Block Storage sample configuration files

Block Storage sample configuration files

All the files in this section can be found in /etc/cinder.

cinder.conf

The cinder.conf file is installed in /etc/cinder by default. When you manually install the Block Storage service, the options in the cinder.conf file are set to default values.

The cinder.conf file contains most of the options to configure the Block Storage service. Here is the sample configuration file and you can generate the latest configuration file by using the tox provided by the Block Storage service.

[DEFAULT]

#
# From cinder
#

# Backup metadata version to be used when backing up volume metadata. If this
# number is bumped, make sure the service doing the restore supports the new
# version. (integer value)
#backup_metadata_version = 2

# The number of chunks or objects, for which one Ceilometer notification will
# be sent (integer value)
#backup_object_number_per_notification = 10

# Interval, in seconds, between two progress notifications reporting the backup
# status (integer value)
#backup_timer_interval = 120

# The maximum number of items that a collection resource returns in a single
# response (integer value)
#osapi_max_limit = 1000

# Base URL that will be presented to users in links to the OpenStack Volume API
# (string value)
# Deprecated group/name - [DEFAULT]/osapi_compute_link_prefix
#osapi_volume_base_URL = <None>

# Volume filter options which non-admin user could use to query volumes.
# Default values are: ['name', 'status', 'metadata', 'availability_zone'
# ,'bootable'] (list value)
#query_volume_filters = name,status,metadata,availability_zone,bootable

# Ceph configuration file to use. (string value)
#backup_ceph_conf = /etc/ceph/ceph.conf

# The Ceph user to connect with. Default here is to use the same user as for
# Cinder volumes. If not using cephx this should be set to None. (string value)
#backup_ceph_user = cinder

# The chunk size, in bytes, that a backup is broken into before transfer to the
# Ceph object store. (integer value)
#backup_ceph_chunk_size = 134217728

# The Ceph pool where volume backups are stored. (string value)
#backup_ceph_pool = backups

# RBD stripe unit to use when creating a backup image. (integer value)
#backup_ceph_stripe_unit = 0

# RBD stripe count to use when creating a backup image. (integer value)
#backup_ceph_stripe_count = 0

# If True, always discard excess bytes when restoring volumes i.e. pad with
# zeroes. (boolean value)
#restore_discard_excess_bytes = true

# File with the list of available smbfs shares. (string value)
#smbfs_shares_config = /etc/cinder/smbfs_shares

# The path of the automatically generated file containing information about
# volume disk space allocation. (string value)
#smbfs_allocation_info_file_path = $state_path/allocation_data

# Default format that will be used when creating volumes if no volume format is
# specified. (string value)
# Allowed values: raw, qcow2, vhd, vhdx
#smbfs_default_volume_format = qcow2

# Create volumes as sparsed files which take no space rather than regular files
# when using raw format, in which case volume creation takes lot of time.
# (boolean value)
#smbfs_sparsed_volumes = true

# Percent of ACTUAL usage of the underlying volume before no new volumes can be
# allocated to the volume destination. (floating point value)
#smbfs_used_ratio = 0.95

# This will compare the allocated to available space on the volume destination.
# If the ratio exceeds this number, the destination will no longer be valid.
# (floating point value)
#smbfs_oversub_ratio = 1.0

# Base dir containing mount points for smbfs shares. (string value)
#smbfs_mount_point_base = $state_path/mnt

# Mount options passed to the smbfs client. See mount.cifs man page for
# details. (string value)
#smbfs_mount_options = noperm,file_mode=0775,dir_mode=0775

# Compression algorithm (None to disable) (string value)
#backup_compression_algorithm = zlib

# Use thin provisioning for SAN volumes? (boolean value)
#san_thin_provision = true

# IP address of SAN controller (string value)
#san_ip =

# Username for SAN controller (string value)
#san_login = admin

# Password for SAN controller (string value)
#san_password =

# Filename of private key to use for SSH authentication (string value)
#san_private_key =

# Cluster name to use for creating volumes (string value)
#san_clustername =

# SSH port to use with SAN (port value)
# Minimum value: 0
# Maximum value: 65535
#san_ssh_port = 22

# Execute commands locally instead of over SSH; use if the volume service is
# running on the SAN device (boolean value)
#san_is_local = false

# SSH connection timeout in seconds (integer value)
#ssh_conn_timeout = 30

# Minimum ssh connections in the pool (integer value)
#ssh_min_pool_conn = 1

# Maximum ssh connections in the pool (integer value)
#ssh_max_pool_conn = 5

# Configuration file for HDS NFS cinder plugin (string value)
#hds_hnas_nfs_config_file = /opt/hds/hnas/cinder_nfs_conf.xml

# Sets the value of TCP_KEEPALIVE (True/False) for each server socket. (boolean
# value)
#tcp_keepalive = true

# Sets the value of TCP_KEEPINTVL in seconds for each server socket. Not
# supported on OS X. (integer value)
#tcp_keepalive_interval = <None>

# Sets the value of TCP_KEEPCNT for each server socket. Not supported on OS X.
# (integer value)
#tcp_keepalive_count = <None>

# Option to enable strict host key checking.  When set to "True" Cinder will
# only connect to systems with a host key present in the configured
# "ssh_hosts_key_file".  When set to "False" the host key will be saved upon
# first connection and used for subsequent connections.  Default=False (boolean
# value)
#strict_ssh_host_key_policy = false

# File containing SSH host keys for the systems with which Cinder needs to
# communicate.  OPTIONAL: Default=$state_path/ssh_known_hosts (string value)
#ssh_hosts_key_file = $state_path/ssh_known_hosts

# The storage family type used on the storage system; valid values are
# ontap_7mode for using Data ONTAP operating in 7-Mode, ontap_cluster for using
# clustered Data ONTAP, or eseries for using E-Series. (string value)
# Allowed values: ontap_7mode, ontap_cluster, eseries
#netapp_storage_family = ontap_cluster

# The storage protocol to be used on the data path with the storage system.
# (string value)
# Allowed values: iscsi, fc, nfs
#netapp_storage_protocol = <None>

# The hostname (or IP address) for the storage system or proxy server. (string
# value)
#netapp_server_hostname = <None>

# The TCP port to use for communication with the storage system or proxy
# server. If not specified, Data ONTAP drivers will use 80 for HTTP and 443 for
# HTTPS; E-Series will use 8080 for HTTP and 8443 for HTTPS. (integer value)
#netapp_server_port = <None>

# The transport protocol used when communicating with the storage system or
# proxy server. (string value)
# Allowed values: http, https
#netapp_transport_type = http

# Administrative user account name used to access the storage system or proxy
# server. (string value)
#netapp_login = <None>

# Password for the administrative user account specified in the netapp_login
# option. (string value)
#netapp_password = <None>

# This option specifies the virtual storage server (Vserver) name on the
# storage cluster on which provisioning of block storage volumes should occur.
# (string value)
#netapp_vserver = <None>

# The vFiler unit on which provisioning of block storage volumes will be done.
# This option is only used by the driver when connecting to an instance with a
# storage family of Data ONTAP operating in 7-Mode. Only use this option when
# utilizing the MultiStore feature on the NetApp storage system. (string value)
#netapp_vfiler = <None>

# The name of the config.conf stanza for a Data ONTAP (7-mode) HA partner.
# This option is only used by the driver when connecting to an instance with a
# storage family of Data ONTAP operating in 7-Mode, and it is required if the
# storage protocol selected is FC. (string value)
#netapp_partner_backend_name = <None>

# The quantity to be multiplied by the requested volume size to ensure enough
# space is available on the virtual storage server (Vserver) to fulfill the
# volume creation request.  Note: this option is deprecated and will be removed
# in favor of "reserved_percentage" in the Mitaka release. (floating point
# value)
#netapp_size_multiplier = 1.2

# This option determines if storage space is reserved for LUN allocation. If
# enabled, LUNs are thick provisioned. If space reservation is disabled,
# storage space is allocated on demand. (string value)
# Allowed values: enabled, disabled
#netapp_lun_space_reservation = enabled

# If the percentage of available space for an NFS share has dropped below the
# value specified by this option, the NFS image cache will be cleaned. (integer
# value)
#thres_avl_size_perc_start = 20

# When the percentage of available space on an NFS share has reached the
# percentage specified by this option, the driver will stop clearing files from
# the NFS image cache that have not been accessed in the last M minutes, where
# M is the value of the expiry_thres_minutes configuration option. (integer
# value)
#thres_avl_size_perc_stop = 60

# This option specifies the threshold for last access time for images in the
# NFS image cache. When a cache cleaning cycle begins, images in the cache that
# have not been accessed in the last M minutes, where M is the value of this
# parameter, will be deleted from the cache to create free space on the NFS
# share. (integer value)
#expiry_thres_minutes = 720

# This option is used to specify the path to the E-Series proxy application on
# a proxy server. The value is combined with the value of the
# netapp_transport_type, netapp_server_hostname, and netapp_server_port options
# to create the URL used by the driver to connect to the proxy application.
# (string value)
#netapp_webservice_path = /devmgr/v2

# This option is only utilized when the storage family is configured to
# eseries. This option is used to restrict provisioning to the specified
# controllers. Specify the value of this option to be a comma separated list of
# controller hostnames or IP addresses to be used for provisioning. (string
# value)
#netapp_controller_ips = <None>

# Password for the NetApp E-Series storage array. (string value)
#netapp_sa_password = <None>

# This option specifies whether the driver should allow operations that require
# multiple attachments to a volume. An example would be live migration of
# servers that have volumes attached. When enabled, this backend is limited to
# 256 total volumes in order to guarantee volumes can be accessed by more than
# one host. (boolean value)
#netapp_enable_multiattach = false

# This option specifies the path of the NetApp copy offload tool binary. Ensure
# that the binary has execute permissions set which allow the effective user of
# the cinder-volume process to execute the file. (string value)
#netapp_copyoffload_tool_path = <None>

# This option defines the type of operating system that will access a LUN
# exported from Data ONTAP; it is assigned to the LUN at the time it is
# created. (string value)
#netapp_lun_ostype = <None>

# This option defines the type of operating system for all initiators that can
# access a LUN. This information is used when mapping LUNs to individual hosts
# or groups of hosts. (string value)
# Deprecated group/name - [DEFAULT]/netapp_eseries_host_type
#netapp_host_type = <None>

# This option is used to restrict provisioning to the specified pools. Specify
# the value of this option to be a regular expression which will be applied to
# the names of objects from the storage backend which represent pools in
# Cinder. This option is only utilized when the storage protocol is configured
# to use iSCSI or FC. (string value)
# Deprecated group/name - [DEFAULT]/netapp_volume_list
# Deprecated group/name - [DEFAULT]/netapp_storage_pools
#netapp_pool_name_search_pattern = (.+)

# Configure CHAP authentication for iSCSI connections (Default: Enabled)
# (boolean value)
#storwize_svc_iscsi_chap_enabled = true

# Base dir containing mount point for gluster share. (string value)
#glusterfs_backup_mount_point = $state_path/backup_mount

# GlusterFS share in <hostname|ipv4addr|ipv6addr>:<gluster_vol_name> format.
# Eg: 1.2.3.4:backup_vol (string value)
#glusterfs_backup_share = <None>

# Volume prefix for the backup id when backing up to TSM (string value)
#backup_tsm_volume_prefix = backup

# TSM password for the running username (string value)
#backup_tsm_password = password

# Enable or Disable compression for backups (boolean value)
#backup_tsm_compression = true

# config file for cinder eternus_dx volume driver (string value)
#cinder_eternus_config_file = /etc/cinder/cinder_fujitsu_eternus_dx.xml

# Specifies the path of the GPFS directory where Block Storage volume and
# snapshot files are stored. (string value)
#gpfs_mount_point_base = <None>

# Specifies the path of the Image service repository in GPFS.  Leave undefined
# if not storing images in GPFS. (string value)
#gpfs_images_dir = <None>

# Specifies the type of image copy to be used.  Set this when the Image service
# repository also uses GPFS so that image files can be transferred efficiently
# from the Image service to the Block Storage service. There are two valid
# values: "copy" specifies that a full copy of the image is made;
# "copy_on_write" specifies that copy-on-write optimization strategy is used
# and unmodified blocks of the image file are shared efficiently. (string
# value)
# Allowed values: copy, copy_on_write, <None>
#gpfs_images_share_mode = <None>

# Specifies an upper limit on the number of indirections required to reach a
# specific block due to snapshots or clones.  A lengthy chain of copy-on-write
# snapshots or clones can have a negative impact on performance, but improves
# space utilization.  0 indicates unlimited clone depth. (integer value)
#gpfs_max_clone_depth = 0

# Specifies that volumes are created as sparse files which initially consume no
# space. If set to False, the volume is created as a fully allocated file, in
# which case, creation may take a significantly longer time. (boolean value)
#gpfs_sparse_volumes = true

# Specifies the storage pool that volumes are assigned to. By default, the
# system storage pool is used. (string value)
#gpfs_storage_pool = system

# Global backend request timeout, in seconds. (integer value)
#violin_request_timeout = 300

# IP address of Nexenta SA (string value)
#nexenta_host =

# HTTP port to connect to Nexenta REST API server (integer value)
#nexenta_rest_port = 8080

# Use http or https for REST connection (default auto) (string value)
# Allowed values: http, https, auto
#nexenta_rest_protocol = auto

# User name to connect to Nexenta SA (string value)
#nexenta_user = admin

# Password to connect to Nexenta SA (string value)
#nexenta_password = nexenta

# Nexenta target portal port (integer value)
#nexenta_iscsi_target_portal_port = 3260

# SA Pool that holds all volumes (string value)
#nexenta_volume = cinder

# IQN prefix for iSCSI targets (string value)
#nexenta_target_prefix = iqn.1986-03.com.sun:02:cinder-

# Prefix for iSCSI target groups on SA (string value)
#nexenta_target_group_prefix = cinder/

# Volume group for ns5 (string value)
#nexenta_volume_group = iscsi

# Compression value for new ZFS folders. (string value)
# Allowed values: on, off, gzip, gzip-1, gzip-2, gzip-3, gzip-4, gzip-5, gzip-6, gzip-7, gzip-8, gzip-9, lzjb, zle, lz4
#nexenta_dataset_compression = on

# Deduplication value for new ZFS folders. (string value)
# Allowed values: on, off, sha256, verify, sha256, verify
#nexenta_dataset_dedup = off

# Human-readable description for the folder. (string value)
#nexenta_dataset_description =

# Block size for datasets (integer value)
#nexenta_blocksize = 4096

# Block size for datasets (integer value)
#nexenta_ns5_blocksize = 32

# Enables or disables the creation of sparse datasets (boolean value)
#nexenta_sparse = false

# File with the list of available nfs shares (string value)
#nexenta_shares_config = /etc/cinder/nfs_shares

# Base directory that contains NFS share mount points (string value)
#nexenta_mount_point_base = $state_path/mnt

# Enables or disables the creation of volumes as sparsed files that take no
# space. If disabled (False), volume is created as a regular file, which takes
# a long time. (boolean value)
#nexenta_sparsed_volumes = true

