diff --git a/.kitchen.yml b/.kitchen.yml
index 9c76e39..bb78fa4 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -15,18 +15,23 @@
   grains:
     noservices: True
   dependencies:
-    - name: keystone
+    - name: linux
       repo: git
-      source: https://github.com/salt-formulas/salt-formula-keystone
+      source: https://github.com/salt-formulas/salt-formula-linux
   state_top:
     base:
       "*":
+        - linux.system
         - ceilometer
   pillars:
     top.sls:
       base:
         "*":
+          - linux_repo_openstack
           - ceilometer
+          - release
+  pillars-from-files:
+    linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%= ENV['OS_VERSION'] || 'pike' %>.sls
 
 verifier:
   name: inspec
@@ -44,19 +49,92 @@
     provisioner:
       pillars-from-files:
         ceilometer.sls: tests/pillar/agent_cluster.sls
+      pillars:
+        release.sls:
+          ceilometer:
+            agent:
+              version: <%= ENV['OS_VERSION'] || 'pike' %>
 
   - name: agent_single
     provisioner:
       pillars-from-files:
         ceilometer.sls: tests/pillar/agent_single.sls
+      pillars:
+        release.sls:
+          ceilometer:
+            agent:
+              version: <%= ENV['OS_VERSION'] || 'pike' %>
 
   - name: server_cluster
     provisioner:
       pillars-from-files:
         ceilometer.sls: tests/pillar/server_cluster.sls
+      pillars:
+        release.sls:
+          ceilometer:
+            server:
+              version: <%= ENV['OS_VERSION'] || 'pike' %>
 
   - name: server_single
     provisioner:
       pillars-from-files:
         ceilometer.sls: tests/pillar/server_single.sls
+      pillars:
+        release.sls:
+          ceilometer:
+            server:
+              version: <%= ENV['OS_VERSION'] || 'pike' %>
+
+  - name: server_cluster_ssl
+    provisioner:
+      pillars-from-files:
+        ceilometer.sls: tests/pillar/server_cluster.sls
+      pillars:
+        release.sls:
+          ceilometer:
+            server:
+              version: <%= ENV['OS_VERSION'] || 'pike' %>
+        ssl.sls:
+          ceilometer:
+            server:
+              identity:
+                protocol: https
+              message_queue:
+                port: 5671
+                ssl:
+                  enabled: True
+        top.sls:
+          base:
+            "*":
+              - linux_repo_openstack
+              - ceilometer
+              - release
+              - ssl
+
+  - name: agent_cluster_ssl
+    provisioner:
+      pillars-from-files:
+        ceilometer.sls: tests/pillar/agent_cluster.sls
+      pillars:
+        release.sls:
+          ceilometer:
+            agent:
+              version: <%= ENV['OS_VERSION'] || 'pike' %>
+        ssl.sls:
+          ceilometer:
+            agent:
+              identity:
+                protocol: https
+              message_queue:
+                port: 5671
+                ssl:
+                  enabled: True
+        top.sls:
+          base:
+            "*":
+              - linux_repo_openstack
+              - ceilometer
+              - release
+              - ssl
+
 # vim: ft=yaml sw=2 ts=2 sts=2 tw=125
diff --git a/.travis.yml b/.travis.yml
index b0fafdf..f345b8f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -17,18 +17,26 @@
   - bundle install
 
 env:
-    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=agent-cluster
-    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=agent-single
-    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=server-cluster
-    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 SUITE=server-single
-    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=agent-cluster
-    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=agent-single
-    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=server-cluster
-    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 SUITE=server-single
-#    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=agent-cluster
-#    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=agent-single
-#    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=server-cluster
-#    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-bionic-salt-2017.7 SUITE=server-single
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OS_VERSION=ocata SUITE=agent_cluster
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OS_VERSION=ocata SUITE=agent_single
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OS_VERSION=pike SUITE=agent_cluster
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OS_VERSION=pike SUITE=agent_single
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OS_VERSION=ocata SUITE=server_cluster
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OS_VERSION=ocata SUITE=server_single
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OS_VERSION=pike SUITE=server_cluster
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OS_VERSION=pike SUITE=server_single
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OS_VERSION=pike SUITE=server_cluster_ssl
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OS_VERSION=pike SUITE=agent_cluster_ssl
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=ocata SUITE=agent_cluster
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=ocata SUITE=agent_single
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=pike SUITE=agent_cluster
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=pike SUITE=agent_single
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=ocata SUITE=server_cluster
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=ocata SUITE=server_single
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=pike SUITE=server_cluster
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=pike SUITE=server_single
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=pike SUITE=server_cluster_ssl
+    - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OS_VERSION=pike SUITE=agent_cluster_ssl
 
 before_script:
   - set -o pipefail
diff --git a/ceilometer/agent.sls b/ceilometer/agent.sls
index 1e2769f..c4c5ffa 100644
--- a/ceilometer/agent.sls
+++ b/ceilometer/agent.sls
@@ -5,8 +5,9 @@
   pkg.installed:
   - names: {{ agent.pkgs }}
 
-/etc/ceilometer/ceilometer.conf:
+ceilometer_agent_conf:
   file.managed:
+  - name: /etc/ceilometer/ceilometer.conf
   - source: salt://ceilometer/files/{{ agent.version }}/ceilometer-agent.conf.{{ grains.os_family }}
   - template: jinja
   - require:
@@ -70,8 +71,9 @@
 
 {%- endfor %}
 
-/etc/ceilometer/pipeline.yaml:
+ceilometer_agent_pipeline:
   file.managed:
+  - name: /etc/ceilometer/pipeline.yaml
   - source: salt://ceilometer/files/{{ agent.version }}/pipeline.yaml
   - template: jinja
   - require:
@@ -79,8 +81,9 @@
 
 {%- if agent.version != "kilo" %}
 
-/etc/ceilometer/event_pipeline.yaml:
+ceilometer_agent_event_pipeline:
   file.managed:
+  - name: /etc/ceilometer/event_pipeline.yaml
   - source: salt://ceilometer/files/{{ agent.version }}/event_pipeline.yaml
   - template: jinja
   - require:
@@ -90,12 +93,37 @@
 
 {%- endif %}
 
+{%- if agent.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbitmq_ca_ceilometer_agent:
+{%- if agent.message_queue.ssl.cacert is defined %}
+  file.managed:
+    - name: {{ agent.message_queue.ssl.cacert_file }}
+    - contents_pillar: ceilometer:agent:message_queue:ssl:cacert
+    - mode: 0444
+    - makedirs: true
+    - require_in:
+      - file: ceilometer_agent_conf
+    - watch_in:
+      - ceilometer_agent_services
+{%- else %}
+  file.exists:
+   - name: {{ agent.message_queue.ssl.get('cacert_file', agent.cacert_file) }}
+   - require_in:
+     - file: ceilometer_agent_conf
+   - watch_in:
+      - ceilometer_agent_services
+{%- endif %}
+{%- endif %}
+
 ceilometer_agent_services:
   service.running:
   - names: {{ agent.services }}
   - enable: true
+  {%- if grains.get('noservices') %}
+  - onlyif: /bin/false
+  {%- endif %}
   - watch:
-    - file: /etc/ceilometer/ceilometer.conf
-    - file: /etc/ceilometer/pipeline.yaml
+    - file: ceilometer_agent_conf
+    - file: ceilometer_agent_pipeline
 
 {%- endif %}
diff --git a/ceilometer/files/newton/ceilometer-agent.conf.Debian b/ceilometer/files/newton/ceilometer-agent.conf.Debian
index 3c8df67..6af000b 100644
--- a/ceilometer/files/newton/ceilometer-agent.conf.Debian
+++ b/ceilometer/files/newton/ceilometer-agent.conf.Debian
@@ -397,7 +397,7 @@
 interface=internalURL
 
 {%- if agent.cache is defined %}
-memcached_agents={%- for member in agent.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
+memcached_servers={%- for member in agent.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
 {%- endif %}
 
 # Complete public Identity API endpoint. (string value)
diff --git a/ceilometer/files/ocata/ceilometer-agent.conf.Debian b/ceilometer/files/ocata/ceilometer-agent.conf.Debian
index b69c9d2..f16eed1 100644
--- a/ceilometer/files/ocata/ceilometer-agent.conf.Debian
+++ b/ceilometer/files/ocata/ceilometer-agent.conf.Debian
@@ -938,7 +938,7 @@
 interface = internal
 
 {%- if agent.cache is defined %}
-memcached_agents = {%- for member in agent.cache.members %}{{ member.host }}:{{ member.get('port', '11211') }}{% if not loop.last %},{% endif %}{%- endfor %}
+memcached_servers = {%- for member in agent.cache.members %}{{ member.host }}:{{ member.get('port', '11211') }}{% if not loop.last %},{% endif %}{%- endfor %}
 {%- else %}
 token_cache_time = -1
 {%- endif %}
diff --git a/ceilometer/files/pike/ceilometer-agent.conf.Debian b/ceilometer/files/pike/ceilometer-agent.conf.Debian
index b69c9d2..7b3d4ac 100644
--- a/ceilometer/files/pike/ceilometer-agent.conf.Debian
+++ b/ceilometer/files/pike/ceilometer-agent.conf.Debian
@@ -1,2205 +1,64 @@
 {%- from "ceilometer/map.jinja" import agent with context -%}
 [DEFAULT]
 
-#
-# From ceilometer
-#
-
-# To reduce polling agent load, samples are sent to the notification agent in a
-# batch. To gain higher throughput at the cost of load set this to False.
-# (boolean value)
-#batch_polled_samples = true
-
-# To reduce large requests at same time to Nova or other components from
-# different compute agents, shuffle start time of polling task. (integer value)
-#shuffle_time_before_polling_task = 0
-
-# Configuration file for WSGI definition of API. (string value)
-#api_paste_config = api_paste.ini
-
-# Inspector to use for inspecting the hypervisor layer. Known inspectors are
-# libvirt, hyperv, vsphere, xenapi and powervm. (string value)
-#hypervisor_inspector = libvirt
-
-# Libvirt domain type. (string value)
-# Allowed values: kvm, lxc, qemu, uml, xen
-#libvirt_type = kvm
-
-# Override the default libvirt URI (which is dependent on libvirt_type).
-# (string value)
-#libvirt_uri =
-
-# Dispatchers to process metering data. (multi valued)
-# Deprecated group/name - [DEFAULT]/dispatcher
-#meter_dispatchers =
-
-# Dispatchers to process event data. (multi valued)
-# Deprecated group/name - [DEFAULT]/dispatcher
-#event_dispatchers =
-
-# Exchange name for Ironic notifications. (string value)
-#ironic_exchange = ironic
-
-# Exchanges name to listen for notifications. (multi valued)
-#http_control_exchanges = nova
-#http_control_exchanges = glance
-#http_control_exchanges = neutron
-#http_control_exchanges = cinder
-
-# DEPRECATED: Allow novaclient's debug log output. (Use default_log_levels
-# instead) (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#nova_http_log_debug = false
-
-# Swift reseller prefix. Must be on par with reseller_prefix in proxy-
-# server.conf. (string value)
-#reseller_prefix = AUTH_
-
-# Configuration file for pipeline definition. (string value)
-#pipeline_cfg_file = pipeline.yaml
-
-# Configuration file for event pipeline definition. (string value)
-#event_pipeline_cfg_file = event_pipeline.yaml
-
-# Refresh Pipeline configuration on-the-fly. (boolean value)
-#refresh_pipeline_cfg = false
-
-# Refresh Event Pipeline configuration on-the-fly. (boolean value)
-#refresh_event_pipeline_cfg = false
-
-# Polling interval for pipeline file configuration in seconds. (integer value)
-#pipeline_polling_interval = 20
-
-# Source for samples emitted on this instance. (string value)
-#sample_source = openstack
-
-# List of metadata prefixes reserved for metering use. (list value)
-#reserved_metadata_namespace = metering.
-
-# Limit on length of reserved metadata values. (integer value)
-#reserved_metadata_length = 256
-
-# List of metadata keys reserved for metering use. And these keys are
-# additional to the ones included in the namespace. (list value)
-#reserved_metadata_keys =
-
-# Path to the rootwrap configuration file to use for running commands as root
-# (string value)
-#rootwrap_config = /etc/ceilometer/rootwrap.conf
-
-# Exchange name for Nova notifications. (string value)
-#nova_control_exchange = nova
-
-# Exchange name for Neutron notifications. (string value)
-#neutron_control_exchange = neutron
-
-# Exchange name for Heat notifications (string value)
-#heat_control_exchange = heat
-
-# Exchange name for Glance notifications. (string value)
-#glance_control_exchange = glance
-
-# Exchange name for Keystone notifications. (string value)
-#keystone_control_exchange = keystone
-
-# Exchange name for Cinder notifications. (string value)
-#cinder_control_exchange = cinder
-
-# Exchange name for Data Processing notifications. (string value)
-#sahara_control_exchange = sahara
-
-# Exchange name for Swift notifications. (string value)
-#swift_control_exchange = swift
-
-# Exchange name for Magnum notifications. (string value)
-#magnum_control_exchange = magnum
-
-# Exchange name for DBaaS notifications. (string value)
-#trove_control_exchange = trove
-
-# Exchange name for Messaging service notifications. (string value)
-#zaqar_control_exchange = zaqar
-
-# Exchange name for DNS service notifications. (string value)
-#dns_control_exchange = central
-
-# Exchange name for ceilometer notifications. (string value)
-#ceilometer_control_exchange = ceilometer
-
-# Name of this node, which must be valid in an AMQP key. Can be an opaque
-# identifier. For ZeroMQ only, must be a valid host name, FQDN, or IP address.
-# (string value)
-#host = <your_hostname>
-
-# Timeout seconds for HTTP requests. Set it to None to disable timeout.
-# (integer value)
-#http_timeout = 600
-
-#
-# From oslo.log
-#
-
-# If set to true, the logging level will be set to DEBUG instead of the default
-# INFO level. (boolean value)
-# Note: This option can be changed without restarting.
-#debug = false
-debug = false
-
-# DEPRECATED: If set to false, the logging level will be set to WARNING instead
-# of the default INFO level. (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#verbose = true
-
-# The name of a logging configuration file. This file is appended to any
-# existing logging configuration files. For details about logging configuration
-# files, see the Python logging module documentation. Note that when logging
-# configuration files are used then all logging configuration is set in the
-# configuration file and other logging configuration options are ignored (for
-# example, logging_context_format_string). (string value)
-# Note: This option can be changed without restarting.
-# Deprecated group/name - [DEFAULT]/log_config
-#log_config_append = <None>
-
-# Defines the format string for %%(asctime)s in log records. Default:
-# %(default)s . This option is ignored if log_config_append is set. (string
-# value)
-#log_date_format = %Y-%m-%d %H:%M:%S
-
-# (Optional) Name of log file to send logging output to. If no default is set,
-# logging will go to stderr as defined by use_stderr. This option is ignored if
-# log_config_append is set. (string value)
-# Deprecated group/name - [DEFAULT]/logfile
-#log_file = <None>
-
-# (Optional) The base directory used for relative log_file  paths. This option
-# is ignored if log_config_append is set. (string value)
-# Deprecated group/name - [DEFAULT]/logdir
-#log_dir = <None>
-
-# Uses logging handler designed to watch file system. When log file is moved or
-# removed this handler will open a new log file with specified path
-# instantaneously. It makes sense only if log_file option is specified and
-# Linux platform is used. This option is ignored if log_config_append is set.
-# (boolean value)
-#watch_log_file = false
-
-# Use syslog for logging. Existing syslog format is DEPRECATED and will be
-# changed later to honor RFC5424. This option is ignored if log_config_append
-# is set. (boolean value)
-#use_syslog = false
-
-# Syslog facility to receive log lines. This option is ignored if
-# log_config_append is set. (string value)
-#syslog_log_facility = LOG_USER
-
-# Log output to standard error. This option is ignored if log_config_append is
-# set. (boolean value)
-#use_stderr = false
-
-# Format string to use for log messages with context. (string value)
-#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
-
-# Format string to use for log messages when context is undefined. (string
-# value)
-#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
-
-# Additional data to append to log message when logging level for the message
-# is DEBUG. (string value)
-#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
-
-# Prefix each line of exception output with this format. (string value)
-#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
-
-# Defines the format string for %(user_identity)s that is used in
-# logging_context_format_string. (string value)
-#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
-
-# List of package logging levels in logger=LEVEL pairs. This option is ignored
-# if log_config_append is set. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
-
-# Enables or disables publication of error events. (boolean value)
-#publish_errors = false
-
-# The format for an instance that is passed with the log message. (string
-# value)
-#instance_format = "[instance: %(uuid)s] "
-
-# The format for an instance UUID that is passed with the log message. (string
-# value)
-#instance_uuid_format = "[instance: %(uuid)s] "
-
-# Interval, number of seconds, of log rate limiting. (integer value)
-#rate_limit_interval = 0
-
-# Maximum number of logged messages per rate_limit_interval. (integer value)
-#rate_limit_burst = 0
-
-# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
-# or empty string. Logs with level greater or equal to rate_limit_except_level
-# are not filtered. An empty string means that all levels are filtered. (string
-# value)
-#rate_limit_except_level = CRITICAL
-
-# Enables or disables fatal status of deprecations. (boolean value)
-#fatal_deprecations = false
-
-#
-# From oslo.messaging
-#
-
-# Size of RPC connection pool. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
-#rpc_conn_pool_size = 30
-
-# The pool size limit for connections expiration policy (integer value)
-#conn_pool_min_size = 2
-
-# The time-to-live in sec of idle connections in the pool (integer value)
-#conn_pool_ttl = 1200
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address. (string value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Allowed values: redis, sentinel, dummy
-# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is
-# unlimited. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
-# "host" option, if running Nova. (string value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_host
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after
-# closing a socket. The default value of -1 specifies an infinite linger
-# period. The value of 0 specifies no linger period. Pending messages shall be
-# discarded immediately when the socket is closed. Positive values specify an
-# upper bound for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout
-# exception when timeout expired. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target
-# ( < 0 means no timeout). (integer value)
-# Deprecated group/name - [DEFAULT]/zmq_target_expire
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target.
-# (integer value)
-# Deprecated group/name - [DEFAULT]/zmq_target_update
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
-# value)
-# Deprecated group/name - [DEFAULT]/use_pub_sub
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-# Deprecated group/name - [DEFAULT]/use_router_proxy
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only
-# with use_router_proxy=False which means to use direct connections for direct
-# message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons.
-# This option is actual only in dynamic connections mode. (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
-# Minimum value: 1
-# Maximum value: 65536
-# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError.
-# (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Allowed values: json, msgpack
-# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping
-# a queue when server side disconnects. False means to keep queue and messages
-# even if server is disconnected, when the server appears we send all
-# accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
-# other negative value) means to skip any overrides and leave it to OS default;
-# 0 and 1 (or any other positive value) mean to disable and enable the option
-# respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit
-# is platform dependent, for example, seconds in Linux, milliseconds in Windows
-# etc. The default value of -1 (or any other negative value and 0) means to
-# skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote
-# end is not available. The default value of -1 (or any other negative value
-# and 0) means to skip any overrides and leave it to OS default. (integer
-# value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if
-# acknowledgement to the previous keepalive transmission is not received. The
-# unit is platform dependent, for example, seconds in Linux, milliseconds in
-# Windows etc. The default value of -1 (or any other negative value and 0)
-# means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is
-# not tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only
-# via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry
-# attempt this timeout is multiplied by some specified multiplier. (integer
-# value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer
-# value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred:
-# positive value N means at most N retries, 0 means no retries, None or -1 (or
-# any other negative values) mean to retry forever. This option is used only if
-# acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher
-# priority then the default publishers list taken from the matchmaker. (list
-# value)
-#subscribe_on =
+{%- if agent.debug is defined %}
+debug = {{ agent.debug }}
+{%- endif %}
 
