Sample Configuration File

The following is a sample tacker configuration for adaptation and use. For a detailed overview of all available configuration options, refer to Configuration Options.

The sample configuration can also be viewed in file form.

Important

The sample configuration file is auto-generated from tacker when this documentation is built. You must ensure your version of tacker matches the version of this documentation.

[DEFAULT]

#
# From oslo.log
#

# If set to true, the logging level will be set to DEBUG instead of the default
# INFO level. (boolean value)
# Note: This option can be changed without restarting.
#debug = false

# The name of a logging configuration file. This file is appended to any
# existing logging configuration files. For details about logging configuration
# files, see the Python logging module documentation. Note that when logging
# configuration files are used then all logging configuration is set in the
# configuration file and other logging configuration options are ignored (for
# example, log-date-format). (string value)
# Note: This option can be changed without restarting.
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append = <None>

# Defines the format string for %%(asctime)s in log records. Default:
# %(default)s . This option is ignored if log_config_append is set. (string
# value)
#log_date_format = %Y-%m-%d %H:%M:%S

# (Optional) Name of log file to send logging output to. If no default is set,
# logging will go to stderr as defined by use_stderr. This option is ignored if
# log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file = <None>

# (Optional) The base directory used for relative log_file  paths. This option
# is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logdir
#log_dir = <None>

# Uses logging handler designed to watch file system. When log file is moved or
# removed this handler will open a new log file with specified path
# instantaneously. It makes sense only if log_file option is specified and
# Linux platform is used. This option is ignored if log_config_append is set.
# (boolean value)
#watch_log_file = false

# Use syslog for logging. Existing syslog format is DEPRECATED and will be
# changed later to honor RFC5424. This option is ignored if log_config_append
# is set. (boolean value)
#use_syslog = false

# Enable journald for logging. If running in a systemd environment you may wish
# to enable journal support. Doing so will use the journal native protocol
# which includes structured metadata in addition to log messages.This option is
# ignored if log_config_append is set. (boolean value)
#use_journal = false

# Syslog facility to receive log lines. This option is ignored if
# log_config_append is set. (string value)
#syslog_log_facility = LOG_USER

# Use JSON formatting for logging. This option is ignored if log_config_append
# is set. (boolean value)
#use_json = false

# Log output to standard error. This option is ignored if log_config_append is
# set. (boolean value)
#use_stderr = false

# Log output to Windows Event Log. (boolean value)
#use_eventlog = false

# The amount of time before the log files are rotated. This option is ignored
# unless log_rotation_type is setto "interval". (integer value)
#log_rotate_interval = 1

# Rotation interval type. The time of the last file change (or the time when
# the service was started) is used when scheduling the next rotation. (string
# value)
# Possible values:
# Seconds - <No description provided>
# Minutes - <No description provided>
# Hours - <No description provided>
# Days - <No description provided>
# Weekday - <No description provided>
# Midnight - <No description provided>
#log_rotate_interval_type = days

# Maximum number of rotated log files. (integer value)
#max_logfile_count = 30

# Log file maximum size in MB. This option is ignored if "log_rotation_type" is
# not set to "size". (integer value)
#max_logfile_size_mb = 200

# Log rotation type. (string value)
# Possible values:
# interval - Rotate logs at predefined time intervals.
# size - Rotate logs once they reach a predefined size.
# none - Do not rotate log files.
#log_rotation_type = none

# Format string to use for log messages with context. Used by
# oslo_log.formatters.ContextFormatter (string value)
#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s

# Format string to use for log messages when context is undefined. Used by
# oslo_log.formatters.ContextFormatter (string value)
#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

# Additional data to append to log message when logging level for the message
# is DEBUG. Used by oslo_log.formatters.ContextFormatter (string value)
#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d

# Prefix each line of exception output with this format. Used by
# oslo_log.formatters.ContextFormatter (string value)
#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

# Defines the format string for %(user_identity)s that is used in
# logging_context_format_string. Used by oslo_log.formatters.ContextFormatter
# (string value)
#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s

# List of package logging levels in logger=LEVEL pairs. This option is ignored
# if log_config_append is set. (list value)
#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,oslo_policy=INFO,dogpile.core.dogpile=INFO

# Enables or disables publication of error events. (boolean value)
#publish_errors = false

# The format for an instance that is passed with the log message. (string
# value)
#instance_format = "[instance: %(uuid)s] "

# The format for an instance UUID that is passed with the log message. (string
# value)
#instance_uuid_format = "[instance: %(uuid)s] "

# Interval, number of seconds, of log rate limiting. (integer value)
#rate_limit_interval = 0

# Maximum number of logged messages per rate_limit_interval. (integer value)
#rate_limit_burst = 0

# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
# or empty string. Logs with level greater or equal to rate_limit_except_level
# are not filtered. An empty string means that all levels are filtered. (string
# value)
#rate_limit_except_level = CRITICAL

# Enables or disables fatal status of deprecations. (boolean value)
#fatal_deprecations = false

#
# From oslo.messaging
#

# Size of RPC connection pool. (integer value)
#rpc_conn_pool_size = 30

# The pool size limit for connections expiration policy (integer value)
#conn_pool_min_size = 2

# The time-to-live in sec of idle connections in the pool (integer value)
#conn_pool_ttl = 1200

# Size of executor thread pool when executor is threading or eventlet. (integer
# value)
# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
#executor_thread_pool_size = 64

# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout = 60

# The network address and optional user credentials for connecting to the
# messaging backend, in URL format. The expected format is:
#
# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query
#
# Example: rabbit://rabbitmq:password@127.0.0.1:5672//
#
# For full details on the fields in the URL see the documentation of
# oslo_messaging.TransportURL at
# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html
# (string value)
#transport_url = rabbit://

# The default exchange under which topics are scoped. May be overridden by an
# exchange name specified in the transport_url option. (string value)
#control_exchange = tacker

#
# From oslo.service.service
#

# Enable eventlet backdoor.  Acceptable values are 0, <port>, and
# <start>:<end>, where 0 results in listening on a random tcp port number;
# <port> results in listening on the specified port number (and not enabling
# backdoor if that port is in use); and <start>:<end> results in listening on
# the smallest unused port number within the specified range of port numbers.
# The chosen port is displayed in the service's log file. (string value)
#backdoor_port = <None>

# Enable eventlet backdoor, using the provided path as a unix socket that can
# receive connections. This option is mutually exclusive with 'backdoor_port'
# in that only one should be provided. If both are provided then the existence
# of this option overrides the usage of that option. Inside the path {pid} will
# be replaced with the PID of the current process. (string value)
#backdoor_socket = <None>

# Enables or disables logging values of all registered options when starting a
# service (at DEBUG level). (boolean value)
#log_options = true

# Specify a timeout after which a gracefully shutdown server will exit. Zero
# value means endless wait. (integer value)
#graceful_shutdown_timeout = 60

#
# From tacker.common.config
#

# The host IP to bind to (host address value)
#bind_host = 0.0.0.0

# The port to bind to (integer value)
#bind_port = 9890

# The API paste config file to use (string value)
#api_paste_config = api-paste.ini

# The path for API extensions (string value)
#api_extensions_path =

# The service plugins Tacker will use (list value)
#service_plugins = nfvo,vnfm

# The type of authentication to use (string value)
#auth_strategy = keystone

# Allow the usage of the bulk API (boolean value)
#allow_bulk = true

# Allow the usage of the pagination (boolean value)
#allow_pagination = false

# Allow the usage of the sorting (boolean value)
#allow_sorting = false

# The maximum number of items returned in a single response, value was
# 'infinite' or negative integer means no limit (string value)
#pagination_max_limit = -1

# The hostname Tacker is running on (host address value)
#host = ubuntu-bionic-rax-iad-0018648886

# Where to store Tacker state files. This directory must be writable by the
# agent. (string value)
#state_path = /var/lib/tacker

#
# From tacker.conf
#

# Seconds between running periodic tasks to cleanup residues of deleted vnf
# packages (integer value)
#vnf_package_delete_interval = 1800

#
# From tacker.service
#

# Seconds between running components report states (integer value)
#report_interval = 10

# Seconds between running periodic tasks (integer value)
#periodic_interval = 40

# Number of separate worker processes for service (integer value)
#api_workers = 0

# Range of seconds to randomly delay when starting the periodic task scheduler
# to reduce stampeding. (Disable by setting to 0) (integer value)
#periodic_fuzzy_delay = 5

#
# From tacker.wsgi
#

# Number of backlog requests to configure the socket with (integer value)
#backlog = 4096

# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not
# supported on OS X. (integer value)
#tcp_keepidle = 600

# Number of seconds to keep retrying to listen (integer value)
#retry_until_window = 30

# Max header line to accommodate large tokens (integer value)
#max_header_line = 16384

# Enable SSL on the API server (boolean value)
#use_ssl = false

# CA certificate file to use to verify connecting clients (string value)
#ssl_ca_file = <None>

# Certificate file to use when starting the server securely (string value)
#ssl_cert_file = <None>

# Private key file to use when starting the server securely (string value)
#ssl_key_file = <None>


[alarm_auth]

#
# From tacker.alarm_receiver
#

# User name for alarm monitoring (string value)
#username = admin

# Password for alarm monitoring (string value)
#password = devstack

# Project name for alarm monitoring (string value)
#project_name = admin

# User domain name for alarm monitoring (string value)
#user_domain_name = default

# Project domain name for alarm monitoring (string value)
#project_domain_name = default


[ceilometer]

#
# From tacker.vnfm.monitor_drivers.ceilometer.ceilometer
#

# Address which drivers use to trigger (host address value)
#host = ubuntu-bionic-rax-iad-0018648886

# port number which drivers use to trigger (port value)
# Minimum value: 0
# Maximum value: 65535
#port = 9890


[cors]

