summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/source/_static/masakari.conf.sample1913
-rw-r--r--doc/source/_static/masakari.policy.json.sample10
-rw-r--r--doc/source/index.rst12
-rw-r--r--doc/source/masakari_overview.rst42
-rw-r--r--doc/source/operators_guide.rst23
-rw-r--r--doc/source/sample_config.rst54
-rw-r--r--doc/source/sample_policy.rst9
7 files changed, 2063 insertions, 0 deletions
diff --git a/doc/source/_static/masakari.conf.sample b/doc/source/_static/masakari.conf.sample
new file mode 100644
index 0000000..5566e54
--- /dev/null
+++ b/doc/source/_static/masakari.conf.sample
@@ -0,0 +1,1913 @@
1[DEFAULT]
2
3#
4# From masakari.conf
5#
6
7#
8# This determines the strategy to use for authentication: keystone or noauth2.
9# 'noauth2' is designed for testing only, as it does no actual credential
10# checking. 'noauth2' provides administrative credentials only if 'admin' is
11# specified as the username.
12#
13# * Possible values:
14#
15# Either 'keystone' (default) or 'noauth2'.
16#
17# * Services that use this:
18#
19# ``masakari-api``
20#
21# * Related options:
22#
23# None
24# (string value)
25# Allowed values: keystone, noauth2
26#auth_strategy = keystone
27
28#
29# When True, the 'X-Forwarded-For' header is treated as the canonical remote
30# address. When False (the default), the 'remote_address' header is used.
31#
32# You should only enable this if you have an HTML sanitizing proxy.
33#
34# * Possible values:
35#
36# True, False (default)
37#
38# * Services that use this:
39#
40# ``masakari-api``
41#
42# * Related options:
43#
44# None
45# (boolean value)
46#use_forwarded_for = false
47
48#
49# As a query can potentially return many thousands of items, you can limit the
50# maximum number of items in a single response by setting this option.
51#
52# * Possible values:
53#
54# Any positive integer. Default is 1000.
55#
56# * Services that use this:
57#
58# ``masakari-api``
59#
60# * Related options:
61#
62# None
63# (integer value)
64#osapi_max_limit = 1000
65
66#
67# This string is prepended to the normal URL that is returned in links to the
68# OpenStack Masakari API. If it is empty (the default), the URLs are returned
69# unchanged.
70#
71# * Possible values:
72#
73# Any string, including an empty string (the default).
74#
75# * Services that use this:
76#
77# ``masakari-api``
78#
79# * Related options:
80#
81# None
82# (string value)
83#osapi_masakari_link_prefix = <None>
84
85# Explicitly specify the temporary working directory. (string value)
86#tempdir = <None>
87
88#
89# Determine if monkey patching should be applied.
90#
91# Related options:
92#
93# * ``monkey_patch_modules``: This must have values set for this option to
94# have
95# any effect
96# (boolean value)
97#monkey_patch = false
98
99#
100# List of modules/decorators to monkey patch.
101#
102# This option allows you to patch a decorator for all functions in specified
103# modules.
104#
105# Related options:
106#
107# * ``monkey_patch``: This must be set to ``True`` for this option to
108# have any effect
109# (list value)
110#monkey_patch_modules = masakari.api:masakari.cmd
111
112#
113# This is the message queue topic that the masakari engine 'listens' on. It is
114# used when the masakari engine is started up to configure the queue, and
115# whenever an RPC call to the masakari engine is made.
116#
117# * Possible values:
118#
119# Any string, but there is almost never any reason to ever change this value
120# from its default of 'engine'.
121#
122# * Services that use this:
123#
124# ``masakari-engine``
125#
126# * Related options:
127#
128# None
129# (string value)
130#masakari_topic = ha_engine
131
132# Interval in seconds for identifying duplicate notifications. If the
133# notification received is identical to the previous ones whose status is either
134# new or running and if it's created_timestamp and the current timestamp is less
135# than this config option value, then the notification will be considered as
136# duplicate and it will be ignored. (integer value)
137# Minimum value: 0
138#duplicate_notification_detection_interval = 180
139
140# Number of seconds to wait after a service is enabled or disabled. (integer
141# value)
142#wait_period_after_service_update = 180
143
144# Wait until instance is evacuated (integer value)
145#wait_period_after_evacuation = 90
146
147# The monitoring interval for looping (integer value)
148#verify_interval = 1
149
150# Number of seconds to wait for instance to shut down (integer value)
151#wait_period_after_power_off = 60
152
153# Number of seconds to wait for instance to start (integer value)
154#wait_period_after_power_on = 60
155
156# Interval in seconds for processing notifications which are in error or new
157# state. (integer value)
158#process_unfinished_notifications_interval = 120
159
160# Interval in seconds for identifying notifications which are in new state. If
161# the notification is in new state till this config option value after it's
162# generated_time, then it is considered that notification is ignored by the
163# messaging queue and will be processed by 'process_unfinished_notifications'
164# periodic task. (integer value)
165#retry_notification_new_status_interval = 60
166
167# Number of threads to be used for evacuating and confirming instances during
168# execution of host_failure workflow. (integer value)
169# Minimum value: 1
170#host_failure_recovery_threads = 3
171
172#
173# Defines which driver to use for executing notification workflows.
174# (string value)
175#notification_driver = taskflow_driver
176
177# Make exception message format errors fatal (boolean value)
178#fatal_exception_format_errors = false
179
180# Match this value when searching for nova in the service catalog. Format is:
181# separated values of the form: <service_type>:<service_name>:<endpoint_type>
182# (string value)
183#nova_catalog_admin_info = compute:Compute Service:publicURL
184
185# Region name of this node (string value)
186#os_region_name = <None>
187
188# Location of ca certificates file to use for nova client requests. (string
189# value)
190#nova_ca_certificates_file = <None>
191
192# Allow to perform insecure SSL requests to nova (boolean value)
193#nova_api_insecure = false
194
195# OpenStack privileged account username. Used for requests to other services
196# (such as Nova) that require an account with special rights. (string value)
197#os_privileged_user_name = <None>
198
199# Password associated with the OpenStack privileged account. (string value)
200#os_privileged_user_password = <None>
201
202# Tenant name associated with the OpenStack privileged account. (string value)
203#os_privileged_user_tenant = <None>
204
205# Auth URL associated with the OpenStack privileged account. (uri value)
206#os_privileged_user_auth_url = <None>
207
208# Directory where the masakari python module is installed (string value)
209#pybasedir = /opt/stack/masakari
210
211# Directory where masakari binaries are installed (string value)
212#bindir = /opt/stack/masakari/.tox/genconfig/local/bin
213
214# Top-level directory for maintaining masakari's state (string value)
215#state_path = $pybasedir
216
217#
218# Hostname, FQDN or IP address of this host. Must be valid within AMQP key.
219#
220# Possible values:
221#
222# * String with hostname, FQDN or IP address. Default is hostname of this host.
223# (unknown value)
224#host = openstack1-VirtualBox
225
226# Full class name for the Manager for masakari engine (string value)
227#engine_manager = masakari.engine.manager.MasakariManager
228
229# Seconds between nodes reporting state to datastore (integer value)
230#report_interval = 10
231
232# Enable periodic tasks (boolean value)
233#periodic_enable = true
234
235# Max interval time between periodic tasks execution in seconds. (integer value)
236#periodic_interval_max = 300
237
238# Range of seconds to randomly delay when starting the periodic task scheduler
239# to reduce stampeding. (Disable by setting to 0) (integer value)
240#periodic_fuzzy_delay = 60
241
242# Use APIs with SSL enabled (boolean value)
243#use_ssl = false
244
245# The IP address on which the Masakari API will listen. (unknown value)
246#masakari_api_listen = 0.0.0.0
247
248# The port on which the Masakari API will listen. (integer value)
249# Minimum value: 1
250# Maximum value: 65535
251#masakari_api_listen_port = 15868
252
253# Number of workers for Masakari API service. The default will be the number of
254# CPUs available. (integer value)
255#masakari_api_workers = <None>
256
257# Maximum time since last check-in for up service (integer value)
258#service_down_time = 60
259
260#
261# From oslo.config
262#
263
264# Path to a config file to use. Multiple config files can be specified, with
265# values in later files taking precedence. Defaults to %(default)s. (unknown
266# value)
267#config_file = ~/.project/project.conf,~/project.conf,/etc/project/project.conf,/etc/project.conf
268
269# Path to a config directory to pull `*.conf` files from. This file set is
270# sorted, so as to provide a predictable parse order if individual options are
271# over-ridden. The set is parsed after the file(s) specified via previous
272# --config-file, arguments hence over-ridden options in the directory take
273# precedence. (list value)
274#config_dir = ~/.project/project.conf.d/,~/project.conf.d/,/etc/project/project.conf.d/,/etc/project.conf.d/
275
276#
277# From oslo.log
278#
279
280# If set to true, the logging level will be set to DEBUG instead of the default
281# INFO level. (boolean value)
282# Note: This option can be changed without restarting.