-# Size of executor thread pool. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
-#executor_thread_pool_size = 64
 {%- if agent.message_queue.rpc_thread_pool_size is defined %}
 executor_thread_pool_size = {{ agent.message_queue.rpc_thread_pool_size }}
 {%- endif %}
-# Seconds to wait for a response from a call. (integer value)
-#rpc_response_timeout = 60
 
-# A URL representing the messaging driver to use and its full configuration.
-# (string value)
-#transport_url = <None>
+{%- set rabbit_port = agent.message_queue.get('port', 5671 if agent.message_queue.get('ssl',{}).get('enabled', False)  else 5672) %}
 {%- if agent.message_queue.members is defined %}
 transport_url = rabbit://{% for member in agent.message_queue.members -%}
-                             {{ agent.message_queue.user }}:{{ agent.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
+                             {{ agent.message_queue.user }}:{{ agent.message_queue.password }}@{{ member.host }}:{{  member.get('port', rabbit_port) }}
                              {%- if not loop.last -%},{%- endif -%}
                          {%- endfor -%}
                              /{{ agent.message_queue.virtual_host }}
 {%- else %}
-transport_url = rabbit://{{ agent.message_queue.user }}:{{ agent.message_queue.password }}@{{ agent.message_queue.host }}:{{ agent.message_queue.port }}/{{ agent.message_queue.virtual_host }}
+transport_url = rabbit://{{ agent.message_queue.user }}:{{ agent.message_queue.password }}@{{ agent.message_queue.host }}:{{ rabbit_port }}/{{ agent.message_queue.virtual_host }}
 {%- endif %}
-# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
-# include amqp and zmq. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rpc_backend = rabbit
-
-# The default exchange under which topics are scoped. May be overridden by an
-# exchange name specified in the transport_url option. (string value)
-#control_exchange = openstack
-
-#
-# From oslo.service.service
-#
-
-# Enable eventlet backdoor.  Acceptable values are 0, <port>, and
-# <start>:<end>, where 0 results in listening on a random tcp port number;
-# <port> results in listening on the specified port number (and not enabling
-# backdoor if that port is in use); and <start>:<end> results in listening on
-# the smallest unused port number within the specified range of port numbers.
-# The chosen port is displayed in the service's log file. (string value)
-#backdoor_port = <None>
-
-# Enable eventlet backdoor, using the provided path as a unix socket that can
-# receive connections. This option is mutually exclusive with 'backdoor_port'
-# in that only one should be provided. If both are provided then the existence
-# of this option overrides the usage of that option. (string value)
-#backdoor_socket = <None>
-
-# Enables or disables logging values of all registered options when starting a
-# service (at DEBUG level). (boolean value)
-#log_options = true
-
-# Specify a timeout after which a gracefully shutdown server will exit. Zero
-# value means endless wait. (integer value)
-#graceful_shutdown_timeout = 60
-
-
-[api]
-
-#
-# From ceilometer
-#
-
-# Default maximum number of items returned by API request. (integer value)
-# Minimum value: 1
-#default_api_return_limit = 100
-
-# Set True to disable resource/meter/sample URLs. Default autodetection by
-# querying keystone. (boolean value)
-#gnocchi_is_enabled = <None>
-
-# Set True to redirect alarms URLs to aodh. Default autodetection by querying
-# keystone. (boolean value)
-#aodh_is_enabled = <None>
-
-# The endpoint of Aodh to redirect alarms URLs to Aodh API. Default
-# autodetection by querying keystone. (string value)
-#aodh_url = <None>
-
-# Set True to redirect events URLs to Panko. Default autodetection by querying
-# keystone. (boolean value)
-#panko_is_enabled = <None>
-
-# The endpoint of Panko to redirect events URLs to Panko API. Default
-# autodetection by querying keystone. (string value)
-#panko_url = <None>
-
-
-[collector]
-
-#
-# From ceilometer
-#
-
-# Address to which the UDP socket is bound. Set to an empty string to disable.
-# (string value)
-#udp_address = 0.0.0.0
-
-# Port to which the UDP socket is bound. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#udp_port = 4952
-
-# Number of notification messages to wait before dispatching them (integer
-# value)
-#batch_size = 1
-
-# Number of seconds to wait before dispatching samples when batch_size is not
-# reached (None means indefinitely) (integer value)
-#batch_timeout = <None>
-
-# Number of workers for collector service. default value is 1. (integer value)
-# Minimum value: 1
-# Deprecated group/name - [DEFAULT]/collector_workers
-#workers = 1
-
 
 [compute]
 
-#
-# From ceilometer
-#
-
-# DEPRECATED: Enable work-load partitioning, allowing multiple compute agents
-# to be run simultaneously. (replaced by instance_discovery_method) (boolean
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#workload_partitioning = false
-
-# Ceilometer offers many methods to discover the instance running on a compute
-# node:
-# * naive: poll nova to get all instances
-# * workload_partitioning: poll nova to get instances of the compute
-# * libvirt_metadata: get instances from libvirt metadata   but without
-# instance metadata (recommended for Gnocchi   backend (string value)
-# Allowed values: naive, workload_partitioning, libvirt_metadata
-#instance_discovery_method = libvirt_metadata
 instance_discovery_method = {{ agent.get('discovery_method', 'libvirt_metadata') }}
 
-# New instances will be discovered periodically based on this option (in
-# seconds). By default, the agent discovers instances according to pipeline
-# polling interval. If option is greater than 0, the instance list to poll will
-# be updated based on this option's interval. Measurements relating to the
-# instances will match intervals defined in pipeline.  (integer value)
-# Minimum value: 0
-#resource_update_interval = 0
-
-# The expiry to totally refresh the instances resource cache, since the
-# instance may be migrated to another host, we need to clean the legacy
-# instances info in local cache by totally refreshing the local cache. The
-# minimum should be the value of the config option of resource_update_interval.
-# This option is only used for agent polling to Nova API, so it will works only
-# when 'instance_discovery_method' was set to 'naive'. (integer value)
-# Minimum value: 0
-#resource_cache_expiry = 3600
-
-
-[coordination]
-
-#
-# From ceilometer
-#
-
-# The backend URL to use for distributed coordination. If left empty, per-
-# deployment central agent and per-host compute agent won't do workload
-# partitioning and will only function correctly if a single instance of that
-# service is running. (string value)
-#backend_url = <None>
-
-# Number of seconds between heartbeats for distributed coordination. (floating
-# point value)
-#heartbeat = 1.0
-
-# Number of seconds between checks to see if group membership has changed
-# (floating point value)
-#check_watchers = 10.0
-
-# Retry backoff factor when retrying to connect with coordination backend
-# (integer value)
-#retry_backoff = 1
-
-# Maximum number of seconds between retry to join partitioning group (integer
-# value)
-#max_retry_interval = 30
-
-
-[cors]
-
-#
-# From oslo.middleware.cors
-#
-
-# Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
-# slash. Example: https://horizon.example.com (list value)
-#allowed_origin = <None>
-
-# Indicate that the actual request can include user credentials (boolean value)
-#allow_credentials = true
-
-# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
-# Headers. (list value)
-#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-Openstack-Request-Id
-
-# Maximum cache age of CORS preflight requests. (integer value)
-#max_age = 3600
-
-# Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,PUT,POST,DELETE,PATCH
-
-# Indicate which header field names may be used during the actual request.
-# (list value)
-#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-Openstack-Request-Id
-
-
-[cors.subdomain]
-
-#
-# From oslo.middleware.cors
-#
-
-# Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
-# slash. Example: https://horizon.example.com (list value)
-#allowed_origin = <None>
-
-# Indicate that the actual request can include user credentials (boolean value)
-#allow_credentials = true
-
-# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
-# Headers. (list value)
-#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-Openstack-Request-Id
-
-# Maximum cache age of CORS preflight requests. (integer value)
-#max_age = 3600
-
-# Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,PUT,POST,DELETE,PATCH
-
-# Indicate which header field names may be used during the actual request.
-# (list value)
-#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-Openstack-Request-Id
-
-
-[database]
-
-#
-# From ceilometer
-#
-
-# Number of seconds that samples are kept in the database for (<= 0 means
-# forever). (integer value)
-# Deprecated group/name - [database]/time_to_live
-#metering_time_to_live = -1
-
-# The connection string used to connect to the metering database. (if unset,
-# connection is used) (string value)
-#metering_connection = <None>
-
-# Indicates if expirer expires only samples. If set true, expired samples will
-# be deleted, but residual resource and meter definition data will remain.
-# (boolean value)
-#sql_expire_samples_only = false
-
-#
-# From oslo.db
-#
-
-# DEPRECATED: The file name to use with SQLite. (string value)
-# Deprecated group/name - [DEFAULT]/sqlite_db
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use config option connection or slave_connection to connect
-# the database.
-#sqlite_db = oslo.sqlite
-
-# If True, SQLite uses synchronous mode. (boolean value)
-# Deprecated group/name - [DEFAULT]/sqlite_synchronous
-#sqlite_synchronous = true
-
-# The back end to use for the database. (string value)
-# Deprecated group/name - [DEFAULT]/db_backend
-#backend = sqlalchemy
-
-# The SQLAlchemy connection string to use to connect to the database. (string
-# value)
-# Deprecated group/name - [DEFAULT]/sql_connection
-# Deprecated group/name - [DATABASE]/sql_connection
-# Deprecated group/name - [sql]/connection
-#connection = <None>
-
-# The SQLAlchemy connection string to use to connect to the slave database.
-# (string value)
-#slave_connection = <None>
-
-# The SQL mode to be used for MySQL sessions. This option, including the
-# default, overrides any server-set SQL mode. To use whatever SQL mode is set
-# by the server configuration, set this to no value. Example: mysql_sql_mode=
-# (string value)
-#mysql_sql_mode = TRADITIONAL
-
-# Timeout before idle SQL connections are reaped. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_idle_timeout
-# Deprecated group/name - [DATABASE]/sql_idle_timeout
-# Deprecated group/name - [sql]/idle_timeout
-#idle_timeout = 3600
-
-# Minimum number of SQL connections to keep open in a pool. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_min_pool_size
-# Deprecated group/name - [DATABASE]/sql_min_pool_size
-#min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool. Setting a value of
-# 0 indicates no limit. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_pool_size
-# Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size = 5
-
-# Maximum number of database connection retries during startup. Set to -1 to
-# specify an infinite retry count. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_retries
-# Deprecated group/name - [DATABASE]/sql_max_retries
-#max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_retry_interval
-# Deprecated group/name - [DATABASE]/reconnect_interval
-#retry_interval = 10
-
-# If set, use this value for max_overflow with SQLAlchemy. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_overflow
-# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow = 50
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
-# value)
-# Minimum value: 0
-# Maximum value: 100
-# Deprecated group/name - [DEFAULT]/sql_connection_debug
-#connection_debug = 0
-
-# Add Python stack traces to SQL as comment strings. (boolean value)
-# Deprecated group/name - [DEFAULT]/sql_connection_trace
-#connection_trace = false
-
-# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
-# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
-#pool_timeout = <None>
-
-# Enable the experimental use of database reconnect on connection lost.
-# (boolean value)
-#use_db_reconnect = false
-
-# Seconds between retries of a database transaction. (integer value)
-#db_retry_interval = 1
-
-# If True, increases the interval between retries of a database operation up to
-# db_max_retry_interval. (boolean value)
-#db_inc_retry_interval = true
-
-# If db_inc_retry_interval is set, the maximum seconds between retries of a
-# database operation. (integer value)
-#db_max_retry_interval = 10
-
-# Maximum retries in case of connection error or deadlock error before error is
-# raised. Set to -1 to specify an infinite retry count. (integer value)
-#db_max_retries = 20
-
-
-[dispatcher_file]
-
-#
-# From ceilometer
-#
-
-# Name and the location of the file to record meters. (string value)
-#file_path = <None>
-
-# The max size of the file. (integer value)
-#max_bytes = 0
-
-# The max number of the files to keep. (integer value)
-#backup_count = 0
-
-
-[dispatcher_gnocchi]
-
-#
-# From ceilometer
-#
-
-# Filter out samples generated by Gnocchi service activity (boolean value)
-#filter_service_activity = true
-
-# Gnocchi project used to filter out samples generated by Gnocchi service
-# activity (string value)
-#filter_project = gnocchi
-
-# The archive policy to use when the dispatcher create a new metric. (string
-# value)
-#archive_policy = <None>
-
-# The Yaml file that defines mapping between samples and gnocchi
-# resources/metrics (string value)
-#resources_definition_file = gnocchi_resources.yaml
-
-
-[dispatcher_http]
-
-#
-# From ceilometer
-#
-
-# The target where the http request will be sent. If this is not set, no data
-# will be posted. For example: target = http://hostname:1234/path (string
-# value)
-#target =
-
-# The target for event data where the http request will be sent to. If this is
-# not set, it will default to same as Sample target. (string value)
-#event_target = <None>
-
-# The max time in seconds to wait for a request to timeout. (integer value)
-#timeout = 5
-
-# The path to a server certificate or directory if the system CAs are not used
-# or if a self-signed certificate is used. Set to False to ignore SSL cert
-# verification. (string value)
-#verify_ssl = <None>
-
-# Indicates whether samples are published in a batch. (boolean value)
-#batch_mode = false
-
-
-[event]
-
-#
-# From ceilometer
-#
-
-# Configuration file for event definitions. (string value)
-#definitions_cfg_file = event_definitions.yaml
-
-# Drop notifications if no event definition matches. (Otherwise, we convert
-# them with just the default traits) (boolean value)
-#drop_unmatched_notifications = false
-
-# Store the raw notification for select priority levels (info and/or error). By
-# default, raw details are not captured. (multi valued)
-#store_raw =
-
-
-[hardware]
-
-#
-# From ceilometer
-#
-
-# URL scheme to use for hardware nodes. (string value)
-#url_scheme = snmp://
-
-# SNMPd user name of all nodes running in the cloud. (string value)
-#readonly_user_name = ro_snmp_user
-
-# SNMPd v3 authentication password of all the nodes running in the cloud.
-# (string value)
-#readonly_user_password = password
-
-# SNMPd v3 authentication algorithm of all the nodes running in the cloud
-# (string value)
-# Allowed values: md5, sha
-#readonly_user_auth_proto = <None>
-
-# SNMPd v3 encryption algorithm of all the nodes running in the cloud (string
-# value)
-# Allowed values: des, aes128, 3des, aes192, aes256
-#readonly_user_priv_proto = <None>
-
-# SNMPd v3 encryption password of all the nodes running in the cloud. (string
-# value)
-#readonly_user_priv_password = <None>
-
-# Name of the control plane Tripleo network (string value)
-#tripleo_network_name = ctlplane
-
-# Configuration file for defining hardware snmp meters. (string value)
-#meter_definitions_file = snmp.yaml
-
-
-[ipmi]
-
-#
-# From ceilometer
-#
-
-# Number of retries upon Intel Node Manager initialization failure (integer
-# value)
-#node_manager_init_retry = 3
-
-# Tolerance of IPMI/NM polling failures before disable this pollster. Negative
-# indicates retrying forever. (integer value)
-#polling_retry = 3
-
-
 [keystone_authtoken]
 
-#
-# From keystonemiddleware.auth_token
-#
-
 auth_type = password
 user_domain_id = {{ agent.identity.get('domain', 'default') }}
 project_domain_id = {{ agent.identity.get('domain', 'default') }}
 project_name = {{ agent.identity.tenant }}
 username = {{ agent.identity.user }}
 password = {{ agent.identity.password }}
-auth_uri = http://{{ agent.identity.host }}:5000
-auth_url = http://{{ agent.identity.host }}:35357
+auth_uri = {{ agent.identity.get('protocol', 'http') }}://{{ agent.identity.host }}:5000
+auth_url = {{ agent.identity.get('protocol', 'http') }}://{{ agent.identity.host }}:35357
 interface = internal
 
+{%- if agent.identity.get('protocol', 'http') == 'https' %}
+cafile={{ agent.identity.get('cacert_file', agent.cacert_file) }}
+{%- endif %}
+
 {%- if agent.cache is defined %}
-memcached_agents = {%- for member in agent.cache.members %}{{ member.host }}:{{ member.get('port', '11211') }}{% if not loop.last %},{% endif %}{%- endfor %}
+memcached_servers = {%- for member in agent.cache.members %}{{ member.host }}:{{ member.get('port', '11211') }}{% if not loop.last %},{% endif %}{%- endfor %}
 {%- else %}
 token_cache_time = -1
 {%- endif %}
 
