openstack
/
ansible-role-k8s-keystone
Code Issues Proposed changes
ansible-role-k8s-keystone/templates/keystone-schema.yaml

12324 lines
348 KiB
YAML
Raw Blame History

deprecated_options:
DATABASE:
- name: sql_connection
replacement_group: database
replacement_name: connection
- name: sql_idle_timeout
replacement_group: database
replacement_name: idle_timeout
- name: sql_min_pool_size
replacement_group: database
replacement_name: min_pool_size
- name: sql_max_pool_size
replacement_group: database
replacement_name: max_pool_size
- name: sql_max_retries
replacement_group: database
replacement_name: max_retries
- name: reconnect_interval
replacement_group: database
replacement_name: retry_interval
- name: sqlalchemy_max_overflow
replacement_group: database
replacement_name: max_overflow
- name: sqlalchemy_pool_timeout
replacement_group: database
replacement_name: pool_timeout
DEFAULT:
- name: rpc_conn_pool_size
replacement_group: DEFAULT
replacement_name: rpc_conn_pool_size
- name: rpc_zmq_bind_address
replacement_group: DEFAULT
replacement_name: rpc_zmq_bind_address
- name: rpc_zmq_matchmaker
replacement_group: DEFAULT
replacement_name: rpc_zmq_matchmaker
- name: rpc_zmq_contexts
replacement_group: DEFAULT
replacement_name: rpc_zmq_contexts
- name: rpc_zmq_topic_backlog
replacement_group: DEFAULT
replacement_name: rpc_zmq_topic_backlog
- name: rpc_zmq_ipc_dir
replacement_group: DEFAULT
replacement_name: rpc_zmq_ipc_dir
- name: rpc_zmq_host
replacement_group: DEFAULT
replacement_name: rpc_zmq_host
- name: rpc_cast_timeout
replacement_group: DEFAULT
replacement_name: zmq_linger
- name: rpc_poll_timeout
replacement_group: DEFAULT
replacement_name: rpc_poll_timeout
- name: zmq_target_expire
replacement_group: DEFAULT
replacement_name: zmq_target_expire
- name: zmq_target_update
replacement_group: DEFAULT
replacement_name: zmq_target_update
- name: use_pub_sub
replacement_group: DEFAULT
replacement_name: use_pub_sub
- name: use_router_proxy
replacement_group: DEFAULT
replacement_name: use_router_proxy
- name: rpc_zmq_min_port
replacement_group: DEFAULT
replacement_name: rpc_zmq_min_port
- name: rpc_zmq_max_port
replacement_group: DEFAULT
replacement_name: rpc_zmq_max_port
- name: rpc_zmq_bind_port_retries
replacement_group: DEFAULT
replacement_name: rpc_zmq_bind_port_retries
- name: rpc_zmq_serialization
replacement_group: DEFAULT
replacement_name: rpc_zmq_serialization
- name: rpc_thread_pool_size
replacement_group: DEFAULT
replacement_name: executor_thread_pool_size
- name: log_config
replacement_group: DEFAULT
replacement_name: log-config-append
- name: logfile
replacement_group: DEFAULT
replacement_name: log-file
- name: logdir
replacement_group: DEFAULT
replacement_name: log-dir
- name: rpc_zmq_bind_address
replacement_group: oslo_messaging_zmq
replacement_name: rpc_zmq_bind_address
- name: rpc_zmq_matchmaker
replacement_group: oslo_messaging_zmq
replacement_name: rpc_zmq_matchmaker
- name: rpc_zmq_contexts
replacement_group: oslo_messaging_zmq
replacement_name: rpc_zmq_contexts
- name: rpc_zmq_topic_backlog
replacement_group: oslo_messaging_zmq
replacement_name: rpc_zmq_topic_backlog
- name: rpc_zmq_ipc_dir
replacement_group: oslo_messaging_zmq
replacement_name: rpc_zmq_ipc_dir
- name: rpc_zmq_host
replacement_group: oslo_messaging_zmq
replacement_name: rpc_zmq_host
- name: rpc_cast_timeout
replacement_group: oslo_messaging_zmq
replacement_name: zmq_linger
- name: rpc_poll_timeout
replacement_group: oslo_messaging_zmq
replacement_name: rpc_poll_timeout
- name: zmq_target_expire
replacement_group: oslo_messaging_zmq
replacement_name: zmq_target_expire
- name: zmq_target_update
replacement_group: oslo_messaging_zmq
replacement_name: zmq_target_update
- name: use_pub_sub
replacement_group: oslo_messaging_zmq
replacement_name: use_pub_sub
- name: use_router_proxy
replacement_group: oslo_messaging_zmq
replacement_name: use_router_proxy
- name: rpc_zmq_min_port
replacement_group: oslo_messaging_zmq
replacement_name: rpc_zmq_min_port
- name: rpc_zmq_max_port
replacement_group: oslo_messaging_zmq
replacement_name: rpc_zmq_max_port
- name: rpc_zmq_bind_port_retries
replacement_group: oslo_messaging_zmq
replacement_name: rpc_zmq_bind_port_retries
- name: rpc_zmq_serialization
replacement_group: oslo_messaging_zmq
replacement_name: rpc_zmq_serialization
- name: notification_driver
replacement_group: oslo_messaging_notifications
replacement_name: driver
- name: notification_transport_url
replacement_group: oslo_messaging_notifications
replacement_name: transport_url
- name: notification_topics
replacement_group: oslo_messaging_notifications
replacement_name: topics
- name: amqp_durable_queues
replacement_group: oslo_messaging_rabbit
replacement_name: amqp_durable_queues
- name: rabbit_durable_queues
replacement_group: oslo_messaging_rabbit
replacement_name: amqp_durable_queues
- name: amqp_auto_delete
replacement_group: oslo_messaging_rabbit
replacement_name: amqp_auto_delete
- name: kombu_reconnect_delay
replacement_group: oslo_messaging_rabbit
replacement_name: kombu_reconnect_delay
- name: rabbit_host
replacement_group: oslo_messaging_rabbit
replacement_name: rabbit_host
- name: rabbit_port
replacement_group: oslo_messaging_rabbit
replacement_name: rabbit_port
- name: rabbit_hosts
replacement_group: oslo_messaging_rabbit
replacement_name: rabbit_hosts
- name: rabbit_userid
replacement_group: oslo_messaging_rabbit
replacement_name: rabbit_userid
- name: rabbit_password
replacement_group: oslo_messaging_rabbit
replacement_name: rabbit_password
- name: rabbit_login_method
replacement_group: oslo_messaging_rabbit
replacement_name: rabbit_login_method
- name: rabbit_virtual_host
replacement_group: oslo_messaging_rabbit
replacement_name: rabbit_virtual_host
- name: rabbit_retry_backoff
replacement_group: oslo_messaging_rabbit
replacement_name: rabbit_retry_backoff
- name: rabbit_max_retries
replacement_group: oslo_messaging_rabbit
replacement_name: rabbit_max_retries
- name: rabbit_ha_queues
replacement_group: oslo_messaging_rabbit
replacement_name: rabbit_ha_queues
- name: fake_rabbit
replacement_group: oslo_messaging_rabbit
replacement_name: fake_rabbit
- name: bind_host
replacement_group: eventlet_server
replacement_name: public_bind_host
- name: public_bind_host
replacement_group: eventlet_server
replacement_name: public_bind_host
- name: public_port
replacement_group: eventlet_server
replacement_name: public_port
- name: bind_host
replacement_group: eventlet_server
replacement_name: admin_bind_host
- name: admin_bind_host
replacement_group: eventlet_server
replacement_name: admin_bind_host
- name: admin_port
replacement_group: eventlet_server
replacement_name: admin_port
- name: policy_file
replacement_group: oslo_policy
replacement_name: policy_file
- name: policy_default_rule
replacement_group: oslo_policy
replacement_name: policy_default_rule
- name: policy_dirs
replacement_group: oslo_policy
replacement_name: policy_dirs
- name: osapi_max_request_body_size
replacement_group: oslo_middleware
replacement_name: max_request_body_size
- name: max_request_body_size
replacement_group: oslo_middleware
replacement_name: max_request_body_size
- name: sqlite_synchronous
replacement_group: database
replacement_name: sqlite_synchronous
- name: db_backend
replacement_group: database
replacement_name: backend
- name: sql_connection
replacement_group: database
replacement_name: connection
- name: sql_idle_timeout
replacement_group: database
replacement_name: idle_timeout
- name: sql_min_pool_size
replacement_group: database
replacement_name: min_pool_size
- name: sql_max_pool_size
replacement_group: database
replacement_name: max_pool_size
- name: sql_max_retries
replacement_group: database
replacement_name: max_retries
- name: sql_retry_interval
replacement_group: database
replacement_name: retry_interval
- name: sql_max_overflow
replacement_group: database
replacement_name: max_overflow
- name: sql_connection_debug
replacement_group: database
replacement_name: connection_debug
- name: sql_connection_trace
replacement_group: database
replacement_name: connection_trace
amqp1:
- name: container_name
replacement_group: oslo_messaging_amqp
replacement_name: container_name
- name: idle_timeout
replacement_group: oslo_messaging_amqp
replacement_name: idle_timeout
- name: trace
replacement_group: oslo_messaging_amqp
replacement_name: trace
- name: ssl_ca_file
replacement_group: oslo_messaging_amqp
replacement_name: ssl_ca_file
- name: ssl_cert_file
replacement_group: oslo_messaging_amqp
replacement_name: ssl_cert_file
- name: ssl_key_file
replacement_group: oslo_messaging_amqp
replacement_name: ssl_key_file
- name: ssl_key_password
replacement_group: oslo_messaging_amqp
replacement_name: ssl_key_password
- name: allow_insecure_clients
replacement_group: oslo_messaging_amqp
replacement_name: allow_insecure_clients
- name: sasl_mechanisms
replacement_group: oslo_messaging_amqp
replacement_name: sasl_mechanisms
- name: sasl_config_dir
replacement_group: oslo_messaging_amqp
replacement_name: sasl_config_dir
- name: sasl_config_name
replacement_group: oslo_messaging_amqp
replacement_name: sasl_config_name
- name: username
replacement_group: oslo_messaging_amqp
replacement_name: username
- name: password
replacement_group: oslo_messaging_amqp
replacement_name: password
- name: server_request_prefix
replacement_group: oslo_messaging_amqp
replacement_name: server_request_prefix
- name: broadcast_prefix
replacement_group: oslo_messaging_amqp
replacement_name: broadcast_prefix
- name: group_request_prefix
replacement_group: oslo_messaging_amqp
replacement_name: group_request_prefix
assignment:
- name: caching
replacement_group: resource
replacement_name: caching
- name: cache_time
replacement_group: resource
replacement_name: cache_time
- name: list_limit
replacement_group: resource
replacement_name: list_limit
oslo_messaging_rabbit:
- name: kombu_ssl_version
replacement_group: oslo_messaging_rabbit
replacement_name: ssl_version
- name: kombu_ssl_keyfile
replacement_group: oslo_messaging_rabbit
replacement_name: ssl_key_file
- name: kombu_ssl_certfile
replacement_group: oslo_messaging_rabbit
replacement_name: ssl_cert_file
- name: kombu_ssl_ca_certs
replacement_group: oslo_messaging_rabbit
replacement_name: ssl_ca_file
- name: kombu_reconnect_timeout
replacement_group: oslo_messaging_rabbit
replacement_name: kombu_missing_consumer_retry_timeout
profiler:
- name: profiler_enabled
replacement_group: profiler
replacement_name: enabled
rpc_notifier2:
- name: topics
replacement_group: oslo_messaging_notifications
replacement_name: topics
sql:
- name: connection
replacement_group: database
replacement_name: connection
- name: idle_timeout
replacement_group: database
replacement_name: idle_timeout
token:
- name: revocation_cache_time
replacement_group: revoke
replacement_name: cache_time
generator_options:
config_dir: []
config_file:
- config-generator/keystone.conf
format_: yaml
minimal: false
namespace:
- keystone
- oslo.cache
- oslo.log
- oslo.messaging
- oslo.policy
- oslo.db
- oslo.middleware
- osprofiler
output_file: keystone-schema.yaml
summarize: false
wrap_width: 79
options:
DEFAULT:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: admin_token
help: Using this feature is *NOT* recommended. Instead, use the `keystone-manage
bootstrap` command. The value of this option is treated as a "shared secret"
that can be used to bootstrap Keystone through the API. This "token" does
not represent a user (it has no identity), and carries no explicit authorization
(it effectively bypasses most authorization checks). If set to `None`, the
value is ignored and the `admin_token` middleware is effectively disabled.
However, to completely disable `admin_token` in production (highly recommended,
as it presents a security risk), remove `AdminTokenAuthMiddleware` (the `admin_token_auth`
filter) from your paste application pipelines (for example, in `keystone-paste.ini`).
max: null
metavar: null
min: null
mutable: false
name: admin_token
namespace: keystone
positional: false
required: false
sample_default: null
secret: true
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: public_endpoint
help: 'The base public endpoint URL for Keystone that is advertised to clients
(NOTE: this does NOT affect how Keystone listens for connections). Defaults
to the base host URL of the request. For example, if keystone receives a request
to `http://server:5000/v3/users`, then this will option will be automatically
treated as `http://server:5000`. You should only need to set option if either
the value of the base URL contains a path that keystone does not automatically
infer (`/prefix/v3`), or if the endpoint should be found on a different host.'
max: null
metavar: null
min: null
mutable: false
name: public_endpoint
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: uri value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: admin_endpoint
help: 'The base admin endpoint URL for Keystone that is advertised to clients
(NOTE: this does NOT affect how Keystone listens for connections). Defaults
to the base host URL of the request. For example, if keystone receives a request
to `http://server:35357/v3/users`, then this will option will be automatically
treated as `http://server:35357`. You should only need to set option if either
the value of the base URL contains a path that keystone does not automatically
infer (`/prefix/v3`), or if the endpoint should be found on a different host.'
max: null
metavar: null
min: null
mutable: false
name: admin_endpoint
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: uri value
- advanced: false
choices: []
default: 5
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: max_project_tree_depth
help: 'Maximum depth of the project hierarchy, excluding the project acting
as a domain at the top of the hierarchy. WARNING: Setting it to a large value
may adversely impact performance.'
max: null
metavar: null
min: null
mutable: false
name: max_project_tree_depth
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 64
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: max_param_size
help: Limit the sizes of user & project ID/names.
max: null
metavar: null
min: null
mutable: false
name: max_param_size
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 255
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: max_token_size
help: Similar to `[DEFAULT] max_param_size`, but provides an exception for token
values. With Fernet tokens, this can be set as low as 255. With UUID tokens,
this should be set to 32).
max: null
metavar: null
min: null
mutable: false
name: max_token_size
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 9fe2ff9ee4384b1894a90878d3e92bab
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: member_role_id
help: Similar to the `[DEFAULT] member_role_name` option, this represents the
default role ID used to associate users with their default projects in the
v2 API. This will be used as the explicit role where one is not specified
by the v2 API. You do not need to set this value unless you want keystone
to use an existing role with a different ID, other than the arbitrarily defined
`_member_` role (in which case, you should set `[DEFAULT] member_role_name`
as well).
max: null
metavar: null
min: null
mutable: false
name: member_role_id
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: _member_
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: member_role_name
help: This is the role name used in combination with the `[DEFAULT] member_role_id`
option; see that option for more detail. You do not need to set this option
unless you want keystone to use an existing role (in which case, you should
set `[DEFAULT] member_role_id` as well).
max: null
metavar: null
min: null
mutable: false
name: member_role_name
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 10000
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: sha512_crypt is insufficient for password hashes, use of
bcrypt, pbkfd2_sha512 and scrypt are now supported. Options are located in
the [identity] config block. This option is still used for rolling upgrade
compatibility password hashing.
deprecated_since: P
dest: crypt_strength
help: The value passed as the keyword "rounds" to passlib's encrypt method.
This option represents a trade off between security and performance. Higher
values lead to slower performance, but higher security. Changing this option
will only affect newly created passwords as existing password hashes already
have a fixed number of rounds applied, so it is safe to tune this option in
a running cluster. For more information, see https://pythonhosted.org/passlib/password_hash_api.html#choosing-the-right-rounds-value
max: 100000
metavar: null
min: 1000
mutable: false
name: crypt_strength
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: list_limit
help: The maximum number of entities that will be returned in a collection.
This global limit may be then overridden for a specific driver, by specifying
a list_limit in the appropriate section (for example, `[assignment]`). No
limit is set by default. In larger deployments, it is recommended that you
set this to a reasonable number to prevent operations like listing all users
and projects from placing an unnecessary load on the system.
max: null
metavar: null
min: null
mutable: false
name: list_limit
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: strict_password_check
help: If set to true, strict password length checking is performed for password
manipulation. If a password exceeds the maximum length, the operation will
fail with an HTTP 403 Forbidden error. If set to false, passwords are automatically
truncated to the maximum length.
max: null
metavar: null
min: null
mutable: false
name: strict_password_check
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: HTTP_X_FORWARDED_PROTO
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: This option has been deprecated in the N release and will
be removed in the P release. Use oslo.middleware.http_proxy_to_wsgi configuration
instead.
deprecated_since: N
dest: secure_proxy_ssl_header
help: The HTTP header used to determine the scheme for the original request,
even if it was removed by an SSL terminating proxy.
max: null
metavar: null
min: null
mutable: false
name: secure_proxy_ssl_header
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: insecure_debug
help: If set to true, then the server will return information in HTTP responses
that may allow an unauthenticated or authenticated user to get more information
than normal, such as additional details about why authentication failed. This
may be useful for debugging but is insecure.
max: null
metavar: null
min: null
mutable: false
name: insecure_debug
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_publisher_id
help: Default `publisher_id` for outgoing notifications. If left undefined,
Keystone will default to using the server's host name.
max: null
metavar: null
min: null
mutable: false
name: default_publisher_id
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices:
- basic
- cadf
default: cadf
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: notification_format
help: Define the notification format for identity service events. A `basic`
notification only has information about the resource being operated on. A
`cadf` notification has the same information, as well as information about
the initiator of the event. The `cadf` option is entirely backwards compatible
with the `basic` option, but is fully CADF-compliant, and is recommended for
auditing use cases.
max: null
metavar: null
min: null
mutable: false
name: notification_format
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default:
- identity.authenticate.success
- identity.authenticate.pending
- identity.authenticate.failed
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: notification_opt_out
help: 'You can reduce the number of notifications keystone emits by explicitly
opting out. Keystone will not emit notifications that match the patterns expressed
in this list. Values are expected to be in the form of `identity.<resource_type>.<operation>`.
