manila.conf¶
默认情况下,manila.conf 文件安装在 /etc/manila 中。 当您手动安装共享文件系统服务时,manila.conf 文件中的选项将被设置为默认值。
manila.conf 文件包含配置共享文件系统服务所需的大部分选项。
[DEFAULT]
#
# From manila
#
# The maximum number of items returned in a single response from a
# collection resource. (integer value)
#osapi_max_limit = 1000
# Base URL to be presented to users in links to the Share API (string
# value)
#osapi_share_base_URL = <None>
# DEPRECATED: Treat X-Forwarded-For as the canonical remote address.
# Only enable this if you have a sanitizing proxy. (boolean value)
# This option is deprecated for removal since Zed.
# Its value may be silently ignored in the future.
# Reason: This feature is duplicate of the HTTPProxyToWSGI middleware
# of oslo.middleware.
#use_forwarded_for = false
# Top-level directory for maintaining manila's state. (string value)
#state_path = /var/lib/manila
# IP address of this host. (host address value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#my_ip = <your_ip>
# The topic scheduler nodes listen on. (string value)
#scheduler_topic = manila-scheduler
# The topic share nodes listen on. (string value)
#share_topic = manila-share
# The topic data nodes listen on. (string value)
#data_topic = manila-data
# Whether to rate limit the API. (boolean value)
#api_rate_limit = true
# Specify list of extensions to load when using osapi_share_extension
# option with manila.api.contrib.select_extensions. (list value)
#osapi_share_ext_list =
# The osapi share extensions to load. (list value)
#osapi_share_extension = manila.api.contrib.standard_extensions
# Full class name for the scheduler manager. (string value)
#scheduler_manager = manila.scheduler.manager.SchedulerManager
# Full class name for the share manager. (string value)
#share_manager = manila.share.manager.ShareManager
# Full class name for the data manager. (string value)
#data_manager = manila.data.manager.DataManager
# Name of this node. This can be an opaque identifier. It is not
# necessarily a hostname, FQDN, or IP address. (host address value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#host = <your_hostname>
# Availability zone of this node. (string value)
#storage_availability_zone = nova
# Default share type to use. (string value)
#default_share_type = <None>
# Default share group type to use. (string value)
#default_share_group_type = <None>
# Path to the rootwrap configuration file to use for running commands
# as root. (string value)
#rootwrap_config = <None>
# Whether to log monkey patching. (boolean value)
#monkey_patch = false
# List of modules or decorators to monkey patch. (list value)
#monkey_patch_modules =
# Maximum time since last check-in for up service. (integer value)
#service_down_time = 60
# The full class name of the share API class to use. (string value)
#share_api_class = manila.share.api.API
# The strategy to use for auth. Supports noauth, keystone, and
# noauthv2. (string value)
#auth_strategy = keystone
# A list of share backend names to use. These backend names should be
# backed by a unique [CONFIG] group with its options. (list value)
#enabled_share_backends = <None>
# Specify list of protocols to be allowed for share creation.
# Available values are '['NFS', 'CIFS', 'GLUSTERFS', 'HDFS', 'CEPHFS',
# 'MAPRFS']' (list value)
#enabled_share_protocols = NFS,CIFS
# Maximum time (in seconds) to keep a share in the recycle bin, it
# will be deleted automatically after this amount of time has elapsed.
# (integer value)
#soft_deleted_share_retention_time = 604800
# Maximum time (in seconds) to keep a share in awaiting_transfer
# state, after timeout, the share will automatically be rolled back to
# the available state (integer value)
#transfer_retention_time = 300
# Metadata keys that should only be manipulated by administrators.
# (list value)
#admin_only_metadata = __affinity_same_host,__affinity_different_host
# Metadata keys that will decide which share metadata (element of the
# list is <driver_updatable_key>, i.e max_files) can be passed to
# share drivers as part of metadata create/update operations. (list
# value)
#driver_updatable_metadata =
# Metadata keys that will decide which share network subnet metadata
# (element of the list is <driver_updatable_key>, e.g. pnfs) can be
# passed to share drivers as part of metadata create/update
# operations. (list value)
#driver_updatable_subnet_metadata =
# Whether Manila should update the status of all shares within a
# backend during ongoing ensure_shares run. (boolean value)
#update_shares_status_on_ensure = true
# Metadata keys for export locations that should only be manipulated
# by administrators. (list value)
#admin_only_el_metadata = preferred
# The full class name of the Compute API class to use. (string value)
#compute_api_class = manila.compute.nova.API
# The back end URL to use for distributed coordination. (string value)
#backend_url = file://$state_path
# The template for mounting NFS shares. (string value)
#backup_mount_template = mount -vt %(proto)s %(options)s %(export)s %(path)s
# The template for unmounting NFS shares. (string value)
#backup_unmount_template = umount -v %(path)s
# NFS backup export location in hostname:path, ipv4addr:path, or
# "[ipv6addr]:path" format. (string value)
#backup_mount_export = <None>
# Mount Protocol for mounting NFS shares (string value)
#backup_mount_proto = nfs
# Mount options passed to the NFS client. See NFS man page for
# details. (string value)
#backup_mount_options =
# Time to wait for access rules to be allowed/denied on backends when
# migrating a share (seconds). (integer value)
#data_access_wait_access_rules_timeout = 180
# A list of the IPs of the node interface connected to the admin
# network. Used for allowing access to the mounting shares. Default is
# []. (list value)
#data_node_access_ips =
# The certificate installed in the data node in order to allow access
# to certificate authentication-based shares. (string value)
#data_node_access_cert = <None>
# The admin user name registered in the security service in order to
# allow access to user authentication-based shares. (string value)
#data_node_access_admin_user = <None>
# Mount options to be included in the mount command for share
# protocols. Use dictionary format, example: {'nfs': '-o nfsvers=3',
# 'cifs': '-o user=foo,pass=bar'} (dict value)
#data_node_mount_options =
# Driver to use for backups. (string value)
#backup_driver = manila.data.drivers.nfs.NFSBackupDriver
# The template for mounting shares during backup. Must specify the
# executable with all necessary parameters for the protocol supported.
# 'proto' template element may not be required if included in the
# command. 'export' and 'path' template elements are required. It is
# advisable to separate different commands per backend. (string value)
#backup_share_mount_template = mount -vt %(proto)s %(options)s %(export)s %(path)s
# The template for unmounting shares during backup. Must specify the
# executable with all necessary parameters for the protocol supported.
# 'path' template element is required. It is advisable to separate
# different commands per backend. (string value)
#backup_share_unmount_template = umount -v %(path)s
# List of files and folders to be ignored when backing up shares.
# Items should be names (not including any path). (list value)
#backup_ignore_files = lost+found
# Protocol access mapping for backup. Should be a dictionary comprised
# of {'access_type1': ['share_proto1', 'share_proto2'],
# 'access_type2': ['share_proto2', 'share_proto3']}. (dict value)
#backup_protocol_access_mapping = ip:['nfs']
# Temporary path to create and mount shares during migration. (string
# value)
#mount_tmp_location = /tmp/
# Temporary path to create and mount backup during share backup.
# (string value)
#backup_mount_tmp_location = /tmp/
# Chooses whether hash of each file should be checked on data copying.
# (boolean value)
#check_hash = false
# This value, specified in seconds, determines how often the data
# manager will poll to perform the next steps of backup such as fetch
# the progress of backup. (integer value)
#backup_continue_update_interval = 10
# This value, specified in seconds, determines how often the data
# manager will poll to perform the next steps of restore such as fetch
# the progress of restore. (integer value)
#restore_continue_update_interval = 10
# The backend to use for database. (string value)
#db_backend = sqlalchemy
# Services to be added to the available pool on create. (boolean
# value)
#enable_new_services = true
# Template string to be used to generate share names. (string value)
#share_name_template = share-%s
# Template string to be used to generate share snapshot names. (string
# value)
#share_snapshot_name_template = share-snapshot-%s
# Template string to be used to generate backup names. (string value)
#share_backup_name_template = share-backup-%s
# Driver to use for database access. (string value)
#db_driver = manila.db
# Whether to make exception message format errors fatal. (boolean
# value)
#fatal_exception_format_errors = false
# The full class name of the Glance API class to use. (string value)
#image_api_class = manila.image.glance.API
# Message minimum life in seconds. (integer value)
#message_ttl = 2592000
# Interval between periodic task runs to clean expired messages in
# seconds. (integer value)
#message_reap_interval = 86400
# Name of Open vSwitch bridge to use. (string value)
#ovs_integration_bridge = br-int
# The full class name of the Networking API class to use. (string
# value)
#network_api_class = manila.network.neutron.neutron_network_plugin.NeutronNetworkPlugin
# Whether to support IPv4 network resource, Default=True. (boolean
# value)
#network_plugin_ipv4_enabled = true
# Whether to support IPv6 network resource, Default=False. If this
# option is True, the value of 'network_plugin_ipv4_enabled' will be
# ignored. (boolean value)
#network_plugin_ipv6_enabled = false
# The name of the physical network to determine which net segment is
# used. This opt is optional and will only be used for networks
# configured with multiple segments. (string value)
#neutron_physical_net_name = <None>
# Default Neutron network that will be used for share server creation.
# This opt is used only with class 'NeutronSingleNetworkPlugin'.
# (string value)
#neutron_net_id = <None>
# Default Neutron subnet that will be used for share server creation.
# Should be assigned to network defined in opt 'neutron_net_id'. This
# opt is used only with class 'NeutronSingleNetworkPlugin'. (string
# value)
#neutron_subnet_id = <None>
# vNIC type used for binding. (string value)
# Possible values:
# baremetal - <No description provided>
# normal - <No description provided>
# direct - <No description provided>
# direct-physical - <No description provided>
# macvtap - <No description provided>
#neutron_vnic_type = baremetal
# Host ID to be used when creating neutron port. If not set host is
# set to manila-share host by default. (string value)
#neutron_host_id = np9b4d951d8db74
# A list of binding profiles to be used during port binding. This
# option can be used with the NeutronBindNetworkPlugin. The value for
# this option has to be a comma separated list of names that
# correspond to each binding profile. Each binding profile needs to be
# specified as an individual configuration section using the binding
# profile name as the section name. (list value)
#neutron_binding_profiles = <None>
# Switch ID for binding profile. (string value)
#neutron_switch_id = <None>
# Port ID on the given switch. (string value)
#neutron_port_id = <None>
# Switch label. For example: 'switch_ip: 10.4.30.5'. Multiple key-
# value pairs separated by commas are accepted. (dict value)
#neutron_switch_info = <None>
# Gateway address that should be used. Required. (string value)
#standalone_network_plugin_gateway = <None>
# Network mask that will be used. Can be either decimal like '24' or
# binary like '255.255.255.0'. Required. (string value)
#standalone_network_plugin_mask = <None>
# Network type, such as 'flat', 'vlan', 'vxlan' or 'gre'. Empty value
# is alias for 'flat'. It will be assigned to share-network and share
# drivers will be able to use this for network interfaces within
# provisioned share servers. Optional. (string value)
# Possible values:
# flat - <No description provided>
# vlan - <No description provided>
# vxlan - <No description provided>
# gre - <No description provided>
#standalone_network_plugin_network_type = <None>
# Set it if network has segmentation (VLAN, VXLAN, etc...). It will be
# assigned to share-network and share drivers will be able to use this
# for network interfaces within provisioned share servers. Optional.
# Example: 1001 (integer value)
#standalone_network_plugin_segmentation_id = <None>
# Can be IP address, range of IP addresses or list of addresses or
# ranges. Contains addresses from IP network that are allowed to be
# used. If empty, then will be assumed that all host addresses from
# network can be used. Optional. Examples: 10.0.0.10 or
# 10.0.0.10-10.0.0.20 or
# 10.0.0.10-10.0.0.20,10.0.0.30-10.0.0.40,10.0.0.50 (list value)
#standalone_network_plugin_allowed_ip_ranges = <None>
# Maximum Transmission Unit (MTU) value of the network. Default value
# is 1500. (integer value)
#standalone_network_plugin_mtu = 1500
# The scheduler host manager class to use. (string value)
#scheduler_host_manager = manila.scheduler.host_manager.HostManager
# Maximum number of attempts to schedule a share. (integer value)
#scheduler_max_attempts = 3
# Which filter class names to use for filtering hosts when not
# specified in the request. (list value)
#scheduler_default_filters = OnlyHostFilter,AvailabilityZoneFilter,CapacityFilter,CapabilitiesFilter,DriverFilter,ShareReplicationFilter,CreateFromSnapshotFilter,AffinityFilter,AntiAffinityFilter
# Which weigher class names to use for weighing hosts. (list value)
#scheduler_default_weighers = CapacityWeigher,GoodnessWeigher,HostAffinityWeigher
# Which filter class names to use for filtering hosts creating share
# group when not specified in the request. (list value)
#scheduler_default_share_group_filters = AvailabilityZoneFilter,ConsistentSnapshotFilter
# Which filter class names to use for filtering hosts extending share
# when not specified in the request. (list value)
#scheduler_default_extend_filters = CapacityFilter,DriverFilter
# Default scheduler driver to use. (string value)
#scheduler_driver = manila.scheduler.drivers.filter.FilterScheduler
# Absolute path to scheduler configuration JSON file. (string value)
#scheduler_json_config_location =
# Maximum number of volume gigabytes to allow per host. (integer
# value)
#max_gigabytes = 10000
# Multiplier used for weighing share capacity. Negative numbers mean
# to stack vs spread. (floating point value)
#capacity_weight_multiplier = 1.0
# Multiplier used for weighing pools which have existing share
# servers. Negative numbers mean to spread vs stack. (floating point
# value)
#pool_weight_multiplier = 1.0
# Seconds between nodes reporting state to datastore. (integer value)
#report_interval = 10
# Seconds between cleaning up the stopped nodes. (integer value)
# Minimum value: 300
#cleanup_interval = 1800
# Seconds between running periodic tasks. (integer value)
#periodic_interval = 60
# Range of seconds to randomly delay when starting the periodic task
# scheduler to reduce stampeding. (Disable by setting to 0) (integer
# value)
#periodic_fuzzy_delay = 60
# IP address for OpenStack Share API to listen on. (host address
# value)
#osapi_share_listen = ::
