Atom feed of this document
  
Kilo -  Kilo -  Kilo -  Kilo -  Kilo -  Kilo -  Kilo -  Kilo - 

 New, updated and deprecated options in Kilo for OpenStack Identity

Table 7.38. New options
Option = default value (Type) Help string
[DEFAULT] log-config-append = None (StrOpt) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation.
[DEFAULT] log-date-format = %Y-%m-%d %H:%M:%S (StrOpt) Format string for %%(asctime)s in log records. Default: %(default)s .
[DEFAULT] log-dir = None (StrOpt) (Optional) The base directory used for relative --log-file paths.
[DEFAULT] log-file = None (StrOpt) (Optional) Name of log file to output to. If no default is set, logging will go to stdout.
[DEFAULT] log-format = None (StrOpt) DEPRECATED. A logging.Formatter log message format string which may use any of the available logging.LogRecord attributes. This option is deprecated. Please use logging_context_format_string and logging_default_format_string instead.
[DEFAULT] max_project_tree_depth = 5 (IntOpt) Maximum depth of the project hierarchy. WARNING: setting it to a large value may adversely impact performance.
[DEFAULT] notification_format = basic (StrOpt) Define the notification format for Identity Service events. A "basic" notification has information about the resource being operated on. A "cadf" notification has the same information, as well as information about the initiator of the event. Valid options are: basic and cadf
[DEFAULT] secure_proxy_ssl_header = None (StrOpt) The HTTP header used to determine the scheme for the original request, even if it was removed by an SSL terminating proxy. Typical value is "HTTP_X_FORWARDED_PROTO".
[DEFAULT] syslog-log-facility = LOG_USER (StrOpt) Syslog facility to receive log lines.
[DEFAULT] use-syslog = False (BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED during I, and will change in J to honor RFC5424.
[DEFAULT] use-syslog-rfc-format = False (BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in I, and will be removed in J.
[auth] oauth1 = keystone.auth.plugins.oauth1.OAuth (StrOpt) The oAuth1.0 auth plugin module.
[domain_config] cache_time = 300 (IntOpt) TTL (in seconds) to cache domain config data. This has no effect unless domain config caching is enabled.
[domain_config] caching = True (BoolOpt) Toggle for domain config caching. This has no effect unless global caching is enabled.
[domain_config] driver = keystone.resource.config_backends.sql.DomainConfig (StrOpt) Domain config backend driver.
[eventlet_server] admin_bind_host = 0.0.0.0 (StrOpt) The IP address of the network interface for the admin service to listen on.
[eventlet_server] admin_port = 35357 (IntOpt) The port number which the admin service listens on.
[eventlet_server] admin_workers = None (IntOpt) The number of worker processes to serve the admin eventlet application. Defaults to number of CPUs (minimum of 2).
[eventlet_server] public_bind_host = 0.0.0.0 (StrOpt) The IP address of the network interface for the public service to listen on.
[eventlet_server] public_port = 5000 (IntOpt) The port number which the public service listens on.
[eventlet_server] public_workers = None (IntOpt) The number of worker processes to serve the public eventlet application. Defaults to number of CPUs (minimum of 2).
[eventlet_server] tcp_keepalive = False (BoolOpt) Set this to true if you want to enable TCP_KEEPALIVE on server sockets, i.e. sockets used by the Keystone wsgi server for client connections.
[eventlet_server] tcp_keepidle = 600 (IntOpt) Sets the value of TCP_KEEPIDLE in seconds for each server socket. Only applies if tcp_keepalive is true.
[eventlet_server_ssl] ca_certs = /etc/keystone/ssl/certs/ca.pem (StrOpt) Path of the CA cert file for SSL.
[eventlet_server_ssl] cert_required = False (BoolOpt) Require client certificate.
[eventlet_server_ssl] certfile = /etc/keystone/ssl/certs/keystone.pem (StrOpt) Path of the certfile for SSL. For non-production environments, you may be interested in using `keystone-manage ssl_setup` to generate self-signed certificates.
[eventlet_server_ssl] enable = False (BoolOpt) Toggle for SSL support on the Keystone eventlet servers.
[eventlet_server_ssl] keyfile = /etc/keystone/ssl/private/keystonekey.pem (StrOpt) Path of the keyfile for SSL.
