Liberty - Liberty - Liberty - Liberty - Liberty - Liberty - Liberty - Liberty -
The Bare metal service is capable of managing and provisioning physical
machines. The configuration file of this module is
/etc/ironic/ironic.conf
.
The following tables provide a comprehensive list of the Bare metal service configuration options.
Configuration option = Default value | Description |
---|---|
[agent] | |
agent_api_version = v1 |
(StrOpt) API version to use for communicating with the ramdisk agent. |
agent_pxe_append_params = nofb nomodeset vga=normal |
(StrOpt) DEPRECATED. Additional append parameters for baremetal PXE boot. This option is deprecated and will be removed in Mitaka release. Please use [pxe]pxe_append_params instead. |
agent_pxe_config_template = $pybasedir/drivers/modules/agent_config.template |
(StrOpt) DEPRECATED. Template file for PXE configuration. This option is deprecated and will be removed in Mitaka release. Please use [pxe]pxe_config_template instead. |
heartbeat_timeout = 300 |
(IntOpt) Maximum interval (in seconds) for agent heartbeats. |
manage_agent_boot = True |
(BoolOpt) Whether Ironic will manage booting of the agent ramdisk. If set to False, you will need to configure your mechanism to allow booting the agent ramdisk. |
memory_consumed_by_agent = 0 |
(IntOpt) The memory size in MiB consumed by agent when it is booted on a bare metal node. This is used for checking if the image can be downloaded and deployed on the bare metal node after booting agent ramdisk. This may be set according to the memory consumed by the agent ramdisk image. |
post_deploy_get_power_state_retries = 6 |
(IntOpt) Number of times to retry getting power state to check if bare metal node has been powered off after a soft power off. |
post_deploy_get_power_state_retry_interval = 5 |
(IntOpt) Amount of time (in seconds) to wait between polling power state after trigger soft poweroff. |
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
control_exchange = openstack |
(StrOpt) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option. |
notification_driver = [] |
(MultiStrOpt) The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop |
notification_topics = notifications |
(ListOpt) AMQP topic used for OpenStack notifications. |
transport_url = None |
(StrOpt) A URL representing the messaging driver to use and its full configuration. If not set, we fall back to the rpc_backend option and driver specific configuration. |
Configuration option = Default value | Description |
---|---|
[amt] | |
action_wait = 10 |
(IntOpt) Amount of time (in seconds) to wait, before retrying an AMT operation |
max_attempts = 3 |
(IntOpt) Maximum number of times to attempt an AMT operation, before failing |
protocol = http |
(StrOpt) Protocol used for AMT endpoint, support http/https |
Configuration option = Default value | Description |
---|---|
[api] | |
host_ip = 0.0.0.0 |
(StrOpt) The IP address on which ironic-api listens. |
max_limit = 1000 |
(IntOpt) The maximum number of items returned in a single response from a collection resource. |
port = 6385 |
(IntOpt) The TCP port on which ironic-api listens. |
public_endpoint = None |
(StrOpt) Public URL to use when building the links to the API resources (for example, "https://ironic.rocks:6384"). If None the links will be built using the request's host URL. If the API is operating behind a proxy, you will want to change this to represent the proxy's URL. Defaults to None. |
[cors] | |
allow_credentials = True |
(BoolOpt) Indicate that the actual request can include user credentials |
allow_headers = Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma |
(ListOpt) Indicate which header field names may be used during the actual request. |
allow_methods = GET, POST, PUT, DELETE, OPTIONS |
(ListOpt) Indicate which methods can be used during the actual request. |
allowed_origin = None |
(StrOpt) Indicate whether this resource may be shared with the domain received in the requests "origin" header. |
expose_headers = Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma |
(ListOpt) Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers. |
max_age = 3600 |
(IntOpt) Maximum cache age of CORS preflight requests. |
[cors.subdomain] | |
allow_credentials = True |
(BoolOpt) Indicate that the actual request can include user credentials |
allow_headers = Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma |
(ListOpt) Indicate which header field names may be used during the actual request. |
allow_methods = GET, POST, PUT, DELETE, OPTIONS |
(ListOpt) Indicate which methods can be used during the actual request. |
allowed_origin = None |
(StrOpt) Indicate whether this resource may be shared with the domain received in the requests "origin" header. |
expose_headers = Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma |
(ListOpt) Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers. |
max_age = 3600 |
(IntOpt) Maximum cache age of CORS preflight requests. |
[oslo_middleware] | |
max_request_body_size = 114688 |
(IntOpt) The maximum body size for each request, in bytes. |
secure_proxy_ssl_header = X-Forwarded-Proto |
(StrOpt) The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by an SSL termination proxy. |
[oslo_versionedobjects] | |
fatal_exception_format_errors = False |
(BoolOpt) Make exception message format errors fatal |
Configuration option = Default value | Description |
---|---|
[keystone_authtoken] | |
admin_password = None |
(StrOpt) Service user password. |
admin_tenant_name = admin |
