[DEFAULT] # # Options defined in oslo.messaging # # Use durable queues in amqp. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_durable_queues #amqp_durable_queues=false # Auto-delete queues in amqp. (boolean value) #amqp_auto_delete=false # Size of RPC connection pool. (integer value) #rpc_conn_pool_size=30 # Qpid broker hostname. (string value) #qpid_hostname=localhost # Qpid broker port. (integer value) #qpid_port=5672 # Qpid HA cluster host:port pairs. (list value) #qpid_hosts=$qpid_hostname:$qpid_port # Username for Qpid connection. (string value) #qpid_username= # Password for Qpid connection. (string value) #qpid_password= # Space separated list of SASL mechanisms to use for auth. # (string value) #qpid_sasl_mechanisms= # Seconds between connection keepalive heartbeats. (integer # value) #qpid_heartbeat=60 # Transport to use, either 'tcp' or 'ssl'. (string value) #qpid_protocol=tcp # Whether to disable the Nagle algorithm. (boolean value) #qpid_tcp_nodelay=true # The qpid topology version to use. Version 1 is what was # originally used by impl_qpid. Version 2 includes some # backwards-incompatible changes that allow broker federation # to work. Users should update to version 2 when they are # able to take everything down, as it requires a clean break. # (integer value) #qpid_topology_version=1 # SSL version to use (valid only if SSL enabled). valid values # are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some # distributions. (string value) #kombu_ssl_version= # SSL key file (valid only if SSL enabled). (string value) #kombu_ssl_keyfile= # SSL cert file (valid only if SSL enabled). (string value) #kombu_ssl_certfile= # SSL certification authority file (valid only if SSL # enabled). (string value) #kombu_ssl_ca_certs= # How long to wait before reconnecting in response to an AMQP # consumer cancel notification. (floating point value) #kombu_reconnect_delay=1.0 # The RabbitMQ broker address where a single node is used. # (string value) #rabbit_host=localhost # The RabbitMQ broker port where a single node is used. # (integer value) #rabbit_port=5672 # RabbitMQ HA cluster host:port pairs. (list value) #rabbit_hosts=$rabbit_host:$rabbit_port # Connect over SSL for RabbitMQ. (boolean value) #rabbit_use_ssl=false # The RabbitMQ userid. (string value) #rabbit_userid=guest # The RabbitMQ password. (string value) #rabbit_password=guest # the RabbitMQ login method (string value) #rabbit_login_method=AMQPLAIN # The RabbitMQ virtual host. (string value) #rabbit_virtual_host=/ # How frequently to retry connecting with RabbitMQ. (integer # value) #rabbit_retry_interval=1 # How long to backoff for between retries when connecting to # RabbitMQ. (integer value) #rabbit_retry_backoff=2 # Maximum number of RabbitMQ connection retries. Default is 0 # (infinite retry count). (integer value) #rabbit_max_retries=0 # Use HA queues in RabbitMQ (x-ha-policy: all). If you change # this option, you must wipe the RabbitMQ database. (boolean # value) #rabbit_ha_queues=false # If passed, use a fake RabbitMQ provider. (boolean value) #fake_rabbit=false # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) #rpc_zmq_bind_address=* # MatchMaker driver. (string value) #rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) #rpc_zmq_port=9501 # Number of ZeroMQ contexts, defaults to 1. (integer value) #rpc_zmq_contexts=1 # Maximum number of ingress messages to locally buffer per # topic. Default is unlimited. (integer value) #rpc_zmq_topic_backlog= # Directory for holding IPC sockets. (string value) #rpc_zmq_ipc_dir=/var/run/openstack # Name of this node. Must be a valid hostname, FQDN, or IP # address. Must match "host" option, if running Nova. (string # value) #rpc_zmq_host=nova # Seconds to wait before a cast expires (TTL). Only supported # by impl_zmq. (integer value) #rpc_cast_timeout=30 # Heartbeat frequency. (integer value) #matchmaker_heartbeat_freq=300 # Heartbeat time-to-live. (integer value) #matchmaker_heartbeat_ttl=600 # Size of RPC greenthread pool. (integer value) #rpc_thread_pool_size=64 # Driver or drivers to handle sending notifications. (multi # valued) #notification_driver= # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics #notification_topics=notifications # Seconds to wait for a response from a call. (integer value) #rpc_response_timeout=60 # A URL representing the messaging driver to use and its full # configuration. If not set, we fall back to the rpc_backend # option and driver specific configuration. (string value) #transport_url= # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) #rpc_backend=rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the # transport_url option. (string value) #control_exchange=openstack [keystone_authtoken] # # Options defined in keystoneclient.middleware.auth_token # # Prefix to prepend at the beginning of the path. Deprecated, # use identity_uri. (string value) #auth_admin_prefix= # Host providing the admin Identity API endpoint. Deprecated, # use identity_uri. (string