diff --git a/.zuul.yaml b/.zuul.yaml
deleted file mode 100644
index cd923a6..0000000
--- a/.zuul.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-- project:
- check:
- jobs:
- - ansible-role-k8s-keystone-kubernetes-centos
- - ansible-role-k8s-keystone-openshift-centos
-
-- job:
- name: ansible-role-k8s-keystone-kubernetes-centos
- parent: ansible-role-k8s-base
- nodeset: ansible-role-k8s-centos
- voting: false
- vars:
- coe: kubernetes
- project_name: ansible-role-k8s-keystone
- ansible_role_k8s_required:
- - ansible-role-k8s-mariadb
- required-projects:
- - openstack/ansible-role-k8s-mariadb
- - openstack/ansible-role-k8s-keystone
-
-- job:
- name: ansible-role-k8s-keystone-openshift-centos
- parent: ansible-role-k8s-base
- nodeset: ansible-role-k8s-centos
- voting: false
- vars:
- coe: openshift
- project_name: ansible-role-k8s-keystone
- ansible_role_k8s_required:
- - ansible-role-k8s-mariadb
- required-projects:
- - openstack/ansible-role-k8s-mariadb
- - openstack/ansible-role-k8s-keystone
diff --git a/LICENSE b/LICENSE
deleted file mode 100644
index 68c771a..0000000
--- a/LICENSE
+++ /dev/null
@@ -1,176 +0,0 @@
-
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
diff --git a/README.md b/README.md
index 821f234..86e34d6 100644
--- a/README.md
+++ b/README.md
@@ -1,34 +1,10 @@
-K8S Keystone
-=========
-[![Galaxy](https://img.shields.io/badge/galaxy-tripleo.k8s--keystone-blue.svg?style=flat)](https://galaxy.ansible.com/tripleo/k8s-keystone)
-[![Build Status](https://travis-ci.org/tripleo/ansible-role-k8s-keystone.svg?branch=master)](https://travis-ci.org/tripleo/ansible-role-k8s-keystone)
+This project is no longer maintained.
-Install Keystone in a Kubernetes cluster.
+The contents of this repository are still available in the Git
+source code management system. To see the contents of this
+repository before it reached its end of life, please check out the
+previous commit with "git checkout HEAD^1".
-Requirements
-------------
-
-Access to Kubernetes cluster
-
-Role Variables
---------------
-
-| Name | Default Value | Description |
-|-------------------|---------------------|----------------------|
-| `action` | `provision` | List of tasks to run. |
-| `coe_host` | | |
-| `coe_config_context` | | |
-| `coe_config_file` | | |
-
-
-Dependencies
-------------
-
-- `ansible.kubernetes-modules`
-
-Example Playbook
-----------------
-
- - hosts: all
- roles:
- - tripleo.k8s-keystone
+For any further questions, please email
+openstack-discuss@lists.openstack.org or join #openstack-dev on
+Freenode.
diff --git a/defaults/main.yml b/defaults/main.yml
deleted file mode 100644
index 4c10896..0000000
--- a/defaults/main.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-coe_host:
-coe_config_context:
-coe_config_file:
-action: provision
-namespace: openstack
-
-hiera_data: {}
-hiera_data_file: ''
-
-clouds_config: 'clouds-secret'
-
-keystone_hostname: "keystone"
-keystone_address: "{{keystone_hostname}}"
-keystone_use_service_ip: true
-
-mariadb_config:
- host: mariadb
- root_password: weakpassword
-
-keystone_mounts:
- - name: kolla-config
- mountPath: /var/lib/kolla/config_files/
- - name: keystone-fernet
- mountPath: /etc/keystone/fernet-keys
-
-keystone_mounts_extra: []
-
-keystone_volumes:
- - name: kolla-config
- config_map:
- name: keystone
- - name: keystone-fernet
- persistentVolumeClaim:
- claimName: keystone-fernet
-
-keystone_volumes_extra: []
-
-keystone_config:
- DEFAULT:
- public_bind_host: "0.0.0.0"
- database:
- connection: "mysql+pymysql://root:weakpassword@mariadb:3306/keystone"
- token:
- provider: "fernet"
-
- admin_username: 'admin'
- admin_role_name: 'admin'
- admin_project_name: 'admin'
- admin_service_name: 'keystone'
- admin_domain_name: 'Default'
- admin_password: 'weakpassword'
diff --git a/meta/main.yml b/meta/main.yml
deleted file mode 100644
index c66eac2..0000000
--- a/meta/main.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-galaxy_info:
- author: Flavio Percoco
- description:
- company: Red Hat
- license: Apache v2
- min_ansible_version: 2.3
-
- platforms:
- - name: EL
- versions:
- - 7
-
- galaxy_tags:
- - openstack
- - kubernetes
- - keystone
-
-dependencies:
- - role: ansible.kubernetes-modules
- install_python_requirements: no
-
-# NOTE(flaper87): We are vendoring config_template in ansible-role-k8s-tripleo
-# for now until it's split into its own package.
-# - role: openstack-ansible-plugins
-
- - role: ansible-role-k8s-tripleo
diff --git a/tasks/deprovision.yml b/tasks/deprovision.yml
deleted file mode 100644
index 8874250..0000000
--- a/tasks/deprovision.yml
+++ /dev/null
@@ -1,46 +0,0 @@
-- name: Delete keystone fernet job
- k8s_v1_job:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: keystone-fernet
- namespace: "{{namespace}}"
- state: absent
-
-- name: Delete keystone db-sync job
- k8s_v1_job:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: keystone-db-sync
- namespace: "{{namespace}}"
- state: absent
-
-- name: Delete keystone deployment
- k8s_v1beta1_deployment:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: keystone-api
- namespace: "{{namespace}}"
- state: absent
-
-- name: Delete keystone service
- k8s_v1_service:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: keystone
- namespace: "{{namespace}}"
- state: absent
-
-- name: Delete keystone configmaps
- ignore_errors: yes
- k8s_v1_config_map:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: keystone
- namespace: "{{namespace}}"
- state: absent
- debug: yes
diff --git a/tasks/hiera.yml b/tasks/hiera.yml
deleted file mode 100644
index 2ab9b9e..0000000
--- a/tasks/hiera.yml
+++ /dev/null
@@ -1,55 +0,0 @@
-- name: Translate hieradata
- include_role:
- name: 'ansible-role-k8s-tripleo'
- vars:
- hieradata: '{{hiera_data}}'
- hieradata_file: '{{hiera_data_file}}'
- schema:
- # NOTE(flaper87): Needed for bootstrap
- # operations
- keystone::admin_password: admin_password
- keystone::db::mysql::dbname: db.db_name
- keystone::db::mysql::host: db.host
- keystone::db::mysql::password: db.password
- keystone::db::mysql::user: db.user
-
- keystone::admin_token: DEFAULT.admin_token
- keystone::admin_workers: eventlet_server.admin_workers
- keystone::public_workers: eventlet_server.public_workers
- keystone::public_bind_host: eventlet_server.public_bind_host
- keystone::admin_bind_host: eventlet_server.admin_bind_host
- keystone::public_endpoint: DEFAULT.admin_bind_host
-
- keystone_ca_certificate: signing.ca_certs
- keystone_signing_key: signing.keyfile
- keystone_signing_certificate: signing.certfile
- keystone::database_connection: database.connection
- keystone::token_expiration: token.expiration
- keystone::fernet_max_active_keys: fernet_tokens.max_active_keys
-
- keystone::wsgi::apache::ssl: ssl.enable
-
- keystone::notification_driver: oslo_messaging_notifications.driver
- keystone::notification_topics: oslo_messaging_notifications.topics
-
- keystone::rabbit_userid: oslo_messaging_rabbit.rabbit_userid
- keystone::rabbit_password: oslo_messaging_rabbit.rabbit_password
- keystone::rabbit_host: oslo_messaging_rabbit.rabbit_host
- default: '{{keystone_config}}'
- fact_variable: 'keystone_config'
-
-
-# ?
-# keystone::cron::token_flush::destination: '/dev/null'
-# keystone::roles::admin::password: 211937d10baf281179d64c64533af6fcc1aa7475
-# keystone::roles::admin::email: 'root@localhost'
-# keystone::roles::admin::admin_tenant: 'admin'
-# keystone::roles::admin::service_tenant: 'service'
-# keystone::endpoint::public_url: http://192.168.24.1:5000
-# keystone::endpoint::internal_url: http://192.168.24.1:5000
-# keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}"
-# keystone::endpoint::region: "%{hiera('keystone_region')}"
-# keystone::endpoint::version: ''
-# keystone::wsgi::apache::bind_host: 192.168.24.1
-# keystone::enable_credential_setup: true
-# keystone::fernet_max_active_keys: 2
diff --git a/tasks/main.yml b/tasks/main.yml
deleted file mode 100644
index ef1ef4f..0000000
--- a/tasks/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-- include: "{{ action }}.yml"
diff --git a/tasks/provision.yml b/tasks/provision.yml
deleted file mode 100644
index 564bced..0000000
--- a/tasks/provision.yml
+++ /dev/null
@@ -1,276 +0,0 @@
-- name: Upload config files
- template:
- src: "{{item}}"
- dest: /tmp/{{item}}
- backup: yes
- mode: 0644
- with_items:
- - httpd.conf
- - httpd-keystone-main.conf
- - httpd-keystone-admin.conf
-
-- include: hiera.yml
-
-- name: Generate config files
- config_template:
- src: base.conf.j2
- dest: /tmp/keystone.conf
- config_overrides: '{{keystone_config}}'
- config_type: ini
-
-- name: Read configs into memory
- slurp:
- src: "/tmp/httpd-keystone-main.conf"
- register: "httpd_keystone_main_conf"
-
-- name: Read configs into memory
- slurp:
- src: "/tmp/httpd-keystone-admin.conf"
- register: "httpd_keystone_admin_conf"
-
-- name: Read configs into memory
- slurp:
- src: "/tmp/httpd.conf"
- register: "httpd_conf"
-
-- name: Read configs into memory
- slurp:
- src: "/tmp/keystone.conf"
- register: "keystone_conf"
-
-- name: Create keystone configmaps
- ignore_errors: yes
- k8s_v1_config_map:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: keystone
- namespace: "{{namespace}}"
- state: present
- debug: yes
- labels:
- service: keystone
- data:
- config.json: |
- {
- "command": "/usr/sbin/httpd -DFOREGROUND",
- "config_files": [
- {
- "dest": "/etc/httpd/conf/httpd.conf",
- "owner": "root",
- "perm": "0644",
- "source": "/var/lib/kolla/config_files/httpd.conf"
- },
- {
- "dest": "/etc/keystone/keystone.conf",
- "owner": "keystone",
- "perm": "0644",
- "source": "/var/lib/kolla/config_files/keystone.conf"
- },
- {
- "dest": "/etc/httpd/conf.d/10-keystone-main.conf",
- "owner": "root",
- "perm": "0644",
- "source": "/var/lib/kolla/config_files/httpd-keystone-main.conf"
- },
- {
- "dest": "/etc/httpd/conf.d/10-keystone-admin.conf",
- "owner": "root",
- "perm": "0644",
- "source": "/var/lib/kolla/config_files/httpd-keystone-admin.conf"
- }
- ]
- }
- keystone.conf: |
- {{keystone_conf['content'] | b64decode}}
- httpd.conf: |
- {{httpd_conf['content'] | b64decode}}
- httpd-keystone-main.conf: |
- {{httpd_keystone_main_conf['content'] | b64decode}}
- httpd-keystone-admin.conf: |
- {{httpd_keystone_admin_conf['content'] | b64decode}}
-
-- name: Create keystone database
- include_role:
- name: ansible-role-k8s-tripleo
- tasks_from: create-database
- vars:
- database_name: 'keystone'
-
-# NOTE(flaper87): Requesting a PVC should probably not be the default, explore
-# using secrets for the fernet keys
-- name: Create keystone PVC
- k8s_v1_persistent_volume_claim:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: keystone-fernet
- namespace: "{{namespace}}"
- state: present
- spec_access_modes:
- - ReadWriteMany
- spec_storage_class_name: slow
- spec_resources_requests:
- storage: 1Gi
-
-- name: Create keystone job
- k8s_v1_job:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: keystone-db-sync
- namespace: "{{namespace}}"
- state: present
- restart_policy: OnFailure
- containers:
- - image: tripleoupstream/centos-binary-keystone
- name: keystone-db-sync
- env:
- - name: KOLLA_CONFIG_STRATEGY
- value: COPY_ALWAYS
- - name: KOLLA_BOOTSTRAP
- value: ''
- volume_mounts: "{{keystone_mounts + keystone_mounts_extra}}"
- volumes: "{{keystone_volumes + keystone_volumes_extra}}"
- state: present
-
-- name: Keystone fernet bootstrap
- k8s_v1_job:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: keystone-fernet
- namespace: "{{namespace}}"
- state: present
- restart_policy: OnFailure
- containers:
- - image: tripleoupstream/centos-binary-keystone-fernet
- name: keystone-fernet-bootstrap
- command: ["kolla_keystone_bootstrap", "keystone", "keystone"]
- env:
- - name: KOLLA_CONFIG_STRATEGY
- value: COPY_ALWAYS
- volume_mounts: "{{keystone_mounts + keystone_mounts_extra}}"
- volumes: "{{keystone_volumes + keystone_volumes_extra}}"
- state: present
-
-- name: Create keystone service
- k8s_v1_service:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: "{{keystone_hostname}}"
- namespace: "{{namespace}}"
- state: present
- ports:
- - port: 5000
- name: keystone-api-public
- - port: 35357
- name: keystone-api-admin
- selector:
- app: keystone-api
- register: keystone_service
-
-- set_fact:
- keystone_address: "{{keystone_service.service.spec.cluster_ip}}"
- when: keystone_use_service_ip
-
-- name: Keystone bootstrap
- k8s_v1_job:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: keystone-bootstrap
- namespace: "{{namespace}}"
- state: present
- restart_policy: OnFailure
- containers:
- - image: tripleoupstream/centos-binary-keystone
- name: keystone-bootstrap
- # NOTE(flaper87): We might want to set bootstrap URLs, project name, etc
- command:
- - keystone-manage
- - --config-file
- - /var/lib/kolla/config_files/keystone.conf
- - bootstrap
- - --bootstrap-username
- - '{{keystone_config.admin_username}}'
- - --bootstrap-password
- - '{{keystone_config.admin_password}}'
- - --bootstrap-role-name
- - '{{keystone_config.admin_role_name}}'
- - --bootstrap-project-name
- - '{{keystone_config.admin_project_name}}'
- - --bootstrap-service-name
- - '{{keystone_config.admin_service_name}}'
- - --bootstrap-admin-url
- - "http://{{keystone_address}}:35357/v3"
- - --bootstrap-internal-url
- - "http://{{keystone_address}}:5000/v3"
- - --bootstrap-public-url
- - "http://{{keystone_address}}:5000/v3"
- - --bootstrap-region-id
- - RegionOne
- env:
- - name: KOLLA_CONFIG_STRATEGY
- value: COPY_ALWAYS
- - name: KOLLA_BOOTSTRAP
- value: ''
- volume_mounts: "{{keystone_mounts + keystone_mounts_extra}}"
- volumes: "{{keystone_volumes + keystone_volumes_extra}}"
- state: present
-
-- name: Create keystone deployment
- k8s_apps_v1beta1_deployment:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: keystone-api
- namespace: "{{namespace}}"
- replicas: 1
- spec_revision_history_limit: 3
- spec_template_metadata_labels:
- app: keystone-api
- containers:
- - name: keystone-api
- image: tripleoupstream/centos-binary-keystone
- imagePullPolicy: IfNotPresent
- env:
- - name: KOLLA_CONFIG_STRATEGY
- value: COPY_ALWAYS
- - name: KOLLA_KUBERNETES
- value: ""
- ports:
- - name: api-public
- containerPort: 5000
- - name: api-admin
- containerPort: 35357
- volume_mounts: "{{keystone_mounts + keystone_mounts_extra}}"
- volumes: "{{keystone_volumes + keystone_volumes_extra}}"
- state: present
- register: create_service
-
-- set_fact:
- clouds_yaml: |
- clouds:
- {{namespace}}:
- region_name: RegionOne
- identity_api_version: 3
- auth:
- username: '{{keystone_config.admin_username}}'
- password: '{{keystone_config.admin_password}}'
- project_name: '{{keystone_config.admin_project_name}}'
- user_domain_name: '{{keystone_config.admin_domain_name}}'
- project_domain_name: '{{keystone_config.admin_domain_name}}'
- auth_url: 'http://keystone:5000/v3'
-
-- name: Create keystone secrets
- k8s_v1_secret:
- host: "{{coe_host}}"
- context: "{{coe_config_context}}"
- kubeconfig: "{{coe_config_file}}"
- name: '{{clouds_config}}'
- namespace: "{{namespace}}"
- state: present
- data:
- clouds.yaml: "{{clouds_yaml | b64encode}}"
diff --git a/templates/base.conf.j2 b/templates/base.conf.j2
deleted file mode 100644
index e69de29..0000000
diff --git a/templates/httpd-keystone-admin.conf b/templates/httpd-keystone-admin.conf
deleted file mode 100644
index 1dd79a9..0000000
--- a/templates/httpd-keystone-admin.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-
- ## Vhost docroot
- DocumentRoot "/var/www/cgi-bin/keystone"
-
- ## Directories, there should at least be a declaration for /var/www/cgi-bin/keystone
-
-
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Require all granted
-
-
- ## Logging
- # ErrorLog "/var/log/httpd/keystone_wsgi_admin_error.log"
- ServerSignature Off
- # CustomLog "/var/log/httpd/keystone_wsgi_admin_access.log" combined
- WSGIApplicationGroup %{GLOBAL}
- WSGIDaemonProcess keystone_admin display-name=keystone-admin group=keystone processes=2 threads=1 user=keystone
- WSGIProcessGroup keystone_admin
- WSGIScriptAlias / "/var/www/cgi-bin/keystone/admin"
- WSGIPassAuthorization On
-
\ No newline at end of file
diff --git a/templates/httpd-keystone-main.conf b/templates/httpd-keystone-main.conf
deleted file mode 100644
index 860d06e..0000000
--- a/templates/httpd-keystone-main.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-
- ## Vhost docroot
- DocumentRoot "/var/www/cgi-bin/keystone"
-
- ## Directories, there should at least be a declaration for /var/www/cgi-bin/keystone
-
-
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Require all granted
-
-
- ## Logging
- # ErrorLog "/var/log/httpd/keystone_wsgi_main_error.log"
- ServerSignature Off
- # CustomLog "/var/log/httpd/keystone_wsgi_main_access.log" combined
- WSGIApplicationGroup %{GLOBAL}
- WSGIDaemonProcess keystone_main display-name=keystone-main group=keystone processes=2 threads=1 user=keystone
- WSGIProcessGroup keystone_main
- WSGIScriptAlias / "/var/www/cgi-bin/keystone/main"
- WSGIPassAuthorization On
-
diff --git a/templates/httpd.conf b/templates/httpd.conf
deleted file mode 100644
index b12f584..0000000
--- a/templates/httpd.conf
+++ /dev/null
@@ -1,113 +0,0 @@
-Listen *:5000
-Listen *:35357
-
-ServerRoot "/etc/httpd"
-DocumentRoot "/var/www/html"
-User apache
-Group apache
-
-Include conf.modules.d/*.conf
-
-
- AllowOverride none
- Require all denied
-
-
-
- AllowOverride None
- # Allow open access:
- Require all granted
-
-
-
- AllowOverride None
- Options None
- Require all granted
-
-
-
- DirectoryIndex index.html
-
-
-
- Require all denied
-
-
-ErrorLog /dev/stderr
-
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- LogFormat "%h %l %u %t \"%r\" %>s %b" common
-
-
- # You need to enable mod_logio.c to use %I and %O
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
-
-
- CustomLog /dev/stdout combined
-
-
-
- #
- # TypesConfig points to the file containing the list of mappings from
- # filename extension to MIME-type.
- #
- TypesConfig /etc/mime.types
-
- #
- # AddType allows you to add to or override the MIME configuration
- # file specified in TypesConfig for specific file types.
- #
- #AddType application/x-gzip .tgz
- #
- # AddEncoding allows you to have certain browsers uncompress
- # information on the fly. Note: Not all browsers support this.
- #
- #AddEncoding x-compress .Z
- #AddEncoding x-gzip .gz .tgz
- #
- # If the AddEncoding directives above are commented-out, then you
- # probably should define those extensions to indicate media types:
- #
- AddType application/x-compress .Z
- AddType application/x-gzip .gz .tgz
-
- #
- # AddHandler allows you to map certain file extensions to "handlers":
- # actions unrelated to filetype. These can be either built into the server
- # or added with the Action directive (see below)
- #
- # To use CGI scripts outside of ScriptAliased directories:
- # (You will also need to add "ExecCGI" to the "Options" directive.)
- #
- #AddHandler cgi-script .cgi
-
- # For type maps (negotiated resources):
- #AddHandler type-map var
-
- #
- # Filters allow you to process content before it is sent to the client.
- #
- # To parse .shtml files for server-side includes (SSI):
- # (You will also need to add "Includes" to the "Options" directive.)
- #
- AddType text/html .shtml
- AddOutputFilter INCLUDES .shtml
-
-
-AddDefaultCharset UTF-8
-
-
- #
- # The mod_mime_magic module allows the server to use various hints from the
- # contents of the file itself to determine its type. The MIMEMagicFile
- # directive tells the module where the hint definitions are located.
- #
- MIMEMagicFile conf/magic
-
-
-EnableSendfile on
-
-# Supplemental configuration
-#
-# Load config files in the "/etc/httpd/conf.d" directory, if any.