#
# From oslo.middleware
#

# Indicate whether this resource may be shared with the domain received in the
# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
# slash. Example: https://horizon.example.com (list value)
#allowed_origin = <None>

# Indicate that the actual request can include user credentials (boolean value)
#allow_credentials = true

# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
# Headers. (list value)
#expose_headers =

# Maximum cache age of CORS preflight requests. (integer value)
#max_age = 3600

# Indicate which methods can be used during the actual request. (list value)
#allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH

# Indicate which header field names may be used during the actual request.
# (list value)
#allow_headers =


[database]

#
# From oslo.db
#

# If True, SQLite uses synchronous mode. (boolean value)
#sqlite_synchronous = true

# The back end to use for the database. (string value)
# Deprecated group/name - [DEFAULT]/db_backend
#backend = sqlalchemy

# The SQLAlchemy connection string to use to connect to the database. (string
# value)
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>

# The SQLAlchemy connection string to use to connect to the slave database.
# (string value)
#slave_connection = <None>

# The SQL mode to be used for MySQL sessions. This option, including the
# default, overrides any server-set SQL mode. To use whatever SQL mode is set
# by the server configuration, set this to no value. Example: mysql_sql_mode=
# (string value)
#mysql_sql_mode = TRADITIONAL

# If True, transparently enables support for handling MySQL Cluster (NDB).
# (boolean value)
#mysql_enable_ndb = false

# Connections which have been present in the connection pool longer than this
# number of seconds will be replaced with a new one the next time they are
# checked out from the pool. (integer value)
# Deprecated group/name - [DATABASE]/idle_timeout
# Deprecated group/name - [database]/idle_timeout
# Deprecated group/name - [DEFAULT]/sql_idle_timeout
# Deprecated group/name - [DATABASE]/sql_idle_timeout
# Deprecated group/name - [sql]/idle_timeout
#connection_recycle_time = 3600

# Maximum number of SQL connections to keep open in a pool. Setting a value of
# 0 indicates no limit. (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size = 5

# Maximum number of database connection retries during startup. Set to -1 to
# specify an infinite retry count. (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_retries
# Deprecated group/name - [DATABASE]/sql_max_retries
#max_retries = 10

# Interval between retries of opening a SQL connection. (integer value)
# Deprecated group/name - [DEFAULT]/sql_retry_interval
# Deprecated group/name - [DATABASE]/reconnect_interval
#retry_interval = 10

# If set, use this value for max_overflow with SQLAlchemy. (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
#max_overflow = 50

# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
# value)
# Minimum value: 0
# Maximum value: 100
# Deprecated group/name - [DEFAULT]/sql_connection_debug
#connection_debug = 0

# Add Python stack traces to SQL as comment strings. (boolean value)
# Deprecated group/name - [DEFAULT]/sql_connection_trace
#connection_trace = false

# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
#pool_timeout = <None>

# Enable the experimental use of database reconnect on connection lost.
# (boolean value)
#use_db_reconnect = false

# Seconds between retries of a database transaction. (integer value)
#db_retry_interval = 1

# If True, increases the interval between retries of a database operation up to
# db_max_retry_interval. (boolean value)
#db_inc_retry_interval = true

# If db_inc_retry_interval is set, the maximum seconds between retries of a
# database operation. (integer value)
#db_max_retry_interval = 10

# Maximum retries in case of connection error or deadlock error before error is
# raised. Set to -1 to specify an infinite retry count. (integer value)
#db_max_retries = 20

# Optional URL parameters to append onto the connection URL at connect time;
# specify as param1=value1&param2=value2&... (string value)
#connection_parameters =


[glance_store]

#
# From glance.store
#

# DEPRECATED:
# List of enabled Glance stores.
#
# Register the storage backends to use for storing disk images
# as a comma separated list. The default stores enabled for
# storing disk images with Glance are ``file`` and ``http``.
#
# Possible values:
#     * A comma separated list that could include:
#         * file
#         * http
#         * swift
#         * rbd
#         * sheepdog
#         * cinder
#         * vmware
#
# Related Options:
#     * default_store
#
#  (list value)
# This option is deprecated for removal since Rocky.
# Its value may be silently ignored in the future.
# Reason:
# This option is deprecated against new config option
# ``enabled_backends`` which helps to configure multiple backend stores
# of different schemes.
#
# This option is scheduled for removal in the U development
# cycle.
#stores = file,http

# DEPRECATED:
# The default scheme to use for storing images.
#
# Provide a string value representing the default scheme to use for
# storing images. If not set, Glance uses ``file`` as the default
# scheme to store images with the ``file`` store.
#
# NOTE: The value given for this configuration option must be a valid
# scheme for a store registered with the ``stores`` configuration
# option.
#
# Possible values:
#     * file
#     * filesystem
#     * http
#     * https
#     * swift
#     * swift+http
#     * swift+https
#     * swift+config
#     * rbd
#     * sheepdog
#     * cinder
#     * vsphere
#
# Related Options:
#     * stores
#
#  (string value)
# Possible values:
# file - <No description provided>
# filesystem - <No description provided>
# http - <No description provided>
# https - <No description provided>
# swift - <No description provided>
# swift+http - <No description provided>
# swift+https - <No description provided>
# swift+config - <No description provided>
# rbd - <No description provided>
# sheepdog - <No description provided>
# cinder - <No description provided>
# vsphere - <No description provided>
# This option is deprecated for removal since Rocky.
# Its value may be silently ignored in the future.
# Reason:
# This option is deprecated against new config option
# ``default_backend`` which acts similar to ``default_store`` config
# option.
#
# This option is scheduled for removal in the U development
# cycle.
#default_store = file

#
# Information to match when looking for cinder in the service catalog.
#
# When the ``cinder_endpoint_template`` is not set and any of
# ``cinder_store_auth_address``, ``cinder_store_user_name``,
# ``cinder_store_project_name``, ``cinder_store_password`` is not set,
# cinder store uses this information to lookup cinder endpoint from the service
# catalog in the current context. ``cinder_os_region_name``, if set, is taken
# into consideration to fetch the appropriate endpoint.
#
# The service catalog can be listed by the ``openstack catalog list`` command.
#
# Possible values:
#     * A string of of the following form:
#       ``<service_type>:<service_name>:<interface>``
#       At least ``service_type`` and ``interface`` should be specified.
#       ``service_name`` can be omitted.
#
# Related options:
#     * cinder_os_region_name
#     * cinder_endpoint_template
#     * cinder_store_auth_address
#     * cinder_store_user_name
#     * cinder_store_project_name
#     * cinder_store_password
#
#  (string value)
#cinder_catalog_info = volumev2::publicURL

#
# Override service catalog lookup with template for cinder endpoint.
#
# When this option is set, this value is used to generate cinder endpoint,
# instead of looking up from the service catalog.
# This value is ignored if ``cinder_store_auth_address``,
# ``cinder_store_user_name``, ``cinder_store_project_name``, and
# ``cinder_store_password`` are specified.
#
# If this configuration option is set, ``cinder_catalog_info`` will be ignored.
#
# Possible values:
#     * URL template string for cinder endpoint, where ``%%(tenant)s`` is
#       replaced with the current tenant (project) name.
#       For example: ``http://cinder.openstack.example.org/v2/%%(tenant)s``
#
# Related options:
#     * cinder_store_auth_address
#     * cinder_store_user_name
#     * cinder_store_project_name
#     * cinder_store_password
#     * cinder_catalog_info
#
#  (string value)
#cinder_endpoint_template = <None>

#
# Region name to lookup cinder service from the service catalog.
#
# This is used only when ``cinder_catalog_info`` is used for determining the
# endpoint. If set, the lookup for cinder endpoint by this node is filtered to
# the specified region. It is useful when multiple regions are listed in the
# catalog. If this is not set, the endpoint is looked up from every region.
#
# Possible values:
#     * A string that is a valid region name.
#
# Related options:
#     * cinder_catalog_info
#
#  (string value)
# Deprecated group/name - [glance_store]/os_region_name
#cinder_os_region_name = <None>

#
# Location of a CA certificates file used for cinder client requests.
#
# The specified CA certificates file, if set, is used to verify cinder
# connections via HTTPS endpoint. If the endpoint is HTTP, this value is
# ignored.
# ``cinder_api_insecure`` must be set to ``True`` to enable the verification.
#
# Possible values:
#     * Path to a ca certificates file
#
# Related options:
#     * cinder_api_insecure
#
#  (string value)
#cinder_ca_certificates_file = <None>

#
# Number of cinderclient retries on failed http calls.
#
# When a call failed by any errors, cinderclient will retry the call up to the
# specified times after sleeping a few seconds.
#
# Possible values:
#     * A positive integer
#
# Related options:
#     * None
#
#  (integer value)
# Minimum value: 0
#cinder_http_retries = 3

#
# Time period, in seconds, to wait for a cinder volume transition to
# complete.
#
# When the cinder volume is created, deleted, or attached to the glance node to
# read/write the volume data, the volume's state is changed. For example, the
# newly created volume status changes from ``creating`` to ``available`` after
# the creation process is completed. This specifies the maximum time to wait
# for
# the status change. If a timeout occurs while waiting, or the status is
# changed
# to an unexpected value (e.g. `error``), the image creation fails.
#
# Possible values:
#     * A positive integer
#
# Related options:
#     * None
#
#  (integer value)
# Minimum value: 0
#cinder_state_transition_timeout = 300

#
# Allow to perform insecure SSL requests to cinder.
#
# If this option is set to True, HTTPS endpoint connection is verified using
# the
# CA certificates file specified by ``cinder_ca_certificates_file`` option.
#
# Possible values:
#     * True
#     * False
#
# Related options:
#     * cinder_ca_certificates_file
#
#  (boolean value)
#cinder_api_insecure = false

