[DEFAULT] # # From cotyledon # # Enables or disables logging values of all registered options # when starting a service (at DEBUG level). (boolean value) # Note: This option can be changed without restarting. #log_options = true # Specify a timeout after which a gracefully shutdown server # will exit. Zero value means endless wait. (integer value) # Note: This option can be changed without restarting. #graceful_shutdown_timeout = 60 # # From ironic # # Authentication strategy used by ironic-api. "noauth" should # not be used in a production environment because all # authentication will be disabled creating insecure operating # conditions. (string value) # Possible values: # noauth - no authentication # keystone - use the Identity service for authentication # http_basic - HTTP basic authentication #auth_strategy = keystone # Path to Apache format user authentication file used when # auth_strategy=http_basic (string value) #http_basic_auth_user_file = /etc/ironic/htpasswd # DEPRECATED: If True, Ironic allows access to Glance images # if an auth_token is present in the request context. (boolean # value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #allow_image_access_via_auth_token = false # If True, allows admin tasks to access image withoutmatching # project_id (boolean value) #ignore_project_check_for_admin_tasks = true # Return server tracebacks in the API response for any error # responses. WARNING: this is insecure and should not be used # in a production environment. (boolean value) #debug_tracebacks_in_api = false # Enable pecan debug mode. WARNING: this is insecure and # should not be used in a production environment. (boolean # value) #pecan_debug = false # Resource class to use for new nodes when no resource class # is provided in the creation request. (string value) # Note: This option can be changed without restarting. #default_resource_class = # The conductor_group to use for new nodes when no # conductor_group was defined in the creation request. (string # value) # Note: This option can be changed without restarting. #default_conductor_group = # If the Ironic API should utilize the RPC layer for database # interactions as opposed to directly connecting to the # database API endpoint. (boolean value) #use_rpc_for_database = false # Specify the list of hardware types to load during service # initialization. Missing hardware types, or hardware types # which fail to initialize, will prevent the conductor service # from starting. This option defaults to a recommended set of # production-oriented hardware types. A complete list of # hardware types present on your system may be found by # enumerating the "ironic.hardware.types" entrypoint. (list # value) #enabled_hardware_types = ipmi,redfish # Specify the list of bios interfaces to load during service # initialization. Missing bios interfaces, or bios interfaces # which fail to initialize, will prevent the ironic-conductor # service from starting. At least one bios interface that is # supported by each enabled hardware type must be enabled # here, or the ironic-conductor service will not start. Must # not be an empty list. The default value is a recommended set # of production-oriented bios interfaces. A complete list of # bios interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.bios" # entrypoint. When setting this value, please make sure that # every enabled hardware type will have the same set of # enabled bios interfaces on every ironic-conductor service. # (list value) #enabled_bios_interfaces = no-bios,redfish # Default bios interface to be used for nodes that do not have # bios_interface field set. A complete list of bios interfaces # present on your system may be found by enumerating the # "ironic.hardware.interfaces.bios" entrypoint. (string value) #default_bios_interface = # Specify the list of boot interfaces to load during service # initialization. Missing boot interfaces, or boot interfaces # which fail to initialize, will prevent the ironic-conductor # service from starting. At least one boot interface that is # supported by each enabled hardware type must be enabled # here, or the ironic-conductor service will not start. Must # not be an empty list. The default value is a recommended set # of production-oriented boot interfaces. A complete list of # boot interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.boot" # entrypoint. When setting this value, please make sure that # every enabled hardware type will have the same set of # enabled boot interfaces on every ironic-conductor service. # (list value) #enabled_boot_interfaces = ipxe,pxe,redfish-virtual-media # Default boot interface to be used for nodes that do not have # boot_interface field set. A complete list of boot interfaces # present on your system may be found by enumerating the # "ironic.hardware.interfaces.boot" entrypoint. (string value) #default_boot_interface = # Specify the list of console interfaces to load during # service initialization. Missing console interfaces, or # console interfaces which fail to initialize, will prevent # the ironic-conductor service from starting. At least one # console interface that is supported by each enabled hardware # type must be enabled here, or the ironic-conductor service # will not start. Must not be an empty list. The default value # is a recommended set of production-oriented console # interfaces. A complete list of console interfaces present on # your system may be found by enumerating the # "ironic.hardware.interfaces.console" entrypoint. When # setting this value, please make sure that every enabled # hardware type will have the same set of enabled console # interfaces on every ironic-conductor service. (list value) #enabled_console_interfaces = no-console # Default console interface to be used for nodes that do not # have console_interface field set. A complete list of console # interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.console" # entrypoint. (string value) #default_console_interface = # Specify the list of deploy interfaces to load during service # initialization. Missing deploy interfaces, or deploy # interfaces which fail to initialize, will prevent the # ironic-conductor service from starting. At least one deploy # interface that is supported by each enabled hardware type # must be enabled here, or the ironic-conductor service will # not start. Must not be an empty list. The default value is a # recommended set of production-oriented deploy interfaces. A # complete list of deploy interfaces present on your system # may be found by enumerating the # "ironic.hardware.interfaces.deploy" entrypoint. When setting # this value, please make sure that every enabled hardware # type will have the same set of enabled deploy interfaces on # every ironic-conductor service. (list value) #enabled_deploy_interfaces = direct,ramdisk # Default deploy interface to be used for nodes that do not # have deploy_interface field set. A complete list of deploy # interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.deploy" # entrypoint. (string value) #default_deploy_interface = # Specify the list of firmware interfaces to load during # service initialization. Missing firmware interfaces, or # firmware interfaces which fail to initialize, will prevent # the ironic-conductor service from starting. At least one # firmware interface that is supported by each enabled # hardware type must be enabled here, or the ironic-conductor # service will not start. Must not be an empty list. The # default value is a recommended set of production-oriented # firmware interfaces. A complete list of firmware interfaces # present on your system may be found by enumerating the # "ironic.hardware.interfaces.firmware" entrypoint. When # setting this value, please make sure that every enabled # hardware type will have the same set of enabled firmware # interfaces on every ironic-conductor service. (list value) #enabled_firmware_interfaces = no-firmware # Default firmware interface to be used for nodes that do not # have firmware_interface field set. A complete list of # firmware interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.firmware" # entrypoint. (string value) #default_firmware_interface = # Specify the list of inspect interfaces to load during # service initialization. Missing inspect interfaces, or # inspect interfaces which fail to initialize, will prevent # the ironic-conductor service from starting. At least one # inspect interface that is supported by each enabled hardware # type must be enabled here, or the ironic-conductor service # will not start. Must not be an empty list. The default value # is a recommended set of production-oriented inspect # interfaces. A complete list of inspect interfaces present on # your system may be found by enumerating the # "ironic.hardware.interfaces.inspect" entrypoint. When # setting this value, please make sure that every enabled # hardware type will have the same set of enabled inspect # interfaces on every ironic-conductor service. (list value) #enabled_inspect_interfaces = no-inspect,redfish # Default inspect interface to be used for nodes that do not # have inspect_interface field set. A complete list of inspect # interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.inspect" # entrypoint. (string value) #default_inspect_interface = # Specify the list of management interfaces to load during # service initialization. Missing management interfaces, or # management interfaces which fail to initialize, will prevent # the ironic-conductor service from starting. At least one # management interface that is supported by each enabled # hardware type must be enabled here, or the ironic-conductor # service will not start. Must not be an empty list. The # default value is a recommended set of production-oriented # management interfaces. A complete list of management # interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.management" # entrypoint. When setting this value, please make sure that # every enabled hardware type will have the same set of # enabled management interfaces on every ironic-conductor # service. (list value) #enabled_management_interfaces = # Default management interface to be used for nodes that do # not have management_interface field set. A complete list of # management interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.management" # entrypoint. (string value) #default_management_interface = # Specify the list of network interfaces to load during # service initialization. Missing network interfaces, or # network interfaces which fail to initialize, will prevent # the ironic-conductor service from starting. At least one # network interface that is supported by each enabled hardware # type must be enabled here, or the ironic-conductor service # will not start. Must not be an empty list. The default value # is a recommended set of production-oriented network # interfaces. A complete list of network interfaces present on # your system may be found by enumerating the # "ironic.hardware.interfaces.network" entrypoint. When # setting this value, please make sure that every enabled # hardware type will have the same set of enabled network # interfaces on every ironic-conductor service. (list value) #enabled_network_interfaces = flat,noop # Default network interface to be used for nodes that do not # have network_interface field set. A complete list of network # interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.network" # entrypoint. (string value) #default_network_interface = # Specify the list of power interfaces to load during service # initialization. Missing power interfaces, or power # interfaces which fail to initialize, will prevent the # ironic-conductor service from starting. At least one power # interface that is supported by each enabled hardware type # must be enabled here, or the ironic-conductor service will # not start. Must not be an empty list. The default value is a # recommended set of production-oriented power interfaces. A # complete list of power interfaces present on your system may # be found by enumerating the # "ironic.hardware.interfaces.power" entrypoint. When setting # this value, please make sure that every enabled hardware # type will have the same set of enabled power interfaces on # every ironic-conductor service. (list value) #enabled_power_interfaces = # Default power interface to be used for nodes that do not # have power_interface field set. A complete list of power # interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.power" # entrypoint. (string value) #default_power_interface = # Specify the list of raid interfaces to load during service # initialization. Missing raid interfaces, or raid interfaces # which fail to initialize, will prevent the ironic-conductor # service from starting. At least one raid interface that is # supported by each enabled hardware type must be enabled # here, or the ironic-conductor service will not start. Must # not be an empty list. The default value is a recommended set # of production-oriented raid interfaces. A complete list of # raid interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.raid" # entrypoint. When setting this value, please make sure that # every enabled hardware type will have the same set of # enabled raid interfaces on every ironic-conductor service. # (list value) #enabled_raid_interfaces = agent,no-raid,redfish # Default raid interface to be used for nodes that do not have # raid_interface field set. A complete list of raid interfaces # present on your system may be found by enumerating the # "ironic.hardware.interfaces.raid" entrypoint. (string value) #default_raid_interface = # Specify the list of rescue interfaces to load during service # initialization. Missing rescue interfaces, or rescue # interfaces which fail to initialize, will prevent the # ironic-conductor service from starting. At least one rescue # interface that is supported by each enabled hardware type # must be enabled here, or the ironic-conductor service will # not start. Must not be an empty list. The default value is a # recommended set of production-oriented rescue interfaces. A # complete list of rescue interfaces present on your system # may be found by enumerating the # "ironic.hardware.interfaces.rescue" entrypoint. When setting # this value, please make sure that every enabled hardware # type will have the same set of enabled rescue interfaces on # every ironic-conductor service. (list value) #enabled_rescue_interfaces = no-rescue # Default rescue interface to be used for nodes that do not # have rescue_interface field set. A complete list of rescue # interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.rescue" # entrypoint. (string value) #default_rescue_interface = # Specify the list of storage interfaces to load during # service initialization. Missing storage interfaces, or # storage interfaces which fail to initialize, will prevent # the ironic-conductor service from starting. At least one # storage interface that is supported by each enabled hardware # type must be enabled here, or the ironic-conductor service # will not start. Must not be an empty list. The default value # is a recommended set of production-oriented storage # interfaces. A complete list of storage interfaces present on # your system may be found by enumerating the # "ironic.hardware.interfaces.storage" entrypoint. When # setting this value, please make sure that every enabled # hardware type will have the same set of enabled storage # interfaces on every ironic-conductor service. (list value) #enabled_storage_interfaces = cinder,noop # Default storage interface to be used for nodes that do not # have storage_interface field set. A complete list of storage # interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.storage" # entrypoint. (string value) #default_storage_interface = noop # Specify the list of vendor interfaces to load during service # initialization. Missing vendor interfaces, or vendor # interfaces which fail to initialize, will prevent the # ironic-conductor service from starting. At least one vendor # interface that is supported by each enabled hardware type # must be enabled here, or the ironic-conductor service will # not start. Must not be an empty list. The default value is a # recommended set of production-oriented vendor interfaces. A # complete list of vendor interfaces present on your system # may be found by enumerating the # "ironic.hardware.interfaces.vendor" entrypoint. When setting # this value, please make sure that every enabled hardware # type will have the same set of enabled vendor interfaces on # every ironic-conductor service. (list value) #enabled_vendor_interfaces = ipmitool,redfish,no-vendor # Default vendor interface to be used for nodes that do not # have vendor_interface field set. A complete list of vendor # interfaces present on your system may be found by # enumerating the "ironic.hardware.interfaces.vendor" # entrypoint. (string value) #default_vendor_interface = # Max number of characters of any node # last_error/maintenance_reason pushed to database. (integer # value) #log_in_db_max_size = 4096 # Exponent to determine number of hash partitions to use when # distributing load across conductors. Larger values will # result in more even distribution of load and less load when # rebalancing the ring, but more memory usage. Number of # partitions per conductor is (2^hash_partition_exponent). # This determines the granularity of rebalancing: given 10 # hosts, and an exponent of the 2, there are 40 partitions in # the ring.A few thousand partitions should make rebalancing # smooth in most cases. The default is suitable for up to a # few hundred conductors. Configuring for too many partitions # has a negative impact on CPU usage. (integer value) #hash_partition_exponent = 5 # Time (in seconds) after which the hash ring is considered # outdated and is refreshed on the next access. (integer # value) #hash_ring_reset_interval = 15 # If True, convert backing images to "raw" disk image format. # (boolean value) # Note: This option can be changed without restarting. #force_raw_images = true # The scale factor used for estimating the size of a raw image # converted from compact image formats such as QCOW2. Default # is 2.0, must be greater than 1.0. (floating point value) # Minimum value: 1.0 #raw_image_growth_factor = 2.0 # Path to isolinux binary file. (string value) #isolinux_bin = /usr/lib/syslinux/isolinux.bin # Template file for isolinux configuration file. (string # value) #isolinux_config_template = $pybasedir/common/isolinux_config.template # GRUB2 configuration file location on the UEFI ISO images # produced by ironic. The default value is usually incorrect # and should not be relied on. If you use a GRUB2 image from a # certain distribution, use a distribution-specific path here, # e.g. EFI/ubuntu/grub.cfg (string value) #grub_config_path = EFI/BOOT/grub.cfg # Template file for grub configuration file. (string value) #grub_config_template = $pybasedir/common/grub_conf.template # Path to ldlinux.c32 file. This file is required for syslinux # 5.0 or later. If not specified, the file is looked for in # "/usr/lib/syslinux/modules/bios/ldlinux.c32" and # "/usr/share/syslinux/ldlinux.c32". (string value) #ldlinux_c32 = # Path to EFI System Partition image file. This file is # recommended for creating UEFI bootable ISO images # efficiently. ESP image should contain a # FAT12/16/32-formatted file system holding EFI boot loaders # (e.g. GRUB2) for each hardware architecture ironic needs to # boot. This option is only used when neither ESP nor ISO # deploy image is configured to the node being deployed in # which case ironic will attempt to fetch ESP image from the # configured location or extract ESP image from UEFI-bootable # deploy ISO image. (string value) #esp_image = # DEPRECATED: Run image downloads and raw format conversions # in parallel. (boolean value) # Note: This option can be changed without restarting. # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Use image_download_concurrency #parallel_image_downloads = true # How many image downloads and raw format conversions to run # in parallel. Only affects image caches. (integer value) # Minimum value: 1 #image_download_concurrency = 20 # IPv4 address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use "127.0.0.1". # NOTE: This field does accept an IPv6 address as an override # for templates and URLs, however it is recommended that # [DEFAULT]my_ipv6 is used along with DNS names for service # URLs for dual-stack environments. (string value) # # This option has a sample default set, which means that # its actual default value may vary from the one documented # below. #my_ip = 127.0.0.1 # IP address of this host using IPv6. This value must be # supplied via the configuration and cannot be adequately # programmatically determined like the [DEFAULT]my_ip # parameter for IPv4. (string value) # # This option has a sample default set, which means that # its actual default value may vary from the one documented # below. #my_ipv6 = 2001:db8::1 # Specifies the minimum level for which to send notifications. # If not set, no notifications will be sent. The default is # for this option to be unset. (string value) # Possible values: # debug - "debug" level # info - "info" level # warning - "warning" level # error - "error" level # critical - "critical" level #notification_level = # # Specifies the topics for the versioned notifications issued # by Ironic. # # The default value is fine for most deployments and rarely # needs to be changed. # However, if you have a third-party service that consumes # versioned # notifications, it might be worth getting a topic for that # service. # Ironic will send a message containing a versioned # notification payload to each # topic queue in this list. # # The list of versioned notifications is visible in # https://docs.openstack.org/ironic/latest/admin/notifications.html # (list value) #versioned_notifications_topics = ironic_versioned_notifications # Directory where the ironic python module is installed. # (string value) # # This option has a sample default set, which means that # its actual default value may vary from the one documented # below. #pybasedir = /usr/lib/python/site-packages/ironic/ironic # Directory where ironic binaries are installed. (string # value) #bindir = $pybasedir/bin # Top-level directory for maintaining ironic's state. (string # value) #state_path = $pybasedir # Default mode for portgroups. Allowed values can be found in # the linux kernel documentation on bonding: # https://www.kernel.org/doc/Documentation/networking/bonding.txt. # (string value) # Note: This option can be changed without restarting. #default_portgroup_mode = active-backup # Name of this node. This can be an opaque identifier. It is # not necessarily a hostname, FQDN, or IP address. However, # the node name must be valid within an AMQP key. (string # value) # # This option has a sample default set, which means that # its actual default value may vary from the one documented # below. #host = localhost # Used for rolling upgrades. Setting this option downgrades # (or pins) the Bare Metal API, the internal ironic RPC # communication, and the database objects to their respective # versions, so they are compatible with older services. When # doing a rolling upgrade from version N to version N+1, set # (to pin) this to N. To unpin (default), leave it unset and # the latest versions will be used. (string value) # Possible values: # zed - "zed" release # yoga - "yoga" release # antelope - "antelope" release # 9.2 - "9.2" release # 33.0 - "33.0" release # 32.0 - "32.0" release # 31.0 - "31.0" release # 30.0 - "30.0" release # 29.0 - "29.0" release # 28.0 - "28.0" release # 27.0 - "27.0" release # 26.1 - "26.1" release # 26.0 - "26.0" release # 25.0 - "25.0" release # 24.1 - "24.1" release # 24.0 - "24.0" release # 23.1 - "23.1" release # 23.0 - "23.0" release # 22.1 - "22.1" release # 22.0 - "22.0" release # 21.4 - "21.4" release # 21.3 - "21.3" release # 21.2 - "21.2" release # 21.1 - "21.1" release # 21.0 - "21.0" release # 2025.2 - "2025.2" release # 2025.1 - "2025.1" release # 2024.2 - "2024.2" release # 2024.1 - "2024.1" release # 2023.2 - "2023.2" release # 2023.1 - "2023.1" release # 20.2 - "20.2" release # 20.1 - "20.1" release # 20.0 - "20.0" release # 19.0 - "19.0" release # 18.2 - "18.2" release # 18.1 - "18.1" release # 18.0 - "18.0" release # 17.0 - "17.0" release # 16.2 - "16.2" release # 16.1 - "16.1" release # 16.0 - "16.0" release # 15.1 - "15.1" release # 15.0 - "15.0" release # 14.0 - "14.0" release # 13.0 - "13.0" release # 12.2 - "12.2" release # 12.1 - "12.1" release # 12.0 - "12.0" release # 11.1 - "11.1" release # 11.0 - "11.0" release # 10.1 - "10.1" release # 10.0 - "10.0" release # Note: This option can be changed without restarting. #pin_release_version = # Which RPC transport implementation to use between conductor # and API services (string value) # Possible values: # oslo - use oslo.messaging transport # json-rpc - use JSON RPC transport # none - No RPC, only use local conductor #rpc_transport = oslo # Setting to govern if Ironic should only warn instead of # attempting to hold back the request in order to prevent the # exhaustion of system memory. (boolean value) # Note: This option can be changed without restarting. #minimum_memory_warning_only = false # Minimum memory in MiB for the system to have available prior # to starting a memory intensive process on the conductor. # (integer value) # Note: This option can be changed without restarting. #minimum_required_memory = 1024 # Seconds to wait between retries for free memory before # launching the process. This, combined with # ``memory_wait_retries`` allows the conductor to determine # how long we should attempt to directly retry. (integer # value) # Note: This option can be changed without restarting. #minimum_memory_wait_time = 15 # Number of retries to hold onto the worker before failing or # returning the thread to the pool if the conductor can # automatically retry. (integer value) # Note: This option can be changed without restarting. #minimum_memory_wait_retries = 6 # Timeout (seconds) after which a server will exit from a # drain shutdown. Drain shutdowns are triggered by sending the # signal SIGUSR2. Zero value means shutdown will never be # triggered by a timeout. (integer value) # Note: This option can be changed without restarting. #drain_shutdown_timeout = 1800 # Temporary working directory, default is Python temp dir. # (string value) # # This option has a sample default set, which means that # its actual default value may vary from the one documented # below. #tempdir = /tmp # CA certificates to be used for certificate verification. # This can be either a Boolean value or a path to a CA_BUNDLE # file.If set to True, the certificates present in the # standard path are used to verify the host certificates.If # set to False, the conductor will ignore verifying the SSL # certificate presented by the host.If it"s a path, conductor # uses the specified certificate for SSL verification. If the # path does not exist, the behavior is same as when this value # is set to True i.e the certificates present in the standard # path are used for SSL verification. (string value) # Note: This option can be changed without restarting. #webserver_verify_ca = True # Connection timeout when accessing/interacting with remote # web servers with images or other artifacts being accessed. # An excessive value here is not advisable as excessive # requests to an unreachable endpoint can result in Ironic # service resources being consumed waiting