Configuration options for the Application Catalog service
The following options can be set in the /etc/murano/murano.conf
config file.
A sample configuration file is also available.
DEFAULT
-
backdoor_port
Type: | string |
Default: | <None> |
Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number; <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service’s log file.
-
backdoor_socket
Type: | string |
Default: | <None> |
Enable eventlet backdoor, using the provided path as a unix socket that can receive connections. This option is mutually exclusive with ‘backdoor_port’ in that only one should be provided. If both are provided then the existence of this option overrides the usage of that option.
-
log_options
Type: | boolean |
Default: | true |
Enables or disables logging values of all registered options when starting a service (at DEBUG level).
-
graceful_shutdown_timeout
-
Specify a timeout after which a gracefully shutdown server will exit. Zero value means endless wait.
-
rpc_conn_pool_size
-
Size of RPC connection pool.
Deprecated Variations
Group |
Name |
DEFAULT |
rpc_conn_pool_size |
-
conn_pool_min_size
-
The pool size limit for connections expiration policy
-
conn_pool_ttl
Type: | integer |
Default: | 1200 |
The time-to-live in sec of idle connections in the pool
-
executor_thread_pool_size
-
Size of executor thread pool when executor is threading or eventlet.
Deprecated Variations
Group |
Name |
DEFAULT |
rpc_thread_pool_size |
-
rpc_response_timeout
-
Seconds to wait for a response from a call.
-
transport_url
Type: | string |
Default: | rabbit:// |
The network address and optional user credentials for connecting to the messaging backend, in URL format. The expected format is:
driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
Example: rabbit://rabbitmq:password@127.0.0.1:5672//
For full details on the fields in the URL see the documentation of oslo_messaging.TransportURL at https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
-
control_exchange
Type: | string |
Default: | openstack |
The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
-
debug
Type: | boolean |
Default: | false |
Mutable: | This option can be changed without restarting. |
If set to true, the logging level will be set to DEBUG instead of the default INFO level.
-
log_config_append
Type: | string |
Default: | <None> |
Mutable: | This option can be changed without restarting. |
The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log-date-format).
Deprecated Variations
Group |
Name |
DEFAULT |
log-config |
DEFAULT |
log_config |
-
log_date_format
Type: | string |
Default: | %Y-%m-%d %H:%M:%S |
Defines the format string for %(asctime)s in log records. Default: the value above . This option is ignored if log_config_append is set.
-
log_file
Type: | string |
Default: | <None> |
(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.
Deprecated Variations
Group |
Name |
DEFAULT |
logfile |
-
log_dir
Type: | string |
Default: | <None> |
(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.
Deprecated Variations
Group |
Name |
DEFAULT |
logdir |
-
watch_log_file
Type: | boolean |
Default: | false |
Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.
-
use_syslog
Type: | boolean |
Default: | false |
Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.
-
use_journal
Type: | boolean |
Default: | false |
Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set.
-
syslog_log_facility
Type: | string |
Default: | LOG_USER |
Syslog facility to receive log lines. This option is ignored if log_config_append is set.
-
use_json
Type: | boolean |
Default: | false |
Use JSON formatting for logging. This option is ignored if log_config_append is set.
-
use_stderr
Type: | boolean |
Default: | false |
Log output to standard error. This option is ignored if log_config_append is set.
-
use_eventlog
Type: | boolean |
Default: | false |
Log output to Windows Event Log.
-
log_rotate_interval
-
The amount of time before the log files are rotated. This option is ignored unless log_rotation_type is setto “interval”.
-
log_rotate_interval_type
Type: | string |
Default: | days |
Valid Values: | Seconds, Minutes, Hours, Days, Weekday, Midnight |
Rotation interval type. The time of the last file change (or the time when the service was started) is used when scheduling the next rotation.
-
max_logfile_count
-
Maximum number of rotated log files.
-
max_logfile_size_mb
-
Log file maximum size in MB. This option is ignored if “log_rotation_type” is not set to “size”.
-
log_rotation_type
Type: | string |
Default: | none |
Valid Values: | interval, size, none |
Log rotation type.
Possible values
- interval
- Rotate logs at predefined time intervals.
- size
- Rotate logs once they reach a predefined size.
- none
- Do not rotate log files.
-
logging_context_format_string
Type: | string |
Default: | %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s |
Format string to use for log messages with context. Used by oslo_log.formatters.ContextFormatter
-
logging_default_format_string
Type: | string |
Default: | %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s |
Format string to use for log messages when context is undefined. Used by oslo_log.formatters.ContextFormatter
-
logging_debug_format_suffix
Type: | string |
Default: | %(funcName)s %(pathname)s:%(lineno)d |
Additional data to append to log message when logging level for the message is DEBUG. Used by oslo_log.formatters.ContextFormatter
-
logging_exception_prefix
Type: | string |
Default: | %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s |
Prefix each line of exception output with this format. Used by oslo_log.formatters.ContextFormatter
-
logging_user_identity_format
Type: | string |
Default: | %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s |
Defines the format string for %(user_identity)s that is used in logging_context_format_string. Used by oslo_log.formatters.ContextFormatter
-
default_log_levels
Type: | list |
Default: | amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,oslo_policy=INFO,dogpile.core.dogpile=INFO |
List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.
-
publish_errors
Type: | boolean |
Default: | false |
Enables or disables publication of error events.
-
instance_format
Type: | string |
Default: | "[instance: %(uuid)s] " |
The format for an instance that is passed with the log message.
-
instance_uuid_format
Type: | string |
Default: | "[instance: %(uuid)s] " |
The format for an instance UUID that is passed with the log message.
-
rate_limit_interval
-
Interval, number of seconds, of log rate limiting.
-
rate_limit_burst
-
Maximum number of logged messages per rate_limit_interval.
