검색

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 1. Common Configurations

download PDF
This chapter describes the common configurations for shared service and libraries.

1.1. Common Configuration Options

1.1.1. Description of Configuration Options

The following tables provide a comprehensive list of the common configuration options.
Table 1.1. Description of AMQP configuration options
Configuration option = Default value
Description
[DEFAULT]
 
control_exchange = openstack
(String) The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
default_publisher_id = None
(String) Default publisher_id for outgoing notifications
transport_url = None
(String) A URL representing the messaging driver to use and its full configuration. If not set, we fall back to the rpc_backend option and driver specific configuration.
Table 1.2. Description of authorization token configuration options
Configuration option = Default value
Description
[keystone_authtoken]
 
admin_password = None
(String) Service user password.
admin_tenant_name = admin
(String) Service tenant name.
admin_token = None
(String) This option is deprecated and may be removed in a future release. Single shared secret with the Keystone configuration used for bootstrapping a Keystone installation, or otherwise bypassing the normal authentication process. This option should not be used, use admin_user and admin_password instead.
admin_user = None
(String) Service username.
auth_admin_prefix =
(String) Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
auth_host = 127.0.0.1
(String) Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
auth_port = 35357
(Integer) Port of the admin Identity API endpoint. Deprecated, use identity_uri.
auth_protocol = https
(String) Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
auth_section = None
(Unknown) Config Section from which to load plugin specific options
auth_type = None
(Unknown) Authentication type to load
auth_uri = None
(String) Complete "public" Identity API endpoint. This endpoint should not be an "admin" endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you're using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint.
auth_version = None
(String) API version of the admin Identity API endpoint.
cache = None
(String) Request environment key where the Swift cache object is stored. When auth_token middleware is deployed with a Swift cache, use this option to have the middleware share a caching backend with swift. Otherwise, use the memcached_servers option instead.
cafile = None
(String) A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
certfile = None
(String) Required if identity server requires client certificate
check_revocations_for_cached = False
(Boolean) If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
delay_auth_decision = False
(Boolean) Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
enforce_token_bind = permissive
(String) Used to control the use and type of token binding. Can be set to: "disabled" to not check token binding. "permissive" (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. "strict" like "permissive" but if the bind type is unknown the token will be rejected. "required" any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
hash_algorithms = md5
(List) Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
http_connect_timeout = None
(Integer) Request timeout value for communicating with Identity API server.
http_request_max_retries = 3
(Integer) How many times are we trying to reconnect when communicating with Identity API Server.
identity_uri = None
(String) Complete admin Identity API endpoint. This should specify the unversioned root endpoint e.g. https://localhost:35357/
include_service_catalog = True
(Boolean) (Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
insecure = False
(Boolean) Verify HTTPS connections.
keyfile = None
(String) Required if identity server requires client certificate
memcache_pool_conn_get_timeout = 10
(Integer) (Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
memcache_pool_dead_retry = 300
(Integer) (Optional) Number of seconds memcached server is considered dead before it is tried again.
memcache_pool_maxsize = 10
(Integer) (Optional) Maximum total number of open connections to every memcached server.
memcache_pool_socket_timeout = 3
(Integer) (Optional) Socket timeout in seconds for communicating with a memcached server.
memcache_pool_unused_timeout = 60
(Integer) (Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
memcache_secret_key = None
(String) (Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
memcache_security_strategy = None
(String) (Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
memcache_use_advanced_pool = False
(Boolean) (Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
memcached_servers = None
(List) Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
region_name = None
(String) The region in which the identity server can be found.
revocation_cache_time = 10
(Integer) Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance. Only valid for PKI tokens.
signing_dir = None
(String) Directory used to cache files related to PKI tokens.
token_cache_time = 300
(Integer) In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
Table 1.3. Description of authentication configuration options
Configuration option = Default value
Description
[DEFAULT]
 