-# Complete "public" Identity API endpoint. This endpoint should not be an
-# "admin" endpoint, as it should be accessible by all end users.
-# Unauthenticated clients are redirected to this endpoint to authenticate.
-# Although this endpoint should  ideally be unversioned, client support in the
-# wild varies.  If you're using a versioned v2 endpoint here, then this  should
-# *not* be the same endpoint the service user utilizes  for validating tokens,
-# because normal end users may not be  able to reach that endpoint. (string
-# value)
-#auth_uri = <None>
-
-# API version of the admin Identity API endpoint. (string value)
-#auth_version = <None>
-
-# Do not handle authorization requests within the middleware, but delegate the
-# authorization decision to downstream WSGI components. (boolean value)
-#delay_auth_decision = false
-
-# Request timeout value for communicating with Identity API server. (integer
-# value)
-#http_connect_timeout = <None>
-
-# How many times are we trying to reconnect when communicating with Identity
-# API Server. (integer value)
-#http_request_max_retries = 3
-
-# Request environment key where the Swift cache object is stored. When
-# auth_token middleware is deployed with a Swift cache, use this option to have
-# the middleware share a caching backend with swift. Otherwise, use the
-# ``memcached_servers`` option instead. (string value)
-#cache = <None>
-
-# Required if identity server requires client certificate (string value)
-#certfile = <None>
-
-# Required if identity server requires client certificate (string value)
-#keyfile = <None>
-
-# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
-# Defaults to system CAs. (string value)
-#cafile = <None>
-
-# Verify HTTPS connections. (boolean value)
-#insecure = false
-
-# The region in which the identity server can be found. (string value)
-#region_name = <None>
-
-# DEPRECATED: Directory used to cache files related to PKI tokens. This option
-# has been deprecated in the Ocata release and will be removed in the P
-# release. (string value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#signing_dir = <None>
-
-# Optionally specify a list of memcached server(s) to use for caching. If left
-# undefined, tokens will instead be cached in-process. (list value)
-# Deprecated group/name - [keystone_authtoken]/memcache_servers
-#memcached_servers = <None>
-
-# In order to prevent excessive effort spent validating tokens, the middleware
-# caches previously-seen tokens for a configurable duration (in seconds). Set
-# to -1 to disable caching completely. (integer value)
-#token_cache_time = 300
-
-# DEPRECATED: Determines the frequency at which the list of revoked tokens is
-# retrieved from the Identity service (in seconds). A high number of revocation
-# events combined with a low cache duration may significantly reduce
-# performance. Only valid for PKI tokens. This option has been deprecated in
-# the Ocata release and will be removed in the P release. (integer value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#revocation_cache_time = 10
-
-# (Optional) If defined, indicate whether token data should be authenticated or
-# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
-# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
-# cache. If the value is not one of these options or empty, auth_token will
-# raise an exception on initialization. (string value)
-# Allowed values: None, MAC, ENCRYPT
-#memcache_security_strategy = None
-
-# (Optional, mandatory if memcache_security_strategy is defined) This string is
-# used for key derivation. (string value)
-#memcache_secret_key = <None>
-
-# (Optional) Number of seconds memcached server is considered dead before it is
-# tried again. (integer value)
-#memcache_pool_dead_retry = 300
-
-# (Optional) Maximum total number of open connections to every memcached
-# server. (integer value)
-#memcache_pool_maxsize = 10
-
-# (Optional) Socket timeout in seconds for communicating with a memcached
-# server. (integer value)
-#memcache_pool_socket_timeout = 3
-
-# (Optional) Number of seconds a connection to memcached is held unused in the
-# pool before it is closed. (integer value)
-#memcache_pool_unused_timeout = 60
-
-# (Optional) Number of seconds that an operation will wait to get a memcached
-# client connection from the pool. (integer value)
-#memcache_pool_conn_get_timeout = 10
-
-# (Optional) Use the advanced (eventlet safe) memcached client pool. The
-# advanced pool will only work under python 2.x. (boolean value)
-#memcache_use_advanced_pool = false
-
-# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
-# middleware will not ask for service catalog on token validation and will not
-# set the X-Service-Catalog header. (boolean value)
-#include_service_catalog = true
-
-# Used to control the use and type of token binding. Can be set to: "disabled"
-# to not check token binding. "permissive" (default) to validate binding
-# information if the bind type is of a form known to the server and ignore it
-# if not. "strict" like "permissive" but if the bind type is unknown the token
-# will be rejected. "required" any form of token binding is needed to be
-# allowed. Finally the name of a binding method that must be present in tokens.
-# (string value)
-#enforce_token_bind = permissive
-
-# DEPRECATED: If true, the revocation list will be checked for cached tokens.
-# This requires that PKI tokens are configured on the identity server. (boolean
-# value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#check_revocations_for_cached = false
-
-# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
-# single algorithm or multiple. The algorithms are those supported by Python
-# standard hashlib.new(). The hashes will be tried in the order given, so put
-# the preferred one first for performance. The result of the first hash will be
-# stored in the cache. This will typically be set to multiple values only while
-# migrating from a less secure algorithm to a more secure one. Once all the old
-# tokens are expired this option should be set to a single value for better
-# performance. (list value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#hash_algorithms = md5
-
-# A choice of roles that must be present in a service token. Service tokens are
-# allowed to request that an expired token can be used and so this check should
-# tightly control that only actual services should be sending this token. Roles
-# here are applied as an ANY check so any role in this list must be present.
-# For backwards compatibility reasons this currently only affects the
-# allow_expired check. (list value)
-#service_token_roles = service
-
-# For backwards compatibility reasons we must let valid service tokens pass
-# that don't pass the service_token_roles check as valid. Setting this true
-# will become the default in a future release and should be enabled if
-# possible. (boolean value)
-#service_token_roles_required = false
-
-# Authentication type to load (string value)
-# Deprecated group/name - [keystone_authtoken]/auth_plugin
-#auth_type = <None>
-
-# Config Section from which to load plugin specific options (string value)
-#auth_section = <None>
-
-
-[matchmaker_redis]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Host to locate redis. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#host = 127.0.0.1
-
-# DEPRECATED: Use this port to connect to redis host. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#port = 6379
-
-# DEPRECATED: Password for Redis server (optional). (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#password =
-
-# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
-# [host:port, host1:port ... ] (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#sentinel_hosts =
-
-# Redis replica set name. (string value)
-#sentinel_group_name = oslo-messaging-zeromq
-
-# Time in ms to wait between connection attempts. (integer value)
-#wait_timeout = 2000
-
-# Time in ms to wait before the transaction is killed. (integer value)
-#check_timeout = 20000
-
-# Timeout in ms on blocking socket operations. (integer value)
-#socket_timeout = 10000
-
-
-[meter]
-
-#
-# From ceilometer
-#
-
-# Configuration file for defining meter notifications. (string value)
-#meter_definitions_cfg_file = meters.yaml
-
-
-[notification]
-
-#
-# From ceilometer
-#
-
-# Number of queues to parallelize workload across. This value should be larger
-# than the number of active notification agents for optimal results. WARNING:
-# Once set, lowering this value may result in lost data. (integer value)
-# Minimum value: 1
-#pipeline_processing_queues = 10
-
-# Acknowledge message when event persistence fails. (boolean value)
-# Deprecated group/name - [collector]/ack_on_event_error
-#ack_on_event_error = true
-
-# Enable workload partitioning, allowing multiple notification agents to be run
-# simultaneously. (boolean value)
-#workload_partitioning = false
-
-# Messaging URLs to listen for notifications. Example:
-# rabbit://user:pass@host1:port1[,user:pass@hostN:portN]/virtual_host
-# (DEFAULT/transport_url is used if empty). This is useful when you have
-# dedicate messaging nodes for each service, for example, all nova
-# notifications go to rabbit-nova:5672, while all cinder notifications go to
-# rabbit-cinder:5672. (multi valued)
-#messaging_urls =
-
-# Number of notification messages to wait before publishing them. Batching is
-# advised when transformations are applied in pipeline. (integer value)
-# Minimum value: 1
-#batch_size = 100
-
-# Number of seconds to wait before publishing samples when batch_size is not
-# reached (None means indefinitely) (integer value)
-#batch_timeout = 5
-
-# Number of workers for notification service, default value is 1. (integer
-# value)
-# Minimum value: 1
-# Deprecated group/name - [DEFAULT]/notification_workers
-#workers = 1
-
-
-[oslo_concurrency]
-
-#
-# From oslo.concurrency
-#
-
-# Enables or disables inter-process locks. (boolean value)
-# Deprecated group/name - [DEFAULT]/disable_process_locking
-#disable_process_locking = false
-
-# Directory to use for lock files.  For security, the specified directory
-# should only be writable by the user running the processes that need locking.
-# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used,
-# a lock path must be set. (string value)
-# Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
-
-
-[oslo_messaging_amqp]
-
-#
-# From oslo.messaging
-#
-
-# Name for the AMQP container. must be globally unique. Defaults to a generated
-# UUID (string value)
-# Deprecated group/name - [amqp1]/container_name
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-# Deprecated group/name - [amqp1]/idle_timeout
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-# Deprecated group/name - [amqp1]/trace
-#trace = false
-
-# CA certificate PEM file used to verify the server's certificate (string
-# value)
-# Deprecated group/name - [amqp1]/ssl_ca_file
-#ssl_ca_file =
-
-# Self-identifying certificate PEM file for client authentication (string
-# value)
-# Deprecated group/name - [amqp1]/ssl_cert_file
-#ssl_cert_file =
-
-# Private key PEM file used to sign ssl_cert_file certificate (optional)
-# (string value)
-# Deprecated group/name - [amqp1]/ssl_key_file
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-# Deprecated group/name - [amqp1]/ssl_key_password
-#ssl_key_password = <None>
-
-# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
-# Deprecated group/name - [amqp1]/allow_insecure_clients
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Not applicable - not a SSL server
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-# Deprecated group/name - [amqp1]/sasl_mechanisms
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string value)
-# Deprecated group/name - [amqp1]/sasl_config_dir
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-# Deprecated group/name - [amqp1]/sasl_config_name
-#sasl_config_name =
-
-# User name for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/username
-#username =
-
-# Password for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/password
-#password =
-
-# Seconds to pause before attempting to re-connect. (integer value)
-# Minimum value: 1
-#connection_retry_interval = 1
-
-# Increase the connection_retry_interval by this many seconds after each
-# unsuccessful failover attempt. (integer value)
-# Minimum value: 0
-#connection_retry_backoff = 2
-
-# Maximum limit for connection_retry_interval + connection_retry_backoff
-# (integer value)
-# Minimum value: 1
-#connection_retry_interval_max = 30
-
-# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
-# recoverable error. (integer value)
-# Minimum value: 1
-#link_retry_delay = 10
-
-# The maximum number of attempts to re-send a reply message which failed due to
-# a recoverable error. (integer value)
-# Minimum value: -1
-#default_reply_retry = 0
-
-# The deadline for an rpc reply message delivery. (integer value)
-# Minimum value: 5
-#default_reply_timeout = 30
-
-# The deadline for an rpc cast or call message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_send_timeout = 30
-
-# The deadline for a sent notification message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_notify_timeout = 30
-
-# The duration to schedule a purge of idle sender links. Detach link after
-# expiry. (integer value)
-# Minimum value: 1
-#default_sender_link_timeout = 600
-
-# Indicates the addressing mode used by the driver.
-# Permitted values:
-# 'legacy'   - use legacy non-routable addressing
-# 'routable' - use routable addresses
-# 'dynamic'  - use legacy addresses if the message bus does not support routing
-# otherwise use routable addressing (string value)
-#addressing_mode = dynamic
-
-# address prefix used when sending to a specific server (string value)
-# Deprecated group/name - [amqp1]/server_request_prefix
-#server_request_prefix = exclusive
-
-# address prefix used when broadcasting to all servers (string value)
-# Deprecated group/name - [amqp1]/broadcast_prefix
-#broadcast_prefix = broadcast
-
-# address prefix when sending to any server in group (string value)
-# Deprecated group/name - [amqp1]/group_request_prefix
-#group_request_prefix = unicast
-
-# Address prefix for all generated RPC addresses (string value)
-#rpc_address_prefix = openstack.org/om/rpc
-
-# Address prefix for all generated Notification addresses (string value)
-#notify_address_prefix = openstack.org/om/notify
-
-# Appended to the address prefix when sending a fanout message. Used by the
-# message bus to identify fanout messages. (string value)
-#multicast_address = multicast
-
-# Appended to the address prefix when sending to a particular RPC/Notification
-# server. Used by the message bus to identify messages sent to a single
-# destination. (string value)
-#unicast_address = unicast
-
-# Appended to the address prefix when sending to a group of consumers. Used by
-# the message bus to identify messages that should be delivered in a round-
-# robin fashion across consumers. (string value)
-#anycast_address = anycast
-
-# Exchange name used in notification addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_notification_exchange if set
-# else control_exchange if set
-# else 'notify' (string value)
-#default_notification_exchange = <None>
-
-# Exchange name used in RPC addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_rpc_exchange if set
-# else control_exchange if set
-# else 'rpc' (string value)
-#default_rpc_exchange = <None>
-
-# Window size for incoming RPC Reply messages. (integer value)
-# Minimum value: 1
-#reply_link_credit = 200
-
-# Window size for incoming RPC Request messages (integer value)
-# Minimum value: 1
-#rpc_server_credit = 100
-
-# Window size for incoming Notification messages (integer value)
-# Minimum value: 1
-#notify_server_credit = 100
-
-# Send messages of this type pre-settled.
-# Pre-settled messages will not receive acknowledgement
-# from the peer. Note well: pre-settled messages may be
-# silently discarded if the delivery fails.
-# Permitted values:
-# 'rpc-call' - send RPC Calls pre-settled
-# 'rpc-reply'- send RPC Replies pre-settled
-# 'rpc-cast' - Send RPC Casts pre-settled
-# 'notify'   - Send Notifications pre-settled
-#  (multi valued)
-#pre_settled = rpc-cast
-#pre_settled = rpc-reply
-
-
-[oslo_messaging_kafka]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Default Kafka broker Host (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_host = localhost
-
-# DEPRECATED: Default Kafka broker Port (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_port = 9092
-
-# Max fetch bytes of Kafka consumer (integer value)
-#kafka_max_fetch_bytes = 1048576
-
-# Default timeout(s) for Kafka consumers (integer value)
-#kafka_consumer_timeout = 1.0
-
-# Pool Size for Kafka Consumers (integer value)
-#pool_size = 10
-
-# The pool size limit for connections expiration policy (integer value)
-#conn_pool_min_size = 2
-
-# The time-to-live in sec of idle connections in the pool (integer value)
-#conn_pool_ttl = 1200
-
-# Group id for Kafka consumer. Consumers in one group will coordinate message
-# consumption (string value)
-#consumer_group = oslo_messaging_consumer
-
-# Upper bound on the delay for KafkaProducer batching in seconds (floating
-# point value)
-#producer_batch_timeout = 0.0
-
-# Size of batch for the producer async send (integer value)
-#producer_batch_size = 16384
-
-
 [oslo_messaging_notifications]
 
-#
-# From oslo.messaging
-#
-
-# The Drivers(s) to handle sending notifications. Possible values are
-# messaging, messagingv2, routing, log, test, noop (multi valued)
-# Deprecated group/name - [DEFAULT]/notification_driver
-#driver =
-
-# A URL representing the messaging driver to use for notifications. If not set,
-# we fall back to the same configuration used for RPC. (string value)
-# Deprecated group/name - [DEFAULT]/notification_transport_url
-#transport_url = <None>
-
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-# Deprecated group/name - [DEFAULT]/notification_topics
-#topics = notifications
 topics = notifications
 
-
-[oslo_messaging_rabbit]
-
-#
-# From oslo.messaging
-#
-
-# Use durable queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/amqp_durable_queues
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues = false
-
-# Auto-delete queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/amqp_auto_delete
-#amqp_auto_delete = false
-
-# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
-# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
-# distributions. (string value)
-# Deprecated group/name - [DEFAULT]/kombu_ssl_version
-#kombu_ssl_version =
-
-# SSL key file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
-#kombu_ssl_keyfile =
-
-# SSL cert file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
-#kombu_ssl_certfile =
-
-# SSL certification authority file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
-#kombu_ssl_ca_certs =
-
-# How long to wait before reconnecting in response to an AMQP consumer cancel
-# notification. (floating point value)
-# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
-#kombu_reconnect_delay = 1.0
-
-# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
-# be used. This option may not be available in future versions. (string value)
-#kombu_compression = <None>
-
-# How long to wait a missing client before abandoning to send it its replies.
-# This value should not be longer than rpc_response_timeout. (integer value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
-#kombu_missing_consumer_retry_timeout = 60
-
-# Determines how the next RabbitMQ node is chosen in case the one we are
-# currently connected to becomes unavailable. Takes effect only if more than
-# one RabbitMQ node is provided in config. (string value)
-# Allowed values: round-robin, shuffle
-#kombu_failover_strategy = round-robin
-
-# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
-# value)
-# Deprecated group/name - [DEFAULT]/rabbit_host
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_host = localhost
-
-# DEPRECATED: The RabbitMQ broker port where a single node is used. (port
-# value)
-# Minimum value: 0
-# Maximum value: 65535
-# Deprecated group/name - [DEFAULT]/rabbit_port
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_port = 5672
-
-# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
-# Deprecated group/name - [DEFAULT]/rabbit_hosts
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_hosts = $rabbit_host:$rabbit_port
-
-# Connect over SSL for RabbitMQ. (boolean value)
-# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
-#rabbit_use_ssl = false
-
-# DEPRECATED: The RabbitMQ userid. (string value)
-# Deprecated group/name - [DEFAULT]/rabbit_userid
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_userid = guest
-
-# DEPRECATED: The RabbitMQ password. (string value)
-# Deprecated group/name - [DEFAULT]/rabbit_password
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_password = guest
-
-# The RabbitMQ login method. (string value)
-# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
-# Deprecated group/name - [DEFAULT]/rabbit_login_method
-#rabbit_login_method = AMQPLAIN
-
-# DEPRECATED: The RabbitMQ virtual host. (string value)
-# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_virtual_host = /
-
-# How frequently to retry connecting with RabbitMQ. (integer value)
-#rabbit_retry_interval = 1
-
-# How long to backoff for between retries when connecting to RabbitMQ. (integer
-# value)
-# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
-#rabbit_retry_backoff = 2
-
-# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
-# (integer value)
-#rabbit_interval_max = 30
-
-# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
-# (infinite retry count). (integer value)
-# Deprecated group/name - [DEFAULT]/rabbit_max_retries
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#rabbit_max_retries = 0
-
-# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
-# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
-# is no longer controlled by the x-ha-policy argument when declaring a queue.
-# If you just want to make sure that all queues (except those with auto-
-# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
-# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
-# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
-#rabbit_ha_queues = false
-
-# Positive integer representing duration in seconds for queue TTL (x-expires).
-# Queues which are unused for the duration of the TTL are automatically
-# deleted. The parameter affects only reply and fanout queues. (integer value)
-# Minimum value: 1
-#rabbit_transient_queues_ttl = 1800
-
-# Specifies the number of messages to prefetch. Setting to zero allows
-# unlimited messages. (integer value)
-#rabbit_qos_prefetch_count = 64
-
-# Number of seconds after which the Rabbit broker is considered down if
-# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
-# value)
-#heartbeat_timeout_threshold = 60
-
-# How often times during the heartbeat_timeout_threshold we check the
-# heartbeat. (integer value)
-#heartbeat_rate = 2
-
-# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
-# Deprecated group/name - [DEFAULT]/fake_rabbit
-#fake_rabbit = false
-
-# Maximum number of channels to allow (integer value)
-#channel_max = <None>
-
-# The maximum byte size for an AMQP frame (integer value)
-#frame_max = <None>
-
-# How often to send heartbeats for consumer's connections (integer value)
-#heartbeat_interval = 3
-
-# Enable SSL (boolean value)
-#ssl = <None>
-
-# Arguments passed to ssl.wrap_socket (dict value)
-#ssl_options = <None>
-
-# Set socket timeout in seconds for connection's socket (floating point value)
-#socket_timeout = 0.25
-
-# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating point
-# value)
-#tcp_user_timeout = 0.25
-
-# Set delay for reconnection to some host which has connection error (floating
-# point value)
-#host_connection_reconnect_delay = 0.25
-
-# Connection factory implementation (string value)
-# Allowed values: new, single, read_write
-#connection_factory = single
-
-# Maximum number of connections to keep queued. (integer value)
-#pool_max_size = 30
-
-# Maximum number of connections to create above `pool_max_size`. (integer
-# value)
-#pool_max_overflow = 0
-
-# Default number of seconds to wait for a connections to available (integer
-# value)
-#pool_timeout = 30
-
-# Lifetime of a connection (since creation) in seconds or None for no
-# recycling. Expired connections are closed on acquire. (integer value)
-#pool_recycle = 600
-
-# Threshold at which inactive (since release) connections are considered stale
-# in seconds or None for no staleness. Stale connections are closed on acquire.
-# (integer value)
-#pool_stale = 60
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Allowed values: json, msgpack
-#default_serializer_type = json
-
-# Persist notification messages. (boolean value)
-#notification_persistence = false
-
-# Exchange name for sending notifications (string value)
-#default_notification_exchange = ${control_exchange}_notification
-
-# Max number of not acknowledged message which RabbitMQ can send to
-# notification listener. (integer value)
-#notification_listener_prefetch_count = 100
-
-# Reconnecting retry count in case of connectivity problem during sending
-# notification, -1 means infinite retry. (integer value)
-#default_notification_retry_attempts = -1
-
-# Reconnecting retry delay in case of connectivity problem during sending
-# notification message (floating point value)
-#notification_retry_delay = 0.25
-
-# Time to live for rpc queues without consumers in seconds. (integer value)
-#rpc_queue_expiration = 60
-
-# Exchange name for sending RPC messages (string value)
-#default_rpc_exchange = ${control_exchange}_rpc
-
-# Exchange name for receiving RPC replies (string value)
-#rpc_reply_exchange = ${control_exchange}_rpc_reply
-
-# Max number of not acknowledged message which RabbitMQ can send to rpc
-# listener. (integer value)
-#rpc_listener_prefetch_count = 100
-
-# Max number of not acknowledged message which RabbitMQ can send to rpc reply
-# listener. (integer value)
-#rpc_reply_listener_prefetch_count = 100
-
-# Reconnecting retry count in case of connectivity problem during sending
-# reply. -1 means infinite retry during rpc_timeout (integer value)
-#rpc_reply_retry_attempts = -1
-
-# Reconnecting retry delay in case of connectivity problem during sending
-# reply. (floating point value)
-#rpc_reply_retry_delay = 0.25
-
-# Reconnecting retry count in case of connectivity problem during sending RPC
-# message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
-# request could be processed more than one time (integer value)
-#default_rpc_retry_attempts = -1
-
-# Reconnecting retry delay in case of connectivity problem during sending RPC
-# message (floating point value)
-#rpc_retry_delay = 0.25
-
-
-[oslo_messaging_zmq]
-
-#
-# From oslo.messaging
-#
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address. (string value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Allowed values: redis, sentinel, dummy
-# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is
-# unlimited. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
-# "host" option, if running Nova. (string value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_host
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after
-# closing a socket. The default value of -1 specifies an infinite linger
-# period. The value of 0 specifies no linger period. Pending messages shall be
-# discarded immediately when the socket is closed. Positive values specify an
-# upper bound for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout
-# exception when timeout expired. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target
-# ( < 0 means no timeout). (integer value)
-# Deprecated group/name - [DEFAULT]/zmq_target_expire
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target.
-# (integer value)
-# Deprecated group/name - [DEFAULT]/zmq_target_update
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
-# value)
-# Deprecated group/name - [DEFAULT]/use_pub_sub
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-# Deprecated group/name - [DEFAULT]/use_router_proxy
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only
-# with use_router_proxy=False which means to use direct connections for direct
-# message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons.
-# This option is actual only in dynamic connections mode. (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
-# Minimum value: 1
-# Maximum value: 65536
-# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError.
-# (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Allowed values: json, msgpack
-# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping
-# a queue when server side disconnects. False means to keep queue and messages
-# even if server is disconnected, when the server appears we send all
-# accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
-# other negative value) means to skip any overrides and leave it to OS default;
-# 0 and 1 (or any other positive value) mean to disable and enable the option
-# respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit
-# is platform dependent, for example, seconds in Linux, milliseconds in Windows
-# etc. The default value of -1 (or any other negative value and 0) means to
-# skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote
-# end is not available. The default value of -1 (or any other negative value
-# and 0) means to skip any overrides and leave it to OS default. (integer
-# value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if
-# acknowledgement to the previous keepalive transmission is not received. The
-# unit is platform dependent, for example, seconds in Linux, milliseconds in
-# Windows etc. The default value of -1 (or any other negative value and 0)
-# means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is
-# not tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only
-# via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry
-# attempt this timeout is multiplied by some specified multiplier. (integer
-# value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer
-# value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred:
-# positive value N means at most N retries, 0 means no retries, None or -1 (or
-# any other negative values) mean to retry forever. This option is used only if
-# acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher
-# priority then the default publishers list taken from the matchmaker. (list
-# value)
-#subscribe_on =
-
-
-[oslo_middleware]
-
-#
-# From oslo.middleware.http_proxy_to_wsgi
-#
-
-# Whether the application is behind a proxy or not. This determines if the
-# middleware should parse the headers or not. (boolean value)
-#enable_proxy_headers_parsing = false
-
-
-[oslo_policy]
-
-#
-# From oslo.policy
-#
-
-# The file that defines policies. (string value)
-# Deprecated group/name - [DEFAULT]/policy_file
-#policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string value)
-# Deprecated group/name - [DEFAULT]/policy_default_rule
-#policy_default_rule = default
-
-# Directories where policy configuration files are stored. They can be relative
-# to any directory in the search path defined by the config_dir option, or
-# absolute paths. The file defined by policy_file must exist for these
-# directories to be searched.  Missing or empty directories are ignored. (multi
-# valued)
-# Deprecated group/name - [DEFAULT]/policy_dirs
-#policy_dirs = policy.d
-
-
-[polling]
-
-#
-# From ceilometer
-#
-
-# Configuration file for pipeline definition. (string value)
-#cfg_file = polling.yaml
-
-# Work-load partitioning group prefix. Use only if you want to run multiple
-# polling agents with different config files. For each sub-group of the agent
-# pool with the same partitioning_group_prefix a disjoint subset of pollsters
-# should be loaded. (string value)
-# Deprecated group/name - [central]/partitioning_group_prefix
-#partitioning_group_prefix = <None>
-
-
-[publisher]
-
-#
-# From ceilometer
-#
-
-# Secret value for signing messages. Set value empty if signing is not required
-# to avoid computational overhead. (string value)
-# Deprecated group/name - [DEFAULT]/metering_secret
-# Deprecated group/name - [publisher_rpc]/metering_secret
-# Deprecated group/name - [publisher]/metering_secret
-#telemetry_secret = change this for valid signing
-
-
-[publisher_notifier]
-
-#
-# From ceilometer
-#
-
-# The topic that ceilometer uses for metering notifications. (string value)
-#metering_topic = metering
-
-# The topic that ceilometer uses for event notifications. (string value)
-#event_topic = event
-
-# The driver that ceilometer uses for metering notifications. (string value)
-# Deprecated group/name - [publisher_notifier]/metering_driver
-#telemetry_driver = messagingv2
-
-
-[rgw_admin_credentials]
-
-#
-# From ceilometer
-#
-
-# Access key for Radosgw Admin. (string value)
-#access_key = <None>
-
-# Secret key for Radosgw Admin. (string value)
-#secret_key = <None>
-
-
 [service_credentials]
 
