default

string value

Pool type, like sata-2copy Deprecated since: 14.0.0

*Reason:*FusionStorage cinder driver refactored the code with Restful method and the old CLI mode has been abandon. So those configuration items are no longer used.

public_endpoint = None

string value

Public url to use for versions endpoint. The default is None, which will use the request’s host_url attribute to populate the URL base. If Cinder is operating behind a proxy, you will want to change this to represent the proxy’s URL.

publish_errors = False

boolean value

Enables or disables publication of error events.

quota_backup_gigabytes = 1000

integer value

Total amount of storage, in gigabytes, allowed for backups per project

quota_backups = 10

integer value

Number of volume backups allowed per project

quota_consistencygroups = 10

integer value

Number of consistencygroups allowed per project

quota_driver = cinder.quota.DbQuotaDriver

string value

Default driver to use for quota checks

quota_gigabytes = 1000

integer value

Total amount of storage, in gigabytes, allowed for volumes and snapshots per project

quota_groups = 10

integer value

Number of groups allowed per project

quota_snapshots = 10

integer value

Number of volume snapshots allowed per project

quota_volumes = 10

integer value

Number of volumes allowed per project

rate_limit_burst = 0

integer value

Maximum number of logged messages per rate_limit_interval.

rate_limit_except_level = CRITICAL

string value

Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered.

rate_limit_interval = 0

integer value

Interval, number of seconds, of log rate limiting.

reinit_driver_count = 3

integer value

Maximum times to reintialize the driver if volume initialization fails. The interval of retry is exponentially backoff, and will be 1s, 2s, 4s etc.

replication_device = None

dict value

Multi opt of dictionaries to represent a replication target device. This option may be specified multiple times in a single config section to specify multiple replication target devices. Each entry takes the standard dict config form: replication_device = target_device_id:<required>,key1:value1,key2:value2…​

report_discard_supported = False

boolean value

Report to clients of Cinder that the backend supports discard (aka. trim/unmap). This will not actually change the behavior of the backend or the client directly, it will only notify that it can be used.

report_interval = 10

integer value

Interval, in seconds, between nodes reporting state to datastore

reservation_clean_interval = $reservation_expire

integer value

Interval between periodic task runs to clean expired reservations in seconds.

reservation_expire = 86400

integer value

Number of seconds until a reservation expires

reserved_percentage = 0

integer value

The percentage of backend capacity is reserved

resource_query_filters_file = /etc/cinder/resource_filters.json

string value

Json file indicating user visible filter parameters for list queries.

restore_discard_excess_bytes = True

boolean value

If True, always discard excess bytes when restoring volumes i.e. pad with zeroes.

rootwrap_config = /etc/cinder/rootwrap.conf

string value

Path to the rootwrap configuration file to use for running commands as root

rpc_conn_pool_size = 30

integer value

Size of RPC connection pool.

rpc_ping_enabled = False

boolean value

Add an endpoint to answer to ping calls. Endpoint is named oslo_rpc_server_ping

rpc_response_timeout = 60

integer value

Seconds to wait for a response from a call.

run_external_periodic_tasks = True

boolean value

Some periodic tasks can be run in a separate process. Should we run them here?

`san_hosts = `

list value

IP address of Open-E JovianDSS SA

`sandstone_pool = `

string value

SandStone storage pool resource name.

scheduler_default_filters = ['AvailabilityZoneFilter', 'CapacityFilter', 'CapabilitiesFilter']

list value

Which filter class names to use for filtering hosts when not specified in the request.

scheduler_default_weighers = ['CapacityWeigher']

list value

Which weigher class names to use for weighing hosts.

scheduler_driver = cinder.scheduler.filter_scheduler.FilterScheduler

string value

Default scheduler driver to use

scheduler_driver_init_wait_time = 60

integer value

Maximum time in seconds to wait for the driver to report as ready

scheduler_host_manager = cinder.scheduler.host_manager.HostManager

string value

The scheduler host manager class to use

`scheduler_json_config_location = `

string value

Absolute path to scheduler configuration JSON file.

scheduler_manager = cinder.scheduler.manager.SchedulerManager

string value

Full class name for the Manager for scheduler

scheduler_max_attempts = 3

integer value

Maximum number of attempts to schedule a volume

scheduler_weight_handler = cinder.scheduler.weights.OrderedHostWeightHandler

string value

Which handler to use for selecting the host/pool after weighing

scst_target_driver = iscsi

string value

SCST target implementation can choose from multiple SCST target drivers.

scst_target_iqn_name = None

string value

Certain ISCSI targets have predefined target names, SCST target driver uses this name.

service_down_time = 60

integer value

Maximum time since last check-in for a service to be considered up

snapshot_name_template = snapshot-%s

string value

Template string to be used to generate snapshot names

snapshot_same_host = True

boolean value

Create volume from snapshot at the host where snapshot resides

split_loggers = False

boolean value

Log requests to multiple loggers.

ssh_hosts_key_file = $state_path/ssh_known_hosts

string value

File containing SSH host keys for the systems with which Cinder needs to communicate. OPTIONAL: Default=$state_path/ssh_known_hosts

state_path = /var/lib/cinder

string value

Top-level directory for maintaining cinder’s state

storage_availability_zone = nova

string value

Availability zone of this node. Can be overridden per volume backend with the option "backend_availability_zone".

storage_protocol = iscsi

string value

Protocol for transferring data between host and storage back-end.

strict_ssh_host_key_policy = False

boolean value

Option to enable strict host key checking. When set to "True" Cinder will only connect to systems with a host key present in the configured "ssh_hosts_key_file". When set to "False" the host key will be saved upon first connection and used for subsequent connections. Default=False

swift_catalog_info = object-store:swift:publicURL

string value

Info to match when looking for swift in the service catalog. Format is: separated values of the form: <service_type>:<service_name>:<endpoint_type> - Only used if backup_swift_url is unset

syslog-log-facility = LOG_USER

string value

Syslog facility to receive log lines. This option is ignored if log_config_append is set.

target_helper = tgtadm

string value

Target user-land tool to use. tgtadm is default, use lioadm for LIO iSCSI support, scstadmin for SCST target support, ietadm for iSCSI Enterprise Target, iscsictl for Chelsio iSCSI Target, nvmet for NVMEoF support, spdk-nvmeof for SPDK NVMe-oF, or fake for testing. Note: The IET driver is deprecated and will be removed in the V release.

target_ip_address = $my_ip

string value

The IP address that the iSCSI daemon is listening on

target_port = 3260

port value

The port that the iSCSI daemon is listening on

target_prefix = iqn.2010-10.org.openstack:

string value

Prefix for iSCSI volumes

target_protocol = iscsi

string value

Determines the target protocol for new volumes, created with tgtadm, lioadm and nvmet target helpers. In order to enable RDMA, this parameter should be set with the value "iser". The supported iSCSI protocol values are "iscsi" and "iser", in case of nvmet target set to "nvmet_rdma".

tcp_keepalive = True

boolean value

Sets the value of TCP_KEEPALIVE (True/False) for each server socket.

tcp_keepalive_count = None

integer value

Sets the value of TCP_KEEPCNT for each server socket. Not supported on OS X.

tcp_keepalive_interval = None

integer value

Sets the value of TCP_KEEPINTVL in seconds for each server socket. Not supported on OS X.

tcp_keepidle = 600

integer value

Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not supported on OS X.

trace_flags = None

list value

List of options that control which trace info is written to the DEBUG log level to assist developers. Valid values are method and api.

transfer_api_class = cinder.transfer.api.API

string value

The full class name of the volume transfer API class

transport_url = rabbit://

string value

The network address and optional user credentials for connecting to the messaging backend, in URL format. The expected format is:

driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query

Example: rabbit://rabbitmq:password@127.0.0.1:5672//

For full details on the fields in the URL see the documentation of oslo_messaging.TransportURL at https://docs.openstack.org/oslo.messaging/latest/reference/transport.html

until_refresh = 0

integer value

Count of reservations until usage is refreshed

use-journal = False

boolean value

Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.

use-json = False

boolean value

Use JSON formatting for logging. This option is ignored if log_config_append is set.

use-syslog = False

boolean value

Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.

use_chap_auth = False

boolean value

Option to enable/disable CHAP authentication for targets.

use_default_quota_class = True

boolean value

Enables or disables use of default quota class with default quota.

use_eventlog = False

boolean value

Log output to Windows Event Log.

use_forwarded_for = False

boolean value

Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy.

use_multipath_for_image_xfer = False

boolean value

Do we attach/detach volumes in cinder using multipath for volume to image and image to volume transfers? This parameter needs to be configured for each backend section or in [backend_defaults] section as a common configuration for all backends.

use_stderr = False

boolean value

Log output to standard error. This option is ignored if log_config_append is set.

verify_glance_signatures = enabled

string value

Enable image signature verification.

Cinder uses the image signature metadata from Glance and verifies the signature of a signed image while downloading that image. There are two options here.

  1. enabled: verify when image has signature metadata.
  2. disabled: verification is turned off.

If the image signature cannot be verified or if the image signature metadata is incomplete when required, then Cinder will not create the volume and update it into an error state. This provides end users with stronger assurances of the integrity of the image data they are using to create volumes.

vmdk_allowed_types = ['streamOptimized', 'monolithicSparse']

list value

A list of strings describing the VMDK createType subformats that are allowed. We recommend that you only include single-file-with-sparse-header variants to avoid potential host file exposure when processing named extents when an image is converted to raw format as it is written to a volume. If this list is empty, no VMDK images are allowed.

volume_api_class = cinder.volume.api.API

string value

The full class name of the volume API class to use

volume_backend_name = None

string value

The backend name for a given driver implementation

volume_clear = zero

string value

Method used to wipe old volumes

volume_clear_ionice = None

string value

The flag to pass to ionice to alter the i/o priority of the process used to zero a volume after deletion, for example "-c3" for idle only priority.

volume_clear_size = 0

integer value

Size in MiB to wipe at start of old volumes. 1024 MiB at max. 0 ⇒ all

volume_copy_blkio_cgroup_name = cinder-volume-copy

string value

The blkio cgroup name to be used to limit bandwidth of volume copy

volume_copy_bps_limit = 0

integer value

The upper limit of bandwidth of volume copy. 0 ⇒ unlimited

volume_dd_blocksize = 1M

string value

The default block size used when copying/clearing volumes

volume_manager = cinder.volume.manager.VolumeManager

string value

Full class name for the Manager for volume

volume_name_template = volume-%s

string value

Template string to be used to generate volume names

volume_number_multiplier = -1.0

floating point value

Multiplier used for weighing volume number. Negative numbers mean to spread vs stack.

volume_service_inithost_offload = False

boolean value

Offload pending volume delete during volume service startup

volume_transfer_key_length = 16

integer value

The number of characters in the autogenerated auth key.

volume_transfer_salt_length = 8

integer value

The number of characters in the salt.

volume_usage_audit_period = month

string value

Time period for which to generate volume usages. The options are hour, day, month, or year.

volumes_dir = $state_path/volumes

string value

Volume configuration file storage directory

vrts_lun_sparse = True

boolean value

Create sparse Lun.

vrts_target_config = /etc/cinder/vrts_target.xml

string value

VA config file.

watch-log-file = False

boolean value

Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.

wsgi_default_pool_size = 100

integer value

Size of the pool of greenthreads used by wsgi

wsgi_keep_alive = True

boolean value

If False, closes the client socket connection explicitly.

wsgi_log_format = %(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f

string value

A python format string that is used as the template to generate log lines. The following values can beformatted into it: client_ip, date_time, request_line, status_code, body_length, wall_seconds.

wsgi_server_debug = False

boolean value

True if the server should send exception tracebacks to the clients on 500 errors. If False, the server will respond with empty bodies.

zoning_mode = None

string value

FC Zoning mode configured, only fabric is supported now.

2.1.2. backend

The following table outlines the options available under the [backend] group in the /etc/cinder/cinder.conf file.

Table 2.1. backend

Configuration option = Default valueTypeDescription

backend_host = None

string value

Backend override of host value.

2.1.3. backend_defaults

The following table outlines the options available under the [backend_defaults] group in the /etc/cinder/cinder.conf file.

Table 2.2. backend_defaults

Configuration option = Default valueTypeDescription

auto_calc_max_oversubscription_ratio = False

boolean value

K2 driver will calculate max_oversubscription_ratio on setting this option as True.

backend_availability_zone = None

string value

Availability zone for this volume backend. If not set, the storage_availability_zone option value is used as the default for all backends.

backend_native_threads_pool_size = 20

integer value

Size of the native threads pool for the backend. Increase for backends that heavily rely on this, like the RBD driver.

chap = disabled

string value

CHAP authentication mode, effective only for iscsi (disabled|enabled)

`chap_password = `

string value

Password for specified CHAP account name.

`chap_username = `

string value

CHAP user name.

check_max_pool_luns_threshold = False

boolean value

DEPRECATED: Report free_capacity_gb as 0 when the limit to maximum number of pool LUNs is reached. By default, the value is False.

chiscsi_conf = /etc/chelsio-iscsi/chiscsi.conf

string value

Chiscsi (CXT) global defaults configuration file

cinder_eternus_config_file = /etc/cinder/cinder_fujitsu_eternus_dx.xml

string value

Config file for cinder eternus_dx volume driver.

cinder_huawei_conf_file = /etc/cinder/cinder_huawei_conf.xml

string value

The configuration file for the Cinder Huawei driver.

connection_type = iscsi

string value

Connection type to the IBM Storage Array

cycle_period_seconds = 300

integer value

This defines an optional cycle period that applies to Global Mirror relationships with a cycling mode of multi. A Global Mirror relationship using the multi cycling_mode performs a complete cycle at most once each period. The default is 300 seconds, and the valid seconds are 60-86400.

datacore_api_timeout = 300

integer value

Seconds to wait for a response from a DataCore API call.

datacore_disk_failed_delay = 300

integer value

Seconds to wait for DataCore virtual disk to come out of the "Failed" state.

datacore_disk_pools = []

list value

List of DataCore disk pools that can be used by volume driver.

datacore_disk_type = single

string value

DataCore virtual disk type (single/mirrored). Mirrored virtual disks require two storage servers in the server group.

datacore_fc_unallowed_targets = []

list value

List of FC targets that cannot be used to attach volume. To prevent the DataCore FibreChannel volume driver from using some front-end targets in volume attachment, specify this option and list the iqn and target machine for each target as the value, such as <wwpns:target name>, <wwpns:target name>, <wwpns:target name>.

datacore_iscsi_chap_storage = $state_path/.datacore_chap

string value

Fully qualified file name where dynamically generated iSCSI CHAP secrets are stored.

datacore_iscsi_unallowed_targets = []

list value

List of iSCSI targets that cannot be used to attach volume. To prevent the DataCore iSCSI volume driver from using some front-end targets in volume attachment, specify this option and list the iqn and target machine for each target as the value, such as <iqn:target name>, <iqn:target name>, <iqn:target name>.

datacore_storage_profile = None

string value

DataCore virtual disk storage profile.

default_timeout = 31536000

integer value

Default timeout for CLI operations in minutes. For example, LUN migration is a typical long running operation, which depends on the LUN size and the load of the array. An upper bound in the specific deployment can be set to avoid unnecessary long wait. By default, it is 365 days long.

deferred_deletion_delay = 0

integer value

Time delay in seconds before a volume is eligible for permanent removal after being tagged for deferred deletion.

deferred_deletion_purge_interval = 60

integer value

Number of seconds between runs of the periodic task to purge volumes tagged for deletion.

dell_api_async_rest_timeout = 15

integer value

Dell SC API async call default timeout in seconds.

dell_api_sync_rest_timeout = 30

integer value

Dell SC API sync call default timeout in seconds.

dell_sc_api_port = 3033

port value

Dell API port

dell_sc_server_folder = openstack

string value

Name of the server folder to use on the Storage Center

dell_sc_ssn = 64702

integer value

Storage Center System Serial Number

dell_sc_verify_cert = False

boolean value

Enable HTTPS SC certificate verification

dell_sc_volume_folder = openstack

string value

Name of the volume folder to use on the Storage Center

dell_server_os = Red Hat Linux 6.x

string value

Server OS type to use when creating a new server on the Storage Center.

destroy_empty_storage_group = False

boolean value

To destroy storage group when the last LUN is removed from it. By default, the value is False.

disable_discovery = False

boolean value

Disabling iSCSI discovery (sendtargets) for multipath connections on K2 driver.

`dpl_pool = `

string value

DPL pool uuid in which DPL volumes are stored.

dpl_port = 8357

port value

DPL port number.

driver_client_cert = None

string value

The path to the client certificate for verification, if the driver supports it.

driver_client_cert_key = None

string value

The path to the client certificate key for verification, if the driver supports it.

driver_data_namespace = None

string value

Namespace for driver private data values to be saved in.

driver_ssl_cert_path = None

string value

Can be used to specify a non default path to a CA_BUNDLE file or directory with certificates of trusted CAs, which will be used to validate the backend

driver_ssl_cert_verify = False

boolean value

If set to True the http client will validate the SSL certificate of the backend endpoint.

driver_use_ssl = False

boolean value

Tell driver to use SSL for connection to backend storage if the driver supports it.