-IncludeOptional conf.d/*.conf
\ No newline at end of file
diff --git a/templates/keystone-schema.yaml b/templates/keystone-schema.yaml
deleted file mode 100644
index dd5dbca..0000000
--- a/templates/keystone-schema.yaml
+++ /dev/null
@@ -1,12323 +0,0 @@
-deprecated_options:
- DATABASE:
- - name: sql_connection
- replacement_group: database
- replacement_name: connection
- - name: sql_idle_timeout
- replacement_group: database
- replacement_name: idle_timeout
- - name: sql_min_pool_size
- replacement_group: database
- replacement_name: min_pool_size
- - name: sql_max_pool_size
- replacement_group: database
- replacement_name: max_pool_size
- - name: sql_max_retries
- replacement_group: database
- replacement_name: max_retries
- - name: reconnect_interval
- replacement_group: database
- replacement_name: retry_interval
- - name: sqlalchemy_max_overflow
- replacement_group: database
- replacement_name: max_overflow
- - name: sqlalchemy_pool_timeout
- replacement_group: database
- replacement_name: pool_timeout
- DEFAULT:
- - name: rpc_conn_pool_size
- replacement_group: DEFAULT
- replacement_name: rpc_conn_pool_size
- - name: rpc_zmq_bind_address
- replacement_group: DEFAULT
- replacement_name: rpc_zmq_bind_address
- - name: rpc_zmq_matchmaker
- replacement_group: DEFAULT
- replacement_name: rpc_zmq_matchmaker
- - name: rpc_zmq_contexts
- replacement_group: DEFAULT
- replacement_name: rpc_zmq_contexts
- - name: rpc_zmq_topic_backlog
- replacement_group: DEFAULT
- replacement_name: rpc_zmq_topic_backlog
- - name: rpc_zmq_ipc_dir
- replacement_group: DEFAULT
- replacement_name: rpc_zmq_ipc_dir
- - name: rpc_zmq_host
- replacement_group: DEFAULT
- replacement_name: rpc_zmq_host
- - name: rpc_cast_timeout
- replacement_group: DEFAULT
- replacement_name: zmq_linger
- - name: rpc_poll_timeout
- replacement_group: DEFAULT
- replacement_name: rpc_poll_timeout
- - name: zmq_target_expire
- replacement_group: DEFAULT
- replacement_name: zmq_target_expire
- - name: zmq_target_update
- replacement_group: DEFAULT
- replacement_name: zmq_target_update
- - name: use_pub_sub
- replacement_group: DEFAULT
- replacement_name: use_pub_sub
- - name: use_router_proxy
- replacement_group: DEFAULT
- replacement_name: use_router_proxy
- - name: rpc_zmq_min_port
- replacement_group: DEFAULT
- replacement_name: rpc_zmq_min_port
- - name: rpc_zmq_max_port
- replacement_group: DEFAULT
- replacement_name: rpc_zmq_max_port
- - name: rpc_zmq_bind_port_retries
- replacement_group: DEFAULT
- replacement_name: rpc_zmq_bind_port_retries
- - name: rpc_zmq_serialization
- replacement_group: DEFAULT
- replacement_name: rpc_zmq_serialization
- - name: rpc_thread_pool_size
- replacement_group: DEFAULT
- replacement_name: executor_thread_pool_size
- - name: log_config
- replacement_group: DEFAULT
- replacement_name: log-config-append
- - name: logfile
- replacement_group: DEFAULT
- replacement_name: log-file
- - name: logdir
- replacement_group: DEFAULT
- replacement_name: log-dir
- - name: rpc_zmq_bind_address
- replacement_group: oslo_messaging_zmq
- replacement_name: rpc_zmq_bind_address
- - name: rpc_zmq_matchmaker
- replacement_group: oslo_messaging_zmq
- replacement_name: rpc_zmq_matchmaker
- - name: rpc_zmq_contexts
- replacement_group: oslo_messaging_zmq
- replacement_name: rpc_zmq_contexts
- - name: rpc_zmq_topic_backlog
- replacement_group: oslo_messaging_zmq
- replacement_name: rpc_zmq_topic_backlog
- - name: rpc_zmq_ipc_dir
- replacement_group: oslo_messaging_zmq
- replacement_name: rpc_zmq_ipc_dir
- - name: rpc_zmq_host
- replacement_group: oslo_messaging_zmq
- replacement_name: rpc_zmq_host
- - name: rpc_cast_timeout
- replacement_group: oslo_messaging_zmq
- replacement_name: zmq_linger
- - name: rpc_poll_timeout
- replacement_group: oslo_messaging_zmq
- replacement_name: rpc_poll_timeout
- - name: zmq_target_expire
- replacement_group: oslo_messaging_zmq
- replacement_name: zmq_target_expire
- - name: zmq_target_update
- replacement_group: oslo_messaging_zmq
- replacement_name: zmq_target_update
- - name: use_pub_sub
- replacement_group: oslo_messaging_zmq
- replacement_name: use_pub_sub
- - name: use_router_proxy
- replacement_group: oslo_messaging_zmq
- replacement_name: use_router_proxy
- - name: rpc_zmq_min_port
- replacement_group: oslo_messaging_zmq
- replacement_name: rpc_zmq_min_port
- - name: rpc_zmq_max_port
- replacement_group: oslo_messaging_zmq
- replacement_name: rpc_zmq_max_port
- - name: rpc_zmq_bind_port_retries
- replacement_group: oslo_messaging_zmq
- replacement_name: rpc_zmq_bind_port_retries
- - name: rpc_zmq_serialization
- replacement_group: oslo_messaging_zmq
- replacement_name: rpc_zmq_serialization
- - name: notification_driver
- replacement_group: oslo_messaging_notifications
- replacement_name: driver
- - name: notification_transport_url
- replacement_group: oslo_messaging_notifications
- replacement_name: transport_url
- - name: notification_topics
- replacement_group: oslo_messaging_notifications
- replacement_name: topics
- - name: amqp_durable_queues
- replacement_group: oslo_messaging_rabbit
- replacement_name: amqp_durable_queues
- - name: rabbit_durable_queues
- replacement_group: oslo_messaging_rabbit
- replacement_name: amqp_durable_queues
- - name: amqp_auto_delete
- replacement_group: oslo_messaging_rabbit
- replacement_name: amqp_auto_delete
- - name: kombu_reconnect_delay
- replacement_group: oslo_messaging_rabbit
- replacement_name: kombu_reconnect_delay
- - name: rabbit_host
- replacement_group: oslo_messaging_rabbit
- replacement_name: rabbit_host
- - name: rabbit_port
- replacement_group: oslo_messaging_rabbit
- replacement_name: rabbit_port
- - name: rabbit_hosts
- replacement_group: oslo_messaging_rabbit
- replacement_name: rabbit_hosts
- - name: rabbit_userid
- replacement_group: oslo_messaging_rabbit
- replacement_name: rabbit_userid
- - name: rabbit_password
- replacement_group: oslo_messaging_rabbit
- replacement_name: rabbit_password
- - name: rabbit_login_method
- replacement_group: oslo_messaging_rabbit
- replacement_name: rabbit_login_method
- - name: rabbit_virtual_host
- replacement_group: oslo_messaging_rabbit
- replacement_name: rabbit_virtual_host
- - name: rabbit_retry_backoff
- replacement_group: oslo_messaging_rabbit
- replacement_name: rabbit_retry_backoff
- - name: rabbit_max_retries
- replacement_group: oslo_messaging_rabbit
- replacement_name: rabbit_max_retries
- - name: rabbit_ha_queues
- replacement_group: oslo_messaging_rabbit
- replacement_name: rabbit_ha_queues
- - name: fake_rabbit
- replacement_group: oslo_messaging_rabbit
- replacement_name: fake_rabbit
- - name: bind_host
- replacement_group: eventlet_server
- replacement_name: public_bind_host
- - name: public_bind_host
- replacement_group: eventlet_server
- replacement_name: public_bind_host
- - name: public_port
- replacement_group: eventlet_server
- replacement_name: public_port
- - name: bind_host
- replacement_group: eventlet_server
- replacement_name: admin_bind_host
- - name: admin_bind_host
- replacement_group: eventlet_server
- replacement_name: admin_bind_host
- - name: admin_port
- replacement_group: eventlet_server
- replacement_name: admin_port
- - name: policy_file
- replacement_group: oslo_policy
- replacement_name: policy_file
- - name: policy_default_rule
- replacement_group: oslo_policy
- replacement_name: policy_default_rule
- - name: policy_dirs
- replacement_group: oslo_policy
- replacement_name: policy_dirs
- - name: osapi_max_request_body_size
- replacement_group: oslo_middleware
- replacement_name: max_request_body_size
- - name: max_request_body_size
- replacement_group: oslo_middleware
- replacement_name: max_request_body_size
- - name: sqlite_synchronous
- replacement_group: database
- replacement_name: sqlite_synchronous
- - name: db_backend
- replacement_group: database
- replacement_name: backend
- - name: sql_connection
- replacement_group: database
- replacement_name: connection
- - name: sql_idle_timeout
- replacement_group: database
- replacement_name: idle_timeout
- - name: sql_min_pool_size
- replacement_group: database
- replacement_name: min_pool_size
- - name: sql_max_pool_size
- replacement_group: database
- replacement_name: max_pool_size
- - name: sql_max_retries
- replacement_group: database
- replacement_name: max_retries
- - name: sql_retry_interval
- replacement_group: database
- replacement_name: retry_interval
- - name: sql_max_overflow
- replacement_group: database
- replacement_name: max_overflow
- - name: sql_connection_debug
- replacement_group: database
- replacement_name: connection_debug
- - name: sql_connection_trace
- replacement_group: database
- replacement_name: connection_trace
- amqp1:
- - name: container_name
- replacement_group: oslo_messaging_amqp
- replacement_name: container_name
- - name: idle_timeout
- replacement_group: oslo_messaging_amqp
- replacement_name: idle_timeout
- - name: trace
- replacement_group: oslo_messaging_amqp
- replacement_name: trace
- - name: ssl_ca_file
- replacement_group: oslo_messaging_amqp
- replacement_name: ssl_ca_file
- - name: ssl_cert_file
- replacement_group: oslo_messaging_amqp
- replacement_name: ssl_cert_file
- - name: ssl_key_file
- replacement_group: oslo_messaging_amqp
- replacement_name: ssl_key_file
- - name: ssl_key_password
- replacement_group: oslo_messaging_amqp
- replacement_name: ssl_key_password
- - name: allow_insecure_clients
- replacement_group: oslo_messaging_amqp
- replacement_name: allow_insecure_clients
- - name: sasl_mechanisms
- replacement_group: oslo_messaging_amqp
- replacement_name: sasl_mechanisms
- - name: sasl_config_dir
- replacement_group: oslo_messaging_amqp
- replacement_name: sasl_config_dir
- - name: sasl_config_name
- replacement_group: oslo_messaging_amqp
- replacement_name: sasl_config_name
- - name: username
- replacement_group: oslo_messaging_amqp
- replacement_name: username
- - name: password
- replacement_group: oslo_messaging_amqp
- replacement_name: password
- - name: server_request_prefix
- replacement_group: oslo_messaging_amqp
- replacement_name: server_request_prefix
- - name: broadcast_prefix
- replacement_group: oslo_messaging_amqp
- replacement_name: broadcast_prefix
- - name: group_request_prefix
- replacement_group: oslo_messaging_amqp
- replacement_name: group_request_prefix
- assignment:
- - name: caching
- replacement_group: resource
- replacement_name: caching
- - name: cache_time
- replacement_group: resource
- replacement_name: cache_time
- - name: list_limit
- replacement_group: resource
- replacement_name: list_limit
- oslo_messaging_rabbit:
- - name: kombu_ssl_version
- replacement_group: oslo_messaging_rabbit
- replacement_name: ssl_version
- - name: kombu_ssl_keyfile
- replacement_group: oslo_messaging_rabbit
- replacement_name: ssl_key_file
- - name: kombu_ssl_certfile
- replacement_group: oslo_messaging_rabbit
- replacement_name: ssl_cert_file
- - name: kombu_ssl_ca_certs
- replacement_group: oslo_messaging_rabbit
- replacement_name: ssl_ca_file
- - name: kombu_reconnect_timeout
- replacement_group: oslo_messaging_rabbit
- replacement_name: kombu_missing_consumer_retry_timeout
- profiler:
- - name: profiler_enabled
- replacement_group: profiler
- replacement_name: enabled
- rpc_notifier2:
- - name: topics
- replacement_group: oslo_messaging_notifications
- replacement_name: topics
- sql:
- - name: connection
- replacement_group: database
- replacement_name: connection
- - name: idle_timeout
- replacement_group: database
- replacement_name: idle_timeout
- token:
- - name: revocation_cache_time
- replacement_group: revoke
- replacement_name: cache_time
-generator_options:
- config_dir: []
- config_file:
- - config-generator/keystone.conf
- format_: yaml
- minimal: false
- namespace:
- - keystone
- - oslo.cache
- - oslo.log
- - oslo.messaging
- - oslo.policy
- - oslo.db
- - oslo.middleware
- - osprofiler
- output_file: keystone-schema.yaml
- summarize: false
- wrap_width: 79
-options:
- DEFAULT:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: admin_token
- help: Using this feature is *NOT* recommended. Instead, use the `keystone-manage
- bootstrap` command. The value of this option is treated as a "shared secret"
- that can be used to bootstrap Keystone through the API. This "token" does
- not represent a user (it has no identity), and carries no explicit authorization
- (it effectively bypasses most authorization checks). If set to `None`, the
- value is ignored and the `admin_token` middleware is effectively disabled.
- However, to completely disable `admin_token` in production (highly recommended,
- as it presents a security risk), remove `AdminTokenAuthMiddleware` (the `admin_token_auth`
- filter) from your paste application pipelines (for example, in `keystone-paste.ini`).
- max: null
- metavar: null
- min: null
- mutable: false
- name: admin_token
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: true
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: public_endpoint
- help: 'The base public endpoint URL for Keystone that is advertised to clients
- (NOTE: this does NOT affect how Keystone listens for connections). Defaults
- to the base host URL of the request. For example, if keystone receives a request
- to `http://server:5000/v3/users`, then this will option will be automatically
- treated as `http://server:5000`. You should only need to set option if either
- the value of the base URL contains a path that keystone does not automatically
- infer (`/prefix/v3`), or if the endpoint should be found on a different host.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: public_endpoint
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: uri value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: admin_endpoint
- help: 'The base admin endpoint URL for Keystone that is advertised to clients
- (NOTE: this does NOT affect how Keystone listens for connections). Defaults
- to the base host URL of the request. For example, if keystone receives a request
- to `http://server:35357/v3/users`, then this will option will be automatically
- treated as `http://server:35357`. You should only need to set option if either
- the value of the base URL contains a path that keystone does not automatically
- infer (`/prefix/v3`), or if the endpoint should be found on a different host.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: admin_endpoint
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: uri value
- - advanced: false
- choices: []
- default: 5
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: max_project_tree_depth
- help: 'Maximum depth of the project hierarchy, excluding the project acting
- as a domain at the top of the hierarchy. WARNING: Setting it to a large value
- may adversely impact performance.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: max_project_tree_depth
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 64
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: max_param_size
- help: Limit the sizes of user & project ID/names.
- max: null
- metavar: null
- min: null
- mutable: false
- name: max_param_size
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 255
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: max_token_size
- help: Similar to `[DEFAULT] max_param_size`, but provides an exception for token
- values. With Fernet tokens, this can be set as low as 255. With UUID tokens,
- this should be set to 32).
- max: null
- metavar: null
- min: null
- mutable: false
- name: max_token_size
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 9fe2ff9ee4384b1894a90878d3e92bab
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: member_role_id
- help: Similar to the `[DEFAULT] member_role_name` option, this represents the
- default role ID used to associate users with their default projects in the
- v2 API. This will be used as the explicit role where one is not specified
- by the v2 API. You do not need to set this value unless you want keystone
- to use an existing role with a different ID, other than the arbitrarily defined
- `_member_` role (in which case, you should set `[DEFAULT] member_role_name`
- as well).
- max: null
- metavar: null
- min: null
- mutable: false
- name: member_role_id
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: _member_
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: member_role_name
- help: This is the role name used in combination with the `[DEFAULT] member_role_id`
- option; see that option for more detail. You do not need to set this option
- unless you want keystone to use an existing role (in which case, you should
- set `[DEFAULT] member_role_id` as well).
- max: null
- metavar: null
- min: null
- mutable: false
- name: member_role_name
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 10000
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: sha512_crypt is insufficient for password hashes, use of
- bcrypt, pbkfd2_sha512 and scrypt are now supported. Options are located in
- the [identity] config block. This option is still used for rolling upgrade
- compatibility password hashing.
- deprecated_since: P
- dest: crypt_strength
- help: The value passed as the keyword "rounds" to passlib's encrypt method.
- This option represents a trade off between security and performance. Higher
- values lead to slower performance, but higher security. Changing this option
- will only affect newly created passwords as existing password hashes already
- have a fixed number of rounds applied, so it is safe to tune this option in
- a running cluster. For more information, see https://pythonhosted.org/passlib/password_hash_api.html#choosing-the-right-rounds-value
- max: 100000
- metavar: null
- min: 1000
- mutable: false
- name: crypt_strength
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: list_limit
- help: The maximum number of entities that will be returned in a collection.
- This global limit may be then overridden for a specific driver, by specifying
- a list_limit in the appropriate section (for example, `[assignment]`). No
- limit is set by default. In larger deployments, it is recommended that you
- set this to a reasonable number to prevent operations like listing all users
- and projects from placing an unnecessary load on the system.
- max: null
- metavar: null
- min: null
- mutable: false
- name: list_limit
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: strict_password_check
- help: If set to true, strict password length checking is performed for password
- manipulation. If a password exceeds the maximum length, the operation will
- fail with an HTTP 403 Forbidden error. If set to false, passwords are automatically
- truncated to the maximum length.
- max: null
- metavar: null
- min: null
- mutable: false
- name: strict_password_check
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: HTTP_X_FORWARDED_PROTO
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: This option has been deprecated in the N release and will
- be removed in the P release. Use oslo.middleware.http_proxy_to_wsgi configuration
- instead.
- deprecated_since: N
- dest: secure_proxy_ssl_header
- help: The HTTP header used to determine the scheme for the original request,
- even if it was removed by an SSL terminating proxy.
- max: null
- metavar: null
- min: null
- mutable: false
- name: secure_proxy_ssl_header
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: insecure_debug
- help: If set to true, then the server will return information in HTTP responses
- that may allow an unauthenticated or authenticated user to get more information
- than normal, such as additional details about why authentication failed. This
- may be useful for debugging but is insecure.
- max: null
- metavar: null
- min: null
- mutable: false
- name: insecure_debug
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_publisher_id
- help: Default `publisher_id` for outgoing notifications. If left undefined,
- Keystone will default to using the server's host name.
- max: null
- metavar: null
- min: null
- mutable: false
- name: default_publisher_id
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices:
- - basic
- - cadf
- default: cadf
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: notification_format
- help: Define the notification format for identity service events. A `basic`
- notification only has information about the resource being operated on. A
- `cadf` notification has the same information, as well as information about
- the initiator of the event. The `cadf` option is entirely backwards compatible
- with the `basic` option, but is fully CADF-compliant, and is recommended for
- auditing use cases.
- max: null
- metavar: null
- min: null
- mutable: false
- name: notification_format
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default:
- - identity.authenticate.success
- - identity.authenticate.pending
- - identity.authenticate.failed
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: notification_opt_out
- help: 'You can reduce the number of notifications keystone emits by explicitly
- opting out. Keystone will not emit notifications that match the patterns expressed
- in this list. Values are expected to be in the form of `identity..`.
- By default, all notifications related to authentication are automatically
- suppressed. This field can be set multiple times in order to opt-out of multiple
- notification topics. For example, the following suppresses notifications describing
- user creation or successful authentication events: notification_opt_out=identity.user.create
- notification_opt_out=identity.authenticate.success'
- max: null
- metavar: null
- min: null
- mutable: false
- name: notification_opt_out
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: multi valued
- - advanced: false
- choices: []
- default: 30
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_conn_pool_size
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_conn_pool_size
- help: Size of RPC connection pool.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_conn_pool_size
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 2
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: conn_pool_min_size
- help: The pool size limit for connections expiration policy
- max: null
- metavar: null
- min: null
- mutable: false
- name: conn_pool_min_size
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 1200
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: conn_pool_ttl
- help: The time-to-live in sec of idle connections in the pool
- max: null
- metavar: null
- min: null
- mutable: false
- name: conn_pool_ttl
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: '*'
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_bind_address
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_bind_address
- help: ZeroMQ bind address. Should be a wildcard (*), an ethernet interface,
- or IP. The "host" option should point or resolve to this address.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_bind_address
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: &id001
- - redis
- - sentinel
- - dummy
- default: redis
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_matchmaker
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_matchmaker
- help: MatchMaker driver.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_matchmaker
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 1
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_contexts
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_contexts
- help: Number of ZeroMQ contexts, defaults to 1.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_contexts
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_topic_backlog
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_topic_backlog
- help: Maximum number of ingress messages to locally buffer per topic. Default
- is unlimited.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_topic_backlog
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: /var/run/openstack
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_ipc_dir
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_ipc_dir
- help: Directory for holding IPC sockets.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_ipc_dir
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: x1hobo
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_host
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_host
- help: Name of this node. Must be a valid hostname, FQDN, or IP address. Must
- match "host" option, if running Nova.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_host
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: localhost
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_cast_timeout
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_linger
- help: Number of seconds to wait before all pending messages will be sent after
- closing a socket. The default value of -1 specifies an infinite linger period.
- The value of 0 specifies no linger period. Pending messages shall be discarded
- immediately when the socket is closed. Positive values specify an upper bound
- for the linger period.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_linger
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 1
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_poll_timeout
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_poll_timeout
- help: The default number of seconds that poll should wait. Poll raises timeout
- exception when timeout expired.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_poll_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 300
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: zmq_target_expire
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_target_expire
- help: Expiration timeout in seconds of a name service record about existing
- target ( < 0 means no timeout).
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_target_expire
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 180
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: zmq_target_update
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_target_update
- help: Update period in seconds of a name service record about existing target.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_target_update
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: use_pub_sub
- deprecated_reason: null
- deprecated_since: null
- dest: use_pub_sub
- help: Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
- max: null
- metavar: null
- min: null
- mutable: false
- name: use_pub_sub
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: use_router_proxy
- deprecated_reason: null
- deprecated_since: null
- dest: use_router_proxy
- help: Use ROUTER remote proxy.