283#debug = false
284
285# The name of a logging configuration file. This file is appended to any
286# existing logging configuration files. For details about logging configuration
287# files, see the Python logging module documentation. Note that when logging
288# configuration files are used then all logging configuration is set in the
289# configuration file and other logging configuration options are ignored (for
290# example, logging_context_format_string). (string value)
291# Note: This option can be changed without restarting.
292# Deprecated group/name - [DEFAULT]/log_config
293#log_config_append = <None>
294
295# Defines the format string for %%(asctime)s in log records. Default:
296# %(default)s . This option is ignored if log_config_append is set. (string
297# value)
298#log_date_format = %Y-%m-%d %H:%M:%S
299
300# (Optional) Name of log file to send logging output to. If no default is set,
301# logging will go to stderr as defined by use_stderr. This option is ignored if
302# log_config_append is set. (string value)
303# Deprecated group/name - [DEFAULT]/logfile
304#log_file = <None>
305
306# (Optional) The base directory used for relative log_file paths. This option
307# is ignored if log_config_append is set. (string value)
308# Deprecated group/name - [DEFAULT]/logdir
309#log_dir = <None>
310
311# Uses logging handler designed to watch file system. When log file is moved or
312# removed this handler will open a new log file with specified path
313# instantaneously. It makes sense only if log_file option is specified and Linux
314# platform is used. This option is ignored if log_config_append is set. (boolean
315# value)
316#watch_log_file = false
317
318# Use syslog for logging. Existing syslog format is DEPRECATED and will be
319# changed later to honor RFC5424. This option is ignored if log_config_append is
320# set. (boolean value)
321#use_syslog = false
322
323# Enable journald for logging. If running in a systemd environment you may wish
324# to enable journal support. Doing so will use the journal native protocol which
325# includes structured metadata in addition to log messages.This option is
326# ignored if log_config_append is set. (boolean value)
327#use_journal = false
328
329# Syslog facility to receive log lines. This option is ignored if
330# log_config_append is set. (string value)
331#syslog_log_facility = LOG_USER
332
333# Log output to standard error. This option is ignored if log_config_append is
334# set. (boolean value)
335#use_stderr = false
336
337# Format string to use for log messages with context. (string value)
338#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
339
340# Format string to use for log messages when context is undefined. (string
341# value)
342#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
343
344# Additional data to append to log message when logging level for the message is
345# DEBUG. (string value)
346#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
347
348# Prefix each line of exception output with this format. (string value)
349#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
350
351# Defines the format string for %(user_identity)s that is used in
352# logging_context_format_string. (string value)
353#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
354
355# List of package logging levels in logger=LEVEL pairs. This option is ignored
356# if log_config_append is set. (list value)
357#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
358
359# Enables or disables publication of error events. (boolean value)
360#publish_errors = false
361
362# The format for an instance that is passed with the log message. (string value)
363#instance_format = "[instance: %(uuid)s] "
364
365# The format for an instance UUID that is passed with the log message. (string
366# value)
367#instance_uuid_format = "[instance: %(uuid)s] "
368
369# Interval, number of seconds, of log rate limiting. (integer value)
370#rate_limit_interval = 0
371
372# Maximum number of logged messages per rate_limit_interval. (integer value)
373#rate_limit_burst = 0
374
375# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or
376# empty string. Logs with level greater or equal to rate_limit_except_level are
377# not filtered. An empty string means that all levels are filtered. (string
378# value)
379#rate_limit_except_level = CRITICAL
380
381# Enables or disables fatal status of deprecations. (boolean value)
382#fatal_deprecations = false
383
384#
385# From oslo.messaging
386#
387
388# Size of RPC connection pool. (integer value)
389#rpc_conn_pool_size = 30
390
391# The pool size limit for connections expiration policy (integer value)
392#conn_pool_min_size = 2
393
394# The time-to-live in sec of idle connections in the pool (integer value)
395#conn_pool_ttl = 1200
396
397# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
398# The "host" option should point or resolve to this address. (string value)
399#rpc_zmq_bind_address = *
400
401# MatchMaker driver. (string value)
402# Allowed values: redis, sentinel, dummy
403#rpc_zmq_matchmaker = redis
404
405# Number of ZeroMQ contexts, defaults to 1. (integer value)
406#rpc_zmq_contexts = 1
407
408# Maximum number of ingress messages to locally buffer per topic. Default is
409# unlimited. (integer value)
410#rpc_zmq_topic_backlog = <None>
411
412# Directory for holding IPC sockets. (string value)
413#rpc_zmq_ipc_dir = /var/run/openstack
414
415# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
416# "host" option, if running Nova. (string value)
417#rpc_zmq_host = localhost
418
419# Number of seconds to wait before all pending messages will be sent after
420# closing a socket. The default value of -1 specifies an infinite linger period.
421# The value of 0 specifies no linger period. Pending messages shall be discarded
422# immediately when the socket is closed. Positive values specify an upper bound
423# for the linger period. (integer value)
424# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
425#zmq_linger = -1
426
427# The default number of seconds that poll should wait. Poll raises timeout
428# exception when timeout expired. (integer value)
429#rpc_poll_timeout = 1
430
431# Expiration timeout in seconds of a name service record about existing target (
432# < 0 means no timeout). (integer value)
433#zmq_target_expire = 300
434
435# Update period in seconds of a name service record about existing target.
436# (integer value)
437#zmq_target_update = 180
438
439# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
440# value)
441#use_pub_sub = false
442
443# Use ROUTER remote proxy. (boolean value)
444#use_router_proxy = false
445
446# This option makes direct connections dynamic or static. It makes sense only
447# with use_router_proxy=False which means to use direct connections for direct
448# message types (ignored otherwise). (boolean value)
449#use_dynamic_connections = false
450
451# How many additional connections to a host will be made for failover reasons.
452# This option is actual only in dynamic connections mode. (integer value)
453#zmq_failover_connections = 2
454
455# Minimal port number for random ports range. (port value)
456# Minimum value: 0
457# Maximum value: 65535
458#rpc_zmq_min_port = 49153
459
460# Maximal port number for random ports range. (integer value)
461# Minimum value: 1
462# Maximum value: 65536
463#rpc_zmq_max_port = 65536
464
465# Number of retries to find free port number before fail with ZMQBindError.
466# (integer value)
467#rpc_zmq_bind_port_retries = 100
468
469# Default serialization mechanism for serializing/deserializing
470# outgoing/incoming messages (string value)
471# Allowed values: json, msgpack
472#rpc_zmq_serialization = json
473
474# This option configures round-robin mode in zmq socket. True means not keeping
475# a queue when server side disconnects. False means to keep queue and messages
476# even if server is disconnected, when the server appears we send all
477# accumulated messages to it. (boolean value)
478#zmq_immediate = true
479
480# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
481# other negative value) means to skip any overrides and leave it to OS default;
482# 0 and 1 (or any other positive value) mean to disable and enable the option
483# respectively. (integer value)
484#zmq_tcp_keepalive = -1
485
486# The duration between two keepalive transmissions in idle condition. The unit
487# is platform dependent, for example, seconds in Linux, milliseconds in Windows
488# etc. The default value of -1 (or any other negative value and 0) means to skip
489# any overrides and leave it to OS default. (integer value)
490#zmq_tcp_keepalive_idle = -1
491
492# The number of retransmissions to be carried out before declaring that remote
493# end is not available. The default value of -1 (or any other negative value and
494# 0) means to skip any overrides and leave it to OS default. (integer value)
495#zmq_tcp_keepalive_cnt = -1
496
497# The duration between two successive keepalive retransmissions, if
498# acknowledgement to the previous keepalive transmission is not received. The
499# unit is platform dependent, for example, seconds in Linux, milliseconds in
500# Windows etc. The default value of -1 (or any other negative value and 0) means
501# to skip any overrides and leave it to OS default. (integer value)
502#zmq_tcp_keepalive_intvl = -1
503
504# Maximum number of (green) threads to work concurrently. (integer value)
505#rpc_thread_pool_size = 100
506
507# Expiration timeout in seconds of a sent/received message after which it is not
508# tracked anymore by a client/server. (integer value)
509#rpc_message_ttl = 300
510
511# Wait for message acknowledgements from receivers. This mechanism works only
512# via proxy without PUB/SUB. (boolean value)
513#rpc_use_acks = false
514
515# Number of seconds to wait for an ack from a cast/call. After each retry
516# attempt this timeout is multiplied by some specified multiplier. (integer
517# value)
518#rpc_ack_timeout_base = 15
519
520# Number to multiply base ack timeout by after each retry attempt. (integer
521# value)
522#rpc_ack_timeout_multiplier = 2
523
524# Default number of message sending attempts in case of any problems occurred:
525# positive value N means at most N retries, 0 means no retries, None or -1 (or
526# any other negative values) mean to retry forever. This option is used only if
527# acknowledgments are enabled. (integer value)
528#rpc_retry_attempts = 3
529
530# List of publisher hosts SubConsumer can subscribe on. This option has higher
531# priority then the default publishers list taken from the matchmaker. (list
532# value)
533#subscribe_on =
534
535# Size of executor thread pool when executor is threading or eventlet. (integer
536# value)
537# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
538#executor_thread_pool_size = 64
539
540# Seconds to wait for a response from a call. (integer value)
541#rpc_response_timeout = 60
542
543# A URL representing the messaging driver to use and its full configuration.
