blob: 84103834709d5ad5d91f672d2266430c742e30c9 [file] [log] [blame]
{%- from "cinder/map.jinja" import controller with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm
volume_name_template = volume-%s
#volume_group = cinder
verbose = True
osapi_volume_workers = {{ controller.get('volume_workers', '4') }}
auth_strategy = keystone
state_path = /var/lib/cinder
use_syslog=False
glance_num_retries=0
debug=False
os_region_name={{ controller.identity.region }}
allow_availability_zone_fallback = {{ controller.get('availability_zone_fallback', True) }}
#glance_api_ssl_compression=False
#glance_api_insecure=False
osapi_volume_listen={{ controller.osapi.host }}
glance_api_servers = http://{{ controller.glance.host }}:{{ controller.glance.port }}
glance_host={{ controller.glance.host }}
glance_port={{ controller.glance.port }}
glance_api_version=2
enable_v3_api = True
os_privileged_user_name={{ controller.identity.user }}
os_privileged_user_password={{ controller.identity.password }}
os_privileged_user_tenant={{ controller.identity.tenant }}
os_privileged_user_auth_url=http://{{ controller.identity.host }}:5000/v3/
volume_backend_name=DEFAULT
{%- if controller.backend is defined %}
default_volume_type={{ controller.default_volume_type }}
enabled_backends={% for backend_name, backend in controller.get('backend', {}).items() %}{{ backend_name }}{% if not loop.last %},{% endif %}{% endfor %}
{%- endif %}
{%- if controller.storage_availability_zone is defined %}
storage_availability_zone={{controller.storage_availability_zone}}
{%- endif %}
{%- if controller.default_availability_zone is defined %}
default_availability_zone={{controller.default_availability_zone}}
{%- endif %}
# Enables the Force option on upload_to_image. This enables running
# upload_volume on in-use volumes for backends that support it. (boolean value)
#enable_force_upload = false
enable_force_upload = {{ controller.get('enable_force_upload', False)|lower }}
#RPC response timeout recommended by Hitachi
rpc_response_timeout=3600
#Rabbit
control_exchange=cinder
volume_clear={{ controller.wipe_method }}
volume_name_template = volume-%s
#volume_group = vg_cinder_volume
volumes_dir = /var/lib/cinder/volumes
log_dir=/var/log/cinder
{%- if controller.logging.log_appender %}
log_config_append=/etc/cinder/logging.conf
{%- endif %}
# Use syslog for logging. (boolean value)
#use_syslog=false
use_syslog=false
verbose=True
lock_path=/var/lock/cinder
{%- if controller.query_volume_filters is defined %}
query_volume_filters = {{ controller.query_volume_filters|join(",") }}
{%- endif %}
nova_catalog_admin_info = compute:nova:adminURL
nova_catalog_info = compute:nova:{{ controller.identity.get('endpoint_type', 'publicURL') }}
osapi_volume_extension = cinder.api.contrib.standard_extensions
{%- set rabbit_port = controller.message_queue.get('port', 5671 if controller.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
{%- if controller.message_queue.members is defined %}
transport_url = rabbit://{% for member in controller.message_queue.members -%}
{{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
/{{ controller.message_queue.virtual_host }}
{%- else %}
transport_url = rabbit://{{ controller.message_queue.user }}:{{ controller.message_queue.password }}@{{ controller.message_queue.host }}:{{ rabbit_port }}/{{ controller.message_queue.virtual_host }}
{%- endif %}
{%- if controller.backup.engine != None %}
{%- set backup_backend_fragment = "cinder/files/backup_backend/_" + controller.backup.engine + ".conf" %}
{%- include backup_backend_fragment %}
{%- endif %}
{%- if controller.nas_secure_file_permissions is defined %}
nas_secure_file_permissions={{ controller.nas_secure_file_permissions }}
{%- endif %}
{%- if controller.nas_secure_file_operations is defined %}
nas_secure_file_operations={{ controller.nas_secure_file_operations }}
{%- endif %}
{%- if controller.cinder_internal_tenant_user_id is defined %}