# Port for OpenStack Share API to listen on. (port value)
# Minimum value: 0
# Maximum value: 65535
#osapi_share_listen_port = 8786
# Number of workers for OpenStack Share API service. (integer value)
#osapi_share_workers = 1
# Wraps the socket in a SSL context if True is set. A certificate file
# and key file must be specified. (boolean value)
#osapi_share_use_ssl = false
# If set to False, then share creation from snapshot will be performed
# on the same host. If set to True, then scheduler will be used.When
# enabling this option make sure that filter CreateFromSnapshotFilter
# is enabled and to have hosts reporting replication_domain option.
# (boolean value)
#use_scheduler_creating_share_from_snapshot = false
# Default prefix that will be used if none is providedthrough
# share_type extra specs. Prefix will only beused if share_type
# support mount_point_name. (string value)
#default_mount_point_prefix = {project_id}_
# Whether to delete shares and share snapshots in a deferred manner.
# Setting this option to True will cause quotas to be released
# immediately if a deletion request is accepted. Deletions may
# eventually fail, and rectifying them will require manual
# intervention. (boolean value)
#is_deferred_deletion_enabled = false
# Directory where Ganesha config files are stored. (string value)
#ganesha_config_dir = /etc/ganesha
# Path to main Ganesha config file. (string value)
#ganesha_config_path = $ganesha_config_dir/ganesha.conf
# Name of the ganesha nfs service. (string value)
#ganesha_service_name = ganesha.nfsd
# Location of Ganesha database file. (Ganesha module only.) (string
# value)
#ganesha_db_path = $state_path/manila-ganesha.db
# Path to directory containing Ganesha export configuration. (Ganesha
# module only.) (string value)
#ganesha_export_dir = $ganesha_config_dir/export.d
# Path to directory containing Ganesha export block templates.
# (Ganesha module only.) (string value)
#ganesha_export_template_dir = /etc/manila/ganesha-export-templ.d
# Persist Ganesha exports and export counter in Ceph RADOS objects,
# highly available storage. (boolean value)
#ganesha_rados_store_enable = false
# Name of the Ceph RADOS pool to store Ganesha exports and export
# counter. (string value)
#ganesha_rados_store_pool_name = <None>
# Name of the Ceph RADOS object used as the Ganesha export counter.
# (string value)
#ganesha_rados_export_counter = ganesha-export-counter
# Name of the Ceph RADOS object used to store a list of the export
# RADOS object URLS. (string value)
#ganesha_rados_export_index = ganesha-export-index
# Number of times to attempt to run flakey shell commands. (integer
# value)
#num_shell_tries = 3
# The percentage of backend capacity reserved. Used for shares which
# are not created from the snapshot. (integer value)
#reserved_share_percentage = 0
# The percentage of backend capacity reserved. Used for shares created
# from the snapshot. On some platforms, shares can only be created
# from the snapshot on the host where snapshot was taken, so we can
# set a lower value in this option compared to
# reserved_share_percentage, and allow to create shares from the
# snapshot on the same host up to a higher threshold. (integer value)
#reserved_share_from_snapshot_percentage = 0
# The percentage of backend capacity reserved for share extend
# operation. When existing limit of 'reserved_share_percentage' is
# hit, we do not want user to create a new share but existing shares
# can be extended based on value of this parameter. (integer value)
#reserved_share_extend_percentage = 0
# The backend name for a given driver implementation. (string value)
#share_backend_name = <None>
# Name of the configuration group in the Manila conf file to look for
# network config options.If not set, the share backend's config group
# will be used.If an option is not found within provided group, then
# 'DEFAULT' group will be used for search of option. (string value)
#network_config_group = <None>
# There are two possible approaches for share drivers in Manila. First
# is when share driver is able to handle share-servers and second when
# not. Drivers can support either both or only one of these
# approaches. So, set this opt to True if share driver is able to
# handle share servers and it is desired mode else set False. It is
# set to None by default to make this choice intentional. (boolean
# value)
#driver_handles_share_servers = <None>
# Float representation of the over subscription ratio when thin
# provisioning is involved. Default ratio is 20.0, meaning provisioned
# capacity can be 20 times the total physical capacity. If the ratio
# is 10.5, it means provisioned capacity can be 10.5 times the total
# physical capacity. A ratio of 1.0 means provisioned capacity cannot
# exceed the total physical capacity. A ratio lower than 1.0 is
# invalid. (floating point value)
# Minimum value: 1.0
#max_over_subscription_ratio = 20.0
# List of files and folders to be ignored when migrating shares. Items
# should be names (not including any path). (list value)
#migration_ignore_files = lost+found
# The template for mounting shares for this backend. Must specify the
# executable with all necessary parameters for the protocol supported.
# 'proto' template element may not be required if included in the
# command. 'export' and 'path' template elements are required. It is
# advisable to separate different commands per backend. (string value)
#share_mount_template = mount -vt %(proto)s %(options)s %(export)s %(path)s
# The template for unmounting shares for this backend. Must specify
# the executable with all necessary parameters for the protocol
# supported. 'path' template element is required. It is advisable to
# separate different commands per backend. (string value)
#share_unmount_template = umount -v %(path)s
# Protocol access mapping for this backend. Should be a dictionary
# comprised of {'access_type1': ['share_proto1', 'share_proto2'],
# 'access_type2': ['share_proto2', 'share_proto3']}. (dict value)
#protocol_access_mapping = ip:['nfs'],user:['cifs']
# If share driver requires to setup admin network for share, then
# define network plugin config options in some separate config group
# and set its name here. Used only with another option
# 'driver_handles_share_servers' set to 'True'. (string value)
#admin_network_config_group = <None>
# A string specifying the replication domain that the backend belongs
# to. This option needs to be specified the same in the configuration
# sections of all backends that support replication between each
# other. If this option is not specified in the group, it means that
# replication is not enabled on the backend. (string value)
#replication_domain = <None>
# Availability zone for this share backend. If not set, the
# ``storage_availability_zone`` option from the ``[DEFAULT]`` section
# is used. (string value)
#backend_availability_zone = <None>
# String representation for an equation that will be used to filter
# hosts. (string value)
#filter_function = <None>
# String representation for an equation that will be used to determine
# the goodness of a host. (string value)
#goodness_function = <None>
# Maximum number of share instances created in a share server.
# (integer value)
#max_shares_per_share_server = -1
# Maximum sum of gigabytes a share server can have considering all its
# share instances and snapshots. (integer value)
#max_share_server_size = -1
# Backend server SSH connection timeout. (integer value)
#ssh_conn_timeout = 60
# Minimum number of connections in the SSH pool. (integer value)
#ssh_min_pool_conn = 1
# Maximum number of connections in the SSH pool. (integer value)
#ssh_max_pool_conn = 10
# The full class name of the Private Data Driver class to use. (string
# value)
#drivers_private_storage_class = manila.share.drivers_private_data.SqlStorageDriver
# Fully qualified path to the ceph.conf file. (string value)
#cephfs_conf_path =
# The name of the cluster in use, if it is not the default ('ceph').
# (string value)
#cephfs_cluster_name = <None>
# The name of the ceph auth identity to use. (string value)
#cephfs_auth_id = manila
# DEPRECATED: The prefix of the cephfs volume path. (string value)
# This option is deprecated for removal since Wallaby.
# Its value may be silently ignored in the future.
# Reason: This option is not used starting with the Nautilus release
# of Ceph.
#cephfs_volume_path_prefix = /volumes
# The type of protocol helper to use. Default is CEPHFS. (string
# value)
# Possible values:
# CEPHFS - <No description provided>
# NFS - <No description provided>
#cephfs_protocol_helper_type = CEPHFS
# DEPRECATED: Whether the NFS-Ganesha server is remote to the driver.
# (boolean value)
# This option is deprecated for removal since 2025.1.
# Its value may be silently ignored in the future.
# Reason: This option is used by the deprecated NFSProtocolHelper
#cephfs_ganesha_server_is_remote = false
# The IP address of the NFS-Ganesha server. (host address value)
#cephfs_ganesha_server_ip = <None>
# DEPRECATED: The username to authenticate as in the remote NFS-
# Ganesha server host. (string value)
# This option is deprecated for removal since 2025.1.
# Its value may be silently ignored in the future.
# Reason: This option is used by the deprecated NFSProtocolHelper
#cephfs_ganesha_server_username = root
# DEPRECATED: The path of the driver host's private SSH key file.
# (string value)
# This option is deprecated for removal since 2025.1.
# Its value may be silently ignored in the future.
# Reason: This option is used by the deprecated NFSProtocolHelper
#cephfs_ganesha_path_to_private_key = <None>
# DEPRECATED: The password to authenticate as the user in the remote
# Ganesha server host. This is not required if
# 'cephfs_ganesha_path_to_private_key' is configured. (string value)
# This option is deprecated for removal since 2025.1.
# Its value may be silently ignored in the future.
# Reason: This option is used by the deprecated NFSProtocolHelper
#cephfs_ganesha_server_password = <None>
# List of IPs to export shares. If not supplied, then the value of
# 'cephfs_ganesha_server_ip' will be used to construct share export
# locations. (list value)
#cephfs_ganesha_export_ips =
# The read/write/execute permissions mode for CephFS volumes,
# snapshots, and snapshot groups expressed in Octal as with linux
# 'chmod' or 'umask' commands. (string value)
#cephfs_volume_mode = 755
# The name of the filesystem to use, if there are multiple filesystems
# in the cluster. (string value)
#cephfs_filesystem_name = <None>
# Provide a unique string value to make the driver ensure all of the
# shares it has created during startup. Ensuring would re-export
# shares and this action isn't always required, unless something has
# been administratively modified on CephFS. (string value)
#cephfs_ensure_all_shares_salt = manila_cephfs_reef_caracal
# The maximum time in seconds that the cached pool data will be
# considered updated. If it is expired when trying to read the pool
# data, it must be refreshed. (integer value)
# Minimum value: 0
#cephfs_cached_allocated_capacity_update_interval = 60
# Linux bridge used by container hypervisor to plug host-side veth to.
# It will be unplugged from here by the driver. (string value)
#container_linux_bridge_name = docker0
# OVS bridge to use to plug a container to. (string value)
#container_ovs_bridge_name = br-int
# Determines whether to allow guest access to CIFS share or not.
# (boolean value)
#container_cifs_guest_ok = true
# Image to be used for a container-based share server. (string value)
#container_image_name = manila-docker-container
# Container helper which provides container-related operations to the
# driver. (string value)
#container_helper = manila.share.drivers.container.container_helper.DockerExecHelper
# Helper which facilitates interaction with share server. (string
# value)
#container_protocol_helper = manila.share.drivers.container.protocol_helper.DockerCIFSHelper
# Helper which facilitates interaction with security services. (string
# value)
#container_security_service_helper = manila.share.drivers.container.security_service_helper.SecurityServiceHelper
# Helper which facilitates interaction with storage solution used to
# actually store data. By default LVM is used to provide storage for a
# share. (string value)
#container_storage_helper = manila.share.drivers.container.storage_helper.LVMHelper
# Folder name in host to which logical volume will be mounted prior to
# providing access to it from a container. (string value)
#container_volume_mount_path = /tmp/shares
# LVM volume group to use for volumes. This volume group must be
# created by the cloud administrator independently from manila
# operations. (string value)
#container_volume_group = manila_docker_volumes
# User name for the EMC server. (string value)
#emc_nas_login = <None>
# Password for the EMC server. (string value)
#emc_nas_password = <None>
# EMC server hostname or IP address. (host address value)
#emc_nas_server = <None>
# Port number for the EMC server. (port value)
# Minimum value: 0
# Maximum value: 65535
#emc_nas_server_port = 8080
# Use secure connection to server. (boolean value)
#emc_nas_server_secure = true
# Share backend. (string value)
# Possible values:
# powerscale - <No description provided>
# isilon - <No description provided>
# vnx - <No description provided>
# unity - <No description provided>
# powermax - <No description provided>
# powerstore - <No description provided>
# powerflex - <No description provided>
#emc_share_backend = <None>
# The root directory where shares will be located. (string value)
#emc_nas_root_dir = <None>
# If set to False the https client will not validate the SSL
# certificate of the backend endpoint. (boolean value)
#emc_ssl_cert_verify = true
# Can be used to specify a non default path to a CA_BUNDLE file or
# directory with certificates of trusted CAs, which will be used to
# validate the backend. (string value)
#emc_ssl_cert_path = <None>
# Data mover to host the NAS server. (string value)
#powermax_server_container = <None>
# Comma separated list of pools that can be used to persist share
# data. (list value)
#powermax_share_data_pools = <None>
# Comma separated list of ports that can be used for share server
# interfaces. Members of the list can be Unix-style glob expressions.
# (list value)
#powermax_ethernet_ports = <None>
# Path to smb config. (string value)
#smb_template_config_path = $state_path/smb.conf
# Volume name template. (string value)
#volume_name_template = manila-share-%s
# Volume snapshot name template. (string value)
#volume_snapshot_name_template = manila-snapshot-%s
# Parent path in service instance where shares will be mounted.
# (string value)
#share_mount_path = /shares
# Maximum time to wait for creating cinder volume. (integer value)
#max_time_to_create_volume = 180
# Maximum time to wait for extending cinder volume. (integer value)
#max_time_to_extend_volume = 180
# Maximum time to wait for attaching cinder volume. (integer value)
#max_time_to_attach = 120
# Path to SMB config in service instance. (string value)
#service_instance_smb_config_path = $share_mount_path/smb.conf
# Specify list of share export helpers. (list value)
#share_helpers = CIFS=manila.share.drivers.helpers.CIFSHelperIPAccess,NFS=manila.share.drivers.helpers.NFSHelper