(StrOpt) Service tenant name. |
admin_token = None |
(StrOpt) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use `admin_user` and `admin_password` instead. |
admin_user = None |
(StrOpt) Service username. |
auth_admin_prefix =
|
(StrOpt) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri. |
auth_host = 127.0.0.1 |
(StrOpt) Host providing the admin Identity API endpoint. Deprecated, use identity_uri. |
auth_plugin = None |
(StrOpt) Name of the plugin to load |
auth_port = 35357 |
(IntOpt) Port of the admin Identity API endpoint. Deprecated, use identity_uri. |
auth_protocol = https |
(StrOpt) Protocol of the admin Identity API endpoint (http or https). Deprecated, use identity_uri. |
auth_section = None |
(StrOpt) Config Section from which to load plugin specific options |
auth_uri = None |
(StrOpt) Complete public Identity API endpoint. |
auth_version = None |
(StrOpt) API version of the admin Identity API endpoint. |
cache = None |
(StrOpt) Env key for the swift cache. |
cafile = None |
(StrOpt) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. |
certfile = None |
(StrOpt) Required if identity server requires client certificate |
check_revocations_for_cached = False |
(BoolOpt) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server. |
delay_auth_decision = False |
(BoolOpt) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. |
enforce_token_bind = permissive |
(StrOpt) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. |
hash_algorithms = md5 |
(ListOpt) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance. |
http_connect_timeout = None |
(IntOpt) Request timeout value for communicating with Identity API server. |
http_request_max_retries = 3 |
(IntOpt) How many times are we trying to reconnect when communicating with Identity API Server. |
identity_uri = None |
(StrOpt) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/ |
include_service_catalog = True |
(BoolOpt) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. |
insecure = False |
(BoolOpt) Verify HTTPS connections. |
keyfile = None |
(StrOpt) Required if identity server requires client certificate |
memcache_pool_conn_get_timeout = 10 |
(IntOpt) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. |
memcache_pool_dead_retry = 300 |
(IntOpt) (Optional) Number of seconds memcached server is considered dead before it is tried again. |
memcache_pool_maxsize = 10 |
(IntOpt) (Optional) Maximum total number of open connections to every memcached server. |
memcache_pool_socket_timeout = 3 |
(IntOpt) (Optional) Socket timeout in seconds for communicating with a memcached server. |
memcache_pool_unused_timeout = 60 |
(IntOpt) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. |
memcache_secret_key = None |
(StrOpt) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. |
memcache_security_strategy = None |
(StrOpt) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. |
memcache_use_advanced_pool = False |
(BoolOpt) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. |
memcached_servers = None |
(ListOpt) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. |
region_name = None |
(StrOpt) The region in which the identity server can be found. |
revocation_cache_time = 10 |
(IntOpt) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. |
signing_dir = None |
(StrOpt) Directory used to cache files related to PKI tokens. |
token_cache_time = 300 |
(IntOpt) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. |
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
auth_strategy = keystone |
(StrOpt) Authentication strategy used by ironic-api: one of "keystone" or "noauth". "noauth" should not be used in a production environment because all authentication will be disabled. |
Configuration option = Default value | Description |
---|---|
[cimc] | |
action_interval = 10 |
(IntOpt) Amount of time in seconds to wait in between power operations |
max_retry = 6 |
(IntOpt) Number of times a power operation needs to be retried |
[cisco_ucs] | |
action_interval = 5 |
(IntOpt) Amount of time in seconds to wait in between power operations |
max_retry = 6 |
(IntOpt) Number of times a power operation needs to be retried |
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
bindir = /usr/local/bin |
(StrOpt) Directory where ironic binaries are installed. |
enabled_drivers = pxe_ipmitool |
(ListOpt) Specify the list of drivers to load during service initialization. Missing drivers, or drivers which fail to initialize, will prevent the conductor service from starting. The option default is a recommended set of production-oriented drivers. A complete list of drivers present on your system may be found by enumerating the "ironic.drivers" entrypoint. An example may be found in the developer documentation online. |
executor_thread_pool_size = 64 |
(IntOpt) Size of executor thread pool. |
fatal_deprecations = False |
(BoolOpt) Enables or disables fatal status of deprecations. |
force_raw_images = True |
(BoolOpt) If True, convert backing images to "raw" disk image format. |
grub_config_template = $pybasedir/common/grub_conf.template |
(StrOpt) Template file for grub configuration file. |
hash_distribution_replicas = 1 |
(IntOpt) [Experimental Feature] Number of hosts to map onto each hash partition. Setting this to more than one will cause additional conductor services to prepare deployment environments and potentially allow the Ironic cluster to recover more quickly if a conductor instance is terminated. |
hash_partition_exponent = 5 |