#
# The address where the cinder authentication service is listening.
#
# When all of ``cinder_store_auth_address``, ``cinder_store_user_name``,
# ``cinder_store_project_name``, and ``cinder_store_password`` options are
# specified, the specified values are always used for the authentication.
# This is useful to hide the image volumes from users by storing them in a
# project/tenant specific to the image service. It also enables users to share
# the image volume among other projects under the control of glance's ACL.
#
# If either of these options are not set, the cinder endpoint is looked up
# from the service catalog, and current context's user and project are used.
#
# Possible values:
#     * A valid authentication service address, for example:
#       ``http://openstack.example.org/identity/v2.0``
#
# Related options:
#     * cinder_store_user_name
#     * cinder_store_password
#     * cinder_store_project_name
#
#  (string value)
#cinder_store_auth_address = <None>

#
# User name to authenticate against cinder.
#
# This must be used with all the following related options. If any of these are
# not specified, the user of the current context is used.
#
# Possible values:
#     * A valid user name
#
# Related options:
#     * cinder_store_auth_address
#     * cinder_store_password
#     * cinder_store_project_name
#
#  (string value)
#cinder_store_user_name = <None>

#
# Password for the user authenticating against cinder.
#
# This must be used with all the following related options. If any of these are
# not specified, the user of the current context is used.
#
# Possible values:
#     * A valid password for the user specified by ``cinder_store_user_name``
#
# Related options:
#     * cinder_store_auth_address
#     * cinder_store_user_name
#     * cinder_store_project_name
#
#  (string value)
#cinder_store_password = <None>

#
# Project name where the image volume is stored in cinder.
#
# If this configuration option is not set, the project in current context is
# used.
#
# This must be used with all the following related options. If any of these are
# not specified, the project of the current context is used.
#
# Possible values:
#     * A valid project name
#
# Related options:
#     * ``cinder_store_auth_address``
#     * ``cinder_store_user_name``
#     * ``cinder_store_password``
#
#  (string value)
#cinder_store_project_name = <None>

#
# Path to the rootwrap configuration file to use for running commands as root.
#
# The cinder store requires root privileges to operate the image volumes (for
# connecting to iSCSI/FC volumes and reading/writing the volume data, etc.).
# The configuration file should allow the required commands by cinder store and
# os-brick library.
#
# Possible values:
#     * Path to the rootwrap config file
#
# Related options:
#     * None
#
#  (string value)
#rootwrap_config = /etc/glance/rootwrap.conf

#
# Volume type that will be used for volume creation in cinder.
#
# Some cinder backends can have several volume types to optimize storage usage.
# Adding this option allows an operator to choose a specific volume type
# in cinder that can be optimized for images.
#
# If this is not set, then the default volume type specified in the cinder
# configuration will be used for volume creation.
#
# Possible values:
#     * A valid volume type from cinder
#
# Related options:
#     * None
#
#  (string value)
#cinder_volume_type = <None>

#
# Directory to which the filesystem backend store writes images.
#
# Upon start up, Glance creates the directory if it doesn't already
# exist and verifies write access to the user under which
# ``glance-api`` runs. If the write access isn't available, a
# ``BadStoreConfiguration`` exception is raised and the filesystem
# store may not be available for adding new images.
#
# NOTE: This directory is used only when filesystem store is used as a
# storage backend. Either ``filesystem_store_datadir`` or
# ``filesystem_store_datadirs`` option must be specified in
# ``glance-api.conf``. If both options are specified, a
# ``BadStoreConfiguration`` will be raised and the filesystem store
# may not be available for adding new images.
#
# Possible values:
#     * A valid path to a directory
#
# Related options:
#     * ``filesystem_store_datadirs``
#     * ``filesystem_store_file_perm``
#
#  (string value)
#filesystem_store_datadir = /var/lib/glance/images

#
# List of directories and their priorities to which the filesystem
# backend store writes images.
#
# The filesystem store can be configured to store images in multiple
# directories as opposed to using a single directory specified by the
# ``filesystem_store_datadir`` configuration option. When using
# multiple directories, each directory can be given an optional
# priority to specify the preference order in which they should
# be used. Priority is an integer that is concatenated to the
# directory path with a colon where a higher value indicates higher
# priority. When two directories have the same priority, the directory
# with most free space is used. When no priority is specified, it
# defaults to zero.
#
# More information on configuring filesystem store with multiple store
# directories can be found at
# https://docs.openstack.org/glance/latest/configuration/configuring.html
#
# NOTE: This directory is used only when filesystem store is used as a
# storage backend. Either ``filesystem_store_datadir`` or
# ``filesystem_store_datadirs`` option must be specified in
# ``glance-api.conf``. If both options are specified, a
# ``BadStoreConfiguration`` will be raised and the filesystem store
# may not be available for adding new images.
#
# Possible values:
#     * List of strings of the following form:
#         * ``<a valid directory path>:<optional integer priority>``
#
# Related options:
#     * ``filesystem_store_datadir``
#     * ``filesystem_store_file_perm``
#
#  (multi valued)
#filesystem_store_datadirs =

#
# Filesystem store metadata file.
#
# The path to a file which contains the metadata to be returned with
# any location associated with the filesystem store. The file must
# contain a valid JSON object. The object should contain the keys
# ``id`` and ``mountpoint``. The value for both keys should be a
# string.
#
# Possible values:
#     * A valid path to the store metadata file
#
# Related options:
#     * None
#
#  (string value)
#filesystem_store_metadata_file = <None>

#
# File access permissions for the image files.
#
# Set the intended file access permissions for image data. This provides
# a way to enable other services, e.g. Nova, to consume images directly
# from the filesystem store. The users running the services that are
# intended to be given access to could be made a member of the group
# that owns the files created. Assigning a value less then or equal to
# zero for this configuration option signifies that no changes be made
# to the  default permissions. This value will be decoded as an octal
# digit.
#
# For more information, please refer the documentation at
# https://docs.openstack.org/glance/latest/configuration/configuring.html
#
# Possible values:
#     * A valid file access permission
#     * Zero
#     * Any negative integer
#
# Related options:
#     * None
#
#  (integer value)
#filesystem_store_file_perm = 0

#
# Chunk size, in bytes.
#
# The chunk size used when reading or writing image files. Raising this value
# may improve the throughput but it may also slightly increase the memory usage
# when handling a large number of requests.
#
# Possible Values:
#     * Any positive integer value
#
# Related options:
#     * None
#
#  (integer value)
# Minimum value: 1
#filesystem_store_chunk_size = 65536

#
# Path to the CA bundle file.
#
# This configuration option enables the operator to use a custom
# Certificate Authority file to verify the remote server certificate. If
# this option is set, the ``https_insecure`` option will be ignored and
# the CA file specified will be used to authenticate the server
# certificate and establish a secure connection to the server.
#
# Possible values:
#     * A valid path to a CA file
#
# Related options:
#     * https_insecure
#
#  (string value)
#https_ca_certificates_file = <None>

#
# Set verification of the remote server certificate.
#
# This configuration option takes in a boolean value to determine
# whether or not to verify the remote server certificate. If set to
# True, the remote server certificate is not verified. If the option is
# set to False, then the default CA truststore is used for verification.
#
# This option is ignored if ``https_ca_certificates_file`` is set.
# The remote server certificate will then be verified using the file
# specified using the ``https_ca_certificates_file`` option.
#
# Possible values:
#     * True
#     * False
#
# Related options:
#     * https_ca_certificates_file
#
#  (boolean value)
#https_insecure = true

#
# The http/https proxy information to be used to connect to the remote
# server.
#
# This configuration option specifies the http/https proxy information
# that should be used to connect to the remote server. The proxy
# information should be a key value pair of the scheme and proxy, for
# example, http:10.0.0.1:3128. You can also specify proxies for multiple
# schemes by separating the key value pairs with a comma, for example,
# http:10.0.0.1:3128, https:10.0.0.1:1080.
#
# Possible values:
#     * A comma separated list of scheme:proxy pairs as described above
#
# Related options:
#     * None
#
#  (dict value)
#http_proxy_information =

#
# Size, in megabytes, to chunk RADOS images into.
#
# Provide an integer value representing the size in megabytes to chunk
# Glance images into. The default chunk size is 8 megabytes. For optimal
# performance, the value should be a power of two.
#
# When Ceph's RBD object storage system is used as the storage backend
# for storing Glance images, the images are chunked into objects of the
# size set using this option. These chunked objects are then stored
# across the distributed block data store to use for Glance.
#
# Possible Values:
#     * Any positive integer value
#
# Related options:
#     * None
#
#  (integer value)
# Minimum value: 1
#rbd_store_chunk_size = 8

#
# RADOS pool in which images are stored.
#
# When RBD is used as the storage backend for storing Glance images, the
# images are stored by means of logical grouping of the objects (chunks
# of images) into a ``pool``. Each pool is defined with the number of
# placement groups it can contain. The default pool that is used is
# 'images'.
#
# More information on the RBD storage backend can be found here:
# http://ceph.com/planet/how-data-is-stored-in-ceph-cluster/
#
# Possible Values:
#     * A valid pool name
#
# Related options:
#     * None
#
#  (string value)
#rbd_store_pool = images

#
# RADOS user to authenticate as.
#
# This configuration option takes in the RADOS user to authenticate as.
# This is only needed when RADOS authentication is enabled and is
# applicable only if the user is using Cephx authentication. If the
# value for this option is not set by the user or is set to None, a
# default value will be chosen, which will be based on the client.
# section in rbd_store_ceph_conf.
#
# Possible Values:
#     * A valid RADOS user
#
# Related options:
#     * rbd_store_ceph_conf
#
#  (string value)
#rbd_store_user = <None>

