f87946cfd5
keystone auth_token middleware now allows quantum to have auth_token configuration in quantum.conf. This commit moves the example of auth_token configuration from api-paste.ini to quantum.conf. This simplifies user configuations and users is no longer required to edit api-paste.ini. This change does not break backward compatibility. auth_token first tries the configurations in /etc/quantum/api-paste.ini and then the above configurations. Thus a user who already use api-paste.ini does not need to change it. DocImpact Change-Id: I5a4c48b14428e29ea2a331880e1de0afd69c97b5
219 lines
7.0 KiB
Plaintext
219 lines
7.0 KiB
Plaintext
[DEFAULT]
|
|
# Default log level is INFO
|
|
# verbose and debug has the same result.
|
|
# One of them will set DEBUG log level output
|
|
# debug = False
|
|
# verbose = False
|
|
|
|
# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
|
|
# log_date_format = %Y-%m-%d %H:%M:%S
|
|
|
|
# use_syslog -> syslog
|
|
# log_file and log_dir -> log_dir/log_file
|
|
# (not log_file) and log_dir -> log_dir/{binary_name}.log
|
|
# use_stderr -> stderr
|
|
# (not user_stderr) and (not log_file) -> stdout
|
|
# publish_errors -> notification system
|
|
|
|
# use_syslog = False
|
|
# syslog_log_facility = LOG_USER
|
|
|
|
# use_stderr = True
|
|
# log_file =
|
|
# log_dir =
|
|
|
|
# publish_errors = False
|
|
|
|
# Address to bind the API server
|
|
bind_host = 0.0.0.0
|
|
|
|
# Port the bind the API server to
|
|
bind_port = 9696
|
|
|
|
# Path to the extensions. Note that this can be a colon-separated list of
|
|
# paths. For example:
|
|
# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
|
|
# The __path__ of quantum.extensions is appended to this, so if your
|
|
# extensions are in there you don't need to specify them here
|
|
# api_extensions_path =
|
|
|
|
# Quantum plugin provider module
|
|
# core_plugin =
|
|
|
|
# Advanced service modules
|
|
# service_plugins =
|
|
|
|
# Paste configuration file
|
|
api_paste_config = api-paste.ini
|
|
|
|
# The strategy to be used for auth.
|
|
# Supported values are 'keystone'(default), 'noauth'.
|
|
# auth_strategy = keystone
|
|
|
|
# Base MAC address. The first 3 octets will remain unchanged. If the
|
|
# 4h octet is not 00, it will also used. The others will be
|
|
# randomly generated.
|
|
# 3 octet
|
|
# base_mac = fa:16:3e:00:00:00
|
|
# 4 octet
|
|
# base_mac = fa:16:3e:4f:00:00
|
|
|
|
# Maximum amount of retries to generate a unique MAC address
|
|
# mac_generation_retries = 16
|
|
|
|
# DHCP Lease duration (in seconds)
|
|
# dhcp_lease_duration = 120
|
|
|
|
# Enable or disable bulk create/update/delete operations
|
|
# allow_bulk = True
|
|
# Enable or disable overlapping IPs for subnets
|
|
# Attention: the following parameter MUST be set to False if Quantum is
|
|
# being used in conjunction with nova security groups and/or metadata service.
|
|
# allow_overlapping_ips = False
|
|
# Ensure that configured gateway is on subnet
|
|
# force_gateway_on_subnet = False
|
|
|
|
|
|
# RPC configuration options. Defined in rpc __init__
|
|
# The messaging module to use, defaults to kombu.
|
|
# rpc_backend = quantum.openstack.common.rpc.impl_kombu
|
|
# Size of RPC thread pool
|
|
# rpc_thread_pool_size = 64,
|
|
# Size of RPC connection pool
|
|
# rpc_conn_pool_size = 30
|
|
# Seconds to wait for a response from call or multicall
|
|
# rpc_response_timeout = 60
|
|
# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
|
|
# rpc_cast_timeout = 30
|
|
# Modules of exceptions that are permitted to be recreated
|
|
# upon receiving exception data from an rpc call.
|
|
# allowed_rpc_exception_modules = quantum.openstack.common.exception, nova.exception
|
|
# AMQP exchange to connect to if using RabbitMQ or QPID
|
|
control_exchange = quantum
|
|
|
|
# If passed, use a fake RabbitMQ provider
|
|
# fake_rabbit = False
|
|
|
|
# Configuration options if sending notifications via kombu rpc (these are
|
|
# the defaults)
|
|
# SSL version to use (valid only if SSL enabled)
|
|
# kombu_ssl_version =
|
|
# SSL key file (valid only if SSL enabled)
|
|
# kombu_ssl_keyfile =
|
|
# SSL cert file (valid only if SSL enabled)
|
|
# kombu_ssl_certfile =
|
|