auth_strategy = keystone
(String) This determines the strategy to use for authentication: keystone or noauth2. 'noauth2' is designed for testing only, as it does no actual credential checking. 'noauth2' provides administrative credentials only if 'admin' is specified as the username.
Table 1.4. Description of database configuration options
Configuration option = Default value
Description
[DEFAULT]
 
db_driver = SERVICE.db
(String) DEPRECATED: The driver to use for database access
[database]
 
backend = sqlalchemy
(String) The back end to use for the database.
connection = None
(String) The SQLAlchemy connection string to use to connect to the database.
connection_debug = 0
(Integer) Verbosity of SQL debugging information: 0=None, 100=Everything.
connection_trace = False
(Boolean) Add Python stack traces to SQL as comment strings.
db_inc_retry_interval = True
(Boolean) If True, increases the interval between retries of a database operation up to db_max_retry_interval.
db_max_retries = 20
(Integer) Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.
db_max_retry_interval = 10
(Integer) If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.
db_retry_interval = 1
(Integer) Seconds between retries of a database transaction.
idle_timeout = 3600
(Integer) Timeout before idle SQL connections are reaped.
max_overflow = 50
(Integer) If set, use this value for max_overflow with SQLAlchemy.
max_pool_size = None
(Integer) Maximum number of SQL connections to keep open in a pool.
max_retries = 10
(Integer) Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
min_pool_size = 1
(Integer) Minimum number of SQL connections to keep open in a pool.
mysql_sql_mode = TRADITIONAL
(String) The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
pool_timeout = None
(Integer) If set, use this value for pool_timeout with SQLAlchemy.
retry_interval = 10
(Integer) Interval between retries of opening a SQL connection.
slave_connection = None
(String) The SQLAlchemy connection string to use to connect to the slave database.
sqlite_db = oslo.sqlite
(String) The file name to use with SQLite.
sqlite_synchronous = True
(Boolean) If True, SQLite uses synchronous mode.
use_db_reconnect = False
(Boolean) Enable the experimental use of database reconnect on connection lost.
use_tpool = False
(Boolean) Enable the experimental use of thread pooling for all DB API calls
Table 1.5. Description of common logging configuration options
Configuration option = Default value
Description
[DEFAULT]
 
debug = False
(Boolean) If set to true, the logging level will be set to DEBUG instead of the default INFO level.
default_log_levels = amqp=WARN, amqplib=WARN, boto=WARN, qpid=WARN, sqlalchemy=WARN, suds=INFO, oslo.messaging=INFO, iso8601=WARN, requests.packages.urllib3.connectionpool=WARN, urllib3.connectionpool=WARN, websocket=WARN, requests.packages.urllib3.util.retry=WARN, urllib3.util.retry=WARN, keystonemiddleware=WARN, routes.middleware=WARN, stevedore=WARN, taskflow=WARN, keystoneauth=WARN, oslo.cache=INFO, dogpile.core.dogpile=INFO
(List) List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.
fatal_deprecations = False
(Boolean) Enables or disables fatal status of deprecations.
fatal_exception_format_errors = False
(Boolean) Make exception message format errors fatal
instance_format = "[instance: %(uuid)s] "
(String) The format for an instance that is passed with the log message.
instance_uuid_format = "[instance: %(uuid)s] "
(String) The format for an instance UUID that is passed with the log message.
log_config_append = None
(String) The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, logging_context_format_string).
log_date_format = %Y-%m-%d %H:%M:%S
(String) Defines the format string for %%(asctime)s in log records. Default: %(default)s . This option is ignored if log_config_append is set.
log_dir = None
(String) (Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.
log_file = None
(String) (Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.
logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
(String) Format string to use for log messages with context.
logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
(String) Additional data to append to log message when logging level for the message is DEBUG.
logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
(String) Format string to use for log messages when context is undefined.
logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
(String) Prefix each line of exception output with this format.
logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
(String) Defines the format string for %(user_identity)s that is used in logging_context_format_string.
publish_errors = False
(Boolean) Enables or disables publication of error events.
syslog_log_facility = LOG_USER
(String) Syslog facility to receive log lines. This option is ignored if log_config_append is set.
use_stderr = True
(Boolean) Log output to standard error. This option is ignored if log_config_append is set.
use_syslog = False
(Boolean) Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.
verbose = True
(Boolean) DEPRECATED: If set to false, the logging level will be set to WARNING instead of the default INFO level.
watch_log_file = False
(Boolean) Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.
Table 1.6. Description of policy configuration options
Configuration option = Default value
Description
[oslo_policy]
 