# Filesystem type of the share volume. (string value)
# Possible values:
# ext4 - <No description provided>
# ext3 - <No description provided>
#share_volume_fstype = ext4
# Name or id of cinder volume type which will be used for all volumes
# created by driver. (string value)
#cinder_volume_type = <None>
# Remote GlusterFS server node's login password. This is not required
# if 'glusterfs_path_to_private_key' is configured. (string value)
#glusterfs_server_password = <None>
# Path of Manila host's private SSH key file. (string value)
#glusterfs_path_to_private_key = <None>
# Type of NFS server that mediate access to the Gluster volumes
# (Gluster or Ganesha). (string value)
#glusterfs_nfs_server_type = Gluster
# Remote Ganesha server node's IP address. (host address value)
#glusterfs_ganesha_server_ip = <None>
# Remote Ganesha server node's username. (string value)
#glusterfs_ganesha_server_username = root
# Remote Ganesha server node's login password. This is not required if
# 'glusterfs_path_to_private_key' is configured. (string value)
#glusterfs_ganesha_server_password = <None>
# Specifies GlusterFS share layout, that is, the method of associating
# backing GlusterFS resources to shares. (string value)
#glusterfs_share_layout = <None>
# Specifies the GlusterFS volume to be mounted on the Manila host. It
# is of the form [remoteuser@]<volserver>:<volid>. (string value)
#glusterfs_target = <None>
# Base directory containing mount points for Gluster volumes. (string
# value)
#glusterfs_mount_point_base = $state_path/mnt
# List of GlusterFS servers that can be used to create shares. Each
# GlusterFS server should be of the form [remoteuser@]<volserver>, and
# they are assumed to belong to distinct Gluster clusters. (list
# value)
#glusterfs_servers =
# Regular expression template used to filter GlusterFS volumes for
# share creation. The regex template can optionally (ie. with support
# of the GlusterFS backend) contain the #{size} parameter which
# matches an integer (sequence of digits) in which case the value
# shall be interpreted as size of the volume in GB. Examples: "manila-
# share-volume-\d+$", "manila-share-volume-#{size}G-\d+$"; with
# matching volume names, respectively: "manila-share-volume-12",
# "manila-share-volume-3G-13". In latter example, the number that
# matches "#{size}", that is, 3, is an indication that the size of
# volume is 3G. (string value)
#glusterfs_volume_pattern = <None>
# The IP of the HDFS namenode. (host address value)
#hdfs_namenode_ip = <None>
# The port of HDFS namenode service. (port value)
# Minimum value: 0
# Maximum value: 65535
#hdfs_namenode_port = 9000
# HDFS namenode SSH port. (port value)
# Minimum value: 0
# Maximum value: 65535
#hdfs_ssh_port = 22
# HDFS namenode ssh login name. (string value)
#hdfs_ssh_name = <None>
# HDFS namenode SSH login password, This parameter is not necessary,
# if 'hdfs_ssh_private_key' is configured. (string value)
#hdfs_ssh_pw = <None>
# Path to HDFS namenode SSH private key for login. (string value)
#hdfs_ssh_private_key = <None>
# HNAS management interface IP for communication between Manila
# controller and HNAS. (host address value)
#hitachi_hnas_ip = <None>
# HNAS username Base64 String in order to perform tasks such as create
# file-systems and network interfaces. (string value)
#hitachi_hnas_user = <None>
# HNAS user password. Required only if private key is not provided.
# (string value)
#hitachi_hnas_password = <None>
# Specify which EVS this backend is assigned to. (integer value)
#hitachi_hnas_evs_id = <None>
# Specify IP for mounting shares. (host address value)
#hitachi_hnas_evs_ip = <None>
# Specify IP for mounting shares in the Admin network. (host address
# value)
#hitachi_hnas_admin_network_ip = <None>
# Specify file-system name for creating shares. (string value)
#hitachi_hnas_file_system_name = <None>
# RSA/DSA private key value used to connect into HNAS. Required only
# if password is not provided. (string value)
#hitachi_hnas_ssh_private_key = <None>
# The IP of the clusters admin node. Only set in HNAS multinode
# clusters. (host address value)
#hitachi_hnas_cluster_admin_ip0 = <None>
# The time (in seconds) to wait for stalled HNAS jobs before aborting.
# (integer value)
#hitachi_hnas_stalled_job_timeout = 30
# Python class to be used for driver helper. (string value)
#hitachi_hnas_driver_helper = manila.share.drivers.hitachi.hnas.ssh.HNASSSHBackend
# By default, CIFS snapshots are not allowed to be taken when the
# share has clients connected because consistent point-in-time replica
# cannot be guaranteed for all files. Enabling this might cause
# inconsistent snapshots on CIFS shares. (boolean value)
#hitachi_hnas_allow_cifs_snapshot_while_mounted = false
# HSP management host for communication between Manila controller and
# HSP. (host address value)
#hitachi_hsp_host = <None>
# HSP username to perform tasks such as create filesystems and shares.
# (string value)
#hitachi_hsp_username = <None>
# HSP password for the username provided. (string value)
#hitachi_hsp_password = <None>
# 3PAR WSAPI Server Url like https://<3par ip>:8080/api/v1 (string
# value)
#hpe3par_api_url =
# 3PAR username with the 'edit' role (string value)
#hpe3par_username =
# 3PAR password for the user specified in hpe3par_username (string
# value)
#hpe3par_password =
# IP address of SAN controller (host address value)
#hpe3par_san_ip = <None>
# Username for SAN controller (string value)
#hpe3par_san_login =
# Password for SAN controller (string value)
#hpe3par_san_password =
# SSH port to use with SAN (port value)
# Minimum value: 0
# Maximum value: 65535
#hpe3par_san_ssh_port = 22
# The File Provisioning Group (FPG) to use (FPG)
#hpe3par_fpg = <None>
# Use one filestore per share (boolean value)
#hpe3par_fstore_per_share = false
# Require IP access rules for CIFS (in addition to user) (boolean
# value)
#hpe3par_require_cifs_ip = false
# Enable HTTP debugging to 3PAR (boolean value)
#hpe3par_debug = false
# File system admin user name for CIFS. (string value)
#hpe3par_cifs_admin_access_username =
# File system admin password for CIFS. (string value)
#hpe3par_cifs_admin_access_password =
# File system domain for the CIFS admin user. (string value)
#hpe3par_cifs_admin_access_domain = LOCAL_CLUSTER
# The path where shares will be mounted when deleting nested file
# trees. (string value)
#hpe3par_share_mount_path = /mnt/
# The configuration file for the Manila Huawei driver. (string value)
#manila_huawei_conf_file = /etc/manila/manila_huawei_conf.xml
# IP to be added to GPFS export string. (host address value)
#gpfs_share_export_ip = <None>
# Base folder where exported shares are located. (string value)
#gpfs_mount_point_base = $state_path/mnt
# NFS Server type. Valid choices are "CES" (Ganesha NFS) or "KNFS"
# (Kernel NFS). (string value)
#gpfs_nfs_server_type = CES
# A list of the fully qualified NFS server names that make up the
# OpenStack Manila configuration. (list value)
#gpfs_nfs_server_list = <None>
# True:when Manila services are running on one of the Spectrum Scale
# node. False:when Manila services are not running on any of the
# Spectrum Scale node. (boolean value)
#is_gpfs_node = false
# GPFS server SSH port. (port value)
# Minimum value: 0
# Maximum value: 65535
#gpfs_ssh_port = 22
# GPFS server SSH login name. (string value)
#gpfs_ssh_login = <None>
# GPFS server SSH login password. The password is not needed, if
# 'gpfs_ssh_private_key' is configured. (string value)
#gpfs_ssh_password = <None>
# Path to GPFS server SSH private key for login. (string value)
#gpfs_ssh_private_key = <None>
# Specify list of share export helpers. (list value)
#gpfs_share_helpers = KNFS=manila.share.drivers.ibm.gpfs.KNFSHelper,CES=manila.share.drivers.ibm.gpfs.CESHelper
# Administrative user account name used to access the INFINIDAT
# Infinibox storage system. (string value)
#infinibox_login = <None>
# Password for the administrative user account specified in the
# infinibox_login option. (string value)
#infinibox_password = <None>
# The name (or IP address) for the INFINIDAT Infinibox storage system.
# (host address value)
#infinibox_hostname = <None>
# Use SSL to connect to the INFINIDAT Infinibox storage system.
# (boolean value)
#infinidat_use_ssl = false
# Suppress requests library SSL certificate warnings. (boolean value)
#infinidat_suppress_ssl_warnings = false
# Name of the pool from which volumes are allocated. (string value)
#infinidat_pool_name = <None>
# Name of the NAS network space on the INFINIDAT InfiniBox. (string
# value)
#infinidat_nas_network_space_name = <None>
# Use thin provisioning. (boolean value)
#infinidat_thin_provision = true
# Controls access to the .snapshot directory. By default, each share
# allows access to its own .snapshot directory, which contains files
# and directories of each snapshot taken. To restrict access to the
# .snapshot directory, this option should be set to False. (boolean
# value)
#infinidat_snapdir_accessible = true
# Controls visibility of the .snapshot directory. By default, each
# share contains the .snapshot directory, which is hidden on the
# client side. To make the .snapshot directory visible, this option
# should be set to True. (boolean value)
#infinidat_snapdir_visible = false
# Infortrend NAS IP for management. (host address value)
#infortrend_nas_ip = <None>
# User for the Infortrend NAS server. (string value)
#infortrend_nas_user = manila
# Password for the Infortrend NAS server. This is not necessary if
# infortrend_nas_ssh_key is set. (string value)
#infortrend_nas_password = <None>
# SSH key for the Infortrend NAS server. This is not necessary if
# infortrend_nas_password is set. (string value)
#infortrend_nas_ssh_key = <None>
# Comma separated list of Infortrend NAS pools. (list value)
#infortrend_share_pools = <None>
# Comma separated list of Infortrend channels. (list value)
#infortrend_share_channels = <None>
# SSH timeout in seconds. (integer value)
#infortrend_ssh_timeout = 30
# IP address for the AS13000 storage. (host address value)
#as13000_nas_ip = <None>
# Port number for the AS13000 storage. (port value)
# Minimum value: 0
# Maximum value: 65535
#as13000_nas_port = 8088
# Username for the AS13000 storage (string value)
#as13000_nas_login = <None>
# Password for the AS13000 storage (string value)
#as13000_nas_password = <None>
# The Storage Pools Manila should use, a comma separated list (list
# value)
#as13000_share_pools = <None>
# The effective time of token validity in seconds. (integer value)
#as13000_token_available_time = 3600
# IP address for the InStorage. (host address value)
#instorage_nas_ip = <None>
# Port number for the InStorage. (port value)
# Minimum value: 0
# Maximum value: 65535
#instorage_nas_port = 22
# Username for the InStorage. (string value)
#instorage_nas_login = <None>
# Password for the InStorage. (string value)
#instorage_nas_password = <None>
# The Storage Pools Manila should use, a comma separated list. (list
# value)
#instorage_nas_pools = <None>
# IP address for the Macrosan NAS server. (host address value)
#macrosan_nas_ip = <None>
# Port number for the Macrosan NAS server. (port value)
# Minimum value: 0
# Maximum value: 65535
#macrosan_nas_port = 8443
# Username for the Macrosan NAS server. (string value)
#macrosan_nas_username = manila
# Password for the Macrosan NAS server. (string value)
#macrosan_nas_password = <None>
# Http protocol for the Macrosan NAS server. (string value)
# Possible values:
# http - <No description provided>
# https - <No description provided>
#macrosan_nas_http_protocol = https
# Defines whether the driver should check ssl cert. (boolean value)
#macrosan_ssl_cert_verify = false
# Url prefix for the Macrosan NAS server. (string value)
#macrosan_nas_prefix = nas
# Comma separated list of Macrosan NAS pools. (list value)
#macrosan_share_pools = <None>
# request timeout in seconds. (integer value)
#macrosan_timeout = 60
# The list of IPs or hostnames of nodes where mapr-core is installed.
# (list value)
#maprfs_clinode_ip = <None>
# CLDB node SSH port. (port value)
# Minimum value: 0
# Maximum value: 65535
#maprfs_ssh_port = 22
# Cluster admin user ssh login name. (string value)
#maprfs_ssh_name = mapr
# Cluster node SSH login password, This parameter is not necessary, if
# 'maprfs_ssh_private_key' is configured. (string value)
#maprfs_ssh_pw = <None>
# Path to SSH private key for login. (string value)
#maprfs_ssh_private_key = <None>
# Path in MapRFS where share volumes must be created. (string value)
#maprfs_base_volume_dir = /
# The list of IPs or hostnames of ZooKeeper nodes. (list value)
#maprfs_zookeeper_ip = <None>
# The list of IPs or hostnames of CLDB nodes. (list value)
#maprfs_cldb_ip = <None>
# Specify whether existing volume should be renamed when start
# managing. (boolean value)
#maprfs_rename_managed_volume = true
# Base folder where exported shares are located. (string value)
#lvm_share_export_root = $state_path/mnt
# List of IPs to export shares belonging to the LVM storage driver.
# (list value)
#lvm_share_export_ips = <None>
# If set, create LVMs with multiple mirrors. Note that this requires
# lvm_mirrors + 2 PVs with available space. (integer value)
#lvm_share_mirrors = 0
# Name for the VG that will contain exported shares. (string value)
#lvm_share_volume_group = lvm-shares
# Specify list of share export helpers. (list value)
#lvm_share_helpers = CIFS=manila.share.drivers.helpers.CIFSHelperUserAccess,NFS=manila.share.drivers.helpers.NFSHelper
# The storage family type used on the storage system; valid values
# include ontap_cluster for using clustered Data ONTAP. (string value)
#netapp_storage_family = ontap_cluster
# The hostname (or IP address) for the storage system. (host address
# value)
#netapp_server_hostname = <None>
# The TCP port to use for communication with the storage system or
# proxy server. If not specified, Data ONTAP drivers will use 80 for
# HTTP and 443 for HTTPS. (port value)
# Minimum value: 0
# Maximum value: 65535
#netapp_server_port = <None>
# The ONTAP client used for retrieving and modifying data on the
# storage. The legacy client relies mostly on ZAPI calls, only using
# REST calls for SVM migrate feature. If set to False, the new REST
# client is used, which runs REST calls if supported, otherwise falls
# back to the equivalent ZAPI call. (boolean value)
#netapp_use_legacy_client = true
# The transport protocol used when communicating with the storage
# system or proxy server. Valid values are http or https. (string
# value)
#netapp_transport_type = http
# The path to a CA_BUNDLE file or directory with certificates of
# trusted CA. If set to a directory, it must have been processed using
# the c_rehash utility supplied with OpenSSL. If not informed, it will
# use the Mozilla's carefully curated collection of Root Certificates
# for validating the trustworthiness of SSL certificates. (string
# value)
#netapp_ssl_cert_path = <None>
# Administrative user account name used to access the storage system.
# (string value)
#netapp_login = <None>
# Password for the administrative user account specified in the
# netapp_login option. (string value)
#netapp_password = <None>
# For self signed certificate: This file contains the private key
# associated with the self-signed certificate. It is a sensitive file
# that should be kept secure and protected. The private key is used to
# sign the certificate and establish the authenticity and integrity of
# the certificate during the authentication process. For ca verified
# certificate: This file contains the private key associated with the
# certificate. It is generated when creating the certificate signing
# request (CSR) and should be kept secure and protected. The private
# key is used to sign the CSR and later used to establish secure
# connections and authenticate the entity. (string value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#netapp_private_key_file = /path/to/private_key.key,
# For self signed certificate: This file contains the self-signed
# digital certificate itself. It includes information about the entity
# such as the common name (e.g., domain name), organization details,
# validity period, and public key. The certificate file is generated
# based on the private key and is used by clients or systems to verify
# the entity identity during the authentication process. For ca
# verified certificate: This file contains the digital certificate
# issued by the trusted third-party certificate authority (CA). It
# includes information about the entity identity, public key, and the
# CA that issued the certificate. The certificate file is used by
# clients or systems to verify the authenticity and integrity of the
# entity during the authentication process. (string value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#netapp_certificate_file = /path/to/certificate.pem
# This is applicable only for ca verified certificate. This file
# contains the public key certificate of the trusted third-party
# certificate authority (CA) that issued the certificate. It is used
# by clients or systems to validate the authenticity of the
# certificate presented by the entity. The CA certificate file is
# typically pre-configured in the trust store of clients or systems to
# establish trust in certificates issued by that CA. (string value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#netapp_ca_certificate_file = /path/to/ca_certificate.crt
# Enable certificate verification (boolean value)
#netapp_certificate_host_validation = false
# The NFS protocol versions that will be enabled. Supported values
# include nfs3, nfs4.0, nfs4.1. This option only applies when the
# option driver_handles_share_servers is set to True. (list value)
#netapp_enabled_share_protocols = nfs3,nfs4.0
# NetApp volume name template. (string value)
#netapp_volume_name_template = share_%(share_id)s
# Name template to use for new Vserver. When using CIFS protocol make
# sure to not configure characters illegal in DNS hostnames. (string
# value)
#netapp_vserver_name_template = os_%s
# NetApp QoS policy group name template. (string value)
#netapp_qos_policy_group_name_template = qos_share_%(share_id)s
# Pattern for overriding the selection of network ports on which to
# create Vserver LIFs. (string value)
#netapp_port_name_search_pattern = (.*)
# Logical interface (LIF) name template (string value)
#netapp_lif_name_template = os_%(net_allocation_id)s
# Path to interact with auth tokens (string value)
#netapp_identity_auth_token_path =
# Pattern for searching available aggregates for provisioning. (string
# value)
#netapp_aggregate_name_search_pattern = (.*)
# Name of aggregate to create Vserver root volumes on. This option
# only applies when the option driver_handles_share_servers is set to
# True. (string value)
#netapp_root_volume_aggregate = <None>
# Root volume name. (string value)
#netapp_root_volume = root
# The number of hours that a deleted volume should be retained before
# the delete is completed. (integer value)
# Minimum value: 0
#netapp_delete_retention_hours = 12
# The percentage of share space set aside as reserve for snapshot
# usage; valid values range from 0 to 90. (integer value)
# Minimum value: 0
# Maximum value: 90
#netapp_volume_snapshot_reserve_percent = 5
# This option forces all existing shares to have their snapshot
# directory visibility set to either 'visible' or 'hidden' during
# driver startup. If set to 'default', nothing will be changed during
# startup. This will not affect new shares, which will have their
# snapshot directory always visible, unless toggled by the share type
# extra spec 'netapp:hide_snapdir'. (string value)
# Possible values:
# visible - <No description provided>
# hidden - <No description provided>
# default - <No description provided>
#netapp_reset_snapdir_visibility = default
# NetApp volume Snapshot policy names which will not be overriden by
# extra-specs. (list value)
#netapp_volume_snapshot_policy_exceptions = ec2_backups
# NetApp SnapMirror policy name template for Storage Virtual Machines
# (Vservers). (string value)
#netapp_snapmirror_policy_name_svm_template = snapmirror_policy_%(share_server_id)s