`ds8k_devadd_unitadd_mapping = `

string value

Mapping between IODevice address and unit address.

ds8k_host_type = auto

string value

Set to zLinux if your OpenStack version is prior to Liberty and you’re connecting to zLinux systems. Otherwise set to auto. Valid values for this parameter are: auto, AMDLinuxRHEL, AMDLinuxSuse, AppleOSX, Fujitsu, Hp, HpTru64, HpVms, LinuxDT, LinuxRF, LinuxRHEL, LinuxSuse, Novell, SGI, SVC, SanFsAIX, SanFsLinux, Sun, VMWare, Win2000, Win2003, Win2008, Win2012, iLinux, nSeries, pLinux, pSeries, pSeriesPowerswap, zLinux, iSeries.

ds8k_ssid_prefix = FF

string value

Set the first two digits of SSID.

enable_deferred_deletion = False

boolean value

Enable deferred deletion. Upon deletion, volumes are tagged for deletion but will only be removed asynchronously at a later time.

enable_unsupported_driver = False

boolean value

Set this to True when you want to allow an unsupported driver to start. Drivers that haven’t maintained a working CI system and testing are marked as unsupported until CI is working again. This also marks a driver as deprecated and may be removed in the next release.

enforce_multipath_for_image_xfer = False

boolean value

If this is set to True, attachment of volumes for image transfer will be aborted when multipathd is not running. Otherwise, it will fallback to single path. This parameter needs to be configured for each backend section or in [backend_defaults] section as a common configuration for all backends.

excluded_domain_ip = None

IP address value

DEPRECATED: Fault Domain IP to be excluded from iSCSI returns. Deprecated since: Stein

*Reason:*Replaced by excluded_domain_ips option

excluded_domain_ips = []

list value

Comma separated Fault Domain IPs to be excluded from iSCSI returns.

expiry_thres_minutes = 720

integer value

This option specifies the threshold for last access time for images in the NFS image cache. When a cache cleaning cycle begins, images in the cache that have not been accessed in the last M minutes, where M is the value of this parameter, will be deleted from the cache to create free space on the NFS share.

extra_capabilities = {}

string value

User defined capabilities, a JSON formatted string specifying key/value pairs. The key/value pairs can be used by the CapabilitiesFilter to select between backends when requests specify volume types. For example, specifying a service level or the geographical location of a backend, then creating a volume type to allow the user to select by these different properties.

filter_function = None

string value

String representation for an equation that will be used to filter hosts. Only used when the driver filter is set to be used by the Cinder scheduler.

flashsystem_connection_protocol = FC

string value

Connection protocol should be FC. (Default is FC.)

flashsystem_iscsi_portid = 0

integer value

Default iSCSI Port ID of FlashSystem. (Default port is 0.)

flashsystem_multihostmap_enabled = True

boolean value

Allows vdisk to multi host mapping. (Default is True)

force_delete_lun_in_storagegroup = True

boolean value

Delete a LUN even if it is in Storage Groups.

goodness_function = None

string value

String representation for an equation that will be used to determine the goodness of a host. Only used when using the goodness weigher is set to be used by the Cinder scheduler.

gpfs_hosts = []

list value

Comma-separated list of IP address or hostnames of GPFS nodes.

gpfs_hosts_key_file = $state_path/ssh_known_hosts

string value

File containing SSH host keys for the gpfs nodes with which driver needs to communicate. Default=$state_path/ssh_known_hosts

gpfs_images_dir = None

string value

Specifies the path of the Image service repository in GPFS. Leave undefined if not storing images in GPFS.

gpfs_images_share_mode = None

string value

Specifies the type of image copy to be used. Set this when the Image service repository also uses GPFS so that image files can be transferred efficiently from the Image service to the Block Storage service. There are two valid values: "copy" specifies that a full copy of the image is made; "copy_on_write" specifies that copy-on-write optimization strategy is used and unmodified blocks of the image file are shared efficiently.

gpfs_max_clone_depth = 0

integer value

Specifies an upper limit on the number of indirections required to reach a specific block due to snapshots or clones. A lengthy chain of copy-on-write snapshots or clones can have a negative impact on performance, but improves space utilization. 0 indicates unlimited clone depth.

gpfs_mount_point_base = None

string value

Specifies the path of the GPFS directory where Block Storage volume and snapshot files are stored.

`gpfs_private_key = `

string value

Filename of private key to use for SSH authentication.

gpfs_sparse_volumes = True

boolean value

Specifies that volumes are created as sparse files which initially consume no space. If set to False, the volume is created as a fully allocated file, in which case, creation may take a significantly longer time.

gpfs_ssh_port = 22

port value

SSH port to use.

gpfs_storage_pool = system

string value

Specifies the storage pool that volumes are assigned to. By default, the system storage pool is used.

gpfs_strict_host_key_policy = False

boolean value

Option to enable strict gpfs host key checking while connecting to gpfs nodes. Default=False

gpfs_user_login = root

string value

Username for GPFS nodes.

`gpfs_user_password = `

string value

Password for GPFS node user.

hitachi_compute_target_ports = []

list value

IDs of the storage ports used to attach volumes to compute nodes. To specify multiple ports, connect them by commas (e.g. CL1-A,CL2-A).

hitachi_discard_zero_page = True

boolean value

Enable or disable zero page reclamation in a DP-VOL.

hitachi_group_create = False

boolean value

If True, the driver will create host groups or iSCSI targets on storage ports as needed.

hitachi_group_delete = False

boolean value

If True, the driver will delete host groups or iSCSI targets on storage ports as needed.

hitachi_ldev_range = None

string value

Range of the LDEV numbers in the format of xxxx-yyyy that can be used by the driver. Values can be in decimal format (e.g. 1000) or in colon-separated hexadecimal format (e.g. 00:03:E8).

hitachi_pool = None

string value

Pool number or pool name of the DP pool.

hitachi_rest_tcp_keepalive = True

boolean value

Enables or disables use of REST API tcp keepalive

hitachi_snap_pool = None

string value

Pool number or pool name of the snapshot pool.

hitachi_storage_id = None

string value

Product number of the storage system.

hitachi_target_ports = []

list value

IDs of the storage ports used to attach volumes to the controller node. To specify multiple ports, connect them by commas (e.g. CL1-A,CL2-A).

hitachi_zoning_request = False

boolean value

If True, the driver will configure FC zoning between the server and the storage system provided that FC zoning manager is enabled.

`hpe3par_api_url = `

string value

WSAPI Server URL. This setting applies to both 3PAR and Primera. Example 1: for 3PAR, URL is: https://<3par ip>:8080/api/v1 Example 2: for Primera, URL is: https://<primera ip>:443/api/v1

hpe3par_cpg = ['OpenStack']

list value

List of the 3PAR / Primera CPG(s) to use for volume creation

`hpe3par_cpg_snap = `

string value

The 3PAR / Primera CPG to use for snapshots of volumes. If empty the userCPG will be used.

hpe3par_debug = False

boolean value

Enable HTTP debugging to 3PAR / Primera

hpe3par_iscsi_chap_enabled = False

boolean value

Enable CHAP authentication for iSCSI connections.

hpe3par_iscsi_ips = []

list value

List of target iSCSI addresses to use.

`hpe3par_password = `

string value

3PAR / Primera password for the user specified in hpe3par_username

`hpe3par_snapshot_expiration = `

string value

The time in hours when a snapshot expires and is deleted. This must be larger than expiration

`hpe3par_snapshot_retention = `

string value

The time in hours to retain a snapshot. You can’t delete it before this expires.

`hpe3par_target_nsp = `

string value

The nsp of 3PAR backend to be used when: (1) multipath is not enabled in cinder.conf. (2) Fiber Channel Zone Manager is not used. (3) the 3PAR backend is prezoned with this specific nsp only. For example if nsp is 2 1 2, the format of the option’s value is 2:1:2

`hpe3par_username = `

string value

3PAR / Primera username with the edit role

hpmsa_api_protocol = https

string value

HPMSA API interface protocol.

hpmsa_iscsi_ips = []

list value

List of comma-separated target iSCSI IP addresses.

hpmsa_pool_name = A

string value

Pool or Vdisk name to use for volume creation.

hpmsa_pool_type = virtual

string value

linear (for Vdisk) or virtual (for Pool).

hpmsa_verify_certificate = False

boolean value

Whether to verify HPMSA array SSL certificate.

hpmsa_verify_certificate_path = None

string value

HPMSA array SSL certificate path.

hypermetro_devices = None

string value

The remote device hypermetro will use.

iet_conf = /etc/iet/ietd.conf

string value

DEPRECATED: IET configuration file

ignore_pool_full_threshold = False

boolean value

Force LUN creation even if the full threshold of pool is reached. By default, the value is False.

image_upload_use_cinder_backend = False

boolean value

If set to True, upload-to-image in raw format will create a cloned volume and register its location to the image service, instead of uploading the volume content. The cinder backend and locations support must be enabled in the image service.

image_upload_use_internal_tenant = False

boolean value

If set to True, the image volume created by upload-to-image will be placed in the internal tenant. Otherwise, the image volume is created in the current context’s tenant.

image_volume_cache_enabled = False

boolean value

Enable the image volume cache for this backend.

image_volume_cache_max_count = 0

integer value

Max number of entries allowed in the image volume cache. 0 ⇒ unlimited.

image_volume_cache_max_size_gb = 0

integer value

Max size of the image volume cache for this backend in GB. 0 ⇒ unlimited.

included_domain_ips = []

list value

Comma separated Fault Domain IPs to be included from iSCSI returns.

infinidat_iscsi_netspaces = []

list value

List of names of network spaces to use for iSCSI connectivity

infinidat_pool_name = None

string value

Name of the pool from which volumes are allocated

infinidat_storage_protocol = fc

string value

Protocol for transferring data between host and storage back-end.

infinidat_use_compression = False

boolean value

Specifies whether to turn on compression for newly created volumes.

initiator_auto_deregistration = False

boolean value

Automatically deregister initiators after the related storage group is destroyed. By default, the value is False.

initiator_auto_registration = False

boolean value

Automatically register initiators. By default, the value is False.

initiator_check = False

boolean value

Use this value to enable the initiator_check.

interval = 3

integer value

Use this value to specify length of the interval in seconds.

io_port_list = None

list value

Comma separated iSCSI or FC ports to be used in Nova or Cinder.

iscsi_initiators = None

string value

Mapping between hostname and its iSCSI initiator IP addresses.

iscsi_iotype = fileio

string value

Sets the behavior of the iSCSI target to either perform blockio or fileio optionally, auto can be set and Cinder will autodetect type of backing device

iscsi_secondary_ip_addresses = []

list value

The list of secondary IP addresses of the iSCSI daemon

`iscsi_target_flags = `

string value

Sets the target-specific flags for the iSCSI target. Only used for tgtadm to specify backing device flags using bsoflags option. The specified string is passed as is to the underlying tool.

iscsi_write_cache = on

string value

Sets the behavior of the iSCSI target to either perform write-back(on) or write-through(off). This parameter is valid if target_helper is set to tgtadm.

iser_helper = tgtadm

string value

The name of the iSER target user-land tool to use

iser_ip_address = $my_ip

string value

The IP address that the iSER daemon is listening on

iser_port = 3260

port value

The port that the iSER daemon is listening on

iser_target_prefix = iqn.2010-10.org.openstack:

string value

Prefix for iSER volumes

lenovo_api_protocol = https

string value

Lenovo api interface protocol.

lenovo_iscsi_ips = []

list value

List of comma-separated target iSCSI IP addresses.

lenovo_pool_name = A

string value

Pool or Vdisk name to use for volume creation.

lenovo_pool_type = virtual

string value

linear (for VDisk) or virtual (for Pool).

lenovo_verify_certificate = False

boolean value

Whether to verify Lenovo array SSL certificate.

lenovo_verify_certificate_path = None

string value

Lenovo array SSL certificate path.

linstor_autoplace_count = 0

integer value

Autoplace replication count on volume deployment. 0 = Full cluster replication without autoplace, 1 = Single node deployment without replication, 2 or greater = Replicated deployment with autoplace.

linstor_controller_diskless = True

boolean value

True means Cinder node is a diskless LINSTOR node.

linstor_default_blocksize = 4096

integer value

Default Block size for Image restoration. When using iSCSI transport, this option specifies the block size.

linstor_default_storage_pool_name = DfltStorPool

string value

Default Storage Pool name for LINSTOR.

linstor_default_uri = linstor://localhost

string value

Default storage URI for LINSTOR.

linstor_default_volume_group_name = drbd-vg

string value

Default Volume Group name for LINSTOR. Not Cinder Volume.

linstor_volume_downsize_factor = 4096

floating point value

Default volume downscale size in KiB = 4 MiB.

load_balance = False

boolean value

Enable/disable load balancing for a PowerMax backend.

load_balance_real_time = False

boolean value

Enable/disable real-time performance metrics for Port level load balancing for a PowerMax backend.

load_data_format = Avg

string value

Performance data format, not applicable for real-time metrics. Available options are "avg" and "max".

load_look_back = 60

integer value

How far in minutes to look back for diagnostic performance metrics in load calculation, minimum of 0 maximum of 1440 (24 hours).

load_look_back_real_time = 1

integer value

How far in minutes to look back for real-time performance metrics in load calculation, minimum of 1 maximum of 10.

`lss_range_for_cg = `

string value

Reserve LSSs for consistency group.

lvm_conf_file = /etc/cinder/lvm.conf

string value

LVM conf file to use for the LVM driver in Cinder; this setting is ignored if the specified file does not exist (You can also specify None to not use a conf file even if one exists).

lvm_mirrors = 0

integer value

If >0, create LVs with multiple mirrors. Note that this requires lvm_mirrors + 2 PVs with available space

lvm_suppress_fd_warnings = False

boolean value

Suppress leaked file descriptor warnings in LVM commands.

lvm_type = auto

string value

Type of LVM volumes to deploy; (default, thin, or auto). Auto defaults to thin if thin is supported.

macrosan_client = None

list value

Macrosan iscsi_clients list. You can configure multiple clients. You can configure it in this format: (host; client_name; sp1_iscsi_port; sp2_iscsi_port), (host; client_name; sp1_iscsi_port; sp2_iscsi_port) Important warning, Client_name has the following requirements: [a-zA-Z0-9.-_:], the maximum number of characters is 31 E.g: (controller1; device1; eth-1:0; eth-2:0), (controller2; device2; eth-1:0/eth-1:1; eth-2:0/eth-2:1),

macrosan_client_default = None

string value

This is the default connection ports' name for iscsi. This default configuration is used when no host related information is obtained.E.g: eth-1:0/eth-1:1; eth-2:0/eth-2:1

macrosan_fc_keep_mapped_ports = True

boolean value

In the case of an FC connection, the configuration item associated with the port is maintained.

macrosan_fc_use_sp_port_nr = 1

integer value

The use_sp_port_nr parameter is the number of online FC ports used by the single-ended memory when the FC connection is established in the switch non-all-pass mode. The maximum is 4

macrosan_force_unmap_itl = True

boolean value

Force disconnect while deleting volume

macrosan_log_timing = True

boolean value

Whether enable log timing

macrosan_pool = None

string value

Pool to use for volume creation

macrosan_replication_destination_ports = None

list value

Slave device

macrosan_replication_ipaddrs = None

list value

MacroSAN replication devices' ip addresses

macrosan_replication_password = None

string value

MacroSAN replication devices' password

macrosan_replication_username = None

string value

MacroSAN replication devices' username

macrosan_sdas_ipaddrs = None

list value

MacroSAN sdas devices' ip addresses

macrosan_sdas_password = None

string value

MacroSAN sdas devices' password

macrosan_sdas_username = None

string value

MacroSAN sdas devices' username

macrosan_snapshot_resource_ratio = 1.0

floating point value

Set snapshot’s resource ratio

macrosan_thin_lun_extent_size = 8

integer value

Set the thin lun’s extent size

macrosan_thin_lun_high_watermark = 20

integer value

Set the thin lun’s high watermark

macrosan_thin_lun_low_watermark = 5

integer value

Set the thin lun’s low watermark

`management_ips = `

string value

List of Management IP addresses (separated by commas)

max_luns_per_storage_group = 255

integer value

Default max number of LUNs in a storage group. By default, the value is 255.

max_over_subscription_ratio = 20.0

string value

Representation of the over subscription ratio when thin provisioning is enabled. Default ratio is 20.0, meaning provisioned capacity can be 20 times of the total physical capacity. If the ratio is 10.5, it means provisioned capacity can be 10.5 times of the total physical capacity. A ratio of 1.0 means provisioned capacity cannot exceed the total physical capacity. If ratio is auto, Cinder will automatically calculate the ratio based on the provisioned capacity and the used space. If not set to auto, the ratio has to be a minimum of 1.0.

metro_domain_name = None

string value

The remote metro device domain name.

metro_san_address = None

string value

The remote metro device request url.

metro_san_password = None

string value

The remote metro device san password.

metro_san_user = None

string value

The remote metro device san user.

metro_storage_pools = None

string value

The remote metro device pool names.

`nas_host = `

string value

IP address or Hostname of NAS system.

nas_login = admin

string value

User name to connect to NAS system.

nas_mount_options = None

string value

Options used to mount the storage backend file system where Cinder volumes are stored.

`nas_password = `

string value

Password to connect to NAS system.

`nas_private_key = `

string value

Filename of private key to use for SSH authentication.

nas_secure_file_operations = auto

string value

Allow network-attached storage systems to operate in a secure environment where root level access is not permitted. If set to False, access is as the root user and insecure. If set to True, access is not as root. If set to auto, a check is done to determine if this is a new installation: True is used if so, otherwise False. Default is auto.

nas_secure_file_permissions = auto

string value

Set more secure file permissions on network-attached storage volume files to restrict broad other/world access. If set to False, volumes are created with open permissions. If set to True, volumes are created with permissions for the cinder user and group (660). If set to auto, a check is done to determine if this is a new installation: True is used if so, otherwise False. Default is auto.