-#
-# From ceilometer-auth
-#
-
 auth_type = password
 user_domain_id = {{ agent.identity.get('domain', 'default') }}
 project_domain_id = {{ agent.identity.get('domain', 'default') }}
 project_name = {{ agent.identity.tenant }}
 username = {{ agent.identity.user }}
 password = {{ agent.identity.password }}
-auth_url = http://{{ agent.identity.host }}:5000
+auth_url = {{ agent.identity.get('protocol', 'http') }}://{{ agent.identity.host }}:5000
 token_cache_time = -1
 interface = internal
 region_name = {{ agent.get('region', 'RegionOne') }}
-
-# Authentication type to load (string value)
-# Deprecated group/name - [service_credentials]/auth_plugin
-#auth_type = <None>
-
-# Config Section from which to load plugin specific options (string value)
-#auth_section = <None>
-
-# Authentication URL (string value)
-#auth_url = <None>
-
-# Domain ID to scope to (string value)
-#domain_id = <None>
-
-# Domain name to scope to (string value)
-#domain_name = <None>
-
-# Project ID to scope to (string value)
-# Deprecated group/name - [service_credentials]/tenant-id
-#project_id = <None>
-
-# Project name to scope to (string value)
-# Deprecated group/name - [service_credentials]/tenant-name
-#project_name = <None>
-
-# Domain ID containing project (string value)
-#project_domain_id = <None>
-
-# Domain name containing project (string value)
-#project_domain_name = <None>
-
-# Trust ID (string value)
-#trust_id = <None>
-
-# Optional domain ID to use with v3 and v2 parameters. It will be used for both
-# the user and project domain in v3 and ignored in v2 authentication. (string
-# value)
-#default_domain_id = <None>
-
-# Optional domain name to use with v3 API and v2 parameters. It will be used
-# for both the user and project domain in v3 and ignored in v2 authentication.
-# (string value)
-#default_domain_name = <None>
-
-# User id (string value)
-#user_id = <None>
-
-# Username (string value)
-# Deprecated group/name - [service_credentials]/user-name
-#username = <None>
-
-# User's domain id (string value)
-#user_domain_id = <None>
-
-# User's domain name (string value)
-#user_domain_name = <None>
-
-# User's password (string value)
-#password = <None>
-
-# Region name to use for OpenStack service endpoints. (string value)
-# Deprecated group/name - [DEFAULT]/os_region_name
-#region_name = <None>
-
-# Type of endpoint in Identity service catalog to use for communication with
-# OpenStack services. (string value)
-# Allowed values: public, internal, admin, auth, publicURL, internalURL, adminURL
-# Deprecated group/name - [service_credentials]/os_endpoint_type
-#interface = public
-
-
-[service_types]
-
-#
-# From ceilometer
-#
-
-# Kwapi service type. (string value)
-#kwapi = energy
-
-# Glance service type. (string value)
-#glance = image
-
-# Neutron service type. (string value)
-#neutron = network
-
-# Neutron load balancer version. (string value)
-# Allowed values: v1, v2
-#neutron_lbaas_version = v2
-
-# Nova service type. (string value)
-#nova = compute
-
-# Radosgw service type. (string value)
-#radosgw = <None>
-
-# Swift service type. (string value)
-#swift = object-store
-
-# Cinder service type. (string value)
-# Deprecated group/name - [service_types]/cinderv2
-#cinder = volumev3
-
-
-[storage]
-
-#
-# From ceilometer
-#
-
-# Maximum number of connection retries during startup. Set to -1 to specify an
-# infinite retry count. (integer value)
-# Deprecated group/name - [database]/max_retries
-#max_retries = 10
-
-# Interval (in seconds) between retries of connection. (integer value)
-# Deprecated group/name - [database]/retry_interval
-#retry_interval = 10
-
-
-[vmware]
-
-#
-# From ceilometer
-#
-
-# IP address of the VMware vSphere host. (string value)
-#host_ip =
-
-# Port of the VMware vSphere host. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#host_port = 443
-
-# Username of VMware vSphere. (string value)
-#host_username =
-
-# Password of VMware vSphere. (string value)
-#host_password =
-
-# CA bundle file to use in verifying the vCenter server certificate. (string
-# value)
-#ca_file = <None>
-
-# If true, the vCenter server certificate is not verified. If false, then the
-# default CA truststore is used for verification. This option is ignored if
-# "ca_file" is set. (boolean value)
-#insecure = false
-
-# Number of times a VMware vSphere API may be retried. (integer value)
-#api_retry_count = 10
-
-# Sleep time in seconds for polling an ongoing async task. (floating point
-# value)
-#task_poll_interval = 0.5
-
-# Optional vim service WSDL location e.g http://<server>/vimService.wsdl.
-# Optional over-ride to default location for bug work-arounds. (string value)
-#wsdl_location = <None>
-
-
-[xenapi]
-
-#
-# From ceilometer
-#
-
-# URL for connection to XenServer/Xen Cloud Platform. (string value)
-#connection_url = <None>
-
-# Username for connection to XenServer/Xen Cloud Platform. (string value)
-#connection_username = root
-
-# Password for connection to XenServer/Xen Cloud Platform. (string value)
-#connection_password = <None>
diff --git a/ceilometer/files/pike/ceilometer-server.conf.Debian b/ceilometer/files/pike/ceilometer-server.conf.Debian
index 895cdad..41cc4c4 100644
--- a/ceilometer/files/pike/ceilometer-server.conf.Debian
+++ b/ceilometer/files/pike/ceilometer-server.conf.Debian
@@ -1,748 +1,90 @@
 {%- from "ceilometer/map.jinja" import server with context -%}
 [DEFAULT]
 
-#
-# From ceilometer
-#
-
-# To reduce polling agent load, samples are sent to the notification agent in a
-# batch. To gain higher throughput at the cost of load set this to False.
-# (boolean value)
-#batch_polled_samples = true
-
-# To reduce large requests at same time to Nova or other components from
-# different compute agents, shuffle start time of polling task. (integer value)
-#shuffle_time_before_polling_task = 0
-
-# Configuration file for WSGI definition of API. (string value)
-#api_paste_config = api_paste.ini
-
-# Inspector to use for inspecting the hypervisor layer. Known inspectors are
-# libvirt, hyperv, vsphere, xenapi and powervm. (string value)
-#hypervisor_inspector = libvirt
-
-# Libvirt domain type. (string value)
-# Allowed values: kvm, lxc, qemu, uml, xen
-#libvirt_type = kvm
-
-# Override the default libvirt URI (which is dependent on libvirt_type).
-# (string value)
-#libvirt_uri =
-
-# Dispatchers to process metering data. (multi valued)
-# Deprecated group/name - [DEFAULT]/dispatcher
-#meter_dispatchers =
-
-# Dispatchers to process event data. (multi valued)
-# Deprecated group/name - [DEFAULT]/dispatcher
-#event_dispatchers =
-
-# Exchange name for Ironic notifications. (string value)
-#ironic_exchange = ironic
-
-# Exchanges name to listen for notifications. (multi valued)
-#http_control_exchanges = nova
-#http_control_exchanges = glance
-#http_control_exchanges = neutron
-#http_control_exchanges = cinder
-
-# DEPRECATED: Allow novaclient's debug log output. (Use default_log_levels
-# instead) (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#nova_http_log_debug = false
-
-# Swift reseller prefix. Must be on par with reseller_prefix in proxy-
-# server.conf. (string value)
-#reseller_prefix = AUTH_
-
-# Configuration file for pipeline definition. (string value)
-#pipeline_cfg_file = pipeline.yaml
-
-# Configuration file for event pipeline definition. (string value)
-#event_pipeline_cfg_file = event_pipeline.yaml
-
-# Refresh Pipeline configuration on-the-fly. (boolean value)
-#refresh_pipeline_cfg = false
-
-# Refresh Event Pipeline configuration on-the-fly. (boolean value)
-#refresh_event_pipeline_cfg = false
-
-# Polling interval for pipeline file configuration in seconds. (integer value)
-#pipeline_polling_interval = 20
-
-# Source for samples emitted on this instance. (string value)
-#sample_source = openstack
-
-# List of metadata prefixes reserved for metering use. (list value)
-#reserved_metadata_namespace = metering.
-
-# Limit on length of reserved metadata values. (integer value)
-#reserved_metadata_length = 256
-
-# List of metadata keys reserved for metering use. And these keys are
-# additional to the ones included in the namespace. (list value)
-#reserved_metadata_keys =
-
-# Path to the rootwrap configuration file to use for running commands as root
-# (string value)
-#rootwrap_config = /etc/ceilometer/rootwrap.conf
-
-# Exchange name for Nova notifications. (string value)
-#nova_control_exchange = nova
-
-# Exchange name for Neutron notifications. (string value)
-#neutron_control_exchange = neutron
-
-# Exchange name for Heat notifications (string value)
-#heat_control_exchange = heat
-
-# Exchange name for Glance notifications. (string value)
-#glance_control_exchange = glance
-
-# Exchange name for Keystone notifications. (string value)
-#keystone_control_exchange = keystone
-
-# Exchange name for Cinder notifications. (string value)
-#cinder_control_exchange = cinder
-
-# Exchange name for Data Processing notifications. (string value)
-#sahara_control_exchange = sahara
-
-# Exchange name for Swift notifications. (string value)
-#swift_control_exchange = swift
-
-# Exchange name for Magnum notifications. (string value)
-#magnum_control_exchange = magnum
-
-# Exchange name for DBaaS notifications. (string value)
-#trove_control_exchange = trove
-
-# Exchange name for Messaging service notifications. (string value)
-#zaqar_control_exchange = zaqar
-
-# Exchange name for DNS service notifications. (string value)
-#dns_control_exchange = central
-
-# Exchange name for ceilometer notifications. (string value)
-#ceilometer_control_exchange = ceilometer
-
-# Name of this node, which must be valid in an AMQP key. Can be an opaque
-# identifier. For ZeroMQ only, must be a valid host name, FQDN, or IP address.
-# (string value)
-#host = <your_hostname>
-
-# Timeout seconds for HTTP requests. Set it to None to disable timeout.
-# (integer value)
-#http_timeout = 600
-
-#
-# From oslo.log
-#
-
-# If set to true, the logging level will be set to DEBUG instead of the default
-# INFO level. (boolean value)
-# Note: This option can be changed without restarting.
-#debug = false
-debug = false
-
-# DEPRECATED: If set to false, the logging level will be set to WARNING instead
-# of the default INFO level. (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#verbose = true
-
-# The name of a logging configuration file. This file is appended to any
-# existing logging configuration files. For details about logging configuration
-# files, see the Python logging module documentation. Note that when logging
-# configuration files are used then all logging configuration is set in the
-# configuration file and other logging configuration options are ignored (for
-# example, logging_context_format_string). (string value)
-# Note: This option can be changed without restarting.
-# Deprecated group/name - [DEFAULT]/log_config
-#log_config_append = <None>
-{%- if server.logging.log_appender %}
-log_config_append=/etc/ceilometer/logging.conf
-{%- endif %}
-
-# Defines the format string for %%(asctime)s in log records. Default:
-# %(default)s . This option is ignored if log_config_append is set. (string
-# value)
-#log_date_format = %Y-%m-%d %H:%M:%S
-
-# (Optional) Name of log file to send logging output to. If no default is set,
-# logging will go to stderr as defined by use_stderr. This option is ignored if
-# log_config_append is set. (string value)
-# Deprecated group/name - [DEFAULT]/logfile
-#log_file = <None>
-
-# (Optional) The base directory used for relative log_file  paths. This option
-# is ignored if log_config_append is set. (string value)
-# Deprecated group/name - [DEFAULT]/logdir
-#log_dir = <None>
-
-# Uses logging handler designed to watch file system. When log file is moved or
-# removed this handler will open a new log file with specified path
-# instantaneously. It makes sense only if log_file option is specified and
-# Linux platform is used. This option is ignored if log_config_append is set.
-# (boolean value)
-#watch_log_file = false
-
-# Use syslog for logging. Existing syslog format is DEPRECATED and will be
-# changed later to honor RFC5424. This option is ignored if log_config_append
-# is set. (boolean value)
-#use_syslog = false
-
-# Syslog facility to receive log lines. This option is ignored if
-# log_config_append is set. (string value)
-#syslog_log_facility = LOG_USER
-
-# Log output to standard error. This option is ignored if log_config_append is
-# set. (boolean value)
-#use_stderr = false
-
-# Format string to use for log messages with context. (string value)
-#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
-
-# Format string to use for log messages when context is undefined. (string
-# value)
-#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
-
-# Additional data to append to log message when logging level for the message
-# is DEBUG. (string value)
-#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
-
-# Prefix each line of exception output with this format. (string value)
-#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
-
-# Defines the format string for %(user_identity)s that is used in
-# logging_context_format_string. (string value)
-#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
-
-# List of package logging levels in logger=LEVEL pairs. This option is ignored
-# if log_config_append is set. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
-
-# Enables or disables publication of error events. (boolean value)
-#publish_errors = false
-
-# The format for an instance that is passed with the log message. (string
-# value)
-#instance_format = "[instance: %(uuid)s] "
-
-# The format for an instance UUID that is passed with the log message. (string
-# value)
-#instance_uuid_format = "[instance: %(uuid)s] "
-
-# Interval, number of seconds, of log rate limiting. (integer value)
-#rate_limit_interval = 0
-
-# Maximum number of logged messages per rate_limit_interval. (integer value)
-#rate_limit_burst = 0
-
-# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
-# or empty string. Logs with level greater or equal to rate_limit_except_level
-# are not filtered. An empty string means that all levels are filtered. (string
-# value)
-#rate_limit_except_level = CRITICAL
-
-# Enables or disables fatal status of deprecations. (boolean value)
-#fatal_deprecations = false
-
-#
-# From oslo.messaging
-#
-
-# Size of RPC connection pool. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
-#rpc_conn_pool_size = 30
-
-# The pool size limit for connections expiration policy (integer value)
-#conn_pool_min_size = 2
-
-# The time-to-live in sec of idle connections in the pool (integer value)
-#conn_pool_ttl = 1200
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address. (string value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Allowed values: redis, sentinel, dummy
-# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is
-# unlimited. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
-# "host" option, if running Nova. (string value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_host
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after
-# closing a socket. The default value of -1 specifies an infinite linger
-# period. The value of 0 specifies no linger period. Pending messages shall be
-# discarded immediately when the socket is closed. Positive values specify an
-# upper bound for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout
-# exception when timeout expired. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target
-# ( < 0 means no timeout). (integer value)
-# Deprecated group/name - [DEFAULT]/zmq_target_expire
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target.
-# (integer value)
-# Deprecated group/name - [DEFAULT]/zmq_target_update
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
-# value)
-# Deprecated group/name - [DEFAULT]/use_pub_sub
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-# Deprecated group/name - [DEFAULT]/use_router_proxy
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only
-# with use_router_proxy=False which means to use direct connections for direct
-# message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons.
-# This option is actual only in dynamic connections mode. (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
-# Minimum value: 1
-# Maximum value: 65536
-# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError.
-# (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Allowed values: json, msgpack
-# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping
-# a queue when server side disconnects. False means to keep queue and messages
-# even if server is disconnected, when the server appears we send all
-# accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
-# other negative value) means to skip any overrides and leave it to OS default;
-# 0 and 1 (or any other positive value) mean to disable and enable the option
-# respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit
-# is platform dependent, for example, seconds in Linux, milliseconds in Windows
-# etc. The default value of -1 (or any other negative value and 0) means to
-# skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote
-# end is not available. The default value of -1 (or any other negative value
-# and 0) means to skip any overrides and leave it to OS default. (integer
-# value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if
-# acknowledgement to the previous keepalive transmission is not received. The
-# unit is platform dependent, for example, seconds in Linux, milliseconds in
-# Windows etc. The default value of -1 (or any other negative value and 0)
-# means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is
-# not tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only
-# via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry
-# attempt this timeout is multiplied by some specified multiplier. (integer
-# value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer
-# value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred:
-# positive value N means at most N retries, 0 means no retries, None or -1 (or
-# any other negative values) mean to retry forever. This option is used only if
-# acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher
-# priority then the default publishers list taken from the matchmaker. (list
-# value)
-#subscribe_on =
-
-# Size of executor thread pool. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
-#executor_thread_pool_size = 64
-{%- if server.message_queue.rpc_thread_pool_size is defined %}
-executor_thread_pool_size = {{ server.message_queue.rpc_thread_pool_size }}
-{%- endif %}
-
-# Seconds to wait for a response from a call. (integer value)
-#rpc_response_timeout = 60
-
-# A URL representing the messaging driver to use and its full configuration.
-# (string value)
-#transport_url = <None>
-{%- if server.message_queue.members is defined %}
-transport_url = rabbit://{% for member in server.message_queue.members -%}
-                             {{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
-                             {%- if not loop.last -%},{%- endif -%}
-                         {%- endfor -%}
-                             /{{ server.message_queue.virtual_host }}
-{%- else %}
-transport_url = rabbit://{{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ server.message_queue.host }}:{{ server.message_queue.port }}/{{ server.message_queue.virtual_host }}
-{%- endif %}
-
-# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
-# include amqp and zmq. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rpc_backend = rabbit
-
-# The default exchange under which topics are scoped. May be overridden by an
-# exchange name specified in the transport_url option. (string value)
-#control_exchange = openstack
-
-#
-# From oslo.service.service
-#
-
-# Enable eventlet backdoor.  Acceptable values are 0, <port>, and
-# <start>:<end>, where 0 results in listening on a random tcp port number;
-# <port> results in listening on the specified port number (and not enabling
-# backdoor if that port is in use); and <start>:<end> results in listening on
-# the smallest unused port number within the specified range of port numbers.
-# The chosen port is displayed in the service's log file. (string value)
-#backdoor_port = <None>
-
-# Enable eventlet backdoor, using the provided path as a unix socket that can
-# receive connections. This option is mutually exclusive with 'backdoor_port'
-# in that only one should be provided. If both are provided then the existence
-# of this option overrides the usage of that option. (string value)
-#backdoor_socket = <None>
-
-# Enables or disables logging values of all registered options when starting a
-# service (at DEBUG level). (boolean value)
-#log_options = true
-
-# Specify a timeout after which a gracefully shutdown server will exit. Zero
-# value means endless wait. (integer value)
-#graceful_shutdown_timeout = 60
-
-# List of pollsters (or wildcard templates) to be used while polling
-#pollster_list =
-{%- if server.pollster_list is defined %}
-pollster_list = {{ server.pollster_list }}
-{%- endif %}
 