- max: null
- metavar: null
- min: null
- mutable: false
- name: use_router_proxy
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: use_dynamic_connections
- help: This option makes direct connections dynamic or static. It makes sense
- only with use_router_proxy=False which means to use direct connections for
- direct message types (ignored otherwise).
- max: null
- metavar: null
- min: null
- mutable: false
- name: use_dynamic_connections
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 2
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_failover_connections
- help: How many additional connections to a host will be made for failover reasons.
- This option is actual only in dynamic connections mode.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_failover_connections
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 49153
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_min_port
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_min_port
- help: Minimal port number for random ports range.
- max: 65535
- metavar: null
- min: 0
- mutable: false
- name: rpc_zmq_min_port
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: port value
- - advanced: false
- choices: []
- default: 65536
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_max_port
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_max_port
- help: Maximal port number for random ports range.
- max: 65536
- metavar: null
- min: 1
- mutable: false
- name: rpc_zmq_max_port
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 100
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_bind_port_retries
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_bind_port_retries
- help: Number of retries to find free port number before fail with ZMQBindError.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_bind_port_retries
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: &id002
- - json
- - msgpack
- default: json
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_serialization
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_serialization
- help: Default serialization mechanism for serializing/deserializing outgoing/incoming
- messages
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_serialization
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_immediate
- help: This option configures round-robin mode in zmq socket. True means not
- keeping a queue when server side disconnects. False means to keep queue and
- messages even if server is disconnected, when the server appears we send all
- accumulated messages to it.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_immediate
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_tcp_keepalive
- help: Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or
- any other negative value) means to skip any overrides and leave it to OS default;
- 0 and 1 (or any other positive value) mean to disable and enable the option
- respectively.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_tcp_keepalive
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_tcp_keepalive_idle
- help: The duration between two keepalive transmissions in idle condition. The
- unit is platform dependent, for example, seconds in Linux, milliseconds in
- Windows etc. The default value of -1 (or any other negative value and 0) means
- to skip any overrides and leave it to OS default.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_tcp_keepalive_idle
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_tcp_keepalive_cnt
- help: The number of retransmissions to be carried out before declaring that
- remote end is not available. The default value of -1 (or any other negative
- value and 0) means to skip any overrides and leave it to OS default.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_tcp_keepalive_cnt
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_tcp_keepalive_intvl
- help: The duration between two successive keepalive retransmissions, if acknowledgement
- to the previous keepalive transmission is not received. The unit is platform
- dependent, for example, seconds in Linux, milliseconds in Windows etc. The
- default value of -1 (or any other negative value and 0) means to skip any
- overrides and leave it to OS default.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_tcp_keepalive_intvl
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 100
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_thread_pool_size
- help: Maximum number of (green) threads to work concurrently.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_thread_pool_size
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 300
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_message_ttl
- help: Expiration timeout in seconds of a sent/received message after which it
- is not tracked anymore by a client/server.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_message_ttl
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_use_acks
- help: Wait for message acknowledgements from receivers. This mechanism works
- only via proxy without PUB/SUB.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_use_acks
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 15
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_ack_timeout_base
- help: Number of seconds to wait for an ack from a cast/call. After each retry
- attempt this timeout is multiplied by some specified multiplier.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_ack_timeout_base
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 2
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_ack_timeout_multiplier
- help: Number to multiply base ack timeout by after each retry attempt.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_ack_timeout_multiplier
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 3
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_retry_attempts
- help: 'Default number of message sending attempts in case of any problems occurred:
- positive value N means at most N retries, 0 means no retries, None or -1 (or
- any other negative values) mean to retry forever. This option is used only
- if acknowledgments are enabled.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_retry_attempts
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: subscribe_on
- help: List of publisher hosts SubConsumer can subscribe on. This option has
- higher priority then the default publishers list taken from the matchmaker.
- max: null
- metavar: null
- min: null
- mutable: false
- name: subscribe_on
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: 64
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_thread_pool_size
- deprecated_reason: null
- deprecated_since: null
- dest: executor_thread_pool_size
- help: Size of executor thread pool when executor is threading or eventlet.
- max: null
- metavar: null
- min: null
- mutable: false
- name: executor_thread_pool_size
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 60
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_response_timeout
- help: Seconds to wait for a response from a call.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_response_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: transport_url
- help: A URL representing the messaging driver to use and its full configuration.
- max: null
- metavar: null
- min: null
- mutable: false
- name: transport_url
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: true
- short: null
- type: string value
- - advanced: false
- choices: []
- default: rabbit
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: rpc_backend
- help: The messaging driver to use, defaults to rabbit. Other drivers include
- amqp and zmq.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_backend
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: keystone
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: control_exchange
- help: The default exchange under which topics are scoped. May be overridden
- by an exchange name specified in the transport_url option.
- max: null
- metavar: null
- min: null
- mutable: false
- name: control_exchange
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: debug
- help: If set to true, the logging level will be set to DEBUG instead of the
- default INFO level.
- max: null
- metavar: null
- min: null
- mutable: true
- name: debug
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: d
- type: boolean value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: log_config
- deprecated_reason: null
- deprecated_since: null
- dest: log_config_append
- help: The name of a logging configuration file. This file is appended to any
- existing logging configuration files. For details about logging configuration
- files, see the Python logging module documentation. Note that when logging
- configuration files are used then all logging configuration is set in the
- configuration file and other logging configuration options are ignored (for
- example, logging_context_format_string).
- max: null
- metavar: PATH
- min: null
- mutable: true
- name: log-config-append
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: '%Y-%m-%d %H:%M:%S'
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: log_date_format
- help: 'Defines the format string for %%(asctime)s in log records. Default: %(default)s
- . This option is ignored if log_config_append is set.'
- max: null
- metavar: DATE_FORMAT
- min: null
- mutable: false
- name: log-date-format
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: logfile
- deprecated_reason: null
- deprecated_since: null
- dest: log_file
- help: (Optional) Name of log file to send logging output to. If no default is
- set, logging will go to stderr as defined by use_stderr. This option is ignored
- if log_config_append is set.
- max: null
- metavar: PATH
- min: null
- mutable: false
- name: log-file
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: logdir
- deprecated_reason: null
- deprecated_since: null
- dest: log_dir
- help: (Optional) The base directory used for relative log_file paths. This
- option is ignored if log_config_append is set.
- max: null
- metavar: null
- min: null
- mutable: false
- name: log-dir
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: watch_log_file
- help: Uses logging handler designed to watch file system. When log file is moved
- or removed this handler will open a new log file with specified path instantaneously.
- It makes sense only if log_file option is specified and Linux platform is
- used. This option is ignored if log_config_append is set.
- max: null
- metavar: null
- min: null
- mutable: false
- name: watch-log-file
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: use_syslog
- help: Use syslog for logging. Existing syslog format is DEPRECATED and will
- be changed later to honor RFC5424. This option is ignored if log_config_append
- is set.
- max: null
- metavar: null
- min: null
- mutable: false
- name: use-syslog
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: use_journal
- help: Enable journald for logging. If running in a systemd environment you may
- wish to enable journal support. Doing so will use the journal native protocol
- which includes structured metadata in addition to log messages.This option
- is ignored if log_config_append is set.
- max: null
- metavar: null
- min: null
- mutable: false
- name: use-journal
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: LOG_USER
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: syslog_log_facility
- help: Syslog facility to receive log lines. This option is ignored if log_config_append
- is set.
- max: null
- metavar: null
- min: null
- mutable: false
- name: syslog-log-facility
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: use_stderr
- help: Log output to standard error. This option is ignored if log_config_append
- is set.
- max: null
- metavar: null
- min: null
- mutable: false
- name: use_stderr
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s
- %(user_identity)s] %(instance)s%(message)s'
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: logging_context_format_string
- help: Format string to use for log messages with context.
- max: null
- metavar: null
- min: null
- mutable: false
- name: logging_context_format_string
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s'
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: logging_default_format_string
- help: Format string to use for log messages when context is undefined.
- max: null
- metavar: null
- min: null
- mutable: false
- name: logging_default_format_string
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: '%(funcName)s %(pathname)s:%(lineno)d'
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: logging_debug_format_suffix
- help: Additional data to append to log message when logging level for the message
- is DEBUG.
- max: null
- metavar: null
- min: null
- mutable: false
- name: logging_debug_format_suffix
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: '%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s'
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: logging_exception_prefix
- help: Prefix each line of exception output with this format.
- max: null
- metavar: null
- min: null
- mutable: false
- name: logging_exception_prefix
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: '%(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s'
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: logging_user_identity_format
- help: Defines the format string for %(user_identity)s that is used in logging_context_format_string.
- max: null
- metavar: null
- min: null
- mutable: false
- name: logging_user_identity_format
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default:
- - amqp=WARN
- - amqplib=WARN
- - boto=WARN
- - qpid=WARN
- - sqlalchemy=WARN
- - suds=INFO
- - oslo.messaging=INFO
- - oslo_messaging=INFO
- - iso8601=WARN
- - requests.packages.urllib3.connectionpool=WARN
- - urllib3.connectionpool=WARN
- - websocket=WARN
- - requests.packages.urllib3.util.retry=WARN
- - urllib3.util.retry=WARN
- - keystonemiddleware=WARN
- - routes.middleware=WARN
- - stevedore=WARN
- - taskflow=WARN
- - keystoneauth=WARN
- - oslo.cache=INFO
- - dogpile.core.dogpile=INFO
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_log_levels
- help: List of package logging levels in logger=LEVEL pairs. This option is ignored
- if log_config_append is set.
- max: null
- metavar: null
- min: null
- mutable: false
- name: default_log_levels
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: publish_errors
- help: Enables or disables publication of error events.
- max: null
- metavar: null
- min: null
- mutable: false
- name: publish_errors
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: '[instance: %(uuid)s] '
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: instance_format
- help: The format for an instance that is passed with the log message.
- max: null
- metavar: null
- min: null
- mutable: false
- name: instance_format
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: '[instance: %(uuid)s] '
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: instance_uuid_format
- help: The format for an instance UUID that is passed with the log message.
- max: null
- metavar: null
- min: null
- mutable: false
- name: instance_uuid_format
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 0
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rate_limit_interval
- help: Interval, number of seconds, of log rate limiting.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rate_limit_interval
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 0
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rate_limit_burst
- help: Maximum number of logged messages per rate_limit_interval.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rate_limit_burst
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: CRITICAL
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rate_limit_except_level
- help: 'Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING,
- DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level
- are not filtered. An empty string means that all levels are filtered.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: rate_limit_except_level
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: fatal_deprecations
- help: Enables or disables fatal status of deprecations.
- max: null
- metavar: null
- min: null
- mutable: false
- name: fatal_deprecations
- namespace: oslo.log
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- standard_opts:
- - admin_token
- - public_endpoint
- - admin_endpoint
- - max_project_tree_depth
- - max_param_size
- - max_token_size
- - member_role_id
- - member_role_name
- - crypt_strength
- - list_limit
- - strict_password_check
- - secure_proxy_ssl_header
- - insecure_debug
- - default_publisher_id
- - notification_format
- - notification_opt_out
- - rpc_conn_pool_size
- - conn_pool_min_size
- - conn_pool_ttl
- - rpc_zmq_bind_address
- - rpc_zmq_matchmaker
- - rpc_zmq_contexts
- - rpc_zmq_topic_backlog
- - rpc_zmq_ipc_dir
- - rpc_zmq_host
- - zmq_linger
- - rpc_poll_timeout
- - zmq_target_expire
- - zmq_target_update
- - use_pub_sub
- - use_router_proxy
- - use_dynamic_connections
- - zmq_failover_connections
- - rpc_zmq_min_port
- - rpc_zmq_max_port
- - rpc_zmq_bind_port_retries
- - rpc_zmq_serialization
- - zmq_immediate
- - zmq_tcp_keepalive
- - zmq_tcp_keepalive_idle
- - zmq_tcp_keepalive_cnt
- - zmq_tcp_keepalive_intvl
- - rpc_thread_pool_size
- - rpc_message_ttl
- - rpc_use_acks
- - rpc_ack_timeout_base
- - rpc_ack_timeout_multiplier
- - rpc_retry_attempts
- - subscribe_on
- - executor_thread_pool_size
- - rpc_response_timeout
- - transport_url
- - rpc_backend
- - control_exchange
- - debug
- - log-config-append
- - log-date-format
- - log-file
- - log-dir
- - watch-log-file
- - use-syslog
- - use-journal
- - syslog-log-facility
- - use_stderr
- - logging_context_format_string
- - logging_default_format_string
- - logging_debug_format_suffix
- - logging_exception_prefix
- - logging_user_identity_format
- - default_log_levels
- - publish_errors
- - instance_format
- - instance_uuid_format
- - rate_limit_interval
- - rate_limit_burst
- - rate_limit_except_level
- - fatal_deprecations
- assignment:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the assignment backend driver (where role assignments
- are stored) in the `keystone.assignment` namespace. Only a SQL driver is supplied
- by keystone itself. Unless you are writing proprietary drivers for keystone,
- you do not need to set this option.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default:
- - admin
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: prohibited_implied_role
- help: A list of role names which are prohibited from being an implied role.
- max: null
- metavar: null
- min: null
- mutable: false
- name: prohibited_implied_role
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- standard_opts:
- - driver
- - prohibited_implied_role
- auth:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default:
- - external
- - password
- - token
- - oauth1
- - mapped
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: methods
- help: 'Allowed authentication methods. Note: You should disable the `external`
- auth method if you are currently using federation. External auth and federation
- both use the REMOTE_USER variable. Since both the mapped and external plugin
- are being invoked to validate attributes in the request environment, it can
- cause conflicts.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: methods
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: password
- help: Entry point for the password auth plugin module in the `keystone.auth.password`
- namespace. You do not need to set this unless you are overriding keystone's
- own password authentication plugin.
- max: null
- metavar: null
- min: null
- mutable: false
- name: password
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: token
- help: Entry point for the token auth plugin module in the `keystone.auth.token`
- namespace. You do not need to set this unless you are overriding keystone's
- own token authentication plugin.
- max: null
- metavar: null
- min: null
- mutable: false
- name: token
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: external
- help: Entry point for the external (`REMOTE_USER`) auth plugin module in the
- `keystone.auth.external` namespace. Supplied drivers are `DefaultDomain` and
- `Domain`. The default driver is `DefaultDomain`, which assumes that all users
- identified by the username specified to keystone in the `REMOTE_USER` variable
- exist within the context of the default domain. The `Domain` option expects
- an additional environment variable be presented to keystone, `REMOTE_DOMAIN`,
- containing the domain name of the `REMOTE_USER` (if `REMOTE_DOMAIN` is not
- set, then the default domain will be used instead). You do not need to set
- this unless you are taking advantage of "external authentication", where the
- application server (such as Apache) is handling authentication instead of
- keystone.
- max: null
- metavar: null
- min: null
- mutable: false
- name: external
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: oauth1
- help: Entry point for the OAuth 1.0a auth plugin module in the `keystone.auth.oauth1`
- namespace. You do not need to set this unless you are overriding keystone's
- own `oauth1` authentication plugin.
- max: null
- metavar: null
- min: null
- mutable: false
- name: oauth1
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: mapped
- help: Entry point for the mapped auth plugin module in the `keystone.auth.mapped`
- namespace. You do not need to set this unless you are overriding keystone's
- own `mapped` authentication plugin.
- max: null
- metavar: null
- min: null
- mutable: false
- name: mapped
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- standard_opts:
- - methods
- - password
- - token
- - external
- - oauth1
- - mapped
- cache:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: cache.oslo
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: config_prefix
- help: Prefix for building the configuration dictionary for the cache region.
- This should not need to be changed unless there is another dogpile.cache region
- with the same configuration name.
- max: null
- metavar: null
- min: null
- mutable: false
- name: config_prefix
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 600
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: expiration_time
- help: Default TTL, in seconds, for any cached item in the dogpile.cache region.
- This applies to any cached method that doesn't have an explicit cache expiration
- time defined for it.
- max: null
- metavar: null
- min: null
- mutable: false
- name: expiration_time
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: dogpile.cache.null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: backend
- help: Dogpile.cache backend module. It is recommended that Memcache or Redis
- (dogpile.cache.redis) be used in production deployments. For eventlet-based
- or highly threaded servers, Memcache with pooling (oslo_cache.memcache_pool)
- is recommended. For low thread servers, dogpile.cache.memcached is recommended.
- Test environments with a single instance of the server can use the dogpile.cache.memory
- backend.
- max: null
- metavar: null
- min: null
- mutable: false
- name: backend
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: backend_argument
- help: 'Arguments supplied to the backend module. Specify this option once per
- argument to be passed to the dogpile.cache backend. Example format: ":".'
- max: null
- metavar: null
- min: null
- mutable: false
- name: backend_argument
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: true
- short: null
- type: multi valued
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: proxies
- help: Proxy classes to import that will affect the way the dogpile.cache backend
- functions. See the dogpile.cache documentation on changing-backend-behavior.
- max: null
- metavar: null
- min: null
- mutable: false
- name: proxies
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: enabled
- help: Global toggle for caching.
- max: null
- metavar: null
- min: null
- mutable: false
- name: enabled
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: debug_cache_backend
- help: Extra debugging from the cache backend (cache keys, get/set/delete/etc
- calls). This is only really useful if you need to see the specific cache-backend
- get/set/delete calls with the keys/values. Typically this should be left
- set to false.
- max: null
- metavar: null
- min: null
- mutable: false
- name: debug_cache_backend
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default:
- - localhost:11211
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: memcache_servers
- help: Memcache servers in the format of "host:port". (dogpile.cache.memcache
- and oslo_cache.memcache_pool backends only).
- max: null
- metavar: null
- min: null
- mutable: false
- name: memcache_servers
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: 300
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: memcache_dead_retry
- help: Number of seconds memcached server is considered dead before it is tried
- again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
- max: null
- metavar: null
- min: null
- mutable: false
- name: memcache_dead_retry
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 3
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: memcache_socket_timeout
- help: Timeout in seconds for every call to a server. (dogpile.cache.memcache
- and oslo_cache.memcache_pool backends only).
- max: null
- metavar: null
- min: null
- mutable: false
- name: memcache_socket_timeout
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 10
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: memcache_pool_maxsize
- help: Max total number of open connections to every memcached server. (oslo_cache.memcache_pool
- backend only).
- max: null
- metavar: null
- min: null
- mutable: false
- name: memcache_pool_maxsize
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 60
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: memcache_pool_unused_timeout
- help: Number of seconds a connection to memcached is held unused in the pool
- before it is closed. (oslo_cache.memcache_pool backend only).
- max: null
- metavar: null
- min: null
- mutable: false
- name: memcache_pool_unused_timeout
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 10
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: memcache_pool_connection_get_timeout
- help: Number of seconds that an operation will wait to get a memcache client
- connection.
- max: null
- metavar: null
- min: null
- mutable: false
- name: memcache_pool_connection_get_timeout
- namespace: oslo.cache
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - config_prefix
- - expiration_time
- - backend
- - backend_argument
- - proxies
- - enabled
- - debug_cache_backend
- - memcache_servers
- - memcache_dead_retry
- - memcache_socket_timeout
- - memcache_pool_maxsize
- - memcache_pool_unused_timeout
- - memcache_pool_connection_get_timeout
- catalog:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: default_catalog.templates
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: template_file
- help: Absolute path to the file used for the templated catalog backend. This
- option is only used if the `[catalog] driver` is set to `templated`.
- max: null
- metavar: null
- min: null
- mutable: false
- name: template_file
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the catalog driver in the `keystone.catalog` namespace.
- Keystone provides a `sql` option (which supports basic CRUD operations through
- SQL), a `templated` option (which loads the catalog from a templated catalog
- file on disk), and a `endpoint_filter.sql` option (which supports arbitrary
- service catalogs per project).
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: caching
- help: Toggle for catalog caching. This has no effect unless global caching is
- enabled. In a typical deployment, there is no reason to disable this.
- max: null
- metavar: null
- min: null
- mutable: false
- name: caching
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: cache_time
- help: Time to cache catalog data (in seconds). This has no effect unless global
- and catalog caching are both enabled. Catalog data (services, endpoints, etc.)
- typically does not change frequently, and so a longer duration than the global
- default may be desirable.
- max: null
- metavar: null
- min: null
- mutable: false
- name: cache_time
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: list_limit
- help: Maximum number of entities that will be returned in a catalog collection.
- There is typically no reason to set this, as it would be unusual for a deployment
- to have enough services or endpoints to exceed a reasonable limit.
- max: null
- metavar: null
- min: null
- mutable: false
- name: list_limit
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - template_file
- - driver
- - caching
- - cache_time
- - list_limit
- cors:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: allowed_origin
- help: 'Indicate whether this resource may be shared with the domain received
- in the requests "origin" header. Format: "://[:]", no
- trailing slash. Example: https://horizon.example.com'
- max: null
- metavar: null
- min: null
- mutable: false
- name: allowed_origin
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: allow_credentials
- help: Indicate that the actual request can include user credentials
- max: null
- metavar: null
- min: null
- mutable: false
- name: allow_credentials
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default:
- - X-Auth-Token
- - X-Openstack-Request-Id
- - X-Subject-Token
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: expose_headers
- help: Indicate which headers are safe to expose to the API. Defaults to HTTP
- Simple Headers.
- max: null
- metavar: null
- min: null
- mutable: false
- name: expose_headers
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: 3600
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: max_age
- help: Maximum cache age of CORS preflight requests.
- max: null
- metavar: null
- min: null
- mutable: false
- name: max_age
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default:
- - GET
- - PUT
- - POST
- - DELETE
- - PATCH
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: allow_methods
- help: Indicate which methods can be used during the actual request.
- max: null
- metavar: null
- min: null
- mutable: false
- name: allow_methods
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default:
- - X-Auth-Token
- - X-Openstack-Request-Id
- - X-Subject-Token
- - X-Project-Id
- - X-Project-Name
- - X-Project-Domain-Id
- - X-Project-Domain-Name
- - X-Domain-Id
- - X-Domain-Name
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: allow_headers
- help: Indicate which header field names may be used during the actual request.