544# (string value)
545#transport_url = <None>
546
547# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
548# include amqp and zmq. (string value)
549# This option is deprecated for removal.
550# Its value may be silently ignored in the future.
551# Reason: Replaced by [DEFAULT]/transport_url
552#rpc_backend = rabbit
553
554# The default exchange under which topics are scoped. May be overridden by an
555# exchange name specified in the transport_url option. (string value)
556#control_exchange = openstack
557
558#
559# From oslo.service.service
560#
561
562# Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>,
563# where 0 results in listening on a random tcp port number; <port> results in
564# listening on the specified port number (and not enabling backdoor if that port
565# is in use); and <start>:<end> results in listening on the smallest unused port
566# number within the specified range of port numbers. The chosen port is
567# displayed in the service's log file. (string value)
568#backdoor_port = <None>
569
570# Enable eventlet backdoor, using the provided path as a unix socket that can
571# receive connections. This option is mutually exclusive with 'backdoor_port' in
572# that only one should be provided. If both are provided then the existence of
573# this option overrides the usage of that option. (string value)
574#backdoor_socket = <None>
575
576# Enables or disables logging values of all registered options when starting a
577# service (at DEBUG level). (boolean value)
578#log_options = true
579
580# Specify a timeout after which a gracefully shutdown server will exit. Zero
581# value means endless wait. (integer value)
582#graceful_shutdown_timeout = 60
583
584#
585# From oslo.service.wsgi
586#
587
588# File name for the paste.deploy config for api service (string value)
589#api_paste_config = api-paste.ini
590
591# A python format string that is used as the template to generate log lines. The
592# following values can beformatted into it: client_ip, date_time, request_line,
593# status_code, body_length, wall_seconds. (string value)
594#wsgi_log_format = %(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f
595
596# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not
597# supported on OS X. (integer value)
598#tcp_keepidle = 600
599
600# Size of the pool of greenthreads used by wsgi (integer value)
601#wsgi_default_pool_size = 100
602
603# Maximum line size of message headers to be accepted. max_header_line may need
604# to be increased when using large tokens (typically those generated when
605# keystone is configured to use PKI tokens with big service catalogs). (integer
606# value)
607#max_header_line = 16384
608
609# If False, closes the client socket connection explicitly. (boolean value)
610#wsgi_keep_alive = true
611
612# Timeout for client connections' socket operations. If an incoming connection
613# is idle for this number of seconds it will be closed. A value of '0' means
614# wait forever. (integer value)
615#client_socket_timeout = 900
616
617
618[cors]
619
620#
621# From oslo.middleware
622#
623
624# Indicate whether this resource may be shared with the domain received in the
625# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
626# slash. Example: https://horizon.example.com (list value)
627#allowed_origin = <None>
628
629# Indicate that the actual request can include user credentials (boolean value)
630#allow_credentials = true
631
632# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
633# Headers. (list value)
634#expose_headers = X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Service-Token
635
636# Maximum cache age of CORS preflight requests. (integer value)
637#max_age = 3600
638
639# Indicate which methods can be used during the actual request. (list value)
640#allow_methods = GET,PUT,POST,DELETE,PATCH
641
642# Indicate which header field names may be used during the actual request. (list
643# value)
644#allow_headers = X-Auth-Token,X-Openstack-Request-Id,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id
645
646
647[database]
648
649#
650# From oslo.db
651#
652
653# If True, SQLite uses synchronous mode. (boolean value)
654#sqlite_synchronous = true
655
656# The back end to use for the database. (string value)
657# Deprecated group/name - [DEFAULT]/db_backend
658#backend = sqlalchemy
659
660# The SQLAlchemy connection string to use to connect to the database. (string
661# value)
662# Deprecated group/name - [DEFAULT]/sql_connection
663# Deprecated group/name - [DATABASE]/sql_connection
664# Deprecated group/name - [sql]/connection
665#connection = <None>
666
667# The SQLAlchemy connection string to use to connect to the slave database.
668# (string value)
669#slave_connection = <None>
670
671# The SQL mode to be used for MySQL sessions. This option, including the
672# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
673# the server configuration, set this to no value. Example: mysql_sql_mode=
674# (string value)
675#mysql_sql_mode = TRADITIONAL
676
677# If True, transparently enables support for handling MySQL Cluster (NDB).
678# (boolean value)
679#mysql_enable_ndb = false
680
681# Timeout before idle SQL connections are reaped. (integer value)
682# Deprecated group/name - [DEFAULT]/sql_idle_timeout
683# Deprecated group/name - [DATABASE]/sql_idle_timeout
684# Deprecated group/name - [sql]/idle_timeout
685#idle_timeout = 3600
686
687# Minimum number of SQL connections to keep open in a pool. (integer value)
688# Deprecated group/name - [DEFAULT]/sql_min_pool_size
689# Deprecated group/name - [DATABASE]/sql_min_pool_size
690#min_pool_size = 1
691
692# Maximum number of SQL connections to keep open in a pool. Setting a value of 0
693# indicates no limit. (integer value)
694# Deprecated group/name - [DEFAULT]/sql_max_pool_size
695# Deprecated group/name - [DATABASE]/sql_max_pool_size
696#max_pool_size = 5
697
698# Maximum number of database connection retries during startup. Set to -1 to
699# specify an infinite retry count. (integer value)
700# Deprecated group/name - [DEFAULT]/sql_max_retries
701# Deprecated group/name - [DATABASE]/sql_max_retries
702#max_retries = 10
703
704# Interval between retries of opening a SQL connection. (integer value)
705# Deprecated group/name - [DEFAULT]/sql_retry_interval
706# Deprecated group/name - [DATABASE]/reconnect_interval
707#retry_interval = 10
708
709# If set, use this value for max_overflow with SQLAlchemy. (integer value)
710# Deprecated group/name - [DEFAULT]/sql_max_overflow
711# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
712#max_overflow = 50
713
714# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
715# value)
716# Minimum value: 0
717# Maximum value: 100
718# Deprecated group/name - [DEFAULT]/sql_connection_debug
719#connection_debug = 0
720
721# Add Python stack traces to SQL as comment strings. (boolean value)
722# Deprecated group/name - [DEFAULT]/sql_connection_trace
723#connection_trace = false
724
725# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
726# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
727#pool_timeout = <None>
728
729# Enable the experimental use of database reconnect on connection lost. (boolean
730# value)
731#use_db_reconnect = false
732
733# Seconds between retries of a database transaction. (integer value)
734#db_retry_interval = 1
735
736# If True, increases the interval between retries of a database operation up to
737# db_max_retry_interval. (boolean value)
738#db_inc_retry_interval = true
739
740# If db_inc_retry_interval is set, the maximum seconds between retries of a
741# database operation. (integer value)
742#db_max_retry_interval = 10
743
744# Maximum retries in case of connection error or deadlock error before error is
745# raised. Set to -1 to specify an infinite retry count. (integer value)
746#db_max_retries = 20
747
748#
749# From oslo.db.concurrency
750#
751
752# Enable the experimental use of thread pooling for all DB API calls (boolean
753# value)
754# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
755#use_tpool = false
756
757
758[healthcheck]
759
760#
761# From oslo.middleware
762#
763
764# DEPRECATED: The path to respond to healtcheck requests on. (string value)
765# This option is deprecated for removal.
766# Its value may be silently ignored in the future.
767#path = /healthcheck
768
769# Show more detailed information as part of the response (boolean value)
770#detailed = false
771
772# Additional backends that can perform health checks and report that information
773# back as part of a request. (list value)
774#backends =
775
776# Check the presence of a file to determine if an application is running on a
777# port. Used by DisableByFileHealthcheck plugin. (string value)
778#disable_by_file_path = <None>
779
780# Check the presence of a file based on a port to determine if an application is
781# running on a port. Expects a "port:path" list of strings. Used by
782# DisableByFilesPortsHealthcheck plugin. (list value)
783#disable_by_file_paths =
784
785
786[host_failure]
787
788#
789# From masakari.conf
790#
791
792#
793# Operators can decide whether all instances or only those instances which
794# contain metadata key 'HA_Enabled=True' should be allowed for evacuation from
795# a failed source compute node. When set to True, it will evacuate all instances
796# from a failed source compute node. First preference will be given to those
797# instances which contain 'HA_Enabled=True' metadata key, and then it will
798# evacuate the remaining ones. When set to False, it will evacuate only those
799# instances which contain 'HA_Enabled=True' metadata key. (boolean value)
800#evacuate_all_instances = true
801
802#
803# Operators can decide whether reserved_host should be added to aggregate group
804# of failed compute host. When set to True, reserved host will be added to the
805# aggregate group of failed compute host. When set to False, the reserved_host
806# will not be added to the aggregate group of failed compute host. (boolean
807# value)
808#add_reserved_host_to_aggregate = false
809
810
811[instance_failure]
812
813#
814# From masakari.conf
815#
816
817#
818# Operators can decide whether all instances or only those instances which
819# contain metadata key 'HA_Enabled=True' should be taken into account to
820# recover from instance failure events. When set to True, it will execute
821# instance failure recovery actions for an instance irrespective of whether
822# that particular instance contains metadata key 'HA_Enabled=True' or not.
