Red Hat SummitChapter 10. manila
The following chapter contains information about the configuration options in the manila service.
10.1. manila.conf
This section contains options for the /etc/manila/manila.conf file.
10.1.1. DEFAULT
The following table outlines the options available under the [DEFAULT] group in the /etc/manila/manila.conf file.
.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| string value | If share driver requires to setup admin network for share, then define network plugin config options in some separate config group and set its name here. Used only with another option driver_handles_share_servers set to True. |
|
| string value | ID of neutron network used to communicate with admin network, to create additional admin export locations on. |
|
| string value | ID of neutron subnet used to communicate with admin network, to create additional admin export locations on. Related to admin_network_id. |
|
| string value | File name for the paste.deploy config for api service |
|
| boolean value | Whether to rate limit the API. |
|
| host address value | IP address for the AS13000 storage. |
|
| string value | Username for the AS13000 storage |
|
| string value | Password for the AS13000 storage |
|
| port value | Port number for the AS13000 storage. |
|
| list value | The Storage Pools Manila should use, a comma separated list |
|
| integer value | The effective time of token validity in seconds. |
|
| string value | The strategy to use for auth. Supports noauth, keystone, and noauthv2. |
|
| boolean value | If set to True, then Manila will delete all share servers which were unused more than specified time .If set to False - automatic deletion of share servers will be disabled. |
|
| string value | Enable eventlet backdoor. Acceptable values are 0, <port>, and <start>:<end>, where 0 results in listening on a random tcp port number; <port> results in listening on the specified port number (and not enabling backdoor if that port is in use); and <start>:<end> results in listening on the smallest unused port number within the specified range of port numbers. The chosen port is displayed in the service’s log file. |
|
| string value | Enable eventlet backdoor, using the provided path as a unix socket that can receive connections. This option is mutually exclusive with backdoor_port in that only one should be provided. If both are provided then the existence of this option overrides the usage of that option. Inside the path {pid} will be replaced with the PID of the current process. |
|
| string value |
Availability zone for this share backend. If not set, the |
|
| string value | The back end URL to use for distributed coordination. |
|
| floating point value | Multiplier used for weighing share capacity. Negative numbers mean to stack vs spread. |
|
| string value | The name of the ceph auth identity to use. |
|
| string value | The name of the cluster in use, if it is not the default (ceph). |
| `cephfs_conf_path = ` | string value | Fully qualified path to the ceph.conf file. |
|
| string value | The name of the filesystem to use, if there are multiple filesystems in the cluster. |
| `cephfs_ganesha_export_ips = ` | list value | List of IPs to export shares. If not supplied, then the value of cephfs_ganesha_server_ip will be used to construct share export locations. |
|
| string value | The path of the driver host’s private SSH key file. |
|
| host address value | The IP address of the NFS-Ganesha server. |
|
| boolean value | Whether the NFS-Ganesha server is remote to the driver. |
|
| string value | The password to authenticate as the user in the remote Ganesha server host. This is not required if cephfs_ganesha_path_to_private_key is configured. |
|
| string value | The username to authenticate as in the remote NFS-Ganesha server host. |
|
| string value | The type of protocol helper to use. Default is CEPHFS. |
|
| string value | The read/write/execute permissions mode for CephFS volumes, snapshots, and snapshot groups expressed in Octal as with linux chmod or umask commands. |
|
| string value | The prefix of the cephfs volume path. Deprecated since: Wallaby *Reason:*This option is not used starting with the Nautilus release of Ceph. |
|
| string value | Name or id of cinder volume type which will be used for all volumes created by driver. |
|
| integer value | Timeout for client connections' socket operations. If an incoming connection is idle for this number of seconds it will be closed. A value of 0 means wait forever. |
|
| string value | The full class name of the Compute API class to use. |
|
| integer value | The pool size limit for connections expiration policy |
|
| integer value | The time-to-live in sec of idle connections in the pool |
|
| boolean value | Attach share server directly to share network. Used only with Neutron and if driver_handles_share_servers=True. |
|
| boolean value | Determines whether to allow guest access to CIFS share or not. |
|
| string value | Container helper which provides container-related operations to the driver. |
|
| string value | Image to be used for a container-based share server. |
|
| string value | Linux bridge used by container hypervisor to plug host-side veth to. It will be unplugged from here by the driver. |
|
| string value | OVS bridge to use to plug a container to. |
|
| string value | Helper which facilitates interaction with share server. |
|
| string value | Helper which facilitates interaction with security services. |
|
| string value | Helper which facilitates interaction with storage solution used to actually store data. By default LVM is used to provide storage for a share. |
|
| string value | LVM volume group to use for volumes. This volume group must be created by the cloud administrator independently from manila operations. |
|
| string value | Folder name in host to which logical volume will be mounted prior to providing access to it from a container. |
|
| string value | The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option. |
|
| integer value | Time to wait for access rules to be allowed/denied on backends when migrating a share (seconds). |
|
| string value | Full class name for the data manager. |
|
| string value | The admin user name registered in the security service in order to allow access to user authentication-based shares. |
|
| string value | The certificate installed in the data node in order to allow access to certificate authentication-based shares. |
|
| list value | A list of the IPs of the node interface connected to the admin network. Used for allowing access to the mounting shares. Default is []. |
|
| dict value | Mount options to be included in the mount command for share protocols. Use dictionary format, example: {nfs: -o nfsvers=3, cifs: -o user=foo,pass=bar} |
|
| string value | The topic data nodes listen on. |
|
| string value | The backend to use for database. |
|
| string value | Driver to use for database access. |
|
| boolean value | If set to true, the logging level will be set to DEBUG instead of the default INFO level. |
|
| list value | List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set. |
|
| string value | Default share group type to use. |
|
| string value | Default share type to use. |
|
| boolean value | Whether share servers will be deleted on deletion of the last share. |
|
| boolean value | There are two possible approaches for share drivers in Manila. First is when share driver is able to handle share-servers and second when not. Drivers can support either both or only one of these approaches. So, set this opt to True if share driver is able to handle share servers and it is desired mode else set False. It is set to None by default to make this choice intentional. |
|
| string value | The full class name of the Private Data Driver class to use. |
|
| string value | User name for the EMC server. |
|
| string value | Password for the EMC server. |
|
| string value | The root directory where shares will be located. |
|
| host address value | EMC server hostname or IP address. |
|
| port value | Port number for the EMC server. |
|
| boolean value | Use secure connection to server. |
|
| string value | Share backend. |
|
| string value | Can be used to specify a non default path to a CA_BUNDLE file or directory with certificates of trusted CAs, which will be used to validate the backend. |
|
| boolean value | If set to False the https client will not validate the SSL certificate of the backend endpoint. |
|
| boolean value | If set to True, share usage size will be polled for in the interval specified with "share_usage_size_update_interval". Usage data can be consumed by telemetry integration. If telemetry is not configured, this option must be set to False. If set to False - gathering share usage size will be disabled. |
|
| boolean value | Services to be added to the available pool on create. |
|
| boolean value | Whether to enable periodic hooks or not. |
|
| boolean value | Whether to enable post hooks or not. |
|
| boolean value | Whether to enable pre hooks or not. |
|
| list value | A list of share backend names to use. These backend names should be backed by a unique [CONFIG] group with its options. |
|
| list value | Specify list of protocols to be allowed for share creation. Available values are ['NFS, CIFS, GLUSTERFS, HDFS, CEPHFS, MAPRFS]' |
|
| integer value | Size of executor thread pool when executor is threading or eventlet. |
|
| boolean value | Enables or disables fatal status of deprecations. |
|
| boolean value | Whether to make exception message format errors fatal. |
|
| string value | String representation for an equation that will be used to filter hosts. |
|
| string value | API token for an administrative user account |
|
| host address value | The name (or IP address) for the Pure Storage FlashBlade storage system data VIP. |
|