- max: null
- metavar: null
- min: null
- mutable: false
- name: allow_headers
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- standard_opts:
- - allowed_origin
- - allow_credentials
- - expose_headers
- - max_age
- - allow_methods
- - allow_headers
- cors.subdomain:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: allowed_origin
- help: 'Indicate whether this resource may be shared with the domain received
- in the requests "origin" header. Format: "://[:]", no
- trailing slash. Example: https://horizon.example.com'
- max: null
- metavar: null
- min: null
- mutable: false
- name: allowed_origin
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: allow_credentials
- help: Indicate that the actual request can include user credentials
- max: null
- metavar: null
- min: null
- mutable: false
- name: allow_credentials
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default:
- - X-Auth-Token
- - X-Openstack-Request-Id
- - X-Subject-Token
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: expose_headers
- help: Indicate which headers are safe to expose to the API. Defaults to HTTP
- Simple Headers.
- max: null
- metavar: null
- min: null
- mutable: false
- name: expose_headers
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: 3600
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: max_age
- help: Maximum cache age of CORS preflight requests.
- max: null
- metavar: null
- min: null
- mutable: false
- name: max_age
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default:
- - GET
- - PUT
- - POST
- - DELETE
- - PATCH
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: allow_methods
- help: Indicate which methods can be used during the actual request.
- max: null
- metavar: null
- min: null
- mutable: false
- name: allow_methods
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default:
- - X-Auth-Token
- - X-Openstack-Request-Id
- - X-Subject-Token
- - X-Project-Id
- - X-Project-Name
- - X-Project-Domain-Id
- - X-Project-Domain-Name
- - X-Domain-Id
- - X-Domain-Name
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: allow_headers
- help: Indicate which header field names may be used during the actual request.
- max: null
- metavar: null
- min: null
- mutable: false
- name: allow_headers
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- standard_opts:
- - allowed_origin
- - allow_credentials
- - expose_headers
- - max_age
- - allow_methods
- - allow_headers
- credential:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the credential backend driver in the `keystone.credential`
- namespace. Keystone only provides a `sql` driver, so there's no reason to
- change this unless you are providing a custom entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: fernet
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: provider
- help: Entry point for credential encryption and decryption operations in the
- `keystone.credential.provider` namespace. Keystone only provides a `fernet`
- driver, so there's no reason to change this unless you are providing a custom
- entry point to encrypt and decrypt credentials.
- max: null
- metavar: null
- min: null
- mutable: false
- name: provider
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: /etc/keystone/credential-keys/
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: key_repository
- help: Directory containing Fernet keys used to encrypt and decrypt credentials
- stored in the credential backend. Fernet keys used to encrypt credentials
- have no relationship to Fernet keys used to encrypt Fernet tokens. Both sets
- of keys should be managed separately and require different rotation policies.
- Do not share this repository with the repository used to manage keys for Fernet
- tokens.
- max: null
- metavar: null
- min: null
- mutable: false
- name: key_repository
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- standard_opts:
- - driver
- - provider
- - key_repository
- database:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: sqlite_synchronous
- deprecated_reason: null
- deprecated_since: null
- dest: sqlite_synchronous
- help: If True, SQLite uses synchronous mode.
- max: null
- metavar: null
- min: null
- mutable: false
- name: sqlite_synchronous
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: sqlalchemy
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: db_backend
- deprecated_reason: null
- deprecated_since: null
- dest: backend
- help: The back end to use for the database.
- max: null
- metavar: null
- min: null
- mutable: false
- name: backend
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: sql_connection
- - group: DATABASE
- name: sql_connection
- - group: sql
- name: connection
- deprecated_reason: null
- deprecated_since: null
- dest: connection
- help: The SQLAlchemy connection string to use to connect to the database.
- max: null
- metavar: null
- min: null
- mutable: false
- name: connection
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: true
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: slave_connection
- help: The SQLAlchemy connection string to use to connect to the slave database.
- max: null
- metavar: null
- min: null
- mutable: false
- name: slave_connection
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: true
- short: null
- type: string value
- - advanced: false
- choices: []
- default: TRADITIONAL
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: mysql_sql_mode
- help: 'The SQL mode to be used for MySQL sessions. This option, including the
- default, overrides any server-set SQL mode. To use whatever SQL mode is set
- by the server configuration, set this to no value. Example: mysql_sql_mode='
- max: null
- metavar: null
- min: null
- mutable: false
- name: mysql_sql_mode
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 3600
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: sql_idle_timeout
- - group: DATABASE
- name: sql_idle_timeout
- - group: sql
- name: idle_timeout
- deprecated_reason: null
- deprecated_since: null
- dest: idle_timeout
- help: Timeout before idle SQL connections are reaped.
- max: null
- metavar: null
- min: null
- mutable: false
- name: idle_timeout
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 1
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: sql_min_pool_size
- - group: DATABASE
- name: sql_min_pool_size
- deprecated_reason: null
- deprecated_since: null
- dest: min_pool_size
- help: Minimum number of SQL connections to keep open in a pool.
- max: null
- metavar: null
- min: null
- mutable: false
- name: min_pool_size
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 5
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: sql_max_pool_size
- - group: DATABASE
- name: sql_max_pool_size
- deprecated_reason: null
- deprecated_since: null
- dest: max_pool_size
- help: Maximum number of SQL connections to keep open in a pool. Setting a value
- of 0 indicates no limit.
- max: null
- metavar: null
- min: null
- mutable: false
- name: max_pool_size
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 10
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: sql_max_retries
- - group: DATABASE
- name: sql_max_retries
- deprecated_reason: null
- deprecated_since: null
- dest: max_retries
- help: Maximum number of database connection retries during startup. Set to -1
- to specify an infinite retry count.
- max: null
- metavar: null
- min: null
- mutable: false
- name: max_retries
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 10
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: sql_retry_interval
- - group: DATABASE
- name: reconnect_interval
- deprecated_reason: null
- deprecated_since: null
- dest: retry_interval
- help: Interval between retries of opening a SQL connection.
- max: null
- metavar: null
- min: null
- mutable: false
- name: retry_interval
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 50
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: sql_max_overflow
- - group: DATABASE
- name: sqlalchemy_max_overflow
- deprecated_reason: null
- deprecated_since: null
- dest: max_overflow
- help: If set, use this value for max_overflow with SQLAlchemy.
- max: null
- metavar: null
- min: null
- mutable: false
- name: max_overflow
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 0
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: sql_connection_debug
- deprecated_reason: null
- deprecated_since: null
- dest: connection_debug
- help: 'Verbosity of SQL debugging information: 0=None, 100=Everything.'
- max: 100
- metavar: null
- min: 0
- mutable: false
- name: connection_debug
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: sql_connection_trace
- deprecated_reason: null
- deprecated_since: null
- dest: connection_trace
- help: Add Python stack traces to SQL as comment strings.
- max: null
- metavar: null
- min: null
- mutable: false
- name: connection_trace
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts:
- - group: DATABASE
- name: sqlalchemy_pool_timeout
- deprecated_reason: null
- deprecated_since: null
- dest: pool_timeout
- help: If set, use this value for pool_timeout with SQLAlchemy.
- max: null
- metavar: null
- min: null
- mutable: false
- name: pool_timeout
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: use_db_reconnect
- help: Enable the experimental use of database reconnect on connection lost.
- max: null
- metavar: null
- min: null
- mutable: false
- name: use_db_reconnect
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: db_retry_interval
- help: Seconds between retries of a database transaction.
- max: null
- metavar: null
- min: null
- mutable: false
- name: db_retry_interval
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: db_inc_retry_interval
- help: If True, increases the interval between retries of a database operation
- up to db_max_retry_interval.
- max: null
- metavar: null
- min: null
- mutable: false
- name: db_inc_retry_interval
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 10
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: db_max_retry_interval
- help: If db_inc_retry_interval is set, the maximum seconds between retries of
- a database operation.
- max: null
- metavar: null
- min: null
- mutable: false
- name: db_max_retry_interval
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 20
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: db_max_retries
- help: Maximum retries in case of connection error or deadlock error before error
- is raised. Set to -1 to specify an infinite retry count.
- max: null
- metavar: null
- min: null
- mutable: false
- name: db_max_retries
- namespace: oslo.db
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - sqlite_synchronous
- - backend
- - connection
- - slave_connection
- - mysql_sql_mode
- - idle_timeout
- - min_pool_size
- - max_pool_size
- - max_retries
- - retry_interval
- - max_overflow
- - connection_debug
- - connection_trace
- - pool_timeout
- - use_db_reconnect
- - db_retry_interval
- - db_inc_retry_interval
- - db_max_retry_interval
- - db_max_retries
- domain_config:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the domain-specific configuration driver in the `keystone.resource.domain_config`
- namespace. Only a `sql` option is provided by keystone, so there is no reason
- to set this unless you are providing a custom entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: caching
- help: Toggle for caching of the domain-specific configuration backend. This
- has no effect unless global caching is enabled. There is normally no reason
- to disable this.
- max: null
- metavar: null
- min: null
- mutable: false
- name: caching
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 300
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: cache_time
- help: Time-to-live (TTL, in seconds) to cache domain-specific configuration
- data. This has no effect unless `[domain_config] caching` is enabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: cache_time
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - driver
- - caching
- - cache_time
- endpoint_filter:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the endpoint filter driver in the `keystone.endpoint_filter`
- namespace. Only a `sql` option is provided by keystone, so there is no reason
- to set this unless you are providing a custom entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: return_all_endpoints_if_no_filter
- help: This controls keystone's behavior if the configured endpoint filters do
- not result in any endpoints for a user + project pair (and therefore a potentially
- empty service catalog). If set to true, keystone will return the entire service
- catalog. If set to false, keystone will return an empty service catalog.
- max: null
- metavar: null
- min: null
- mutable: false
- name: return_all_endpoints_if_no_filter
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- standard_opts:
- - driver
- - return_all_endpoints_if_no_filter
- endpoint_policy:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the endpoint policy driver in the `keystone.endpoint_policy`
- namespace. Only a `sql` driver is provided by keystone, so there is no reason
- to set this unless you are providing a custom entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- standard_opts:
- - driver
- eventlet_server:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: 0.0.0.0
- deprecated_for_removal: true
- deprecated_opts:
- - group: DEFAULT
- name: bind_host
- - group: DEFAULT
- name: public_bind_host
- deprecated_reason: Support for running keystone under eventlet has been removed
- in the Newton release. These options remain for backwards compatibility because
- they are used for URL substitutions.
- deprecated_since: K
- dest: public_bind_host
- help: The IP address of the network interface for the public service to listen
- on.
- max: null
- metavar: null
- min: null
- mutable: false
- name: public_bind_host
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: unknown value
- - advanced: false
- choices: []
- default: 5000
- deprecated_for_removal: true
- deprecated_opts:
- - group: DEFAULT
- name: public_port
- deprecated_reason: Support for running keystone under eventlet has been removed
- in the Newton release. These options remain for backwards compatibility because
- they are used for URL substitutions.
- deprecated_since: K
- dest: public_port
- help: The port number for the public service to listen on.
- max: 65535
- metavar: null
- min: 0
- mutable: false
- name: public_port
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: port value
- - advanced: false
- choices: []
- default: 0.0.0.0
- deprecated_for_removal: true
- deprecated_opts:
- - group: DEFAULT
- name: bind_host
- - group: DEFAULT
- name: admin_bind_host
- deprecated_reason: Support for running keystone under eventlet has been removed
- in the Newton release. These options remain for backwards compatibility because
- they are used for URL substitutions.
- deprecated_since: K
- dest: admin_bind_host
- help: The IP address of the network interface for the admin service to listen
- on.
- max: null
- metavar: null
- min: null
- mutable: false
- name: admin_bind_host
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: unknown value
- - advanced: false
- choices: []
- default: 35357
- deprecated_for_removal: true
- deprecated_opts:
- - group: DEFAULT
- name: admin_port
- deprecated_reason: Support for running keystone under eventlet has been removed
- in the Newton release. These options remain for backwards compatibility because
- they are used for URL substitutions.
- deprecated_since: K
- dest: admin_port
- help: The port number for the admin service to listen on.
- max: 65535
- metavar: null
- min: 0
- mutable: false
- name: admin_port
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: port value
- standard_opts:
- - public_bind_host
- - public_port
- - admin_bind_host
- - admin_port
- federation:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the federation backend driver in the `keystone.federation`
- namespace. Keystone only provides a `sql` driver, so there is no reason to
- set this option unless you are providing a custom entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: assertion_prefix
- help: Prefix to use when filtering environment variable names for federated
- assertions. Matched variables are passed into the federated mapping engine.
- max: null
- metavar: null
- min: null
- mutable: false
- name: assertion_prefix
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: remote_id_attribute
- help: Value to be used to obtain the entity ID of the Identity Provider from
- the environment. For `mod_shib`, this would be `Shib-Identity-Provider`. For
- For `mod_auth_openidc`, this could be `HTTP_OIDC_ISS`. For `mod_auth_mellon`,
- this could be `MELLON_IDP`.
- max: null
- metavar: null
- min: null
- mutable: false
- name: remote_id_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: Federated
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: federated_domain_name
- help: An arbitrary domain name that is reserved to allow federated ephemeral
- users to have a domain concept. Note that an admin will not be able to create
- a domain with this name or update an existing domain to this name. You are
- not advised to change this value unless you really have to.
- max: null
- metavar: null
- min: null
- mutable: false
- name: federated_domain_name
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: trusted_dashboard
- help: 'A list of trusted dashboard hosts. Before accepting a Single Sign-On
- request to return a token, the origin host must be a member of this list.
- This configuration option may be repeated for multiple values. You must set
- this in order to use web-based SSO flows. For example: trusted_dashboard=https://acme.example.com/auth/websso
- trusted_dashboard=https://beta.example.com/auth/websso'
- max: null
- metavar: null
- min: null
- mutable: false
- name: trusted_dashboard
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: multi valued
- - advanced: false
- choices: []
- default: /etc/keystone/sso_callback_template.html
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: sso_callback_template
- help: Absolute path to an HTML file used as a Single Sign-On callback handler.
- This page is expected to redirect the user from keystone back to a trusted
- dashboard host, by form encoding a token in a POST request. Keystone's default
- value should be sufficient for most deployments.
- max: null
- metavar: null
- min: null
- mutable: false
- name: sso_callback_template
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: caching
- help: Toggle for federation caching. This has no effect unless global caching
- is enabled. There is typically no reason to disable this.
- max: null
- metavar: null
- min: null
- mutable: false
- name: caching
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- standard_opts:
- - driver
- - assertion_prefix
- - remote_id_attribute
- - federated_domain_name
- - trusted_dashboard
- - sso_callback_template
- - caching
- fernet_tokens:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: /etc/keystone/fernet-keys/
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: key_repository
- help: 'Directory containing Fernet token keys. This directory must exist before
- using `keystone-manage fernet_setup` for the first time, must be writable
- by the user running `keystone-manage fernet_setup` or `keystone-manage fernet_rotate`,
- and of course must be readable by keystone''s server process. The repository
- may contain keys in one of three states: a single staged key (always index
- 0) used for token validation, a single primary key (always the highest index)
- used for token creation and validation, and any number of secondary keys (all
- other index values) used for token validation. With multiple keystone nodes,
- each node must share the same key repository contents, with the exception
- of the staged key (index 0). It is safe to run `keystone-manage fernet_rotate`
- once on any one node to promote a staged key (index 0) to be the new primary
- (incremented from the previous highest index), and produce a new staged key
- (a new key with index 0); the resulting repository can then be atomically
- replicated to other nodes without any risk of race conditions (for example,
- it is safe to run `keystone-manage fernet_rotate` on host A, wait any amount
- of time, create a tarball of the directory on host A, unpack it on host B
- to a temporary location, and atomically move (`mv`) the directory into place
- on host B). Running `keystone-manage fernet_rotate` *twice* on a key repository
- without syncing other nodes will result in tokens that can not be validated
- by all nodes.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: key_repository
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 3
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: max_active_keys
- help: This controls how many keys are held in rotation by `keystone-manage fernet_rotate`
- before they are discarded. The default value of 3 means that keystone will
- maintain one staged key (always index 0), one primary key (the highest numerical
- index), and one secondary key (every other index). Increasing this value means
- that additional secondary keys will be kept in the rotation.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: max_active_keys
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - key_repository
- - max_active_keys
- healthcheck:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: /healthcheck
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: path
- help: The path to respond to healtcheck requests on.
- max: null
- metavar: null
- min: null
- mutable: false
- name: path
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: detailed
- help: Show more detailed information as part of the response
- max: null
- metavar: null
- min: null
- mutable: false
- name: detailed
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: backends
- help: Additional backends that can perform health checks and report that information
- back as part of a request.
- max: null
- metavar: null
- min: null
- mutable: false
- name: backends
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: disable_by_file_path
- help: Check the presence of a file to determine if an application is running
- on a port. Used by DisableByFileHealthcheck plugin.
- max: null
- metavar: null
- min: null
- mutable: false
- name: disable_by_file_path
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: disable_by_file_paths
- help: Check the presence of a file based on a port to determine if an application
- is running on a port. Expects a "port:path" list of strings. Used by DisableByFilesPortsHealthcheck
- plugin.
- max: null
- metavar: null
- min: null
- mutable: false
- name: disable_by_file_paths
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- standard_opts:
- - path
- - detailed
- - backends
- - disable_by_file_path
- - disable_by_file_paths
- identity:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: default
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_domain_id
- help: This references the domain to use for all Identity API v2 requests (which
- are not aware of domains). A domain with this ID can optionally be created
- for you by `keystone-manage bootstrap`. The domain referenced by this ID cannot
- be deleted on the v3 API, to prevent accidentally breaking the v2 API. There
- is nothing special about this domain, other than the fact that it must exist
- to order to maintain support for your v2 clients. There is typically no reason
- to change this value.
- max: null
- metavar: null
- min: null
- mutable: false
- name: default_domain_id
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: domain_specific_drivers_enabled
- help: A subset (or all) of domains can have their own identity driver, each
- with their own partial configuration options, stored in either the resource
- backend or in a file in a domain configuration directory (depending on the
- setting of `[identity] domain_configurations_from_database`). Only values
- specific to the domain need to be specified in this manner. This feature is
- disabled by default, but may be enabled by default in a future release; set
- to true to enable.
- max: null
- metavar: null
- min: null
- mutable: false
- name: domain_specific_drivers_enabled
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: domain_configurations_from_database
- help: By default, domain-specific configuration data is read from files in the
- directory identified by `[identity] domain_config_dir`. Enabling this configuration
- option allows you to instead manage domain-specific configurations through
- the API, which are then persisted in the backend (typically, a SQL database),
- rather than using configuration files on disk.
- max: null
- metavar: null
- min: null
- mutable: false
- name: domain_configurations_from_database
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: /etc/keystone/domains
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: domain_config_dir
- help: Absolute path where keystone should locate domain-specific `[identity]`
- configuration files. This option has no effect unless `[identity] domain_specific_drivers_enabled`
- is set to true. There is typically no reason to change this value.
- max: null
- metavar: null
- min: null
- mutable: false
- name: domain_config_dir
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the identity backend driver in the `keystone.identity`
- namespace. Keystone provides a `sql` and `ldap` driver. This option is also
- used as the default driver selection (along with the other configuration variables
- in this section) in the event that `[identity] domain_specific_drivers_enabled`
- is enabled, but no applicable domain-specific configuration is defined for
- the domain in question. Unless your deployment primarily relies on `ldap`
- AND is not using domain-specific configuration, you should typically leave
- this set to `sql`.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: caching
- help: Toggle for identity caching. This has no effect unless global caching
- is enabled. There is typically no reason to disable this.
- max: null
- metavar: null
- min: null
- mutable: false
- name: caching
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 600
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: cache_time
- help: Time to cache identity data (in seconds). This has no effect unless global
- and identity caching are enabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: cache_time
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 4096
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: max_password_length
- help: Maximum allowed length for user passwords. Decrease this value to improve
- performance. Changing this value does not effect existing passwords.
- max: 4096
- metavar: null
- min: null
- mutable: false
- name: max_password_length
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: list_limit
- help: Maximum number of entities that will be returned in an identity collection.
- max: null
- metavar: null
- min: null
- mutable: false
- name: list_limit
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices:
- - bcrypt
- - scrypt
- - pbkdf2_sha512
- default: bcrypt
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: password_hash_algorithm
- help: The password hashing algorithm to use for passwords stored within keystone.
- max: null
- metavar: null
- min: null
- mutable: false
- name: password_hash_algorithm
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: password_hash_rounds
- help: 'This option represents a trade off between security and performance.
- Higher values lead to slower performance, but higher security. Changing this
- option will only affect newly created passwords as existing password hashes
- already have a fixed number of rounds applied, so it is safe to tune this
- option in a running cluster. The default for bcrypt is 12, must be between
- 4 and 31, inclusive. The default for scrypt is 16, must be within `range(1,32)`. The
- default for pbkdf_sha512 is 60000, must be within `range(1,1<<32)` WARNING:
- If using scrypt, increasing this value increases BOTH time AND memory requirements
- to hash a password.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: password_hash_rounds
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: scrypt_block_size
- help: Optional block size to pass to scrypt hash function (the `r` parameter).
- Useful for tuning scrypt to optimal performance for your CPU architecture.
- This option is only used when the `password_hash_algorithm` option is set
- to `scrypt`. Defaults to 8.
- max: null
- metavar: null
- min: null
- mutable: false
- name: scrypt_block_size
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: scrypt_parallelism
- help: Optional parallelism to pass to scrypt hash function (the `p` parameter).
- This option is only used when the `password_hash_algorithm` option is set
- to `scrypt`. Defaults to 1.
- max: null
- metavar: null
- min: null
- mutable: false
- name: scrypt_parallelism
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: salt_bytesize
- help: Number of bytes to use in scrypt and pbkfd2_sha512 hashing salt. Default
- for scrypt is 16 bytes. Default for pbkfd2_sha512 is 16 bytes. Limited to
- a maximum of 96 bytes due to the size of the column used to store password
- hashes.
