[DEFAULT]
debug = {{ zun_logging_debug }}

{% if service_name == 'zun-api' %}
# Force zun-api.log or will use app.wsgi
log_file = /var/log/kolla/zun/zun-api.log
{% endif %}

log_dir = /var/log/kolla/zun
transport_url = {{ rpc_transport_url }}

state_path = /var/lib/zun
container_driver = docker
capsule_driver = cri

[network]
driver = kuryr

[api]
host_ip = {{ api_interface_address }}
port = {{ zun_api_port }}
workers = {{ openstack_service_workers }}

[database]
connection = mysql+pymysql://{{ zun_database_user }}:{{ zun_database_password }}@{{ zun_database_address }}/{{ zun_database_name }}
connection_recycle_time = {{ database_connection_recycle_time }}
max_pool_size = {{ database_max_pool_size }}
max_retries = -1

# NOTE(yoctozepto): despite what the docs say, both keystone_auth and
# keystone_authtoken sections are used and Zun internals may use either -
# - best keep them both in sync
[keystone_auth]
www_authenticate_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_admin_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ zun_keystone_user }}
password = {{ zun_keystone_password }}
service_token_roles_required = True
region_name = {{ openstack_region_name }}
cafile = {{ openstack_cacert }}

{% if enable_memcached | bool %}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% endif %}

# NOTE(yoctozepto): despite what the docs say, both keystone_auth and
# keystone_authtoken sections are used and Zun internals may use either -
# - best keep them both in sync
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_admin_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ zun_keystone_user }}
password = {{ zun_keystone_password }}
service_token_roles_required = True
region_name = {{ openstack_region_name }}
cafile = {{ openstack_cacert }}

{% if enable_memcached | bool %}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% endif %}

[zun_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
ca_file = {{ openstack_cacert }}

[glance_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
ca_file = {{ openstack_cacert }}

[neutron_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
ca_file = {{ openstack_cacert }}

[cinder_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
ca_file = {{ openstack_cacert }}

[placement_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
ca_file = {{ openstack_cacert }}

{% if enable_osprofiler | bool %}
[profiler]
enabled = true
trace_sqlalchemy = true
hmac_keys = {{ osprofiler_secret }}
connection_string = {{ osprofiler_backend_connection_string }}
{% endif %}

[oslo_concurrency]
lock_path = /var/lib/zun/tmp

{% if zun_policy_file is defined %}
[oslo_policy]
policy_file = {{ zun_policy_file }}
{% endif %}

[compute]
host_shared_with_nova = {{ inventory_hostname in groups['compute'] and enable_nova | bool and not enable_nova_fake | bool }}

[websocket_proxy]
wsproxy_host = {{ api_interface_address }}
wsproxy_port = {{ zun_wsproxy_port }}
base_url = ws://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ zun_wsproxy_port }}

[docker]
api_url = tcp://{{ api_interface_address | put_address_in_context('url') }}:2375
docker_remote_api_host = {{ api_interface_address }}
docker_remote_api_port = 2375

[cni_daemon]
cni_daemon_port = {{ zun_cni_daemon_port }}

{% if om_enable_rabbitmq_tls | bool %}
[oslo_messaging_rabbit]
ssl = true
ssl_ca_file = {{ om_rabbitmq_cacert }}
{% endif %}