[DEFAULT] # # From oslo.log # # If set to true, the logging level will be set to DEBUG instead of # the default INFO level. (boolean value) # Note: This option can be changed without restarting. #debug = false # The name of a logging configuration file. This file is appended to # any existing logging configuration files. For details about logging # configuration files, see the Python logging module documentation. # Note that when logging configuration files are used then all logging # configuration is set in the configuration file and other logging # configuration options are ignored (for example, log-date-format). # (string value) # Note: This option can be changed without restarting. # Deprecated group/name - [DEFAULT]/log_config #log_config_append = # Defines the format string for %%(asctime)s in log records. Default: # %(default)s . This option is ignored if log_config_append is set. # (string value) #log_date_format = %Y-%m-%d %H:%M:%S # (Optional) Name of log file to send logging output to. If no default # is set, logging will go to stderr as defined by use_stderr. This # option is ignored if log_config_append is set. (string value) # Deprecated group/name - [DEFAULT]/logfile #log_file = # (Optional) The base directory used for relative log_file paths. # This option is ignored if log_config_append is set. (string value) # Deprecated group/name - [DEFAULT]/logdir #log_dir = # Uses logging handler designed to watch file system. When log file is # moved or removed this handler will open a new log file with # specified path instantaneously. It makes sense only if log_file # option is specified and Linux platform is used. This option is # ignored if log_config_append is set. (boolean value) #watch_log_file = false # Use syslog for logging. Existing syslog format is DEPRECATED and # will be changed later to honor RFC5424. This option is ignored if # log_config_append is set. (boolean value) #use_syslog = false # Enable journald for logging. If running in a systemd environment you # may wish to enable journal support. Doing so will use the journal # native protocol which includes structured metadata in addition to # log messages.This option is ignored if log_config_append is set. # (boolean value) #use_journal = false # Syslog facility to receive log lines. This option is ignored if # log_config_append is set. (string value) #syslog_log_facility = LOG_USER # Use JSON formatting for logging. This option is ignored if # log_config_append is set. (boolean value) #use_json = false # Log output to standard error. This option is ignored if # log_config_append is set. (boolean value) #use_stderr = false # Log output to Windows Event Log. (boolean value) #use_eventlog = false # The amount of time before the log files are rotated. This option is # ignored unless log_rotation_type is set to "interval". (integer # value) #log_rotate_interval = 1 # Rotation interval type. The time of the last file change (or the # time when the service was started) is used when scheduling the next # rotation. (string value) # Possible values: # Seconds - # Minutes - # Hours - # Days - # Weekday - # Midnight - #log_rotate_interval_type = days # Maximum number of rotated log files. (integer value) #max_logfile_count = 30 # Log file maximum size in MB. This option is ignored if # "log_rotation_type" is not set to "size". (integer value) #max_logfile_size_mb = 200 # Log rotation type. (string value) # Possible values: # interval - Rotate logs at predefined time intervals. # size - Rotate logs once they reach a predefined size. # none - Do not rotate log files. #log_rotation_type = none # Format string to use for log messages with context. Used by # oslo_log.formatters.ContextFormatter (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s # Format string to use for log messages when context is undefined. # Used by oslo_log.formatters.ContextFormatter (string value) #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s # Additional data to append to log message when logging level for the # message is DEBUG. Used by oslo_log.formatters.ContextFormatter # (string value) #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d # Prefix each line of exception output with this format. Used by # oslo_log.formatters.ContextFormatter (string value) #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s # Defines the format string for %(user_identity)s that is used in # logging_context_format_string. Used by # oslo_log.formatters.ContextFormatter (string value) #logging_user_identity_format = %(user)s %(project)s %(domain)s %(system_scope)s %(user_domain)s %(project_domain)s # List of package logging levels in logger=LEVEL pairs. This option is # ignored if log_config_append is set. (list value) #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,oslo_policy=INFO,dogpile.core.dogpile=INFO # Enables or disables publication of error events. (boolean value) #publish_errors = false # The format for an instance that is passed with the log message. # (string value) #instance_format = "[instance: %(uuid)s] " # The format for an instance UUID that is passed with the log message. # (string value) #instance_uuid_format = "[instance: %(uuid)s] " # Interval, number of seconds, of log rate limiting. (integer value) #rate_limit_interval = 0 # Maximum number of logged messages per rate_limit_interval. (integer # value) #rate_limit_burst = 0 # Log level name used by rate limiting: CRITICAL, ERROR, INFO, # WARNING, DEBUG or empty string. Logs with level greater or equal to # rate_limit_except_level are not filtered. An empty string means that # all levels are filtered. (string value) #rate_limit_except_level = CRITICAL # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false # # From oslo.messaging # # Size of RPC connection pool. (integer value) # Minimum value: 1 #rpc_conn_pool_size = 30 # The pool size limit for connections expiration policy (integer # value) #conn_pool_min_size = 2 # The time-to-live in sec of idle connections in the pool (integer # value) #conn_pool_ttl = 1200 # Size of executor thread pool when executor is threading or eventlet. # (integer value) # Deprecated group/name - [DEFAULT]/rpc_thread_pool_size #executor_thread_pool_size = 64 # Seconds to wait for a response from a call. (integer value) #rpc_response_timeout = 60 # The network address and optional user credentials for connecting to # the messaging backend, in URL format. The expected format is: # # driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query # # Example: rabbit://rabbitmq:password@127.0.0.1:5672// # # For full details on the fields in the URL see the documentation of # oslo_messaging.TransportURL at # https://docs.openstack.org/oslo.messaging/latest/reference/transport.html # (string value) #transport_url = rabbit:// # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the transport_url # option. (string value) #control_exchange = openstack # Add an endpoint to answer to ping calls. Endpoint is named # oslo_rpc_server_ping (boolean value) #rpc_ping_enabled = false # # From trove.config # # Directory where the Trove python module is installed. (string value) #pybasedir = /builddir/build/BUILD/trove-19.0.2.dev1/trove # Public URL to use for versions endpoint. The default is None, which # will use the request's host_url attribute to populate the URL base. # If Trove is operating behind a proxy, you will want to change this # to represent the proxy's URL. (string value) #public_endpoint = # IP address the API server will listen on. (IP address value) #bind_host = 0.0.0.0 # Port the API server will listen on. (port value) # Minimum value: 0 # Maximum value: 65535 #bind_port = 8779 # File name for the paste.deploy config for trove-api. (string value) #api_paste_config = api-paste.ini # Whether to provision a Cinder volume for datadir. (boolean value) #trove_volume_support = true # Roles to add to an admin user. (list value) #admin_roles = admin # Set the service and instance task statuses to ERROR when an instance # fails to become active within the configured usage_timeout. (boolean # value) #update_status_on_fail = true # URL without the tenant segment. (uri value) #nova_compute_url = # Service type to use when searching catalog. (string value) #nova_compute_service_type = compute # Service endpoint type to use when searching catalog. (string value) #nova_compute_endpoint_type = publicURL # The version of the compute service client. (string value) #nova_client_version = 2.12 # The version of the image service client. (string value) #glance_client_version = 2 # Allow to perform