By default, all notifications related to authentication are automatically
suppressed. This field can be set multiple times in order to opt-out of multiple
notification topics. For example, the following suppresses notifications describing
user creation or successful authentication events: notification_opt_out=identity.user.create
notification_opt_out=identity.authenticate.success'
max: null
metavar: null
min: null
mutable: false
name: notification_opt_out
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: multi valued
- advanced: false
choices: []
default: 30
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_conn_pool_size
deprecated_reason: null
deprecated_since: null
dest: rpc_conn_pool_size
help: Size of RPC connection pool.
max: null
metavar: null
min: null
mutable: false
name: rpc_conn_pool_size
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 2
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: conn_pool_min_size
help: The pool size limit for connections expiration policy
max: null
metavar: null
min: null
mutable: false
name: conn_pool_min_size
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 1200
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: conn_pool_ttl
help: The time-to-live in sec of idle connections in the pool
max: null
metavar: null
min: null
mutable: false
name: conn_pool_ttl
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: '*'
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_bind_address
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_bind_address
help: ZeroMQ bind address. Should be a wildcard (*), an ethernet interface,
or IP. The "host" option should point or resolve to this address.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_bind_address
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: &id001
- redis
- sentinel
- dummy
default: redis
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_matchmaker
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_matchmaker
help: MatchMaker driver.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_matchmaker
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 1
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_contexts
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_contexts
help: Number of ZeroMQ contexts, defaults to 1.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_contexts
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_topic_backlog
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_topic_backlog
help: Maximum number of ingress messages to locally buffer per topic. Default
is unlimited.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_topic_backlog
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: /var/run/openstack
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_ipc_dir
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_ipc_dir
help: Directory for holding IPC sockets.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_ipc_dir
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: x1hobo
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_host
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_host
help: Name of this node. Must be a valid hostname, FQDN, or IP address. Must
match "host" option, if running Nova.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_host
namespace: oslo.messaging
positional: false
required: false
sample_default: localhost
secret: false
short: null
type: string value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_cast_timeout
deprecated_reason: null
deprecated_since: null
dest: zmq_linger
help: Number of seconds to wait before all pending messages will be sent after
closing a socket. The default value of -1 specifies an infinite linger period.
The value of 0 specifies no linger period. Pending messages shall be discarded
immediately when the socket is closed. Positive values specify an upper bound
for the linger period.
max: null
metavar: null
min: null
mutable: false
name: zmq_linger
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 1
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_poll_timeout
deprecated_reason: null
deprecated_since: null
dest: rpc_poll_timeout
help: The default number of seconds that poll should wait. Poll raises timeout
exception when timeout expired.
max: null
metavar: null
min: null
mutable: false
name: rpc_poll_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 300
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: zmq_target_expire
deprecated_reason: null
deprecated_since: null
dest: zmq_target_expire
help: Expiration timeout in seconds of a name service record about existing
target ( < 0 means no timeout).
max: null
metavar: null
min: null
mutable: false
name: zmq_target_expire
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 180
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: zmq_target_update
deprecated_reason: null
deprecated_since: null
dest: zmq_target_update
help: Update period in seconds of a name service record about existing target.
max: null
metavar: null
min: null
mutable: false
name: zmq_target_update
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: use_pub_sub
deprecated_reason: null
deprecated_since: null
dest: use_pub_sub
help: Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
max: null
metavar: null
min: null
mutable: false
name: use_pub_sub
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: use_router_proxy
deprecated_reason: null
deprecated_since: null
dest: use_router_proxy
help: Use ROUTER remote proxy.
max: null
metavar: null
min: null
mutable: false
name: use_router_proxy
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: use_dynamic_connections
help: This option makes direct connections dynamic or static. It makes sense
only with use_router_proxy=False which means to use direct connections for
direct message types (ignored otherwise).
max: null
metavar: null
min: null
mutable: false
name: use_dynamic_connections
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 2
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: zmq_failover_connections
help: How many additional connections to a host will be made for failover reasons.
This option is actual only in dynamic connections mode.
max: null
metavar: null
min: null
mutable: false
name: zmq_failover_connections
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 49153
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_min_port
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_min_port
help: Minimal port number for random ports range.
max: 65535
metavar: null
min: 0
mutable: false
name: rpc_zmq_min_port
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: port value
- advanced: false
choices: []
default: 65536
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_max_port
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_max_port
help: Maximal port number for random ports range.
max: 65536
metavar: null
min: 1
mutable: false
name: rpc_zmq_max_port
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 100
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_bind_port_retries
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_bind_port_retries
help: Number of retries to find free port number before fail with ZMQBindError.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_bind_port_retries
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: &id002
- json
- msgpack
default: json
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_serialization
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_serialization
help: Default serialization mechanism for serializing/deserializing outgoing/incoming
messages
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_serialization
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: zmq_immediate
help: This option configures round-robin mode in zmq socket. True means not
keeping a queue when server side disconnects. False means to keep queue and
messages even if server is disconnected, when the server appears we send all
accumulated messages to it.
max: null
metavar: null
min: null
mutable: false
name: zmq_immediate
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: zmq_tcp_keepalive
help: Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or
any other negative value) means to skip any overrides and leave it to OS default;
0 and 1 (or any other positive value) mean to disable and enable the option
respectively.
max: null
metavar: null
min: null
mutable: false
name: zmq_tcp_keepalive
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: zmq_tcp_keepalive_idle
help: The duration between two keepalive transmissions in idle condition. The
unit is platform dependent, for example, seconds in Linux, milliseconds in
Windows etc. The default value of -1 (or any other negative value and 0) means
to skip any overrides and leave it to OS default.
max: null
metavar: null
min: null
mutable: false
name: zmq_tcp_keepalive_idle
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: zmq_tcp_keepalive_cnt
help: The number of retransmissions to be carried out before declaring that
remote end is not available. The default value of -1 (or any other negative
value and 0) means to skip any overrides and leave it to OS default.
max: null
metavar: null
min: null
mutable: false
name: zmq_tcp_keepalive_cnt
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: zmq_tcp_keepalive_intvl
help: The duration between two successive keepalive retransmissions, if acknowledgement
to the previous keepalive transmission is not received. The unit is platform
dependent, for example, seconds in Linux, milliseconds in Windows etc. The
default value of -1 (or any other negative value and 0) means to skip any
overrides and leave it to OS default.
max: null
metavar: null
min: null
mutable: false
name: zmq_tcp_keepalive_intvl
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 100
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_thread_pool_size
help: Maximum number of (green) threads to work concurrently.
max: null
metavar: null
min: null
mutable: false
name: rpc_thread_pool_size
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 300
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_message_ttl
help: Expiration timeout in seconds of a sent/received message after which it
is not tracked anymore by a client/server.
max: null
metavar: null
min: null
mutable: false
name: rpc_message_ttl
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_use_acks
help: Wait for message acknowledgements from receivers. This mechanism works
only via proxy without PUB/SUB.
max: null
metavar: null
min: null
mutable: false
name: rpc_use_acks
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 15
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_ack_timeout_base
help: Number of seconds to wait for an ack from a cast/call. After each retry
attempt this timeout is multiplied by some specified multiplier.
max: null
metavar: null
min: null
mutable: false
name: rpc_ack_timeout_base
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 2
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_ack_timeout_multiplier
help: Number to multiply base ack timeout by after each retry attempt.
max: null
metavar: null
min: null
mutable: false
name: rpc_ack_timeout_multiplier
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 3
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_retry_attempts
help: 'Default number of message sending attempts in case of any problems occurred:
positive value N means at most N retries, 0 means no retries, None or -1 (or
any other negative values) mean to retry forever. This option is used only
if acknowledgments are enabled.'
max: null
metavar: null
min: null
mutable: false
name: rpc_retry_attempts
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: subscribe_on
help: List of publisher hosts SubConsumer can subscribe on. This option has
higher priority then the default publishers list taken from the matchmaker.
max: null
metavar: null
min: null
mutable: false
name: subscribe_on
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: 64
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_thread_pool_size
deprecated_reason: null
deprecated_since: null
dest: executor_thread_pool_size
help: Size of executor thread pool when executor is threading or eventlet.
max: null
metavar: null
min: null
mutable: false
name: executor_thread_pool_size
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 60
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_response_timeout
help: Seconds to wait for a response from a call.
max: null
metavar: null
min: null
mutable: false
name: rpc_response_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: transport_url
help: A URL representing the messaging driver to use and its full configuration.
max: null
metavar: null
min: null
mutable: false
name: transport_url
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: true
short: null
type: string value
- advanced: false
choices: []
default: rabbit
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: rpc_backend
help: The messaging driver to use, defaults to rabbit. Other drivers include
amqp and zmq.
max: null
metavar: null
min: null
mutable: false
name: rpc_backend
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: keystone
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: control_exchange
help: The default exchange under which topics are scoped. May be overridden
by an exchange name specified in the transport_url option.
max: null
metavar: null
min: null
mutable: false
name: control_exchange
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: debug
help: If set to true, the logging level will be set to DEBUG instead of the
default INFO level.
max: null
metavar: null
min: null
mutable: true
name: debug
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: d
type: boolean value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: log_config
deprecated_reason: null
deprecated_since: null
dest: log_config_append
help: The name of a logging configuration file. This file is appended to any
existing logging configuration files. For details about logging configuration
files, see the Python logging module documentation. Note that when logging
configuration files are used then all logging configuration is set in the
configuration file and other logging configuration options are ignored (for
example, logging_context_format_string).
max: null
metavar: PATH
min: null
mutable: true
name: log-config-append
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: '%Y-%m-%d %H:%M:%S'
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: log_date_format
help: 'Defines the format string for %%(asctime)s in log records. Default: %(default)s
. This option is ignored if log_config_append is set.'
max: null
metavar: DATE_FORMAT
min: null
mutable: false
name: log-date-format
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: logfile
deprecated_reason: null
deprecated_since: null
dest: log_file
help: (Optional) Name of log file to send logging output to. If no default is
set, logging will go to stderr as defined by use_stderr. This option is ignored
if log_config_append is set.
max: null
metavar: PATH
min: null
mutable: false
name: log-file
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: logdir
deprecated_reason: null
deprecated_since: null
dest: log_dir
help: (Optional) The base directory used for relative log_file paths. This
option is ignored if log_config_append is set.
max: null
metavar: null
min: null
mutable: false
name: log-dir
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: watch_log_file
help: Uses logging handler designed to watch file system. When log file is moved
or removed this handler will open a new log file with specified path instantaneously.
It makes sense only if log_file option is specified and Linux platform is
used. This option is ignored if log_config_append is set.
max: null
metavar: null
min: null
mutable: false
name: watch-log-file
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: use_syslog
help: Use syslog for logging. Existing syslog format is DEPRECATED and will
be changed later to honor RFC5424. This option is ignored if log_config_append
is set.
max: null
metavar: null
min: null
mutable: false
name: use-syslog
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: use_journal
help: Enable journald for logging. If running in a systemd environment you may
wish to enable journal support. Doing so will use the journal native protocol
which includes structured metadata in addition to log messages.This option
is ignored if log_config_append is set.
max: null
metavar: null
min: null
mutable: false
name: use-journal
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: LOG_USER
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: syslog_log_facility
help: Syslog facility to receive log lines. This option is ignored if log_config_append
is set.
max: null
metavar: null
min: null
mutable: false
name: syslog-log-facility
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: use_stderr
help: Log output to standard error. This option is ignored if log_config_append
is set.
max: null
metavar: null
min: null
mutable: false
name: use_stderr
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s
%(user_identity)s] %(instance)s%(message)s'
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: logging_context_format_string
help: Format string to use for log messages with context.
max: null
metavar: null
min: null
mutable: false
name: logging_context_format_string
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s'
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: logging_default_format_string
help: Format string to use for log messages when context is undefined.
max: null
metavar: null
min: null
mutable: false
name: logging_default_format_string
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: '%(funcName)s %(pathname)s:%(lineno)d'
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: logging_debug_format_suffix
help: Additional data to append to log message when logging level for the message
is DEBUG.
max: null
metavar: null
min: null
mutable: false
name: logging_debug_format_suffix
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: '%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s'
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: logging_exception_prefix
help: Prefix each line of exception output with this format.
max: null
metavar: null
min: null
mutable: false
name: logging_exception_prefix
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: '%(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s'
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: logging_user_identity_format
help: Defines the format string for %(user_identity)s that is used in logging_context_format_string.
max: null
metavar: null
min: null
mutable: false
name: logging_user_identity_format
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default:
- amqp=WARN
- amqplib=WARN
- boto=WARN
- qpid=WARN
- sqlalchemy=WARN
- suds=INFO
- oslo.messaging=INFO
- oslo_messaging=INFO
- iso8601=WARN
- requests.packages.urllib3.connectionpool=WARN
- urllib3.connectionpool=WARN
- websocket=WARN
- requests.packages.urllib3.util.retry=WARN
- urllib3.util.retry=WARN
- keystonemiddleware=WARN
- routes.middleware=WARN
- stevedore=WARN
- taskflow=WARN
- keystoneauth=WARN
- oslo.cache=INFO
- dogpile.core.dogpile=INFO
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_log_levels
help: List of package logging levels in logger=LEVEL pairs. This option is ignored
if log_config_append is set.
max: null
metavar: null
min: null
mutable: false
name: default_log_levels
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: publish_errors
help: Enables or disables publication of error events.
max: null
metavar: null
min: null
mutable: false
name: publish_errors
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: '[instance: %(uuid)s] '
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: instance_format
help: The format for an instance that is passed with the log message.
max: null
metavar: null
min: null
mutable: false
name: instance_format
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: '[instance: %(uuid)s] '
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: instance_uuid_format
help: The format for an instance UUID that is passed with the log message.
max: null
metavar: null
min: null
mutable: false
name: instance_uuid_format
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 0
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rate_limit_interval
help: Interval, number of seconds, of log rate limiting.
max: null
metavar: null
min: null
mutable: false
name: rate_limit_interval
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 0
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rate_limit_burst
help: Maximum number of logged messages per rate_limit_interval.
max: null
metavar: null
min: null
mutable: false
name: rate_limit_burst
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: CRITICAL
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rate_limit_except_level
help: 'Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING,
DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level
are not filtered. An empty string means that all levels are filtered.'
max: null
metavar: null
min: null
mutable: false
name: rate_limit_except_level
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: fatal_deprecations
help: Enables or disables fatal status of deprecations.
max: null
metavar: null
min: null
mutable: false
name: fatal_deprecations
namespace: oslo.log
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
standard_opts:
- admin_token
- public_endpoint
- admin_endpoint
- max_project_tree_depth
- max_param_size
- max_token_size
- member_role_id
- member_role_name
- crypt_strength
- list_limit
- strict_password_check
- secure_proxy_ssl_header
- insecure_debug
- default_publisher_id
- notification_format
- notification_opt_out
- rpc_conn_pool_size
- conn_pool_min_size
- conn_pool_ttl
- rpc_zmq_bind_address
- rpc_zmq_matchmaker
- rpc_zmq_contexts
- rpc_zmq_topic_backlog
- rpc_zmq_ipc_dir
- rpc_zmq_host
- zmq_linger
- rpc_poll_timeout
- zmq_target_expire
- zmq_target_update
- use_pub_sub
- use_router_proxy
- use_dynamic_connections
- zmq_failover_connections
- rpc_zmq_min_port
- rpc_zmq_max_port
- rpc_zmq_bind_port_retries
- rpc_zmq_serialization
- zmq_immediate
- zmq_tcp_keepalive
- zmq_tcp_keepalive_idle
- zmq_tcp_keepalive_cnt
- zmq_tcp_keepalive_intvl
- rpc_thread_pool_size
- rpc_message_ttl
- rpc_use_acks
- rpc_ack_timeout_base
- rpc_ack_timeout_multiplier
- rpc_retry_attempts
- subscribe_on
- executor_thread_pool_size
- rpc_response_timeout
- transport_url
- rpc_backend
- control_exchange
- debug
- log-config-append
- log-date-format
- log-file
- log-dir
- watch-log-file
- use-syslog
- use-journal
- syslog-log-facility
- use_stderr
- logging_context_format_string
- logging_default_format_string
- logging_debug_format_suffix
- logging_exception_prefix
- logging_user_identity_format
- default_log_levels
- publish_errors
- instance_format
- instance_uuid_format
- rate_limit_interval
- rate_limit_burst
- rate_limit_except_level
- fatal_deprecations
assignment:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the assignment backend driver (where role assignments
are stored) in the `keystone.assignment` namespace. Only a SQL driver is supplied
by keystone itself. Unless you are writing proprietary drivers for keystone,
you do not need to set this option.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default:
- admin
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: prohibited_implied_role
help: A list of role names which are prohibited from being an implied role.
max: null
metavar: null
min: null
mutable: false
name: prohibited_implied_role
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
standard_opts:
- driver
- prohibited_implied_role
auth:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default:
- external
- password
- token
- oauth1
- mapped
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: methods
help: 'Allowed authentication methods. Note: You should disable the `external`
auth method if you are currently using federation. External auth and federation
both use the REMOTE_USER variable. Since both the mapped and external plugin
are being invoked to validate attributes in the request environment, it can
cause conflicts.'
max: null
metavar: null
min: null
mutable: false
name: methods
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: password
help: Entry point for the password auth plugin module in the `keystone.auth.password`
namespace. You do not need to set this unless you are overriding keystone's
own password authentication plugin.
max: null
metavar: null
min: null
mutable: false
name: password
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: token
help: Entry point for the token auth plugin module in the `keystone.auth.token`
namespace. You do not need to set this unless you are overriding keystone's
own token authentication plugin.
max: null
metavar: null
min: null
mutable: false
name: token
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: external
help: Entry point for the external (`REMOTE_USER`) auth plugin module in the
`keystone.auth.external` namespace. Supplied drivers are `DefaultDomain` and
`Domain`. The default driver is `DefaultDomain`, which assumes that all users
identified by the username specified to keystone in the `REMOTE_USER` variable
exist within the context of the default domain. The `Domain` option expects
an additional environment variable be presented to keystone, `REMOTE_DOMAIN`,
containing the domain name of the `REMOTE_USER` (if `REMOTE_DOMAIN` is not
set, then the default domain will be used instead). You do not need to set
this unless you are taking advantage of "external authentication", where the
application server (such as Apache) is handling authentication instead of
keystone.
max: null
metavar: null
min: null
mutable: false
name: external
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: oauth1
help: Entry point for the OAuth 1.0a auth plugin module in the `keystone.auth.oauth1`
namespace. You do not need to set this unless you are overriding keystone's
own `oauth1` authentication plugin.
max: null
metavar: null
min: null
mutable: false
name: oauth1
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: mapped
help: Entry point for the mapped auth plugin module in the `keystone.auth.mapped`
namespace. You do not need to set this unless you are overriding keystone's
own `mapped` authentication plugin.
max: null
metavar: null
min: null
mutable: false
name: mapped
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
standard_opts:
- methods
- password
- token
- external
- oauth1
- mapped
cache:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: cache.oslo
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: config_prefix
help: Prefix for building the configuration dictionary for the cache region.