823# When set to False, it will only execute instance failure recovery actions
824# for an instance which contain metadata key 'HA_Enabled=True'. (boolean value)
825#process_all_instances = false
826
827
828[keystone_authtoken]
829
830#
831# From keystonemiddleware.auth_token
832#
833
834# Complete "public" Identity API endpoint. This endpoint should not be an
835# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
836# clients are redirected to this endpoint to authenticate. Although this
837# endpoint should ideally be unversioned, client support in the wild varies. If
838# you're using a versioned v2 endpoint here, then this should *not* be the same
839# endpoint the service user utilizes for validating tokens, because normal end
840# users may not be able to reach that endpoint. (string value)
841#auth_uri = <None>
842
843# API version of the admin Identity API endpoint. (string value)
844#auth_version = <None>
845
846# Do not handle authorization requests within the middleware, but delegate the
847# authorization decision to downstream WSGI components. (boolean value)
848#delay_auth_decision = false
849
850# Request timeout value for communicating with Identity API server. (integer
851# value)
852#http_connect_timeout = <None>
853
854# How many times are we trying to reconnect when communicating with Identity API
855# Server. (integer value)
856#http_request_max_retries = 3
857
858# Request environment key where the Swift cache object is stored. When
859# auth_token middleware is deployed with a Swift cache, use this option to have
860# the middleware share a caching backend with swift. Otherwise, use the
861# ``memcached_servers`` option instead. (string value)
862#cache = <None>
863
864# Required if identity server requires client certificate (string value)
865#certfile = <None>
866
867# Required if identity server requires client certificate (string value)
868#keyfile = <None>
869
870# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
871# Defaults to system CAs. (string value)
872#cafile = <None>
873
874# Verify HTTPS connections. (boolean value)
875#insecure = false
876
877# The region in which the identity server can be found. (string value)
878#region_name = <None>
879
880# DEPRECATED: Directory used to cache files related to PKI tokens. This option
881# has been deprecated in the Ocata release and will be removed in the P release.
882# (string value)
883# This option is deprecated for removal since Ocata.
884# Its value may be silently ignored in the future.
885# Reason: PKI token format is no longer supported.
886#signing_dir = <None>
887
888# Optionally specify a list of memcached server(s) to use for caching. If left
889# undefined, tokens will instead be cached in-process. (list value)
890# Deprecated group/name - [keystone_authtoken]/memcache_servers
891#memcached_servers = <None>
892
893# In order to prevent excessive effort spent validating tokens, the middleware
894# caches previously-seen tokens for a configurable duration (in seconds). Set to
895# -1 to disable caching completely. (integer value)
896#token_cache_time = 300
897
898# DEPRECATED: Determines the frequency at which the list of revoked tokens is
899# retrieved from the Identity service (in seconds). A high number of revocation
900# events combined with a low cache duration may significantly reduce
901# performance. Only valid for PKI tokens. This option has been deprecated in the
902# Ocata release and will be removed in the P release. (integer value)
903# This option is deprecated for removal since Ocata.
904# Its value may be silently ignored in the future.
905# Reason: PKI token format is no longer supported.
906#revocation_cache_time = 10
907
908# (Optional) If defined, indicate whether token data should be authenticated or
909# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
910# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
911# cache. If the value is not one of these options or empty, auth_token will
912# raise an exception on initialization. (string value)
913# Allowed values: None, MAC, ENCRYPT
914#memcache_security_strategy = None
915
916# (Optional, mandatory if memcache_security_strategy is defined) This string is
917# used for key derivation. (string value)
918#memcache_secret_key = <None>
919
920# (Optional) Number of seconds memcached server is considered dead before it is
921# tried again. (integer value)
922#memcache_pool_dead_retry = 300
923
924# (Optional) Maximum total number of open connections to every memcached server.
925# (integer value)
926#memcache_pool_maxsize = 10
927
928# (Optional) Socket timeout in seconds for communicating with a memcached
929# server. (integer value)
930#memcache_pool_socket_timeout = 3
931
932# (Optional) Number of seconds a connection to memcached is held unused in the
933# pool before it is closed. (integer value)
934#memcache_pool_unused_timeout = 60
935
936# (Optional) Number of seconds that an operation will wait to get a memcached
937# client connection from the pool. (integer value)
938#memcache_pool_conn_get_timeout = 10
939
940# (Optional) Use the advanced (eventlet safe) memcached client pool. The
941# advanced pool will only work under python 2.x. (boolean value)
942#memcache_use_advanced_pool = false
943
944# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
945# middleware will not ask for service catalog on token validation and will not
946# set the X-Service-Catalog header. (boolean value)
947#include_service_catalog = true
948
949# Used to control the use and type of token binding. Can be set to: "disabled"
950# to not check token binding. "permissive" (default) to validate binding
951# information if the bind type is of a form known to the server and ignore it if
952# not. "strict" like "permissive" but if the bind type is unknown the token will
953# be rejected. "required" any form of token binding is needed to be allowed.
954# Finally the name of a binding method that must be present in tokens. (string
955# value)
956#enforce_token_bind = permissive
957
958# DEPRECATED: If true, the revocation list will be checked for cached tokens.
959# This requires that PKI tokens are configured on the identity server. (boolean
960# value)
961# This option is deprecated for removal since Ocata.
962# Its value may be silently ignored in the future.
963# Reason: PKI token format is no longer supported.
964#check_revocations_for_cached = false
965
966# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
967# single algorithm or multiple. The algorithms are those supported by Python
968# standard hashlib.new(). The hashes will be tried in the order given, so put
969# the preferred one first for performance. The result of the first hash will be
970# stored in the cache. This will typically be set to multiple values only while
971# migrating from a less secure algorithm to a more secure one. Once all the old
972# tokens are expired this option should be set to a single value for better
973# performance. (list value)
974# This option is deprecated for removal since Ocata.
975# Its value may be silently ignored in the future.
976# Reason: PKI token format is no longer supported.
977#hash_algorithms = md5
978
979# A choice of roles that must be present in a service token. Service tokens are
980# allowed to request that an expired token can be used and so this check should
981# tightly control that only actual services should be sending this token. Roles
982# here are applied as an ANY check so any role in this list must be present. For
983# backwards compatibility reasons this currently only affects the allow_expired
984# check. (list value)
985#service_token_roles = service
986
987# For backwards compatibility reasons we must let valid service tokens pass that
988# don't pass the service_token_roles check as valid. Setting this true will
989# become the default in a future release and should be enabled if possible.
990# (boolean value)
991#service_token_roles_required = false
992
993# Authentication type to load (string value)
994# Deprecated group/name - [keystone_authtoken]/auth_plugin
995#auth_type = <None>
996
997# Config Section from which to load plugin specific options (string value)
998#auth_section = <None>
999
1000
1001[matchmaker_redis]
1002
1003#
1004# From oslo.messaging
1005#
1006
1007# DEPRECATED: Host to locate redis. (string value)
1008# This option is deprecated for removal.
1009# Its value may be silently ignored in the future.
1010# Reason: Replaced by [DEFAULT]/transport_url
1011#host = 127.0.0.1
1012
1013# DEPRECATED: Use this port to connect to redis host. (port value)
1014# Minimum value: 0
1015# Maximum value: 65535
1016# This option is deprecated for removal.
1017# Its value may be silently ignored in the future.
1018# Reason: Replaced by [DEFAULT]/transport_url
1019#port = 6379
1020
1021# DEPRECATED: Password for Redis server (optional). (string value)
1022# This option is deprecated for removal.
1023# Its value may be silently ignored in the future.
1024# Reason: Replaced by [DEFAULT]/transport_url
1025#password =
1026
1027# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
1028# [host:port, host1:port ... ] (list value)
1029# This option is deprecated for removal.
1030# Its value may be silently ignored in the future.
1031# Reason: Replaced by [DEFAULT]/transport_url
1032#sentinel_hosts =
1033
1034# Redis replica set name. (string value)
1035#sentinel_group_name = oslo-messaging-zeromq
1036
1037# Time in ms to wait between connection attempts. (integer value)
1038#wait_timeout = 2000
1039
1040# Time in ms to wait before the transaction is killed. (integer value)
1041#check_timeout = 20000
1042
1043# Timeout in ms on blocking socket operations. (integer value)
1044#socket_timeout = 10000
1045
1046
1047[osapi_v1]
1048
1049#
1050# From masakari.conf
1051#
1052
1053# DEPRECATED:
1054# *DEPRECATED*
1055#
1056# This option is a list of all of the v2.1 API extensions to never load.