insecure SSL requests to nova. (boolean value) #nova_api_insecure = false # Name of a Nova keypair to inject into a database instance to enable # SSH access. The keypair should be prior created by the cloud # operator. (string value) #nova_keypair = # URL without the tenant segment. (uri value) #neutron_url = # Service type to use when searching catalog. (string value) #neutron_service_type = network # Service endpoint type to use when searching catalog. (string value) #neutron_endpoint_type = publicURL # Allow to perform insecure SSL requests to neutron. (boolean value) #neutron_api_insecure = false # URL without the tenant segment. (uri value) #cinder_url = # Service type to use when searching catalog. (string value) #cinder_service_type = volumev3 # Service endpoint type to use when searching catalog. (string value) #cinder_endpoint_type = publicURL # Allow to perform insecure SSL requests to cinder. (boolean value) #cinder_api_insecure = false # URL ending in ``AUTH_``. (uri value) #swift_url = # Service type to use when searching catalog. (string value) #swift_service_type = object-store # Service endpoint type to use when searching catalog. (string value) #swift_endpoint_type = publicURL # Allow to perform insecure SSL requests to swift. (boolean value) #swift_api_insecure = false # URL ending in ``AUTH_``. (uri value) #glance_url = # Service type to use when searching catalog. (string value) #glance_service_type = image # Service endpoint type to use when searching catalog. (string value) #glance_endpoint_type = publicURL # Driver for taskmanager (string value) #taskmanager_manager = trove.taskmanager.manager.Manager # URL without the tenant segment. (string value) #trove_url = # Service type to use when searching catalog. (string value) #trove_service_type = database # Service endpoint type to use when searching catalog. (string value) #trove_endpoint_type = publicURL # Host to listen for RPC messages. (IP address value) #host = 0.0.0.0 # The interval (in seconds) which periodic tasks are run. (integer # value) #report_interval = 30 # Whether Trove should add DNS entries on create (using Designate # DNSaaS). (boolean value) #trove_dns_support = false # API Implementation for Trove database access. (string value) #db_api_implementation = trove.db.sqlalchemy.api # Driver for DNSaaS. (string value) #dns_driver = trove.dns.driver.DnsDriver # Factory for adding DNS entries. (string value) #dns_instance_entry_factory = trove.dns.driver.DnsInstanceEntryFactory # Hostname used for adding DNS entries. (hostname value) #dns_hostname = localhost # Tenant ID for DNSaaS. (string value) #dns_account_id = # Endpoint URL for DNSaaS. (uri value) #dns_endpoint_url = http://0.0.0.0 # Service Type for DNSaaS. (string value) #dns_service_type = # Region name for DNSaaS. (string value) #dns_region = # Authentication URL for DNSaaS. (uri value) #dns_auth_url = http://0.0.0.0 # Keystone user domain ID used for auth (string value) #dns_user_domain_id = default # Keystone project domain ID used for auth (string value) #dns_project_domain_id = default # Domain name used for adding DNS entries. (string value) #dns_domain_name = # Username for DNSaaS. (string value) #dns_username = # Passkey for DNSaaS. (string value) #dns_passkey = # Management URL for DNSaaS. (uri value) #dns_management_base_url = http://0.0.0.0 # Time (in seconds) before a refresh of DNS information occurs. # (integer value) #dns_ttl = 300 # Domain ID used for adding DNS entries. (string value) #dns_domain_id = # Page size for listing users. (integer value) #users_page_size = 20 # Page size for listing databases. (integer value) #databases_page_size = 20 # Page size for listing instances. (integer value) #instances_page_size = 20 # Page size for listing clusters. (integer value) #clusters_page_size = 20 # Page size for listing backups. (integer value) #backups_page_size = 20 # Page size for listing configurations. (integer value) #configurations_page_size = 20 # Page size for listing modules. (integer value) #modules_page_size = 20 # Maximum time (in seconds) to wait for Guest Agent 'quick' requests # (such as retrieving a list of users or databases). (integer value) #agent_call_low_timeout = 15 # Maximum time (in seconds) to wait for Guest Agent 'slow' requests # (such as restarting the database). (integer value) #agent_call_high_timeout = 180 # Maximum time (in seconds) to wait for taking a Guest Agent # replication snapshot. (integer value) #agent_replication_snapshot_timeout = 1800 # Maximum time (in seconds) to wait for out of process commands to # complete. (integer value) #command_process_timeout = 30 # ID of the Guest Instance. (string value) #guest_id = # The address used to download Trove code by guest agent in developer # mode. This address is inserted into the file # /etc/trove/controller.conf inside the guest. (string value) #controller_address = # Maximum time (in seconds) to wait for database state change. # (integer value) #state_change_wait_time = 180 # Interval between state change poll requests (seconds). (integer # value) #state_change_poll_time = 3 # Maximum time (in seconds) for the Guest Agent to reply to a # heartbeat request. (integer value) #agent_heartbeat_time = 10 # Time (in seconds) after which a guest is considered unreachable # (integer value) #agent_heartbeat_expiry = 90 # Number of times to check if a volume exists. (integer value) #num_tries = 3 # File system type used to format a volume. (string value) # Possible values: # ext3 - # ext4 - # xfs - #volume_fstype = ext3 # Volume type to use when provisioning a Cinder volume. (string value) #cinder_volume_type = # Options to use when formatting a volume. (string value) #format_options = -m 5 # Maximum time (in seconds) to wait for a volume format. (integer # value) #volume_format_timeout = 120 # Options to use when mounting a volume. (string value) #mount_options = defaults,noatime # Default maximum number of instances per tenant. (integer value) # Deprecated group/name - [DEFAULT]/max_instances_per_user #max_instances_per_tenant = 10 # Default maximum total amount of RAM in MB per tenant. (integer # value) #max_ram_per_tenant = -1 # Default maximum volume size (in GB) for an instance. (integer value) #max_accepted_volume_size = 10 # Default maximum volume capacity (in GB) spanning across all Trove # volumes per tenant. (integer value) # Deprecated group/name - [DEFAULT]/max_volumes_per_user #max_volumes_per_tenant = 40 # Default maximum number of backups created by a tenant. (integer # value) # Deprecated group/name - [DEFAULT]/max_backups_per_user #max_backups_per_tenant = 50 # Default driver to use for quota checks. (string value) #quota_driver = trove.quota.quota.DbQuotaDriver # Message queue name the Taskmanager will listen to. (string value) #taskmanager_queue = taskmanager # Message queue name the Conductor will listen on. (string value) #conductor_queue = trove-conductor # Number of workers for the Conductor service. The default will be the # number of CPUs available. (integer value) #trove_conductor_workers = # Use config drive for file injection when booting instance. (boolean # value) #use_nova_server_config_drive = false # Device path for volume if volume support is enabled. (string value) #device_path = /dev/vdb # The default datastore id or name to use if one is not provided by # the user. If the default value is None, the field becomes required # in the instance create request. (string value) #default_datastore = # Manager class in the Guest Agent, set up by the Taskmanager on # instance provision. (string value) #datastore_manager = # The guest datastore version that is set by the Taskmanager during # instance provision. (string value) #datastore_version = # Block device to map onto the created instance. (string value) #block_device_mapping = vdb # Maximum time (in seconds) to wait for a server delete. (integer # value) #server_delete_time_out = 60 # Maximum time (in seconds) to wait for a volume attach. (integer # value) #volume_time_out = 60 # Maximum time (in seconds) to wait for a server reboot. (integer # value) #reboot_time_out = 120 # Maximum time (in seconds) to wait for a DNS entry add. (integer # value) #dns_time_out = 120 # Maximum time (in seconds) to wait for a server resize. (integer # value) #resize_time_out = 900 # Maximum time (in seconds) to wait for a server resize revert. # (integer value) #revert_time_out = 600 # Maximum time (in seconds) to wait for a cluster delete. (integer # value) #cluster_delete_time_out = 180 # Permissions to grant to the 'root' user. (list