This should not need to be changed unless there is another dogpile.cache region
with the same configuration name.
max: null
metavar: null
min: null
mutable: false
name: config_prefix
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 600
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: expiration_time
help: Default TTL, in seconds, for any cached item in the dogpile.cache region.
This applies to any cached method that doesn't have an explicit cache expiration
time defined for it.
max: null
metavar: null
min: null
mutable: false
name: expiration_time
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: dogpile.cache.null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: backend
help: Dogpile.cache backend module. It is recommended that Memcache or Redis
(dogpile.cache.redis) be used in production deployments. For eventlet-based
or highly threaded servers, Memcache with pooling (oslo_cache.memcache_pool)
is recommended. For low thread servers, dogpile.cache.memcached is recommended.
Test environments with a single instance of the server can use the dogpile.cache.memory
backend.
max: null
metavar: null
min: null
mutable: false
name: backend
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: backend_argument
help: 'Arguments supplied to the backend module. Specify this option once per
argument to be passed to the dogpile.cache backend. Example format: "<argname>:<value>".'
max: null
metavar: null
min: null
mutable: false
name: backend_argument
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: true
short: null
type: multi valued
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: proxies
help: Proxy classes to import that will affect the way the dogpile.cache backend
functions. See the dogpile.cache documentation on changing-backend-behavior.
max: null
metavar: null
min: null
mutable: false
name: proxies
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: enabled
help: Global toggle for caching.
max: null
metavar: null
min: null
mutable: false
name: enabled
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: debug_cache_backend
help: Extra debugging from the cache backend (cache keys, get/set/delete/etc
calls). This is only really useful if you need to see the specific cache-backend
get/set/delete calls with the keys/values. Typically this should be left
set to false.
max: null
metavar: null
min: null
mutable: false
name: debug_cache_backend
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default:
- localhost:11211
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: memcache_servers
help: Memcache servers in the format of "host:port". (dogpile.cache.memcache
and oslo_cache.memcache_pool backends only).
max: null
metavar: null
min: null
mutable: false
name: memcache_servers
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: 300
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: memcache_dead_retry
help: Number of seconds memcached server is considered dead before it is tried
again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
max: null
metavar: null
min: null
mutable: false
name: memcache_dead_retry
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 3
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: memcache_socket_timeout
help: Timeout in seconds for every call to a server. (dogpile.cache.memcache
and oslo_cache.memcache_pool backends only).
max: null
metavar: null
min: null
mutable: false
name: memcache_socket_timeout
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 10
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: memcache_pool_maxsize
help: Max total number of open connections to every memcached server. (oslo_cache.memcache_pool
backend only).
max: null
metavar: null
min: null
mutable: false
name: memcache_pool_maxsize
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 60
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: memcache_pool_unused_timeout
help: Number of seconds a connection to memcached is held unused in the pool
before it is closed. (oslo_cache.memcache_pool backend only).
max: null
metavar: null
min: null
mutable: false
name: memcache_pool_unused_timeout
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 10
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: memcache_pool_connection_get_timeout
help: Number of seconds that an operation will wait to get a memcache client
connection.
max: null
metavar: null
min: null
mutable: false
name: memcache_pool_connection_get_timeout
namespace: oslo.cache
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- config_prefix
- expiration_time
- backend
- backend_argument
- proxies
- enabled
- debug_cache_backend
- memcache_servers
- memcache_dead_retry
- memcache_socket_timeout
- memcache_pool_maxsize
- memcache_pool_unused_timeout
- memcache_pool_connection_get_timeout
catalog:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: default_catalog.templates
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: template_file
help: Absolute path to the file used for the templated catalog backend. This
option is only used if the `[catalog] driver` is set to `templated`.
max: null
metavar: null
min: null
mutable: false
name: template_file
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the catalog driver in the `keystone.catalog` namespace.
Keystone provides a `sql` option (which supports basic CRUD operations through
SQL), a `templated` option (which loads the catalog from a templated catalog
file on disk), and a `endpoint_filter.sql` option (which supports arbitrary
service catalogs per project).
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: caching
help: Toggle for catalog caching. This has no effect unless global caching is
enabled. In a typical deployment, there is no reason to disable this.
max: null
metavar: null
min: null
mutable: false
name: caching
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: cache_time
help: Time to cache catalog data (in seconds). This has no effect unless global
and catalog caching are both enabled. Catalog data (services, endpoints, etc.)
typically does not change frequently, and so a longer duration than the global
default may be desirable.
max: null
metavar: null
min: null
mutable: false
name: cache_time
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: list_limit
help: Maximum number of entities that will be returned in a catalog collection.
There is typically no reason to set this, as it would be unusual for a deployment
to have enough services or endpoints to exceed a reasonable limit.
max: null
metavar: null
min: null
mutable: false
name: list_limit
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- template_file
- driver
- caching
- cache_time
- list_limit
cors:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: allowed_origin
help: 'Indicate whether this resource may be shared with the domain received
in the requests "origin" header. Format: "<protocol>://<host>[:<port>]", no
trailing slash. Example: https://horizon.example.com'
max: null
metavar: null
min: null
mutable: false
name: allowed_origin
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: allow_credentials
help: Indicate that the actual request can include user credentials
max: null
metavar: null
min: null
mutable: false
name: allow_credentials
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default:
- X-Auth-Token
- X-Openstack-Request-Id
- X-Subject-Token
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: expose_headers
help: Indicate which headers are safe to expose to the API. Defaults to HTTP
Simple Headers.
max: null
metavar: null
min: null
mutable: false
name: expose_headers
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: 3600
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: max_age
help: Maximum cache age of CORS preflight requests.
max: null
metavar: null
min: null
mutable: false
name: max_age
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default:
- GET
- PUT
- POST
- DELETE
- PATCH
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: allow_methods
help: Indicate which methods can be used during the actual request.
max: null
metavar: null
min: null
mutable: false
name: allow_methods
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default:
- X-Auth-Token
- X-Openstack-Request-Id
- X-Subject-Token
- X-Project-Id
- X-Project-Name
- X-Project-Domain-Id
- X-Project-Domain-Name
- X-Domain-Id
- X-Domain-Name
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: allow_headers
help: Indicate which header field names may be used during the actual request.
max: null
metavar: null
min: null
mutable: false
name: allow_headers
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
standard_opts:
- allowed_origin
- allow_credentials
- expose_headers
- max_age
- allow_methods
- allow_headers
cors.subdomain:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: allowed_origin
help: 'Indicate whether this resource may be shared with the domain received
in the requests "origin" header. Format: "<protocol>://<host>[:<port>]", no
trailing slash. Example: https://horizon.example.com'
max: null
metavar: null
min: null
mutable: false
name: allowed_origin
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: allow_credentials
help: Indicate that the actual request can include user credentials
max: null
metavar: null
min: null
mutable: false
name: allow_credentials
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default:
- X-Auth-Token
- X-Openstack-Request-Id
- X-Subject-Token
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: expose_headers
help: Indicate which headers are safe to expose to the API. Defaults to HTTP
Simple Headers.
max: null
metavar: null
min: null
mutable: false
name: expose_headers
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: 3600
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: max_age
help: Maximum cache age of CORS preflight requests.
max: null
metavar: null
min: null
mutable: false
name: max_age
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default:
- GET
- PUT
- POST
- DELETE
- PATCH
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: allow_methods
help: Indicate which methods can be used during the actual request.
max: null
metavar: null
min: null
mutable: false
name: allow_methods
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default:
- X-Auth-Token
- X-Openstack-Request-Id
- X-Subject-Token
- X-Project-Id
- X-Project-Name
- X-Project-Domain-Id
- X-Project-Domain-Name
- X-Domain-Id
- X-Domain-Name
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: allow_headers
help: Indicate which header field names may be used during the actual request.
max: null
metavar: null
min: null
mutable: false
name: allow_headers
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
standard_opts:
- allowed_origin
- allow_credentials
- expose_headers
- max_age
- allow_methods
- allow_headers
credential:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the credential backend driver in the `keystone.credential`
namespace. Keystone only provides a `sql` driver, so there's no reason to
change this unless you are providing a custom entry point.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: fernet
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: provider
help: Entry point for credential encryption and decryption operations in the
`keystone.credential.provider` namespace. Keystone only provides a `fernet`
driver, so there's no reason to change this unless you are providing a custom
entry point to encrypt and decrypt credentials.
max: null
metavar: null
min: null
mutable: false
name: provider
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: /etc/keystone/credential-keys/
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: key_repository
help: Directory containing Fernet keys used to encrypt and decrypt credentials
stored in the credential backend. Fernet keys used to encrypt credentials
have no relationship to Fernet keys used to encrypt Fernet tokens. Both sets
of keys should be managed separately and require different rotation policies.
Do not share this repository with the repository used to manage keys for Fernet
tokens.
max: null
metavar: null
min: null
mutable: false
name: key_repository
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
standard_opts:
- driver
- provider
- key_repository
database:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: sqlite_synchronous
deprecated_reason: null
deprecated_since: null
dest: sqlite_synchronous
help: If True, SQLite uses synchronous mode.
max: null
metavar: null
min: null
mutable: false
name: sqlite_synchronous
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: sqlalchemy
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: db_backend
deprecated_reason: null
deprecated_since: null
dest: backend
help: The back end to use for the database.
max: null
metavar: null
min: null
mutable: false
name: backend
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: sql_connection
- group: DATABASE
name: sql_connection
- group: sql
name: connection
deprecated_reason: null
deprecated_since: null
dest: connection
help: The SQLAlchemy connection string to use to connect to the database.
max: null
metavar: null
min: null
mutable: false
name: connection
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: true
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: slave_connection
help: The SQLAlchemy connection string to use to connect to the slave database.
max: null
metavar: null
min: null
mutable: false
name: slave_connection
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: true
short: null
type: string value
- advanced: false
choices: []
default: TRADITIONAL
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: mysql_sql_mode
help: 'The SQL mode to be used for MySQL sessions. This option, including the
default, overrides any server-set SQL mode. To use whatever SQL mode is set
by the server configuration, set this to no value. Example: mysql_sql_mode='
max: null
metavar: null
min: null
mutable: false
name: mysql_sql_mode
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 3600
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: sql_idle_timeout
- group: DATABASE
name: sql_idle_timeout
- group: sql
name: idle_timeout
deprecated_reason: null
deprecated_since: null
dest: idle_timeout
help: Timeout before idle SQL connections are reaped.
max: null
metavar: null
min: null
mutable: false
name: idle_timeout
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 1
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: sql_min_pool_size
- group: DATABASE
name: sql_min_pool_size
deprecated_reason: null
deprecated_since: null
dest: min_pool_size
help: Minimum number of SQL connections to keep open in a pool.
max: null
metavar: null
min: null
mutable: false
name: min_pool_size
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 5
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: sql_max_pool_size
- group: DATABASE
name: sql_max_pool_size
deprecated_reason: null
deprecated_since: null
dest: max_pool_size
help: Maximum number of SQL connections to keep open in a pool. Setting a value
of 0 indicates no limit.
max: null
metavar: null
min: null
mutable: false
name: max_pool_size
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 10
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: sql_max_retries
- group: DATABASE
name: sql_max_retries
deprecated_reason: null
deprecated_since: null
dest: max_retries
help: Maximum number of database connection retries during startup. Set to -1
to specify an infinite retry count.
max: null
metavar: null
min: null
mutable: false
name: max_retries
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 10
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: sql_retry_interval
- group: DATABASE
name: reconnect_interval
deprecated_reason: null
deprecated_since: null
dest: retry_interval
help: Interval between retries of opening a SQL connection.
max: null
metavar: null
min: null
mutable: false
name: retry_interval
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 50
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: sql_max_overflow
- group: DATABASE
name: sqlalchemy_max_overflow
deprecated_reason: null
deprecated_since: null
dest: max_overflow
help: If set, use this value for max_overflow with SQLAlchemy.
max: null
metavar: null
min: null
mutable: false
name: max_overflow
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 0
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: sql_connection_debug
deprecated_reason: null
deprecated_since: null
dest: connection_debug
help: 'Verbosity of SQL debugging information: 0=None, 100=Everything.'
max: 100
metavar: null
min: 0
mutable: false
name: connection_debug
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: sql_connection_trace
deprecated_reason: null
deprecated_since: null
dest: connection_trace
help: Add Python stack traces to SQL as comment strings.
max: null
metavar: null
min: null
mutable: false
name: connection_trace
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts:
- group: DATABASE
name: sqlalchemy_pool_timeout
deprecated_reason: null
deprecated_since: null
dest: pool_timeout
help: If set, use this value for pool_timeout with SQLAlchemy.
max: null
metavar: null
min: null
mutable: false
name: pool_timeout
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: use_db_reconnect
help: Enable the experimental use of database reconnect on connection lost.
max: null
metavar: null
min: null
mutable: false
name: use_db_reconnect
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: db_retry_interval
help: Seconds between retries of a database transaction.
max: null
metavar: null
min: null
mutable: false
name: db_retry_interval
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: db_inc_retry_interval
help: If True, increases the interval between retries of a database operation
up to db_max_retry_interval.
max: null
metavar: null
min: null
mutable: false
name: db_inc_retry_interval
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 10
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: db_max_retry_interval
help: If db_inc_retry_interval is set, the maximum seconds between retries of
a database operation.
max: null
metavar: null
min: null
mutable: false
name: db_max_retry_interval
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 20
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: db_max_retries
help: Maximum retries in case of connection error or deadlock error before error
is raised. Set to -1 to specify an infinite retry count.
max: null
metavar: null
min: null
mutable: false
name: db_max_retries
namespace: oslo.db
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- sqlite_synchronous
- backend
- connection
- slave_connection
- mysql_sql_mode
- idle_timeout
- min_pool_size
- max_pool_size
- max_retries
- retry_interval
- max_overflow
- connection_debug
- connection_trace
- pool_timeout
- use_db_reconnect
- db_retry_interval
- db_inc_retry_interval
- db_max_retry_interval
- db_max_retries
domain_config:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the domain-specific configuration driver in the `keystone.resource.domain_config`
namespace. Only a `sql` option is provided by keystone, so there is no reason
to set this unless you are providing a custom entry point.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: caching
help: Toggle for caching of the domain-specific configuration backend. This
has no effect unless global caching is enabled. There is normally no reason
to disable this.
max: null
metavar: null
min: null
mutable: false
name: caching
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 300
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: cache_time
help: Time-to-live (TTL, in seconds) to cache domain-specific configuration
data. This has no effect unless `[domain_config] caching` is enabled.
max: null
metavar: null
min: null
mutable: false
name: cache_time
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- driver
- caching
- cache_time
endpoint_filter:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the endpoint filter driver in the `keystone.endpoint_filter`
namespace. Only a `sql` option is provided by keystone, so there is no reason
to set this unless you are providing a custom entry point.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: return_all_endpoints_if_no_filter
help: This controls keystone's behavior if the configured endpoint filters do
not result in any endpoints for a user + project pair (and therefore a potentially
empty service catalog). If set to true, keystone will return the entire service
catalog. If set to false, keystone will return an empty service catalog.
max: null
metavar: null
min: null
mutable: false
name: return_all_endpoints_if_no_filter
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
standard_opts:
- driver
- return_all_endpoints_if_no_filter
endpoint_policy:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the endpoint policy driver in the `keystone.endpoint_policy`
namespace. Only a `sql` driver is provided by keystone, so there is no reason
to set this unless you are providing a custom entry point.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
standard_opts:
- driver
eventlet_server:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: 0.0.0.0
deprecated_for_removal: true
deprecated_opts:
- group: DEFAULT
name: bind_host
- group: DEFAULT
name: public_bind_host
deprecated_reason: Support for running keystone under eventlet has been removed
in the Newton release. These options remain for backwards compatibility because
they are used for URL substitutions.
deprecated_since: K
dest: public_bind_host
help: The IP address of the network interface for the public service to listen
on.
max: null
metavar: null
min: null
mutable: false
name: public_bind_host
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: unknown value
- advanced: false
choices: []
default: 5000
deprecated_for_removal: true
deprecated_opts:
- group: DEFAULT
name: public_port
deprecated_reason: Support for running keystone under eventlet has been removed
in the Newton release. These options remain for backwards compatibility because
they are used for URL substitutions.
deprecated_since: K
dest: public_port
help: The port number for the public service to listen on.
max: 65535
metavar: null
min: 0
mutable: false
name: public_port
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: port value
- advanced: false
choices: []
default: 0.0.0.0
deprecated_for_removal: true
deprecated_opts:
- group: DEFAULT
name: bind_host
- group: DEFAULT
name: admin_bind_host
deprecated_reason: Support for running keystone under eventlet has been removed
in the Newton release. These options remain for backwards compatibility because
they are used for URL substitutions.
deprecated_since: K
dest: admin_bind_host
help: The IP address of the network interface for the admin service to listen
on.
max: null
metavar: null
min: null
mutable: false
name: admin_bind_host
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: unknown value
- advanced: false
choices: []
default: 35357
deprecated_for_removal: true
deprecated_opts:
- group: DEFAULT
name: admin_port
deprecated_reason: Support for running keystone under eventlet has been removed
in the Newton release. These options remain for backwards compatibility because
they are used for URL substitutions.
deprecated_since: K
dest: admin_port
help: The port number for the admin service to listen on.
max: 65535
metavar: null
min: 0
mutable: false
name: admin_port
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: port value
standard_opts:
- public_bind_host
- public_port
- admin_bind_host
- admin_port
federation:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the federation backend driver in the `keystone.federation`
namespace. Keystone only provides a `sql` driver, so there is no reason to
set this option unless you are providing a custom entry point.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ''
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: assertion_prefix
help: Prefix to use when filtering environment variable names for federated
assertions. Matched variables are passed into the federated mapping engine.
max: null
metavar: null
min: null
mutable: false
name: assertion_prefix
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: remote_id_attribute
help: Value to be used to obtain the entity ID of the Identity Provider from
the environment. For `mod_shib`, this would be `Shib-Identity-Provider`. For
For `mod_auth_openidc`, this could be `HTTP_OIDC_ISS`. For `mod_auth_mellon`,
this could be `MELLON_IDP`.
max: null
metavar: null
min: null
mutable: false
name: remote_id_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: Federated
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: federated_domain_name
help: An arbitrary domain name that is reserved to allow federated ephemeral
users to have a domain concept. Note that an admin will not be able to create
a domain with this name or update an existing domain to this name. You are
not advised to change this value unless you really have to.
max: null
metavar: null
min: null
mutable: false
name: federated_domain_name
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: trusted_dashboard
help: 'A list of trusted dashboard hosts. Before accepting a Single Sign-On
request to return a token, the origin host must be a member of this list.
This configuration option may be repeated for multiple values. You must set
this in order to use web-based SSO flows. For example: trusted_dashboard=https://acme.example.com/auth/websso
trusted_dashboard=https://beta.example.com/auth/websso'
max: null
metavar: null
min: null
mutable: false
name: trusted_dashboard
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: multi valued
- advanced: false
choices: []
default: /etc/keystone/sso_callback_template.html
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: sso_callback_template
help: Absolute path to an HTML file used as a Single Sign-On callback handler.