#
# Ceph configuration file path.
#
# This configuration option specifies the path to the Ceph configuration
# file to be used. If the value for this option is not set by the user
# or is set to the empty string, librados will read the standard ceph.conf
# file by searching the default Ceph configuration file locations in
# sequential order.  See the Ceph documentation for details.
#
# NOTE: If using Cephx authentication, this file should include a reference
# to the right keyring in a client.<USER> section
#
# NOTE 2: If you leave this option empty (the default), the actual Ceph
# configuration file used may change depending on what version of librados
# is being used.  If it is important for you to know exactly which
# configuration
# file is in effect, you may specify that file here using this option.
#
# Possible Values:
#     * A valid path to a configuration file
#
# Related options:
#     * rbd_store_user
#
#  (string value)
#rbd_store_ceph_conf =

#
# Timeout value for connecting to Ceph cluster.
#
# This configuration option takes in the timeout value in seconds used
# when connecting to the Ceph cluster i.e. it sets the time to wait for
# glance-api before closing the connection. This prevents glance-api
# hangups during the connection to RBD. If the value for this option
# is set to less than or equal to 0, no timeout is set and the default
# librados value is used.
#
# Possible Values:
#     * Any integer value
#
# Related options:
#     * None
#
#  (integer value)
#rados_connect_timeout = 0

# DEPRECATED:
# Chunk size for images to be stored in Sheepdog data store.
#
# Provide an integer value representing the size in mebibyte
# (1048576 bytes) to chunk Glance images into. The default
# chunk size is 64 mebibytes.
#
# When using Sheepdog distributed storage system, the images are
# chunked into objects of this size and then stored across the
# distributed data store to use for Glance.
#
# Chunk sizes, if a power of two, help avoid fragmentation and
# enable improved performance.
#
# Possible values:
#     * Positive integer value representing size in mebibytes.
#
# Related Options:
#     * None
#
#  (integer value)
# Minimum value: 1
# This option is deprecated for removal since Train.
# Its value may be silently ignored in the future.
# Reason:
# The Sheepdog project is no longer actively maintained.  The
# Sheepdog driver is scheduled for removal in the 'U' development
# cycle.
#sheepdog_store_chunk_size = 64

# DEPRECATED:
# Port number on which the sheep daemon will listen.
#
# Provide an integer value representing a valid port number on
# which you want the Sheepdog daemon to listen on. The default
# port is 7000.
#
# The Sheepdog daemon, also called 'sheep', manages the storage
# in the distributed cluster by writing objects across the storage
# network. It identifies and acts on the messages it receives on
# the port number set using ``sheepdog_store_port`` option to store
# chunks of Glance images.
#
# Possible values:
#     * A valid port number (0 to 65535)
#
# Related Options:
#     * sheepdog_store_address
#
#  (port value)
# Minimum value: 0
# Maximum value: 65535
# This option is deprecated for removal since Train.
# Its value may be silently ignored in the future.
# Reason:
# The Sheepdog project is no longer actively maintained.  The
# Sheepdog driver is scheduled for removal in the 'U' development
# cycle.
#sheepdog_store_port = 7000

# DEPRECATED:
# Address to bind the Sheepdog daemon to.
#
# Provide a string value representing the address to bind the
# Sheepdog daemon to. The default address set for the 'sheep'
# is 127.0.0.1.
#
# The Sheepdog daemon, also called 'sheep', manages the storage
# in the distributed cluster by writing objects across the storage
# network. It identifies and acts on the messages directed to the
# address set using ``sheepdog_store_address`` option to store
# chunks of Glance images.
#
# Possible values:
#     * A valid IPv4 address
#     * A valid IPv6 address
#     * A valid hostname
#
# Related Options:
#     * sheepdog_store_port
#
#  (host address value)
# This option is deprecated for removal since Train.
# Its value may be silently ignored in the future.
# Reason:
# The Sheepdog project is no longer actively maintained.  The
# Sheepdog driver is scheduled for removal in the 'U' development
# cycle.
#sheepdog_store_address = 127.0.0.1

#
# Set verification of the server certificate.
#
# This boolean determines whether or not to verify the server
# certificate. If this option is set to True, swiftclient won't check
# for a valid SSL certificate when authenticating. If the option is set
# to False, then the default CA truststore is used for verification.
#
# Possible values:
#     * True
#     * False
#
# Related options:
#     * swift_store_cacert
#
#  (boolean value)
#swift_store_auth_insecure = false

#
# Path to the CA bundle file.
#
# This configuration option enables the operator to specify the path to
# a custom Certificate Authority file for SSL verification when
# connecting to Swift.
#
# Possible values:
#     * A valid path to a CA file
#
# Related options:
#     * swift_store_auth_insecure
#
#  (string value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#swift_store_cacert = /etc/ssl/certs/ca-certificates.crt

#
# The region of Swift endpoint to use by Glance.
#
# Provide a string value representing a Swift region where Glance
# can connect to for image storage. By default, there is no region
# set.
#
# When Glance uses Swift as the storage backend to store images
# for a specific tenant that has multiple endpoints, setting of a
# Swift region with ``swift_store_region`` allows Glance to connect
# to Swift in the specified region as opposed to a single region
# connectivity.
#
# This option can be configured for both single-tenant and
# multi-tenant storage.
#
# NOTE: Setting the region with ``swift_store_region`` is
# tenant-specific and is necessary ``only if`` the tenant has
# multiple endpoints across different regions.
#
# Possible values:
#     * A string value representing a valid Swift region.
#
# Related Options:
#     * None
#
#  (string value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#swift_store_region = RegionTwo

#
# The URL endpoint to use for Swift backend storage.
#
# Provide a string value representing the URL endpoint to use for
# storing Glance images in Swift store. By default, an endpoint
# is not set and the storage URL returned by ``auth`` is used.
# Setting an endpoint with ``swift_store_endpoint`` overrides the
# storage URL and is used for Glance image storage.
#
# NOTE: The URL should include the path up to, but excluding the
# container. The location of an object is obtained by appending
# the container and object to the configured URL.
#
# Possible values:
#     * String value representing a valid URL path up to a Swift container
#
# Related Options:
#     * None
#
#  (string value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#swift_store_endpoint = https://swift.openstack.example.org/v1/path_not_including_container_name

#
# Endpoint Type of Swift service.
#
# This string value indicates the endpoint type to use to fetch the
# Swift endpoint. The endpoint type determines the actions the user will
# be allowed to perform, for instance, reading and writing to the Store.
# This setting is only used if swift_store_auth_version is greater than
# 1.
#
# Possible values:
#     * publicURL
#     * adminURL
#     * internalURL
#
# Related options:
#     * swift_store_endpoint
#
#  (string value)
# Possible values:
# publicURL - <No description provided>
# adminURL - <No description provided>
# internalURL - <No description provided>
#swift_store_endpoint_type = publicURL

#
# Type of Swift service to use.
#
# Provide a string value representing the service type to use for
# storing images while using Swift backend storage. The default
# service type is set to ``object-store``.
#
# NOTE: If ``swift_store_auth_version`` is set to 2, the value for
# this configuration option needs to be ``object-store``. If using
# a higher version of Keystone or a different auth scheme, this
# option may be modified.
#
# Possible values:
#     * A string representing a valid service type for Swift storage.
#
# Related Options:
#     * None
#
#  (string value)
#swift_store_service_type = object-store

#
# Name of single container to store images/name prefix for multiple containers
#
# When a single container is being used to store images, this configuration
# option indicates the container within the Glance account to be used for
# storing all images. When multiple containers are used to store images, this
# will be the name prefix for all containers. Usage of single/multiple
# containers can be controlled using the configuration option
# ``swift_store_multiple_containers_seed``.
#
# When using multiple containers, the containers will be named after the value
# set for this configuration option with the first N chars of the image UUID
# as the suffix delimited by an underscore (where N is specified by
# ``swift_store_multiple_containers_seed``).
#
# Example: if the seed is set to 3 and swift_store_container = ``glance``, then
# an image with UUID ``fdae39a1-bac5-4238-aba4-69bcc726e848`` would be placed
# in
# the container ``glance_fda``. All dashes in the UUID are included when
# creating the container name but do not count toward the character limit, so
# when N=10 the container name would be ``glance_fdae39a1-ba.``
#
# Possible values:
#     * If using single container, this configuration option can be any string
#       that is a valid swift container name in Glance's Swift account
#     * If using multiple containers, this configuration option can be any
#       string as long as it satisfies the container naming rules enforced by
#       Swift. The value of ``swift_store_multiple_containers_seed`` should be
#       taken into account as well.
#
# Related options:
#     * ``swift_store_multiple_containers_seed``
#     * ``swift_store_multi_tenant``
#     * ``swift_store_create_container_on_put``
#
#  (string value)
#swift_store_container = glance

#
# The size threshold, in MB, after which Glance will start segmenting image
# data.
#
# Swift has an upper limit on the size of a single uploaded object. By default,
# this is 5GB. To upload objects bigger than this limit, objects are segmented
# into multiple smaller objects that are tied together with a manifest file.
# For more detail, refer to
# https://docs.openstack.org/swift/latest/overview_large_objects.html
#
# This configuration option specifies the size threshold over which the Swift
# driver will start segmenting image data into multiple smaller files.
# Currently, the Swift driver only supports creating Dynamic Large Objects.
#
# NOTE: This should be set by taking into account the large object limit
# enforced by the Swift cluster in consideration.
#
# Possible values:
#     * A positive integer that is less than or equal to the large object limit
#       enforced by the Swift cluster in consideration.
#
# Related options:
#     * ``swift_store_large_object_chunk_size``
#
#  (integer value)
# Minimum value: 1
#swift_store_large_object_size = 5120