- max: 96
- metavar: null
- min: 0
- mutable: false
- name: salt_bytesize
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: Only used for rolling-upgrade between Ocata and Pike
- deprecated_since: P
- dest: rolling_upgrade_password_hash_compat
- help: This option tells keystone to continue to hash passwords with the sha512_crypt
- algorithm for supporting rolling upgrades. sha512_crypt is typically more
- insecure than bcrypt, pbkdf2, and scrypt. This option should be set to `False`
- except in the case of performing a rolling upgrade where some Keystone servers
- may not know how to verify non-sha512_crypt based password hashes. This option
- will be removed in the Queens release and is only to support rolling upgrades
- from Ocata release to Pike release.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rolling_upgrade_password_hash_compat
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- standard_opts:
- - default_domain_id
- - domain_specific_drivers_enabled
- - domain_configurations_from_database
- - domain_config_dir
- - driver
- - caching
- - cache_time
- - max_password_length
- - list_limit
- - password_hash_algorithm
- - password_hash_rounds
- - scrypt_block_size
- - scrypt_parallelism
- - salt_bytesize
- - rolling_upgrade_password_hash_compat
- identity_mapping:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the identity mapping backend driver in the `keystone.identity.id_mapping`
- namespace. Keystone only provides a `sql` driver, so there is no reason to
- change this unless you are providing a custom entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: sha256
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: generator
- help: Entry point for the public ID generator for user and group entities in
- the `keystone.identity.id_generator` namespace. The Keystone identity mapper
- only supports generators that produce 64 bytes or less. Keystone only provides
- a `sha256` entry point, so there is no reason to change this value unless
- you're providing a custom entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: generator
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: backward_compatible_ids
- help: The format of user and group IDs changed in Juno for backends that do
- not generate UUIDs (for example, LDAP), with keystone providing a hash mapping
- to the underlying attribute in LDAP. By default this mapping is disabled,
- which ensures that existing IDs will not change. Even when the mapping is
- enabled by using domain-specific drivers (`[identity] domain_specific_drivers_enabled`),
- any users and groups from the default domain being handled by LDAP will still
- not be mapped to ensure their IDs remain backward compatible. Setting this
- value to false will enable the new mapping for all backends, including the
- default LDAP driver. It is only guaranteed to be safe to enable this option
- if you do not already have assignments for users and groups from the default
- LDAP domain, and you consider it to be acceptable for Keystone to provide
- the different IDs to clients than it did previously (existing IDs in the API
- will suddenly change). Typically this means that the only time you can set
- this value to false is when configuring a fresh installation, although that
- is the recommended value.
- max: null
- metavar: null
- min: null
- mutable: false
- name: backward_compatible_ids
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- standard_opts:
- - driver
- - generator
- - backward_compatible_ids
- ldap:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: ldap://localhost
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: url
- help: URL(s) for connecting to the LDAP server. Multiple LDAP URLs may be specified
- as a comma separated string. The first URL to successfully bind is used for
- the connection.
- max: null
- metavar: null
- min: null
- mutable: false
- name: url
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user
- help: The user name of the administrator bind DN to use when querying the LDAP
- server, if your LDAP server requires it.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: password
- help: The password of the administrator bind DN to use when querying the LDAP
- server, if your LDAP server requires it.
- max: null
- metavar: null
- min: null
- mutable: false
- name: password
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: true
- short: null
- type: string value
- - advanced: false
- choices: []
- default: cn=example,cn=com
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: suffix
- help: The default LDAP server suffix to use, if a DN is not defined via either
- `[ldap] user_tree_dn` or `[ldap] group_tree_dn`.
- max: null
- metavar: null
- min: null
- mutable: false
- name: suffix
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices:
- - one
- - sub
- default: one
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: query_scope
- help: The search scope which defines how deep to search within the search base.
- A value of `one` (representing `oneLevel` or `singleLevel`) indicates a search
- of objects immediately below to the base object, but does not include the
- base object itself. A value of `sub` (representing `subtree` or `wholeSubtree`)
- indicates a search of both the base object itself and the entire subtree below
- it.
- max: null
- metavar: null
- min: null
- mutable: false
- name: query_scope
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 0
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: page_size
- help: Defines the maximum number of results per page that keystone should request
- from the LDAP server when listing objects. A value of zero (`0`) disables
- paging.
- max: null
- metavar: null
- min: 0
- mutable: false
- name: page_size
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices:
- - never
- - searching
- - always
- - finding
- - default
- default: default
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: alias_dereferencing
- help: The LDAP dereferencing option to use for queries involving aliases. A
- value of `default` falls back to using default dereferencing behavior configured
- by your `ldap.conf`. A value of `never` prevents aliases from being dereferenced
- at all. A value of `searching` dereferences aliases only after name resolution.
- A value of `finding` dereferences aliases only during name resolution. A value
- of `always` dereferences aliases in all cases.
- max: null
- metavar: null
- min: null
- mutable: false
- name: alias_dereferencing
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: debug_level
- help: Sets the LDAP debugging level for LDAP calls. A value of 0 means that
- debugging is not enabled. This value is a bitmask, consult your LDAP documentation
- for possible values.
- max: null
- metavar: null
- min: -1
- mutable: false
- name: debug_level
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: chase_referrals
- help: Sets keystone's referral chasing behavior across directory partitions.
- If left unset, the system's default behavior will be used.
- max: null
- metavar: null
- min: null
- mutable: false
- name: chase_referrals
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_tree_dn
- help: The search base to use for users. Defaults to the `[ldap] suffix` value.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_tree_dn
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_filter
- help: The LDAP search filter to use for users.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_filter
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: inetOrgPerson
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_objectclass
- help: The LDAP object class to use for users.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_objectclass
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: cn
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_id_attribute
- help: The LDAP attribute mapped to user IDs in keystone. This must NOT be a
- multivalued attribute. User IDs are expected to be globally unique across
- keystone domains and URL-safe.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_id_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: sn
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_name_attribute
- help: The LDAP attribute mapped to user names in keystone. User names are expected
- to be unique only within a keystone domain and are not expected to be URL-safe.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_name_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: description
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_description_attribute
- help: The LDAP attribute mapped to user descriptions in keystone.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_description_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: mail
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_mail_attribute
- help: The LDAP attribute mapped to user emails in keystone.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_mail_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: userPassword
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_pass_attribute
- help: The LDAP attribute mapped to user passwords in keystone.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_pass_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: enabled
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_enabled_attribute
- help: The LDAP attribute mapped to the user enabled attribute in keystone. If
- setting this option to `userAccountControl`, then you may be interested in
- setting `[ldap] user_enabled_mask` and `[ldap] user_enabled_default` as well.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_enabled_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_enabled_invert
- help: Logically negate the boolean value of the enabled attribute obtained from
- the LDAP server. Some LDAP servers use a boolean lock attribute where "true"
- means an account is disabled. Setting `[ldap] user_enabled_invert = true`
- will allow these lock attributes to be used. This option will have no effect
- if either the `[ldap] user_enabled_mask` or `[ldap] user_enabled_emulation`
- options are in use.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_enabled_invert
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 0
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_enabled_mask
- help: Bitmask integer to select which bit indicates the enabled value if the
- LDAP server represents "enabled" as a bit on an integer rather than as a discrete
- boolean. A value of `0` indicates that the mask is not used. If this is not
- set to `0` the typical value is `2`. This is typically used when `[ldap] user_enabled_attribute
- = userAccountControl`. Setting this option causes keystone to ignore the value
- of `[ldap] user_enabled_invert`.
- max: null
- metavar: null
- min: 0
- mutable: false
- name: user_enabled_mask
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 'True'
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_enabled_default
- help: The default value to enable users. This should match an appropriate integer
- value if the LDAP server uses non-boolean (bitmask) values to indicate if
- a user is enabled or disabled. If this is not set to `True`, then the typical
- value is `512`. This is typically used when `[ldap] user_enabled_attribute
- = userAccountControl`.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_enabled_default
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default:
- - default_project_id
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_attribute_ignore
- help: List of user attributes to ignore on create and update, or whether a specific
- user attribute should be filtered for list or show user.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_attribute_ignore
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_default_project_id_attribute
- help: The LDAP attribute mapped to a user's default_project_id in keystone.
- This is most commonly used when keystone has write access to LDAP.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_default_project_id_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_enabled_emulation
- help: If enabled, keystone uses an alternative method to determine if a user
- is enabled or not by checking if they are a member of the group defined by
- the `[ldap] user_enabled_emulation_dn` option. Enabling this option causes
- keystone to ignore the value of `[ldap] user_enabled_invert`.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_enabled_emulation
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_enabled_emulation_dn
- help: DN of the group entry to hold enabled users when using enabled emulation.
- Setting this option has no effect unless `[ldap] user_enabled_emulation` is
- also enabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_enabled_emulation_dn
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_enabled_emulation_use_group_config
- help: Use the `[ldap] group_member_attribute` and `[ldap] group_objectclass`
- settings to determine membership in the emulated enabled group. Enabling this
- option has no effect unless `[ldap] user_enabled_emulation` is also enabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_enabled_emulation_use_group_config
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: user_additional_attribute_mapping
- help: A list of LDAP attribute to keystone user attribute pairs used for mapping
- additional attributes to users in keystone. The expected format is `:`,
- where `ldap_attr` is the attribute in the LDAP object and `user_attr` is the
- attribute which should appear in the identity API.
- max: null
- metavar: null
- min: null
- mutable: false
- name: user_additional_attribute_mapping
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: group_tree_dn
- help: The search base to use for groups. Defaults to the `[ldap] suffix` value.
- max: null
- metavar: null
- min: null
- mutable: false
- name: group_tree_dn
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: group_filter
- help: The LDAP search filter to use for groups.
- max: null
- metavar: null
- min: null
- mutable: false
- name: group_filter
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: groupOfNames
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: group_objectclass
- help: The LDAP object class to use for groups. If setting this option to `posixGroup`,
- you may also be interested in enabling the `[ldap] group_members_are_ids`
- option.
- max: null
- metavar: null
- min: null
- mutable: false
- name: group_objectclass
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: cn
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: group_id_attribute
- help: The LDAP attribute mapped to group IDs in keystone. This must NOT be a
- multivalued attribute. Group IDs are expected to be globally unique across
- keystone domains and URL-safe.
- max: null
- metavar: null
- min: null
- mutable: false
- name: group_id_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ou
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: group_name_attribute
- help: The LDAP attribute mapped to group names in keystone. Group names are
- expected to be unique only within a keystone domain and are not expected to
- be URL-safe.
- max: null
- metavar: null
- min: null
- mutable: false
- name: group_name_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: member
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: group_member_attribute
- help: The LDAP attribute used to indicate that a user is a member of the group.
- max: null
- metavar: null
- min: null
- mutable: false
- name: group_member_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: group_members_are_ids
- help: Enable this option if the members of the group object class are keystone
- user IDs rather than LDAP DNs. This is the case when using `posixGroup` as
- the group object class in Open Directory.
- max: null
- metavar: null
- min: null
- mutable: false
- name: group_members_are_ids
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: description
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: group_desc_attribute
- help: The LDAP attribute mapped to group descriptions in keystone.
- max: null
- metavar: null
- min: null
- mutable: false
- name: group_desc_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: group_attribute_ignore
- help: List of group attributes to ignore on create and update. or whether a
- specific group attribute should be filtered for list or show group.
- max: null
- metavar: null
- min: null
- mutable: false
- name: group_attribute_ignore
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: group_additional_attribute_mapping
- help: A list of LDAP attribute to keystone group attribute pairs used for mapping
- additional attributes to groups in keystone. The expected format is `:`,
- where `ldap_attr` is the attribute in the LDAP object and `group_attr` is
- the attribute which should appear in the identity API.
- max: null
- metavar: null
- min: null
- mutable: false
- name: group_additional_attribute_mapping
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: group_ad_nesting
- help: If enabled, group queries will use Active Directory specific filters for
- nested groups.
- max: null
- metavar: null
- min: null
- mutable: false
- name: group_ad_nesting
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: tls_cacertfile
- help: An absolute path to a CA certificate file to use when communicating with
- LDAP servers. This option will take precedence over `[ldap] tls_cacertdir`,
- so there is no reason to set both.
- max: null
- metavar: null
- min: null
- mutable: false
- name: tls_cacertfile
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: tls_cacertdir
- help: An absolute path to a CA certificate directory to use when communicating
- with LDAP servers. There is no reason to set this option if you've also set
- `[ldap] tls_cacertfile`.
- max: null
- metavar: null
- min: null
- mutable: false
- name: tls_cacertdir
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: use_tls
- help: Enable TLS when communicating with LDAP servers. You should also set the
- `[ldap] tls_cacertfile` and `[ldap] tls_cacertdir` options when using this
- option. Do not set this option if you are using LDAP over SSL (LDAPS) instead
- of TLS.
- max: null
- metavar: null
- min: null
- mutable: false
- name: use_tls
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices:
- - demand
- - never
- - allow
- default: demand
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: tls_req_cert
- help: Specifies which checks to perform against client certificates on incoming
- TLS sessions. If set to `demand`, then a certificate will always be requested
- and required from the LDAP server. If set to `allow`, then a certificate will
- always be requested but not required from the LDAP server. If set to `never`,
- then a certificate will never be requested.
- max: null
- metavar: null
- min: null
- mutable: false
- name: tls_req_cert
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: connection_timeout
- help: The connection timeout to use with the LDAP server. A value of `-1` means
- that connections will never timeout.
- max: null
- metavar: null
- min: -1
- mutable: false
- name: connection_timeout
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: use_pool
- help: Enable LDAP connection pooling for queries to the LDAP server. There is
- typically no reason to disable this.
- max: null
- metavar: null
- min: null
- mutable: false
- name: use_pool
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 10
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_size
- help: The size of the LDAP connection pool. This option has no effect unless
- `[ldap] use_pool` is also enabled.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: pool_size
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 3
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_retry_max
- help: The maximum number of times to attempt reconnecting to the LDAP server
- before aborting. A value of zero prevents retries. This option has no effect
- unless `[ldap] use_pool` is also enabled.
- max: null
- metavar: null
- min: 0
- mutable: false
- name: pool_retry_max
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 0.1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_retry_delay
- help: The number of seconds to wait before attempting to reconnect to the LDAP
- server. This option has no effect unless `[ldap] use_pool` is also enabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: pool_retry_delay
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: floating point value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_connection_timeout
- help: The connection timeout to use when pooling LDAP connections. A value of
- `-1` means that connections will never timeout. This option has no effect
- unless `[ldap] use_pool` is also enabled.
- max: null
- metavar: null
- min: -1
- mutable: false
- name: pool_connection_timeout
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 600
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_connection_lifetime
- help: The maximum connection lifetime to the LDAP server in seconds. When this
- lifetime is exceeded, the connection will be unbound and removed from the
- connection pool. This option has no effect unless `[ldap] use_pool` is also
- enabled.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: pool_connection_lifetime
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: use_auth_pool
- help: Enable LDAP connection pooling for end user authentication. There is typically
- no reason to disable this.
- max: null
- metavar: null
- min: null
- mutable: false
- name: use_auth_pool
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 100
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: auth_pool_size
- help: The size of the connection pool to use for end user authentication. This
- option has no effect unless `[ldap] use_auth_pool` is also enabled.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: auth_pool_size
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 60
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: auth_pool_connection_lifetime
- help: The maximum end user authentication connection lifetime to the LDAP server
- in seconds. When this lifetime is exceeded, the connection will be unbound
- and removed from the connection pool. This option has no effect unless `[ldap]
- use_auth_pool` is also enabled.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: auth_pool_connection_lifetime
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - url
- - user
- - password
- - suffix
- - query_scope
- - page_size
- - alias_dereferencing
- - debug_level
- - chase_referrals
- - user_tree_dn
- - user_filter
- - user_objectclass
- - user_id_attribute
- - user_name_attribute
- - user_description_attribute
- - user_mail_attribute
- - user_pass_attribute
- - user_enabled_attribute
- - user_enabled_invert
- - user_enabled_mask
- - user_enabled_default
- - user_attribute_ignore
- - user_default_project_id_attribute
- - user_enabled_emulation
- - user_enabled_emulation_dn
- - user_enabled_emulation_use_group_config
- - user_additional_attribute_mapping
- - group_tree_dn
- - group_filter
- - group_objectclass
- - group_id_attribute
- - group_name_attribute
- - group_member_attribute
- - group_members_are_ids
- - group_desc_attribute
- - group_attribute_ignore
- - group_additional_attribute_mapping
- - group_ad_nesting
- - tls_cacertfile
- - tls_cacertdir
- - use_tls
- - tls_req_cert
- - connection_timeout
- - use_pool
- - pool_size
- - pool_retry_max
- - pool_retry_delay
- - pool_connection_timeout
- - pool_connection_lifetime
- - use_auth_pool
- - auth_pool_size
- - auth_pool_connection_lifetime
- matchmaker_redis:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: 127.0.0.1
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: host
- help: Host to locate redis.
- max: null
- metavar: null
- min: null
- mutable: false
- name: host
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 6379
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: port
- help: Use this port to connect to redis host.
- max: 65535
- metavar: null
- min: 0
- mutable: false
- name: port
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: port value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: password
- help: Password for Redis server (optional).
- max: null
- metavar: null
- min: null
- mutable: false
- name: password
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: true
- short: null
- type: string value
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: sentinel_hosts
- help: List of Redis Sentinel hosts (fault tolerance mode), e.g., [host:port,
- host1:port ... ]
- max: null
- metavar: null
- min: null
- mutable: false
- name: sentinel_hosts
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: oslo-messaging-zeromq
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: sentinel_group_name
- help: Redis replica set name.
- max: null
- metavar: null
- min: null
- mutable: false
- name: sentinel_group_name
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 2000
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: wait_timeout
- help: Time in ms to wait between connection attempts.
- max: null
- metavar: null
- min: null
- mutable: false
- name: wait_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 20000
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: check_timeout
- help: Time in ms to wait before the transaction is killed.
- max: null
- metavar: null
- min: null
- mutable: false
- name: check_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 10000
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: socket_timeout
- help: Timeout in ms on blocking socket operations.
- max: null
- metavar: null
- min: null
- mutable: false
- name: socket_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - host
- - port
- - password
- - sentinel_hosts
- - sentinel_group_name
- - wait_timeout
- - check_timeout
- - socket_timeout
- memcache:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: 300
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: dead_retry
- help: Number of seconds memcached server is considered dead before it is tried
- again. This is used by the key value store system.
- max: null
- metavar: null
- min: null
- mutable: false
- name: dead_retry
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 3
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: socket_timeout
- help: Timeout in seconds for every call to a server. This is used by the key
- value store system.
- max: null
- metavar: null
- min: null
- mutable: false
- name: socket_timeout
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 10
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_maxsize
- help: Max total number of open connections to every memcached server. This is
- used by the key value store system.
- max: null
- metavar: null
- min: null
- mutable: false
- name: pool_maxsize
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 60
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_unused_timeout
- help: Number of seconds a connection to memcached is held unused in the pool
- before it is closed. This is used by the key value store system.
- max: null
- metavar: null
- min: null
- mutable: false
- name: pool_unused_timeout
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 10
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_connection_get_timeout
- help: Number of seconds that an operation will wait to get a memcache client
- connection. This is used by the key value store system.
- max: null
- metavar: null
- min: null
- mutable: false
- name: pool_connection_get_timeout
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - dead_retry
- - socket_timeout
- - pool_maxsize
- - pool_unused_timeout
- - pool_connection_get_timeout
- oauth1:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the OAuth backend driver in the `keystone.oauth1` namespace.
- Typically, there is no reason to set this option unless you are providing
- a custom entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 28800
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: request_token_duration
- help: Number of seconds for the OAuth Request Token to remain valid after being
- created. This is the amount of time the user has to authorize the token. Setting
- this option to zero means that request tokens will last forever.
- max: null
- metavar: null
- min: 0
- mutable: false
- name: request_token_duration
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 86400
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: access_token_duration
- help: Number of seconds for the OAuth Access Token to remain valid after being
- created. This is the amount of time the consumer has to interact with the
- service provider (which is typically keystone). Setting this option to zero
- means that access tokens will last forever.
- max: null
- metavar: null
- min: 0
- mutable: false
- name: access_token_duration
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - driver
- - request_token_duration
- - access_token_duration
- oslo_messaging_amqp:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: container_name
- deprecated_reason: null
- deprecated_since: null
- dest: container_name
- help: Name for the AMQP container. must be globally unique. Defaults to a generated
- UUID
- max: null
- metavar: null
- min: null
- mutable: false
- name: container_name
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 0
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: idle_timeout
- deprecated_reason: null
- deprecated_since: null
- dest: idle_timeout
- help: Timeout for inactive connections (in seconds)
- max: null
- metavar: null
- min: null
- mutable: false
- name: idle_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: trace
- deprecated_reason: null
- deprecated_since: null
- dest: trace
- help: 'Debug: dump AMQP frames to stdout'
- max: null
- metavar: null
- min: null
- mutable: false
- name: trace
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: ssl
- help: Attempt to connect via SSL. If no other ssl-related parameters are given,
- it will use the system's CA-bundle to verify the server's certificate.
- max: null
- metavar: null
- min: null
- mutable: false
- name: ssl
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: ssl_ca_file
- deprecated_reason: null
- deprecated_since: null
- dest: ssl_ca_file
- help: CA certificate PEM file used to verify the server's certificate
- max: null
- metavar: null
- min: null
- mutable: false
- name: ssl_ca_file
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: ssl_cert_file
- deprecated_reason: null
- deprecated_since: null
- dest: ssl_cert_file
- help: Self-identifying certificate PEM file for client authentication
- max: null
- metavar: null
- min: null
- mutable: false
- name: ssl_cert_file
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: ssl_key_file
- deprecated_reason: null
- deprecated_since: null
- dest: ssl_key_file
- help: Private key PEM file used to sign ssl_cert_file certificate (optional)
- max: null
- metavar: null
- min: null
- mutable: false
- name: ssl_key_file
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: ssl_key_password
- deprecated_reason: null
- deprecated_since: null
- dest: ssl_key_password
- help: Password for decrypting ssl_key_file (if encrypted)
- max: null
- metavar: null
- min: null
- mutable: false
- name: ssl_key_password
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: true
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: true
- deprecated_opts:
- - group: amqp1
- name: allow_insecure_clients
- deprecated_reason: Not applicable - not a SSL server
- deprecated_since: null
- dest: allow_insecure_clients
- help: Accept clients using either SSL or plain TCP
- max: null
- metavar: null
- min: null
- mutable: false
- name: allow_insecure_clients
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: sasl_mechanisms
- deprecated_reason: null
- deprecated_since: null
- dest: sasl_mechanisms
- help: Space separated list of acceptable SASL mechanisms
- max: null
- metavar: null
- min: null
- mutable: false
- name: sasl_mechanisms
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: sasl_config_dir
- deprecated_reason: null
- deprecated_since: null
- dest: sasl_config_dir
- help: Path to directory that contains the SASL configuration
- max: null
- metavar: null
- min: null
- mutable: false
- name: sasl_config_dir
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: sasl_config_name
- deprecated_reason: null
- deprecated_since: null
- dest: sasl_config_name
- help: Name of configuration file (without .conf suffix)
- max: null
- metavar: null
- min: null
- mutable: false
- name: sasl_config_name
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: sasl_default_realm
- help: SASL realm to use if no realm present in username
- max: null
- metavar: null
- min: null
- mutable: false
- name: sasl_default_realm
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: true
- deprecated_opts:
- - group: amqp1
- name: username
- deprecated_reason: Should use configuration option transport_url to provide
- the username.