`nas_share_path = `

string value

Path to the share to use for storing Cinder volumes. For example: "/srv/export1" for an NFS server export available at 10.0.5.10:/srv/export1 .

nas_ssh_port = 22

port value

SSH port to use to connect to NAS system.

nas_volume_prov_type = thin

string value

Provisioning type that will be used when creating volumes.

naviseccli_path = None

string value

Naviseccli Path.

netapp_api_trace_pattern = (.*)

string value

A regular expression to limit the API tracing. This option is honored only if enabling api tracing with the trace_flags option. By default, all APIs will be traced.

netapp_copyoffload_tool_path = None

string value

This option specifies the path of the NetApp copy offload tool binary. Ensure that the binary has execute permissions set which allow the effective user of the cinder-volume process to execute the file.

netapp_host_type = None

string value

This option defines the type of operating system for all initiators that can access a LUN. This information is used when mapping LUNs to individual hosts or groups of hosts.

netapp_login = None

string value

Administrative user account name used to access the storage system or proxy server.

netapp_lun_ostype = None

string value

This option defines the type of operating system that will access a LUN exported from Data ONTAP; it is assigned to the LUN at the time it is created.

netapp_lun_space_reservation = enabled

string value

This option determines if storage space is reserved for LUN allocation. If enabled, LUNs are thick provisioned. If space reservation is disabled, storage space is allocated on demand.

netapp_password = None

string value

Password for the administrative user account specified in the netapp_login option.

netapp_pool_name_search_pattern = (.+)

string value

This option is used to restrict provisioning to the specified pools. Specify the value of this option to be a regular expression which will be applied to the names of objects from the storage backend which represent pools in Cinder. This option is only utilized when the storage protocol is configured to use iSCSI or FC.

netapp_replication_aggregate_map = None

dict value

Multi opt of dictionaries to represent the aggregate mapping between source and destination back ends when using whole back end replication. For every source aggregate associated with a cinder pool (NetApp FlexVol/FlexGroup), you would need to specify the destination aggregate on the replication target device. A replication target device is configured with the configuration option replication_device. Specify this option as many times as you have replication devices. Each entry takes the standard dict config form: netapp_replication_aggregate_map = backend_id:<name_of_replication_device_section>,src_aggr_name1:dest_aggr_name1,src_aggr_name2:dest_aggr_name2,…​

netapp_replication_volume_online_timeout = 360

integer value

Sets time in seconds to wait for a replication volume create to complete and go online.

netapp_server_hostname = None

string value

The hostname (or IP address) for the storage system or proxy server.

netapp_server_port = None

integer value

The TCP port to use for communication with the storage system or proxy server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for HTTPS.

netapp_size_multiplier = 1.2

floating point value

The quantity to be multiplied by the requested volume size to ensure enough space is available on the virtual storage server (Vserver) to fulfill the volume creation request. Note: this option is deprecated and will be removed in favor of "reserved_percentage" in the Mitaka release.

netapp_snapmirror_quiesce_timeout = 3600

integer value

The maximum time in seconds to wait for existing SnapMirror transfers to complete before aborting during a failover.

netapp_storage_family = ontap_cluster

string value

The storage family type used on the storage system; the only valid value is ontap_cluster for using clustered Data ONTAP.

netapp_storage_protocol = None

string value

The storage protocol to be used on the data path with the storage system.

netapp_transport_type = http

string value

The transport protocol used when communicating with the storage system or proxy server.

netapp_vserver = None

string value

This option specifies the virtual storage server (Vserver) name on the storage cluster on which provisioning of block storage volumes should occur.

nexenta_blocksize = 4096

integer value

Block size for datasets

nexenta_chunksize = 32768

integer value

NexentaEdge iSCSI LUN object chunk size

`nexenta_client_address = `

string value

NexentaEdge iSCSI Gateway client address for non-VIP service

nexenta_dataset_compression = on

string value

Compression value for new ZFS folders.

nexenta_dataset_dedup = off

string value

Deduplication value for new ZFS folders.

`nexenta_dataset_description = `

string value

Human-readable description for the folder.

nexenta_encryption = False

boolean value

Defines whether NexentaEdge iSCSI LUN object has encryption enabled.

`nexenta_folder = `

string value

A folder where cinder created datasets will reside.

nexenta_group_snapshot_template = group-snapshot-%s

string value

Template string to generate group snapshot name

`nexenta_host = `

string value

IP address of NexentaStor Appliance

nexenta_host_group_prefix = cinder

string value

Prefix for iSCSI host groups on NexentaStor

nexenta_iops_limit = 0

integer value

NexentaEdge iSCSI LUN object IOPS limit

`nexenta_iscsi_service = `

string value

NexentaEdge iSCSI service name

nexenta_iscsi_target_host_group = all

string value

Group of hosts which are allowed to access volumes

`nexenta_iscsi_target_portal_groups = `

string value

NexentaStor target portal groups

nexenta_iscsi_target_portal_port = 3260

integer value

Nexenta appliance iSCSI target portal port

`nexenta_iscsi_target_portals = `

string value

Comma separated list of portals for NexentaStor5, in format of IP1:port1,IP2:port2. Port is optional, default=3260. Example: 10.10.10.1:3267,10.10.1.2

nexenta_lu_writebackcache_disabled = False

boolean value

Postponed write to backing store or not

`nexenta_lun_container = `

string value

NexentaEdge logical path of bucket for LUNs

nexenta_luns_per_target = 100

integer value

Amount of LUNs per iSCSI target

nexenta_mount_point_base = $state_path/mnt

string value

Base directory that contains NFS share mount points

nexenta_nbd_symlinks_dir = /dev/disk/by-path

string value

NexentaEdge logical path of directory to store symbolic links to NBDs

nexenta_nms_cache_volroot = True

boolean value

If set True cache NexentaStor appliance volroot option value.

nexenta_ns5_blocksize = 32

integer value

Block size for datasets

nexenta_origin_snapshot_template = origin-snapshot-%s

string value

Template string to generate origin name of clone

nexenta_password = nexenta

string value

Password to connect to NexentaStor management REST API server

nexenta_qcow2_volumes = False

boolean value

Create volumes as QCOW2 files rather than raw files

nexenta_replication_count = 3

integer value

NexentaEdge iSCSI LUN object replication count.

`nexenta_rest_address = `

string value

IP address of NexentaStor management REST API endpoint

nexenta_rest_backoff_factor = 0.5

floating point value

Specifies the backoff factor to apply between connection attempts to NexentaStor management REST API server

nexenta_rest_connect_timeout = 30

floating point value

Specifies the time limit (in seconds), within which the connection to NexentaStor management REST API server must be established

nexenta_rest_password = nexenta

string value

Password to connect to NexentaEdge.

nexenta_rest_port = 0

integer value

HTTP(S) port to connect to NexentaStor management REST API server. If it is equal zero, 8443 for HTTPS and 8080 for HTTP is used

nexenta_rest_protocol = auto

string value

Use http or https for NexentaStor management REST API connection (default auto)

nexenta_rest_read_timeout = 300

floating point value

Specifies the time limit (in seconds), within which NexentaStor management REST API server must send a response

nexenta_rest_retry_count = 3

integer value

Specifies the number of times to repeat NexentaStor management REST API call in case of connection errors and NexentaStor appliance EBUSY or ENOENT errors

nexenta_rest_user = admin

string value

User name to connect to NexentaEdge.

nexenta_rrmgr_compression = 0

integer value

Enable stream compression, level 1..9. 1 - gives best speed; 9 - gives best compression.

nexenta_rrmgr_connections = 2

integer value

Number of TCP connections.

nexenta_rrmgr_tcp_buf_size = 4096

integer value

TCP Buffer size in KiloBytes.

nexenta_shares_config = /etc/cinder/nfs_shares

string value

File with the list of available nfs shares

nexenta_sparse = False

boolean value

Enables or disables the creation of sparse datasets

nexenta_sparsed_volumes = True

boolean value

Enables or disables the creation of volumes as sparsed files that take no space. If disabled (False), volume is created as a regular file, which takes a long time.

nexenta_target_group_prefix = cinder

string value

Prefix for iSCSI target groups on NexentaStor

nexenta_target_prefix = iqn.1986-03.com.sun:02:cinder

string value

iqn prefix for NexentaStor iSCSI targets

nexenta_use_https = True

boolean value

Use HTTP secure protocol for NexentaStor management REST API connections

nexenta_user = admin

string value

User name to connect to NexentaStor management REST API server

nexenta_volume = cinder

string value

NexentaStor pool name that holds all volumes

nexenta_volume_group = iscsi

string value

Volume group for NexentaStor5 iSCSI

nfs_mount_attempts = 3

integer value

The number of attempts to mount NFS shares before raising an error. At least one attempt will be made to mount an NFS share, regardless of the value specified.

nfs_mount_options = None

string value

Mount options passed to the NFS client. See the NFS(5) man page for details.

nfs_mount_point_base = $state_path/mnt

string value

Base dir containing mount points for NFS shares.

nfs_qcow2_volumes = False

boolean value

Create volumes as QCOW2 files rather than raw files.

nfs_shares_config = /etc/cinder/nfs_shares

string value

File with the list of available NFS shares.

nfs_snapshot_support = False

boolean value

Enable support for snapshots on the NFS driver. Platforms using libvirt <1.2.7 will encounter issues with this feature.

nfs_sparsed_volumes = True

boolean value

Create volumes as sparsed files which take no space. If set to False volume is created as regular file. In such case volume creation takes a lot of time.

nimble_pool_name = default

string value

Nimble Controller pool name

nimble_subnet_label = *

string value

Nimble Subnet Label

nimble_verify_cert_path = None

string value

Path to Nimble Array SSL certificate

nimble_verify_certificate = False

boolean value

Whether to verify Nimble SSL Certificate

num_iser_scan_tries = 3

integer value

The maximum number of times to rescan iSER target to find volume

num_shell_tries = 3

integer value

Number of times to attempt to run flakey shell commands

num_volume_device_scan_tries = 3

integer value

The maximum number of times to rescan targets to find volume

nvmet_ns_id = 10

integer value

The namespace id associated with the subsystem that will be created with the path for the LVM volume.

nvmet_port_id = 1

port value

The port that the NVMe target is listening on.

port_group_load_metric = PercentBusy

string value

Metric used for port group load calculation.

port_load_metric = PercentBusy

string value

Metric used for port load calculation.

powerflex_allow_migration_during_rebuild = False

boolean value

Allow volume migration during rebuild.

powerflex_allow_non_padded_volumes = False

boolean value

Allow volumes to be created in Storage Pools when zero padding is disabled. This option should not be enabled if multiple tenants will utilize volumes from a shared Storage Pool.

powerflex_max_over_subscription_ratio = 10.0

floating point value

max_over_subscription_ratio setting for the driver. Maximum value allowed is 10.0.

powerflex_rest_server_port = 443

port value

Gateway REST server port.

powerflex_round_volume_capacity = True

boolean value

Round volume sizes up to 8GB boundaries. PowerFlex/VxFlex OS requires volumes to be sized in multiples of 8GB. If set to False, volume creation will fail for volumes not sized properly

powerflex_server_api_version = None

string value

PowerFlex/ScaleIO API version. This value should be left as the default value unless otherwise instructed by technical support.

powerflex_storage_pools = None

string value

Storage Pools. Comma separated list of storage pools used to provide volumes. Each pool should be specified as a protection_domain_name:storage_pool_name value

powerflex_unmap_volume_before_deletion = False

boolean value

Unmap volumes before deletion.

powermax_array = None

string value

Serial number of the array to connect to.

powermax_array_tag_list = None

list value

List of user assigned name for storage array.

powermax_port_group_name_template = portGroupName

string value

User defined override for port group name.

powermax_port_groups = None

list value

List of port groups containing frontend ports configured prior for server connection.

powermax_service_level = None

string value

Service level to use for provisioning storage. Setting this as an extra spec in pool_name is preferable.

powermax_short_host_name_template = shortHostName

string value

User defined override for short host name.

powermax_srp = None

string value

Storage resource pool on array to use for provisioning.

powerstore_appliances = []

list value

Appliances names. Comma separated list of PowerStore appliances names used to provision volumes. Deprecated since: Wallaby

*Reason:*Is not used anymore. PowerStore Load Balancer is used to provision volumes instead.

powerstore_ports = []

list value

Allowed ports. Comma separated list of PowerStore iSCSI IPs or FC WWNs (ex. 58:cc:f0:98:49:22:07:02) to be used. If option is not set all ports are allowed.

proxy = cinder.volume.drivers.ibm.ibm_storage.proxy.IBMStorageProxy

string value

Proxy driver that connects to the IBM Storage Array

pure_api_token = None

string value

REST API authorization token.

pure_automatic_max_oversubscription_ratio = True

boolean value

Automatically determine an oversubscription ratio based on the current total data reduction values. If used this calculated value will override the max_over_subscription_ratio config option.

pure_eradicate_on_delete = False

boolean value

When enabled, all Pure volumes, snapshots, and protection groups will be eradicated at the time of deletion in Cinder. Data will NOT be recoverable after a delete with this set to True! When disabled, volumes and snapshots will go into pending eradication state and can be recovered.

pure_host_personality = None

string value

Determines how the Purity system tunes the protocol used between the array and the initiator.

pure_iscsi_cidr = 0.0.0.0/0

string value

CIDR of FlashArray iSCSI targets hosts are allowed to connect to. Default will allow connection to any IP address.

pure_replica_interval_default = 3600

integer value

Snapshot replication interval in seconds.

pure_replica_retention_long_term_default = 7

integer value

Retain snapshots per day on target for this time (in days.)

pure_replica_retention_long_term_per_day_default = 3

integer value

Retain how many snapshots for each day.

pure_replica_retention_short_term_default = 14400

integer value

Retain all snapshots on target for this time (in seconds.)

pure_replication_pg_name = cinder-group

string value

Pure Protection Group name to use for async replication (will be created if it does not exist).

pure_replication_pod_name = cinder-pod

string value

Pure Pod name to use for sync replication (will be created if it does not exist).

pvme_iscsi_ips = []

list value

List of comma-separated target iSCSI IP addresses.

pvme_pool_name = A

string value

Pool or Vdisk name to use for volume creation.

qnap_management_url = None

uri value

The URL to management QNAP Storage. Driver does not support IPv6 address in URL.

qnap_poolname = None

string value

The pool name in the QNAP Storage

qnap_storage_protocol = iscsi

string value

Communication protocol to access QNAP storage

quobyte_client_cfg = None

string value

Path to a Quobyte Client configuration file.

quobyte_mount_point_base = $state_path/mnt

string value

Base dir containing the mount point for the Quobyte volume.

quobyte_overlay_volumes = False

boolean value

Create new volumes from the volume_from_snapshot_cache by creating overlay files instead of full copies. This speeds up the creation of volumes from this cache. This feature requires the options quobyte_qcow2_volumes and quobyte_volume_from_snapshot_cache to be set to True. If one of these is set to False this option is ignored.

quobyte_qcow2_volumes = True

boolean value

Create volumes as QCOW2 files rather than raw files.

quobyte_sparsed_volumes = True

boolean value

Create volumes as sparse files which take no space. If set to False, volume is created as regular file.

quobyte_volume_from_snapshot_cache = False

boolean value

Create a cache of volumes from merged snapshots to speed up creation of multiple volumes from a single snapshot.

quobyte_volume_url = None

string value

Quobyte URL to the Quobyte volume using e.g. a DNS SRV record (preferred) or a host list (alternatively) like quobyte://<DIR host1>, <DIR host2>/<volume name>

rados_connect_timeout = -1

integer value

Timeout value (in seconds) used when connecting to ceph cluster. If value < 0, no timeout is set and default librados value is used.

rados_connection_interval = 5

integer value

Interval value (in seconds) between connection retries to ceph cluster.

rados_connection_retries = 3

integer value

Number of retries if connection to ceph cluster failed.

`rbd_ceph_conf = `

string value

Path to the ceph configuration file

rbd_cluster_name = ceph

string value

The name of ceph cluster

rbd_exclusive_cinder_pool = True

boolean value

Set to False if the pool is shared with other usages. On exclusive use driver won’t query images' provisioned size as they will match the value calculated by the Cinder core code for allocated_capacity_gb. This reduces the load on the Ceph cluster as well as on the volume service. On non exclusive use driver will query the Ceph cluster for per image used disk, this is an intensive operation having an independent request for each image.

rbd_flatten_volume_from_snapshot = False

boolean value

Flatten volumes created from snapshots to remove dependency from volume to snapshot

rbd_iscsi_api_debug = False

boolean value

Enable client request debugging.