#
# The maximum size, in MB, of the segments when image data is segmented.
#
# When image data is segmented to upload images that are larger than the limit
# enforced by the Swift cluster, image data is broken into segments that are no
# bigger than the size specified by this configuration option.
# Refer to ``swift_store_large_object_size`` for more detail.
#
# For example: if ``swift_store_large_object_size`` is 5GB and
# ``swift_store_large_object_chunk_size`` is 1GB, an image of size 6.2GB will
# be
# segmented into 7 segments where the first six segments will be 1GB in size
# and
# the seventh segment will be 0.2GB.
#
# Possible values:
#     * A positive integer that is less than or equal to the large object limit
#       enforced by Swift cluster in consideration.
#
# Related options:
#     * ``swift_store_large_object_size``
#
#  (integer value)
# Minimum value: 1
#swift_store_large_object_chunk_size = 200

#
# Create container, if it doesn't already exist, when uploading image.
#
# At the time of uploading an image, if the corresponding container doesn't
# exist, it will be created provided this configuration option is set to True.
# By default, it won't be created. This behavior is applicable for both single
# and multiple containers mode.
#
# Possible values:
#     * True
#     * False
#
# Related options:
#     * None
#
#  (boolean value)
#swift_store_create_container_on_put = false

#
# Store images in tenant's Swift account.
#
# This enables multi-tenant storage mode which causes Glance images to be
# stored
# in tenant specific Swift accounts. If this is disabled, Glance stores all
# images in its own account. More details multi-tenant store can be found at
# https://wiki.openstack.org/wiki/GlanceSwiftTenantSpecificStorage
#
# NOTE: If using multi-tenant swift store, please make sure
# that you do not set a swift configuration file with the
# 'swift_store_config_file' option.
#
# Possible values:
#     * True
#     * False
#
# Related options:
#     * swift_store_config_file
#
#  (boolean value)
#swift_store_multi_tenant = false

#
# Seed indicating the number of containers to use for storing images.
#
# When using a single-tenant store, images can be stored in one or more than
# one
# containers. When set to 0, all images will be stored in one single container.
# When set to an integer value between 1 and 32, multiple containers will be
# used to store images. This configuration option will determine how many
# containers are created. The total number of containers that will be used is
# equal to 16^N, so if this config option is set to 2, then 16^2=256 containers
# will be used to store images.
#
# Please refer to ``swift_store_container`` for more detail on the naming
# convention. More detail about using multiple containers can be found at
# https://specs.openstack.org/openstack/glance-specs/specs/kilo/swift-store-
# multiple-containers.html
#
# NOTE: This is used only when swift_store_multi_tenant is disabled.
#
# Possible values:
#     * A non-negative integer less than or equal to 32
#
# Related options:
#     * ``swift_store_container``
#     * ``swift_store_multi_tenant``
#     * ``swift_store_create_container_on_put``
#
#  (integer value)
# Minimum value: 0
# Maximum value: 32
#swift_store_multiple_containers_seed = 0

#
# List of tenants that will be granted admin access.
#
# This is a list of tenants that will be granted read/write access on
# all Swift containers created by Glance in multi-tenant mode. The
# default value is an empty list.
#
# Possible values:
#     * A comma separated list of strings representing UUIDs of Keystone
#       projects/tenants
#
# Related options:
#     * None
#
#  (list value)
#swift_store_admin_tenants =

#
# SSL layer compression for HTTPS Swift requests.
#
# Provide a boolean value to determine whether or not to compress
# HTTPS Swift requests for images at the SSL layer. By default,
# compression is enabled.
#
# When using Swift as the backend store for Glance image storage,
# SSL layer compression of HTTPS Swift requests can be set using
# this option. If set to False, SSL layer compression of HTTPS
# Swift requests is disabled. Disabling this option may improve
# performance for images which are already in a compressed format,
# for example, qcow2.
#
# Possible values:
#     * True
#     * False
#
# Related Options:
#     * None
#
#  (boolean value)
#swift_store_ssl_compression = true

#
# The number of times a Swift download will be retried before the
# request fails.
#
# Provide an integer value representing the number of times an image
# download must be retried before erroring out. The default value is
# zero (no retry on a failed image download). When set to a positive
# integer value, ``swift_store_retry_get_count`` ensures that the
# download is attempted this many more times upon a download failure
# before sending an error message.
#
# Possible values:
#     * Zero
#     * Positive integer value
#
# Related Options:
#     * None
#
#  (integer value)
# Minimum value: 0
#swift_store_retry_get_count = 0

#
# Time in seconds defining the size of the window in which a new
# token may be requested before the current token is due to expire.
#
# Typically, the Swift storage driver fetches a new token upon the
# expiration of the current token to ensure continued access to
# Swift. However, some Swift transactions (like uploading image
# segments) may not recover well if the token expires on the fly.
#
# Hence, by fetching a new token before the current token expiration,
# we make sure that the token does not expire or is close to expiry
# before a transaction is attempted. By default, the Swift storage
# driver requests for a new token 60 seconds or less before the
# current token expiration.
#
# Possible values:
#     * Zero
#     * Positive integer value
#
# Related Options:
#     * None
#
#  (integer value)
# Minimum value: 0
#swift_store_expire_soon_interval = 60

#
# Use trusts for multi-tenant Swift store.
#
# This option instructs the Swift store to create a trust for each
# add/get request when the multi-tenant store is in use. Using trusts
# allows the Swift store to avoid problems that can be caused by an
# authentication token expiring during the upload or download of data.
#
# By default, ``swift_store_use_trusts`` is set to ``True``(use of
# trusts is enabled). If set to ``False``, a user token is used for
# the Swift connection instead, eliminating the overhead of trust
# creation.
#
# NOTE: This option is considered only when
# ``swift_store_multi_tenant`` is set to ``True``
#
# Possible values:
#     * True
#     * False
#
# Related options:
#     * swift_store_multi_tenant
#
#  (boolean value)
#swift_store_use_trusts = true

#
# Buffer image segments before upload to Swift.
#
# Provide a boolean value to indicate whether or not Glance should
# buffer image data to disk while uploading to swift. This enables
# Glance to resume uploads on error.
#
# NOTES:
# When enabling this option, one should take great care as this
# increases disk usage on the API node. Be aware that depending
# upon how the file system is configured, the disk space used
# for buffering may decrease the actual disk space available for
# the glance image cache.  Disk utilization will cap according to
# the following equation:
# (``swift_store_large_object_chunk_size`` * ``workers`` * 1000)
#
# Possible values:
#     * True
#     * False
#
# Related options:
#     * swift_upload_buffer_dir
#
#  (boolean value)
#swift_buffer_on_upload = false

#
# Reference to default Swift account/backing store parameters.
#
# Provide a string value representing a reference to the default set
# of parameters required for using swift account/backing store for
# image storage. The default reference value for this configuration
# option is 'ref1'. This configuration option dereferences the
# parameters and facilitates image storage in Swift storage backend
# every time a new image is added.
#
# Possible values:
#     * A valid string value
#
# Related options:
#     * None
#
#  (string value)
#default_swift_reference = ref1

# DEPRECATED: Version of the authentication service to use. Valid versions are
# 2 and 3 for keystone and 1 (deprecated) for swauth and rackspace. (string
# value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason:
# The option 'auth_version' in the Swift back-end configuration file is
# used instead.
#swift_store_auth_version = 2

# DEPRECATED: The address where the Swift authentication service is listening.
# (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason:
# The option 'auth_address' in the Swift back-end configuration file is
# used instead.
#swift_store_auth_address = <None>

# DEPRECATED: The user to authenticate against the Swift authentication
# service. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason:
# The option 'user' in the Swift back-end configuration file is set instead.
#swift_store_user = <None>

# DEPRECATED: Auth key for the user authenticating against the Swift
# authentication service. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason:
# The option 'key' in the Swift back-end configuration file is used
# to set the authentication key instead.
#swift_store_key = <None>

#
# Absolute path to the file containing the swift account(s)
# configurations.
#
# Include a string value representing the path to a configuration
# file that has references for each of the configured Swift
# account(s)/backing stores. By default, no file path is specified
# and customized Swift referencing is disabled. Configuring this
# option is highly recommended while using Swift storage backend for
# image storage as it avoids storage of credentials in the database.
#
# NOTE: Please do not configure this option if you have set
# ``swift_store_multi_tenant`` to ``True``.
#
# Possible values:
#     * String value representing an absolute path on the glance-api
#       node
#
# Related options:
#     * swift_store_multi_tenant
#
#  (string value)
#swift_store_config_file = <None>

#
# Directory to buffer image segments before upload to Swift.
#
# Provide a string value representing the absolute path to the
# directory on the glance node where image segments will be
# buffered briefly before they are uploaded to swift.
#
# NOTES:
# * This is required only when the configuration option
#   ``swift_buffer_on_upload`` is set to True.
# * This directory should be provisioned keeping in mind the
#   ``swift_store_large_object_chunk_size`` and the maximum
#   number of images that could be uploaded simultaneously by
#   a given glance node.
#
# Possible values:
#     * String value representing an absolute directory path
#
# Related options:
#     * swift_buffer_on_upload
#     * swift_store_large_object_chunk_size
#
#  (string value)
#swift_upload_buffer_dir = <None>

#
# Address of the ESX/ESXi or vCenter Server target system.
#
# This configuration option sets the address of the ESX/ESXi or vCenter
# Server target system. This option is required when using the VMware
# storage backend. The address can contain an IP address (127.0.0.1) or
# a DNS name (www.my-domain.com).
#
# Possible Values:
#     * A valid IPv4 or IPv6 address
#     * A valid DNS name
#
# Related options:
#     * vmware_server_username
#     * vmware_server_password
#
#  (host address value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#vmware_server_host = 127.0.0.1