(IntOpt) Exponent to determine number of hash partitions to use when distributing load across conductors. Larger values will result in more even distribution of load and less load when rebalancing the ring, but more memory usage. Number of partitions per conductor is (2^hash_partition_exponent). This determines the granularity of rebalancing: given 10 hosts, and an exponent of the 2, there are 40 partitions in the ring.A few thousand partitions should make rebalancing smooth in most cases. The default is suitable for up to a few hundred conductors. Too many partitions has a CPU impact. |
host = sd-52009.dedibox.fr |
(StrOpt) Name of this node. This can be an opaque identifier. It is not necessarily a hostname, FQDN, or IP address. However, the node name must be valid within an AMQP key, and if using ZeroMQ, a valid hostname, FQDN, or IP address. |
isolinux_bin = /usr/lib/syslinux/isolinux.bin |
(StrOpt) Path to isolinux binary file. |
isolinux_config_template = $pybasedir/common/isolinux_config.template |
(StrOpt) Template file for isolinux configuration file. |
memcached_servers = None |
(ListOpt) Memcached servers or None for in process cache. |
my_ip = 10.0.0.1 |
(StrOpt) IP address of this host. If unset, will determine the IP programmatically. If unable to do so, will use "127.0.0.1". |
parallel_image_downloads = False |
(BoolOpt) Run image downloads and raw format conversions in parallel. |
periodic_interval = 60 |
(IntOpt) Seconds between running periodic tasks. |
pybasedir = /usr/lib/python/site-packages/ironic |
(StrOpt) Directory where the ironic python module is installed. |
rootwrap_config = /etc/ironic/rootwrap.conf |
(StrOpt) Path to the rootwrap configuration file to use for running commands as root. |
state_path = $pybasedir |
(StrOpt) Top-level directory for maintaining ironic's state. |
tempdir = /tmp |
(StrOpt) Temporary working directory, default is Python temp dir. |
Configuration option = Default value | Description |
---|---|
[conductor] | |
api_url = None |
(StrOpt) URL of Ironic API service. If not set ironic can get the current value from the keystone service catalog. |
check_provision_state_interval = 60 |
(IntOpt) Interval between checks of provision timeouts, in seconds. |
clean_callback_timeout = 1800 |
(IntOpt) Timeout (seconds) to wait for a callback from the ramdisk doing the cleaning. If the timeout is reached the node will be put in the "clean failed" provision state. Set to 0 to disable timeout. |
clean_nodes = True |
(BoolOpt) Cleaning is a configurable set of steps, such as erasing disk drives, that are performed on the node to ensure it is in a baseline state and ready to be deployed to. This is done after instance deletion, and during the transition from a "managed" to "available" state. When enabled, the particular steps performed to clean a node depend on which driver that node is managed by; see the individual driver's documentation for details. NOTE: The introduction of the cleaning operation causes instance deletion to take significantly longer. In an environment where all tenants are trusted (eg, because there is only one tenant), this option could be safely disabled. |
configdrive_swift_container = ironic_configdrive_container |
(StrOpt) Name of the Swift container to store config drive data. Used when configdrive_use_swift is True. |
configdrive_use_swift = False |
(BoolOpt) Whether to upload the config drive to Swift. |
deploy_callback_timeout = 1800 |
(IntOpt) Timeout (seconds) to wait for a callback from a deploy ramdisk. Set to 0 to disable timeout. |
force_power_state_during_sync = True |
(BoolOpt) During sync_power_state, should the hardware power state be set to the state recorded in the database (True) or should the database be updated based on the hardware state (False). |
heartbeat_interval = 10 |
(IntOpt) Seconds between conductor heart beats. |
heartbeat_timeout = 60 |
(IntOpt) Maximum time (in seconds) since the last check-in of a conductor. A conductor is considered inactive when this time has been exceeded. |
inspect_timeout = 1800 |
(IntOpt) Timeout (seconds) for waiting for node inspection. 0 - unlimited. |
node_locked_retry_attempts = 3 |
(IntOpt) Number of attempts to grab a node lock. |
node_locked_retry_interval = 1 |
(IntOpt) Seconds to sleep between node lock attempts. |
periodic_max_workers = 8 |
(IntOpt) Maximum number of worker threads that can be started simultaneously by a periodic task. Should be less than RPC thread pool size. |
power_state_sync_max_retries = 3 |
(IntOpt) During sync_power_state failures, limit the number of times Ironic should try syncing the hardware node power state with the node power state in DB |
send_sensor_data = False |
(BoolOpt) Enable sending sensor data message via the notification bus |
send_sensor_data_interval = 600 |
(IntOpt) Seconds between conductor sending sensor data message to ceilometer via the notification bus. |
send_sensor_data_types = ALL |
(ListOpt) List of comma separated meter types which need to be sent to Ceilometer. The default value, "ALL", is a special value meaning send all the sensor data. |
sync_local_state_interval = 180 |
(IntOpt) When conductors join or leave the cluster, existing conductors may need to update any persistent local state as nodes are moved around the cluster. This option controls how often, in seconds, each conductor will check for nodes that it should "take over". Set it to a negative value to disable the check entirely. |
sync_power_state_interval = 60 |
(IntOpt) Interval between syncing the node power state to the database, in seconds. |
