From 165461a8d31c168504c9b08353c0258ac53b6070 Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Tue, 21 May 2019 09:49:13 -0600 Subject: [PATCH] Retire ansible-role-k8s-keystone Change-Id: I0ea0cf28c5989bddf01b46fcb78fb1853662e215 --- .zuul.yaml | 33 - LICENSE | 176 - README.md | 40 +- defaults/main.yml | 51 - meta/main.yml | 26 - tasks/deprovision.yml | 46 - tasks/hiera.yml | 55 - tasks/main.yml | 1 - tasks/provision.yml | 276 - templates/base.conf.j2 | 0 templates/httpd-keystone-admin.conf | 22 - templates/httpd-keystone-main.conf | 22 - templates/httpd.conf | 113 - templates/keystone-schema.yaml | 12323 -------------------------- tests/templates/tempest.conf | 38 - tests/tests.yml | 59 - 16 files changed, 8 insertions(+), 13273 deletions(-) delete mode 100644 .zuul.yaml delete mode 100644 LICENSE delete mode 100644 defaults/main.yml delete mode 100644 meta/main.yml delete mode 100644 tasks/deprovision.yml delete mode 100644 tasks/hiera.yml delete mode 100644 tasks/main.yml delete mode 100644 tasks/provision.yml delete mode 100644 templates/base.conf.j2 delete mode 100644 templates/httpd-keystone-admin.conf delete mode 100644 templates/httpd-keystone-main.conf delete mode 100644 templates/httpd.conf delete mode 100644 templates/keystone-schema.yaml delete mode 100644 tests/templates/tempest.conf delete mode 100644 tests/tests.yml diff --git a/.zuul.yaml b/.zuul.yaml deleted file mode 100644 index cd923a6..0000000 --- a/.zuul.yaml +++ /dev/null @@ -1,33 +0,0 @@ -- project: - check: - jobs: - - ansible-role-k8s-keystone-kubernetes-centos - - ansible-role-k8s-keystone-openshift-centos - -- job: - name: ansible-role-k8s-keystone-kubernetes-centos - parent: ansible-role-k8s-base - nodeset: ansible-role-k8s-centos - voting: false - vars: - coe: kubernetes - project_name: ansible-role-k8s-keystone - ansible_role_k8s_required: - - ansible-role-k8s-mariadb - required-projects: - - openstack/ansible-role-k8s-mariadb - - openstack/ansible-role-k8s-keystone - -- job: - name: ansible-role-k8s-keystone-openshift-centos - parent: ansible-role-k8s-base - nodeset: ansible-role-k8s-centos - voting: false - vars: - coe: openshift - project_name: ansible-role-k8s-keystone - ansible_role_k8s_required: - - ansible-role-k8s-mariadb - required-projects: - - openstack/ansible-role-k8s-mariadb - - openstack/ansible-role-k8s-keystone diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 68c771a..0000000 --- a/LICENSE +++ /dev/null @@ -1,176 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - diff --git a/README.md b/README.md index 821f234..86e34d6 100644 --- a/README.md +++ b/README.md @@ -1,34 +1,10 @@ -K8S Keystone -========= -[![Galaxy](https://img.shields.io/badge/galaxy-tripleo.k8s--keystone-blue.svg?style=flat)](https://galaxy.ansible.com/tripleo/k8s-keystone) -[![Build Status](https://travis-ci.org/tripleo/ansible-role-k8s-keystone.svg?branch=master)](https://travis-ci.org/tripleo/ansible-role-k8s-keystone) +This project is no longer maintained. -Install Keystone in a Kubernetes cluster. +The contents of this repository are still available in the Git +source code management system. To see the contents of this +repository before it reached its end of life, please check out the +previous commit with "git checkout HEAD^1". -Requirements ------------- - -Access to Kubernetes cluster - -Role Variables --------------- - -| Name | Default Value | Description | -|-------------------|---------------------|----------------------| -| `action` | `provision` | List of tasks to run. | -| `coe_host` | | | -| `coe_config_context` | | | -| `coe_config_file` | | | - - -Dependencies ------------- - -- `ansible.kubernetes-modules` - -Example Playbook ----------------- - - - hosts: all - roles: - - tripleo.k8s-keystone +For any further questions, please email +openstack-discuss@lists.openstack.org or join #openstack-dev on +Freenode. diff --git a/defaults/main.yml b/defaults/main.yml deleted file mode 100644 index 4c10896..0000000 --- a/defaults/main.yml +++ /dev/null @@ -1,51 +0,0 @@ -coe_host: -coe_config_context: -coe_config_file: -action: provision -namespace: openstack - -hiera_data: {} -hiera_data_file: '' - -clouds_config: 'clouds-secret' - -keystone_hostname: "keystone" -keystone_address: "{{keystone_hostname}}" -keystone_use_service_ip: true - -mariadb_config: - host: mariadb - root_password: weakpassword - -keystone_mounts: - - name: kolla-config - mountPath: /var/lib/kolla/config_files/ - - name: keystone-fernet - mountPath: /etc/keystone/fernet-keys - -keystone_mounts_extra: [] - -keystone_volumes: - - name: kolla-config - config_map: - name: keystone - - name: keystone-fernet - persistentVolumeClaim: - claimName: keystone-fernet - -keystone_volumes_extra: [] - -keystone_config: - DEFAULT: - public_bind_host: "0.0.0.0" - database: - connection: "mysql+pymysql://root:weakpassword@mariadb:3306/keystone" - token: - provider: "fernet" - - admin_username: 'admin' - admin_role_name: 'admin' - admin_project_name: 'admin' - admin_service_name: 'keystone' - admin_domain_name: 'Default' - admin_password: 'weakpassword' diff --git a/meta/main.yml b/meta/main.yml deleted file mode 100644 index c66eac2..0000000 --- a/meta/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -galaxy_info: - author: Flavio Percoco - description: - company: Red Hat - license: Apache v2 - min_ansible_version: 2.3 - - platforms: - - name: EL - versions: - - 7 - - galaxy_tags: - - openstack - - kubernetes - - keystone - -dependencies: - - role: ansible.kubernetes-modules - install_python_requirements: no - -# NOTE(flaper87): We are vendoring config_template in ansible-role-k8s-tripleo -# for now until it's split into its own package. -# - role: openstack-ansible-plugins - - - role: ansible-role-k8s-tripleo diff --git a/tasks/deprovision.yml b/tasks/deprovision.yml deleted file mode 100644 index 8874250..0000000 --- a/tasks/deprovision.yml +++ /dev/null @@ -1,46 +0,0 @@ -- name: Delete keystone fernet job - k8s_v1_job: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: keystone-fernet - namespace: "{{namespace}}" - state: absent - -- name: Delete keystone db-sync job - k8s_v1_job: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: keystone-db-sync - namespace: "{{namespace}}" - state: absent - -- name: Delete keystone deployment - k8s_v1beta1_deployment: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: keystone-api - namespace: "{{namespace}}" - state: absent - -- name: Delete keystone service - k8s_v1_service: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: keystone - namespace: "{{namespace}}" - state: absent - -- name: Delete keystone configmaps - ignore_errors: yes - k8s_v1_config_map: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: keystone - namespace: "{{namespace}}" - state: absent - debug: yes diff --git a/tasks/hiera.yml b/tasks/hiera.yml deleted file mode 100644 index 2ab9b9e..0000000 --- a/tasks/hiera.yml +++ /dev/null @@ -1,55 +0,0 @@ -- name: Translate hieradata - include_role: - name: 'ansible-role-k8s-tripleo' - vars: - hieradata: '{{hiera_data}}' - hieradata_file: '{{hiera_data_file}}' - schema: - # NOTE(flaper87): Needed for bootstrap - # operations - keystone::admin_password: admin_password - keystone::db::mysql::dbname: db.db_name - keystone::db::mysql::host: db.host - keystone::db::mysql::password: db.password - keystone::db::mysql::user: db.user - - keystone::admin_token: DEFAULT.admin_token - keystone::admin_workers: eventlet_server.admin_workers - keystone::public_workers: eventlet_server.public_workers - keystone::public_bind_host: eventlet_server.public_bind_host - keystone::admin_bind_host: eventlet_server.admin_bind_host - keystone::public_endpoint: DEFAULT.admin_bind_host - - keystone_ca_certificate: signing.ca_certs - keystone_signing_key: signing.keyfile - keystone_signing_certificate: signing.certfile - keystone::database_connection: database.connection - keystone::token_expiration: token.expiration - keystone::fernet_max_active_keys: fernet_tokens.max_active_keys - - keystone::wsgi::apache::ssl: ssl.enable - - keystone::notification_driver: oslo_messaging_notifications.driver - keystone::notification_topics: oslo_messaging_notifications.topics - - keystone::rabbit_userid: oslo_messaging_rabbit.rabbit_userid - keystone::rabbit_password: oslo_messaging_rabbit.rabbit_password - keystone::rabbit_host: oslo_messaging_rabbit.rabbit_host - default: '{{keystone_config}}' - fact_variable: 'keystone_config' - - -# ? -# keystone::cron::token_flush::destination: '/dev/null' -# keystone::roles::admin::password: 211937d10baf281179d64c64533af6fcc1aa7475 -# keystone::roles::admin::email: 'root@localhost' -# keystone::roles::admin::admin_tenant: 'admin' -# keystone::roles::admin::service_tenant: 'service' -# keystone::endpoint::public_url: http://192.168.24.1:5000 -# keystone::endpoint::internal_url: http://192.168.24.1:5000 -# keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}" -# keystone::endpoint::region: "%{hiera('keystone_region')}" -# keystone::endpoint::version: '' -# keystone::wsgi::apache::bind_host: 192.168.24.1 -# keystone::enable_credential_setup: true -# keystone::fernet_max_active_keys: 2 diff --git a/tasks/main.yml b/tasks/main.yml deleted file mode 100644 index ef1ef4f..0000000 --- a/tasks/main.yml +++ /dev/null @@ -1 +0,0 @@ -- include: "{{ action }}.yml" diff --git a/tasks/provision.yml b/tasks/provision.yml deleted file mode 100644 index 564bced..0000000 --- a/tasks/provision.yml +++ /dev/null @@ -1,276 +0,0 @@ -- name: Upload config files - template: - src: "{{item}}" - dest: /tmp/{{item}} - backup: yes - mode: 0644 - with_items: - - httpd.conf - - httpd-keystone-main.conf - - httpd-keystone-admin.conf - -- include: hiera.yml - -- name: Generate config files - config_template: - src: base.conf.j2 - dest: /tmp/keystone.conf - config_overrides: '{{keystone_config}}' - config_type: ini - -- name: Read configs into memory - slurp: - src: "/tmp/httpd-keystone-main.conf" - register: "httpd_keystone_main_conf" - -- name: Read configs into memory - slurp: - src: "/tmp/httpd-keystone-admin.conf" - register: "httpd_keystone_admin_conf" - -- name: Read configs into memory - slurp: - src: "/tmp/httpd.conf" - register: "httpd_conf" - -- name: Read configs into memory - slurp: - src: "/tmp/keystone.conf" - register: "keystone_conf" - -- name: Create keystone configmaps - ignore_errors: yes - k8s_v1_config_map: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: keystone - namespace: "{{namespace}}" - state: present - debug: yes - labels: - service: keystone - data: - config.json: | - { - "command": "/usr/sbin/httpd -DFOREGROUND", - "config_files": [ - { - "dest": "/etc/httpd/conf/httpd.conf", - "owner": "root", - "perm": "0644", - "source": "/var/lib/kolla/config_files/httpd.conf" - }, - { - "dest": "/etc/keystone/keystone.conf", - "owner": "keystone", - "perm": "0644", - "source": "/var/lib/kolla/config_files/keystone.conf" - }, - { - "dest": "/etc/httpd/conf.d/10-keystone-main.conf", - "owner": "root", - "perm": "0644", - "source": "/var/lib/kolla/config_files/httpd-keystone-main.conf" - }, - { - "dest": "/etc/httpd/conf.d/10-keystone-admin.conf", - "owner": "root", - "perm": "0644", - "source": "/var/lib/kolla/config_files/httpd-keystone-admin.conf" - } - ] - } - keystone.conf: | - {{keystone_conf['content'] | b64decode}} - httpd.conf: | - {{httpd_conf['content'] | b64decode}} - httpd-keystone-main.conf: | - {{httpd_keystone_main_conf['content'] | b64decode}} - httpd-keystone-admin.conf: | - {{httpd_keystone_admin_conf['content'] | b64decode}} - -- name: Create keystone database - include_role: - name: ansible-role-k8s-tripleo - tasks_from: create-database - vars: - database_name: 'keystone' - -# NOTE(flaper87): Requesting a PVC should probably not be the default, explore -# using secrets for the fernet keys -- name: Create keystone PVC - k8s_v1_persistent_volume_claim: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: keystone-fernet - namespace: "{{namespace}}" - state: present - spec_access_modes: - - ReadWriteMany - spec_storage_class_name: slow - spec_resources_requests: - storage: 1Gi - -- name: Create keystone job - k8s_v1_job: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: keystone-db-sync - namespace: "{{namespace}}" - state: present - restart_policy: OnFailure - containers: - - image: tripleoupstream/centos-binary-keystone - name: keystone-db-sync - env: - - name: KOLLA_CONFIG_STRATEGY - value: COPY_ALWAYS - - name: KOLLA_BOOTSTRAP - value: '' - volume_mounts: "{{keystone_mounts + keystone_mounts_extra}}" - volumes: "{{keystone_volumes + keystone_volumes_extra}}" - state: present - -- name: Keystone fernet bootstrap - k8s_v1_job: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: keystone-fernet - namespace: "{{namespace}}" - state: present - restart_policy: OnFailure - containers: - - image: tripleoupstream/centos-binary-keystone-fernet - name: keystone-fernet-bootstrap - command: ["kolla_keystone_bootstrap", "keystone", "keystone"] - env: - - name: KOLLA_CONFIG_STRATEGY - value: COPY_ALWAYS - volume_mounts: "{{keystone_mounts + keystone_mounts_extra}}" - volumes: "{{keystone_volumes + keystone_volumes_extra}}" - state: present - -- name: Create keystone service - k8s_v1_service: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: "{{keystone_hostname}}" - namespace: "{{namespace}}" - state: present - ports: - - port: 5000 - name: keystone-api-public - - port: 35357 - name: keystone-api-admin - selector: - app: keystone-api - register: keystone_service - -- set_fact: - keystone_address: "{{keystone_service.service.spec.cluster_ip}}" - when: keystone_use_service_ip - -- name: Keystone bootstrap - k8s_v1_job: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: keystone-bootstrap - namespace: "{{namespace}}" - state: present - restart_policy: OnFailure - containers: - - image: tripleoupstream/centos-binary-keystone - name: keystone-bootstrap - # NOTE(flaper87): We might want to set bootstrap URLs, project name, etc - command: - - keystone-manage - - --config-file - - /var/lib/kolla/config_files/keystone.conf - - bootstrap - - --bootstrap-username - - '{{keystone_config.admin_username}}' - - --bootstrap-password - - '{{keystone_config.admin_password}}' - - --bootstrap-role-name - - '{{keystone_config.admin_role_name}}' - - --bootstrap-project-name - - '{{keystone_config.admin_project_name}}' - - --bootstrap-service-name - - '{{keystone_config.admin_service_name}}' - - --bootstrap-admin-url - - "http://{{keystone_address}}:35357/v3" - - --bootstrap-internal-url - - "http://{{keystone_address}}:5000/v3" - - --bootstrap-public-url - - "http://{{keystone_address}}:5000/v3" - - --bootstrap-region-id - - RegionOne - env: - - name: KOLLA_CONFIG_STRATEGY - value: COPY_ALWAYS - - name: KOLLA_BOOTSTRAP - value: '' - volume_mounts: "{{keystone_mounts + keystone_mounts_extra}}" - volumes: "{{keystone_volumes + keystone_volumes_extra}}" - state: present - -- name: Create keystone deployment - k8s_apps_v1beta1_deployment: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: keystone-api - namespace: "{{namespace}}" - replicas: 1 - spec_revision_history_limit: 3 - spec_template_metadata_labels: - app: keystone-api - containers: - - name: keystone-api - image: tripleoupstream/centos-binary-keystone - imagePullPolicy: IfNotPresent - env: - - name: KOLLA_CONFIG_STRATEGY - value: COPY_ALWAYS - - name: KOLLA_KUBERNETES - value: "" - ports: - - name: api-public - containerPort: 5000 - - name: api-admin - containerPort: 35357 - volume_mounts: "{{keystone_mounts + keystone_mounts_extra}}" - volumes: "{{keystone_volumes + keystone_volumes_extra}}" - state: present - register: create_service - -- set_fact: - clouds_yaml: | - clouds: - {{namespace}}: - region_name: RegionOne - identity_api_version: 3 - auth: - username: '{{keystone_config.admin_username}}' - password: '{{keystone_config.admin_password}}' - project_name: '{{keystone_config.admin_project_name}}' - user_domain_name: '{{keystone_config.admin_domain_name}}' - project_domain_name: '{{keystone_config.admin_domain_name}}' - auth_url: 'http://keystone:5000/v3' - -- name: Create keystone secrets - k8s_v1_secret: - host: "{{coe_host}}" - context: "{{coe_config_context}}" - kubeconfig: "{{coe_config_file}}" - name: '{{clouds_config}}' - namespace: "{{namespace}}" - state: present - data: - clouds.yaml: "{{clouds_yaml | b64encode}}" diff --git a/templates/base.conf.j2 b/templates/base.conf.j2 deleted file mode 100644 index e69de29..0000000 diff --git a/templates/httpd-keystone-admin.conf b/templates/httpd-keystone-admin.conf deleted file mode 100644 index 1dd79a9..0000000 --- a/templates/httpd-keystone-admin.conf +++ /dev/null @@ -1,22 +0,0 @@ - - ## Vhost docroot - DocumentRoot "/var/www/cgi-bin/keystone" - - ## Directories, there should at least be a declaration for /var/www/cgi-bin/keystone - - - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Require all granted - - - ## Logging - # ErrorLog "/var/log/httpd/keystone_wsgi_admin_error.log" - ServerSignature Off - # CustomLog "/var/log/httpd/keystone_wsgi_admin_access.log" combined - WSGIApplicationGroup %{GLOBAL} - WSGIDaemonProcess keystone_admin display-name=keystone-admin group=keystone processes=2 threads=1 user=keystone - WSGIProcessGroup keystone_admin - WSGIScriptAlias / "/var/www/cgi-bin/keystone/admin" - WSGIPassAuthorization On - \ No newline at end of file diff --git a/templates/httpd-keystone-main.conf b/templates/httpd-keystone-main.conf deleted file mode 100644 index 860d06e..0000000 --- a/templates/httpd-keystone-main.conf +++ /dev/null @@ -1,22 +0,0 @@ - - ## Vhost docroot - DocumentRoot "/var/www/cgi-bin/keystone" - - ## Directories, there should at least be a declaration for /var/www/cgi-bin/keystone - - - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Require all granted - - - ## Logging - # ErrorLog "/var/log/httpd/keystone_wsgi_main_error.log" - ServerSignature Off - # CustomLog "/var/log/httpd/keystone_wsgi_main_access.log" combined - WSGIApplicationGroup %{GLOBAL} - WSGIDaemonProcess keystone_main display-name=keystone-main group=keystone processes=2 threads=1 user=keystone - WSGIProcessGroup keystone_main - WSGIScriptAlias / "/var/www/cgi-bin/keystone/main" - WSGIPassAuthorization On - diff --git a/templates/httpd.conf b/templates/httpd.conf deleted file mode 100644 index b12f584..0000000 --- a/templates/httpd.conf +++ /dev/null @@ -1,113 +0,0 @@ -Listen *:5000 -Listen *:35357 - -ServerRoot "/etc/httpd" -DocumentRoot "/var/www/html" -User apache -Group apache - -Include conf.modules.d/*.conf - - - AllowOverride none - Require all denied - - - - AllowOverride None - # Allow open access: - Require all granted - - - - AllowOverride None - Options None - Require all granted - - - - DirectoryIndex index.html - - - - Require all denied - - -ErrorLog /dev/stderr - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - - CustomLog /dev/stdout combined - - - - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig /etc/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - AddType text/html .shtml - AddOutputFilter INCLUDES .shtml - - -AddDefaultCharset UTF-8 - - - # - # The mod_mime_magic module allows the server to use various hints from the - # contents of the file itself to determine its type. The MIMEMagicFile - # directive tells the module where the hint definitions are located. - # - MIMEMagicFile conf/magic - - -EnableSendfile on - -# Supplemental configuration -# -# Load config files in the "/etc/httpd/conf.d" directory, if any. -IncludeOptional conf.d/*.conf \ No newline at end of file diff --git a/templates/keystone-schema.yaml b/templates/keystone-schema.yaml deleted file mode 100644 index dd5dbca..0000000 --- a/templates/keystone-schema.yaml +++ /dev/null @@ -1,12323 +0,0 @@ -deprecated_options: - DATABASE: - - name: sql_connection - replacement_group: database - replacement_name: connection - - name: sql_idle_timeout - replacement_group: database - replacement_name: idle_timeout - - name: sql_min_pool_size - replacement_group: database - replacement_name: min_pool_size - - name: sql_max_pool_size - replacement_group: database - replacement_name: max_pool_size - - name: sql_max_retries - replacement_group: database - replacement_name: max_retries - - name: reconnect_interval - replacement_group: database - replacement_name: retry_interval - - name: sqlalchemy_max_overflow - replacement_group: database - replacement_name: max_overflow - - name: sqlalchemy_pool_timeout - replacement_group: database - replacement_name: pool_timeout - DEFAULT: - - name: rpc_conn_pool_size - replacement_group: DEFAULT - replacement_name: rpc_conn_pool_size - - name: rpc_zmq_bind_address - replacement_group: DEFAULT - replacement_name: rpc_zmq_bind_address - - name: rpc_zmq_matchmaker - replacement_group: DEFAULT - replacement_name: rpc_zmq_matchmaker - - name: rpc_zmq_contexts - replacement_group: DEFAULT - replacement_name: rpc_zmq_contexts - - name: rpc_zmq_topic_backlog - replacement_group: DEFAULT - replacement_name: rpc_zmq_topic_backlog - - name: rpc_zmq_ipc_dir - replacement_group: DEFAULT - replacement_name: rpc_zmq_ipc_dir - - name: rpc_zmq_host - replacement_group: DEFAULT - replacement_name: rpc_zmq_host - - name: rpc_cast_timeout - replacement_group: DEFAULT - replacement_name: zmq_linger - - name: rpc_poll_timeout - replacement_group: DEFAULT - replacement_name: rpc_poll_timeout - - name: zmq_target_expire - replacement_group: DEFAULT - replacement_name: zmq_target_expire - - name: zmq_target_update - replacement_group: DEFAULT - replacement_name: zmq_target_update - - name: use_pub_sub - replacement_group: DEFAULT - replacement_name: use_pub_sub - - name: use_router_proxy - replacement_group: DEFAULT - replacement_name: use_router_proxy - - name: rpc_zmq_min_port - replacement_group: DEFAULT - replacement_name: rpc_zmq_min_port - - name: rpc_zmq_max_port - replacement_group: DEFAULT - replacement_name: rpc_zmq_max_port - - name: rpc_zmq_bind_port_retries - replacement_group: DEFAULT - replacement_name: rpc_zmq_bind_port_retries - - name: rpc_zmq_serialization - replacement_group: DEFAULT - replacement_name: rpc_zmq_serialization - - name: rpc_thread_pool_size - replacement_group: DEFAULT - replacement_name: executor_thread_pool_size - - name: log_config - replacement_group: DEFAULT - replacement_name: log-config-append - - name: logfile - replacement_group: DEFAULT - replacement_name: log-file - - name: logdir - replacement_group: DEFAULT - replacement_name: log-dir - - name: rpc_zmq_bind_address - replacement_group: oslo_messaging_zmq - replacement_name: rpc_zmq_bind_address - - name: rpc_zmq_matchmaker - replacement_group: oslo_messaging_zmq - replacement_name: rpc_zmq_matchmaker - - name: rpc_zmq_contexts - replacement_group: oslo_messaging_zmq - replacement_name: rpc_zmq_contexts - - name: rpc_zmq_topic_backlog - replacement_group: oslo_messaging_zmq - replacement_name: rpc_zmq_topic_backlog - - name: rpc_zmq_ipc_dir - replacement_group: oslo_messaging_zmq - replacement_name: rpc_zmq_ipc_dir - - name: rpc_zmq_host - replacement_group: oslo_messaging_zmq - replacement_name: rpc_zmq_host - - name: rpc_cast_timeout - replacement_group: oslo_messaging_zmq - replacement_name: zmq_linger - - name: rpc_poll_timeout - replacement_group: oslo_messaging_zmq - replacement_name: rpc_poll_timeout - - name: zmq_target_expire - replacement_group: oslo_messaging_zmq - replacement_name: zmq_target_expire - - name: zmq_target_update - replacement_group: oslo_messaging_zmq - replacement_name: zmq_target_update - - name: use_pub_sub - replacement_group: oslo_messaging_zmq - replacement_name: use_pub_sub - - name: use_router_proxy - replacement_group: oslo_messaging_zmq - replacement_name: use_router_proxy - - name: rpc_zmq_min_port - replacement_group: oslo_messaging_zmq - replacement_name: rpc_zmq_min_port - - name: rpc_zmq_max_port - replacement_group: oslo_messaging_zmq - replacement_name: rpc_zmq_max_port - - name: rpc_zmq_bind_port_retries - replacement_group: oslo_messaging_zmq - replacement_name: rpc_zmq_bind_port_retries - - name: rpc_zmq_serialization - replacement_group: oslo_messaging_zmq - replacement_name: rpc_zmq_serialization - - name: notification_driver - replacement_group: oslo_messaging_notifications - replacement_name: driver - - name: notification_transport_url - replacement_group: oslo_messaging_notifications - replacement_name: transport_url - - name: notification_topics - replacement_group: oslo_messaging_notifications - replacement_name: topics - - name: amqp_durable_queues - replacement_group: oslo_messaging_rabbit - replacement_name: amqp_durable_queues - - name: rabbit_durable_queues - replacement_group: oslo_messaging_rabbit - replacement_name: amqp_durable_queues - - name: amqp_auto_delete - replacement_group: oslo_messaging_rabbit - replacement_name: amqp_auto_delete - - name: kombu_reconnect_delay - replacement_group: oslo_messaging_rabbit - replacement_name: kombu_reconnect_delay - - name: rabbit_host - replacement_group: oslo_messaging_rabbit - replacement_name: rabbit_host - - name: rabbit_port - replacement_group: oslo_messaging_rabbit - replacement_name: rabbit_port - - name: rabbit_hosts - replacement_group: oslo_messaging_rabbit - replacement_name: rabbit_hosts - - name: rabbit_userid - replacement_group: oslo_messaging_rabbit - replacement_name: rabbit_userid - - name: rabbit_password - replacement_group: oslo_messaging_rabbit - replacement_name: rabbit_password - - name: rabbit_login_method - replacement_group: oslo_messaging_rabbit - replacement_name: rabbit_login_method - - name: rabbit_virtual_host - replacement_group: oslo_messaging_rabbit - replacement_name: rabbit_virtual_host - - name: rabbit_retry_backoff - replacement_group: oslo_messaging_rabbit - replacement_name: rabbit_retry_backoff - - name: rabbit_max_retries - replacement_group: oslo_messaging_rabbit - replacement_name: rabbit_max_retries - - name: rabbit_ha_queues - replacement_group: oslo_messaging_rabbit - replacement_name: rabbit_ha_queues - - name: fake_rabbit - replacement_group: oslo_messaging_rabbit - replacement_name: fake_rabbit - - name: bind_host - replacement_group: eventlet_server - replacement_name: public_bind_host - - name: public_bind_host - replacement_group: eventlet_server - replacement_name: public_bind_host - - name: public_port - replacement_group: eventlet_server - replacement_name: public_port - - name: bind_host - replacement_group: eventlet_server - replacement_name: admin_bind_host - - name: admin_bind_host - replacement_group: eventlet_server - replacement_name: admin_bind_host - - name: admin_port - replacement_group: eventlet_server - replacement_name: admin_port - - name: policy_file - replacement_group: oslo_policy - replacement_name: policy_file - - name: policy_default_rule - replacement_group: oslo_policy - replacement_name: policy_default_rule - - name: policy_dirs - replacement_group: oslo_policy - replacement_name: policy_dirs - - name: osapi_max_request_body_size - replacement_group: oslo_middleware - replacement_name: max_request_body_size - - name: max_request_body_size - replacement_group: oslo_middleware - replacement_name: max_request_body_size - - name: sqlite_synchronous - replacement_group: database - replacement_name: sqlite_synchronous - - name: db_backend - replacement_group: database - replacement_name: backend - - name: sql_connection - replacement_group: database - replacement_name: connection - - name: sql_idle_timeout - replacement_group: database - replacement_name: idle_timeout - - name: sql_min_pool_size - replacement_group: database - replacement_name: min_pool_size - - name: sql_max_pool_size - replacement_group: database - replacement_name: max_pool_size - - name: sql_max_retries - replacement_group: database - replacement_name: max_retries - - name: sql_retry_interval - replacement_group: database - replacement_name: retry_interval - - name: sql_max_overflow - replacement_group: database - replacement_name: max_overflow - - name: sql_connection_debug - replacement_group: database - replacement_name: connection_debug - - name: sql_connection_trace - replacement_group: database - replacement_name: connection_trace - amqp1: - - name: container_name - replacement_group: oslo_messaging_amqp - replacement_name: container_name - - name: idle_timeout - replacement_group: oslo_messaging_amqp - replacement_name: idle_timeout - - name: trace - replacement_group: oslo_messaging_amqp - replacement_name: trace - - name: ssl_ca_file - replacement_group: oslo_messaging_amqp - replacement_name: ssl_ca_file - - name: ssl_cert_file - replacement_group: oslo_messaging_amqp - replacement_name: ssl_cert_file - - name: ssl_key_file - replacement_group: oslo_messaging_amqp - replacement_name: ssl_key_file - - name: ssl_key_password - replacement_group: oslo_messaging_amqp - replacement_name: ssl_key_password - - name: allow_insecure_clients - replacement_group: oslo_messaging_amqp - replacement_name: allow_insecure_clients - - name: sasl_mechanisms - replacement_group: oslo_messaging_amqp - replacement_name: sasl_mechanisms - - name: sasl_config_dir - replacement_group: oslo_messaging_amqp - replacement_name: sasl_config_dir - - name: sasl_config_name - replacement_group: oslo_messaging_amqp - replacement_name: sasl_config_name - - name: username - replacement_group: oslo_messaging_amqp - replacement_name: username - - name: password - replacement_group: oslo_messaging_amqp - replacement_name: password - - name: server_request_prefix - replacement_group: oslo_messaging_amqp - replacement_name: server_request_prefix - - name: broadcast_prefix - replacement_group: oslo_messaging_amqp - replacement_name: broadcast_prefix - - name: group_request_prefix - replacement_group: oslo_messaging_amqp - replacement_name: group_request_prefix - assignment: - - name: caching - replacement_group: resource - replacement_name: caching - - name: cache_time - replacement_group: resource - replacement_name: cache_time - - name: list_limit - replacement_group: resource - replacement_name: list_limit - oslo_messaging_rabbit: - - name: kombu_ssl_version - replacement_group: oslo_messaging_rabbit - replacement_name: ssl_version - - name: kombu_ssl_keyfile - replacement_group: oslo_messaging_rabbit - replacement_name: ssl_key_file - - name: kombu_ssl_certfile - replacement_group: oslo_messaging_rabbit - replacement_name: ssl_cert_file - - name: kombu_ssl_ca_certs - replacement_group: oslo_messaging_rabbit - replacement_name: ssl_ca_file - - name: kombu_reconnect_timeout - replacement_group: oslo_messaging_rabbit - replacement_name: kombu_missing_consumer_retry_timeout - profiler: - - name: profiler_enabled - replacement_group: profiler - replacement_name: enabled - rpc_notifier2: - - name: topics - replacement_group: oslo_messaging_notifications - replacement_name: topics - sql: - - name: connection - replacement_group: database - replacement_name: connection - - name: idle_timeout - replacement_group: database - replacement_name: idle_timeout - token: - - name: revocation_cache_time - replacement_group: revoke - replacement_name: cache_time -generator_options: - config_dir: [] - config_file: - - config-generator/keystone.conf - format_: yaml - minimal: false - namespace: - - keystone - - oslo.cache - - oslo.log - - oslo.messaging - - oslo.policy - - oslo.db - - oslo.middleware - - osprofiler - output_file: keystone-schema.yaml - summarize: false - wrap_width: 79 -options: - DEFAULT: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: admin_token - help: Using this feature is *NOT* recommended. Instead, use the `keystone-manage - bootstrap` command. The value of this option is treated as a "shared secret" - that can be used to bootstrap Keystone through the API. This "token" does - not represent a user (it has no identity), and carries no explicit authorization - (it effectively bypasses most authorization checks). If set to `None`, the - value is ignored and the `admin_token` middleware is effectively disabled. - However, to completely disable `admin_token` in production (highly recommended, - as it presents a security risk), remove `AdminTokenAuthMiddleware` (the `admin_token_auth` - filter) from your paste application pipelines (for example, in `keystone-paste.ini`). - max: null - metavar: null - min: null - mutable: false - name: admin_token - namespace: keystone - positional: false - required: false - sample_default: null - secret: true - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: public_endpoint - help: 'The base public endpoint URL for Keystone that is advertised to clients - (NOTE: this does NOT affect how Keystone listens for connections). Defaults - to the base host URL of the request. For example, if keystone receives a request - to `http://server:5000/v3/users`, then this will option will be automatically - treated as `http://server:5000`. You should only need to set option if either - the value of the base URL contains a path that keystone does not automatically - infer (`/prefix/v3`), or if the endpoint should be found on a different host.' - max: null - metavar: null - min: null - mutable: false - name: public_endpoint - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: uri value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: admin_endpoint - help: 'The base admin endpoint URL for Keystone that is advertised to clients - (NOTE: this does NOT affect how Keystone listens for connections). Defaults - to the base host URL of the request. For example, if keystone receives a request - to `http://server:35357/v3/users`, then this will option will be automatically - treated as `http://server:35357`. You should only need to set option if either - the value of the base URL contains a path that keystone does not automatically - infer (`/prefix/v3`), or if the endpoint should be found on a different host.' - max: null - metavar: null - min: null - mutable: false - name: admin_endpoint - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: uri value - - advanced: false - choices: [] - default: 5 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: max_project_tree_depth - help: 'Maximum depth of the project hierarchy, excluding the project acting - as a domain at the top of the hierarchy. WARNING: Setting it to a large value - may adversely impact performance.' - max: null - metavar: null - min: null - mutable: false - name: max_project_tree_depth - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 64 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: max_param_size - help: Limit the sizes of user & project ID/names. - max: null - metavar: null - min: null - mutable: false - name: max_param_size - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 255 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: max_token_size - help: Similar to `[DEFAULT] max_param_size`, but provides an exception for token - values. With Fernet tokens, this can be set as low as 255. With UUID tokens, - this should be set to 32). - max: null - metavar: null - min: null - mutable: false - name: max_token_size - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 9fe2ff9ee4384b1894a90878d3e92bab - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: member_role_id - help: Similar to the `[DEFAULT] member_role_name` option, this represents the - default role ID used to associate users with their default projects in the - v2 API. This will be used as the explicit role where one is not specified - by the v2 API. You do not need to set this value unless you want keystone - to use an existing role with a different ID, other than the arbitrarily defined - `_member_` role (in which case, you should set `[DEFAULT] member_role_name` - as well). - max: null - metavar: null - min: null - mutable: false - name: member_role_id - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: _member_ - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: member_role_name - help: This is the role name used in combination with the `[DEFAULT] member_role_id` - option; see that option for more detail. You do not need to set this option - unless you want keystone to use an existing role (in which case, you should - set `[DEFAULT] member_role_id` as well). - max: null - metavar: null - min: null - mutable: false - name: member_role_name - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 10000 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: sha512_crypt is insufficient for password hashes, use of - bcrypt, pbkfd2_sha512 and scrypt are now supported. Options are located in - the [identity] config block. This option is still used for rolling upgrade - compatibility password hashing. - deprecated_since: P - dest: crypt_strength - help: The value passed as the keyword "rounds" to passlib's encrypt method. - This option represents a trade off between security and performance. Higher - values lead to slower performance, but higher security. Changing this option - will only affect newly created passwords as existing password hashes already - have a fixed number of rounds applied, so it is safe to tune this option in - a running cluster. For more information, see https://pythonhosted.org/passlib/password_hash_api.html#choosing-the-right-rounds-value - max: 100000 - metavar: null - min: 1000 - mutable: false - name: crypt_strength - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: list_limit - help: The maximum number of entities that will be returned in a collection. - This global limit may be then overridden for a specific driver, by specifying - a list_limit in the appropriate section (for example, `[assignment]`). No - limit is set by default. In larger deployments, it is recommended that you - set this to a reasonable number to prevent operations like listing all users - and projects from placing an unnecessary load on the system. - max: null - metavar: null - min: null - mutable: false - name: list_limit - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: strict_password_check - help: If set to true, strict password length checking is performed for password - manipulation. If a password exceeds the maximum length, the operation will - fail with an HTTP 403 Forbidden error. If set to false, passwords are automatically - truncated to the maximum length. - max: null - metavar: null - min: null - mutable: false - name: strict_password_check - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: HTTP_X_FORWARDED_PROTO - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: This option has been deprecated in the N release and will - be removed in the P release. Use oslo.middleware.http_proxy_to_wsgi configuration - instead. - deprecated_since: N - dest: secure_proxy_ssl_header - help: The HTTP header used to determine the scheme for the original request, - even if it was removed by an SSL terminating proxy. - max: null - metavar: null - min: null - mutable: false - name: secure_proxy_ssl_header - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: insecure_debug - help: If set to true, then the server will return information in HTTP responses - that may allow an unauthenticated or authenticated user to get more information - than normal, such as additional details about why authentication failed. This - may be useful for debugging but is insecure. - max: null - metavar: null - min: null - mutable: false - name: insecure_debug - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_publisher_id - help: Default `publisher_id` for outgoing notifications. If left undefined, - Keystone will default to using the server's host name. - max: null - metavar: null - min: null - mutable: false - name: default_publisher_id - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: - - basic - - cadf - default: cadf - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: notification_format - help: Define the notification format for identity service events. A `basic` - notification only has information about the resource being operated on. A - `cadf` notification has the same information, as well as information about - the initiator of the event. The `cadf` option is entirely backwards compatible - with the `basic` option, but is fully CADF-compliant, and is recommended for - auditing use cases. - max: null - metavar: null - min: null - mutable: false - name: notification_format - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: - - identity.authenticate.success - - identity.authenticate.pending - - identity.authenticate.failed - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: notification_opt_out - help: 'You can reduce the number of notifications keystone emits by explicitly - opting out. Keystone will not emit notifications that match the patterns expressed - in this list. Values are expected to be in the form of `identity..`. - By default, all notifications related to authentication are automatically - suppressed. This field can be set multiple times in order to opt-out of multiple - notification topics. For example, the following suppresses notifications describing - user creation or successful authentication events: notification_opt_out=identity.user.create - notification_opt_out=identity.authenticate.success' - max: null - metavar: null - min: null - mutable: false - name: notification_opt_out - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: multi valued - - advanced: false - choices: [] - default: 30 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_conn_pool_size - deprecated_reason: null - deprecated_since: null - dest: rpc_conn_pool_size - help: Size of RPC connection pool. - max: null - metavar: null - min: null - mutable: false - name: rpc_conn_pool_size - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 2 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: conn_pool_min_size - help: The pool size limit for connections expiration policy - max: null - metavar: null - min: null - mutable: false - name: conn_pool_min_size - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 1200 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: conn_pool_ttl - help: The time-to-live in sec of idle connections in the pool - max: null - metavar: null - min: null - mutable: false - name: conn_pool_ttl - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: '*' - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_bind_address - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_bind_address - help: ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, - or IP. The "host" option should point or resolve to this address. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_bind_address - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: &id001 - - redis - - sentinel - - dummy - default: redis - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_matchmaker - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_matchmaker - help: MatchMaker driver. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_matchmaker - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 1 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_contexts - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_contexts - help: Number of ZeroMQ contexts, defaults to 1. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_contexts - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_topic_backlog - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_topic_backlog - help: Maximum number of ingress messages to locally buffer per topic. Default - is unlimited. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_topic_backlog - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: /var/run/openstack - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_ipc_dir - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_ipc_dir - help: Directory for holding IPC sockets. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_ipc_dir - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: x1hobo - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_host - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_host - help: Name of this node. Must be a valid hostname, FQDN, or IP address. Must - match "host" option, if running Nova. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_host - namespace: oslo.messaging - positional: false - required: false - sample_default: localhost - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_cast_timeout - deprecated_reason: null - deprecated_since: null - dest: zmq_linger - help: Number of seconds to wait before all pending messages will be sent after - closing a socket. The default value of -1 specifies an infinite linger period. - The value of 0 specifies no linger period. Pending messages shall be discarded - immediately when the socket is closed. Positive values specify an upper bound - for the linger period. - max: null - metavar: null - min: null - mutable: false - name: zmq_linger - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 1 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_poll_timeout - deprecated_reason: null - deprecated_since: null - dest: rpc_poll_timeout - help: The default number of seconds that poll should wait. Poll raises timeout - exception when timeout expired. - max: null - metavar: null - min: null - mutable: false - name: rpc_poll_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 300 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: zmq_target_expire - deprecated_reason: null - deprecated_since: null - dest: zmq_target_expire - help: Expiration timeout in seconds of a name service record about existing - target ( < 0 means no timeout). - max: null - metavar: null - min: null - mutable: false - name: zmq_target_expire - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 180 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: zmq_target_update - deprecated_reason: null - deprecated_since: null - dest: zmq_target_update - help: Update period in seconds of a name service record about existing target. - max: null - metavar: null - min: null - mutable: false - name: zmq_target_update - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: use_pub_sub - deprecated_reason: null - deprecated_since: null - dest: use_pub_sub - help: Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. - max: null - metavar: null - min: null - mutable: false - name: use_pub_sub - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: use_router_proxy - deprecated_reason: null - deprecated_since: null - dest: use_router_proxy - help: Use ROUTER remote proxy. - max: null - metavar: null - min: null - mutable: false - name: use_router_proxy - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: use_dynamic_connections - help: This option makes direct connections dynamic or static. It makes sense - only with use_router_proxy=False which means to use direct connections for - direct message types (ignored otherwise). - max: null - metavar: null - min: null - mutable: false - name: use_dynamic_connections - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 2 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: zmq_failover_connections - help: How many additional connections to a host will be made for failover reasons. - This option is actual only in dynamic connections mode. - max: null - metavar: null - min: null - mutable: false - name: zmq_failover_connections - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 49153 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_min_port - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_min_port - help: Minimal port number for random ports range. - max: 65535 - metavar: null - min: 0 - mutable: false - name: rpc_zmq_min_port - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: port value - - advanced: false - choices: [] - default: 65536 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_max_port - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_max_port - help: Maximal port number for random ports range. - max: 65536 - metavar: null - min: 1 - mutable: false - name: rpc_zmq_max_port - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 100 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_bind_port_retries - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_bind_port_retries - help: Number of retries to find free port number before fail with ZMQBindError. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_bind_port_retries - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: &id002 - - json - - msgpack - default: json - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_serialization - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_serialization - help: Default serialization mechanism for serializing/deserializing outgoing/incoming - messages - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_serialization - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: zmq_immediate - help: This option configures round-robin mode in zmq socket. True means not - keeping a queue when server side disconnects. False means to keep queue and - messages even if server is disconnected, when the server appears we send all - accumulated messages to it. - max: null - metavar: null - min: null - mutable: false - name: zmq_immediate - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: zmq_tcp_keepalive - help: Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or - any other negative value) means to skip any overrides and leave it to OS default; - 0 and 1 (or any other positive value) mean to disable and enable the option - respectively. - max: null - metavar: null - min: null - mutable: false - name: zmq_tcp_keepalive - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: zmq_tcp_keepalive_idle - help: The duration between two keepalive transmissions in idle condition. The - unit is platform dependent, for example, seconds in Linux, milliseconds in - Windows etc. The default value of -1 (or any other negative value and 0) means - to skip any overrides and leave it to OS default. - max: null - metavar: null - min: null - mutable: false - name: zmq_tcp_keepalive_idle - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: zmq_tcp_keepalive_cnt - help: The number of retransmissions to be carried out before declaring that - remote end is not available. The default value of -1 (or any other negative - value and 0) means to skip any overrides and leave it to OS default. - max: null - metavar: null - min: null - mutable: false - name: zmq_tcp_keepalive_cnt - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: zmq_tcp_keepalive_intvl - help: The duration between two successive keepalive retransmissions, if acknowledgement - to the previous keepalive transmission is not received. The unit is platform - dependent, for example, seconds in Linux, milliseconds in Windows etc. The - default value of -1 (or any other negative value and 0) means to skip any - overrides and leave it to OS default. - max: null - metavar: null - min: null - mutable: false - name: zmq_tcp_keepalive_intvl - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 100 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_thread_pool_size - help: Maximum number of (green) threads to work concurrently. - max: null - metavar: null - min: null - mutable: false - name: rpc_thread_pool_size - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 300 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_message_ttl - help: Expiration timeout in seconds of a sent/received message after which it - is not tracked anymore by a client/server. - max: null - metavar: null - min: null - mutable: false - name: rpc_message_ttl - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_use_acks - help: Wait for message acknowledgements from receivers. This mechanism works - only via proxy without PUB/SUB. - max: null - metavar: null - min: null - mutable: false - name: rpc_use_acks - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 15 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_ack_timeout_base - help: Number of seconds to wait for an ack from a cast/call. After each retry - attempt this timeout is multiplied by some specified multiplier. - max: null - metavar: null - min: null - mutable: false - name: rpc_ack_timeout_base - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 2 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_ack_timeout_multiplier - help: Number to multiply base ack timeout by after each retry attempt. - max: null - metavar: null - min: null - mutable: false - name: rpc_ack_timeout_multiplier - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 3 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_retry_attempts - help: 'Default number of message sending attempts in case of any problems occurred: - positive value N means at most N retries, 0 means no retries, None or -1 (or - any other negative values) mean to retry forever. This option is used only - if acknowledgments are enabled.' - max: null - metavar: null - min: null - mutable: false - name: rpc_retry_attempts - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: subscribe_on - help: List of publisher hosts SubConsumer can subscribe on. This option has - higher priority then the default publishers list taken from the matchmaker. - max: null - metavar: null - min: null - mutable: false - name: subscribe_on - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: 64 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_thread_pool_size - deprecated_reason: null - deprecated_since: null - dest: executor_thread_pool_size - help: Size of executor thread pool when executor is threading or eventlet. - max: null - metavar: null - min: null - mutable: false - name: executor_thread_pool_size - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 60 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_response_timeout - help: Seconds to wait for a response from a call. - max: null - metavar: null - min: null - mutable: false - name: rpc_response_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: transport_url - help: A URL representing the messaging driver to use and its full configuration. - max: null - metavar: null - min: null - mutable: false - name: transport_url - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: true - short: null - type: string value - - advanced: false - choices: [] - default: rabbit - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: rpc_backend - help: The messaging driver to use, defaults to rabbit. Other drivers include - amqp and zmq. - max: null - metavar: null - min: null - mutable: false - name: rpc_backend - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: keystone - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: control_exchange - help: The default exchange under which topics are scoped. May be overridden - by an exchange name specified in the transport_url option. - max: null - metavar: null - min: null - mutable: false - name: control_exchange - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: debug - help: If set to true, the logging level will be set to DEBUG instead of the - default INFO level. - max: null - metavar: null - min: null - mutable: true - name: debug - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: d - type: boolean value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: log_config - deprecated_reason: null - deprecated_since: null - dest: log_config_append - help: The name of a logging configuration file. This file is appended to any - existing logging configuration files. For details about logging configuration - files, see the Python logging module documentation. Note that when logging - configuration files are used then all logging configuration is set in the - configuration file and other logging configuration options are ignored (for - example, logging_context_format_string). - max: null - metavar: PATH - min: null - mutable: true - name: log-config-append - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '%Y-%m-%d %H:%M:%S' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: log_date_format - help: 'Defines the format string for %%(asctime)s in log records. Default: %(default)s - . This option is ignored if log_config_append is set.' - max: null - metavar: DATE_FORMAT - min: null - mutable: false - name: log-date-format - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: logfile - deprecated_reason: null - deprecated_since: null - dest: log_file - help: (Optional) Name of log file to send logging output to. If no default is - set, logging will go to stderr as defined by use_stderr. This option is ignored - if log_config_append is set. - max: null - metavar: PATH - min: null - mutable: false - name: log-file - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: logdir - deprecated_reason: null - deprecated_since: null - dest: log_dir - help: (Optional) The base directory used for relative log_file paths. This - option is ignored if log_config_append is set. - max: null - metavar: null - min: null - mutable: false - name: log-dir - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: watch_log_file - help: Uses logging handler designed to watch file system. When log file is moved - or removed this handler will open a new log file with specified path instantaneously. - It makes sense only if log_file option is specified and Linux platform is - used. This option is ignored if log_config_append is set. - max: null - metavar: null - min: null - mutable: false - name: watch-log-file - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: use_syslog - help: Use syslog for logging. Existing syslog format is DEPRECATED and will - be changed later to honor RFC5424. This option is ignored if log_config_append - is set. - max: null - metavar: null - min: null - mutable: false - name: use-syslog - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: use_journal - help: Enable journald for logging. If running in a systemd environment you may - wish to enable journal support. Doing so will use the journal native protocol - which includes structured metadata in addition to log messages.This option - is ignored if log_config_append is set. - max: null - metavar: null - min: null - mutable: false - name: use-journal - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: LOG_USER - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: syslog_log_facility - help: Syslog facility to receive log lines. This option is ignored if log_config_append - is set. - max: null - metavar: null - min: null - mutable: false - name: syslog-log-facility - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: use_stderr - help: Log output to standard error. This option is ignored if log_config_append - is set. - max: null - metavar: null - min: null - mutable: false - name: use_stderr - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s - %(user_identity)s] %(instance)s%(message)s' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: logging_context_format_string - help: Format string to use for log messages with context. - max: null - metavar: null - min: null - mutable: false - name: logging_context_format_string - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: logging_default_format_string - help: Format string to use for log messages when context is undefined. - max: null - metavar: null - min: null - mutable: false - name: logging_default_format_string - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '%(funcName)s %(pathname)s:%(lineno)d' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: logging_debug_format_suffix - help: Additional data to append to log message when logging level for the message - is DEBUG. - max: null - metavar: null - min: null - mutable: false - name: logging_debug_format_suffix - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: logging_exception_prefix - help: Prefix each line of exception output with this format. - max: null - metavar: null - min: null - mutable: false - name: logging_exception_prefix - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '%(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: logging_user_identity_format - help: Defines the format string for %(user_identity)s that is used in logging_context_format_string. - max: null - metavar: null - min: null - mutable: false - name: logging_user_identity_format - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: - - amqp=WARN - - amqplib=WARN - - boto=WARN - - qpid=WARN - - sqlalchemy=WARN - - suds=INFO - - oslo.messaging=INFO - - oslo_messaging=INFO - - iso8601=WARN - - requests.packages.urllib3.connectionpool=WARN - - urllib3.connectionpool=WARN - - websocket=WARN - - requests.packages.urllib3.util.retry=WARN - - urllib3.util.retry=WARN - - keystonemiddleware=WARN - - routes.middleware=WARN - - stevedore=WARN - - taskflow=WARN - - keystoneauth=WARN - - oslo.cache=INFO - - dogpile.core.dogpile=INFO - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_log_levels - help: List of package logging levels in logger=LEVEL pairs. This option is ignored - if log_config_append is set. - max: null - metavar: null - min: null - mutable: false - name: default_log_levels - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: publish_errors - help: Enables or disables publication of error events. - max: null - metavar: null - min: null - mutable: false - name: publish_errors - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: '[instance: %(uuid)s] ' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: instance_format - help: The format for an instance that is passed with the log message. - max: null - metavar: null - min: null - mutable: false - name: instance_format - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '[instance: %(uuid)s] ' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: instance_uuid_format - help: The format for an instance UUID that is passed with the log message. - max: null - metavar: null - min: null - mutable: false - name: instance_uuid_format - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 0 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rate_limit_interval - help: Interval, number of seconds, of log rate limiting. - max: null - metavar: null - min: null - mutable: false - name: rate_limit_interval - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 0 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rate_limit_burst - help: Maximum number of logged messages per rate_limit_interval. - max: null - metavar: null - min: null - mutable: false - name: rate_limit_burst - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: CRITICAL - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rate_limit_except_level - help: 'Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, - DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level - are not filtered. An empty string means that all levels are filtered.' - max: null - metavar: null - min: null - mutable: false - name: rate_limit_except_level - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: fatal_deprecations - help: Enables or disables fatal status of deprecations. - max: null - metavar: null - min: null - mutable: false - name: fatal_deprecations - namespace: oslo.log - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - standard_opts: - - admin_token - - public_endpoint - - admin_endpoint - - max_project_tree_depth - - max_param_size - - max_token_size - - member_role_id - - member_role_name - - crypt_strength - - list_limit - - strict_password_check - - secure_proxy_ssl_header - - insecure_debug - - default_publisher_id - - notification_format - - notification_opt_out - - rpc_conn_pool_size - - conn_pool_min_size - - conn_pool_ttl - - rpc_zmq_bind_address - - rpc_zmq_matchmaker - - rpc_zmq_contexts - - rpc_zmq_topic_backlog - - rpc_zmq_ipc_dir - - rpc_zmq_host - - zmq_linger - - rpc_poll_timeout - - zmq_target_expire - - zmq_target_update - - use_pub_sub - - use_router_proxy - - use_dynamic_connections - - zmq_failover_connections - - rpc_zmq_min_port - - rpc_zmq_max_port - - rpc_zmq_bind_port_retries - - rpc_zmq_serialization - - zmq_immediate - - zmq_tcp_keepalive - - zmq_tcp_keepalive_idle - - zmq_tcp_keepalive_cnt - - zmq_tcp_keepalive_intvl - - rpc_thread_pool_size - - rpc_message_ttl - - rpc_use_acks - - rpc_ack_timeout_base - - rpc_ack_timeout_multiplier - - rpc_retry_attempts - - subscribe_on - - executor_thread_pool_size - - rpc_response_timeout - - transport_url - - rpc_backend - - control_exchange - - debug - - log-config-append - - log-date-format - - log-file - - log-dir - - watch-log-file - - use-syslog - - use-journal - - syslog-log-facility - - use_stderr - - logging_context_format_string - - logging_default_format_string - - logging_debug_format_suffix - - logging_exception_prefix - - logging_user_identity_format - - default_log_levels - - publish_errors - - instance_format - - instance_uuid_format - - rate_limit_interval - - rate_limit_burst - - rate_limit_except_level - - fatal_deprecations - assignment: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the assignment backend driver (where role assignments - are stored) in the `keystone.assignment` namespace. Only a SQL driver is supplied - by keystone itself. Unless you are writing proprietary drivers for keystone, - you do not need to set this option. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: - - admin - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: prohibited_implied_role - help: A list of role names which are prohibited from being an implied role. - max: null - metavar: null - min: null - mutable: false - name: prohibited_implied_role - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - standard_opts: - - driver - - prohibited_implied_role - auth: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: - - external - - password - - token - - oauth1 - - mapped - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: methods - help: 'Allowed authentication methods. Note: You should disable the `external` - auth method if you are currently using federation. External auth and federation - both use the REMOTE_USER variable. Since both the mapped and external plugin - are being invoked to validate attributes in the request environment, it can - cause conflicts.' - max: null - metavar: null - min: null - mutable: false - name: methods - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: password - help: Entry point for the password auth plugin module in the `keystone.auth.password` - namespace. You do not need to set this unless you are overriding keystone's - own password authentication plugin. - max: null - metavar: null - min: null - mutable: false - name: password - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: token - help: Entry point for the token auth plugin module in the `keystone.auth.token` - namespace. You do not need to set this unless you are overriding keystone's - own token authentication plugin. - max: null - metavar: null - min: null - mutable: false - name: token - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: external - help: Entry point for the external (`REMOTE_USER`) auth plugin module in the - `keystone.auth.external` namespace. Supplied drivers are `DefaultDomain` and - `Domain`. The default driver is `DefaultDomain`, which assumes that all users - identified by the username specified to keystone in the `REMOTE_USER` variable - exist within the context of the default domain. The `Domain` option expects - an additional environment variable be presented to keystone, `REMOTE_DOMAIN`, - containing the domain name of the `REMOTE_USER` (if `REMOTE_DOMAIN` is not - set, then the default domain will be used instead). You do not need to set - this unless you are taking advantage of "external authentication", where the - application server (such as Apache) is handling authentication instead of - keystone. - max: null - metavar: null - min: null - mutable: false - name: external - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: oauth1 - help: Entry point for the OAuth 1.0a auth plugin module in the `keystone.auth.oauth1` - namespace. You do not need to set this unless you are overriding keystone's - own `oauth1` authentication plugin. - max: null - metavar: null - min: null - mutable: false - name: oauth1 - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: mapped - help: Entry point for the mapped auth plugin module in the `keystone.auth.mapped` - namespace. You do not need to set this unless you are overriding keystone's - own `mapped` authentication plugin. - max: null - metavar: null - min: null - mutable: false - name: mapped - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - standard_opts: - - methods - - password - - token - - external - - oauth1 - - mapped - cache: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: cache.oslo - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: config_prefix - help: Prefix for building the configuration dictionary for the cache region. - This should not need to be changed unless there is another dogpile.cache region - with the same configuration name. - max: null - metavar: null - min: null - mutable: false - name: config_prefix - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 600 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: expiration_time - help: Default TTL, in seconds, for any cached item in the dogpile.cache region. - This applies to any cached method that doesn't have an explicit cache expiration - time defined for it. - max: null - metavar: null - min: null - mutable: false - name: expiration_time - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: dogpile.cache.null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: backend - help: Dogpile.cache backend module. It is recommended that Memcache or Redis - (dogpile.cache.redis) be used in production deployments. For eventlet-based - or highly threaded servers, Memcache with pooling (oslo_cache.memcache_pool) - is recommended. For low thread servers, dogpile.cache.memcached is recommended. - Test environments with a single instance of the server can use the dogpile.cache.memory - backend. - max: null - metavar: null - min: null - mutable: false - name: backend - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: backend_argument - help: 'Arguments supplied to the backend module. Specify this option once per - argument to be passed to the dogpile.cache backend. Example format: ":".' - max: null - metavar: null - min: null - mutable: false - name: backend_argument - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: true - short: null - type: multi valued - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: proxies - help: Proxy classes to import that will affect the way the dogpile.cache backend - functions. See the dogpile.cache documentation on changing-backend-behavior. - max: null - metavar: null - min: null - mutable: false - name: proxies - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: enabled - help: Global toggle for caching. - max: null - metavar: null - min: null - mutable: false - name: enabled - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: debug_cache_backend - help: Extra debugging from the cache backend (cache keys, get/set/delete/etc - calls). This is only really useful if you need to see the specific cache-backend - get/set/delete calls with the keys/values. Typically this should be left - set to false. - max: null - metavar: null - min: null - mutable: false - name: debug_cache_backend - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: - - localhost:11211 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: memcache_servers - help: Memcache servers in the format of "host:port". (dogpile.cache.memcache - and oslo_cache.memcache_pool backends only). - max: null - metavar: null - min: null - mutable: false - name: memcache_servers - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: 300 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: memcache_dead_retry - help: Number of seconds memcached server is considered dead before it is tried - again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only). - max: null - metavar: null - min: null - mutable: false - name: memcache_dead_retry - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 3 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: memcache_socket_timeout - help: Timeout in seconds for every call to a server. (dogpile.cache.memcache - and oslo_cache.memcache_pool backends only). - max: null - metavar: null - min: null - mutable: false - name: memcache_socket_timeout - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 10 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: memcache_pool_maxsize - help: Max total number of open connections to every memcached server. (oslo_cache.memcache_pool - backend only). - max: null - metavar: null - min: null - mutable: false - name: memcache_pool_maxsize - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 60 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: memcache_pool_unused_timeout - help: Number of seconds a connection to memcached is held unused in the pool - before it is closed. (oslo_cache.memcache_pool backend only). - max: null - metavar: null - min: null - mutable: false - name: memcache_pool_unused_timeout - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 10 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: memcache_pool_connection_get_timeout - help: Number of seconds that an operation will wait to get a memcache client - connection. - max: null - metavar: null - min: null - mutable: false - name: memcache_pool_connection_get_timeout - namespace: oslo.cache - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - config_prefix - - expiration_time - - backend - - backend_argument - - proxies - - enabled - - debug_cache_backend - - memcache_servers - - memcache_dead_retry - - memcache_socket_timeout - - memcache_pool_maxsize - - memcache_pool_unused_timeout - - memcache_pool_connection_get_timeout - catalog: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: default_catalog.templates - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: template_file - help: Absolute path to the file used for the templated catalog backend. This - option is only used if the `[catalog] driver` is set to `templated`. - max: null - metavar: null - min: null - mutable: false - name: template_file - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the catalog driver in the `keystone.catalog` namespace. - Keystone provides a `sql` option (which supports basic CRUD operations through - SQL), a `templated` option (which loads the catalog from a templated catalog - file on disk), and a `endpoint_filter.sql` option (which supports arbitrary - service catalogs per project). - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: caching - help: Toggle for catalog caching. This has no effect unless global caching is - enabled. In a typical deployment, there is no reason to disable this. - max: null - metavar: null - min: null - mutable: false - name: caching - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: cache_time - help: Time to cache catalog data (in seconds). This has no effect unless global - and catalog caching are both enabled. Catalog data (services, endpoints, etc.) - typically does not change frequently, and so a longer duration than the global - default may be desirable. - max: null - metavar: null - min: null - mutable: false - name: cache_time - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: list_limit - help: Maximum number of entities that will be returned in a catalog collection. - There is typically no reason to set this, as it would be unusual for a deployment - to have enough services or endpoints to exceed a reasonable limit. - max: null - metavar: null - min: null - mutable: false - name: list_limit - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - template_file - - driver - - caching - - cache_time - - list_limit - cors: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: allowed_origin - help: 'Indicate whether this resource may be shared with the domain received - in the requests "origin" header. Format: "://[:]", no - trailing slash. Example: https://horizon.example.com' - max: null - metavar: null - min: null - mutable: false - name: allowed_origin - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: allow_credentials - help: Indicate that the actual request can include user credentials - max: null - metavar: null - min: null - mutable: false - name: allow_credentials - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: - - X-Auth-Token - - X-Openstack-Request-Id - - X-Subject-Token - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: expose_headers - help: Indicate which headers are safe to expose to the API. Defaults to HTTP - Simple Headers. - max: null - metavar: null - min: null - mutable: false - name: expose_headers - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: 3600 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: max_age - help: Maximum cache age of CORS preflight requests. - max: null - metavar: null - min: null - mutable: false - name: max_age - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: - - GET - - PUT - - POST - - DELETE - - PATCH - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: allow_methods - help: Indicate which methods can be used during the actual request. - max: null - metavar: null - min: null - mutable: false - name: allow_methods - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: - - X-Auth-Token - - X-Openstack-Request-Id - - X-Subject-Token - - X-Project-Id - - X-Project-Name - - X-Project-Domain-Id - - X-Project-Domain-Name - - X-Domain-Id - - X-Domain-Name - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: allow_headers - help: Indicate which header field names may be used during the actual request. - max: null - metavar: null - min: null - mutable: false - name: allow_headers - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - standard_opts: - - allowed_origin - - allow_credentials - - expose_headers - - max_age - - allow_methods - - allow_headers - cors.subdomain: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: allowed_origin - help: 'Indicate whether this resource may be shared with the domain received - in the requests "origin" header. Format: "://[:]", no - trailing slash. Example: https://horizon.example.com' - max: null - metavar: null - min: null - mutable: false - name: allowed_origin - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: allow_credentials - help: Indicate that the actual request can include user credentials - max: null - metavar: null - min: null - mutable: false - name: allow_credentials - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: - - X-Auth-Token - - X-Openstack-Request-Id - - X-Subject-Token - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: expose_headers - help: Indicate which headers are safe to expose to the API. Defaults to HTTP - Simple Headers. - max: null - metavar: null - min: null - mutable: false - name: expose_headers - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: 3600 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: max_age - help: Maximum cache age of CORS preflight requests. - max: null - metavar: null - min: null - mutable: false - name: max_age - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: - - GET - - PUT - - POST - - DELETE - - PATCH - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: allow_methods - help: Indicate which methods can be used during the actual request. - max: null - metavar: null - min: null - mutable: false - name: allow_methods - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: - - X-Auth-Token - - X-Openstack-Request-Id - - X-Subject-Token - - X-Project-Id - - X-Project-Name - - X-Project-Domain-Id - - X-Project-Domain-Name - - X-Domain-Id - - X-Domain-Name - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: allow_headers - help: Indicate which header field names may be used during the actual request. - max: null - metavar: null - min: null - mutable: false - name: allow_headers - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - standard_opts: - - allowed_origin - - allow_credentials - - expose_headers - - max_age - - allow_methods - - allow_headers - credential: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the credential backend driver in the `keystone.credential` - namespace. Keystone only provides a `sql` driver, so there's no reason to - change this unless you are providing a custom entry point. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: fernet - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: provider - help: Entry point for credential encryption and decryption operations in the - `keystone.credential.provider` namespace. Keystone only provides a `fernet` - driver, so there's no reason to change this unless you are providing a custom - entry point to encrypt and decrypt credentials. - max: null - metavar: null - min: null - mutable: false - name: provider - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: /etc/keystone/credential-keys/ - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: key_repository - help: Directory containing Fernet keys used to encrypt and decrypt credentials - stored in the credential backend. Fernet keys used to encrypt credentials - have no relationship to Fernet keys used to encrypt Fernet tokens. Both sets - of keys should be managed separately and require different rotation policies. - Do not share this repository with the repository used to manage keys for Fernet - tokens. - max: null - metavar: null - min: null - mutable: false - name: key_repository - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - standard_opts: - - driver - - provider - - key_repository - database: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: sqlite_synchronous - deprecated_reason: null - deprecated_since: null - dest: sqlite_synchronous - help: If True, SQLite uses synchronous mode. - max: null - metavar: null - min: null - mutable: false - name: sqlite_synchronous - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: sqlalchemy - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: db_backend - deprecated_reason: null - deprecated_since: null - dest: backend - help: The back end to use for the database. - max: null - metavar: null - min: null - mutable: false - name: backend - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: sql_connection - - group: DATABASE - name: sql_connection - - group: sql - name: connection - deprecated_reason: null - deprecated_since: null - dest: connection - help: The SQLAlchemy connection string to use to connect to the database. - max: null - metavar: null - min: null - mutable: false - name: connection - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: true - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: slave_connection - help: The SQLAlchemy connection string to use to connect to the slave database. - max: null - metavar: null - min: null - mutable: false - name: slave_connection - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: true - short: null - type: string value - - advanced: false - choices: [] - default: TRADITIONAL - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: mysql_sql_mode - help: 'The SQL mode to be used for MySQL sessions. This option, including the - default, overrides any server-set SQL mode. To use whatever SQL mode is set - by the server configuration, set this to no value. Example: mysql_sql_mode=' - max: null - metavar: null - min: null - mutable: false - name: mysql_sql_mode - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 3600 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: sql_idle_timeout - - group: DATABASE - name: sql_idle_timeout - - group: sql - name: idle_timeout - deprecated_reason: null - deprecated_since: null - dest: idle_timeout - help: Timeout before idle SQL connections are reaped. - max: null - metavar: null - min: null - mutable: false - name: idle_timeout - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 1 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: sql_min_pool_size - - group: DATABASE - name: sql_min_pool_size - deprecated_reason: null - deprecated_since: null - dest: min_pool_size - help: Minimum number of SQL connections to keep open in a pool. - max: null - metavar: null - min: null - mutable: false - name: min_pool_size - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 5 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: sql_max_pool_size - - group: DATABASE - name: sql_max_pool_size - deprecated_reason: null - deprecated_since: null - dest: max_pool_size - help: Maximum number of SQL connections to keep open in a pool. Setting a value - of 0 indicates no limit. - max: null - metavar: null - min: null - mutable: false - name: max_pool_size - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 10 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: sql_max_retries - - group: DATABASE - name: sql_max_retries - deprecated_reason: null - deprecated_since: null - dest: max_retries - help: Maximum number of database connection retries during startup. Set to -1 - to specify an infinite retry count. - max: null - metavar: null - min: null - mutable: false - name: max_retries - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 10 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: sql_retry_interval - - group: DATABASE - name: reconnect_interval - deprecated_reason: null - deprecated_since: null - dest: retry_interval - help: Interval between retries of opening a SQL connection. - max: null - metavar: null - min: null - mutable: false - name: retry_interval - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 50 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: sql_max_overflow - - group: DATABASE - name: sqlalchemy_max_overflow - deprecated_reason: null - deprecated_since: null - dest: max_overflow - help: If set, use this value for max_overflow with SQLAlchemy. - max: null - metavar: null - min: null - mutable: false - name: max_overflow - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 0 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: sql_connection_debug - deprecated_reason: null - deprecated_since: null - dest: connection_debug - help: 'Verbosity of SQL debugging information: 0=None, 100=Everything.' - max: 100 - metavar: null - min: 0 - mutable: false - name: connection_debug - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: sql_connection_trace - deprecated_reason: null - deprecated_since: null - dest: connection_trace - help: Add Python stack traces to SQL as comment strings. - max: null - metavar: null - min: null - mutable: false - name: connection_trace - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: - - group: DATABASE - name: sqlalchemy_pool_timeout - deprecated_reason: null - deprecated_since: null - dest: pool_timeout - help: If set, use this value for pool_timeout with SQLAlchemy. - max: null - metavar: null - min: null - mutable: false - name: pool_timeout - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: use_db_reconnect - help: Enable the experimental use of database reconnect on connection lost. - max: null - metavar: null - min: null - mutable: false - name: use_db_reconnect - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: db_retry_interval - help: Seconds between retries of a database transaction. - max: null - metavar: null - min: null - mutable: false - name: db_retry_interval - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: db_inc_retry_interval - help: If True, increases the interval between retries of a database operation - up to db_max_retry_interval. - max: null - metavar: null - min: null - mutable: false - name: db_inc_retry_interval - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 10 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: db_max_retry_interval - help: If db_inc_retry_interval is set, the maximum seconds between retries of - a database operation. - max: null - metavar: null - min: null - mutable: false - name: db_max_retry_interval - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 20 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: db_max_retries - help: Maximum retries in case of connection error or deadlock error before error - is raised. Set to -1 to specify an infinite retry count. - max: null - metavar: null - min: null - mutable: false - name: db_max_retries - namespace: oslo.db - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - sqlite_synchronous - - backend - - connection - - slave_connection - - mysql_sql_mode - - idle_timeout - - min_pool_size - - max_pool_size - - max_retries - - retry_interval - - max_overflow - - connection_debug - - connection_trace - - pool_timeout - - use_db_reconnect - - db_retry_interval - - db_inc_retry_interval - - db_max_retry_interval - - db_max_retries - domain_config: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the domain-specific configuration driver in the `keystone.resource.domain_config` - namespace. Only a `sql` option is provided by keystone, so there is no reason - to set this unless you are providing a custom entry point. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: caching - help: Toggle for caching of the domain-specific configuration backend. This - has no effect unless global caching is enabled. There is normally no reason - to disable this. - max: null - metavar: null - min: null - mutable: false - name: caching - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 300 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: cache_time - help: Time-to-live (TTL, in seconds) to cache domain-specific configuration - data. This has no effect unless `[domain_config] caching` is enabled. - max: null - metavar: null - min: null - mutable: false - name: cache_time - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - driver - - caching - - cache_time - endpoint_filter: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the endpoint filter driver in the `keystone.endpoint_filter` - namespace. Only a `sql` option is provided by keystone, so there is no reason - to set this unless you are providing a custom entry point. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: return_all_endpoints_if_no_filter - help: This controls keystone's behavior if the configured endpoint filters do - not result in any endpoints for a user + project pair (and therefore a potentially - empty service catalog). If set to true, keystone will return the entire service - catalog. If set to false, keystone will return an empty service catalog. - max: null - metavar: null - min: null - mutable: false - name: return_all_endpoints_if_no_filter - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - standard_opts: - - driver - - return_all_endpoints_if_no_filter - endpoint_policy: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the endpoint policy driver in the `keystone.endpoint_policy` - namespace. Only a `sql` driver is provided by keystone, so there is no reason - to set this unless you are providing a custom entry point. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - standard_opts: - - driver - eventlet_server: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: 0.0.0.0 - deprecated_for_removal: true - deprecated_opts: - - group: DEFAULT - name: bind_host - - group: DEFAULT - name: public_bind_host - deprecated_reason: Support for running keystone under eventlet has been removed - in the Newton release. These options remain for backwards compatibility because - they are used for URL substitutions. - deprecated_since: K - dest: public_bind_host - help: The IP address of the network interface for the public service to listen - on. - max: null - metavar: null - min: null - mutable: false - name: public_bind_host - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: unknown value - - advanced: false - choices: [] - default: 5000 - deprecated_for_removal: true - deprecated_opts: - - group: DEFAULT - name: public_port - deprecated_reason: Support for running keystone under eventlet has been removed - in the Newton release. These options remain for backwards compatibility because - they are used for URL substitutions. - deprecated_since: K - dest: public_port - help: The port number for the public service to listen on. - max: 65535 - metavar: null - min: 0 - mutable: false - name: public_port - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: port value - - advanced: false - choices: [] - default: 0.0.0.0 - deprecated_for_removal: true - deprecated_opts: - - group: DEFAULT - name: bind_host - - group: DEFAULT - name: admin_bind_host - deprecated_reason: Support for running keystone under eventlet has been removed - in the Newton release. These options remain for backwards compatibility because - they are used for URL substitutions. - deprecated_since: K - dest: admin_bind_host - help: The IP address of the network interface for the admin service to listen - on. - max: null - metavar: null - min: null - mutable: false - name: admin_bind_host - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: unknown value - - advanced: false - choices: [] - default: 35357 - deprecated_for_removal: true - deprecated_opts: - - group: DEFAULT - name: admin_port - deprecated_reason: Support for running keystone under eventlet has been removed - in the Newton release. These options remain for backwards compatibility because - they are used for URL substitutions. - deprecated_since: K - dest: admin_port - help: The port number for the admin service to listen on. - max: 65535 - metavar: null - min: 0 - mutable: false - name: admin_port - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: port value - standard_opts: - - public_bind_host - - public_port - - admin_bind_host - - admin_port - federation: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the federation backend driver in the `keystone.federation` - namespace. Keystone only provides a `sql` driver, so there is no reason to - set this option unless you are providing a custom entry point. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: assertion_prefix - help: Prefix to use when filtering environment variable names for federated - assertions. Matched variables are passed into the federated mapping engine. - max: null - metavar: null - min: null - mutable: false - name: assertion_prefix - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: remote_id_attribute - help: Value to be used to obtain the entity ID of the Identity Provider from - the environment. For `mod_shib`, this would be `Shib-Identity-Provider`. For - For `mod_auth_openidc`, this could be `HTTP_OIDC_ISS`. For `mod_auth_mellon`, - this could be `MELLON_IDP`. - max: null - metavar: null - min: null - mutable: false - name: remote_id_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: Federated - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: federated_domain_name - help: An arbitrary domain name that is reserved to allow federated ephemeral - users to have a domain concept. Note that an admin will not be able to create - a domain with this name or update an existing domain to this name. You are - not advised to change this value unless you really have to. - max: null - metavar: null - min: null - mutable: false - name: federated_domain_name - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: trusted_dashboard - help: 'A list of trusted dashboard hosts. Before accepting a Single Sign-On - request to return a token, the origin host must be a member of this list. - This configuration option may be repeated for multiple values. You must set - this in order to use web-based SSO flows. For example: trusted_dashboard=https://acme.example.com/auth/websso - trusted_dashboard=https://beta.example.com/auth/websso' - max: null - metavar: null - min: null - mutable: false - name: trusted_dashboard - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: multi valued - - advanced: false - choices: [] - default: /etc/keystone/sso_callback_template.html - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: sso_callback_template - help: Absolute path to an HTML file used as a Single Sign-On callback handler. - This page is expected to redirect the user from keystone back to a trusted - dashboard host, by form encoding a token in a POST request. Keystone's default - value should be sufficient for most deployments. - max: null - metavar: null - min: null - mutable: false - name: sso_callback_template - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: caching - help: Toggle for federation caching. This has no effect unless global caching - is enabled. There is typically no reason to disable this. - max: null - metavar: null - min: null - mutable: false - name: caching - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - standard_opts: - - driver - - assertion_prefix - - remote_id_attribute - - federated_domain_name - - trusted_dashboard - - sso_callback_template - - caching - fernet_tokens: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: /etc/keystone/fernet-keys/ - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: key_repository - help: 'Directory containing Fernet token keys. This directory must exist before - using `keystone-manage fernet_setup` for the first time, must be writable - by the user running `keystone-manage fernet_setup` or `keystone-manage fernet_rotate`, - and of course must be readable by keystone''s server process. The repository - may contain keys in one of three states: a single staged key (always index - 0) used for token validation, a single primary key (always the highest index) - used for token creation and validation, and any number of secondary keys (all - other index values) used for token validation. With multiple keystone nodes, - each node must share the same key repository contents, with the exception - of the staged key (index 0). It is safe to run `keystone-manage fernet_rotate` - once on any one node to promote a staged key (index 0) to be the new primary - (incremented from the previous highest index), and produce a new staged key - (a new key with index 0); the resulting repository can then be atomically - replicated to other nodes without any risk of race conditions (for example, - it is safe to run `keystone-manage fernet_rotate` on host A, wait any amount - of time, create a tarball of the directory on host A, unpack it on host B - to a temporary location, and atomically move (`mv`) the directory into place - on host B). Running `keystone-manage fernet_rotate` *twice* on a key repository - without syncing other nodes will result in tokens that can not be validated - by all nodes.' - max: null - metavar: null - min: null - mutable: false - name: key_repository - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 3 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: max_active_keys - help: This controls how many keys are held in rotation by `keystone-manage fernet_rotate` - before they are discarded. The default value of 3 means that keystone will - maintain one staged key (always index 0), one primary key (the highest numerical - index), and one secondary key (every other index). Increasing this value means - that additional secondary keys will be kept in the rotation. - max: null - metavar: null - min: 1 - mutable: false - name: max_active_keys - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - key_repository - - max_active_keys - healthcheck: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: /healthcheck - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: path - help: The path to respond to healtcheck requests on. - max: null - metavar: null - min: null - mutable: false - name: path - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: detailed - help: Show more detailed information as part of the response - max: null - metavar: null - min: null - mutable: false - name: detailed - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: backends - help: Additional backends that can perform health checks and report that information - back as part of a request. - max: null - metavar: null - min: null - mutable: false - name: backends - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: disable_by_file_path - help: Check the presence of a file to determine if an application is running - on a port. Used by DisableByFileHealthcheck plugin. - max: null - metavar: null - min: null - mutable: false - name: disable_by_file_path - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: disable_by_file_paths - help: Check the presence of a file based on a port to determine if an application - is running on a port. Expects a "port:path" list of strings. Used by DisableByFilesPortsHealthcheck - plugin. - max: null - metavar: null - min: null - mutable: false - name: disable_by_file_paths - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - standard_opts: - - path - - detailed - - backends - - disable_by_file_path - - disable_by_file_paths - identity: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: default - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_domain_id - help: This references the domain to use for all Identity API v2 requests (which - are not aware of domains). A domain with this ID can optionally be created - for you by `keystone-manage bootstrap`. The domain referenced by this ID cannot - be deleted on the v3 API, to prevent accidentally breaking the v2 API. There - is nothing special about this domain, other than the fact that it must exist - to order to maintain support for your v2 clients. There is typically no reason - to change this value. - max: null - metavar: null - min: null - mutable: false - name: default_domain_id - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: domain_specific_drivers_enabled - help: A subset (or all) of domains can have their own identity driver, each - with their own partial configuration options, stored in either the resource - backend or in a file in a domain configuration directory (depending on the - setting of `[identity] domain_configurations_from_database`). Only values - specific to the domain need to be specified in this manner. This feature is - disabled by default, but may be enabled by default in a future release; set - to true to enable. - max: null - metavar: null - min: null - mutable: false - name: domain_specific_drivers_enabled - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: domain_configurations_from_database - help: By default, domain-specific configuration data is read from files in the - directory identified by `[identity] domain_config_dir`. Enabling this configuration - option allows you to instead manage domain-specific configurations through - the API, which are then persisted in the backend (typically, a SQL database), - rather than using configuration files on disk. - max: null - metavar: null - min: null - mutable: false - name: domain_configurations_from_database - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: /etc/keystone/domains - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: domain_config_dir - help: Absolute path where keystone should locate domain-specific `[identity]` - configuration files. This option has no effect unless `[identity] domain_specific_drivers_enabled` - is set to true. There is typically no reason to change this value. - max: null - metavar: null - min: null - mutable: false - name: domain_config_dir - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the identity backend driver in the `keystone.identity` - namespace. Keystone provides a `sql` and `ldap` driver. This option is also - used as the default driver selection (along with the other configuration variables - in this section) in the event that `[identity] domain_specific_drivers_enabled` - is enabled, but no applicable domain-specific configuration is defined for - the domain in question. Unless your deployment primarily relies on `ldap` - AND is not using domain-specific configuration, you should typically leave - this set to `sql`. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: caching - help: Toggle for identity caching. This has no effect unless global caching - is enabled. There is typically no reason to disable this. - max: null - metavar: null - min: null - mutable: false - name: caching - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 600 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: cache_time - help: Time to cache identity data (in seconds). This has no effect unless global - and identity caching are enabled. - max: null - metavar: null - min: null - mutable: false - name: cache_time - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 4096 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: max_password_length - help: Maximum allowed length for user passwords. Decrease this value to improve - performance. Changing this value does not effect existing passwords. - max: 4096 - metavar: null - min: null - mutable: false - name: max_password_length - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: list_limit - help: Maximum number of entities that will be returned in an identity collection. - max: null - metavar: null - min: null - mutable: false - name: list_limit - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: - - bcrypt - - scrypt - - pbkdf2_sha512 - default: bcrypt - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: password_hash_algorithm - help: The password hashing algorithm to use for passwords stored within keystone. - max: null - metavar: null - min: null - mutable: false - name: password_hash_algorithm - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: password_hash_rounds - help: 'This option represents a trade off between security and performance. - Higher values lead to slower performance, but higher security. Changing this - option will only affect newly created passwords as existing password hashes - already have a fixed number of rounds applied, so it is safe to tune this - option in a running cluster. The default for bcrypt is 12, must be between - 4 and 31, inclusive. The default for scrypt is 16, must be within `range(1,32)`. The - default for pbkdf_sha512 is 60000, must be within `range(1,1<<32)` WARNING: - If using scrypt, increasing this value increases BOTH time AND memory requirements - to hash a password.' - max: null - metavar: null - min: null - mutable: false - name: password_hash_rounds - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: scrypt_block_size - help: Optional block size to pass to scrypt hash function (the `r` parameter). - Useful for tuning scrypt to optimal performance for your CPU architecture. - This option is only used when the `password_hash_algorithm` option is set - to `scrypt`. Defaults to 8. - max: null - metavar: null - min: null - mutable: false - name: scrypt_block_size - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: scrypt_parallelism - help: Optional parallelism to pass to scrypt hash function (the `p` parameter). - This option is only used when the `password_hash_algorithm` option is set - to `scrypt`. Defaults to 1. - max: null - metavar: null - min: null - mutable: false - name: scrypt_parallelism - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: salt_bytesize - help: Number of bytes to use in scrypt and pbkfd2_sha512 hashing salt. Default - for scrypt is 16 bytes. Default for pbkfd2_sha512 is 16 bytes. Limited to - a maximum of 96 bytes due to the size of the column used to store password - hashes. - max: 96 - metavar: null - min: 0 - mutable: false - name: salt_bytesize - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: Only used for rolling-upgrade between Ocata and Pike - deprecated_since: P - dest: rolling_upgrade_password_hash_compat - help: This option tells keystone to continue to hash passwords with the sha512_crypt - algorithm for supporting rolling upgrades. sha512_crypt is typically more - insecure than bcrypt, pbkdf2, and scrypt. This option should be set to `False` - except in the case of performing a rolling upgrade where some Keystone servers - may not know how to verify non-sha512_crypt based password hashes. This option - will be removed in the Queens release and is only to support rolling upgrades - from Ocata release to Pike release. - max: null - metavar: null - min: null - mutable: false - name: rolling_upgrade_password_hash_compat - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - standard_opts: - - default_domain_id - - domain_specific_drivers_enabled - - domain_configurations_from_database - - domain_config_dir - - driver - - caching - - cache_time - - max_password_length - - list_limit - - password_hash_algorithm - - password_hash_rounds - - scrypt_block_size - - scrypt_parallelism - - salt_bytesize - - rolling_upgrade_password_hash_compat - identity_mapping: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the identity mapping backend driver in the `keystone.identity.id_mapping` - namespace. Keystone only provides a `sql` driver, so there is no reason to - change this unless you are providing a custom entry point. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: sha256 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: generator - help: Entry point for the public ID generator for user and group entities in - the `keystone.identity.id_generator` namespace. The Keystone identity mapper - only supports generators that produce 64 bytes or less. Keystone only provides - a `sha256` entry point, so there is no reason to change this value unless - you're providing a custom entry point. - max: null - metavar: null - min: null - mutable: false - name: generator - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: backward_compatible_ids - help: The format of user and group IDs changed in Juno for backends that do - not generate UUIDs (for example, LDAP), with keystone providing a hash mapping - to the underlying attribute in LDAP. By default this mapping is disabled, - which ensures that existing IDs will not change. Even when the mapping is - enabled by using domain-specific drivers (`[identity] domain_specific_drivers_enabled`), - any users and groups from the default domain being handled by LDAP will still - not be mapped to ensure their IDs remain backward compatible. Setting this - value to false will enable the new mapping for all backends, including the - default LDAP driver. It is only guaranteed to be safe to enable this option - if you do not already have assignments for users and groups from the default - LDAP domain, and you consider it to be acceptable for Keystone to provide - the different IDs to clients than it did previously (existing IDs in the API - will suddenly change). Typically this means that the only time you can set - this value to false is when configuring a fresh installation, although that - is the recommended value. - max: null - metavar: null - min: null - mutable: false - name: backward_compatible_ids - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - standard_opts: - - driver - - generator - - backward_compatible_ids - ldap: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: ldap://localhost - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: url - help: URL(s) for connecting to the LDAP server. Multiple LDAP URLs may be specified - as a comma separated string. The first URL to successfully bind is used for - the connection. - max: null - metavar: null - min: null - mutable: false - name: url - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user - help: The user name of the administrator bind DN to use when querying the LDAP - server, if your LDAP server requires it. - max: null - metavar: null - min: null - mutable: false - name: user - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: password - help: The password of the administrator bind DN to use when querying the LDAP - server, if your LDAP server requires it. - max: null - metavar: null - min: null - mutable: false - name: password - namespace: keystone - positional: false - required: false - sample_default: null - secret: true - short: null - type: string value - - advanced: false - choices: [] - default: cn=example,cn=com - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: suffix - help: The default LDAP server suffix to use, if a DN is not defined via either - `[ldap] user_tree_dn` or `[ldap] group_tree_dn`. - max: null - metavar: null - min: null - mutable: false - name: suffix - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: - - one - - sub - default: one - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: query_scope - help: The search scope which defines how deep to search within the search base. - A value of `one` (representing `oneLevel` or `singleLevel`) indicates a search - of objects immediately below to the base object, but does not include the - base object itself. A value of `sub` (representing `subtree` or `wholeSubtree`) - indicates a search of both the base object itself and the entire subtree below - it. - max: null - metavar: null - min: null - mutable: false - name: query_scope - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 0 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: page_size - help: Defines the maximum number of results per page that keystone should request - from the LDAP server when listing objects. A value of zero (`0`) disables - paging. - max: null - metavar: null - min: 0 - mutable: false - name: page_size - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: - - never - - searching - - always - - finding - - default - default: default - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: alias_dereferencing - help: The LDAP dereferencing option to use for queries involving aliases. A - value of `default` falls back to using default dereferencing behavior configured - by your `ldap.conf`. A value of `never` prevents aliases from being dereferenced - at all. A value of `searching` dereferences aliases only after name resolution. - A value of `finding` dereferences aliases only during name resolution. A value - of `always` dereferences aliases in all cases. - max: null - metavar: null - min: null - mutable: false - name: alias_dereferencing - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: debug_level - help: Sets the LDAP debugging level for LDAP calls. A value of 0 means that - debugging is not enabled. This value is a bitmask, consult your LDAP documentation - for possible values. - max: null - metavar: null - min: -1 - mutable: false - name: debug_level - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: chase_referrals - help: Sets keystone's referral chasing behavior across directory partitions. - If left unset, the system's default behavior will be used. - max: null - metavar: null - min: null - mutable: false - name: chase_referrals - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_tree_dn - help: The search base to use for users. Defaults to the `[ldap] suffix` value. - max: null - metavar: null - min: null - mutable: false - name: user_tree_dn - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_filter - help: The LDAP search filter to use for users. - max: null - metavar: null - min: null - mutable: false - name: user_filter - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: inetOrgPerson - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_objectclass - help: The LDAP object class to use for users. - max: null - metavar: null - min: null - mutable: false - name: user_objectclass - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: cn - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_id_attribute - help: The LDAP attribute mapped to user IDs in keystone. This must NOT be a - multivalued attribute. User IDs are expected to be globally unique across - keystone domains and URL-safe. - max: null - metavar: null - min: null - mutable: false - name: user_id_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: sn - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_name_attribute - help: The LDAP attribute mapped to user names in keystone. User names are expected - to be unique only within a keystone domain and are not expected to be URL-safe. - max: null - metavar: null - min: null - mutable: false - name: user_name_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: description - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_description_attribute - help: The LDAP attribute mapped to user descriptions in keystone. - max: null - metavar: null - min: null - mutable: false - name: user_description_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: mail - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_mail_attribute - help: The LDAP attribute mapped to user emails in keystone. - max: null - metavar: null - min: null - mutable: false - name: user_mail_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: userPassword - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_pass_attribute - help: The LDAP attribute mapped to user passwords in keystone. - max: null - metavar: null - min: null - mutable: false - name: user_pass_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: enabled - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_enabled_attribute - help: The LDAP attribute mapped to the user enabled attribute in keystone. If - setting this option to `userAccountControl`, then you may be interested in - setting `[ldap] user_enabled_mask` and `[ldap] user_enabled_default` as well. - max: null - metavar: null - min: null - mutable: false - name: user_enabled_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_enabled_invert - help: Logically negate the boolean value