`rbd_iscsi_api_password = `

string value

The username for the rbd_target_api service

`rbd_iscsi_api_url = `

string value

The url to the rbd_target_api service

`rbd_iscsi_api_user = `

string value

The username for the rbd_target_api service

rbd_iscsi_target_iqn = None

string value

The preconfigured target_iqn on the iscsi gateway.

rbd_max_clone_depth = 5

integer value

Maximum number of nested volume clones that are taken before a flatten occurs. Set to 0 to disable cloning. Note: lowering this value will not affect existing volumes whose clone depth exceeds the new value.

rbd_pool = rbd

string value

The RADOS pool where rbd volumes are stored

rbd_secret_uuid = None

string value

The libvirt uuid of the secret for the rbd_user volumes

rbd_store_chunk_size = 4

integer value

Volumes will be chunked into objects of this size (in megabytes).

rbd_user = None

string value

The RADOS client name for accessing rbd volumes - only set when using cephx authentication

remove_empty_host = False

boolean value

To remove the host from Unity when the last LUN is detached from it. By default, it is False.

replication_connect_timeout = 5

integer value

Timeout value (in seconds) used when connecting to ceph cluster to do a demotion/promotion of volumes. If value < 0, no timeout is set and default librados value is used.

replication_device = None

dict value

Multi opt of dictionaries to represent a replication target device. This option may be specified multiple times in a single config section to specify multiple replication target devices. Each entry takes the standard dict config form: replication_device = target_device_id:<required>,key1:value1,key2:value2…​

report_discard_supported = False

boolean value

Report to clients of Cinder that the backend supports discard (aka. trim/unmap). This will not actually change the behavior of the backend or the client directly, it will only notify that it can be used.

report_dynamic_total_capacity = True

boolean value

Set to True for driver to report total capacity as a dynamic value (used + current free) and to False to report a static value (quota max bytes if defined and global size of cluster if not).

reserved_percentage = 0

integer value

The percentage of backend capacity is reserved

retries = 200

integer value

Use this value to specify number of retries.

san_api_port = None

port value

Port to use to access the SAN API

`san_clustername = `

string value

Cluster name to use for creating volumes

`san_ip = `

string value

IP address of SAN controller

san_is_local = False

boolean value

Execute commands locally instead of over SSH; use if the volume service is running on the SAN device

san_login = admin

string value

Username for SAN controller

`san_password = `

string value

Password for SAN controller

`san_private_key = `

string value

Filename of private key to use for SSH authentication

san_ssh_port = 22

port value

SSH port to use with SAN

san_thin_provision = True

boolean value

Use thin provisioning for SAN volumes?

scst_target_driver = iscsi

string value

SCST target implementation can choose from multiple SCST target drivers.

scst_target_iqn_name = None

string value

Certain ISCSI targets have predefined target names, SCST target driver uses this name.

seagate_iscsi_ips = []

list value

List of comma-separated target iSCSI IP addresses.

seagate_pool_name = A

string value

Pool or vdisk name to use for volume creation.

seagate_pool_type = virtual

string value

linear (for vdisk) or virtual (for virtual pool).

`secondary_san_ip = `

string value

IP address of secondary DSM controller

secondary_san_login = Admin

string value

Secondary DSM user name

`secondary_san_password = `

string value

Secondary DSM user password name

secondary_sc_api_port = 3033

port value

Secondary Dell API port

sf_account_prefix = None

string value

Create SolidFire accounts with this prefix. Any string can be used here, but the string "hostname" is special and will create a prefix using the cinder node hostname (previous default behavior). The default is NO prefix.

sf_allow_tenant_qos = False

boolean value

Allow tenants to specify QOS on create

sf_api_port = 443

port value

SolidFire API port. Useful if the device api is behind a proxy on a different port.

sf_api_request_timeout = 30

integer value

Sets time in seconds to wait for an api request to complete.

sf_cluster_pairing_timeout = 60

integer value

Sets time in seconds to wait for clusters to complete pairing.

sf_emulate_512 = True

boolean value

Set 512 byte emulation on volume creation;

sf_enable_vag = False

boolean value

Utilize volume access groups on a per-tenant basis.

sf_provisioning_calc = maxProvisionedSpace

string value

Change how SolidFire reports used space and provisioning calculations. If this parameter is set to usedSpace, the driver will report correct values as expected by Cinder thin provisioning.

sf_svip = None

string value

Overrides default cluster SVIP with the one specified. This is required or deployments that have implemented the use of VLANs for iSCSI networks in their cloud.

sf_volume_clone_timeout = 600

integer value

Sets time in seconds to wait for a clone of a volume or snapshot to complete.

sf_volume_create_timeout = 60

integer value

Sets time in seconds to wait for a create volume operation to complete.

sf_volume_pairing_timeout = 3600

integer value

Sets time in seconds to wait for a migrating volume to complete pairing and sync.

sf_volume_prefix = UUID-

string value

Create SolidFire volumes with this prefix. Volume names are of the form <sf_volume_prefix><cinder-volume-id>. The default is to use a prefix of UUID-.

smbfs_default_volume_format = vhd

string value

Default format that will be used when creating volumes if no volume format is specified.

smbfs_mount_point_base = C:\OpenStack\_mnt

string value

Base dir containing mount points for smbfs shares.

smbfs_pool_mappings = {}

dict value

Mappings between share locations and pool names. If not specified, the share names will be used as pool names. Example: //addr/share:pool_name,//addr/share2:pool_name2

smbfs_shares_config = C:\OpenStack\smbfs_shares.txt

string value

File with the list of available smbfs shares.

spdk_max_queue_depth = 64

integer value

Queue depth for rdma transport.

spdk_rpc_ip = None

string value

The NVMe target remote configuration IP address.

spdk_rpc_password = None

string value

The NVMe target remote configuration password.

spdk_rpc_port = 8000

port value

The NVMe target remote configuration port.

spdk_rpc_protocol = http

string value

Protocol to be used with SPDK RPC proxy

spdk_rpc_username = None

string value

The NVMe target remote configuration username.

ssh_conn_timeout = 30

integer value

SSH connection timeout in seconds

ssh_max_pool_conn = 5

integer value

Maximum ssh connections in the pool

ssh_min_pool_conn = 1

integer value

Minimum ssh connections in the pool

storage_protocol = iscsi

string value

Protocol for transferring data between host and storage back-end.

storage_vnx_authentication_type = global

string value

VNX authentication scope type. By default, the value is global.

storage_vnx_pool_names = None

list value

Comma-separated list of storage pool names to be used.

storage_vnx_security_file_dir = None

string value

Directory path that contains the VNX security file. Make sure the security file is generated first.

storpool_replication = 3

integer value

The default StorPool chain replication value. Used when creating a volume with no specified type if storpool_template is not set. Also used for calculating the apparent free space reported in the stats.

storpool_template = None

string value

The StorPool template for volumes with no type.

storwize_peer_pool = None

string value

Specifies the name of the peer pool for hyperswap volume, the peer pool must exist on the other site.

storwize_preferred_host_site = {}

dict value

Specifies the site information for host. One WWPN or multi WWPNs used in the host can be specified. For example: storwize_preferred_host_site=site1:wwpn1,site2:wwpn2&wwpn3 or storwize_preferred_host_site=site1:iqn1,site2:iqn2

storwize_san_secondary_ip = None

string value

Specifies secondary management IP or hostname to be used if san_ip is invalid or becomes inaccessible.

storwize_svc_allow_tenant_qos = False

boolean value

Allow tenants to specify QOS on create

storwize_svc_flashcopy_rate = 50

integer value

Specifies the Storwize FlashCopy copy rate to be used when creating a full volume copy. The default is rate is 50, and the valid rates are 1-150.

storwize_svc_flashcopy_timeout = 120

integer value

Maximum number of seconds to wait for FlashCopy to be prepared.

storwize_svc_iscsi_chap_enabled = True

boolean value

Configure CHAP authentication for iSCSI connections (Default: Enabled)

storwize_svc_mirror_pool = None

string value

Specifies the name of the pool in which mirrored copy is stored. Example: "pool2"

storwize_svc_multihostmap_enabled = True

boolean value

This option no longer has any affect. It is deprecated and will be removed in the next release.

storwize_svc_multipath_enabled = False

boolean value

Connect with multipath (FC only; iSCSI multipath is controlled by Nova)

storwize_svc_retain_aux_volume = False

boolean value

Enable or disable retaining of aux volume on secondary storage during delete of the volume on primary storage or moving the primary volume from mirror to non-mirror with replication enabled. This option is valid for Spectrum Virtualize Family.

storwize_svc_stretched_cluster_partner = None

string value

If operating in stretched cluster mode, specify the name of the pool in which mirrored copies are stored.Example: "pool2"

storwize_svc_vol_autoexpand = True

boolean value

Storage system autoexpand parameter for volumes (True/False)

storwize_svc_vol_compression = False

boolean value

Storage system compression option for volumes

storwize_svc_vol_easytier = True

boolean value

Enable Easy Tier for volumes

storwize_svc_vol_grainsize = 256

integer value

Storage system grain size parameter for volumes (8/32/64/128/256)

storwize_svc_vol_iogrp = 0

string value

The I/O group in which to allocate volumes. It can be a comma-separated list in which case the driver will select an io_group based on least number of volumes associated with the io_group.

storwize_svc_vol_nofmtdisk = False

boolean value

Specifies that the volume not be formatted during creation.

storwize_svc_vol_rsize = 2

integer value

Storage system space-efficiency parameter for volumes (percentage)

storwize_svc_vol_warning = 0

integer value

Storage system threshold for volume capacity warnings (percentage)

storwize_svc_volpool_name = ['volpool']

list value

Comma separated list of storage system storage pools for volumes.

suppress_requests_ssl_warnings = False

boolean value

Suppress requests library SSL certificate warnings.

synology_admin_port = 5000

port value

Management port for Synology storage.

synology_device_id = None

string value

Device id for skip one time password check for logging in Synology storage if OTP is enabled.

synology_one_time_pass = None

string value

One time password of administrator for logging in Synology storage if OTP is enabled.

`synology_password = `

string value

Password of administrator for logging in Synology storage.

`synology_pool_name = `

string value

Volume on Synology storage to be used for creating lun.

synology_ssl_verify = True

boolean value

Do certificate validation or not if $driver_use_ssl is True

synology_username = admin

string value

Administrator of Synology storage.

target_helper = tgtadm

string value

Target user-land tool to use. tgtadm is default, use lioadm for LIO iSCSI support, scstadmin for SCST target support, ietadm for iSCSI Enterprise Target, iscsictl for Chelsio iSCSI Target, nvmet for NVMEoF support, spdk-nvmeof for SPDK NVMe-oF, or fake for testing. Note: The IET driver is deprecated and will be removed in the V release.

target_ip_address = $my_ip

string value

The IP address that the iSCSI daemon is listening on

target_port = 3260

port value

The port that the iSCSI daemon is listening on

target_prefix = iqn.2010-10.org.openstack:

string value

Prefix for iSCSI volumes

target_protocol = iscsi

string value

Determines the target protocol for new volumes, created with tgtadm, lioadm and nvmet target helpers. In order to enable RDMA, this parameter should be set with the value "iser". The supported iSCSI protocol values are "iscsi" and "iser", in case of nvmet target set to "nvmet_rdma".

thres_avl_size_perc_start = 20

integer value

If the percentage of available space for an NFS share has dropped below the value specified by this option, the NFS image cache will be cleaned.

thres_avl_size_perc_stop = 60

integer value

When the percentage of available space on an NFS share has reached the percentage specified by this option, the driver will stop clearing files from the NFS image cache that have not been accessed in the last M minutes, where M is the value of the expiry_thres_minutes configuration option.

trace_flags = None

list value

List of options that control which trace info is written to the DEBUG log level to assist developers. Valid values are method and api.

u4p_failover_autofailback = True

boolean value

If the driver should automatically failback to the primary instance of Unisphere when a successful connection is re-established.

u4p_failover_backoff_factor = 1

integer value

A backoff factor to apply between attempts after the second try (most errors are resolved immediately by a second try without a delay). Retries will sleep for: {backoff factor} * (2 ^ ({number of total retries} - 1)) seconds.

u4p_failover_retries = 3

integer value

The maximum number of retries each connection should attempt. Note, this applies only to failed DNS lookups, socket connections and connection timeouts, never to requests where data has made it to the server.

u4p_failover_target = None

dict value

Dictionary of Unisphere failover target info.

u4p_failover_timeout = 20.0

integer value

How long to wait for the server to send data before giving up.

unique_fqdn_network = True

boolean value

Whether or not our private network has unique FQDN on each initiator or not. For example networks with QA systems usually have multiple servers/VMs with the same FQDN. When true this will create host entries on 3PAR using the FQDN, when false it will use the reversed IQN/WWNN.

unity_io_ports = []

list value

A comma-separated list of iSCSI or FC ports to be used. Each port can be Unix-style glob expressions.

unity_storage_pool_names = []

list value

A comma-separated list of storage pool names to be used.

use_chap_auth = False

boolean value

Option to enable/disable CHAP authentication for targets.

use_multipath_for_image_xfer = False

boolean value

Do we attach/detach volumes in cinder using multipath for volume to image and image to volume transfers? This parameter needs to be configured for each backend section or in [backend_defaults] section as a common configuration for all backends.

vmax_workload = None

string value

Workload, setting this as an extra spec in pool_name is preferable.

vmware_adapter_type = lsiLogic

string value

Default adapter type to be used for attaching volumes.

vmware_api_retry_count = 10

integer value

Number of times VMware vCenter server API must be retried upon connection related issues.

vmware_ca_file = None

string value

CA bundle file to use in verifying the vCenter server certificate.

vmware_cluster_name = None

multi valued

Name of a vCenter compute cluster where volumes should be created.

vmware_connection_pool_size = 10

integer value

Maximum number of connections in http connection pool.

vmware_datastore_regex = None

string value

Regular expression pattern to match the name of datastores where backend volumes are created.

vmware_enable_volume_stats = False

boolean value

If true, this enables the fetching of the volume stats from the backend. This has potential performance issues at scale. When False, the driver will not collect ANY stats about the backend.

vmware_host_ip = None

string value

IP address for connecting to VMware vCenter server.

vmware_host_password = None

string value

Password for authenticating with VMware vCenter server.

vmware_host_port = 443

port value

Port number for connecting to VMware vCenter server.

vmware_host_username = None

string value

Username for authenticating with VMware vCenter server.

vmware_host_version = None

string value

Optional string specifying the VMware vCenter server version. The driver attempts to retrieve the version from VMware vCenter server. Set this configuration only if you want to override the vCenter server version.

vmware_image_transfer_timeout_secs = 7200

integer value

Timeout in seconds for VMDK volume transfer between Cinder and Glance.

vmware_insecure = False

boolean value

If true, the vCenter server certificate is not verified. If false, then the default CA truststore is used for verification. This option is ignored if "vmware_ca_file" is set.

vmware_lazy_create = True

boolean value

If true, the backend volume in vCenter server is created lazily when the volume is created without any source. The backend volume is created when the volume is attached, uploaded to image service or during backup.

vmware_max_objects_retrieval = 100

integer value

Max number of objects to be retrieved per batch. Query results will be obtained in batches from the server and not in one shot. Server may still limit the count to something less than the configured value.

vmware_snapshot_format = template

string value

Volume snapshot format in vCenter server.

vmware_storage_profile = None

multi valued

Names of storage profiles to be monitored. Only used when vmware_enable_volume_stats is True.

vmware_task_poll_interval = 2.0

floating point value

The interval (in seconds) for polling remote tasks invoked on VMware vCenter server.

vmware_tmp_dir = /tmp

string value

Directory where virtual disks are stored during volume backup and restore.

vmware_volume_folder = Volumes

string value

Name of the vCenter inventory folder that will contain Cinder volumes. This folder will be created under "OpenStack/<project_folder>", where project_folder is of format "Project (<volume_project_id>)".

vmware_wsdl_location = None

string value

Optional VIM service WSDL Location e.g http://<server>/vimService.wsdl. Optional over-ride to default location for bug work-arounds.

vnx_async_migrate = True

boolean value

Always use asynchronous migration during volume cloning and creating from snapshot. As described in configuration doc, async migration has some constraints. Besides using metadata, customers could use this option to disable async migration. Be aware that async_migrate in metadata overrides this option when both are set. By default, the value is True.

volume_backend_name = None

string value

The backend name for a given driver implementation

volume_clear = zero

string value

Method used to wipe old volumes

volume_clear_ionice = None

string value

The flag to pass to ionice to alter the i/o priority of the process used to zero a volume after deletion, for example "-c3" for idle only priority.

volume_clear_size = 0

integer value

Size in MiB to wipe at start of old volumes. 1024 MiB at max. 0 ⇒ all

volume_copy_blkio_cgroup_name = cinder-volume-copy

string value

The blkio cgroup name to be used to limit bandwidth of volume copy

volume_copy_bps_limit = 0

integer value

The upper limit of bandwidth of volume copy. 0 ⇒ unlimited

volume_dd_blocksize = 1M

string value

The default block size used when copying/clearing volumes

volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver

string value

Driver to use for volume creation

volume_group = cinder-volumes

string value

Name for the VG that will contain exported volumes

volumes_dir = $state_path/volumes

string value

Volume configuration file storage directory

vxflexos_allow_migration_during_rebuild = False

boolean value

renamed to powerflex_allow_migration_during_rebuild.

vxflexos_allow_non_padded_volumes = False

boolean value

renamed to powerflex_allow_non_padded_volumes.

vxflexos_max_over_subscription_ratio = 10.0

floating point value

renamed to powerflex_max_over_subscription_ratio.

vxflexos_rest_server_port = 443

port value

renamed to powerflex_rest_server_port.

vxflexos_round_volume_capacity = True

boolean value

renamed to powerflex_round_volume_capacity.

vxflexos_server_api_version = None

string value

renamed to powerflex_server_api_version.

vxflexos_storage_pools = None

string value

renamed to powerflex_storage_pools.

vxflexos_unmap_volume_before_deletion = False

boolean value

renamed to powerflex_round_volume_capacity.

vzstorage_default_volume_format = raw

string value

Default format that will be used when creating volumes if no volume format is specified.

vzstorage_mount_options = None

list value

Mount options passed to the vzstorage client. See section of the pstorage-mount man page for details.

vzstorage_mount_point_base = $state_path/mnt

string value

Base dir containing mount points for vzstorage shares.

vzstorage_shares_config = /etc/cinder/vzstorage_shares

string value

File with the list of available vzstorage shares.

vzstorage_sparsed_volumes = True

boolean value

Create volumes as sparsed files which take no space rather than regular files when using raw format, in which case volume creation takes lot of time.

vzstorage_used_ratio = 0.95

floating point value

Percent of ACTUAL usage of the underlying volume before no new volumes can be allocated to the volume destination.

windows_iscsi_lun_path = C:\iSCSIVirtualDisks

string value

Path to store VHD backed volumes

xtremio_array_busy_retry_count = 5

integer value

Number of retries in case array is busy

xtremio_array_busy_retry_interval = 5

integer value

Interval between retries in case array is busy

xtremio_clean_unused_ig = False

boolean value

Should the driver remove initiator groups with no volumes after the last connection was terminated. Since the behavior till now was to leave the IG be, we default to False (not deleting IGs without connected volumes); setting this parameter to True will remove any IG after terminating its connection to the last volume.