#
# Server username.
#
# This configuration option takes the username for authenticating with
# the VMware ESX/ESXi or vCenter Server. This option is required when
# using the VMware storage backend.
#
# Possible Values:
#     * Any string that is the username for a user with appropriate
#       privileges
#
# Related options:
#     * vmware_server_host
#     * vmware_server_password
#
#  (string value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#vmware_server_username = root

#
# Server password.
#
# This configuration option takes the password for authenticating with
# the VMware ESX/ESXi or vCenter Server. This option is required when
# using the VMware storage backend.
#
# Possible Values:
#     * Any string that is a password corresponding to the username
#       specified using the "vmware_server_username" option
#
# Related options:
#     * vmware_server_host
#     * vmware_server_username
#
#  (string value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#vmware_server_password = vmware

#
# The number of VMware API retries.
#
# This configuration option specifies the number of times the VMware
# ESX/VC server API must be retried upon connection related issues or
# server API call overload. It is not possible to specify 'retry
# forever'.
#
# Possible Values:
#     * Any positive integer value
#
# Related options:
#     * None
#
#  (integer value)
# Minimum value: 1
#vmware_api_retry_count = 10

#
# Interval in seconds used for polling remote tasks invoked on VMware
# ESX/VC server.
#
# This configuration option takes in the sleep time in seconds for polling an
# on-going async task as part of the VMWare ESX/VC server API call.
#
# Possible Values:
#     * Any positive integer value
#
# Related options:
#     * None
#
#  (integer value)
# Minimum value: 1
#vmware_task_poll_interval = 5

#
# The directory where the glance images will be stored in the datastore.
#
# This configuration option specifies the path to the directory where the
# glance images will be stored in the VMware datastore. If this option
# is not set,  the default directory where the glance images are stored
# is openstack_glance.
#
# Possible Values:
#     * Any string that is a valid path to a directory
#
# Related options:
#     * None
#
#  (string value)
#vmware_store_image_dir = /openstack_glance

#
# Set verification of the ESX/vCenter server certificate.
#
# This configuration option takes a boolean value to determine
# whether or not to verify the ESX/vCenter server certificate. If this
# option is set to True, the ESX/vCenter server certificate is not
# verified. If this option is set to False, then the default CA
# truststore is used for verification.
#
# This option is ignored if the "vmware_ca_file" option is set. In that
# case, the ESX/vCenter server certificate will then be verified using
# the file specified using the "vmware_ca_file" option .
#
# Possible Values:
#     * True
#     * False
#
# Related options:
#     * vmware_ca_file
#
#  (boolean value)
# Deprecated group/name - [glance_store]/vmware_api_insecure
#vmware_insecure = false

#
# Absolute path to the CA bundle file.
#
# This configuration option enables the operator to use a custom
# Cerificate Authority File to verify the ESX/vCenter certificate.
#
# If this option is set, the "vmware_insecure" option will be ignored
# and the CA file specified will be used to authenticate the ESX/vCenter
# server certificate and establish a secure connection to the server.
#
# Possible Values:
#     * Any string that is a valid absolute path to a CA file
#
# Related options:
#     * vmware_insecure
#
#  (string value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#vmware_ca_file = /etc/ssl/certs/ca-certificates.crt

#
# The datastores where the image can be stored.
#
# This configuration option specifies the datastores where the image can
# be stored in the VMWare store backend. This option may be specified
# multiple times for specifying multiple datastores. The datastore name
# should be specified after its datacenter path, separated by ":". An
# optional weight may be given after the datastore name, separated again
# by ":" to specify the priority. Thus, the required format becomes
# <datacenter_path>:<datastore_name>:<optional_weight>.
#
# When adding an image, the datastore with highest weight will be
# selected, unless there is not enough free space available in cases
# where the image size is already known. If no weight is given, it is
# assumed to be zero and the directory will be considered for selection
# last. If multiple datastores have the same weight, then the one with
# the most free space available is selected.
#
# Possible Values:
#     * Any string of the format:
#       <datacenter_path>:<datastore_name>:<optional_weight>
#
# Related options:
#    * None
#
#  (multi valued)
#vmware_datastores =


[healthcheck]

#
# From oslo.middleware
#

# DEPRECATED: The path to respond to healtcheck requests on. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#path = /healthcheck

# Show more detailed information as part of the response. Security note:
# Enabling this option may expose sensitive details about the service being
# monitored. Be sure to verify that it will not violate your security policies.
# (boolean value)
#detailed = false

# Additional backends that can perform health checks and report that
# information back as part of a request. (list value)
#backends =

# Check the presence of a file to determine if an application is running on a
# port. Used by DisableByFileHealthcheck plugin. (string value)
#disable_by_file_path = <None>

# Check the presence of a file based on a port to determine if an application
# is running on a port. Expects a "port:path" list of strings. Used by
# DisableByFilesPortsHealthcheck plugin. (list value)
#disable_by_file_paths =


[k8s_vim]

#
# From tacker.nfvo.drivers.vim.kubernetes_driver
#

# Use barbican to encrypt vim password if True, save vim credentials in local
# file system if False (boolean value)
#use_barbican = true


[key_manager]

#
# From tacker.keymgr
#

# The full class name of the key manager API class (string value)
#api_class = tacker.keymgr.barbican_key_manager.BarbicanKeyManager


[keystone_authtoken]

#
# From keystonemiddleware.auth_token
#

# Complete "public" Identity API endpoint. This endpoint should not be an
# "admin" endpoint, as it should be accessible by all end users.
# Unauthenticated clients are redirected to this endpoint to authenticate.
# Although this endpoint should ideally be unversioned, client support in the
# wild varies. If you're using a versioned v2 endpoint here, then this should
# *not* be the same endpoint the service user utilizes for validating tokens,
# because normal end users may not be able to reach that endpoint. (string
# value)
# Deprecated group/name - [keystone_authtoken]/auth_uri
#www_authenticate_uri = <None>

# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not
# be an "admin" endpoint, as it should be accessible by all end users.
# Unauthenticated clients are redirected to this endpoint to authenticate.
# Although this endpoint should ideally be unversioned, client support in the
# wild varies. If you're using a versioned v2 endpoint here, then this should
# *not* be the same endpoint the service user utilizes for validating tokens,
# because normal end users may not be able to reach that endpoint. This option
# is deprecated in favor of www_authenticate_uri and will be removed in the S
# release. (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri
# and will be removed in the S  release.
#auth_uri = <None>

# API version of the Identity API endpoint. (string value)
#auth_version = <None>

# Interface to use for the Identity API endpoint. Valid values are "public",
# "internal" or "admin"(default). (string value)
#interface = admin

# Do not handle authorization requests within the middleware, but delegate the
# authorization decision to downstream WSGI components. (boolean value)
#delay_auth_decision = false

# Request timeout value for communicating with Identity API server. (integer
# value)
#http_connect_timeout = <None>

# How many times are we trying to reconnect when communicating with Identity
# API Server. (integer value)
#http_request_max_retries = 3

# Request environment key where the Swift cache object is stored. When
# auth_token middleware is deployed with a Swift cache, use this option to have
# the middleware share a caching backend with swift. Otherwise, use the
# ``memcached_servers`` option instead. (string value)
#cache = <None>

# Required if identity server requires client certificate (string value)
#certfile = <None>

# Required if identity server requires client certificate (string value)
#keyfile = <None>

# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
# Defaults to system CAs. (string value)
#cafile = <None>

# Verify HTTPS connections. (boolean value)
#insecure = false

# The region in which the identity server can be found. (string value)
#region_name = <None>

# Optionally specify a list of memcached server(s) to use for caching. If left
# undefined, tokens will instead be cached in-process. (list value)
# Deprecated group/name - [keystone_authtoken]/memcache_servers
#memcached_servers = <None>

# In order to prevent excessive effort spent validating tokens, the middleware
# caches previously-seen tokens for a configurable duration (in seconds). Set
# to -1 to disable caching completely. (integer value)
#token_cache_time = 300

# (Optional) If defined, indicate whether token data should be authenticated or
# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
# cache. If the value is not one of these options or empty, auth_token will
# raise an exception on initialization. (string value)
# Possible values:
# None - <No description provided>
# MAC - <No description provided>
# ENCRYPT - <No description provided>
#memcache_security_strategy = None

# (Optional, mandatory if memcache_security_strategy is defined) This string is
# used for key derivation. (string value)
#memcache_secret_key = <None>

# (Optional) Number of seconds memcached server is considered dead before it is
# tried again. (integer value)
#memcache_pool_dead_retry = 300

# (Optional) Maximum total number of open connections to every memcached
# server. (integer value)
#memcache_pool_maxsize = 10

# (Optional) Socket timeout in seconds for communicating with a memcached
# server. (integer value)
#memcache_pool_socket_timeout = 3

# (Optional) Number of seconds a connection to memcached is held unused in the
# pool before it is closed. (integer value)
#memcache_pool_unused_timeout = 60

# (Optional) Number of seconds that an operation will wait to get a memcached
# client connection from the pool. (integer value)
#memcache_pool_conn_get_timeout = 10

# (Optional) Use the advanced (eventlet safe) memcached client pool. The
# advanced pool will only work under python 2.x. (boolean value)
#memcache_use_advanced_pool = false

# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
# middleware will not ask for service catalog on token validation and will not
# set the X-Service-Catalog header. (boolean value)
#include_service_catalog = true