-# To reduce polling agent load, samples are sent to the notification
-# agent in a batch. To gain higher throughput at the cost of load set
-# this to False.
-#batch_polled_samples = True
 {%- if server.batch_polled_samples is defined %}
 batch_polled_samples = {{ server.batch_polled_samples|lower }}
 {%- endif %}
 
-[api]
+{%- if server.debug is defined %}
+debug = {{ server.debug }}
+{%- endif %}
 
-#
-# From ceilometer
-#
-
-# Default maximum number of items returned by API request. (integer value)
-# Minimum value: 1
-#default_api_return_limit = 100
-
-# Set True to disable resource/meter/sample URLs. Default autodetection by
-# querying keystone. (boolean value)
-#gnocchi_is_enabled = <None>
-
-# Set True to redirect alarms URLs to aodh. Default autodetection by querying
-# keystone. (boolean value)
-#aodh_is_enabled = <None>
-
-# The endpoint of Aodh to redirect alarms URLs to Aodh API. Default
-# autodetection by querying keystone. (string value)
-#aodh_url = <None>
-
-# Set True to redirect events URLs to Panko. Default autodetection by querying
-# keystone. (boolean value)
-#panko_is_enabled = <None>
-
-# The endpoint of Panko to redirect events URLs to Panko API. Default
-# autodetection by querying keystone. (string value)
-#panko_url = <None>
+{%- if server.logging.log_appender %}
+log_config_append=/etc/ceilometer/logging.conf
+{%- endif %}
 
 
-[collector]
+{%- if server.message_queue.rpc_thread_pool_size is defined %}
+executor_thread_pool_size = {{ server.message_queue.rpc_thread_pool_size }}
+{%- endif %}
 
-#
-# From ceilometer
-#
-
-# Address to which the UDP socket is bound. Set to an empty string to disable.
-# (string value)
-#udp_address = 0.0.0.0
-
-# Port to which the UDP socket is bound. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#udp_port = 4952
-
-# Number of notification messages to wait before dispatching them (integer
-# value)
-#batch_size = 1
-
-# Number of seconds to wait before dispatching samples when batch_size is not
-# reached (None means indefinitely) (integer value)
-#batch_timeout = <None>
-
-# Number of workers for collector service. default value is 1. (integer value)
-# Minimum value: 1
-# Deprecated group/name - [DEFAULT]/collector_workers
-#workers = 1
-
-
-[compute]
-
-#
-# From ceilometer
-#
-
-# DEPRECATED: Enable work-load partitioning, allowing multiple compute agents
-# to be run simultaneously. (replaced by instance_discovery_method) (boolean
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#workload_partitioning = false
-
-# Ceilometer offers many methods to discover the instance running on a compute
-# node:
-# * naive: poll nova to get all instances
-# * workload_partitioning: poll nova to get instances of the compute
-# * libvirt_metadata: get instances from libvirt metadata   but without
-# instance metadata (recommended for Gnocchi   backend (string value)
-# Allowed values: naive, workload_partitioning, libvirt_metadata
-#instance_discovery_method = libvirt_metadata
-
-# New instances will be discovered periodically based on this option (in
-# seconds). By default, the agent discovers instances according to pipeline
-# polling interval. If option is greater than 0, the instance list to poll will
-# be updated based on this option's interval. Measurements relating to the
-# instances will match intervals defined in pipeline.  (integer value)
-# Minimum value: 0
-#resource_update_interval = 0
-
-# The expiry to totally refresh the instances resource cache, since the
-# instance may be migrated to another host, we need to clean the legacy
-# instances info in local cache by totally refreshing the local cache. The
-# minimum should be the value of the config option of resource_update_interval.
-# This option is only used for agent polling to Nova API, so it will works only
-# when 'instance_discovery_method' was set to 'naive'. (integer value)
-# Minimum value: 0
-#resource_cache_expiry = 3600
-
+{%- set rabbit_port = server.message_queue.get('port', 5671 if server.message_queue.get('ssl',{}).get('enabled', False)  else 5672) %}
+{%- if server.message_queue.members is defined %}
+transport_url = rabbit://{% for member in server.message_queue.members -%}
+                             {{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ member.host }}:{{  member.get('port', rabbit_port) }}
+                             {%- if not loop.last -%},{%- endif -%}
+                         {%- endfor -%}
+                             /{{ server.message_queue.virtual_host }}
+{%- else %}
+transport_url = rabbit://{{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ server.message_queue.host }}:{{ rabbit_port }}/{{ server.message_queue.virtual_host }}
+{%- endif %}
 
 [coordination]
 
-#
-# From ceilometer
-#
 
-# The backend URL to use for distributed coordination. If left empty, per-
-# deployment central agent and per-host compute agent won't do workload
-# partitioning and will only function correctly if a single instance of that
-# service is running. (string value)
-#backend_url = <None>
+{%- if server.coordination_backend is defined %}
+backend_url = {{ server.coordination_backend.url }}
+{%-  endif %}
 
-# Number of seconds between heartbeats for distributed coordination. (floating
-# point value)
-#heartbeat = 1.0
+{%- if server.get('coordination_backend', {}).heartbeat is defined %}
+heartbeat = {{ server.coordination_backend.heartbeat }}
+{%- endif %}
 
-# Number of seconds between checks to see if group membership has changed
-# (floating point value)
-#check_watchers = 10.0
+{%- if server.get('coordination_backend', {}).check_watchers is defined %}
+check_watchers = {{ server.coordination_backend.check_watchers }}
+{%- endif %}
 
-# Retry backoff factor when retrying to connect with coordination backend
-# (integer value)
-#retry_backoff = 1
+{%- if server.get('coordination_backend', {}).retry_backoff is defined %}
+retry_backoff = {{ server.coordination_backend.retry_backoff }}
+{%- endif %}
 
-# Maximum number of seconds between retry to join partitioning group (integer
-# value)
-#max_retry_interval = 30
+{%- if server.get('coordination_backend', {}).max_retry_interval is defined %}
+max_retry_interval = {{ server.coordination_backend.max_retry_interval }}
+{%- endif %}
 
 
 [cors]
 
-#
-# From oslo.middleware.cors
-#
 
-# Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
-# slash. Example: https://horizon.example.com (list value)
-#allowed_origin = <None>
 {% if server.get('cors', {}).allowed_origin is defined %}
 allowed_origin = {{ server.cors.allowed_origin }}
 {% endif %}
 
-# Indicate that the actual request can include user credentials (boolean value)
-#allow_credentials = true
 {% if server.get('cors', {}).allow_credentials is defined %}
 allow_credentials = {{ server.cors.allow_credentials }}
 {% endif %}
 
-# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
-# Headers. (list value)
-#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-Openstack-Request-Id
 {% if server.get('cors', {}).expose_headers is defined %}
 expose_headers = {{ server.cors.expose_headers }}
 {% endif %}
 
-# Maximum cache age of CORS preflight requests. (integer value)
-#max_age = 3600
 {% if server.get('cors', {}).max_age is defined %}
 max_age = {{ server.cors.max_age }}
 {% endif %}
 
-# Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,PUT,POST,DELETE,PATCH
 {% if server.get('cors', {}).allow_methods is defined %}
 allow_methods = {{ server.cors.allow_methods }}
 {% endif %}
 
-# Indicate which header field names may be used during the actual request.
-# (list value)
-#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-Openstack-Request-Id
 {% if server.get('cors', {}).allow_headers is defined %}
 allow_headers = {{ server.cors.allow_headers }}
 {% endif %}
 
 
-[cors.subdomain]
-
-#
-# From oslo.middleware.cors
-#
-
-# Indicate whether this resource may be shared with the domain received in the
-# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
-# slash. Example: https://horizon.example.com (list value)
-#allowed_origin = <None>
-
-# Indicate that the actual request can include user credentials (boolean value)
-#allow_credentials = true
-
-# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
-# Headers. (list value)
-#expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-Openstack-Request-Id
-
-# Maximum cache age of CORS preflight requests. (integer value)
-#max_age = 3600
-
-# Indicate which methods can be used during the actual request. (list value)
-#allow_methods = GET,PUT,POST,DELETE,PATCH
-
-# Indicate which header field names may be used during the actual request.
-# (list value)
-#allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-Openstack-Request-Id
-
-
 [database]
 
-#
-# From ceilometer
-#
-
-# Number of seconds that samples are kept in the database for (<= 0 means
-# forever). (integer value)
-# Deprecated group/name - [database]/time_to_live
-#metering_time_to_live = -1
-
-# The connection string used to connect to the metering database. (if unset,
-# connection is used) (string value)
-#metering_connection = <None>
-
-# Indicates if expirer expires only samples. If set true, expired samples will
-# be deleted, but residual resource and meter definition data will remain.
-# (boolean value)
-#sql_expire_samples_only = false
-
-#
-# From oslo.db
-#
-
-# DEPRECATED: The file name to use with SQLite. (string value)
-# Deprecated group/name - [DEFAULT]/sqlite_db
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Should use config option connection or slave_connection to connect
-# the database.
-#sqlite_db = oslo.sqlite
-
-# If True, SQLite uses synchronous mode. (boolean value)
-# Deprecated group/name - [DEFAULT]/sqlite_synchronous
-#sqlite_synchronous = true
-
-# The back end to use for the database. (string value)
-# Deprecated group/name - [DEFAULT]/db_backend
-#backend = sqlalchemy
-
-# The SQLAlchemy connection string to use to connect to the database. (string
-# value)
-# Deprecated group/name - [DEFAULT]/sql_connection
-# Deprecated group/name - [DATABASE]/sql_connection
-# Deprecated group/name - [sql]/connection
-#connection = <None>
-
+{%- if server.get('database', False) %}
 {%- if server.database.influxdb is defined %}
 {%- if server.database.influxdb.members is defined %}
 metering_connection = {% for member in server.database.influxdb.members -%}
@@ -770,1310 +112,39 @@
 connection={{ server.database.engine }}://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}:{{ server.database.port }}/{{ server.database.name }}
 {%- endif %}
 {%- endif %}
-
-# The SQLAlchemy connection string to use to connect to the slave database.
-# (string value)
-#slave_connection = <None>
-
-# The SQL mode to be used for MySQL sessions. This option, including the
-# default, overrides any server-set SQL mode. To use whatever SQL mode is set
-# by the server configuration, set this to no value. Example: mysql_sql_mode=
-# (string value)
-#mysql_sql_mode = TRADITIONAL
-
-# Timeout before idle SQL connections are reaped. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_idle_timeout
-# Deprecated group/name - [DATABASE]/sql_idle_timeout
-# Deprecated group/name - [sql]/idle_timeout
-#idle_timeout = 3600
-
-# Minimum number of SQL connections to keep open in a pool. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_min_pool_size
-# Deprecated group/name - [DATABASE]/sql_min_pool_size
-#min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool. Setting a value of
-# 0 indicates no limit. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_pool_size
-# Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size = 5
-
-# Maximum number of database connection retries during startup. Set to -1 to
-# specify an infinite retry count. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_retries
-# Deprecated group/name - [DATABASE]/sql_max_retries
-#max_retries = 10
-
-# Interval between retries of opening a SQL connection. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_retry_interval
-# Deprecated group/name - [DATABASE]/reconnect_interval
-#retry_interval = 10
-
-# If set, use this value for max_overflow with SQLAlchemy. (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_overflow
-# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow = 50
-
-# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer
-# value)
-# Minimum value: 0
-# Maximum value: 100
-# Deprecated group/name - [DEFAULT]/sql_connection_debug
-#connection_debug = 0
-
-# Add Python stack traces to SQL as comment strings. (boolean value)
-# Deprecated group/name - [DEFAULT]/sql_connection_trace
-#connection_trace = false
-
-# If set, use this value for pool_timeout with SQLAlchemy. (integer value)
-# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
-#pool_timeout = <None>
-
-# Enable the experimental use of database reconnect on connection lost.
-# (boolean value)
-#use_db_reconnect = false
-
-# Seconds between retries of a database transaction. (integer value)
-#db_retry_interval = 1
-
-# If True, increases the interval between retries of a database operation up to
-# db_max_retry_interval. (boolean value)
-#db_inc_retry_interval = true
-
-# If db_inc_retry_interval is set, the maximum seconds between retries of a
-# database operation. (integer value)
-#db_max_retry_interval = 10
-
-# Maximum retries in case of connection error or deadlock error before error is
-# raised. Set to -1 to specify an infinite retry count. (integer value)
-#db_max_retries = 20
-
-
-[dispatcher_file]
-
-#
-# From ceilometer
-#
-
-# Name and the location of the file to record meters. (string value)
-#file_path = <None>
-
-# The max size of the file. (integer value)
-#max_bytes = 0
-
-# The max number of the files to keep. (integer value)
-#backup_count = 0
-
-
-[dispatcher_gnocchi]
-
-#
-# From ceilometer
-#
-
-# Filter out samples generated by Gnocchi service activity (boolean value)
-#filter_service_activity = true
-
-# Gnocchi project used to filter out samples generated by Gnocchi service
-# activity (string value)
-#filter_project = gnocchi
-
-# The archive policy to use when the dispatcher create a new metric. (string
-# value)
-#archive_policy = <None>
-
-# The Yaml file that defines mapping between samples and gnocchi
-# resources/metrics (string value)
-#resources_definition_file = gnocchi_resources.yaml
-
-
-[dispatcher_http]
-
-#
-# From ceilometer
-#
-
-# The target where the http request will be sent. If this is not set, no data
-# will be posted. For example: target = http://hostname:1234/path (string
-# value)
-#target =
-
-# The target for event data where the http request will be sent to. If this is
-# not set, it will default to same as Sample target. (string value)
-#event_target = <None>
-
-# The max time in seconds to wait for a request to timeout. (integer value)
-#timeout = 5
-
-# The path to a server certificate or directory if the system CAs are not used
-# or if a self-signed certificate is used. Set to False to ignore SSL cert
-# verification. (string value)
-#verify_ssl = <None>
-
-# Indicates whether samples are published in a batch. (boolean value)
-#batch_mode = false
-
-
-[event]
-
-#
-# From ceilometer
-#
-
-# Configuration file for event definitions. (string value)
-#definitions_cfg_file = event_definitions.yaml
-
-# Drop notifications if no event definition matches. (Otherwise, we convert
-# them with just the default traits) (boolean value)
-#drop_unmatched_notifications = false
-
-# Store the raw notification for select priority levels (info and/or error). By
-# default, raw details are not captured. (multi valued)
-#store_raw =
-
-
-[hardware]
-
-#
-# From ceilometer
-#
-
-# URL scheme to use for hardware nodes. (string value)
-#url_scheme = snmp://
-
-# SNMPd user name of all nodes running in the cloud. (string value)
-#readonly_user_name = ro_snmp_user
-
-# SNMPd v3 authentication password of all the nodes running in the cloud.
-# (string value)
-#readonly_user_password = password
-
-# SNMPd v3 authentication algorithm of all the nodes running in the cloud
-# (string value)
-# Allowed values: md5, sha
-#readonly_user_auth_proto = <None>
-
-# SNMPd v3 encryption algorithm of all the nodes running in the cloud (string
-# value)
-# Allowed values: des, aes128, 3des, aes192, aes256
-#readonly_user_priv_proto = <None>
-
-# SNMPd v3 encryption password of all the nodes running in the cloud. (string
-# value)
-#readonly_user_priv_password = <None>
-
-# Name of the control plane Tripleo network (string value)
-#tripleo_network_name = ctlplane
-
-# Configuration file for defining hardware snmp meters. (string value)
-#meter_definitions_file = snmp.yaml
-
-
-[ipmi]
-
-#
-# From ceilometer
-#
-
-# Number of retries upon Intel Node Manager initialization failure (integer
-# value)
-#node_manager_init_retry = 3
-
-# Tolerance of IPMI/NM polling failures before disable this pollster. Negative
-# indicates retrying forever. (integer value)
-#polling_retry = 3
-
+{%- endif %}
 
 [keystone_authtoken]
 
-#
-# From keystonemiddleware.auth_token
-#auth_type = password
-
 auth_type = password
 user_domain_id = {{ server.identity.get('domain', 'default') }}
 project_domain_id = {{ server.identity.get('domain', 'default') }}
 project_name = {{ server.identity.tenant }}
 username = {{ server.identity.user }}
 password = {{ server.identity.password }}
-auth_uri = http://{{ server.identity.host }}:5000
-auth_url = http://{{ server.identity.host }}:35357
+auth_uri = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000
+auth_url = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
 interface = internal
 
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+
 {%- if server.cache is defined %}
 memcached_servers = {%- for member in server.cache.members %}{{ member.host }}:{{ member.get('port', '11211') }}{% if not loop.last %},{% endif %}{%- endfor %}
 {%- else %}
 token_cache_time = -1
 {%- endif %}
 