| boolean value | When enabled, all FlashBlade file systems and snapshots will be eradicated at the time of deletion in Manila. Data will NOT be recoverable after a delete with this set to True! When disabled, file systems and snapshots will go into pending eradication state and can be recovered.) |
|
| host address value | The name (or IP address) for the Pure Storage FlashBlade storage system management VIP. |
|
| string value | Directory where Ganesha config files are stored. |
|
| string value | Path to main Ganesha config file. |
|
| string value | Location of Ganesha database file. (Ganesha module only.) |
|
| string value | Path to directory containing Ganesha export configuration. (Ganesha module only.) |
|
| string value | Path to directory containing Ganesha export block templates. (Ganesha module only.) |
|
| string value | Name of the Ceph RADOS object used as the Ganesha export counter. |
|
| string value | Name of the Ceph RADOS object used to store a list of the export RADOS object URLS. |
|
| boolean value | Persist Ganesha exports and export counter in Ceph RADOS objects, highly available storage. |
|
| string value | Name of the Ceph RADOS pool to store Ganesha exports and export counter. |
|
| string value | Name of the ganesha nfs service. |
|
| host address value | Remote Ganesha server node’s IP address. |
|
| string value | Remote Ganesha server node’s login password. This is not required if glusterfs_path_to_private_key is configured. |
|
| string value | Remote Ganesha server node’s username. |
|
| string value | Base directory containing mount points for Gluster volumes. |
|
| string value | Type of NFS server that mediate access to the Gluster volumes (Gluster or Ganesha). |
|
| string value | Path of Manila host’s private SSH key file. |
|
| string value | Remote GlusterFS server node’s login password. This is not required if glusterfs_path_to_private_key is configured. |
|
| list value | List of GlusterFS servers that can be used to create shares. Each GlusterFS server should be of the form [remoteuser@]<volserver>, and they are assumed to belong to distinct Gluster clusters. |
|
| string value | Specifies GlusterFS share layout, that is, the method of associating backing GlusterFS resources to shares. |
|
| string value | Specifies the GlusterFS volume to be mounted on the Manila host. It is of the form [remoteuser@]<volserver>:<volid>. |
|
| string value | Regular expression template used to filter GlusterFS volumes for share creation. The regex template can optionally (ie. with support of the GlusterFS backend) contain the {size} parameter which matches an integer (sequence of digits) in which case the value shall be interpreted as size of the volume in GB. Examples: "manila-share-volume-\d+$", "manila-share-volume-{size}G-\d+$"; with matching volume names, respectively: "manila-share-volume-12", "manila-share-volume-3G-13". In latter example, the number that matches "#{size}", that is, 3, is an indication that the size of volume is 3G. |
|
| string value | String representation for an equation that will be used to determine the goodness of a host. |
|
| string value | Base folder where exported shares are located. |
|
| list value | A list of the fully qualified NFS server names that make up the OpenStack Manila configuration. |
|
| string value | NFS Server type. Valid choices are "CES" (Ganesha NFS) or "KNFS" (Kernel NFS). |
|
| host address value | IP to be added to GPFS export string. |
|
| list value | Specify list of share export helpers. |
|
| string value | GPFS server SSH login name. |
|
| string value | GPFS server SSH login password. The password is not needed, if gpfs_ssh_private_key is configured. |
|
| port value | GPFS server SSH port. |
|
| string value | Path to GPFS server SSH private key for login. |
|
| integer value | Specify a timeout after which a gracefully shutdown server will exit. Zero value means endless wait. |
|
| host address value | The IP of the HDFS namenode. |
|
| port value | The port of HDFS namenode service. |
|
| string value | HDFS namenode ssh login name. |
|
| port value | HDFS namenode SSH port. |
|
| string value | Path to HDFS namenode SSH private key for login. |
|
| string value | HDFS namenode SSH login password, This parameter is not necessary, if hdfs_ssh_private_key is configured. |
|
| host address value | Specify IP for mounting shares in the Admin network. |
|
| boolean value | By default, CIFS snapshots are not allowed to be taken when the share has clients connected because consistent point-in-time replica cannot be guaranteed for all files. Enabling this might cause inconsistent snapshots on CIFS shares. |
|
| host address value | The IP of the clusters admin node. Only set in HNAS multinode clusters. |
|
| string value | Python class to be used for driver helper. |
|
| integer value | Specify which EVS this backend is assigned to. |
|
| host address value | Specify IP for mounting shares. |
|
| string value | Specify file-system name for creating shares. |
|
| host address value | HNAS management interface IP for communication between Manila controller and HNAS. |
|
| string value | HNAS user password. Required only if private key is not provided. |
|
| string value | RSA/DSA private key value used to connect into HNAS. Required only if password is not provided. |
|
| integer value | The time (in seconds) to wait for stalled HNAS jobs before aborting. |
|
| string value | HNAS username Base64 String in order to perform tasks such as create file-systems and network interfaces. |
|
| host address value | HSP management host for communication between Manila controller and HSP. |
|
| string value | HSP password for the username provided. |
|
| string value | HSP username to perform tasks such as create filesystems and shares. |
|
| list value | Driver(s) to perform some additional actions before and after share driver actions and on a periodic basis. Default is []. |
|
| host address value | Name of this node. This can be an opaque identifier. It is not necessarily a hostname, FQDN, or IP address. |
| `hpe3par_api_url = ` | string value | 3PAR WSAPI Server Url like https://<3par ip>:8080/api/v1 |
|
| string value | File system domain for the CIFS admin user. |
| `hpe3par_cifs_admin_access_password = ` | string value | File system admin password for CIFS. |
| `hpe3par_cifs_admin_access_username = ` | string value | File system admin user name for CIFS. |
|
| boolean value | Enable HTTP debugging to 3PAR |
|
| FPG | The File Provisioning Group (FPG) to use |
|
| boolean value | Use one filestore per share |
| `hpe3par_password = ` | string value | 3PAR password for the user specified in hpe3par_username |
|
| boolean value | Require IP access rules for CIFS (in addition to user) |
|
| host address value | IP address of SAN controller |
| `hpe3par_san_login = ` | string value | Username for SAN controller |
| `hpe3par_san_password = ` | string value | Password for SAN controller |
|
| port value | SSH port to use with SAN |
|
| string value | The path where shares will be mounted when deleting nested file trees. |
| `hpe3par_username = ` | string value | 3PAR username with the edit role |
|
| string value | The full class name of the Glance API class to use. |
|
| host address value | The name (or IP address) for the INFINIDAT Infinibox storage system. |
|
| string value | Administrative user account name used to access the INFINIDAT Infinibox storage system. |
|
| string value | Password for the administrative user account specified in the infinibox_login option. |
|
| string value | Name of the NAS network space on the INFINIDAT InfiniBox. |
|
| string value | Name of the pool from which volumes are allocated. |
|
| boolean value | Suppress requests library SSL certificate warnings. |
|
| boolean value | Use thin provisioning. |
|
| boolean value | Use SSL to connect to the INFINIDAT Infinibox storage system. |
|
| host address value | Infortrend NAS IP for management. |
|
| string value | Password for the Infortrend NAS server. This is not necessary if infortrend_nas_ssh_key is set. |
|
| string value | SSH key for the Infortrend NAS server. This is not necessary if infortrend_nas_password is set. |
|
| string value | User for the Infortrend NAS server. |
|
| list value | Comma separated list of Infortrend channels. |
|
| list value | Comma separated list of Infortrend NAS pools. |
|
| integer value | SSH timeout in seconds. |
| `instance_format = [instance: %(uuid)s] ` | string value | The format for an instance that is passed with the log message. |
| `instance_uuid_format = [instance: %(uuid)s] ` | string value | The format for an instance UUID that is passed with the log message. |
|
| host address value | IP address for the InStorage. |
|
| string value | Username for the InStorage. |
|
| string value | Password for the InStorage. |
|
| list value | The Storage Pools Manila should use, a comma separated list. |
|
| port value | Port number for the InStorage. |
|
| string value |
Module path to the Virtual Interface (VIF) driver class. This option is used only by drivers operating in |
|
| boolean value | True:when Manila services are running on one of the Spectrum Scale node. False:when Manila services are not running on any of the Spectrum Scale node. |
|
| string value | Options to use when exporting a share using kernel NFS server. Note that these defaults can be overridden when a share is created by passing metadata with key name export_options. |
|
| boolean value | Block SSH connection to the service instance from other networks than service network. |
|
| string value | The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, log-date-format). |
|
| string value | Defines the format string for %%(asctime)s in log records. Default: %(default)s . This option is ignored if log_config_append is set. |
|
| string value | (Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set. |
|
| string value | (Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set. |