-
rate_limit_except_level
Type: | string |
Default: | CRITICAL |
Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered.
-
fatal_deprecations
Type: | boolean |
Default: | false |
Enables or disables fatal status of deprecations.
-
metadata_dir
Type: | string |
Default: | ./meta |
Metadata dir
-
bind_host
Type: | host address |
Default: | 0.0.0.0 |
Address to bind the Murano API server to.
-
bind_port
Type: | port number |
Default: | 8082 |
Minimum Value: | 0 |
Maximum Value: | 65535 |
Port the bind the Murano API server to.
-
file_server
-
Set a file server.
-
backlog
Type: | integer |
Default: | 4096 |
Number of backlog requests to configure the socket with
-
tcp_keepidle
-
Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not supported on OS X.
Type: | integer |
Default: | 16384 |
Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs).
barbican
-
barbican_endpoint
Type: | string |
Default: | <None> |
Use this endpoint to connect to Barbican, for example: “http://localhost:9311/”
-
barbican_api_version
Type: | string |
Default: | <None> |
Version of the Barbican API, for example: “v1”
-
auth_endpoint
Type: | string |
Default: | http://localhost/identity/v3 |
Use this endpoint to connect to Keystone
Deprecated Variations
Group |
Name |
key_manager |
auth_url |
-
retry_delay
-
Number of seconds to wait before retrying poll for key creation completion
-
number_of_retries
-
Number of times to retry poll for key creation completion
-
verify_ssl
Type: | boolean |
Default: | true |
Specifies if insecure TLS (https) requests. If False, the server’s certificate will not be validated, if True, we can set the verify_ssl_path config meanwhile.
-
verify_ssl_path
Type: | string |
Default: | <None> |
A path to a bundle or CA certs to check against, or None for requests to attempt to locate and use certificates which verify_ssh is True. If verify_ssl is False, this is ignored.
-
barbican_endpoint_type
Type: | string |
Default: | public |
Valid Values: | public, internal, admin |
Specifies the type of endpoint. Allowed values are: public, private, and admin
cors
-
allowed_origin
-
Indicate whether this resource may be shared with the domain received in the requests “origin” header. Format: “<protocol>://<host>[:<port>]”, no trailing slash. Example: https://horizon.example.com
-
allow_credentials
Type: | boolean |
Default: | true |
Indicate that the actual request can include user credentials
Type: | list |
Default: | X-Auth-Token,X-Openstack-Request-Id,X-Configuration-Session,X-Roles,X-User-Id,X-Tenant-Id |
Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.
-
max_age
Type: | integer |
Default: | 3600 |
Maximum cache age of CORS preflight requests.
-
allow_methods
Type: | list |
Default: | GET,PUT,POST,DELETE,PATCH |
Indicate which methods can be used during the actual request.
Type: | list |
Default: | X-Auth-Token,X-Openstack-Request-Id,X-Configuration-Session,X-Roles,X-User-Id,X-Tenant-Id |
Indicate which header field names may be used during the actual request.
database
-
sqlite_synchronous
Type: | boolean |
Default: | true |
If True, SQLite uses synchronous mode.
Deprecated Variations
Group |
Name |
DEFAULT |
sqlite_synchronous |
-
backend
Type: | string |
Default: | sqlalchemy |
The back end to use for the database.
Deprecated Variations
Group |
Name |
DEFAULT |
db_backend |
-
connection
Type: | string |
Default: | <None> |
The SQLAlchemy connection string to use to connect to the database.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_connection |
DATABASE |
sql_connection |
sql |
connection |
-
slave_connection
Type: | string |
Default: | <None> |
The SQLAlchemy connection string to use to connect to the slave database.
-
mysql_sql_mode
Type: | string |
Default: | TRADITIONAL |
The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
mysql_enable_ndb
Type: | boolean |
Default: | false |
If True, transparently enables support for handling MySQL Cluster (NDB).
-
connection_recycle_time
Type: | integer |
Default: | 3600 |
Connections which have been present in the connection pool longer than this number of seconds will be replaced with a new one the next time they are checked out from the pool.
Deprecated Variations
Group |
Name |
DATABASE |
idle_timeout |
database |
idle_timeout |
DEFAULT |
sql_idle_timeout |
DATABASE |
sql_idle_timeout |
sql |
idle_timeout |
-
min_pool_size
-
Minimum number of SQL connections to keep open in a pool.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_min_pool_size |
DATABASE |
sql_min_pool_size |
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
Reason: | The option to set the minimum pool size is not supported by sqlalchemy. |
-
max_pool_size
-
Maximum number of SQL connections to keep open in a pool. Setting a value of 0 indicates no limit.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_max_pool_size |
DATABASE |
sql_max_pool_size |
-
max_retries
-
Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_max_retries |
DATABASE |
sql_max_retries |
-
retry_interval
-
Interval between retries of opening a SQL connection.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_retry_interval |
DATABASE |
reconnect_interval |
-
max_overflow
-
If set, use this value for max_overflow with SQLAlchemy.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_max_overflow |
DATABASE |
sqlalchemy_max_overflow |
-
connection_debug
Type: | integer |
Default: | 0 |
Minimum Value: | 0 |
Maximum Value: | 100 |
Verbosity of SQL debugging information: 0=None, 100=Everything.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_connection_debug |
-
connection_trace
Type: | boolean |
Default: | false |
Add Python stack traces to SQL as comment strings.
Deprecated Variations
Group |
Name |
DEFAULT |
sql_connection_trace |
-
pool_timeout
Type: | integer |
Default: | <None> |
If set, use this value for pool_timeout with SQLAlchemy.
Deprecated Variations
Group |
Name |
DATABASE |
sqlalchemy_pool_timeout |
-
use_db_reconnect
Type: | boolean |
Default: | false |
Enable the experimental use of database reconnect on connection lost.