1057# However,
1058# it will be removed in the near future, after which the all the functionality
1059# that was previously in extensions will be part of the standard API, and thus
1060# always accessible.
1061#
1062# * Possible values:
1063#
1064# A list of strings, each being the alias of an extension that you do not
1065# wish to load.
1066#
1067# * Services that use this:
1068#
1069# ``masakari-api``
1070#
1071# * Related options:
1072#
1073# enabled, extensions_whitelist
1074# (list value)
1075# This option is deprecated for removal.
1076# Its value may be silently ignored in the future.
1077#extensions_blacklist =
1078
1079# DEPRECATED:
1080# *DEPRECATED*
1081#
1082# This is a list of extensions. If it is empty, then *all* extensions except
1083# those specified in the extensions_blacklist option will be loaded. If it is
1084# not
1085# empty, then only those extensions in this list will be loaded, provided that
1086# they are also not in the extensions_blacklist option. Once this deprecated
1087# option is removed, after which the all the functionality that was previously
1088# in
1089# extensions will be part of the standard API, and thus always accessible.
1090#
1091# * Possible values:
1092#
1093# A list of strings, each being the alias of an extension that you wish to
1094# load, or an empty list, which indicates that all extensions are to be run.
1095#
1096# * Services that use this:
1097#
1098# ``masakari-api``
1099#
1100# * Related options:
1101#
1102# enabled, extensions_blacklist
1103# (list value)
1104# This option is deprecated for removal.
1105# Its value may be silently ignored in the future.
1106#extensions_whitelist =
1107
1108# DEPRECATED:
1109# *DEPRECATED*
1110#
1111# This option is a string representing a regular expression (regex) that matches
1112# the project_id as contained in URLs. If not set, it will match normal UUIDs
1113# created by keystone.
1114#
1115# * Possible values:
1116#
1117# A string representing any legal regular expression
1118#
1119# * Services that use this:
1120#
1121# ``masakari-api``
1122#
1123# * Related options:
1124#
1125# None
1126# (string value)
1127# This option is deprecated for removal.
1128# Its value may be silently ignored in the future.
1129#project_id_regex = <None>
1130
1131
1132[oslo_messaging_amqp]
1133
1134#
1135# From oslo.messaging
1136#
1137
1138# Name for the AMQP container. must be globally unique. Defaults to a generated
1139# UUID (string value)
1140#container_name = <None>
1141
1142# Timeout for inactive connections (in seconds) (integer value)
1143#idle_timeout = 0
1144
1145# Debug: dump AMQP frames to stdout (boolean value)
1146#trace = false
1147
1148# Attempt to connect via SSL. If no other ssl-related parameters are given, it
1149# will use the system's CA-bundle to verify the server's certificate. (boolean
1150# value)
1151#ssl = false
1152
1153# CA certificate PEM file used to verify the server's certificate (string value)
1154#ssl_ca_file =
1155
1156# Self-identifying certificate PEM file for client authentication (string value)
1157#ssl_cert_file =
1158
1159# Private key PEM file used to sign ssl_cert_file certificate (optional) (string
1160# value)
1161#ssl_key_file =
1162
1163# Password for decrypting ssl_key_file (if encrypted) (string value)
1164#ssl_key_password = <None>
1165
1166# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
1167# This option is deprecated for removal.
1168# Its value may be silently ignored in the future.
1169# Reason: Not applicable - not a SSL server
1170#allow_insecure_clients = false
1171
1172# Space separated list of acceptable SASL mechanisms (string value)
1173#sasl_mechanisms =
1174
1175# Path to directory that contains the SASL configuration (string value)
1176#sasl_config_dir =
1177
1178# Name of configuration file (without .conf suffix) (string value)
1179#sasl_config_name =
1180
1181# SASL realm to use if no realm present in username (string value)
1182#sasl_default_realm =
1183
1184# DEPRECATED: User name for message broker authentication (string value)
1185# This option is deprecated for removal.
1186# Its value may be silently ignored in the future.
1187# Reason: Should use configuration option transport_url to provide the username.
1188#username =
1189
1190# DEPRECATED: Password for message broker authentication (string value)
1191# This option is deprecated for removal.
1192# Its value may be silently ignored in the future.
1193# Reason: Should use configuration option transport_url to provide the password.
1194#password =
1195
1196# Seconds to pause before attempting to re-connect. (integer value)
1197# Minimum value: 1
1198#connection_retry_interval = 1
1199
1200# Increase the connection_retry_interval by this many seconds after each
1201# unsuccessful failover attempt. (integer value)
1202# Minimum value: 0
1203#connection_retry_backoff = 2
1204
1205# Maximum limit for connection_retry_interval + connection_retry_backoff
1206# (integer value)
1207# Minimum value: 1
1208#connection_retry_interval_max = 30
1209
1210# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
1211# recoverable error. (integer value)
1212# Minimum value: 1
1213#link_retry_delay = 10
1214
1215# The maximum number of attempts to re-send a reply message which failed due to
1216# a recoverable error. (integer value)
1217# Minimum value: -1
1218#default_reply_retry = 0
1219
1220# The deadline for an rpc reply message delivery. (integer value)
1221# Minimum value: 5
1222#default_reply_timeout = 30
1223
1224# The deadline for an rpc cast or call message delivery. Only used when caller
1225# does not provide a timeout expiry. (integer value)
1226# Minimum value: 5
1227#default_send_timeout = 30
1228
1229# The deadline for a sent notification message delivery. Only used when caller
1230# does not provide a timeout expiry. (integer value)
1231# Minimum value: 5
1232#default_notify_timeout = 30
1233
1234# The duration to schedule a purge of idle sender links. Detach link after
1235# expiry. (integer value)
1236# Minimum value: 1
1237#default_sender_link_timeout = 600
1238
1239# Indicates the addressing mode used by the driver.
1240# Permitted values:
1241# 'legacy' - use legacy non-routable addressing
1242# 'routable' - use routable addresses
1243# 'dynamic' - use legacy addresses if the message bus does not support routing
1244# otherwise use routable addressing (string value)
1245#addressing_mode = dynamic
1246
1247# address prefix used when sending to a specific server (string value)
1248#server_request_prefix = exclusive
1249
1250# address prefix used when broadcasting to all servers (string value)
1251#broadcast_prefix = broadcast
1252
1253# address prefix when sending to any server in group (string value)
1254#group_request_prefix = unicast
1255
1256# Address prefix for all generated RPC addresses (string value)
1257#rpc_address_prefix = openstack.org/om/rpc
1258
1259# Address prefix for all generated Notification addresses (string value)
1260#notify_address_prefix = openstack.org/om/notify
1261
1262# Appended to the address prefix when sending a fanout message. Used by the
1263# message bus to identify fanout messages. (string value)
1264#multicast_address = multicast
1265
1266# Appended to the address prefix when sending to a particular RPC/Notification
1267# server. Used by the message bus to identify messages sent to a single
1268# destination. (string value)
1269#unicast_address = unicast
1270
1271# Appended to the address prefix when sending to a group of consumers. Used by
1272# the message bus to identify messages that should be delivered in a round-robin
1273# fashion across consumers. (string value)
1274#anycast_address = anycast
1275
1276# Exchange name used in notification addresses.
1277# Exchange name resolution precedence:
1278# Target.exchange if set
1279# else default_notification_exchange if set
1280# else control_exchange if set
1281# else 'notify' (string value)
1282#default_notification_exchange = <None>
1283
1284# Exchange name used in RPC addresses.
1285# Exchange name resolution precedence:
1286# Target.exchange if set
1287# else default_rpc_exchange if set
1288# else control_exchange if set
1289# else 'rpc' (string value)
1290#default_rpc_exchange = <None>
1291
1292# Window size for incoming RPC Reply messages. (integer value)
1293# Minimum value: 1
1294#reply_link_credit = 200
1295
1296# Window size for incoming RPC Request messages (integer value)
1297# Minimum value: 1
1298#rpc_server_credit = 100
1299
1300# Window size for incoming Notification messages (integer value)
1301# Minimum value: 1
1302#notify_server_credit = 100
1303
1304# Send messages of this type pre-settled.
1305# Pre-settled messages will not receive acknowledgement
1306# from the peer. Note well: pre-settled messages may be
1307# silently discarded if the delivery fails.
1308# Permitted values:
1309# 'rpc-call' - send RPC Calls pre-settled
1310# 'rpc-reply'- send RPC Replies pre-settled
1311# 'rpc-cast' - Send RPC Casts pre-settled
1312# 'notify' - Send Notifications pre-settled
1313# (multi valued)
1314#pre_settled = rpc-cast
1315#pre_settled = rpc-reply
1316
1317
1318[oslo_messaging_kafka]
1319
1320#
1321# From oslo.messaging
1322#
1323
1324# DEPRECATED: Default Kafka broker Host (string value)
1325# This option is deprecated for removal.