This page is expected to redirect the user from keystone back to a trusted
dashboard host, by form encoding a token in a POST request. Keystone's default
value should be sufficient for most deployments.
max: null
metavar: null
min: null
mutable: false
name: sso_callback_template
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: caching
help: Toggle for federation caching. This has no effect unless global caching
is enabled. There is typically no reason to disable this.
max: null
metavar: null
min: null
mutable: false
name: caching
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
standard_opts:
- driver
- assertion_prefix
- remote_id_attribute
- federated_domain_name
- trusted_dashboard
- sso_callback_template
- caching
fernet_tokens:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: /etc/keystone/fernet-keys/
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: key_repository
help: 'Directory containing Fernet token keys. This directory must exist before
using `keystone-manage fernet_setup` for the first time, must be writable
by the user running `keystone-manage fernet_setup` or `keystone-manage fernet_rotate`,
and of course must be readable by keystone''s server process. The repository
may contain keys in one of three states: a single staged key (always index
0) used for token validation, a single primary key (always the highest index)
used for token creation and validation, and any number of secondary keys (all
other index values) used for token validation. With multiple keystone nodes,
each node must share the same key repository contents, with the exception
of the staged key (index 0). It is safe to run `keystone-manage fernet_rotate`
once on any one node to promote a staged key (index 0) to be the new primary
(incremented from the previous highest index), and produce a new staged key
(a new key with index 0); the resulting repository can then be atomically
replicated to other nodes without any risk of race conditions (for example,
it is safe to run `keystone-manage fernet_rotate` on host A, wait any amount
of time, create a tarball of the directory on host A, unpack it on host B
to a temporary location, and atomically move (`mv`) the directory into place
on host B). Running `keystone-manage fernet_rotate` *twice* on a key repository
without syncing other nodes will result in tokens that can not be validated
by all nodes.'
max: null
metavar: null
min: null
mutable: false
name: key_repository
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 3
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: max_active_keys
help: This controls how many keys are held in rotation by `keystone-manage fernet_rotate`
before they are discarded. The default value of 3 means that keystone will
maintain one staged key (always index 0), one primary key (the highest numerical
index), and one secondary key (every other index). Increasing this value means
that additional secondary keys will be kept in the rotation.
max: null
metavar: null
min: 1
mutable: false
name: max_active_keys
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- key_repository
- max_active_keys
healthcheck:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: /healthcheck
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: path
help: The path to respond to healtcheck requests on.
max: null
metavar: null
min: null
mutable: false
name: path
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: detailed
help: Show more detailed information as part of the response
max: null
metavar: null
min: null
mutable: false
name: detailed
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: backends
help: Additional backends that can perform health checks and report that information
back as part of a request.
max: null
metavar: null
min: null
mutable: false
name: backends
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: disable_by_file_path
help: Check the presence of a file to determine if an application is running
on a port. Used by DisableByFileHealthcheck plugin.
max: null
metavar: null
min: null
mutable: false
name: disable_by_file_path
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: disable_by_file_paths
help: Check the presence of a file based on a port to determine if an application
is running on a port. Expects a "port:path" list of strings. Used by DisableByFilesPortsHealthcheck
plugin.
max: null
metavar: null
min: null
mutable: false
name: disable_by_file_paths
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
standard_opts:
- path
- detailed
- backends
- disable_by_file_path
- disable_by_file_paths
identity:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: default
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_domain_id
help: This references the domain to use for all Identity API v2 requests (which
are not aware of domains). A domain with this ID can optionally be created
for you by `keystone-manage bootstrap`. The domain referenced by this ID cannot
be deleted on the v3 API, to prevent accidentally breaking the v2 API. There
is nothing special about this domain, other than the fact that it must exist
to order to maintain support for your v2 clients. There is typically no reason
to change this value.
max: null
metavar: null
min: null
mutable: false
name: default_domain_id
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: domain_specific_drivers_enabled
help: A subset (or all) of domains can have their own identity driver, each
with their own partial configuration options, stored in either the resource
backend or in a file in a domain configuration directory (depending on the
setting of `[identity] domain_configurations_from_database`). Only values
specific to the domain need to be specified in this manner. This feature is
disabled by default, but may be enabled by default in a future release; set
to true to enable.
max: null
metavar: null
min: null
mutable: false
name: domain_specific_drivers_enabled
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: domain_configurations_from_database
help: By default, domain-specific configuration data is read from files in the
directory identified by `[identity] domain_config_dir`. Enabling this configuration
option allows you to instead manage domain-specific configurations through
the API, which are then persisted in the backend (typically, a SQL database),
rather than using configuration files on disk.
max: null
metavar: null
min: null
mutable: false
name: domain_configurations_from_database
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: /etc/keystone/domains
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: domain_config_dir
help: Absolute path where keystone should locate domain-specific `[identity]`
configuration files. This option has no effect unless `[identity] domain_specific_drivers_enabled`
is set to true. There is typically no reason to change this value.
max: null
metavar: null
min: null
mutable: false
name: domain_config_dir
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the identity backend driver in the `keystone.identity`
namespace. Keystone provides a `sql` and `ldap` driver. This option is also
used as the default driver selection (along with the other configuration variables
in this section) in the event that `[identity] domain_specific_drivers_enabled`
is enabled, but no applicable domain-specific configuration is defined for
the domain in question. Unless your deployment primarily relies on `ldap`
AND is not using domain-specific configuration, you should typically leave
this set to `sql`.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: caching
help: Toggle for identity caching. This has no effect unless global caching
is enabled. There is typically no reason to disable this.
max: null
metavar: null
min: null
mutable: false
name: caching
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 600
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: cache_time
help: Time to cache identity data (in seconds). This has no effect unless global
and identity caching are enabled.
max: null
metavar: null
min: null
mutable: false
name: cache_time
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 4096
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: max_password_length
help: Maximum allowed length for user passwords. Decrease this value to improve
performance. Changing this value does not effect existing passwords.
max: 4096
metavar: null
min: null
mutable: false
name: max_password_length
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: list_limit
help: Maximum number of entities that will be returned in an identity collection.
max: null
metavar: null
min: null
mutable: false
name: list_limit
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices:
- bcrypt
- scrypt
- pbkdf2_sha512
default: bcrypt
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: password_hash_algorithm
help: The password hashing algorithm to use for passwords stored within keystone.
max: null
metavar: null
min: null
mutable: false
name: password_hash_algorithm
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: password_hash_rounds
help: 'This option represents a trade off between security and performance.
Higher values lead to slower performance, but higher security. Changing this
option will only affect newly created passwords as existing password hashes
already have a fixed number of rounds applied, so it is safe to tune this
option in a running cluster. The default for bcrypt is 12, must be between
4 and 31, inclusive. The default for scrypt is 16, must be within `range(1,32)`. The
default for pbkdf_sha512 is 60000, must be within `range(1,1<<32)` WARNING:
If using scrypt, increasing this value increases BOTH time AND memory requirements
to hash a password.'
max: null
metavar: null
min: null
mutable: false
name: password_hash_rounds
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: scrypt_block_size
help: Optional block size to pass to scrypt hash function (the `r` parameter).
Useful for tuning scrypt to optimal performance for your CPU architecture.
This option is only used when the `password_hash_algorithm` option is set
to `scrypt`. Defaults to 8.
max: null
metavar: null
min: null
mutable: false
name: scrypt_block_size
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: scrypt_parallelism
help: Optional parallelism to pass to scrypt hash function (the `p` parameter).
This option is only used when the `password_hash_algorithm` option is set
to `scrypt`. Defaults to 1.
max: null
metavar: null
min: null
mutable: false
name: scrypt_parallelism
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: salt_bytesize
help: Number of bytes to use in scrypt and pbkfd2_sha512 hashing salt. Default
for scrypt is 16 bytes. Default for pbkfd2_sha512 is 16 bytes. Limited to
a maximum of 96 bytes due to the size of the column used to store password
hashes.
max: 96
metavar: null
min: 0
mutable: false
name: salt_bytesize
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: Only used for rolling-upgrade between Ocata and Pike
deprecated_since: P
dest: rolling_upgrade_password_hash_compat
help: This option tells keystone to continue to hash passwords with the sha512_crypt
algorithm for supporting rolling upgrades. sha512_crypt is typically more
insecure than bcrypt, pbkdf2, and scrypt. This option should be set to `False`
except in the case of performing a rolling upgrade where some Keystone servers
may not know how to verify non-sha512_crypt based password hashes. This option
will be removed in the Queens release and is only to support rolling upgrades
from Ocata release to Pike release.
max: null
metavar: null
min: null
mutable: false
name: rolling_upgrade_password_hash_compat
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
standard_opts:
- default_domain_id
- domain_specific_drivers_enabled
- domain_configurations_from_database
- domain_config_dir
- driver
- caching
- cache_time
- max_password_length
- list_limit
- password_hash_algorithm
- password_hash_rounds
- scrypt_block_size
- scrypt_parallelism
- salt_bytesize
- rolling_upgrade_password_hash_compat
identity_mapping:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the identity mapping backend driver in the `keystone.identity.id_mapping`
namespace. Keystone only provides a `sql` driver, so there is no reason to
change this unless you are providing a custom entry point.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: sha256
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: generator
help: Entry point for the public ID generator for user and group entities in
the `keystone.identity.id_generator` namespace. The Keystone identity mapper
only supports generators that produce 64 bytes or less. Keystone only provides
a `sha256` entry point, so there is no reason to change this value unless
you're providing a custom entry point.
max: null
metavar: null
min: null
mutable: false
name: generator
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: backward_compatible_ids
help: The format of user and group IDs changed in Juno for backends that do
not generate UUIDs (for example, LDAP), with keystone providing a hash mapping
to the underlying attribute in LDAP. By default this mapping is disabled,
which ensures that existing IDs will not change. Even when the mapping is
enabled by using domain-specific drivers (`[identity] domain_specific_drivers_enabled`),
any users and groups from the default domain being handled by LDAP will still
not be mapped to ensure their IDs remain backward compatible. Setting this
value to false will enable the new mapping for all backends, including the
default LDAP driver. It is only guaranteed to be safe to enable this option
if you do not already have assignments for users and groups from the default
LDAP domain, and you consider it to be acceptable for Keystone to provide
the different IDs to clients than it did previously (existing IDs in the API
will suddenly change). Typically this means that the only time you can set
this value to false is when configuring a fresh installation, although that
is the recommended value.
max: null
metavar: null
min: null
mutable: false
name: backward_compatible_ids
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
standard_opts:
- driver
- generator
- backward_compatible_ids
ldap:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: ldap://localhost
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: url
help: URL(s) for connecting to the LDAP server. Multiple LDAP URLs may be specified
as a comma separated string. The first URL to successfully bind is used for
the connection.
max: null
metavar: null
min: null
mutable: false
name: url
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user
help: The user name of the administrator bind DN to use when querying the LDAP
server, if your LDAP server requires it.
max: null
metavar: null
min: null
mutable: false
name: user
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: password
help: The password of the administrator bind DN to use when querying the LDAP
server, if your LDAP server requires it.
max: null
metavar: null
min: null
mutable: false
name: password
namespace: keystone
positional: false
required: false
sample_default: null
secret: true
short: null
type: string value
- advanced: false
choices: []
default: cn=example,cn=com
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: suffix
help: The default LDAP server suffix to use, if a DN is not defined via either
`[ldap] user_tree_dn` or `[ldap] group_tree_dn`.
max: null
metavar: null
min: null
mutable: false
name: suffix
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices:
- one
- sub
default: one
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: query_scope
help: The search scope which defines how deep to search within the search base.
A value of `one` (representing `oneLevel` or `singleLevel`) indicates a search
of objects immediately below to the base object, but does not include the
base object itself. A value of `sub` (representing `subtree` or `wholeSubtree`)
indicates a search of both the base object itself and the entire subtree below
it.
max: null
metavar: null
min: null
mutable: false
name: query_scope
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 0
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: page_size
help: Defines the maximum number of results per page that keystone should request
from the LDAP server when listing objects. A value of zero (`0`) disables
paging.
max: null
metavar: null
min: 0
mutable: false
name: page_size
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices:
- never
- searching
- always
- finding
- default
default: default
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: alias_dereferencing
help: The LDAP dereferencing option to use for queries involving aliases. A
value of `default` falls back to using default dereferencing behavior configured
by your `ldap.conf`. A value of `never` prevents aliases from being dereferenced
at all. A value of `searching` dereferences aliases only after name resolution.
A value of `finding` dereferences aliases only during name resolution. A value
of `always` dereferences aliases in all cases.
max: null
metavar: null
min: null
mutable: false
name: alias_dereferencing
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: debug_level
help: Sets the LDAP debugging level for LDAP calls. A value of 0 means that
debugging is not enabled. This value is a bitmask, consult your LDAP documentation
for possible values.
max: null
metavar: null
min: -1
mutable: false
name: debug_level
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: chase_referrals
help: Sets keystone's referral chasing behavior across directory partitions.
If left unset, the system's default behavior will be used.
max: null
metavar: null
min: null
mutable: false
name: chase_referrals
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_tree_dn
help: The search base to use for users. Defaults to the `[ldap] suffix` value.
max: null
metavar: null
min: null
mutable: false
name: user_tree_dn
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_filter
help: The LDAP search filter to use for users.
max: null
metavar: null
min: null
mutable: false
name: user_filter
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: inetOrgPerson
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_objectclass
help: The LDAP object class to use for users.
max: null
metavar: null
min: null
mutable: false
name: user_objectclass
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: cn
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_id_attribute
help: The LDAP attribute mapped to user IDs in keystone. This must NOT be a
multivalued attribute. User IDs are expected to be globally unique across
keystone domains and URL-safe.
max: null
metavar: null
min: null
mutable: false
name: user_id_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: sn
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_name_attribute
help: The LDAP attribute mapped to user names in keystone. User names are expected
to be unique only within a keystone domain and are not expected to be URL-safe.
max: null
metavar: null
min: null
mutable: false
name: user_name_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: description
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_description_attribute
help: The LDAP attribute mapped to user descriptions in keystone.
max: null
metavar: null
min: null
mutable: false
name: user_description_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: mail
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_mail_attribute
help: The LDAP attribute mapped to user emails in keystone.
max: null
metavar: null
min: null
mutable: false
name: user_mail_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: userPassword
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_pass_attribute
help: The LDAP attribute mapped to user passwords in keystone.
max: null
metavar: null
min: null
mutable: false
name: user_pass_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: enabled
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_enabled_attribute
help: The LDAP attribute mapped to the user enabled attribute in keystone. If
setting this option to `userAccountControl`, then you may be interested in
setting `[ldap] user_enabled_mask` and `[ldap] user_enabled_default` as well.
max: null
metavar: null
min: null
mutable: false
name: user_enabled_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_enabled_invert
help: Logically negate the boolean value of the enabled attribute obtained from
the LDAP server. Some LDAP servers use a boolean lock attribute where "true"
means an account is disabled. Setting `[ldap] user_enabled_invert = true`
will allow these lock attributes to be used. This option will have no effect
if either the `[ldap] user_enabled_mask` or `[ldap] user_enabled_emulation`
options are in use.
max: null
metavar: null
min: null
mutable: false
name: user_enabled_invert
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 0
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_enabled_mask
help: Bitmask integer to select which bit indicates the enabled value if the
LDAP server represents "enabled" as a bit on an integer rather than as a discrete
boolean. A value of `0` indicates that the mask is not used. If this is not
set to `0` the typical value is `2`. This is typically used when `[ldap] user_enabled_attribute
= userAccountControl`. Setting this option causes keystone to ignore the value
of `[ldap] user_enabled_invert`.
max: null
metavar: null
min: 0
mutable: false
name: user_enabled_mask
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 'True'
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_enabled_default
help: The default value to enable users. This should match an appropriate integer
value if the LDAP server uses non-boolean (bitmask) values to indicate if
a user is enabled or disabled. If this is not set to `True`, then the typical
value is `512`. This is typically used when `[ldap] user_enabled_attribute
= userAccountControl`.
max: null
metavar: null
min: null
mutable: false
name: user_enabled_default
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default:
- default_project_id
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_attribute_ignore
help: List of user attributes to ignore on create and update, or whether a specific
user attribute should be filtered for list or show user.
max: null
metavar: null
min: null
mutable: false
name: user_attribute_ignore
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_default_project_id_attribute
help: The LDAP attribute mapped to a user's default_project_id in keystone.
This is most commonly used when keystone has write access to LDAP.
max: null
metavar: null
min: null
mutable: false
name: user_default_project_id_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_enabled_emulation
help: If enabled, keystone uses an alternative method to determine if a user
is enabled or not by checking if they are a member of the group defined by
the `[ldap] user_enabled_emulation_dn` option. Enabling this option causes
keystone to ignore the value of `[ldap] user_enabled_invert`.
max: null
metavar: null
min: null
mutable: false
name: user_enabled_emulation
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_enabled_emulation_dn
help: DN of the group entry to hold enabled users when using enabled emulation.