for the connection # to timeout. (integer value) #webserver_connection_timeout = 60 # Enable elevated access for users with service role belonging # to the 'rbac_service_project_name' project when using # default policy. The default setting of disabled causes all # service role requests to be scoped to the project the # service account belongs to. (boolean value) #rbac_service_role_elevated_access = false # The project name utilized for Role Based Access Control # checks for the reserved `service` project. This project is # utilized for services to have accounts for cross-service # communication. Often these accounts require higher levels of # access, and effectively this permits accounts from the # service to not be restricted to project scoping of # responses. i.e. The service project user with a `service` # role will be able to see nodes across all projects, similar # to System scoped access. If not set to a value, and all # service role access will be filtered matching an `owner` or # `lessee`, if applicable. If an operator wishes to make # behavior visible for all service role users across all # projects, then a custom policy must be used to override the # default "service_role" rule. It should be noted that the # value of "service" is a default convention for OpenStack # deployments, but the requisite access and details around end # configuration are largely up to an operator if they are # doing an OpenStack deployment manually. (string value) #rbac_service_project_name = service # Hash function to use when building the hash ring. If running # on a FIPS system, do not use md5. WARNING: all ironic # services in a cluster MUST use the same algorithm at all # times. Changing the algorithm requires an offline update. # (string value) # Possible values: # sha224 - # sha1 - # sha3_384 - # sha3_512 - # sha3_256 - # sha3_224 - # blake2b - # shake_128 - # blake2s - # shake_256 - # md5 - # sha256 - # sha384 - # sha512 - # Advanced Option: intended for advanced users and not used # by the majority of users, and might have a significant # effect on stability and/or performance. #hash_ring_algorithm = md5 # # From oslo.log # # If set to true, the logging level will be set to DEBUG # instead of the default INFO level. (boolean value) # Note: This option can be changed without restarting. #debug = false # The name of a logging configuration file. This file is # appended to any existing logging configuration files. For # details about logging configuration files, see the Python # logging module documentation. Note that when logging # configuration files are used then all logging configuration # is set in the configuration file and other logging # configuration options are ignored (for example, log-date- # format). (string value) # Note: This option can be changed without restarting. # Deprecated group/name - [DEFAULT]/log_config #log_config_append = # Defines the format string for %%(asctime)s in log records. # Default: %(default)s . This option is ignored if # log_config_append is set. (string value) #log_date_format = %Y-%m-%d %H:%M:%S # (Optional) Name of log file to send logging output to. If no # default is set, logging will go to stderr as defined by # use_stderr. This option is ignored if log_config_append is # set. (string value) # Deprecated group/name - [DEFAULT]/logfile #log_file = # (Optional) The base directory used for relative log_file # paths. This option is ignored if log_config_append is set. # (string value) # Deprecated group/name - [DEFAULT]/logdir #log_dir = # Use syslog for logging. Existing syslog format is DEPRECATED # and will be changed later to honor RFC5424. This option is # ignored if log_config_append is set. (boolean value) #use_syslog = false # Enable journald for logging. If running in a systemd # environment you may wish to enable journal support. Doing so # will use the journal native protocol which includes # structured metadata in addition to log messages.This option # is ignored if log_config_append is set. (boolean value) #use_journal = false # Syslog facility to receive log lines. This option is ignored # if log_config_append is set. (string value) #syslog_log_facility = LOG_USER # Use JSON formatting for logging. This option is ignored if # log_config_append is set. (boolean value) #use_json = false # Log output to standard error. This option is ignored if # log_config_append is set. (boolean value) #use_stderr = false # (Optional) Set the 'color' key according to log levels. This # option takes effect only when logging to stderr or stdout is # used. This option is ignored if log_config_append is set. # (boolean value) #log_color = false # The amount of time before the log files are rotated. This # option is ignored unless log_rotation_type is set to # "interval". (integer value) #log_rotate_interval = 1 # Rotation interval type. The time of the last file change (or # the time when the service was started) is used when # scheduling the next rotation. (string value) # Possible values: # Seconds - # Minutes - # Hours - # Days - # Weekday - # Midnight - #log_rotate_interval_type = days # Maximum number of rotated log files. (integer value) #max_logfile_count = 30 # Log file maximum size in MB. This option is ignored if # "log_rotation_type" is not set to "size". (integer value) #max_logfile_size_mb = 200 # Log rotation type. (string value) # Possible values: # interval - Rotate logs at predefined time intervals. # size - Rotate logs once they reach a predefined size. # none - Do not rotate log files. #log_rotation_type = none # Format string to use for log messages with context. Used by # oslo_log.formatters.ContextFormatter (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s # Format string to use for log messages when context is # undefined. Used by oslo_log.formatters.ContextFormatter # (string value) #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s # Additional data to append to log message when logging level # for the message is DEBUG. Used by # oslo_log.formatters.ContextFormatter (string value) #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d # Prefix each line of exception output with this format. Used # by oslo_log.formatters.ContextFormatter (string value) #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s # Defines the format string for %(user_identity)s that is used # in logging_context_format_string. Used by # oslo_log.formatters.ContextFormatter (string value) #logging_user_identity_format = %(user)s %(project)s %(domain)s %(system_scope)s %(user_domain)s %(project_domain)s # List of package logging levels in logger=LEVEL pairs. This # option is ignored if log_config_append is set. (list value) #default_log_levels = amqp=WARNING,amqplib=WARNING,qpid.messaging=INFO,oslo.messaging=INFO,oslo_messaging=INFO,stevedore=INFO,iso8601=WARNING,requests=WARNING,urllib3.connectionpool=WARNING,keystonemiddleware.auth_token=INFO,keystoneauth.session=INFO,openstack=WARNING,oslo_policy=WARNING,oslo_concurrency.lockutils=WARNING # Enables or disables publication of error events. (boolean # value) #publish_errors = false # The format for an instance that is passed with the log # message. (string value) #instance_format = "[instance: %(uuid)s] " # The format for an instance UUID that is passed with the log # message. (string value) #instance_uuid_format = "[instance: %(uuid)s] " # Interval, number of seconds, of log rate limiting. (integer # value) #rate_limit_interval = 0 # Maximum number of logged messages per rate_limit_interval. # (integer value) #rate_limit_burst = 0 # Log level name used by rate limiting. Logs with level # greater or equal to rate_limit_except_level are not # filtered. An empty string means that all levels are # filtered. (string value) # Possible values: # CRITICAL - # ERROR - # INFO - # WARNING - # DEBUG - # '' - #rate_limit_except_level = CRITICAL # Enables or disables fatal status of deprecations. (boolean # value) #fatal_deprecations = false # # From oslo.messaging # # Size of executor thread pool when executor is threading or # eventlet. (integer value) # Deprecated group/name - [DEFAULT]/rpc_thread_pool_size #executor_thread_pool_size = 64 # Seconds to wait for a response from a call. (integer value) #rpc_response_timeout = 60 # The network address and optional user credentials for # connecting to the messaging backend, in URL format. The # expected format is: # # driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query # # Example: rabbit://rabbitmq:password@127.0.0.1:5672// # # For full details on the fields in the URL see the # documentation of oslo_messaging.TransportURL at # https://docs.openstack.org/oslo.messaging/latest/reference/transport.html # (string value) #transport_url = rabbit:// # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the # transport_url option. (string value) #control_exchange = openstack # Add an endpoint to answer to ping calls. Endpoint is named # oslo_rpc_server_ping (boolean value) #rpc_ping_enabled = false # # From oslo.service.periodic_task # # Some periodic tasks can be run in a separate process. Should # we run them here? (boolean value) #run_external_periodic_tasks = true [agent] # # From ironic # # DEPRECATED: Whether Ironic will manage booting of the agent # ramdisk. If set to False, you will need to configure your # mechanism to allow booting the agent ramdisk. Deprecated for # removal in 2025.2 release. (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #manage_agent_boot = true # The memory size in MiB consumed by agent when it is booted # on a bare metal node. This is used for checking if the image # can be downloaded and deployed on the bare metal node after # booting agent ramdisk. This may be set according to the # memory consumed by the agent ramdisk image. (integer value) # Note: This option can be changed without restarting. #memory_consumed_by_agent = 0 # Whether the agent ramdisk should stream raw images directly # onto the disk or not. By streaming raw images directly onto # the disk the agent ramdisk will not spend time copying the # image to a tmpfs partition (therefore consuming less memory) # prior to writing it to the disk. Unless the disk where the # image will be copied to is really slow, this option should # be set to True. Defaults to True. (boolean value) # Note: This option can be changed without restarting. #stream_raw_images = true # Number of times to retry getting power state to check if # bare metal node has been powered off after a soft power off. # (integer value) #post_deploy_get_power_state_retries = 6 # Amount of time (in seconds) to wait between polling power # state after trigger soft poweroff. (integer value) #post_deploy_get_power_state_retry_interval = 5 # API version to use for communicating with the ramdisk agent. # (string value) #agent_api_version = v1 # Whether Ironic should collect the deployment logs on # deployment failure (on_failure), always or never. (string # value) # Possible values: # always - always collect the logs # on_failure - only collect logs if there is a failure # never - never collect logs # Note: This option can be changed without restarting. #deploy_logs_collect = on_failure # The name of the storage backend where the logs will be # stored. (string value) # Possible values: # local - store the logs locally # swift - store the logs in Object Storage service # Note: This option can be changed without restarting. #deploy_logs_storage_backend = local # The path to the directory where the logs should be stored, # used when the deploy_logs_storage_backend is configured to # "local". (string value) # Note: This option can be changed without restarting. #deploy_logs_local_path = /var/log/ironic/deploy # The name of the Swift container to store the logs, used when # the deploy_logs_storage_backend is configured to "swift". # (string value) # Note: This option can be changed without restarting. #deploy_logs_swift_container = ironic_deploy_logs_container # Number of days before a log object is marked as expired in # Swift. If None, the logs will be kept forever or until # manually deleted. Used when the deploy_logs_storage_backend # is configured to "swift". (integer value) # Note: This option can be changed without restarting. #deploy_logs_swift_days_to_expire = 30 # Specifies whether direct deploy interface should try to use # the image source directly or if ironic should cache the # image on the conductor and serve it from ironic's own http # server. (string value) # Possible values: # swift - IPA ramdisk retrieves instance image from the Object # Storage service. # http - IPA ramdisk retrieves instance image from HTTP # service served at conductor nodes. # local - Same as "http", but HTTP images are also cached # locally, converted and served from the conductor # Note: This option can be changed without restarting. #image_download_source = http # Timeout (in seconds) for IPA commands. A large timeout value # may result in the conductor free worker pool becoming # exhausted should a multi-node network connectivity issue # arise during inband operations. These commands also cause # the individual node lock to be held while in progress, which # prevents new requests from being acted upon for the impacted # nodes until the issue has been resolved. (integer value) # Note: This option can be changed without restarting. #command_timeout = 60 # This is the maximum number of attempts that will be done for # IPA commands that fails due to network problems. (integer # value) #max_command_attempts = 3 # Number of attempts to check for asynchronous commands # completion before timing out. (integer value) #command_wait_attempts = 100 # Number of seconds to wait for between checks for # asynchronous commands completion. (integer value) #command_wait_interval = 6 # The number of seconds Neutron agent will wait between # polling for device changes. This value should be the same as # CONF.AGENT.polling_interval in Neutron configuration. # (integer value) # Note: This option can be changed without restarting. #neutron_agent_poll_interval = 2 # Max number of attempts to validate a Neutron agent status # before raising network error for a dead agent. (integer # value) #neutron_agent_max_attempts = 100 # Wait time in seconds between attempts for validating Neutron # agent status. (integer value) #neutron_agent_status_retry_interval = 10 # If set to False, callback URLs without https:// will be # permitted by the conductor, which may be needed for # backwards compatibility outside of the supported version # window. (boolean value) # Note: This option can be changed without restarting. #require_tls = true # Path to store auto-generated TLS certificates used to # validate connections to the ramdisk. (string value) #certificates_path = /var/lib/ironic/certificates # Path to the TLS CA to validate connection to the ramdisk. # Set to True to use the system default CA storage. Set to # False to disable validation. Ignored when automatic TLS # setup is used. (string value) #verify_ca = True # Path to the TLS CA that is used to start the bare metal API. # In some boot methods this file can be passed to the ramdisk. # (string value) #api_ca_file = # When enabled, the agent will be notified it is permitted to # consider MD5 checksums. This option is expected to change to # a default of False in a 2024 release of Ironic. (boolean # value) #allow_md5_checksum = true [anaconda] # # From ironic # # kickstart template to use when no kickstart template is # specified in the instance_info or the glance OS image. # (string value) # Note: This option can be changed without restarting. #default_ks_template = $pybasedir/drivers/modules/ks.cfg.template # Option to allow the kickstart configuration to be informed # if SSL/TLS certificate verification should be enforced, or # not. This option exists largely to facilitate easy testing # and use of the ``anaconda`` deployment interface. When this # option is set, heartbeat operations, depending on the # contents of the utilized kickstart template, may not enforce # TLS certificate verification. (boolean value) # Note: This option can be changed without restarting. #insecure_heartbeat = false [ansible] # # From ironic # # Extra arguments to pass on every invocation of Ansible. # (string value) #ansible_extra_args = # Set ansible verbosity level requested when invoking # "ansible-playbook" command. 4 includes detailed SSH session # logging. Default is 4 when global debug is enabled and 0 # otherwise. (integer value) # Minimum value: 0 # Maximum value: 4 #verbosity = # Path to "ansible-playbook" script. Default will search the # $PATH configured for user running ironic-conductor process. # Provide the full path when ansible-playbook is not in $PATH # or installed in not default location. (string value) #ansible_playbook_script = ansible-playbook # Path to directory with playbooks, roles and local inventory. # (string value) #playbooks_path = $pybasedir/drivers/modules/ansible/playbooks # Path to ansible configuration file. If set to empty, system # default will be used. (string value) #config_file_path = $pybasedir/drivers/modules/ansible/playbooks/ansible.cfg # Number of times to retry getting power state to check if # bare metal node has been powered off after a soft power off. # Value of 0 means do not retry on failure. (integer value) # Minimum value: 0 #post_deploy_get_power_state_retries = 6 # Amount of time (in seconds) to wait between polling power # state after trigger soft poweroff. (integer value) # Minimum value: 0 #post_deploy_get_power_state_retry_interval = 5 # Extra amount of memory in MiB expected to be consumed by # Ansible-related processes on the node. Affects decision # whether image will fit into RAM. (integer value) #extra_memory = 10 # Skip verifying SSL connections to the image store when # downloading the image. Setting it to "True" is only # recommended for testing environments that use self-signed # certificates. (boolean value) #image_store_insecure = false # Specific CA bundle to use for validating SSL connections to # the image store. If not specified, CA available in the # ramdisk will be used. Is not used by default playbooks # included with the driver. Suitable for environments that use # self-signed certificates. (string value) #image_store_cafile = # Client cert to use for SSL connections to image store. Is # not used by default playbooks included with the driver. # (string value) #image_store_certfile = # Client key to use for SSL connections to image store. Is not # used by default playbooks included with the driver. (string # value) #image_store_keyfile = # Name of the user to use for Ansible when connecting to the # ramdisk over SSH. It may be overridden by per-node # 'ansible_username' option in node's 'driver_info' field. # (string value) #default_username = ansible # Absolute path to the private SSH key file to use by Ansible # by default when connecting to the ramdisk over SSH. Default # is to use default SSH keys configured for the user running # the ironic-conductor service. Private keys with password # must be pre-loaded into 'ssh-agent'. It may be overridden by # per-node 'ansible_key_file' option in node's 'driver_info' # field. (string value) #default_key_file = # Path (relative to $playbooks_path or absolute) to the # default playbook used for deployment. It may be overridden # by per-node 'ansible_deploy_playbook' option in node's # 'driver_info' field. (string value) #default_deploy_playbook = deploy.yaml # Path (relative to $playbooks_path or absolute) to the # default playbook used for graceful in-band shutdown of the # node. It may be overridden by per-node # 'ansible_shutdown_playbook' option in node's 'driver_info' # field. (string value) #default_shutdown_playbook = shutdown.yaml # Path (relative to $playbooks_path or absolute) to the # default playbook used for node cleaning. It may be # overridden by per-node 'ansible_clean_playbook' option in # node's 'driver_info' field. (string value) #default_clean_playbook = clean.yaml # Path (relative to $playbooks_path or absolute) to the # default auxiliary cleaning steps file used during the node # cleaning. It may be overridden by per-node # 'ansible_clean_steps_config' option in node's 'driver_info' # field. (string value) #default_clean_steps_config = clean_steps.yaml # Absolute path to the python interpreter on the managed # machines. It may be overridden by per-node # 'ansible_python_interpreter' option in node's 'driver_info' # field. By default, ansible uses /usr/bin/python (string # value) #default_python_interpreter = [api] # # From ironic # # The IP address or hostname on which ironic-api listens. # (host address value) #host_ip = 0.0.0.0 # The TCP port on which ironic-api listens. (port value) # Minimum value: 0 # Maximum value: 65535 #port = 6385 # Unix socket to listen on. Disables host_ip and port. (string # value) #unix_socket = # File mode (an octal number) of the unix socket to listen on. # Ignored if unix_socket is not set. (integer value) #unix_socket_mode = # The maximum number of items returned in a single response # from a collection resource. (integer value) # Note: This option can be changed without restarting. #max_limit = 1000 # Public URL to use when building the links to the API # resources (for example, "https://ironic.rocks:6384"). If # None the links will be built using the request's host URL. # If the API is operating behind a proxy, you will want to # change this to represent the proxy's URL. Defaults to None. # Ignored when proxy headers parsing is enabled via # [oslo_middleware]enable_proxy_headers_parsing option. # (string value) # Note: This option can be changed without restarting. #public_endpoint = # Number of workers for OpenStack Ironic API service. The # default is equal to the number of CPUs available, but not # more than 4. One worker is used if the CPU number cannot be # detected. (integer value) #api_workers = # Enable the integrated stand-alone API to service requests # via HTTPS instead of HTTP. If there is a front-end service # performing HTTPS offloading from the service, this option # should be False; note, you will want to enable proxy headers # parsing with [oslo_middleware]enable_proxy_headers_parsing # option or configure [api]public_endpoint option to set URLs # in responses to the SSL terminated one. (boolean value) #enable_ssl_api = false # Whether to restrict the lookup API to only nodes in certain # states. Setting this to False can be insecure and is not # advisable. (boolean value) # Note: This option can be changed without restarting. #restrict_lookup = true # Maximum interval (in seconds) for agent heartbeats. (integer # value) # Note: This option can be changed without restarting. #ramdisk_heartbeat_timeout = 300 # Schema for network data used by this deployment. (string # value) #network_data_schema = $pybasedir/api/controllers/v1/network-data-schema.json # If a project scoped administrative user is permitted to # create/delete baremetal nodes in their project. (boolean # value) # Note: This option can be changed without restarting. #project_admin_can_manage_own_nodes = true # Specifies a list of boot modes that are not allowed during # enrollment. Eg: ['bios'] (list value) # Note: This option can be changed without restarting. #disallowed_enrollment_boot_modes = # Certificate file to use when starting the server securely. # (string value) #cert_file = # Private key file to use when starting the server securely. # (string value) #key_file = [audit] # # From ironic # # Enable auditing of API requests (for ironic-api service). # (boolean value) #enabled = false # Path to audit map file for ironic-api service. Used only # when API audit is enabled. (string value) #audit_map_file = /etc/ironic/api_audit_map.conf # Comma separated list of Ironic REST API HTTP methods to be # ignored during audit logging. For example: auditing will not # be done on any GET or POST requests if this is set to # "GET,POST". It is used only when API audit is enabled. # (string value) #ignore_req_list = [audit_middleware_notifications] # # From keystonemiddleware.audit # # Indicate whether to use oslo_messaging as the notifier. If # set to False, the local logger will be used as the notifier. # If set to True, the oslo_messaging package must also be # present. Otherwise, the local will be used instead. (boolean # value) #use_oslo_messaging = true # The Driver to handle sending notifications. Possible values # are messaging, messagingv2, routing, log, test, noop. If not # specified, then value from oslo_messaging_notifications conf # section is used. (string value) #driver = # List of AMQP topics used for OpenStack notifications. If not # specified, then value from oslo_messaging_notifications # conf section is used. (list value) #topics = # A URL representing messaging driver to use for notification. # If not specified, we fall back to the same configuration # used for RPC. (string value) #transport_url = [auto_discovery] # # From ironic # # Setting this to True enables automatic enrollment of # inspected nodes that are not recognized. When enabling this # feature, keep in mind that any machine hitting the # inspection callback endpoint will be automatically enrolled. # The driver must be set when setting this to True. (boolean # value) # Note: This option can be changed without restarting. #enabled = false # The default driver to use for newly enrolled nodes. Must be # set when enabling auto-discovery. (string value) # Note: This option can be changed without restarting. #driver = # The default inspection scope for nodes enrolled via auto- # discovery. (string value) #inspection_scope = [cinder] # # From ironic # # Number of retries in the case of a failed action (currently # only used when detaching volumes). (integer value) #action_retries = 3 # Retry interval in seconds in the case of a failed action # (only specific actions are retried). (integer value) #action_retry_interval = 5 # Authentication URL (string value) #auth_url = # Authentication type to load (string value) # Deprecated group/name - [cinder]/auth_plugin #auth_type = # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) #cafile = # PEM encoded client certificate cert file (string value) #certfile = # Collect per-API call timing information. (boolean value) #collect_timing = false # The maximum number of retries that should be attempted for # connection errors. (integer value) #connect_retries = # Delay (in seconds) between two retries for connection # errors. If not set, exponential retry starting with 0.5 # seconds up to a maximum of 60 seconds is used. (floating # point value) #connect_retry_delay = # Optional domain ID to use with v3 and v2 parameters. It will # be used for both the user and project domain in v3 and # ignored in v2 authentication. (string value) #default_domain_id = # Optional domain name to use with v3 API and v2 parameters. # It will be used for both the user and project domain in v3 # and ignored in v2 authentication. (string value) #default_domain_name = # Domain ID to scope to (string value) #domain_id = # Domain name to scope to (string value) #domain_name = # Always use this endpoint URL for requests for this client. # NOTE: The unversioned endpoint should be specified here; to # request a particular API version, use the `version`, `min- # version`, and/or `max-version` options. (string value) #endpoint_override = # Verify HTTPS connections. (boolean value) #insecure = false # PEM encoded client certificate key file (string value) #keyfile = # The maximum major version of a given API, intended to be # used as the upper bound of a range with min_version. # Mutually exclusive with version. (string value) #max_version = # The