1326# Its value may be silently ignored in the future.
1327# Reason: Replaced by [DEFAULT]/transport_url
1328#kafka_default_host = localhost
1329
1330# DEPRECATED: Default Kafka broker Port (port value)
1331# Minimum value: 0
1332# Maximum value: 65535
1333# This option is deprecated for removal.
1334# Its value may be silently ignored in the future.
1335# Reason: Replaced by [DEFAULT]/transport_url
1336#kafka_default_port = 9092
1337
1338# Max fetch bytes of Kafka consumer (integer value)
1339#kafka_max_fetch_bytes = 1048576
1340
1341# Default timeout(s) for Kafka consumers (floating point value)
1342#kafka_consumer_timeout = 1.0
1343
1344# Pool Size for Kafka Consumers (integer value)
1345#pool_size = 10
1346
1347# The pool size limit for connections expiration policy (integer value)
1348#conn_pool_min_size = 2
1349
1350# The time-to-live in sec of idle connections in the pool (integer value)
1351#conn_pool_ttl = 1200
1352
1353# Group id for Kafka consumer. Consumers in one group will coordinate message
1354# consumption (string value)
1355#consumer_group = oslo_messaging_consumer
1356
1357# Upper bound on the delay for KafkaProducer batching in seconds (floating point
1358# value)
1359#producer_batch_timeout = 0.0
1360
1361# Size of batch for the producer async send (integer value)
1362#producer_batch_size = 16384
1363
1364
1365[oslo_messaging_notifications]
1366
1367#
1368# From oslo.messaging
1369#
1370
1371# The Drivers(s) to handle sending notifications. Possible values are messaging,
1372# messagingv2, routing, log, test, noop (multi valued)
1373# Deprecated group/name - [DEFAULT]/notification_driver
1374#driver =
1375
1376# A URL representing the messaging driver to use for notifications. If not set,
1377# we fall back to the same configuration used for RPC. (string value)
1378# Deprecated group/name - [DEFAULT]/notification_transport_url
1379#transport_url = <None>
1380
1381# AMQP topic used for OpenStack notifications. (list value)
1382# Deprecated group/name - [rpc_notifier2]/topics
1383# Deprecated group/name - [DEFAULT]/notification_topics
1384#topics = notifications
1385
1386# The maximum number of attempts to re-send a notification message which failed
1387# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
1388# (integer value)
1389#retry = -1
1390
1391
1392[oslo_messaging_rabbit]
1393
1394#
1395# From oslo.messaging
1396#
1397
1398# Use durable queues in AMQP. (boolean value)
1399# Deprecated group/name - [DEFAULT]/amqp_durable_queues
1400# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
1401#amqp_durable_queues = false
1402
1403# Auto-delete queues in AMQP. (boolean value)
1404#amqp_auto_delete = false
1405
1406# Enable SSL (boolean value)
1407#ssl = <None>
1408
1409# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
1410# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
1411# distributions. (string value)
1412# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version
1413#ssl_version =
1414
1415# SSL key file (valid only if SSL enabled). (string value)
1416# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile
1417#ssl_key_file =
1418
1419# SSL cert file (valid only if SSL enabled). (string value)
1420# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile
1421#ssl_cert_file =
1422
1423# SSL certification authority file (valid only if SSL enabled). (string value)
1424# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
1425#ssl_ca_file =
1426
1427# How long to wait before reconnecting in response to an AMQP consumer cancel
1428# notification. (floating point value)
1429#kombu_reconnect_delay = 1.0
1430
1431# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
1432# be used. This option may not be available in future versions. (string value)
1433#kombu_compression = <None>
1434
1435# How long to wait a missing client before abandoning to send it its replies.
1436# This value should not be longer than rpc_response_timeout. (integer value)
1437# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
1438#kombu_missing_consumer_retry_timeout = 60
1439
1440# Determines how the next RabbitMQ node is chosen in case the one we are
1441# currently connected to becomes unavailable. Takes effect only if more than one
1442# RabbitMQ node is provided in config. (string value)
1443# Allowed values: round-robin, shuffle
1444#kombu_failover_strategy = round-robin
1445
1446# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
1447# value)
1448# This option is deprecated for removal.
1449# Its value may be silently ignored in the future.
1450# Reason: Replaced by [DEFAULT]/transport_url
1451#rabbit_host = localhost
1452
1453# DEPRECATED: The RabbitMQ broker port where a single node is used. (port value)
1454# Minimum value: 0
1455# Maximum value: 65535
1456# This option is deprecated for removal.
1457# Its value may be silently ignored in the future.
1458# Reason: Replaced by [DEFAULT]/transport_url
1459#rabbit_port = 5672
1460
1461# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
1462# This option is deprecated for removal.
1463# Its value may be silently ignored in the future.
1464# Reason: Replaced by [DEFAULT]/transport_url
1465#rabbit_hosts = $rabbit_host:$rabbit_port
1466
1467# DEPRECATED: The RabbitMQ userid. (string value)
1468# This option is deprecated for removal.
1469# Its value may be silently ignored in the future.
1470# Reason: Replaced by [DEFAULT]/transport_url
1471#rabbit_userid = guest
1472
1473# DEPRECATED: The RabbitMQ password. (string value)
1474# This option is deprecated for removal.
1475# Its value may be silently ignored in the future.
1476# Reason: Replaced by [DEFAULT]/transport_url
1477#rabbit_password = guest
1478
1479# The RabbitMQ login method. (string value)
1480# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
1481#rabbit_login_method = AMQPLAIN
1482
1483# DEPRECATED: The RabbitMQ virtual host. (string value)
1484# This option is deprecated for removal.
1485# Its value may be silently ignored in the future.
1486# Reason: Replaced by [DEFAULT]/transport_url
1487#rabbit_virtual_host = /
1488
1489# How frequently to retry connecting with RabbitMQ. (integer value)
1490#rabbit_retry_interval = 1
1491
1492# How long to backoff for between retries when connecting to RabbitMQ. (integer
1493# value)
1494#rabbit_retry_backoff = 2
1495
1496# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
1497# (integer value)
1498#rabbit_interval_max = 30
1499
1500# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
1501# (infinite retry count). (integer value)
1502# This option is deprecated for removal.
1503# Its value may be silently ignored in the future.
1504#rabbit_max_retries = 0
1505
1506# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
1507# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
1508# is no longer controlled by the x-ha-policy argument when declaring a queue. If
1509# you just want to make sure that all queues (except those with auto-generated
1510# names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA
1511# '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
1512#rabbit_ha_queues = false
1513
1514# Positive integer representing duration in seconds for queue TTL (x-expires).
1515# Queues which are unused for the duration of the TTL are automatically deleted.
1516# The parameter affects only reply and fanout queues. (integer value)
1517# Minimum value: 1
1518#rabbit_transient_queues_ttl = 1800
1519
1520# Specifies the number of messages to prefetch. Setting to zero allows unlimited
1521# messages. (integer value)
1522#rabbit_qos_prefetch_count = 0
1523
1524# Number of seconds after which the Rabbit broker is considered down if
1525# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
1526# value)
1527#heartbeat_timeout_threshold = 60
1528
1529# How often times during the heartbeat_timeout_threshold we check the heartbeat.
1530# (integer value)
1531#heartbeat_rate = 2
1532
1533# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
1534#fake_rabbit = false
1535
1536# Maximum number of channels to allow (integer value)
1537#channel_max = <None>
1538
1539# The maximum byte size for an AMQP frame (integer value)
1540#frame_max = <None>
1541
1542# How often to send heartbeats for consumer's connections (integer value)
1543#heartbeat_interval = 3
1544
1545# Arguments passed to ssl.wrap_socket (dict value)
1546#ssl_options = <None>
1547
1548# Set socket timeout in seconds for connection's socket (floating point value)
1549#socket_timeout = 0.25
1550
1551# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating point value)
1552#tcp_user_timeout = 0.25
1553
1554# Set delay for reconnection to some host which has connection error (floating
1555# point value)
1556#host_connection_reconnect_delay = 0.25
1557
1558# Connection factory implementation (string value)
1559# Allowed values: new, single, read_write
1560#connection_factory = single
1561
1562# Maximum number of connections to keep queued. (integer value)
1563#pool_max_size = 30
1564
1565# Maximum number of connections to create above `pool_max_size`. (integer value)
1566#pool_max_overflow = 0
1567
1568# Default number of seconds to wait for a connections to available (integer
1569# value)
1570#pool_timeout = 30
1571
1572# Lifetime of a connection (since creation) in seconds or None for no recycling.
1573# Expired connections are closed on acquire. (integer value)
1574#pool_recycle = 600
1575
1576# Threshold at which inactive (since release) connections are considered stale
1577# in seconds or None for no staleness. Stale connections are closed on acquire.
