[DEFAULT]
# concurrent live migrations are more likely to fail and are slower
# overall then serializing live migrations so set this to 1 explicitly
max_concurrent_live_migrations=1
state_path = /var/lib/nova
# enable log rotation in oslo config by default
max_logfile_count=1
max_logfile_size_mb=20
log_rotation_type=size
debug=true
transport_url=**********

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[oslo_messaging_rabbit]
rabbit_quorum_queue=true
rabbit_transient_quorum_queue=true
amqp_durable_queues=true
heartbeat_in_pthread=false

[filter_scheduler]
available_filters = nova.scheduler.filters.all_filters
enabled_filters = AggregateInstanceExtraSpecsFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter,DifferentHostFilter,PciPassthroughFilter,NUMATopologyFilter
# until we can disable upcalls we can't turn this off by default
# track_instance_changes = false
shuffle_best_same_weighed_hosts = true

[scheduler]
max_attempts = 10
# scaling should be done by running more pods
workers = 1
limit_tenants_to_placement_aggregate=true
placement_aggregate_required_for_tenants=false
query_placement_for_routed_network_aggregates=true
query_placement_for_availability_zone=true
query_placement_for_image_type_support=true
enable_isolated_aggregate_filtering=true
image_metadata_prefilter=true

[api]
# for compatibility with older release we override the default
# to be the empty string. This ensures no domain suffix is added
# to the instance name.
dhcp_domain = ''

[oslo_messaging_notifications]
driver = noop

[cache]
# always enable caching
enabled = True
# on controller we prefer to use memcache when its deployed
backend = oslo_cache.memcache_pool
memcache_servers=memcached-0.memcached.openstack.svc:11212
memcache_socket_timeout = 0.5
memcache_pool_connection_get_timeout = 1
memcache_dead_retry = 30
tls_enabled=true

[workarounds]
disable_fallback_pcpu_query=true

[database]
connection = **********

[api_database]
connection = **********

[keystone_authtoken]
memcached_servers=memcached-0.memcached.openstack.svc:11212
auth_url =  https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
# This is part of hardening related to CVE-2023-2088
# https://docs.openstack.org/nova/latest/configuration/config.html#keystone_authtoken.service_token_roles_required
# when enabled the service token user must have the service role to be considered valid.
service_token_roles_required = true

[placement]
auth_url =  https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
valid_interfaces = internal

[glance]
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
valid_interfaces = internal

[neutron]
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
valid_interfaces = internal
service_metadata_proxy = true

[cinder]
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
catalog_info = volumev3:cinderv3:internalURL

[barbican]
auth_url =  https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********
region_name = regionOne
barbican_endpoint_type = internal

[service_user]
send_service_user_token = true
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = **********
password = **********

[oslo_limit]
system_scope = all
endpoint_interface = internal
endpoint_service_type = compute
endpoint_region_name = regionOne
auth_url = https://keystone-internal.openstack.svc:5000
auth_type = password
user_domain_name = Default
username = **********
password = **********

[upgrade_levels]
compute = auto

[oslo_reports]
# api services need file based GMR trigger as apache disables signal handling
file_event_handler=/var/lib/nova