minimum major version of a given API, intended to be # used as the lower bound of a range with max_version. # Mutually exclusive with version. If min_version is given # with no max_version it is as if max version is "latest". # (string value) #min_version = # User's password (string value) #password = # Domain ID containing project (string value) #project_domain_id = # Domain name containing project (string value) #project_domain_name = # Project ID to scope to (string value) # Deprecated group/name - [cinder]/tenant_id #project_id = # Project name to scope to (string value) # Deprecated group/name - [cinder]/tenant_name #project_name = # The default region_name for endpoint URL discovery. (string # value) #region_name = # List of retriable HTTP status codes that should be retried. # If not set default to [503] (list value) #retriable_status_codes = # DEPRECATED: Client retries in the case of a failed request. # (integer value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by status_code_retries and # status_code_retry_delay. #retries = 3 # The default service_name for endpoint URL discovery. (string # value) #service_name = # The default service_type for endpoint URL discovery. (string # value) #service_type = volumev3 # Log requests to multiple loggers. (boolean value) #split_loggers = false # The maximum number of retries that should be attempted for # retriable HTTP status codes. (integer value) #status_code_retries = # Delay (in seconds) between two retries for retriable status # codes. If not set, exponential retry starting with 0.5 # seconds up to a maximum of 60 seconds is used. (floating # point value) #status_code_retry_delay = # Scope for system operations (string value) #system_scope = # Tenant ID (string value) #tenant_id = # Tenant Name (string value) #tenant_name = # Timeout value for http requests (integer value) #timeout = # ID of the trust to use as a trustee use (string value) #trust_id = # User's domain id (string value) #user_domain_id = # User's domain name (string value) #user_domain_name = # User id (string value) #user_id = # Username (string value) # Deprecated group/name - [cinder]/user_name #username = # List of interfaces, in order of preference, for endpoint # URL. (list value) #valid_interfaces = internal,public # Minimum Major API version within a given Major API version # for endpoint URL discovery. Mutually exclusive with # min_version and max_version (string value) #version = [conductor] # # From ironic # # The size of the workers thread pool. Note that 2 threads # will be reserved by the conductor itself for handling heart # beats and periodic tasks. On top of that, # `sync_power_state_workers` will take up to 7 threads with # the default value of 8. (integer value) # Minimum value: 3 #workers_pool_size = 300 # The percentage of the whole workers pool that will be kept # for API requests and other important tasks. This part of the # pool will not be used for periodic tasks or agent # heartbeats. Set to 0 to disable. (integer value) # Minimum value: 0 # Maximum value: 50 #reserved_workers_pool_percentage = 5 # Seconds between conductor heart beats. (integer value) #heartbeat_interval = 10 # Maximum time (in seconds) since the last check-in of a # conductor. A conductor is considered inactive when this time # has been exceeded. (integer value) # Maximum value: 315576000 # Note: This option can be changed without restarting. #heartbeat_timeout = 60 # Interval between syncing the node power state to the # database, in seconds. Set to 0 to disable syncing. (integer # value) #sync_power_state_interval = 120 # Interval between checks of provision timeouts, in seconds. # Set to 0 to disable checks. (integer value) # Minimum value: 0 #check_provision_state_interval = 60 # Interval (seconds) between checks of rescue timeouts. # (integer value) # Minimum value: 1 #check_rescue_state_interval = 60 # Interval between checks of orphaned allocations, in seconds. # Set to 0 to disable checks. (integer value) # Minimum value: 0 #check_allocations_interval = 60 # Interval between cleaning up image caches, in seconds. Set # to 0 to disable periodic clean-up. (integer value) # Minimum value: 0 #cache_clean_up_interval = 3600 # Whether to clear cached instance images when deployment # fails or aborted. When enabled, cached images are removed # during deployment failure state transitions. When disabled # (default), cached images are preserved for retry attempts # and will be cleaned up eventually via periodic cache cleanup # based on the defined TTL. (boolean value) # Note: This option can be changed without restarting. #clear_image_cache_on_deploy_failure = false # Timeout (seconds) to wait for a callback from a deploy # ramdisk. Set to 0 to disable timeout. (integer value) # Minimum value: 0 #deploy_callback_timeout = 1800 # During sync_power_state, should the hardware power state be # set to the state recorded in the database (True) or should # the database be updated based on the hardware state (False). # (boolean value) # Note: This option can be changed without restarting. #force_power_state_during_sync = true # During sync_power_state failures, limit the number of times # Ironic should try syncing the hardware node power state with # the node power state in DB (integer value) #power_state_sync_max_retries = 3 # The maximum number of worker threads that can be started # simultaneously to sync nodes power states from the periodic # task. (integer value) # Minimum value: 1 #sync_power_state_workers = 8 # Maximum number of worker threads that can be started # simultaneously by a periodic task. Should be less than RPC # thread pool size. (integer value) #periodic_max_workers = 8 # Number of attempts to grab a node lock. (integer value) #node_locked_retry_attempts = 3 # Seconds to sleep between node lock attempts. (integer value) #node_locked_retry_interval = 1 # When conductors join or leave the cluster, existing # conductors may need to update any persistent local state as # nodes are moved around the cluster. This option controls how # often, in seconds, each conductor will check for nodes that # it should "take over". Set it to 0 (or a negative value) to # disable the check entirely. (integer value) #sync_local_state_interval = 180 # Name of the Swift container to store config drive data. Used # when configdrive_use_object_store is True. (string value) #configdrive_swift_container = ironic_configdrive_container # The timeout (in seconds) after which a configdrive temporary # URL becomes invalid. Defaults to deploy_callback_timeout if # it is set, otherwise to 1800 seconds. Used when # configdrive_use_object_store is True. (integer value) # Minimum value: 60 #configdrive_swift_temp_url_duration = # Timeout (seconds) for waiting for node inspection. 0 - # unlimited. (integer value) # Minimum value: 0 #inspect_wait_timeout = 1800 # Enables or disables automated cleaning. Automated cleaning # is a configurable set of steps, such as erasing disk drives, # that are performed on the node to ensure it is in a baseline # state and ready to be deployed to. This is done after # instance deletion as well as during the transition from a # "manageable" to "available" state. When enabled, the # particular steps performed to clean a node depend on which # driver that node is managed by; see the individual driver's # documentation for details. (boolean value) # Note: This option can be changed without restarting. #automated_clean = true # Determines how automated_cleaning is performed; the default, # 'autogenerated' collects steps from hardware interfaces, # then ordering by priority; 'runbook' requires a runbook to # be specified in config or driver_info, which is then used to # clean thenode; 'hybrid' uses a runbook if available, and # falls-back to autogenerated cleaning steps if not. (string # value) # Possible values: # autogenerated - Collects steps from hardware interfaces and # orders by priority. This provides the original Ironic # cleaning behavior originally implemented in Kilo. # runbook - Runs cleaning via a runbook specified in # configuration or node driver_info. If a runbook is not # specified while automated_clean is enabled, cleaning will # fail. # hybrid - Runs cleaning via a runbook if one is specified in # configuration or node driver_info. If a runbook is not # specified while automated_clean is enabled, Ironic will # fallback to 'autogenerated' cleaning steps. # Note: This option can be changed without restarting. #automated_cleaning_step_source = autogenerated # If set and [conductor]/automated_clean_step_source is set to # 'hybrid' or 'runbook', the runbook UUID or name provided # here will be used during automated_cleaning for nodes which # do not have a resource_class-specific runbook or runbook set # in driver_info. (string value) # Note: This option can be changed without restarting. #automated_cleaning_runbook = # A dictionary of key-value pairs of node resource_class and # runbook UUID or name which will be used to clean the node if # [conductor]automated_clean_step_source is set to 'hybrid' or # 'runbook' and a more specific runbook has not been # configured in driver_info. (dict value) # Note: This option can be changed without restarting. #automated_cleaning_runbook_by_resource_class = # When enabled, allows an administrator to configure a runbook # in node['driver_info']['cleaning_runbook'] to use for that # node when [conductor]automated_clean_step_source is set to # 'hybrid' or 'runbook'. NOTE: This will permit any user with # access to edit node['driver_info'] to circumvent cleaning. # (boolean value) # Note: This option can be changed without restarting. #automated_cleaning_runbook_from_node = false # When enabled, this option requires validation of a runbook # before it's used for automated cleaning. Nodes configured # with a runbook that is not validated for use via trait # matching will fail to clean. (boolean value) # Note: This option can be changed without restarting. #automated_cleaning_runbook_validate_traits = true # Whether to allow nodes to enter or undergo deploy or # cleaning when in maintenance mode. If this option is set to # False, and a node enters maintenance during deploy or # cleaning, the process will be aborted after the next # heartbeat. Automated cleaning or making a node available # will also fail. If True (the default), the process will # begin and will pause after the node starts heartbeating. # Moving it from maintenance will make the process continue. # (boolean value) # Note: This option can be changed without restarting. #allow_provisioning_in_maintenance = true # Timeout (seconds) to wait for a callback from the ramdisk # doing the cleaning. If the timeout is reached the node will # be put in the "clean failed" provision state. Set to 0 to # disable timeout. (integer value) # Minimum value: 0 #clean_callback_timeout = 1800 # Timeout (seconds) to wait for a callback from the ramdisk # doing the servicing. If the timeout is reached the node will # be put in the "service failed" provision state. Set to 0 to # disable timeout. (integer value) # Minimum value: 0 #service_callback_timeout = 1800 # Timeout (seconds) to wait for a callback from the rescue # ramdisk. If the timeout is reached the node will be put in # the "rescue failed" provision state. Set to 0 to disable # timeout. (integer value) # Minimum value: 0 #rescue_callback_timeout = 1800 # Timeout (in seconds) of soft reboot and soft power off # operation. This value always has to be positive. (integer # value) # Minimum value: 1 # Note: This option can be changed without restarting. #soft_power_off_timeout = 600 # Number of seconds to wait for power operations to complete, # i.e., so that a baremetal node is in the desired power # state. If timed out, the power operation is considered a # failure. (integer value) # Minimum value: 2 # Note: This option can be changed without restarting. #power_state_change_timeout = 60 # Interval (in seconds) between checking the power state for # nodes previously put into maintenance mode due to power # synchronization failure. A node is automatically moved out # of maintenance mode once its power state is retrieved # successfully. Set to 0 to disable this check. (integer # value) # Minimum value: 0 #power_failure_recovery_interval = 300 # Name of the conductor group to join. Can be up to 255 # characters and is case insensitive. This conductor will only # manage nodes with a matching "conductor_group" field set on # the node. (string value) #conductor_group = # Allow deleting nodes which are in state 'available'. # (boolean value) # Note: This option can be changed without restarting. #allow_deleting_available_nodes = true # Whether to enable publishing the baremetal API endpoint via # multicast DNS. (boolean value) #enable_mdns = false # Glance ID, http:// or file:// URL of the kernel of the # default deploy image. (string value) # Note: This option can be changed without restarting. #deploy_kernel = # Glance ID, http:// or file:// URL of the initramfs of the # default deploy image. (string value) # Note: This option can be changed without restarting. #deploy_ramdisk = # A dictionary of key-value pairs of each architecture with # the Glance ID, http:// or file:// URL of the kernel of the # default deploy image. (dict value) # Note: This option can be changed without restarting. #deploy_kernel_by_arch = # A dictionary of key-value pairs of each architecture with # the Glance ID, http:// or file:// URL of the initramfs of # the default deploy image. (dict value) # Note: This option can be changed without restarting. #deploy_ramdisk_by_arch = # Glance ID, http:// or file:// URL of the kernel of the # default rescue image. (string value) # Note: This option can be changed without restarting. #rescue_kernel = # Glance ID, http:// or file:// URL of the initramfs of the # default rescue image. (string value) # Note: This option can be changed without restarting. #rescue_ramdisk = # A dictionary of key-value pairs of each architecture with # the Glance ID, http:// or file:// URL of the kernel of the # default rescue image. (dict value) # Note: This option can be changed without restarting. #rescue_kernel_by_arch = # A dictionary of key-value pairs of each architecture with # the Glance ID, http:// or file:// URL of the initramfs of # the default rescue image. (dict value) # Note: This option can be changed without restarting. #rescue_ramdisk_by_arch = # Password hash algorithm to be used for the rescue password. # (string value) # Possible values: # sha256 - # sha512 - # Note: This option can be changed without restarting. #rescue_password_hash_algorithm = sha256 # Option to cause the conductor to not fallback to an un- # hashed version of the rescue password, permitting rescue # with older ironic-python-agent ramdisks. (boolean value) # Note: This option can be changed without restarting. #require_rescue_password_hashed = true # Glance ID, http:// or file:// URL of the EFI system # partition image containing EFI boot loader. This image will # be used by ironic when building UEFI-bootable ISO out of # kernel and ramdisk. Required for UEFI boot from partition # images. Can be overridden per-architecture using the # bootloader_by_arch option. (string value) # Note: This option can be changed without restarting. #bootloader = # Priority to run automated clean steps for both in-band and # out of band clean steps, provided in # interface.step_name:priority format, e.g. # deploy.erase_devices_metadata:123. The option can be # specified multiple times to define priorities for multiple # steps. If set to 0, this specific step will not run during # cleaning. If unset for an inband clean step, will use the # priority set in the ramdisk. (dict value) #clean_step_priority_override = # Boolean value, default True, if node event history is to be # recorded. Errors and other noteworthy events in relation to # a node are journaled to a database table which incurs some # additional load. A periodic task does periodically remove # entries from the database. Please note, if this is disabled, # the conductor will continue to purge entries as long as # [conductor]node_history_cleanup_batch_count is not 0. # (boolean value) # Note: This option can be changed without restarting. #node_history = true # Maximum number of history entries which will be stored in # the database per node. This setting excludes the minimum # number of days retained using the # [conductor]node_history_minimum_days setting. (integer # value) # Minimum value: 0 # Note: This option can be changed without restarting. #node_history_max_entries = 300 # Interval in seconds at which node history entries can be # cleaned up in the database. Setting to 0 disables the # periodic task. (integer value) # Minimum value: 0 #node_history_cleanup_interval = 86400 # The target number of node history records to purge from the # database when performing clean-up. Deletes are performed by # node, and a node with excess records for a node will still # be deleted. Operators who find node history building up may # wish to lower this threshold and decrease the time between # cleanup operations using the # ``node_history_cleanup_interval`` setting. (integer value) # Minimum value: 0 #node_history_cleanup_batch_count = 1000 # The minimum number of days to explicitly keep on hand in the # database history entries for nodes. This is exclusive from # the [conductor]node_history_max_entries setting as users of # this setting are anticipated to need to retain history by # policy. (integer value) # Minimum value: 0 # Note: This option can be changed without restarting. #node_history_minimum_days = 0 # Interval in seconds at which stale conductor entries can be # cleaned up from the database. Setting to 0 disables the # periodic task. (integer value) # Minimum value: 0 #conductor_cleanup_interval = 86400 # Timeout in seconds after which offline conductors are # considered stale and can be cleaned up from the database. # THis is always required to be at least 3x larger than # [conductor]heartbeat_timeout since if otherwise, active # conductors might be mistakenly removed from the database. # (integer value) # Minimum value: 60 # Note: This option can be changed without restarting. #conductor_cleanup_timeout = 1209600 # The maximum number of stale conductor records to clean up # from the database in a single cleanup operation. (integer # value) # Minimum value: 1 # Note: This option can be changed without restarting. #conductor_cleanup_batch_size = 50 # Priority to run automated verify steps provided in # interface.step_name:priority format,e.g. # management.clear_job_queue:123. The option can be specified # multiple times to define priorities for multiple steps. If # set to 0, this specific step will not run during # verification. (dict value) # Note: This option can be changed without restarting. #verify_step_priority_override = # DEPRECATED: Deprecated. If Ironic should set the node.lessee # field at deployment. Use # ['conductor']/automatic_lessee_source instead. (boolean # value) # Note: This option can be changed without restarting. # This option is deprecated for removal. # Its value may be silently ignored in the future. #automatic_lessee = true # Source for Project ID the Ironic should record at deployment # time in node.lessee field. If set to none, Ironic will not # set a lessee field. If set to instance (default), uses # Project ID indicated in instance metadata set by Nova or # another external deployment service. If set to keystone, # Ironic uses Project ID indicated by Keystone context. # (string value) # Possible values: # instance - Populates node.lessee field using metadata from # node.instance_info['project_id'] at deployment time. Useful # for Nova-fronted deployments. # request - Populates node.lessee field using metadata from # request context. Only useful for direct deployment requests # to Ironic; not those proxied via an external service like # Nova. # none - Ironic will not populate the node.lessee field. # Note: This option can be changed without restarting. #automatic_lessee_source = instance # The maximum number of concurrent nodes in deployment which # are permitted in this Ironic system. If this limit is # reached, new requests will be rejected until the number of # deployments in progress is lower than this maximum. As this # is a security mechanism requests are not queued, and this # setting is a global setting applying to all requests this # conductor receives, regardless of access rights. The # concurrent deployment limit cannot be disabled. (integer # value) # Minimum value: 1 # Note: This option can be changed without restarting. #max_concurrent_deploy = 250 # The maximum number of concurrent nodes in cleaning which are # permitted in this Ironic system. If this limit is reached, # new requests will be rejected until the number of nodes in # cleaning is lower than this maximum. As this is a security # mechanism requests are not queued, and this setting is a # global setting applying to all requests this conductor # receives, regardless of access rights. The concurrent clean # limit cannot be disabled. (integer value) # Minimum value: 1 # Note: This option can be changed without restarting. #max_concurrent_clean = 50 # If True power off nodes in the ``clean failed`` state. # Default False. Option may be unsafe when using Cleaning to # perform hardware-transformative actions such as firmware # upgrade. (boolean value) #poweroff_in_cleanfail = false # If True power off nodes in the ``service failed`` state. # Default False. Option may be unsafe when using service to # perform hardware-transformative actions such as firmware # upgrade. (boolean value) #poweroff_in_servicefail = false # This option allows child node steps to not error if the # resulting step execution returned a "wait" state. Under # normal conditions, child nodes are not expected to request a # wait state. This option exists for operators to use if # needed to perform specific tasks where this is known # acceptable. Use at yourown risk! (boolean value) # Note: This option can be changed without restarting. #permit_child_node_step_async_result = false # The maximum number of seconds which a step can be requested # to explicitly sleep or wait. This value should be changed # sparingly as it holds a conductor thread and if used across # many nodes at once can exhaust a conductor's resources. # Thiscapability has a hard coded maximum wait of 1800 # seconds, or 30 minutes. If you need to wait longer than the # maximum value, we recommend exploring hold steps. (integer # value) # Minimum value: 0 # Maximum value: 1800 # Note: This option can be changed without restarting. #max_conductor_wait_step_seconds = 30 # Specifies a list of boot modes that are not allowed during # deployment. Eg: ['bios'] (list value) # Note: This option can be changed without restarting. #disallowed_deployment_boot_modes = # Security Option to permit an operator to disable file # content inspections. Under normal conditions, the conductor # will inspect requested image contents which are transferred # through the conductor. Disabling this option is not # advisable and opens the risk of unsafe images being # processed which may allow an attacker to leverage unsafe # features in various disk image formats to perform a variety # of unsafe and potentially compromising actions. This option # is *not* mutable, and requires a service restart to change. # (boolean value) #disable_deep_image_inspection = false # Security Option to enable the conductor to *always* inspect # the image content of any requested deploy, even if the # deployment would have normally bypassed the conductor's # cache. When this is set to False, the Ironic-Python-Agent is # responsible for any necessary image checks. Setting this to # True will result in a higher utilization of resources (disk # space, network traffic) as the conductor will evaluate *all* # images. This option is *not* mutable, and requires a service # restart to change. This option requires # [conductor]disable_deep_image_inspection to be set to False. # (boolean value) #conductor_always_validates_images = false # The supported list of image formats which are permitted for # deployment with Ironic. If an image format outside of this # list is detected, the image validation logic will fail the # deployment process. (list value) # Note: This option can be changed without restarting. #permitted_image_formats = raw,gpt,qcow2,iso # DEPRECATED: Deprecated Security option: In the default case, # image files have their checksums verified before undergoing # additional conductor side actions such as image conversion. # Enabling this option opens the risk of files being replaced # at the source without the user's knowledge. (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #disable_file_checksum = false # Security option: By default Ironic will attempt to retrieve # a remote checksum file via HTTP(S) URL in order to validate # an image download. This is functionality aligning with # ironic-python-agent support for standalone users. Disabling # this functionality by setting this option to True will # create a more secure environment, however it may break users # in an unexpected fashion. (boolean value) #disable_support_for_checksum_files = false # Option to enable disabling transparent decompression of # files which are compressed with Zstandard compression. This # option is provided should operators wish to disable this # functionality, otherwise it is automatically applied by the # conductor should a compressed artifact be detected. (boolean # value) #disable_zstandard_decompression = false # List of paths that are allowed to be used as file:// URLs. # Files in /boot, /dev, /etc, /proc, /sys and othersystem # paths are always disallowed for security reasons. Any files # in this path readable by ironic may be used as an image # source when deploying. Setting this value to "" (empty) # disables file:// URL support. Paths listed here are # validated as absolute paths and will be rejectedif they # contain path traversal mechanisms, such as "..". (list # value) #file_url_allowed_paths = /var/lib/ironic,/shared/html,/templates,/opt/cache/files,/vagrant # Specify a timeout after which a gracefully shutdown # conductor will exit. Zero value means endless wait. (integer # value) #graceful_shutdown_timeout = 60 # Bootloader ESP image parameter per node architecture. For # example: x86_64:bootx64.efi,aarch64:grubaa64.efi. A node's # cpu_arch property is used as the key to get the appropriate # bootloader ESP image. If the node's cpu_arch is not in the # dictionary, the [conductor]bootloader value will be used # instead. (dict value) #bootloader_by_arch = # Option to disable operations which check and potentially fix # up configuration drive contents, such as invalid network # metadata values. When these issues are detected, and Ironic # is able to correct the data, Ironic will do so # transparently. Setting this option to True will disable this # functionality. (boolean value) # Note: This option can be changed without restarting. #disable_configdrive_check = false # Option to disable consideration of supplied # network_data.json link MTU values as basis to regenerate the # supplied metadata. (boolean value) # Note: This option can be changed without restarting. #disable_metadata_mtu_check = false # Option to determine if Ironic should fail to boot ramdisk in # situations where configuration is ambiguous.e.g. if # node[driver_info] contains an override for deploy_ramdisk # but not deploy_kernel when ambiguous. When set to True, # Ironic will raise and fail the provisioning action that # required a ramdisk and kernel. When set to False, Ironic # will fallback to the next valid, consistent configured # ramdisk and kernel for the node. (boolean value) # Note: This option can be changed without restarting. #error_on_ramdisk_config_inconsistency = false # When True, the conductor writes a Node History entry at the # start and end of every cleaning/servicing/deploy-steps flow. # Disable this in very high-churn environments to reduce DB # load. (boolean value) #record_step_flows_in_history = true # Log steps at the start/end of cleaning/servicing/deployment # to the conductor service log (WARNING for aborted/failure, # INFO otherwise. (boolean value) #log_step_flows_to_syslog = false # Enables Trait Based Networking (TBN) feature if True. When # enabled, will apply traits defined in the TBN configuration # file to networking actions when building instances with # relevant traits defined. When False the prior behavior of # mapping ports by physical_network is maintained. (boolean # value) #enable_trait_based_networking = false # The location of the configuration file for trait based # configuration. Ironic will load this configuration file if # TBN is enabled and apply the traits defined when building # and attaching networks to node instances. Ironic will also # reload this file if it detects the file has changed. (string # value) #trait_based_networking_config_file = /etc/ironic/trait_based_networking.yaml # Enable automatic hardware health monitoring for nodes. When # enabled, the conductor will periodically query the # management interface of nodes during power state # synchronization to retrieve hardware health status from the # BMC. Health information is stored in the node.health field # and changes are recorded in node history. Drivers that do # not support health monitoring are automatically skipped. # Note: this adds one additional BMC query per node during # each power sync cycle, which may impact performance in large # deployments. (boolean value) # Note: This option can be changed without restarting. #enable_health_monitoring = true [console] # # From ironic # # Path to serial console terminal program. Used only by Shell # In A Box console. (string value) #terminal = shellinaboxd # Directory containing the terminal SSL cert (PEM) for serial # console access. Used only by Shell In A Box console. (string # value) #terminal_cert_dir = # Directory for holding terminal pid files. If not specified, # the temporary directory will be used. (string value) #terminal_pid_dir = # Timeout (in seconds) for the terminal session to be closed # on inactivity. Set to 0 to disable timeout. Used only by # Socat console. (integer value) # Minimum value: 0 #terminal_timeout = 600 # Time interval (in seconds) for checking the status of # console subprocess. (integer value) #subprocess_checking_interval = 1 # Time (in seconds) to wait for the console subprocess to # start. (integer value) #subprocess_timeout = 10 # Time (in seconds) to wait for the console subprocess to exit # before sending SIGKILL signal. (integer value) #kill_timeout = 1 # IP address of Socat service running on the host of ironic # conductor. Used only by Socat console. (IP address value) #socat_address = $my_ip # A range of ports available to be used for the console proxy # service running on the host of ironic conductor, in the form # of : or comma-separated ranges like # :,:. This option is used by both # Shellinabox and Socat console (list value) # # This option has a sample default set, which means that # its actual default value may vary from the one documented # below. #port_range = 10000:20000 [cors] # # From oslo.middleware.cors # # Indicate whether this resource may be shared with the domain # received in the requests "origin" header. Format: # "://[:]", no trailing slash. Example: # https://horizon.example.com (list value) #allowed_origin = # Indicate that the actual request can include user # credentials (boolean value) #allow_credentials = true # Indicate which headers are safe to expose to the API. # Defaults to HTTP Simple Headers. (list value) #expose_headers = # Maximum cache age of CORS preflight requests. (integer # value) #max_age = 3600 # Indicate which methods can be used during the actual # request. (list value) #allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH # Indicate which header field names may be used during the # actual request. (list value) #allow_headers = [database] # # From ironic # # MySQL engine to use. (string value) #mysql_engine = InnoDB # If SQLite database operation retry logic is enabled or not. # Enabled by default. (boolean value) #sqlite_retries = true # Maximum number of seconds to retry SQLite database locks, # after which the original exception will be returned to the # caller. This does not presently apply to internal node lock # release actions and DB actions centered around the # completion of tasks. (integer value) #sqlite_max_wait_for_retry = 10 # # From oslo.db # # If True, SQLite uses synchronous mode. (boolean value) #sqlite_synchronous = true # The back end to use for the database. (string value) #backend = sqlalchemy # The SQLAlchemy connection string to use to connect to the # database. (string value) #connection = # The SQLAlchemy connection string to use to connect to the # slave database. (string value) #slave_connection = # The SQLAlchemy asyncio connection string to use to connect # to the database. (string value) #asyncio_connection = # The SQLAlchemy asyncio connection string to use to connect # to the slave database. (string value) #asyncio_slave_connection = # Whether or not to assume a reader context needs to guarantee # it can read data committed by a writer assuming replication # lag is present; defaults to True. When False, a reader # context works the same as async_reader and will select the # slave database if present. When using a galera cluster, this # can be set to False only if you set mysql_wsrep_sync_wait to # 1 (this will guarantee that the reader will wait until # writesets are committed).Note that this may incur a # performance degradation within the galera cluster. Note also # that this parameter has no effect if you do not set any # slave_connection. (boolean value) #synchronous_reader = true # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To # use whatever SQL mode is set by the server configuration, # set this to no value. Example: mysql_sql_mode= (string # value) #mysql_sql_mode = TRADITIONAL # For Galera only, configure wsrep_sync_wait causality checks # on new connections. Default is None, meaning don't # configure any setting. (integer value) #mysql_wsrep_sync_wait = # Connections which have been present in the connection pool # longer than this number of seconds will be replaced with a # new one the next time they are checked out from the pool. # (integer value) #connection_recycle_time = 3600 # Maximum number of SQL connections to keep open in a pool. # Setting a value of 0 indicates no limit. (integer value) #max_pool_size = 5 # Maximum number of database connection retries during # startup. Set to -1 to specify an infinite retry count. # (integer value) #max_retries = 10 # Interval between retries of opening a SQL connection. # (integer value) #retry_interval = 10 # If set, use this value for max_overflow with SQLAlchemy. # (integer value) #max_overflow = 50 # Verbosity of SQL debugging information: 0=None, # 100=Everything. (integer value) # Minimum value: 0 # Maximum value: 100 #connection_debug = 0 # Add Python stack traces to SQL as comment strings. (boolean # value) #connection_trace = false # If set, use this value for pool_timeout with SQLAlchemy. # (integer value) #pool_timeout = # Enable the experimental use of database reconnect on # connection lost. (boolean value) #use_db_reconnect = false # Seconds between retries of a database transaction. (integer # value) #db_retry_interval = 1 # If True, increases the interval between retries of a # database operation up to db_max_retry_interval. (boolean # value) #db_inc_retry_interval = true # If db_inc_retry_interval is set, the maximum seconds between # retries of a database operation. (integer value) #db_max_retry_interval = 10 # Maximum retries in case of connection error or deadlock # error before error is raised. Set to -1 to specify an # infinite retry count. (integer value) #db_max_retries = 20 # Optional URL parameters to append onto the connection URL at # connect time; specify as param1=value1¶m2=value2&... # (string value) #connection_parameters = [deploy] # # From ironic # # ironic-conductor node's HTTP server URL. Example: # http://192.1.2.3:8080 (uri value) #http_url = # ironic-conductor node's HTTP root path. (string value) #http_root = /httpboot # Used to select authentication strategy against the image # hosting HTTP(S) server. When set to http_basic it enables # HTTP(S) Basic Authentication. Exception is thrown in case of # missing credentials. When this option has a valid value such # as http_basic, the same single set of credentials will be # used against all user-image sources! Currently only the # http_basic option has any functionality. (string value) # Possible values: # noauth - No authentication # http_basic - HTTP Basic authentication # Note: This option can be changed without restarting. #image_server_auth_strategy = noauth # Can be used by any authentication strategy that requires # username credential. Currently utilized by the http_basic # authentication strategy. (string value) # Note: This option can be changed without restarting. #image_server_user = # Can be used by any authentication strategy that requires # password credential. Currently utilized by the http_basic # authentication strategy. (string value) # Note: This option can be changed without restarting. #image_server_password = # URL of the ironic-conductor node's HTTP server for boot # methods such as virtual media, where images could be served # outside of the provisioning network. Does not apply when # Swift is used. Defaults to http_url. (uri value) #external_http_url = # Agent callback URL of the bare metal API for boot methods # such as virtual media, where images could be served outside # of the provisioning network. Defaults to the configuration # from [service_catalog]. (uri value) #external_callback_url = # Whether to support the use of ATA Secure Erase during the # cleaning process. (boolean value) # Note: This option can be changed without restarting. #enable_ata_secure_erase = true # Whether to support the use of NVMe Secure Erase during the # cleaning process. Currently nvme-cli format command is # supported with user-data and crypto modes, depending on # device capabilities. (boolean value) # Note: This option can be changed without restarting. #enable_nvme_secure_erase = true # Priority to run in-band erase devices via the Ironic Python # Agent ramdisk. If unset, will use the priority set in the # ramdisk (defaults to 10 for the GenericHardwareManager). If # set to 0, will not run during cleaning. (integer value) # Note: This option can be changed without restarting. #erase_devices_priority = # Priority to run in-band clean step that erases metadata from # devices, via the Ironic Python Agent ramdisk. If unset, will # use the priority set in the ramdisk (defaults to 99 for the # GenericHardwareManager). If set to 0, will not run during # cleaning. (integer value) # Note: This option can be changed without restarting. #erase_devices_metadata_priority = # Priority to run in-band clean step that erases RAID # configuration from devices, via the Ironic Python Agent # ramdisk. If unset, will use the priority set in the ramdisk # (defaults to 0 for the GenericHardwareManager). If set to 0, # will not run during cleaning. (integer value) # Note: This option can be changed without restarting. #delete_configuration_priority = # Priority to run in-band clean step that creates RAID # configuration from devices, via the Ironic Python Agent # ramdisk. If unset, will use the priority set in the ramdisk # (defaults to 0 for the GenericHardwareManager). If set to 0, # will not run during cleaning. (integer value) # Note: This option can be changed without restarting. #create_configuration_priority = # During shred, overwrite all block devices N times with # random data. This is only used if a device could not be ATA # Secure Erased. (integer value) # Minimum value: 0 # Note: This option can be changed without restarting. #shred_random_overwrite_iterations = 1 # Whether to write zeros to a node's block devices after # writing random data. This will write zeros to the device # even when deploy.shred_random_overwrite_iterations is 0. # This option is only used if a device could not be ATA Secure # Erased. (boolean value) # Note: This option can be changed without restarting. #shred_final_overwrite_with_zeros = true # Defines what to do if a secure erase operation (NVMe or ATA) # fails during cleaning in the Ironic Python Agent. If False, # the cleaning operation will fail and the node will be put in # ``clean failed`` state. If True, shred will be invoked and # cleaning will continue. (boolean value) # Note: This option can be changed without restarting. #continue_if_disk_secure_erase_fails = false # Defines the target pool size used by Ironic Python Agent # ramdisk to erase disk devices. The number of threads created # to erase disks will not exceed this value or the number of # disks to be erased. (integer value) # Minimum value: 1 # Note: This option can be changed without restarting. #disk_erasure_concurrency = 4 # Whether to power off a node after deploy failure. (boolean # value) # Note: This option can be changed without restarting. #power_off_after_deploy_failure = true # Default boot mode to use when no boot mode is requested in # node's driver_info, capabilities or in the `instance_info` # configuration. Currently the default boot mode is "uefi", # but it was "bios" previously in Ironic. It is recommended to # set an explicit value for this option, and if the setting or # default differs from nodes, to ensure that nodes are # configured specifically for their desired boot mode. (string # value) # Possible values: # uefi - UEFI boot mode # bios - Legacy BIOS boot mode # Note: This option can be changed without restarting. #default_boot_mode = uefi # Whether to upload the config drive to object store. Set this # option to True to store config drive in a swift endpoint. # (boolean value) # Note: This option can be changed without restarting. # Deprecated group/name - [conductor]/configdrive_use_swift #configdrive_use_object_store = false # The name of subdirectory under ironic-conductor node's HTTP # root path which is used to place instance images for the # direct deploy interface, when local HTTP service is # incorporated to provide instance image instead of swift # tempurls. (string value) #http_image_subdir = agent_images # Whether to allow deployment agents to perform lookup, # heartbeat operations during initial states of a machine # lifecycle and by-pass the normal setup procedures for a # ramdisk. This feature also enables power operations which # are part of deployment processes to be bypassed if the # ramdisk has performed a heartbeat operation using the # fast_track_timeout setting. (boolean value) # Note: This option can be changed without restarting. #fast_track = false # Seconds for which the last heartbeat event is to be # considered valid for the purpose of a fast track sequence. # This setting should generally be less than the number of # seconds for "Power-On Self Test" and typical ramdisk start- # up. This value should not exceed the # [api]ramdisk_heartbeat_timeout setting. (integer value) # Minimum value: 0 # Maximum value: 300 # Note: This option can be changed without restarting. #fast_track_timeout = 300 # If the ironic-python-agent should skip read-only devices # when running the "erase_devices" clean step where block # devices are zeroed out. This requires ironic-python-agent # 6.0.0 or greater. By default a read-only device will cause # non-metadata based cleaning operations to fail due to the # possible operational security risk of data being retained # between deployments of the bare metal node. (boolean value) # Note: This option can be changed without restarting. #erase_skip_read_only = false # Specifies whether a boot iso image should be served from its # own original location using the image source url directly, # or if ironic should cache the image on the conductor and # serve it from ironic's own http server. (string value) # Possible values: # http - In case the ramdisk is already a bootable iso, using # this option it will be directly provided by an external HTTP # service using its full url. # local - This is the default behavior. The image is # downloaded, prepared and cached locally, to be served from # the conductor. # swift - Same as "http", but if the image is a Glance UUID, # it is exposed via a Swift temporary URL. # Note: This option can be changed without restarting. #ramdisk_image_download_source = local # On the ironic-conductor node, directory where master ISO # images are stored on disk. Setting to the empty string # disables image caching. (string value) #iso_master_path = /var/lib/ironic/master_iso_images # Maximum size (in MiB) of cache for master ISO images, # including those in use. (integer value) #iso_cache_size = 20480 # Maximum TTL (in minutes) for old master ISO images in cache. # (integer value) #iso_cache_ttl = 10080 [dhcp] # # From ironic # # DHCP provider to use. "neutron" uses Neutron, "dnsmasq" uses # the Dnsmasq provider, and "none" uses a no-op provider. # (string value) #dhcp_provider = neutron [disk_utils] # # From ironic # # Memory limit for "qemu-img convert" in MiB. Implemented via # the address space resource limit. (integer value) #image_convert_memory_limit = 2048 # Number of attempts to convert an image. (integer value) #image_convert_attempts = 3 [drac] # # From ironic # # Interval (in seconds) between periodic RAID job status # checks to determine whether the asynchronous RAID # configuration was successfully finished or not. (integer # value) # Minimum value: 1 #query_raid_config_job_status_interval = 120 # Maximum amount of time (in seconds) to wait for the boot # device configuration job to transition to the correct state # to allow a reboot or power on to complete. (integer value) # Minimum value: 1 #boot_device_job_status_timeout = 30 # DEPRECATED: Maximum number of retries for the configuration # job to complete successfully. (integer value) # Minimum value: 1 # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: This option has has no effect since 26.0.0 #config_job_max_retries = 240 # Number of seconds to wait between checking for completed # import configuration task (integer value) # Minimum value: 0 #query_import_config_job_status_interval = 60 # DEPRECATED: Maximum time (in seconds) to wait for factory # reset of BIOS settings to complete. (integer value) # Minimum value: 1 # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: This option has has no effect since 26.0.0 #bios_factory_reset_timeout = 600 # Maximum time (in seconds) to wait for RAID job to complete # (integer value) # Minimum value: 1 #raid_job_timeout = 300 [errors] # # From ironic # # Used if there is a formatting error when generating an # exception message (a programming error). If True, raise an # exception; if False, use the unformatted message. (boolean # value) #fatal_exception_format_errors = false [glance] # # From ironic # # A list of URL schemes that can be downloaded directly via # the direct_url. Currently supported schemes: [file]. (list # value) #allowed_direct_url_schemes = # Authentication URL (string value) #auth_url = # Authentication type to load (string value) # Deprecated group/name - [glance]/auth_plugin #auth_type = # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) #cafile = # PEM encoded client certificate cert file (string value) #certfile = # Collect per-API call timing information. (boolean value) #collect_timing = false # The maximum number of retries that should be attempted for # connection errors. (integer value) #connect_retries = # Delay (in seconds) between two retries for connection # errors. If not set, exponential retry starting with 0.5 # seconds up to a maximum of 60 seconds is used. (floating # point value) #connect_retry_delay = # Optional domain ID to use with v3 and v2 parameters. It will # be used for both the user and project domain in v3 and # ignored in v2 authentication. (string value) #default_domain_id = # Optional domain name to use with v3 API and v2 parameters. # It will be used for both the user and project domain in v3 # and ignored in v2 authentication. (string value) #default_domain_name = # Domain ID to scope to (string value) #domain_id = # Domain name to scope to (string value) #domain_name = # Always use this endpoint URL for requests for this client. # NOTE: The unversioned endpoint should be specified here; to # request a particular API version, use the `version`, `min- # version`, and/or `max-version` options. (string value) #endpoint_override = # Verify HTTPS connections. (boolean value) #insecure = false # PEM encoded client certificate key file (string value) #keyfile = # The maximum major version of a given API, intended to be # used as the upper bound of a range with min_version. # Mutually exclusive with version. (string value) #max_version = # The minimum major version of a given API, intended to be # used as the lower bound of a range with max_version. # Mutually exclusive with version. If min_version is given # with no max_version it is as if max version is "latest". # (string value) #min_version = # Number of retries when downloading an image from glance. # (integer value) # Note: This option can be changed without restarting. #num_retries = 0 # User's password (string value) #password = # Domain ID containing project (string value) #project_domain_id = # Domain name containing project (string value) #project_domain_name = # Project ID to scope to (string value) # Deprecated group/name - [glance]/tenant_id #project_id = # Project name to scope to (string value) # Deprecated group/name - [glance]/tenant_name #project_name = # The default region_name for endpoint URL discovery. (string # value) #region_name = # List of retriable HTTP status codes that should be retried. # If not set default to [503] (list value) #retriable_status_codes = # The default service_name for endpoint URL discovery. (string # value) #service_name = # The default service_type for endpoint URL discovery. (string # value) #service_type = image # Log requests to multiple loggers. (boolean value) #split_loggers = false # The maximum number of retries that should be attempted for # retriable HTTP status codes. (integer value) #status_code_retries = # Delay (in seconds) between two retries for retriable status # codes. If not set, exponential retry starting with 0.5 # seconds up to a maximum of 60 seconds is used. (floating # point value) #status_code_retry_delay = # The account that Glance uses to communicate with Swift. The # format is "AUTH_uuid". "uuid" is the UUID for the account # configured in the glance-api.conf. For example: # "AUTH_a422b2-91f3-2f46-74b7-d7c9e8958f5d30". If not set, the # default value is calculated based on the ID of the project # used to access Swift (as set in the [swift] section). Swift # temporary URL format: # "endpoint_url/api_version/account/container/object_id" # (string value) #swift_account = # The prefix added to the project uuid to determine the swift # account. (string value) #swift_account_prefix = AUTH # The Swift API version to create a temporary URL for. Swift # temporary URL format: # "endpoint_url/api_version/account/container/object_id" # (string value) #swift_api_version = v1 # The Swift container Glance is configured to store its images # in. Defaults to "glance", which is the default in glance- # api.conf. Swift temporary URL format: # "endpoint_url/api_version/account/container/object_id" # (string value) #swift_container = glance # The "endpoint" (scheme, hostname, optional port) for the # Swift URL of the form # "endpoint_url/api_version/account/container/object_id". Do # not include trailing "/". For example, use # "https://swift.example.com". If using RADOS Gateway, # endpoint may also contain /swift path; if it does not, it # will be appended. Used for temporary URLs, will be fetched # from the service catalog, if not provided. (uri value) #swift_endpoint_url = # This should match a config by the same name in the Glance # configuration file. When set to 0, a single-tenant store # will only use one container to store all images. When set to # an integer value between 1 and 32, a single-tenant store # will use multiple containers to store images, and this value # will determine how many containers are created. (integer # value) #swift_store_multiple_containers_seed = 0 # Whether to cache generated Swift temporary URLs. Setting it # to true is only useful when an image caching proxy is used. # (boolean value) #swift_temp_url_cache_enabled = false # The length of time in seconds that the temporary URL will be # valid for. If some deploys get a 401 response code when # trying to download from the temporary URL, try raising this # duration. This value must be greater than or equal to the # value for swift_temp_url_expected_download_start_delay # (integer value) #swift_temp_url_duration = 1200 # This is the delay (in seconds) from the time of the deploy # request (when the Swift temporary URL is generated) to when # the IPA ramdisk starts up and URL is used for the image # download. This value is used to check if the Swift temporary # URL duration is large enough to let the image download # begin. Also if temporary URL caching is enabled this will # determine if a cached entry will still be valid when the # download starts. swift_temp_url_duration value must be # greater than or equal to this option's value. (integer # value) # Minimum value: 0 #swift_temp_url_expected_download_start_delay = 0 # The secret token given to Swift to allow temporary URL # downloads. Required for temporary URLs. For the Swift # backend, the key on the service project (as set in the # [swift] section) is used by default. (string value) #swift_temp_url_key = # Scope for system operations (string value) #system_scope = # Tenant ID (string value) #tenant_id = # Tenant Name (string value) #tenant_name = # Timeout value for http requests (integer value) #timeout = # ID of the trust to use as a trustee use (string value) #trust_id = # User's domain id (string value) #user_domain_id = # User's domain name (string value) #user_domain_name = # User id (string value) #user_id = # Username (string value) # Deprecated group/name - [glance]/user_name #username = # List of interfaces, in order of preference, for endpoint # URL. (list value) #valid_interfaces = internal,public # Minimum Major API version within a given Major API version # for endpoint URL discovery. Mutually exclusive with # min_version and max_version (string value) #version = [healthcheck] # # From ironic # # Enable the health check endpoint at /healthcheck. Note that # this is unauthenticated. More information is available at # https://docs.openstack.org/oslo.middleware/latest/reference/healthcheck_plugins.html. # (boolean value) #enabled = false # # From oslo.middleware.healthcheck # # Show more detailed information as part of the response. # Security note: Enabling this option may expose sensitive # details about the service being monitored. Be sure to verify # that it will not violate your security policies. (boolean # value) #detailed = false # Additional backends that can perform health checks and # report that information back as part of a request. (list # value) #backends = # A list of network addresses to limit source ip allowed to # access healthcheck information. Any request from ip outside # of these network addresses are ignored. (list value) #allowed_source_ranges = # Ignore requests with proxy headers. (boolean value) #ignore_proxied_requests = false # Check the presence of a file to determine if an application # is running on a port. Used by DisableByFileHealthcheck # plugin. (string value) #disable_by_file_path = # Check the presence of a file based on a port to determine if # an application is running on a port. Expects a "port:path" # list of strings. Used by DisableByFilesPortsHealthcheck # plugin. (list value) #disable_by_file_paths = # Check the presence of files. Used by # EnableByFilesHealthcheck plugin. (list value) #enable_by_file_paths = [ilo] # # From ironic # # Timeout (in seconds) for iLO operations (integer value) #client_timeout = 60 # Port to be used for iLO operations (port value) # Minimum value: 0 # Maximum value: 65535 #client_port = 443 # The Swift iLO container to store data. (string value) #swift_ilo_container = ironic_ilo_container # Amount of time in seconds for Swift objects to auto-expire. # (integer value) #swift_object_expiry_timeout = 900 # Set this to True to use http web server to host floppy # images and generated boot ISO. This requires http_root and # http_url to be configured in the [deploy] section of the # config file. If this is set to False, then Ironic will use # Swift to host the floppy images and generated boot_iso. # (boolean value) #use_web_server_for_images = false # Priority for reset_ilo clean step. (integer value) #clean_priority_reset_ilo = 0 # Priority for reset_bios_to_default clean step. (integer # value) #clean_priority_reset_bios_to_default = 10 # Priority for reset_secure_boot_keys clean step. This step # will reset the secure boot keys to manufacturing defaults. # (integer value) #clean_priority_reset_secure_boot_keys_to_default = 20 # Priority for clear_secure_boot_keys clean step. This step is # not enabled by default. It can be enabled to clear all # secure boot keys enrolled with iLO. (integer value) #clean_priority_clear_secure_boot_keys = 0 # Priority for reset_ilo_credential clean step. This step # requires "ilo_change_password" parameter to be updated in # nodes's driver_info with the new password. (integer value) #clean_priority_reset_ilo_credential = 30 # Amount of time in seconds to wait in between power # operations (integer value) #power_wait = 2 # Interval (in seconds) between periodic erase-devices status # checks to determine whether the asynchronous out-of-band # erase-devices was successfully finished or not. On an # average, a 300GB HDD with default pattern "overwrite" would # take approximately 9 hours and 300GB SSD with default # pattern "block" would take approx. 