# NetApp FPolicy file operations to apply to a FPolicy event, when not
# provided by the user using "netapp:fpolicy_file_operations" extra-
# spec. (list value)
#netapp_fpolicy_default_file_operations = create,write,rename
# NetApp FPolicy policy name template. (string value)
#netapp_fpolicy_policy_name_template = fpolicy_policy_%(share_id)s
# NetApp FPolicy policy name template. (string value)
#netapp_fpolicy_event_name_template = fpolicy_event_%(protocol)s_%(share_id)s
# The maximum time in seconds that the cached aggregates status will
# be considered valid. Trying to read the expired cache leads to
# refreshing it. (integer value)
# Minimum value: 0
#netapp_cached_aggregates_status_lifetime = 60
# Specify if the FlexGroup pool is enabled. When it is enabled, the
# driver will report a single pool representing all aggregates (ONTAP
# chooses on which the share will be allocated). If you want to Manila
# control the aggregate selection, you can configure its custom
# FlexGroup pools through netapp_flexgroup_pools option. The FlexGroup
# placement is done either by ONTAP or Manila, not both. (boolean
# value)
#netapp_enable_flexgroup = false
# Multi opt of dict to represent the FlexGroup pools. A FlexGroup pool
# is configured with its name and its list of aggregates. Specify this
# option as many times as you have FlexGroup pools. Each entry takes
# the dict config form: netapp_flexgroup_pools = <pool_name>:
# <aggr_name1> <aggr_name2> .. (dict value)
#netapp_flexgroup_pools =
# Specify if the FlexVol pools must not be reported when the
# netapp_enable_flexgroup is enabled. (boolean value)
#netapp_flexgroup_pool_only = false
# Sets time in seconds to wait for a FlexGroup volume create to
# complete and go online. (integer value)
# Minimum value: 60
#netapp_flexgroup_volume_online_timeout = 360
# Provisioning FlexGroup share requires that all of its aggregates to
# not be busy deploying another volume. So, sets time in seconds to
# retry to create the FlexGroup share. (integer value)
# Minimum value: 60
#netapp_flexgroup_aggregate_not_busy_timeout = 360
# Sets time in seconds to wait for a FlexGroup snapshot to not be busy
# with clones after splitting them. (integer value)
# Minimum value: 60
#netapp_delete_busy_flexgroup_snapshot_timeout = 360
# Sets maximum amount of time in seconds to wait for a synchronous
# ONTAP REST API operation to be completed. (integer value)
# Minimum value: 60
#netapp_rest_operation_timeout = 60
# Defines the expiration time (in days) for the certificate created
# during the vserver creation. This option only applies when the
# option driver_handles_share_servers is set to True. (integer value)
# Minimum value: 1
# Maximum value: 3652
#netapp_security_cert_expire_days = 365
# Prevent the creation of a share server if total number of data LIFs
# on one node of HA pair, including those that can be migrated in case
# of failure, exceeds the maximum data LIFs supported by the node.
# This option guarantees that, in the event of a node failure, the
# partner node will be able to takeover all data LIFs. (boolean value)
#netapp_restrict_lif_creation_per_ha_pair = false
# This option enable/disable AES encryption for the share server based
# on the parameter value (True/False). (boolean value)
#netapp_cifs_aes_encryption = false
# This option enables the logical space reporting on a newly created
# vserver and logical space accounting on newly created volumes on
# this vserver. (boolean value)
#netapp_enable_logical_space_reporting = false
# The maximum time in seconds to wait for existing snapmirror
# transfers to complete before aborting when promoting a replica.
# (integer value)
# Minimum value: 0
#netapp_snapmirror_quiesce_timeout = 3600
# The maximum time in seconds to wait for a snapmirror release when
# breaking snapmirror relationships. (integer value)
# Minimum value: 0
#netapp_snapmirror_release_timeout = 3600
# An interval in either minutes or hours used to update the SnapMirror
# relationship. Few valid values are: 5min, 10min, 30min, hourly etc.
# The schedule at the "destination" host will be the one that will be
# considered when creating a new replica, or promoting a replica
# (string value)
#netapp_snapmirror_schedule = hourly
# The maximum time in seconds to wait for the completion of a volume
# move operation after the cutover was triggered. (integer value)
# Minimum value: 0
#netapp_volume_move_cutover_timeout = 3600
# The maximum time in seconds to wait for the completion of a volume
# clone split operation in order to start a volume move. (integer
# value)
# Minimum value: 0
#netapp_start_volume_move_timeout = 3600
# The maximum time in seconds that migration cancel waits for all
# migration operations be completely aborted. (integer value)
# Minimum value: 0
#netapp_migration_cancel_timeout = 3600
# The maximum time in seconds that a share server migration waits for
# a vserver to change its internal states. (integer value)
# Minimum value: 0
#netapp_server_migration_state_change_timeout = 3600
# Specify if the capacity check must be made by the driver while
# performing a share server migration. If enabled, the driver will
# validate if the destination backend can hold all shares and
# snapshots capacities from the source share server. (boolean value)
#netapp_server_migration_check_capacity = true
# The maximum time in seconds to wait for mounting a replica. (integer
# value)
# Minimum value: 0
#netapp_mount_replica_timeout = 3600
# Specify compatible backup_types for backend to provision backup
# share for SnapVault relationship. Multiple backup_types can be
# provided. If multiple backup types are enabled, create separate
# config sections for each backup type specifying the
# "netapp_backup_vserver", "netapp_backup_backend_section_name",
# "netapp_backup_volume", and "netapp_snapmirror_job_timeout" as
# appropriate. Example- netapp_enabled_backup_types = eng_backup,
# finance_backup (list value)
#netapp_enabled_backup_types =
# Backend (ONTAP cluster) name where backup volume will be
# provisioned. This is one of the backend which is enabled in
# manila.conf file. (string value)
#netapp_backup_backend_section_name = <None>
# vserver name of backend that is use for backup the share. When user
# provide vserver value then backup volume will be created under this
# vserver (string value)
#netapp_backup_vserver =
# Specify backup share name in case user wanted to backup the share.
# Some case user has dedicated volume for backup in this case use can
# provide dedicated volume. backup_share_server must be specified if
# backup_share is provided (string value)
#netapp_backup_volume =
# The maximum time in seconds to wait for a snapmirror related
# operation to backup to complete. (integer value)
# Minimum value: 0
#netapp_snapmirror_job_timeout = 1800
# One or more comma delimited IP addresses for management
# communication with NexentaStor appliance. (list value)
#nexenta_rest_addresses = <None>
# Port to connect to Nexenta REST API server. (integer value)
#nexenta_rest_port = 8443
# Use http or https for REST connection (default auto). (string value)
# Possible values:
# http - <No description provided>
# https - <No description provided>
# auto - <No description provided>
#nexenta_rest_protocol = auto
# Use HTTP secure protocol for NexentaStor management REST API
# connections (boolean value)
#nexenta_use_https = true
# User name to connect to Nexenta SA. (string value)
#nexenta_user = admin
# Password to connect to Nexenta SA. (string value)
#nexenta_password = <None>
# Volume name on NexentaStor. (string value)
#nexenta_volume = volume1
# Pool name on NexentaStor. (string value)
#nexenta_pool = pool1
# Defines whether share over NFS is enabled. (boolean value)
#nexenta_nfs = true
# Defines whether the driver should check ssl cert. (boolean value)
#nexenta_ssl_cert_verify = false
# Specifies the time limit (in seconds), within which the connection
# to NexentaStor management REST API server must be established
# (floating point value)
#nexenta_rest_connect_timeout = 30
# Specifies the time limit (in seconds), within which NexentaStor
# management REST API server must send a response (floating point
# value)
#nexenta_rest_read_timeout = 300
# Specifies the backoff factor to apply between connection attempts to
# NexentaStor management REST API server (floating point value)
#nexenta_rest_backoff_factor = 1
# Specifies the number of times to repeat NexentaStor management REST
# API call in case of connection errors and NexentaStor appliance
# EBUSY or ENOENT errors (integer value)
#nexenta_rest_retry_count = 5
# Parent filesystem where all the shares will be created. This
# parameter is only used by NexentaStor4 driver. (string value)
#nexenta_nfs_share = nfs_share
# Nexenta share name prefix. (string value)
#nexenta_share_name_prefix = share-
# Parent folder on NexentaStor. (string value)
#nexenta_folder = folder
# Compression value for new ZFS folders. (string value)
# Possible values:
# on - <No description provided>
# off - <No description provided>
# gzip - <No description provided>
# gzip-1 - <No description provided>
# gzip-2 - <No description provided>
# gzip-3 - <No description provided>
# gzip-4 - <No description provided>
# gzip-5 - <No description provided>
# gzip-6 - <No description provided>
# gzip-7 - <No description provided>
# gzip-8 - <No description provided>
# gzip-9 - <No description provided>
# lzjb - <No description provided>
# zle - <No description provided>
# lz4 - <No description provided>
#nexenta_dataset_compression = on
# Deduplication value for new ZFS folders. Only used by NexentaStor4
# driver. (string value)
# Possible values:
# on - <No description provided>
# off - <No description provided>
# sha256 - <No description provided>
# verify - <No description provided>
#nexenta_dataset_dedupe = off
# If True shares will not be space guaranteed and overprovisioning
# will be enabled. (boolean value)
#nexenta_thin_provisioning = true
# Specifies a suggested block size in for files in a file system.
# (bytes) (integer value)
#nexenta_dataset_record_size = 131072
# Data IP address of Nexenta storage appliance. (host address value)
#nexenta_nas_host = <None>
# Base directory that contains NFS share mount points. (string value)
#nexenta_mount_point_base = $state_path/mnt
# API token for an administrative user account (string value)
#flashblade_api = <None>
# When enabled, all FlashBlade file systems and snapshots will be
# eradicated at the time of deletion in Manila. Data will NOT be
# recoverable after a delete with this set to True! When disabled,
# file systems and snapshots will go into pending eradication state
# and can be recovered.) (boolean value)
#flashblade_eradicate = true
# The name (or IP address) for the Pure Storage FlashBlade storage
# system management VIP. (host address value)
#flashblade_mgmt_vip = <None>
# The names (or IP address) for the Pure Storage FlashBlade storage
# system data VIPs. The first listed name or IP address will be
# considered to be the preferred IP address, although is not enforced.
# (list value)
#flashblade_data_vip = <None>
# The URL to manage QNAP Storage. (string value)
#qnap_management_url = <None>
# NAS share IP for mounting shares. (host address value)
#qnap_share_ip = <None>
# Username for QNAP storage. (string value)
#qnap_nas_login = <None>
# Password for QNAP storage. (string value)
#qnap_nas_password = <None>
# Pool within which QNAP shares must be created. (string value)
#qnap_poolname = <None>
# URL of the Quobyte API server (http or https) (string value)
#quobyte_api_url = <None>
# The X.509 CA file to verify the server cert. (string value)
#quobyte_api_ca = <None>
# Actually deletes shares (vs. unexport) (boolean value)
#quobyte_delete_shares = false
# Username for Quobyte API server. (string value)
#quobyte_api_username = admin
# Password for Quobyte API server (string value)
#quobyte_api_password = quobyte
# Name of volume configuration used for new shares. (string value)
#quobyte_volume_configuration = BASE
# Default owning user for new volumes. (string value)
#quobyte_default_volume_user = root
# Default owning group for new volumes. (string value)
#quobyte_default_volume_group = root
# Export path for shares of this bacckend. This needs to match the
# quobyte-nfs services "Pseudo" option. (string value)
#quobyte_export_path = /quobyte
# User in service instance that will be used for authentication.
# (string value)
#service_instance_user = <None>
# Password for service instance user. (string value)
#service_instance_password = <None>
# Path to host's private key. (string value)
#path_to_private_key = <None>
# Maximum time in seconds to wait for creating service instance.
# (integer value)
#max_time_to_build_instance = 300
# Block SSH connection to the service instance from other networks
# than service network. (boolean value)
#limit_ssh_access = false
# Name or ID of service instance in Nova to use for share exports.
# Used only when share servers handling is disabled. (string value)
#service_instance_name_or_id = <None>
# Can be either name of network that is used by service instance
# within Nova to get IP address or IP address itself (either IPv4 or
# IPv6) for managing shares there. Used only when share servers
# handling is disabled. (host address value)
#service_net_name_or_ip = <None>
# Can be either name of network that is used by service instance
# within Nova to get IP address or IP address itself (either IPv4 or
# IPv6) for exporting shares. Used only when share servers handling is
# disabled. (host address value)
#tenant_net_name_or_ip = <None>
# Name of image in Glance, that will be used for service instance
# creation. Only used if driver_handles_share_servers=True. (string
# value)
#service_image_name = manila-service-image
# Name of service instance. Only used if
# driver_handles_share_servers=True. (string value)
#service_instance_name_template = %s
# Keypair name that will be created and used for service instances.
# Only used if driver_handles_share_servers=True. (string value)
#manila_service_keypair_name = manila-service
# Path to hosts public key. Only used if
# driver_handles_share_servers=True. (string value)
#path_to_public_key = ~/.ssh/id_rsa.pub
# Security group name, that will be used for service instance
# creation. Only used if driver_handles_share_servers=True. (string
# value)
#service_instance_security_group = manila-service
# ID of flavor, that will be used for service instance creation. Only
# used if driver_handles_share_servers=True. (string value)
#service_instance_flavor_id = 100
# Name of manila service network. Used only with Neutron. Only used if
# driver_handles_share_servers=True. (string value)
#service_network_name = manila_service_network
# Hostname to be used for service network binding. Used only with
# Neutron and if driver_handles_share_servers=True. (host address
# value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#service_network_host = <your_network_hostname>
# CIDR of manila service network. Used only with Neutron and if
# driver_handles_share_servers=True. (string value)
#service_network_cidr = 10.254.0.0/16
# This mask is used for dividing service network into subnets, IP
# capacity of subnet with this mask directly defines possible amount
# of created service VMs per tenant's subnet. Used only with Neutron
# and if driver_handles_share_servers=True. (integer value)
#service_network_division_mask = 28
# Module path to the Virtual Interface (VIF) driver class. This option
# is used only by drivers operating in
# `driver_handles_share_servers=True` mode that provision OpenStack
# compute instances as share servers. This option is only supported
# with Neutron networking. Drivers provided in tree work with Linux
# Bridge (manila.network.linux.interface.BridgeInterfaceDriver) and
# OVS (manila.network.linux.interface.OVSInterfaceDriver). If the
# manila-share service is running on a host that is connected to the
# administrator network, a no-op driver
# (manila.network.linux.interface.NoopInterfaceDriver) may be used.
# (string value)
#interface_driver = manila.network.linux.interface.OVSInterfaceDriver
# Attach share server directly to share network. Used only with
# Neutron and if driver_handles_share_servers=True. (boolean value)
#connect_share_server_to_tenant_network = false
# ID of neutron network used to communicate with admin network, to
# create additional admin export locations on. (string value)
#admin_network_id = <None>
# ID of neutron subnet used to communicate with admin network, to
# create additional admin export locations on. Related to
# 'admin_network_id'. (string value)
#admin_subnet_id = <None>
# Tegile NAS server hostname or IP address. (host address value)
#tegile_nas_server = <None>
# User name for the Tegile NAS server. (string value)
#tegile_nas_login = <None>
# Password for the Tegile NAS server. (string value)
#tegile_nas_password = <None>
# Create shares in this project (string value)
#tegile_default_project = <None>
# Path to the x509 certificate used for accessing the service
# instance. (string value)
#winrm_cert_pem_path = ~/.ssl/cert.pem
# Path to the x509 certificate key. (string value)
#winrm_cert_key_pem_path = ~/.ssl/key.pem
# Use x509 certificates in order to authenticate to the service
# instance. (boolean value)
#winrm_use_cert_based_auth = false
# WinRM connection timeout. (integer value)
#winrm_conn_timeout = 60
# WinRM operation timeout. (integer value)
#winrm_operation_timeout = 60
# WinRM retry count. (integer value)
#winrm_retry_count = 3
# WinRM retry interval in seconds (integer value)
#winrm_retry_interval = 5
# IP to be added to user-facing export location. Required. (host
# address value)
#zfs_share_export_ip = <None>
# IP to be added to admin-facing export location. Required. (host
# address value)
#zfs_service_ip = <None>
# Specify list of zpools that are allowed to be used by backend. Can
# contain nested datasets. Examples: Without nested dataset:
# 'zpool_name'. With nested dataset: 'zpool_name/nested_dataset_name'.
# Required. (list value)
#zfs_zpool_list = <None>
# Define here list of options that should be applied for each dataset
# creation if needed. Example: compression=gzip,dedup=off. Note that,
# for secondary replicas option 'readonly' will be set to 'on' and for
# active replicas to 'off' in any way. Also, 'quota' will be equal to
# share size. Optional. (list value)
#zfs_dataset_creation_options = <None>
# Prefix to be used in each dataset name. Optional. (string value)
#zfs_dataset_name_prefix = manila_share_
# Prefix to be used in each dataset snapshot name. Optional. (string
# value)
#zfs_dataset_snapshot_name_prefix = manila_share_snapshot_
# Remote ZFS storage hostname that should be used for SSH'ing.
# Optional. (boolean value)
#zfs_use_ssh = false
# SSH user that will be used in 2 cases: 1) By manila-share service in
# case it is located on different host than its ZFS storage. 2) By
# manila-share services with other ZFS backends that perform
# replication. It is expected that SSH'ing will be key-based,
# passwordless. This user should be passwordless sudoer. Optional.
# (string value)
#zfs_ssh_username = <None>