-# Complete "public" Identity API endpoint. This endpoint should not be an
-# "admin" endpoint, as it should be accessible by all end users.
-# Unauthenticated clients are redirected to this endpoint to authenticate.
-# Although this endpoint should  ideally be unversioned, client support in the
-# wild varies.  If you're using a versioned v2 endpoint here, then this  should
-# *not* be the same endpoint the service user utilizes  for validating tokens,
-# because normal end users may not be  able to reach that endpoint. (string
-# value)
-#auth_uri = <None>
-
-# API version of the admin Identity API endpoint. (string value)
-#auth_version = <None>
-
-# Do not handle authorization requests within the middleware, but delegate the
-# authorization decision to downstream WSGI components. (boolean value)
-#delay_auth_decision = false
-
-# Request timeout value for communicating with Identity API server. (integer
-# value)
-#http_connect_timeout = <None>
-
-# How many times are we trying to reconnect when communicating with Identity
-# API Server. (integer value)
-#http_request_max_retries = 3
-
-# Request environment key where the Swift cache object is stored. When
-# auth_token middleware is deployed with a Swift cache, use this option to have
-# the middleware share a caching backend with swift. Otherwise, use the
-# ``memcached_servers`` option instead. (string value)
-#cache = <None>
-
-# Required if identity server requires client certificate (string value)
-#certfile = <None>
-
-# Required if identity server requires client certificate (string value)
-#keyfile = <None>
-
-# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
-# Defaults to system CAs. (string value)
-#cafile = <None>
-
-# Verify HTTPS connections. (boolean value)
-#insecure = false
-
-# The region in which the identity server can be found. (string value)
-#region_name = <None>
-
-# DEPRECATED: Directory used to cache files related to PKI tokens. This option
-# has been deprecated in the Ocata release and will be removed in the P
-# release. (string value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#signing_dir = <None>
-
-# Optionally specify a list of memcached server(s) to use for caching. If left
-# undefined, tokens will instead be cached in-process. (list value)
-# Deprecated group/name - [keystone_authtoken]/memcache_servers
-#memcached_servers = <None>
-
-# In order to prevent excessive effort spent validating tokens, the middleware
-# caches previously-seen tokens for a configurable duration (in seconds). Set
-# to -1 to disable caching completely. (integer value)
-#token_cache_time = 300
-
-# DEPRECATED: Determines the frequency at which the list of revoked tokens is
-# retrieved from the Identity service (in seconds). A high number of revocation
-# events combined with a low cache duration may significantly reduce
-# performance. Only valid for PKI tokens. This option has been deprecated in
-# the Ocata release and will be removed in the P release. (integer value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#revocation_cache_time = 10
-
-# (Optional) If defined, indicate whether token data should be authenticated or
-# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
-# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
-# cache. If the value is not one of these options or empty, auth_token will
-# raise an exception on initialization. (string value)
-# Allowed values: None, MAC, ENCRYPT
-#memcache_security_strategy = None
-
-# (Optional, mandatory if memcache_security_strategy is defined) This string is
-# used for key derivation. (string value)
-#memcache_secret_key = <None>
-
-# (Optional) Number of seconds memcached server is considered dead before it is
-# tried again. (integer value)
-#memcache_pool_dead_retry = 300
-
-# (Optional) Maximum total number of open connections to every memcached
-# server. (integer value)
-#memcache_pool_maxsize = 10
-
-# (Optional) Socket timeout in seconds for communicating with a memcached
-# server. (integer value)
-#memcache_pool_socket_timeout = 3
-
-# (Optional) Number of seconds a connection to memcached is held unused in the
-# pool before it is closed. (integer value)
-#memcache_pool_unused_timeout = 60
-
-# (Optional) Number of seconds that an operation will wait to get a memcached
-# client connection from the pool. (integer value)
-#memcache_pool_conn_get_timeout = 10
-
-# (Optional) Use the advanced (eventlet safe) memcached client pool. The
-# advanced pool will only work under python 2.x. (boolean value)
-#memcache_use_advanced_pool = false
-
-# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
-# middleware will not ask for service catalog on token validation and will not
-# set the X-Service-Catalog header. (boolean value)
-#include_service_catalog = true
-
-# Used to control the use and type of token binding. Can be set to: "disabled"
-# to not check token binding. "permissive" (default) to validate binding
-# information if the bind type is of a form known to the server and ignore it
-# if not. "strict" like "permissive" but if the bind type is unknown the token
-# will be rejected. "required" any form of token binding is needed to be
-# allowed. Finally the name of a binding method that must be present in tokens.
-# (string value)
-#enforce_token_bind = permissive
-
-# DEPRECATED: If true, the revocation list will be checked for cached tokens.
-# This requires that PKI tokens are configured on the identity server. (boolean
-# value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#check_revocations_for_cached = false
-
-# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a
-# single algorithm or multiple. The algorithms are those supported by Python
-# standard hashlib.new(). The hashes will be tried in the order given, so put
-# the preferred one first for performance. The result of the first hash will be
-# stored in the cache. This will typically be set to multiple values only while
-# migrating from a less secure algorithm to a more secure one. Once all the old
-# tokens are expired this option should be set to a single value for better
-# performance. (list value)
-# This option is deprecated for removal since Ocata.
-# Its value may be silently ignored in the future.
-# Reason: PKI token format is no longer supported.
-#hash_algorithms = md5
-
-# A choice of roles that must be present in a service token. Service tokens are
-# allowed to request that an expired token can be used and so this check should
-# tightly control that only actual services should be sending this token. Roles
-# here are applied as an ANY check so any role in this list must be present.
-# For backwards compatibility reasons this currently only affects the
-# allow_expired check. (list value)
-#service_token_roles = service
-
-# For backwards compatibility reasons we must let valid service tokens pass
-# that don't pass the service_token_roles check as valid. Setting this true
-# will become the default in a future release and should be enabled if
-# possible. (boolean value)
-#service_token_roles_required = false
-
-# Authentication type to load (string value)
-# Deprecated group/name - [keystone_authtoken]/auth_plugin
-#auth_type = <None>
-
-# Config Section from which to load plugin specific options (string value)
-#auth_section = <None>
-
-
-[matchmaker_redis]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Host to locate redis. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#host = 127.0.0.1
-
-# DEPRECATED: Use this port to connect to redis host. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#port = 6379
-
-# DEPRECATED: Password for Redis server (optional). (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#password =
-
-# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g.,
-# [host:port, host1:port ... ] (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#sentinel_hosts =
-
-# Redis replica set name. (string value)
-#sentinel_group_name = oslo-messaging-zeromq
-
-# Time in ms to wait between connection attempts. (integer value)
-#wait_timeout = 2000
-
-# Time in ms to wait before the transaction is killed. (integer value)
-#check_timeout = 20000
-
-# Timeout in ms on blocking socket operations. (integer value)
-#socket_timeout = 10000
-
-
-[meter]
-
-#
-# From ceilometer
-#
-
-# Configuration file for defining meter notifications. (string value)
-#meter_definitions_cfg_file = meters.yaml
-
-
-[notification]
-
-#
-# From ceilometer
-#
-
-# Number of queues to parallelize workload across. This value should be larger
-# than the number of active notification agents for optimal results. WARNING:
-# Once set, lowering this value may result in lost data. (integer value)
-# Minimum value: 1
-#pipeline_processing_queues = 10
-
-# Acknowledge message when event persistence fails. (boolean value)
-# Deprecated group/name - [collector]/ack_on_event_error
-#ack_on_event_error = true
-
-# Enable workload partitioning, allowing multiple notification agents to be run
-# simultaneously. (boolean value)
-#workload_partitioning = false
-
-# Messaging URLs to listen for notifications. Example:
-# rabbit://user:pass@host1:port1[,user:pass@hostN:portN]/virtual_host
-# (DEFAULT/transport_url is used if empty). This is useful when you have
-# dedicate messaging nodes for each service, for example, all nova
-# notifications go to rabbit-nova:5672, while all cinder notifications go to
-# rabbit-cinder:5672. (multi valued)
-#messaging_urls =
-
-# Number of notification messages to wait before publishing them. Batching is
-# advised when transformations are applied in pipeline. (integer value)
-# Minimum value: 1
-#batch_size = 100
-
-# Number of seconds to wait before publishing samples when batch_size is not
-# reached (None means indefinitely) (integer value)
-#batch_timeout = 5
-
-# Number of workers for notification service, default value is 1. (integer
-# value)
-# Minimum value: 1
-# Deprecated group/name - [DEFAULT]/notification_workers
-#workers = 1
-
-
-[oslo_concurrency]
-
-#
-# From oslo.concurrency
-#
-
-# Enables or disables inter-process locks. (boolean value)
-# Deprecated group/name - [DEFAULT]/disable_process_locking
-#disable_process_locking = false
-
-# Directory to use for lock files.  For security, the specified directory
-# should only be writable by the user running the processes that need locking.
-# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used,
-# a lock path must be set. (string value)
-# Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
-
-
-[oslo_messaging_amqp]
-
-#
-# From oslo.messaging
-#
-
-# Name for the AMQP container. must be globally unique. Defaults to a generated
-# UUID (string value)
-# Deprecated group/name - [amqp1]/container_name
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-# Deprecated group/name - [amqp1]/idle_timeout
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-# Deprecated group/name - [amqp1]/trace
-#trace = false
-
-# CA certificate PEM file used to verify the server's certificate (string
-# value)
-# Deprecated group/name - [amqp1]/ssl_ca_file
-#ssl_ca_file =
-
-# Self-identifying certificate PEM file for client authentication (string
-# value)
-# Deprecated group/name - [amqp1]/ssl_cert_file
-#ssl_cert_file =
-
-# Private key PEM file used to sign ssl_cert_file certificate (optional)
-# (string value)
-# Deprecated group/name - [amqp1]/ssl_key_file
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-# Deprecated group/name - [amqp1]/ssl_key_password
-#ssl_key_password = <None>
-
-# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value)
-# Deprecated group/name - [amqp1]/allow_insecure_clients
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Not applicable - not a SSL server
-#allow_insecure_clients = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-# Deprecated group/name - [amqp1]/sasl_mechanisms
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string value)
-# Deprecated group/name - [amqp1]/sasl_config_dir
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-# Deprecated group/name - [amqp1]/sasl_config_name
-#sasl_config_name =
-
-# User name for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/username
-#username =
-
-# Password for message broker authentication (string value)
-# Deprecated group/name - [amqp1]/password
-#password =
-
-# Seconds to pause before attempting to re-connect. (integer value)
-# Minimum value: 1
-#connection_retry_interval = 1
-
-# Increase the connection_retry_interval by this many seconds after each
-# unsuccessful failover attempt. (integer value)
-# Minimum value: 0
-#connection_retry_backoff = 2
-
-# Maximum limit for connection_retry_interval + connection_retry_backoff
-# (integer value)
-# Minimum value: 1
-#connection_retry_interval_max = 30
-
-# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
-# recoverable error. (integer value)
-# Minimum value: 1
-#link_retry_delay = 10
-
-# The maximum number of attempts to re-send a reply message which failed due to
-# a recoverable error. (integer value)
-# Minimum value: -1
-#default_reply_retry = 0
-
-# The deadline for an rpc reply message delivery. (integer value)
-# Minimum value: 5
-#default_reply_timeout = 30
-
-# The deadline for an rpc cast or call message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_send_timeout = 30
-
-# The deadline for a sent notification message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_notify_timeout = 30
-
-# The duration to schedule a purge of idle sender links. Detach link after
-# expiry. (integer value)
-# Minimum value: 1
-#default_sender_link_timeout = 600
-
-# Indicates the addressing mode used by the driver.
-# Permitted values:
-# 'legacy'   - use legacy non-routable addressing
-# 'routable' - use routable addresses
-# 'dynamic'  - use legacy addresses if the message bus does not support routing
-# otherwise use routable addressing (string value)
-#addressing_mode = dynamic
-
-# address prefix used when sending to a specific server (string value)
-# Deprecated group/name - [amqp1]/server_request_prefix
-#server_request_prefix = exclusive
-
-# address prefix used when broadcasting to all servers (string value)
-# Deprecated group/name - [amqp1]/broadcast_prefix
-#broadcast_prefix = broadcast
-
-# address prefix when sending to any server in group (string value)
-# Deprecated group/name - [amqp1]/group_request_prefix
-#group_request_prefix = unicast
-
-# Address prefix for all generated RPC addresses (string value)
-#rpc_address_prefix = openstack.org/om/rpc
-
-# Address prefix for all generated Notification addresses (string value)
-#notify_address_prefix = openstack.org/om/notify
-
-# Appended to the address prefix when sending a fanout message. Used by the
-# message bus to identify fanout messages. (string value)
-#multicast_address = multicast
-
-# Appended to the address prefix when sending to a particular RPC/Notification
-# server. Used by the message bus to identify messages sent to a single
-# destination. (string value)
-#unicast_address = unicast
-
-# Appended to the address prefix when sending to a group of consumers. Used by
-# the message bus to identify messages that should be delivered in a round-
-# robin fashion across consumers. (string value)
-#anycast_address = anycast
-
-# Exchange name used in notification addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_notification_exchange if set
-# else control_exchange if set
-# else 'notify' (string value)
-#default_notification_exchange = <None>
-
-# Exchange name used in RPC addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_rpc_exchange if set
-# else control_exchange if set
-# else 'rpc' (string value)
-#default_rpc_exchange = <None>
-
-# Window size for incoming RPC Reply messages. (integer value)
-# Minimum value: 1
-#reply_link_credit = 200
-
-# Window size for incoming RPC Request messages (integer value)
-# Minimum value: 1
-#rpc_server_credit = 100
-
-# Window size for incoming Notification messages (integer value)
-# Minimum value: 1
-#notify_server_credit = 100
-
-# Send messages of this type pre-settled.
-# Pre-settled messages will not receive acknowledgement
-# from the peer. Note well: pre-settled messages may be
-# silently discarded if the delivery fails.
-# Permitted values:
-# 'rpc-call' - send RPC Calls pre-settled
-# 'rpc-reply'- send RPC Replies pre-settled
-# 'rpc-cast' - Send RPC Casts pre-settled
-# 'notify'   - Send Notifications pre-settled
-#  (multi valued)
-#pre_settled = rpc-cast
-#pre_settled = rpc-reply
-
-
-[oslo_messaging_kafka]
-
-#
-# From oslo.messaging
-#
-
-# DEPRECATED: Default Kafka broker Host (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_host = localhost
-
-# DEPRECATED: Default Kafka broker Port (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#kafka_default_port = 9092
-
-# Max fetch bytes of Kafka consumer (integer value)
-#kafka_max_fetch_bytes = 1048576
-
-# Default timeout(s) for Kafka consumers (integer value)
-#kafka_consumer_timeout = 1.0
-
-# Pool Size for Kafka Consumers (integer value)
-#pool_size = 10
-
-# The pool size limit for connections expiration policy (integer value)
-#conn_pool_min_size = 2
-
-# The time-to-live in sec of idle connections in the pool (integer value)
-#conn_pool_ttl = 1200
-
-# Group id for Kafka consumer. Consumers in one group will coordinate message
-# consumption (string value)
-#consumer_group = oslo_messaging_consumer
-
-# Upper bound on the delay for KafkaProducer batching in seconds (floating
-# point value)
-#producer_batch_timeout = 0.0
-
-# Size of batch for the producer async send (integer value)
-#producer_batch_size = 16384
-
-
 [oslo_messaging_notifications]
 
-#
-# From oslo.messaging
-#
-
-# The Drivers(s) to handle sending notifications. Possible values are
-# messaging, messagingv2, routing, log, test, noop (multi valued)
-# Deprecated group/name - [DEFAULT]/notification_driver
-#driver =
-
-# A URL representing the messaging driver to use for notifications. If not set,
-# we fall back to the same configuration used for RPC. (string value)
-# Deprecated group/name - [DEFAULT]/notification_transport_url
-#transport_url = <None>
-
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-# Deprecated group/name - [DEFAULT]/notification_topics
-#topics = notifications
 topics = notifications
 