-
db_retry_interval
-
Seconds between retries of a database transaction.
-
db_inc_retry_interval
Type: | boolean |
Default: | true |
If True, increases the interval between retries of a database operation up to db_max_retry_interval.
-
db_max_retry_interval
-
If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.
-
db_max_retries
-
Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.
-
connection_parameters
-
Optional URL parameters to append onto the connection URL at connect time; specify as param1=value1¶m2=value2&…
engine
-
disable_murano_agent
Type: | boolean |
Default: | false |
Disallow the use of murano-agent
-
class_configs
Type: | string |
Default: | /etc/murano/class-configs |
Path to class configuration files
-
use_trusts
Type: | boolean |
Default: | true |
Create resources using trust token rather than user’s token
-
enable_model_policy_enforcer
Type: | boolean |
Default: | false |
Enable model policy enforcer using Congress
-
agent_timeout
Type: | integer |
Default: | 3600 |
Time for waiting for a response from murano agent during the deployment
-
engine_workers
Type: | integer |
Default: | <None> |
Number of engine workers
Deprecated Variations
Group |
Name |
engine |
workers |
-
load_packages_from
-
List of directories to load local packages from. If not provided, packages will be loaded only API
Deprecated Variations
Group |
Name |
packages_opts |
load_packages_from |
-
packages_cache
Type: | string |
Default: | <None> |
Location (directory) for Murano package cache.
Deprecated Variations
Group |
Name |
packages_opts |
packages_cache |
-
enable_packages_cache
Type: | boolean |
Default: | true |
Enables murano-engine to persist on disk packages downloaded during deployments. The packages would be re-used for consequent deployments.
Deprecated Variations
Group |
Name |
packages_opts |
enable_packages_cache |
-
packages_service
Type: | string |
Default: | murano |
The service to store murano packages: murano (stands for legacy behavior using murano-api) or glance (stands for glance-glare artifact service)
Deprecated Variations
Group |
Name |
packages_opts |
packages_service |
-
signing_key
Type: | string |
Default: | ~/.ssh/id_rsa |
Path to RSA key for agent message signing
-
agent_source
Type: | string |
Default: | murano-agent |
pip URL/package spec for murano-agent
glare
-
url
Type: | string |
Default: | <None> |
Optional glare url in format like http://0.0.0.0:9494 used by Glare API
Deprecated Variations
Group |
Name |
glance |
url |
-
endpoint_type
Type: | string |
Default: | publicURL |
Glare endpoint type.
Deprecated Variations
Group |
Name |
glance |
endpoint_type |
-
cafile
Type: | string |
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
certfile
Type: | string |
Default: | <None> |
PEM encoded client certificate cert file
-
keyfile
Type: | string |
Default: | <None> |
PEM encoded client certificate key file
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
timeout
Type: | integer |
Default: | <None> |
Timeout value for http requests
-
collect_timing
Type: | boolean |
Default: | false |
Collect per-API call timing information.
-
split_loggers
Type: | boolean |
Default: | false |
Log requests to multiple loggers.
heat
-
url
Type: | string |
Default: | <None> |
Optional heat endpoint override
-
endpoint_type
Type: | string |
Default: | publicURL |
Heat endpoint type.
-
stack_tags
-
List of tags to be assigned to heat stacks created during environment deployment.
-
cafile
Type: | string |
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
certfile
Type: | string |
Default: | <None> |
PEM encoded client certificate cert file
-
keyfile
Type: | string |
Default: | <None> |
PEM encoded client certificate key file
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
timeout
Type: | integer |
Default: | <None> |
Timeout value for http requests
-
collect_timing
Type: | boolean |
Default: | false |
Collect per-API call timing information.
-
split_loggers
Type: | boolean |
Default: | false |
Log requests to multiple loggers.
key_manager
-
backend
Type: | string |
Default: | barbican |
Specify the key manager implementation. Options are “barbican” and “vault”. Default is “barbican”. Will support the values earlier set using [key_manager]/api_class for some time.
Deprecated Variations
Group |
Name |
key_manager |
api_class |
-
auth_type
Type: | string |
Default: | <None> |
The type of authentication credential to create. Possible values are ‘token’, ‘password’, ‘keystone_token’, and ‘keystone_password’. Required if no context is passed to the credential factory.
-
token
Type: | string |
Default: | <None> |
Token for authentication. Required for ‘token’ and ‘keystone_token’ auth_type if no context is passed to the credential factory.
-
username
Type: | string |
Default: | <None> |
Username for authentication. Required for ‘password’ auth_type. Optional for the ‘keystone_password’ auth_type.
-
password
Type: | string |
Default: | <None> |
Password for authentication. Required for ‘password’ and ‘keystone_password’ auth_type.
-
auth_url
Type: | string |
Default: | <None> |
Use this endpoint to connect to Keystone.
-
user_id
Type: | string |
Default: | <None> |
User ID for authentication. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
-
user_domain_id
Type: | string |
Default: | <None> |
User’s domain ID for authentication. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
-
user_domain_name
Type: | string |
Default: | <None> |
User’s domain name for authentication. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
-
trust_id
Type: | string |
Default: | <None> |
Trust ID for trust scoping. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
-
domain_id
Type: | string |
Default: | <None> |
Domain ID for domain scoping. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
-
domain_name
Type: | string |
Default: | <None> |
Domain name for domain scoping. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
-
project_id
Type: | string |
Default: | <None> |
Project ID for project scoping. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
-
project_name
Type: | string |
Default: | <None> |
Project name for project scoping. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
-
project_domain_id
Type: | string |
Default: | <None> |
Project’s domain ID for project. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
-
project_domain_name
Type: | string |
Default: | <None> |
Project’s domain name for project. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
-
reauthenticate
Type: | boolean |
Default: | true |
Allow fetching a new token if the current one is going to expire. Optional for ‘keystone_token’ and ‘keystone_password’ auth_type.
keystone_authtoken
-
www_authenticate_uri
Type: | string |
Default: | <None> |
Complete “public” Identity API endpoint. This endpoint should not be an “admin” endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint.