# Password for user that is used for SSH'ing ZFS storage host. Not
# used for replication operations. They require passwordless SSH
# access. Optional. (string value)
#zfs_ssh_user_password = <None>
# Path to SSH private key that should be used for SSH'ing ZFS storage
# host. Not used for replication operations. Optional. (string value)
#zfs_ssh_private_key_path = <None>
# Specify list of share export helpers for ZFS storage. It should look
# like following:
# 'FOO_protocol=foo.FooClass,BAR_protocol=bar.BarClass'. Required.
# (list value)
#zfs_share_helpers = NFS=manila.share.drivers.zfsonlinux.utils.NFSviaZFSHelper
# Set snapshot prefix for usage in ZFS replication. Required. (string
# value)
#zfs_replica_snapshot_prefix = tmp_snapshot_for_replication_
# Set snapshot prefix for usage in ZFS migration. Required. (string
# value)
#zfs_migration_snapshot_prefix = tmp_snapshot_for_share_migration_
# ZFSSA management IP address. (host address value)
#zfssa_host = <None>
# IP address for data. (host address value)
#zfssa_data_ip = <None>
# ZFSSA management authorized username. (string value)
#zfssa_auth_user = <None>
# ZFSSA management authorized user's password. (string value)
#zfssa_auth_password = <None>
# ZFSSA storage pool name. (string value)
#zfssa_pool = <None>
# ZFSSA project name. (string value)
#zfssa_project = <None>
# Controls checksum used for data blocks. (string value)
#zfssa_nas_checksum = fletcher4
# Data compression-off, lzjb, gzip-2, gzip, gzip-9. (string value)
#zfssa_nas_compression = off
# Controls behavior when servicing synchronous writes. (string value)
#zfssa_nas_logbias = latency
# Location of project in ZFS/SA. (string value)
#zfssa_nas_mountpoint =
# Controls whether a share quota includes snapshot. (string value)
#zfssa_nas_quota_snap = true
# Controls whether file ownership can be changed. (string value)
#zfssa_nas_rstchown = true
# Controls whether the share is scanned for viruses. (string value)
#zfssa_nas_vscan = false
# REST connection timeout (in seconds). (string value)
#zfssa_rest_timeout = <None>
# Driver policy for share manage. A strict policy checks for a schema
# named manila_managed, and makes sure its value is true. A loose
# policy does not check for the schema. (string value)
# Possible values:
# loose - <No description provided>
# strict - <No description provided>
#zfssa_manage_policy = loose
# Whether to enable pre hooks or not. (boolean value)
#enable_pre_hooks = false
# Whether to enable post hooks or not. (boolean value)
#enable_post_hooks = false
# Whether to enable periodic hooks or not. (boolean value)
#enable_periodic_hooks = false
# Whether to suppress pre hook errors (allow driver perform actions)
# or not. (boolean value)
#suppress_pre_hooks_errors = false
# Whether to suppress post hook errors (allow driver's results to pass
# through) or not. (boolean value)
#suppress_post_hooks_errors = false
# Interval in seconds between execution of periodic hooks. Used when
# option 'enable_periodic_hooks' is set to True. Default is 300.
# (floating point value)
#periodic_hooks_interval = 300.0
# Driver to use for share creation. (string value)
#share_driver = manila.share.drivers.generic.GenericShareDriver
# Driver(s) to perform some additional actions before and after share
# driver actions and on a periodic basis. Default is []. (list value)
#hook_drivers =
# Whether share servers will be deleted on deletion of the last share.
# (boolean value)
#delete_share_server_with_last_share = false
# If set to True, then manila will deny access and remove all access
# rules on share unmanage.If set to False - nothing will be changed.
# (boolean value)
#unmanage_remove_access_rules = false
# If set to True, then Manila will delete all share servers which were
# unused more than specified time .If set to False - automatic
# deletion of share servers will be disabled. (boolean value)
#automatic_share_server_cleanup = true
# Unallocated share servers reclamation time interval (minutes).
# Minimum value is 10 minutes, maximum is 720 minutes. The reclamation
# function is run every 10 minutes and delete share servers which were
# unused more than unused_share_server_cleanup_interval option
# defines. This value reflects the shortest time Manila will wait for
# a share server to go unutilized before deleting it. (integer value)
# Minimum value: 10
# Maximum value: 720
#unused_share_server_cleanup_interval = 10
# This value, specified in seconds, determines how often the share
# manager will poll for the health (replica_state) of each replica
# instance. (integer value)
#replica_state_update_interval = 300
# This value, specified in seconds, determines how often the share
# manager will poll the driver to perform the next step of migration
# in the storage backend, for a migrating share. (integer value)
#migration_driver_continue_update_interval = 60
# This value, specified in seconds, determines how often the share
# manager will poll the driver to perform the next step of migration
# in the storage backend, for a migrating share server. (integer
# value)
#server_migration_driver_continue_update_interval = 900
# If set to True, neutron network are extended to destination host
# during share server migration. This option should only be enabled if
# using NeutronNetworkPlugin or its derivatives and when multiple
# bindings of Manila ports are supported by Neutron ML2 plugin.
# (boolean value)
#server_migration_extend_neutron_network = false
# This value, specified in seconds, determines how often the share
# manager will poll the driver to update the share usage size in the
# storage backend, for shares in that backend. (integer value)
#share_usage_size_update_interval = 300
# If set to True, share usage size will be polled for in the interval
# specified with "share_usage_size_update_interval". Usage data can be
# consumed by telemetry integration. If telemetry is not configured,
# this option must be set to False. If set to False - gathering share
# usage size will be disabled. (boolean value)
#enable_gathering_share_usage_size = false
# Offload pending share ensure during share service startup (boolean
# value)
#share_service_inithost_offload = false
# This value, specified in seconds, determines how often the share
# manager will check for expired shares and delete them from the
# Recycle bin. (integer value)
#check_for_expired_shares_in_recycle_bin_interval = 3600
# This value, specified in seconds, determines how often the share
# manager will check for expired transfers and destroy them and roll
# back share state. (integer value)
#check_for_expired_transfers = 300
# This value, specified in seconds, determines how often the share
# manager will poll to perform the next steps of backup such as fetch
# the progress of backup. (integer value)
#driver_backup_continue_update_interval = 60
# This value, specified in seconds, determines how often the share
# manager will poll to perform the next steps of restore such as fetch
# the progress of restore. (integer value)
#driver_restore_continue_update_interval = 60
# This value, specified in seconds, determines how often the share
# manager will try to delete the share and share snapshots in backend
# driver. (integer value)
#periodic_deferred_delete_interval = 300
# The full class name of the Volume API class to use. (string value)
#volume_api_class = manila.volume.cinder.API
# Sets the value of TCP_KEEPALIVE (True/False) for each server socket.
# (boolean value)
#tcp_keepalive = true
# Sets the value of TCP_KEEPINTVL in seconds for each server socket.
# Not supported on OS X. (integer value)
#tcp_keepalive_interval = <None>
# Sets the value of TCP_KEEPCNT for each server socket. Not supported
# on OS X. (integer value)
#tcp_keepalive_count = <None>
# Hostname or IP address VAST storage system management VIP. (host
# address value)
#vast_mgmt_host = <None>
# Port for VAST management (port value)
# Minimum value: 0
# Maximum value: 65535
#vast_mgmt_port = 443
# Name of Virtual IP pool (string value)
#vast_vippool_name = <None>
# Base path for shares (string value)
#vast_root_export = manila
# Username for VAST management (string value)
#vast_mgmt_user = <None>
# Password for VAST management (string value)
#vast_mgmt_password = <None>
# API token for accessing VAST mgmt. If provided, it will be used
# instead of 'san_login' and 'san_password'. (string value)
#vast_api_token =
#
# From oslo.log
#
# If set to true, the logging level will be set to DEBUG instead of
# the default INFO level. (boolean value)
# Note: This option can be changed without restarting.
#debug = false
# The name of a logging configuration file. This file is appended to
# any existing logging configuration files. For details about logging
# configuration files, see the Python logging module documentation.
# Note that when logging configuration files are used then all logging
# configuration is set in the configuration file and other logging
# configuration options are ignored (for example, log-date-format).
# (string value)
# Note: This option can be changed without restarting.
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append = <None>
# Defines the format string for %%(asctime)s in log records. Default:
# %(default)s . This option is ignored if log_config_append is set.
# (string value)
#log_date_format = %Y-%m-%d %H:%M:%S
# (Optional) Name of log file to send logging output to. If no default
# is set, logging will go to stderr as defined by use_stderr. This
# option is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file = <None>
# (Optional) The base directory used for relative log_file paths.
# This option is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logdir
#log_dir = <None>
# DEPRECATED: Uses logging handler designed to watch file system. When
# log file is moved or removed this handler will open a new log file
# with specified path instantaneously. It makes sense only if log_file
# option is specified and Linux platform is used. This option is
# ignored if log_config_append is set. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This function is known to have bene broken for long time,
# and depends on the unmaintained library
#watch_log_file = false
# Use syslog for logging. Existing syslog format is DEPRECATED and
# will be changed later to honor RFC5424. This option is ignored if
# log_config_append is set. (boolean value)
#use_syslog = false
# Enable journald for logging. If running in a systemd environment you
# may wish to enable journal support. Doing so will use the journal
# native protocol which includes structured metadata in addition to
# log messages.This option is ignored if log_config_append is set.
# (boolean value)
#use_journal = false
# Syslog facility to receive log lines. This option is ignored if
# log_config_append is set. (string value)
#syslog_log_facility = LOG_USER
# Use JSON formatting for logging. This option is ignored if
# log_config_append is set. (boolean value)
#use_json = false
# Log output to standard error. This option is ignored if
# log_config_append is set. (boolean value)
#use_stderr = false
# (Optional) Set the 'color' key according to log levels. This option
# takes effect only when logging to stderr or stdout is used. This
# option is ignored if log_config_append is set. (boolean value)
#log_color = false
# The amount of time before the log files are rotated. This option is
# ignored unless log_rotation_type is set to "interval". (integer
# value)
#log_rotate_interval = 1
# Rotation interval type. The time of the last file change (or the
# time when the service was started) is used when scheduling the next
# rotation. (string value)
# Possible values:
# Seconds - <No description provided>
# Minutes - <No description provided>
# Hours - <No description provided>
# Days - <No description provided>
# Weekday - <No description provided>
# Midnight - <No description provided>
#log_rotate_interval_type = days
# Maximum number of rotated log files. (integer value)
#max_logfile_count = 30
# Log file maximum size in MB. This option is ignored if
# "log_rotation_type" is not set to "size". (integer value)
#max_logfile_size_mb = 200
# Log rotation type. (string value)
# Possible values:
# interval - Rotate logs at predefined time intervals.
# size - Rotate logs once they reach a predefined size.
# none - Do not rotate log files.
#log_rotation_type = none
# Format string to use for log messages with context. Used by
# oslo_log.formatters.ContextFormatter (string value)
#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s
# Format string to use for log messages when context is undefined.
# Used by oslo_log.formatters.ContextFormatter (string value)
#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
# Additional data to append to log message when logging level for the
# message is DEBUG. Used by oslo_log.formatters.ContextFormatter
# (string value)
#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
# Prefix each line of exception output with this format. Used by
# oslo_log.formatters.ContextFormatter (string value)
#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
# Defines the format string for %(user_identity)s that is used in
# logging_context_format_string. Used by
# oslo_log.formatters.ContextFormatter (string value)
#logging_user_identity_format = %(user)s %(project)s %(domain)s %(system_scope)s %(user_domain)s %(project_domain)s
# List of package logging levels in logger=LEVEL pairs. This option is
# ignored if log_config_append is set. (list value)
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,oslo_policy=INFO,dogpile.core.dogpile=INFO
# Enables or disables publication of error events. (boolean value)
#publish_errors = false
# The format for an instance that is passed with the log message.
# (string value)
#instance_format = "[instance: %(uuid)s] "
# The format for an instance UUID that is passed with the log message.
# (string value)
#instance_uuid_format = "[instance: %(uuid)s] "
# Interval, number of seconds, of log rate limiting. (integer value)
#rate_limit_interval = 0
# Maximum number of logged messages per rate_limit_interval. (integer
# value)
#rate_limit_burst = 0
# Log level name used by rate limiting. Logs with level greater or
# equal to rate_limit_except_level are not filtered. An empty string
# means that all levels are filtered. (string value)
# Possible values:
# CRITICAL - <No description provided>
# ERROR - <No description provided>
# INFO - <No description provided>
# WARNING - <No description provided>
# DEBUG - <No description provided>
# '' - <No description provided>
#rate_limit_except_level = CRITICAL
# Enables or disables fatal status of deprecations. (boolean value)
#fatal_deprecations = false
#
# From oslo.messaging
#
# Size of executor thread pool when executor is threading or eventlet.
# (integer value)
# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
#executor_thread_pool_size = 64
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout = 60
# The network address and optional user credentials for connecting to
# the messaging backend, in URL format. The expected format is:
#
# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
#
# Example: rabbit://rabbitmq:password@127.0.0.1:5672//
#
# For full details on the fields in the URL see the documentation of
# oslo_messaging.TransportURL at
# https://docs.openstack.org/oslo.messaging/2025.2/reference/transport.html
# (string value)
#transport_url = rabbit://
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the transport_url
# option. (string value)
#control_exchange = openstack
# Add an endpoint to answer to ping calls. Endpoint is named
# oslo_rpc_server_ping (boolean value)
#rpc_ping_enabled = false
#
# From oslo.service.periodic_task
#
# Some periodic tasks can be run in a separate process. Should we run
# them here? (boolean value)
#run_external_periodic_tasks = true
#
# From oslo.service.service
#
# DEPRECATED: Enable eventlet backdoor. Acceptable values are 0,
# <port>, and <start>:<end>, where 0 results in listening on a random
# tcp port number; <port> results in listening on the specified port
# number (and not enabling backdoor if that port is in use); and
# <start>:<end> results in listening on the smallest unused port
# number within the specified range of port numbers. The chosen port
# is displayed in the service's log file. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'backdoor_port' option is deprecated and will be removed
# in a future release.
#backdoor_port = <None>
# DEPRECATED: Enable eventlet backdoor, using the provided path as a
# unix socket that can receive connections. This option is mutually
# exclusive with 'backdoor_port' in that only one should be provided.
# If both are provided then the existence of this option overrides the
# usage of that option. Inside the path {pid} will be replaced with
# the PID of the current process. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'backdoor_socket' option is deprecated and will be
# removed in a future release.
#backdoor_socket = <None>
# Enables or disables logging values of all registered options when
# starting a service (at DEBUG level). (boolean value)
#log_options = true
# Specify a timeout after which a gracefully shutdown server will
# exit. Zero value means endless wait. (integer value)
#graceful_shutdown_timeout = 60
#
# From oslo.service.wsgi
#
# DEPRECATED: File name for the paste.deploy config for api service
# (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'api_paste_config' option is deprecated and will be
# removed in a future release.
#api_paste_config = api-paste.ini
# DEPRECATED: A python format string that is used as the template to
# generate log lines. The following values can beformatted into it:
# client_ip, date_time, request_line, status_code, body_length,
# wall_seconds. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'wsgi_log_format' option is deprecated and will be
# removed in a future release.
#wsgi_log_format = %(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f
# DEPRECATED: Sets the value of TCP_KEEPIDLE in seconds for each
# server socket. Not supported on OS X. (integer value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'tcp_keepidle' option is deprecated and will be removed
# in a future release.
#tcp_keepidle = 600
# DEPRECATED: Size of the pool of greenthreads used by wsgi (integer
# value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'wsgi_default_pool_size' option is deprecated and will
# be removed in a future release.
#wsgi_default_pool_size = 100
# DEPRECATED: Maximum line size of message headers to be accepted.
# max_header_line may need to be increased when using large tokens
# (typically those generated when keystone is configured to use PKI
# tokens with big service catalogs). (integer value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'max_header_line' option is deprecated and will be