|
| boolean value | Enables or disables logging values of all registered options when starting a service (at DEBUG level). |
|
| integer value | The amount of time before the log files are rotated. This option is ignored unless log_rotation_type is setto "interval". |
|
| string value | Rotation interval type. The time of the last file change (or the time when the service was started) is used when scheduling the next rotation. |
|
| string value | Log rotation type. |
|
| string value | Format string to use for log messages with context. Used by oslo_log.formatters.ContextFormatter |
|
| string value | Additional data to append to log message when logging level for the message is DEBUG. Used by oslo_log.formatters.ContextFormatter |
|
| string value | Format string to use for log messages when context is undefined. Used by oslo_log.formatters.ContextFormatter |
|
| string value | Prefix each line of exception output with this format. Used by oslo_log.formatters.ContextFormatter |
|
| string value | Defines the format string for %(user_identity)s that is used in logging_context_format_string. Used by oslo_log.formatters.ContextFormatter |
|
| list value | List of IPs to export shares belonging to the LVM storage driver. |
|
| string value | Base folder where exported shares are located. |
|
| list value | Specify list of share export helpers. |
|
| integer value | If set, create LVMs with multiple mirrors. Note that this requires lvm_mirrors + 2 PVs with available space. |
|
| string value | Name for the VG that will contain exported shares. |
|
| string value | The configuration file for the Manila Huawei driver. |
|
| string value | Keypair name that will be created and used for service instances. Only used if driver_handles_share_servers=True. |
|
| string value | Path in MapRFS where share volumes must be created. |
|
| list value | The list of IPs or hostnames of CLDB nodes. |
|
| list value | The list of IPs or hostnames of nodes where mapr-core is installed. |
|
| boolean value | Specify whether existing volume should be renamed when start managing. |
|
| string value | Cluster admin user ssh login name. |
|
| port value | CLDB node SSH port. |
|
| string value | Path to SSH private key for login. |
|
| string value | Cluster node SSH login password, This parameter is not necessary, if maprfs_ssh_private_key is configured. |
|
| list value | The list of IPs or hostnames of ZooKeeper nodes. |
|
| integer value | Number of seconds between subsequent usage refreshes. |
|
| integer value | Maximum number of volume gigabytes to allow per host. |
|
| integer value | Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated when keystone is configured to use PKI tokens with big service catalogs). |
|
| integer value | Maximum number of rotated log files. |
|
| integer value | Log file maximum size in MB. This option is ignored if "log_rotation_type" is not set to "size". |
|
| floating point value | Float representation of the over subscription ratio when thin provisioning is involved. Default ratio is 20.0, meaning provisioned capacity can be 20 times the total physical capacity. If the ratio is 10.5, it means provisioned capacity can be 10.5 times the total physical capacity. A ratio of 1.0 means provisioned capacity cannot exceed the total physical capacity. A ratio lower than 1.0 is invalid. |
|
| integer value | Maximum sum of gigabytes a share server can have considering all its share instances and snapshots. |
|
| integer value | Maximum number of share instances created in a share server. |
|
| integer value | Maximum time to wait for attaching cinder volume. |
|
| integer value | Maximum time in seconds to wait for creating service instance. |
|
| integer value | Maximum time to wait for creating cinder volume. |
|
| integer value | Maximum time to wait for extending cinder volume. |
|
| list value | Memcached servers or None for in process cache. |
|
| integer value | Interval between periodic task runs to clean expired messages in seconds. |
|
| integer value | Message minimum life in seconds. |
|
| integer value | This value, specified in seconds, determines how often the share manager will poll the driver to perform the next step of migration in the storage backend, for a migrating share. |
|
| list value | List of files and folders to be ignored when migrating shares. Items should be names (not including any path). |
|
| boolean value | Specify whether read only access rule mode is supported in this backend. Obsolete. |
|
| boolean value | Whether to log monkey patching. |
|
| list value | List of modules or decorators to monkey patch. |
|
| host address value | IP address of this host. |
|
| string value | Pattern for searching available aggregates for provisioning. |
|
| integer value | The maximum time in seconds that the cached aggregates status will be considered valid. Trying to read the expired cache leads to refreshing it. |
|
| list value | The NFS protocol versions that will be enabled. Supported values include nfs3, nfs4.0, nfs4.1. This option only applies when the option driver_handles_share_servers is set to True. |
|
| list value | NetApp FPolicy file operations to apply to a FPolicy event, when not provided by the user using "netapp:fpolicy_file_operations" extra-spec. |
|
| string value | NetApp FPolicy policy name template. |
|
| string value | NetApp FPolicy policy name template. |
|
| string value | Logical interface (LIF) name template |
|
| string value | Administrative user account name used to access the storage system. |
|
| integer value | The maximum time in seconds that migration cancel waits for all migration operations be completely aborted. |
|
| string value | Password for the administrative user account specified in the netapp_login option. |
|
| string value | Pattern for overriding the selection of network ports on which to create Vserver LIFs. |
|
| string value | NetApp QoS policy group name template. |
|
| string value | This option forces all existing shares to have their snapshot directory visibility set to either visible or hidden during driver startup. If set to default, nothing will be changed during startup. This will not affect new shares, which will have their snapshot directory always visible, unless toggled by the share type extra spec netapp:hide_snapdir. |
|
| string value | Root volume name. |
|
| string value | Name of aggregate to create Vserver root volumes on. This option only applies when the option driver_handles_share_servers is set to True. |
|
| host address value | The hostname (or IP address) for the storage system. |
|
| boolean value | Specify if the capacity check must be made by the driver while performing a share server migration. If enabled, the driver will validate if the destination backend can hold all shares and snapshots capacities from the source share server. |
|
| integer value | The maximum time in seconds that a share server migration waits for a vserver to change its internal states. |
|
| port value | The TCP port to use for communication with the storage system or proxy server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for HTTPS. |
|
| string value | NetApp SnapMirror policy name template for Storage Virtual Machines (Vservers). |
|
| integer value | The maximum time in seconds to wait for existing snapmirror transfers to complete before aborting when promoting a replica. |
|
| integer value | The maximum time in seconds to wait for a snapmirror release when breaking snapmirror relationships. |
|
| string value | The path to a CA_BUNDLE file or directory with certificates of trusted CA. If set to a directory, it must have been processed using the c_rehash utility supplied with OpenSSL. If not informed, it will use the Mozilla’s carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates. |
|
| integer value | The maximum time in seconds to wait for the completion of a volume clone split operation in order to start a volume move. |
|
| string value | The storage family type used on the storage system; valid values include ontap_cluster for using clustered Data ONTAP. |
|
| string value | The transport protocol used when communicating with the storage system or proxy server. Valid values are http or https. |
|
| integer value | The maximum time in seconds to wait for the completion of a volume move operation after the cutover was triggered. |
|
| string value | NetApp volume name template. |
|
| integer value | The percentage of share space set aside as reserve for snapshot usage; valid values range from 0 to 90. |
|
| string value | Name template to use for new Vserver. When using CIFS protocol make sure to not configure characters illegal in DNS hostnames. |
|
| string value | The full class name of the Networking API class to use. |
|
| string value | Name of the configuration group in the Manila conf file to look for network config options.If not set, the share backend’s config group will be used.If an option is not found within provided group, then DEFAULT group will be used for search of option. |
|
| boolean value | Whether to support IPv4 network resource, Default=True. |
|
| boolean value | Whether to support IPv6 network resource, Default=False. If this option is True, the value of network_plugin_ipv4_enabled will be ignored. |
|
| list value | A list of binding profiles to be used during port binding. This option can be used with the NeutronBindNetworkPlugin. The value for this option has to be a comma separated list of names that correspond to each binding profile. Each binding profile needs to be specified as an individual configuration section using the binding profile name as the section name. |
|
| string value | Host ID to be used when creating neutron port. If not set host is set to manila-share host by default. |
|
| string value | Default Neutron network that will be used for share server creation. This opt is used only with class NeutronSingleNetworkPlugin. |
