Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / cinder / da46502bd8477a4b9fca7b98b244fefae480238a / . / cinder / files / pike / cinder.conf.volume.Debian
blob: 6b05671498dc01db576d1ea1c6568178a82aee2a [file] [log] [blame]
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]1{%- from "cinder/map.jinja" import volume with context %}
2
Oleksandr Shyshkoe17f67a2018-08-22 15:26:17 +0300[diff] [blame]3{%- set connection_x509_ssl_option = '' %}
4{%- if volume.database.get('x509',{}).get('enabled',False) %}
5 {%- set connection_x509_ssl_option = '&ssl_ca=' ~ volume.database.x509.ca_file ~ '&ssl_cert=' ~ volume.database.x509.cert_file ~ '&ssl_key=' ~ volume.database.x509.key_file %}
6{%- elif volume.database.get('ssl',{}).get('enabled',False) %}
7 {%- set connection_x509_ssl_option = '&ssl_ca=' ~ volume.database.ssl.get('cacert_file', volume.cacert_file) %}
8{%- endif %}
9
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]10[DEFAULT]
Oleksandr Shyshkof8446ed2019-02-01 13:02:34 +0000[diff] [blame]11{%- if volume.scheduler_default_filters is defined %}
12scheduler_default_filters = {{ volume.scheduler_default_filters }}
13{%- endif %}
14
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]15rootwrap_config = /etc/cinder/rootwrap.conf
16api_paste_confg = /etc/cinder/api-paste.ini
17
18iscsi_helper = tgtadm
19volume_name_template = volume-%s
20#volume_group = cinder
21
22verbose = True
23
24osapi_volume_workers = {{ volume.get('volume_workers', '4') }}
25
26auth_strategy = keystone
27
28state_path = /var/lib/cinder
29
Oleksandr Pidrepnyida465022019-04-26 18:44:05 +0300[diff] [blame^]30{%- if volume.image_conversion_dir is defined %}
31image_conversion_dir = {{ volume.image_conversion_dir }}
32{%- endif %}
33
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]34use_syslog=False
35
36glance_num_retries=0
37debug=False
38
39os_region_name={{ volume.identity.region }}
40
41#glance_api_ssl_compression=False
42#glance_api_insecure=False
43
44osapi_volume_listen={{ volume.osapi.host }}
45
46glance_api_servers = {{ volume.glance.get('protocol','http') }}://{{ volume.glance.host }}:{{ volume.glance.port }}
47{%- if volume.glance.get('protocol','http') == 'https' %}
48glance_ca_certificates_file = {{ volume.glance.get('cacert_file', volume.cacert_file) }}
49{%- endif %}
50
51
52glance_host={{ volume.glance.host }}
53glance_port={{ volume.glance.port }}
54glance_api_version=2
55
56os_privileged_user_name={{ volume.identity.user }}
57os_privileged_user_password={{ volume.identity.password }}
58os_privileged_user_tenant={{ volume.identity.tenant }}
59os_privileged_user_auth_url={{ volume.identity.get('protocol','http') }}://{{ volume.identity.host }}:5000/v3/
60
61volume_backend_name=DEFAULT
62
63{%- if volume.backend is defined %}
64
65default_volume_type={{ volume.default_volume_type }}
66
Benjamin Drungc5ea00c2018-02-14 23:44:07 +0100[diff] [blame]67enabled_backends={% for backend_name, backend in volume.get('backend', {}).items() %}{{ backend_name }}{% if not loop.last %},{% endif %}{% endfor %}
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]68
69{%- endif %}
70
71{%- if volume.storage_availability_zone is defined %}
72storage_availability_zone={{volume.storage_availability_zone}}
73{%- endif %}
74
75{%- if volume.default_availability_zone is defined %}
76default_availability_zone={{volume.default_availability_zone}}
77{%- endif %}
78
79# Enables the Force option on upload_to_image. This enables running
80# upload_volume on in-use volumes for backends that support it. (boolean value)
81#enable_force_upload = false
82enable_force_upload = {{ volume.get('enable_force_upload', False)|lower }}
83