[federation] federated_domain_name = Federated (StrOpt) A domain name that is reserved to allow federated ephemeral users to have a domain concept. Note that an admin will not be able to create a domain with this name or update an existing domain to this name. You are not advised to change this value unless you really have to. Changing this option to empty string or None will not have any impact and default name will be used.
[federation] remote_id_attribute = None (StrOpt) Value to be used to obtain the entity ID of the Identity Provider from the environment (e.g. if using the mod_shib plugin this value is `Shib-Identity-Provider`).
[federation] sso_callback_template = /etc/keystone/sso_callback_template.html (StrOpt) Location of Single Sign-On callback handler, will return a token to a trusted dashboard host.
[federation] trusted_dashboard = [] (MultiStrOpt) A list of trusted dashboard hosts. Before accepting a Single Sign-On request to return a token, the origin host must be a member of the trusted_dashboard list. This configuration option may be repeated for multiple values. For example: trusted_dashboard=http://acme.com trusted_dashboard=http://beta.com
[fernet_tokens] key_repository = /etc/keystone/fernet-keys/ (StrOpt) Directory containing Fernet token keys.
[fernet_tokens] max_active_keys = 3 (IntOpt) This controls how many keys are held in rotation by keystone-manage fernet_rotate before they are discarded. The default value of 3 means that keystone will maintain one staged key, one primary key, and one secondary key. Increasing this value means that additional secondary keys will be kept in the rotation.
[identity] cache_time = 600 (IntOpt) Time to cache identity data (in seconds). This has no effect unless global and identity caching are enabled.
[identity] caching = True (BoolOpt) Toggle for identity caching. This has no effect unless global caching is enabled.
[identity] domain_configurations_from_database = False (BoolOpt) Extract the domain specific configuration options from the resource backend where they have been stored with the domain data. This feature is disabled by default (in which case the domain specific options will be loaded from files in the domain configuration directory); set to true to enable.
[oslo_messaging_amqp] allow_insecure_clients = False (BoolOpt) Accept clients using either SSL or plain TCP
[oslo_messaging_amqp] broadcast_prefix = broadcast (StrOpt) address prefix used when broadcasting to all servers
[oslo_messaging_amqp] container_name = None (StrOpt) Name for the AMQP container
[oslo_messaging_amqp] group_request_prefix = unicast (StrOpt) address prefix when sending to any server in group
[oslo_messaging_amqp] idle_timeout = 0 (IntOpt) Timeout for inactive connections (in seconds)
[oslo_messaging_amqp] server_request_prefix = exclusive (StrOpt) address prefix used when sending to a specific server
[oslo_messaging_amqp] ssl_ca_file = (StrOpt) CA certificate PEM file for verifing server certificate
[oslo_messaging_amqp] ssl_cert_file = (StrOpt) Identifying certificate PEM file to present to clients
[oslo_messaging_amqp] ssl_key_file = (StrOpt) Private key PEM file used to sign cert_file certificate
[oslo_messaging_amqp] ssl_key_password = None (StrOpt) Password for decrypting ssl_key_file (if encrypted)
[oslo_messaging_amqp] trace = False (BoolOpt) Debug: dump AMQP frames to stdout
[oslo_messaging_qpid] amqp_auto_delete = False (BoolOpt) Auto-delete queues in AMQP.
[oslo_messaging_qpid] amqp_durable_queues = False (BoolOpt) Use durable queues in AMQP.
[oslo_messaging_qpid] qpid_heartbeat = 60 (IntOpt) Seconds between connection keepalive heartbeats.
[oslo_messaging_qpid] qpid_hostname = localhost (StrOpt) Qpid broker hostname.
[oslo_messaging_qpid] qpid_hosts = $qpid_hostname:$qpid_port (ListOpt) Qpid HA cluster host:port pairs.
[oslo_messaging_qpid] qpid_password = (StrOpt) Password for Qpid connection.
[oslo_messaging_qpid] qpid_port = 5672 (IntOpt) Qpid broker port.
[oslo_messaging_qpid] qpid_protocol = tcp (StrOpt) Transport to use, either 'tcp' or 'ssl'.