`xtremio_cluster_name = `

string value

XMS cluster id in multi-cluster environment

xtremio_ports = []

list value

Allowed ports. Comma separated list of XtremIO iSCSI IPs or FC WWNs (ex. 58:cc:f0:98:49:22:07:02) to be used. If option is not set all ports are allowed.

xtremio_volumes_per_glance_cache = 100

integer value

Number of volumes created from each cached glance image

zadara_access_key = None

string value

VPSA access key

zadara_default_snap_policy = False

boolean value

VPSA - Attach snapshot policy for volumes. If the option is neither configured nor provided as metadata, the VPSA will inherit the default value.

zadara_gen3_vol_compress = False

boolean value

VPSA - Enable compression for volumes. If the option is neither configured nor provided as metadata, the VPSA will inherit the default value.

zadara_gen3_vol_dedupe = False

boolean value

VPSA - Enable deduplication for volumes. If the option is neither configured nor provided as metadata, the VPSA will inherit the default value.

zadara_ssl_cert_verify = True

boolean value

If set to True the http client will validate the SSL certificate of the VPSA endpoint.

zadara_vol_encrypt = False

boolean value

VPSA - Default encryption policy for volumes. If the option is neither configured nor provided as metadata, the VPSA will inherit the default value.

zadara_vpsa_host = None

host address value

VPSA - Management Host name or IP address

zadara_vpsa_poolname = None

string value

VPSA - Storage Pool assigned for volumes

zadara_vpsa_port = None

port value

VPSA - Port number

zadara_vpsa_use_ssl = False

boolean value

VPSA - Use SSL connection

2.1.4. barbican

The following table outlines the options available under the [barbican] group in the /etc/cinder/cinder.conf file.

Table 2.3. barbican

Configuration option = Default valueTypeDescription

auth_endpoint = http://localhost/identity/v3

string value

Use this endpoint to connect to Keystone

barbican_api_version = None

string value

Version of the Barbican API, for example: "v1"

barbican_endpoint = None

string value

Use this endpoint to connect to Barbican, for example: "http://localhost:9311/"

barbican_endpoint_type = public

string value

Specifies the type of endpoint. Allowed values are: public, private, and admin

number_of_retries = 60

integer value

Number of times to retry poll for key creation completion

retry_delay = 1

integer value

Number of seconds to wait before retrying poll for key creation completion

verify_ssl = True

boolean value

Specifies if insecure TLS (https) requests. If False, the server’s certificate will not be validated, if True, we can set the verify_ssl_path config meanwhile.

verify_ssl_path = None

string value

A path to a bundle or CA certs to check against, or None for requests to attempt to locate and use certificates which verify_ssh is True. If verify_ssl is False, this is ignored.

2.1.5. brcd_fabric_example

The following table outlines the options available under the [brcd_fabric_example] group in the /etc/cinder/cinder.conf file.

Table 2.4. brcd_fabric_example

Configuration option = Default valueTypeDescription

`fc_fabric_address = `

string value

Management IP of fabric.

`fc_fabric_password = `

string value

Password for user.

fc_fabric_port = 22

port value

Connecting port

`fc_fabric_ssh_cert_path = `

string value

Local SSH certificate Path.

`fc_fabric_user = `

string value

Fabric user ID.

fc_southbound_protocol = REST_HTTP

string value

South bound connector for the fabric.

fc_virtual_fabric_id = None

string value

Virtual Fabric ID.

zone_activate = True

boolean value

Overridden zoning activation state.

zone_name_prefix = openstack

string value

Overridden zone name prefix.

zoning_policy = initiator-target

string value

Overridden zoning policy.

2.1.6. cisco_fabric_example

The following table outlines the options available under the [cisco_fabric_example] group in the /etc/cinder/cinder.conf file.

Table 2.5. cisco_fabric_example

Configuration option = Default valueTypeDescription

`cisco_fc_fabric_address = `

string value

Management IP of fabric

`cisco_fc_fabric_password = `

string value

Password for user

cisco_fc_fabric_port = 22

port value

Connecting port

`cisco_fc_fabric_user = `

string value

Fabric user ID

cisco_zone_activate = True

boolean value

overridden zoning activation state

cisco_zone_name_prefix = None

string value

overridden zone name prefix

cisco_zoning_policy = initiator-target

string value

overridden zoning policy

cisco_zoning_vsan = None

string value

VSAN of the Fabric

2.1.7. coordination

The following table outlines the options available under the [coordination] group in the /etc/cinder/cinder.conf file.

Table 2.6. coordination

Configuration option = Default valueTypeDescription

backend_url = file://$state_path

string value

The backend URL to use for distributed coordination.

2.1.8. cors

The following table outlines the options available under the [cors] group in the /etc/cinder/cinder.conf file.

Table 2.7. cors

Configuration option = Default valueTypeDescription

allow_credentials = True

boolean value

Indicate that the actual request can include user credentials

allow_headers = ['X-Auth-Token', 'X-Identity-Status', 'X-Roles', 'X-Service-Catalog', 'X-User-Id', 'X-Tenant-Id', 'X-OpenStack-Request-ID', 'X-Trace-Info', 'X-Trace-HMAC', 'OpenStack-API-Version']

list value

Indicate which header field names may be used during the actual request.

allow_methods = ['GET', 'PUT', 'POST', 'DELETE', 'PATCH', 'HEAD']

list value

Indicate which methods can be used during the actual request.

allowed_origin = None

list value

Indicate whether this resource may be shared with the domain received in the requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing slash. Example: https://horizon.example.com

expose_headers = ['X-Auth-Token', 'X-Subject-Token', 'X-Service-Token', 'X-OpenStack-Request-ID', 'OpenStack-API-Version']

list value

Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.

max_age = 3600

integer value

Maximum cache age of CORS preflight requests.

2.1.9. database

The following table outlines the options available under the [database] group in the /etc/cinder/cinder.conf file.

Table 2.8. database

Configuration option = Default valueTypeDescription

backend = sqlalchemy

string value

The back end to use for the database.

connection = None

string value

The SQLAlchemy connection string to use to connect to the database.

connection_debug = 0

integer value

Verbosity of SQL debugging information: 0=None, 100=Everything.

`connection_parameters = `

string value

Optional URL parameters to append onto the connection URL at connect time; specify as param1=value1&param2=value2&…​

connection_recycle_time = 3600

integer value

Connections which have been present in the connection pool longer than this number of seconds will be replaced with a new one the next time they are checked out from the pool.

connection_trace = False

boolean value

Add Python stack traces to SQL as comment strings.

db_inc_retry_interval = True

boolean value

If True, increases the interval between retries of a database operation up to db_max_retry_interval.

db_max_retries = 20

integer value

Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.

db_max_retry_interval = 10

integer value

If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.

db_retry_interval = 1

integer value

Seconds between retries of a database transaction.

max_overflow = 50

integer value

If set, use this value for max_overflow with SQLAlchemy.

max_pool_size = 5

integer value

Maximum number of SQL connections to keep open in a pool. Setting a value of 0 indicates no limit.

max_retries = 10

integer value

Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.

mysql_enable_ndb = False

boolean value

If True, transparently enables support for handling MySQL Cluster (NDB).

mysql_sql_mode = TRADITIONAL

string value

The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=

pool_timeout = None

integer value

If set, use this value for pool_timeout with SQLAlchemy.

retry_interval = 10

integer value

Interval between retries of opening a SQL connection.

slave_connection = None

string value

The SQLAlchemy connection string to use to connect to the slave database.

sqlite_synchronous = True

boolean value

If True, SQLite uses synchronous mode.

use_db_reconnect = False

boolean value

Enable the experimental use of database reconnect on connection lost.

2.1.10. fc-zone-manager

The following table outlines the options available under the [fc-zone-manager] group in the /etc/cinder/cinder.conf file.

Table 2.9. fc-zone-manager

Configuration option = Default valueTypeDescription

brcd_sb_connector = HTTP

string value

South bound connector for zoning operation

cisco_sb_connector = cinder.zonemanager.drivers.cisco.cisco_fc_zone_client_cli.CiscoFCZoneClientCLI

string value

Southbound connector for zoning operation

enable_unsupported_driver = False

boolean value

Set this to True when you want to allow an unsupported zone manager driver to start. Drivers that haven’t maintained a working CI system and testing are marked as unsupported until CI is working again. This also marks a driver as deprecated and may be removed in the next release.

fc_fabric_names = None

string value

Comma separated list of Fibre Channel fabric names. This list of names is used to retrieve other SAN credentials for connecting to each SAN fabric

fc_san_lookup_service = cinder.zonemanager.drivers.brocade.brcd_fc_san_lookup_service.BrcdFCSanLookupService

string value

FC SAN Lookup Service

zone_driver = cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver.BrcdFCZoneDriver

string value

FC Zone Driver responsible for zone management

zoning_policy = initiator-target

string value

Zoning policy configured by user; valid values include "initiator-target" or "initiator"

2.1.11. healthcheck

The following table outlines the options available under the [healthcheck] group in the /etc/cinder/cinder.conf file.

Table 2.10. healthcheck

Configuration option = Default valueTypeDescription

backends = []

list value

Additional backends that can perform health checks and report that information back as part of a request.

detailed = False

boolean value

Show more detailed information as part of the response. Security note: Enabling this option may expose sensitive details about the service being monitored. Be sure to verify that it will not violate your security policies.

disable_by_file_path = None

string value

Check the presence of a file to determine if an application is running on a port. Used by DisableByFileHealthcheck plugin.

disable_by_file_paths = []

list value

Check the presence of a file based on a port to determine if an application is running on a port. Expects a "port:path" list of strings. Used by DisableByFilesPortsHealthcheck plugin.

path = /healthcheck

string value

The path to respond to healtcheck requests on.

2.1.12. key_manager

The following table outlines the options available under the [key_manager] group in the /etc/cinder/cinder.conf file.

Table 2.11. key_manager

Configuration option = Default valueTypeDescription

auth_type = None

string value

The type of authentication credential to create. Possible values are token, password, keystone_token, and keystone_password. Required if no context is passed to the credential factory.

auth_url = None

string value

Use this endpoint to connect to Keystone.

backend = barbican

string value

Specify the key manager implementation. Options are "barbican" and "vault". Default is "barbican". Will support the values earlier set using [key_manager]/api_class for some time.

domain_id = None

string value

Domain ID for domain scoping. Optional for keystone_token and keystone_password auth_type.

domain_name = None

string value

Domain name for domain scoping. Optional for keystone_token and keystone_password auth_type.

fixed_key = None

string value

Fixed key returned by key manager, specified in hex

password = None

string value

Password for authentication. Required for password and keystone_password auth_type.

project_domain_id = None

string value

Project’s domain ID for project. Optional for keystone_token and keystone_password auth_type.

project_domain_name = None

string value

Project’s domain name for project. Optional for keystone_token and keystone_password auth_type.

project_id = None

string value

Project ID for project scoping. Optional for keystone_token and keystone_password auth_type.

project_name = None

string value

Project name for project scoping. Optional for keystone_token and keystone_password auth_type.

reauthenticate = True

boolean value

Allow fetching a new token if the current one is going to expire. Optional for keystone_token and keystone_password auth_type.

token = None

string value

Token for authentication. Required for token and keystone_token auth_type if no context is passed to the credential factory.

trust_id = None

string value

Trust ID for trust scoping. Optional for keystone_token and keystone_password auth_type.

user_domain_id = None

string value

User’s domain ID for authentication. Optional for keystone_token and keystone_password auth_type.

user_domain_name = None

string value

User’s domain name for authentication. Optional for keystone_token and keystone_password auth_type.

user_id = None

string value

User ID for authentication. Optional for keystone_token and keystone_password auth_type.

username = None

string value

Username for authentication. Required for password auth_type. Optional for the keystone_password auth_type.

2.1.13. keystone_authtoken

The following table outlines the options available under the [keystone_authtoken] group in the /etc/cinder/cinder.conf file.

Table 2.12. keystone_authtoken

Configuration option = Default valueTypeDescription

auth_section = None

string value

Config Section from which to load plugin specific options

auth_type = None

string value

Authentication type to load

auth_uri = None

string value

Complete "public" Identity API endpoint. This endpoint should not be an "admin" endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint. This option is deprecated in favor of www_authenticate_uri and will be removed in the S release. Deprecated since: Queens

*Reason:*The auth_uri option is deprecated in favor of www_authenticate_uri and will be removed in the S release.

auth_version = None

string value

API version of the Identity API endpoint.

cache = None

string value

Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option to have the middleware share a caching backend with swift. Otherwise, use the memcached_servers option instead.

cafile = None

string value

A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.

certfile = None

string value

Required if identity server requires client certificate

delay_auth_decision = False

boolean value

Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.

enforce_token_bind = permissive

string value

Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.

http_connect_timeout = None

integer value

Request timeout value for communicating with Identity API server.

http_request_max_retries = 3

integer value

How many times are we trying to reconnect when communicating with Identity API Server.

include_service_catalog = True

boolean value

(Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.

insecure = False

boolean value

Verify HTTPS connections.

interface = internal

string value

Interface to use for the Identity API endpoint. Valid values are "public", "internal" (default) or "admin".

keyfile = None

string value

Required if identity server requires client certificate

memcache_pool_conn_get_timeout = 10

integer value

(Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.

memcache_pool_dead_retry = 300

integer value

(Optional) Number of seconds memcached server is considered dead before it is tried again.

memcache_pool_maxsize = 10

integer value

(Optional) Maximum total number of open connections to every memcached server.

memcache_pool_socket_timeout = 3

integer value

(Optional) Socket timeout in seconds for communicating with a memcached server.

memcache_pool_unused_timeout = 60

integer value

(Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.

memcache_secret_key = None

string value

(Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.

memcache_security_strategy = None

string value

(Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.

memcache_use_advanced_pool = False

boolean value

(Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.

memcached_servers = None

list value

Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.

region_name = None

string value

The region in which the identity server can be found.

service_token_roles = ['service']

list value

A choice of roles that must be present in a service token. Service tokens are allowed to request that an expired token can be used and so this check should tightly control that only actual services should be sending this token. Roles here are applied as an ANY check so any role in this list must be present. For backwards compatibility reasons this currently only affects the allow_expired check.

service_token_roles_required = False

boolean value

For backwards compatibility reasons we must let valid service tokens pass that don’t pass the service_token_roles check as valid. Setting this true will become the default in a future release and should be enabled if possible.

service_type = None

string value

The name or type of the service as it appears in the service catalog. This is used to validate tokens that have restricted access rules.

token_cache_time = 300

integer value

In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.

www_authenticate_uri = None

string value

Complete "public" Identity API endpoint. This endpoint should not be an "admin" endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint.

2.1.14. nova

The following table outlines the options available under the [nova] group in the /etc/cinder/cinder.conf file.

Table 2.13. nova

Configuration option = Default valueTypeDescription

auth_section = None

string value

Config Section from which to load plugin specific options

auth_type = None

string value

Authentication type to load

cafile = None

string value

PEM encoded Certificate Authority to use when verifying HTTPs connections.

certfile = None

string value

PEM encoded client certificate cert file

collect-timing = False

boolean value

Collect per-API call timing information.

insecure = False

boolean value

Verify HTTPS connections.

interface = public

string value

Type of the nova endpoint to use. This endpoint will be looked up in the keystone catalog and should be one of public, internal or admin.

keyfile = None

string value

PEM encoded client certificate key file

region_name = None

string value

Name of nova region to use. Useful if keystone manages more than one region.

split-loggers = False

boolean value

Log requests to multiple loggers.

timeout = None

integer value

Timeout value for http requests

token_auth_url = None

string value

The authentication URL for the nova connection when using the current users token

2.1.15. oslo_concurrency

The following table outlines the options available under the [oslo_concurrency] group in the /etc/cinder/cinder.conf file.

Table 2.14. oslo_concurrency

Configuration option = Default valueTypeDescription

disable_process_locking = False

boolean value

Enables or disables inter-process locks.

lock_path = None

string value

Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set.

2.1.16. oslo_messaging_amqp

The following table outlines the options available under the [oslo_messaging_amqp] group in the /etc/cinder/cinder.conf file.