Setting this option has no effect unless `[ldap] user_enabled_emulation` is
also enabled.
max: null
metavar: null
min: null
mutable: false
name: user_enabled_emulation_dn
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_enabled_emulation_use_group_config
help: Use the `[ldap] group_member_attribute` and `[ldap] group_objectclass`
settings to determine membership in the emulated enabled group. Enabling this
option has no effect unless `[ldap] user_enabled_emulation` is also enabled.
max: null
metavar: null
min: null
mutable: false
name: user_enabled_emulation_use_group_config
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: user_additional_attribute_mapping
help: A list of LDAP attribute to keystone user attribute pairs used for mapping
additional attributes to users in keystone. The expected format is `<ldap_attr>:<user_attr>`,
where `ldap_attr` is the attribute in the LDAP object and `user_attr` is the
attribute which should appear in the identity API.
max: null
metavar: null
min: null
mutable: false
name: user_additional_attribute_mapping
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: group_tree_dn
help: The search base to use for groups. Defaults to the `[ldap] suffix` value.
max: null
metavar: null
min: null
mutable: false
name: group_tree_dn
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: group_filter
help: The LDAP search filter to use for groups.
max: null
metavar: null
min: null
mutable: false
name: group_filter
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: groupOfNames
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: group_objectclass
help: The LDAP object class to use for groups. If setting this option to `posixGroup`,
you may also be interested in enabling the `[ldap] group_members_are_ids`
option.
max: null
metavar: null
min: null
mutable: false
name: group_objectclass
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: cn
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: group_id_attribute
help: The LDAP attribute mapped to group IDs in keystone. This must NOT be a
multivalued attribute. Group IDs are expected to be globally unique across
keystone domains and URL-safe.
max: null
metavar: null
min: null
mutable: false
name: group_id_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ou
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: group_name_attribute
help: The LDAP attribute mapped to group names in keystone. Group names are
expected to be unique only within a keystone domain and are not expected to
be URL-safe.
max: null
metavar: null
min: null
mutable: false
name: group_name_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: member
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: group_member_attribute
help: The LDAP attribute used to indicate that a user is a member of the group.
max: null
metavar: null
min: null
mutable: false
name: group_member_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: group_members_are_ids
help: Enable this option if the members of the group object class are keystone
user IDs rather than LDAP DNs. This is the case when using `posixGroup` as
the group object class in Open Directory.
max: null
metavar: null
min: null
mutable: false
name: group_members_are_ids
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: description
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: group_desc_attribute
help: The LDAP attribute mapped to group descriptions in keystone.
max: null
metavar: null
min: null
mutable: false
name: group_desc_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: group_attribute_ignore
help: List of group attributes to ignore on create and update. or whether a
specific group attribute should be filtered for list or show group.
max: null
metavar: null
min: null
mutable: false
name: group_attribute_ignore
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: group_additional_attribute_mapping
help: A list of LDAP attribute to keystone group attribute pairs used for mapping
additional attributes to groups in keystone. The expected format is `<ldap_attr>:<group_attr>`,
where `ldap_attr` is the attribute in the LDAP object and `group_attr` is
the attribute which should appear in the identity API.
max: null
metavar: null
min: null
mutable: false
name: group_additional_attribute_mapping
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: group_ad_nesting
help: If enabled, group queries will use Active Directory specific filters for
nested groups.
max: null
metavar: null
min: null
mutable: false
name: group_ad_nesting
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: tls_cacertfile
help: An absolute path to a CA certificate file to use when communicating with
LDAP servers. This option will take precedence over `[ldap] tls_cacertdir`,
so there is no reason to set both.
max: null
metavar: null
min: null
mutable: false
name: tls_cacertfile
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: tls_cacertdir
help: An absolute path to a CA certificate directory to use when communicating
with LDAP servers. There is no reason to set this option if you've also set
`[ldap] tls_cacertfile`.
max: null
metavar: null
min: null
mutable: false
name: tls_cacertdir
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: use_tls
help: Enable TLS when communicating with LDAP servers. You should also set the
`[ldap] tls_cacertfile` and `[ldap] tls_cacertdir` options when using this
option. Do not set this option if you are using LDAP over SSL (LDAPS) instead
of TLS.
max: null
metavar: null
min: null
mutable: false
name: use_tls
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices:
- demand
- never
- allow
default: demand
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: tls_req_cert
help: Specifies which checks to perform against client certificates on incoming
TLS sessions. If set to `demand`, then a certificate will always be requested
and required from the LDAP server. If set to `allow`, then a certificate will
always be requested but not required from the LDAP server. If set to `never`,
then a certificate will never be requested.
max: null
metavar: null
min: null
mutable: false
name: tls_req_cert
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: connection_timeout
help: The connection timeout to use with the LDAP server. A value of `-1` means
that connections will never timeout.
max: null
metavar: null
min: -1
mutable: false
name: connection_timeout
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: use_pool
help: Enable LDAP connection pooling for queries to the LDAP server. There is
typically no reason to disable this.
max: null
metavar: null
min: null
mutable: false
name: use_pool
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 10
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_size
help: The size of the LDAP connection pool. This option has no effect unless
`[ldap] use_pool` is also enabled.
max: null
metavar: null
min: 1
mutable: false
name: pool_size
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 3
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_retry_max
help: The maximum number of times to attempt reconnecting to the LDAP server
before aborting. A value of zero prevents retries. This option has no effect
unless `[ldap] use_pool` is also enabled.
max: null
metavar: null
min: 0
mutable: false
name: pool_retry_max
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 0.1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_retry_delay
help: The number of seconds to wait before attempting to reconnect to the LDAP
server. This option has no effect unless `[ldap] use_pool` is also enabled.
max: null
metavar: null
min: null
mutable: false
name: pool_retry_delay
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: floating point value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_connection_timeout
help: The connection timeout to use when pooling LDAP connections. A value of
`-1` means that connections will never timeout. This option has no effect
unless `[ldap] use_pool` is also enabled.
max: null
metavar: null
min: -1
mutable: false
name: pool_connection_timeout
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 600
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_connection_lifetime
help: The maximum connection lifetime to the LDAP server in seconds. When this
lifetime is exceeded, the connection will be unbound and removed from the
connection pool. This option has no effect unless `[ldap] use_pool` is also
enabled.
max: null
metavar: null
min: 1
mutable: false
name: pool_connection_lifetime
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: use_auth_pool
help: Enable LDAP connection pooling for end user authentication. There is typically
no reason to disable this.
max: null
metavar: null
min: null
mutable: false
name: use_auth_pool
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 100
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: auth_pool_size
help: The size of the connection pool to use for end user authentication. This
option has no effect unless `[ldap] use_auth_pool` is also enabled.
max: null
metavar: null
min: 1
mutable: false
name: auth_pool_size
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 60
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: auth_pool_connection_lifetime
help: The maximum end user authentication connection lifetime to the LDAP server
in seconds. When this lifetime is exceeded, the connection will be unbound
and removed from the connection pool. This option has no effect unless `[ldap]
use_auth_pool` is also enabled.
max: null
metavar: null
min: 1
mutable: false
name: auth_pool_connection_lifetime
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- url
- user
- password
- suffix
- query_scope
- page_size
- alias_dereferencing
- debug_level
- chase_referrals
- user_tree_dn
- user_filter
- user_objectclass
- user_id_attribute
- user_name_attribute
- user_description_attribute
- user_mail_attribute
- user_pass_attribute
- user_enabled_attribute
- user_enabled_invert
- user_enabled_mask
- user_enabled_default
- user_attribute_ignore
- user_default_project_id_attribute
- user_enabled_emulation
- user_enabled_emulation_dn
- user_enabled_emulation_use_group_config
- user_additional_attribute_mapping
- group_tree_dn
- group_filter
- group_objectclass
- group_id_attribute
- group_name_attribute
- group_member_attribute
- group_members_are_ids
- group_desc_attribute
- group_attribute_ignore
- group_additional_attribute_mapping
- group_ad_nesting
- tls_cacertfile
- tls_cacertdir
- use_tls
- tls_req_cert
- connection_timeout
- use_pool
- pool_size
- pool_retry_max
- pool_retry_delay
- pool_connection_timeout
- pool_connection_lifetime
- use_auth_pool
- auth_pool_size
- auth_pool_connection_lifetime
matchmaker_redis:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: 127.0.0.1
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: host
help: Host to locate redis.
max: null
metavar: null
min: null
mutable: false
name: host
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 6379
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: port
help: Use this port to connect to redis host.
max: 65535
metavar: null
min: 0
mutable: false
name: port
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: port value
- advanced: false
choices: []
default: ''
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: password
help: Password for Redis server (optional).
max: null
metavar: null
min: null
mutable: false
name: password
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: true
short: null
type: string value
- advanced: false
choices: []
default: []
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: sentinel_hosts
help: List of Redis Sentinel hosts (fault tolerance mode), e.g., [host:port,
host1:port ... ]
max: null
metavar: null
min: null
mutable: false
name: sentinel_hosts
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: oslo-messaging-zeromq
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: sentinel_group_name
help: Redis replica set name.
max: null
metavar: null
min: null
mutable: false
name: sentinel_group_name
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 2000
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: wait_timeout
help: Time in ms to wait between connection attempts.
max: null
metavar: null
min: null
mutable: false
name: wait_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 20000
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: check_timeout
help: Time in ms to wait before the transaction is killed.
max: null
metavar: null
min: null
mutable: false
name: check_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 10000
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: socket_timeout
help: Timeout in ms on blocking socket operations.
max: null
metavar: null
min: null
mutable: false
name: socket_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- host
- port
- password
- sentinel_hosts
- sentinel_group_name
- wait_timeout
- check_timeout
- socket_timeout
memcache:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: 300
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: dead_retry
help: Number of seconds memcached server is considered dead before it is tried
again. This is used by the key value store system.
max: null
metavar: null
min: null
mutable: false
name: dead_retry
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 3
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: socket_timeout
help: Timeout in seconds for every call to a server. This is used by the key
value store system.
max: null
metavar: null
min: null
mutable: false
name: socket_timeout
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 10
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_maxsize
help: Max total number of open connections to every memcached server. This is
used by the key value store system.
max: null
metavar: null
min: null
mutable: false
name: pool_maxsize
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 60
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_unused_timeout
help: Number of seconds a connection to memcached is held unused in the pool
before it is closed. This is used by the key value store system.
max: null
metavar: null
min: null
mutable: false
name: pool_unused_timeout
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 10
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_connection_get_timeout
help: Number of seconds that an operation will wait to get a memcache client
connection. This is used by the key value store system.
max: null
metavar: null
min: null
mutable: false
name: pool_connection_get_timeout
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- dead_retry
- socket_timeout
- pool_maxsize
- pool_unused_timeout
- pool_connection_get_timeout
oauth1:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the OAuth backend driver in the `keystone.oauth1` namespace.
Typically, there is no reason to set this option unless you are providing
a custom entry point.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 28800
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: request_token_duration
help: Number of seconds for the OAuth Request Token to remain valid after being
created. This is the amount of time the user has to authorize the token. Setting
this option to zero means that request tokens will last forever.
max: null
metavar: null
min: 0
mutable: false
name: request_token_duration
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 86400
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: access_token_duration
help: Number of seconds for the OAuth Access Token to remain valid after being
created. This is the amount of time the consumer has to interact with the
service provider (which is typically keystone). Setting this option to zero
means that access tokens will last forever.
max: null
metavar: null
min: 0
mutable: false
name: access_token_duration
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- driver
- request_token_duration
- access_token_duration
oslo_messaging_amqp:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: container_name
deprecated_reason: null
deprecated_since: null
dest: container_name
help: Name for the AMQP container. must be globally unique. Defaults to a generated
UUID
max: null
metavar: null
min: null
mutable: false
name: container_name
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 0
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: idle_timeout
deprecated_reason: null
deprecated_since: null
dest: idle_timeout
help: Timeout for inactive connections (in seconds)
max: null
metavar: null
min: null
mutable: false
name: idle_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: trace
deprecated_reason: null
deprecated_since: null
dest: trace
help: 'Debug: dump AMQP frames to stdout'
max: null
metavar: null
min: null
mutable: false
name: trace
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: ssl
help: Attempt to connect via SSL. If no other ssl-related parameters are given,
it will use the system's CA-bundle to verify the server's certificate.
max: null
metavar: null
min: null
mutable: false
name: ssl
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: ''
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: ssl_ca_file
deprecated_reason: null
deprecated_since: null
dest: ssl_ca_file
help: CA certificate PEM file used to verify the server's certificate
max: null
metavar: null
min: null
mutable: false
name: ssl_ca_file
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ''
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: ssl_cert_file
deprecated_reason: null
deprecated_since: null
dest: ssl_cert_file
help: Self-identifying certificate PEM file for client authentication
max: null
metavar: null
min: null
mutable: false
name: ssl_cert_file
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ''
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: ssl_key_file
deprecated_reason: null
deprecated_since: null
dest: ssl_key_file
help: Private key PEM file used to sign ssl_cert_file certificate (optional)
max: null
metavar: null
min: null
mutable: false
name: ssl_key_file
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: ssl_key_password
deprecated_reason: null
deprecated_since: null
dest: ssl_key_password
help: Password for decrypting ssl_key_file (if encrypted)
max: null
metavar: null
min: null
mutable: false
name: ssl_key_password
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: true
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: true
deprecated_opts:
- group: amqp1
name: allow_insecure_clients
deprecated_reason: Not applicable - not a SSL server
deprecated_since: null
dest: allow_insecure_clients
help: Accept clients using either SSL or plain TCP
max: null
metavar: null
min: null
mutable: false
name: allow_insecure_clients
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: ''
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: sasl_mechanisms
deprecated_reason: null
deprecated_since: null
dest: sasl_mechanisms
help: Space separated list of acceptable SASL mechanisms
max: null
metavar: null
min: null
mutable: false
name: sasl_mechanisms
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ''
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: sasl_config_dir
deprecated_reason: null
deprecated_since: null
dest: sasl_config_dir
help: Path to directory that contains the SASL configuration
max: null
metavar: null
min: null
mutable: false
name: sasl_config_dir
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ''
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: sasl_config_name
deprecated_reason: null
deprecated_since: null
dest: sasl_config_name
help: Name of configuration file (without .conf suffix)
max: null
metavar: null
min: null
mutable: false
name: sasl_config_name
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ''
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: sasl_default_realm
help: SASL realm to use if no realm present in username
max: null
metavar: null
min: null
mutable: false
name: sasl_default_realm
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ''
deprecated_for_removal: true
deprecated_opts:
- group: amqp1
name: username
deprecated_reason: Should use configuration option transport_url to provide
the username.
deprecated_since: null
dest: username
help: User name for message broker authentication
max: null
metavar: null
min: null
mutable: false
name: username
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ''
deprecated_for_removal: true
deprecated_opts:
- group: amqp1
name: password
deprecated_reason: Should use configuration option transport_url to provide
the password.
deprecated_since: null
dest: password
help: Password for message broker authentication
max: null
metavar: null
min: null
mutable: false
name: password
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: true
short: null
type: string value
- advanced: false
choices: []
default: 1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: connection_retry_interval
help: Seconds to pause before attempting to re-connect.
max: null
metavar: null
min: 1
mutable: false
name: connection_retry_interval
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 2
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: connection_retry_backoff
help: Increase the connection_retry_interval by this many seconds after each
unsuccessful failover attempt.
max: null
metavar: null
min: 0
mutable: false
name: connection_retry_backoff
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 30
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: connection_retry_interval_max
help: Maximum limit for connection_retry_interval + connection_retry_backoff
max: null
metavar: null
min: 1
mutable: false
name: connection_retry_interval_max
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 10
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: link_retry_delay
help: Time to pause between re-connecting an AMQP 1.0 link that failed due to
a recoverable error.
max: null
metavar: null
min: 1
mutable: false
name: link_retry_delay
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 0
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_reply_retry
help: The maximum number of attempts to re-send a reply message which failed
due to a recoverable error.
max: null
metavar: null
min: -1
mutable: false
name: default_reply_retry
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 30
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_reply_timeout
help: The deadline for an rpc reply message delivery.
max: null
metavar: null
min: 5
mutable: false
name: default_reply_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 30
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_send_timeout
help: The deadline for an rpc cast or call message delivery. Only used when
caller does not provide a timeout expiry.
max: null
metavar: null
min: 5
mutable: false
name: default_send_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 30
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_notify_timeout
help: The deadline for a sent notification message delivery. Only used when
caller does not provide a timeout expiry.
max: null
metavar: null
min: 5
mutable: false
name: default_notify_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 600
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_sender_link_timeout
help: The duration to schedule a purge of idle sender links. Detach link after
expiry.
max: null
metavar: null
min: 1
mutable: false
name: default_sender_link_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: dynamic
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: addressing_mode
help: 'Indicates the addressing mode used by the driver.
Permitted values:
''legacy'' - use legacy non-routable addressing
''routable'' - use routable addresses
''dynamic'' - use legacy addresses if the message bus does not support routing
otherwise use routable addressing'
max: null
metavar: null
min: null
mutable: false
name: addressing_mode
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: exclusive
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: server_request_prefix
deprecated_reason: null
deprecated_since: null
dest: server_request_prefix
help: address prefix used when sending to a specific server
max: null
metavar: null
min: null
mutable: false
name: server_request_prefix
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: broadcast
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: broadcast_prefix
deprecated_reason: null
deprecated_since: null
dest: broadcast_prefix
help: address prefix used when broadcasting to all servers
max: null
metavar: null
min: null
mutable: false
name: broadcast_prefix
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: unicast
deprecated_for_removal: false
deprecated_opts:
- group: amqp1
name: group_request_prefix
deprecated_reason: null
deprecated_since: null
dest: group_request_prefix
help: address prefix when sending to any server in group
max: null
metavar: null
min: null
mutable: false
name: group_request_prefix
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: openstack.org/om/rpc
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_address_prefix
help: Address prefix for all generated RPC addresses
max: null
metavar: null
min: null
mutable: false
name: rpc_address_prefix
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: openstack.org/om/notify
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: notify_address_prefix
help: Address prefix for all generated Notification addresses
max: null
metavar: null
min: null
mutable: false
name: notify_address_prefix
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: multicast
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: multicast_address
help: Appended to the address prefix when sending a fanout message. Used by
the message bus to identify fanout messages.
max: null
metavar: null
min: null
mutable: false
name: multicast_address
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: unicast
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: unicast_address
help: Appended to the address prefix when sending to a particular RPC/Notification
server. Used by the message bus to identify messages sent to a single destination.
max: null
metavar: null
min: null
mutable: false
name: unicast_address
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: anycast
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: anycast_address
help: Appended to the address prefix when sending to a group of consumers. Used
by the message bus to identify messages that should be delivered in a round-robin
fashion across consumers.
max: null
metavar: null
min: null
mutable: false
name: anycast_address
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_notification_exchange
help: 'Exchange name used in notification addresses.
Exchange name resolution precedence:
Target.exchange if set
else default_notification_exchange if set
else control_exchange if set
else ''notify'''
max: null
metavar: null
min: null
mutable: false
name: default_notification_exchange
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_rpc_exchange
help: 'Exchange name used in RPC addresses.
Exchange name resolution precedence:
Target.exchange if set
else default_rpc_exchange if set
else control_exchange if set
else ''rpc'''
max: null
metavar: null
min: null
mutable: false
name: default_rpc_exchange
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 200
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: reply_link_credit
help: Window size for incoming RPC Reply messages.
max: null
metavar: null
min: 1
mutable: false
name: reply_link_credit
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 100
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_server_credit
help: Window size for incoming RPC Request messages
max: null
metavar: null
min: 1
mutable: false
name: rpc_server_credit
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 100
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: notify_server_credit
help: Window size for incoming Notification messages
max: null
metavar: null
min: 1
mutable: false
name: notify_server_credit
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default:
- rpc-cast
- rpc-reply
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pre_settled
help: 'Send messages of this type pre-settled.
Pre-settled messages will not receive acknowledgement
from the peer. Note well: pre-settled messages may be
silently discarded if the delivery fails.