[oslo_messaging_qpid] qpid_receiver_capacity = 1 (IntOpt) The number of prefetched messages held by receiver.
[oslo_messaging_qpid] qpid_sasl_mechanisms = (StrOpt) Space separated list of SASL mechanisms to use for auth.
[oslo_messaging_qpid] qpid_tcp_nodelay = True (BoolOpt) Whether to disable the Nagle algorithm.
[oslo_messaging_qpid] qpid_topology_version = 1 (IntOpt) The qpid topology version to use. Version 1 is what was originally used by impl_qpid. Version 2 includes some backwards-incompatible changes that allow broker federation to work. Users should update to version 2 when they are able to take everything down, as it requires a clean break.
[oslo_messaging_qpid] qpid_username = (StrOpt) Username for Qpid connection.
[oslo_messaging_qpid] rpc_conn_pool_size = 30 (IntOpt) Size of RPC connection pool.
[oslo_messaging_rabbit] amqp_auto_delete = False (BoolOpt) Auto-delete queues in AMQP.
[oslo_messaging_rabbit] amqp_durable_queues = False (BoolOpt) Use durable queues in AMQP.
[oslo_messaging_rabbit] fake_rabbit = False (BoolOpt) Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
[oslo_messaging_rabbit] heartbeat_rate = 2 (IntOpt) How often times during the heartbeat_timeout_threshold we check the heartbeat.
[oslo_messaging_rabbit] heartbeat_timeout_threshold = 0 (IntOpt) Number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disables the heartbeat, >0 enables it. Enabling heartbeats requires kombu>=3.0.7 and amqp>=1.4.0). EXPERIMENTAL
[oslo_messaging_rabbit] kombu_reconnect_delay = 1.0 (FloatOpt) How long to wait before reconnecting in response to an AMQP consumer cancel notification.
[oslo_messaging_rabbit] kombu_ssl_ca_certs = (StrOpt) SSL certification authority file (valid only if SSL enabled).
[oslo_messaging_rabbit] kombu_ssl_certfile = (StrOpt) SSL cert file (valid only if SSL enabled).
[oslo_messaging_rabbit] kombu_ssl_keyfile = (StrOpt) SSL key file (valid only if SSL enabled).
[oslo_messaging_rabbit] kombu_ssl_version = (StrOpt) SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.
[oslo_messaging_rabbit] rabbit_ha_queues = False (BoolOpt) Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you must wipe the RabbitMQ database.
[oslo_messaging_rabbit] rabbit_host = localhost (StrOpt) The RabbitMQ broker address where a single node is used.
[oslo_messaging_rabbit] rabbit_hosts = $rabbit_host:$rabbit_port (ListOpt) RabbitMQ HA cluster host:port pairs.
[oslo_messaging_rabbit] rabbit_login_method = AMQPLAIN (StrOpt) The RabbitMQ login method.
[oslo_messaging_rabbit] rabbit_max_retries = 0 (IntOpt) Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry count).
[oslo_messaging_rabbit] rabbit_password = guest (StrOpt) The RabbitMQ password.
[oslo_messaging_rabbit] rabbit_port = 5672 (IntOpt) The RabbitMQ broker port where a single node is used.
[oslo_messaging_rabbit] rabbit_retry_backoff = 2 (IntOpt) How long to backoff for between retries when connecting to RabbitMQ.
[oslo_messaging_rabbit] rabbit_retry_interval = 1 (IntOpt) How frequently to retry connecting with RabbitMQ.
[oslo_messaging_rabbit] rabbit_use_ssl = False (BoolOpt) Connect over SSL for RabbitMQ.
[oslo_messaging_rabbit] rabbit_userid = guest (StrOpt) The RabbitMQ userid.
[oslo_messaging_rabbit] rabbit_virtual_host = / (StrOpt) The RabbitMQ virtual host.
[oslo_messaging_rabbit] rpc_conn_pool_size = 30 (IntOpt) Size of RPC connection pool.
[oslo_middleware] max_request_body_size = 114688 (IntOpt) The maximum body size for each request, in bytes.
[oslo_policy] policy_default_rule = default (StrOpt) Default rule. Enforced when a requested rule is not found.
[oslo_policy] policy_dirs = ['policy.d'] (MultiStrOpt) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.