|
| string value | The name of the physical network to determine which net segment is used. This opt is optional and will only be used for networks configured with multiple segments. |
|
| string value | Port ID on the given switch. |
|
| string value | Default Neutron subnet that will be used for share server creation. Should be assigned to network defined in opt neutron_net_id. This opt is used only with class NeutronSingleNetworkPlugin. |
|
| string value | Switch ID for binding profile. |
|
| dict value | Switch label. For example: switch_ip: 10.4.30.5. Multiple key-value pairs separated by commas are accepted. |
|
| string value | vNIC type used for binding. |
|
| string value | Compression value for new ZFS folders. |
|
| string value | Deduplication value for new ZFS folders. Only used by NexentaStor4 driver. |
|
| integer value | Specifies a suggested block size in for files in a file system. (bytes) |
|
| string value | Parent folder on NexentaStor. |
|
| string value | Base directory that contains NFS share mount points. |
|
| host address value | Data IP address of Nexenta storage appliance. |
|
| boolean value | Defines whether share over NFS is enabled. |
|
| string value | Parent filesystem where all the shares will be created. This parameter is only used by NexentaStor4 driver. |
|
| string value | Password to connect to Nexenta SA. |
|
| string value | Pool name on NexentaStor. |
|
| list value | One or more comma delimited IP addresses for management communication with NexentaStor appliance. |
|
| floating point value | Specifies the backoff factor to apply between connection attempts to NexentaStor management REST API server |
|
| floating point value | Specifies the time limit (in seconds), within which the connection to NexentaStor management REST API server must be established |
|
| integer value | Port to connect to Nexenta REST API server. |
|
| string value | Use http or https for REST connection (default auto). |
|
| floating point value | Specifies the time limit (in seconds), within which NexentaStor management REST API server must send a response |
|
| integer value | Specifies the number of times to repeat NexentaStor management REST API call in case of connection errors and NexentaStor appliance EBUSY or ENOENT errors |
|
| string value | Nexenta share name prefix. |
|
| boolean value | Defines whether the driver should check ssl cert. |
|
| boolean value | If True shares will not be space guaranteed and overprovisioning will be enabled. |
|
| boolean value | Use HTTP secure protocol for NexentaStor management REST API connections |
|
| string value | User name to connect to Nexenta SA. |
|
| string value | Volume name on NexentaStor. |
|
| integer value | Number of times to attempt to run flakey shell commands. |
|
| integer value | The maximum number of items returned in a single response from a collection resource. |
|
| string value | Base URL to be presented to users in links to the Share API |
|
| list value | Specify list of extensions to load when using osapi_share_extension option with manila.api.contrib.select_extensions. |
|
| list value | The osapi share extensions to load. |
|
| host address value | IP address for OpenStack Share API to listen on. |
|
| port value | Port for OpenStack Share API to listen on. |
|
| boolean value | Wraps the socket in a SSL context if True is set. A certificate file and key file must be specified. |
|
| integer value | Number of workers for OpenStack Share API service. |
|
| string value | Name of Open vSwitch bridge to use. |
|
| string value | Path to host’s private key. |
|
| string value | Path to hosts public key. Only used if driver_handles_share_servers=True. |
|
| integer value | Range of seconds to randomly delay when starting the periodic task scheduler to reduce stampeding. (Disable by setting to 0) |
|
| floating point value | Interval in seconds between execution of periodic hooks. Used when option enable_periodic_hooks is set to True. Default is 300. |
|
| integer value | Seconds between running periodic tasks. |
|
| floating point value | Multiplier used for weighing pools which have existing share servers. Negative numbers mean to spread vs stack. |
|
| list value | Comma separated list of ports that can be used for share server interfaces. Members of the list can be Unix-style glob expressions. |
|
| string value | Data mover to host the NAS server. |
|
| list value | Comma separated list of pools that can be used to persist share data. |
|
| dict value | Protocol access mapping for this backend. Should be a dictionary comprised of {access_type1: [share_proto1, share_proto2], access_type2: [share_proto2, share_proto3]}. |
|
| boolean value | Enables or disables publication of error events. |
|
| string value | The URL to manage QNAP Storage. |
|
| string value | Username for QNAP storage. |
|
| string value | Password for QNAP storage. |
|
| string value | Pool within which QNAP shares must be created. |
|
| host address value | NAS share IP for mounting shares. |
|
| string value | The X.509 CA file to verify the server cert. |
|
| string value | Password for Quobyte API server |
|
| string value | URL of the Quobyte API server (http or https) |
|
| string value | Username for Quobyte API server. |
|
| string value | Default owning group for new volumes. |
|
| string value | Default owning user for new volumes. |
|
| boolean value | Actually deletes shares (vs. unexport) |
|
| string value | Export path for shares of this bacckend. This needs to match the quobyte-nfs services "Pseudo" option. |
|
| string value | Name of volume configuration used for new shares. |
|
| string value | Default driver to use for quota checks. |
|
| integer value | Number of share gigabytes allowed per project. |
|
| integer value | Max size allowed per share, in gigabytes. |
|
| integer value | Number of replica gigabytes allowed per project. |
|
| integer value | Number of share group snapshots allowed. |
|
| integer value | Number of share groups allowed. |
|
| integer value | Number of share-networks allowed per project. |
|
| integer value | Number of share-replicas allowed per project. |
|
| integer value | Number of shares allowed per project. |
|
| integer value | Number of snapshot gigabytes allowed per project. |
|
| integer value | Number of share snapshots allowed per project. |
|
| integer value | Maximum number of logged messages per rate_limit_interval. |
|
| string value | Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or empty string. Logs with level greater or equal to rate_limit_except_level are not filtered. An empty string means that all levels are filtered. |
|
| integer value | Interval, number of seconds, of log rate limiting. |
|
| integer value | This value, specified in seconds, determines how often the share manager will poll for the health (replica_state) of each replica instance. |
|
| string value | A string specifying the replication domain that the backend belongs to. This option needs to be specified the same in the configuration sections of all backends that support replication between each other. If this option is not specified in the group, it means that replication is not enabled on the backend. |
|
| integer value | Seconds between nodes reporting state to datastore. |
|
| integer value | Number of seconds until a reservation expires. |
|
| integer value | The percentage of backend capacity reserved. |
|
| string value | Path to the rootwrap configuration file to use for running commands as root. |
|
| integer value | Size of RPC connection pool. |
|
| boolean value | Add an endpoint to answer to ping calls. Endpoint is named oslo_rpc_server_ping |
|
| integer value | Seconds to wait for a response from a call. |
|
| boolean value | Some periodic tasks can be run in a separate process. Should we run them here? |
|
| list value | Which filter class names to use for filtering hosts when not specified in the request. |
|
| list value | Which filter class names to use for filtering hosts creating share group when not specified in the request. |
|
| list value | Which weigher class names to use for weighing hosts. |
|
| string value | Default scheduler driver to use. |
|
| string value | The scheduler host manager class to use. |
| `scheduler_json_config_location = ` | string value | Absolute path to scheduler configuration JSON file. |
|
| string value | Full class name for the scheduler manager. |
|
| integer value | Maximum number of attempts to schedule a share. |
|
| string value | The topic scheduler nodes listen on. |
|
| integer value | This value, specified in seconds, determines how often the share manager will poll the driver to perform the next step of migration in the storage backend, for a migrating share server. |
|
| integer value | Maximum time since last check-in for up service. |
|
| string value | Name of image in Glance, that will be used for service instance creation. Only used if driver_handles_share_servers=True. |
|
| string value | ID of flavor, that will be used for service instance creation. Only used if driver_handles_share_servers=True. |
|
| string value | Name or ID of service instance in Nova to use for share exports. Used only when share servers handling is disabled. |
|
| string value | Name of service instance. Only used if driver_handles_share_servers=True. |
|
| string value | Password for service instance user. |
|
| string value | Security group name, that will be used for service instance creation. Only used if driver_handles_share_servers=True. |
|
| string value | Path to SMB config in service instance. |
|
| string value | User in service instance that will be used for authentication. |
|
| host address value | Can be either name of network that is used by service instance within Nova to get IP address or IP address itself (either IPv4 or IPv6) for managing shares there. Used only when share servers handling is disabled. |