# If set True cache NexentaStor appliance volroot option value. (boolean value)
#nexenta_nms_cache_volroot = true

# Enable stream compression, level 1..9. 1 - gives best speed; 9 - gives best
# compression. (integer value)
#nexenta_rrmgr_compression = 0

# TCP Buffer size in KiloBytes. (integer value)
#nexenta_rrmgr_tcp_buf_size = 4096

# Number of TCP connections. (integer value)
#nexenta_rrmgr_connections = 2

# IP address of NexentaEdge management REST API endpoint (string value)
#nexenta_rest_address =

# User name to connect to NexentaEdge (string value)
#nexenta_rest_user = admin

# Password to connect to NexentaEdge (string value)
#nexenta_rest_password = nexenta

# NexentaEdge logical path of bucket for LUNs (string value)
#nexenta_lun_container =

# NexentaEdge iSCSI service name (string value)
#nexenta_iscsi_service =

# NexentaEdge iSCSI Gateway client address for non-VIP service (string value)
#nexenta_client_address =

# NexentaEdge iSCSI LUN object chunk size (integer value)
#nexenta_chunksize = 32768

# Make exception message format errors fatal. (boolean value)
#fatal_exception_format_errors = false

# IP address of this host (string value)
#my_ip = 192.168.0.239

# A list of the URLs of glance API servers available to cinder
# ([http[s]://][hostname|ip]:port). If protocol is not specified it defaults to
# http. (list value)
#glance_api_servers = <None>

# Version of the glance API to use (integer value)
#glance_api_version = 1

# Number retries when downloading an image from glance (integer value)
#glance_num_retries = 0

# Allow to perform insecure SSL (https) requests to glance (boolean value)
#glance_api_insecure = false

# Enables or disables negotiation of SSL layer compression. In some cases
# disabling compression can improve data throughput, such as when high network
# bandwidth is available and you use compressed image formats like qcow2.
# (boolean value)
#glance_api_ssl_compression = false

# Location of ca certificates file to use for glance client requests. (string
# value)
#glance_ca_certificates_file = <None>

# http/https timeout value for glance operations. If no value (None) is
# supplied here, the glanceclient default value is used. (integer value)
#glance_request_timeout = <None>

# The topic that scheduler nodes listen on (string value)
#scheduler_topic = cinder-scheduler

# The topic that volume nodes listen on (string value)
#volume_topic = cinder-volume

# The topic that volume backup nodes listen on (string value)
#backup_topic = cinder-backup

# DEPRECATED: Deploy v1 of the Cinder API. (boolean value)
#enable_v1_api = true

# DEPRECATED: Deploy v2 of the Cinder API. (boolean value)
#enable_v2_api = true

# Deploy v3 of the Cinder API. (boolean value)
#enable_v3_api = true

# Enables or disables rate limit of the API. (boolean value)
#api_rate_limit = true

# Specify list of extensions to load when using osapi_volume_extension option
# with cinder.api.contrib.select_extensions (list value)
#osapi_volume_ext_list =

# osapi volume extension to load (multi valued)
#osapi_volume_extension = cinder.api.contrib.standard_extensions

# Full class name for the Manager for volume (string value)
#volume_manager = cinder.volume.manager.VolumeManager

# Full class name for the Manager for volume backup (string value)
#backup_manager = cinder.backup.manager.BackupManager

# Full class name for the Manager for scheduler (string value)
#scheduler_manager = cinder.scheduler.manager.SchedulerManager

# Name of this node.  This can be an opaque identifier. It is not necessarily a
# host name, FQDN, or IP address. (string value)
#host = zl-VM

# Availability zone of this node (string value)
#storage_availability_zone = nova

# Default availability zone for new volumes. If not set, the
# storage_availability_zone option value is used as the default for new
# volumes. (string value)
#default_availability_zone = <None>

# If the requested Cinder availability zone is unavailable, fall back to the
# value of default_availability_zone, then storage_availability_zone, instead
# of failing. (boolean value)
#allow_availability_zone_fallback = false

# Default volume type to use (string value)
#default_volume_type = <None>

# Time period for which to generate volume usages. The options are hour, day,
# month, or year. (string value)
#volume_usage_audit_period = month

# Path to the rootwrap configuration file to use for running commands as root
# (string value)
#rootwrap_config = /etc/cinder/rootwrap.conf

# Enable monkey patching (boolean value)
#monkey_patch = false

# List of modules/decorators to monkey patch (list value)
#monkey_patch_modules =

# Maximum time since last check-in for a service to be considered up (integer
# value)
#service_down_time = 60

# The full class name of the volume API class to use (string value)
#volume_api_class = cinder.volume.api.API

# The full class name of the volume backup API class (string value)
#backup_api_class = cinder.backup.api.API

# The strategy to use for auth. Supports noauth or keystone. (string value)
# Allowed values: noauth, keystone
#auth_strategy = keystone

# A list of backend names to use. These backend names should be backed by a
# unique [CONFIG] group with its options (list value)
#enabled_backends = <None>

# Whether snapshots count against gigabyte quota (boolean value)
#no_snapshot_gb_quota = false

# The full class name of the volume transfer API class (string value)
#transfer_api_class = cinder.transfer.api.API

# The full class name of the volume replication API class (string value)
#replication_api_class = cinder.replication.api.API

# The full class name of the consistencygroup API class (string value)
#consistencygroup_api_class = cinder.consistencygroup.api.API

# OpenStack privileged account username. Used for requests to other services
# (such as Nova) that require an account with special rights. (string value)
#os_privileged_user_name = <None>

# Password associated with the OpenStack privileged account. (string value)
#os_privileged_user_password = <None>

# Tenant name associated with the OpenStack privileged account. (string value)
#os_privileged_user_tenant = <None>

# Auth URL associated with the OpenStack privileged account. (string value)
#os_privileged_user_auth_url = <None>

# Multiplier used for weighing free capacity. Negative numbers mean to stack vs
# spread. (floating point value)
#capacity_weight_multiplier = 1.0

# Multiplier used for weighing allocated capacity. Positive numbers mean to
# stack vs spread. (floating point value)
#allocated_capacity_weight_multiplier = -1.0

# IP address of sheep daemon. (string value)
#sheepdog_store_address = 127.0.0.1

# Port of sheep daemon. (port value)
# Minimum value: 0
# Maximum value: 65535
#sheepdog_store_port = 7000

# Max size for body of a request (integer value)
#osapi_max_request_body_size = 114688

# Set 512 byte emulation on volume creation;  (boolean value)
#sf_emulate_512 = true

# Allow tenants to specify QOS on create (boolean value)
#sf_allow_tenant_qos = false

# Create SolidFire accounts with this prefix. Any string can be used here, but
# the string "hostname" is special and will create a prefix using the cinder
# node hostname (previous default behavior).  The default is NO prefix. (string
# value)
#sf_account_prefix = <None>

# Create SolidFire volumes with this prefix. Volume names are of the form
# <sf_volume_prefix><cinder-volume-id>.  The default is to use a prefix of
# 'UUID-'. (string value)
#sf_volume_prefix = UUID-

# Account name on the SolidFire Cluster to use as owner of template/cache
# volumes (created if does not exist). (string value)
#sf_template_account_name = openstack-vtemplate

# Create an internal cache of copy of images when a bootable volume is created
# to eliminate fetch from glance and qemu-conversion on subsequent calls.
# (boolean value)
#sf_allow_template_caching = true

# Overrides default cluster SVIP with the one specified. This is required or
# deployments that have implemented the use of VLANs for iSCSI networks in
# their cloud. (string value)
#sf_svip = <None>

# Create an internal mapping of volume IDs and account.  Optimizes lookups and
# performance at the expense of memory, very large deployments may want to
# consider setting to False. (boolean value)
#sf_enable_volume_mapping = true

# SolidFire API port. Useful if the device api is behind a proxy on a different
# port. (port value)
# Minimum value: 0
# Maximum value: 65535
#sf_api_port = 443

# Utilize volume access groups on a per-tenant basis. (boolean value)
#sf_enable_vag = false

# The URL of the Swift endpoint (string value)
#backup_swift_url = <None>

# The URL of the Keystone endpoint (string value)
#backup_swift_auth_url = <None>

# Info to match when looking for swift in the service catalog. Format is:
# separated values of the form: <service_type>:<service_name>:<endpoint_type> -
# Only used if backup_swift_url is unset (string value)
#swift_catalog_info = object-store:swift:publicURL

# Info to match when looking for keystone in the service catalog. Format is:
# separated values of the form: <service_type>:<service_name>:<endpoint_type> -
# Only used if backup_swift_auth_url is unset (string value)
#keystone_catalog_info = identity:Identity Service:publicURL

# Swift authentication mechanism (string value)
#backup_swift_auth = per_user

# Swift authentication version. Specify "1" for auth 1.0, or "2" for auth 2.0
# (string value)
#backup_swift_auth_version = 1

# Swift tenant/account name. Required when connecting to an auth 2.0 system
# (string value)
#backup_swift_tenant = <None>

# Swift user name (string value)
#backup_swift_user = <None>

# Swift key for authentication (string value)
#backup_swift_key = <None>

# The default Swift container to use (string value)
#backup_swift_container = volumebackups

# The size in bytes of Swift backup objects (integer value)
#backup_swift_object_size = 52428800

# The size in bytes that changes are tracked for incremental backups.
# backup_swift_object_size has to be multiple of backup_swift_block_size.
# (integer value)
#backup_swift_block_size = 32768

# The number of retries to make for Swift operations (integer value)
#backup_swift_retry_attempts = 3

# The backoff time in seconds between Swift retries (integer value)
#backup_swift_retry_backoff = 2

# Enable or Disable the timer to send the periodic progress notifications to
# Ceilometer when backing up the volume to the Swift backend storage. The
# default value is True to enable the timer. (boolean value)
#backup_swift_enable_progress_timer = true

# Location of the CA certificate file to use for swift client requests. (string
# value)
#backup_swift_ca_cert_file = <None>

# Bypass verification of server certificate when making SSL connection to
# Swift. (boolean value)
#backup_swift_auth_insecure = false

# These values will be used for CloudByte storage's addQos API call. (dict
# value)
#cb_add_qosgroup = graceallowed:false,iops:10,iopscontrol:true,latency:15,memlimit:0,networkspeed:0,throughput:0,tpcontrol:false

# These values will be used for CloudByte storage's createVolume API call.
# (dict value)
#cb_create_volume = blocklength:512B,compression:off,deduplication:off,protocoltype:ISCSI,recordsize:16k,sync:always

# Driver will use this API key to authenticate against the CloudByte storage's
# management interface. (string value)
#cb_apikey = <None>

# CloudByte storage specific account name. This maps to a project name in
# OpenStack. (string value)
#cb_account_name = <None>

# This corresponds to the name of Tenant Storage Machine (TSM) in CloudByte
# storage. A volume will be created in this TSM. (string value)
#cb_tsm_name = <None>

# A retry value in seconds. Will be used by the driver to check if volume
# creation was successful in CloudByte storage. (integer value)
#cb_confirm_volume_create_retry_interval = 5

# Will confirm a successful volume creation in CloudByte storage by making this
# many number of attempts. (integer value)
#cb_confirm_volume_create_retries = 3

# A retry value in seconds. Will be used by the driver to check if volume
# deletion was successful in CloudByte storage. (integer value)
#cb_confirm_volume_delete_retry_interval = 5

# Will confirm a successful volume deletion in CloudByte storage by making this
# many number of attempts. (integer value)
#cb_confirm_volume_delete_retries = 3

# This corresponds to the discovery authentication group in CloudByte storage.
# Chap users are added to this group. Driver uses the first user found for this
# group. Default value is None. (string value)
#cb_auth_group = <None>

# These values will be used for CloudByte storage's updateQosGroup API call.
# (list value)
#cb_update_qos_group = iops,latency,graceallowed

# These values will be used for CloudByte storage's updateFileSystem API call.
# (list value)
#cb_update_file_system = compression,sync,noofcopies,readonly

# Interval, in seconds, between nodes reporting state to datastore (integer
# value)
#report_interval = 10

# Interval, in seconds, between running periodic tasks (integer value)
#periodic_interval = 60

# Range, in seconds, to randomly delay when starting the periodic task
# scheduler to reduce stampeding. (Disable by setting to 0) (integer value)
#periodic_fuzzy_delay = 60

# IP address on which OpenStack Volume API listens (string value)
#osapi_volume_listen = 0.0.0.0

# Port on which OpenStack Volume API listens (port value)
# Minimum value: 0
# Maximum value: 65535
#osapi_volume_listen_port = 8776

# Number of workers for OpenStack Volume API service. The default is equal to
# the number of CPUs available. (integer value)
#osapi_volume_workers = <None>

# The full class name of the compute API class to use (string value)
#compute_api_class = cinder.compute.nova.API

# Number of nodes that should replicate the data. (integer value)
#drbdmanage_redundancy = 1

# Resource deployment completion wait policy. (string value)
#drbdmanage_resource_policy = {"ratio": "0.51", "timeout": "60"}

# Snapshot completion wait policy. (string value)
#drbdmanage_snapshot_policy = {"count": "1", "timeout": "60"}

# Volume resize completion wait policy. (string value)
#drbdmanage_resize_policy = {"timeout": "60"}

# Resource deployment completion wait plugin. (string value)
#drbdmanage_resource_plugin = drbdmanage.plugins.plugins.wait_for.WaitForResource

# Snapshot completion wait plugin. (string value)
#drbdmanage_snapshot_plugin = drbdmanage.plugins.plugins.wait_for.WaitForSnapshot

# Volume resize completion wait plugin. (string value)
#drbdmanage_resize_plugin = drbdmanage.plugins.plugins.wait_for.WaitForVolumeSize

# If set, the c-vol node will receive a useable
#                 /dev/drbdX device, even if the actual data is stored on
#                 other nodes only.
#                 This is useful for debugging, maintenance, and to be
#                 able to do the iSCSI export from the c-vol node. (boolean
# value)
#drbdmanage_devs_on_controller = true

# Pool or Vdisk name to use for volume creation. (string value)
#dothill_backend_name = A

# linear (for Vdisk) or virtual (for Pool). (string value)
# Allowed values: linear, virtual
#dothill_backend_type = virtual

# DotHill API interface protocol. (string value)
# Allowed values: http, https
#dothill_api_protocol = https

# Whether to verify DotHill array SSL certificate. (boolean value)
#dothill_verify_certificate = false

# DotHill array SSL certificate path. (string value)
#dothill_verify_certificate_path = <None>

# List of comma-separated target iSCSI IP addresses. (list value)
#dothill_iscsi_ips =

# File with the list of available gluster shares (string value)
#glusterfs_shares_config = /etc/cinder/glusterfs_shares

# Base dir containing mount points for gluster shares. (string value)
#glusterfs_mount_point_base = $state_path/mnt

# REST API authorization token. (string value)
#pure_api_token = <None>

# Automatically determine an oversubscription ratio based on the current total
# data reduction values. If used this calculated value will override the
# max_over_subscription_ratio config option. (boolean value)
#pure_automatic_max_oversubscription_ratio = true