workers_pool_size = 100 |
(IntOpt) The size of the workers greenthread pool. |
Configuration option = Default value | Description |
---|---|
[console] | |
subprocess_checking_interval = 1 |
(IntOpt) Time interval (in seconds) for checking the status of console subprocess. |
subprocess_timeout = 10 |
(IntOpt) Time (in seconds) to wait for the console subprocess to start. |
terminal = shellinaboxd |
(StrOpt) Path to serial console terminal program |
terminal_cert_dir = None |
(StrOpt) Directory containing the terminal SSL cert(PEM) for serial console access |
terminal_pid_dir = None |
(StrOpt) Directory for holding terminal pid files. If not specified, the temporary directory will be used. |
Configuration option = Default value | Description |
---|---|
[database] | |
backend = sqlalchemy |
(StrOpt) The back end to use for the database. |
connection = None |
(StrOpt) The SQLAlchemy connection string to use to connect to the database. |
connection_debug = 0 |
(IntOpt) Verbosity of SQL debugging information: 0=None, 100=Everything. |
connection_trace = False |
(BoolOpt) Add Python stack traces to SQL as comment strings. |
db_inc_retry_interval = True |
(BoolOpt) If True, increases the interval between retries of a database operation up to db_max_retry_interval. |
db_max_retries = 20 |
(IntOpt) Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count. |
db_max_retry_interval = 10 |
(IntOpt) If db_inc_retry_interval is set, the maximum seconds between retries of a database operation. |
db_retry_interval = 1 |
(IntOpt) Seconds between retries of a database transaction. |
idle_timeout = 3600 |
(IntOpt) Timeout before idle SQL connections are reaped. |
max_overflow = None |
(IntOpt) If set, use this value for max_overflow with SQLAlchemy. |
max_pool_size = None |
(IntOpt) Maximum number of SQL connections to keep open in a pool. |
max_retries = 10 |
(IntOpt) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count. |
min_pool_size = 1 |
(IntOpt) Minimum number of SQL connections to keep open in a pool. |
mysql_engine = InnoDB |
(StrOpt) MySQL engine to use. |
mysql_sql_mode = TRADITIONAL |
(StrOpt) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode= |
pool_timeout = None |
(IntOpt) If set, use this value for pool_timeout with SQLAlchemy. |
retry_interval = 10 |
(IntOpt) Interval between retries of opening a SQL connection. |
slave_connection = None |
(StrOpt) The SQLAlchemy connection string to use to connect to the slave database. |
sqlite_db = oslo.sqlite |
(StrOpt) The file name to use with SQLite. |
sqlite_synchronous = True |
(BoolOpt) If True, SQLite uses synchronous mode. |
use_db_reconnect = False |
(BoolOpt) Enable the experimental use of database reconnect on connection lost. |
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
pecan_debug = False |
(BoolOpt) Enable pecan debug mode. WARNING: this is insecure and should not be used in a production environment. |
Configuration option = Default value | Description |
---|---|
[deploy] | |
dd_block_size = 1M |
(StrOpt) Block size to use when writing to the nodes disk. |
efi_system_partition_size = 200 |
(IntOpt) Size of EFI system partition in MiB when configuring UEFI systems for local boot. |
erase_devices_iterations = 1 |
(IntOpt) Number of iterations to be run for erasing devices. |
erase_devices_priority = None |
(IntOpt) Priority to run in-band erase devices via the Ironic Python Agent ramdisk. If unset, will use the priority set in the ramdisk (defaults to 10 for the GenericHardwareManager). If set to 0, will not run during cleaning. |
http_root = /httpboot |
(StrOpt) ironic-conductor node's HTTP root path. |
http_url = None |
(StrOpt) ironic-conductor node's HTTP server URL. Example: http://192.1.2.3:8080 |
iscsi_verify_attempts = 3 |
(IntOpt) Maximum attempts to verify an iSCSI connection is active, sleeping 1 second between attempts. |
Configuration option = Default value | Description |
---|---|
[dhcp] | |
dhcp_provider = neutron |
(StrOpt) DHCP provider to use. "neutron" uses Neutron, and "none" uses a no-op provider. |
Configuration option = Default value | Description |
---|---|
[disk_partitioner] | |
check_device_interval = 1 |
(IntOpt) After Ironic has completed creating the partition table, it continues to check for activity on the attached iSCSI device status at this interval prior to copying the image to the node, in seconds |
check_device_max_retries = 20 |
(IntOpt) The maximum number of times to check that the device is not accessed by another process. If the device is still busy after that, the disk partitioning will be treated as having failed. |
Configuration option = Default value | Description |
---|---|
[drac] | |
client_retry_count = 5 |
(IntOpt) In case there is a communication failure, the DRAC client is going to resend the request as many times as defined in this setting. |
client_retry_delay = 5 |
(IntOpt) In case there is a communication failure, the DRAC client is going to wait for as many seconds as defined in this setting before resending the request. |
Configuration option = Default value | Description |
---|---|
[glance] | |
allowed_direct_url_schemes =
|
(ListOpt) A list of URL schemes that can be downloaded directly via the direct_url. Currently supported schemes: [file]. |
auth_strategy = keystone |
(StrOpt) Authentication strategy to use when connecting to glance. Only "keystone" and "noauth" are currently supported by ironic. |
glance_api_insecure = False |
