Compute API configuration¶

The Compute API, run by the nova-api daemon, is the component of OpenStack Compute that receives and responds to user requests, whether they be direct API calls, or via the CLI tools or dashboard.

Configure Compute API password handling¶

The OpenStack Compute API enables users to specify an administrative password when they create or rebuild a server instance. If the user does not specify a password, a random password is generated and returned in the API response.

In practice, how the admin password is handled depends on the hypervisor in use and might require additional configuration of the instance. For example, you might have to install an agent to handle the password setting. If the hypervisor and instance configuration do not support setting a password at server create time, the password that is returned by the create API call is misleading because it was ignored.

To prevent this confusion, use the enable_instance_password configuration option to disable the return of the admin password for installations that do not support setting instance passwords.

Configuration options¶

The Compute API configuration options are documented in the tables below.

Description of API configuration options¶
Configuration option = Default value	Description
[DEFAULT]
`enable_new_services` = `True`	(Boolean) Enable new services on this host automatically. When a new service (for example “nova-compute”) starts up, it gets registered in the database as an enabled service. Sometimes it can be useful to register new services in disabled state and then enabled them at a later point in time. This option can set this behavior for all services per host. Possible values: `True`: Each new service is enabled as soon as it registers itself. `False`: Services must be enabled via a REST API call or with the CLI with `nova service-enable <hostname> <binary>`, otherwise they are not ready to use.
`enabled_apis` = `osapi_compute, metadata`	(List) A list of APIs to enable by default
`enabled_ssl_apis` =	(List) A list of APIs with enabled SSL
`instance_name_template` = `instance-%08x`	(String) Template string to be used to generate instance names. This template controls the creation of the database name of an instance. This is not the display name you enter when creating an instance (via Horizon or CLI). For a new deployment it is advisable to change the default value (which uses the database autoincrement) to another value which makes use of the attributes of an instance, like `instance-%(uuid)s`. If you already have instances in your deployment when you change this, your deployment will break. Possible values: A string which either uses the instance database ID (like the default) A string with a list of named database columns, for example `%(id)d` or `%(uuid)s` or `%(hostname)s`. Related options: not to be confused with: `multi_instance_display_name_template`
`multi_instance_display_name_template` = `%(name)s-%(count)d`	(String) When creating multiple instances with a single request using the os-multiple-create API extension, this template will be used to build the display name for each instance. The benefit is that the instances end up with different hostnames. Example display names when creating two VM’s: name-1, name-2. Possible values: Valid keys for the template are: name, uuid, count.
`non_inheritable_image_properties` = `cache_in_nova, bittorrent`	(List) Image properties that should not be inherited from the instance when taking a snapshot. This option gives an opportunity to select which image-properties should not be inherited by newly created snapshots. Possible values: A list whose item is an image property. Usually only the image properties that are only needed by base images can be included here, since the snapshots that are created from the base images doesn’t need them. Default list: [‘cache_in_nova’, ‘bittorrent’]
`null_kernel` = `nokernel`	(String) This option is used to decide when an image should have no external ramdisk or kernel. By default this is set to ‘nokernel’, so when an image is booted with the property ‘kernel_id’ with the value ‘nokernel’, Nova assumes the image doesn’t require an external kernel and ramdisk.
`osapi_compute_link_prefix` = `None`	(String) This string is prepended to the normal URL that is returned in links to the OpenStack Compute API. If it is empty (the default), the URLs are returned unchanged. Possible values: Any string, including an empty string (the default).
`osapi_compute_listen` = `0.0.0.0`	(String) The IP address on which the OpenStack API will listen.
`osapi_compute_listen_port` = `8774`	(Port number) The port on which the OpenStack API will listen.
`osapi_compute_workers` = `None`	(Integer) Number of workers for OpenStack API service. The default will be the number of CPUs available.
`osapi_hide_server_address_states` = `building`	(List) This option is a list of all instance states for which network address information should not be returned from the API. Possible values: A list of strings, where each string is a valid VM state, as defined in nova/compute/vm_states.py. As of the Newton release, they are: “active” “building” “paused” “suspended” “stopped” “rescued” “resized” “soft-delete” “deleted” “error” “shelved” “shelved_offloaded”
`servicegroup_driver` = `db`	(String) This option specifies the driver to be used for the servicegroup service. ServiceGroup API in nova enables checking status of a compute node. When a compute worker running the nova-compute daemon starts, it calls the join API to join the compute group. Services like nova scheduler can query the ServiceGroup API to check if a node is alive. Internally, the ServiceGroup client driver automatically updates the compute worker status. There are multiple backend implementations for this service: Database ServiceGroup driver and Memcache ServiceGroup driver. Possible Values: db : Database ServiceGroup driver mc : Memcache ServiceGroup driver Related Options: service_down_time (maximum time since last check-in for up service)
`snapshot_name_template` = `snapshot-%s`	(String) DEPRECATED: Template string to be used to generate snapshot names This is not used anymore and will be removed in the O release.
`use_forwarded_for` = `False`	(Boolean) When True, the ‘X-Forwarded-For’ header is treated as the canonical remote address. When False (the default), the ‘remote_address’ header is used. You should only enable this if you have an HTML sanitizing proxy.
[oslo_middleware]
`enable_proxy_headers_parsing` = `False`	(Boolean) Whether the application is behind a proxy or not. This determines if the middleware should parse the headers or not.
`max_request_body_size` = `114688`	(Integer) The maximum body size for each request, in bytes.
`secure_proxy_ssl_header` = `X-Forwarded-Proto`	(String) DEPRECATED: The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by a SSL termination proxy.
[oslo_versionedobjects]
`fatal_exception_format_errors` = `False`	(Boolean) Make exception message format errors fatal

Description of API v2.1 configuration options¶
Configuration option = Default value	Description
[osapi_v21]
`extensions_blacklist` =	(List) DEPRECATED: This option is a list of all of the v2.1 API extensions to never load. However, it will be removed in the near future, after which all the functionality that was previously in extensions will be part of the standard API, and thus always accessible. Possible values: A list of strings, each being the alias of an extension that you do not wish to load. Related options: enabled extensions_whitelist
`extensions_whitelist` =	(List) DEPRECATED: This is a list of extensions. If it is empty, then all extensions except those specified in the extensions_blacklist option will be loaded. If it is not empty, then only those extensions in this list will be loaded, provided that they are also not in the extensions_blacklist option. Once this deprecated option is removed, after which the all the functionality that was previously in extensions will be part of the standard API, and thus always accessible. Possible values: A list of strings, each being the alias of an extension that you wish to load, or an empty list, which indicates that all extensions are to be run. Related options: enabled extensions_blacklist
`project_id_regex` = `None`	(String) DEPRECATED: This option is a string representing a regular expression (regex) that matches the project_id as contained in URLs. If not set, it will match normal UUIDs created by keystone. Possible values: A string representing any legal regular expression

Description of CA and SSL configuration options¶
Configuration option = Default value	Description
[DEFAULT]
`cert` = `self.pem`	(String) Path to SSL certificate file.
`cert_manager` = `nova.cert.manager.CertManager`	(String) DEPRECATED: Full class name for the Manager for cert
`cert_topic` = `cert`	(String) DEPRECATED: Determines the RPC topic that the cert nodes listen on. For most deployments there is no need to ever change it. Since the nova-cert service is marked for deprecation, the feature to change RPC topic that cert nodes listen may be removed as early as the 15.0.0 Ocata release.