|
| string value | CIDR of manila service network. Used only with Neutron and if driver_handles_share_servers=True. |
|
| integer value | This mask is used for dividing service network into subnets, IP capacity of subnet with this mask directly defines possible amount of created service VMs per tenant’s subnet. Used only with Neutron and if driver_handles_share_servers=True. |
|
| string value | Name of manila service network. Used only with Neutron. Only used if driver_handles_share_servers=True. |
|
| string value | The full class name of the share API class to use. |
|
| string value | The backend name for a given driver implementation. |
|
| string value | Driver to use for share creation. |
|
| list value | Specify list of share export helpers. |
|
| string value | Full class name for the share manager. |
|
| string value | Parent path in service instance where shares will be mounted. |
|
| string value | The template for mounting shares for this backend. Must specify the executable with all necessary parameters for the protocol supported. proto template element may not be required if included in the command. export and path template elements are required. It is advisable to separate different commands per backend. |
|
| string value | Template string to be used to generate share names. |
|
| boolean value | Offload pending share ensure during share service startup |
|
| string value | Template string to be used to generate share snapshot names. |
|
| string value | The topic share nodes listen on. |
|
| string value | The template for unmounting shares for this backend. Must specify the executable with all necessary parameters for the protocol supported. path template element is required. It is advisable to separate different commands per backend. |
|
| string value | Time period to generate share usages for. Time period must be hour, day, month or year. |
|
| integer value | This value, specified in seconds, determines how often the share manager will poll the driver to update the share usage size in the storage backend, for shares in that backend. |
|
| string value | Filesystem type of the share volume. |
|
| string value | Path to smb config. |
|
| integer value | Backend server SSH connection timeout. |
|
| integer value | Maximum number of connections in the SSH pool. |
|
| integer value | Minimum number of connections in the SSH pool. |
|
| list value | Can be IP address, range of IP addresses or list of addresses or ranges. Contains addresses from IP network that are allowed to be used. If empty, then will be assumed that all host addresses from network can be used. Optional. Examples: 10.0.0.10 or 10.0.0.10-10.0.0.20 or 10.0.0.10-10.0.0.20,10.0.0.30-10.0.0.40,10.0.0.50 |
|
| string value | Gateway address that should be used. Required. |
|
| string value | Network mask that will be used. Can be either decimal like 24 or binary like 255.255.255.0. Required. |
|
| integer value | Maximum Transmission Unit (MTU) value of the network. Default value is 1500. |
|
| string value | Network type, such as flat, vlan, vxlan or gre. Empty value is alias for flat. It will be assigned to share-network and share drivers will be able to use this for network interfaces within provisioned share servers. Optional. |
|
| integer value | Set it if network has segmentation (VLAN, VXLAN, etc…). It will be assigned to share-network and share drivers will be able to use this for network interfaces within provisioned share servers. Optional. Example: 1001 |
|
| string value | Top-level directory for maintaining manila’s state. |
|
| string value | Availability zone of this node. |
|
| boolean value | Whether to suppress post hook errors (allow driver’s results to pass through) or not. |
|
| boolean value | Whether to suppress pre hook errors (allow driver perform actions) or not. |
|
| string value | Syslog facility to receive log lines. This option is ignored if log_config_append is set. |
|
| boolean value | Sets the value of TCP_KEEPALIVE (True/False) for each server socket. |
|
| integer value | Sets the value of TCP_KEEPCNT for each server socket. Not supported on OS X. |
|
| integer value | Sets the value of TCP_KEEPINTVL in seconds for each server socket. Not supported on OS X. |
|
| integer value | Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not supported on OS X. |
|
| string value | Create shares in this project |
|
| string value | User name for the Tegile NAS server. |
|
| string value | Password for the Tegile NAS server. |
|
| host address value | Tegile NAS server hostname or IP address. |
|
| host address value | Can be either name of network that is used by service instance within Nova to get IP address or IP address itself (either IPv4 or IPv6) for exporting shares. Used only when share servers handling is disabled. |
|
| string value | The network address and optional user credentials for connecting to the messaging backend, in URL format. The expected format is: driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query Example: rabbit://rabbitmq:password@127.0.0.1:5672// For full details on the fields in the URL see the documentation of oslo_messaging.TransportURL at https://docs.openstack.org/oslo.messaging/latest/reference/transport.html |
|
| boolean value | If set to True, then manila will deny access and remove all access rules on share unmanage.If set to False - nothing will be changed. |
|
| integer value | Count of reservations until usage is refreshed. |
|
| integer value | Unallocated share servers reclamation time interval (minutes). Minimum value is 10 minutes, maximum is 60 minutes. The reclamation function is run every 10 minutes and delete share servers which were unused more than unused_share_server_cleanup_interval option defines. This value reflects the shortest time Manila will wait for a share server to go unutilized before deleting it. |
|
| boolean value | Enable journald for logging. If running in a systemd environment you may wish to enable journal support. Doing so will use the journal native protocol which includes structured metadata in addition to log messages.This option is ignored if log_config_append is set. |
|
| boolean value | Use JSON formatting for logging. This option is ignored if log_config_append is set. |
|
| boolean value | Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set. |
|
| boolean value | Log output to Windows Event Log. |
|
| boolean value | Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy. |
|
| boolean value | If set to False, then share creation from snapshot will be performed on the same host. If set to True, then scheduler will be used.When enabling this option make sure that filter CreateFromSnapshotFilter is enabled and to have hosts reporting replication_domain option. |
|
| boolean value | Log output to standard error. This option is ignored if log_config_append is set. |
|
| host address value | Hostname or IP address VAST storage system management VIP. |
|
| string value | Password for VAST management |
|
| port value | Port for VAST management |
|
| string value | Username for VAST management |
|
| string value | Base path for shares |
|
| string value | Name of Virtual IP pool |
|
| string value | The full class name of the Volume API class to use. |
|
| string value | Volume name template. |
|
| string value | Volume snapshot name template. |
|
| boolean value | Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set. |
|
| string value | Path to the x509 certificate key. |
|
| string value | Path to the x509 certificate used for accessing the service instance. |
|
| integer value | WinRM connection timeout. |
|
| integer value | WinRM operation timeout. |
|
| integer value | WinRM retry count. |
|
| integer value | WinRM retry interval in seconds |
|
| boolean value | Use x509 certificates in order to authenticate to the service instance. |
|
| integer value | Size of the pool of greenthreads used by wsgi |
|
| boolean value | If False, closes the client socket connection explicitly. |
|
| string value | A python format string that is used as the template to generate log lines. The following values can beformatted into it: client_ip, date_time, request_line, status_code, body_length, wall_seconds. |
|
| boolean value | True if the server should send exception tracebacks to the clients on 500 errors. If False, the server will respond with empty bodies. |
|
| list value | Define here list of options that should be applied for each dataset creation if needed. Example: compression=gzip,dedup=off. Note that, for secondary replicas option readonly will be set to on and for active replicas to off in any way. Also, quota will be equal to share size. Optional. |
|
| string value | Prefix to be used in each dataset name. Optional. |
|
| string value | Prefix to be used in each dataset snapshot name. Optional. |
|
| string value | Set snapshot prefix for usage in ZFS migration. Required. |
|
| string value | Set snapshot prefix for usage in ZFS replication. Required. |
|
| host address value | IP to be added to admin-facing export location. Required. |
|
| host address value | IP to be added to user-facing export location. Required. |
|
| list value | Specify list of share export helpers for ZFS storage. It should look like following: FOO_protocol=foo.FooClass,BAR_protocol=bar.BarClass. Required. |
|
| string value | Path to SSH private key that should be used for SSH’ing ZFS storage host. Not used for replication operations. Optional. |
|
| string value | Password for user that is used for SSH’ing ZFS storage host. Not used for replication operations. They require passwordless SSH access. Optional. |
|
| string value | SSH user that will be used in 2 cases: 1) By manila-share service in case it is located on different host than its ZFS storage. 2) By manila-share services with other ZFS backends that perform replication. It is expected that SSH’ing will be key-based, passwordless. This user should be passwordless sudoer. Optional. |