- deprecated_since: null
- dest: username
- help: User name for message broker authentication
- max: null
- metavar: null
- min: null
- mutable: false
- name: username
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: true
- deprecated_opts:
- - group: amqp1
- name: password
- deprecated_reason: Should use configuration option transport_url to provide
- the password.
- deprecated_since: null
- dest: password
- help: Password for message broker authentication
- max: null
- metavar: null
- min: null
- mutable: false
- name: password
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: true
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: connection_retry_interval
- help: Seconds to pause before attempting to re-connect.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: connection_retry_interval
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 2
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: connection_retry_backoff
- help: Increase the connection_retry_interval by this many seconds after each
- unsuccessful failover attempt.
- max: null
- metavar: null
- min: 0
- mutable: false
- name: connection_retry_backoff
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 30
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: connection_retry_interval_max
- help: Maximum limit for connection_retry_interval + connection_retry_backoff
- max: null
- metavar: null
- min: 1
- mutable: false
- name: connection_retry_interval_max
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 10
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: link_retry_delay
- help: Time to pause between re-connecting an AMQP 1.0 link that failed due to
- a recoverable error.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: link_retry_delay
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 0
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_reply_retry
- help: The maximum number of attempts to re-send a reply message which failed
- due to a recoverable error.
- max: null
- metavar: null
- min: -1
- mutable: false
- name: default_reply_retry
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 30
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_reply_timeout
- help: The deadline for an rpc reply message delivery.
- max: null
- metavar: null
- min: 5
- mutable: false
- name: default_reply_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 30
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_send_timeout
- help: The deadline for an rpc cast or call message delivery. Only used when
- caller does not provide a timeout expiry.
- max: null
- metavar: null
- min: 5
- mutable: false
- name: default_send_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 30
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_notify_timeout
- help: The deadline for a sent notification message delivery. Only used when
- caller does not provide a timeout expiry.
- max: null
- metavar: null
- min: 5
- mutable: false
- name: default_notify_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 600
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_sender_link_timeout
- help: The duration to schedule a purge of idle sender links. Detach link after
- expiry.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: default_sender_link_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: dynamic
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: addressing_mode
- help: 'Indicates the addressing mode used by the driver.
-
- Permitted values:
-
- ''legacy'' - use legacy non-routable addressing
-
- ''routable'' - use routable addresses
-
- ''dynamic'' - use legacy addresses if the message bus does not support routing
- otherwise use routable addressing'
- max: null
- metavar: null
- min: null
- mutable: false
- name: addressing_mode
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: exclusive
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: server_request_prefix
- deprecated_reason: null
- deprecated_since: null
- dest: server_request_prefix
- help: address prefix used when sending to a specific server
- max: null
- metavar: null
- min: null
- mutable: false
- name: server_request_prefix
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: broadcast
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: broadcast_prefix
- deprecated_reason: null
- deprecated_since: null
- dest: broadcast_prefix
- help: address prefix used when broadcasting to all servers
- max: null
- metavar: null
- min: null
- mutable: false
- name: broadcast_prefix
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: unicast
- deprecated_for_removal: false
- deprecated_opts:
- - group: amqp1
- name: group_request_prefix
- deprecated_reason: null
- deprecated_since: null
- dest: group_request_prefix
- help: address prefix when sending to any server in group
- max: null
- metavar: null
- min: null
- mutable: false
- name: group_request_prefix
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: openstack.org/om/rpc
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_address_prefix
- help: Address prefix for all generated RPC addresses
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_address_prefix
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: openstack.org/om/notify
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: notify_address_prefix
- help: Address prefix for all generated Notification addresses
- max: null
- metavar: null
- min: null
- mutable: false
- name: notify_address_prefix
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: multicast
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: multicast_address
- help: Appended to the address prefix when sending a fanout message. Used by
- the message bus to identify fanout messages.
- max: null
- metavar: null
- min: null
- mutable: false
- name: multicast_address
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: unicast
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: unicast_address
- help: Appended to the address prefix when sending to a particular RPC/Notification
- server. Used by the message bus to identify messages sent to a single destination.
- max: null
- metavar: null
- min: null
- mutable: false
- name: unicast_address
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: anycast
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: anycast_address
- help: Appended to the address prefix when sending to a group of consumers. Used
- by the message bus to identify messages that should be delivered in a round-robin
- fashion across consumers.
- max: null
- metavar: null
- min: null
- mutable: false
- name: anycast_address
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_notification_exchange
- help: 'Exchange name used in notification addresses.
-
- Exchange name resolution precedence:
-
- Target.exchange if set
-
- else default_notification_exchange if set
-
- else control_exchange if set
-
- else ''notify'''
- max: null
- metavar: null
- min: null
- mutable: false
- name: default_notification_exchange
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_rpc_exchange
- help: 'Exchange name used in RPC addresses.
-
- Exchange name resolution precedence:
-
- Target.exchange if set
-
- else default_rpc_exchange if set
-
- else control_exchange if set
-
- else ''rpc'''
- max: null
- metavar: null
- min: null
- mutable: false
- name: default_rpc_exchange
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 200
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: reply_link_credit
- help: Window size for incoming RPC Reply messages.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: reply_link_credit
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 100
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_server_credit
- help: Window size for incoming RPC Request messages
- max: null
- metavar: null
- min: 1
- mutable: false
- name: rpc_server_credit
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 100
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: notify_server_credit
- help: Window size for incoming Notification messages
- max: null
- metavar: null
- min: 1
- mutable: false
- name: notify_server_credit
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default:
- - rpc-cast
- - rpc-reply
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pre_settled
- help: 'Send messages of this type pre-settled.
-
- Pre-settled messages will not receive acknowledgement
-
- from the peer. Note well: pre-settled messages may be
-
- silently discarded if the delivery fails.
-
- Permitted values:
-
- ''rpc-call'' - send RPC Calls pre-settled
-
- ''rpc-reply''- send RPC Replies pre-settled
-
- ''rpc-cast'' - Send RPC Casts pre-settled
-
- ''notify'' - Send Notifications pre-settled
-
- '
- max: null
- metavar: null
- min: null
- mutable: false
- name: pre_settled
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: multi valued
- standard_opts:
- - container_name
- - idle_timeout
- - trace
- - ssl
- - ssl_ca_file
- - ssl_cert_file
- - ssl_key_file
- - ssl_key_password
- - allow_insecure_clients
- - sasl_mechanisms
- - sasl_config_dir
- - sasl_config_name
- - sasl_default_realm
- - username
- - password
- - connection_retry_interval
- - connection_retry_backoff
- - connection_retry_interval_max
- - link_retry_delay
- - default_reply_retry
- - default_reply_timeout
- - default_send_timeout
- - default_notify_timeout
- - default_sender_link_timeout
- - addressing_mode
- - server_request_prefix
- - broadcast_prefix
- - group_request_prefix
- - rpc_address_prefix
- - notify_address_prefix
- - multicast_address
- - unicast_address
- - anycast_address
- - default_notification_exchange
- - default_rpc_exchange
- - reply_link_credit
- - rpc_server_credit
- - notify_server_credit
- - pre_settled
- oslo_messaging_kafka:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: localhost
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: kafka_default_host
- help: Default Kafka broker Host
- max: null
- metavar: null
- min: null
- mutable: false
- name: kafka_default_host
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 9092
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: kafka_default_port
- help: Default Kafka broker Port
- max: 65535
- metavar: null
- min: 0
- mutable: false
- name: kafka_default_port
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: port value
- - advanced: false
- choices: []
- default: 1048576
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: kafka_max_fetch_bytes
- help: Max fetch bytes of Kafka consumer
- max: null
- metavar: null
- min: null
- mutable: false
- name: kafka_max_fetch_bytes
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 1.0
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: kafka_consumer_timeout
- help: Default timeout(s) for Kafka consumers
- max: null
- metavar: null
- min: null
- mutable: false
- name: kafka_consumer_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: floating point value
- - advanced: false
- choices: []
- default: 10
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_size
- help: Pool Size for Kafka Consumers
- max: null
- metavar: null
- min: null
- mutable: false
- name: pool_size
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 2
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: conn_pool_min_size
- help: The pool size limit for connections expiration policy
- max: null
- metavar: null
- min: null
- mutable: false
- name: conn_pool_min_size
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 1200
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: conn_pool_ttl
- help: The time-to-live in sec of idle connections in the pool
- max: null
- metavar: null
- min: null
- mutable: false
- name: conn_pool_ttl
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: oslo_messaging_consumer
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: consumer_group
- help: Group id for Kafka consumer. Consumers in one group will coordinate message
- consumption
- max: null
- metavar: null
- min: null
- mutable: false
- name: consumer_group
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 0.0
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: producer_batch_timeout
- help: Upper bound on the delay for KafkaProducer batching in seconds
- max: null
- metavar: null
- min: null
- mutable: false
- name: producer_batch_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: floating point value
- - advanced: false
- choices: []
- default: 16384
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: producer_batch_size
- help: Size of batch for the producer async send
- max: null
- metavar: null
- min: null
- mutable: false
- name: producer_batch_size
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - kafka_default_host
- - kafka_default_port
- - kafka_max_fetch_bytes
- - kafka_consumer_timeout
- - pool_size
- - conn_pool_min_size
- - conn_pool_ttl
- - consumer_group
- - producer_batch_timeout
- - producer_batch_size
- oslo_messaging_notifications:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: notification_driver
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: The Drivers(s) to handle sending notifications. Possible values are messaging,
- messagingv2, routing, log, test, noop
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: multi valued
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: notification_transport_url
- deprecated_reason: null
- deprecated_since: null
- dest: transport_url
- help: A URL representing the messaging driver to use for notifications. If not
- set, we fall back to the same configuration used for RPC.
- max: null
- metavar: null
- min: null
- mutable: false
- name: transport_url
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: true
- short: null
- type: string value
- - advanced: false
- choices: []
- default:
- - notifications
- deprecated_for_removal: false
- deprecated_opts:
- - group: rpc_notifier2
- name: topics
- - group: DEFAULT
- name: notification_topics
- deprecated_reason: null
- deprecated_since: null
- dest: topics
- help: AMQP topic used for OpenStack notifications.
- max: null
- metavar: null
- min: null
- mutable: false
- name: topics
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: retry
- help: The maximum number of attempts to re-send a notification message which
- failed to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
- max: null
- metavar: null
- min: null
- mutable: false
- name: retry
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - driver
- - transport_url
- - topics
- - retry
- oslo_messaging_rabbit:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: amqp_durable_queues
- - group: DEFAULT
- name: rabbit_durable_queues
- deprecated_reason: null
- deprecated_since: null
- dest: amqp_durable_queues
- help: Use durable queues in AMQP.
- max: null
- metavar: null
- min: null
- mutable: false
- name: amqp_durable_queues
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: amqp_auto_delete
- deprecated_reason: null
- deprecated_since: null
- dest: amqp_auto_delete
- help: Auto-delete queues in AMQP.
- max: null
- metavar: null
- min: null
- mutable: false
- name: amqp_auto_delete
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: ssl
- help: Enable SSL
- max: null
- metavar: null
- min: null
- mutable: false
- name: ssl
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: false
- deprecated_opts:
- - group: oslo_messaging_rabbit
- name: kombu_ssl_version
- deprecated_reason: null
- deprecated_since: null
- dest: ssl_version
- help: SSL version to use (valid only if SSL enabled). Valid values are TLSv1
- and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.
- max: null
- metavar: null
- min: null
- mutable: false
- name: ssl_version
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: false
- deprecated_opts:
- - group: oslo_messaging_rabbit
- name: kombu_ssl_keyfile
- deprecated_reason: null
- deprecated_since: null
- dest: ssl_key_file
- help: SSL key file (valid only if SSL enabled).
- max: null
- metavar: null
- min: null
- mutable: false
- name: ssl_key_file
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: false
- deprecated_opts:
- - group: oslo_messaging_rabbit
- name: kombu_ssl_certfile
- deprecated_reason: null
- deprecated_since: null
- dest: ssl_cert_file
- help: SSL cert file (valid only if SSL enabled).
- max: null
- metavar: null
- min: null
- mutable: false
- name: ssl_cert_file
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ''
- deprecated_for_removal: false
- deprecated_opts:
- - group: oslo_messaging_rabbit
- name: kombu_ssl_ca_certs
- deprecated_reason: null
- deprecated_since: null
- dest: ssl_ca_file
- help: SSL certification authority file (valid only if SSL enabled).
- max: null
- metavar: null
- min: null
- mutable: false
- name: ssl_ca_file
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 1.0
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: kombu_reconnect_delay
- deprecated_reason: null
- deprecated_since: null
- dest: kombu_reconnect_delay
- help: How long to wait before reconnecting in response to an AMQP consumer cancel
- notification.
- max: null
- metavar: null
- min: null
- mutable: false
- name: kombu_reconnect_delay
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: floating point value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: kombu_compression
- help: 'EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
- will not be used. This option may not be available in future versions.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: kombu_compression
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 60
- deprecated_for_removal: false
- deprecated_opts:
- - group: oslo_messaging_rabbit
- name: kombu_reconnect_timeout
- deprecated_reason: null
- deprecated_since: null
- dest: kombu_missing_consumer_retry_timeout
- help: How long to wait a missing client before abandoning to send it its replies.
- This value should not be longer than rpc_response_timeout.
- max: null
- metavar: null
- min: null
- mutable: false
- name: kombu_missing_consumer_retry_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices:
- - round-robin
- - shuffle
- default: round-robin
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: kombu_failover_strategy
- help: Determines how the next RabbitMQ node is chosen in case the one we are
- currently connected to becomes unavailable. Takes effect only if more than
- one RabbitMQ node is provided in config.
- max: null
- metavar: null
- min: null
- mutable: false
- name: kombu_failover_strategy
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: localhost
- deprecated_for_removal: true
- deprecated_opts:
- - group: DEFAULT
- name: rabbit_host
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: rabbit_host
- help: The RabbitMQ broker address where a single node is used.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rabbit_host
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 5672
- deprecated_for_removal: true
- deprecated_opts:
- - group: DEFAULT
- name: rabbit_port
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: rabbit_port
- help: The RabbitMQ broker port where a single node is used.
- max: 65535
- metavar: null
- min: 0
- mutable: false
- name: rabbit_port
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: port value
- - advanced: false
- choices: []
- default:
- - $rabbit_host:$rabbit_port
- deprecated_for_removal: true
- deprecated_opts:
- - group: DEFAULT
- name: rabbit_hosts
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: rabbit_hosts
- help: RabbitMQ HA cluster host:port pairs.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rabbit_hosts
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: guest
- deprecated_for_removal: true
- deprecated_opts:
- - group: DEFAULT
- name: rabbit_userid
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: rabbit_userid
- help: The RabbitMQ userid.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rabbit_userid
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: guest
- deprecated_for_removal: true
- deprecated_opts:
- - group: DEFAULT
- name: rabbit_password
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: rabbit_password
- help: The RabbitMQ password.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rabbit_password
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: true
- short: null
- type: string value
- - advanced: false
- choices:
- - PLAIN
- - AMQPLAIN
- - RABBIT-CR-DEMO
- default: AMQPLAIN
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rabbit_login_method
- deprecated_reason: null
- deprecated_since: null
- dest: rabbit_login_method
- help: The RabbitMQ login method.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rabbit_login_method
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: /
- deprecated_for_removal: true
- deprecated_opts:
- - group: DEFAULT
- name: rabbit_virtual_host
- deprecated_reason: Replaced by [DEFAULT]/transport_url
- deprecated_since: null
- dest: rabbit_virtual_host
- help: The RabbitMQ virtual host.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rabbit_virtual_host
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rabbit_retry_interval
- help: How frequently to retry connecting with RabbitMQ.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rabbit_retry_interval
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 2
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rabbit_retry_backoff
- deprecated_reason: null
- deprecated_since: null
- dest: rabbit_retry_backoff
- help: How long to backoff for between retries when connecting to RabbitMQ.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rabbit_retry_backoff
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 30
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rabbit_interval_max
- help: Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rabbit_interval_max
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 0
- deprecated_for_removal: true
- deprecated_opts:
- - group: DEFAULT
- name: rabbit_max_retries
- deprecated_reason: null
- deprecated_since: null
- dest: rabbit_max_retries
- help: Maximum number of RabbitMQ connection retries. Default is 0 (infinite
- retry count).
- max: null
- metavar: null
- min: null
- mutable: false
- name: rabbit_max_retries
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rabbit_ha_queues
- deprecated_reason: null
- deprecated_since: null
- dest: rabbit_ha_queues
- help: 'Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
- option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
- is no longer controlled by the x-ha-policy argument when declaring a queue.
- If you just want to make sure that all queues (except those with auto-generated
- names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA ''^(?!amq\.).*''
- ''{"ha-mode": "all"}'' "'
- max: null
- metavar: null
- min: null
- mutable: false
- name: rabbit_ha_queues
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 1800
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rabbit_transient_queues_ttl
- help: Positive integer representing duration in seconds for queue TTL (x-expires).
- Queues which are unused for the duration of the TTL are automatically deleted.
- The parameter affects only reply and fanout queues.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: rabbit_transient_queues_ttl
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 0
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rabbit_qos_prefetch_count
- help: Specifies the number of messages to prefetch. Setting to zero allows unlimited
- messages.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rabbit_qos_prefetch_count
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 60
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: heartbeat_timeout_threshold
- help: Number of seconds after which the Rabbit broker is considered down if
- heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL
- max: null
- metavar: null
- min: null
- mutable: false
- name: heartbeat_timeout_threshold
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 2
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: heartbeat_rate
- help: How often times during the heartbeat_timeout_threshold we check the heartbeat.
- max: null
- metavar: null
- min: null
- mutable: false
- name: heartbeat_rate
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: fake_rabbit
- deprecated_reason: null
- deprecated_since: null
- dest: fake_rabbit
- help: Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
- max: null
- metavar: null
- min: null
- mutable: false
- name: fake_rabbit
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: channel_max
- help: Maximum number of channels to allow
- max: null
- metavar: null
- min: null
- mutable: false
- name: channel_max
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: frame_max
- help: The maximum byte size for an AMQP frame
- max: null
- metavar: null
- min: null
- mutable: false
- name: frame_max
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 3
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: heartbeat_interval
- help: How often to send heartbeats for consumer's connections
- max: null
- metavar: null
- min: null
- mutable: false
- name: heartbeat_interval
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: ssl_options
- help: Arguments passed to ssl.wrap_socket
- max: null
- metavar: null
- min: null
- mutable: false
- name: ssl_options
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: dict value
- - advanced: false
- choices: []
- default: 0.25
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: socket_timeout
- help: Set socket timeout in seconds for connection's socket
- max: null
- metavar: null
- min: null
- mutable: false
- name: socket_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: floating point value
- - advanced: false
- choices: []
- default: 0.25
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: tcp_user_timeout
- help: Set TCP_USER_TIMEOUT in seconds for connection's socket
- max: null
- metavar: null
- min: null
- mutable: false
- name: tcp_user_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: floating point value
- - advanced: false
- choices: []
- default: 0.25
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: host_connection_reconnect_delay
- help: Set delay for reconnection to some host which has connection error
- max: null
- metavar: null
- min: null
- mutable: false
- name: host_connection_reconnect_delay
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: floating point value
- - advanced: false
- choices:
- - new
- - single
- - read_write
- default: single
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: connection_factory
- help: Connection factory implementation
- max: null
- metavar: null
- min: null
- mutable: false
- name: connection_factory
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 30
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_max_size
- help: Maximum number of connections to keep queued.
- max: null
- metavar: null
- min: null
- mutable: false
- name: pool_max_size
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 0
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_max_overflow
- help: Maximum number of connections to create above `pool_max_size`.
- max: null
- metavar: null
- min: null
- mutable: false
- name: pool_max_overflow
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 30
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_timeout
- help: Default number of seconds to wait for a connections to available
- max: null
- metavar: null
- min: null
- mutable: false
- name: pool_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 600
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_recycle
- help: Lifetime of a connection (since creation) in seconds or None for no recycling.
- Expired connections are closed on acquire.
- max: null
- metavar: null
- min: null
- mutable: false
- name: pool_recycle
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 60
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: pool_stale
- help: Threshold at which inactive (since release) connections are considered
- stale in seconds or None for no staleness. Stale connections are closed on
- acquire.
- max: null
- metavar: null
- min: null
- mutable: false
- name: pool_stale
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices:
- - json
- - msgpack
- default: json
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_serializer_type
- help: Default serialization mechanism for serializing/deserializing outgoing/incoming
- messages
- max: null
- metavar: null
- min: null
- mutable: false
- name: default_serializer_type
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: notification_persistence
- help: Persist notification messages.
- max: null
- metavar: null
- min: null
- mutable: false
- name: notification_persistence
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: ${control_exchange}_notification
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_notification_exchange
- help: Exchange name for sending notifications
- max: null
- metavar: null
- min: null
- mutable: false
- name: default_notification_exchange
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 100
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: notification_listener_prefetch_count
- help: Max number of not acknowledged message which RabbitMQ can send to notification
- listener.
- max: null
- metavar: null
- min: null
- mutable: false
- name: notification_listener_prefetch_count
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_notification_retry_attempts
- help: Reconnecting retry count in case of connectivity problem during sending
- notification, -1 means infinite retry.
