The Compute API, run by the nova-api
daemon, is the component of
OpenStack Compute that receives and responds to user requests,
whether they be direct API calls, or via the CLI tools or dashboard.
The OpenStack Compute API enables users to specify an administrative password when they create or rebuild a server instance. If the user does not specify a password, a random password is generated and returned in the API response.
In practice, how the admin password is handled depends on the hypervisor in use and might require additional configuration of the instance. For example, you might have to install an agent to handle the password setting. If the hypervisor and instance configuration do not support setting a password at server create time, the password that is returned by the create API call is misleading because it was ignored.
To prevent this confusion, use the enable_instance_password
configuration option to disable the return of the admin password
for installations that do not support setting instance passwords.
The Compute API configuration options are documented in the tables below.
Configuration option = Default value | Description |
---|---|
max_limit = 1000 |
(Integer) As a query can potentially return many thousands of items, you can limit the maximum number of items in a single response by setting this option. |
vendordata_dynamic_read_timeout = 5 |
(Integer) Maximum wait time for an external REST service to return data once connected. Possible values:
Related options:
|
vendordata_dynamic_ssl_certfile = |
(String) Path to an optional certificate file or CA bundle to verify dynamic vendordata REST services ssl certificates against. Possible values:
Related options:
|
neutron_default_tenant_id = default |
(String) Tenant ID for getting the default network from Neutron API (also referred in some places as the ‘project ID’) to use. Related options:
|
config_drive_skip_versions = 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 |
(String) When gathering the existing metadata for a config drive, the EC2-style metadata is returned for all versions that don’t appear in this option. As of the Liberty release, the available versions are:
The option is in the format of a single string, with each version separated by a space. Possible values:
|
hide_server_address_states = building |
(List) This option is a list of all instance states for which network address information should not be returned from the API. Possible values:
|
vendordata_dynamic_connect_timeout = 5 |
(Integer) Maximum wait time for an external REST service to connect. Possible values:
Related options:
|
fping_path = /usr/sbin/fping |
(String) The full path to the fping binary. |
allow_instance_snapshots = True |
(Boolean) Operators can turn off the ability for a user to take snapshots of their instances by setting this option to False. When disabled, any attempt to take a snapshot will result in a HTTP 400 response (“Bad Request”).
|
compute_link_prefix = None |
(String) This string is prepended to the normal URL that is returned in links to the OpenStack Compute API. If it is empty (the default), the URLs are returned unchanged. Possible values:
|
vendordata_jsonfile_path = None |
(String) Cloud providers may store custom data in vendor data file that will then be available to the instances via the metadata service, and to the rendering of config-drive. The default class for this, JsonFileVendorData, loads this information from a JSON file, whose path is configured by this option. If there is no path set by this option, the class returns an empty dictionary. Possible values:
|
glance_link_prefix = None |
(String) This string is prepended to the normal URL that is returned in links to Glance resources. If it is empty (the default), the URLs are returned unchanged. Possible values:
|
enable_instance_password = True |
(Boolean) Enables returning of the instance password by the relevant server API calls such as create, rebuild, evacuate, or rescue. If the hypervisor does not support password injection, then the password returned will not be correct, so if your hypervisor does not support password injection, set this to False. |
vendordata_dynamic_targets = |
(List) A list of targets for the dynamic vendordata provider. These targets are of the form <name>@<url>. The dynamic vendordata provider collects metadata by contacting external REST services and querying them for information about the instance. This behaviour is documented in the vendordata.rst file in the nova developer reference. |
use_forwarded_for = False |
(Boolean) When True, the ‘X-Forwarded-For’ header is treated as the canonical remote address. When False (the default), the ‘remote_address’ header is used. You should only enable this if you have an HTML sanitizing proxy. |
use_neutron_default_nets = False |
(Boolean) When True, the TenantNetworkController will query the Neutron API to get the default networks to use. Related options:
|
vendordata_dynamic_failure_fatal = False |
(Boolean) Should failures to fetch dynamic vendordata be fatal to instance boot? Related options:
|
vendordata_providers = |
(List) A list of vendordata providers. vendordata providers are how deployers can provide metadata via configdrive and metadata that is specific to their deployment. There are currently two supported providers: StaticJSON and DynamicJSON. StaticJSON reads a JSON file configured by the flag vendordata_jsonfile_path and places the JSON from that file into vendor_data.json and vendor_data2.json. DynamicJSON is configured via the vendordata_dynamic_targets flag, which is documented separately. For each of the endpoints specified in that flag, a section is added to the vendor_data2.json. For more information on the requirements for implementing a vendordata dynamic endpoint, please see the vendordata.rst file in the nova developer reference. Possible values:
Related options:
|
metadata_cache_expiration = 15 |
(Integer) This option is the time (in seconds) to cache metadata. When set to 0, metadata caching is disabled entirely; this is generally not recommended for performance reasons. Increasing this setting should improve response times of the metadata API when under heavy load. Higher values may increase memory usage, and result in longer times for host metadata changes to take effect. |
auth_strategy = keystone |
(String) This determines the strategy to use for authentication: keystone or noauth2. ‘noauth2’ is designed for testing only, as it does no actual credential checking. ‘noauth2’ provides administrative credentials only if ‘admin’ is specified as the username. |
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.