Table 2.15. oslo_messaging_amqp

Configuration option = Default valueTypeDescription

addressing_mode = dynamic

string value

Indicates the addressing mode used by the driver. Permitted values: legacy - use legacy non-routable addressing routable - use routable addresses dynamic - use legacy addresses if the message bus does not support routing otherwise use routable addressing

anycast_address = anycast

string value

Appended to the address prefix when sending to a group of consumers. Used by the message bus to identify messages that should be delivered in a round-robin fashion across consumers.

broadcast_prefix = broadcast

string value

address prefix used when broadcasting to all servers

connection_retry_backoff = 2

integer value

Increase the connection_retry_interval by this many seconds after each unsuccessful failover attempt.

connection_retry_interval = 1

integer value

Seconds to pause before attempting to re-connect.

connection_retry_interval_max = 30

integer value

Maximum limit for connection_retry_interval + connection_retry_backoff

container_name = None

string value

Name for the AMQP container. must be globally unique. Defaults to a generated UUID

default_notification_exchange = None

string value

Exchange name used in notification addresses. Exchange name resolution precedence: Target.exchange if set else default_notification_exchange if set else control_exchange if set else notify

default_notify_timeout = 30

integer value

The deadline for a sent notification message delivery. Only used when caller does not provide a timeout expiry.

default_reply_retry = 0

integer value

The maximum number of attempts to re-send a reply message which failed due to a recoverable error.

default_reply_timeout = 30

integer value

The deadline for an rpc reply message delivery.

default_rpc_exchange = None

string value

Exchange name used in RPC addresses. Exchange name resolution precedence: Target.exchange if set else default_rpc_exchange if set else control_exchange if set else rpc

default_send_timeout = 30

integer value

The deadline for an rpc cast or call message delivery. Only used when caller does not provide a timeout expiry.

default_sender_link_timeout = 600

integer value

The duration to schedule a purge of idle sender links. Detach link after expiry.

group_request_prefix = unicast

string value

address prefix when sending to any server in group

idle_timeout = 0

integer value

Timeout for inactive connections (in seconds)

link_retry_delay = 10

integer value

Time to pause between re-connecting an AMQP 1.0 link that failed due to a recoverable error.

multicast_address = multicast

string value

Appended to the address prefix when sending a fanout message. Used by the message bus to identify fanout messages.

notify_address_prefix = openstack.org/om/notify

string value

Address prefix for all generated Notification addresses

notify_server_credit = 100

integer value

Window size for incoming Notification messages

pre_settled = ['rpc-cast', 'rpc-reply']

multi valued

Send messages of this type pre-settled. Pre-settled messages will not receive acknowledgement from the peer. Note well: pre-settled messages may be silently discarded if the delivery fails. Permitted values: rpc-call - send RPC Calls pre-settled rpc-reply- send RPC Replies pre-settled rpc-cast - Send RPC Casts pre-settled notify - Send Notifications pre-settled

pseudo_vhost = True

boolean value

Enable virtual host support for those message buses that do not natively support virtual hosting (such as qpidd). When set to true the virtual host name will be added to all message bus addresses, effectively creating a private subnet per virtual host. Set to False if the message bus supports virtual hosting using the hostname field in the AMQP 1.0 Open performative as the name of the virtual host.

reply_link_credit = 200

integer value

Window size for incoming RPC Reply messages.

rpc_address_prefix = openstack.org/om/rpc

string value

Address prefix for all generated RPC addresses

rpc_server_credit = 100

integer value

Window size for incoming RPC Request messages

`sasl_config_dir = `

string value

Path to directory that contains the SASL configuration

`sasl_config_name = `

string value

Name of configuration file (without .conf suffix)

`sasl_default_realm = `

string value

SASL realm to use if no realm present in username

`sasl_mechanisms = `

string value

Space separated list of acceptable SASL mechanisms

server_request_prefix = exclusive

string value

address prefix used when sending to a specific server

ssl = False

boolean value

Attempt to connect via SSL. If no other ssl-related parameters are given, it will use the system’s CA-bundle to verify the server’s certificate.

`ssl_ca_file = `

string value

CA certificate PEM file used to verify the server’s certificate

`ssl_cert_file = `

string value

Self-identifying certificate PEM file for client authentication

`ssl_key_file = `

string value

Private key PEM file used to sign ssl_cert_file certificate (optional)

ssl_key_password = None

string value

Password for decrypting ssl_key_file (if encrypted)

ssl_verify_vhost = False

boolean value

By default SSL checks that the name in the server’s certificate matches the hostname in the transport_url. In some configurations it may be preferable to use the virtual hostname instead, for example if the server uses the Server Name Indication TLS extension (rfc6066) to provide a certificate per virtual host. Set ssl_verify_vhost to True if the server’s SSL certificate uses the virtual host name instead of the DNS name.

trace = False

boolean value

Debug: dump AMQP frames to stdout

unicast_address = unicast

string value

Appended to the address prefix when sending to a particular RPC/Notification server. Used by the message bus to identify messages sent to a single destination.

2.1.17. oslo_messaging_kafka

The following table outlines the options available under the [oslo_messaging_kafka] group in the /etc/cinder/cinder.conf file.

Table 2.16. oslo_messaging_kafka

Configuration option = Default valueTypeDescription

compression_codec = none

string value

The compression codec for all data generated by the producer. If not set, compression will not be used. Note that the allowed values of this depend on the kafka version

conn_pool_min_size = 2

integer value

The pool size limit for connections expiration policy

conn_pool_ttl = 1200

integer value

The time-to-live in sec of idle connections in the pool

consumer_group = oslo_messaging_consumer

string value

Group id for Kafka consumer. Consumers in one group will coordinate message consumption

enable_auto_commit = False

boolean value

Enable asynchronous consumer commits

kafka_consumer_timeout = 1.0

floating point value

Default timeout(s) for Kafka consumers

kafka_max_fetch_bytes = 1048576

integer value

Max fetch bytes of Kafka consumer

max_poll_records = 500

integer value

The maximum number of records returned in a poll call

pool_size = 10

integer value

Pool Size for Kafka Consumers

producer_batch_size = 16384

integer value

Size of batch for the producer async send

producer_batch_timeout = 0.0

floating point value

Upper bound on the delay for KafkaProducer batching in seconds

sasl_mechanism = PLAIN

string value

Mechanism when security protocol is SASL

security_protocol = PLAINTEXT

string value

Protocol used to communicate with brokers

`ssl_cafile = `

string value

CA certificate PEM file used to verify the server certificate

`ssl_client_cert_file = `

string value

Client certificate PEM file used for authentication.

`ssl_client_key_file = `

string value

Client key PEM file used for authentication.

`ssl_client_key_password = `

string value

Client key password file used for authentication.

2.1.18. oslo_messaging_notifications

The following table outlines the options available under the [oslo_messaging_notifications] group in the /etc/cinder/cinder.conf file.

Table 2.17. oslo_messaging_notifications

Configuration option = Default valueTypeDescription

driver = []

multi valued

The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop

retry = -1

integer value

The maximum number of attempts to re-send a notification message which failed to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite

topics = ['notifications']

list value

AMQP topic used for OpenStack notifications.

transport_url = None

string value

A URL representing the messaging driver to use for notifications. If not set, we fall back to the same configuration used for RPC.

2.1.19. oslo_messaging_rabbit

The following table outlines the options available under the [oslo_messaging_rabbit] group in the /etc/cinder/cinder.conf file.

Table 2.18. oslo_messaging_rabbit

Configuration option = Default valueTypeDescription

amqp_auto_delete = False

boolean value

Auto-delete queues in AMQP.

amqp_durable_queues = False

boolean value

Use durable queues in AMQP.

direct_mandatory_flag = True

boolean value

(DEPRECATED) Enable/Disable the RabbitMQ mandatory flag for direct send. The direct send is used as reply, so the MessageUndeliverable exception is raised in case the client queue does not exist.MessageUndeliverable exception will be used to loop for a timeout to lets a chance to sender to recover.This flag is deprecated and it will not be possible to deactivate this functionality anymore

enable_cancel_on_failover = False

boolean value

Enable x-cancel-on-ha-failover flag so that rabbitmq server will cancel and notify consumerswhen queue is down

heartbeat_in_pthread = True

boolean value

Run the health check heartbeat thread through a native python thread by default. If this option is equal to False then the health check heartbeat will inherit the execution model from the parent process. For example if the parent process has monkey patched the stdlib by using eventlet/greenlet then the heartbeat will be run through a green thread.

heartbeat_rate = 2

integer value

How often times during the heartbeat_timeout_threshold we check the heartbeat.

heartbeat_timeout_threshold = 60

integer value

Number of seconds after which the Rabbit broker is considered down if heartbeat’s keep-alive fails (0 disables heartbeat).

kombu_compression = None

string value

EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not be used. This option may not be available in future versions.

kombu_failover_strategy = round-robin

string value

Determines how the next RabbitMQ node is chosen in case the one we are currently connected to becomes unavailable. Takes effect only if more than one RabbitMQ node is provided in config.

kombu_missing_consumer_retry_timeout = 60

integer value

How long to wait a missing client before abandoning to send it its replies. This value should not be longer than rpc_response_timeout.

kombu_reconnect_delay = 1.0

floating point value

How long to wait before reconnecting in response to an AMQP consumer cancel notification.

rabbit_ha_queues = False

boolean value

Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring is no longer controlled by the x-ha-policy argument when declaring a queue. If you just want to make sure that all queues (except those with auto-generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA ^(?!amq\.).* {"ha-mode": "all"} "

rabbit_interval_max = 30

integer value

Maximum interval of RabbitMQ connection retries. Default is 30 seconds.

rabbit_login_method = AMQPLAIN

string value

The RabbitMQ login method.

rabbit_qos_prefetch_count = 0

integer value

Specifies the number of messages to prefetch. Setting to zero allows unlimited messages.

rabbit_retry_backoff = 2

integer value

How long to backoff for between retries when connecting to RabbitMQ.

rabbit_retry_interval = 1

integer value

How frequently to retry connecting with RabbitMQ.

rabbit_transient_queues_ttl = 1800

integer value

Positive integer representing duration in seconds for queue TTL (x-expires). Queues which are unused for the duration of the TTL are automatically deleted. The parameter affects only reply and fanout queues.

ssl = False

boolean value

Connect over SSL.

`ssl_ca_file = `

string value

SSL certification authority file (valid only if SSL enabled).

`ssl_cert_file = `

string value

SSL cert file (valid only if SSL enabled).

`ssl_key_file = `

string value

SSL key file (valid only if SSL enabled).

`ssl_version = `

string value

SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.

2.1.20. oslo_middleware

The following table outlines the options available under the [oslo_middleware] group in the /etc/cinder/cinder.conf file.

Table 2.19. oslo_middleware

Configuration option = Default valueTypeDescription

enable_proxy_headers_parsing = False

boolean value

Whether the application is behind a proxy or not. This determines if the middleware should parse the headers or not.

max_request_body_size = 114688

integer value

The maximum body size for each request, in bytes.

secure_proxy_ssl_header = X-Forwarded-Proto

string value

The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by a SSL termination proxy.

2.1.21. oslo_policy

The following table outlines the options available under the [oslo_policy] group in the /etc/cinder/cinder.conf file.

Table 2.20. oslo_policy

Configuration option = Default valueTypeDescription

enforce_new_defaults = False

boolean value

This option controls whether or not to use old deprecated defaults when evaluating policies. If True, the old deprecated defaults are not going to be evaluated. This means if any existing token is allowed for old defaults but is disallowed for new defaults, it will be disallowed. It is encouraged to enable this flag along with the enforce_scope flag so that you can get the benefits of new defaults and scope_type together

enforce_scope = False

boolean value

This option controls whether or not to enforce scope when evaluating policies. If True, the scope of the token used in the request is compared to the scope_types of the policy being enforced. If the scopes do not match, an InvalidScope exception will be raised. If False, a message will be logged informing operators that policies are being invoked with mismatching scope.

policy_default_rule = default

string value

Default rule. Enforced when a requested rule is not found.

policy_dirs = ['policy.d']

multi valued

Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.

policy_file = policy.yaml

string value

The relative or absolute path of a file that maps roles to permissions for a given service. Relative paths must be specified in relation to the configuration file setting this option.

remote_content_type = application/x-www-form-urlencoded

string value

Content Type to send and receive data for REST based policy check

remote_ssl_ca_crt_file = None

string value

Absolute path to ca cert file for REST based policy check

remote_ssl_client_crt_file = None

string value

Absolute path to client cert for REST based policy check

remote_ssl_client_key_file = None

string value

Absolute path client key file REST based policy check

remote_ssl_verify_server_crt = False

boolean value

server identity verification for REST based policy check

2.1.22. oslo_reports

The following table outlines the options available under the [oslo_reports] group in the /etc/cinder/cinder.conf file.

Table 2.21. oslo_reports

Configuration option = Default valueTypeDescription

file_event_handler = None

string value

The path to a file to watch for changes to trigger the reports, instead of signals. Setting this option disables the signal trigger for the reports. If application is running as a WSGI application it is recommended to use this instead of signals.

file_event_handler_interval = 1

integer value

How many seconds to wait between polls when file_event_handler is set

log_dir = None

string value

Path to a log directory where to create a file

2.1.23. oslo_versionedobjects

The following table outlines the options available under the [oslo_versionedobjects] group in the /etc/cinder/cinder.conf file.

Table 2.22. oslo_versionedobjects

Configuration option = Default valueTypeDescription

fatal_exception_format_errors = False

boolean value

Make exception message format errors fatal

2.1.24. privsep

The following table outlines the options available under the [privsep] group in the /etc/cinder/cinder.conf file.

Table 2.23. privsep

Configuration option = Default valueTypeDescription

capabilities = []

list value

List of Linux capabilities retained by the privsep daemon.

group = None

string value

Group that the privsep daemon should run as.

helper_command = None

string value

Command to invoke to start the privsep daemon if not using the "fork" method. If not specified, a default is generated using "sudo privsep-helper" and arguments designed to recreate the current configuration. This command must accept suitable --privsep_context and --privsep_sock_path arguments.

thread_pool_size = <based on operating system>

integer value

The number of threads available for privsep to concurrently run processes. Defaults to the number of CPU cores in the system.

user = None

string value

User that the privsep daemon should run as.

2.1.25. profiler

The following table outlines the options available under the [profiler] group in the /etc/cinder/cinder.conf file.

Table 2.24. profiler

Configuration option = Default valueTypeDescription

connection_string = messaging://

string value

Connection string for a notifier backend.

Default value is messaging:// which sets the notifier to oslo_messaging.

Examples of possible values:

  • messaging:// - use oslo_messaging driver for sending spans.
  • redis://127.0.0.1:6379 - use redis driver for sending spans.
  • mongodb://127.0.0.1:27017 - use mongodb driver for sending spans.
  • elasticsearch://127.0.0.1:9200 - use elasticsearch driver for sending spans.
  • jaeger://127.0.0.1:6831 - use jaeger tracing as driver for sending spans.

enabled = False

boolean value

Enable the profiling for all services on this node.

Default value is False (fully disable the profiling feature).

Possible values:

  • True: Enables the feature
  • False: Disables the feature. The profiling cannot be started via this project operations. If the profiling is triggered by another project, this project part will be empty.

es_doc_type = notification

string value

Document type for notification indexing in elasticsearch.

es_scroll_size = 10000

integer value

Elasticsearch splits large requests in batches. This parameter defines maximum size of each batch (for example: es_scroll_size=10000).

es_scroll_time = 2m

string value

This parameter is a time value parameter (for example: es_scroll_time=2m), indicating for how long the nodes that participate in the search will maintain relevant resources in order to continue and support it.

filter_error_trace = False

boolean value

Enable filter traces that contain error/exception to a separated place.

Default value is set to False.

Possible values:

  • True: Enable filter traces that contain error/exception.
  • False: Disable the filter.

hmac_keys = SECRET_KEY

string value

Secret key(s) to use for encrypting context data for performance profiling.

This string value should have the following format: <key1>[,<key2>,…​<keyn>], where each key is some random string. A user who triggers the profiling via the REST API has to set one of these keys in the headers of the REST API call to include profiling results of this node for this particular project.

Both "enabled" flag and "hmac_keys" config options should be set to enable profiling. Also, to generate correct profiling information across all services at least one key needs to be consistent between OpenStack projects. This ensures it can be used from client side to generate the trace, containing information from all possible resources.

sentinel_service_name = mymaster

string value

Redissentinel uses a service name to identify a master redis service. This parameter defines the name (for example: sentinal_service_name=mymaster).

socket_timeout = 0.1

floating point value

Redissentinel provides a timeout option on the connections. This parameter defines that timeout (for example: socket_timeout=0.1).

trace_sqlalchemy = False

boolean value

Enable SQL requests profiling in services.

Default value is False (SQL requests won’t be traced).

Possible values:

  • True: Enables SQL requests profiling. Each SQL query will be part of the trace and can the be analyzed by how much time was spent for that.
  • False: Disables SQL requests profiling. The spent time is only shown on a higher level of operations. Single SQL queries cannot be analyzed this way.

2.1.26. sample_castellan_source

The following table outlines the options available under the [sample_castellan_source] group in the /etc/cinder/cinder.conf file.

Table 2.25. sample_castellan_source

Configuration option = Default valueTypeDescription

config_file = None

string value

The path to a castellan configuration file.

driver = None

string value

The name of the driver that can load this configuration source.

mapping_file = None

string value

The path to a configuration/castellan_id mapping file.

2.1.27. sample_remote_file_source

The following table outlines the options available under the [sample_remote_file_source] group in the /etc/cinder/cinder.conf file.