(BoolOpt) Allow to perform insecure SSL (https) requests to glance. |
glance_api_servers = None |
(ListOpt) A list of the glance api servers available to ironic. Prefix with https:// for SSL-based glance API servers. Format is [hostname|IP]:port. |
glance_host = $my_ip |
(StrOpt) Default glance hostname or IP address. |
glance_num_retries = 0 |
(IntOpt) Number of retries when downloading an image from glance. |
glance_port = 9292 |
(IntOpt) Default glance port. |
glance_protocol = http |
(StrOpt) Default protocol to use when connecting to glance. Set to https for SSL. |
swift_account = None |
(StrOpt) The account that Glance uses to communicate with Swift. The format is "AUTH_uuid". "uuid" is the UUID for the account configured in the glance-api.conf. Required for temporary URLs. For example: "AUTH_a422b2-91f3-2f46-74b7-d7c9e8958f5d30". Swift temporary URL format: "endpoint_url/api_version/account/container/object_id" |
swift_api_version = v1 |
(StrOpt) The Swift API version to create a temporary URL for. Defaults to "v1". Swift temporary URL format: "endpoint_url/api_version/account/container/object_id" |
swift_container = glance |
(StrOpt) The Swift container Glance is configured to store its images in. Defaults to "glance", which is the default in glance-api.conf. Swift temporary URL format: "endpoint_url/api_version/account/container/object_id" |
swift_endpoint_url = None |
(StrOpt) The "endpoint" (scheme, hostname, optional port) for the Swift URL of the form "endpoint_url/api_version/account/container/object_id". Do not include trailing "/". For example, use "https://swift.example.com". Required for temporary URLs. |
swift_store_multiple_containers_seed = 0 |
(IntOpt) This should match a config by the same name in the Glance configuration file. When set to 0, a single-tenant store will only use one container to store all images. When set to an integer value between 1 and 32, a single-tenant store will use multiple containers to store images, and this value will determine how many containers are created. |
swift_temp_url_duration = 1200 |
(IntOpt) The length of time in seconds that the temporary URL will be valid for. Defaults to 20 minutes. If some deploys get a 401 response code when trying to download from the temporary URL, try raising this duration. |
swift_temp_url_key = None |
(StrOpt) The secret token given to Swift to allow temporary URL downloads. Required for temporary URLs. |
Configuration option = Default value | Description |
---|---|
[iboot] | |
max_retry = 3 |
(IntOpt) Maximum retries for iBoot operations |
retry_interval = 1 |
(IntOpt) Time between retry attempts for iBoot operations |
Configuration option = Default value | Description |
---|---|
[ilo] | |
clean_priority_clear_secure_boot_keys = 0 |
(IntOpt) Priority for clear_secure_boot_keys clean step. This step is not enabled by default. It can be enabled to to clear all secure boot keys enrolled with iLO. |
clean_priority_erase_devices = None |
(IntOpt) Priority for erase devices clean step. If unset, it defaults to 10. If set to 0, the step will be disabled and will not run during cleaning. |
clean_priority_reset_bios_to_default = 10 |
(IntOpt) Priority for reset_bios_to_default clean step. |
clean_priority_reset_ilo = 1 |
(IntOpt) Priority for reset_ilo clean step. |
clean_priority_reset_ilo_credential = 30 |
(IntOpt) Priority for reset_ilo_credential clean step. This step requires "ilo_change_password" parameter to be updated in nodes's driver_info with the new password. |
clean_priority_reset_secure_boot_keys_to_default = 20 |
(IntOpt) Priority for reset_secure_boot_keys clean step. This step will reset the secure boot keys to manufacturing defaults. |
client_port = 443 |
(IntOpt) Port to be used for iLO operations |
client_timeout = 60 |
(IntOpt) Timeout (in seconds) for iLO operations |
power_retry = 6 |
(IntOpt) Number of times a power operation needs to be retried |
power_wait = 2 |
(IntOpt) Amount of time in seconds to wait in between power operations |
swift_ilo_container = ironic_ilo_container |
(StrOpt) The Swift iLO container to store data. |
swift_object_expiry_timeout = 900 |
(IntOpt) Amount of time in seconds for Swift objects to auto-expire. |
use_web_server_for_images = False |
(BoolOpt) Set this to True to use http web server to host floppy images and generated boot ISO. This requires http_root and http_url to be configured in the [deploy] section of the config file. If this is set to False, then Ironic will use Swift to host the floppy images and generated boot_iso. |
Configuration option = Default value | Description |
---|---|
[inspector] | |
enabled = False |
(BoolOpt) whether to enable inspection using ironic-inspector |
service_url = None |
(StrOpt) ironic-inspector HTTP endpoint. If this is not set, the ironic-inspector client default (http://127.0.0.1:5050) will be used. |
status_check_period = 60 |
(IntOpt) period (in seconds) to check status of nodes on inspection |
Configuration option = Default value | Description |
---|---|
[ipmi] | |
min_command_interval = 5 |
(IntOpt) Minimum time, in seconds, between IPMI operations sent to a server. There is a risk with some hardware that setting this too low may cause the BMC to crash. Recommended setting is 5 seconds. |
retry_timeout = 60 |
(IntOpt) Maximum time in seconds to retry IPMI operations. There is a tradeoff when setting this value. Setting this too low may cause older BMCs to crash and require a hard reset. However, setting too high can cause the sync power state periodic task to hang when there are slow or unresponsive BMCs. |