84#RPC response timeout recommended by Hitachi
85rpc_response_timeout=3600
86
87#Rabbit
88control_exchange=cinder
89
90
91volume_clear={{ volume.wipe_method }}
92
93
94volume_name_template = volume-%s
95
96#volume_group = vg_cinder_volume
97
98volumes_dir = /var/lib/cinder/volumes
99log_dir=/var/log/cinder
100
101# Use syslog for logging. (boolean value)
102#use_syslog=false
103
104use_syslog=false
105verbose=True
106
107nova_catalog_admin_info = compute:nova:adminURL
108nova_catalog_info = compute:nova:{{ volume.identity.get('endpoint_type', 'publicURL') }}
109
110{%- set rabbit_port = volume.message_queue.get('port', 5671 if volume.message_queue.get('ssl',{}).get('enabled', False) else 5672) %}
111{%- if volume.message_queue.members is defined %}
112transport_url = rabbit://{% for member in volume.message_queue.members -%}
113 {{ volume.message_queue.user }}:{{ volume.message_queue.password }}@{{ member.host }}:{{ member.get('port',rabbit_port) }}
114 {%- if not loop.last -%},{%- endif -%}
115 {%- endfor -%}
116 /{{ volume.message_queue.virtual_host }}
117{%- else %}
118transport_url = rabbit://{{ volume.message_queue.user }}:{{ volume.message_queue.password }}@{{ volume.message_queue.host }}:{{ rabbit_port }}/{{ volume.message_queue.virtual_host }}
119{%- endif %}
120
121{%- if volume.backup.engine != None %}
Oleh Hryhorova0d5b9e2019-02-12 10:26:44 +0000[diff] [blame]122{%- set _data = volume %}
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]123{%- set backup_backend_fragment = "cinder/files/backup_backend/_" + volume.backup.engine + ".conf" %}
124{%- include backup_backend_fragment %}
125{%- endif %}
126{%- if volume.nas_secure_file_permissions is defined %}
127nas_secure_file_permissions={{ volume.nas_secure_file_permissions }}
128{%- endif %}
129{%- if volume.nas_secure_file_operations is defined %}
130nas_secure_file_operations={{ volume.nas_secure_file_operations }}
131{%- endif %}
132{%- if volume.cinder_internal_tenant_user_id is defined %}
133cinder_internal_tenant_user_id={{ volume.cinder_internal_tenant_user_id }}
134{%- endif %}
135{%- if volume.cinder_internal_tenant_project_id is defined %}
136cinder_internal_tenant_project_id={{ volume.cinder_internal_tenant_project_id }}
137{%- endif %}
138
139[oslo_messaging_notifications]
140{%- if volume.notification is mapping %}
141driver = {{ volume.notification.get('driver', 'messagingv2') }}
142{%- if volume.notification.topics is defined %}
143topics = {{ volume.notification.topics }}
144{%- endif %}
145{%- elif volume.notification %}
146driver = messagingv2
147{%- endif %}
148
149[oslo_concurrency]
150
151lock_path=/var/lock/cinder
152
153[oslo_middleware]
154
155enable_proxy_headers_parsing = True
156
157{%- if volume.message_queue.get('ssl',{}).get('enabled', False) %}
158[oslo_messaging_rabbit]
159rabbit_use_ssl=true
160
Oleksandr Bryndzii0386b192018-09-14 15:26:18 +0000[diff] [blame]161 {%- if volume.message_queue.ssl.version is defined %}
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]162kombu_ssl_version = {{ volume.message_queue.ssl.version }}
Oleksandr Bryndzii0386b192018-09-14 15:26:18 +0000[diff] [blame]163 {%- elif salt['grains.get']('pythonversion') > [2,7,8] %}
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]164kombu_ssl_version = TLSv1_2
Oleksandr Bryndzii0386b192018-09-14 15:26:18 +0000[diff] [blame]165 {%- endif %}
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]166
Oleksandr Bryndzii0386b192018-09-14 15:26:18 +0000[diff] [blame]167 {%- if volume.message_queue.get('x509',{}).get('enabled', False) %}
168kombu_ssl_ca_certs = {{ volume.message_queue.x509.ca_file }}
169kombu_ssl_keyfile = {{ volume.message_queue.x509.key_file }}