- max: null
- metavar: null
- min: null
- mutable: false
- name: default_notification_retry_attempts
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 0.25
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: notification_retry_delay
- help: Reconnecting retry delay in case of connectivity problem during sending
- notification message
- max: null
- metavar: null
- min: null
- mutable: false
- name: notification_retry_delay
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: floating point value
- - advanced: false
- choices: []
- default: 60
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_queue_expiration
- help: Time to live for rpc queues without consumers in seconds.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_queue_expiration
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: ${control_exchange}_rpc
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_rpc_exchange
- help: Exchange name for sending RPC messages
- max: null
- metavar: null
- min: null
- mutable: false
- name: default_rpc_exchange
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: ${control_exchange}_rpc_reply
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_reply_exchange
- help: Exchange name for receiving RPC replies
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_reply_exchange
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 100
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_listener_prefetch_count
- help: Max number of not acknowledged message which RabbitMQ can send to rpc
- listener.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_listener_prefetch_count
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 100
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_reply_listener_prefetch_count
- help: Max number of not acknowledged message which RabbitMQ can send to rpc
- reply listener.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_reply_listener_prefetch_count
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_reply_retry_attempts
- help: Reconnecting retry count in case of connectivity problem during sending
- reply. -1 means infinite retry during rpc_timeout
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_reply_retry_attempts
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 0.25
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_reply_retry_delay
- help: Reconnecting retry delay in case of connectivity problem during sending
- reply.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_reply_retry_delay
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: floating point value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: default_rpc_retry_attempts
- help: Reconnecting retry count in case of connectivity problem during sending
- RPC message, -1 means infinite retry. If actual retry attempts in not 0 the
- rpc request could be processed more than one time
- max: null
- metavar: null
- min: null
- mutable: false
- name: default_rpc_retry_attempts
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 0.25
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_retry_delay
- help: Reconnecting retry delay in case of connectivity problem during sending
- RPC message
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_retry_delay
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: floating point value
- standard_opts:
- - amqp_durable_queues
- - amqp_auto_delete
- - ssl
- - ssl_version
- - ssl_key_file
- - ssl_cert_file
- - ssl_ca_file
- - kombu_reconnect_delay
- - kombu_compression
- - kombu_missing_consumer_retry_timeout
- - kombu_failover_strategy
- - rabbit_host
- - rabbit_port
- - rabbit_hosts
- - rabbit_userid
- - rabbit_password
- - rabbit_login_method
- - rabbit_virtual_host
- - rabbit_retry_interval
- - rabbit_retry_backoff
- - rabbit_interval_max
- - rabbit_max_retries
- - rabbit_ha_queues
- - rabbit_transient_queues_ttl
- - rabbit_qos_prefetch_count
- - heartbeat_timeout_threshold
- - heartbeat_rate
- - fake_rabbit
- - channel_max
- - frame_max
- - heartbeat_interval
- - ssl_options
- - socket_timeout
- - tcp_user_timeout
- - host_connection_reconnect_delay
- - connection_factory
- - pool_max_size
- - pool_max_overflow
- - pool_timeout
- - pool_recycle
- - pool_stale
- - default_serializer_type
- - notification_persistence
- - default_notification_exchange
- - notification_listener_prefetch_count
- - default_notification_retry_attempts
- - notification_retry_delay
- - rpc_queue_expiration
- - default_rpc_exchange
- - rpc_reply_exchange
- - rpc_listener_prefetch_count
- - rpc_reply_listener_prefetch_count
- - rpc_reply_retry_attempts
- - rpc_reply_retry_delay
- - default_rpc_retry_attempts
- - rpc_retry_delay
- oslo_messaging_zmq:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: '*'
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_bind_address
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_bind_address
- help: ZeroMQ bind address. Should be a wildcard (*), an ethernet interface,
- or IP. The "host" option should point or resolve to this address.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_bind_address
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: *id001
- default: redis
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_matchmaker
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_matchmaker
- help: MatchMaker driver.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_matchmaker
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 1
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_contexts
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_contexts
- help: Number of ZeroMQ contexts, defaults to 1.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_contexts
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_topic_backlog
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_topic_backlog
- help: Maximum number of ingress messages to locally buffer per topic. Default
- is unlimited.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_topic_backlog
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: /var/run/openstack
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_ipc_dir
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_ipc_dir
- help: Directory for holding IPC sockets.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_ipc_dir
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: x1hobo
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_host
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_host
- help: Name of this node. Must be a valid hostname, FQDN, or IP address. Must
- match "host" option, if running Nova.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_host
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: localhost
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_cast_timeout
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_linger
- help: Number of seconds to wait before all pending messages will be sent after
- closing a socket. The default value of -1 specifies an infinite linger period.
- The value of 0 specifies no linger period. Pending messages shall be discarded
- immediately when the socket is closed. Positive values specify an upper bound
- for the linger period.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_linger
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 1
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_poll_timeout
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_poll_timeout
- help: The default number of seconds that poll should wait. Poll raises timeout
- exception when timeout expired.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_poll_timeout
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 300
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: zmq_target_expire
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_target_expire
- help: Expiration timeout in seconds of a name service record about existing
- target ( < 0 means no timeout).
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_target_expire
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 180
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: zmq_target_update
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_target_update
- help: Update period in seconds of a name service record about existing target.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_target_update
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: use_pub_sub
- deprecated_reason: null
- deprecated_since: null
- dest: use_pub_sub
- help: Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
- max: null
- metavar: null
- min: null
- mutable: false
- name: use_pub_sub
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: use_router_proxy
- deprecated_reason: null
- deprecated_since: null
- dest: use_router_proxy
- help: Use ROUTER remote proxy.
- max: null
- metavar: null
- min: null
- mutable: false
- name: use_router_proxy
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: use_dynamic_connections
- help: This option makes direct connections dynamic or static. It makes sense
- only with use_router_proxy=False which means to use direct connections for
- direct message types (ignored otherwise).
- max: null
- metavar: null
- min: null
- mutable: false
- name: use_dynamic_connections
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 2
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_failover_connections
- help: How many additional connections to a host will be made for failover reasons.
- This option is actual only in dynamic connections mode.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_failover_connections
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 49153
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_min_port
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_min_port
- help: Minimal port number for random ports range.
- max: 65535
- metavar: null
- min: 0
- mutable: false
- name: rpc_zmq_min_port
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: port value
- - advanced: false
- choices: []
- default: 65536
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_max_port
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_max_port
- help: Maximal port number for random ports range.
- max: 65536
- metavar: null
- min: 1
- mutable: false
- name: rpc_zmq_max_port
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 100
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_bind_port_retries
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_bind_port_retries
- help: Number of retries to find free port number before fail with ZMQBindError.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_bind_port_retries
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: *id002
- default: json
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: rpc_zmq_serialization
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_zmq_serialization
- help: Default serialization mechanism for serializing/deserializing outgoing/incoming
- messages
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_zmq_serialization
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_immediate
- help: This option configures round-robin mode in zmq socket. True means not
- keeping a queue when server side disconnects. False means to keep queue and
- messages even if server is disconnected, when the server appears we send all
- accumulated messages to it.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_immediate
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_tcp_keepalive
- help: Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or
- any other negative value) means to skip any overrides and leave it to OS default;
- 0 and 1 (or any other positive value) mean to disable and enable the option
- respectively.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_tcp_keepalive
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_tcp_keepalive_idle
- help: The duration between two keepalive transmissions in idle condition. The
- unit is platform dependent, for example, seconds in Linux, milliseconds in
- Windows etc. The default value of -1 (or any other negative value and 0) means
- to skip any overrides and leave it to OS default.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_tcp_keepalive_idle
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_tcp_keepalive_cnt
- help: The number of retransmissions to be carried out before declaring that
- remote end is not available. The default value of -1 (or any other negative
- value and 0) means to skip any overrides and leave it to OS default.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_tcp_keepalive_cnt
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: -1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: zmq_tcp_keepalive_intvl
- help: The duration between two successive keepalive retransmissions, if acknowledgement
- to the previous keepalive transmission is not received. The unit is platform
- dependent, for example, seconds in Linux, milliseconds in Windows etc. The
- default value of -1 (or any other negative value and 0) means to skip any
- overrides and leave it to OS default.
- max: null
- metavar: null
- min: null
- mutable: false
- name: zmq_tcp_keepalive_intvl
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 100
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_thread_pool_size
- help: Maximum number of (green) threads to work concurrently.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_thread_pool_size
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 300
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_message_ttl
- help: Expiration timeout in seconds of a sent/received message after which it
- is not tracked anymore by a client/server.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_message_ttl
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_use_acks
- help: Wait for message acknowledgements from receivers. This mechanism works
- only via proxy without PUB/SUB.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_use_acks
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 15
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_ack_timeout_base
- help: Number of seconds to wait for an ack from a cast/call. After each retry
- attempt this timeout is multiplied by some specified multiplier.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_ack_timeout_base
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 2
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_ack_timeout_multiplier
- help: Number to multiply base ack timeout by after each retry attempt.
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_ack_timeout_multiplier
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 3
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: rpc_retry_attempts
- help: 'Default number of message sending attempts in case of any problems occurred:
- positive value N means at most N retries, 0 means no retries, None or -1 (or
- any other negative values) mean to retry forever. This option is used only
- if acknowledgments are enabled.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: rpc_retry_attempts
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: subscribe_on
- help: List of publisher hosts SubConsumer can subscribe on. This option has
- higher priority then the default publishers list taken from the matchmaker.
- max: null
- metavar: null
- min: null
- mutable: false
- name: subscribe_on
- namespace: oslo.messaging
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- standard_opts:
- - rpc_zmq_bind_address
- - rpc_zmq_matchmaker
- - rpc_zmq_contexts
- - rpc_zmq_topic_backlog
- - rpc_zmq_ipc_dir
- - rpc_zmq_host
- - zmq_linger
- - rpc_poll_timeout
- - zmq_target_expire
- - zmq_target_update
- - use_pub_sub
- - use_router_proxy
- - use_dynamic_connections
- - zmq_failover_connections
- - rpc_zmq_min_port
- - rpc_zmq_max_port
- - rpc_zmq_bind_port_retries
- - rpc_zmq_serialization
- - zmq_immediate
- - zmq_tcp_keepalive
- - zmq_tcp_keepalive_idle
- - zmq_tcp_keepalive_cnt
- - zmq_tcp_keepalive_intvl
- - rpc_thread_pool_size
- - rpc_message_ttl
- - rpc_use_acks
- - rpc_ack_timeout_base
- - rpc_ack_timeout_multiplier
- - rpc_retry_attempts
- - subscribe_on
- oslo_middleware:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: 114688
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: osapi_max_request_body_size
- - group: DEFAULT
- name: max_request_body_size
- deprecated_reason: null
- deprecated_since: null
- dest: max_request_body_size
- help: The maximum body size for each request, in bytes.
- max: null
- metavar: null
- min: null
- mutable: false
- name: max_request_body_size
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: X-Forwarded-Proto
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: secure_proxy_ssl_header
- help: The HTTP Header that will be used to determine what the original request
- protocol scheme was, even if it was hidden by a SSL termination proxy.
- max: null
- metavar: null
- min: null
- mutable: false
- name: secure_proxy_ssl_header
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: enable_proxy_headers_parsing
- help: Whether the application is behind a proxy or not. This determines if the
- middleware should parse the headers or not.
- max: null
- metavar: null
- min: null
- mutable: false
- name: enable_proxy_headers_parsing
- namespace: oslo.middleware
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- standard_opts:
- - max_request_body_size
- - secure_proxy_ssl_header
- - enable_proxy_headers_parsing
- oslo_policy:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: policy.json
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: policy_file
- deprecated_reason: null
- deprecated_since: null
- dest: policy_file
- help: The file that defines policies.
- max: null
- metavar: null
- min: null
- mutable: false
- name: policy_file
- namespace: oslo.policy
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: default
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: policy_default_rule
- deprecated_reason: null
- deprecated_since: null
- dest: policy_default_rule
- help: Default rule. Enforced when a requested rule is not found.
- max: null
- metavar: null
- min: null
- mutable: false
- name: policy_default_rule
- namespace: oslo.policy
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default:
- - policy.d
- deprecated_for_removal: false
- deprecated_opts:
- - group: DEFAULT
- name: policy_dirs
- deprecated_reason: null
- deprecated_since: null
- dest: policy_dirs
- help: Directories where policy configuration files are stored. They can be relative
- to any directory in the search path defined by the config_dir option, or absolute
- paths. The file defined by policy_file must exist for these directories to
- be searched. Missing or empty directories are ignored.
- max: null
- metavar: null
- min: null
- mutable: false
- name: policy_dirs
- namespace: oslo.policy
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: multi valued
- standard_opts:
- - policy_file
- - policy_default_rule
- - policy_dirs
- paste_deploy:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: keystone-paste.ini
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: config_file
- help: Name of (or absolute path to) the Paste Deploy configuration file that
- composes middleware and the keystone application itself into actual WSGI entry
- points. See http://pythonpaste.org/deploy/ for additional documentation on
- the file's format.
- max: null
- metavar: null
- min: null
- mutable: false
- name: config_file
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- standard_opts:
- - config_file
- policy:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the policy backend driver in the `keystone.policy` namespace.
- Supplied drivers are `rules` (which does not support any CRUD operations for
- the v3 policy API) and `sql`. Typically, there is no reason to set this option
- unless you are providing a custom entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: list_limit
- help: Maximum number of entities that will be returned in a policy collection.
- max: null
- metavar: null
- min: null
- mutable: false
- name: list_limit
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - driver
- - list_limit
- profiler:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts:
- - group: profiler
- name: profiler_enabled
- deprecated_reason: null
- deprecated_since: null
- dest: enabled
- help: '
-
- Enables the profiling for all services on this node. Default value is False
-
- (fully disable the profiling feature).
-
-
- Possible values:
-
-
- * True: Enables the feature
-
- * False: Disables the feature. The profiling cannot be started via this project
-
- operations. If the profiling is triggered by another project, this project
- part
-
- will be empty.
-
- '
- max: null
- metavar: null
- min: null
- mutable: false
- name: enabled
- namespace: osprofiler
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: trace_sqlalchemy
- help: '
-
- Enables SQL requests profiling in services. Default value is False (SQL
-
- requests won''t be traced).
-
-
- Possible values:
-
-
- * True: Enables SQL requests profiling. Each SQL query will be part of the
-
- trace and can the be analyzed by how much time was spent for that.
-
- * False: Disables SQL requests profiling. The spent time is only shown on
- a
-
- higher level of operations. Single SQL queries cannot be analyzed this
-
- way.
-
- '
- max: null
- metavar: null
- min: null
- mutable: false
- name: trace_sqlalchemy
- namespace: osprofiler
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: SECRET_KEY
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: hmac_keys
- help: '
-
- Secret key(s) to use for encrypting context data for performance profiling.
-
- This string value should have the following format: [,,...],
-
- where each key is some random string. A user who triggers the profiling via
-
- the REST API has to set one of these keys in the headers of the REST API call
-
- to include profiling results of this node for this particular project.
-
-
- Both "enabled" flag and "hmac_keys" config options should be set to enable
-
- profiling. Also, to generate correct profiling information across all services
-
- at least one key needs to be consistent between OpenStack projects. This
-
- ensures it can be used from client side to generate the trace, containing
-
- information from all possible resources.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: hmac_keys
- namespace: osprofiler
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: messaging://
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: connection_string
- help: '
-
- Connection string for a notifier backend. Default value is messaging:// which
-
- sets the notifier to oslo_messaging.
-
-
- Examples of possible values:
-
-
- * messaging://: use oslo_messaging driver for sending notifications.
-
- * mongodb://127.0.0.1:27017 : use mongodb driver for sending notifications.
-
- * elasticsearch://127.0.0.1:9200 : use elasticsearch driver for sending
-
- notifications.
-
- '
- max: null
- metavar: null
- min: null
- mutable: false
- name: connection_string
- namespace: osprofiler
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: notification
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: es_doc_type
- help: '
-
- Document type for notification indexing in elasticsearch.
-
- '
- max: null
- metavar: null
- min: null
- mutable: false
- name: es_doc_type
- namespace: osprofiler
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 2m
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: es_scroll_time
- help: '
-
- This parameter is a time value parameter (for example: es_scroll_time=2m),
-
- indicating for how long the nodes that participate in the search will maintain
-
- relevant resources in order to continue and support it.
-
- '
- max: null
- metavar: null
- min: null
- mutable: false
- name: es_scroll_time
- namespace: osprofiler
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 10000
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: es_scroll_size
- help: '
-
- Elasticsearch splits large requests in batches. This parameter defines
-
- maximum size of each batch (for example: es_scroll_size=10000).
-
- '
- max: null
- metavar: null
- min: null
- mutable: false
- name: es_scroll_size
- namespace: osprofiler
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 0.1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: socket_timeout
- help: '
-
- Redissentinel provides a timeout option on the connections.
-
- This parameter defines that timeout (for example: socket_timeout=0.1).
-
- '
- max: null
- metavar: null
- min: null
- mutable: false
- name: socket_timeout
- namespace: osprofiler
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: floating point value
- - advanced: false
- choices: []
- default: mymaster
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: sentinel_service_name
- help: '
-
- Redissentinel uses a service name to identify a master redis service.
-
- This parameter defines the name (for example:
-
- sentinal_service_name=mymaster).
-
- '
- max: null
- metavar: null
- min: null
- mutable: false
- name: sentinel_service_name
- namespace: osprofiler
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- standard_opts:
- - enabled
- - trace_sqlalchemy
- - hmac_keys
- - connection_string
- - es_doc_type
- - es_scroll_time
- - es_scroll_size
- - socket_timeout
- - sentinel_service_name
- resource:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the resource driver in the `keystone.resource` namespace.
- Only a `sql` driver is supplied by keystone. Unless you are writing proprietary
- drivers for keystone, you do not need to set this option.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts:
- - group: assignment
- name: caching
- deprecated_reason: null
- deprecated_since: null
- dest: caching
- help: Toggle for resource caching. This has no effect unless global caching
- is enabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: caching
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts:
- - group: assignment
- name: cache_time
- deprecated_reason: null
- deprecated_since: null
- dest: cache_time
- help: Time to cache resource data in seconds. This has no effect unless global
- caching is enabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: cache_time
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts:
- - group: assignment
- name: list_limit
- deprecated_reason: null
- deprecated_since: null
- dest: list_limit
- help: Maximum number of entities that will be returned in a resource collection.
- max: null
- metavar: null
- min: null
- mutable: false
- name: list_limit
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: admin_project_domain_name
- help: Name of the domain that owns the `admin_project_name`. If left unset,
- then there is no admin project. `[resource] admin_project_name` must also
- be set to use this option.
- max: null
- metavar: null
- min: null
- mutable: false
- name: admin_project_domain_name
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: admin_project_name
- help: This is a special project which represents cloud-level administrator privileges
- across services. Tokens scoped to this project will contain a true `is_admin_project`
- attribute to indicate to policy systems that the role assignments on that
- specific project should apply equally across every project. If left unset,
- then there is no admin project, and thus no explicit means of cross-project
- role assignments. `[resource] admin_project_domain_name` must also be set
- to use this option.
- max: null
- metavar: null
- min: null
- mutable: false
- name: admin_project_name
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices:
- - 'off'
- - new
- - strict
- default: 'off'
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: project_name_url_safe
- help: This controls whether the names of projects are restricted from containing
- URL-reserved characters. If set to `new`, attempts to create or update a project
- with a URL-unsafe name will fail. If set to `strict`, attempts to scope a
- token with a URL-unsafe project name will fail, thereby forcing all project
- names to be updated to be URL-safe.
- max: null
- metavar: null
- min: null
- mutable: false
- name: project_name_url_safe
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices:
- - 'off'
- - new
- - strict
- default: 'off'
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: domain_name_url_safe
- help: This controls whether the names of domains are restricted from containing
- URL-reserved characters. If set to `new`, attempts to create or update a domain
- with a URL-unsafe name will fail. If set to `strict`, attempts to scope a
- token with a URL-unsafe domain name will fail, thereby forcing all domain
- names to be updated to be URL-safe.
- max: null
- metavar: null
- min: null
- mutable: false
- name: domain_name_url_safe
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- standard_opts:
- - driver
- - caching
- - cache_time
- - list_limit
- - admin_project_domain_name
- - admin_project_name
- - project_name_url_safe
- - domain_name_url_safe
- revoke:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the token revocation backend driver in the `keystone.revoke`
- namespace. Keystone only provides a `sql` driver, so there is no reason to
- set this option unless you are providing a custom entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 1800
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: expiration_buffer
- help: The number of seconds after a token has expired before a corresponding
- revocation event may be purged from the backend.
- max: null
- metavar: null
- min: 0
- mutable: false
- name: expiration_buffer
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: caching
- help: Toggle for revocation event caching. This has no effect unless global
- caching is enabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: caching
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 3600
- deprecated_for_removal: false
- deprecated_opts:
- - group: token
- name: revocation_cache_time
- deprecated_reason: null
- deprecated_since: null
- dest: cache_time
- help: Time to cache the revocation list and the revocation events (in seconds).
- This has no effect unless global and `[revoke] caching` are both enabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: cache_time
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - driver
- - expiration_buffer
- - caching
- - cache_time
- role:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the role backend driver in the `keystone.role` namespace.
- Keystone only provides a `sql` driver, so there's no reason to change this
- unless you are providing a custom entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: caching
- help: Toggle for role caching. This has no effect unless global caching is enabled.
- In a typical deployment, there is no reason to disable this.
- max: null
- metavar: null
- min: null
- mutable: false
- name: caching
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: cache_time
- help: Time to cache role data, in seconds. This has no effect unless both global
- caching and `[role] caching` are enabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: cache_time
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: list_limit
- help: Maximum number of entities that will be returned in a role collection.
- This may be useful to tune if you have a large number of discrete roles in
- your deployment.
- max: null
- metavar: null
- min: null
- mutable: false
- name: list_limit
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - driver
- - caching
- - cache_time
- - list_limit
- saml:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: 3600
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: assertion_expiration_time
- help: Determines the lifetime for any SAML assertions generated by keystone,
- using `NotOnOrAfter` attributes.