Configuration option = Default value | Description |
---|---|
[irmc] | |
auth_method = basic |
(StrOpt) Authentication method to be used for iRMC operations, either "basic" or "digest" |
client_timeout = 60 |
(IntOpt) Timeout (in seconds) for iRMC operations |
port = 443 |
(IntOpt) Port to be used for iRMC operations, either 80 or 443 |
remote_image_server = None |
(StrOpt) IP of remote image server |
remote_image_share_name = share |
(StrOpt) share name of remote_image_server |
remote_image_share_root = /remote_image_share_root |
(StrOpt) Ironic conductor node's "NFS" or "CIFS" root path |
remote_image_share_type = CIFS |
(StrOpt) Share type of virtual media, either "NFS" or "CIFS" |
remote_image_user_domain =
|
(StrOpt) Domain name of remote_image_user_name |
remote_image_user_name = None |
(StrOpt) User name of remote_image_server |
remote_image_user_password = None |
(StrOpt) Password of remote_image_user_name |
sensor_method = ipmitool |
(StrOpt) Sensor data retrieval method, either "ipmitool" or "scci" |
Configuration option = Default value | Description |
---|---|
[keystone] | |
region_name = None |
(StrOpt) The region used for getting endpoints of OpenStackservices. |
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
debug = False |
(BoolOpt) Print debugging output (set logging level to DEBUG instead of default INFO level). |
default_log_levels = amqp=WARN, amqplib=WARN, boto=WARN, qpid=WARN, sqlalchemy=WARN, suds=INFO, oslo.messaging=INFO, iso8601=WARN, requests.packages.urllib3.connectionpool=WARN, urllib3.connectionpool=WARN, websocket=WARN, requests.packages.urllib3.util.retry=WARN, urllib3.util.retry=WARN, keystonemiddleware=WARN, routes.middleware=WARN, stevedore=WARN, taskflow=WARN |
(ListOpt) List of logger=LEVEL pairs. This option is ignored if log_config_append is set. |
fatal_exception_format_errors = False |
(BoolOpt) Used if there is a formatting error when generating an exception message (a programming error). If True, raise an exception; if False, use the unformatted message. |
instance_format = "[instance: %(uuid)s] " |
(StrOpt) The format for an instance that is passed with the log message. |
instance_uuid_format = "[instance: %(uuid)s] " |
(StrOpt) The format for an instance UUID that is passed with the log message. |
log_config_append = None |
(StrOpt) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log_format). |
log_date_format = %Y-%m-%d %H:%M:%S |
(StrOpt) Format string for %%(asctime)s in log records. Default: %(default)s . This option is ignored if log_config_append is set. |
log_dir = None |
(StrOpt) (Optional) The base directory used for relative --log-file paths. This option is ignored if log_config_append is set. |
log_file = None |
(StrOpt) (Optional) Name of log file to output to. If no default is set, logging will go to stdout. This option is ignored if log_config_append is set. |
log_format = None |
(StrOpt) DEPRECATED. A logging.Formatter log message format string which may use any of the available logging.LogRecord attributes. This option is deprecated. Please use logging_context_format_string and logging_default_format_string instead. This option is ignored if log_config_append is set. |
logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s |
(StrOpt) Format string to use for log messages with context. |
logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d |
(StrOpt) Data to append to log format when level is DEBUG. |
logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s |
(StrOpt) Format string to use for log messages without context. |
logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s |
(StrOpt) Prefix each line of exception output with this format. |
publish_errors = False |
(BoolOpt) Enables or disables publication of error events. |
syslog_log_facility = LOG_USER |
(StrOpt) Syslog facility to receive log lines. This option is ignored if log_config_append is set. |
use_stderr = True |
(BoolOpt) Log output to standard error. This option is ignored if log_config_append is set. |
use_syslog = False |
(BoolOpt) Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set. |
use_syslog_rfc_format = True |
(BoolOpt) (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The format without the APP-NAME is deprecated in Kilo, and will be removed in Mitaka, along with this option. This option is ignored if log_config_append is set. |
verbose = True |
(BoolOpt) If set to false, will disable INFO logging level, making WARNING the default. |
watch_log_file = False |
(BoolOpt) (Optional) Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log-file option is specified and Linux platform is used. This option is ignored if log_config_append is set. |
Configuration option = Default value | Description |
---|---|
[neutron] | |
auth_strategy = keystone |
(StrOpt) Default authentication strategy to use when connecting to neutron. Can be either "keystone" or "noauth". Running neutron in noauth mode (related to but not affected by this setting) is insecure and should only be used for testing. |
cleaning_network_uuid = None |
(StrOpt) UUID of the network to create Neutron ports on when booting to a ramdisk for cleaning/zapping using Neutron DHCP |
retries = 3 |
(IntOpt) Client retries in the case of a failed request. |
url = http://$my_ip:9696 |
(StrOpt) URL for connecting to neutron. |
url_timeout = 30 |
(IntOpt) Timeout value for connecting to neutron in seconds. |
Configuration option = Default value | Description |
---|---|