# removed in a future release.
#max_header_line = 16384
# DEPRECATED: If False, closes the client socket connection
# explicitly. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'wsgi_keep_alive' option is deprecated and will be
# removed in a future release.
#wsgi_keep_alive = true
# DEPRECATED: Timeout for client connections' socket operations. If an
# incoming connection is idle for this number of seconds it will be
# closed. A value of '0' means wait forever. (integer value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'client_socket_timeout' option is deprecated and will be
# removed in a future release.
#client_socket_timeout = 900
# DEPRECATED: True if the server should send exception tracebacks to
# the clients on 500 errors. If False, the server will respond with
# empty bodies. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'wsgi_server_debug' option is deprecated and will be
# removed in a future release.
#wsgi_server_debug = false
[barbican]
#
# From castellan.config
#
# Use this endpoint to connect to Barbican, for example:
# "https://:9311/" (string value)
#barbican_endpoint = <None>
# Version of the Barbican API, for example: "v1" (string value)
#barbican_api_version = <None>
# Use this endpoint to connect to Keystone (string value)
# Deprecated group/name - [key_manager]/auth_url
#auth_endpoint = https:///identity/v3
# Number of seconds to wait before retrying poll for key creation
# completion (integer value)
#retry_delay = 1
# Number of times to retry poll for key creation completion (integer
# value)
#number_of_retries = 60
# Specifies if insecure TLS (https) requests. If False, the server's
# certificate will not be validated, if True, we can set the
# verify_ssl_path config meanwhile. (boolean value)
#verify_ssl = true
# A path to a bundle or CA certs to check against, or None for
# requests to attempt to locate and use certificates which verify_ssh
# is True. If verify_ssl is False, this is ignored. (string value)
#verify_ssl_path = <None>
# Specifies the type of endpoint. (string value)
# Possible values:
# public - <No description provided>
# internal - <No description provided>
# admin - <No description provided>
#barbican_endpoint_type = public
# Specifies the region of the chosen endpoint. (string value)
#barbican_region_name = <None>
#
# When True, if sending a user token to a REST API, also send a
# service token.
#
# Nova often reuses the user token provided to the nova-api to talk to
# other REST
# APIs, such as Cinder, Glance and Neutron. It is possible that while
# the user
# token was valid when the request was made to Nova, the token may
# expire before
# it reaches the other service. To avoid any failures, and to make it
# clear it is
# Nova calling the service on the user's behalf, we include a service
# token along
# with the user token. Should the user's token have expired, a valid
# service
# token ensures the REST API request will still be accepted by the
# keystone
# middleware.
# (boolean value)
#send_service_user_token = false
#
# From manila
#
# Endpoint type to be used with keystone client calls. (string value)
# Possible values:
# publicURL - <No description provided>
# internalURL - <No description provided>
# adminURL - <No description provided>
# public - <No description provided>
# internal - <No description provided>
# admin - <No description provided>
#endpoint_type = publicURL
# Region name for connecting to keystone for application credential
# management. (string value)
#region_name = <None>
# Authentication URL (string value)
#auth_url = <None>
# Authentication type to load (string value)
# Deprecated group/name - [barbican]/auth_plugin
#auth_type = <None>
# PEM encoded Certificate Authority to use when verifying HTTPs
# connections. (string value)
#cafile = <None>
# PEM encoded client certificate cert file (string value)
#certfile = <None>
# Collect per-API call timing information. (boolean value)
#collect_timing = false
# Optional domain ID to use with v3 and v2 parameters. It will be used
# for both the user and project domain in v3 and ignored in v2
# authentication. (string value)
#default_domain_id = <None>
# Optional domain name to use with v3 API and v2 parameters. It will
# be used for both the user and project domain in v3 and ignored in v2
# authentication. (string value)
#default_domain_name = <None>
# Domain ID to scope to (string value)
#domain_id = <None>
# Domain name to scope to (string value)
#domain_name = <None>
# Verify HTTPS connections. (boolean value)
#insecure = false
# PEM encoded client certificate key file (string value)
#keyfile = <None>
# User's password (string value)
#password = <None>
# Domain ID containing project (string value)
#project_domain_id = <None>
# Domain name containing project (string value)
#project_domain_name = <None>
# Project ID to scope to (string value)
# Deprecated group/name - [barbican]/tenant_id
#project_id = <None>
# Project name to scope to (string value)
# Deprecated group/name - [barbican]/tenant_name
#project_name = <None>
# Log requests to multiple loggers. (boolean value)
#split_loggers = false
# Scope for system operations (string value)
#system_scope = <None>
# Timeout value for http requests (integer value)
#timeout = <None>
# ID of the trust to use as a trustee use (string value)
#trust_id = <None>
# User's domain id (string value)
#user_domain_id = <None>
# User's domain name (string value)
#user_domain_name = <None>
# User id (string value)
#user_id = <None>
# Username (string value)
# Deprecated group/name - [barbican]/user_name
#username = <None>
[barbican_service_user]
#
# From castellan.config
#
# PEM encoded Certificate Authority to use when verifying HTTPs
# connections. (string value)
#cafile = <None>
# PEM encoded client certificate cert file (string value)
#certfile = <None>
# PEM encoded client certificate key file (string value)
#keyfile = <None>
# Verify HTTPS connections. (boolean value)
#insecure = false
# Timeout value for http requests (integer value)
#timeout = <None>
# Collect per-API call timing information. (boolean value)
#collect_timing = false
# Log requests to multiple loggers. (boolean value)
#split_loggers = false
# Authentication type to load (string value)
# Deprecated group/name - [barbican_service_user]/auth_plugin
#auth_type = <None>
# Config Section from which to load plugin specific options (string
# value)
#auth_section = <None>
[cinder]
#
# From manila
#
# Allow attaching between instances and volumes in different
# availability zones. (boolean value)
#cross_az_attach = true
# Number of cinderclient retries on failed HTTP calls. (integer value)
#http_retries = 3
# Endpoint type to be used with cinder client calls. (string value)
# Possible values:
# publicURL - <No description provided>
# internalURL - <No description provided>
# adminURL - <No description provided>
# public - <No description provided>
# internal - <No description provided>
# admin - <No description provided>
#endpoint_type = publicURL
# Region name for connecting to cinder. (string value)
#region_name = <None>
# Authentication URL (string value)
#auth_url = <None>
# Authentication type to load (string value)
# Deprecated group/name - [cinder]/auth_plugin
#auth_type = <None>
# PEM encoded Certificate Authority to use when verifying HTTPs
# connections. (string value)
#cafile = <None>
# PEM encoded client certificate cert file (string value)
#certfile = <None>
# Collect per-API call timing information. (boolean value)
#collect_timing = false
# Optional domain ID to use with v3 and v2 parameters. It will be used
# for both the user and project domain in v3 and ignored in v2
# authentication. (string value)
#default_domain_id = <None>
# Optional domain name to use with v3 API and v2 parameters. It will
# be used for both the user and project domain in v3 and ignored in v2
# authentication. (string value)
#default_domain_name = <None>
# Domain ID to scope to (string value)
#domain_id = <None>
# Domain name to scope to (string value)
#domain_name = <None>
# Verify HTTPS connections. (boolean value)
#insecure = false
# PEM encoded client certificate key file (string value)
#keyfile = <None>
# User's password (string value)
#password = <None>
# Domain ID containing project (string value)
#project_domain_id = <None>
# Domain name containing project (string value)
#project_domain_name = <None>
# Project ID to scope to (string value)
# Deprecated group/name - [cinder]/tenant_id
#project_id = <None>
# Project name to scope to (string value)
# Deprecated group/name - [cinder]/tenant_name
#project_name = <None>
# Log requests to multiple loggers. (boolean value)
#split_loggers = false
# Scope for system operations (string value)
#system_scope = <None>
# Timeout value for http requests (integer value)
#timeout = <None>
# ID of the trust to use as a trustee use (string value)
#trust_id = <None>
# User's domain id (string value)
#user_domain_id = <None>
# User's domain name (string value)
#user_domain_name = <None>
# User id (string value)
#user_id = <None>
# Username (string value)
# Deprecated group/name - [cinder]/user_name
#username = <None>
[cors]
#
# From oslo.middleware
#
# Indicate whether this resource may be shared with the domain
# received in the requests "origin" header. Format:
# "<protocol>://<host>[:<port>]", no trailing slash. Example:
# https://horizon.example.com (list value)
#allowed_origin = <None>
# Indicate that the actual request can include user credentials
# (boolean value)
#allow_credentials = true
# Indicate which headers are safe to expose to the API. Defaults to
# HTTP Simple Headers. (list value)
#expose_headers = X-Auth-Token,X-OpenStack-Request-ID,X-Openstack-Manila-Api-Version,X-OpenStack-Manila-API-Experimental,X-Subject-Token,X-Service-Token
# Maximum cache age of CORS preflight requests. (integer value)
#max_age = 3600
# Indicate which methods can be used during the actual request. (list
# value)
#allow_methods = GET,PUT,POST,DELETE,PATCH
# Indicate which header field names may be used during the actual
# request. (list value)
#allow_headers = X-Auth-Token,X-OpenStack-Request-ID,X-Openstack-Manila-Api-Version,X-OpenStack-Manila-API-Experimental,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id
[database]
#
# From oslo.db
#
# If True, SQLite uses synchronous mode. (boolean value)
#sqlite_synchronous = true
# The back end to use for the database. (string value)
#backend = sqlalchemy
# The SQLAlchemy connection string to use to connect to the database.
# (string value)
#connection = <None>
# The SQLAlchemy connection string to use to connect to the slave
# database. (string value)
#slave_connection = <None>
# The SQLAlchemy asyncio connection string to use to connect to the
# database. (string value)
#asyncio_connection = <None>
# The SQLAlchemy asyncio connection string to use to connect to the
# slave database. (string value)
#asyncio_slave_connection = <None>
# The SQL mode to be used for MySQL sessions. This option, including
# the default, overrides any server-set SQL mode. To use whatever SQL
# mode is set by the server configuration, set this to no value.
# Example: mysql_sql_mode= (string value)
#mysql_sql_mode = TRADITIONAL
# For Galera only, configure wsrep_sync_wait causality checks on new
# connections. Default is None, meaning don't configure any setting.
# (integer value)
#mysql_wsrep_sync_wait = <None>
# Connections which have been present in the connection pool longer
# than this number of seconds will be replaced with a new one the next
# time they are checked out from the pool. (integer value)
#connection_recycle_time = 3600
# Maximum number of SQL connections to keep open in a pool. Setting a
# value of 0 indicates no limit. (integer value)
#max_pool_size = 5
# Maximum number of database connection retries during startup. Set to
# -1 to specify an infinite retry count. (integer value)
#max_retries = 10
# Interval between retries of opening a SQL connection. (integer
# value)
#retry_interval = 10
# If set, use this value for max_overflow with SQLAlchemy. (integer
# value)
#max_overflow = 50
# Verbosity of SQL debugging information: 0=None, 100=Everything.
# (integer value)
# Minimum value: 0
# Maximum value: 100
#connection_debug = 0
# Add Python stack traces to SQL as comment strings. (boolean value)
#connection_trace = false
# If set, use this value for pool_timeout with SQLAlchemy. (integer
# value)
#pool_timeout = <None>
# Enable the experimental use of database reconnect on connection
# lost. (boolean value)
#use_db_reconnect = false
# Seconds between retries of a database transaction. (integer value)
#db_retry_interval = 1
# If True, increases the interval between retries of a database
# operation up to db_max_retry_interval. (boolean value)
#db_inc_retry_interval = true
# If db_inc_retry_interval is set, the maximum seconds between retries
# of a database operation. (integer value)
#db_max_retry_interval = 10
# Maximum retries in case of connection error or deadlock error before
# error is raised. Set to -1 to specify an infinite retry count.
# (integer value)
#db_max_retries = 20
# Optional URL parameters to append onto the connection URL at connect
# time; specify as param1=value1¶m2=value2&... (string value)
#connection_parameters =
[glance]
#
# From manila
#
# Version of Glance API to be used. (string value)
#api_microversion = 2
# Region name for connecting to glance. (string value)
#region_name = RegionOne
# Endpoint type to be used with glance client calls. (string value)
# Possible values:
# publicURL - <No description provided>
# internalURL - <No description provided>
# adminURL - <No description provided>
# public - <No description provided>
# internal - <No description provided>
# admin - <No description provided>
#endpoint_type = publicURL
# Authentication URL (string value)
#auth_url = <None>
# Authentication type to load (string value)
# Deprecated group/name - [glance]/auth_plugin
#auth_type = <None>
# PEM encoded Certificate Authority to use when verifying HTTPs
# connections. (string value)
#cafile = <None>
# PEM encoded client certificate cert file (string value)
#certfile = <None>
# Collect per-API call timing information. (boolean value)
#collect_timing = false
# Optional domain ID to use with v3 and v2 parameters. It will be used
# for both the user and project domain in v3 and ignored in v2
# authentication. (string value)
#default_domain_id = <None>
# Optional domain name to use with v3 API and v2 parameters. It will
# be used for both the user and project domain in v3 and ignored in v2
# authentication. (string value)
#default_domain_name = <None>
# Domain ID to scope to (string value)
#domain_id = <None>
# Domain name to scope to (string value)
#domain_name = <None>
# Verify HTTPS connections. (boolean value)
#insecure = false
# PEM encoded client certificate key file (string value)
#keyfile = <None>
# User's password (string value)
#password = <None>
# Domain ID containing project (string value)
#project_domain_id = <None>
# Domain name containing project (string value)
#project_domain_name = <None>
# Project ID to scope to (string value)
# Deprecated group/name - [glance]/tenant_id
#project_id = <None>
# Project name to scope to (string value)
# Deprecated group/name - [glance]/tenant_name
#project_name = <None>
# Log requests to multiple loggers. (boolean value)
#split_loggers = false
# Scope for system operations (string value)
#system_scope = <None>
# Timeout value for http requests (integer value)
#timeout = <None>
# ID of the trust to use as a trustee use (string value)
#trust_id = <None>
# User's domain id (string value)
#user_domain_id = <None>
# User's domain name (string value)
#user_domain_name = <None>
# User id (string value)
#user_id = <None>
# Username (string value)
# Deprecated group/name - [glance]/user_name
#username = <None>
[healthcheck]
#
# From oslo.middleware
#
# DEPRECATED: The path to respond to healtcheck requests on. (string
# value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#path = /healthcheck
# Show more detailed information as part of the response. Security
# note: Enabling this option may expose sensitive details about the
# service being monitored. Be sure to verify that it will not violate
# your security policies. (boolean value)
#detailed = false
# Additional backends that can perform health checks and report that
# information back as part of a request. (list value)
#backends =
# A list of network addresses to limit source ip allowed to access
# healthcheck information. Any request from ip outside of these
# network addresses are ignored. (list value)
#allowed_source_ranges =
# Ignore requests with proxy headers. (boolean value)
#ignore_proxied_requests = false
# Check the presence of a file to determine if an application is
# running on a port. Used by DisableByFileHealthcheck plugin. (string
# value)
#disable_by_file_path = <None>
# Check the presence of a file based on a port to determine if an
# application is running on a port. Expects a "port:path" list of
# strings. Used by DisableByFilesPortsHealthcheck plugin. (list value)
#disable_by_file_paths =
# Check the presence of files. Used by EnableByFilesHealthcheck
# plugin. (list value)
#enable_by_file_paths =
[key_manager]