policy_default_rule = default
(String) Default rule. Enforced when a requested rule is not found.
policy_dirs = ['policy.d']
(Multi-valued) Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.
policy_file = policy.json
(String) The JSON file that defines policies.
Table 1.7. Description of RPC configuration options
Configuration option = Default value
Description
[DEFAULT]
 
notification_format = both
(String) Specifies which notification format shall be used by nova.
rpc_backend = rabbit
(String) The messaging driver to use, defaults to rabbit. Other drivers include amqp and zmq.
rpc_cast_timeout = -1
(Integer) Seconds to wait before a cast expires (TTL). The default value of -1 specifies an infinite linger period. The value of 0 specifies no linger period. Pending messages shall be discarded immediately when the socket is closed. Only supported by impl_zmq.
rpc_conn_pool_size = 30
(Integer) Size of RPC connection pool.
rpc_poll_timeout = 1
(Integer) The default number of seconds that poll should wait. Poll raises timeout exception when timeout expired.
rpc_response_timeout = 60
(Integer) Seconds to wait for a response from a call.
[cells]
 
rpc_driver_queue_base = cells.intercell
(String) RPC driver queue base When sending a message to another cell by JSON-ifying the message and making an RPC cast to 'process_message', a base queue is used. This option defines the base queue name to be used when communicating between cells. Various topics by message type will be appended to this. Possible values: * The base queue name to be used when communicating between cells. Services which consume this: * nova-cells Related options: * None
[oslo_concurrency]
 
disable_process_locking = False
(Boolean) Enables or disables inter-process locks.
lock_path = None
(String) Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set.
[oslo_messaging]
 
event_stream_topic = neutron_lbaas_event
(String) topic name for receiving events from a queue
[oslo_messaging_amqp]
 
allow_insecure_clients = False
(Boolean) Accept clients using either SSL or plain TCP
broadcast_prefix = broadcast
(String) address prefix used when broadcasting to all servers
container_name = None
(String) Name for the AMQP container
group_request_prefix = unicast
(String) address prefix when sending to any server in group
idle_timeout = 0
(Integer) Timeout for inactive connections (in seconds)
password =
(String) Password for message broker authentication
sasl_config_dir =
(String) Path to directory that contains the SASL configuration
sasl_config_name =
(String) Name of configuration file (without .conf suffix)
sasl_mechanisms =
(String) Space separated list of acceptable SASL mechanisms
server_request_prefix = exclusive
(String) address prefix used when sending to a specific server
ssl_ca_file =
(String) CA certificate PEM file to verify server certificate
ssl_cert_file =
(String) Identifying certificate PEM file to present to clients
ssl_key_file =
(String) Private key PEM file used to sign cert_file certificate
ssl_key_password = None
(String) Password for decrypting ssl_key_file (if encrypted)
trace = False
(Boolean) Debug: dump AMQP frames to stdout
username =
(String) User name for message broker authentication
[oslo_messaging_notifications]
 
driver = []
(Multi-valued) The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop
topics = notifications
(List) AMQP topic used for OpenStack notifications.
transport_url = None
(String) A URL representing the messaging driver to use for notifications. If not set, we fall back to the same configuration used for RPC.
[upgrade_levels]
 
baseapi = None
(String) Set a version cap for messages sent to the base api in any service
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.