Permitted values:
''rpc-call'' - send RPC Calls pre-settled
''rpc-reply''- send RPC Replies pre-settled
''rpc-cast'' - Send RPC Casts pre-settled
''notify'' - Send Notifications pre-settled
'
max: null
metavar: null
min: null
mutable: false
name: pre_settled
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: multi valued
standard_opts:
- container_name
- idle_timeout
- trace
- ssl
- ssl_ca_file
- ssl_cert_file
- ssl_key_file
- ssl_key_password
- allow_insecure_clients
- sasl_mechanisms
- sasl_config_dir
- sasl_config_name
- sasl_default_realm
- username
- password
- connection_retry_interval
- connection_retry_backoff
- connection_retry_interval_max
- link_retry_delay
- default_reply_retry
- default_reply_timeout
- default_send_timeout
- default_notify_timeout
- default_sender_link_timeout
- addressing_mode
- server_request_prefix
- broadcast_prefix
- group_request_prefix
- rpc_address_prefix
- notify_address_prefix
- multicast_address
- unicast_address
- anycast_address
- default_notification_exchange
- default_rpc_exchange
- reply_link_credit
- rpc_server_credit
- notify_server_credit
- pre_settled
oslo_messaging_kafka:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: localhost
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: kafka_default_host
help: Default Kafka broker Host
max: null
metavar: null
min: null
mutable: false
name: kafka_default_host
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 9092
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: kafka_default_port
help: Default Kafka broker Port
max: 65535
metavar: null
min: 0
mutable: false
name: kafka_default_port
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: port value
- advanced: false
choices: []
default: 1048576
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: kafka_max_fetch_bytes
help: Max fetch bytes of Kafka consumer
max: null
metavar: null
min: null
mutable: false
name: kafka_max_fetch_bytes
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 1.0
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: kafka_consumer_timeout
help: Default timeout(s) for Kafka consumers
max: null
metavar: null
min: null
mutable: false
name: kafka_consumer_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: floating point value
- advanced: false
choices: []
default: 10
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_size
help: Pool Size for Kafka Consumers
max: null
metavar: null
min: null
mutable: false
name: pool_size
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 2
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: conn_pool_min_size
help: The pool size limit for connections expiration policy
max: null
metavar: null
min: null
mutable: false
name: conn_pool_min_size
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 1200
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: conn_pool_ttl
help: The time-to-live in sec of idle connections in the pool
max: null
metavar: null
min: null
mutable: false
name: conn_pool_ttl
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: oslo_messaging_consumer
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: consumer_group
help: Group id for Kafka consumer. Consumers in one group will coordinate message
consumption
max: null
metavar: null
min: null
mutable: false
name: consumer_group
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 0.0
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: producer_batch_timeout
help: Upper bound on the delay for KafkaProducer batching in seconds
max: null
metavar: null
min: null
mutable: false
name: producer_batch_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: floating point value
- advanced: false
choices: []
default: 16384
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: producer_batch_size
help: Size of batch for the producer async send
max: null
metavar: null
min: null
mutable: false
name: producer_batch_size
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- kafka_default_host
- kafka_default_port
- kafka_max_fetch_bytes
- kafka_consumer_timeout
- pool_size
- conn_pool_min_size
- conn_pool_ttl
- consumer_group
- producer_batch_timeout
- producer_batch_size
oslo_messaging_notifications:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: notification_driver
deprecated_reason: null
deprecated_since: null
dest: driver
help: The Drivers(s) to handle sending notifications. Possible values are messaging,
messagingv2, routing, log, test, noop
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: multi valued
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: notification_transport_url
deprecated_reason: null
deprecated_since: null
dest: transport_url
help: A URL representing the messaging driver to use for notifications. If not
set, we fall back to the same configuration used for RPC.
max: null
metavar: null
min: null
mutable: false
name: transport_url
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: true
short: null
type: string value
- advanced: false
choices: []
default:
- notifications
deprecated_for_removal: false
deprecated_opts:
- group: rpc_notifier2
name: topics
- group: DEFAULT
name: notification_topics
deprecated_reason: null
deprecated_since: null
dest: topics
help: AMQP topic used for OpenStack notifications.
max: null
metavar: null
min: null
mutable: false
name: topics
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: retry
help: The maximum number of attempts to re-send a notification message which
failed to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
max: null
metavar: null
min: null
mutable: false
name: retry
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- driver
- transport_url
- topics
- retry
oslo_messaging_rabbit:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: amqp_durable_queues
- group: DEFAULT
name: rabbit_durable_queues
deprecated_reason: null
deprecated_since: null
dest: amqp_durable_queues
help: Use durable queues in AMQP.
max: null
metavar: null
min: null
mutable: false
name: amqp_durable_queues
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: amqp_auto_delete
deprecated_reason: null
deprecated_since: null
dest: amqp_auto_delete
help: Auto-delete queues in AMQP.
max: null
metavar: null
min: null
mutable: false
name: amqp_auto_delete
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: ssl
help: Enable SSL
max: null
metavar: null
min: null
mutable: false
name: ssl
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: ''
deprecated_for_removal: false
deprecated_opts:
- group: oslo_messaging_rabbit
name: kombu_ssl_version
deprecated_reason: null
deprecated_since: null
dest: ssl_version
help: SSL version to use (valid only if SSL enabled). Valid values are TLSv1
and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.
max: null
metavar: null
min: null
mutable: false
name: ssl_version
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ''
deprecated_for_removal: false
deprecated_opts:
- group: oslo_messaging_rabbit
name: kombu_ssl_keyfile
deprecated_reason: null
deprecated_since: null
dest: ssl_key_file
help: SSL key file (valid only if SSL enabled).
max: null
metavar: null
min: null
mutable: false
name: ssl_key_file
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ''
deprecated_for_removal: false
deprecated_opts:
- group: oslo_messaging_rabbit
name: kombu_ssl_certfile
deprecated_reason: null
deprecated_since: null
dest: ssl_cert_file
help: SSL cert file (valid only if SSL enabled).
max: null
metavar: null
min: null
mutable: false
name: ssl_cert_file
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ''
deprecated_for_removal: false
deprecated_opts:
- group: oslo_messaging_rabbit
name: kombu_ssl_ca_certs
deprecated_reason: null
deprecated_since: null
dest: ssl_ca_file
help: SSL certification authority file (valid only if SSL enabled).
max: null
metavar: null
min: null
mutable: false
name: ssl_ca_file
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 1.0
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: kombu_reconnect_delay
deprecated_reason: null
deprecated_since: null
dest: kombu_reconnect_delay
help: How long to wait before reconnecting in response to an AMQP consumer cancel
notification.
max: null
metavar: null
min: null
mutable: false
name: kombu_reconnect_delay
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: floating point value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: kombu_compression
help: 'EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
will not be used. This option may not be available in future versions.'
max: null
metavar: null
min: null
mutable: false
name: kombu_compression
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 60
deprecated_for_removal: false
deprecated_opts:
- group: oslo_messaging_rabbit
name: kombu_reconnect_timeout
deprecated_reason: null
deprecated_since: null
dest: kombu_missing_consumer_retry_timeout
help: How long to wait a missing client before abandoning to send it its replies.
This value should not be longer than rpc_response_timeout.
max: null
metavar: null
min: null
mutable: false
name: kombu_missing_consumer_retry_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices:
- round-robin
- shuffle
default: round-robin
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: kombu_failover_strategy
help: Determines how the next RabbitMQ node is chosen in case the one we are
currently connected to becomes unavailable. Takes effect only if more than
one RabbitMQ node is provided in config.
max: null
metavar: null
min: null
mutable: false
name: kombu_failover_strategy
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: localhost
deprecated_for_removal: true
deprecated_opts:
- group: DEFAULT
name: rabbit_host
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: rabbit_host
help: The RabbitMQ broker address where a single node is used.
max: null
metavar: null
min: null
mutable: false
name: rabbit_host
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 5672
deprecated_for_removal: true
deprecated_opts:
- group: DEFAULT
name: rabbit_port
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: rabbit_port
help: The RabbitMQ broker port where a single node is used.
max: 65535
metavar: null
min: 0
mutable: false
name: rabbit_port
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: port value
- advanced: false
choices: []
default:
- $rabbit_host:$rabbit_port
deprecated_for_removal: true
deprecated_opts:
- group: DEFAULT
name: rabbit_hosts
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: rabbit_hosts
help: RabbitMQ HA cluster host:port pairs.
max: null
metavar: null
min: null
mutable: false
name: rabbit_hosts
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: guest
deprecated_for_removal: true
deprecated_opts:
- group: DEFAULT
name: rabbit_userid
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: rabbit_userid
help: The RabbitMQ userid.
max: null
metavar: null
min: null
mutable: false
name: rabbit_userid
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: guest
deprecated_for_removal: true
deprecated_opts:
- group: DEFAULT
name: rabbit_password
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: rabbit_password
help: The RabbitMQ password.
max: null
metavar: null
min: null
mutable: false
name: rabbit_password
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: true
short: null
type: string value
- advanced: false
choices:
- PLAIN
- AMQPLAIN
- RABBIT-CR-DEMO
default: AMQPLAIN
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rabbit_login_method
deprecated_reason: null
deprecated_since: null
dest: rabbit_login_method
help: The RabbitMQ login method.
max: null
metavar: null
min: null
mutable: false
name: rabbit_login_method
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: /
deprecated_for_removal: true
deprecated_opts:
- group: DEFAULT
name: rabbit_virtual_host
deprecated_reason: Replaced by [DEFAULT]/transport_url
deprecated_since: null
dest: rabbit_virtual_host
help: The RabbitMQ virtual host.
max: null
metavar: null
min: null
mutable: false
name: rabbit_virtual_host
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rabbit_retry_interval
help: How frequently to retry connecting with RabbitMQ.
max: null
metavar: null
min: null
mutable: false
name: rabbit_retry_interval
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 2
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rabbit_retry_backoff
deprecated_reason: null
deprecated_since: null
dest: rabbit_retry_backoff
help: How long to backoff for between retries when connecting to RabbitMQ.
max: null
metavar: null
min: null
mutable: false
name: rabbit_retry_backoff
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 30
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rabbit_interval_max
help: Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
max: null
metavar: null
min: null
mutable: false
name: rabbit_interval_max
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 0
deprecated_for_removal: true
deprecated_opts:
- group: DEFAULT
name: rabbit_max_retries
deprecated_reason: null
deprecated_since: null
dest: rabbit_max_retries
help: Maximum number of RabbitMQ connection retries. Default is 0 (infinite
retry count).
max: null
metavar: null
min: null
mutable: false
name: rabbit_max_retries
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rabbit_ha_queues
deprecated_reason: null
deprecated_since: null
dest: rabbit_ha_queues
help: 'Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
is no longer controlled by the x-ha-policy argument when declaring a queue.
If you just want to make sure that all queues (except those with auto-generated
names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA ''^(?!amq\.).*''
''{"ha-mode": "all"}'' "'
max: null
metavar: null
min: null
mutable: false
name: rabbit_ha_queues
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 1800
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rabbit_transient_queues_ttl
help: Positive integer representing duration in seconds for queue TTL (x-expires).
Queues which are unused for the duration of the TTL are automatically deleted.
The parameter affects only reply and fanout queues.
max: null
metavar: null
min: 1
mutable: false
name: rabbit_transient_queues_ttl
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 0
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rabbit_qos_prefetch_count
help: Specifies the number of messages to prefetch. Setting to zero allows unlimited
messages.
max: null
metavar: null
min: null
mutable: false
name: rabbit_qos_prefetch_count
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 60
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: heartbeat_timeout_threshold
help: Number of seconds after which the Rabbit broker is considered down if
heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL
max: null
metavar: null
min: null
mutable: false
name: heartbeat_timeout_threshold
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 2
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: heartbeat_rate
help: How often times during the heartbeat_timeout_threshold we check the heartbeat.
max: null
metavar: null
min: null
mutable: false
name: heartbeat_rate
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: fake_rabbit
deprecated_reason: null
deprecated_since: null
dest: fake_rabbit
help: Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
max: null
metavar: null
min: null
mutable: false
name: fake_rabbit
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: channel_max
help: Maximum number of channels to allow
max: null
metavar: null
min: null
mutable: false
name: channel_max
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: frame_max
help: The maximum byte size for an AMQP frame
max: null
metavar: null
min: null
mutable: false
name: frame_max
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 3
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: heartbeat_interval
help: How often to send heartbeats for consumer's connections
max: null
metavar: null
min: null
mutable: false
name: heartbeat_interval
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: ssl_options
help: Arguments passed to ssl.wrap_socket
max: null
metavar: null
min: null
mutable: false
name: ssl_options
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: dict value
- advanced: false
choices: []
default: 0.25
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: socket_timeout
help: Set socket timeout in seconds for connection's socket
max: null
metavar: null
min: null
mutable: false
name: socket_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: floating point value
- advanced: false
choices: []
default: 0.25
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: tcp_user_timeout
help: Set TCP_USER_TIMEOUT in seconds for connection's socket
max: null
metavar: null
min: null
mutable: false
name: tcp_user_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: floating point value
- advanced: false
choices: []
default: 0.25
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: host_connection_reconnect_delay
help: Set delay for reconnection to some host which has connection error
max: null
metavar: null
min: null
mutable: false
name: host_connection_reconnect_delay
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: floating point value
- advanced: false
choices:
- new
- single
- read_write
default: single
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: connection_factory
help: Connection factory implementation
max: null
metavar: null
min: null
mutable: false
name: connection_factory
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 30
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_max_size
help: Maximum number of connections to keep queued.
max: null
metavar: null
min: null
mutable: false
name: pool_max_size
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 0
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_max_overflow
help: Maximum number of connections to create above `pool_max_size`.
max: null
metavar: null
min: null
mutable: false
name: pool_max_overflow
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 30
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_timeout
help: Default number of seconds to wait for a connections to available
max: null
metavar: null
min: null
mutable: false
name: pool_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 600
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_recycle
help: Lifetime of a connection (since creation) in seconds or None for no recycling.
Expired connections are closed on acquire.
max: null
metavar: null
min: null
mutable: false
name: pool_recycle
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 60
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: pool_stale
help: Threshold at which inactive (since release) connections are considered
stale in seconds or None for no staleness. Stale connections are closed on
acquire.
max: null
metavar: null
min: null
mutable: false
name: pool_stale
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices:
- json
- msgpack
default: json
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_serializer_type
help: Default serialization mechanism for serializing/deserializing outgoing/incoming
messages
max: null
metavar: null
min: null
mutable: false
name: default_serializer_type
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: notification_persistence
help: Persist notification messages.
max: null
metavar: null
min: null
mutable: false
name: notification_persistence
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: ${control_exchange}_notification
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_notification_exchange
help: Exchange name for sending notifications
max: null
metavar: null
min: null
mutable: false
name: default_notification_exchange
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 100
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: notification_listener_prefetch_count
help: Max number of not acknowledged message which RabbitMQ can send to notification
listener.
max: null
metavar: null
min: null
mutable: false
name: notification_listener_prefetch_count
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_notification_retry_attempts
help: Reconnecting retry count in case of connectivity problem during sending
notification, -1 means infinite retry.
max: null
metavar: null
min: null
mutable: false
name: default_notification_retry_attempts
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 0.25
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: notification_retry_delay
help: Reconnecting retry delay in case of connectivity problem during sending
notification message
max: null
metavar: null
min: null
mutable: false
name: notification_retry_delay
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: floating point value
- advanced: false
choices: []
default: 60
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_queue_expiration
help: Time to live for rpc queues without consumers in seconds.
max: null
metavar: null
min: null
mutable: false
name: rpc_queue_expiration
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: ${control_exchange}_rpc
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_rpc_exchange
help: Exchange name for sending RPC messages
max: null
metavar: null
min: null
mutable: false
name: default_rpc_exchange
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: ${control_exchange}_rpc_reply
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_reply_exchange
help: Exchange name for receiving RPC replies
max: null
metavar: null
min: null
mutable: false
name: rpc_reply_exchange
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 100
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_listener_prefetch_count
help: Max number of not acknowledged message which RabbitMQ can send to rpc
listener.
max: null
metavar: null
min: null
mutable: false
name: rpc_listener_prefetch_count
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 100
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_reply_listener_prefetch_count
help: Max number of not acknowledged message which RabbitMQ can send to rpc
reply listener.
max: null
metavar: null
min: null
mutable: false
name: rpc_reply_listener_prefetch_count
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_reply_retry_attempts
help: Reconnecting retry count in case of connectivity problem during sending
reply. -1 means infinite retry during rpc_timeout
max: null
metavar: null
min: null
mutable: false
name: rpc_reply_retry_attempts
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 0.25
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_reply_retry_delay
help: Reconnecting retry delay in case of connectivity problem during sending
reply.
max: null
metavar: null
min: null
mutable: false
name: rpc_reply_retry_delay
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: floating point value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: default_rpc_retry_attempts
help: Reconnecting retry count in case of connectivity problem during sending
RPC message, -1 means infinite retry. If actual retry attempts in not 0 the
rpc request could be processed more than one time
max: null
metavar: null
min: null
mutable: false
name: default_rpc_retry_attempts
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 0.25
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_retry_delay
help: Reconnecting retry delay in case of connectivity problem during sending
RPC message
max: null
metavar: null
min: null
mutable: false
name: rpc_retry_delay
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: floating point value
standard_opts:
- amqp_durable_queues
- amqp_auto_delete
- ssl
- ssl_version
- ssl_key_file
- ssl_cert_file
- ssl_ca_file
- kombu_reconnect_delay
- kombu_compression
- kombu_missing_consumer_retry_timeout
- kombu_failover_strategy
- rabbit_host
- rabbit_port
- rabbit_hosts
- rabbit_userid
- rabbit_password
- rabbit_login_method
- rabbit_virtual_host
- rabbit_retry_interval
- rabbit_retry_backoff
- rabbit_interval_max
- rabbit_max_retries
- rabbit_ha_queues
- rabbit_transient_queues_ttl
- rabbit_qos_prefetch_count
- heartbeat_timeout_threshold
- heartbeat_rate
- fake_rabbit
- channel_max
- frame_max
- heartbeat_interval
- ssl_options
- socket_timeout
- tcp_user_timeout
- host_connection_reconnect_delay
- connection_factory
- pool_max_size
- pool_max_overflow
- pool_timeout
- pool_recycle
- pool_stale
- default_serializer_type
- notification_persistence
- default_notification_exchange
- notification_listener_prefetch_count
- default_notification_retry_attempts
- notification_retry_delay
- rpc_queue_expiration
- default_rpc_exchange
- rpc_reply_exchange
- rpc_listener_prefetch_count
- rpc_reply_listener_prefetch_count
- rpc_reply_retry_attempts
- rpc_reply_retry_delay
- default_rpc_retry_attempts
- rpc_retry_delay
oslo_messaging_zmq:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: '*'
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_bind_address
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_bind_address
help: ZeroMQ bind address. Should be a wildcard (*), an ethernet interface,
or IP. The "host" option should point or resolve to this address.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_bind_address
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: *id001
default: redis
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_matchmaker
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_matchmaker
help: MatchMaker driver.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_matchmaker
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 1
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_contexts
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_contexts
help: Number of ZeroMQ contexts, defaults to 1.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_contexts
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_topic_backlog
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_topic_backlog
help: Maximum number of ingress messages to locally buffer per topic. Default
is unlimited.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_topic_backlog
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: /var/run/openstack
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_ipc_dir
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_ipc_dir
help: Directory for holding IPC sockets.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_ipc_dir
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: x1hobo
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_host
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_host
help: Name of this node. Must be a valid hostname, FQDN, or IP address. Must
match "host" option, if running Nova.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_host
namespace: oslo.messaging
positional: false
required: false
sample_default: localhost
secret: false
short: null
type: string value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_cast_timeout
deprecated_reason: null
deprecated_since: null
dest: zmq_linger
help: Number of seconds to wait before all pending messages will be sent after
closing a socket. The default value of -1 specifies an infinite linger period.