# Snapshot replication interval in seconds. (integer value)
#pure_replica_interval_default = 900

# Retain all snapshots on target for this time (in seconds.) (integer value)
#pure_replica_retention_short_term_default = 14400

# Retain how many snapshots for each day. (integer value)
#pure_replica_retention_long_term_per_day_default = 3

# Retain snapshots per day on target for this time (in days.) (integer value)
#pure_replica_retention_long_term_default = 7

# When enabled, all Pure volumes, snapshots, and protection groups will be
# eradicated at the time of deletion in Cinder. Data will NOT be recoverable
# after a delete with this set to True! When disabled, volumes and snapshots
# will go into pending eradication state and can be recovered. (boolean value)
#pure_eradicate_on_delete = false

# ID of the project which will be used as the Cinder internal tenant. (string
# value)
#cinder_internal_tenant_project_id = <None>

# ID of the user to be used in volume operations as the Cinder internal tenant.
# (string value)
#cinder_internal_tenant_user_id = <None>

# The scheduler host manager class to use (string value)
#scheduler_host_manager = cinder.scheduler.host_manager.HostManager

# Maximum number of attempts to schedule a volume (integer value)
#scheduler_max_attempts = 3

# Path or URL to Scality SOFS configuration file (string value)
#scality_sofs_config = <None>

# Base dir where Scality SOFS shall be mounted (string value)
#scality_sofs_mount_point = $state_path/scality

# Path from Scality SOFS root to volume dir (string value)
#scality_sofs_volume_dir = cinder/volumes

# VNX authentication scope type. (string value)
#storage_vnx_authentication_type = global

# Directory path that contains the VNX security file. Make sure the security
# file is generated first. (string value)
#storage_vnx_security_file_dir = <None>

# Naviseccli Path. (string value)
#naviseccli_path =

# Comma-separated list of storage pool names to be used. (string value)
# Deprecated group/name - [DEFAULT]/storage_vnx_pool_name
#storage_vnx_pool_names = <None>

# VNX secondary SP IP Address. (string value)
#san_secondary_ip = <None>

# Default timeout for CLI operations in minutes. For example, LUN migration is
# a typical long running operation, which depends on the LUN size and the load
# of the array. An upper bound in the specific deployment can be set to avoid
# unnecessary long wait. By default, it is 365 days long. (integer value)
#default_timeout = 525600

# Default max number of LUNs in a storage group. By default, the value is 255.
# (integer value)
#max_luns_per_storage_group = 255

# To destroy storage group when the last LUN is removed from it. By default,
# the value is False. (boolean value)
#destroy_empty_storage_group = false

# Mapping between hostname and its iSCSI initiator IP addresses. (string value)
#iscsi_initiators =

# Comma separated iSCSI or FC ports to be used in Nova or Cinder. (string
# value)
#io_port_list = *

# Automatically register initiators. By default, the value is False. (boolean
# value)
#initiator_auto_registration = false

# Automatically deregister initiators after the related storage group is
# destroyed. By default, the value is False. (boolean value)
#initiator_auto_deregistration = false

# Report free_capacity_gb as 0 when the limit to maximum number of pool LUNs is
# reached. By default, the value is False. (boolean value)
#check_max_pool_luns_threshold = false

# Delete a LUN even if it is in Storage Groups. (boolean value)
#force_delete_lun_in_storagegroup = false

# Force LUN creation even if the full threshold of pool is reached. (boolean
# value)
#ignore_pool_full_threshold = false

# IP address for connecting to VMware vCenter server. (string value)
#vmware_host_ip = <None>

# Port number for connecting to VMware vCenter server. (port value)
# Minimum value: 0
# Maximum value: 65535
#vmware_host_port = 443

# Username for authenticating with VMware vCenter server. (string value)
#vmware_host_username = <None>

# Password for authenticating with VMware vCenter server. (string value)
#vmware_host_password = <None>

# Optional VIM service WSDL Location e.g http://<server>/vimService.wsdl.
# Optional over-ride to default location for bug work-arounds. (string value)
#vmware_wsdl_location = <None>

# Number of times VMware vCenter server API must be retried upon connection
# related issues. (integer value)
#vmware_api_retry_count = 10

# The interval (in seconds) for polling remote tasks invoked on VMware vCenter
# server. (floating point value)
#vmware_task_poll_interval = 0.5

# Name of the vCenter inventory folder that will contain Cinder volumes. This
# folder will be created under "OpenStack/<project_folder>", where
# project_folder is of format "Project (<volume_project_id>)". (string value)
#vmware_volume_folder = Volumes

# Timeout in seconds for VMDK volume transfer between Cinder and Glance.
# (integer value)
#vmware_image_transfer_timeout_secs = 7200

# Max number of objects to be retrieved per batch. Query results will be
# obtained in batches from the server and not in one shot. Server may still
# limit the count to something less than the configured value. (integer value)
#vmware_max_objects_retrieval = 100

# Optional string specifying the VMware vCenter server version. The driver
# attempts to retrieve the version from VMware vCenter server. Set this
# configuration only if you want to override the vCenter server version.
# (string value)
#vmware_host_version = <None>

# Directory where virtual disks are stored during volume backup and restore.
# (string value)
#vmware_tmp_dir = /tmp

# CA bundle file to use in verifying the vCenter server certificate. (string
# value)
#vmware_ca_file = <None>

# If true, the vCenter server certificate is not verified. If false, then the
# default CA truststore is used for verification. This option is ignored if
# "vmware_ca_file" is set. (boolean value)
#vmware_insecure = false

# Name of a vCenter compute cluster where volumes should be created. (multi
# valued)
#vmware_cluster_name =

# Pool or Vdisk name to use for volume creation. (string value)
#lenovo_backend_name = A

# linear (for VDisk) or virtual (for Pool). (string value)
# Allowed values: linear, virtual
#lenovo_backend_type = virtual

# Lenovo api interface protocol. (string value)
# Allowed values: http, https
#lenovo_api_protocol = https

# Whether to verify Lenovo array SSL certificate. (boolean value)
#lenovo_verify_certificate = false

# Lenovo array SSL certificate path. (string value)
#lenovo_verify_certificate_path = <None>

# List of comma-separated target iSCSI IP addresses. (list value)
#lenovo_iscsi_ips =

# The maximum size in bytes of the files used to hold backups. If the volume
# being backed up exceeds this size, then it will be backed up into multiple
# files.backup_file_size must be a multiple of backup_sha_block_size_bytes.
# (integer value)
#backup_file_size = 1999994880

# The size in bytes that changes are tracked for incremental backups.
# backup_file_size has to be multiple of backup_sha_block_size_bytes. (integer
# value)
#backup_sha_block_size_bytes = 32768

# Enable or Disable the timer to send the periodic progress notifications to
# Ceilometer when backing up the volume to the backend storage. The default
# value is True to enable the timer. (boolean value)
#backup_enable_progress_timer = true

# Path specifying where to store backups. (string value)
#backup_posix_path = $state_path/backup

# Custom directory to use for backups. (string value)
#backup_container = <None>

# REST server port. (string value)
#sio_rest_server_port = 443

# Verify server certificate. (boolean value)
#sio_verify_server_certificate = false

# Server certificate path. (string value)
#sio_server_certificate_path = <None>

# Round up volume capacity. (boolean value)
#sio_round_volume_capacity = true

# Unmap volume before deletion. (boolean value)
#sio_unmap_volume_before_deletion = false

# Protection Domain ID. (string value)
#sio_protection_domain_id = <None>

# Protection Domain name. (string value)
#sio_protection_domain_name = <None>

# Storage Pools. (string value)
#sio_storage_pools = <None>

# Storage Pool name. (string value)
#sio_storage_pool_name = <None>

# Storage Pool ID. (string value)
#sio_storage_pool_id = <None>

# Driver to use for database access (string value)
#db_driver = cinder.db

# Group name to use for creating volumes. Defaults to "group-0". (string value)
#eqlx_group_name = group-0

# Timeout for the Group Manager cli command execution. Default is 30. Note that
# this option is deprecated in favour of "ssh_conn_timeout" as specified in
# cinder/volume/drivers/san/san.py and will be removed in M release. (integer
# value)
#eqlx_cli_timeout = 30

# Maximum retry count for reconnection. Default is 5. (integer value)
#eqlx_cli_max_retries = 5

# Use CHAP authentication for targets. Note that this option is deprecated in
# favour of "use_chap_auth" as specified in cinder/volume/driver.py and will be
# removed in next release. (boolean value)
#eqlx_use_chap = false

# Existing CHAP account name. Note that this option is deprecated in favour of
# "chap_username" as specified in cinder/volume/driver.py and will be removed
# in next release. (string value)
#eqlx_chap_login = admin

# Password for specified CHAP account name. Note that this option is deprecated
# in favour of "chap_password" as specified in cinder/volume/driver.py and will
# be removed in the next release (string value)
#eqlx_chap_password = password

# Pool in which volumes will be created. Defaults to "default". (string value)
#eqlx_pool = default

# The number of characters in the salt. (integer value)
#volume_transfer_salt_length = 8

# The number of characters in the autogenerated auth key. (integer value)
#volume_transfer_key_length = 16

# Services to be added to the available pool on create (boolean value)
#enable_new_services = true

# Template string to be used to generate volume names (string value)
#volume_name_template = volume-%s

# Template string to be used to generate snapshot names (string value)
#snapshot_name_template = snapshot-%s

# Template string to be used to generate backup names (string value)
#backup_name_template = backup-%s

# Multiplier used for weighing volume number. Negative numbers mean to spread
# vs stack. (floating point value)
#volume_number_multiplier = -1.0

# RPC port to connect to Coha Data MicroArray (integer value)
#coho_rpc_port = 2049

# Default storage pool for volumes. (integer value)
#ise_storage_pool = 1

# Raid level for ISE volumes. (integer value)
#ise_raid = 1

# Number of retries (per port) when establishing connection to ISE management
# port. (integer value)
#ise_connection_retries = 5

# Interval (secs) between retries. (integer value)
#ise_retry_interval = 1

# Number on retries to get completion status after issuing a command to ISE.
# (integer value)
#ise_completion_retries = 30

# Connect with multipath (FC only; iSCSI multipath is controlled by Nova)
# (boolean value)
#storwize_svc_multipath_enabled = false

# Storage pool name. (string value)
#zfssa_pool = <None>

# Project name. (string value)
#zfssa_project = <None>

# Block size. (string value)
# Allowed values: 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k
#zfssa_lun_volblocksize = 8k

# Flag to enable sparse (thin-provisioned): True, False. (boolean value)
#zfssa_lun_sparse = false

# Data compression. (string value)
# Allowed values: off, lzjb, gzip-2, gzip, gzip-9
#zfssa_lun_compression = off

# Synchronous write bias. (string value)
# Allowed values: latency, throughput
#zfssa_lun_logbias = latency

# iSCSI initiator group. (string value)
#zfssa_initiator_group =

# iSCSI initiator IQNs. (comma separated) (string value)
#zfssa_initiator =

# iSCSI initiator CHAP user (name). (string value)
#zfssa_initiator_user =

# Secret of the iSCSI initiator CHAP user. (string value)
#zfssa_initiator_password =

# iSCSI initiators configuration. (string value)
#zfssa_initiator_config =

# iSCSI target group name. (string value)
#zfssa_target_group = tgt-grp

# iSCSI target CHAP user (name). (string value)
#zfssa_target_user =

# Secret of the iSCSI target CHAP user. (string value)
#zfssa_target_password =

# iSCSI target portal (Data-IP:Port, w.x.y.z:3260). (string value)
#zfssa_target_portal = <None>

# Network interfaces of iSCSI targets. (comma separated) (string value)
#zfssa_target_interfaces = <None>

# REST connection timeout. (seconds) (integer value)
#zfssa_rest_timeout = <None>

# IP address used for replication data. (maybe the same as data ip) (string
# value)
#zfssa_replication_ip =

# Flag to enable local caching: True, False. (boolean value)
#zfssa_enable_local_cache = true

# Name of ZFSSA project where cache volumes are stored. (string value)
#zfssa_cache_project = os-cinder-cache

# Driver policy for volume manage. (string value)
# Allowed values: loose, strict
#zfssa_manage_policy = loose

# Number of times to attempt to run flakey shell commands (integer value)
#num_shell_tries = 3

# The percentage of backend capacity is reserved (integer value)
# Minimum value: 0
# Maximum value: 100
#reserved_percentage = 0

# Prefix for iSCSI volumes (string value)
#iscsi_target_prefix = iqn.2010-10.org.openstack:

# The IP address that the iSCSI daemon is listening on (string value)
#iscsi_ip_address = $my_ip

# The list of secondary IP addresses of the iSCSI daemon (list value)
#iscsi_secondary_ip_addresses =

# The port that the iSCSI daemon is listening on (port value)
# Minimum value: 0
# Maximum value: 65535
#iscsi_port = 3260

# The maximum number of times to rescan targets to find volume (integer value)
#num_volume_device_scan_tries = 3

# The backend name for a given driver implementation (string value)
#volume_backend_name = <None>

# Do we attach/detach volumes in cinder using multipath for volume to image and
# image to volume transfers? (boolean value)
#use_multipath_for_image_xfer = false

# If this is set to True, attachment of volumes for image transfer will be
# aborted when multipathd is not running. Otherwise, it will fallback to single
# path. (boolean value)
#enforce_multipath_for_image_xfer = false

# Method used to wipe old volumes (string value)
# Allowed values: none, zero, shred
#volume_clear = zero

# Size in MiB to wipe at start of old volumes. 0 => all (integer value)
#volume_clear_size = 0

# The flag to pass to ionice to alter the i/o priority of the process used to
# zero a volume after deletion, for example "-c3" for idle only priority.
# (string value)
#volume_clear_ionice = <None>

# iSCSI target user-land tool to use. tgtadm is default, use lioadm for LIO
# iSCSI support, scstadmin for SCST target support, ietadm for iSCSI Enterprise
# Target, iscsictl for Chelsio iSCSI Target or fake for testing. (string value)
# Allowed values: tgtadm, lioadm, scstadmin, iscsictl, ietadm, fake
#iscsi_helper = tgtadm

# Volume configuration file storage directory (string value)
#volumes_dir = $state_path/volumes

# IET configuration file (string value)
#iet_conf = /etc/iet/ietd.conf

# Chiscsi (CXT) global defaults configuration file (string value)
#chiscsi_conf = /etc/chelsio-iscsi/chiscsi.conf

# Sets the behavior of the iSCSI target to either perform blockio or fileio
# optionally, auto can be set and Cinder will autodetect type of backing device
# (string value)
# Allowed values: blockio, fileio, auto
#iscsi_iotype = fileio

# The default block size used when copying/clearing volumes (string value)
#volume_dd_blocksize = 1M

# The blkio cgroup name to be used to limit bandwidth of volume copy (string
# value)
#volume_copy_blkio_cgroup_name = cinder-volume-copy