|
| boolean value | Remote ZFS storage hostname that should be used for SSH’ing. Optional. |
|
| list value | Specify list of zpools that are allowed to be used by backend. Can contain nested datasets. Examples: Without nested dataset: zpool_name. With nested dataset: zpool_name/nested_dataset_name. Required. |
|
| string value | ZFSSA management authorized user’s password. |
|
| string value | ZFSSA management authorized username. |
|
| host address value | IP address for data. |
|
| host address value | ZFSSA management IP address. |
|
| string value | Driver policy for share manage. A strict policy checks for a schema named manila_managed, and makes sure its value is true. A loose policy does not check for the schema. |
|
| string value | Controls checksum used for data blocks. |
|
| string value | Data compression-off, lzjb, gzip-2, gzip, gzip-9. |
|
| string value | Controls behavior when servicing synchronous writes. |
| `zfssa_nas_mountpoint = ` | string value | Location of project in ZFS/SA. |
|
| string value | Controls whether a share quota includes snapshot. |
|
| string value | Controls whether file ownership can be changed. |
|
| string value | Controls whether the share is scanned for viruses. |
|
| string value | ZFSSA storage pool name. |
|
| string value | ZFSSA project name. |
|
| string value | REST connection timeout (in seconds). |
10.1.2. cinder
The following table outlines the options available under the [cinder] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| string value | Authentication URL |
|
| string value | Authentication type to load |
|
| string value | PEM encoded Certificate Authority to use when verifying HTTPs connections. |
|
| string value | PEM encoded client certificate cert file |
|
| boolean value | Collect per-API call timing information. |
|
| boolean value | Allow attaching between instances and volumes in different availability zones. |
|
| string value | Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication. |
|
| string value | Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication. |
|
| string value | Domain ID to scope to |
|
| string value | Domain name to scope to |
|
| string value | Endpoint type to be used with cinder client calls. |
|
| integer value | Number of cinderclient retries on failed HTTP calls. |
|
| boolean value | Verify HTTPS connections. |
|
| string value | PEM encoded client certificate key file |
|
| string value | User’s password |
|
| string value | Domain ID containing project |
|
| string value | Domain name containing project |
|
| string value | Project ID to scope to |
|
| string value | Project name to scope to |
|
| string value | Region name for connecting to cinder. |
|
| boolean value | Log requests to multiple loggers. |
|
| string value | Scope for system operations |
|
| integer value | Timeout value for http requests |
|
| string value | Trust ID |
|
| string value | User’s domain id |
|
| string value | User’s domain name |
|
| string value | User id |
|
| string value | Username |
10.1.3. cors
The following table outlines the options available under the [cors] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| boolean value | Indicate that the actual request can include user credentials |
|
| list value | Indicate which header field names may be used during the actual request. |
|
| list value | Indicate which methods can be used during the actual request. |
|
| list value | Indicate whether this resource may be shared with the domain received in the requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing slash. Example: https://horizon.example.com |
|
| list value | Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers. |
|
| integer value | Maximum cache age of CORS preflight requests. |
10.1.4. database
The following table outlines the options available under the [database] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| string value | The back end to use for the database. |
|
| string value | The SQLAlchemy connection string to use to connect to the database. |
|
| integer value | Verbosity of SQL debugging information: 0=None, 100=Everything. |
| `connection_parameters = ` | string value | Optional URL parameters to append onto the connection URL at connect time; specify as param1=value1¶m2=value2&… |
|
| integer value | Connections which have been present in the connection pool longer than this number of seconds will be replaced with a new one the next time they are checked out from the pool. |
|
| boolean value | Add Python stack traces to SQL as comment strings. |
|
| boolean value | If True, increases the interval between retries of a database operation up to db_max_retry_interval. |
|
| integer value | Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count. |
|
| integer value | If db_inc_retry_interval is set, the maximum seconds between retries of a database operation. |
|
| integer value | Seconds between retries of a database transaction. |
|
| integer value | If set, use this value for max_overflow with SQLAlchemy. |
|
| integer value | Maximum number of SQL connections to keep open in a pool. Setting a value of 0 indicates no limit. |
|
| integer value | Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count. |
|
| boolean value | If True, transparently enables support for handling MySQL Cluster (NDB). |
|
| string value | The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode= |
|
| integer value | If set, use this value for pool_timeout with SQLAlchemy. |
|
| integer value | Interval between retries of opening a SQL connection. |
|
| string value | The SQLAlchemy connection string to use to connect to the slave database. |
|
| boolean value | If True, SQLite uses synchronous mode. |
|
| boolean value | Enable the experimental use of database reconnect on connection lost. |
|
| boolean value | Enable the experimental use of thread pooling for all DB API calls |
10.1.5. glance
The following table outlines the options available under the [glance] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| string value | Version of Glance API to be used. |
|
| string value | Authentication URL |
|
| string value | Authentication type to load |
|
| string value | PEM encoded Certificate Authority to use when verifying HTTPs connections. |
|
| string value | PEM encoded client certificate cert file |
|
| boolean value | Collect per-API call timing information. |
|
| string value | Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication. |
|
| string value | Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication. |
|
| string value | Domain ID to scope to |
|
| string value | Domain name to scope to |
|
| string value | Endpoint type to be used with glance client calls. |
|
| boolean value | Verify HTTPS connections. |
|
| string value | PEM encoded client certificate key file |
|
| string value | User’s password |
|
| string value | Domain ID containing project |
|
| string value | Domain name containing project |
|
| string value | Project ID to scope to |
|
| string value | Project name to scope to |
|
| string value | Region name for connecting to glance. |
|
| boolean value | Log requests to multiple loggers. |
|
| string value | Scope for system operations |
|
| integer value | Timeout value for http requests |
|
| string value | Trust ID |
|
| string value | User’s domain id |
|
| string value | User’s domain name |
|
| string value | User id |
|
| string value | Username |
10.1.6. healthcheck
The following table outlines the options available under the [healthcheck] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| list value | Additional backends that can perform health checks and report that information back as part of a request. |
|
| boolean value | Show more detailed information as part of the response. Security note: Enabling this option may expose sensitive details about the service being monitored. Be sure to verify that it will not violate your security policies. |
|
| string value | Check the presence of a file to determine if an application is running on a port. Used by DisableByFileHealthcheck plugin. |
|
| list value | Check the presence of a file based on a port to determine if an application is running on a port. Expects a "port:path" list of strings. Used by DisableByFilesPortsHealthcheck plugin. |
|
| string value | The path to respond to healtcheck requests on. |
10.1.7. keystone_authtoken
The following table outlines the options available under the [keystone_authtoken] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| string value | Config Section from which to load plugin specific options |
|
| string value | Authentication type to load |
|
| string value | Complete "public" Identity API endpoint. This endpoint should not be an "admin" endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint. This option is deprecated in favor of www_authenticate_uri and will be removed in the S release. Deprecated since: Queens *Reason:*The auth_uri option is deprecated in favor of www_authenticate_uri and will be removed in the S release. |
|
| string value | API version of the Identity API endpoint. |
|
| string value |
Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option to have the middleware share a caching backend with swift. Otherwise, use the |
|
| string value | A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs. |
|
| string value | Required if identity server requires client certificate |
|
| boolean value | Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components. |
|
| string value | Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens. |
|
| integer value | Request timeout value for communicating with Identity API server. |
|
| integer value | How many times are we trying to reconnect when communicating with Identity API Server. |
|