The value of 0 specifies no linger period. Pending messages shall be discarded
immediately when the socket is closed. Positive values specify an upper bound
for the linger period.
max: null
metavar: null
min: null
mutable: false
name: zmq_linger
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 1
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_poll_timeout
deprecated_reason: null
deprecated_since: null
dest: rpc_poll_timeout
help: The default number of seconds that poll should wait. Poll raises timeout
exception when timeout expired.
max: null
metavar: null
min: null
mutable: false
name: rpc_poll_timeout
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 300
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: zmq_target_expire
deprecated_reason: null
deprecated_since: null
dest: zmq_target_expire
help: Expiration timeout in seconds of a name service record about existing
target ( < 0 means no timeout).
max: null
metavar: null
min: null
mutable: false
name: zmq_target_expire
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 180
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: zmq_target_update
deprecated_reason: null
deprecated_since: null
dest: zmq_target_update
help: Update period in seconds of a name service record about existing target.
max: null
metavar: null
min: null
mutable: false
name: zmq_target_update
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: use_pub_sub
deprecated_reason: null
deprecated_since: null
dest: use_pub_sub
help: Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
max: null
metavar: null
min: null
mutable: false
name: use_pub_sub
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: use_router_proxy
deprecated_reason: null
deprecated_since: null
dest: use_router_proxy
help: Use ROUTER remote proxy.
max: null
metavar: null
min: null
mutable: false
name: use_router_proxy
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: use_dynamic_connections
help: This option makes direct connections dynamic or static. It makes sense
only with use_router_proxy=False which means to use direct connections for
direct message types (ignored otherwise).
max: null
metavar: null
min: null
mutable: false
name: use_dynamic_connections
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 2
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: zmq_failover_connections
help: How many additional connections to a host will be made for failover reasons.
This option is actual only in dynamic connections mode.
max: null
metavar: null
min: null
mutable: false
name: zmq_failover_connections
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 49153
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_min_port
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_min_port
help: Minimal port number for random ports range.
max: 65535
metavar: null
min: 0
mutable: false
name: rpc_zmq_min_port
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: port value
- advanced: false
choices: []
default: 65536
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_max_port
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_max_port
help: Maximal port number for random ports range.
max: 65536
metavar: null
min: 1
mutable: false
name: rpc_zmq_max_port
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 100
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_bind_port_retries
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_bind_port_retries
help: Number of retries to find free port number before fail with ZMQBindError.
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_bind_port_retries
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: *id002
default: json
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: rpc_zmq_serialization
deprecated_reason: null
deprecated_since: null
dest: rpc_zmq_serialization
help: Default serialization mechanism for serializing/deserializing outgoing/incoming
messages
max: null
metavar: null
min: null
mutable: false
name: rpc_zmq_serialization
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: zmq_immediate
help: This option configures round-robin mode in zmq socket. True means not
keeping a queue when server side disconnects. False means to keep queue and
messages even if server is disconnected, when the server appears we send all
accumulated messages to it.
max: null
metavar: null
min: null
mutable: false
name: zmq_immediate
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: zmq_tcp_keepalive
help: Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or
any other negative value) means to skip any overrides and leave it to OS default;
0 and 1 (or any other positive value) mean to disable and enable the option
respectively.
max: null
metavar: null
min: null
mutable: false
name: zmq_tcp_keepalive
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: zmq_tcp_keepalive_idle
help: The duration between two keepalive transmissions in idle condition. The
unit is platform dependent, for example, seconds in Linux, milliseconds in
Windows etc. The default value of -1 (or any other negative value and 0) means
to skip any overrides and leave it to OS default.
max: null
metavar: null
min: null
mutable: false
name: zmq_tcp_keepalive_idle
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: zmq_tcp_keepalive_cnt
help: The number of retransmissions to be carried out before declaring that
remote end is not available. The default value of -1 (or any other negative
value and 0) means to skip any overrides and leave it to OS default.
max: null
metavar: null
min: null
mutable: false
name: zmq_tcp_keepalive_cnt
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: -1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: zmq_tcp_keepalive_intvl
help: The duration between two successive keepalive retransmissions, if acknowledgement
to the previous keepalive transmission is not received. The unit is platform
dependent, for example, seconds in Linux, milliseconds in Windows etc. The
default value of -1 (or any other negative value and 0) means to skip any
overrides and leave it to OS default.
max: null
metavar: null
min: null
mutable: false
name: zmq_tcp_keepalive_intvl
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 100
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_thread_pool_size
help: Maximum number of (green) threads to work concurrently.
max: null
metavar: null
min: null
mutable: false
name: rpc_thread_pool_size
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 300
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_message_ttl
help: Expiration timeout in seconds of a sent/received message after which it
is not tracked anymore by a client/server.
max: null
metavar: null
min: null
mutable: false
name: rpc_message_ttl
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_use_acks
help: Wait for message acknowledgements from receivers. This mechanism works
only via proxy without PUB/SUB.
max: null
metavar: null
min: null
mutable: false
name: rpc_use_acks
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 15
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_ack_timeout_base
help: Number of seconds to wait for an ack from a cast/call. After each retry
attempt this timeout is multiplied by some specified multiplier.
max: null
metavar: null
min: null
mutable: false
name: rpc_ack_timeout_base
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 2
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_ack_timeout_multiplier
help: Number to multiply base ack timeout by after each retry attempt.
max: null
metavar: null
min: null
mutable: false
name: rpc_ack_timeout_multiplier
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 3
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: rpc_retry_attempts
help: 'Default number of message sending attempts in case of any problems occurred:
positive value N means at most N retries, 0 means no retries, None or -1 (or
any other negative values) mean to retry forever. This option is used only
if acknowledgments are enabled.'
max: null
metavar: null
min: null
mutable: false
name: rpc_retry_attempts
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: subscribe_on
help: List of publisher hosts SubConsumer can subscribe on. This option has
higher priority then the default publishers list taken from the matchmaker.
max: null
metavar: null
min: null
mutable: false
name: subscribe_on
namespace: oslo.messaging
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
standard_opts:
- rpc_zmq_bind_address
- rpc_zmq_matchmaker
- rpc_zmq_contexts
- rpc_zmq_topic_backlog
- rpc_zmq_ipc_dir
- rpc_zmq_host
- zmq_linger
- rpc_poll_timeout
- zmq_target_expire
- zmq_target_update
- use_pub_sub
- use_router_proxy
- use_dynamic_connections
- zmq_failover_connections
- rpc_zmq_min_port
- rpc_zmq_max_port
- rpc_zmq_bind_port_retries
- rpc_zmq_serialization
- zmq_immediate
- zmq_tcp_keepalive
- zmq_tcp_keepalive_idle
- zmq_tcp_keepalive_cnt
- zmq_tcp_keepalive_intvl
- rpc_thread_pool_size
- rpc_message_ttl
- rpc_use_acks
- rpc_ack_timeout_base
- rpc_ack_timeout_multiplier
- rpc_retry_attempts
- subscribe_on
oslo_middleware:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: 114688
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: osapi_max_request_body_size
- group: DEFAULT
name: max_request_body_size
deprecated_reason: null
deprecated_since: null
dest: max_request_body_size
help: The maximum body size for each request, in bytes.
max: null
metavar: null
min: null
mutable: false
name: max_request_body_size
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: X-Forwarded-Proto
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: secure_proxy_ssl_header
help: The HTTP Header that will be used to determine what the original request
protocol scheme was, even if it was hidden by a SSL termination proxy.
max: null
metavar: null
min: null
mutable: false
name: secure_proxy_ssl_header
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: enable_proxy_headers_parsing
help: Whether the application is behind a proxy or not. This determines if the
middleware should parse the headers or not.
max: null
metavar: null
min: null
mutable: false
name: enable_proxy_headers_parsing
namespace: oslo.middleware
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
standard_opts:
- max_request_body_size
- secure_proxy_ssl_header
- enable_proxy_headers_parsing
oslo_policy:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: policy.json
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: policy_file
deprecated_reason: null
deprecated_since: null
dest: policy_file
help: The file that defines policies.
max: null
metavar: null
min: null
mutable: false
name: policy_file
namespace: oslo.policy
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: default
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: policy_default_rule
deprecated_reason: null
deprecated_since: null
dest: policy_default_rule
help: Default rule. Enforced when a requested rule is not found.
max: null
metavar: null
min: null
mutable: false
name: policy_default_rule
namespace: oslo.policy
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default:
- policy.d
deprecated_for_removal: false
deprecated_opts:
- group: DEFAULT
name: policy_dirs
deprecated_reason: null
deprecated_since: null
dest: policy_dirs
help: Directories where policy configuration files are stored. They can be relative
to any directory in the search path defined by the config_dir option, or absolute
paths. The file defined by policy_file must exist for these directories to
be searched. Missing or empty directories are ignored.
max: null
metavar: null
min: null
mutable: false
name: policy_dirs
namespace: oslo.policy
positional: false
required: false
sample_default: null
secret: false
short: null
type: multi valued
standard_opts:
- policy_file
- policy_default_rule
- policy_dirs
paste_deploy:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: keystone-paste.ini
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: config_file
help: Name of (or absolute path to) the Paste Deploy configuration file that
composes middleware and the keystone application itself into actual WSGI entry
points. See http://pythonpaste.org/deploy/ for additional documentation on
the file's format.
max: null
metavar: null
min: null
mutable: false
name: config_file
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
standard_opts:
- config_file
policy:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the policy backend driver in the `keystone.policy` namespace.
Supplied drivers are `rules` (which does not support any CRUD operations for
the v3 policy API) and `sql`. Typically, there is no reason to set this option
unless you are providing a custom entry point.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: list_limit
help: Maximum number of entities that will be returned in a policy collection.
max: null
metavar: null
min: null
mutable: false
name: list_limit
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- driver
- list_limit
profiler:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts:
- group: profiler
name: profiler_enabled
deprecated_reason: null
deprecated_since: null
dest: enabled
help: '
Enables the profiling for all services on this node. Default value is False
(fully disable the profiling feature).
Possible values:
* True: Enables the feature
* False: Disables the feature. The profiling cannot be started via this project
operations. If the profiling is triggered by another project, this project
part
will be empty.
'
max: null
metavar: null
min: null
mutable: false
name: enabled
namespace: osprofiler
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: trace_sqlalchemy
help: '
Enables SQL requests profiling in services. Default value is False (SQL
requests won''t be traced).
Possible values:
* True: Enables SQL requests profiling. Each SQL query will be part of the
trace and can the be analyzed by how much time was spent for that.
* False: Disables SQL requests profiling. The spent time is only shown on
a
higher level of operations. Single SQL queries cannot be analyzed this
way.
'
max: null
metavar: null
min: null
mutable: false
name: trace_sqlalchemy
namespace: osprofiler
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: SECRET_KEY
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: hmac_keys
help: '
Secret key(s) to use for encrypting context data for performance profiling.
This string value should have the following format: <key1>[,<key2>,...<keyn>],
where each key is some random string. A user who triggers the profiling via
the REST API has to set one of these keys in the headers of the REST API call
to include profiling results of this node for this particular project.
Both "enabled" flag and "hmac_keys" config options should be set to enable
profiling. Also, to generate correct profiling information across all services
at least one key needs to be consistent between OpenStack projects. This
ensures it can be used from client side to generate the trace, containing
information from all possible resources.'
max: null
metavar: null
min: null
mutable: false
name: hmac_keys
namespace: osprofiler
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: messaging://
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: connection_string
help: '
Connection string for a notifier backend. Default value is messaging:// which
sets the notifier to oslo_messaging.
Examples of possible values:
* messaging://: use oslo_messaging driver for sending notifications.
* mongodb://127.0.0.1:27017 : use mongodb driver for sending notifications.
* elasticsearch://127.0.0.1:9200 : use elasticsearch driver for sending
notifications.
'
max: null
metavar: null
min: null
mutable: false
name: connection_string
namespace: osprofiler
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: notification
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: es_doc_type
help: '
Document type for notification indexing in elasticsearch.
'
max: null
metavar: null
min: null
mutable: false
name: es_doc_type
namespace: osprofiler
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 2m
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: es_scroll_time
help: '
This parameter is a time value parameter (for example: es_scroll_time=2m),
indicating for how long the nodes that participate in the search will maintain
relevant resources in order to continue and support it.
'
max: null
metavar: null
min: null
mutable: false
name: es_scroll_time
namespace: osprofiler
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 10000
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: es_scroll_size
help: '
Elasticsearch splits large requests in batches. This parameter defines
maximum size of each batch (for example: es_scroll_size=10000).
'
max: null
metavar: null
min: null
mutable: false
name: es_scroll_size
namespace: osprofiler
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 0.1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: socket_timeout
help: '
Redissentinel provides a timeout option on the connections.
This parameter defines that timeout (for example: socket_timeout=0.1).
'
max: null
metavar: null
min: null
mutable: false
name: socket_timeout
namespace: osprofiler
positional: false
required: false
sample_default: null
secret: false
short: null
type: floating point value
- advanced: false
choices: []
default: mymaster
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: sentinel_service_name
help: '
Redissentinel uses a service name to identify a master redis service.
This parameter defines the name (for example:
sentinal_service_name=mymaster).
'
max: null
metavar: null
min: null
mutable: false
name: sentinel_service_name
namespace: osprofiler
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
standard_opts:
- enabled
- trace_sqlalchemy
- hmac_keys
- connection_string
- es_doc_type
- es_scroll_time
- es_scroll_size
- socket_timeout
- sentinel_service_name
resource:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the resource driver in the `keystone.resource` namespace.
Only a `sql` driver is supplied by keystone. Unless you are writing proprietary
drivers for keystone, you do not need to set this option.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts:
- group: assignment
name: caching
deprecated_reason: null
deprecated_since: null
dest: caching
help: Toggle for resource caching. This has no effect unless global caching
is enabled.
max: null
metavar: null
min: null
mutable: false
name: caching
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts:
- group: assignment
name: cache_time
deprecated_reason: null
deprecated_since: null
dest: cache_time
help: Time to cache resource data in seconds. This has no effect unless global
caching is enabled.
max: null
metavar: null
min: null
mutable: false
name: cache_time
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts:
- group: assignment
name: list_limit
deprecated_reason: null
deprecated_since: null
dest: list_limit
help: Maximum number of entities that will be returned in a resource collection.
max: null
metavar: null
min: null
mutable: false
name: list_limit
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: admin_project_domain_name
help: Name of the domain that owns the `admin_project_name`. If left unset,
then there is no admin project. `[resource] admin_project_name` must also
be set to use this option.
max: null
metavar: null
min: null
mutable: false
name: admin_project_domain_name
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: admin_project_name
help: This is a special project which represents cloud-level administrator privileges
across services. Tokens scoped to this project will contain a true `is_admin_project`
attribute to indicate to policy systems that the role assignments on that
specific project should apply equally across every project. If left unset,
then there is no admin project, and thus no explicit means of cross-project
role assignments. `[resource] admin_project_domain_name` must also be set
to use this option.
max: null
metavar: null
min: null
mutable: false
name: admin_project_name
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices:
- 'off'
- new
- strict
default: 'off'
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: project_name_url_safe
help: This controls whether the names of projects are restricted from containing
URL-reserved characters. If set to `new`, attempts to create or update a project
with a URL-unsafe name will fail. If set to `strict`, attempts to scope a
token with a URL-unsafe project name will fail, thereby forcing all project
names to be updated to be URL-safe.
max: null
metavar: null
min: null
mutable: false
name: project_name_url_safe
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices:
- 'off'
- new
- strict
default: 'off'
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: domain_name_url_safe
help: This controls whether the names of domains are restricted from containing
URL-reserved characters. If set to `new`, attempts to create or update a domain
with a URL-unsafe name will fail. If set to `strict`, attempts to scope a
token with a URL-unsafe domain name will fail, thereby forcing all domain
names to be updated to be URL-safe.
max: null
metavar: null
min: null
mutable: false
name: domain_name_url_safe
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
standard_opts:
- driver
- caching
- cache_time
- list_limit
- admin_project_domain_name
- admin_project_name
- project_name_url_safe
- domain_name_url_safe
revoke:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the token revocation backend driver in the `keystone.revoke`
namespace. Keystone only provides a `sql` driver, so there is no reason to
set this option unless you are providing a custom entry point.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 1800
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: expiration_buffer
help: The number of seconds after a token has expired before a corresponding
revocation event may be purged from the backend.
max: null
metavar: null
min: 0
mutable: false
name: expiration_buffer
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: caching
help: Toggle for revocation event caching. This has no effect unless global
caching is enabled.
max: null
metavar: null
min: null
mutable: false
name: caching
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 3600
deprecated_for_removal: false
deprecated_opts:
- group: token
name: revocation_cache_time
deprecated_reason: null
deprecated_since: null
dest: cache_time
help: Time to cache the revocation list and the revocation events (in seconds).
This has no effect unless global and `[revoke] caching` are both enabled.
max: null
metavar: null
min: null
mutable: false
name: cache_time
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- driver
- expiration_buffer
- caching
- cache_time
role:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the role backend driver in the `keystone.role` namespace.
Keystone only provides a `sql` driver, so there's no reason to change this
unless you are providing a custom entry point.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: caching
help: Toggle for role caching. This has no effect unless global caching is enabled.
In a typical deployment, there is no reason to disable this.
max: null
metavar: null
min: null
mutable: false
name: caching
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: cache_time
help: Time to cache role data, in seconds. This has no effect unless both global
caching and `[role] caching` are enabled.
max: null
metavar: null
min: null
mutable: false
name: cache_time
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: list_limit
help: Maximum number of entities that will be returned in a role collection.
This may be useful to tune if you have a large number of discrete roles in
your deployment.
max: null
metavar: null
min: null
mutable: false
name: list_limit
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- driver
- caching
- cache_time
- list_limit
saml:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: 3600
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: assertion_expiration_time
help: Determines the lifetime for any SAML assertions generated by keystone,
using `NotOnOrAfter` attributes.
max: null
metavar: null
min: null
mutable: false
name: assertion_expiration_time
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: xmlsec1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: xmlsec1_binary
help: Name of, or absolute path to, the binary to be used for XML signing. Although
only the XML Security Library (`xmlsec1`) is supported, it may have a non-standard
name or path on your system. If keystone cannot find the binary itself, you
may need to install the appropriate package, use this option to specify an
absolute path, or adjust keystone's PATH environment variable.
max: null
metavar: null
min: null
mutable: false
name: xmlsec1_binary
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: /etc/keystone/ssl/certs/signing_cert.pem
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: certfile
help: Absolute path to the public certificate file to use for SAML signing.