value) #root_grant = ALL # Assign the 'root' user GRANT permissions. (boolean value) #root_grant_option = true # Maximum number of HTTP 'GET' requests (per minute). (integer value) #http_get_rate = 200 # Maximum number of HTTP 'POST' requests (per minute). (integer value) #http_post_rate = 200 # Maximum number of HTTP 'DELETE' requests (per minute). (integer # value) #http_delete_rate = 200 # Maximum number of HTTP 'PUT' requests (per minute). (integer value) #http_put_rate = 200 # Maximum number of management HTTP 'POST' requests (per minute). # (integer value) #http_mgmt_post_rate = 200 # Require user hostnames to be valid IP addresses. (boolean value) # Deprecated group/name - [DEFAULT]/hostname_require_ipv4 #hostname_require_valid_ip = true # Whether Trove should add Security Groups on create. (boolean value) #trove_security_groups_support = true # Prefix to use when creating Security Groups. (string value) #trove_security_group_name_prefix = trove_sg # CIDR to use when creating Security Group Rules. (string value) #trove_security_group_rule_cidr = 0.0.0.0/0 # Number of workers for the API service. The default will be the # number of CPUs available. (integer value) #trove_api_workers = # Time to sleep during the check for an active Guest. (integer value) #usage_sleep_time = 5 # The region this service is located. (string value) #region = LOCAL_DEV # DEPRECATED: Runner to use for backups. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #backup_runner = trove.guestagent.backup.backup_types.InnoBackupEx # DEPRECATED: Additional options to be passed to the backup runner. # (dict value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #backup_runner_options = # Enable verification of Swift checksum before starting restore. Makes # sure the checksum of original backup matches the checksum of the # Swift backup file. (boolean value) #verify_swift_checksum_on_restore = true # Require the replica volume size to be greater than or equal to the # size of the master volume during replica creation. (boolean value) #verify_replica_volume_size = true # Default strategy to store backups. (string value) #storage_strategy = swift # DEPRECATED: Namespace to load the default storage strategy from. # (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #storage_namespace = trove.common.strategies.storage.swift # Swift container to put backups in. (string value) #backup_swift_container = database_backups # DEPRECATED: Compress backups using gzip. (boolean value) # This option is deprecated for removal since V. # Its value may be silently ignored in the future. # Reason: Backup data compression is enabled by default. This option # is ignored. #backup_use_gzip_compression = true # DEPRECATED: Encrypt backups using OpenSSL. (boolean value) # This option is deprecated for removal since V. # Its value may be silently ignored in the future. # Reason: Trove should not encrypt backup data on behalf of the user. # This option is ignored. #backup_use_openssl_encryption = true # DEPRECATED: Default OpenSSL aes_cbc key for decrypting backup data # created prior to Victoria. (string value) # This option is deprecated for removal since V. # Its value may be silently ignored in the future. # Reason: This option is only for backward compatibility. Backups # created after Victoria are not encrypted any more. #backup_aes_cbc_key = # DEPRECATED: Send backup files over snet. (boolean value) # This option is deprecated for removal since V. # Its value may be silently ignored in the future. # Reason: This option is not supported any more. #backup_use_snet = false # Chunk size (in bytes) to stream to the Swift container. This should # be in multiples of 128 bytes, since this is the size of an md5 # digest block allowing the process to update the file checksum during # streaming. See: http://stackoverflow.com/questions/1131220/ (integer # value) #backup_chunk_size = 65536 # Maximum size (in bytes) of each segment of the backup file. (integer # value) #backup_segment_max_size = 2147483648 # Client to send DNS calls to. (string value) #remote_dns_client = trove.common.clients.dns_client # Client to send Guest Agent calls to. (string value) #remote_guest_client = trove.common.clients.guest_client # Client to send Nova calls to. (string value) #remote_nova_client = trove.common.clients_admin.nova_client_trove_admin # Client to send Neutron calls to. (string value) #remote_neutron_client = trove.common.clients_admin.neutron_client_trove_admin # Client to send Cinder calls to. (string value) #remote_cinder_client = trove.common.clients_admin.cinder_client_trove_admin # Client to send Swift calls to. (string value) #remote_swift_client = trove.common.clients.swift_client # Client to send Trove calls to. (string value) #remote_trove_client = trove.common.trove_remote.trove_client # Client to send Glance calls to. (string value) #remote_glance_client = trove.common.clients_admin.glance_client_trove_admin # Transformer for exists notifications. (string value) #exists_notification_transformer = # Seconds to wait between pushing events. (integer value) #exists_notification_interval = 3600 # Seconds to wait between pushing events. (integer value) #quota_notification_interval = # Unique ID to tag notification events. (dict value) #notification_service_id = cassandra:459a230d-4e97-4344-9067-2a54a310b0ed,couchbase:fa62fe68-74d9-4779-a24e-36f19602c415,couchdb:f0a9ab7b-66f7-4352-93d7-071521d44c7c,db2:e040cd37-263d-4869-aaa6-c62aa97523b5,mariadb:7a4f82cc-10d2-4bc6-aadc-d9aacc2a3cb5,mongodb:c8c907af-7375-456f-b929-b637ff9209ee,mysql:2f3ff068-2bfb-4f70-9a9d-a6bb65bc084b,percona:fd1723f5-68d2-409c-994f-a4a197892a17,postgresql:ac277e0d-4f21-40aa-b347-1ea31e571720,pxc:75a628c3-f81b-4ffb-b10a-4087c26bc854,redis:b216ffc5-1947-456c-a4cf-70f94c05f7d0,vertica:a8d805ae-a3b2-c4fd-gb23-b62cee5201ae # DEPRECATED: Regular expression to match Trove network labels. # (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #network_label_regex = ^private$ # List IP addresses that match this regular expression. (string value) #ip_regex = # Exclude IP addresses that match this regular expression. (string # value) #black_list_regex = # Path to folder with cloudinit scripts. (string value) #cloudinit_location = /etc/trove/cloudinit # Path to folder on the Guest where config files will be injected # during instance creation. (string value) #injected_config_location = /etc/trove/conf.d # Owner of the Guest Agent directory and files to be injected during # instance creation. (string value) #injected_config_owner = ubuntu # Group of the Guest Agent directory and files to be injected during # instance creation. (string value) #injected_config_group = root # Path to the Guest Agent config file to be injected during instance # creation. (string value) #guest_config = /etc/trove/trove-guestagent.conf # The guest info filename found in the injected config location. If a # full path is specified then it will be used as the path to the guest # info file (string value) #guest_info = guest_info.conf # Extension for default datastore managers. Allows the use of custom # managers for each of the datastores supported by Trove. (dict value) #datastore_registry_ext = # Docker bridge network IP. (string value) #docker_bridge_network_ip = # Docker insecure registries for image development. (list value) #docker_insecure_registries = # Path which leads to datastore templates. (string value) #template_path = /etc/trove/templates/ # Allow insecure logging while executing queries through SQLAlchemy. # (boolean value) #sql_query_logging = false # Filetype endings not to be reattached to an ID by the utils method # correct_id_with_req. (list value) #expected_filetype_suffixes = json # List of IDs for management networks which should be attached to the # instance regardless of what NICs are specified in the create API # call. Currently only one management network is allowed. (list value) # Deprecated group/name - [DEFAULT]/default_neutron_networks #management_networks = # List of the security group IDs that are applied on the management # port of the database instance. (list value) #management_security_groups = # Maximum line size of message headers to be accepted. max_header_line # may need to be increased when using large tokens (typically those # generated by the Keystone v3 API with big service catalogs). # (integer value) #max_header_line = 16384 # Qualified class name to use for conductor manager. (string value) #conductor_manager = trove.conductor.manager.Manager # Describes the actual network manager used for the