value) #auth_host=127.0.0.1 # Port of the admin Identity API endpoint. Deprecated, use # identity_uri. (integer value) #auth_port=35357 # Protocol of the admin Identity API endpoint (http or https). # Deprecated, use identity_uri. (string value) #auth_protocol=https # Complete public Identity API endpoint (string value) #auth_uri= # Complete admin Identity API endpoint. This should specify # the unversioned root endpoint e.g. https://localhost:35357/ # (string value) #identity_uri= # API version of the admin Identity API endpoint (string # value) #auth_version= # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI # components (boolean value) #delay_auth_decision=false # Request timeout value for communicating with Identity API # server. (boolean value) #http_connect_timeout= # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries=3 # This option is deprecated and may be removed in a future # release. Single shared secret with the Keystone # configuration used for bootstrapping a Keystone # installation, or otherwise bypassing the normal # authentication process. This option should not be used, use # `admin_user` and `admin_password` instead. (string value) #admin_token= # Keystone account username (string value) #admin_user= # Keystone account password (string value) #admin_password= # Keystone service account tenant name to validate user tokens # (string value) #admin_tenant_name=admin # Env key for the swift cache (string value) #cache= # Required if Keystone server requires client certificate # (string value) #certfile= # Required if Keystone server requires client certificate # (string value) #keyfile= # A PEM encoded Certificate Authority to use when verifying # HTTPs connections. Defaults to system CAs. (string value) #cafile= # Verify HTTPS connections. (boolean value) #insecure=false # Directory used to cache files related to PKI tokens (string # value) #signing_dir= # Optionally specify a list of memcached server(s) to use for # caching. If left undefined, tokens will instead be cached # in-process. (list value) # Deprecated group/name - [DEFAULT]/memcache_servers #memcached_servers= # In order to prevent excessive effort spent validating # tokens, the middleware caches previously-seen tokens for a # configurable duration (in seconds). Set to -1 to disable # caching completely. (integer value) #token_cache_time=300 # Determines the frequency at which the list of revoked tokens # is retrieved from the Identity service (in seconds). A high # number of revocation events combined with a low cache # duration may significantly reduce performance. (integer # value) #revocation_cache_time=10 # (optional) if defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable # values are MAC or ENCRYPT. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token # data is encrypted and authenticated in the cache. If the # value is not one of these options or empty, auth_token will # raise an exception on initialization. (string value) #memcache_security_strategy= # (optional, mandatory if memcache_security_strategy is # defined) this string is used for key derivation. (string # value) #memcache_secret_key= # (optional) indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) #include_service_catalog=true # Used to control the use and type of token binding. Can be # set to: "disabled" to not check token binding. "permissive" # (default) to validate binding information if the bind type # is of a form known to the server and ignore it if not. # "strict" like "permissive" but if the bind type is unknown # the token will be rejected. "required" any form of token # binding is needed to be allowed. Finally the name of a # binding method that must be present in tokens. (string # value) #enforce_token_bind=permissive # If true, the revocation list will be checked for cached # tokens. This requires that PKI tokens are configured on the # Keystone server. (boolean value) #check_revocations_for_cached=false # Hash algorithms to use for hashing PKI tokens. This may be a # single algorithm or multiple. The algorithms are those # supported by Python standard hashlib.new(). The hashes will # be tried in the order given, so put the preferred one first # for performance. The result of the first hash will be stored # in the cache. This will typically be set to multiple values # only while migrating from a less secure algorithm to a more # secure one. Once all the old tokens are expired this option # should be set to a single value for better performance. # (list value) #hash_algorithms=md5 [matchmaker_redis] # # Options defined in oslo.messaging # # Host to locate redis. (string value) #host=127.0.0.1 # Use this port to connect to redis host. (integer value) #port=6379 # Password for Redis server (optional). (string value) #password= [matchmaker_ring] # # Options defined in oslo.messaging # # Matchmaker ring file (JSON). (string value) # Deprecated group/name - [DEFAULT]/matchmaker_ringfile #ringfile=/etc/oslo/matchmaker_ring.json