of the enabled attribute obtained from - the LDAP server. Some LDAP servers use a boolean lock attribute where "true" - means an account is disabled. Setting `[ldap] user_enabled_invert = true` - will allow these lock attributes to be used. This option will have no effect - if either the `[ldap] user_enabled_mask` or `[ldap] user_enabled_emulation` - options are in use. - max: null - metavar: null - min: null - mutable: false - name: user_enabled_invert - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 0 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_enabled_mask - help: Bitmask integer to select which bit indicates the enabled value if the - LDAP server represents "enabled" as a bit on an integer rather than as a discrete - boolean. A value of `0` indicates that the mask is not used. If this is not - set to `0` the typical value is `2`. This is typically used when `[ldap] user_enabled_attribute - = userAccountControl`. Setting this option causes keystone to ignore the value - of `[ldap] user_enabled_invert`. - max: null - metavar: null - min: 0 - mutable: false - name: user_enabled_mask - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 'True' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_enabled_default - help: The default value to enable users. This should match an appropriate integer - value if the LDAP server uses non-boolean (bitmask) values to indicate if - a user is enabled or disabled. If this is not set to `True`, then the typical - value is `512`. This is typically used when `[ldap] user_enabled_attribute - = userAccountControl`. - max: null - metavar: null - min: null - mutable: false - name: user_enabled_default - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: - - default_project_id - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_attribute_ignore - help: List of user attributes to ignore on create and update, or whether a specific - user attribute should be filtered for list or show user. - max: null - metavar: null - min: null - mutable: false - name: user_attribute_ignore - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_default_project_id_attribute - help: The LDAP attribute mapped to a user's default_project_id in keystone. - This is most commonly used when keystone has write access to LDAP. - max: null - metavar: null - min: null - mutable: false - name: user_default_project_id_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_enabled_emulation - help: If enabled, keystone uses an alternative method to determine if a user - is enabled or not by checking if they are a member of the group defined by - the `[ldap] user_enabled_emulation_dn` option. Enabling this option causes - keystone to ignore the value of `[ldap] user_enabled_invert`. - max: null - metavar: null - min: null - mutable: false - name: user_enabled_emulation - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_enabled_emulation_dn - help: DN of the group entry to hold enabled users when using enabled emulation. - Setting this option has no effect unless `[ldap] user_enabled_emulation` is - also enabled. - max: null - metavar: null - min: null - mutable: false - name: user_enabled_emulation_dn - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_enabled_emulation_use_group_config - help: Use the `[ldap] group_member_attribute` and `[ldap] group_objectclass` - settings to determine membership in the emulated enabled group. Enabling this - option has no effect unless `[ldap] user_enabled_emulation` is also enabled. - max: null - metavar: null - min: null - mutable: false - name: user_enabled_emulation_use_group_config - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: user_additional_attribute_mapping - help: A list of LDAP attribute to keystone user attribute pairs used for mapping - additional attributes to users in keystone. The expected format is `:`, - where `ldap_attr` is the attribute in the LDAP object and `user_attr` is the - attribute which should appear in the identity API. - max: null - metavar: null - min: null - mutable: false - name: user_additional_attribute_mapping - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: group_tree_dn - help: The search base to use for groups. Defaults to the `[ldap] suffix` value. - max: null - metavar: null - min: null - mutable: false - name: group_tree_dn - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: group_filter - help: The LDAP search filter to use for groups. - max: null - metavar: null - min: null - mutable: false - name: group_filter - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: groupOfNames - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: group_objectclass - help: The LDAP object class to use for groups. If setting this option to `posixGroup`, - you may also be interested in enabling the `[ldap] group_members_are_ids` - option. - max: null - metavar: null - min: null - mutable: false - name: group_objectclass - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: cn - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: group_id_attribute - help: The LDAP attribute mapped to group IDs in keystone. This must NOT be a - multivalued attribute. Group IDs are expected to be globally unique across - keystone domains and URL-safe. - max: null - metavar: null - min: null - mutable: false - name: group_id_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: ou - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: group_name_attribute - help: The LDAP attribute mapped to group names in keystone. Group names are - expected to be unique only within a keystone domain and are not expected to - be URL-safe. - max: null - metavar: null - min: null - mutable: false - name: group_name_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: member - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: group_member_attribute - help: The LDAP attribute used to indicate that a user is a member of the group. - max: null - metavar: null - min: null - mutable: false - name: group_member_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: group_members_are_ids - help: Enable this option if the members of the group object class are keystone - user IDs rather than LDAP DNs. This is the case when using `posixGroup` as - the group object class in Open Directory. - max: null - metavar: null - min: null - mutable: false - name: group_members_are_ids - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: description - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: group_desc_attribute - help: The LDAP attribute mapped to group descriptions in keystone. - max: null - metavar: null - min: null - mutable: false - name: group_desc_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: group_attribute_ignore - help: List of group attributes to ignore on create and update. or whether a - specific group attribute should be filtered for list or show group. - max: null - metavar: null - min: null - mutable: false - name: group_attribute_ignore - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: group_additional_attribute_mapping - help: A list of LDAP attribute to keystone group attribute pairs used for mapping - additional attributes to groups in keystone. The expected format is `:`, - where `ldap_attr` is the attribute in the LDAP object and `group_attr` is - the attribute which should appear in the identity API. - max: null - metavar: null - min: null - mutable: false - name: group_additional_attribute_mapping - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: group_ad_nesting - help: If enabled, group queries will use Active Directory specific filters for - nested groups. - max: null - metavar: null - min: null - mutable: false - name: group_ad_nesting - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: tls_cacertfile - help: An absolute path to a CA certificate file to use when communicating with - LDAP servers. This option will take precedence over `[ldap] tls_cacertdir`, - so there is no reason to set both. - max: null - metavar: null - min: null - mutable: false - name: tls_cacertfile - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: tls_cacertdir - help: An absolute path to a CA certificate directory to use when communicating - with LDAP servers. There is no reason to set this option if you've also set - `[ldap] tls_cacertfile`. - max: null - metavar: null - min: null - mutable: false - name: tls_cacertdir - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: use_tls - help: Enable TLS when communicating with LDAP servers. You should also set the - `[ldap] tls_cacertfile` and `[ldap] tls_cacertdir` options when using this - option. Do not set this option if you are using LDAP over SSL (LDAPS) instead - of TLS. - max: null - metavar: null - min: null - mutable: false - name: use_tls - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: - - demand - - never - - allow - default: demand - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: tls_req_cert - help: Specifies which checks to perform against client certificates on incoming - TLS sessions. If set to `demand`, then a certificate will always be requested - and required from the LDAP server. If set to `allow`, then a certificate will - always be requested but not required from the LDAP server. If set to `never`, - then a certificate will never be requested. - max: null - metavar: null - min: null - mutable: false - name: tls_req_cert - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: connection_timeout - help: The connection timeout to use with the LDAP server. A value of `-1` means - that connections will never timeout. - max: null - metavar: null - min: -1 - mutable: false - name: connection_timeout - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: use_pool - help: Enable LDAP connection pooling for queries to the LDAP server. There is - typically no reason to disable this. - max: null - metavar: null - min: null - mutable: false - name: use_pool - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 10 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_size - help: The size of the LDAP connection pool. This option has no effect unless - `[ldap] use_pool` is also enabled. - max: null - metavar: null - min: 1 - mutable: false - name: pool_size - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 3 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_retry_max - help: The maximum number of times to attempt reconnecting to the LDAP server - before aborting. A value of zero prevents retries. This option has no effect - unless `[ldap] use_pool` is also enabled. - max: null - metavar: null - min: 0 - mutable: false - name: pool_retry_max - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 0.1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_retry_delay - help: The number of seconds to wait before attempting to reconnect to the LDAP - server. This option has no effect unless `[ldap] use_pool` is also enabled. - max: null - metavar: null - min: null - mutable: false - name: pool_retry_delay - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: floating point value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_connection_timeout - help: The connection timeout to use when pooling LDAP connections. A value of - `-1` means that connections will never timeout. This option has no effect - unless `[ldap] use_pool` is also enabled. - max: null - metavar: null - min: -1 - mutable: false - name: pool_connection_timeout - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 600 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_connection_lifetime - help: The maximum connection lifetime to the LDAP server in seconds. When this - lifetime is exceeded, the connection will be unbound and removed from the - connection pool. This option has no effect unless `[ldap] use_pool` is also - enabled. - max: null - metavar: null - min: 1 - mutable: false - name: pool_connection_lifetime - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: use_auth_pool - help: Enable LDAP connection pooling for end user authentication. There is typically - no reason to disable this. - max: null - metavar: null - min: null - mutable: false - name: use_auth_pool - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 100 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: auth_pool_size - help: The size of the connection pool to use for end user authentication. This - option has no effect unless `[ldap] use_auth_pool` is also enabled. - max: null - metavar: null - min: 1 - mutable: false - name: auth_pool_size - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 60 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: auth_pool_connection_lifetime - help: The maximum end user authentication connection lifetime to the LDAP server - in seconds. When this lifetime is exceeded, the connection will be unbound - and removed from the connection pool. This option has no effect unless `[ldap] - use_auth_pool` is also enabled. - max: null - metavar: null - min: 1 - mutable: false - name: auth_pool_connection_lifetime - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - url - - user - - password - - suffix - - query_scope - - page_size - - alias_dereferencing - - debug_level - - chase_referrals - - user_tree_dn - - user_filter - - user_objectclass - - user_id_attribute - - user_name_attribute - - user_description_attribute - - user_mail_attribute - - user_pass_attribute - - user_enabled_attribute - - user_enabled_invert - - user_enabled_mask - - user_enabled_default - - user_attribute_ignore - - user_default_project_id_attribute - - user_enabled_emulation - - user_enabled_emulation_dn - - user_enabled_emulation_use_group_config - - user_additional_attribute_mapping - - group_tree_dn - - group_filter - - group_objectclass - - group_id_attribute - - group_name_attribute - - group_member_attribute - - group_members_are_ids - - group_desc_attribute - - group_attribute_ignore - - group_additional_attribute_mapping - - group_ad_nesting - - tls_cacertfile - - tls_cacertdir - - use_tls - - tls_req_cert - - connection_timeout - - use_pool - - pool_size - - pool_retry_max - - pool_retry_delay - - pool_connection_timeout - - pool_connection_lifetime - - use_auth_pool - - auth_pool_size - - auth_pool_connection_lifetime - matchmaker_redis: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: 127.0.0.1 - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: host - help: Host to locate redis. - max: null - metavar: null - min: null - mutable: false - name: host - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 6379 - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: port - help: Use this port to connect to redis host. - max: 65535 - metavar: null - min: 0 - mutable: false - name: port - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: port value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: password - help: Password for Redis server (optional). - max: null - metavar: null - min: null - mutable: false - name: password - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: true - short: null - type: string value - - advanced: false - choices: [] - default: [] - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: sentinel_hosts - help: List of Redis Sentinel hosts (fault tolerance mode), e.g., [host:port, - host1:port ... ] - max: null - metavar: null - min: null - mutable: false - name: sentinel_hosts - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: oslo-messaging-zeromq - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: sentinel_group_name - help: Redis replica set name. - max: null - metavar: null - min: null - mutable: false - name: sentinel_group_name - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 2000 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: wait_timeout - help: Time in ms to wait between connection attempts. - max: null - metavar: null - min: null - mutable: false - name: wait_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 20000 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: check_timeout - help: Time in ms to wait before the transaction is killed. - max: null - metavar: null - min: null - mutable: false - name: check_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 10000 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: socket_timeout - help: Timeout in ms on blocking socket operations. - max: null - metavar: null - min: null - mutable: false - name: socket_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - host - - port - - password - - sentinel_hosts - - sentinel_group_name - - wait_timeout - - check_timeout - - socket_timeout - memcache: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: 300 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: dead_retry - help: Number of seconds memcached server is considered dead before it is tried - again. This is used by the key value store system. - max: null - metavar: null - min: null - mutable: false - name: dead_retry - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 3 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: socket_timeout - help: Timeout in seconds for every call to a server. This is used by the key - value store system. - max: null - metavar: null - min: null - mutable: false - name: socket_timeout - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 10 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_maxsize - help: Max total number of open connections to every memcached server. This is - used by the key value store system. - max: null - metavar: null - min: null - mutable: false - name: pool_maxsize - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 60 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_unused_timeout - help: Number of seconds a connection to memcached is held unused in the pool - before it is closed. This is used by the key value store system. - max: null - metavar: null - min: null - mutable: false - name: pool_unused_timeout - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 10 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_connection_get_timeout - help: Number of seconds that an operation will wait to get a memcache client - connection. This is used by the key value store system. - max: null - metavar: null - min: null - mutable: false - name: pool_connection_get_timeout - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - dead_retry - - socket_timeout - - pool_maxsize - - pool_unused_timeout - - pool_connection_get_timeout - oauth1: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the OAuth backend driver in the `keystone.oauth1` namespace. - Typically, there is no reason to set this option unless you are providing - a custom entry point. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 28800 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: request_token_duration - help: Number of seconds for the OAuth Request Token to remain valid after being - created. This is the amount of time the user has to authorize the token. Setting - this option to zero means that request tokens will last forever. - max: null - metavar: null - min: 0 - mutable: false - name: request_token_duration - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 86400 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: access_token_duration - help: Number of seconds for the OAuth Access Token to remain valid after being - created. This is the amount of time the consumer has to interact with the - service provider (which is typically keystone). Setting this option to zero - means that access tokens will last forever. - max: null - metavar: null - min: 0 - mutable: false - name: access_token_duration - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - driver - - request_token_duration - - access_token_duration - oslo_messaging_amqp: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: container_name - deprecated_reason: null - deprecated_since: null - dest: container_name - help: Name for the AMQP container. must be globally unique. Defaults to a generated - UUID - max: null - metavar: null - min: null - mutable: false - name: container_name - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 0 - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: idle_timeout - deprecated_reason: null - deprecated_since: null - dest: idle_timeout - help: Timeout for inactive connections (in seconds) - max: null - metavar: null - min: null - mutable: false - name: idle_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: trace - deprecated_reason: null - deprecated_since: null - dest: trace - help: 'Debug: dump AMQP frames to stdout' - max: null - metavar: null - min: null - mutable: false - name: trace - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: ssl - help: Attempt to connect via SSL. If no other ssl-related parameters are given, - it will use the system's CA-bundle to verify the server's certificate. - max: null - metavar: null - min: null - mutable: false - name: ssl - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: ssl_ca_file - deprecated_reason: null - deprecated_since: null - dest: ssl_ca_file - help: CA certificate PEM file used to verify the server's certificate - max: null - metavar: null - min: null - mutable: false - name: ssl_ca_file - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: ssl_cert_file - deprecated_reason: null - deprecated_since: null - dest: ssl_cert_file - help: Self-identifying certificate PEM file for client authentication - max: null - metavar: null - min: null - mutable: false - name: ssl_cert_file - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: ssl_key_file - deprecated_reason: null - deprecated_since: null - dest: ssl_key_file - help: Private key PEM file used to sign ssl_cert_file certificate (optional) - max: null - metavar: null - min: null - mutable: false - name: ssl_key_file - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: ssl_key_password - deprecated_reason: null - deprecated_since: null - dest: ssl_key_password - help: Password for decrypting ssl_key_file (if encrypted) - max: null - metavar: null - min: null - mutable: false - name: ssl_key_password - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: true - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: true - deprecated_opts: - - group: amqp1 - name: allow_insecure_clients - deprecated_reason: Not applicable - not a SSL server - deprecated_since: null - dest: allow_insecure_clients - help: Accept clients using either SSL or plain TCP - max: null - metavar: null - min: null - mutable: false - name: allow_insecure_clients - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: sasl_mechanisms - deprecated_reason: null - deprecated_since: null - dest: sasl_mechanisms - help: Space separated list of acceptable SASL mechanisms - max: null - metavar: null - min: null - mutable: false - name: sasl_mechanisms - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: sasl_config_dir - deprecated_reason: null - deprecated_since: null - dest: sasl_config_dir - help: Path to directory that contains the SASL configuration - max: null - metavar: null - min: null - mutable: false - name: sasl_config_dir - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: sasl_config_name - deprecated_reason: null - deprecated_since: null - dest: sasl_config_name - help: Name of configuration file (without .conf suffix) - max: null - metavar: null - min: null - mutable: false - name: sasl_config_name - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: sasl_default_realm - help: SASL realm to use if no realm present in username - max: null - metavar: null - min: null - mutable: false - name: sasl_default_realm - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: true - deprecated_opts: - - group: amqp1 - name: username - deprecated_reason: Should use configuration option transport_url to provide - the username. - deprecated_since: null - dest: username - help: User name for message broker authentication - max: null - metavar: null - min: null - mutable: false - name: username - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: true - deprecated_opts: - - group: amqp1 - name: password - deprecated_reason: Should use configuration option transport_url to provide - the password. - deprecated_since: null - dest: password - help: Password for message broker authentication - max: null - metavar: null - min: null - mutable: false - name: password - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: true - short: null - type: string value - - advanced: false - choices: [] - default: 1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: connection_retry_interval - help: Seconds to pause before attempting to re-connect. - max: null - metavar: null - min: 1 - mutable: false - name: connection_retry_interval - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 2 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: connection_retry_backoff - help: Increase the connection_retry_interval by this many seconds after each - unsuccessful failover attempt. - max: null - metavar: null - min: 0 - mutable: false - name: connection_retry_backoff - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 30 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: connection_retry_interval_max - help: Maximum limit for connection_retry_interval + connection_retry_backoff - max: null - metavar: null - min: 1 - mutable: false - name: connection_retry_interval_max - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 10 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: link_retry_delay - help: Time to pause between re-connecting an AMQP 1.0 link that failed due to - a recoverable error. - max: null - metavar: null - min: 1 - mutable: false - name: link_retry_delay - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 0 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_reply_retry - help: The maximum number of attempts to re-send a reply message which failed - due to a recoverable error. - max: null - metavar: null - min: -1 - mutable: false - name: default_reply_retry - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 30 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_reply_timeout - help: The deadline for an rpc reply message delivery. - max: null - metavar: null - min: 5 - mutable: false - name: default_reply_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 30 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_send_timeout - help: The deadline for an rpc cast or call message delivery. Only used when - caller does not provide a timeout expiry. - max: null - metavar: null - min: 5 - mutable: false - name: default_send_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 30 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_notify_timeout - help: The deadline for a sent notification message delivery. Only used when - caller does not provide a timeout expiry. - max: null - metavar: null - min: 5 - mutable: false - name: default_notify_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 600 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_sender_link_timeout - help: The duration to schedule a purge of idle sender links. Detach link after - expiry. - max: null - metavar: null - min: 1 - mutable: false - name: default_sender_link_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: dynamic - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: addressing_mode - help: 'Indicates the addressing mode used by the driver. - - Permitted values: - - ''legacy'' - use legacy non-routable addressing - - ''routable'' - use routable addresses - - ''dynamic'' - use legacy addresses if the message bus does not support routing - otherwise use routable addressing' - max: null - metavar: null - min: null - mutable: false - name: addressing_mode - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: exclusive - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: server_request_prefix - deprecated_reason: null - deprecated_since: null - dest: server_request_prefix - help: address prefix used when sending to a specific server - max: null - metavar: null - min: null - mutable: false - name: server_request_prefix - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: broadcast - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: broadcast_prefix - deprecated_reason: null - deprecated_since: null - dest: broadcast_prefix - help: address prefix used when broadcasting to all servers - max: null - metavar: null - min: null - mutable: false - name: broadcast_prefix - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: unicast - deprecated_for_removal: false - deprecated_opts: - - group: amqp1 - name: group_request_prefix - deprecated_reason: null - deprecated_since: null - dest: group_request_prefix - help: address prefix when sending to any server in group - max: null - metavar: null - min: null - mutable: false - name: group_request_prefix - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: openstack.org/om/rpc - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_address_prefix - help: Address prefix for all generated RPC addresses - max: null - metavar: null - min: null - mutable: false - name: rpc_address_prefix - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: openstack.org/om/notify - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: notify_address_prefix - help: Address prefix for all generated Notification addresses - max: null - metavar: null - min: null - mutable: false - name: notify_address_prefix - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: multicast - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: multicast_address - help: Appended to the address prefix when sending a fanout message. Used by - the message bus to identify fanout messages. - max: null - metavar: null - min: null - mutable: false - name: multicast_address - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: unicast - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: unicast_address - help: Appended to the address prefix when sending to a particular RPC/Notification - server. Used by the message bus to identify messages sent to a single destination. - max: null - metavar: null - min: null - mutable: false - name: unicast_address - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: anycast - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: anycast_address - help: Appended to the address prefix when sending to a group of consumers. Used - by the message bus to identify messages that should be delivered in a round-robin - fashion across consumers. - max: null - metavar: null - min: null - mutable: false - name: anycast_address - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_notification_exchange - help: 'Exchange name used in notification addresses. - - Exchange name resolution precedence: - - Target.exchange if set - - else default_notification_exchange if set - - else control_exchange if set - - else ''notify''' - max: null - metavar: null - min: null - mutable: false - name: default_notification_exchange - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_rpc_exchange - help: 'Exchange name used in RPC addresses. - - Exchange name resolution precedence: - - Target.exchange if set - - else default_rpc_exchange if set - - else control_exchange if set - - else ''rpc''' - max: null - metavar: null - min: null - mutable: false - name: default_rpc_exchange - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 200 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: reply_link_credit - help: Window size for incoming RPC Reply messages. - max: null - metavar: null - min: 1 - mutable: false - name: reply_link_credit - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 100 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_server_credit - help: Window size for incoming RPC Request messages - max: null - metavar: null - min: 1 - mutable: false - name: rpc_server_credit - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 100 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: notify_server_credit - help: Window size for incoming Notification messages - max: null - metavar: null - min: 1 - mutable: false - name: notify_server_credit - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: - - rpc-cast - - rpc-reply - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pre_settled - help: 'Send messages of this type pre-settled. - - Pre-settled messages will not receive acknowledgement - - from the peer. Note well: pre-settled messages may be - - silently discarded if the delivery fails. - - Permitted values: - - ''rpc-call'' - send RPC Calls pre-settled - - ''rpc-reply''- send RPC Replies pre-settled - - ''rpc-cast'' - Send RPC Casts pre-settled - - ''notify'' - Send Notifications pre-settled - - ' - max: null - metavar: null - min: null - mutable: false - name: pre_settled - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: multi valued - standard_opts: - - container_name - - idle_timeout - - trace - - ssl - - ssl_ca_file - - ssl_cert_file - - ssl_key_file - - ssl_key_password - - allow_insecure_clients - - sasl_mechanisms - - sasl_config_dir - - sasl_config_name - - sasl_default_realm - - username - - password - - connection_retry_interval - - connection_retry_backoff - - connection_retry_interval_max - - link_retry_delay - - default_reply_retry - - default_reply_timeout - - default_send_timeout - - default_notify_timeout - - default_sender_link_timeout - - addressing_mode - - server_request_prefix - - broadcast_prefix - - group_request_prefix - - rpc_address_prefix - - notify_address_prefix - - multicast_address - - unicast_address - - anycast_address - - default_notification_exchange - - default_rpc_exchange - - reply_link_credit - - rpc_server_credit - - notify_server_credit - - pre_settled - oslo_messaging_kafka: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: localhost - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: kafka_default_host - help: Default Kafka broker Host - max: null - metavar: null - min: null - mutable: false - name: kafka_default_host - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 9092 - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: kafka_default_port - help: Default Kafka broker Port - max: 65535 - metavar: null - min: 0 - mutable: false - name: kafka_default_port - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: port value - - advanced: false - choices: [] - default: 1048576 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: kafka_max_fetch_bytes - help: Max fetch bytes of Kafka consumer - max: null - metavar: null - min: null - mutable: false - name: kafka_max_fetch_bytes - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 1.0 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: kafka_consumer_timeout - help: Default timeout(s) for Kafka consumers - max: null - metavar: null - min: null - mutable: false - name: kafka_consumer_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: floating point value - - advanced: false - choices: [] - default: 10 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_size - help: Pool Size for Kafka Consumers - max: null - metavar: null - min: null - mutable: false - name: pool_size - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 2 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: conn_pool_min_size - help: The pool size limit for connections expiration policy - max: null - metavar: null - min: null - mutable: false - name: conn_pool_min_size - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 1200 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: conn_pool_ttl - help: The time-to-live in sec of idle connections in the pool - max: null - metavar: null - min: null - mutable: false - name: conn_pool_ttl - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: oslo_messaging_consumer - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: consumer_group - help: Group id for Kafka consumer. Consumers in one group will coordinate message - consumption - max: null - metavar: null - min: null - mutable: false - name: consumer_group - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 0.0 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: producer_batch_timeout - help: Upper bound on the delay for KafkaProducer batching in seconds - max: null - metavar: null - min: null - mutable: false - name: producer_batch_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: floating point value - - advanced: false - choices: [] - default: 16384 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: producer_batch_size - help: Size of batch for the producer async send - max: null - metavar: null - min: null - mutable: false - name: producer_batch_size - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - kafka_default_host - - kafka_default_port - - kafka_max_fetch_bytes - - kafka_consumer_timeout - - pool_size - - conn_pool_min_size - - conn_pool_ttl - - consumer_group - - producer_batch_timeout - - producer_batch_size - oslo_messaging_notifications: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: notification_driver - deprecated_reason: null - deprecated_since: null - dest: driver - help: The Drivers(s) to handle sending notifications. Possible values are messaging, - messagingv2, routing, log, test, noop - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: multi valued - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: notification_transport_url - deprecated_reason: null - deprecated_since: null - dest: transport_url - help: A URL representing the messaging driver to use for notifications. If not - set, we fall back to the same configuration used for RPC. - max: null - metavar: null - min: null - mutable: false - name: transport_url - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: true - short: null - type: string value - - advanced: false - choices: [] - default: - - notifications - deprecated_for_removal: false - deprecated_opts: - - group: rpc_notifier2 - name: topics - - group: DEFAULT - name: notification_topics - deprecated_reason: null - deprecated_since: null - dest: topics - help: AMQP topic used for OpenStack notifications. - max: null - metavar: null - min: null - mutable: false - name: topics - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: retry - help: The maximum number of attempts to re-send a notification message which - failed to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite - max: null - metavar: null - min: null - mutable: false - name: retry - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - driver - - transport_url - - topics - - retry - oslo_messaging_rabbit: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: amqp_durable_queues - - group: DEFAULT - name: rabbit_durable_queues - deprecated_reason: null - deprecated_since: null - dest: amqp_durable_queues - help: Use durable queues in AMQP. - max: null - metavar: null - min: null - mutable: false - name: amqp_durable_queues - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: amqp_auto_delete - deprecated_reason: null - deprecated_since: null - dest: amqp_auto_delete - help: Auto-delete queues in AMQP. - max: null - metavar: null - min: null - mutable: false - name: amqp_auto_delete - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: ssl - help: Enable SSL - max: null - metavar: null - min: null - mutable: false - name: ssl - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: false - deprecated_opts: - - group: oslo_messaging_rabbit - name: kombu_ssl_version - deprecated_reason: null - deprecated_since: null - dest: ssl_version - help: SSL version to use (valid only if SSL enabled). Valid values are TLSv1 - and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions. - max: null - metavar: null - min: null - mutable: false - name: ssl_version - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: false - deprecated_opts: - - group: oslo_messaging_rabbit - name: kombu_ssl_keyfile - deprecated_reason: null - deprecated_since: null - dest: ssl_key_file - help: SSL key file (valid only if SSL enabled). - max: null - metavar: null - min: null - mutable: false - name: ssl_key_file - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: false - deprecated_opts: - - group: oslo_messaging_rabbit - name: kombu_ssl_certfile - deprecated_reason: null - deprecated_since: null - dest: ssl_cert_file - help: SSL cert file (valid only if SSL enabled). - max: null - metavar: null - min: null - mutable: false - name: ssl_cert_file - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: '' - deprecated_for_removal: false - deprecated_opts: - - group: oslo_messaging_rabbit - name: kombu_ssl_ca_certs - deprecated_reason: null - deprecated_since: null - dest: ssl_ca_file - help: SSL certification authority file (valid only if SSL enabled). - max: null - metavar: null - min: null - mutable: false - name: ssl_ca_file - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 1.0 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: kombu_reconnect_delay - deprecated_reason: null - deprecated_since: null - dest: kombu_reconnect_delay - help: How long to wait before reconnecting in response to an AMQP consumer cancel - notification. - max: null - metavar: null - min: null - mutable: false - name: kombu_reconnect_delay - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: floating point value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: kombu_compression - help: 'EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression - will not be used. This option may not be available in future versions.' - max: null - metavar: null - min: null - mutable: false - name: kombu_compression - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 60 - deprecated_for_removal: false - deprecated_opts: - - group: oslo_messaging_rabbit - name: kombu_reconnect_timeout - deprecated_reason: null - deprecated_since: null - dest: kombu_missing_consumer_retry_timeout - help: How long to wait a missing client before abandoning to send it its replies. - This value should not be longer than rpc_response_timeout. - max: null - metavar: null - min: null - mutable: false - name: kombu_missing_consumer_retry_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: - - round-robin - - shuffle - default: round-robin - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: kombu_failover_strategy - help: Determines how the next RabbitMQ node is chosen in case the one we are - currently connected to becomes unavailable. Takes effect only if more than - one RabbitMQ node is provided in config. - max: null - metavar: null - min: null - mutable: false - name: kombu_failover_strategy - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: localhost - deprecated_for_removal: true - deprecated_opts: - - group: DEFAULT - name: rabbit_host - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: rabbit_host - help: The RabbitMQ broker address where a single node is used. - max: null - metavar: null - min: null - mutable: false - name: rabbit_host - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 5672 - deprecated_for_removal: true - deprecated_opts: - - group: DEFAULT - name: rabbit_port - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: rabbit_port - help: The RabbitMQ broker port where a single node is used. - max: 65535 - metavar: null - min: 0 - mutable: false - name: rabbit_port - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: port value - - advanced: false - choices: [] - default: - - $rabbit_host:$rabbit_port - deprecated_for_removal: true - deprecated_opts: - - group: DEFAULT - name: rabbit_hosts - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: rabbit_hosts - help: RabbitMQ HA cluster host:port pairs. - max: null - metavar: null - min: null - mutable: false - name: rabbit_hosts - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: guest - deprecated_for_removal: true - deprecated_opts: - - group: DEFAULT - name: rabbit_userid - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: rabbit_userid - help: The RabbitMQ userid. - max: null - metavar: null - min: null - mutable: false - name: rabbit_userid - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: guest - deprecated_for_removal: true - deprecated_opts: - - group: DEFAULT - name: rabbit_password - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: rabbit_password - help: The RabbitMQ password. - max: null - metavar: null - min: null - mutable: false - name: rabbit_password - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: true - short: null - type: string value - - advanced: false - choices: - - PLAIN - - AMQPLAIN - - RABBIT-CR-DEMO - default: AMQPLAIN - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rabbit_login_method - deprecated_reason: null - deprecated_since: null - dest: rabbit_login_method - help: The RabbitMQ login method. - max: null - metavar: null - min: null - mutable: false - name: rabbit_login_method - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: / - deprecated_for_removal: true - deprecated_opts: - - group: DEFAULT - name: rabbit_virtual_host - deprecated_reason: Replaced by [DEFAULT]/transport_url - deprecated_since: null - dest: rabbit_virtual_host - help: The RabbitMQ virtual host. - max: null - metavar: null - min: null - mutable: false - name: rabbit_virtual_host - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rabbit_retry_interval - help: How frequently to retry connecting with RabbitMQ. - max: null - metavar: null - min: null - mutable: false - name: rabbit_retry_interval - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 2 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rabbit_retry_backoff - deprecated_reason: null - deprecated_since: null - dest: rabbit_retry_backoff - help: How long to backoff for between retries when connecting to RabbitMQ. - max: null - metavar: null - min: null - mutable: false - name: rabbit_retry_backoff - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 30 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rabbit_interval_max - help: Maximum interval of RabbitMQ connection retries. Default is 30 seconds. - max: null - metavar: null - min: null - mutable: false - name: rabbit_interval_max - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 0 - deprecated_for_removal: true - deprecated_opts: - - group: DEFAULT - name: rabbit_max_retries - deprecated_reason: null - deprecated_since: null - dest: rabbit_max_retries - help: Maximum number of RabbitMQ connection retries. Default is 0 (infinite - retry count). - max: null - metavar: null - min: null - mutable: false - name: rabbit_max_retries - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rabbit_ha_queues - deprecated_reason: null - deprecated_since: null - dest: rabbit_ha_queues - help: 'Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this - option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring - is no longer controlled by the x-ha-policy argument when declaring a queue. - If you just want to make sure that all queues (except those with auto-generated - names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA ''^(?!amq\.).*'' - ''{"ha-mode": "all"}'' "' - max: null - metavar: null - min: null - mutable: false - name: rabbit_ha_queues - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 1800 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rabbit_transient_queues_ttl - help: Positive integer representing duration in seconds for queue TTL (x-expires). - Queues which are unused for the duration of the TTL are automatically deleted. - The parameter affects only reply and fanout queues. - max: null - metavar: null - min: 1 - mutable: false - name: rabbit_transient_queues_ttl - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 0 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rabbit_qos_prefetch_count - help: Specifies the number of messages to prefetch. Setting to zero allows unlimited - messages. - max: null - metavar: null - min: null - mutable: false - name: rabbit_qos_prefetch_count - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 60 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: heartbeat_timeout_threshold - help: Number of seconds after which the Rabbit broker is considered down if - heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL - max: null - metavar: null - min: null - mutable: false - name: heartbeat_timeout_threshold - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 2 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: heartbeat_rate - help: How often times during the heartbeat_timeout_threshold we check the heartbeat. - max: null - metavar: null - min: null - mutable: false - name: heartbeat_rate - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: fake_rabbit - deprecated_reason: null - deprecated_since: null - dest: fake_rabbit - help: Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake - max: null - metavar: null - min: null - mutable: false - name: fake_rabbit - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: channel_max - help: Maximum number of channels to allow - max: null - metavar: null - min: null - mutable: false - name: channel_max - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: frame_max - help: The maximum byte size for an AMQP frame - max: null - metavar: null - min: null - mutable: false - name: frame_max - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 3 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: heartbeat_interval - help: How often to send heartbeats for consumer's connections - max: null - metavar: null - min: null - mutable: false - name: heartbeat_interval - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: ssl_options - help: Arguments passed to ssl.wrap_socket - max: null - metavar: null - min: null - mutable: false - name: ssl_options - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: dict value - - advanced: false - choices: [] - default: 0.25 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: socket_timeout - help: Set socket timeout in seconds for connection's socket - max: null - metavar: null - min: null - mutable: false - name: socket_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: floating point value - - advanced: false - choices: [] - default: 0.25 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: tcp_user_timeout - help: Set TCP_USER_TIMEOUT in seconds for connection's socket - max: null - metavar: null - min: null - mutable: false - name: tcp_user_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: floating point value - - advanced: false - choices: [] - default: 0.25 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: host_connection_reconnect_delay - help: Set delay for reconnection to some host which has connection error - max: null - metavar: null - min: null - mutable: false - name: host_connection_reconnect_delay - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: floating point value - - advanced: false - choices: - - new - - single - - read_write - default: single - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: connection_factory - help: Connection factory implementation - max: null - metavar: null - min: null - mutable: false - name: connection_factory - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 30 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_max_size - help: Maximum number of connections to keep queued. - max: null - metavar: null - min: null - mutable: false - name: pool_max_size - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 0 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_max_overflow - help: Maximum number of connections to create above `pool_max_size`. - max: null - metavar: null - min: null - mutable: false - name: pool_max_overflow - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 30 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_timeout - help: Default number of seconds to wait for a connections to available - max: null - metavar: null - min: null - mutable: false - name: pool_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 600 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_recycle - help: Lifetime of a connection (since creation) in seconds or None for no recycling. - Expired connections are closed on acquire. - max: null - metavar: null - min: null - mutable: false - name: pool_recycle - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 60 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: pool_stale - help: Threshold at which inactive (since release) connections are considered - stale in seconds or None for no staleness. Stale connections are closed on - acquire. - max: null - metavar: null - min: null - mutable: false - name: pool_stale - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: - - json - - msgpack - default: json - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_serializer_type - help: Default serialization mechanism for serializing/deserializing outgoing/incoming - messages - max: null - metavar: null - min: null - mutable: false - name: default_serializer_type - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: notification_persistence - help: Persist notification messages. - max: null - metavar: null - min: null - mutable: false - name: notification_persistence - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: ${control_exchange}_notification - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_notification_exchange - help: Exchange name for sending notifications - max: null - metavar: null - min: null - mutable: false - name: default_notification_exchange - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 100 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: notification_listener_prefetch_count - help: Max number of not acknowledged message which RabbitMQ can send to notification - listener. - max: null - metavar: null - min: null - mutable: false - name: notification_listener_prefetch_count - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_notification_retry_attempts - help: Reconnecting retry count in case of connectivity problem during sending - notification, -1 means infinite retry. - max: null - metavar: null - min: null - mutable: false - name: default_notification_retry_attempts - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 0.25 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: notification_retry_delay - help: Reconnecting retry delay in case of connectivity problem during sending - notification message - max: null - metavar: null - min: null - mutable: false - name: notification_retry_delay - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: floating point value - - advanced: false - choices: [] - default: 60 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_queue_expiration - help: Time to live for rpc queues without consumers in seconds. - max: null - metavar: null - min: null - mutable: false - name: rpc_queue_expiration - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: ${control_exchange}_rpc - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_rpc_exchange - help: Exchange name for sending RPC messages - max: null - metavar: null - min: null - mutable: false - name: default_rpc_exchange - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: ${control_exchange}_rpc_reply - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_reply_exchange - help: Exchange name for receiving RPC replies - max: null - metavar: null - min: null - mutable: false - name: rpc_reply_exchange - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 100 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_listener_prefetch_count - help: Max number of not acknowledged message which RabbitMQ can send to rpc - listener. - max: null - metavar: null - min: null - mutable: false - name: rpc_listener_prefetch_count - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 100 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_reply_listener_prefetch_count - help: Max number of not acknowledged message which RabbitMQ can send to rpc - reply listener. - max: null - metavar: null - min: null - mutable: false - name: rpc_reply_listener_prefetch_count - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_reply_retry_attempts - help: Reconnecting retry count in case of connectivity problem during sending - reply. -1 means infinite retry during rpc_timeout - max: null - metavar: null - min: null - mutable: false - name: rpc_reply_retry_attempts - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 0.25 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_reply_retry_delay - help: Reconnecting retry delay in case of connectivity problem during sending - reply. - max: null - metavar: null - min: null - mutable: false - name: rpc_reply_retry_delay - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: floating point value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: default_rpc_retry_attempts - help: Reconnecting retry count in case of connectivity problem during sending - RPC message, -1 means infinite retry. If actual retry attempts in not 0 the - rpc request could be processed more than one time - max: null - metavar: null - min: null - mutable: false - name: default_rpc_retry_attempts - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 0.25 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_retry_delay - help: Reconnecting retry delay in case of connectivity problem during sending - RPC message - max: null - metavar: null - min: null - mutable: false - name: rpc_retry_delay - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: floating point value - standard_opts: - - amqp_durable_queues - - amqp_auto_delete - - ssl - - ssl_version - - ssl_key_file - - ssl_cert_file - - ssl_ca_file - - kombu_reconnect_delay - - kombu_compression - - kombu_missing_consumer_retry_timeout - - kombu_failover_strategy - - rabbit_host - - rabbit_port - - rabbit_hosts - - rabbit_userid - - rabbit_password - - rabbit_login_method - - rabbit_virtual_host - - rabbit_retry_interval - - rabbit_retry_backoff - - rabbit_interval_max - - rabbit_max_retries - - rabbit_ha_queues - - rabbit_transient_queues_ttl - - rabbit_qos_prefetch_count - - heartbeat_timeout_threshold - - heartbeat_rate - - fake_rabbit - - channel_max - - frame_max - - heartbeat_interval - - ssl_options - - socket_timeout - - tcp_user_timeout - - host_connection_reconnect_delay - - connection_factory - - pool_max_size - - pool_max_overflow - - pool_timeout - - pool_recycle - - pool_stale - - default_serializer_type - - notification_persistence - - default_notification_exchange - - notification_listener_prefetch_count - - default_notification_retry_attempts - - notification_retry_delay - - rpc_queue_expiration - - default_rpc_exchange - - rpc_reply_exchange - - rpc_listener_prefetch_count - - rpc_reply_listener_prefetch_count - - rpc_reply_retry_attempts - - rpc_reply_retry_delay - - default_rpc_retry_attempts - - rpc_retry_delay - oslo_messaging_zmq: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: '*' - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_bind_address - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_bind_address - help: ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, - or IP. The "host" option should point or resolve to this address. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_bind_address - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: *id001 - default: redis - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_matchmaker - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_matchmaker - help: MatchMaker driver. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_matchmaker - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 1 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_contexts - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_contexts - help: Number of ZeroMQ contexts, defaults to 1. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_contexts - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_topic_backlog - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_topic_backlog - help: Maximum number of ingress messages to locally buffer per topic. Default - is unlimited. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_topic_backlog - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: /var/run/openstack - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_ipc_dir - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_ipc_dir - help: Directory for holding IPC sockets. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_ipc_dir - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: x1hobo - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_host - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_host - help: Name of this node. Must be a valid hostname, FQDN, or IP address. Must - match "host" option, if running Nova. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_host - namespace: oslo.messaging - positional: false - required: false - sample_default: localhost - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_cast_timeout - deprecated_reason: null - deprecated_since: null - dest: zmq_linger - help: Number of seconds to wait before all pending messages will be sent after - closing a socket. The default value of -1 specifies an infinite linger period. - The value of 0 specifies no linger period. Pending messages shall be discarded - immediately when the socket is closed. Positive values specify an upper bound - for the linger period. - max: null - metavar: null - min: null - mutable: false - name: zmq_linger - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 1 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_poll_timeout - deprecated_reason: null - deprecated_since: null - dest: rpc_poll_timeout - help: The default number of seconds that poll should wait. Poll raises timeout - exception when timeout expired. - max: null - metavar: null - min: null - mutable: false - name: rpc_poll_timeout - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 300 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: zmq_target_expire - deprecated_reason: null - deprecated_since: null - dest: zmq_target_expire - help: Expiration timeout in seconds of a name service record about existing - target ( < 0 means no timeout). - max: null - metavar: null - min: null - mutable: false - name: zmq_target_expire - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 180 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: zmq_target_update - deprecated_reason: null - deprecated_since: null - dest: zmq_target_update - help: Update period in seconds of a name service record about existing target. - max: null - metavar: null - min: null - mutable: false - name: zmq_target_update - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: use_pub_sub - deprecated_reason: null - deprecated_since: null - dest: use_pub_sub - help: Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. - max: null - metavar: null - min: null - mutable: false - name: use_pub_sub - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: use_router_proxy - deprecated_reason: null - deprecated_since: null - dest: use_router_proxy - help: Use ROUTER remote proxy. - max: null - metavar: null - min: null - mutable: false - name: use_router_proxy - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: use_dynamic_connections - help: This option makes direct connections dynamic or static. It makes sense - only with use_router_proxy=False which means to use direct connections for - direct message types (ignored otherwise). - max: null - metavar: null - min: null - mutable: false - name: use_dynamic_connections - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 2 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: zmq_failover_connections - help: How many additional connections to a host will be made for failover reasons. - This option is actual only in dynamic connections mode. - max: null - metavar: null - min: null - mutable: false - name: zmq_failover_connections - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 49153 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_min_port - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_min_port - help: Minimal port number for random ports range. - max: 65535 - metavar: null - min: 0 - mutable: false - name: rpc_zmq_min_port - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: port value - - advanced: false - choices: [] - default: 65536 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_max_port - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_max_port - help: Maximal port number for random ports range. - max: 65536 - metavar: null - min: 1 - mutable: false - name: rpc_zmq_max_port - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 100 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_bind_port_retries - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_bind_port_retries - help: Number of retries to find free port number before fail with ZMQBindError. - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_bind_port_retries - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: *id002 - default: json - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: rpc_zmq_serialization - deprecated_reason: null - deprecated_since: null - dest: rpc_zmq_serialization - help: Default serialization mechanism for serializing/deserializing outgoing/incoming - messages - max: null - metavar: null - min: null - mutable: false - name: rpc_zmq_serialization - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: zmq_immediate - help: This option configures round-robin mode in zmq socket. True means not - keeping a queue when server side disconnects. False means to keep queue and - messages even if server is disconnected, when the server appears we send all - accumulated messages to it. - max: null - metavar: null - min: null - mutable: false - name: zmq_immediate - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: zmq_tcp_keepalive - help: Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or - any other negative value) means to skip any overrides and leave it to OS default; - 0 and 1 (or any other positive value) mean to disable and enable the option - respectively. - max: null - metavar: null - min: null - mutable: false - name: zmq_tcp_keepalive - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: zmq_tcp_keepalive_idle - help: The duration between two keepalive transmissions in idle condition. The - unit is platform dependent, for example, seconds in Linux, milliseconds in - Windows etc. The default value of -1 (or any other negative value and 0) means - to skip any overrides and leave it to OS default. - max: null - metavar: null - min: null - mutable: false - name: zmq_tcp_keepalive_idle - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: zmq_tcp_keepalive_cnt - help: The number of retransmissions to be carried out before declaring that - remote end is not available. The default value of -1 (or any other negative - value and 0) means to skip any overrides and leave it to OS default. - max: null - metavar: null - min: null - mutable: false - name: zmq_tcp_keepalive_cnt - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: -1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: zmq_tcp_keepalive_intvl - help: The duration between two successive keepalive retransmissions, if acknowledgement - to the previous keepalive transmission is not received. The unit is platform - dependent, for example, seconds in Linux, milliseconds in Windows etc. The - default value of -1 (or any other negative value and 0) means to skip any - overrides and leave it to OS default. - max: null - metavar: null - min: null - mutable: false - name: zmq_tcp_keepalive_intvl - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 100 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_thread_pool_size - help: Maximum number of (green) threads to work concurrently. - max: null - metavar: null - min: null - mutable: false - name: rpc_thread_pool_size - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 300 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_message_ttl - help: Expiration timeout in seconds of a sent/received message after which it - is not tracked anymore by a client/server. - max: null - metavar: null - min: null - mutable: false - name: rpc_message_ttl - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_use_acks - help: Wait for message acknowledgements from receivers. This mechanism works - only via proxy without PUB/SUB. - max: null - metavar: null - min: null - mutable: false - name: rpc_use_acks - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 15 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_ack_timeout_base - help: Number of seconds to wait for an ack from a cast/call. After each retry - attempt this timeout is multiplied by some specified multiplier. - max: null - metavar: null - min: null - mutable: false - name: rpc_ack_timeout_base - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 2 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_ack_timeout_multiplier - help: Number to multiply base ack timeout by after each retry attempt. - max: null - metavar: null - min: null - mutable: false - name: rpc_ack_timeout_multiplier - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 3 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: rpc_retry_attempts - help: 'Default number of message sending attempts in case of any problems occurred: - positive value N means at most N retries, 0 means no retries, None or -1 (or - any other negative values) mean to retry forever. This option is used only - if acknowledgments are enabled.' - max: null - metavar: null - min: null - mutable: false - name: rpc_retry_attempts - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: subscribe_on - help: List of publisher hosts SubConsumer can subscribe on. This option has - higher priority then the default publishers list taken from the matchmaker. - max: null - metavar: null - min: null - mutable: false - name: subscribe_on - namespace: oslo.messaging - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - standard_opts: - - rpc_zmq_bind_address - - rpc_zmq_matchmaker - - rpc_zmq_contexts - - rpc_zmq_topic_backlog - - rpc_zmq_ipc_dir - - rpc_zmq_host - - zmq_linger - - rpc_poll_timeout - - zmq_target_expire - - zmq_target_update - - use_pub_sub - - use_router_proxy - - use_dynamic_connections - - zmq_failover_connections - - rpc_zmq_min_port - - rpc_zmq_max_port - - rpc_zmq_bind_port_retries - - rpc_zmq_serialization - - zmq_immediate - - zmq_tcp_keepalive - - zmq_tcp_keepalive_idle - - zmq_tcp_keepalive_cnt - - zmq_tcp_keepalive_intvl - - rpc_thread_pool_size - - rpc_message_ttl - - rpc_use_acks - - rpc_ack_timeout_base - - rpc_ack_timeout_multiplier - - rpc_retry_attempts - - subscribe_on - oslo_middleware: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: 114688 - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: osapi_max_request_body_size - - group: DEFAULT - name: max_request_body_size - deprecated_reason: null - deprecated_since: null - dest: max_request_body_size - help: The maximum body size for each request, in bytes. - max: null - metavar: null - min: null - mutable: false - name: max_request_body_size - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: X-Forwarded-Proto - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: secure_proxy_ssl_header - help: The HTTP Header that will be used to determine what the original request - protocol scheme was, even if it was hidden by a SSL termination proxy. - max: null - metavar: null - min: null - mutable: false - name: secure_proxy_ssl_header - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: enable_proxy_headers_parsing - help: Whether the application is behind a proxy or not. This determines if the - middleware should parse the headers or not. - max: null - metavar: null - min: null - mutable: false - name: enable_proxy_headers_parsing - namespace: oslo.middleware - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - standard_opts: - - max_request_body_size - - secure_proxy_ssl_header - - enable_proxy_headers_parsing - oslo_policy: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: policy.json - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: policy_file - deprecated_reason: null - deprecated_since: null - dest: policy_file - help: The file that defines policies. - max: null - metavar: null - min: null - mutable: false - name: policy_file - namespace: oslo.policy - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: default - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: policy_default_rule - deprecated_reason: null - deprecated_since: null - dest: policy_default_rule - help: Default rule. Enforced when a requested rule is not found. - max: null - metavar: null - min: null - mutable: false - name: policy_default_rule - namespace: oslo.policy - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: - - policy.d - deprecated_for_removal: false - deprecated_opts: - - group: DEFAULT - name: policy_dirs - deprecated_reason: null - deprecated_since: null - dest: policy_dirs - help: Directories where policy configuration files are stored. They can be relative - to any directory in the search path defined by the config_dir option, or absolute - paths. The file defined by policy_file must exist for these directories to - be searched. Missing or empty directories are ignored. - max: null - metavar: null - min: null - mutable: false - name: policy_dirs - namespace: oslo.policy - positional: false - required: false - sample_default: null - secret: false - short: null - type: multi valued - standard_opts: - - policy_file - - policy_default_rule - - policy_dirs - paste_deploy: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: keystone-paste.ini - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: config_file - help: Name of (or absolute path to) the Paste Deploy configuration file that - composes middleware and the keystone application itself into actual WSGI entry - points. See http://pythonpaste.org/deploy/ for additional documentation on - the file's format. - max: null - metavar: null - min: null - mutable: false - name: config_file - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - standard_opts: - - config_file - policy: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the policy backend driver in the `keystone.policy` namespace. - Supplied drivers are `rules` (which does not support any CRUD operations for - the v3 policy API) and `sql`. Typically, there is no reason to set this option - unless you are providing a custom entry point. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: list_limit - help: Maximum number of entities that will be returned in a policy collection. - max: null - metavar: null - min: null - mutable: false - name: list_limit - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - driver - - list_limit - profiler: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: - - group: profiler - name: profiler_enabled - deprecated_reason: null - deprecated_since: null - dest: enabled - help: ' - - Enables the profiling for all services on this node. Default value is False - - (fully disable the profiling feature). - - - Possible values: - - - * True: Enables the feature - - * False: Disables the feature. The profiling cannot be started via this project - - operations. If the profiling is triggered by another project, this project - part - - will be empty. - - ' - max: null - metavar: null - min: null - mutable: false - name: enabled - namespace: osprofiler - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: trace_sqlalchemy - help: ' - - Enables SQL requests profiling in services. Default value is False (SQL - - requests won''t be traced). - - - Possible values: - - - * True: Enables SQL requests profiling. Each SQL query will be part of the - - trace and can the be analyzed by how much time was spent for that. - - * False: Disables SQL requests profiling. The spent time is only shown on - a - - higher level of operations. Single SQL queries cannot be analyzed this - - way. - - ' - max: null - metavar: null - min: null - mutable: false - name: trace_sqlalchemy - namespace: osprofiler - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: SECRET_KEY - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: hmac_keys - help: ' - - Secret key(s) to use for encrypting context data for performance profiling. - - This string value should have the following format: [,,...], - - where each key is some random string. A user who triggers the profiling via - - the REST API has to set one of these keys in the headers of the REST API call - - to include profiling results of this node for this particular project. - - - Both "enabled" flag and "hmac_keys" config options should be set to enable - - profiling. Also, to generate correct profiling information across all services - - at least one key needs to be consistent between OpenStack projects. This - - ensures it can be used from client side to generate the trace, containing - - information from all possible resources.' - max: null - metavar: null - min: null - mutable: false - name: hmac_keys - namespace: osprofiler - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: messaging:// - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: connection_string - help: ' - - Connection string for a notifier backend. Default value is messaging:// which - - sets the notifier to oslo_messaging. - - - Examples of possible values: - - - * messaging://: use oslo_messaging driver for sending notifications. - - * mongodb://127.0.0.1:27017 : use mongodb driver for sending notifications. - - * elasticsearch://127.0.0.1:9200 : use elasticsearch driver for sending - - notifications. - - ' - max: null - metavar: null - min: null - mutable: false - name: connection_string - namespace: osprofiler - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: notification - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: es_doc_type - help: ' - - Document type for notification indexing in elasticsearch. - - ' - max: null - metavar: null - min: null - mutable: false - name: es_doc_type - namespace: osprofiler - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 2m - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: es_scroll_time - help: ' - - This parameter is a time value parameter (for example: es_scroll_time=2m), - - indicating for how long the nodes that participate in the search will maintain - - relevant resources in order to continue and support it. - - ' - max: null - metavar: null - min: null - mutable: false - name: es_scroll_time - namespace: osprofiler - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 10000 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: es_scroll_size - help: ' - - Elasticsearch splits large requests in batches. This parameter defines - - maximum size of each batch (for example: es_scroll_size=10000). - - ' - max: null - metavar: null - min: null - mutable: false - name: es_scroll_size - namespace: osprofiler - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 0.1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: socket_timeout - help: ' - - Redissentinel provides a timeout option on the connections. - - This parameter defines that timeout (for example: socket_timeout=0.1). - - ' - max: null - metavar: null - min: null - mutable: false - name: socket_timeout - namespace: osprofiler - positional: false - required: false - sample_default: null - secret: false - short: null - type: floating point value - - advanced: false - choices: [] - default: mymaster - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: sentinel_service_name - help: ' - - Redissentinel uses a service name to identify a master redis service. - - This parameter defines the name (for example: - - sentinal_service_name=mymaster). - - ' - max: null - metavar: null - min: null - mutable: false - name: sentinel_service_name - namespace: osprofiler - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - standard_opts: - - enabled - - trace_sqlalchemy - - hmac_keys - - connection_string - - es_doc_type - - es_scroll_time - - es_scroll_size - - socket_timeout - - sentinel_service_name - resource: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the resource driver in the `keystone.resource` namespace. - Only a `sql` driver is supplied by keystone. Unless you are writing proprietary - drivers for keystone, you do not need to set this option. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: - - group: assignment - name: caching - deprecated_reason: null - deprecated_since: null - dest: caching - help: Toggle for resource caching. This has no effect unless global caching - is enabled. - max: null - metavar: null - min: null - mutable: false - name: caching - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: - - group: assignment - name: cache_time - deprecated_reason: null - deprecated_since: null - dest: cache_time - help: Time to cache resource data in seconds. This has no effect unless global - caching is enabled. - max: null - metavar: null - min: null - mutable: false - name: cache_time - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: - - group: assignment - name: list_limit - deprecated_reason: null - deprecated_since: null - dest: list_limit - help: Maximum number of entities that will be returned in a resource collection. - max: null - metavar: null - min: null - mutable: false - name: list_limit - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: admin_project_domain_name - help: Name of the domain that owns the `admin_project_name`. If left unset, - then there is no admin project. `[resource] admin_project_name` must also - be set to use this option. - max: null - metavar: null - min: null - mutable: false - name: admin_project_domain_name - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: admin_project_name - help: This is a special project which represents cloud-level administrator privileges - across services. Tokens scoped to this project will contain a true `is_admin_project` - attribute to indicate to policy systems that the role assignments on that - specific project should apply equally across every project. If left unset, - then there is no admin project, and thus no explicit means of cross-project - role assignments. `[resource] admin_project_domain_name` must also be set - to use this option. - max: null - metavar: null - min: null - mutable: false - name: admin_project_name - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: - - 'off' - - new - - strict - default: 'off' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: project_name_url_safe - help: This controls whether the names of projects are restricted from containing - URL-reserved characters. If set to `new`, attempts to create or update a project - with a URL-unsafe name will fail. If set to `strict`, attempts to scope a - token with a URL-unsafe project name will fail, thereby forcing all project - names to be updated to be URL-safe. - max: null - metavar: null - min: null - mutable: false - name: project_name_url_safe - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: - - 'off' - - new - - strict - default: 'off' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: domain_name_url_safe - help: This controls whether the names of domains are restricted from containing - URL-reserved characters. If set to `new`, attempts to create or update a domain - with a URL-unsafe name will fail. If set to `strict`, attempts to scope a - token with a URL-unsafe domain name will fail, thereby forcing all domain - names to be updated to be URL-safe. - max: null - metavar: null - min: null - mutable: false - name: domain_name_url_safe - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - standard_opts: - - driver - - caching - - cache_time - - list_limit - - admin_project_domain_name - - admin_project_name - - project_name_url_safe - - domain_name_url_safe - revoke: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the token revocation backend driver in the `keystone.revoke` - namespace. Keystone only provides a `sql` driver, so there is no reason to - set this option unless you are providing a custom entry point. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 1800 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: expiration_buffer - help: The number of seconds after a token has expired before a corresponding - revocation event may be purged from the backend. - max: null - metavar: null - min: 0 - mutable: false - name: expiration_buffer - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: caching - help: Toggle for revocation event caching. This has no effect unless global - caching is enabled. - max: null - metavar: null - min: null - mutable: false - name: caching - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 3600 - deprecated_for_removal: false - deprecated_opts: - - group: token - name: revocation_cache_time - deprecated_reason: null - deprecated_since: null - dest: cache_time - help: Time to cache the revocation list and the revocation events (in seconds). - This has no effect unless global and `[revoke] caching` are both enabled. - max: null - metavar: null - min: null - mutable: false - name: cache_time - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - driver - - expiration_buffer - - caching - - cache_time - role: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the role backend driver in the `keystone.role` namespace. - Keystone only provides a `sql` driver, so there's no reason to change this - unless you are providing a custom entry point. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: caching - help: Toggle for role caching. This has no effect unless global caching is enabled. - In a typical deployment, there is no reason to disable this. - max: null - metavar: null - min: null - mutable: false - name: caching - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: cache_time - help: Time to cache role data, in seconds. This has no effect unless both global - caching and `[role] caching` are enabled. - max: null - metavar: null - min: null - mutable: false - name: cache_time - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: list_limit - help: Maximum number of entities that will be returned in a role collection. - This may be useful to tune if you have a large number of discrete roles in - your deployment. - max: null - metavar: null - min: null - mutable: false - name: list_limit - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - driver - - caching - - cache_time - - list_limit - saml: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: 3600 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: assertion_expiration_time - help: Determines the lifetime for any SAML assertions generated by keystone, - using `NotOnOrAfter` attributes. - max: null - metavar: null - min: null - mutable: false - name: assertion_expiration_time - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: xmlsec1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: xmlsec1_binary - help: Name of, or absolute path to, the binary to be used for XML signing. Although - only the XML Security Library (`xmlsec1`) is supported, it may have a non-standard - name or path on your system. If keystone cannot find the binary itself, you - may need to install the appropriate package, use this option to specify an - absolute path, or adjust keystone's PATH environment variable. - max: null - metavar: null - min: null - mutable: false - name: xmlsec1_binary - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: /etc/keystone/ssl/certs/signing_cert.pem - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: certfile - help: Absolute path to the public certificate file to use for SAML signing. - The value cannot contain a comma (`,`). - max: null - metavar: null - min: null - mutable: false - name: certfile - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: /etc/keystone/ssl/private/signing_key.pem - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: keyfile - help: Absolute path to the private key file to use for SAML signing. The value - cannot contain a comma (`,`). - max: null - metavar: null - min: null - mutable: false - name: keyfile - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_entity_id - help: 'This is the unique entity identifier of the identity provider (keystone) - to use when generating SAML assertions. This value is required to generate - identity provider metadata and must be a URI (a URL is recommended). For example: - `https://keystone.example.com/v3/OS-FEDERATION/saml2/idp`.' - max: null - metavar: null - min: null - mutable: false - name: idp_entity_id - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: uri value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_sso_endpoint - help: 'This is the single sign-on (SSO) service location of the identity provider - which accepts HTTP POST requests. A value is required to generate identity - provider metadata. For example: `https://keystone.example.com/v3/OS-FEDERATION/saml2/sso`.' - max: null - metavar: null - min: null - mutable: false - name: idp_sso_endpoint - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: uri value - - advanced: false - choices: [] - default: en - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_lang - help: This is the language used by the identity provider's organization. - max: null - metavar: null - min: null - mutable: false - name: idp_lang - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: SAML Identity Provider - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_organization_name - help: This is the name of the identity provider's organization. - max: null - metavar: null - min: null - mutable: false - name: idp_organization_name - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: OpenStack SAML Identity Provider - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_organization_display_name - help: This is the name of the identity provider's organization to be displayed. - max: null - metavar: null - min: null - mutable: false - name: idp_organization_display_name - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: https://example.com/ - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_organization_url - help: This is the URL of the identity provider's organization. The URL referenced - here should be useful to humans. - max: null - metavar: null - min: null - mutable: false - name: idp_organization_url - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: uri value - - advanced: false - choices: [] - default: Example, Inc. - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_contact_company - help: This is the company name of the identity provider's contact person. - max: null - metavar: null - min: null - mutable: false - name: idp_contact_company - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: SAML Identity Provider Support - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_contact_name - help: This is the given name of the identity provider's contact person. - max: null - metavar: null - min: null - mutable: false - name: idp_contact_name - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: Support - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_contact_surname - help: This is the surname of the identity provider's contact person. - max: null - metavar: null - min: null - mutable: false - name: idp_contact_surname - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: support@example.com - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_contact_email - help: This is the email address of the identity provider's contact person. - max: null - metavar: null - min: null - mutable: false - name: idp_contact_email - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: +1 800 555 0100 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_contact_telephone - help: This is the telephone number of the identity provider's contact person. - max: null - metavar: null - min: null - mutable: false - name: idp_contact_telephone - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: - - technical - - support - - administrative - - billing - - other - default: other - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_contact_type - help: This is the type of contact that best describes the identity provider's - contact person. - max: null - metavar: null - min: null - mutable: false - name: idp_contact_type - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: /etc/keystone/saml2_idp_metadata.xml - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: idp_metadata_path - help: Absolute path to the identity provider metadata file. This file should - be generated with the `keystone-manage saml_idp_metadata` command. There is - typically no reason to change this value. - max: null - metavar: null - min: null - mutable: false - name: idp_metadata_path - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 'ss:mem:' - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: relay_state_prefix - help: The prefix of the RelayState SAML attribute to use when generating enhanced - client and proxy (ECP) assertions. In a typical deployment, there is no reason - to change this value. - max: null - metavar: null - min: null - mutable: false - name: relay_state_prefix - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - standard_opts: - - assertion_expiration_time - - xmlsec1_binary - - certfile - - keyfile - - idp_entity_id - - idp_sso_endpoint - - idp_lang - - idp_organization_name - - idp_organization_display_name - - idp_organization_url - - idp_contact_company - - idp_contact_name - - idp_contact_surname - - idp_contact_email - - idp_contact_telephone - - idp_contact_type - - idp_metadata_path - - relay_state_prefix - security_compliance: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: disable_user_account_days_inactive - help: The maximum number of days a user can go without authenticating before - being considered "inactive" and automatically disabled (locked). This feature - is disabled by default; set any value to enable it. This feature depends on - the `sql` backend for the `[identity] driver`. When a user exceeds this threshold - and is considered "inactive", the user's `enabled` attribute in the HTTP API - may not match the value of the user's `enabled` column in the user table. - max: null - metavar: null - min: 1 - mutable: false - name: disable_user_account_days_inactive - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: lockout_failure_attempts - help: The maximum number of times that a user can fail to authenticate before - the user account is locked for the number of seconds specified by `[security_compliance] - lockout_duration`. This feature is disabled by default. If this feature is - enabled and `[security_compliance] lockout_duration` is not set, then users - may be locked out indefinitely until the user is explicitly enabled via the - API. This feature depends on the `sql` backend for the `[identity] driver`. - max: null - metavar: null - min: 1 - mutable: false - name: lockout_failure_attempts - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 1800 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: lockout_duration - help: The number of seconds a user account will be locked when the maximum number - of failed authentication attempts (as specified by `[security_compliance] - lockout_failure_attempts`) is exceeded. Setting this option will have no effect - unless you also set `[security_compliance] lockout_failure_attempts` to a - non-zero value. This feature depends on the `sql` backend for the `[identity] - driver`. - max: null - metavar: null - min: 1 - mutable: false - name: lockout_duration - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: password_expires_days - help: The number of days for which a password will be considered valid before - requiring it to be changed. This feature is disabled by default. If enabled, - new password changes will have an expiration date, however existing passwords - would not be impacted. This feature depends on the `sql` backend for the `[identity] - driver`. - max: null - metavar: null - min: 1 - mutable: false - name: password_expires_days - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 1 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: unique_last_password_count - help: This controls the number of previous user password iterations to keep - in history, in order to enforce that newly created passwords are unique. Setting - the value to one (the default) disables this feature. Thus, to enable this - feature, values must be greater than 1. This feature depends on the `sql` - backend for the `[identity] driver`. - max: null - metavar: null - min: 1 - mutable: false - name: unique_last_password_count - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 0 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: minimum_password_age - help: 'The number of days that a password must be used before the user can change - it. This prevents users from changing their passwords immediately in order - to wipe out their password history and reuse an old password. This feature - does not prevent administrators from manually resetting passwords. It is disabled - by default and allows for immediate password changes. This feature depends - on the `sql` backend for the `[identity] driver`. Note: If `[security_compliance] - password_expires_days` is set, then the value for this option should be less - than the `password_expires_days`.' - max: null - metavar: null - min: 0 - mutable: false - name: minimum_password_age - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: password_regex - help: 'The regular expression used to validate password strength requirements. - By default, the regular expression will match any password. The following - is an example of a pattern which requires at least 1 letter, 1 digit, and - have a minimum length of 7 characters: ^(?=.*\d)(?=.*[a-zA-Z]).{7,}$ This - feature depends on the `sql` backend for the `[identity] driver`.' - max: null - metavar: null - min: null - mutable: false - name: password_regex - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: password_regex_description - help: Describe your password regular expression here in language for humans. - If a password fails to match the regular expression, the contents of this - configuration variable will be returned to users to explain why their requested - password was insufficient. - max: null - metavar: null - min: null - mutable: false - name: password_regex_description - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: change_password_upon_first_use - help: Enabling this option requires users to change their password when the - user is created, or upon administrative reset. Before accessing any services, - affected users will have to change their password. To ignore this requirement - for specific users, such as service users, set the `options` attribute `ignore_change_password_upon_first_use` - to `True` for the desired user via the update user API. This feature is disabled - by default. This feature is only applicable with the `sql` backend for the - `[identity] driver`. - max: null - metavar: null - min: null - mutable: false - name: change_password_upon_first_use - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - standard_opts: - - disable_user_account_days_inactive - - lockout_failure_attempts - - lockout_duration - - password_expires_days - - unique_last_password_count - - minimum_password_age - - password_regex - - password_regex_description - - change_password_upon_first_use - shadow_users: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the shadow users backend driver in the `keystone.identity.shadow_users` - namespace. This driver is used for persisting local user references to externally-managed - identities (via federation, LDAP, etc). Keystone only provides a `sql` driver, - so there is no reason to change this option unless you are providing a custom - entry point. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - standard_opts: - - driver - signing: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: /etc/keystone/ssl/certs/signing_cert.pem - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and - removed in Pike. These options remain for backwards compatibility.' - deprecated_since: P - dest: certfile - help: Absolute path to the public certificate file to use for signing responses - to revocation lists requests. Set this together with `[signing] keyfile`. - For non-production environments, you may be interested in using `keystone-manage - pki_setup` to generate self-signed certificates. - max: null - metavar: null - min: null - mutable: false - name: certfile - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: /etc/keystone/ssl/private/signing_key.pem - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and - removed in Pike. These options remain for backwards compatibility.' - deprecated_since: P - dest: keyfile - help: Absolute path to the private key file to use for signing responses to - revocation lists requests. Set this together with `[signing] certfile`. - max: null - metavar: null - min: null - mutable: false - name: keyfile - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: /etc/keystone/ssl/certs/ca.pem - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and - removed in Pike. These options remain for backwards compatibility.' - deprecated_since: P - dest: ca_certs - help: Absolute path to the public certificate authority (CA) file to use when - creating self-signed certificates with `keystone-manage pki_setup`. Set this - together with `[signing] ca_key`. There is no reason to set this option unless - you are requesting revocation lists in a non-production environment. Use a - `[signing] certfile` issued from a trusted certificate authority instead. - max: null - metavar: null - min: null - mutable: false - name: ca_certs - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: /etc/keystone/ssl/private/cakey.pem - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and - removed in Pike. These options remain for backwards compatibility.' - deprecated_since: P - dest: ca_key - help: Absolute path to the private certificate authority (CA) key file to use - when creating self-signed certificates with `keystone-manage pki_setup`. Set - this together with `[signing] ca_certs`. There is no reason to set this option - unless you are requesting revocation lists in a non-production environment. - Use a `[signing] certfile` issued from a trusted certificate authority instead. - max: null - metavar: null - min: null - mutable: false - name: ca_key - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 2048 - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and - removed in Pike. These options remain for backwards compatibility.' - deprecated_since: P - dest: key_size - help: Key size (in bits) to use when generating a self-signed token signing - certificate. There is no reason to set this option unless you are requesting - revocation lists in a non-production environment. Use a `[signing] certfile` - issued from a trusted certificate authority instead. - max: null - metavar: null - min: 1024 - mutable: false - name: key_size - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: 3650 - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and - removed in Pike. These options remain for backwards compatibility.' - deprecated_since: P - dest: valid_days - help: The validity period (in days) to use when generating a self-signed token - signing certificate. There is no reason to set this option unless you are - requesting revocation lists in a non-production environment. Use a `[signing] - certfile` issued from a trusted certificate authority instead. - max: null - metavar: null - min: null - mutable: false - name: valid_days - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and - removed in Pike. These options remain for backwards compatibility.' - deprecated_since: P - dest: cert_subject - help: The certificate subject to use when generating a self-signed token signing - certificate. There is no reason to set this option unless you are requesting - revocation lists in a non-production environment. Use a `[signing] certfile` - issued from a trusted certificate authority instead. - max: null - metavar: null - min: null - mutable: false - name: cert_subject - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - standard_opts: - - certfile - - keyfile - - ca_certs - - ca_key - - key_size - - valid_days - - cert_subject - token: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: bind - help: This is a list of external authentication mechanisms which should add - token binding metadata to tokens, such as `kerberos` or `x509`. Binding metadata - is enforced according to the `[token] enforce_token_bind` option. - max: null - metavar: null - min: null - mutable: false - name: bind - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: list value - - advanced: false - choices: [] - default: permissive - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: null - deprecated_since: P - dest: enforce_token_bind - help: This controls the token binding enforcement policy on tokens presented - to keystone with token binding metadata (as specified by the `[token] bind` - option). `disabled` completely bypasses token binding validation. `permissive` - and `strict` do not require tokens to have binding metadata (but will validate - it if present), whereas `required` will always demand tokens to having binding - metadata. `permissive` will allow unsupported binding metadata to pass through - without validation (usually to be validated at another time by another component), - whereas `strict` and `required` will demand that the included binding metadata - be supported by keystone. - max: null - metavar: null - min: null - mutable: false - name: enforce_token_bind - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: 3600 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: expiration - help: The amount of time that a token should remain valid (in seconds). Drastically - reducing this value may break "long-running" operations that involve multiple - services to coordinate together, and will force users to authenticate with - keystone more frequently. Drastically increasing this value will increase - load on the `[token] driver`, as more tokens will be simultaneously valid. - Keystone tokens are also bearer tokens, so a shorter duration will also reduce - the potential security impact of a compromised token. - max: 9223372036854775807 - metavar: null - min: 0 - mutable: false - name: expiration - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: fernet - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: provider - help: Entry point for the token provider in the `keystone.token.provider` namespace. - The token provider controls the token construction, validation, and revocation - operations. Keystone includes `fernet` and `uuid` token providers. `uuid` - tokens must be persisted (using the backend specified in the `[token] driver` - option), but do not require any extra configuration or setup. `fernet` tokens - do not need to be persisted at all, but require that you run `keystone-manage - fernet_setup` (also see the `keystone-manage fernet_rotate` command). - max: null - metavar: null - min: null - mutable: false - name: provider - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: sql - deprecated_for_removal: true - deprecated_opts: [] - deprecated_reason: null - deprecated_since: P - dest: driver - help: Entry point for the token persistence backend driver in the `keystone.token.persistence` - namespace. Keystone provides the `sql` driver. The `sql` option (default) - depends on the options in your `[database]` section. If you're using the `fernet` - `[token] provider`, this backend will not be utilized to persist tokens at - all. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: caching - help: Toggle for caching token creation and validation data. This has no effect - unless global caching is enabled. - max: null - metavar: null - min: null - mutable: false - name: caching - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: null - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: cache_time - help: The number of seconds to cache token creation and validation data. This - has no effect unless both global and `[token] caching` are enabled. - max: 9223372036854775807 - metavar: null - min: 0 - mutable: false - name: cache_time - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: revoke_by_id - help: This toggles support for revoking individual tokens by the token identifier - and thus various token enumeration operations (such as listing all tokens - issued to a specific user). These operations are used to determine the list - of tokens to consider revoked. Do not disable this option if you're using - the `kvs` `[revoke] driver`. - max: null - metavar: null - min: null - mutable: false - name: revoke_by_id - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: allow_rescope_scoped_token - help: This toggles whether scoped tokens may be re-scoped to a new project or - domain, thereby preventing users from exchanging a scoped token (including - those with a default project scope) for any other token. This forces users - to either authenticate for unscoped tokens (and later exchange that unscoped - token for tokens with a more specific scope) or to provide their credentials - in every request for a scoped token to avoid re-scoping altogether. - max: null - metavar: null - min: null - mutable: false - name: allow_rescope_scoped_token - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: infer_roles - help: This controls whether roles should be included with tokens that are not - directly assigned to the token's scope, but are instead linked implicitly - to other role assignments. - max: null - metavar: null - min: null - mutable: false - name: infer_roles - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: cache_on_issue - help: Enable storing issued token data to token validation cache so that first - token validation doesn't actually cause full validation cycle. This option - has no effect unless global caching and token caching are enabled. - max: null - metavar: null - min: null - mutable: false - name: cache_on_issue - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 172800 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: allow_expired_window - help: This controls the number of seconds that a token can be retrieved for - beyond the built-in expiry time. This allows long running operations to succeed. - Defaults to two days. - max: null - metavar: null - min: null - mutable: false - name: allow_expired_window - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - standard_opts: - - bind - - enforce_token_bind - - expiration - - provider - - driver - - caching - - cache_time - - revoke_by_id - - allow_rescope_scoped_token - - infer_roles - - cache_on_issue - - allow_expired_window - tokenless_auth: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: [] - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: trusted_issuer - help: The list of distinguished names which identify trusted issuers of client - certificates allowed to use X.509 tokenless authorization. If the option is - absent then no certificates will be allowed. The format for the values of - a distinguished name (DN) must be separated by a comma and contain no spaces. - Furthermore, because an individual DN may contain commas, this configuration - option may be repeated multiple times to represent multiple values. For example, - keystone.conf would include two consecutive lines in order to trust two different - DNs, such as `trusted_issuer = CN=john,OU=keystone,O=openstack` and `trusted_issuer - = CN=mary,OU=eng,O=abc`. - max: null - metavar: null - min: null - mutable: false - name: trusted_issuer - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: multi valued - - advanced: false - choices: [] - default: x509 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: protocol - help: The federated protocol ID used to represent X.509 tokenless authorization. - This is used in combination with the value of `[tokenless_auth] issuer_attribute` - to find a corresponding federated mapping. In a typical deployment, there - is no reason to change this value. - max: null - metavar: null - min: null - mutable: false - name: protocol - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - - advanced: false - choices: [] - default: SSL_CLIENT_I_DN - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: issuer_attribute - help: The name of the WSGI environment variable used to pass the issuer of the - client certificate to keystone. This attribute is used as an identity provider - ID for the X.509 tokenless authorization along with the protocol to look up - its corresponding mapping. In a typical deployment, there is no reason to - change this value. - max: null - metavar: null - min: null - mutable: false - name: issuer_attribute - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - standard_opts: - - trusted_issuer - - protocol - - issuer_attribute - trust: - driver_option: '' - driver_opts: {} - dynamic_group_owner: '' - help: '' - opts: - - advanced: false - choices: [] - default: true - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: enabled - help: Delegation and impersonation features using trusts can be optionally disabled. - max: null - metavar: null - min: null - mutable: false - name: enabled - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: false - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: allow_redelegation - help: Allows authorization to be redelegated from one user to another, effectively - chaining trusts together. When disabled, the `remaining_uses` attribute of - a trust is constrained to be zero. - max: null - metavar: null - min: null - mutable: false - name: allow_redelegation - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: boolean value - - advanced: false - choices: [] - default: 3 - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: max_redelegation_count - help: Maximum number of times that authorization can be redelegated from one - user to another in a chain of trusts. This number may be reduced further for - a specific trust. - max: null - metavar: null - min: null - mutable: false - name: max_redelegation_count - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: integer value - - advanced: false - choices: [] - default: sql - deprecated_for_removal: false - deprecated_opts: [] - deprecated_reason: null - deprecated_since: null - dest: driver - help: Entry point for the trust backend driver in the `keystone.trust` namespace. - Keystone only provides a `sql` driver, so there is no reason to change this - unless you are providing a custom entry point. - max: null - metavar: null - min: null - mutable: false - name: driver - namespace: keystone - positional: false - required: false - sample_default: null - secret: false - short: null - type: string value - standard_opts: - - enabled - - allow_redelegation - - max_redelegation_count - - driver - diff --git a/tests/templates/tempest.conf b/tests/templates/tempest.conf deleted file mode 100644 index 6add9f4..0000000 --- a/tests/templates/tempest.conf +++ /dev/null @@ -1,38 +0,0 @@ -[DEFAULT] -debug = true - -[auth] -# Roles to assign to all users created by tempest (list value) -tempest_roles = _member_ - -use_dynamic_credentials = true - -# Roles to assign to all users created by tempest (list value) -#tempest_roles = -default_credentials_domain_name = Default - -admin_username = admin -admin_project_name = admin -admin_password = weakpassword -admin_domain_name = Default - -[identity] -admin_username = admin -admin_tenant_name = admin -admin_domain_name = Default -disable_ssl_certificate_validation = true -catalog_type = identity -uri = http://{{keystone_ip}}:5000/v3 -uri_v3 = http://{{keystone_ip}}:5000/v3 -auth_version = v3 -region = RegionOne -admin_role = admin -default_domain_id = default -admin_password = weakpassword - -[service_available] -cinder = false -neutron = false -glance = false -swift = false -nova = false \ No newline at end of file diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index bd5be55..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -- name: Get keystone cluster ip - shell: - cmd: | - kubectl get service keystone --namespace {{namespace}} --template={%raw%}{{.spec.clusterIP}}{%endraw%} - executable: /bin/bash - register: keystone_ip - -- set_fact: - keystone_ip: "{{keystone_ip.stdout}}" - -- name: Wait for keystone to become available - wait_for: - host: "{{keystone_ip}}" - port: "{{item}}" - delay: 2 - timeout: 300 - with_items: - - 35357 - - 5000 - -- name: Test keystone jobs completion - shell: - cmd: | - set -ex - - rst=$(kubectl --namespace {{namespace}} get jobs {{item}} --template={%raw%}"{{.status.succeeded}}"{%endraw%}) - if [ "$rst" == "1" ]; then - exit 0 - fi - exit 1 - executable: /bin/bash - retries: 6 - delay: 5 - register: task_result - until: task_result.rc == 0 - with_items: - - keystone-createdb - - keystone-db-sync - - keystone-fernet - - keystone-bootstrap - - -- name: Copy tempests config - become: true - template: - src: templates/tempest.conf - dest: /etc/tempest/tempest.conf - -- name: Run tempest - shell: - cmd: | - set -x - set -e - tempest init tempest - cd tempest - tempest run -r identity - executable: /bin/bash - register: tempest_output