Deprecated Variations
Group |
Name |
keystone_authtoken |
auth_uri |
-
auth_uri
Type: | string |
Default: | <None> |
Complete “public” Identity API endpoint. This endpoint should not be an “admin” endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint. This option is deprecated in favor of www_authenticate_uri and will be removed in the S release.
Warning
This option is deprecated for removal since Queens.
Its value may be silently ignored
in the future.
Reason: | The auth_uri option is deprecated in favor of www_authenticate_uri and will be removed in the S release. |
-
auth_version
Type: | string |
Default: | <None> |
API version of the admin Identity API endpoint.
-
delay_auth_decision
Type: | boolean |
Default: | false |
Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
-
http_connect_timeout
Type: | integer |
Default: | <None> |
Request timeout value for communicating with Identity API server.
-
http_request_max_retries
-
How many times are we trying to reconnect when communicating with Identity API Server.
-
cache
Type: | string |
Default: | <None> |
Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option to have the middleware share a caching backend with swift. Otherwise, use the memcached_servers
option instead.
-
certfile
Type: | string |
Default: | <None> |
Required if identity server requires client certificate
-
keyfile
Type: | string |
Default: | <None> |
Required if identity server requires client certificate
-
cafile
Type: | string |
Default: | <None> |
A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
region_name
Type: | string |
Default: | <None> |
The region in which the identity server can be found.
-
signing_dir
Type: | string |
Default: | <None> |
Directory used to cache files related to PKI tokens. This option has been deprecated in the Ocata release and will be removed in the P release.
Warning
This option is deprecated for removal since Ocata.
Its value may be silently ignored
in the future.
Reason: | PKI token format is no longer supported. |
-
memcached_servers
-
Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
Deprecated Variations
Group |
Name |
keystone_authtoken |
memcache_servers |
-
token_cache_time
-
In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
-
memcache_security_strategy
Type: | string |
Default: | None |
Valid Values: | None, MAC, ENCRYPT |
(Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
-
memcache_secret_key
Type: | string |
Default: | <None> |
(Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
-
memcache_pool_dead_retry
-
(Optional) Number of seconds memcached server is considered dead before it is tried again.
-
memcache_pool_maxsize
-
(Optional) Maximum total number of open connections to every memcached server.
-
memcache_pool_socket_timeout
-
(Optional) Socket timeout in seconds for communicating with a memcached server.
-
memcache_pool_unused_timeout
-
(Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
-
memcache_pool_conn_get_timeout
-
(Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
-
memcache_use_advanced_pool
Type: | boolean |
Default: | false |
(Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
-
include_service_catalog
Type: | boolean |
Default: | true |
(Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
-
enforce_token_bind
Type: | string |
Default: | permissive |
Used to control the use and type of token binding. Can be set to: “disabled” to not check token binding. “permissive” (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. “strict” like “permissive” but if the bind type is unknown the token will be rejected. “required” any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
-
hash_algorithms
-
Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
Warning
This option is deprecated for removal since Ocata.
Its value may be silently ignored
in the future.
Reason: | PKI token format is no longer supported. |
-
service_token_roles
Type: | list |
Default: | service |
A choice of roles that must be present in a service token. Service tokens are allowed to request that an expired token can be used and so this check should tightly control that only actual services should be sending this token. Roles here are applied as an ANY check so any role in this list must be present. For backwards compatibility reasons this currently only affects the allow_expired check.
-
service_token_roles_required
Type: | boolean |
Default: | false |
For backwards compatibility reasons we must let valid service tokens pass that don’t pass the service_token_roles check as valid. Setting this true will become the default in a future release and should be enabled if possible.
-
auth_admin_prefix
-
Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
-
auth_host
Type: | string |
Default: | 127.0.0.1 |
Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_port
Type: | integer |
Default: | 35357 |
Port of the admin Identity API endpoint. Deprecated, use identity_uri.
-
auth_protocol
Type: | string |
Default: | https |
Valid Values: | http, https |
Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
-
identity_uri
Type: | string |
Default: | <None> |
Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
-
admin_token
Type: | string |
Default: | <None> |
This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use admin_user and admin_password instead.
-
admin_user
Type: | string |
Default: | <None> |
Service username.
-
admin_password
Type: | string |
Default: | <None> |
Service user password.
-
admin_tenant_name
Type: | string |
Default: | admin |
Service tenant name.
-
auth_type
Type: | unknown type |
Default: | <None> |
Authentication type to load
Deprecated Variations
Group |
Name |
keystone_authtoken |
auth_plugin |
-
auth_section
Type: | unknown type |
Default: | <None> |
Config Section from which to load plugin specific options
mistral
-
url
Type: | string |
Default: | <None> |
Optional mistral endpoint override
-
endpoint_type
Type: | string |
Default: | publicURL |
Mistral endpoint type.
-
service_type
Type: | string |
Default: | workflowv2 |
Mistral service type.
-
cafile
Type: | string |
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
certfile
Type: | string |
Default: | <None> |
PEM encoded client certificate cert file
-
keyfile
Type: | string |
Default: | <None> |
PEM encoded client certificate key file
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
timeout
Type: | integer |
Default: | <None> |
Timeout value for http requests
-
collect_timing
Type: | boolean |
Default: | false |
Collect per-API call timing information.
-
split_loggers
Type: | boolean |
Default: | false |
Log requests to multiple loggers.
murano
-
url
Type: | string |
Default: | <None> |
Optional murano url in format like http://0.0.0.0:8082 used by Murano engine
-
endpoint_type
Type: | string |
Default: | publicURL |
Murano endpoint type used by Murano engine.