cinder_internal_tenant_user_id={{ controller.cinder_internal_tenant_user_id }}
{%- endif %}
{%- if controller.cinder_internal_tenant_project_id is defined %}
cinder_internal_tenant_project_id={{ controller.cinder_internal_tenant_project_id }}
{%- endif %}
[oslo_messaging_notifications]
{%- if controller.notification is mapping %}
driver = {{ controller.notification.get('driver', 'messagingv2') }}
{%- if controller.notification.topics is defined %}
topics = {{ controller.notification.topics }}
{%- endif %}
{%- elif controller.notification %}
driver = messagingv2
{%- endif %}
[oslo_concurrency]
lock_path=/var/lock/cinder
[oslo_middleware]
enable_proxy_headers_parsing = True
{%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
[oslo_messaging_rabbit]
rabbit_use_ssl=true
{%- if controller.message_queue.ssl.version is defined %}
kombu_ssl_version = {{ controller.message_queue.ssl.version }}
{%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
kombu_ssl_version = TLSv1_2
{%- endif %}
kombu_ssl_ca_certs = {{ controller.message_queue.ssl.get('cacert_file', controller.cacert_file) }}
{%- endif %}
[keystone_authtoken]
signing_dir=/tmp/keystone-signing-cinder
revocation_cache_time = 10
auth_type = password
user_domain_name = {{ controller.identity.get('domain', 'Default') }}
project_domain_name = {{ controller.identity.get('domain', 'Default') }}
project_name = {{ controller.identity.tenant }}
username = {{ controller.identity.user }}
password = {{ controller.identity.password }}
auth_uri=http://{{ controller.identity.host }}:5000
auth_url=http://{{ controller.identity.host }}:35357
# Temporary disabled for backward compataiblity
#auth_uri=http://{{ controller.identity.host }}/identity
#auth_url=http://{{ controller.identity.host }}/identity_v2_admin
{%- if controller.cache is defined %}
memcached_servers={%- for member in controller.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
{%- endif %}
auth_version = v3
[barbican]
auth_endpoint=http://{{ controller.identity.host }}:5000
[database]
idle_timeout=3600
max_pool_size=30
max_retries=-1
max_overflow=40
connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %}
{%- if controller.backend is defined %}
{%- for backend_name, backend in controller.get('backend', {}).items() %}
{%- set backend_fragment = "cinder/files/backend/_" + backend.engine + ".conf" %}
{%- include backend_fragment %}
{%- endfor %}
{%- endif %}
[cors]
#
# From oslo.middleware.cors
#
# Indicate whether this resource may be shared with the domain
# received in the requests "origin" header. (list value)
#allowed_origin = <None>
{%- if controller.cors.allowed_origin is defined %}
allowed_origin = {{ controller.cors.allowed_origin }}
{%- endif %}
# Indicate that the actual request can include user credentials
# (boolean value)
#allow_credentials = true
{%- if controller.cors.allow_credentials is defined %}
allow_credentials = {{ controller.cors.allow_credentials }}
{%- endif %}
# Indicate which headers are safe to expose to the API. Defaults to
# HTTP Simple Headers. (list value)
#expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
{%- if controller.cors.expose_headers is defined %}
expose_headers = {{ controller.cors.expose_headers }}
{%- endif %}
# Maximum cache age of CORS preflight requests. (integer value)
#max_age = 3600
{%- if controller.cors.max_age is defined %}
max_age = {{ controller.cors.max_age }}
{%- endif %}
# Indicate which methods can be used during the actual request. (list
# value)
#allow_methods = GET,PUT,POST,DELETE,PATCH
{%- if controller.cors.allow_methods is defined %}
allow_methods = {{ controller.cors.allow_methods }}
{%- endif %}
# Indicate which header field names may be used during the actual
# request. (list value)
#allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
{%- if controller.cors.allow_headers is defined %}
allow_headers = {{ controller.cors.allow_headers }}
{%- endif %}