[DEFAULT]
# concurrent live migrations are more likely to fail and are slower
# overall then serializing live migrations so set this to 1 explictly
max_concurrent_live_migrations=1
state_path = /var/lib/nova
# enable log rotation in oslo config by default
max_logfile_count=1
max_logfile_size_mb=20
log_rotation_type=size
debug=true
transport_url=**********

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[oslo_messaging_rabbit]
amqp_durable_queues=false
amqp_auto_delete=false
# we should consider using quorum queues instead
# rabbit_quorum_queue=true
heartbeat_in_pthread=false

[conductor]
# scaling should be done by running more pods
workers=1

[api]
# for compatibility with older release we override the default
# to be the empty string. This ensures no domain suffix is added
# to the instance name.
dhcp_domain = ''

[oslo_messaging_notifications]
driver = noop

[cache]
# always enable caching
enabled = True
# on compute nodes or where memcache is not deployed we should use an in memory
# dict cache
backend = oslo_cache.dict

[database]
connection = **********

[api_database]
connection = **********

[keystone_authtoken]
auth_url =  https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
# This is part of hardening related to CVE-2023-2088
# https://docs.openstack.org/nova/latest/configuration/config.html#keystone_authtoken.service_token_roles_required
# when enabled the service token user must have the service role to be considered valid.
service_token_roles_required = true

[placement]
auth_url =  https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
valid_interfaces = internal

[glance]
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
valid_interfaces = internal

[neutron]
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
valid_interfaces = internal
service_metadata_proxy = true

[cinder]
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
catalog_info = volumev3:cinderv3:internalURL

[barbican]
auth_url =  https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
barbican_endpoint_type = internal

[service_user]
send_service_user_token = true
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********

[oslo_limit]
system_scope = all
endpoint_interface = internal
endpoint_service_type = compute
endpoint_region_name = regionOne
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
user_domain_name = Default
username = **********
password = **********

[upgrade_levels]
compute = auto

[oslo_reports]
# api services need file based GMR trigger as apache disables signal handling
file_event_handler=/var/lib/nova