| boolean value | (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header. |
|
| boolean value | Verify HTTPS connections. |
|
| string value | Interface to use for the Identity API endpoint. Valid values are "public", "internal" (default) or "admin". |
|
| string value | Required if identity server requires client certificate |
|
| integer value | (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool. |
|
| integer value | (Optional) Number of seconds memcached server is considered dead before it is tried again. |
|
| integer value | (Optional) Maximum total number of open connections to every memcached server. |
|
| integer value | (Optional) Socket timeout in seconds for communicating with a memcached server. |
|
| integer value | (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed. |
|
| string value | (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation. |
|
| string value | (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization. |
|
| boolean value | (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x. |
|
| list value | Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process. |
|
| string value | The region in which the identity server can be found. |
|
| list value | A choice of roles that must be present in a service token. Service tokens are allowed to request that an expired token can be used and so this check should tightly control that only actual services should be sending this token. Roles here are applied as an ANY check so any role in this list must be present. For backwards compatibility reasons this currently only affects the allow_expired check. |
|
| boolean value | For backwards compatibility reasons we must let valid service tokens pass that don’t pass the service_token_roles check as valid. Setting this true will become the default in a future release and should be enabled if possible. |
|
| string value | The name or type of the service as it appears in the service catalog. This is used to validate tokens that have restricted access rules. |
|
| integer value | In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely. |
|
| string value | Complete "public" Identity API endpoint. This endpoint should not be an "admin" endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you’re using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint. |
10.1.8. neutron
The following table outlines the options available under the [neutron] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| string value | Authentication URL |
|
| string value | Auth strategy for connecting to neutron in admin context. |
|
| string value | Authentication type to load |
|
| string value | PEM encoded Certificate Authority to use when verifying HTTPs connections. |
|
| string value | PEM encoded client certificate cert file |
|
| boolean value | Collect per-API call timing information. |
|
| string value | Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication. |
|
| string value | Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication. |
|
| string value | Domain ID to scope to |
|
| string value | Domain name to scope to |
|
| string value | Endpoint type to be used with neutron client calls. |
|
| boolean value | Verify HTTPS connections. |
|
| string value | PEM encoded client certificate key file |
|
| string value | User’s password |
|
| string value | Domain ID containing project |
|
| string value | Domain name containing project |
|
| string value | Project ID to scope to |
|
| string value | Project name to scope to |
|
| string value | Region name for connecting to neutron in admin context. |
|
| boolean value | Log requests to multiple loggers. |
|
| string value | Scope for system operations |
|
| integer value | Timeout value for http requests |
|
| string value | Trust ID |
|
| string value | URL for connecting to neutron. |
|
| integer value | Timeout value for connecting to neutron in seconds. |
|
| string value | User’s domain id |
|
| string value | User’s domain name |
|
| string value | User id |
|
| string value | Username |
10.1.9. nova
The following table outlines the options available under the [nova] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| string value | Version of Nova API to be used. |
|
| string value | Authentication URL |
|
| string value | Authentication type to load |
|
| string value | PEM encoded Certificate Authority to use when verifying HTTPs connections. |
|
| string value | PEM encoded client certificate cert file |
|
| boolean value | Collect per-API call timing information. |
|
| string value | Optional domain ID to use with v3 and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication. |
|
| string value | Optional domain name to use with v3 API and v2 parameters. It will be used for both the user and project domain in v3 and ignored in v2 authentication. |
|
| string value | Domain ID to scope to |
|
| string value | Domain name to scope to |
|
| string value | Endpoint type to be used with nova client calls. |
|
| boolean value | Verify HTTPS connections. |
|
| string value | PEM encoded client certificate key file |
|
| string value | User’s password |
|
| string value | Domain ID containing project |
|
| string value | Domain name containing project |
|
| string value | Project ID to scope to |
|
| string value | Project name to scope to |
|
| string value | Region name for connecting to nova. |
|
| boolean value | Log requests to multiple loggers. |
|
| string value | Scope for system operations |
|
| integer value | Timeout value for http requests |
|
| string value | Trust ID |
|
| string value | User’s domain id |
|
| string value | User’s domain name |
|
| string value | User id |
|
| string value | Username |
10.1.10. oslo_concurrency
The following table outlines the options available under the [oslo_concurrency] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| boolean value | Enables or disables inter-process locks. |
|
| string value | Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set. |
10.1.11. oslo_messaging_amqp
The following table outlines the options available under the [oslo_messaging_amqp] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| string value | Indicates the addressing mode used by the driver. Permitted values: legacy - use legacy non-routable addressing routable - use routable addresses dynamic - use legacy addresses if the message bus does not support routing otherwise use routable addressing |
|
| string value | Appended to the address prefix when sending to a group of consumers. Used by the message bus to identify messages that should be delivered in a round-robin fashion across consumers. |
|
| string value | address prefix used when broadcasting to all servers |
|
| integer value | Increase the connection_retry_interval by this many seconds after each unsuccessful failover attempt. |
|
| integer value | Seconds to pause before attempting to re-connect. |
|
| integer value | Maximum limit for connection_retry_interval + connection_retry_backoff |
|
| string value | Name for the AMQP container. must be globally unique. Defaults to a generated UUID |
|
| string value | Exchange name used in notification addresses. Exchange name resolution precedence: Target.exchange if set else default_notification_exchange if set else control_exchange if set else notify |
|
| integer value | The deadline for a sent notification message delivery. Only used when caller does not provide a timeout expiry. |
|
| integer value | The maximum number of attempts to re-send a reply message which failed due to a recoverable error. |
|
| integer value | The deadline for an rpc reply message delivery. |
|
| string value | Exchange name used in RPC addresses. Exchange name resolution precedence: Target.exchange if set else default_rpc_exchange if set else control_exchange if set else rpc |
|
| integer value | The deadline for an rpc cast or call message delivery. Only used when caller does not provide a timeout expiry. |
|
| integer value | The duration to schedule a purge of idle sender links. Detach link after expiry. |
|
| string value | address prefix when sending to any server in group |
|
| integer value | Timeout for inactive connections (in seconds) |
|
| integer value | Time to pause between re-connecting an AMQP 1.0 link that failed due to a recoverable error. |
|
| string value | Appended to the address prefix when sending a fanout message. Used by the message bus to identify fanout messages. |
|
| string value | Address prefix for all generated Notification addresses |
|
| integer value | Window size for incoming Notification messages |
|
| multi valued | Send messages of this type pre-settled. Pre-settled messages will not receive acknowledgement from the peer. Note well: pre-settled messages may be silently discarded if the delivery fails. Permitted values: rpc-call - send RPC Calls pre-settled rpc-reply- send RPC Replies pre-settled rpc-cast - Send RPC Casts pre-settled notify - Send Notifications pre-settled |
|
| boolean value | Enable virtual host support for those message buses that do not natively support virtual hosting (such as qpidd). When set to true the virtual host name will be added to all message bus addresses, effectively creating a private subnet per virtual host. Set to False if the message bus supports virtual hosting using the hostname field in the AMQP 1.0 Open performative as the name of the virtual host. |
|
| integer value | Window size for incoming RPC Reply messages. |
|
| string value | Address prefix for all generated RPC addresses |
|
| integer value | Window size for incoming RPC Request messages |
| `sasl_config_dir = ` | string value | Path to directory that contains the SASL configuration |
| `sasl_config_name = ` | string value | Name of configuration file (without .conf suffix) |
| `sasl_default_realm = ` | string value | SASL realm to use if no realm present in username |