management of # network attributes (security groups, floating IPs, etc.). (string # value) #network_driver = trove.network.nova.NovaNetwork # Maximum time (in seconds) to wait for a Guest to become active. # (integer value) #usage_timeout = 1800 # Maximum time (in seconds) to wait for a Guest instance restored from # a backup to become active. (integer value) #restore_usage_timeout = 3600 # Maximum time (in seconds) to wait for a cluster to become active. # (integer value) #cluster_usage_timeout = 36000 # OpenSSL aes_cbc key for module encryption. (string value) #module_aes_cbc_key = module_aes_cbc_key # A list of module types supported. A module type corresponds to the # name of a ModuleDriver. (list value) #module_types = ping,new_relic_license # The maximum number of instances to reapply a module to at the same # time. (integer value) #module_reapply_max_batch_size = 50 # The minimum delay (in seconds) between subsequent module batch # reapply executions. (integer value) #module_reapply_min_batch_delay = 2 # Name of container that stores guest log components. (string value) #guest_log_container_name = database_logs # Maximum size of a chunk saved in guest log container. (integer # value) #guest_log_limit = 1000000 # Expiry (in seconds) of objects in guest log container. (integer # value) #guest_log_expiry = 2592000 # Should RPC messaging traffic be secured by encryption. (boolean # value) #enable_secure_rpc_messaging = true # Key (OpenSSL aes_cbc) for taskmanager RPC encryption. (string value) #taskmanager_rpc_encr_key = bzH6y0SGmjuoY0FNSTptrhgieGXNDX6PIhvz # Key (OpenSSL aes_cbc) to encrypt instance keys in DB. (string value) #inst_rpc_key_encr_key = emYjgHFqfXNB1NGehAFIUeoyw4V4XwWHEaKP # Key (OpenSSL aes_cbc) for instance RPC encryption. (string value) #instance_rpc_encr_key = # The UID(GID) of database service user. (string value) #database_service_uid = 1001 # Network CIDRs reserved for Trove guest instance management. (list # value) #reserved_network_cidrs = # If online volume resize is supported. (boolean value) #online_volume_resize = true # If true create the volume in the same availability-zone as the # instance (boolean value) #enable_volume_az = false [database] # # From trove.config # # SQL Connection. (string value) # Deprecated group/name - [DEFAULT]/sql_connection #connection = sqlite:///trove_test.sqlite # (integer value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout #idle_timeout = 3600 # Warning: Failed to format sample for query_log # 'NoneType' object has no attribute 'startswith' # If True, SQLite uses synchronous mode. (boolean value) #sqlite_synchronous = true # The SQLAlchemy connection string to use to connect to the slave # database. (string value) #slave_connection = # The SQL mode to be used for MySQL sessions. This option, including # the default, overrides any server-set SQL mode. To use whatever SQL # mode is set by the server configuration, set this to no value. # Example: mysql_sql_mode= (string value) #mysql_sql_mode = TRADITIONAL # Maximum number of SQL connections to keep open in a pool. (integer # value) #max_pool_size = # Maximum number of database connection retries during startup. Set to # -1 to specify an infinite retry count. (integer value) #max_retries = 10 # Interval between retries of opening a SQL connection. (integer # value) #retry_interval = 10 # If set, use this value for max_overflow with SQLAlchemy. (integer # value) #max_overflow = # Verbosity of SQL debugging information: 0=None, 100=Everything. # (integer value) #connection_debug = 0 # Add Python stack traces to SQL as comment strings. (boolean value) #connection_trace = false # If set, use this value for pool_timeout with SQLAlchemy. (integer # value) #pool_timeout = [guest_agent] # Config options used by guest agent. # # From trove.config # # URL to the registry. E.g. https://index.docker.io/v1/ (string value) #container_registry = # The registry username. (string value) #container_registry_username = # The plaintext registry password. (string value) #container_registry_password = [keystone_authtoken] # # From trove.config # # Complete "public" Identity API endpoint. This endpoint should not be # an "admin" endpoint, as it should be accessible by all end users. # Unauthenticated clients are redirected to this endpoint to # authenticate. Although this endpoint should ideally be unversioned, # client support in the wild varies. If you're using a versioned v2 # endpoint here, then this should *not* be the same endpoint the # service user utilizes for validating tokens, because normal end # users may not be able to reach that endpoint. (string value) # Deprecated group/name - [keystone_authtoken]/auth_uri #www_authenticate_uri = # DEPRECATED: Complete "public" Identity API endpoint. This endpoint # should not be an "admin" endpoint, as it should be accessible by all # end users. Unauthenticated clients are redirected to this endpoint # to authenticate. Although this endpoint should ideally be # unversioned, client support in the wild varies. If you're using a # versioned v2 endpoint here, then this should *not* be the same # endpoint the service user utilizes for validating tokens, because # normal end users may not be able to reach that endpoint. This option # is deprecated in favor of www_authenticate_uri and will be removed # in the S release. (string value) # This option is deprecated for removal since Queens. # Its value may be silently ignored in the future. # Reason: The auth_uri option is deprecated in favor of # www_authenticate_uri and will be removed in the S release. #auth_uri = # API version of the Identity API endpoint. (string value) #auth_version = # Interface to use for the Identity API endpoint. Valid values are # "public", "internal" (default) or "admin". (string value) #interface = internal # Do not handle authorization requests within the middleware, but # delegate the authorization decision to downstream WSGI components. # (boolean value) #delay_auth_decision = false # Request timeout value for communicating with Identity API server. # (integer value) #http_connect_timeout = # How many times are we trying to reconnect when communicating with # Identity API Server. (integer value) #http_request_max_retries = 3 # Request environment key where the Swift cache object is stored. When # auth_token middleware is deployed with a Swift cache, use this # option to have the middleware share a caching backend with swift. # Otherwise, use the ``memcached_servers`` option instead. (string # value) #cache = # Required if identity server requires client certificate (string # value) #certfile = # Required if identity server requires client certificate (string # value) #keyfile = # A PEM encoded Certificate Authority to use when verifying HTTPs # connections. Defaults to system CAs. (string value) #cafile = # Verify HTTPS connections. (boolean value) #insecure = false # The region in which the identity server can be found. (string value) #region_name = # Optionally specify a list of memcached server(s) to use for caching. # If left undefined, tokens will instead be cached in-process. (list # value) # Deprecated group/name - [keystone_authtoken]/memcache_servers #memcached_servers = # In order to prevent excessive effort spent validating tokens, the # middleware caches previously-seen tokens for a configurable duration # (in seconds). Set to -1 to disable caching completely. (integer # value) #token_cache_time = 300 # (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token data is # encrypted and authenticated in the cache. If the value is not one of # these options or empty, auth_token will raise an exception on # initialization. (string value) # Possible values: # None - # MAC - # ENCRYPT - #memcache_security_strategy = None # (Optional, mandatory if memcache_security_strategy is defined) This # string is used for key derivation. (string value) #memcache_secret_key = # (Optional) Number of seconds memcached server is considered dead # before it is tried again. (integer value) #memcache_pool_dead_retry = 300 # (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize = 10 # (Optional) Socket timeout in seconds for communicating with a # memcached server. (integer value) #memcache_pool_socket_timeout = 3 # (Optional) Number of seconds a connection to memcached is held # unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout = 60 # (Optional) Number of seconds that an operation will wait to get a # memcached client connection from the pool. (integer value) #memcache_pool_conn_get_timeout = 10 # (Optional) Use