# The upper limit of bandwidth of volume copy. 0 => unlimited (integer value)
#volume_copy_bps_limit = 0

# Sets the behavior of the iSCSI target to either perform write-back(on) or
# write-through(off). This parameter is valid if iscsi_helper is set to tgtadm.
# (string value)
# Allowed values: on, off
#iscsi_write_cache = on

# Sets the target-specific flags for the iSCSI target. Only used for tgtadm to
# specify backing device flags using bsoflags option. The specified string is
# passed as is to the underlying tool. (string value)
#iscsi_target_flags =

# Determines the iSCSI protocol for new iSCSI volumes, created with tgtadm or
# lioadm target helpers. In order to enable RDMA, this parameter should be set
# with the value "iser". The supported iSCSI protocol values are "iscsi" and
# "iser". (string value)
# Allowed values: iscsi, iser
#iscsi_protocol = iscsi

# The path to the client certificate key for verification, if the driver
# supports it. (string value)
#driver_client_cert_key = <None>

# The path to the client certificate for verification, if the driver supports
# it. (string value)
#driver_client_cert = <None>

# Tell driver to use SSL for connection to backend storage if the driver
# supports it. (boolean value)
#driver_use_ssl = false

# Float representation of the over subscription ratio when thin provisioning is
# involved. Default ratio is 20.0, meaning provisioned capacity can be 20 times
# of the total physical capacity. If the ratio is 10.5, it means provisioned
# capacity can be 10.5 times of the total physical capacity. A ratio of 1.0
# means provisioned capacity cannot exceed the total physical capacity. The
# ratio has to be a minimum of 1.0. (floating point value)
#max_over_subscription_ratio = 20.0

# Certain ISCSI targets have predefined target names, SCST target driver uses
# this name. (string value)
#scst_target_iqn_name = <None>

# SCST target implementation can choose from multiple SCST target drivers.
# (string value)
#scst_target_driver = iscsi

# Option to enable/disable CHAP authentication for targets. (boolean value)
# Deprecated group/name - [DEFAULT]/eqlx_use_chap
#use_chap_auth = false

# CHAP user name. (string value)
# Deprecated group/name - [DEFAULT]/eqlx_chap_login
#chap_username =

# Password for specified CHAP account name. (string value)
# Deprecated group/name - [DEFAULT]/eqlx_chap_password
#chap_password =

# Namespace for driver private data values to be saved in. (string value)
#driver_data_namespace = <None>

# String representation for an equation that will be used to filter hosts. Only
# used when the driver filter is set to be used by the Cinder scheduler.
# (string value)
#filter_function = <None>

# String representation for an equation that will be used to determine the
# goodness of a host. Only used when using the goodness weigher is set to be
# used by the Cinder scheduler. (string value)
#goodness_function = <None>

# If set to True the http client will validate the SSL certificate of the
# backend endpoint. (boolean value)
#driver_ssl_cert_verify = false

# Can be used to specify a non default path to a CA_BUNDLE file or directory
# with certificates of trusted CAs, which will be used to validate the backend
# (string value)
#driver_ssl_cert_path = <None>

# List of options that control which trace info is written to the DEBUG log
# level to assist developers. Valid values are method and api. (list value)
#trace_flags = <None>

# Multi opt of dictionaries to represent a replication target device.  This
# option may be specified multiple times in a single config section to specify
# multiple replication target devices.  Each entry takes the standard dict
# config form: replication_device =
# target_device_id:<required>,key1:value1,key2:value2... (dict value)
#replication_device = <None>

# If set to True, upload-to-image in raw format will create a cloned volume and
# register its location to the image service, instead of uploading the volume
# content. The cinder backend and locations support must be enabled in the
# image service, and glance_api_version must be set to 2. (boolean value)
#image_upload_use_cinder_backend = false

# If set to True, the image volume created by upload-to-image will be placed in
# the internal tenant. Otherwise, the image volume is created in the current
# context's tenant. (boolean value)
#image_upload_use_internal_tenant = false

# Enable the image volume cache for this backend. (boolean value)
#image_volume_cache_enabled = false

# Max size of the image volume cache for this backend in GB. 0 => unlimited.
# (integer value)
#image_volume_cache_max_size_gb = 0

# Max number of entries allowed in the image volume cache. 0 => unlimited.
# (integer value)
#image_volume_cache_max_count = 0

# Report to clients of Cinder that the backend supports discard (aka.
# trim/unmap). This will not actually change the behavior of the backend or the
# client directly, it will only notify that it can be used. (boolean value)
#report_discard_supported = false

# The maximum number of times to rescan iSER targetto find volume (integer
# value)
#num_iser_scan_tries = 3

# Prefix for iSER volumes (string value)
#iser_target_prefix = iqn.2010-10.org.openstack:

# The IP address that the iSER daemon is listening on (string value)
#iser_ip_address = $my_ip

# The port that the iSER daemon is listening on (port value)
# Minimum value: 0
# Maximum value: 65535
#iser_port = 3260

# The name of the iSER target user-land tool to use (string value)
#iser_helper = tgtadm

# Public url to use for versions endpoint. The default is None, which will use
# the request's host_url attribute to populate the URL base. If Cinder is
# operating behind a proxy, you will want to change this to represent the
# proxy's URL. (string value)
#public_endpoint = <None>

# Nimble Controller pool name (string value)
#nimble_pool_name = default

# Nimble Subnet Label (string value)
#nimble_subnet_label = *

# Path to store VHD backed volumes (string value)
#windows_iscsi_lun_path = C:\iSCSIVirtualDisks

# Pool or Vdisk name to use for volume creation. (string value)
#hpmsa_backend_name = A

# linear (for Vdisk) or virtual (for Pool). (string value)
# Allowed values: linear, virtual
#hpmsa_backend_type = virtual

# HPMSA API interface protocol. (string value)
# Allowed values: http, https
#hpmsa_api_protocol = https

# Whether to verify HPMSA array SSL certificate. (boolean value)
#hpmsa_verify_certificate = false

# HPMSA array SSL certificate path. (string value)
#hpmsa_verify_certificate_path = <None>

# List of comma-separated target iSCSI IP addresses. (list value)
#hpmsa_iscsi_ips =

# A list of url schemes that can be downloaded directly via the direct_url.
# Currently supported schemes: [file]. (list value)
#allowed_direct_url_schemes =

# Info to match when looking for glance in the service catalog. Format is:
# separated values of the form: <service_type>:<service_name>:<endpoint_type> -
# Only used if glance_api_servers are not provided. (string value)
#glance_catalog_info = image:glance:publicURL

# Default core properties of image (list value)
#glance_core_properties = checksum,container_format,disk_format,image_name,image_id,min_disk,min_ram,name,size

# HPE LeftHand WSAPI Server Url like https://<LeftHand ip>:8081/lhos (string
# value)
# Deprecated group/name - [DEFAULT]/hplefthand_api_url
#hpelefthand_api_url = <None>

# HPE LeftHand Super user username (string value)
# Deprecated group/name - [DEFAULT]/hplefthand_username
#hpelefthand_username = <None>

# HPE LeftHand Super user password (string value)
# Deprecated group/name - [DEFAULT]/hplefthand_password
#hpelefthand_password = <None>

# HPE LeftHand cluster name (string value)
# Deprecated group/name - [DEFAULT]/hplefthand_clustername
#hpelefthand_clustername = <None>

# Configure CHAP authentication for iSCSI connections (Default: Disabled)
# (boolean value)
# Deprecated group/name - [DEFAULT]/hplefthand_iscsi_chap_enabled
#hpelefthand_iscsi_chap_enabled = false

# Enable HTTP debugging to LeftHand (boolean value)
# Deprecated group/name - [DEFAULT]/hplefthand_debug
#hpelefthand_debug = false

# Port number of SSH service. (port value)
# Minimum value: 0
# Maximum value: 65535
#hpelefthand_ssh_port = 16022

# Name for the VG that will contain exported volumes (string value)
#volume_group = cinder-volumes

# If >0, create LVs with multiple mirrors. Note that this requires lvm_mirrors
# + 2 PVs with available space (integer value)
#lvm_mirrors = 0

# Type of LVM volumes to deploy; (default, thin, or auto). Auto defaults to
# thin if thin is supported. (string value)
# Allowed values: default, thin, auto
#lvm_type = default

# LVM conf file to use for the LVM driver in Cinder; this setting is ignored if
# the specified file does not exist (You can also specify 'None' to not use a
# conf file even if one exists). (string value)
#lvm_conf_file = /etc/cinder/lvm.conf

# max_over_subscription_ratio setting for the LVM driver.  If set, this takes
# precedence over the general max_over_subscription_ratio option.  If None, the
# general option is used. (floating point value)
#lvm_max_over_subscription_ratio = 1.0

# use this file for cinder emc plugin config data (string value)
#cinder_emc_config_file = /etc/cinder/cinder_emc_config.xml

# IP address or Hostname of NAS system. (string value)
# Deprecated group/name - [DEFAULT]/nas_ip
#nas_host =

# User name to connect to NAS system. (string value)
#nas_login = admin

# Password to connect to NAS system. (string value)
#nas_password =

# SSH port to use to connect to NAS system. (port value)
# Minimum value: 0
# Maximum value: 65535
#nas_ssh_port = 22

# Filename of private key to use for SSH authentication. (string value)
#nas_private_key =

# Allow network-attached storage systems to operate in a secure environment
# where root level access is not permitted. If set to False, access is as the
# root user and insecure. If set to True, access is not as root. If set to
# auto, a check is done to determine if this is a new installation: True is
# used if so, otherwise False. Default is auto. (string value)
#nas_secure_file_operations = auto

# Set more secure file permissions on network-attached storage volume files to
# restrict broad other/world access. If set to False, volumes are created with
# open permissions. If set to True, volumes are created with permissions for
# the cinder user and group (660). If set to auto, a check is done to determine
# if this is a new installation: True is used if so, otherwise False. Default
# is auto. (string value)
#nas_secure_file_permissions = auto

# Path to the share to use for storing Cinder volumes. For example:
# "/srv/export1" for an NFS server export available at 10.0.5.10:/srv/export1 .
# (string value)
#nas_share_path =

# Options used to mount the storage backend file system where Cinder volumes
# are stored. (string value)
#nas_mount_options = <None>

# Provisioning type that will be used when creating volumes. (string value)
# Allowed values: thin, thick
# Deprecated group/name - [DEFAULT]/glusterfs_sparsed_volumes
# Deprecated group/name - [DEFAULT]/glusterfs_qcow2_volumes
#nas_volume_prov_type = thin

# XMS cluster id in multi-cluster environment (string value)
#xtremio_cluster_name =

# Number of retries in case array is busy (integer value)
#xtremio_array_busy_retry_count = 5

# Interval between retries in case array is busy (integer value)
#xtremio_array_busy_retry_interval = 5

# Number of volumes created from each cached glance image (integer value)
#xtremio_volumes_per_glance_cache = 100

# The GCS bucket to use. (string value)
#backup_gcs_bucket = <None>

# The size in bytes of GCS backup objects. (integer value)
#backup_gcs_object_size = 52428800

# The size in bytes that changes are tracked for incremental backups.
# backup_gcs_object_size has to be multiple of backup_gcs_block_size. (integer
# value)
#backup_gcs_block_size = 32768

# GCS object will be downloaded in chunks of bytes. (integer value)
#backup_gcs_reader_chunk_size = 2097152

# GCS object will be uploaded in chunks of bytes. Pass in a value of -1 if the
# file is to be uploaded as a single chunk. (integer value)
#backup_gcs_writer_chunk_size = 2097152

# Number of times to retry. (integer value)
#backup_gcs_num_retries = 3

# List of GCS error codes. (list value)
#backup_gcs_retry_error_codes = 429

# Location of GCS bucket. (string value)
#backup_gcs_bucket_location = US

# Storage class of GCS bucket. (string value)
#backup_gcs_storage_class = NEARLINE

# Absolute path of GCS service account credential file. (string value)
#backup_gcs_credential_file = <None>

# Owner project id for GCS bucket. (string value)
#backup_gcs_project_id = <None>

# Http user-agent string for gcs api. (string value)
#backup_gcs_user_agent = gcscinder

# Enable or Disable the timer to send the periodic progress notifications to
# Ceilometer when backing up the volume to the GCS backend storage. The default
# value is True to enable the timer. (boolean value)
#backup_gcs_enable_progress_timer = true

# Treat X-Forwarded-For as the canonical remote address. Only enable this if
# you have a sanitizing proxy. (boolean value)
#use_forwarded_for = false

# Serial number of storage system (string value)
#hitachi_serial_number = <None>

# Name of an array unit (string value)
#hitachi_unit_name = <None>

# Pool ID of storage system (integer value)
#hitachi_pool_id = <None>

# Thin pool ID of storage system (integer value)
#hitachi_thin_pool_id = <None>

# Range of logical device of storage system (string value)
#hitachi_ldev_range = <None>

# Default copy method of storage system (string value)
#hitachi_default_copy_method = FULL

# Copy speed of storage system (integer value)
#hitachi_copy_speed = 3

# Interval to check copy (integer value)
#hitachi_copy_check_interval = 3

# Interval to check copy asynchronously (integer value)
#hitachi_async_copy_check_interval = 10

# Control port names for HostGroup or iSCSI Target (string value)
#hitachi_target_ports = <None>

# Range of group number (string value)
#hitachi_group_range = <None>

# Request for creating HostGroup or iSCSI Target (boolean value)
#hitachi_group_request = false

# Infortrend raid pool name list. It is separated with comma. (string value)
#infortrend_pools_name =

# The Infortrend CLI absolute path. By default, it is at
# /opt/bin/Infortrend/raidcmd_ESDS10.jar (string value)
#infortrend_cli_path = /opt/bin/Infortrend/raidcmd_ESDS10.jar

# Maximum retry time for cli. Default is 5. (integer value)
#infortrend_cli_max_retries = 5

# Default timeout for CLI copy operations in minutes. Support: migrate volume,
# create cloned volume and create volume from snapshot. By Default, it is 30
# minutes. (integer value)
#infortrend_cli_timeout = 30

# Infortrend raid channel ID list on Slot A for OpenStack usage. It is
# separated with comma. By default, it is the channel 0~7. (string value)
#infortrend_slots_a_channels_id = 0,1,2,3,4,5,6,7

# Infortrend raid channel ID list on Slot B for OpenStack usage. It is
# separated with comma. By default, it is the channel 0~7. (string value)
#infortrend_slots_b_channels_id = 0,1,2,3,4,5,6,7

# Let the volume use specific provisioning. By default, it is the full
# provisioning. The supported options are full or thin. (string value)
#infortrend_provisioning = full

# Let the volume use specific tiering level. By default, it is the level 0. The
# supported levels are 0,2,3,4. (string value)
#infortrend_tiering = 0

# Configuration file for HDS iSCSI cinder plugin (string value)
#hds_hnas_iscsi_config_file = /opt/hds/hnas/cinder_iscsi_conf.xml

