[DEFAULT]
# concurrent live migrations are more likely to fail and are slower
# overall then serializing live migrations so set this to 1 explictly
max_concurrent_live_migrations=1
state_path = /var/lib/nova
allow_resize_to_same_host = true
# enable log rotation in oslo config by default
max_logfile_count=1
max_logfile_size_mb=20
log_rotation_type=size
log_file = /var/log/nova/nova-api.log
debug=true
transport_url=**********
# scaling should be done by running more pods
osapi_compute_workers=1
enabled_apis=osapi_compute

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[oslo_messaging_rabbit]
amqp_durable_queues=false
amqp_auto_delete=false
# we should consider using quorum queues instead
# rabbit_quorum_queue=true
# We cannot set this to true while is
# https://review.opendev.org/c/openstack/oslo.log/+/852443 is not used in the
# nova-api image otherwise logging from the heartbeat thread will cause hangs.
heartbeat_in_pthread=false

[oslo_policy]
enforce_new_defaults=true
enforce_scope=true
policy_file=/etc/nova/policy.yaml

[api]
# for compatibility with older release we override the default
# to be the empty string. This ensures no domain suffix is added
# to the instance name.
dhcp_domain = ''
auth_strategy = keystone

[oslo_middleware]
enable_proxy_headers_parsing = True

[wsgi]
api_paste_config = /etc/nova/api-paste.ini

[oslo_messaging_notifications]
driver = noop

[cache]
# always enable caching
enabled = True
# on contoler we prefer to use memcache when its deployed
backend = oslo_cache.memcache_pool
memcache_servers=memcached-0.memcached.openstack.svc:11212
memcache_socket_timeout = 0.5
memcache_pool_connection_get_timeout = 1
memcache_dead_retry = 30
tls_enabled=true

[database]
connection = **********

[api_database]
connection = **********

[keystone_authtoken]
www_authenticate_uri = https://keystone-internal.openstack.svc:5000
memcached_servers=inet:[memcached-0.memcached.openstack.svc]:11211
auth_url =  https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
# This is part of hardening related to CVE-2023-2088
# https://docs.openstack.org/nova/latest/configuration/config.html#keystone_authtoken.service_token_roles_required
# when enabled the service token user must have the service role to be considered valid.
service_token_roles_required = true

[placement]
auth_url =  https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
valid_interfaces = internal

[glance]
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
valid_interfaces = internal

[neutron]
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
valid_interfaces = internal
service_metadata_proxy = true

[cinder]
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
catalog_info = volumev3:cinderv3:internalURL

[barbican]
auth_url =  https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
barbican_endpoint_type = internal

[service_user]
send_service_user_token = true
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********

[oslo_limit]
system_scope = all
endpoint_interface = internal
endpoint_service_type = compute
endpoint_region_name = regionOne
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
user_domain_name = Default
username = **********
password = **********

[upgrade_levels]
compute = auto

[oslo_reports]
# api services need file based GMR trigger as apache disables signal handling
file_event_handler=/var/lib/nova