the advanced (eventlet safe) memcached client pool. # (boolean value) #memcache_use_advanced_pool = true # (Optional) Indicate whether to set the X-Service-Catalog header. If # False, middleware will not ask for service catalog on token # validation and will not set the X-Service-Catalog header. (boolean # value) #include_service_catalog = true # Used to control the use and type of token binding. Can be set to: # "disabled" to not check token binding. "permissive" (default) to # validate binding information if the bind type is of a form known to # the server and ignore it if not. "strict" like "permissive" but if # the bind type is unknown the token will be rejected. "required" any # form of token binding is needed to be allowed. Finally the name of a # binding method that must be present in tokens. (string value) #enforce_token_bind = permissive # A choice of roles that must be present in a service token. Service # tokens are allowed to request that an expired token can be used and # so this check should tightly control that only actual services # should be sending this token. Roles here are applied as an ANY check # so any role in this list must be present. For backwards # compatibility reasons this currently only affects the allow_expired # check. (list value) #service_token_roles = service # For backwards compatibility reasons we must let valid service tokens # pass that don't pass the service_token_roles check as valid. Setting # this true will become the default in a future release and should be # enabled if possible. (boolean value) #service_token_roles_required = false # The name or type of the service as it appears in the service # catalog. This is used to validate tokens that have restricted access # rules. (string value) #service_type = # Prefix to prepend at the beginning of the path. Deprecated, use # identity_uri. (string value) #auth_admin_prefix = # Host providing the admin Identity API endpoint. Deprecated, use # identity_uri. (string value) #auth_host = 127.0.0.1 # Port of the admin Identity API endpoint. Deprecated, use # identity_uri. (integer value) #auth_port = 35357 # Protocol of the admin Identity API endpoint. Deprecated, use # identity_uri. (string value) # Possible values: # http - # https - #auth_protocol = https # Complete admin Identity API endpoint. This should specify the # unversioned root endpoint e.g. https://localhost:35357/ (string # value) #identity_uri = # This option is deprecated and may be removed in a future release. # Single shared secret with the Keystone configuration used for # bootstrapping a Keystone installation, or otherwise bypassing the # normal authentication process. This option should not be used, use # `admin_user` and `admin_password` instead. (string value) #admin_token = # Service username. (string value) #admin_user = # Service user password. (string value) #admin_password = # Service tenant name. (string value) #admin_tenant_name = admin # Authentication type to load (string value) # Deprecated group/name - [keystone_authtoken]/auth_plugin #auth_type = # Config Section from which to load plugin specific options (string # value) #auth_section = # Authentication URL (string value) #auth_url = # Scope for system operations (string value) #system_scope = # Domain ID to scope to (string value) #domain_id = # Domain name to scope to (string value) #domain_name = # Project ID to scope to (string value) # Deprecated group/name - [keystone_authtoken]/tenant_id #project_id = # Project name to scope to (string value) # Deprecated group/name - [keystone_authtoken]/tenant_name #project_name = # Domain ID containing project (string value) #project_domain_id = # Domain name containing project (string value) #project_domain_name = # ID of the trust to use as a trustee use (string value) #trust_id = # Optional domain ID to use with v3 and v2 parameters. It will be used # for both the user and project domain in v3 and ignored in v2 # authentication. (string value) #default_domain_id = # Optional domain name to use with v3 API and v2 parameters. It will # be used for both the user and project domain in v3 and ignored in v2 # authentication. (string value) #default_domain_name = # User id (string value) #user_id = # Username (string value) # Deprecated group/name - [keystone_authtoken]/user_name #username = # User's domain id (string value) #user_domain_id = # User's domain name (string value) #user_domain_name = # User's password (string value) #password = [mariadb] # Oslo option group designed for MariaDB datastore # # From trove.config # # DEPRECATED: Whether to permit ICMP. (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #icmp = false # List of TCP ports and/or port ranges to open in the security group # (only applicable if trove_security_groups_support is True). (list # value) #tcp_ports = 3306,4444,4567,4568 # List of UDP ports and/or port ranges to open in the security group # (only applicable if trove_security_groups_support is True). (list # value) #udp_ports = # Default strategy to perform backups. (string value) # Deprecated group/name - [DEFAULT]/backup_strategy #backup_strategy = mariabackup # Default strategy for replication. (string value) #replication_strategy = MariaDBGTIDReplication # Namespace to load replication strategies from. (string value) #replication_namespace = trove.guestagent.strategies.replication.mariadb_gtid # Filesystem path for mounting volumes if volume support is enabled. # (string value) #mount_point = /var/lib/mysql # Enable the automatic creation of the root user for the service # during instance-create. The generated password for the root user is # immediately returned in the response of instance-create as the # 'password' field. (boolean value) #root_on_create = false # Maximum time (in seconds) to wait for a Guest to become active. # (integer value) #usage_timeout = 400 # Whether to provision a Cinder volume for datadir. (boolean value) #volume_support = true # Device path for volume if volume support is enabled. (string value) #device_path = /dev/vdb # Root controller implementation for mysql. (string value) #root_controller = trove.extensions.common.service.DefaultRootController # Users to exclude when listing users. (list value) # Deprecated group/name - [DEFAULT]/ignore_users #ignore_users = os_admin,root # Databases to exclude when listing databases. (list value) # Deprecated group/name - [DEFAULT]/ignore_dbs #ignore_dbs = mysql,information_schema,performance_schema # List of Guest Logs to expose for publishing. (string value) #guest_log_exposed_logs = general,slow_query # DEPRECATED: The time in milliseconds that a statement must take in # in order to be logged in the slow_query log. (integer value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Will be replaced by a configuration group option: # long_query_time #guest_log_long_query_time = 1000 # Enable clusters to be created and managed. (boolean value) #cluster_support = true # Minimum number of members in MariaDB cluster. (integer value) #min_cluster_member_count = 3 # Class that implements datastore-specific API logic. (string value) #api_strategy = trove.common.strategies.cluster.experimental.galera_common.api.GaleraCommonAPIStrategy # Class that implements datastore-specific task manager logic. (string # value) #taskmanager_strategy = trove.common.strategies.cluster.experimental.galera_common.taskmanager.GaleraCommonTaskManagerStrategy # Class that implements datastore-specific Guest Agent API logic. # (string value) #guestagent_strategy = trove.common.strategies.cluster.experimental.galera_common.guestagent.GaleraCommonGuestAgentStrategy # Character length of generated passwords. (integer value) # Deprecated group/name - [DEFAULT]/default_password_length #default_password_length = ${mysql.default_password_length} # Database docker image. (string value) #docker_image = mariadb # The docker image used for backup and restore. (string value) #backup_docker_image = openstacktrove/db-backup-mariadb:1.1.0 [mysql] # Oslo option group designed for MySQL datastore # # From trove.config # # DEPRECATED: Whether to permit ICMP. (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #icmp = false # List of TCP ports and/or port ranges to open in the security group # (only applicable if trove_security_groups_support is True). (list # value) #tcp_ports = 3306 # List of UDP ports and/or port ranges to open in the security group # (only applicable if trove_security_groups_support is True). (list # value) #udp_ports = # Default strategy to perform backups. (string value) # Deprecated