[oslo_policy] | |
policy_default_rule = default |
(StrOpt) Default rule. Enforced when a requested rule is not found. |
policy_dirs = ['policy.d'] |
(MultiStrOpt) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored. |
policy_file = policy.json |
(StrOpt) The JSON file that defines policies. |
Configuration option = Default value | Description |
---|---|
[pxe] | |
default_ephemeral_format = ext4 |
(StrOpt) Default file system format for ephemeral partition, if one is created. |
disk_devices = cciss/c0d0,sda,hda,vda |
(StrOpt) The disk devices to scan while doing the deploy. |
image_cache_size = 20480 |
(IntOpt) Maximum size (in MiB) of cache for master images, including those in use. |
image_cache_ttl = 10080 |
(IntOpt) Maximum TTL (in minutes) for old master images in cache. |
images_path = /var/lib/ironic/images/ |
(StrOpt) On the ironic-conductor node, directory where images are stored on disk. |
instance_master_path = /var/lib/ironic/master_images |
(StrOpt) On the ironic-conductor node, directory where master instance images are stored on disk. |
ipxe_boot_script = $pybasedir/drivers/modules/boot.ipxe |
(StrOpt) On ironic-conductor node, the path to the main iPXE script file. |
ipxe_enabled = False |
(BoolOpt) Enable iPXE boot. |
pxe_append_params = nofb nomodeset vga=normal |
(StrOpt) Additional append parameters for baremetal PXE boot. |
pxe_bootfile_name = pxelinux.0 |
(StrOpt) Bootfile DHCP parameter. |
pxe_config_template = $pybasedir/drivers/modules/pxe_config.template |
(StrOpt) On ironic-conductor node, template file for PXE configuration. |
tftp_master_path = /tftpboot/master_images |
(StrOpt) On ironic-conductor node, directory where master TFTP images are stored on disk. |
tftp_root = /tftpboot |
(StrOpt) ironic-conductor node's TFTP root path. |
tftp_server = $my_ip |
(StrOpt) IP address of ironic-conductor node's TFTP server. |
uefi_pxe_bootfile_name = elilo.efi |
(StrOpt) Bootfile DHCP parameter for UEFI boot mode. |
uefi_pxe_config_template = $pybasedir/drivers/modules/elilo_efi_pxe_config.template |
(StrOpt) On ironic-conductor node, template file for PXE configuration for UEFI boot loader. |
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
password =
|
(StrOpt) Password for Redis server (optional). |
port = 6379 |
(IntOpt) Use this port to connect to redis host. |
[matchmaker_redis] | |
host = 127.0.0.1 |
(StrOpt) Host to locate redis. |
password =
|
(StrOpt) Password for Redis server (optional). |
port = 6379 |
(IntOpt) Use this port to connect to redis host. |
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
rpc_backend = rabbit |
(StrOpt) The messaging driver to use, defaults to rabbit. Other drivers include qpid and zmq. |
rpc_cast_timeout = 30 |
(IntOpt) Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. |
rpc_conn_pool_size = 30 |
(IntOpt) Size of RPC connection pool. |
rpc_poll_timeout = 1 |
(IntOpt) The default number of seconds that poll should wait. Poll raises timeout exception when timeout expired. |
rpc_response_timeout = 60 |
(IntOpt) Seconds to wait for a response from a call. |
[oslo_concurrency] | |
disable_process_locking = False |
(BoolOpt) Enables or disables inter-process locks. |
lock_path = None |
(StrOpt) Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set. |
[oslo_messaging_amqp] | |
allow_insecure_clients = False |
(BoolOpt) Accept clients using either SSL or plain TCP |
broadcast_prefix = broadcast |
(StrOpt) address prefix used when broadcasting to all servers |
container_name = None |
(StrOpt) Name for the AMQP container |
group_request_prefix = unicast |
(StrOpt) address prefix when sending to any server in group |
idle_timeout = 0 |
(IntOpt) Timeout for inactive connections (in seconds) |
password =
|
(StrOpt) Password for message broker authentication |
sasl_config_dir =
|
(StrOpt) Path to directory that contains the SASL configuration |
sasl_config_name =
|
(StrOpt) Name of configuration file (without .conf suffix) |
sasl_mechanisms =
|
(StrOpt) Space separated list of acceptable SASL mechanisms |
server_request_prefix = exclusive |
(StrOpt) address prefix used when sending to a specific server |
ssl_ca_file =
|
(StrOpt) CA certificate PEM file to verify server certificate |
ssl_cert_file =
|
(StrOpt) Identifying certificate PEM file to present to clients |
ssl_key_file =
|
(StrOpt) Private key PEM file used to sign cert_file certificate |
ssl_key_password = None |
(StrOpt) Password for decrypting ssl_key_file (if encrypted) |
trace = False |
(BoolOpt) Debug: dump AMQP frames to stdout |
username =
|
(StrOpt) User name for message broker authentication |
Configuration option = Default value | Description |
---|---|
[oslo_messaging_rabbit] | |
amqp_auto_delete = False |
(BoolOpt) Auto-delete queues in AMQP. |
amqp_durable_queues = False |
(BoolOpt) Use durable queues in AMQP. |
fake_rabbit = False |
(BoolOpt) Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake |
heartbeat_rate = 2 |
(IntOpt) How often times during the heartbeat_timeout_threshold we check the heartbeat. |
heartbeat_timeout_threshold = 60 |
(IntOpt) Number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL |
kombu_reconnect_delay = 1.0 |
(FloatOpt) How long to wait before reconnecting in response to an AMQP consumer cancel notification. |
kombu_reconnect_timeout = 60 |
(IntOpt) How long to wait before considering a reconnect attempt to have failed. This value should not be longer than rpc_response_timeout. |
kombu_ssl_ca_certs =
|
(StrOpt) SSL certification authority file (valid only if SSL enabled). |