30 seconds to complete # sanitize disk erase. (integer value) # Minimum value: 10 #oob_erase_devices_job_status_interval = 300 # DEPRECATED: CA certificate file to validate iLO. (string # value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Its being replaced by new configuration parameter # "verify_ca". #ca_file = # CA certificate to validate iLO. This can be either a Boolean # value, a path to a CA_BUNDLE file or directory with # certificates of trusted CAs. If set to True the driver will # verify the host certificates; if False the driver will # ignore verifying the SSL certificate. If it's a path the # driver will use the specified certificate or one of the # certificates in the directory. (string value) #verify_ca = True # Default boot mode to be used in provisioning when # "boot_mode" capability is not provided in the # "properties/capabilities" of the node. The default is "auto" # for backward compatibility. When "auto" is specified, # default boot mode will be selected based on boot mode # settings on the system. (string value) # Possible values: # auto - based on boot mode settings on the system # bios - BIOS boot mode # uefi - UEFI boot mode #default_boot_mode = auto # File permission for swift-less image hosting with the octal # permission representation of file access permissions. This # setting defaults to ``644``, or as the octal number # ``0o644`` in Python. This setting must be set to the octal # number representation, meaning starting with ``0o``. # (integer value) #file_permission = 420 # Additional kernel parameters to pass down to the instance # kernel. These parameters can be consumed by the kernel or by # the applications by reading /proc/cmdline. Mind severe # cmdline size limit! Can be overridden by # `instance_info/kernel_append_params` property. (string # value) # Note: This option can be changed without restarting. #kernel_append_params = nofb vga=normal # On the ironic-conductor node, directory where ilo driver # stores the CSR and the cert. (string value) #cert_path = /var/lib/ironic/ilo/ [inspection_rules] # # From ironic # # Path to YAML file of built-in inspection rules. (string # value) # Note: This option can be changed without restarting. #built_in_rules = # Whether to mask secrets in the node information passed to # the rules. (string value) # Possible values: # always - # never - # sensitive - #mask_secrets = always [inspector] # # From ironic # # period (in seconds) to check status of nodes on inspection # (integer value) #status_check_period = 60 # If True, during managed inspection force the inspection # ramdisk to use DHCP on all available interfaces and avoid # injecting any static network configuration into the virtual # media ISO. This ensures LLDP collection across all # interfaces. (boolean value) #force_dhcp = false # extra kernel parameters to pass to the inspection ramdisk # when boot is managed by ironic. Pairs key=value separated by # spaces. (string value) #extra_kernel_params = # whether to power off a node after inspection finishes. # Ignored for nodes that have fast track mode enabled. # (boolean value) #power_off = true # DEPRECATED: endpoint to use as a callback for posting back # introspection data when boot is managed by ironic. Standard # keystoneauth options are used by default. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: This option was used by inspector inspect interface, # which was removed. #callback_endpoint_override = # require that the in-band inspection boot is fully managed by # the node's boot interface. Set this to False if your # installation has a separate (i)PXE boot environment for node # discovery or unmanaged inspection. You may need to set it to # False to inspect nodes that are not supported by boot # interfaces (e.g. because they don't have ports). (boolean # value) #require_managed_boot = true # Which MAC addresses to add as ports during inspection. # (string value) # Possible values: # all - all MAC addresses # active - MAC addresses of NICs with IP addresses # pxe - only the MAC address of the PXE NIC # disabled - do not create any ports #add_ports = pxe # Which ports (already present on a node) to keep after # inspection. (string value) # Possible values: # all - keep all ports, even ones with MAC addresses that are # not present in the inventory # present - keep only ports with MAC addresses present in the # inventory # added - keep only ports determined by the add_ports option #keep_ports = all # Whether to update the ports' pxe_enabled field according to # the inspection data. (boolean value) #update_pxe_enabled = true # A comma-separated lists of inspection hooks that are run by # default for the "agent" inspection interface. In most cases, # the operators will not modify this. The default (somewhat # conservative) hooks will raise an exception in case the # ramdisk reports an error, validate interfaces in the # inventory, create ports and set the node's cpu architecture # property. (string value) #default_hooks = ramdisk-error,validate-interfaces,ports,architecture # Comma-separated list of enabled hooks for processing # pipeline for the "agent" inspection interface. The default # for this is $default_hooks. Hooks can be added before or # after the defaults like this: # "prehook,$default_hooks,posthook". (string value) #hooks = $default_hooks # Path to the file which contains the known accelerator # devices, to be used by the "accelerators" inspection hook. # (string value) #known_accelerators = $pybasedir/drivers/modules/inspector/hooks/known_accelerators.yaml # Mapping between a CPU flag and a node capability to set if # this CPU flag is present. This configuration option is used # by the "cpu-capabilities" inspection hook. (dict value) #cpu_capabilities = aes:cpu_aes,pdpe1gb:cpu_hugepages_1g,pse:cpu_hugepages,smx:cpu_txt,svm:cpu_vt,vmx:cpu_vt # If True, refuse to parse extra data (in plugin_data) if at # least one record is too short. Additionally, remove the # incoming "data" even if parsing failed. This configuration # option is used by the "extra-hardware" inspection hook. # (boolean value) #extra_hardware_strict = false # An alias for a PCI device identified by 'vendor_id' and # 'product_id' fields. Format: {"vendor_id": "1234", # "product_id": "5678", "name": "pci_dev1"}. Use double quotes # for the keys and values. (multi valued) #pci_device_alias = # Mapping of IP subnet CIDR to physical network. When the # phyical-network inspection hook is enabled, the # "physical_network" property of corresponding baremetal ports # is populated based on this mapping. (list value) # # This option has a sample default set, which means that # its actual default value may vary from the one documented # below. #physical_network_cidr_map = 10.10.10.0/24:physnet_a,2001:db8::/64:physnet_b # Whether to leave 1 GiB of disk size untouched for # partitioning. Only has effect when used with the IPA as a # ramdisk, for older ramdisk local_gb is calculated on the # ramdisk side. This configuration option is used by the # "root-device" inspection hook. (boolean value) #disk_partitioning_spacing = true [inventory] # # From ironic # # The storage backend for storing inspection data. (string # value) # Possible values: # none - do not store inspection data # database - store in the service database # swift - store in the Object Storage (swift) #data_backend = database # The Swift container prefix to store the inspection data # (separately inventory and plugin data). (string value) #swift_data_container = introspection_data_container [ipmi] # # From ironic # # Maximum time in seconds to retry retryable IPMI operations. # (An operation is retryable, for example, if the requested # operation fails because the BMC is busy.) Setting this too # high can cause the sync power state periodic task to hang # when there are slow or unresponsive BMCs. (integer value) # Note: This option can be changed without restarting. #command_retry_timeout = 60 # Minimum time, in seconds, between IPMI operations sent to a # server. There is a risk with some hardware that setting this # too low may cause the BMC to crash. Recommended setting is 5 # seconds. (integer value) # Note: This option can be changed without restarting. #min_command_interval = 5 # When set to True and the parameters are supported by # ipmitool, the number of retries and the retry interval are # passed to ipmitool as parameters, and ipmitool will do the # retries. When set to False, ironic will retry the ipmitool # commands. Recommended setting is False (boolean value) #use_ipmitool_retries = false # Kill `ipmitool` process invoked by ironic to read node power # state if `ipmitool` process does not exit after # `command_retry_timeout` timeout expires. Recommended setting # is True. Setting to False may present an operational issue # and will result in unexpected and undesirable behavior. # (boolean value) # Note: This option can be changed without restarting. #kill_on_timeout = true # Default timeout behavior whether ironic sends a raw IPMI # command to disable the 60 second timeout for booting. # Setting this option to False will NOT send that command, the # default value is True. It may be overridden by per-node # 'ipmi_disable_boot_timeout' option in node's 'driver_info' # field. (boolean value) # Note: This option can be changed without restarting. #disable_boot_timeout = true # Additional errors ipmitool may encounter, specific to the # environment it is run in. (multi valued) # Note: This option can be changed without restarting. #additional_retryable_ipmi_errors = # Enables all ipmi commands to be executed with an additional # debugging output. This is a separate option as ipmitool can # log a substantial amount of misleading text when in this # mode. (boolean value) # Note: This option can be changed without restarting. #debug = false # Boolean flag to determine IPMI password persistence method. # When True, credentials are stored in environemnt variables, # Otherwise, credentials are stored in a file (boolean value) #store_cred_in_env = false # List of possible cipher suites versions that can be # supported by the hardware in case the field `cipher_suite` # is not set for the node. (list value) #cipher_suite_versions = [irmc] # # From ironic # # DEPRECATED: Ironic conductor node's "NFS" or "CIFS" root # path (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #remote_image_share_root = /remote_image_share_root # DEPRECATED: IP of remote image server (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #remote_image_server = # DEPRECATED: Share type of virtual media (string value) # Possible values: # CIFS - CIFS (Common Internet File System) protocol # NFS - NFS (Network File System) protocol # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #remote_image_share_type = CIFS # DEPRECATED: share name of remote_image_server (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #remote_image_share_name = share # DEPRECATED: User name of remote_image_server (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #remote_image_user_name = # DEPRECATED: Password of remote_image_user_name (string # value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #remote_image_user_password = # DEPRECATED: Domain name of remote_image_user_name (string # value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #remote_image_user_domain = # DEPRECATED: Port to be used for iRMC operations (port value) # Minimum value: 0 # Maximum value: 65535 # Possible values: # 443 - port 443 # 80 - port 80 # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #port = 443 # DEPRECATED: Authentication method to be used for iRMC # operations (string value) # Possible values: # basic - Basic authentication # digest - Digest authentication # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #auth_method = basic # DEPRECATED: Timeout (in seconds) for iRMC operations # (integer value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #client_timeout = 60 # DEPRECATED: Sensor data retrieval method. (string value) # Possible values: # ipmitool - IPMItool # scci - Fujitsu SCCI (ServerView Common Command Interface) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #sensor_method = ipmitool # DEPRECATED: SNMP protocol version (string value) # Possible values: # v1 - SNMPv1 # v2c - SNMPv2c # v3 - SNMPv3 # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #snmp_version = v2c # DEPRECATED: SNMP port (port value) # Minimum value: 0 # Maximum value: 65535 # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #snmp_port = 161 # DEPRECATED: SNMP community. Required for versions "v1" and # "v2c" (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #snmp_community = public # DEPRECATED: SNMP security name. Required for version 'v3'. # (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Use irmc_snmp_user #snmp_security = # DEPRECATED: SNMP polling interval in seconds (integer value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #snmp_polling_interval = 10 # DEPRECATED: SNMPv3 message authentication protocol ID. # Required for version 'v3'. The valid options are 'sha', # 'sha256', 'sha384' and 'sha512', while 'sha' is the only # supported protocol in iRMC S4 and S5, and from iRMC S6, # 'sha256', 'sha384' and 'sha512' are supported, but 'sha' is # not supported any more. (string value) # Possible values: # sha - Secure Hash Algorithm 1, supported in iRMC S4 and S5. # sha256 - Secure Hash Algorithm 2 with 256 bits digest, only # supported in iRMC S6. # sha384 - Secure Hash Algorithm 2 with 384 bits digest, only # supported in iRMC S6. # sha512 - Secure Hash Algorithm 2 with 512 bits digest, only # supported in iRMC S6. # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #snmp_auth_proto = sha # DEPRECATED: SNMPv3 message privacy (encryption) protocol ID. # Required for version 'v3'. 'aes' is supported. (string # value) # Possible values: # aes - Advanced Encryption Standard # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #snmp_priv_proto = aes # DEPRECATED: Priority for restore_irmc_bios_config clean # step. (integer value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #clean_priority_restore_irmc_bios_config = 0 # DEPRECATED: List of vendor IDs and device IDs for GPU device # to inspect. List items are in format vendorID/deviceID and # separated by commas. GPU inspection will use this value to # count the number of GPU device in a node. If this option is # not defined, then leave out pci_gpu_devices in capabilities # property. Sample gpu_ids value: 0x1000/0x0079,0x2100/0x0080 # (list value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #gpu_ids = # DEPRECATED: List of vendor IDs and device IDs for CPU FPGA # to inspect. List items are in format vendorID/deviceID and # separated by commas. CPU inspection will use this value to # find existence of CPU FPGA in a node. If this option is not # defined, then leave out CUSTOM_CPU_FPGA in node traits. # Sample fpga_ids value: 0x1000/0x0079,0x2100/0x0080 (list # value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #fpga_ids = # DEPRECATED: Interval (in seconds) between periodic RAID # status checks to determine whether the asynchronous RAID # configuration was successfully finished or not. Foreground # Initialization (FGI) will start 5 minutes after creating # virtual drives. (integer value) # Minimum value: 1 # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #query_raid_config_fgi_status_interval = 300 # DEPRECATED: Additional kernel parameters to pass down to the # instance kernel. These parameters can be consumed by the # kernel or by the applications by reading /proc/cmdline. Mind # severe cmdline size limit! Can be overridden by # `instance_info/kernel_append_params` property. (string # value) # Note: This option can be changed without restarting. # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #kernel_append_params = nofb vga=normal # DEPRECATED: The default verify_ca path when irmc_verify_ca # in driver_info is missing or set to True. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The iRMC driver is unmaintained and is being # deprecated. It will be removed in a future release. #verify_ca = [ironic_networking] # # From ironic # # The transport mechanism used for RPC communication. This can # be set to "json-rpc" for JSON-RPC, "oslo_messaging" for Oslo # Messaging, or "none" for no transport. (string value) # Possible values: # json-rpc - # oslo_messaging - #rpc_transport = # Path to the switch configuration file that defines switches # to be acted upon. The config file should be in INI format. # For syntax refer to the user guide. (string value) #switch_config_file = # The path to the driver configuration directory. This is used # to dynamically write driver config files that are derived # from entries in the file specified by the switch_config_file # option. This directory should not be populated with files # manually. (string value) #driver_config_dir = /var/lib/ironic/networking # A list of switch drivers to load and make available for # managing network switches. Switch drivers are loaded from # external projects via entry points in the # "ironic.networking.switch_drivers" namespace. Only drivers # listed here will be loaded and made available for use. An # empty list means no switch drivers will be loaded. (list # value) #enabled_switch_drivers = # A list of VLAN IDs that are allowed to be used for port # configuration. If not specified (None), all VLAN IDs are # allowed. If set to an empty list ([]), no VLANs are allowed. # If set to a list of values, only the specified VLAN IDs are # allowed. The list is a comma separated list of VLAN ID # values or range of values. For example, 100,101,102-104,106 # would allow VLANs 100, 101, 102, 103, 104, and 106, but not # 105. This setting can be overridden on a per-switch basis in # the switch configuration file. (list value) #allowed_vlans = # The network to use for cleaning nodes. This should be # expressed as {access|trunk}/native_vlan=VLAN_ID. Can be # overridden on a per-node basis using the driver_info # attribute and specifying this as `cleaning_network` (string # value) #cleaning_network = # The network to use for rescuing nodes. This should be # expressed as {access|trunk}/native_vlan=VLAN_ID. Can be # overridden on a per-node basis using the driver_info # attribute and specifying this as `rescuing_network` (string # value) #rescuing_network = # The network to use for provisioning nodes. This should be # expressed as {access|trunk}/native_vlan=VLAN_ID. Can be # overridden on a per-node basis using the driver_info # attribute and specifying this as `provisioning_network` # (string value) #provisioning_network = # The network to use for servicing nodes. This should be # expressed as {access|trunk}/native_vlan=VLAN_ID. Can be # overridden on a per-node basis using the driver_info # attribute and specifying this as `servicing_network` (string # value) #servicing_network = # The network to use for inspecting nodes. This should be # expressed as {access|trunk}/native_vlan=VLAN_ID. Can be # overridden on a per-node basis using the driver_info # attribute and specifying this as `inspection_network` # (string value) #inspection_network = # The network to use for initial inspecting of nodes. If # provided switch ports will be configured back to this # network whenever any of the other networks are # removed/unconfigured. This should be expressed as # {access|trunk}/native_vlan=VLAN_ID. Can be overridden on a # per-node basis using the driver_info attribute and # specifying this as `idle_network` (string value) #idle_network = [ironic_networking_json_rpc] # # From ironic # # List of roles allowed to use JSON RPC (list value) #allowed_roles = admin # Authentication URL (string value) #auth_url = # Authentication strategy used by JSON RPC. Defaults to the # global auth_strategy setting. (string value) # Possible values: # noauth - no authentication # keystone - use the Identity service for authentication # http_basic - HTTP basic authentication #auth_strategy = # Authentication type to load (string value) # Deprecated group/name - [ironic_networking_json_rpc]/auth_plugin #auth_type = # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) #cafile = # Certificate file the JSON-RPC listener will present to # clients when [json_rpc]use_ssl=True. (string value) #cert_file = # PEM encoded client certificate cert file (string value) #certfile = # Set to True to force TLS connections in the client even if # use_ssl is set to False. Only makes sense if server-side TLS # is provided outside of Ironic (e.g. with httpd acting as a # reverse proxy). (boolean value) #client_use_ssl = false # Collect per-API call timing information. (boolean value) #collect_timing = false # When debug logging is enabled, log only the request ID # instead of the full request and response for JSON RPC calls. # This reduces log verbosity while still providing some # traceability for performance analysis. (boolean value) # Note: This option can be changed without restarting. #debug_log_request_id_only = true # Optional domain ID to use with v3 and v2 parameters. It will # be used for both the user and project domain in v3 and # ignored in v2 authentication. (string value) #default_domain_id = # Optional domain name to use with v3 API and v2 parameters. # It will be used for both the user and project domain in v3 # and ignored in v2 authentication. (string value) #default_domain_name = # Domain ID to scope to (string value) #domain_id = # Domain name to scope to (string value) #domain_name = # The IP address or hostname on which JSON RPC will listen. # (host address value) #host_ip = :: # Path to Apache format user authentication file used when # auth_strategy=http_basic (string value) #http_basic_auth_user_file = /etc/ironic/htpasswd-json-rpc # DEPRECATED: Password to use for HTTP Basic authentication # client requests. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Use password instead #http_basic_password = # DEPRECATED: Name of the user to use for HTTP Basic # authentication client requests. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Use username instead #http_basic_username = # Verify HTTPS connections. (boolean value) #insecure = false # Private key file matching cert_file. (string value) #key_file = # PEM encoded client certificate key file (string value) #keyfile = # User's password (string value) #password = # The port to use for JSON RPC (port value) # Minimum value: 0 # Maximum value: 65535 #port = 8089 # Domain ID containing project (string value) #project_domain_id = # Domain name containing project (string value) #project_domain_name = # Project ID to scope to (string value) # Deprecated group/name - [ironic_networking_json_rpc]/tenant_id #project_id = # Project name to scope to (string value) # Deprecated group/name - [ironic_networking_json_rpc]/tenant_name #project_name = # Log requests to multiple loggers. (boolean value) #split_loggers = false # Scope for system operations (string value) #system_scope = # Tenant ID (string value) #tenant_id = # Tenant Name (string value) #tenant_name = # Timeout value for http requests (integer value) #timeout = # ID of the trust to use as a trustee use (string value) #trust_id = # Unix socket to listen on. Disables host_ip and port. (string # value) #unix_socket = # File mode (an octal number) of the unix socket to listen on. # Ignored if unix_socket is not set. (integer value) #unix_socket_mode = # Whether to use TLS for JSON RPC (boolean value) #use_ssl = false # User's domain id (string value) #user_domain_id = # User's domain name (string value) #user_domain_name = # User id (string value) #user_id = # Username (string value) # Deprecated group/name - [ironic_networking_json_rpc]/user_name #username = [json_rpc] # # From ironic # # List of roles allowed to use JSON RPC (list value) #allowed_roles = admin # Authentication URL (string value) #auth_url = # Authentication strategy used by JSON RPC. Defaults to the # global auth_strategy setting. (string value) # Possible values: # noauth - no authentication # keystone - use the Identity service for authentication # http_basic - HTTP basic authentication #auth_strategy = # Authentication type to load (string value) # Deprecated group/name - [json_rpc]/auth_plugin #auth_type = # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) #cafile = # Certificate file the JSON-RPC listener will present to # clients when [json_rpc]use_ssl=True. (string value) #cert_file = # PEM encoded client certificate cert file (string value) #certfile = # Set to True to force TLS connections in the client even if # use_ssl is set to False. Only makes sense if server-side TLS # is provided outside of Ironic (e.g. with httpd acting as a # reverse proxy). (boolean value) #client_use_ssl = false # Collect per-API call timing information. (boolean value) #collect_timing = false # When debug logging is enabled, log only the request ID # instead of the full request and response for JSON RPC calls. # This reduces log verbosity while still providing some # traceability for performance analysis. (boolean value) # Note: This option can be changed without restarting. #debug_log_request_id_only = true # Optional domain ID to use with v3 and v2 parameters. It will # be used for both the user and project domain in v3 and # ignored in v2 authentication. (string value) #default_domain_id = # Optional domain name to use with v3 API and v2 parameters. # It will be used for both the user and project domain in v3 # and ignored in v2 authentication. (string value) #default_domain_name = # Domain ID to scope to (string value) #domain_id = # Domain name to scope to (string value) #domain_name = # The IP address or hostname on which JSON RPC will listen. # (host address value) #host_ip = :: # Path to Apache format user authentication file used when # auth_strategy=http_basic (string value) #http_basic_auth_user_file = /etc/ironic/htpasswd-json-rpc # DEPRECATED: Password to use for HTTP Basic authentication # client requests. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Use password instead #http_basic_password = # DEPRECATED: Name of the user to use for HTTP Basic # authentication client requests. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Use username instead #http_basic_username = # Verify HTTPS connections. (boolean value) #insecure = false # Private key file matching cert_file. (string value) #key_file = # PEM encoded client certificate key file (string value) #keyfile = # User's password (string value) #password = # The port to use for JSON RPC (port value) # Minimum value: 0 # Maximum value: 65535 #port = 8089 # Domain ID containing project (string value) #project_domain_id = # Domain name containing project (string value) #project_domain_name = # Project ID to scope to (string value) # Deprecated group/name - [json_rpc]/tenant_id #project_id = # Project name to scope to (string value) # Deprecated group/name - [json_rpc]/tenant_name #project_name = # Log requests to multiple loggers. (boolean value) #split_loggers = false # Scope for system operations (string value) #system_scope = # Tenant ID (string value) #tenant_id = # Tenant Name (string value) #tenant_name = # Timeout value for http requests (integer value) #timeout = # ID of the trust to use as a trustee use (string value) #trust_id = # Unix socket to listen on. Disables host_ip and port. (string # value) #unix_socket = # File mode (an octal number) of the unix socket to listen on. # Ignored if unix_socket is not set. (integer value) #unix_socket_mode = # Whether to use TLS for JSON RPC (boolean value) #use_ssl = false # User's domain id (string value) #user_domain_id = # User's domain name (string value) #user_domain_name = # User id (string value) #user_id = # Username (string value) # Deprecated group/name - [json_rpc]/user_name #username = [keystone_authtoken] # # From keystonemiddleware.auth_token # # Complete "public" Identity API endpoint. This endpoint # should not be an "admin" endpoint, as it should be # accessible by all end users. Unauthenticated clients are # redirected to this endpoint to authenticate. Although this # endpoint should ideally be unversioned, client support in # the wild varies. If you're using a versioned v2 endpoint # here, then this should *not* be the same endpoint the # service user utilizes for validating tokens, because normal # end users may not be able to reach that endpoint. (string # value) # Deprecated group/name - [keystone_authtoken]/auth_uri #www_authenticate_uri = # DEPRECATED: Complete "public" Identity API endpoint. This # endpoint should not be an "admin" endpoint, as it should be # accessible by all end users. Unauthenticated clients are # redirected to this endpoint to authenticate. Although this # endpoint should ideally be unversioned, client support in # the wild varies. If you're using a versioned v2 endpoint # here, then this should *not* be the same endpoint the # service user utilizes for validating tokens, because normal # end users may not be able to reach that endpoint. This # option is deprecated in favor of www_authenticate_uri and # will be removed in the S release. (string value) # This option is deprecated for removal since Queens. # Its value may be silently ignored in the future. # Reason: The auth_uri option is deprecated in favor of # www_authenticate_uri and will be removed in the S release. #auth_uri = # API version of the Identity API endpoint. (string value) #auth_version = # Interface to use for the Identity API endpoint. Valid values # are "public", "internal" (default) or "admin". (string # value) #interface = internal # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI # components. (boolean value) #delay_auth_decision = false # Request timeout value for communicating with Identity API # server. (integer value) #http_connect_timeout = # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries = 3 # Request environment key where the Swift cache object is # stored. When auth_token middleware is deployed with a Swift # cache, use this option to have the middleware share a # caching backend with swift. Otherwise, use the # ``memcached_servers`` option instead. (string value) #cache = # Required if identity server requires client certificate # (string value) #certfile = # Required if identity server requires client certificate # (string value) #keyfile = # A PEM encoded Certificate Authority to use when verifying # HTTPs connections. Defaults to system CAs. (string value) #cafile = # Verify HTTPS connections. (boolean value) #insecure = false # The region in which the identity server can be found. # (string value) #region_name = # Optionally specify a list of memcached server(s) to use for # caching. If left undefined, tokens will instead be cached # in-process. (list value) # Deprecated group/name - [keystone_authtoken]/memcache_servers #memcached_servers = # In order to prevent excessive effort spent validating # tokens, the middleware caches previously-seen tokens for a # configurable duration (in seconds). Set to -1 to disable # caching completely. (integer value) #token_cache_time = 300 # (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. If MAC, token # data is authenticated (with HMAC) in the cache. If ENCRYPT, # token data is encrypted and authenticated in the cache. If # the value is not one of these options or empty, auth_token # will raise an exception on initialization. (string value) # Possible values: # None - # MAC - # ENCRYPT - #memcache_security_strategy = None # (Optional, mandatory if memcache_security_strategy is # defined) This string is used for key derivation. (string # value) #memcache_secret_key = # (Optional) Global toggle for TLS usage when comunicating # with the caching servers. (boolean value) #memcache_tls_enabled = false # (Optional) Path to a file of concatenated CA certificates in # PEM format necessary to establish the caching server's # authenticity. If tls_enabled is False, this option is # ignored. (string value) #memcache_tls_cafile = # (Optional) Path to a single file in PEM format containing # the client's certificate as well as any number of CA # certificates needed to establish the certificate's # authenticity. This file is only required when client side # authentication is necessary. If tls_enabled is False, this # option is ignored. (string value) #memcache_tls_certfile = # (Optional) Path to a single file containing the client's # private key in. Otherwhise the private key will be taken # from the file specified in tls_certfile. If tls_enabled is # False, this option is ignored. (string value) #memcache_tls_keyfile = # (Optional) Set the available ciphers for sockets created # with the TLS context. It should be a string in the OpenSSL # cipher list format. If not specified, all OpenSSL enabled # ciphers will be available. (string value) #memcache_tls_allowed_ciphers = # (Optional) Number of seconds memcached server is considered # dead before it is tried again. (integer value) #memcache_pool_dead_retry = 300 # (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize = 10 # (Optional) Socket timeout in seconds for communicating with # a memcached server. (integer value) #memcache_pool_socket_timeout = 3 # (Optional) Number of seconds a connection to memcached is # held unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout = 60 # (Optional) Number of seconds that an operation will wait to # get a memcached client connection from the pool. (integer # value) #memcache_pool_conn_get_timeout = 10 # (Optional) Use the advanced (eventlet safe) memcached client # pool. (boolean value) #memcache_use_advanced_pool = true # (Optional) Indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) #include_service_catalog = true # Used to control the use and type of token binding. Can be # set to: "disabled" to not check token binding. "permissive" # (default) to validate binding information if the bind type # is of a form known to the server and ignore it if not. # "strict" like "permissive" but if the bind type is unknown # the token will be rejected. "required" any form of token # binding is needed to be allowed. Finally the name of a # binding method that must be present in tokens. (string # value) #enforce_token_bind = permissive # A choice of roles that must be present in a service token. # Service tokens are allowed to request that an expired token # can be used and so this check should tightly control that # only actual services should be sending this token. Roles # here are applied as an ANY check so any role in this list # must be present. For backwards compatibility reasons this # currently only affects the allow_expired check. (list value) #service_token_roles = service # For backwards compatibility reasons we must let valid # service tokens pass that don't pass the service_token_roles # check as valid. Setting this true will become the default in # a future release and should be enabled if possible. (boolean # value) #service_token_roles_required = false # The name or type of the service as it appears in the service # catalog. This is used to validate tokens that have # restricted access rules. (string value) #service_type = # Enable the SASL(Simple Authentication and Security Layer) if # the SASL_enable is true, else disable. (boolean value) #memcache_sasl_enabled = false # the user name for the SASL (string value) #memcache_username = # the username password for SASL (string value) #memcache_password = # Authentication type to load (string value) # Deprecated group/name - [keystone_authtoken]/auth_plugin #auth_type = # Config Section from which to load plugin specific options # (string value) #auth_section = [mdns] # # From ironic # # Number of attempts to register a service. Currently has to # be larger than 1 because of race conditions in the zeroconf # library. (integer value) # Minimum value: 1 #registration_attempts = 5 # Number of attempts to lookup a service. (integer value) # Minimum value: 1 #lookup_attempts = 3 # Additional parameters to pass for the registered service. # (dict value) #params = # List of IP addresses of interfaces to use for mDNS. Defaults # to all interfaces on the system. (list value) #interfaces = [metrics] # # From ironic # # Backend to use for the metrics system. (string value) # Possible values: # noop - Do nothing in relation to metrics. # statsd - Transmits metrics data to a statsd backend. # collector - Collects metrics data and saves it in memory for # use by the running application. #backend = noop # Prepend the hostname to all metric names. The format of # metric names is # [global_prefix.][host_name.]prefix.metric_name. (boolean # value) #prepend_host = false # Split the prepended host value by "." and reverse it (to # better match the reverse hierarchical form of domain names). # (boolean value) #prepend_host_reverse = true # Prefix all metric names with this value. By default, there # is no global prefix. The format of metric names is # [global_prefix.][host_name.]prefix.metric_name. (string # value) #global_prefix = # Backend for the agent ramdisk to use for metrics. Default # possible backends are "noop" and "statsd". (string value) #agent_backend = noop # Prepend the hostname to all metric names sent by the agent # ramdisk. The format of metric names is # [global_prefix.][uuid.][host_name.]prefix.metric_name. # (boolean value) #agent_prepend_host = false # Prepend the node's Ironic uuid to all metric names sent by # the agent ramdisk. The format of metric names is # [global_prefix.][uuid.][host_name.]prefix.metric_name. # (boolean value) #agent_prepend_uuid = false # Split the prepended host value by "." and reverse it for # metrics sent by the agent ramdisk (to better match the # reverse hierarchical form of domain names). (boolean value) #agent_prepend_host_reverse = true # Prefix all metric names sent by the agent ramdisk with this # value. The format of metric names is # [global_prefix.][uuid.][host_name.]prefix.metric_name. # (string value) #agent_global_prefix = [metrics_statsd] # # From ironic # # Host for use with the statsd backend. (string value) #statsd_host = localhost # Port to use with the statsd backend. (port value) # Minimum value: 0 # Maximum value: 65535 #statsd_port = 8125 # Host for the agent ramdisk to use with the statsd backend. # This must be accessible from networks the agent is booted # on. (string value) #agent_statsd_host = localhost # Port for the agent ramdisk to use with the statsd backend. # (port value) # Minimum value: 0 # Maximum value: 65535 #agent_statsd_port = 8125 [molds] # # From ironic # # Configuration mold storage location. (string value) # Possible values: # swift - # http - #storage = swift # User for "http" Basic auth. By default set empty. (string # value) #user = # Password for "http" Basic auth. By default set empty. # (string value) #password = # Retry attempts for saving or getting configuration molds. # (integer value) #retry_attempts = 3 # Retry interval for saving or getting configuration molds. # (integer value) #retry_interval = 3 [neutron] # # From ironic # # Option to enable transmission of all ports to neutron when # creating ports for provisioning, cleaning, or rescue. This # is done without IP addresses assigned to the port, and may # be useful in some bonded network configurations. (boolean # value) # Note: This option can be changed without restarting. #add_all_ports = false # By default, nodes with disable_power_off set to True cannot # be used with the Neutron network interface because during # tear-down they will be left with the instance image still # running. Set this option to True to disable this validation. # (boolean value) #allow_disabling_power_off = false # Authentication URL (string value) #auth_url = # Authentication type to load (string value) # Deprecated group/name - [neutron]/auth_plugin #auth_type = # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) #cafile = # PEM encoded client certificate cert file (string value) #certfile = # Neutron network UUID or name for the ramdisk to be booted # into for cleaning nodes. Required for "neutron" network # interface. It is also required if cleaning nodes when using # "flat" network interface or "neutron" DHCP provider. If a # name is provided, it must be unique among all networks or # cleaning will fail. (string value) # Note: This option can be changed without restarting. # Deprecated group/name - [neutron]/cleaning_network_uuid #cleaning_network = # List of Neutron Security Group UUIDs to be applied during # cleaning of the nodes. Optional for the "neutron" network # interface and not used for the "flat" or "noop" network # interfaces. If not specified, default security group is # used. (list value) # Note: This option can be changed without restarting. #cleaning_network_security_groups = # Collect per-API call timing information. (boolean value) #collect_timing = false # The maximum number of retries that should be attempted for # connection errors. (integer value) #connect_retries = # Delay (in seconds) between two retries for connection # errors. If not set, exponential retry starting with 0.5 # seconds up to a maximum of 60 seconds is used. (floating # point value) #connect_retry_delay = # Optional domain ID to use with v3 and v2 parameters. It will # be used for both the user and project domain in v3 and # ignored in v2 authentication. (string value) #default_domain_id = # Optional domain name to use with v3 API and v2 parameters. # It will be used for both the user and project domain in v3 # and ignored in v2 authentication. (string value) #default_domain_name = # Number of IPv6 addresses to allocate for ports created for # provisioning, cleaning, rescue or inspection on # DHCPv6-stateful networks. Different stages of the chain- # loading process will request addresses with different # CLID/IAID. Due to non-identical identifiers multiple # addresses must be reserved for the host to ensure each step # of the boot process can successfully lease addresses. # (integer value) # Note: This option can be changed without restarting. #dhcpv6_stateful_address_count = 4 # Domain ID to scope to (string value) #domain_id = # Domain name to scope to (string value) #domain_name = # Always use this endpoint URL for requests for this client. # NOTE: The unversioned endpoint should be specified here; to # request a particular API version, use the `version`, `min- # version`, and/or `max-version` options. (string value) #endpoint_override = # Whether to fail or continue deployment if neutron port # binding fails. (boolean value) #fail_on_port_binding_failure = true # Verify HTTPS connections. (boolean value) #insecure = false # Neutron network UUID or name for the ramdisk to be booted # into for in-band inspection of nodes. If a name is provided, # it must be unique among all networks or inspection will # fail. (string value) # Note: This option can be changed without restarting. #inspection_network = # List of Neutron Security Group UUIDs to be applied during # the node inspection process. Optional for the "neutron" # network interface and not used for the "flat" or "noop" # network interfaces. If not specified, the default security # group is used. (list value) # Note: This option can be changed without restarting. #inspection_network_security_groups = # PEM encoded client certificate key file (string value) #keyfile = # The maximum major version of a given API, intended to be # used as the upper bound of a range with min_version. # Mutually exclusive with version. (string value) #max_version = # The minimum major version of a given API, intended to be # used as the lower bound of a range with max_version. # Mutually exclusive with version. If min_version is given # with no max_version it is as if max version is "latest". # (string value) #min_version = # User's password (string value) #password = # Delay value to wait for Neutron agents to setup sufficient # DHCP configuration for port. (integer value) # Minimum value: 0 # Note: This option can be changed without restarting. #port_setup_delay = 0 # Domain ID containing project (string value) #project_domain_id = # Domain name containing project (string value) #project_domain_name = # Project ID to scope to (string value) # Deprecated group/name - [neutron]/tenant_id #project_id = # Project name to scope to (string value) # Deprecated group/name - [neutron]/tenant_name #project_name = # Neutron network UUID or name for the ramdisk to be booted # into for provisioning nodes. Required for "neutron" network # interface. If a name is provided, it must be unique among # all networks or deploy will fail. (string value) # Note: This option can be changed without restarting. # Deprecated group/name - [neutron]/provisioning_network_uuid #provisioning_network = # List of Neutron Security Group UUIDs to be applied during # provisioning of the nodes. Optional for the "neutron" # network interface and not used for the "flat" or "noop" # network interfaces. If not specified, default security group # is used. (list value) # Note: This option can be changed without restarting. #provisioning_network_security_groups = # The default region_name for endpoint URL discovery. (string # value) #region_name = # Timeout for request processing when interacting with # Neutron. This value should be increased if neutron port # action timeouts are observed as neutron performs pre-commit # validation prior returning to the API client which can take # longer than normal client/server interactions. (integer # value) # Note: This option can be changed without restarting. #request_timeout = 45 # Neutron network UUID or name for booting the ramdisk for # rescue mode. This is not the network that the rescue ramdisk # will use post-boot -- the tenant network is used for that. # Required for "neutron" network interface, if rescue mode # will be used. It is not used for the "flat" or "noop" # network interfaces. If a name is provided, it must be unique # among all networks or rescue will fail. (string value) # Note: This option can be changed without restarting. #rescuing_network = # List of Neutron Security Group UUIDs to be applied during # the node rescue process. Optional for the "neutron" network # interface and not used for the "flat" or "noop" network # interfaces. If not specified, the default security group is # used. (list value) # Note: This option can be changed without restarting. #rescuing_network_security_groups = # List of retriable HTTP status codes that should be retried. # If not set default to [503] (list value) #retriable_status_codes = # DEPRECATED: Client retries in the case of a failed request. # (integer value) # Note: This option can be changed without restarting. # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by status_code_retries and # status_code_retry_delay. #retries = 3 # The default service_name for endpoint URL discovery. (string # value) #service_name = # The default service_type for endpoint URL discovery. (string # value) #service_type = network # Neutron network UUID or name for booting the ramdisk for # service mode. Required for "neutron" network interface, if # service mode will be used. It is not used for the "flat" or # "noop" network interfaces. If a name is provided, it must be # unique among all networks or service will fail. (string # value) # Note: This option can be changed without restarting. #servicing_network = # List of Neutron Security Group UUIDs to be applied during # the node service process. Optional for the "neutron" network # interface and not used for the "flat" or "noop" network # interfaces. If not specified, the default security group is # used. (list value) # Note: This option can be changed without restarting. #servicing_network_security_groups = # Log requests to multiple loggers. (boolean value) #split_loggers = false # The maximum number of retries that should be attempted for # retriable HTTP status codes. (integer value) #status_code_retries = # Delay (in seconds) between two retries for retriable status # codes. If not set, exponential retry starting with 0.5 # seconds up to a maximum of 60 seconds is used. (floating # point value) #status_code_retry_delay = # Scope for system operations (string value) #system_scope = # Tenant ID (string value) #tenant_id = # Tenant Name (string value) #tenant_name = # Timeout value for http requests (integer value) #timeout = # ID of the trust to use as a trustee use (string value) #trust_id = # User's domain id (string value) #user_domain_id = # User's domain name (string value) #user_domain_name = # User id (string value) #user_id = # Username (string value) # Deprecated group/name - [neutron]/user_name #username = # List of interfaces, in order of preference, for endpoint # URL. (list value) #valid_interfaces = internal,public # Minimum Major API version within a given Major API version # for endpoint URL discovery. Mutually exclusive with # min_version and max_version (string value) #version = [nova] # # From ironic # # Authentication URL (string value) #auth_url = # Authentication type to load (string value) # Deprecated group/name - [nova]/auth_plugin #auth_type = # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) #cafile = # PEM encoded client certificate cert file (string value) #certfile = # Collect per-API call timing information. (boolean value) #collect_timing = false # The maximum number of retries that should be attempted for # connection errors. (integer value) #connect_retries = # Delay (in seconds) between two retries for connection # errors. If not set, exponential retry starting with 0.5 # seconds up to a maximum of 60 seconds is used. (floating # point value) #connect_retry_delay = # Optional domain ID to use with v3 and v2 parameters. It will # be used for both the user and project domain in v3 and # ignored in v2 authentication. (string value) #default_domain_id = # Optional domain name to use with v3 API and v2 parameters. # It will be used for both the user and project domain in v3 # and ignored in v2 authentication. (string value) #default_domain_name = # Domain ID to scope to (string value) #domain_id = # Domain name to scope to (string value) #domain_name = # Always use this endpoint URL for requests for this client. # NOTE: The unversioned endpoint should be specified here; to # request a particular API version, use the `version`, `min- # version`, and/or `max-version` options. (string value) #endpoint_override = # Verify HTTPS connections. (boolean value) #insecure = false # PEM encoded client certificate key file (string value) #keyfile = # The maximum major version of a given API, intended to be # used as the upper bound of a range with min_version. # Mutually exclusive with version. (string value) #max_version = # The minimum major version of a given API, intended to be # used as the lower bound of a range with max_version. # Mutually exclusive with version. If min_version is given # with no max_version it is as if max version is "latest". # (string value) #min_version = # User's password (string value) #password = # Domain ID containing project (string value) #project_domain_id = # Domain name containing project (string value) #project_domain_name = # Project ID to scope to (string value) # Deprecated group/name - [nova]/tenant_id #project_id = # Project name to scope to (string value) # Deprecated group/name - [nova]/tenant_name #project_name = # The default region_name for endpoint URL discovery. (string # value) #region_name = # List of retriable HTTP status codes that should be retried. # If not set default to [503] (list value) #retriable_status_codes = # When set to True, it will enable the support for power state # change callbacks to nova. This option should be set to False # in deployments that do not have the openstack compute # service. (boolean value) # Note: This option can be changed without restarting. #send_power_notifications = true # The default service_name for endpoint URL discovery. (string # value) #service_name = # The default service_type for endpoint URL discovery. (string # value) #service_type = compute # Log requests to multiple loggers. (boolean value) #split_loggers = false # The maximum number of retries that should be attempted for # retriable HTTP status codes. (integer value) #status_code_retries = # Delay (in seconds) between two retries for retriable status # codes. If not set, exponential retry starting with 0.5 # seconds up to a