group/name - [DEFAULT]/backup_strategy #backup_strategy = innobackupex # Default strategy for replication. (string value) #replication_strategy = MysqlGTIDReplication # Namespace to load replication strategies from. (string value) #replication_namespace = trove.guestagent.strategies.replication.mysql_gtid # Filesystem path for mounting volumes if volume support is enabled. # (string value) #mount_point = /var/lib/mysql # Enable the automatic creation of the root user for the service # during instance-create. The generated password for the root user is # immediately returned in the response of instance-create as the # 'password' field. (boolean value) #root_on_create = false # Maximum time (in seconds) to wait for a Guest to become active. # (integer value) #usage_timeout = 400 # Whether to provision a Cinder volume for datadir. (boolean value) #volume_support = true # Device path for volume if volume support is enabled. (string value) #device_path = /dev/vdb # Root controller implementation for mysql. (string value) #root_controller = trove.extensions.common.service.DefaultRootController # Users to exclude when listing users. (list value) # Deprecated group/name - [DEFAULT]/ignore_users #ignore_users = os_admin,root # Databases to exclude when listing databases. (list value) # Deprecated group/name - [DEFAULT]/ignore_dbs #ignore_dbs = mysql,information_schema,performance_schema,sys # List of Guest Logs to expose for publishing. (string value) #guest_log_exposed_logs = general,slow_query # DEPRECATED: The time in milliseconds that a statement must take in # in order to be logged in the slow_query log. (integer value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Will be replaced by a configuration group option: # long_query_time #guest_log_long_query_time = 1000 # Character length of generated passwords. (integer value) # Deprecated group/name - [DEFAULT]/default_password_length #default_password_length = 36 # Database docker image. (string value) #docker_image = mysql # The docker image used for backup and restore. For mysql, the minor # version is added to the image name as a suffix before creating # container, e.g. openstacktrove/db-backup-mysql5.7:1.0.0 (string # value) #backup_docker_image = openstacktrove/db-backup-mysql:1.1.0 [network] # Options related to the trove instance networking. # # From trove.config # # ID of the Neutron public network to create floating IP for the # public trove instance. If not given, Trove will try to query all the # public networks and use the first one in the list. (string value) #public_network_id = # Check if the user provided network is associated with router. This # is needed for the instance initialization. The check is also # necessary when creating public facing instance. A scenario to set # this option False is when using Neutron provider network. (boolean # value) #enable_access_check = true [oslo_messaging_amqp] # # From oslo.messaging # # Name for the AMQP container. must be globally unique. Defaults to a # generated UUID (string value) #container_name = # Timeout for inactive connections (in seconds) (integer value) #idle_timeout = 0 # Debug: dump AMQP frames to stdout (boolean value) #trace = false # Attempt to connect via SSL. If no other ssl-related parameters are # given, it will use the system's CA-bundle to verify the server's # certificate. (boolean value) #ssl = false # CA certificate PEM file used to verify the server's certificate # (string value) #ssl_ca_file = # Self-identifying certificate PEM file for client authentication # (string value) #ssl_cert_file = # Private key PEM file used to sign ssl_cert_file certificate # (optional) (string value) #ssl_key_file = # Password for decrypting ssl_key_file (if encrypted) (string value) #ssl_key_password = # By default SSL checks that the name in the server's certificate # matches the hostname in the transport_url. In some configurations it # may be preferable to use the virtual hostname instead, for example # if the server uses the Server Name Indication TLS extension # (rfc6066) to provide a certificate per virtual host. Set # ssl_verify_vhost to True if the server's SSL certificate uses the # virtual host name instead of the DNS name. (boolean value) #ssl_verify_vhost = false # Space separated list of acceptable SASL mechanisms (string value) #sasl_mechanisms = # Path to directory that contains the SASL configuration (string # value) #sasl_config_dir = # Name of configuration file (without .conf suffix) (string value) #sasl_config_name = # SASL realm to use if no realm present in username (string value) #sasl_default_realm = # Seconds to pause before attempting to re-connect. (integer value) # Minimum value: 1 #connection_retry_interval = 1 # Increase the connection_retry_interval by this many seconds after # each unsuccessful failover attempt. (integer value) # Minimum value: 0 #connection_retry_backoff = 2 # Maximum limit for connection_retry_interval + # connection_retry_backoff (integer value) # Minimum value: 1 #connection_retry_interval_max = 30 # Time to pause between re-connecting an AMQP 1.0 link that failed due # to a recoverable error. (integer value) # Minimum value: 1 #link_retry_delay = 10 # The maximum number of attempts to re-send a reply message which # failed due to a recoverable error. (integer value) # Minimum value: -1 #default_reply_retry = 0 # The deadline for an rpc reply message delivery. (integer value) # Minimum value: 5 #default_reply_timeout = 30 # The deadline for an rpc cast or call message delivery. Only used # when caller does not provide a timeout expiry. (integer value) # Minimum value: 5 #default_send_timeout = 30 # The deadline for a sent notification message delivery. Only used # when caller does not provide a timeout expiry. (integer value) # Minimum value: 5 #default_notify_timeout = 30 # The duration to schedule a purge of idle sender links. Detach link # after expiry. (integer value) # Minimum value: 1 #default_sender_link_timeout = 600 # Indicates the addressing mode used by the driver. # Permitted values: # 'legacy' - use legacy non-routable addressing # 'routable' - use routable addresses # 'dynamic' - use legacy addresses if the message bus does not # support routing otherwise use routable addressing (string value) #addressing_mode = dynamic # Enable virtual host support for those message buses that do not # natively support virtual hosting (such as qpidd). When set to true # the virtual host name will be added to all message bus addresses, # effectively creating a private 'subnet' per virtual host. Set to # False if the message bus supports virtual hosting using the # 'hostname' field in the AMQP 1.0 Open performative as the name of # the virtual host. (boolean value) #pseudo_vhost = true # address prefix used when sending to a specific server (string value) #server_request_prefix = exclusive # address prefix used when broadcasting to all servers (string value) #broadcast_prefix = broadcast # address prefix when sending to any server in group (string value) #group_request_prefix = unicast # Address prefix for all generated RPC addresses (string value) #rpc_address_prefix = openstack.org/om/rpc # Address prefix for all generated Notification addresses (string # value) #notify_address_prefix = openstack.org/om/notify # Appended to the address prefix when sending a fanout message. Used # by the message bus to identify fanout messages. (string value) #multicast_address = multicast # Appended to the address prefix when sending to a particular # RPC/Notification server. Used by the message bus to identify # messages sent to a single destination. (string value) #unicast_address = unicast # Appended to the address prefix when sending to a group of consumers. # Used by the message bus to identify messages that should be # delivered in a round-robin fashion across consumers. (string value) #anycast_address = anycast # Exchange name used in notification addresses. # Exchange name resolution precedence: # Target.exchange if set # else default_notification_exchange if set # else control_exchange if set # else 'notify' (string value) #default_notification_exchange = # Exchange name used in RPC addresses. # Exchange name resolution precedence: # Target.exchange if set # else default_rpc_exchange if set # else control_exchange if set # else 'rpc' (string value) #default_rpc_exchange = # Window size for incoming RPC Reply messages. (integer value) # Minimum value: 1 #reply_link_credit = 200 # Window size for incoming RPC Request messages (integer value) # Minimum value: 1 #rpc_server_credit = 100 # Window size for incoming Notification messages (integer value) # Minimum value: 1 #notify_server_credit = 100 # Send messages of this type pre-settled. # Pre-settled messages will not receive acknowledgement # from the peer. Note well: pre-settled messages may be # silently discarded if the delivery fails. # Permitted values: # 'rpc-call' - send RPC Calls pre-settled # 'rpc-reply'- send RPC Replies pre-settled # 'rpc-cast' - Send RPC Casts pre-settled # 'notify' - Send Notifications pre-settled # (multi valued) #pre_settled = rpc-cast #pre_settled = rpc-reply [oslo_messaging_kafka] # # From oslo.messaging # # Max fetch bytes of Kafka consumer (integer value) #kafka_max_fetch_bytes = 1048576 # Default timeout(s) for Kafka consumers (floating point value) #kafka_consumer_timeout = 1.0 # DEPRECATED: Pool Size for Kafka Consumers (integer value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Driver no longer uses connection pool. #pool_size = 10 # DEPRECATED: The pool size limit for connections expiration policy # (integer value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Driver no longer uses connection pool. #conn_pool_min_size = 2 # DEPRECATED: The time-to-live in sec of idle connections in the pool # (integer value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Driver no longer uses connection pool. #conn_pool_ttl = 1200 # Group id for Kafka consumer. Consumers in one group will coordinate # message consumption (string value) #consumer_group = oslo_messaging_consumer # Upper bound on the delay for KafkaProducer batching in seconds # (floating point value) #producer_batch_timeout = 0.0 # Size of batch for the producer async send (integer value) #producer_batch_size = 16384 # The compression codec for all data generated by the producer. If not # set, compression will not be used. Note that the allowed values of # this depend on the kafka version (string value) # Possible values: # none - # gzip - # snappy - # lz4 - # zstd - #compression_codec = none # Enable asynchronous consumer commits (boolean value) #enable_auto_commit = false # The maximum number of records returned in a poll call (integer # value) #max_poll_records = 500 # Protocol used to communicate with brokers (string value) # Possible values: # PLAINTEXT - # SASL_PLAINTEXT - # SSL - # SASL_SSL - #security_protocol = PLAINTEXT # Mechanism when security protocol is SASL (string value) #sasl_mechanism = PLAIN # CA certificate PEM file used to verify the server certificate # (string value) #ssl_cafile = # Client certificate PEM file used for authentication. (string value) #ssl_client_cert_file = # Client key PEM file used for authentication. (string value) #ssl_client_key_file = # Client key password file used for authentication. (string value) #ssl_client_key_password = [oslo_messaging_notifications] # # From oslo.messaging # # The Drivers(s) to handle sending notifications. Possible values are # messaging, messagingv2, routing, log, test, noop (multi valued) # Deprecated group/name - [DEFAULT]/notification_driver #driver = # A URL representing the messaging driver to use for notifications. If # not set, we fall back to the same configuration used for RPC. # (string value) # Deprecated group/name - [DEFAULT]/notification_transport_url #transport_url = # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics # Deprecated group/name - [DEFAULT]/notification_topics #topics = notifications # The maximum number of attempts to re-send a notification message # which failed to be delivered due to a recoverable error. 0 - No # retry, -1 - indefinite (integer value) #retry = -1 [oslo_messaging_rabbit] # # From oslo.messaging # # Use durable queues in AMQP. If rabbit_quorum_queue is enabled, # queues will be durable and this value will be ignored. (boolean # value) #amqp_durable_queues = false # Auto-delete queues in AMQP. (boolean value) #amqp_auto_delete = false # Connect over SSL. (boolean value) # Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl #ssl = false # SSL version to use (valid only if SSL enabled). Valid values are # TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be # available on some distributions. (string value) # Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version #ssl_version = # SSL key file (valid only if SSL enabled). (string value) # Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile #ssl_key_file = # SSL cert file (valid only if SSL enabled). (string value) # Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile #ssl_cert_file = # SSL certification authority file (valid only if SSL enabled). # (string value) # Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs #ssl_ca_file = # Global toggle for enforcing the OpenSSL FIPS mode. This feature # requires Python support. This is available in Python 3.9 in all # environments and may have been backported to older Python versions # on select environments. If the Python executable used does not # support OpenSSL FIPS mode, an exception will be raised. (boolean # value) #ssl_enforce_fips_mode = false # Run the health check heartbeat thread through a native python thread # by default. If this option is equal to False then the health check # heartbeat will inherit the execution model from the parent process. # For example if the parent process has monkey patched the stdlib by # using eventlet/greenlet then the heartbeat will be run through a # green thread. This option should be set to True only for the wsgi # services. (boolean value) #heartbeat_in_pthread = false # How long to wait (in seconds) before reconnecting in response to an # AMQP consumer cancel notification. (floating point value) # Minimum value: 0.0 # Maximum value: 4.5 #kombu_reconnect_delay = 1.0 # EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression # will not be used. This option may not be available in future # versions. (string value) #kombu_compression = # How long to wait a missing client before abandoning to send it its # replies. This value should not be longer than rpc_response_timeout. # (integer value) # Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout #kombu_missing_consumer_retry_timeout = 60 # Determines how the next RabbitMQ node is chosen in case the one we # are currently connected to becomes unavailable. Takes effect only if # more than one RabbitMQ node is provided in config. (string value) # Possible values: # round-robin - # shuffle - #kombu_failover_strategy = round-robin # The RabbitMQ login method. (string value) # Possible values: # PLAIN - # AMQPLAIN - # EXTERNAL - # RABBIT-CR-DEMO - #rabbit_login_method = AMQPLAIN # How frequently to retry connecting with RabbitMQ. (integer value) #rabbit_retry_interval = 1 # How long to backoff for between retries when connecting to RabbitMQ. # (integer value) #rabbit_retry_backoff = 2 # Maximum interval of RabbitMQ connection retries. Default is 30 # seconds. (integer value) #rabbit_interval_max = 30 # Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change # this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, # queue mirroring is no longer controlled by the x-ha-policy argument # when declaring a queue. If you just want to make sure that all # queues (except those with auto-generated names) are mirrored across # all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha- # mode": "all"}' " (boolean value) #rabbit_ha_queues = false # Use quorum queues in RabbitMQ (x-queue-type: quorum). The quorum # queue is a modern queue type for RabbitMQ implementing a durable, # replicated FIFO queue based on the Raft consensus algorithm. It is # available as of RabbitMQ 3.8.0. If set this option will conflict # with the HA queues (``rabbit_ha_queues``) aka mirrored queues, in # other words the HA queues should be disabled, quorum queues durable # by default so the amqp_durable_queues opion is ignored when this # option enabled. (boolean value) #rabbit_quorum_queue = false # Each time a message is redelivered to a consumer, a counter is # incremented. Once the redelivery count exceeds the delivery limit # the message gets dropped or dead-lettered (if a DLX exchange has # been configured) Used only when rabbit_quorum_queue is enabled, # Default 0 which means dont set a limit. (integer value) #rabbit_quorum_delivery_limit = 0 # By default all messages are maintained in memory if a quorum queue # grows in length it can put memory pressure on a cluster. This option # can limit the number of messages in the quorum queue. Used only when # rabbit_quorum_queue is enabled, Default 0 which means dont set a # limit. (integer