170kombu_ssl_certfile = {{ volume.message_queue.x509.cert_file }}
171 {%- else %}
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]172kombu_ssl_ca_certs = {{ volume.message_queue.ssl.get('cacert_file', volume.cacert_file) }}
Oleksandr Bryndzii0386b192018-09-14 15:26:18 +0000[diff] [blame]173 {%- endif %}
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]174{%- endif %}
175
176[keystone_authtoken]
177signing_dir=/tmp/keystone-signing-cinder
178revocation_cache_time = 10
179auth_type = password
180user_domain_name = {{ volume.identity.get('domain', 'Default') }}
181project_domain_name = {{ volume.identity.get('domain', 'Default') }}
182project_name = {{ volume.identity.tenant }}
183username = {{ volume.identity.user }}
184password = {{ volume.identity.password }}
185auth_uri={{ volume.identity.get('protocol', 'http') }}://{{ volume.identity.host }}:5000
186auth_url={{ volume.identity.get('protocol', 'http') }}://{{ volume.identity.host }}:35357
187{%- if volume.identity.get('protocol', 'http') == 'https' %}
188cafile={{ volume.identity.get('cacert_file', volume.cacert_file) }}
189{%- endif %}
190
191# Temporary disabled for backward compataiblity
192#auth_uri=http://{{ volume.identity.host }}/identity
193#auth_url=http://{{ volume.identity.host }}/identity_v2_admin
Oleksandr Bryndzii71572862018-10-29 18:16:06 +0200[diff] [blame]194{%- if volume.get('cache', {}).members is defined %}
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]195memcached_servers={%- for member in volume.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
Oleksandr Bryndzii8f9e3882018-09-28 23:08:56 +0000[diff] [blame]196 {%- if volume.cache.get('security', {}).get('enabled', False) %}
197memcache_security_strategy = {{ volume.cache.security.get('strategy', 'ENCRYPT') }}
198 {%- if volume.cache.security.secret_key is not defined or not volume.cache.security.secret_key %}
199 {%- do salt.test.exception('volume.cache.security.secret_key is not defined: Please add secret_key') %}
200 {%- else %}
201memcache_secret_key = {{ volume.cache.security.secret_key }}
202 {%- endif %}
203 {%- endif %}
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]204{%- endif %}
205auth_version = v3
206
207{%- if volume.get('barbican', {}).get('enabled', False) %}
208[key_manager]
209api_class = castellan.key_manager.barbican_key_manager.BarbicanKeyManager
210[barbican]
211auth_endpoint = {{ volume.identity.get('protocol', 'http') }}://{{ volume.identity.get('host', 'localhost') }}:{{ volume.identity.get('port', '5000') }}/v3
212{%- if volume.barbican.get('protocol', 'https') %}
213cafile={{ volume.identity.get('cacert_file', volume.cacert_file) }}
214{%- endif %}
215{%- endif %}
216
217[database]
rootbb607002019-01-30 17:17:34 +0000[diff] [blame]218idle_timeout = {{ volume.database.get('idle_timeout', 280) }}
219max_pool_size = {{ volume.database.get('max_pool_size', 30) }}
220max_retries = {{ volume.database.get('max_retries', '-1') }}
221max_overflow = {{ volume.database.get('max_overflow', 40) }}
Oleksandr Shyshkoe17f67a2018-08-22 15:26:17 +0300[diff] [blame]222connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{{ connection_x509_ssl_option|string }}
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]223
224{%- if volume.backend is defined %}
225
Benjamin Drungc5ea00c2018-02-14 23:44:07 +0100[diff] [blame]226{%- for backend_name, backend in volume.get('backend', {}).items() %}
Jakub Pavlik05069b72018-01-10 21:05:31 +0100[diff] [blame]227
228{%- set backend_fragment = "cinder/files/backend/_" + backend.engine + ".conf" %}
229{%- include backend_fragment %}
230
231{%- endfor %}
232
233{%- endif %}