# The name of ceph cluster (string value)
#rbd_cluster_name = ceph

# The RADOS pool where rbd volumes are stored (string value)
#rbd_pool = rbd

# The RADOS client name for accessing rbd volumes - only set when using cephx
# authentication (string value)
#rbd_user = <None>

# Path to the ceph configuration file (string value)
#rbd_ceph_conf =

# Flatten volumes created from snapshots to remove dependency from volume to
# snapshot (boolean value)
#rbd_flatten_volume_from_snapshot = false

# The libvirt uuid of the secret for the rbd_user volumes (string value)
#rbd_secret_uuid = <None>

# Directory where temporary image files are stored when the volume driver does
# not write them directly to the volume.  Warning: this option is now
# deprecated, please use image_conversion_dir instead. (string value)
#volume_tmp_dir = <None>

# Maximum number of nested volume clones that are taken before a flatten
# occurs. Set to 0 to disable cloning. (integer value)
#rbd_max_clone_depth = 5

# Volumes will be chunked into objects of this size (in megabytes). (integer
# value)
#rbd_store_chunk_size = 4

# Timeout value (in seconds) used when connecting to ceph cluster. If value <
# 0, no timeout is set and default librados value is used. (integer value)
#rados_connect_timeout = -1

# Number of retries if connection to ceph cluster failed. (integer value)
#rados_connection_retries = 3

# Interval value (in seconds) between connection retries to ceph cluster.
# (integer value)
#rados_connection_interval = 5

# The hostname (or IP address) for the storage system (string value)
#tintri_server_hostname = <None>

# User name for the storage system (string value)
#tintri_server_username = <None>

# Password for the storage system (string value)
#tintri_server_password = <None>

# API version for the storage system (string value)
#tintri_api_version = v310

# Delete unused image snapshots older than mentioned days (integer value)
#tintri_image_cache_expiry_days = 30

# Path to image nfs shares file (string value)
#tintri_image_shares_config = <None>

# Backup services use same backend. (boolean value)
#backup_use_same_host = false

# Instance numbers for HORCM (string value)
#hitachi_horcm_numbers = 200,201

# Username of storage system for HORCM (string value)
#hitachi_horcm_user = <None>

# Password of storage system for HORCM (string value)
#hitachi_horcm_password = <None>

# Add to HORCM configuration (boolean value)
#hitachi_horcm_add_conf = true

# Timeout until a resource lock is released, in seconds. The value must be
# between 0 and 7200. (integer value)
#hitachi_horcm_resource_lock_timeout = 600

# Driver to use for backups. (string value)
#backup_driver = cinder.backup.drivers.swift

# Offload pending backup delete during backup service startup. If false, the
# backup service will remain down until all pending backups are deleted.
# (boolean value)
#backup_service_inithost_offload = true

# Comma separated list of storage system storage pools for volumes. (list
# value)
#storwize_svc_volpool_name = volpool

# Storage system space-efficiency parameter for volumes (percentage) (integer
# value)
# Minimum value: -1
# Maximum value: 100
#storwize_svc_vol_rsize = 2

# Storage system threshold for volume capacity warnings (percentage) (integer
# value)
# Minimum value: -1
# Maximum value: 100
#storwize_svc_vol_warning = 0

# Storage system autoexpand parameter for volumes (True/False) (boolean value)
#storwize_svc_vol_autoexpand = true

# Storage system grain size parameter for volumes (32/64/128/256) (integer
# value)
#storwize_svc_vol_grainsize = 256

# Storage system compression option for volumes (boolean value)
#storwize_svc_vol_compression = false

# Enable Easy Tier for volumes (boolean value)
#storwize_svc_vol_easytier = true

# The I/O group in which to allocate volumes (integer value)
#storwize_svc_vol_iogrp = 0

# Maximum number of seconds to wait for FlashCopy to be prepared. (integer
# value)
# Minimum value: 1
# Maximum value: 600
#storwize_svc_flashcopy_timeout = 120

# This option no longer has any affect. It is deprecated and will be removed in
# the next release. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#storwize_svc_multihostmap_enabled = true

# Allow tenants to specify QOS on create (boolean value)
#storwize_svc_allow_tenant_qos = false

# If operating in stretched cluster mode, specify the name of the pool in which
# mirrored copies are stored.Example: "pool2" (string value)
#storwize_svc_stretched_cluster_partner = <None>

# Specifies secondary management IP or hostname to be used if san_ip is invalid
# or becomes inaccessible. (string value)
#storwize_san_secondary_ip = <None>

# Specifies that the volume not be formatted during creation. (boolean value)
#storwize_svc_vol_nofmtdisk = false

# Specifies the Storwize FlashCopy copy rate to be used when creating a full
# volume copy. The default is rate is 50, and the valid rates are 1-100.
# (integer value)
# Minimum value: 1
# Maximum value: 100
#storwize_svc_flashcopy_rate = 50

# Request for FC Zone creating HostGroup (boolean value)
#hitachi_zoning_request = false

# Number of volumes allowed per project (integer value)
#quota_volumes = 10

# Number of volume snapshots allowed per project (integer value)
#quota_snapshots = 10

# Number of consistencygroups allowed per project (integer value)
#quota_consistencygroups = 10

# Total amount of storage, in gigabytes, allowed for volumes and snapshots per
# project (integer value)
#quota_gigabytes = 1000

# Number of volume backups allowed per project (integer value)
#quota_backups = 10

# Total amount of storage, in gigabytes, allowed for backups per project
# (integer value)
#quota_backup_gigabytes = 1000

# Number of seconds until a reservation expires (integer value)
#reservation_expire = 86400

# Count of reservations until usage is refreshed (integer value)
#until_refresh = 0

# Number of seconds between subsequent usage refreshes (integer value)
#max_age = 0

# Default driver to use for quota checks (string value)
#quota_driver = cinder.quota.DbQuotaDriver

# Enables or disables use of default quota class with default quota. (boolean
# value)
#use_default_quota_class = true

# Max size allowed per volume, in gigabytes (integer value)
#per_volume_size_limit = -1

# The configuration file for the Cinder Huawei driver. (string value)
#cinder_huawei_conf_file = /etc/cinder/cinder_huawei_conf.xml

# The remote device hypermetro will use. (string value)
#hypermetro_devices = <None>

# Storage Center System Serial Number (integer value)
#dell_sc_ssn = 64702

# Dell API port (port value)
# Minimum value: 0
# Maximum value: 65535
#dell_sc_api_port = 3033

# Name of the server folder to use on the Storage Center (string value)
#dell_sc_server_folder = openstack

# Name of the volume folder to use on the Storage Center (string value)
#dell_sc_volume_folder = openstack

# Enable HTTPS SC certificate verification. (boolean value)
#dell_sc_verify_cert = false

# Which filter class names to use for filtering hosts when not specified in the
# request. (list value)
#scheduler_default_filters = AvailabilityZoneFilter,CapacityFilter,CapabilitiesFilter

# Which weigher class names to use for weighing hosts. (list value)
#scheduler_default_weighers = CapacityWeigher

# Default scheduler driver to use (string value)
#scheduler_driver = cinder.scheduler.filter_scheduler.FilterScheduler

# Base dir containing mount point for NFS share. (string value)
#backup_mount_point_base = $state_path/backup_mount

# NFS share in hostname:path, ipv4addr:path, or "[ipv6addr]:path" format.
# (string value)
#backup_share = <None>

# Mount options passed to the NFS client. See NFS man page for details. (string
# value)
#backup_mount_options = <None>

# IP address/hostname of Blockbridge API. (string value)
#blockbridge_api_host = <None>

# Override HTTPS port to connect to Blockbridge API server. (integer value)
#blockbridge_api_port = <None>

# Blockbridge API authentication scheme (token or password) (string value)
# Allowed values: token, password
#blockbridge_auth_scheme = token

# Blockbridge API token (for auth scheme 'token') (string value)
#blockbridge_auth_token = <None>

# Blockbridge API user (for auth scheme 'password') (string value)
#blockbridge_auth_user = <None>

# Blockbridge API password (for auth scheme 'password') (string value)
#blockbridge_auth_password = <None>

# Defines the set of exposed pools and their associated backend query strings
# (dict value)
#blockbridge_pools = OpenStack:+openstack

# Default pool name if unspecified. (string value)
#blockbridge_default_pool = <None>

# Absolute path to scheduler configuration JSON file. (string value)
#scheduler_json_config_location =

# Data path IP address (string value)
#zfssa_data_ip = <None>

# HTTPS port number (string value)
#zfssa_https_port = 443

# Options to be passed while mounting share over nfs (string value)
#zfssa_nfs_mount_options =

# Storage pool name. (string value)
#zfssa_nfs_pool =

# Project name. (string value)
#zfssa_nfs_project = NFSProject

# Share name. (string value)
#zfssa_nfs_share = nfs_share

# Data compression. (string value)
# Allowed values: off, lzjb, gzip-2, gzip, gzip-9
#zfssa_nfs_share_compression = off

# Synchronous write bias-latency, throughput. (string value)
# Allowed values: latency, throughput
#zfssa_nfs_share_logbias = latency

# Name of directory inside zfssa_nfs_share where cache volumes are stored.
# (string value)
#zfssa_cache_directory = os-cinder-cache

# The IP of DMS client socket server (IP address value)
#disco_client = 127.0.0.1

# The port to connect DMS client socket server (port value)
# Minimum value: 0
# Maximum value: 65535
#disco_client_port = 9898

# Path to the wsdl file to communicate with DISCO request manager (string
# value)
#disco_wsdl_path = /etc/cinder/DISCOService.wsdl

# Prefix before volume name to differenciate DISCO volume created through
# openstack and the other ones (string value)
#volume_name_prefix = openstack-

# How long we check whether a snapshot is finished before we give up (integer
# value)
#snapshot_check_timeout = 3600

# How long we check whether a restore is finished before we give up (integer
# value)
#restore_check_timeout = 3600

# How long we check whether a clone is finished before we give up (integer
# value)
#clone_check_timeout = 3600

# How long we wait before retrying to get an item detail (integer value)
#retry_interval = 1

# Space network name to use for data transfer (string value)
#hgst_net = Net 1 (IPv4)

# Comma separated list of Space storage servers:devices. ex:
# os1_stor:gbd0,os2_stor:gbd0 (string value)
#hgst_storage_servers = os:gbd0

# Should spaces be redundantly stored (1/0) (string value)
#hgst_redundancy = 0

# User to own created spaces (string value)
#hgst_space_user = root

# Group to own created spaces (string value)
#hgst_space_group = disk

# UNIX mode for created spaces (string value)
#hgst_space_mode = 0600

# Directory used for temporary storage during image conversion (string value)
#image_conversion_dir = $state_path/conversion

# Match this value when searching for nova in the service catalog. Format is:
# separated values of the form: <service_type>:<service_name>:<endpoint_type>
# (string value)
#nova_catalog_info = compute:Compute Service:publicURL

# Same as nova_catalog_info, but for admin endpoint. (string value)
#nova_catalog_admin_info = compute:Compute Service:adminURL

# Override service catalog lookup with template for nova endpoint e.g.
# http://localhost:8774/v2/%(project_id)s (string value)
#nova_endpoint_template = <None>

# Same as nova_endpoint_template, but for admin endpoint. (string value)
#nova_endpoint_admin_template = <None>

# Region name of this node (string value)
#os_region_name = <None>

# Location of ca certificates file to use for nova client requests. (string
# value)
#nova_ca_certificates_file = <None>

# Allow to perform insecure SSL requests to nova (boolean value)
#nova_api_insecure = false

# This option no longer has any affect. It is deprecated and will be removed in
# the next release. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#flashsystem_multipath_enabled = false

# DPL pool uuid in which DPL volumes are stored. (string value)
#dpl_pool =

# DPL port number. (port value)
# Minimum value: 0
# Maximum value: 65535
#dpl_port = 8357

# Request for FC Zone creating host group (boolean value)
# Deprecated group/name - [DEFAULT]/hpxp_zoning_request
#hpexp_zoning_request = false

# Type of storage command line interface (string value)
# Deprecated group/name - [DEFAULT]/hpxp_storage_cli
#hpexp_storage_cli = <None>

# ID of storage system (string value)
# Deprecated group/name - [DEFAULT]/hpxp_storage_id
#hpexp_storage_id = <None>

# Pool of storage system (string value)
# Deprecated group/name - [DEFAULT]/hpxp_pool
#hpexp_pool = <None>

# Thin pool of storage system (string value)
# Deprecated group/name - [DEFAULT]/hpxp_thin_pool
#hpexp_thin_pool = <None>

# Logical device range of storage system (string value)
# Deprecated group/name - [DEFAULT]/hpxp_ldev_range
#hpexp_ldev_range = <None>

# Default copy method of storage system. There are two valid values: "FULL"
# specifies that a full copy; "THIN" specifies that a thin copy. Default value
# is "FULL" (string value)
# Deprecated group/name - [DEFAULT]/hpxp_default_copy_method
#hpexp_default_copy_method = FULL

# Copy speed of storage system (integer value)
# Deprecated group/name - [DEFAULT]/hpxp_copy_speed
#hpexp_copy_speed = 3

# Interval to check copy (integer value)
# Deprecated group/name - [DEFAULT]/hpxp_copy_check_interval
#hpexp_copy_check_interval = 3

# Interval to check copy asynchronously (integer value)
# Deprecated group/name - [DEFAULT]/hpxp_async_copy_check_interval
#hpexp_async_copy_check_interval = 10

# Target port names for host group or iSCSI target (list value)
# Deprecated group/name - [DEFAULT]/hpxp_target_ports
#hpexp_target_ports = <None>

# Target port names of compute node for host group or iSCSI target (list value)
# Deprecated group/name - [DEFAULT]/hpxp_compute_target_ports
#hpexp_compute_target_ports = <None>

# Request for creating host group or iSCSI target (boolean value)
# Deprecated group/name - [DEFAULT]/hpxp_group_request
#hpexp_group_request = false

# Instance numbers for HORCM (list value)
# Deprecated group/name - [DEFAULT]/hpxp_horcm_numbers
#hpexp_horcm_numbers = 200,201

# Username of storage system for HORCM (string value)
# Deprecated group/name - [DEFAULT]/hpxp_horcm_user
#hpexp_horcm_user = <None>

# Add to HORCM configuration (boolean value)
# Deprecated group/name - [DEFAULT]/hpxp_horcm_add_conf
#hpexp_horcm_add_conf = true

# Resource group name of storage system for HORCM (string value)
# Deprecated group/name - [DEFAULT]/hpxp_horcm_resource_name
#hpexp_horcm_resource_name = meta_resource

# Only discover a specific name of host group or iSCSI target (boolean value)
# Deprecated group/name - [DEFAULT]/hpxp_horcm_name_only_discovery
#hpexp_horcm_name_only_discovery = false

# Add CHAP user (boolean value)
#hitachi_add_chap_user = false

# iSCSI authentication method (string value)
#hitachi_auth_method = <None>

# iSCSI authentication username (string value)
#hitachi_auth_user = HBSD-CHAP-user

# iSCSI authentication password (string value)
#hitachi_auth_password = HBSD-CHAP-password

# Driver to use for volume creation (string value)
#volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver

# Timeout for creating the volume to migrate to when performing volume
# migration (seconds) (integer value)
#migration_create_volume_timeout_secs = 300