value) # Deprecated group/name - [oslo_messaging_rabbit]/rabbit_quroum_max_memory_length #rabbit_quorum_max_memory_length = 0 # By default all messages are maintained in memory if a quorum queue # grows in length it can put memory pressure on a cluster. This option # can limit the number of memory bytes used by the quorum queue. Used # only when rabbit_quorum_queue is enabled, Default 0 which means dont # set a limit. (integer value) # Deprecated group/name - [oslo_messaging_rabbit]/rabbit_quroum_max_memory_bytes #rabbit_quorum_max_memory_bytes = 0 # Positive integer representing duration in seconds for queue TTL # (x-expires). Queues which are unused for the duration of the TTL are # automatically deleted. The parameter affects only reply and fanout # queues. (integer value) # Minimum value: 1 #rabbit_transient_queues_ttl = 1800 # Specifies the number of messages to prefetch. Setting to zero allows # unlimited messages. (integer value) #rabbit_qos_prefetch_count = 0 # Number of seconds after which the Rabbit broker is considered down # if heartbeat's keep-alive fails (0 disables heartbeat). (integer # value) #heartbeat_timeout_threshold = 60 # How often times during the heartbeat_timeout_threshold we check the # heartbeat. (integer value) #heartbeat_rate = 2 # DEPRECATED: (DEPRECATED) Enable/Disable the RabbitMQ mandatory flag # for direct send. The direct send is used as reply, so the # MessageUndeliverable exception is raised in case the client queue # does not exist.MessageUndeliverable exception will be used to loop # for a timeout to lets a chance to sender to recover.This flag is # deprecated and it will not be possible to deactivate this # functionality anymore (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Mandatory flag no longer deactivable. #direct_mandatory_flag = true # Enable x-cancel-on-ha-failover flag so that rabbitmq server will # cancel and notify consumerswhen queue is down (boolean value) #enable_cancel_on_failover = false [oslo_policy] # # From oslo.policy # # This option controls whether or not to enforce scope when evaluating # policies. If ``True``, the scope of the token used in the request is # compared to the ``scope_types`` of the policy being enforced. If the # scopes do not match, an ``InvalidScope`` exception will be raised. # If ``False``, a message will be logged informing operators that # policies are being invoked with mismatching scope. (boolean value) #enforce_scope = false # This option controls whether or not to use old deprecated defaults # when evaluating policies. If ``True``, the old deprecated defaults # are not going to be evaluated. This means if any existing token is # allowed for old defaults but is disallowed for new defaults, it will # be disallowed. It is encouraged to enable this flag along with the # ``enforce_scope`` flag so that you can get the benefits of new # defaults and ``scope_type`` together. If ``False``, the deprecated # policy check string is logically OR'd with the new policy check # string, allowing for a graceful upgrade experience between releases # with new policies, which is the default behavior. (boolean value) #enforce_new_defaults = false # The relative or absolute path of a file that maps roles to # permissions for a given service. Relative paths must be specified in # relation to the configuration file setting this option. (string # value) #policy_file = policy.json # Default rule. Enforced when a requested rule is not found. (string # value) #policy_default_rule = default # Directories where policy configuration files are stored. They can be # relative to any directory in the search path defined by the # config_dir option, or absolute paths. The file defined by # policy_file must exist for these directories to be searched. # Missing or empty directories are ignored. (multi valued) #policy_dirs = policy.d # Content Type to send and receive data for REST based policy check # (string value) # Possible values: # application/x-www-form-urlencoded - # application/json - #remote_content_type = application/x-www-form-urlencoded # server identity verification for REST based policy check (boolean # value) #remote_ssl_verify_server_crt = false # Absolute path to ca cert file for REST based policy check (string # value) #remote_ssl_ca_crt_file = # Absolute path to client cert for REST based policy check (string # value) #remote_ssl_client_crt_file = # Absolute path client key file REST based policy check (string value) #remote_ssl_client_key_file = [postgresql] # Oslo option group for the PostgreSQL datastore. # # From trove.config # # Enable the periodic job to clean up WAL archive folder. (boolean # value) #enable_clean_wal_archives = true # Database docker image. (string value) #docker_image = postgres # The docker image used for backup and restore. (string value) #backup_docker_image = openstacktrove/db-backup-postgresql:1.1.2 # DEPRECATED: Whether to permit ICMP. (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #icmp = false # List of TCP ports and/or port ranges to open in the security group # (only applicable if trove_security_groups_support is True). (list # value) #tcp_ports = 5432 # List of UDP ports and/or port ranges to open in the security group # (only applicable if trove_security_groups_support is True). (list # value) #udp_ports = # The TCP port the server listens on. (port value) # Minimum value: 0 # Maximum value: 65535 #postgresql_port = 5432 # Default strategy to perform backups. (string value) #backup_strategy = pg_basebackup # Default strategy for replication. (string value) #replication_strategy = PostgresqlReplicationStreaming # Namespace to load replication strategies from. (string value) #replication_namespace = trove.guestagent.strategies.replication.postgresql # Filesystem path for mounting volumes if volume support is enabled. # (string value) #mount_point = /var/lib/postgresql # DEPRECATED: Filesystem path storing WAL archive files when WAL- # shipping based backups or replication is enabled. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Option is not used any more, will be removed in future # release. #wal_archive_location = /mnt/wal_archive # Enable the automatic creation of the root user for the service # during instance-create. The generated password for the root user is # immediately returned in the response of instance-create as the # 'password' field. (boolean value) #root_on_create = false # Whether to provision a Cinder volume for datadir. (boolean value) #volume_support = true # (string value) #device_path = /dev/vdb # (list value) #ignore_users = os_admin,postgres # (list value) #ignore_dbs = os_admin,postgres # Root controller implementation for postgresql. (string value) #root_controller = trove.extensions.common.service.DefaultRootController # List of Guest Logs to expose for publishing. (string value) #guest_log_exposed_logs = general # DEPRECATED: The time in milliseconds that a statement must take in # in order to be logged in the 'general' log. A value of '0' logs all # statements, while '-1' turns off statement logging. (integer value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Will be replaced by configuration group option: # log_min_duration_statement #guest_log_long_query_time = 0 # Character length of generated passwords. (integer value) # Deprecated group/name - [DEFAULT]/default_password_length #default_password_length = 36 [service_credentials] # Options related to Trove service credentials. # # From trove.config # # Keystone authentication URL. (uri value) # Deprecated group/name - [DEFAULT]/trove_auth_url #auth_url = https://0.0.0.0/identity/v3 # Trove service user name. (string value) # Deprecated group/name - [DEFAULT]/nova_proxy_admin_user #username = # Trove service user password. (string value) # Deprecated group/name - [DEFAULT]/nova_proxy_admin_pass #password = # Trove service project ID. (string value) # Deprecated group/name - [DEFAULT]/nova_proxy_admin_tenant_id #project_id = # Trove service project name. (string value) # Deprecated group/name - [DEFAULT]/nova_proxy_admin_tenant_name #project_name = # Keystone domain name of the Trove service user. (string value) # Deprecated group/name - [DEFAULT]/nova_proxy_admin_user_domain_name #user_domain_name = Default # Keystone domain name of the Trove service project. (string value) # Deprecated group/name - [DEFAULT]/nova_proxy_admin_project_domain_name #project_domain_name = Default # Keystone region name of the Trove service project. (string value) # Deprecated group/name - [DEFAULT]/os_region_name #region_name = RegionOne