-
enabled_plugins
-
List of enabled Extension Plugins. Remove or leave commented to enable all installed plugins.
-
package_size_limit
-
Maximum application package size, Mb
Deprecated Variations
Group |
Name |
packages_opts |
package_size_limit |
-
limit_param_default
-
Default value for package pagination in API.
Deprecated Variations
Group |
Name |
packages_opts |
limit_param_default |
-
api_limit_max
-
Maximum number of packages to be returned in a single pagination request
Deprecated Variations
Group |
Name |
packages_opts |
api_limit_max |
-
api_workers
Type: | integer |
Default: | <None> |
Number of API workers
-
dsl_iterators_limit
Type: | integer |
Default: | 2000 |
Maximum number of elements that can be iterated per object type.
-
cafile
Type: | string |
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
certfile
Type: | string |
Default: | <None> |
PEM encoded client certificate cert file
-
keyfile
Type: | string |
Default: | <None> |
PEM encoded client certificate key file
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
timeout
Type: | integer |
Default: | <None> |
Timeout value for http requests
-
collect_timing
Type: | boolean |
Default: | false |
Collect per-API call timing information.
-
split_loggers
Type: | boolean |
Default: | false |
Log requests to multiple loggers.
murano_auth
-
www_authenticate_uri
Type: | string |
Default: | <None> |
Identity API endpoint for authenticating with tokens.
-
cafile
Type: | string |
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
certfile
Type: | string |
Default: | <None> |
PEM encoded client certificate cert file
-
keyfile
Type: | string |
Default: | <None> |
PEM encoded client certificate key file
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
timeout
Type: | integer |
Default: | <None> |
Timeout value for http requests
-
collect_timing
Type: | boolean |
Default: | false |
Collect per-API call timing information.
-
split_loggers
Type: | boolean |
Default: | false |
Log requests to multiple loggers.
-
auth_type
Type: | unknown type |
Default: | <None> |
Authentication type to load
Deprecated Variations
Group |
Name |
murano_auth |
auth_plugin |
-
auth_section
Type: | unknown type |
Default: | <None> |
Config Section from which to load plugin specific options
-
auth_url
Type: | unknown type |
Default: | <None> |
Authentication URL
-
system_scope
Type: | unknown type |
Default: | <None> |
Scope for system operations
-
domain_id
Type: | unknown type |
Default: | <None> |
Domain ID to scope to
-
domain_name
Type: | unknown type |
Default: | <None> |
Domain name to scope to
-
project_id
Type: | unknown type |
Default: | <None> |
Project ID to scope to
-
project_name
Type: | unknown type |
Default: | <None> |
Project name to scope to
-
project_domain_id
Type: | unknown type |
Default: | <None> |
Domain ID containing project
-
project_domain_name
Type: | unknown type |
Default: | <None> |
Domain name containing project
-
trust_id
Type: | unknown type |
Default: | <None> |
Trust ID
-
default_domain_id
Type: | unknown type |
Default: | <None> |
Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
-
default_domain_name
Type: | unknown type |
Default: | <None> |
Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication.
-
user_id
Type: | unknown type |
Default: | <None> |
User ID
-
username
Type: | unknown type |
Default: | <None> |
Username
Deprecated Variations
Group |
Name |
murano_auth |
user-name |
murano_auth |
user_name |
-
user_domain_id
Type: | unknown type |
Default: | <None> |
User’s domain id
-
user_domain_name
Type: | unknown type |
Default: | <None> |
User’s domain name
-
password
Type: | unknown type |
Default: | <None> |
User’s password
-
tenant_id
Type: | unknown type |
Default: | <None> |
Tenant ID
-
tenant_name
Type: | unknown type |
Default: | <None> |
Tenant Name
networking
-
max_environments
-
Maximum number of environments that use a single router per tenant
-
max_hosts
-
Maximum number of VMs per environment
-
env_ip_template
Type: | host address |
Default: | 10.0.0.0 |
Template IP address for generating environment subnet cidrs
-
default_dns
-
List of default DNS nameservers to be assigned to created Networks
-
external_network
Type: | string |
Default: | ext-net |
ID or name of the external network for routers to connect to
-
router_name
Type: | string |
Default: | murano-default-router |
Name of the router that going to be used in order to join all networks created by Murano
-
create_router
Type: | boolean |
Default: | true |
This option will create a router when one with “router_name” does not exist
-
network_config_file
Type: | string |
Default: | netconfig.yaml |
If provided networking configuration will be taken from this file
-
driver
Type: | string |
Default: | <None> |
Valid Values: | neutron, nova |
Network driver to use. Options are neutron or nova.If not provided, the driver will be detected.
neutron
-
url
Type: | string |
Default: | <None> |
Optional neutron endpoint override
-
endpoint_type
Type: | string |
Default: | publicURL |
Neutron endpoint type.
-
cafile
Type: | string |
Default: | <None> |
PEM encoded Certificate Authority to use when verifying HTTPs connections.
-
certfile
Type: | string |
Default: | <None> |
PEM encoded client certificate cert file
-
keyfile
Type: | string |
Default: | <None> |
PEM encoded client certificate key file
-
insecure
Type: | boolean |
Default: | false |
Verify HTTPS connections.
-
timeout
Type: | integer |
Default: | <None> |
Timeout value for http requests
-
collect_timing
Type: | boolean |
Default: | false |
Collect per-API call timing information.