Table 2.26. sample_remote_file_source

Configuration option = Default valueTypeDescription

ca_path = None

string value

The path to a CA_BUNDLE file or directory with certificates of trusted CAs.

client_cert = None

string value

Client side certificate, as a single file path containing either the certificate only or the private key and the certificate.

client_key = None

string value

Client side private key, in case client_cert is specified but does not includes the private key.

driver = None

string value

The name of the driver that can load this configuration source.

uri = None

uri value

Required option with the URI of the extra configuration file’s location.

2.1.28. service_user

The following table outlines the options available under the [service_user] group in the /etc/cinder/cinder.conf file.

Table 2.27. service_user

Configuration option = Default valueTypeDescription

auth-url = None

string value

Authentication URL

cafile = None

string value

PEM encoded Certificate Authority to use when verifying HTTPs connections.

certfile = None

string value

PEM encoded client certificate cert file

collect-timing = False

boolean value

Collect per-API call timing information.

domain-id = None

string value

Domain ID to scope to

domain-name = None

string value

Domain name to scope to

insecure = False

boolean value

Verify HTTPS connections.

keyfile = None

string value

PEM encoded client certificate key file

password = None

string value

User’s password

project-domain-id = None

string value

Domain ID containing project

project-domain-name = None

string value

Domain name containing project

project-id = None

string value

Project ID to scope to

project-name = None

string value

Project name to scope to

send_service_user_token = False

boolean value

When True, if sending a user token to an REST API, also send a service token.

split-loggers = False

boolean value

Log requests to multiple loggers.

system-scope = None

string value

Scope for system operations

timeout = None

integer value

Timeout value for http requests

trust-id = None

string value

Trust ID

user-domain-id = None

string value

User’s domain id

user-domain-name = None

string value

User’s domain name

user-id = None

string value

User ID

username = None

string value

Username

2.1.29. ssl

The following table outlines the options available under the [ssl] group in the /etc/cinder/cinder.conf file.

Table 2.28. ssl

Configuration option = Default valueTypeDescription

ca_file = None

string value

CA certificate file to use to verify connecting clients.

cert_file = None

string value

Certificate file to use when starting the server securely.

ciphers = None

string value

Sets the list of available ciphers. value should be a string in the OpenSSL cipher list format.

key_file = None

string value

Private key file to use when starting the server securely.

version = None

string value

SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.

2.1.30. vault

The following table outlines the options available under the [vault] group in the /etc/cinder/cinder.conf file.

Table 2.29. vault

Configuration option = Default valueTypeDescription

approle_role_id = None

string value

AppRole role_id for authentication with vault

approle_secret_id = None

string value

AppRole secret_id for authentication with vault

kv_mountpoint = secret

string value

Mountpoint of KV store in Vault to use, for example: secret

kv_version = 2

integer value

Version of KV store in Vault to use, for example: 2

root_token_id = None

string value

root token for vault

ssl_ca_crt_file = None

string value

Absolute path to ca cert file

use_ssl = False

boolean value

SSL Enabled/Disabled

vault_url = http://127.0.0.1:8200

string value

Use this endpoint to connect to Vault, for example: "http://127.0.0.1:8200"

Chapter 3. glance

The following chapter contains information about the configuration options in the glance service.

3.1. glance-api.conf

This section contains options for the /etc/glance/glance-api.conf file.

3.1.1. DEFAULT

The following table outlines the options available under the [DEFAULT] group in the /etc/glance/glance-api.conf file.

.

Configuration option = Default valueTypeDescription

allow_additional_image_properties = True

boolean value

Allow users to add additional/custom properties to images.

Glance defines a standard set of properties (in its schema) that appear on every image. These properties are also known as base properties. In addition to these properties, Glance allows users to add custom properties to images. These are known as additional properties.

By default, this configuration option is set to True and users are allowed to add additional properties. The number of additional properties that can be added to an image can be controlled via image_property_quota configuration option.

Possible values:

  • True
  • False

Related options:

  • image_property_quota

Deprecated since: Ussuri

Reason: This option is redundant. Control custom image property usage via the image_property_quota configuration option. This option is scheduled to be removed during the Victoria development cycle.

allow_anonymous_access = False

boolean value

Allow limited access to unauthenticated users.

Assign a boolean to determine API access for unathenticated users. When set to False, the API cannot be accessed by unauthenticated users. When set to True, unauthenticated users can access the API with read-only privileges. This however only applies when using ContextMiddleware.

Possible values:

  • True
  • False

Related options:

  • None

api_limit_max = 1000

integer value

Maximum number of results that could be returned by a request.

As described in the help text of limit_param_default, some requests may return multiple results. The number of results to be returned are governed either by the limit parameter in the request or the limit_param_default configuration option. The value in either case, can’t be greater than the absolute maximum defined by this configuration option. Anything greater than this value is trimmed down to the maximum value defined here.

Note

Setting this to a very large value may slow down database queries and increase response times. Setting this to a very low value may result in poor user experience.

Possible values:

  • Any positive integer

Related options:

  • limit_param_default

backlog = 4096

integer value

Set the number of incoming connection requests.

Provide a positive integer value to limit the number of requests in the backlog queue. The default queue size is 4096.

An incoming connection to a TCP listener socket is queued before a connection can be established with the server. Setting the backlog for a TCP socket ensures a limited queue size for incoming traffic.

Possible values:

  • Positive integer

Related options:

  • None

bind_host = 0.0.0.0

host address value

IP address to bind the glance servers to.

Provide an IP address to bind the glance server to. The default value is 0.0.0.0.

Edit this option to enable the server to listen on one particular IP address on the network card. This facilitates selection of a particular network interface for the server.

Possible values:

  • A valid IPv4 address
  • A valid IPv6 address

Related options:

  • None

bind_port = None

port value

Port number on which the server will listen.

Provide a valid port number to bind the server’s socket to. This port is then set to identify processes and forward network messages that arrive at the server. The default bind_port value for the API server is 9292 and for the registry server is 9191.

Possible values:

  • A valid port number (0 to 65535)

Related options:

  • None

client_socket_timeout = 900

integer value

Timeout for client connections' socket operations.

Provide a valid integer value representing time in seconds to set the period of wait before an incoming connection can be closed. The default value is 900 seconds.

The value zero implies wait forever.

Possible values:

  • Zero
  • Positive integer

Related options:

  • None

conn_pool_min_size = 2

integer value

The pool size limit for connections expiration policy

conn_pool_ttl = 1200

integer value

The time-to-live in sec of idle connections in the pool

control_exchange = openstack

string value

The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.

debug = False

boolean value

If set to true, the logging level will be set to DEBUG instead of the default INFO level.

default_log_levels = ['amqp=WARN', 'amqplib=WARN', 'boto=WARN', 'qpid=WARN', 'sqlalchemy=WARN', 'suds=INFO', 'oslo.messaging=INFO', 'oslo_messaging=INFO', 'iso8601=WARN', 'requests.packages.urllib3.connectionpool=WARN', 'urllib3.connectionpool=WARN', 'websocket=WARN', 'requests.packages.urllib3.util.retry=WARN', 'urllib3.util.retry=WARN', 'keystonemiddleware=WARN', 'routes.middleware=WARN', 'stevedore=WARN', 'taskflow=WARN', 'keystoneauth=WARN', 'oslo.cache=INFO', 'oslo_policy=INFO', 'dogpile.core.dogpile=INFO']

list value

List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.

default_publisher_id = image.localhost

string value

Default publisher_id for outgoing Glance notifications.

This is the value that the notification driver will use to identify messages for events originating from the Glance service. Typically, this is the hostname of the instance that generated the message.

Possible values:

  • Any reasonable instance identifier, for example: image.host1

Related options:

  • None

delayed_delete = False

boolean value

Turn on/off delayed delete.

Typically when an image is deleted, the glance-api service puts the image into deleted state and deletes its data at the same time. Delayed delete is a feature in Glance that delays the actual deletion of image data until a later point in time (as determined by the configuration option scrub_time). When delayed delete is turned on, the glance-api service puts the image into pending_delete state upon deletion and leaves the image data in the storage backend for the image scrubber to delete at a later time. The image scrubber will move the image into deleted state upon successful deletion of image data.

Note

When delayed delete is turned on, image scrubber MUST be running as a periodic task to prevent the backend storage from filling up with undesired usage.

Possible values:

  • True
  • False

Related options:

  • scrub_time
  • wakeup_time
  • scrub_pool_size

digest_algorithm = sha256

string value

Digest algorithm to use for digital signature.

Provide a string value representing the digest algorithm to use for generating digital signatures. By default, sha256 is used.

To get a list of the available algorithms supported by the version of OpenSSL on your platform, run the command: openssl list-message-digest-algorithms. Examples are sha1, sha256, and sha512.

Note

digest_algorithm is not related to Glance’s image signing and verification. It is only used to sign the universally unique identifier (UUID) as a part of the certificate file and key file validation.

Possible values:

  • An OpenSSL message digest algorithm identifier

Relation options:

  • None

disabled_notifications = []

list value

List of notifications to be disabled.

Specify a list of notifications that should not be emitted. A notification can be given either as a notification type to disable a single event notification, or as a notification group prefix to disable all event notifications within a group.

Possible values: A comma-separated list of individual notification types or notification groups to be disabled. Currently supported groups:

  • image
  • image.member
  • task
  • metadef_namespace
  • metadef_object
  • metadef_property
  • metadef_resource_type
  • metadef_tag

    For a complete listing and description of each event refer to:
    http://docs.openstack.org/developer/glance/notifications.html
    The values must be specified as: <group_name>.<event_name>
    For example: image.create,task.success,metadef_tag

Related options:

  • None

enabled_backends = None

dict value

Key:Value pair of store identifier and store type. In case of multiple backends should be separated using comma.

enabled_import_methods = ['glance-direct', 'web-download', 'copy-image']

list value

List of enabled Image Import Methods

'glance-direct', 'copy-image' and 'web-download' are enabled by default.
    Related options:
** [DEFAULT]/node_staging_uri

enforce_secure_rbac = False

boolean value

Enforce API access based on common persona definitions used across OpenStack. Enabling this option formalizes project-specific read/write operations, like creating private images or updating the status of shared image, behind the member role. It also formalizes a read-only variant useful for project-specific API operations, like listing private images in a project, behind the reader role.

Operators should take an opportunity to understand glance’s new image policies, audit assignments in their deployment, and update permissions using the default roles in keystone (e.g., admin, member, and reader).

Related options:

  • [oslo_policy]/enforce_new_defaults

Deprecated since: Wallaby

Reason: This option has been introduced to require operators to opt into enforcing authorization based on common RBAC personas, which is EXPERIMENTAL as of the Wallaby release. This behavior will be the default and STABLE in a future release, allowing this option to be removed.

executor_thread_pool_size = 64

integer value

Size of executor thread pool when executor is threading or eventlet.

fatal_deprecations = False

boolean value

Enables or disables fatal status of deprecations.

hashing_algorithm = sha512

string value

Secure hashing algorithm used for computing the os_hash_value property.

This option configures the Glance "multihash", which consists of two image properties: the os_hash_algo and the os_hash_value. The os_hash_algo will be populated by the value of this configuration option, and the os_hash_value will be populated by the hexdigest computed when the algorithm is applied to the uploaded or imported image data.

The value must be a valid secure hash algorithm name recognized by the python hashlib library. You can determine what these are by examining the hashlib.algorithms_available data member of the version of the library being used in your Glance installation. For interoperability purposes, however, we recommend that you use the set of secure hash names supplied by the hashlib.algorithms_guaranteed data member because those algorithms are guaranteed to be supported by the hashlib library on all platforms. Thus, any image consumer using hashlib locally should be able to verify the os_hash_value of the image.

The default value of sha512 is a performant secure hash algorithm.

If this option is misconfigured, any attempts to store image data will fail. For that reason, we recommend using the default value.

Possible values:

  • Any secure hash algorithm name recognized by the Python hashlib library

Related options:

  • None

http_keepalive = True

boolean value

Set keep alive option for HTTP over TCP.

Provide a boolean value to determine sending of keep alive packets. If set to False, the server returns the header "Connection: close". If set to True, the server returns a "Connection: Keep-Alive" in its responses. This enables retention of the same TCP connection for HTTP conversations instead of opening a new one with each new request.

This option must be set to False if the client socket connection needs to be closed explicitly after the response is received and read successfully by the client.

Possible values:

  • True
  • False

Related options:

  • None

image_cache_dir = None

string value

Base directory for image cache.

This is the location where image data is cached and served out of. All cached images are stored directly under this directory. This directory also contains three subdirectories, namely, incomplete, invalid and queue.

The incomplete subdirectory is the staging area for downloading images. An image is first downloaded to this directory. When the image download is successful it is moved to the base directory. However, if the download fails, the partially downloaded image file is moved to the invalid subdirectory.

The queue`subdirectory is used for queuing images for download. This is used primarily by the cache-prefetcher, which can be scheduled as a periodic task like cache-pruner and cache-cleaner, to cache images ahead of their usage. Upon receiving the request to cache an image, Glance touches a file in the `queue directory with the image id as the file name. The cache-prefetcher, when running, polls for the files in queue directory and starts downloading them in the order they were created. When the download is successful, the zero-sized file is deleted from the queue directory. If the download fails, the zero-sized file remains and it’ll be retried the next time cache-prefetcher runs.

Possible values:

  • A valid path

Related options:

  • image_cache_sqlite_db

image_cache_driver = sqlite

string value

The driver to use for image cache management.

This configuration option provides the flexibility to choose between the different image-cache drivers available. An image-cache driver is responsible for providing the essential functions of image-cache like write images to/read images from cache, track age and usage of cached images, provide a list of cached images, fetch size of the cache, queue images for caching and clean up the cache, etc.

The essential functions of a driver are defined in the base class glance.image_cache.drivers.base.Driver. All image-cache drivers (existing and prospective) must implement this interface. Currently available drivers are sqlite and xattr. These drivers primarily differ in the way they store the information about cached images:

  • The sqlite driver uses a sqlite database (which sits on every glance node locally) to track the usage of cached images.
  • The xattr driver uses the extended attributes of files to store this information. It also requires a filesystem that sets atime on the files when accessed.

Possible values:

  • sqlite
  • xattr

Related options:

  • None

image_cache_max_size = 10737418240

integer value

The upper limit on cache size, in bytes, after which the cache-pruner cleans up the image cache.

Note

This is just a threshold for cache-pruner to act upon. It is NOT a hard limit beyond which the image cache would never grow. In fact, depending on how often the cache-pruner runs and how quickly the cache fills, the image cache can far exceed the size specified here very easily. Hence, care must be taken to appropriately schedule the cache-pruner and in setting this limit.

Glance caches an image when it is downloaded. Consequently, the size of the image cache grows over time as the number of downloads increases. To keep the cache size from becoming unmanageable, it is recommended to run the cache-pruner as a periodic task. When the cache pruner is kicked off, it compares the current size of image cache and triggers a cleanup if the image cache grew beyond the size specified here. After the cleanup, the size of cache is less than or equal to size specified here.

Possible values:

  • Any non-negative integer

Related options:

  • None

image_cache_sqlite_db = cache.db

string value

The relative path to sqlite file database that will be used for image cache management.

This is a relative path to the sqlite file database that tracks the age and usage statistics of image cache. The path is relative to image cache base directory, specified by the configuration option image_cache_dir.

This is a lightweight database with just one table.

Possible values:

  • A valid relative path to sqlite file database

Related options:

  • image_cache_dir

image_cache_stall_time = 86400

integer value

The amount of time, in seconds, an incomplete image remains in the cache.

Incomplete images are images for which download is in progress. Please see the description of configuration option image_cache_dir for more detail. Sometimes, due to various reasons, it is possible the download may hang and the incompletely downloaded image remains in the incomplete directory. This configuration option sets a time limit on how long the incomplete images should remain in the incomplete directory before they are cleaned up. Once an incomplete image spends more time than is specified here, it’ll be removed by cache-cleaner on its next run.

It is recommended to run cache-cleaner as a periodic task on the Glance API nodes to keep the incomplete images from occupying disk space.

Possible values:

  • Any non-negative integer

Related options:

  • None

image_location_quota = 10

integer value

Maximum number of locations allowed on an image.

Any negative value is interpreted as unlimited.

Related options:

  • None

image_member_quota = 128

integer value

Maximum number of image members per image.

This limits the maximum of users an image can be shared with. Any negative value is interpreted as unlimited.

Related options:

  • None

image_property_quota = 128

integer value

Maximum number of properties allowed on an image.

This enforces an upper limit on the number of additional properties an image can have. Any negative value is interpreted as unlimited.

Note

This won’t have any impact if additional properties are disabled. Please refer to allow_additional_image_properties.

Related options:

  • allow_additional_image_properties

image_size_cap = 1099511627776

integer value

Maximum size of image a user can upload in bytes.

An image upload greater than the size mentioned here would result in an image creation failure. This configuration option defaults to 1099511627776 bytes (1 TiB).

NOTES:

  • This value should only be increased after careful consideration and must be set less than or equal to 8 EiB (9223372036854775808).
  • This value must be set with careful consideration of the backend storage capacity. Setting this to a very low value may result in a large number of image failures. And, setting this to a very large value may result in faster consumption of storage. Hence, this must be set according to the nature of images created and storage capacity available.

Possible values:

  • Any positive number less than or equal to 9223372036854775808

image_tag_quota = 128

integer value

Maximum number of tags allowed on an image.

Any negative value is interpreted as unlimited.

Related options:

  • None

`instance_format = [instance: %(uuid)s] `

string value

The format for an instance that is passed with the log message.

