openstack-ansible/playbooks/roles/os_heat/templates/heat.conf.j2

# {{ ansible_managed }}

{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
{% set api_threads = _api_threads if _api_threads > 0 else 1 %}

[DEFAULT]
verbose = {{ verbose }}
debug = {{ debug }}
fatal_deprecations = {{ heat_fatal_deprecations }}

log_file = /var/log/heat/heat.log

stack_domain_admin_password = {{ heat_stack_domain_admin_password }}
stack_domain_admin = {{ heat_stack_domain_admin }}
stack_user_domain_name = {{ heat_stack_user_domain_name }}
max_nested_stack_depth = {{ heat_max_nested_stack_depth }}
heat_watch_server_url = {{ heat_watch_server_url }}
heat_waitcondition_server_url = {{ heat_waitcondition_server_url }}
heat_metadata_server_url = {{ heat_metadata_server_url }}

deferred_auth_method = {{ heat_deferred_auth_method }}
trusts_delegated_roles = {{ heat_trusts_delegated_roles | join(',') }}

auth_encryption_key = {{ heat_auth_encryption_key }}

num_engine_workers = {{ heat_engine_workers | default(api_threads) }}

## RPC Backend
rpc_backend = {{ heat_rpc_backend }}

## Plugin dirs
plugin_dirs = {{ heat_plugin_dirs | join(',') }}

# Ceilometer options
{% if heat_ceilometer_enabled %}
notification_driver = messagingv2
{% endif %}


[clients]
endpoint_type = {{ heat_clients_endpoint }}

[clients_heat]
endpoint_type = {{ heat_clients_heat_endpoint }}

[clients_keystone]
insecure = {{ keystone_service_internaluri_insecure | bool }}
endpoint_type = {{ heat_clients_endpoint }}
auth_uri = {{ keystone_service_internaluri }}

[database]
connection = mysql+pymysql://{{ heat_galera_user }}:{{ heat_container_mysql_password }}@{{ heat_galera_address }}/{{ heat_galera_database }}?charset=utf8

[ec2authtoken]
auth_uri = {{ keystone_service_internalurl }}

[heat_api]
bind_port = {{ heat_service_port }}
workers = {{ heat_api_workers | default(api_threads) }}

[heat_api_cfn]
bind_port = {{ heat_cfn_service_port }}

[heat_api_cloudwatch]
bind_port = {{ heat_watch_port }}


[oslo_messaging_rabbit]
rabbit_port = {{ rabbitmq_port }}
rabbit_userid = {{ heat_rabbitmq_userid }}
rabbit_password = {{ heat_rabbitmq_password }}
rabbit_virtual_host = {{ heat_rabbitmq_vhost }}
rabbit_hosts = {{ rabbitmq_servers }}
rabbit_use_ssl = {{ rabbitmq_use_ssl }}


[profiler]
profiler_enabled = {{ heat_profiler_enabled }}
trace_sqlalchemy = {{ heat_profiler_trace_sqlalchemy }}


[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ heat_keystone_auth_plugin }}
signing_dir = {{ heat_system_home_folder }}/cache/heat
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ heat_service_project_domain_id }}
user_domain_id = {{ heat_service_user_domain_id }}
project_name = {{ heat_service_project_name }}
username = {{ heat_service_user_name }}
password = {{ heat_service_password }}

memcached_servers = {{ memcached_servers }}

token_cache_time = 300
revocation_cache_time = 60

# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}

# if your keystone deployment uses PKI, and you value security over performance:
check_revocations_for_cached = False

[trustee]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ heat_keystone_trustee_auth_plugin }}
signing_dir = {{ heat_system_home_folder }}/cache/heat
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ heat_service_trustee_project_domain_id }}
user_domain_id = {{ heat_service_trustee_user_domain_id }}
project_name = {{ heat_service_trustee_project_name }}
username = {{ heat_service_trustee_user_name }}
password = {{ heat_service_trustee_password }}