| `sasl_mechanisms = ` | string value | Space separated list of acceptable SASL mechanisms |
|
| string value | address prefix used when sending to a specific server |
|
| boolean value | Attempt to connect via SSL. If no other ssl-related parameters are given, it will use the system’s CA-bundle to verify the server’s certificate. |
| `ssl_ca_file = ` | string value | CA certificate PEM file used to verify the server’s certificate |
| `ssl_cert_file = ` | string value | Self-identifying certificate PEM file for client authentication |
| `ssl_key_file = ` | string value | Private key PEM file used to sign ssl_cert_file certificate (optional) |
|
| string value | Password for decrypting ssl_key_file (if encrypted) |
|
| boolean value | By default SSL checks that the name in the server’s certificate matches the hostname in the transport_url. In some configurations it may be preferable to use the virtual hostname instead, for example if the server uses the Server Name Indication TLS extension (rfc6066) to provide a certificate per virtual host. Set ssl_verify_vhost to True if the server’s SSL certificate uses the virtual host name instead of the DNS name. |
|
| boolean value | Debug: dump AMQP frames to stdout |
|
| string value | Appended to the address prefix when sending to a particular RPC/Notification server. Used by the message bus to identify messages sent to a single destination. |
10.1.12. oslo_messaging_kafka
The following table outlines the options available under the [oslo_messaging_kafka] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| string value | The compression codec for all data generated by the producer. If not set, compression will not be used. Note that the allowed values of this depend on the kafka version |
|
| integer value | The pool size limit for connections expiration policy |
|
| integer value | The time-to-live in sec of idle connections in the pool |
|
| string value | Group id for Kafka consumer. Consumers in one group will coordinate message consumption |
|
| boolean value | Enable asynchronous consumer commits |
|
| floating point value | Default timeout(s) for Kafka consumers |
|
| integer value | Max fetch bytes of Kafka consumer |
|
| integer value | The maximum number of records returned in a poll call |
|
| integer value | Pool Size for Kafka Consumers |
|
| integer value | Size of batch for the producer async send |
|
| floating point value | Upper bound on the delay for KafkaProducer batching in seconds |
|
| string value | Mechanism when security protocol is SASL |
|
| string value | Protocol used to communicate with brokers |
| `ssl_cafile = ` | string value | CA certificate PEM file used to verify the server certificate |
| `ssl_client_cert_file = ` | string value | Client certificate PEM file used for authentication. |
| `ssl_client_key_file = ` | string value | Client key PEM file used for authentication. |
| `ssl_client_key_password = ` | string value | Client key password file used for authentication. |
10.1.13. oslo_messaging_notifications
The following table outlines the options available under the [oslo_messaging_notifications] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| multi valued | The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop |
|
| integer value | The maximum number of attempts to re-send a notification message which failed to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite |
|
| list value | AMQP topic used for OpenStack notifications. |
|
| string value | A URL representing the messaging driver to use for notifications. If not set, we fall back to the same configuration used for RPC. |
10.1.14. oslo_messaging_rabbit
The following table outlines the options available under the [oslo_messaging_rabbit] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| boolean value | Auto-delete queues in AMQP. |
|
| boolean value | Use durable queues in AMQP. |
|
| boolean value | (DEPRECATED) Enable/Disable the RabbitMQ mandatory flag for direct send. The direct send is used as reply, so the MessageUndeliverable exception is raised in case the client queue does not exist.MessageUndeliverable exception will be used to loop for a timeout to lets a chance to sender to recover.This flag is deprecated and it will not be possible to deactivate this functionality anymore |
|
| boolean value | Enable x-cancel-on-ha-failover flag so that rabbitmq server will cancel and notify consumerswhen queue is down |
|
| boolean value | Run the health check heartbeat thread through a native python thread by default. If this option is equal to False then the health check heartbeat will inherit the execution model from the parent process. For example if the parent process has monkey patched the stdlib by using eventlet/greenlet then the heartbeat will be run through a green thread. This option should be set to True only for the wsgi services. |
|
| integer value | How often times during the heartbeat_timeout_threshold we check the heartbeat. |
|
| integer value | Number of seconds after which the Rabbit broker is considered down if heartbeat’s keep-alive fails (0 disables heartbeat). |
|
| string value | EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not be used. This option may not be available in future versions. |
|
| string value | Determines how the next RabbitMQ node is chosen in case the one we are currently connected to becomes unavailable. Takes effect only if more than one RabbitMQ node is provided in config. |
|
| integer value | How long to wait a missing client before abandoning to send it its replies. This value should not be longer than rpc_response_timeout. |
|
| floating point value | How long to wait before reconnecting in response to an AMQP consumer cancel notification. |
|
| boolean value | Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring is no longer controlled by the x-ha-policy argument when declaring a queue. If you just want to make sure that all queues (except those with auto-generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA ^(?!amq\.).* {"ha-mode": "all"} " |
|
| integer value | Maximum interval of RabbitMQ connection retries. Default is 30 seconds. |
|
| string value | The RabbitMQ login method. |
|
| integer value | Specifies the number of messages to prefetch. Setting to zero allows unlimited messages. |
|
| integer value | How long to backoff for between retries when connecting to RabbitMQ. |
|
| integer value | How frequently to retry connecting with RabbitMQ. |
|
| integer value | Positive integer representing duration in seconds for queue TTL (x-expires). Queues which are unused for the duration of the TTL are automatically deleted. The parameter affects only reply and fanout queues. |
|
| boolean value | Connect over SSL. |
| `ssl_ca_file = ` | string value | SSL certification authority file (valid only if SSL enabled). |
| `ssl_cert_file = ` | string value | SSL cert file (valid only if SSL enabled). |
| `ssl_key_file = ` | string value | SSL key file (valid only if SSL enabled). |
| `ssl_version = ` | string value | SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions. |
10.1.15. oslo_middleware
The following table outlines the options available under the [oslo_middleware] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| boolean value | Whether the application is behind a proxy or not. This determines if the middleware should parse the headers or not. |
|
| integer value | The maximum body size for each request, in bytes. |
|
| string value | The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by a SSL termination proxy. |
10.1.16. oslo_policy
The following table outlines the options available under the [oslo_policy] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| boolean value |
This option controls whether or not to use old deprecated defaults when evaluating policies. If |
|
| boolean value |
This option controls whether or not to enforce scope when evaluating policies. If |
|
| string value | Default rule. Enforced when a requested rule is not found. |
|
| multi valued | Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored. |
|
| string value | The relative or absolute path of a file that maps roles to permissions for a given service. Relative paths must be specified in relation to the configuration file setting this option. |
|
| string value | Content Type to send and receive data for REST based policy check |
|
| string value | Absolute path to ca cert file for REST based policy check |
|
| string value | Absolute path to client cert for REST based policy check |
|
| string value | Absolute path client key file REST based policy check |
|
| boolean value | server identity verification for REST based policy check |
10.1.17. oslo_reports
The following table outlines the options available under the [oslo_reports] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| string value | The path to a file to watch for changes to trigger the reports, instead of signals. Setting this option disables the signal trigger for the reports. If application is running as a WSGI application it is recommended to use this instead of signals. |
|
| integer value | How many seconds to wait between polls when file_event_handler is set |
|
| string value | Path to a log directory where to create a file |
10.1.18. ssl
The following table outlines the options available under the [ssl] group in the /etc/manila/manila.conf file.
| Configuration option = Default value | Type | Description |
|---|---|---|
|
| string value | CA certificate file to use to verify connecting clients. |
|
| string value | Certificate file to use when starting the server securely. |
|
| string value | Sets the list of available ciphers. value should be a string in the OpenSSL cipher list format. |
|
| string value | Private key file to use when starting the server securely. |
|
| string value | SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions. |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}