-
split_loggers
Type: | boolean |
Default: | false |
Log requests to multiple loggers.
oslo_messaging_amqp
-
container_name
Type: | string |
Default: | <None> |
Name for the AMQP container. must be globally unique. Defaults to a generated UUID
Deprecated Variations
Group |
Name |
amqp1 |
container_name |
-
idle_timeout
-
Timeout for inactive connections (in seconds)
Deprecated Variations
Group |
Name |
amqp1 |
idle_timeout |
-
trace
Type: | boolean |
Default: | false |
Debug: dump AMQP frames to stdout
Deprecated Variations
Group |
Name |
amqp1 |
trace |
-
ssl
Type: | boolean |
Default: | false |
Attempt to connect via SSL. If no other ssl-related parameters are given, it will use the system’s CA-bundle to verify the server’s certificate.
-
ssl_ca_file
-
CA certificate PEM file used to verify the server’s certificate
Deprecated Variations
Group |
Name |
amqp1 |
ssl_ca_file |
-
ssl_cert_file
-
Self-identifying certificate PEM file for client authentication
Deprecated Variations
Group |
Name |
amqp1 |
ssl_cert_file |
-
ssl_key_file
-
Private key PEM file used to sign ssl_cert_file certificate (optional)
Deprecated Variations
Group |
Name |
amqp1 |
ssl_key_file |
-
ssl_key_password
Type: | string |
Default: | <None> |
Password for decrypting ssl_key_file (if encrypted)
Deprecated Variations
Group |
Name |
amqp1 |
ssl_key_password |
-
ssl_verify_vhost
Type: | boolean |
Default: | false |
By default SSL checks that the name in the server’s certificate matches the hostname in the transport_url. In some configurations it may be preferable to use the virtual hostname instead, for example if the server uses the Server Name Indication TLS extension (rfc6066) to provide a certificate per virtual host. Set ssl_verify_vhost to True if the server’s SSL certificate uses the virtual host name instead of the DNS name.
-
sasl_mechanisms
-
Space separated list of acceptable SASL mechanisms
Deprecated Variations
Group |
Name |
amqp1 |
sasl_mechanisms |
-
sasl_config_dir
-
Path to directory that contains the SASL configuration
Deprecated Variations
Group |
Name |
amqp1 |
sasl_config_dir |
-
sasl_config_name
-
Name of configuration file (without .conf suffix)
Deprecated Variations
Group |
Name |
amqp1 |
sasl_config_name |
-
sasl_default_realm
-
SASL realm to use if no realm present in username
-
connection_retry_interval
Type: | integer |
Default: | 1 |
Minimum Value: | 1 |
Seconds to pause before attempting to re-connect.
-
connection_retry_backoff
Type: | integer |
Default: | 2 |
Minimum Value: | 0 |
Increase the connection_retry_interval by this many seconds after each unsuccessful failover attempt.
-
connection_retry_interval_max
Type: | integer |
Default: | 30 |
Minimum Value: | 1 |
Maximum limit for connection_retry_interval + connection_retry_backoff
-
link_retry_delay
Type: | integer |
Default: | 10 |
Minimum Value: | 1 |
Time to pause between re-connecting an AMQP 1.0 link that failed due to a recoverable error.
-
default_reply_retry
Type: | integer |
Default: | 0 |
Minimum Value: | -1 |
The maximum number of attempts to re-send a reply message which failed due to a recoverable error.
-
default_reply_timeout
Type: | integer |
Default: | 30 |
Minimum Value: | 5 |
The deadline for an rpc reply message delivery.
-
default_send_timeout
Type: | integer |
Default: | 30 |
Minimum Value: | 5 |
The deadline for an rpc cast or call message delivery. Only used when caller does not provide a timeout expiry.
-
default_notify_timeout
Type: | integer |
Default: | 30 |
Minimum Value: | 5 |
The deadline for a sent notification message delivery. Only used when caller does not provide a timeout expiry.
-
default_sender_link_timeout
Type: | integer |
Default: | 600 |
Minimum Value: | 1 |
The duration to schedule a purge of idle sender links. Detach link after expiry.
-
addressing_mode
Type: | string |
Default: | dynamic |
Indicates the addressing mode used by the driver.
Permitted values:
‘legacy’ - use legacy non-routable addressing
‘routable’ - use routable addresses
‘dynamic’ - use legacy addresses if the message bus does not support routing otherwise use routable addressing
-
pseudo_vhost
Type: | boolean |
Default: | true |
Enable virtual host support for those message buses that do not natively support virtual hosting (such as qpidd). When set to true the virtual host name will be added to all message bus addresses, effectively creating a private ‘subnet’ per virtual host. Set to False if the message bus supports virtual hosting using the ‘hostname’ field in the AMQP 1.0 Open performative as the name of the virtual host.
-
server_request_prefix
Type: | string |
Default: | exclusive |
address prefix used when sending to a specific server
Deprecated Variations
Group |
Name |
amqp1 |
server_request_prefix |
-
broadcast_prefix
Type: | string |
Default: | broadcast |
address prefix used when broadcasting to all servers
Deprecated Variations
Group |
Name |
amqp1 |
broadcast_prefix |
-
group_request_prefix
Type: | string |
Default: | unicast |
address prefix when sending to any server in group
Deprecated Variations
Group |
Name |
amqp1 |
group_request_prefix |
-
rpc_address_prefix
Type: | string |
Default: | openstack.org/om/rpc |
Address prefix for all generated RPC addresses
-
notify_address_prefix
Type: | string |
Default: | openstack.org/om/notify |
Address prefix for all generated Notification addresses
-
multicast_address
Type: | string |
Default: | multicast |
Appended to the address prefix when sending a fanout message. Used by the message bus to identify fanout messages.
-
unicast_address
Type: | string |
Default: | unicast |
Appended to the address prefix when sending to a particular RPC/Notification server. Used by the message bus to identify messages sent to a single destination.
-
anycast_address
Type: | string |
Default: | anycast |
Appended to the address prefix when sending to a group of consumers. Used by the message bus to identify messages that should be delivered in a round-robin fashion across consumers.