#
# From castellan.config
#
# Specify the key manager implementation. Options are "barbican" and
# "vault". Default is "barbican". Will support the values earlier
# set using [key_manager]/api_class for some time. (string value)
# Deprecated group/name - [key_manager]/api_class
#backend = barbican
# The type of authentication credential to create. Possible values are
# 'token', 'password', 'keystone_token', and 'keystone_password'.
# Required if no context is passed to the credential factory. (string
# value)
#auth_type = <None>
# Token for authentication. Required for 'token' and 'keystone_token'
# auth_type if no context is passed to the credential factory. (string
# value)
#token = <None>
# Username for authentication. Required for 'password' auth_type.
# Optional for the 'keystone_password' auth_type. (string value)
#username = <None>
# Password for authentication. Required for 'password' and
# 'keystone_password' auth_type. (string value)
#password = <None>
# Use this endpoint to connect to Keystone. (string value)
#auth_url = <None>
# User ID for authentication. Optional for 'keystone_token' and
# 'keystone_password' auth_type. (string value)
#user_id = <None>
# User's domain ID for authentication. Optional for 'keystone_token'
# and 'keystone_password' auth_type. (string value)
#user_domain_id = <None>
# User's domain name for authentication. Optional for 'keystone_token'
# and 'keystone_password' auth_type. (string value)
#user_domain_name = <None>
# Trust ID for trust scoping. Optional for 'keystone_token' and
# 'keystone_password' auth_type. (string value)
#trust_id = <None>
# Domain ID for domain scoping. Optional for 'keystone_token' and
# 'keystone_password' auth_type. (string value)
#domain_id = <None>
# Domain name for domain scoping. Optional for 'keystone_token' and
# 'keystone_password' auth_type. (string value)
#domain_name = <None>
# Project ID for project scoping. Optional for 'keystone_token' and
# 'keystone_password' auth_type. (string value)
#project_id = <None>
# Project name for project scoping. Optional for 'keystone_token' and
# 'keystone_password' auth_type. (string value)
#project_name = <None>
# Project's domain ID for project. Optional for 'keystone_token' and
# 'keystone_password' auth_type. (string value)
#project_domain_id = <None>
# Project's domain name for project. Optional for 'keystone_token' and
# 'keystone_password' auth_type. (string value)
#project_domain_name = <None>
# Allow fetching a new token if the current one is going to expire.
# Optional for 'keystone_token' and 'keystone_password' auth_type.
# (boolean value)
#reauthenticate = true
[keystone_authtoken]
#
# From keystonemiddleware.auth_token
#
# Complete "public" Identity API endpoint. This endpoint should not be
# an "admin" endpoint, as it should be accessible by all end users.
# Unauthenticated clients are redirected to this endpoint to
# authenticate. Although this endpoint should ideally be unversioned,
# client support in the wild varies. If you're using a versioned v2
# endpoint here, then this should *not* be the same endpoint the
# service user utilizes for validating tokens, because normal end
# users may not be able to reach that endpoint. (string value)
# Deprecated group/name - [keystone_authtoken]/auth_uri
#www_authenticate_uri = <None>
# DEPRECATED: Complete "public" Identity API endpoint. This endpoint
# should not be an "admin" endpoint, as it should be accessible by all
# end users. Unauthenticated clients are redirected to this endpoint
# to authenticate. Although this endpoint should ideally be
# unversioned, client support in the wild varies. If you're using a
# versioned v2 endpoint here, then this should *not* be the same
# endpoint the service user utilizes for validating tokens, because
# normal end users may not be able to reach that endpoint. This option
# is deprecated in favor of www_authenticate_uri and will be removed
# in the S release. (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason: The auth_uri option is deprecated in favor of
# www_authenticate_uri and will be removed in the S release.
#auth_uri = <None>
# API version of the Identity API endpoint. (string value)
#auth_version = <None>
# Interface to use for the Identity API endpoint. Valid values are
# "public", "internal" (default) or "admin". (string value)
#interface = internal
# Do not handle authorization requests within the middleware, but
# delegate the authorization decision to downstream WSGI components.
# (boolean value)
#delay_auth_decision = false
# Request timeout value for communicating with Identity API server.
# (integer value)
#http_connect_timeout = <None>
# How many times are we trying to reconnect when communicating with
# Identity API Server. (integer value)
#http_request_max_retries = 3
# Request environment key where the Swift cache object is stored. When
# auth_token middleware is deployed with a Swift cache, use this
# option to have the middleware share a caching backend with swift.
# Otherwise, use the ``memcached_servers`` option instead. (string
# value)
#cache = <None>
# Required if identity server requires client certificate (string
# value)
#certfile = <None>
# Required if identity server requires client certificate (string
# value)
#keyfile = <None>
# A PEM encoded Certificate Authority to use when verifying HTTPs
# connections. Defaults to system CAs. (string value)
#cafile = <None>
# Verify HTTPS connections. (boolean value)
#insecure = false
# The region in which the identity server can be found. (string value)
#region_name = <None>
# Optionally specify a list of memcached server(s) to use for caching.
# If left undefined, tokens will instead be cached in-process. (list
# value)
# Deprecated group/name - [keystone_authtoken]/memcache_servers
#memcached_servers = <None>
# In order to prevent excessive effort spent validating tokens, the
# middleware caches previously-seen tokens for a configurable duration
# (in seconds). Set to -1 to disable caching completely. (integer
# value)
#token_cache_time = 300
# (Optional) If defined, indicate whether token data should be
# authenticated or authenticated and encrypted. If MAC, token data is
# authenticated (with HMAC) in the cache. If ENCRYPT, token data is
# encrypted and authenticated in the cache. If the value is not one of
# these options or empty, auth_token will raise an exception on
# initialization. (string value)
# Possible values:
# None - <No description provided>
# MAC - <No description provided>
# ENCRYPT - <No description provided>
#memcache_security_strategy = None
# (Optional, mandatory if memcache_security_strategy is defined) This
# string is used for key derivation. (string value)
#memcache_secret_key = <None>
# (Optional) Global toggle for TLS usage when comunicating with the
# caching servers. (boolean value)
#memcache_tls_enabled = false
# (Optional) Path to a file of concatenated CA certificates in PEM
# format necessary to establish the caching server's authenticity. If
# tls_enabled is False, this option is ignored. (string value)
#memcache_tls_cafile = <None>
# (Optional) Path to a single file in PEM format containing the
# client's certificate as well as any number of CA certificates needed
# to establish the certificate's authenticity. This file is only
# required when client side authentication is necessary. If
# tls_enabled is False, this option is ignored. (string value)
#memcache_tls_certfile = <None>
# (Optional) Path to a single file containing the client's private key
# in. Otherwhise the private key will be taken from the file specified
# in tls_certfile. If tls_enabled is False, this option is ignored.
# (string value)
#memcache_tls_keyfile = <None>
# (Optional) Set the available ciphers for sockets created with the
# TLS context. It should be a string in the OpenSSL cipher list
# format. If not specified, all OpenSSL enabled ciphers will be
# available. (string value)
#memcache_tls_allowed_ciphers = <None>
# (Optional) Number of seconds memcached server is considered dead
# before it is tried again. (integer value)
#memcache_pool_dead_retry = 300
# (Optional) Maximum total number of open connections to every
# memcached server. (integer value)
#memcache_pool_maxsize = 10
# (Optional) Socket timeout in seconds for communicating with a
# memcached server. (integer value)
#memcache_pool_socket_timeout = 3
# (Optional) Number of seconds a connection to memcached is held
# unused in the pool before it is closed. (integer value)
#memcache_pool_unused_timeout = 60
# (Optional) Number of seconds that an operation will wait to get a
# memcached client connection from the pool. (integer value)
#memcache_pool_conn_get_timeout = 10
# (Optional) Use the advanced (eventlet safe) memcached client pool.
# (boolean value)
#memcache_use_advanced_pool = true
# (Optional) Indicate whether to set the X-Service-Catalog header. If
# False, middleware will not ask for service catalog on token
# validation and will not set the X-Service-Catalog header. (boolean
# value)
#include_service_catalog = true
# Used to control the use and type of token binding. Can be set to:
# "disabled" to not check token binding. "permissive" (default) to
# validate binding information if the bind type is of a form known to
# the server and ignore it if not. "strict" like "permissive" but if
# the bind type is unknown the token will be rejected. "required" any
# form of token binding is needed to be allowed. Finally the name of a
# binding method that must be present in tokens. (string value)
#enforce_token_bind = permissive
# A choice of roles that must be present in a service token. Service
# tokens are allowed to request that an expired token can be used and
# so this check should tightly control that only actual services
# should be sending this token. Roles here are applied as an ANY check
# so any role in this list must be present. For backwards
# compatibility reasons this currently only affects the allow_expired
# check. (list value)
#service_token_roles = service
# For backwards compatibility reasons we must let valid service tokens
# pass that don't pass the service_token_roles check as valid. Setting
# this true will become the default in a future release and should be
# enabled if possible. (boolean value)
#service_token_roles_required = false
# The name or type of the service as it appears in the service
# catalog. This is used to validate tokens that have restricted access
# rules. (string value)
#service_type = <None>
# Enable the SASL(Simple Authentication and Security Layer) if the
# SASL_enable is true, else disable. (boolean value)
#memcache_sasl_enabled = false
# the user name for the SASL (string value)
#memcache_username =
# the username password for SASL (string value)
#memcache_password =
# Authentication type to load (string value)
# Deprecated group/name - [keystone_authtoken]/auth_plugin
#auth_type = <None>
# Config Section from which to load plugin specific options (string
# value)
#auth_section = <None>
[neutron]
#
# From manila
#
# URL for connecting to neutron. (string value)
#url = <None>
# DEPRECATED: Timeout value for connecting to neutron in seconds.
# (integer value)
# This option is deprecated for removal since Yoga.
# Its value may be silently ignored in the future.
# Reason: This parameter has had no effect since 2.0.0. The timeout
# parameter should be used instead.
#url_timeout = 30
# DEPRECATED: Auth strategy for connecting to neutron in admin
# context. (string value)
# This option is deprecated for removal since Yoga.
# Its value may be silently ignored in the future.
# Reason: This parameter has had no effect since 2.0.0. Use the
# auth_type parameter to select authentication type
#auth_strategy = keystone
# Endpoint type to be used with neutron client calls. (string value)
# Possible values:
# publicURL - <No description provided>
# internalURL - <No description provided>
# adminURL - <No description provided>
# public - <No description provided>
# internal - <No description provided>
# admin - <No description provided>
#endpoint_type = publicURL
# Region name for connecting to neutron in admin context. (string
# value)
#region_name = <None>
# Authentication URL (string value)
#auth_url = <None>
# Authentication type to load (string value)
# Deprecated group/name - [neutron]/auth_plugin
#auth_type = <None>
# PEM encoded Certificate Authority to use when verifying HTTPs
# connections. (string value)
#cafile = <None>
# PEM encoded client certificate cert file (string value)
#certfile = <None>
# Collect per-API call timing information. (boolean value)
#collect_timing = false
# Optional domain ID to use with v3 and v2 parameters. It will be used
# for both the user and project domain in v3 and ignored in v2
# authentication. (string value)
#default_domain_id = <None>
# Optional domain name to use with v3 API and v2 parameters. It will
# be used for both the user and project domain in v3 and ignored in v2
# authentication. (string value)
#default_domain_name = <None>
# Domain ID to scope to (string value)
#domain_id = <None>
# Domain name to scope to (string value)
#domain_name = <None>
# Verify HTTPS connections. (boolean value)
#insecure = false
# PEM encoded client certificate key file (string value)
#keyfile = <None>
# User's password (string value)
#password = <None>
# Domain ID containing project (string value)
#project_domain_id = <None>
# Domain name containing project (string value)
#project_domain_name = <None>
# Project ID to scope to (string value)
# Deprecated group/name - [neutron]/tenant_id
#project_id = <None>
# Project name to scope to (string value)
# Deprecated group/name - [neutron]/tenant_name
#project_name = <None>
# Log requests to multiple loggers. (boolean value)
#split_loggers = false
# Scope for system operations (string value)
#system_scope = <None>
# Timeout value for http requests (integer value)
#timeout = <None>
# ID of the trust to use as a trustee use (string value)
#trust_id = <None>
# User's domain id (string value)
#user_domain_id = <None>
# User's domain name (string value)
#user_domain_name = <None>
# User id (string value)
#user_id = <None>
# Username (string value)
# Deprecated group/name - [neutron]/user_name
#username = <None>
[nova]
#
# From manila
#
# Version of Nova API to be used. (string value)
#api_microversion = 2.10
# Endpoint type to be used with nova client calls. (string value)
# Possible values:
# publicURL - <No description provided>
# internalURL - <No description provided>
# adminURL - <No description provided>
# public - <No description provided>
# internal - <No description provided>
# admin - <No description provided>
#endpoint_type = publicURL
# Region name for connecting to nova. (string value)
#region_name = <None>
# Authentication URL (string value)
#auth_url = <None>
# Authentication type to load (string value)
# Deprecated group/name - [nova]/auth_plugin
#auth_type = <None>
# PEM encoded Certificate Authority to use when verifying HTTPs
# connections. (string value)
#cafile = <None>
# PEM encoded client certificate cert file (string value)
#certfile = <None>
# Collect per-API call timing information. (boolean value)
#collect_timing = false
# Optional domain ID to use with v3 and v2 parameters. It will be used
# for both the user and project domain in v3 and ignored in v2
# authentication. (string value)
#default_domain_id = <None>
# Optional domain name to use with v3 API and v2 parameters. It will
# be used for both the user and project domain in v3 and ignored in v2
# authentication. (string value)
#default_domain_name = <None>
# Domain ID to scope to (string value)
#domain_id = <None>
# Domain name to scope to (string value)
#domain_name = <None>
# Verify HTTPS connections. (boolean value)
#insecure = false
# PEM encoded client certificate key file (string value)
#keyfile = <None>
# User's password (string value)
#password = <None>
# Domain ID containing project (string value)
#project_domain_id = <None>
# Domain name containing project (string value)
#project_domain_name = <None>
# Project ID to scope to (string value)
# Deprecated group/name - [nova]/tenant_id
#project_id = <None>
# Project name to scope to (string value)
# Deprecated group/name - [nova]/tenant_name
#project_name = <None>
# Log requests to multiple loggers. (boolean value)
#split_loggers = false
# Scope for system operations (string value)
#system_scope = <None>
# Timeout value for http requests (integer value)
#timeout = <None>
# ID of the trust to use as a trustee use (string value)
#trust_id = <None>
# User's domain id (string value)
#user_domain_id = <None>
# User's domain name (string value)
#user_domain_name = <None>
# User id (string value)
#user_id = <None>
# Username (string value)
# Deprecated group/name - [nova]/user_name
#username = <None>
[oslo_concurrency]
#
# From oslo.concurrency
#
# Enables or disables inter-process locks. (boolean value)
#disable_process_locking = false
# Directory to use for lock files. For security, the specified
# directory should only be writable by the user running the processes
# that need locking. Defaults to environment variable OSLO_LOCK_PATH.
# If external locks are used, a lock path must be set. (string value)
#lock_path = <None>
[oslo_messaging_kafka]
#
# From oslo.messaging
#
# Max fetch bytes of Kafka consumer (integer value)
#kafka_max_fetch_bytes = 1048576
# Default timeout(s) for Kafka consumers (floating point value)
#kafka_consumer_timeout = 1.0
# Group id for Kafka consumer. Consumers in one group will coordinate
# message consumption (string value)
#consumer_group = oslo_messaging_consumer
# Upper bound on the delay for KafkaProducer batching in seconds
# (floating point value)
#producer_batch_timeout = 0.0
# Size of batch for the producer async send (integer value)
#producer_batch_size = 16384
# The compression codec for all data generated by the producer. If not
# set, compression will not be used. Note that the allowed values of
# this depend on the kafka version (string value)
# Possible values:
# none - <No description provided>
# gzip - <No description provided>
# snappy - <No description provided>
# lz4 - <No description provided>
# zstd - <No description provided>
#compression_codec = none
# Enable asynchronous consumer commits (boolean value)
#enable_auto_commit = false
# The maximum number of records returned in a poll call (integer
# value)
#max_poll_records = 500
# Protocol used to communicate with brokers (string value)
# Possible values:
# PLAINTEXT - <No description provided>
# SASL_PLAINTEXT - <No description provided>
# SSL - <No description provided>
# SASL_SSL - <No description provided>
#security_protocol = PLAINTEXT
# Mechanism when security protocol is SASL (string value)
#sasl_mechanism = PLAIN
# CA certificate PEM file used to verify the server certificate
# (string value)
#ssl_cafile =
# Client certificate PEM file used for authentication. (string value)
#ssl_client_cert_file =
# Client key PEM file used for authentication. (string value)
#ssl_client_key_file =
# Client key password file used for authentication. (string value)
#ssl_client_key_password =
[oslo_messaging_notifications]