-
-[oslo_messaging_rabbit]
-
-#
-# From oslo.messaging
-#
-
-# Use durable queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/amqp_durable_queues
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues = false
-
-# Auto-delete queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/amqp_auto_delete
-#amqp_auto_delete = false
-
-# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
-# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
-# distributions. (string value)
-# Deprecated group/name - [DEFAULT]/kombu_ssl_version
-#kombu_ssl_version =
-
-# SSL key file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
-#kombu_ssl_keyfile =
-
-# SSL cert file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
-#kombu_ssl_certfile =
-
-# SSL certification authority file (valid only if SSL enabled). (string value)
-# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
-#kombu_ssl_ca_certs =
-
-# How long to wait before reconnecting in response to an AMQP consumer cancel
-# notification. (floating point value)
-# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
-#kombu_reconnect_delay = 1.0
-
-# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not
-# be used. This option may not be available in future versions. (string value)
-#kombu_compression = <None>
-
-# How long to wait a missing client before abandoning to send it its replies.
-# This value should not be longer than rpc_response_timeout. (integer value)
-# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout
-#kombu_missing_consumer_retry_timeout = 60
-
-# Determines how the next RabbitMQ node is chosen in case the one we are
-# currently connected to becomes unavailable. Takes effect only if more than
-# one RabbitMQ node is provided in config. (string value)
-# Allowed values: round-robin, shuffle
-#kombu_failover_strategy = round-robin
-
-# DEPRECATED: The RabbitMQ broker address where a single node is used. (string
-# value)
-# Deprecated group/name - [DEFAULT]/rabbit_host
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_host = localhost
-
-# DEPRECATED: The RabbitMQ broker port where a single node is used. (port
-# value)
-# Minimum value: 0
-# Maximum value: 65535
-# Deprecated group/name - [DEFAULT]/rabbit_port
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_port = 5672
-
-# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value)
-# Deprecated group/name - [DEFAULT]/rabbit_hosts
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_hosts = $rabbit_host:$rabbit_port
-
-# Connect over SSL for RabbitMQ. (boolean value)
-# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
-#rabbit_use_ssl = false
-
-# DEPRECATED: The RabbitMQ userid. (string value)
-# Deprecated group/name - [DEFAULT]/rabbit_userid
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_userid = guest
-
-# DEPRECATED: The RabbitMQ password. (string value)
-# Deprecated group/name - [DEFAULT]/rabbit_password
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_password = guest
-
-# The RabbitMQ login method. (string value)
-# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
-# Deprecated group/name - [DEFAULT]/rabbit_login_method
-#rabbit_login_method = AMQPLAIN
-
-# DEPRECATED: The RabbitMQ virtual host. (string value)
-# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Replaced by [DEFAULT]/transport_url
-#rabbit_virtual_host = /
-
-# How frequently to retry connecting with RabbitMQ. (integer value)
-#rabbit_retry_interval = 1
-
-# How long to backoff for between retries when connecting to RabbitMQ. (integer
-# value)
-# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
-#rabbit_retry_backoff = 2
-
-# Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
-# (integer value)
-#rabbit_interval_max = 30
-
-# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0
-# (infinite retry count). (integer value)
-# Deprecated group/name - [DEFAULT]/rabbit_max_retries
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#rabbit_max_retries = 0
-
-# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this
-# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring
-# is no longer controlled by the x-ha-policy argument when declaring a queue.
-# If you just want to make sure that all queues (except those with auto-
-# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy
-# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value)
-# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
-#rabbit_ha_queues = false
-
-# Positive integer representing duration in seconds for queue TTL (x-expires).
-# Queues which are unused for the duration of the TTL are automatically
-# deleted. The parameter affects only reply and fanout queues. (integer value)
-# Minimum value: 1
-#rabbit_transient_queues_ttl = 1800
-
-# Specifies the number of messages to prefetch. Setting to zero allows
-# unlimited messages. (integer value)
-#rabbit_qos_prefetch_count = 64
-
-# Number of seconds after which the Rabbit broker is considered down if
-# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer
-# value)
-#heartbeat_timeout_threshold = 60
-
-# How often times during the heartbeat_timeout_threshold we check the
-# heartbeat. (integer value)
-#heartbeat_rate = 2
-
-# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value)
-# Deprecated group/name - [DEFAULT]/fake_rabbit
-#fake_rabbit = false
-
-# Maximum number of channels to allow (integer value)
-#channel_max = <None>
-
-# The maximum byte size for an AMQP frame (integer value)
-#frame_max = <None>
-
-# How often to send heartbeats for consumer's connections (integer value)
-#heartbeat_interval = 3
-
-# Enable SSL (boolean value)
-#ssl = <None>
-
-# Arguments passed to ssl.wrap_socket (dict value)
-#ssl_options = <None>
-
-# Set socket timeout in seconds for connection's socket (floating point value)
-#socket_timeout = 0.25
-
-# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating point
-# value)
-#tcp_user_timeout = 0.25
-
-# Set delay for reconnection to some host which has connection error (floating
-# point value)
-#host_connection_reconnect_delay = 0.25
-
-# Connection factory implementation (string value)
-# Allowed values: new, single, read_write
-#connection_factory = single
-
-# Maximum number of connections to keep queued. (integer value)
-#pool_max_size = 30
-
-# Maximum number of connections to create above `pool_max_size`. (integer
-# value)
-#pool_max_overflow = 0
-
-# Default number of seconds to wait for a connections to available (integer
-# value)
-#pool_timeout = 30
-
-# Lifetime of a connection (since creation) in seconds or None for no
-# recycling. Expired connections are closed on acquire. (integer value)
-#pool_recycle = 600
-
-# Threshold at which inactive (since release) connections are considered stale
-# in seconds or None for no staleness. Stale connections are closed on acquire.
-# (integer value)
-#pool_stale = 60
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Allowed values: json, msgpack
-#default_serializer_type = json
-
-# Persist notification messages. (boolean value)
-#notification_persistence = false
-
-# Exchange name for sending notifications (string value)
-#default_notification_exchange = ${control_exchange}_notification
-
-# Max number of not acknowledged message which RabbitMQ can send to
-# notification listener. (integer value)
-#notification_listener_prefetch_count = 100
-
-# Reconnecting retry count in case of connectivity problem during sending
-# notification, -1 means infinite retry. (integer value)
-#default_notification_retry_attempts = -1
-
-# Reconnecting retry delay in case of connectivity problem during sending
-# notification message (floating point value)
-#notification_retry_delay = 0.25
-
-# Time to live for rpc queues without consumers in seconds. (integer value)
-#rpc_queue_expiration = 60
-
-# Exchange name for sending RPC messages (string value)
-#default_rpc_exchange = ${control_exchange}_rpc
-
-# Exchange name for receiving RPC replies (string value)
-#rpc_reply_exchange = ${control_exchange}_rpc_reply
-
-# Max number of not acknowledged message which RabbitMQ can send to rpc
-# listener. (integer value)
-#rpc_listener_prefetch_count = 100
-
-# Max number of not acknowledged message which RabbitMQ can send to rpc reply
-# listener. (integer value)
-#rpc_reply_listener_prefetch_count = 100
-
-# Reconnecting retry count in case of connectivity problem during sending
-# reply. -1 means infinite retry during rpc_timeout (integer value)
-#rpc_reply_retry_attempts = -1
-
-# Reconnecting retry delay in case of connectivity problem during sending
-# reply. (floating point value)
-#rpc_reply_retry_delay = 0.25
-
-# Reconnecting retry count in case of connectivity problem during sending RPC
-# message, -1 means infinite retry. If actual retry attempts in not 0 the rpc
-# request could be processed more than one time (integer value)
-#default_rpc_retry_attempts = -1
-
-# Reconnecting retry delay in case of connectivity problem during sending RPC
-# message (floating point value)
-#rpc_retry_delay = 0.25
-
-
-[oslo_messaging_zmq]
-
-#
-# From oslo.messaging
-#
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address. (string value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_address
-#rpc_zmq_bind_address = *
-
-# MatchMaker driver. (string value)
-# Allowed values: redis, sentinel, dummy
-# Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker
-#rpc_zmq_matchmaker = redis
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_contexts
-#rpc_zmq_contexts = 1
-
-# Maximum number of ingress messages to locally buffer per topic. Default is
-# unlimited. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_topic_backlog
-#rpc_zmq_topic_backlog = <None>
-
-# Directory for holding IPC sockets. (string value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_ipc_dir
-#rpc_zmq_ipc_dir = /var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match
-# "host" option, if running Nova. (string value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_host
-#rpc_zmq_host = localhost
-
-# Number of seconds to wait before all pending messages will be sent after
-# closing a socket. The default value of -1 specifies an infinite linger
-# period. The value of 0 specifies no linger period. Pending messages shall be
-# discarded immediately when the socket is closed. Positive values specify an
-# upper bound for the linger period. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_cast_timeout
-#zmq_linger = -1
-
-# The default number of seconds that poll should wait. Poll raises timeout
-# exception when timeout expired. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_poll_timeout
-#rpc_poll_timeout = 1
-
-# Expiration timeout in seconds of a name service record about existing target
-# ( < 0 means no timeout). (integer value)
-# Deprecated group/name - [DEFAULT]/zmq_target_expire
-#zmq_target_expire = 300
-
-# Update period in seconds of a name service record about existing target.
-# (integer value)
-# Deprecated group/name - [DEFAULT]/zmq_target_update
-#zmq_target_update = 180
-
-# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean
-# value)
-# Deprecated group/name - [DEFAULT]/use_pub_sub
-#use_pub_sub = false
-
-# Use ROUTER remote proxy. (boolean value)
-# Deprecated group/name - [DEFAULT]/use_router_proxy
-#use_router_proxy = false
-
-# This option makes direct connections dynamic or static. It makes sense only
-# with use_router_proxy=False which means to use direct connections for direct
-# message types (ignored otherwise). (boolean value)
-#use_dynamic_connections = false
-
-# How many additional connections to a host will be made for failover reasons.
-# This option is actual only in dynamic connections mode. (integer value)
-#zmq_failover_connections = 2
-
-# Minimal port number for random ports range. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# Deprecated group/name - [DEFAULT]/rpc_zmq_min_port
-#rpc_zmq_min_port = 49153
-
-# Maximal port number for random ports range. (integer value)
-# Minimum value: 1
-# Maximum value: 65536
-# Deprecated group/name - [DEFAULT]/rpc_zmq_max_port
-#rpc_zmq_max_port = 65536
-
-# Number of retries to find free port number before fail with ZMQBindError.
-# (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_zmq_bind_port_retries
-#rpc_zmq_bind_port_retries = 100
-
-# Default serialization mechanism for serializing/deserializing
-# outgoing/incoming messages (string value)
-# Allowed values: json, msgpack
-# Deprecated group/name - [DEFAULT]/rpc_zmq_serialization
-#rpc_zmq_serialization = json
-
-# This option configures round-robin mode in zmq socket. True means not keeping
-# a queue when server side disconnects. False means to keep queue and messages
-# even if server is disconnected, when the server appears we send all
-# accumulated messages to it. (boolean value)
-#zmq_immediate = true
-
-# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any
-# other negative value) means to skip any overrides and leave it to OS default;
-# 0 and 1 (or any other positive value) mean to disable and enable the option
-# respectively. (integer value)
-#zmq_tcp_keepalive = -1
-
-# The duration between two keepalive transmissions in idle condition. The unit
-# is platform dependent, for example, seconds in Linux, milliseconds in Windows
-# etc. The default value of -1 (or any other negative value and 0) means to
-# skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_idle = -1
-
-# The number of retransmissions to be carried out before declaring that remote
-# end is not available. The default value of -1 (or any other negative value
-# and 0) means to skip any overrides and leave it to OS default. (integer
-# value)
-#zmq_tcp_keepalive_cnt = -1
-
-# The duration between two successive keepalive retransmissions, if
-# acknowledgement to the previous keepalive transmission is not received. The
-# unit is platform dependent, for example, seconds in Linux, milliseconds in
-# Windows etc. The default value of -1 (or any other negative value and 0)
-# means to skip any overrides and leave it to OS default. (integer value)
-#zmq_tcp_keepalive_intvl = -1
-
-# Maximum number of (green) threads to work concurrently. (integer value)
-#rpc_thread_pool_size = 100
-
-# Expiration timeout in seconds of a sent/received message after which it is
-# not tracked anymore by a client/server. (integer value)
-#rpc_message_ttl = 300
-
-# Wait for message acknowledgements from receivers. This mechanism works only
-# via proxy without PUB/SUB. (boolean value)
-#rpc_use_acks = false
-
-# Number of seconds to wait for an ack from a cast/call. After each retry
-# attempt this timeout is multiplied by some specified multiplier. (integer
-# value)
-#rpc_ack_timeout_base = 15
-
-# Number to multiply base ack timeout by after each retry attempt. (integer
-# value)
-#rpc_ack_timeout_multiplier = 2
-
-# Default number of message sending attempts in case of any problems occurred:
-# positive value N means at most N retries, 0 means no retries, None or -1 (or
-# any other negative values) mean to retry forever. This option is used only if
-# acknowledgments are enabled. (integer value)
-#rpc_retry_attempts = 3
-
-# List of publisher hosts SubConsumer can subscribe on. This option has higher
-# priority then the default publishers list taken from the matchmaker. (list
-# value)
-#subscribe_on =
-
-
-[oslo_middleware]
-
-#
-# From oslo.middleware.http_proxy_to_wsgi
-#
-
-# Whether the application is behind a proxy or not. This determines if the
-# middleware should parse the headers or not. (boolean value)
-#enable_proxy_headers_parsing = false
-
-
-[oslo_policy]
-
-#
-# From oslo.policy
-#
-
-# The file that defines policies. (string value)
-# Deprecated group/name - [DEFAULT]/policy_file
-#policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string value)
-# Deprecated group/name - [DEFAULT]/policy_default_rule
-#policy_default_rule = default
-
-# Directories where policy configuration files are stored. They can be relative
-# to any directory in the search path defined by the config_dir option, or
-# absolute paths. The file defined by policy_file must exist for these
-# directories to be searched.  Missing or empty directories are ignored. (multi
-# valued)
-# Deprecated group/name - [DEFAULT]/policy_dirs
-#policy_dirs = policy.d
-
-
-[polling]
-
-#
-# From ceilometer
-#
-
-# Configuration file for pipeline definition. (string value)
-#cfg_file = polling.yaml
-
-# Work-load partitioning group prefix. Use only if you want to run multiple
-# polling agents with different config files. For each sub-group of the agent
-# pool with the same partitioning_group_prefix a disjoint subset of pollsters
-# should be loaded. (string value)
-# Deprecated group/name - [central]/partitioning_group_prefix
-#partitioning_group_prefix = <None>
-
-
 [publisher]
 
-#
-# From ceilometer
-#
-
-# Secret value for signing messages. Set value empty if signing is not required
-# to avoid computational overhead. (string value)
-# Deprecated group/name - [DEFAULT]/metering_secret
-# Deprecated group/name - [publisher_rpc]/metering_secret
-# Deprecated group/name - [publisher]/metering_secret
-#telemetry_secret = change this for valid signing
-
-
-[publisher_notifier]
-
-#
-# From ceilometer
-#
-
-# The topic that ceilometer uses for metering notifications. (string value)
-#metering_topic = metering
-
-# The topic that ceilometer uses for event notifications. (string value)
-#event_topic = event
-
-# The driver that ceilometer uses for metering notifications. (string value)
-# Deprecated group/name - [publisher_notifier]/metering_driver
-#telemetry_driver = messagingv2
-
-
-[rgw_admin_credentials]
-
-#
-# From ceilometer
-#
-
-# Access key for Radosgw Admin. (string value)
-#access_key = <None>
-
-# Secret key for Radosgw Admin. (string value)
-#secret_key = <None>
-
+{%- if server.secret is defined %}
+telemetry_secret={{ server.secret }}
+{%- endif %}
 
 [service_credentials]
 
@@ -2083,186 +154,7 @@
 project_name = {{ server.identity.tenant }}
 username = {{ server.identity.user }}
 password = {{ server.identity.password }}
-auth_url = http://{{ server.identity.host }}:5000
+auth_url = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000
 token_cache_time = -1
 interface = internal
 region_name = {{ server.get('region', 'RegionOne') }}
-
-#
-# From ceilometer-auth
-#
-
-# Authentication type to load (string value)
-# Deprecated group/name - [service_credentials]/auth_plugin
-#auth_type = <None>
-
-# Config Section from which to load plugin specific options (string value)
-#auth_section = <None>
-
-# Authentication URL (string value)
-#auth_url = <None>
-
-# Domain ID to scope to (string value)
-#domain_id = <None>
-
-# Domain name to scope to (string value)
-#domain_name = <None>
-
-# Project ID to scope to (string value)
-# Deprecated group/name - [service_credentials]/tenant-id
-#project_id = <None>
-
-# Project name to scope to (string value)
-# Deprecated group/name - [service_credentials]/tenant-name
-#project_name = <None>
-
-# Domain ID containing project (string value)
-#project_domain_id = <None>
-
-# Domain name containing project (string value)
-#project_domain_name = <None>
-
-# Trust ID (string value)
-#trust_id = <None>
-
-# Optional domain ID to use with v3 and v2 parameters. It will be used for both
-# the user and project domain in v3 and ignored in v2 authentication. (string
-# value)
-#default_domain_id = <None>
-
-# Optional domain name to use with v3 API and v2 parameters. It will be used
-# for both the user and project domain in v3 and ignored in v2 authentication.
-# (string value)
-#default_domain_name = <None>
-
-# User id (string value)
-#user_id = <None>
-
-# Username (string value)
-# Deprecated group/name - [service_credentials]/user-name
-#username = <None>
-
-# User's domain id (string value)
-#user_domain_id = <None>
-
-# User's domain name (string value)
-#user_domain_name = <None>
-
-# User's password (string value)
-#password = <None>
-
-# Region name to use for OpenStack service endpoints. (string value)
-# Deprecated group/name - [DEFAULT]/os_region_name
-#region_name = <None>
-
-# Type of endpoint in Identity service catalog to use for communication with
-# OpenStack services. (string value)
-# Allowed values: public, internal, admin, auth, publicURL, internalURL, adminURL
-# Deprecated group/name - [service_credentials]/os_endpoint_type
-#interface = public
-
-
-[service_types]
-
-#
-# From ceilometer
-#
-
-# Kwapi service type. (string value)
-#kwapi = energy
-
-# Glance service type. (string value)
-#glance = image
-
-# Neutron service type. (string value)
-#neutron = network
-
-# Neutron load balancer version. (string value)
-# Allowed values: v1, v2
-#neutron_lbaas_version = v2
-
-# Nova service type. (string value)
-#nova = compute
-
-# Radosgw service type. (string value)
-#radosgw = <None>
-
-# Swift service type. (string value)
-#swift = object-store
-
-# Cinder service type. (string value)
-# Deprecated group/name - [service_types]/cinderv2
-#cinder = volumev3
-
-
-[storage]
-
-#
-# From ceilometer
-#
-
-# Maximum number of connection retries during startup. Set to -1 to specify an
-# infinite retry count. (integer value)
-# Deprecated group/name - [database]/max_retries
-#max_retries = 10
-
-# Interval (in seconds) between retries of connection. (integer value)
-# Deprecated group/name - [database]/retry_interval
-#retry_interval = 10
-
-
-[vmware]
-
-#
-# From ceilometer
-#
-
-# IP address of the VMware vSphere host. (string value)
-#host_ip =
-
-# Port of the VMware vSphere host. (port value)
-# Minimum value: 0
-# Maximum value: 65535
-#host_port = 443
-
-# Username of VMware vSphere. (string value)
-#host_username =
-
-# Password of VMware vSphere. (string value)
-#host_password =
-
-# CA bundle file to use in verifying the vCenter server certificate. (string
-# value)
-#ca_file = <None>
-
-# If true, the vCenter server certificate is not verified. If false, then the
-# default CA truststore is used for verification. This option is ignored if
-# "ca_file" is set. (boolean value)
-#insecure = false
-
-# Number of times a VMware vSphere API may be retried. (integer value)
-#api_retry_count = 10
-
-# Sleep time in seconds for polling an ongoing async task. (floating point
-# value)
-#task_poll_interval = 0.5
-
-# Optional vim service WSDL location e.g http://<server>/vimService.wsdl.
-# Optional over-ride to default location for bug work-arounds. (string value)
-#wsdl_location = <None>
-
-
-[xenapi]
-
-#
-# From ceilometer
-#
-
-# URL for connection to XenServer/Xen Cloud Platform. (string value)
-#connection_url = <None>
-
-# Username for connection to XenServer/Xen Cloud Platform. (string value)
-#connection_username = root
-
-# Password for connection to XenServer/Xen Cloud Platform. (string value)
-#connection_password = <None>
diff --git a/ceilometer/map.jinja b/ceilometer/map.jinja
index 869f393..40f1162 100644
--- a/ceilometer/map.jinja
+++ b/ceilometer/map.jinja
@@ -1,4 +1,12 @@
+{%- set default_params = {
+    'cacert_file': salt['grains.filter_by']({
+        'Debian': '/etc/ssl/certs/ca-certificates.crt',
+        'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
+    })}
+%}
+
 {% set agent = salt['grains.filter_by']({
+    'BaseDefaults': default_params,
     'Debian': {
         'pkgs': ['ceilometer-agent-compute'],
         'services': ['ceilometer-agent-compute'],
@@ -23,7 +31,7 @@
           },
         },
     },
-}, merge=salt['pillar.get']('ceilometer:agent')) %}
+}, merge=salt['pillar.get']('ceilometer:agent', {}), base='BaseDefaults') %}
 
 # Server initialization
 
@@ -58,6 +66,7 @@
 }) %}
 
 {%- set server = salt['grains.filter_by']({
+    'BaseDefaults': default_params,
     'default': {
         'logging': {
           'log_appender': false,
@@ -68,7 +77,7 @@
           },
         },
     }
-}, merge=salt['pillar.get']('ceilometer:server')) %}
+}, merge=salt['pillar.get']('ceilometer:server',{}), base='BaseDefaults') %}
 
 # Mitaka and newer OpenStack releases don't need collector and alarm
 # packages/services, because alarming is implemented by Aodh and collector
diff --git a/ceilometer/meta/sphinx.yml b/ceilometer/meta/sphinx.yml
index e1eadff..65b01ef 100644
--- a/ceilometer/meta/sphinx.yml
+++ b/ceilometer/meta/sphinx.yml
@@ -36,15 +36,27 @@
         version:
           name: "Version"
           value: {{ server.version }}
+  {%- if server.get('database', False) %}
         database_engine:
           name: "Database engine"
           value: "{{ server.database.get('engine', 'mongodb') }}"
+  {%- if server.database.engine == 'mongodb' %}
         database_host:
           name: "Database"
           value: "{{ server.database.user }}@{% if server.database.host is defined %}{{ server.database.host }}{% else %}[{% for member in server.database.members %}{{ member.host }}:{{ member.get('port', '27017') }}{% if not loop.last %},{% endif %}{% endfor %}]{% endif %}:27017/{{ server.database.name }}"
-        message_queue_ip:
+  {%- endif %}
+  {%- endif %}
+        transport_url:
           name: "Message queue"
-          value: {{ server.message_queue.user }}@{{ server.message_queue.host }}:{{ server.message_queue.port }}{{ server.message_queue.virtual_host }}
+  {%- if server.message_queue.members is defined %}
+          value: rabbit://{% for member in server.message_queue.members -%}
+                             {{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ member.host }}:{{ member.get('port', 5672) }}
+                             {%- if not loop.last -%},{%- endif -%}
+                         {%- endfor -%}
+                             /{{ server.message_queue.virtual_host }}
+  {%- else %}
+          value: rabbit://{{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ server.message_queue.host }}:{{ server.message_queue.port }}/{{ server.message_queue.virtual_host }}
+  {%- endif %}
         identity_host:
           name: "Identity service"
           value: {{ server.identity.user }}@{{ server.identity.host }}:{{ server.identity.port }}
diff --git a/ceilometer/server.sls b/ceilometer/server.sls
index d32cca7..a6a6373 100644
--- a/ceilometer/server.sls
+++ b/ceilometer/server.sls
@@ -190,6 +190,9 @@
   service.running:
   - enable: true
   - name: apache2
+  {%- if grains.get('noservices') %}
+  - onlyif: /bin/false
+  {%- endif %}
   - watch:
     - file: /etc/ceilometer/ceilometer.conf
     - file: ceilometer_api_apache_config
@@ -200,10 +203,35 @@
 