-
default_notification_exchange
Type: | string |
Default: | <None> |
Exchange name used in notification addresses.
Exchange name resolution precedence:
Target.exchange if set
else default_notification_exchange if set
else control_exchange if set
else ‘notify’
-
default_rpc_exchange
Type: | string |
Default: | <None> |
Exchange name used in RPC addresses.
Exchange name resolution precedence:
Target.exchange if set
else default_rpc_exchange if set
else control_exchange if set
else ‘rpc’
-
reply_link_credit
Type: | integer |
Default: | 200 |
Minimum Value: | 1 |
Window size for incoming RPC Reply messages.
-
rpc_server_credit
Type: | integer |
Default: | 100 |
Minimum Value: | 1 |
Window size for incoming RPC Request messages
-
notify_server_credit
Type: | integer |
Default: | 100 |
Minimum Value: | 1 |
Window size for incoming Notification messages
-
pre_settled
Type: | multi-valued |
Default: | rpc-cast |
Default: | rpc-reply |
Send messages of this type pre-settled.
Pre-settled messages will not receive acknowledgement
from the peer. Note well: pre-settled messages may be
silently discarded if the delivery fails.
Permitted values:
‘rpc-call’ - send RPC Calls pre-settled
‘rpc-reply’- send RPC Replies pre-settled
‘rpc-cast’ - Send RPC Casts pre-settled
‘notify’ - Send Notifications pre-settled
oslo_messaging_kafka
-
kafka_max_fetch_bytes
Type: | integer |
Default: | 1048576 |
Max fetch bytes of Kafka consumer
-
kafka_consumer_timeout
Type: | floating point |
Default: | 1.0 |
Default timeout(s) for Kafka consumers
-
pool_size
-
Pool Size for Kafka Consumers
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
Reason: | Driver no longer uses connection pool. |
-
conn_pool_min_size
-
The pool size limit for connections expiration policy
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
Reason: | Driver no longer uses connection pool. |
-
conn_pool_ttl
Type: | integer |
Default: | 1200 |
The time-to-live in sec of idle connections in the pool
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
Reason: | Driver no longer uses connection pool. |
-
consumer_group
Type: | string |
Default: | oslo_messaging_consumer |
Group id for Kafka consumer. Consumers in one group will coordinate message consumption
-
producer_batch_timeout
Type: | floating point |
Default: | 0.0 |
Upper bound on the delay for KafkaProducer batching in seconds
-
producer_batch_size
Type: | integer |
Default: | 16384 |
Size of batch for the producer async send
-
enable_auto_commit
Type: | boolean |
Default: | false |
Enable asynchronous consumer commits
-
max_poll_records
-
The maximum number of records returned in a poll call
-
security_protocol
Type: | string |
Default: | PLAINTEXT |
Valid Values: | PLAINTEXT, SASL_PLAINTEXT, SSL, SASL_SSL |
Protocol used to communicate with brokers
-
sasl_mechanism
Type: | string |
Default: | PLAIN |
Mechanism when security protocol is SASL
-
ssl_cafile
-
CA certificate PEM file used to verify the server certificate
oslo_messaging_notifications
-
driver
Type: | multi-valued |
Default: | '' |
The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop
Deprecated Variations
Group |
Name |
DEFAULT |
notification_driver |
-
transport_url
Type: | string |
Default: | <None> |
A URL representing the messaging driver to use for notifications. If not set, we fall back to the same configuration used for RPC.
Deprecated Variations
Group |
Name |
DEFAULT |
notification_transport_url |
-
topics
Type: | list |
Default: | notifications |
AMQP topic used for OpenStack notifications.
Deprecated Variations
Group |
Name |
rpc_notifier2 |
topics |
DEFAULT |
notification_topics |
-
retry
-
The maximum number of attempts to re-send a notification message which failed to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
oslo_messaging_rabbit
-
amqp_durable_queues
Type: | boolean |
Default: | false |
Use durable queues in AMQP.
-
amqp_auto_delete
Type: | boolean |
Default: | false |
Auto-delete queues in AMQP.
Deprecated Variations
Group |
Name |
DEFAULT |
amqp_auto_delete |
-
ssl
Type: | boolean |
Default: | false |
Connect over SSL.
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
rabbit_use_ssl |
-
ssl_version
-
SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_ssl_version |
-
ssl_key_file
-
SSL key file (valid only if SSL enabled).
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_ssl_keyfile |
-
ssl_cert_file
-
SSL cert file (valid only if SSL enabled).
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_ssl_certfile |
-
ssl_ca_file
-
SSL certification authority file (valid only if SSL enabled).
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_ssl_ca_certs |
-
kombu_reconnect_delay
Type: | floating point |
Default: | 1.0 |
How long to wait before reconnecting in response to an AMQP consumer cancel notification.
Deprecated Variations
Group |
Name |
DEFAULT |
kombu_reconnect_delay |
-
kombu_compression
Type: | string |
Default: | <None> |
EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not be used. This option may not be available in future versions.
-
kombu_missing_consumer_retry_timeout
-
How long to wait a missing client before abandoning to send it its replies. This value should not be longer than rpc_response_timeout.
Deprecated Variations
Group |
Name |
oslo_messaging_rabbit |
kombu_reconnect_timeout |
-
kombu_failover_strategy
Type: | string |
Default: | round-robin |
Valid Values: | round-robin, shuffle |
Determines how the next RabbitMQ node is chosen in case the one we are currently connected to becomes unavailable. Takes effect only if more than one RabbitMQ node is provided in config.
-
rabbit_login_method
Type: | string |
Default: | AMQPLAIN |
Valid Values: | PLAIN, AMQPLAIN, RABBIT-CR-DEMO |
The RabbitMQ login method.