The value cannot contain a comma (`,`).
max: null
metavar: null
min: null
mutable: false
name: certfile
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: /etc/keystone/ssl/private/signing_key.pem
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: keyfile
help: Absolute path to the private key file to use for SAML signing. The value
cannot contain a comma (`,`).
max: null
metavar: null
min: null
mutable: false
name: keyfile
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_entity_id
help: 'This is the unique entity identifier of the identity provider (keystone)
to use when generating SAML assertions. This value is required to generate
identity provider metadata and must be a URI (a URL is recommended). For example:
`https://keystone.example.com/v3/OS-FEDERATION/saml2/idp`.'
max: null
metavar: null
min: null
mutable: false
name: idp_entity_id
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: uri value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_sso_endpoint
help: 'This is the single sign-on (SSO) service location of the identity provider
which accepts HTTP POST requests. A value is required to generate identity
provider metadata. For example: `https://keystone.example.com/v3/OS-FEDERATION/saml2/sso`.'
max: null
metavar: null
min: null
mutable: false
name: idp_sso_endpoint
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: uri value
- advanced: false
choices: []
default: en
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_lang
help: This is the language used by the identity provider's organization.
max: null
metavar: null
min: null
mutable: false
name: idp_lang
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: SAML Identity Provider
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_organization_name
help: This is the name of the identity provider's organization.
max: null
metavar: null
min: null
mutable: false
name: idp_organization_name
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: OpenStack SAML Identity Provider
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_organization_display_name
help: This is the name of the identity provider's organization to be displayed.
max: null
metavar: null
min: null
mutable: false
name: idp_organization_display_name
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: https://example.com/
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_organization_url
help: This is the URL of the identity provider's organization. The URL referenced
here should be useful to humans.
max: null
metavar: null
min: null
mutable: false
name: idp_organization_url
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: uri value
- advanced: false
choices: []
default: Example, Inc.
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_contact_company
help: This is the company name of the identity provider's contact person.
max: null
metavar: null
min: null
mutable: false
name: idp_contact_company
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: SAML Identity Provider Support
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_contact_name
help: This is the given name of the identity provider's contact person.
max: null
metavar: null
min: null
mutable: false
name: idp_contact_name
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: Support
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_contact_surname
help: This is the surname of the identity provider's contact person.
max: null
metavar: null
min: null
mutable: false
name: idp_contact_surname
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: support@example.com
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_contact_email
help: This is the email address of the identity provider's contact person.
max: null
metavar: null
min: null
mutable: false
name: idp_contact_email
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: +1 800 555 0100
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_contact_telephone
help: This is the telephone number of the identity provider's contact person.
max: null
metavar: null
min: null
mutable: false
name: idp_contact_telephone
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices:
- technical
- support
- administrative
- billing
- other
default: other
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_contact_type
help: This is the type of contact that best describes the identity provider's
contact person.
max: null
metavar: null
min: null
mutable: false
name: idp_contact_type
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: /etc/keystone/saml2_idp_metadata.xml
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: idp_metadata_path
help: Absolute path to the identity provider metadata file. This file should
be generated with the `keystone-manage saml_idp_metadata` command. There is
typically no reason to change this value.
max: null
metavar: null
min: null
mutable: false
name: idp_metadata_path
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 'ss:mem:'
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: relay_state_prefix
help: The prefix of the RelayState SAML attribute to use when generating enhanced
client and proxy (ECP) assertions. In a typical deployment, there is no reason
to change this value.
max: null
metavar: null
min: null
mutable: false
name: relay_state_prefix
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
standard_opts:
- assertion_expiration_time
- xmlsec1_binary
- certfile
- keyfile
- idp_entity_id
- idp_sso_endpoint
- idp_lang
- idp_organization_name
- idp_organization_display_name
- idp_organization_url
- idp_contact_company
- idp_contact_name
- idp_contact_surname
- idp_contact_email
- idp_contact_telephone
- idp_contact_type
- idp_metadata_path
- relay_state_prefix
security_compliance:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: disable_user_account_days_inactive
help: The maximum number of days a user can go without authenticating before
being considered "inactive" and automatically disabled (locked). This feature
is disabled by default; set any value to enable it. This feature depends on
the `sql` backend for the `[identity] driver`. When a user exceeds this threshold
and is considered "inactive", the user's `enabled` attribute in the HTTP API
may not match the value of the user's `enabled` column in the user table.
max: null
metavar: null
min: 1
mutable: false
name: disable_user_account_days_inactive
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: lockout_failure_attempts
help: The maximum number of times that a user can fail to authenticate before
the user account is locked for the number of seconds specified by `[security_compliance]
lockout_duration`. This feature is disabled by default. If this feature is
enabled and `[security_compliance] lockout_duration` is not set, then users
may be locked out indefinitely until the user is explicitly enabled via the
API. This feature depends on the `sql` backend for the `[identity] driver`.
max: null
metavar: null
min: 1
mutable: false
name: lockout_failure_attempts
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 1800
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: lockout_duration
help: The number of seconds a user account will be locked when the maximum number
of failed authentication attempts (as specified by `[security_compliance]
lockout_failure_attempts`) is exceeded. Setting this option will have no effect
unless you also set `[security_compliance] lockout_failure_attempts` to a
non-zero value. This feature depends on the `sql` backend for the `[identity]
driver`.
max: null
metavar: null
min: 1
mutable: false
name: lockout_duration
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: password_expires_days
help: The number of days for which a password will be considered valid before
requiring it to be changed. This feature is disabled by default. If enabled,
new password changes will have an expiration date, however existing passwords
would not be impacted. This feature depends on the `sql` backend for the `[identity]
driver`.
max: null
metavar: null
min: 1
mutable: false
name: password_expires_days
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 1
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: unique_last_password_count
help: This controls the number of previous user password iterations to keep
in history, in order to enforce that newly created passwords are unique. Setting
the value to one (the default) disables this feature. Thus, to enable this
feature, values must be greater than 1. This feature depends on the `sql`
backend for the `[identity] driver`.
max: null
metavar: null
min: 1
mutable: false
name: unique_last_password_count
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 0
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: minimum_password_age
help: 'The number of days that a password must be used before the user can change
it. This prevents users from changing their passwords immediately in order
to wipe out their password history and reuse an old password. This feature
does not prevent administrators from manually resetting passwords. It is disabled
by default and allows for immediate password changes. This feature depends
on the `sql` backend for the `[identity] driver`. Note: If `[security_compliance]
password_expires_days` is set, then the value for this option should be less
than the `password_expires_days`.'
max: null
metavar: null
min: 0
mutable: false
name: minimum_password_age
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: password_regex
help: 'The regular expression used to validate password strength requirements.
By default, the regular expression will match any password. The following
is an example of a pattern which requires at least 1 letter, 1 digit, and
have a minimum length of 7 characters: ^(?=.*\d)(?=.*[a-zA-Z]).{7,}$ This
feature depends on the `sql` backend for the `[identity] driver`.'
max: null
metavar: null
min: null
mutable: false
name: password_regex
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: password_regex_description
help: Describe your password regular expression here in language for humans.
If a password fails to match the regular expression, the contents of this
configuration variable will be returned to users to explain why their requested
password was insufficient.
max: null
metavar: null
min: null
mutable: false
name: password_regex_description
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: change_password_upon_first_use
help: Enabling this option requires users to change their password when the
user is created, or upon administrative reset. Before accessing any services,
affected users will have to change their password. To ignore this requirement
for specific users, such as service users, set the `options` attribute `ignore_change_password_upon_first_use`
to `True` for the desired user via the update user API. This feature is disabled
by default. This feature is only applicable with the `sql` backend for the
`[identity] driver`.
max: null
metavar: null
min: null
mutable: false
name: change_password_upon_first_use
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
standard_opts:
- disable_user_account_days_inactive
- lockout_failure_attempts
- lockout_duration
- password_expires_days
- unique_last_password_count
- minimum_password_age
- password_regex
- password_regex_description
- change_password_upon_first_use
shadow_users:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the shadow users backend driver in the `keystone.identity.shadow_users`
namespace. This driver is used for persisting local user references to externally-managed
identities (via federation, LDAP, etc). Keystone only provides a `sql` driver,
so there is no reason to change this option unless you are providing a custom
entry point.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
standard_opts:
- driver
signing:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: /etc/keystone/ssl/certs/signing_cert.pem
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
removed in Pike. These options remain for backwards compatibility.'
deprecated_since: P
dest: certfile
help: Absolute path to the public certificate file to use for signing responses
to revocation lists requests. Set this together with `[signing] keyfile`.
For non-production environments, you may be interested in using `keystone-manage
pki_setup` to generate self-signed certificates.
max: null
metavar: null
min: null
mutable: false
name: certfile
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: /etc/keystone/ssl/private/signing_key.pem
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
removed in Pike. These options remain for backwards compatibility.'
deprecated_since: P
dest: keyfile
help: Absolute path to the private key file to use for signing responses to
revocation lists requests. Set this together with `[signing] certfile`.
max: null
metavar: null
min: null
mutable: false
name: keyfile
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: /etc/keystone/ssl/certs/ca.pem
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
removed in Pike. These options remain for backwards compatibility.'
deprecated_since: P
dest: ca_certs
help: Absolute path to the public certificate authority (CA) file to use when
creating self-signed certificates with `keystone-manage pki_setup`. Set this
together with `[signing] ca_key`. There is no reason to set this option unless
you are requesting revocation lists in a non-production environment. Use a
`[signing] certfile` issued from a trusted certificate authority instead.
max: null
metavar: null
min: null
mutable: false
name: ca_certs
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: /etc/keystone/ssl/private/cakey.pem
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
removed in Pike. These options remain for backwards compatibility.'
deprecated_since: P
dest: ca_key
help: Absolute path to the private certificate authority (CA) key file to use
when creating self-signed certificates with `keystone-manage pki_setup`. Set
this together with `[signing] ca_certs`. There is no reason to set this option
unless you are requesting revocation lists in a non-production environment.
Use a `[signing] certfile` issued from a trusted certificate authority instead.
max: null
metavar: null
min: null
mutable: false
name: ca_key
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 2048
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
removed in Pike. These options remain for backwards compatibility.'
deprecated_since: P
dest: key_size
help: Key size (in bits) to use when generating a self-signed token signing
certificate. There is no reason to set this option unless you are requesting
revocation lists in a non-production environment. Use a `[signing] certfile`
issued from a trusted certificate authority instead.
max: null
metavar: null
min: 1024
mutable: false
name: key_size
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: 3650
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
removed in Pike. These options remain for backwards compatibility.'
deprecated_since: P
dest: valid_days
help: The validity period (in days) to use when generating a self-signed token
signing certificate. There is no reason to set this option unless you are
requesting revocation lists in a non-production environment. Use a `[signing]
certfile` issued from a trusted certificate authority instead.
max: null
metavar: null
min: null
mutable: false
name: valid_days
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: '`keystone-manage pki_setup` was deprecated in Mitaka and
removed in Pike. These options remain for backwards compatibility.'
deprecated_since: P
dest: cert_subject
help: The certificate subject to use when generating a self-signed token signing
certificate. There is no reason to set this option unless you are requesting
revocation lists in a non-production environment. Use a `[signing] certfile`
issued from a trusted certificate authority instead.
max: null
metavar: null
min: null
mutable: false
name: cert_subject
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
standard_opts:
- certfile
- keyfile
- ca_certs
- ca_key
- key_size
- valid_days
- cert_subject
token:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: bind
help: This is a list of external authentication mechanisms which should add
token binding metadata to tokens, such as `kerberos` or `x509`. Binding metadata
is enforced according to the `[token] enforce_token_bind` option.
max: null
metavar: null
min: null
mutable: false
name: bind
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: list value
- advanced: false
choices: []
default: permissive
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: null
deprecated_since: P
dest: enforce_token_bind
help: This controls the token binding enforcement policy on tokens presented
to keystone with token binding metadata (as specified by the `[token] bind`
option). `disabled` completely bypasses token binding validation. `permissive`
and `strict` do not require tokens to have binding metadata (but will validate
it if present), whereas `required` will always demand tokens to having binding
metadata. `permissive` will allow unsupported binding metadata to pass through
without validation (usually to be validated at another time by another component),
whereas `strict` and `required` will demand that the included binding metadata
be supported by keystone.
max: null
metavar: null
min: null
mutable: false
name: enforce_token_bind
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: 3600
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: expiration
help: The amount of time that a token should remain valid (in seconds). Drastically
reducing this value may break "long-running" operations that involve multiple
services to coordinate together, and will force users to authenticate with
keystone more frequently. Drastically increasing this value will increase
load on the `[token] driver`, as more tokens will be simultaneously valid.
Keystone tokens are also bearer tokens, so a shorter duration will also reduce
the potential security impact of a compromised token.
max: 9223372036854775807
metavar: null
min: 0
mutable: false
name: expiration
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: fernet
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: provider
help: Entry point for the token provider in the `keystone.token.provider` namespace.
The token provider controls the token construction, validation, and revocation
operations. Keystone includes `fernet` and `uuid` token providers. `uuid`
tokens must be persisted (using the backend specified in the `[token] driver`
option), but do not require any extra configuration or setup. `fernet` tokens
do not need to be persisted at all, but require that you run `keystone-manage
fernet_setup` (also see the `keystone-manage fernet_rotate` command).
max: null
metavar: null
min: null
mutable: false
name: provider
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: sql
deprecated_for_removal: true
deprecated_opts: []
deprecated_reason: null
deprecated_since: P
dest: driver
help: Entry point for the token persistence backend driver in the `keystone.token.persistence`
namespace. Keystone provides the `sql` driver. The `sql` option (default)
depends on the options in your `[database]` section. If you're using the `fernet`
`[token] provider`, this backend will not be utilized to persist tokens at
all.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: caching
help: Toggle for caching token creation and validation data. This has no effect
unless global caching is enabled.
max: null
metavar: null
min: null
mutable: false
name: caching
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: null
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: cache_time
help: The number of seconds to cache token creation and validation data. This
has no effect unless both global and `[token] caching` are enabled.
max: 9223372036854775807
metavar: null
min: 0
mutable: false
name: cache_time
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: revoke_by_id
help: This toggles support for revoking individual tokens by the token identifier
and thus various token enumeration operations (such as listing all tokens
issued to a specific user). These operations are used to determine the list
of tokens to consider revoked. Do not disable this option if you're using
the `kvs` `[revoke] driver`.
max: null
metavar: null
min: null
mutable: false
name: revoke_by_id
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: allow_rescope_scoped_token
help: This toggles whether scoped tokens may be re-scoped to a new project or
domain, thereby preventing users from exchanging a scoped token (including
those with a default project scope) for any other token. This forces users
to either authenticate for unscoped tokens (and later exchange that unscoped
token for tokens with a more specific scope) or to provide their credentials
in every request for a scoped token to avoid re-scoping altogether.
max: null
metavar: null
min: null
mutable: false
name: allow_rescope_scoped_token
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: infer_roles
help: This controls whether roles should be included with tokens that are not
directly assigned to the token's scope, but are instead linked implicitly
to other role assignments.
max: null
metavar: null
min: null
mutable: false
name: infer_roles
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: cache_on_issue
help: Enable storing issued token data to token validation cache so that first
token validation doesn't actually cause full validation cycle. This option
has no effect unless global caching and token caching are enabled.
max: null
metavar: null
min: null
mutable: false
name: cache_on_issue
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 172800
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: allow_expired_window
help: This controls the number of seconds that a token can be retrieved for
beyond the built-in expiry time. This allows long running operations to succeed.
Defaults to two days.
max: null
metavar: null
min: null
mutable: false
name: allow_expired_window
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
standard_opts:
- bind
- enforce_token_bind
- expiration
- provider
- driver
- caching
- cache_time
- revoke_by_id
- allow_rescope_scoped_token
- infer_roles
- cache_on_issue
- allow_expired_window
tokenless_auth:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: []
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: trusted_issuer
help: The list of distinguished names which identify trusted issuers of client
certificates allowed to use X.509 tokenless authorization. If the option is
absent then no certificates will be allowed. The format for the values of
a distinguished name (DN) must be separated by a comma and contain no spaces.
Furthermore, because an individual DN may contain commas, this configuration
option may be repeated multiple times to represent multiple values. For example,
keystone.conf would include two consecutive lines in order to trust two different
DNs, such as `trusted_issuer = CN=john,OU=keystone,O=openstack` and `trusted_issuer
= CN=mary,OU=eng,O=abc`.
max: null
metavar: null
min: null
mutable: false
name: trusted_issuer
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: multi valued
- advanced: false
choices: []
default: x509
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: protocol
help: The federated protocol ID used to represent X.509 tokenless authorization.
This is used in combination with the value of `[tokenless_auth] issuer_attribute`
to find a corresponding federated mapping. In a typical deployment, there
is no reason to change this value.
max: null
metavar: null
min: null
mutable: false
name: protocol
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
- advanced: false
choices: []
default: SSL_CLIENT_I_DN
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: issuer_attribute
help: The name of the WSGI environment variable used to pass the issuer of the
client certificate to keystone. This attribute is used as an identity provider
ID for the X.509 tokenless authorization along with the protocol to look up
its corresponding mapping. In a typical deployment, there is no reason to
change this value.
max: null
metavar: null
min: null
mutable: false
name: issuer_attribute
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
standard_opts:
- trusted_issuer
- protocol
- issuer_attribute
trust:
driver_option: ''
driver_opts: {}
dynamic_group_owner: ''
help: ''
opts:
- advanced: false
choices: []
default: true
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: enabled
help: Delegation and impersonation features using trusts can be optionally disabled.
max: null
metavar: null
min: null
mutable: false
name: enabled
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: false
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: allow_redelegation
help: Allows authorization to be redelegated from one user to another, effectively
chaining trusts together. When disabled, the `remaining_uses` attribute of
a trust is constrained to be zero.
max: null
metavar: null
min: null
mutable: false
name: allow_redelegation
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: boolean value
- advanced: false
choices: []
default: 3
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: max_redelegation_count
help: Maximum number of times that authorization can be redelegated from one
user to another in a chain of trusts. This number may be reduced further for
a specific trust.
max: null
metavar: null
min: null
mutable: false
name: max_redelegation_count
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: integer value
- advanced: false
choices: []
default: sql
deprecated_for_removal: false
deprecated_opts: []
deprecated_reason: null
deprecated_since: null
dest: driver
help: Entry point for the trust backend driver in the `keystone.trust` namespace.
Keystone only provides a `sql` driver, so there is no reason to change this
unless you are providing a custom entry point.
max: null
metavar: null
min: null
mutable: false
name: driver
namespace: keystone
positional: false
required: false
sample_default: null
secret: false
short: null
type: string value
standard_opts:
- enabled
- allow_redelegation
- max_redelegation_count
- driver
View Git Blame Copy Permalink