1578# (integer value)
1579#pool_stale = 60
1580
1581# Default serialization mechanism for serializing/deserializing
1582# outgoing/incoming messages (string value)
1583# Allowed values: json, msgpack
1584#default_serializer_type = json
1585
1586# Persist notification messages. (boolean value)
1587#notification_persistence = false
1588
1589# Exchange name for sending notifications (string value)
1590#default_notification_exchange = ${control_exchange}_notification
1591
1592# Max number of not acknowledged message which RabbitMQ can send to notification
1593# listener. (integer value)
1594#notification_listener_prefetch_count = 100
1595
1596# Reconnecting retry count in case of connectivity problem during sending
1597# notification, -1 means infinite retry. (integer value)
1598#default_notification_retry_attempts = -1
1599
1600# Reconnecting retry delay in case of connectivity problem during sending
1601# notification message (floating point value)
1602#notification_retry_delay = 0.25
1603
1604# Time to live for rpc queues without consumers in seconds. (integer value)
1605#rpc_queue_expiration = 60
1606
1607# Exchange name for sending RPC messages (string value)
1608#default_rpc_exchange = ${control_exchange}_rpc
1609
1610# Exchange name for receiving RPC replies (string value)
1611#rpc_reply_exchange = ${control_exchange}_rpc_reply
1612
1613# Max number of not acknowledged message which RabbitMQ can send to rpc
1614# listener. (integer value)
1615#rpc_listener_prefetch_count = 100
1616
1617# Max number of not acknowledged message which RabbitMQ can send to rpc reply
1618# listener. (integer value)
1619#rpc_reply_listener_prefetch_count = 100
1620
1621# Reconnecting retry count in case of connectivity problem during sending reply.
1622# -1 means infinite retry during rpc_timeout (integer value)
1623#rpc_reply_retry_attempts = -1
1624
1625# Reconnecting retry delay in case of connectivity problem during sending reply.
1626# (floating point value)
1627#rpc_reply_retry_delay = 0.25
1628
1629# Reconnecting retry count in case of connectivity problem during sending RPC
1630# message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
1631# request could be processed more than one time (integer value)
1632#default_rpc_retry_attempts = -1
1633
1634# Reconnecting retry delay in case of connectivity problem during sending RPC
1635# message (floating point value)
1636#rpc_retry_delay = 0.25
1637
1638
1639[oslo_messaging_zmq]
1640
1641#
1642# From oslo.messaging
1643#
1644
1645# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
1646# The "host" option should point or resolve to this address. (string value)
1647#rpc_zmq_bind_address = *
1648
1649# MatchMaker driver. (string value)
1650# Allowed values: redis, sentinel, dummy
1651#rpc_zmq_matchmaker = redis
1652
1653# Number of ZeroMQ contexts, defaults to 1. (integer value)
1654#rpc_zmq_contexts = 1
1655
1656# Maximum number of ingress messages to locally buffer per topic. Default is
1657# unlimited. (integer value)
1658#rpc_zmq_topic_backlog = <None>
1659
1660# Directory for holding IPC sockets. (string value)
1661#rpc_zmq_ipc_dir = /var/run/openstack
1662
1663# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
1664# "host" option, if running Nova. (string value)
1665#rpc_zmq_host = localhost
1666
1667# Number of seconds to wait before all pending messages will be sent after
1668# closing a socket. The default value of -1 specifies an infinite linger period.
1669# The value of 0 specifies no linger period. Pending messages shall be discarded
1670# immediately when the socket is closed. Positive values specify an upper bound
1671# for the linger period. (integer value)
1672# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
1673#zmq_linger = -1
1674
1675# The default number of seconds that poll should wait. Poll raises timeout
1676# exception when timeout expired. (integer value)
1677#rpc_poll_timeout = 1
1678
1679# Expiration timeout in seconds of a name service record about existing target (
1680# < 0 means no timeout). (integer value)
1681#zmq_target_expire = 300
1682
1683# Update period in seconds of a name service record about existing target.
1684# (integer value)
1685#zmq_target_update = 180
1686
1687# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
1688# value)
1689#use_pub_sub = false
1690
1691# Use ROUTER remote proxy. (boolean value)
1692#use_router_proxy = false
1693
1694# This option makes direct connections dynamic or static. It makes sense only
1695# with use_router_proxy=False which means to use direct connections for direct
1696# message types (ignored otherwise). (boolean value)
1697#use_dynamic_connections = false
1698
1699# How many additional connections to a host will be made for failover reasons.
1700# This option is actual only in dynamic connections mode. (integer value)
1701#zmq_failover_connections = 2
1702
1703# Minimal port number for random ports range. (port value)
1704# Minimum value: 0
1705# Maximum value: 65535
1706#rpc_zmq_min_port = 49153
1707
1708# Maximal port number for random ports range. (integer value)
1709# Minimum value: 1
1710# Maximum value: 65536
1711#rpc_zmq_max_port = 65536
1712
1713# Number of retries to find free port number before fail with ZMQBindError.
1714# (integer value)
1715#rpc_zmq_bind_port_retries = 100
1716
1717# Default serialization mechanism for serializing/deserializing
1718# outgoing/incoming messages (string value)
1719# Allowed values: json, msgpack
1720#rpc_zmq_serialization = json
1721
1722# This option configures round-robin mode in zmq socket. True means not keeping
1723# a queue when server side disconnects. False means to keep queue and messages
1724# even if server is disconnected, when the server appears we send all
1725# accumulated messages to it. (boolean value)
1726#zmq_immediate = true
1727
1728# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
1729# other negative value) means to skip any overrides and leave it to OS default;
1730# 0 and 1 (or any other positive value) mean to disable and enable the option
1731# respectively. (integer value)
1732#zmq_tcp_keepalive = -1
1733
1734# The duration between two keepalive transmissions in idle condition. The unit
1735# is platform dependent, for example, seconds in Linux, milliseconds in Windows
1736# etc. The default value of -1 (or any other negative value and 0) means to skip
1737# any overrides and leave it to OS default. (integer value)
1738#zmq_tcp_keepalive_idle = -1
1739
1740# The number of retransmissions to be carried out before declaring that remote
1741# end is not available. The default value of -1 (or any other negative value and
1742# 0) means to skip any overrides and leave it to OS default. (integer value)
1743#zmq_tcp_keepalive_cnt = -1
1744
1745# The duration between two successive keepalive retransmissions, if
1746# acknowledgement to the previous keepalive transmission is not received. The
1747# unit is platform dependent, for example, seconds in Linux, milliseconds in
1748# Windows etc. The default value of -1 (or any other negative value and 0) means
1749# to skip any overrides and leave it to OS default. (integer value)
1750#zmq_tcp_keepalive_intvl = -1
1751
1752# Maximum number of (green) threads to work concurrently. (integer value)
1753#rpc_thread_pool_size = 100
1754
1755# Expiration timeout in seconds of a sent/received message after which it is not
1756# tracked anymore by a client/server. (integer value)
1757#rpc_message_ttl = 300
1758
1759# Wait for message acknowledgements from receivers. This mechanism works only
1760# via proxy without PUB/SUB. (boolean value)
1761#rpc_use_acks = false
1762
1763# Number of seconds to wait for an ack from a cast/call. After each retry
1764# attempt this timeout is multiplied by some specified multiplier. (integer
1765# value)
1766#rpc_ack_timeout_base = 15
1767
1768# Number to multiply base ack timeout by after each retry attempt. (integer
1769# value)
1770#rpc_ack_timeout_multiplier = 2
1771
1772# Default number of message sending attempts in case of any problems occurred:
1773# positive value N means at most N retries, 0 means no retries, None or -1 (or
1774# any other negative values) mean to retry forever. This option is used only if
1775# acknowledgments are enabled. (integer value)
1776#rpc_retry_attempts = 3
1777
1778# List of publisher hosts SubConsumer can subscribe on. This option has higher
1779# priority then the default publishers list taken from the matchmaker. (list
1780# value)
1781#subscribe_on =
1782
1783
1784[oslo_middleware]
1785
1786#
1787# From oslo.middleware
1788#
1789
1790# The maximum body size for each request, in bytes. (integer value)
1791# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
1792# Deprecated group/name - [DEFAULT]/max_request_body_size
1793#max_request_body_size = 114688
1794
1795# DEPRECATED: The HTTP Header that will be used to determine what the original
1796# request protocol scheme was, even if it was hidden by a SSL termination proxy.
1797# (string value)
1798# This option is deprecated for removal.
1799# Its value may be silently ignored in the future.