- max: null
- metavar: null
- min: null
- mutable: false
- name: assertion_expiration_time
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: xmlsec1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: xmlsec1_binary
- help: Name of, or absolute path to, the binary to be used for XML signing. Although
- only the XML Security Library (`xmlsec1`) is supported, it may have a non-standard
- name or path on your system. If keystone cannot find the binary itself, you
- may need to install the appropriate package, use this option to specify an
- absolute path, or adjust keystone's PATH environment variable.
- max: null
- metavar: null
- min: null
- mutable: false
- name: xmlsec1_binary
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: /etc/keystone/ssl/certs/signing_cert.pem
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: certfile
- help: Absolute path to the public certificate file to use for SAML signing.
- The value cannot contain a comma (`,`).
- max: null
- metavar: null
- min: null
- mutable: false
- name: certfile
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: /etc/keystone/ssl/private/signing_key.pem
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: keyfile
- help: Absolute path to the private key file to use for SAML signing. The value
- cannot contain a comma (`,`).
- max: null
- metavar: null
- min: null
- mutable: false
- name: keyfile
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_entity_id
- help: 'This is the unique entity identifier of the identity provider (keystone)
- to use when generating SAML assertions. This value is required to generate
- identity provider metadata and must be a URI (a URL is recommended). For example:
- `https://keystone.example.com/v3/OS-FEDERATION/saml2/idp`.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_entity_id
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: uri value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_sso_endpoint
- help: 'This is the single sign-on (SSO) service location of the identity provider
- which accepts HTTP POST requests. A value is required to generate identity
- provider metadata. For example: `https://keystone.example.com/v3/OS-FEDERATION/saml2/sso`.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_sso_endpoint
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: uri value
- - advanced: false
- choices: []
- default: en
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_lang
- help: This is the language used by the identity provider's organization.
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_lang
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: SAML Identity Provider
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_organization_name
- help: This is the name of the identity provider's organization.
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_organization_name
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: OpenStack SAML Identity Provider
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_organization_display_name
- help: This is the name of the identity provider's organization to be displayed.
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_organization_display_name
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: https://example.com/
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_organization_url
- help: This is the URL of the identity provider's organization. The URL referenced
- here should be useful to humans.
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_organization_url
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: uri value
- - advanced: false
- choices: []
- default: Example, Inc.
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_contact_company
- help: This is the company name of the identity provider's contact person.
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_contact_company
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: SAML Identity Provider Support
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_contact_name
- help: This is the given name of the identity provider's contact person.
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_contact_name
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: Support
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_contact_surname
- help: This is the surname of the identity provider's contact person.
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_contact_surname
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: support@example.com
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_contact_email
- help: This is the email address of the identity provider's contact person.
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_contact_email
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: +1 800 555 0100
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_contact_telephone
- help: This is the telephone number of the identity provider's contact person.
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_contact_telephone
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices:
- - technical
- - support
- - administrative
- - billing
- - other
- default: other
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_contact_type
- help: This is the type of contact that best describes the identity provider's
- contact person.
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_contact_type
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: /etc/keystone/saml2_idp_metadata.xml
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: idp_metadata_path
- help: Absolute path to the identity provider metadata file. This file should
- be generated with the `keystone-manage saml_idp_metadata` command. There is
- typically no reason to change this value.
- max: null
- metavar: null
- min: null
- mutable: false
- name: idp_metadata_path
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 'ss:mem:'
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: relay_state_prefix
- help: The prefix of the RelayState SAML attribute to use when generating enhanced
- client and proxy (ECP) assertions. In a typical deployment, there is no reason
- to change this value.
- max: null
- metavar: null
- min: null
- mutable: false
- name: relay_state_prefix
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- standard_opts:
- - assertion_expiration_time
- - xmlsec1_binary
- - certfile
- - keyfile
- - idp_entity_id
- - idp_sso_endpoint
- - idp_lang
- - idp_organization_name
- - idp_organization_display_name
- - idp_organization_url
- - idp_contact_company
- - idp_contact_name
- - idp_contact_surname
- - idp_contact_email
- - idp_contact_telephone
- - idp_contact_type
- - idp_metadata_path
- - relay_state_prefix
- security_compliance:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: disable_user_account_days_inactive
- help: The maximum number of days a user can go without authenticating before
- being considered "inactive" and automatically disabled (locked). This feature
- is disabled by default; set any value to enable it. This feature depends on
- the `sql` backend for the `[identity] driver`. When a user exceeds this threshold
- and is considered "inactive", the user's `enabled` attribute in the HTTP API
- may not match the value of the user's `enabled` column in the user table.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: disable_user_account_days_inactive
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: lockout_failure_attempts
- help: The maximum number of times that a user can fail to authenticate before
- the user account is locked for the number of seconds specified by `[security_compliance]
- lockout_duration`. This feature is disabled by default. If this feature is
- enabled and `[security_compliance] lockout_duration` is not set, then users
- may be locked out indefinitely until the user is explicitly enabled via the
- API. This feature depends on the `sql` backend for the `[identity] driver`.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: lockout_failure_attempts
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 1800
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: lockout_duration
- help: The number of seconds a user account will be locked when the maximum number
- of failed authentication attempts (as specified by `[security_compliance]
- lockout_failure_attempts`) is exceeded. Setting this option will have no effect
- unless you also set `[security_compliance] lockout_failure_attempts` to a
- non-zero value. This feature depends on the `sql` backend for the `[identity]
- driver`.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: lockout_duration
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: password_expires_days
- help: The number of days for which a password will be considered valid before
- requiring it to be changed. This feature is disabled by default. If enabled,
- new password changes will have an expiration date, however existing passwords
- would not be impacted. This feature depends on the `sql` backend for the `[identity]
- driver`.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: password_expires_days
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 1
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: unique_last_password_count
- help: This controls the number of previous user password iterations to keep
- in history, in order to enforce that newly created passwords are unique. Setting
- the value to one (the default) disables this feature. Thus, to enable this
- feature, values must be greater than 1. This feature depends on the `sql`
- backend for the `[identity] driver`.
- max: null
- metavar: null
- min: 1
- mutable: false
- name: unique_last_password_count
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 0
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: minimum_password_age
- help: 'The number of days that a password must be used before the user can change
- it. This prevents users from changing their passwords immediately in order
- to wipe out their password history and reuse an old password. This feature
- does not prevent administrators from manually resetting passwords. It is disabled
- by default and allows for immediate password changes. This feature depends
- on the `sql` backend for the `[identity] driver`. Note: If `[security_compliance]
- password_expires_days` is set, then the value for this option should be less
- than the `password_expires_days`.'
- max: null
- metavar: null
- min: 0
- mutable: false
- name: minimum_password_age
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: password_regex
- help: 'The regular expression used to validate password strength requirements.
- By default, the regular expression will match any password. The following
- is an example of a pattern which requires at least 1 letter, 1 digit, and
- have a minimum length of 7 characters: ^(?=.*\d)(?=.*[a-zA-Z]).{7,}$ This
- feature depends on the `sql` backend for the `[identity] driver`.'
- max: null
- metavar: null
- min: null
- mutable: false
- name: password_regex
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: password_regex_description
- help: Describe your password regular expression here in language for humans.
- If a password fails to match the regular expression, the contents of this
- configuration variable will be returned to users to explain why their requested
- password was insufficient.
- max: null
- metavar: null
- min: null
- mutable: false
- name: password_regex_description
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: change_password_upon_first_use
- help: Enabling this option requires users to change their password when the
- user is created, or upon administrative reset. Before accessing any services,
- affected users will have to change their password. To ignore this requirement
- for specific users, such as service users, set the `options` attribute `ignore_change_password_upon_first_use`
- to `True` for the desired user via the update user API. This feature is disabled
- by default. This feature is only applicable with the `sql` backend for the
- `[identity] driver`.
- max: null
- metavar: null
- min: null
- mutable: false
- name: change_password_upon_first_use
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- standard_opts:
- - disable_user_account_days_inactive
- - lockout_failure_attempts
- - lockout_duration
- - password_expires_days
- - unique_last_password_count
- - minimum_password_age
- - password_regex
- - password_regex_description
- - change_password_upon_first_use
- shadow_users:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the shadow users backend driver in the `keystone.identity.shadow_users`
- namespace. This driver is used for persisting local user references to externally-managed
- identities (via federation, LDAP, etc). Keystone only provides a `sql` driver,
- so there is no reason to change this option unless you are providing a custom
- entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- standard_opts:
- - driver
- signing:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: /etc/keystone/ssl/certs/signing_cert.pem
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
- removed in Pike. These options remain for backwards compatibility.'
- deprecated_since: P
- dest: certfile
- help: Absolute path to the public certificate file to use for signing responses
- to revocation lists requests. Set this together with `[signing] keyfile`.
- For non-production environments, you may be interested in using `keystone-manage
- pki_setup` to generate self-signed certificates.
- max: null
- metavar: null
- min: null
- mutable: false
- name: certfile
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: /etc/keystone/ssl/private/signing_key.pem
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
- removed in Pike. These options remain for backwards compatibility.'
- deprecated_since: P
- dest: keyfile
- help: Absolute path to the private key file to use for signing responses to
- revocation lists requests. Set this together with `[signing] certfile`.
- max: null
- metavar: null
- min: null
- mutable: false
- name: keyfile
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: /etc/keystone/ssl/certs/ca.pem
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
- removed in Pike. These options remain for backwards compatibility.'
- deprecated_since: P
- dest: ca_certs
- help: Absolute path to the public certificate authority (CA) file to use when
- creating self-signed certificates with `keystone-manage pki_setup`. Set this
- together with `[signing] ca_key`. There is no reason to set this option unless
- you are requesting revocation lists in a non-production environment. Use a
- `[signing] certfile` issued from a trusted certificate authority instead.
- max: null
- metavar: null
- min: null
- mutable: false
- name: ca_certs
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: /etc/keystone/ssl/private/cakey.pem
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
- removed in Pike. These options remain for backwards compatibility.'
- deprecated_since: P
- dest: ca_key
- help: Absolute path to the private certificate authority (CA) key file to use
- when creating self-signed certificates with `keystone-manage pki_setup`. Set
- this together with `[signing] ca_certs`. There is no reason to set this option
- unless you are requesting revocation lists in a non-production environment.
- Use a `[signing] certfile` issued from a trusted certificate authority instead.
- max: null
- metavar: null
- min: null
- mutable: false
- name: ca_key
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 2048
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
- removed in Pike. These options remain for backwards compatibility.'
- deprecated_since: P
- dest: key_size
- help: Key size (in bits) to use when generating a self-signed token signing
- certificate. There is no reason to set this option unless you are requesting
- revocation lists in a non-production environment. Use a `[signing] certfile`
- issued from a trusted certificate authority instead.
- max: null
- metavar: null
- min: 1024
- mutable: false
- name: key_size
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: 3650
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
- removed in Pike. These options remain for backwards compatibility.'
- deprecated_since: P
- dest: valid_days
- help: The validity period (in days) to use when generating a self-signed token
- signing certificate. There is no reason to set this option unless you are
- requesting revocation lists in a non-production environment. Use a `[signing]
- certfile` issued from a trusted certificate authority instead.
- max: null
- metavar: null
- min: null
- mutable: false
- name: valid_days
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
- removed in Pike. These options remain for backwards compatibility.'
- deprecated_since: P
- dest: cert_subject
- help: The certificate subject to use when generating a self-signed token signing
- certificate. There is no reason to set this option unless you are requesting
- revocation lists in a non-production environment. Use a `[signing] certfile`
- issued from a trusted certificate authority instead.
- max: null
- metavar: null
- min: null
- mutable: false
- name: cert_subject
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- standard_opts:
- - certfile
- - keyfile
- - ca_certs
- - ca_key
- - key_size
- - valid_days
- - cert_subject
- token:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: bind
- help: This is a list of external authentication mechanisms which should add
- token binding metadata to tokens, such as `kerberos` or `x509`. Binding metadata
- is enforced according to the `[token] enforce_token_bind` option.
- max: null
- metavar: null
- min: null
- mutable: false
- name: bind
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: list value
- - advanced: false
- choices: []
- default: permissive
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: P
- dest: enforce_token_bind
- help: This controls the token binding enforcement policy on tokens presented
- to keystone with token binding metadata (as specified by the `[token] bind`
- option). `disabled` completely bypasses token binding validation. `permissive`
- and `strict` do not require tokens to have binding metadata (but will validate
- it if present), whereas `required` will always demand tokens to having binding
- metadata. `permissive` will allow unsupported binding metadata to pass through
- without validation (usually to be validated at another time by another component),
- whereas `strict` and `required` will demand that the included binding metadata
- be supported by keystone.
- max: null
- metavar: null
- min: null
- mutable: false
- name: enforce_token_bind
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: 3600
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: expiration
- help: The amount of time that a token should remain valid (in seconds). Drastically
- reducing this value may break "long-running" operations that involve multiple
- services to coordinate together, and will force users to authenticate with
- keystone more frequently. Drastically increasing this value will increase
- load on the `[token] driver`, as more tokens will be simultaneously valid.
- Keystone tokens are also bearer tokens, so a shorter duration will also reduce
- the potential security impact of a compromised token.
- max: 9223372036854775807
- metavar: null
- min: 0
- mutable: false
- name: expiration
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: fernet
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: provider
- help: Entry point for the token provider in the `keystone.token.provider` namespace.
- The token provider controls the token construction, validation, and revocation
- operations. Keystone includes `fernet` and `uuid` token providers. `uuid`
- tokens must be persisted (using the backend specified in the `[token] driver`
- option), but do not require any extra configuration or setup. `fernet` tokens
- do not need to be persisted at all, but require that you run `keystone-manage
- fernet_setup` (also see the `keystone-manage fernet_rotate` command).
- max: null
- metavar: null
- min: null
- mutable: false
- name: provider
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: true
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: P
- dest: driver
- help: Entry point for the token persistence backend driver in the `keystone.token.persistence`
- namespace. Keystone provides the `sql` driver. The `sql` option (default)
- depends on the options in your `[database]` section. If you're using the `fernet`
- `[token] provider`, this backend will not be utilized to persist tokens at
- all.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: caching
- help: Toggle for caching token creation and validation data. This has no effect
- unless global caching is enabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: caching
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: null
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: cache_time
- help: The number of seconds to cache token creation and validation data. This
- has no effect unless both global and `[token] caching` are enabled.
- max: 9223372036854775807
- metavar: null
- min: 0
- mutable: false
- name: cache_time
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: revoke_by_id
- help: This toggles support for revoking individual tokens by the token identifier
- and thus various token enumeration operations (such as listing all tokens
- issued to a specific user). These operations are used to determine the list
- of tokens to consider revoked. Do not disable this option if you're using
- the `kvs` `[revoke] driver`.
- max: null
- metavar: null
- min: null
- mutable: false
- name: revoke_by_id
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: allow_rescope_scoped_token
- help: This toggles whether scoped tokens may be re-scoped to a new project or
- domain, thereby preventing users from exchanging a scoped token (including
- those with a default project scope) for any other token. This forces users
- to either authenticate for unscoped tokens (and later exchange that unscoped
- token for tokens with a more specific scope) or to provide their credentials
- in every request for a scoped token to avoid re-scoping altogether.
- max: null
- metavar: null
- min: null
- mutable: false
- name: allow_rescope_scoped_token
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: infer_roles
- help: This controls whether roles should be included with tokens that are not
- directly assigned to the token's scope, but are instead linked implicitly
- to other role assignments.
- max: null
- metavar: null
- min: null
- mutable: false
- name: infer_roles
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: cache_on_issue
- help: Enable storing issued token data to token validation cache so that first
- token validation doesn't actually cause full validation cycle. This option
- has no effect unless global caching and token caching are enabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: cache_on_issue
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 172800
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: allow_expired_window
- help: This controls the number of seconds that a token can be retrieved for
- beyond the built-in expiry time. This allows long running operations to succeed.
- Defaults to two days.
- max: null
- metavar: null
- min: null
- mutable: false
- name: allow_expired_window
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- standard_opts:
- - bind
- - enforce_token_bind
- - expiration
- - provider
- - driver
- - caching
- - cache_time
- - revoke_by_id
- - allow_rescope_scoped_token
- - infer_roles
- - cache_on_issue
- - allow_expired_window
- tokenless_auth:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: []
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: trusted_issuer
- help: The list of distinguished names which identify trusted issuers of client
- certificates allowed to use X.509 tokenless authorization. If the option is
- absent then no certificates will be allowed. The format for the values of
- a distinguished name (DN) must be separated by a comma and contain no spaces.
- Furthermore, because an individual DN may contain commas, this configuration
- option may be repeated multiple times to represent multiple values. For example,
- keystone.conf would include two consecutive lines in order to trust two different
- DNs, such as `trusted_issuer = CN=john,OU=keystone,O=openstack` and `trusted_issuer
- = CN=mary,OU=eng,O=abc`.
- max: null
- metavar: null
- min: null
- mutable: false
- name: trusted_issuer
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: multi valued
- - advanced: false
- choices: []
- default: x509
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: protocol
- help: The federated protocol ID used to represent X.509 tokenless authorization.
- This is used in combination with the value of `[tokenless_auth] issuer_attribute`
- to find a corresponding federated mapping. In a typical deployment, there
- is no reason to change this value.
- max: null
- metavar: null
- min: null
- mutable: false
- name: protocol
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- - advanced: false
- choices: []
- default: SSL_CLIENT_I_DN
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: issuer_attribute
- help: The name of the WSGI environment variable used to pass the issuer of the
- client certificate to keystone. This attribute is used as an identity provider
- ID for the X.509 tokenless authorization along with the protocol to look up
- its corresponding mapping. In a typical deployment, there is no reason to
- change this value.
- max: null
- metavar: null
- min: null
- mutable: false
- name: issuer_attribute
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- standard_opts:
- - trusted_issuer
- - protocol
- - issuer_attribute
- trust:
- driver_option: ''
- driver_opts: {}
- dynamic_group_owner: ''
- help: ''
- opts:
- - advanced: false
- choices: []
- default: true
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: enabled
- help: Delegation and impersonation features using trusts can be optionally disabled.
- max: null
- metavar: null
- min: null
- mutable: false
- name: enabled
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: false
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: allow_redelegation
- help: Allows authorization to be redelegated from one user to another, effectively
- chaining trusts together. When disabled, the `remaining_uses` attribute of
- a trust is constrained to be zero.
- max: null
- metavar: null
- min: null
- mutable: false
- name: allow_redelegation
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: boolean value
- - advanced: false
- choices: []
- default: 3
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: max_redelegation_count
- help: Maximum number of times that authorization can be redelegated from one
- user to another in a chain of trusts. This number may be reduced further for
- a specific trust.
- max: null
- metavar: null
- min: null
- mutable: false
- name: max_redelegation_count
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: integer value
- - advanced: false
- choices: []
- default: sql
- deprecated_for_removal: false
- deprecated_opts: []
- deprecated_reason: null
- deprecated_since: null
- dest: driver
- help: Entry point for the trust backend driver in the `keystone.trust` namespace.
- Keystone only provides a `sql` driver, so there is no reason to change this
- unless you are providing a custom entry point.
- max: null
- metavar: null
- min: null
- mutable: false
- name: driver
- namespace: keystone
- positional: false
- required: false
- sample_default: null
- secret: false
- short: null
- type: string value
- standard_opts:
- - enabled
- - allow_redelegation
- - max_redelegation_count
- - driver
-
diff --git a/tests/templates/tempest.conf b/tests/templates/tempest.conf
deleted file mode 100644
index 6add9f4..0000000
--- a/tests/templates/tempest.conf
+++ /dev/null
@@ -1,38 +0,0 @@
-[DEFAULT]
-debug = true
-
-[auth]
-# Roles to assign to all users created by tempest (list value)
-tempest_roles = _member_
-
-use_dynamic_credentials = true
-
-# Roles to assign to all users created by tempest (list value)
-#tempest_roles =
-default_credentials_domain_name = Default
-
-admin_username = admin
-admin_project_name = admin
-admin_password = weakpassword
-admin_domain_name = Default
-
-[identity]
-admin_username = admin
-admin_tenant_name = admin
-admin_domain_name = Default
-disable_ssl_certificate_validation = true
-catalog_type = identity
-uri = http://{{keystone_ip}}:5000/v3
-uri_v3 = http://{{keystone_ip}}:5000/v3
-auth_version = v3
-region = RegionOne
-admin_role = admin
-default_domain_id = default
-admin_password = weakpassword
-
-[service_available]
-cinder = false
-neutron = false
-glance = false
-swift = false
-nova = false
\ No newline at end of file
diff --git a/tests/tests.yml b/tests/tests.yml
deleted file mode 100644
index bd5be55..0000000
--- a/tests/tests.yml
+++ /dev/null
@@ -1,59 +0,0 @@
----
-- name: Get keystone cluster ip
- shell:
- cmd: |
- kubectl get service keystone --namespace {{namespace}} --template={%raw%}{{.spec.clusterIP}}{%endraw%}
- executable: /bin/bash
- register: keystone_ip
-
-- set_fact:
- keystone_ip: "{{keystone_ip.stdout}}"
-
-- name: Wait for keystone to become available
- wait_for:
- host: "{{keystone_ip}}"
- port: "{{item}}"
- delay: 2
- timeout: 300
- with_items:
- - 35357
- - 5000
-
-- name: Test keystone jobs completion
- shell:
- cmd: |
- set -ex
-
- rst=$(kubectl --namespace {{namespace}} get jobs {{item}} --template={%raw%}"{{.status.succeeded}}"{%endraw%})
- if [ "$rst" == "1" ]; then
- exit 0
- fi
- exit 1
- executable: /bin/bash
- retries: 6
- delay: 5
- register: task_result
- until: task_result.rc == 0
- with_items:
- - keystone-createdb
- - keystone-db-sync
- - keystone-fernet
- - keystone-bootstrap
-
-
-- name: Copy tempests config
- become: true
- template:
- src: templates/tempest.conf
- dest: /etc/tempest/tempest.conf
-
-- name: Run tempest
- shell:
- cmd: |
- set -x
- set -e
- tempest init tempest
- cd tempest
- tempest run -r identity
- executable: /bin/bash
- register: tempest_output