maximum of 60 seconds is used. (floating # point value) #status_code_retry_delay = # Scope for system operations (string value) #system_scope = # Tenant ID (string value) #tenant_id = # Tenant Name (string value) #tenant_name = # Timeout value for http requests (integer value) #timeout = # ID of the trust to use as a trustee use (string value) #trust_id = # User's domain id (string value) #user_domain_id = # User's domain name (string value) #user_domain_name = # User id (string value) #user_id = # Username (string value) # Deprecated group/name - [nova]/user_name #username = # List of interfaces, in order of preference, for endpoint # URL. (list value) #valid_interfaces = internal,public # Minimum Major API version within a given Major API version # for endpoint URL discovery. Mutually exclusive with # min_version and max_version (string value) #version = [oci] # # From ironic # # An option which signals to the OCI Container Registry client # which remote endpoints are fronted by Content Distribution # Networks which we may receive redirects to in order to # download the requested artifacts, where the OCI client # should go ahead and issue the download request with # authentication headers before being asked by the remote # server for user authentication. (list value) #secure_cdn_registries = registry.redhat.io,registry.access.redhat.com,docker.io,registry-1.docker.io # An option which allows pre-shared authorization keys to be # utilized by the Ironic service to facilitate authentication # with remote image registries which may require # authentication for all interactions. Ironic will utilize # these credentials to access general artifacts, but Ironic # will *also* prefer user credentials, if supplied, for disk # images. This file is in the same format utilized in the # container ecosystem for the same purpose. Structured as a # JSON document with an ``auths`` key, with remote registry # domain FQDNs as keys, and a nested ``auth`` key within that # value which holds the actual pre-shared secret. Ironic does # not cache the contents of this file at launch, and the file # can be updated as Ironic operates in the event pre-shared # tokens need to be regenerated. (string value) # Note: This option can be changed without restarting. #authentication_config = # Security-Insecure: By default, the OCI client code expects # all OCI registry interactions to take place utilizing HTTPS # as the underlying transport mechanism to communicate with # the remote registry. In reality, that is not always the case # in testing environments, and as such this setting may be # utilized to allow the internal OCI mechanism to fallback to # HTTP if the remote endpoint lacks support for HTTPS. # (boolean value) #permit_fallback_to_http_transport = false [oslo_concurrency] # # From oslo.concurrency # # Enables or disables inter-process locks. (boolean value) #disable_process_locking = false # Directory to use for lock files. For security, the # specified directory should only be writable by the user # running the processes that need locking. Defaults to # environment variable OSLO_LOCK_PATH. If external locks are # used, a lock path must be set. (string value) #lock_path = [oslo_messaging_kafka] # # From oslo.messaging # # Max fetch bytes of Kafka consumer (integer value) #kafka_max_fetch_bytes = 1048576 # Default timeout(s) for Kafka consumers (floating point # value) #kafka_consumer_timeout = 1.0 # Group id for Kafka consumer. Consumers in one group will # coordinate message consumption (string value) #consumer_group = oslo_messaging_consumer # Upper bound on the delay for KafkaProducer batching in # seconds (floating point value) #producer_batch_timeout = 0.0 # Size of batch for the producer async send (integer value) #producer_batch_size = 16384 # The compression codec for all data generated by the # producer. If not set, compression will not be used. Note # that the allowed values of this depend on the kafka version # (string value) # Possible values: # none - # gzip - # snappy - # lz4 - # zstd - #compression_codec = none # Enable asynchronous consumer commits (boolean value) #enable_auto_commit = false # The maximum number of records returned in a poll call # (integer value) #max_poll_records = 500 # Protocol used to communicate with brokers (string value) # Possible values: # PLAINTEXT - # SASL_PLAINTEXT - # SSL - # SASL_SSL - #security_protocol = PLAINTEXT # Mechanism when security protocol is SASL (string value) #sasl_mechanism = PLAIN # CA certificate PEM file used to verify the server # certificate (string value) #ssl_cafile = # Client certificate PEM file used for authentication. (string # value) #ssl_client_cert_file = # Client key PEM file used for authentication. (string value) #ssl_client_key_file = # Client key password file used for authentication. (string # value) #ssl_client_key_password = [oslo_messaging_notifications] # # From oslo.messaging # # The Drivers(s) to handle sending notifications. Possible # values are messaging, messagingv2, routing, log, test, noop # (multi valued) #driver = # A URL representing the messaging driver to use for # notifications. If not set, we fall back to the same # configuration used for RPC. (string value) #transport_url = # AMQP topic used for OpenStack notifications. (list value) #topics = notifications # The maximum number of attempts to re-send a notification # message which failed to be delivered due to a recoverable # error. 0 - No retry, -1 - indefinite (integer value) #retry = -1 [oslo_messaging_rabbit] # # From oslo.messaging # # Use durable queues in AMQP. If rabbit_quorum_queue is # enabled, queues will be durable and this value will be # ignored. (boolean value) #amqp_durable_queues = false # Auto-delete queues in AMQP. (boolean value) #amqp_auto_delete = false # Size of RPC connection pool. (integer value) # Minimum value: 1 #rpc_conn_pool_size = 30 # The pool size limit for connections expiration policy # (integer value) #conn_pool_min_size = 2 # The time-to-live in sec of idle connections in the pool # (integer value) #conn_pool_ttl = 1200 # Connect over SSL. (boolean value) #ssl = false # SSL version to use (valid only if SSL enabled). Valid values # are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may # be available on some distributions. (string value) #ssl_version = # SSL key file (valid only if SSL enabled). (string value) #ssl_key_file = # SSL cert file (valid only if SSL enabled). (string value) #ssl_cert_file = # SSL certification authority file (valid only if SSL # enabled). (string value) #ssl_ca_file = # DEPRECATED: Global toggle for enforcing the OpenSSL FIPS # mode. This feature requires Python support. This is # available in Python 3.9 in all environments and may have # been backported to older Python versions on select # environments. If the Python executable used does not support # OpenSSL FIPS mode, an exception will be raised. (boolean # value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: FIPS_mode_set API was removed in OpenSSL 3.0.0. This # option has no effect now. #ssl_enforce_fips_mode = false # DEPRECATED: (DEPRECATED) It is recommend not to use this # option anymore. Run the health check heartbeat thread # through a native python thread by default. If this option is # equal to False then the health check heartbeat will inherit # the execution model from the parent process. For example if # the parent process has monkey patched the stdlib by using # eventlet/greenlet then the heartbeat will be run through a # green thread. This option should be set to True only for the # wsgi services. (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The option is related to Eventlet which will be # removed. In addition this has never worked as expected with # services using eventlet for core service framework. #heartbeat_in_pthread = false # How long to wait (in seconds) before reconnecting in # response to an AMQP consumer cancel notification. (floating # point value) # Minimum value: 0.0 # Maximum value: 4.5 #kombu_reconnect_delay = 1.0 # Random time to wait for when reconnecting in response to an # AMQP consumer cancel notification. (floating point value) # Minimum value: 0.0 #kombu_reconnect_splay = 0.0 # EXPERIMENTAL: Possible values are: gzip, bz2. If not set # compression will not be used. This option may not be # available in future versions. (string value) #kombu_compression = # How long to wait a missing client before abandoning to send # it its replies. This value should not be longer than # rpc_response_timeout. (integer value) # Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout #kombu_missing_consumer_retry_timeout = 60 # Determines how the next RabbitMQ node is chosen in case the # one we are currently connected to becomes unavailable. Takes # effect only if more than one RabbitMQ node is provided in # config. (string value) # Possible values: # round-robin - # shuffle - #kombu_failover_strategy = round-robin # The RabbitMQ login method. (string value) # Possible values: # PLAIN - # AMQPLAIN - # EXTERNAL - # RABBIT-CR-DEMO - #rabbit_login_method = AMQPLAIN # How frequently to retry connecting with RabbitMQ. (integer # value) # Minimum value: 1 #rabbit_retry_interval = 1 # How long to backoff for between retries when connecting to # RabbitMQ. (integer value) # Minimum value: 0 #rabbit_retry_backoff = 2 # Maximum interval of RabbitMQ connection retries. (integer # value) # Minimum value: 1 #rabbit_interval_max = 30 # Try to use HA queues in RabbitMQ (x-ha-policy: all). If you # change this option, you must wipe the RabbitMQ database. In # RabbitMQ 3.0, queue mirroring is no longer controlled by the # x-ha-policy argument when declaring a queue. If you just # want to make sure that all queues (except those with auto- # generated names) are mirrored across all nodes, run: # "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-mode": # "all"}' " (boolean value) #rabbit_ha_queues = false # Use quorum queues in RabbitMQ (x-queue-type: quorum). The # quorum queue is a modern queue type for RabbitMQ # implementing a durable, replicated FIFO queue based on the # Raft consensus algorithm. It is available as of RabbitMQ # 3.8.0. If set this option will conflict with the HA queues # (``rabbit_ha_queues``) aka mirrored queues, in other words # the HA queues should be disabled. Quorum queues are also # durable by default so the amqp_durable_queues option is # ignored when this option is enabled. (boolean value) #rabbit_quorum_queue = false # Use quorum queues for transients queues in RabbitMQ. # Enabling this option will then make sure those queues are # also using quorum kind of rabbit queues, which are HA by # default. (boolean value) #rabbit_transient_quorum_queue = false # Each time a message is redelivered to a consumer, a counter # is incremented. Once the redelivery count exceeds the # delivery limit the message gets dropped or dead-lettered (if # a DLX exchange has been configured) Used only when # rabbit_quorum_queue is enabled, Default 0 which means dont # set a limit. (integer value) #rabbit_quorum_delivery_limit = 0 # By default all messages are maintained in memory if a quorum # queue grows in length it can put memory pressure on a # cluster. This option can limit the number of messages in the # quorum queue. Used only when rabbit_quorum_queue is enabled, # Default 0 which means dont set a limit. (integer value) #rabbit_quorum_max_memory_length = 0 # By default all messages are maintained in memory if a quorum # queue grows in length it can put memory pressure on a # cluster. This option can limit the number of memory bytes # used by the quorum queue. Used only when rabbit_quorum_queue # is enabled, Default 0 which means dont set a limit. (integer # value) #rabbit_quorum_max_memory_bytes = 0 # Positive integer representing duration in seconds for queue # TTL (x-expires). Queues which are unused for the duration of # the TTL are automatically deleted. The parameter affects # only reply and fanout queues. Setting 0 as value will # disable the x-expires. If doing so, make sure you have a # rabbitmq policy to delete the queues or you deployment will # create an infinite number of queue over time.In case # rabbit_stream_fanout is set to True, this option will # control data retention policy (x-max-age) for messages in # the fanout queue rather then the queue duration itself. So # the oldest data in the stream queue will be discarded from # it once reaching TTL Setting to 0 will disable x-max-age for # stream which make stream grow indefinitely filling up the # diskspace (integer value) # Minimum value: 0 #rabbit_transient_queues_ttl = 1800 # Specifies the number of messages to prefetch. Setting to # zero allows unlimited messages. (integer value) #rabbit_qos_prefetch_count = 0 # Number of seconds after which the Rabbit broker is # considered down if heartbeat's keep-alive fails (0 disables # heartbeat). (integer value) #heartbeat_timeout_threshold = 60 # How often times during the heartbeat_timeout_threshold we # check the heartbeat. (integer value) #heartbeat_rate = 3 # DEPRECATED: (DEPRECATED) Enable/Disable the RabbitMQ # mandatory flag for direct send. The direct send is used as # reply, so the MessageUndeliverable exception is raised in # case the client queue does not exist.MessageUndeliverable # exception will be used to loop for a timeout to lets a # chance to sender to recover.This flag is deprecated and it # will not be possible to deactivate this functionality # anymore (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Mandatory flag no longer deactivable. #direct_mandatory_flag = true # Enable x-cancel-on-ha-failover flag so that rabbitmq server # will cancel and notify consumerswhen queue is down (boolean # value) #enable_cancel_on_failover = false # Should we use consistant queue names or random ones (boolean # value) #use_queue_manager = false # Hostname used by queue manager. Defaults to the value # returned by socket.gethostname(). (string value) # # This option has a sample default set, which means that # its actual default value may vary from the one documented # below. #hostname = node1.example.com # Process name used by queue manager (string value) # # This option has a sample default set, which means that # its actual default value may vary from the one documented # below. #processname = nova-api # Use stream queues in RabbitMQ (x-queue-type: stream). # Streams are a new persistent and replicated data structure # ("queue type") in RabbitMQ which models an append-only log # with non-destructive consumer semantics. It is available as # of RabbitMQ 3.9.0. If set this option will replace all # fanout queues with only one stream queue. (boolean value) #rabbit_stream_fanout = false [oslo_middleware] # # From oslo.middleware.http_proxy_to_wsgi # # Whether the application is behind a proxy or not. This # determines if the middleware should parse the headers or # not. (boolean value) #enable_proxy_headers_parsing = false [oslo_policy] # # From oslo.policy # # DEPRECATED: This option controls whether or not to enforce # scope when evaluating policies. If ``True``, the scope of # the token used in the request is compared to the # ``scope_types`` of the policy being enforced. If the scopes # do not match, an ``InvalidScope`` exception will be raised. # If ``False``, a message will be logged informing operators # that policies are being invoked with mismatching scope. # (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: This configuration was added temporarily to # facilitate a smooth transition to the new RBAC. OpenStack # will always enforce scope checks. This configuration option # is deprecated and will be removed in the 2025.2 cycle. #enforce_scope = true # This option controls whether or not to use old deprecated # defaults when evaluating policies. If ``True``, the old # deprecated defaults are not going to be evaluated. This # means if any existing token is allowed for old defaults but # is disallowed for new defaults, it will be disallowed. It is # encouraged to enable this flag along with the # ``enforce_scope`` flag so that you can get the benefits of # new defaults and ``scope_type`` together. If ``False``, the # deprecated policy check string is logically OR'd with the # new policy check string, allowing for a graceful upgrade # experience between releases with new policies, which is the # default behavior. (boolean value) #enforce_new_defaults = true # The relative or absolute path of a file that maps roles to # permissions for a given service. Relative paths must be # specified in relation to the configuration file setting this # option. (string value) #policy_file = policy.yaml # Default rule. Enforced when a requested rule is not found. # (string value) #policy_default_rule = default # Directories where policy configuration files are stored. # They can be relative to any directory in the search path # defined by the config_dir option, or absolute paths. The # file defined by policy_file must exist for these directories # to be searched. Missing or empty directories are ignored. # (multi valued) #policy_dirs = policy.d # Content Type to send and receive data for REST based policy # check (string value) # Possible values: # application/x-www-form-urlencoded - # application/json - #remote_content_type = application/x-www-form-urlencoded # server identity verification for REST based policy check # (boolean value) #remote_ssl_verify_server_crt = false # Absolute path to ca cert file for REST based policy check # (string value) #remote_ssl_ca_crt_file = # Absolute path to client cert for REST based policy check # (string value) #remote_ssl_client_crt_file = # Absolute path client key file REST based policy check # (string value) #remote_ssl_client_key_file = # Timeout in seconds for REST based policy check (floating # point value) # Minimum value: 0 #remote_timeout = 60 [oslo_versionedobjects] # # From oslo.versionedobjects # # Make exception message format errors fatal (boolean value) #fatal_exception_format_errors = false [profiler] # # From osprofiler # # # Enable the profiling for all services on this node. # # Default value is False (fully disable the profiling # feature). # # Possible values: # # * True: Enables the feature # * False: Disables the feature. The profiling cannot be # started via this project # operations. If the profiling is triggered by another # project, this project # part will be empty. # (boolean value) # Deprecated group/name - [profiler]/profiler_enabled #enabled = false # # Enable SQL requests profiling in services. # # Default value is False (SQL requests won't be traced). # # Possible values: # # * True: Enables SQL requests profiling. Each SQL query will # be part of the # trace and can the be analyzed by how much time was spent # for that. # * False: Disables SQL requests profiling. The spent time is # only shown on a # higher level of operations. Single SQL queries cannot be # analyzed this way. # (boolean value) #trace_sqlalchemy = false # # Enable python requests package profiling. # # Supported drivers: jaeger+otlp # # Default value is False. # # Possible values: # # * True: Enables requests profiling. # * False: Disables requests profiling. # (boolean value) #trace_requests = false # # Secret key(s) to use for encrypting context data for # performance profiling. # # This string value should have the following format: # [,,...], # where each key is some random string. A user who triggers # the profiling via # the REST API has to set one of these keys in the headers of # the REST API call # to include profiling results of this node for this # particular project. # # Both "enabled" flag and "hmac_keys" config options should be # set to enable # profiling. Also, to generate correct profiling information # across all services # at least one key needs to be consistent between OpenStack # projects. This # ensures it can be used from client side to generate the # trace, containing # information from all possible resources. # (string value) #hmac_keys = SECRET_KEY # # Connection string for a notifier backend. # # Default value is ``messaging://`` which sets the notifier to # oslo_messaging. # # Examples of possible values: # # * ``messaging://`` - use oslo_messaging driver for sending # spans. # * ``redis://127.0.0.1:6379`` - use redis driver for sending # spans. # * ``mongodb://127.0.0.1:27017`` - use mongodb driver for # sending spans. # * ``elasticsearch://127.0.0.1:9200`` - use elasticsearch # driver for sending # spans. # * ``jaeger://127.0.0.1:6831`` - use jaeger tracing as driver # for sending spans. # (string value) #connection_string = messaging:// # # Document type for notification indexing in elasticsearch. # (string value) #es_doc_type = notification # # This parameter is a time value parameter (for example: # es_scroll_time=2m), # indicating for how long the nodes that participate in the # search will maintain # relevant resources in order to continue and support it. # (string value) #es_scroll_time = 2m # # Elasticsearch splits large requests in batches. This # parameter defines # maximum size of each batch (for example: # es_scroll_size=10000). # (integer value) #es_scroll_size = 10000 # # Redissentinel provides a timeout option on the connections. # This parameter defines that timeout (for example: # socket_timeout=0.1). # (floating point value) #socket_timeout = 0.1 # # Redissentinel uses a service name to identify a master redis # service. # This parameter defines the name (for example: # ``sentinal_service_name=mymaster``). # (string value) #sentinel_service_name = mymaster # # Enable filter traces that contain error/exception to a # separated place. # # Default value is set to False. # # Possible values: # # * True: Enable filter traces that contain error/exception. # * False: Disable the filter. # (boolean value) #filter_error_trace = false [profiler_jaeger] # # From osprofiler # # # Set service name prefix to Jaeger service name. # (string value) #service_name_prefix = # # Set process tracer tags. # (dict value) #process_tags = [profiler_otlp] # # From osprofiler # # # Set service name prefix to OTLP exporters. # (string value) #service_name_prefix = [pxe] # # From ironic # # Additional append parameters for baremetal PXE boot. (string # value) # Note: This option can be changed without restarting. # Deprecated group/name - [pxe]/pxe_append_params #kernel_append_params = nofb vga=normal # Default file system format for ephemeral partition, if one # is created. (string value) # Note: This option can be changed without restarting. #default_ephemeral_format = ext4 # On the ironic-conductor node, directory where images are # stored on disk. (string value) #images_path = /var/lib/ironic/images/ # On the ironic-conductor node, directory where master # instance images are stored on disk. Setting to the empty # string disables image caching. (string value) #instance_master_path = /var/lib/ironic/master_images # Maximum size (in MiB) of cache for master images, including # those in use. (integer value) #image_cache_size = 20480 # Maximum TTL (in minutes) for old master images in cache. # (integer value) #image_cache_ttl = 10080 # On ironic-conductor node, template file for PXE loader # configuration. (string value) # Note: This option can be changed without restarting. #pxe_config_template = $pybasedir/drivers/modules/pxe_config.template # On ironic-conductor node, template file for iPXE operations. # (string value) # Note: This option can be changed without restarting. #ipxe_config_template = $pybasedir/drivers/modules/ipxe_config.template # On ironic-conductor node, template file for PXE # configuration for UEFI boot loader. Generally this is used # for GRUB specific templates. (string value) # Note: This option can be changed without restarting. #uefi_pxe_config_template = $pybasedir/drivers/modules/pxe_grub_config.template # On ironic-conductor node, template file for PXE # configuration per node architecture. For example: # aarch64:/opt/share/grubaa64_pxe_config.template (dict value) # Note: This option can be changed without restarting. #pxe_config_template_by_arch = # IP address of ironic-conductor node's TFTP server. (string # value) #tftp_server = $my_ip # ironic-conductor node's TFTP root path. The ironic-conductor # must have read/write access to this path. (string value) #tftp_root = /tftpboot # On ironic-conductor node, directory where master TFTP images # are stored on disk. Setting to the empty string disables # image caching. (string value) #tftp_master_path = /tftpboot/master_images # The permission that will be applied to the TFTP folders upon # creation. This should be set to the permission such that the # tftpserver has access to read the contents of the configured # TFTP folder. This setting is only required when the # operating system's umask is restrictive such that ironic- # conductor is creating files that cannot be read by the TFTP # server. Setting to will result in the operating # system's umask to be utilized for the creation of new tftp # folders. The system default umask is masked out on the # specified value. It is required that an octal representation # is specified. For example: 0o755 (integer value) #dir_permission = # The permission which is used on files created as part of # configuration and setup of file assets for PXE based # operations. Defaults to a value of 0o644. This value must be # specified as an octal representation. For example: 0o644 # (integer value) #file_permission = 420 # Bootfile DHCP parameter. (string value) #pxe_bootfile_name = pxelinux.0 # Directory in which to create symbolic links which represent # the MAC or IP address of the ports on a node and allow boot # loaders to load the PXE file for the node. This directory # name is relative to the PXE or iPXE folders. (string value) #pxe_config_subdir = pxelinux.cfg # Bootfile DHCP parameter for UEFI boot mode. (string value) #uefi_pxe_bootfile_name = bootx64.efi # Bootfile DHCP parameter. (string value) #ipxe_bootfile_name = undionly.kpxe # Bootfile DHCP parameter for UEFI boot mode. If you # experience problems with booting using it, try ipxe.efi. # (string value) #uefi_ipxe_bootfile_name = snponly.efi # Bootfile DHCP parameter per node architecture. For example: # aarch64:grubaa64.efi (dict value) #pxe_bootfile_name_by_arch = # Bootfile DHCP parameter per node architecture. For example: # aarch64:ipxe_aa64.efi (dict value) #ipxe_bootfile_name_by_arch = # On ironic-conductor node, the path to the main iPXE script # file. (string value) #ipxe_boot_script = $pybasedir/drivers/modules/boot.ipxe # File name (e.g. inspector.ipxe) of an iPXE script to fall # back to when booting to a MAC-specific script fails. When # not set, booting will fail in this case. (string value) #ipxe_fallback_script = # Timeout value (in seconds) for downloading an image via # iPXE. Timeout is disabled when this value is 0 (integer # value) #ipxe_timeout = 0 # Timeout (in seconds) after which PXE boot should be retried. # Must be less than [conductor]deploy_callback_timeout. # Disabled by default. (integer value) # Minimum value: 60 #boot_retry_timeout = # Interval (in seconds) between periodic checks on PXE boot # retry. Has no effect if boot_retry_timeout is not set. # (integer value) # Minimum value: 1 #boot_retry_check_interval = 90 # DEPRECATED: The IP version that will be used for PXE # booting. Defaults to 4. This option has been a no-op for in- # treedrivers since the Ussuri development cycle. (string # value) # Possible values: # 4 - IPv4 # 6 - IPv6 # Note: This option can be changed without restarting. # This option is deprecated for removal. # Its value may be silently ignored in the future. #ip_version = 4 # Download deploy and rescue images directly from swift using # temporary URLs. If set to false (default), images are # downloaded to the ironic-conductor node and served over its # local HTTP server. Applicable only when 'ipxe' compatible # boot interface is used. (boolean value) # Note: This option can be changed without restarting. #ipxe_use_swift = false # If True, generate a PXE environment even for nodes that use # local boot. This is useful when the driver cannot switch # nodes to local boot, e.g. with SNMP or with Redfish on # machines that cannot do persistent boot. Mostly useful for # standalone ironic since Neutron will prevent incorrect PXE # boot. (boolean value) # Note: This option can be changed without restarting. #enable_netboot_fallback = false # Dictionary describing the bootloaders to load into conductor # PXE/iPXE boot folders values from the host operating system. # Formatted as key of destination file name, and value of a # full path to a file to be copied. File assets will have # [pxe]file_permission applied, if set. If used, the file # names should match established bootloader configuration # settings for bootloaders. Use example: # ipxe.efi:/usr/share/ipxe/ipxe- # snponly-x86_64.efi,undionly.kpxe:/usr/share/ipxe/undionly.kpxe # (dict value) #loader_file_paths = # On ironic-conductor node, the path to the initial # grubconfiguration template for grub network boot. (string # value) #initial_grub_template = $pybasedir/drivers/modules/initial_grub_cfg.template [pxe_filter] # # From ironic # # The MAC address cache directory, exposed to dnsmasq.This # directory is expected to be in exclusive control of the # driver but must be purged by the operator. Required. (string # value) #dhcp_hostsdir = # List of inspect interfaces that will be considered by the # PXE filter. Only nodes with these interfaces will be # enabled. (list value) # Note: This option can be changed without restarting. #supported_inspect_interfaces = agent # Period (in seconds) between synchronizing the state of # dnsmasq with the database. (integer value) # Note: This option can be changed without restarting. #sync_period = 45 [redfish] # # From ironic # # Maximum number of attempts to try to connect to Redfish # (integer value) # Minimum value: 1 #connection_attempts = 5 # Number of seconds to wait between attempts to connect to # Redfish (integer value) # Minimum value: 1 #connection_retry_interval = 4 # Maximum Redfish client connection cache size. Redfish driver # would strive to reuse authenticated BMC connections # (obtained through Redfish Session Service). This option caps # the maximum number of connections to maintain. The value of # `0` disables client connection caching completely. (integer # value) # Minimum value: 0 #connection_cache_size = 1000 # Redfish HTTP client authentication method. (string value) # Possible values: # basic - Use HTTP basic authentication # session - Use HTTP session authentication # auto - Try HTTP session authentication first, fall back to # basic HTTP authentication #auth_type = auto # Upload generated ISO images for virtual media boot to Swift, # then pass temporary URL to BMC for booting the node. If set # to false, images are placed on the ironic-conductor node and # served over its local HTTP server. (boolean value) # Note: This option can be changed without restarting. #use_swift = false # The Swift container to store Redfish driver data. Applies # only when `use_swift` is enabled. (string value) # Note: This option can be changed without restarting. #swift_container = ironic_redfish_container # Amount of time in seconds for Swift objects to auto-expire. # Applies only when `use_swift` is enabled. (integer value) # Note: This option can be changed without restarting. #swift_object_expiry_timeout = 900 # Additional kernel parameters to pass down to the instance # kernel. These parameters can be consumed by the kernel or by # the applications by reading /proc/cmdline. Mind severe # cmdline size limit! Can be overridden by # `instance_info/kernel_append_params` property. (string # value) # Note: This option can be changed without restarting. #kernel_append_params = nofb vga=normal # File permission for swift-less image hosting with the octal # permission representation of file access permissions. This # setting defaults to ``644``, or as the octal number # ``0o644`` in Python. This setting must be set to the octal # number representation, meaning starting with ``0o``. # (integer value) #file_permission = 420 # Number of seconds to wait between checking for completed # firmware update tasks (integer value) # Minimum value: 0 #firmware_update_status_interval = 60 # Number of seconds to wait between checking for failed # firmware update tasks (integer value) # Minimum value: 0 #firmware_update_fail_interval = 60 # Number of seconds to wait before proceeding with the reboot # to finish the BMC firmware update step (integer value) # Minimum value: 0 #firmware_update_wait_unresponsive_bmc = 300 # Number of successful responses required to consider post- # upgrade BMC validation a success. Set to 0 to disable post- # upgrade validation entirely. (integer value) # Minimum value: 0 #firmware_update_required_successes = 3 # Timeout (in seconds) to wait between validation attempts. # Set to 0 for rapid succession retries with no delay. # (integer value) # Minimum value: 0 #firmware_update_validation_interval = 30 # Timeout (in seconds) to wait for BMC resources (System, # Manager, NetworkAdapters) to become stable and consistently # available after firmware update. Set to 0 to disable post- # upgrade validation entirely. (integer value) # Minimum value: 0 #firmware_update_resource_validation_timeout = 300 # Timeout (in seconds) for BMC firmware updates. BMC firmware # updates may need extended time to handle BMC transitional # states during the firmware update process. (integer value) # Minimum value: 0 #firmware_update_bmc_timeout = 300 # Default wait time (in seconds) for component-specific # firmware update operations. Used for: BIOS firmware update # wait before reboot, BMC firmware version check timeout, and # NIC firmware task completion timeout. (integer value) # Minimum value: 0 #firmware_update_reboot_delay = 300 # Interval (in seconds) for checking BMC firmware version # after BMC firmware update. Used to verify if BMC firmware # has been successfully applied. (integer value) # Minimum value: 0 #firmware_update_bmc_version_check_interval = 30 # Time (in seconds) to wait for a NIC firmware update task to # progress beyond the STARTING state before triggering a # reboot. Some NICs need a reboot to start applying firmware, # while others can begin immediately. This timeout helps # determine which behavior the hardware exhibits. (integer # value) # Minimum value: 0 #firmware_update_nic_starting_wait = 30 # Maximum time (in seconds) allowed for the entire firmware # update operation to complete. This provides a safety net for # firmware updates that get stuck. Set to 0 to disable this # timeout (not recommended). Default is 7200 seconds (2 # hours). (integer value) # Minimum value: 0 #firmware_update_overall_timeout = 7200 # Specifies how firmware image should be served. Whether from # its original location using the firmware source URL # directly, or should serve it from ironic's Swift or HTTP # server. (string value) # Possible values: # http - If firmware source URL is also HTTP, then serve from # original location, otherwise copy to ironic's HTTP server. # Default. # local - Download from original location and server from # ironic's HTTP server. # swift - If firmware source URL is also Swift, serve from # original location, otherwise copy to ironic's Swift server. # Note: This option can be changed without restarting. #firmware_source = http # Number of seconds to wait between checking for completed # raid config tasks (integer value) # Minimum value: 0 #raid_config_status_interval = 60 # Number of seconds to wait between checking for failed raid # config tasks (integer value) # Minimum value: 0 #raid_config_fail_interval = 60 # Number of seconds to wait for boot mode or secure boot # status change to take effect after a reboot. Set to 0 to # disable waiting. (integer value) # Minimum value: 0 #boot_mode_config_timeout = 900 # The default verify_ca path when redfish_verify_ca in # driver_info is missing or set to True. (string value) #verify_ca = # Whether to enable the automated verify step that checks and # sets the BMC clock. When enabled, Ironic will automatically # attempt to set the BMC's clock during node registration (in # the verify phase) using Redfish's DateTime fields. This # helps avoid TLS certificate issues caused by incorrect BMC # time. (boolean value) #enable_verify_bmc_clock = false # A comma-separated lists of inspection hooks that are run by # default for the "agent" inspection interface. In most cases, # the operators will not modify this. The default (somewhat # conservative) hooks validate interfaces in the inventory, # create ports and set the node's cpu architecture property. # (string value) #default_inspection_hooks = validate-interfaces,ports,architecture # Comma-separated list of enabled hooks for processing # pipeline when using the "redfish" inspection interface. The # default for this is $default_inspection_hooks. Hooks can be # added before or after the defaults like this: # "prehook,$default_hooks,posthook". (string value) #inspection_hooks = $default_inspection_hooks # Maximum number of retry attempts when BMC rejects boot # device changes during POST (Power-On Self-Test). Some BMCs # (e.g. HPE iLO) reject boot device modifications while the # system is in POST after a firmware update or reboot. # (integer value) # Minimum value: 1 #post_boot_retry_attempts = 6 # Minimum delay in seconds between retry attempts for POST- # related boot device errors. Exponential backoff is applied, # starting from this value up to 6x this value. (integer # value) # Minimum value: 1 #post_boot_retry_delay = 5 [sensor_data] # # From ironic # # Enable sending sensor data message via the notification bus. # (boolean value) # Deprecated group/name - [conductor]/send_sensor_data #send_sensor_data = false # Seconds between conductor sending sensor data message via # the notification bus. This was originally for consumption # via ceilometer, but the data may also be consumed via a # plugin like ironic-prometheus-exporter or any other message # bus data collector. (integer value) # Minimum value: 1 # Deprecated group/name - [conductor]/send_sensor_data_interval #interval = 600 # The maximum number of workers that can be started # simultaneously for send data from sensors periodic task. # (integer value) # Minimum value: 1 # Deprecated group/name - [conductor]/send_sensor_data_workers #workers = 4 # The time in seconds to wait for send sensors data periodic # task to be finished before allowing periodic call to happen # again. Should be less than send_sensor_data_interval value. # (integer value) # Deprecated group/name - [conductor]/send_sensor_data_wait_timeout #wait_timeout = 300 # List of comma separated meter types which need to be sent to # Ceilometer. The default value, "ALL", is a special value # meaning send all the sensor data. This setting only applies # to baremetal sensor data being processed through the # conductor. (list value) # Deprecated group/name - [conductor]/send_sensor_data_types #data_types = ALL # The default for sensor data collection is to only collect # data for machines that are deployed, however operators may # desire to know if there are failures in hardware that is not # presently in use. When set to true, the conductor will # collect sensor information from all nodes when sensor data # collection is enabled via the send_sensor_data setting. # (boolean value) # Deprecated group/name - [conductor]/send_sensor_data_for_undeployed_nodes #enable_for_undeployed_nodes = false # If to include sensor metric data for the Conductor process # itself in the message payload for sensor data which allows # operators to gather instance counts of actions and states to # better manage the deployment. (boolean value) #enable_for_conductor = true # If to transmit any sensor data for any nodes under this # conductor's management. This option supersedes the # ``send_sensor_data_for_undeployed_nodes`` setting. (boolean # value) #enable_for_nodes = true [service_catalog] # # From ironic # # Authentication URL (string value) #auth_url = # Authentication type to load (string value) # Deprecated group/name - [service_catalog]/auth_plugin #auth_type = # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) #cafile = # PEM encoded client certificate cert file (string value) #certfile = # Collect per-API call timing information. (boolean value) #collect_timing = false # The maximum number of retries that should be attempted for # connection errors. (integer value) #connect_retries = # Delay (in seconds) between two retries for connection # errors. If not set, exponential retry starting with 0.5 # seconds up to a maximum of 60 seconds is used. (floating # point value) #connect_retry_delay = # Optional domain ID to use with v3 and v2 parameters. It will # be used for both the user and project domain in v3 and # ignored in v2 authentication. (string value) #default_domain_id = # Optional domain name to use with v3 API and v2 parameters. # It will be used for both the user and project domain in v3 # and ignored in v2 authentication. (string value) #default_domain_name = # Domain ID to scope to (string value) #domain_id = # Domain name to scope to (string value) #domain_name = # Always use this endpoint URL for requests for this client. # NOTE: The unversioned endpoint should be specified here; to # request a particular API version, use the `version`, `min- # version`, and/or `max-version` options. (string value) #endpoint_override = # Verify HTTPS connections. (boolean value) #insecure = false # PEM encoded client certificate key file (string value) #keyfile = # The maximum major version of a given API, intended to be # used as the upper bound of a range with min_version. # Mutually exclusive with version. (string value) #max_version = # The minimum major version of a given API, intended to be # used as the lower bound of a range with max_version. # Mutually exclusive with version. If min_version is given # with no max_version it is as if max version is "latest". # (string value) #min_version = # User's password (string value) #password = # Domain ID containing project (string value) #project_domain_id = # Domain name containing project (string value) #project_domain_name = # Project ID to scope to (string value) # Deprecated group/name - [service_catalog]/tenant_id #project_id = # Project name to scope to (string value) # Deprecated group/name - [service_catalog]/tenant_name #project_name = # The default region_name for endpoint URL discovery. (string # value) #region_name = # List of retriable HTTP status codes that should be retried. # If not set default to [503] (list value) #retriable_status_codes = # The default service_name for endpoint URL discovery. (string # value) #service_name = # The default service_type for endpoint URL discovery. (string # value) #service_type = baremetal # Log requests to multiple loggers. (boolean value) #split_loggers = false # The maximum number of retries that should be attempted for # retriable HTTP status codes. (integer value) #status_code_retries = # Delay (in seconds) between two retries for retriable status # codes. If not set, exponential retry starting with 0.5 # seconds up to a maximum of 60 seconds is used. (floating # point value) #status_code_retry_delay = # Scope for system operations (string value) #system_scope = # Tenant ID (string value) #tenant_id = # Tenant Name (string value) #tenant_name = # Timeout value for http requests (integer value) #timeout = # ID of the trust to use as a trustee use (string value) #trust_id = # User's domain id (string value) #user_domain_id = # User's domain name (string value) #user_domain_name = # User id (string value) #user_id = # Username (string value) # Deprecated group/name - [service_catalog]/user_name #username = # List of interfaces, in order of preference, for endpoint # URL. (list value) #valid_interfaces = internal,public # Minimum Major API version within a given Major API version # for endpoint URL discovery. Mutually exclusive with # min_version and max_version (string value) #version = [snmp] # # From ironic # # Seconds to wait for power action to be completed (integer # value) #power_timeout = 10 # Time (in seconds) to sleep between when rebooting (powering # off and on again) (integer value) # Minimum value: 0 #reboot_delay = 0 # Time (in seconds) to sleep before power on and after # powering off. Which may be needed with some PDUs as they may # not honor toggling a specific power port in rapid succession # without a delay. This option may be useful if the attached # physical machine has a substantial power supply to hold it # over in the event of a brownout. (integer value) # Minimum value: 0 #power_action_delay = 0 # Response timeout in seconds used for UDP transport. Timeout # should be a multiple of 0.5 seconds and is applicable to # each retry. (floating point value) # Minimum value: 0.0 #udp_transport_timeout = 1.0 # Maximum number of UDP request retries, 0 means no retries. # (integer value) # Minimum value: 0 #udp_transport_retries = 5 [ssl] # # From oslo.service.sslutils # # DEPRECATED: CA certificate file to use to verify connecting # clients. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The 'ca_file' option is deprecated and will be # removed in a future release. #ca_file = # DEPRECATED: Certificate file to use when starting the server # securely. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The 'cert_file' option is deprecated and will be # removed in a future release. #cert_file = # DEPRECATED: Private key file to use when starting the server # securely. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The 'key_file' option is deprecated and will be # removed in a future release. #key_file = # DEPRECATED: SSL version to use (valid only if SSL enabled). # Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, # and TLSv1_2 may be available on some distributions. (string # value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The 'version' option is deprecated and will be # removed in a future release. #version = # DEPRECATED: Sets the list of available ciphers. value should # be a string in the OpenSSL cipher list format. (string # value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: The 'ciphers' option is deprecated and will be # removed in a future release. #ciphers = [swift] # # From ironic # # Authentication URL (string value) #auth_url = # Authentication type to load (string value) # Deprecated group/name - [swift]/auth_plugin #auth_type = # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) #cafile = # PEM encoded client certificate cert file (string value) #certfile = # Collect per-API call timing information. (boolean value) #collect_timing = false # The maximum number of retries that should be attempted for # connection errors. (integer value) #connect_retries = # Delay (in seconds) between two retries for connection # errors. If not set, exponential retry starting with 0.5 # seconds up to a maximum of 60 seconds is used. (floating # point value) #connect_retry_delay = # Optional domain ID to use with v3 and v2 parameters. It will # be used for both the user and project domain in v3 and # ignored in v2 authentication. (string value) #default_domain_id = # Optional domain name to use with v3 API and v2 parameters. # It will be used for both the user and project domain in v3 # and ignored in v2 authentication. (string value) #default_domain_name = # Domain ID to scope to (string value) #domain_id = # Domain name to scope to (string value) #domain_name = # Always use this endpoint URL for requests for this client. # NOTE: The unversioned endpoint should be specified here; to # request a particular API version, use the `version`, `min- # version`, and/or `max-version` options. (string value) #endpoint_override = # Verify HTTPS connections. (boolean value) #insecure = false # PEM encoded client certificate key file (string value) #keyfile = # The maximum major version of a given API, intended to be # used as the upper bound of a range with min_version. # Mutually exclusive with version. (string value) #max_version = # The minimum major version of a given API, intended to be # used as the lower bound of a range with max_version. # Mutually exclusive with version. If min_version is given # with no max_version it is as if max version is "latest". # (string value) #min_version = # User's password (string value) #password = # Domain ID containing project (string value) #project_domain_id = # Domain name containing project (string value) #project_domain_name = # Project ID to scope to (string value) # Deprecated group/name - [swift]/tenant_id #project_id = # Project name to scope to (string value) # Deprecated group/name - [swift]/tenant_name #project_name = # The default region_name for endpoint URL discovery. (string # value) #region_name = # List of retriable HTTP status codes that should be retried. # If not set default to [503] (list value) #retriable_status_codes = # The default service_name for endpoint URL discovery. (string # value) #service_name = # The default service_type for endpoint URL discovery. (string # value) #service_type = object-store # Log requests to multiple loggers. (boolean value) #split_loggers = false # The maximum number of retries that should be attempted for # retriable HTTP status codes. (integer value) #status_code_retries = # Delay (in seconds) between two retries for retriable status # codes. If not set, exponential retry starting with 0.5 # seconds up to a maximum of 60 seconds is used. (floating # point value) #status_code_retry_delay = # Scope for system operations (string value) #system_scope = # Tenant ID (string value) #tenant_id = # Tenant Name (string value) #tenant_name = # Timeout value for http requests (integer value) #timeout = # ID of the trust to use as a trustee use (string value) #trust_id = # User's domain id (string value) #user_domain_id = # User's domain name (string value) #user_domain_name = # User id (string value) #user_id = # Username (string value) # Deprecated group/name - [swift]/user_name #username = # List of interfaces, in order of preference, for endpoint # URL. (list value) #valid_interfaces = internal,public # Minimum Major API version within a given Major API version # for endpoint URL discovery. Mutually exclusive with # min_version and max_version (string value) #version = [vnc] # # From ironic # # Enable VNC related features. Guests will get created with # graphical devices to support this. Clients (for example # Horizon) can then establish a VNC connection to the guest. # (boolean value) #enabled = false # The IP address or hostname on which ironic-novncproxy # listens. (host address value) #host_ip = 0.0.0.0 # The TCP port on which ironic-novncproxy listens. (port # value) # Minimum value: 0 # Maximum value: 65535 #port = 6090 # Public URL to use when building the links to the noVNC # client browser page (for example, # "http://127.0.0.1:6090/vnc_auto.html"). If the API is # operating behind a proxy, you will want to change this to # represent the proxy's URL. (string value) # Note: This option can be changed without restarting. #public_url = # Enable the integrated stand-alone noVNC to service requests # via HTTPS instead of HTTP. If there is a front-end service # performing HTTPS offloading from the service, this option # should be False; note, you will want to configure # [vnc]public_endpoint option to set URLs in responses to the # SSL terminated one. (boolean value) #enable_ssl = false # Path to directory with content which will be served by a web # server. (string value) #novnc_web = /usr/share/novnc # Filename that will be used for storing websocket frames # received and sent by a VNC proxy service running on this # host. If this is not set, no recording will be done. (string # value) #novnc_record = # The allowed authentication schemes to use with proxied VNC # connections (list value) #novnc_auth_schemes = none # When True, keyboard and mouse events will not be passed to # the console. (boolean value) #read_only = false # The lifetime of a console auth token (in seconds). (integer # value) # Minimum value: 10 #token_timeout = 600 # Interval (in seconds) between periodic checks to determine # whether active console sessions have expired and need to be # closed. (integer value) # Minimum value: 1 #expire_console_session_interval = 120 # Console container provider which manages the containers that # expose a VNC service to ironic-novncproxy or nova- # novncproxy. Each container runs an X11 session and a browser # showing the actual BMC console. "systemd" manages containers # as systemd units via podman Quadlet support. The default is # "fake" which returns an unusable VNC host and port. This # needs to be changed if enabled is True. "kubernetes" manages # containers as pods using template driven resource creation. # (string value) #container_provider = fake # Container image reference for the "systemd" and "kubernetes" # console container provider, and any other out-of-tree # provider which requires a configurable image reference. # (string value) # Note: This option can be changed without restarting. #console_image = # For the systemd provider, path to the template for defining # a console container. The default template requires that # "console_image" be set. (string value) # Note: This option can be changed without restarting. #systemd_container_template = $pybasedir/console/container/ironic-console.container.template # Equivalent to the podman run --port argument for the mapping # of VNC port 5900 to the host. An IP address is required to # bind to, defaulting to $my_ip. The VNC port exposed on the # host will be a randomly allocated high port. These # containers expose VNC servers which must be accessible by # ironic-novncproxy and/or nova-novncproxy. The VNC servers # have no authentication or encryption so they also should not # be exposed to public access. Additionally, the containers # need to be able to access BMC management endpoints. (string # value) #systemd_container_publish_port = $my_ip::5900 # For the kubernetes provider, path to the template for # defining the console resources. The default template creates # one Secret to store the app info, and one Pod to run a # console container. A custom template must include namespace # metadata, and must define labels which can be used as a # delete-all selector. (string value) # Note: This option can be changed without restarting. #kubernetes_container_template = $pybasedir/console/container/ironic-console-pod.yaml.template # For the kubernetes provider, the time (in seconds) to wait # for the console pod to start. (integer value) #kubernetes_pod_timeout = 120 # Certificate file to use when starting the server securely. # (string value) #ssl_cert_file = # Private key file to use when starting the server securely. # (string value) #ssl_key_file = # The minimum SSL version to use. (string value) #ssl_minimum_version = # Sets the list of available ciphers. value should be a string # in the OpenSSL cipher list format. (string value) #ssl_ciphers = # Maximum number of seconds to wait for a console container to # be ready to accept VNC connections after starting. (integer # value) # Minimum value: 1 #wait_for_ready_timeout = 10