`instance_uuid_format = [instance: %(uuid)s] `

string value

The format for an instance UUID that is passed with the log message.

limit_param_default = 25

integer value

The default number of results to return for a request.

Responses to certain API requests, like list images, may return multiple items. The number of results returned can be explicitly controlled by specifying the limit parameter in the API request. However, if a limit parameter is not specified, this configuration value will be used as the default number of results to be returned for any API request.

NOTES:

  • The value of this configuration option may not be greater than the value specified by api_limit_max.
  • Setting this to a very large value may slow down database queries and increase response times. Setting this to a very low value may result in poor user experience.

Possible values:

  • Any positive integer

Related options:

  • api_limit_max

location_strategy = location_order

string value

Strategy to determine the preference order of image locations.

This configuration option indicates the strategy to determine the order in which an image’s locations must be accessed to serve the image’s data. Glance then retrieves the image data from the first responsive active location it finds in this list.

This option takes one of two possible values location_order and store_type. The default value is location_order, which suggests that image data be served by using locations in the order they are stored in Glance. The store_type value sets the image location preference based on the order in which the storage backends are listed as a comma separated list for the configuration option store_type_preference.

Possible values:

  • location_order
  • store_type

Related options:

  • store_type_preference

log-config-append = None

string value

The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log-date-format).

log-date-format = %Y-%m-%d %H:%M:%S

string value

Defines the format string for %%(asctime)s in log records. Default: %(default)s . This option is ignored if log_config_append is set.

log-dir = None

string value

(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.

log-file = None

string value

(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.

log_rotate_interval = 1

integer value

The amount of time before the log files are rotated. This option is ignored unless log_rotation_type is setto "interval".

log_rotate_interval_type = days

string value

Rotation interval type. The time of the last file change (or the time when the service was started) is used when scheduling the next rotation.

log_rotation_type = none

string value

Log rotation type.

logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s

string value

Format string to use for log messages with context. Used by oslo_log.formatters.ContextFormatter

logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d

string value

Additional data to append to log message when logging level for the message is DEBUG. Used by oslo_log.formatters.ContextFormatter

logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

string value

Format string to use for log messages when context is undefined. Used by oslo_log.formatters.ContextFormatter

logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

string value

Prefix each line of exception output with this format. Used by oslo_log.formatters.ContextFormatter

logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s

string value

Defines the format string for %(user_identity)s that is used in logging_context_format_string. Used by oslo_log.formatters.ContextFormatter

max_header_line = 16384

integer value

Maximum line size of message headers.

Provide an integer value representing a length to limit the size of message headers. The default value is 16384.

Note

max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs). However, it is to be kept in mind that larger values for max_header_line would flood the logs.

Setting max_header_line to 0 sets no limit for the line size of message headers.

Possible values:

  • 0
  • Positive integer

Related options:

  • None

max_logfile_count = 30

integer value

Maximum number of rotated log files.

max_logfile_size_mb = 200

integer value

Log file maximum size in MB. This option is ignored if "log_rotation_type" is not set to "size".

max_request_id_length = 64

integer value

Limit the request ID length.

Provide an integer value to limit the length of the request ID to the specified length. The default value is 64. Users can change this to any ineteger value between 0 and 16384 however keeping in mind that a larger value may flood the logs.

Possible values:

  • Integer value between 0 and 16384

Related options:

  • None

metadata_encryption_key = None

string value

AES key for encrypting store location metadata.

Provide a string value representing the AES cipher to use for encrypting Glance store metadata.

Note

The AES key to use must be set to a random string of length 16, 24 or 32 bytes.

Possible values:

  • String value representing a valid AES key

Related options:

  • None

node_staging_uri = file:///tmp/staging/

string value

The URL provides location where the temporary data will be stored

This option is for Glance internal use only. Glance will save the image data uploaded by the user to staging endpoint during the image import process.

This option does not change the staging API endpoint by any means.

Note

It is discouraged to use same path as [task]/work_dir

Note

file://<absolute-directory-path> is the only option api_image_import flow will support for now.

Note

The staging path must be on shared filesystem available to all Glance API nodes.

Possible values:

  • String starting with file:// followed by absolute FS path

Related options:

  • [task]/work_dir

property_protection_file = None

string value

The location of the property protection file.

Provide a valid path to the property protection file which contains the rules for property protections and the roles/policies associated with them.

A property protection file, when set, restricts the Glance image properties to be created, read, updated and/or deleted by a specific set of users that are identified by either roles or policies. If this configuration option is not set, by default, property protections won’t be enforced. If a value is specified and the file is not found, the glance-api service will fail to start. More information on property protections can be found at: https://docs.openstack.org/glance/latest/admin/property-protections.html

Possible values:

  • Empty string
  • Valid path to the property protection configuration file

Related options:

  • property_protection_rule_format

property_protection_rule_format = roles

string value

Rule format for property protection.

Provide the desired way to set property protection on Glance image properties. The two permissible values are roles and policies. The default value is roles.

If the value is roles, the property protection file must contain a comma separated list of user roles indicating permissions for each of the CRUD operations on each property being protected. If set to policies, a policy defined in policy.yaml is used to express property protections for each of the CRUD operations. Examples of how property protections are enforced based on roles or policies can be found at: https://docs.openstack.org/glance/latest/admin/property-protections.html#examples

Possible values:

  • roles
  • policies

Related options:

  • property_protection_file

public_endpoint = None

string value

Public url endpoint to use for Glance versions response.

This is the public url endpoint that will appear in the Glance "versions" response. If no value is specified, the endpoint that is displayed in the version’s response is that of the host running the API service. Change the endpoint to represent the proxy URL if the API service is running behind a proxy. If the service is running behind a load balancer, add the load balancer’s URL for this value.

Possible values:

  • None
  • Proxy URL
  • Load balancer URL

Related options:

  • None

publish_errors = False

boolean value

Enables or disables publication of error events.

pydev_worker_debug_host = None

host address value

Host address of the pydev server.

Provide a string value representing the hostname or IP of the pydev server to use for debugging. The pydev server listens for debug connections on this address, facilitating remote debugging in Glance.

Possible values:

  • Valid hostname
  • Valid IP address

Related options:

  • None

pydev_worker_debug_port = 5678

port value

Port number that the pydev server will listen on.

Provide a port number to bind the pydev server to. The pydev process accepts debug connections on this port and facilitates remote debugging in Glance.

Possible values:

  • A valid port number

Related options:

  • None

rate_limit_burst = 0

integer value

Maximum number of logged messages per rate_limit_interval.

rate_limit_except_level = CRITICAL

string value

Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered.

rate_limit_interval = 0

integer value

Interval, number of seconds, of log rate limiting.

rpc_conn_pool_size = 30

integer value

Size of RPC connection pool.

rpc_ping_enabled = False

boolean value

Add an endpoint to answer to ping calls. Endpoint is named oslo_rpc_server_ping

rpc_response_timeout = 60

integer value

Seconds to wait for a response from a call.

scrub_pool_size = 1

integer value

The size of thread pool to be used for scrubbing images.

When there are a large number of images to scrub, it is beneficial to scrub images in parallel so that the scrub queue stays in control and the backend storage is reclaimed in a timely fashion. This configuration option denotes the maximum number of images to be scrubbed in parallel. The default value is one, which signifies serial scrubbing. Any value above one indicates parallel scrubbing.

Possible values:

  • Any non-zero positive integer

Related options:

  • delayed_delete

scrub_time = 0

integer value

The amount of time, in seconds, to delay image scrubbing.

When delayed delete is turned on, an image is put into pending_delete state upon deletion until the scrubber deletes its image data. Typically, soon after the image is put into pending_delete state, it is available for scrubbing. However, scrubbing can be delayed until a later point using this configuration option. This option denotes the time period an image spends in pending_delete state before it is available for scrubbing.

It is important to realize that this has storage implications. The larger the scrub_time, the longer the time to reclaim backend storage from deleted images.

Possible values:

  • Any non-negative integer

Related options:

  • delayed_delete

secure_proxy_ssl_header = None

string value

The HTTP header used to determine the scheme for the original request, even if it was removed by an SSL terminating proxy. Typical value is "HTTP_X_FORWARDED_PROTO".

show_image_direct_url = False

boolean value

Show direct image location when returning an image.

This configuration option indicates whether to show the direct image location when returning image details to the user. The direct image location is where the image data is stored in backend storage. This image location is shown under the image property direct_url.

When multiple image locations exist for an image, the best location is displayed based on the location strategy indicated by the configuration option location_strategy.

NOTES:

  • Revealing image locations can present a GRAVE SECURITY RISK as image locations can sometimes include credentials. Hence, this is set to False by default. Set this to True with EXTREME CAUTION and ONLY IF you know what you are doing!
  • If an operator wishes to avoid showing any image location(s) to the user, then both this option and show_multiple_locations MUST be set to False.

Possible values:

  • True
  • False

Related options:

  • show_multiple_locations
  • location_strategy

show_multiple_locations = False

boolean value

Show all image locations when returning an image.

This configuration option indicates whether to show all the image locations when returning image details to the user. When multiple image locations exist for an image, the locations are ordered based on the location strategy indicated by the configuration opt location_strategy. The image locations are shown under the image property locations.

NOTES:

  • Revealing image locations can present a GRAVE SECURITY RISK as image locations can sometimes include credentials. Hence, this is set to False by default. Set this to True with EXTREME CAUTION and ONLY IF you know what you are doing!
  • See https://wiki.openstack.org/wiki/OSSN/OSSN-0065 for more information.
  • If an operator wishes to avoid showing any image location(s) to the user, then both this option and show_image_direct_url MUST be set to False.

Possible values:

  • True
  • False

Related options:

  • show_image_direct_url
  • location_strategy

Deprecated since: Newton

*Reason:*Use of this option, deprecated since Newton, is a security risk and will be removed once we figure out a way to satisfy those use cases that currently require it. An earlier announcement that the same functionality can be achieved with greater granularity by using policies is incorrect. You cannot work around this option via policy configuration at the present time, though that is the direction we believe the fix will take. Please keep an eye on the Glance release notes to stay up to date on progress in addressing this issue.

syslog-log-facility = LOG_USER

string value

Syslog facility to receive log lines. This option is ignored if log_config_append is set.

tcp_keepidle = 600

integer value

Set the wait time before a connection recheck.

Provide a positive integer value representing time in seconds which is set as the idle wait time before a TCP keep alive packet can be sent to the host. The default value is 600 seconds.

Setting tcp_keepidle helps verify at regular intervals that a connection is intact and prevents frequent TCP connection reestablishment.

Possible values:

  • Positive integer value representing time in seconds

Related options:

  • None

transport_url = rabbit://

string value

The network address and optional user credentials for connecting to the messaging backend, in URL format. The expected format is:

driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query

Example: rabbit://rabbitmq:password@127.0.0.1:5672//

For full details on the fields in the URL see the documentation of oslo_messaging.TransportURL at https://docs.openstack.org/oslo.messaging/latest/reference/transport.html

use-journal = False

boolean value

Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.

use-json = False

boolean value

Use JSON formatting for logging. This option is ignored if log_config_append is set.

use-syslog = False

boolean value

Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.

use_eventlog = False

boolean value

Log output to Windows Event Log.

use_stderr = False

boolean value

Log output to standard error. This option is ignored if log_config_append is set.

user_storage_quota = 0

string value

Maximum amount of image storage per tenant.

This enforces an upper limit on the cumulative storage consumed by all images of a tenant across all stores. This is a per-tenant limit.

The default unit for this configuration option is Bytes. However, storage units can be specified using case-sensitive literals B, KB, MB, GB and TB representing Bytes, KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. Note that there should not be any space between the value and unit. Value 0 signifies no quota enforcement. Negative values are invalid and result in errors.

Possible values:

  • A string that is a valid concatenation of a non-negative integer representing the storage value and an optional string literal representing storage units as mentioned above.

Related options:

  • None

watch-log-file = False

boolean value

Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.

worker_self_reference_url = None

string value

The URL to this worker.

If this is set, other glance workers will know how to contact this one directly if needed. For image import, a single worker stages the image and other workers need to be able to proxy the import request to the right one.

If unset, this will be considered to be public_endpoint, which normally would be set to the same value on all workers, effectively disabling the proxying behavior.

Possible values:

  • A URL by which this worker is reachable from other workers

Related options:

  • public_endpoint

workers = None

integer value

Number of Glance worker processes to start.

Provide a non-negative integer value to set the number of child process workers to service requests. By default, the number of CPUs available is set as the value for workers limited to 8. For example if the processor count is 6, 6 workers will be used, if the processor count is 24 only 8 workers will be used. The limit will only apply to the default value, if 24 workers is configured, 24 is used.

Each worker process is made to listen on the port set in the configuration file and contains a greenthread pool of size 1000.

Note

Setting the number of workers to zero, triggers the creation of a single API process with a greenthread pool of size 1000.

Possible values:

  • 0
  • Positive integer value (typically equal to the number of CPUs)

Related options:

  • None

3.1.2. cinder

The following table outlines the options available under the [cinder] group in the /etc/glance/glance-api.conf file.

Table 3.1. cinder

Configuration option = Default valueTypeDescription

cinder_api_insecure = False

boolean value

Allow to perform insecure SSL requests to cinder.

If this option is set to True, HTTPS endpoint connection is verified using the CA certificates file specified by cinder_ca_certificates_file option.

Possible values:

  • True
  • False

Related options:

  • cinder_ca_certificates_file

cinder_ca_certificates_file = None

string value

Location of a CA certificates file used for cinder client requests.

The specified CA certificates file, if set, is used to verify cinder connections via HTTPS endpoint. If the endpoint is HTTP, this value is ignored. cinder_api_insecure must be set to True to enable the verification.

Possible values:

  • Path to a ca certificates file

Related options:

  • cinder_api_insecure

cinder_catalog_info = volumev3::publicURL

string value

Information to match when looking for cinder in the service catalog.

When the cinder_endpoint_template is not set and any of cinder_store_auth_address, cinder_store_user_name, cinder_store_project_name, cinder_store_password is not set, cinder store uses this information to lookup cinder endpoint from the service catalog in the current context. cinder_os_region_name, if set, is taken into consideration to fetch the appropriate endpoint.

The service catalog can be listed by the openstack catalog list command.

Possible values:

  • A string of of the following form: <service_type>:<service_name>:<interface> At least service_type and interface should be specified. service_name can be omitted.

Related options:

  • cinder_os_region_name
  • cinder_endpoint_template
  • cinder_store_auth_address
  • cinder_store_user_name
  • cinder_store_project_name
  • cinder_store_password

cinder_endpoint_template = None

string value

Override service catalog lookup with template for cinder endpoint.

When this option is set, this value is used to generate cinder endpoint, instead of looking up from the service catalog. This value is ignored if cinder_store_auth_address, cinder_store_user_name, cinder_store_project_name, and cinder_store_password are specified.

If this configuration option is set, cinder_catalog_info will be ignored.

Possible values:

  • URL template string for cinder endpoint, where %%(tenant)s is replaced with the current tenant (project) name. For example: http://cinder.openstack.example.org/v2/%%(tenant)s

Related options:

  • cinder_store_auth_address
  • cinder_store_user_name
  • cinder_store_project_name
  • cinder_store_password
  • cinder_catalog_info

cinder_enforce_multipath = False

boolean value

If this is set to True, attachment of volumes for image transfer will be aborted when multipathd is not running. Otherwise, it will fallback to single path.

Possible values:

  • True or False

Related options:

  • cinder_use_multipath

cinder_http_retries = 3

integer value

Number of cinderclient retries on failed http calls.

When a call failed by any errors, cinderclient will retry the call up to the specified times after sleeping a few seconds.

Possible values:

  • A positive integer

Related options:

  • None

cinder_mount_point_base = /var/lib/glance/mnt

string value

Directory where the NFS volume is mounted on the glance node.

Possible values:

  • A string representing absolute path of mount point.

cinder_os_region_name = None

string value

Region name to lookup cinder service from the service catalog.

This is used only when cinder_catalog_info is used for determining the endpoint. If set, the lookup for cinder endpoint by this node is filtered to the specified region. It is useful when multiple regions are listed in the catalog. If this is not set, the endpoint is looked up from every region.

Possible values:

  • A string that is a valid region name.

Related options:

  • cinder_catalog_info

cinder_state_transition_timeout = 300

integer value

Time period, in seconds, to wait for a cinder volume transition to complete.

When the cinder volume is created, deleted, or attached to the glance node to read/write the volume data, the volume’s state is changed. For example, the newly created volume status changes from creating to available after the creation process is completed. This specifies the maximum time to wait for the status change. If a timeout occurs while waiting, or the status is changed to an unexpected value (e.g. error), the image creation fails.

Possible values:

  • A positive integer

Related options:

  • None

cinder_store_auth_address = None

string value

The address where the cinder authentication service is listening.

When all of cinder_store_auth_address, cinder_store_user_name, cinder_store_project_name, and cinder_store_password options are specified, the specified values are always used for the authentication. This is useful to hide the image volumes from users by storing them in a project/tenant specific to the image service. It also enables users to share the image volume among other projects under the control of glance’s ACL.

If either of these options are not set, the cinder endpoint is looked up from the service catalog, and current context’s user and project are used.

Possible values:

  • A valid authentication service address, for example: http://openstack.example.org/identity/v2.0

Related options:

  • cinder_store_user_name
  • cinder_store_password
  • cinder_store_project_name

cinder_store_password = None

string value

Password for the user authenticating agains