# SSL certification authority file (valid only if SSL enabled)'
|
|
# kombu_ssl_ca_certs =
|
|
# IP address of the RabbitMQ installation
|
|
# rabbit_host = localhost
|
|
# Password of the RabbitMQ server
|
|
# rabbit_password = guest
|
|
# Port where RabbitMQ server is running/listening
|
|
# rabbit_port = 5672
|
|
# User ID used for RabbitMQ connections
|
|
# rabbit_userid = guest
|
|
# Location of a virtual RabbitMQ installation.
|
|
# rabbit_virtual_host = /
|
|
# Maximum retries with trying to connect to RabbitMQ
|
|
# (the default of 0 implies an infinite retry count)
|
|
# rabbit_max_retries = 0
|
|
# RabbitMQ connection retry interval
|
|
# rabbit_retry_interval = 1
|
|
|
|
# QPID
|
|
# rpc_backend=quantum.openstack.common.rpc.impl_qpid
|
|
# Qpid broker hostname
|
|
# qpid_hostname = localhost
|
|
# Qpid broker port
|
|
# qpid_port = 5672
|
|
# Username for qpid connection
|
|
# qpid_username = ''
|
|
# Password for qpid connection
|
|
# qpid_password = ''
|
|
# Space separated list of SASL mechanisms to use for auth
|
|
# qpid_sasl_mechanisms = ''
|
|
# Seconds between connection keepalive heartbeats
|
|
# qpid_heartbeat = 60
|
|
# Transport to use, either 'tcp' or 'ssl'
|
|
# qpid_protocol = tcp
|
|
# Disable Nagle algorithm
|
|
# qpid_tcp_nodelay = True
|
|
|
|
# ZMQ
|
|
# rpc_backend=quantum.openstack.common.rpc.impl_zmq
|
|
# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
|
|
# The "host" option should point or resolve to this address.
|
|
# rpc_zmq_bind_address = *
|
|
|
|
# ============ Notification System Options =====================
|
|
|
|
# Notifications can be sent when network/subnet/port are create, updated or deleted.
|
|
# There are three methods of sending notifications: logging (via the
|
|
# log_file directive), rpc (via a message queue) and
|
|
# noop (no notifications sent, the default)
|
|
|
|
# Notification_driver can be defined multiple times
|
|
# Do nothing driver
|
|
# notification_driver = quantum.openstack.common.notifier.no_op_notifier
|
|
# Logging driver
|
|
# notification_driver = quantum.openstack.common.notifier.log_notifier
|
|
# RPC driver. DHCP agents needs it.
|
|
notification_driver = quantum.openstack.common.notifier.rpc_notifier
|
|
|
|
# default_notification_level is used to form actual topic name(s) or to set logging level
|
|
default_notification_level = INFO
|
|
|
|
# default_publisher_id is a part of the notification payload
|
|
# host = myhost.com
|
|
# default_publisher_id = $host
|
|
|
|
# Defined in rpc_notifier, can be comma separated values.
|
|
# The actual topic names will be %s.%(default_notification_level)s
|
|
notification_topics = notifications
|
|
|
|
[QUOTAS]
|
|
# resource name(s) that are supported in quota features
|
|
# quota_items = network,subnet,port
|
|
|
|
# default number of resource allowed per tenant, minus for unlimited
|
|
# default_quota = -1
|
|
|
|
# number of networks allowed per tenant, and minus means unlimited
|
|
# quota_network = 10
|
|
|
|
# number of subnets allowed per tenant, and minus means unlimited
|
|
# quota_subnet = 10
|
|
|
|
# number of ports allowed per tenant, and minus means unlimited
|
|
# quota_port = 50
|
|
|
|
# default driver to use for quota checks
|
|
# quota_driver = quantum.quota.ConfDriver
|
|
|
|
[DEFAULT_SERVICETYPE]
|
|
# Description of the default service type (optional)
|
|
# description = "default service type"
|
|
# Enter a service definition line for each advanced service provided
|
|
# by the default service type.
|
|
# Each service definition should be in the following format:
|
|
# <service>:<plugin>[:driver]
|
|
|
|
[SECURITYGROUP]
|
|
# If set to true this allows quantum to receive proxied security group calls from nova
|
|
# proxy_mode = False
|
|
|
|
[AGENT]
|
|
# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
|
|
# root filter facility.
|
|
# Change to "sudo" to skip the filtering and just run the comand directly
|
|
# root_helper = sudo
|
|
|
|
[keystone_authtoken]
|
|
auth_host = 127.0.0.1
|
|
auth_port = 35357
|
|
auth_protocol = http
|
|
admin_tenant_name = %SERVICE_TENANT_NAME%
|
|
admin_user = %SERVICE_USER%
|
|
admin_password = %SERVICE_PASSWORD%
|
|
signing_dir = /var/lib/quantum/keystone-signing
|