# Used to control the use and type of token binding. Can be set to: "disabled"
# to not check token binding. "permissive" (default) to validate binding
# information if the bind type is of a form known to the server and ignore it
# if not. "strict" like "permissive" but if the bind type is unknown the token
# will be rejected. "required" any form of token binding is needed to be
# allowed. Finally the name of a binding method that must be present in tokens.
# (string value)
#enforce_token_bind = permissive

# A choice of roles that must be present in a service token. Service tokens are
# allowed to request that an expired token can be used and so this check should
# tightly control that only actual services should be sending this token. Roles
# here are applied as an ANY check so any role in this list must be present.
# For backwards compatibility reasons this currently only affects the
# allow_expired check. (list value)
#service_token_roles = service

# For backwards compatibility reasons we must let valid service tokens pass
# that don't pass the service_token_roles check as valid. Setting this true
# will become the default in a future release and should be enabled if
# possible. (boolean value)
#service_token_roles_required = false

# The name or type of the service as it appears in the service catalog. This is
# used to validate tokens that have restricted access rules. (string value)
#service_type = <None>

# Authentication type to load (string value)
# Deprecated group/name - [keystone_authtoken]/auth_plugin
#auth_type = <None>

# Config Section from which to load plugin specific options (string value)
#auth_section = <None>


[kubernetes_vim]

#
# From tacker.vnfm.infra_drivers.kubernetes.kubernetes_driver
#

# Number of attempts to retry for stack creation/deletion (integer value)
#stack_retries = 100

# Wait time (in seconds) between consecutive stack create/delete retries
# (integer value)
#stack_retry_wait = 5


[monitor]

#
# From tacker.vnfm.monitor
#

# check interval for monitor (integer value)
#check_intvl = 10


[monitor_http_ping]

#
# From tacker.vnfm.monitor_drivers.http_ping.http_ping
#

# Number of times to retry (integer value)
#retry = 5

# Number of seconds to wait for a response (integer value)
#timeout = 1

# HTTP port number to send request (integer value)
#port = 80


[monitor_ping]

#
# From tacker.vnfm.monitor_drivers.ping.ping
#

# Number of ICMP packets to send (string value)
#count = 1

# Number of seconds to wait for a response (string value)
#timeout = 1

# Number of seconds to wait between packets (string value)
#interval = 1


[nfvo_vim]

#
# From tacker.nfvo.nfvo_plugin
#

# VIM driver for launching VNFs (list value)
#vim_drivers = openstack,kubernetes

# Interval to check for VIM health (integer value)
#monitor_interval = 30


[openstack_vim]

#
# From tacker.vnfm.infra_drivers.openstack.openstack
#

# Number of attempts to retry for stack creation/deletion (integer value)
#stack_retries = 60

# Wait time (in seconds) between consecutive stack create/delete retries
# (integer value)
#stack_retry_wait = 10


[openwrt]

#
# From tacker.vnfm.mgmt_drivers.openwrt.openwrt
#

# User name to login openwrt (string value)
#user = root

# Password to login openwrt (string value)
#password =


[oslo_messaging_amqp]

#
# From oslo.messaging
#

# Name for the AMQP container. must be globally unique. Defaults to a generated
# UUID (string value)
#container_name = <None>

# Timeout for inactive connections (in seconds) (integer value)
#idle_timeout = 0

# Debug: dump AMQP frames to stdout (boolean value)
#trace = false

# Attempt to connect via SSL. If no other ssl-related parameters are given, it
# will use the system's CA-bundle to verify the server's certificate. (boolean
# value)
#ssl = false

# CA certificate PEM file used to verify the server's certificate (string
# value)
#ssl_ca_file =

# Self-identifying certificate PEM file for client authentication (string
# value)
#ssl_cert_file =

# Private key PEM file used to sign ssl_cert_file certificate (optional)
# (string value)
#ssl_key_file =

# Password for decrypting ssl_key_file (if encrypted) (string value)
#ssl_key_password = <None>

# By default SSL checks that the name in the server's certificate matches the
# hostname in the transport_url. In some configurations it may be preferable to
# use the virtual hostname instead, for example if the server uses the Server
# Name Indication TLS extension (rfc6066) to provide a certificate per virtual
# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the
# virtual host name instead of the DNS name. (boolean value)
#ssl_verify_vhost = false

# Space separated list of acceptable SASL mechanisms (string value)
#sasl_mechanisms =

# Path to directory that contains the SASL configuration (string value)
#sasl_config_dir =

# Name of configuration file (without .conf suffix) (string value)
#sasl_config_name =

# SASL realm to use if no realm present in username (string value)
#sasl_default_realm =

# Seconds to pause before attempting to re-connect. (integer value)
# Minimum value: 1
#connection_retry_interval = 1

# Increase the connection_retry_interval by this many seconds after each
# unsuccessful failover attempt. (integer value)
# Minimum value: 0
#connection_retry_backoff = 2

# Maximum limit for connection_retry_interval + connection_retry_backoff
# (integer value)
# Minimum value: 1
#connection_retry_interval_max = 30

# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
# recoverable error. (integer value)
# Minimum value: 1
#link_retry_delay = 10

# The maximum number of attempts to re-send a reply message which failed due to
# a recoverable error. (integer value)
# Minimum value: -1
#default_reply_retry = 0

# The deadline for an rpc reply message delivery. (integer value)
# Minimum value: 5
#default_reply_timeout = 30

# The deadline for an rpc cast or call message delivery. Only used when caller
# does not provide a timeout expiry. (integer value)
# Minimum value: 5
#default_send_timeout = 30

# The deadline for a sent notification message delivery. Only used when caller
# does not provide a timeout expiry. (integer value)
# Minimum value: 5
#default_notify_timeout = 30

# The duration to schedule a purge of idle sender links. Detach link after
# expiry. (integer value)
# Minimum value: 1
#default_sender_link_timeout = 600

# Indicates the addressing mode used by the driver.
# Permitted values:
# 'legacy'   - use legacy non-routable addressing
# 'routable' - use routable addresses
# 'dynamic'  - use legacy addresses if the message bus does not support routing
# otherwise use routable addressing (string value)
#addressing_mode = dynamic

# Enable virtual host support for those message buses that do not natively
# support virtual hosting (such as qpidd). When set to true the virtual host
# name will be added to all message bus addresses, effectively creating a
# private 'subnet' per virtual host. Set to False if the message bus supports
# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative
# as the name of the virtual host. (boolean value)
#pseudo_vhost = true

# address prefix used when sending to a specific server (string value)
#server_request_prefix = exclusive

# address prefix used when broadcasting to all servers (string value)
#broadcast_prefix = broadcast

# address prefix when sending to any server in group (string value)
#group_request_prefix = unicast

# Address prefix for all generated RPC addresses (string value)
#rpc_address_prefix = openstack.org/om/rpc

# Address prefix for all generated Notification addresses (string value)
#notify_address_prefix = openstack.org/om/notify

# Appended to the address prefix when sending a fanout message. Used by the
# message bus to identify fanout messages. (string value)
#multicast_address = multicast

# Appended to the address prefix when sending to a particular RPC/Notification
# server. Used by the message bus to identify messages sent to a single
# destination. (string value)
#unicast_address = unicast

# Appended to the address prefix when sending to a group of consumers. Used by
# the message bus to identify messages that should be delivered in a round-
# robin fashion across consumers. (string value)
#anycast_address = anycast

# Exchange name used in notification addresses.
# Exchange name resolution precedence:
# Target.exchange if set
# else default_notification_exchange if set
# else control_exchange if set
# else 'notify' (string value)
#default_notification_exchange = <None>

# Exchange name used in RPC addresses.
# Exchange name resolution precedence:
# Target.exchange if set
# else default_rpc_exchange if set
# else control_exchange if set
# else 'rpc' (string value)
#default_rpc_exchange = <None>

# Window size for incoming RPC Reply messages. (integer value)
# Minimum value: 1
#reply_link_credit = 200

# Window size for incoming RPC Request messages (integer value)
# Minimum value: 1
#rpc_server_credit = 100

# Window size for incoming Notification messages (integer value)
# Minimum value: 1
#notify_server_credit = 100

# Send messages of this type pre-settled.
# Pre-settled messages will not receive acknowledgement
# from the peer. Note well: pre-settled messages may be
# silently discarded if the delivery fails.
# Permitted values:
# 'rpc-call' - send RPC Calls pre-settled
# 'rpc-reply'- send RPC Replies pre-settled
# 'rpc-cast' - Send RPC Casts pre-settled
# 'notify'   - Send Notifications pre-settled
#  (multi valued)
#pre_settled = rpc-cast
#pre_settled = rpc-reply


[oslo_messaging_kafka]

#
# From oslo.messaging
#

# Max fetch bytes of Kafka consumer (integer value)
#kafka_max_fetch_bytes = 1048576

# Default timeout(s) for Kafka consumers (floating point value)
#kafka_consumer_timeout = 1.0

# DEPRECATED: Pool Size for Kafka Consumers (integer value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: Driver no longer uses connection pool.
#pool_size = 10

# DEPRECATED: The pool size limit for connections expiration policy (integer
# value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: Driver no longer uses connection pool.
#conn_pool_min_size = 2

# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer
# value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: Driver no longer uses connection pool.
#conn_pool_ttl = 1200

# Group id for Kafka consumer. Consumers in one group will coordinate message
# consumption (string value)
#consumer_group = oslo_messaging_consumer

# Upper bound on the delay for KafkaProducer batching in seconds (floating
# point value)
#producer_batch_timeout = 0.0

# Size of batch for the producer async send (integer value)
#producer_batch_size = 16384

# The compression codec for all data generated by the producer. If not set,
# compression will not be used. Note that the allowed values of this depend on
# the kafka version (string value)
# Possible values:
# none - <No description provided>
# gzip - <No description provided>
# snappy - <No description provided>
# lz4 - <No description provided>
# zstd - <No description provided>
#compression_codec = none