#
# From oslo.messaging
#
# The Drivers(s) to handle sending notifications. Possible values are
# messaging, messagingv2, routing, log, test, noop (multi valued)
#driver =
# A URL representing the messaging driver to use for notifications. If
# not set, we fall back to the same configuration used for RPC.
# (string value)
#transport_url = <None>
# AMQP topic used for OpenStack notifications. (list value)
#topics = notifications
# The maximum number of attempts to re-send a notification message
# which failed to be delivered due to a recoverable error. 0 - No
# retry, -1 - indefinite (integer value)
#retry = -1
[oslo_messaging_rabbit]
#
# From oslo.messaging
#
# Use durable queues in AMQP. If rabbit_quorum_queue is enabled,
# queues will be durable and this value will be ignored. (boolean
# value)
#amqp_durable_queues = false
# Auto-delete queues in AMQP. (boolean value)
#amqp_auto_delete = false
# Size of RPC connection pool. (integer value)
# Minimum value: 1
#rpc_conn_pool_size = 30
# The pool size limit for connections expiration policy (integer
# value)
#conn_pool_min_size = 2
# The time-to-live in sec of idle connections in the pool (integer
# value)
#conn_pool_ttl = 1200
# Connect over SSL. (boolean value)
#ssl = false
# SSL version to use (valid only if SSL enabled). Valid values are
# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be
# available on some distributions. (string value)
#ssl_version =
# SSL key file (valid only if SSL enabled). (string value)
#ssl_key_file =
# SSL cert file (valid only if SSL enabled). (string value)
#ssl_cert_file =
# SSL certification authority file (valid only if SSL enabled).
# (string value)
#ssl_ca_file =
# Global toggle for enforcing the OpenSSL FIPS mode. This feature
# requires Python support. This is available in Python 3.9 in all
# environments and may have been backported to older Python versions
# on select environments. If the Python executable used does not
# support OpenSSL FIPS mode, an exception will be raised. (boolean
# value)
#ssl_enforce_fips_mode = false
# DEPRECATED: (DEPRECATED) It is recommend not to use this option
# anymore. Run the health check heartbeat thread through a native
# python thread by default. If this option is equal to False then the
# health check heartbeat will inherit the execution model from the
# parent process. For example if the parent process has monkey patched
# the stdlib by using eventlet/greenlet then the heartbeat will be run
# through a green thread. This option should be set to True only for
# the wsgi services. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The option is related to Eventlet which will be removed. In
# addition this has never worked as expected with services using
# eventlet for core service framework.
#heartbeat_in_pthread = false
# How long to wait (in seconds) before reconnecting in response to an
# AMQP consumer cancel notification. (floating point value)
# Minimum value: 0.0
# Maximum value: 4.5
#kombu_reconnect_delay = 1.0
# Random time to wait for when reconnecting in response to an AMQP
# consumer cancel notification. (floating point value)
# Minimum value: 0.0
#kombu_reconnect_splay = 0.0
# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
# will not be used. This option may not be available in future
# versions. (string value)
#kombu_compression = <None>
# How long to wait a missing client before abandoning to send it its
# replies. This value should not be longer than rpc_response_timeout.
# (integer value)
# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
#kombu_missing_consumer_retry_timeout = 60
# Determines how the next RabbitMQ node is chosen in case the one we
# are currently connected to becomes unavailable. Takes effect only if
# more than one RabbitMQ node is provided in config. (string value)
# Possible values:
# round-robin - <No description provided>
# shuffle - <No description provided>
#kombu_failover_strategy = round-robin
# The RabbitMQ login method. (string value)
# Possible values:
# PLAIN - <No description provided>
# AMQPLAIN - <No description provided>
# EXTERNAL - <No description provided>
# RABBIT-CR-DEMO - <No description provided>
#rabbit_login_method = AMQPLAIN
# How frequently to retry connecting with RabbitMQ. (integer value)
# Minimum value: 1
#rabbit_retry_interval = 1
# How long to backoff for between retries when connecting to RabbitMQ.
# (integer value)
# Minimum value: 0
#rabbit_retry_backoff = 2
# Maximum interval of RabbitMQ connection retries. (integer value)
# Minimum value: 1
#rabbit_interval_max = 30
# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change
# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0,
# queue mirroring is no longer controlled by the x-ha-policy argument
# when declaring a queue. If you just want to make sure that all
# queues (except those with auto-generated names) are mirrored across
# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-
# mode": "all"}' " (boolean value)
#rabbit_ha_queues = false
# Use quorum queues in RabbitMQ (x-queue-type: quorum). The quorum
# queue is a modern queue type for RabbitMQ implementing a durable,
# replicated FIFO queue based on the Raft consensus algorithm. It is
# available as of RabbitMQ 3.8.0. If set this option will conflict
# with the HA queues (``rabbit_ha_queues``) aka mirrored queues, in
# other words the HA queues should be disabled. Quorum queues are also
# durable by default so the amqp_durable_queues option is ignored when
# this option is enabled. (boolean value)
#rabbit_quorum_queue = false
# Use quorum queues for transients queues in RabbitMQ. Enabling this
# option will then make sure those queues are also using quorum kind
# of rabbit queues, which are HA by default. (boolean value)
#rabbit_transient_quorum_queue = false
# Each time a message is redelivered to a consumer, a counter is
# incremented. Once the redelivery count exceeds the delivery limit
# the message gets dropped or dead-lettered (if a DLX exchange has
# been configured) Used only when rabbit_quorum_queue is enabled,
# Default 0 which means dont set a limit. (integer value)
#rabbit_quorum_delivery_limit = 0
# By default all messages are maintained in memory if a quorum queue
# grows in length it can put memory pressure on a cluster. This option
# can limit the number of messages in the quorum queue. Used only when
# rabbit_quorum_queue is enabled, Default 0 which means dont set a
# limit. (integer value)
#rabbit_quorum_max_memory_length = 0
# By default all messages are maintained in memory if a quorum queue
# grows in length it can put memory pressure on a cluster. This option
# can limit the number of memory bytes used by the quorum queue. Used
# only when rabbit_quorum_queue is enabled, Default 0 which means dont
# set a limit. (integer value)
#rabbit_quorum_max_memory_bytes = 0
# Positive integer representing duration in seconds for queue TTL
# (x-expires). Queues which are unused for the duration of the TTL are
# automatically deleted. The parameter affects only reply and fanout
# queues. Setting 0 as value will disable the x-expires. If doing so,
# make sure you have a rabbitmq policy to delete the queues or you
# deployment will create an infinite number of queue over time.In case
# rabbit_stream_fanout is set to True, this option will control data
# retention policy (x-max-age) for messages in the fanout queue rather
# then the queue duration itself. So the oldest data in the stream
# queue will be discarded from it once reaching TTL Setting to 0 will
# disable x-max-age for stream which make stream grow indefinitely
# filling up the diskspace (integer value)
# Minimum value: 0
#rabbit_transient_queues_ttl = 1800
# Specifies the number of messages to prefetch. Setting to zero allows
# unlimited messages. (integer value)
#rabbit_qos_prefetch_count = 0
# Number of seconds after which the Rabbit broker is considered down
# if heartbeat's keep-alive fails (0 disables heartbeat). (integer
# value)
#heartbeat_timeout_threshold = 60
# How often times during the heartbeat_timeout_threshold we check the
# heartbeat. (integer value)
#heartbeat_rate = 3
# DEPRECATED: (DEPRECATED) Enable/Disable the RabbitMQ mandatory flag
# for direct send. The direct send is used as reply, so the
# MessageUndeliverable exception is raised in case the client queue
# does not exist.MessageUndeliverable exception will be used to loop
# for a timeout to lets a chance to sender to recover.This flag is
# deprecated and it will not be possible to deactivate this
# functionality anymore (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: Mandatory flag no longer deactivable.
#direct_mandatory_flag = true
# Enable x-cancel-on-ha-failover flag so that rabbitmq server will
# cancel and notify consumerswhen queue is down (boolean value)
#enable_cancel_on_failover = false
# Should we use consistant queue names or random ones (boolean value)
#use_queue_manager = false
# Hostname used by queue manager. Defaults to the value returned by
# socket.gethostname(). (string value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#hostname = node1.example.com
# Process name used by queue manager (string value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#processname = nova-api
# Use stream queues in RabbitMQ (x-queue-type: stream). Streams are a
# new persistent and replicated data structure ("queue type") in
# RabbitMQ which models an append-only log with non-destructive
# consumer semantics. It is available as of RabbitMQ 3.9.0. If set
# this option will replace all fanout queues with only one stream
# queue. (boolean value)
#rabbit_stream_fanout = false
[oslo_middleware]
#
# From oslo.middleware
#
# The maximum body size for each request, in bytes. (integer value)
#max_request_body_size = 114688
# Whether the application is behind a proxy or not. This determines if
# the middleware should parse the headers or not. (boolean value)
#enable_proxy_headers_parsing = false
# HTTP basic auth password file. (string value)
#http_basic_auth_user_file = /etc/htpasswd
[oslo_policy]
#
# From oslo.policy
#
# DEPRECATED: This option controls whether or not to enforce scope
# when evaluating policies. If ``True``, the scope of the token used
# in the request is compared to the ``scope_types`` of the policy
# being enforced. If the scopes do not match, an ``InvalidScope``
# exception will be raised. If ``False``, a message will be logged
# informing operators that policies are being invoked with mismatching
# scope. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This configuration was added temporarily to facilitate a
# smooth transition to the new RBAC. OpenStack will always enforce
# scope checks. This configuration option is deprecated and will be
# removed in the 2025.2 cycle.
#enforce_scope = true
# This option controls whether or not to use old deprecated defaults
# when evaluating policies. If ``True``, the old deprecated defaults
# are not going to be evaluated. This means if any existing token is
# allowed for old defaults but is disallowed for new defaults, it will
# be disallowed. It is encouraged to enable this flag along with the
# ``enforce_scope`` flag so that you can get the benefits of new
# defaults and ``scope_type`` together. If ``False``, the deprecated
# policy check string is logically OR'd with the new policy check
# string, allowing for a graceful upgrade experience between releases
# with new policies, which is the default behavior. (boolean value)
#enforce_new_defaults = true
# The relative or absolute path of a file that maps roles to
# permissions for a given service. Relative paths must be specified in
# relation to the configuration file setting this option. (string
# value)
#policy_file = policy.yaml
# Default rule. Enforced when a requested rule is not found. (string
# value)
#policy_default_rule = default
# Directories where policy configuration files are stored. They can be
# relative to any directory in the search path defined by the
# config_dir option, or absolute paths. The file defined by
# policy_file must exist for these directories to be searched.
# Missing or empty directories are ignored. (multi valued)
#policy_dirs = policy.d
# Content Type to send and receive data for REST based policy check
# (string value)
# Possible values:
# application/x-www-form-urlencoded - <No description provided>
# application/json - <No description provided>
#remote_content_type = application/x-www-form-urlencoded
# server identity verification for REST based policy check (boolean
# value)
#remote_ssl_verify_server_crt = false
# Absolute path to ca cert file for REST based policy check (string
# value)
#remote_ssl_ca_crt_file = <None>
# Absolute path to client cert for REST based policy check (string
# value)
#remote_ssl_client_crt_file = <None>
# Absolute path client key file REST based policy check (string value)
#remote_ssl_client_key_file = <None>
# Timeout in seconds for REST based policy check (floating point
# value)
# Minimum value: 0
#remote_timeout = 60
[oslo_reports]
#
# From oslo.reports
#
# Path to a log directory where to create a file (string value)
#log_dir = <None>
# The path to a file to watch for changes to trigger the reports,
# instead of signals. Setting this option disables the signal trigger
# for the reports. If application is running as a WSGI application it
# is recommended to use this instead of signals. (string value)
#file_event_handler = <None>
# How many seconds to wait between polls when file_event_handler is
# set (integer value)
#file_event_handler_interval = 1
[quota]
#
# From manila
#
# Number of shares allowed per project. (integer value)
# Deprecated group/name - [DEFAULT]/quota_shares
#shares = 50
# Number of share snapshots allowed per project. (integer value)
# Deprecated group/name - [DEFAULT]/quota_snapshots
#snapshots = 50
# Number of share gigabytes allowed per project. (integer value)
# Deprecated group/name - [DEFAULT]/quota_gigabytes
#gigabytes = 1000
# Max size allowed per share, in gigabytes. (integer value)
# Deprecated group/name - [DEFAULT]/quota_per_share_gigabytes
#per_share_gigabytes = -1
# Number of snapshot gigabytes allowed per project. (integer value)
# Deprecated group/name - [DEFAULT]/quota_snapshot_gigabytes
#snapshot_gigabytes = 1000
# Number of share-networks allowed per project. (integer value)
# Deprecated group/name - [DEFAULT]/quota_share_networks
#share_networks = 10
# Number of share-replicas allowed per project. (integer value)
# Deprecated group/name - [DEFAULT]/quota_share_replicas
#share_replicas = 100
# Number of replica gigabytes allowed per project. (integer value)
# Deprecated group/name - [DEFAULT]/quota_replica_gigabytes
#replica_gigabytes = 1000
# Number of share groups allowed. (integer value)
# Deprecated group/name - [DEFAULT]/quota_share_groups
#share_groups = 50
# Number of share group snapshots allowed. (integer value)
# Deprecated group/name - [DEFAULT]/quota_share_group_snapshots
#share_group_snapshots = 50
# Number of seconds until a reservation expires. (integer value)
#reservation_expire = 86400
# Count of reservations until usage is refreshed. (integer value)
#until_refresh = 0
# Number of seconds between subsequent usage refreshes. (integer
# value)
#max_age = 0
# Default driver to use for quota checks. (string value)
# Deprecated group/name - [DEFAULT]/quota_driver
#driver = manila.quota.DbQuotaDriver
# Number of share backups allowed per project. (integer value)
# Deprecated group/name - [DEFAULT]/quota_backups
#backups = 10
# Total amount of storage, in gigabytes, allowed for backups per
# project. (integer value)
# Deprecated group/name - [DEFAULT]/quota_backup_gigabytes
#backup_gigabytes = 1000
# Number of encryption keys allowed per project. (integer value)
#encryption_keys = 100
[ssl]
#
# From oslo.service.sslutils
#
# DEPRECATED: CA certificate file to use to verify connecting clients.
# (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'ca_file' option is deprecated and will be removed in a
# future release.
#ca_file = <None>
# DEPRECATED: Certificate file to use when starting the server
# securely. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'cert_file' option is deprecated and will be removed in
# a future release.
#cert_file = <None>
# DEPRECATED: Private key file to use when starting the server
# securely. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'key_file' option is deprecated and will be removed in a
# future release.
#key_file = <None>
# DEPRECATED: SSL version to use (valid only if SSL enabled). Valid
# values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may
# be available on some distributions. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'version' option is deprecated and will be removed in a
# future release.
#version = <None>
# DEPRECATED: Sets the list of available ciphers. value should be a
# string in the OpenSSL cipher list format. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: The 'ciphers' option is deprecated and will be removed in a
# future release.
#ciphers = <None>
[vault]
#
# From castellan.config
#
# root token for vault (string value)
#root_token_id = <None>
# AppRole role_id for authentication with vault (string value)
#approle_role_id = <None>
# AppRole secret_id for authentication with vault (string value)
#approle_secret_id = <None>
# Mountpoint of KV store in Vault to use, for example: secret (string
# value)
#kv_mountpoint = secret
# Path relative to root of KV store in Vault to use. (string value)
#kv_path = <None>
# Version of KV store in Vault to use, for example: 2 (integer value)
#kv_version = 2
# Use this endpoint to connect to Vault, for example:
# "http://127.0.0.1:8200" (string value)
#vault_url = http://127.0.0.1:8200
# Absolute path to ca cert file (string value)
#ssl_ca_crt_file = <None>
# SSL Enabled/Disabled (boolean value)
#use_ssl = false
# Vault Namespace to use for all requests to Vault. Vault Namespaces
# feature is available only in Vault Enterprise (string value)
#namespace = <None>
# Timeout (in seconds) in each request to Vault (floating point value)
#timeout = 60
