[DEFAULT] # Show more verbose log output (sets INFO log level output) #verbose = False # Show debugging output in logs (sets DEBUG log level output) #debug = False # Address to bind the API server bind_host = 0.0.0.0 # Port the bind the API server to bind_port = 19393 # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. log_file = /var/log/escalator/api.log # Backlog requests when creating socket backlog = 4096 # TCP_KEEPIDLE value in seconds when creating socket. # Not supported on OS X. #tcp_keepidle = 600 # The number of child process workers that will be # created to service API requests. The default will be # equal to the number of CPUs available. (integer value) workers = 1 # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large tokens # (typically those generated by the Keystone v3 API with big service # catalogs) # max_header_line = 16384 # Role used to identify an authenticated user as administrator #admin_role = admin # Allow unauthenticated users to access the API with read-only # privileges. This only applies when using ContextMiddleware. #allow_anonymous_access = False # Property Protections config file # This file contains the rules for property protections and the roles/policies # associated with it. # If this config value is not specified, by default, property protections # won't be enforced. # If a value is specified and the file is not found, then the escalator-api # service will not start. #property_protection_file = # Specify whether 'roles' or 'policies' are used in the # property_protection_file. # The default value for property_protection_rule_format is 'roles'. #property_protection_rule_format = roles # Public url to use for versions endpoint. The default is None, # which will use the request's host_url attribute to populate the URL base. # If Escalator is operating behind a proxy, you will want to change this to # represent the proxy's URL. #public_endpoint= # http_keepalive option. If False, server will return the header # "Connection: close", If True, server will return "Connection: Keep-Alive" # in its responses. In order to close the client socket connection # explicitly after the response is sent and read successfully by the client, # you simply have to set this option to False when you create a wsgi server. #http_keepalive = True # ================= Syslog Options ============================ # Send logs to syslog (/dev/log) instead of to file specified # by `log_file` #use_syslog = False # Facility to use. If unset defaults to LOG_USER. #syslog_log_facility = LOG_LOCAL0 # ================= SSL Options =============================== # Certificate file to use when starting API server securely #cert_file = /path/to/certfile # Private key file to use when starting API server securely #key_file = /path/to/keyfile # CA certificate file to use to verify connecting clients #ca_file = /path/to/cafile # ================= Security Options ========================== # AES key for encrypting store 'location' metadata, including # -- if used -- Swift or S3 credentials # Should be set to a random string of length 16, 24 or 32 bytes #metadata_encryption_key = <16, 24 or 32 char registry metadata key> # Digest algorithm which will be used for digital signature, the default is # sha1 in Kilo for a smooth upgrade process, and it will be updated with # sha256 in next release(L). Use command # "openssl list-message-digest-algorithms" to get the available algorithms # supported by the version of OpenSSL on the platform. Examples are 'sha1', # 'sha256', 'sha512', etc. #digest_algorithm = sha1 # ============ Notification System Options ===================== # Driver or drivers to handle sending notifications. Set to # 'messaging' to send notifications to a message queue. # notification_driver = noop # Default publisher_id for outgoing notifications. # default_publisher_id = image.localhost # List of disabled notifications. A notification can be given either as a # notification type to disable a single event, or as a notification group # prefix to disable all events within a group. # Example: if this config option is set to # ["image.create", "metadef_namespace"], then "image.create" notification will # not be sent after image is created and none of the notifications for # metadefinition namespaces will be sent. # disabled_notifications = [] # Messaging driver used for 'messaging' notifications driver # rpc_backend = 'rabbit' # Configuration options if sending notifications via rabbitmq (these are # the defaults) rabbit_host = localhost rabbit_port = 5672 rabbit_use_ssl = false rabbit_userid = guest rabbit_password = guest rabbit_virtual_host = / rabbit_notification_exchange = escalator rabbit_notification_topic = notifications rabbit_durable_queues = False # Configuration options if sending notifications via Qpid (these are # the defaults) qpid_notification_exchange = escalator qpid_notification_topic = notifications qpid_hostname = localhost qpid_port = 5672 qpid_username = qpid_password = qpid_sasl_mechanisms = qpid_reconnect_timeout = 0 qpid_reconnect_limit = 0 qpid_reconnect_interval_min = 0 qpid_reconnect_interval_max = 0 qpid_reconnect_interval = 0 qpid_heartbeat = 5 # Set to 'ssl' to enable SSL qpid_protocol = tcp qpid_tcp_nodelay = True # ============ Delayed Delete Options ============================= # Turn on/off delayed delete delayed_delete = False # Delayed delete time in seconds scrub_time = 43200 # =============== Policy Options ================================== [oslo_policy] # The JSON file that defines policies. # Deprecated group/name - [DEFAULT]/policy_file #policy_file = policy.json # Default rule. Enforced when a requested rule is not found. # Deprecated group/name - [DEFAULT]/policy_default_rule #policy_default_rule = default # Directories where policy configuration files are stored. # They can be relative to any directory in the search path # defined by the config_dir option, or absolute paths. # The file defined by policy_file must exist for these # directories to be searched. # Deprecated group/name - [DEFAULT]/policy_dirs #policy_dirs = policy.d # =============== Database Options ================================= identity_uri = http://127.0.0.1:35357 admin_tenant_name = %SERVICE_TENANT_NAME% admin_user = %SERVICE_USER% admin_password = %SERVICE_PASSWORD% revocation_cache_time = 10 # Partial name of a pipeline in your paste configuration file with the # service name removed. For example, if your paste section name is # [pipeline:escalator-api-keystone], you would configure the flavor below # as 'keystone'. #flavor= [profiler] # If False fully disable profiling feature. #enabled = False # ============ Sheepdog Store Options ============================= sheepdog_store_address = localhost sheepdog_store_port = 7000 # Images will be chunked into objects of this size (in megabytes). # For best performance, this should be a power of two