# Offload pending volume delete during volume service startup (boolean value)
#volume_service_inithost_offload = false

# FC Zoning mode configured (string value)
#zoning_mode = <None>

# User defined capabilities, a JSON formatted string specifying key/value
# pairs. The key/value pairs can be used by the CapabilitiesFilter to select
# between backends when requests specify volume types. For example, specifying
# a service level or the geographical location of a backend, then creating a
# volume type to allow the user to select by these different properties.
# (string value)
#extra_capabilities = {}

# Suppress requests library SSL certificate warnings. (boolean value)
#suppress_requests_ssl_warnings = false

# Default iSCSI Port ID of FlashSystem. (Default port is 0.) (integer value)
#flashsystem_iscsi_portid = 0

# Create volumes in this pool (string value)
#tegile_default_pool = <None>

# Create volumes in this project (string value)
#tegile_default_project = <None>

# Connection protocol should be FC. (Default is FC.) (string value)
#flashsystem_connection_protocol = FC

# Allows vdisk to multi host mapping. (Default is True) (boolean value)
#flashsystem_multihostmap_enabled = true

# Enables the Force option on upload_to_image. This enables running
# upload_volume on in-use volumes for backends that support it. (boolean value)
#enable_force_upload = false

# Create volume from snapshot at the host where snapshot resides (boolean
# value)
#snapshot_same_host = true

# Ensure that the new volumes are the same AZ as snapshot or source volume
# (boolean value)
#cloned_volume_same_az = true

# Cache volume availability zones in memory for the provided duration in
# seconds (integer value)
#az_cache_duration = 3600

# Proxy driver that connects to the IBM Storage Array (string value)
#xiv_ds8k_proxy = xiv_ds8k_openstack.nova_proxy.XIVDS8KNovaProxy

# Connection type to the IBM Storage Array (string value)
# Allowed values: fibre_channel, iscsi
#xiv_ds8k_connection_type = iscsi

# CHAP authentication mode, effective only for iscsi (disabled|enabled) (string
# value)
# Allowed values: disabled, enabled
#xiv_chap = disabled

# List of Management IP addresses (separated by commas) (string value)
#management_ips =

# 3PAR WSAPI Server Url like https://<3par ip>:8080/api/v1 (string value)
# Deprecated group/name - [DEFAULT]/hp3par_api_url
#hpe3par_api_url =

# 3PAR username with the 'edit' role (string value)
# Deprecated group/name - [DEFAULT]/hp3par_username
#hpe3par_username =

# 3PAR password for the user specified in hpe3par_username (string value)
# Deprecated group/name - [DEFAULT]/hp3par_password
#hpe3par_password =

# List of the CPG(s) to use for volume creation (list value)
# Deprecated group/name - [DEFAULT]/hp3par_cpg
#hpe3par_cpg = OpenStack

# The CPG to use for Snapshots for volumes. If empty the userCPG will be used.
# (string value)
# Deprecated group/name - [DEFAULT]/hp3par_cpg_snap
#hpe3par_cpg_snap =

# The time in hours to retain a snapshot.  You can't delete it before this
# expires. (string value)
# Deprecated group/name - [DEFAULT]/hp3par_snapshot_retention
#hpe3par_snapshot_retention =

# The time in hours when a snapshot expires  and is deleted.  This must be
# larger than expiration (string value)
# Deprecated group/name - [DEFAULT]/hp3par_snapshot_expiration
#hpe3par_snapshot_expiration =

# Enable HTTP debugging to 3PAR (boolean value)
# Deprecated group/name - [DEFAULT]/hp3par_debug
#hpe3par_debug = false

# List of target iSCSI addresses to use. (list value)
# Deprecated group/name - [DEFAULT]/hp3par_iscsi_ips
#hpe3par_iscsi_ips =

# Enable CHAP authentication for iSCSI connections. (boolean value)
# Deprecated group/name - [DEFAULT]/hp3par_iscsi_chap_enabled
#hpe3par_iscsi_chap_enabled = false

# Datera API port. (string value)
#datera_api_port = 7717

# Datera API version. (string value)
#datera_api_version = 2

# Number of replicas to create of an inode. (string value)
#datera_num_replicas = 1

# List of all available devices (list value)
#available_devices =

# URL to the Quobyte volume e.g., quobyte://<DIR host>/<volume name> (string
# value)
#quobyte_volume_url = <None>

# Path to a Quobyte Client configuration file. (string value)
#quobyte_client_cfg = <None>

# Create volumes as sparse files which take no space. If set to False, volume
# is created as regular file.In such case volume creation takes a lot of time.
# (boolean value)
#quobyte_sparsed_volumes = true

# Create volumes as QCOW2 files rather than raw files. (boolean value)
#quobyte_qcow2_volumes = true

# Base dir containing the mount point for the Quobyte volume. (string value)
#quobyte_mount_point_base = $state_path/mnt

# File with the list of available vzstorage shares. (string value)
#vzstorage_shares_config = /etc/cinder/vzstorage_shares

# Create volumes as sparsed files which take no space rather than regular files
# when using raw format, in which case volume creation takes lot of time.
# (boolean value)
#vzstorage_sparsed_volumes = true

# Percent of ACTUAL usage of the underlying volume before no new volumes can be
# allocated to the volume destination. (floating point value)
#vzstorage_used_ratio = 0.95

# Base dir containing mount points for vzstorage shares. (string value)
#vzstorage_mount_point_base = $state_path/mnt

# Mount options passed to the vzstorage client. See section of the pstorage-
# mount man page for details. (list value)
#vzstorage_mount_options = <None>

# File with the list of available NFS shares (string value)
#nfs_shares_config = /etc/cinder/nfs_shares

# Create volumes as sparsed files which take no space.If set to False volume is
# created as regular file.In such case volume creation takes a lot of time.
# (boolean value)
#nfs_sparsed_volumes = true

# Base dir containing mount points for NFS shares. (string value)
#nfs_mount_point_base = $state_path/mnt

# Mount options passed to the NFS client. See section of the NFS man page for
# details. (string value)
#nfs_mount_options = <None>

# The number of attempts to mount NFS shares before raising an error.  At least
# one attempt will be made to mount an NFS share, regardless of the value
# specified. (integer value)
#nfs_mount_attempts = 3

#
# From oslo.config
#

# Path to a config file to use. Multiple config files can be specified, with
# values in later files taking precedence. Defaults to %(default)s. (unknown
# value)
#config_file = ~/.project/project.conf,~/project.conf,/etc/project/project.conf,/etc/project.conf

# Path to a config directory to pull *.conf files from. This file set is
# sorted, so as to provide a predictable parse order if individual options are
# over-ridden. The set is parsed after the file(s) specified via previous
# --config-file, arguments hence over-ridden options in the directory take
# precedence. (list value)
#config_dir = <None>

#
# From oslo.log
#

# If set to true, the logging level will be set to DEBUG instead of the default
# INFO level. (boolean value)
#debug = false

# If set to false, the logging level will be set to WARNING instead of the
# default INFO level. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#verbose = true

# The name of a logging configuration file. This file is appended to any
# existing logging configuration files. For details about logging configuration
# files, see the Python logging module documentation. Note that when logging
# configuration files are used then all logging configuration is set in the
# configuration file and other logging configuration options are ignored (for
# example, logging_context_format_string). (string value)
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append = <None>

# Defines the format string for %%(asctime)s in log records. Default:
# %(default)s . This option is ignored if log_config_append is set. (string
# value)
#log_date_format = %Y-%m-%d %H:%M:%S

# (Optional) Name of log file to send logging output to. If no default is set,
# logging will go to stderr as defined by use_stderr. This option is ignored if
# log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file = <None>

# (Optional) The base directory used for relative log_file  paths. This option
# is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logdir
#log_dir = <None>

# Uses logging handler designed to watch file system. When log file is moved or
# removed this handler will open a new log file with specified path
# instantaneously. It makes sense only if log_file option is specified and
# Linux platform is used. This option is ignored if log_config_append is set.
# (boolean value)
#watch_log_file = false

# Use syslog for logging. Existing syslog format is DEPRECATED and will be
# changed later to honor RFC5424. This option is ignored if log_config_append
# is set. (boolean value)
#use_syslog = false

# Syslog facility to receive log lines. This option is ignored if
# log_config_append is set. (string value)
#syslog_log_facility = LOG_USER

# Log output to standard error. This option is ignored if log_config_append is
# set. (boolean value)
#use_stderr = true

# Format string to use for log messages with context. (string value)
#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s

# Format string to use for log messages when context is undefined. (string
# value)
#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

# Additional data to append to log message when logging level for the message
# is DEBUG. (string value)
#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d

# Prefix each line of exception output with this format. (string value)
#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

# Defines the format string for %(user_identity)s that is used in
# logging_context_format_string. (string value)
#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s

# List of package logging levels in logger=LEVEL pairs. This option is ignored
# if log_config_append is set. (list value)
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO

# Enables or disables publication of error events. (boolean value)
#publish_errors = false

# The format for an instance that is passed with the log message. (string
# value)
#instance_format = "[instance: %(uuid)s] "

# The format for an instance UUID that is passed with the log message. (string
# value)
#instance_uuid_format = "[instance: %(uuid)s] "

# Enables or disables fatal status of deprecations. (boolean value)
#fatal_deprecations = false

#
# From oslo.messaging
#

# Size of RPC connection pool. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
#rpc_conn_pool_size = 30

# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
# The "host" option should point or resolve to this address. (string value)
#rpc_zmq_bind_address = *

# MatchMaker driver. (string value)
# Allowed values: redis, dummy
#rpc_zmq_matchmaker = redis

# Type of concurrency used. Either "native" or "eventlet" (string value)
#rpc_zmq_concurrency = eventlet

# Number of ZeroMQ contexts, defaults to 1. (integer value)
#rpc_zmq_contexts = 1

# Maximum number of ingress messages to locally buffer per topic. Default is
# unlimited. (integer value)
#rpc_zmq_topic_backlog = <None>

# Directory for holding IPC sockets. (string value)
#rpc_zmq_ipc_dir = /var/run/openstack

# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
# "host" option, if running Nova. (string value)
#rpc_zmq_host = localhost

# Seconds to wait before a cast expires (TTL). The default value of -1
# specifies an infinite linger period. The value of 0 specifies no linger
# period. Pending messages shall be discarded immediately when the socket is
# closed. Only supported by impl_zmq. (integer value)
#rpc_cast_timeout = -1

# The default number of seconds that poll should wait. Poll raises timeout
# exception when timeout expired. (integer value)
#rpc_poll_timeout = 1

# Expiration timeout in seconds of a name service record about existing target
# ( < 0 means no timeout). (integer value)
#zmq_target_expire = 120

# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
# value)
#use_pub_sub = true

# Minimal port number for random ports range. (port value)
# Minimum value: 0
# Maximum value: 65535
#rpc_zmq_min_port = 49152

# Maximal port number for random ports range. (integer value)
# Minimum value: 1
# Maximum value: 65536
#rpc_zmq_max_port = 65536

# Number of retries to find free port number before fail with ZMQBindError.
# (integer value)
#rpc_zmq_bind_port_retries = 100

# Size of executor thread pool. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
#executor_thread_pool_size = 64

# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout = 60

# A URL representing the messaging driver to use and its full configuration. If
# not set, we fall back to the rpc_backend option and driver specific
# configuration. (string value)
#transport_url = <None>

# The messaging driver to use, defaults to rabbit. Other drivers include amqp
# and zmq. (string value)
#rpc_backend = rabbit

# The default exchange under which topics are scoped. May be overridden by an
# exchange name specified in the transport_url option. (string value)
#control_exchange = openstack

#
# From oslo.service.periodic_task
#

# Some periodic tasks can be run in a separate process. Should we run them
# here? (boolean value)
#run_external_periodic_tasks = true

#
# From oslo.service.service
#

# Enable eventlet backdoor.  Acceptable values are 0, <port>, and
# <start>:<end>, where 0 results in listening on a random tcp port number;
# <port> results in listening on the specified port number (and not enabling
# backdoor if that port is in use); and <start>:<end> results in listening on
# the smallest unused port number within the specified range of port numbers.
# The chosen port is displayed in the service's log file. (string value)
#backdoor_port = <None>

# Enable eventlet backdoor, using the provided path as a unix socket that can
# receive connections. This option is mutually exclusive with 'backdoor_port'
# in that only one should be provided. If both are provided then the existence
# of this option overrides the usage of that option. (string value)
#backdoor_socket = <None>

# Enables or disables logging values of all registered options when starting a
# service (at DEBUG level). (boolean value)
#log_options = true

# Specify a timeout after which a gracefully shutdown server will exit. Zero
# value means endless wait. (integer value)
#graceful_shutdown_timeout = 60

#
# From oslo.service.wsgi
#

# File name for the paste.deploy config for api service (string value)
#api_paste_config = api-paste.ini

# A python format string that is used as the template to generate log lines.
# The following values can beformatted into it: client_ip, date_time,
# request_line, status_code, body_length, wall_seconds. (string value)
#wsgi_log_format = %(client_ip)s "%(request_line)s" status: %(status_code)s  len: %(body_length)s time: %(wall_seconds).7f

# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not
# supported on OS X. (integer value)
#tcp_keepidle = 600

# Size of the pool of greenthreads used by wsgi (integer value)
#wsgi_default_pool_size = 100

# Maximum line size of message headers to be accepted. max_header_line may need
# to be increased when using large tokens (typically those generated when
# keystone is configured to use PKI tokens with big service catalogs). (integer
# value)
#max_header_line = 16384

# If False, closes the client socket connection explicitly. (boolean value)
#wsgi_keep_alive = true

# Timeout for client connections' socket operations. If an incoming connection
# is idle for this number of seconds it will be closed. A value of '0' means
# wait forever. (integer value)
#client_socket_timeout = 900


[BACKEND]

#
# From cinder
#

# Backend override of host value. (string value)
# Deprecated group/name - [DEFAULT]/host
#backend_host = <None>


[BRCD_FABRIC_EXAMPLE]

#
# From cinder
#

# South bound connector for the fabric. (string value)
# Allowed values: SSH, HTTP, HTTPS
#fc_southbound_protocol = HTTP

# Management IP of fabric. (string value)
#fc_fabric_address =

# Fabric user ID. (string value)
#fc_fabric_user =

# Password for user. (string value)
#fc_fabric_password =

# Connecting port (port value)
# Minimum value: 0
# Maximum value: 65535
#fc_fabric_port = 22

# Local SSH certificate Path. (string value)
#fc_fabric_ssh_cert_path =

# Overridden zoning policy. (string value)
#zoning_policy = initiator-target

# Overridden zoning activation state. (boolean value)
#zone_activate = true

# Overridden zone name prefix. (string value)
#zone_name_prefix = openstack

# Virtual Fabric ID. (string value)
#fc_virtual_fabric_id = <None>

# Principal switch WWN of the fabric. This option is not used anymore. (string
# value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#principal_switch_wwn = <None>