1800#secure_proxy_ssl_header = X-Forwarded-Proto
1801
1802# Whether the application is behind a proxy or not. This determines if the
1803# middleware should parse the headers or not. (boolean value)
1804#enable_proxy_headers_parsing = false
1805
1806
1807[oslo_policy]
1808
1809#
1810# From oslo.policy
1811#
1812
1813# The file that defines policies. (string value)
1814#policy_file = policy.json
1815
1816# Default rule. Enforced when a requested rule is not found. (string value)
1817#policy_default_rule = default
1818
1819# Directories where policy configuration files are stored. They can be relative
1820# to any directory in the search path defined by the config_dir option, or
1821# absolute paths. The file defined by policy_file must exist for these
1822# directories to be searched. Missing or empty directories are ignored. (multi
1823# valued)
1824#policy_dirs = policy.d
1825
1826
1827[oslo_versionedobjects]
1828
1829#
1830# From oslo.versionedobjects
1831#
1832
1833# Make exception message format errors fatal (boolean value)
1834#fatal_exception_format_errors = false
1835
1836
1837[ssl]
1838
1839#
1840# From masakari.conf
1841#
1842
1843# CA certificate file to use to verify connecting clients. (string value)
1844# Deprecated group/name - [DEFAULT]/ssl_ca_file
1845#ca_file = <None>
1846
1847# Certificate file to use when starting the server securely. (string value)
1848# Deprecated group/name - [DEFAULT]/ssl_cert_file
1849#cert_file = <None>
1850
1851# Private key file to use when starting the server securely. (string value)
1852# Deprecated group/name - [DEFAULT]/ssl_key_file
1853#key_file = <None>
1854
1855# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
1856# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
1857# distributions. (string value)
1858#version = <None>
1859
1860# Sets the list of available ciphers. value should be a string in the OpenSSL
1861# cipher list format. (string value)
1862#ciphers = <None>
1863
1864
1865[wsgi]
1866
1867#
1868# From masakari.conf
1869#
1870
1871# File name for the paste.deploy config for masakari-api (string value)
1872#api_paste_config = api-paste.ini
1873
1874# A python format string that is used as the template to generate log lines. The
1875# following values can be formatted into it: client_ip, date_time, request_line,
1876# status_code, body_length, wall_seconds. (string value)
1877#wsgi_log_format = %(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f
1878
1879# The HTTP header used to determine the scheme for the original request, even if
1880# it was removed by an SSL terminating proxy. Typical value is
1881# "HTTP_X_FORWARDED_PROTO". (string value)
1882#secure_proxy_ssl_header = <None>
1883
1884# CA certificate file to use to verify connecting clients (string value)
1885#ssl_ca_file = <None>
1886
1887# SSL certificate of API server (string value)
1888#ssl_cert_file = <None>
1889
1890# SSL private key of API server (string value)
1891#ssl_key_file = <None>
1892
1893# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not
1894# supported on OS X. (integer value)
1895#tcp_keepidle = 600
1896
1897# Size of the pool of greenthreads used by wsgi (integer value)
1898# Deprecated group/name - [DEFAULT]/wsgi_default_pool_size
1899#default_pool_size = 1000
1900
1901# Maximum line size of message headers to be accepted. max_header_line may need
1902# to be increased when using large tokens (typically those generated by the
1903# Keystone v3 API with big service catalogs). (integer value)
1904#max_header_line = 16384
1905
1906# If False, closes the client socket connection explicitly. (boolean value)
1907# Deprecated group/name - [DEFAULT]/wsgi_keep_alive
1908#keep_alive = true
1909
1910# Timeout for client connections' socket operations. If an incoming connection
1911# is idle for this number of seconds it will be closed. A value of '0' means
1912# wait forever. (integer value)
1913#client_socket_timeout = 900
diff --git a/doc/source/_static/masakari.policy.json.sample b/doc/source/_static/masakari.policy.json.sample
new file mode 100644
index 0000000..3ee6437
--- /dev/null
+++ b/doc/source/_static/masakari.policy.json.sample
@@ -0,0 +1,10 @@
1{
2 "admin_api": "is_admin:True",
3 "context_is_admin": "role:admin",
4 "admin_or_owner": "is_admin:True or project_id:%(project_id)s",
5 "default": "rule:admin_api",
6 "os_masakari_api:extensions": "rule:admin_api",
7 "os_masakari_api:segments": "rule:admin_api",
8 "os_masakari_api:os-hosts": "rule:admin_api",
9 "os_masakari_api:notifications": "rule:admin_api"
10}
diff --git a/doc/source/index.rst b/doc/source/index.rst
index b4c65d8..4916b32 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -57,6 +57,18 @@ masakari actually does, and why.
57 architecture 57 architecture
58 development.environment 58 development.environment
59 59
60Operator Guide
61==============
62
63This section will help you in configuring masakari mannualy.
64
65.. toctree::
66 :maxdepth: 1
67
68 operators_guide
69 sample_config
70 sample_policy
71
60Indices and tables 72Indices and tables
61================== 73==================
62 74
diff --git a/doc/source/masakari_overview.rst b/doc/source/masakari_overview.rst
new file mode 100644
index 0000000..2990f3e
--- /dev/null
+++ b/doc/source/masakari_overview.rst
@@ -0,0 +1,42 @@
1..
2 Copyright 2017 NTT DATA
3
4 Licensed under the Apache License, Version 2.0 (the "License"); you may
5 not use this file except in compliance with the License. You may obtain
6 a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 License for the specific language governing permissions and limitations
14 under the License.
15
16=========================
17Masakari service overview
18=========================
19
20Masakari provides a Virtual Machines High Availability(VMHA), and rescues a
21KVM-based Virtual Machines(VM) from a failure events of the following:
22
23* VM process down - restart vm (use nova stop API, and nova start API).
24 Libvirt events will be also emitted by other failures.
25* Provisioning process down - restarts process, changes nova-compute service
26 status to maintenance mode
27 (use nova service-disable).
28* nova-compute host failure - evacuate all the VMs from failure host to
29 reserved host (use nova evacuate API).
30
31The service enables deployers to integrate with the Masakari service
32directly or through custom plug-ins.
33
34The Masakari service consists of the following components:
35
36``masakari-api``
37 An OpenStack-native REST API that processes API requests by sending
38 them to the ``masakari-engine`` over `Remote Procedure Call (RPC)`.
39
40``masakari-engine``
41 Processes the notifications recevied from ``masakari-api`` by execcuting the
42 recovery workflow in asynchronus way.
diff --git a/doc/source/operators_guide.rst b/doc/source/operators_guide.rst
new file mode 100644
index 0000000..1941dfd
--- /dev/null
+++ b/doc/source/operators_guide.rst
@@ -0,0 +1,23 @@
1..
2 Copyright 2017 NTT DATA
3
4 Licensed under the Apache License, Version 2.0 (the "License"); you may
5 not use this file except in compliance with the License. You may obtain
6 a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 License for the specific language governing permissions and limitations
14 under the License.
15
16================
17Masakari Service
18================
19
20.. toctree::
21 :maxdepth: 1
22
23 masakari_overview
diff --git a/doc/source/sample_config.rst b/doc/source/sample_config.rst
new file mode 100644
index 0000000..7b1fbca
--- /dev/null
+++ b/doc/source/sample_config.rst
@@ -0,0 +1,54 @@
1==============================
2Masakari Configuration Options
3==============================
4
5The following is a sample Masakari configuration for adaptation and use. It is
6auto-generated from Masakari when this documentation is built, so
7if you are having issues with an option, please compare your version of
8Masakari with the version of this documentation.
9
10.. literalinclude:: _static/masakari.conf.sample
11
12Minimal Configuration
13=====================
14
15Edit the ``/etc/masakari/masakari.conf`` file and complete the following actions
16
17In the ``[DEFAULT]`` section, set following options:
18
19.. code-block:: bash
20
21 auth_strategy = keystone
22 masakari_topic = ha_engine
23 os_privileged_user_tenant = service
24 os_privileged_user_auth_url = http://controller/identity
25 os_privileged_user_name = nova
26 os_privileged_user_password = PRIVILEGED_USER_PASS
27
28Replace ``PRIVILEGED_USER_PASS`` with the password you chose for the privileged user in the
29Identity service.
30
31In the ``[database]`` section, configure database access:
32
33.. code-block:: bash
34
35 connection = mysql+pymysql://root:MASAKARI_DBPASS@controller/masakari?charset=utf8
36
37In the ``[keystone_authtoken]`` sections, configure Identity service access:
38
39.. code-block:: bash
40
41 auth_url = http://controller/identity
42 memcached_servers = controller:11211
43 signing_dir = /var/cache/masakari
44 project_domain_name = Default
45 user_domain_name = Default
46 project_name = service
47 username = masakari
48 password = MASAKARI_PASS
49 auth_type = password
50 cafile = /opt/stack/data/ca-bundle.pem
51
52Replace ``MASAKARI_PASS`` with the password you chose for the ``masakari`` user in the Identity service.
53
54
diff --git a/doc/source/sample_policy.rst b/doc/source/sample_policy.rst
new file mode 100644
index 0000000..dd409a7
--- /dev/null
+++ b/doc/source/sample_policy.rst
@@ -0,0 +1,9 @@
1===============
2Masakari Policy
3===============
4
5The following is a sample masakari policy file. Operator can configure policies
6as per his requirement. It is recommended that all api's of masakari should
7be allowed to admin user only.
8
9.. literalinclude:: _static/masakari.policy.json.sample