[oslo_policy] policy_file = policy.json (StrOpt) The JSON file that defines policies.
[resource] cache_time = None (IntOpt) TTL (in seconds) to cache resource data. This has no effect unless global caching is enabled.
[resource] caching = True (BoolOpt) Toggle for resource caching. This has no effect unless global caching is enabled.
[resource] driver = None (StrOpt) Resource backend driver. If a resource driver is not specified, the assignment driver will choose the resource driver.
[resource] list_limit = None (IntOpt) Maximum number of entities that will be returned in a resource collection.
[revoke] cache_time = 3600 (IntOpt) Time to cache the revocation list and the revocation events (in seconds). This has no effect unless global and token caching are enabled.
[role] cache_time = None (IntOpt) TTL (in seconds) to cache role data. This has no effect unless global caching is enabled.
[role] caching = True (BoolOpt) Toggle for role caching. This has no effect unless global caching is enabled.
[role] driver = None (StrOpt) Role backend driver.
[role] list_limit = None (IntOpt) Maximum number of entities that will be returned in a role collection.
[saml] relay_state_prefix = ss:mem: (StrOpt) The prefix to use for the RelayState SAML attribute, used when generating ECP wrapped assertions.
[token] allow_rescope_scoped_token = True (BoolOpt) Allow rescoping of scoped token. Setting allow_rescoped_scoped_token to false prevents a user from exchanging a scoped token for any other token.
[trust] allow_redelegation = False (BoolOpt) Enable redelegation feature.
[trust] max_redelegation_count = 3 (IntOpt) Maximum depth of trust redelegation.
Table 7.39. New default values
Option Previous default value New default value
[DEFAULT] default_log_levels amqp=WARN, amqplib=WARN, boto=WARN, qpid=WARN, sqlalchemy=WARN, suds=INFO, oslo.messaging=INFO, iso8601=WARN, requests.packages.urllib3.connectionpool=WARN, urllib3.connectionpool=WARN, websocket=WARN, keystonemiddleware=WARN, routes.middleware=WARN, stevedore=WARN amqp=WARN, amqplib=WARN, boto=WARN, qpid=WARN, sqlalchemy=WARN, suds=INFO, oslo.messaging=INFO, iso8601=WARN, requests.packages.urllib3.connectionpool=WARN, urllib3.connectionpool=WARN, websocket=WARN, requests.packages.urllib3.util.retry=WARN, urllib3.util.retry=WARN, keystonemiddleware=WARN, routes.middleware=WARN, stevedore=WARN
[DEFAULT] rpc_zmq_matchmaker oslo.messaging._drivers.matchmaker.MatchMakerLocalhost local
[auth] methods external, password, token external, password, token, oauth1
[revoke] driver keystone.contrib.revoke.backends.kvs.Revoke keystone.contrib.revoke.backends.sql.Revoke
[token] provider None keystone.token.providers.uuid.Provider
Table 7.40. Deprecated options
Deprecated option New Option
[DEFAULT] admin_bind_host [eventlet_server] admin_bind_host
[DEFAULT] log-format None
[DEFAULT] use-syslog None
[DEFAULT] admin_workers [eventlet_server] admin_workers
[assignment] list_limit [resource] list_limit
[DEFAULT] admin_port [eventlet_server] admin_port
[assignment] caching [resource] caching
[DEFAULT] max_request_body_size [oslo_middleware] max_request_body_size
[assignment] cache_time [resource] cache_time
[DEFAULT] tcp_keepidle [eventlet_server] tcp_keepidle
[ssl] cert_required [eventlet_server_ssl] cert_required
[DEFAULT] public_port [eventlet_server] public_port
[DEFAULT] public_bind_host [eventlet_server] public_bind_host
[DEFAULT] tcp_keepalive [eventlet_server] tcp_keepalive
[token] revocation_cache_time [revoke] cache_time
[DEFAULT] public_workers [eventlet_server] public_workers
[ssl] keyfile [eventlet_server_ssl] keyfile
[ssl] ca_certs [eventlet_server_ssl] ca_certs
[ssl] enable [eventlet_server_ssl] enable
[ssl] certfile [eventlet_server_ssl] certfile
Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...