[CISCO_FABRIC_EXAMPLE]

#
# From cinder
#

# Management IP of fabric (string value)
#cisco_fc_fabric_address =

# Fabric user ID (string value)
#cisco_fc_fabric_user =

# Password for user (string value)
#cisco_fc_fabric_password =

# Connecting port (port value)
# Minimum value: 0
# Maximum value: 65535
#cisco_fc_fabric_port = 22

# overridden zoning policy (string value)
#cisco_zoning_policy = initiator-target

# overridden zoning activation state (boolean value)
#cisco_zone_activate = true

# overridden zone name prefix (string value)
#cisco_zone_name_prefix = <None>

# VSAN of the Fabric (string value)
#cisco_zoning_vsan = <None>


[COORDINATION]

#
# From cinder
#

# The backend URL to use for distributed coordination. (string value)
#backend_url = file://$state_path

# Number of seconds between heartbeats for distributed coordination. (floating
# point value)
#heartbeat = 1.0

# Initial number of seconds to wait after failed reconnection. (floating point
# value)
#initial_reconnect_backoff = 0.1

# Maximum number of seconds between sequential reconnection retries. (floating
# point value)
#max_reconnect_backoff = 60.0


[FC-ZONE-MANAGER]

#
# From cinder
#

# FC Zone Driver responsible for zone management (string value)
#zone_driver = cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver.BrcdFCZoneDriver

# Zoning policy configured by user; valid values include "initiator-target" or
# "initiator" (string value)
#zoning_policy = initiator-target

# Comma separated list of Fibre Channel fabric names. This list of names is
# used to retrieve other SAN credentials for connecting to each SAN fabric
# (string value)
#fc_fabric_names = <None>

# FC SAN Lookup Service (string value)
#fc_san_lookup_service = cinder.zonemanager.drivers.brocade.brcd_fc_san_lookup_service.BrcdFCSanLookupService

# South bound connector for zoning operation (string value)
#brcd_sb_connector = HTTP

# Southbound connector for zoning operation (string value)
#cisco_sb_connector = cinder.zonemanager.drivers.cisco.cisco_fc_zone_client_cli.CiscoFCZoneClientCLI


[KEYMGR]

#
# From cinder
#

# Authentication url for encryption service. (string value)
#encryption_auth_url = http://localhost:5000/v3

# Url for encryption service. (string value)
#encryption_api_url = http://localhost:9311/v1

# The full class name of the key manager API class (string value)
#api_class = cinder.keymgr.conf_key_mgr.ConfKeyManager

# Fixed key returned by key manager, specified in hex (string value)
#fixed_key = <None>


[cors]

#
# From oslo.middleware
#

# Indicate whether this resource may be shared with the domain received in the
# requests "origin" header. (list value)
#allowed_origin = <None>

# Indicate that the actual request can include user credentials (boolean value)
#allow_credentials = true

# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
# Headers. (list value)
#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID,OpenStack-API-Version

# Maximum cache age of CORS preflight requests. (integer value)
#max_age = 3600

# Indicate which methods can be used during the actual request. (list value)
#allow_methods = GET,PUT,POST,DELETE,PATCH,HEAD

# Indicate which header field names may be used during the actual request.
# (list value)
#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID,X-Trace-Info,X-Trace-HMAC,OpenStack-API-Version


[cors.subdomain]

#
# From oslo.middleware
#

# Indicate whether this resource may be shared with the domain received in the
# requests "origin" header. (list value)
#allowed_origin = <None>

# Indicate that the actual request can include user credentials (boolean value)
#allow_credentials = true

# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
# Headers. (list value)
#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID,OpenStack-API-Version

# Maximum cache age of CORS preflight requests. (integer value)
#max_age = 3600

# Indicate which methods can be used during the actual request. (list value)
#allow_methods = GET,PUT,POST,DELETE,PATCH,HEAD

# Indicate which header field names may be used during the actual request.
# (list value)
#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID,X-Trace-Info,X-Trace-HMAC,OpenStack-API-Version


[database]

#
# From oslo.db
#

# The file name to use with SQLite. (string value)
# Deprecated group/name - [DEFAULT]/sqlite_db
#sqlite_db = oslo.sqlite

# If True, SQLite uses synchronous mode. (boolean value)
# Deprecated group/name - [DEFAULT]/sqlite_synchronous
#sqlite_synchronous = true

# The back end to use for the database. (string value)
# Deprecated group/name - [DEFAULT]/db_backend
#backend = sqlalchemy

# The SQLAlchemy connection string to use to connect to the database. (string
# value)
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>

# The SQLAlchemy connection string to use to connect to the slave database.
# (string value)
#slave_connection = <None>

# The SQL mode to be used for MySQL sessions. This option, including the
# default, overrides any server-set SQL mode. To use whatever SQL mode is set
# by the server configuration, set this to no value. Example: mysql_sql_mode=
# (string value)
#mysql_sql_mode = TRADITIONAL

# Timeout before idle SQL connections are reaped. (integer value)
# Deprecated group/name - [DEFAULT]/sql_idle_timeout
# Deprecated group/name - [DATABASE]/sql_idle_timeout
# Deprecated group/name - [sql]/idle_timeout
#idle_timeout = 3600

# Minimum number of SQL connections to keep open in a pool. (integer value)
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
# Deprecated group/name - [DATABASE]/sql_min_pool_size
#min_pool_size = 1

# Maximum number of SQL connections to keep open in a pool. (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size = <None>

# Maximum number of database connection retries during startup. Set to -1 to
# specify an infinite retry count. (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_retries
# Deprecated group/name - [DATABASE]/sql_max_retries
#max_retries = 10

# Interval between retries of opening a SQL connection. (integer value)
# Deprecated group/name - [DEFAULT]/sql_retry_interval
# Deprecated group/name - [DATABASE]/reconnect_interval
#retry_interval = 10

# If set, use this value for max_overflow with SQLAlchemy. (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
#max_overflow = 50

# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
# value)
# Deprecated group/name - [DEFAULT]/sql_connection_debug
#connection_debug = 0

# Add Python stack traces to SQL as comment strings. (boolean value)
# Deprecated group/name - [DEFAULT]/sql_connection_trace
#connection_trace = false

# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
#pool_timeout = <None>

# Enable the experimental use of database reconnect on connection lost.
# (boolean value)
#use_db_reconnect = false

# Seconds between retries of a database transaction. (integer value)
#db_retry_interval = 1

# If True, increases the interval between retries of a database operation up to
# db_max_retry_interval. (boolean value)
#db_inc_retry_interval = true

# If db_inc_retry_interval is set, the maximum seconds between retries of a
# database operation. (integer value)
#db_max_retry_interval = 10

# Maximum retries in case of connection error or deadlock error before error is
# raised. Set to -1 to specify an infinite retry count. (integer value)
#db_max_retries = 20


[keystone_authtoken]

#
# From keystonemiddleware.auth_token
#

# Complete public Identity API endpoint. (string value)
#auth_uri = <None>

# API version of the admin Identity API endpoint. (string value)
#auth_version = <None>

# Do not handle authorization requests within the middleware, but delegate the
# authorization decision to downstream WSGI components. (boolean value)
#delay_auth_decision = false

# Request timeout value for communicating with Identity API server. (integer
# value)
#http_connect_timeout = <None>

# How many times are we trying to reconnect when communicating with Identity
# API Server. (integer value)
#http_request_max_retries = 3

# Env key for the swift cache. (string value)
#cache = <None>

# Required if identity server requires client certificate (string value)
#certfile = <None>

# Required if identity server requires client certificate (string value)
#keyfile = <None>

# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
# Defaults to system CAs. (string value)
#cafile = <None>

# Verify HTTPS connections. (boolean value)
#insecure = false

# The region in which the identity server can be found. (string value)
#region_name = <None>

# Directory used to cache files related to PKI tokens. (string value)
#signing_dir = <None>

# Optionally specify a list of memcached server(s) to use for caching. If left
# undefined, tokens will instead be cached in-process. (list value)
# Deprecated group/name - [DEFAULT]/memcache_servers
#memcached_servers = <None>

# In order to prevent excessive effort spent validating tokens, the middleware
# caches previously-seen tokens for a configurable duration (in seconds). Set
# to -1 to disable caching completely. (integer value)
#token_cache_time = 300

# Determines the frequency at which the list of revoked tokens is retrieved
# from the Identity service (in seconds). A high number of revocation events
# combined with a low cache duration may significantly reduce performance.
# (integer value)
#revocation_cache_time = 10

# (Optional) If defined, indicate whether token data should be authenticated or
# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
# cache. If the value is not one of these options or empty, auth_token will
# raise an exception on initialization. (string value)
# Allowed values: None, MAC, ENCRYPT
#memcache_security_strategy = None

# (Optional, mandatory if memcache_security_strategy is defined) This string is
# used for key derivation. (string value)
#memcache_secret_key = <None>

# (Optional) Number of seconds memcached server is considered dead before it is
# tried again. (integer value)
#memcache_pool_dead_retry = 300

# (Optional) Maximum total number of open connections to every memcached
# server. (integer value)
#memcache_pool_maxsize = 10

# (Optional) Socket timeout in seconds for communicating with a memcached
# server. (integer value)
#memcache_pool_socket_timeout = 3

# (Optional) Number of seconds a connection to memcached is held unused in the
# pool before it is closed. (integer value)
#memcache_pool_unused_timeout = 60

# (Optional) Number of seconds that an operation will wait to get a memcached
# client connection from the pool. (integer value)
#memcache_pool_conn_get_timeout = 10

# (Optional) Use the advanced (eventlet safe) memcached client pool. The
# advanced pool will only work under python 2.x. (boolean value)
#memcache_use_advanced_pool = false

# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
# middleware will not ask for service catalog on token validation and will not
# set the X-Service-Catalog header. (boolean value)
#include_service_catalog = true

# Used to control the use and type of token binding. Can be set to: "disabled"
# to not check token binding. "permissive" (default) to validate binding
# information if the bind type is of a form known to the server and ignore it
# if not. "strict" like "permissive" but if the bind type is unknown the token
# will be rejected. "required" any form of token binding is needed to be
# allowed. Finally the name of a binding method that must be present in tokens.
# (string value)
#enforce_token_bind = permissive

# If true, the revocation list will be checked for cached tokens. This requires
# that PKI tokens are configured on the identity server. (boolean value)
#check_revocations_for_cached = false

# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
# or multiple. The algorithms are those supported by Python standard
# hashlib.new(). The hashes will be tried in the order given, so put the
# preferred one first for performance. The result of the first hash will be
# stored in the cache. This will typically be set to multiple values only while
# migrating from a less secure algorithm to a more secure one. Once all the old
# tokens are expired this option should be set to a single value for better
# performance. (list value)
#hash_algorithms = md5

# Authentication type to load (unknown value)
# Deprecated group/name - [DEFAULT]/auth_plugin
#auth_type = <None>

# Config Section from which to load plugin specific options (unknown value)
#auth_section = <None>


[matchmaker_redis]

#
# From oslo.messaging
#

# Host to locate redis. (string value)
#host = 127.0.0.1

# Use this port to connect to redis host. (port value)
# Minimum value: 0
# Maximum value: 65535
#port = 6379

# Password for Redis server (optional). (string value)
#password =

# List of Redis Sentinel hosts (fault tolerance mode) e.g.
# [host:port, host1:port ... ] (list value)
#sentinel_hosts =

# Redis replica set name. (string value)
#sentinel_group_name = oslo-messaging-zeromq

# Time in ms to wait between connection attempts. (integer value)
#wait_timeout = 500

# Time in ms to wait before the transaction is killed. (integer value)
#check_timeout = 20000

# Timeout in ms on blocking socket operations (integer value)
#socket_timeout = 1000


[oslo_concurrency]

#
# From oslo.concurrency
#

# Enables or disables inter-process locks. (boolean value)
# Deprecated group/name - [DEFAULT]/disable_process_locking
#disable_process_locking = false

# Directory to use for lock files.  For security, the specified directory
# should only be writable by the user running the processes that need locking.
# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used,
# a lock path must be set. (string value)
# Deprecated group/name - [DEFAULT]/lock_path
#lock_path = <None>


[oslo_messaging_amqp]

#
# From oslo.messaging
#

# address prefix used when sending to a specific server (string value)
# Deprecated group/name - [amqp1]/server_request_prefix
#server_request_prefix = exclusive

# address prefix used when broadcasting to all servers (string value)
# Deprecated group/name - [amqp1]/broadcast_prefix
#broadcast_prefix = broadcast

# address prefix when sending to any server in group (string value)
# Deprecated group/name - [amqp1]/group_request_prefix
#group_request_prefix = unicast

# Name for the AMQP container (string value)
# Deprecated group/name - [amqp1]/container_name
#container_name = <None>

# Timeout for inactive connections (in seconds) (integer value)
# Deprecated group/name - [amqp1]/idle_timeout
#idle_timeout = 0

# Debug: dump AMQP frames to stdout (boolean value)
# Deprecated group/name - [amqp1]/trace
#trace = false

# CA certificate PEM file to verify server certificate (string value)
# Deprecated group/name - [amqp1]/ssl_ca_file
#ssl_ca_file =

# Identifying certificate PEM file to present to clients (string value)
# Deprecated group/name - [amqp1]/ssl_cert_file
#ssl_cert_file =

# Private key PEM file used to sign cert_file certificate (string value)
# Deprecated group/name - [amqp1]/ssl_key_file
#ssl_key_file =

# Password for decrypting ssl_key_file (if encrypted) (string value)
# Deprecated group/name - [amqp1]/ssl_key_password
#ssl_key_password = <None>

# Accept clients using either SSL or plain TCP (boolean value)
# Deprecated group/name - [amqp1]/allow_insecure_clients
#allow_insecure_clients = false

# Space separated list of acceptable SASL mechanisms (string value)
# Deprecated group/name - [amqp1]/sasl_mechanisms
#sasl_mechanisms =

# Path to directory that contains the SASL configuration (string value)
# Deprecated group/name - [amqp1]/sasl_config_dir
#sasl_config_dir =

# Name of configuration file (without .conf suffix) (string value)
# Deprecated group/name - [amqp1]/sasl_config_name
#sasl_config_name =

# User name for message broker authentication (string value)
# Deprecated group/name - [amqp1]/username
#username =

# Password for message broker authentication (string value)
# Deprecated group/name - [amqp1]/password
#password =


[oslo_messaging_notifications]

#
# From oslo.messaging
#

# The Drivers(s) to handle sending notifications. Possible values are
# messaging, messagingv2, routing, log, test, noop (multi valued)
# Deprecated group/name - [DEFAULT]/notification_driver
#driver =

# A URL representing the messaging driver to use for notifications. If not set,
# we fall back to the same configuration used for RPC. (string value)
# Deprecated group/name - [DEFAULT]/notification_transport_url
#transport_url = <None>

# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
# Deprecated group/name - [DEFAULT]/notification_topics
#topics = notifications


[oslo_messaging_rabbit]

#
# From oslo.messaging
#

# Use durable queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/amqp_durable_queues
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
#amqp_durable_queues = false

# Auto-delete queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/amqp_auto_delete
#amqp_auto_delete = false

# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
# distributions. (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_version
#kombu_ssl_version =

# SSL key file (valid only if SSL enabled). (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
#kombu_ssl_keyfile =

# SSL cert file (valid only if SSL enabled). (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
#kombu_ssl_certfile =

# SSL certification authority file (valid only if SSL enabled). (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
#kombu_ssl_ca_certs =

# How long to wait before reconnecting in response to an AMQP consumer cancel
# notification. (floating point value)
# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
#kombu_reconnect_delay = 1.0

# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
# be used. This option may notbe available in future versions. (string value)
#kombu_compression = <None>

# How long to wait a missing client beforce abandoning to send it its replies.
# This value should not be longer than rpc_response_timeout. (integer value)
# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout
#kombu_missing_consumer_retry_timeout = 60

# Determines how the next RabbitMQ node is chosen in case the one we are
# currently connected to becomes unavailable. Takes effect only if more than
# one RabbitMQ node is provided in config. (string value)
# Allowed values: round-robin, shuffle
#kombu_failover_strategy = round-robin

# The RabbitMQ broker address where a single node is used. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_host
#rabbit_host = localhost

# The RabbitMQ broker port where a single node is used. (port value)
# Minimum value: 0
# Maximum value: 65535
# Deprecated group/name - [DEFAULT]/rabbit_port
#rabbit_port = 5672

# RabbitMQ HA cluster host:port pairs. (list value)
# Deprecated group/name - [DEFAULT]/rabbit_hosts
#rabbit_hosts = $rabbit_host:$rabbit_port

# Connect over SSL for RabbitMQ. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
#rabbit_use_ssl = false

# The RabbitMQ userid. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_userid
#rabbit_userid = guest

# The RabbitMQ password. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_password
#rabbit_password = guest

# The RabbitMQ login method. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_login_method
#rabbit_login_method = AMQPLAIN

# The RabbitMQ virtual host. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
#rabbit_virtual_host = /

# How frequently to retry connecting with RabbitMQ. (integer value)
#rabbit_retry_interval = 1

# How long to backoff for between retries when connecting to RabbitMQ. (integer
# value)
# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
#rabbit_retry_backoff = 2

# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
# (integer value)
#rabbit_interval_max = 30

# Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry
# count). (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_max_retries
#rabbit_max_retries = 0

# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
# is no longer controlled by the x-ha-policy argument when declaring a queue.
# If you just want to make sure that all queues (except  those with auto-
# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
#rabbit_ha_queues = false

# Positive integer representing duration in seconds for queue TTL (x-expires).
# Queues which are unused for the duration of the TTL are automatically
# deleted. The parameter affects only reply and fanout queues. (integer value)
# Minimum value: 1
#rabbit_transient_queues_ttl = 1800

# Specifies the number of messages to prefetch. Setting to zero allows
# unlimited messages. (integer value)
#rabbit_qos_prefetch_count = 0

# Number of seconds after which the Rabbit broker is considered down if
# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
# value)
#heartbeat_timeout_threshold = 60

# How often times during the heartbeat_timeout_threshold we check the
# heartbeat. (integer value)
#heartbeat_rate = 2

# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
# Deprecated group/name - [DEFAULT]/fake_rabbit
#fake_rabbit = false

# Maximum number of channels to allow (integer value)
#channel_max = <None>

# The maximum byte size for an AMQP frame (integer value)
#frame_max = <None>

# How often to send heartbeats for consumer's connections (integer value)
#heartbeat_interval = 1

# Enable SSL (boolean value)
#ssl = <None>

# Arguments passed to ssl.wrap_socket (dict value)
#ssl_options = <None>

# Set socket timeout in seconds for connection's socket (floating point value)
#socket_timeout = 0.25

# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating point
# value)
#tcp_user_timeout = 0.25

# Set delay for reconnection to some host which has connection error (floating
# point value)
#host_connection_reconnect_delay = 0.25

# Maximum number of connections to keep queued. (integer value)
#pool_max_size = 10

# Maximum number of connections to create above `pool_max_size`. (integer
# value)
#pool_max_overflow = 0

# Default number of seconds to wait for a connections to available (integer
# value)
#pool_timeout = 30

# Lifetime of a connection (since creation) in seconds or None for no
# recycling. Expired connections are closed on acquire. (integer value)
#pool_recycle = 600

# Threshold at which inactive (since release) connections are considered stale
# in seconds or None for no staleness. Stale connections are closed on acquire.
# (integer value)
#pool_stale = 60

# Persist notification messages. (boolean value)
#notification_persistence = false

# Exchange name for for sending notifications (string value)
#default_notification_exchange = ${control_exchange}_notification

# Max number of not acknowledged message which RabbitMQ can send to
# notification listener. (integer value)
#notification_listener_prefetch_count = 100

# Reconnecting retry count in case of connectivity problem during sending
# notification, -1 means infinite retry. (integer value)
#default_notification_retry_attempts = -1

# Reconnecting retry delay in case of connectivity problem during sending
# notification message (floating point value)
#notification_retry_delay = 0.25

# Time to live for rpc queues without consumers in seconds. (integer value)
#rpc_queue_expiration = 60

# Exchange name for sending RPC messages (string value)
#default_rpc_exchange = ${control_exchange}_rpc

# Exchange name for receiving RPC replies (string value)
#rpc_reply_exchange = ${control_exchange}_rpc_reply

# Max number of not acknowledged message which RabbitMQ can send to rpc
# listener. (integer value)
#rpc_listener_prefetch_count = 100

# Max number of not acknowledged message which RabbitMQ can send to rpc reply
# listener. (integer value)
#rpc_reply_listener_prefetch_count = 100

# Reconnecting retry count in case of connectivity problem during sending
# reply. -1 means infinite retry during rpc_timeout (integer value)
#rpc_reply_retry_attempts = -1

# Reconnecting retry delay in case of connectivity problem during sending
# reply. (floating point value)
#rpc_reply_retry_delay = 0.25

# Reconnecting retry count in case of connectivity problem during sending RPC
# message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
# request could be processed more then one time (integer value)
#default_rpc_retry_attempts = -1

# Reconnecting retry delay in case of connectivity problem during sending RPC
# message (floating point value)
#rpc_retry_delay = 0.25


[oslo_middleware]

#
# From oslo.middleware
#

# The maximum body size for each  request, in bytes. (integer value)
# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
# Deprecated group/name - [DEFAULT]/max_request_body_size
#max_request_body_size = 114688

# The HTTP Header that will be used to determine what the original request
# protocol scheme was, even if it was hidden by an SSL termination proxy.
# (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#secure_proxy_ssl_header = X-Forwarded-Proto


[oslo_policy]

#
# From oslo.policy
#

# The JSON file that defines policies. (string value)
# Deprecated group/name - [DEFAULT]/policy_file
#policy_file = policy.json

# Default rule. Enforced when a requested rule is not found. (string value)
# Deprecated group/name - [DEFAULT]/policy_default_rule
#policy_default_rule = default

# Directories where policy configuration files are stored. They can be relative
# to any directory in the search path defined by the config_dir option, or
# absolute paths. The file defined by policy_file must exist for these
# directories to be searched.  Missing or empty directories are ignored. (multi
# valued)
# Deprecated group/name - [DEFAULT]/policy_dirs
#policy_dirs = policy.d


[oslo_reports]

#
# From oslo.reports
#

# Path to a log directory where to create a file (string value)
#log_dir = <None>


[oslo_versionedobjects]

#
# From oslo.versionedobjects
#

# Make exception message format errors fatal (boolean value)
#fatal_exception_format_errors = false


[ssl]

#
# From oslo.service.sslutils
#

# CA certificate file to use to verify connecting clients. (string value)
# Deprecated group/name - [DEFAULT]/ssl_ca_file
#ca_file = <None>

# Certificate file to use when starting the server securely. (string value)
# Deprecated group/name - [DEFAULT]/ssl_cert_file
#cert_file = <None>

# Private key file to use when starting the server securely. (string value)
# Deprecated group/name - [DEFAULT]/ssl_key_file
#key_file = <None>

# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
# distributions. (string value)
#version = <None>

# Sets the list of available ciphers. value should be a string in the OpenSSL
# cipher list format. (string value)
#ciphers = <None>

api-paste.ini

Use the api-paste.ini file to configure the Block Storage API service.

#############
# OpenStack #
#############

[composite:osapi_volume]
use = call:cinder.api:root_app_factory
/: apiversions
/v1: openstack_volume_api_v1
/v2: openstack_volume_api_v2
/v3: openstack_volume_api_v3

[composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1

[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2

[composite:openstack_volume_api_v3]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3

[filter:request_id]
paste.filter_factory = oslo_middleware.request_id:RequestId.factory

[filter:http_proxy_to_wsgi]
paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory

[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = cinder

[filter:faultwrap]
paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory

[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory

[filter:noauth]
paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory

[filter:sizelimit]
paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory

[app:apiv1]
paste.app_factory = cinder.api.v1.router:APIRouter.factory

[app:apiv2]
paste.app_factory = cinder.api.v2.router:APIRouter.factory

[app:apiv3]
paste.app_factory = cinder.api.v3.router:APIRouter.factory

[pipeline:apiversions]
pipeline = cors http_proxy_to_wsgi faultwrap osvolumeversionapp

[app:osvolumeversionapp]
paste.app_factory = cinder.api.versions:Versions.factory

##########
# Shared #
##########

[filter:keystonecontext]
paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory

policy.json

The policy.json file defines additional access controls that apply to the Block Storage service.

{
    "context_is_admin": "role:admin",
    "admin_or_owner":  "is_admin:True or project_id:%(project_id)s",
    "default": "rule:admin_or_owner",

    "admin_api": "is_admin:True",

    "volume:create": "",
    "volume:delete": "rule:admin_or_owner",
    "volume:get": "rule:admin_or_owner",
    "volume:get_all": "rule:admin_or_owner",
    "volume:get_volume_metadata": "rule:admin_or_owner",
    "volume:delete_volume_metadata": "rule:admin_or_owner",
    "volume:update_volume_metadata": "rule:admin_or_owner",
    "volume:get_volume_admin_metadata": "rule:admin_api",
    "volume:update_volume_admin_metadata": "rule:admin_api",
    "volume:get_snapshot": "rule:admin_or_owner",
    "volume:get_all_snapshots": "rule:admin_or_owner",
    "volume:create_snapshot": "rule:admin_or_owner",
    "volume:delete_snapshot": "rule:admin_or_owner",
    "volume:update_snapshot": "rule:admin_or_owner",
    "volume:extend": "rule:admin_or_owner",
    "volume:update_readonly_flag": "rule:admin_or_owner",
    "volume:retype": "rule:admin_or_owner",
    "volume:update": "rule:admin_or_owner",

    "volume_extension:types_manage": "rule:admin_api",
    "volume_extension:types_extra_specs": "rule:admin_api",
    "volume_extension:access_types_qos_specs_id": "rule:admin_api",
    "volume_extension:access_types_extra_specs": "rule:admin_api",
    "volume_extension:volume_type_access": "rule:admin_or_owner",
    "volume_extension:volume_type_access:addProjectAccess": "rule:admin_api",
    "volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api",
    "volume_extension:volume_type_encryption": "rule:admin_api",
    "volume_extension:volume_encryption_metadata": "rule:admin_or_owner",
    "volume_extension:extended_snapshot_attributes": "rule:admin_or_owner",
    "volume_extension:volume_image_metadata": "rule:admin_or_owner",

    "volume_extension:quotas:show": "",
    "volume_extension:quotas:update": "rule:admin_api",
    "volume_extension:quotas:delete": "rule:admin_api",
    "volume_extension:quota_classes": "rule:admin_api",
    "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api",

    "volume_extension:volume_admin_actions:reset_status": "rule:admin_api",
    "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",
    "volume_extension:backup_admin_actions:reset_status": "rule:admin_api",
    "volume_extension:volume_admin_actions:force_delete": "rule:admin_api",
    "volume_extension:volume_admin_actions:force_detach": "rule:admin_api",
    "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api",
    "volume_extension:backup_admin_actions:force_delete": "rule:admin_api",
    "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api",
    "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api",

    "volume_extension:volume_host_attribute": "rule:admin_api",
    "volume_extension:volume_tenant_attribute": "rule:admin_or_owner",
    "volume_extension:volume_mig_status_attribute": "rule:admin_api",
    "volume_extension:hosts": "rule:admin_api",
    "volume_extension:services:index": "rule:admin_api",
    "volume_extension:services:update" : "rule:admin_api",

    "volume_extension:volume_manage": "rule:admin_api",
    "volume_extension:volume_unmanage": "rule:admin_api",

    "volume_extension:capabilities": "rule:admin_api",

    "volume:create_transfer": "rule:admin_or_owner",
    "volume:accept_transfer": "",
    "volume:delete_transfer": "rule:admin_or_owner",
    "volume:get_all_transfers": "rule:admin_or_owner",

    "volume_extension:replication:promote": "rule:admin_api",
    "volume_extension:replication:reenable": "rule:admin_api",

    "volume:enable_replication": "rule:admin_api",
    "volume:disable_replication": "rule:admin_api",
    "volume:failover_replication": "rule:admin_api",
    "volume:list_replication_targets": "rule:admin_api",

    "backup:create" : "",
    "backup:delete": "rule:admin_or_owner",
    "backup:get": "rule:admin_or_owner",
    "backup:get_all": "rule:admin_or_owner",
    "backup:restore": "rule:admin_or_owner",
    "backup:backup-import": "rule:admin_api",
    "backup:backup-export": "rule:admin_api",

    "snapshot_extension:snapshot_actions:update_snapshot_status": "",
    "snapshot_extension:snapshot_manage": "rule:admin_api",
    "snapshot_extension:snapshot_unmanage": "rule:admin_api",

    "consistencygroup:create" : "group:nobody",
    "consistencygroup:delete": "group:nobody",
    "consistencygroup:update": "group:nobody",
    "consistencygroup:get": "group:nobody",
    "consistencygroup:get_all": "group:nobody",

    "consistencygroup:create_cgsnapshot" : "group:nobody",
    "consistencygroup:delete_cgsnapshot": "group:nobody",
    "consistencygroup:get_cgsnapshot": "group:nobody",
    "consistencygroup:get_all_cgsnapshots": "group:nobody",

    "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api"
}

rootwrap.conf

The rootwrap.conf file defines configuration values used by the rootwrap script when the Block Storage service must escalate its privileges to those of the root user.

# Configuration for cinder-rootwrap
# This file should be owned by (and only-writeable by) the root user

[DEFAULT]
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path=/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap

# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin

# Enable logging to syslog
# Default value is False
use_syslog=False

# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility=syslog

# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=ERROR
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.