kombu_ssl_certfile =
|
(StrOpt) SSL cert file (valid only if SSL enabled). |
kombu_ssl_keyfile =
|
(StrOpt) SSL key file (valid only if SSL enabled). |
kombu_ssl_version =
|
(StrOpt) SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions. |
rabbit_ha_queues = False |
(BoolOpt) Use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you must wipe the RabbitMQ database. |
rabbit_host = localhost |
(StrOpt) The RabbitMQ broker address where a single node is used. |
rabbit_hosts = $rabbit_host:$rabbit_port |
(ListOpt) RabbitMQ HA cluster host:port pairs. |
rabbit_login_method = AMQPLAIN |
(StrOpt) The RabbitMQ login method. |
rabbit_max_retries = 0 |
(IntOpt) Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry count). |
rabbit_password = guest |
(StrOpt) The RabbitMQ password. |
rabbit_port = 5672 |
(IntOpt) The RabbitMQ broker port where a single node is used. |
rabbit_retry_backoff = 2 |
(IntOpt) How long to backoff for between retries when connecting to RabbitMQ. |
rabbit_retry_interval = 1 |
(IntOpt) How frequently to retry connecting with RabbitMQ. |
rabbit_use_ssl = False |
(BoolOpt) Connect over SSL for RabbitMQ. |
rabbit_userid = guest |
(StrOpt) The RabbitMQ userid. |
rabbit_virtual_host = / |
(StrOpt) The RabbitMQ virtual host. |
send_single_reply = False |
(BoolOpt) Send a single AMQP reply to call message. The current behaviour since oslo-incubator is to send two AMQP replies - first one with the payload, a second one to ensure the other have finish to send the payload. We are going to remove it in the N release, but we must keep backward compatible at the same time. This option provides such compatibility - it defaults to False in Liberty and can be turned on for early adopters with a new installations or for testing. Please note, that this option will be removed in the Mitaka release. |
Configuration option = Default value | Description |
---|---|
[oslo_messaging_qpid] | |
amqp_auto_delete = False |
(BoolOpt) Auto-delete queues in AMQP. |
amqp_durable_queues = False |
(BoolOpt) Use durable queues in AMQP. |
qpid_heartbeat = 60 |
(IntOpt) Seconds between connection keepalive heartbeats. |
qpid_hostname = localhost |
(StrOpt) Qpid broker hostname. |
qpid_hosts = $qpid_hostname:$qpid_port |
(ListOpt) Qpid HA cluster host:port pairs. |
qpid_password =
|
(StrOpt) Password for Qpid connection. |
qpid_port = 5672 |
(IntOpt) Qpid broker port. |
qpid_protocol = tcp |
(StrOpt) Transport to use, either 'tcp' or 'ssl'. |
qpid_receiver_capacity = 1 |
(IntOpt) The number of prefetched messages held by receiver. |
qpid_sasl_mechanisms =
|
(StrOpt) Space separated list of SASL mechanisms to use for auth. |
qpid_tcp_nodelay = True |
(BoolOpt) Whether to disable the Nagle algorithm. |
qpid_topology_version = 1 |
(IntOpt) The qpid topology version to use. Version 1 is what was originally used by impl_qpid. Version 2 includes some backwards-incompatible changes that allow broker federation to work. Users should update to version 2 when they are able to take everything down, as it requires a clean break. |
qpid_username =
|
(StrOpt) Username for Qpid connection. |
send_single_reply = False |
(BoolOpt) Send a single AMQP reply to call message. The current behaviour since oslo-incubator is to send two AMQP replies - first one with the payload, a second one to ensure the other have finish to send the payload. We are going to remove it in the N release, but we must keep backward compatible at the same time. This option provides such compatibility - it defaults to False in Liberty and can be turned on for early adopters with a new installations or for testing. Please note, that this option will be removed in the Mitaka release. |
Configuration option = Default value | Description |
---|---|
[seamicro] | |
action_timeout = 10 |
(IntOpt) Seconds to wait for power action to be completed |
max_retry = 3 |
(IntOpt) Maximum retries for SeaMicro operations |
Configuration option = Default value | Description |
---|---|
[snmp] | |
power_timeout = 10 |
(IntOpt) Seconds to wait for power action to be completed |
Configuration option = Default value | Description |
---|---|
[ssh] | |
libvirt_uri = qemu:///system |
(StrOpt) libvirt URI |
Configuration option = Default value | Description |
---|---|
[swift] | |
swift_max_retries = 2 |
(IntOpt) Maximum number of times to retry a Swift request, before failing. |
Configuration option = Default value | Description |
---|---|
[virtualbox] | |
port = 18083 |
(IntOpt) Port on which VirtualBox web service is listening. |
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
rpc_zmq_all_req_rep = True |
(BoolOpt) Use REQ/REP pattern for all methods CALL/CAST/FANOUT. |
rpc_zmq_bind_address = * |
(StrOpt) ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. The "host" option should point or resolve to this address. |
rpc_zmq_concurrency = eventlet |
(StrOpt) Type of concurrency used. Either "native" or "eventlet" |
rpc_zmq_contexts = 1 |
(IntOpt) Number of ZeroMQ contexts, defaults to 1. |
rpc_zmq_host = localhost |
(StrOpt) Name of this node. Must be a valid hostname, FQDN, or IP address. Must match "host" option, if running Nova. |
rpc_zmq_ipc_dir = /var/run/openstack |
(StrOpt) Directory for holding IPC sockets. |
rpc_zmq_matchmaker = redis |
(StrOpt) MatchMaker driver. |
rpc_zmq_topic_backlog = None |
(IntOpt) Maximum number of ingress messages to locally buffer per topic. Default is unlimited. |
zmq_use_broker = True |
(BoolOpt) Shows whether zmq-messaging uses broker or not. |