Deprecated Variations
Group |
Name |
DEFAULT |
rabbit_login_method |
-
rabbit_retry_interval
-
How frequently to retry connecting with RabbitMQ.
-
rabbit_retry_backoff
-
How long to backoff for between retries when connecting to RabbitMQ.
Deprecated Variations
Group |
Name |
DEFAULT |
rabbit_retry_backoff |
-
rabbit_interval_max
-
Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
-
rabbit_ha_queues
Type: | boolean |
Default: | false |
Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring is no longer controlled by the x-ha-policy argument when declaring a queue. If you just want to make sure that all queues (except those with auto-generated names) are mirrored across all nodes, run: “rabbitmqctl set_policy HA ‘^(?!amq.).*’ ‘{“ha-mode”: “all”}’ “
Deprecated Variations
Group |
Name |
DEFAULT |
rabbit_ha_queues |
-
rabbit_transient_queues_ttl
Type: | integer |
Default: | 1800 |
Minimum Value: | 1 |
Positive integer representing duration in seconds for queue TTL (x-expires). Queues which are unused for the duration of the TTL are automatically deleted. The parameter affects only reply and fanout queues.
-
rabbit_qos_prefetch_count
-
Specifies the number of messages to prefetch. Setting to zero allows unlimited messages.
-
heartbeat_timeout_threshold
-
Number of seconds after which the Rabbit broker is considered down if heartbeat’s keep-alive fails (0 disable the heartbeat). EXPERIMENTAL
-
heartbeat_rate
-
How often times during the heartbeat_timeout_threshold we check the heartbeat.
oslo_policy
-
enforce_scope
Type: | boolean |
Default: | false |
This option controls whether or not to enforce scope when evaluating policies. If True
, the scope of the token used in the request is compared to the scope_types
of the policy being enforced. If the scopes do not match, an InvalidScope
exception will be raised. If False
, a message will be logged informing operators that policies are being invoked with mismatching scope.
-
policy_file
Type: | string |
Default: | policy.json |
The file that defines policies.
Deprecated Variations
Group |
Name |
DEFAULT |
policy_file |
-
policy_default_rule
Type: | string |
Default: | default |
Default rule. Enforced when a requested rule is not found.
Deprecated Variations
Group |
Name |
DEFAULT |
policy_default_rule |
-
policy_dirs
Type: | multi-valued |
Default: | policy.d |
Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.
Deprecated Variations
Group |
Name |
DEFAULT |
policy_dirs |
-
remote_content_type
Type: | string |
Default: | application/x-www-form-urlencoded |
Valid Values: | application/x-www-form-urlencoded, application/json |
Content Type to send and receive data for REST based policy check
-
remote_ssl_verify_server_crt
Type: | boolean |
Default: | false |
server identity verification for REST based policy check
-
remote_ssl_ca_crt_file
Type: | string |
Default: | <None> |
Absolute path to ca cert file for REST based policy check
-
remote_ssl_client_crt_file
Type: | string |
Default: | <None> |
Absolute path to client cert for REST based policy check
-
remote_ssl_client_key_file
Type: | string |
Default: | <None> |
Absolute path client key file REST based policy check
rabbitmq
-
host
Type: | host address |
Default: | localhost |
The RabbitMQ broker address which used for communication with Murano guest agents.
-
port
Type: | port number |
Default: | 5672 |
Minimum Value: | 0 |
Maximum Value: | 65535 |
The RabbitMQ broker port.
-
login
Type: | string |
Default: | guest |
The RabbitMQ login.
-
password
Type: | string |
Default: | guest |
The RabbitMQ password.
-
virtual_host
-
The RabbitMQ virtual host.
-
ssl
Type: | boolean |
Default: | false |
Boolean flag to enable SSL communication through the RabbitMQ broker between murano-engine and guest agents.
-
ssl_version
-
SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.
-
ca_certs
-
SSL cert file (valid only if SSL enabled).
-
insecure
Type: | boolean |
Default: | false |
This option explicitly allows Murano to perform “insecure” SSL connections to RabbitMQ
ssl
-
ca_file
Type: | string |
Default: | <None> |
CA certificate file to use to verify connecting clients.
Deprecated Variations
Group |
Name |
DEFAULT |
ssl_ca_file |
-
cert_file
Type: | string |
Default: | <None> |
Certificate file to use when starting the server securely.
Deprecated Variations
Group |
Name |
DEFAULT |
ssl_cert_file |
-
key_file
Type: | string |
Default: | <None> |
Private key file to use when starting the server securely.
Deprecated Variations
Group |
Name |
DEFAULT |
ssl_key_file |
-
version
Type: | string |
Default: | <None> |
SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.
-
ciphers
Type: | string |
Default: | <None> |
Sets the list of available ciphers. value should be a string in the OpenSSL cipher list format.
stats
-
period
-
Statistics collection interval in minutes.Default value is 5 minutes.
-
env_audit_period
-
Environment audit interval in minutes. Default value is 60 minutes.
-
env_audit_enabled
Type: | boolean |
Default: | true |
Whether environment audit events enabled
vault
-
root_token_id
Type: | string |
Default: | <None> |
root token for vault
-
approle_role_id
Type: | string |
Default: | <None> |
AppRole role_id for authentication with vault
-
approle_secret_id
Type: | string |
Default: | <None> |
AppRole secret_id for authentication with vault
-
kv_mountpoint
Type: | string |
Default: | secret |
Mountpoint of KV store in Vault to use, for example: secret
-
vault_url
Type: | string |
Default: | http://127.0.0.1:8200 |
Use this endpoint to connect to Vault, for example: “http://127.0.0.1:8200”
-
ssl_ca_crt_file
Type: | string |
Default: | <None> |
Absolute path to ca cert file
-
use_ssl
Type: | boolean |
Default: | false |
SSL Enabled/Disabled