# Enable asynchronous consumer commits (boolean value)
#enable_auto_commit = false

# The maximum number of records returned in a poll call (integer value)
#max_poll_records = 500

# Protocol used to communicate with brokers (string value)
# Possible values:
# PLAINTEXT - <No description provided>
# SASL_PLAINTEXT - <No description provided>
# SSL - <No description provided>
# SASL_SSL - <No description provided>
#security_protocol = PLAINTEXT

# Mechanism when security protocol is SASL (string value)
#sasl_mechanism = PLAIN

# CA certificate PEM file used to verify the server certificate (string value)
#ssl_cafile =


[oslo_messaging_notifications]

#
# From oslo.messaging
#

# The Drivers(s) to handle sending notifications. Possible values are
# messaging, messagingv2, routing, log, test, noop (multi valued)
# Deprecated group/name - [DEFAULT]/notification_driver
#driver =

# A URL representing the messaging driver to use for notifications. If not set,
# we fall back to the same configuration used for RPC. (string value)
# Deprecated group/name - [DEFAULT]/notification_transport_url
#transport_url = <None>

# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
# Deprecated group/name - [DEFAULT]/notification_topics
#topics = notifications

# The maximum number of attempts to re-send a notification message which failed
# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite
# (integer value)
#retry = -1


[oslo_messaging_rabbit]

#
# From oslo.messaging
#

# Use durable queues in AMQP. (boolean value)
#amqp_durable_queues = false

# Auto-delete queues in AMQP. (boolean value)
#amqp_auto_delete = false

# Connect over SSL. (boolean value)
# Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl
#ssl = false

# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
# distributions. (string value)
# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version
#ssl_version =

# SSL key file (valid only if SSL enabled). (string value)
# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile
#ssl_key_file =

# SSL cert file (valid only if SSL enabled). (string value)
# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile
#ssl_cert_file =

# SSL certification authority file (valid only if SSL enabled). (string value)
# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
#ssl_ca_file =

# EXPERIMENTAL: Run the health check heartbeat threadthrough a native python
# thread. By default if thisoption isn't provided the  health check heartbeat
# willinherit the execution model from the parent process. Byexample if the
# parent process have monkey patched thestdlib by using eventlet/greenlet then
# the heartbeatwill be run through a green thread. (boolean value)
#heartbeat_in_pthread = false

# How long to wait before reconnecting in response to an AMQP consumer cancel
# notification. (floating point value)
#kombu_reconnect_delay = 1.0

# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
# be used. This option may not be available in future versions. (string value)
#kombu_compression = <None>

# How long to wait a missing client before abandoning to send it its replies.
# This value should not be longer than rpc_response_timeout. (integer value)
# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
#kombu_missing_consumer_retry_timeout = 60

# Determines how the next RabbitMQ node is chosen in case the one we are
# currently connected to becomes unavailable. Takes effect only if more than
# one RabbitMQ node is provided in config. (string value)
# Possible values:
# round-robin - <No description provided>
# shuffle - <No description provided>
#kombu_failover_strategy = round-robin

# The RabbitMQ login method. (string value)
# Possible values:
# PLAIN - <No description provided>
# AMQPLAIN - <No description provided>
# RABBIT-CR-DEMO - <No description provided>
#rabbit_login_method = AMQPLAIN

# How frequently to retry connecting with RabbitMQ. (integer value)
#rabbit_retry_interval = 1

# How long to backoff for between retries when connecting to RabbitMQ. (integer
# value)
#rabbit_retry_backoff = 2

# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
# (integer value)
#rabbit_interval_max = 30

# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
# is no longer controlled by the x-ha-policy argument when declaring a queue.
# If you just want to make sure that all queues (except those with auto-
# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
#rabbit_ha_queues = false

# Positive integer representing duration in seconds for queue TTL (x-expires).
# Queues which are unused for the duration of the TTL are automatically
# deleted. The parameter affects only reply and fanout queues. (integer value)
# Minimum value: 1
#rabbit_transient_queues_ttl = 1800

# Specifies the number of messages to prefetch. Setting to zero allows
# unlimited messages. (integer value)
#rabbit_qos_prefetch_count = 0

# Number of seconds after which the Rabbit broker is considered down if
# heartbeat's keep-alive fails (0 disables heartbeat). (integer value)
#heartbeat_timeout_threshold = 60

# How often times during the heartbeat_timeout_threshold we check the
# heartbeat. (integer value)
#heartbeat_rate = 2

# Enable/Disable the RabbitMQ mandatory flag for direct send. The direct send
# is used as reply,so the MessageUndeliverable exception is raised in case the
# client queue does not exist. (integer value)
#direct_mandatory_flag = True


[oslo_middleware]

#
# From oslo.middleware
#

# The maximum body size for each  request, in bytes. (integer value)
# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
# Deprecated group/name - [DEFAULT]/max_request_body_size
#max_request_body_size = 114688

# DEPRECATED: The HTTP Header that will be used to determine what the original
# request protocol scheme was, even if it was hidden by a SSL termination
# proxy. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
#secure_proxy_ssl_header = X-Forwarded-Proto

# Whether the application is behind a proxy or not. This determines if the
# middleware should parse the headers or not. (boolean value)
#enable_proxy_headers_parsing = false


[oslo_policy]

#
# From oslo.policy
#

# This option controls whether or not to enforce scope when evaluating
# policies. If ``True``, the scope of the token used in the request is compared
# to the ``scope_types`` of the policy being enforced. If the scopes do not
# match, an ``InvalidScope`` exception will be raised. If ``False``, a message
# will be logged informing operators that policies are being invoked with
# mismatching scope. (boolean value)
#enforce_scope = false

# The relative or absolute path of a file that maps roles to permissions for a
# given service. Relative paths must be specified in relation to the
# configuration file setting this option. (string value)
#policy_file = policy.json

# Default rule. Enforced when a requested rule is not found. (string value)
#policy_default_rule = default

# Directories where policy configuration files are stored. They can be relative
# to any directory in the search path defined by the config_dir option, or
# absolute paths. The file defined by policy_file must exist for these
# directories to be searched.  Missing or empty directories are ignored. (multi
# valued)
#policy_dirs = policy.d

# Content Type to send and receive data for REST based policy check (string
# value)
# Possible values:
# application/x-www-form-urlencoded - <No description provided>
# application/json - <No description provided>
#remote_content_type = application/x-www-form-urlencoded

# server identity verification for REST based policy check (boolean value)
#remote_ssl_verify_server_crt = false

# Absolute path to ca cert file for REST based policy check (string value)
#remote_ssl_ca_crt_file = <None>

# Absolute path to client cert for REST based policy check (string value)
#remote_ssl_client_crt_file = <None>

# Absolute path client key file REST based policy check (string value)
#remote_ssl_client_key_file = <None>


[tacker]

#
# From tacker.vnfm.monitor
#

# Monitor driver to communicate with Hosting VNF/logical service instance
# tacker plugin will use (list value)
#monitor_driver = ping,http_ping

# Alarm monitoring driver to communicate with Hosting VNF/logical service
# instance tacker plugin will use (list value)
#alarm_monitor_driver = ceilometer

# App monitoring driver to communicate with Hosting VNF/logical service
# instance tacker plugin will use (list value)
#app_monitor_driver = zabbix

#
# From tacker.vnfm.plugin
#

# MGMT driver to communicate with Hosting VNF/logical service instance tacker
# plugin will use (list value)
#mgmt_driver = noop,openwrt

# Time interval to wait for VM to boot (integer value)
#boot_wait = 30

# Hosting vnf drivers tacker plugin will use (list value)
#infra_driver = noop,openstack,kubernetes

# Hosting vnf drivers tacker plugin will use (list value)
#policy_action = autoscaling,respawn,vdu_autoheal,log,log_and_kill


[vim_keys]

#
# From tacker.nfvo.drivers.vim.openstack_driver
#

# Dir.path to store fernet keys. (string value)
#openstack = /etc/tacker/vim/fernet_keys

# Use barbican to encrypt vim password if True, save vim credentials in local
# file system if False (boolean value)
#use_barbican = false


[vim_monitor]

#
# From tacker.nfvo.drivers.vim.openstack_driver
#

# Number of ICMP packets to send (string value)
#count = 1

# Number of seconds to wait for a response (string value)
#timeout = 1

# Number of seconds to wait between packets (string value)
#interval = 1


[vnf_package]
#
# Options under this group are used to store vnf packages in glance store.

#
# From tacker.conf
#

# Path to store extracted CSAR file (string value)
#vnf_package_csar_path = /var/lib/tacker/vnfpackages/

#
# Maximum size of CSAR file a user can upload in GB.
#
# An CSAR file upload greater than the size mentioned here would result
# in an CSAR upload failure. This configuration option defaults to
# 1024 GB (1 TiB).
#
# NOTES:
#     * This value should only be increased after careful
#       consideration and must be set less than or equal to
#       8 EiB (~9223372036).
#     * This value must be set with careful consideration of the
#       backend storage capacity. Setting this to a very low value
#       may result in a large number of image failures. And, setting
#       this to a very large value may result in faster consumption
#       of storage. Hence, this must be set according to the nature of
#       images created and storage capacity available.
#
# Possible values:
#     * Any positive number less than or equal to 9223372036854775808
#  (floating point value)
# Minimum value: 0
# Maximum value: 9223372036
#csar_file_size_cap = 1024

#
# Secure hashing algorithm used for computing the 'hash' property.
#
# Possible values:
#     * sha256, sha512
#
# Related options:
#     * None
#  (string value)
#hashing_algorithm = sha512