 {%- endif %}
 
+{%- if server.message_queue.get('ssl',{}).get('enabled', False) %}
+rabbitmq_ca_ceilometer_server:
+{%- if server.message_queue.ssl.cacert is defined %}
+  file.managed:
+    - name: {{ server.message_queue.ssl.cacert_file }}
+    - contents_pillar: ceilometer:server:message_queue:ssl:cacert
+    - mode: 0444
+    - makedirs: true
+    - require_in:
+      - file: /etc/ceilometer/ceilometer.conf
+    - watch_in:
+      - ceilometer_server_services
+{%- else %}
+  file.exists:
+   - name: {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
+   - require_in:
+     - file: /etc/ceilometer/ceilometer.conf
+   - watch_in:
+      - ceilometer_server_services
+{%- endif %}
+{%- endif %}
+
 ceilometer_server_services:
   service.running:
   - names: {{ server.services }}
   - enable: true
+  {%- if grains.get('noservices') %}
+  - onlyif: /bin/false
+  {%- endif %}
   - watch:
     - file: /etc/ceilometer/ceilometer.conf
 
diff --git a/tests/pillar/agent_cluster.sls b/tests/pillar/agent_cluster.sls
index ee993fe..46f3401 100644
--- a/tests/pillar/agent_cluster.sls
+++ b/tests/pillar/agent_cluster.sls
@@ -1,5 +1,6 @@
 ceilometer:
   agent:
+    debug: true
     region: RegionOne
     enabled: true
     version: liberty
@@ -27,13 +28,10 @@
       engine: rabbitmq
       members:
       - host: 127.0.0.1
-        port: 5672
-      - host: 127.0.0.1
-        port: 5672
-      - host: 127.0.0.1
-        port: 5672
+      - host: 127.0.0.2
+      - host: 127.0.0.3
       user: openstack
-      password: ${_param:rabbitmq_openstack_password}
+      password: workshop
       virtual_host: '/openstack'
       ha_queues: true
       # Workaround for https://bugs.launchpad.net/ceilometer/+bug/1337715
diff --git a/tests/pillar/agent_single.sls b/tests/pillar/agent_single.sls
index f0ed259..4072fd4 100644
--- a/tests/pillar/agent_single.sls
+++ b/tests/pillar/agent_single.sls
@@ -1,5 +1,6 @@
 ceilometer:
   agent:
+    debug: true
     #region: RegionOne
     enabled: true
     version: liberty
diff --git a/tests/pillar/repo_mcp_openstack_mitaka.sls b/tests/pillar/repo_mcp_openstack_mitaka.sls
new file mode 100644
index 0000000..ea24305
--- /dev/null
+++ b/tests/pillar/repo_mcp_openstack_mitaka.sls
@@ -0,0 +1,44 @@
+linux:
+  system:
+    enabled: true
+    repo:
+      mirantis_openstack_repo:
+        source: "deb http://mirror.fuel-infra.org/mcp-repos/mitaka/{{ grains.get('oscodename') }} mitaka main"
+        architectures: amd64
+        key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/{{ grains.get('oscodename') }}/archive-mcpmitaka.key"
+        pin:
+        - pin: 'release a=mitaka'
+          priority: 1050
+          package: '*'
+      mirantis_openstack_hotfix:
+        source: "deb http://mirror.fuel-infra.org/mcp-repos/mitaka/{{ grains.get('oscodename') }} mitaka-hotfix main"
+        architectures: amd64
+        key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/{{ grains.get('oscodename') }}/archive-mcpmitaka.key"
+        pin:
+        - pin: 'release a=mitaka-hotfix'
+          priority: 1050
+          package: '*'
+      mirantis_openstack_security:
+        source: "deb http://mirror.fuel-infra.org/mcp-repos/mitaka/{{ grains.get('oscodename') }} mitaka-security main"
+        architectures: amd64
+        key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/{{ grains.get('oscodename') }}/archive-mcpmitaka.key"
+        pin:
+        - pin: 'release a=mitaka-security'
+          priority: 1050
+          package: '*'
+      mirantis_openstack_updates:
+        source: "deb http://mirror.fuel-infra.org/mcp-repos/mitaka/{{ grains.get('oscodename') }} mitaka-updates main"
+        architectures: amd64
+        key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/{{ grains.get('oscodename') }}/archive-mcpmitaka.key"
+        pin:
+        - pin: 'release a=mitaka-uptades'
+          priority: 1050
+          package: '*'
+      mirantis_openstack_holdback:
+        source: "deb http://mirror.fuel-infra.org/mcp-repos/mitaka/{{ grains.get('oscodename') }} mitaka-holdback main"
+        architectures: amd64
+        key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/{{ grains.get('oscodename') }}/archive-mcpmitaka.key"
+        pin:
+        - pin: 'release a=mitaka-holdback'
+          priority: 1050
+          package: '*'
diff --git a/tests/pillar/repo_mcp_openstack_ocata.sls b/tests/pillar/repo_mcp_openstack_ocata.sls
new file mode 100644
index 0000000..e601208
--- /dev/null
+++ b/tests/pillar/repo_mcp_openstack_ocata.sls
@@ -0,0 +1,44 @@
+linux:
+  system:
+    enabled: true
+    repo:
+      mirantis_openstack_repo:
+        source: "deb http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }} ocata main"
+        architectures: amd64
+        key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }}/archive-mcpocata.key"
+        pin:
+        - pin: 'release a=ocata'
+          priority: 1050
+          package: '*'
+      mirantis_openstack_hotfix:
+        source: "deb http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }} ocata-hotfix main"
+        architectures: amd64
+        key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }}/archive-mcpocata.key"
+        pin:
+        - pin: 'release a=ocata-hotfix'
+          priority: 1050
+          package: '*'
+      mirantis_openstack_security:
+        source: "deb http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }} ocata-security main"
+        architectures: amd64
+        key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }}/archive-mcpocata.key"
+        pin:
+        - pin: 'release a=ocata-security'
+          priority: 1050
+          package: '*'
+      mirantis_openstack_updates:
+        source: "deb http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }} ocata-updates main"
+        architectures: amd64
+        key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }}/archive-mcpocata.key"
+        pin:
+        - pin: 'release a=ocata-uptades'
+          priority: 1050
+          package: '*'
+      mirantis_openstack_holdback:
+        source: "deb http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }} ocata-holdback main"
+        architectures: amd64
+        key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }}/archive-mcpocata.key"
+        pin:
+        - pin: 'release a=ocata-holdback'
+          priority: 1050
+          package: '*'
diff --git a/tests/pillar/repo_mcp_openstack_pike.sls b/tests/pillar/repo_mcp_openstack_pike.sls
new file mode 100644
index 0000000..789b907
--- /dev/null
+++ b/tests/pillar/repo_mcp_openstack_pike.sls
@@ -0,0 +1,12 @@
+linux:
+  system:
+    enabled: true
+    repo:
+      mirantis_openstack_repo:
+        source: "deb http://mirror.fuel-infra.org/mcp-repos/pike/{{ grains.get('oscodename') }} pike main"
+        architectures: amd64
+        key_url: "http://mirror.fuel-infra.org/mcp-repos/pike/{{ grains.get('oscodename') }}/archive-mcppike.key"
+        pin:
+        - pin: 'release a=pike'
+          priority: 1050
+          package: '*'
\ No newline at end of file
diff --git a/tests/pillar/server_cluster.sls b/tests/pillar/server_cluster.sls
index 0999de6..93f4d02 100644
--- a/tests/pillar/server_cluster.sls
+++ b/tests/pillar/server_cluster.sls
@@ -1,5 +1,6 @@
 ceilometer:
   server:
+    debug: true
     region: RegionOne
     enabled: true
     version: mitaka
@@ -32,11 +33,8 @@
       engine: rabbitmq
       members:
       - host: 127.0.0.1
-        port: 5672
-      - host: 127.0.0.1
-        port: 5672
-      - host: 127.0.0.1
-        port: 5672
+      - host: 127.0.0.2
+      - host: 127.0.0.3
       user: openstack
       password: password
       virtual_host: '/openstack'
@@ -48,9 +46,9 @@
         members:
         - host: 127.0.0.1
           port: 8086
-        - host: 127.0.0.1
+        - host: 127.0.0.2
           port: 8086
-        - host: 127.0.0.1
+        - host: 127.0.0.3
           port: 8086
         name: ceilometer
         user: ceilometer
@@ -58,7 +56,7 @@
         database: database
       elasticsearch:
         enabled: true
-        host: 127.0.0.1
+        host: 127.0.0.4
         port: 8086
       policy:
         segregation: 'rule:context_is_admin'
diff --git a/tests/pillar/server_single.sls b/tests/pillar/server_single.sls
index aea2e15..f2fa5c4 100644
--- a/tests/pillar/server_single.sls
+++ b/tests/pillar/server_single.sls
@@ -1,5 +1,6 @@
 ceilometer:
   server:
+    debug: true
     #region: RegionOne
     enabled: true
     version: mitaka
diff --git a/tests/run_tests.sh b/tests/run_tests.sh
index 7da2a75..d7f2242 100755
--- a/tests/run_tests.sh
+++ b/tests/run_tests.sh
@@ -1,22 +1,30 @@
 #!/usr/bin/env bash
 
+###
+# Script requirments:
+#apt-get install -y python-yaml virtualenv git
+
 set -e
 [ -n "$DEBUG" ] && set -x
 
 CURDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 METADATA=${CURDIR}/../metadata.yml
 FORMULA_NAME=$(cat $METADATA | python -c "import sys,yaml; print yaml.load(sys.stdin)['name']")
+FORMULA_META_DIR=${CURDIR}/../${FORMULA_NAME}/meta
 
 ## Overrideable parameters
 PILLARDIR=${PILLARDIR:-${CURDIR}/pillar}
 BUILDDIR=${BUILDDIR:-${CURDIR}/build}
 VENV_DIR=${VENV_DIR:-${BUILDDIR}/virtualenv}
+MOCK_BIN_DIR=${MOCK_BIN_DIR:-${CURDIR}/mock_bin}
 DEPSDIR=${BUILDDIR}/deps
+SCHEMARDIR=${SCHEMARDIR:-"${CURDIR}/../${FORMULA_NAME}/schemas/"}
 
 SALT_FILE_DIR=${SALT_FILE_DIR:-${BUILDDIR}/file_root}
 SALT_PILLAR_DIR=${SALT_PILLAR_DIR:-${BUILDDIR}/pillar_root}
 SALT_CONFIG_DIR=${SALT_CONFIG_DIR:-${BUILDDIR}/salt}
 SALT_CACHE_DIR=${SALT_CACHE_DIR:-${SALT_CONFIG_DIR}/cache}
+SALT_CACHE_EXTMODS_DIR=${SALT_CACHE_EXTMODS_DIR:-${SALT_CONFIG_DIR}/cache_master_extmods}
 
 SALT_OPTS="${SALT_OPTS} --retcode-passthrough --local -c ${SALT_CONFIG_DIR} --log-file=/dev/null"
 
@@ -26,24 +34,39 @@
 
 ## Functions
 log_info() {
-    echo "[INFO] $*"
+    echo -e "[INFO] $*"
 }
 
 log_err() {
-    echo "[ERROR] $*" >&2
+    echo -e "[ERROR] $*" >&2
 }
 
 setup_virtualenv() {
     log_info "Setting up Python virtualenv"
+    dependency_check virtualenv
     virtualenv $VENV_DIR
     source ${VENV_DIR}/bin/activate
     python -m pip install salt${PIP_SALT_VERSION}
+    python -m pip install jsonschema
+    if [[ -f ${CURDIR}/pip_requirements.txt ]]; then
+       python -m pip install -r ${CURDIR}/pip_requirements.txt
+    fi
+}
+
+setup_mock_bin() {
+    # If some state requires a binary, a lightweight replacement for
+    # such binary can be put into MOCK_BIN_DIR for test purposes
+    if [ -d "${MOCK_BIN_DIR}" ]; then
+        PATH="${MOCK_BIN_DIR}:$PATH"
+        export PATH
+    fi
 }
 
 setup_pillar() {
     [ ! -d ${SALT_PILLAR_DIR} ] && mkdir -p ${SALT_PILLAR_DIR}
     echo "base:" > ${SALT_PILLAR_DIR}/top.sls
     for pillar in ${PILLARDIR}/*; do
+        grep ${FORMULA_NAME}: ${pillar} &>/dev/null || continue
         state_name=$(basename ${pillar%.sls})
         echo -e "  ${state_name}:\n    - ${state_name}" >> ${SALT_PILLAR_DIR}/top.sls
     done
@@ -53,9 +76,11 @@
     [ ! -d ${SALT_FILE_DIR} ] && mkdir -p ${SALT_FILE_DIR}
     [ ! -d ${SALT_CONFIG_DIR} ] && mkdir -p ${SALT_CONFIG_DIR}
     [ ! -d ${SALT_CACHE_DIR} ] && mkdir -p ${SALT_CACHE_DIR}
+    [ ! -d ${SALT_CACHE_EXTMODS_DIR} ] && mkdir -p ${SALT_CACHE_EXTMODS_DIR}
 
     echo "base:" > ${SALT_FILE_DIR}/top.sls
     for pillar in ${PILLARDIR}/*.sls; do
+        grep ${FORMULA_NAME}: ${pillar} &>/dev/null || continue
         state_name=$(basename ${pillar%.sls})
         echo -e "  ${state_name}:\n    - ${FORMULA_NAME}" >> ${SALT_FILE_DIR}/top.sls
     done
@@ -63,6 +88,7 @@
     cat << EOF > ${SALT_CONFIG_DIR}/minion
 file_client: local
 cachedir: ${SALT_CACHE_DIR}
+extension_modules:  ${SALT_CACHE_EXTMODS_DIR}
 verify_env: False
 minion_id_caching: False
 
@@ -70,7 +96,6 @@
   base:
   - ${SALT_FILE_DIR}
   - ${CURDIR}/..
-  - /usr/share/salt-formulas/env
 
 pillar_roots:
   base:
@@ -80,13 +105,14 @@
 }
 
 fetch_dependency() {
+    # example: fetch_dependency "linux:https://github.com/salt-formulas/salt-formula-linux"
     dep_name="$(echo $1|cut -d : -f 1)"
     dep_source="$(echo $1|cut -d : -f 2-)"
     dep_root="${DEPSDIR}/$(basename $dep_source .git)"
     dep_metadata="${dep_root}/metadata.yml"
 
-    [ -d /usr/share/salt-formulas/env/${dep_name} ] && log_info "Dependency $dep_name already present in system-wide salt env" && return 0
-    [ -d $dep_root ] && log_info "Dependency $dep_name already fetched" && return 0
+    dependency_check git
+    [ -d $dep_root ] && { log_info "Dependency $dep_name already fetched"; return 0; }
 
     log_info "Fetching dependency $dep_name"
     [ ! -d ${DEPSDIR} ] && mkdir -p ${DEPSDIR}
@@ -96,6 +122,19 @@
     METADATA="${dep_metadata}" install_dependencies
 }
 
+link_modules(){
+    # Link modules *.py files to temporary salt-root
+    local SALT_ROOT=${1:-$SALT_FILE_DIR}
+    local SALT_ENV=${2:-$DEPSDIR}
+
+    mkdir -p "${SALT_ROOT}/_modules/"
+    # from git, development versions
+    find ${SALT_ENV} -maxdepth 3 -mindepth 3 -path '*_modules*' -iname "*.py" -type f -print0 | while read -d $'\0' file; do
+      ln -fs $(readlink -e ${file}) "$SALT_ROOT"/_modules/$(basename ${file}) ;
+    done
+    salt_run saltutil.sync_all
+}
+
 install_dependencies() {
     grep -E "^dependencies:" ${METADATA} >/dev/null || return 0
     (python - | while read dep; do fetch_dependency "$dep"; done) << EOF
@@ -118,19 +157,79 @@
 prepare() {
     [ -d ${BUILDDIR} ] && mkdir -p ${BUILDDIR}
 
-    which salt-call || setup_virtualenv
+    [[ ! -f "${VENV_DIR}/bin/activate" ]] && setup_virtualenv
+    setup_mock_bin
     setup_pillar
     setup_salt
     install_dependencies
 }
 
+lint_releasenotes() {
+    [[ ! -f "${VENV_DIR}/bin/activate" ]] && setup_virtualenv
+    source ${VENV_DIR}/bin/activate
+    python -m pip install reno
+    reno lint ${CURDIR}/../
+}
+
+lint() {
+#    lint_releasenotes
+    log_err "TODO: lint_releasenotes"
+}
+
 run() {
     for pillar in ${PILLARDIR}/*.sls; do
+        grep ${FORMULA_NAME}: ${pillar} &>/dev/null || continue
         state_name=$(basename ${pillar%.sls})
+        salt_run grains.set 'noservices' False force=True
+
+        echo "Checking state ${FORMULA_NAME}.${state_name} ..."
         salt_run --id=${state_name} state.show_sls ${FORMULA_NAME} || (log_err "Execution of ${FORMULA_NAME}.${state_name} failed"; exit 1)
+
+        # Check that all files in 'meta' folder can be rendered using any valid pillar
+        for meta in `find ${FORMULA_META_DIR} -type f`; do
+            meta_name=$(basename ${meta})
+            echo "Checking meta ${meta_name} ..."
+            salt_run --out=quiet --id=${state_name} cp.get_template ${meta} ${SALT_CACHE_DIR}/${meta_name} \
+              || { log_err "Failed to render meta ${meta} using pillar ${FORMULA_NAME}.${state_name}"; exit 1; }
+            cat ${SALT_CACHE_DIR}/${meta_name}
+        done
     done
 }
 
+real_run() {
+    for pillar in ${PILLARDIR}/*.sls; do
+        state_name=$(basename ${pillar%.sls})
+        salt_run --id=${state_name} state.sls ${FORMULA_NAME} || { log_err "Execution of ${FORMULA_NAME}.${state_name} failed"; exit 1; }
+    done
+}
+
+run_model_validate(){
+    if [ -d ${SCHEMARDIR} ]; then
+      # model validator require py modules
+      fetch_dependency "salt:https://github.com/salt-formulas/salt-formula-salt"
+      link_modules
+      # Rendered Example:
+      # python $(which salt-call) --local -c /test1/maas/tests/build/salt --id=maas_cluster modelschema.model_validate maas cluster
+      for role in ${SCHEMARDIR}/*.yaml; do
+          state_name=$(basename "${role%*.yaml}")
+          minion_id="${state_name}"
+          # in case debug-reruns, usefull to make cleanup
+          [ -n "$DEBUG" ] && { salt_run saltutil.clear_cache; salt_run saltutil.refresh_pillar; salt_run saltutil.sync_all; }
+          salt_run -m ${DEPSDIR}/salt-formula-salt --id=${minion_id} modelschema.model_validate ${FORMULA_NAME} ${state_name} || { log_err "Execution of ${FORMULA_NAME}.${state_name} failed"; exit 1 ; }
+      done
+    else
+      log_info "${SCHEMARDIR} not found!";
+    fi
+}
+
+dependency_check() {
+  local DEPENDENCY_COMMANDS=$*
+
+  for DEPENDENCY_COMMAND in $DEPENDENCY_COMMANDS; do
+    which $DEPENDENCY_COMMAND > /dev/null || ( log_err "Command \"$DEPENDENCY_COMMAND\" can not be found in default path."; exit 1; )
+  done
+}
+
 _atexit() {
     RETVAL=$?
     trap true INT TERM EXIT
@@ -153,11 +252,23 @@
     prepare)
         prepare
         ;;
+    lint)
+        lint
+        ;;
     run)
         run
         ;;
+    real-run)
+        real_run
+        ;;
+    model-validate)
+       prepare
+       run_model_validate
+        ;;
     *)
         prepare
+#        lint
         run
+#        run_model_validate
         ;;
-esac
+esac
\ No newline at end of file